From 44defea7136a9b9f139e100e995cd374109b7a2c Mon Sep 17 00:00:00 2001 From: cvs2hg Date: Sat, 6 Dec 2003 06:34:25 +0000 Subject: fixup commit for branch 'JSS_3_X_BRANCH' --- security/nss/lib/freebl/GF2m_ecl.c | 539 -- security/nss/lib/freebl/GF2m_ecl.h | 96 - security/nss/lib/freebl/GFp_ecl.c | 647 --- security/nss/lib/freebl/GFp_ecl.h | 126 - security/nss/lib/freebl/Makefile | 363 -- security/nss/lib/freebl/aeskeywrap.c | 383 -- security/nss/lib/freebl/alg2268.c | 493 -- security/nss/lib/freebl/arcfive.c | 114 - security/nss/lib/freebl/arcfour.c | 593 --- security/nss/lib/freebl/blapi.h | 992 ---- security/nss/lib/freebl/blapit.h | 351 -- security/nss/lib/freebl/config.mk | 103 - security/nss/lib/freebl/des.c | 683 --- security/nss/lib/freebl/des.h | 69 - security/nss/lib/freebl/desblapi.c | 275 -- security/nss/lib/freebl/dh.c | 385 -- security/nss/lib/freebl/dsa.c | 420 -- security/nss/lib/freebl/ec.c | 944 ---- security/nss/lib/freebl/ec.h | 50 - security/nss/lib/freebl/ecl/Makefile | 224 - security/nss/lib/freebl/ecl/README | 329 -- security/nss/lib/freebl/ecl/README.FP | 316 -- security/nss/lib/freebl/ecl/ec2.h | 122 - security/nss/lib/freebl/ecl/ec2_163.c | 258 - security/nss/lib/freebl/ecl/ec2_193.c | 275 -- security/nss/lib/freebl/ecl/ec2_233.c | 298 -- security/nss/lib/freebl/ecl/ec2_aff.c | 270 - security/nss/lib/freebl/ecl/ec2_mont.c | 276 -- security/nss/lib/freebl/ecl/ec2_proj.c | 368 -- security/nss/lib/freebl/ecl/ec_naf.c | 101 - security/nss/lib/freebl/ecl/ecl-curve.h | 646 --- security/nss/lib/freebl/ecl/ecl-exp.h | 194 - security/nss/lib/freebl/ecl/ecl-priv.h | 216 - security/nss/lib/freebl/ecl/ecl.c | 406 -- security/nss/lib/freebl/ecl/ecl.h | 82 - security/nss/lib/freebl/ecl/ecl_curve.c | 120 - security/nss/lib/freebl/ecl/ecl_gf.c | 337 -- security/nss/lib/freebl/ecl/ecl_mult.c | 359 -- security/nss/lib/freebl/ecl/ecp.h | 136 - security/nss/lib/freebl/ecl/ecp_192.c | 228 - security/nss/lib/freebl/ecl/ecp_224.c | 305 -- security/nss/lib/freebl/ecl/ecp_aff.c | 284 -- security/nss/lib/freebl/ecl/ecp_fp.c | 566 --- security/nss/lib/freebl/ecl/ecp_fp.h | 405 -- security/nss/lib/freebl/ecl/ecp_fp160.c | 178 - security/nss/lib/freebl/ecl/ecp_fp192.c | 176 - security/nss/lib/freebl/ecl/ecp_fp224.c | 189 - security/nss/lib/freebl/ecl/ecp_fpinc.c | 854 ---- security/nss/lib/freebl/ecl/ecp_jac.c | 553 --- security/nss/lib/freebl/ecl/ecp_jm.c | 320 -- security/nss/lib/freebl/ecl/ecp_mont.c | 190 - security/nss/lib/freebl/ecl/tests/ec2_test.c | 459 -- security/nss/lib/freebl/ecl/tests/ec_naft.c | 149 - security/nss/lib/freebl/ecl/tests/ecp_fpt.c | 1122 ----- security/nss/lib/freebl/ecl/tests/ecp_test.c | 421 -- security/nss/lib/freebl/ldvector.c | 196 - security/nss/lib/freebl/loader.c | 1349 ----- security/nss/lib/freebl/loader.h | 392 -- security/nss/lib/freebl/mac_rand.c | 315 -- security/nss/lib/freebl/manifest.mn | 151 - security/nss/lib/freebl/mapfile.Solaris | 39 - security/nss/lib/freebl/md2.c | 288 -- security/nss/lib/freebl/md5.c | 589 --- security/nss/lib/freebl/mknewpc2.c | 236 - security/nss/lib/freebl/mksp.c | 153 - security/nss/lib/freebl/mpi/Makefile | 278 -- security/nss/lib/freebl/mpi/Makefile.os2 | 277 -- security/nss/lib/freebl/mpi/Makefile.win | 277 -- security/nss/lib/freebl/mpi/README | 795 --- security/nss/lib/freebl/mpi/all-tests | 112 - security/nss/lib/freebl/mpi/doc/LICENSE | 11 - security/nss/lib/freebl/mpi/doc/LICENSE-MPL | 32 - security/nss/lib/freebl/mpi/doc/basecvt.pod | 63 - security/nss/lib/freebl/mpi/doc/build | 63 - security/nss/lib/freebl/mpi/doc/div.txt | 96 - security/nss/lib/freebl/mpi/doc/expt.txt | 127 - security/nss/lib/freebl/mpi/doc/gcd.pod | 27 - security/nss/lib/freebl/mpi/doc/invmod.pod | 33 - security/nss/lib/freebl/mpi/doc/isprime.pod | 62 - security/nss/lib/freebl/mpi/doc/lap.pod | 35 - security/nss/lib/freebl/mpi/doc/mpi-test.pod | 49 - security/nss/lib/freebl/mpi/doc/mul.txt | 109 - security/nss/lib/freebl/mpi/doc/pi.txt | 85 - security/nss/lib/freebl/mpi/doc/prime.txt | 6542 ------------------------- security/nss/lib/freebl/mpi/doc/prng.pod | 41 - security/nss/lib/freebl/mpi/doc/redux.txt | 118 - security/nss/lib/freebl/mpi/doc/sqrt.txt | 82 - security/nss/lib/freebl/mpi/doc/square.txt | 104 - security/nss/lib/freebl/mpi/doc/timing.txt | 245 - security/nss/lib/freebl/mpi/hpma512.s | 640 --- security/nss/lib/freebl/mpi/hppa20.s | 929 ---- security/nss/lib/freebl/mpi/hppatch.adb | 49 - security/nss/lib/freebl/mpi/logtab.h | 59 - security/nss/lib/freebl/mpi/make-logtab | 60 - security/nss/lib/freebl/mpi/make-test-arrays | 129 - security/nss/lib/freebl/mpi/mdxptest.c | 339 -- security/nss/lib/freebl/mpi/montmulf.c | 326 -- security/nss/lib/freebl/mpi/montmulf.h | 100 - security/nss/lib/freebl/mpi/montmulf.il | 137 - security/nss/lib/freebl/mpi/montmulf.s | 1967 -------- security/nss/lib/freebl/mpi/montmulfv8.il | 137 - security/nss/lib/freebl/mpi/montmulfv8.s | 1847 ------- security/nss/lib/freebl/mpi/montmulfv9.il | 122 - security/nss/lib/freebl/mpi/montmulfv9.s | 2377 --------- security/nss/lib/freebl/mpi/mp_gf2m-priv.h | 101 - security/nss/lib/freebl/mpi/mp_gf2m.c | 599 --- security/nss/lib/freebl/mpi/mp_gf2m.h | 62 - security/nss/lib/freebl/mpi/mpi-config.h | 109 - security/nss/lib/freebl/mpi/mpi-priv.h | 268 - security/nss/lib/freebl/mpi/mpi-test.c | 1973 -------- security/nss/lib/freebl/mpi/mpi.c | 4799 ------------------ security/nss/lib/freebl/mpi/mpi.h | 334 -- security/nss/lib/freebl/mpi/mpi_hp.c | 112 - security/nss/lib/freebl/mpi/mpi_i86pc.s | 342 -- security/nss/lib/freebl/mpi/mpi_mips.s | 502 -- security/nss/lib/freebl/mpi/mpi_sparc.c | 358 -- security/nss/lib/freebl/mpi/mpi_x86.asm | 351 -- security/nss/lib/freebl/mpi/mpi_x86.s | 345 -- security/nss/lib/freebl/mpi/mplogic.c | 462 -- security/nss/lib/freebl/mpi/mplogic.h | 82 - security/nss/lib/freebl/mpi/mpmontg.c | 584 --- security/nss/lib/freebl/mpi/mpprime.c | 622 --- security/nss/lib/freebl/mpi/mpprime.h | 67 - security/nss/lib/freebl/mpi/mpv_sparc.c | 249 - security/nss/lib/freebl/mpi/mpv_sparcv8.s | 1641 ------- security/nss/lib/freebl/mpi/mpv_sparcv9.s | 1673 ------- security/nss/lib/freebl/mpi/mpvalpha.c | 214 - security/nss/lib/freebl/mpi/mulsqr.c | 111 - security/nss/lib/freebl/mpi/multest | 107 - security/nss/lib/freebl/mpi/primes.c | 871 ---- security/nss/lib/freebl/mpi/stats | 70 - security/nss/lib/freebl/mpi/target.mk | 220 - security/nss/lib/freebl/mpi/test-arrays.txt | 86 - security/nss/lib/freebl/mpi/test-info.c | 191 - security/nss/lib/freebl/mpi/tests/LICENSE | 6 - security/nss/lib/freebl/mpi/tests/LICENSE-MPL | 32 - security/nss/lib/freebl/mpi/tests/mptest-1.c | 72 - security/nss/lib/freebl/mpi/tests/mptest-2.c | 83 - security/nss/lib/freebl/mpi/tests/mptest-3.c | 128 - security/nss/lib/freebl/mpi/tests/mptest-3a.c | 141 - security/nss/lib/freebl/mpi/tests/mptest-4.c | 123 - security/nss/lib/freebl/mpi/tests/mptest-4a.c | 135 - security/nss/lib/freebl/mpi/tests/mptest-4b.c | 132 - security/nss/lib/freebl/mpi/tests/mptest-5.c | 100 - security/nss/lib/freebl/mpi/tests/mptest-5a.c | 162 - security/nss/lib/freebl/mpi/tests/mptest-6.c | 108 - security/nss/lib/freebl/mpi/tests/mptest-7.c | 104 - security/nss/lib/freebl/mpi/tests/mptest-8.c | 95 - security/nss/lib/freebl/mpi/tests/mptest-9.c | 113 - security/nss/lib/freebl/mpi/tests/mptest-b.c | 211 - security/nss/lib/freebl/mpi/tests/pi1k.txt | 1 - security/nss/lib/freebl/mpi/tests/pi2k.txt | 1 - security/nss/lib/freebl/mpi/tests/pi5k.txt | 1 - security/nss/lib/freebl/mpi/timetest | 131 - security/nss/lib/freebl/mpi/types.pl | 158 - security/nss/lib/freebl/mpi/utils/LICENSE | 4 - security/nss/lib/freebl/mpi/utils/LICENSE-MPL | 32 - security/nss/lib/freebl/mpi/utils/PRIMES | 41 - security/nss/lib/freebl/mpi/utils/README | 239 - security/nss/lib/freebl/mpi/utils/basecvt.c | 97 - security/nss/lib/freebl/mpi/utils/bbs_rand.c | 93 - security/nss/lib/freebl/mpi/utils/bbs_rand.h | 55 - security/nss/lib/freebl/mpi/utils/bbsrand.c | 64 - security/nss/lib/freebl/mpi/utils/dec2hex.c | 68 - security/nss/lib/freebl/mpi/utils/exptmod.c | 80 - security/nss/lib/freebl/mpi/utils/fact.c | 112 - security/nss/lib/freebl/mpi/utils/gcd.c | 116 - security/nss/lib/freebl/mpi/utils/hex2dec.c | 68 - security/nss/lib/freebl/mpi/utils/identest.c | 79 - security/nss/lib/freebl/mpi/utils/invmod.c | 89 - security/nss/lib/freebl/mpi/utils/isprime.c | 118 - security/nss/lib/freebl/mpi/utils/lap.c | 118 - security/nss/lib/freebl/mpi/utils/makeprime.c | 144 - security/nss/lib/freebl/mpi/utils/metime.c | 132 - security/nss/lib/freebl/mpi/utils/pi.c | 194 - security/nss/lib/freebl/mpi/utils/primegen.c | 198 - security/nss/lib/freebl/mpi/utils/prng.c | 87 - security/nss/lib/freebl/mpi/utils/ptab.pl | 58 - security/nss/lib/freebl/mpi/utils/sieve.c | 265 - security/nss/lib/freebl/mpi/vis_32.il | 1320 ----- security/nss/lib/freebl/mpi/vis_64.il | 1026 ---- security/nss/lib/freebl/mpi/vis_proto.h | 263 - security/nss/lib/freebl/os2_rand.c | 330 -- security/nss/lib/freebl/pqg.c | 667 --- security/nss/lib/freebl/prng_fips1861.c | 514 -- security/nss/lib/freebl/rijndael.c | 1137 ----- security/nss/lib/freebl/rijndael.h | 86 - security/nss/lib/freebl/rijndael32.tab | 1215 ----- security/nss/lib/freebl/rijndael_tables.c | 244 - security/nss/lib/freebl/rsa.c | 942 ---- security/nss/lib/freebl/secmpi.h | 57 - security/nss/lib/freebl/secrng.h | 82 - security/nss/lib/freebl/sha.c | 160 - security/nss/lib/freebl/sha.h | 48 - security/nss/lib/freebl/sha512.c | 1371 ------ security/nss/lib/freebl/sha_fast.c | 449 -- security/nss/lib/freebl/sha_fast.h | 59 - security/nss/lib/freebl/shsign.h | 47 - security/nss/lib/freebl/shvfy.c | 295 -- security/nss/lib/freebl/sparcfix.c | 95 - security/nss/lib/freebl/sysrand.c | 46 - security/nss/lib/freebl/unix_rand.c | 991 ---- security/nss/lib/freebl/win_rand.c | 545 -- 203 files changed, 76029 deletions(-) delete mode 100644 security/nss/lib/freebl/GF2m_ecl.c delete mode 100644 security/nss/lib/freebl/GF2m_ecl.h delete mode 100644 security/nss/lib/freebl/GFp_ecl.c delete mode 100644 security/nss/lib/freebl/GFp_ecl.h delete mode 100644 security/nss/lib/freebl/Makefile delete mode 100644 security/nss/lib/freebl/aeskeywrap.c delete mode 100644 security/nss/lib/freebl/alg2268.c delete mode 100644 security/nss/lib/freebl/arcfive.c delete mode 100644 security/nss/lib/freebl/arcfour.c delete mode 100644 security/nss/lib/freebl/blapi.h delete mode 100644 security/nss/lib/freebl/blapit.h delete mode 100644 security/nss/lib/freebl/config.mk delete mode 100644 security/nss/lib/freebl/des.c delete mode 100644 security/nss/lib/freebl/des.h delete mode 100644 security/nss/lib/freebl/desblapi.c delete mode 100644 security/nss/lib/freebl/dh.c delete mode 100644 security/nss/lib/freebl/dsa.c delete mode 100644 security/nss/lib/freebl/ec.c delete mode 100644 security/nss/lib/freebl/ec.h delete mode 100644 security/nss/lib/freebl/ecl/Makefile delete mode 100644 security/nss/lib/freebl/ecl/README delete mode 100644 security/nss/lib/freebl/ecl/README.FP delete mode 100644 security/nss/lib/freebl/ecl/ec2.h delete mode 100644 security/nss/lib/freebl/ecl/ec2_163.c delete mode 100644 security/nss/lib/freebl/ecl/ec2_193.c delete mode 100644 security/nss/lib/freebl/ecl/ec2_233.c delete mode 100644 security/nss/lib/freebl/ecl/ec2_aff.c delete mode 100644 security/nss/lib/freebl/ecl/ec2_mont.c delete mode 100644 security/nss/lib/freebl/ecl/ec2_proj.c delete mode 100644 security/nss/lib/freebl/ecl/ec_naf.c delete mode 100644 security/nss/lib/freebl/ecl/ecl-curve.h delete mode 100644 security/nss/lib/freebl/ecl/ecl-exp.h delete mode 100644 security/nss/lib/freebl/ecl/ecl-priv.h delete mode 100644 security/nss/lib/freebl/ecl/ecl.c delete mode 100644 security/nss/lib/freebl/ecl/ecl.h delete mode 100644 security/nss/lib/freebl/ecl/ecl_curve.c delete mode 100644 security/nss/lib/freebl/ecl/ecl_gf.c delete mode 100644 security/nss/lib/freebl/ecl/ecl_mult.c delete mode 100644 security/nss/lib/freebl/ecl/ecp.h delete mode 100644 security/nss/lib/freebl/ecl/ecp_192.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_224.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_aff.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_fp.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_fp.h delete mode 100644 security/nss/lib/freebl/ecl/ecp_fp160.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_fp192.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_fp224.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_fpinc.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_jac.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_jm.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_mont.c delete mode 100644 security/nss/lib/freebl/ecl/tests/ec2_test.c delete mode 100644 security/nss/lib/freebl/ecl/tests/ec_naft.c delete mode 100644 security/nss/lib/freebl/ecl/tests/ecp_fpt.c delete mode 100644 security/nss/lib/freebl/ecl/tests/ecp_test.c delete mode 100644 security/nss/lib/freebl/ldvector.c delete mode 100644 security/nss/lib/freebl/loader.c delete mode 100644 security/nss/lib/freebl/loader.h delete mode 100644 security/nss/lib/freebl/mac_rand.c delete mode 100644 security/nss/lib/freebl/manifest.mn delete mode 100644 security/nss/lib/freebl/mapfile.Solaris delete mode 100644 security/nss/lib/freebl/md2.c delete mode 100644 security/nss/lib/freebl/md5.c delete mode 100644 security/nss/lib/freebl/mknewpc2.c delete mode 100644 security/nss/lib/freebl/mksp.c delete mode 100644 security/nss/lib/freebl/mpi/Makefile delete mode 100644 security/nss/lib/freebl/mpi/Makefile.os2 delete mode 100644 security/nss/lib/freebl/mpi/Makefile.win delete mode 100644 security/nss/lib/freebl/mpi/README delete mode 100755 security/nss/lib/freebl/mpi/all-tests delete mode 100644 security/nss/lib/freebl/mpi/doc/LICENSE delete mode 100644 security/nss/lib/freebl/mpi/doc/LICENSE-MPL delete mode 100644 security/nss/lib/freebl/mpi/doc/basecvt.pod delete mode 100755 security/nss/lib/freebl/mpi/doc/build delete mode 100644 security/nss/lib/freebl/mpi/doc/div.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/expt.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/gcd.pod delete mode 100644 security/nss/lib/freebl/mpi/doc/invmod.pod delete mode 100644 security/nss/lib/freebl/mpi/doc/isprime.pod delete mode 100644 security/nss/lib/freebl/mpi/doc/lap.pod delete mode 100644 security/nss/lib/freebl/mpi/doc/mpi-test.pod delete mode 100644 security/nss/lib/freebl/mpi/doc/mul.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/pi.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/prime.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/prng.pod delete mode 100644 security/nss/lib/freebl/mpi/doc/redux.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/sqrt.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/square.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/timing.txt delete mode 100644 security/nss/lib/freebl/mpi/hpma512.s delete mode 100644 security/nss/lib/freebl/mpi/hppa20.s delete mode 100644 security/nss/lib/freebl/mpi/hppatch.adb delete mode 100644 security/nss/lib/freebl/mpi/logtab.h delete mode 100755 security/nss/lib/freebl/mpi/make-logtab delete mode 100755 security/nss/lib/freebl/mpi/make-test-arrays delete mode 100644 security/nss/lib/freebl/mpi/mdxptest.c delete mode 100644 security/nss/lib/freebl/mpi/montmulf.c delete mode 100644 security/nss/lib/freebl/mpi/montmulf.h delete mode 100644 security/nss/lib/freebl/mpi/montmulf.il delete mode 100644 security/nss/lib/freebl/mpi/montmulf.s delete mode 100644 security/nss/lib/freebl/mpi/montmulfv8.il delete mode 100644 security/nss/lib/freebl/mpi/montmulfv8.s delete mode 100644 security/nss/lib/freebl/mpi/montmulfv9.il delete mode 100644 security/nss/lib/freebl/mpi/montmulfv9.s delete mode 100644 security/nss/lib/freebl/mpi/mp_gf2m-priv.h delete mode 100644 security/nss/lib/freebl/mpi/mp_gf2m.c delete mode 100644 security/nss/lib/freebl/mpi/mp_gf2m.h delete mode 100644 security/nss/lib/freebl/mpi/mpi-config.h delete mode 100644 security/nss/lib/freebl/mpi/mpi-priv.h delete mode 100644 security/nss/lib/freebl/mpi/mpi-test.c delete mode 100644 security/nss/lib/freebl/mpi/mpi.c delete mode 100644 security/nss/lib/freebl/mpi/mpi.h delete mode 100644 security/nss/lib/freebl/mpi/mpi_hp.c delete mode 100644 security/nss/lib/freebl/mpi/mpi_i86pc.s delete mode 100644 security/nss/lib/freebl/mpi/mpi_mips.s delete mode 100644 security/nss/lib/freebl/mpi/mpi_sparc.c delete mode 100644 security/nss/lib/freebl/mpi/mpi_x86.asm delete mode 100644 security/nss/lib/freebl/mpi/mpi_x86.s delete mode 100644 security/nss/lib/freebl/mpi/mplogic.c delete mode 100644 security/nss/lib/freebl/mpi/mplogic.h delete mode 100644 security/nss/lib/freebl/mpi/mpmontg.c delete mode 100644 security/nss/lib/freebl/mpi/mpprime.c delete mode 100644 security/nss/lib/freebl/mpi/mpprime.h delete mode 100644 security/nss/lib/freebl/mpi/mpv_sparc.c delete mode 100644 security/nss/lib/freebl/mpi/mpv_sparcv8.s delete mode 100644 security/nss/lib/freebl/mpi/mpv_sparcv9.s delete mode 100644 security/nss/lib/freebl/mpi/mpvalpha.c delete mode 100644 security/nss/lib/freebl/mpi/mulsqr.c delete mode 100755 security/nss/lib/freebl/mpi/multest delete mode 100644 security/nss/lib/freebl/mpi/primes.c delete mode 100755 security/nss/lib/freebl/mpi/stats delete mode 100644 security/nss/lib/freebl/mpi/target.mk delete mode 100644 security/nss/lib/freebl/mpi/test-arrays.txt delete mode 100644 security/nss/lib/freebl/mpi/test-info.c delete mode 100644 security/nss/lib/freebl/mpi/tests/LICENSE delete mode 100644 security/nss/lib/freebl/mpi/tests/LICENSE-MPL delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-1.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-2.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-3.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-3a.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-4.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-4a.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-4b.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-5.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-5a.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-6.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-7.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-8.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-9.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-b.c delete mode 100644 security/nss/lib/freebl/mpi/tests/pi1k.txt delete mode 100644 security/nss/lib/freebl/mpi/tests/pi2k.txt delete mode 100644 security/nss/lib/freebl/mpi/tests/pi5k.txt delete mode 100755 security/nss/lib/freebl/mpi/timetest delete mode 100755 security/nss/lib/freebl/mpi/types.pl delete mode 100644 security/nss/lib/freebl/mpi/utils/LICENSE delete mode 100644 security/nss/lib/freebl/mpi/utils/LICENSE-MPL delete mode 100644 security/nss/lib/freebl/mpi/utils/PRIMES delete mode 100644 security/nss/lib/freebl/mpi/utils/README delete mode 100644 security/nss/lib/freebl/mpi/utils/basecvt.c delete mode 100644 security/nss/lib/freebl/mpi/utils/bbs_rand.c delete mode 100644 security/nss/lib/freebl/mpi/utils/bbs_rand.h delete mode 100644 security/nss/lib/freebl/mpi/utils/bbsrand.c delete mode 100644 security/nss/lib/freebl/mpi/utils/dec2hex.c delete mode 100644 security/nss/lib/freebl/mpi/utils/exptmod.c delete mode 100644 security/nss/lib/freebl/mpi/utils/fact.c delete mode 100644 security/nss/lib/freebl/mpi/utils/gcd.c delete mode 100644 security/nss/lib/freebl/mpi/utils/hex2dec.c delete mode 100644 security/nss/lib/freebl/mpi/utils/identest.c delete mode 100644 security/nss/lib/freebl/mpi/utils/invmod.c delete mode 100644 security/nss/lib/freebl/mpi/utils/isprime.c delete mode 100644 security/nss/lib/freebl/mpi/utils/lap.c delete mode 100644 security/nss/lib/freebl/mpi/utils/makeprime.c delete mode 100644 security/nss/lib/freebl/mpi/utils/metime.c delete mode 100644 security/nss/lib/freebl/mpi/utils/pi.c delete mode 100644 security/nss/lib/freebl/mpi/utils/primegen.c delete mode 100644 security/nss/lib/freebl/mpi/utils/prng.c delete mode 100755 security/nss/lib/freebl/mpi/utils/ptab.pl delete mode 100644 security/nss/lib/freebl/mpi/utils/sieve.c delete mode 100644 security/nss/lib/freebl/mpi/vis_32.il delete mode 100644 security/nss/lib/freebl/mpi/vis_64.il delete mode 100644 security/nss/lib/freebl/mpi/vis_proto.h delete mode 100644 security/nss/lib/freebl/os2_rand.c delete mode 100644 security/nss/lib/freebl/pqg.c delete mode 100644 security/nss/lib/freebl/prng_fips1861.c delete mode 100644 security/nss/lib/freebl/rijndael.c delete mode 100644 security/nss/lib/freebl/rijndael.h delete mode 100644 security/nss/lib/freebl/rijndael32.tab delete mode 100644 security/nss/lib/freebl/rijndael_tables.c delete mode 100644 security/nss/lib/freebl/rsa.c delete mode 100644 security/nss/lib/freebl/secmpi.h delete mode 100644 security/nss/lib/freebl/secrng.h delete mode 100644 security/nss/lib/freebl/sha.c delete mode 100644 security/nss/lib/freebl/sha.h delete mode 100644 security/nss/lib/freebl/sha512.c delete mode 100644 security/nss/lib/freebl/sha_fast.c delete mode 100644 security/nss/lib/freebl/sha_fast.h delete mode 100644 security/nss/lib/freebl/shsign.h delete mode 100644 security/nss/lib/freebl/shvfy.c delete mode 100644 security/nss/lib/freebl/sparcfix.c delete mode 100644 security/nss/lib/freebl/sysrand.c delete mode 100644 security/nss/lib/freebl/unix_rand.c delete mode 100644 security/nss/lib/freebl/win_rand.c (limited to 'security/nss/lib/freebl') diff --git a/security/nss/lib/freebl/GF2m_ecl.c b/security/nss/lib/freebl/GF2m_ecl.c deleted file mode 100644 index 09fbf7979..000000000 --- a/security/nss/lib/freebl/GF2m_ecl.c +++ /dev/null @@ -1,539 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for binary polynomial - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#ifdef NSS_ENABLE_ECC -/* - * GF2m_ecl.c: Contains an implementation of elliptic curve math library - * for curves over GF2m. - * - * XXX Can be moved to a separate subdirectory later. - * - */ - -#include "GF2m_ecl.h" -#include "mpi/mplogic.h" -#include "mpi/mp_gf2m.h" -#include - -/* Checks if point P(px, py) is at infinity. Uses affine coordinates. */ -mp_err -GF2m_ec_pt_is_inf_aff(const mp_int *px, const mp_int *py) -{ - - if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) { - return MP_YES; - } else { - return MP_NO; - } - -} - -/* Sets P(px, py) to be the point at infinity. Uses affine coordinates. */ -mp_err -GF2m_ec_pt_set_inf_aff(mp_int *px, mp_int *py) -{ - mp_zero(px); - mp_zero(py); - return MP_OKAY; -} - -/* Computes R = P + Q based on IEEE P1363 A.10.2. - * Elliptic curve points P, Q, and R can all be identical. - * Uses affine coordinates. - */ -mp_err -GF2m_ec_pt_add_aff(const mp_int *pp, const mp_int *a, const mp_int *px, - const mp_int *py, const mp_int *qx, const mp_int *qy, - mp_int *rx, mp_int *ry) -{ - mp_err err = MP_OKAY; - mp_int lambda, xtemp, ytemp; - unsigned int *p; - int p_size; - - p_size = mp_bpoly2arr(pp, p, 0) + 1; - p = (unsigned int *) (malloc(sizeof(unsigned int) * p_size)); - if (p == NULL) goto cleanup; - mp_bpoly2arr(pp, p, p_size); - - CHECK_MPI_OK( mp_init(&lambda) ); - CHECK_MPI_OK( mp_init(&xtemp) ); - CHECK_MPI_OK( mp_init(&ytemp) ); - /* if P = inf, then R = Q */ - if (GF2m_ec_pt_is_inf_aff(px, py) == 0) { - CHECK_MPI_OK( mp_copy(qx, rx) ); - CHECK_MPI_OK( mp_copy(qy, ry) ); - err = MP_OKAY; - goto cleanup; - } - /* if Q = inf, then R = P */ - if (GF2m_ec_pt_is_inf_aff(qx, qy) == 0) { - CHECK_MPI_OK( mp_copy(px, rx) ); - CHECK_MPI_OK( mp_copy(py, ry) ); - err = MP_OKAY; - goto cleanup; - } - /* if px != qx, then lambda = (py+qy) / (px+qx), - * xtemp = a + lambda^2 + lambda + px + qx - */ - if (mp_cmp(px, qx) != 0) { - CHECK_MPI_OK( mp_badd(py, qy, &ytemp) ); - CHECK_MPI_OK( mp_badd(px, qx, &xtemp) ); - CHECK_MPI_OK( mp_bdivmod(&ytemp, &xtemp, pp, p, &lambda) ); - CHECK_MPI_OK( mp_bsqrmod(&lambda, p, &xtemp) ); - CHECK_MPI_OK( mp_badd(&xtemp, &lambda, &xtemp) ); - CHECK_MPI_OK( mp_badd(&xtemp, a, &xtemp) ); - CHECK_MPI_OK( mp_badd(&xtemp, px, &xtemp) ); - CHECK_MPI_OK( mp_badd(&xtemp, qx, &xtemp) ); - } else { - /* if py != qy or qx = 0, then R = inf */ - if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qx) == 0)) { - mp_zero(rx); - mp_zero(ry); - err = MP_OKAY; - goto cleanup; - } - /* lambda = qx + qy / qx */ - CHECK_MPI_OK( mp_bdivmod(qy, qx, pp, p, &lambda) ); - CHECK_MPI_OK( mp_badd(&lambda, qx, &lambda) ); - /* xtemp = a + lambda^2 + lambda */ - CHECK_MPI_OK( mp_bsqrmod(&lambda, p, &xtemp) ); - CHECK_MPI_OK( mp_badd(&xtemp, &lambda, &xtemp) ); - CHECK_MPI_OK( mp_badd(&xtemp, a, &xtemp) ); - } - /* ry = (qx + xtemp) * lambda + xtemp + qy */ - CHECK_MPI_OK( mp_badd(qx, &xtemp, &ytemp) ); - CHECK_MPI_OK( mp_bmulmod(&ytemp, &lambda, p, &ytemp) ); - CHECK_MPI_OK( mp_badd(&ytemp, &xtemp, &ytemp) ); - CHECK_MPI_OK( mp_badd(&ytemp, qy, ry) ); - /* rx = xtemp */ - CHECK_MPI_OK( mp_copy(&xtemp, rx) ); - -cleanup: - mp_clear(&lambda); - mp_clear(&xtemp); - mp_clear(&ytemp); - free(p); - return err; -} - -/* Computes R = P - Q. - * Elliptic curve points P, Q, and R can all be identical. - * Uses affine coordinates. - */ -mp_err -GF2m_ec_pt_sub_aff(const mp_int *pp, const mp_int *a, const mp_int *px, - const mp_int *py, const mp_int *qx, const mp_int *qy, - mp_int *rx, mp_int *ry) -{ - mp_err err = MP_OKAY; - mp_int nqy; - MP_DIGITS(&nqy) = 0; - CHECK_MPI_OK( mp_init(&nqy) ); - /* nqy = qx+qy */ - CHECK_MPI_OK( mp_badd(qx, qy, &nqy) ); - err = GF2m_ec_pt_add_aff(pp, a, px, py, qx, &nqy, rx, ry); -cleanup: - mp_clear(&nqy); - return err; -} - -/* Computes R = 2P. - * Elliptic curve points P and R can be identical. - * Uses affine coordinates. - */ -mp_err -GF2m_ec_pt_dbl_aff(const mp_int *pp, const mp_int *a, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry) -{ - return GF2m_ec_pt_add_aff(pp, a, px, py, px, py, rx, ry); -} - -/* Gets the i'th bit in the binary representation of a. - * If i >= length(a), then return 0. - * (The above behaviour differs from mpl_get_bit, which - * causes an error if i >= length(a).) - */ -#define MP_GET_BIT(a, i) \ - ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i)) - -/* Computes R = nP based on IEEE P1363 A.10.3. - * Elliptic curve points P and R can be identical. - * Uses affine coordinates. - */ -mp_err -GF2m_ec_pt_mul_aff(const mp_int *pp, const mp_int *a, const mp_int *b, - const mp_int *px, const mp_int *py, const mp_int *n, - mp_int *rx, mp_int *ry) -{ - mp_err err = MP_OKAY; - mp_int k, k3, qx, qy, sx, sy; - int b1, b3, i, l; - unsigned int *p; - int p_size; - - MP_DIGITS(&k) = 0; - MP_DIGITS(&k3) = 0; - MP_DIGITS(&qx) = 0; - MP_DIGITS(&qy) = 0; - MP_DIGITS(&sx) = 0; - MP_DIGITS(&sy) = 0; - CHECK_MPI_OK( mp_init(&k) ); - CHECK_MPI_OK( mp_init(&k3) ); - CHECK_MPI_OK( mp_init(&qx) ); - CHECK_MPI_OK( mp_init(&qy) ); - CHECK_MPI_OK( mp_init(&sx) ); - CHECK_MPI_OK( mp_init(&sy) ); - - p_size = mp_bpoly2arr(pp, p, 0) + 1; - p = (unsigned int *) (malloc(sizeof(unsigned int) * p_size)); - if (p == NULL) goto cleanup; - mp_bpoly2arr(pp, p, p_size); - - /* if n = 0 then r = inf */ - if (mp_cmp_z(n) == 0) { - mp_zero(rx); - mp_zero(ry); - err = MP_OKAY; - goto cleanup; - } - /* Q = P, k = n */ - CHECK_MPI_OK( mp_copy(px, &qx) ); - CHECK_MPI_OK( mp_copy(py, &qy) ); - CHECK_MPI_OK( mp_copy(n, &k) ); - /* if n < 0 then Q = -Q, k = -k */ - if (mp_cmp_z(n) < 0) { - CHECK_MPI_OK( mp_badd(&qx, &qy, &qy) ); - CHECK_MPI_OK( mp_neg(&k, &k) ); - } -#ifdef EC_DEBUG /* basic double and add method */ - l = mpl_significant_bits(&k) - 1; - mp_zero(&sx); - mp_zero(&sy); - for (i = l; i >= 0; i--) { - /* if k_i = 1, then S = S + Q */ - if (mpl_get_bit(&k, i) != 0) { - CHECK_MPI_OK( GF2m_ec_pt_add_aff(pp, a, &sx, &sy, &qx, &qy, &sx, &sy) ); - } - if (i > 0) { - /* S = 2S */ - CHECK_MPI_OK( GF2m_ec_pt_dbl_aff(pp, a, &sx, &sy, &sx, &sy) ); - } - } -#else /* double and add/subtract method from standard */ - /* k3 = 3 * k */ - mp_set(&k3, 0x3); - CHECK_MPI_OK( mp_mul(&k, &k3, &k3) ); - /* S = Q */ - CHECK_MPI_OK( mp_copy(&qx, &sx) ); - CHECK_MPI_OK( mp_copy(&qy, &sy) ); - /* l = index of high order bit in binary representation of 3*k */ - l = mpl_significant_bits(&k3) - 1; - /* for i = l-1 downto 1 */ - for (i = l - 1; i >= 1; i--) { - /* S = 2S */ - CHECK_MPI_OK( GF2m_ec_pt_dbl_aff(pp, a, &sx, &sy, &sx, &sy) ); - b3 = MP_GET_BIT(&k3, i); - b1 = MP_GET_BIT(&k, i); - /* if k3_i = 1 and k_i = 0, then S = S + Q */ - if ((b3 == 1) && (b1 == 0)) { - CHECK_MPI_OK( GF2m_ec_pt_add_aff(pp, a, &sx, &sy, &qx, &qy, &sx, &sy) ); - /* if k3_i = 0 and k_i = 1, then S = S - Q */ - } else if ((b3 == 0) && (b1 == 1)) { - CHECK_MPI_OK( GF2m_ec_pt_sub_aff(pp, a, &sx, &sy, &qx, &qy, &sx, &sy) ); - } - } -#endif - /* output S */ - CHECK_MPI_OK( mp_copy(&sx, rx) ); - CHECK_MPI_OK( mp_copy(&sy, ry) ); - -cleanup: - mp_clear(&k); - mp_clear(&k3); - mp_clear(&qx); - mp_clear(&qy); - mp_clear(&sx); - mp_clear(&sy); - free(p); - return err; -} - -/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective - * coordinates. - * Uses algorithm Mdouble in appendix of - * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". - * modified to not require precomputation of c=b^{2^{m-1}}. - */ -static mp_err -gf2m_Mdouble(const mp_int *pp, const unsigned int p[], const mp_int *a, - const mp_int *b, mp_int *x, mp_int *z) -{ - mp_err err = MP_OKAY; - mp_int t1; - - MP_DIGITS(&t1) = 0; - CHECK_MPI_OK( mp_init(&t1) ); - - CHECK_MPI_OK( mp_bsqrmod(x, p, x) ); - CHECK_MPI_OK( mp_bsqrmod(z, p, &t1) ); - CHECK_MPI_OK( mp_bmulmod(x, &t1, p, z) ); - CHECK_MPI_OK( mp_bsqrmod(x, p, x) ); - CHECK_MPI_OK( mp_bsqrmod(&t1, p, &t1) ); - CHECK_MPI_OK( mp_bmulmod(b, &t1, p, &t1) ); - CHECK_MPI_OK( mp_badd(x, &t1, x) ); - -cleanup: - mp_clear(&t1); - return err; -} - -/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery - * projective coordinates. - * Uses algorithm Madd in appendix of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". - */ -static mp_err -gf2m_Madd(const mp_int *pp, const unsigned int p[], const mp_int *a, - const mp_int *b, const mp_int *x, mp_int *x1, mp_int *z1, mp_int *x2, - mp_int *z2) -{ - mp_err err = MP_OKAY; - mp_int t1, t2; - - MP_DIGITS(&t1) = 0; - MP_DIGITS(&t2) = 0; - CHECK_MPI_OK( mp_init(&t1) ); - CHECK_MPI_OK( mp_init(&t2) ); - - CHECK_MPI_OK( mp_copy(x, &t1) ); - CHECK_MPI_OK( mp_bmulmod(x1, z2, p, x1) ); - CHECK_MPI_OK( mp_bmulmod(z1, x2, p, z1) ); - CHECK_MPI_OK( mp_bmulmod(x1, z1, p, &t2) ); - CHECK_MPI_OK( mp_badd(z1, x1, z1) ); - CHECK_MPI_OK( mp_bsqrmod(z1, p, z1) ); - CHECK_MPI_OK( mp_bmulmod(z1, &t1, p, x1) ); - CHECK_MPI_OK( mp_badd(x1, &t2, x1) ); - -cleanup: - mp_clear(&t1); - mp_clear(&t2); - return err; -} - -/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) - * using Montgomery point multiplication algorithm Mxy() in appendix of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". - * Returns: - * 0 on error - * 1 if return value should be the point at infinity - * 2 otherwise - */ -static int -gf2m_Mxy(const mp_int *pp, const unsigned int p[], const mp_int *a, - const mp_int *b, const mp_int *x, const mp_int *y, mp_int *x1, mp_int *z1, - mp_int *x2, mp_int *z2) -{ - mp_err err = MP_OKAY; - int ret; - mp_int t3, t4, t5; - - MP_DIGITS(&t3) = 0; - MP_DIGITS(&t4) = 0; - MP_DIGITS(&t5) = 0; - CHECK_MPI_OK( mp_init(&t3) ); - CHECK_MPI_OK( mp_init(&t4) ); - CHECK_MPI_OK( mp_init(&t5) ); - - if (mp_cmp_z(z1) == 0) { - mp_zero(x2); - mp_zero(z2); - ret = 1; - goto cleanup; - } - - if (mp_cmp_z(z2) == 0) { - CHECK_MPI_OK( mp_copy(x, x2) ); - CHECK_MPI_OK( mp_badd(x, y, z2) ); - ret = 2; - goto cleanup; - } - - mp_set(&t5, 0x1); - - CHECK_MPI_OK( mp_bmulmod(z1, z2, p, &t3) ); - - CHECK_MPI_OK( mp_bmulmod(z1, x, p, z1) ); - CHECK_MPI_OK( mp_badd(z1, x1, z1) ); - CHECK_MPI_OK( mp_bmulmod(z2, x, p, z2) ); - CHECK_MPI_OK( mp_bmulmod(z2, x1, p, x1) ); - CHECK_MPI_OK( mp_badd(z2, x2, z2) ); - - CHECK_MPI_OK( mp_bmulmod(z2, z1, p, z2) ); - CHECK_MPI_OK( mp_bsqrmod(x, p, &t4) ); - CHECK_MPI_OK( mp_badd(&t4, y, &t4) ); - CHECK_MPI_OK( mp_bmulmod(&t4, &t3, p, &t4) ); - CHECK_MPI_OK( mp_badd(&t4, z2, &t4) ); - - CHECK_MPI_OK( mp_bmulmod(&t3, x, p, &t3) ); - CHECK_MPI_OK( mp_bdivmod(&t5, &t3, pp, p, &t3) ); - CHECK_MPI_OK( mp_bmulmod(&t3, &t4, p, &t4) ); - CHECK_MPI_OK( mp_bmulmod(x1, &t3, p, x2) ); - CHECK_MPI_OK( mp_badd(x2, x, z2) ); - - CHECK_MPI_OK( mp_bmulmod(z2, &t4, p, z2) ); - CHECK_MPI_OK( mp_badd(z2, y, z2) ); - - ret = 2; - -cleanup: - mp_clear(&t3); - mp_clear(&t4); - mp_clear(&t5); - if (err == MP_OKAY) { - return ret; - } else { - return 0; - } -} - -/* Computes R = nP based on algorithm 2P of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". - * Elliptic curve points P and R can be identical. - * Uses Montgomery projective coordinates. - */ -mp_err -GF2m_ec_pt_mul_mont(const mp_int *pp, const mp_int *a, const mp_int *b, - const mp_int *px, const mp_int *py, const mp_int *n, - mp_int *rx, mp_int *ry) -{ - mp_err err = MP_OKAY; - mp_int x1, x2, z1, z2; - int i, j; - mp_digit top_bit, mask; - unsigned int *p; - int p_size; - - MP_DIGITS(&x1) = 0; - MP_DIGITS(&x2) = 0; - MP_DIGITS(&z1) = 0; - MP_DIGITS(&z2) = 0; - CHECK_MPI_OK( mp_init(&x1) ); - CHECK_MPI_OK( mp_init(&x2) ); - CHECK_MPI_OK( mp_init(&z1) ); - CHECK_MPI_OK( mp_init(&z2) ); - - p_size = mp_bpoly2arr(pp, p, 0) + 1; - p = (unsigned int *) (malloc(sizeof(unsigned int) * p_size)); - if (p == NULL) goto cleanup; - mp_bpoly2arr(pp, p, p_size); - - /* if result should be point at infinity */ - if ((mp_cmp_z(n) == 0) || (GF2m_ec_pt_is_inf_aff(px, py) == MP_YES)) { - CHECK_MPI_OK( GF2m_ec_pt_set_inf_aff(rx, ry) ); - goto cleanup; - } - - CHECK_MPI_OK( mp_copy(rx, &x2) ); /* x2 = rx */ - CHECK_MPI_OK( mp_copy(ry, &z2) ); /* z2 = ry */ - - CHECK_MPI_OK( mp_copy(px, &x1) ); /* x1 = px */ - mp_set(&z1, 0x1); /* z1 = 1 */ - CHECK_MPI_OK( mp_bsqrmod(&x1, p, &z2) ); /* z2 = x1^2 = x2^2 */ - CHECK_MPI_OK( mp_bsqrmod(&z2, p, &x2) ); - CHECK_MPI_OK( mp_badd(&x2, b, &x2) ); /* x2 = px^4 + b */ - - /* find top-most bit and go one past it */ - i = MP_USED(n) - 1; - j = MP_DIGIT_BIT - 1; - top_bit = 1; - top_bit <<= MP_DIGIT_BIT - 1; - mask = top_bit; - while (!(MP_DIGITS(n)[i] & mask)) { - mask >>= 1; - j--; - } - mask >>= 1; j--; - - /* if top most bit was at word break, go to next word */ - if (!mask) { - i--; - j = MP_DIGIT_BIT - 1; - mask = top_bit; - } - - for (; i >= 0; i--) { - for (; j >= 0; j--) { - if (MP_DIGITS(n)[i] & mask) { - CHECK_MPI_OK( gf2m_Madd(pp, p, a, b, px, &x1, &z1, &x2, &z2) ); - CHECK_MPI_OK( gf2m_Mdouble(pp, p, a, b, &x2, &z2) ); - } else { - CHECK_MPI_OK( gf2m_Madd(pp, p, a, b, px, &x2, &z2, &x1, &z1) ); - CHECK_MPI_OK( gf2m_Mdouble(pp, p, a, b, &x1, &z1) ); - } - mask >>= 1; - } - j = MP_DIGIT_BIT - 1; - mask = top_bit; - } - - /* convert out of "projective" coordinates */ - i = gf2m_Mxy(pp, p, a, b, px, py, &x1, &z1, &x2, &z2); - if (i == 0) { - err = MP_BADARG; - goto cleanup; - } else if (i == 1) { - CHECK_MPI_OK( GF2m_ec_pt_set_inf_aff(rx, ry) ); - } else { - CHECK_MPI_OK( mp_copy(&x2, rx) ); - CHECK_MPI_OK( mp_copy(&z2, ry) ); - } - -cleanup: - mp_clear(&x1); - mp_clear(&x2); - mp_clear(&z1); - mp_clear(&z2); - free(p); - return err; -} - -#endif /* NSS_ENABLE_ECC */ diff --git a/security/nss/lib/freebl/GF2m_ecl.h b/security/nss/lib/freebl/GF2m_ecl.h deleted file mode 100644 index e562c2fc0..000000000 --- a/security/nss/lib/freebl/GF2m_ecl.h +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for binary polynomial - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#ifndef __gf2m_ecl_h_ -#define __gf2m_ecl_h_ -#ifdef NSS_ENABLE_ECC - -#include "secmpi.h" - -/* Checks if point P(px, py) is at infinity. Uses affine coordinates. */ -mp_err GF2m_ec_pt_is_inf_aff(const mp_int *px, const mp_int *py); - -/* Sets P(px, py) to be the point at infinity. Uses affine coordinates. */ -mp_err GF2m_ec_pt_set_inf_aff(mp_int *px, mp_int *py); - -/* Computes R = P + Q where R is (rx, ry), P is (px, py) and Q is (qx, qy). - * Uses affine coordinates. - */ -mp_err GF2m_ec_pt_add_aff(const mp_int *pp, const mp_int *a, - const mp_int *px, const mp_int *py, const mp_int *qx, const mp_int *qy, - mp_int *rx, mp_int *ry); - -/* Computes R = P - Q. Uses affine coordinates. */ -mp_err GF2m_ec_pt_sub_aff(const mp_int *pp, const mp_int *a, - const mp_int *px, const mp_int *py, const mp_int *qx, const mp_int *qy, - mp_int *rx, mp_int *ry); - -/* Computes R = 2P. Uses affine coordinates. */ -mp_err GF2m_ec_pt_dbl_aff(const mp_int *pp, const mp_int *a, - const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry); - -/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters - * a, b and p are the elliptic curve coefficients and the irreducible that - * determines the field GF2m. Uses affine coordinates. - */ -mp_err GF2m_ec_pt_mul_aff(const mp_int *pp, const mp_int *a, const mp_int *b, - const mp_int *px, const mp_int *py, const mp_int *n, - mp_int *rx, mp_int *ry); - -/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters - * a, b and p are the elliptic curve coefficients and the irreducible that - * determines the field GF2m. Uses Montgomery projective coordinates. - */ -mp_err GF2m_ec_pt_mul_mont(const mp_int *pp, const mp_int *a, - const mp_int *b, const mp_int *px, const mp_int *py, - const mp_int *n, mp_int *rx, mp_int *ry); - -#define GF2m_ec_pt_is_inf(px, py) GF2m_ec_pt_is_inf_aff((px), (py)) -#define GF2m_ec_pt_add(p, a, px, py, qx, qy, rx, ry) \ - GF2m_ec_pt_add_aff((p), (a), (px), (py), (qx), (qy), (rx), (ry)) - -#define GF2m_ECL_MONTGOMERY -#ifdef GF2m_ECL_AFFINE -#define GF2m_ec_pt_mul(pp, a, b, px, py, n, rx, ry) \ - GF2m_ec_pt_mul_aff((pp), (a), (b), (px), (py), (n), (rx), (ry)) -#elif defined(GF2m_ECL_MONTGOMERY) -#define GF2m_ec_pt_mul(pp, a, b, px, py, n, rx, ry) \ - GF2m_ec_pt_mul_mont((pp), (a), (b), (px), (py), (n), (rx), (ry)) -#endif /* GF2m_ECL_AFFINE or GF2m_ECL_MONTGOMERY */ - -#endif /* NSS_ENABLE_ECC */ -#endif /* __gf2m_ecl_h_ */ diff --git a/security/nss/lib/freebl/GFp_ecl.c b/security/nss/lib/freebl/GFp_ecl.c deleted file mode 100644 index 1b662b827..000000000 --- a/security/nss/lib/freebl/GFp_ecl.c +++ /dev/null @@ -1,647 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sheueling Chang Shantz and - * Douglas Stebila , Sun Microsystems Laboratories - * - * Bodo Moeller , - * Nils Larsch , and - * Lenka Fibikova , the OpenSSL Project. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ -#ifdef NSS_ENABLE_ECC -/* - * GFp_ecl.c: Contains an implementation of elliptic curve math library - * for curves over GFp. - * - * XXX Can be moved to a separate subdirectory later. - * - */ - -#include "GFp_ecl.h" -#include "mpi/mplogic.h" - -/* Checks if point P(px, py) is at infinity. Uses affine coordinates. */ -mp_err -GFp_ec_pt_is_inf_aff(const mp_int *px, const mp_int *py) -{ - - if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) { - return MP_YES; - } else { - return MP_NO; - } - -} - -/* Sets P(px, py) to be the point at infinity. Uses affine coordinates. */ -mp_err -GFp_ec_pt_set_inf_aff(mp_int *px, mp_int *py) -{ - mp_zero(px); - mp_zero(py); - return MP_OKAY; -} - -/* Computes R = P + Q based on IEEE P1363 A.10.1. - * Elliptic curve points P, Q, and R can all be identical. - * Uses affine coordinates. - */ -mp_err -GFp_ec_pt_add_aff(const mp_int *p, const mp_int *a, const mp_int *px, - const mp_int *py, const mp_int *qx, const mp_int *qy, - mp_int *rx, mp_int *ry) -{ - mp_err err = MP_OKAY; - mp_int lambda, temp, xtemp, ytemp; - - CHECK_MPI_OK( mp_init(&lambda) ); - CHECK_MPI_OK( mp_init(&temp) ); - CHECK_MPI_OK( mp_init(&xtemp) ); - CHECK_MPI_OK( mp_init(&ytemp) ); - /* if P = inf, then R = Q */ - if (GFp_ec_pt_is_inf_aff(px, py) == 0) { - CHECK_MPI_OK( mp_copy(qx, rx) ); - CHECK_MPI_OK( mp_copy(qy, ry) ); - err = MP_OKAY; - goto cleanup; - } - /* if Q = inf, then R = P */ - if (GFp_ec_pt_is_inf_aff(qx, qy) == 0) { - CHECK_MPI_OK( mp_copy(px, rx) ); - CHECK_MPI_OK( mp_copy(py, ry) ); - err = MP_OKAY; - goto cleanup; - } - /* if px != qx, then lambda = (py-qy) / (px-qx) */ - if (mp_cmp(px, qx) != 0) { - CHECK_MPI_OK( mp_submod(py, qy, p, &ytemp) ); - CHECK_MPI_OK( mp_submod(px, qx, p, &xtemp) ); - CHECK_MPI_OK( mp_invmod(&xtemp, p, &xtemp) ); - CHECK_MPI_OK( mp_mulmod(&ytemp, &xtemp, p, &lambda) ); - } else { - /* if py != qy or qy = 0, then R = inf */ - if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qy) == 0)) { - mp_zero(rx); - mp_zero(ry); - err = MP_OKAY; - goto cleanup; - } - /* lambda = (3qx^2+a) / (2qy) */ - CHECK_MPI_OK( mp_sqrmod(qx, p, &xtemp) ); - mp_set(&temp, 0x3); - CHECK_MPI_OK( mp_mulmod(&xtemp, &temp, p, &xtemp) ); - CHECK_MPI_OK( mp_addmod(&xtemp, a, p, &xtemp) ); - mp_set(&temp, 0x2); - CHECK_MPI_OK( mp_mulmod(qy, &temp, p, &ytemp) ); - CHECK_MPI_OK( mp_invmod(&ytemp, p, &ytemp) ); - CHECK_MPI_OK( mp_mulmod(&xtemp, &ytemp, p, &lambda) ); - } - /* rx = lambda^2 - px - qx */ - CHECK_MPI_OK( mp_sqrmod(&lambda, p, &xtemp) ); - CHECK_MPI_OK( mp_submod(&xtemp, px, p, &xtemp) ); - CHECK_MPI_OK( mp_submod(&xtemp, qx, p, &xtemp) ); - /* ry = (x1-x2) * lambda - y1 */ - CHECK_MPI_OK( mp_submod(qx, &xtemp, p, &ytemp) ); - CHECK_MPI_OK( mp_mulmod(&ytemp, &lambda, p, &ytemp) ); - CHECK_MPI_OK( mp_submod(&ytemp, qy, p, &ytemp) ); - CHECK_MPI_OK( mp_copy(&xtemp, rx) ); - CHECK_MPI_OK( mp_copy(&ytemp, ry) ); - -cleanup: - mp_clear(&lambda); - mp_clear(&temp); - mp_clear(&xtemp); - mp_clear(&ytemp); - return err; -} - -/* Computes R = P - Q. - * Elliptic curve points P, Q, and R can all be identical. - * Uses affine coordinates. - */ -mp_err -GFp_ec_pt_sub_aff(const mp_int *p, const mp_int *a, const mp_int *px, - const mp_int *py, const mp_int *qx, const mp_int *qy, - mp_int *rx, mp_int *ry) -{ - mp_err err = MP_OKAY; - mp_int nqy; - MP_DIGITS(&nqy) = 0; - CHECK_MPI_OK( mp_init(&nqy) ); - /* nqy = -qy */ - CHECK_MPI_OK( mp_neg(qy, &nqy) ); - err = GFp_ec_pt_add_aff(p, a, px, py, qx, &nqy, rx, ry); -cleanup: - mp_clear(&nqy); - return err; -} - -/* Computes R = 2P. - * Elliptic curve points P and R can be identical. - * Uses affine coordinates. - */ -mp_err -GFp_ec_pt_dbl_aff(const mp_int *p, const mp_int *a, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry) -{ - return GFp_ec_pt_add_aff(p, a, px, py, px, py, rx, ry); -} - -/* Gets the i'th bit in the binary representation of a. - * If i >= length(a), then return 0. - * (The above behaviour differs from mpl_get_bit, which - * causes an error if i >= length(a).) - */ -#define MP_GET_BIT(a, i) \ - ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i)) - -/* Computes R = nP based on IEEE P1363 A.10.3. - * Elliptic curve points P and R can be identical. - * Uses affine coordinates. - */ -mp_err -GFp_ec_pt_mul_aff(const mp_int *p, const mp_int *a, const mp_int *b, - const mp_int *px, const mp_int *py, const mp_int *n, mp_int *rx, - mp_int *ry) -{ - mp_err err = MP_OKAY; - mp_int k, k3, qx, qy, sx, sy; - int b1, b3, i, l; - - MP_DIGITS(&k) = 0; - MP_DIGITS(&k3) = 0; - MP_DIGITS(&qx) = 0; - MP_DIGITS(&qy) = 0; - MP_DIGITS(&sx) = 0; - MP_DIGITS(&sy) = 0; - CHECK_MPI_OK( mp_init(&k) ); - CHECK_MPI_OK( mp_init(&k3) ); - CHECK_MPI_OK( mp_init(&qx) ); - CHECK_MPI_OK( mp_init(&qy) ); - CHECK_MPI_OK( mp_init(&sx) ); - CHECK_MPI_OK( mp_init(&sy) ); - - /* if n = 0 then r = inf */ - if (mp_cmp_z(n) == 0) { - mp_zero(rx); - mp_zero(ry); - err = MP_OKAY; - goto cleanup; - } - /* Q = P, k = n */ - CHECK_MPI_OK( mp_copy(px, &qx) ); - CHECK_MPI_OK( mp_copy(py, &qy) ); - CHECK_MPI_OK( mp_copy(n, &k) ); - /* if n < 0 Q = -Q, k = -k */ - if (mp_cmp_z(n) < 0) { - CHECK_MPI_OK( mp_neg(&qy, &qy) ); - CHECK_MPI_OK( mp_mod(&qy, p, &qy) ); - CHECK_MPI_OK( mp_neg(&k, &k) ); - CHECK_MPI_OK( mp_mod(&k, p, &k) ); - } -#ifdef EC_DEBUG /* basic double and add method */ - l = mpl_significant_bits(&k) - 1; - mp_zero(&sx); - mp_zero(&sy); - for (i = l; i >= 0; i--) { - /* if k_i = 1, then S = S + Q */ - if (mpl_get_bit(&k, i) != 0) { - CHECK_MPI_OK( GFp_ec_pt_add_aff(p, a, &sx, &sy, - &qx, &qy, &sx, &sy) ); - } - if (i > 0) { - /* S = 2S */ - CHECK_MPI_OK( GFp_ec_pt_dbl_aff(p, a, &sx, &sy, &sx, &sy) ); - } - } -#else /* double and add/subtract method from standard */ - /* k3 = 3 * k */ - mp_set(&k3, 0x3); - CHECK_MPI_OK( mp_mul(&k, &k3, &k3) ); - /* S = Q */ - CHECK_MPI_OK( mp_copy(&qx, &sx) ); - CHECK_MPI_OK( mp_copy(&qy, &sy) ); - /* l = index of high order bit in binary representation of 3*k */ - l = mpl_significant_bits(&k3) - 1; - /* for i = l-1 downto 1 */ - for (i = l - 1; i >= 1; i--) { - /* S = 2S */ - CHECK_MPI_OK( GFp_ec_pt_dbl_aff(p, a, &sx, &sy, &sx, &sy) ); - b3 = MP_GET_BIT(&k3, i); - b1 = MP_GET_BIT(&k, i); - /* if k3_i = 1 and k_i = 0, then S = S + Q */ - if ((b3 == 1) && (b1 == 0)) { - CHECK_MPI_OK( GFp_ec_pt_add_aff(p, a, &sx, &sy, - &qx, &qy, &sx, &sy) ); - /* if k3_i = 0 and k_i = 1, then S = S - Q */ - } else if ((b3 == 0) && (b1 == 1)) { - CHECK_MPI_OK( GFp_ec_pt_sub_aff(p, a, &sx, &sy, - &qx, &qy, &sx, &sy) ); - } - } -#endif - /* output S */ - CHECK_MPI_OK( mp_copy(&sx, rx) ); - CHECK_MPI_OK( mp_copy(&sy, ry) ); - -cleanup: - mp_clear(&k); - mp_clear(&k3); - mp_clear(&qx); - mp_clear(&qy); - mp_clear(&sx); - mp_clear(&sy); - return err; -} - -/* Converts a point P(px, py, pz) from Jacobian projective coordinates to - * affine coordinates R(rx, ry). P and R can share x and y coordinates. - */ -mp_err -GFp_ec_pt_jac2aff(const mp_int *px, const mp_int *py, const mp_int *pz, - const mp_int *p, mp_int *rx, mp_int *ry) -{ - mp_err err = MP_OKAY; - mp_int z1, z2, z3; - MP_DIGITS(&z1) = 0; - MP_DIGITS(&z2) = 0; - MP_DIGITS(&z3) = 0; - CHECK_MPI_OK( mp_init(&z1) ); - CHECK_MPI_OK( mp_init(&z2) ); - CHECK_MPI_OK( mp_init(&z3) ); - - /* if point at infinity, then set point at infinity and exit */ - if (GFp_ec_pt_is_inf_jac(px, py, pz) == MP_YES) { - CHECK_MPI_OK( GFp_ec_pt_set_inf_aff(rx, ry) ); - goto cleanup; - } - - /* transform (px, py, pz) into (px / pz^2, py / pz^3) */ - if (mp_cmp_d(pz, 1) == 0) { - CHECK_MPI_OK( mp_copy(px, rx) ); - CHECK_MPI_OK( mp_copy(py, ry) ); - } else { - CHECK_MPI_OK( mp_invmod(pz, p, &z1) ); - CHECK_MPI_OK( mp_sqrmod(&z1, p, &z2) ); - CHECK_MPI_OK( mp_mulmod(&z1, &z2, p, &z3) ); - CHECK_MPI_OK( mp_mulmod(px, &z2, p, rx) ); - CHECK_MPI_OK( mp_mulmod(py, &z3, p, ry) ); - } - -cleanup: - mp_clear(&z1); - mp_clear(&z2); - mp_clear(&z3); - return err; -} - -/* Checks if point P(px, py, pz) is at infinity. - * Uses Jacobian coordinates. - */ -mp_err -GFp_ec_pt_is_inf_jac(const mp_int *px, const mp_int *py, const mp_int *pz) -{ - return mp_cmp_z(pz); -} - -/* Sets P(px, py, pz) to be the point at infinity. Uses Jacobian - * coordinates. - */ -mp_err -GFp_ec_pt_set_inf_jac(mp_int *px, mp_int *py, mp_int *pz) -{ - mp_zero(pz); - return MP_OKAY; -} - -/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and - * Q is (qx, qy, qz). Elliptic curve points P, Q, and R can all be - * identical. Uses Jacobian coordinates. - * - * This routine implements Point Addition in the Jacobian Projective - * space as described in the paper "Efficient elliptic curve exponentiation - * using mixed coordinates", by H. Cohen, A Miyaji, T. Ono. - */ -mp_err -GFp_ec_pt_add_jac(const mp_int *p, const mp_int *a, const mp_int *px, - const mp_int *py, const mp_int *pz, const mp_int *qx, - const mp_int *qy, const mp_int *qz, mp_int *rx, mp_int *ry, mp_int *rz) -{ - mp_err err = MP_OKAY; - mp_int n0, u1, u2, s1, s2, H, G; - MP_DIGITS(&n0) = 0; - MP_DIGITS(&u1) = 0; - MP_DIGITS(&u2) = 0; - MP_DIGITS(&s1) = 0; - MP_DIGITS(&s2) = 0; - MP_DIGITS(&H) = 0; - MP_DIGITS(&G) = 0; - CHECK_MPI_OK( mp_init(&n0) ); - CHECK_MPI_OK( mp_init(&u1) ); - CHECK_MPI_OK( mp_init(&u2) ); - CHECK_MPI_OK( mp_init(&s1) ); - CHECK_MPI_OK( mp_init(&s2) ); - CHECK_MPI_OK( mp_init(&H) ); - CHECK_MPI_OK( mp_init(&G) ); - - /* Use point double if pointers are equal. */ - if ((px == qx) && (py == qy) && (pz == qz)) { - err = GFp_ec_pt_dbl_jac(p, a, px, py, pz, rx, ry, rz); - goto cleanup; - } - - /* If either P or Q is the point at infinity, then return - * the other point - */ - if (GFp_ec_pt_is_inf_jac(px, py, pz) == MP_YES) { - CHECK_MPI_OK( mp_copy(qx, rx) ); - CHECK_MPI_OK( mp_copy(qy, ry) ); - CHECK_MPI_OK( mp_copy(qz, rz) ); - goto cleanup; - } - if (GFp_ec_pt_is_inf_jac(qx, qy, qz) == MP_YES) { - CHECK_MPI_OK( mp_copy(px, rx) ); - CHECK_MPI_OK( mp_copy(py, ry) ); - CHECK_MPI_OK( mp_copy(pz, rz) ); - goto cleanup; - } - - /* Compute u1 = px * qz^2, s1 = py * qz^3 */ - if (mp_cmp_d(qz, 1) == 0) { - CHECK_MPI_OK( mp_copy(px, &u1) ); - CHECK_MPI_OK( mp_copy(py, &s1) ); - } else { - CHECK_MPI_OK( mp_sqrmod(qz, p, &n0) ); - CHECK_MPI_OK( mp_mulmod(px, &n0, p, &u1) ); - CHECK_MPI_OK( mp_mulmod(&n0, qz, p, &n0) ); - CHECK_MPI_OK( mp_mulmod(py, &n0, p, &s1) ); - } - - /* Compute u2 = qx * pz^2, s2 = qy * pz^3 */ - if (mp_cmp_d(pz, 1) == 0) { - CHECK_MPI_OK( mp_copy(qx, &u2) ); - CHECK_MPI_OK( mp_copy(qy, &s2) ); - } else { - CHECK_MPI_OK( mp_sqrmod(pz, p, &n0) ); - CHECK_MPI_OK( mp_mulmod(qx, &n0, p, &u2) ); - CHECK_MPI_OK( mp_mulmod(&n0, pz, p, &n0) ); - CHECK_MPI_OK( mp_mulmod(qy, &n0, p, &s2) ); - } - - /* Compute H = u2 - u1 ; G = s2 - s1 */ - CHECK_MPI_OK( mp_submod(&u2, &u1, p, &H) ); - CHECK_MPI_OK( mp_submod(&s2, &s1, p, &G) ); - - if (mp_cmp_z(&H) == 0) { - if (mp_cmp_z(&G) == 0) { - /* P = Q; double */ - err = GFp_ec_pt_dbl_jac(p, a, px, py, pz, - rx, ry, rz); - goto cleanup; - } else { - /* P = -Q; return point at infinity */ - CHECK_MPI_OK( GFp_ec_pt_set_inf_jac(rx, ry, rz) ); - goto cleanup; - } - } - - /* rz = pz * qz * H */ - if (mp_cmp_d(pz, 1) == 0) { - if (mp_cmp_d(qz, 1) == 0) { - /* if pz == qz == 1, then rz = H */ - CHECK_MPI_OK( mp_copy(&H, rz) ); - } else { - CHECK_MPI_OK( mp_mulmod(qz, &H, p, rz) ); - } - } else { - if (mp_cmp_d(qz, 1) == 0) { - CHECK_MPI_OK( mp_mulmod(pz, &H, p, rz) ); - } else { - CHECK_MPI_OK( mp_mulmod(pz, qz, p, &n0) ); - CHECK_MPI_OK( mp_mulmod(&n0, &H, p, rz) ); - } - } - - /* rx = G^2 - H^3 - 2 * u1 * H^2 */ - CHECK_MPI_OK( mp_sqrmod(&G, p, rx) ); - CHECK_MPI_OK( mp_sqrmod(&H, p, &n0) ); - CHECK_MPI_OK( mp_mulmod(&n0, &u1, p, &u1) ); - CHECK_MPI_OK( mp_addmod(&u1, &u1, p, &u2) ); - CHECK_MPI_OK( mp_mulmod(&H, &n0, p, &H) ); - CHECK_MPI_OK( mp_submod(rx, &H, p, rx) ); - CHECK_MPI_OK( mp_submod(rx, &u2, p, rx) ); - - /* ry = - s1 * H^3 + G * (u1 * H^2 - rx) */ - /* (formula based on values of variables before block above) */ - CHECK_MPI_OK( mp_submod(&u1, rx, p, &u1) ); - CHECK_MPI_OK( mp_mulmod(&G, &u1, p, ry) ); - CHECK_MPI_OK( mp_mulmod(&s1, &H, p, &s1) ); - CHECK_MPI_OK( mp_submod(ry, &s1, p, ry) ); - -cleanup: - mp_clear(&n0); - mp_clear(&u1); - mp_clear(&u2); - mp_clear(&s1); - mp_clear(&s2); - mp_clear(&H); - mp_clear(&G); - return err; -} - -/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses - * Jacobian coordinates. - * - * This routine implements Point Doubling in the Jacobian Projective - * space as described in the paper "Efficient elliptic curve exponentiation - * using mixed coordinates", by H. Cohen, A Miyaji, T. Ono. - */ -mp_err -GFp_ec_pt_dbl_jac(const mp_int *p, const mp_int *a, const mp_int *px, - const mp_int *py, const mp_int *pz, mp_int *rx, mp_int *ry, mp_int *rz) -{ - mp_err err = MP_OKAY; - mp_int t0, t1, M, S; - MP_DIGITS(&t0) = 0; - MP_DIGITS(&t1) = 0; - MP_DIGITS(&M) = 0; - MP_DIGITS(&S) = 0; - CHECK_MPI_OK( mp_init(&t0) ); - CHECK_MPI_OK( mp_init(&t1) ); - CHECK_MPI_OK( mp_init(&M) ); - CHECK_MPI_OK( mp_init(&S) ); - - if (GFp_ec_pt_is_inf_jac(px, py, pz) == MP_YES) { - CHECK_MPI_OK( GFp_ec_pt_set_inf_jac(rx, ry, rz) ); - goto cleanup; - } - - if (mp_cmp_d(pz, 1) == 0) { - /* M = 3 * px^2 + a */ - CHECK_MPI_OK( mp_sqrmod(px, p, &t0) ); - CHECK_MPI_OK( mp_addmod(&t0, &t0, p, &M) ); - CHECK_MPI_OK( mp_addmod(&t0, &M, p, &t0) ); - CHECK_MPI_OK( mp_addmod(&t0, a, p, &M) ); - } else if (mp_cmp_int(a, -3) == 0) { - /* M = 3 * (px + pz^2) * (px - pz) */ - CHECK_MPI_OK( mp_sqrmod(pz, p, &M) ); - CHECK_MPI_OK( mp_addmod(px, &M, p, &t0) ); - CHECK_MPI_OK( mp_submod(px, &M, p, &t1) ); - CHECK_MPI_OK( mp_mulmod(&t0, &t1, p, &M) ); - CHECK_MPI_OK( mp_addmod(&M, &M, p, &t0) ); - CHECK_MPI_OK( mp_addmod(&t0, &M, p, &M) ); - } else { - CHECK_MPI_OK( mp_sqrmod(px, p, &t0) ); - CHECK_MPI_OK( mp_addmod(&t0, &t0, p, &M) ); - CHECK_MPI_OK( mp_addmod(&t0, &M, p, &t0) ); - CHECK_MPI_OK( mp_sqrmod(pz, p, &M) ); - CHECK_MPI_OK( mp_sqrmod(&M, p, &M) ); - CHECK_MPI_OK( mp_mulmod(&M, a, p, &M) ); - CHECK_MPI_OK( mp_addmod(&M, &t0, p, &M) ); - } - - /* rz = 2 * py * pz */ - if (mp_cmp_d(pz, 1) == 0) { - CHECK_MPI_OK( mp_addmod(py, py, p, rz) ); - CHECK_MPI_OK( mp_sqrmod(rz, p, &t0) ); - } else { - CHECK_MPI_OK( mp_addmod(py, py, p, &t0) ); - CHECK_MPI_OK( mp_mulmod(&t0, pz, p, rz) ); - CHECK_MPI_OK( mp_sqrmod(&t0, p, &t0) ); - } - - /* S = 4 * px * py^2 = pz * (2 * py)^2 */ - CHECK_MPI_OK( mp_mulmod(px, &t0, p, &S) ); - - /* rx = M^2 - 2 * S */ - CHECK_MPI_OK( mp_addmod(&S, &S, p, &t1) ); - CHECK_MPI_OK( mp_sqrmod(&M, p, rx) ); - CHECK_MPI_OK( mp_submod(rx, &t1, p, rx) ); - - /* ry = M * (S - rx) - 8 * py^4 */ - CHECK_MPI_OK( mp_sqrmod(&t0, p, &t1) ); - if (mp_isodd(&t1)) { - CHECK_MPI_OK( mp_add(&t1, p, &t1) ); - } - CHECK_MPI_OK( mp_div_2(&t1, &t1) ); - CHECK_MPI_OK( mp_submod(&S, rx, p, &S) ); - CHECK_MPI_OK( mp_mulmod(&M, &S, p, &M) ); - CHECK_MPI_OK( mp_submod(&M, &t1, p, ry) ); - -cleanup: - mp_clear(&t0); - mp_clear(&t1); - mp_clear(&M); - mp_clear(&S); - return err; -} - -/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters - * a, b and p are the elliptic curve coefficients and the prime that - * determines the field GFp. Elliptic curve points P and R can be - * identical. Uses Jacobian coordinates. - */ -mp_err -GFp_ec_pt_mul_jac(const mp_int *p, const mp_int *a, const mp_int *b, - const mp_int *px, const mp_int *py, const mp_int *n, - mp_int *rx, mp_int *ry) -{ - mp_err err = MP_OKAY; - mp_int k, qx, qy, qz, sx, sy, sz; - int i, l; - - MP_DIGITS(&k) = 0; - MP_DIGITS(&qx) = 0; - MP_DIGITS(&qy) = 0; - MP_DIGITS(&qz) = 0; - MP_DIGITS(&sx) = 0; - MP_DIGITS(&sy) = 0; - MP_DIGITS(&sz) = 0; - CHECK_MPI_OK( mp_init(&k) ); - CHECK_MPI_OK( mp_init(&qx) ); - CHECK_MPI_OK( mp_init(&qy) ); - CHECK_MPI_OK( mp_init(&qz) ); - CHECK_MPI_OK( mp_init(&sx) ); - CHECK_MPI_OK( mp_init(&sy) ); - CHECK_MPI_OK( mp_init(&sz) ); - - /* if n = 0 then r = inf */ - if (mp_cmp_z(n) == 0) { - mp_zero(rx); - mp_zero(ry); - err = MP_OKAY; - goto cleanup; - /* if n < 0 then out of range error */ - } else if (mp_cmp_z(n) < 0) { - err = MP_RANGE; - goto cleanup; - } - /* Q = P, k = n */ - CHECK_MPI_OK( mp_copy(px, &qx) ); - CHECK_MPI_OK( mp_copy(py, &qy) ); - CHECK_MPI_OK( mp_set_int(&qz, 1) ); - CHECK_MPI_OK( mp_copy(n, &k) ); - - /* double and add method */ - l = mpl_significant_bits(&k) - 1; - mp_zero(&sx); - mp_zero(&sy); - mp_zero(&sz); - for (i = l; i >= 0; i--) { - /* if k_i = 1, then S = S + Q */ - if (MP_GET_BIT(&k, i) != 0) { - CHECK_MPI_OK( GFp_ec_pt_add_jac(p, a, &sx, &sy, &sz, - &qx, &qy, &qz, &sx, &sy, &sz) ); - } - if (i > 0) { - /* S = 2S */ - CHECK_MPI_OK( GFp_ec_pt_dbl_jac(p, a, &sx, &sy, &sz, - &sx, &sy, &sz) ); - } - } - - /* convert result S to affine coordinates */ - CHECK_MPI_OK( GFp_ec_pt_jac2aff(&sx, &sy, &sz, p, rx, ry) ); - -cleanup: - mp_clear(&k); - mp_clear(&qx); - mp_clear(&qy); - mp_clear(&qz); - mp_clear(&sx); - mp_clear(&sy); - mp_clear(&sz); - return err; -} -#endif /* NSS_ENABLE_ECC */ diff --git a/security/nss/lib/freebl/GFp_ecl.h b/security/nss/lib/freebl/GFp_ecl.h deleted file mode 100644 index 20f596bc2..000000000 --- a/security/nss/lib/freebl/GFp_ecl.h +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#ifndef __gfp_ecl_h_ -#define __gfp_ecl_h_ -#ifdef NSS_ENABLE_ECC - -#include "secmpi.h" - -/* Checks if point P(px, py) is at infinity. Uses affine coordinates. */ -extern mp_err GFp_ec_pt_is_inf_aff(const mp_int *px, const mp_int *py); - -/* Sets P(px, py) to be the point at infinity. Uses affine coordinates. */ -extern mp_err GFp_ec_pt_set_inf_aff(mp_int *px, mp_int *py); - -/* Computes R = P + Q where R is (rx, ry), P is (px, py) and Q is (qx, qy). - * Uses affine coordinates. - */ -extern mp_err GFp_ec_pt_add_aff(const mp_int *p, const mp_int *a, - const mp_int *px, const mp_int *py, const mp_int *qx, const mp_int *qy, - mp_int *rx, mp_int *ry); - -/* Computes R = P - Q. Uses affine coordinates. */ -extern mp_err GFp_ec_pt_sub_aff(const mp_int *p, const mp_int *a, - const mp_int *px, const mp_int *py, const mp_int *qx, const mp_int *qy, - mp_int *rx, mp_int *ry); - -/* Computes R = 2P. Uses affine coordinates. */ -extern mp_err GFp_ec_pt_dbl_aff(const mp_int *p, const mp_int *a, - const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry); - -/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters - * a, b and p are the elliptic curve coefficients and the prime that - * determines the field GFp. Uses affine coordinates. - */ -extern mp_err GFp_ec_pt_mul_aff(const mp_int *p, const mp_int *a, - const mp_int *b, const mp_int *px, const mp_int *py, const mp_int *n, - mp_int *rx, mp_int *ry); - -/* Converts a point P(px, py, pz) from Jacobian projective coordinates to - * affine coordinates R(rx, ry). - */ -extern mp_err GFp_ec_pt_jac2aff(const mp_int *px, const mp_int *py, - const mp_int *pz, const mp_int *p, mp_int *rx, mp_int *ry); - -/* Checks if point P(px, py, pz) is at infinity. Uses Jacobian - * coordinates. - */ -extern mp_err GFp_ec_pt_is_inf_jac(const mp_int *px, const mp_int *py, - const mp_int *pz); - -/* Sets P(px, py, pz) to be the point at infinity. Uses Jacobian - * coordinates. - */ -extern mp_err GFp_ec_pt_set_inf_jac(mp_int *px, mp_int *py, mp_int *pz); - -/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and - * Q is (qx, qy, qz). Uses Jacobian coordinates. - */ -extern mp_err GFp_ec_pt_add_jac(const mp_int *p, const mp_int *a, - const mp_int *px, const mp_int *py, const mp_int *pz, - const mp_int *qx, const mp_int *qy, const mp_int *qz, - mp_int *rx, mp_int *ry, mp_int *rz); - -/* Computes R = 2P. Uses Jacobian coordinates. */ -extern mp_err GFp_ec_pt_dbl_jac(const mp_int *p, const mp_int *a, - const mp_int *px, const mp_int *py, const mp_int *pz, - mp_int *rx, mp_int *ry, mp_int *rz); - -/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters - * a, b and p are the elliptic curve coefficients and the prime that - * determines the field GFp. Uses Jacobian coordinates. - */ -mp_err GFp_ec_pt_mul_jac(const mp_int *p, const mp_int *a, const mp_int *b, - const mp_int *px, const mp_int *py, const mp_int *n, - mp_int *rx, mp_int *ry); - -#define GFp_ec_pt_is_inf(px, py) GFp_ec_pt_is_inf_aff((px), (py)) -#define GFp_ec_pt_add(p, a, px, py, qx, qy, rx, ry) \ - GFp_ec_pt_add_aff((p), (a), (px), (py), (qx), (qy), (rx), (ry)) - -#define GFp_ECL_JACOBIAN -#ifdef GFp_ECL_AFFINE -#define GFp_ec_pt_mul(p, a, b, px, py, n, rx, ry) \ - GFp_ec_pt_mul_aff((p), (a), (b), (px), (py), (n), (rx), (ry)) -#elif defined(GFp_ECL_JACOBIAN) -#define GFp_ec_pt_mul(p, a, b, px, py, n, rx, ry) \ - GFp_ec_pt_mul_jac((p), (a), (b), (px), (py), (n), (rx), (ry)) -#endif /* GFp_ECL_AFFINE or GFp_ECL_JACOBIAN*/ - -#endif /* NSS_ENABLE_ECC */ -#endif /* __gfp_ecl_h_ */ diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile deleted file mode 100644 index eb6e33d78..000000000 --- a/security/nss/lib/freebl/Makefile +++ /dev/null @@ -1,363 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 -# Sun Microsystems, Inc. All Rights Reserved. -# -# Contributor(s): -# Stephen Fung and -# Douglas Stebila , Sun Microsystems -# Laboratories -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - --include config.mk - -ifdef USE_64 - DEFINES += -DNSS_USE_64 -endif - -ifdef USE_HYBRID - DEFINES += -DNSS_USE_HYBRID -endif - -# des.c wants _X86_ defined for intel CPUs. -# coreconf does this for windows, but not for Linux, FreeBSD, etc. -ifeq ($(CPU_ARCH),x86) -ifneq (,$(filter-out WIN%,$(OS_TARGET))) - OS_REL_CFLAGS += -D_X86_ -endif -endif - -ifeq ($(OS_TARGET),OSF1) - DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD - MPI_SRCS += mpvalpha.c -endif - -ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET))) #omits WIN16 and WINCE -ifdef NS_USE_GCC -# Ideally, we want to use assembler -# ASFILES = mpi_x86.s -# DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE \ -# -DMP_ASSEMBLY_DIV_2DX1D -# but we haven't figured out how to make it work, so we are not -# using assembler right now. - ASFILES = - DEFINES += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT -else - ASFILES = mpi_x86.asm - DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D \ - -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD -endif -ifdef BUILD_OPT -ifndef NS_USE_GCC - OPTIMIZER += -Ox # maximum optimization for freebl -endif -endif -endif - -ifeq ($(OS_TARGET),WINCE) - DEFINES += -DMP_ARGCHK=0 # no assert in WinCE - DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512 -endif - -ifdef XP_OS2_VACPP - ASFILES = mpi_x86.asm - DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD -endif - -ifeq ($(OS_TARGET),IRIX) -ifeq ($(USE_N32),1) - ASFILES = mpi_mips.s -ifeq ($(NS_USE_GCC),1) - ASFLAGS = -Wp,-P -Wp,-traditional -O -mips3 -else - ASFLAGS = -O -OPT:Olimit=4000 -dollar -fullwarn -xansi -n32 -mips3 -endif - DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE - DEFINES += -DMP_USE_UINT_DIGIT -else -endif -endif - -ifeq ($(OS_TARGET),Linux) -ifeq ($(CPU_ARCH),x86) - ASFILES = mpi_x86.s - DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D -ifdef NSS_ENABLE_ECC - #enable floating point ECC code - DEFINES += -DECL_USE_FP - ECL_SRCS += ecp_fp160.c ecp_fp192.c ecp_fp224.c ecp_fp.c - ECL_HDRS += ecp_fp.h -endif -endif -endif - -ifeq ($(OS_TARGET),AIX) -DEFINES += -DMP_USE_UINT_DIGIT -ifndef USE_64 -DEFINES += -DMP_NO_DIV_WORD -DMP_NO_ADD_WORD -DMP_NO_SUB_WORD -endif -endif - -ifeq ($(OS_TARGET), HP-UX) -ifneq ($(OS_TEST), ia64) -MKSHLIB += +k +vshlibunsats -u FREEBL_GetVector +e FREEBL_GetVector -ifndef FREEBL_EXTENDED_BUILD -ifdef USE_PURE_32 -# build for DA1.1 (HP PA 1.1) pure 32 bit model - DEFINES += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD - DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512 -else -ifdef USE_64 -# this builds for DA2.0W (HP PA 2.0 Wide), the LP64 ABI, using 32-bit digits - MPI_SRCS += mpi_hp.c - ASFILES += hpma512.s hppa20.s - DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -else -# this builds for DA2.0 (HP PA 2.0 Narrow) hybrid model -# (the 32-bit ABI with 64-bit registers) using 32-bit digits - MPI_SRCS += mpi_hp.c - ASFILES += hpma512.s hppa20.s - DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -# This is done in coreconf by defining USE_LONG_LONGS -# OS_CFLAGS += -Aa +e +DA2.0 +DS2.0 -endif -endif -endif -endif -endif - -# Note: -xarch=v8 or v9 is now done in coreconf -ifeq ($(OS_TARGET),SunOS) -ifeq ($(CPU_ARCH),sparc) -ifndef NS_USE_GCC -ifdef USE_HYBRID - OS_CFLAGS += -xchip=ultra2 -endif -endif -ifeq (5.5.1,$(firstword $(sort 5.5.1 $(OS_RELEASE)))) - SYSV_SPARC = 1 -endif -ifeq ($(SYSV_SPARC),1) -SOLARIS_AS = /usr/ccs/bin/as -ifdef NS_USE_GCC -ifdef GCC_USE_GNU_LD -MKSHLIB += -Wl,-Bsymbolic,-z,defs,-z,now,-z,text,--version-script,mapfile.Solaris -else -MKSHLIB += -Wl,-B,symbolic,-z,defs,-z,now,-z,text,-M,mapfile.Solaris -endif -else -MKSHLIB += -B symbolic -z defs -z now -z text -M mapfile.Solaris -endif -ifdef USE_PURE_32 -# this builds for Sparc v8 pure 32-bit architecture - DEFINES += -DMP_USE_LONG_LONG_MULTIPLY -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD - DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512 -else -ifdef USE_64 -# this builds for Sparc v9a pure 64-bit architecture - MPI_SRCS += mpi_sparc.c - ASFILES = mpv_sparcv9.s montmulfv9.s - DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_USING_MONT_MULF - DEFINES += -DMP_USE_UINT_DIGIT -# MPI_SRCS += mpv_sparc.c -# removed -xdepend from the following line - SOLARIS_FLAGS = -fast -xO5 -xrestrict=%all -xchip=ultra -xarch=v9a -KPIC -mt - SOLARIS_AS_FLAGS = -xarch=v9a -K PIC -else -# this builds for Sparc v8+a hybrid architecture, 64-bit registers, 32-bit ABI - MPI_SRCS += mpi_sparc.c - ASFILES = mpv_sparcv8.s montmulfv8.s - DEFINES += -DMP_NO_MP_WORD -DMP_ASSEMBLY_MULTIPLY -DMP_USING_MONT_MULF - DEFINES += -DMP_USE_UINT_DIGIT - SOLARIS_AS_FLAGS = -xarch=v8plusa -K PIC -# ASM_SUFFIX = .S -endif -endif -ifdef NSS_ENABLE_ECC -DEFINES += -DECL_USE_FP -ECL_SRCS += ecp_fp160.c ecp_fp192.c ecp_fp224.c ecp_fp.c -ECL_HDRS += ecp_fp.h -endif -endif -else -# Solaris x86 - DEFINES += -D_X86_ - DEFINES += -DMP_USE_UINT_DIGIT - DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D - ASFILES = mpi_i86pc.s -ifdef NS_USE_GCC - LD = gcc - AS = gcc - ASFLAGS = -endif - -endif -endif - -$(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c mac_rand.c os2_rand.c - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -export:: private_export - -rijndael_tables: - $(CC) -o $(OBJDIR)/make_rijndael_tab rijndael_tables.c \ - $(DEFINES) $(INCLUDES) $(OBJDIR)/libfreebl.a - $(OBJDIR)/make_rijndael_tab - -ifdef USE_PURE_32 -vpath %.h $(FREEBL_PARENT)/ecl $(FREEBL_PARENT)/mpi $(FREEBL_PARENT) -vpath %.c $(FREEBL_PARENT)/ecl $(FREEBL_PARENT)/mpi $(FREEBL_PARENT) -vpath %.S $(FREEBL_PARENT)/ecl $(FREEBL_PARENT)/mpi $(FREEBL_PARENT) -vpath %.s $(FREEBL_PARENT)/ecl $(FREEBL_PARENT)/mpi $(FREEBL_PARENT) -vpath %.asm $(FREEBL_PARENT)/ecl $(FREEBL_PARENT)/mpi $(FREEBL_PARENT) -INCLUDES += -I$(FREEBL_PARENT) -I$(FREEBL_PARENT)/mpi -I$(FREEBL_PARENT)/ecl -else -vpath %.h mpi ecl -vpath %.c mpi ecl -vpath %.S mpi ecl -vpath %.s mpi ecl -vpath %.asm mpi ecl -INCLUDES += -Impi -Iecl -endif - - -DEFINES += -DMP_API_COMPATIBLE - -MPI_USERS = dh.c pqg.c dsa.c rsa.c ec.c - -MPI_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_SRCS:.c=$(OBJ_SUFFIX))) -MPI_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_USERS:.c=$(OBJ_SUFFIX))) - -ECL_USERS = ec.c - -ECL_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_SRCS:.c=$(OBJ_SUFFIX)) $(ECL_ASM_SRCS:$(ASM_SUFFIX)=$(OBJ_SUFFIX))) -ECL_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_USERS:.c=$(OBJ_SUFFIX))) - -$(MPI_OBJS): $(MPI_HDRS) - -$(ECL_OBJS): $(ECL_HDRS) - -$(OBJDIR)/$(PROG_PREFIX)mpprime$(OBJ_SUFFIX): primes.c - -$(OBJDIR)/ldvector$(OBJ_SUFFIX) $(OBJDIR)/loader$(OBJ_SUFFIX) : loader.h - -ifeq ($(SYSV_SPARC),1) - -$(OBJDIR)/mpv_sparcv8.o $(OBJDIR)/montmulfv8.o : $(OBJDIR)/%.o : %.s - @$(MAKE_OBJDIR) - $(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $< - -$(OBJDIR)/mpv_sparcv9.o $(OBJDIR)/montmulfv9.o : $(OBJDIR)/%.o : %.s - @$(MAKE_OBJDIR) - $(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $< - -$(OBJDIR)/mpmontg.o: mpmontg.c montmulf.h - -endif - -ifdef FREEBL_EXTENDED_BUILD - -PURE32DIR = $(OBJDIR)/$(OS_TARGET)pure32 -ALL_TRASH += $(PURE32DIR) - -FILES2LN = \ - $(wildcard *.tab) \ - $(wildcard mapfile.*) \ - Makefile manifest.mn config.mk - -LINKEDFILES = $(addprefix $(PURE32DIR)/, $(FILES2LN)) - -CDDIR := $(shell pwd) - -$(PURE32DIR): - -mkdir $(PURE32DIR) - -ln -s $(CDDIR)/mpi $(PURE32DIR) - -$(LINKEDFILES) : $(PURE32DIR)/% : % - ln -s $(CDDIR)/$* $(PURE32DIR) - -libs:: - $(MAKE) FREEBL_RECURSIVE_BUILD=1 USE_HYBRID=1 libs - -libs:: $(PURE32DIR) $(LINKEDFILES) - cd $(PURE32DIR) && $(MAKE) FREEBL_RECURSIVE_BUILD=1 USE_PURE_32=1 FREEBL_PARENT=$(CDDIR) CORE_DEPTH=$(CDDIR)/$(CORE_DEPTH) libs - -release_md:: - $(MAKE) FREEBL_RECURSIVE_BUILD=1 USE_HYBRID=1 $@ - cd $(PURE32DIR) && $(MAKE) FREEBL_RECURSIVE_BUILD=1 USE_PURE_32=1 FREEBL_PARENT=$(CDDIR) CORE_DEPTH=$(CDDIR)/$(CORE_DEPTH) $@ - -endif - -# Bugzilla Bug 209827: disable optimization to work around what appears -# to be a VACPP optimizer bug. -ifdef XP_OS2_VACPP -$(OBJDIR)/alg2268.obj: alg2268.c - @$(MAKE_OBJDIR) - $(CC) -Fo$@ -c $(filter-out /O+, $(CFLAGS)) $(call abspath,$<) -endif diff --git a/security/nss/lib/freebl/aeskeywrap.c b/security/nss/lib/freebl/aeskeywrap.c deleted file mode 100644 index 2f287e920..000000000 --- a/security/nss/lib/freebl/aeskeywrap.c +++ /dev/null @@ -1,383 +0,0 @@ -/* - * aeskeywrap.c - implement AES Key Wrap algorithm from RFC 3394 - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2002, 2003 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#include "prcpucfg.h" -#if defined(IS_LITTLE_ENDIAN) || defined(SHA_NO_LONG_LONG) -#define BIG_ENDIAN_WITH_64_BIT_REGISTERS 0 -#else -#define BIG_ENDIAN_WITH_64_BIT_REGISTERS 1 -#endif -#include "prtypes.h" /* for PRUintXX */ -#include "secport.h" /* for PORT_XXX */ -#include "secerr.h" -#include "blapi.h" /* for AES_ functions */ - - -struct AESKeyWrapContextStr { - AESContext * aescx; - unsigned char iv[AES_KEY_WRAP_IV_BYTES]; -}; - -/******************************************/ -/* -** AES key wrap algorithm, RFC 3394 -*/ - -/* -** Create a new AES context suitable for AES encryption/decryption. -** "key" raw key data -** "keylen" the number of bytes of key data (16, 24, or 32) -*/ -extern AESKeyWrapContext * -AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv, - int encrypt, unsigned int keylen) -{ - AESKeyWrapContext * cx = PORT_ZNew(AESKeyWrapContext); - if (!cx) - return NULL; /* error is already set */ - cx->aescx = AES_CreateContext(key, NULL, NSS_AES, encrypt, keylen, - AES_BLOCK_SIZE); - if (!cx->aescx) { - PORT_Free(cx); - return NULL; /* error should already be set */ - } - if (iv) { - memcpy(cx->iv, iv, AES_KEY_WRAP_IV_BYTES); - } else { - memset(cx->iv, 0xA6, AES_KEY_WRAP_IV_BYTES); - } - return cx; -} - -/* -** Destroy a AES KeyWrap context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void -AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit) -{ - if (cx) { - if (cx->aescx) - AES_DestroyContext(cx->aescx, PR_TRUE); - memset(cx, 0, sizeof *cx); - if (freeit) - PORT_Free(cx); - } -} - -#if !BIG_ENDIAN_WITH_64_BIT_REGISTERS - -/* The AES Key Wrap algorithm has 64-bit values that are ALWAYS big-endian -** (Most significant byte first) in memory. The only ALU operations done -** on them are increment, decrement, and XOR. So, on little-endian CPUs, -** and on CPUs that lack 64-bit registers, these big-endian 64-bit operations -** are simulated in the following code. This is thought to be faster and -** simpler than trying to convert the data to little-endian and back. -*/ - -/* A and T point to two 64-bit values stored most signficant byte first -** (big endian). This function increments the 64-bit value T, and then -** XORs it with A, changing A. -*/ -static void -increment_and_xor(unsigned char *A, unsigned char *T) -{ - if (!++T[7]) - if (!++T[6]) - if (!++T[5]) - if (!++T[4]) - if (!++T[3]) - if (!++T[2]) - if (!++T[1]) - ++T[0]; - - A[0] ^= T[0]; - A[1] ^= T[1]; - A[2] ^= T[2]; - A[3] ^= T[3]; - A[4] ^= T[4]; - A[5] ^= T[5]; - A[6] ^= T[6]; - A[7] ^= T[7]; -} - -/* A and T point to two 64-bit values stored most signficant byte first -** (big endian). This function XORs T with A, giving a new A, then -** decrements the 64-bit value T. -*/ -static void -xor_and_decrement(unsigned char *A, unsigned char *T) -{ - A[0] ^= T[0]; - A[1] ^= T[1]; - A[2] ^= T[2]; - A[3] ^= T[3]; - A[4] ^= T[4]; - A[5] ^= T[5]; - A[6] ^= T[6]; - A[7] ^= T[7]; - - if (!T[7]--) - if (!T[6]--) - if (!T[5]--) - if (!T[4]--) - if (!T[3]--) - if (!T[2]--) - if (!T[1]--) - T[0]--; - -} - -/* Given an unsigned long t (in host byte order), store this value as a -** 64-bit big-endian value (MSB first) in *pt. -*/ -static void -set_t(unsigned char *pt, unsigned long t) -{ - pt[7] = (unsigned char)t; t >>= 8; - pt[6] = (unsigned char)t; t >>= 8; - pt[5] = (unsigned char)t; t >>= 8; - pt[4] = (unsigned char)t; t >>= 8; - pt[3] = (unsigned char)t; t >>= 8; - pt[2] = (unsigned char)t; t >>= 8; - pt[1] = (unsigned char)t; t >>= 8; - pt[0] = (unsigned char)t; -} - -#endif - -/* -** Perform AES key wrap. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus -AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output, - unsigned int *pOutputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - PRUint64 * R = NULL; - unsigned int nBlocks; - unsigned int i, j; - unsigned int aesLen = AES_BLOCK_SIZE; - unsigned int outLen = inputLen + AES_KEY_WRAP_BLOCK_SIZE; - SECStatus s = SECFailure; - /* These PRUint64s are ALWAYS big endian, regardless of CPU orientation. */ - PRUint64 t; - PRUint64 B[2]; - -#define A B[0] - - /* Check args */ - if (!inputLen || 0 != inputLen % AES_KEY_WRAP_BLOCK_SIZE) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - return s; - } -#ifdef maybe - if (!output && pOutputLen) { /* caller is asking for output size */ - *pOutputLen = outLen; - return SECSuccess; - } -#endif - if (maxOutputLen < outLen) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return s; - } - if (cx == NULL || output == NULL || input == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return s; - } - nBlocks = inputLen / AES_KEY_WRAP_BLOCK_SIZE; - R = PORT_NewArray(PRUint64, nBlocks + 1); - if (!R) - return s; /* error is already set. */ - /* - ** 1) Initialize variables. - */ - memcpy(&A, cx->iv, AES_KEY_WRAP_IV_BYTES); - memcpy(&R[1], input, inputLen); -#if BIG_ENDIAN_WITH_64_BIT_REGISTERS - t = 0; -#else - memset(&t, 0, sizeof t); -#endif - /* - ** 2) Calculate intermediate values. - */ - for (j = 0; j < 6; ++j) { - for (i = 1; i <= nBlocks; ++i) { - B[1] = R[i]; - s = AES_Encrypt(cx->aescx, (unsigned char *)B, &aesLen, - sizeof B, (unsigned char *)B, sizeof B); - if (s != SECSuccess) - break; - R[i] = B[1]; - /* here, increment t and XOR A with t (in big endian order); */ -#if BIG_ENDIAN_WITH_64_BIT_REGISTERS - A ^= ++t; -#else - increment_and_xor((unsigned char *)&A, (unsigned char *)&t); -#endif - } - } - /* - ** 3) Output the results. - */ - if (s == SECSuccess) { - R[0] = A; - memcpy(output, &R[0], outLen); - if (pOutputLen) - *pOutputLen = outLen; - } else if (pOutputLen) { - *pOutputLen = 0; - } - PORT_ZFree(R, outLen); - return s; -} -#undef A - -/* -** Perform AES key unwrap. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus -AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output, - unsigned int *pOutputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - PRUint64 * R = NULL; - unsigned int nBlocks; - unsigned int i, j; - unsigned int aesLen = AES_BLOCK_SIZE; - unsigned int outLen; - SECStatus s = SECFailure; - /* These PRUint64s are ALWAYS big endian, regardless of CPU orientation. */ - PRUint64 t; - PRUint64 B[2]; - -#define A B[0] - - /* Check args */ - if (inputLen < 3 * AES_KEY_WRAP_BLOCK_SIZE || - 0 != inputLen % AES_KEY_WRAP_BLOCK_SIZE) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - return s; - } - outLen = inputLen - AES_KEY_WRAP_BLOCK_SIZE; -#ifdef maybe - if (!output && pOutputLen) { /* caller is asking for output size */ - *pOutputLen = outLen; - return SECSuccess; - } -#endif - if (maxOutputLen < outLen) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return s; - } - if (cx == NULL || output == NULL || input == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return s; - } - nBlocks = inputLen / AES_KEY_WRAP_BLOCK_SIZE; - R = PORT_NewArray(PRUint64, nBlocks); - if (!R) - return s; /* error is already set. */ - nBlocks--; - /* - ** 1) Initialize variables. - */ - memcpy(&R[0], input, inputLen); - A = R[0]; -#if BIG_ENDIAN_WITH_64_BIT_REGISTERS - t = 6UL * nBlocks; -#else - set_t((unsigned char *)&t, 6UL * nBlocks); -#endif - /* - ** 2) Calculate intermediate values. - */ - for (j = 0; j < 6; ++j) { - for (i = nBlocks; i; --i) { - /* here, XOR A with t (in big endian order) and decrement t; */ -#if BIG_ENDIAN_WITH_64_BIT_REGISTERS - A ^= t--; -#else - xor_and_decrement((unsigned char *)&A, (unsigned char *)&t); -#endif - B[1] = R[i]; - s = AES_Decrypt(cx->aescx, (unsigned char *)B, &aesLen, - sizeof B, (unsigned char *)B, sizeof B); - if (s != SECSuccess) - break; - R[i] = B[1]; - } - } - /* - ** 3) Output the results. - */ - if (s == SECSuccess) { - int bad = memcmp(&A, cx->iv, AES_KEY_WRAP_IV_BYTES); - if (!bad) { - memcpy(output, &R[1], outLen); - if (pOutputLen) - *pOutputLen = outLen; - } else { - PORT_SetError(SEC_ERROR_BAD_DATA); - if (pOutputLen) - *pOutputLen = 0; - } - } else if (pOutputLen) { - *pOutputLen = 0; - } - PORT_ZFree(R, inputLen); - return s; -} -#undef A diff --git a/security/nss/lib/freebl/alg2268.c b/security/nss/lib/freebl/alg2268.c deleted file mode 100644 index 2a5ec5695..000000000 --- a/security/nss/lib/freebl/alg2268.c +++ /dev/null @@ -1,493 +0,0 @@ -/* - * alg2268.c - implementation of the algorithm in RFC 2268 - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - - -#include "blapi.h" -#include "secerr.h" -#ifdef XP_UNIX_XXX -#include /* for ptrdiff_t */ -#endif - -/* -** RC2 symmetric block cypher -*/ - -typedef SECStatus (rc2Func)(RC2Context *cx, unsigned char *output, - const unsigned char *input, unsigned int inputLen); - -/* forward declarations */ -static rc2Func rc2_EncryptECB; -static rc2Func rc2_DecryptECB; -static rc2Func rc2_EncryptCBC; -static rc2Func rc2_DecryptCBC; - -typedef union { - PRUint32 l[2]; - PRUint16 s[4]; - PRUint8 b[8]; -} RC2Block; - -struct RC2ContextStr { - union { - PRUint8 Kb[128]; - PRUint16 Kw[64]; - } u; - RC2Block iv; - rc2Func *enc; - rc2Func *dec; -}; - -#define B u.Kb -#define K u.Kw -#define BYTESWAP(x) ((x) << 8 | (x) >> 8) -#define SWAPK(i) cx->K[i] = (tmpS = cx->K[i], BYTESWAP(tmpS)) -#define RC2_BLOCK_SIZE 8 - -#define LOAD_HARD(R) \ - R[0] = (PRUint16)input[1] << 8 | input[0]; \ - R[1] = (PRUint16)input[3] << 8 | input[2]; \ - R[2] = (PRUint16)input[5] << 8 | input[4]; \ - R[3] = (PRUint16)input[7] << 8 | input[6]; -#define LOAD_EASY(R) \ - R[0] = ((PRUint16 *)input)[0]; \ - R[1] = ((PRUint16 *)input)[1]; \ - R[2] = ((PRUint16 *)input)[2]; \ - R[3] = ((PRUint16 *)input)[3]; -#define STORE_HARD(R) \ - output[0] = (PRUint8)(R[0]); output[1] = (PRUint8)(R[0] >> 8); \ - output[2] = (PRUint8)(R[1]); output[3] = (PRUint8)(R[1] >> 8); \ - output[4] = (PRUint8)(R[2]); output[5] = (PRUint8)(R[2] >> 8); \ - output[6] = (PRUint8)(R[3]); output[7] = (PRUint8)(R[3] >> 8); -#define STORE_EASY(R) \ - ((PRUint16 *)output)[0] = R[0]; \ - ((PRUint16 *)output)[1] = R[1]; \ - ((PRUint16 *)output)[2] = R[2]; \ - ((PRUint16 *)output)[3] = R[3]; - -#if defined (_X86_) -#define LOAD(R) LOAD_EASY(R) -#define STORE(R) STORE_EASY(R) -#elif !defined(IS_LITTLE_ENDIAN) -#define LOAD(R) LOAD_HARD(R) -#define STORE(R) STORE_HARD(R) -#else -#define LOAD(R) if ((ptrdiff_t)input & 1) { LOAD_HARD(R) } else { LOAD_EASY(R) } -#define STORE(R) if ((ptrdiff_t)input & 1) { STORE_HARD(R) } else { STORE_EASY(R) } -#endif - -static const PRUint8 S[256] = { -0331,0170,0371,0304,0031,0335,0265,0355,0050,0351,0375,0171,0112,0240,0330,0235, -0306,0176,0067,0203,0053,0166,0123,0216,0142,0114,0144,0210,0104,0213,0373,0242, -0027,0232,0131,0365,0207,0263,0117,0023,0141,0105,0155,0215,0011,0201,0175,0062, -0275,0217,0100,0353,0206,0267,0173,0013,0360,0225,0041,0042,0134,0153,0116,0202, -0124,0326,0145,0223,0316,0140,0262,0034,0163,0126,0300,0024,0247,0214,0361,0334, -0022,0165,0312,0037,0073,0276,0344,0321,0102,0075,0324,0060,0243,0074,0266,0046, -0157,0277,0016,0332,0106,0151,0007,0127,0047,0362,0035,0233,0274,0224,0103,0003, -0370,0021,0307,0366,0220,0357,0076,0347,0006,0303,0325,0057,0310,0146,0036,0327, -0010,0350,0352,0336,0200,0122,0356,0367,0204,0252,0162,0254,0065,0115,0152,0052, -0226,0032,0322,0161,0132,0025,0111,0164,0113,0237,0320,0136,0004,0030,0244,0354, -0302,0340,0101,0156,0017,0121,0313,0314,0044,0221,0257,0120,0241,0364,0160,0071, -0231,0174,0072,0205,0043,0270,0264,0172,0374,0002,0066,0133,0045,0125,0227,0061, -0055,0135,0372,0230,0343,0212,0222,0256,0005,0337,0051,0020,0147,0154,0272,0311, -0323,0000,0346,0317,0341,0236,0250,0054,0143,0026,0001,0077,0130,0342,0211,0251, -0015,0070,0064,0033,0253,0063,0377,0260,0273,0110,0014,0137,0271,0261,0315,0056, -0305,0363,0333,0107,0345,0245,0234,0167,0012,0246,0040,0150,0376,0177,0301,0255 -}; - -/* -** Create a new RC2 context suitable for RC2 encryption/decryption. -** "key" raw key data -** "len" the number of bytes of key data -** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC) -** "mode" one of NSS_RC2 or NSS_RC2_CBC -** "effectiveKeyLen" in bytes, not bits. -** -** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block -** chaining" mode. -*/ -RC2Context * -RC2_CreateContext(const unsigned char *key, unsigned int len, - const unsigned char *input, int mode, unsigned efLen8) -{ - RC2Context *cx; - PRUint8 *L,*L2; - int i; -#if !defined(IS_LITTLE_ENDIAN) - PRUint16 tmpS; -#endif - PRUint8 tmpB; - - if (!key || len == 0 || len > (sizeof cx->B) || efLen8 > (sizeof cx->B)) { - return NULL; - } - if (mode == NSS_RC2) { - /* groovy */ - } else if (mode == NSS_RC2_CBC) { - if (!input) { - return NULL; /* not groovy */ - } - } else { - return NULL; - } - - cx = PORT_ZNew(RC2Context); - if (!cx) - return cx; - - if (mode == NSS_RC2_CBC) { - cx->enc = & rc2_EncryptCBC; - cx->dec = & rc2_DecryptCBC; - LOAD(cx->iv.s); - } else { - cx->enc = & rc2_EncryptECB; - cx->dec = & rc2_DecryptECB; - } - - /* Step 0. Copy key into table. */ - memcpy(cx->B, key, len); - - /* Step 1. Compute all values to the right of the key. */ - L2 = cx->B; - L = L2 + len; - tmpB = L[-1]; - for (i = (sizeof cx->B) - len; i > 0; --i) { - *L++ = tmpB = S[ (PRUint8)(tmpB + *L2++) ]; - } - - /* step 2. Adjust left most byte of effective key. */ - i = (sizeof cx->B) - efLen8; - L = cx->B + i; - *L = tmpB = S[*L]; /* mask is always 0xff */ - - /* step 3. Recompute all values to the left of effective key. */ - L2 = --L + efLen8; - while(L >= cx->B) { - *L-- = tmpB = S[ tmpB ^ *L2-- ]; - } - -#if !defined(IS_LITTLE_ENDIAN) - for (i = 63; i >= 0; --i) { - SWAPK(i); /* candidate for unrolling */ - } -#endif - return cx; -} - -/* -** Destroy an RC2 encryption/decryption context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -void -RC2_DestroyContext(RC2Context *cx, PRBool freeit) -{ - if (cx) { - memset(cx, 0, sizeof *cx); - if (freeit) { - PORT_Free(cx); - } - } -} - -#define ROL(x,k) (x << k | x >> (16-k)) -#define MIX(j) \ - R0 = R0 + cx->K[ 4*j+0] + (R3 & R2) + (~R3 & R1); R0 = ROL(R0,1);\ - R1 = R1 + cx->K[ 4*j+1] + (R0 & R3) + (~R0 & R2); R1 = ROL(R1,2);\ - R2 = R2 + cx->K[ 4*j+2] + (R1 & R0) + (~R1 & R3); R2 = ROL(R2,3);\ - R3 = R3 + cx->K[ 4*j+3] + (R2 & R1) + (~R2 & R0); R3 = ROL(R3,5) -#define MASH \ - R0 = R0 + cx->K[R3 & 63];\ - R1 = R1 + cx->K[R0 & 63];\ - R2 = R2 + cx->K[R1 & 63];\ - R3 = R3 + cx->K[R2 & 63] - -/* Encrypt one block */ -static void -rc2_Encrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input) -{ - register PRUint16 R0, R1, R2, R3; - - /* step 1. Initialize input. */ - R0 = input->s[0]; - R1 = input->s[1]; - R2 = input->s[2]; - R3 = input->s[3]; - - /* step 2. Expand Key (already done, in context) */ - /* step 3. j = 0 */ - /* step 4. Perform 5 mixing rounds. */ - - MIX(0); - MIX(1); - MIX(2); - MIX(3); - MIX(4); - - /* step 5. Perform 1 mashing round. */ - MASH; - - /* step 6. Perform 6 mixing rounds. */ - - MIX(5); - MIX(6); - MIX(7); - MIX(8); - MIX(9); - MIX(10); - - /* step 7. Perform 1 mashing round. */ - MASH; - - /* step 8. Perform 5 mixing rounds. */ - - MIX(11); - MIX(12); - MIX(13); - MIX(14); - MIX(15); - - /* output results */ - output->s[0] = R0; - output->s[1] = R1; - output->s[2] = R2; - output->s[3] = R3; -} - -#define ROR(x,k) (x >> k | x << (16-k)) -#define R_MIX(j) \ - R3 = ROR(R3,5); R3 = R3 - cx->K[ 4*j+3] - (R2 & R1) - (~R2 & R0); \ - R2 = ROR(R2,3); R2 = R2 - cx->K[ 4*j+2] - (R1 & R0) - (~R1 & R3); \ - R1 = ROR(R1,2); R1 = R1 - cx->K[ 4*j+1] - (R0 & R3) - (~R0 & R2); \ - R0 = ROR(R0,1); R0 = R0 - cx->K[ 4*j+0] - (R3 & R2) - (~R3 & R1) -#define R_MASH \ - R3 = R3 - cx->K[R2 & 63];\ - R2 = R2 - cx->K[R1 & 63];\ - R1 = R1 - cx->K[R0 & 63];\ - R0 = R0 - cx->K[R3 & 63] - -/* Encrypt one block */ -static void -rc2_Decrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input) -{ - register PRUint16 R0, R1, R2, R3; - - /* step 1. Initialize input. */ - R0 = input->s[0]; - R1 = input->s[1]; - R2 = input->s[2]; - R3 = input->s[3]; - - /* step 2. Expand Key (already done, in context) */ - /* step 3. j = 63 */ - /* step 4. Perform 5 r_mixing rounds. */ - R_MIX(15); - R_MIX(14); - R_MIX(13); - R_MIX(12); - R_MIX(11); - - /* step 5. Perform 1 r_mashing round. */ - R_MASH; - - /* step 6. Perform 6 r_mixing rounds. */ - R_MIX(10); - R_MIX(9); - R_MIX(8); - R_MIX(7); - R_MIX(6); - R_MIX(5); - - /* step 7. Perform 1 r_mashing round. */ - R_MASH; - - /* step 8. Perform 5 r_mixing rounds. */ - R_MIX(4); - R_MIX(3); - R_MIX(2); - R_MIX(1); - R_MIX(0); - - /* output results */ - output->s[0] = R0; - output->s[1] = R1; - output->s[2] = R2; - output->s[3] = R3; -} - -static SECStatus -rc2_EncryptECB(RC2Context *cx, unsigned char *output, - const unsigned char *input, unsigned int inputLen) -{ - RC2Block iBlock; - - while (inputLen > 0) { - LOAD(iBlock.s) - rc2_Encrypt1Block(cx, &iBlock, &iBlock); - STORE(iBlock.s) - output += RC2_BLOCK_SIZE; - input += RC2_BLOCK_SIZE; - inputLen -= RC2_BLOCK_SIZE; - } - return SECSuccess; -} - -static SECStatus -rc2_DecryptECB(RC2Context *cx, unsigned char *output, - const unsigned char *input, unsigned int inputLen) -{ - RC2Block iBlock; - - while (inputLen > 0) { - LOAD(iBlock.s) - rc2_Decrypt1Block(cx, &iBlock, &iBlock); - STORE(iBlock.s) - output += RC2_BLOCK_SIZE; - input += RC2_BLOCK_SIZE; - inputLen -= RC2_BLOCK_SIZE; - } - return SECSuccess; -} - -static SECStatus -rc2_EncryptCBC(RC2Context *cx, unsigned char *output, - const unsigned char *input, unsigned int inputLen) -{ - RC2Block iBlock; - - while (inputLen > 0) { - - LOAD(iBlock.s) - iBlock.l[0] ^= cx->iv.l[0]; - iBlock.l[1] ^= cx->iv.l[1]; - rc2_Encrypt1Block(cx, &iBlock, &iBlock); - cx->iv = iBlock; - STORE(iBlock.s) - output += RC2_BLOCK_SIZE; - input += RC2_BLOCK_SIZE; - inputLen -= RC2_BLOCK_SIZE; - } - return SECSuccess; -} - -static SECStatus -rc2_DecryptCBC(RC2Context *cx, unsigned char *output, - const unsigned char *input, unsigned int inputLen) -{ - RC2Block iBlock; - RC2Block oBlock; - - while (inputLen > 0) { - LOAD(iBlock.s) - rc2_Decrypt1Block(cx, &oBlock, &iBlock); - oBlock.l[0] ^= cx->iv.l[0]; - oBlock.l[1] ^= cx->iv.l[1]; - cx->iv = iBlock; - STORE(oBlock.s) - output += RC2_BLOCK_SIZE; - input += RC2_BLOCK_SIZE; - inputLen -= RC2_BLOCK_SIZE; - } - return SECSuccess; -} - - -/* -** Perform RC2 encryption. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - SECStatus rv = SECSuccess; - if (inputLen) { - if (inputLen % RC2_BLOCK_SIZE) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - return SECFailure; - } - if (maxOutputLen < inputLen) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; - } - rv = (*cx->enc)(cx, output, input, inputLen); - } - if (rv == SECSuccess) { - *outputLen = inputLen; - } - return rv; -} - -/* -** Perform RC2 decryption. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - SECStatus rv = SECSuccess; - if (inputLen) { - if (inputLen % RC2_BLOCK_SIZE) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - return SECFailure; - } - if (maxOutputLen < inputLen) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; - } - rv = (*cx->dec)(cx, output, input, inputLen); - } - if (rv == SECSuccess) { - *outputLen = inputLen; - } - return rv; -} - diff --git a/security/nss/lib/freebl/arcfive.c b/security/nss/lib/freebl/arcfive.c deleted file mode 100644 index 64e120361..000000000 --- a/security/nss/lib/freebl/arcfive.c +++ /dev/null @@ -1,114 +0,0 @@ -/* - * arcfive.c - stubs for RC5 - NOT a working implementation! - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#include "blapi.h" -#include "prerror.h" - -/******************************************/ -/* -** RC5 symmetric block cypher -- 64-bit block size -*/ - -/* -** Create a new RC5 context suitable for RC5 encryption/decryption. -** "key" raw key data -** "len" the number of bytes of key data -** "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC) -** "mode" one of NSS_RC5 or NSS_RC5_CBC -** -** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block -** chaining" mode. -*/ -RC5Context * -RC5_CreateContext(const SECItem *key, unsigned int rounds, - unsigned int wordSize, const unsigned char *iv, int mode) -{ - PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); - return NULL; -} - -/* -** Destroy an RC5 encryption/decryption context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -void -RC5_DestroyContext(RC5Context *cx, PRBool freeit) -{ - PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); -} - -/* -** Perform RC5 encryption. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -SECStatus -RC5_Encrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); - return SECFailure; -} - -/* -** Perform RC5 decryption. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -SECStatus -RC5_Decrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); - return SECFailure; -} - diff --git a/security/nss/lib/freebl/arcfour.c b/security/nss/lib/freebl/arcfour.c deleted file mode 100644 index 0a5a72267..000000000 --- a/security/nss/lib/freebl/arcfour.c +++ /dev/null @@ -1,593 +0,0 @@ -/* arcfour.c - the arc four algorithm. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* See NOTES ON UMRs, Unititialized Memory Reads, below. */ - -#include "prerr.h" -#include "secerr.h" - -#include "prtypes.h" -#include "blapi.h" - -/* Architecture-dependent defines */ - -#if defined(SOLARIS) || defined(HPUX) || defined(i386) || defined(IRIX) -/* Convert the byte-stream to a word-stream */ -#define CONVERT_TO_WORDS -#endif - -#if defined(AIX) || defined(OSF1) -/* Treat array variables as longs, not bytes */ -#define USE_LONG -#endif - -#if defined(_WIN32_WCE) -#undef WORD -#define WORD ARC4WORD -#endif - -#if defined(NSS_USE_HYBRID) && !defined(SOLARIS) && !defined(NSS_USE_64) -typedef unsigned long long WORD; -#else -typedef unsigned long WORD; -#endif -#define WORDSIZE sizeof(WORD) - -#ifdef USE_LONG -typedef unsigned long Stype; -#else -typedef PRUint8 Stype; -#endif - -#define ARCFOUR_STATE_SIZE 256 - -#define MASK1BYTE (WORD)(0xff) - -#define SWAP(a, b) \ - tmp = a; \ - a = b; \ - b = tmp; - -/* - * State information for stream cipher. - */ -struct RC4ContextStr -{ - Stype S[ARCFOUR_STATE_SIZE]; - PRUint8 i; - PRUint8 j; -}; - -/* - * array indices [0..255] to initialize cx->S array (faster than loop). - */ -static const Stype Kinit[256] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, - 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, - 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, - 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, - 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, - 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, - 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, - 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, - 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, - 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, - 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, - 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, - 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, - 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, - 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff -}; - -/* - * Initialize a new generator. - */ -RC4Context * -RC4_CreateContext(const unsigned char *key, int len) -{ - int i; - PRUint8 j, tmp; - RC4Context *cx; - PRUint8 K[256]; - PRUint8 *L; - /* verify the key length. */ - PORT_Assert(len > 0 && len < ARCFOUR_STATE_SIZE); - if (len < 0 || len >= ARCFOUR_STATE_SIZE) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - /* Create space for the context. */ - cx = (RC4Context *)PORT_ZAlloc(sizeof(RC4Context)); - if (cx == NULL) { - PORT_SetError(PR_OUT_OF_MEMORY_ERROR); - return NULL; - } - /* Initialize the state using array indices. */ - memcpy(cx->S, Kinit, sizeof cx->S); - /* Fill in K repeatedly with values from key. */ - L = K; - for (i = sizeof K; i > len; i-= len) { - memcpy(L, key, len); - L += len; - } - memcpy(L, key, i); - /* Stir the state of the generator. At this point it is assumed - * that the key is the size of the state buffer. If this is not - * the case, the key bytes are repeated to fill the buffer. - */ - j = 0; -#define ARCFOUR_STATE_STIR(ii) \ - j = j + cx->S[ii] + K[ii]; \ - SWAP(cx->S[ii], cx->S[j]); - for (i=0; ii = 0; - cx->j = 0; - return cx; -} - -void -RC4_DestroyContext(RC4Context *cx, PRBool freeit) -{ - if (freeit) - PORT_ZFree(cx, sizeof(*cx)); -} - -/* - * Generate the next byte in the stream. - */ -#define ARCFOUR_NEXT_BYTE() \ - tmpSi = cx->S[++tmpi]; \ - tmpj += tmpSi; \ - tmpSj = cx->S[tmpj]; \ - cx->S[tmpi] = tmpSj; \ - cx->S[tmpj] = tmpSi; \ - t = tmpSi + tmpSj; - -#ifdef CONVERT_TO_WORDS -/* - * Straight RC4 op. No optimization. - */ -static SECStatus -rc4_no_opt(RC4Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - PRUint8 t; - Stype tmpSi, tmpSj; - register PRUint8 tmpi = cx->i; - register PRUint8 tmpj = cx->j; - unsigned int index; - PORT_Assert(maxOutputLen >= inputLen); - if (maxOutputLen < inputLen) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - for (index=0; index < inputLen; index++) { - /* Generate next byte from stream. */ - ARCFOUR_NEXT_BYTE(); - /* output = next stream byte XOR next input byte */ - output[index] = cx->S[t] ^ input[index]; - } - *outputLen = inputLen; - cx->i = tmpi; - cx->j = tmpj; - return SECSuccess; -} -#endif - -#ifndef CONVERT_TO_WORDS -/* - * Byte-at-a-time RC4, unrolling the loop into 8 pieces. - */ -static SECStatus -rc4_unrolled(RC4Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - PRUint8 t; - Stype tmpSi, tmpSj; - register PRUint8 tmpi = cx->i; - register PRUint8 tmpj = cx->j; - int index; - PORT_Assert(maxOutputLen >= inputLen); - if (maxOutputLen < inputLen) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - for (index = inputLen / 8; index-- > 0; input += 8, output += 8) { - ARCFOUR_NEXT_BYTE(); - output[0] = cx->S[t] ^ input[0]; - ARCFOUR_NEXT_BYTE(); - output[1] = cx->S[t] ^ input[1]; - ARCFOUR_NEXT_BYTE(); - output[2] = cx->S[t] ^ input[2]; - ARCFOUR_NEXT_BYTE(); - output[3] = cx->S[t] ^ input[3]; - ARCFOUR_NEXT_BYTE(); - output[4] = cx->S[t] ^ input[4]; - ARCFOUR_NEXT_BYTE(); - output[5] = cx->S[t] ^ input[5]; - ARCFOUR_NEXT_BYTE(); - output[6] = cx->S[t] ^ input[6]; - ARCFOUR_NEXT_BYTE(); - output[7] = cx->S[t] ^ input[7]; - } - index = inputLen % 8; - if (index) { - input += index; - output += index; - switch (index) { - case 7: - ARCFOUR_NEXT_BYTE(); - output[-7] = cx->S[t] ^ input[-7]; /* FALLTHRU */ - case 6: - ARCFOUR_NEXT_BYTE(); - output[-6] = cx->S[t] ^ input[-6]; /* FALLTHRU */ - case 5: - ARCFOUR_NEXT_BYTE(); - output[-5] = cx->S[t] ^ input[-5]; /* FALLTHRU */ - case 4: - ARCFOUR_NEXT_BYTE(); - output[-4] = cx->S[t] ^ input[-4]; /* FALLTHRU */ - case 3: - ARCFOUR_NEXT_BYTE(); - output[-3] = cx->S[t] ^ input[-3]; /* FALLTHRU */ - case 2: - ARCFOUR_NEXT_BYTE(); - output[-2] = cx->S[t] ^ input[-2]; /* FALLTHRU */ - case 1: - ARCFOUR_NEXT_BYTE(); - output[-1] = cx->S[t] ^ input[-1]; /* FALLTHRU */ - default: - /* FALLTHRU */ - ; /* hp-ux build breaks without this */ - } - } - cx->i = tmpi; - cx->j = tmpj; - *outputLen = inputLen; - return SECSuccess; -} -#endif - -#ifdef IS_LITTLE_ENDIAN -#define ARCFOUR_NEXT4BYTES_L(n) \ - ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n ); \ - ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 8); \ - ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 16); \ - ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 24); -#else -#define ARCFOUR_NEXT4BYTES_B(n) \ - ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 24); \ - ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 16); \ - ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 8); \ - ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n ); -#endif - -#if (defined(NSS_USE_HYBRID) && !defined(SOLARIS)) || defined(NSS_USE_64) -/* 64-bit wordsize */ -#ifdef IS_LITTLE_ENDIAN -#define ARCFOUR_NEXT_WORD() \ - { streamWord = 0; ARCFOUR_NEXT4BYTES_L(0); ARCFOUR_NEXT4BYTES_L(32); } -#else -#define ARCFOUR_NEXT_WORD() \ - { streamWord = 0; ARCFOUR_NEXT4BYTES_B(32); ARCFOUR_NEXT4BYTES_B(0); } -#endif -#else -/* 32-bit wordsize */ -#ifdef IS_LITTLE_ENDIAN -#define ARCFOUR_NEXT_WORD() \ - { streamWord = 0; ARCFOUR_NEXT4BYTES_L(0); } -#else -#define ARCFOUR_NEXT_WORD() \ - { streamWord = 0; ARCFOUR_NEXT4BYTES_B(0); } -#endif -#endif - -#ifdef IS_LITTLE_ENDIAN -#define RSH << -#define LSH >> -#else -#define RSH >> -#define LSH << -#endif - -#ifdef CONVERT_TO_WORDS -/* NOTE about UMRs, Uninitialized Memory Reads. - * - * This code reads all input data a WORD at a time, rather than byte at - * a time, and writes all output data a WORD at a time. Shifting and - * masking is used to remove unwanted data and realign bytes when - * needed. The first and last words of output are read, modified, and - * written when needed to preserve any unchanged bytes. This is a huge - * win on machines with high memory latency. - * - * However, when the input and output buffers do not begin and end on WORD - * boundaries, and the WORDS in memory that contain the first and last - * bytes of those buffers contain uninitialized data, then this code will - * read those uninitialized bytes, causing a UMR error to be reported by - * some tools. - * - * These UMRs are NOT a problem, NOT errors, and do NOT need to be "fixed". - * - * All the words read and written contain at least one byte that is - * part of the input data or output data. No words are read or written - * that do not contain data that is part of the buffer. Therefore, - * these UMRs cannot cause page faults or other problems unless the - * buffers have been assigned to improper addresses that would cause - * page faults with or without UMRs. - */ -static SECStatus -rc4_wordconv(RC4Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - ptrdiff_t inOffset = (ptrdiff_t)input % WORDSIZE; - ptrdiff_t outOffset = (ptrdiff_t)output % WORDSIZE; - register WORD streamWord, mask; - register WORD *pInWord, *pOutWord; - register WORD inWord, nextInWord; - PRUint8 t; - register Stype tmpSi, tmpSj; - register PRUint8 tmpi = cx->i; - register PRUint8 tmpj = cx->j; - unsigned int byteCount; - unsigned int bufShift, invBufShift; - int i; - - PORT_Assert(maxOutputLen >= inputLen); - if (maxOutputLen < inputLen) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - if (inputLen < 2*WORDSIZE) { - /* Ignore word conversion, do byte-at-a-time */ - return rc4_no_opt(cx, output, outputLen, maxOutputLen, input, inputLen); - } - *outputLen = inputLen; - pInWord = (WORD *)(input - inOffset); - if (inOffset < outOffset) { - bufShift = 8*(outOffset - inOffset); - invBufShift = 8*WORDSIZE - bufShift; - } else { - invBufShift = 8*(inOffset - outOffset); - bufShift = 8*WORDSIZE - invBufShift; - } - /*****************************************************************/ - /* Step 1: */ - /* If the first output word is partial, consume the bytes in the */ - /* first partial output word by loading one or two words of */ - /* input and shifting them accordingly. Otherwise, just load */ - /* in the first word of input. At the end of this block, at */ - /* least one partial word of input should ALWAYS be loaded. */ - /*****************************************************************/ - if (outOffset) { - /* Generate input and stream words aligned relative to the - * partial output buffer. - */ - byteCount = WORDSIZE - outOffset; - pOutWord = (WORD *)(output - outOffset); - mask = streamWord = 0; -#ifdef IS_LITTLE_ENDIAN - for (i = WORDSIZE - byteCount; i < WORDSIZE; i++) { -#else - for (i = byteCount - 1; i >= 0; --i) { -#endif - ARCFOUR_NEXT_BYTE(); - streamWord |= (WORD)(cx->S[t]) << 8*i; - mask |= MASK1BYTE << 8*i; - } /* } */ - inWord = *pInWord++; /* UMR? see comments above. */ - /* If buffers are relatively misaligned, shift the bytes in inWord - * to be aligned to the output buffer. - */ - nextInWord = 0; - if (inOffset < outOffset) { - /* Have more bytes than needed, shift remainder into nextInWord */ - nextInWord = inWord LSH 8*(inOffset + byteCount); - inWord = inWord RSH bufShift; - } else if (inOffset > outOffset) { - /* Didn't get enough bytes from current input word, load another - * word and then shift remainder into nextInWord. - */ - nextInWord = *pInWord++; - inWord = (inWord LSH invBufShift) | - (nextInWord RSH bufShift); - nextInWord = nextInWord LSH invBufShift; - } - /* Store output of first partial word */ - *pOutWord = (*pOutWord & ~mask) | ((inWord ^ streamWord) & mask); - /* UMR? See comments above. */ - - /* Consumed byteCount bytes of input */ - inputLen -= byteCount; - /* move to next word of output */ - pOutWord++; - /* inWord has been consumed, but there may be bytes in nextInWord */ - inWord = nextInWord; - } else { - /* output is word-aligned */ - pOutWord = (WORD *)output; - if (inOffset) { - /* Input is not word-aligned. The first word load of input - * will not produce a full word of input bytes, so one word - * must be pre-loaded. The main loop below will load in the - * next input word and shift some of its bytes into inWord - * in order to create a full input word. Note that the main - * loop must execute at least once because the input must - * be at least two words. - */ - inWord = *pInWord++; /* UMR? see comments above. */ - inWord = inWord LSH invBufShift; - } else { - /* Input is word-aligned. The first word load of input - * will produce a full word of input bytes, so nothing - * needs to be loaded here. - */ - inWord = 0; - } - } - /* Output buffer is aligned, inOffset is now measured relative to - * outOffset (and not a word boundary). - */ - inOffset = (inOffset + WORDSIZE - outOffset) % WORDSIZE; - /*****************************************************************/ - /* Step 2: main loop */ - /* At this point the output buffer is word-aligned. Any unused */ - /* bytes from above will be in inWord (shifted correctly). If */ - /* the input buffer is unaligned relative to the output buffer, */ - /* shifting has to be done. */ - /*****************************************************************/ - if (inOffset) { - for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) { - nextInWord = *pInWord++; - inWord |= nextInWord RSH bufShift; - nextInWord = nextInWord LSH invBufShift; - ARCFOUR_NEXT_WORD(); - *pOutWord++ = inWord ^ streamWord; - inWord = nextInWord; - } - if (inputLen == 0) { - /* Nothing left to do. */ - cx->i = tmpi; - cx->j = tmpj; - return SECSuccess; - } - /* If the amount of remaining input is greater than the amount - * bytes pulled from the current input word, need to do another - * word load. What's left in inWord will be consumed in step 3. - */ - if (inputLen > WORDSIZE - inOffset) - inWord |= *pInWord RSH bufShift; /* UMR? See above. */ - } else { - for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) { - inWord = *pInWord++; - ARCFOUR_NEXT_WORD(); - *pOutWord++ = inWord ^ streamWord; - } - if (inputLen == 0) { - /* Nothing left to do. */ - cx->i = tmpi; - cx->j = tmpj; - return SECSuccess; - } else { - /* A partial input word remains at the tail. Load it. - * The relevant bytes will be consumed in step 3. - */ - inWord = *pInWord; /* UMR? See comments above */ - } - } - /*****************************************************************/ - /* Step 3: */ - /* A partial word of input remains, and it is already loaded */ - /* into nextInWord. Shift appropriately and consume the bytes */ - /* used in the partial word. */ - /*****************************************************************/ - mask = streamWord = 0; -#ifdef IS_LITTLE_ENDIAN - for (i = 0; i < inputLen; ++i) { -#else - for (i = WORDSIZE - 1; i >= WORDSIZE - inputLen; --i) { -#endif - ARCFOUR_NEXT_BYTE(); - streamWord |= (WORD)(cx->S[t]) << 8*i; - mask |= MASK1BYTE << 8*i; - } /* } */ - /* UMR? See comments above. */ - *pOutWord = (*pOutWord & ~mask) | ((inWord ^ streamWord) & mask); - cx->i = tmpi; - cx->j = tmpj; - return SECSuccess; -} -#endif - -SECStatus -RC4_Encrypt(RC4Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - PORT_Assert(maxOutputLen >= inputLen); - if (maxOutputLen < inputLen) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } -#ifdef CONVERT_TO_WORDS - /* Convert the byte-stream to a word-stream */ - return rc4_wordconv(cx, output, outputLen, maxOutputLen, input, inputLen); -#else - /* Operate on bytes, but unroll the main loop */ - return rc4_unrolled(cx, output, outputLen, maxOutputLen, input, inputLen); -#endif -} - -SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - PORT_Assert(maxOutputLen >= inputLen); - if (maxOutputLen < inputLen) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - /* decrypt and encrypt are same operation. */ -#ifdef CONVERT_TO_WORDS - /* Convert the byte-stream to a word-stream */ - return rc4_wordconv(cx, output, outputLen, maxOutputLen, input, inputLen); -#else - /* Operate on bytes, but unroll the main loop */ - return rc4_unrolled(cx, output, outputLen, maxOutputLen, input, inputLen); -#endif -} - -#undef CONVERT_TO_WORDS -#undef USE_LONG diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h deleted file mode 100644 index 367f6ca1f..000000000 --- a/security/nss/lib/freebl/blapi.h +++ /dev/null @@ -1,992 +0,0 @@ -/* - * crypto.h - public data structures and prototypes for the crypto library - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#ifndef _BLAPI_H_ -#define _BLAPI_H_ - -#include "blapit.h" - - -SEC_BEGIN_PROTOS - -/* -** RSA encryption/decryption. When encrypting/decrypting the output -** buffer must be at least the size of the public key modulus. -*/ - -/* -** Generate and return a new RSA public and private key. -** Both keys are encoded in a single RSAPrivateKey structure. -** "cx" is the random number generator context -** "keySizeInBits" is the size of the key to be generated, in bits. -** 512, 1024, etc. -** "publicExponent" when not NULL is a pointer to some data that -** represents the public exponent to use. The data is a byte -** encoded integer, in "big endian" order. -*/ -extern RSAPrivateKey *RSA_NewKey(int keySizeInBits, - SECItem * publicExponent); - -/* -** Perform a raw public-key operation -** Length of input and output buffers are equal to key's modulus len. -*/ -extern SECStatus RSA_PublicKeyOp(RSAPublicKey * key, - unsigned char * output, - const unsigned char * input); - -/* -** Perform a raw private-key operation -** Length of input and output buffers are equal to key's modulus len. -*/ -extern SECStatus RSA_PrivateKeyOp(RSAPrivateKey * key, - unsigned char * output, - const unsigned char * input); - -/* -** Perform a raw private-key operation, and check the parameters used in -** the operation for validity by performing a test operation first. -** Length of input and output buffers are equal to key's modulus len. -*/ -extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key, - unsigned char * output, - const unsigned char * input); - -/* -** Perform a check of private key parameters for consistency. -*/ -extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key); - - -/******************************************************************** -** DSA signing algorithm -*/ - -/* -** Generate and return a new DSA public and private key pair, -** both of which are encoded into a single DSAPrivateKey struct. -** "params" is a pointer to the PQG parameters for the domain -** Uses a random seed. -*/ -extern SECStatus DSA_NewKey(const PQGParams * params, - DSAPrivateKey ** privKey); - -/* signature is caller-supplied buffer of at least 20 bytes. -** On input, signature->len == size of buffer to hold signature. -** digest->len == size of digest. -** On output, signature->len == size of signature in buffer. -** Uses a random seed. -*/ -extern SECStatus DSA_SignDigest(DSAPrivateKey * key, - SECItem * signature, - const SECItem * digest); - -/* signature is caller-supplied buffer of at least 20 bytes. -** On input, signature->len == size of buffer to hold signature. -** digest->len == size of digest. -*/ -extern SECStatus DSA_VerifyDigest(DSAPublicKey * key, - const SECItem * signature, - const SECItem * digest); - -/* For FIPS compliance testing. Seed must be exactly 20 bytes long */ -extern SECStatus DSA_NewKeyFromSeed(const PQGParams *params, - const unsigned char * seed, - DSAPrivateKey **privKey); - -/* For FIPS compliance testing. Seed must be exactly 20 bytes. */ -extern SECStatus DSA_SignDigestWithSeed(DSAPrivateKey * key, - SECItem * signature, - const SECItem * digest, - const unsigned char * seed); - -/****************************************************** -** Diffie Helman key exchange algorithm -*/ - -/* Generates parameters for Diffie-Helman key generation. -** primeLen is the length in bytes of prime P to be generated. -*/ -extern SECStatus DH_GenParam(int primeLen, DHParams ** params); - -/* Generates a public and private key, both of which are encoded in a single -** DHPrivateKey struct. Params is input, privKey are output. -** This is Phase 1 of Diffie Hellman. -*/ -extern SECStatus DH_NewKey(DHParams * params, - DHPrivateKey ** privKey); - -/* -** DH_Derive does the Diffie-Hellman phase 2 calculation, using the -** other party's publicValue, and the prime and our privateValue. -** maxOutBytes is the requested length of the generated secret in bytes. -** A zero value means produce a value of any length up to the size of -** the prime. If successful, derivedSecret->data is set -** to the address of the newly allocated buffer containing the derived -** secret, and derivedSecret->len is the size of the secret produced. -** The size of the secret produced will never be larger than the length -** of the prime, and it may be smaller than maxOutBytes. -** It is the caller's responsibility to free the allocated buffer -** containing the derived secret. -*/ -extern SECStatus DH_Derive(SECItem * publicValue, - SECItem * prime, - SECItem * privateValue, - SECItem * derivedSecret, - unsigned int maxOutBytes); - -/* -** KEA_CalcKey returns octet string with the private key for a dual -** Diffie-Helman key generation as specified for government key exchange. -*/ -extern SECStatus KEA_Derive(SECItem *prime, - SECItem *public1, - SECItem *public2, - SECItem *private1, - SECItem *private2, - SECItem *derivedSecret); - -/* - * verify that a KEA or DSA public key is a valid key for this prime and - * subprime domain. - */ -extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime); - -/****************************************************** -** Elliptic Curve algorithms -*/ - -/* Generates a public and private key, both of which are encoded -** in a single ECPrivateKey struct. Params is input, privKey are -** output. -*/ -extern SECStatus EC_NewKey(ECParams * params, - ECPrivateKey ** privKey); - -extern SECStatus EC_NewKeyFromSeed(ECParams * params, - ECPrivateKey ** privKey, - const unsigned char* seed, - int seedlen); - -/* Validates an EC public key as described in Section 5.2.2 of - * X9.63. Such validation prevents against small subgroup attacks - * when the ECDH primitive is used with the cofactor. - */ -extern SECStatus EC_ValidatePublicKey(ECParams * params, - SECItem * publicValue); - -/* -** ECDH_Derive performs a scalar point multiplication of a point -** representing a (peer's) public key and a large integer representing -** a private key (its own). Both keys must use the same elliptic curve -** parameters. If the withCofactor parameter is true, the -** multiplication also uses the cofactor associated with the curve -** parameters. The output of this scheme is the x-coordinate of the -** resulting point. If successful, derivedSecret->data is set to the -** address of the newly allocated buffer containing the derived -** secret, and derivedSecret->len is the size of the secret -** produced. It is the caller's responsibility to free the allocated -** buffer containing the derived secret. -*/ -extern SECStatus ECDH_Derive(SECItem * publicValue, - ECParams * params, - SECItem * privateValue, - PRBool withCofactor, - SECItem * derivedSecret); - -/* On input, signature->len == size of buffer to hold signature. -** digest->len == size of digest. -** On output, signature->len == size of signature in buffer. -** Uses a random seed. -*/ -extern SECStatus ECDSA_SignDigest(ECPrivateKey *key, - SECItem *signature, - const SECItem *digest); - -/* On input, signature->len == size of buffer to hold signature. -** digest->len == size of digest. -*/ -extern SECStatus ECDSA_VerifyDigest(ECPublicKey *key, - const SECItem *signature, - const SECItem *digest); - -/* Uses the provided seed. */ -extern SECStatus ECDSA_SignDigestWithSeed(ECPrivateKey *key, - SECItem *signature, - const SECItem *digest, - const unsigned char *seed, - const int seedlen); - -/******************************************/ -/* -** RC4 symmetric stream cypher -*/ - -/* -** Create a new RC4 context suitable for RC4 encryption/decryption. -** "key" raw key data -** "len" the number of bytes of key data -*/ -extern RC4Context *RC4_CreateContext(const unsigned char *key, int len); - -/* -** Destroy an RC4 encryption/decryption context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void RC4_DestroyContext(RC4Context *cx, PRBool freeit); - -/* -** Perform RC4 encryption. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus RC4_Encrypt(RC4Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/* -** Perform RC4 decryption. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/******************************************/ -/* -** RC2 symmetric block cypher -*/ - -/* -** Create a new RC2 context suitable for RC2 encryption/decryption. -** "key" raw key data -** "len" the number of bytes of key data -** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC) -** "mode" one of NSS_RC2 or NSS_RC2_CBC -** "effectiveKeyLen" is the effective key length (as specified in -** RFC 2268) in bytes (not bits). -** -** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block -** chaining" mode. -*/ -extern RC2Context *RC2_CreateContext(const unsigned char *key, unsigned int len, - const unsigned char *iv, int mode, - unsigned effectiveKeyLen); - -/* -** Destroy an RC2 encryption/decryption context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void RC2_DestroyContext(RC2Context *cx, PRBool freeit); - -/* -** Perform RC2 encryption. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/* -** Perform RC2 decryption. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/******************************************/ -/* -** RC5 symmetric block cypher -- 64-bit block size -*/ - -/* -** Create a new RC5 context suitable for RC5 encryption/decryption. -** "key" raw key data -** "len" the number of bytes of key data -** "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC) -** "mode" one of NSS_RC5 or NSS_RC5_CBC -** -** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block -** chaining" mode. -*/ -extern RC5Context *RC5_CreateContext(const SECItem *key, unsigned int rounds, - unsigned int wordSize, const unsigned char *iv, int mode); - -/* -** Destroy an RC5 encryption/decryption context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void RC5_DestroyContext(RC5Context *cx, PRBool freeit); - -/* -** Perform RC5 encryption. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus RC5_Encrypt(RC5Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/* -** Perform RC5 decryption. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ - -extern SECStatus RC5_Decrypt(RC5Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - - -/******************************************/ -/* -** DES symmetric block cypher -*/ - -/* -** Create a new DES context suitable for DES encryption/decryption. -** "key" raw key data -** "len" the number of bytes of key data -** "iv" is the CBC initialization vector (if mode is NSS_DES_CBC or -** mode is DES_EDE3_CBC) -** "mode" one of NSS_DES, NSS_DES_CBC, NSS_DES_EDE3 or NSS_DES_EDE3_CBC -** "encrypt" is PR_TRUE if the context will be used for encryption -** -** When mode is set to NSS_DES_CBC or NSS_DES_EDE3_CBC then the DES -** cipher is run in "cipher block chaining" mode. -*/ -extern DESContext *DES_CreateContext(const unsigned char *key, - const unsigned char *iv, - int mode, PRBool encrypt); - -/* -** Destroy an DES encryption/decryption context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void DES_DestroyContext(DESContext *cx, PRBool freeit); - -/* -** Perform DES encryption. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -** -** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH -*/ -extern SECStatus DES_Encrypt(DESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/* -** Perform DES decryption. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -** -** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH -*/ -extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/******************************************/ -/* -** AES symmetric block cypher (Rijndael) -*/ - -/* -** Create a new AES context suitable for AES encryption/decryption. -** "key" raw key data -** "keylen" the number of bytes of key data (16, 24, or 32) -** "blocklen" is the blocksize to use (16, 24, or 32) -** XXX currently only blocksize==16 has been tested! -*/ -extern AESContext * -AES_CreateContext(const unsigned char *key, const unsigned char *iv, - int mode, int encrypt, - unsigned int keylen, unsigned int blocklen); - -/* -** Destroy a AES encryption/decryption context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void -AES_DestroyContext(AESContext *cx, PRBool freeit); - -/* -** Perform AES encryption. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus -AES_Encrypt(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/* -** Perform AES decryption. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus -AES_Decrypt(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/******************************************/ -/* -** AES key wrap algorithm, RFC 3394 -*/ - -/* -** Create a new AES context suitable for AES encryption/decryption. -** "key" raw key data -** "iv" The 8 byte "initial value" -** "encrypt", a boolean, true for key wrapping, false for unwrapping. -** "keylen" the number of bytes of key data (16, 24, or 32) -*/ -extern AESKeyWrapContext * -AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv, - int encrypt, unsigned int keylen); - -/* -** Destroy a AES KeyWrap context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void -AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit); - -/* -** Perform AES key wrap. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus -AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/* -** Perform AES key unwrap. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus -AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - -/******************************************/ -/* -** MD5 secure hash function -*/ - -/* -** Hash a null terminated string "src" into "dest" using MD5 -*/ -extern SECStatus MD5_Hash(unsigned char *dest, const char *src); - -/* -** Hash a non-null terminated string "src" into "dest" using MD5 -*/ -extern SECStatus MD5_HashBuf(unsigned char *dest, const unsigned char *src, - uint32 src_length); - -/* -** Create a new MD5 context -*/ -extern MD5Context *MD5_NewContext(void); - - -/* -** Destroy an MD5 secure hash context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void MD5_DestroyContext(MD5Context *cx, PRBool freeit); - -/* -** Reset an MD5 context, preparing it for a fresh round of hashing -*/ -extern void MD5_Begin(MD5Context *cx); - -/* -** Update the MD5 hash function with more data. -** "cx" the context -** "input" the data to hash -** "inputLen" the amount of data to hash -*/ -extern void MD5_Update(MD5Context *cx, - const unsigned char *input, unsigned int inputLen); - -/* -** Finish the MD5 hash function. Produce the digested results in "digest" -** "cx" the context -** "digest" where the 16 bytes of digest data are stored -** "digestLen" where the digest length (16) is stored -** "maxDigestLen" the maximum amount of data that can ever be -** stored in "digest" -*/ -extern void MD5_End(MD5Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -/* - * Return the the size of a buffer needed to flatten the MD5 Context into - * "cx" the context - * returns size; - */ -extern unsigned int MD5_FlattenSize(MD5Context *cx); - -/* - * Flatten the MD5 Context into a buffer: - * "cx" the context - * "space" the buffer to flatten to - * returns status; - */ -extern SECStatus MD5_Flatten(MD5Context *cx,unsigned char *space); - -/* - * Resurrect a flattened context into a MD5 Context - * "space" the buffer of the flattend buffer - * "arg" ptr to void used by cryptographic resurrect - * returns resurected context; - */ -extern MD5Context * MD5_Resurrect(unsigned char *space, void *arg); - -/* -** trace the intermediate state info of the MD5 hash. -*/ -extern void MD5_TraceState(MD5Context *cx); - - -/******************************************/ -/* -** MD2 secure hash function -*/ - -/* -** Hash a null terminated string "src" into "dest" using MD2 -*/ -extern SECStatus MD2_Hash(unsigned char *dest, const char *src); - -/* -** Create a new MD2 context -*/ -extern MD2Context *MD2_NewContext(void); - - -/* -** Destroy an MD2 secure hash context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void MD2_DestroyContext(MD2Context *cx, PRBool freeit); - -/* -** Reset an MD2 context, preparing it for a fresh round of hashing -*/ -extern void MD2_Begin(MD2Context *cx); - -/* -** Update the MD2 hash function with more data. -** "cx" the context -** "input" the data to hash -** "inputLen" the amount of data to hash -*/ -extern void MD2_Update(MD2Context *cx, - const unsigned char *input, unsigned int inputLen); - -/* -** Finish the MD2 hash function. Produce the digested results in "digest" -** "cx" the context -** "digest" where the 16 bytes of digest data are stored -** "digestLen" where the digest length (16) is stored -** "maxDigestLen" the maximum amount of data that can ever be -** stored in "digest" -*/ -extern void MD2_End(MD2Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - -/* - * Return the the size of a buffer needed to flatten the MD2 Context into - * "cx" the context - * returns size; - */ -extern unsigned int MD2_FlattenSize(MD2Context *cx); - -/* - * Flatten the MD2 Context into a buffer: - * "cx" the context - * "space" the buffer to flatten to - * returns status; - */ -extern SECStatus MD2_Flatten(MD2Context *cx,unsigned char *space); - -/* - * Resurrect a flattened context into a MD2 Context - * "space" the buffer of the flattend buffer - * "arg" ptr to void used by cryptographic resurrect - * returns resurected context; - */ -extern MD2Context * MD2_Resurrect(unsigned char *space, void *arg); - -/******************************************/ -/* -** SHA-1 secure hash function -*/ - -/* -** Hash a null terminated string "src" into "dest" using SHA-1 -*/ -extern SECStatus SHA1_Hash(unsigned char *dest, const char *src); - -/* -** Hash a non-null terminated string "src" into "dest" using SHA-1 -*/ -extern SECStatus SHA1_HashBuf(unsigned char *dest, const unsigned char *src, - uint32 src_length); - -/* -** Create a new SHA-1 context -*/ -extern SHA1Context *SHA1_NewContext(void); - - -/* -** Destroy a SHA-1 secure hash context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void SHA1_DestroyContext(SHA1Context *cx, PRBool freeit); - -/* -** Reset a SHA-1 context, preparing it for a fresh round of hashing -*/ -extern void SHA1_Begin(SHA1Context *cx); - -/* -** Update the SHA-1 hash function with more data. -** "cx" the context -** "input" the data to hash -** "inputLen" the amount of data to hash -*/ -extern void SHA1_Update(SHA1Context *cx, const unsigned char *input, - unsigned int inputLen); - -/* -** Finish the SHA-1 hash function. Produce the digested results in "digest" -** "cx" the context -** "digest" where the 16 bytes of digest data are stored -** "digestLen" where the digest length (20) is stored -** "maxDigestLen" the maximum amount of data that can ever be -** stored in "digest" -*/ -extern void SHA1_End(SHA1Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - -/* -** trace the intermediate state info of the SHA1 hash. -*/ -extern void SHA1_TraceState(SHA1Context *cx); - -/* - * Return the the size of a buffer needed to flatten the SHA-1 Context into - * "cx" the context - * returns size; - */ -extern unsigned int SHA1_FlattenSize(SHA1Context *cx); - -/* - * Flatten the SHA-1 Context into a buffer: - * "cx" the context - * "space" the buffer to flatten to - * returns status; - */ -extern SECStatus SHA1_Flatten(SHA1Context *cx,unsigned char *space); - -/* - * Resurrect a flattened context into a SHA-1 Context - * "space" the buffer of the flattend buffer - * "arg" ptr to void used by cryptographic resurrect - * returns resurected context; - */ -extern SHA1Context * SHA1_Resurrect(unsigned char *space, void *arg); - -/******************************************/ - -extern SHA256Context *SHA256_NewContext(void); -extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit); -extern void SHA256_Begin(SHA256Context *cx); -extern void SHA256_Update(SHA256Context *cx, const unsigned char *input, - unsigned int inputLen); -extern void SHA256_End(SHA256Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src, - uint32 src_length); -extern SECStatus SHA256_Hash(unsigned char *dest, const char *src); -extern void SHA256_TraceState(SHA256Context *cx); -extern unsigned int SHA256_FlattenSize(SHA256Context *cx); -extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space); -extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg); - -/******************************************/ - -extern SHA512Context *SHA512_NewContext(void); -extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit); -extern void SHA512_Begin(SHA512Context *cx); -extern void SHA512_Update(SHA512Context *cx, const unsigned char *input, - unsigned int inputLen); -extern void SHA512_End(SHA512Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src, - uint32 src_length); -extern SECStatus SHA512_Hash(unsigned char *dest, const char *src); -extern void SHA512_TraceState(SHA512Context *cx); -extern unsigned int SHA512_FlattenSize(SHA512Context *cx); -extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space); -extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg); - -/******************************************/ - -extern SHA384Context *SHA384_NewContext(void); -extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit); -extern void SHA384_Begin(SHA384Context *cx); -extern void SHA384_Update(SHA384Context *cx, const unsigned char *input, - unsigned int inputLen); -extern void SHA384_End(SHA384Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src, - uint32 src_length); -extern SECStatus SHA384_Hash(unsigned char *dest, const char *src); -extern void SHA384_TraceState(SHA384Context *cx); -extern unsigned int SHA384_FlattenSize(SHA384Context *cx); -extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space); -extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg); - -/******************************************/ -/* -** Pseudo Random Number Generation. FIPS compliance desirable. -*/ - -/* -** Initialize the global RNG context and give it some seed input taken -** from the system. This function is thread-safe and will only allow -** the global context to be initialized once. The seed input is likely -** small, so it is imperative that RNG_RandomUpdate() be called with -** additional seed data before the generator is used. A good way to -** provide the generator with additional entropy is to call -** RNG_SystemInfoForRNG(). Note that NSS_Init() does exactly that. -*/ -extern SECStatus RNG_RNGInit(void); - -/* -** Update the global random number generator with more seeding -** material -*/ -extern SECStatus RNG_RandomUpdate(const void *data, size_t bytes); - -/* -** Generate some random bytes, using the global random number generator -** object. -*/ -extern SECStatus RNG_GenerateGlobalRandomBytes(void *dest, size_t len); - -/* Destroy the global RNG context. After a call to RNG_RNGShutdown() -** a call to RNG_RNGInit() is required in order to use the generator again, -** along with seed data (see the comment above RNG_RNGInit()). -*/ -extern void RNG_RNGShutdown(void); - - -/* Generate PQGParams and PQGVerify structs. - * Length of seed and length of h both equal length of P. - * All lengths are specified by "j", according to the table above. - */ -extern SECStatus -PQG_ParamGen(unsigned int j, /* input : determines length of P. */ - PQGParams **pParams, /* output: P Q and G returned here */ - PQGVerify **pVfy); /* output: counter and seed. */ - -/* Generate PQGParams and PQGVerify structs. - * Length of P specified by j. Length of h will match length of P. - * Length of SEED in bytes specified in seedBytes. - * seedBbytes must be in the range [20..255] or an error will result. - */ -extern SECStatus -PQG_ParamGenSeedLen( - unsigned int j, /* input : determines length of P. */ - unsigned int seedBytes, /* input : length of seed in bytes.*/ - PQGParams **pParams, /* output: P Q and G returned here */ - PQGVerify **pVfy); /* output: counter and seed. */ - - -/* Test PQGParams for validity as DSS PQG values. - * If vfy is non-NULL, test PQGParams to make sure they were generated - * using the specified seed, counter, and h values. - * - * Return value indicates whether Verification operation ran succesfully - * to completion, but does not indicate if PQGParams are valid or not. - * If return value is SECSuccess, then *pResult has these meanings: - * SECSuccess: PQGParams are valid. - * SECFailure: PQGParams are invalid. - * - * Verify the following 12 facts about PQG counter SEED g and h - * 1. Q is 160 bits long. - * 2. P is one of the 9 valid lengths. - * 3. G < P - * 4. P % Q == 1 - * 5. Q is prime - * 6. P is prime - * Steps 7-12 are done only if the optional PQGVerify is supplied. - * 7. counter < 4096 - * 8. g >= 160 and g < 2048 (g is length of seed in bits) - * 9. Q generated from SEED matches Q in PQGParams. - * 10. P generated from (L, counter, g, SEED, Q) matches P in PQGParams. - * 11. 1 < h < P-1 - * 12. G generated from h matches G in PQGParams. - */ - -extern SECStatus PQG_VerifyParams(const PQGParams *params, - const PQGVerify *vfy, SECStatus *result); - - -/* - * clean-up any global tables freebl may have allocated after it starts up. - * This function is not thread safe and should be called only after the - * library has been quiessed. - */ -extern void BL_Cleanup(void); - - -/************************************************************************** - * Verify a given Shared library signature * - **************************************************************************/ -PRBool BLAPI_SHVerify(const char *name, PRFuncPtr addr); - -/************************************************************************** - * Verify Are Own Shared library signature * - **************************************************************************/ -PRBool BLAPI_VerifySelf(const char *name); - -SEC_END_PROTOS - -#endif /* _BLAPI_H_ */ diff --git a/security/nss/lib/freebl/blapit.h b/security/nss/lib/freebl/blapit.h deleted file mode 100644 index 6ef924902..000000000 --- a/security/nss/lib/freebl/blapit.h +++ /dev/null @@ -1,351 +0,0 @@ -/* - * blapit.h - public data structures for the crypto library - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta and - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#ifndef _BLAPIT_H_ -#define _BLAPIT_H_ - -#include "seccomon.h" -#include "prlink.h" -#include "plarena.h" -#include "ecl-exp.h" - - -/* RC2 operation modes */ -#define NSS_RC2 0 -#define NSS_RC2_CBC 1 - -/* RC5 operation modes */ -#define NSS_RC5 0 -#define NSS_RC5_CBC 1 - -/* DES operation modes */ -#define NSS_DES 0 -#define NSS_DES_CBC 1 -#define NSS_DES_EDE3 2 -#define NSS_DES_EDE3_CBC 3 - -#define DES_KEY_LENGTH 8 /* Bytes */ - -/* AES operation modes */ -#define NSS_AES 0 -#define NSS_AES_CBC 1 - -#define DSA_SIGNATURE_LEN 40 /* Bytes */ -#define DSA_SUBPRIME_LEN 20 /* Bytes */ - -/* XXX We shouldn't have to hard code this limit. For - * now, this is the quickest way to support ECDSA signature - * processing (ECDSA signature lengths depend on curve - * size). This limit is sufficient for curves upto - * 576 bits. - */ -#define MAX_ECKEY_LEN 72 /* Bytes */ - -/* - * Number of bytes each hash algorithm produces - */ -#define MD2_LENGTH 16 /* Bytes */ -#define MD5_LENGTH 16 /* Bytes */ -#define SHA1_LENGTH 20 /* Bytes */ -#define SHA256_LENGTH 32 /* bytes */ -#define SHA384_LENGTH 48 /* bytes */ -#define SHA512_LENGTH 64 /* bytes */ -#define HASH_LENGTH_MAX SHA512_LENGTH - -/* - * Input block size for each hash algorithm. - */ - -#define SHA256_BLOCK_LENGTH 64 /* bytes */ -#define SHA384_BLOCK_LENGTH 128 /* bytes */ -#define SHA512_BLOCK_LENGTH 128 /* bytes */ - -#define AES_KEY_WRAP_IV_BYTES 8 -#define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */ -#define AES_BLOCK_SIZE 16 /* bytes */ - -#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048 - -/* - * these values come from the intial key size limits from the PKCS #11 - * module. They may be aribitarily adjusted to any value freebl supports - * RSA_MAX_MODULUS_BITS is not defined since there is only memory constraints - * on the largest RSA Modulus that PKCS #11 or freebl may support. - */ -#define RSA_MIN_MODULUS_BITS 128 -#define DH_MIN_P_BITS 128 -#define DH_MAX_P_BITS 1024 - -/* - * The FIPS 186 algorithm for generating primes P and Q allows only 9 - * distinct values for the length of P, and only one value for the - * length of Q. - * The algorithm uses a variable j to indicate which of the 9 lengths - * of P is to be used. - * The following table relates j to the lengths of P and Q in bits. - * - * j bits in P bits in Q - * _ _________ _________ - * 0 512 160 - * 1 576 160 - * 2 640 160 - * 3 704 160 - * 4 768 160 - * 5 832 160 - * 6 896 160 - * 7 960 160 - * 8 1024 160 - * - * The FIPS-186 compliant PQG generator takes j as an input parameter. - */ - -#define DSA_Q_BITS 160 -#define DSA_MAX_P_BITS 1024 -#define DSA_MIN_P_BITS 512 - -/* - * function takes desired number of bits in P, - * returns index (0..8) or -1 if number of bits is invalid. - */ -#define PQG_PBITS_TO_INDEX(bits) ((((bits)-512) % 64) ? -1 : (int)((bits)-512)/64) - -/* - * function takes index (0-8) - * returns number of bits in P for that index, or -1 if index is invalid. - */ -#define PQG_INDEX_TO_PBITS(j) (((unsigned)(j) > 8) ? -1 : (512 + 64 * (j))) - - -/*************************************************************************** -** Opaque objects -*/ - -struct DESContextStr ; -struct RC2ContextStr ; -struct RC4ContextStr ; -struct RC5ContextStr ; -struct AESContextStr ; -struct MD2ContextStr ; -struct MD5ContextStr ; -struct SHA1ContextStr ; -struct SHA256ContextStr ; -struct SHA512ContextStr ; -struct AESKeyWrapContextStr ; - -typedef struct DESContextStr DESContext; -typedef struct RC2ContextStr RC2Context; -typedef struct RC4ContextStr RC4Context; -typedef struct RC5ContextStr RC5Context; -typedef struct AESContextStr AESContext; -typedef struct MD2ContextStr MD2Context; -typedef struct MD5ContextStr MD5Context; -typedef struct SHA1ContextStr SHA1Context; -typedef struct SHA256ContextStr SHA256Context; -typedef struct SHA512ContextStr SHA512Context; -/* SHA384Context is really a SHA512ContextStr. This is not a mistake. */ -typedef struct SHA512ContextStr SHA384Context; -typedef struct AESKeyWrapContextStr AESKeyWrapContext; - -/*************************************************************************** -** RSA Public and Private Key structures -*/ - -/* member names from PKCS#1, section 7.1 */ -struct RSAPublicKeyStr { - PRArenaPool * arena; - SECItem modulus; - SECItem publicExponent; -}; -typedef struct RSAPublicKeyStr RSAPublicKey; - -/* member names from PKCS#1, section 7.2 */ -struct RSAPrivateKeyStr { - PRArenaPool * arena; - SECItem version; - SECItem modulus; - SECItem publicExponent; - SECItem privateExponent; - SECItem prime1; - SECItem prime2; - SECItem exponent1; - SECItem exponent2; - SECItem coefficient; -}; -typedef struct RSAPrivateKeyStr RSAPrivateKey; - - -/*************************************************************************** -** DSA Public and Private Key and related structures -*/ - -struct PQGParamsStr { - PRArenaPool *arena; - SECItem prime; /* p */ - SECItem subPrime; /* q */ - SECItem base; /* g */ - /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */ -}; -typedef struct PQGParamsStr PQGParams; - -struct PQGVerifyStr { - PRArenaPool * arena; /* includes this struct, seed, & h. */ - unsigned int counter; - SECItem seed; - SECItem h; -}; -typedef struct PQGVerifyStr PQGVerify; - -struct DSAPublicKeyStr { - PQGParams params; - SECItem publicValue; -}; -typedef struct DSAPublicKeyStr DSAPublicKey; - -struct DSAPrivateKeyStr { - PQGParams params; - SECItem publicValue; - SECItem privateValue; -}; -typedef struct DSAPrivateKeyStr DSAPrivateKey; - -/*************************************************************************** -** Diffie-Hellman Public and Private Key and related structures -** Structure member names suggested by PKCS#3. -*/ - -struct DHParamsStr { - PRArenaPool * arena; - SECItem prime; /* p */ - SECItem base; /* g */ -}; -typedef struct DHParamsStr DHParams; - -struct DHPublicKeyStr { - PRArenaPool * arena; - SECItem prime; - SECItem base; - SECItem publicValue; -}; -typedef struct DHPublicKeyStr DHPublicKey; - -struct DHPrivateKeyStr { - PRArenaPool * arena; - SECItem prime; - SECItem base; - SECItem publicValue; - SECItem privateValue; -}; -typedef struct DHPrivateKeyStr DHPrivateKey; - -/*************************************************************************** -** Data structures used for elliptic curve parameters and -** public and private keys. -*/ - -/* -** The ECParams data structures can encode elliptic curve -** parameters for both GFp and GF2m curves. -*/ - -typedef enum { ec_params_explicit, - ec_params_named -} ECParamsType; - -typedef enum { ec_field_GFp = 1, - ec_field_GF2m -} ECFieldType; - -struct ECFieldIDStr { - int size; /* field size in bits */ - ECFieldType type; - union { - SECItem prime; /* prime p for (GFp) */ - SECItem poly; /* irreducible binary polynomial for (GF2m) */ - } u; - int k1; /* first coefficient of pentanomial or - * the only coefficient of trinomial - */ - int k2; /* two remaining coefficients of pentanomial */ - int k3; -}; -typedef struct ECFieldIDStr ECFieldID; - -struct ECCurveStr { - SECItem a; /* contains octet stream encoding of - * field element (X9.62 section 4.3.3) - */ - SECItem b; - SECItem seed; -}; -typedef struct ECCurveStr ECCurve; - -struct ECParamsStr { - PRArenaPool * arena; - ECParamsType type; - ECFieldID fieldID; - ECCurve curve; - SECItem base; - SECItem order; - int cofactor; - SECItem DEREncoding; - ECCurveName name; - SECItem curveOID; -}; -typedef struct ECParamsStr ECParams; - -struct ECPublicKeyStr { - ECParams ecParams; - SECItem publicValue; /* elliptic curve point encoded as - * octet stream. - */ -}; -typedef struct ECPublicKeyStr ECPublicKey; - -struct ECPrivateKeyStr { - ECParams ecParams; - SECItem publicValue; /* encoded ec point */ - SECItem privateValue; /* private big integer */ - SECItem version; /* As per SEC 1, Appendix C, Section C.4 */ -}; -typedef struct ECPrivateKeyStr ECPrivateKey; - -#endif /* _BLAPIT_H_ */ diff --git a/security/nss/lib/freebl/config.mk b/security/nss/lib/freebl/config.mk deleted file mode 100644 index 6bae7893b..000000000 --- a/security/nss/lib/freebl/config.mk +++ /dev/null @@ -1,103 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# only do this in the outermost freebl build. -ifndef FREEBL_RECURSIVE_BUILD -# we only do this stuff for some of the 32-bit builds, no 64-bit builds -ifndef USE_64 - -ifeq ($(OS_TARGET), HP-UX) - ifneq ($(OS_TEST), ia64) - FREEBL_EXTENDED_BUILD = 1 - endif -endif - -ifeq ($(OS_TARGET),SunOS) - ifeq ($(CPU_ARCH),sparc) - FREEBL_EXTENDED_BUILD = 1 - endif -endif - -ifdef FREEBL_EXTENDED_BUILD -# We're going to change this build so that it builds libfreebl.a with -# just loader.c. Then we have to build this directory twice again to -# build the two DSOs. -# To build libfreebl.a with just loader.c, we must now override many -# of the make variables setup by the prior inclusion of CORECONF's config.mk - -CSRCS = loader.c sysrand.c -SIMPLE_OBJS = $(CSRCS:.c=$(OBJ_SUFFIX)) -OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(SIMPLE_OBJS)) -ALL_TRASH := $(TARGETS) $(OBJS) $(OBJDIR) LOGS TAGS $(GARBAGE) \ - $(NOSUCHFILE) so_locations -endif - -#end of 32-bit only stuff. -endif - -# Override the values defined in coreconf's ruleset.mk. -# -# - (1) LIBRARY: a static (archival) library -# - (2) SHARED_LIBRARY: a shared (dynamic link) library -# - (3) IMPORT_LIBRARY: an import library, used only on Windows -# - (4) PROGRAM: an executable binary -# -# override these variables to prevent building a DSO/DLL. - TARGETS = $(LIBRARY) - SHARED_LIBRARY = - IMPORT_LIBRARY = - PROGRAM = - -else -# This is a recursive build. - -TARGETS = $(SHARED_LIBRARY) -LIBRARY = -PROGRAM = - -#ifeq ($(OS_TARGET), HP-UX) - EXTRA_LIBS += \ - $(DIST)/lib/libsecutil.$(LIB_SUFFIX) \ - $(NULL) - -# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS) -# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX. - EXTRA_SHARED_LIBS += \ - -L$(DIST)/lib/ \ - -lplc4 \ - -lplds4 \ - -lnspr4 \ - -lc -#endif - -endif diff --git a/security/nss/lib/freebl/des.c b/security/nss/lib/freebl/des.c deleted file mode 100644 index 6f40050cf..000000000 --- a/security/nss/lib/freebl/des.c +++ /dev/null @@ -1,683 +0,0 @@ -/* - * des.c - * - * core source file for DES-150 library - * Make key schedule from DES key. - * Encrypt/Decrypt one 8-byte block. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the DES-150 library. - * - * The Initial Developer of the Original Code is Nelson B. Bolyard, - * nelsonb@iname.com. Portions created by Nelson B. Bolyard are - * Copyright (C) 1990, 2000 Nelson B. Bolyard, All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - */ - -#include "des.h" -#include /* for ptrdiff_t */ -/* #define USE_INDEXING 1 */ - -/* - * The tables below are the 8 sbox functions, with the 6-bit input permutation - * and the 32-bit output permutation pre-computed. - * They are shifted circularly to the left 3 bits, which removes 2 shifts - * and an or from each round by reducing the number of sboxes whose - * indices cross word broundaries from 2 to 1. - */ - -static const HALF SP[8][64] = { -/* Box S1 */ { - 0x04041000, 0x00000000, 0x00040000, 0x04041010, - 0x04040010, 0x00041010, 0x00000010, 0x00040000, - 0x00001000, 0x04041000, 0x04041010, 0x00001000, - 0x04001010, 0x04040010, 0x04000000, 0x00000010, - 0x00001010, 0x04001000, 0x04001000, 0x00041000, - 0x00041000, 0x04040000, 0x04040000, 0x04001010, - 0x00040010, 0x04000010, 0x04000010, 0x00040010, - 0x00000000, 0x00001010, 0x00041010, 0x04000000, - 0x00040000, 0x04041010, 0x00000010, 0x04040000, - 0x04041000, 0x04000000, 0x04000000, 0x00001000, - 0x04040010, 0x00040000, 0x00041000, 0x04000010, - 0x00001000, 0x00000010, 0x04001010, 0x00041010, - 0x04041010, 0x00040010, 0x04040000, 0x04001010, - 0x04000010, 0x00001010, 0x00041010, 0x04041000, - 0x00001010, 0x04001000, 0x04001000, 0x00000000, - 0x00040010, 0x00041000, 0x00000000, 0x04040010 - }, -/* Box S2 */ { - 0x00420082, 0x00020002, 0x00020000, 0x00420080, - 0x00400000, 0x00000080, 0x00400082, 0x00020082, - 0x00000082, 0x00420082, 0x00420002, 0x00000002, - 0x00020002, 0x00400000, 0x00000080, 0x00400082, - 0x00420000, 0x00400080, 0x00020082, 0x00000000, - 0x00000002, 0x00020000, 0x00420080, 0x00400002, - 0x00400080, 0x00000082, 0x00000000, 0x00420000, - 0x00020080, 0x00420002, 0x00400002, 0x00020080, - 0x00000000, 0x00420080, 0x00400082, 0x00400000, - 0x00020082, 0x00400002, 0x00420002, 0x00020000, - 0x00400002, 0x00020002, 0x00000080, 0x00420082, - 0x00420080, 0x00000080, 0x00020000, 0x00000002, - 0x00020080, 0x00420002, 0x00400000, 0x00000082, - 0x00400080, 0x00020082, 0x00000082, 0x00400080, - 0x00420000, 0x00000000, 0x00020002, 0x00020080, - 0x00000002, 0x00400082, 0x00420082, 0x00420000 - }, -/* Box S3 */ { - 0x00000820, 0x20080800, 0x00000000, 0x20080020, - 0x20000800, 0x00000000, 0x00080820, 0x20000800, - 0x00080020, 0x20000020, 0x20000020, 0x00080000, - 0x20080820, 0x00080020, 0x20080000, 0x00000820, - 0x20000000, 0x00000020, 0x20080800, 0x00000800, - 0x00080800, 0x20080000, 0x20080020, 0x00080820, - 0x20000820, 0x00080800, 0x00080000, 0x20000820, - 0x00000020, 0x20080820, 0x00000800, 0x20000000, - 0x20080800, 0x20000000, 0x00080020, 0x00000820, - 0x00080000, 0x20080800, 0x20000800, 0x00000000, - 0x00000800, 0x00080020, 0x20080820, 0x20000800, - 0x20000020, 0x00000800, 0x00000000, 0x20080020, - 0x20000820, 0x00080000, 0x20000000, 0x20080820, - 0x00000020, 0x00080820, 0x00080800, 0x20000020, - 0x20080000, 0x20000820, 0x00000820, 0x20080000, - 0x00080820, 0x00000020, 0x20080020, 0x00080800 - }, -/* Box S4 */ { - 0x02008004, 0x00008204, 0x00008204, 0x00000200, - 0x02008200, 0x02000204, 0x02000004, 0x00008004, - 0x00000000, 0x02008000, 0x02008000, 0x02008204, - 0x00000204, 0x00000000, 0x02000200, 0x02000004, - 0x00000004, 0x00008000, 0x02000000, 0x02008004, - 0x00000200, 0x02000000, 0x00008004, 0x00008200, - 0x02000204, 0x00000004, 0x00008200, 0x02000200, - 0x00008000, 0x02008200, 0x02008204, 0x00000204, - 0x02000200, 0x02000004, 0x02008000, 0x02008204, - 0x00000204, 0x00000000, 0x00000000, 0x02008000, - 0x00008200, 0x02000200, 0x02000204, 0x00000004, - 0x02008004, 0x00008204, 0x00008204, 0x00000200, - 0x02008204, 0x00000204, 0x00000004, 0x00008000, - 0x02000004, 0x00008004, 0x02008200, 0x02000204, - 0x00008004, 0x00008200, 0x02000000, 0x02008004, - 0x00000200, 0x02000000, 0x00008000, 0x02008200 - }, -/* Box S5 */ { - 0x00000400, 0x08200400, 0x08200000, 0x08000401, - 0x00200000, 0x00000400, 0x00000001, 0x08200000, - 0x00200401, 0x00200000, 0x08000400, 0x00200401, - 0x08000401, 0x08200001, 0x00200400, 0x00000001, - 0x08000000, 0x00200001, 0x00200001, 0x00000000, - 0x00000401, 0x08200401, 0x08200401, 0x08000400, - 0x08200001, 0x00000401, 0x00000000, 0x08000001, - 0x08200400, 0x08000000, 0x08000001, 0x00200400, - 0x00200000, 0x08000401, 0x00000400, 0x08000000, - 0x00000001, 0x08200000, 0x08000401, 0x00200401, - 0x08000400, 0x00000001, 0x08200001, 0x08200400, - 0x00200401, 0x00000400, 0x08000000, 0x08200001, - 0x08200401, 0x00200400, 0x08000001, 0x08200401, - 0x08200000, 0x00000000, 0x00200001, 0x08000001, - 0x00200400, 0x08000400, 0x00000401, 0x00200000, - 0x00000000, 0x00200001, 0x08200400, 0x00000401 - }, -/* Box S6 */ { - 0x80000040, 0x81000000, 0x00010000, 0x81010040, - 0x81000000, 0x00000040, 0x81010040, 0x01000000, - 0x80010000, 0x01010040, 0x01000000, 0x80000040, - 0x01000040, 0x80010000, 0x80000000, 0x00010040, - 0x00000000, 0x01000040, 0x80010040, 0x00010000, - 0x01010000, 0x80010040, 0x00000040, 0x81000040, - 0x81000040, 0x00000000, 0x01010040, 0x81010000, - 0x00010040, 0x01010000, 0x81010000, 0x80000000, - 0x80010000, 0x00000040, 0x81000040, 0x01010000, - 0x81010040, 0x01000000, 0x00010040, 0x80000040, - 0x01000000, 0x80010000, 0x80000000, 0x00010040, - 0x80000040, 0x81010040, 0x01010000, 0x81000000, - 0x01010040, 0x81010000, 0x00000000, 0x81000040, - 0x00000040, 0x00010000, 0x81000000, 0x01010040, - 0x00010000, 0x01000040, 0x80010040, 0x00000000, - 0x81010000, 0x80000000, 0x01000040, 0x80010040 - }, -/* Box S7 */ { - 0x00800000, 0x10800008, 0x10002008, 0x00000000, - 0x00002000, 0x10002008, 0x00802008, 0x10802000, - 0x10802008, 0x00800000, 0x00000000, 0x10000008, - 0x00000008, 0x10000000, 0x10800008, 0x00002008, - 0x10002000, 0x00802008, 0x00800008, 0x10002000, - 0x10000008, 0x10800000, 0x10802000, 0x00800008, - 0x10800000, 0x00002000, 0x00002008, 0x10802008, - 0x00802000, 0x00000008, 0x10000000, 0x00802000, - 0x10000000, 0x00802000, 0x00800000, 0x10002008, - 0x10002008, 0x10800008, 0x10800008, 0x00000008, - 0x00800008, 0x10000000, 0x10002000, 0x00800000, - 0x10802000, 0x00002008, 0x00802008, 0x10802000, - 0x00002008, 0x10000008, 0x10802008, 0x10800000, - 0x00802000, 0x00000000, 0x00000008, 0x10802008, - 0x00000000, 0x00802008, 0x10800000, 0x00002000, - 0x10000008, 0x10002000, 0x00002000, 0x00800008 - }, -/* Box S8 */ { - 0x40004100, 0x00004000, 0x00100000, 0x40104100, - 0x40000000, 0x40004100, 0x00000100, 0x40000000, - 0x00100100, 0x40100000, 0x40104100, 0x00104000, - 0x40104000, 0x00104100, 0x00004000, 0x00000100, - 0x40100000, 0x40000100, 0x40004000, 0x00004100, - 0x00104000, 0x00100100, 0x40100100, 0x40104000, - 0x00004100, 0x00000000, 0x00000000, 0x40100100, - 0x40000100, 0x40004000, 0x00104100, 0x00100000, - 0x00104100, 0x00100000, 0x40104000, 0x00004000, - 0x00000100, 0x40100100, 0x00004000, 0x00104100, - 0x40004000, 0x00000100, 0x40000100, 0x40100000, - 0x40100100, 0x40000000, 0x00100000, 0x40004100, - 0x00000000, 0x40104100, 0x00100100, 0x40000100, - 0x40100000, 0x40004000, 0x40004100, 0x00000000, - 0x40104100, 0x00104000, 0x00104000, 0x00004100, - 0x00004100, 0x00100100, 0x40000000, 0x40104000 - } -}; - -static const HALF PC2[8][64] = { -/* table 0 */ { - 0x00000000, 0x00001000, 0x04000000, 0x04001000, - 0x00100000, 0x00101000, 0x04100000, 0x04101000, - 0x00008000, 0x00009000, 0x04008000, 0x04009000, - 0x00108000, 0x00109000, 0x04108000, 0x04109000, - 0x00000004, 0x00001004, 0x04000004, 0x04001004, - 0x00100004, 0x00101004, 0x04100004, 0x04101004, - 0x00008004, 0x00009004, 0x04008004, 0x04009004, - 0x00108004, 0x00109004, 0x04108004, 0x04109004, - 0x08000000, 0x08001000, 0x0c000000, 0x0c001000, - 0x08100000, 0x08101000, 0x0c100000, 0x0c101000, - 0x08008000, 0x08009000, 0x0c008000, 0x0c009000, - 0x08108000, 0x08109000, 0x0c108000, 0x0c109000, - 0x08000004, 0x08001004, 0x0c000004, 0x0c001004, - 0x08100004, 0x08101004, 0x0c100004, 0x0c101004, - 0x08008004, 0x08009004, 0x0c008004, 0x0c009004, - 0x08108004, 0x08109004, 0x0c108004, 0x0c109004 - }, -/* table 1 */ { - 0x00000000, 0x00002000, 0x80000000, 0x80002000, - 0x00000008, 0x00002008, 0x80000008, 0x80002008, - 0x00200000, 0x00202000, 0x80200000, 0x80202000, - 0x00200008, 0x00202008, 0x80200008, 0x80202008, - 0x20000000, 0x20002000, 0xa0000000, 0xa0002000, - 0x20000008, 0x20002008, 0xa0000008, 0xa0002008, - 0x20200000, 0x20202000, 0xa0200000, 0xa0202000, - 0x20200008, 0x20202008, 0xa0200008, 0xa0202008, - 0x00000400, 0x00002400, 0x80000400, 0x80002400, - 0x00000408, 0x00002408, 0x80000408, 0x80002408, - 0x00200400, 0x00202400, 0x80200400, 0x80202400, - 0x00200408, 0x00202408, 0x80200408, 0x80202408, - 0x20000400, 0x20002400, 0xa0000400, 0xa0002400, - 0x20000408, 0x20002408, 0xa0000408, 0xa0002408, - 0x20200400, 0x20202400, 0xa0200400, 0xa0202400, - 0x20200408, 0x20202408, 0xa0200408, 0xa0202408 - }, -/* table 2 */ { - 0x00000000, 0x00004000, 0x00000020, 0x00004020, - 0x00080000, 0x00084000, 0x00080020, 0x00084020, - 0x00000800, 0x00004800, 0x00000820, 0x00004820, - 0x00080800, 0x00084800, 0x00080820, 0x00084820, - 0x00000010, 0x00004010, 0x00000030, 0x00004030, - 0x00080010, 0x00084010, 0x00080030, 0x00084030, - 0x00000810, 0x00004810, 0x00000830, 0x00004830, - 0x00080810, 0x00084810, 0x00080830, 0x00084830, - 0x00400000, 0x00404000, 0x00400020, 0x00404020, - 0x00480000, 0x00484000, 0x00480020, 0x00484020, - 0x00400800, 0x00404800, 0x00400820, 0x00404820, - 0x00480800, 0x00484800, 0x00480820, 0x00484820, - 0x00400010, 0x00404010, 0x00400030, 0x00404030, - 0x00480010, 0x00484010, 0x00480030, 0x00484030, - 0x00400810, 0x00404810, 0x00400830, 0x00404830, - 0x00480810, 0x00484810, 0x00480830, 0x00484830 - }, -/* table 3 */ { - 0x00000000, 0x40000000, 0x00000080, 0x40000080, - 0x00040000, 0x40040000, 0x00040080, 0x40040080, - 0x00000040, 0x40000040, 0x000000c0, 0x400000c0, - 0x00040040, 0x40040040, 0x000400c0, 0x400400c0, - 0x10000000, 0x50000000, 0x10000080, 0x50000080, - 0x10040000, 0x50040000, 0x10040080, 0x50040080, - 0x10000040, 0x50000040, 0x100000c0, 0x500000c0, - 0x10040040, 0x50040040, 0x100400c0, 0x500400c0, - 0x00800000, 0x40800000, 0x00800080, 0x40800080, - 0x00840000, 0x40840000, 0x00840080, 0x40840080, - 0x00800040, 0x40800040, 0x008000c0, 0x408000c0, - 0x00840040, 0x40840040, 0x008400c0, 0x408400c0, - 0x10800000, 0x50800000, 0x10800080, 0x50800080, - 0x10840000, 0x50840000, 0x10840080, 0x50840080, - 0x10800040, 0x50800040, 0x108000c0, 0x508000c0, - 0x10840040, 0x50840040, 0x108400c0, 0x508400c0 - }, -/* table 4 */ { - 0x00000000, 0x00000008, 0x08000000, 0x08000008, - 0x00040000, 0x00040008, 0x08040000, 0x08040008, - 0x00002000, 0x00002008, 0x08002000, 0x08002008, - 0x00042000, 0x00042008, 0x08042000, 0x08042008, - 0x80000000, 0x80000008, 0x88000000, 0x88000008, - 0x80040000, 0x80040008, 0x88040000, 0x88040008, - 0x80002000, 0x80002008, 0x88002000, 0x88002008, - 0x80042000, 0x80042008, 0x88042000, 0x88042008, - 0x00080000, 0x00080008, 0x08080000, 0x08080008, - 0x000c0000, 0x000c0008, 0x080c0000, 0x080c0008, - 0x00082000, 0x00082008, 0x08082000, 0x08082008, - 0x000c2000, 0x000c2008, 0x080c2000, 0x080c2008, - 0x80080000, 0x80080008, 0x88080000, 0x88080008, - 0x800c0000, 0x800c0008, 0x880c0000, 0x880c0008, - 0x80082000, 0x80082008, 0x88082000, 0x88082008, - 0x800c2000, 0x800c2008, 0x880c2000, 0x880c2008 - }, -/* table 5 */ { - 0x00000000, 0x00400000, 0x00008000, 0x00408000, - 0x40000000, 0x40400000, 0x40008000, 0x40408000, - 0x00000020, 0x00400020, 0x00008020, 0x00408020, - 0x40000020, 0x40400020, 0x40008020, 0x40408020, - 0x00001000, 0x00401000, 0x00009000, 0x00409000, - 0x40001000, 0x40401000, 0x40009000, 0x40409000, - 0x00001020, 0x00401020, 0x00009020, 0x00409020, - 0x40001020, 0x40401020, 0x40009020, 0x40409020, - 0x00100000, 0x00500000, 0x00108000, 0x00508000, - 0x40100000, 0x40500000, 0x40108000, 0x40508000, - 0x00100020, 0x00500020, 0x00108020, 0x00508020, - 0x40100020, 0x40500020, 0x40108020, 0x40508020, - 0x00101000, 0x00501000, 0x00109000, 0x00509000, - 0x40101000, 0x40501000, 0x40109000, 0x40509000, - 0x00101020, 0x00501020, 0x00109020, 0x00509020, - 0x40101020, 0x40501020, 0x40109020, 0x40509020 - }, -/* table 6 */ { - 0x00000000, 0x00000040, 0x04000000, 0x04000040, - 0x00000800, 0x00000840, 0x04000800, 0x04000840, - 0x00800000, 0x00800040, 0x04800000, 0x04800040, - 0x00800800, 0x00800840, 0x04800800, 0x04800840, - 0x10000000, 0x10000040, 0x14000000, 0x14000040, - 0x10000800, 0x10000840, 0x14000800, 0x14000840, - 0x10800000, 0x10800040, 0x14800000, 0x14800040, - 0x10800800, 0x10800840, 0x14800800, 0x14800840, - 0x00000080, 0x000000c0, 0x04000080, 0x040000c0, - 0x00000880, 0x000008c0, 0x04000880, 0x040008c0, - 0x00800080, 0x008000c0, 0x04800080, 0x048000c0, - 0x00800880, 0x008008c0, 0x04800880, 0x048008c0, - 0x10000080, 0x100000c0, 0x14000080, 0x140000c0, - 0x10000880, 0x100008c0, 0x14000880, 0x140008c0, - 0x10800080, 0x108000c0, 0x14800080, 0x148000c0, - 0x10800880, 0x108008c0, 0x14800880, 0x148008c0 - }, -/* table 7 */ { - 0x00000000, 0x00000010, 0x00000400, 0x00000410, - 0x00000004, 0x00000014, 0x00000404, 0x00000414, - 0x00004000, 0x00004010, 0x00004400, 0x00004410, - 0x00004004, 0x00004014, 0x00004404, 0x00004414, - 0x20000000, 0x20000010, 0x20000400, 0x20000410, - 0x20000004, 0x20000014, 0x20000404, 0x20000414, - 0x20004000, 0x20004010, 0x20004400, 0x20004410, - 0x20004004, 0x20004014, 0x20004404, 0x20004414, - 0x00200000, 0x00200010, 0x00200400, 0x00200410, - 0x00200004, 0x00200014, 0x00200404, 0x00200414, - 0x00204000, 0x00204010, 0x00204400, 0x00204410, - 0x00204004, 0x00204014, 0x00204404, 0x00204414, - 0x20200000, 0x20200010, 0x20200400, 0x20200410, - 0x20200004, 0x20200014, 0x20200404, 0x20200414, - 0x20204000, 0x20204010, 0x20204400, 0x20204410, - 0x20204004, 0x20204014, 0x20204404, 0x20204414 - } -}; - -/* - * The PC-1 Permutation - * If we number the bits of the 8 bytes of key input like this (in octal): - * 00 01 02 03 04 05 06 07 - * 10 11 12 13 14 15 16 17 - * 20 21 22 23 24 25 26 27 - * 30 31 32 33 34 35 36 37 - * 40 41 42 43 44 45 46 47 - * 50 51 52 53 54 55 56 57 - * 60 61 62 63 64 65 66 67 - * 70 71 72 73 74 75 76 77 - * then after the PC-1 permutation, - * C0 is - * 70 60 50 40 30 20 10 00 - * 71 61 51 41 31 21 11 01 - * 72 62 52 42 32 22 12 02 - * 73 63 53 43 - * D0 is - * 76 66 56 46 36 26 16 06 - * 75 65 55 45 35 25 15 05 - * 74 64 54 44 34 24 14 04 - * 33 23 13 03 - * and these parity bits have been discarded: - * 77 67 57 47 37 27 17 07 - * - * We achieve this by flipping the input matrix about the diagonal from 70-07, - * getting left = - * 77 67 57 47 37 27 17 07 (these are the parity bits) - * 76 66 56 46 36 26 16 06 - * 75 65 55 45 35 25 15 05 - * 74 64 54 44 34 24 14 04 - * right = - * 73 63 53 43 33 23 13 03 - * 72 62 52 42 32 22 12 02 - * 71 61 51 41 31 21 11 01 - * 70 60 50 40 30 20 10 00 - * then byte swap right, ala htonl() on a little endian machine. - * right = - * 70 60 50 40 30 20 10 00 - * 71 67 57 47 37 27 11 07 - * 72 62 52 42 32 22 12 02 - * 73 63 53 43 33 23 13 03 - * then - * c0 = right >> 4; - * d0 = ((left & 0x00ffffff) << 4) | (right & 0xf); -*/ - -#define FLIP_RIGHT_DIAGONAL(word, temp) \ - temp = (word ^ (word >> 18)) & 0x00003333; \ - word ^= temp | (temp << 18); \ - temp = (word ^ (word >> 9)) & 0x00550055; \ - word ^= temp | (temp << 9); - -#define BYTESWAP(word, temp) \ - word = (word >> 16) | (word << 16); \ - temp = 0x00ff00ff; \ - word = ((word & temp) << 8) | ((word >> 8) & temp); - -#define PC1(left, right, c0, d0, temp) \ - right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \ - left ^= temp << 4; \ - FLIP_RIGHT_DIAGONAL(left, temp); \ - FLIP_RIGHT_DIAGONAL(right, temp); \ - BYTESWAP(right, temp); \ - c0 = right >> 4; \ - d0 = ((left & 0x00ffffff) << 4) | (right & 0xf); - -#define LEFT_SHIFT_1( reg ) (((reg << 1) | (reg >> 27)) & 0x0FFFFFFF) -#define LEFT_SHIFT_2( reg ) (((reg << 2) | (reg >> 26)) & 0x0FFFFFFF) - -/* - * setup key schedules from key - */ - -void -DES_MakeSchedule( HALF * ks, const BYTE * key, DESDirection direction) -{ - register HALF left, right; - register HALF c0, d0; - register HALF temp; - int delta; - unsigned int ls; - -#if defined(_X86_) - left = HALFPTR(key)[0]; - right = HALFPTR(key)[1]; - BYTESWAP(left, temp); - BYTESWAP(right, temp); -#else - if (((ptrdiff_t)key & 0x03) == 0) { - left = HALFPTR(key)[0]; - right = HALFPTR(key)[1]; -#if defined(IS_LITTLE_ENDIAN) - BYTESWAP(left, temp); - BYTESWAP(right, temp); -#endif - } else { - left = ((HALF)key[0] << 24) | ((HALF)key[1] << 16) | - ((HALF)key[2] << 8) | key[3]; - right = ((HALF)key[4] << 24) | ((HALF)key[5] << 16) | - ((HALF)key[6] << 8) | key[7]; - } -#endif - - PC1(left, right, c0, d0, temp); - - if (direction == DES_ENCRYPT) { - delta = 2 * (int)sizeof(HALF); - } else { - ks += 30; - delta = (-2) * (int)sizeof(HALF); - } - - for (ls = 0x8103; ls; ls >>= 1) { - if ( ls & 1 ) { - c0 = LEFT_SHIFT_1( c0 ); - d0 = LEFT_SHIFT_1( d0 ); - } else { - c0 = LEFT_SHIFT_2( c0 ); - d0 = LEFT_SHIFT_2( d0 ); - } - -#ifdef USE_INDEXING -#define PC2LOOKUP(b,c) PC2[b][c] - - left = PC2LOOKUP(0, ((c0 >> 22) & 0x3F) ); - left |= PC2LOOKUP(1, ((c0 >> 13) & 0x3F) ); - left |= PC2LOOKUP(2, ((c0 >> 4) & 0x38) | (c0 & 0x7) ); - left |= PC2LOOKUP(3, ((c0>>18)&0xC) | ((c0>>11)&0x3) | (c0&0x30)); - - right = PC2LOOKUP(4, ((d0 >> 22) & 0x3F) ); - right |= PC2LOOKUP(5, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf) ); - right |= PC2LOOKUP(6, ((d0 >> 7) & 0x3F) ); - right |= PC2LOOKUP(7, ((d0 >> 1) & 0x3C) | (d0 & 0x3)); -#else -#define PC2LOOKUP(b,c) *(HALF *)((BYTE *)&PC2[b][0]+(c)) - - left = PC2LOOKUP(0, ((c0 >> 20) & 0xFC) ); - left |= PC2LOOKUP(1, ((c0 >> 11) & 0xFC) ); - left |= PC2LOOKUP(2, ((c0 >> 2) & 0xE0) | ((c0 << 2) & 0x1C) ); - left |= PC2LOOKUP(3, ((c0>>16)&0x30)|((c0>>9)&0xC)|((c0<<2)&0xC0)); - - right = PC2LOOKUP(4, ((d0 >> 20) & 0xFC) ); - right |= PC2LOOKUP(5, ((d0 >> 13) & 0xC0) | ((d0 >> 12) & 0x3C) ); - right |= PC2LOOKUP(6, ((d0 >> 5) & 0xFC) ); - right |= PC2LOOKUP(7, ((d0 << 1) & 0xF0) | ((d0 << 2) & 0x0C)); -#endif - /* left contains key bits for S1 S3 S2 S4 */ - /* right contains key bits for S6 S8 S5 S7 */ - temp = (left << 16) /* S2 S4 XX XX */ - | (right >> 16); /* XX XX S6 S8 */ - ks[0] = temp; - - temp = (left & 0xffff0000) /* S1 S3 XX XX */ - | (right & 0x0000ffff);/* XX XX S5 S7 */ - ks[1] = temp; - - ks = (HALF*)((BYTE *)ks + delta); - } -} - -/* - * The DES Initial Permutation - * if we number the bits of the 8 bytes of input like this (in octal): - * 00 01 02 03 04 05 06 07 - * 10 11 12 13 14 15 16 17 - * 20 21 22 23 24 25 26 27 - * 30 31 32 33 34 35 36 37 - * 40 41 42 43 44 45 46 47 - * 50 51 52 53 54 55 56 57 - * 60 61 62 63 64 65 66 67 - * 70 71 72 73 74 75 76 77 - * then after the initial permutation, they will be in this order. - * 71 61 51 41 31 21 11 01 - * 73 63 53 43 33 23 13 03 - * 75 65 55 45 35 25 15 05 - * 77 67 57 47 37 27 17 07 - * 70 60 50 40 30 20 10 00 - * 72 62 52 42 32 22 12 02 - * 74 64 54 44 34 24 14 04 - * 76 66 56 46 36 26 16 06 - * - * One way to do this is in two steps: - * 1. Flip this matrix about the diagonal from 70-07 as done for PC1. - * 2. Rearrange the bytes (rows in the matrix above) with the following code. - * - * #define swapHiLo(word, temp) \ - * temp = (word ^ (word >> 24)) & 0x000000ff; \ - * word ^= temp | (temp << 24); - * - * right ^= temp = ((left << 8) ^ right) & 0xff00ff00; - * left ^= temp >> 8; - * swapHiLo(left, temp); - * swapHiLo(right,temp); - * - * However, the two steps can be combined, so that the rows are rearranged - * while the matrix is being flipped, reducing the number of bit exchange - * operations from 8 ot 5. - * - * Initial Permutation */ -#define IP(left, right, temp) \ - right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \ - left ^= temp << 4; \ - right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \ - left ^= temp << 16; \ - right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \ - left ^= temp >> 2; \ - right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \ - left ^= temp >> 8; \ - right ^= temp = ((left >> 1) ^ right) & 0x55555555; \ - left ^= temp << 1; - -/* The Final (Inverse Initial) permutation is done by reversing the -** steps of the Initital Permutation -*/ - -#define FP(left, right, temp) \ - right ^= temp = ((left >> 1) ^ right) & 0x55555555; \ - left ^= temp << 1; \ - right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \ - left ^= temp >> 8; \ - right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \ - left ^= temp >> 2; \ - right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \ - left ^= temp << 16; \ - right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \ - left ^= temp << 4; - -void -DES_Do1Block(HALF * ks, const BYTE * inbuf, BYTE * outbuf) -{ - register HALF left, right; - register HALF temp; - -#if defined(_X86_) - left = HALFPTR(inbuf)[0]; - right = HALFPTR(inbuf)[1]; - BYTESWAP(left, temp); - BYTESWAP(right, temp); -#else - if (((ptrdiff_t)inbuf & 0x03) == 0) { - left = HALFPTR(inbuf)[0]; - right = HALFPTR(inbuf)[1]; -#if defined(IS_LITTLE_ENDIAN) - BYTESWAP(left, temp); - BYTESWAP(right, temp); -#endif - } else { - left = ((HALF)inbuf[0] << 24) | ((HALF)inbuf[1] << 16) | - ((HALF)inbuf[2] << 8) | inbuf[3]; - right = ((HALF)inbuf[4] << 24) | ((HALF)inbuf[5] << 16) | - ((HALF)inbuf[6] << 8) | inbuf[7]; - } -#endif - - IP(left, right, temp); - - /* shift the values left circularly 3 bits. */ - left = (left << 3) | (left >> 29); - right = (right << 3) | (right >> 29); - -#ifdef USE_INDEXING -#define KSLOOKUP(s,b) SP[s][((temp >> (b+2)) & 0x3f)] -#else -#define KSLOOKUP(s,b) *(HALF*)((BYTE*)&SP[s][0]+((temp >> b) & 0xFC)) -#endif -#define ROUND(out, in, r) \ - temp = in ^ ks[2*r]; \ - out ^= KSLOOKUP( 1, 24 ); \ - out ^= KSLOOKUP( 3, 16 ); \ - out ^= KSLOOKUP( 5, 8 ); \ - out ^= KSLOOKUP( 7, 0 ); \ - temp = ((in >> 4) | (in << 28)) ^ ks[2*r+1]; \ - out ^= KSLOOKUP( 0, 24 ); \ - out ^= KSLOOKUP( 2, 16 ); \ - out ^= KSLOOKUP( 4, 8 ); \ - out ^= KSLOOKUP( 6, 0 ); - - /* Do the 16 Feistel rounds */ - ROUND(left, right, 0) - ROUND(right, left, 1) - ROUND(left, right, 2) - ROUND(right, left, 3) - ROUND(left, right, 4) - ROUND(right, left, 5) - ROUND(left, right, 6) - ROUND(right, left, 7) - ROUND(left, right, 8) - ROUND(right, left, 9) - ROUND(left, right, 10) - ROUND(right, left, 11) - ROUND(left, right, 12) - ROUND(right, left, 13) - ROUND(left, right, 14) - ROUND(right, left, 15) - - /* now shift circularly right 3 bits to undo the shifting done - ** above. switch left and right here. - */ - temp = (left >> 3) | (left << 29); - left = (right >> 3) | (right << 29); - right = temp; - - FP(left, right, temp); - -#if defined(_X86_) - BYTESWAP(left, temp); - BYTESWAP(right, temp); - HALFPTR(outbuf)[0] = left; - HALFPTR(outbuf)[1] = right; -#else - if (((ptrdiff_t)inbuf & 0x03) == 0) { -#if defined(IS_LITTLE_ENDIAN) - BYTESWAP(left, temp); - BYTESWAP(right, temp); -#endif - HALFPTR(outbuf)[0] = left; - HALFPTR(outbuf)[1] = right; - } else { - outbuf[0] = (BYTE)(left >> 24); - outbuf[1] = (BYTE)(left >> 16); - outbuf[2] = (BYTE)(left >> 8); - outbuf[3] = (BYTE)(left ); - - outbuf[4] = (BYTE)(right >> 24); - outbuf[5] = (BYTE)(right >> 16); - outbuf[6] = (BYTE)(right >> 8); - outbuf[7] = (BYTE)(right ); - } -#endif - -} - -/* Ackowledgements: -** Two ideas used in this implementation were shown to me by Dennis Ferguson -** in 1990. He credits them to Richard Outerbridge and Dan Hoey. They were: -** 1. The method of computing the Initial and Final permutations. -** 2. Circularly rotating the SP tables and the initial values of left and -** right to reduce the number of shifts required during the 16 rounds. -*/ diff --git a/security/nss/lib/freebl/des.h b/security/nss/lib/freebl/des.h deleted file mode 100644 index 10887132e..000000000 --- a/security/nss/lib/freebl/des.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * des.h - * - * header file for DES-150 library - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the DES-150 library. - * - * The Initial Developer of the Original Code is Nelson B. Bolyard, - * nelsonb@iname.com. Portions created by Nelson B. Bolyard are - * Copyright (C) 1990, 2000 Nelson B. Bolyard, All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - */ - -#ifndef _DES_H_ -#define _DES_H_ 1 - -#include "blapi.h" - -typedef unsigned char BYTE; -typedef unsigned int HALF; - -#define HALFPTR(x) ((HALF *)(x)) -#define SHORTPTR(x) ((unsigned short *)(x)) -#define BYTEPTR(x) ((BYTE *)(x)) - -typedef enum { - DES_ENCRYPT = 0x5555, - DES_DECRYPT = 0xAAAA -} DESDirection; - -typedef void DESFunc(struct DESContextStr *cx, BYTE *out, const BYTE *in, - unsigned int len); - -struct DESContextStr { - /* key schedule, 16 internal keys, each with 8 6-bit parts */ - HALF ks0 [32]; - HALF ks1 [32]; - HALF ks2 [32]; - HALF iv [2]; - DESDirection direction; - DESFunc *worker; -}; - -void DES_MakeSchedule( HALF * ks, const BYTE * key, DESDirection direction); -void DES_Do1Block( HALF * ks, const BYTE * inbuf, BYTE * outbuf); - -#endif diff --git a/security/nss/lib/freebl/desblapi.c b/security/nss/lib/freebl/desblapi.c deleted file mode 100644 index 7f8d8ac14..000000000 --- a/security/nss/lib/freebl/desblapi.c +++ /dev/null @@ -1,275 +0,0 @@ -/* - * desblapi.c - * - * core source file for DES-150 library - * Implement DES Modes of Operation and Triple-DES. - * Adapt DES-150 to blapi API. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the DES-150 library. - * - * The Initial Developer of the Original Code is Nelson B. Bolyard, - * nelsonb@iname.com. Portions created by Nelson B. Bolyard are - * Copyright (C) 1990, 2000 Nelson B. Bolyard, All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - */ - -#include "des.h" -#include -#include "secerr.h" - -#if defined(_X86_) -/* Intel X86 CPUs do unaligned loads and stores without complaint. */ -#define COPY8B(to, from, ptr) \ - HALFPTR(to)[0] = HALFPTR(from)[0]; \ - HALFPTR(to)[1] = HALFPTR(from)[1]; -#elif defined(USE_MEMCPY) -#define COPY8B(to, from, ptr) memcpy(to, from, 8) -#else -#define COPY8B(to, from, ptr) \ - if (((ptrdiff_t)(ptr) & 0x3) == 0) { \ - HALFPTR(to)[0] = HALFPTR(from)[0]; \ - HALFPTR(to)[1] = HALFPTR(from)[1]; \ - } else if (((ptrdiff_t)(ptr) & 0x1) == 0) { \ - SHORTPTR(to)[0] = SHORTPTR(from)[0]; \ - SHORTPTR(to)[1] = SHORTPTR(from)[1]; \ - SHORTPTR(to)[2] = SHORTPTR(from)[2]; \ - SHORTPTR(to)[3] = SHORTPTR(from)[3]; \ - } else { \ - BYTEPTR(to)[0] = BYTEPTR(from)[0]; \ - BYTEPTR(to)[1] = BYTEPTR(from)[1]; \ - BYTEPTR(to)[2] = BYTEPTR(from)[2]; \ - BYTEPTR(to)[3] = BYTEPTR(from)[3]; \ - BYTEPTR(to)[4] = BYTEPTR(from)[4]; \ - BYTEPTR(to)[5] = BYTEPTR(from)[5]; \ - BYTEPTR(to)[6] = BYTEPTR(from)[6]; \ - BYTEPTR(to)[7] = BYTEPTR(from)[7]; \ - } -#endif -#define COPY8BTOHALF(to, from) COPY8B(to, from, from) -#define COPY8BFROMHALF(to, from) COPY8B(to, from, to) - -static void -DES_ECB(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len) -{ - while (len) { - DES_Do1Block(cx->ks0, in, out); - len -= 8; - in += 8; - out += 8; - } -} - -static void -DES_EDE3_ECB(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len) -{ - while (len) { - DES_Do1Block(cx->ks0, in, out); - len -= 8; - in += 8; - DES_Do1Block(cx->ks1, out, out); - DES_Do1Block(cx->ks2, out, out); - out += 8; - } -} - -static void -DES_CBCEn(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len) -{ - const BYTE * bufend = in + len; - HALF vec[2]; - - while (in != bufend) { - COPY8BTOHALF(vec, in); - in += 8; - vec[0] ^= cx->iv[0]; - vec[1] ^= cx->iv[1]; - DES_Do1Block( cx->ks0, (BYTE *)vec, (BYTE *)cx->iv); - COPY8BFROMHALF(out, cx->iv); - out += 8; - } -} - -static void -DES_CBCDe(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len) -{ - const BYTE * bufend; - HALF oldciphertext[2]; - HALF plaintext [2]; - - for (bufend = in + len; in != bufend; ) { - oldciphertext[0] = cx->iv[0]; - oldciphertext[1] = cx->iv[1]; - COPY8BTOHALF(cx->iv, in); - in += 8; - DES_Do1Block(cx->ks0, (BYTE *)cx->iv, (BYTE *)plaintext); - plaintext[0] ^= oldciphertext[0]; - plaintext[1] ^= oldciphertext[1]; - COPY8BFROMHALF(out, plaintext); - out += 8; - } -} - -static void -DES_EDE3CBCEn(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len) -{ - const BYTE * bufend = in + len; - HALF vec[2]; - - while (in != bufend) { - COPY8BTOHALF(vec, in); - in += 8; - vec[0] ^= cx->iv[0]; - vec[1] ^= cx->iv[1]; - DES_Do1Block( cx->ks0, (BYTE *)vec, (BYTE *)cx->iv); - DES_Do1Block( cx->ks1, (BYTE *)cx->iv, (BYTE *)cx->iv); - DES_Do1Block( cx->ks2, (BYTE *)cx->iv, (BYTE *)cx->iv); - COPY8BFROMHALF(out, cx->iv); - out += 8; - } -} - -static void -DES_EDE3CBCDe(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len) -{ - const BYTE * bufend; - HALF oldciphertext[2]; - HALF plaintext [2]; - - for (bufend = in + len; in != bufend; ) { - oldciphertext[0] = cx->iv[0]; - oldciphertext[1] = cx->iv[1]; - COPY8BTOHALF(cx->iv, in); - in += 8; - DES_Do1Block(cx->ks0, (BYTE *)cx->iv, (BYTE *)plaintext); - DES_Do1Block(cx->ks1, (BYTE *)plaintext, (BYTE *)plaintext); - DES_Do1Block(cx->ks2, (BYTE *)plaintext, (BYTE *)plaintext); - plaintext[0] ^= oldciphertext[0]; - plaintext[1] ^= oldciphertext[1]; - COPY8BFROMHALF(out, plaintext); - out += 8; - } -} - -DESContext * -DES_CreateContext(const BYTE * key, const BYTE *iv, int mode, PRBool encrypt) -{ - DESContext *cx = PORT_ZNew(DESContext); - DESDirection opposite; - if (!cx) - return 0; - cx->direction = encrypt ? DES_ENCRYPT : DES_DECRYPT; - opposite = encrypt ? DES_DECRYPT : DES_ENCRYPT; - switch (mode) { - case NSS_DES: /* DES ECB */ - DES_MakeSchedule( cx->ks0, key, cx->direction); - cx->worker = &DES_ECB; - break; - - case NSS_DES_EDE3: /* DES EDE ECB */ - cx->worker = &DES_EDE3_ECB; - if (encrypt) { - DES_MakeSchedule(cx->ks0, key, cx->direction); - DES_MakeSchedule(cx->ks1, key + 8, opposite); - DES_MakeSchedule(cx->ks2, key + 16, cx->direction); - } else { - DES_MakeSchedule(cx->ks2, key, cx->direction); - DES_MakeSchedule(cx->ks1, key + 8, opposite); - DES_MakeSchedule(cx->ks0, key + 16, cx->direction); - } - break; - - case NSS_DES_CBC: /* DES CBC */ - COPY8BTOHALF(cx->iv, iv); - cx->worker = encrypt ? &DES_CBCEn : &DES_CBCDe; - DES_MakeSchedule(cx->ks0, key, cx->direction); - break; - - case NSS_DES_EDE3_CBC: /* DES EDE CBC */ - COPY8BTOHALF(cx->iv, iv); - if (encrypt) { - cx->worker = &DES_EDE3CBCEn; - DES_MakeSchedule(cx->ks0, key, cx->direction); - DES_MakeSchedule(cx->ks1, key + 8, opposite); - DES_MakeSchedule(cx->ks2, key + 16, cx->direction); - } else { - cx->worker = &DES_EDE3CBCDe; - DES_MakeSchedule(cx->ks2, key, cx->direction); - DES_MakeSchedule(cx->ks1, key + 8, opposite); - DES_MakeSchedule(cx->ks0, key + 16, cx->direction); - } - break; - - default: - PORT_Free(cx); - cx = 0; - PORT_SetError(SEC_ERROR_INVALID_ARGS); - break; - } - return cx; -} - -void -DES_DestroyContext(DESContext *cx, PRBool freeit) -{ - if (cx) { - memset(cx, 0, sizeof *cx); - if (freeit) - PORT_Free(cx); - } -} - -SECStatus -DES_Encrypt(DESContext *cx, BYTE *out, unsigned int *outLen, - unsigned int maxOutLen, const BYTE *in, unsigned int inLen) -{ - - if (inLen < 0 || (inLen % 8) != 0 || maxOutLen < inLen || !cx || - cx->direction != DES_ENCRYPT) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - cx->worker(cx, out, in, inLen); - if (outLen) - *outLen = inLen; - return SECSuccess; -} - -SECStatus -DES_Decrypt(DESContext *cx, BYTE *out, unsigned int *outLen, - unsigned int maxOutLen, const BYTE *in, unsigned int inLen) -{ - - if (inLen < 0 || (inLen % 8) != 0 || maxOutLen < inLen || !cx || - cx->direction != DES_DECRYPT) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - cx->worker(cx, out, in, inLen); - if (outLen) - *outLen = inLen; - return SECSuccess; -} diff --git a/security/nss/lib/freebl/dh.c b/security/nss/lib/freebl/dh.c deleted file mode 100644 index 6c369b6dd..000000000 --- a/security/nss/lib/freebl/dh.c +++ /dev/null @@ -1,385 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * Diffie-Hellman parameter generation, key generation, and secret derivation. - * KEA secret generation and verification. - * - * $Id$ - */ - -#include "prerr.h" -#include "secerr.h" - -#include "blapi.h" -#include "secitem.h" -#include "mpi.h" -#include "mpprime.h" -#include "secmpi.h" - -#define DH_SECRET_KEY_LEN 20 -#define KEA_DERIVED_SECRET_LEN 128 - -SECStatus -DH_GenParam(int primeLen, DHParams **params) -{ - PRArenaPool *arena; - DHParams *dhparams; - unsigned char *pb = NULL; - unsigned char *ab = NULL; - unsigned long counter = 0; - mp_int p, q, a, h, psub1, test; - mp_err err = MP_OKAY; - SECStatus rv = SECSuccess; - if (!params || primeLen < 0) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE); - if (!arena) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return SECFailure; - } - dhparams = (DHParams *)PORT_ArenaZAlloc(arena, sizeof(DHParams)); - if (!dhparams) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - PORT_FreeArena(arena, PR_TRUE); - return SECFailure; - } - dhparams->arena = arena; - MP_DIGITS(&p) = 0; - MP_DIGITS(&q) = 0; - MP_DIGITS(&a) = 0; - MP_DIGITS(&h) = 0; - MP_DIGITS(&psub1) = 0; - MP_DIGITS(&test) = 0; - CHECK_MPI_OK( mp_init(&p) ); - CHECK_MPI_OK( mp_init(&q) ); - CHECK_MPI_OK( mp_init(&a) ); - CHECK_MPI_OK( mp_init(&h) ); - CHECK_MPI_OK( mp_init(&psub1) ); - CHECK_MPI_OK( mp_init(&test) ); - /* generate prime with MPI, uses Miller-Rabin to generate strong prime. */ - pb = PORT_Alloc(primeLen); - CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(pb, primeLen) ); - pb[0] |= 0x80; /* set high-order bit */ - pb[primeLen-1] |= 0x01; /* set low-order bit */ - CHECK_MPI_OK( mp_read_unsigned_octets(&p, pb, primeLen) ); - CHECK_MPI_OK( mpp_make_prime(&p, primeLen * 8, PR_TRUE, &counter) ); - /* construct Sophie-Germain prime q = (p-1)/2. */ - CHECK_MPI_OK( mp_sub_d(&p, 1, &psub1) ); - CHECK_MPI_OK( mp_div_2(&psub1, &q) ); - /* construct a generator from the prime. */ - ab = PORT_Alloc(primeLen); - /* generate a candidate number a in p's field */ - CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(ab, primeLen) ); - CHECK_MPI_OK( mp_read_unsigned_octets(&a, ab, primeLen) ); - /* force a < p (note that quot(a/p) <= 1) */ - if ( mp_cmp(&a, &p) > 0 ) - CHECK_MPI_OK( mp_sub(&a, &p, &a) ); - do { - /* check that a is in the range [2..p-1] */ - if ( mp_cmp_d(&a, 2) < 0 || mp_cmp(&a, &psub1) >= 0) { - /* a is outside of the allowed range. Set a=3 and keep going. */ - mp_set(&a, 3); - } - /* if a**q mod p != 1 then a is a generator */ - CHECK_MPI_OK( mp_exptmod(&a, &q, &p, &test) ); - if ( mp_cmp_d(&test, 1) != 0 ) - break; - /* increment the candidate and try again. */ - CHECK_MPI_OK( mp_add_d(&a, 1, &a) ); - } while (PR_TRUE); - MPINT_TO_SECITEM(&p, &dhparams->prime, arena); - MPINT_TO_SECITEM(&a, &dhparams->base, arena); - *params = dhparams; -cleanup: - mp_clear(&p); - mp_clear(&q); - mp_clear(&a); - mp_clear(&h); - mp_clear(&psub1); - mp_clear(&test); - if (pb) PORT_ZFree(pb, primeLen); - if (ab) PORT_ZFree(ab, primeLen); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - if (rv) - PORT_FreeArena(arena, PR_TRUE); - return rv; -} - -SECStatus -DH_NewKey(DHParams *params, DHPrivateKey **privKey) -{ - PRArenaPool *arena; - DHPrivateKey *key; - mp_int g, xa, p, Ya; - mp_err err = MP_OKAY; - SECStatus rv = SECSuccess; - if (!params || !privKey) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE); - if (!arena) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return SECFailure; - } - key = (DHPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DHPrivateKey)); - if (!key) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - PORT_FreeArena(arena, PR_TRUE); - return SECFailure; - } - key->arena = arena; - MP_DIGITS(&g) = 0; - MP_DIGITS(&xa) = 0; - MP_DIGITS(&p) = 0; - MP_DIGITS(&Ya) = 0; - CHECK_MPI_OK( mp_init(&g) ); - CHECK_MPI_OK( mp_init(&xa) ); - CHECK_MPI_OK( mp_init(&p) ); - CHECK_MPI_OK( mp_init(&Ya) ); - /* Set private key's p */ - CHECK_SEC_OK( SECITEM_CopyItem(arena, &key->prime, ¶ms->prime) ); - SECITEM_TO_MPINT(key->prime, &p); - /* Set private key's g */ - CHECK_SEC_OK( SECITEM_CopyItem(arena, &key->base, ¶ms->base) ); - SECITEM_TO_MPINT(key->base, &g); - /* Generate private key xa */ - SECITEM_AllocItem(arena, &key->privateValue, DH_SECRET_KEY_LEN); - RNG_GenerateGlobalRandomBytes(key->privateValue.data, - key->privateValue.len); - SECITEM_TO_MPINT( key->privateValue, &xa ); - /* xa < p */ - CHECK_MPI_OK( mp_mod(&xa, &p, &xa) ); - /* Compute public key Ya = g ** xa mod p */ - CHECK_MPI_OK( mp_exptmod(&g, &xa, &p, &Ya) ); - MPINT_TO_SECITEM(&Ya, &key->publicValue, key->arena); - *privKey = key; -cleanup: - mp_clear(&g); - mp_clear(&xa); - mp_clear(&p); - mp_clear(&Ya); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - if (rv) - PORT_FreeArena(arena, PR_TRUE); - return rv; -} - -SECStatus -DH_Derive(SECItem *publicValue, - SECItem *prime, - SECItem *privateValue, - SECItem *derivedSecret, - unsigned int maxOutBytes) -{ - mp_int p, Xa, Yb, ZZ; - mp_err err = MP_OKAY; - unsigned int len = 0, nb; - unsigned char *secret = NULL; - if (!publicValue || !prime || !privateValue || !derivedSecret) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - memset(derivedSecret, 0, sizeof *derivedSecret); - MP_DIGITS(&p) = 0; - MP_DIGITS(&Xa) = 0; - MP_DIGITS(&Yb) = 0; - MP_DIGITS(&ZZ) = 0; - CHECK_MPI_OK( mp_init(&p) ); - CHECK_MPI_OK( mp_init(&Xa) ); - CHECK_MPI_OK( mp_init(&Yb) ); - CHECK_MPI_OK( mp_init(&ZZ) ); - SECITEM_TO_MPINT(*publicValue, &Yb); - SECITEM_TO_MPINT(*privateValue, &Xa); - SECITEM_TO_MPINT(*prime, &p); - /* ZZ = (Yb)**Xa mod p */ - CHECK_MPI_OK( mp_exptmod(&Yb, &Xa, &p, &ZZ) ); - /* number of bytes in the derived secret */ - len = mp_unsigned_octet_size(&ZZ); - /* allocate a buffer which can hold the entire derived secret. */ - secret = PORT_Alloc(len); - /* grab the derived secret */ - err = mp_to_unsigned_octets(&ZZ, secret, len); - if (err >= 0) err = MP_OKAY; - /* Take minimum of bytes requested and bytes in derived secret, - ** if maxOutBytes is 0 take all of the bytes from the derived secret. - */ - if (maxOutBytes > 0) - nb = PR_MIN(len, maxOutBytes); - else - nb = len; - SECITEM_AllocItem(NULL, derivedSecret, nb); - memcpy(derivedSecret->data, secret, nb); -cleanup: - mp_clear(&p); - mp_clear(&Xa); - mp_clear(&Yb); - mp_clear(&ZZ); - if (secret) { - /* free the buffer allocated for the full secret. */ - PORT_ZFree(secret, len); - } - if (err) { - MP_TO_SEC_ERROR(err); - if (derivedSecret->data) - PORT_ZFree(derivedSecret->data, derivedSecret->len); - return SECFailure; - } - return SECSuccess; -} - -SECStatus -KEA_Derive(SECItem *prime, - SECItem *public1, - SECItem *public2, - SECItem *private1, - SECItem *private2, - SECItem *derivedSecret) -{ - mp_int p, Y, R, r, x, t, u, w; - mp_err err; - unsigned char *secret = NULL; - unsigned int len = 0, offset; - if (!prime || !public1 || !public2 || !private1 || !private2 || - !derivedSecret) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - memset(derivedSecret, 0, sizeof *derivedSecret); - MP_DIGITS(&p) = 0; - MP_DIGITS(&Y) = 0; - MP_DIGITS(&R) = 0; - MP_DIGITS(&r) = 0; - MP_DIGITS(&x) = 0; - MP_DIGITS(&t) = 0; - MP_DIGITS(&u) = 0; - MP_DIGITS(&w) = 0; - CHECK_MPI_OK( mp_init(&p) ); - CHECK_MPI_OK( mp_init(&Y) ); - CHECK_MPI_OK( mp_init(&R) ); - CHECK_MPI_OK( mp_init(&r) ); - CHECK_MPI_OK( mp_init(&x) ); - CHECK_MPI_OK( mp_init(&t) ); - CHECK_MPI_OK( mp_init(&u) ); - CHECK_MPI_OK( mp_init(&w) ); - SECITEM_TO_MPINT(*prime, &p); - SECITEM_TO_MPINT(*public1, &Y); - SECITEM_TO_MPINT(*public2, &R); - SECITEM_TO_MPINT(*private1, &r); - SECITEM_TO_MPINT(*private2, &x); - /* t = DH(Y, r, p) = Y ** r mod p */ - CHECK_MPI_OK( mp_exptmod(&Y, &r, &p, &t) ); - /* u = DH(R, x, p) = R ** x mod p */ - CHECK_MPI_OK( mp_exptmod(&R, &x, &p, &u) ); - /* w = (t + u) mod p */ - CHECK_MPI_OK( mp_addmod(&t, &u, &p, &w) ); - /* allocate a buffer for the full derived secret */ - len = mp_unsigned_octet_size(&w); - secret = PORT_Alloc(len); - /* grab the secret */ - err = mp_to_unsigned_octets(&w, secret, len); - if (err > 0) err = MP_OKAY; - /* allocate output buffer */ - SECITEM_AllocItem(NULL, derivedSecret, KEA_DERIVED_SECRET_LEN); - memset(derivedSecret->data, 0, derivedSecret->len); - /* copy in the 128 lsb of the secret */ - if (len >= KEA_DERIVED_SECRET_LEN) { - memcpy(derivedSecret->data, secret + (len - KEA_DERIVED_SECRET_LEN), - KEA_DERIVED_SECRET_LEN); - } else { - offset = KEA_DERIVED_SECRET_LEN - len; - memcpy(derivedSecret->data + offset, secret, len); - } -cleanup: - mp_clear(&p); - mp_clear(&Y); - mp_clear(&R); - mp_clear(&r); - mp_clear(&x); - mp_clear(&t); - mp_clear(&u); - mp_clear(&w); - if (secret) - PORT_ZFree(secret, len); - if (err) { - MP_TO_SEC_ERROR(err); - return SECFailure; - } - return SECSuccess; -} - -PRBool -KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime) -{ - mp_int p, q, y, r; - mp_err err; - int cmp = 1; /* default is false */ - if (!Y || !prime || !subPrime) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - MP_DIGITS(&p) = 0; - MP_DIGITS(&q) = 0; - MP_DIGITS(&y) = 0; - MP_DIGITS(&r) = 0; - CHECK_MPI_OK( mp_init(&p) ); - CHECK_MPI_OK( mp_init(&q) ); - CHECK_MPI_OK( mp_init(&y) ); - CHECK_MPI_OK( mp_init(&r) ); - SECITEM_TO_MPINT(*prime, &p); - SECITEM_TO_MPINT(*subPrime, &q); - SECITEM_TO_MPINT(*Y, &y); - /* compute r = y**q mod p */ - CHECK_MPI_OK( mp_exptmod(&y, &q, &p, &r) ); - /* compare to 1 */ - cmp = mp_cmp_d(&r, 1); -cleanup: - mp_clear(&p); - mp_clear(&q); - mp_clear(&y); - mp_clear(&r); - if (err) { - MP_TO_SEC_ERROR(err); - return PR_FALSE; - } - return (cmp == 0) ? PR_TRUE : PR_FALSE; -} diff --git a/security/nss/lib/freebl/dsa.c b/security/nss/lib/freebl/dsa.c deleted file mode 100644 index 3f9267dd0..000000000 --- a/security/nss/lib/freebl/dsa.c +++ /dev/null @@ -1,420 +0,0 @@ -/* - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#include "secerr.h" - -#include "prtypes.h" -#include "prinit.h" -#include "blapi.h" -#include "nssilock.h" -#include "secitem.h" -#include "blapi.h" -#include "mpi.h" - - /* XXX to be replaced by define in blapit.h */ -#define NSS_FREEBL_DSA_DEFAULT_CHUNKSIZE 2048 - -#define CHECKOK(func) if (MP_OKAY > (err = func)) goto cleanup - -#define SECITEM_TO_MPINT(it, mp) \ - CHECKOK(mp_read_unsigned_octets((mp), (it).data, (it).len)) - -/* DSA-specific random number functions defined in prng_fips1861.c. */ -extern SECStatus -DSA_RandomUpdate(void *data, size_t bytes, unsigned char *q); - -extern SECStatus -DSA_GenerateGlobalRandomBytes(void *dest, size_t len, unsigned char *q); - -static void translate_mpi_error(mp_err err) -{ - switch (err) { - case MP_MEM: PORT_SetError(SEC_ERROR_NO_MEMORY); break; - case MP_RANGE: PORT_SetError(SEC_ERROR_BAD_DATA); break; - case MP_BADARG: PORT_SetError(SEC_ERROR_INVALID_ARGS); break; - default: PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); break; - } -} - -SECStatus -dsa_NewKey(const PQGParams *params, DSAPrivateKey **privKey, - const unsigned char *xb) -{ - unsigned int y_len; - mp_int p, g; - mp_int x, y; - mp_err err; - PRArenaPool *arena; - DSAPrivateKey *key; - /* Check args. */ - if (!params || !privKey) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - /* Initialize an arena for the DSA key. */ - arena = PORT_NewArena(NSS_FREEBL_DSA_DEFAULT_CHUNKSIZE); - if (!arena) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return SECFailure; - } - key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey)); - if (!key) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - PORT_FreeArena(arena, PR_TRUE); - return SECFailure; - } - key->params.arena = arena; - /* Initialize MPI integers. */ - MP_DIGITS(&p) = 0; - MP_DIGITS(&g) = 0; - MP_DIGITS(&x) = 0; - MP_DIGITS(&y) = 0; - CHECKOK( mp_init(&p) ); - CHECKOK( mp_init(&g) ); - CHECKOK( mp_init(&x) ); - CHECKOK( mp_init(&y) ); - /* Copy over the PQG params */ - CHECKOK( SECITEM_CopyItem(arena, &key->params.prime, ¶ms->prime) ); - CHECKOK( SECITEM_CopyItem(arena, &key->params.subPrime, ¶ms->subPrime)); - CHECKOK( SECITEM_CopyItem(arena, &key->params.base, ¶ms->base) ); - /* Convert stored p, g, and received x into MPI integers. */ - SECITEM_TO_MPINT(params->prime, &p); - SECITEM_TO_MPINT(params->base, &g); - CHECKOK( mp_read_unsigned_octets(&x, xb, DSA_SUBPRIME_LEN) ); - /* Store x in private key */ - SECITEM_AllocItem(arena, &key->privateValue, DSA_SUBPRIME_LEN); - memcpy(key->privateValue.data, xb, DSA_SUBPRIME_LEN); - /* Compute public key y = g**x mod p */ - CHECKOK( mp_exptmod(&g, &x, &p, &y) ); - /* Store y in public key */ - y_len = mp_unsigned_octet_size(&y); - SECITEM_AllocItem(arena, &key->publicValue, y_len); - err = mp_to_unsigned_octets(&y, key->publicValue.data, y_len); - /* mp_to_unsigned_octets returns bytes written (y_len) if okay */ - if (err < 0) goto cleanup; else err = MP_OKAY; - *privKey = key; - key = NULL; -cleanup: - mp_clear(&p); - mp_clear(&g); - mp_clear(&x); - mp_clear(&y); - if (key) - PORT_FreeArena(key->params.arena, PR_TRUE); - if (err) { - translate_mpi_error(err); - return SECFailure; - } - return SECSuccess; -} - -/* -** Generate and return a new DSA public and private key pair, -** both of which are encoded into a single DSAPrivateKey struct. -** "params" is a pointer to the PQG parameters for the domain -** Uses a random seed. -*/ -SECStatus -DSA_NewKey(const PQGParams *params, DSAPrivateKey **privKey) -{ - SECStatus rv; - unsigned char seed[DSA_SUBPRIME_LEN]; - /* Generate seed bytes for x according to FIPS 186-1 appendix 3 */ - if (DSA_GenerateGlobalRandomBytes(seed, DSA_SUBPRIME_LEN, - params->subPrime.data)) - return SECFailure; - /* Generate a new DSA key using random seed. */ - rv = dsa_NewKey(params, privKey, seed); - return rv; -} - -/* For FIPS compliance testing. Seed must be exactly 20 bytes long */ -SECStatus -DSA_NewKeyFromSeed(const PQGParams *params, - const unsigned char *seed, - DSAPrivateKey **privKey) -{ - SECStatus rv; - rv = dsa_NewKey(params, privKey, seed); - return rv; -} - -static SECStatus -dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest, - const unsigned char *kb) -{ - mp_int p, q, g; /* PQG parameters */ - mp_int x, k; /* private key & pseudo-random integer */ - mp_int r, s; /* tuple (r, s) is signature) */ - mp_err err = MP_OKAY; - SECStatus rv = SECSuccess; - - /* FIPS-compliance dictates that digest is a SHA1 hash. */ - /* Check args. */ - if (!key || !signature || !digest || - (signature->len != DSA_SIGNATURE_LEN) || - (digest->len != SHA1_LENGTH)) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - /* Initialize MPI integers. */ - MP_DIGITS(&p) = 0; - MP_DIGITS(&q) = 0; - MP_DIGITS(&g) = 0; - MP_DIGITS(&x) = 0; - MP_DIGITS(&k) = 0; - MP_DIGITS(&r) = 0; - MP_DIGITS(&s) = 0; - CHECKOK( mp_init(&p) ); - CHECKOK( mp_init(&q) ); - CHECKOK( mp_init(&g) ); - CHECKOK( mp_init(&x) ); - CHECKOK( mp_init(&k) ); - CHECKOK( mp_init(&r) ); - CHECKOK( mp_init(&s) ); - /* - ** Convert stored PQG and private key into MPI integers. - */ - SECITEM_TO_MPINT(key->params.prime, &p); - SECITEM_TO_MPINT(key->params.subPrime, &q); - SECITEM_TO_MPINT(key->params.base, &g); - SECITEM_TO_MPINT(key->privateValue, &x); - CHECKOK( mp_read_unsigned_octets(&k, kb, DSA_SUBPRIME_LEN) ); - /* - ** FIPS 186-1, Section 5, Step 1 - ** - ** r = (g**k mod p) mod q - */ - CHECKOK( mp_exptmod(&g, &k, &p, &r) ); /* r = g**k mod p */ - CHECKOK( mp_mod(&r, &q, &r) ); /* r = r mod q */ - /* - ** FIPS 186-1, Section 5, Step 2 - ** - ** s = (k**-1 * (SHA1(M) + x*r)) mod q - */ - SECITEM_TO_MPINT(*digest, &s); /* s = SHA1(M) */ - CHECKOK( mp_invmod(&k, &q, &k) ); /* k = k**-1 mod q */ - CHECKOK( mp_mulmod(&x, &r, &q, &x) ); /* x = x * r mod q */ - CHECKOK( mp_addmod(&s, &x, &q, &s) ); /* s = s + x mod q */ - CHECKOK( mp_mulmod(&s, &k, &q, &s) ); /* s = s * k mod q */ - /* - ** verify r != 0 and s != 0 - ** mentioned as optional in FIPS 186-1. - */ - if (mp_cmp_z(&r) == 0 || mp_cmp_z(&s) == 0) { - PORT_SetError(SEC_ERROR_NEED_RANDOM); - rv = SECFailure; - goto cleanup; - } - /* - ** Step 4 - ** - ** Signature is tuple (r, s) - */ - err = mp_to_fixlen_octets(&r, signature->data, DSA_SUBPRIME_LEN); - if (err < 0) goto cleanup; - err = mp_to_fixlen_octets(&s, signature->data + DSA_SUBPRIME_LEN, - DSA_SUBPRIME_LEN); - if (err < 0) goto cleanup; - err = MP_OKAY; -cleanup: - mp_clear(&p); - mp_clear(&q); - mp_clear(&g); - mp_clear(&x); - mp_clear(&k); - mp_clear(&r); - mp_clear(&s); - if (err) { - translate_mpi_error(err); - rv = SECFailure; - } - return rv; -} - -/* signature is caller-supplied buffer of at least 20 bytes. -** On input, signature->len == size of buffer to hold signature. -** digest->len == size of digest. -** On output, signature->len == size of signature in buffer. -** Uses a random seed. -*/ -SECStatus -DSA_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest) -{ - SECStatus rv; - int retries = 10; - unsigned char kSeed[DSA_SUBPRIME_LEN]; - - PORT_SetError(0); - do { - rv = DSA_GenerateGlobalRandomBytes(kSeed, DSA_SUBPRIME_LEN, - key->params.subPrime.data); - if (rv != SECSuccess) - break; - rv = dsa_SignDigest(key, signature, digest, kSeed); - } while (rv != SECSuccess && PORT_GetError() == SEC_ERROR_NEED_RANDOM && - --retries > 0); - return rv; -} - -/* For FIPS compliance testing. Seed must be exactly 20 bytes. */ -SECStatus -DSA_SignDigestWithSeed(DSAPrivateKey * key, - SECItem * signature, - const SECItem * digest, - const unsigned char * seed) -{ - SECStatus rv; - rv = dsa_SignDigest(key, signature, digest, seed); - return rv; -} - -/* signature is caller-supplied buffer of at least 20 bytes. -** On input, signature->len == size of buffer to hold signature. -** digest->len == size of digest. -*/ -SECStatus -DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature, - const SECItem *digest) -{ - /* FIPS-compliance dictates that digest is a SHA1 hash. */ - mp_int p, q, g; /* PQG parameters */ - mp_int r_, s_; /* tuple (r', s') is received signature) */ - mp_int u1, u2, v, w; /* intermediate values used in verification */ - mp_int y; /* public key */ - mp_err err; - SECStatus verified = SECFailure; - - /* Check args. */ - if (!key || !signature || !digest || - (signature->len != DSA_SIGNATURE_LEN) || - (digest->len != SHA1_LENGTH)) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - /* Initialize MPI integers. */ - MP_DIGITS(&p) = 0; - MP_DIGITS(&q) = 0; - MP_DIGITS(&g) = 0; - MP_DIGITS(&y) = 0; - MP_DIGITS(&r_) = 0; - MP_DIGITS(&s_) = 0; - MP_DIGITS(&u1) = 0; - MP_DIGITS(&u2) = 0; - MP_DIGITS(&v) = 0; - MP_DIGITS(&w) = 0; - CHECKOK( mp_init(&p) ); - CHECKOK( mp_init(&q) ); - CHECKOK( mp_init(&g) ); - CHECKOK( mp_init(&y) ); - CHECKOK( mp_init(&r_) ); - CHECKOK( mp_init(&s_) ); - CHECKOK( mp_init(&u1) ); - CHECKOK( mp_init(&u2) ); - CHECKOK( mp_init(&v) ); - CHECKOK( mp_init(&w) ); - /* - ** Convert stored PQG and public key into MPI integers. - */ - SECITEM_TO_MPINT(key->params.prime, &p); - SECITEM_TO_MPINT(key->params.subPrime, &q); - SECITEM_TO_MPINT(key->params.base, &g); - SECITEM_TO_MPINT(key->publicValue, &y); - /* - ** Convert received signature (r', s') into MPI integers. - */ - CHECKOK( mp_read_unsigned_octets(&r_, signature->data, DSA_SUBPRIME_LEN) ); - CHECKOK( mp_read_unsigned_octets(&s_, signature->data + DSA_SUBPRIME_LEN, - DSA_SUBPRIME_LEN) ); - /* - ** Verify that 0 < r' < q and 0 < s' < q - */ - if (mp_cmp_z(&r_) <= 0 || mp_cmp_z(&s_) <= 0 || - mp_cmp(&r_, &q) >= 0 || mp_cmp(&s_, &q) >= 0) - goto cleanup; /* will return verified == SECFailure */ - /* - ** FIPS 186-1, Section 6, Step 1 - ** - ** w = (s')**-1 mod q - */ - CHECKOK( mp_invmod(&s_, &q, &w) ); /* w = (s')**-1 mod q */ - /* - ** FIPS 186-1, Section 6, Step 2 - ** - ** u1 = ((SHA1(M')) * w) mod q - */ - SECITEM_TO_MPINT(*digest, &u1); /* u1 = SHA1(M') */ - CHECKOK( mp_mulmod(&u1, &w, &q, &u1) ); /* u1 = u1 * w mod q */ - /* - ** FIPS 186-1, Section 6, Step 3 - ** - ** u2 = ((r') * w) mod q - */ - CHECKOK( mp_mulmod(&r_, &w, &q, &u2) ); - /* - ** FIPS 186-1, Section 6, Step 4 - ** - ** v = ((g**u1 * y**u2) mod p) mod q - */ - CHECKOK( mp_exptmod(&g, &u1, &p, &g) ); /* g = g**u1 mod p */ - CHECKOK( mp_exptmod(&y, &u2, &p, &y) ); /* y = y**u2 mod p */ - CHECKOK( mp_mulmod(&g, &y, &p, &v) ); /* v = g * y mod p */ - CHECKOK( mp_mod(&v, &q, &v) ); /* v = v mod q */ - /* - ** Verification: v == r' - */ - if (mp_cmp(&v, &r_)) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - verified = SECFailure; /* Signature failed to verify. */ - } else { - verified = SECSuccess; /* Signature verified. */ - } -cleanup: - mp_clear(&p); - mp_clear(&q); - mp_clear(&g); - mp_clear(&y); - mp_clear(&r_); - mp_clear(&s_); - mp_clear(&u1); - mp_clear(&u2); - mp_clear(&v); - mp_clear(&w); - if (err) { - translate_mpi_error(err); - } - return verified; -} diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c deleted file mode 100644 index 66d265025..000000000 --- a/security/nss/lib/freebl/ec.c +++ /dev/null @@ -1,944 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Elliptic Curve Cryptography library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta and - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "blapi.h" -#include "prerr.h" -#include "secerr.h" -#include "secmpi.h" -#include "secitem.h" -#include "ec.h" -#include "ecl.h" - -#ifdef NSS_ENABLE_ECC - -/* - * Returns true if pointP is the point at infinity, false otherwise - */ -PRBool -ec_point_at_infinity(SECItem *pointP) -{ - int i; - - for (i = 1; i < pointP->len; i++) { - if (pointP->data[i] != 0x00) return PR_FALSE; - } - - return PR_TRUE; -} - -/* - * Computes scalar point multiplication pointQ = k1 * G + k2 * pointP for - * the curve whose parameters are encoded in params with base point G. - */ -SECStatus -ec_points_mul(const ECParams *params, const mp_int *k1, const mp_int *k2, - const SECItem *pointP, SECItem *pointQ) -{ - mp_int Px, Py, Qx, Qy; - mp_int Gx, Gy, order, irreducible, a, b; -#if 0 /* currently don't support non-named curves */ - unsigned int irr_arr[5]; -#endif - ECGroup *group = NULL; - SECStatus rv = SECFailure; - mp_err err = MP_OKAY; - int len; - -#if EC_DEBUG - int i; - char mpstr[256]; - - printf("ec_points_mul: params [len=%d]:", params->DEREncoding.len); - for (i = 0; i < params->DEREncoding.len; i++) - printf("%02x:", params->DEREncoding.data[i]); - printf("\n"); - - if (k1 != NULL) { - mp_tohex(k1, mpstr); - printf("ec_points_mul: scalar k1: %s\n", mpstr); - mp_todecimal(k1, mpstr); - printf("ec_points_mul: scalar k1: %s (dec)\n", mpstr); - } - - if (k2 != NULL) { - mp_tohex(k2, mpstr); - printf("ec_points_mul: scalar k2: %s\n", mpstr); - mp_todecimal(k2, mpstr); - printf("ec_points_mul: scalar k2: %s (dec)\n", mpstr); - } - - if (pointP != NULL) { - printf("ec_points_mul: pointP [len=%d]:", pointP->len); - for (i = 0; i < pointP->len; i++) - printf("%02x:", pointP->data[i]); - printf("\n"); - } -#endif - - /* NOTE: We only support uncompressed points for now */ - len = (params->fieldID.size + 7) >> 3; - if (pointP != NULL) { - if ((pointP->data[0] != EC_POINT_FORM_UNCOMPRESSED) || - (pointP->len != (2 * len + 1))) { - return SECFailure; - }; - } - - MP_DIGITS(&Px) = 0; - MP_DIGITS(&Py) = 0; - MP_DIGITS(&Qx) = 0; - MP_DIGITS(&Qy) = 0; - MP_DIGITS(&Gx) = 0; - MP_DIGITS(&Gy) = 0; - MP_DIGITS(&order) = 0; - MP_DIGITS(&irreducible) = 0; - MP_DIGITS(&a) = 0; - MP_DIGITS(&b) = 0; - CHECK_MPI_OK( mp_init(&Px) ); - CHECK_MPI_OK( mp_init(&Py) ); - CHECK_MPI_OK( mp_init(&Qx) ); - CHECK_MPI_OK( mp_init(&Qy) ); - CHECK_MPI_OK( mp_init(&Gx) ); - CHECK_MPI_OK( mp_init(&Gy) ); - CHECK_MPI_OK( mp_init(&order) ); - CHECK_MPI_OK( mp_init(&irreducible) ); - CHECK_MPI_OK( mp_init(&a) ); - CHECK_MPI_OK( mp_init(&b) ); - - if ((k2 != NULL) && (pointP != NULL)) { - /* Initialize Px and Py */ - CHECK_MPI_OK( mp_read_unsigned_octets(&Px, pointP->data + 1, (mp_size) len) ); - CHECK_MPI_OK( mp_read_unsigned_octets(&Py, pointP->data + 1 + len, (mp_size) len) ); - } - - /* construct from named params, if possible */ - if (params->name != ECCurve_noName) { - group = ECGroup_fromName(params->name); - } - -#if 0 /* currently don't support non-named curves */ - if (group == NULL) { - /* Set up mp_ints containing the curve coefficients */ - CHECK_MPI_OK( mp_read_unsigned_octets(&Gx, params->base.data + 1, - (mp_size) len) ); - CHECK_MPI_OK( mp_read_unsigned_octets(&Gy, params->base.data + 1 + len, - (mp_size) len) ); - SECITEM_TO_MPINT( params->order, &order ); - SECITEM_TO_MPINT( params->curve.a, &a ); - SECITEM_TO_MPINT( params->curve.b, &b ); - if (params->fieldID.type == ec_field_GFp) { - SECITEM_TO_MPINT( params->fieldID.u.prime, &irreducible ); - group = ECGroup_consGFp(&irreducible, &a, &b, &Gx, &Gy, &order, params->cofactor); - } else { - SECITEM_TO_MPINT( params->fieldID.u.poly, &irreducible ); - irr_arr[0] = params->fieldID.size; - irr_arr[1] = params->fieldID.k1; - irr_arr[2] = params->fieldID.k2; - irr_arr[3] = params->fieldID.k3; - irr_arr[4] = 0; - group = ECGroup_consGF2m(&irreducible, irr_arr, &a, &b, &Gx, &Gy, &order, params->cofactor); - } - } -#endif - if (group == NULL) - goto cleanup; - - if ((k2 != NULL) && (pointP != NULL)) { - CHECK_MPI_OK( ECPoints_mul(group, k1, k2, &Px, &Py, &Qx, &Qy) ); - } else { - CHECK_MPI_OK( ECPoints_mul(group, k1, NULL, NULL, NULL, &Qx, &Qy) ); - } - - /* Construct the SECItem representation of point Q */ - pointQ->data[0] = EC_POINT_FORM_UNCOMPRESSED; - CHECK_MPI_OK( mp_to_fixlen_octets(&Qx, pointQ->data + 1, - (mp_size) len) ); - CHECK_MPI_OK( mp_to_fixlen_octets(&Qy, pointQ->data + 1 + len, - (mp_size) len) ); - - rv = SECSuccess; - -#if EC_DEBUG - printf("ec_points_mul: pointQ [len=%d]:", pointQ->len); - for (i = 0; i < pointQ->len; i++) - printf("%02x:", pointQ->data[i]); - printf("\n"); -#endif - -cleanup: - ECGroup_free(group); - mp_clear(&Px); - mp_clear(&Py); - mp_clear(&Qx); - mp_clear(&Qy); - mp_clear(&Gx); - mp_clear(&Gy); - mp_clear(&order); - mp_clear(&irreducible); - mp_clear(&a); - mp_clear(&b); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - - return rv; -} - -static unsigned char bitmask[] = { - 0xff, 0x7f, 0x3f, 0x1f, - 0x0f, 0x07, 0x03, 0x01 -}; -#endif /* NSS_ENABLE_ECC */ - -/* Generates a new EC key pair. The private key is a supplied - * random value (in seed) and the public key is the result of - * performing a scalar point multiplication of that value with - * the curve's base point. - */ -SECStatus -EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey, - const unsigned char *seed, int seedlen) -{ - SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC - PRArenaPool *arena; - ECPrivateKey *key; - mp_int k; - mp_err err = MP_OKAY; - int len; - -#if EC_DEBUG - printf("EC_NewKeyFromSeed called\n"); -#endif - - if (!ecParams || !privKey || !seed || (seedlen < 0)) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - /* Initialize an arena for the EC key. */ - if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE))) - return SECFailure; - - key = (ECPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(ECPrivateKey)); - if (!key) { - PORT_FreeArena(arena, PR_TRUE); - return SECFailure; - } - - /* Set the version number (SEC 1 section C.4 says it should be 1) */ - SECITEM_AllocItem(arena, &key->version, 1); - key->version.data[0] = 1; - - /* Copy all of the fields from the ECParams argument to the - * ECParams structure within the private key. - */ - key->ecParams.arena = arena; - key->ecParams.type = ecParams->type; - key->ecParams.fieldID.size = ecParams->fieldID.size; - key->ecParams.fieldID.type = ecParams->fieldID.type; - if (ecParams->fieldID.type == ec_field_GFp) { - CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.fieldID.u.prime, - &ecParams->fieldID.u.prime)); - } else { - CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.fieldID.u.poly, - &ecParams->fieldID.u.poly)); - } - key->ecParams.fieldID.k1 = ecParams->fieldID.k1; - key->ecParams.fieldID.k2 = ecParams->fieldID.k2; - key->ecParams.fieldID.k3 = ecParams->fieldID.k3; - CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.a, - &ecParams->curve.a)); - CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.b, - &ecParams->curve.b)); - CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.seed, - &ecParams->curve.seed)); - CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.base, - &ecParams->base)); - CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.order, - &ecParams->order)); - key->ecParams.cofactor = ecParams->cofactor; - CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.DEREncoding, - &ecParams->DEREncoding)); - key->ecParams.name = ecParams->name; - CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curveOID, - &ecParams->curveOID)); - - len = (ecParams->fieldID.size + 7) >> 3; - SECITEM_AllocItem(arena, &key->privateValue, len); - SECITEM_AllocItem(arena, &key->publicValue, 2*len + 1); - - /* Copy private key */ - if (seedlen >= len) { - memcpy(key->privateValue.data, seed, len); - } else { - memset(key->privateValue.data, 0, (len - seedlen)); - memcpy(key->privateValue.data + (len - seedlen), seed, seedlen); - } - - /* Compute corresponding public key */ - MP_DIGITS(&k) = 0; - CHECK_MPI_OK( mp_init(&k) ); - CHECK_MPI_OK( mp_read_unsigned_octets(&k, key->privateValue.data, - (mp_size) len) ); - - rv = ec_points_mul(ecParams, &k, NULL, NULL, &(key->publicValue)); - if (rv != SECSuccess) goto cleanup; - *privKey = key; - -cleanup: - mp_clear(&k); - if (rv) - PORT_FreeArena(arena, PR_TRUE); - -#if EC_DEBUG - printf("EC_NewKeyFromSeed returning %s\n", - (rv == SECSuccess) ? "success" : "failure"); -#endif -#else - PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ - - return rv; - -} - -/* Generates a new EC key pair. The private key is a random value and - * the public key is the result of performing a scalar point multiplication - * of that value with the curve's base point. - */ -SECStatus -EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey) -{ - SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC - int len; - unsigned char *seed; - - if (!ecParams || !privKey) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - /* Generate random private key */ - len = (ecParams->fieldID.size + 7) >> 3; - if ((seed = PORT_Alloc(len)) == NULL) goto cleanup; - if (RNG_GenerateGlobalRandomBytes(seed, len) != SECSuccess) goto cleanup; - - /* Fit private key to the field size */ - seed[0] &= bitmask[len * 8 - ecParams->fieldID.size]; - rv = EC_NewKeyFromSeed(ecParams, privKey, seed, len); - -cleanup: - if (!seed) { - PORT_ZFree(seed, len); - } -#if EC_DEBUG - printf("EC_NewKey returning %s\n", - (rv == SECSuccess) ? "success" : "failure"); -#endif -#else - PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ - - return rv; -} - -/* Validates an EC public key as described in Section 5.2.2 of - * X9.63. The ECDH primitive when used without the cofactor does - * not address small subgroup attacks, which may occur when the - * public key is not valid. These attacks can be prevented by - * validating the public key before using ECDH. - */ -SECStatus -EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue) -{ -#ifdef NSS_ENABLE_ECC - if (!ecParams || !publicValue) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - /* XXX Add actual checks here. */ - return SECSuccess; -#else - PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); - return SECFailure; -#endif /* NSS_ENABLE_ECC */ -} - -/* -** Performs an ECDH key derivation by computing the scalar point -** multiplication of privateValue and publicValue (with or without the -** cofactor) and returns the x-coordinate of the resulting elliptic -** curve point in derived secret. If successful, derivedSecret->data -** is set to the address of the newly allocated buffer containing the -** derived secret, and derivedSecret->len is the size of the secret -** produced. It is the caller's responsibility to free the allocated -** buffer containing the derived secret. -*/ -SECStatus -ECDH_Derive(SECItem *publicValue, - ECParams *ecParams, - SECItem *privateValue, - PRBool withCofactor, - SECItem *derivedSecret) -{ - SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC - unsigned int len = 0; - SECItem pointQ = {siBuffer, NULL, 0}; - mp_int k; /* to hold the private value */ - mp_int cofactor; - mp_err err = MP_OKAY; -#if EC_DEBUG - int i; -#endif - - if (!publicValue || !ecParams || !privateValue || - !derivedSecret) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - memset(derivedSecret, 0, sizeof *derivedSecret); - len = (ecParams->fieldID.size + 7) >> 3; - pointQ.len = 2*len + 1; - if ((pointQ.data = PORT_Alloc(2*len + 1)) == NULL) goto cleanup; - - MP_DIGITS(&k) = 0; - CHECK_MPI_OK( mp_init(&k) ); - CHECK_MPI_OK( mp_read_unsigned_octets(&k, privateValue->data, - (mp_size) privateValue->len) ); - - if (withCofactor && (ecParams->cofactor != 1)) { - /* multiply k with the cofactor */ - MP_DIGITS(&cofactor) = 0; - CHECK_MPI_OK( mp_init(&cofactor) ); - mp_set(&cofactor, ecParams->cofactor); - CHECK_MPI_OK( mp_mul(&k, &cofactor, &k) ); - } - - /* Multiply our private key and peer's public point */ - if ((ec_points_mul(ecParams, NULL, &k, publicValue, &pointQ) != SECSuccess) || - ec_point_at_infinity(&pointQ)) - goto cleanup; - - /* Allocate memory for the derived secret and copy - * the x co-ordinate of pointQ into it. - */ - SECITEM_AllocItem(NULL, derivedSecret, len); - memcpy(derivedSecret->data, pointQ.data + 1, len); - - rv = SECSuccess; - -#if EC_DEBUG - printf("derived_secret:\n"); - for (i = 0; i < derivedSecret->len; i++) - printf("%02x:", derivedSecret->data[i]); - printf("\n"); -#endif - -cleanup: - mp_clear(&k); - - if (pointQ.data) { - PORT_ZFree(pointQ.data, 2*len + 1); - } -#else - PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ - - return rv; -} - -/* Computes the ECDSA signature (a concatenation of two values r and s) - * on the digest using the given key and the random value kb (used in - * computing s). - */ -SECStatus -ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature, - const SECItem *digest, const unsigned char *kb, const int kblen) -{ - SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC - mp_int x1; - mp_int d, k; /* private key, random integer */ - mp_int r, s; /* tuple (r, s) is the signature */ - mp_int n; - mp_err err = MP_OKAY; - ECParams *ecParams = NULL; - SECItem kGpoint = { siBuffer, NULL, 0}; - int len = 0; - -#if EC_DEBUG - char mpstr[256]; -#endif - - /* Check args */ - if (!key || !signature || !digest || !kb || (kblen < 0) || - (digest->len != SHA1_LENGTH)) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - goto cleanup; - } - - ecParams = &(key->ecParams); - len = (ecParams->fieldID.size + 7) >> 3; - if (signature->len < 2*len) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - goto cleanup; - } - - /* Initialize MPI integers. */ - MP_DIGITS(&x1) = 0; - MP_DIGITS(&d) = 0; - MP_DIGITS(&k) = 0; - MP_DIGITS(&r) = 0; - MP_DIGITS(&s) = 0; - MP_DIGITS(&n) = 0; - CHECK_MPI_OK( mp_init(&x1) ); - CHECK_MPI_OK( mp_init(&d) ); - CHECK_MPI_OK( mp_init(&k) ); - CHECK_MPI_OK( mp_init(&r) ); - CHECK_MPI_OK( mp_init(&s) ); - CHECK_MPI_OK( mp_init(&n) ); - - SECITEM_TO_MPINT( ecParams->order, &n ); - SECITEM_TO_MPINT( key->privateValue, &d ); - CHECK_MPI_OK( mp_read_unsigned_octets(&k, kb, kblen) ); - /* Make sure k is in the interval [1, n-1] */ - if ((mp_cmp_z(&k) <= 0) || (mp_cmp(&k, &n) >= 0)) { -#if EC_DEBUG - printf("k is outside [1, n-1]\n"); - mp_tohex(&k, mpstr); - printf("k : %s \n", mpstr); - mp_tohex(&n, mpstr); - printf("n : %s \n", mpstr); -#endif - PORT_SetError(SEC_ERROR_NEED_RANDOM); - goto cleanup; - } - - /* - ** ANSI X9.62, Section 5.3.2, Step 2 - ** - ** Compute kG - */ - kGpoint.len = 2*len + 1; - kGpoint.data = PORT_Alloc(2*len + 1); - if ((kGpoint.data == NULL) || - (ec_points_mul(ecParams, &k, NULL, NULL, &kGpoint) - != SECSuccess)) - goto cleanup; - - /* - ** ANSI X9.62, Section 5.3.3, Step 1 - ** - ** Extract the x co-ordinate of kG into x1 - */ - CHECK_MPI_OK( mp_read_unsigned_octets(&x1, kGpoint.data + 1, - (mp_size) len) ); - - /* - ** ANSI X9.62, Section 5.3.3, Step 2 - ** - ** r = x1 mod n NOTE: n is the order of the curve - */ - CHECK_MPI_OK( mp_mod(&x1, &n, &r) ); - - /* - ** ANSI X9.62, Section 5.3.3, Step 3 - ** - ** verify r != 0 - */ - if (mp_cmp_z(&r) == 0) { - PORT_SetError(SEC_ERROR_NEED_RANDOM); - goto cleanup; - } - - /* - ** ANSI X9.62, Section 5.3.3, Step 4 - ** - ** s = (k**-1 * (SHA1(M) + d*r)) mod n - */ - SECITEM_TO_MPINT(*digest, &s); /* s = SHA1(M) */ - -#if EC_DEBUG - mp_todecimal(&n, mpstr); - printf("n : %s (dec)\n", mpstr); - mp_todecimal(&d, mpstr); - printf("d : %s (dec)\n", mpstr); - mp_tohex(&x1, mpstr); - printf("x1: %s\n", mpstr); - mp_todecimal(&s, mpstr); - printf("digest: %s (decimal)\n", mpstr); - mp_todecimal(&r, mpstr); - printf("r : %s (dec)\n", mpstr); - mp_tohex(&r, mpstr); - printf("r : %s\n", mpstr); -#endif - - CHECK_MPI_OK( mp_invmod(&k, &n, &k) ); /* k = k**-1 mod n */ - CHECK_MPI_OK( mp_mulmod(&d, &r, &n, &d) ); /* d = d * r mod n */ - CHECK_MPI_OK( mp_addmod(&s, &d, &n, &s) ); /* s = s + d mod n */ - CHECK_MPI_OK( mp_mulmod(&s, &k, &n, &s) ); /* s = s * k mod n */ - -#if EC_DEBUG - mp_todecimal(&s, mpstr); - printf("s : %s (dec)\n", mpstr); - mp_tohex(&s, mpstr); - printf("s : %s\n", mpstr); -#endif - - /* - ** ANSI X9.62, Section 5.3.3, Step 5 - ** - ** verify s != 0 - */ - if (mp_cmp_z(&s) == 0) { - PORT_SetError(SEC_ERROR_NEED_RANDOM); - goto cleanup; - } - - /* - ** - ** Signature is tuple (r, s) - */ - CHECK_MPI_OK( mp_to_fixlen_octets(&r, signature->data, len) ); - CHECK_MPI_OK( mp_to_fixlen_octets(&s, signature->data + len, len) ); - signature->len = 2*len; - - rv = SECSuccess; - err = MP_OKAY; -cleanup: - mp_clear(&x1); - mp_clear(&d); - mp_clear(&k); - mp_clear(&r); - mp_clear(&s); - mp_clear(&n); - - if (kGpoint.data) { - PORT_ZFree(kGpoint.data, 2*len + 1); - } - - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - -#if EC_DEBUG - printf("ECDSA signing with seed %s\n", - (rv == SECSuccess) ? "succeeded" : "failed"); -#endif -#else - PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ - - return rv; -} - -/* -** Computes the ECDSA signature on the digest using the given key -** and a random seed. -*/ -SECStatus -ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest) -{ - SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC - int prerr = 0; - int n = key->ecParams.order.len; - unsigned char *kseed = NULL; - unsigned char *mask; - int i; - - /* Generate random seed of appropriate size as dictated - * by field size. - */ - if ((kseed = PORT_Alloc(n)) == NULL) return SECFailure; - - do { - if (RNG_GenerateGlobalRandomBytes(kseed, n) != SECSuccess) - goto cleanup; - /* make sure that kseed is smaller than the curve order */ - mask = key->ecParams.order.data; - for (i = 0; (i < n) && (*mask == 0x00); i++, mask++) { -#if EC_DEBUG - printf("replacing byte %02x in position %d [n=%d] with zero\n", - *(kseed + i), i, n); -#endif - *(kseed + i) = 0x00; - } - - if (i == n) { - rv = SECFailure; - prerr = SEC_ERROR_NEED_RANDOM; - } else { -#if EC_DEBUG - printf("replacing byte %02x in position %d [n=%d] with %d\n", - *(kseed + i), i, n, (*mask - 1)); -#endif - if (*(kseed + i) >= *mask) - *(kseed + i) = *mask - 1; - rv = ECDSA_SignDigestWithSeed(key, signature, digest, kseed, n); - if (rv) prerr = PORT_GetError(); - } - } while ((rv != SECSuccess) && (prerr == SEC_ERROR_NEED_RANDOM)); - -cleanup: - if (kseed) PORT_ZFree(kseed, n); - -#if EC_DEBUG - printf("ECDSA signing %s\n", - (rv == SECSuccess) ? "succeeded" : "failed"); -#endif -#else - PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ - - return rv; -} - -/* -** Checks the signature on the given digest using the key provided. -*/ -SECStatus -ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature, - const SECItem *digest) -{ - SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC - mp_int r_, s_; /* tuple (r', s') is received signature) */ - mp_int c, u1, u2, v; /* intermediate values used in verification */ - mp_int x1, y1; - mp_int x2, y2; - mp_int n; - mp_err err = MP_OKAY; - PRArenaPool *arena = NULL; - ECParams *ecParams = NULL; - SECItem pointA = { siBuffer, NULL, 0 }; - SECItem pointB = { siBuffer, NULL, 0 }; - SECItem pointC = { siBuffer, NULL, 0 }; - int len; - -#if EC_DEBUG - char mpstr[256]; - printf("ECDSA verification called\n"); -#endif - - /* Check args */ - if (!key || !signature || !digest || - (digest->len != SHA1_LENGTH)) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - goto cleanup; - } - - ecParams = &(key->ecParams); - len = (ecParams->fieldID.size + 7) >> 3; - if (signature->len < 2*len) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - goto cleanup; - } - - /* Initialize an arena for pointA, pointB and pointC */ - if ((arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)) == NULL) - goto cleanup; - - SECITEM_AllocItem(arena, &pointA, 2*len + 1); - SECITEM_AllocItem(arena, &pointB, 2*len + 1); - SECITEM_AllocItem(arena, &pointC, 2*len + 1); - if (pointA.data == NULL || pointB.data == NULL || pointC.data == NULL) - goto cleanup; - - /* Initialize MPI integers. */ - MP_DIGITS(&r_) = 0; - MP_DIGITS(&s_) = 0; - MP_DIGITS(&c) = 0; - MP_DIGITS(&u1) = 0; - MP_DIGITS(&u2) = 0; - MP_DIGITS(&x1) = 0; - MP_DIGITS(&y1) = 0; - MP_DIGITS(&x2) = 0; - MP_DIGITS(&y2) = 0; - MP_DIGITS(&v) = 0; - MP_DIGITS(&n) = 0; - CHECK_MPI_OK( mp_init(&r_) ); - CHECK_MPI_OK( mp_init(&s_) ); - CHECK_MPI_OK( mp_init(&c) ); - CHECK_MPI_OK( mp_init(&u1) ); - CHECK_MPI_OK( mp_init(&u2) ); - CHECK_MPI_OK( mp_init(&x1) ); - CHECK_MPI_OK( mp_init(&y1) ); - CHECK_MPI_OK( mp_init(&x2) ); - CHECK_MPI_OK( mp_init(&y2) ); - CHECK_MPI_OK( mp_init(&v) ); - CHECK_MPI_OK( mp_init(&n) ); - - /* - ** Convert received signature (r', s') into MPI integers. - */ - CHECK_MPI_OK( mp_read_unsigned_octets(&r_, signature->data, len) ); - CHECK_MPI_OK( mp_read_unsigned_octets(&s_, signature->data + len, len) ); - - /* - ** ANSI X9.62, Section 5.4.2, Steps 1 and 2 - ** - ** Verify that 0 < r' < n and 0 < s' < n - */ - SECITEM_TO_MPINT(ecParams->order, &n); - if (mp_cmp_z(&r_) <= 0 || mp_cmp_z(&s_) <= 0 || - mp_cmp(&r_, &n) >= 0 || mp_cmp(&s_, &n) >= 0) - goto cleanup; /* will return rv == SECFailure */ - - /* - ** ANSI X9.62, Section 5.4.2, Step 3 - ** - ** c = (s')**-1 mod n - */ - CHECK_MPI_OK( mp_invmod(&s_, &n, &c) ); /* c = (s')**-1 mod n */ - - /* - ** ANSI X9.62, Section 5.4.2, Step 4 - ** - ** u1 = ((SHA1(M')) * c) mod n - */ - SECITEM_TO_MPINT(*digest, &u1); /* u1 = SHA1(M') */ - -#if EC_DEBUG - mp_todecimal(&r_, mpstr); - printf("r_: %s (dec)\n", mpstr); - mp_todecimal(&s_, mpstr); - printf("s_: %s (dec)\n", mpstr); - mp_todecimal(&c, mpstr); - printf("c : %s (dec)\n", mpstr); - mp_todecimal(&u1, mpstr); - printf("digest: %s (dec)\n", mpstr); -#endif - - CHECK_MPI_OK( mp_mulmod(&u1, &c, &n, &u1) ); /* u1 = u1 * c mod n */ - - /* - ** ANSI X9.62, Section 5.4.2, Step 4 - ** - ** u2 = ((r') * c) mod n - */ - CHECK_MPI_OK( mp_mulmod(&r_, &c, &n, &u2) ); - - /* - ** ANSI X9.62, Section 5.4.3, Step 1 - ** - ** Compute u1*G + u2*Q - ** Here, A = u1.G B = u2.Q and C = A + B - ** If the result, C, is the point at infinity, reject the signature - */ - if ((ec_points_mul(ecParams, &u1, &u2, &key->publicValue, &pointC) == SECFailure) || - ec_point_at_infinity(&pointC)) { - rv = SECFailure; - goto cleanup; - } - - CHECK_MPI_OK( mp_read_unsigned_octets(&x1, pointC.data + 1, len) ); - - /* - ** ANSI X9.62, Section 5.4.4, Step 2 - ** - ** v = x1 mod n - */ - CHECK_MPI_OK( mp_mod(&x1, &n, &v) ); - -#if EC_DEBUG - mp_todecimal(&r_, mpstr); - printf("r_: %s (dec)\n", mpstr); - mp_todecimal(&v, mpstr); - printf("v : %s (dec)\n", mpstr); -#endif - - /* - ** ANSI X9.62, Section 5.4.4, Step 3 - ** - ** Verification: v == r' - */ - if (mp_cmp(&v, &r_)) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - rv = SECFailure; /* Signature failed to verify. */ - } else { - rv = SECSuccess; /* Signature verified. */ - } - -#if EC_DEBUG - mp_todecimal(&u1, mpstr); - printf("u1: %s (dec)\n", mpstr); - mp_todecimal(&u2, mpstr); - printf("u2: %s (dec)\n", mpstr); - mp_tohex(&x1, mpstr); - printf("x1: %s\n", mpstr); - mp_todecimal(&v, mpstr); - printf("v : %s (dec)\n", mpstr); -#endif - -cleanup: - mp_clear(&r_); - mp_clear(&s_); - mp_clear(&c); - mp_clear(&u1); - mp_clear(&u2); - mp_clear(&x1); - mp_clear(&y1); - mp_clear(&x2); - mp_clear(&y2); - mp_clear(&v); - mp_clear(&n); - - if (arena) PORT_FreeArena(arena, PR_TRUE); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - -#if EC_DEBUG - printf("ECDSA verification %s\n", - (rv == SECSuccess) ? "succeeded" : "failed"); -#endif -#else - PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ - - return rv; -} - diff --git a/security/nss/lib/freebl/ec.h b/security/nss/lib/freebl/ec.h deleted file mode 100644 index 1dad3fea4..000000000 --- a/security/nss/lib/freebl/ec.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Elliptic Curve Cryptography library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#ifndef __ec_h_ -#define __ec_h_ - -#define EC_DEBUG 0 -#define EC_POINT_FORM_COMPRESSED_Y0 0x02 -#define EC_POINT_FORM_COMPRESSED_Y1 0x03 -#define EC_POINT_FORM_UNCOMPRESSED 0x04 -#define EC_POINT_FORM_HYBRID_Y0 0x06 -#define EC_POINT_FORM_HYBRID_Y1 0x07 - -#define ANSI_X962_CURVE_OID_TOTAL_LEN 10 -#define SECG_CURVE_OID_TOTAL_LEN 7 - -#endif /* __ec_h_ */ diff --git a/security/nss/lib/freebl/ecl/Makefile b/security/nss/lib/freebl/ecl/Makefile deleted file mode 100644 index 5ee99a730..000000000 --- a/security/nss/lib/freebl/ecl/Makefile +++ /dev/null @@ -1,224 +0,0 @@ -## -## Makefile for elliptic curve library -## -## The contents of this file are subject to the Mozilla Public -## License Version 1.1 (the "License"); you may not use this file -## except in compliance with the License. You may obtain a copy of -## the License at http://www.mozilla.org/MPL/ -## -## Software distributed under the License is distributed on an "AS -## IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -## implied. See the License for the specific language governing -## rights and limitations under the License. -## -## The Original Code is the elliptic curve math library. -## -## The Initial Developer of the Original Code is Sun Microsystems, Inc. -## Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 -## Sun Microsystems, Inc. All Rights Reserved. -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. -## -## Contributor(s): -## Douglas Stebila -## Michael J. Fromberger -## Netscape Communications Corporation -## Richard C. Swift (swift@netscape.com) -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the -## GPL. - -## Define CC to be the C compiler you wish to use. The GNU cc -## compiler (gcc) should work, at the very least -#CC=cc -#CC=gcc - -## -## Define PERL to point to your local Perl interpreter. It -## should be Perl 5.x, although it's conceivable that Perl 4 -## might work ... I haven't tested it. -## -#PERL=/usr/bin/perl -PERL=perl - -include ../mpi/target.mk - -## -## Define platform-dependent variables for use of floating-point code. -## -ifeq ($(TARGET),v9SOLARIS) -ECL_USE_FP=1 -else -ifeq ($(TARGET),v8plusSOLARIS) -ECL_USE_FP=1 -else -ifeq ($(TARGET),v8SOLARIS) -ECL_USE_FP=1 -else -ifeq ($(TARGET),x86LINUX) -ECL_USE_FP=1 -endif -endif -endif -endif - -## -## Add to definition of CFLAGS depending on use of floating-point code. -## -ifeq ($(ECL_USE_FP),1) -CFLAGS+= -DECL_USE_FP -endif - -## -## Define LIBS to include any libraries you need to link against. -## If NO_TABLE is define, LIBS should include '-lm' or whatever is -## necessary to bring in the math library. Otherwise, it can be -## left alone, unless your system has other peculiar requirements. -## -LIBS=-L../mpi -lmpi -lm#-lmalloc#-lefence - -## -## Define INCLUDES to include any include directories you need to -## compile with. -## -INCLUDES=-I../mpi -CFLAGS+= $(INCLUDES) $(XCFLAGS) - -## -## Define RANLIB to be the library header randomizer; you might not -## need this on some systems (just set it to 'echo' on these systems, -## such as IRIX) -## -RANLIB=echo - -## -## Define LIBOBJS to be the object files that will be created during -## the build process. -## -LIBOBJS = ecl.o ecl_curve.o ecl_mult.o ecl_gf.o \ - ec2_aff.o ec2_mont.o ec2_proj.o \ - ec2_163.o ec2_193.o ec2_233.o \ - ecp_aff.o ecp_jac.o ecp_mont.o \ - ec_naf.o ecp_jm.o \ - ecp_192.o ecp_224.o -ifeq ($(ECL_USE_FP),1) -LIBOBJS+= ecp_fp160.o ecp_fp192.o ecp_fp224.o ecp_fp.o -endif - -## The headers contained in this library. -LIBHDRS = ecl-exp.h ecl.h ec2.h ecp.h ecl-priv.h ecl-curve.h -APPHDRS = ecl-exp.h ecl.h ec2.h ecp.h ecl-priv.h ecl-curve.h -ifeq ($(ECL_GFP_ASSEMBLY_FP),1) -LIBHDRS += ecp_fp.h -APPHDRS += ecp_fp.h -endif - - -help: - @ echo "" - @ echo "The following targets can be built with this Makefile:" - @ echo "" - @ echo "libecl.a - elliptic curve library" - @ echo "tests - build command line tests" - @ echo "test - run command line tests" - @ echo "clean - clean up objects and such" - @ echo "" - -.SUFFIXES: .c .o .i - -.c.i: - $(CC) $(CFLAGS) -E $< > $@ - -#--------------------------------------- - -$(LIBOBJS): $(LIBHDRS) - -ecl.o: ecl.c $(LIBHDRS) -ecl_curve.o: ecl_curve.c $(LIBHDRS) -ecl_mult.o: ecl_mult.c $(LIBHDRS) -ecl_gf.o: ecl_gf.c $(LIBHDRS) -ec2_aff.o: ec2_aff.c $(LIBHDRS) -ec2_mont.o: ec2_mont.c $(LIBHDRS) -ec2_proj.o: ec2_proj.c $(LIBHDRS) -ec2_163.o: ec2_163.c $(LIBHDRS) -ec2_193.o: ec2_193.c $(LIBHDRS) -ec2_233.o: ec2_233.c $(LIBHDRS) -ecp_aff.o: ecp_aff.c $(LIBHDRS) -ecp_jac.o: ecp_jac.c $(LIBHDRS) -ecp_jm.o: ecp_jm.c $(LIBHDRS) -ecp_mont.o: ecp_mont.c $(LIBHDRS) -ecp_192.o: ecp_192.c $(LIBHDRS) -ecp_224.o: ecp_224.c $(LIBHDRS) -ecp_fp.o: ecp_fp.c $(LIBHDRS) -ifeq ($(ECL_USE_FP),1) -ecp_fp160.o: ecp_fp160.c ecp_fpinc.c $(LIBHDRS) -ecp_fp192.o: ecp_fp192.c ecp_fpinc.c $(LIBHDRS) -ecp_fp224.o: ecp_fp224.c ecp_fpinc.c $(LIBHDRS) -endif - -libecl.a: $(LIBOBJS) - ar -cvr libecl.a $(LIBOBJS) - $(RANLIB) libecl.a - -lib libs: libecl.a - -ecl.i: ecl.h - -#--------------------------------------- - -ECLTESTOBJS = ec2_test.o ecp_test.o ec_naft.o -ifeq ($(ECL_USE_FP),1) -ECLTESTOBJS+= ecp_fpt.o -endif -ECLTESTS = $(ECLTESTOBJS:.o=) - -$(ECLTESTOBJS): %.o: tests/%.c $(LIBHDRS) - $(CC) $(CFLAGS) -o $@ -c $< $(INCLUDES) - -$(ECLTESTS): %: %.o libecl.a - $(CC) $(CFLAGS) -o $@ $^ $(LIBS) - -ifeq ($(ECL_USE_FP),1) -tests: ec2_test ecp_test ec_naft ecp_fpt -else -tests: ec2_test ecp_test ec_naft -endif - -#--------------------------------------- - -ifeq ($(ECL_USE_FP),1) -test: tests - ./ecp_test - ./ec2_test - ./ec_naft - ./ecp_fpt -else -test: tests - ./ecp_test - ./ec_naft - ./ec2_test -endif - -#--------------------------------------- - -alltests: tests - -clean: - rm -f *.o *.a *.i - rm -f core - rm -f *~ .*~ - rm -f $(ECLTESTS) - -clobber: clean - -# END diff --git a/security/nss/lib/freebl/ecl/README b/security/nss/lib/freebl/ecl/README deleted file mode 100644 index 0265675c3..000000000 --- a/security/nss/lib/freebl/ecl/README +++ /dev/null @@ -1,329 +0,0 @@ - -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the elliptic curve math library. - -The Initial Developer of the Original Code is Sun Microsystems, Inc. -Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 -Sun Microsystems, Inc. All Rights Reserved. - -Contributor(s): - Stephen Fung and - Douglas Stebila , Sun Microsystems Laboratories - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - - -The ECL exposes routines for constructing and converting curve -parameters for internal use. - - -HEADER FILES -============ - -ecl-exp.h - Exports data structures and curve names. For use by code -that does not have access to mp_ints. - -ecl-curve.h - Provides hex encodings (in the form of ECCurveParams -structs) of standardizes elliptic curve domain parameters and mappings -from ECCurveName to ECCurveParams. For use be code that does not have -access to mp_ints. - -ecl.h - Interface to constructors for curve parameters and group object, -and point multiplication operations. Used by higher level algorithms -(like ECDH and ECDSA) to actually perform elliptic curve cryptography. - -ecl-priv.h - Data structures and functions for internal use within the -library. - -ec2.h - Internal header file that contains all functions for point -arithmetic over binary polynomial fields. - -ecp.h - Internal header file that contains all functions for point -arithmetic over prime fields. - -DATA STRUCTURES AND TYPES -========================= - -ECCurveName (from ecl-exp.h) - Opaque name for standardized elliptic -curve domain parameters. - -ECCurveParams (from ecl-exp.h) - Provides hexadecimal encoding -of elliptic curve domain parameters. Can be generated by a user -and passed to ECGroup_fromHex or can be generated from a name by -EC_GetNamedCurveParams. ecl-curve.h contains ECCurveParams structs for -the standardized curves defined by ECCurveName. - -ECGroup (from ecl.h and ecl-priv.h) - Opaque data structure that -represents a group of elliptic curve points for a particular set of -elliptic curve domain parameters. Contains all domain parameters (curve -a and b, field, base point) as well as pointers to the functions that -should be used for point arithmetic and the underlying field GFMethod. -Generated by either ECGroup_fromHex or ECGroup_fromName. - -GFMethod (from ecl-priv.h) - Represents a field underlying a set of -elliptic curve domain parameters. Contains the irreducible that defines -the field (either the prime or the binary polynomial) as well as -pointers to the functions that should be used for field arithmetic. - -ARITHMETIC FUNCTIONS -==================== - -Higher-level algorithms (like ECDH and ECDSA) should call ECPoint_mul -or ECPoints_mul (from ecl.h) to do point arithmetic. These functions -will choose which underlying algorithms to use, based on the ECGroup -structure. - -Point Multiplication --------------------- - -ecl_mult.c provides the ECPoints_mul and ECPoint_mul wrappers. -It also provides two implementations for the pts_mul operation - -ec_pts_mul_basic (which computes kP, lQ, and then adds kP + lQ) and -ec_pts_mul_simul_w2 (which does a simultaneous point multiplication -using a table with window size 2*2). - -ec_naf.c provides an implementation of an algorithm to calculate a -non-adjacent form of a scalar, minimizing the number of point -additions that need to be done in a point multiplication. - -Point Arithmetic over Prime Fields ----------------------------------- - -ecp_aff.c provides point arithmetic using affine coordinates. - -ecp_jac.c provides point arithmetic using Jacobian projective -coordinates and mixed Jacobian-affine coordinates. (Jacobian projective -coordinates represent a point (x, y) as (X, Y, Z), where x=X/Z^2, -y=Y/Z^3). - -ecp_jm.c provides point arithmetic using Modified Jacobian -coordinates and mixed Modified_Jacobian-affine coordinates. -(Modified Jacobian coordinates represent a point (x, y) -as (X, Y, Z, a*Z^4), where x=X/Z^2, y=Y/Z^3, and a is -the linear coefficient in the curve defining equation). - -ecp_192.c and ecp_224.c provide optimized field arithmetic. - -Point Arithmetic over Binary Polynomial Fields ----------------------------------------------- - -ec2_aff.c provides point arithmetic using affine coordinates. - -ec2_proj.c provides point arithmetic using projective coordinates. -(Projective coordinates represent a point (x, y) as (X, Y, Z), where -x=X/Z, y=Y/Z^2). - -ec2_mont.c provides point multiplication using Montgomery projective -coordinates. - -ec2_163.c, ec2_193.c, and ec2_233.c provide optimized field arithmetic. - -Field Arithmetic ----------------- - -ecl_gf.c provides constructors for field objects (GFMethod) with the -functions GFMethod_cons*. It also provides wrappers around the basic -field operations. - -Prime Field Arithmetic ----------------------- - -The mpi library provides the basic prime field arithmetic. - -ecp_mont.c provides wrappers around the Montgomery multiplication -functions from the mpi library and adds encoding and decoding functions. -It also provides the function to construct a GFMethod object using -Montgomery multiplication. - -ecp_192.c and ecp_224.c provide optimized modular reduction for the -fields defined by nistp192 and nistp224 primes. - -ecl_gf.c provides wrappers around the basic field operations. - -Binary Polynomial Field Arithmetic ----------------------------------- - -../mpi/mp_gf2m.c provides basic binary polynomial field arithmetic, -including addition, multiplication, squaring, mod, and division, as well -as conversion ob polynomial representations between bitstring and int[]. - -ec2_163.c, ec2_193.c, and ec2_233.c provide optimized field mod, mul, -and sqr operations. - -ecl_gf.c provides wrappers around the basic field operations. - -Field Encoding --------------- - -By default, field elements are encoded in their basic form. It is -possible to use an alternative encoding, however. For example, it is -possible to Montgomery representation of prime field elements and -take advantage of the fast modular multiplication that Montgomery -representation provides. The process of converting from basic form to -Montgomery representation is called field encoding, and the opposite -process would be field decoding. All internal point operations assume -that the operands are field encoded as appropriate. By rewiring the -underlying field arithmetic to perform operations on these encoded -values, the same overlying point arithmetic operations can be used -regardless of field representation. - -ALGORITHM WIRING -================ - -The EC library allows point and field arithmetic algorithms to be -substituted ("wired-in") on a fine-grained basis. This allows for -generic algorithms and algorithms that are optimized for a particular -curve, field, or architecture, to coexist and to be automatically -selected at runtime. - -Wiring Mechanism ----------------- - -The ECGroup and GFMethod structure contain pointers to the point and -field arithmetic functions, respectively, that are to be used in -operations. - -The selection of algorithms to use is handled in the function -ecgroup_fromNameAndHex in ecl.c. - -Default Wiring --------------- - -Curves over prime fields by default use montgomery field arithmetic, -point multiplication using 5-bit window non-adjacent-form with -Modified Jacobian coordinates, and 2*2-bit simultaneous point -multiplication using Jacobian coordinates. -(Wiring in function ECGroup_consGFp_mont in ecl.c.) - -Curves over prime fields that have optimized modular reduction (i.e., -secp160r1, nistp192, and nistp224) do not use Montgomery field -arithmetic. Instead, they use basic field arithmetic with their -optimized reduction (as in ecp_192.c and ecp_224.c). They -use the same point multiplication and simultaneous point multiplication -algorithms as other curves over prime fields. - -Curves over binary polynomial fields by default use generic field -arithmetic with montgomery point multiplication and basic kP + lQ -computation (multiply, multiply, and add). (Wiring in function -ECGroup_cons_GF2m in ecl.c.) - -Curves over binary polynomial fields that have optimized field -arithmetic (i.e., any 163-, 193, or 233-bit field) use their optimized -field arithmetic. They use the same point multiplication and -simultaneous point multiplication algorithms as other curves over binary -fields. - -Example -------- - -We provide an example for plugging in an optimized implementation for -the Koblitz curve nistk163. - -Suppose the file ec2_k163.c contains the optimized implementation. In -particular it contains a point multiplication function: - - mp_err ec_GF2m_nistk163_pt_mul(const mp_int *n, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, const ECGroup *group); - -Since only a pt_mul function is provided, the generic pt_add function -will be used. - -There are two options for handling the optimized field arithmetic used -by the ..._pt_mul function. Say the optimized field arithmetic includes -the following functions: - - mp_err ec_GF2m_nistk163_add(const mp_int *a, const mp_int *b, - mp_int *r, const GFMethod *meth); - mp_err ec_GF2m_nistk163_mul(const mp_int *a, const mp_int *b, - mp_int *r, const GFMethod *meth); - mp_err ec_GF2m_nistk163_sqr(const mp_int *a, const mp_int *b, - mp_int *r, const GFMethod *meth); - mp_err ec_GF2m_nistk163_div(const mp_int *a, const mp_int *b, - mp_int *r, const GFMethod *meth); - -First, the optimized field arithmetic could simply be called directly -by the ..._pt_mul function. This would be accomplished by changing -the ecgroup_fromNameAndHex function in ecl.c to include the following -statements: - - if (name == ECCurve_NIST_K163) { - group = ECGroup_consGF2m(&irr, NULL, &curvea, &curveb, &genx, - &geny, &order, params->cofactor); - if (group == NULL) { res = MP_UNDEF; goto CLEANUP; } - MP_CHECKOK( ec_group_set_nistk163(group) ); - } - -and including in ec2_k163.c the following function: - - mp_err ec_group_set_nistk163(ECGroup *group) { - group->point_mul = &ec_GF2m_nistk163_pt_mul; - return MP_OKAY; - } - -As a result, ec_GF2m_pt_add and similar functions would use the -basic binary polynomial field arithmetic ec_GF2m_add, ec_GF2m_mul, -ec_GF2m_sqr, and ec_GF2m_div. - -Alternatively, the optimized field arithmetic could be wired into the -group's GFMethod. This would be accomplished by putting the following -function in ec2_k163.c: - - mp_err ec_group_set_nistk163(ECGroup *group) { - group->meth->field_add = &ec_GF2m_nistk163_add; - group->meth->field_mul = &ec_GF2m_nistk163_mul; - group->meth->field_sqr = &ec_GF2m_nistk163_sqr; - group->meth->field_div = &ec_GF2m_nistk163_div; - group->point_mul = &ec_GF2m_nistk163_pt_mul; - return MP_OKAY; - } - -For an example of functions that use special field encodings, take a -look at ecp_mont.c. - -TESTING -======= - -The ecl/tests directory contains a collection of standalone tests that -verify the correctness of the elliptic curve library. - -Both ecp_test and ec2_test take the following arguments: - - --print Print out results of each point arithmetic test. - --time Benchmark point operations and print results. - -The set of curves over which ecp_test and ec2_test run is coded into the -program, but can be changed by editing the source files. - -BUILDING -======== - -The ecl can be built as a standalone library, separate from NSS, -dependent only on the mpi library. To build the library: - - > cd ../mpi - > make libs - > cd ../ecl - > make libs - > make tests # to build test files - > make test # to run automated tests diff --git a/security/nss/lib/freebl/ecl/README.FP b/security/nss/lib/freebl/ecl/README.FP deleted file mode 100644 index e92a5affe..000000000 --- a/security/nss/lib/freebl/ecl/README.FP +++ /dev/null @@ -1,316 +0,0 @@ - -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the elliptic curve math library. - -The Initial Developer of the Original Code is Sun Microsystems, Inc. -Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 -Sun Microsystems, Inc. All Rights Reserved. - -Contributor(s): - Stephen Fung and - Nils Gura , Sun Microsystems Laboratories - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - - -The ECL exposes routines for constructing and converting curve -parameters for internal use. - -The floating point code of the ECL provides algorithms for performing -elliptic-curve point multiplications in floating point. - -The point multiplication algorithms perform calculations almost -exclusively in floating point for efficiency, but have the same -(integer) interface as the ECL for compatibility and to be easily -wired-in to the ECL. Please see README file (not this README.FP file) -for information on wiring-in. - -This has been implemented for 3 curves as specified in [1]: - secp160r1 - secp192r1 - secp224r1 - -RATIONALE -========= -Calculations are done in the floating-point unit (FPU) since it -gives better performance on the UltraSPARC III chips. This is -because the FPU allows for faster multiplication than the integer unit. -The integer unit has a longer multiplication instruction latency, and -does not allow full pipelining, as described in [2]. -Since performance is an important selling feature of Elliptic Curve -Cryptography (ECC), this implementation was created. - -DATA REPRESENTATION -=================== -Data is primarily represented in an array of double-precision floating -point numbers. Generally, each array element has 24 bits of precision -(i.e. be x * 2^y, where x is an integer of at most 24 bits, y some positive -integer), although the actual implementation details are more complicated. - -e.g. a way to store an 80 bit number might be: -double p[4] = { 632613 * 2^0, 329841 * 2^24, 9961 * 2^48, 51 * 2^64 }; -See section ARITHMETIC OPERATIONS for more details. - -This implementation assumes that the floating-point unit rounding mode -is round-to-even as specified in IEEE 754 -(as opposed to chopping, rounding up, or rounding down). -When subtracting integers represented as arrays of floating point -numbers, some coefficients (array elements) may become negative. -This effectively gives an extra bit of precision that is important -for correctness in some cases. - -The described number presentation limits the size of integers to 1023 bits. -This is due to an upper bound of 1024 for the exponent of a double precision -floating point number as specified in IEEE-754. -However, this is acceptable for ECC key sizes of the foreseeable future. - -DATA STRUCTURES -=============== -For more information on coordinate representations, see [3]. - -ecfp_aff_pt ------------ -Affine EC Point Representation. This is the basic -representation (x, y) of an elliptic curve point. - -ecfp_jac_pt ------------ -Jacobian EC Point. This stores a point as (X, Y, Z), where -the affine point corresponds to (X/Z^2, Y/Z^3). This allows -for fewer inversions in calculations. - -ecfp_chud_pt ------------- -Chudnovsky Jacobian Point. This representation stores a point -as (X, Y, Z, Z^2, Z^3), the same as a Jacobian representation -but also storing Z^2 and Z^3 for faster point additions. - -ecfp_jm_pt ----------- -Modified Jacobian Point. This representation stores a point -as (X, Y, Z, a*Z^4), the same as Jacobian representation but -also storing a*Z^4 for faster point doublings. Here "a" represents -the linear coefficient of x defining the curve. - -EC_group_fp ------------ -Stores information on the elliptic curve group for floating -point calculations. Contains curve specific information, as -well as function pointers to routines, allowing different -optimizations to be easily wired in. -This should be made accessible from an ECGroup for the floating -point implementations of point multiplication. - -POINT MULTIPLICATION ALGORITHMS -=============================== -Elliptic Curve Point multiplication can be done at a higher level orthogonal -to the implementation of point additions and point doublings. There -are a variety of algorithms that can be used. - -The following algorithms have been implemented: - -4-bit Window (Jacobian Coordinates) -Double & Add (Jacobian & Affine Coordinates) -5-bit Non-Adjacent Form (Modified Jacobian & Chudnovsky Jacobian) - -Currently, the fastest algorithm for multiplying a generic point -is the 5-bit Non-Adjacent Form. - -See comments in ecp_fp.c for more details and references. - -SOURCE / HEADER FILES -===================== - -ecp_fp.c --------- -Main source file for floating point calculations. Contains routines -to convert from floating-point to integer (mp_int format), point -multiplication algorithms, and several other routines. - -ecp_fp.h --------- -Main header file. Contains most constants used and function prototypes. - -ecp_fp[160, 192, 224].c ------------------------ -Source files for specific curves. Contains curve specific code such -as specialized reduction based on the field defining prime. Contains -code wiring-in different algorithms and optimizations. - -ecp_fpinc.c ------------ -Source file that is included by ecp_fp[160, 192, 224].c. This generates -functions with different preprocessor-defined names and loop iterations, -allowing for static linking and strong compiler optimizations without -code duplication. - -TESTING -======= -The test suite can be found in ecl/tests/ecp_fpt. This tests and gets -timings of the different algorithms for the curves implemented. - -ARITHMETIC OPERATIONS ---------------------- -The primary operations in ECC over the prime fields are modular arithmetic: -i.e. n * m (mod p) and n + m (mod p). In this implementation, multiplication, -addition, and reduction are implemented as separate functions. This -enables computation of formulae with fewer reductions, e.g. -(a * b) + (c * d) (mod p) rather than: -((a * b) (mod p)) + ((c * d) (mod p)) (mod p) -This takes advantage of the fact that the double precision mantissa in -floating point can hold numbers up to 2^53, i.e. it has some leeway to -store larger intermediate numbers. See further detail in the section on -FLOATING POINT PRECISION. - -Multiplication --------------- -Multiplication is implemented in a standard polynomial multiplication -fashion. The terms in opposite factors are pairwise multiplied and -added together appropriately. Note that the result requires twice -as many doubles for storage, as the bit size of the product is twice -that of the multiplicands. -e.g. suppose we have double n[3], m[3], r[6], and want to calculate r = n * m -r[0] = n[0] * m[0] -r[1] = n[0] * m[1] + n[1] * m[0] -r[2] = n[0] * m[2] + n[1] * m[1] + n[2] * m[0] -r[3] = n[1] * m[2] + n[2] * m[1] -r[4] = n[2] * m[2] -r[5] = 0 (This is used later to hold spillover from r[4], see tidying in -the reduction section.) - -Addition --------- -Addition is done term by term. The only caveat is to be careful with -the number of terms that need to be added. When adding results of -multiplication (before reduction), twice as many terms need to be added -together. This is done in the addLong function. -e.g. for double n[4], m[4], r[4]: r = n + m -r[0] = n[0] + m[0] -r[1] = n[1] + m[1] -r[2] = n[2] + m[2] -r[3] = n[3] + m[3] - -Modular Reduction ------------------ -For the curves implemented, reduction is possible by fast reduction -for Generalized Mersenne Primes, as described in [4]. For the -floating point implementation, a significant step of the reduction -process is tidying: that is, the propagation of carry bits from -low-order to high-order coefficients to reduce the precision of each -coefficient to 24 bits. -This is done by adding and then subtracting -ecfp_alpha, a large floating point number that induces precision roundoff. -See [5] for more details on tidying using floating point arithmetic. -e.g. suppose we have r = 961838 * 2^24 + 519308 -then if we set alpha = 3 * 2^51 * 2^24, -FP(FP(r + alpha) - alpha) = 961838 * 2^24, because the precision for -the intermediate results is limited. Our values of alpha are chosen -to truncate to a desired number of bits. - -The reduction is then performed as in [4], adding multiples of prime p. -e.g. suppose we are working over a polynomial of 10^2. Take the number -2 * 10^8 + 11 * 10^6 + 53 * 10^4 + 23 * 10^2 + 95, stored in 5 elements -for coefficients of 10^0, 10^2, ..., 10^8. -We wish to reduce modulo p = 10^6 - 2 * 10^4 + 1 -We can subtract off from the higher terms -(2 * 10^8 + 11 * 10^6 + 53 * 10^4 + 23 * 10^2 + 95) - (2 * 10^2) * (10^6 - 2 * 10^4 + 1) -= 15 * 10^6 + 53 * 10^4 + 21 * 10^2 + 95 -= 15 * 10^6 + 53 * 10^4 + 21 * 10^2 + 95 - (15) * (10^6 - 2 * 10^4 + 1) -= 83 * 10^4 + 21 * 10^2 + 80 - -Integrated Example ------------------- -This example shows how multiplication, addition, tidying, and reduction -work together in our modular arithmetic. This is simplified from the -actual implementation, but should convey the main concepts. -Working over polynomials of 10^2 and with p as in the prior example, -Let a = 16 * 10^4 + 53 * 10^2 + 33 -let b = 81 * 10^4 + 31 * 10^2 + 49 -let c = 22 * 10^4 + 0 * 10^2 + 95 -And suppose we want to compute a * b + c mod p. -We first do a multiplication: then a * b = -0 * 10^10 + 1296 * 10^8 + 4789 * 10^6 + 5100 * 10^4 + 3620 * 10^2 + 1617 -Then we add in c before doing reduction, allowing us to get a * b + c = -0 * 10^10 + 1296 * 10^8 + 4789 * 10^6 + 5122 * 10^4 + 3620 * 10^2 + 1712 -We then perform a tidying on the upper half of the terms: -0 * 10^10 + 1296 * 10^8 + 4789 * 10^6 -0 * 10^10 + (1296 + 47) * 10^8 + 89 * 10^6 -0 * 10^10 + 1343 * 10^8 + 89 * 10^6 -13 * 10^10 + 43 * 10^8 + 89 * 10^6 -which then gives us -13 * 10^10 + 43 * 10^8 + 89 * 10^6 + 5122 * 10^4 + 3620 * 10^2 + 1712 -we then reduce modulo p similar to the reduction example above: -13 * 10^10 + 43 * 10^8 + 89 * 10^6 + 5122 * 10^4 + 3620 * 10^2 + 1712 - - (13 * 10^4 * p) -69 * 10^8 + 89 * 10^6 + 5109 * 10^4 + 3620 * 10^2 + 1712 - - (69 * 10^2 * p) -227 * 10^6 + 5109 * 10^4 + 3551 * 10^2 + 1712 - - (227 * p) -5563 * 10^4 + 3551 * 10^2 + 1485 -finally, we do tidying to get the precision of each term down to 2 digits -5563 * 10^4 + 3565 * 10^2 + 85 -5598 * 10^4 + 65 * 10^2 + 85 -55 * 10^6 + 98 * 10^4 + 65 * 10^2 + 85 -and perform another reduction step - - (55 * p) -208 * 10^4 + 65 * 10^2 + 30 -There may be a small number of further reductions that could be done at -this point, but this is typically done only at the end when converting -from floating point to an integer unit representation. - -FLOATING POINT PRECISION -======================== -This section discusses the precision of floating point numbers, which -one writing new formulae or a larger bit size should be aware of. The -danger is that an intermediate result may be required to store a -mantissa larger than 53 bits, which would cause error by rounding off. - -Note that the tidying with IEEE rounding mode set to round-to-even -allows negative numbers, which actually reduces the size of the double -mantissa to 23 bits - since it rounds the mantissa to the nearest number -modulo 2^24, i.e. roughly between -2^23 and 2^23. -A multiplication increases the bit size to 2^46 * n, where n is the number -of doubles to store a number. For the 224 bit curve, n = 10. This gives -doubles of size 5 * 2^47. Adding two of these doubles gives a result -of size 5 * 2^48, which is less than 2^53, so this is safe. -Similar analysis can be done for other formulae to ensure numbers remain -below 2^53. - -Extended-Precision Floating Point ---------------------------------- -Some platforms, notably x86 Linux, may use an extended-precision floating -point representation that has a 64-bit mantissa. [6] Although this -implementation is optimized for the IEEE standard 53-bit mantissa, -it should work with the 64-bit mantissa. A check is done at run-time -in the function ec_set_fp_precision that detects if the precision is -greater than 53 bits, and runs code for the 64-bit mantissa accordingly. - -REFERENCES -========== -[1] Certicom Corp., "SEC 2: Recommended Elliptic Curve Domain Parameters", Sept. 20, 2000. www.secg.org -[2] Sun Microsystems Inc. UltraSPARC III Cu User's Manual, Version 1.0, May 2002, Table 4.4 -[3] H. Cohen, A. Miyaji, and T. Ono, "Efficient Elliptic Curve Exponentiation Using Mixed Coordinates". -[4] Henk C.A. van Tilborg, Generalized Mersenne Prime. http://www.win.tue.nl/~henkvt/GenMersenne.pdf -[5] Daniel J. Bernstein, Floating-Point Arithmetic and Message Authentication, Journal of Cryptology, March 2000, Section 2. -[6] Daniel J. Bernstein, Floating-Point Arithmetic and Message Authentication, Journal of Cryptology, March 2000, Section 2 Notes. diff --git a/security/nss/lib/freebl/ecl/ec2.h b/security/nss/lib/freebl/ecl/ec2.h deleted file mode 100644 index 2c66b55f5..000000000 --- a/security/nss/lib/freebl/ecl/ec2.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for binary polynomial - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#ifndef __ec2_h_ -#define __ec2_h_ - -#include "ecl-priv.h" - -/* Checks if point P(px, py) is at infinity. Uses affine coordinates. */ -mp_err ec_GF2m_pt_is_inf_aff(const mp_int *px, const mp_int *py); - -/* Sets P(px, py) to be the point at infinity. Uses affine coordinates. */ -mp_err ec_GF2m_pt_set_inf_aff(mp_int *px, mp_int *py); - -/* Computes R = P + Q where R is (rx, ry), P is (px, py) and Q is (qx, - * qy). Uses affine coordinates. */ -mp_err ec_GF2m_pt_add_aff(const mp_int *px, const mp_int *py, - const mp_int *qx, const mp_int *qy, mp_int *rx, - mp_int *ry, const ECGroup *group); - -/* Computes R = P - Q. Uses affine coordinates. */ -mp_err ec_GF2m_pt_sub_aff(const mp_int *px, const mp_int *py, - const mp_int *qx, const mp_int *qy, mp_int *rx, - mp_int *ry, const ECGroup *group); - -/* Computes R = 2P. Uses affine coordinates. */ -mp_err ec_GF2m_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx, - mp_int *ry, const ECGroup *group); - -/* by default, this routine is unused and thus doesn't need to be compiled */ -#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF -/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters - * a, b and p are the elliptic curve coefficients and the irreducible that - * determines the field GF2m. Uses affine coordinates. */ -mp_err ec_GF2m_pt_mul_aff(const mp_int *n, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, - const ECGroup *group); -#endif - -/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters - * a, b and p are the elliptic curve coefficients and the irreducible that - * determines the field GF2m. Uses Montgomery projective coordinates. */ -mp_err ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, - const ECGroup *group); - -#ifdef ECL_ENABLE_GF2M_PROJ -/* Converts a point P(px, py) from affine coordinates to projective - * coordinates R(rx, ry, rz). */ -mp_err ec_GF2m_pt_aff2proj(const mp_int *px, const mp_int *py, mp_int *rx, - mp_int *ry, mp_int *rz, const ECGroup *group); - -/* Converts a point P(px, py, pz) from projective coordinates to affine - * coordinates R(rx, ry). */ -mp_err ec_GF2m_pt_proj2aff(const mp_int *px, const mp_int *py, - const mp_int *pz, mp_int *rx, mp_int *ry, - const ECGroup *group); - -/* Checks if point P(px, py, pz) is at infinity. Uses projective - * coordinates. */ -mp_err ec_GF2m_pt_is_inf_proj(const mp_int *px, const mp_int *py, - const mp_int *pz); - -/* Sets P(px, py, pz) to be the point at infinity. Uses projective - * coordinates. */ -mp_err ec_GF2m_pt_set_inf_proj(mp_int *px, mp_int *py, mp_int *pz); - -/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is - * (qx, qy, qz). Uses projective coordinates. */ -mp_err ec_GF2m_pt_add_proj(const mp_int *px, const mp_int *py, - const mp_int *pz, const mp_int *qx, - const mp_int *qy, mp_int *rx, mp_int *ry, - mp_int *rz, const ECGroup *group); - -/* Computes R = 2P. Uses projective coordinates. */ -mp_err ec_GF2m_pt_dbl_proj(const mp_int *px, const mp_int *py, - const mp_int *pz, mp_int *rx, mp_int *ry, - mp_int *rz, const ECGroup *group); - -/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters - * a, b and p are the elliptic curve coefficients and the prime that - * determines the field GF2m. Uses projective coordinates. */ -mp_err ec_GF2m_pt_mul_proj(const mp_int *n, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, - const ECGroup *group); -#endif - -#endif /* __ec2_h_ */ diff --git a/security/nss/lib/freebl/ecl/ec2_163.c b/security/nss/lib/freebl/ecl/ec2_163.c deleted file mode 100644 index d6872500d..000000000 --- a/security/nss/lib/freebl/ecl/ec2_163.c +++ /dev/null @@ -1,258 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for binary polynomial - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sheueling Chang-Shantz , - * Stephen Fung , and - * Douglas Stebila , Sun Microsystems Laboratories. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ec2.h" -#include "mp_gf2m.h" -#include "mp_gf2m-priv.h" -#include "mpi.h" -#include "mpi-priv.h" -#include - -/* Fast reduction for polynomials over a 163-bit curve. Assumes reduction - * polynomial with terms {163, 7, 6, 3, 0}. */ -mp_err -ec_GF2m_163_mod(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - mp_err res = MP_OKAY; - mp_digit *u, z; - - if (a != r) { - MP_CHECKOK(mp_copy(a, r)); - } -#ifdef ECL_SIXTY_FOUR_BIT - if (MP_USED(r) < 6) { - MP_CHECKOK(s_mp_pad(r, 6)); - } - u = MP_DIGITS(r); - MP_USED(r) = 6; - - /* u[5] only has 6 significant bits */ - z = u[5]; - u[2] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29); - z = u[4]; - u[2] ^= (z >> 28) ^ (z >> 29) ^ (z >> 32) ^ (z >> 35); - u[1] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29); - z = u[3]; - u[1] ^= (z >> 28) ^ (z >> 29) ^ (z >> 32) ^ (z >> 35); - u[0] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29); - z = u[2] >> 35; /* z only has 29 significant bits */ - u[0] ^= (z << 7) ^ (z << 6) ^ (z << 3) ^ z; - /* clear bits above 163 */ - u[5] = u[4] = u[3] = 0; - u[2] ^= z << 35; -#else - if (MP_USED(r) < 11) { - MP_CHECKOK(s_mp_pad(r, 11)); - } - u = MP_DIGITS(r); - MP_USED(r) = 11; - - /* u[11] only has 6 significant bits */ - z = u[10]; - u[5] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3); - u[4] ^= (z << 29); - z = u[9]; - u[5] ^= (z >> 28) ^ (z >> 29); - u[4] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3); - u[3] ^= (z << 29); - z = u[8]; - u[4] ^= (z >> 28) ^ (z >> 29); - u[3] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3); - u[2] ^= (z << 29); - z = u[7]; - u[3] ^= (z >> 28) ^ (z >> 29); - u[2] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3); - u[1] ^= (z << 29); - z = u[6]; - u[2] ^= (z >> 28) ^ (z >> 29); - u[1] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3); - u[0] ^= (z << 29); - z = u[5] >> 3; /* z only has 29 significant bits */ - u[1] ^= (z >> 25) ^ (z >> 26); - u[0] ^= (z << 7) ^ (z << 6) ^ (z << 3) ^ z; - /* clear bits above 163 */ - u[11] = u[10] = u[9] = u[8] = u[7] = u[6] = 0; - u[5] ^= z << 3; -#endif - s_mp_clamp(r); - - CLEANUP: - return res; -} - -/* Fast squaring for polynomials over a 163-bit curve. Assumes reduction - * polynomial with terms {163, 7, 6, 3, 0}. */ -mp_err -ec_GF2m_163_sqr(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - mp_err res = MP_OKAY; - mp_digit *u, *v; - - v = MP_DIGITS(a); - -#ifdef ECL_SIXTY_FOUR_BIT - if (MP_USED(a) < 3) { - return mp_bsqrmod(a, meth->irr_arr, r); - } - if (MP_USED(r) < 6) { - MP_CHECKOK(s_mp_pad(r, 6)); - } - MP_USED(r) = 6; -#else - if (MP_USED(a) < 6) { - return mp_bsqrmod(a, meth->irr_arr, r); - } - if (MP_USED(r) < 12) { - MP_CHECKOK(s_mp_pad(r, 12)); - } - MP_USED(r) = 12; -#endif - u = MP_DIGITS(r); - -#ifdef ECL_THIRTY_TWO_BIT - u[11] = gf2m_SQR1(v[5]); - u[10] = gf2m_SQR0(v[5]); - u[9] = gf2m_SQR1(v[4]); - u[8] = gf2m_SQR0(v[4]); - u[7] = gf2m_SQR1(v[3]); - u[6] = gf2m_SQR0(v[3]); -#endif - u[5] = gf2m_SQR1(v[2]); - u[4] = gf2m_SQR0(v[2]); - u[3] = gf2m_SQR1(v[1]); - u[2] = gf2m_SQR0(v[1]); - u[1] = gf2m_SQR1(v[0]); - u[0] = gf2m_SQR0(v[0]); - return ec_GF2m_163_mod(r, r, meth); - - CLEANUP: - return res; -} - -/* Fast multiplication for polynomials over a 163-bit curve. Assumes - * reduction polynomial with terms {163, 7, 6, 3, 0}. */ -mp_err -ec_GF2m_163_mul(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth) -{ - mp_err res = MP_OKAY; - mp_digit a2 = 0, a1 = 0, a0, b2 = 0, b1 = 0, b0; - -#ifdef ECL_THIRTY_TWO_BIT - mp_digit a5 = 0, a4 = 0, a3 = 0, b5 = 0, b4 = 0, b3 = 0; - mp_digit rm[6]; -#endif - - if (a == b) { - return ec_GF2m_163_sqr(a, r, meth); - } else { - switch (MP_USED(a)) { -#ifdef ECL_THIRTY_TWO_BIT - case 6: - a5 = MP_DIGIT(a, 5); - case 5: - a4 = MP_DIGIT(a, 4); - case 4: - a3 = MP_DIGIT(a, 3); -#endif - case 3: - a2 = MP_DIGIT(a, 2); - case 2: - a1 = MP_DIGIT(a, 1); - default: - a0 = MP_DIGIT(a, 0); - } - switch (MP_USED(b)) { -#ifdef ECL_THIRTY_TWO_BIT - case 6: - b5 = MP_DIGIT(b, 5); - case 5: - b4 = MP_DIGIT(b, 4); - case 4: - b3 = MP_DIGIT(b, 3); -#endif - case 3: - b2 = MP_DIGIT(b, 2); - case 2: - b1 = MP_DIGIT(b, 1); - default: - b0 = MP_DIGIT(b, 0); - } -#ifdef ECL_SIXTY_FOUR_BIT - MP_CHECKOK(s_mp_pad(r, 6)); - s_bmul_3x3(MP_DIGITS(r), a2, a1, a0, b2, b1, b0); - MP_USED(r) = 6; - s_mp_clamp(r); -#else - MP_CHECKOK(s_mp_pad(r, 12)); - s_bmul_3x3(MP_DIGITS(r) + 6, a5, a4, a3, b5, b4, b3); - s_bmul_3x3(MP_DIGITS(r), a2, a1, a0, b2, b1, b0); - s_bmul_3x3(rm, a5 ^ a2, a4 ^ a1, a3 ^ a0, b5 ^ b2, b4 ^ b1, - b3 ^ b0); - rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 11); - rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 10); - rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 9); - rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 8); - rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 7); - rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 6); - MP_DIGIT(r, 8) ^= rm[5]; - MP_DIGIT(r, 7) ^= rm[4]; - MP_DIGIT(r, 6) ^= rm[3]; - MP_DIGIT(r, 5) ^= rm[2]; - MP_DIGIT(r, 4) ^= rm[1]; - MP_DIGIT(r, 3) ^= rm[0]; - MP_USED(r) = 12; - s_mp_clamp(r); -#endif - return ec_GF2m_163_mod(r, r, meth); - } - - CLEANUP: - return res; -} - -/* Wire in fast field arithmetic for 163-bit curves. */ -mp_err -ec_group_set_gf2m163(ECGroup *group, ECCurveName name) -{ - group->meth->field_mod = &ec_GF2m_163_mod; - group->meth->field_mul = &ec_GF2m_163_mul; - group->meth->field_sqr = &ec_GF2m_163_sqr; - return MP_OKAY; -} diff --git a/security/nss/lib/freebl/ecl/ec2_193.c b/security/nss/lib/freebl/ecl/ec2_193.c deleted file mode 100644 index 5035a99bd..000000000 --- a/security/nss/lib/freebl/ecl/ec2_193.c +++ /dev/null @@ -1,275 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for binary polynomial - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sheueling Chang-Shantz , - * Stephen Fung , and - * Douglas Stebila , Sun Microsystems Laboratories. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ec2.h" -#include "mp_gf2m.h" -#include "mp_gf2m-priv.h" -#include "mpi.h" -#include "mpi-priv.h" -#include - -/* Fast reduction for polynomials over a 193-bit curve. Assumes reduction - * polynomial with terms {193, 15, 0}. */ -mp_err -ec_GF2m_193_mod(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - mp_err res = MP_OKAY; - mp_digit *u, z; - - if (a != r) { - MP_CHECKOK(mp_copy(a, r)); - } -#ifdef ECL_SIXTY_FOUR_BIT - if (MP_USED(r) < 7) { - MP_CHECKOK(s_mp_pad(r, 7)); - } - u = MP_DIGITS(r); - MP_USED(r) = 7; - - /* u[6] only has 2 significant bits */ - z = u[6]; - u[3] ^= (z << 14) ^ (z >> 1); - u[2] ^= (z << 63); - z = u[5]; - u[3] ^= (z >> 50); - u[2] ^= (z << 14) ^ (z >> 1); - u[1] ^= (z << 63); - z = u[4]; - u[2] ^= (z >> 50); - u[1] ^= (z << 14) ^ (z >> 1); - u[0] ^= (z << 63); - z = u[3] >> 1; /* z only has 63 significant bits */ - u[1] ^= (z >> 49); - u[0] ^= (z << 15) ^ z; - /* clear bits above 193 */ - u[6] = u[5] = u[4] = 0; - u[3] ^= z << 1; -#else - if (MP_USED(r) < 13) { - MP_CHECKOK(s_mp_pad(r, 13)); - } - u = MP_DIGITS(r); - MP_USED(r) = 13; - - /* u[12] only has 2 significant bits */ - z = u[12]; - u[6] ^= (z << 14) ^ (z >> 1); - u[5] ^= (z << 31); - z = u[11]; - u[6] ^= (z >> 18); - u[5] ^= (z << 14) ^ (z >> 1); - u[4] ^= (z << 31); - z = u[10]; - u[5] ^= (z >> 18); - u[4] ^= (z << 14) ^ (z >> 1); - u[3] ^= (z << 31); - z = u[9]; - u[4] ^= (z >> 18); - u[3] ^= (z << 14) ^ (z >> 1); - u[2] ^= (z << 31); - z = u[8]; - u[3] ^= (z >> 18); - u[2] ^= (z << 14) ^ (z >> 1); - u[1] ^= (z << 31); - z = u[7]; - u[2] ^= (z >> 18); - u[1] ^= (z << 14) ^ (z >> 1); - u[0] ^= (z << 31); - z = u[6] >> 1; /* z only has 31 significant bits */ - u[1] ^= (z >> 17); - u[0] ^= (z << 15) ^ z; - /* clear bits above 193 */ - u[12] = u[11] = u[10] = u[9] = u[8] = u[7] = 0; - u[6] ^= z << 1; -#endif - s_mp_clamp(r); - - CLEANUP: - return res; -} - -/* Fast squaring for polynomials over a 193-bit curve. Assumes reduction - * polynomial with terms {193, 15, 0}. */ -mp_err -ec_GF2m_193_sqr(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - mp_err res = MP_OKAY; - mp_digit *u, *v; - - v = MP_DIGITS(a); - -#ifdef ECL_SIXTY_FOUR_BIT - if (MP_USED(a) < 4) { - return mp_bsqrmod(a, meth->irr_arr, r); - } - if (MP_USED(r) < 7) { - MP_CHECKOK(s_mp_pad(r, 7)); - } - MP_USED(r) = 7; -#else - if (MP_USED(a) < 7) { - return mp_bsqrmod(a, meth->irr_arr, r); - } - if (MP_USED(r) < 13) { - MP_CHECKOK(s_mp_pad(r, 13)); - } - MP_USED(r) = 13; -#endif - u = MP_DIGITS(r); - -#ifdef ECL_THIRTY_TWO_BIT - u[12] = gf2m_SQR0(v[6]); - u[11] = gf2m_SQR1(v[5]); - u[10] = gf2m_SQR0(v[5]); - u[9] = gf2m_SQR1(v[4]); - u[8] = gf2m_SQR0(v[4]); - u[7] = gf2m_SQR1(v[3]); -#endif - u[6] = gf2m_SQR0(v[3]); - u[5] = gf2m_SQR1(v[2]); - u[4] = gf2m_SQR0(v[2]); - u[3] = gf2m_SQR1(v[1]); - u[2] = gf2m_SQR0(v[1]); - u[1] = gf2m_SQR1(v[0]); - u[0] = gf2m_SQR0(v[0]); - return ec_GF2m_193_mod(r, r, meth); - - CLEANUP: - return res; -} - -/* Fast multiplication for polynomials over a 193-bit curve. Assumes - * reduction polynomial with terms {193, 15, 0}. */ -mp_err -ec_GF2m_193_mul(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth) -{ - mp_err res = MP_OKAY; - mp_digit a3 = 0, a2 = 0, a1 = 0, a0, b3 = 0, b2 = 0, b1 = 0, b0; - -#ifdef ECL_THIRTY_TWO_BIT - mp_digit a6 = 0, a5 = 0, a4 = 0, b6 = 0, b5 = 0, b4 = 0; - mp_digit rm[8]; -#endif - - if (a == b) { - return ec_GF2m_193_sqr(a, r, meth); - } else { - switch (MP_USED(a)) { -#ifdef ECL_THIRTY_TWO_BIT - case 7: - a6 = MP_DIGIT(a, 6); - case 6: - a5 = MP_DIGIT(a, 5); - case 5: - a4 = MP_DIGIT(a, 4); -#endif - case 4: - a3 = MP_DIGIT(a, 3); - case 3: - a2 = MP_DIGIT(a, 2); - case 2: - a1 = MP_DIGIT(a, 1); - default: - a0 = MP_DIGIT(a, 0); - } - switch (MP_USED(b)) { -#ifdef ECL_THIRTY_TWO_BIT - case 7: - b6 = MP_DIGIT(b, 6); - case 6: - b5 = MP_DIGIT(b, 5); - case 5: - b4 = MP_DIGIT(b, 4); -#endif - case 4: - b3 = MP_DIGIT(b, 3); - case 3: - b2 = MP_DIGIT(b, 2); - case 2: - b1 = MP_DIGIT(b, 1); - default: - b0 = MP_DIGIT(b, 0); - } -#ifdef ECL_SIXTY_FOUR_BIT - MP_CHECKOK(s_mp_pad(r, 8)); - s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0); - MP_USED(r) = 8; - s_mp_clamp(r); -#else - MP_CHECKOK(s_mp_pad(r, 14)); - s_bmul_3x3(MP_DIGITS(r) + 8, a6, a5, a4, b6, b5, b4); - s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0); - s_bmul_4x4(rm, a3, a6 ^ a2, a5 ^ a1, a4 ^ a0, b3, b6 ^ b2, b5 ^ b1, - b4 ^ b0); - rm[7] ^= MP_DIGIT(r, 7); - rm[6] ^= MP_DIGIT(r, 6); - rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 13); - rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 12); - rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 11); - rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 10); - rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 9); - rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 8); - MP_DIGIT(r, 11) ^= rm[7]; - MP_DIGIT(r, 10) ^= rm[6]; - MP_DIGIT(r, 9) ^= rm[5]; - MP_DIGIT(r, 8) ^= rm[4]; - MP_DIGIT(r, 7) ^= rm[3]; - MP_DIGIT(r, 6) ^= rm[2]; - MP_DIGIT(r, 5) ^= rm[1]; - MP_DIGIT(r, 4) ^= rm[0]; - MP_USED(r) = 14; - s_mp_clamp(r); -#endif - return ec_GF2m_193_mod(r, r, meth); - } - - CLEANUP: - return res; -} - -/* Wire in fast field arithmetic for 193-bit curves. */ -mp_err -ec_group_set_gf2m193(ECGroup *group, ECCurveName name) -{ - group->meth->field_mod = &ec_GF2m_193_mod; - group->meth->field_mul = &ec_GF2m_193_mul; - group->meth->field_sqr = &ec_GF2m_193_sqr; - return MP_OKAY; -} diff --git a/security/nss/lib/freebl/ecl/ec2_233.c b/security/nss/lib/freebl/ecl/ec2_233.c deleted file mode 100644 index 719854229..000000000 --- a/security/nss/lib/freebl/ecl/ec2_233.c +++ /dev/null @@ -1,298 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for binary polynomial - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sheueling Chang-Shantz , - * Stephen Fung , and - * Douglas Stebila , Sun Microsystems Laboratories. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ec2.h" -#include "mp_gf2m.h" -#include "mp_gf2m-priv.h" -#include "mpi.h" -#include "mpi-priv.h" -#include - -/* Fast reduction for polynomials over a 233-bit curve. Assumes reduction - * polynomial with terms {233, 74, 0}. */ -mp_err -ec_GF2m_233_mod(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - mp_err res = MP_OKAY; - mp_digit *u, z; - - if (a != r) { - MP_CHECKOK(mp_copy(a, r)); - } -#ifdef ECL_SIXTY_FOUR_BIT - if (MP_USED(r) < 8) { - MP_CHECKOK(s_mp_pad(r, 8)); - } - u = MP_DIGITS(r); - MP_USED(r) = 8; - - /* u[7] only has 18 significant bits */ - z = u[7]; - u[4] ^= (z << 33) ^ (z >> 41); - u[3] ^= (z << 23); - z = u[6]; - u[4] ^= (z >> 31); - u[3] ^= (z << 33) ^ (z >> 41); - u[2] ^= (z << 23); - z = u[5]; - u[3] ^= (z >> 31); - u[2] ^= (z << 33) ^ (z >> 41); - u[1] ^= (z << 23); - z = u[4]; - u[2] ^= (z >> 31); - u[1] ^= (z << 33) ^ (z >> 41); - u[0] ^= (z << 23); - z = u[3] >> 41; /* z only has 23 significant bits */ - u[1] ^= (z << 10); - u[0] ^= z; - /* clear bits above 233 */ - u[7] = u[6] = u[5] = u[4] = 0; - u[3] ^= z << 41; -#else - if (MP_USED(r) < 15) { - MP_CHECKOK(s_mp_pad(r, 15)); - } - u = MP_DIGITS(r); - MP_USED(r) = 15; - - /* u[14] only has 18 significant bits */ - z = u[14]; - u[9] ^= (z << 1); - u[7] ^= (z >> 9); - u[6] ^= (z << 23); - z = u[13]; - u[9] ^= (z >> 31); - u[8] ^= (z << 1); - u[6] ^= (z >> 9); - u[5] ^= (z << 23); - z = u[12]; - u[8] ^= (z >> 31); - u[7] ^= (z << 1); - u[5] ^= (z >> 9); - u[4] ^= (z << 23); - z = u[11]; - u[7] ^= (z >> 31); - u[6] ^= (z << 1); - u[4] ^= (z >> 9); - u[3] ^= (z << 23); - z = u[10]; - u[6] ^= (z >> 31); - u[5] ^= (z << 1); - u[3] ^= (z >> 9); - u[2] ^= (z << 23); - z = u[9]; - u[5] ^= (z >> 31); - u[4] ^= (z << 1); - u[2] ^= (z >> 9); - u[1] ^= (z << 23); - z = u[8]; - u[4] ^= (z >> 31); - u[3] ^= (z << 1); - u[1] ^= (z >> 9); - u[0] ^= (z << 23); - z = u[7] >> 9; /* z only has 23 significant bits */ - u[3] ^= (z >> 22); - u[2] ^= (z << 10); - u[0] ^= z; - /* clear bits above 233 */ - u[14] = u[13] = u[12] = u[11] = u[10] = u[9] = u[8] = 0; - u[7] ^= z << 9; -#endif - s_mp_clamp(r); - - CLEANUP: - return res; -} - -/* Fast squaring for polynomials over a 233-bit curve. Assumes reduction - * polynomial with terms {233, 74, 0}. */ -mp_err -ec_GF2m_233_sqr(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - mp_err res = MP_OKAY; - mp_digit *u, *v; - - v = MP_DIGITS(a); - -#ifdef ECL_SIXTY_FOUR_BIT - if (MP_USED(a) < 4) { - return mp_bsqrmod(a, meth->irr_arr, r); - } - if (MP_USED(r) < 8) { - MP_CHECKOK(s_mp_pad(r, 8)); - } - MP_USED(r) = 8; -#else - if (MP_USED(a) < 8) { - return mp_bsqrmod(a, meth->irr_arr, r); - } - if (MP_USED(r) < 15) { - MP_CHECKOK(s_mp_pad(r, 15)); - } - MP_USED(r) = 15; -#endif - u = MP_DIGITS(r); - -#ifdef ECL_THIRTY_TWO_BIT - u[14] = gf2m_SQR0(v[7]); - u[13] = gf2m_SQR1(v[6]); - u[12] = gf2m_SQR0(v[6]); - u[11] = gf2m_SQR1(v[5]); - u[10] = gf2m_SQR0(v[5]); - u[9] = gf2m_SQR1(v[4]); - u[8] = gf2m_SQR0(v[4]); -#endif - u[7] = gf2m_SQR1(v[3]); - u[6] = gf2m_SQR0(v[3]); - u[5] = gf2m_SQR1(v[2]); - u[4] = gf2m_SQR0(v[2]); - u[3] = gf2m_SQR1(v[1]); - u[2] = gf2m_SQR0(v[1]); - u[1] = gf2m_SQR1(v[0]); - u[0] = gf2m_SQR0(v[0]); - return ec_GF2m_233_mod(r, r, meth); - - CLEANUP: - return res; -} - -/* Fast multiplication for polynomials over a 233-bit curve. Assumes - * reduction polynomial with terms {233, 74, 0}. */ -mp_err -ec_GF2m_233_mul(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth) -{ - mp_err res = MP_OKAY; - mp_digit a3 = 0, a2 = 0, a1 = 0, a0, b3 = 0, b2 = 0, b1 = 0, b0; - -#ifdef ECL_THIRTY_TWO_BIT - mp_digit a7 = 0, a6 = 0, a5 = 0, a4 = 0, b7 = 0, b6 = 0, b5 = 0, b4 = - 0; - mp_digit rm[8]; -#endif - - if (a == b) { - return ec_GF2m_233_sqr(a, r, meth); - } else { - switch (MP_USED(a)) { -#ifdef ECL_THIRTY_TWO_BIT - case 8: - a7 = MP_DIGIT(a, 7); - case 7: - a6 = MP_DIGIT(a, 6); - case 6: - a5 = MP_DIGIT(a, 5); - case 5: - a4 = MP_DIGIT(a, 4); -#endif - case 4: - a3 = MP_DIGIT(a, 3); - case 3: - a2 = MP_DIGIT(a, 2); - case 2: - a1 = MP_DIGIT(a, 1); - default: - a0 = MP_DIGIT(a, 0); - } - switch (MP_USED(b)) { -#ifdef ECL_THIRTY_TWO_BIT - case 8: - b7 = MP_DIGIT(b, 7); - case 7: - b6 = MP_DIGIT(b, 6); - case 6: - b5 = MP_DIGIT(b, 5); - case 5: - b4 = MP_DIGIT(b, 4); -#endif - case 4: - b3 = MP_DIGIT(b, 3); - case 3: - b2 = MP_DIGIT(b, 2); - case 2: - b1 = MP_DIGIT(b, 1); - default: - b0 = MP_DIGIT(b, 0); - } -#ifdef ECL_SIXTY_FOUR_BIT - MP_CHECKOK(s_mp_pad(r, 8)); - s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0); - MP_USED(r) = 8; - s_mp_clamp(r); -#else - MP_CHECKOK(s_mp_pad(r, 16)); - s_bmul_4x4(MP_DIGITS(r) + 8, a7, a6, a5, a4, b7, b6, b5, b4); - s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0); - s_bmul_4x4(rm, a7 ^ a3, a6 ^ a2, a5 ^ a1, a4 ^ a0, b7 ^ b3, - b6 ^ b2, b5 ^ b1, b4 ^ b0); - rm[7] ^= MP_DIGIT(r, 7) ^ MP_DIGIT(r, 15); - rm[6] ^= MP_DIGIT(r, 6) ^ MP_DIGIT(r, 14); - rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 13); - rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 12); - rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 11); - rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 10); - rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 9); - rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 8); - MP_DIGIT(r, 11) ^= rm[7]; - MP_DIGIT(r, 10) ^= rm[6]; - MP_DIGIT(r, 9) ^= rm[5]; - MP_DIGIT(r, 8) ^= rm[4]; - MP_DIGIT(r, 7) ^= rm[3]; - MP_DIGIT(r, 6) ^= rm[2]; - MP_DIGIT(r, 5) ^= rm[1]; - MP_DIGIT(r, 4) ^= rm[0]; - MP_USED(r) = 16; - s_mp_clamp(r); -#endif - return ec_GF2m_233_mod(r, r, meth); - } - - CLEANUP: - return res; -} - -/* Wire in fast field arithmetic for 233-bit curves. */ -mp_err -ec_group_set_gf2m233(ECGroup *group, ECCurveName name) -{ - group->meth->field_mod = &ec_GF2m_233_mod; - group->meth->field_mul = &ec_GF2m_233_mul; - group->meth->field_sqr = &ec_GF2m_233_sqr; - return MP_OKAY; -} diff --git a/security/nss/lib/freebl/ecl/ec2_aff.c b/security/nss/lib/freebl/ecl/ec2_aff.c deleted file mode 100644 index 5c7972c0c..000000000 --- a/security/nss/lib/freebl/ecl/ec2_aff.c +++ /dev/null @@ -1,270 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for binary polynomial - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ec2.h" -#include "mplogic.h" -#include "mp_gf2m.h" -#include - -/* Checks if point P(px, py) is at infinity. Uses affine coordinates. */ -mp_err -ec_GF2m_pt_is_inf_aff(const mp_int *px, const mp_int *py) -{ - - if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) { - return MP_YES; - } else { - return MP_NO; - } - -} - -/* Sets P(px, py) to be the point at infinity. Uses affine coordinates. */ -mp_err -ec_GF2m_pt_set_inf_aff(mp_int *px, mp_int *py) -{ - mp_zero(px); - mp_zero(py); - return MP_OKAY; -} - -/* Computes R = P + Q based on IEEE P1363 A.10.2. Elliptic curve points P, - * Q, and R can all be identical. Uses affine coordinates. */ -mp_err -ec_GF2m_pt_add_aff(const mp_int *px, const mp_int *py, const mp_int *qx, - const mp_int *qy, mp_int *rx, mp_int *ry, - const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int lambda, tempx, tempy; - - MP_DIGITS(&lambda) = 0; - MP_DIGITS(&tempx) = 0; - MP_DIGITS(&tempy) = 0; - MP_CHECKOK(mp_init(&lambda)); - MP_CHECKOK(mp_init(&tempx)); - MP_CHECKOK(mp_init(&tempy)); - /* if P = inf, then R = Q */ - if (ec_GF2m_pt_is_inf_aff(px, py) == 0) { - MP_CHECKOK(mp_copy(qx, rx)); - MP_CHECKOK(mp_copy(qy, ry)); - res = MP_OKAY; - goto CLEANUP; - } - /* if Q = inf, then R = P */ - if (ec_GF2m_pt_is_inf_aff(qx, qy) == 0) { - MP_CHECKOK(mp_copy(px, rx)); - MP_CHECKOK(mp_copy(py, ry)); - res = MP_OKAY; - goto CLEANUP; - } - /* if px != qx, then lambda = (py+qy) / (px+qx), tempx = a + lambda^2 - * + lambda + px + qx */ - if (mp_cmp(px, qx) != 0) { - MP_CHECKOK(group->meth->field_add(py, qy, &tempy, group->meth)); - MP_CHECKOK(group->meth->field_add(px, qx, &tempx, group->meth)); - MP_CHECKOK(group->meth-> - field_div(&tempy, &tempx, &lambda, group->meth)); - MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth)); - MP_CHECKOK(group->meth-> - field_add(&tempx, &lambda, &tempx, group->meth)); - MP_CHECKOK(group->meth-> - field_add(&tempx, &group->curvea, &tempx, group->meth)); - MP_CHECKOK(group->meth-> - field_add(&tempx, px, &tempx, group->meth)); - MP_CHECKOK(group->meth-> - field_add(&tempx, qx, &tempx, group->meth)); - } else { - /* if py != qy or qx = 0, then R = inf */ - if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qx) == 0)) { - mp_zero(rx); - mp_zero(ry); - res = MP_OKAY; - goto CLEANUP; - } - /* lambda = qx + qy / qx */ - MP_CHECKOK(group->meth->field_div(qy, qx, &lambda, group->meth)); - MP_CHECKOK(group->meth-> - field_add(&lambda, qx, &lambda, group->meth)); - /* tempx = a + lambda^2 + lambda */ - MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth)); - MP_CHECKOK(group->meth-> - field_add(&tempx, &lambda, &tempx, group->meth)); - MP_CHECKOK(group->meth-> - field_add(&tempx, &group->curvea, &tempx, group->meth)); - } - /* ry = (qx + tempx) * lambda + tempx + qy */ - MP_CHECKOK(group->meth->field_add(qx, &tempx, &tempy, group->meth)); - MP_CHECKOK(group->meth-> - field_mul(&tempy, &lambda, &tempy, group->meth)); - MP_CHECKOK(group->meth-> - field_add(&tempy, &tempx, &tempy, group->meth)); - MP_CHECKOK(group->meth->field_add(&tempy, qy, ry, group->meth)); - /* rx = tempx */ - MP_CHECKOK(mp_copy(&tempx, rx)); - - CLEANUP: - mp_clear(&lambda); - mp_clear(&tempx); - mp_clear(&tempy); - return res; -} - -/* Computes R = P - Q. Elliptic curve points P, Q, and R can all be - * identical. Uses affine coordinates. */ -mp_err -ec_GF2m_pt_sub_aff(const mp_int *px, const mp_int *py, const mp_int *qx, - const mp_int *qy, mp_int *rx, mp_int *ry, - const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int nqy; - - MP_DIGITS(&nqy) = 0; - MP_CHECKOK(mp_init(&nqy)); - /* nqy = qx+qy */ - MP_CHECKOK(group->meth->field_add(qx, qy, &nqy, group->meth)); - MP_CHECKOK(group->point_add(px, py, qx, &nqy, rx, ry, group)); - CLEANUP: - mp_clear(&nqy); - return res; -} - -/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses - * affine coordinates. */ -mp_err -ec_GF2m_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx, - mp_int *ry, const ECGroup *group) -{ - return group->point_add(px, py, px, py, rx, ry, group); -} - -/* by default, this routine is unused and thus doesn't need to be compiled */ -#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF -/* Computes R = nP based on IEEE P1363 A.10.3. Elliptic curve points P and - * R can be identical. Uses affine coordinates. */ -mp_err -ec_GF2m_pt_mul_aff(const mp_int *n, const mp_int *px, const mp_int *py, - mp_int *rx, mp_int *ry, const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int k, k3, qx, qy, sx, sy; - int b1, b3, i, l; - - MP_DIGITS(&k) = 0; - MP_DIGITS(&k3) = 0; - MP_DIGITS(&qx) = 0; - MP_DIGITS(&qy) = 0; - MP_DIGITS(&sx) = 0; - MP_DIGITS(&sy) = 0; - MP_CHECKOK(mp_init(&k)); - MP_CHECKOK(mp_init(&k3)); - MP_CHECKOK(mp_init(&qx)); - MP_CHECKOK(mp_init(&qy)); - MP_CHECKOK(mp_init(&sx)); - MP_CHECKOK(mp_init(&sy)); - - /* if n = 0 then r = inf */ - if (mp_cmp_z(n) == 0) { - mp_zero(rx); - mp_zero(ry); - res = MP_OKAY; - goto CLEANUP; - } - /* Q = P, k = n */ - MP_CHECKOK(mp_copy(px, &qx)); - MP_CHECKOK(mp_copy(py, &qy)); - MP_CHECKOK(mp_copy(n, &k)); - /* if n < 0 then Q = -Q, k = -k */ - if (mp_cmp_z(n) < 0) { - MP_CHECKOK(group->meth->field_add(&qx, &qy, &qy, group->meth)); - MP_CHECKOK(mp_neg(&k, &k)); - } -#ifdef ECL_DEBUG /* basic double and add method */ - l = mpl_significant_bits(&k) - 1; - MP_CHECKOK(mp_copy(&qx, &sx)); - MP_CHECKOK(mp_copy(&qy, &sy)); - for (i = l - 1; i >= 0; i--) { - /* S = 2S */ - MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group)); - /* if k_i = 1, then S = S + Q */ - if (mpl_get_bit(&k, i) != 0) { - MP_CHECKOK(group-> - point_add(&sx, &sy, &qx, &qy, &sx, &sy, group)); - } - } -#else /* double and add/subtract method from - * standard */ - /* k3 = 3 * k */ - MP_CHECKOK(mp_set_int(&k3, 3)); - MP_CHECKOK(mp_mul(&k, &k3, &k3)); - /* S = Q */ - MP_CHECKOK(mp_copy(&qx, &sx)); - MP_CHECKOK(mp_copy(&qy, &sy)); - /* l = index of high order bit in binary representation of 3*k */ - l = mpl_significant_bits(&k3) - 1; - /* for i = l-1 downto 1 */ - for (i = l - 1; i >= 1; i--) { - /* S = 2S */ - MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group)); - b3 = MP_GET_BIT(&k3, i); - b1 = MP_GET_BIT(&k, i); - /* if k3_i = 1 and k_i = 0, then S = S + Q */ - if ((b3 == 1) && (b1 == 0)) { - MP_CHECKOK(group-> - point_add(&sx, &sy, &qx, &qy, &sx, &sy, group)); - /* if k3_i = 0 and k_i = 1, then S = S - Q */ - } else if ((b3 == 0) && (b1 == 1)) { - MP_CHECKOK(group-> - point_sub(&sx, &sy, &qx, &qy, &sx, &sy, group)); - } - } -#endif - /* output S */ - MP_CHECKOK(mp_copy(&sx, rx)); - MP_CHECKOK(mp_copy(&sy, ry)); - - CLEANUP: - mp_clear(&k); - mp_clear(&k3); - mp_clear(&qx); - mp_clear(&qy); - mp_clear(&sx); - mp_clear(&sy); - return res; -} -#endif diff --git a/security/nss/lib/freebl/ecl/ec2_mont.c b/security/nss/lib/freebl/ecl/ec2_mont.c deleted file mode 100644 index 6658d3295..000000000 --- a/security/nss/lib/freebl/ecl/ec2_mont.c +++ /dev/null @@ -1,276 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for binary polynomial - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sheueling Chang-Shantz , - * Stephen Fung , and - * Douglas Stebila , Sun Microsystems Laboratories. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ec2.h" -#include "mplogic.h" -#include "mp_gf2m.h" -#include - -/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery - * projective coordinates. Uses algorithm Mdouble in appendix of Lopez, J. - * and Dahab, R. "Fast multiplication on elliptic curves over GF(2^m) - * without precomputation". modified to not require precomputation of - * c=b^{2^{m-1}}. */ -static mp_err -gf2m_Mdouble(mp_int *x, mp_int *z, const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int t1; - - MP_DIGITS(&t1) = 0; - MP_CHECKOK(mp_init(&t1)); - - MP_CHECKOK(group->meth->field_sqr(x, x, group->meth)); - MP_CHECKOK(group->meth->field_sqr(z, &t1, group->meth)); - MP_CHECKOK(group->meth->field_mul(x, &t1, z, group->meth)); - MP_CHECKOK(group->meth->field_sqr(x, x, group->meth)); - MP_CHECKOK(group->meth->field_sqr(&t1, &t1, group->meth)); - MP_CHECKOK(group->meth-> - field_mul(&group->curveb, &t1, &t1, group->meth)); - MP_CHECKOK(group->meth->field_add(x, &t1, x, group->meth)); - - CLEANUP: - mp_clear(&t1); - return res; -} - -/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in - * Montgomery projective coordinates. Uses algorithm Madd in appendix of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". */ -static mp_err -gf2m_Madd(const mp_int *x, mp_int *x1, mp_int *z1, mp_int *x2, mp_int *z2, - const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int t1, t2; - - MP_DIGITS(&t1) = 0; - MP_DIGITS(&t2) = 0; - MP_CHECKOK(mp_init(&t1)); - MP_CHECKOK(mp_init(&t2)); - - MP_CHECKOK(mp_copy(x, &t1)); - MP_CHECKOK(group->meth->field_mul(x1, z2, x1, group->meth)); - MP_CHECKOK(group->meth->field_mul(z1, x2, z1, group->meth)); - MP_CHECKOK(group->meth->field_mul(x1, z1, &t2, group->meth)); - MP_CHECKOK(group->meth->field_add(z1, x1, z1, group->meth)); - MP_CHECKOK(group->meth->field_sqr(z1, z1, group->meth)); - MP_CHECKOK(group->meth->field_mul(z1, &t1, x1, group->meth)); - MP_CHECKOK(group->meth->field_add(x1, &t2, x1, group->meth)); - - CLEANUP: - mp_clear(&t1); - mp_clear(&t2); - return res; -} - -/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) - * using Montgomery point multiplication algorithm Mxy() in appendix of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". Returns: 0 on error 1 if return value - * should be the point at infinity 2 otherwise */ -static int -gf2m_Mxy(const mp_int *x, const mp_int *y, mp_int *x1, mp_int *z1, - mp_int *x2, mp_int *z2, const ECGroup *group) -{ - mp_err res = MP_OKAY; - int ret = 0; - mp_int t3, t4, t5; - - MP_DIGITS(&t3) = 0; - MP_DIGITS(&t4) = 0; - MP_DIGITS(&t5) = 0; - MP_CHECKOK(mp_init(&t3)); - MP_CHECKOK(mp_init(&t4)); - MP_CHECKOK(mp_init(&t5)); - - if (mp_cmp_z(z1) == 0) { - mp_zero(x2); - mp_zero(z2); - ret = 1; - goto CLEANUP; - } - - if (mp_cmp_z(z2) == 0) { - MP_CHECKOK(mp_copy(x, x2)); - MP_CHECKOK(group->meth->field_add(x, y, z2, group->meth)); - ret = 2; - goto CLEANUP; - } - - MP_CHECKOK(mp_set_int(&t5, 1)); - if (group->meth->field_enc) { - MP_CHECKOK(group->meth->field_enc(&t5, &t5, group->meth)); - } - - MP_CHECKOK(group->meth->field_mul(z1, z2, &t3, group->meth)); - - MP_CHECKOK(group->meth->field_mul(z1, x, z1, group->meth)); - MP_CHECKOK(group->meth->field_add(z1, x1, z1, group->meth)); - MP_CHECKOK(group->meth->field_mul(z2, x, z2, group->meth)); - MP_CHECKOK(group->meth->field_mul(z2, x1, x1, group->meth)); - MP_CHECKOK(group->meth->field_add(z2, x2, z2, group->meth)); - - MP_CHECKOK(group->meth->field_mul(z2, z1, z2, group->meth)); - MP_CHECKOK(group->meth->field_sqr(x, &t4, group->meth)); - MP_CHECKOK(group->meth->field_add(&t4, y, &t4, group->meth)); - MP_CHECKOK(group->meth->field_mul(&t4, &t3, &t4, group->meth)); - MP_CHECKOK(group->meth->field_add(&t4, z2, &t4, group->meth)); - - MP_CHECKOK(group->meth->field_mul(&t3, x, &t3, group->meth)); - MP_CHECKOK(group->meth->field_div(&t5, &t3, &t3, group->meth)); - MP_CHECKOK(group->meth->field_mul(&t3, &t4, &t4, group->meth)); - MP_CHECKOK(group->meth->field_mul(x1, &t3, x2, group->meth)); - MP_CHECKOK(group->meth->field_add(x2, x, z2, group->meth)); - - MP_CHECKOK(group->meth->field_mul(z2, &t4, z2, group->meth)); - MP_CHECKOK(group->meth->field_add(z2, y, z2, group->meth)); - - ret = 2; - - CLEANUP: - mp_clear(&t3); - mp_clear(&t4); - mp_clear(&t5); - if (res == MP_OKAY) { - return ret; - } else { - return 0; - } -} - -/* Computes R = nP based on algorithm 2P of Lopex, J. and Dahab, R. "Fast - * multiplication on elliptic curves over GF(2^m) without - * precomputation". Elliptic curve points P and R can be identical. Uses - * Montgomery projective coordinates. */ -mp_err -ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px, const mp_int *py, - mp_int *rx, mp_int *ry, const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int x1, x2, z1, z2; - int i, j; - mp_digit top_bit, mask; - - MP_DIGITS(&x1) = 0; - MP_DIGITS(&x2) = 0; - MP_DIGITS(&z1) = 0; - MP_DIGITS(&z2) = 0; - MP_CHECKOK(mp_init(&x1)); - MP_CHECKOK(mp_init(&x2)); - MP_CHECKOK(mp_init(&z1)); - MP_CHECKOK(mp_init(&z2)); - - /* if result should be point at infinity */ - if ((mp_cmp_z(n) == 0) || (ec_GF2m_pt_is_inf_aff(px, py) == MP_YES)) { - MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry)); - goto CLEANUP; - } - - MP_CHECKOK(mp_copy(rx, &x2)); /* x2 = rx */ - MP_CHECKOK(mp_copy(ry, &z2)); /* z2 = ry */ - - MP_CHECKOK(mp_copy(px, &x1)); /* x1 = px */ - MP_CHECKOK(mp_set_int(&z1, 1)); /* z1 = 1 */ - MP_CHECKOK(group->meth->field_sqr(&x1, &z2, group->meth)); /* z2 = - * x1^2 = - * x2^2 */ - MP_CHECKOK(group->meth->field_sqr(&z2, &x2, group->meth)); - MP_CHECKOK(group->meth->field_add(&x2, &group->curveb, &x2, group->meth)); /* x2 - * = - * px^4 - * + - * b - */ - - /* find top-most bit and go one past it */ - i = MP_USED(n) - 1; - j = MP_DIGIT_BIT - 1; - top_bit = 1; - top_bit <<= MP_DIGIT_BIT - 1; - mask = top_bit; - while (!(MP_DIGITS(n)[i] & mask)) { - mask >>= 1; - j--; - } - mask >>= 1; - j--; - - /* if top most bit was at word break, go to next word */ - if (!mask) { - i--; - j = MP_DIGIT_BIT - 1; - mask = top_bit; - } - - for (; i >= 0; i--) { - for (; j >= 0; j--) { - if (MP_DIGITS(n)[i] & mask) { - MP_CHECKOK(gf2m_Madd(px, &x1, &z1, &x2, &z2, group)); - MP_CHECKOK(gf2m_Mdouble(&x2, &z2, group)); - } else { - MP_CHECKOK(gf2m_Madd(px, &x2, &z2, &x1, &z1, group)); - MP_CHECKOK(gf2m_Mdouble(&x1, &z1, group)); - } - mask >>= 1; - } - j = MP_DIGIT_BIT - 1; - mask = top_bit; - } - - /* convert out of "projective" coordinates */ - i = gf2m_Mxy(px, py, &x1, &z1, &x2, &z2, group); - if (i == 0) { - res = MP_BADARG; - goto CLEANUP; - } else if (i == 1) { - MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry)); - } else { - MP_CHECKOK(mp_copy(&x2, rx)); - MP_CHECKOK(mp_copy(&z2, ry)); - } - - CLEANUP: - mp_clear(&x1); - mp_clear(&x2); - mp_clear(&z1); - mp_clear(&z2); - return res; -} diff --git a/security/nss/lib/freebl/ecl/ec2_proj.c b/security/nss/lib/freebl/ecl/ec2_proj.c deleted file mode 100644 index 8df72433c..000000000 --- a/security/nss/lib/freebl/ecl/ec2_proj.c +++ /dev/null @@ -1,368 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for binary polynomial - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sheueling Chang-Shantz , - * Stephen Fung , and - * Douglas Stebila , Sun Microsystems Laboratories. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ec2.h" -#include "mplogic.h" -#include "mp_gf2m.h" -#include -#ifdef ECL_DEBUG -#include -#endif - -/* by default, these routines are unused and thus don't need to be compiled */ -#ifdef ECL_ENABLE_GF2M_PROJ -/* Converts a point P(px, py) from affine coordinates to projective - * coordinates R(rx, ry, rz). Assumes input is already field-encoded using - * field_enc, and returns output that is still field-encoded. */ -mp_err -ec_GF2m_pt_aff2proj(const mp_int *px, const mp_int *py, mp_int *rx, - mp_int *ry, mp_int *rz, const ECGroup *group) -{ - mp_err res = MP_OKAY; - - MP_CHECKOK(mp_copy(px, rx)); - MP_CHECKOK(mp_copy(py, ry)); - MP_CHECKOK(mp_set_int(rz, 1)); - if (group->meth->field_enc) { - MP_CHECKOK(group->meth->field_enc(rz, rz, group->meth)); - } - CLEANUP: - return res; -} - -/* Converts a point P(px, py, pz) from projective coordinates to affine - * coordinates R(rx, ry). P and R can share x and y coordinates. Assumes - * input is already field-encoded using field_enc, and returns output that - * is still field-encoded. */ -mp_err -ec_GF2m_pt_proj2aff(const mp_int *px, const mp_int *py, const mp_int *pz, - mp_int *rx, mp_int *ry, const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int z1, z2; - - MP_DIGITS(&z1) = 0; - MP_DIGITS(&z2) = 0; - MP_CHECKOK(mp_init(&z1)); - MP_CHECKOK(mp_init(&z2)); - - /* if point at infinity, then set point at infinity and exit */ - if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) { - MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry)); - goto CLEANUP; - } - - /* transform (px, py, pz) into (px / pz, py / pz^2) */ - if (mp_cmp_d(pz, 1) == 0) { - MP_CHECKOK(mp_copy(px, rx)); - MP_CHECKOK(mp_copy(py, ry)); - } else { - MP_CHECKOK(group->meth->field_div(NULL, pz, &z1, group->meth)); - MP_CHECKOK(group->meth->field_sqr(&z1, &z2, group->meth)); - MP_CHECKOK(group->meth->field_mul(px, &z1, rx, group->meth)); - MP_CHECKOK(group->meth->field_mul(py, &z2, ry, group->meth)); - } - - CLEANUP: - mp_clear(&z1); - mp_clear(&z2); - return res; -} - -/* Checks if point P(px, py, pz) is at infinity. Uses projective - * coordinates. */ -mp_err -ec_GF2m_pt_is_inf_proj(const mp_int *px, const mp_int *py, - const mp_int *pz) -{ - return mp_cmp_z(pz); -} - -/* Sets P(px, py, pz) to be the point at infinity. Uses projective - * coordinates. */ -mp_err -ec_GF2m_pt_set_inf_proj(mp_int *px, mp_int *py, mp_int *pz) -{ - mp_zero(pz); - return MP_OKAY; -} - -/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is - * (qx, qy, 1). Elliptic curve points P, Q, and R can all be identical. - * Uses mixed projective-affine coordinates. Assumes input is already - * field-encoded using field_enc, and returns output that is still - * field-encoded. Uses equation (3) from Hankerson, Hernandez, Menezes. - * Software Implementation of Elliptic Curve Cryptography Over Binary - * Fields. */ -mp_err -ec_GF2m_pt_add_proj(const mp_int *px, const mp_int *py, const mp_int *pz, - const mp_int *qx, const mp_int *qy, mp_int *rx, - mp_int *ry, mp_int *rz, const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int A, B, C, D, E, F, G; - - /* If either P or Q is the point at infinity, then return the other - * point */ - if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) { - return ec_GF2m_pt_aff2proj(qx, qy, rx, ry, rz, group); - } - if (ec_GF2m_pt_is_inf_aff(qx, qy) == MP_YES) { - MP_CHECKOK(mp_copy(px, rx)); - MP_CHECKOK(mp_copy(py, ry)); - return mp_copy(pz, rz); - } - - MP_DIGITS(&A) = 0; - MP_DIGITS(&B) = 0; - MP_DIGITS(&C) = 0; - MP_DIGITS(&D) = 0; - MP_DIGITS(&E) = 0; - MP_DIGITS(&F) = 0; - MP_DIGITS(&G) = 0; - MP_CHECKOK(mp_init(&A)); - MP_CHECKOK(mp_init(&B)); - MP_CHECKOK(mp_init(&C)); - MP_CHECKOK(mp_init(&D)); - MP_CHECKOK(mp_init(&E)); - MP_CHECKOK(mp_init(&F)); - MP_CHECKOK(mp_init(&G)); - - /* D = pz^2 */ - MP_CHECKOK(group->meth->field_sqr(pz, &D, group->meth)); - - /* A = qy * pz^2 + py */ - MP_CHECKOK(group->meth->field_mul(qy, &D, &A, group->meth)); - MP_CHECKOK(group->meth->field_add(&A, py, &A, group->meth)); - - /* B = qx * pz + px */ - MP_CHECKOK(group->meth->field_mul(qx, pz, &B, group->meth)); - MP_CHECKOK(group->meth->field_add(&B, px, &B, group->meth)); - - /* C = pz * B */ - MP_CHECKOK(group->meth->field_mul(pz, &B, &C, group->meth)); - - /* D = B^2 * (C + a * pz^2) (using E as a temporary variable) */ - MP_CHECKOK(group->meth-> - field_mul(&group->curvea, &D, &D, group->meth)); - MP_CHECKOK(group->meth->field_add(&C, &D, &D, group->meth)); - MP_CHECKOK(group->meth->field_sqr(&B, &E, group->meth)); - MP_CHECKOK(group->meth->field_mul(&E, &D, &D, group->meth)); - - /* rz = C^2 */ - MP_CHECKOK(group->meth->field_sqr(&C, rz, group->meth)); - - /* E = A * C */ - MP_CHECKOK(group->meth->field_mul(&A, &C, &E, group->meth)); - - /* rx = A^2 + D + E */ - MP_CHECKOK(group->meth->field_sqr(&A, rx, group->meth)); - MP_CHECKOK(group->meth->field_add(rx, &D, rx, group->meth)); - MP_CHECKOK(group->meth->field_add(rx, &E, rx, group->meth)); - - /* F = rx + qx * rz */ - MP_CHECKOK(group->meth->field_mul(qx, rz, &F, group->meth)); - MP_CHECKOK(group->meth->field_add(rx, &F, &F, group->meth)); - - /* G = rx + qy * rz */ - MP_CHECKOK(group->meth->field_mul(qy, rz, &G, group->meth)); - MP_CHECKOK(group->meth->field_add(rx, &G, &G, group->meth)); - - /* ry = E * F + rz * G (using G as a temporary variable) */ - MP_CHECKOK(group->meth->field_mul(rz, &G, &G, group->meth)); - MP_CHECKOK(group->meth->field_mul(&E, &F, ry, group->meth)); - MP_CHECKOK(group->meth->field_add(ry, &G, ry, group->meth)); - - CLEANUP: - mp_clear(&A); - mp_clear(&B); - mp_clear(&C); - mp_clear(&D); - mp_clear(&E); - mp_clear(&F); - mp_clear(&G); - return res; -} - -/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses - * projective coordinates. - * - * Assumes input is already field-encoded using field_enc, and returns - * output that is still field-encoded. - * - * Uses equation (3) from Hankerson, Hernandez, Menezes. Software - * Implementation of Elliptic Curve Cryptography Over Binary Fields. - */ -mp_err -ec_GF2m_pt_dbl_proj(const mp_int *px, const mp_int *py, const mp_int *pz, - mp_int *rx, mp_int *ry, mp_int *rz, - const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int t0, t1; - - if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) { - return ec_GF2m_pt_set_inf_proj(rx, ry, rz); - } - - MP_DIGITS(&t0) = 0; - MP_DIGITS(&t1) = 0; - MP_CHECKOK(mp_init(&t0)); - MP_CHECKOK(mp_init(&t1)); - - /* t0 = px^2 */ - /* t1 = pz^2 */ - MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth)); - MP_CHECKOK(group->meth->field_sqr(pz, &t1, group->meth)); - - /* rz = px^2 * pz^2 */ - MP_CHECKOK(group->meth->field_mul(&t0, &t1, rz, group->meth)); - - /* t0 = px^4 */ - /* t1 = b * pz^4 */ - MP_CHECKOK(group->meth->field_sqr(&t0, &t0, group->meth)); - MP_CHECKOK(group->meth->field_sqr(&t1, &t1, group->meth)); - MP_CHECKOK(group->meth-> - field_mul(&group->curveb, &t1, &t1, group->meth)); - - /* rx = px^4 + b * pz^4 */ - MP_CHECKOK(group->meth->field_add(&t0, &t1, rx, group->meth)); - - /* ry = b * pz^4 * rz + rx * (a * rz + py^2 + b * pz^4) */ - MP_CHECKOK(group->meth->field_sqr(py, ry, group->meth)); - MP_CHECKOK(group->meth->field_add(ry, &t1, ry, group->meth)); - /* t0 = a * rz */ - MP_CHECKOK(group->meth-> - field_mul(&group->curvea, rz, &t0, group->meth)); - MP_CHECKOK(group->meth->field_add(&t0, ry, ry, group->meth)); - MP_CHECKOK(group->meth->field_mul(rx, ry, ry, group->meth)); - /* t1 = b * pz^4 * rz */ - MP_CHECKOK(group->meth->field_mul(&t1, rz, &t1, group->meth)); - MP_CHECKOK(group->meth->field_add(&t1, ry, ry, group->meth)); - - CLEANUP: - mp_clear(&t0); - mp_clear(&t1); - return res; -} - -/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters - * a, b and p are the elliptic curve coefficients and the prime that - * determines the field GF2m. Elliptic curve points P and R can be - * identical. Uses mixed projective-affine coordinates. Assumes input is - * already field-encoded using field_enc, and returns output that is still - * field-encoded. Uses 4-bit window method. */ -mp_err -ec_GF2m_pt_mul_proj(const mp_int *n, const mp_int *px, const mp_int *py, - mp_int *rx, mp_int *ry, const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int precomp[16][2], rz; - mp_digit precomp_arr[ECL_MAX_FIELD_SIZE_DIGITS * 16 * 2], *t; - int i, ni, d; - - ARGCHK(group != NULL, MP_BADARG); - ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG); - - /* initialize precomputation table */ - t = precomp_arr; - for (i = 0; i < 16; i++) { - /* x co-ord */ - MP_SIGN(&precomp[i][0]) = MP_ZPOS; - MP_ALLOC(&precomp[i][0]) = ECL_MAX_FIELD_SIZE_DIGITS; - MP_USED(&precomp[i][0]) = 1; - *t = 0; - MP_DIGITS(&precomp[i][0]) = t; - t += ECL_MAX_FIELD_SIZE_DIGITS; - /* y co-ord */ - MP_SIGN(&precomp[i][1]) = MP_ZPOS; - MP_ALLOC(&precomp[i][1]) = ECL_MAX_FIELD_SIZE_DIGITS; - MP_USED(&precomp[i][1]) = 1; - *t = 0; - MP_DIGITS(&precomp[i][1]) = t; - t += ECL_MAX_FIELD_SIZE_DIGITS; - } - - /* fill precomputation table */ - mp_zero(&precomp[0][0]); - mp_zero(&precomp[0][1]); - MP_CHECKOK(mp_copy(px, &precomp[1][0])); - MP_CHECKOK(mp_copy(py, &precomp[1][1])); - for (i = 2; i < 16; i++) { - MP_CHECKOK(group-> - point_add(&precomp[1][0], &precomp[1][1], - &precomp[i - 1][0], &precomp[i - 1][1], - &precomp[i][0], &precomp[i][1], group)); - } - - d = (mpl_significant_bits(n) + 3) / 4; - - /* R = inf */ - MP_DIGITS(&rz) = 0; - MP_CHECKOK(mp_init(&rz)); - MP_CHECKOK(ec_GF2m_pt_set_inf_proj(rx, ry, &rz)); - - for (i = d - 1; i >= 0; i--) { - /* compute window ni */ - ni = MP_GET_BIT(n, 4 * i + 3); - ni <<= 1; - ni |= MP_GET_BIT(n, 4 * i + 2); - ni <<= 1; - ni |= MP_GET_BIT(n, 4 * i + 1); - ni <<= 1; - ni |= MP_GET_BIT(n, 4 * i); - /* R = 2^4 * R */ - MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group)); - MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group)); - MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group)); - MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group)); - /* R = R + (ni * P) */ - MP_CHECKOK(ec_GF2m_pt_add_proj - (rx, ry, &rz, &precomp[ni][0], &precomp[ni][1], rx, ry, - &rz, group)); - } - - /* convert result S to affine coordinates */ - MP_CHECKOK(ec_GF2m_pt_proj2aff(rx, ry, &rz, rx, ry, group)); - - CLEANUP: - mp_clear(&rz); - return res; -} -#endif diff --git a/security/nss/lib/freebl/ecl/ec_naf.c b/security/nss/lib/freebl/ecl/ec_naf.c deleted file mode 100644 index a6b04add8..000000000 --- a/security/nss/lib/freebl/ecl/ec_naf.c +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Stephen Fung , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ecl-priv.h" - -/* Returns 2^e as an integer. This is meant to be used for small powers of - * two. */ -int -ec_twoTo(int e) -{ - int a = 1; - int i; - - for (i = 0; i < e; i++) { - a *= 2; - } - return a; -} - -/* Computes the windowed non-adjacent-form (NAF) of a scalar. Out should - * be an array of signed char's to output to, bitsize should be the number - * of bits of out, in is the original scalar, and w is the window size. - * NAF is discussed in the paper: D. Hankerson, J. Hernandez and A. - * Menezes, "Software implementation of elliptic curve cryptography over - * binary fields", Proc. CHES 2000. */ -mp_err -ec_compute_wNAF(signed char *out, int bitsize, const mp_int *in, int w) -{ - mp_int k; - mp_err res = MP_OKAY; - int i, twowm1, mask; - - twowm1 = ec_twoTo(w - 1); - mask = 2 * twowm1 - 1; - - MP_DIGITS(&k) = 0; - MP_CHECKOK(mp_init_copy(&k, in)); - - i = 0; - /* Compute wNAF form */ - while (mp_cmp_z(&k) > 0) { - if (mp_isodd(&k)) { - out[i] = MP_DIGIT(&k, 0) & mask; - if (out[i] >= twowm1) - out[i] -= 2 * twowm1; - - /* Subtract off out[i]. Note mp_sub_d only works with - * unsigned digits */ - if (out[i] >= 0) { - mp_sub_d(&k, out[i], &k); - } else { - mp_add_d(&k, -(out[i]), &k); - } - } else { - out[i] = 0; - } - mp_div_2(&k, &k); - i++; - } - /* Zero out the remaining elements of the out array. */ - for (; i < bitsize + 1; i++) { - out[i] = 0; - } - CLEANUP: - mp_clear(&k); - return res; - -} diff --git a/security/nss/lib/freebl/ecl/ecl-curve.h b/security/nss/lib/freebl/ecl/ecl-curve.h deleted file mode 100644 index 5c03f3a84..000000000 --- a/security/nss/lib/freebl/ecl/ecl-curve.h +++ /dev/null @@ -1,646 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ecl-exp.h" -#include - -#ifndef __ecl_curve_h_ -#define __ecl_curve_h_ - -/* NIST prime curves */ -static const ECCurveParams ecCurve_NIST_P192 = { - "NIST-P192", ECField_GFp, 192, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", - "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", - "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811", - "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", 1 -}; -static const ECCurveParams ecCurve_NIST_P224 = { - "NIST-P224", ECField_GFp, 224, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", - "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", - "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", - "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1 -}; -static const ECCurveParams ecCurve_NIST_P256 = { - "NIST-P256", ECField_GFp, 256, - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", - "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", - "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", - "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", - "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 1 -}; -static const ECCurveParams ecCurve_NIST_P384 = { - "NIST-P384", ECField_GFp, 384, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", - "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", - "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", - "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", - 1 -}; -static const ECCurveParams ecCurve_NIST_P521 = { - "NIST-P521", ECField_GFp, 521, - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", - "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", - "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", - "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", - 1 -}; - -/* NIST binary curves */ -static const ECCurveParams ecCurve_NIST_K163 = { - "NIST-K163", ECField_GF2m, 163, - "0800000000000000000000000000000000000000C9", - "000000000000000000000000000000000000000001", - "000000000000000000000000000000000000000001", - "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", - "0289070FB05D38FF58321F2E800536D538CCDAA3D9", - "04000000000000000000020108A2E0CC0D99F8A5EF", 2 -}; -static const ECCurveParams ecCurve_NIST_B163 = { - "NIST-B163", ECField_GF2m, 163, - "0800000000000000000000000000000000000000C9", - "000000000000000000000000000000000000000001", - "020A601907B8C953CA1481EB10512F78744A3205FD", - "03F0EBA16286A2D57EA0991168D4994637E8343E36", - "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", - "040000000000000000000292FE77E70C12A4234C33", 2 -}; -static const ECCurveParams ecCurve_NIST_K233 = { - "NIST-K233", ECField_GF2m, 233, - "020000000000000000000000000000000000000004000000000000000001", - "000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000001", - "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", - "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", - "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4 -}; -static const ECCurveParams ecCurve_NIST_B233 = { - "NIST-B233", ECField_GF2m, 233, - "020000000000000000000000000000000000000004000000000000000001", - "000000000000000000000000000000000000000000000000000000000001", - "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", - "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", - "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", - "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2 -}; -static const ECCurveParams ecCurve_NIST_K283 = { - "NIST-K283", ECField_GF2m, 283, - "0800000000000000000000000000000000000000000000000000000000000000000010A1", - "000000000000000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000000000000000001", - "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", - "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", - 4 -}; -static const ECCurveParams ecCurve_NIST_B283 = { - "NIST-B283", ECField_GF2m, 283, - "0800000000000000000000000000000000000000000000000000000000000000000010A1", - "000000000000000000000000000000000000000000000000000000000000000000000001", - "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", - "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", - "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", - 2 -}; -static const ECCurveParams ecCurve_NIST_K409 = { - "NIST-K409", ECField_GF2m, 409, - "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", - "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", - "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", - 4 -}; -static const ECCurveParams ecCurve_NIST_B409 = { - "NIST-B409", ECField_GF2m, 409, - "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", - "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", - "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", - "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", - 2 -}; -static const ECCurveParams ecCurve_NIST_K571 = { - "NIST-K571", ECField_GF2m, 571, - "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", - "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", - "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", - 4 -}; -static const ECCurveParams ecCurve_NIST_B571 = { - "NIST-B571", ECField_GF2m, 571, - "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", - "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", - "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", - 2 -}; - -/* ANSI X9.62 prime curves */ -static const ECCurveParams ecCurve_X9_62_PRIME_192V2 = { - "X9.62 P-192V2", ECField_GFp, 192, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", - "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", - "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15", - "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", 1 -}; -static const ECCurveParams ecCurve_X9_62_PRIME_192V3 = { - "X9.62 P-192V3", ECField_GFp, 192, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", - "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", - "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0", - "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", 1 -}; -static const ECCurveParams ecCurve_X9_62_PRIME_239V1 = { - "X9.62 P-239V1", ECField_GFp, 239, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", - "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", - "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", 1 -}; -static const ECCurveParams ecCurve_X9_62_PRIME_239V2 = { - "X9.62 P-239V2", ECField_GFp, 239, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", - "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", - "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA", - "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", 1 -}; -static const ECCurveParams ecCurve_X9_62_PRIME_239V3 = { - "X9.62 P-239V3", ECField_GFp, 239, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", - "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", - "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", 1 -}; - -/* ANSI X9.62 binary curves */ -static const ECCurveParams ecCurve_X9_62_CHAR2_PNB163V1 = { - "X9.62 C2-PNB163V1", ECField_GF2m, 163, - "080000000000000000000000000000000000000107", - "072546B5435234A422E0789675F432C89435DE5242", - "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", - "07AF69989546103D79329FCC3D74880F33BBE803CB", - "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", - "0400000000000000000001E60FC8821CC74DAEAFC1", 2 -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_PNB163V2 = { - "X9.62 C2-PNB163V2", ECField_GF2m, 163, - "080000000000000000000000000000000000000107", - "0108B39E77C4B108BED981ED0E890E117C511CF072", - "0667ACEB38AF4E488C407433FFAE4F1C811638DF20", - "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", - "079F684DDF6684C5CD258B3890021B2386DFD19FC5", - "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2 -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_PNB163V3 = { - "X9.62 C2-PNB163V3", ECField_GF2m, 163, - "080000000000000000000000000000000000000107", - "07A526C63D3E25A256A007699F5447E32AE456B50E", - "03F7061798EB99E238FD6F1BF95B48FEEB4854252B", - "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", - "05B935590C155E17EA48EB3FF3718B893DF59A05D0", - "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2 -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_PNB176V1 = { - "X9.62 C2-PNB176V1", ECField_GF2m, 176, - "0100000000000000000000000000000000080000000007", - "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", - "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", - "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", - "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", - "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_TNB191V1 = { - "X9.62 C2-TNB191V1", ECField_GF2m, 191, - "800000000000000000000000000000000000000000000201", - "2866537B676752636A68F56554E12640276B649EF7526267", - "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", - "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", - "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", - "40000000000000000000000004A20E90C39067C893BBB9A5", 2 -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_TNB191V2 = { - "X9.62 C2-TNB191V2", ECField_GF2m, 191, - "800000000000000000000000000000000000000000000201", - "401028774D7777C7B7666D1366EA432071274F89FF01E718", - "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", - "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", - "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", - "20000000000000000000000050508CB89F652824E06B8173", 4 -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_TNB191V3 = { - "X9.62 C2-TNB191V3", ECField_GF2m, 191, - "800000000000000000000000000000000000000000000201", - "6C01074756099122221056911C77D77E77A777E7E7E77FCB", - "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", - "375D4CE24FDE434489DE8746E71786015009E66E38A926DD", - "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", - "155555555555555555555555610C0B196812BFB6288A3EA3", 6 -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_PNB208W1 = { - "X9.62 C2-PNB208W1", ECField_GF2m, 208, - "010000000000000000000000000000000800000000000000000007", - "0000000000000000000000000000000000000000000000000000", - "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", - "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", - "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", - "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48 -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_TNB239V1 = { - "X9.62 C2-TNB239V1", ECField_GF2m, 239, - "800000000000000000000000000000000000000000000000001000000001", - "32010857077C5431123A46B808906756F543423E8D27877578125778AC76", - "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", - "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", - "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", - "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4 -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_TNB239V2 = { - "X9.62 C2-TNB239V2", ECField_GF2m, 239, - "800000000000000000000000000000000000000000000000001000000001", - "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", - "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", - "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", - "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", - "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6 -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_TNB239V3 = { - "X9.62 C2-TNB239V3", ECField_GF2m, 239, - "800000000000000000000000000000000000000000000000001000000001", - "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", - "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", - "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", - "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", - "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_PNB272W1 = { - "X9.62 C2-PNB272W1", ECField_GF2m, 272, - "010000000000000000000000000000000000000000000000000000010000000000000B", - "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", - "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", - "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", - "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", - "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", - 0xFF06 -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_PNB304W1 = { - "X9.62 C2-PNB304W1", ECField_GF2m, 304, - "010000000000000000000000000000000000000000000000000000000000000000000000000807", - "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681", - "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE", - "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614", - "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B", - "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D", - 0xFE2E -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_TNB359V1 = { - "X9.62 C2-TNB359V1", ECField_GF2m, 359, - "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001", - "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557", - "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988", - "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097", - "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD", - "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B", - 0x4C -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_PNB368W1 = { - "X9.62 C2-PNB368W1", ECField_GF2m, 368, - "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007", - "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D", - "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A", - "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F", - "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310", - "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967", - 0xFF70 -}; -static const ECCurveParams ecCurve_X9_62_CHAR2_TNB431R1 = { - "X9.62 C2-TNB431R1", ECField_GF2m, 431, - "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001", - "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F", - "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618", - "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", - "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", - "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91", - 0x2760 -}; - -/* SEC2 prime curves */ -static const ECCurveParams ecCurve_SECG_PRIME_112R1 = { - "SECP-112R1", ECField_GFp, 112, - "DB7C2ABF62E35E668076BEAD208B", - "DB7C2ABF62E35E668076BEAD2088", - "659EF8BA043916EEDE8911702B22", - "09487239995A5EE76B55F9C2F098", - "A89CE5AF8724C0A23E0E0FF77500", - "DB7C2ABF62E35E7628DFAC6561C5", 1 -}; -static const ECCurveParams ecCurve_SECG_PRIME_112R2 = { - "SECP-112R2", ECField_GFp, 112, - "DB7C2ABF62E35E668076BEAD208B", - "6127C24C05F38A0AAAF65C0EF02C", - "51DEF1815DB5ED74FCC34C85D709", - "4BA30AB5E892B4E1649DD0928643", - "adcd46f5882e3747def36e956e97", - "36DF0AAFD8B8D7597CA10520D04B", 4 -}; -static const ECCurveParams ecCurve_SECG_PRIME_128R1 = { - "SECP-128R1", ECField_GFp, 128, - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", - "E87579C11079F43DD824993C2CEE5ED3", - "161FF7528B899B2D0C28607CA52C5B86", - "CF5AC8395BAFEB13C02DA292DDED7A83", - "FFFFFFFE0000000075A30D1B9038A115", 1 -}; -static const ECCurveParams ecCurve_SECG_PRIME_128R2 = { - "SECP-128R2", ECField_GFp, 128, - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "D6031998D1B3BBFEBF59CC9BBFF9AEE1", - "5EEEFCA380D02919DC2C6558BB6D8A5D", - "7B6AA5D85E572983E6FB32A7CDEBC140", - "27B6916A894D3AEE7106FE805FC34B44", - "3FFFFFFF7FFFFFFFBE0024720613B5A3", 4 -}; -static const ECCurveParams ecCurve_SECG_PRIME_160K1 = { - "SECP-160K1", ECField_GFp, 160, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", - "0000000000000000000000000000000000000000", - "0000000000000000000000000000000000000007", - "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", - "938CF935318FDCED6BC28286531733C3F03C4FEE", - "0100000000000000000001B8FA16DFAB9ACA16B6B3", 1 -}; -static const ECCurveParams ecCurve_SECG_PRIME_160R1 = { - "SECP-160R1", ECField_GFp, 160, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", - "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", - "4A96B5688EF573284664698968C38BB913CBFC82", - "23A628553168947D59DCC912042351377AC5FB32", - "0100000000000000000001F4C8F927AED3CA752257", 1 -}; -static const ECCurveParams ecCurve_SECG_PRIME_160R2 = { - "SECP-160R2", ECField_GFp, 160, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", - "B4E134D3FB59EB8BAB57274904664D5AF50388BA", - "52DCB034293A117E1F4FF11B30F7199D3144CE6D", - "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", - "0100000000000000000000351EE786A818F3A1A16B", 1 -}; -static const ECCurveParams ecCurve_SECG_PRIME_192K1 = { - "SECP-192K1", ECField_GFp, 192, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", - "000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000003", - "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", - "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", - "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 1 -}; -static const ECCurveParams ecCurve_SECG_PRIME_224K1 = { - "SECP-224K1", ECField_GFp, 224, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", - "00000000000000000000000000000000000000000000000000000000", - "00000000000000000000000000000000000000000000000000000005", - "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", - "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", - "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 1 -}; -static const ECCurveParams ecCurve_SECG_PRIME_256K1 = { - "SECP-256K1", ECField_GFp, 256, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", - "0000000000000000000000000000000000000000000000000000000000000000", - "0000000000000000000000000000000000000000000000000000000000000007", - "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", - "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 1 -}; - -/* SEC2 binary curves */ -static const ECCurveParams ecCurve_SECG_CHAR2_113R1 = { - "SECT-113R1", ECField_GF2m, 113, - "020000000000000000000000000201", - "003088250CA6E7C7FE649CE85820F7", - "00E8BEE4D3E2260744188BE0E9C723", - "009D73616F35F4AB1407D73562C10F", - "00A52830277958EE84D1315ED31886", - "0100000000000000D9CCEC8A39E56F", 2 -}; -static const ECCurveParams ecCurve_SECG_CHAR2_113R2 = { - "SECT-113R2", ECField_GF2m, 113, - "020000000000000000000000000201", - "00689918DBEC7E5A0DD6DFC0AA55C7", - "0095E9A9EC9B297BD4BF36E059184F", - "01A57A6A7B26CA5EF52FCDB8164797", - "00B3ADC94ED1FE674C06E695BABA1D", - "010000000000000108789B2496AF93", 2 -}; -static const ECCurveParams ecCurve_SECG_CHAR2_131R1 = { - "SECT-131R1", ECField_GF2m, 131, - "080000000000000000000000000000010D", - "07A11B09A76B562144418FF3FF8C2570B8", - "0217C05610884B63B9C6C7291678F9D341", - "0081BAF91FDF9833C40F9C181343638399", - "078C6E7EA38C001F73C8134B1B4EF9E150", - "0400000000000000023123953A9464B54D", 2 -}; -static const ECCurveParams ecCurve_SECG_CHAR2_131R2 = { - "SECT-131R2", ECField_GF2m, 131, - "080000000000000000000000000000010D", - "03E5A88919D7CAFCBF415F07C2176573B2", - "04B8266A46C55657AC734CE38F018F2192", - "0356DCD8F2F95031AD652D23951BB366A8", - "0648F06D867940A5366D9E265DE9EB240F", - "0400000000000000016954A233049BA98F", 2 -}; -static const ECCurveParams ecCurve_SECG_CHAR2_163R1 = { - "SECT-163R1", ECField_GF2m, 163, - "0800000000000000000000000000000000000000C9", - "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", - "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", - "0369979697AB43897789566789567F787A7876A654", - "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", - "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2 -}; -static const ECCurveParams ecCurve_SECG_CHAR2_193R1 = { - "SECT-193R1", ECField_GF2m, 193, - "02000000000000000000000000000000000000000000008001", - "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", - "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", - "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", - "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", - "01000000000000000000000000C7F34A778F443ACC920EBA49", 2 -}; -static const ECCurveParams ecCurve_SECG_CHAR2_193R2 = { - "SECT-193R2", ECField_GF2m, 193, - "02000000000000000000000000000000000000000000008001", - "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", - "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", - "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", - "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", - "010000000000000000000000015AAB561B005413CCD4EE99D5", 2 -}; -static const ECCurveParams ecCurve_SECG_CHAR2_239K1 = { - "SECT-239K1", ECField_GF2m, 239, - "800000000000000000004000000000000000000000000000000000000001", - "000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000000000000000000000000000000000000001", - "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", - "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", - "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4 -}; - -/* WTLS curves */ -static const ECCurveParams ecCurve_WTLS_1 = { - "WTLS-1", ECField_GF2m, 113, - "020000000000000000000000000201", - "000000000000000000000000000001", - "000000000000000000000000000001", - "01667979A40BA497E5D5C270780617", - "00F44B4AF1ECC2630E08785CEBCC15", - "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2 -}; -static const ECCurveParams ecCurve_WTLS_8 = { - "WTLS-8", ECField_GFp, 112, - "FFFFFFFFFFFFFFFFFFFFFFFFFDE7", - "0000000000000000000000000000", - "0000000000000000000000000003", - "0000000000000000000000000001", - "0000000000000000000000000002", - "0100000000000001ECEA551AD837E9", 1 -}; -static const ECCurveParams ecCurve_WTLS_9 = { - "WTLS-9", ECField_GFp, 160, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F", - "0000000000000000000000000000000000000000", - "0000000000000000000000000000000000000003", - "0000000000000000000000000000000000000001", - "0000000000000000000000000000000000000002", - "0100000000000000000001CDC98AE0E2DE574ABF33", 1 -}; - -/* mapping between ECCurveName enum and pointers to ECCurveParams */ -static const ECCurveParams *ecCurve_map[] = { - NULL, /* ECCurve_noName */ - &ecCurve_NIST_P192, /* ECCurve_NIST_P192 */ - &ecCurve_NIST_P224, /* ECCurve_NIST_P224 */ - &ecCurve_NIST_P256, /* ECCurve_NIST_P256 */ - &ecCurve_NIST_P384, /* ECCurve_NIST_P384 */ - &ecCurve_NIST_P521, /* ECCurve_NIST_P521 */ - &ecCurve_NIST_K163, /* ECCurve_NIST_K163 */ - &ecCurve_NIST_B163, /* ECCurve_NIST_B163 */ - &ecCurve_NIST_K233, /* ECCurve_NIST_K233 */ - &ecCurve_NIST_B233, /* ECCurve_NIST_B233 */ - &ecCurve_NIST_K283, /* ECCurve_NIST_K283 */ - &ecCurve_NIST_B283, /* ECCurve_NIST_B283 */ - &ecCurve_NIST_K409, /* ECCurve_NIST_K409 */ - &ecCurve_NIST_B409, /* ECCurve_NIST_B409 */ - &ecCurve_NIST_K571, /* ECCurve_NIST_K571 */ - &ecCurve_NIST_B571, /* ECCurve_NIST_B571 */ - &ecCurve_X9_62_PRIME_192V2, /* ECCurve_X9_62_PRIME_192V2 */ - &ecCurve_X9_62_PRIME_192V3, /* ECCurve_X9_62_PRIME_192V3 */ - &ecCurve_X9_62_PRIME_239V1, /* ECCurve_X9_62_PRIME_239V1 */ - &ecCurve_X9_62_PRIME_239V2, /* ECCurve_X9_62_PRIME_239V2 */ - &ecCurve_X9_62_PRIME_239V3, /* ECCurve_X9_62_PRIME_239V3 */ - &ecCurve_X9_62_CHAR2_PNB163V1, /* ECCurve_X9_62_CHAR2_PNB163V1 */ - &ecCurve_X9_62_CHAR2_PNB163V2, /* ECCurve_X9_62_CHAR2_PNB163V2 */ - &ecCurve_X9_62_CHAR2_PNB163V3, /* ECCurve_X9_62_CHAR2_PNB163V3 */ - &ecCurve_X9_62_CHAR2_PNB176V1, /* ECCurve_X9_62_CHAR2_PNB176V1 */ - &ecCurve_X9_62_CHAR2_TNB191V1, /* ECCurve_X9_62_CHAR2_TNB191V1 */ - &ecCurve_X9_62_CHAR2_TNB191V2, /* ECCurve_X9_62_CHAR2_TNB191V2 */ - &ecCurve_X9_62_CHAR2_TNB191V3, /* ECCurve_X9_62_CHAR2_TNB191V3 */ - &ecCurve_X9_62_CHAR2_PNB208W1, /* ECCurve_X9_62_CHAR2_PNB208W1 */ - &ecCurve_X9_62_CHAR2_TNB239V1, /* ECCurve_X9_62_CHAR2_TNB239V1 */ - &ecCurve_X9_62_CHAR2_TNB239V2, /* ECCurve_X9_62_CHAR2_TNB239V2 */ - &ecCurve_X9_62_CHAR2_TNB239V3, /* ECCurve_X9_62_CHAR2_TNB239V3 */ - &ecCurve_X9_62_CHAR2_PNB272W1, /* ECCurve_X9_62_CHAR2_PNB272W1 */ - &ecCurve_X9_62_CHAR2_PNB304W1, /* ECCurve_X9_62_CHAR2_PNB304W1 */ - &ecCurve_X9_62_CHAR2_TNB359V1, /* ECCurve_X9_62_CHAR2_TNB359V1 */ - &ecCurve_X9_62_CHAR2_PNB368W1, /* ECCurve_X9_62_CHAR2_PNB368W1 */ - &ecCurve_X9_62_CHAR2_TNB431R1, /* ECCurve_X9_62_CHAR2_TNB431R1 */ - &ecCurve_SECG_PRIME_112R1, /* ECCurve_SECG_PRIME_112R1 */ - &ecCurve_SECG_PRIME_112R2, /* ECCurve_SECG_PRIME_112R2 */ - &ecCurve_SECG_PRIME_128R1, /* ECCurve_SECG_PRIME_128R1 */ - &ecCurve_SECG_PRIME_128R2, /* ECCurve_SECG_PRIME_128R2 */ - &ecCurve_SECG_PRIME_160K1, /* ECCurve_SECG_PRIME_160K1 */ - &ecCurve_SECG_PRIME_160R1, /* ECCurve_SECG_PRIME_160R1 */ - &ecCurve_SECG_PRIME_160R2, /* ECCurve_SECG_PRIME_160R2 */ - &ecCurve_SECG_PRIME_192K1, /* ECCurve_SECG_PRIME_192K1 */ - &ecCurve_SECG_PRIME_224K1, /* ECCurve_SECG_PRIME_224K1 */ - &ecCurve_SECG_PRIME_256K1, /* ECCurve_SECG_PRIME_256K1 */ - &ecCurve_SECG_CHAR2_113R1, /* ECCurve_SECG_CHAR2_113R1 */ - &ecCurve_SECG_CHAR2_113R2, /* ECCurve_SECG_CHAR2_113R2 */ - &ecCurve_SECG_CHAR2_131R1, /* ECCurve_SECG_CHAR2_131R1 */ - &ecCurve_SECG_CHAR2_131R2, /* ECCurve_SECG_CHAR2_131R2 */ - &ecCurve_SECG_CHAR2_163R1, /* ECCurve_SECG_CHAR2_163R1 */ - &ecCurve_SECG_CHAR2_193R1, /* ECCurve_SECG_CHAR2_193R1 */ - &ecCurve_SECG_CHAR2_193R2, /* ECCurve_SECG_CHAR2_193R2 */ - &ecCurve_SECG_CHAR2_239K1, /* ECCurve_SECG_CHAR2_239K1 */ - &ecCurve_WTLS_1, /* ECCurve_WTLS_1 */ - &ecCurve_WTLS_8, /* ECCurve_WTLS_8 */ - &ecCurve_WTLS_9, /* ECCurve_WTLS_9 */ - NULL /* ECCurve_pastLastCurve */ -}; - -#endif diff --git a/security/nss/lib/freebl/ecl/ecl-exp.h b/security/nss/lib/freebl/ecl/ecl-exp.h deleted file mode 100644 index 1a3421c81..000000000 --- a/security/nss/lib/freebl/ecl/ecl-exp.h +++ /dev/null @@ -1,194 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#ifndef __ecl_exp_h_ -#define __ecl_exp_h_ - -/* Curve field type */ -typedef enum { - ECField_GFp, - ECField_GF2m -} ECField; - -/* Hexadecimal encoding of curve parameters */ -struct ECCurveParamsStr { - char *text; - ECField field; - unsigned int size; - char *irr; - char *curvea; - char *curveb; - char *genx; - char *geny; - char *order; - int cofactor; -}; -typedef struct ECCurveParamsStr ECCurveParams; - -/* Named curve parameters */ -typedef enum { - - ECCurve_noName = 0, - - /* NIST prime curves */ - ECCurve_NIST_P192, - ECCurve_NIST_P224, - ECCurve_NIST_P256, - ECCurve_NIST_P384, - ECCurve_NIST_P521, - - /* NIST binary curves */ - ECCurve_NIST_K163, - ECCurve_NIST_B163, - ECCurve_NIST_K233, - ECCurve_NIST_B233, - ECCurve_NIST_K283, - ECCurve_NIST_B283, - ECCurve_NIST_K409, - ECCurve_NIST_B409, - ECCurve_NIST_K571, - ECCurve_NIST_B571, - - /* ANSI X9.62 prime curves */ - /* ECCurve_X9_62_PRIME_192V1 == ECCurve_NIST_P192 */ - ECCurve_X9_62_PRIME_192V2, - ECCurve_X9_62_PRIME_192V3, - ECCurve_X9_62_PRIME_239V1, - ECCurve_X9_62_PRIME_239V2, - ECCurve_X9_62_PRIME_239V3, - /* ECCurve_X9_62_PRIME_256V1 == ECCurve_NIST_P256 */ - - /* ANSI X9.62 binary curves */ - ECCurve_X9_62_CHAR2_PNB163V1, - ECCurve_X9_62_CHAR2_PNB163V2, - ECCurve_X9_62_CHAR2_PNB163V3, - ECCurve_X9_62_CHAR2_PNB176V1, - ECCurve_X9_62_CHAR2_TNB191V1, - ECCurve_X9_62_CHAR2_TNB191V2, - ECCurve_X9_62_CHAR2_TNB191V3, - ECCurve_X9_62_CHAR2_PNB208W1, - ECCurve_X9_62_CHAR2_TNB239V1, - ECCurve_X9_62_CHAR2_TNB239V2, - ECCurve_X9_62_CHAR2_TNB239V3, - ECCurve_X9_62_CHAR2_PNB272W1, - ECCurve_X9_62_CHAR2_PNB304W1, - ECCurve_X9_62_CHAR2_TNB359V1, - ECCurve_X9_62_CHAR2_PNB368W1, - ECCurve_X9_62_CHAR2_TNB431R1, - - /* SEC2 prime curves */ - ECCurve_SECG_PRIME_112R1, - ECCurve_SECG_PRIME_112R2, - ECCurve_SECG_PRIME_128R1, - ECCurve_SECG_PRIME_128R2, - ECCurve_SECG_PRIME_160K1, - ECCurve_SECG_PRIME_160R1, - ECCurve_SECG_PRIME_160R2, - ECCurve_SECG_PRIME_192K1, - /* ECCurve_SECG_PRIME_192R1 == ECCurve_NIST_P192 */ - ECCurve_SECG_PRIME_224K1, - /* ECCurve_SECG_PRIME_224R1 == ECCurve_NIST_P224 */ - ECCurve_SECG_PRIME_256K1, - /* ECCurve_SECG_PRIME_256R1 == ECCurve_NIST_P256 */ - /* ECCurve_SECG_PRIME_384R1 == ECCurve_NIST_P384 */ - /* ECCurve_SECG_PRIME_521R1 == ECCurve_NIST_P521 */ - - /* SEC2 binary curves */ - ECCurve_SECG_CHAR2_113R1, - ECCurve_SECG_CHAR2_113R2, - ECCurve_SECG_CHAR2_131R1, - ECCurve_SECG_CHAR2_131R2, - /* ECCurve_SECG_CHAR2_163K1 == ECCurve_NIST_K163 */ - ECCurve_SECG_CHAR2_163R1, - /* ECCurve_SECG_CHAR2_163R2 == ECCurve_NIST_B163 */ - ECCurve_SECG_CHAR2_193R1, - ECCurve_SECG_CHAR2_193R2, - /* ECCurve_SECG_CHAR2_233K1 == ECCurve_NIST_K233 */ - /* ECCurve_SECG_CHAR2_233R1 == ECCurve_NIST_B233 */ - ECCurve_SECG_CHAR2_239K1, - /* ECCurve_SECG_CHAR2_283K1 == ECCurve_NIST_K283 */ - /* ECCurve_SECG_CHAR2_283R1 == ECCurve_NIST_B283 */ - /* ECCurve_SECG_CHAR2_409K1 == ECCurve_NIST_K409 */ - /* ECCurve_SECG_CHAR2_409R1 == ECCurve_NIST_B409 */ - /* ECCurve_SECG_CHAR2_571K1 == ECCurve_NIST_K571 */ - /* ECCurve_SECG_CHAR2_571R1 == ECCurve_NIST_B571 */ - - /* WTLS curves */ - ECCurve_WTLS_1, - /* there is no WTLS 2 curve */ - /* ECCurve_WTLS_3 == ECCurve_NIST_K163 */ - /* ECCurve_WTLS_4 == ECCurve_SECG_CHAR2_113R1 */ - /* ECCurve_WTLS_5 == ECCurve_X9_62_CHAR2_PNB163V1 */ - /* ECCurve_WTLS_6 == ECCurve_SECG_PRIME_112R1 */ - /* ECCurve_WTLS_7 == ECCurve_SECG_PRIME_160R1 */ - ECCurve_WTLS_8, - ECCurve_WTLS_9, - /* ECCurve_WTLS_10 == ECCurve_NIST_K233 */ - /* ECCurve_WTLS_11 == ECCurve_NIST_B233 */ - /* ECCurve_WTLS_12 == ECCurve_NIST_P224 */ - - ECCurve_pastLastCurve -} ECCurveName; - -/* Aliased named curves */ - -#define ECCurve_X9_62_PRIME_192V1 ECCurve_NIST_P192 -#define ECCurve_X9_62_PRIME_256V1 ECCurve_NIST_P256 -#define ECCurve_SECG_PRIME_192R1 ECCurve_NIST_P192 -#define ECCurve_SECG_PRIME_224R1 ECCurve_NIST_P224 -#define ECCurve_SECG_PRIME_256R1 ECCurve_NIST_P256 -#define ECCurve_SECG_PRIME_384R1 ECCurve_NIST_P384 -#define ECCurve_SECG_PRIME_521R1 ECCurve_NIST_P521 -#define ECCurve_SECG_CHAR2_163K1 ECCurve_NIST_K163 -#define ECCurve_SECG_CHAR2_163R2 ECCurve_NIST_B163 -#define ECCurve_SECG_CHAR2_233K1 ECCurve_NIST_K233 -#define ECCurve_SECG_CHAR2_233R1 ECCurve_NIST_B233 -#define ECCurve_SECG_CHAR2_283K1 ECCurve_NIST_K283 -#define ECCurve_SECG_CHAR2_283R1 ECCurve_NIST_B283 -#define ECCurve_SECG_CHAR2_409K1 ECCurve_NIST_K409 -#define ECCurve_SECG_CHAR2_409R1 ECCurve_NIST_B409 -#define ECCurve_SECG_CHAR2_571K1 ECCurve_NIST_K571 -#define ECCurve_SECG_CHAR2_571R1 ECCurve_NIST_B571 -#define ECCurve_WTLS_3 ECCurve_NIST_K163 -#define ECCurve_WTLS_4 ECCurve_SECG_CHAR2_113R1 -#define ECCurve_WTLS_5 ECCurve_X9_62_CHAR2_PNB163V1 -#define ECCurve_WTLS_6 ECCurve_SECG_PRIME_112R1 -#define ECCurve_WTLS_7 ECCurve_SECG_PRIME_160R1 -#define ECCurve_WTLS_10 ECCurve_NIST_K233 -#define ECCurve_WTLS_11 ECCurve_NIST_B233 -#define ECCurve_WTLS_12 ECCurve_NIST_P224 - -#endif /* __ecl_exp_h_ */ diff --git a/security/nss/lib/freebl/ecl/ecl-priv.h b/security/nss/lib/freebl/ecl/ecl-priv.h deleted file mode 100644 index 908ed8ebc..000000000 --- a/security/nss/lib/freebl/ecl/ecl-priv.h +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Stephen Fung and - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#ifndef __ecl_priv_h_ -#define __ecl_priv_h_ - -#include "ecl.h" -#include "mpi.h" -#include "mplogic.h" - -/* MAX_FIELD_SIZE_DIGITS is the maximum size of field element supported */ -#if defined(MP_USE_LONG_LONG_DIGIT) || defined(MP_USE_LONG_DIGIT) -#define ECL_SIXTY_FOUR_BIT -#define ECL_BITS 64 -#define ECL_MAX_FIELD_SIZE_DIGITS 10 -#else -#define ECL_THIRTY_TWO_BIT -#define ECL_BITS 32 -#define ECL_MAX_FIELD_SIZE_DIGITS 20 -#endif - -/* Gets the i'th bit in the binary representation of a. If i >= length(a), - * then return 0. (The above behaviour differs from mpl_get_bit, which - * causes an error if i >= length(a).) */ -#define MP_GET_BIT(a, i) \ - ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i)) - -struct GFMethodStr; -typedef struct GFMethodStr GFMethod; -struct GFMethodStr { - /* Indicates whether the structure was constructed from dynamic memory - * or statically created. */ - int constructed; - /* Irreducible that defines the field. For prime fields, this is the - * prime p. For binary polynomial fields, this is the bitstring - * representation of the irreducible polynomial. */ - mp_int irr; - /* For prime fields, the value irr_arr[0] is the number of bits in the - * field. For binary polynomial fields, the irreducible polynomial - * f(t) is represented as an array of unsigned int[], where f(t) is - * of the form: f(t) = t^p[0] + t^p[1] + ... + t^p[4] where m = p[0] - * > p[1] > ... > p[4] = 0. */ - unsigned int irr_arr[5]; - /* Field arithmetic methods. All methods (except field_enc and - * field_dec) are assumed to take field-encoded parameters and return - * field-encoded values. All methods (except field_enc and field_dec) - * are required to be implemented. */ - mp_err (*field_add) (const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth); - mp_err (*field_neg) (const mp_int *a, mp_int *r, const GFMethod *meth); - mp_err (*field_sub) (const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth); - mp_err (*field_mod) (const mp_int *a, mp_int *r, const GFMethod *meth); - mp_err (*field_mul) (const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth); - mp_err (*field_sqr) (const mp_int *a, mp_int *r, const GFMethod *meth); - mp_err (*field_div) (const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth); - mp_err (*field_enc) (const mp_int *a, mp_int *r, const GFMethod *meth); - mp_err (*field_dec) (const mp_int *a, mp_int *r, const GFMethod *meth); - /* Extra storage for implementation-specific data. Any memory - * allocated to these extra fields will be cleared by extra_free. */ - void *extra1; - void *extra2; - void (*extra_free) (GFMethod *meth); -}; - -/* Construct generic GFMethods. */ -GFMethod *GFMethod_consGFp(const mp_int *irr); -GFMethod *GFMethod_consGFp_mont(const mp_int *irr); -GFMethod *GFMethod_consGF2m(const mp_int *irr, - const unsigned int irr_arr[5]); -/* Free the memory allocated (if any) to a GFMethod object. */ -void GFMethod_free(GFMethod *meth); - -struct ECGroupStr { - /* Indicates whether the structure was constructed from dynamic memory - * or statically created. */ - int constructed; - /* Field definition and arithmetic. */ - GFMethod *meth; - /* Textual representation of curve name, if any. */ - char *text; - /* Curve parameters, field-encoded. */ - mp_int curvea, curveb; - /* x and y coordinates of the base point, field-encoded. */ - mp_int genx, geny; - /* Order and cofactor of the base point. */ - mp_int order; - int cofactor; - /* Point arithmetic methods. All methods are assumed to take - * field-encoded parameters and return field-encoded values. All - * methods (except base_point_mul and points_mul) are required to be - * implemented. */ - mp_err (*point_add) (const mp_int *px, const mp_int *py, - const mp_int *qx, const mp_int *qy, mp_int *rx, - mp_int *ry, const ECGroup *group); - mp_err (*point_sub) (const mp_int *px, const mp_int *py, - const mp_int *qx, const mp_int *qy, mp_int *rx, - mp_int *ry, const ECGroup *group); - mp_err (*point_dbl) (const mp_int *px, const mp_int *py, mp_int *rx, - mp_int *ry, const ECGroup *group); - mp_err (*point_mul) (const mp_int *n, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, - const ECGroup *group); - mp_err (*base_point_mul) (const mp_int *n, mp_int *rx, mp_int *ry, - const ECGroup *group); - mp_err (*points_mul) (const mp_int *k1, const mp_int *k2, - const mp_int *px, const mp_int *py, mp_int *rx, - mp_int *ry, const ECGroup *group); - /* Extra storage for implementation-specific data. Any memory - * allocated to these extra fields will be cleared by extra_free. */ - void *extra1; - void *extra2; - void (*extra_free) (ECGroup *group); -}; - -/* Wrapper functions for generic prime field arithmetic. */ -mp_err ec_GFp_add(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth); -mp_err ec_GFp_neg(const mp_int *a, mp_int *r, const GFMethod *meth); -mp_err ec_GFp_sub(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth); -mp_err ec_GFp_mod(const mp_int *a, mp_int *r, const GFMethod *meth); -mp_err ec_GFp_mul(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth); -mp_err ec_GFp_sqr(const mp_int *a, mp_int *r, const GFMethod *meth); -mp_err ec_GFp_div(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth); -/* Wrapper functions for generic binary polynomial field arithmetic. */ -mp_err ec_GF2m_add(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth); -mp_err ec_GF2m_neg(const mp_int *a, mp_int *r, const GFMethod *meth); -mp_err ec_GF2m_mod(const mp_int *a, mp_int *r, const GFMethod *meth); -mp_err ec_GF2m_mul(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth); -mp_err ec_GF2m_sqr(const mp_int *a, mp_int *r, const GFMethod *meth); -mp_err ec_GF2m_div(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth); - -/* Montgomery prime field arithmetic. */ -mp_err ec_GFp_mul_mont(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth); -mp_err ec_GFp_sqr_mont(const mp_int *a, mp_int *r, const GFMethod *meth); -mp_err ec_GFp_div_mont(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth); -mp_err ec_GFp_enc_mont(const mp_int *a, mp_int *r, const GFMethod *meth); -mp_err ec_GFp_dec_mont(const mp_int *a, mp_int *r, const GFMethod *meth); -void ec_GFp_extra_free_mont(GFMethod *meth); - -/* point multiplication */ -mp_err ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, - const mp_int *px, const mp_int *py, mp_int *rx, - mp_int *ry, const ECGroup *group); -mp_err ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, - const mp_int *px, const mp_int *py, mp_int *rx, - mp_int *ry, const ECGroup *group); - -/* Computes the windowed non-adjacent-form (NAF) of a scalar. Out should - * be an array of signed char's to output to, bitsize should be the number - * of bits of out, in is the original scalar, and w is the window size. - * NAF is discussed in the paper: D. Hankerson, J. Hernandez and A. - * Menezes, "Software implementation of elliptic curve cryptography over - * binary fields", Proc. CHES 2000. */ -mp_err ec_compute_wNAF(signed char *out, int bitsize, const mp_int *in, - int w); - -/* Optimized field arithmetic */ -mp_err ec_group_set_gfp192(ECGroup *group, ECCurveName); -mp_err ec_group_set_gfp224(ECGroup *group, ECCurveName); -mp_err ec_group_set_gf2m163(ECGroup *group, ECCurveName name); -mp_err ec_group_set_gf2m193(ECGroup *group, ECCurveName name); -mp_err ec_group_set_gf2m233(ECGroup *group, ECCurveName name); - -/* Optimized floating-point arithmetic */ -#ifdef ECL_USE_FP -mp_err ec_group_set_secp160r1_fp(ECGroup *group); -mp_err ec_group_set_nistp192_fp(ECGroup *group); -mp_err ec_group_set_nistp224_fp(ECGroup *group); -#endif - -#endif /* __ecl_priv_h_ */ diff --git a/security/nss/lib/freebl/ecl/ecl.c b/security/nss/lib/freebl/ecl/ecl.c deleted file mode 100644 index 9d7af0624..000000000 --- a/security/nss/lib/freebl/ecl/ecl.c +++ /dev/null @@ -1,406 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "mpi.h" -#include "mplogic.h" -#include "ecl.h" -#include "ecl-priv.h" -#include "ec2.h" -#include "ecp.h" -#include -#include - -/* Allocate memory for a new ECGroup object. */ -ECGroup * -ECGroup_new() -{ - mp_err res = MP_OKAY; - ECGroup *group; - group = (ECGroup *) malloc(sizeof(ECGroup)); - if (group == NULL) - return NULL; - group->constructed = MP_YES; - group->text = NULL; - MP_DIGITS(&group->curvea) = 0; - MP_DIGITS(&group->curveb) = 0; - MP_DIGITS(&group->genx) = 0; - MP_DIGITS(&group->geny) = 0; - MP_DIGITS(&group->order) = 0; - MP_CHECKOK(mp_init(&group->curvea)); - MP_CHECKOK(mp_init(&group->curveb)); - MP_CHECKOK(mp_init(&group->genx)); - MP_CHECKOK(mp_init(&group->geny)); - MP_CHECKOK(mp_init(&group->order)); - group->base_point_mul = NULL; - group->points_mul = NULL; - group->extra1 = NULL; - group->extra2 = NULL; - group->extra_free = NULL; - - CLEANUP: - if (res != MP_OKAY) { - ECGroup_free(group); - return NULL; - } - return group; -} - -/* Construct a generic ECGroup for elliptic curves over prime fields. */ -ECGroup * -ECGroup_consGFp(const mp_int *irr, const mp_int *curvea, - const mp_int *curveb, const mp_int *genx, - const mp_int *geny, const mp_int *order, int cofactor) -{ - mp_err res = MP_OKAY; - ECGroup *group = NULL; - - group = ECGroup_new(); - if (group == NULL) - return NULL; - - group->meth = GFMethod_consGFp(irr); - if (group->meth == NULL) { - res = MP_MEM; - goto CLEANUP; - } - MP_CHECKOK(mp_copy(curvea, &group->curvea)); - MP_CHECKOK(mp_copy(curveb, &group->curveb)); - MP_CHECKOK(mp_copy(genx, &group->genx)); - MP_CHECKOK(mp_copy(geny, &group->geny)); - MP_CHECKOK(mp_copy(order, &group->order)); - group->cofactor = cofactor; - group->point_add = &ec_GFp_pt_add_aff; - group->point_sub = &ec_GFp_pt_sub_aff; - group->point_dbl = &ec_GFp_pt_dbl_aff; - group->point_mul = &ec_GFp_pt_mul_jm_wNAF; - group->base_point_mul = NULL; - group->points_mul = &ec_GFp_pts_mul_jac; - - CLEANUP: - if (res != MP_OKAY) { - ECGroup_free(group); - return NULL; - } - return group; -} - -/* Construct a generic ECGroup for elliptic curves over prime fields with - * field arithmetic implemented in Montgomery coordinates. */ -ECGroup * -ECGroup_consGFp_mont(const mp_int *irr, const mp_int *curvea, - const mp_int *curveb, const mp_int *genx, - const mp_int *geny, const mp_int *order, int cofactor) -{ - mp_err res = MP_OKAY; - ECGroup *group = NULL; - - group = ECGroup_new(); - if (group == NULL) - return NULL; - - group->meth = GFMethod_consGFp_mont(irr); - if (group->meth == NULL) { - res = MP_MEM; - goto CLEANUP; - } - MP_CHECKOK(group->meth-> - field_enc(curvea, &group->curvea, group->meth)); - MP_CHECKOK(group->meth-> - field_enc(curveb, &group->curveb, group->meth)); - MP_CHECKOK(group->meth->field_enc(genx, &group->genx, group->meth)); - MP_CHECKOK(group->meth->field_enc(geny, &group->geny, group->meth)); - MP_CHECKOK(mp_copy(order, &group->order)); - group->cofactor = cofactor; - group->point_add = &ec_GFp_pt_add_aff; - group->point_sub = &ec_GFp_pt_sub_aff; - group->point_dbl = &ec_GFp_pt_dbl_aff; - group->point_mul = &ec_GFp_pt_mul_jm_wNAF; - group->base_point_mul = NULL; - group->points_mul = &ec_GFp_pts_mul_jac; - - CLEANUP: - if (res != MP_OKAY) { - ECGroup_free(group); - return NULL; - } - return group; -} - -/* Construct a generic ECGroup for elliptic curves over binary polynomial - * fields. */ -ECGroup * -ECGroup_consGF2m(const mp_int *irr, const unsigned int irr_arr[5], - const mp_int *curvea, const mp_int *curveb, - const mp_int *genx, const mp_int *geny, - const mp_int *order, int cofactor) -{ - mp_err res = MP_OKAY; - ECGroup *group = NULL; - - group = ECGroup_new(); - if (group == NULL) - return NULL; - - group->meth = GFMethod_consGF2m(irr, irr_arr); - if (group->meth == NULL) { - res = MP_MEM; - goto CLEANUP; - } - MP_CHECKOK(mp_copy(curvea, &group->curvea)); - MP_CHECKOK(mp_copy(curveb, &group->curveb)); - MP_CHECKOK(mp_copy(genx, &group->genx)); - MP_CHECKOK(mp_copy(geny, &group->geny)); - MP_CHECKOK(mp_copy(order, &group->order)); - group->cofactor = cofactor; - group->point_add = &ec_GF2m_pt_add_aff; - group->point_sub = &ec_GF2m_pt_sub_aff; - group->point_dbl = &ec_GF2m_pt_dbl_aff; - group->point_mul = &ec_GF2m_pt_mul_mont; - group->base_point_mul = NULL; - group->points_mul = &ec_pts_mul_basic; - - CLEANUP: - if (res != MP_OKAY) { - ECGroup_free(group); - return NULL; - } - return group; -} - -/* Helper macros for ecgroup_fromNameAndHex. */ -#define CHECK_GROUP \ - if (group == NULL) { res = MP_UNDEF; goto CLEANUP; } -#define CONS_GF2M \ - group = ECGroup_consGF2m(&irr, NULL, &curvea, &curveb, &genx, &geny, &order, params->cofactor); \ - CHECK_GROUP - -/* Construct ECGroup from hex parameters and name, if any. Called by - * ECGroup_fromHex and ECGroup_fromName. */ -ECGroup * -ecgroup_fromNameAndHex(const ECCurveName name, - const ECCurveParams * params) -{ - mp_int irr, curvea, curveb, genx, geny, order; - int bits; - ECGroup *group = NULL; - mp_err res = MP_OKAY; - - /* initialize values */ - MP_DIGITS(&irr) = 0; - MP_DIGITS(&curvea) = 0; - MP_DIGITS(&curveb) = 0; - MP_DIGITS(&genx) = 0; - MP_DIGITS(&geny) = 0; - MP_DIGITS(&order) = 0; - MP_CHECKOK(mp_init(&irr)); - MP_CHECKOK(mp_init(&curvea)); - MP_CHECKOK(mp_init(&curveb)); - MP_CHECKOK(mp_init(&genx)); - MP_CHECKOK(mp_init(&geny)); - MP_CHECKOK(mp_init(&order)); - MP_CHECKOK(mp_read_radix(&irr, params->irr, 16)); - MP_CHECKOK(mp_read_radix(&curvea, params->curvea, 16)); - MP_CHECKOK(mp_read_radix(&curveb, params->curveb, 16)); - MP_CHECKOK(mp_read_radix(&genx, params->genx, 16)); - MP_CHECKOK(mp_read_radix(&geny, params->geny, 16)); - MP_CHECKOK(mp_read_radix(&order, params->order, 16)); - - /* determine number of bits */ - bits = mpl_significant_bits(&irr) - 1; - if (bits < MP_OKAY) { - res = bits; - goto CLEANUP; - } - - /* determine which optimizations (if any) to use */ - if (params->field == ECField_GFp) { - if ((name == ECCurve_SECG_PRIME_160K1) - || (name == ECCurve_SECG_PRIME_160R2)) { - group = - ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny, - &order, params->cofactor); - } else if ((name == ECCurve_SECG_PRIME_160R1)) { -#ifdef ECL_USE_FP - group = - ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny, - &order, params->cofactor); - CHECK_GROUP MP_CHECKOK(ec_group_set_secp160r1_fp(group)); -#else - group = - ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny, - &order, params->cofactor); -#endif - } else if ((name == ECCurve_SECG_PRIME_192K1)) { - group = - ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny, - &order, params->cofactor); - CHECK_GROUP MP_CHECKOK(ec_group_set_gfp192(group, name)); - } else if ((name == ECCurve_SECG_PRIME_192R1)) { -#ifdef ECL_USE_FP - group = - ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny, - &order, params->cofactor); - CHECK_GROUP MP_CHECKOK(ec_group_set_nistp192_fp(group)); -#else - group = - ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny, - &order, params->cofactor); - CHECK_GROUP MP_CHECKOK(ec_group_set_gfp192(group, name)); -#endif - } else if ((name == ECCurve_SECG_PRIME_224K1)) { - group = - ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny, - &order, params->cofactor); - CHECK_GROUP MP_CHECKOK(ec_group_set_gfp224(group, name)); - } else if ((name == ECCurve_SECG_PRIME_224R1)) { -#ifdef ECL_USE_FP - group = - ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny, - &order, params->cofactor); - CHECK_GROUP MP_CHECKOK(ec_group_set_nistp224_fp(group)); -#else - group = - ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny, - &order, params->cofactor); - CHECK_GROUP MP_CHECKOK(ec_group_set_gfp224(group, name)); -#endif - } else { - group = - ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny, - &order, params->cofactor); - CHECK_GROUP} - /* XXX secp521r1 fails ecp_test with &ec_GFp_pts_mul_jac */ - if (name == ECCurve_SECG_PRIME_521R1) { - group->points_mul = &ec_pts_mul_simul_w2; - } - } else if (params->field == ECField_GF2m) { - switch (bits) { - case 163: - CONS_GF2M MP_CHECKOK(ec_group_set_gf2m163(group, name)); - break; - case 193: - CONS_GF2M MP_CHECKOK(ec_group_set_gf2m193(group, name)); - break; - case 233: - CONS_GF2M MP_CHECKOK(ec_group_set_gf2m233(group, name)); - break; - default: - group = - ECGroup_consGF2m(&irr, NULL, &curvea, &curveb, &genx, - &geny, &order, params->cofactor); - CHECK_GROUP break; - } - } - - /* set name, if any */ - if (params->text != NULL) { - group->text = (char *) malloc(sizeof(char) * strlen(params->text)); - if (group->text == NULL) { - res = MP_MEM; - } - strcpy(group->text, params->text); - } - - CLEANUP: - mp_clear(&irr); - mp_clear(&curvea); - mp_clear(&curveb); - mp_clear(&genx); - mp_clear(&geny); - mp_clear(&order); - if (res != MP_OKAY) { - ECGroup_free(group); - return NULL; - } - return group; -} - -#undef CHECK_GROUP -#undef CONS_GFP -#undef CONS_GF2M - -/* Construct ECGroup from hexadecimal representations of parameters. */ -ECGroup * -ECGroup_fromHex(const ECCurveParams * params) -{ - return ecgroup_fromNameAndHex(ECCurve_noName, params); -} - -/* Construct ECGroup from named parameters. */ -ECGroup * -ECGroup_fromName(const ECCurveName name) -{ - ECGroup *group = NULL; - ECCurveParams *params = NULL; - mp_err res = MP_OKAY; - - params = EC_GetNamedCurveParams(name); - if (params == NULL) { - res = MP_UNDEF; - goto CLEANUP; - } - - /* construct actual group */ - group = ecgroup_fromNameAndHex(name, params); - if (group == NULL) { - res = MP_UNDEF; - goto CLEANUP; - } - - CLEANUP: - EC_FreeCurveParams(params); - if (res != MP_OKAY) { - ECGroup_free(group); - return NULL; - } - return group; -} - -/* Free the memory allocated (if any) to an ECGroup object. */ -void -ECGroup_free(ECGroup *group) -{ - if (group == NULL) - return; - GFMethod_free(group->meth); - if (group->constructed == MP_NO) - return; - if (group->text != NULL) - free(group->text); - if (group->extra_free != NULL) - group->extra_free(group); - free(group); -} diff --git a/security/nss/lib/freebl/ecl/ecl.h b/security/nss/lib/freebl/ecl/ecl.h deleted file mode 100644 index 7db9deb0a..000000000 --- a/security/nss/lib/freebl/ecl/ecl.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -/* Although this is not an exported header file, code which uses elliptic - * curve point operations will need to include it. */ - -#ifndef __ecl_h_ -#define __ecl_h_ - -#include "ecl-exp.h" -#include "mpi.h" - -struct ECGroupStr; -typedef struct ECGroupStr ECGroup; - -/* Construct ECGroup from hexadecimal representations of parameters. */ -ECGroup *ECGroup_fromHex(const ECCurveParams * params); - -/* Construct ECGroup from named parameters. */ -ECGroup *ECGroup_fromName(const ECCurveName name); - -/* Free an allocated ECGroup. */ -void ECGroup_free(ECGroup *group); - -/* Construct ECCurveParams from an ECCurveName */ -ECCurveParams *EC_GetNamedCurveParams(const ECCurveName name); - -/* Duplicates an ECCurveParams */ -ECCurveParams *ECCurveParams_dup(const ECCurveParams * params); - -/* Free an allocated ECCurveParams */ -void EC_FreeCurveParams(ECCurveParams * params); - -/* Elliptic curve scalar-point multiplication. Computes Q(x, y) = k * P(x, - * y). If x, y = NULL, then P is assumed to be the generator (base point) - * of the group of points on the elliptic curve. Input and output values - * are assumed to be NOT field-encoded. */ -mp_err ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px, - const mp_int *py, mp_int *qx, mp_int *qy); - -/* Elliptic curve scalar-point multiplication. Computes Q(x, y) = k1 * G + - * k2 * P(x, y), where G is the generator (base point) of the group of - * points on the elliptic curve. Input and output values are assumed to - * be NOT field-encoded. */ -mp_err ECPoints_mul(const ECGroup *group, const mp_int *k1, - const mp_int *k2, const mp_int *px, const mp_int *py, - mp_int *qx, mp_int *qy); - -#endif /* __ecl_h_ */ diff --git a/security/nss/lib/freebl/ecl/ecl_curve.c b/security/nss/lib/freebl/ecl/ecl_curve.c deleted file mode 100644 index d8368092e..000000000 --- a/security/nss/lib/freebl/ecl/ecl_curve.c +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ecl.h" -#include "ecl-curve.h" -#include "ecl-priv.h" -#include -#include - -#define CHECK(func) if ((func) == NULL) { res = 0; goto CLEANUP; } - -/* Duplicates an ECCurveParams */ -ECCurveParams * -ECCurveParams_dup(const ECCurveParams * params) -{ - int res = 1; - ECCurveParams *ret = NULL; - - CHECK(ret = (ECCurveParams *) malloc(sizeof(ECCurveParams))); - if (params->text != NULL) { - CHECK(ret->text = strdup(params->text)); - } - ret->field = params->field; - ret->size = params->size; - if (params->irr != NULL) { - CHECK(ret->irr = strdup(params->irr)); - } - if (params->curvea != NULL) { - CHECK(ret->curvea = strdup(params->curvea)); - } - if (params->curveb != NULL) { - CHECK(ret->curveb = strdup(params->curveb)); - } - if (params->genx != NULL) { - CHECK(ret->genx = strdup(params->genx)); - } - if (params->geny != NULL) { - CHECK(ret->geny = strdup(params->geny)); - } - if (params->order != NULL) { - CHECK(ret->order = strdup(params->order)); - } - ret->cofactor = params->cofactor; - - CLEANUP: - if (res != 1) { - EC_FreeCurveParams(ret); - return NULL; - } - return ret; -} - -#undef CHECK - -/* Construct ECCurveParams from an ECCurveName */ -ECCurveParams * -EC_GetNamedCurveParams(const ECCurveName name) -{ - if ((name <= ECCurve_noName) || (ECCurve_pastLastCurve <= name)) { - return NULL; - } else { - return ECCurveParams_dup(ecCurve_map[name]); - } -} - -/* Free the memory allocated (if any) to an ECCurveParams object. */ -void -EC_FreeCurveParams(ECCurveParams * params) -{ - if (params == NULL) - return; - if (params->text != NULL) - free(params->text); - if (params->irr != NULL) - free(params->irr); - if (params->curvea != NULL) - free(params->curvea); - if (params->curveb != NULL) - free(params->curveb); - if (params->genx != NULL) - free(params->genx); - if (params->geny != NULL) - free(params->geny); - if (params->order != NULL) - free(params->order); - free(params); -} diff --git a/security/nss/lib/freebl/ecl/ecl_gf.c b/security/nss/lib/freebl/ecl/ecl_gf.c deleted file mode 100644 index 000f97b86..000000000 --- a/security/nss/lib/freebl/ecl/ecl_gf.c +++ /dev/null @@ -1,337 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Stephen Fung and - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "mpi.h" -#include "mp_gf2m.h" -#include "ecl-priv.h" -#include - -/* Allocate memory for a new GFMethod object. */ -GFMethod * -GFMethod_new() -{ - mp_err res = MP_OKAY; - GFMethod *meth; - meth = (GFMethod *) malloc(sizeof(GFMethod)); - if (meth == NULL) - return NULL; - meth->constructed = MP_YES; - MP_CHECKOK(mp_init(&meth->irr)); - meth->extra_free = NULL; - - CLEANUP: - if (res != MP_OKAY) { - GFMethod_free(meth); - return NULL; - } - return meth; -} - -/* Construct a generic GFMethod for arithmetic over prime fields with - * irreducible irr. */ -GFMethod * -GFMethod_consGFp(const mp_int *irr) -{ - mp_err res = MP_OKAY; - GFMethod *meth = NULL; - - meth = GFMethod_new(); - if (meth == NULL) - return NULL; - - MP_CHECKOK(mp_copy(irr, &meth->irr)); - meth->irr_arr[0] = mpl_significant_bits(irr); - meth->irr_arr[1] = meth->irr_arr[2] = meth->irr_arr[3] = - meth->irr_arr[4] = 0; - meth->field_add = &ec_GFp_add; - meth->field_neg = &ec_GFp_neg; - meth->field_sub = &ec_GFp_sub; - meth->field_mod = &ec_GFp_mod; - meth->field_mul = &ec_GFp_mul; - meth->field_sqr = &ec_GFp_sqr; - meth->field_div = &ec_GFp_div; - meth->field_enc = NULL; - meth->field_dec = NULL; - meth->extra1 = NULL; - meth->extra2 = NULL; - meth->extra_free = NULL; - - CLEANUP: - if (res != MP_OKAY) { - GFMethod_free(meth); - return NULL; - } - return meth; -} - -/* Construct a generic GFMethod for arithmetic over binary polynomial - * fields with irreducible irr that has array representation irr_arr (see - * ecl-priv.h for description of the representation). If irr_arr is NULL, - * then it is constructed from the bitstring representation. */ -GFMethod * -GFMethod_consGF2m(const mp_int *irr, const unsigned int irr_arr[5]) -{ - mp_err res = MP_OKAY; - int ret; - GFMethod *meth = NULL; - - meth = GFMethod_new(); - if (meth == NULL) - return NULL; - - MP_CHECKOK(mp_copy(irr, &meth->irr)); - if (irr_arr != NULL) { - /* Irreducible polynomials are either trinomials or pentanomials. */ - meth->irr_arr[0] = irr_arr[0]; - meth->irr_arr[1] = irr_arr[1]; - meth->irr_arr[2] = irr_arr[2]; - if (irr_arr[2] > 0) { - meth->irr_arr[3] = irr_arr[3]; - meth->irr_arr[4] = irr_arr[4]; - } else { - meth->irr_arr[3] = meth->irr_arr[4] = 0; - } - } else { - ret = mp_bpoly2arr(irr, meth->irr_arr, 5); - /* Irreducible polynomials are either trinomials or pentanomials. */ - if ((ret != 5) && (ret != 3)) { - res = MP_UNDEF; - goto CLEANUP; - } - } - meth->field_add = &ec_GF2m_add; - meth->field_neg = &ec_GF2m_neg; - meth->field_sub = &ec_GF2m_add; - meth->field_mod = &ec_GF2m_mod; - meth->field_mul = &ec_GF2m_mul; - meth->field_sqr = &ec_GF2m_sqr; - meth->field_div = &ec_GF2m_div; - meth->field_enc = NULL; - meth->field_dec = NULL; - meth->extra1 = NULL; - meth->extra2 = NULL; - meth->extra_free = NULL; - - CLEANUP: - if (res != MP_OKAY) { - GFMethod_free(meth); - return NULL; - } - return meth; -} - -/* Free the memory allocated (if any) to a GFMethod object. */ -void -GFMethod_free(GFMethod *meth) -{ - if (meth == NULL) - return; - if (meth->constructed == MP_NO) - return; - if (meth->extra_free != NULL) - meth->extra_free(meth); - free(meth); -} - -/* Wrapper functions for generic prime field arithmetic. */ - -/* Add two field elements. Assumes that 0 <= a, b < meth->irr */ -mp_err -ec_GFp_add(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth) -{ - /* PRE: 0 <= a, b < p = meth->irr POST: 0 <= r < p, r = a + b (mod p) */ - mp_err res; - - if ((res = mp_add(a, b, r)) != MP_OKAY) { - return res; - } - if (mp_cmp(r, &meth->irr) >= 0) { - return mp_sub(r, &meth->irr, r); - } - return res; -} - -/* Negates a field element. Assumes that 0 <= a < meth->irr */ -mp_err -ec_GFp_neg(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - /* PRE: 0 <= a < p = meth->irr POST: 0 <= r < p, r = -a (mod p) */ - - if (mp_cmp_z(a) == 0) { - mp_zero(r); - return MP_OKAY; - } - return mp_sub(&meth->irr, a, r); -} - -/* Subtracts two field elements. Assumes that 0 <= a, b < meth->irr */ -mp_err -ec_GFp_sub(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth) -{ - mp_err res = MP_OKAY; - - /* PRE: 0 <= a, b < p = meth->irr POST: 0 <= r < p, r = a - b (mod p) */ - res = mp_sub(a, b, r); - if (res == MP_RANGE) { - MP_CHECKOK(mp_sub(b, a, r)); - if (mp_cmp_z(r) < 0) { - MP_CHECKOK(mp_add(r, &meth->irr, r)); - } - MP_CHECKOK(ec_GFp_neg(r, r, meth)); - } - if (mp_cmp_z(r) < 0) { - MP_CHECKOK(mp_add(r, &meth->irr, r)); - } - CLEANUP: - return res; -} - -/* Reduces an integer to a field element. */ -mp_err -ec_GFp_mod(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - return mp_mod(a, &meth->irr, r); -} - -/* Multiplies two field elements. */ -mp_err -ec_GFp_mul(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth) -{ - return mp_mulmod(a, b, &meth->irr, r); -} - -/* Squares a field element. */ -mp_err -ec_GFp_sqr(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - return mp_sqrmod(a, &meth->irr, r); -} - -/* Divides two field elements. If a is NULL, then returns the inverse of - * b. */ -mp_err -ec_GFp_div(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth) -{ - mp_err res = MP_OKAY; - mp_int t; - - /* If a is NULL, then return the inverse of b, otherwise return a/b. */ - if (a == NULL) { - return mp_invmod(b, &meth->irr, r); - } else { - /* MPI doesn't support divmod, so we implement it using invmod and - * mulmod. */ - MP_CHECKOK(mp_init(&t)); - MP_CHECKOK(mp_invmod(b, &meth->irr, &t)); - MP_CHECKOK(mp_mulmod(a, &t, &meth->irr, r)); - CLEANUP: - mp_clear(&t); - return res; - } -} - -/* Wrapper functions for generic binary polynomial field arithmetic. */ - -/* Adds two field elements. */ -mp_err -ec_GF2m_add(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth) -{ - return mp_badd(a, b, r); -} - -/* Negates a field element. Note that for binary polynomial fields, the - * negation of a field element is the field element itself. */ -mp_err -ec_GF2m_neg(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - if (a == r) { - return MP_OKAY; - } else { - return mp_copy(a, r); - } -} - -/* Reduces a binary polynomial to a field element. */ -mp_err -ec_GF2m_mod(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - return mp_bmod(a, meth->irr_arr, r); -} - -/* Multiplies two field elements. */ -mp_err -ec_GF2m_mul(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth) -{ - return mp_bmulmod(a, b, meth->irr_arr, r); -} - -/* Squares a field element. */ -mp_err -ec_GF2m_sqr(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - return mp_bsqrmod(a, meth->irr_arr, r); -} - -/* Divides two field elements. If a is NULL, then returns the inverse of - * b. */ -mp_err -ec_GF2m_div(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth) -{ - mp_err res = MP_OKAY; - mp_int t; - - /* If a is NULL, then return the inverse of b, otherwise return a/b. */ - if (a == NULL) { - /* The GF(2^m) portion of MPI doesn't support invmod, so we - * compute 1/b. */ - MP_CHECKOK(mp_init(&t)); - MP_CHECKOK(mp_set_int(&t, 1)); - MP_CHECKOK(mp_bdivmod(&t, b, &meth->irr, meth->irr_arr, r)); - CLEANUP: - mp_clear(&t); - return res; - } else { - return mp_bdivmod(a, b, &meth->irr, meth->irr_arr, r); - } -} diff --git a/security/nss/lib/freebl/ecl/ecl_mult.c b/security/nss/lib/freebl/ecl/ecl_mult.c deleted file mode 100644 index 9609733de..000000000 --- a/security/nss/lib/freebl/ecl/ecl_mult.c +++ /dev/null @@ -1,359 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "mpi.h" -#include "mplogic.h" -#include "ecl.h" -#include "ecl-priv.h" -#include -#include - -/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k * P(x, - * y). If x, y = NULL, then P is assumed to be the generator (base point) - * of the group of points on the elliptic curve. Input and output values - * are assumed to be NOT field-encoded. */ -mp_err -ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry) -{ - mp_err res = MP_OKAY; - mp_int kt; - - ARGCHK((k != NULL) && (group != NULL), MP_BADARG); - MP_DIGITS(&kt) = 0; - - /* want scalar to be less than or equal to group order */ - if (mp_cmp(k, &group->order) >= 0) { - MP_CHECKOK(mp_init(&kt)); - MP_CHECKOK(mp_mod(k, &group->order, &kt)); - } else { - MP_SIGN(&kt) = MP_ZPOS; - MP_USED(&kt) = MP_USED(k); - MP_ALLOC(&kt) = MP_ALLOC(k); - MP_DIGITS(&kt) = MP_DIGITS(k); - } - - if ((px == NULL) || (py == NULL)) { - if (group->base_point_mul) { - MP_CHECKOK(group->base_point_mul(&kt, rx, ry, group)); - } else { - MP_CHECKOK(group-> - point_mul(&kt, &group->genx, &group->geny, rx, ry, - group)); - } - } else { - if (group->meth->field_enc) { - MP_CHECKOK(group->meth->field_enc(px, rx, group->meth)); - MP_CHECKOK(group->meth->field_enc(py, ry, group->meth)); - MP_CHECKOK(group->point_mul(&kt, rx, ry, rx, ry, group)); - } else { - MP_CHECKOK(group->point_mul(&kt, px, py, rx, ry, group)); - } - } - if (group->meth->field_dec) { - MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth)); - MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth)); - } - - CLEANUP: - if (MP_DIGITS(&kt) != MP_DIGITS(k)) { - mp_clear(&kt); - } - return res; -} - -/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G + - * k2 * P(x, y), where G is the generator (base point) of the group of - * points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL. - * Input and output values are assumed to be NOT field-encoded. */ -mp_err -ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, - const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int sx, sy; - - ARGCHK(group != NULL, MP_BADARG); - ARGCHK(!((k1 == NULL) - && ((k2 == NULL) || (px == NULL) - || (py == NULL))), MP_BADARG); - - /* if some arguments are not defined used ECPoint_mul */ - if (k1 == NULL) { - return ECPoint_mul(group, k2, px, py, rx, ry); - } else if ((k2 == NULL) || (px == NULL) || (py == NULL)) { - return ECPoint_mul(group, k1, NULL, NULL, rx, ry); - } - - MP_DIGITS(&sx) = 0; - MP_DIGITS(&sy) = 0; - MP_CHECKOK(mp_init(&sx)); - MP_CHECKOK(mp_init(&sy)); - - MP_CHECKOK(ECPoint_mul(group, k1, NULL, NULL, &sx, &sy)); - MP_CHECKOK(ECPoint_mul(group, k2, px, py, rx, ry)); - - if (group->meth->field_enc) { - MP_CHECKOK(group->meth->field_enc(&sx, &sx, group->meth)); - MP_CHECKOK(group->meth->field_enc(&sy, &sy, group->meth)); - MP_CHECKOK(group->meth->field_enc(rx, rx, group->meth)); - MP_CHECKOK(group->meth->field_enc(ry, ry, group->meth)); - } - - MP_CHECKOK(group->point_add(&sx, &sy, rx, ry, rx, ry, group)); - - if (group->meth->field_dec) { - MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth)); - MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth)); - } - - CLEANUP: - mp_clear(&sx); - mp_clear(&sy); - return res; -} - -/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G + - * k2 * P(x, y), where G is the generator (base point) of the group of - * points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL. - * Input and output values are assumed to be NOT field-encoded. Uses - * algorithm 15 (simultaneous multiple point multiplication) from Brown, - * Hankerson, Lopez, Menezes. Software Implementation of the NIST - * Elliptic Curves over Prime Fields. */ -mp_err -ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, - const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int precomp[4][4][2]; - mp_digit precomp_arr[ECL_MAX_FIELD_SIZE_DIGITS * 4 * 4 * 2], *t; - const mp_int *a, *b; - int i, j; - int ai, bi, d; - - ARGCHK(group != NULL, MP_BADARG); - ARGCHK(!((k1 == NULL) - && ((k2 == NULL) || (px == NULL) - || (py == NULL))), MP_BADARG); - - /* if some arguments are not defined used ECPoint_mul */ - if (k1 == NULL) { - return ECPoint_mul(group, k2, px, py, rx, ry); - } else if ((k2 == NULL) || (px == NULL) || (py == NULL)) { - return ECPoint_mul(group, k1, NULL, NULL, rx, ry); - } - - /* initialize precomputation table */ - t = precomp_arr; - for (i = 0; i < 4; i++) { - for (j = 0; j < 4; j++) { - /* x co-ord */ - MP_SIGN(&precomp[i][j][0]) = MP_ZPOS; - MP_ALLOC(&precomp[i][j][0]) = ECL_MAX_FIELD_SIZE_DIGITS; - MP_USED(&precomp[i][j][0]) = 1; - *t = 0; - MP_DIGITS(&precomp[i][j][0]) = t; - t += ECL_MAX_FIELD_SIZE_DIGITS; - /* y co-ord */ - MP_SIGN(&precomp[i][j][1]) = MP_ZPOS; - MP_ALLOC(&precomp[i][j][1]) = ECL_MAX_FIELD_SIZE_DIGITS; - MP_USED(&precomp[i][j][1]) = 1; - *t = 0; - MP_DIGITS(&precomp[i][j][1]) = t; - t += ECL_MAX_FIELD_SIZE_DIGITS; - } - } - - /* fill precomputation table */ - /* assign {k1, k2} = {a, b} such that len(a) >= len(b) */ - if (mpl_significant_bits(k1) < mpl_significant_bits(k2)) { - a = k2; - b = k1; - if (group->meth->field_enc) { - MP_CHECKOK(group->meth-> - field_enc(px, &precomp[1][0][0], group->meth)); - MP_CHECKOK(group->meth-> - field_enc(py, &precomp[1][0][1], group->meth)); - } else { - MP_CHECKOK(mp_copy(px, &precomp[1][0][0])); - MP_CHECKOK(mp_copy(py, &precomp[1][0][1])); - } - MP_CHECKOK(mp_copy(&group->genx, &precomp[0][1][0])); - MP_CHECKOK(mp_copy(&group->geny, &precomp[0][1][1])); - } else { - a = k1; - b = k2; - MP_CHECKOK(mp_copy(&group->genx, &precomp[1][0][0])); - MP_CHECKOK(mp_copy(&group->geny, &precomp[1][0][1])); - if (group->meth->field_enc) { - MP_CHECKOK(group->meth-> - field_enc(px, &precomp[0][1][0], group->meth)); - MP_CHECKOK(group->meth-> - field_enc(py, &precomp[0][1][1], group->meth)); - } else { - MP_CHECKOK(mp_copy(px, &precomp[0][1][0])); - MP_CHECKOK(mp_copy(py, &precomp[0][1][1])); - } - } - /* precompute [*][0][*] */ - mp_zero(&precomp[0][0][0]); - mp_zero(&precomp[0][0][1]); - MP_CHECKOK(group-> - point_dbl(&precomp[1][0][0], &precomp[1][0][1], - &precomp[2][0][0], &precomp[2][0][1], group)); - MP_CHECKOK(group-> - point_add(&precomp[1][0][0], &precomp[1][0][1], - &precomp[2][0][0], &precomp[2][0][1], - &precomp[3][0][0], &precomp[3][0][1], group)); - /* precompute [*][1][*] */ - for (i = 1; i < 4; i++) { - MP_CHECKOK(group-> - point_add(&precomp[0][1][0], &precomp[0][1][1], - &precomp[i][0][0], &precomp[i][0][1], - &precomp[i][1][0], &precomp[i][1][1], group)); - } - /* precompute [*][2][*] */ - MP_CHECKOK(group-> - point_dbl(&precomp[0][1][0], &precomp[0][1][1], - &precomp[0][2][0], &precomp[0][2][1], group)); - for (i = 1; i < 4; i++) { - MP_CHECKOK(group-> - point_add(&precomp[0][2][0], &precomp[0][2][1], - &precomp[i][0][0], &precomp[i][0][1], - &precomp[i][2][0], &precomp[i][2][1], group)); - } - /* precompute [*][3][*] */ - MP_CHECKOK(group-> - point_add(&precomp[0][1][0], &precomp[0][1][1], - &precomp[0][2][0], &precomp[0][2][1], - &precomp[0][3][0], &precomp[0][3][1], group)); - for (i = 1; i < 4; i++) { - MP_CHECKOK(group-> - point_add(&precomp[0][3][0], &precomp[0][3][1], - &precomp[i][0][0], &precomp[i][0][1], - &precomp[i][3][0], &precomp[i][3][1], group)); - } - - d = (mpl_significant_bits(a) + 1) / 2; - - /* R = inf */ - mp_zero(rx); - mp_zero(ry); - - for (i = d - 1; i >= 0; i--) { - ai = MP_GET_BIT(a, 2 * i + 1); - ai <<= 1; - ai |= MP_GET_BIT(a, 2 * i); - bi = MP_GET_BIT(b, 2 * i + 1); - bi <<= 1; - bi |= MP_GET_BIT(b, 2 * i); - /* R = 2^2 * R */ - MP_CHECKOK(group->point_dbl(rx, ry, rx, ry, group)); - MP_CHECKOK(group->point_dbl(rx, ry, rx, ry, group)); - /* R = R + (ai * A + bi * B) */ - MP_CHECKOK(group-> - point_add(rx, ry, &precomp[ai][bi][0], - &precomp[ai][bi][1], rx, ry, group)); - } - - if (group->meth->field_dec) { - MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth)); - MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth)); - } - - CLEANUP: - return res; -} - -/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G + - * k2 * P(x, y), where G is the generator (base point) of the group of - * points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL. - * Input and output values are assumed to be NOT field-encoded. */ -mp_err -ECPoints_mul(const ECGroup *group, const mp_int *k1, const mp_int *k2, - const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry) -{ - mp_err res = MP_OKAY; - mp_int k1t, k2t; - const mp_int *k1p, *k2p; - - MP_DIGITS(&k1t) = 0; - MP_DIGITS(&k2t) = 0; - - ARGCHK(group != NULL, MP_BADARG); - - /* want scalar to be less than or equal to group order */ - if (k1 != NULL) { - if (mp_cmp(k1, &group->order) >= 0) { - MP_CHECKOK(mp_init(&k1t)); - MP_CHECKOK(mp_mod(k1, &group->order, &k1t)); - k1p = &k1t; - } else { - k1p = k1; - } - } else { - k1p = k1; - } - if (k2 != NULL) { - if (mp_cmp(k2, &group->order) >= 0) { - MP_CHECKOK(mp_init(&k2t)); - MP_CHECKOK(mp_mod(k2, &group->order, &k2t)); - k2p = &k2t; - } else { - k2p = k2; - } - } else { - k2p = k2; - } - - /* if points_mul is defined, then use it */ - if (group->points_mul) { - return group->points_mul(k1p, k2p, px, py, rx, ry, group); - } else { - return ec_pts_mul_simul_w2(k1p, k2p, px, py, rx, ry, group); - } - - CLEANUP: - if (k1 != k1p) { - mp_clear(&k1t); - } - if (k2 != k2p) { - mp_clear(&k2t); - } - return res; -} diff --git a/security/nss/lib/freebl/ecl/ecp.h b/security/nss/lib/freebl/ecl/ecp.h deleted file mode 100644 index 801c83c56..000000000 --- a/security/nss/lib/freebl/ecl/ecp.h +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#ifndef __ecp_h_ -#define __ecp_h_ - -#include "ecl-priv.h" - -/* Checks if point P(px, py) is at infinity. Uses affine coordinates. */ -mp_err ec_GFp_pt_is_inf_aff(const mp_int *px, const mp_int *py); - -/* Sets P(px, py) to be the point at infinity. Uses affine coordinates. */ -mp_err ec_GFp_pt_set_inf_aff(mp_int *px, mp_int *py); - -/* Computes R = P + Q where R is (rx, ry), P is (px, py) and Q is (qx, - * qy). Uses affine coordinates. */ -mp_err ec_GFp_pt_add_aff(const mp_int *px, const mp_int *py, - const mp_int *qx, const mp_int *qy, mp_int *rx, - mp_int *ry, const ECGroup *group); - -/* Computes R = P - Q. Uses affine coordinates. */ -mp_err ec_GFp_pt_sub_aff(const mp_int *px, const mp_int *py, - const mp_int *qx, const mp_int *qy, mp_int *rx, - mp_int *ry, const ECGroup *group); - -/* Computes R = 2P. Uses affine coordinates. */ -mp_err ec_GFp_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx, - mp_int *ry, const ECGroup *group); - -#ifdef ECL_ENABLE_GFP_PT_MUL_AFF -/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters - * a, b and p are the elliptic curve coefficients and the prime that - * determines the field GFp. Uses affine coordinates. */ -mp_err ec_GFp_pt_mul_aff(const mp_int *n, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, - const ECGroup *group); -#endif - -/* Converts a point P(px, py) from affine coordinates to Jacobian - * projective coordinates R(rx, ry, rz). */ -mp_err ec_GFp_pt_aff2jac(const mp_int *px, const mp_int *py, mp_int *rx, - mp_int *ry, mp_int *rz, const ECGroup *group); - -/* Converts a point P(px, py, pz) from Jacobian projective coordinates to - * affine coordinates R(rx, ry). */ -mp_err ec_GFp_pt_jac2aff(const mp_int *px, const mp_int *py, - const mp_int *pz, mp_int *rx, mp_int *ry, - const ECGroup *group); - -/* Checks if point P(px, py, pz) is at infinity. Uses Jacobian - * coordinates. */ -mp_err ec_GFp_pt_is_inf_jac(const mp_int *px, const mp_int *py, - const mp_int *pz); - -/* Sets P(px, py, pz) to be the point at infinity. Uses Jacobian - * coordinates. */ -mp_err ec_GFp_pt_set_inf_jac(mp_int *px, mp_int *py, mp_int *pz); - -/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is - * (qx, qy, qz). Uses Jacobian coordinates. */ -mp_err ec_GFp_pt_add_jac_aff(const mp_int *px, const mp_int *py, - const mp_int *pz, const mp_int *qx, - const mp_int *qy, mp_int *rx, mp_int *ry, - mp_int *rz, const ECGroup *group); - -/* Computes R = 2P. Uses Jacobian coordinates. */ -mp_err ec_GFp_pt_dbl_jac(const mp_int *px, const mp_int *py, - const mp_int *pz, mp_int *rx, mp_int *ry, - mp_int *rz, const ECGroup *group); - -#ifdef ECL_ENABLE_GFP_PT_MUL_JAC -/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters - * a, b and p are the elliptic curve coefficients and the prime that - * determines the field GFp. Uses Jacobian coordinates. */ -mp_err ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, - const ECGroup *group); -#endif - -/* Computes R(x, y) = k1 * G + k2 * P(x, y), where G is the generator - * (base point) of the group of points on the elliptic curve. Allows k1 = - * NULL or { k2, P } = NULL. Implemented using mixed Jacobian-affine - * coordinates. Input and output values are assumed to be NOT - * field-encoded and are in affine form. */ -mp_err - ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, - const ECGroup *group); - -/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic - * curve points P and R can be identical. Uses mixed Modified-Jacobian - * co-ordinates for doubling and Chudnovsky Jacobian coordinates for - * additions. Assumes input is already field-encoded using field_enc, and - * returns output that is still field-encoded. Uses 5-bit window NAF - * method (algorithm 11) for scalar-point multiplication from Brown, - * Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic - * Curves Over Prime Fields. */ -mp_err - ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py, - mp_int *rx, mp_int *ry, const ECGroup *group); - -#endif /* __ecp_h_ */ diff --git a/security/nss/lib/freebl/ecl/ecp_192.c b/security/nss/lib/freebl/ecl/ecp_192.c deleted file mode 100644 index 914349e63..000000000 --- a/security/nss/lib/freebl/ecl/ecp_192.c +++ /dev/null @@ -1,228 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ecp.h" -#include "mpi.h" -#include "mplogic.h" -#include "mpi-priv.h" -#include - -/* Fast modular reduction for p192 = 2^192 - 2^64 - 1. a can be r. Uses - * algorithm 7 from Brown, Hankerson, Lopez, Menezes. Software - * Implementation of the NIST Elliptic Curves over Prime Fields. */ -mp_err -ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - mp_err res = MP_OKAY; - mp_size a_used = MP_USED(a); - - /* s is a statically-allocated mp_int of exactly the size we need */ - mp_int s; - -#ifdef ECL_THIRTY_TWO_BIT - mp_digit sa[6]; - mp_digit a11 = 0, a10, a9 = 0, a8, a7 = 0, a6; - - MP_SIGN(&s) = MP_ZPOS; - MP_ALLOC(&s) = 6; - MP_USED(&s) = 6; - MP_DIGITS(&s) = sa; -#else - mp_digit sa[3]; - mp_digit a5 = 0, a4 = 0, a3 = 0; - - MP_SIGN(&s) = MP_ZPOS; - MP_ALLOC(&s) = 3; - MP_USED(&s) = 3; - MP_DIGITS(&s) = sa; -#endif - - /* reduction not needed if a is not larger than field size */ -#ifdef ECL_THIRTY_TWO_BIT - if (a_used < 6) { -#else - if (a_used < 3) { -#endif - return mp_copy(a, r); - } -#ifdef ECL_THIRTY_TWO_BIT - /* for polynomials larger than twice the field size, use regular - * reduction */ - if (a_used > 12) { - MP_CHECKOK(mp_mod(a, &meth->irr, r)); - } else { - /* copy out upper words of a */ - switch (a_used) { - case 12: - a11 = MP_DIGIT(a, 11); - case 11: - a10 = MP_DIGIT(a, 10); - case 10: - a9 = MP_DIGIT(a, 9); - case 9: - a8 = MP_DIGIT(a, 8); - case 8: - a7 = MP_DIGIT(a, 7); - case 7: - a6 = MP_DIGIT(a, 6); - } - /* set the lower words of r */ - if (a != r) { - MP_CHECKOK(s_mp_pad(r, 7)); - MP_DIGIT(r, 5) = MP_DIGIT(a, 5); - MP_DIGIT(r, 4) = MP_DIGIT(a, 4); - MP_DIGIT(r, 3) = MP_DIGIT(a, 3); - MP_DIGIT(r, 2) = MP_DIGIT(a, 2); - MP_DIGIT(r, 1) = MP_DIGIT(a, 1); - MP_DIGIT(r, 0) = MP_DIGIT(a, 0); - } - MP_USED(r) = 6; - /* compute r = s1 + s2 + s3 + s4, where s1 = (a2,a1,a0), s2 = - * (0,a3,a3), s3 = (a4,a4,0), and s4 = (a5,a5,a5), for - * sixty-four-bit words */ - switch (a_used) { - case 12: - case 11: - sa[5] = sa[3] = sa[1] = a11; - sa[4] = sa[2] = sa[0] = a10; - MP_CHECKOK(mp_add(r, &s, r)); - case 10: - case 9: - sa[5] = sa[3] = a9; - sa[4] = sa[2] = a8; - sa[1] = sa[0] = 0; - MP_CHECKOK(mp_add(r, &s, r)); - case 8: - case 7: - sa[5] = sa[4] = 0; - sa[3] = sa[1] = a7; - sa[2] = sa[0] = a6; - MP_CHECKOK(mp_add(r, &s, r)); - } - /* there might be 1 or 2 bits left to reduce; use regular - * reduction for this */ - MP_CHECKOK(mp_mod(r, &meth->irr, r)); - } -#else - /* for polynomials larger than twice the field size, use regular - * reduction */ - if (a_used > 6) { - MP_CHECKOK(mp_mod(a, &meth->irr, r)); - } else { - /* copy out upper words of a */ - switch (a_used) { - case 6: - a5 = MP_DIGIT(a, 5); - case 5: - a4 = MP_DIGIT(a, 4); - case 4: - a3 = MP_DIGIT(a, 3); - } - /* set the lower words of r */ - if (a != r) { - MP_CHECKOK(s_mp_pad(r, 4)); - MP_DIGIT(r, 2) = MP_DIGIT(a, 2); - MP_DIGIT(r, 1) = MP_DIGIT(a, 1); - MP_DIGIT(r, 0) = MP_DIGIT(a, 0); - } - MP_USED(r) = 3; - /* compute r = s1 + s2 + s3 + s4, where s1 = (a2,a1,a0), s2 = - * (0,a3,a3), s3 = (a4,a4,0), and s4 = (a5,a5,a5) */ - switch (a_used) { - case 6: - sa[2] = sa[1] = sa[0] = a5; - MP_CHECKOK(mp_add(r, &s, r)); - case 5: - sa[2] = sa[1] = a4; - sa[0] = 0; - MP_CHECKOK(mp_add(r, &s, r)); - case 4: - sa[2] = 0; - sa[1] = sa[0] = a3; - MP_CHECKOK(mp_add(r, &s, r)); - } - /* there might be 1 or 2 bits left to reduce; use regular - * reduction for this */ - MP_CHECKOK(mp_mod(r, &meth->irr, r)); - } -#endif - - CLEANUP: - return res; -} - -/* Compute the square of polynomial a, reduce modulo p192. Store the - * result in r. r could be a. Uses optimized modular reduction for p192. - */ -mp_err -ec_GFp_nistp192_sqr(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - mp_err res = MP_OKAY; - - MP_CHECKOK(mp_sqr(a, r)); - MP_CHECKOK(ec_GFp_nistp192_mod(r, r, meth)); - CLEANUP: - return res; -} - -/* Compute the product of two polynomials a and b, reduce modulo p192. - * Store the result in r. r could be a or b; a could be b. Uses - * optimized modular reduction for p192. */ -mp_err -ec_GFp_nistp192_mul(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth) -{ - mp_err res = MP_OKAY; - - MP_CHECKOK(mp_mul(a, b, r)); - MP_CHECKOK(ec_GFp_nistp192_mod(r, r, meth)); - CLEANUP: - return res; -} - -/* Wire in fast field arithmetic and precomputation of base point for - * named curves. */ -mp_err -ec_group_set_gfp192(ECGroup *group, ECCurveName name) -{ - if (name == ECCurve_NIST_P192) { - group->meth->field_mod = &ec_GFp_nistp192_mod; - group->meth->field_mul = &ec_GFp_nistp192_mul; - group->meth->field_sqr = &ec_GFp_nistp192_sqr; - } - return MP_OKAY; -} diff --git a/security/nss/lib/freebl/ecl/ecp_224.c b/security/nss/lib/freebl/ecl/ecp_224.c deleted file mode 100644 index 6e6e81ce4..000000000 --- a/security/nss/lib/freebl/ecl/ecp_224.c +++ /dev/null @@ -1,305 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ecp.h" -#include "mpi.h" -#include "mplogic.h" -#include "mpi-priv.h" -#include - -/* Fast modular reduction for p224 = 2^224 - 2^96 + 1. a can be r. Uses - * algorithm 7 from Brown, Hankerson, Lopez, Menezes. Software - * Implementation of the NIST Elliptic Curves over Prime Fields. */ -mp_err -ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - mp_err res = MP_OKAY; - mp_size a_used = MP_USED(a); - - /* s is a statically-allocated mp_int of exactly the size we need */ - mp_int s; - -#ifdef ECL_THIRTY_TWO_BIT - mp_digit sa[8]; - mp_digit a13 = 0, a12 = 0, a11 = 0, a10, a9 = 0, a8, a7; - - MP_SIGN(&s) = MP_ZPOS; - MP_ALLOC(&s) = 8; - MP_USED(&s) = 7; - MP_DIGITS(&s) = sa; -#else - mp_digit sa[4]; - mp_digit a6 = 0, a5 = 0, a4 = 0, a3 = 0; - - MP_SIGN(&s) = MP_ZPOS; - MP_ALLOC(&s) = 4; - MP_USED(&s) = 4; - MP_DIGITS(&s) = sa; -#endif - - /* reduction not needed if a is not larger than field size */ -#ifdef ECL_THIRTY_TWO_BIT - if (a_used < 8) { -#else - if (a_used < 4) { -#endif - return mp_copy(a, r); - } -#ifdef ECL_THIRTY_TWO_BIT - /* for polynomials larger than twice the field size, use regular - * reduction */ - if (a_used > 14) { - MP_CHECKOK(mp_mod(a, &meth->irr, r)); - } else { - /* copy out upper words of a */ - switch (a_used) { - case 14: - a13 = MP_DIGIT(a, 13); - case 13: - a12 = MP_DIGIT(a, 12); - case 12: - a11 = MP_DIGIT(a, 11); - case 11: - a10 = MP_DIGIT(a, 10); - case 10: - a9 = MP_DIGIT(a, 9); - case 9: - a8 = MP_DIGIT(a, 8); - case 8: - a7 = MP_DIGIT(a, 7); - } - /* set the lower words of r */ - if (a != r) { - MP_CHECKOK(s_mp_pad(r, 8)); - MP_DIGIT(r, 6) = MP_DIGIT(a, 6); - MP_DIGIT(r, 5) = MP_DIGIT(a, 5); - MP_DIGIT(r, 4) = MP_DIGIT(a, 4); - MP_DIGIT(r, 3) = MP_DIGIT(a, 3); - MP_DIGIT(r, 2) = MP_DIGIT(a, 2); - MP_DIGIT(r, 1) = MP_DIGIT(a, 1); - MP_DIGIT(r, 0) = MP_DIGIT(a, 0); - } - MP_USED(r) = 7; - switch (a_used) { - case 14: - case 13: - case 12: - case 11: - sa[6] = a10; - case 10: - sa[5] = a9; - case 9: - sa[4] = a8; - case 8: - sa[3] = a7; - sa[2] = sa[1] = sa[0] = 0; - MP_USED(&s) = a_used - 4; - if (MP_USED(&s) > 7) - MP_USED(&s) = 7; - MP_CHECKOK(mp_add(r, &s, r)); - } - switch (a_used) { - case 14: - sa[5] = a13; - case 13: - sa[4] = a12; - case 12: - sa[3] = a11; - sa[2] = sa[1] = sa[0] = 0; - MP_USED(&s) = a_used - 8; - MP_CHECKOK(mp_add(r, &s, r)); - } - switch (a_used) { - case 14: - sa[6] = a13; - case 13: - sa[5] = a12; - case 12: - sa[4] = a11; - case 11: - sa[3] = a10; - case 10: - sa[2] = a9; - case 9: - sa[1] = a8; - case 8: - sa[0] = a7; - MP_USED(&s) = a_used - 7; - MP_CHECKOK(mp_sub(r, &s, r)); - } - switch (a_used) { - case 14: - sa[2] = a13; - case 13: - sa[1] = a12; - case 12: - sa[0] = a11; - MP_USED(&s) = a_used - 11; - MP_CHECKOK(mp_sub(r, &s, r)); - } - /* there might be 1 or 2 bits left to reduce; use regular - * reduction for this */ - MP_CHECKOK(mp_mod(r, &meth->irr, r)); - } -#else - /* for polynomials larger than twice the field size, use regular - * reduction */ - if (a_used > 7) { - MP_CHECKOK(mp_mod(a, &meth->irr, r)); - } else { - /* copy out upper words of a */ - switch (a_used) { - case 7: - a6 = MP_DIGIT(a, 6); - case 6: - a5 = MP_DIGIT(a, 5); - case 5: - a4 = MP_DIGIT(a, 4); - case 4: - a3 = MP_DIGIT(a, 3) >> 32; - } - /* set the lower words of r */ - if (a != r) { - MP_CHECKOK(s_mp_pad(r, 5)); - MP_DIGIT(r, 3) = MP_DIGIT(a, 3) & 0xFFFFFFFF; - MP_DIGIT(r, 2) = MP_DIGIT(a, 2); - MP_DIGIT(r, 1) = MP_DIGIT(a, 1); - MP_DIGIT(r, 0) = MP_DIGIT(a, 0); - } else { - MP_DIGIT(r, 3) &= 0xFFFFFFFF; - } - MP_USED(r) = 4; - switch (a_used) { - case 7: - case 6: - sa[3] = a5 & 0xFFFFFFFF; - case 5: - sa[2] = a4; - case 4: - sa[1] = a3 << 32; - sa[0] = 0; - MP_USED(&s) = a_used - 2; - if (MP_USED(&s) == 5) - MP_USED(&s) = 4; - MP_CHECKOK(mp_add(r, &s, r)); - } - switch (a_used) { - case 7: - sa[2] = a6; - case 6: - sa[1] = (a5 >> 32) << 32; - sa[0] = 0; - MP_USED(&s) = a_used - 4; - MP_CHECKOK(mp_add(r, &s, r)); - } - sa[2] = sa[1] = sa[0] = 0; - switch (a_used) { - case 7: - sa[3] = a6 >> 32; - sa[2] = a6 << 32; - case 6: - sa[2] |= a5 >> 32; - sa[1] = a5 << 32; - case 5: - sa[1] |= a4 >> 32; - sa[0] = a4 << 32; - case 4: - sa[0] |= a3; - MP_USED(&s) = a_used - 3; - MP_CHECKOK(mp_sub(r, &s, r)); - } - sa[0] = 0; - switch (a_used) { - case 7: - sa[1] = a6 >> 32; - sa[0] = a6 << 32; - case 6: - sa[0] |= a5 >> 32; - MP_USED(&s) = a_used - 5; - MP_CHECKOK(mp_sub(r, &s, r)); - } - /* there might be 1 or 2 bits left to reduce; use regular - * reduction for this */ - MP_CHECKOK(mp_mod(r, &meth->irr, r)); - } -#endif - - CLEANUP: - return res; -} - -/* Compute the square of polynomial a, reduce modulo p224. Store the - * result in r. r could be a. Uses optimized modular reduction for p224. - */ -mp_err -ec_GFp_nistp224_sqr(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - mp_err res = MP_OKAY; - - MP_CHECKOK(mp_sqr(a, r)); - MP_CHECKOK(ec_GFp_nistp224_mod(r, r, meth)); - CLEANUP: - return res; -} - -/* Compute the product of two polynomials a and b, reduce modulo p224. - * Store the result in r. r could be a or b; a could be b. Uses - * optimized modular reduction for p224. */ -mp_err -ec_GFp_nistp224_mul(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth) -{ - mp_err res = MP_OKAY; - - MP_CHECKOK(mp_mul(a, b, r)); - MP_CHECKOK(ec_GFp_nistp224_mod(r, r, meth)); - CLEANUP: - return res; -} - -/* Wire in fast field arithmetic and precomputation of base point for - * named curves. */ -mp_err -ec_group_set_gfp224(ECGroup *group, ECCurveName name) -{ - if (name == ECCurve_NIST_P224) { - group->meth->field_mod = &ec_GFp_nistp224_mod; - group->meth->field_mul = &ec_GFp_nistp224_mul; - group->meth->field_sqr = &ec_GFp_nistp224_sqr; - } - return MP_OKAY; -} diff --git a/security/nss/lib/freebl/ecl/ecp_aff.c b/security/nss/lib/freebl/ecl/ecp_aff.c deleted file mode 100644 index 0bda87657..000000000 --- a/security/nss/lib/freebl/ecl/ecp_aff.c +++ /dev/null @@ -1,284 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sheueling Chang-Shantz , - * Stephen Fung , and - * Douglas Stebila , Sun Microsystems Laboratories. - * - * Bodo Moeller , - * Nils Larsch , and - * Lenka Fibikova , the OpenSSL Project. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ecp.h" -#include "mplogic.h" -#include - -/* Checks if point P(px, py) is at infinity. Uses affine coordinates. */ -mp_err -ec_GFp_pt_is_inf_aff(const mp_int *px, const mp_int *py) -{ - - if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) { - return MP_YES; - } else { - return MP_NO; - } - -} - -/* Sets P(px, py) to be the point at infinity. Uses affine coordinates. */ -mp_err -ec_GFp_pt_set_inf_aff(mp_int *px, mp_int *py) -{ - mp_zero(px); - mp_zero(py); - return MP_OKAY; -} - -/* Computes R = P + Q based on IEEE P1363 A.10.1. Elliptic curve points P, - * Q, and R can all be identical. Uses affine coordinates. Assumes input - * is already field-encoded using field_enc, and returns output that is - * still field-encoded. */ -mp_err -ec_GFp_pt_add_aff(const mp_int *px, const mp_int *py, const mp_int *qx, - const mp_int *qy, mp_int *rx, mp_int *ry, - const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int lambda, temp, tempx, tempy; - - MP_DIGITS(&lambda) = 0; - MP_DIGITS(&temp) = 0; - MP_DIGITS(&tempx) = 0; - MP_DIGITS(&tempy) = 0; - MP_CHECKOK(mp_init(&lambda)); - MP_CHECKOK(mp_init(&temp)); - MP_CHECKOK(mp_init(&tempx)); - MP_CHECKOK(mp_init(&tempy)); - /* if P = inf, then R = Q */ - if (ec_GFp_pt_is_inf_aff(px, py) == 0) { - MP_CHECKOK(mp_copy(qx, rx)); - MP_CHECKOK(mp_copy(qy, ry)); - res = MP_OKAY; - goto CLEANUP; - } - /* if Q = inf, then R = P */ - if (ec_GFp_pt_is_inf_aff(qx, qy) == 0) { - MP_CHECKOK(mp_copy(px, rx)); - MP_CHECKOK(mp_copy(py, ry)); - res = MP_OKAY; - goto CLEANUP; - } - /* if px != qx, then lambda = (py-qy) / (px-qx) */ - if (mp_cmp(px, qx) != 0) { - MP_CHECKOK(group->meth->field_sub(py, qy, &tempy, group->meth)); - MP_CHECKOK(group->meth->field_sub(px, qx, &tempx, group->meth)); - MP_CHECKOK(group->meth-> - field_div(&tempy, &tempx, &lambda, group->meth)); - } else { - /* if py != qy or qy = 0, then R = inf */ - if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qy) == 0)) { - mp_zero(rx); - mp_zero(ry); - res = MP_OKAY; - goto CLEANUP; - } - /* lambda = (3qx^2+a) / (2qy) */ - MP_CHECKOK(group->meth->field_sqr(qx, &tempx, group->meth)); - MP_CHECKOK(mp_set_int(&temp, 3)); - if (group->meth->field_enc) { - MP_CHECKOK(group->meth->field_enc(&temp, &temp, group->meth)); - } - MP_CHECKOK(group->meth-> - field_mul(&tempx, &temp, &tempx, group->meth)); - MP_CHECKOK(group->meth-> - field_add(&tempx, &group->curvea, &tempx, group->meth)); - MP_CHECKOK(mp_set_int(&temp, 2)); - if (group->meth->field_enc) { - MP_CHECKOK(group->meth->field_enc(&temp, &temp, group->meth)); - } - MP_CHECKOK(group->meth->field_mul(qy, &temp, &tempy, group->meth)); - MP_CHECKOK(group->meth-> - field_div(&tempx, &tempy, &lambda, group->meth)); - } - /* rx = lambda^2 - px - qx */ - MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth)); - MP_CHECKOK(group->meth->field_sub(&tempx, px, &tempx, group->meth)); - MP_CHECKOK(group->meth->field_sub(&tempx, qx, &tempx, group->meth)); - /* ry = (x1-x2) * lambda - y1 */ - MP_CHECKOK(group->meth->field_sub(qx, &tempx, &tempy, group->meth)); - MP_CHECKOK(group->meth-> - field_mul(&tempy, &lambda, &tempy, group->meth)); - MP_CHECKOK(group->meth->field_sub(&tempy, qy, &tempy, group->meth)); - MP_CHECKOK(mp_copy(&tempx, rx)); - MP_CHECKOK(mp_copy(&tempy, ry)); - - CLEANUP: - mp_clear(&lambda); - mp_clear(&temp); - mp_clear(&tempx); - mp_clear(&tempy); - return res; -} - -/* Computes R = P - Q. Elliptic curve points P, Q, and R can all be - * identical. Uses affine coordinates. Assumes input is already - * field-encoded using field_enc, and returns output that is still - * field-encoded. */ -mp_err -ec_GFp_pt_sub_aff(const mp_int *px, const mp_int *py, const mp_int *qx, - const mp_int *qy, mp_int *rx, mp_int *ry, - const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int nqy; - - MP_DIGITS(&nqy) = 0; - MP_CHECKOK(mp_init(&nqy)); - /* nqy = -qy */ - MP_CHECKOK(group->meth->field_neg(qy, &nqy, group->meth)); - res = group->point_add(px, py, qx, &nqy, rx, ry, group); - CLEANUP: - mp_clear(&nqy); - return res; -} - -/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses - * affine coordinates. Assumes input is already field-encoded using - * field_enc, and returns output that is still field-encoded. */ -mp_err -ec_GFp_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx, - mp_int *ry, const ECGroup *group) -{ - return ec_GFp_pt_add_aff(px, py, px, py, rx, ry, group); -} - -/* by default, this routine is unused and thus doesn't need to be compiled */ -#ifdef ECL_ENABLE_GFP_PT_MUL_AFF -/* Computes R = nP based on IEEE P1363 A.10.3. Elliptic curve points P and - * R can be identical. Uses affine coordinates. Assumes input is already - * field-encoded using field_enc, and returns output that is still - * field-encoded. */ -mp_err -ec_GFp_pt_mul_aff(const mp_int *n, const mp_int *px, const mp_int *py, - mp_int *rx, mp_int *ry, const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int k, k3, qx, qy, sx, sy; - int b1, b3, i, l; - - MP_DIGITS(&k) = 0; - MP_DIGITS(&k3) = 0; - MP_DIGITS(&qx) = 0; - MP_DIGITS(&qy) = 0; - MP_DIGITS(&sx) = 0; - MP_DIGITS(&sy) = 0; - MP_CHECKOK(mp_init(&k)); - MP_CHECKOK(mp_init(&k3)); - MP_CHECKOK(mp_init(&qx)); - MP_CHECKOK(mp_init(&qy)); - MP_CHECKOK(mp_init(&sx)); - MP_CHECKOK(mp_init(&sy)); - - /* if n = 0 then r = inf */ - if (mp_cmp_z(n) == 0) { - mp_zero(rx); - mp_zero(ry); - res = MP_OKAY; - goto CLEANUP; - } - /* Q = P, k = n */ - MP_CHECKOK(mp_copy(px, &qx)); - MP_CHECKOK(mp_copy(py, &qy)); - MP_CHECKOK(mp_copy(n, &k)); - /* if n < 0 then Q = -Q, k = -k */ - if (mp_cmp_z(n) < 0) { - MP_CHECKOK(group->meth->field_neg(&qy, &qy, group->meth)); - MP_CHECKOK(mp_neg(&k, &k)); - } -#ifdef ECL_DEBUG /* basic double and add method */ - l = mpl_significant_bits(&k) - 1; - MP_CHECKOK(mp_copy(&qx, &sx)); - MP_CHECKOK(mp_copy(&qy, &sy)); - for (i = l - 1; i >= 0; i--) { - /* S = 2S */ - MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group)); - /* if k_i = 1, then S = S + Q */ - if (mpl_get_bit(&k, i) != 0) { - MP_CHECKOK(group-> - point_add(&sx, &sy, &qx, &qy, &sx, &sy, group)); - } - } -#else /* double and add/subtract method from - * standard */ - /* k3 = 3 * k */ - MP_CHECKOK(mp_set_int(&k3, 3)); - MP_CHECKOK(mp_mul(&k, &k3, &k3)); - /* S = Q */ - MP_CHECKOK(mp_copy(&qx, &sx)); - MP_CHECKOK(mp_copy(&qy, &sy)); - /* l = index of high order bit in binary representation of 3*k */ - l = mpl_significant_bits(&k3) - 1; - /* for i = l-1 downto 1 */ - for (i = l - 1; i >= 1; i--) { - /* S = 2S */ - MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group)); - b3 = MP_GET_BIT(&k3, i); - b1 = MP_GET_BIT(&k, i); - /* if k3_i = 1 and k_i = 0, then S = S + Q */ - if ((b3 == 1) && (b1 == 0)) { - MP_CHECKOK(group-> - point_add(&sx, &sy, &qx, &qy, &sx, &sy, group)); - /* if k3_i = 0 and k_i = 1, then S = S - Q */ - } else if ((b3 == 0) && (b1 == 1)) { - MP_CHECKOK(group-> - point_sub(&sx, &sy, &qx, &qy, &sx, &sy, group)); - } - } -#endif - /* output S */ - MP_CHECKOK(mp_copy(&sx, rx)); - MP_CHECKOK(mp_copy(&sy, ry)); - - CLEANUP: - mp_clear(&k); - mp_clear(&k3); - mp_clear(&qx); - mp_clear(&qy); - mp_clear(&sx); - mp_clear(&sy); - return res; -} -#endif diff --git a/security/nss/lib/freebl/ecl/ecp_fp.c b/security/nss/lib/freebl/ecl/ecp_fp.c deleted file mode 100644 index 1b9c6ed67..000000000 --- a/security/nss/lib/freebl/ecl/ecp_fp.c +++ /dev/null @@ -1,566 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves using floating point operations. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sheueling Chang-Shantz , - * Stephen Fung , and - * Douglas Stebila , Sun Microsystems Laboratories. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ecp_fp.h" -#include "ecl-priv.h" -#include - -/* Performs tidying on a short multi-precision floating point integer (the - * lower group->numDoubles floats). */ -void -ecfp_tidyShort(double *t, const EC_group_fp * group) -{ - group->ecfp_tidy(t, group->alpha, group); -} - -/* Performs tidying on only the upper float digits of a multi-precision - * floating point integer, i.e. the digits beyond the regular length which - * are removed in the reduction step. */ -void -ecfp_tidyUpper(double *t, const EC_group_fp * group) -{ - group->ecfp_tidy(t + group->numDoubles, - group->alpha + group->numDoubles, group); -} - -/* Performs a "tidy" operation, which performs carrying, moving excess - * bits from one double to the next double, so that the precision of the - * doubles is reduced to the regular precision group->doubleBitSize. This - * might result in some float digits being negative. Alternative C version - * for portability. */ -void -ecfp_tidy(double *t, const double *alpha, const EC_group_fp * group) -{ - double q; - int i; - - /* Do carrying */ - for (i = 0; i < group->numDoubles - 1; i++) { - q = t[i] + alpha[i + 1]; - q -= alpha[i + 1]; - t[i] -= q; - t[i + 1] += q; - - /* If we don't assume that truncation rounding is used, then q - * might be 2^n bigger than expected (if it rounds up), then t[0] - * could be negative and t[1] 2^n larger than expected. */ - } -} - -/* Performs a more mathematically precise "tidying" so that each term is - * positive. This is slower than the regular tidying, and is used for - * conversion from floating point to integer. */ -void -ecfp_positiveTidy(double *t, const EC_group_fp * group) -{ - double q; - int i; - - /* Do carrying */ - for (i = 0; i < group->numDoubles - 1; i++) { - /* Subtract beta to force rounding down */ - q = t[i] - ecfp_beta[i + 1]; - q += group->alpha[i + 1]; - q -= group->alpha[i + 1]; - t[i] -= q; - t[i + 1] += q; - - /* Due to subtracting ecfp_beta, we should have each term a - * non-negative int */ - ECFP_ASSERT(t[i] / ecfp_exp[i] == - (unsigned long long) (t[i] / ecfp_exp[i])); - ECFP_ASSERT(t[i] >= 0); - } -} - -/* Converts from a floating point representation into an mp_int. Expects - * that d is already reduced. */ -void -ecfp_fp2i(mp_int *mpout, double *d, const ECGroup *ecgroup) -{ - EC_group_fp *group = (EC_group_fp *) ecgroup->extra1; - unsigned short i16[(group->primeBitSize + 15) / 16]; - double q = 1; - -#ifdef ECL_THIRTY_TWO_BIT - /* TEST uint32_t z = 0; */ - unsigned int z = 0; -#else - uint64_t z = 0; -#endif - int zBits = 0; - int copiedBits = 0; - int i = 0; - int j = 0; - - mp_digit *out; - - /* Result should always be >= 0, so set sign accordingly */ - MP_SIGN(mpout) = MP_ZPOS; - - /* Tidy up so we're just dealing with positive numbers */ - ecfp_positiveTidy(d, group); - - /* We might need to do this reduction step more than once if the - * reduction adds smaller terms which carry-over to cause another - * reduction. However, this should happen very rarely, if ever, - * depending on the elliptic curve. */ - do { - /* Init loop data */ - z = 0; - zBits = 0; - q = 1; - i = 0; - j = 0; - copiedBits = 0; - - /* Might have to do a bit more reduction */ - group->ecfp_singleReduce(d, group); - - /* Grow the size of the mpint if it's too small */ - s_mp_grow(mpout, group->numInts); - MP_USED(mpout) = group->numInts; - out = MP_DIGITS(mpout); - - /* Convert double to 16 bit integers */ - while (copiedBits < group->primeBitSize) { - if (zBits < 16) { - z += d[i] * q; - i++; - ECFP_ASSERT(i < (group->primeBitSize + 15) / 16); - zBits += group->doubleBitSize; - } - i16[j] = z; - j++; - z >>= 16; - zBits -= 16; - q *= ecfp_twom16; - copiedBits += 16; - } - } while (z != 0); - - /* Convert 16 bit integers to mp_digit */ -#ifdef ECL_THIRTY_TWO_BIT - for (i = 0; i < (group->primeBitSize + 15) / 16; i += 2) { - *out = 0; - if (i + 1 < (group->primeBitSize + 15) / 16) { - *out = i16[i + 1]; - *out <<= 16; - } - *out++ += i16[i]; - } -#else /* 64 bit */ - for (i = 0; i < (group->primeBitSize + 15) / 16; i += 4) { - *out = 0; - if (i + 3 < (group->primeBitSize + 15) / 16) { - *out = i16[i + 3]; - *out <<= 16; - } - if (i + 2 < (group->primeBitSize + 15) / 16) { - *out += i16[i + 2]; - *out <<= 16; - } - if (i + 1 < (group->primeBitSize + 15) / 16) { - *out += i16[i + 1]; - *out <<= 16; - } - *out++ += i16[i]; - } -#endif - - /* Perform final reduction. mpout should already be the same number - * of bits as p, but might not be less than p. Make it so. Since - * mpout has the same number of bits as p, and 2p has a larger bit - * size, then mpout < 2p, so a single subtraction of p will suffice. */ - if (mp_cmp(mpout, &ecgroup->meth->irr) >= 0) { - mp_sub(mpout, &ecgroup->meth->irr, mpout); - } - - /* Shrink the size of the mp_int to the actual used size (required for - * mp_cmp_z == 0) */ - out = MP_DIGITS(mpout); - for (i = group->numInts - 1; i > 0; i--) { - if (out[i] != 0) - break; - } - MP_USED(mpout) = i + 1; - - /* Should be between 0 and p-1 */ - ECFP_ASSERT(mp_cmp(mpout, &ecgroup->meth->irr) < 0); - ECFP_ASSERT(mp_cmp_z(mpout) >= 0); -} - -/* Converts from an mpint into a floating point representation. */ -void -ecfp_i2fp(double *out, const mp_int *x, const ECGroup *ecgroup) -{ - int i; - int j = 0; - int size; - double shift = 1; - mp_digit *in; - EC_group_fp *group = (EC_group_fp *) ecgroup->extra1; - -#ifdef ECL_DEBUG - /* if debug mode, convert result back using ecfp_fp2i into cmp, then - * compare to x. */ - mp_int cmp; - - MP_DIGITS(&cmp) = NULL; - mp_init(&cmp); -#endif - - ECFP_ASSERT(group != NULL); - - /* init output to 0 (since we skip over some terms) */ - for (i = 0; i < group->numDoubles; i++) - out[i] = 0; - i = 0; - - size = MP_USED(x); - in = MP_DIGITS(x); - - /* Copy from int into doubles */ -#ifdef ECL_THIRTY_TWO_BIT - while (j < size) { - while (group->doubleBitSize * (i + 1) <= 32 * j) { - i++; - } - ECFP_ASSERT(group->doubleBitSize * i <= 32 * j); - out[i] = in[j]; - out[i] *= shift; - shift *= ecfp_two32; - j++; - } -#else - while (j < size) { - while (group->doubleBitSize * (i + 1) <= 64 * j) { - i++; - } - ECFP_ASSERT(group->doubleBitSize * i <= 64 * j); - out[i] = (in[j] & 0x00000000FFFFFFFF) * shift; - - while (group->doubleBitSize * (i + 1) <= 64 * j + 32) { - i++; - } - ECFP_ASSERT(24 * i <= 64 * j + 32); - out[i] = (in[j] & 0xFFFFFFFF00000000) * shift; - - shift *= ecfp_two64; - j++; - } -#endif - /* Realign bits to match double boundaries */ - ecfp_tidyShort(out, group); - -#ifdef ECL_DEBUG - /* Convert result back to mp_int, compare to original */ - ecfp_fp2i(&cmp, out, ecgroup); - ECFP_ASSERT(mp_cmp(&cmp, x) == 0); - mp_clear(&cmp); -#endif -} - -/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters - * a, b and p are the elliptic curve coefficients and the prime that - * determines the field GFp. Elliptic curve points P and R can be - * identical. Uses Jacobian coordinates. Uses 4-bit window method. */ -mp_err -ec_GFp_point_mul_jac_4w_fp(const mp_int *n, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, - const ECGroup *ecgroup) -{ - mp_err res = MP_OKAY; - ecfp_jac_pt precomp[16], r; - ecfp_aff_pt p; - EC_group_fp *group; - - mp_int rz; - int i, ni, d; - - ARGCHK(ecgroup != NULL, MP_BADARG); - ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG); - - group = (EC_group_fp *) ecgroup->extra1; - MP_DIGITS(&rz) = 0; - MP_CHECKOK(mp_init(&rz)); - - /* init p, da */ - ecfp_i2fp(p.x, px, ecgroup); - ecfp_i2fp(p.y, py, ecgroup); - ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup); - - /* Do precomputation */ - group->precompute_jac(precomp, &p, group); - - /* Do main body of calculations */ - d = (mpl_significant_bits(n) + 3) / 4; - - /* R = inf */ - for (i = 0; i < group->numDoubles; i++) { - r.z[i] = 0; - } - - for (i = d - 1; i >= 0; i--) { - /* compute window ni */ - ni = MP_GET_BIT(n, 4 * i + 3); - ni <<= 1; - ni |= MP_GET_BIT(n, 4 * i + 2); - ni <<= 1; - ni |= MP_GET_BIT(n, 4 * i + 1); - ni <<= 1; - ni |= MP_GET_BIT(n, 4 * i); - - /* R = 2^4 * R */ - group->pt_dbl_jac(&r, &r, group); - group->pt_dbl_jac(&r, &r, group); - group->pt_dbl_jac(&r, &r, group); - group->pt_dbl_jac(&r, &r, group); - - /* R = R + (ni * P) */ - group->pt_add_jac(&r, &precomp[ni], &r, group); - } - - /* Convert back to integer */ - ecfp_fp2i(rx, r.x, ecgroup); - ecfp_fp2i(ry, r.y, ecgroup); - ecfp_fp2i(&rz, r.z, ecgroup); - - /* convert result S to affine coordinates */ - MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, ecgroup)); - - CLEANUP: - mp_clear(&rz); - return res; -} - -/* Uses mixed Jacobian-affine coordinates to perform a point - * multiplication: R = n * P, n scalar. Uses mixed Jacobian-affine - * coordinates (Jacobian coordinates for doubles and affine coordinates - * for additions; based on recommendation from Brown et al.). Not very - * time efficient but quite space efficient, no precomputation needed. - * group contains the elliptic curve coefficients and the prime that - * determines the field GFp. Elliptic curve points P and R can be - * identical. Performs calculations in floating point number format, since - * this is faster than the integer operations on the ULTRASPARC III. - * Uses left-to-right binary method (double & add) (algorithm 9) for - * scalar-point multiplication from Brown, Hankerson, Lopez, Menezes. - * Software Implementation of the NIST Elliptic Curves Over Prime Fields. */ -mp_err -ec_GFp_pt_mul_jac_fp(const mp_int *n, const mp_int *px, const mp_int *py, - mp_int *rx, mp_int *ry, const ECGroup *ecgroup) -{ - mp_err res; - mp_int sx, sy, sz; - - ecfp_aff_pt p; - ecfp_jac_pt r; - EC_group_fp *group = (EC_group_fp *) ecgroup->extra1; - - int i, l; - - MP_DIGITS(&sx) = 0; - MP_DIGITS(&sy) = 0; - MP_DIGITS(&sz) = 0; - MP_CHECKOK(mp_init(&sx)); - MP_CHECKOK(mp_init(&sy)); - MP_CHECKOK(mp_init(&sz)); - - /* if n = 0 then r = inf */ - if (mp_cmp_z(n) == 0) { - mp_zero(rx); - mp_zero(ry); - res = MP_OKAY; - goto CLEANUP; - /* if n < 0 then out of range error */ - } else if (mp_cmp_z(n) < 0) { - res = MP_RANGE; - goto CLEANUP; - } - - /* Convert from integer to floating point */ - ecfp_i2fp(p.x, px, ecgroup); - ecfp_i2fp(p.y, py, ecgroup); - ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup); - - /* Init r to point at infinity */ - for (i = 0; i < group->numDoubles; i++) { - r.z[i] = 0; - } - - /* double and add method */ - l = mpl_significant_bits(n) - 1; - - for (i = l; i >= 0; i--) { - /* R = 2R */ - group->pt_dbl_jac(&r, &r, group); - - /* if n_i = 1, then R = R + Q */ - if (MP_GET_BIT(n, i) != 0) { - group->pt_add_jac_aff(&r, &p, &r, group); - } - } - - /* Convert from floating point to integer */ - ecfp_fp2i(&sx, r.x, ecgroup); - ecfp_fp2i(&sy, r.y, ecgroup); - ecfp_fp2i(&sz, r.z, ecgroup); - - /* convert result R to affine coordinates */ - MP_CHECKOK(ec_GFp_pt_jac2aff(&sx, &sy, &sz, rx, ry, ecgroup)); - - CLEANUP: - mp_clear(&sx); - mp_clear(&sy); - mp_clear(&sz); - return res; -} - -/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic - * curve points P and R can be identical. Uses mixed Modified-Jacobian - * co-ordinates for doubling and Chudnovsky Jacobian coordinates for - * additions. Uses 5-bit window NAF method (algorithm 11) for scalar-point - * multiplication from Brown, Hankerson, Lopez, Menezes. Software - * Implementation of the NIST Elliptic Curves Over Prime Fields. */ -mp_err -ec_GFp_point_mul_wNAF_fp(const mp_int *n, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, - const ECGroup *ecgroup) -{ - mp_err res = MP_OKAY; - mp_int sx, sy, sz; - EC_group_fp *group = (EC_group_fp *) ecgroup->extra1; - ecfp_chud_pt precomp[16]; - - ecfp_aff_pt p; - ecfp_jm_pt r; - - signed char naf[group->orderBitSize + 1]; - int i; - - MP_DIGITS(&sx) = 0; - MP_DIGITS(&sy) = 0; - MP_DIGITS(&sz) = 0; - MP_CHECKOK(mp_init(&sx)); - MP_CHECKOK(mp_init(&sy)); - MP_CHECKOK(mp_init(&sz)); - - /* if n = 0 then r = inf */ - if (mp_cmp_z(n) == 0) { - mp_zero(rx); - mp_zero(ry); - res = MP_OKAY; - goto CLEANUP; - /* if n < 0 then out of range error */ - } else if (mp_cmp_z(n) < 0) { - res = MP_RANGE; - goto CLEANUP; - } - - /* Convert from integer to floating point */ - ecfp_i2fp(p.x, px, ecgroup); - ecfp_i2fp(p.y, py, ecgroup); - ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup); - - /* Perform precomputation */ - group->precompute_chud(precomp, &p, group); - - /* Compute 5NAF */ - ec_compute_wNAF(naf, group->orderBitSize, n, 5); - - /* Init R = pt at infinity */ - for (i = 0; i < group->numDoubles; i++) { - r.z[i] = 0; - } - - /* wNAF method */ - for (i = group->orderBitSize; i >= 0; i--) { - /* R = 2R */ - group->pt_dbl_jm(&r, &r, group); - - if (naf[i] != 0) { - group->pt_add_jm_chud(&r, &precomp[(naf[i] + 15) / 2], &r, - group); - } - } - - /* Convert from floating point to integer */ - ecfp_fp2i(&sx, r.x, ecgroup); - ecfp_fp2i(&sy, r.y, ecgroup); - ecfp_fp2i(&sz, r.z, ecgroup); - - /* convert result R to affine coordinates */ - MP_CHECKOK(ec_GFp_pt_jac2aff(&sx, &sy, &sz, rx, ry, ecgroup)); - - CLEANUP: - mp_clear(&sx); - mp_clear(&sy); - mp_clear(&sz); - return res; -} - -/* Cleans up extra memory allocated in ECGroup for this implementation. */ -void -ec_GFp_extra_free_fp(ECGroup *group) -{ - if (group->extra1 != NULL) { - free(group->extra1); - group->extra1 = NULL; - } -} - -/* Tests what precision floating point arithmetic is set to. This should - * be either a 53-bit mantissa (IEEE standard) or a 64-bit mantissa - * (extended precision on x86) and sets it into the EC_group_fp. Returns - * either 53 or 64 accordingly. */ -int -ec_set_fp_precision(EC_group_fp * group) -{ - double a = 9007199254740992.0; /* 2^53 */ - double b = a + 1; - - if (a == b) { - group->fpPrecision = 53; - group->alpha = ecfp_alpha_53; - return 53; - } - group->fpPrecision = 64; - group->alpha = ecfp_alpha_64; - return 64; -} diff --git a/security/nss/lib/freebl/ecl/ecp_fp.h b/security/nss/lib/freebl/ecl/ecp_fp.h deleted file mode 100644 index 6df7b9e69..000000000 --- a/security/nss/lib/freebl/ecl/ecp_fp.h +++ /dev/null @@ -1,405 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves using floating point operations. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Stephen Fung , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#ifndef __ecp_fp_h_ -#define __ecp_fp_h_ - -#include "mpi.h" -#include "ecl.h" -#include "ecp.h" - -#include -#include "mpi-priv.h" - -#ifdef ECL_DEBUG -#include -#endif - -/* Largest number of doubles to store one reduced number in floating - * point. Used for memory allocation on the stack. */ -#define ECFP_MAXDOUBLES 10 - -/* For debugging purposes */ -#ifndef ECL_DEBUG -#define ECFP_ASSERT(x) -#else -#define ECFP_ASSERT(x) assert(x) -#endif - -/* ECFP_Ti = 2^(i*24) Define as preprocessor constants so we can use in - * multiple static constants */ -#define ECFP_T0 1.0 -#define ECFP_T1 16777216.0 -#define ECFP_T2 281474976710656.0 -#define ECFP_T3 4722366482869645213696.0 -#define ECFP_T4 79228162514264337593543950336.0 -#define ECFP_T5 1329227995784915872903807060280344576.0 -#define ECFP_T6 22300745198530623141535718272648361505980416.0 -#define ECFP_T7 374144419156711147060143317175368453031918731001856.0 -#define ECFP_T8 6277101735386680763835789423207666416102355444464034512896.0 -#define ECFP_T9 105312291668557186697918027683670432318895095400549111254310977536.0 -#define ECFP_T10 1766847064778384329583297500742918515827483896875618958121606201292619776.0 -#define ECFP_T11 29642774844752946028434172162224104410437116074403984394101141506025761187823616.0 -#define ECFP_T12 497323236409786642155382248146820840100456150797347717440463976893159497012533375533056.0 -#define ECFP_T13 8343699359066055009355553539724812947666814540455674882605631280555545803830627148527195652096.0 -#define ECFP_T14 139984046386112763159840142535527767382602843577165595931249318810236991948760059086304843329475444736.0 -#define ECFP_T15 2348542582773833227889480596789337027375682548908319870707290971532209025114608443463698998384768703031934976.0 -#define ECFP_T16 39402006196394479212279040100143613805079739270465446667948293404245\ -721771497210611414266254884915640806627990306816.0 -#define ECFP_T17 66105596879024859895191530803277103982840468296428121928464879527440\ -5791236311345825189210439715284847591212025023358304256.0 -#define ECFP_T18 11090678776483259438313656736572334813745748301503266300681918322458\ -485231222502492159897624416558312389564843845614287315896631296.0 -#define ECFP_T19 18607071341967536398062689481932916079453218833595342343206149099024\ -36577570298683715049089827234727835552055312041415509848580169253519\ -36.0 - -#define ECFP_TWO160 1461501637330902918203684832716283019655932542976.0 -#define ECFP_TWO192 6277101735386680763835789423207666416102355444464034512896.0 -#define ECFP_TWO224 26959946667150639794667015087019630673637144422540572481103610249216.0 - -/* Multiplicative constants */ -static const double ecfp_two32 = 4294967296.0; -static const double ecfp_two64 = 18446744073709551616.0; -static const double ecfp_twom16 = .0000152587890625; -static const double ecfp_twom128 = - .00000000000000000000000000000000000000293873587705571876992184134305561419454666389193021880377187926569604314863681793212890625; -static const double ecfp_twom129 = - .000000000000000000000000000000000000001469367938527859384960920671527807097273331945965109401885939632848021574318408966064453125; -static const double ecfp_twom160 = - .0000000000000000000000000000000000000000000000006842277657836020854119773355907793609766904013068924666782559979930620520927053718196475529111921787261962890625; -static const double ecfp_twom192 = - .000000000000000000000000000000000000000000000000000000000159309191113245227702888039776771180559110455519261878607388585338616290151305816094308987472018268594098344692611135542392730712890625; -static const double ecfp_twom224 = - .00000000000000000000000000000000000000000000000000000000000000000003709206150687421385731735261547639513367564778757791002453039058917581340095629358997312082723208437536338919136001159027049567384892725385725498199462890625; - -/* ecfp_exp[i] = 2^(i*ECFP_DSIZE) */ -static const double ecfp_exp[2 * ECFP_MAXDOUBLES] = { - ECFP_T0, ECFP_T1, ECFP_T2, ECFP_T3, ECFP_T4, ECFP_T5, - ECFP_T6, ECFP_T7, ECFP_T8, ECFP_T9, ECFP_T10, ECFP_T11, - ECFP_T12, ECFP_T13, ECFP_T14, ECFP_T15, ECFP_T16, ECFP_T17, ECFP_T18, - ECFP_T19 -}; - -/* 1.1 * 2^52 Uses 2^52 to truncate, the .1 is an extra 2^51 to protect - * the 2^52 bit, so that adding alphas to a negative number won't borrow - * and empty the important 2^52 bit */ -#define ECFP_ALPHABASE_53 6755399441055744.0 -/* Special case: On some platforms, notably x86 Linux, there is an - * extended-precision floating point representation with 64-bits of - * precision in the mantissa. These extra bits of precision require a - * larger value of alpha to truncate, i.e. 1.1 * 2^63. */ -#define ECFP_ALPHABASE_64 13835058055282163712.0 - -/* - * ecfp_alpha[i] = 1.5 * 2^(52 + i*ECFP_DSIZE) we add and subtract alpha - * to truncate floating point numbers to a certain number of bits for - * tidying */ -static const double ecfp_alpha_53[2 * ECFP_MAXDOUBLES] = { - ECFP_ALPHABASE_53 * ECFP_T0, - ECFP_ALPHABASE_53 * ECFP_T1, - ECFP_ALPHABASE_53 * ECFP_T2, - ECFP_ALPHABASE_53 * ECFP_T3, - ECFP_ALPHABASE_53 * ECFP_T4, - ECFP_ALPHABASE_53 * ECFP_T5, - ECFP_ALPHABASE_53 * ECFP_T6, - ECFP_ALPHABASE_53 * ECFP_T7, - ECFP_ALPHABASE_53 * ECFP_T8, - ECFP_ALPHABASE_53 * ECFP_T9, - ECFP_ALPHABASE_53 * ECFP_T10, - ECFP_ALPHABASE_53 * ECFP_T11, - ECFP_ALPHABASE_53 * ECFP_T12, - ECFP_ALPHABASE_53 * ECFP_T13, - ECFP_ALPHABASE_53 * ECFP_T14, - ECFP_ALPHABASE_53 * ECFP_T15, - ECFP_ALPHABASE_53 * ECFP_T16, - ECFP_ALPHABASE_53 * ECFP_T17, - ECFP_ALPHABASE_53 * ECFP_T18, - ECFP_ALPHABASE_53 * ECFP_T19 -}; - -/* - * ecfp_alpha[i] = 1.5 * 2^(63 + i*ECFP_DSIZE) we add and subtract alpha - * to truncate floating point numbers to a certain number of bits for - * tidying */ -static const double ecfp_alpha_64[2 * ECFP_MAXDOUBLES] = { - ECFP_ALPHABASE_64 * ECFP_T0, - ECFP_ALPHABASE_64 * ECFP_T1, - ECFP_ALPHABASE_64 * ECFP_T2, - ECFP_ALPHABASE_64 * ECFP_T3, - ECFP_ALPHABASE_64 * ECFP_T4, - ECFP_ALPHABASE_64 * ECFP_T5, - ECFP_ALPHABASE_64 * ECFP_T6, - ECFP_ALPHABASE_64 * ECFP_T7, - ECFP_ALPHABASE_64 * ECFP_T8, - ECFP_ALPHABASE_64 * ECFP_T9, - ECFP_ALPHABASE_64 * ECFP_T10, - ECFP_ALPHABASE_64 * ECFP_T11, - ECFP_ALPHABASE_64 * ECFP_T12, - ECFP_ALPHABASE_64 * ECFP_T13, - ECFP_ALPHABASE_64 * ECFP_T14, - ECFP_ALPHABASE_64 * ECFP_T15, - ECFP_ALPHABASE_64 * ECFP_T16, - ECFP_ALPHABASE_64 * ECFP_T17, - ECFP_ALPHABASE_64 * ECFP_T18, - ECFP_ALPHABASE_64 * ECFP_T19 -}; - -/* 0.011111111111111111111111 (binary) = 0.5 - 2^25 (24 ones) */ -#define ECFP_BETABASE 0.4999999701976776123046875 - -/* - * We subtract beta prior to using alpha to simulate rounding down. We - * make this close to 0.5 to round almost everything down, but exactly 0.5 - * would cause some incorrect rounding. */ -static const double ecfp_beta[2 * ECFP_MAXDOUBLES] = { - ECFP_BETABASE * ECFP_T0, - ECFP_BETABASE * ECFP_T1, - ECFP_BETABASE * ECFP_T2, - ECFP_BETABASE * ECFP_T3, - ECFP_BETABASE * ECFP_T4, - ECFP_BETABASE * ECFP_T5, - ECFP_BETABASE * ECFP_T6, - ECFP_BETABASE * ECFP_T7, - ECFP_BETABASE * ECFP_T8, - ECFP_BETABASE * ECFP_T9, - ECFP_BETABASE * ECFP_T10, - ECFP_BETABASE * ECFP_T11, - ECFP_BETABASE * ECFP_T12, - ECFP_BETABASE * ECFP_T13, - ECFP_BETABASE * ECFP_T14, - ECFP_BETABASE * ECFP_T15, - ECFP_BETABASE * ECFP_T16, - ECFP_BETABASE * ECFP_T17, - ECFP_BETABASE * ECFP_T18, - ECFP_BETABASE * ECFP_T19 -}; - -static const double ecfp_beta_160 = ECFP_BETABASE * ECFP_TWO160; -static const double ecfp_beta_192 = ECFP_BETABASE * ECFP_TWO192; -static const double ecfp_beta_224 = ECFP_BETABASE * ECFP_TWO224; - -/* Affine EC Point. This is the basic representation (x, y) of an elliptic - * curve point. */ -typedef struct { - double x[ECFP_MAXDOUBLES]; - double y[ECFP_MAXDOUBLES]; -} ecfp_aff_pt; - -/* Jacobian EC Point. This coordinate system uses X = x/z^2, Y = y/z^3, - * which enables calculations with fewer inversions than affine - * coordinates. */ -typedef struct { - double x[ECFP_MAXDOUBLES]; - double y[ECFP_MAXDOUBLES]; - double z[ECFP_MAXDOUBLES]; -} ecfp_jac_pt; - -/* Chudnovsky Jacobian EC Point. This coordinate system is the same as - * Jacobian, except it keeps z^2, z^3 for faster additions. */ -typedef struct { - double x[ECFP_MAXDOUBLES]; - double y[ECFP_MAXDOUBLES]; - double z[ECFP_MAXDOUBLES]; - double z2[ECFP_MAXDOUBLES]; - double z3[ECFP_MAXDOUBLES]; -} ecfp_chud_pt; - -/* Modified Jacobian EC Point. This coordinate system is the same as - * Jacobian, except it keeps a*z^4 for faster doublings. */ -typedef struct { - double x[ECFP_MAXDOUBLES]; - double y[ECFP_MAXDOUBLES]; - double z[ECFP_MAXDOUBLES]; - double az4[ECFP_MAXDOUBLES]; -} ecfp_jm_pt; - -struct EC_group_fp_str; - -typedef struct EC_group_fp_str EC_group_fp; -struct EC_group_fp_str { - int fpPrecision; /* Set to number of bits in mantissa, 53 - * or 64 */ - int numDoubles; - int primeBitSize; - int orderBitSize; - int doubleBitSize; - int numInts; - int aIsM3; /* True if curvea == -3 (mod p), then we - * can optimize doubling */ - double curvea[ECFP_MAXDOUBLES]; - /* Used to truncate a double to the number of bits in the curve */ - double bitSize_alpha; - /* Pointer to either ecfp_alpha_53 or ecfp_alpha_64 */ - const double *alpha; - - void (*ecfp_singleReduce) (double *r, const EC_group_fp * group); - void (*ecfp_reduce) (double *r, double *x, const EC_group_fp * group); - /* Performs a "tidy" operation, which performs carrying, moving excess - * bits from one double to the next double, so that the precision of - * the doubles is reduced to the regular precision ECFP_DSIZE. This - * might result in some float digits being negative. */ - void (*ecfp_tidy) (double *t, const double *alpha, - const EC_group_fp * group); - /* Perform a point addition using coordinate system Jacobian + Affine - * -> Jacobian. Input and output should be multi-precision floating - * point integers. */ - void (*pt_add_jac_aff) (const ecfp_jac_pt * p, const ecfp_aff_pt * q, - ecfp_jac_pt * r, const EC_group_fp * group); - /* Perform a point doubling in Jacobian coordinates. Input and output - * should be multi-precision floating point integers. */ - void (*pt_dbl_jac) (const ecfp_jac_pt * dp, ecfp_jac_pt * dr, - const EC_group_fp * group); - /* Perform a point addition using Jacobian coordinate system. Input - * and output should be multi-precision floating point integers. */ - void (*pt_add_jac) (const ecfp_jac_pt * p, const ecfp_jac_pt * q, - ecfp_jac_pt * r, const EC_group_fp * group); - /* Perform a point doubling in Modified Jacobian coordinates. Input - * and output should be multi-precision floating point integers. */ - void (*pt_dbl_jm) (const ecfp_jm_pt * p, ecfp_jm_pt * r, - const EC_group_fp * group); - /* Perform a point doubling using coordinates Affine -> Chudnovsky - * Jacobian. Input and output should be multi-precision floating point - * integers. */ - void (*pt_dbl_aff2chud) (const ecfp_aff_pt * p, ecfp_chud_pt * r, - const EC_group_fp * group); - /* Perform a point addition using coordinates: Modified Jacobian + - * Chudnovsky Jacobian -> Modified Jacobian. Input and output should - * be multi-precision floating point integers. */ - void (*pt_add_jm_chud) (ecfp_jm_pt * p, ecfp_chud_pt * q, - ecfp_jm_pt * r, const EC_group_fp * group); - /* Perform a point addition using Chudnovsky Jacobian coordinates. - * Input and output should be multi-precision floating point integers. - */ - void (*pt_add_chud) (const ecfp_chud_pt * p, const ecfp_chud_pt * q, - ecfp_chud_pt * r, const EC_group_fp * group); - /* Expects out to be an array of size 16 of Chudnovsky Jacobian - * points. Fills in Chudnovsky Jacobian form (x, y, z, z^2, z^3), for - * -15P, -13P, -11P, -9P, -7P, -5P, -3P, -P, P, 3P, 5P, 7P, 9P, 11P, - * 13P, 15P */ - void (*precompute_chud) (ecfp_chud_pt * out, const ecfp_aff_pt * p, - const EC_group_fp * group); - /* Expects out to be an array of size 16 of Jacobian points. Fills in - * Chudnovsky Jacobian form (x, y, z), for O, P, 2P, ... 15P */ - void (*precompute_jac) (ecfp_jac_pt * out, const ecfp_aff_pt * p, - const EC_group_fp * group); - -}; - -/* Computes r = x*y. - * r must be different (point to different memory) than x and y. - * Does not tidy or reduce. */ -void ecfp_multiply(double *r, const double *x, const double *y); - -/* Performs a "tidy" operation, which performs carrying, moving excess - * bits from one double to the next double, so that the precision of the - * doubles is reduced to the regular precision group->doubleBitSize. This - * might result in some float digits being negative. */ -void ecfp_tidy(double *t, const double *alpha, const EC_group_fp * group); - -/* Performs tidying on only the upper float digits of a multi-precision - * floating point integer, i.e. the digits beyond the regular length which - * are removed in the reduction step. */ -void ecfp_tidyUpper(double *t, const EC_group_fp * group); - -/* Performs tidying on a short multi-precision floating point integer (the - * lower group->numDoubles floats). */ -void ecfp_tidyShort(double *t, const EC_group_fp * group); - -/* Performs a more mathematically precise "tidying" so that each term is - * positive. This is slower than the regular tidying, and is used for - * conversion from floating point to integer. */ -void ecfp_positiveTidy(double *t, const EC_group_fp * group); - -/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters - * a, b and p are the elliptic curve coefficients and the prime that - * determines the field GFp. Elliptic curve points P and R can be - * identical. Uses mixed Jacobian-affine coordinates. Uses 4-bit window - * method. */ -mp_err - ec_GFp_point_mul_jac_4w_fp(const mp_int *n, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, - const ECGroup *ecgroup); - -/* Computes R = nP where R is (rx, ry) and P is the base point. The - * parameters a, b and p are the elliptic curve coefficients and the prime - * that determines the field GFp. Elliptic curve points P and R can be - * identical. Uses mixed Jacobian-affine coordinates (Jacobian - * coordinates for doubles and affine coordinates for additions; based on - * recommendation from Brown et al.). Uses window NAF method (algorithm - * 11) for scalar-point multiplication from Brown, Hankerson, Lopez, - * Menezes. Software Implementation of the NIST Elliptic Curves Over Prime - * Fields. */ -mp_err ec_GFp_point_mul_wNAF_fp(const mp_int *n, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, - const ECGroup *ecgroup); - -/* Uses mixed Jacobian-affine coordinates to perform a point - * multiplication: R = n * P, n scalar. Uses mixed Jacobian-affine - * coordinates (Jacobian coordinates for doubles and affine coordinates - * for additions; based on recommendation from Brown et al.). Not very - * time efficient but quite space efficient, no precomputation needed. - * group contains the elliptic curve coefficients and the prime that - * determines the field GFp. Elliptic curve points P and R can be - * identical. Performs calculations in floating point number format, since - * this is faster than the integer operations on the ULTRASPARC III. - * Uses left-to-right binary method (double & add) (algorithm 9) for - * scalar-point multiplication from Brown, Hankerson, Lopez, Menezes. - * Software Implementation of the NIST Elliptic Curves Over Prime Fields. */ -mp_err - ec_GFp_pt_mul_jac_fp(const mp_int *n, const mp_int *px, const mp_int *py, - mp_int *rx, mp_int *ry, const ECGroup *ecgroup); - -/* Cleans up extra memory allocated in ECGroup for this implementation. */ -void ec_GFp_extra_free_fp(ECGroup *group); - -/* Converts from a floating point representation into an mp_int. Expects - * that d is already reduced. */ -void - ecfp_fp2i(mp_int *mpout, double *d, const ECGroup *ecgroup); - -/* Converts from an mpint into a floating point representation. */ -void - ecfp_i2fp(double *out, const mp_int *x, const ECGroup *ecgroup); - -/* Tests what precision floating point arithmetic is set to. This should - * be either a 53-bit mantissa (IEEE standard) or a 64-bit mantissa - * (extended precision on x86) and sets it into the EC_group_fp. Returns - * either 53 or 64 accordingly. */ -int ec_set_fp_precision(EC_group_fp * group); - -#endif diff --git a/security/nss/lib/freebl/ecl/ecp_fp160.c b/security/nss/lib/freebl/ecl/ecp_fp160.c deleted file mode 100644 index 57399d494..000000000 --- a/security/nss/lib/freebl/ecl/ecp_fp160.c +++ /dev/null @@ -1,178 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves using floating point operations. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Stephen Fung , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ecp_fp.h" -#include - -#define ECFP_BSIZE 160 -#define ECFP_NUMDOUBLES 7 - -#include "ecp_fpinc.c" - -/* Performs a single step of reduction, just on the uppermost float - * (assumes already tidied), and then retidies. Note, this does not - * guarantee that the result will be less than p, but truncates the number - * of bits. */ -void -ecfp160_singleReduce(double *d, const EC_group_fp * group) -{ - double q; - - ECFP_ASSERT(group->doubleBitSize == 24); - ECFP_ASSERT(group->primeBitSize == 160); - ECFP_ASSERT(ECFP_NUMDOUBLES == 7); - - q = d[ECFP_NUMDOUBLES - 1] - ecfp_beta_160; - q += group->bitSize_alpha; - q -= group->bitSize_alpha; - - d[ECFP_NUMDOUBLES - 1] -= q; - d[0] += q * ecfp_twom160; - d[1] += q * ecfp_twom129; - ecfp_positiveTidy(d, group); - - /* Assertions for the highest order term */ - ECFP_ASSERT(d[ECFP_NUMDOUBLES - 1] / ecfp_exp[ECFP_NUMDOUBLES - 1] == - (unsigned long long) (d[ECFP_NUMDOUBLES - 1] / - ecfp_exp[ECFP_NUMDOUBLES - 1])); - ECFP_ASSERT(d[ECFP_NUMDOUBLES - 1] >= 0); -} - -/* Performs imperfect reduction. This might leave some negative terms, - * and one more reduction might be required for the result to be between 0 - * and p-1. x should not already be reduced, i.e. should have - * 2*ECFP_NUMDOUBLES significant terms. x and r can be the same, but then - * the upper parts of r are not zeroed */ -void -ecfp160_reduce(double *r, double *x, const EC_group_fp * group) -{ - - double x7, x8, q; - - ECFP_ASSERT(group->doubleBitSize == 24); - ECFP_ASSERT(group->primeBitSize == 160); - ECFP_ASSERT(ECFP_NUMDOUBLES == 7); - - /* Tidy just the upper bits, the lower bits can wait. */ - ecfp_tidyUpper(x, group); - - /* Assume that this is already tidied so that we have enough extra - * bits */ - x7 = x[7] + x[13] * ecfp_twom129; /* adds bits 15-39 */ - - /* Tidy x7, or we won't have enough bits later to add it in */ - q = x7 + group->alpha[8]; - q -= group->alpha[8]; - x7 -= q; /* holds bits 0-24 */ - x8 = x[8] + q; /* holds bits 0-25 */ - - r[6] = x[6] + x[13] * ecfp_twom160 + x[12] * ecfp_twom129; /* adds - * bits - * 8-39 */ - r[5] = x[5] + x[12] * ecfp_twom160 + x[11] * ecfp_twom129; - r[4] = x[4] + x[11] * ecfp_twom160 + x[10] * ecfp_twom129; - r[3] = x[3] + x[10] * ecfp_twom160 + x[9] * ecfp_twom129; - r[2] = x[2] + x[9] * ecfp_twom160 + x8 * ecfp_twom129; /* adds bits - * 8-40 */ - r[1] = x[1] + x8 * ecfp_twom160 + x7 * ecfp_twom129; /* adds bits - * 8-39 */ - r[0] = x[0] + x7 * ecfp_twom160; - - /* Tidy up just r[ECFP_NUMDOUBLES-2] so that the number of reductions - * is accurate plus or minus one. (Rather than tidy all to make it - * totally accurate, which is more costly.) */ - q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1]; - q -= group->alpha[ECFP_NUMDOUBLES - 1]; - r[ECFP_NUMDOUBLES - 2] -= q; - r[ECFP_NUMDOUBLES - 1] += q; - - /* Tidy up the excess bits on r[ECFP_NUMDOUBLES-1] using reduction */ - /* Use ecfp_beta so we get a positive result */ - q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_160; - q += group->bitSize_alpha; - q -= group->bitSize_alpha; - - r[ECFP_NUMDOUBLES - 1] -= q; - r[0] += q * ecfp_twom160; - r[1] += q * ecfp_twom129; - - /* Tidy the result */ - ecfp_tidyShort(r, group); -} - -/* Sets group to use optimized calculations in this file */ -mp_err -ec_group_set_secp160r1_fp(ECGroup *group) -{ - - EC_group_fp *fpg = NULL; - - /* Allocate memory for floating point group data */ - fpg = (EC_group_fp *) malloc(sizeof(EC_group_fp)); - if (fpg == NULL) { - return MP_MEM; - } - - fpg->numDoubles = ECFP_NUMDOUBLES; - fpg->primeBitSize = ECFP_BSIZE; - fpg->orderBitSize = 161; - fpg->doubleBitSize = 24; - fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS; - fpg->aIsM3 = 1; - fpg->ecfp_singleReduce = &ecfp160_singleReduce; - fpg->ecfp_reduce = &ecfp160_reduce; - fpg->ecfp_tidy = &ecfp_tidy; - - fpg->pt_add_jac_aff = &ecfp160_pt_add_jac_aff; - fpg->pt_add_jac = &ecfp160_pt_add_jac; - fpg->pt_add_jm_chud = &ecfp160_pt_add_jm_chud; - fpg->pt_add_chud = &ecfp160_pt_add_chud; - fpg->pt_dbl_jac = &ecfp160_pt_dbl_jac; - fpg->pt_dbl_jm = &ecfp160_pt_dbl_jm; - fpg->pt_dbl_aff2chud = &ecfp160_pt_dbl_aff2chud; - fpg->precompute_chud = &ecfp160_precompute_chud; - fpg->precompute_jac = &ecfp160_precompute_jac; - - group->point_mul = &ec_GFp_point_mul_wNAF_fp; - group->points_mul = &ec_pts_mul_basic; - group->extra1 = fpg; - group->extra_free = &ec_GFp_extra_free_fp; - - ec_set_fp_precision(fpg); - fpg->bitSize_alpha = ECFP_TWO160 * fpg->alpha[0]; - return MP_OKAY; -} diff --git a/security/nss/lib/freebl/ecl/ecp_fp192.c b/security/nss/lib/freebl/ecl/ecp_fp192.c deleted file mode 100644 index 2e143aa49..000000000 --- a/security/nss/lib/freebl/ecl/ecp_fp192.c +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves using floating point operations. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Stephen Fung , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ecp_fp.h" -#include - -#define ECFP_BSIZE 192 -#define ECFP_NUMDOUBLES 8 - -#include "ecp_fpinc.c" - -/* Performs a single step of reduction, just on the uppermost float - * (assumes already tidied), and then retidies. Note, this does not - * guarantee that the result will be less than p. */ -void -ecfp192_singleReduce(double *d, const EC_group_fp * group) -{ - double q; - - ECFP_ASSERT(group->doubleBitSize == 24); - ECFP_ASSERT(group->primeBitSize == 192); - ECFP_ASSERT(group->numDoubles == 8); - - q = d[ECFP_NUMDOUBLES - 1] - ecfp_beta_192; - q += group->bitSize_alpha; - q -= group->bitSize_alpha; - - d[ECFP_NUMDOUBLES - 1] -= q; - d[0] += q * ecfp_twom192; - d[2] += q * ecfp_twom128; - ecfp_positiveTidy(d, group); -} - -/* - * Performs imperfect reduction. This might leave some negative terms, - * and one more reduction might be required for the result to be between 0 - * and p-1. x should be be an array of at least 16, and r at least 8 x and - * r can be the same, but then the upper parts of r are not zeroed */ -void -ecfp_reduce_192(double *r, double *x, const EC_group_fp * group) -{ - double x8, x9, x10, q; - - ECFP_ASSERT(group->doubleBitSize == 24); - ECFP_ASSERT(group->primeBitSize == 192); - ECFP_ASSERT(group->numDoubles == 8); - - /* Tidy just the upper portion, the lower part can wait */ - ecfp_tidyUpper(x, group); - - x8 = x[8] + x[14] * ecfp_twom128; /* adds bits 16-40 */ - x9 = x[9] + x[15] * ecfp_twom128; /* adds bits 16-40 */ - - /* Tidy up, or we won't have enough bits later to add it in */ - - q = x8 + group->alpha[9]; - q -= group->alpha[9]; - x8 -= q; - x9 += q; - - q = x9 + group->alpha[10]; - q -= group->alpha[10]; - x9 -= q; - x10 = x[10] + q; - - r[7] = x[7] + x[15] * ecfp_twom192 + x[13] * ecfp_twom128; /* adds - * bits - * 0-40 */ - r[6] = x[6] + x[14] * ecfp_twom192 + x[12] * ecfp_twom128; - r[5] = x[5] + x[13] * ecfp_twom192 + x[11] * ecfp_twom128; - r[4] = x[4] + x[12] * ecfp_twom192 + x10 * ecfp_twom128; - r[3] = x[3] + x[11] * ecfp_twom192 + x9 * ecfp_twom128; /* adds bits - * 0-40 */ - r[2] = x[2] + x10 * ecfp_twom192 + x8 * ecfp_twom128; - r[1] = x[1] + x9 * ecfp_twom192; /* adds bits 16-40 */ - r[0] = x[0] + x8 * ecfp_twom192; - - /* - * Tidy up just r[group->numDoubles-2] so that the number of - * reductions is accurate plus or minus one. (Rather than tidy all to - * make it totally accurate) */ - q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1]; - q -= group->alpha[ECFP_NUMDOUBLES - 1]; - r[ECFP_NUMDOUBLES - 2] -= q; - r[ECFP_NUMDOUBLES - 1] += q; - - /* Tidy up the excess bits on r[group->numDoubles-1] using reduction */ - /* Use ecfp_beta so we get a positive res */ - q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_192; - q += group->bitSize_alpha; - q -= group->bitSize_alpha; - - r[ECFP_NUMDOUBLES - 1] -= q; - r[0] += q * ecfp_twom192; - r[2] += q * ecfp_twom128; - - /* Tidy the result */ - ecfp_tidyShort(r, group); -} - -/* Sets group to use optimized calculations in this file */ -mp_err -ec_group_set_nistp192_fp(ECGroup *group) -{ - EC_group_fp *fpg; - - /* Allocate memory for floating point group data */ - fpg = (EC_group_fp *) malloc(sizeof(EC_group_fp)); - if (fpg == NULL) { - return MP_MEM; - } - - fpg->numDoubles = ECFP_NUMDOUBLES; - fpg->primeBitSize = ECFP_BSIZE; - fpg->orderBitSize = 192; - fpg->doubleBitSize = 24; - fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS; - fpg->aIsM3 = 1; - fpg->ecfp_singleReduce = &ecfp192_singleReduce; - fpg->ecfp_reduce = &ecfp_reduce_192; - fpg->ecfp_tidy = &ecfp_tidy; - - fpg->pt_add_jac_aff = &ecfp192_pt_add_jac_aff; - fpg->pt_add_jac = &ecfp192_pt_add_jac; - fpg->pt_add_jm_chud = &ecfp192_pt_add_jm_chud; - fpg->pt_add_chud = &ecfp192_pt_add_chud; - fpg->pt_dbl_jac = &ecfp192_pt_dbl_jac; - fpg->pt_dbl_jm = &ecfp192_pt_dbl_jm; - fpg->pt_dbl_aff2chud = &ecfp192_pt_dbl_aff2chud; - fpg->precompute_chud = &ecfp192_precompute_chud; - fpg->precompute_jac = &ecfp192_precompute_jac; - - group->point_mul = &ec_GFp_point_mul_wNAF_fp; - group->points_mul = &ec_pts_mul_basic; - group->extra1 = fpg; - group->extra_free = &ec_GFp_extra_free_fp; - - ec_set_fp_precision(fpg); - fpg->bitSize_alpha = ECFP_TWO192 * fpg->alpha[0]; - - return MP_OKAY; -} diff --git a/security/nss/lib/freebl/ecl/ecp_fp224.c b/security/nss/lib/freebl/ecl/ecp_fp224.c deleted file mode 100644 index f32e8d717..000000000 --- a/security/nss/lib/freebl/ecl/ecp_fp224.c +++ /dev/null @@ -1,189 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves using floating point operations. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Stephen Fung , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ecp_fp.h" -#include - -#define ECFP_BSIZE 224 -#define ECFP_NUMDOUBLES 10 - -#include "ecp_fpinc.c" - -/* Performs a single step of reduction, just on the uppermost float - * (assumes already tidied), and then retidies. Note, this does not - * guarantee that the result will be less than p. */ -void -ecfp224_singleReduce(double *r, const EC_group_fp * group) -{ - double q; - - ECFP_ASSERT(group->doubleBitSize == 24); - ECFP_ASSERT(group->primeBitSize == 224); - ECFP_ASSERT(group->numDoubles == 10); - - q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_224; - q += group->bitSize_alpha; - q -= group->bitSize_alpha; - - r[ECFP_NUMDOUBLES - 1] -= q; - r[0] -= q * ecfp_twom224; - r[4] += q * ecfp_twom128; - - ecfp_positiveTidy(r, group); -} - -/* - * Performs imperfect reduction. This might leave some negative terms, - * and one more reduction might be required for the result to be between 0 - * and p-1. x should be be an array of at least 20, and r at least 10 x - * and r can be the same, but then the upper parts of r are not zeroed */ -void -ecfp224_reduce(double *r, double *x, const EC_group_fp * group) -{ - - double x10, x11, x12, x13, x14, q; - - ECFP_ASSERT(group->doubleBitSize == 24); - ECFP_ASSERT(group->primeBitSize == 224); - ECFP_ASSERT(group->numDoubles == 10); - - /* Tidy just the upper bits of x. Don't need to tidy the lower ones - * yet. */ - ecfp_tidyUpper(x, group); - - x10 = x[10] + x[16] * ecfp_twom128; - x11 = x[11] + x[17] * ecfp_twom128; - x12 = x[12] + x[18] * ecfp_twom128; - x13 = x[13] + x[19] * ecfp_twom128; - - /* Tidy up, or we won't have enough bits later to add it in */ - q = x10 + group->alpha[11]; - q -= group->alpha[11]; - x10 -= q; - x11 = x11 + q; - - q = x11 + group->alpha[12]; - q -= group->alpha[12]; - x11 -= q; - x12 = x12 + q; - - q = x12 + group->alpha[13]; - q -= group->alpha[13]; - x12 -= q; - x13 = x13 + q; - - q = x13 + group->alpha[14]; - q -= group->alpha[14]; - x13 -= q; - x14 = x[14] + q; - - r[9] = x[9] + x[15] * ecfp_twom128 - x[19] * ecfp_twom224; - r[8] = x[8] + x14 * ecfp_twom128 - x[18] * ecfp_twom224; - r[7] = x[7] + x13 * ecfp_twom128 - x[17] * ecfp_twom224; - r[6] = x[6] + x12 * ecfp_twom128 - x[16] * ecfp_twom224; - r[5] = x[5] + x11 * ecfp_twom128 - x[15] * ecfp_twom224; - r[4] = x[4] + x10 * ecfp_twom128 - x14 * ecfp_twom224; - r[3] = x[3] - x13 * ecfp_twom224; - r[2] = x[2] - x12 * ecfp_twom224; - r[1] = x[1] - x11 * ecfp_twom224; - r[0] = x[0] - x10 * ecfp_twom224; - - /* - * Tidy up just r[ECFP_NUMDOUBLES-2] so that the number of reductions - * is accurate plus or minus one. (Rather than tidy all to make it - * totally accurate) */ - q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1]; - q -= group->alpha[ECFP_NUMDOUBLES - 1]; - r[ECFP_NUMDOUBLES - 2] -= q; - r[ECFP_NUMDOUBLES - 1] += q; - - /* Tidy up the excess bits on r[ECFP_NUMDOUBLES-1] using reduction */ - /* Use ecfp_beta so we get a positive res */ - q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_224; - q += group->bitSize_alpha; - q -= group->bitSize_alpha; - - r[ECFP_NUMDOUBLES - 1] -= q; - r[0] -= q * ecfp_twom224; - r[4] += q * ecfp_twom128; - - ecfp_tidyShort(r, group); -} - -/* Sets group to use optimized calculations in this file */ -mp_err -ec_group_set_nistp224_fp(ECGroup *group) -{ - - EC_group_fp *fpg; - - /* Allocate memory for floating point group data */ - fpg = (EC_group_fp *) malloc(sizeof(EC_group_fp)); - if (fpg == NULL) { - return MP_MEM; - } - - fpg->numDoubles = ECFP_NUMDOUBLES; - fpg->primeBitSize = ECFP_BSIZE; - fpg->orderBitSize = 224; - fpg->doubleBitSize = 24; - fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS; - fpg->aIsM3 = 1; - fpg->ecfp_singleReduce = &ecfp224_singleReduce; - fpg->ecfp_reduce = &ecfp224_reduce; - fpg->ecfp_tidy = &ecfp_tidy; - - fpg->pt_add_jac_aff = &ecfp224_pt_add_jac_aff; - fpg->pt_add_jac = &ecfp224_pt_add_jac; - fpg->pt_add_jm_chud = &ecfp224_pt_add_jm_chud; - fpg->pt_add_chud = &ecfp224_pt_add_chud; - fpg->pt_dbl_jac = &ecfp224_pt_dbl_jac; - fpg->pt_dbl_jm = &ecfp224_pt_dbl_jm; - fpg->pt_dbl_aff2chud = &ecfp224_pt_dbl_aff2chud; - fpg->precompute_chud = &ecfp224_precompute_chud; - fpg->precompute_jac = &ecfp224_precompute_jac; - - group->point_mul = &ec_GFp_point_mul_wNAF_fp; - group->points_mul = &ec_pts_mul_basic; - group->extra1 = fpg; - group->extra_free = &ec_GFp_extra_free_fp; - - ec_set_fp_precision(fpg); - fpg->bitSize_alpha = ECFP_TWO224 * fpg->alpha[0]; - - return MP_OKAY; -} diff --git a/security/nss/lib/freebl/ecl/ecp_fpinc.c b/security/nss/lib/freebl/ecl/ecp_fpinc.c deleted file mode 100644 index e05e478ef..000000000 --- a/security/nss/lib/freebl/ecl/ecp_fpinc.c +++ /dev/null @@ -1,854 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves using floating point operations. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Stephen Fung , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -/* This source file is meant to be included by other source files - * (ecp_fp###.c, where ### is one of 160, 192, 224) and should not - * constitute an independent compilation unit. It requires the following - * preprocessor definitions be made: ECFP_BSIZE - the number of bits in - * the field's prime - * ECFP_NUMDOUBLES - the number of doubles to store one - * multi-precision integer in floating point - -/* Adds a prefix to a given token to give a unique token name. Prefixes - * with "ecfp" + ECFP_BSIZE + "_". e.g. if ECFP_BSIZE = 160, then - * PREFIX(hello) = ecfp160_hello This optimization allows static function - * linking and compiler loop unrolling without code duplication. */ -#ifndef PREFIX -#define PREFIX(b) PREFIX1(ECFP_BSIZE, b) -#define PREFIX1(bsize, b) PREFIX2(bsize, b) -#define PREFIX2(bsize, b) ecfp ## bsize ## _ ## b -#endif - -/* Returns true iff every double in d is 0. (If d == 0 and it is tidied, - * this will be true.) */ -mp_err PREFIX(isZero) (const double *d) { - int i; - - for (i = 0; i < ECFP_NUMDOUBLES; i++) { - if (d[i] != 0) - return MP_NO; - } - return MP_YES; -} - -/* Sets the multi-precision floating point number at t = 0 */ -void PREFIX(zero) (double *t) { - int i; - - for (i = 0; i < ECFP_NUMDOUBLES; i++) { - t[i] = 0; - } -} - -/* Sets the multi-precision floating point number at t = 1 */ -void PREFIX(one) (double *t) { - int i; - - t[0] = 1; - for (i = 1; i < ECFP_NUMDOUBLES; i++) { - t[i] = 0; - } -} - -/* Checks if point P(x, y, z) is at infinity. Uses Jacobian coordinates. */ -mp_err PREFIX(pt_is_inf_jac) (const ecfp_jac_pt * p) { - return PREFIX(isZero) (p->z); -} - -/* Sets the Jacobian point P to be at infinity. */ -void PREFIX(set_pt_inf_jac) (ecfp_jac_pt * p) { - PREFIX(zero) (p->z); -} - -/* Checks if point P(x, y) is at infinity. Uses Affine coordinates. */ -mp_err PREFIX(pt_is_inf_aff) (const ecfp_aff_pt * p) { - if (PREFIX(isZero) (p->x) == MP_YES && PREFIX(isZero) (p->y) == MP_YES) - return MP_YES; - return MP_NO; -} - -/* Sets the affine point P to be at infinity. */ -void PREFIX(set_pt_inf_aff) (ecfp_aff_pt * p) { - PREFIX(zero) (p->x); - PREFIX(zero) (p->y); -} - -/* Checks if point P(x, y, z, a*z^4) is at infinity. Uses Modified - * Jacobian coordinates. */ -mp_err PREFIX(pt_is_inf_jm) (const ecfp_jm_pt * p) { - return PREFIX(isZero) (p->z); -} - -/* Sets the Modified Jacobian point P to be at infinity. */ -void PREFIX(set_pt_inf_jm) (ecfp_jm_pt * p) { - PREFIX(zero) (p->z); -} - -/* Checks if point P(x, y, z, z^2, z^3) is at infinity. Uses Chudnovsky - * Jacobian coordinates */ -mp_err PREFIX(pt_is_inf_chud) (const ecfp_chud_pt * p) { - return PREFIX(isZero) (p->z); -} - -/* Sets the Chudnovsky Jacobian point P to be at infinity. */ -void PREFIX(set_pt_inf_chud) (ecfp_chud_pt * p) { - PREFIX(zero) (p->z); -} - -/* Copies a multi-precision floating point number, Setting dest = src */ -void PREFIX(copy) (double *dest, const double *src) { - int i; - - for (i = 0; i < ECFP_NUMDOUBLES; i++) { - dest[i] = src[i]; - } -} - -/* Sets dest = -src */ -void PREFIX(negLong) (double *dest, const double *src) { - int i; - - for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) { - dest[i] = -src[i]; - } -} - -/* Sets r = -p p = (x, y, z, z2, z3) r = (x, -y, z, z2, z3) Uses - * Chudnovsky Jacobian coordinates. */ -/* TODO reverse order */ -void PREFIX(pt_neg_chud) (const ecfp_chud_pt * p, ecfp_chud_pt * r) { - int i; - - PREFIX(copy) (r->x, p->x); - PREFIX(copy) (r->z, p->z); - PREFIX(copy) (r->z2, p->z2); - PREFIX(copy) (r->z3, p->z3); - for (i = 0; i < ECFP_NUMDOUBLES; i++) { - r->y[i] = -p->y[i]; - } -} - -/* Computes r = x + y. Does not tidy or reduce. Any combinations of r, x, - * y can point to the same data. Componentwise adds first ECFP_NUMDOUBLES - * doubles of x and y and stores the result in r. */ -void PREFIX(addShort) (double *r, const double *x, const double *y) { - int i; - - for (i = 0; i < ECFP_NUMDOUBLES; i++) { - *r++ = *x++ + *y++; - } -} - -/* Computes r = x + y. Does not tidy or reduce. Any combinations of r, x, - * y can point to the same data. Componentwise adds first - * 2*ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */ -void PREFIX(addLong) (double *r, const double *x, const double *y) { - int i; - - for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) { - *r++ = *x++ + *y++; - } -} - -/* Computes r = x - y. Does not tidy or reduce. Any combinations of r, x, - * y can point to the same data. Componentwise subtracts first - * ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */ -void PREFIX(subtractShort) (double *r, const double *x, const double *y) { - int i; - - for (i = 0; i < ECFP_NUMDOUBLES; i++) { - *r++ = *x++ - *y++; - } -} - -/* Computes r = x - y. Does not tidy or reduce. Any combinations of r, x, - * y can point to the same data. Componentwise subtracts first - * 2*ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */ -void PREFIX(subtractLong) (double *r, const double *x, const double *y) { - int i; - - for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) { - *r++ = *x++ - *y++; - } -} - -/* Computes r = x*y. Both x and y should be tidied and reduced, - * r must be different (point to different memory) than x and y. - * Does not tidy or reduce. */ -void PREFIX(multiply)(double *r, const double *x, const double *y) { - int i, j; - - for(j=0;jaIsM3) { - /* When a = -3, M = 3(px - pz^2)(px + pz^2) */ - PREFIX(square) (t1, dp->z); - group->ecfp_reduce(t1, t1, group); /* 2^23 since the negative - * rounding buys another bit */ - PREFIX(addShort) (t0, dp->x, t1); /* 2*2^23 */ - PREFIX(subtractShort) (t1, dp->x, t1); /* 2 * 2^23 */ - PREFIX(multiply) (M, t0, t1); /* 40 * 2^46 */ - PREFIX(addLong) (t0, M, M); /* 80 * 2^46 */ - PREFIX(addLong) (M, t0, M); /* 120 * 2^46 < 2^53 */ - group->ecfp_reduce(M, M, group); - } else { - /* Generic case */ - /* M = 3 (px^2) + a*(pz^4) */ - PREFIX(square) (t0, dp->x); - PREFIX(addLong) (M, t0, t0); - PREFIX(addLong) (t0, t0, M); /* t0 = 3(px^2) */ - PREFIX(square) (M, dp->z); - group->ecfp_reduce(M, M, group); - PREFIX(square) (t1, M); - group->ecfp_reduce(t1, t1, group); - PREFIX(multiply) (M, t1, group->curvea); /* M = a(pz^4) */ - PREFIX(addLong) (M, M, t0); - group->ecfp_reduce(M, M, group); - } - - /* rz = 2 * py * pz */ - PREFIX(multiply) (t1, dp->y, dp->z); - PREFIX(addLong) (t1, t1, t1); - group->ecfp_reduce(dr->z, t1, group); - - /* t0 = 2y^2 */ - PREFIX(square) (t0, dp->y); - group->ecfp_reduce(t0, t0, group); - PREFIX(addShort) (t0, t0, t0); - - /* S = 4 * px * py^2 = 2 * px * t0 */ - PREFIX(multiply) (S, dp->x, t0); - PREFIX(addLong) (S, S, S); - group->ecfp_reduce(S, S, group); - - /* rx = M^2 - 2 * S */ - PREFIX(square) (t1, M); - PREFIX(subtractShort) (t1, t1, S); - PREFIX(subtractShort) (t1, t1, S); - group->ecfp_reduce(dr->x, t1, group); - - /* ry = M * (S - rx) - 8 * py^4 */ - PREFIX(square) (t1, t0); /* t1 = 4y^4 */ - PREFIX(subtractShort) (S, S, dr->x); - PREFIX(multiply) (t0, M, S); - PREFIX(subtractLong) (t0, t0, t1); - PREFIX(subtractLong) (t0, t0, t1); - group->ecfp_reduce(dr->y, t0, group); - - CLEANUP: - return; -} - -/* Perform a point addition using coordinate system Jacobian + Affine -> - * Jacobian. Input and output should be multi-precision floating point - * integers. */ -void PREFIX(pt_add_jac_aff) (const ecfp_jac_pt * p, const ecfp_aff_pt * q, - ecfp_jac_pt * r, const EC_group_fp * group) { - /* Temporary storage */ - double A[2 * ECFP_NUMDOUBLES], B[2 * ECFP_NUMDOUBLES], - C[2 * ECFP_NUMDOUBLES], C2[2 * ECFP_NUMDOUBLES], - D[2 * ECFP_NUMDOUBLES], C3[2 * ECFP_NUMDOUBLES]; - - /* Check for point at infinity for p or q */ - if (PREFIX(pt_is_inf_aff) (q) == MP_YES) { - PREFIX(copy) (r->x, p->x); - PREFIX(copy) (r->y, p->y); - PREFIX(copy) (r->z, p->z); - goto CLEANUP; - } else if (PREFIX(pt_is_inf_jac) (p) == MP_YES) { - PREFIX(copy) (r->x, q->x); - PREFIX(copy) (r->y, q->y); - /* Since the affine point is not infinity, we can set r->z = 1 */ - PREFIX(one) (r->z); - goto CLEANUP; - } - - /* Calculates c = qx * pz^2 - px d = (qy * b - py) rx = d^2 - c^3 + 2 - * (px * c^2) ry = d * (c-rx) - py*c^3 rz = c * pz */ - - /* A = pz^2, B = pz^3 */ - PREFIX(square) (A, p->z); - group->ecfp_reduce(A, A, group); - PREFIX(multiply) (B, A, p->z); - group->ecfp_reduce(B, B, group); - - /* C = qx * A - px */ - PREFIX(multiply) (C, q->x, A); - PREFIX(subtractShort) (C, C, p->x); - group->ecfp_reduce(C, C, group); - - /* D = qy * B - py */ - PREFIX(multiply) (D, q->y, B); - PREFIX(subtractShort) (D, D, p->y); - group->ecfp_reduce(D, D, group); - - /* C2 = C^2, C3 = C^3 */ - PREFIX(square) (C2, C); - group->ecfp_reduce(C2, C2, group); - PREFIX(multiply) (C3, C2, C); - group->ecfp_reduce(C3, C3, group); - - /* rz = A = pz * C */ - PREFIX(multiply) (A, p->z, C); - group->ecfp_reduce(r->z, A, group); - - /* C = px * C^2, untidied, unreduced */ - PREFIX(multiply) (C, p->x, C2); - - /* A = D^2, untidied, unreduced */ - PREFIX(square) (A, D); - - /* rx = B = A - C3 - C - C = D^2 - (C^3 + 2 * (px * C^2) */ - PREFIX(subtractShort) (A, A, C3); - PREFIX(subtractLong) (A, A, C); - PREFIX(subtractLong) (A, A, C); - group->ecfp_reduce(r->x, A, group); - - /* B = py * C3, untidied, unreduced */ - PREFIX(multiply) (B, p->y, C3); - - /* C = px * C^2 - rx */ - PREFIX(subtractShort) (C, C, r->x); - group->ecfp_reduce(C, C, group); - - /* ry = A = D * C - py * C^3 */ - PREFIX(multiply) (A, D, C); - PREFIX(subtractLong) (A, A, B); - group->ecfp_reduce(r->y, A, group); - - CLEANUP: - return; -} - -/* Perform a point addition using Jacobian coordinate system. Input and - * output should be multi-precision floating point integers. */ -void PREFIX(pt_add_jac) (const ecfp_jac_pt * p, const ecfp_jac_pt * q, - ecfp_jac_pt * r, const EC_group_fp * group) { - - /* Temporary Storage */ - double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], - U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES], - S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES], - H3[2 * ECFP_NUMDOUBLES]; - - /* Check for point at infinity for p, if so set r = q */ - if (PREFIX(pt_is_inf_jac) (p) == MP_YES) { - PREFIX(copy) (r->x, q->x); - PREFIX(copy) (r->y, q->y); - PREFIX(copy) (r->z, q->z); - goto CLEANUP; - } - - /* Check for point at infinity for p, if so set r = q */ - if (PREFIX(pt_is_inf_jac) (q) == MP_YES) { - PREFIX(copy) (r->x, p->x); - PREFIX(copy) (r->y, p->y); - PREFIX(copy) (r->z, p->z); - goto CLEANUP; - } - - /* U = px * qz^2 , S = py * qz^3 */ - PREFIX(square) (t0, q->z); - group->ecfp_reduce(t0, t0, group); - PREFIX(multiply) (U, p->x, t0); - group->ecfp_reduce(U, U, group); - PREFIX(multiply) (t1, t0, q->z); - group->ecfp_reduce(t1, t1, group); - PREFIX(multiply) (t0, p->y, t1); - group->ecfp_reduce(S, t0, group); - - /* H = qx*(pz)^2 - U , R = (qy * pz^3 - S) */ - PREFIX(square) (t0, p->z); - group->ecfp_reduce(t0, t0, group); - PREFIX(multiply) (H, q->x, t0); - PREFIX(subtractShort) (H, H, U); - group->ecfp_reduce(H, H, group); - PREFIX(multiply) (t1, t0, p->z); /* t1 = pz^3 */ - group->ecfp_reduce(t1, t1, group); - PREFIX(multiply) (t0, t1, q->y); /* t0 = qy * pz^3 */ - PREFIX(subtractShort) (t0, t0, S); - group->ecfp_reduce(R, t0, group); - - /* U = U*H^2, H3 = H^3 */ - PREFIX(square) (t0, H); - group->ecfp_reduce(t0, t0, group); - PREFIX(multiply) (t1, U, t0); - group->ecfp_reduce(U, t1, group); - PREFIX(multiply) (H3, t0, H); - group->ecfp_reduce(H3, H3, group); - - /* rz = pz * qz * H */ - PREFIX(multiply) (t0, q->z, H); - group->ecfp_reduce(t0, t0, group); - PREFIX(multiply) (t1, t0, p->z); - group->ecfp_reduce(r->z, t1, group); - - /* rx = R^2 - H^3 - 2 * U */ - PREFIX(square) (t0, R); - PREFIX(subtractShort) (t0, t0, H3); - PREFIX(subtractShort) (t0, t0, U); - PREFIX(subtractShort) (t0, t0, U); - group->ecfp_reduce(r->x, t0, group); - - /* ry = R(U - rx) - S*H3 */ - PREFIX(subtractShort) (t1, U, r->x); - PREFIX(multiply) (t0, t1, R); - PREFIX(multiply) (t1, S, H3); - PREFIX(subtractLong) (t1, t0, t1); - group->ecfp_reduce(r->y, t1, group); - - CLEANUP: - return; -} - -/* Perform a point doubling in Modified Jacobian coordinates. Input and - * output should be multi-precision floating point integers. */ -void PREFIX(pt_dbl_jm) (const ecfp_jm_pt * p, ecfp_jm_pt * r, - const EC_group_fp * group) { - - /* Temporary storage */ - double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], - M[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES], - U[2 * ECFP_NUMDOUBLES], T[2 * ECFP_NUMDOUBLES]; - - /* Check for point at infinity */ - if (PREFIX(pt_is_inf_jm) (p) == MP_YES) { - /* Set r = pt at infinity by setting rz = 0 */ - PREFIX(set_pt_inf_jm) (r); - goto CLEANUP; - } - - /* M = 3 (px^2) + a*(pz^4) */ - PREFIX(square) (t0, p->x); - PREFIX(addLong) (M, t0, t0); - PREFIX(addLong) (t0, t0, M); /* t0 = 3(px^2) */ - PREFIX(addShort) (t0, t0, p->az4); - group->ecfp_reduce(M, t0, group); - - /* rz = 2 * py * pz */ - PREFIX(multiply) (t1, p->y, p->z); - PREFIX(addLong) (t1, t1, t1); - group->ecfp_reduce(r->z, t1, group); - - /* t0 = 2y^2, U = 8y^4 */ - PREFIX(square) (t0, p->y); - group->ecfp_reduce(t0, t0, group); - PREFIX(addShort) (t0, t0, t0); - PREFIX(square) (U, t0); - group->ecfp_reduce(U, U, group); - PREFIX(addShort) (U, U, U); - - /* S = 4 * px * py^2 = 2 * px * t0 */ - PREFIX(multiply) (S, p->x, t0); - group->ecfp_reduce(S, S, group); - PREFIX(addShort) (S, S, S); - - /* rx = M^2 - 2S */ - PREFIX(square) (T, M); - PREFIX(subtractShort) (T, T, S); - PREFIX(subtractShort) (T, T, S); - group->ecfp_reduce(r->x, T, group); - - /* ry = M * (S - rx) - U */ - PREFIX(subtractShort) (S, S, r->x); - PREFIX(multiply) (t0, M, S); - PREFIX(subtractShort) (t0, t0, U); - group->ecfp_reduce(r->y, t0, group); - - /* ra*z^4 = 2*U*(apz4) */ - PREFIX(multiply) (t1, U, p->az4); - PREFIX(addLong) (t1, t1, t1); - group->ecfp_reduce(r->az4, t1, group); - - CLEANUP: - return; -} - -/* Perform a point doubling using coordinates Affine -> Chudnovsky - * Jacobian. Input and output should be multi-precision floating point - * integers. */ -void PREFIX(pt_dbl_aff2chud) (const ecfp_aff_pt * p, ecfp_chud_pt * r, - const EC_group_fp * group) { - double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], - M[2 * ECFP_NUMDOUBLES], twoY2[2 * ECFP_NUMDOUBLES], - S[2 * ECFP_NUMDOUBLES]; - - /* Check for point at infinity for p, if so set r = O */ - if (PREFIX(pt_is_inf_aff) (p) == MP_YES) { - PREFIX(set_pt_inf_chud) (r); - goto CLEANUP; - } - - /* M = 3(px)^2 + a */ - PREFIX(square) (t0, p->x); - PREFIX(addLong) (t1, t0, t0); - PREFIX(addLong) (t1, t1, t0); - PREFIX(addShort) (t1, t1, group->curvea); - group->ecfp_reduce(M, t1, group); - - /* twoY2 = 2*(py)^2, S = 4(px)(py)^2 */ - PREFIX(square) (twoY2, p->y); - PREFIX(addLong) (twoY2, twoY2, twoY2); - group->ecfp_reduce(twoY2, twoY2, group); - PREFIX(multiply) (S, p->x, twoY2); - PREFIX(addLong) (S, S, S); - group->ecfp_reduce(S, S, group); - - /* rx = M^2 - 2S */ - PREFIX(square) (t0, M); - PREFIX(subtractShort) (t0, t0, S); - PREFIX(subtractShort) (t0, t0, S); - group->ecfp_reduce(r->x, t0, group); - - /* ry = M(S-rx) - 8y^4 */ - PREFIX(subtractShort) (t0, S, r->x); - PREFIX(multiply) (t1, t0, M); - PREFIX(square) (t0, twoY2); - PREFIX(subtractLong) (t1, t1, t0); - PREFIX(subtractLong) (t1, t1, t0); - group->ecfp_reduce(r->y, t1, group); - - /* rz = 2py */ - PREFIX(addShort) (r->z, p->y, p->y); - - /* rz2 = rz^2 */ - PREFIX(square) (t0, r->z); - group->ecfp_reduce(r->z2, t0, group); - - /* rz3 = rz^3 */ - PREFIX(multiply) (t0, r->z, r->z2); - group->ecfp_reduce(r->z3, t0, group); - - CLEANUP: - return; -} - -/* Perform a point addition using coordinates: Modified Jacobian + - * Chudnovsky Jacobian -> Modified Jacobian. Input and output should be - * multi-precision floating point integers. */ -void PREFIX(pt_add_jm_chud) (ecfp_jm_pt * p, ecfp_chud_pt * q, - ecfp_jm_pt * r, const EC_group_fp * group) { - - double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], - U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES], - S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES], - H3[2 * ECFP_NUMDOUBLES], pz2[2 * ECFP_NUMDOUBLES]; - - /* Check for point at infinity for p, if so set r = q need to convert - * from Chudnovsky form to Modified Jacobian form */ - if (PREFIX(pt_is_inf_jm) (p) == MP_YES) { - PREFIX(copy) (r->x, q->x); - PREFIX(copy) (r->y, q->y); - PREFIX(copy) (r->z, q->z); - PREFIX(square) (t0, q->z2); - group->ecfp_reduce(t0, t0, group); - PREFIX(multiply) (t1, t0, group->curvea); - group->ecfp_reduce(r->az4, t1, group); - goto CLEANUP; - } - /* Check for point at infinity for q, if so set r = p */ - if (PREFIX(pt_is_inf_chud) (q) == MP_YES) { - PREFIX(copy) (r->x, p->x); - PREFIX(copy) (r->y, p->y); - PREFIX(copy) (r->z, p->z); - PREFIX(copy) (r->az4, p->az4); - goto CLEANUP; - } - - /* U = px * qz^2 */ - PREFIX(multiply) (U, p->x, q->z2); - group->ecfp_reduce(U, U, group); - - /* H = qx*(pz)^2 - U */ - PREFIX(square) (t0, p->z); - group->ecfp_reduce(pz2, t0, group); - PREFIX(multiply) (H, pz2, q->x); - group->ecfp_reduce(H, H, group); - PREFIX(subtractShort) (H, H, U); - - /* U = U*H^2, H3 = H^3 */ - PREFIX(square) (t0, H); - group->ecfp_reduce(t0, t0, group); - PREFIX(multiply) (t1, U, t0); - group->ecfp_reduce(U, t1, group); - PREFIX(multiply) (H3, t0, H); - group->ecfp_reduce(H3, H3, group); - - /* S = py * qz^3 */ - PREFIX(multiply) (S, p->y, q->z3); - group->ecfp_reduce(S, S, group); - - /* R = (qy * z1^3 - s) */ - PREFIX(multiply) (t0, pz2, p->z); - group->ecfp_reduce(t0, t0, group); - PREFIX(multiply) (R, t0, q->y); - PREFIX(subtractShort) (R, R, S); - group->ecfp_reduce(R, R, group); - - /* rz = pz * qz * H */ - PREFIX(multiply) (t1, q->z, H); - group->ecfp_reduce(t1, t1, group); - PREFIX(multiply) (t0, p->z, t1); - group->ecfp_reduce(r->z, t0, group); - - /* rx = R^2 - H^3 - 2 * U */ - PREFIX(square) (t0, R); - PREFIX(subtractShort) (t0, t0, H3); - PREFIX(subtractShort) (t0, t0, U); - PREFIX(subtractShort) (t0, t0, U); - group->ecfp_reduce(r->x, t0, group); - - /* ry = R(U - rx) - S*H3 */ - PREFIX(subtractShort) (t1, U, r->x); - PREFIX(multiply) (t0, t1, R); - PREFIX(multiply) (t1, S, H3); - PREFIX(subtractLong) (t1, t0, t1); - group->ecfp_reduce(r->y, t1, group); - - if (group->aIsM3) { /* a == -3 */ - /* a(rz^4) = -3 * ((rz^2)^2) */ - PREFIX(square) (t0, r->z); - group->ecfp_reduce(t0, t0, group); - PREFIX(square) (t1, t0); - PREFIX(addLong) (t0, t1, t1); - PREFIX(addLong) (t0, t0, t1); - PREFIX(negLong) (t0, t0); - group->ecfp_reduce(r->az4, t0, group); - } else { /* Generic case */ - /* a(rz^4) = a * ((rz^2)^2) */ - PREFIX(square) (t0, r->z); - group->ecfp_reduce(t0, t0, group); - PREFIX(square) (t1, t0); - group->ecfp_reduce(t1, t1, group); - PREFIX(multiply) (t0, group->curvea, t1); - group->ecfp_reduce(r->az4, t0, group); - } - CLEANUP: - return; -} - -/* Perform a point addition using Chudnovsky Jacobian coordinates. Input - * and output should be multi-precision floating point integers. */ -void PREFIX(pt_add_chud) (const ecfp_chud_pt * p, const ecfp_chud_pt * q, - ecfp_chud_pt * r, const EC_group_fp * group) { - - /* Temporary Storage */ - double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES], - U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES], - S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES], - H3[2 * ECFP_NUMDOUBLES]; - - /* Check for point at infinity for p, if so set r = q */ - if (PREFIX(pt_is_inf_chud) (p) == MP_YES) { - PREFIX(copy) (r->x, q->x); - PREFIX(copy) (r->y, q->y); - PREFIX(copy) (r->z, q->z); - PREFIX(copy) (r->z2, q->z2); - PREFIX(copy) (r->z3, q->z3); - goto CLEANUP; - } - - /* Check for point at infinity for p, if so set r = q */ - if (PREFIX(pt_is_inf_chud) (q) == MP_YES) { - PREFIX(copy) (r->x, p->x); - PREFIX(copy) (r->y, p->y); - PREFIX(copy) (r->z, p->z); - PREFIX(copy) (r->z2, p->z2); - PREFIX(copy) (r->z3, p->z3); - goto CLEANUP; - } - - /* U = px * qz^2 */ - PREFIX(multiply) (U, p->x, q->z2); - group->ecfp_reduce(U, U, group); - - /* H = qx*(pz)^2 - U */ - PREFIX(multiply) (H, q->x, p->z2); - PREFIX(subtractShort) (H, H, U); - group->ecfp_reduce(H, H, group); - - /* U = U*H^2, H3 = H^3 */ - PREFIX(square) (t0, H); - group->ecfp_reduce(t0, t0, group); - PREFIX(multiply) (t1, U, t0); - group->ecfp_reduce(U, t1, group); - PREFIX(multiply) (H3, t0, H); - group->ecfp_reduce(H3, H3, group); - - /* S = py * qz^3 */ - PREFIX(multiply) (S, p->y, q->z3); - group->ecfp_reduce(S, S, group); - - /* rz = pz * qz * H */ - PREFIX(multiply) (t0, q->z, H); - group->ecfp_reduce(t0, t0, group); - PREFIX(multiply) (t1, t0, p->z); - group->ecfp_reduce(r->z, t1, group); - - /* R = (qy * z1^3 - s) */ - PREFIX(multiply) (t0, q->y, p->z3); - PREFIX(subtractShort) (t0, t0, S); - group->ecfp_reduce(R, t0, group); - - /* rx = R^2 - H^3 - 2 * U */ - PREFIX(square) (t0, R); - PREFIX(subtractShort) (t0, t0, H3); - PREFIX(subtractShort) (t0, t0, U); - PREFIX(subtractShort) (t0, t0, U); - group->ecfp_reduce(r->x, t0, group); - - /* ry = R(U - rx) - S*H3 */ - PREFIX(subtractShort) (t1, U, r->x); - PREFIX(multiply) (t0, t1, R); - PREFIX(multiply) (t1, S, H3); - PREFIX(subtractLong) (t1, t0, t1); - group->ecfp_reduce(r->y, t1, group); - - /* rz2 = rz^2 */ - PREFIX(square) (t0, r->z); - group->ecfp_reduce(r->z2, t0, group); - - /* rz3 = rz^3 */ - PREFIX(multiply) (t0, r->z, r->z2); - group->ecfp_reduce(r->z3, t0, group); - - CLEANUP: - return; -} - -/* Expects out to be an array of size 16 of Chudnovsky Jacobian points. - * Fills in Chudnovsky Jacobian form (x, y, z, z^2, z^3), for -15P, -13P, - * -11P, -9P, -7P, -5P, -3P, -P, P, 3P, 5P, 7P, 9P, 11P, 13P, 15P */ -void PREFIX(precompute_chud) (ecfp_chud_pt * out, const ecfp_aff_pt * p, - const EC_group_fp * group) { - - ecfp_chud_pt p2; - - /* Set out[8] = P */ - PREFIX(copy) (out[8].x, p->x); - PREFIX(copy) (out[8].y, p->y); - PREFIX(one) (out[8].z); - PREFIX(one) (out[8].z2); - PREFIX(one) (out[8].z3); - - /* Set p2 = 2P */ - PREFIX(pt_dbl_aff2chud) (p, &p2, group); - - /* Set 3P, 5P, ..., 15P */ - PREFIX(pt_add_chud) (&out[8], &p2, &out[9], group); - PREFIX(pt_add_chud) (&out[9], &p2, &out[10], group); - PREFIX(pt_add_chud) (&out[10], &p2, &out[11], group); - PREFIX(pt_add_chud) (&out[11], &p2, &out[12], group); - PREFIX(pt_add_chud) (&out[12], &p2, &out[13], group); - PREFIX(pt_add_chud) (&out[13], &p2, &out[14], group); - PREFIX(pt_add_chud) (&out[14], &p2, &out[15], group); - - /* Set -15P, -13P, ..., -P */ - PREFIX(pt_neg_chud) (&out[8], &out[7]); - PREFIX(pt_neg_chud) (&out[9], &out[6]); - PREFIX(pt_neg_chud) (&out[10], &out[5]); - PREFIX(pt_neg_chud) (&out[11], &out[4]); - PREFIX(pt_neg_chud) (&out[12], &out[3]); - PREFIX(pt_neg_chud) (&out[13], &out[2]); - PREFIX(pt_neg_chud) (&out[14], &out[1]); - PREFIX(pt_neg_chud) (&out[15], &out[0]); -} - -/* Expects out to be an array of size 16 of Jacobian points. Fills in - * Jacobian form (x, y, z), for O, P, 2P, ... 15P */ -void PREFIX(precompute_jac) (ecfp_jac_pt * precomp, const ecfp_aff_pt * p, - const EC_group_fp * group) { - int i; - - /* fill precomputation table */ - /* set precomp[0] */ - PREFIX(set_pt_inf_jac) (&precomp[0]); - /* set precomp[1] */ - PREFIX(copy) (precomp[1].x, p->x); - PREFIX(copy) (precomp[1].y, p->y); - if (PREFIX(pt_is_inf_aff) (p) == MP_YES) { - PREFIX(zero) (precomp[1].z); - } else { - PREFIX(one) (precomp[1].z); - } - /* set precomp[2] */ - group->pt_dbl_jac(&precomp[1], &precomp[2], group); - - /* set rest of precomp */ - for (i = 3; i < 16; i++) { - group->pt_add_jac_aff(&precomp[i - 1], p, &precomp[i], group); - } -} diff --git a/security/nss/lib/freebl/ecl/ecp_jac.c b/security/nss/lib/freebl/ecl/ecp_jac.c deleted file mode 100644 index 8eea8c904..000000000 --- a/security/nss/lib/freebl/ecl/ecp_jac.c +++ /dev/null @@ -1,553 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sheueling Chang-Shantz , - * Stephen Fung , and - * Douglas Stebila , Sun Microsystems Laboratories. - * - * Bodo Moeller , - * Nils Larsch , and - * Lenka Fibikova , the OpenSSL Project. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ecp.h" -#include "mplogic.h" -#include -#ifdef ECL_DEBUG -#include -#endif - -/* Converts a point P(px, py) from affine coordinates to Jacobian - * projective coordinates R(rx, ry, rz). Assumes input is already - * field-encoded using field_enc, and returns output that is still - * field-encoded. */ -mp_err -ec_GFp_pt_aff2jac(const mp_int *px, const mp_int *py, mp_int *rx, - mp_int *ry, mp_int *rz, const ECGroup *group) -{ - mp_err res = MP_OKAY; - - if (ec_GFp_pt_is_inf_aff(px, py) == MP_YES) { - MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz)); - } else { - MP_CHECKOK(mp_copy(px, rx)); - MP_CHECKOK(mp_copy(py, ry)); - MP_CHECKOK(mp_set_int(rz, 1)); - if (group->meth->field_enc) { - MP_CHECKOK(group->meth->field_enc(rz, rz, group->meth)); - } - } - CLEANUP: - return res; -} - -/* Converts a point P(px, py, pz) from Jacobian projective coordinates to - * affine coordinates R(rx, ry). P and R can share x and y coordinates. - * Assumes input is already field-encoded using field_enc, and returns - * output that is still field-encoded. */ -mp_err -ec_GFp_pt_jac2aff(const mp_int *px, const mp_int *py, const mp_int *pz, - mp_int *rx, mp_int *ry, const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int z1, z2, z3; - - MP_DIGITS(&z1) = 0; - MP_DIGITS(&z2) = 0; - MP_DIGITS(&z3) = 0; - MP_CHECKOK(mp_init(&z1)); - MP_CHECKOK(mp_init(&z2)); - MP_CHECKOK(mp_init(&z3)); - - /* if point at infinity, then set point at infinity and exit */ - if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) { - MP_CHECKOK(ec_GFp_pt_set_inf_aff(rx, ry)); - goto CLEANUP; - } - - /* transform (px, py, pz) into (px / pz^2, py / pz^3) */ - if (mp_cmp_d(pz, 1) == 0) { - MP_CHECKOK(mp_copy(px, rx)); - MP_CHECKOK(mp_copy(py, ry)); - } else { - MP_CHECKOK(group->meth->field_div(NULL, pz, &z1, group->meth)); - MP_CHECKOK(group->meth->field_sqr(&z1, &z2, group->meth)); - MP_CHECKOK(group->meth->field_mul(&z1, &z2, &z3, group->meth)); - MP_CHECKOK(group->meth->field_mul(px, &z2, rx, group->meth)); - MP_CHECKOK(group->meth->field_mul(py, &z3, ry, group->meth)); - } - - CLEANUP: - mp_clear(&z1); - mp_clear(&z2); - mp_clear(&z3); - return res; -} - -/* Checks if point P(px, py, pz) is at infinity. Uses Jacobian - * coordinates. */ -mp_err -ec_GFp_pt_is_inf_jac(const mp_int *px, const mp_int *py, const mp_int *pz) -{ - return mp_cmp_z(pz); -} - -/* Sets P(px, py, pz) to be the point at infinity. Uses Jacobian - * coordinates. */ -mp_err -ec_GFp_pt_set_inf_jac(mp_int *px, mp_int *py, mp_int *pz) -{ - mp_zero(pz); - return MP_OKAY; -} - -/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is - * (qx, qy, 1). Elliptic curve points P, Q, and R can all be identical. - * Uses mixed Jacobian-affine coordinates. Assumes input is already - * field-encoded using field_enc, and returns output that is still - * field-encoded. Uses equation (2) from Brown, Hankerson, Lopez, and - * Menezes. Software Implementation of the NIST Elliptic Curves Over Prime - * Fields. */ -mp_err -ec_GFp_pt_add_jac_aff(const mp_int *px, const mp_int *py, const mp_int *pz, - const mp_int *qx, const mp_int *qy, mp_int *rx, - mp_int *ry, mp_int *rz, const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int A, B, C, D, C2, C3; - - MP_DIGITS(&A) = 0; - MP_DIGITS(&B) = 0; - MP_DIGITS(&C) = 0; - MP_DIGITS(&D) = 0; - MP_DIGITS(&C2) = 0; - MP_DIGITS(&C3) = 0; - MP_CHECKOK(mp_init(&A)); - MP_CHECKOK(mp_init(&B)); - MP_CHECKOK(mp_init(&C)); - MP_CHECKOK(mp_init(&D)); - MP_CHECKOK(mp_init(&C2)); - MP_CHECKOK(mp_init(&C3)); - - /* If either P or Q is the point at infinity, then return the other - * point */ - if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) { - MP_CHECKOK(ec_GFp_pt_aff2jac(qx, qy, rx, ry, rz, group)); - goto CLEANUP; - } - if (ec_GFp_pt_is_inf_aff(qx, qy) == MP_YES) { - MP_CHECKOK(mp_copy(px, rx)); - MP_CHECKOK(mp_copy(py, ry)); - MP_CHECKOK(mp_copy(pz, rz)); - goto CLEANUP; - } - - /* A = qx * pz^2, B = qy * pz^3 */ - MP_CHECKOK(group->meth->field_sqr(pz, &A, group->meth)); - MP_CHECKOK(group->meth->field_mul(&A, pz, &B, group->meth)); - MP_CHECKOK(group->meth->field_mul(&A, qx, &A, group->meth)); - MP_CHECKOK(group->meth->field_mul(&B, qy, &B, group->meth)); - - /* C = A - px, D = B - py */ - MP_CHECKOK(group->meth->field_sub(&A, px, &C, group->meth)); - MP_CHECKOK(group->meth->field_sub(&B, py, &D, group->meth)); - - /* C2 = C^2, C3 = C^3 */ - MP_CHECKOK(group->meth->field_sqr(&C, &C2, group->meth)); - MP_CHECKOK(group->meth->field_mul(&C, &C2, &C3, group->meth)); - - /* rz = pz * C */ - MP_CHECKOK(group->meth->field_mul(pz, &C, rz, group->meth)); - - /* C = px * C^2 */ - MP_CHECKOK(group->meth->field_mul(px, &C2, &C, group->meth)); - /* A = D^2 */ - MP_CHECKOK(group->meth->field_sqr(&D, &A, group->meth)); - - /* rx = D^2 - (C^3 + 2 * (px * C^2)) */ - MP_CHECKOK(group->meth->field_add(&C, &C, rx, group->meth)); - MP_CHECKOK(group->meth->field_add(&C3, rx, rx, group->meth)); - MP_CHECKOK(group->meth->field_sub(&A, rx, rx, group->meth)); - - /* C3 = py * C^3 */ - MP_CHECKOK(group->meth->field_mul(py, &C3, &C3, group->meth)); - - /* ry = D * (px * C^2 - rx) - py * C^3 */ - MP_CHECKOK(group->meth->field_sub(&C, rx, ry, group->meth)); - MP_CHECKOK(group->meth->field_mul(&D, ry, ry, group->meth)); - MP_CHECKOK(group->meth->field_sub(ry, &C3, ry, group->meth)); - - CLEANUP: - mp_clear(&A); - mp_clear(&B); - mp_clear(&C); - mp_clear(&D); - mp_clear(&C2); - mp_clear(&C3); - return res; -} - -/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses - * Jacobian coordinates. - * - * Assumes input is already field-encoded using field_enc, and returns - * output that is still field-encoded. - * - * This routine implements Point Doubling in the Jacobian Projective - * space as described in the paper "Efficient elliptic curve exponentiation - * using mixed coordinates", by H. Cohen, A Miyaji, T. Ono. - */ -mp_err -ec_GFp_pt_dbl_jac(const mp_int *px, const mp_int *py, const mp_int *pz, - mp_int *rx, mp_int *ry, mp_int *rz, const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int t0, t1, M, S; - - MP_DIGITS(&t0) = 0; - MP_DIGITS(&t1) = 0; - MP_DIGITS(&M) = 0; - MP_DIGITS(&S) = 0; - MP_CHECKOK(mp_init(&t0)); - MP_CHECKOK(mp_init(&t1)); - MP_CHECKOK(mp_init(&M)); - MP_CHECKOK(mp_init(&S)); - - if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) { - MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz)); - goto CLEANUP; - } - - if (mp_cmp_d(pz, 1) == 0) { - /* M = 3 * px^2 + a */ - MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth)); - MP_CHECKOK(group->meth->field_add(&t0, &t0, &M, group->meth)); - MP_CHECKOK(group->meth->field_add(&t0, &M, &t0, group->meth)); - MP_CHECKOK(group->meth-> - field_add(&t0, &group->curvea, &M, group->meth)); - } else if (mp_cmp_int(&group->curvea, -3) == 0) { - /* M = 3 * (px + pz^2) * (px - pz^2) */ - MP_CHECKOK(group->meth->field_sqr(pz, &M, group->meth)); - MP_CHECKOK(group->meth->field_add(px, &M, &t0, group->meth)); - MP_CHECKOK(group->meth->field_sub(px, &M, &t1, group->meth)); - MP_CHECKOK(group->meth->field_mul(&t0, &t1, &M, group->meth)); - MP_CHECKOK(group->meth->field_add(&M, &M, &t0, group->meth)); - MP_CHECKOK(group->meth->field_add(&t0, &M, &M, group->meth)); - } else { - /* M = 3 * (px^2) + a * (pz^4) */ - MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth)); - MP_CHECKOK(group->meth->field_add(&t0, &t0, &M, group->meth)); - MP_CHECKOK(group->meth->field_add(&t0, &M, &t0, group->meth)); - MP_CHECKOK(group->meth->field_sqr(pz, &M, group->meth)); - MP_CHECKOK(group->meth->field_sqr(&M, &M, group->meth)); - MP_CHECKOK(group->meth-> - field_mul(&M, &group->curvea, &M, group->meth)); - MP_CHECKOK(group->meth->field_add(&M, &t0, &M, group->meth)); - } - - /* rz = 2 * py * pz */ - /* t0 = 4 * py^2 */ - if (mp_cmp_d(pz, 1) == 0) { - MP_CHECKOK(group->meth->field_add(py, py, rz, group->meth)); - MP_CHECKOK(group->meth->field_sqr(rz, &t0, group->meth)); - } else { - MP_CHECKOK(group->meth->field_add(py, py, &t0, group->meth)); - MP_CHECKOK(group->meth->field_mul(&t0, pz, rz, group->meth)); - MP_CHECKOK(group->meth->field_sqr(&t0, &t0, group->meth)); - } - - /* S = 4 * px * py^2 = px * (2 * py)^2 */ - MP_CHECKOK(group->meth->field_mul(px, &t0, &S, group->meth)); - - /* rx = M^2 - 2 * S */ - MP_CHECKOK(group->meth->field_add(&S, &S, &t1, group->meth)); - MP_CHECKOK(group->meth->field_sqr(&M, rx, group->meth)); - MP_CHECKOK(group->meth->field_sub(rx, &t1, rx, group->meth)); - - /* ry = M * (S - rx) - 8 * py^4 */ - MP_CHECKOK(group->meth->field_sqr(&t0, &t1, group->meth)); - if (mp_isodd(&t1)) { - MP_CHECKOK(mp_add(&t1, &group->meth->irr, &t1)); - } - MP_CHECKOK(mp_div_2(&t1, &t1)); - MP_CHECKOK(group->meth->field_sub(&S, rx, &S, group->meth)); - MP_CHECKOK(group->meth->field_mul(&M, &S, &M, group->meth)); - MP_CHECKOK(group->meth->field_sub(&M, &t1, ry, group->meth)); - - CLEANUP: - mp_clear(&t0); - mp_clear(&t1); - mp_clear(&M); - mp_clear(&S); - return res; -} - -/* by default, this routine is unused and thus doesn't need to be compiled */ -#ifdef ECL_ENABLE_GFP_PT_MUL_JAC -/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters - * a, b and p are the elliptic curve coefficients and the prime that - * determines the field GFp. Elliptic curve points P and R can be - * identical. Uses mixed Jacobian-affine coordinates. Assumes input is - * already field-encoded using field_enc, and returns output that is still - * field-encoded. Uses 4-bit window method. */ -mp_err -ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px, const mp_int *py, - mp_int *rx, mp_int *ry, const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int precomp[16][2], rz; - int i, ni, d; - - MP_DIGITS(&rz) = 0; - for (i = 0; i < 16; i++) { - MP_DIGITS(&precomp[i][0]) = 0; - MP_DIGITS(&precomp[i][1]) = 0; - } - - ARGCHK(group != NULL, MP_BADARG); - ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG); - - /* initialize precomputation table */ - for (i = 0; i < 16; i++) { - MP_CHECKOK(mp_init(&precomp[i][0])); - MP_CHECKOK(mp_init(&precomp[i][1])); - } - - /* fill precomputation table */ - mp_zero(&precomp[0][0]); - mp_zero(&precomp[0][1]); - MP_CHECKOK(mp_copy(px, &precomp[1][0])); - MP_CHECKOK(mp_copy(py, &precomp[1][1])); - for (i = 2; i < 16; i++) { - MP_CHECKOK(group-> - point_add(&precomp[1][0], &precomp[1][1], - &precomp[i - 1][0], &precomp[i - 1][1], - &precomp[i][0], &precomp[i][1], group)); - } - - d = (mpl_significant_bits(n) + 3) / 4; - - /* R = inf */ - MP_CHECKOK(mp_init(&rz)); - MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz)); - - for (i = d - 1; i >= 0; i--) { - /* compute window ni */ - ni = MP_GET_BIT(n, 4 * i + 3); - ni <<= 1; - ni |= MP_GET_BIT(n, 4 * i + 2); - ni <<= 1; - ni |= MP_GET_BIT(n, 4 * i + 1); - ni <<= 1; - ni |= MP_GET_BIT(n, 4 * i); - /* R = 2^4 * R */ - MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group)); - MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group)); - MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group)); - MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group)); - /* R = R + (ni * P) */ - MP_CHECKOK(ec_GFp_pt_add_jac_aff - (rx, ry, &rz, &precomp[ni][0], &precomp[ni][1], rx, ry, - &rz, group)); - } - - /* convert result S to affine coordinates */ - MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group)); - - CLEANUP: - mp_clear(&rz); - for (i = 0; i < 16; i++) { - mp_clear(&precomp[i][0]); - mp_clear(&precomp[i][1]); - } - return res; -} -#endif - -/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G + - * k2 * P(x, y), where G is the generator (base point) of the group of - * points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL. - * Uses mixed Jacobian-affine coordinates. Input and output values are - * assumed to be NOT field-encoded. Uses algorithm 15 (simultaneous - * multiple point multiplication) from Brown, Hankerson, Lopez, Menezes. - * Software Implementation of the NIST Elliptic Curves over Prime Fields. */ -mp_err -ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, - const mp_int *py, mp_int *rx, mp_int *ry, - const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int precomp[4][4][2]; - mp_int rz; - const mp_int *a, *b; - int i, j; - int ai, bi, d; - - for (i = 0; i < 4; i++) { - for (j = 0; j < 4; j++) { - MP_DIGITS(&precomp[i][j][0]) = 0; - MP_DIGITS(&precomp[i][j][1]) = 0; - } - } - MP_DIGITS(&rz) = 0; - - ARGCHK(group != NULL, MP_BADARG); - ARGCHK(!((k1 == NULL) - && ((k2 == NULL) || (px == NULL) - || (py == NULL))), MP_BADARG); - - /* if some arguments are not defined used ECPoint_mul */ - if (k1 == NULL) { - return ECPoint_mul(group, k2, px, py, rx, ry); - } else if ((k2 == NULL) || (px == NULL) || (py == NULL)) { - return ECPoint_mul(group, k1, NULL, NULL, rx, ry); - } - - /* initialize precomputation table */ - for (i = 0; i < 4; i++) { - for (j = 0; j < 4; j++) { - MP_CHECKOK(mp_init(&precomp[i][j][0])); - MP_CHECKOK(mp_init(&precomp[i][j][1])); - } - } - - /* fill precomputation table */ - /* assign {k1, k2} = {a, b} such that len(a) >= len(b) */ - if (mpl_significant_bits(k1) < mpl_significant_bits(k2)) { - a = k2; - b = k1; - if (group->meth->field_enc) { - MP_CHECKOK(group->meth-> - field_enc(px, &precomp[1][0][0], group->meth)); - MP_CHECKOK(group->meth-> - field_enc(py, &precomp[1][0][1], group->meth)); - } else { - MP_CHECKOK(mp_copy(px, &precomp[1][0][0])); - MP_CHECKOK(mp_copy(py, &precomp[1][0][1])); - } - MP_CHECKOK(mp_copy(&group->genx, &precomp[0][1][0])); - MP_CHECKOK(mp_copy(&group->geny, &precomp[0][1][1])); - } else { - a = k1; - b = k2; - MP_CHECKOK(mp_copy(&group->genx, &precomp[1][0][0])); - MP_CHECKOK(mp_copy(&group->geny, &precomp[1][0][1])); - if (group->meth->field_enc) { - MP_CHECKOK(group->meth-> - field_enc(px, &precomp[0][1][0], group->meth)); - MP_CHECKOK(group->meth-> - field_enc(py, &precomp[0][1][1], group->meth)); - } else { - MP_CHECKOK(mp_copy(px, &precomp[0][1][0])); - MP_CHECKOK(mp_copy(py, &precomp[0][1][1])); - } - } - /* precompute [*][0][*] */ - mp_zero(&precomp[0][0][0]); - mp_zero(&precomp[0][0][1]); - MP_CHECKOK(group-> - point_dbl(&precomp[1][0][0], &precomp[1][0][1], - &precomp[2][0][0], &precomp[2][0][1], group)); - MP_CHECKOK(group-> - point_add(&precomp[1][0][0], &precomp[1][0][1], - &precomp[2][0][0], &precomp[2][0][1], - &precomp[3][0][0], &precomp[3][0][1], group)); - /* precompute [*][1][*] */ - for (i = 1; i < 4; i++) { - MP_CHECKOK(group-> - point_add(&precomp[0][1][0], &precomp[0][1][1], - &precomp[i][0][0], &precomp[i][0][1], - &precomp[i][1][0], &precomp[i][1][1], group)); - } - /* precompute [*][2][*] */ - MP_CHECKOK(group-> - point_dbl(&precomp[0][1][0], &precomp[0][1][1], - &precomp[0][2][0], &precomp[0][2][1], group)); - for (i = 1; i < 4; i++) { - MP_CHECKOK(group-> - point_add(&precomp[0][2][0], &precomp[0][2][1], - &precomp[i][0][0], &precomp[i][0][1], - &precomp[i][2][0], &precomp[i][2][1], group)); - } - /* precompute [*][3][*] */ - MP_CHECKOK(group-> - point_add(&precomp[0][1][0], &precomp[0][1][1], - &precomp[0][2][0], &precomp[0][2][1], - &precomp[0][3][0], &precomp[0][3][1], group)); - for (i = 1; i < 4; i++) { - MP_CHECKOK(group-> - point_add(&precomp[0][3][0], &precomp[0][3][1], - &precomp[i][0][0], &precomp[i][0][1], - &precomp[i][3][0], &precomp[i][3][1], group)); - } - - d = (mpl_significant_bits(a) + 1) / 2; - - /* R = inf */ - MP_CHECKOK(mp_init(&rz)); - MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz)); - - for (i = d - 1; i >= 0; i--) { - ai = MP_GET_BIT(a, 2 * i + 1); - ai <<= 1; - ai |= MP_GET_BIT(a, 2 * i); - bi = MP_GET_BIT(b, 2 * i + 1); - bi <<= 1; - bi |= MP_GET_BIT(b, 2 * i); - /* R = 2^2 * R */ - MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group)); - MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group)); - /* R = R + (ai * A + bi * B) */ - MP_CHECKOK(ec_GFp_pt_add_jac_aff - (rx, ry, &rz, &precomp[ai][bi][0], &precomp[ai][bi][1], - rx, ry, &rz, group)); - } - - MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group)); - - if (group->meth->field_dec) { - MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth)); - MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth)); - } - - CLEANUP: - mp_clear(&rz); - for (i = 0; i < 4; i++) { - for (j = 0; j < 4; j++) { - mp_clear(&precomp[i][j][0]); - mp_clear(&precomp[i][j][1]); - } - } - return res; -} diff --git a/security/nss/lib/freebl/ecl/ecp_jm.c b/security/nss/lib/freebl/ecl/ecp_jm.c deleted file mode 100644 index 2174650d1..000000000 --- a/security/nss/lib/freebl/ecl/ecp_jm.c +++ /dev/null @@ -1,320 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Stephen Fung , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ecp.h" -#include "ecl-priv.h" -#include "mplogic.h" -#include - -/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses - * Modified Jacobian coordinates. - * - * Assumes input is already field-encoded using field_enc, and returns - * output that is still field-encoded. - * - */ -mp_err -ec_GFp_pt_dbl_jm(const mp_int *px, const mp_int *py, const mp_int *pz, - const mp_int *paz4, mp_int *rx, mp_int *ry, mp_int *rz, - mp_int *raz4, const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int t0, t1, M, S; - - MP_DIGITS(&t0) = 0; - MP_DIGITS(&t1) = 0; - MP_DIGITS(&M) = 0; - MP_DIGITS(&S) = 0; - MP_CHECKOK(mp_init(&t0)); - MP_CHECKOK(mp_init(&t1)); - MP_CHECKOK(mp_init(&M)); - MP_CHECKOK(mp_init(&S)); - - /* Check for point at infinity */ - if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) { - /* Set r = pt at infinity by setting rz = 0 */ - - MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz)); - goto CLEANUP; - } - - /* M = 3 (px^2) + a*(pz^4) */ - MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth)); - MP_CHECKOK(group->meth->field_add(&t0, &t0, &M, group->meth)); - MP_CHECKOK(group->meth->field_add(&t0, &M, &t0, group->meth)); - MP_CHECKOK(group->meth->field_add(&t0, paz4, &M, group->meth)); - - /* rz = 2 * py * pz */ - MP_CHECKOK(group->meth->field_mul(py, pz, rz, group->meth)); - MP_CHECKOK(group->meth->field_add(rz, rz, rz, group->meth)); - - /* t0 = 2y^2 , t1 = 8y^4 */ - MP_CHECKOK(group->meth->field_sqr(py, &t0, group->meth)); - MP_CHECKOK(group->meth->field_add(&t0, &t0, &t0, group->meth)); - MP_CHECKOK(group->meth->field_sqr(&t0, &t1, group->meth)); - MP_CHECKOK(group->meth->field_add(&t1, &t1, &t1, group->meth)); - - /* S = 4 * px * py^2 = 2 * px * t0 */ - MP_CHECKOK(group->meth->field_mul(px, &t0, &S, group->meth)); - MP_CHECKOK(group->meth->field_add(&S, &S, &S, group->meth)); - - /* rx = M^2 - 2S */ - MP_CHECKOK(group->meth->field_sqr(&M, rx, group->meth)); - MP_CHECKOK(group->meth->field_sub(rx, &S, rx, group->meth)); - MP_CHECKOK(group->meth->field_sub(rx, &S, rx, group->meth)); - - /* ry = M * (S - rx) - t1 */ - MP_CHECKOK(group->meth->field_sub(&S, rx, ry, group->meth)); - MP_CHECKOK(group->meth->field_mul(ry, &M, ry, group->meth)); - MP_CHECKOK(group->meth->field_sub(ry, &t1, ry, group->meth)); - - /* ra*z^4 = 2*t1*(apz4) */ - MP_CHECKOK(group->meth->field_mul(paz4, &t1, raz4, group->meth)); - MP_CHECKOK(group->meth->field_add(raz4, raz4, raz4, group->meth)); - - CLEANUP: - mp_clear(&t0); - mp_clear(&t1); - mp_clear(&M); - mp_clear(&S); - return res; -} - -/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is - * (qx, qy, 1). Elliptic curve points P, Q, and R can all be identical. - * Uses mixed Modified_Jacobian-affine coordinates. Assumes input is - * already field-encoded using field_enc, and returns output that is still - * field-encoded. */ -mp_err -ec_GFp_pt_add_jm_aff(const mp_int *px, const mp_int *py, const mp_int *pz, - const mp_int *paz4, const mp_int *qx, - const mp_int *qy, mp_int *rx, mp_int *ry, mp_int *rz, - mp_int *raz4, const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int A, B, C, D, C2, C3; - - MP_DIGITS(&A) = 0; - MP_DIGITS(&B) = 0; - MP_DIGITS(&C) = 0; - MP_DIGITS(&D) = 0; - MP_DIGITS(&C2) = 0; - MP_DIGITS(&C3) = 0; - MP_CHECKOK(mp_init(&A)); - MP_CHECKOK(mp_init(&B)); - MP_CHECKOK(mp_init(&C)); - MP_CHECKOK(mp_init(&D)); - MP_CHECKOK(mp_init(&C2)); - MP_CHECKOK(mp_init(&C3)); - - /* If either P or Q is the point at infinity, then return the other - * point */ - if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) { - MP_CHECKOK(ec_GFp_pt_aff2jac(qx, qy, rx, ry, rz, group)); - MP_CHECKOK(group->meth->field_sqr(rz, raz4, group->meth)); - MP_CHECKOK(group->meth->field_sqr(raz4, raz4, group->meth)); - MP_CHECKOK(group->meth-> - field_mul(raz4, &group->curvea, raz4, group->meth)); - goto CLEANUP; - } - if (ec_GFp_pt_is_inf_aff(qx, qy) == MP_YES) { - MP_CHECKOK(mp_copy(px, rx)); - MP_CHECKOK(mp_copy(py, ry)); - MP_CHECKOK(mp_copy(pz, rz)); - MP_CHECKOK(mp_copy(paz4, raz4)); - goto CLEANUP; - } - - /* A = qx * pz^2, B = qy * pz^3 */ - MP_CHECKOK(group->meth->field_sqr(pz, &A, group->meth)); - MP_CHECKOK(group->meth->field_mul(&A, pz, &B, group->meth)); - MP_CHECKOK(group->meth->field_mul(&A, qx, &A, group->meth)); - MP_CHECKOK(group->meth->field_mul(&B, qy, &B, group->meth)); - - /* C = A - px, D = B - py */ - MP_CHECKOK(group->meth->field_sub(&A, px, &C, group->meth)); - MP_CHECKOK(group->meth->field_sub(&B, py, &D, group->meth)); - - /* C2 = C^2, C3 = C^3 */ - MP_CHECKOK(group->meth->field_sqr(&C, &C2, group->meth)); - MP_CHECKOK(group->meth->field_mul(&C, &C2, &C3, group->meth)); - - /* rz = pz * C */ - MP_CHECKOK(group->meth->field_mul(pz, &C, rz, group->meth)); - - /* C = px * C^2 */ - MP_CHECKOK(group->meth->field_mul(px, &C2, &C, group->meth)); - /* A = D^2 */ - MP_CHECKOK(group->meth->field_sqr(&D, &A, group->meth)); - - /* rx = D^2 - (C^3 + 2 * (px * C^2)) */ - MP_CHECKOK(group->meth->field_add(&C, &C, rx, group->meth)); - MP_CHECKOK(group->meth->field_add(&C3, rx, rx, group->meth)); - MP_CHECKOK(group->meth->field_sub(&A, rx, rx, group->meth)); - - /* C3 = py * C^3 */ - MP_CHECKOK(group->meth->field_mul(py, &C3, &C3, group->meth)); - - /* ry = D * (px * C^2 - rx) - py * C^3 */ - MP_CHECKOK(group->meth->field_sub(&C, rx, ry, group->meth)); - MP_CHECKOK(group->meth->field_mul(&D, ry, ry, group->meth)); - MP_CHECKOK(group->meth->field_sub(ry, &C3, ry, group->meth)); - - /* raz4 = a * rz^4 */ - MP_CHECKOK(group->meth->field_sqr(rz, raz4, group->meth)); - MP_CHECKOK(group->meth->field_sqr(raz4, raz4, group->meth)); - MP_CHECKOK(group->meth-> - field_mul(raz4, &group->curvea, raz4, group->meth)); - - CLEANUP: - mp_clear(&A); - mp_clear(&B); - mp_clear(&C); - mp_clear(&D); - mp_clear(&C2); - mp_clear(&C3); - return res; -} - -/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic - * curve points P and R can be identical. Uses mixed Modified-Jacobian - * co-ordinates for doubling and Chudnovsky Jacobian coordinates for - * additions. Assumes input is already field-encoded using field_enc, and - * returns output that is still field-encoded. Uses 5-bit window NAF - * method (algorithm 11) for scalar-point multiplication from Brown, - * Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic - * Curves Over Prime Fields. */ -mp_err -ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py, - mp_int *rx, mp_int *ry, const ECGroup *group) -{ - mp_err res = MP_OKAY; - mp_int precomp[16][2], rz, tpx, tpy; - mp_int raz4; - signed char *naf = NULL; - int i, orderBitSize; - - MP_DIGITS(&rz) = 0; - MP_DIGITS(&raz4) = 0; - MP_DIGITS(&tpx) = 0; - MP_DIGITS(&tpy) = 0; - for (i = 0; i < 16; i++) { - MP_DIGITS(&precomp[i][0]) = 0; - MP_DIGITS(&precomp[i][1]) = 0; - } - - ARGCHK(group != NULL, MP_BADARG); - ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG); - - /* initialize precomputation table */ - MP_CHECKOK(mp_init(&tpx)); - MP_CHECKOK(mp_init(&tpy));; - MP_CHECKOK(mp_init(&rz)); - MP_CHECKOK(mp_init(&raz4)); - - for (i = 0; i < 16; i++) { - MP_CHECKOK(mp_init(&precomp[i][0])); - MP_CHECKOK(mp_init(&precomp[i][1])); - } - - /* Set out[8] = P */ - MP_CHECKOK(mp_copy(px, &precomp[8][0])); - MP_CHECKOK(mp_copy(py, &precomp[8][1])); - - /* Set (tpx, tpy) = 2P */ - MP_CHECKOK(group-> - point_dbl(&precomp[8][0], &precomp[8][1], &tpx, &tpy, - group)); - - /* Set 3P, 5P, ..., 15P */ - for (i = 8; i < 15; i++) { - MP_CHECKOK(group-> - point_add(&precomp[i][0], &precomp[i][1], &tpx, &tpy, - &precomp[i + 1][0], &precomp[i + 1][1], - group)); - } - - /* Set -15P, -13P, ..., -P */ - for (i = 0; i < 8; i++) { - MP_CHECKOK(mp_copy(&precomp[15 - i][0], &precomp[i][0])); - MP_CHECKOK(group->meth-> - field_neg(&precomp[15 - i][1], &precomp[i][1], - group->meth)); - } - - /* R = inf */ - MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz)); - - orderBitSize = mpl_significant_bits(&group->order); - - /* Allocate memory for NAF */ - naf = (signed char *) malloc(sizeof(signed char) * orderBitSize); - if (naf == NULL) { - res = MP_MEM; - goto CLEANUP; - } - - /* Compute 5NAF */ - ec_compute_wNAF(naf, orderBitSize, n, 5); - - /* wNAF method */ - for (i = orderBitSize; i >= 0; i--) { - /* R = 2R */ - ec_GFp_pt_dbl_jm(rx, ry, &rz, &raz4, rx, ry, &rz, &raz4, group); - if (naf[i] != 0) { - ec_GFp_pt_add_jm_aff(rx, ry, &rz, &raz4, - &precomp[(naf[i] + 15) / 2][0], - &precomp[(naf[i] + 15) / 2][1], rx, ry, - &rz, &raz4, group); - } - } - - /* convert result S to affine coordinates */ - MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group)); - - CLEANUP: - for (i = 0; i < 16; i++) { - mp_clear(&precomp[i][0]); - mp_clear(&precomp[i][1]); - } - mp_clear(&tpx); - mp_clear(&tpy); - mp_clear(&rz); - mp_clear(&raz4); - free(naf); - return res; -} diff --git a/security/nss/lib/freebl/ecl/ecp_mont.c b/security/nss/lib/freebl/ecl/ecp_mont.c deleted file mode 100644 index a251af1fc..000000000 --- a/security/nss/lib/freebl/ecl/ecp_mont.c +++ /dev/null @@ -1,190 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -/* Uses Montgomery reduction for field arithmetic. See mpi/mpmontg.c for - * code implementation. */ - -#include "mpi.h" -#include "mplogic.h" -#include "mpi-priv.h" -#include "ecl-priv.h" -#include "ecp.h" -#include -#include - -/* Construct a generic GFMethod for arithmetic over prime fields with - * irreducible irr. */ -GFMethod * -GFMethod_consGFp_mont(const mp_int *irr) -{ - mp_err res = MP_OKAY; - int i; - GFMethod *meth = NULL; - mp_mont_modulus *mmm; - - meth = GFMethod_consGFp(irr); - if (meth == NULL) - return NULL; - - mmm = (mp_mont_modulus *) malloc(sizeof(mp_mont_modulus)); - if (mmm == NULL) { - res = MP_MEM; - goto CLEANUP; - } - - meth->field_mul = &ec_GFp_mul_mont; - meth->field_sqr = &ec_GFp_sqr_mont; - meth->field_div = &ec_GFp_div_mont; - meth->field_enc = &ec_GFp_enc_mont; - meth->field_dec = &ec_GFp_dec_mont; - meth->extra1 = mmm; - meth->extra2 = NULL; - meth->extra_free = &ec_GFp_extra_free_mont; - - mmm->N = meth->irr; - i = mpl_significant_bits(&meth->irr); - i += MP_DIGIT_BIT - 1; - mmm->b = i - i % MP_DIGIT_BIT; - mmm->n0prime = 0 - s_mp_invmod_radix(MP_DIGIT(&meth->irr, 0)); - - CLEANUP: - if (res != MP_OKAY) { - GFMethod_free(meth); - return NULL; - } - return meth; -} - -/* Wrapper functions for generic prime field arithmetic. */ - -/* Field multiplication using Montgomery reduction. */ -mp_err -ec_GFp_mul_mont(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth) -{ - mp_err res = MP_OKAY; - -#ifdef MP_MONT_USE_MP_MUL - /* if MP_MONT_USE_MP_MUL is defined, then the function s_mp_mul_mont - * is not implemented and we have to use mp_mul and s_mp_redc directly - */ - MP_CHECKOK(mp_mul(a, b, r)); - MP_CHECKOK(s_mp_redc(r, (mp_mont_modulus *) meth->extra1)); -#else - mp_int s; - - MP_DIGITS(&s) = 0; - /* s_mp_mul_mont doesn't allow source and destination to be the same */ - if ((a == r) || (b == r)) { - MP_CHECKOK(mp_init(&s)); - MP_CHECKOK(s_mp_mul_mont - (a, b, &s, (mp_mont_modulus *) meth->extra1)); - MP_CHECKOK(mp_copy(&s, r)); - mp_clear(&s); - } else { - return s_mp_mul_mont(a, b, r, (mp_mont_modulus *) meth->extra1); - } -#endif - CLEANUP: - return res; -} - -/* Field squaring using Montgomery reduction. */ -mp_err -ec_GFp_sqr_mont(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - return ec_GFp_mul_mont(a, a, r, meth); -} - -/* Field division using Montgomery reduction. */ -mp_err -ec_GFp_div_mont(const mp_int *a, const mp_int *b, mp_int *r, - const GFMethod *meth) -{ - mp_err res = MP_OKAY; - - /* if A=aZ represents a encoded in montgomery coordinates with Z and # - * and \ respectively represent multiplication and division in - * montgomery coordinates, then A\B = (a/b)Z = (A/B)Z and Binv = - * (1/b)Z = (1/B)(Z^2) where B # Binv = Z */ - MP_CHECKOK(ec_GFp_div(a, b, r, meth)); - MP_CHECKOK(ec_GFp_enc_mont(r, r, meth)); - if (a == NULL) { - MP_CHECKOK(ec_GFp_enc_mont(r, r, meth)); - } - CLEANUP: - return res; -} - -/* Encode a field element in Montgomery form. See s_mp_to_mont in - * mpi/mpmontg.c */ -mp_err -ec_GFp_enc_mont(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - mp_mont_modulus *mmm; - mp_err res = MP_OKAY; - - mmm = (mp_mont_modulus *) meth->extra1; - MP_CHECKOK(mpl_lsh(a, r, mmm->b)); - MP_CHECKOK(mp_mod(r, &mmm->N, r)); - CLEANUP: - return res; -} - -/* Decode a field element from Montgomery form. */ -mp_err -ec_GFp_dec_mont(const mp_int *a, mp_int *r, const GFMethod *meth) -{ - mp_err res = MP_OKAY; - - if (a != r) { - MP_CHECKOK(mp_copy(a, r)); - } - MP_CHECKOK(s_mp_redc(r, (mp_mont_modulus *) meth->extra1)); - CLEANUP: - return res; -} - -/* Free the memory allocated to the extra fields of Montgomery GFMethod - * object. */ -void -ec_GFp_extra_free_mont(GFMethod *meth) -{ - if (meth->extra1 != NULL) { - free(meth->extra1); - meth->extra1 = NULL; - } -} diff --git a/security/nss/lib/freebl/ecl/tests/ec2_test.c b/security/nss/lib/freebl/ecl/tests/ec2_test.c deleted file mode 100644 index 4bb6bc6ee..000000000 --- a/security/nss/lib/freebl/ecl/tests/ec2_test.c +++ /dev/null @@ -1,459 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for binary polynomial - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "mpi.h" -#include "mplogic.h" -#include "mpprime.h" -#include "mp_gf2m.h" -#include "ecl.h" -#include "ecl-curve.h" -#include "ec2.h" -#include -#include -#include - -#include -#include -#include - -/* Time k repetitions of operation op. */ -#define M_TimeOperation(op, k) { \ - double dStart, dNow, dUserTime; \ - struct rusage ru; \ - int i; \ - getrusage(RUSAGE_SELF, &ru); \ - dStart = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \ - for (i = 0; i < k; i++) { \ - { op; } \ - }; \ - getrusage(RUSAGE_SELF, &ru); \ - dNow = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \ - dUserTime = dNow-dStart; \ - if (dUserTime) printf(" %-45s k: %6i, t: %6.2f sec\n", #op, k, dUserTime); \ -} - -/* Test curve using generic field arithmetic. */ -#define ECTEST_GENERIC_GF2M(name_c, name) \ - printf("Testing %s using generic implementation...\n", name_c); \ - params = EC_GetNamedCurveParams(name); \ - if (params == NULL) { \ - printf(" Error: could not construct params.\n"); \ - res = MP_NO; \ - goto CLEANUP; \ - } \ - ECGroup_free(group); \ - group = ECGroup_fromHex(params); \ - if (group == NULL) { \ - printf(" Error: could not construct group.\n"); \ - res = MP_NO; \ - goto CLEANUP; \ - } \ - MP_CHECKOK( ectest_curve_GF2m(group, ectestPrint, ectestTime, 1) ); \ - printf("... okay.\n"); - -/* Test curve using specific field arithmetic. */ -#define ECTEST_NAMED_GF2M(name_c, name) \ - printf("Testing %s using specific implementation...\n", name_c); \ - ECGroup_free(group); \ - group = ECGroup_fromName(name); \ - if (group == NULL) { \ - printf(" Warning: could not construct group.\n"); \ - printf("... failed; continuing with remaining tests.\n"); \ - } else { \ - MP_CHECKOK( ectest_curve_GF2m(group, ectestPrint, ectestTime, 0) ); \ - printf("... okay.\n"); \ - } - -/* Performs basic tests of elliptic curve cryptography over binary - * polynomial fields. If tests fail, then it prints an error message, - * aborts, and returns an error code. Otherwise, returns 0. */ -int -ectest_curve_GF2m(ECGroup *group, int ectestPrint, int ectestTime, - int generic) -{ - - mp_int one, order_1, gx, gy, rx, ry, n; - int size; - mp_err res; - char s[1000]; - - /* initialize values */ - MP_CHECKOK(mp_init(&one)); - MP_CHECKOK(mp_init(&order_1)); - MP_CHECKOK(mp_init(&gx)); - MP_CHECKOK(mp_init(&gy)); - MP_CHECKOK(mp_init(&rx)); - MP_CHECKOK(mp_init(&ry)); - MP_CHECKOK(mp_init(&n)); - - MP_CHECKOK(mp_set_int(&one, 1)); - MP_CHECKOK(mp_sub(&group->order, &one, &order_1)); - - /* encode base point */ - if (group->meth->field_dec) { - MP_CHECKOK(group->meth->field_dec(&group->genx, &gx, group->meth)); - MP_CHECKOK(group->meth->field_dec(&group->geny, &gy, group->meth)); - } else { - MP_CHECKOK(mp_copy(&group->genx, &gx)); - MP_CHECKOK(mp_copy(&group->geny, &gy)); - } - - if (ectestPrint) { - /* output base point */ - printf(" base point P:\n"); - MP_CHECKOK(mp_toradix(&gx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&gy, s, 16)); - printf(" %s\n", s); - if (group->meth->field_enc) { - printf(" base point P (encoded):\n"); - MP_CHECKOK(mp_toradix(&group->genx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&group->geny, s, 16)); - printf(" %s\n", s); - } - } - -#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF - /* multiply base point by order - 1 and check for negative of base - * point */ - MP_CHECKOK(ec_GF2m_pt_mul_aff - (&order_1, &group->genx, &group->geny, &rx, &ry, group)); - if (ectestPrint) { - printf(" (order-1)*P (affine):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth)); - if ((mp_cmp(&rx, &group->genx) != 0) - || (mp_cmp(&ry, &group->geny) != 0)) { - printf(" Error: invalid result (expected (- base point)).\n"); - res = MP_NO; - goto CLEANUP; - } -#endif - - /* multiply base point by order - 1 and check for negative of base - * point */ - MP_CHECKOK(ec_GF2m_pt_mul_mont - (&order_1, &group->genx, &group->geny, &rx, &ry, group)); - if (ectestPrint) { - printf(" (order-1)*P (montgomery):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth)); - if ((mp_cmp(&rx, &group->genx) != 0) - || (mp_cmp(&ry, &group->geny) != 0)) { - printf(" Error: invalid result (expected (- base point)).\n"); - res = MP_NO; - goto CLEANUP; - } - -#ifdef ECL_ENABLE_GF2M_PROJ - /* multiply base point by order - 1 and check for negative of base - * point */ - MP_CHECKOK(ec_GF2m_pt_mul_proj - (&order_1, &group->genx, &group->geny, &rx, &ry, group)); - if (ectestPrint) { - printf(" (order-1)*P (projective):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth)); - if ((mp_cmp(&rx, &group->genx) != 0) - || (mp_cmp(&ry, &group->geny) != 0)) { - printf(" Error: invalid result (expected (- base point)).\n"); - res = MP_NO; - goto CLEANUP; - } -#endif - - /* multiply base point by order - 1 and check for negative of base - * point */ - MP_CHECKOK(ECPoint_mul(group, &order_1, NULL, NULL, &rx, &ry)); - if (ectestPrint) { - printf(" (order-1)*P (ECPoint_mul):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth)); - if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) { - printf(" Error: invalid result (expected (- base point)).\n"); - res = MP_NO; - goto CLEANUP; - } - - /* multiply base point by order - 1 and check for negative of base - * point */ - MP_CHECKOK(ECPoint_mul(group, &order_1, &gx, &gy, &rx, &ry)); - if (ectestPrint) { - printf(" (order-1)*P (ECPoint_mul):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth)); - if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) { - printf(" Error: invalid result (expected (- base point)).\n"); - res = MP_NO; - goto CLEANUP; - } - -#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF - /* multiply base point by order and check for point at infinity */ - MP_CHECKOK(ec_GF2m_pt_mul_aff - (&group->order, &group->genx, &group->geny, &rx, &ry, - group)); - if (ectestPrint) { - printf(" (order)*P (affine):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) { - printf(" Error: invalid result (expected point at infinity).\n"); - res = MP_NO; - goto CLEANUP; - } -#endif - - /* multiply base point by order and check for point at infinity */ - MP_CHECKOK(ec_GF2m_pt_mul_mont - (&group->order, &group->genx, &group->geny, &rx, &ry, - group)); - if (ectestPrint) { - printf(" (order)*P (montgomery):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) { - printf(" Error: invalid result (expected point at infinity).\n"); - res = MP_NO; - goto CLEANUP; - } - -#ifdef ECL_ENABLE_GF2M_PROJ - /* multiply base point by order and check for point at infinity */ - MP_CHECKOK(ec_GF2m_pt_mul_proj - (&group->order, &group->genx, &group->geny, &rx, &ry, - group)); - if (ectestPrint) { - printf(" (order)*P (projective):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) { - printf(" Error: invalid result (expected point at infinity).\n"); - res = MP_NO; - goto CLEANUP; - } -#endif - - /* multiply base point by order and check for point at infinity */ - MP_CHECKOK(ECPoint_mul(group, &group->order, NULL, NULL, &rx, &ry)); - if (ectestPrint) { - printf(" (order)*P (ECPoint_mul):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) { - printf(" Error: invalid result (expected point at infinity).\n"); - res = MP_NO; - goto CLEANUP; - } - - /* multiply base point by order and check for point at infinity */ - MP_CHECKOK(ECPoint_mul(group, &group->order, &gx, &gy, &rx, &ry)); - if (ectestPrint) { - printf(" (order)*P (ECPoint_mul):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) { - printf(" Error: invalid result (expected point at infinity).\n"); - res = MP_NO; - goto CLEANUP; - } - - /* check that (order-1)P + (order-1)P + P == (order-1)P */ - MP_CHECKOK(ECPoints_mul - (group, &order_1, &order_1, &gx, &gy, &rx, &ry)); - MP_CHECKOK(ECPoints_mul(group, &one, &one, &rx, &ry, &rx, &ry)); - if (ectestPrint) { - printf - (" (order-1)*P + (order-1)*P + P == (order-1)*P (ECPoints_mul):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth)); - if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) { - printf(" Error: invalid result (expected (- base point)).\n"); - res = MP_NO; - goto CLEANUP; - } - - if (ectestTime) { - /* compute random scalar */ - size = mpl_significant_bits(&group->meth->irr); - if (size < MP_OKAY) { - goto CLEANUP; - } - MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS)); - MP_CHECKOK(group->meth->field_mod(&n, &n, group->meth)); - /* timed test */ - if (generic) { -#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF - M_TimeOperation(MP_CHECKOK - (ec_GF2m_pt_mul_aff - (&n, &group->genx, &group->geny, &rx, &ry, - group)), 100); -#endif - M_TimeOperation(MP_CHECKOK - (ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)), - 100); - M_TimeOperation(MP_CHECKOK - (ECPoints_mul - (group, &n, &n, &gx, &gy, &rx, &ry)), 100); - } else { - M_TimeOperation(MP_CHECKOK - (ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)), - 100); - M_TimeOperation(MP_CHECKOK - (ECPoint_mul(group, &n, &gx, &gy, &rx, &ry)), - 100); - M_TimeOperation(MP_CHECKOK - (ECPoints_mul - (group, &n, &n, &gx, &gy, &rx, &ry)), 100); - } - } - - CLEANUP: - mp_clear(&one); - mp_clear(&order_1); - mp_clear(&gx); - mp_clear(&gy); - mp_clear(&rx); - mp_clear(&ry); - mp_clear(&n); - if (res != MP_OKAY) { - printf(" Error: exiting with error value %i\n", res); - } - return res; -} - -/* Prints help information. */ -void -printUsage() -{ - printf("Usage: ecp_test [--print] [--time]\n"); - printf - (" --print Print out results of each point arithmetic test.\n"); - printf - (" --time Benchmark point operations and print results.\n"); -} - -/* Performs tests of elliptic curve cryptography over binary polynomial - * fields. If tests fail, then it prints an error message, aborts, and - * returns an error code. Otherwise, returns 0. */ -int -main(int argv, char **argc) -{ - - int ectestTime = 0; - int ectestPrint = 0; - int i; - ECGroup *group = NULL; - ECCurveParams *params = NULL; - mp_err res; - - /* read command-line arguments */ - for (i = 1; i < argv; i++) { - if ((strcasecmp(argc[i], "time") == 0) - || (strcasecmp(argc[i], "-time") == 0) - || (strcasecmp(argc[i], "--time") == 0)) { - ectestTime = 1; - } else if ((strcasecmp(argc[i], "print") == 0) - || (strcasecmp(argc[i], "-print") == 0) - || (strcasecmp(argc[i], "--print") == 0)) { - ectestPrint = 1; - } else { - printUsage(); - return 0; - } - } - - /* generic arithmetic tests */ - ECTEST_GENERIC_GF2M("SECT-131R1", ECCurve_SECG_CHAR2_131R1); - - /* specific arithmetic tests */ - ECTEST_NAMED_GF2M("SECT-163K1", ECCurve_SECG_CHAR2_163K1); - ECTEST_NAMED_GF2M("SECT-163R1", ECCurve_SECG_CHAR2_163R1); - ECTEST_NAMED_GF2M("SECT-163R2", ECCurve_SECG_CHAR2_163R2); - ECTEST_NAMED_GF2M("SECT-193R1", ECCurve_SECG_CHAR2_193R1); - ECTEST_NAMED_GF2M("SECT-193R2", ECCurve_SECG_CHAR2_193R2); - ECTEST_NAMED_GF2M("SECT-233K1", ECCurve_SECG_CHAR2_233K1); - ECTEST_NAMED_GF2M("SECT-233R1", ECCurve_SECG_CHAR2_233R1); - - CLEANUP: - EC_FreeCurveParams(params); - ECGroup_free(group); - if (res != MP_OKAY) { - printf("Error: exiting with error value %i\n", res); - } - return res; -} diff --git a/security/nss/lib/freebl/ecl/tests/ec_naft.c b/security/nss/lib/freebl/ecl/tests/ec_naft.c deleted file mode 100644 index d400475e4..000000000 --- a/security/nss/lib/freebl/ecl/tests/ec_naft.c +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Stephen Fung , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "mpi.h" -#include "mplogic.h" -#include "ecl.h" -#include "ecp.h" -#include "ecl-priv.h" - -#include -#include -#include -#include -#include - -/* Returns 2^e as an integer. This is meant to be used for small powers of - * two. */ -int ec_twoTo(int e); - -/* Number of bits of scalar to test */ -#define BITSIZE 160 - -/* Time k repetitions of operation op. */ -#define M_TimeOperation(op, k) { \ - double dStart, dNow, dUserTime; \ - struct rusage ru; \ - int i; \ - getrusage(RUSAGE_SELF, &ru); \ - dStart = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \ - for (i = 0; i < k; i++) { \ - { op; } \ - }; \ - getrusage(RUSAGE_SELF, &ru); \ - dNow = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \ - dUserTime = dNow-dStart; \ - if (dUserTime) printf(" %-45s\n k: %6i, t: %6.2f sec\n", #op, k, dUserTime); \ -} - -/* Tests wNAF computation. Non-adjacent-form is discussed in the paper: D. - * Hankerson, J. Hernandez and A. Menezes, "Software implementation of - * elliptic curve cryptography over binary fields", Proc. CHES 2000. */ - -mp_err -main(void) -{ - signed char naf[BITSIZE + 1]; - ECGroup *group = NULL; - mp_int k; - mp_int *scalar; - int i, count; - int res; - int w = 5; - char s[1000]; - - /* Get a 160 bit scalar to compute wNAF from */ - group = ECGroup_fromName(ECCurve_SECG_PRIME_160R1); - scalar = &group->genx; - - /* Compute wNAF representation of scalar */ - ec_compute_wNAF(naf, BITSIZE, scalar, w); - - /* Verify correctness of representation */ - mp_init(&k); /* init k to 0 */ - - for (i = BITSIZE; i >= 0; i--) { - mp_add(&k, &k, &k); - /* digits in mp_???_d are unsigned */ - if (naf[i] >= 0) { - mp_add_d(&k, naf[i], &k); - } else { - mp_sub_d(&k, -naf[i], &k); - } - } - - if (mp_cmp(&k, scalar) != 0) { - printf("Error: incorrect NAF value.\n"); - MP_CHECKOK(mp_toradix(&k, s, 16)); - printf("NAF value %s\n", s); - MP_CHECKOK(mp_toradix(scalar, s, 16)); - printf("original value %s\n", s); - goto CLEANUP; - } - - /* Verify digits of representation are valid */ - for (i = 0; i <= BITSIZE; i++) { - if (naf[i] % 2 == 0 && naf[i] != 0) { - printf("Error: Even non-zero digit found.\n"); - goto CLEANUP; - } - if (naf[i] < -(ec_twoTo(w - 1)) || naf[i] >= ec_twoTo(w - 1)) { - printf("Error: Magnitude of naf digit too large.\n"); - goto CLEANUP; - } - } - - /* Verify sparsity of representation */ - count = w - 1; - for (i = 0; i <= BITSIZE; i++) { - if (naf[i] != 0) { - if (count < w - 1) { - printf("Error: Sparsity failed.\n"); - goto CLEANUP; - } - count = 0; - } else - count++; - } - - /* Check timing */ - M_TimeOperation(ec_compute_wNAF(naf, BITSIZE, scalar, w), 10000); - - printf("Test passed.\n"); - CLEANUP: - ECGroup_free(group); - return MP_OKAY; -} diff --git a/security/nss/lib/freebl/ecl/tests/ecp_fpt.c b/security/nss/lib/freebl/ecl/tests/ecp_fpt.c deleted file mode 100644 index 4a71aa2c8..000000000 --- a/security/nss/lib/freebl/ecl/tests/ecp_fpt.c +++ /dev/null @@ -1,1122 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves using floating point operations. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Stephen Fung and - * Douglas Stebila , Sun Microsystems Laboratories. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "ecp_fp.h" -#include "mpprime.h" - -#include -#include -#include -#include - -/* Time k repetitions of operation op. */ -#define M_TimeOperation(op, k) { \ - double dStart, dNow, dUserTime; \ - struct rusage ru; \ - int i; \ - getrusage(RUSAGE_SELF, &ru); \ - dStart = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \ - for (i = 0; i < k; i++) { \ - { op; } \ - }; \ - getrusage(RUSAGE_SELF, &ru); \ - dNow = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \ - dUserTime = dNow-dStart; \ - if (dUserTime) printf(" %-45s\n k: %6i, t: %6.2f sec, k/t: %6.2f ops/sec\n", #op, k, dUserTime, k/dUserTime); \ -} - -/* Test curve using specific floating point field arithmetic. */ -#define M_TestCurve(name_c, name) { \ - printf("Testing %s using specific floating point implementation...\n", name_c); \ - ECGroup_free(ecgroup); \ - ecgroup = ECGroup_fromName(name); \ - if (ecgroup == NULL) { \ - printf(" Warning: could not construct group.\n"); \ - printf("%s failed.\n", name_c); \ - res = MP_NO; \ - goto CLEANUP; \ - } else { \ - MP_CHECKOK( testCurve(ecgroup)); \ - printf("%s passed.\n", name_c); \ - } \ -} - -/* Outputs a floating point double (currently not used) */ -void -d_output(const double *u, int len, char *name, const EC_group_fp * group) -{ - int i; - - printf("%s: ", name); - for (i = 0; i < len; i++) { - printf("+ %.2f * 2^%i ", u[i] / ecfp_exp[i], - group->doubleBitSize * i); - } - printf("\n"); -} - -/* Tests a point p in Jacobian coordinates, comparing against the - * expected affine result (x, y). */ -mp_err -testJacPoint(ecfp_jac_pt * p, mp_int *x, mp_int *y, ECGroup *ecgroup) -{ - char s[1000]; - mp_int rx, ry, rz; - mp_err res = MP_OKAY; - - MP_DIGITS(&rx) = 0; - MP_DIGITS(&ry) = 0; - MP_DIGITS(&rz) = 0; - - MP_CHECKOK(mp_init(&rx)); - MP_CHECKOK(mp_init(&ry)); - MP_CHECKOK(mp_init(&rz)); - - ecfp_fp2i(&rx, p->x, ecgroup); - ecfp_fp2i(&ry, p->y, ecgroup); - ecfp_fp2i(&rz, p->z, ecgroup); - - /* convert result R to affine coordinates */ - ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup); - - /* Compare to expected result */ - if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) { - printf(" Error: Jacobian Floating Point Incorrect.\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf("floating point result\nrx %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf("ry %s\n", s); - MP_CHECKOK(mp_toradix(x, s, 16)); - printf("integer result\nx %s\n", s); - MP_CHECKOK(mp_toradix(y, s, 16)); - printf("y %s\n", s); - res = MP_NO; - goto CLEANUP; - } - - CLEANUP: - mp_clear(&rx); - mp_clear(&ry); - mp_clear(&rz); - - return res; -} - -/* Tests a point p in Chudnovsky Jacobian coordinates, comparing against - * the expected affine result (x, y). */ -mp_err -testChudPoint(ecfp_chud_pt * p, mp_int *x, mp_int *y, ECGroup *ecgroup) -{ - - char s[1000]; - mp_int rx, ry, rz, rz2, rz3, test; - mp_err res = MP_OKAY; - - /* Initialization */ - MP_DIGITS(&rx) = 0; - MP_DIGITS(&ry) = 0; - MP_DIGITS(&rz) = 0; - MP_DIGITS(&rz2) = 0; - MP_DIGITS(&rz3) = 0; - MP_DIGITS(&test) = 0; - - MP_CHECKOK(mp_init(&rx)); - MP_CHECKOK(mp_init(&ry)); - MP_CHECKOK(mp_init(&rz)); - MP_CHECKOK(mp_init(&rz2)); - MP_CHECKOK(mp_init(&rz3)); - MP_CHECKOK(mp_init(&test)); - - /* Convert to integers */ - ecfp_fp2i(&rx, p->x, ecgroup); - ecfp_fp2i(&ry, p->y, ecgroup); - ecfp_fp2i(&rz, p->z, ecgroup); - ecfp_fp2i(&rz2, p->z2, ecgroup); - ecfp_fp2i(&rz3, p->z3, ecgroup); - - /* Verify z2, z3 are valid */ - mp_sqrmod(&rz, &ecgroup->meth->irr, &test); - if (mp_cmp(&test, &rz2) != 0) { - printf(" Error: rzp2 not valid\n"); - res = MP_NO; - goto CLEANUP; - } - mp_mulmod(&test, &rz, &ecgroup->meth->irr, &test); - if (mp_cmp(&test, &rz3) != 0) { - printf(" Error: rzp2 not valid\n"); - res = MP_NO; - goto CLEANUP; - } - - /* convert result R to affine coordinates */ - ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup); - - /* Compare against expected result */ - if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) { - printf(" Error: Chudnovsky Floating Point Incorrect.\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf("floating point result\nrx %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf("ry %s\n", s); - MP_CHECKOK(mp_toradix(x, s, 16)); - printf("integer result\nx %s\n", s); - MP_CHECKOK(mp_toradix(y, s, 16)); - printf("y %s\n", s); - res = MP_NO; - goto CLEANUP; - } - - CLEANUP: - mp_clear(&rx); - mp_clear(&ry); - mp_clear(&rz); - mp_clear(&rz2); - mp_clear(&rz3); - mp_clear(&test); - - return res; -} - -/* Tests a point p in Modified Jacobian coordinates, comparing against the - * expected affine result (x, y). */ -mp_err -testJmPoint(ecfp_jm_pt * r, mp_int *x, mp_int *y, ECGroup *ecgroup) -{ - - char s[1000]; - mp_int rx, ry, rz, raz4, test; - mp_err res = MP_OKAY; - - /* Initialization */ - MP_DIGITS(&rx) = 0; - MP_DIGITS(&ry) = 0; - MP_DIGITS(&rz) = 0; - MP_DIGITS(&raz4) = 0; - MP_DIGITS(&test) = 0; - - MP_CHECKOK(mp_init(&rx)); - MP_CHECKOK(mp_init(&ry)); - MP_CHECKOK(mp_init(&rz)); - MP_CHECKOK(mp_init(&raz4)); - MP_CHECKOK(mp_init(&test)); - - /* Convert to integer */ - ecfp_fp2i(&rx, r->x, ecgroup); - ecfp_fp2i(&ry, r->y, ecgroup); - ecfp_fp2i(&rz, r->z, ecgroup); - ecfp_fp2i(&raz4, r->az4, ecgroup); - - /* Verify raz4 = rz^4 * a */ - mp_sqrmod(&rz, &ecgroup->meth->irr, &test); - mp_sqrmod(&test, &ecgroup->meth->irr, &test); - mp_mulmod(&test, &ecgroup->curvea, &ecgroup->meth->irr, &test); - if (mp_cmp(&test, &raz4) != 0) { - printf(" Error: a*z^4 not valid\n"); - MP_CHECKOK(mp_toradix(&ecgroup->curvea, s, 16)); - printf("a %s\n", s); - MP_CHECKOK(mp_toradix(&rz, s, 16)); - printf("rz %s\n", s); - MP_CHECKOK(mp_toradix(&raz4, s, 16)); - printf("raz4 %s\n", s); - res = MP_NO; - goto CLEANUP; - } - - /* convert result R to affine coordinates */ - ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup); - - /* Compare against expected result */ - if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) { - printf(" Error: Modified Jacobian Floating Point Incorrect.\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf("floating point result\nrx %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf("ry %s\n", s); - MP_CHECKOK(mp_toradix(x, s, 16)); - printf("integer result\nx %s\n", s); - MP_CHECKOK(mp_toradix(y, s, 16)); - printf("y %s\n", s); - res = MP_NO; - goto CLEANUP; - } - CLEANUP: - mp_clear(&rx); - mp_clear(&ry); - mp_clear(&rz); - mp_clear(&raz4); - mp_clear(&test); - - return res; -} - -/* Tests point addition of Jacobian + Affine -> Jacobian */ -mp_err -testPointAddJacAff(ECGroup *ecgroup) -{ - mp_err res; - mp_int pz, rx2, ry2, rz2; - ecfp_jac_pt p, r; - ecfp_aff_pt q; - EC_group_fp *group = (EC_group_fp *) ecgroup->extra1; - - /* Init */ - MP_DIGITS(&pz) = 0; - MP_DIGITS(&rx2) = 0; - MP_DIGITS(&ry2) = 0; - MP_DIGITS(&rz2) = 0; - MP_CHECKOK(mp_init(&pz)); - MP_CHECKOK(mp_init(&rx2)); - MP_CHECKOK(mp_init(&ry2)); - MP_CHECKOK(mp_init(&rz2)); - - MP_CHECKOK(mp_set_int(&pz, 5)); - - /* Set p */ - ecfp_i2fp(p.x, &ecgroup->genx, ecgroup); - ecfp_i2fp(p.y, &ecgroup->geny, ecgroup); - ecfp_i2fp(p.z, &pz, ecgroup); - /* Set q */ - ecfp_i2fp(q.x, &ecgroup->geny, ecgroup); - ecfp_i2fp(q.y, &ecgroup->genx, ecgroup); - - /* Do calculations */ - group->pt_add_jac_aff(&p, &q, &r, group); - - /* Do calculation in integer to compare against */ - MP_CHECKOK(ec_GFp_pt_add_jac_aff - (&ecgroup->genx, &ecgroup->geny, &pz, &ecgroup->geny, - &ecgroup->genx, &rx2, &ry2, &rz2, ecgroup)); - /* convert result R to affine coordinates */ - ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup); - - MP_CHECKOK(testJacPoint(&r, &rx2, &ry2, ecgroup)); - - CLEANUP: - if (res == MP_OKAY) - printf(" Test Passed - Point Addition - Jacobian & Affine\n"); - else - printf("TEST FAILED - Point Addition - Jacobian & Affine\n"); - - mp_clear(&pz); - mp_clear(&rx2); - mp_clear(&ry2); - mp_clear(&rz2); - - return res; -} - -/* Tests point addition in Jacobian coordinates */ -mp_err -testPointAddJac(ECGroup *ecgroup) -{ - mp_err res; - mp_int pz, qz, qx, qy, rx2, ry2, rz2; - ecfp_jac_pt p, q, r; - EC_group_fp *group = (EC_group_fp *) ecgroup->extra1; - - /* Init */ - MP_DIGITS(&pz) = 0; - MP_DIGITS(&qx) = 0; - MP_DIGITS(&qy) = 0; - MP_DIGITS(&qz) = 0; - MP_DIGITS(&rx2) = 0; - MP_DIGITS(&ry2) = 0; - MP_DIGITS(&rz2) = 0; - MP_CHECKOK(mp_init(&pz)); - MP_CHECKOK(mp_init(&qx)); - MP_CHECKOK(mp_init(&qy)); - MP_CHECKOK(mp_init(&qz)); - MP_CHECKOK(mp_init(&rx2)); - MP_CHECKOK(mp_init(&ry2)); - MP_CHECKOK(mp_init(&rz2)); - - MP_CHECKOK(mp_set_int(&pz, 5)); - MP_CHECKOK(mp_set_int(&qz, 105)); - - /* Set p */ - ecfp_i2fp(p.x, &ecgroup->genx, ecgroup); - ecfp_i2fp(p.y, &ecgroup->geny, ecgroup); - ecfp_i2fp(p.z, &pz, ecgroup); - /* Set q */ - ecfp_i2fp(q.x, &ecgroup->geny, ecgroup); - ecfp_i2fp(q.y, &ecgroup->genx, ecgroup); - ecfp_i2fp(q.z, &qz, ecgroup); - - /* Do calculations */ - group->pt_add_jac(&p, &q, &r, group); - - /* Do calculation in integer to compare against */ - ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy, - ecgroup); - MP_CHECKOK(ec_GFp_pt_add_jac_aff - (&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy, &rx2, &ry2, - &rz2, ecgroup)); - /* convert result R to affine coordinates */ - ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup); - - MP_CHECKOK(testJacPoint(&r, &rx2, &ry2, ecgroup)); - - CLEANUP: - if (res == MP_OKAY) - printf(" Test Passed - Point Addition - Jacobian\n"); - else - printf("TEST FAILED - Point Addition - Jacobian\n"); - - mp_clear(&pz); - mp_clear(&qx); - mp_clear(&qy); - mp_clear(&qz); - mp_clear(&rx2); - mp_clear(&ry2); - mp_clear(&rz2); - - return res; -} - -/* Tests point addition in Chudnovsky Jacobian Coordinates */ -mp_err -testPointAddChud(ECGroup *ecgroup) -{ - mp_err res; - mp_int rx2, ry2, ix, iy, iz, test, pz, qx, qy, qz; - ecfp_chud_pt p, q, r; - EC_group_fp *group = (EC_group_fp *) ecgroup->extra1; - - MP_DIGITS(&qx) = 0; - MP_DIGITS(&qy) = 0; - MP_DIGITS(&qz) = 0; - MP_DIGITS(&pz) = 0; - MP_DIGITS(&rx2) = 0; - MP_DIGITS(&ry2) = 0; - MP_DIGITS(&ix) = 0; - MP_DIGITS(&iy) = 0; - MP_DIGITS(&iz) = 0; - MP_DIGITS(&test) = 0; - - MP_CHECKOK(mp_init(&qx)); - MP_CHECKOK(mp_init(&qy)); - MP_CHECKOK(mp_init(&qz)); - MP_CHECKOK(mp_init(&pz)); - MP_CHECKOK(mp_init(&rx2)); - MP_CHECKOK(mp_init(&ry2)); - MP_CHECKOK(mp_init(&ix)); - MP_CHECKOK(mp_init(&iy)); - MP_CHECKOK(mp_init(&iz)); - MP_CHECKOK(mp_init(&test)); - - /* Test Chudnovsky form addition */ - /* Set p */ - MP_CHECKOK(mp_set_int(&pz, 5)); - ecfp_i2fp(p.x, &ecgroup->genx, ecgroup); - ecfp_i2fp(p.y, &ecgroup->geny, ecgroup); - ecfp_i2fp(p.z, &pz, ecgroup); - mp_sqrmod(&pz, &ecgroup->meth->irr, &test); - ecfp_i2fp(p.z2, &test, ecgroup); - mp_mulmod(&test, &pz, &ecgroup->meth->irr, &test); - ecfp_i2fp(p.z3, &test, ecgroup); - - /* Set q */ - MP_CHECKOK(mp_set_int(&qz, 105)); - ecfp_i2fp(q.x, &ecgroup->geny, ecgroup); - ecfp_i2fp(q.y, &ecgroup->genx, ecgroup); - ecfp_i2fp(q.z, &qz, ecgroup); - mp_sqrmod(&qz, &ecgroup->meth->irr, &test); - ecfp_i2fp(q.z2, &test, ecgroup); - mp_mulmod(&test, &qz, &ecgroup->meth->irr, &test); - ecfp_i2fp(q.z3, &test, ecgroup); - - group->pt_add_chud(&p, &q, &r, group); - - /* Calculate addition to compare against */ - ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy, - ecgroup); - ec_GFp_pt_add_jac_aff(&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy, - &ix, &iy, &iz, ecgroup); - ec_GFp_pt_jac2aff(&ix, &iy, &iz, &rx2, &ry2, ecgroup); - - MP_CHECKOK(testChudPoint(&r, &rx2, &ry2, ecgroup)); - - CLEANUP: - if (res == MP_OKAY) - printf(" Test Passed - Point Addition - Chudnovsky Jacobian\n"); - else - printf("TEST FAILED - Point Addition - Chudnovsky Jacobian\n"); - - mp_clear(&qx); - mp_clear(&qy); - mp_clear(&qz); - mp_clear(&pz); - mp_clear(&rx2); - mp_clear(&ry2); - mp_clear(&ix); - mp_clear(&iy); - mp_clear(&iz); - mp_clear(&test); - - return res; -} - -/* Tests point addition in Modified Jacobian + Chudnovsky Jacobian -> - * Modified Jacobian coordinates. */ -mp_err -testPointAddJmChud(ECGroup *ecgroup) -{ - mp_err res; - mp_int rx2, ry2, ix, iy, iz, test, pz, paz4, qx, qy, qz; - ecfp_chud_pt q; - ecfp_jm_pt p, r; - EC_group_fp *group = (EC_group_fp *) ecgroup->extra1; - - MP_DIGITS(&qx) = 0; - MP_DIGITS(&qy) = 0; - MP_DIGITS(&qz) = 0; - MP_DIGITS(&pz) = 0; - MP_DIGITS(&paz4) = 0; - MP_DIGITS(&iz) = 0; - MP_DIGITS(&rx2) = 0; - MP_DIGITS(&ry2) = 0; - MP_DIGITS(&ix) = 0; - MP_DIGITS(&iy) = 0; - MP_DIGITS(&iz) = 0; - MP_DIGITS(&test) = 0; - - MP_CHECKOK(mp_init(&qx)); - MP_CHECKOK(mp_init(&qy)); - MP_CHECKOK(mp_init(&qz)); - MP_CHECKOK(mp_init(&pz)); - MP_CHECKOK(mp_init(&paz4)); - MP_CHECKOK(mp_init(&rx2)); - MP_CHECKOK(mp_init(&ry2)); - MP_CHECKOK(mp_init(&ix)); - MP_CHECKOK(mp_init(&iy)); - MP_CHECKOK(mp_init(&iz)); - MP_CHECKOK(mp_init(&test)); - - /* Test Modified Jacobian form addition */ - /* Set p */ - ecfp_i2fp(p.x, &ecgroup->genx, ecgroup); - ecfp_i2fp(p.y, &ecgroup->geny, ecgroup); - ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup); - /* paz4 = az^4 */ - MP_CHECKOK(mp_set_int(&pz, 5)); - mp_sqrmod(&pz, &ecgroup->meth->irr, &paz4); - mp_sqrmod(&paz4, &ecgroup->meth->irr, &paz4); - mp_mulmod(&paz4, &ecgroup->curvea, &ecgroup->meth->irr, &paz4); - ecfp_i2fp(p.z, &pz, ecgroup); - ecfp_i2fp(p.az4, &paz4, ecgroup); - - /* Set q */ - MP_CHECKOK(mp_set_int(&qz, 105)); - ecfp_i2fp(q.x, &ecgroup->geny, ecgroup); - ecfp_i2fp(q.y, &ecgroup->genx, ecgroup); - ecfp_i2fp(q.z, &qz, ecgroup); - mp_sqrmod(&qz, &ecgroup->meth->irr, &test); - ecfp_i2fp(q.z2, &test, ecgroup); - mp_mulmod(&test, &qz, &ecgroup->meth->irr, &test); - ecfp_i2fp(q.z3, &test, ecgroup); - - /* Do calculation */ - group->pt_add_jm_chud(&p, &q, &r, group); - - /* Calculate addition to compare against */ - ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy, - ecgroup); - ec_GFp_pt_add_jac_aff(&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy, - &ix, &iy, &iz, ecgroup); - ec_GFp_pt_jac2aff(&ix, &iy, &iz, &rx2, &ry2, ecgroup); - - MP_CHECKOK(testJmPoint(&r, &rx2, &ry2, ecgroup)); - - CLEANUP: - if (res == MP_OKAY) - printf - (" Test Passed - Point Addition - Modified & Chudnovsky Jacobian\n"); - else - printf - ("TEST FAILED - Point Addition - Modified & Chudnovsky Jacobian\n"); - - mp_clear(&qx); - mp_clear(&qy); - mp_clear(&qz); - mp_clear(&pz); - mp_clear(&paz4); - mp_clear(&rx2); - mp_clear(&ry2); - mp_clear(&ix); - mp_clear(&iy); - mp_clear(&iz); - mp_clear(&test); - - return res; -} - -/* Tests point doubling in Modified Jacobian coordinates */ -mp_err -testPointDoubleJm(ECGroup *ecgroup) -{ - mp_err res; - mp_int pz, paz4, rx2, ry2, rz2, raz4; - ecfp_jm_pt p, r; - EC_group_fp *group = (EC_group_fp *) ecgroup->extra1; - - MP_DIGITS(&pz) = 0; - MP_DIGITS(&paz4) = 0; - MP_DIGITS(&rx2) = 0; - MP_DIGITS(&ry2) = 0; - MP_DIGITS(&rz2) = 0; - MP_DIGITS(&raz4) = 0; - - MP_CHECKOK(mp_init(&pz)); - MP_CHECKOK(mp_init(&paz4)); - MP_CHECKOK(mp_init(&rx2)); - MP_CHECKOK(mp_init(&ry2)); - MP_CHECKOK(mp_init(&rz2)); - MP_CHECKOK(mp_init(&raz4)); - - /* Set p */ - ecfp_i2fp(p.x, &ecgroup->genx, ecgroup); - ecfp_i2fp(p.y, &ecgroup->geny, ecgroup); - ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup); - - /* paz4 = az^4 */ - MP_CHECKOK(mp_set_int(&pz, 5)); - mp_sqrmod(&pz, &ecgroup->meth->irr, &paz4); - mp_sqrmod(&paz4, &ecgroup->meth->irr, &paz4); - mp_mulmod(&paz4, &ecgroup->curvea, &ecgroup->meth->irr, &paz4); - - ecfp_i2fp(p.z, &pz, ecgroup); - ecfp_i2fp(p.az4, &paz4, ecgroup); - - group->pt_dbl_jm(&p, &r, group); - - M_TimeOperation(group->pt_dbl_jm(&p, &r, group), 100000); - - /* Calculate doubling to compare against */ - ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2, - &rz2, ecgroup); - ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup); - - /* Do comparison and check az^4 */ - MP_CHECKOK(testJmPoint(&r, &rx2, &ry2, ecgroup)); - - CLEANUP: - if (res == MP_OKAY) - printf(" Test Passed - Point Doubling - Modified Jacobian\n"); - else - printf("TEST FAILED - Point Doubling - Modified Jacobian\n"); - mp_clear(&pz); - mp_clear(&paz4); - mp_clear(&rx2); - mp_clear(&ry2); - mp_clear(&rz2); - mp_clear(&raz4); - - return res; - -} - -/* Tests point doubling in Chudnovsky Jacobian coordinates */ -mp_err -testPointDoubleChud(ECGroup *ecgroup) -{ - mp_err res; - mp_int px, py, pz, rx2, ry2, rz2; - ecfp_aff_pt p; - ecfp_chud_pt p2; - EC_group_fp *group = (EC_group_fp *) ecgroup->extra1; - - MP_DIGITS(&rx2) = 0; - MP_DIGITS(&ry2) = 0; - MP_DIGITS(&rz2) = 0; - MP_DIGITS(&px) = 0; - MP_DIGITS(&py) = 0; - MP_DIGITS(&pz) = 0; - - MP_CHECKOK(mp_init(&rx2)); - MP_CHECKOK(mp_init(&ry2)); - MP_CHECKOK(mp_init(&rz2)); - MP_CHECKOK(mp_init(&px)); - MP_CHECKOK(mp_init(&py)); - MP_CHECKOK(mp_init(&pz)); - - /* Set p2 = 2P */ - ecfp_i2fp(p.x, &ecgroup->genx, ecgroup); - ecfp_i2fp(p.y, &ecgroup->geny, ecgroup); - ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup); - - group->pt_dbl_aff2chud(&p, &p2, group); - - /* Calculate doubling to compare against */ - MP_CHECKOK(mp_set_int(&pz, 1)); - ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2, - &rz2, ecgroup); - ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup); - - /* Do comparison and check az^4 */ - MP_CHECKOK(testChudPoint(&p2, &rx2, &ry2, ecgroup)); - - CLEANUP: - if (res == MP_OKAY) - printf(" Test Passed - Point Doubling - Chudnovsky Jacobian\n"); - else - printf("TEST FAILED - Point Doubling - Chudnovsky Jacobian\n"); - - mp_clear(&rx2); - mp_clear(&ry2); - mp_clear(&rz2); - mp_clear(&px); - mp_clear(&py); - mp_clear(&pz); - - return res; -} - -/* Test point doubling in Jacobian coordinates */ -mp_err -testPointDoubleJac(ECGroup *ecgroup) -{ - mp_err res; - mp_int pz, rx, ry, rz, rx2, ry2, rz2; - ecfp_jac_pt p, p2; - EC_group_fp *group = (EC_group_fp *) ecgroup->extra1; - - MP_DIGITS(&pz) = 0; - MP_DIGITS(&rx) = 0; - MP_DIGITS(&ry) = 0; - MP_DIGITS(&rz) = 0; - MP_DIGITS(&rx2) = 0; - MP_DIGITS(&ry2) = 0; - MP_DIGITS(&rz2) = 0; - - MP_CHECKOK(mp_init(&pz)); - MP_CHECKOK(mp_init(&rx)); - MP_CHECKOK(mp_init(&ry)); - MP_CHECKOK(mp_init(&rz)); - MP_CHECKOK(mp_init(&rx2)); - MP_CHECKOK(mp_init(&ry2)); - MP_CHECKOK(mp_init(&rz2)); - - MP_CHECKOK(mp_set_int(&pz, 5)); - - /* Set p2 = 2P */ - ecfp_i2fp(p.x, &ecgroup->genx, ecgroup); - ecfp_i2fp(p.y, &ecgroup->geny, ecgroup); - ecfp_i2fp(p.z, &pz, ecgroup); - ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup); - - group->pt_dbl_jac(&p, &p2, group); - M_TimeOperation(group->pt_dbl_jac(&p, &p2, group), 100000); - - /* Calculate doubling to compare against */ - ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2, - &rz2, ecgroup); - ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup); - - /* Do comparison */ - MP_CHECKOK(testJacPoint(&p2, &rx2, &ry2, ecgroup)); - - CLEANUP: - if (res == MP_OKAY) - printf(" Test Passed - Point Doubling - Jacobian\n"); - else - printf("TEST FAILED - Point Doubling - Jacobian\n"); - - mp_clear(&pz); - mp_clear(&rx); - mp_clear(&ry); - mp_clear(&rz); - mp_clear(&rx2); - mp_clear(&ry2); - mp_clear(&rz2); - - return res; -} - -/* Tests a point multiplication (various algorithms) */ -mp_err -testPointMul(ECGroup *ecgroup) -{ - mp_err res; - char s[1000]; - mp_int rx, ry, order_1; - - /* Init */ - MP_DIGITS(&rx) = 0; - MP_DIGITS(&ry) = 0; - MP_DIGITS(&order_1) = 0; - - MP_CHECKOK(mp_init(&rx)); - MP_CHECKOK(mp_init(&ry)); - MP_CHECKOK(mp_init(&order_1)); - - MP_CHECKOK(mp_set_int(&order_1, 1)); - MP_CHECKOK(mp_sub(&ecgroup->order, &order_1, &order_1)); - - /* Test Algorithm 1: Jacobian-Affine Double & Add */ - ec_GFp_pt_mul_jac_fp(&order_1, &ecgroup->genx, &ecgroup->geny, &rx, - &ry, ecgroup); - MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth)); - if ((mp_cmp(&rx, &ecgroup->genx) != 0) - || (mp_cmp(&ry, &ecgroup->geny) != 0)) { - printf - (" Error: ec_GFp_pt_mul_jac_fp invalid result (expected (- base point)).\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf("rx %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf("ry %s\n", s); - res = MP_NO; - goto CLEANUP; - } - - ec_GFp_pt_mul_jac_fp(&ecgroup->order, &ecgroup->genx, &ecgroup->geny, - &rx, &ry, ecgroup); - if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) { - printf - (" Error: ec_GFp_pt_mul_jac_fp invalid result (expected point at infinity.\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf("rx %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf("ry %s\n", s); - res = MP_NO; - goto CLEANUP; - } - - /* Test Algorithm 2: 4-bit Window in Jacobian */ - ec_GFp_point_mul_jac_4w_fp(&order_1, &ecgroup->genx, &ecgroup->geny, - &rx, &ry, ecgroup); - MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth)); - if ((mp_cmp(&rx, &ecgroup->genx) != 0) - || (mp_cmp(&ry, &ecgroup->geny) != 0)) { - printf - (" Error: ec_GFp_point_mul_jac_4w_fp invalid result (expected (- base point)).\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf("rx %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf("ry %s\n", s); - res = MP_NO; - goto CLEANUP; - } - - ec_GFp_point_mul_jac_4w_fp(&ecgroup->order, &ecgroup->genx, - &ecgroup->geny, &rx, &ry, ecgroup); - if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) { - printf - (" Error: ec_GFp_point_mul_jac_4w_fp invalid result (expected point at infinity.\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf("rx %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf("ry %s\n", s); - res = MP_NO; - goto CLEANUP; - } - - /* Test Algorithm 3: wNAF with modified Jacobian coordinates */ - ec_GFp_point_mul_wNAF_fp(&order_1, &ecgroup->genx, &ecgroup->geny, &rx, - &ry, ecgroup); - MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth)); - if ((mp_cmp(&rx, &ecgroup->genx) != 0) - || (mp_cmp(&ry, &ecgroup->geny) != 0)) { - printf - (" Error: ec_GFp_pt_mul_wNAF_fp invalid result (expected (- base point)).\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf("rx %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf("ry %s\n", s); - res = MP_NO; - goto CLEANUP; - } - - ec_GFp_point_mul_wNAF_fp(&ecgroup->order, &ecgroup->genx, - &ecgroup->geny, &rx, &ry, ecgroup); - if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) { - printf - (" Error: ec_GFp_pt_mul_wNAF_fp invalid result (expected point at infinity.\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf("rx %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf("ry %s\n", s); - res = MP_NO; - goto CLEANUP; - } - - CLEANUP: - if (res == MP_OKAY) - printf(" Test Passed - Point Multiplication\n"); - else - printf("TEST FAILED - Point Multiplication\n"); - mp_clear(&rx); - mp_clear(&ry); - mp_clear(&order_1); - - return res; -} - -/* Tests point multiplication with a random scalar repeatedly, comparing - * for consistency within different algorithms. */ -mp_err -testPointMulRandom(ECGroup *ecgroup) -{ - mp_err res; - mp_int rx, ry, rx2, ry2, n; - int i, size; - EC_group_fp *group = (EC_group_fp *) ecgroup->extra1; - - MP_DIGITS(&rx) = 0; - MP_DIGITS(&ry) = 0; - MP_DIGITS(&rx2) = 0; - MP_DIGITS(&ry2) = 0; - MP_DIGITS(&n) = 0; - - MP_CHECKOK(mp_init(&rx)); - MP_CHECKOK(mp_init(&ry)); - MP_CHECKOK(mp_init(&rx2)); - MP_CHECKOK(mp_init(&ry2)); - MP_CHECKOK(mp_init(&n)); - - for (i = 0; i < 100; i++) { - /* compute random scalar */ - size = mpl_significant_bits(&ecgroup->meth->irr); - if (size < MP_OKAY) { - res = MP_NO; - goto CLEANUP; - } - MP_CHECKOK(mpp_random_size(&n, group->orderBitSize)); - MP_CHECKOK(mp_mod(&n, &ecgroup->order, &n)); - - ec_GFp_pt_mul_jac(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry, - ecgroup); - ec_GFp_pt_mul_jac_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx2, - &ry2, ecgroup); - - if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) { - printf - (" Error: different results for Point Multiplication - Double & Add.\n"); - res = MP_NO; - goto CLEANUP; - } - - ec_GFp_point_mul_wNAF_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx, - &ry, ecgroup); - if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) { - printf - (" Error: different results for Point Multiplication - wNAF.\n"); - res = MP_NO; - goto CLEANUP; - } - - ec_GFp_point_mul_jac_4w_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx, - &ry, ecgroup); - if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) { - printf - (" Error: different results for Point Multiplication - 4 bit window.\n"); - res = MP_NO; - goto CLEANUP; - } - - } - - CLEANUP: - if (res == MP_OKAY) - printf(" Test Passed - Point Random Multiplication\n"); - else - printf("TEST FAILED - Point Random Multiplication\n"); - mp_clear(&rx); - mp_clear(&ry); - mp_clear(&rx2); - mp_clear(&ry2); - mp_clear(&n); - - return res; -} - -/* Tests the time required for a point multiplication */ -mp_err -testPointMulTime(ECGroup *ecgroup) -{ - mp_err res = MP_OKAY; - mp_int rx, ry, n; - int size; - - MP_DIGITS(&rx) = 0; - MP_DIGITS(&ry) = 0; - MP_DIGITS(&n) = 0; - - MP_CHECKOK(mp_init(&rx)); - MP_CHECKOK(mp_init(&ry)); - MP_CHECKOK(mp_init(&n)); - - /* compute random scalar */ - size = mpl_significant_bits(&ecgroup->meth->irr); - if (size < MP_OKAY) { - res = MP_NO; - goto CLEANUP; - } - - MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS)); - MP_CHECKOK(ecgroup->meth->field_mod(&n, &n, ecgroup->meth)); - - M_TimeOperation(ec_GFp_pt_mul_jac_fp - (&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry, - ecgroup), 1000); - - M_TimeOperation(ec_GFp_point_mul_jac_4w_fp - (&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry, - ecgroup), 1000); - - M_TimeOperation(ec_GFp_point_mul_wNAF_fp - (&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry, - ecgroup), 1000); - - M_TimeOperation(ec_GFp_pt_mul_jac - (&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry, - ecgroup), 100); - - CLEANUP: - if (res == MP_OKAY) - printf(" Test Passed - Point Multiplication Timing\n"); - else - printf("TEST FAILED - Point Multiplication Timing\n"); - mp_clear(&rx); - mp_clear(&ry); - mp_clear(&n); - - return res; -} - -/* Tests pre computation of Chudnovsky Jacobian points used in wNAF form */ -mp_err -testPreCompute(ECGroup *ecgroup) -{ - ecfp_chud_pt precomp[16]; - ecfp_aff_pt p; - EC_group_fp *group = (EC_group_fp *) ecgroup->extra1; - int i; - mp_err res; - - mp_int x, y, ny, x2, y2; - - MP_DIGITS(&x) = 0; - MP_DIGITS(&y) = 0; - MP_DIGITS(&ny) = 0; - MP_DIGITS(&x2) = 0; - MP_DIGITS(&y2) = 0; - - MP_CHECKOK(mp_init(&x)); - MP_CHECKOK(mp_init(&y)); - MP_CHECKOK(mp_init(&ny)); - MP_CHECKOK(mp_init(&x2)); - MP_CHECKOK(mp_init(&y2)); - - ecfp_i2fp(p.x, &ecgroup->genx, ecgroup); - ecfp_i2fp(p.y, &ecgroup->geny, ecgroup); - ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup); - - /* Perform precomputation */ - group->precompute_chud(precomp, &p, group); - - M_TimeOperation(group->precompute_chud(precomp, &p, group), 10000); - - /* Calculate addition to compare against */ - MP_CHECKOK(mp_copy(&ecgroup->genx, &x)); - MP_CHECKOK(mp_copy(&ecgroup->geny, &y)); - MP_CHECKOK(ecgroup->meth->field_neg(&y, &ny, ecgroup->meth)); - - ec_GFp_pt_dbl_aff(&x, &y, &x2, &y2, ecgroup); - - for (i = 0; i < 8; i++) { - MP_CHECKOK(testChudPoint(&precomp[8 + i], &x, &y, ecgroup)); - MP_CHECKOK(testChudPoint(&precomp[7 - i], &x, &ny, ecgroup)); - ec_GFp_pt_add_aff(&x, &y, &x2, &y2, &x, &y, ecgroup); - MP_CHECKOK(ecgroup->meth->field_neg(&y, &ny, ecgroup->meth)); - } - - CLEANUP: - if (res == MP_OKAY) - printf(" Test Passed - Precomputation\n"); - else - printf("TEST FAILED - Precomputation\n"); - - mp_clear(&x); - mp_clear(&y); - mp_clear(&ny); - mp_clear(&x2); - mp_clear(&y2); - return res; -} - -/* Given a curve using floating point arithmetic, test it. This method - * specifies which of the above tests to run. */ -mp_err -testCurve(ECGroup *ecgroup) -{ - int res = MP_OKAY; - - MP_CHECKOK(testPointAddJacAff(ecgroup)); - MP_CHECKOK(testPointAddJac(ecgroup)); - MP_CHECKOK(testPointAddChud(ecgroup)); - MP_CHECKOK(testPointAddJmChud(ecgroup)); - MP_CHECKOK(testPointDoubleJac(ecgroup)); - MP_CHECKOK(testPointDoubleChud(ecgroup)); - MP_CHECKOK(testPointDoubleJm(ecgroup)); - MP_CHECKOK(testPreCompute(ecgroup)); - MP_CHECKOK(testPointMul(ecgroup)); - MP_CHECKOK(testPointMulRandom(ecgroup)); - MP_CHECKOK(testPointMulTime(ecgroup)); - CLEANUP: - return res; -} - -/* Tests a number of curves optimized using floating point arithmetic */ -int -main(void) -{ - mp_err res = MP_OKAY; - ECGroup *ecgroup = NULL; - - /* specific arithmetic tests */ - M_TestCurve("SECG-160R1", ECCurve_SECG_PRIME_160R1); - M_TestCurve("SECG-192R1", ECCurve_SECG_PRIME_192R1); - M_TestCurve("SEGC-224R1", ECCurve_SECG_PRIME_224R1); - - CLEANUP: - ECGroup_free(ecgroup); - if (res != MP_OKAY) { - printf("Error: exiting with error value %i\n", res); - } - return res; -} diff --git a/security/nss/lib/freebl/ecl/tests/ecp_test.c b/security/nss/lib/freebl/ecl/tests/ecp_test.c deleted file mode 100644 index 411827937..000000000 --- a/security/nss/lib/freebl/ecl/tests/ecp_test.c +++ /dev/null @@ -1,421 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the elliptic curve math library for prime - * field curves. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "mpi.h" -#include "mplogic.h" -#include "mpprime.h" -#include "ecl.h" -#include "ecl-curve.h" -#include "ecp.h" -#include -#include -#include - -#include -#include -#include - -/* Time k repetitions of operation op. */ -#define M_TimeOperation(op, k) { \ - double dStart, dNow, dUserTime; \ - struct rusage ru; \ - int i; \ - getrusage(RUSAGE_SELF, &ru); \ - dStart = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \ - for (i = 0; i < k; i++) { \ - { op; } \ - }; \ - getrusage(RUSAGE_SELF, &ru); \ - dNow = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \ - dUserTime = dNow-dStart; \ - if (dUserTime) printf(" %-45s k: %6i, t: %6.2f sec\n", #op, k, dUserTime); \ -} - -/* Test curve using generic field arithmetic. */ -#define ECTEST_GENERIC_GFP(name_c, name) \ - printf("Testing %s using generic implementation...\n", name_c); \ - params = EC_GetNamedCurveParams(name); \ - if (params == NULL) { \ - printf(" Error: could not construct params.\n"); \ - res = MP_NO; \ - goto CLEANUP; \ - } \ - ECGroup_free(group); \ - group = ECGroup_fromHex(params); \ - if (group == NULL) { \ - printf(" Error: could not construct group.\n"); \ - res = MP_NO; \ - goto CLEANUP; \ - } \ - MP_CHECKOK( ectest_curve_GFp(group, ectestPrint, ectestTime, 1) ); \ - printf("... okay.\n"); - -/* Test curve using specific field arithmetic. */ -#define ECTEST_NAMED_GFP(name_c, name) \ - printf("Testing %s using specific implementation...\n", name_c); \ - ECGroup_free(group); \ - group = ECGroup_fromName(name); \ - if (group == NULL) { \ - printf(" Warning: could not construct group.\n"); \ - printf("... failed; continuing with remaining tests.\n"); \ - } else { \ - MP_CHECKOK( ectest_curve_GFp(group, ectestPrint, ectestTime, 0) ); \ - printf("... okay.\n"); \ - } - -/* Performs basic tests of elliptic curve cryptography over prime fields. - * If tests fail, then it prints an error message, aborts, and returns an - * error code. Otherwise, returns 0. */ -int -ectest_curve_GFp(ECGroup *group, int ectestPrint, int ectestTime, - int generic) -{ - - mp_int one, order_1, gx, gy, rx, ry, n; - int size; - mp_err res; - char s[1000]; - - /* initialize values */ - MP_CHECKOK(mp_init(&one)); - MP_CHECKOK(mp_init(&order_1)); - MP_CHECKOK(mp_init(&gx)); - MP_CHECKOK(mp_init(&gy)); - MP_CHECKOK(mp_init(&rx)); - MP_CHECKOK(mp_init(&ry)); - MP_CHECKOK(mp_init(&n)); - - MP_CHECKOK(mp_set_int(&one, 1)); - MP_CHECKOK(mp_sub(&group->order, &one, &order_1)); - - /* encode base point */ - if (group->meth->field_dec) { - MP_CHECKOK(group->meth->field_dec(&group->genx, &gx, group->meth)); - MP_CHECKOK(group->meth->field_dec(&group->geny, &gy, group->meth)); - } else { - MP_CHECKOK(mp_copy(&group->genx, &gx)); - MP_CHECKOK(mp_copy(&group->geny, &gy)); - } - if (ectestPrint) { - /* output base point */ - printf(" base point P:\n"); - MP_CHECKOK(mp_toradix(&gx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&gy, s, 16)); - printf(" %s\n", s); - if (group->meth->field_enc) { - printf(" base point P (encoded):\n"); - MP_CHECKOK(mp_toradix(&group->genx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&group->geny, s, 16)); - printf(" %s\n", s); - } - } - -#ifdef ECL_ENABLE_GFP_PT_MUL_AFF - /* multiply base point by order - 1 and check for negative of base - * point */ - MP_CHECKOK(ec_GFp_pt_mul_aff - (&order_1, &group->genx, &group->geny, &rx, &ry, group)); - if (ectestPrint) { - printf(" (order-1)*P (affine):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - MP_CHECKOK(group->meth->field_neg(&ry, &ry, group->meth)); - if ((mp_cmp(&rx, &group->genx) != 0) - || (mp_cmp(&ry, &group->geny) != 0)) { - printf(" Error: invalid result (expected (- base point)).\n"); - res = MP_NO; - goto CLEANUP; - } -#endif - -#ifdef ECL_ENABLE_GFP_PT_MUL_AFF - /* multiply base point by order - 1 and check for negative of base - * point */ - MP_CHECKOK(ec_GFp_pt_mul_jac - (&order_1, &group->genx, &group->geny, &rx, &ry, group)); - if (ectestPrint) { - printf(" (order-1)*P (jacobian):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - MP_CHECKOK(group->meth->field_neg(&ry, &ry, group->meth)); - if ((mp_cmp(&rx, &group->genx) != 0) - || (mp_cmp(&ry, &group->geny) != 0)) { - printf(" Error: invalid result (expected (- base point)).\n"); - res = MP_NO; - goto CLEANUP; - } -#endif - - /* multiply base point by order - 1 and check for negative of base - * point */ - MP_CHECKOK(ECPoint_mul(group, &order_1, NULL, NULL, &rx, &ry)); - if (ectestPrint) { - printf(" (order-1)*P (ECPoint_mul):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry)); - if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) { - printf(" Error: invalid result (expected (- base point)).\n"); - res = MP_NO; - goto CLEANUP; - } - - /* multiply base point by order - 1 and check for negative of base - * point */ - MP_CHECKOK(ECPoint_mul(group, &order_1, &gx, &gy, &rx, &ry)); - if (ectestPrint) { - printf(" (order-1)*P (ECPoint_mul):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry)); - if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) { - printf(" Error: invalid result (expected (- base point)).\n"); - res = MP_NO; - goto CLEANUP; - } - -#ifdef ECL_ENABLE_GFP_PT_MUL_AFF - /* multiply base point by order and check for point at infinity */ - MP_CHECKOK(ec_GFp_pt_mul_aff - (&group->order, &group->genx, &group->geny, &rx, &ry, - group)); - if (ectestPrint) { - printf(" (order)*P (affine):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) { - printf(" Error: invalid result (expected point at infinity).\n"); - res = MP_NO; - goto CLEANUP; - } -#endif - -#ifdef ECL_ENABLE_GFP_PT_MUL_JAC - /* multiply base point by order and check for point at infinity */ - MP_CHECKOK(ec_GFp_pt_mul_jac - (&group->order, &group->genx, &group->geny, &rx, &ry, - group)); - if (ectestPrint) { - printf(" (order)*P (jacobian):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) { - printf(" Error: invalid result (expected point at infinity).\n"); - res = MP_NO; - goto CLEANUP; - } -#endif - - /* multiply base point by order and check for point at infinity */ - MP_CHECKOK(ECPoint_mul(group, &group->order, NULL, NULL, &rx, &ry)); - if (ectestPrint) { - printf(" (order)*P (ECPoint_mul):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) { - printf(" Error: invalid result (expected point at infinity).\n"); - res = MP_NO; - goto CLEANUP; - } - - /* multiply base point by order and check for point at infinity */ - MP_CHECKOK(ECPoint_mul(group, &group->order, &gx, &gy, &rx, &ry)); - if (ectestPrint) { - printf(" (order)*P (ECPoint_mul):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) { - printf(" Error: invalid result (expected point at infinity).\n"); - res = MP_NO; - goto CLEANUP; - } - - /* check that (order-1)P + (order-1)P + P == (order-1)P */ - MP_CHECKOK(ECPoints_mul - (group, &order_1, &order_1, &gx, &gy, &rx, &ry)); - MP_CHECKOK(ECPoints_mul(group, &one, &one, &rx, &ry, &rx, &ry)); - if (ectestPrint) { - printf - (" (order-1)*P + (order-1)*P + P == (order-1)*P (ECPoints_mul):\n"); - MP_CHECKOK(mp_toradix(&rx, s, 16)); - printf(" %s\n", s); - MP_CHECKOK(mp_toradix(&ry, s, 16)); - printf(" %s\n", s); - } - MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry)); - if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) { - printf(" Error: invalid result (expected (- base point)).\n"); - res = MP_NO; - goto CLEANUP; - } - - if (ectestTime) { - /* compute random scalar */ - size = mpl_significant_bits(&group->meth->irr); - if (size < MP_OKAY) { - goto CLEANUP; - } - MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS)); - MP_CHECKOK(group->meth->field_mod(&n, &n, group->meth)); - /* timed test */ - if (generic) { -#ifdef ECL_ENABLE_GFP_PT_MUL_AFF - M_TimeOperation(MP_CHECKOK - (ec_GFp_pt_mul_aff - (&n, &group->genx, &group->geny, &rx, &ry, - group)), 100); -#endif - M_TimeOperation(MP_CHECKOK - (ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)), - 100); - M_TimeOperation(MP_CHECKOK - (ECPoints_mul - (group, &n, &n, &gx, &gy, &rx, &ry)), 100); - } else { - M_TimeOperation(MP_CHECKOK - (ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)), - 100); - M_TimeOperation(MP_CHECKOK - (ECPoint_mul(group, &n, &gx, &gy, &rx, &ry)), - 100); - M_TimeOperation(MP_CHECKOK - (ECPoints_mul - (group, &n, &n, &gx, &gy, &rx, &ry)), 100); - } - } - - CLEANUP: - mp_clear(&one); - mp_clear(&order_1); - mp_clear(&gx); - mp_clear(&gy); - mp_clear(&rx); - mp_clear(&ry); - mp_clear(&n); - if (res != MP_OKAY) { - printf(" Error: exiting with error value %i\n", res); - } - return res; -} - -/* Prints help information. */ -void -printUsage() -{ - printf("Usage: ecp_test [--print] [--time]\n"); - printf - (" --print Print out results of each point arithmetic test.\n"); - printf - (" --time Benchmark point operations and print results.\n"); -} - -/* Performs tests of elliptic curve cryptography over prime fields If - * tests fail, then it prints an error message, aborts, and returns an - * error code. Otherwise, returns 0. */ -int -main(int argv, char **argc) -{ - - int ectestTime = 0; - int ectestPrint = 0; - int i; - ECGroup *group = NULL; - ECCurveParams *params = NULL; - mp_err res; - - /* read command-line arguments */ - for (i = 1; i < argv; i++) { - if ((strcasecmp(argc[i], "time") == 0) - || (strcasecmp(argc[i], "-time") == 0) - || (strcasecmp(argc[i], "--time") == 0)) { - ectestTime = 1; - } else if ((strcasecmp(argc[i], "print") == 0) - || (strcasecmp(argc[i], "-print") == 0) - || (strcasecmp(argc[i], "--print") == 0)) { - ectestPrint = 1; - } else { - printUsage(); - return 0; - } - } - - /* generic arithmetic tests */ - ECTEST_GENERIC_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1); - - /* specific arithmetic tests */ - ECTEST_NAMED_GFP("SECP-160K1", ECCurve_SECG_PRIME_160K1); - ECTEST_NAMED_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1); - ECTEST_NAMED_GFP("SECP-160R2", ECCurve_SECG_PRIME_160R2); - ECTEST_NAMED_GFP("SECP-192K1", ECCurve_SECG_PRIME_192K1); - ECTEST_NAMED_GFP("SECP-192R1", ECCurve_SECG_PRIME_192R1); - ECTEST_NAMED_GFP("SECP-224K1", ECCurve_SECG_PRIME_224K1); - ECTEST_NAMED_GFP("SECP-224R1", ECCurve_SECG_PRIME_224R1); - - CLEANUP: - EC_FreeCurveParams(params); - ECGroup_free(group); - if (res != MP_OKAY) { - printf("Error: exiting with error value %i\n", res); - } - return res; -} diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c deleted file mode 100644 index 4d71829e9..000000000 --- a/security/nss/lib/freebl/ldvector.c +++ /dev/null @@ -1,196 +0,0 @@ -/* - * ldvector.c - platform dependent DSO containing freebl implementation. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#include "loader.h" - -static const struct FREEBLVectorStr vector = { - - sizeof vector, - FREEBL_VERSION, - - RSA_NewKey, - RSA_PublicKeyOp, - RSA_PrivateKeyOp, - DSA_NewKey, - DSA_SignDigest, - DSA_VerifyDigest, - DSA_NewKeyFromSeed, - DSA_SignDigestWithSeed, - DH_GenParam, - DH_NewKey, - DH_Derive, - KEA_Derive, - KEA_Verify, - RC4_CreateContext, - RC4_DestroyContext, - RC4_Encrypt, - RC4_Decrypt, - RC2_CreateContext, - RC2_DestroyContext, - RC2_Encrypt, - RC2_Decrypt, - RC5_CreateContext, - RC5_DestroyContext, - RC5_Encrypt, - RC5_Decrypt, - DES_CreateContext, - DES_DestroyContext, - DES_Encrypt, - DES_Decrypt, - AES_CreateContext, - AES_DestroyContext, - AES_Encrypt, - AES_Decrypt, - MD5_Hash, - MD5_HashBuf, - MD5_NewContext, - MD5_DestroyContext, - MD5_Begin, - MD5_Update, - MD5_End, - MD5_FlattenSize, - MD5_Flatten, - MD5_Resurrect, - MD5_TraceState, - MD2_Hash, - MD2_NewContext, - MD2_DestroyContext, - MD2_Begin, - MD2_Update, - MD2_End, - MD2_FlattenSize, - MD2_Flatten, - MD2_Resurrect, - SHA1_Hash, - SHA1_HashBuf, - SHA1_NewContext, - SHA1_DestroyContext, - SHA1_Begin, - SHA1_Update, - SHA1_End, - SHA1_TraceState, - SHA1_FlattenSize, - SHA1_Flatten, - SHA1_Resurrect, - RNG_RNGInit, - RNG_RandomUpdate, - RNG_GenerateGlobalRandomBytes, - RNG_RNGShutdown, - PQG_ParamGen, - PQG_ParamGenSeedLen, - PQG_VerifyParams, - - /* End of Version 3.001. */ - - RSA_PrivateKeyOpDoubleChecked, - RSA_PrivateKeyCheck, - BL_Cleanup, - - /* End of Version 3.002. */ - - SHA256_NewContext, - SHA256_DestroyContext, - SHA256_Begin, - SHA256_Update, - SHA256_End, - SHA256_HashBuf, - SHA256_Hash, - SHA256_TraceState, - SHA256_FlattenSize, - SHA256_Flatten, - SHA256_Resurrect, - - SHA512_NewContext, - SHA512_DestroyContext, - SHA512_Begin, - SHA512_Update, - SHA512_End, - SHA512_HashBuf, - SHA512_Hash, - SHA512_TraceState, - SHA512_FlattenSize, - SHA512_Flatten, - SHA512_Resurrect, - - SHA384_NewContext, - SHA384_DestroyContext, - SHA384_Begin, - SHA384_Update, - SHA384_End, - SHA384_HashBuf, - SHA384_Hash, - SHA384_TraceState, - SHA384_FlattenSize, - SHA384_Flatten, - SHA384_Resurrect, - - /* End of Version 3.003. */ - - AESKeyWrap_CreateContext, - AESKeyWrap_DestroyContext, - AESKeyWrap_Encrypt, - AESKeyWrap_Decrypt, - - /* End of Version 3.004. */ - - BLAPI_SHVerify, - BLAPI_VerifySelf, - - /* End of Version 3.005. */ - - EC_NewKey, - EC_NewKeyFromSeed, - EC_ValidatePublicKey, - ECDH_Derive, - ECDSA_SignDigest, - ECDSA_VerifyDigest, - ECDSA_SignDigestWithSeed, - - /* End of Version 3.006. */ -}; - - -const FREEBLVector * -FREEBL_GetVector(void) -{ - return &vector; -} - diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c deleted file mode 100644 index f853d4dd4..000000000 --- a/security/nss/lib/freebl/loader.c +++ /dev/null @@ -1,1349 +0,0 @@ -/* - * loader.c - load platform dependent DSO containing freebl implementation. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#include "loader.h" -#include "prmem.h" -#include "prerror.h" -#include "prinit.h" - -#if defined(SOLARIS) -#include -#include -#include -#if defined(SOLARIS2_5) -static int -isHybrid(void) -{ - long buflen; - int rv = 0; /* false */ - char buf[256]; - buflen = sysinfo(SI_MACHINE, buf, sizeof buf); - if (buflen > 0) { - rv = (!strcmp(buf, "sun4u") || !strcmp(buf, "sun4u1")); - } - return rv; -} -#else /* SunOS2.6or higher has SI_ISALIST */ - -static int -isHybrid(void) -{ - long buflen; - int rv = 0; /* false */ - char buf[256]; - buflen = sysinfo(SI_ISALIST, buf, sizeof buf); - if (buflen > 0) { -#if defined(NSS_USE_64) - char * found = strstr(buf, "sparcv9+vis"); -#else - char * found = strstr(buf, "sparcv8plus+vis"); -#endif - rv = (found != 0); - } - return rv; -} -#endif -#elif defined(HPUX) -/* This code tests to see if we're running on a PA2.x CPU. -** It returns true (1) if so, and false (0) otherwise. -*/ -static int -isHybrid(void) -{ - long cpu = sysconf(_SC_CPU_VERSION); - return (cpu == CPU_PA_RISC2_0); -} - -#else -#error "code for this platform is missing." -#endif - -/* - * On Solaris, if an application using libnss3.so is linked - * with the -R linker option, the -R search patch is only used - * to search for the direct dependencies of the application - * (such as libnss3.so) and is not used to search for the - * dependencies of libnss3.so. So we build libnss3.so with - * the -R '$ORIGIN' linker option to instruct it to search for - * its dependencies (libfreebl_*.so) in the same directory - * where it resides. This requires that libnss3.so, not - * libnspr4.so, be the shared library that calls dlopen(). - * Therefore we have to duplicate the relevant code in the PR - * load library functions here. - */ - -#if defined(SOLARIS) - -#include - -typedef struct { - void *dlh; -} BLLibrary; - -static BLLibrary * -bl_LoadLibrary(const char *name) -{ - BLLibrary *lib; - const char *error; - - lib = PR_NEWZAP(BLLibrary); - if (NULL == lib) { - PR_SetError(PR_OUT_OF_MEMORY_ERROR, 0); - return NULL; - } - lib->dlh = dlopen(name, RTLD_NOW | RTLD_LOCAL); - if (NULL == lib->dlh) { - PR_SetError(PR_LOAD_LIBRARY_ERROR, 0); - error = dlerror(); - if (NULL != error) - PR_SetErrorText(strlen(error), error); - PR_Free(lib); - return NULL; - } - return lib; -} - -static void * -bl_FindSymbol(BLLibrary *lib, const char *name) -{ - void *f; - const char *error; - - f = dlsym(lib->dlh, name); - if (NULL == f) { - PR_SetError(PR_FIND_SYMBOL_ERROR, 0); - error = dlerror(); - if (NULL != error) - PR_SetErrorText(strlen(error), error); - } - return f; -} - -static PRStatus -bl_UnloadLibrary(BLLibrary *lib) -{ - const char *error; - - if (dlclose(lib->dlh) == -1) { - PR_SetError(PR_UNLOAD_LIBRARY_ERROR, 0); - error = dlerror(); - if (NULL != error) - PR_SetErrorText(strlen(error), error); - return PR_FAILURE; - } - PR_Free(lib); - return PR_SUCCESS; -} - -#elif defined(HPUX) - -#include -#include -#include - -typedef struct { - shl_t dlh; -} BLLibrary; - -static BLLibrary * -bl_LoadLibrary(const char *name) -{ - BLLibrary *lib; - const char *error; - - lib = PR_NEWZAP(BLLibrary); - if (NULL == lib) { - PR_SetError(PR_OUT_OF_MEMORY_ERROR, 0); - return NULL; - } - lib->dlh = shl_load(name, DYNAMIC_PATH | BIND_IMMEDIATE, 0L); - if (NULL == lib->dlh) { - PR_SetError(PR_LOAD_LIBRARY_ERROR, errno); - error = strerror(errno); - if (NULL != error) - PR_SetErrorText(strlen(error), error); - PR_Free(lib); - return NULL; - } - return lib; -} - -static void * -bl_FindSymbol(BLLibrary *lib, const char *name) -{ - void *f; - const char *error; - - if (shl_findsym(&lib->dlh, name, TYPE_PROCEDURE, &f) == -1) { - f = NULL; - PR_SetError(PR_FIND_SYMBOL_ERROR, errno); - error = strerror(errno); - if (NULL != error) - PR_SetErrorText(strlen(error), error); - } - return f; -} - -static PRStatus -bl_UnloadLibrary(BLLibrary *lib) -{ - const char *error; - - if (shl_unload(lib->dlh) == -1) { - PR_SetError(PR_UNLOAD_LIBRARY_ERROR, errno); - error = strerror(errno); - if (NULL != error) - PR_SetErrorText(strlen(error), error); - return PR_FAILURE; - } - PR_Free(lib); - return PR_SUCCESS; -} - -#else -#error "code for this platform is missing." -#endif - -#define LSB(x) ((x)&0xff) -#define MSB(x) ((x)>>8) - -static const FREEBLVector *vector; -static const char *libraryName = NULL; - -/* This function must be run only once. */ -/* determine if hybrid platform, then actually load the DSO. */ -static PRStatus -freebl_LoadDSO( void ) -{ - int hybrid = isHybrid(); - BLLibrary * handle; - const char * name; - - name = hybrid ? -#if defined( AIX ) - "libfreebl_hybrid_3_shr.a" : "libfreebl_pure32_3_shr.a"; -#elif defined( HPUX ) - "libfreebl_hybrid_3.sl" : "libfreebl_pure32_3.sl"; -#else - "libfreebl_hybrid_3.so" : "libfreebl_pure32_3.so"; -#endif - - handle = bl_LoadLibrary(name); - if (handle) { - void * address = bl_FindSymbol(handle, "FREEBL_GetVector"); - if (address) { - FREEBLGetVectorFn * getVector = (FREEBLGetVectorFn *)address; - const FREEBLVector * dsoVector = getVector(); - if (dsoVector) { - unsigned short dsoVersion = dsoVector->version; - unsigned short myVersion = FREEBL_VERSION; - if (MSB(dsoVersion) == MSB(myVersion) && - LSB(dsoVersion) >= LSB(myVersion) && - dsoVector->length >= sizeof(FREEBLVector)) { - vector = dsoVector; - libraryName = name; - return PR_SUCCESS; - } - } - } - bl_UnloadLibrary(handle); - } - return PR_FAILURE; -} - -static PRStatus -freebl_RunLoaderOnce( void ) -{ - PRStatus status; - static PRCallOnceType once; - - status = PR_CallOnce(&once, &freebl_LoadDSO); - return status; -} - - -RSAPrivateKey * -RSA_NewKey(int keySizeInBits, SECItem * publicExponent) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_RSA_NewKey)(keySizeInBits, publicExponent); -} - -SECStatus -RSA_PublicKeyOp(RSAPublicKey * key, - unsigned char * output, - const unsigned char * input) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_RSA_PublicKeyOp)(key, output, input); -} - -SECStatus -RSA_PrivateKeyOp(RSAPrivateKey * key, - unsigned char * output, - const unsigned char * input) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_RSA_PrivateKeyOp)(key, output, input); -} - -SECStatus -RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key, - unsigned char *output, - const unsigned char *input) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_RSA_PrivateKeyOpDoubleChecked)(key, output, input); -} - -SECStatus -RSA_PrivateKeyCheck(RSAPrivateKey *key) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_RSA_PrivateKeyCheck)(key); -} - -SECStatus -DSA_NewKey(const PQGParams * params, DSAPrivateKey ** privKey) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_DSA_NewKey)(params, privKey); -} - -SECStatus -DSA_SignDigest(DSAPrivateKey * key, SECItem * signature, const SECItem * digest) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_DSA_SignDigest)( key, signature, digest); -} - -SECStatus -DSA_VerifyDigest(DSAPublicKey * key, const SECItem * signature, - const SECItem * digest) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_DSA_VerifyDigest)( key, signature, digest); -} - -SECStatus -DSA_NewKeyFromSeed(const PQGParams *params, const unsigned char * seed, - DSAPrivateKey **privKey) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_DSA_NewKeyFromSeed)(params, seed, privKey); -} - -SECStatus -DSA_SignDigestWithSeed(DSAPrivateKey * key, SECItem * signature, - const SECItem * digest, const unsigned char * seed) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_DSA_SignDigestWithSeed)( key, signature, digest, seed); -} - -SECStatus -DH_GenParam(int primeLen, DHParams ** params) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_DH_GenParam)(primeLen, params); -} - -SECStatus -DH_NewKey(DHParams * params, DHPrivateKey ** privKey) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_DH_NewKey)( params, privKey); -} - -SECStatus -DH_Derive(SECItem * publicValue, SECItem * prime, SECItem * privateValue, - SECItem * derivedSecret, unsigned int maxOutBytes) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_DH_Derive)( publicValue, prime, privateValue, - derivedSecret, maxOutBytes); -} - -SECStatus -KEA_Derive(SECItem *prime, SECItem *public1, SECItem *public2, - SECItem *private1, SECItem *private2, SECItem *derivedSecret) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_KEA_Derive)(prime, public1, public2, - private1, private2, derivedSecret); -} - -PRBool -KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return PR_FALSE; - return (vector->p_KEA_Verify)(Y, prime, subPrime); -} - -RC4Context * -RC4_CreateContext(const unsigned char *key, int len) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_RC4_CreateContext)(key, len); -} - -void -RC4_DestroyContext(RC4Context *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return; - (vector->p_RC4_DestroyContext)(cx, freeit); -} - -SECStatus -RC4_Encrypt(RC4Context *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_RC4_Encrypt)(cx, output, outputLen, maxOutputLen, input, - inputLen); -} - -SECStatus -RC4_Decrypt(RC4Context *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_RC4_Decrypt)(cx, output, outputLen, maxOutputLen, input, - inputLen); -} - -RC2Context * -RC2_CreateContext(const unsigned char *key, unsigned int len, - const unsigned char *iv, int mode, unsigned effectiveKeyLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_RC2_CreateContext)(key, len, iv, mode, effectiveKeyLen); -} - -void -RC2_DestroyContext(RC2Context *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return; - (vector->p_RC2_DestroyContext)(cx, freeit); -} - -SECStatus -RC2_Encrypt(RC2Context *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_RC2_Encrypt)(cx, output, outputLen, maxOutputLen, input, - inputLen); -} - -SECStatus -RC2_Decrypt(RC2Context *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_RC2_Decrypt)(cx, output, outputLen, maxOutputLen, input, - inputLen); -} - -RC5Context * -RC5_CreateContext(const SECItem *key, unsigned int rounds, - unsigned int wordSize, const unsigned char *iv, int mode) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_RC5_CreateContext)(key, rounds, wordSize, iv, mode); -} - -void -RC5_DestroyContext(RC5Context *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return; - (vector->p_RC5_DestroyContext)(cx, freeit); -} - -SECStatus -RC5_Encrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_RC5_Encrypt)(cx, output, outputLen, maxOutputLen, input, - inputLen); -} - -SECStatus -RC5_Decrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_RC5_Decrypt)(cx, output, outputLen, maxOutputLen, input, - inputLen); -} - -DESContext * -DES_CreateContext(const unsigned char *key, const unsigned char *iv, - int mode, PRBool encrypt) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_DES_CreateContext)(key, iv, mode, encrypt); -} - -void -DES_DestroyContext(DESContext *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return; - (vector->p_DES_DestroyContext)(cx, freeit); -} - -SECStatus -DES_Encrypt(DESContext *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_DES_Encrypt)(cx, output, outputLen, maxOutputLen, input, - inputLen); -} - -SECStatus -DES_Decrypt(DESContext *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_DES_Decrypt)(cx, output, outputLen, maxOutputLen, input, - inputLen); -} - -AESContext * -AES_CreateContext(const unsigned char *key, const unsigned char *iv, - int mode, int encrypt, - unsigned int keylen, unsigned int blocklen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_AES_CreateContext)(key, iv, mode, encrypt, keylen, - blocklen); -} - -void -AES_DestroyContext(AESContext *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_AES_DestroyContext)(cx, freeit); -} - -SECStatus -AES_Encrypt(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_AES_Encrypt)(cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -AES_Decrypt(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_AES_Decrypt)(cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -MD5_Hash(unsigned char *dest, const char *src) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_MD5_Hash)(dest, src); -} - -SECStatus -MD5_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_MD5_HashBuf)(dest, src, src_length); -} - -MD5Context * -MD5_NewContext(void) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_MD5_NewContext)(); -} - -void -MD5_DestroyContext(MD5Context *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return; - (vector->p_MD5_DestroyContext)(cx, freeit); -} - -void -MD5_Begin(MD5Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return; - (vector->p_MD5_Begin)(cx); -} - -void -MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return; - (vector->p_MD5_Update)(cx, input, inputLen); -} - -void -MD5_End(MD5Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return; - (vector->p_MD5_End)(cx, digest, digestLen, maxDigestLen); -} - -unsigned int -MD5_FlattenSize(MD5Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return 0; - return (vector->p_MD5_FlattenSize)(cx); -} - -SECStatus -MD5_Flatten(MD5Context *cx,unsigned char *space) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_MD5_Flatten)(cx, space); -} - -MD5Context * -MD5_Resurrect(unsigned char *space, void *arg) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_MD5_Resurrect)(space, arg); -} - -void -MD5_TraceState(MD5Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_MD5_TraceState)(cx); -} - -SECStatus -MD2_Hash(unsigned char *dest, const char *src) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_MD2_Hash)(dest, src); -} - -MD2Context * -MD2_NewContext(void) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_MD2_NewContext)(); -} - -void -MD2_DestroyContext(MD2Context *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_MD2_DestroyContext)(cx, freeit); -} - -void -MD2_Begin(MD2Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_MD2_Begin)(cx); -} - -void -MD2_Update(MD2Context *cx, const unsigned char *input, unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_MD2_Update)(cx, input, inputLen); -} - -void -MD2_End(MD2Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_MD2_End)(cx, digest, digestLen, maxDigestLen); -} - -unsigned int -MD2_FlattenSize(MD2Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return 0; - return (vector->p_MD2_FlattenSize)(cx); -} - -SECStatus -MD2_Flatten(MD2Context *cx,unsigned char *space) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_MD2_Flatten)(cx, space); -} - -MD2Context * -MD2_Resurrect(unsigned char *space, void *arg) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_MD2_Resurrect)(space, arg); -} - - -SECStatus -SHA1_Hash(unsigned char *dest, const char *src) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA1_Hash)(dest, src); -} - -SECStatus -SHA1_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA1_HashBuf)(dest, src, src_length); -} - -SHA1Context * -SHA1_NewContext(void) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_SHA1_NewContext)(); -} - -void -SHA1_DestroyContext(SHA1Context *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA1_DestroyContext)(cx, freeit); -} - -void -SHA1_Begin(SHA1Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA1_Begin)(cx); -} - -void -SHA1_Update(SHA1Context *cx, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA1_Update)(cx, input, inputLen); -} - -void -SHA1_End(SHA1Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA1_End)(cx, digest, digestLen, maxDigestLen); -} - -void -SHA1_TraceState(SHA1Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA1_TraceState)(cx); -} - -unsigned int -SHA1_FlattenSize(SHA1Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return 0; - return (vector->p_SHA1_FlattenSize)(cx); -} - -SECStatus -SHA1_Flatten(SHA1Context *cx,unsigned char *space) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA1_Flatten)(cx, space); -} - -SHA1Context * -SHA1_Resurrect(unsigned char *space, void *arg) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_SHA1_Resurrect)(space, arg); -} - -SECStatus -RNG_RNGInit(void) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_RNG_RNGInit)(); -} - -SECStatus -RNG_RandomUpdate(const void *data, size_t bytes) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_RNG_RandomUpdate)(data, bytes); -} - -SECStatus -RNG_GenerateGlobalRandomBytes(void *dest, size_t len) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_RNG_GenerateGlobalRandomBytes)(dest, len); -} - -void -RNG_RNGShutdown(void) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_RNG_RNGShutdown)(); -} - -SECStatus -PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_PQG_ParamGen)(j, pParams, pVfy); -} - -SECStatus -PQG_ParamGenSeedLen( unsigned int j, unsigned int seedBytes, - PQGParams **pParams, PQGVerify **pVfy) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_PQG_ParamGenSeedLen)(j, seedBytes, pParams, pVfy); -} - -SECStatus -PQG_VerifyParams(const PQGParams *params, const PQGVerify *vfy, - SECStatus *result) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_PQG_VerifyParams)(params, vfy, result); -} - -void -BL_Cleanup(void) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return; - (vector->p_BL_Cleanup)(); -} - -/* ============== New for 3.003 =============================== */ - -SECStatus -SHA256_Hash(unsigned char *dest, const char *src) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA256_Hash)(dest, src); -} - -SECStatus -SHA256_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA256_HashBuf)(dest, src, src_length); -} - -SHA256Context * -SHA256_NewContext(void) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_SHA256_NewContext)(); -} - -void -SHA256_DestroyContext(SHA256Context *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA256_DestroyContext)(cx, freeit); -} - -void -SHA256_Begin(SHA256Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA256_Begin)(cx); -} - -void -SHA256_Update(SHA256Context *cx, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA256_Update)(cx, input, inputLen); -} - -void -SHA256_End(SHA256Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA256_End)(cx, digest, digestLen, maxDigestLen); -} - -void -SHA256_TraceState(SHA256Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA256_TraceState)(cx); -} - -unsigned int -SHA256_FlattenSize(SHA256Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return 0; - return (vector->p_SHA256_FlattenSize)(cx); -} - -SECStatus -SHA256_Flatten(SHA256Context *cx,unsigned char *space) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA256_Flatten)(cx, space); -} - -SHA256Context * -SHA256_Resurrect(unsigned char *space, void *arg) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_SHA256_Resurrect)(space, arg); -} - -SECStatus -SHA512_Hash(unsigned char *dest, const char *src) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA512_Hash)(dest, src); -} - -SECStatus -SHA512_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA512_HashBuf)(dest, src, src_length); -} - -SHA512Context * -SHA512_NewContext(void) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_SHA512_NewContext)(); -} - -void -SHA512_DestroyContext(SHA512Context *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA512_DestroyContext)(cx, freeit); -} - -void -SHA512_Begin(SHA512Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA512_Begin)(cx); -} - -void -SHA512_Update(SHA512Context *cx, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA512_Update)(cx, input, inputLen); -} - -void -SHA512_End(SHA512Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA512_End)(cx, digest, digestLen, maxDigestLen); -} - -void -SHA512_TraceState(SHA512Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA512_TraceState)(cx); -} - -unsigned int -SHA512_FlattenSize(SHA512Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return 0; - return (vector->p_SHA512_FlattenSize)(cx); -} - -SECStatus -SHA512_Flatten(SHA512Context *cx,unsigned char *space) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA512_Flatten)(cx, space); -} - -SHA512Context * -SHA512_Resurrect(unsigned char *space, void *arg) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_SHA512_Resurrect)(space, arg); -} - - -SECStatus -SHA384_Hash(unsigned char *dest, const char *src) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA384_Hash)(dest, src); -} - -SECStatus -SHA384_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA384_HashBuf)(dest, src, src_length); -} - -SHA384Context * -SHA384_NewContext(void) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_SHA384_NewContext)(); -} - -void -SHA384_DestroyContext(SHA384Context *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA384_DestroyContext)(cx, freeit); -} - -void -SHA384_Begin(SHA384Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA384_Begin)(cx); -} - -void -SHA384_Update(SHA384Context *cx, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA384_Update)(cx, input, inputLen); -} - -void -SHA384_End(SHA384Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA384_End)(cx, digest, digestLen, maxDigestLen); -} - -void -SHA384_TraceState(SHA384Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA384_TraceState)(cx); -} - -unsigned int -SHA384_FlattenSize(SHA384Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return 0; - return (vector->p_SHA384_FlattenSize)(cx); -} - -SECStatus -SHA384_Flatten(SHA384Context *cx,unsigned char *space) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA384_Flatten)(cx, space); -} - -SHA384Context * -SHA384_Resurrect(unsigned char *space, void *arg) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_SHA384_Resurrect)(space, arg); -} - - -AESKeyWrapContext * -AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv, - int encrypt, unsigned int keylen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return vector->p_AESKeyWrap_CreateContext(key, iv, encrypt, keylen); -} - -void -AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return; - vector->p_AESKeyWrap_DestroyContext(cx, freeit); -} - -SECStatus -AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return vector->p_AESKeyWrap_Encrypt(cx, output, outputLen, maxOutputLen, - input, inputLen); -} -SECStatus -AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return vector->p_AESKeyWrap_Decrypt(cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -PRBool -BLAPI_SHVerify(const char *name, PRFuncPtr addr) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return PR_FALSE; - return vector->p_BLAPI_SHVerify(name, addr); -} - -/* - * The Caller is expected to pass NULL as the name, which will - * trigger the p_BLAPI_VerifySelf() to return 'TRUE'. If we really loaded - * from a shared library, BLAPI_VerifySelf will get pick up the real name - * from the static set in freebl_LoadDSO( void ) - */ -PRBool -BLAPI_VerifySelf(const char *name) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return PR_FALSE; - return vector->p_BLAPI_VerifySelf(libraryName); -} - -/* ============== New for 3.006 =============================== */ - -SECStatus -EC_NewKey(ECParams * params, ECPrivateKey ** privKey) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_EC_NewKey)( params, privKey ); -} - -SECStatus -EC_NewKeyFromSeed(ECParams * params, ECPrivateKey ** privKey, - const unsigned char *seed, int seedlen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_EC_NewKeyFromSeed)( params, privKey, seed, seedlen ); -} - -SECStatus -EC_ValidatePublicKey(ECParams * params, SECItem * publicValue) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_EC_ValidatePublicKey)( params, publicValue ); -} - -SECStatus -ECDH_Derive(SECItem * publicValue, ECParams * params, SECItem * privateValue, - PRBool withCofactor, SECItem * derivedSecret) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_ECDH_Derive)( publicValue, params, privateValue, - withCofactor, derivedSecret ); -} - -SECStatus -ECDSA_SignDigest(ECPrivateKey * key, SECItem * signature, - const SECItem * digest) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_ECDSA_SignDigest)( key, signature, digest ); -} - -SECStatus -ECDSA_VerifyDigest(ECPublicKey * key, const SECItem * signature, - const SECItem * digest) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_ECDSA_VerifyDigest)( key, signature, digest ); -} - -SECStatus -ECDSA_SignDigestWithSeed(ECPrivateKey * key, SECItem * signature, - const SECItem * digest, const unsigned char *seed, const int seedlen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_ECDSA_SignDigestWithSeed)( key, signature, digest, - seed, seedlen ); -} - diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h deleted file mode 100644 index 294f37833..000000000 --- a/security/nss/lib/freebl/loader.h +++ /dev/null @@ -1,392 +0,0 @@ -/* - * loader.h - load platform dependent DSO containing freebl implementation. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#ifndef _LOADER_H_ -#define _LOADER_H_ 1 - -#include "blapi.h" - -#define FREEBL_VERSION 0x0307 - -struct FREEBLVectorStr { - - unsigned short length; /* of this struct in bytes */ - unsigned short version; /* of this struct. */ - - RSAPrivateKey * (* p_RSA_NewKey)(int keySizeInBits, - SECItem * publicExponent); - - SECStatus (* p_RSA_PublicKeyOp) (RSAPublicKey * key, - unsigned char * output, - const unsigned char * input); - - SECStatus (* p_RSA_PrivateKeyOp)(RSAPrivateKey * key, - unsigned char * output, - const unsigned char * input); - - SECStatus (* p_DSA_NewKey)(const PQGParams * params, - DSAPrivateKey ** privKey); - - SECStatus (* p_DSA_SignDigest)(DSAPrivateKey * key, - SECItem * signature, - const SECItem * digest); - - SECStatus (* p_DSA_VerifyDigest)(DSAPublicKey * key, - const SECItem * signature, - const SECItem * digest); - - SECStatus (* p_DSA_NewKeyFromSeed)(const PQGParams *params, - const unsigned char * seed, - DSAPrivateKey **privKey); - - SECStatus (* p_DSA_SignDigestWithSeed)(DSAPrivateKey * key, - SECItem * signature, - const SECItem * digest, - const unsigned char * seed); - - SECStatus (* p_DH_GenParam)(int primeLen, DHParams ** params); - - SECStatus (* p_DH_NewKey)(DHParams * params, - DHPrivateKey ** privKey); - - SECStatus (* p_DH_Derive)(SECItem * publicValue, - SECItem * prime, - SECItem * privateValue, - SECItem * derivedSecret, - unsigned int maxOutBytes); - - SECStatus (* p_KEA_Derive)(SECItem *prime, - SECItem *public1, - SECItem *public2, - SECItem *private1, - SECItem *private2, - SECItem *derivedSecret); - - PRBool (* p_KEA_Verify)(SECItem *Y, SECItem *prime, SECItem *subPrime); - - RC4Context * (* p_RC4_CreateContext)(const unsigned char *key, int len); - - void (* p_RC4_DestroyContext)(RC4Context *cx, PRBool freeit); - - SECStatus (* p_RC4_Encrypt)(RC4Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - SECStatus (* p_RC4_Decrypt)(RC4Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - RC2Context * (* p_RC2_CreateContext)(const unsigned char *key, - unsigned int len, const unsigned char *iv, - int mode, unsigned effectiveKeyLen); - - void (* p_RC2_DestroyContext)(RC2Context *cx, PRBool freeit); - - SECStatus (* p_RC2_Encrypt)(RC2Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - SECStatus (* p_RC2_Decrypt)(RC2Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - RC5Context *(* p_RC5_CreateContext)(const SECItem *key, unsigned int rounds, - unsigned int wordSize, const unsigned char *iv, int mode); - - void (* p_RC5_DestroyContext)(RC5Context *cx, PRBool freeit); - - SECStatus (* p_RC5_Encrypt)(RC5Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - SECStatus (* p_RC5_Decrypt)(RC5Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - DESContext *(* p_DES_CreateContext)(const unsigned char *key, - const unsigned char *iv, - int mode, PRBool encrypt); - - void (* p_DES_DestroyContext)(DESContext *cx, PRBool freeit); - - SECStatus (* p_DES_Encrypt)(DESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - SECStatus (* p_DES_Decrypt)(DESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - AESContext * (* p_AES_CreateContext)(const unsigned char *key, - const unsigned char *iv, - int mode, int encrypt, unsigned int keylen, - unsigned int blocklen); - - void (* p_AES_DestroyContext)(AESContext *cx, PRBool freeit); - - SECStatus (* p_AES_Encrypt)(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - SECStatus (* p_AES_Decrypt)(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - SECStatus (* p_MD5_Hash)(unsigned char *dest, const char *src); - - SECStatus (* p_MD5_HashBuf)(unsigned char *dest, const unsigned char *src, - uint32 src_length); - - MD5Context *(* p_MD5_NewContext)(void); - - void (* p_MD5_DestroyContext)(MD5Context *cx, PRBool freeit); - - void (* p_MD5_Begin)(MD5Context *cx); - - void (* p_MD5_Update)(MD5Context *cx, - const unsigned char *input, unsigned int inputLen); - - void (* p_MD5_End)(MD5Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - - unsigned int (* p_MD5_FlattenSize)(MD5Context *cx); - - SECStatus (* p_MD5_Flatten)(MD5Context *cx,unsigned char *space); - - MD5Context * (* p_MD5_Resurrect)(unsigned char *space, void *arg); - - void (* p_MD5_TraceState)(MD5Context *cx); - - SECStatus (* p_MD2_Hash)(unsigned char *dest, const char *src); - - MD2Context *(* p_MD2_NewContext)(void); - - void (* p_MD2_DestroyContext)(MD2Context *cx, PRBool freeit); - - void (* p_MD2_Begin)(MD2Context *cx); - - void (* p_MD2_Update)(MD2Context *cx, - const unsigned char *input, unsigned int inputLen); - - void (* p_MD2_End)(MD2Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - - unsigned int (* p_MD2_FlattenSize)(MD2Context *cx); - - SECStatus (* p_MD2_Flatten)(MD2Context *cx,unsigned char *space); - - MD2Context * (* p_MD2_Resurrect)(unsigned char *space, void *arg); - - SECStatus (* p_SHA1_Hash)(unsigned char *dest, const char *src); - - SECStatus (* p_SHA1_HashBuf)(unsigned char *dest, const unsigned char *src, - uint32 src_length); - - SHA1Context *(* p_SHA1_NewContext)(void); - - void (* p_SHA1_DestroyContext)(SHA1Context *cx, PRBool freeit); - - void (* p_SHA1_Begin)(SHA1Context *cx); - - void (* p_SHA1_Update)(SHA1Context *cx, const unsigned char *input, - unsigned int inputLen); - - void (* p_SHA1_End)(SHA1Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - - void (* p_SHA1_TraceState)(SHA1Context *cx); - - unsigned int (* p_SHA1_FlattenSize)(SHA1Context *cx); - - SECStatus (* p_SHA1_Flatten)(SHA1Context *cx,unsigned char *space); - - SHA1Context * (* p_SHA1_Resurrect)(unsigned char *space, void *arg); - - SECStatus (* p_RNG_RNGInit)(void); - - SECStatus (* p_RNG_RandomUpdate)(const void *data, size_t bytes); - - SECStatus (* p_RNG_GenerateGlobalRandomBytes)(void *dest, size_t len); - - void (* p_RNG_RNGShutdown)(void); - - SECStatus (* p_PQG_ParamGen)(unsigned int j, PQGParams **pParams, - PQGVerify **pVfy); - - SECStatus (* p_PQG_ParamGenSeedLen)( unsigned int j, unsigned int seedBytes, - PQGParams **pParams, PQGVerify **pVfy); - - SECStatus (* p_PQG_VerifyParams)(const PQGParams *params, - const PQGVerify *vfy, SECStatus *result); - - /* Version 3.001 came to here */ - - SECStatus (* p_RSA_PrivateKeyOpDoubleChecked)(RSAPrivateKey *key, - unsigned char *output, - const unsigned char *input); - - SECStatus (* p_RSA_PrivateKeyCheck)(RSAPrivateKey *key); - - void (* p_BL_Cleanup)(void); - - /* Version 3.002 came to here */ - - SHA256Context *(* p_SHA256_NewContext)(void); - void (* p_SHA256_DestroyContext)(SHA256Context *cx, PRBool freeit); - void (* p_SHA256_Begin)(SHA256Context *cx); - void (* p_SHA256_Update)(SHA256Context *cx, const unsigned char *input, - unsigned int inputLen); - void (* p_SHA256_End)(SHA256Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - SECStatus (* p_SHA256_HashBuf)(unsigned char *dest, const unsigned char *src, - uint32 src_length); - SECStatus (* p_SHA256_Hash)(unsigned char *dest, const char *src); - void (* p_SHA256_TraceState)(SHA256Context *cx); - unsigned int (* p_SHA256_FlattenSize)(SHA256Context *cx); - SECStatus (* p_SHA256_Flatten)(SHA256Context *cx,unsigned char *space); - SHA256Context * (* p_SHA256_Resurrect)(unsigned char *space, void *arg); - - SHA512Context *(* p_SHA512_NewContext)(void); - void (* p_SHA512_DestroyContext)(SHA512Context *cx, PRBool freeit); - void (* p_SHA512_Begin)(SHA512Context *cx); - void (* p_SHA512_Update)(SHA512Context *cx, const unsigned char *input, - unsigned int inputLen); - void (* p_SHA512_End)(SHA512Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - SECStatus (* p_SHA512_HashBuf)(unsigned char *dest, const unsigned char *src, - uint32 src_length); - SECStatus (* p_SHA512_Hash)(unsigned char *dest, const char *src); - void (* p_SHA512_TraceState)(SHA512Context *cx); - unsigned int (* p_SHA512_FlattenSize)(SHA512Context *cx); - SECStatus (* p_SHA512_Flatten)(SHA512Context *cx,unsigned char *space); - SHA512Context * (* p_SHA512_Resurrect)(unsigned char *space, void *arg); - - SHA384Context *(* p_SHA384_NewContext)(void); - void (* p_SHA384_DestroyContext)(SHA384Context *cx, PRBool freeit); - void (* p_SHA384_Begin)(SHA384Context *cx); - void (* p_SHA384_Update)(SHA384Context *cx, const unsigned char *input, - unsigned int inputLen); - void (* p_SHA384_End)(SHA384Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - SECStatus (* p_SHA384_HashBuf)(unsigned char *dest, const unsigned char *src, - uint32 src_length); - SECStatus (* p_SHA384_Hash)(unsigned char *dest, const char *src); - void (* p_SHA384_TraceState)(SHA384Context *cx); - unsigned int (* p_SHA384_FlattenSize)(SHA384Context *cx); - SECStatus (* p_SHA384_Flatten)(SHA384Context *cx,unsigned char *space); - SHA384Context * (* p_SHA384_Resurrect)(unsigned char *space, void *arg); - - /* Version 3.003 came to here */ - - AESKeyWrapContext * (* p_AESKeyWrap_CreateContext)(const unsigned char *key, - const unsigned char *iv, int encrypt, unsigned int keylen); - - void (* p_AESKeyWrap_DestroyContext)(AESKeyWrapContext *cx, PRBool freeit); - - SECStatus (* p_AESKeyWrap_Encrypt)(AESKeyWrapContext *cx, - unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - SECStatus (* p_AESKeyWrap_Decrypt)(AESKeyWrapContext *cx, - unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - /* Version 3.004 came to here */ - - PRBool (*p_BLAPI_SHVerify)(const char *name, PRFuncPtr addr); - PRBool (*p_BLAPI_VerifySelf)(const char *name); - - /* Version 3.005 came to here */ - - SECStatus (* p_EC_NewKey)(ECParams * params, - ECPrivateKey ** privKey); - - SECStatus (* p_EC_NewKeyFromSeed)(ECParams * params, - ECPrivateKey ** privKey, - const unsigned char * seed, - int seedlen); - - SECStatus (* p_EC_ValidatePublicKey)(ECParams * params, - SECItem * publicValue); - - SECStatus (* p_ECDH_Derive)(SECItem * publicValue, - ECParams * params, - SECItem * privateValue, - PRBool withCofactor, - SECItem * derivedSecret); - - SECStatus (* p_ECDSA_SignDigest)(ECPrivateKey * key, - SECItem * signature, - const SECItem * digest); - - SECStatus (* p_ECDSA_VerifyDigest)(ECPublicKey * key, - const SECItem * signature, - const SECItem * digest); - - SECStatus (* p_ECDSA_SignDigestWithSeed)(ECPrivateKey * key, - SECItem * signature, - const SECItem * digest, - const unsigned char * seed, - const int seedlen); - - /* Version 3.006 came to here */ - - /* no modification to FREEBLVectorStr itself - * but ECParamStr was modified - */ - - /* Version 3.007 came to here */ - -}; - -typedef struct FREEBLVectorStr FREEBLVector; - -SEC_BEGIN_PROTOS - -typedef const FREEBLVector * FREEBLGetVectorFn(void); - -extern FREEBLGetVectorFn FREEBL_GetVector; - -SEC_END_PROTOS - -#endif diff --git a/security/nss/lib/freebl/mac_rand.c b/security/nss/lib/freebl/mac_rand.c deleted file mode 100644 index 27efdde68..000000000 --- a/security/nss/lib/freebl/mac_rand.c +++ /dev/null @@ -1,315 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#ifdef notdef -#include "xp_core.h" -#include "xp_file.h" -#endif -#include "secrng.h" -#include "mcom_db.h" -#ifdef XP_MAC -#include -#include -#include -#include -#include -#include -#include - -/* Static prototypes */ -static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen); -void FE_ReadScreen(); - -static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen) -{ - union endianness { - int32 i; - char c[4]; - } u; - - if (srclen <= dstlen) { - memcpy(dst, src, srclen); - return srclen; - } - u.i = 0x01020304; - if (u.c[0] == 0x01) { - /* big-endian case */ - memcpy(dst, (char*)src + (srclen - dstlen), dstlen); - } else { - /* little-endian case */ - memcpy(dst, src, dstlen); - } - return dstlen; -} - -size_t RNG_GetNoise(void *buf, size_t maxbytes) -{ - UnsignedWide microTickCount; - Microseconds(µTickCount); - return CopyLowBits(buf, maxbytes, µTickCount, sizeof(microTickCount)); -} - -void RNG_FileForRNG(const char *filename) -{ - unsigned char buffer[BUFSIZ]; - size_t bytes; -#ifdef notdef /*sigh*/ - XP_File file; - unsigned long totalFileBytes = 0; - - if (filename == NULL) /* For now, read in global history if filename is null */ - file = XP_FileOpen(NULL, xpGlobalHistory,XP_FILE_READ_BIN); - else - file = XP_FileOpen(NULL, xpURL,XP_FILE_READ_BIN); - if (file != NULL) { - for (;;) { - bytes = XP_FileRead(buffer, sizeof(buffer), file); - if (bytes == 0) break; - RNG_RandomUpdate( buffer, bytes); - totalFileBytes += bytes; - if (totalFileBytes > 100*1024) break; /* No more than 100 K */ - } - XP_FileClose(file); - } -#endif - /* - * Pass yet another snapshot of our highest resolution clock into - * the hash function. - */ - bytes = RNG_GetNoise(buffer, sizeof(buffer)); - RNG_RandomUpdate(buffer, sizeof(buffer)); -} - -void RNG_SystemInfoForRNG() -{ -/* Time */ - { - unsigned long sec; - size_t bytes; - GetDateTime(&sec); /* Current time since 1970 */ - RNG_RandomUpdate( &sec, sizeof(sec)); - bytes = RNG_GetNoise(&sec, sizeof(sec)); - RNG_RandomUpdate(&sec, bytes); - } -/* User specific variables */ - { - MachineLocation loc; - ReadLocation(&loc); - RNG_RandomUpdate( &loc, sizeof(loc)); - } -#if !TARGET_CARBON -/* User name */ - { - unsigned long userRef; - Str32 userName; - GetDefaultUser(&userRef, userName); - RNG_RandomUpdate( &userRef, sizeof(userRef)); - RNG_RandomUpdate( userName, sizeof(userName)); - } -#endif -/* Mouse location */ - { - Point mouseLoc; - GetMouse(&mouseLoc); - RNG_RandomUpdate( &mouseLoc, sizeof(mouseLoc)); - } -/* Keyboard time threshold */ - { - SInt16 keyTresh = LMGetKeyThresh(); - RNG_RandomUpdate( &keyTresh, sizeof(keyTresh)); - } -/* Last key pressed */ - { - SInt8 keyLast; - keyLast = LMGetKbdLast(); - RNG_RandomUpdate( &keyLast, sizeof(keyLast)); - } -/* Volume */ - { - UInt8 volume = LMGetSdVolume(); - RNG_RandomUpdate( &volume, sizeof(volume)); - } -#if !TARGET_CARBON -/* Current directory */ - { - SInt32 dir = LMGetCurDirStore(); - RNG_RandomUpdate( &dir, sizeof(dir)); - } -#endif -/* Process information about all the processes in the machine */ - { - ProcessSerialNumber process; - ProcessInfoRec pi; - - process.highLongOfPSN = process.lowLongOfPSN = kNoProcess; - - while (GetNextProcess(&process) == noErr) - { - FSSpec fileSpec; - pi.processInfoLength = sizeof(ProcessInfoRec); - pi.processName = NULL; - pi.processAppSpec = &fileSpec; - GetProcessInformation(&process, &pi); - RNG_RandomUpdate( &pi, sizeof(pi)); - RNG_RandomUpdate( &fileSpec, sizeof(fileSpec)); - } - } - -#if !TARGET_CARBON -/* Heap */ - { - THz zone = LMGetTheZone(); - RNG_RandomUpdate( &zone, sizeof(zone)); - } -#endif - -/* Screen */ - { - GDHandle h = GetMainDevice(); /* GDHandle is **GDevice */ - RNG_RandomUpdate( *h, sizeof(GDevice)); - } - -#if !TARGET_CARBON -/* Scrap size */ - { - SInt32 scrapSize = LMGetScrapSize(); - RNG_RandomUpdate( &scrapSize, sizeof(scrapSize)); - } -/* Scrap count */ - { - SInt16 scrapCount = LMGetScrapCount(); - RNG_RandomUpdate( &scrapCount, sizeof(scrapCount)); - } -#else - { - ScrapRef scrap; - if (GetCurrentScrap(&scrap) == noErr) { - UInt32 flavorCount; - if (GetScrapFlavorCount(scrap, &flavorCount) == noErr) { - ScrapFlavorInfo* flavorInfo = (ScrapFlavorInfo*) malloc(flavorCount * sizeof(ScrapFlavorInfo)); - if (flavorInfo != NULL) { - if (GetScrapFlavorInfoList(scrap, &flavorCount, flavorInfo) == noErr) { - UInt32 i; - RNG_RandomUpdate(&flavorCount, sizeof(flavorCount)); - for (i = 0; i < flavorCount; ++i) { - Size flavorSize; - if (GetScrapFlavorSize(scrap, flavorInfo[i].flavorType, &flavorSize) == noErr) - RNG_RandomUpdate(&flavorSize, sizeof(flavorSize)); - } - } - free(flavorInfo); - } - } - } - } -#endif -/* File stuff, last modified, etc. */ - { - HParamBlockRec pb; - GetVolParmsInfoBuffer volInfo; - pb.ioParam.ioVRefNum = 0; - pb.ioParam.ioNamePtr = nil; - pb.ioParam.ioBuffer = (Ptr) &volInfo; - pb.ioParam.ioReqCount = sizeof(volInfo); - PBHGetVolParmsSync(&pb); - RNG_RandomUpdate( &volInfo, sizeof(volInfo)); - } -#if !TARGET_CARBON -/* Event queue */ - { - EvQElPtr eventQ; - for (eventQ = (EvQElPtr) LMGetEventQueue()->qHead; - eventQ; - eventQ = (EvQElPtr)eventQ->qLink) - RNG_RandomUpdate( &eventQ->evtQWhat, sizeof(EventRecord)); - } -#endif - FE_ReadScreen(); - RNG_FileForRNG(NULL); -} - -void FE_ReadScreen() -{ - UInt16 coords[4]; - PixMapHandle pmap; - GDHandle gh; - UInt16 screenHeight; - UInt16 screenWidth; /* just what they say */ - UInt32 bytesToRead; /* number of bytes we're giving */ - UInt32 offset; /* offset into the graphics buffer */ - UInt16 rowBytes; - UInt32 rowsToRead; - float bytesPerPixel; /* dependent on buffer depth */ - Ptr p; /* temporary */ - UInt16 x, y, w, h; - - gh = LMGetMainDevice(); - if ( !gh ) - return; - pmap = (**gh).gdPMap; - if ( !pmap ) - return; - - RNG_GenerateGlobalRandomBytes( coords, sizeof( coords ) ); - - /* make x and y inside the screen rect */ - screenHeight = (**pmap).bounds.bottom - (**pmap).bounds.top; - screenWidth = (**pmap).bounds.right - (**pmap).bounds.left; - x = coords[0] % screenWidth; - y = coords[1] % screenHeight; - w = ( coords[2] & 0x7F ) | 0x40; /* Make sure that w is in the range 64..128 */ - h = ( coords[3] & 0x7F ) | 0x40; /* same for h */ - - bytesPerPixel = (**pmap).pixelSize / 8; - rowBytes = (**pmap).rowBytes & 0x7FFF; - - /* starting address */ - offset = ( rowBytes * y ) + (UInt32)( (float)x * bytesPerPixel ); - - /* don't read past the end of the pixmap's rowbytes */ - bytesToRead = PR_MIN( (UInt32)( w * bytesPerPixel ), - (UInt32)( rowBytes - ( x * bytesPerPixel ) ) ); - - /* don't read past the end of the graphics device pixmap */ - rowsToRead = PR_MIN( h, - ( screenHeight - y ) ); - - p = GetPixBaseAddr( pmap ) + offset; - - while ( rowsToRead-- ) - { - RNG_RandomUpdate( p, bytesToRead ); - p += rowBytes; - } -} -#endif diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn deleted file mode 100644 index 00715a2ee..000000000 --- a/security/nss/lib/freebl/manifest.mn +++ /dev/null @@ -1,151 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 -# Sun Microsystems, Inc. All Rights Reserved. -# -# Contributor(s): -# Dr Vipul Gupta and -# Douglas Stebila , Sun Microsystems -# Laboratories -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -CORE_DEPTH = ../../.. - -MODULE = nss - -ifndef FREEBL_RECURSIVE_BUILD - LIBRARY_NAME = freebl -else - ifdef USE_PURE_32 - CORE_DEPTH = ../../../.. - LIBRARY_NAME = freebl_pure32 - else - LIBRARY_NAME = freebl_hybrid - endif -endif - -# same version as rest of freebl -LIBRARY_VERSION = _3 - -DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" - -REQUIRES = - -EXPORTS = \ - blapit.h \ - shsign.h \ - ecl-exp.h \ - ecl-curve.h \ - $(NULL) - -PRIVATE_EXPORTS = \ - blapi.h \ - secmpi.h \ - secrng.h \ - ec.h \ - ecl.h \ - $(NULL) - -MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h -MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c -ECL_HDRS = ecl-exp.h ecl.h ec2.h ecp.h ecl-priv.h -ifdef NSS_ENABLE_ECC -ECL_SRCS = ecl.c ecl_curve.c ecl_mult.c ecl_gf.c \ - ec2_aff.c ec2_mont.c ec2_proj.c \ - ec2_163.c ec2_193.c ec2_233.c \ - ecp_aff.c ecp_jac.c ecp_mont.c \ - ecp_192.c ecp_224.c \ - ec_naf.c ecp_jm.c -else -ECL_SRCS = $(NULL) -endif - -CSRCS = \ - ldvector.c \ - prng_fips1861.c \ - sysrand.c \ - sha_fast.c \ - md2.c \ - md5.c \ - sha512.c \ - alg2268.c \ - arcfour.c \ - arcfive.c \ - desblapi.c \ - des.c \ - rijndael.c \ - aeskeywrap.c \ - dh.c \ - ec.c \ - pqg.c \ - dsa.c \ - rsa.c \ - shvfy.c \ - $(MPI_SRCS) \ - $(ECL_SRCS) \ - $(NULL) - -ALL_CSRCS := $(CSRCS) - -ALL_HDRS = \ - blapi.h \ - blapit.h \ - des.h \ - ec.h \ - loader.h \ - rijndael.h \ - secmpi.h \ - sha.h \ - sha_fast.h \ - shsign.h \ - vis_proto.h \ - $(NULL) - -ifdef NSS_ENABLE_ECC -DEFINES += -DNSS_ENABLE_ECC -endif - -ifdef AES_GEN_TBL -DEFINES += -DRIJNDAEL_GENERATE_TABLES -else -ifdef AES_GEN_TBL_M -DEFINES += -DRIJNDAEL_GENERATE_TABLES_MACRO -else -ifdef AES_GEN_VAL -DEFINES += -DRIJNDAEL_GENERATE_VALUES -else -ifdef AES_GEN_VAL_M -DEFINES += -DRIJNDAEL_GENERATE_VALUES_MACRO -else -DEFINES += -DRIJNDAEL_INCLUDE_TABLES -endif -endif -endif -endif diff --git a/security/nss/lib/freebl/mapfile.Solaris b/security/nss/lib/freebl/mapfile.Solaris deleted file mode 100644 index 8a39ceceb..000000000 --- a/security/nss/lib/freebl/mapfile.Solaris +++ /dev/null @@ -1,39 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -libfreebl_3.so { - global: - FREEBL_GetVector; - local: - *; -}; diff --git a/security/nss/lib/freebl/md2.c b/security/nss/lib/freebl/md2.c deleted file mode 100644 index 3f7427c14..000000000 --- a/security/nss/lib/freebl/md2.c +++ /dev/null @@ -1,288 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "prerr.h" -#include "secerr.h" - -#include "prtypes.h" - -#include "blapi.h" - -#define MD2_DIGEST_LEN 16 -#define MD2_BUFSIZE 16 -#define MD2_X_SIZE 48 /* The X array, [CV | INPUT | TMP VARS] */ -#define MD2_CV 0 /* index into X for chaining variables */ -#define MD2_INPUT 16 /* index into X for input */ -#define MD2_TMPVARS 32 /* index into X for temporary variables */ -#define MD2_CHECKSUM_SIZE 16 - -struct MD2ContextStr { - unsigned char checksum[MD2_BUFSIZE]; - unsigned char X[MD2_X_SIZE]; - PRUint8 unusedBuffer; -}; - -static const PRUint8 MD2S[256] = { - 0051, 0056, 0103, 0311, 0242, 0330, 0174, 0001, - 0075, 0066, 0124, 0241, 0354, 0360, 0006, 0023, - 0142, 0247, 0005, 0363, 0300, 0307, 0163, 0214, - 0230, 0223, 0053, 0331, 0274, 0114, 0202, 0312, - 0036, 0233, 0127, 0074, 0375, 0324, 0340, 0026, - 0147, 0102, 0157, 0030, 0212, 0027, 0345, 0022, - 0276, 0116, 0304, 0326, 0332, 0236, 0336, 0111, - 0240, 0373, 0365, 0216, 0273, 0057, 0356, 0172, - 0251, 0150, 0171, 0221, 0025, 0262, 0007, 0077, - 0224, 0302, 0020, 0211, 0013, 0042, 0137, 0041, - 0200, 0177, 0135, 0232, 0132, 0220, 0062, 0047, - 0065, 0076, 0314, 0347, 0277, 0367, 0227, 0003, - 0377, 0031, 0060, 0263, 0110, 0245, 0265, 0321, - 0327, 0136, 0222, 0052, 0254, 0126, 0252, 0306, - 0117, 0270, 0070, 0322, 0226, 0244, 0175, 0266, - 0166, 0374, 0153, 0342, 0234, 0164, 0004, 0361, - 0105, 0235, 0160, 0131, 0144, 0161, 0207, 0040, - 0206, 0133, 0317, 0145, 0346, 0055, 0250, 0002, - 0033, 0140, 0045, 0255, 0256, 0260, 0271, 0366, - 0034, 0106, 0141, 0151, 0064, 0100, 0176, 0017, - 0125, 0107, 0243, 0043, 0335, 0121, 0257, 0072, - 0303, 0134, 0371, 0316, 0272, 0305, 0352, 0046, - 0054, 0123, 0015, 0156, 0205, 0050, 0204, 0011, - 0323, 0337, 0315, 0364, 0101, 0201, 0115, 0122, - 0152, 0334, 0067, 0310, 0154, 0301, 0253, 0372, - 0044, 0341, 0173, 0010, 0014, 0275, 0261, 0112, - 0170, 0210, 0225, 0213, 0343, 0143, 0350, 0155, - 0351, 0313, 0325, 0376, 0073, 0000, 0035, 0071, - 0362, 0357, 0267, 0016, 0146, 0130, 0320, 0344, - 0246, 0167, 0162, 0370, 0353, 0165, 0113, 0012, - 0061, 0104, 0120, 0264, 0217, 0355, 0037, 0032, - 0333, 0231, 0215, 0063, 0237, 0021, 0203, 0024 -}; - -SECStatus -MD2_Hash(unsigned char *dest, const char *src) -{ - unsigned int len; - MD2Context *cx = MD2_NewContext(); - if (!cx) { - PORT_SetError(PR_OUT_OF_MEMORY_ERROR); - return SECFailure; - } - MD2_Begin(cx); - MD2_Update(cx, (unsigned char *)src, PL_strlen(src)); - MD2_End(cx, dest, &len, MD2_DIGEST_LEN); - MD2_DestroyContext(cx, PR_TRUE); - return SECSuccess; -} - -MD2Context * -MD2_NewContext(void) -{ - MD2Context *cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context)); - if (cx == NULL) { - PORT_SetError(PR_OUT_OF_MEMORY_ERROR); - return NULL; - } - return cx; -} - -void -MD2_DestroyContext(MD2Context *cx, PRBool freeit) -{ - if (freeit) - PORT_ZFree(cx, sizeof(*cx)); -} - -void -MD2_Begin(MD2Context *cx) -{ - memset(cx, 0, sizeof(*cx)); - cx->unusedBuffer = MD2_BUFSIZE; -} - -static void -md2_compress(MD2Context *cx) -{ - int j; - unsigned char P; - P = cx->checksum[MD2_CHECKSUM_SIZE-1]; - /* Compute the running checksum, and set the tmp variables to be - * CV[i] XOR input[i] - */ -#define CKSUMFN(n) \ - P = cx->checksum[n] ^ MD2S[cx->X[MD2_INPUT+n] ^ P]; \ - cx->checksum[n] = P; \ - cx->X[MD2_TMPVARS+n] = cx->X[n] ^ cx->X[MD2_INPUT+n]; - CKSUMFN(0); - CKSUMFN(1); - CKSUMFN(2); - CKSUMFN(3); - CKSUMFN(4); - CKSUMFN(5); - CKSUMFN(6); - CKSUMFN(7); - CKSUMFN(8); - CKSUMFN(9); - CKSUMFN(10); - CKSUMFN(11); - CKSUMFN(12); - CKSUMFN(13); - CKSUMFN(14); - CKSUMFN(15); - /* The compression function. */ -#define COMPRESS(n) \ - P = cx->X[n] ^ MD2S[P]; \ - cx->X[n] = P; - P = 0x00; - for (j=0; j<18; j++) { - COMPRESS(0); - COMPRESS(1); - COMPRESS(2); - COMPRESS(3); - COMPRESS(4); - COMPRESS(5); - COMPRESS(6); - COMPRESS(7); - COMPRESS(8); - COMPRESS(9); - COMPRESS(10); - COMPRESS(11); - COMPRESS(12); - COMPRESS(13); - COMPRESS(14); - COMPRESS(15); - COMPRESS(16); - COMPRESS(17); - COMPRESS(18); - COMPRESS(19); - COMPRESS(20); - COMPRESS(21); - COMPRESS(22); - COMPRESS(23); - COMPRESS(24); - COMPRESS(25); - COMPRESS(26); - COMPRESS(27); - COMPRESS(28); - COMPRESS(29); - COMPRESS(30); - COMPRESS(31); - COMPRESS(32); - COMPRESS(33); - COMPRESS(34); - COMPRESS(35); - COMPRESS(36); - COMPRESS(37); - COMPRESS(38); - COMPRESS(39); - COMPRESS(40); - COMPRESS(41); - COMPRESS(42); - COMPRESS(43); - COMPRESS(44); - COMPRESS(45); - COMPRESS(46); - COMPRESS(47); - P = (P + j) % 256; - } - cx->unusedBuffer = MD2_BUFSIZE; -} - -void -MD2_Update(MD2Context *cx, const unsigned char *input, unsigned int inputLen) -{ - PRUint32 bytesToConsume; - - /* Fill the remaining input buffer. */ - if (cx->unusedBuffer != MD2_BUFSIZE) { - bytesToConsume = PR_MIN(inputLen, cx->unusedBuffer); - memcpy(&cx->X[MD2_INPUT + (MD2_BUFSIZE - cx->unusedBuffer)], - input, bytesToConsume); - if (cx->unusedBuffer + bytesToConsume >= MD2_BUFSIZE) - md2_compress(cx); - inputLen -= bytesToConsume; - input += bytesToConsume; - } - - /* Iterate over 16-byte chunks of the input. */ - while (inputLen >= MD2_BUFSIZE) { - memcpy(&cx->X[MD2_INPUT], input, MD2_BUFSIZE); - md2_compress(cx); - inputLen -= MD2_BUFSIZE; - input += MD2_BUFSIZE; - } - - /* Copy any input that remains into the buffer. */ - if (inputLen) - memcpy(&cx->X[MD2_INPUT], input, inputLen); - cx->unusedBuffer = MD2_BUFSIZE - inputLen; -} - -void -MD2_End(MD2Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - PRUint8 padStart; - if (maxDigestLen < MD2_BUFSIZE) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return; - } - padStart = MD2_BUFSIZE - cx->unusedBuffer; - memset(&cx->X[MD2_INPUT + padStart], cx->unusedBuffer, - cx->unusedBuffer); - md2_compress(cx); - memcpy(&cx->X[MD2_INPUT], cx->checksum, MD2_BUFSIZE); - md2_compress(cx); - *digestLen = MD2_DIGEST_LEN; - memcpy(digest, &cx->X[MD2_CV], MD2_DIGEST_LEN); -} - -unsigned int -MD2_FlattenSize(MD2Context *cx) -{ - return sizeof(*cx); -} - -SECStatus -MD2_Flatten(MD2Context *cx, unsigned char *space) -{ - memcpy(space, cx, sizeof(*cx)); - return SECSuccess; -} - -MD2Context * -MD2_Resurrect(unsigned char *space, void *arg) -{ - MD2Context *cx = MD2_NewContext(); - if (cx) - memcpy(cx, space, sizeof(*cx)); - return cx; -} diff --git a/security/nss/lib/freebl/md5.c b/security/nss/lib/freebl/md5.c deleted file mode 100644 index 97d569148..000000000 --- a/security/nss/lib/freebl/md5.c +++ /dev/null @@ -1,589 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "prerr.h" -#include "secerr.h" - -#include "prtypes.h" -#include "prlong.h" - -#include "blapi.h" - -#define MD5_HASH_LEN 16 -#define MD5_BUFFER_SIZE 64 -#define MD5_END_BUFFER (MD5_BUFFER_SIZE - 8) - -#define CV0_1 0x67452301 -#define CV0_2 0xefcdab89 -#define CV0_3 0x98badcfe -#define CV0_4 0x10325476 - -#define T1_0 0xd76aa478 -#define T1_1 0xe8c7b756 -#define T1_2 0x242070db -#define T1_3 0xc1bdceee -#define T1_4 0xf57c0faf -#define T1_5 0x4787c62a -#define T1_6 0xa8304613 -#define T1_7 0xfd469501 -#define T1_8 0x698098d8 -#define T1_9 0x8b44f7af -#define T1_10 0xffff5bb1 -#define T1_11 0x895cd7be -#define T1_12 0x6b901122 -#define T1_13 0xfd987193 -#define T1_14 0xa679438e -#define T1_15 0x49b40821 - -#define T2_0 0xf61e2562 -#define T2_1 0xc040b340 -#define T2_2 0x265e5a51 -#define T2_3 0xe9b6c7aa -#define T2_4 0xd62f105d -#define T2_5 0x02441453 -#define T2_6 0xd8a1e681 -#define T2_7 0xe7d3fbc8 -#define T2_8 0x21e1cde6 -#define T2_9 0xc33707d6 -#define T2_10 0xf4d50d87 -#define T2_11 0x455a14ed -#define T2_12 0xa9e3e905 -#define T2_13 0xfcefa3f8 -#define T2_14 0x676f02d9 -#define T2_15 0x8d2a4c8a - -#define T3_0 0xfffa3942 -#define T3_1 0x8771f681 -#define T3_2 0x6d9d6122 -#define T3_3 0xfde5380c -#define T3_4 0xa4beea44 -#define T3_5 0x4bdecfa9 -#define T3_6 0xf6bb4b60 -#define T3_7 0xbebfbc70 -#define T3_8 0x289b7ec6 -#define T3_9 0xeaa127fa -#define T3_10 0xd4ef3085 -#define T3_11 0x04881d05 -#define T3_12 0xd9d4d039 -#define T3_13 0xe6db99e5 -#define T3_14 0x1fa27cf8 -#define T3_15 0xc4ac5665 - -#define T4_0 0xf4292244 -#define T4_1 0x432aff97 -#define T4_2 0xab9423a7 -#define T4_3 0xfc93a039 -#define T4_4 0x655b59c3 -#define T4_5 0x8f0ccc92 -#define T4_6 0xffeff47d -#define T4_7 0x85845dd1 -#define T4_8 0x6fa87e4f -#define T4_9 0xfe2ce6e0 -#define T4_10 0xa3014314 -#define T4_11 0x4e0811a1 -#define T4_12 0xf7537e82 -#define T4_13 0xbd3af235 -#define T4_14 0x2ad7d2bb -#define T4_15 0xeb86d391 - -#define R1B0 0 -#define R1B1 1 -#define R1B2 2 -#define R1B3 3 -#define R1B4 4 -#define R1B5 5 -#define R1B6 6 -#define R1B7 7 -#define R1B8 8 -#define R1B9 9 -#define R1B10 10 -#define R1B11 11 -#define R1B12 12 -#define R1B13 13 -#define R1B14 14 -#define R1B15 15 - -#define R2B0 1 -#define R2B1 6 -#define R2B2 11 -#define R2B3 0 -#define R2B4 5 -#define R2B5 10 -#define R2B6 15 -#define R2B7 4 -#define R2B8 9 -#define R2B9 14 -#define R2B10 3 -#define R2B11 8 -#define R2B12 13 -#define R2B13 2 -#define R2B14 7 -#define R2B15 12 - -#define R3B0 5 -#define R3B1 8 -#define R3B2 11 -#define R3B3 14 -#define R3B4 1 -#define R3B5 4 -#define R3B6 7 -#define R3B7 10 -#define R3B8 13 -#define R3B9 0 -#define R3B10 3 -#define R3B11 6 -#define R3B12 9 -#define R3B13 12 -#define R3B14 15 -#define R3B15 2 - -#define R4B0 0 -#define R4B1 7 -#define R4B2 14 -#define R4B3 5 -#define R4B4 12 -#define R4B5 3 -#define R4B6 10 -#define R4B7 1 -#define R4B8 8 -#define R4B9 15 -#define R4B10 6 -#define R4B11 13 -#define R4B12 4 -#define R4B13 11 -#define R4B14 2 -#define R4B15 9 - -#define S1_0 7 -#define S1_1 12 -#define S1_2 17 -#define S1_3 22 - -#define S2_0 5 -#define S2_1 9 -#define S2_2 14 -#define S2_3 20 - -#define S3_0 4 -#define S3_1 11 -#define S3_2 16 -#define S3_3 23 - -#define S4_0 6 -#define S4_1 10 -#define S4_2 15 -#define S4_3 21 - -struct MD5ContextStr { - PRUint32 lsbInput; - PRUint32 msbInput; - PRUint32 cv[4]; - union { - PRUint8 b[64]; - PRUint32 w[16]; - } u; -}; - -#define inBuf u.b - -SECStatus -MD5_Hash(unsigned char *dest, const char *src) -{ - return MD5_HashBuf(dest, (unsigned char *)src, PL_strlen(src)); -} - -SECStatus -MD5_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - unsigned int len; - MD5Context *cx = MD5_NewContext(); - if (cx == NULL) { - PORT_SetError(PR_OUT_OF_MEMORY_ERROR); - return SECFailure; - } - MD5_Begin(cx); - MD5_Update(cx, src, src_length); - MD5_End(cx, dest, &len, MD5_HASH_LEN); - MD5_DestroyContext(cx, PR_TRUE); - return SECSuccess; -} - -MD5Context * -MD5_NewContext(void) -{ - /* no need to ZAlloc, MD5_Begin will init the context */ - MD5Context *cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context)); - if (cx == NULL) { - PORT_SetError(PR_OUT_OF_MEMORY_ERROR); - return NULL; - } - return cx; -} - -void -MD5_DestroyContext(MD5Context *cx, PRBool freeit) -{ - if (freeit) { - PORT_ZFree(cx, sizeof(MD5Context)); - } -} - -void -MD5_Begin(MD5Context *cx) -{ - cx->lsbInput = 0; - cx->msbInput = 0; - memset(cx->inBuf, 0, sizeof(cx->inBuf)); - cx->cv[0] = CV0_1; - cx->cv[1] = CV0_2; - cx->cv[2] = CV0_3; - cx->cv[3] = CV0_4; -} - -#define cls(i32, s) (tmp = i32, tmp << s | tmp >> (32 - s)) - -#if defined(SOLARIS) || defined(HPUX) -#define addto64(sumhigh, sumlow, addend) \ - sumlow += addend; sumhigh += (sumlow < addend); -#else -#define addto64(sumhigh, sumlow, addend) \ - sumlow += addend; if (sumlow < addend) ++sumhigh; -#endif - -#define MASK 0x00ff00ff -#ifdef IS_LITTLE_ENDIAN -#define lendian(i32) \ - (i32) -#else -#define lendian(i32) \ - (tmp = i32 >> 16 | i32 << 16, (tmp & MASK) << 8 | tmp >> 8 & MASK) -#endif - -#ifndef IS_LITTLE_ENDIAN - -#define lebytes(b4) \ - ((b4)[3] << 24 | (b4)[2] << 16 | (b4)[1] << 8 | (b4)[0]) - -static void -md5_prep_state_le(MD5Context *cx) -{ - PRUint32 tmp; - cx->u.w[0] = lendian(cx->u.w[0]); - cx->u.w[1] = lendian(cx->u.w[1]); - cx->u.w[2] = lendian(cx->u.w[2]); - cx->u.w[3] = lendian(cx->u.w[3]); - cx->u.w[4] = lendian(cx->u.w[4]); - cx->u.w[5] = lendian(cx->u.w[5]); - cx->u.w[6] = lendian(cx->u.w[6]); - cx->u.w[7] = lendian(cx->u.w[7]); - cx->u.w[8] = lendian(cx->u.w[8]); - cx->u.w[9] = lendian(cx->u.w[9]); - cx->u.w[10] = lendian(cx->u.w[10]); - cx->u.w[11] = lendian(cx->u.w[11]); - cx->u.w[12] = lendian(cx->u.w[12]); - cx->u.w[13] = lendian(cx->u.w[13]); - cx->u.w[14] = lendian(cx->u.w[14]); - cx->u.w[15] = lendian(cx->u.w[15]); -} - -static void -md5_prep_buffer_le(MD5Context *cx, const PRUint8 *beBuf) -{ - cx->u.w[0] = lebytes(&beBuf[0]); - cx->u.w[1] = lebytes(&beBuf[4]); - cx->u.w[2] = lebytes(&beBuf[8]); - cx->u.w[3] = lebytes(&beBuf[12]); - cx->u.w[4] = lebytes(&beBuf[16]); - cx->u.w[5] = lebytes(&beBuf[20]); - cx->u.w[6] = lebytes(&beBuf[24]); - cx->u.w[7] = lebytes(&beBuf[28]); - cx->u.w[8] = lebytes(&beBuf[32]); - cx->u.w[9] = lebytes(&beBuf[36]); - cx->u.w[10] = lebytes(&beBuf[40]); - cx->u.w[11] = lebytes(&beBuf[44]); - cx->u.w[12] = lebytes(&beBuf[48]); - cx->u.w[13] = lebytes(&beBuf[52]); - cx->u.w[14] = lebytes(&beBuf[56]); - cx->u.w[15] = lebytes(&beBuf[60]); -} -#endif - - -#define F(X, Y, Z) \ - ((X & Y) | ((~X) & Z)) - -#define G(X, Y, Z) \ - ((X & Z) | (Y & (~Z))) - -#define H(X, Y, Z) \ - (X ^ Y ^ Z) - -#define I(X, Y, Z) \ - (Y ^ (X | (~Z))) - -#define FF(a, b, c, d, bufint, s, ti) \ - a = b + cls(a + F(b, c, d) + bufint + ti, s) - -#define GG(a, b, c, d, bufint, s, ti) \ - a = b + cls(a + G(b, c, d) + bufint + ti, s) - -#define HH(a, b, c, d, bufint, s, ti) \ - a = b + cls(a + H(b, c, d) + bufint + ti, s) - -#define II(a, b, c, d, bufint, s, ti) \ - a = b + cls(a + I(b, c, d) + bufint + ti, s) - -static void -md5_compress(MD5Context *cx, const PRUint32 *wBuf) -{ - PRUint32 a, b, c, d; - PRUint32 tmp; - a = cx->cv[0]; - b = cx->cv[1]; - c = cx->cv[2]; - d = cx->cv[3]; - FF(a, b, c, d, wBuf[R1B0 ], S1_0, T1_0); - FF(d, a, b, c, wBuf[R1B1 ], S1_1, T1_1); - FF(c, d, a, b, wBuf[R1B2 ], S1_2, T1_2); - FF(b, c, d, a, wBuf[R1B3 ], S1_3, T1_3); - FF(a, b, c, d, wBuf[R1B4 ], S1_0, T1_4); - FF(d, a, b, c, wBuf[R1B5 ], S1_1, T1_5); - FF(c, d, a, b, wBuf[R1B6 ], S1_2, T1_6); - FF(b, c, d, a, wBuf[R1B7 ], S1_3, T1_7); - FF(a, b, c, d, wBuf[R1B8 ], S1_0, T1_8); - FF(d, a, b, c, wBuf[R1B9 ], S1_1, T1_9); - FF(c, d, a, b, wBuf[R1B10], S1_2, T1_10); - FF(b, c, d, a, wBuf[R1B11], S1_3, T1_11); - FF(a, b, c, d, wBuf[R1B12], S1_0, T1_12); - FF(d, a, b, c, wBuf[R1B13], S1_1, T1_13); - FF(c, d, a, b, wBuf[R1B14], S1_2, T1_14); - FF(b, c, d, a, wBuf[R1B15], S1_3, T1_15); - GG(a, b, c, d, wBuf[R2B0 ], S2_0, T2_0); - GG(d, a, b, c, wBuf[R2B1 ], S2_1, T2_1); - GG(c, d, a, b, wBuf[R2B2 ], S2_2, T2_2); - GG(b, c, d, a, wBuf[R2B3 ], S2_3, T2_3); - GG(a, b, c, d, wBuf[R2B4 ], S2_0, T2_4); - GG(d, a, b, c, wBuf[R2B5 ], S2_1, T2_5); - GG(c, d, a, b, wBuf[R2B6 ], S2_2, T2_6); - GG(b, c, d, a, wBuf[R2B7 ], S2_3, T2_7); - GG(a, b, c, d, wBuf[R2B8 ], S2_0, T2_8); - GG(d, a, b, c, wBuf[R2B9 ], S2_1, T2_9); - GG(c, d, a, b, wBuf[R2B10], S2_2, T2_10); - GG(b, c, d, a, wBuf[R2B11], S2_3, T2_11); - GG(a, b, c, d, wBuf[R2B12], S2_0, T2_12); - GG(d, a, b, c, wBuf[R2B13], S2_1, T2_13); - GG(c, d, a, b, wBuf[R2B14], S2_2, T2_14); - GG(b, c, d, a, wBuf[R2B15], S2_3, T2_15); - HH(a, b, c, d, wBuf[R3B0 ], S3_0, T3_0); - HH(d, a, b, c, wBuf[R3B1 ], S3_1, T3_1); - HH(c, d, a, b, wBuf[R3B2 ], S3_2, T3_2); - HH(b, c, d, a, wBuf[R3B3 ], S3_3, T3_3); - HH(a, b, c, d, wBuf[R3B4 ], S3_0, T3_4); - HH(d, a, b, c, wBuf[R3B5 ], S3_1, T3_5); - HH(c, d, a, b, wBuf[R3B6 ], S3_2, T3_6); - HH(b, c, d, a, wBuf[R3B7 ], S3_3, T3_7); - HH(a, b, c, d, wBuf[R3B8 ], S3_0, T3_8); - HH(d, a, b, c, wBuf[R3B9 ], S3_1, T3_9); - HH(c, d, a, b, wBuf[R3B10], S3_2, T3_10); - HH(b, c, d, a, wBuf[R3B11], S3_3, T3_11); - HH(a, b, c, d, wBuf[R3B12], S3_0, T3_12); - HH(d, a, b, c, wBuf[R3B13], S3_1, T3_13); - HH(c, d, a, b, wBuf[R3B14], S3_2, T3_14); - HH(b, c, d, a, wBuf[R3B15], S3_3, T3_15); - II(a, b, c, d, wBuf[R4B0 ], S4_0, T4_0); - II(d, a, b, c, wBuf[R4B1 ], S4_1, T4_1); - II(c, d, a, b, wBuf[R4B2 ], S4_2, T4_2); - II(b, c, d, a, wBuf[R4B3 ], S4_3, T4_3); - II(a, b, c, d, wBuf[R4B4 ], S4_0, T4_4); - II(d, a, b, c, wBuf[R4B5 ], S4_1, T4_5); - II(c, d, a, b, wBuf[R4B6 ], S4_2, T4_6); - II(b, c, d, a, wBuf[R4B7 ], S4_3, T4_7); - II(a, b, c, d, wBuf[R4B8 ], S4_0, T4_8); - II(d, a, b, c, wBuf[R4B9 ], S4_1, T4_9); - II(c, d, a, b, wBuf[R4B10], S4_2, T4_10); - II(b, c, d, a, wBuf[R4B11], S4_3, T4_11); - II(a, b, c, d, wBuf[R4B12], S4_0, T4_12); - II(d, a, b, c, wBuf[R4B13], S4_1, T4_13); - II(c, d, a, b, wBuf[R4B14], S4_2, T4_14); - II(b, c, d, a, wBuf[R4B15], S4_3, T4_15); - cx->cv[0] += a; - cx->cv[1] += b; - cx->cv[2] += c; - cx->cv[3] += d; -} - -void -MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen) -{ - PRUint32 bytesToConsume; - PRUint32 inBufIndex = cx->lsbInput & 63; - const PRUint32 *wBuf; - - /* Add the number of input bytes to the 64-bit input counter. */ - addto64(cx->msbInput, cx->lsbInput, inputLen); - if (inBufIndex) { - /* There is already data in the buffer. Fill with input. */ - bytesToConsume = PR_MIN(inputLen, MD5_BUFFER_SIZE - inBufIndex); - memcpy(&cx->inBuf[inBufIndex], input, bytesToConsume); - if (inBufIndex + bytesToConsume >= MD5_BUFFER_SIZE) { - /* The buffer is filled. Run the compression function. */ -#ifndef IS_LITTLE_ENDIAN - md5_prep_state_le(cx); -#endif - md5_compress(cx, cx->u.w); - } - /* Remaining input. */ - inputLen -= bytesToConsume; - input += bytesToConsume; - } - - /* Iterate over 64-byte chunks of the message. */ - while (inputLen >= MD5_BUFFER_SIZE) { -#ifdef IS_LITTLE_ENDIAN -#ifdef _X86_ - /* x86 can handle arithmetic on non-word-aligned buffers */ - wBuf = (PRUint32 *)input; -#else - if ((ptrdiff_t)input & 0x3) { - /* buffer not aligned, copy it to force alignment */ - memcpy(cx->inBuf, input, MD5_BUFFER_SIZE); - wBuf = cx->u.w; - } else { - /* buffer is aligned */ - wBuf = (PRUint32 *)input; - } -#endif -#else - md5_prep_buffer_le(cx, input); - wBuf = cx->u.w; -#endif - md5_compress(cx, wBuf); - inputLen -= MD5_BUFFER_SIZE; - input += MD5_BUFFER_SIZE; - } - - /* Tail of message (message bytes mod 64). */ - if (inputLen) - memcpy(cx->inBuf, input, inputLen); -} - -static const unsigned char padbytes[] = { - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; - -void -MD5_End(MD5Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ -#ifndef IS_LITTLE_ENDIAN - PRUint32 tmp; -#endif - PRUint32 lowInput, highInput; - PRUint32 inBufIndex = cx->lsbInput & 63; - - if (maxDigestLen < MD5_HASH_LEN) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return; - } - - /* Copy out the length of bits input before padding. */ - lowInput = cx->lsbInput; - highInput = (cx->msbInput << 3) | (lowInput >> 29); - lowInput <<= 3; - - if (inBufIndex < MD5_END_BUFFER) { - MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex); - } else { - MD5_Update(cx, padbytes, - MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex); - } - - /* Store the number of bytes input (before padding) in final 64 bits. */ - cx->u.w[14] = lendian(lowInput); - cx->u.w[15] = lendian(highInput); - - /* Final call to compress. */ -#ifndef IS_LITTLE_ENDIAN - md5_prep_state_le(cx); -#endif - md5_compress(cx, cx->u.w); - - /* Copy the resulting values out of the chain variables into return buf. */ - *digestLen = MD5_HASH_LEN; -#ifndef IS_LITTLE_ENDIAN - cx->cv[0] = lendian(cx->cv[0]); - cx->cv[1] = lendian(cx->cv[1]); - cx->cv[2] = lendian(cx->cv[2]); - cx->cv[3] = lendian(cx->cv[3]); -#endif - memcpy(digest, cx->cv, MD5_HASH_LEN); -} - -unsigned int -MD5_FlattenSize(MD5Context *cx) -{ - return sizeof(*cx); -} - -SECStatus -MD5_Flatten(MD5Context *cx, unsigned char *space) -{ - memcpy(space, cx, sizeof(*cx)); - return SECSuccess; -} - -MD5Context * -MD5_Resurrect(unsigned char *space, void *arg) -{ - MD5Context *cx = MD5_NewContext(); - if (cx) - memcpy(cx, space, sizeof(*cx)); - return cx; -} - -void -MD5_TraceState(MD5Context *cx) -{ - PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); -} diff --git a/security/nss/lib/freebl/mknewpc2.c b/security/nss/lib/freebl/mknewpc2.c deleted file mode 100644 index 3bd3f0cf0..000000000 --- a/security/nss/lib/freebl/mknewpc2.c +++ /dev/null @@ -1,236 +0,0 @@ -/* - * mknewpc2.c - * - * Generate PC-2 tables for DES-150 library - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the DES-150 library. - * - * The Initial Developer of the Original Code is Nelson B. Bolyard, - * nelsonb@iname.com. Portions created by Nelson B. Bolyard are - * Copyright (C) 1990, 2000 Nelson B. Bolyard, All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - */ - -typedef unsigned char BYTE; -typedef unsigned int HALF; - -#define DES_ENCRYPT 0 -#define DES_DECRYPT 1 - -/* two 28-bit registers defined in key schedule production process */ -static HALF C0, D0; - -static HALF L0, R0; - -/* key schedule, 16 internal keys, each with 8 6-bit parts */ -static BYTE KS [8] [16]; - - -/* - * This table takes the 56 bits in C0 and D0 and shows show they are - * permuted into the 8 6-bit parts of the key in the key schedule. - * The bits of C0 are numbered left to right, 1-28. - * The bits of D0 are numbered left to right, 29-56. - * Zeros in this table represent bits that are always zero. - * Note that all the bits in the first 4 rows come from C0, - * and all the bits in the second 4 rows come from D0. - */ -static const BYTE PC2[64] = { - 14, 17, 11, 24, 1, 5, 0, 0, /* S1 */ - 3, 28, 15, 6, 21, 10, 0, 0, /* S2 */ - 23, 19, 12, 4, 26, 8, 0, 0, /* S3 */ - 16, 7, 27, 20, 13, 2, 0, 0, /* S4 */ - - 41, 52, 31, 37, 47, 55, 0, 0, /* S5 */ - 30, 40, 51, 45, 33, 48, 0, 0, /* S6 */ - 44, 49, 39, 56, 34, 53, 0, 0, /* S7 */ - 46, 42, 50, 36, 29, 32, 0, 0 /* S8 */ -}; - -/* This table represents the same info as PC2, except that - * The bits of C0 and D0 are each numbered right to left, 0-27. - * -1 values indicate bits that are always zero. - * As before all the bits in the first 4 rows come from C0, - * and all the bits in the second 4 rows come from D0. - */ -static signed char PC2a[64] = { -/* bits of C0 */ - 14, 11, 17, 4, 27, 23, -1, -1, /* S1 */ - 25, 0, 13, 22, 7, 18, -1, -1, /* S2 */ - 5, 9, 16, 24, 2, 20, -1, -1, /* S3 */ - 12, 21, 1, 8, 15, 26, -1, -1, /* S4 */ -/* bits of D0 */ - 15, 4, 25, 19, 9, 1, -1, -1, /* S5 */ - 26, 16, 5, 11, 23, 8, -1, -1, /* S6 */ - 12, 7, 17, 0, 22, 3, -1, -1, /* S7 */ - 10, 14, 6, 20, 27, 24, -1, -1 /* S8 */ -}; - -/* This table represents the same info as PC2a, except that - * The order of of the rows has been changed to increase the efficiency - * with which the key sechedule is created. - * Fewer shifts and ANDs are required to make the KS from these. - */ -static const signed char PC2b[64] = { -/* bits of C0 */ - 14, 11, 17, 4, 27, 23, -1, -1, /* S1 */ - 5, 9, 16, 24, 2, 20, -1, -1, /* S3 */ - 25, 0, 13, 22, 7, 18, -1, -1, /* S2 */ - 12, 21, 1, 8, 15, 26, -1, -1, /* S4 */ -/* bits of D0 */ - 26, 16, 5, 11, 23, 8, -1, -1, /* S6 */ - 10, 14, 6, 20, 27, 24, -1, -1, /* S8 */ - 15, 4, 25, 19, 9, 1, -1, -1, /* S5 */ - 12, 7, 17, 0, 22, 3, -1, -1 /* S7 */ -}; - -/* Only 24 of the 28 bits in C0 and D0 are used in PC2. - * The used bits of C0 and D0 are grouped into 4 groups of 6, - * so that the PC2 permutation can be accomplished with 4 lookups - * in tables of 64 entries. - * The following table shows how the bits of C0 and D0 are grouped - * into indexes for the respective table lookups. - * Bits are numbered right-to-left, 0-27, as in PC2b. - */ -static BYTE NDX[48] = { -/* Bits of C0 */ - 27, 26, 25, 24, 23, 22, /* C0 table 0 */ - 18, 17, 16, 15, 14, 13, /* C0 table 1 */ - 9, 8, 7, 2, 1, 0, /* C0 table 2 */ - 5, 4, 21, 20, 12, 11, /* C0 table 3 */ -/* bits of D0 */ - 27, 26, 25, 24, 23, 22, /* D0 table 0 */ - 20, 19, 17, 16, 15, 14, /* D0 table 1 */ - 12, 11, 10, 9, 8, 7, /* D0 table 2 */ - 6, 5, 4, 3, 1, 0 /* D0 table 3 */ -}; - -/* Here's the code that does that grouping. - left = PC2LOOKUP(0, 0, ((c0 >> 22) & 0x3F) ); - left |= PC2LOOKUP(0, 1, ((c0 >> 13) & 0x3F) ); - left |= PC2LOOKUP(0, 2, ((c0 >> 4) & 0x38) | (c0 & 0x7) ); - left |= PC2LOOKUP(0, 3, ((c0>>18)&0xC) | ((c0>>11)&0x3) | (c0&0x30)); - - right = PC2LOOKUP(1, 0, ((d0 >> 22) & 0x3F) ); - right |= PC2LOOKUP(1, 1, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf) ); - right |= PC2LOOKUP(1, 2, ((d0 >> 7) & 0x3F) ); - right |= PC2LOOKUP(1, 3, ((d0 >> 1) & 0x3C) | (d0 & 0x3)); -*/ - -void -make_pc2a( void ) -{ - - int i, j; - - for ( i = 0; i < 64; ++i ) { - j = PC2[i]; - if (j == 0) - j = -1; - else if ( j < 29 ) - j = 28 - j ; - else - j = 56 - j; - PC2a[i] = j; - } - for ( i = 0; i < 64; i += 8 ) { - printf("%3d,%3d,%3d,%3d,%3d,%3d,%3d,%3d,\n", - PC2a[i+0],PC2a[i+1],PC2a[i+2],PC2a[i+3], - PC2a[i+4],PC2a[i+5],PC2a[i+6],PC2a[i+7] ); - } -} - -HALF PC2cd0[64]; - -HALF PC_2H[8][64]; - -void -mktable( ) -{ - int i; - int table; - const BYTE * ndx = NDX; - HALF mask; - - mask = 0x80000000; - for (i = 0; i < 32; ++i, mask >>= 1) { - int bit = PC2b[i]; - if (bit < 0) - continue; - PC2cd0[bit + 32] = mask; - } - - mask = 0x80000000; - for (i = 32; i < 64; ++i, mask >>= 1) { - int bit = PC2b[i]; - if (bit < 0) - continue; - PC2cd0[bit] = mask; - } - -#if DEBUG - for (i = 0; i < 64; ++i) { - printf("0x%08x,\n", PC2cd0[i]); - } -#endif - for (i = 0; i < 24; ++i) { - NDX[i] += 32; /* because c0 is the upper half */ - } - - for (table = 0; table < 8; ++table) { - HALF bitvals[6]; - for (i = 0; i < 6; ++i) { - bitvals[5-i] = PC2cd0[*ndx++]; - } - for (i = 0; i < 64; ++i) { - int j; - int k = 0; - HALF value = 0; - - for (j = i; j; j >>= 1, ++k) { - if (j & 1) { - value |= bitvals[k]; - } - } - PC_2H[table][i] = value; - } - printf("/* table %d */ {\n", table ); - for (i = 0; i < 64; i += 4) { - printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x, \n", - PC_2H[table][i], PC_2H[table][i+1], - PC_2H[table][i+2], PC_2H[table][i+3]); - } - printf(" },\n"); - } -} - - -int -main(void) -{ -/* make_pc2a(); */ - mktable(); - return 0; -} diff --git a/security/nss/lib/freebl/mksp.c b/security/nss/lib/freebl/mksp.c deleted file mode 100644 index 17ce7bc2a..000000000 --- a/security/nss/lib/freebl/mksp.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * mksp.c - * - * Generate SP tables for DES-150 library - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the DES-150 library. - * - * The Initial Developer of the Original Code is Nelson B. Bolyard, - * nelsonb@iname.com. Portions created by Nelson B. Bolyard are - * Copyright (C) 1990, 2000 Nelson B. Bolyard, All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - */ - -#include - -/* - * sboxes - the tables for the s-box functions - * from FIPS 46, pages 15-16. - */ -unsigned char S[8][64] = { -/* Func S1 = */ { - 14, 0, 4, 15, 13, 7, 1, 4, 2, 14, 15, 2, 11, 13, 8, 1, - 3, 10, 10, 6, 6, 12, 12, 11, 5, 9, 9, 5, 0, 3, 7, 8, - 4, 15, 1, 12, 14, 8, 8, 2, 13, 4, 6, 9, 2, 1, 11, 7, - 15, 5, 12, 11, 9, 3, 7, 14, 3, 10, 10, 0, 5, 6, 0, 13 - }, -/* Func S2 = */ { - 15, 3, 1, 13, 8, 4, 14, 7, 6, 15, 11, 2, 3, 8, 4, 14, - 9, 12, 7, 0, 2, 1, 13, 10, 12, 6, 0, 9, 5, 11, 10, 5, - 0, 13, 14, 8, 7, 10, 11, 1, 10, 3, 4, 15, 13, 4, 1, 2, - 5, 11, 8, 6, 12, 7, 6, 12, 9, 0, 3, 5, 2, 14, 15, 9 - }, -/* Func S3 = */ { - 10, 13, 0, 7, 9, 0, 14, 9, 6, 3, 3, 4, 15, 6, 5, 10, - 1, 2, 13, 8, 12, 5, 7, 14, 11, 12, 4, 11, 2, 15, 8, 1, - 13, 1, 6, 10, 4, 13, 9, 0, 8, 6, 15, 9, 3, 8, 0, 7, - 11, 4, 1, 15, 2, 14, 12, 3, 5, 11, 10, 5, 14, 2, 7, 12 - }, -/* Func S4 = */ { - 7, 13, 13, 8, 14, 11, 3, 5, 0, 6, 6, 15, 9, 0, 10, 3, - 1, 4, 2, 7, 8, 2, 5, 12, 11, 1, 12, 10, 4, 14, 15, 9, - 10, 3, 6, 15, 9, 0, 0, 6, 12, 10, 11, 1, 7, 13, 13, 8, - 15, 9, 1, 4, 3, 5, 14, 11, 5, 12, 2, 7, 8, 2, 4, 14 - }, -/* Func S5 = */ { - 2, 14, 12, 11, 4, 2, 1, 12, 7, 4, 10, 7, 11, 13, 6, 1, - 8, 5, 5, 0, 3, 15, 15, 10, 13, 3, 0, 9, 14, 8, 9, 6, - 4, 11, 2, 8, 1, 12, 11, 7, 10, 1, 13, 14, 7, 2, 8, 13, - 15, 6, 9, 15, 12, 0, 5, 9, 6, 10, 3, 4, 0, 5, 14, 3 - }, -/* Func S6 = */ { - 12, 10, 1, 15, 10, 4, 15, 2, 9, 7, 2, 12, 6, 9, 8, 5, - 0, 6, 13, 1, 3, 13, 4, 14, 14, 0, 7, 11, 5, 3, 11, 8, - 9, 4, 14, 3, 15, 2, 5, 12, 2, 9, 8, 5, 12, 15, 3, 10, - 7, 11, 0, 14, 4, 1, 10, 7, 1, 6, 13, 0, 11, 8, 6, 13 - }, -/* Func S7 = */ { - 4, 13, 11, 0, 2, 11, 14, 7, 15, 4, 0, 9, 8, 1, 13, 10, - 3, 14, 12, 3, 9, 5, 7, 12, 5, 2, 10, 15, 6, 8, 1, 6, - 1, 6, 4, 11, 11, 13, 13, 8, 12, 1, 3, 4, 7, 10, 14, 7, - 10, 9, 15, 5, 6, 0, 8, 15, 0, 14, 5, 2, 9, 3, 2, 12 - }, -/* Func S8 = */ { - 13, 1, 2, 15, 8, 13, 4, 8, 6, 10, 15, 3, 11, 7, 1, 4, - 10, 12, 9, 5, 3, 6, 14, 11, 5, 0, 0, 14, 12, 9, 7, 2, - 7, 2, 11, 1, 4, 14, 1, 7, 9, 4, 12, 10, 14, 8, 2, 13, - 0, 15, 6, 12, 10, 9, 13, 0, 15, 3, 3, 5, 5, 6, 8, 11 - } -}; - -/* - * Permutation function for results from s-boxes - * from FIPS 46 pages 12 and 16. - * P = - */ -unsigned char P[32] = { - 16, 7, 20, 21, 29, 12, 28, 17, - 1, 15, 23, 26, 5, 18, 31, 10, - 2, 8, 24, 14, 32, 27, 3, 9, - 19, 13, 30, 6, 22, 11, 4, 25 -}; - -unsigned int Pinv[32]; -unsigned int SP[8][64]; - -void -makePinv(void) -{ - int i; - unsigned int Pi = 0x80000000; - for (i = 0; i < 32; ++i) { - int j = 32 - P[i]; - Pinv[j] = Pi; - Pi >>= 1; - } -} - -void -makeSP(void) -{ - int box; - for (box = 0; box < 8; ++box) { - int item; - printf("/* box S%d */ {\n", box + 1); - for (item = 0; item < 64; ++item ) { - unsigned int s = S[box][item]; - unsigned int val = 0; - unsigned int bitnum = (7-box) * 4; - for (; s; s >>= 1, ++bitnum) { - if (s & 1) { - val |= Pinv[bitnum]; - } - } - val = (val << 3) | (val >> 29); - SP[box][item] = val; - } - for (item = 0; item < 64; item += 4) { - printf("\t0x%08x, 0x%08x, 0x%08x, 0x%08x,\n", - SP[box][item], SP[box][item+1], SP[box][item+2], SP[box][item+3]); - } - printf(" },\n"); - } -} - -int -main() -{ - makePinv(); - makeSP(); - return 0; -} diff --git a/security/nss/lib/freebl/mpi/Makefile b/security/nss/lib/freebl/mpi/Makefile deleted file mode 100644 index c1acb2d12..000000000 --- a/security/nss/lib/freebl/mpi/Makefile +++ /dev/null @@ -1,278 +0,0 @@ -## -## Makefile for MPI library -## -## The contents of this file are subject to the Mozilla Public -## License Version 1.1 (the "License"); you may not use this file -## except in compliance with the License. You may obtain a copy of -## the License at http://www.mozilla.org/MPL/ -## -## Software distributed under the License is distributed on an "AS -## IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -## implied. See the License for the specific language governing -## rights and limitations under the License. -## -## The Original Code is the MPI Arbitrary Precision Integer Arithmetic -## library. -## -## The Initial Developer of the Original Code is -## Michael J. Fromberger -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. -## -## Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 -## Sun Microsystems, Inc. All Rights Reserved. -## -## Contributor(s): -## Netscape Communications Corporation -## Richard C. Swift (swift@netscape.com) -## Douglas Stebila , Sun Microsystems Laboratories -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the -## GPL. -## -## -## $Id$ -## - -## Define CC to be the C compiler you wish to use. The GNU cc -## compiler (gcc) should work, at the very least -#CC=cc -#CC=gcc - -## -## Define PERL to point to your local Perl interpreter. It -## should be Perl 5.x, although it's conceivable that Perl 4 -## might work ... I haven't tested it. -## -#PERL=/usr/bin/perl -PERL=perl - -include target.mk - -CFLAGS+= $(XCFLAGS) - -## -## Define LIBS to include any libraries you need to link against. -## If NO_TABLE is define, LIBS should include '-lm' or whatever is -## necessary to bring in the math library. Otherwise, it can be -## left alone, unless your system has other peculiar requirements. -## -LIBS=#-lmalloc#-lefence#-lm - -## -## Define RANLIB to be the library header randomizer; you might not -## need this on some systems (just set it to 'echo' on these systems, -## such as IRIX) -## -RANLIB=echo - -## -## This is the version string used for the documentation and -## building the distribution tarball. Don't mess with it unless -## you are releasing a new version -VERS=1.7p6 - -## ---------------------------------------------------------------------- -## You probably don't need to change anything below this line... -## - -## -## This is the list of source files that need to be packed into -## the distribution file -SRCS= mpi.c mpprime.c mplogic.c mp_gf2m.c mpmontg.c mpi-test.c primes.c tests/ \ - utils/gcd.c utils/invmod.c utils/lap.c \ - utils/ptab.pl utils/sieve.c utils/isprime.c\ - utils/dec2hex.c utils/hex2dec.c utils/bbs_rand.c \ - utils/bbsrand.c utils/prng.c utils/primegen.c \ - utils/basecvt.c utils/makeprime.c\ - utils/fact.c utils/exptmod.c utils/pi.c utils/metime.c \ - utils/mpi.h utils/mpprime.h mulsqr.c \ - make-test-arrays test-arrays.txt all-tests make-logtab \ - types.pl stats timetest multest - -## These are the header files that go into the distribution file -HDRS=mpi.h mpi-config.h utils/mpi.h utils/mpi-config.h mpprime.h mplogic.h mp_gf2m.h \ - mp_gf2m-priv.h utils/bbs_rand.h tests/mpi.h tests/mpprime.h - -## These are the documentation files that go into the distribution file -DOCS=README doc utils/README utils/PRIMES - -## This is the list of tools built by 'make tools' -TOOLS=gcd invmod isprime lap dec2hex hex2dec primegen prng \ - basecvt fact exptmod pi makeprime identest - -LIBOBJS = mpprime.o mpmontg.o mplogic.o mp_gf2m.o mpi.o $(AS_OBJS) -LIBHDRS = mpi-config.h mpi-priv.h mpi.h -APPHDRS = mpi-config.h mpi.h mplogic.h mp_gf2m.h mpprime.h - -help: - @ echo "" - @ echo "The following targets can be built with this Makefile:" - @ echo "" - @ echo "libmpi.a - arithmetic and prime testing library" - @ echo "mpi-test - test driver (requires MP_IOFUNC)" - @ echo "tools - command line tools" - @ echo "doc - manual pages for tools" - @ echo "clean - clean up objects and such" - @ echo "distclean - get ready for distribution" - @ echo "dist - distribution tarball" - @ echo "" - -.SUFFIXES: .c .o .i - -.c.i: - $(CC) $(CFLAGS) -E $< > $@ - -#.c.o: $*.h $*.c -# $(CC) $(CFLAGS) -c $< - -#--------------------------------------- - -$(LIBOBJS): $(LIBHDRS) - -logtab.h: make-logtab - $(PERL) make-logtab > logtab.h - -mpi.o: mpi.c logtab.h $(LIBHDRS) - -mplogic.o: mplogic.c mpi-priv.h mplogic.h $(LIBHDRS) - -mp_gf2m.o: mp_gf2m.c mpi-priv.h mp_gf2m.h mp_gf2m-priv.h $(LIBHDRS) - -mpmontg.o: mpmontg.c mpi-priv.h mplogic.h mpprime.h $(LIBHDRS) - -mpprime.o: mpprime.c mpi-priv.h mpprime.h mplogic.h primes.c $(LIBHDRS) - -mpi_mips.o: mpi_mips.s - $(CC) -o $@ $(ASFLAGS) -c mpi_mips.s - -mpi_sparc.o : montmulf.h - -mpv_sparcv9.s: vis_64.il mpv_sparc.c - $(CC) -o $@ $(SOLARIS_FPU_FLAGS) -S vis_64.il mpv_sparc.c - -mpv_sparcv8.s: vis_64.il mpv_sparc.c - $(CC) -o $@ $(SOLARIS_FPU_FLAGS) -S vis_32.il mpv_sparc.c - -montmulfv8.o montmulfv9.o mpv_sparcv8.o mpv_sparcv9.o : %.o : %.s - $(CC) -o $@ $(SOLARIS_ASM_FLAGS) -c $< - -# This rule is used to build the .s sources, which are then hand optimized. -#montmulfv8.s montmulfv9.s : montmulf%.s : montmulf%.il montmulf.c montmulf.h -# $(CC) -o $@ $(SOLARIS_ASM_FLAGS) -S montmulf$*.il montmulf.c - - -libmpi.a: $(LIBOBJS) - ar -cvr libmpi.a $(LIBOBJS) - $(RANLIB) libmpi.a - -lib libs: libmpi.a - -mpi.i: mpi.h - -#--------------------------------------- - -MPTESTOBJS = mptest1.o mptest2.o mptest3.o mptest3a.o mptest4.o mptest4a.o \ - mptest4b.o mptest6.o mptest7.o mptest8.o mptest9.o mptestb.o -MPTESTS = $(MPTESTOBJS:.o=) - -$(MPTESTOBJS): mptest%.o: tests/mptest-%.c $(LIBHDRS) - $(CC) $(CFLAGS) -o $@ -c $< - -$(MPTESTS): mptest%: mptest%.o libmpi.a - $(CC) $(CFLAGS) -o $@ $^ $(LIBS) - -tests: mptest1 mptest2 mptest3 mptest3a mptest4 mptest4a mptest4b mptest6 \ - mptestb bbsrand - -utests: mptest7 mptest8 mptest9 - -#--------------------------------------- - -EXTRAOBJS = bbsrand.o bbs_rand.o prng.o -UTILOBJS = primegen.o metime.o identest.o basecvt.o fact.o exptmod.o pi.o \ - makeprime.o gcd.o invmod.o lap.o isprime.o \ - dec2hex.o hex2dec.o -UTILS = $(UTILOBJS:.o=) - -$(UTILS): % : %.o libmpi.a - $(CC) $(CFLAGS) -o $@ $^ $(LIBS) - -$(UTILOBJS) $(EXTRAOBJS): %.o : utils/%.c $(LIBHDRS) - $(CC) $(CFLAGS) -o $@ -c $< - -prng: prng.o bbs_rand.o libmpi.a - $(CC) $(CFLAGS) -o $@ $^ $(LIBS) - -bbsrand: bbsrand.o bbs_rand.o libmpi.a - $(CC) $(CFLAGS) -o $@ $^ $(LIBS) - -utils: $(UTILS) prng bbsrand - -#--------------------------------------- - -test-info.c: test-arrays.txt - $(PERL) make-test-arrays test-arrays.txt > test-info.c - -mpi-test.o: mpi-test.c test-info.c $(LIBHDRS) - $(CC) $(CFLAGS) -o $@ -c $< - -mpi-test: mpi-test.o libmpi.a - $(CC) $(CFLAGS) -o $@ $^ $(LIBS) - -mdxptest.o: mdxptest.c $(LIBHDRS) mpi-priv.h - -mdxptest: mdxptest.o libmpi.a - $(CC) $(CFLAGS) -o $@ $^ $(LIBS) - -mulsqr.o: mulsqr.c logtab.h mpi.h mpi-config.h mpprime.h - $(CC) $(CFLAGS) -DMP_SQUARE=1 -o $@ -c mulsqr.c - -mulsqr: mulsqr.o libmpi.a - $(CC) $(CFLAGS) -o $@ $^ $(LIBS) - -#--------------------------------------- - -alltests: tests utests mpi-test - -tools: $(TOOLS) - -doc: - (cd doc; ./build) - -clean: - rm -f *.o *.a *.i - rm -f core - rm -f *~ .*~ - rm -f utils/*.o - rm -f utils/core - rm -f utils/*~ utils/.*~ - -clobber: clean - rm -f $(TOOLS) $(UTILS) - -distclean: clean - rm -f mptest? mpi-test metime mulsqr karatsuba - rm -f mptest?a mptest?b - rm -f utils/mptest? - rm -f test-info.c logtab.h - rm -f libmpi.a - rm -f $(TOOLS) - -dist: Makefile $(HDRS) $(SRCS) $(DOCS) - tar -cvf mpi-$(VERS).tar Makefile $(HDRS) $(SRCS) $(DOCS) - pgps -ab mpi-$(VERS).tar - chmod +r mpi-$(VERS).tar.asc - gzip -9 mpi-$(VERS).tar - -# END diff --git a/security/nss/lib/freebl/mpi/Makefile.os2 b/security/nss/lib/freebl/mpi/Makefile.os2 deleted file mode 100644 index e81b64649..000000000 --- a/security/nss/lib/freebl/mpi/Makefile.os2 +++ /dev/null @@ -1,277 +0,0 @@ -## -## Makefile.win - gmake Makefile for building MPI with VACPP on OS/2 -## -## The contents of this file are subject to the Mozilla Public -## License Version 1.1 (the "License"); you may not use this file -## except in compliance with the License. You may obtain a copy of -## the License at http://www.mozilla.org/MPL/ -## -## Software distributed under the License is distributed on an "AS -## IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -## implied. See the License for the specific language governing -## rights and limitations under the License. -## -## The Original Code is the MPI Arbitrary Precision Integer Arithmetic -## library. -## -## The Initial Developer of the Original Code is -## Michael J. Fromberger -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. -## -## Contributor(s): -## Netscape Communications Corporation -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the -## GPL. -## -## -## $Id$ -## - -## Define CC to be the C compiler you wish to use. The GNU cc -## compiler (gcc) should work, at the very least -#CC=cc -#CC=gcc -CC=icc.exe -AS=alp.exe - -## -## Define PERL to point to your local Perl interpreter. It -## should be Perl 5.x, although it's conceivable that Perl 4 -## might work ... I haven't tested it. -## -#PERL=/usr/bin/perl -PERL=perl - -## -## Define CFLAGS to contain any local options your compiler -## setup requires. -## -## Conditional compilation options are no longer here; see -## the file 'mpi-config.h' instead. -## -MPICMN = -I. -DMP_API_COMPATIBLE -DMP_IOFUNC -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD - -#OS/2 -AS_SRCS = mpi_x86.asm -MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D -#CFLAGS= -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC \ - -DDEBUG -D_DEBUG -UNDEBUG -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN) -#CFLAGS = -O2 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \ - -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN) -#CFLAGS = -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \ - -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN) -CFLAGS = /Ti+ -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \ - $(MPICMN) -ASFLAGS = - -## -## Define LIBS to include any libraries you need to link against. -## If NO_TABLE is define, LIBS should include '-lm' or whatever is -## necessary to bring in the math library. Otherwise, it can be -## left alone, unless your system has other peculiar requirements. -## -LIBS=#-lmalloc#-lefence#-lm - -## -## Define RANLIB to be the library header randomizer; you might not -## need this on some systems (just set it to 'echo' on these systems, -## such as IRIX) -## -RANLIB=echo - -## -## This is the version string used for the documentation and -## building the distribution tarball. Don't mess with it unless -## you are releasing a new version -VERS=1.7p6 - -## ---------------------------------------------------------------------- -## You probably don't need to change anything below this line... -## - -## -## This is the list of source files that need to be packed into -## the distribution file -SRCS= mpi.c mpprime.c mplogic.c mpmontg.c mpi-test.c primes.c tests/ \ - utils/gcd.c utils/invmod.c utils/lap.c \ - utils/ptab.pl utils/sieve.c utils/isprime.c\ - utils/dec2hex.c utils/hex2dec.c utils/bbs_rand.c \ - utils/bbsrand.c utils/prng.c utils/primegen.c \ - utils/basecvt.c utils/makeprime.c\ - utils/fact.c utils/exptmod.c utils/pi.c utils/metime.c \ - utils/mpi.h utils/mpprime.h mulsqr.c \ - make-test-arrays test-arrays.txt all-tests make-logtab \ - types.pl stats timetest multest - -## These are the header files that go into the distribution file -HDRS=mpi.h mpi-config.h utils/mpi.h utils/mpi-config.h mpprime.h mplogic.h \ - utils/bbs_rand.h tests/mpi.h tests/mpprime.h - -## These are the documentation files that go into the distribution file -DOCS=README doc utils/README utils/PRIMES - -## This is the list of tools built by 'make tools' -TOOLS=gcd.exe invmod.exe isprime.exe lap.exe dec2hex.exe hex2dec.exe \ - primegen.exe prng.exe basecvt.exe fact.exe exptmod.exe pi.exe makeprime.exe - -AS_OBJS = $(AS_SRCS:.asm=.obj) -LIBOBJS = mpprime.obj mpmontg.obj mplogic.obj mpi.obj $(AS_OBJS) -LIBHDRS = mpi-config.h mpi-priv.h mpi.h -APPHDRS = mpi-config.h mpi.h mplogic.h mpprime.h - - -help: - @ echo "" - @ echo "The following targets can be built with this Makefile:" - @ echo "" - @ echo "mpi.lib - arithmetic and prime testing library" - @ echo "mpi-test.exe - test driver (requires MP_IOFUNC)" - @ echo "tools - command line tools" - @ echo "doc - manual pages for tools" - @ echo "clean - clean up objects and such" - @ echo "distclean - get ready for distribution" - @ echo "dist - distribution tarball" - @ echo "" - -.SUFFIXES: .c .obj .i .lib .exe .asm - -.c.i: - $(CC) $(CFLAGS) -E $< > $@ - -.c.obj: - $(CC) $(CFLAGS) -c $< - -.asm.obj: - $(AS) $(ASFLAGS) $< - -.obj.exe: - $(CC) $(CFLAGS) -Fo$@ $< - -#--------------------------------------- - -$(LIBOBJS): $(LIBHDRS) - -logtab.h: make-logtab - $(PERL) make-logtab > logtab.h - -mpi.obj: mpi.c logtab.h $(LIBHDRS) - -mplogic.obj: mplogic.c mpi-priv.h mplogic.h $(LIBHDRS) - -mpmontg.obj: mpmontg.c mpi-priv.h mplogic.h mpprime.h $(LIBHDRS) - -mpprime.obj: mpprime.c mpi-priv.h mpprime.h mplogic.h primes.c $(LIBHDRS) - -mpi_mips.obj: mpi_mips.s - $(CC) -Fo$@ $(ASFLAGS) -c mpi_mips.s - -mpi.lib: $(LIBOBJS) - ilib /out:mpi.lib $(LIBOBJS) - $(RANLIB) mpi.lib - -lib libs: mpi.lib - -#--------------------------------------- - -MPTESTOBJS = mptest1.obj mptest2.obj mptest3.obj mptest3a.obj mptest4.obj \ - mptest4a.obj mptest4b.obj mptest6.obj mptest7.obj mptest8.obj mptest9.obj -MPTESTS = $(MPTESTOBJS:.obj=.exe) - -$(MPTESTOBJS): mptest%.obj: tests/mptest-%.c $(LIBHDRS) - $(CC) $(CFLAGS) -Fo$@ -c $< - -$(MPTESTS): mptest%.exe: mptest%.obj mpi.lib $(LIBS) - $(CC) $(CFLAGS) -Fo$@ $^ - -tests: mptest1.exe mptest2.exe mptest3.exe mptest3a.exe mptest4.exe \ - mptest4a.exe mptest4b.exe mptest6.exe bbsrand.exe - -utests: mptest7.exe mptest8.exe mptest9.exe - -#--------------------------------------- - -EXTRAOBJS = bbsrand.obj bbs_rand.obj prng.obj -UTILOBJS = primegen.obj metime.obj identest.obj basecvt.obj fact.obj \ - exptmod.obj pi.obj makeprime.obj karatsuba.obj gcd.obj invmod.obj lap.obj \ - isprime.obj dec2hex.obj hex2dec.obj -UTILS = $(UTILOBJS:.obj=.exe) - -$(UTILS): %.exe : %.obj mpi.lib $(LIBS) - $(CC) $(CFLAGS) -Fo$@ $^ - -$(UTILOBJS) $(EXTRAOBJS): %.obj : utils/%.c $(LIBHDRS) - $(CC) $(CFLAGS) -Fo$@ -c $< - -prng.exe: prng.obj bbs_rand.obj mpi.lib $(LIBS) - $(CC) $(CFLAGS) -Fo$@ $^ - -bbsrand.exe: bbsrand.obj bbs_rand.obj mpi.lib $(LIBS) - $(CC) $(CFLAGS) -Fo$@ $^ - -utils: $(UTILS) prng.exe bbsrand.exe - -#--------------------------------------- - -test-info.c: test-arrays.txt - $(PERL) make-test-arrays test-arrays.txt > test-info.c - -mpi-test.obj: mpi-test.c test-info.c $(LIBHDRS) - $(CC) $(CFLAGS) -Fo$@ -c $< - -mpi-test.exe: mpi-test.obj mpi.lib $(LIBS) - $(CC) $(CFLAGS) -Fo$@ $^ - -mdxptest.obj: mdxptest.c $(LIBHDRS) mpi-priv.h - -mdxptest.exe: mdxptest.obj mpi.lib $(LIBS) - $(CC) $(CFLAGS) -Fo$@ $^ - -mulsqr.obj: mulsqr.c logtab.h mpi.h mpi-config.h mpprime.h - $(CC) $(CFLAGS) -DMP_SQUARE=1 -Fo$@ -c mulsqr.c - -mulsqr.exe: mulsqr.obj mpi.lib $(LIBS) - $(CC) $(CFLAGS) -Fo$@ $^ - -#--------------------------------------- - -alltests: tests utests mpi-test.exe - -tools: $(TOOLS) - -doc: - (cd doc; ./build) - -clean: - rm -f *.obj *.lib *.pdb *.ilk - cd utils; rm -f *.obj *.lib *.pdb *.ilk - -distclean: clean - rm -f mptest? mpi-test metime mulsqr karatsuba - rm -f mptest?a mptest?b - rm -f utils/mptest? - rm -f test-info.c logtab.h - rm -f mpi.lib - rm -f $(TOOLS) - -dist: Makefile $(HDRS) $(SRCS) $(DOCS) - tar -cvf mpi-$(VERS).tar Makefile $(HDRS) $(SRCS) $(DOCS) - pgps -ab mpi-$(VERS).tar - chmod +r mpi-$(VERS).tar.asc - gzip -9 mpi-$(VERS).tar - - -print: - @echo LIBOBJS = $(LIBOBJS) -# END diff --git a/security/nss/lib/freebl/mpi/Makefile.win b/security/nss/lib/freebl/mpi/Makefile.win deleted file mode 100644 index 1c403f4d3..000000000 --- a/security/nss/lib/freebl/mpi/Makefile.win +++ /dev/null @@ -1,277 +0,0 @@ -## -## Makefile.win - gmake Makefile for building MPI with MSVC on NT -## -## The contents of this file are subject to the Mozilla Public -## License Version 1.1 (the "License"); you may not use this file -## except in compliance with the License. You may obtain a copy of -## the License at http://www.mozilla.org/MPL/ -## -## Software distributed under the License is distributed on an "AS -## IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -## implied. See the License for the specific language governing -## rights and limitations under the License. -## -## The Original Code is the MPI Arbitrary Precision Integer Arithmetic -## library. -## -## The Initial Developer of the Original Code is -## Michael J. Fromberger -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. -## -## Contributor(s): -## Netscape Communications Corporation -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the -## GPL. -## -## -## $Id$ -## - -## Define CC to be the C compiler you wish to use. The GNU cc -## compiler (gcc) should work, at the very least -#CC=cc -#CC=gcc -CC=cl.exe -AS=ml.exe - -## -## Define PERL to point to your local Perl interpreter. It -## should be Perl 5.x, although it's conceivable that Perl 4 -## might work ... I haven't tested it. -## -#PERL=/usr/bin/perl -PERL=perl - -## -## Define CFLAGS to contain any local options your compiler -## setup requires. -## -## Conditional compilation options are no longer here; see -## the file 'mpi-config.h' instead. -## -MPICMN = -I. -DMP_API_COMPATIBLE -DMP_IOFUNC - -#NT -AS_SRCS = mpi_x86.asm -MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D -#CFLAGS= -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC \ - -DDEBUG -D_DEBUG -UNDEBUG -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN) -#CFLAGS = -O2 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \ - -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN) -#CFLAGS = -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \ - -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN) -CFLAGS = -O2 -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \ - -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN) -ASFLAGS = -Cp -Sn -Zi -coff -I. - -## -## Define LIBS to include any libraries you need to link against. -## If NO_TABLE is define, LIBS should include '-lm' or whatever is -## necessary to bring in the math library. Otherwise, it can be -## left alone, unless your system has other peculiar requirements. -## -LIBS=#-lmalloc#-lefence#-lm - -## -## Define RANLIB to be the library header randomizer; you might not -## need this on some systems (just set it to 'echo' on these systems, -## such as IRIX) -## -RANLIB=echo - -## -## This is the version string used for the documentation and -## building the distribution tarball. Don't mess with it unless -## you are releasing a new version -VERS=1.7p6 - -## ---------------------------------------------------------------------- -## You probably don't need to change anything below this line... -## - -## -## This is the list of source files that need to be packed into -## the distribution file -SRCS= mpi.c mpprime.c mplogic.c mpmontg.c mpi-test.c primes.c tests/ \ - utils/gcd.c utils/invmod.c utils/lap.c \ - utils/ptab.pl utils/sieve.c utils/isprime.c\ - utils/dec2hex.c utils/hex2dec.c utils/bbs_rand.c \ - utils/bbsrand.c utils/prng.c utils/primegen.c \ - utils/basecvt.c utils/makeprime.c\ - utils/fact.c utils/exptmod.c utils/pi.c utils/metime.c \ - utils/mpi.h utils/mpprime.h mulsqr.c \ - make-test-arrays test-arrays.txt all-tests make-logtab \ - types.pl stats timetest multest - -## These are the header files that go into the distribution file -HDRS=mpi.h mpi-config.h utils/mpi.h utils/mpi-config.h mpprime.h mplogic.h \ - utils/bbs_rand.h tests/mpi.h tests/mpprime.h - -## These are the documentation files that go into the distribution file -DOCS=README doc utils/README utils/PRIMES - -## This is the list of tools built by 'make tools' -TOOLS=gcd.exe invmod.exe isprime.exe lap.exe dec2hex.exe hex2dec.exe \ - primegen.exe prng.exe basecvt.exe fact.exe exptmod.exe pi.exe makeprime.exe - -AS_OBJS = $(AS_SRCS:.asm=.obj) -LIBOBJS = mpprime.obj mpmontg.obj mplogic.obj mpi.obj $(AS_OBJS) -LIBHDRS = mpi-config.h mpi-priv.h mpi.h -APPHDRS = mpi-config.h mpi.h mplogic.h mpprime.h - - -help: - @ echo "" - @ echo "The following targets can be built with this Makefile:" - @ echo "" - @ echo "mpi.lib - arithmetic and prime testing library" - @ echo "mpi-test - test driver (requires MP_IOFUNC)" - @ echo "tools - command line tools" - @ echo "doc - manual pages for tools" - @ echo "clean - clean up objects and such" - @ echo "distclean - get ready for distribution" - @ echo "dist - distribution tarball" - @ echo "" - -.SUFFIXES: .c .obj .i .lib .exe .asm - -.c.i: - $(CC) $(CFLAGS) -E $< > $@ - -.c.obj: - $(CC) $(CFLAGS) -c $< - -.asm.obj: - $(AS) $(ASFLAGS) -c $< - -.obj.exe: - $(CC) $(CFLAGS) -Fo$@ $< - -#--------------------------------------- - -$(LIBOBJS): $(LIBHDRS) - -logtab.h: make-logtab - $(PERL) make-logtab > logtab.h - -mpi.obj: mpi.c logtab.h $(LIBHDRS) - -mplogic.obj: mplogic.c mpi-priv.h mplogic.h $(LIBHDRS) - -mpmontg.obj: mpmontg.c mpi-priv.h mplogic.h mpprime.h $(LIBHDRS) - -mpprime.obj: mpprime.c mpi-priv.h mpprime.h mplogic.h primes.c $(LIBHDRS) - -mpi_mips.obj: mpi_mips.s - $(CC) -Fo$@ $(ASFLAGS) -c mpi_mips.s - -mpi.lib: $(LIBOBJS) - ar -cvr mpi.lib $(LIBOBJS) - $(RANLIB) mpi.lib - -lib libs: mpi.lib - -#--------------------------------------- - -MPTESTOBJS = mptest1.obj mptest2.obj mptest3.obj mptest3a.obj mptest4.obj \ - mptest4a.obj mptest4b.obj mptest6.obj mptest7.obj mptest8.obj mptest9.obj -MPTESTS = $(MPTESTOBJS:.obj=.exe) - -$(MPTESTOBJS): mptest%.obj: tests/mptest-%.c $(LIBHDRS) - $(CC) $(CFLAGS) -Fo$@ -c $< - -$(MPTESTS): mptest%.exe: mptest%.obj mpi.lib $(LIBS) - $(CC) $(CFLAGS) -Fo$@ $^ - -tests: mptest1.exe mptest2.exe mptest3.exe mptest3a.exe mptest4.exe \ - mptest4a.exe mptest4b.exe mptest6.exe bbsrand.exe - -utests: mptest7.exe mptest8.exe mptest9.exe - -#--------------------------------------- - -EXTRAOBJS = bbsrand.obj bbs_rand.obj prng.obj -UTILOBJS = primegen.obj metime.obj identest.obj basecvt.obj fact.obj \ - exptmod.obj pi.obj makeprime.obj karatsuba.obj gcd.obj invmod.obj lap.obj \ - isprime.obj dec2hex.obj hex2dec.obj -UTILS = $(UTILOBJS:.obj=.exe) - -$(UTILS): %.exe : %.obj mpi.lib $(LIBS) - $(CC) $(CFLAGS) -Fo$@ $^ - -$(UTILOBJS) $(EXTRAOBJS): %.obj : utils/%.c $(LIBHDRS) - $(CC) $(CFLAGS) -Fo$@ -c $< - -prng.exe: prng.obj bbs_rand.obj mpi.lib $(LIBS) - $(CC) $(CFLAGS) -Fo$@ $^ - -bbsrand.exe: bbsrand.obj bbs_rand.obj mpi.lib $(LIBS) - $(CC) $(CFLAGS) -Fo$@ $^ - -utils: $(UTILS) prng.exe bbsrand.exe - -#--------------------------------------- - -test-info.c: test-arrays.txt - $(PERL) make-test-arrays test-arrays.txt > test-info.c - -mpi-test.obj: mpi-test.c test-info.c $(LIBHDRS) - $(CC) $(CFLAGS) -Fo$@ -c $< - -mpi-test.exe: mpi-test.obj mpi.lib $(LIBS) - $(CC) $(CFLAGS) -Fo$@ $^ - -mdxptest.obj: mdxptest.c $(LIBHDRS) mpi-priv.h - -mdxptest.exe: mdxptest.obj mpi.lib $(LIBS) - $(CC) $(CFLAGS) -Fo$@ $^ - -mulsqr.obj: mulsqr.c logtab.h mpi.h mpi-config.h mpprime.h - $(CC) $(CFLAGS) -DMP_SQUARE=1 -Fo$@ -c mulsqr.c - -mulsqr.exe: mulsqr.obj mpi.lib $(LIBS) - $(CC) $(CFLAGS) -Fo$@ $^ - -#--------------------------------------- - -alltests: tests utests mpi-test.exe - -tools: $(TOOLS) - -doc: - (cd doc; ./build) - -clean: - rm -f *.obj *.lib *.pdb *.ilk - cd utils; rm -f *.obj *.lib *.pdb *.ilk - -distclean: clean - rm -f mptest? mpi-test metime mulsqr karatsuba - rm -f mptest?a mptest?b - rm -f utils/mptest? - rm -f test-info.c logtab.h - rm -f mpi.lib - rm -f $(TOOLS) - -dist: Makefile $(HDRS) $(SRCS) $(DOCS) - tar -cvf mpi-$(VERS).tar Makefile $(HDRS) $(SRCS) $(DOCS) - pgps -ab mpi-$(VERS).tar - chmod +r mpi-$(VERS).tar.asc - gzip -9 mpi-$(VERS).tar - - -print: - @echo LIBOBJS = $(LIBOBJS) -# END diff --git a/security/nss/lib/freebl/mpi/README b/security/nss/lib/freebl/mpi/README deleted file mode 100644 index 3c5cbdaa6..000000000 --- a/security/nss/lib/freebl/mpi/README +++ /dev/null @@ -1,795 +0,0 @@ -The contents of this file are subject to the Mozilla Public -License Version 1.1 (the "License"); you may not use this file -except in compliance with the License. You may obtain a copy of -the License at http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS -IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -implied. See the License for the specific language governing -rights and limitations under the License. - -The Original Code is the MPI Arbitrary Precision Integer Arithmetic -library. - -The Initial Developer of the Original Code is -Michael J. Fromberger - -Portions created by Michael J. Fromberger are -Copyright (C) 1997, 1998, 1999, 2000 Michael J. Fromberger. -All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the -terms of the GNU General Public License Version 2 or later (the -"GPL"), in which case the provisions of the GPL are applicable -instead of those above. If you wish to allow use of your -version of this file only under the terms of the GPL and not to -allow others to use your version of this file under the MPL, -indicate your decision by deleting the provisions above and -replace them with the notice and other provisions required by -the GPL. If you do not delete the provisions above, a recipient -may use your version of this file under either the MPL or the GPL. - -About the MPI Library ---------------------- - -The files 'mpi.h' and 'mpi.c' define a simple, arbitrary precision -signed integer arithmetic package. The implementation is not the most -efficient possible, but the code is small and should be fairly easily -portable to just about any machine that supports an ANSI C compiler, -as long as it is capable of at least 16-bit arithmetic (but also see -below for more on this). - -This library was written with an eye to cryptographic applications; -thus, some care is taken to make sure that temporary values are not -left lying around in memory when they are no longer in use. This adds -some overhead for zeroing buffers before they are released back into -the free pool; however, it gives you the assurance that there is only -one copy of your important values residing in your process's address -space at a time. Obviously, it is difficult to guarantee anything, in -a pre-emptive multitasking environment, but this at least helps you -keep a lid on the more obvious ways your data can get spread around in -memory. - - -Using the Library ------------------ - -To use the MPI library in your program, you must include the header: - -#include "mpi.h" - -This header provides all the type and function declarations you'll -need to use the library. Almost all the names defined by the library -begin with the prefix 'mp_', so it should be easy to keep them from -clashing with your program's namespace (he says, glibly, knowing full -well there are always pathological cases). - -There are a few things you may want to configure about the library. -By default, the MPI library uses an unsigned short for its digit type, -and an unsigned int for its word type. The word type must be big -enough to contain at least two digits, for the primitive arithmetic to -work out. On my machine, a short is 2 bytes and an int is 4 bytes -- -but if you have 64-bit ints, you might want to use a 4-byte digit and -an 8-byte word. I have tested the library using 1-byte digits and -2-byte words, as well. Whatever you choose to do, the things you need -to change are: - -(1) The type definitions for mp_digit and mp_word. - -(2) The macro DIGIT_FMT which tells mp_print() how to display a - single digit. This is just a printf() format string, so you - can adjust it appropriately. - -(3) The macros DIGIT_MAX and MP_WORD_MAX, which specify the - largest value expressible in an mp_digit and an mp_word, - respectively. - -Both the mp_digit and mp_word should be UNSIGNED integer types. The -code relies on having the full positive precision of the type used for -digits and words. - -The remaining type definitions should be left alone, for the most -part. The code in the library does not make any significant -assumptions about the sizes of things, but there is little if any -reason to change the other parameters, so I would recommend you leave -them as you found them. - -The library comes with a Perl script, 'types.pl', which will scan your -current Makefile settings, and attempt to find good definitions for -these types. It relies on a Unix sort of build environment, so it -probably won't work under MacOS or Windows, but it can be convenient -if you're porting to a new flavour of Unix. Just run 'types.pl' at -the command line, and it will spit out its results to the standard -output. - - -Conventions ------------ - -Most functions in the library return a value of type mp_err. This -permits the library to communicate success or various kinds of failure -to the calling program. The return values currently defined are: - - MP_OKAY - okay, operation succeeded, all's well - MP_YES - okay, the answer is yes (same as MP_OKAY) - MP_NO - okay, but answer is no (not MP_OKAY) - MP_MEM - operation ran out of memory - MP_RANGE - input parameter was out of range - MP_BADARG - an invalid input parameter was provided - MP_UNDEF - no output value is defined for this input - -The only function which currently uses MP_UNDEF is mp_invmod(). -Division by zero is undefined, but the division functions will return -MP_RANGE for a zero divisor. MP_BADARG usually means you passed a -bogus mp_int structure to the function. MP_YES and MP_NO are not used -by the library itself; they're defined so you can use them in your own -extensions. - -If you need a readable interpretation of these error codes in your -program, you may also use the mp_strerror() function. This function -takes an mp_err as input, and returns a pointer to a human-readable -string describing the meaning of the error. These strings are stored -as constants within the library, so the caller should not attempt to -modify or free the memory associated with these strings. - -The library represents values in signed-magnitude format. Values -strictly less than zero are negative, all others are considered -positive (zero is positive by fiat). You can access the 'sign' member -of the mp_int structure directly, but better is to use the mp_cmp_z() -function, to find out which side of zero the value lies on. - -Most arithmetic functions have a single-digit variant, as well as the -full arbitrary-precision. An mp_digit is an unsigned value between 0 -and DIGIT_MAX inclusive. The radix is available as RADIX. The number -of bits in a given digit is given as DIGIT_BIT. - -Generally, input parameters are given before output parameters. -Unless otherwise specified, any input parameter can be re-used as an -output parameter, without confusing anything. - -The basic numeric type defined by the library is an mp_int. Virtually -all the functions in the library take a pointer to an mp_int as one of -their parameters. An explanation of how to create and use these -
- -

Problem 23:

- -structures follows. And so, without further ado... - - -Initialization and Cleanup --------------------------- - -The basic numeric type defined by the library is an 'mp_int'. -However, it is not sufficient to simply declare a variable of type -mp_int in your program. These variables also need to be initialized -before they can be used, to allocate the internal storage they require -for computation. - -This is done using one of the following functions: - - mp_init(mp_int *mp); - mp_init_copy(mp_int *mp, mp_int *from); - mp_init_size(mp_int *mp, mp_size p); - -Each of these requires a pointer to a structure of type mp_int. The -basic mp_init() simply initializes the mp_int to a default size, and -sets its value to zero. If you would like to initialize a copy of an -existing mp_int, use mp_init_copy(), where the 'from' parameter is the -mp_int you'd like to make a copy of. The third function, -mp_init_size(), permits you to specify how many digits of precision -should be preallocated for your mp_int. This can help the library -avoid unnecessary re-allocations later on. - -The default precision used by mp_init() can be retrieved using: - - precision = mp_get_prec(); - -This returns the number of digits that will be allocated. You can -change this value by using: - - mp_set_prec(unsigned int prec); - -Any positive value is acceptable -- if you pass zero, the default -precision will be re-set to the compiled-in library default (this is -specified in the header file 'mpi-config.h', and typically defaults to -8 or 16). - -Just as you must allocate an mp_int before you can use it, you must -clean up the structure when you are done with it. This is performed -using the mp_clear() function. Remember that any mp_int that you -create as a local variable in a function must be mp_clear()'d before -that function exits, or else the memory allocated to that mp_int will -be orphaned and unrecoverable. - -To set an mp_int to a given value, the following functions are given: - - mp_set(mp_int *mp, mp_digit d); - mp_set_int(mp_int *mp, long z); - -The mp_set() function sets the mp_int to a single digit value, while -mp_set_int() sets the mp_int to a signed long integer value. - -To set an mp_int to zero, use: - - mp_zero(mp_int *mp); - - -Copying and Moving ------------------- - -If you have two initialized mp_int's, and you want to copy the value -of one into the other, use: - - mp_copy(from, to) - -This takes care of clearing the old value of 'to', and copies the new -value into it. If 'to' is not yet initialized, use mp_init_copy() -instead (see above). - -Note: The library tries, whenever possible, to avoid allocating ----- new memory. Thus, mp_copy() tries first to satisfy the needs - of the copy by re-using the memory already allocated to 'to'. - Only if this proves insufficient will mp_copy() actually - allocate new memory. - - For this reason, if you know a priori that 'to' has enough - available space to hold 'from', you don't need to check the - return value of mp_copy() for memory failure. The USED() - macro tells you how many digits are used by an mp_int, and - the ALLOC() macro tells you how many are allocated. - -If you have two initialized mp_int's, and you want to exchange their -values, use: - - mp_exch(a, b) - -This is better than using mp_copy() with a temporary, since it will -not (ever) touch the memory allocator -- it just swaps the exact -contents of the two structures. The mp_exch() function cannot fail; -if you pass it an invalid structure, it just ignores it, and does -nothing. - - -Basic Arithmetic ----------------- - -Once you have initialized your integers, you can operate on them. The -basic arithmetic functions on full mp_int values are: - -mp_add(a, b, c) - computes c = a + b -mp_sub(a, b, c) - computes c = a - b -mp_mul(a, b, c) - computes c = a * b -mp_sqr(a, b) - computes b = a * a -mp_div(a, b, q, r) - computes q, r such that a = bq + r -mp_div_2d(a, d, q, r) - computes q = a / 2^d, r = a % 2^d -mp_expt(a, b, c) - computes c = a ** b -mp_2expt(a, k) - computes a = 2^k -mp_sqrt(a, c) - computes c = floor(sqrt(a)) - -The mp_div_2d() function efficiently computes division by powers of -two. Either the q or r parameter may be NULL, in which case that -portion of the computation will be discarded. - -The algorithms used for some of the computations here are described in -the following files which are included with this distribution: - -mul.txt Describes the multiplication algorithm -div.txt Describes the division algorithm -expt.txt Describes the exponentiation algorithm -sqrt.txt Describes the square-root algorithm -square.txt Describes the squaring algorithm - -There are single-digit versions of most of these routines, as well. -In the following prototypes, 'd' is a single mp_digit: - -mp_add_d(a, d, c) - computes c = a + d -mp_sub_d(a, d, c) - computes c = a - d -mp_mul_d(a, d, c) - computes c = a * d -mp_mul_2(a, c) - computes c = a * 2 -mp_div_d(a, d, q, r) - computes q, r such that a = bq + r -mp_div_2(a, c) - computes c = a / 2 -mp_expt_d(a, d, c) - computes c = a ** d - -The mp_mul_2() and mp_div_2() functions take advantage of the internal -representation of an mp_int to do multiplication by two more quickly -than mp_mul_d() would. Other basic functions of an arithmetic variety -include: - -mp_zero(a) - assign 0 to a -mp_neg(a, c) - negate a: c = -a -mp_abs(a, c) - absolute value: c = |a| - - -Comparisons ------------ - -Several comparison functions are provided. Each of these, unless -otherwise specified, returns zero if the comparands are equal, < 0 if -the first is less than the second, and > 0 if the first is greater -than the second: - -mp_cmp_z(a) - compare a <=> 0 -mp_cmp_d(a, d) - compare a <=> d, d is a single digit -mp_cmp(a, b) - compare a <=> b -mp_cmp_mag(a, b) - compare |a| <=> |b| -mp_cmp_int(a, z) - compare a <=> z, z is a signed long integer -mp_isodd(a) - return nonzero if odd, zero otherwise -mp_iseven(a) - return nonzero if even, zero otherwise - - -Modular Arithmetic ------------------- - -Modular variations of the basic arithmetic functions are also -supported. These are available if the MP_MODARITH parameter in -mpi-config.h is turned on (it is by default). The modular arithmetic -functions are: - -mp_mod(a, m, c) - compute c = a (mod m), 0 <= c < m -mp_mod_d(a, d, c) - compute c = a (mod d), 0 <= c < d (see below) -mp_addmod(a, b, m, c) - compute c = (a + b) mod m -mp_submod(a, b, m, c) - compute c = (a - b) mod m -mp_mulmod(a, b, m, c) - compute c = (a * b) mod m -mp_sqrmod(a, m, c) - compute c = (a * a) mod m -mp_exptmod(a, b, m, c) - compute c = (a ** b) mod m -mp_exptmod_d(a, d, m, c)- compute c = (a ** d) mod m - -The mp_sqr() function squares its input argument. A call to mp_sqr(a, -c) is identical in meaning to mp_mul(a, a, c); however, if the -MP_SQUARE variable is set true in mpi-config.h (see below), then it -will be implemented with a different algorithm, that is supposed to -take advantage of the redundant computation that takes place during -squaring. Unfortunately, some compilers result in worse performance -on this code, so you can change the behaviour at will. There is a -utility program "mulsqr.c" that lets you test which does better on -your system. - -The mp_sqrmod() function is analogous to the mp_sqr() function; it -uses the mp_sqr() function rather than mp_mul(), and then performs the -modular reduction. This probably won't help much unless you are doing -a lot of them. - -See the file 'square.txt' for a synopsis of the algorithm used. - -Note: The mp_mod_d() function computes a modular reduction around ----- a single digit d. The result is a single digit c. - -Because an inverse is defined for a (mod m) if and only if (a, m) = 1 -(that is, if a and m are relatively prime), mp_invmod() may not be -able to compute an inverse for the arguments. In this case, it -returns the value MP_UNDEF, and does not modify c. If an inverse is -defined, however, it returns MP_OKAY, and sets c to the value of the -inverse (mod m). - -See the file 'redux.txt' for a description of the modular reduction -algorithm used by mp_exptmod(). - - -Greatest Common Divisor ------------------------ - -If The greates common divisor of two values can be found using one of the -following functions: - -mp_gcd(a, b, c) - compute c = (a, b) using binary algorithm -mp_lcm(a, b, c) - compute c = [a, b] = ab / (a, b) -mp_xgcd(a, b, g, x, y) - compute g, x, y so that ax + by = g = (a, b) - -Also provided is a function to compute modular inverses, if they -exist: - -mp_invmod(a, m, c) - compute c = a^-1 (mod m), if it exists - -The function mp_xgcd() computes the greatest common divisor, and also -returns values of x and y satisfying Bezout's identity. This is used -by mp_invmod() to find modular inverses. However, if you do not need -these values, you will find that mp_gcd() is MUCH more efficient, -since it doesn't need all the intermediate values that mp_xgcd() -requires in order to compute x and y. - -The mp_gcd() (and mp_xgcd()) functions use the binary (extended) GCD -algorithm due to Josef Stein. - - -Input & Output Functions ------------------------- - -The following basic I/O routines are provided. These are present at -all times: - -mp_read_radix(mp, str, r) - convert a string in radix r to an mp_int -mp_read_raw(mp, s, len) - convert a string of bytes to an mp_int -mp_radix_size(mp, r) - return length of buffer needed by mp_toradix() -mp_raw_size(mp) - return length of buffer needed by mp_toraw() -mp_toradix(mp, str, r) - convert an mp_int to a string of radix r - digits -mp_toraw(mp, str) - convert an mp_int to a string of bytes -mp_tovalue(ch, r) - convert ch to its value when taken as - a radix r digit, or -1 if invalid -mp_strerror(err) - get a string describing mp_err value 'err' - -If you compile the MPI library with MP_IOFUNC defined, you will also -have access to the following additional I/O function: - -mp_print(mp, ofp) - print an mp_int as text to output stream ofp - -Note that mp_radix_size() returns a size in bytes guaranteed to be AT -LEAST big enough for the digits output by mp_toradix(). Because it -uses an approximation technique to figure out how many digits will be -needed, it may return a figure which is larger than necessary. Thus, -the caller should not rely on the value to determine how many bytes -will actually be written by mp_toradix(). The string mp_toradix() -creates will be NUL terminated, so the standard C library function -strlen() should be able to ascertain this for you, if you need it. - -The mp_read_radix() and mp_toradix() functions support bases from 2 to -64 inclusive. If you require more general radix conversion facilities -than this, you will need to write them yourself (that's why mp_div_d() -is provided, after all). - -Note: mp_read_radix() will accept as digits either capital or ----- lower-case letters. However, the current implementation of - mp_toradix() only outputs upper-case letters, when writing - bases betwee 10 and 36. The underlying code supports using - lower-case letters, but the interface stub does not have a - selector for it. You can add one yourself if you think it - is worthwhile -- I do not. Bases from 36 to 64 use lower- - case letters as distinct from upper-case. Bases 63 and - 64 use the characters '+' and '/' as digits. - - Note also that compiling with MP_IOFUNC defined will cause - inclusion of , so if you are trying to write code - which does not depend on the standard C library, you will - probably want to avoid this option. This is needed because - the mp_print() function takes a standard library FILE * as - one of its parameters, and uses the fprintf() function. - -The mp_toraw() function converts the integer to a sequence of bytes, -in big-endian ordering (most-significant byte first). Assuming your -bytes are 8 bits wide, this corresponds to base 256. The sign is -encoded as a single leading byte, whose value is 0 for zero or -positive values, or 1 for negative values. The mp_read_raw() function -reverses this process -- it takes a buffer of bytes, interprets the -first as a sign indicator (0 = zero/positive, nonzero = negative), and -the rest as a sequence of 1-byte digits in big-endian ordering. - -The mp_raw_size() function returns the exact number of bytes required -to store the given integer in "raw" format (as described in the -previous paragraph). Zero is returned in case of error; a valid -integer will require at least three bytes of storage. - -In previous versions of the MPI library, an "external representation -format" was supported. This was removed, however, because I found I -was never using it, it was not as portable as I would have liked, and -I decided it was a waste of space. - - -Other Functions ---------------- - -The files 'mpprime.h' and 'mpprime.c' define some routines which are -useful for divisibility testing and probabilistic primality testing. -The routines defined are: - -mpp_divis(a, b) - is a divisible by b? -mpp_divis_d(a, d) - is a divisible by digit d? -mpp_random(a) - set a to random value at current precision -mpp_random_size(a, prec) - set a to random value at given precision - -Note: The mpp_random() and mpp_random_size() functions use the C ----- library's rand() function to generate random values. It is - up to the caller to seed this generator before it is called. - These functions are not suitable for generating quantities - requiring cryptographic-quality randomness; they are intended - primarily for use in primality testing. - - Note too that the MPI library does not call srand(), so your - application should do this, if you ever want the sequence - to change. - -mpp_divis_vector(a, v, s, w) - is a divisible by any of the s digits - in v? If so, let w be the index of - that digit - -mpp_divis_primes(a, np) - is a divisible by any of the first np - primes? If so, set np to the prime - which divided a. - -mpp_fermat(a, d) - test if w^a = w (mod a). If so, - returns MP_YES, otherwise MP_NO. - -mpp_pprime(a, nt) - perform nt iterations of the Rabin- - Miller probabilistic primality test - on a. Returns MP_YES if all tests - passed, or MP_NO if any test fails. - -The mpp_fermat() function works based on Fermat's little theorem, a -consequence of which is that if p is a prime, and (w, p) = 1, then: - - w^p = w (mod p) - -Put another way, if w^p != w (mod p), then p is not prime. The test -is expensive to compute, but it helps to quickly eliminate an enormous -class of composite numbers prior to Rabin-Miller testing. - -Building the Library --------------------- - -The MPI library is designed to be as self-contained as possible. You -should be able to compile it with your favourite ANSI C compiler, and -link it into your program directly. If you are on a Unix system using -the GNU C compiler (gcc), the following should work: - -% gcc -ansi -pedantic -Wall -O2 -c mpi.c - -The file 'mpi-config.h' defines several configurable parameters for -the library, which you can adjust to suit your application. At the -time of this writing, the available options are: - -MP_IOFUNC - Define true to include the mp_print() function, - which is moderately useful for debugging. This - implicitly includes . - -MP_MODARITH - Define true to include the modular arithmetic - functions. If you don't need modular arithmetic - in your application, you can set this to zero to - leave out all the modular routines. - -MP_NUMTH - Define true to include number theoretic functions - such as mp_gcd(), mp_lcm(), and mp_invmod(). - -MP_LOGTAB - If true, the file "logtab.h" is included, which - is basically a static table of base 2 logarithms. - These are used to compute how big the buffers for - radix conversion need to be. If you set this false, - the library includes and uses log(). This - typically forces you to link against math libraries. - -MP_MEMSET - If true, use memset() to zero buffers. If you run - into weird alignment related bugs, set this to zero - and an explicit loop will be used. - -MP_MEMCPY - If true, use memcpy() to copy buffers. If you run - into weird alignment bugs, set this to zero and an - explicit loop will be used. - -MP_CRYPTO - If true, whenever arrays of digits are free'd, they - are zeroed first. This is useful if you're using - the library in a cryptographic environment; however, - it does add overhead to each free operation. For - performance, if you don't care about zeroing your - buffers, set this to false. - -MP_ARGCHK - Set to 0, 1, or 2. This defines how the argument - checking macro, ARGCHK(), gets expanded. If this - is set to zero, ARGCHK() expands to nothing; no - argument checks are performed. If this is 1, the - ARGCHK() macro expands to code that returns MP_BADARG - or similar at runtime. If it is 2, ARGCHK() expands - to an assert() call that aborts the program on a - bad input. - -MP_DEBUG - Turns on debugging output. This is probably not at - all useful unless you are debugging the library. It - tends to spit out a LOT of output. - -MP_DEFPREC - The default precision of a newly-created mp_int, in - digits. The precision can be changed at runtime by - the mp_set_prec() function, but this is its initial - value. - -MP_SQUARE - If this is set to a nonzero value, the mp_sqr() - function will use an alternate algorithm that takes - advantage of the redundant inner product computation - when both multiplicands are identical. Unfortunately, - with some compilers this is actually SLOWER than just - calling mp_mul() with the same argument twice. So - if you set MP_SQUARE to zero, mp_sqr() will be expan- - ded into a call to mp_mul(). This applies to all - the uses of mp_sqr(), including mp_sqrmod() and the - internal calls to s_mp_sqr() inside mpi.c - - The program 'mulsqr' (mulsqr.c) can be used to test - which works best for your configuration. Set up the - CC and CFLAGS variables in the Makefile, then type: - - make mulsqr - - Invoke it with arguments similar to the following: - - mulsqr 25000 1024 - - That is, 25000 products computed on 1024-bit values. - The output will compare the two timings, and recommend - a setting for MP_SQUARE. It is off by default. - -If you would like to use the mp_print() function (see above), be sure -to define MP_IOFUNC in mpi-config.h. Many of the test drivers in the -'tests' subdirectory expect this to be defined (although the test -driver 'mpi-test' doesn't need it) - -The Makefile which comes with the library should take care of building -the library for you, if you have set the CC and CFLAGS variables at -the top of the file appropriately. By default, they are set up to -use the GNU C compiler: - -CC=gcc -CFLAGS=-ansi -pedantic -Wall -O2 - -If all goes well, the library should compile without warnings using -this combination. You should, of course, make whatever adjustments -you find necessary. - -The MPI library distribution comes with several additional programs -which are intended to demonstrate the use of the library, and provide -a framework for testing it. There are a handful of test driver -programs, in the files named 'mptest-X.c', where X is a digit. Also, -there are some simple command-line utilities (in the 'utils' -directory) for manipulating large numbers. These include: - -basecvt.c A radix-conversion program, supporting bases from - 2 to 64 inclusive. - -bbsrand.c A BBS (quadratic residue) pseudo-random number - generator. The file 'bbsrand.c' is just the driver - for the program; the real code lives in the files - 'bbs_rand.h' and 'bbs_rand.c' - -dec2hex.c Converts decimal to hexadecimal - -gcd.c Computes the greatest common divisor of two values. - If invoked as 'xgcd', also computes constants x and - y such that (a, b) = ax + by, in accordance with - Bezout's identity. - -hex2dec.c Converts hexadecimal to decimal - -invmod.c Computes modular inverses - -isprime.c Performs the Rabin-Miller probabilistic primality - test on a number. Values which fail this test are - definitely composite, and those which pass are very - likely to be prime (although there are no guarantees) - -lap.c Computes the order (least annihilating power) of - a value v modulo m. Very dumb algorithm. - -primegen.c Generates large (probable) primes. - -prng.c A pseudo-random number generator based on the - BBS generator code in 'bbs_rand.c' - -sieve.c Implements the Sieve of Eratosthenes, using a big - bitmap, to generate a list of prime numbers. - -fact.c Computes the factorial of an arbitrary precision - integer (iterative). - -exptmod.c Computes arbitrary precision modular exponentiation - from the command line (exptmod a b m -> a^b (mod m)) - -Most of these can be built from the Makefile that comes with the -library. Try 'make tools', if your environment supports it. (If you -are compiling on a Macintosh, I'm afraid you'll have to build them by -hand -- fortunately, this is not difficult -- the library itself -should compile just fine under Metrowerks CodeWarrior). - - -Testing the Library -------------------- - -Automatic test vectors are included, in the form of a program called -'mpi-test'. To build this program and run all the tests, simply -invoke the shell script 'all-tests'. If all the tests pass, you -should see a message: - - All tests passed - -If something went wrong, you'll get: - - One or more tests failed. - -If this happens, scan back through the preceding lines, to see which -test failed. Any failure indicates a bug in the library, which needs -to be fixed before it will give accurate results. If you get any such -thing, please let me know, and I'll try to fix it. Please let me know -what platform and compiler you were using, as well as which test -failed. If a reason for failure was given, please send me that text -as well. - -If you're on a system such as the Macintosh, where the standard Unix -build tools don't work, you can build the 'mpi-test' program manually, -and run it by hand. This is tedious and obnoxious, sorry. - -Further manual testing can be performed by building the manual testing -programs, whose source is found in the 'tests' subdirectory. Each -test is in a source file called 'mptest-X.c'. The Makefile contains a -target to build all of them at once: - - make tests - -Read the comments at the top of each source file to see what the -driver is supposed to test. You probably don't need to do this; these -programs were only written to help me as I was developing the library. - -The relevant files are: - -mpi-test.c The source for the test driver - -make-test-arrays A Perl script to generate some of the internal - data structures used by mpi-test.c - -test-arrays.txt The source file for make-test-arrays - -all-tests A Bourne shell script which runs all the - tests in the mpi-test suite - -Running 'make mpi-test' should build the mpi-test program. If you -cannot use make, here is what needs to be done: - -(1) Use 'make-test-arrays' to generate the file 'test-info.c' from - the 'test-arrays.txt' file. Since Perl can be found everywhere, - even on the Macintosh, this should be no trouble. Under Unix, - this looks like: - - make-test-arrays test-arrays.txt > test-info.c - -(2) Build the MPI library: - - gcc -ansi -pedantic -Wall -c mpi.c - -(3) Build the mpi-test program: - - gcc -ansi -pedantic -Wall -o mpi-test mpi.o mpi-test.c - -When you've got mpi-test, you can use 'all-tests' to run all the tests -made available by mpi-test. If any of them fail, there should be a -diagnostic indicating what went wrong. These are fairly high-level -diagnostics, and won't really help you debug the problem; they're -simply intended to help you isolate which function caused the problem. -If you encounter a problem of this sort, feel free to e-mail me, and I -will certainly attempt to help you debug it. - -Note: Several of the tests hard-wired into 'mpi-test' operate under ----- the assumption that you are using at least a 16-bit mp_digit - type. If that is not true, several tests might fail, because - of range problems with the maximum digit value. - - If you are using an 8-bit digit, you will also need to - modify the code for mp_read_raw(), which assumes that - multiplication by 256 can be done with mp_mul_d(), a - fact that fails when DIGIT_MAX is 255. You can replace - the call with s_mp_lshd(), which will give you the same - effect, and without doing as much work. :) - -Acknowledgements: ----------------- - -The algorithms used in this library were drawn primarily from Volume -2 of Donald Knuth's magnum opus, _The Art of Computer Programming_, -"Semi-Numerical Methods". Barrett's algorithm for modular reduction -came from Menezes, Oorschot, and Vanstone's _Handbook of Applied -Cryptography_, Chapter 14. - -Thanks are due to Tom St. Denis, for finding an obnoxious sign-related -bug in mp_read_raw() that made things break on platforms which use -signed chars. - -About the Author ----------------- - -This software was written by Michael J. Fromberger. You can contact -the author as follows: - -E-mail: - -Postal: 8000 Cummings Hall, Thayer School of Engineering - Dartmouth College, Hanover, New Hampshire, USA - -PGP key: http://linguist.dartmouth.edu/~sting/keys/mjf.html - 9736 188B 5AFA 23D6 D6AA BE0D 5856 4525 289D 9907 - -Last updated: 16-Jan-2000 diff --git a/security/nss/lib/freebl/mpi/all-tests b/security/nss/lib/freebl/mpi/all-tests deleted file mode 100755 index fa60e95ed..000000000 --- a/security/nss/lib/freebl/mpi/all-tests +++ /dev/null @@ -1,112 +0,0 @@ -#!/bin/sh -## The contents of this file are subject to the Mozilla Public -## License Version 1.1 (the "License"); you may not use this file -## except in compliance with the License. You may obtain a copy of -## the License at http://www.mozilla.org/MPL/ -## -## Software distributed under the License is distributed on an "AS -## IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -## implied. See the License for the specific language governing -## rights and limitations under the License. -## -## The Original Code is the MPI Arbitrary Precision Integer Arithmetic -## library. -## -## The Initial Developer of the Original Code is -## Michael J. Fromberger -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 1997, 1998, 1999, 2000 Michael J. Fromberger. -## All Rights Reserved. -## -## Contributor(s): -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the GPL. - -ECHO=/bin/echo -MAKE=gmake - -$ECHO "\n** Running unit tests for MPI library\n" - -# Build the mpi-test program, which comprises all the unit tests for -# the MPI library... - -$ECHO "Bringing mpi-test up to date ... " -if $MAKE mpi-test ; then - : -else - $ECHO " " - $ECHO "Make failed to build mpi-test." - $ECHO " " - exit 1 -fi - -if [ ! -x mpi-test ] ; then - $ECHO " " - $ECHO "Cannot find 'mpi-test' program, testing cannot continue." - $ECHO " " - exit 1 -fi - -# Get the list of available test suites... -tests=`mpi-test list | awk '{print $1}'` -errs=0 - -# Run each test suite and check the result code of mpi-test -for test in $tests ; do - $ECHO "$test ... \c" - if mpi-test $test ; then - $ECHO "passed" - else - $ECHO "FAILED" - errs=1 - fi -done - -# If any tests failed, we'll stop at this point -if [ "$errs" = "0" ] ; then - $ECHO "All unit tests passed" -else - $ECHO "One or more tests failed" - exit 1 -fi - -# Now try to build the 'pi' program, and see if it can compute the -# first thousand digits of pi correctly -$ECHO "\n** Running other tests\n" - -$ECHO "Bringing 'pi' up to date ... " -if $MAKE pi ; then - : -else - $ECHO "\nMake failed to build pi.\n" - exit 1 -fi - -if [ ! -x pi ] ; then - $ECHO "\nCannot find 'pi' program; testing cannot continue.\n" - exit 1 -fi - -./pi 2000 > /tmp/pi.tmp.$$ -if cmp tests/pi2k.txt /tmp/pi.tmp.$$ ; then - $ECHO "Okay! The pi test passes." -else - $ECHO "Oops! The pi test failed. :(" - exit 1 -fi - -rm -f /tmp/pi.tmp.$$ - -exit 0 - -# Here there be dragons diff --git a/security/nss/lib/freebl/mpi/doc/LICENSE b/security/nss/lib/freebl/mpi/doc/LICENSE deleted file mode 100644 index 35cca68ce..000000000 --- a/security/nss/lib/freebl/mpi/doc/LICENSE +++ /dev/null @@ -1,11 +0,0 @@ -Within this directory, each of the file listed below is licensed under -the terms given in the file LICENSE-MPL, also in this directory. - -basecvt.pod -gcd.pod -invmod.pod -isprime.pod -lap.pod -mpi-test.pod -prime.txt -prng.pod diff --git a/security/nss/lib/freebl/mpi/doc/LICENSE-MPL b/security/nss/lib/freebl/mpi/doc/LICENSE-MPL deleted file mode 100644 index 9ff410e4b..000000000 --- a/security/nss/lib/freebl/mpi/doc/LICENSE-MPL +++ /dev/null @@ -1,32 +0,0 @@ -The contents of this file are subject to the Mozilla Public -License Version 1.1 (the "License"); you may not use this file -except in compliance with the License. You may obtain a copy of -the License at http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS -IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -implied. See the License for the specific language governing -rights and limitations under the License. - -The Original Code is the Netscape security libraries. - -The Initial Developer of the Original Code is Netscape -Communications Corporation. Portions created by Netscape are -Copyright (C) 1994-2000 Netscape Communications Corporation. All -Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the -terms of the GNU General Public License Version 2 or later (the -"GPL"), in which case the provisions of the GPL are applicable -instead of those above. If you wish to allow use of your -version of this file only under the terms of the GPL and not to -allow others to use your version of this file under the MPL, -indicate your decision by deleting the provisions above and -replace them with the notice and other provisions required by -the GPL. If you do not delete the provisions above, a recipient -may use your version of this file under either the MPL or the -GPL. - - diff --git a/security/nss/lib/freebl/mpi/doc/basecvt.pod b/security/nss/lib/freebl/mpi/doc/basecvt.pod deleted file mode 100644 index 5c072ccd6..000000000 --- a/security/nss/lib/freebl/mpi/doc/basecvt.pod +++ /dev/null @@ -1,63 +0,0 @@ -=head1 NAME - - basecvt - radix conversion for arbitrary precision integers - -=head1 SYNOPSIS - - basecvt [values] - -=head1 DESCRIPTION - -The B program is a command-line tool for converting integers -of arbitrary precision from one radix to another. The current version -supports radix values from 2 (binary) to 64, inclusive. The first two -command line arguments specify the input and output radix, in base 10. -Any further arguments are taken to be integers notated in the input -radix, and these are converted to the output radix. The output is -written, one integer per line, to standard output. - -When reading integers, only digits considered "valid" for the input -radix are considered. Processing of an integer terminates when an -invalid input digit is encountered. So, for example, if you set the -input radix to 10 and enter '10ACF', B would assume that you -had entered '10' and ignore the rest of the string. - -If no values are provided, no output is written, but the program -simply terminates with a zero exit status. Error diagnostics are -written to standard error in the event of out-of-range radix -specifications. Regardless of the actual values of the input and -output radix, the radix arguments are taken to be in base 10 (decimal) -notation. - -=head1 DIGITS - -For radices from 2-10, standard ASCII decimal digits 0-9 are used for -both input and output. For radices from 11-36, the ASCII letters A-Z -are also included, following the convention used in hexadecimal. In -this range, input is accepted in either upper or lower case, although -on output only lower-case letters are used. - -For radices from 37-62, the output includes both upper- and lower-case -ASCII letters, and case matters. In this range, case is distinguished -both for input and for output values. - -For radices 63 and 64, the characters '+' (plus) and '/' (forward -solidus) are also used. These are derived from the MIME base64 -encoding scheme. The overall encoding is not the same as base64, -because the ASCII digits are used for the bottom of the range, and the -letters are shifted upward; however, the output will consist of the -same character set. - -This input and output behaviour is inherited from the MPI library used -by B, and so is not configurable at runtime. - -=head1 SEE ALSO - - dec2hex(1), hex2dec(1) - -=head1 AUTHOR - - Michael J. Fromberger - Thayer School of Engineering, Hanover, New Hampshire, USA - - $Date$ diff --git a/security/nss/lib/freebl/mpi/doc/build b/security/nss/lib/freebl/mpi/doc/build deleted file mode 100755 index 5b6f921fc..000000000 --- a/security/nss/lib/freebl/mpi/doc/build +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/sh -## The contents of this file are subject to the Mozilla Public -## License Version 1.1 (the "License"); you may not use this file -## except in compliance with the License. You may obtain a copy of -## the License at http://www.mozilla.org/MPL/ -## -## Software distributed under the License is distributed on an "AS -## IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -## implied. See the License for the specific language governing -## rights and limitations under the License. -## -## The Original Code is the MPI Arbitrary Precision Integer Arithmetic -## library. -## -## The Initial Developer of the Original Code is -## Michael J. Fromberger -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. -## -## Contributor(s): -## Netscape Communications Corporation -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the -## GPL. -## -## $Id$ -## - -VERS="1.7p6" -SECT="1" -NAME="MPI Tools" - -echo "Building manual pages ..." -case $# in - 0) - files=`ls *.pod` - ;; - *) - files=$* - ;; -esac - -for name in $files -do - echo -n "$name ... " -# sname=`noext $name` - sname=`basename $name .pod` - pod2man --section="$SECT" --center="$NAME" --release="$VERS" $name > $sname.$SECT - echo "(done)" -done - -echo "Finished building." - diff --git a/security/nss/lib/freebl/mpi/doc/div.txt b/security/nss/lib/freebl/mpi/doc/div.txt deleted file mode 100644 index b1ca744e1..000000000 --- a/security/nss/lib/freebl/mpi/doc/div.txt +++ /dev/null @@ -1,96 +0,0 @@ -Division - -This describes the division algorithm used by the MPI library. - -Input: a, b; a > b -Compute: Q, R; a = Qb + R - -The input numbers are normalized so that the high-order digit of b is -at least half the radix. This guarantees that we have a reasonable -way to guess at the digits of the quotient (this method was taken from -Knuth, vol. 2, with adaptations). - -To normalize, test the high-order digit of b. If it is less than half -the radix, multiply both a and b by d, where: - - radix - 1 - d = ----------- - bmax + 1 - -...where bmax is the high-order digit of b. Otherwise, set d = 1. - -Given normalize values for a and b, let the notation a[n] denote the -nth digit of a. Let #a be the number of significant figures of a (not -including any leading zeroes). - - Let R = 0 - Let p = #a - 1 - - while(p >= 0) - do - R = (R * radix) + a[p] - p = p - 1 - while(R < b and p >= 0) - - if(R < b) - break - - q = (R[#R - 1] * radix) + R[#R - 2] - q = q / b[#b - 1] - - T = b * q - - while(T > L) - q = q - 1 - T = T - b - endwhile - - L = L - T - - Q = (Q * radix) + q - - endwhile - -At this point, Q is the quotient, and R is the normalized remainder. -To denormalize R, compute: - - R = (R / d) - -At this point, you are finished. - ------------------------------------------------------------------- -The contents of this file are subject to the Mozilla Public -License Version 1.1 (the "License"); you may not use this file -except in compliance with the License. You may obtain a copy of -the License at http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS -IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -implied. See the License for the specific language governing -rights and limitations under the License. - -The Original Code is the MPI Arbitrary Precision Integer Arithmetic -library. - -The Initial Developer of the Original Code is -Michael J. Fromberger - -Portions created by Michael J. Fromberger are -Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the -terms of the GNU General Public License Version 2 or later (the -"GPL"), in which case the provisions of the GPL are applicable -instead of those above. If you wish to allow use of your -version of this file only under the terms of the GPL and not to -allow others to use your version of this file under the MPL, -indicate your decision by deleting the provisions above and -replace them with the notice and other provisions required by -the GPL. If you do not delete the provisions above, a recipient -may use your version of this file under either the MPL or the GPL. - -$Id$ - - diff --git a/security/nss/lib/freebl/mpi/doc/expt.txt b/security/nss/lib/freebl/mpi/doc/expt.txt deleted file mode 100644 index 4c12eb2af..000000000 --- a/security/nss/lib/freebl/mpi/doc/expt.txt +++ /dev/null @@ -1,127 +0,0 @@ -Exponentiation - -For exponentiation, the MPI library uses a simple and fairly standard -square-and-multiply method. The algorithm is this: - -Input: a, b -Output: a ** b - - s = 1 - - while(b != 0) - if(b is odd) - s = s * a - endif - - b = b / 2 - - x = x * x - endwhile - - return s - -The modular exponentiation is done the same way, except replacing: - - s = s * a - -with - s = (s * a) mod m - -and replacing - - x = x * x - -with - - x = (x * x) mod m - -Here is a sample exponentiation using the MPI library, as compared to -the same problem solved by the Unix 'bc' program on my system: - -Computation of 2,381,283 ** 235 - -'bc' says: - -4385CA4A804D199FBEAD95FAD0796FAD0D0B51FC9C16743C45568C789666985DB719\ -4D90E393522F74C9601262C0514145A49F3B53D00983F95FDFCEA3D0043ECEF6227E\ -6FB59C924C3EE74447B359B5BF12A555D46CB819809EF423F004B55C587D6F0E8A55\ -4988036A42ACEF9F71459F97CEF6E574BD7373657111648626B1FF8EE15F663B2C0E\ -6BBE5082D4CDE8E14F263635AE8F35DB2C280819517BE388B5573B84C5A19C871685\ -FD408A6471F9D6AFAF5129A7548EAE926B40874B340285F44765BF5468CE20A13267\ -CD88CE6BC786ACED36EC7EA50F67FF27622575319068A332C3C0CB23E26FB55E26F4\ -5F732753A52B8E2FB4D4F42D894242613CA912A25486C3DEC9C66E5DB6182F6C1761\ -CF8CD0D255BE64B93836B27D452AE38F950EB98B517D4CF50D48F0165EF0CCCE1F5C\ -49BF18219FDBA0EEDD1A7E8B187B70C2BAED5EC5C6821EF27FAFB1CFF70111C52235\ -5E948B93A015AA1AE152B110BB5658CB14D3E45A48BFE7F082C1182672A455A695CD\ -A1855E8781E625F25B41B516E77F589FA420C3B058861EA138CF7A2C58DB3C7504FD\ -D29554D78237834CC5AE710D403CC4F6973D5012B7E117A8976B14A0B5AFA889BD47\ -92C461F0F96116F00A97AE9E83DC5203680CAF9A18A062566C145650AB86BE4F907F\ -A9F7AB4A700B29E1E5BACCD6DCBFA513E10832815F710807EED2E279081FEC61D619\ -AB270BEB3D3A1787B35A9DD41A8766CF21F3B5C693B3BAB1C2FA14A4ED202BC35743\ -E5CBE2391624D4F8C9BFBBC78D69764E7C6C5B11BF005677BFAD17D9278FFC1F158F\ -1B3683FF7960FA0608103792C4163DC0AF3E06287BB8624F8FE3A0FFBDF82ACECA2F\ -CFFF2E1AC93F3CA264A1B - -MPI says: - -4385CA4A804D199FBEAD95FAD0796FAD0D0B51FC9C16743C45568C789666985DB719\ -4D90E393522F74C9601262C0514145A49F3B53D00983F95FDFCEA3D0043ECEF6227E\ -6FB59C924C3EE74447B359B5BF12A555D46CB819809EF423F004B55C587D6F0E8A55\ -4988036A42ACEF9F71459F97CEF6E574BD7373657111648626B1FF8EE15F663B2C0E\ -6BBE5082D4CDE8E14F263635AE8F35DB2C280819517BE388B5573B84C5A19C871685\ -FD408A6471F9D6AFAF5129A7548EAE926B40874B340285F44765BF5468CE20A13267\ -CD88CE6BC786ACED36EC7EA50F67FF27622575319068A332C3C0CB23E26FB55E26F4\ -5F732753A52B8E2FB4D4F42D894242613CA912A25486C3DEC9C66E5DB6182F6C1761\ -CF8CD0D255BE64B93836B27D452AE38F950EB98B517D4CF50D48F0165EF0CCCE1F5C\ -49BF18219FDBA0EEDD1A7E8B187B70C2BAED5EC5C6821EF27FAFB1CFF70111C52235\ -5E948B93A015AA1AE152B110BB5658CB14D3E45A48BFE7F082C1182672A455A695CD\ -A1855E8781E625F25B41B516E77F589FA420C3B058861EA138CF7A2C58DB3C7504FD\ -D29554D78237834CC5AE710D403CC4F6973D5012B7E117A8976B14A0B5AFA889BD47\ -92C461F0F96116F00A97AE9E83DC5203680CAF9A18A062566C145650AB86BE4F907F\ -A9F7AB4A700B29E1E5BACCD6DCBFA513E10832815F710807EED2E279081FEC61D619\ -AB270BEB3D3A1787B35A9DD41A8766CF21F3B5C693B3BAB1C2FA14A4ED202BC35743\ -E5CBE2391624D4F8C9BFBBC78D69764E7C6C5B11BF005677BFAD17D9278FFC1F158F\ -1B3683FF7960FA0608103792C4163DC0AF3E06287BB8624F8FE3A0FFBDF82ACECA2F\ -CFFF2E1AC93F3CA264A1B - -Diff says: -% diff bc.txt mp.txt -% - ------------------------------------------------------------------- -The contents of this file are subject to the Mozilla Public -License Version 1.1 (the "License"); you may not use this file -except in compliance with the License. You may obtain a copy of -the License at http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS -IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -implied. See the License for the specific language governing -rights and limitations under the License. - -The Original Code is the MPI Arbitrary Precision Integer Arithmetic -library. - -The Initial Developer of the Original Code is -Michael J. Fromberger - -Portions created by Michael J. Fromberger are -Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the -terms of the GNU General Public License Version 2 or later (the -"GPL"), in which case the provisions of the GPL are applicable -instead of those above. If you wish to allow use of your -version of this file only under the terms of the GPL and not to -allow others to use your version of this file under the MPL, -indicate your decision by deleting the provisions above and -replace them with the notice and other provisions required by -the GPL. If you do not delete the provisions above, a recipient -may use your version of this file under either the MPL or the GPL. - -$Id$ - - - diff --git a/security/nss/lib/freebl/mpi/doc/gcd.pod b/security/nss/lib/freebl/mpi/doc/gcd.pod deleted file mode 100644 index 53b955f7e..000000000 --- a/security/nss/lib/freebl/mpi/doc/gcd.pod +++ /dev/null @@ -1,27 +0,0 @@ -=head1 NAME - - gcd - compute greatest common divisor of two integers - -=head1 SYNOPSIS - - gcd - -=head1 DESCRIPTION - -The B program computes the greatest common divisor of two -arbitrary-precision integers I and I. The result is written in -standard decimal notation to the standard output. - -If I is zero, B will print an error message and exit. - -=head1 SEE ALSO - -invmod(1), isprime(1), lap(1) - -=head1 AUTHOR - - Michael J. Fromberger - Thayer School of Engineering, Hanover, New Hampshire, USA - - $Date$ - diff --git a/security/nss/lib/freebl/mpi/doc/invmod.pod b/security/nss/lib/freebl/mpi/doc/invmod.pod deleted file mode 100644 index faa8f9d0c..000000000 --- a/security/nss/lib/freebl/mpi/doc/invmod.pod +++ /dev/null @@ -1,33 +0,0 @@ -=head1 NAME - - invmod - compute modular inverse of an integer - -=head1 SYNOPSIS - - invmod - -=head1 DESCRIPTION - -The B program computes the inverse of I, modulo I, if -that inverse exists. Both I and I are arbitrary-precision -integers in decimal notation. The result is written in standard -decimal notation to the standard output. - -If there is no inverse, the message: - - No inverse - -...will be printed to the standard output (an inverse exists if and -only if the greatest common divisor of I and I is 1). - -=head1 SEE ALSO - -gcd(1), isprime(1), lap(1) - -=head1 AUTHOR - - Michael J. Fromberger - Thayer School of Engineering, Hanover, New Hampshire, USA - - $Date$ - diff --git a/security/nss/lib/freebl/mpi/doc/isprime.pod b/security/nss/lib/freebl/mpi/doc/isprime.pod deleted file mode 100644 index a17c1c1bd..000000000 --- a/security/nss/lib/freebl/mpi/doc/isprime.pod +++ /dev/null @@ -1,62 +0,0 @@ -=head1 NAME - - isprime - probabilistic primality testing - -=head1 SYNOPSIS - - isprime - -=head1 DESCRIPTION - -The B program attempts to determine whether the arbitrary -precision integer I is prime. It first tests I for divisibility -by the first 170 or so small primes, and assuming I is not -divisible by any of these, applies 15 iterations of the Rabin-Miller -probabilistic primality test. - -If the program discovers that the number is composite, it will print: - - Not prime (reason) - -Where I is either: - - divisible by small prime x - -Or: - - failed nth pseudoprime test - -In the first case, I indicates the first small prime factor that -was found. In the second case, I indicates which of the -pseudoprime tests failed (numbered from 1) - -If this happens, the number is definitely not prime. However, if the -number succeeds, this message results: - - Probably prime, 1 in 4^15 chance of false positive - -If this happens, the number is prime with very high probability, but -its primality has not been absolutely proven, only demonstrated to a -very convincing degree. - -The value I can be input in standard decimal notation, or, if it is -prefixed with I, it will be read as hexadecimal. - -=head1 ENVIRONMENT - -You can control how many iterations of Rabin-Miller are performed on -the candidate number by setting the I environment variable -to an integer value before starting up B. This will change -the output slightly if the number passes all the tests. - -=head1 SEE ALSO - -gcd(1), invmod(1), lap(1) - -=head1 AUTHOR - - Michael J. Fromberger - Thayer School of Engineering, Hanover, New Hampshire, USA - - $Date$ - diff --git a/security/nss/lib/freebl/mpi/doc/lap.pod b/security/nss/lib/freebl/mpi/doc/lap.pod deleted file mode 100644 index ac100639b..000000000 --- a/security/nss/lib/freebl/mpi/doc/lap.pod +++ /dev/null @@ -1,35 +0,0 @@ -=head1 NAME - - lap - compute least annihilating power of a number - -=head1 SYNOPSIS - - lap - -=head1 DESCRIPTION - -The B program computes the order of I modulo I, for -arbitrary precision integers I and I. The B of I -modulo I is defined as the smallest positive value I for which -I raised to the Ith power, modulo I, is equal to 1. The -order may not exist, if I is composite. - -=head1 RESTRICTIONS - -This program is very slow, especially for large moduli. It is -intended as a way to help find primitive elements in a modular field, -but it does not do so in a particularly inefficient manner. It was -written simply to help verify that a particular candidate does not -have an obviously short cycle mod I. - -=head1 SEE ALSO - -gcd(1), invmod(1), isprime(1) - -=head1 AUTHOR - - Michael J. Fromberger - Thayer School of Engineering, Hanover, New Hampshire, USA - - $Date$ - diff --git a/security/nss/lib/freebl/mpi/doc/mpi-test.pod b/security/nss/lib/freebl/mpi/doc/mpi-test.pod deleted file mode 100644 index 16050f09f..000000000 --- a/security/nss/lib/freebl/mpi/doc/mpi-test.pod +++ /dev/null @@ -1,49 +0,0 @@ -=head1 NAME - - mpi-test - automated test program for MPI library - -=head1 SYNOPSIS - - mpi-test [quiet] - mpi-test list - mpi-test help - -=head1 DESCRIPTION - -The B program is a general unit test driver for the MPI -library. It is used to verify that the library works as it is -supposed to on your architecture. As with most such things, passing -all the tests in B does not guarantee the code is correct, -but if any of them fail, there are certainly problems. - -Each major function of the library can be tested individually. For a -list of the test suites understood by B, run it with the -I command line option: - - mpi-test list - -This will display a list of the available test suites and a brief -synopsis of what each one does. For a brief overview of this -document, run B I. - -B exits with a zero status if the selected test succeeds, or -a nonzero status if it fails. If a I which is not -understood by B is given, a diagnostic is printed to the -standard error, and the program exits with a result code of 2. If a -test fails, the result code will be 1, and a diagnostic is ordinarily -printed to the standard error. However, if the I option is -provided, these diagnostics will be suppressed. - -=head1 RESTRICTIONS - -Only a few canned test cases are provided. The solutions have been -verified using the GNU bc(1) program, so bugs there may cause problems -here; however, this is very unlikely, so if a test fails, it is almost -certainly my fault, not bc(1)'s. - -=head1 AUTHOR - - Michael J. Fromberger - Thayer School of Engineering, Hanover, New Hampshire, USA - - $Date$ diff --git a/security/nss/lib/freebl/mpi/doc/mul.txt b/security/nss/lib/freebl/mpi/doc/mul.txt deleted file mode 100644 index 436d01bf7..000000000 --- a/security/nss/lib/freebl/mpi/doc/mul.txt +++ /dev/null @@ -1,109 +0,0 @@ -Multiplication - -This describes the multiplication algorithm used by the MPI library. - -This is basically a standard "schoolbook" algorithm. It is slow -- -O(mn) for m = #a, n = #b -- but easy to implement and verify. -Basically, we run two nested loops, as illustrated here (R is the -radix): - -k = 0 -for j <- 0 to (#b - 1) - for i <- 0 to (#a - 1) - w = (a[j] * b[i]) + k + c[i+j] - c[i+j] = w mod R - k = w div R - endfor - c[i+j] = k; - k = 0; -endfor - -It is necessary that 'w' have room for at least two radix R digits. -The product of any two digits in radix R is at most: - - (R - 1)(R - 1) = R^2 - 2R + 1 - -Since a two-digit radix-R number can hold R^2 - 1 distinct values, -this insures that the product will fit into the two-digit register. - -To insure that two digits is enough for w, we must also show that -there is room for the carry-in from the previous multiplication, and -the current value of the product digit that is being recomputed. -Assuming each of these may be as big as R - 1 (and no larger, -certainly), two digits will be enough if and only if: - - (R^2 - 2R + 1) + 2(R - 1) <= R^2 - 1 - -Solving this equation shows that, indeed, this is the case: - - R^2 - 2R + 1 + 2R - 2 <= R^2 - 1 - - R^2 - 1 <= R^2 - 1 - -This suggests that a good radix would be one more than the largest -value that can be held in half a machine word -- so, for example, as -in this implementation, where we used a radix of 65536 on a machine -with 4-byte words. Another advantage of a radix of this sort is that -binary-level operations are easy on numbers in this representation. - -Here's an example multiplication worked out longhand in radix-10, -using the above algorithm: - - a = 999 - b = x 999 - ------------- - p = 98001 - -w = (a[jx] * b[ix]) + kin + c[ix + jx] -c[ix+jx] = w % RADIX -k = w / RADIX - product -ix jx a[jx] b[ix] kin w c[i+j] kout 000000 -0 0 9 9 0 81+0+0 1 8 000001 -0 1 9 9 8 81+8+0 9 8 000091 -0 2 9 9 8 81+8+0 9 8 000991 - 8 0 008991 -1 0 9 9 0 81+0+9 0 9 008901 -1 1 9 9 9 81+9+9 9 9 008901 -1 2 9 9 9 81+9+8 8 9 008901 - 9 0 098901 -2 0 9 9 0 81+0+9 0 9 098001 -2 1 9 9 9 81+9+8 8 9 098001 -2 2 9 9 9 81+9+9 9 9 098001 - ------------------------------------------------------------------- -The contents of this file are subject to the Mozilla Public -License Version 1.1 (the "License"); you may not use this file -except in compliance with the License. You may obtain a copy of -the License at http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS -IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -implied. See the License for the specific language governing -rights and limitations under the License. - -The Original Code is the MPI Arbitrary Precision Integer Arithmetic -library. - -The Initial Developer of the Original Code is -Michael J. Fromberger - -Portions created by Michael J. Fromberger are -Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the -terms of the GNU General Public License Version 2 or later (the -"GPL"), in which case the provisions of the GPL are applicable -instead of those above. If you wish to allow use of your -version of this file only under the terms of the GPL and not to -allow others to use your version of this file under the MPL, -indicate your decision by deleting the provisions above and -replace them with the notice and other provisions required by -the GPL. If you do not delete the provisions above, a recipient -may use your version of this file under either the MPL or the GPL. - -$Id$ - - diff --git a/security/nss/lib/freebl/mpi/doc/pi.txt b/security/nss/lib/freebl/mpi/doc/pi.txt deleted file mode 100644 index 5edfdb4cb..000000000 --- a/security/nss/lib/freebl/mpi/doc/pi.txt +++ /dev/null @@ -1,85 +0,0 @@ -This file describes how pi is computed by the program in 'pi.c' (see -the utils subdirectory). - -Basically, we use Machin's formula, which is what everyone in the -world uses as a simple method for computing approximations to pi. -This works for up to a few thousand digits without too much effort. -Beyond that, though, it gets too slow. - -Machin's formula states: - - pi := 16 * arctan(1/5) - 4 * arctan(1/239) - -We compute this in integer arithmetic by first multiplying everything -through by 10^d, where 'd' is the number of digits of pi we wanted to -compute. It turns out, the last few digits will be wrong, but the -number that are wrong is usually very small (ordinarly only 2-3). -Having done this, we compute the arctan() function using the formula: - - 1 1 1 1 1 - arctan(1/x) := --- - ----- + ----- - ----- + ----- - ... - x 3 x^3 5 x^5 7 x^7 9 x^9 - -This is done iteratively by computing the first term manually, and -then iteratively dividing x^2 and k, where k = 3, 5, 7, ... out of the -current figure. This is then added to (or subtracted from) a running -sum, as appropriate. The iteration continues until we overflow our -available precision and the current figure goes to zero under integer -division. At that point, we're finished. - -Actually, we get a couple extra bits of precision out of the fact that -we know we're computing y * arctan(1/x), by setting up the multiplier -as: - - y * 10^d - -... instead of just 10^d. There is also a bit of cleverness in how -the loop is constructed, to avoid special-casing the first term. -Check out the code for arctan() in 'pi.c', if you are interested in -seeing how it is set up. - -Thanks to Jason P. for this algorithm, which I assembled from notes -and programs found on his cool "Pile of Pi Programs" page, at: - - http://www.isr.umd.edu/~jasonp/pipage.html - -Thanks also to Henrik Johansson , from -whose pi program I borrowed the clever idea of pre-multiplying by x in -order to avoid a special case on the loop iteration. - ------------------------------------------------------------------- -The contents of this file are subject to the Mozilla Public -License Version 1.1 (the "License"); you may not use this file -except in compliance with the License. You may obtain a copy of -the License at http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS -IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -implied. See the License for the specific language governing -rights and limitations under the License. - -The Original Code is the MPI Arbitrary Precision Integer Arithmetic -library. - -The Initial Developer of the Original Code is -Michael J. Fromberger - -Portions created by Michael J. Fromberger are -Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the -terms of the GNU General Public License Version 2 or later (the -"GPL"), in which case the provisions of the GPL are applicable -instead of those above. If you wish to allow use of your -version of this file only under the terms of the GPL and not to -allow others to use your version of this file under the MPL, -indicate your decision by deleting the provisions above and -replace them with the notice and other provisions required by -the GPL. If you do not delete the provisions above, a recipient -may use your version of this file under either the MPL or the GPL. - -$Id$ - - diff --git a/security/nss/lib/freebl/mpi/doc/prime.txt b/security/nss/lib/freebl/mpi/doc/prime.txt deleted file mode 100644 index 694797d5f..000000000 --- a/security/nss/lib/freebl/mpi/doc/prime.txt +++ /dev/null @@ -1,6542 +0,0 @@ -2 -3 -5 -7 -11 -13 -17 -19 -23 -29 -31 -37 -41 -43 -47 -53 -59 -61 -67 -71 -73 -79 -83 -89 -97 -101 -103 -107 -109 -113 -127 -131 -137 -139 -149 -151 -157 -163 -167 -173 -179 -181 -191 -193 -197 -199 -211 -223 -227 -229 -233 -239 -241 -251 -257 -263 -269 -271 -277 -281 -283 -293 -307 -311 -313 -317 -331 -337 -347 -349 -353 -359 -367 -373 -379 -383 -389 -397 -401 -409 -419 -421 -431 -433 -439 -443 -449 -457 -461 -463 -467 -479 -487 -491 -499 -503 -509 -521 -523 -541 -547 -557 -563 -569 -571 -577 -587 -593 -599 -601 -607 -613 -617 -619 -631 -641 -643 -647 -653 -659 -661 -673 -677 -683 -691 -701 -709 -719 -727 -733 -739 -743 -751 -757 -761 -769 -773 -787 -797 -809 -811 -821 -823 -827 -829 -839 -853 -857 -859 -863 -877 -881 -883 -887 -907 -911 -919 -929 -937 -941 -947 -953 -967 -971 -977 -983 -991 -997 -1009 -1013 -1019 -1021 -1031 -1033 -1039 -1049 -1051 -1061 -1063 -1069 -1087 -1091 -1093 -1097 -1103 -1109 -1117 -1123 -1129 -1151 -1153 -1163 -1171 -1181 -1187 -1193 -1201 -1213 -1217 -1223 -1229 -1231 -1237 -1249 -1259 -1277 -1279 -1283 -1289 -1291 -1297 -1301 -1303 -1307 -1319 -1321 -1327 -1361 -1367 -1373 -1381 -1399 -1409 -1423 -1427 -1429 -1433 -1439 -1447 -1451 -1453 -1459 -1471 -1481 -1483 -1487 -1489 -1493 -1499 -1511 -1523 -1531 -1543 -1549 -1553 -1559 -1567 -1571 -1579 -1583 -1597 -1601 -1607 -1609 -1613 -1619 -1621 -1627 -1637 -1657 -1663 -1667 -1669 -1693 -1697 -1699 -1709 -1721 -1723 -1733 -1741 -1747 -1753 -1759 -1777 -1783 -1787 -1789 -1801 -1811 -1823 -1831 -1847 -1861 -1867 -1871 -1873 -1877 -1879 -1889 -1901 -1907 -1913 -1931 -1933 -1949 -1951 -1973 -1979 -1987 -1993 -1997 -1999 -2003 -2011 -2017 -2027 -2029 -2039 -2053 -2063 -2069 -2081 -2083 -2087 -2089 -2099 -2111 -2113 -2129 -2131 -2137 -2141 -2143 -2153 -2161 -2179 -2203 -2207 -2213 -2221 -2237 -2239 -2243 -2251 -2267 -2269 -2273 -2281 -2287 -2293 -2297 -2309 -2311 -2333 -2339 -2341 -2347 -2351 -2357 -2371 -2377 -2381 -2383 -2389 -2393 -2399 -2411 -2417 -2423 -2437 -2441 -2447 -2459 -2467 -2473 -2477 -2503 -2521 -2531 -2539 -2543 -2549 -2551 -2557 -2579 -2591 -2593 -2609 -2617 -2621 -2633 -2647 -2657 -2659 -2663 -2671 -2677 -2683 -2687 -2689 -2693 -2699 -2707 -2711 -2713 -2719 -2729 -2731 -2741 -2749 -2753 -2767 -2777 -2789 -2791 -2797 -2801 -2803 -2819 -2833 -2837 -2843 -2851 -2857 -2861 -2879 -2887 -2897 -2903 -2909 -2917 -2927 -2939 -2953 -2957 -2963 -2969 -2971 -2999 -3001 -3011 -3019 -3023 -3037 -3041 -3049 -3061 -3067 -3079 -3083 -3089 -3109 -3119 -3121 -3137 -3163 -3167 -3169 -3181 -3187 -3191 -3203 -3209 -3217 -3221 -3229 -3251 -3253 -3257 -3259 -3271 -3299 -3301 -3307 -3313 -3319 -3323 -3329 -3331 -3343 -3347 -3359 -3361 -3371 -3373 -3389 -3391 -3407 -3413 -3433 -3449 -3457 -3461 -3463 -3467 -3469 -3491 -3499 -3511 -3517 -3527 -3529 -3533 -3539 -3541 -3547 -3557 -3559 -3571 -3581 -3583 -3593 -3607 -3613 -3617 -3623 -3631 -3637 -3643 -3659 -3671 -3673 -3677 -3691 -3697 -3701 -3709 -3719 -3727 -3733 -3739 -3761 -3767 -3769 -3779 -3793 -3797 -3803 -3821 -3823 -3833 -3847 -3851 -3853 -3863 -3877 -3881 -3889 -3907 -3911 -3917 -3919 -3923 -3929 -3931 -3943 -3947 -3967 -3989 -4001 -4003 -4007 -4013 -4019 -4021 -4027 -4049 -4051 -4057 -4073 -4079 -4091 -4093 -4099 -4111 -4127 -4129 -4133 -4139 -4153 -4157 -4159 -4177 -4201 -4211 -4217 -4219 -4229 -4231 -4241 -4243 -4253 -4259 -4261 -4271 -4273 -4283 -4289 -4297 -4327 -4337 -4339 -4349 -4357 -4363 -4373 -4391 -4397 -4409 -4421 -4423 -4441 -4447 -4451 -4457 -4463 -4481 -4483 -4493 -4507 -4513 -4517 -4519 -4523 -4547 -4549 -4561 -4567 -4583 -4591 -4597 -4603 -4621 -4637 -4639 -4643 -4649 -4651 -4657 -4663 -4673 -4679 -4691 -4703 -4721 -4723 -4729 -4733 -4751 -4759 -4783 -4787 -4789 -4793 -4799 -4801 -4813 -4817 -4831 -4861 -4871 -4877 -4889 -4903 -4909 -4919 -4931 -4933 -4937 -4943 -4951 -4957 -4967 -4969 -4973 -4987 -4993 -4999 -5003 -5009 -5011 -5021 -5023 -5039 -5051 -5059 -5077 -5081 -5087 -5099 -5101 -5107 -5113 -5119 -5147 -5153 -5167 -5171 -5179 -5189 -5197 -5209 -5227 -5231 -5233 -5237 -5261 -5273 -5279 -5281 -5297 -5303 -5309 -5323 -5333 -5347 -5351 -5381 -5387 -5393 -5399 -5407 -5413 -5417 -5419 -5431 -5437 -5441 -5443 -5449 -5471 -5477 -5479 -5483 -5501 -5503 -5507 -5519 -5521 -5527 -5531 -5557 -5563 -5569 -5573 -5581 -5591 -5623 -5639 -5641 -5647 -5651 -5653 -5657 -5659 -5669 -5683 -5689 -5693 -5701 -5711 -5717 -5737 -5741 -5743 -5749 -5779 -5783 -5791 -5801 -5807 -5813 -5821 -5827 -5839 -5843 -5849 -5851 -5857 -5861 -5867 -5869 -5879 -5881 -5897 -5903 -5923 -5927 -5939 -5953 -5981 -5987 -6007 -6011 -6029 -6037 -6043 -6047 -6053 -6067 -6073 -6079 -6089 -6091 -6101 -6113 -6121 -6131 -6133 -6143 -6151 -6163 -6173 -6197 -6199 -6203 -6211 -6217 -6221 -6229 -6247 -6257 -6263 -6269 -6271 -6277 -6287 -6299 -6301 -6311 -6317 -6323 -6329 -6337 -6343 -6353 -6359 -6361 -6367 -6373 -6379 -6389 -6397 -6421 -6427 -6449 -6451 -6469 -6473 -6481 -6491 -6521 -6529 -6547 -6551 -6553 -6563 -6569 -6571 -6577 -6581 -6599 -6607 -6619 -6637 -6653 -6659 -6661 -6673 -6679 -6689 -6691 -6701 -6703 -6709 -6719 -6733 -6737 -6761 -6763 -6779 -6781 -6791 -6793 -6803 -6823 -6827 -6829 -6833 -6841 -6857 -6863 -6869 -6871 -6883 -6899 -6907 -6911 -6917 -6947 -6949 -6959 -6961 -6967 -6971 -6977 -6983 -6991 -6997 -7001 -7013 -7019 -7027 -7039 -7043 -7057 -7069 -7079 -7103 -7109 -7121 -7127 -7129 -7151 -7159 -7177 -7187 -7193 -7207 -7211 -7213 -7219 -7229 -7237 -7243 -7247 -7253 -7283 -7297 -7307 -7309 -7321 -7331 -7333 -7349 -7351 -7369 -7393 -7411 -7417 -7433 -7451 -7457 -7459 -7477 -7481 -7487 -7489 -7499 -7507 -7517 -7523 -7529 -7537 -7541 -7547 -7549 -7559 -7561 -7573 -7577 -7583 -7589 -7591 -7603 -7607 -7621 -7639 -7643 -7649 -7669 -7673 -7681 -7687 -7691 -7699 -7703 -7717 -7723 -7727 -7741 -7753 -7757 -7759 -7789 -7793 -7817 -7823 -7829 -7841 -7853 -7867 -7873 -7877 -7879 -7883 -7901 -7907 -7919 -7927 -7933 -7937 -7949 -7951 -7963 -7993 -8009 -8011 -8017 -8039 -8053 -8059 -8069 -8081 -8087 -8089 -8093 -8101 -8111 -8117 -8123 -8147 -8161 -8167 -8171 -8179 -8191 -8209 -8219 -8221 -8231 -8233 -8237 -8243 -8263 -8269 -8273 -8287 -8291 -8293 -8297 -8311 -8317 -8329 -8353 -8363 -8369 -8377 -8387 -8389 -8419 -8423 -8429 -8431 -8443 -8447 -8461 -8467 -8501 -8513 -8521 -8527 -8537 -8539 -8543 -8563 -8573 -8581 -8597 -8599 -8609 -8623 -8627 -8629 -8641 -8647 -8663 -8669 -8677 -8681 -8689 -8693 -8699 -8707 -8713 -8719 -8731 -8737 -8741 -8747 -8753 -8761 -8779 -8783 -8803 -8807 -8819 -8821 -8831 -8837 -8839 -8849 -8861 -8863 -8867 -8887 -8893 -8923 -8929 -8933 -8941 -8951 -8963 -8969 -8971 -8999 -9001 -9007 -9011 -9013 -9029 -9041 -9043 -9049 -9059 -9067 -9091 -9103 -9109 -9127 -9133 -9137 -9151 -9157 -9161 -9173 -9181 -9187 -9199 -9203 -9209 -9221 -9227 -9239 -9241 -9257 -9277 -9281 -9283 -9293 -9311 -9319 -9323 -9337 -9341 -9343 -9349 -9371 -9377 -9391 -9397 -9403 -9413 -9419 -9421 -9431 -9433 -9437 -9439 -9461 -9463 -9467 -9473 -9479 -9491 -9497 -9511 -9521 -9533 -9539 -9547 -9551 -9587 -9601 -9613 -9619 -9623 -9629 -9631 -9643 -9649 -9661 -9677 -9679 -9689 -9697 -9719 -9721 -9733 -9739 -9743 -9749 -9767 -9769 -9781 -9787 -9791 -9803 -9811 -9817 -9829 -9833 -9839 -9851 -9857 -9859 -9871 -9883 -9887 -9901 -9907 -9923 -9929 -9931 -9941 -9949 -9967 -9973 -10007 -10009 -10037 -10039 -10061 -10067 -10069 -10079 -10091 -10093 -10099 -10103 -10111 -10133 -10139 -10141 -10151 -10159 -10163 -10169 -10177 -10181 -10193 -10211 -10223 -10243 -10247 -10253 -10259 -10267 -10271 -10273 -10289 -10301 -10303 -10313 -10321 -10331 -10333 -10337 -10343 -10357 -10369 -10391 -10399 -10427 -10429 -10433 -10453 -10457 -10459 -10463 -10477 -10487 -10499 -10501 -10513 -10529 -10531 -10559 -10567 -10589 -10597 -10601 -10607 -10613 -10627 -10631 -10639 -10651 -10657 -10663 -10667 -10687 -10691 -10709 -10711 -10723 -10729 -10733 -10739 -10753 -10771 -10781 -10789 -10799 -10831 -10837 -10847 -10853 -10859 -10861 -10867 -10883 -10889 -10891 -10903 -10909 -10937 -10939 -10949 -10957 -10973 -10979 -10987 -10993 -11003 -11027 -11047 -11057 -11059 -11069 -11071 -11083 -11087 -11093 -11113 -11117 -11119 -11131 -11149 -11159 -11161 -11171 -11173 -11177 -11197 -11213 -11239 -11243 -11251 -11257 -11261 -11273 -11279 -11287 -11299 -11311 -11317 -11321 -11329 -11351 -11353 -11369 -11383 -11393 -11399 -11411 -11423 -11437 -11443 -11447 -11467 -11471 -11483 -11489 -11491 -11497 -11503 -11519 -11527 -11549 -11551 -11579 -11587 -11593 -11597 -11617 -11621 -11633 -11657 -11677 -11681 -11689 -11699 -11701 -11717 -11719 -11731 -11743 -11777 -11779 -11783 -11789 -11801 -11807 -11813 -11821 -11827 -11831 -11833 -11839 -11863 -11867 -11887 -11897 -11903 -11909 -11923 -11927 -11933 -11939 -11941 -11953 -11959 -11969 -11971 -11981 -11987 -12007 -12011 -12037 -12041 -12043 -12049 -12071 -12073 -12097 -12101 -12107 -12109 -12113 -12119 -12143 -12149 -12157 -12161 -12163 -12197 -12203 -12211 -12227 -12239 -12241 -12251 -12253 -12263 -12269 -12277 -12281 -12289 -12301 -12323 -12329 -12343 -12347 -12373 -12377 -12379 -12391 -12401 -12409 -12413 -12421 -12433 -12437 -12451 -12457 -12473 -12479 -12487 -12491 -12497 -12503 -12511 -12517 -12527 -12539 -12541 -12547 -12553 -12569 -12577 -12583 -12589 -12601 -12611 -12613 -12619 -12637 -12641 -12647 -12653 -12659 -12671 -12689 -12697 -12703 -12713 -12721 -12739 -12743 -12757 -12763 -12781 -12791 -12799 -12809 -12821 -12823 -12829 -12841 -12853 -12889 -12893 -12899 -12907 -12911 -12917 -12919 -12923 -12941 -12953 -12959 -12967 -12973 -12979 -12983 -13001 -13003 -13007 -13009 -13033 -13037 -13043 -13049 -13063 -13093 -13099 -13103 -13109 -13121 -13127 -13147 -13151 -13159 -13163 -13171 -13177 -13183 -13187 -13217 -13219 -13229 -13241 -13249 -13259 -13267 -13291 -13297 -13309 -13313 -13327 -13331 -13337 -13339 -13367 -13381 -13397 -13399 -13411 -13417 -13421 -13441 -13451 -13457 -13463 -13469 -13477 -13487 -13499 -13513 -13523 -13537 -13553 -13567 -13577 -13591 -13597 -13613 -13619 -13627 -13633 -13649 -13669 -13679 -13681 -13687 -13691 -13693 -13697 -13709 -13711 -13721 -13723 -13729 -13751 -13757 -13759 -13763 -13781 -13789 -13799 -13807 -13829 -13831 -13841 -13859 -13873 -13877 -13879 -13883 -13901 -13903 -13907 -13913 -13921 -13931 -13933 -13963 -13967 -13997 -13999 -14009 -14011 -14029 -14033 -14051 -14057 -14071 -14081 -14083 -14087 -14107 -14143 -14149 -14153 -14159 -14173 -14177 -14197 -14207 -14221 -14243 -14249 -14251 -14281 -14293 -14303 -14321 -14323 -14327 -14341 -14347 -14369 -14387 -14389 -14401 -14407 -14411 -14419 -14423 -14431 -14437 -14447 -14449 -14461 -14479 -14489 -14503 -14519 -14533 -14537 -14543 -14549 -14551 -14557 -14561 -14563 -14591 -14593 -14621 -14627 -14629 -14633 -14639 -14653 -14657 -14669 -14683 -14699 -14713 -14717 -14723 -14731 -14737 -14741 -14747 -14753 -14759 -14767 -14771 -14779 -14783 -14797 -14813 -14821 -14827 -14831 -14843 -14851 -14867 -14869 -14879 -14887 -14891 -14897 -14923 -14929 -14939 -14947 -14951 -14957 -14969 -14983 -15013 -15017 -15031 -15053 -15061 -15073 -15077 -15083 -15091 -15101 -15107 -15121 -15131 -15137 -15139 -15149 -15161 -15173 -15187 -15193 -15199 -15217 -15227 -15233 -15241 -15259 -15263 -15269 -15271 -15277 -15287 -15289 -15299 -15307 -15313 -15319 -15329 -15331 -15349 -15359 -15361 -15373 -15377 -15383 -15391 -15401 -15413 -15427 -15439 -15443 -15451 -15461 -15467 -15473 -15493 -15497 -15511 -15527 -15541 -15551 -15559 -15569 -15581 -15583 -15601 -15607 -15619 -15629 -15641 -15643 -15647 -15649 -15661 -15667 -15671 -15679 -15683 -15727 -15731 -15733 -15737 -15739 -15749 -15761 -15767 -15773 -15787 -15791 -15797 -15803 -15809 -15817 -15823 -15859 -15877 -15881 -15887 -15889 -15901 -15907 -15913 -15919 -15923 -15937 -15959 -15971 -15973 -15991 -16001 -16007 -16033 -16057 -16061 -16063 -16067 -16069 -16073 -16087 -16091 -16097 -16103 -16111 -16127 -16139 -16141 -16183 -16187 -16189 -16193 -16217 -16223 -16229 -16231 -16249 -16253 -16267 -16273 -16301 -16319 -16333 -16339 -16349 -16361 -16363 -16369 -16381 -16411 -16417 -16421 -16427 -16433 -16447 -16451 -16453 -16477 -16481 -16487 -16493 -16519 -16529 -16547 -16553 -16561 -16567 -16573 -16603 -16607 -16619 -16631 -16633 -16649 -16651 -16657 -16661 -16673 -16691 -16693 -16699 -16703 -16729 -16741 -16747 -16759 -16763 -16787 -16811 -16823 -16829 -16831 -16843 -16871 -16879 -16883 -16889 -16901 -16903 -16921 -16927 -16931 -16937 -16943 -16963 -16979 -16981 -16987 -16993 -17011 -17021 -17027 -17029 -17033 -17041 -17047 -17053 -17077 -17093 -17099 -17107 -17117 -17123 -17137 -17159 -17167 -17183 -17189 -17191 -17203 -17207 -17209 -17231 -17239 -17257 -17291 -17293 -17299 -17317 -17321 -17327 -17333 -17341 -17351 -17359 -17377 -17383 -17387 -17389 -17393 -17401 -17417 -17419 -17431 -17443 -17449 -17467 -17471 -17477 -17483 -17489 -17491 -17497 -17509 -17519 -17539 -17551 -17569 -17573 -17579 -17581 -17597 -17599 -17609 -17623 -17627 -17657 -17659 -17669 -17681 -17683 -17707 -17713 -17729 -17737 -17747 -17749 -17761 -17783 -17789 -17791 -17807 -17827 -17837 -17839 -17851 -17863 -17881 -17891 -17903 -17909 -17911 -17921 -17923 -17929 -17939 -17957 -17959 -17971 -17977 -17981 -17987 -17989 -18013 -18041 -18043 -18047 -18049 -18059 -18061 -18077 -18089 -18097 -18119 -18121 -18127 -18131 -18133 -18143 -18149 -18169 -18181 -18191 -18199 -18211 -18217 -18223 -18229 -18233 -18251 -18253 -18257 -18269 -18287 -18289 -18301 -18307 -18311 -18313 -18329 -18341 -18353 -18367 -18371 -18379 -18397 -18401 -18413 -18427 -18433 -18439 -18443 -18451 -18457 -18461 -18481 -18493 -18503 -18517 -18521 -18523 -18539 -18541 -18553 -18583 -18587 -18593 -18617 -18637 -18661 -18671 -18679 -18691 -18701 -18713 -18719 -18731 -18743 -18749 -18757 -18773 -18787 -18793 -18797 -18803 -18839 -18859 -18869 -18899 -18911 -18913 -18917 -18919 -18947 -18959 -18973 -18979 -19001 -19009 -19013 -19031 -19037 -19051 -19069 -19073 -19079 -19081 -19087 -19121 -19139 -19141 -19157 -19163 -19181 -19183 -19207 -19211 -19213 -19219 -19231 -19237 -19249 -19259 -19267 -19273 -19289 -19301 -19309 -19319 -19333 -19373 -19379 -19381 -19387 -19391 -19403 -19417 -19421 -19423 -19427 -19429 -19433 -19441 -19447 -19457 -19463 -19469 -19471 -19477 -19483 -19489 -19501 -19507 -19531 -19541 -19543 -19553 -19559 -19571 -19577 -19583 -19597 -19603 -19609 -19661 -19681 -19687 -19697 -19699 -19709 -19717 -19727 -19739 -19751 -19753 -19759 -19763 -19777 -19793 -19801 -19813 -19819 -19841 -19843 -19853 -19861 -19867 -19889 -19891 -19913 -19919 -19927 -19937 -19949 -19961 -19963 -19973 -19979 -19991 -19993 -19997 -20011 -20021 -20023 -20029 -20047 -20051 -20063 -20071 -20089 -20101 -20107 -20113 -20117 -20123 -20129 -20143 -20147 -20149 -20161 -20173 -20177 -20183 -20201 -20219 -20231 -20233 -20249 -20261 -20269 -20287 -20297 -20323 -20327 -20333 -20341 -20347 -20353 -20357 -20359 -20369 -20389 -20393 -20399 -20407 -20411 -20431 -20441 -20443 -20477 -20479 -20483 -20507 -20509 -20521 -20533 -20543 -20549 -20551 -20563 -20593 -20599 -20611 -20627 -20639 -20641 -20663 -20681 -20693 -20707 -20717 -20719 -20731 -20743 -20747 -20749 -20753 -20759 -20771 -20773 -20789 -20807 -20809 -20849 -20857 -20873 -20879 -20887 -20897 -20899 -20903 -20921 -20929 -20939 -20947 -20959 -20963 -20981 -20983 -21001 -21011 -21013 -21017 -21019 -21023 -21031 -21059 -21061 -21067 -21089 -21101 -21107 -21121 -21139 -21143 -21149 -21157 -21163 -21169 -21179 -21187 -21191 -21193 -21211 -21221 -21227 -21247 -21269 -21277 -21283 -21313 -21317 -21319 -21323 -21341 -21347 -21377 -21379 -21383 -21391 -21397 -21401 -21407 -21419 -21433 -21467 -21481 -21487 -21491 -21493 -21499 -21503 -21517 -21521 -21523 -21529 -21557 -21559 -21563 -21569 -21577 -21587 -21589 -21599 -21601 -21611 -21613 -21617 -21647 -21649 -21661 -21673 -21683 -21701 -21713 -21727 -21737 -21739 -21751 -21757 -21767 -21773 -21787 -21799 -21803 -21817 -21821 -21839 -21841 -21851 -21859 -21863 -21871 -21881 -21893 -21911 -21929 -21937 -21943 -21961 -21977 -21991 -21997 -22003 -22013 -22027 -22031 -22037 -22039 -22051 -22063 -22067 -22073 -22079 -22091 -22093 -22109 -22111 -22123 -22129 -22133 -22147 -22153 -22157 -22159 -22171 -22189 -22193 -22229 -22247 -22259 -22271 -22273 -22277 -22279 -22283 -22291 -22303 -22307 -22343 -22349 -22367 -22369 -22381 -22391 -22397 -22409 -22433 -22441 -22447 -22453 -22469 -22481 -22483 -22501 -22511 -22531 -22541 -22543 -22549 -22567 -22571 -22573 -22613 -22619 -22621 -22637 -22639 -22643 -22651 -22669 -22679 -22691 -22697 -22699 -22709 -22717 -22721 -22727 -22739 -22741 -22751 -22769 -22777 -22783 -22787 -22807 -22811 -22817 -22853 -22859 -22861 -22871 -22877 -22901 -22907 -22921 -22937 -22943 -22961 -22963 -22973 -22993 -23003 -23011 -23017 -23021 -23027 -23029 -23039 -23041 -23053 -23057 -23059 -23063 -23071 -23081 -23087 -23099 -23117 -23131 -23143 -23159 -23167 -23173 -23189 -23197 -23201 -23203 -23209 -23227 -23251 -23269 -23279 -23291 -23293 -23297 -23311 -23321 -23327 -23333 -23339 -23357 -23369 -23371 -23399 -23417 -23431 -23447 -23459 -23473 -23497 -23509 -23531 -23537 -23539 -23549 -23557 -23561 -23563 -23567 -23581 -23593 -23599 -23603 -23609 -23623 -23627 -23629 -23633 -23663 -23669 -23671 -23677 -23687 -23689 -23719 -23741 -23743 -23747 -23753 -23761 -23767 -23773 -23789 -23801 -23813 -23819 -23827 -23831 -23833 -23857 -23869 -23873 -23879 -23887 -23893 -23899 -23909 -23911 -23917 -23929 -23957 -23971 -23977 -23981 -23993 -24001 -24007 -24019 -24023 -24029 -24043 -24049 -24061 -24071 -24077 -24083 -24091 -24097 -24103 -24107 -24109 -24113 -24121 -24133 -24137 -24151 -24169 -24179 -24181 -24197 -24203 -24223 -24229 -24239 -24247 -24251 -24281 -24317 -24329 -24337 -24359 -24371 -24373 -24379 -24391 -24407 -24413 -24419 -24421 -24439 -24443 -24469 -24473 -24481 -24499 -24509 -24517 -24527 -24533 -24547 -24551 -24571 -24593 -24611 -24623 -24631 -24659 -24671 -24677 -24683 -24691 -24697 -24709 -24733 -24749 -24763 -24767 -24781 -24793 -24799 -24809 -24821 -24841 -24847 -24851 -24859 -24877 -24889 -24907 -24917 -24919 -24923 -24943 -24953 -24967 -24971 -24977 -24979 -24989 -25013 -25031 -25033 -25037 -25057 -25073 -25087 -25097 -25111 -25117 -25121 -25127 -25147 -25153 -25163 -25169 -25171 -25183 -25189 -25219 -25229 -25237 -25243 -25247 -25253 -25261 -25301 -25303 -25307 -25309 -25321 -25339 -25343 -25349 -25357 -25367 -25373 -25391 -25409 -25411 -25423 -25439 -25447 -25453 -25457 -25463 -25469 -25471 -25523 -25537 -25541 -25561 -25577 -25579 -25583 -25589 -25601 -25603 -25609 -25621 -25633 -25639 -25643 -25657 -25667 -25673 -25679 -25693 -25703 -25717 -25733 -25741 -25747 -25759 -25763 -25771 -25793 -25799 -25801 -25819 -25841 -25847 -25849 -25867 -25873 -25889 -25903 -25913 -25919 -25931 -25933 -25939 -25943 -25951 -25969 -25981 -25997 -25999 -26003 -26017 -26021 -26029 -26041 -26053 -26083 -26099 -26107 -26111 -26113 -26119 -26141 -26153 -26161 -26171 -26177 -26183 -26189 -26203 -26209 -26227 -26237 -26249 -26251 -26261 -26263 -26267 -26293 -26297 -26309 -26317 -26321 -26339 -26347 -26357 -26371 -26387 -26393 -26399 -26407 -26417 -26423 -26431 -26437 -26449 -26459 -26479 -26489 -26497 -26501 -26513 -26539 -26557 -26561 -26573 -26591 -26597 -26627 -26633 -26641 -26647 -26669 -26681 -26683 -26687 -26693 -26699 -26701 -26711 -26713 -26717 -26723 -26729 -26731 -26737 -26759 -26777 -26783 -26801 -26813 -26821 -26833 -26839 -26849 -26861 -26863 -26879 -26881 -26891 -26893 -26903 -26921 -26927 -26947 -26951 -26953 -26959 -26981 -26987 -26993 -27011 -27017 -27031 -27043 -27059 -27061 -27067 -27073 -27077 -27091 -27103 -27107 -27109 -27127 -27143 -27179 -27191 -27197 -27211 -27239 -27241 -27253 -27259 -27271 -27277 -27281 -27283 -27299 -27329 -27337 -27361 -27367 -27397 -27407 -27409 -27427 -27431 -27437 -27449 -27457 -27479 -27481 -27487 -27509 -27527 -27529 -27539 -27541 -27551 -27581 -27583 -27611 -27617 -27631 -27647 -27653 -27673 -27689 -27691 -27697 -27701 -27733 -27737 -27739 -27743 -27749 -27751 -27763 -27767 -27773 -27779 -27791 -27793 -27799 -27803 -27809 -27817 -27823 -27827 -27847 -27851 -27883 -27893 -27901 -27917 -27919 -27941 -27943 -27947 -27953 -27961 -27967 -27983 -27997 -28001 -28019 -28027 -28031 -28051 -28057 -28069 -28081 -28087 -28097 -28099 -28109 -28111 -28123 -28151 -28163 -28181 -28183 -28201 -28211 -28219 -28229 -28277 -28279 -28283 -28289 -28297 -28307 -28309 -28319 -28349 -28351 -28387 -28393 -28403 -28409 -28411 -28429 -28433 -28439 -28447 -28463 -28477 -28493 -28499 -28513 -28517 -28537 -28541 -28547 -28549 -28559 -28571 -28573 -28579 -28591 -28597 -28603 -28607 -28619 -28621 -28627 -28631 -28643 -28649 -28657 -28661 -28663 -28669 -28687 -28697 -28703 -28711 -28723 -28729 -28751 -28753 -28759 -28771 -28789 -28793 -28807 -28813 -28817 -28837 -28843 -28859 -28867 -28871 -28879 -28901 -28909 -28921 -28927 -28933 -28949 -28961 -28979 -29009 -29017 -29021 -29023 -29027 -29033 -29059 -29063 -29077 -29101 -29123 -29129 -29131 -29137 -29147 -29153 -29167 -29173 -29179 -29191 -29201 -29207 -29209 -29221 -29231 -29243 -29251 -29269 -29287 -29297 -29303 -29311 -29327 -29333 -29339 -29347 -29363 -29383 -29387 -29389 -29399 -29401 -29411 -29423 -29429 -29437 -29443 -29453 -29473 -29483 -29501 -29527 -29531 -29537 -29567 -29569 -29573 -29581 -29587 -29599 -29611 -29629 -29633 -29641 -29663 -29669 -29671 -29683 -29717 -29723 -29741 -29753 -29759 -29761 -29789 -29803 -29819 -29833 -29837 -29851 -29863 -29867 -29873 -29879 -29881 -29917 -29921 -29927 -29947 -29959 -29983 -29989 -30011 -30013 -30029 -30047 -30059 -30071 -30089 -30091 -30097 -30103 -30109 -30113 -30119 -30133 -30137 -30139 -30161 -30169 -30181 -30187 -30197 -30203 -30211 -30223 -30241 -30253 -30259 -30269 -30271 -30293 -30307 -30313 -30319 -30323 -30341 -30347 -30367 -30389 -30391 -30403 -30427 -30431 -30449 -30467 -30469 -30491 -30493 -30497 -30509 -30517 -30529 -30539 -30553 -30557 -30559 -30577 -30593 -30631 -30637 -30643 -30649 -30661 -30671 -30677 -30689 -30697 -30703 -30707 -30713 -30727 -30757 -30763 -30773 -30781 -30803 -30809 -30817 -30829 -30839 -30841 -30851 -30853 -30859 -30869 -30871 -30881 -30893 -30911 -30931 -30937 -30941 -30949 -30971 -30977 -30983 -31013 -31019 -31033 -31039 -31051 -31063 -31069 -31079 -31081 -31091 -31121 -31123 -31139 -31147 -31151 -31153 -31159 -31177 -31181 -31183 -31189 -31193 -31219 -31223 -31231 -31237 -31247 -31249 -31253 -31259 -31267 -31271 -31277 -31307 -31319 -31321 -31327 -31333 -31337 -31357 -31379 -31387 -31391 -31393 -31397 -31469 -31477 -31481 -31489 -31511 -31513 -31517 -31531 -31541 -31543 -31547 -31567 -31573 -31583 -31601 -31607 -31627 -31643 -31649 -31657 -31663 -31667 -31687 -31699 -31721 -31723 -31727 -31729 -31741 -31751 -31769 -31771 -31793 -31799 -31817 -31847 -31849 -31859 -31873 -31883 -31891 -31907 -31957 -31963 -31973 -31981 -31991 -32003 -32009 -32027 -32029 -32051 -32057 -32059 -32063 -32069 -32077 -32083 -32089 -32099 -32117 -32119 -32141 -32143 -32159 -32173 -32183 -32189 -32191 -32203 -32213 -32233 -32237 -32251 -32257 -32261 -32297 -32299 -32303 -32309 -32321 -32323 -32327 -32341 -32353 -32359 -32363 -32369 -32371 -32377 -32381 -32401 -32411 -32413 -32423 -32429 -32441 -32443 -32467 -32479 -32491 -32497 -32503 -32507 -32531 -32533 -32537 -32561 -32563 -32569 -32573 -32579 -32587 -32603 -32609 -32611 -32621 -32633 -32647 -32653 -32687 -32693 -32707 -32713 -32717 -32719 -32749 -32771 -32779 -32783 -32789 -32797 -32801 -32803 -32831 -32833 -32839 -32843 -32869 -32887 -32909 -32911 -32917 -32933 -32939 -32941 -32957 -32969 -32971 -32983 -32987 -32993 -32999 -33013 -33023 -33029 -33037 -33049 -33053 -33071 -33073 -33083 -33091 -33107 -33113 -33119 -33149 -33151 -33161 -33179 -33181 -33191 -33199 -33203 -33211 -33223 -33247 -33287 -33289 -33301 -33311 -33317 -33329 -33331 -33343 -33347 -33349 -33353 -33359 -33377 -33391 -33403 -33409 -33413 -33427 -33457 -33461 -33469 -33479 -33487 -33493 -33503 -33521 -33529 -33533 -33547 -33563 -33569 -33577 -33581 -33587 -33589 -33599 -33601 -33613 -33617 -33619 -33623 -33629 -33637 -33641 -33647 -33679 -33703 -33713 -33721 -33739 -33749 -33751 -33757 -33767 -33769 -33773 -33791 -33797 -33809 -33811 -33827 -33829 -33851 -33857 -33863 -33871 -33889 -33893 -33911 -33923 -33931 -33937 -33941 -33961 -33967 -33997 -34019 -34031 -34033 -34039 -34057 -34061 -34123 -34127 -34129 -34141 -34147 -34157 -34159 -34171 -34183 -34211 -34213 -34217 -34231 -34253 -34259 -34261 -34267 -34273 -34283 -34297 -34301 -34303 -34313 -34319 -34327 -34337 -34351 -34361 -34367 -34369 -34381 -34403 -34421 -34429 -34439 -34457 -34469 -34471 -34483 -34487 -34499 -34501 -34511 -34513 -34519 -34537 -34543 -34549 -34583 -34589 -34591 -34603 -34607 -34613 -34631 -34649 -34651 -34667 -34673 -34679 -34687 -34693 -34703 -34721 -34729 -34739 -34747 -34757 -34759 -34763 -34781 -34807 -34819 -34841 -34843 -34847 -34849 -34871 -34877 -34883 -34897 -34913 -34919 -34939 -34949 -34961 -34963 -34981 -35023 -35027 -35051 -35053 -35059 -35069 -35081 -35083 -35089 -35099 -35107 -35111 -35117 -35129 -35141 -35149 -35153 -35159 -35171 -35201 -35221 -35227 -35251 -35257 -35267 -35279 -35281 -35291 -35311 -35317 -35323 -35327 -35339 -35353 -35363 -35381 -35393 -35401 -35407 -35419 -35423 -35437 -35447 -35449 -35461 -35491 -35507 -35509 -35521 -35527 -35531 -35533 -35537 -35543 -35569 -35573 -35591 -35593 -35597 -35603 -35617 -35671 -35677 -35729 -35731 -35747 -35753 -35759 -35771 -35797 -35801 -35803 -35809 -35831 -35837 -35839 -35851 -35863 -35869 -35879 -35897 -35899 -35911 -35923 -35933 -35951 -35963 -35969 -35977 -35983 -35993 -35999 -36007 -36011 -36013 -36017 -36037 -36061 -36067 -36073 -36083 -36097 -36107 -36109 -36131 -36137 -36151 -36161 -36187 -36191 -36209 -36217 -36229 -36241 -36251 -36263 -36269 -36277 -36293 -36299 -36307 -36313 -36319 -36341 -36343 -36353 -36373 -36383 -36389 -36433 -36451 -36457 -36467 -36469 -36473 -36479 -36493 -36497 -36523 -36527 -36529 -36541 -36551 -36559 -36563 -36571 -36583 -36587 -36599 -36607 -36629 -36637 -36643 -36653 -36671 -36677 -36683 -36691 -36697 -36709 -36713 -36721 -36739 -36749 -36761 -36767 -36779 -36781 -36787 -36791 -36793 -36809 -36821 -36833 -36847 -36857 -36871 -36877 -36887 -36899 -36901 -36913 -36919 -36923 -36929 -36931 -36943 -36947 -36973 -36979 -36997 -37003 -37013 -37019 -37021 -37039 -37049 -37057 -37061 -37087 -37097 -37117 -37123 -37139 -37159 -37171 -37181 -37189 -37199 -37201 -37217 -37223 -37243 -37253 -37273 -37277 -37307 -37309 -37313 -37321 -37337 -37339 -37357 -37361 -37363 -37369 -37379 -37397 -37409 -37423 -37441 -37447 -37463 -37483 -37489 -37493 -37501 -37507 -37511 -37517 -37529 -37537 -37547 -37549 -37561 -37567 -37571 -37573 -37579 -37589 -37591 -37607 -37619 -37633 -37643 -37649 -37657 -37663 -37691 -37693 -37699 -37717 -37747 -37781 -37783 -37799 -37811 -37813 -37831 -37847 -37853 -37861 -37871 -37879 -37889 -37897 -37907 -37951 -37957 -37963 -37967 -37987 -37991 -37993 -37997 -38011 -38039 -38047 -38053 -38069 -38083 -38113 -38119 -38149 -38153 -38167 -38177 -38183 -38189 -38197 -38201 -38219 -38231 -38237 -38239 -38261 -38273 -38281 -38287 -38299 -38303 -38317 -38321 -38327 -38329 -38333 -38351 -38371 -38377 -38393 -38431 -38447 -38449 -38453 -38459 -38461 -38501 -38543 -38557 -38561 -38567 -38569 -38593 -38603 -38609 -38611 -38629 -38639 -38651 -38653 -38669 -38671 -38677 -38693 -38699 -38707 -38711 -38713 -38723 -38729 -38737 -38747 -38749 -38767 -38783 -38791 -38803 -38821 -38833 -38839 -38851 -38861 -38867 -38873 -38891 -38903 -38917 -38921 -38923 -38933 -38953 -38959 -38971 -38977 -38993 -39019 -39023 -39041 -39043 -39047 -39079 -39089 -39097 -39103 -39107 -39113 -39119 -39133 -39139 -39157 -39161 -39163 -39181 -39191 -39199 -39209 -39217 -39227 -39229 -39233 -39239 -39241 -39251 -39293 -39301 -39313 -39317 -39323 -39341 -39343 -39359 -39367 -39371 -39373 -39383 -39397 -39409 -39419 -39439 -39443 -39451 -39461 -39499 -39503 -39509 -39511 -39521 -39541 -39551 -39563 -39569 -39581 -39607 -39619 -39623 -39631 -39659 -39667 -39671 -39679 -39703 -39709 -39719 -39727 -39733 -39749 -39761 -39769 -39779 -39791 -39799 -39821 -39827 -39829 -39839 -39841 -39847 -39857 -39863 -39869 -39877 -39883 -39887 -39901 -39929 -39937 -39953 -39971 -39979 -39983 -39989 -40009 -40013 -40031 -40037 -40039 -40063 -40087 -40093 -40099 -40111 -40123 -40127 -40129 -40151 -40153 -40163 -40169 -40177 -40189 -40193 -40213 -40231 -40237 -40241 -40253 -40277 -40283 -40289 -40343 -40351 -40357 -40361 -40387 -40423 -40427 -40429 -40433 -40459 -40471 -40483 -40487 -40493 -40499 -40507 -40519 -40529 -40531 -40543 -40559 -40577 -40583 -40591 -40597 -40609 -40627 -40637 -40639 -40693 -40697 -40699 -40709 -40739 -40751 -40759 -40763 -40771 -40787 -40801 -40813 -40819 -40823 -40829 -40841 -40847 -40849 -40853 -40867 -40879 -40883 -40897 -40903 -40927 -40933 -40939 -40949 -40961 -40973 -40993 -41011 -41017 -41023 -41039 -41047 -41051 -41057 -41077 -41081 -41113 -41117 -41131 -41141 -41143 -41149 -41161 -41177 -41179 -41183 -41189 -41201 -41203 -41213 -41221 -41227 -41231 -41233 -41243 -41257 -41263 -41269 -41281 -41299 -41333 -41341 -41351 -41357 -41381 -41387 -41389 -41399 -41411 -41413 -41443 -41453 -41467 -41479 -41491 -41507 -41513 -41519 -41521 -41539 -41543 -41549 -41579 -41593 -41597 -41603 -41609 -41611 -41617 -41621 -41627 -41641 -41647 -41651 -41659 -41669 -41681 -41687 -41719 -41729 -41737 -41759 -41761 -41771 -41777 -41801 -41809 -41813 -41843 -41849 -41851 -41863 -41879 -41887 -41893 -41897 -41903 -41911 -41927 -41941 -41947 -41953 -41957 -41959 -41969 -41981 -41983 -41999 -42013 -42017 -42019 -42023 -42043 -42061 -42071 -42073 -42083 -42089 -42101 -42131 -42139 -42157 -42169 -42179 -42181 -42187 -42193 -42197 -42209 -42221 -42223 -42227 -42239 -42257 -42281 -42283 -42293 -42299 -42307 -42323 -42331 -42337 -42349 -42359 -42373 -42379 -42391 -42397 -42403 -42407 -42409 -42433 -42437 -42443 -42451 -42457 -42461 -42463 -42467 -42473 -42487 -42491 -42499 -42509 -42533 -42557 -42569 -42571 -42577 -42589 -42611 -42641 -42643 -42649 -42667 -42677 -42683 -42689 -42697 -42701 -42703 -42709 -42719 -42727 -42737 -42743 -42751 -42767 -42773 -42787 -42793 -42797 -42821 -42829 -42839 -42841 -42853 -42859 -42863 -42899 -42901 -42923 -42929 -42937 -42943 -42953 -42961 -42967 -42979 -42989 -43003 -43013 -43019 -43037 -43049 -43051 -43063 -43067 -43093 -43103 -43117 -43133 -43151 -43159 -43177 -43189 -43201 -43207 -43223 -43237 -43261 -43271 -43283 -43291 -43313 -43319 -43321 -43331 -43391 -43397 -43399 -43403 -43411 -43427 -43441 -43451 -43457 -43481 -43487 -43499 -43517 -43541 -43543 -43573 -43577 -43579 -43591 -43597 -43607 -43609 -43613 -43627 -43633 -43649 -43651 -43661 -43669 -43691 -43711 -43717 -43721 -43753 -43759 -43777 -43781 -43783 -43787 -43789 -43793 -43801 -43853 -43867 -43889 -43891 -43913 -43933 -43943 -43951 -43961 -43963 -43969 -43973 -43987 -43991 -43997 -44017 -44021 -44027 -44029 -44041 -44053 -44059 -44071 -44087 -44089 -44101 -44111 -44119 -44123 -44129 -44131 -44159 -44171 -44179 -44189 -44201 -44203 -44207 -44221 -44249 -44257 -44263 -44267 -44269 -44273 -44279 -44281 -44293 -44351 -44357 -44371 -44381 -44383 -44389 -44417 -44449 -44453 -44483 -44491 -44497 -44501 -44507 -44519 -44531 -44533 -44537 -44543 -44549 -44563 -44579 -44587 -44617 -44621 -44623 -44633 -44641 -44647 -44651 -44657 -44683 -44687 -44699 -44701 -44711 -44729 -44741 -44753 -44771 -44773 -44777 -44789 -44797 -44809 -44819 -44839 -44843 -44851 -44867 -44879 -44887 -44893 -44909 -44917 -44927 -44939 -44953 -44959 -44963 -44971 -44983 -44987 -45007 -45013 -45053 -45061 -45077 -45083 -45119 -45121 -45127 -45131 -45137 -45139 -45161 -45179 -45181 -45191 -45197 -45233 -45247 -45259 -45263 -45281 -45289 -45293 -45307 -45317 -45319 -45329 -45337 -45341 -45343 -45361 -45377 -45389 -45403 -45413 -45427 -45433 -45439 -45481 -45491 -45497 -45503 -45523 -45533 -45541 -45553 -45557 -45569 -45587 -45589 -45599 -45613 -45631 -45641 -45659 -45667 -45673 -45677 -45691 -45697 -45707 -45737 -45751 -45757 -45763 -45767 -45779 -45817 -45821 -45823 -45827 -45833 -45841 -45853 -45863 -45869 -45887 -45893 -45943 -45949 -45953 -45959 -45971 -45979 -45989 -46021 -46027 -46049 -46051 -46061 -46073 -46091 -46093 -46099 -46103 -46133 -46141 -46147 -46153 -46171 -46181 -46183 -46187 -46199 -46219 -46229 -46237 -46261 -46271 -46273 -46279 -46301 -46307 -46309 -46327 -46337 -46349 -46351 -46381 -46399 -46411 -46439 -46441 -46447 -46451 -46457 -46471 -46477 -46489 -46499 -46507 -46511 -46523 -46549 -46559 -46567 -46573 -46589 -46591 -46601 -46619 -46633 -46639 -46643 -46649 -46663 -46679 -46681 -46687 -46691 -46703 -46723 -46727 -46747 -46751 -46757 -46769 -46771 -46807 -46811 -46817 -46819 -46829 -46831 -46853 -46861 -46867 -46877 -46889 -46901 -46919 -46933 -46957 -46993 -46997 -47017 -47041 -47051 -47057 -47059 -47087 -47093 -47111 -47119 -47123 -47129 -47137 -47143 -47147 -47149 -47161 -47189 -47207 -47221 -47237 -47251 -47269 -47279 -47287 -47293 -47297 -47303 -47309 -47317 -47339 -47351 -47353 -47363 -47381 -47387 -47389 -47407 -47417 -47419 -47431 -47441 -47459 -47491 -47497 -47501 -47507 -47513 -47521 -47527 -47533 -47543 -47563 -47569 -47581 -47591 -47599 -47609 -47623 -47629 -47639 -47653 -47657 -47659 -47681 -47699 -47701 -47711 -47713 -47717 -47737 -47741 -47743 -47777 -47779 -47791 -47797 -47807 -47809 -47819 -47837 -47843 -47857 -47869 -47881 -47903 -47911 -47917 -47933 -47939 -47947 -47951 -47963 -47969 -47977 -47981 -48017 -48023 -48029 -48049 -48073 -48079 -48091 -48109 -48119 -48121 -48131 -48157 -48163 -48179 -48187 -48193 -48197 -48221 -48239 -48247 -48259 -48271 -48281 -48299 -48311 -48313 -48337 -48341 -48353 -48371 -48383 -48397 -48407 -48409 -48413 -48437 -48449 -48463 -48473 -48479 -48481 -48487 -48491 -48497 -48523 -48527 -48533 -48539 -48541 -48563 -48571 -48589 -48593 -48611 -48619 -48623 -48647 -48649 -48661 -48673 -48677 -48679 -48731 -48733 -48751 -48757 -48761 -48767 -48779 -48781 -48787 -48799 -48809 -48817 -48821 -48823 -48847 -48857 -48859 -48869 -48871 -48883 -48889 -48907 -48947 -48953 -48973 -48989 -48991 -49003 -49009 -49019 -49031 -49033 -49037 -49043 -49057 -49069 -49081 -49103 -49109 -49117 -49121 -49123 -49139 -49157 -49169 -49171 -49177 -49193 -49199 -49201 -49207 -49211 -49223 -49253 -49261 -49277 -49279 -49297 -49307 -49331 -49333 -49339 -49363 -49367 -49369 -49391 -49393 -49409 -49411 -49417 -49429 -49433 -49451 -49459 -49463 -49477 -49481 -49499 -49523 -49529 -49531 -49537 -49547 -49549 -49559 -49597 -49603 -49613 -49627 -49633 -49639 -49663 -49667 -49669 -49681 -49697 -49711 -49727 -49739 -49741 -49747 -49757 -49783 -49787 -49789 -49801 -49807 -49811 -49823 -49831 -49843 -49853 -49871 -49877 -49891 -49919 -49921 -49927 -49937 -49939 -49943 -49957 -49991 -49993 -49999 -50021 -50023 -50033 -50047 -50051 -50053 -50069 -50077 -50087 -50093 -50101 -50111 -50119 -50123 -50129 -50131 -50147 -50153 -50159 -50177 -50207 -50221 -50227 -50231 -50261 -50263 -50273 -50287 -50291 -50311 -50321 -50329 -50333 -50341 -50359 -50363 -50377 -50383 -50387 -50411 -50417 -50423 -50441 -50459 -50461 -50497 -50503 -50513 -50527 -50539 -50543 -50549 -50551 -50581 -50587 -50591 -50593 -50599 -50627 -50647 -50651 -50671 -50683 -50707 -50723 -50741 -50753 -50767 -50773 -50777 -50789 -50821 -50833 -50839 -50849 -50857 -50867 -50873 -50891 -50893 -50909 -50923 -50929 -50951 -50957 -50969 -50971 -50989 -50993 -51001 -51031 -51043 -51047 -51059 -51061 -51071 -51109 -51131 -51133 -51137 -51151 -51157 -51169 -51193 -51197 -51199 -51203 -51217 -51229 -51239 -51241 -51257 -51263 -51283 -51287 -51307 -51329 -51341 -51343 -51347 -51349 -51361 -51383 -51407 -51413 -51419 -51421 -51427 -51431 -51437 -51439 -51449 -51461 -51473 -51479 -51481 -51487 -51503 -51511 -51517 -51521 -51539 -51551 -51563 -51577 -51581 -51593 -51599 -51607 -51613 -51631 -51637 -51647 -51659 -51673 -51679 -51683 -51691 -51713 -51719 -51721 -51749 -51767 -51769 -51787 -51797 -51803 -51817 -51827 -51829 -51839 -51853 -51859 -51869 -51871 -51893 -51899 -51907 -51913 -51929 -51941 -51949 -51971 -51973 -51977 -51991 -52009 -52021 -52027 -52051 -52057 -52067 -52069 -52081 -52103 -52121 -52127 -52147 -52153 -52163 -52177 -52181 -52183 -52189 -52201 -52223 -52237 -52249 -52253 -52259 -52267 -52289 -52291 -52301 -52313 -52321 -52361 -52363 -52369 -52379 -52387 -52391 -52433 -52453 -52457 -52489 -52501 -52511 -52517 -52529 -52541 -52543 -52553 -52561 -52567 -52571 -52579 -52583 -52609 -52627 -52631 -52639 -52667 -52673 -52691 -52697 -52709 -52711 -52721 -52727 -52733 -52747 -52757 -52769 -52783 -52807 -52813 -52817 -52837 -52859 -52861 -52879 -52883 -52889 -52901 -52903 -52919 -52937 -52951 -52957 -52963 -52967 -52973 -52981 -52999 -53003 -53017 -53047 -53051 -53069 -53077 -53087 -53089 -53093 -53101 -53113 -53117 -53129 -53147 -53149 -53161 -53171 -53173 -53189 -53197 -53201 -53231 -53233 -53239 -53267 -53269 -53279 -53281 -53299 -53309 -53323 -53327 -53353 -53359 -53377 -53381 -53401 -53407 -53411 -53419 -53437 -53441 -53453 -53479 -53503 -53507 -53527 -53549 -53551 -53569 -53591 -53593 -53597 -53609 -53611 -53617 -53623 -53629 -53633 -53639 -53653 -53657 -53681 -53693 -53699 -53717 -53719 -53731 -53759 -53773 -53777 -53783 -53791 -53813 -53819 -53831 -53849 -53857 -53861 -53881 -53887 -53891 -53897 -53899 -53917 -53923 -53927 -53939 -53951 -53959 -53987 -53993 -54001 -54011 -54013 -54037 -54049 -54059 -54083 -54091 -54101 -54121 -54133 -54139 -54151 -54163 -54167 -54181 -54193 -54217 -54251 -54269 -54277 -54287 -54293 -54311 -54319 -54323 -54331 -54347 -54361 -54367 -54371 -54377 -54401 -54403 -54409 -54413 -54419 -54421 -54437 -54443 -54449 -54469 -54493 -54497 -54499 -54503 -54517 -54521 -54539 -54541 -54547 -54559 -54563 -54577 -54581 -54583 -54601 -54617 -54623 -54629 -54631 -54647 -54667 -54673 -54679 -54709 -54713 -54721 -54727 -54751 -54767 -54773 -54779 -54787 -54799 -54829 -54833 -54851 -54869 -54877 -54881 -54907 -54917 -54919 -54941 -54949 -54959 -54973 -54979 -54983 -55001 -55009 -55021 -55049 -55051 -55057 -55061 -55073 -55079 -55103 -55109 -55117 -55127 -55147 -55163 -55171 -55201 -55207 -55213 -55217 -55219 -55229 -55243 -55249 -55259 -55291 -55313 -55331 -55333 -55337 -55339 -55343 -55351 -55373 -55381 -55399 -55411 -55439 -55441 -55457 -55469 -55487 -55501 -55511 -55529 -55541 -55547 -55579 -55589 -55603 -55609 -55619 -55621 -55631 -55633 -55639 -55661 -55663 -55667 -55673 -55681 -55691 -55697 -55711 -55717 -55721 -55733 -55763 -55787 -55793 -55799 -55807 -55813 -55817 -55819 -55823 -55829 -55837 -55843 -55849 -55871 -55889 -55897 -55901 -55903 -55921 -55927 -55931 -55933 -55949 -55967 -55987 -55997 -56003 -56009 -56039 -56041 -56053 -56081 -56087 -56093 -56099 -56101 -56113 -56123 -56131 -56149 -56167 -56171 -56179 -56197 -56207 -56209 -56237 -56239 -56249 -56263 -56267 -56269 -56299 -56311 -56333 -56359 -56369 -56377 -56383 -56393 -56401 -56417 -56431 -56437 -56443 -56453 -56467 -56473 -56477 -56479 -56489 -56501 -56503 -56509 -56519 -56527 -56531 -56533 -56543 -56569 -56591 -56597 -56599 -56611 -56629 -56633 -56659 -56663 -56671 -56681 -56687 -56701 -56711 -56713 -56731 -56737 -56747 -56767 -56773 -56779 -56783 -56807 -56809 -56813 -56821 -56827 -56843 -56857 -56873 -56891 -56893 -56897 -56909 -56911 -56921 -56923 -56929 -56941 -56951 -56957 -56963 -56983 -56989 -56993 -56999 -57037 -57041 -57047 -57059 -57073 -57077 -57089 -57097 -57107 -57119 -57131 -57139 -57143 -57149 -57163 -57173 -57179 -57191 -57193 -57203 -57221 -57223 -57241 -57251 -57259 -57269 -57271 -57283 -57287 -57301 -57329 -57331 -57347 -57349 -57367 -57373 -57383 -57389 -57397 -57413 -57427 -57457 -57467 -57487 -57493 -57503 -57527 -57529 -57557 -57559 -57571 -57587 -57593 -57601 -57637 -57641 -57649 -57653 -57667 -57679 -57689 -57697 -57709 -57713 -57719 -57727 -57731 -57737 -57751 -57773 -57781 -57787 -57791 -57793 -57803 -57809 -57829 -57839 -57847 -57853 -57859 -57881 -57899 -57901 -57917 -57923 -57943 -57947 -57973 -57977 -57991 -58013 -58027 -58031 -58043 -58049 -58057 -58061 -58067 -58073 -58099 -58109 -58111 -58129 -58147 -58151 -58153 -58169 -58171 -58189 -58193 -58199 -58207 -58211 -58217 -58229 -58231 -58237 -58243 -58271 -58309 -58313 -58321 -58337 -58363 -58367 -58369 -58379 -58391 -58393 -58403 -58411 -58417 -58427 -58439 -58441 -58451 -58453 -58477 -58481 -58511 -58537 -58543 -58549 -58567 -58573 -58579 -58601 -58603 -58613 -58631 -58657 -58661 -58679 -58687 -58693 -58699 -58711 -58727 -58733 -58741 -58757 -58763 -58771 -58787 -58789 -58831 -58889 -58897 -58901 -58907 -58909 -58913 -58921 -58937 -58943 -58963 -58967 -58979 -58991 -58997 -59009 -59011 -59021 -59023 -59029 -59051 -59053 -59063 -59069 -59077 -59083 -59093 -59107 -59113 -59119 -59123 -59141 -59149 -59159 -59167 -59183 -59197 -59207 -59209 -59219 -59221 -59233 -59239 -59243 -59263 -59273 -59281 -59333 -59341 -59351 -59357 -59359 -59369 -59377 -59387 -59393 -59399 -59407 -59417 -59419 -59441 -59443 -59447 -59453 -59467 -59471 -59473 -59497 -59509 -59513 -59539 -59557 -59561 -59567 -59581 -59611 -59617 -59621 -59627 -59629 -59651 -59659 -59663 -59669 -59671 -59693 -59699 -59707 -59723 -59729 -59743 -59747 -59753 -59771 -59779 -59791 -59797 -59809 -59833 -59863 -59879 -59887 -59921 -59929 -59951 -59957 -59971 -59981 -59999 -60013 -60017 -60029 -60037 -60041 -60077 -60083 -60089 -60091 -60101 -60103 -60107 -60127 -60133 -60139 -60149 -60161 -60167 -60169 -60209 -60217 -60223 -60251 -60257 -60259 -60271 -60289 -60293 -60317 -60331 -60337 -60343 -60353 -60373 -60383 -60397 -60413 -60427 -60443 -60449 -60457 -60493 -60497 -60509 -60521 -60527 -60539 -60589 -60601 -60607 -60611 -60617 -60623 -60631 -60637 -60647 -60649 -60659 -60661 -60679 -60689 -60703 -60719 -60727 -60733 -60737 -60757 -60761 -60763 -60773 -60779 -60793 -60811 -60821 -60859 -60869 -60887 -60889 -60899 -60901 -60913 -60917 -60919 -60923 -60937 -60943 -60953 -60961 -61001 -61007 -61027 -61031 -61043 -61051 -61057 -61091 -61099 -61121 -61129 -61141 -61151 -61153 -61169 -61211 -61223 -61231 -61253 -61261 -61283 -61291 -61297 -61331 -61333 -61339 -61343 -61357 -61363 -61379 -61381 -61403 -61409 -61417 -61441 -61463 -61469 -61471 -61483 -61487 -61493 -61507 -61511 -61519 -61543 -61547 -61553 -61559 -61561 -61583 -61603 -61609 -61613 -61627 -61631 -61637 -61643 -61651 -61657 -61667 -61673 -61681 -61687 -61703 -61717 -61723 -61729 -61751 -61757 -61781 -61813 -61819 -61837 -61843 -61861 -61871 -61879 -61909 -61927 -61933 -61949 -61961 -61967 -61979 -61981 -61987 -61991 -62003 -62011 -62017 -62039 -62047 -62053 -62057 -62071 -62081 -62099 -62119 -62129 -62131 -62137 -62141 -62143 -62171 -62189 -62191 -62201 -62207 -62213 -62219 -62233 -62273 -62297 -62299 -62303 -62311 -62323 -62327 -62347 -62351 -62383 -62401 -62417 -62423 -62459 -62467 -62473 -62477 -62483 -62497 -62501 -62507 -62533 -62539 -62549 -62563 -62581 -62591 -62597 -62603 -62617 -62627 -62633 -62639 -62653 -62659 -62683 -62687 -62701 -62723 -62731 -62743 -62753 -62761 -62773 -62791 -62801 -62819 -62827 -62851 -62861 -62869 -62873 -62897 -62903 -62921 -62927 -62929 -62939 -62969 -62971 -62981 -62983 -62987 -62989 -63029 -63031 -63059 -63067 -63073 -63079 -63097 -63103 -63113 -63127 -63131 -63149 -63179 -63197 -63199 -63211 -63241 -63247 -63277 -63281 -63299 -63311 -63313 -63317 -63331 -63337 -63347 -63353 -63361 -63367 -63377 -63389 -63391 -63397 -63409 -63419 -63421 -63439 -63443 -63463 -63467 -63473 -63487 -63493 -63499 -63521 -63527 -63533 -63541 -63559 -63577 -63587 -63589 -63599 -63601 -63607 -63611 -63617 -63629 -63647 -63649 -63659 -63667 -63671 -63689 -63691 -63697 -63703 -63709 -63719 -63727 -63737 -63743 -63761 -63773 -63781 -63793 -63799 -63803 -63809 -63823 -63839 -63841 -63853 -63857 -63863 -63901 -63907 -63913 -63929 -63949 -63977 -63997 -64007 -64013 -64019 -64033 -64037 -64063 -64067 -64081 -64091 -64109 -64123 -64151 -64153 -64157 -64171 -64187 -64189 -64217 -64223 -64231 -64237 -64271 -64279 -64283 -64301 -64303 -64319 -64327 -64333 -64373 -64381 -64399 -64403 -64433 -64439 -64451 -64453 -64483 -64489 -64499 -64513 -64553 -64567 -64577 -64579 -64591 -64601 -64609 -64613 -64621 -64627 -64633 -64661 -64663 -64667 -64679 -64693 -64709 -64717 -64747 -64763 -64781 -64783 -64793 -64811 -64817 -64849 -64853 -64871 -64877 -64879 -64891 -64901 -64919 -64921 -64927 -64937 -64951 -64969 -64997 -65003 -65011 -65027 -65029 -65033 -65053 -65063 -65071 -65089 -65099 -65101 -65111 -65119 -65123 -65129 -65141 -65147 -65167 -65171 -65173 -65179 -65183 -65203 -65213 -65239 -65257 -65267 -65269 -65287 -65293 -65309 -65323 -65327 -65353 -65357 -65371 -65381 -65393 -65407 -65413 -65419 -65423 -65437 -65447 -65449 -65479 -65497 -65519 -65521 diff --git a/security/nss/lib/freebl/mpi/doc/prng.pod b/security/nss/lib/freebl/mpi/doc/prng.pod deleted file mode 100644 index 1ae75da82..000000000 --- a/security/nss/lib/freebl/mpi/doc/prng.pod +++ /dev/null @@ -1,41 +0,0 @@ -=head1 NAME - - prng - pseudo-random number generator - -=head1 SYNOPSIS - - prng [count] - -=head1 DESCRIPTION - -B generates 32-bit pseudo-random integers using the -Blum-Blum-Shub (BBS) quadratic residue generator. It is seeded using -the standard C library's rand() function, which itself seeded from the -system clock and the process ID number. Thus, the values generated -are not particularly useful for cryptographic applications, but they -are in general much better than the typical output of the usual -multiplicative congruency generator used by most runtime libraries. - -You may optionally specify how many random values should be generated -by giving a I argument on the command line. If you do not -specify a count, only one random value will be generated. The results -are output to the standard output in decimal notation, one value per -line. - -=head1 RESTRICTIONS - -As stated above, B uses the C library's rand() function to seed -the generator, so it is not terribly suitable for cryptographic -applications. Also note that each time you run the program, a new -seed is generated, so it is better to run it once with a I -parameter than it is to run it multiple times to generate several -values. - -=head1 AUTHOR - - Michael J. Fromberger - Copyright (C) 1998 Michael J. Fromberger, All Rights Reserved - Thayer School of Engineering, Dartmouth College, Hanover, NH USA - - $Date$ - diff --git a/security/nss/lib/freebl/mpi/doc/redux.txt b/security/nss/lib/freebl/mpi/doc/redux.txt deleted file mode 100644 index f6f8b6ad4..000000000 --- a/security/nss/lib/freebl/mpi/doc/redux.txt +++ /dev/null @@ -1,118 +0,0 @@ -Modular Reduction - -Usually, modular reduction is accomplished by long division, using the -mp_div() or mp_mod() functions. However, when performing modular -exponentiation, you spend a lot of time reducing by the same modulus -again and again. For this purpose, doing a full division for each -multiplication is quite inefficient. - -For this reason, the mp_exptmod() function does not perform modular -reductions in the usual way, but instead takes advantage of an -algorithm due to Barrett, as described by Menezes, Oorschot and -VanStone in their book _Handbook of Applied Cryptography_, published -by the CRC Press (see Chapter 14 for details). This method reduces -most of the computation of reduction to efficient shifting and masking -operations, and avoids the multiple-precision division entirely. - -Here is a brief synopsis of Barrett reduction, as it is implemented in -this library. - -Let b denote the radix of the computation (one more than the maximum -value that can be denoted by an mp_digit). Let m be the modulus, and -let k be the number of significant digits of m. Let x be the value to -be reduced modulo m. By the Division Theorem, there exist unique -integers Q and R such that: - - x = Qm + R, 0 <= R < m - -Barrett reduction takes advantage of the fact that you can easily -approximate Q to within two, given a value M such that: - - 2k - b - M = floor( ----- ) - m - -Computation of M requires a full-precision division step, so if you -are only doing a single reduction by m, you gain no advantage. -However, when multiple reductions by the same m are required, this -division need only be done once, beforehand. Using this, we can use -the following equation to compute Q', an approximation of Q: - - x - floor( ------ ) M - k-1 - b -Q' = floor( ----------------- ) - k+1 - b - -The divisions by b^(k-1) and b^(k+1) and the floor() functions can be -efficiently implemented with shifts and masks, leaving only a single -multiplication to be performed to get this approximation. It can be -shown that Q - 2 <= Q' <= Q, so in the worst case, we can get out with -two additional subtractions to bring the value into line with the -actual value of Q. - -Once we've got Q', we basically multiply that by m and subtract from -x, yielding: - - x - Q'm = Qm + R - Q'm - -Since we know the constraint on Q', this is one of: - - R - m + R - 2m + R - -Since R < m by the Division Theorem, we can simply subtract off m -until we get a value in the correct range, which will happen with no -more than 2 subtractions: - - v = x - Q'm - - while(v >= m) - v = v - m - endwhile - - -In random performance trials, modular exponentiation using this method -of reduction gave around a 40% speedup over using the division for -reduction. - ------------------------------------------------------------------- -The contents of this file are subject to the Mozilla Public -License Version 1.1 (the "License"); you may not use this file -except in compliance with the License. You may obtain a copy of -the License at http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS -IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -implied. See the License for the specific language governing -rights and limitations under the License. - -The Original Code is the MPI Arbitrary Precision Integer Arithmetic -library. - -The Initial Developer of the Original Code is -Michael J. Fromberger - -Portions created by Michael J. Fromberger are -Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the -terms of the GNU General Public License Version 2 or later (the -"GPL"), in which case the provisions of the GPL are applicable -instead of those above. If you wish to allow use of your -version of this file only under the terms of the GPL and not to -allow others to use your version of this file under the MPL, -indicate your decision by deleting the provisions above and -replace them with the notice and other provisions required by -the GPL. If you do not delete the provisions above, a recipient -may use your version of this file under either the MPL or the GPL. - -$Id$ - - diff --git a/security/nss/lib/freebl/mpi/doc/sqrt.txt b/security/nss/lib/freebl/mpi/doc/sqrt.txt deleted file mode 100644 index e14157caa..000000000 --- a/security/nss/lib/freebl/mpi/doc/sqrt.txt +++ /dev/null @@ -1,82 +0,0 @@ -Square Root - -A simple iterative algorithm is used to compute the greatest integer -less than or equal to the square root. Essentially, this is Newton's -linear approximation, computed by finding successive values of the -equation: - - x[k]^2 - V -x[k+1] = x[k] - ------------ - 2 x[k] - -...where V is the value for which the square root is being sought. In -essence, what is happening here is that we guess a value for the -square root, then figure out how far off we were by squaring our guess -and subtracting the target. Using this value, we compute a linear -approximation for the error, and adjust the "guess". We keep doing -this until the precision gets low enough that the above equation -yields a quotient of zero. At this point, our last guess is one -greater than the square root we're seeking. - -The initial guess is computed by dividing V by 4, which is a heuristic -I have found to be fairly good on average. This also has the -advantage of being very easy to compute efficiently, even for large -values. - -So, the resulting algorithm works as follows: - - x = V / 4 /* compute initial guess */ - - loop - t = (x * x) - V /* Compute absolute error */ - u = 2 * x /* Adjust by tangent slope */ - t = t / u - - /* Loop is done if error is zero */ - if(t == 0) - break - - /* Adjust guess by error term */ - x = x - t - end - - x = x - 1 - -The result of the computation is the value of x. - ------------------------------------------------------------------- -The contents of this file are subject to the Mozilla Public -License Version 1.1 (the "License"); you may not use this file -except in compliance with the License. You may obtain a copy of -the License at http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS -IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -implied. See the License for the specific language governing -rights and limitations under the License. - -The Original Code is the MPI Arbitrary Precision Integer Arithmetic -library. - -The Initial Developer of the Original Code is -Michael J. Fromberger - -Portions created by Michael J. Fromberger are -Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the -terms of the GNU General Public License Version 2 or later (the -"GPL"), in which case the provisions of the GPL are applicable -instead of those above. If you wish to allow use of your -version of this file only under the terms of the GPL and not to -allow others to use your version of this file under the MPL, -indicate your decision by deleting the provisions above and -replace them with the notice and other provisions required by -the GPL. If you do not delete the provisions above, a recipient -may use your version of this file under either the MPL or the GPL. - -$Id$ - - diff --git a/security/nss/lib/freebl/mpi/doc/square.txt b/security/nss/lib/freebl/mpi/doc/square.txt deleted file mode 100644 index e0d28798a..000000000 --- a/security/nss/lib/freebl/mpi/doc/square.txt +++ /dev/null @@ -1,104 +0,0 @@ -Squaring Algorithm - -When you are squaring a value, you can take advantage of the fact that -half the multiplications performed by the more general multiplication -algorithm (see 'mul.txt' for a description) are redundant when the -multiplicand equals the multiplier. - -In particular, the modified algorithm is: - -k = 0 -for j <- 0 to (#a - 1) - w = c[2*j] + (a[j] ^ 2); - k = w div R - - for i <- j+1 to (#a - 1) - w = (2 * a[j] * a[i]) + k + c[i+j] - c[i+j] = w mod R - k = w div R - endfor - c[i+j] = k; - k = 0; -endfor - -On the surface, this looks identical to the multiplication algorithm; -however, note the following differences: - - - precomputation of the leading term in the outer loop - - - i runs from j+1 instead of from zero - - - doubling of a[i] * a[j] in the inner product - -Unfortunately, the construction of the inner product is such that we -need more than two digits to represent the inner product, in some -cases. In a C implementation, this means that some gymnastics must be -performed in order to handle overflow, for which C has no direct -abstraction. We do this by observing the following: - -If we have multiplied a[i] and a[j], and the product is more than half -the maximum value expressible in two digits, then doubling this result -will overflow into a third digit. If this occurs, we take note of the -overflow, and double it anyway -- C integer arithmetic ignores -overflow, so the two digits we get back should still be valid, modulo -the overflow. - -Having doubled this value, we now have to add in the remainders and -the digits already computed by earlier steps. If we did not overflow -in the previous step, we might still cause an overflow here. That -will happen whenever the maximum value expressible in two digits, less -the amount we have to add, is greater than the result of the previous -step. Thus, the overflow computation is: - - - u = 0 - w = a[i] * a[j] - - if(w > (R - 1)/ 2) - u = 1; - - w = w * 2 - v = c[i + j] + k - - if(u == 0 && (R - 1 - v) < w) - u = 1 - -If there is an overflow, u will be 1, otherwise u will be 0. The rest -of the parameters are the same as they are in the above description. - ------------------------------------------------------------------- -The contents of this file are subject to the Mozilla Public -License Version 1.1 (the "License"); you may not use this file -except in compliance with the License. You may obtain a copy of -the License at http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS -IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -implied. See the License for the specific language governing -rights and limitations under the License. - -The Original Code is the MPI Arbitrary Precision Integer Arithmetic -library. - -The Initial Developer of the Original Code is -Michael J. Fromberger - -Portions created by Michael J. Fromberger are -Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the -terms of the GNU General Public License Version 2 or later (the -"GPL"), in which case the provisions of the GPL are applicable -instead of those above. If you wish to allow use of your -version of this file only under the terms of the GPL and not to -allow others to use your version of this file under the MPL, -indicate your decision by deleting the provisions above and -replace them with the notice and other provisions required by -the GPL. If you do not delete the provisions above, a recipient -may use your version of this file under either the MPL or the GPL. - -$Id$ - - diff --git a/security/nss/lib/freebl/mpi/doc/timing.txt b/security/nss/lib/freebl/mpi/doc/timing.txt deleted file mode 100644 index c1701063a..000000000 --- a/security/nss/lib/freebl/mpi/doc/timing.txt +++ /dev/null @@ -1,245 +0,0 @@ -MPI Library Timing Tests - -Hardware/OS -(A) SGI O2 1 x MIPS R10000 250MHz IRIX 6.5.3 -(B) IBM RS/6000 43P-240 1 x PowerPC 603e 223MHz AIX 4.3 -(C) Dell GX1/L+ 1 x Pentium III 550MHz Linux 2.2.12-20 -(D) PowerBook G3 1 x PowerPC 750 266MHz LinuxPPC 2.2.6-15apmac -(E) PowerBook G3 1 x PowerPC 750 266MHz MacOS 8.5.1 -(F) PowerBook G3 1 x PowerPC 750 400MHz MacOS 9.0.2 - -Compiler -(1) MIPSpro C 7.2.1 -O3 optimizations -(2) GCC 2.95.1 -O3 optimizations -(3) IBM AIX xlc -O3 optimizations (version unknown) -(4) EGCS 2.91.66 -O3 optimizations -(5) Metrowerks CodeWarrior 5.0 C, all optimizations -(6) MIPSpro C 7.30 -O3 optimizations -(7) same as (6), with optimized libmalloc.so - -Timings are given in seconds, computed using the C library's clock() -function. The first column gives the hardware and compiler -configuration used for the test. The second column indicates the -number of tests that were aggregated to get the statistics for that -size. These were compiled using 16 bit digits. - -Source data were generated randomly using a fixed seed, so they should -be internally consistent, but may vary on different systems depending -on the C library. Also, since the resolution of the timer accessed by -clock() varies, there may be some variance in the precision of these -measurements. - -Prime Generation (primegen) - -128 bits: -A1 200 min=0.03, avg=0.19, max=0.72, sum=38.46 -A2 200 min=0.02, avg=0.16, max=0.62, sum=32.55 -B3 200 min=0.01, avg=0.07, max=0.22, sum=13.29 -C4 200 min=0.00, avg=0.03, max=0.20, sum=6.14 -D4 200 min=0.00, avg=0.05, max=0.33, sum=9.70 -A6 200 min=0.01, avg=0.09, max=0.36, sum=17.48 -A7 200 min=0.00, avg=0.05, max=0.24, sum=10.07 - -192 bits: -A1 200 min=0.05, avg=0.45, max=3.13, sum=89.96 -A2 200 min=0.04, avg=0.39, max=2.61, sum=77.55 -B3 200 min=0.02, avg=0.18, max=1.25, sum=36.97 -C4 200 min=0.01, avg=0.09, max=0.33, sum=18.24 -D4 200 min=0.02, avg=0.15, max=0.54, sum=29.63 -A6 200 min=0.02, avg=0.24, max=1.70, sum=47.84 -A7 200 min=0.01, avg=0.15, max=1.05, sum=30.88 - -256 bits: -A1 200 min=0.08, avg=0.92, max=6.13, sum=184.79 -A2 200 min=0.06, avg=0.76, max=5.03, sum=151.11 -B3 200 min=0.04, avg=0.41, max=2.68, sum=82.35 -C4 200 min=0.02, avg=0.19, max=0.69, sum=37.91 -D4 200 min=0.03, avg=0.31, max=1.15, sum=63.00 -A6 200 min=0.04, avg=0.48, max=3.13, sum=95.46 -A7 200 min=0.03, avg=0.37, max=2.36, sum=73.60 - -320 bits: -A1 200 min=0.11, avg=1.59, max=6.14, sum=318.81 -A2 200 min=0.09, avg=1.27, max=4.93, sum=254.03 -B3 200 min=0.07, avg=0.82, max=3.13, sum=163.80 -C4 200 min=0.04, avg=0.44, max=1.91, sum=87.59 -D4 200 min=0.06, avg=0.73, max=3.22, sum=146.73 -A6 200 min=0.07, avg=0.93, max=3.50, sum=185.01 -A7 200 min=0.05, avg=0.76, max=2.94, sum=151.78 - -384 bits: -A1 200 min=0.16, avg=2.69, max=11.41, sum=537.89 -A2 200 min=0.13, avg=2.15, max=9.03, sum=429.14 -B3 200 min=0.11, avg=1.54, max=6.49, sum=307.78 -C4 200 min=0.06, avg=0.81, max=4.84, sum=161.13 -D4 200 min=0.10, avg=1.38, max=8.31, sum=276.81 -A6 200 min=0.11, avg=1.73, max=7.36, sum=345.55 -A7 200 min=0.09, avg=1.46, max=6.12, sum=292.02 - -448 bits: -A1 200 min=0.23, avg=3.36, max=15.92, sum=672.63 -A2 200 min=0.17, avg=2.61, max=12.25, sum=522.86 -B3 200 min=0.16, avg=2.10, max=9.83, sum=420.86 -C4 200 min=0.09, avg=1.44, max=7.64, sum=288.36 -D4 200 min=0.16, avg=2.50, max=13.29, sum=500.17 -A6 200 min=0.15, avg=2.31, max=10.81, sum=461.58 -A7 200 min=0.14, avg=2.03, max=9.53, sum=405.16 - -512 bits: -A1 200 min=0.30, avg=6.12, max=22.18, sum=1223.35 -A2 200 min=0.25, avg=4.67, max=16.90, sum=933.18 -B3 200 min=0.23, avg=4.13, max=14.94, sum=825.45 -C4 200 min=0.13, avg=2.08, max=9.75, sum=415.22 -D4 200 min=0.24, avg=4.04, max=20.18, sum=808.11 -A6 200 min=0.22, avg=4.47, max=16.19, sum=893.83 -A7 200 min=0.20, avg=4.03, max=14.65, sum=806.02 - -Modular Exponentation (metime) - -The following results are aggregated from 200 pseudo-randomly -generated tests, based on a fixed seed. - - base, exponent, and modulus size (bits) -P/C 128 192 256 320 384 448 512 640 768 896 1024 -------- ----------------------------------------------------------------- -A1 0.015 0.027 0.047 0.069 0.098 0.133 0.176 0.294 0.458 0.680 1.040 -A2 0.013 0.024 0.037 0.053 0.077 0.102 0.133 0.214 0.326 0.476 0.668 -B3 0.005 0.011 0.021 0.036 0.056 0.084 0.121 0.222 0.370 0.573 0.840 -C4 0.002 0.006 0.011 0.020 0.032 0.048 0.069 0.129 0.223 0.344 0.507 -D4 0.004 0.010 0.019 0.034 0.056 0.085 0.123 0.232 0.390 0.609 0.899 -E5 0.007 0.015 0.031 0.055 0.088 0.133 0.183 0.342 0.574 0.893 1.317 -A6 0.008 0.016 0.038 0.042 0.064 0.093 0.133 0.239 0.393 0.604 0.880 -A7 0.005 0.011 0.020 0.036 0.056 0.083 0.121 0.223 0.374 0.583 0.855 - -Multiplication and Squaring tests, (mulsqr) - -The following results are aggregated from 500000 pseudo-randomly -generated tests, based on a per-run wall-clock seed. Times are given -in seconds, except where indicated in microseconds (us). - -(A1) - -bits multiply square ad percent time/mult time/square -64 9.33 9.15 > 1.9 18.7us 18.3us -128 10.88 10.44 > 4.0 21.8us 20.9us -192 13.30 11.89 > 10.6 26.7us 23.8us -256 14.88 12.64 > 15.1 29.8us 25.3us -320 18.64 15.01 > 19.5 37.3us 30.0us -384 23.11 17.70 > 23.4 46.2us 35.4us -448 28.28 20.88 > 26.2 56.6us 41.8us -512 34.09 24.51 > 28.1 68.2us 49.0us -640 47.86 33.25 > 30.5 95.7us 66.5us -768 64.91 43.54 > 32.9 129.8us 87.1us -896 84.49 55.48 > 34.3 169.0us 111.0us -1024 107.25 69.21 > 35.5 214.5us 138.4us -1536 227.97 141.91 > 37.8 456.0us 283.8us -2048 394.05 242.15 > 38.5 788.1us 484.3us - -(A2) - -bits multiply square ad percent time/mult time/square -64 7.87 7.95 < 1.0 15.7us 15.9us -128 9.40 9.19 > 2.2 18.8us 18.4us -192 11.15 10.59 > 5.0 22.3us 21.2us -256 12.02 11.16 > 7.2 24.0us 22.3us -320 14.62 13.43 > 8.1 29.2us 26.9us -384 17.72 15.80 > 10.8 35.4us 31.6us -448 21.24 18.51 > 12.9 42.5us 37.0us -512 25.36 21.78 > 14.1 50.7us 43.6us -640 34.57 29.00 > 16.1 69.1us 58.0us -768 46.10 37.60 > 18.4 92.2us 75.2us -896 58.94 47.72 > 19.0 117.9us 95.4us -1024 73.76 59.12 > 19.8 147.5us 118.2us -1536 152.00 118.80 > 21.8 304.0us 237.6us -2048 259.41 199.57 > 23.1 518.8us 399.1us - -(B3) - -bits multiply square ad percent time/mult time/square -64 2.60 2.47 > 5.0 5.20us 4.94us -128 4.43 4.06 > 8.4 8.86us 8.12us -192 7.03 6.10 > 13.2 14.1us 12.2us -256 10.44 8.59 > 17.7 20.9us 17.2us -320 14.44 11.64 > 19.4 28.9us 23.3us -384 19.12 15.08 > 21.1 38.2us 30.2us -448 24.55 19.09 > 22.2 49.1us 38.2us -512 31.03 23.53 > 24.2 62.1us 47.1us -640 45.05 33.80 > 25.0 90.1us 67.6us -768 63.02 46.05 > 26.9 126.0us 92.1us -896 83.74 60.29 > 28.0 167.5us 120.6us -1024 106.73 76.65 > 28.2 213.5us 153.3us -1536 228.94 160.98 > 29.7 457.9us 322.0us -2048 398.08 275.93 > 30.7 796.2us 551.9us - -(C4) - -bits multiply square ad percent time/mult time/square -64 1.34 1.28 > 4.5 2.68us 2.56us -128 2.76 2.59 > 6.2 5.52us 5.18us -192 4.52 4.16 > 8.0 9.04us 8.32us -256 6.64 5.99 > 9.8 13.3us 12.0us -320 9.20 8.13 > 11.6 18.4us 16.3us -384 12.01 10.58 > 11.9 24.0us 21.2us -448 15.24 13.33 > 12.5 30.5us 26.7us -512 19.02 16.46 > 13.5 38.0us 32.9us -640 27.56 23.54 > 14.6 55.1us 47.1us -768 37.89 31.78 > 16.1 75.8us 63.6us -896 49.24 41.42 > 15.9 98.5us 82.8us -1024 62.59 52.18 > 16.6 125.2us 104.3us -1536 131.66 107.72 > 18.2 263.3us 215.4us -2048 226.45 182.95 > 19.2 453.0us 365.9us - -(A7) - -bits multiply square ad percent time/mult time/square -64 1.74 1.71 > 1.7 3.48us 3.42us -128 3.48 2.96 > 14.9 6.96us 5.92us -192 5.74 4.60 > 19.9 11.5us 9.20us -256 8.75 6.61 > 24.5 17.5us 13.2us -320 12.5 8.99 > 28.1 25.0us 18.0us -384 16.9 11.9 > 29.6 33.8us 23.8us -448 22.2 15.2 > 31.7 44.4us 30.4us -512 28.3 19.0 > 32.7 56.6us 38.0us -640 42.4 28.0 > 34.0 84.8us 56.0us -768 59.4 38.5 > 35.2 118.8us 77.0us -896 79.5 51.2 > 35.6 159.0us 102.4us -1024 102.6 65.5 > 36.2 205.2us 131.0us -1536 224.3 140.6 > 37.3 448.6us 281.2us -2048 393.4 244.3 > 37.9 786.8us 488.6us - ------------------------------------------------------------------- -The contents of this file are subject to the Mozilla Public -License Version 1.1 (the "License"); you may not use this file -except in compliance with the License. You may obtain a copy of -the License at http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS -IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -implied. See the License for the specific language governing -rights and limitations under the License. - -The Original Code is the MPI Arbitrary Precision Integer Arithmetic -library. - -The Initial Developer of the Original Code is -Michael J. Fromberger - -Portions created by Michael J. Fromberger are -Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the -terms of the GNU General Public License Version 2 or later (the -"GPL"), in which case the provisions of the GPL are applicable -instead of those above. If you wish to allow use of your -version of this file only under the terms of the GPL and not to -allow others to use your version of this file under the MPL, -indicate your decision by deleting the provisions above and -replace them with the notice and other provisions required by -the GPL. If you do not delete the provisions above, a recipient -may use your version of this file under either the MPL or the GPL. - -$Id$ - - diff --git a/security/nss/lib/freebl/mpi/hpma512.s b/security/nss/lib/freebl/mpi/hpma512.s deleted file mode 100644 index f8241ac3e..000000000 --- a/security/nss/lib/freebl/mpi/hpma512.s +++ /dev/null @@ -1,640 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is multacc512 multiple-precision integer arithmetic. - * - * The Initial Developer of the Original Code is Hewlett-Packard Company. - * Portions created by Hewlett-Packard Company are - * Copyright (C) March 1999, Hewlett-Packard Company. All Rights Reserved. - * - * Contributor(s): - * coded by: Bill Worley, Hewlett-Packard labs - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * This PA-RISC 2.0 function computes the product of two unsigned integers, - * and adds the result to a previously computed integer. The multiplicand - * is a 512-bit (64-byte, eight doubleword) unsigned integer, stored in - * memory in little-double-wordian order. The multiplier is an unsigned - * 64-bit integer. The previously computed integer to which the product is - * added is located in the result ("res") area, and is assumed to be a - * 576-bit (72-byte, nine doubleword) unsigned integer, stored in memory - * in little-double-wordian order. This value normally will be the result - * of a previously computed nine doubleword result. It is not necessary - * to pad the multiplicand with an additional 64-bit zero doubleword. - * - * Multiplicand, multiplier, and addend ideally should be aligned at - * 16-byte boundaries for best performance. The code will function - * correctly for alignment at eight-byte boundaries which are not 16-byte - * boundaries, but the execution may be slightly slower due to even/odd - * bank conflicts on PA-RISC 8000 processors. - * - * This function is designed to accept the same calling sequence as Bill - * Ackerman's "maxpy_little" function. The carry from the ninth doubleword - * of the result is written to the tenth word of the result, as is done by - * Bill Ackerman's function. The final carry also is returned as an - * integer, which may be ignored. The function prototype may be either - * of the following: - * - * void multacc512( int l, chunk* m, const chunk* a, chunk* res ); - * or - * int multacc512( int l, chunk* m, const chunk* a, chunk* res ); - * - * where: "l" originally denoted vector lengths. This parameter is - * ignored. This function always assumes a multiplicand length of - * 512 bits (eight doublewords), and addend and result lengths of - * 576 bits (nine doublewords). - * - * "m" is a pointer to the doubleword multiplier, ideally aligned - * on a 16-byte boundary. - * - * "a" is a pointer to the eight-doubleword multiplicand, stored - * in little-double-wordian order, and ideally aligned on a 16-byte - * boundary. - * - * "res" is a pointer to the nine doubleword addend, and to the - * nine-doubleword product computed by this function. The result - * also is stored in little-double-wordian order, and ideally is - * aligned on a 16-byte boundary. It is expected that the alignment - * of the "res" area may alternate between even/odd doubleword - * boundaries for successive calls for 512-bit x 512-bit - * multiplications. - * - * The code for this function has been scheduled to use the parallelism - * of the PA-RISC 8000 series microprocessors as well as the author was - * able. Comments and/or suggestions for improvement are welcomed. - * - * The code is "64-bit safe". This means it may be called in either - * the 32ILP context or the 64LP context. All 64-bits of registers are - * saved and restored. - * - * This code is self-contained. It requires no other header files in order - * to compile and to be linkable on a PA-RISC 2.0 machine. Symbolic - * definitions for registers and stack offsets are included within this - * one source file. - * - * This is a leaf routine. As such, minimal use is made of the stack area. - * Of the 192 bytes allocated, 64 bytes are used for saving/restoring eight - * general registers, and 128 bytes are used to move intermediate products - * from the floating-point registers to the general registers. Stack - * protocols assure proper alignment of these areas. - * - */ - - -/* ====================================================================*/ -/* symbolic definitions for PA-RISC registers */ -/* in the MIPS style, avoids lots of case shifts */ -/* assigments (except t4) preserve register number parity */ -/* ====================================================================*/ - -#define zero %r0 /* permanent zero */ -#define t5 %r1 /* temp register, altered by addil */ - -#define rp %r2 /* return pointer */ - -#define s1 %r3 /* callee saves register*/ -#define s0 %r4 /* callee saves register*/ -#define s3 %r5 /* callee saves register*/ -#define s2 %r6 /* callee saves register*/ -#define s5 %r7 /* callee saves register*/ -#define s4 %r8 /* callee saves register*/ -#define s7 %r9 /* callee saves register*/ -#define s6 %r10 /* callee saves register*/ - -#define t1 %r19 /* caller saves register*/ -#define t0 %r20 /* caller saves register*/ -#define t3 %r21 /* caller saves register*/ -#define t2 %r22 /* caller saves register*/ - -#define a3 %r23 /* fourth argument register, high word */ -#define a2 %r24 /* third argument register, low word*/ -#define a1 %r25 /* second argument register, high word*/ -#define a0 %r26 /* first argument register, low word*/ - -#define v0 %r28 /* high order return value*/ -#define v1 %r29 /* low order return value*/ - -#define sp %r30 /* stack pointer*/ -#define t4 %r31 /* temporary register */ - -#define fa0 %fr4 /* first argument register*/ -#define fa1 %fr5 /* second argument register*/ -#define fa2 %fr6 /* third argument register*/ -#define fa3 %fr7 /* fourth argument register*/ - -#define fa0r %fr4R /* first argument register*/ -#define fa1r %fr5R /* second argument register*/ -#define fa2r %fr6R /* third argument register*/ -#define fa3r %fr7R /* fourth argument register*/ - -#define ft0 %fr8 /* caller saves register*/ -#define ft1 %fr9 /* caller saves register*/ -#define ft2 %fr10 /* caller saves register*/ -#define ft3 %fr11 /* caller saves register*/ - -#define ft0r %fr8R /* caller saves register*/ -#define ft1r %fr9R /* caller saves register*/ -#define ft2r %fr10R /* caller saves register*/ -#define ft3r %fr11R /* caller saves register*/ - -#define ft4 %fr22 /* caller saves register*/ -#define ft5 %fr23 /* caller saves register*/ -#define ft6 %fr24 /* caller saves register*/ -#define ft7 %fr25 /* caller saves register*/ -#define ft8 %fr26 /* caller saves register*/ -#define ft9 %fr27 /* caller saves register*/ -#define ft10 %fr28 /* caller saves register*/ -#define ft11 %fr29 /* caller saves register*/ -#define ft12 %fr30 /* caller saves register*/ -#define ft13 %fr31 /* caller saves register*/ - -#define ft4r %fr22R /* caller saves register*/ -#define ft5r %fr23R /* caller saves register*/ -#define ft6r %fr24R /* caller saves register*/ -#define ft7r %fr25R /* caller saves register*/ -#define ft8r %fr26R /* caller saves register*/ -#define ft9r %fr27R /* caller saves register*/ -#define ft10r %fr28R /* caller saves register*/ -#define ft11r %fr29R /* caller saves register*/ -#define ft12r %fr30R /* caller saves register*/ -#define ft13r %fr31R /* caller saves register*/ - - - -/* ================================================================== */ -/* functional definitions for PA-RISC registers */ -/* ================================================================== */ - -/* general registers */ - -#define T1 a0 /* temp, (length parameter ignored) */ - -#define pM a1 /* -> 64-bit multiplier */ -#define T2 a1 /* temp, (after fetching multiplier) */ - -#define pA a2 /* -> multiplicand vector (8 64-bit words) */ -#define T3 a2 /* temp, (after fetching multiplicand) */ - -#define pR a3 /* -> addend vector (8 64-bit doublewords, - result vector (9 64-bit words) */ - -#define S0 s0 /* callee saves summand registers */ -#define S1 s1 -#define S2 s2 -#define S3 s3 -#define S4 s4 -#define S5 s5 -#define S6 s6 -#define S7 s7 - -#define S8 v0 /* caller saves summand registers */ -#define S9 v1 -#define S10 t0 -#define S11 t1 -#define S12 t2 -#define S13 t3 -#define S14 t4 -#define S15 t5 - - - -/* floating-point registers */ - -#define M fa0 /* multiplier double word */ -#define MR fa0r /* low order half of multiplier double word */ -#define ML fa0 /* high order half of multiplier double word */ - -#define A0 fa2 /* multiplicand double word 0 */ -#define A0R fa2r /* low order half of multiplicand double word */ -#define A0L fa2 /* high order half of multiplicand double word */ - -#define A1 fa3 /* multiplicand double word 1 */ -#define A1R fa3r /* low order half of multiplicand double word */ -#define A1L fa3 /* high order half of multiplicand double word */ - -#define A2 ft0 /* multiplicand double word 2 */ -#define A2R ft0r /* low order half of multiplicand double word */ -#define A2L ft0 /* high order half of multiplicand double word */ - -#define A3 ft1 /* multiplicand double word 3 */ -#define A3R ft1r /* low order half of multiplicand double word */ -#define A3L ft1 /* high order half of multiplicand double word */ - -#define A4 ft2 /* multiplicand double word 4 */ -#define A4R ft2r /* low order half of multiplicand double word */ -#define A4L ft2 /* high order half of multiplicand double word */ - -#define A5 ft3 /* multiplicand double word 5 */ -#define A5R ft3r /* low order half of multiplicand double word */ -#define A5L ft3 /* high order half of multiplicand double word */ - -#define A6 ft4 /* multiplicand double word 6 */ -#define A6R ft4r /* low order half of multiplicand double word */ -#define A6L ft4 /* high order half of multiplicand double word */ - -#define A7 ft5 /* multiplicand double word 7 */ -#define A7R ft5r /* low order half of multiplicand double word */ -#define A7L ft5 /* high order half of multiplicand double word */ - -#define P0 ft6 /* product word 0 */ -#define P1 ft7 /* product word 0 */ -#define P2 ft8 /* product word 0 */ -#define P3 ft9 /* product word 0 */ -#define P4 ft10 /* product word 0 */ -#define P5 ft11 /* product word 0 */ -#define P6 ft12 /* product word 0 */ -#define P7 ft13 /* product word 0 */ - - - - -/* ====================================================================== */ -/* symbolic definitions for HP-UX stack offsets */ -/* symbolic definitions for memory NOPs */ -/* ====================================================================== */ - -#define ST_SZ 192 /* stack area total size */ - -#define SV0 -192(sp) /* general register save area */ -#define SV1 -184(sp) -#define SV2 -176(sp) -#define SV3 -168(sp) -#define SV4 -160(sp) -#define SV5 -152(sp) -#define SV6 -144(sp) -#define SV7 -136(sp) - -#define XF0 -128(sp) /* data transfer area */ -#define XF1 -120(sp) /* for floating-pt to integer regs */ -#define XF2 -112(sp) -#define XF3 -104(sp) -#define XF4 -96(sp) -#define XF5 -88(sp) -#define XF6 -80(sp) -#define XF7 -72(sp) -#define XF8 -64(sp) -#define XF9 -56(sp) -#define XF10 -48(sp) -#define XF11 -40(sp) -#define XF12 -32(sp) -#define XF13 -24(sp) -#define XF14 -16(sp) -#define XF15 -8(sp) - -#define mnop proberi (sp),3,zero /* memory NOP */ - - - - -/* ====================================================================== */ -/* assembler formalities */ -/* ====================================================================== */ - -#ifdef __LP64__ - .level 2.0W -#else - .level 2.0 -#endif - .space $TEXT$ - .subspa $CODE$ - .align 16 - -/* ====================================================================== */ -/* here to compute 64-bit x 512-bit product + 512-bit addend */ -/* ====================================================================== */ - -multacc512 - .PROC - .CALLINFO - .ENTER - fldd 0(pM),M ; multiplier double word - ldo ST_SZ(sp),sp ; push stack - - fldd 0(pA),A0 ; multiplicand double word 0 - std S1,SV1 ; save s1 - - fldd 16(pA),A2 ; multiplicand double word 2 - std S3,SV3 ; save s3 - - fldd 32(pA),A4 ; multiplicand double word 4 - std S5,SV5 ; save s5 - - fldd 48(pA),A6 ; multiplicand double word 6 - std S7,SV7 ; save s7 - - - std S0,SV0 ; save s0 - fldd 8(pA),A1 ; multiplicand double word 1 - xmpyu MR,A0L,P0 ; A0 cross 32-bit word products - xmpyu ML,A0R,P2 - - std S2,SV2 ; save s2 - fldd 24(pA),A3 ; multiplicand double word 3 - xmpyu MR,A2L,P4 ; A2 cross 32-bit word products - xmpyu ML,A2R,P6 - - std S4,SV4 ; save s4 - fldd 40(pA),A5 ; multiplicand double word 5 - - std S6,SV6 ; save s6 - fldd 56(pA),A7 ; multiplicand double word 7 - - - fstd P0,XF0 ; MR * A0L - xmpyu MR,A0R,P0 ; A0 right 32-bit word product - xmpyu MR,A1L,P1 ; A1 cross 32-bit word product - - fstd P2,XF2 ; ML * A0R - xmpyu ML,A0L,P2 ; A0 left 32-bit word product - xmpyu ML,A1R,P3 ; A1 cross 32-bit word product - - fstd P4,XF4 ; MR * A2L - xmpyu MR,A2R,P4 ; A2 right 32-bit word product - xmpyu MR,A3L,P5 ; A3 cross 32-bit word product - - fstd P6,XF6 ; ML * A2R - xmpyu ML,A2L,P6 ; A2 parallel 32-bit word product - xmpyu ML,A3R,P7 ; A3 cross 32-bit word product - - - ldd XF0,S0 ; MR * A0L - fstd P1,XF1 ; MR * A1L - - ldd XF2,S2 ; ML * A0R - fstd P3,XF3 ; ML * A1R - - ldd XF4,S4 ; MR * A2L - fstd P5,XF5 ; MR * A3L - xmpyu MR,A1R,P1 ; A1 parallel 32-bit word products - xmpyu ML,A1L,P3 - - ldd XF6,S6 ; ML * A2R - fstd P7,XF7 ; ML * A3R - xmpyu MR,A3R,P5 ; A3 parallel 32-bit word products - xmpyu ML,A3L,P7 - - - fstd P0,XF0 ; MR * A0R - ldd XF1,S1 ; MR * A1L - nop - add S0,S2,T1 ; A0 cross product sum - - fstd P2,XF2 ; ML * A0L - ldd XF3,S3 ; ML * A1R - add,dc zero,zero,S0 ; A0 cross product sum carry - depd,z T1,31,32,S2 ; A0 cross product sum << 32 - - fstd P4,XF4 ; MR * A2R - ldd XF5,S5 ; MR * A3L - shrpd S0,T1,32,S0 ; A0 carry | cross product sum >> 32 - add S4,S6,T3 ; A2 cross product sum - - fstd P6,XF6 ; ML * A2L - ldd XF7,S7 ; ML * A3R - add,dc zero,zero,S4 ; A2 cross product sum carry - depd,z T3,31,32,S6 ; A2 cross product sum << 32 - - - ldd XF0,S8 ; MR * A0R - fstd P1,XF1 ; MR * A1R - xmpyu MR,A4L,P0 ; A4 cross 32-bit word product - xmpyu MR,A5L,P1 ; A5 cross 32-bit word product - - ldd XF2,S10 ; ML * A0L - fstd P3,XF3 ; ML * A1L - xmpyu ML,A4R,P2 ; A4 cross 32-bit word product - xmpyu ML,A5R,P3 ; A5 cross 32-bit word product - - ldd XF4,S12 ; MR * A2R - fstd P5,XF5 ; MR * A3L - xmpyu MR,A6L,P4 ; A6 cross 32-bit word product - xmpyu MR,A7L,P5 ; A7 cross 32-bit word product - - ldd XF6,S14 ; ML * A2L - fstd P7,XF7 ; ML * A3L - xmpyu ML,A6R,P6 ; A6 cross 32-bit word product - xmpyu ML,A7R,P7 ; A7 cross 32-bit word product - - - fstd P0,XF0 ; MR * A4L - ldd XF1,S9 ; MR * A1R - shrpd S4,T3,32,S4 ; A2 carry | cross product sum >> 32 - add S1,S3,T1 ; A1 cross product sum - - fstd P2,XF2 ; ML * A4R - ldd XF3,S11 ; ML * A1L - add,dc zero,zero,S1 ; A1 cross product sum carry - depd,z T1,31,32,S3 ; A1 cross product sum << 32 - - fstd P4,XF4 ; MR * A6L - ldd XF5,S13 ; MR * A3R - shrpd S1,T1,32,S1 ; A1 carry | cross product sum >> 32 - add S5,S7,T3 ; A3 cross product sum - - fstd P6,XF6 ; ML * A6R - ldd XF7,S15 ; ML * A3L - add,dc zero,zero,S5 ; A3 cross product sum carry - depd,z T3,31,32,S7 ; A3 cross product sum << 32 - - - shrpd S5,T3,32,S5 ; A3 carry | cross product sum >> 32 - add S2,S8,S8 ; M * A0 right doubleword, P0 doubleword - - add,dc S0,S10,S10 ; M * A0 left doubleword - add S3,S9,S9 ; M * A1 right doubleword - - add,dc S1,S11,S11 ; M * A1 left doubleword - add S6,S12,S12 ; M * A2 right doubleword - - - ldd 24(pR),S3 ; Addend word 3 - fstd P1,XF1 ; MR * A5L - add,dc S4,S14,S14 ; M * A2 left doubleword - xmpyu MR,A5R,P1 ; A5 right 32-bit word product - - ldd 8(pR),S1 ; Addend word 1 - fstd P3,XF3 ; ML * A5R - add S7,S13,S13 ; M * A3 right doubleword - xmpyu ML,A5L,P3 ; A5 left 32-bit word product - - ldd 0(pR),S7 ; Addend word 0 - fstd P5,XF5 ; MR * A7L - add,dc S5,S15,S15 ; M * A3 left doubleword - xmpyu MR,A7R,P5 ; A7 right 32-bit word product - - ldd 16(pR),S5 ; Addend word 2 - fstd P7,XF7 ; ML * A7R - add S10,S9,S9 ; P1 doubleword - xmpyu ML,A7L,P7 ; A7 left 32-bit word products - - - ldd XF0,S0 ; MR * A4L - fstd P1,XF9 ; MR * A5R - add,dc S11,S12,S12 ; P2 doubleword - xmpyu MR,A4R,P0 ; A4 right 32-bit word product - - ldd XF2,S2 ; ML * A4R - fstd P3,XF11 ; ML * A5L - add,dc S14,S13,S13 ; P3 doubleword - xmpyu ML,A4L,P2 ; A4 left 32-bit word product - - ldd XF6,S6 ; ML * A6R - fstd P5,XF13 ; MR * A7R - add,dc zero,S15,T2 ; P4 partial doubleword - xmpyu MR,A6R,P4 ; A6 right 32-bit word product - - ldd XF4,S4 ; MR * A6L - fstd P7,XF15 ; ML * A7L - add S7,S8,S8 ; R0 + P0, new R0 doubleword - xmpyu ML,A6L,P6 ; A6 left 32-bit word product - - - fstd P0,XF0 ; MR * A4R - ldd XF7,S7 ; ML * A7R - add,dc S1,S9,S9 ; c + R1 + P1, new R1 doubleword - - fstd P2,XF2 ; ML * A4L - ldd XF1,S1 ; MR * A5L - add,dc S5,S12,S12 ; c + R2 + P2, new R2 doubleword - - fstd P4,XF4 ; MR * A6R - ldd XF5,S5 ; MR * A7L - add,dc S3,S13,S13 ; c + R3 + P3, new R3 doubleword - - fstd P6,XF6 ; ML * A6L - ldd XF3,S3 ; ML * A5R - add,dc zero,T2,T2 ; c + partial P4 - add S0,S2,T1 ; A4 cross product sum - - - std S8,0(pR) ; save R0 - add,dc zero,zero,S0 ; A4 cross product sum carry - depd,z T1,31,32,S2 ; A4 cross product sum << 32 - - std S9,8(pR) ; save R1 - shrpd S0,T1,32,S0 ; A4 carry | cross product sum >> 32 - add S4,S6,T3 ; A6 cross product sum - - std S12,16(pR) ; save R2 - add,dc zero,zero,S4 ; A6 cross product sum carry - depd,z T3,31,32,S6 ; A6 cross product sum << 32 - - - std S13,24(pR) ; save R3 - shrpd S4,T3,32,S4 ; A6 carry | cross product sum >> 32 - add S1,S3,T1 ; A5 cross product sum - - ldd XF0,S8 ; MR * A4R - add,dc zero,zero,S1 ; A5 cross product sum carry - depd,z T1,31,32,S3 ; A5 cross product sum << 32 - - ldd XF2,S10 ; ML * A4L - ldd XF9,S9 ; MR * A5R - shrpd S1,T1,32,S1 ; A5 carry | cross product sum >> 32 - add S5,S7,T3 ; A7 cross product sum - - ldd XF4,S12 ; MR * A6R - ldd XF11,S11 ; ML * A5L - add,dc zero,zero,S5 ; A7 cross product sum carry - depd,z T3,31,32,S7 ; A7 cross product sum << 32 - - ldd XF6,S14 ; ML * A6L - ldd XF13,S13 ; MR * A7R - shrpd S5,T3,32,S5 ; A7 carry | cross product sum >> 32 - add S2,S8,S8 ; M * A4 right doubleword - - - ldd XF15,S15 ; ML * A7L - add,dc S0,S10,S10 ; M * A4 left doubleword - add S3,S9,S9 ; M * A5 right doubleword - - add,dc S1,S11,S11 ; M * A5 left doubleword - add S6,S12,S12 ; M * A6 right doubleword - - ldd 32(pR),S0 ; Addend word 4 - ldd 40(pR),S1 ; Addend word 5 - add,dc S4,S14,S14 ; M * A6 left doubleword - add S7,S13,S13 ; M * A7 right doubleword - - ldd 48(pR),S2 ; Addend word 6 - ldd 56(pR),S3 ; Addend word 7 - add,dc S5,S15,S15 ; M * A7 left doubleword - add S8,T2,S8 ; P4 doubleword - - ldd 64(pR),S4 ; Addend word 8 - ldd SV5,s5 ; restore s5 - add,dc S10,S9,S9 ; P5 doubleword - add,dc S11,S12,S12 ; P6 doubleword - - - ldd SV6,s6 ; restore s6 - ldd SV7,s7 ; restore s7 - add,dc S14,S13,S13 ; P7 doubleword - add,dc zero,S15,S15 ; P8 doubleword - - add S0,S8,S8 ; new R4 doubleword - - ldd SV0,s0 ; restore s0 - std S8,32(pR) ; save R4 - add,dc S1,S9,S9 ; new R5 doubleword - - ldd SV1,s1 ; restore s1 - std S9,40(pR) ; save R5 - add,dc S2,S12,S12 ; new R6 doubleword - - ldd SV2,s2 ; restore s2 - std S12,48(pR) ; save R6 - add,dc S3,S13,S13 ; new R7 doubleword - - ldd SV3,s3 ; restore s3 - std S13,56(pR) ; save R7 - add,dc S4,S15,S15 ; new R8 doubleword - - ldd SV4,s4 ; restore s4 - std S15,64(pR) ; save result[8] - add,dc zero,zero,v0 ; return carry from R8 - - CMPIB,*= 0,v0,$L0 ; if no overflow, exit - LDO 8(pR),pR - -$FINAL1 ; Final carry propagation - LDD 64(pR),v0 - LDO 8(pR),pR - ADDI 1,v0,v0 - CMPIB,*= 0,v0,$FINAL1 ; Keep looping if there is a carry. - STD v0,56(pR) -$L0 - bv zero(rp) ; -> caller - ldo -ST_SZ(sp),sp ; pop stack - -/* ====================================================================== */ -/* end of module */ -/* ====================================================================== */ - - .LEAVE - - .PROCEND - .SPACE $TEXT$ - .SUBSPA $CODE$ - .EXPORT multacc512,ENTRY - - .end diff --git a/security/nss/lib/freebl/mpi/hppa20.s b/security/nss/lib/freebl/mpi/hppa20.s deleted file mode 100644 index f7579b805..000000000 --- a/security/nss/lib/freebl/mpi/hppa20.s +++ /dev/null @@ -1,929 +0,0 @@ -; The contents of this file are subject to the Mozilla Public -; License Version 1.1 (the "License"); you may not use this file -; except in compliance with the License. You may obtain a copy of -; the License at http://www.mozilla.org/MPL/ -; -; Software distributed under the License is distributed on an "AS -; IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -; implied. See the License for the specific language governing -; rights and limitations under the License. -; -; The Original Code is MAXPY multiple-precision integer arithmetic. -; -; The Initial Developer of the Original Code is the Hewlett-Packard Company. -; Portions created by Hewlett-Packard Company are -; Copyright (C) 1997 Hewlett-Packard Company. All Rights Reserved. -; -; Contributor(s): -; coded by: William B. Ackerman -; -; Alternatively, the contents of this file may be used under the -; terms of the GNU General Public License Version 2 or later (the -; "GPL"), in which case the provisions of the GPL are applicable -; instead of those above. If you wish to allow use of your -; version of this file only under the terms of the GPL and not to -; allow others to use your version of this file under the MPL, -; indicate your decision by deleting the provisions above and -; replace them with the notice and other provisions required by -; the GPL. If you do not delete the provisions above, a recipient -; may use your version of this file under either the MPL or the -; GPL. - -#ifdef __LP64__ - .LEVEL 2.0W -#else -; .LEVEL 1.1 -; .ALLOW 2.0N - .LEVEL 2.0N -#endif - .SPACE $TEXT$,SORT=8 - .SUBSPA $CODE$,QUAD=0,ALIGN=4,ACCESS=0x2c,CODE_ONLY,SORT=24 - -; *************************************************************** -; -; maxpy_[little/big] -; -; *************************************************************** - -; There is no default -- you must specify one or the other. -#define LITTLE_WORDIAN 1 - -#ifdef LITTLE_WORDIAN -#define EIGHT 8 -#define SIXTEEN 16 -#define THIRTY_TWO 32 -#define UN_EIGHT -8 -#define UN_SIXTEEN -16 -#define UN_TWENTY_FOUR -24 -#endif - -#ifdef BIG_WORDIAN -#define EIGHT -8 -#define SIXTEEN -16 -#define THIRTY_TWO -32 -#define UN_EIGHT 8 -#define UN_SIXTEEN 16 -#define UN_TWENTY_FOUR 24 -#endif - -; This performs a multiple-precision integer version of "daxpy", -; Using the selected addressing direction. "Little-wordian" means that -; the least significant word of a number is stored at the lowest address. -; "Big-wordian" means that the most significant word is at the lowest -; address. Either way, the incoming address of the vector is that -; of the least significant word. That means that, for little-wordian -; addressing, we move the address upward as we propagate carries -; from the least significant word to the most significant. For -; big-wordian we move the address downward. - -; We use the following registers: -; -; r2 return PC, of course -; r26 = arg1 = length -; r25 = arg2 = address of scalar -; r24 = arg3 = multiplicand vector -; r23 = arg4 = result vector -; -; fr9 = scalar loaded once only from r25 - -; The cycle counts shown in the bodies below are simply the result of a -; scheduling by hand. The actual PCX-U hardware does it differently. -; The intention is that the overall speed is the same. - -; The pipeline startup and shutdown code is constructed in the usual way, -; by taking the loop bodies and removing unnecessary instructions. -; We have left the comments describing cycle numbers in the code. -; These are intended for reference when comparing with the main loop, -; and have no particular relationship to actual cycle numbers. - -#ifdef LITTLE_WORDIAN -maxpy_little -#else -maxpy_big -#endif - .PROC - .CALLINFO FRAME=120,ENTRY_GR=%r4 - .ENTER - -; Of course, real men don't use the sissy "enter" and "leave" commands. -; They write their own stack manipulation stuff. Unfortunately, -; that doesn't generate complete unwind info, whereas "enter" and -; "leave" (if the documentation is to be believed) do so. Therefore, -; we use the sissy commands. We have verified (by real-man methods) -; that the above command generates what we want: -; STW,MA %r3,128(%sp) -; STW %r4,-124(%sp) - - ADDIB,< -1,%r26,$L0 ; If N = 0, exit immediately. - FLDD 0(%r25),%fr9 ; fr9 = scalar - -; First startup - - FLDD 0(%r24),%fr24 ; Cycle 1 - XMPYU %fr9R,%fr24R,%fr27 ; Cycle 3 - XMPYU %fr9R,%fr24L,%fr25 ; Cycle 4 - XMPYU %fr9L,%fr24L,%fr26 ; Cycle 5 - CMPIB,> 3,%r26,$N_IS_SMALL ; Pick out cases N = 1, 2, or 3 - XMPYU %fr9L,%fr24R,%fr24 ; Cycle 6 - FLDD EIGHT(%r24),%fr28 ; Cycle 8 - XMPYU %fr9L,%fr28R,%fr31 ; Cycle 10 - FSTD %fr24,-96(%sp) - XMPYU %fr9R,%fr28L,%fr30 ; Cycle 11 - FSTD %fr25,-80(%sp) - LDO SIXTEEN(%r24),%r24 ; Cycle 12 - FSTD %fr31,-64(%sp) - XMPYU %fr9R,%fr28R,%fr29 ; Cycle 13 - FSTD %fr27,-48(%sp) - -; Second startup - - XMPYU %fr9L,%fr28L,%fr28 ; Cycle 1 - FSTD %fr30,-56(%sp) - FLDD 0(%r24),%fr24 - - FSTD %fr26,-88(%sp) ; Cycle 2 - - XMPYU %fr9R,%fr24R,%fr27 ; Cycle 3 - FSTD %fr28,-104(%sp) - - XMPYU %fr9R,%fr24L,%fr25 ; Cycle 4 - LDD -96(%sp),%r3 - FSTD %fr29,-72(%sp) - - XMPYU %fr9L,%fr24L,%fr26 ; Cycle 5 - LDD -64(%sp),%r19 - LDD -80(%sp),%r21 - - XMPYU %fr9L,%fr24R,%fr24 ; Cycle 6 - LDD -56(%sp),%r20 - ADD %r21,%r3,%r3 - - ADD,DC %r20,%r19,%r19 ; Cycle 7 - LDD -88(%sp),%r4 - SHRPD %r3,%r0,32,%r21 - LDD -48(%sp),%r1 - - FLDD EIGHT(%r24),%fr28 ; Cycle 8 - LDD -104(%sp),%r31 - ADD,DC %r0,%r0,%r20 - SHRPD %r19,%r3,32,%r3 - - LDD -72(%sp),%r29 ; Cycle 9 - SHRPD %r20,%r19,32,%r20 - ADD %r21,%r1,%r1 - - XMPYU %fr9L,%fr28R,%fr31 ; Cycle 10 - ADD,DC %r3,%r4,%r4 - FSTD %fr24,-96(%sp) - - XMPYU %fr9R,%fr28L,%fr30 ; Cycle 11 - ADD,DC %r0,%r20,%r20 - LDD 0(%r23),%r3 - FSTD %fr25,-80(%sp) - - LDO SIXTEEN(%r24),%r24 ; Cycle 12 - FSTD %fr31,-64(%sp) - - XMPYU %fr9R,%fr28R,%fr29 ; Cycle 13 - ADD %r0,%r0,%r0 ; clear the carry bit - ADDIB,<= -4,%r26,$ENDLOOP ; actually happens in cycle 12 - FSTD %fr27,-48(%sp) -; MFCTL %cr16,%r21 ; for timing -; STD %r21,-112(%sp) - -; Here is the loop. - -$LOOP XMPYU %fr9L,%fr28L,%fr28 ; Cycle 1 - ADD,DC %r29,%r4,%r4 - FSTD %fr30,-56(%sp) - FLDD 0(%r24),%fr24 - - LDO SIXTEEN(%r23),%r23 ; Cycle 2 - ADD,DC %r0,%r20,%r20 - FSTD %fr26,-88(%sp) - - XMPYU %fr9R,%fr24R,%fr27 ; Cycle 3 - ADD %r3,%r1,%r1 - FSTD %fr28,-104(%sp) - LDD UN_EIGHT(%r23),%r21 - - XMPYU %fr9R,%fr24L,%fr25 ; Cycle 4 - ADD,DC %r21,%r4,%r28 - FSTD %fr29,-72(%sp) - LDD -96(%sp),%r3 - - XMPYU %fr9L,%fr24L,%fr26 ; Cycle 5 - ADD,DC %r20,%r31,%r22 - LDD -64(%sp),%r19 - LDD -80(%sp),%r21 - - XMPYU %fr9L,%fr24R,%fr24 ; Cycle 6 - ADD %r21,%r3,%r3 - LDD -56(%sp),%r20 - STD %r1,UN_SIXTEEN(%r23) - - ADD,DC %r20,%r19,%r19 ; Cycle 7 - SHRPD %r3,%r0,32,%r21 - LDD -88(%sp),%r4 - LDD -48(%sp),%r1 - - ADD,DC %r0,%r0,%r20 ; Cycle 8 - SHRPD %r19,%r3,32,%r3 - FLDD EIGHT(%r24),%fr28 - LDD -104(%sp),%r31 - - SHRPD %r20,%r19,32,%r20 ; Cycle 9 - ADD %r21,%r1,%r1 - STD %r28,UN_EIGHT(%r23) - LDD -72(%sp),%r29 - - XMPYU %fr9L,%fr28R,%fr31 ; Cycle 10 - ADD,DC %r3,%r4,%r4 - FSTD %fr24,-96(%sp) - - XMPYU %fr9R,%fr28L,%fr30 ; Cycle 11 - ADD,DC %r0,%r20,%r20 - FSTD %fr25,-80(%sp) - LDD 0(%r23),%r3 - - LDO SIXTEEN(%r24),%r24 ; Cycle 12 - FSTD %fr31,-64(%sp) - - XMPYU %fr9R,%fr28R,%fr29 ; Cycle 13 - ADD %r22,%r1,%r1 - ADDIB,> -2,%r26,$LOOP ; actually happens in cycle 12 - FSTD %fr27,-48(%sp) - -$ENDLOOP - -; Shutdown code, first stage. - -; MFCTL %cr16,%r21 ; for timing -; STD %r21,UN_SIXTEEN(%r23) -; LDD -112(%sp),%r21 -; STD %r21,UN_EIGHT(%r23) - - XMPYU %fr9L,%fr28L,%fr28 ; Cycle 1 - ADD,DC %r29,%r4,%r4 - CMPIB,= 0,%r26,$ONEMORE - FSTD %fr30,-56(%sp) - - LDO SIXTEEN(%r23),%r23 ; Cycle 2 - ADD,DC %r0,%r20,%r20 - FSTD %fr26,-88(%sp) - - ADD %r3,%r1,%r1 ; Cycle 3 - FSTD %fr28,-104(%sp) - LDD UN_EIGHT(%r23),%r21 - - ADD,DC %r21,%r4,%r28 ; Cycle 4 - FSTD %fr29,-72(%sp) - STD %r28,UN_EIGHT(%r23) ; moved up from cycle 9 - LDD -96(%sp),%r3 - - ADD,DC %r20,%r31,%r22 ; Cycle 5 - STD %r1,UN_SIXTEEN(%r23) -$JOIN4 - LDD -64(%sp),%r19 - LDD -80(%sp),%r21 - - ADD %r21,%r3,%r3 ; Cycle 6 - LDD -56(%sp),%r20 - - ADD,DC %r20,%r19,%r19 ; Cycle 7 - SHRPD %r3,%r0,32,%r21 - LDD -88(%sp),%r4 - LDD -48(%sp),%r1 - - ADD,DC %r0,%r0,%r20 ; Cycle 8 - SHRPD %r19,%r3,32,%r3 - LDD -104(%sp),%r31 - - SHRPD %r20,%r19,32,%r20 ; Cycle 9 - ADD %r21,%r1,%r1 - LDD -72(%sp),%r29 - - ADD,DC %r3,%r4,%r4 ; Cycle 10 - - ADD,DC %r0,%r20,%r20 ; Cycle 11 - LDD 0(%r23),%r3 - - ADD %r22,%r1,%r1 ; Cycle 13 - -; Shutdown code, second stage. - - ADD,DC %r29,%r4,%r4 ; Cycle 1 - - LDO SIXTEEN(%r23),%r23 ; Cycle 2 - ADD,DC %r0,%r20,%r20 - - LDD UN_EIGHT(%r23),%r21 ; Cycle 3 - ADD %r3,%r1,%r1 - - ADD,DC %r21,%r4,%r28 ; Cycle 4 - - ADD,DC %r20,%r31,%r22 ; Cycle 5 - - STD %r1,UN_SIXTEEN(%r23); Cycle 6 - - STD %r28,UN_EIGHT(%r23) ; Cycle 9 - - LDD 0(%r23),%r3 ; Cycle 11 - -; Shutdown code, third stage. - - LDO SIXTEEN(%r23),%r23 - ADD %r3,%r22,%r1 -$JOIN1 ADD,DC %r0,%r0,%r21 - CMPIB,*= 0,%r21,$L0 ; if no overflow, exit - STD %r1,UN_SIXTEEN(%r23) - -; Final carry propagation - -$FINAL1 LDO EIGHT(%r23),%r23 - LDD UN_SIXTEEN(%r23),%r21 - ADDI 1,%r21,%r21 - CMPIB,*= 0,%r21,$FINAL1 ; Keep looping if there is a carry. - STD %r21,UN_SIXTEEN(%r23) - B $L0 - NOP - -; Here is the code that handles the difficult cases N=1, N=2, and N=3. -; We do the usual trick -- branch out of the startup code at appropriate -; points, and branch into the shutdown code. - -$N_IS_SMALL - CMPIB,= 0,%r26,$N_IS_ONE - FSTD %fr24,-96(%sp) ; Cycle 10 - FLDD EIGHT(%r24),%fr28 ; Cycle 8 - XMPYU %fr9L,%fr28R,%fr31 ; Cycle 10 - XMPYU %fr9R,%fr28L,%fr30 ; Cycle 11 - FSTD %fr25,-80(%sp) - FSTD %fr31,-64(%sp) ; Cycle 12 - XMPYU %fr9R,%fr28R,%fr29 ; Cycle 13 - FSTD %fr27,-48(%sp) - XMPYU %fr9L,%fr28L,%fr28 ; Cycle 1 - CMPIB,= 2,%r26,$N_IS_THREE - FSTD %fr30,-56(%sp) - -; N = 2 - FSTD %fr26,-88(%sp) ; Cycle 2 - FSTD %fr28,-104(%sp) ; Cycle 3 - LDD -96(%sp),%r3 ; Cycle 4 - FSTD %fr29,-72(%sp) - B $JOIN4 - ADD %r0,%r0,%r22 - -$N_IS_THREE - FLDD SIXTEEN(%r24),%fr24 - FSTD %fr26,-88(%sp) ; Cycle 2 - XMPYU %fr9R,%fr24R,%fr27 ; Cycle 3 - FSTD %fr28,-104(%sp) - XMPYU %fr9R,%fr24L,%fr25 ; Cycle 4 - LDD -96(%sp),%r3 - FSTD %fr29,-72(%sp) - XMPYU %fr9L,%fr24L,%fr26 ; Cycle 5 - LDD -64(%sp),%r19 - LDD -80(%sp),%r21 - B $JOIN3 - ADD %r0,%r0,%r22 - -$N_IS_ONE - FSTD %fr25,-80(%sp) - FSTD %fr27,-48(%sp) - FSTD %fr26,-88(%sp) ; Cycle 2 - B $JOIN5 - ADD %r0,%r0,%r22 - -; We came out of the unrolled loop with wrong parity. Do one more -; single cycle. This is quite tricky, because of the way the -; carry chains and SHRPD chains have been chopped up. - -$ONEMORE - - FLDD 0(%r24),%fr24 - - LDO SIXTEEN(%r23),%r23 ; Cycle 2 - ADD,DC %r0,%r20,%r20 - FSTD %fr26,-88(%sp) - - XMPYU %fr9R,%fr24R,%fr27 ; Cycle 3 - FSTD %fr28,-104(%sp) - LDD UN_EIGHT(%r23),%r21 - ADD %r3,%r1,%r1 - - XMPYU %fr9R,%fr24L,%fr25 ; Cycle 4 - ADD,DC %r21,%r4,%r28 - STD %r28,UN_EIGHT(%r23) ; moved from cycle 9 - LDD -96(%sp),%r3 - FSTD %fr29,-72(%sp) - - XMPYU %fr9L,%fr24L,%fr26 ; Cycle 5 - ADD,DC %r20,%r31,%r22 - LDD -64(%sp),%r19 - LDD -80(%sp),%r21 - - STD %r1,UN_SIXTEEN(%r23); Cycle 6 -$JOIN3 - XMPYU %fr9L,%fr24R,%fr24 - LDD -56(%sp),%r20 - ADD %r21,%r3,%r3 - - ADD,DC %r20,%r19,%r19 ; Cycle 7 - LDD -88(%sp),%r4 - SHRPD %r3,%r0,32,%r21 - LDD -48(%sp),%r1 - - LDD -104(%sp),%r31 ; Cycle 8 - ADD,DC %r0,%r0,%r20 - SHRPD %r19,%r3,32,%r3 - - LDD -72(%sp),%r29 ; Cycle 9 - SHRPD %r20,%r19,32,%r20 - ADD %r21,%r1,%r1 - - ADD,DC %r3,%r4,%r4 ; Cycle 10 - FSTD %fr24,-96(%sp) - - ADD,DC %r0,%r20,%r20 ; Cycle 11 - LDD 0(%r23),%r3 - FSTD %fr25,-80(%sp) - - ADD %r22,%r1,%r1 ; Cycle 13 - FSTD %fr27,-48(%sp) - -; Shutdown code, stage 1-1/2. - - ADD,DC %r29,%r4,%r4 ; Cycle 1 - - LDO SIXTEEN(%r23),%r23 ; Cycle 2 - ADD,DC %r0,%r20,%r20 - FSTD %fr26,-88(%sp) - - LDD UN_EIGHT(%r23),%r21 ; Cycle 3 - ADD %r3,%r1,%r1 - - ADD,DC %r21,%r4,%r28 ; Cycle 4 - STD %r28,UN_EIGHT(%r23) ; moved from cycle 9 - - ADD,DC %r20,%r31,%r22 ; Cycle 5 - STD %r1,UN_SIXTEEN(%r23) -$JOIN5 - LDD -96(%sp),%r3 ; moved from cycle 4 - LDD -80(%sp),%r21 - ADD %r21,%r3,%r3 ; Cycle 6 - ADD,DC %r0,%r0,%r19 ; Cycle 7 - LDD -88(%sp),%r4 - SHRPD %r3,%r0,32,%r21 - LDD -48(%sp),%r1 - SHRPD %r19,%r3,32,%r3 ; Cycle 8 - ADD %r21,%r1,%r1 ; Cycle 9 - ADD,DC %r3,%r4,%r4 ; Cycle 10 - LDD 0(%r23),%r3 ; Cycle 11 - ADD %r22,%r1,%r1 ; Cycle 13 - -; Shutdown code, stage 2-1/2. - - ADD,DC %r0,%r4,%r4 ; Cycle 1 - LDO SIXTEEN(%r23),%r23 ; Cycle 2 - LDD UN_EIGHT(%r23),%r21 ; Cycle 3 - ADD %r3,%r1,%r1 - STD %r1,UN_SIXTEEN(%r23) - ADD,DC %r21,%r4,%r1 - B $JOIN1 - LDO EIGHT(%r23),%r23 - -; exit - -$L0 - .LEAVE - -; We have verified that the above command generates what we want: -; LDW -124(%sp),%r4 -; BVE (%r2) -; LDW,MB -128(%sp),%r3 - - .PROCEND - -; *************************************************************** -; -; add_diag_[little/big] -; -; *************************************************************** - -; The arguments are as follows: -; r2 return PC, of course -; r26 = arg1 = length -; r25 = arg2 = vector to square -; r24 = arg3 = result vector - -#ifdef LITTLE_WORDIAN -add_diag_little -#else -add_diag_big -#endif - .PROC - .CALLINFO FRAME=120,ENTRY_GR=%r4 - .ENTER - - ADDIB,< -1,%r26,$Z0 ; If N=0, exit immediately. - NOP - -; Startup code - - FLDD 0(%r25),%fr7 ; Cycle 2 (alternate body) - XMPYU %fr7R,%fr7R,%fr29 ; Cycle 4 - XMPYU %fr7L,%fr7R,%fr27 ; Cycle 5 - XMPYU %fr7L,%fr7L,%fr30 - LDO SIXTEEN(%r25),%r25 ; Cycle 6 - FSTD %fr29,-88(%sp) - FSTD %fr27,-72(%sp) ; Cycle 7 - CMPIB,= 0,%r26,$DIAG_N_IS_ONE ; Cycle 1 (main body) - FSTD %fr30,-96(%sp) - FLDD UN_EIGHT(%r25),%fr7 ; Cycle 2 - LDD -88(%sp),%r22 ; Cycle 3 - LDD -72(%sp),%r31 ; Cycle 4 - XMPYU %fr7R,%fr7R,%fr28 - XMPYU %fr7L,%fr7R,%fr24 ; Cycle 5 - XMPYU %fr7L,%fr7L,%fr31 - LDD -96(%sp),%r20 ; Cycle 6 - FSTD %fr28,-80(%sp) - ADD %r0,%r0,%r0 ; clear the carry bit - ADDIB,<= -2,%r26,$ENDDIAGLOOP ; Cycle 7 - FSTD %fr24,-64(%sp) - -; Here is the loop. It is unrolled twice, modelled after the "alternate body" and then the "main body". - -$DIAGLOOP - SHRPD %r31,%r0,31,%r3 ; Cycle 1 (alternate body) - LDO SIXTEEN(%r25),%r25 - LDD 0(%r24),%r1 - FSTD %fr31,-104(%sp) - SHRPD %r0,%r31,31,%r4 ; Cycle 2 - ADD,DC %r22,%r3,%r3 - FLDD UN_SIXTEEN(%r25),%fr7 - ADD,DC %r0,%r20,%r20 ; Cycle 3 - ADD %r1,%r3,%r3 - XMPYU %fr7R,%fr7R,%fr29 ; Cycle 4 - LDD -80(%sp),%r21 - STD %r3,0(%r24) - XMPYU %fr7L,%fr7R,%fr27 ; Cycle 5 - XMPYU %fr7L,%fr7L,%fr30 - LDD -64(%sp),%r29 - LDD EIGHT(%r24),%r1 - ADD,DC %r4,%r20,%r20 ; Cycle 6 - LDD -104(%sp),%r19 - FSTD %fr29,-88(%sp) - ADD %r20,%r1,%r1 ; Cycle 7 - FSTD %fr27,-72(%sp) - SHRPD %r29,%r0,31,%r4 ; Cycle 1 (main body) - LDO THIRTY_TWO(%r24),%r24 - LDD UN_SIXTEEN(%r24),%r28 - FSTD %fr30,-96(%sp) - SHRPD %r0,%r29,31,%r3 ; Cycle 2 - ADD,DC %r21,%r4,%r4 - FLDD UN_EIGHT(%r25),%fr7 - STD %r1,UN_TWENTY_FOUR(%r24) - ADD,DC %r0,%r19,%r19 ; Cycle 3 - ADD %r28,%r4,%r4 - XMPYU %fr7R,%fr7R,%fr28 ; Cycle 4 - LDD -88(%sp),%r22 - STD %r4,UN_SIXTEEN(%r24) - XMPYU %fr7L,%fr7R,%fr24 ; Cycle 5 - XMPYU %fr7L,%fr7L,%fr31 - LDD -72(%sp),%r31 - LDD UN_EIGHT(%r24),%r28 - ADD,DC %r3,%r19,%r19 ; Cycle 6 - LDD -96(%sp),%r20 - FSTD %fr28,-80(%sp) - ADD %r19,%r28,%r28 ; Cycle 7 - FSTD %fr24,-64(%sp) - ADDIB,> -2,%r26,$DIAGLOOP ; Cycle 8 - STD %r28,UN_EIGHT(%r24) - -$ENDDIAGLOOP - - ADD,DC %r0,%r22,%r22 - CMPIB,= 0,%r26,$ONEMOREDIAG - SHRPD %r31,%r0,31,%r3 - -; Shutdown code, first stage. - - FSTD %fr31,-104(%sp) ; Cycle 1 (alternate body) - LDD 0(%r24),%r28 - SHRPD %r0,%r31,31,%r4 ; Cycle 2 - ADD %r3,%r22,%r3 - ADD,DC %r0,%r20,%r20 ; Cycle 3 - LDD -80(%sp),%r21 - ADD %r3,%r28,%r3 - LDD -64(%sp),%r29 ; Cycle 4 - STD %r3,0(%r24) - LDD EIGHT(%r24),%r1 ; Cycle 5 - LDO SIXTEEN(%r25),%r25 ; Cycle 6 - LDD -104(%sp),%r19 - ADD,DC %r4,%r20,%r20 - ADD %r20,%r1,%r1 ; Cycle 7 - ADD,DC %r0,%r21,%r21 ; Cycle 8 - STD %r1,EIGHT(%r24) - -; Shutdown code, second stage. - - SHRPD %r29,%r0,31,%r4 ; Cycle 1 (main body) - LDO THIRTY_TWO(%r24),%r24 - LDD UN_SIXTEEN(%r24),%r1 - SHRPD %r0,%r29,31,%r3 ; Cycle 2 - ADD %r4,%r21,%r4 - ADD,DC %r0,%r19,%r19 ; Cycle 3 - ADD %r4,%r1,%r4 - STD %r4,UN_SIXTEEN(%r24); Cycle 4 - LDD UN_EIGHT(%r24),%r28 ; Cycle 5 - ADD,DC %r3,%r19,%r19 ; Cycle 6 - ADD %r19,%r28,%r28 ; Cycle 7 - ADD,DC %r0,%r0,%r22 ; Cycle 8 - CMPIB,*= 0,%r22,$Z0 ; if no overflow, exit - STD %r28,UN_EIGHT(%r24) - -; Final carry propagation - -$FDIAG2 - LDO EIGHT(%r24),%r24 - LDD UN_EIGHT(%r24),%r26 - ADDI 1,%r26,%r26 - CMPIB,*= 0,%r26,$FDIAG2 ; Keep looping if there is a carry. - STD %r26,UN_EIGHT(%r24) - - B $Z0 - NOP - -; Here is the code that handles the difficult case N=1. -; We do the usual trick -- branch out of the startup code at appropriate -; points, and branch into the shutdown code. - -$DIAG_N_IS_ONE - - LDD -88(%sp),%r22 - LDD -72(%sp),%r31 - B $JOINDIAG - LDD -96(%sp),%r20 - -; We came out of the unrolled loop with wrong parity. Do one more -; single cycle. This is the "alternate body". It will, of course, -; give us opposite registers from the other case, so we need -; completely different shutdown code. - -$ONEMOREDIAG - FSTD %fr31,-104(%sp) ; Cycle 1 (alternate body) - LDD 0(%r24),%r28 - FLDD 0(%r25),%fr7 ; Cycle 2 - SHRPD %r0,%r31,31,%r4 - ADD %r3,%r22,%r3 - ADD,DC %r0,%r20,%r20 ; Cycle 3 - LDD -80(%sp),%r21 - ADD %r3,%r28,%r3 - LDD -64(%sp),%r29 ; Cycle 4 - STD %r3,0(%r24) - XMPYU %fr7R,%fr7R,%fr29 - LDD EIGHT(%r24),%r1 ; Cycle 5 - XMPYU %fr7L,%fr7R,%fr27 - XMPYU %fr7L,%fr7L,%fr30 - LDD -104(%sp),%r19 ; Cycle 6 - FSTD %fr29,-88(%sp) - ADD,DC %r4,%r20,%r20 - FSTD %fr27,-72(%sp) ; Cycle 7 - ADD %r20,%r1,%r1 - ADD,DC %r0,%r21,%r21 ; Cycle 8 - STD %r1,EIGHT(%r24) - -; Shutdown code, first stage. - - SHRPD %r29,%r0,31,%r4 ; Cycle 1 (main body) - LDO THIRTY_TWO(%r24),%r24 - FSTD %fr30,-96(%sp) - LDD UN_SIXTEEN(%r24),%r1 - SHRPD %r0,%r29,31,%r3 ; Cycle 2 - ADD %r4,%r21,%r4 - ADD,DC %r0,%r19,%r19 ; Cycle 3 - LDD -88(%sp),%r22 - ADD %r4,%r1,%r4 - LDD -72(%sp),%r31 ; Cycle 4 - STD %r4,UN_SIXTEEN(%r24) - LDD UN_EIGHT(%r24),%r28 ; Cycle 5 - LDD -96(%sp),%r20 ; Cycle 6 - ADD,DC %r3,%r19,%r19 - ADD %r19,%r28,%r28 ; Cycle 7 - ADD,DC %r0,%r22,%r22 ; Cycle 8 - STD %r28,UN_EIGHT(%r24) - -; Shutdown code, second stage. - -$JOINDIAG - SHRPD %r31,%r0,31,%r3 ; Cycle 1 (alternate body) - LDD 0(%r24),%r28 - SHRPD %r0,%r31,31,%r4 ; Cycle 2 - ADD %r3,%r22,%r3 - ADD,DC %r0,%r20,%r20 ; Cycle 3 - ADD %r3,%r28,%r3 - STD %r3,0(%r24) ; Cycle 4 - LDD EIGHT(%r24),%r1 ; Cycle 5 - ADD,DC %r4,%r20,%r20 - ADD %r20,%r1,%r1 ; Cycle 7 - ADD,DC %r0,%r0,%r21 ; Cycle 8 - CMPIB,*= 0,%r21,$Z0 ; if no overflow, exit - STD %r1,EIGHT(%r24) - -; Final carry propagation - -$FDIAG1 - LDO EIGHT(%r24),%r24 - LDD EIGHT(%r24),%r26 - ADDI 1,%r26,%r26 - CMPIB,*= 0,%r26,$FDIAG1 ; Keep looping if there is a carry. - STD %r26,EIGHT(%r24) - -$Z0 - .LEAVE - .PROCEND -; .ALLOW - - .SPACE $TEXT$ - .SUBSPA $CODE$ -#ifdef LITTLE_WORDIAN - .EXPORT maxpy_little,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,LONG_RETURN - .EXPORT add_diag_little,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,LONG_RETURN -#else - .EXPORT maxpy_big,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,LONG_RETURN - .EXPORT add_diag_big,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,LONG_RETURN -#endif - .END - - -; How to use "maxpy_PA20_little" and "maxpy_PA20_big" -; -; The routine "maxpy_PA20_little" or "maxpy_PA20_big" -; performs a 64-bit x any-size multiply, and adds the -; result to an area of memory. That is, it performs -; something like -; -; A B C D -; * Z -; __________ -; P Q R S T -; -; and then adds the "PQRST" vector into an area of memory, -; handling all carries. -; -; Digression on nomenclature and endian-ness: -; -; Each of the capital letters in the above represents a 64-bit -; quantity. That is, you could think of the discussion as -; being in terms of radix-16-quintillion arithmetic. The data -; type being manipulated is "unsigned long long int". This -; requires the 64-bit extension of the HP-UX C compiler, -; available at release 10. You need these compiler flags to -; enable these extensions: -; -; -Aa +e +DA2.0 +DS2.0 -; -; (The first specifies ANSI C, the second enables the -; extensions, which are beyond ANSI C, and the third and -; fourth tell the compiler to use whatever features of the -; PA2.0 architecture it wishes, in order to made the code more -; efficient. Since the presence of the assembly code will -; make the program unable to run on anything less than PA2.0, -; you might as well gain the performance enhancements in the C -; code as well.) -; -; Questions of "endian-ness" often come up, usually in the -; context of byte ordering in a word. These routines have a -; similar issue, that could be called "wordian-ness". -; Independent of byte ordering (PA is always big-endian), one -; can make two choices when representing extremely large -; numbers as arrays of 64-bit doublewords in memory. -; -; "Little-wordian" layout means that the least significant -; word of a number is stored at the lowest address. -; -; MSW LSW -; | | -; V V -; -; A B C D E -; -; ^ ^ ^ -; | | |____ address 0 -; | | -; | |_______address 8 -; | -; address 32 -; -; "Big-wordian" means that the most significant word is at the -; lowest address. -; -; MSW LSW -; | | -; V V -; -; A B C D E -; -; ^ ^ ^ -; | | |____ address 32 -; | | -; | |_______address 24 -; | -; address 0 -; -; When you compile the file, you must specify one or the other, with -; a switch "-DLITTLE_WORDIAN" or "-DBIG_WORDIAN". -; -; Incidentally, you assemble this file as part of your -; project with the same C compiler as the rest of the program. -; My "makefile" for a superprecision arithmetic package has -; the following stuff: -; -; # definitions: -; CC = cc -Aa +e -z +DA2.0 +DS2.0 +w1 -; CFLAGS = +O3 -; LDFLAGS = -L /usr/lib -Wl,-aarchive -; -; # general build rule for ".s" files: -; .s.o: -; $(CC) $(CFLAGS) -c $< -DBIG_WORDIAN -; -; # Now any bind step that calls for pa20.o will assemble pa20.s -; -; End of digression, back to arithmetic: -; -; The way we multiply two huge numbers is, of course, to multiply -; the "ABCD" vector by each of the "WXYZ" doublewords, adding -; the result vectors with increasing offsets, the way we learned -; in school, back before we all used calculators: -; -; A B C D -; * W X Y Z -; __________ -; P Q R S T -; E F G H I -; M N O P Q -; + R S T U V -; _______________ -; F I N A L S U M -; -; So we call maxpy_PA20_big (in my case; my package is -; big-wordian) repeatedly, giving the W, X, Y, and Z arguments -; in turn as the "scalar", and giving the "ABCD" vector each -; time. We direct it to add its result into an area of memory -; that we have cleared at the start. We skew the exact -; location into that area with each call. -; -; The prototype for the function is -; -; extern void maxpy_PA20_big( -; int length, /* Number of doublewords in the multiplicand vector. */ -; const long long int *scalaraddr, /* Address to fetch the scalar. */ -; const long long int *multiplicand, /* The multiplicand vector. */ -; long long int *result); /* Where to accumulate the result. */ -; -; (You should place a copy of this prototype in an include file -; or in your C file.) -; -; Now, IN ALL CASES, the given address for the multiplicand or -; the result is that of the LEAST SIGNIFICANT DOUBLEWORD. -; That word is, of course, the word at which the routine -; starts processing. "maxpy_PA20_little" then increases the -; addresses as it computes. "maxpy_PA20_big" decreases them. -; -; In our example above, "length" would be 4 in each case. -; "multiplicand" would be the "ABCD" vector. Specifically, -; the address of the element "D". "scalaraddr" would be the -; address of "W", "X", "Y", or "Z" on the four calls that we -; would make. (The order doesn't matter, of course.) -; "result" would be the appropriate address in the result -; area. When multiplying by "Z", that would be the least -; significant word. When multiplying by "Y", it would be the -; next higher word (8 bytes higher if little-wordian; 8 bytes -; lower if big-wordian), and so on. The size of the result -; area must be the the sum of the sizes of the multiplicand -; and multiplier vectors, and must be initialized to zero -; before we start. -; -; Whenever the routine adds its partial product into the result -; vector, it follows carry chains as far as they need to go. -; -; Here is the super-precision multiply routine that I use for -; my package. The package is big-wordian. I have taken out -; handling of exponents (it's a floating point package): -; -; static void mul_PA20( -; int size, -; const long long int *arg1, -; const long long int *arg2, -; long long int *result) -; { -; int i; -; -; for (i=0 ; i<2*size ; i++) result[i] = 0ULL; -; -; for (i=0 ; i -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved -## -## Contributor(s): -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the -## GPL. -# -# $Id$ - -$ARRAYNAME = $ENV{'ARRAYNAME'} || "s_logv_2"; -$ARRAYTYPE = $ENV{'ARRAYTYPE'} || "float"; - -printf("const %s %s[] = {\n %0.9ff, %0.9ff, ", - $ARRAYTYPE, $ARRAYNAME, 0, 0); -$brk = 2; -for($ix = 2; $ix < 64; $ix++) { - printf("%0.9ff, ", (log(2)/log($ix))); - $brk = ($brk + 1) & 3; - if(!$brk) { - printf(" /* %2d %2d %2d %2d */\n ", - $ix - 3, $ix - 2, $ix - 1, $ix); - } -} -printf("%0.9ff\n};\n\n", (log(2)/log($ix))); - -exit 0; diff --git a/security/nss/lib/freebl/mpi/make-test-arrays b/security/nss/lib/freebl/mpi/make-test-arrays deleted file mode 100755 index a55bf3a1e..000000000 --- a/security/nss/lib/freebl/mpi/make-test-arrays +++ /dev/null @@ -1,129 +0,0 @@ -#!/usr/linguist/bin/perl - -# -# make-test-arrays -# -# Given a test-arrays file, which specifies the test suite names, the -# names of the functions which perform those test suites, and -# descriptive comments, this script generates C structures for the -# mpi-test program. The input consists of lines of the form: -# -# suite-name:function-name:comment -# -# The output is written to the standard output. Blank lines are -# ignored, and comments beginning with '#' are stripped. -# -## The contents of this file are subject to the Mozilla Public -## License Version 1.1 (the "License"); you may not use this file -## except in compliance with the License. You may obtain a copy of -## the License at http://www.mozilla.org/MPL/ -## -## Software distributed under the License is distributed on an "AS -## IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -## implied. See the License for the specific language governing -## rights and limitations under the License. -## -## The Original Code is the MPI Arbitrary Precision Integer Arithmetic -## library. -## -## The Initial Developer of the Original Code is -## Michael J. Fromberger -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved -## -## Contributor(s): -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the GPL. -## -# $Id$ -# - -# Read parameters from the environment, if available -$NAMEVAR = $ENV{'NAMEVAR'} || "g_names"; -$COUNTVAR = $ENV{'COUNTVAR'} || "g_count"; -$FUNCVAR = $ENV{'FUNCVAR'} || "g_tests"; -$DESCVAR = $ENV{'DESCVAR'} || "g_descs"; -$FUNCLEN = 13; -$NAMELEN = 18; -$DESCLEN = 45; - -#------------------------------------------------------------------------ -# Suck in input from the files on the command line, or standard input -while(<>) { - chomp; - s/\#.*$//; - next if /^\s*$/; - - ($suite, $func, $desc) = split(/:/, $_); - - $tmp = { "suite" => $suite, - "func" => $func, - "desc" => $desc }; - - push(@item, $tmp); -} -$count = scalar(@item); -$last = pop(@item); - -#------------------------------------------------------------------------ -# Output the table of names -print "/* Table mapping test suite names to index numbers */\n"; -printf("const int %s = %d;\n", $COUNTVAR, $count); -printf("const char *%s[] = {\n", $NAMEVAR); - -foreach $elt (@item) { - printf(" \"%s\",%s/* %s%s */\n", $elt->{"suite"}, - " " x ($NAMELEN - length($elt->{"suite"})), - $elt->{"desc"}, - " " x ($DESCLEN - length($elt->{"desc"}))); -} -printf(" \"%s\" %s/* %s%s */\n", $last->{"suite"}, - " " x ($NAMELEN - length($last->{"suite"})), - $last->{"desc"}, - " " x ($DESCLEN - length($last->{"desc"}))); -print "};\n\n"; - -#------------------------------------------------------------------------ -# Output the driver function prototypes -print "/* Test function prototypes */\n"; -foreach $elt (@item, $last) { - printf("int %s(void);\n", $elt->{"func"}); -} -print "\n"; - -#------------------------------------------------------------------------ -# Output the table of functions -print "/* Table mapping index numbers to functions */\n"; -printf("int (*%s[])(void) = {\n ", $FUNCVAR); -$brk = 0; - -foreach $elt (@item) { - print($elt->{"func"}, ", ", - " " x ($FUNCLEN - length($elt->{"func"}))); - $brk = ($brk + 1) & 3; - print "\n " unless($brk); -} -print $last->{"func"}, "\n};\n\n"; - -#------------------------------------------------------------------------ -# Output the table of descriptions -print "/* Table mapping index numbers to descriptions */\n"; -printf("const char *%s[] = {\n", $DESCVAR); - -foreach $elt (@item) { - printf(" \"%s\",\n", $elt->{"desc"}); -} -printf(" \"%s\"\n};\n\n", $last->{"desc"}); - -exit 0; - diff --git a/security/nss/lib/freebl/mpi/mdxptest.c b/security/nss/lib/freebl/mpi/mdxptest.c deleted file mode 100644 index 61d02e9a9..000000000 --- a/security/nss/lib/freebl/mpi/mdxptest.c +++ /dev/null @@ -1,339 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include -#include -#include -#include -#include -#include "mpi.h" -#include "mpi-priv.h" - -/* #define OLD_WAY 1 */ - -/* This key is the 1024-bit test key used for speed testing of RSA private -** key ops. -*/ - -#define CONST const - -static CONST unsigned char default_n[128] = { -0xc2,0xae,0x96,0x89,0xaf,0xce,0xd0,0x7b,0x3b,0x35,0xfd,0x0f,0xb1,0xf4,0x7a,0xd1, -0x3c,0x7d,0xb5,0x86,0xf2,0x68,0x36,0xc9,0x97,0xe6,0x82,0x94,0x86,0xaa,0x05,0x39, -0xec,0x11,0x51,0xcc,0x5c,0xa1,0x59,0xba,0x29,0x18,0xf3,0x28,0xf1,0x9d,0xe3,0xae, -0x96,0x5d,0x6d,0x87,0x73,0xf6,0xf6,0x1f,0xd0,0x2d,0xfb,0x2f,0x7a,0x13,0x7f,0xc8, -0x0c,0x7a,0xe9,0x85,0xfb,0xce,0x74,0x86,0xf8,0xef,0x2f,0x85,0x37,0x73,0x0f,0x62, -0x4e,0x93,0x17,0xb7,0x7e,0x84,0x9a,0x94,0x11,0x05,0xca,0x0d,0x31,0x4b,0x2a,0xc8, -0xdf,0xfe,0xe9,0x0c,0x13,0xc7,0xf2,0xad,0x19,0x64,0x28,0x3c,0xb5,0x6a,0xc8,0x4b, -0x79,0xea,0x7c,0xce,0x75,0x92,0x45,0x3e,0xa3,0x9d,0x64,0x6f,0x04,0x69,0x19,0x17 -}; - -static CONST unsigned char default_d[128] = { -0x13,0xcb,0xbc,0xf2,0xf3,0x35,0x8c,0x6d,0x7b,0x6f,0xd9,0xf3,0xa6,0x9c,0xbd,0x80, -0x59,0x2e,0x4f,0x2f,0x11,0xa7,0x17,0x2b,0x18,0x8f,0x0f,0xe8,0x1a,0x69,0x5f,0x6e, -0xac,0x5a,0x76,0x7e,0xd9,0x4c,0x6e,0xdb,0x47,0x22,0x8a,0x57,0x37,0x7a,0x5e,0x94, -0x7a,0x25,0xb5,0xe5,0x78,0x1d,0x3c,0x99,0xaf,0x89,0x7d,0x69,0x2e,0x78,0x9d,0x1d, -0x84,0xc8,0xc1,0xd7,0x1a,0xb2,0x6d,0x2d,0x8a,0xd9,0xab,0x6b,0xce,0xae,0xb0,0xa0, -0x58,0x55,0xad,0x5c,0x40,0x8a,0xd6,0x96,0x08,0x8a,0xe8,0x63,0xe6,0x3d,0x6c,0x20, -0x49,0xc7,0xaf,0x0f,0x25,0x73,0xd3,0x69,0x43,0x3b,0xf2,0x32,0xf8,0x3d,0x5e,0xee, -0x7a,0xca,0xd6,0x94,0x55,0xe5,0xbd,0x25,0x34,0x8d,0x63,0x40,0xb5,0x8a,0xc3,0x01 -}; - - -#define DEFAULT_ITERS 50 - -typedef clock_t timetype; -#define gettime(x) *(x) = clock() -#define subtime(a, b) a -= b -#define msec(x) ((clock_t)((double)x * 1000.0 / CLOCKS_PER_SEC)) -#define sec(x) (x / CLOCKS_PER_SEC) - -struct TimingContextStr { - timetype start; - timetype end; - timetype interval; - - int minutes; - int seconds; - int millisecs; -}; - -typedef struct TimingContextStr TimingContext; - -TimingContext *CreateTimingContext(void) -{ - return (TimingContext *)malloc(sizeof(TimingContext)); -} - -void DestroyTimingContext(TimingContext *ctx) -{ - free(ctx); -} - -void TimingBegin(TimingContext *ctx) -{ - gettime(&ctx->start); -} - -static void timingUpdate(TimingContext *ctx) -{ - - ctx->millisecs = msec(ctx->interval) % 1000; - ctx->seconds = sec(ctx->interval); - ctx->minutes = ctx->seconds / 60; - ctx->seconds %= 60; - -} - -void TimingEnd(TimingContext *ctx) -{ - gettime(&ctx->end); - ctx->interval = ctx->end; - subtime(ctx->interval, ctx->start); - timingUpdate(ctx); -} - -char *TimingGenerateString(TimingContext *ctx) -{ - static char sBuf[4096]; - - sprintf(sBuf, "%d minutes, %d.%03d seconds", ctx->minutes, - ctx->seconds, ctx->millisecs); - return sBuf; -} - -static void -dumpBytes( unsigned char * b, int l) -{ - int i; - if (l <= 0) - return; - for (i = 0; i < l; ++i) { - if (i % 16 == 0) - printf("\t"); - printf(" %02x", b[i]); - if (i % 16 == 15) - printf("\n"); - } - if ((i % 16) != 0) - printf("\n"); - printf("\n"); -} - -static mp_err -testNewFuncs(const unsigned char * modulusBytes, int modulus_len) -{ - mp_err mperr = MP_OKAY; - mp_int modulus; - unsigned char buf[512]; - - mperr = mp_init(&modulus); - mperr = mp_read_unsigned_octets(&modulus, modulusBytes, modulus_len ); - mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len); - mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len+1); - mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len+4); - mperr = mp_to_unsigned_octets(&modulus, buf, modulus_len); - mperr = mp_to_signed_octets(&modulus, buf, modulus_len + 1); - mp_clear(&modulus); - return mperr; -} - -int -testModExp( const unsigned char * modulusBytes, - const unsigned int expo, - const unsigned char * input, - unsigned char * output, - int modulus_len) -{ - mp_err mperr = MP_OKAY; - mp_int modulus; - mp_int base; - mp_int exponent; - mp_int result; - - mperr = mp_init(&modulus); - mperr += mp_init(&base); - mperr += mp_init(&exponent); - mperr += mp_init(&result); - /* we initialize all mp_ints unconditionally, even if some fail. - ** This guarantees that the DIGITS pointer is valid (even if null). - ** So, mp_clear will do the right thing below. - */ - if (mperr == MP_OKAY) { - mperr = mp_read_unsigned_octets(&modulus, - modulusBytes + (sizeof default_n - modulus_len), modulus_len ); - mperr += mp_read_unsigned_octets(&base, input, modulus_len ); - mp_set(&exponent, expo); - if (mperr == MP_OKAY) { -#if OLD_WAY - mperr = s_mp_exptmod(&base, &exponent, &modulus, &result); -#else - mperr = mp_exptmod(&base, &exponent, &modulus, &result); -#endif - if (mperr == MP_OKAY) { - mperr = mp_to_fixlen_octets(&result, output, modulus_len); - } - } - } - mp_clear(&base); - mp_clear(&result); - - mp_clear(&modulus); - mp_clear(&exponent); - - return (int)mperr; -} - -int -doModExp( const unsigned char * modulusBytes, - const unsigned char * exponentBytes, - const unsigned char * input, - unsigned char * output, - int modulus_len) -{ - mp_err mperr = MP_OKAY; - mp_int modulus; - mp_int base; - mp_int exponent; - mp_int result; - - mperr = mp_init(&modulus); - mperr += mp_init(&base); - mperr += mp_init(&exponent); - mperr += mp_init(&result); - /* we initialize all mp_ints unconditionally, even if some fail. - ** This guarantees that the DIGITS pointer is valid (even if null). - ** So, mp_clear will do the right thing below. - */ - if (mperr == MP_OKAY) { - mperr = mp_read_unsigned_octets(&modulus, - modulusBytes + (sizeof default_n - modulus_len), modulus_len ); - mperr += mp_read_unsigned_octets(&exponent, exponentBytes, modulus_len ); - mperr += mp_read_unsigned_octets(&base, input, modulus_len ); - if (mperr == MP_OKAY) { -#if OLD_WAY - mperr = s_mp_exptmod(&base, &exponent, &modulus, &result); -#else - mperr = mp_exptmod(&base, &exponent, &modulus, &result); -#endif - if (mperr == MP_OKAY) { - mperr = mp_to_fixlen_octets(&result, output, modulus_len); - } - } - } - mp_clear(&base); - mp_clear(&result); - - mp_clear(&modulus); - mp_clear(&exponent); - - return (int)mperr; -} - -int -main(int argc, char **argv) -{ - TimingContext * timeCtx; - char * progName; - long iters = DEFAULT_ITERS; - unsigned int modulus_len; - int i; - int rv; - unsigned char buf [1024]; - unsigned char buf2[1024]; - - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - if (argc >= 2) { - iters = atol(argv[1]); - } - - if (argc >= 3) { - modulus_len = atol(argv[2]); - } else - modulus_len = sizeof default_n; - - /* no library init function !? */ - - memset(buf, 0x41, sizeof buf); - - if (iters < 2) { - testNewFuncs( default_n, modulus_len); - testNewFuncs( default_n+1, modulus_len - 1); - testNewFuncs( default_n+2, modulus_len - 2); - testNewFuncs( default_n+3, modulus_len - 3); - - printf("%lu allocations, %lu frees, %lu copies\n", mp_allocs, mp_frees, mp_copies); - rv = testModExp(default_n, 0, buf, buf2, modulus_len); - dumpBytes((unsigned char *)buf2, modulus_len); - - printf("%lu allocations, %lu frees, %lu copies\n", mp_allocs, mp_frees, mp_copies); - rv = testModExp(default_n, 1, buf, buf2, modulus_len); - dumpBytes((unsigned char *)buf2, modulus_len); - - printf("%lu allocations, %lu frees, %lu copies\n", mp_allocs, mp_frees, mp_copies); - rv = testModExp(default_n, 2, buf, buf2, modulus_len); - dumpBytes((unsigned char *)buf2, modulus_len); - - printf("%lu allocations, %lu frees, %lu copies\n", mp_allocs, mp_frees, mp_copies); - rv = testModExp(default_n, 3, buf, buf2, modulus_len); - dumpBytes((unsigned char *)buf2, modulus_len); - } - printf("%lu allocations, %lu frees, %lu copies\n", mp_allocs, mp_frees, mp_copies); - rv = doModExp(default_n, default_d, buf, buf2, modulus_len); - if (rv != 0) { - fprintf(stderr, "Error in modexp operation:\n"); - exit(1); - } - dumpBytes((unsigned char *)buf2, modulus_len); - printf("%lu allocations, %lu frees, %lu copies\n", mp_allocs, mp_frees, mp_copies); - - timeCtx = CreateTimingContext(); - TimingBegin(timeCtx); - i = iters; - while (i--) { - rv = doModExp(default_n, default_d, buf, buf2, modulus_len); - if (rv != 0) { - fprintf(stderr, "Error in modexp operation\n"); - exit(1); - } - } - TimingEnd(timeCtx); - printf("%ld iterations in %s\n", iters, TimingGenerateString(timeCtx)); - printf("%lu allocations, %lu frees, %lu copies\n", mp_allocs, mp_frees, mp_copies); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/montmulf.c b/security/nss/lib/freebl/mpi/montmulf.c deleted file mode 100644 index 2cf0825f8..000000000 --- a/security/nss/lib/freebl/mpi/montmulf.c +++ /dev/null @@ -1,326 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is SPARC optimized Montgomery multiply functions. - * - * The Initial Developer of the Original Code is Sun Microsystems Inc. - * Portions created by Sun Microsystems Inc. are - * Copyright (C) 1999-2000 Sun Microsystems Inc. All Rights Reserved. - * - * Contributor(s): - * Netscape Communications Corporation - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#ifdef SOLARIS -#define RF_INLINE_MACROS 1 -#endif - -static const double TwoTo16=65536.0; -static const double TwoToMinus16=1.0/65536.0; -static const double Zero=0.0; -static const double TwoTo32=65536.0*65536.0; -static const double TwoToMinus32=1.0/(65536.0*65536.0); - -#ifdef RF_INLINE_MACROS - -double upper32(double); -double lower32(double, double); -double mod(double, double, double); - -void i16_to_d16_and_d32x4(const double * /*1/(2^16)*/, - const double * /* 2^16*/, - const double * /* 0 */, - double * /*result16*/, - double * /* result32 */, - float * /*source - should be unsigned int* - converted to float* */); - -#else -#ifdef MP_USE_FLOOR -#include -#else -#define floor(d) ((double)((unsigned long long)(d))) -#endif - -static double upper32(double x) -{ - return floor(x*TwoToMinus32); -} - -static double lower32(double x, double y) -{ - return x-TwoTo32*floor(x*TwoToMinus32); -} - -static double mod(double x, double oneoverm, double m) -{ - return x-m*floor(x*oneoverm); -} - -#endif - - -static void cleanup(double *dt, int from, int tlen) -{ - int i; - double tmp,tmp1,x,x1; - - tmp=tmp1=Zero; - /* original code ** - for(i=2*from;i<2*tlen-2;i++) - { - x=dt[i]; - dt[i]=lower32(x,Zero)+tmp1; - tmp1=tmp; - tmp=upper32(x); - } - dt[tlen-2]+=tmp1; - dt[tlen-1]+=tmp; - **end original code ***/ - /* new code ***/ - for(i=2*from;i<2*tlen;i+=2) - { - x=dt[i]; - x1=dt[i+1]; - dt[i]=lower32(x,Zero)+tmp; - dt[i+1]=lower32(x1,Zero)+tmp1; - tmp=upper32(x); - tmp1=upper32(x1); - } - /** end new code **/ -} - - -void conv_d16_to_i32(unsigned int *i32, double *d16, long long *tmp, int ilen) -{ -int i; -long long t, t1, a, b, c, d; - - t1=0; - a=(long long)d16[0]; - b=(long long)d16[1]; - for(i=0; i>32); - d=(long long)d16[2*i+3]; - t1+=(b&0xffff)<<16; - t+=(b>>16)+(t1>>32); - i32[i]=(unsigned int)t1; - t1=t; - a=c; - b=d; - } - t1+=(unsigned int)a; - t=(a>>32); - t1+=(b&0xffff)<<16; - i32[i]=(unsigned int)t1; -} - -void conv_i32_to_d32(double *d32, unsigned int *i32, int len) -{ -int i; - -#pragma pipeloop(0) - for(i=0;i>16); - } -} - - -void conv_i32_to_d32_and_d16(double *d32, double *d16, - unsigned int *i32, int len) -{ -int i = 0; -unsigned int a; - -#pragma pipeloop(0) -#ifdef RF_INLINE_MACROS - for(;i>16); - } -} - - -void adjust_montf_result(unsigned int *i32, unsigned int *nint, int len) -{ -long long acc; -int i; - - if(i32[len]>0) i=-1; - else - { - for(i=len-1; i>=0; i--) - { - if(i32[i]!=nint[i]) break; - } - } - if((i<0)||(i32[i]>nint[i])) - { - acc=0; - for(i=0;i>32; - } - } -} - - - - -/* -** the lengths of the input arrays should be at least the following: -** result[nlen+1], dm1[nlen], dm2[2*nlen+1], dt[4*nlen+2], dn[nlen], nint[nlen] -** all of them should be different from one another -** -*/ -void mont_mulf_noconv(unsigned int *result, - double *dm1, double *dm2, double *dt, - double *dn, unsigned int *nint, - int nlen, double dn0) -{ - int i, j, jj; - int tmp; - double digit, m2j, nextm2j, a, b; - double *dptmp, *pdm1, *pdm2, *pdn, *pdtj, pdn_0, pdm1_0; - - pdm1=&(dm1[0]); - pdm2=&(dm2[0]); - pdn=&(dn[0]); - pdm2[2*nlen]=Zero; - - if (nlen!=16) - { - for(i=0;i<4*nlen+2;i++) dt[i]=Zero; - - a=dt[0]=pdm1[0]*pdm2[0]; - digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16); - - pdtj=&(dt[0]); - for(j=jj=0;j<2*nlen;j++,jj++,pdtj++) - { - m2j=pdm2[j]; - a=pdtj[0]+pdn[0]*digit; - b=pdtj[1]+pdm1[0]*pdm2[j+1]+a*TwoToMinus16; - pdtj[1]=b; - -#pragma pipeloop(0) - for(i=1;i>32); -! 79 ! d=(long long)d16[2*i+3]; -! 80 ! t1+=(b&0xffff)<<16; - -/* 0x0070 80 (15 16) */ and %g1,%o1,%o0 - -! 81 ! t+=(b>>16)+(t1>>32); -! 82 ! i32[i]=t1&0xffffffff; -! 83 ! t1=t; -! 84 ! a=c; -! 85 ! b=d; - -/* 0x0074 85 (15 16) */ add %g2,16,%g2 -/* 0x0078 80 (16 17) */ sllx %o0,16,%g3 -/* 0x007c 77 (16 17) */ and %g4,%o3,%o0 -/* 0x0080 76 (17 20) */ fdtox %f0,%f0 -/* 0x0084 (17 18) */ std %f0,[%sp+104] -/* 0x0088 74 (17 18) */ add %o0,%g3,%o4 -/* 0x008c 79 (18 21) */ ldd [%g2+8],%f2 -/* 0x0090 81 (18 19) */ srax %g1,16,%o0 -/* 0x0094 82 (18 19) */ and %o4,%o3,%o7 -/* 0x0098 81 (19 20) */ stx %o0,[%sp+112] -/* 0x009c (19 20) */ srax %o4,32,%o0 -/* 0x00a0 85 (19 20) */ add %g5,4,%o5 -/* 0x00a4 81 (20 21) */ stx %o0,[%sp+120] -/* 0x00a8 78 (20 21) */ srax %g4,32,%o4 -/* 0x00ac 79 (20 23) */ fdtox %f2,%f0 -/* 0x00b0 (21 22) */ std %f0,[%sp+96] -/* 0x00b4 81 (22 24) */ ldx [%sp+112],%o0 -/* 0x00b8 (23 25) */ ldx [%sp+120],%g4 -/* 0x00bc 76 (25 27) */ ldx [%sp+104],%g3 -/* 0x00c0 81 (25 26) */ add %o0,%g4,%g4 -/* 0x00c4 79 (26 28) */ ldx [%sp+96],%g1 -/* 0x00c8 81 (26 27) */ add %o4,%g4,%o4 -/* 0x00cc 82 (27 28) */ st %o7,[%g5] -/* 0x00d0 (27 28) */ or %g0,1,%o7 -/* 0x00d4 84 (27 28) */ or %g0,%g3,%g4 - .L900000209: /* frequency 64.0 confidence 0.0 */ -/* 0x00d8 76 (17 19) */ ldd [%g2+16],%f0 -/* 0x00dc 85 (17 18) */ add %o7,1,%o7 -/* 0x00e0 (17 18) */ add %o5,4,%o5 -/* 0x00e4 (18 18) */ cmp %o7,%o2 -/* 0x00e8 (18 19) */ add %g2,16,%g2 -/* 0x00ec 76 (19 22) */ fdtox %f0,%f0 -/* 0x00f0 (20 21) */ std %f0,[%sp+104] -/* 0x00f4 79 (21 23) */ ldd [%g2+8],%f0 -/* 0x00f8 (23 26) */ fdtox %f0,%f0 -/* 0x00fc (24 25) */ std %f0,[%sp+96] -/* 0x0100 80 (25 26) */ and %g1,%o1,%g3 -/* 0x0104 (26 27) */ sllx %g3,16,%g3 -/* 0x0108 ( 0 0) */ stx %g3,[%sp+120] -/* 0x010c 77 (26 27) */ and %g4,%o3,%g3 -/* 0x0110 74 ( 0 0) */ stx %o7,[%sp+128] -/* 0x0114 ( 0 0) */ ldx [%sp+120],%o7 -/* 0x0118 (27 27) */ add %g3,%o7,%g3 -/* 0x011c ( 0 0) */ ldx [%sp+128],%o7 -/* 0x0120 81 (28 29) */ srax %g1,16,%g1 -/* 0x0124 74 (28 28) */ add %g3,%o4,%g3 -/* 0x0128 81 (29 30) */ srax %g3,32,%o4 -/* 0x012c ( 0 0) */ stx %o4,[%sp+112] -/* 0x0130 78 (30 31) */ srax %g4,32,%o4 -/* 0x0134 81 ( 0 0) */ ldx [%sp+112],%g4 -/* 0x0138 (30 31) */ add %g1,%g4,%g4 -/* 0x013c 79 (31 33) */ ldx [%sp+96],%g1 -/* 0x0140 81 (31 32) */ add %o4,%g4,%o4 -/* 0x0144 82 (32 33) */ and %g3,%o3,%g3 -/* 0x0148 84 ( 0 0) */ ldx [%sp+104],%g4 -/* 0x014c 85 (33 34) */ ble,pt %icc,.L900000209 ! tprob=0.50 -/* 0x0150 (33 34) */ st %g3,[%o5-4] - .L900000212: /* frequency 8.0 confidence 0.0 */ -/* 0x0154 85 ( 0 1) */ ba .L900000214 ! tprob=1.00 -/* 0x0158 ( 0 1) */ sethi %hi(0xfc00),%g2 - .L77000134: /* frequency 0.7 confidence 0.0 */ - .L900000213: /* frequency 6.4 confidence 0.0 */ -/* 0x015c 77 ( 0 1) */ and %g4,%o3,%o0 -/* 0x0160 80 ( 0 1) */ and %g1,%o1,%g3 -/* 0x0164 76 ( 0 3) */ fdtox %f0,%f0 -/* 0x0168 77 ( 1 2) */ add %o4,%o0,%o0 -/* 0x016c 76 ( 1 2) */ std %f0,[%sp+104] -/* 0x0170 85 ( 1 2) */ add %o7,1,%o7 -/* 0x0174 80 ( 2 3) */ sllx %g3,16,%o4 -/* 0x0178 79 ( 2 5) */ ldd [%g2+24],%f2 -/* 0x017c 85 ( 2 3) */ add %g2,16,%g2 -/* 0x0180 80 ( 3 4) */ add %o0,%o4,%o4 -/* 0x0184 81 ( 3 4) */ stx %o7,[%sp+128] -/* 0x0188 ( 4 5) */ srax %g1,16,%o0 -/* 0x018c ( 4 5) */ stx %o0,[%sp+112] -/* 0x0190 82 ( 4 5) */ and %o4,%o3,%g3 -/* 0x0194 81 ( 5 6) */ srax %o4,32,%o0 -/* 0x0198 ( 5 6) */ stx %o0,[%sp+120] -/* 0x019c 79 ( 5 8) */ fdtox %f2,%f0 -/* 0x01a0 ( 6 7) */ std %f0,[%sp+96] -/* 0x01a4 78 ( 6 7) */ srax %g4,32,%o4 -/* 0x01a8 81 ( 7 9) */ ldx [%sp+120],%o7 -/* 0x01ac ( 8 10) */ ldx [%sp+112],%g4 -/* 0x01b0 76 (10 12) */ ldx [%sp+104],%g1 -/* 0x01b4 81 (10 11) */ add %g4,%o7,%g4 -/* 0x01b8 (11 13) */ ldx [%sp+128],%o7 -/* 0x01bc (11 12) */ add %o4,%g4,%o4 -/* 0x01c0 79 (12 14) */ ldx [%sp+96],%o0 -/* 0x01c4 84 (12 13) */ or %g0,%g1,%g4 -/* 0x01c8 82 (13 14) */ st %g3,[%o5] -/* 0x01cc 85 (13 14) */ add %o5,4,%o5 -/* 0x01d0 (13 14) */ cmp %o7,%o2 -/* 0x01d4 (14 15) */ or %g0,%o0,%g1 -/* 0x01d8 (14 15) */ ble,a,pt %icc,.L900000213 ! tprob=0.86 -/* 0x01dc (14 17) */ ldd [%g2+16],%f0 - .L77000127: /* frequency 1.0 confidence 0.0 */ - -! 86 ! } -! 87 ! t1+=a&0xffffffff; -! 88 ! t=(a>>32); -! 89 ! t1+=(b&0xffff)<<16; -! 90 ! i32[i]=t1&0xffffffff; - -/* 0x01e0 90 ( 0 1) */ sethi %hi(0xfc00),%g2 - .L900000214: /* frequency 1.0 confidence 0.0 */ -/* 0x01e4 90 ( 0 1) */ or %g0,-1,%g3 -/* 0x01e8 ( 0 1) */ add %g2,1023,%g2 -/* 0x01ec ( 1 2) */ srl %g3,0,%g3 -/* 0x01f0 ( 1 2) */ and %g1,%g2,%g2 -/* 0x01f4 ( 2 3) */ and %g4,%g3,%g4 -/* 0x01f8 ( 3 4) */ sllx %g2,16,%g2 -/* 0x01fc ( 3 4) */ add %o4,%g4,%g4 -/* 0x0200 ( 4 5) */ add %g4,%g2,%g2 -/* 0x0204 ( 5 6) */ sll %o7,2,%g4 -/* 0x0208 ( 5 6) */ and %g2,%g3,%g2 -/* 0x020c ( 6 7) */ st %g2,[%g5+%g4] -/* 0x0210 ( 7 9) */ ret ! Result = -/* 0x0214 ( 9 10) */ restore %g0,%g0,%g0 -/* 0x0218 0 ( 0 0) */ .type conv_d16_to_i32,2 -/* 0x0218 ( 0 0) */ .size conv_d16_to_i32,(.-conv_d16_to_i32) - - .section ".text",#alloc,#execinstr -/* 000000 0 ( 0 0) */ .align 8 -! -! CONSTANT POOL -! - .L_const_seg_900000301: /* frequency 1.0 confidence 0.0 */ -/* 000000 0 ( 0 0) */ .word 1127219200,0 -/* 0x0008 0 ( 0 0) */ .align 4 -! -! SUBROUTINE conv_i32_to_d32 -! -! OFFSET SOURCE LINE LABEL INSTRUCTION (ISSUE TIME) (COMPLETION TIME) - - .global conv_i32_to_d32 - conv_i32_to_d32: /* frequency 1.0 confidence 0.0 */ -/* 000000 ( 0 1) */ orcc %g0,%o2,%g1 - -! 92 !} -! 94 !void conv_i32_to_d32(double *d32, unsigned int *i32, int len) -! 95 !{ -! 96 !int i; -! 98 !#pragma pipeloop(0) -! 99 ! for(i=0;i>16); - -/* 0x0018 113 ( 3 4) */ sethi %hi(.L_const_seg_900000401),%o0 -/* 0x001c ( 3 4) */ add %o5,1,%g3 -/* 0x0020 ( 4 5) */ add %g2,1023,%o4 -/* 0x0024 109 ( 4 5) */ or %g0,0,%g1 -/* 0x0028 ( 5 6) */ cmp %g3,3 -/* 0x002c ( 5 6) */ or %g0,%i1,%o7 -/* 0x0030 ( 6 7) */ add %o0,%lo(.L_const_seg_900000401),%o3 -/* 0x0034 ( 6 7) */ or %g0,%i0,%g2 -/* 0x0038 ( 6 7) */ bl,pn %icc,.L77000154 ! tprob=0.44 -/* 0x003c ( 7 8) */ add %o7,4,%o0 -/* 0x0040 112 ( 7 10) */ ldd [%o3],%f0 -/* 0x0044 113 ( 7 8) */ or %g0,1,%g1 -/* 0x0048 111 ( 8 11) */ ld [%o0-4],%o1 -/* 0x004c 0 ( 8 9) */ or %g0,%o0,%o7 -/* 0x0050 112 (10 11) */ and %o1,%o4,%o0 - .L900000406: /* frequency 64.0 confidence 0.0 */ -/* 0x0054 112 (22 23) */ st %o0,[%sp+96] -/* 0x0058 113 (22 23) */ add %g1,1,%g1 -/* 0x005c (22 23) */ add %g2,16,%g2 -/* 0x0060 (23 23) */ cmp %g1,%o5 -/* 0x0064 (23 24) */ add %o7,4,%o7 -/* 0x0068 112 (29 31) */ ld [%sp+96],%f3 -/* 0x006c ( 0 0) */ fmovs %f0,%f2 -/* 0x0070 (31 34) */ fsubd %f2,%f0,%f2 -/* 0x0074 113 (32 33) */ srl %o1,16,%o0 -/* 0x0078 112 (32 33) */ std %f2,[%g2-16] -/* 0x007c 113 (33 34) */ st %o0,[%sp+92] -/* 0x0080 (40 42) */ ld [%sp+92],%f3 -/* 0x0084 111 (41 43) */ ld [%o7-4],%o1 -/* 0x0088 113 ( 0 0) */ fmovs %f0,%f2 -/* 0x008c (42 45) */ fsubd %f2,%f0,%f2 -/* 0x0090 112 (43 44) */ and %o1,%o4,%o0 -/* 0x0094 113 (43 44) */ ble,pt %icc,.L900000406 ! tprob=0.50 -/* 0x0098 (43 44) */ std %f2,[%g2-8] - .L900000409: /* frequency 8.0 confidence 0.0 */ -/* 0x009c 112 ( 0 1) */ st %o0,[%sp+96] -/* 0x00a0 ( 0 1) */ fmovs %f0,%f2 -/* 0x00a4 113 ( 0 1) */ add %g2,16,%g2 -/* 0x00a8 ( 1 2) */ srl %o1,16,%o0 -/* 0x00ac 112 ( 4 7) */ ld [%sp+96],%f3 -/* 0x00b0 ( 6 9) */ fsubd %f2,%f0,%f2 -/* 0x00b4 ( 6 7) */ std %f2,[%g2-16] -/* 0x00b8 113 ( 7 8) */ st %o0,[%sp+92] -/* 0x00bc (10 11) */ fmovs %f0,%f2 -/* 0x00c0 (11 14) */ ld [%sp+92],%f3 -/* 0x00c4 (13 16) */ fsubd %f2,%f0,%f0 -/* 0x00c8 (13 14) */ std %f0,[%g2-8] -/* 0x00cc (14 16) */ ret ! Result = -/* 0x00d0 (16 17) */ restore %g0,%g0,%g0 - .L77000154: /* frequency 0.7 confidence 0.0 */ -/* 0x00d4 111 ( 0 3) */ ld [%o7],%o0 - .L900000410: /* frequency 6.4 confidence 0.0 */ -/* 0x00d8 112 ( 0 1) */ and %o0,%o4,%o1 -/* 0x00dc ( 0 1) */ st %o1,[%sp+96] -/* 0x00e0 113 ( 0 1) */ add %g1,1,%g1 -/* 0x00e4 112 ( 1 4) */ ldd [%o3],%f0 -/* 0x00e8 113 ( 1 2) */ srl %o0,16,%o0 -/* 0x00ec ( 1 2) */ add %o7,4,%o7 -/* 0x00f0 ( 2 3) */ cmp %g1,%o5 -/* 0x00f4 112 ( 3 4) */ fmovs %f0,%f2 -/* 0x00f8 ( 4 7) */ ld [%sp+96],%f3 -/* 0x00fc ( 6 9) */ fsubd %f2,%f0,%f2 -/* 0x0100 ( 6 7) */ std %f2,[%g2] -/* 0x0104 113 ( 7 8) */ st %o0,[%sp+92] -/* 0x0108 (10 11) */ fmovs %f0,%f2 -/* 0x010c (11 14) */ ld [%sp+92],%f3 -/* 0x0110 (13 16) */ fsubd %f2,%f0,%f0 -/* 0x0114 (13 14) */ std %f0,[%g2+8] -/* 0x0118 (13 14) */ add %g2,16,%g2 -/* 0x011c (13 14) */ ble,a,pt %icc,.L900000410 ! tprob=0.86 -/* 0x0120 (14 17) */ ld [%o7],%o0 - .L77000150: /* frequency 1.0 confidence 0.0 */ -/* 0x0124 ( 0 2) */ ret ! Result = -/* 0x0128 ( 2 3) */ restore %g0,%g0,%g0 -/* 0x012c 0 ( 0 0) */ .type conv_i32_to_d16,2 -/* 0x012c ( 0 0) */ .size conv_i32_to_d16,(.-conv_i32_to_d16) - - .section ".text",#alloc,#execinstr -/* 000000 0 ( 0 0) */ .align 8 -! -! CONSTANT POOL -! - .L_const_seg_900000501: /* frequency 1.0 confidence 0.0 */ -/* 000000 0 ( 0 0) */ .word 1127219200,0 -/* 0x0008 0 ( 0 0) */ .align 4 -! -! SUBROUTINE conv_i32_to_d32_and_d16 -! -! OFFSET SOURCE LINE LABEL INSTRUCTION (ISSUE TIME) (COMPLETION TIME) - - .global conv_i32_to_d32_and_d16 - conv_i32_to_d32_and_d16: /* frequency 1.0 confidence 0.0 */ -/* 000000 ( 0 1) */ save %sp,-104,%sp -/* 0x0004 ( 1 2) */ or %g0,%i3,%i4 -/* 0x0008 ( 1 2) */ or %g0,%i2,%g1 - -! 114 ! } -! 115 !} -! 118 !void i16_to_d16_and_d32x4(double * /*1/(2^16)*/, double * /* 2^16*/, -! 119 ! double * /* 0 */, -! 120 ! double * /*result16*/, double * /* result32 */, -! 121 ! float * /*source - should be unsigned int* -! 122 ! converted to float* */); -! 126 !void conv_i32_to_d32_and_d16(double *d32, double *d16, -! 127 ! unsigned int *i32, int len) -! 128 !{ -! 129 !int i; -! 130 !unsigned int a; -! 132 !#pragma pipeloop(0) -! 133 ! for(i=0;i>16); - -/* 0x0128 143 ( 0 1) */ sethi %hi(.L_const_seg_900000501),%o1 -/* 0x012c 138 ( 1 2) */ sethi %hi(0xfc00),%o0 -/* 0x0130 141 ( 1 4) */ ldd [%o1+%lo(.L_const_seg_900000501)],%f0 -/* 0x0134 138 ( 1 2) */ sub %i4,%o7,%g3 -/* 0x0138 ( 2 3) */ sll %o7,2,%g2 -/* 0x013c ( 2 3) */ add %o0,1023,%o3 -/* 0x0140 ( 3 4) */ sll %o7,3,%g4 -/* 0x0144 ( 3 4) */ cmp %g3,3 -/* 0x0148 ( 4 5) */ add %g1,%g2,%o0 -/* 0x014c ( 4 5) */ add %o1,%lo(.L_const_seg_900000501),%o2 -/* 0x0150 ( 5 6) */ add %i3,%g4,%o4 -/* 0x0154 ( 5 6) */ sub %i4,1,%o1 -/* 0x0158 ( 6 7) */ sll %o7,4,%g5 -/* 0x015c ( 6 7) */ bl,pn %icc,.L77000161 ! tprob=0.44 -/* 0x0160 ( 7 8) */ add %i1,%g5,%o5 -/* 0x0164 141 ( 7 10) */ ld [%g1+%g2],%f3 -/* 0x0168 143 ( 7 8) */ add %o4,8,%o4 -/* 0x016c 140 ( 8 11) */ ld [%g1+%g2],%g1 -/* 0x0170 143 ( 8 9) */ add %o5,16,%o5 -/* 0x0174 ( 8 9) */ add %o7,1,%o7 -/* 0x0178 141 ( 9 10) */ fmovs %f0,%f2 -/* 0x017c 143 ( 9 10) */ add %o0,4,%o0 -/* 0x0180 142 (10 11) */ and %g1,%o3,%g2 -/* 0x0184 141 (11 14) */ fsubd %f2,%f0,%f2 -/* 0x0188 (11 12) */ std %f2,[%o4-8] -/* 0x018c 143 (11 12) */ srl %g1,16,%g1 -/* 0x0190 142 (12 13) */ st %g2,[%sp+96] -/* 0x0194 (15 16) */ fmovs %f0,%f2 -/* 0x0198 (16 19) */ ld [%sp+96],%f3 -/* 0x019c (18 21) */ fsubd %f2,%f0,%f2 -/* 0x01a0 (18 19) */ std %f2,[%o5-16] -/* 0x01a4 143 (19 20) */ st %g1,[%sp+92] -/* 0x01a8 (22 23) */ fmovs %f0,%f2 -/* 0x01ac (23 26) */ ld [%sp+92],%f3 -/* 0x01b0 (25 28) */ fsubd %f2,%f0,%f2 -/* 0x01b4 (25 26) */ std %f2,[%o5-8] - .L900000509: /* frequency 64.0 confidence 0.0 */ -/* 0x01b8 141 (26 28) */ ld [%o0],%f3 -/* 0x01bc 143 (26 27) */ add %o7,2,%o7 -/* 0x01c0 (26 27) */ add %o5,32,%o5 -/* 0x01c4 140 (27 29) */ ld [%o0],%g1 -/* 0x01c8 143 (27 27) */ cmp %o7,%o1 -/* 0x01cc (27 28) */ add %o4,16,%o4 -/* 0x01d0 141 ( 0 0) */ fmovs %f0,%f2 -/* 0x01d4 (28 31) */ fsubd %f2,%f0,%f2 -/* 0x01d8 (29 30) */ std %f2,[%o4-16] -/* 0x01dc 142 (29 30) */ and %g1,%o3,%g2 -/* 0x01e0 (30 31) */ st %g2,[%sp+96] -/* 0x01e4 (37 39) */ ld [%sp+96],%f3 -/* 0x01e8 ( 0 0) */ fmovs %f0,%f2 -/* 0x01ec (39 42) */ fsubd %f2,%f0,%f2 -/* 0x01f0 143 (40 41) */ srl %g1,16,%g1 -/* 0x01f4 142 (40 41) */ std %f2,[%o5-32] -/* 0x01f8 143 (41 42) */ st %g1,[%sp+92] -/* 0x01fc (48 50) */ ld [%sp+92],%f3 -/* 0x0200 ( 0 0) */ fmovs %f0,%f2 -/* 0x0204 (50 53) */ fsubd %f2,%f0,%f2 -/* 0x0208 (51 52) */ std %f2,[%o5-24] -/* 0x020c (51 52) */ add %o0,4,%o0 -/* 0x0210 141 (52 54) */ ld [%o0],%f3 -/* 0x0214 140 (53 55) */ ld [%o0],%g1 -/* 0x0218 141 ( 0 0) */ fmovs %f0,%f2 -/* 0x021c (54 57) */ fsubd %f2,%f0,%f2 -/* 0x0220 (55 56) */ std %f2,[%o4-8] -/* 0x0224 142 (55 56) */ and %g1,%o3,%g2 -/* 0x0228 (56 57) */ st %g2,[%sp+96] -/* 0x022c (63 65) */ ld [%sp+96],%f3 -/* 0x0230 ( 0 0) */ fmovs %f0,%f2 -/* 0x0234 (65 68) */ fsubd %f2,%f0,%f2 -/* 0x0238 143 (66 67) */ srl %g1,16,%g1 -/* 0x023c 142 (66 67) */ std %f2,[%o5-16] -/* 0x0240 143 (67 68) */ st %g1,[%sp+92] -/* 0x0244 (74 76) */ ld [%sp+92],%f3 -/* 0x0248 ( 0 0) */ fmovs %f0,%f2 -/* 0x024c (76 79) */ fsubd %f2,%f0,%f2 -/* 0x0250 (77 78) */ std %f2,[%o5-8] -/* 0x0254 (77 78) */ bl,pt %icc,.L900000509 ! tprob=0.50 -/* 0x0258 (77 78) */ add %o0,4,%o0 - .L900000512: /* frequency 8.0 confidence 0.0 */ -/* 0x025c 143 ( 0 1) */ cmp %o7,%i4 -/* 0x0260 ( 0 1) */ bge,pn %icc,.L77000164 ! tprob=0.14 -/* 0x0264 ( 0 1) */ nop - .L77000161: /* frequency 0.7 confidence 0.0 */ -/* 0x0268 141 ( 0 3) */ ld [%o0],%f3 - .L900000513: /* frequency 6.4 confidence 0.0 */ -/* 0x026c 141 ( 0 3) */ ldd [%o2],%f0 -/* 0x0270 143 ( 0 1) */ add %o7,1,%o7 -/* 0x0274 140 ( 1 4) */ ld [%o0],%o1 -/* 0x0278 143 ( 1 2) */ add %o0,4,%o0 -/* 0x027c ( 1 2) */ cmp %o7,%i4 -/* 0x0280 141 ( 2 3) */ fmovs %f0,%f2 -/* 0x0284 142 ( 3 4) */ and %o1,%o3,%g1 -/* 0x0288 141 ( 4 7) */ fsubd %f2,%f0,%f2 -/* 0x028c ( 4 5) */ std %f2,[%o4] -/* 0x0290 143 ( 4 5) */ srl %o1,16,%o1 -/* 0x0294 142 ( 5 6) */ st %g1,[%sp+96] -/* 0x0298 143 ( 5 6) */ add %o4,8,%o4 -/* 0x029c 142 ( 8 9) */ fmovs %f0,%f2 -/* 0x02a0 ( 9 12) */ ld [%sp+96],%f3 -/* 0x02a4 (11 14) */ fsubd %f2,%f0,%f2 -/* 0x02a8 (11 12) */ std %f2,[%o5] -/* 0x02ac 143 (12 13) */ st %o1,[%sp+92] -/* 0x02b0 (15 16) */ fmovs %f0,%f2 -/* 0x02b4 (16 19) */ ld [%sp+92],%f3 -/* 0x02b8 (18 21) */ fsubd %f2,%f0,%f0 -/* 0x02bc (18 19) */ std %f0,[%o5+8] -/* 0x02c0 (18 19) */ add %o5,16,%o5 -/* 0x02c4 (18 19) */ bl,a,pt %icc,.L900000513 ! tprob=0.86 -/* 0x02c8 (19 22) */ ld [%o0],%f3 - .L77000164: /* frequency 1.0 confidence 0.0 */ -/* 0x02cc ( 0 2) */ ret ! Result = -/* 0x02d0 ( 2 3) */ restore %g0,%g0,%g0 -/* 0x02d4 0 ( 0 0) */ .type conv_i32_to_d32_and_d16,2 -/* 0x02d4 ( 0 0) */ .size conv_i32_to_d32_and_d16,(.-conv_i32_to_d32_and_d16) - - .section ".text",#alloc,#execinstr -/* 000000 0 ( 0 0) */ .align 4 -! -! SUBROUTINE adjust_montf_result -! -! OFFSET SOURCE LINE LABEL INSTRUCTION (ISSUE TIME) (COMPLETION TIME) - - .global adjust_montf_result - adjust_montf_result: /* frequency 1.0 confidence 0.0 */ - -! 144 ! } -! 145 !} -! 148 !void adjust_montf_result(unsigned int *i32, unsigned int *nint, int len) -! 149 !{ -! 150 !long long acc; -! 151 !int i; -! 153 ! if(i32[len]>0) i=-1; - -/* 000000 153 ( 0 1) */ sll %o2,2,%g1 -/* 0x0004 ( 0 1) */ or %g0,-1,%g3 -/* 0x0008 ( 1 4) */ ld [%o0+%g1],%g1 -/* 0x000c ( 3 4) */ cmp %g1,0 -/* 0x0010 ( 3 4) */ bleu,pn %icc,.L77000175 ! tprob=0.50 -/* 0x0014 ( 3 4) */ or %g0,%o1,%o3 -/* 0x0018 ( 4 5) */ ba .L900000611 ! tprob=1.00 -/* 0x001c ( 4 5) */ cmp %g3,0 - .L77000175: /* frequency 0.8 confidence 0.0 */ - -! 154 ! else -! 155 ! { -! 156 ! for(i=len-1; i>=0; i++) - -/* 0x0020 156 ( 0 1) */ subcc %o2,1,%g3 -/* 0x0024 ( 0 1) */ bneg,pt %icc,.L900000611 ! tprob=0.60 -/* 0x0028 ( 1 2) */ cmp %g3,0 -/* 0x002c ( 1 2) */ sll %g3,2,%g1 -/* 0x0030 ( 2 3) */ add %o0,%g1,%g2 -/* 0x0034 ( 2 3) */ add %o1,%g1,%g1 - -! 157 ! { -! 158 ! if(i32[i]!=nint[i]) break; - -/* 0x0038 158 ( 3 6) */ ld [%g1],%g5 - .L900000610: /* frequency 5.3 confidence 0.0 */ -/* 0x003c 158 ( 0 3) */ ld [%g2],%o5 -/* 0x0040 ( 0 1) */ add %g1,4,%g1 -/* 0x0044 ( 0 1) */ add %g2,4,%g2 -/* 0x0048 ( 2 3) */ cmp %o5,%g5 -/* 0x004c ( 2 3) */ bne,pn %icc,.L77000182 ! tprob=0.16 -/* 0x0050 ( 2 3) */ nop -/* 0x0054 ( 3 4) */ addcc %g3,1,%g3 -/* 0x0058 ( 3 4) */ bpos,a,pt %icc,.L900000610 ! tprob=0.84 -/* 0x005c ( 3 6) */ ld [%g1],%g5 - .L77000182: /* frequency 1.0 confidence 0.0 */ - -! 159 ! } -! 160 ! } -! 161 ! if((i<0)||(i32[i]>nint[i])) - -/* 0x0060 161 ( 0 1) */ cmp %g3,0 - .L900000611: /* frequency 1.0 confidence 0.0 */ -/* 0x0064 161 ( 0 1) */ bl,pn %icc,.L77000198 ! tprob=0.50 -/* 0x0068 ( 0 1) */ sll %g3,2,%g2 -/* 0x006c ( 1 4) */ ld [%o1+%g2],%g1 -/* 0x0070 ( 2 5) */ ld [%o0+%g2],%g2 -/* 0x0074 ( 4 5) */ cmp %g2,%g1 -/* 0x0078 ( 4 5) */ bleu,pt %icc,.L77000191 ! tprob=0.56 -/* 0x007c ( 4 5) */ nop - .L77000198: /* frequency 0.8 confidence 0.0 */ - -! 162 ! { -! 163 ! acc=0; -! 164 ! for(i=0;i>32; - -/* 0x00c4 168 ( 6 7) */ or %g0,2,%o5 -/* 0x00c8 166 ( 7 10) */ ld [%o0+4],%g1 -/* 0x00cc 164 ( 8 9) */ sub %o2,%o1,%o2 -/* 0x00d0 ( 9 10) */ or %g0,%o2,%g5 -/* 0x00d4 167 ( 9 10) */ and %o2,%g3,%o2 -/* 0x00d8 ( 9 10) */ st %o2,[%o0] -/* 0x00dc 168 (10 11) */ srax %g5,32,%g5 - .L900000605: /* frequency 64.0 confidence 0.0 */ -/* 0x00e0 166 (12 20) */ ld [%o3],%o2 -/* 0x00e4 168 (12 13) */ add %o5,1,%o5 -/* 0x00e8 (12 13) */ add %o3,4,%o3 -/* 0x00ec (13 13) */ cmp %o5,%g4 -/* 0x00f0 (13 14) */ add %o4,4,%o4 -/* 0x00f4 164 (14 14) */ sub %g1,%o2,%g1 -/* 0x00f8 (15 15) */ add %g1,%g5,%g5 -/* 0x00fc 167 (16 17) */ and %g5,%g3,%o2 -/* 0x0100 166 (16 24) */ ld [%o4-4],%g1 -/* 0x0104 167 (17 18) */ st %o2,[%o4-8] -/* 0x0108 168 (17 18) */ ble,pt %icc,.L900000605 ! tprob=0.50 -/* 0x010c (17 18) */ srax %g5,32,%g5 - .L900000608: /* frequency 8.0 confidence 0.0 */ -/* 0x0110 166 ( 0 3) */ ld [%o3],%g2 -/* 0x0114 164 ( 2 3) */ sub %g1,%g2,%g1 -/* 0x0118 ( 3 4) */ add %g1,%g5,%g1 -/* 0x011c 167 ( 4 5) */ and %g1,%g3,%g2 -/* 0x0120 ( 5 7) */ retl ! Result = -/* 0x0124 ( 6 7) */ st %g2,[%o4-4] - .L77000199: /* frequency 0.6 confidence 0.0 */ -/* 0x0128 166 ( 0 3) */ ld [%o4],%g1 - .L900000609: /* frequency 5.3 confidence 0.0 */ -/* 0x012c 166 ( 0 3) */ ld [%o3],%g2 -/* 0x0130 ( 0 1) */ add %g5,%g1,%g1 -/* 0x0134 168 ( 0 1) */ add %o5,1,%o5 -/* 0x0138 ( 1 2) */ add %o3,4,%o3 -/* 0x013c ( 1 2) */ cmp %o5,%g4 -/* 0x0140 166 ( 2 3) */ sub %g1,%g2,%g1 -/* 0x0144 167 ( 3 4) */ and %g1,%g3,%g2 -/* 0x0148 ( 3 4) */ st %g2,[%o4] -/* 0x014c 168 ( 3 4) */ add %o4,4,%o4 -/* 0x0150 ( 4 5) */ srax %g1,32,%g5 -/* 0x0154 ( 4 5) */ ble,a,pt %icc,.L900000609 ! tprob=0.84 -/* 0x0158 ( 4 7) */ ld [%o4],%g1 - .L77000191: /* frequency 1.0 confidence 0.0 */ -/* 0x015c ( 0 2) */ retl ! Result = -/* 0x0160 ( 1 2) */ nop -/* 0x0164 0 ( 0 0) */ .type adjust_montf_result,2 -/* 0x0164 ( 0 0) */ .size adjust_montf_result,(.-adjust_montf_result) - - .section ".text",#alloc,#execinstr -/* 000000 0 ( 0 0) */ .align 32 -! -! SUBROUTINE mont_mulf_noconv -! -! OFFSET SOURCE LINE LABEL INSTRUCTION (ISSUE TIME) (COMPLETION TIME) - - .global mont_mulf_noconv - mont_mulf_noconv: /* frequency 1.0 confidence 0.0 */ -/* 000000 ( 0 1) */ save %sp,-144,%sp -/* 0x0004 ( 1 2) */ st %i0,[%fp+68] - -! 169 ! } -! 170 ! } -! 171 !} -! 175 !void cleanup(double *dt, int from, int tlen); -! 177 !/* -! 178 !** the lengths of the input arrays should be at least the following: -! 179 !** result[nlen+1], dm1[nlen], dm2[2*nlen+1], dt[4*nlen+2], dn[nlen], nint[nlen] -! 180 !** all of them should be different from one another -! 181 !** -! 182 !*/ -! 183 !void mont_mulf_noconv(unsigned int *result, -! 184 ! double *dm1, double *dm2, double *dt, -! 185 ! double *dn, unsigned int *nint, -! 186 ! int nlen, double dn0) -! 187 !{ -! 188 ! int i, j, jj; -! 189 ! int tmp; -! 190 ! double digit, m2j, nextm2j, a, b; -! 191 ! double *dptmp, *pdm1, *pdm2, *pdn, *pdtj, pdn_0, pdm1_0; -! 193 ! pdm1=&(dm1[0]); -! 194 ! pdm2=&(dm2[0]); -! 195 ! pdn=&(dn[0]); -! 196 ! pdm2[2*nlen]=Zero; - -/* 0x0008 196 ( 1 2) */ sethi %hi(Zero),%g2 -/* 0x000c 187 ( 1 2) */ or %g0,%i2,%o1 -/* 0x0010 ( 2 3) */ st %i5,[%fp+88] -/* 0x0014 ( 2 3) */ or %g0,%i3,%o2 -/* 0x0018 196 ( 2 3) */ add %g2,%lo(Zero),%g4 -/* 0x001c ( 3 6) */ ldd [%g2+%lo(Zero)],%f2 -/* 0x0020 187 ( 3 4) */ or %g0,%o2,%g5 -/* 0x0024 196 ( 3 4) */ or %g0,%o1,%i0 -/* 0x0028 187 ( 4 5) */ or %g0,%i4,%i2 - -! 198 ! if (nlen!=16) -! 199 ! { -! 200 ! for(i=0;i<4*nlen+2;i++) dt[i]=Zero; -! 202 ! a=dt[0]=pdm1[0]*pdm2[0]; -! 203 ! digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16); -! 205 ! pdtj=&(dt[0]); -! 206 ! for(j=jj=0;j<2*nlen;j++,jj++,pdtj++) -! 207 ! { -! 208 ! m2j=pdm2[j]; -! 209 ! a=pdtj[0]+pdn[0]*digit; -! 210 ! b=pdtj[1]+pdm1[0]*pdm2[j+1]+a*TwoToMinus16; -! 211 ! pdtj[1]=b; -! 213 !#pragma pipeloop(0) -! 214 ! for(i=1;i>32); -! 122 ! d=(long long)d16[2*i+3]; -! 123 ! t1+=(b&0xffff)<<16; -! 124 ! t+=(b>>16)+(t1>>32); -! 125 ! i32[i]=t1&0xffffffff; -! 126 ! t1=t; -! 127 ! a=c; -! 128 ! b=d; - -/* 0x0070 128 */ add %o0,16,%g2 -/* 0x0074 123 */ and %g1,%o1,%o0 -/* 0x0078 */ sllx %o0,16,%g3 -/* 0x007c 120 */ and %g4,%o3,%o0 -/* 0x0080 117 */ add %o0,%g3,%o4 -/* 0x0084 119 */ fdtox %f0,%f0 -/* 0x0088 */ std %f0,[%sp+104] -/* 0x008c 125 */ and %o4,%o3,%g5 -/* 0x0090 122 */ ldd [%g2+8],%f2 -/* 0x0094 128 */ add %o5,4,%o5 -/* 0x0098 124 */ srax %o4,32,%o4 -/* 0x009c */ stx %o4,[%sp+112] -/* 0x00a0 122 */ fdtox %f2,%f0 -/* 0x00a4 */ std %f0,[%sp+96] -/* 0x00a8 124 */ srax %g1,16,%o0 -/* 0x00ac */ ldx [%sp+112],%o7 -/* 0x00b0 121 */ srax %g4,32,%o4 -/* 0x00b4 124 */ add %o0,%o7,%g4 -/* 0x00b8 128 */ or %g0,1,%o7 -/* 0x00bc 119 */ ldx [%sp+104],%g3 -/* 0x00c0 124 */ add %o4,%g4,%o4 -/* 0x00c4 122 */ ldx [%sp+96],%g1 -/* 0x00c8 125 */ st %g5,[%o5-4] -/* 0x00cc 127 */ or %g0,%g3,%g4 - .L900000112: -/* 0x00d0 119 */ ldd [%g2+16],%f0 -/* 0x00d4 128 */ add %o7,1,%o7 -/* 0x00d8 */ add %o5,4,%o5 -/* 0x00dc */ cmp %o7,%o2 -/* 0x00e0 */ add %g2,16,%g2 -/* 0x00e4 119 */ fdtox %f0,%f0 -/* 0x00e8 */ std %f0,[%sp+104] -/* 0x00ec 122 */ ldd [%g2+8],%f0 -/* 0x00f0 */ fdtox %f0,%f0 -/* 0x00f4 */ std %f0,[%sp+96] -/* 0x00f8 123 */ and %g1,%o1,%g3 -/* 0x00fc */ sllx %g3,16,%g5 -/* 0x0100 120 */ and %g4,%o3,%g3 -/* 0x0104 117 */ add %g3,%g5,%g3 -/* 0x0108 124 */ srax %g1,16,%g1 -/* 0x010c 117 */ add %g3,%o4,%g3 -/* 0x0110 124 */ srax %g3,32,%o4 -/* 0x0114 */ stx %o4,[%sp+112] -/* 0x0118 119 */ ldx [%sp+104],%g5 -/* 0x011c 121 */ srax %g4,32,%o4 -/* 0x0120 124 */ ldx [%sp+112],%g4 -/* 0x0124 */ add %g1,%g4,%g4 -/* 0x0128 122 */ ldx [%sp+96],%g1 -/* 0x012c 124 */ add %o4,%g4,%o4 -/* 0x0130 125 */ and %g3,%o3,%g3 -/* 0x0134 127 */ or %g0,%g5,%g4 -/* 0x0138 128 */ ble,pt %icc,.L900000112 -/* 0x013c */ st %g3,[%o5-4] - .L900000115: -/* 0x0140 128 */ ba .L900000117 -/* 0x0144 */ sethi %hi(0xfc00),%g2 - .L77000134: -/* 0x0148 119 */ ldd [%g2+16],%f0 - .L900000116: -/* 0x014c 120 */ and %g4,%o3,%o0 -/* 0x0150 123 */ and %g1,%o1,%g3 -/* 0x0154 119 */ fdtox %f0,%f0 -/* 0x0158 120 */ add %o4,%o0,%o0 -/* 0x015c 119 */ std %f0,[%sp+104] -/* 0x0160 128 */ add %o7,1,%o7 -/* 0x0164 123 */ sllx %g3,16,%o4 -/* 0x0168 122 */ ldd [%g2+24],%f2 -/* 0x016c 128 */ add %g2,16,%g2 -/* 0x0170 123 */ add %o0,%o4,%o0 -/* 0x0174 128 */ cmp %o7,%o2 -/* 0x0178 125 */ and %o0,%o3,%g3 -/* 0x017c 122 */ fdtox %f2,%f0 -/* 0x0180 */ std %f0,[%sp+96] -/* 0x0184 124 */ srax %o0,32,%o0 -/* 0x0188 */ stx %o0,[%sp+112] -/* 0x018c 121 */ srax %g4,32,%o4 -/* 0x0190 122 */ ldx [%sp+96],%o0 -/* 0x0194 124 */ srax %g1,16,%g5 -/* 0x0198 */ ldx [%sp+112],%g4 -/* 0x019c 119 */ ldx [%sp+104],%g1 -/* 0x01a0 125 */ st %g3,[%o5] -/* 0x01a4 124 */ add %g5,%g4,%g4 -/* 0x01a8 128 */ add %o5,4,%o5 -/* 0x01ac 124 */ add %o4,%g4,%o4 -/* 0x01b0 127 */ or %g0,%g1,%g4 -/* 0x01b4 128 */ or %g0,%o0,%g1 -/* 0x01b8 */ ble,a,pt %icc,.L900000116 -/* 0x01bc */ ldd [%g2+16],%f0 - .L77000127: - -! 129 ! } -! 130 ! t1+=a&0xffffffff; -! 131 ! t=(a>>32); -! 132 ! t1+=(b&0xffff)<<16; -! 133 ! i32[i]=t1&0xffffffff; - -/* 0x01c0 133 */ sethi %hi(0xfc00),%g2 - .L900000117: -/* 0x01c4 133 */ or %g0,-1,%g3 -/* 0x01c8 */ add %g2,1023,%g2 -/* 0x01cc */ srl %g3,0,%g3 -/* 0x01d0 */ and %g1,%g2,%g2 -/* 0x01d4 */ and %g4,%g3,%g4 -/* 0x01d8 */ sllx %g2,16,%g2 -/* 0x01dc */ add %o4,%g4,%g4 -/* 0x01e0 */ add %g4,%g2,%g2 -/* 0x01e4 */ sll %o7,2,%g4 -/* 0x01e8 */ and %g2,%g3,%g2 -/* 0x01ec */ st %g2,[%i0+%g4] -/* 0x01f0 */ ret ! Result = -/* 0x01f4 */ restore %g0,%g0,%g0 -/* 0x01f8 0 */ .type conv_d16_to_i32,2 -/* 0x01f8 */ .size conv_d16_to_i32,(.-conv_d16_to_i32) - - .section ".text",#alloc,#execinstr -/* 000000 0 */ .align 8 -! -! CONSTANT POOL -! - .L_const_seg_900000201: -/* 000000 0 */ .word 1127219200,0 -/* 0x0008 0 */ .align 4 -/* 0x0008 */ .skip 16 -! -! SUBROUTINE conv_i32_to_d32 -! -! OFFSET SOURCE LINE LABEL INSTRUCTION - - .global conv_i32_to_d32 - conv_i32_to_d32: -/* 000000 */ or %g0,%o7,%g2 - -! 135 !} -! 137 !void conv_i32_to_d32(double *d32, unsigned int *i32, int len) -! 138 !{ -! 139 !int i; -! 141 !#pragma pipeloop(0) -! 142 ! for(i=0;i>16); - -/* 0x0008 156 */ sethi %hi(.L_const_seg_900000301),%g2 - .L900000310: -/* 0x000c */ call .+8 -/* 0x0010 */ sethi /*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000310-.)),%g3 -/* 0x0014 152 */ cmp %o0,0 -/* 0x0018 147 */ add %g3,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000310-.)),%g3 -/* 0x001c 152 */ ble,pt %icc,.L77000150 -/* 0x0020 */ add %g3,%o7,%o2 -/* 0x0024 */ sub %i2,1,%o5 -/* 0x0028 156 */ add %g2,%lo(.L_const_seg_900000301),%o1 -/* 0x002c 152 */ sethi %hi(0xfc00),%o0 -/* 0x0030 */ ld [%o2+%o1],%o3 -/* 0x0034 */ add %o5,1,%g2 -/* 0x0038 */ or %g0,0,%g1 -/* 0x003c */ cmp %g2,3 -/* 0x0040 */ or %g0,%i1,%o7 -/* 0x0044 */ add %o0,1023,%o4 -/* 0x0048 */ or %g0,%i0,%g3 -/* 0x004c */ bl,pn %icc,.L77000154 -/* 0x0050 */ add %o7,4,%o0 -/* 0x0054 155 */ ldd [%o3],%f0 -/* 0x0058 156 */ or %g0,1,%g1 -/* 0x005c 154 */ ld [%o0-4],%o1 -/* 0x0060 0 */ or %g0,%o0,%o7 -/* 0x0064 155 */ and %o1,%o4,%o0 - .L900000306: -/* 0x0068 155 */ st %o0,[%sp+96] -/* 0x006c 156 */ add %g1,1,%g1 -/* 0x0070 */ add %g3,16,%g3 -/* 0x0074 */ cmp %g1,%o5 -/* 0x0078 */ add %o7,4,%o7 -/* 0x007c 155 */ ld [%sp+96],%f3 -/* 0x0080 */ fmovs %f0,%f2 -/* 0x0084 */ fsubd %f2,%f0,%f2 -/* 0x0088 156 */ srl %o1,16,%o0 -/* 0x008c 155 */ std %f2,[%g3-16] -/* 0x0090 156 */ st %o0,[%sp+92] -/* 0x0094 */ ld [%sp+92],%f3 -/* 0x0098 154 */ ld [%o7-4],%o1 -/* 0x009c 156 */ fmovs %f0,%f2 -/* 0x00a0 */ fsubd %f2,%f0,%f2 -/* 0x00a4 155 */ and %o1,%o4,%o0 -/* 0x00a8 156 */ ble,pt %icc,.L900000306 -/* 0x00ac */ std %f2,[%g3-8] - .L900000309: -/* 0x00b0 155 */ st %o0,[%sp+96] -/* 0x00b4 */ fmovs %f0,%f2 -/* 0x00b8 156 */ add %g3,16,%g3 -/* 0x00bc */ srl %o1,16,%o0 -/* 0x00c0 155 */ ld [%sp+96],%f3 -/* 0x00c4 */ fsubd %f2,%f0,%f2 -/* 0x00c8 */ std %f2,[%g3-16] -/* 0x00cc 156 */ st %o0,[%sp+92] -/* 0x00d0 */ fmovs %f0,%f2 -/* 0x00d4 */ ld [%sp+92],%f3 -/* 0x00d8 */ fsubd %f2,%f0,%f0 -/* 0x00dc */ std %f0,[%g3-8] -/* 0x00e0 */ ret ! Result = -/* 0x00e4 */ restore %g0,%g0,%g0 - .L77000154: -/* 0x00e8 154 */ ld [%o7],%o0 - .L900000311: -/* 0x00ec 155 */ and %o0,%o4,%o1 -/* 0x00f0 */ st %o1,[%sp+96] -/* 0x00f4 156 */ add %g1,1,%g1 -/* 0x00f8 155 */ ldd [%o3],%f0 -/* 0x00fc 156 */ srl %o0,16,%o0 -/* 0x0100 */ add %o7,4,%o7 -/* 0x0104 */ cmp %g1,%o5 -/* 0x0108 155 */ fmovs %f0,%f2 -/* 0x010c */ ld [%sp+96],%f3 -/* 0x0110 */ fsubd %f2,%f0,%f2 -/* 0x0114 */ std %f2,[%g3] -/* 0x0118 156 */ st %o0,[%sp+92] -/* 0x011c */ fmovs %f0,%f2 -/* 0x0120 */ ld [%sp+92],%f3 -/* 0x0124 */ fsubd %f2,%f0,%f0 -/* 0x0128 */ std %f0,[%g3+8] -/* 0x012c */ add %g3,16,%g3 -/* 0x0130 */ ble,a,pt %icc,.L900000311 -/* 0x0134 */ ld [%o7],%o0 - .L77000150: -/* 0x0138 */ ret ! Result = -/* 0x013c */ restore %g0,%g0,%g0 -/* 0x0140 0 */ .type conv_i32_to_d16,2 -/* 0x0140 */ .size conv_i32_to_d16,(.-conv_i32_to_d16) - - .section ".text",#alloc,#execinstr -/* 000000 0 */ .align 8 -! -! CONSTANT POOL -! - .L_const_seg_900000401: -/* 000000 0 */ .word 1127219200,0 -/* 0x0008 0 */ .align 4 -/* 0x0008 */ .skip 16 -! -! SUBROUTINE conv_i32_to_d32_and_d16 -! -! OFFSET SOURCE LINE LABEL INSTRUCTION - - .global conv_i32_to_d32_and_d16 - conv_i32_to_d32_and_d16: -/* 000000 */ save %sp,-120,%sp - .L900000415: -/* 0x0004 */ call .+8 -/* 0x0008 */ sethi /*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000415-.)),%g4 - -! 157 ! } -! 158 !} -! 161 !void conv_i32_to_d32_and_d16(double *d32, double *d16, -! 162 ! unsigned int *i32, int len) -! 163 !{ -! 164 !int i = 0; -! 165 !unsigned int a; -! 167 !#pragma pipeloop(0) -! 168 !#ifdef RF_INLINE_MACROS -! 169 ! for(;i>16); - -/* 0x0158 180 */ sethi %hi(.L_const_seg_900000401),%g2 -/* 0x015c */ add %g2,%lo(.L_const_seg_900000401),%o1 -/* 0x0160 175 */ sethi %hi(0xfc00),%o0 -/* 0x0164 */ ld [%o4+%o1],%o2 -/* 0x0168 */ sll %g5,2,%o3 -/* 0x016c */ sub %i3,%g5,%g3 -/* 0x0170 */ sll %g5,3,%g2 -/* 0x0174 */ add %o0,1023,%o4 -/* 0x0178 178 */ ldd [%o2],%f0 -/* 0x017c */ add %i2,%o3,%o0 -/* 0x0180 175 */ cmp %g3,3 -/* 0x0184 */ add %i4,%g2,%o3 -/* 0x0188 */ sub %i3,1,%o1 -/* 0x018c */ sll %g5,4,%g4 -/* 0x0190 */ bl,pn %icc,.L77000161 -/* 0x0194 */ add %i1,%g4,%o5 -/* 0x0198 178 */ ld [%o0],%f3 -/* 0x019c 180 */ add %o3,8,%o3 -/* 0x01a0 177 */ ld [%o0],%o7 -/* 0x01a4 180 */ add %o5,16,%o5 -/* 0x01a8 */ add %g5,1,%g5 -/* 0x01ac 178 */ fmovs %f0,%f2 -/* 0x01b0 180 */ add %o0,4,%o0 -/* 0x01b4 179 */ and %o7,%o4,%g1 -/* 0x01b8 178 */ fsubd %f2,%f0,%f2 -/* 0x01bc */ std %f2,[%o3-8] -/* 0x01c0 180 */ srl %o7,16,%o7 -/* 0x01c4 179 */ st %g1,[%sp+96] -/* 0x01c8 */ fmovs %f0,%f2 -/* 0x01cc */ ld [%sp+96],%f3 -/* 0x01d0 */ fsubd %f2,%f0,%f2 -/* 0x01d4 */ std %f2,[%o5-16] -/* 0x01d8 180 */ st %o7,[%sp+92] -/* 0x01dc */ fmovs %f0,%f2 -/* 0x01e0 */ ld [%sp+92],%f3 -/* 0x01e4 */ fsubd %f2,%f0,%f2 -/* 0x01e8 */ std %f2,[%o5-8] - .L900000411: -/* 0x01ec 178 */ ld [%o0],%f3 -/* 0x01f0 180 */ add %g5,2,%g5 -/* 0x01f4 */ add %o5,32,%o5 -/* 0x01f8 177 */ ld [%o0],%o7 -/* 0x01fc 180 */ cmp %g5,%o1 -/* 0x0200 */ add %o3,16,%o3 -/* 0x0204 178 */ fmovs %f0,%f2 -/* 0x0208 */ fsubd %f2,%f0,%f2 -/* 0x020c */ std %f2,[%o3-16] -/* 0x0210 179 */ and %o7,%o4,%g1 -/* 0x0214 */ st %g1,[%sp+96] -/* 0x0218 */ ld [%sp+96],%f3 -/* 0x021c */ fmovs %f0,%f2 -/* 0x0220 */ fsubd %f2,%f0,%f2 -/* 0x0224 180 */ srl %o7,16,%o7 -/* 0x0228 179 */ std %f2,[%o5-32] -/* 0x022c 180 */ st %o7,[%sp+92] -/* 0x0230 */ ld [%sp+92],%f3 -/* 0x0234 */ fmovs %f0,%f2 -/* 0x0238 */ fsubd %f2,%f0,%f2 -/* 0x023c */ std %f2,[%o5-24] -/* 0x0240 */ add %o0,4,%o0 -/* 0x0244 178 */ ld [%o0],%f3 -/* 0x0248 177 */ ld [%o0],%o7 -/* 0x024c 178 */ fmovs %f0,%f2 -/* 0x0250 */ fsubd %f2,%f0,%f2 -/* 0x0254 */ std %f2,[%o3-8] -/* 0x0258 179 */ and %o7,%o4,%g1 -/* 0x025c */ st %g1,[%sp+96] -/* 0x0260 */ ld [%sp+96],%f3 -/* 0x0264 */ fmovs %f0,%f2 -/* 0x0268 */ fsubd %f2,%f0,%f2 -/* 0x026c 180 */ srl %o7,16,%o7 -/* 0x0270 179 */ std %f2,[%o5-16] -/* 0x0274 180 */ st %o7,[%sp+92] -/* 0x0278 */ ld [%sp+92],%f3 -/* 0x027c */ fmovs %f0,%f2 -/* 0x0280 */ fsubd %f2,%f0,%f2 -/* 0x0284 */ std %f2,[%o5-8] -/* 0x0288 */ bl,pt %icc,.L900000411 -/* 0x028c */ add %o0,4,%o0 - .L900000414: -/* 0x0290 180 */ cmp %g5,%i3 -/* 0x0294 */ bge,pn %icc,.L77000164 -/* 0x0298 */ nop - .L77000161: -/* 0x029c 178 */ ld [%o0],%f3 - .L900000416: -/* 0x02a0 178 */ ldd [%o2],%f0 -/* 0x02a4 180 */ add %g5,1,%g5 -/* 0x02a8 177 */ ld [%o0],%o1 -/* 0x02ac 180 */ add %o0,4,%o0 -/* 0x02b0 */ cmp %g5,%i3 -/* 0x02b4 178 */ fmovs %f0,%f2 -/* 0x02b8 179 */ and %o1,%o4,%o7 -/* 0x02bc 178 */ fsubd %f2,%f0,%f2 -/* 0x02c0 */ std %f2,[%o3] -/* 0x02c4 180 */ srl %o1,16,%o1 -/* 0x02c8 179 */ st %o7,[%sp+96] -/* 0x02cc 180 */ add %o3,8,%o3 -/* 0x02d0 179 */ fmovs %f0,%f2 -/* 0x02d4 */ ld [%sp+96],%f3 -/* 0x02d8 */ fsubd %f2,%f0,%f2 -/* 0x02dc */ std %f2,[%o5] -/* 0x02e0 180 */ st %o1,[%sp+92] -/* 0x02e4 */ fmovs %f0,%f2 -/* 0x02e8 */ ld [%sp+92],%f3 -/* 0x02ec */ fsubd %f2,%f0,%f0 -/* 0x02f0 */ std %f0,[%o5+8] -/* 0x02f4 */ add %o5,16,%o5 -/* 0x02f8 */ bl,a,pt %icc,.L900000416 -/* 0x02fc */ ld [%o0],%f3 - .L77000164: -/* 0x0300 */ ret ! Result = -/* 0x0304 */ restore %g0,%g0,%g0 -/* 0x0308 0 */ .type conv_i32_to_d32_and_d16,2 -/* 0x0308 */ .size conv_i32_to_d32_and_d16,(.-conv_i32_to_d32_and_d16) - - .section ".text",#alloc,#execinstr -/* 000000 0 */ .align 4 -! -! SUBROUTINE adjust_montf_result -! -! OFFSET SOURCE LINE LABEL INSTRUCTION - - .global adjust_montf_result - adjust_montf_result: -/* 000000 */ or %g0,%o2,%g5 - -! 181 ! } -! 182 !} -! 185 !void adjust_montf_result(unsigned int *i32, unsigned int *nint, int len) -! 186 !{ -! 187 !long long acc; -! 188 !int i; -! 190 ! if(i32[len]>0) i=-1; - -/* 0x0004 190 */ or %g0,-1,%g4 -/* 0x0008 */ sll %o2,2,%g1 -/* 0x000c */ ld [%o0+%g1],%g1 -/* 0x0010 */ cmp %g1,0 -/* 0x0014 */ bleu,pn %icc,.L77000175 -/* 0x0018 */ or %g0,%o1,%o3 -/* 0x001c */ ba .L900000511 -/* 0x0020 */ cmp %g4,0 - .L77000175: - -! 191 ! else -! 192 ! { -! 193 ! for(i=len-1; i>=0; i--) - -/* 0x0024 193 */ sub %o2,1,%g4 -/* 0x0028 */ sll %g4,2,%g1 -/* 0x002c */ cmp %g4,0 -/* 0x0030 */ bl,pt %icc,.L900000511 -/* 0x0034 */ cmp %g4,0 -/* 0x0038 */ add %o1,%g1,%g2 - -! 194 ! { -! 195 ! if(i32[i]!=nint[i]) break; - -/* 0x003c 195 */ ld [%g2],%o5 -/* 0x0040 193 */ add %o0,%g1,%g3 - .L900000510: -/* 0x0044 195 */ ld [%g3],%o2 -/* 0x0048 */ sub %g4,1,%g1 -/* 0x004c */ sub %g2,4,%g2 -/* 0x0050 */ sub %g3,4,%g3 -/* 0x0054 */ cmp %o2,%o5 -/* 0x0058 */ bne,pn %icc,.L77000182 -/* 0x005c */ nop -/* 0x0060 0 */ or %g0,%g1,%g4 -/* 0x0064 195 */ cmp %g1,0 -/* 0x0068 */ bge,a,pt %icc,.L900000510 -/* 0x006c */ ld [%g2],%o5 - .L77000182: - -! 196 ! } -! 197 ! } -! 198 ! if((i<0)||(i32[i]>nint[i])) - -/* 0x0070 198 */ cmp %g4,0 - .L900000511: -/* 0x0074 198 */ bl,pn %icc,.L77000198 -/* 0x0078 */ sll %g4,2,%g2 -/* 0x007c */ ld [%o1+%g2],%g1 -/* 0x0080 */ ld [%o0+%g2],%g2 -/* 0x0084 */ cmp %g2,%g1 -/* 0x0088 */ bleu,pt %icc,.L77000191 -/* 0x008c */ nop - .L77000198: - -! 199 ! { -! 200 ! acc=0; -! 201 ! for(i=0;i>32; - -/* 0x00dc 205 */ or %g0,2,%o5 -/* 0x00e0 201 */ sub %o2,%o1,%o2 -/* 0x00e4 */ or %g0,%o2,%g5 -/* 0x00e8 204 */ and %o2,%g3,%o2 -/* 0x00ec */ st %o2,[%o0] -/* 0x00f0 205 */ srax %g5,32,%g5 - .L900000505: -/* 0x00f4 203 */ ld [%o3],%o2 -/* 0x00f8 205 */ add %o5,1,%o5 -/* 0x00fc */ add %o3,4,%o3 -/* 0x0100 */ cmp %o5,%g4 -/* 0x0104 */ add %o4,4,%o4 -/* 0x0108 201 */ sub %g1,%o2,%g1 -/* 0x010c */ add %g1,%g5,%g5 -/* 0x0110 204 */ and %g5,%g3,%o2 -/* 0x0114 203 */ ld [%o4-4],%g1 -/* 0x0118 204 */ st %o2,[%o4-8] -/* 0x011c 205 */ ble,pt %icc,.L900000505 -/* 0x0120 */ srax %g5,32,%g5 - .L900000508: -/* 0x0124 203 */ ld [%o3],%g2 -/* 0x0128 201 */ sub %g1,%g2,%g1 -/* 0x012c */ add %g1,%g5,%g1 -/* 0x0130 204 */ and %g1,%g3,%g2 -/* 0x0134 */ retl ! Result = -/* 0x0138 */ st %g2,[%o4-4] - .L77000199: -/* 0x013c 203 */ ld [%o4],%g1 - .L900000509: -/* 0x0140 203 */ ld [%o3],%g2 -/* 0x0144 */ add %g5,%g1,%g1 -/* 0x0148 205 */ add %o5,1,%o5 -/* 0x014c */ add %o3,4,%o3 -/* 0x0150 */ cmp %o5,%g4 -/* 0x0154 203 */ sub %g1,%g2,%g1 -/* 0x0158 204 */ and %g1,%g3,%g2 -/* 0x015c */ st %g2,[%o4] -/* 0x0160 205 */ add %o4,4,%o4 -/* 0x0164 */ srax %g1,32,%g5 -/* 0x0168 */ ble,a,pt %icc,.L900000509 -/* 0x016c */ ld [%o4],%g1 - .L77000191: -/* 0x0170 */ retl ! Result = -/* 0x0174 */ nop -/* 0x0178 0 */ .type adjust_montf_result,2 -/* 0x0178 */ .size adjust_montf_result,(.-adjust_montf_result) - - .section ".text",#alloc,#execinstr -/* 000000 0 */ .align 4 -/* 000000 */ .skip 16 -! -! SUBROUTINE mont_mulf_noconv -! -! OFFSET SOURCE LINE LABEL INSTRUCTION - - .global mont_mulf_noconv - mont_mulf_noconv: -/* 000000 */ save %sp,-144,%sp - .L900000646: -/* 0x0004 */ call .+8 -/* 0x0008 */ sethi /*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000646-.)),%g5 - -! 206 ! } -! 207 ! } -! 208 !} -! 213 !/* -! 214 !** the lengths of the input arrays should be at least the following: -! 215 !** result[nlen+1], dm1[nlen], dm2[2*nlen+1], dt[4*nlen+2], dn[nlen], nint[nlen] -! 216 !** all of them should be different from one another -! 217 !** -! 218 !*/ -! 219 !void mont_mulf_noconv(unsigned int *result, -! 220 ! double *dm1, double *dm2, double *dt, -! 221 ! double *dn, unsigned int *nint, -! 222 ! int nlen, double dn0) -! 223 !{ -! 224 ! int i, j, jj; -! 225 ! int tmp; -! 226 ! double digit, m2j, nextm2j, a, b; -! 227 ! double *dptmp, *pdm1, *pdm2, *pdn, *pdtj, pdn_0, pdm1_0; -! 229 ! pdm1=&(dm1[0]); -! 230 ! pdm2=&(dm2[0]); -! 231 ! pdn=&(dn[0]); -! 232 ! pdm2[2*nlen]=Zero; - -/* 0x000c 232 */ ld [%fp+92],%o1 -/* 0x0010 */ sethi %hi(Zero),%g2 -/* 0x0014 223 */ ldd [%fp+96],%f2 -/* 0x0018 */ add %g5,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000646-.)),%g5 -/* 0x001c 232 */ add %g2,%lo(Zero),%g2 -/* 0x0020 223 */ st %i0,[%fp+68] -/* 0x0024 */ add %g5,%o7,%o3 - -! 234 ! if (nlen!=16) -! 235 ! { -! 236 ! for(i=0;i<4*nlen+2;i++) dt[i]=Zero; -! 238 ! a=dt[0]=pdm1[0]*pdm2[0]; -! 239 ! digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16); - -/* 0x0028 239 */ sethi %hi(TwoToMinus16),%g3 -/* 0x002c 232 */ ld [%o3+%g2],%l0 -/* 0x0030 239 */ sethi %hi(TwoTo16),%g4 -/* 0x0034 223 */ or %g0,%i2,%o2 -/* 0x0038 */ fmovd %f2,%f16 -/* 0x003c */ st %i5,[%fp+88] -/* 0x0040 239 */ add %g3,%lo(TwoToMinus16),%g2 -/* 0x0044 223 */ or %g0,%i1,%i2 -/* 0x0048 232 */ ldd [%l0],%f0 -/* 0x004c 239 */ add %g4,%lo(TwoTo16),%g3 -/* 0x0050 223 */ or %g0,%i3,%o0 -/* 0x0054 232 */ sll %o1,4,%g4 -/* 0x0058 239 */ ld [%o3+%g2],%g5 -/* 0x005c 223 */ or %g0,%i3,%i1 -/* 0x0060 239 */ ld [%o3+%g3],%g1 -/* 0x0064 232 */ or %g0,%o1,%i0 -/* 0x0068 */ or %g0,%o2,%i3 -/* 0x006c 234 */ cmp %o1,16 -/* 0x0070 */ be,pn %icc,.L77000279 -/* 0x0074 */ std %f0,[%o2+%g4] -/* 0x0078 236 */ sll %o1,2,%g2 -/* 0x007c */ or %g0,%o0,%o3 -/* 0x0080 232 */ sll %o1,1,%o1 -/* 0x0084 236 */ add %g2,2,%o2 -/* 0x0088 */ cmp %o2,0 -/* 0x008c */ ble,a,pt %icc,.L900000660 -/* 0x0090 */ ldd [%i2],%f0 - -! 241 ! pdtj=&(dt[0]); -! 242 ! for(j=jj=0;j<2*nlen;j++,jj++,pdtj++) -! 243 ! { -! 244 ! m2j=pdm2[j]; -! 245 ! a=pdtj[0]+pdn[0]*digit; -! 246 ! b=pdtj[1]+pdm1[0]*pdm2[j+1]+a*TwoToMinus16; -! 247 ! pdtj[1]=b; -! 249 !#pragma pipeloop(0) -! 250 ! for(i=1;i>32); -! 122 ! d=(long long)d16[2*i+3]; -! 123 ! t1+=(b&0xffff)<<16; - -/* 0x0068 123 */ and %i2,%o5,%i4 -/* 0x006c */ sllx %i4,16,%o1 -/* 0x0070 117 */ cmp %g2,6 -/* 0x0074 */ bl,pn %icc,.L77000134 -/* 0x0078 */ or %g0,3,%i0 -/* 0x007c 119 */ ldd [%o4+16],%f0 -/* 0x0080 120 */ and %i3,%g3,%o3 - -! 124 ! t+=(b>>16)+(t1>>32); - -/* 0x0084 124 */ srax %i2,16,%i5 -/* 0x0088 117 */ add %o3,%o1,%i4 -/* 0x008c 121 */ srax %i3,32,%i3 -/* 0x0090 119 */ fdtox %f0,%f0 -/* 0x0094 */ std %f0,[%sp+2231] - -! 125 ! i32[i]=t1&0xffffffff; - -/* 0x0098 125 */ and %i4,%g3,%l0 -/* 0x009c 117 */ or %g0,72,%o3 -/* 0x00a0 122 */ ldd [%g4+24],%f0 -/* 0x00a4 117 */ or %g0,64,%o4 -/* 0x00a8 */ or %g0,4,%o1 - -! 126 ! t1=t; -! 127 ! a=c; -! 128 ! b=d; - -/* 0x00ac 128 */ or %g0,5,%i0 -/* 0x00b0 */ or %g0,4,%i1 -/* 0x00b4 119 */ ldx [%sp+2231],%g2 -/* 0x00b8 122 */ fdtox %f0,%f0 -/* 0x00bc 128 */ or %g0,4,%o0 -/* 0x00c0 122 */ std %f0,[%sp+2223] -/* 0x00c4 */ ldd [%g4+40],%f2 -/* 0x00c8 120 */ and %g2,%g3,%i2 -/* 0x00cc 119 */ ldd [%g4+32],%f0 -/* 0x00d0 121 */ srax %g2,32,%g2 -/* 0x00d4 122 */ ldd [%g4+56],%f4 -/* 0x00d8 */ fdtox %f2,%f2 -/* 0x00dc */ ldx [%sp+2223],%g5 -/* 0x00e0 119 */ fdtox %f0,%f0 -/* 0x00e4 125 */ st %l0,[%g1] -/* 0x00e8 124 */ srax %i4,32,%l0 -/* 0x00ec 122 */ fdtox %f4,%f4 -/* 0x00f0 */ std %f2,[%sp+2223] -/* 0x00f4 123 */ and %g5,%o5,%i4 -/* 0x00f8 124 */ add %i5,%l0,%i5 -/* 0x00fc 119 */ std %f0,[%sp+2231] -/* 0x0100 123 */ sllx %i4,16,%i4 -/* 0x0104 124 */ add %i3,%i5,%i3 -/* 0x0108 119 */ ldd [%g4+48],%f2 -/* 0x010c 124 */ srax %g5,16,%g5 -/* 0x0110 117 */ add %i2,%i4,%i2 -/* 0x0114 122 */ ldd [%g4+72],%f0 -/* 0x0118 117 */ add %i2,%i3,%i4 -/* 0x011c 124 */ srax %i4,32,%i5 -/* 0x0120 119 */ fdtox %f2,%f2 -/* 0x0124 125 */ and %i4,%g3,%i4 -/* 0x0128 122 */ ldx [%sp+2223],%i2 -/* 0x012c 124 */ add %g5,%i5,%g5 -/* 0x0130 119 */ ldx [%sp+2231],%i3 -/* 0x0134 124 */ add %g2,%g5,%g5 -/* 0x0138 119 */ std %f2,[%sp+2231] -/* 0x013c 122 */ std %f4,[%sp+2223] -/* 0x0140 119 */ ldd [%g4+64],%f2 -/* 0x0144 125 */ st %i4,[%g1+4] - .L900000108: -/* 0x0148 122 */ ldx [%sp+2223],%i4 -/* 0x014c 128 */ add %o0,2,%o0 -/* 0x0150 */ add %i0,4,%i0 -/* 0x0154 119 */ ldx [%sp+2231],%l0 -/* 0x0158 117 */ add %o3,16,%o3 -/* 0x015c 123 */ and %i2,%o5,%g2 -/* 0x0160 */ sllx %g2,16,%i5 -/* 0x0164 120 */ and %i3,%g3,%g2 -/* 0x0168 122 */ ldd [%g4+%o3],%f4 -/* 0x016c */ fdtox %f0,%f0 -/* 0x0170 */ std %f0,[%sp+2223] -/* 0x0174 124 */ srax %i2,16,%i2 -/* 0x0178 117 */ add %g2,%i5,%g2 -/* 0x017c 119 */ fdtox %f2,%f0 -/* 0x0180 117 */ add %o4,16,%o4 -/* 0x0184 119 */ std %f0,[%sp+2231] -/* 0x0188 117 */ add %g2,%g5,%g2 -/* 0x018c 119 */ ldd [%g4+%o4],%f2 -/* 0x0190 124 */ srax %g2,32,%i5 -/* 0x0194 128 */ cmp %o0,%o2 -/* 0x0198 121 */ srax %i3,32,%g5 -/* 0x019c 124 */ add %i2,%i5,%i2 -/* 0x01a0 */ add %g5,%i2,%i5 -/* 0x01a4 117 */ add %o1,4,%o1 -/* 0x01a8 125 */ and %g2,%g3,%g2 -/* 0x01ac 127 */ or %g0,%l0,%g5 -/* 0x01b0 125 */ st %g2,[%g1+%o1] -/* 0x01b4 128 */ add %i1,4,%i1 -/* 0x01b8 122 */ ldx [%sp+2223],%i2 -/* 0x01bc 119 */ ldx [%sp+2231],%i3 -/* 0x01c0 117 */ add %o3,16,%o3 -/* 0x01c4 123 */ and %i4,%o5,%g2 -/* 0x01c8 */ sllx %g2,16,%l0 -/* 0x01cc 120 */ and %g5,%g3,%g2 -/* 0x01d0 122 */ ldd [%g4+%o3],%f0 -/* 0x01d4 */ fdtox %f4,%f4 -/* 0x01d8 */ std %f4,[%sp+2223] -/* 0x01dc 124 */ srax %i4,16,%i4 -/* 0x01e0 117 */ add %g2,%l0,%g2 -/* 0x01e4 119 */ fdtox %f2,%f2 -/* 0x01e8 117 */ add %o4,16,%o4 -/* 0x01ec 119 */ std %f2,[%sp+2231] -/* 0x01f0 117 */ add %g2,%i5,%g2 -/* 0x01f4 119 */ ldd [%g4+%o4],%f2 -/* 0x01f8 124 */ srax %g2,32,%i5 -/* 0x01fc 121 */ srax %g5,32,%g5 -/* 0x0200 124 */ add %i4,%i5,%i4 -/* 0x0204 */ add %g5,%i4,%g5 -/* 0x0208 117 */ add %o1,4,%o1 -/* 0x020c 125 */ and %g2,%g3,%g2 -/* 0x0210 128 */ ble,pt %icc,.L900000108 -/* 0x0214 */ st %g2,[%g1+%o1] - .L900000111: -/* 0x0218 122 */ ldx [%sp+2223],%o2 -/* 0x021c 123 */ and %i2,%o5,%i4 -/* 0x0220 120 */ and %i3,%g3,%g2 -/* 0x0224 123 */ sllx %i4,16,%i4 -/* 0x0228 119 */ ldx [%sp+2231],%i5 -/* 0x022c 128 */ cmp %o0,%o7 -/* 0x0230 124 */ srax %i2,16,%i2 -/* 0x0234 117 */ add %g2,%i4,%g2 -/* 0x0238 122 */ fdtox %f0,%f4 -/* 0x023c */ std %f4,[%sp+2223] -/* 0x0240 117 */ add %g2,%g5,%g5 -/* 0x0244 123 */ and %o2,%o5,%l0 -/* 0x0248 124 */ srax %g5,32,%l1 -/* 0x024c 120 */ and %i5,%g3,%i4 -/* 0x0250 119 */ fdtox %f2,%f0 -/* 0x0254 121 */ srax %i3,32,%g2 -/* 0x0258 119 */ std %f0,[%sp+2231] -/* 0x025c 124 */ add %i2,%l1,%i2 -/* 0x0260 123 */ sllx %l0,16,%i3 -/* 0x0264 124 */ add %g2,%i2,%i2 -/* 0x0268 */ srax %o2,16,%o2 -/* 0x026c 117 */ add %o1,4,%g2 -/* 0x0270 */ add %i4,%i3,%o1 -/* 0x0274 125 */ and %g5,%g3,%g5 -/* 0x0278 */ st %g5,[%g1+%g2] -/* 0x027c 119 */ ldx [%sp+2231],%i3 -/* 0x0280 117 */ add %o1,%i2,%o1 -/* 0x0284 */ add %g2,4,%g2 -/* 0x0288 124 */ srax %o1,32,%i4 -/* 0x028c 122 */ ldx [%sp+2223],%i2 -/* 0x0290 125 */ and %o1,%g3,%g5 -/* 0x0294 121 */ srax %i5,32,%o1 -/* 0x0298 124 */ add %o2,%i4,%o2 -/* 0x029c 125 */ st %g5,[%g1+%g2] -/* 0x02a0 128 */ bg,pn %icc,.L77000127 -/* 0x02a4 */ add %o1,%o2,%g5 -/* 0x02a8 */ add %i0,6,%i0 -/* 0x02ac */ add %i1,6,%i1 - .L77000134: -/* 0x02b0 119 */ sra %i1,0,%o2 - .L900000112: -/* 0x02b4 119 */ sllx %o2,3,%o3 -/* 0x02b8 120 */ and %i3,%g3,%o1 -/* 0x02bc 119 */ ldd [%g4+%o3],%f0 -/* 0x02c0 122 */ sra %i0,0,%o3 -/* 0x02c4 123 */ and %i2,%o5,%o2 -/* 0x02c8 122 */ sllx %o3,3,%o3 -/* 0x02cc 120 */ add %g5,%o1,%o1 -/* 0x02d0 119 */ fdtox %f0,%f0 -/* 0x02d4 */ std %f0,[%sp+2231] -/* 0x02d8 123 */ sllx %o2,16,%o2 -/* 0x02dc */ add %o1,%o2,%o2 -/* 0x02e0 128 */ add %i1,2,%i1 -/* 0x02e4 122 */ ldd [%g4+%o3],%f0 -/* 0x02e8 124 */ srax %o2,32,%g2 -/* 0x02ec 125 */ and %o2,%g3,%o3 -/* 0x02f0 124 */ srax %i2,16,%o1 -/* 0x02f4 128 */ add %i0,2,%i0 -/* 0x02f8 122 */ fdtox %f0,%f0 -/* 0x02fc */ std %f0,[%sp+2223] -/* 0x0300 125 */ sra %o0,0,%o2 -/* 0x0304 */ sllx %o2,2,%o2 -/* 0x0308 124 */ add %o1,%g2,%g5 -/* 0x030c 121 */ srax %i3,32,%g2 -/* 0x0310 128 */ add %o0,1,%o0 -/* 0x0314 124 */ add %g2,%g5,%g5 -/* 0x0318 128 */ cmp %o0,%o7 -/* 0x031c 119 */ ldx [%sp+2231],%o4 -/* 0x0320 122 */ ldx [%sp+2223],%i2 -/* 0x0324 125 */ st %o3,[%g1+%o2] -/* 0x0328 127 */ or %g0,%o4,%i3 -/* 0x032c 128 */ ble,pt %icc,.L900000112 -/* 0x0330 */ sra %i1,0,%o2 - .L77000127: - -! 129 ! } -! 130 ! t1+=a&0xffffffff; -! 131 ! t=(a>>32); -! 132 ! t1+=(b&0xffff)<<16; -! 133 ! i32[i]=t1&0xffffffff; - -/* 0x0334 133 */ sethi %hi(0xfc00),%g2 - .L900000113: -/* 0x0338 133 */ or %g0,-1,%g3 -/* 0x033c */ add %g2,1023,%g2 -/* 0x0340 */ srl %g3,0,%g3 -/* 0x0344 */ and %i2,%g2,%g2 -/* 0x0348 */ and %i3,%g3,%g4 -/* 0x034c */ sllx %g2,16,%g2 -/* 0x0350 */ add %g5,%g4,%g4 -/* 0x0354 */ sra %o0,0,%g5 -/* 0x0358 */ add %g4,%g2,%g4 -/* 0x035c */ sllx %g5,2,%g2 -/* 0x0360 */ and %g4,%g3,%g3 -/* 0x0364 */ st %g3,[%g1+%g2] -/* 0x0368 */ ret ! Result = -/* 0x036c */ restore %g0,%g0,%g0 -/* 0x0370 0 */ .type conv_d16_to_i32,2 -/* 0x0370 */ .size conv_d16_to_i32,(.-conv_d16_to_i32) - - .section ".text",#alloc,#execinstr -/* 000000 0 */ .align 8 -! -! CONSTANT POOL -! - .L_const_seg_900000201: -/* 000000 0 */ .word 1127219200,0 -/* 0x0008 0 */ .align 8 -/* 0x0008 */ .skip 24 -! -! SUBROUTINE conv_i32_to_d32 -! -! OFFSET SOURCE LINE LABEL INSTRUCTION - - .global conv_i32_to_d32 - conv_i32_to_d32: -/* 000000 */ or %g0,%o7,%g3 - -! 135 !} -! 137 !void conv_i32_to_d32(double *d32, unsigned int *i32, int len) -! 138 !{ -! 139 !int i; -! 141 !#pragma pipeloop(0) -! 142 ! for(i=0;i>16); - -/* 0x001c 156 */ sethi %hi(.L_const_seg_900000301),%g2 -/* 0x0020 147 */ or %g0,%i2,%o1 -/* 0x0024 152 */ sethi %hi(0xfc00),%g3 -/* 0x0028 156 */ add %g2,%lo(.L_const_seg_900000301),%g2 -/* 0x002c 152 */ or %g0,%o1,%g4 -/* 0x0030 156 */ ldx [%o0+%g2],%o5 -/* 0x0034 152 */ add %g3,1023,%g1 -/* 0x0038 147 */ or %g0,%i1,%o7 -/* 0x003c 152 */ or %g0,0,%i2 -/* 0x0040 */ sub %o1,1,%g5 -/* 0x0044 */ or %g0,0,%g3 -/* 0x0048 */ or %g0,1,%g2 -/* 0x004c 154 */ or %g0,0,%o2 -/* 0x0050 */ cmp %g4,6 -/* 0x0054 152 */ bl,pn %icc,.L77000154 -/* 0x0058 */ ldd [%o5],%f0 -/* 0x005c */ sub %o1,2,%o3 -/* 0x0060 */ or %g0,16,%o2 -/* 0x0064 154 */ ld [%i1],%o4 -/* 0x0068 156 */ or %g0,3,%g2 -/* 0x006c */ or %g0,2,%g3 -/* 0x0070 155 */ fmovs %f0,%f2 -/* 0x0074 156 */ or %g0,4,%i2 -/* 0x0078 155 */ and %o4,%g1,%o0 -/* 0x007c */ st %o0,[%sp+2227] -/* 0x0080 */ fmovs %f0,%f4 -/* 0x0084 156 */ srl %o4,16,%i4 -/* 0x0088 152 */ or %g0,12,%o4 -/* 0x008c */ or %g0,24,%o0 -/* 0x0090 155 */ ld [%sp+2227],%f3 -/* 0x0094 */ fsubd %f2,%f0,%f2 -/* 0x0098 */ std %f2,[%i0] -/* 0x009c 156 */ st %i4,[%sp+2223] -/* 0x00a0 154 */ ld [%o7+4],%o1 -/* 0x00a4 156 */ fmovs %f0,%f2 -/* 0x00a8 155 */ and %o1,%g1,%i1 -/* 0x00ac 156 */ ld [%sp+2223],%f3 -/* 0x00b0 */ srl %o1,16,%o1 -/* 0x00b4 */ fsubd %f2,%f0,%f2 -/* 0x00b8 */ std %f2,[%i0+8] -/* 0x00bc */ st %o1,[%sp+2223] -/* 0x00c0 155 */ st %i1,[%sp+2227] -/* 0x00c4 154 */ ld [%o7+8],%o1 -/* 0x00c8 156 */ fmovs %f0,%f2 -/* 0x00cc 155 */ and %o1,%g1,%g4 -/* 0x00d0 */ ld [%sp+2227],%f5 -/* 0x00d4 156 */ srl %o1,16,%o1 -/* 0x00d8 */ ld [%sp+2223],%f3 -/* 0x00dc */ st %o1,[%sp+2223] -/* 0x00e0 155 */ fsubd %f4,%f0,%f4 -/* 0x00e4 */ st %g4,[%sp+2227] -/* 0x00e8 156 */ fsubd %f2,%f0,%f2 -/* 0x00ec 154 */ ld [%o7+12],%o1 -/* 0x00f0 155 */ std %f4,[%i0+16] -/* 0x00f4 156 */ std %f2,[%i0+24] - .L900000306: -/* 0x00f8 155 */ ld [%sp+2227],%f5 -/* 0x00fc 156 */ add %i2,2,%i2 -/* 0x0100 */ add %g2,4,%g2 -/* 0x0104 */ ld [%sp+2223],%f3 -/* 0x0108 */ cmp %i2,%o3 -/* 0x010c */ add %g3,4,%g3 -/* 0x0110 155 */ and %o1,%g1,%g4 -/* 0x0114 156 */ srl %o1,16,%o1 -/* 0x0118 155 */ st %g4,[%sp+2227] -/* 0x011c 156 */ st %o1,[%sp+2223] -/* 0x0120 152 */ add %o4,4,%o1 -/* 0x0124 154 */ ld [%o7+%o1],%o4 -/* 0x0128 156 */ fmovs %f0,%f2 -/* 0x012c 155 */ fmovs %f0,%f4 -/* 0x0130 */ fsubd %f4,%f0,%f4 -/* 0x0134 152 */ add %o2,16,%o2 -/* 0x0138 156 */ fsubd %f2,%f0,%f2 -/* 0x013c 155 */ std %f4,[%i0+%o2] -/* 0x0140 152 */ add %o0,16,%o0 -/* 0x0144 156 */ std %f2,[%i0+%o0] -/* 0x0148 155 */ ld [%sp+2227],%f5 -/* 0x014c 156 */ ld [%sp+2223],%f3 -/* 0x0150 155 */ and %o4,%g1,%g4 -/* 0x0154 156 */ srl %o4,16,%o4 -/* 0x0158 155 */ st %g4,[%sp+2227] -/* 0x015c 156 */ st %o4,[%sp+2223] -/* 0x0160 152 */ add %o1,4,%o4 -/* 0x0164 154 */ ld [%o7+%o4],%o1 -/* 0x0168 156 */ fmovs %f0,%f2 -/* 0x016c 155 */ fmovs %f0,%f4 -/* 0x0170 */ fsubd %f4,%f0,%f4 -/* 0x0174 152 */ add %o2,16,%o2 -/* 0x0178 156 */ fsubd %f2,%f0,%f2 -/* 0x017c 155 */ std %f4,[%i0+%o2] -/* 0x0180 152 */ add %o0,16,%o0 -/* 0x0184 156 */ ble,pt %icc,.L900000306 -/* 0x0188 */ std %f2,[%i0+%o0] - .L900000309: -/* 0x018c 155 */ ld [%sp+2227],%f5 -/* 0x0190 156 */ fmovs %f0,%f2 -/* 0x0194 */ srl %o1,16,%o3 -/* 0x0198 */ ld [%sp+2223],%f3 -/* 0x019c 155 */ and %o1,%g1,%i1 -/* 0x01a0 152 */ add %o2,16,%g4 -/* 0x01a4 155 */ fmovs %f0,%f4 -/* 0x01a8 */ st %i1,[%sp+2227] -/* 0x01ac 152 */ add %o0,16,%o2 -/* 0x01b0 156 */ st %o3,[%sp+2223] -/* 0x01b4 154 */ sra %i2,0,%o3 -/* 0x01b8 152 */ add %g4,16,%o1 -/* 0x01bc 155 */ fsubd %f4,%f0,%f4 -/* 0x01c0 */ std %f4,[%i0+%g4] -/* 0x01c4 152 */ add %o0,32,%o0 -/* 0x01c8 156 */ fsubd %f2,%f0,%f2 -/* 0x01cc */ std %f2,[%i0+%o2] -/* 0x01d0 */ sllx %o3,2,%o2 -/* 0x01d4 155 */ ld [%sp+2227],%f5 -/* 0x01d8 156 */ cmp %i2,%g5 -/* 0x01dc */ add %g2,6,%g2 -/* 0x01e0 */ ld [%sp+2223],%f3 -/* 0x01e4 */ add %g3,6,%g3 -/* 0x01e8 155 */ fmovs %f0,%f4 -/* 0x01ec 156 */ fmovs %f0,%f2 -/* 0x01f0 155 */ fsubd %f4,%f0,%f4 -/* 0x01f4 */ std %f4,[%i0+%o1] -/* 0x01f8 156 */ fsubd %f2,%f0,%f0 -/* 0x01fc */ bg,pn %icc,.L77000150 -/* 0x0200 */ std %f0,[%i0+%o0] - .L77000154: -/* 0x0204 155 */ ldd [%o5],%f0 - .L900000311: -/* 0x0208 154 */ ld [%o7+%o2],%o0 -/* 0x020c 155 */ sra %g3,0,%o1 -/* 0x0210 */ fmovs %f0,%f2 -/* 0x0214 */ sllx %o1,3,%o2 -/* 0x0218 156 */ add %i2,1,%i2 -/* 0x021c 155 */ and %o0,%g1,%o1 -/* 0x0220 */ st %o1,[%sp+2227] -/* 0x0224 156 */ add %g3,2,%g3 -/* 0x0228 */ srl %o0,16,%o1 -/* 0x022c */ cmp %i2,%g5 -/* 0x0230 */ sra %g2,0,%o0 -/* 0x0234 */ add %g2,2,%g2 -/* 0x0238 */ sllx %o0,3,%o0 -/* 0x023c 155 */ ld [%sp+2227],%f3 -/* 0x0240 154 */ sra %i2,0,%o3 -/* 0x0244 155 */ fsubd %f2,%f0,%f2 -/* 0x0248 */ std %f2,[%i0+%o2] -/* 0x024c */ sllx %o3,2,%o2 -/* 0x0250 156 */ st %o1,[%sp+2223] -/* 0x0254 */ fmovs %f0,%f2 -/* 0x0258 */ ld [%sp+2223],%f3 -/* 0x025c */ fsubd %f2,%f0,%f0 -/* 0x0260 */ std %f0,[%i0+%o0] -/* 0x0264 */ ble,a,pt %icc,.L900000311 -/* 0x0268 */ ldd [%o5],%f0 - .L77000150: -/* 0x026c */ ret ! Result = -/* 0x0270 */ restore %g0,%g0,%g0 -/* 0x0274 0 */ .type conv_i32_to_d16,2 -/* 0x0274 */ .size conv_i32_to_d16,(.-conv_i32_to_d16) - - .section ".text",#alloc,#execinstr -/* 000000 0 */ .align 8 -! -! CONSTANT POOL -! - .L_const_seg_900000401: -/* 000000 0 */ .word 1127219200,0 -/* 0x0008 0 */ .align 8 -/* 0x0008 */ .skip 24 -! -! SUBROUTINE conv_i32_to_d32_and_d16 -! -! OFFSET SOURCE LINE LABEL INSTRUCTION - - .global conv_i32_to_d32_and_d16 - conv_i32_to_d32_and_d16: -/* 000000 */ save %sp,-192,%sp - .L900000415: -/* 0x0004 */ call .+8 -/* 0x0008 */ sethi /*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000415-.)),%g3 - -! 157 ! } -! 158 !} -! 161 !void conv_i32_to_d32_and_d16(double *d32, double *d16, -! 162 ! unsigned int *i32, int len) -! 163 !{ -! 164 !int i = 0; -! 165 !unsigned int a; -! 167 !#pragma pipeloop(0) -! 168 !#ifdef RF_INLINE_MACROS -! 169 ! for(;i>16); - -/* 0x0158 180 */ sethi %hi(.L_const_seg_900000401),%g2 -/* 0x015c */ add %g2,%lo(.L_const_seg_900000401),%g2 -/* 0x0160 175 */ sethi %hi(0xfc00),%g3 -/* 0x0164 180 */ ldx [%o3+%g2],%g1 -/* 0x0168 175 */ sll %i2,1,%i4 -/* 0x016c */ sub %g5,%i2,%g4 -/* 0x0170 177 */ sra %i2,0,%o3 -/* 0x0174 175 */ add %g3,1023,%g3 -/* 0x0178 178 */ ldd [%g1],%f2 -/* 0x017c */ sllx %o3,2,%o2 -/* 0x0180 175 */ add %i4,1,%g2 -/* 0x0184 177 */ or %g0,%o3,%o1 -/* 0x0188 */ cmp %g4,6 -/* 0x018c 175 */ bl,pn %icc,.L77000161 -/* 0x0190 */ sra %i2,0,%o3 -/* 0x0194 177 */ or %g0,%o2,%o0 -/* 0x0198 178 */ ld [%i0+%o2],%f5 -/* 0x019c 179 */ fmovs %f2,%f8 -/* 0x01a0 175 */ add %o0,4,%o3 -/* 0x01a4 177 */ ld [%i0+%o0],%o7 -/* 0x01a8 180 */ fmovs %f2,%f6 -/* 0x01ac 178 */ fmovs %f2,%f4 -/* 0x01b0 */ sllx %o1,3,%o2 -/* 0x01b4 175 */ add %o3,4,%o5 -/* 0x01b8 179 */ sra %i4,0,%o0 -/* 0x01bc 175 */ add %o3,8,%o4 -/* 0x01c0 178 */ fsubd %f4,%f2,%f4 -/* 0x01c4 */ std %f4,[%i3+%o2] -/* 0x01c8 179 */ sllx %o0,3,%i5 -/* 0x01cc */ and %o7,%g3,%o0 -/* 0x01d0 */ st %o0,[%sp+2227] -/* 0x01d4 175 */ add %i5,16,%o1 -/* 0x01d8 180 */ srl %o7,16,%g4 -/* 0x01dc */ add %i2,1,%i2 -/* 0x01e0 */ sra %g2,0,%o0 -/* 0x01e4 175 */ add %o2,8,%o2 -/* 0x01e8 179 */ fmovs %f2,%f4 -/* 0x01ec 180 */ sllx %o0,3,%l0 -/* 0x01f0 */ add %i4,3,%g2 -/* 0x01f4 179 */ ld [%sp+2227],%f5 -/* 0x01f8 175 */ add %l0,16,%o0 -/* 0x01fc 180 */ add %i4,2,%i4 -/* 0x0200 175 */ sub %g5,1,%o7 -/* 0x0204 180 */ add %i2,3,%i2 -/* 0x0208 179 */ fsubd %f4,%f2,%f4 -/* 0x020c */ std %f4,[%i1+%i5] -/* 0x0210 180 */ st %g4,[%sp+2223] -/* 0x0214 177 */ ld [%i0+%o3],%i5 -/* 0x0218 180 */ fmovs %f2,%f4 -/* 0x021c */ srl %i5,16,%g4 -/* 0x0220 179 */ and %i5,%g3,%i5 -/* 0x0224 180 */ ld [%sp+2223],%f5 -/* 0x0228 */ fsubd %f4,%f2,%f4 -/* 0x022c */ std %f4,[%i1+%l0] -/* 0x0230 */ st %g4,[%sp+2223] -/* 0x0234 177 */ ld [%i0+%o5],%g4 -/* 0x0238 179 */ st %i5,[%sp+2227] -/* 0x023c 178 */ fmovs %f2,%f4 -/* 0x0240 180 */ srl %g4,16,%i5 -/* 0x0244 179 */ and %g4,%g3,%g4 -/* 0x0248 180 */ ld [%sp+2223],%f7 -/* 0x024c */ st %i5,[%sp+2223] -/* 0x0250 178 */ ld [%i0+%o3],%f5 -/* 0x0254 180 */ fsubd %f6,%f2,%f6 -/* 0x0258 177 */ ld [%i0+%o4],%o3 -/* 0x025c 178 */ fsubd %f4,%f2,%f4 -/* 0x0260 179 */ ld [%sp+2227],%f9 -/* 0x0264 180 */ ld [%sp+2223],%f1 -/* 0x0268 179 */ st %g4,[%sp+2227] -/* 0x026c */ fsubd %f8,%f2,%f8 -/* 0x0270 */ std %f8,[%i1+%o1] -/* 0x0274 180 */ std %f6,[%i1+%o0] -/* 0x0278 178 */ std %f4,[%i3+%o2] - .L900000411: -/* 0x027c 179 */ ld [%sp+2227],%f13 -/* 0x0280 180 */ srl %o3,16,%g4 -/* 0x0284 */ add %i2,2,%i2 -/* 0x0288 */ st %g4,[%sp+2223] -/* 0x028c */ cmp %i2,%o7 -/* 0x0290 */ add %g2,4,%g2 -/* 0x0294 178 */ ld [%i0+%o5],%f11 -/* 0x0298 180 */ add %i4,4,%i4 -/* 0x029c 175 */ add %o4,4,%o5 -/* 0x02a0 177 */ ld [%i0+%o5],%g4 -/* 0x02a4 179 */ and %o3,%g3,%o3 -/* 0x02a8 */ st %o3,[%sp+2227] -/* 0x02ac 180 */ fmovs %f2,%f0 -/* 0x02b0 179 */ fmovs %f2,%f12 -/* 0x02b4 180 */ fsubd %f0,%f2,%f8 -/* 0x02b8 179 */ fsubd %f12,%f2,%f4 -/* 0x02bc 175 */ add %o1,16,%o1 -/* 0x02c0 180 */ ld [%sp+2223],%f7 -/* 0x02c4 178 */ fmovs %f2,%f10 -/* 0x02c8 179 */ std %f4,[%i1+%o1] -/* 0x02cc 175 */ add %o0,16,%o0 -/* 0x02d0 178 */ fsubd %f10,%f2,%f4 -/* 0x02d4 175 */ add %o2,8,%o2 -/* 0x02d8 180 */ std %f8,[%i1+%o0] -/* 0x02dc 178 */ std %f4,[%i3+%o2] -/* 0x02e0 179 */ ld [%sp+2227],%f9 -/* 0x02e4 180 */ srl %g4,16,%o3 -/* 0x02e8 */ st %o3,[%sp+2223] -/* 0x02ec 178 */ ld [%i0+%o4],%f5 -/* 0x02f0 175 */ add %o4,8,%o4 -/* 0x02f4 177 */ ld [%i0+%o4],%o3 -/* 0x02f8 179 */ and %g4,%g3,%g4 -/* 0x02fc */ st %g4,[%sp+2227] -/* 0x0300 180 */ fmovs %f2,%f6 -/* 0x0304 179 */ fmovs %f2,%f8 -/* 0x0308 180 */ fsubd %f6,%f2,%f6 -/* 0x030c 179 */ fsubd %f8,%f2,%f8 -/* 0x0310 175 */ add %o1,16,%o1 -/* 0x0314 180 */ ld [%sp+2223],%f1 -/* 0x0318 178 */ fmovs %f2,%f4 -/* 0x031c 179 */ std %f8,[%i1+%o1] -/* 0x0320 175 */ add %o0,16,%o0 -/* 0x0324 178 */ fsubd %f4,%f2,%f4 -/* 0x0328 175 */ add %o2,8,%o2 -/* 0x032c 180 */ std %f6,[%i1+%o0] -/* 0x0330 */ bl,pt %icc,.L900000411 -/* 0x0334 */ std %f4,[%i3+%o2] - .L900000414: -/* 0x0338 180 */ srl %o3,16,%o7 -/* 0x033c */ st %o7,[%sp+2223] -/* 0x0340 179 */ fmovs %f2,%f12 -/* 0x0344 178 */ ld [%i0+%o5],%f11 -/* 0x0348 180 */ fmovs %f2,%f0 -/* 0x034c 179 */ and %o3,%g3,%g4 -/* 0x0350 180 */ fmovs %f2,%f6 -/* 0x0354 175 */ add %o1,16,%o3 -/* 0x0358 */ add %o0,16,%o7 -/* 0x035c 178 */ fmovs %f2,%f10 -/* 0x0360 175 */ add %o2,8,%o2 -/* 0x0364 */ add %o1,32,%o5 -/* 0x0368 179 */ ld [%sp+2227],%f13 -/* 0x036c 178 */ fmovs %f2,%f4 -/* 0x0370 175 */ add %o0,32,%o1 -/* 0x0374 180 */ ld [%sp+2223],%f7 -/* 0x0378 175 */ add %o2,8,%o0 -/* 0x037c 180 */ cmp %i2,%g5 -/* 0x0380 179 */ st %g4,[%sp+2227] -/* 0x0384 */ fsubd %f12,%f2,%f8 -/* 0x0388 180 */ add %g2,6,%g2 -/* 0x038c 179 */ std %f8,[%i1+%o3] -/* 0x0390 180 */ fsubd %f0,%f2,%f0 -/* 0x0394 177 */ sra %i2,0,%o3 -/* 0x0398 180 */ std %f0,[%i1+%o7] -/* 0x039c 178 */ fsubd %f10,%f2,%f0 -/* 0x03a0 180 */ add %i4,6,%i4 -/* 0x03a4 178 */ std %f0,[%i3+%o2] -/* 0x03a8 */ sllx %o3,2,%o2 -/* 0x03ac 179 */ ld [%sp+2227],%f9 -/* 0x03b0 178 */ ld [%i0+%o4],%f5 -/* 0x03b4 179 */ fmovs %f2,%f8 -/* 0x03b8 */ fsubd %f8,%f2,%f0 -/* 0x03bc */ std %f0,[%i1+%o5] -/* 0x03c0 180 */ fsubd %f6,%f2,%f0 -/* 0x03c4 */ std %f0,[%i1+%o1] -/* 0x03c8 178 */ fsubd %f4,%f2,%f0 -/* 0x03cc 180 */ bge,pn %icc,.L77000164 -/* 0x03d0 */ std %f0,[%i3+%o0] - .L77000161: -/* 0x03d4 178 */ ldd [%g1],%f2 - .L900000416: -/* 0x03d8 178 */ ld [%i0+%o2],%f5 -/* 0x03dc 179 */ sra %i4,0,%o0 -/* 0x03e0 180 */ add %i2,1,%i2 -/* 0x03e4 177 */ ld [%i0+%o2],%o1 -/* 0x03e8 178 */ sllx %o3,3,%o3 -/* 0x03ec 180 */ add %i4,2,%i4 -/* 0x03f0 178 */ fmovs %f2,%f4 -/* 0x03f4 179 */ sllx %o0,3,%o4 -/* 0x03f8 180 */ cmp %i2,%g5 -/* 0x03fc 179 */ and %o1,%g3,%o0 -/* 0x0400 178 */ fsubd %f4,%f2,%f0 -/* 0x0404 */ std %f0,[%i3+%o3] -/* 0x0408 180 */ srl %o1,16,%o1 -/* 0x040c 179 */ st %o0,[%sp+2227] -/* 0x0410 180 */ sra %g2,0,%o0 -/* 0x0414 */ add %g2,2,%g2 -/* 0x0418 177 */ sra %i2,0,%o3 -/* 0x041c 180 */ sllx %o0,3,%o0 -/* 0x0420 179 */ fmovs %f2,%f4 -/* 0x0424 */ sllx %o3,2,%o2 -/* 0x0428 */ ld [%sp+2227],%f5 -/* 0x042c */ fsubd %f4,%f2,%f0 -/* 0x0430 */ std %f0,[%i1+%o4] -/* 0x0434 180 */ st %o1,[%sp+2223] -/* 0x0438 */ fmovs %f2,%f4 -/* 0x043c */ ld [%sp+2223],%f5 -/* 0x0440 */ fsubd %f4,%f2,%f0 -/* 0x0444 */ std %f0,[%i1+%o0] -/* 0x0448 */ bl,a,pt %icc,.L900000416 -/* 0x044c */ ldd [%g1],%f2 - .L77000164: -/* 0x0450 */ ret ! Result = -/* 0x0454 */ restore %g0,%g0,%g0 -/* 0x0458 0 */ .type conv_i32_to_d32_and_d16,2 -/* 0x0458 */ .size conv_i32_to_d32_and_d16,(.-conv_i32_to_d32_and_d16) - - .section ".text",#alloc,#execinstr -/* 000000 0 */ .align 8 -! -! SUBROUTINE adjust_montf_result -! -! OFFSET SOURCE LINE LABEL INSTRUCTION - - .global adjust_montf_result - adjust_montf_result: -/* 000000 */ save %sp,-176,%sp -/* 0x0004 */ or %g0,%i2,%o1 -/* 0x0008 */ or %g0,%i0,%i2 - -! 181 ! } -! 182 !} -! 185 !void adjust_montf_result(unsigned int *i32, unsigned int *nint, int len) -! 186 !{ -! 187 !long long acc; -! 188 !int i; -! 190 ! if(i32[len]>0) i=-1; - -/* 0x000c 190 */ sra %o1,0,%g2 -/* 0x0010 */ or %g0,-1,%o2 -/* 0x0014 */ sllx %g2,2,%g2 -/* 0x0018 */ ld [%i2+%g2],%g2 -/* 0x001c */ cmp %g2,0 -/* 0x0020 */ bleu,pn %icc,.L77000175 -/* 0x0024 */ or %g0,%i1,%i0 -/* 0x0028 */ ba .L900000511 -/* 0x002c */ cmp %o2,0 - .L77000175: - -! 191 ! else -! 192 ! { -! 193 ! for(i=len-1; i>=0; i--) - -/* 0x0030 193 */ sub %o1,1,%o2 -/* 0x0034 */ cmp %o2,0 -/* 0x0038 */ bl,pn %icc,.L77000182 -/* 0x003c */ sra %o2,0,%g2 - .L900000510: - -! 194 ! { -! 195 ! if(i32[i]!=nint[i]) break; - -/* 0x0040 195 */ sllx %g2,2,%g2 -/* 0x0044 */ sub %o2,1,%o0 -/* 0x0048 */ ld [%i1+%g2],%g3 -/* 0x004c */ ld [%i2+%g2],%g2 -/* 0x0050 */ cmp %g2,%g3 -/* 0x0054 */ bne,pn %icc,.L77000182 -/* 0x0058 */ nop -/* 0x005c 0 */ or %g0,%o0,%o2 -/* 0x0060 195 */ cmp %o0,0 -/* 0x0064 */ bge,pt %icc,.L900000510 -/* 0x0068 */ sra %o2,0,%g2 - .L77000182: - -! 196 ! } -! 197 ! } -! 198 ! if((i<0)||(i32[i]>nint[i])) - -/* 0x006c 198 */ cmp %o2,0 - .L900000511: -/* 0x0070 198 */ bl,pn %icc,.L77000198 -/* 0x0074 */ sra %o2,0,%g2 -/* 0x0078 */ sllx %g2,2,%g2 -/* 0x007c */ ld [%i1+%g2],%g3 -/* 0x0080 */ ld [%i2+%g2],%g2 -/* 0x0084 */ cmp %g2,%g3 -/* 0x0088 */ bleu,pt %icc,.L77000191 -/* 0x008c */ nop - .L77000198: - -! 199 ! { -! 200 ! acc=0; -! 201 ! for(i=0;i>32; - -/* 0x00c8 205 */ or %g0,5,%i1 -/* 0x00cc 203 */ ld [%i0],%o2 -/* 0x00d0 201 */ or %g0,8,%o5 -/* 0x00d4 */ or %g0,12,%o4 -/* 0x00d8 203 */ ld [%i0+4],%o3 -/* 0x00dc 201 */ or %g0,16,%g1 -/* 0x00e0 203 */ ld [%i2+4],%o0 -/* 0x00e4 201 */ sub %o1,%o2,%o1 -/* 0x00e8 203 */ ld [%i0+8],%i3 -/* 0x00ec 204 */ and %o1,%g2,%g5 -/* 0x00f0 */ st %g5,[%i2] -/* 0x00f4 205 */ srax %o1,32,%g5 -/* 0x00f8 201 */ sub %o0,%o3,%o0 -/* 0x00fc 203 */ ld [%i0+12],%o2 -/* 0x0100 201 */ add %o0,%g5,%o0 -/* 0x0104 204 */ and %o0,%g2,%g5 -/* 0x0108 */ st %g5,[%i2+4] -/* 0x010c 205 */ srax %o0,32,%o0 -/* 0x0110 203 */ ld [%i2+8],%o1 -/* 0x0114 */ ld [%i2+12],%o3 -/* 0x0118 201 */ sub %o1,%i3,%o1 - .L900000505: -/* 0x011c */ add %g1,4,%g3 -/* 0x0120 203 */ ld [%g1+%i2],%g5 -/* 0x0124 201 */ add %o1,%o0,%o0 -/* 0x0128 203 */ ld [%i0+%g1],%i3 -/* 0x012c 201 */ sub %o3,%o2,%o1 -/* 0x0130 204 */ and %o0,%g2,%o2 -/* 0x0134 */ st %o2,[%o5+%i2] -/* 0x0138 205 */ srax %o0,32,%o2 -/* 0x013c */ add %i1,4,%i1 -/* 0x0140 201 */ add %g1,8,%o5 -/* 0x0144 203 */ ld [%g3+%i2],%o0 -/* 0x0148 201 */ add %o1,%o2,%o1 -/* 0x014c 203 */ ld [%i0+%g3],%o3 -/* 0x0150 201 */ sub %g5,%i3,%o2 -/* 0x0154 204 */ and %o1,%g2,%g5 -/* 0x0158 */ st %g5,[%o4+%i2] -/* 0x015c 205 */ srax %o1,32,%g5 -/* 0x0160 */ cmp %i1,%o7 -/* 0x0164 201 */ add %g1,12,%o4 -/* 0x0168 203 */ ld [%o5+%i2],%o1 -/* 0x016c 201 */ add %o2,%g5,%o2 -/* 0x0170 203 */ ld [%i0+%o5],%i3 -/* 0x0174 201 */ sub %o0,%o3,%o0 -/* 0x0178 204 */ and %o2,%g2,%o3 -/* 0x017c */ st %o3,[%g1+%i2] -/* 0x0180 205 */ srax %o2,32,%g5 -/* 0x0184 203 */ ld [%o4+%i2],%o3 -/* 0x0188 201 */ add %g1,16,%g1 -/* 0x018c */ add %o0,%g5,%o0 -/* 0x0190 203 */ ld [%i0+%o4],%o2 -/* 0x0194 201 */ sub %o1,%i3,%o1 -/* 0x0198 204 */ and %o0,%g2,%g5 -/* 0x019c */ st %g5,[%g3+%i2] -/* 0x01a0 205 */ ble,pt %icc,.L900000505 -/* 0x01a4 */ srax %o0,32,%o0 - .L900000508: -/* 0x01a8 */ add %o1,%o0,%g3 -/* 0x01ac */ sub %o3,%o2,%o1 -/* 0x01b0 203 */ ld [%g1+%i2],%o0 -/* 0x01b4 */ ld [%i0+%g1],%o2 -/* 0x01b8 205 */ srax %g3,32,%o7 -/* 0x01bc 204 */ and %g3,%g2,%o3 -/* 0x01c0 201 */ add %o1,%o7,%o1 -/* 0x01c4 204 */ st %o3,[%o5+%i2] -/* 0x01c8 205 */ cmp %i1,%g4 -/* 0x01cc 201 */ sub %o0,%o2,%o0 -/* 0x01d0 204 */ and %o1,%g2,%o2 -/* 0x01d4 */ st %o2,[%o4+%i2] -/* 0x01d8 205 */ srax %o1,32,%o1 -/* 0x01dc 203 */ sra %i1,0,%o2 -/* 0x01e0 201 */ add %o0,%o1,%o0 -/* 0x01e4 205 */ srax %o0,32,%g5 -/* 0x01e8 204 */ and %o0,%g2,%o1 -/* 0x01ec */ st %o1,[%g1+%i2] -/* 0x01f0 205 */ bg,pn %icc,.L77000191 -/* 0x01f4 */ sllx %o2,2,%o1 - .L77000199: -/* 0x01f8 0 */ or %g0,%o1,%g1 - .L900000509: -/* 0x01fc 203 */ ld [%o1+%i2],%o0 -/* 0x0200 205 */ add %i1,1,%i1 -/* 0x0204 203 */ ld [%i0+%o1],%o1 -/* 0x0208 */ sra %i1,0,%o2 -/* 0x020c 205 */ cmp %i1,%g4 -/* 0x0210 203 */ add %g5,%o0,%o0 -/* 0x0214 */ sub %o0,%o1,%o0 -/* 0x0218 205 */ srax %o0,32,%g5 -/* 0x021c 204 */ and %o0,%g2,%o1 -/* 0x0220 */ st %o1,[%g1+%i2] -/* 0x0224 */ sllx %o2,2,%o1 -/* 0x0228 205 */ ble,pt %icc,.L900000509 -/* 0x022c */ or %g0,%o1,%g1 - .L77000191: -/* 0x0230 */ ret ! Result = -/* 0x0234 */ restore %g0,%g0,%g0 -/* 0x0238 0 */ .type adjust_montf_result,2 -/* 0x0238 */ .size adjust_montf_result,(.-adjust_montf_result) - - .section ".text",#alloc,#execinstr -/* 000000 0 */ .align 8 -/* 000000 */ .skip 24 -! -! SUBROUTINE mont_mulf_noconv -! -! OFFSET SOURCE LINE LABEL INSTRUCTION - - .global mont_mulf_noconv - mont_mulf_noconv: -/* 000000 */ save %sp,-224,%sp - .L900000643: -/* 0x0004 */ call .+8 -/* 0x0008 */ sethi /*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000643-.)),%g5 -/* 0x000c */ ldx [%fp+2223],%l0 - -! 206 ! } -! 207 ! } -! 208 !} -! 213 !/* -! 214 !** the lengths of the input arrays should be at least the following: -! 215 !** result[nlen+1], dm1[nlen], dm2[2*nlen+1], dt[4*nlen+2], dn[nlen], nint[nlen] -! 216 !** all of them should be different from one another -! 217 !** -! 218 !*/ -! 219 !void mont_mulf_noconv(unsigned int *result, -! 220 ! double *dm1, double *dm2, double *dt, -! 221 ! double *dn, unsigned int *nint, -! 222 ! int nlen, double dn0) -! 223 !{ -! 224 ! int i, j, jj; -! 225 ! int tmp; -! 226 ! double digit, m2j, nextm2j, a, b; -! 227 ! double *dptmp, *pdm1, *pdm2, *pdn, *pdtj, pdn_0, pdm1_0; -! 229 ! pdm1=&(dm1[0]); -! 230 ! pdm2=&(dm2[0]); -! 231 ! pdn=&(dn[0]); -! 232 ! pdm2[2*nlen]=Zero; - -/* 0x0010 232 */ sethi %hi(Zero),%g2 -/* 0x0014 223 */ fmovd %f14,%f30 -/* 0x0018 */ add %g5,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000643-.)),%g5 -/* 0x001c 232 */ add %g2,%lo(Zero),%g2 -/* 0x0020 */ sll %l0,1,%o3 -/* 0x0024 223 */ add %g5,%o7,%o4 -/* 0x0028 232 */ sra %o3,0,%g5 -/* 0x002c */ ldx [%o4+%g2],%o7 - -! 234 ! if (nlen!=16) -! 235 ! { -! 236 ! for(i=0;i<4*nlen+2;i++) dt[i]=Zero; -! 238 ! a=dt[0]=pdm1[0]*pdm2[0]; -! 239 ! digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16); - -/* 0x0030 239 */ sethi %hi(TwoToMinus16),%g3 -/* 0x0034 */ sethi %hi(TwoTo16),%g4 -/* 0x0038 */ add %g3,%lo(TwoToMinus16),%g2 -/* 0x003c 232 */ ldd [%o7],%f0 -/* 0x0040 239 */ add %g4,%lo(TwoTo16),%g3 -/* 0x0044 223 */ or %g0,%i4,%o0 -/* 0x0048 232 */ sllx %g5,3,%g4 -/* 0x004c 239 */ ldx [%o4+%g2],%o5 -/* 0x0050 223 */ or %g0,%i5,%l3 -/* 0x0054 */ or %g0,%i0,%l2 -/* 0x0058 239 */ ldx [%o4+%g3],%o4 -/* 0x005c 234 */ cmp %l0,16 -/* 0x0060 232 */ std %f0,[%i2+%g4] -/* 0x0064 234 */ be,pn %icc,.L77000279 -/* 0x0068 */ or %g0,%i3,%l4 -/* 0x006c 236 */ sll %l0,2,%g2 -/* 0x0070 223 */ or %g0,%o0,%i5 -/* 0x0074 236 */ add %g2,2,%o0 -/* 0x0078 223 */ or %g0,%i1,%i4 -/* 0x007c 236 */ cmp %o0,0 -/* 0x0080 223 */ or %g0,%i2,%l1 -/* 0x0084 236 */ ble,a,pt %icc,.L900000657 -/* 0x0088 */ ldd [%i1],%f6 - -! 241 ! pdtj=&(dt[0]); -! 242 ! for(j=jj=0;j<2*nlen;j++,jj++,pdtj++) -! 243 ! { -! 244 ! m2j=pdm2[j]; -! 245 ! a=pdtj[0]+pdn[0]*digit; -! 246 ! b=pdtj[1]+pdm1[0]*pdm2[j+1]+a*TwoToMinus16; -! 247 ! pdtj[1]=b; -! 249 !#pragma pipeloop(0) -! 250 ! for(i=1;i and - * Douglas Stebila of Sun Laboratories. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#ifndef _MP_GF2M_PRIV_H_ -#define _MP_GF2M_PRIV_H_ - -#include "mpi-priv.h" - -extern const mp_digit mp_gf2m_sqr_tb[16]; - -#if defined(MP_USE_UINT_DIGIT) -#define MP_DIGIT_BITS 32 -#else -#define MP_DIGIT_BITS 64 -#endif - -/* Platform-specific macros for fast binary polynomial squaring. */ -#if MP_DIGIT_BITS == 32 -#define gf2m_SQR1(w) \ - mp_gf2m_sqr_tb[(w) >> 28 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 24 & 0xF] << 16 | \ - mp_gf2m_sqr_tb[(w) >> 20 & 0xF] << 8 | mp_gf2m_sqr_tb[(w) >> 16 & 0xF] -#define gf2m_SQR0(w) \ - mp_gf2m_sqr_tb[(w) >> 12 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 8 & 0xF] << 16 | \ - mp_gf2m_sqr_tb[(w) >> 4 & 0xF] << 8 | mp_gf2m_sqr_tb[(w) & 0xF] -#else -#define gf2m_SQR1(w) \ - mp_gf2m_sqr_tb[(w) >> 60 & 0xF] << 56 | mp_gf2m_sqr_tb[(w) >> 56 & 0xF] << 48 | \ - mp_gf2m_sqr_tb[(w) >> 52 & 0xF] << 40 | mp_gf2m_sqr_tb[(w) >> 48 & 0xF] << 32 | \ - mp_gf2m_sqr_tb[(w) >> 44 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 40 & 0xF] << 16 | \ - mp_gf2m_sqr_tb[(w) >> 36 & 0xF] << 8 | mp_gf2m_sqr_tb[(w) >> 32 & 0xF] -#define gf2m_SQR0(w) \ - mp_gf2m_sqr_tb[(w) >> 28 & 0xF] << 56 | mp_gf2m_sqr_tb[(w) >> 24 & 0xF] << 48 | \ - mp_gf2m_sqr_tb[(w) >> 20 & 0xF] << 40 | mp_gf2m_sqr_tb[(w) >> 16 & 0xF] << 32 | \ - mp_gf2m_sqr_tb[(w) >> 12 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 8 & 0xF] << 16 | \ - mp_gf2m_sqr_tb[(w) >> 4 & 0xF] << 8 | mp_gf2m_sqr_tb[(w) & 0xF] -#endif - -/* Multiply two binary polynomials mp_digits a, b. - * Result is a polynomial with degree < 2 * MP_DIGIT_BITS - 1. - * Output in two mp_digits rh, rl. - */ -void s_bmul_1x1(mp_digit *rh, mp_digit *rl, const mp_digit a, const mp_digit b); - -/* Compute xor-multiply of two binary polynomials (a1, a0) x (b1, b0) - * result is a binary polynomial in 4 mp_digits r[4]. - * The caller MUST ensure that r has the right amount of space allocated. - */ -void s_bmul_2x2(mp_digit *r, const mp_digit a1, const mp_digit a0, const mp_digit b1, - const mp_digit b0); - -/* Compute xor-multiply of two binary polynomials (a2, a1, a0) x (b2, b1, b0) - * result is a binary polynomial in 6 mp_digits r[6]. - * The caller MUST ensure that r has the right amount of space allocated. - */ -void s_bmul_3x3(mp_digit *r, const mp_digit a2, const mp_digit a1, const mp_digit a0, - const mp_digit b2, const mp_digit b1, const mp_digit b0); - -/* Compute xor-multiply of two binary polynomials (a3, a2, a1, a0) x (b3, b2, b1, b0) - * result is a binary polynomial in 8 mp_digits r[8]. - * The caller MUST ensure that r has the right amount of space allocated. - */ -void s_bmul_4x4(mp_digit *r, const mp_digit a3, const mp_digit a2, const mp_digit a1, - const mp_digit a0, const mp_digit b3, const mp_digit b2, const mp_digit b1, - const mp_digit b0); - -#endif /* _MP_GF2M_PRIV_H_ */ diff --git a/security/nss/lib/freebl/mpi/mp_gf2m.c b/security/nss/lib/freebl/mpi/mp_gf2m.c deleted file mode 100644 index 990b2649c..000000000 --- a/security/nss/lib/freebl/mpi/mp_gf2m.c +++ /dev/null @@ -1,599 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Multi-precision Binary Polynomial Arithmetic - * Library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sheueling Chang Shantz and - * Douglas Stebila of Sun Laboratories. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#include "mp_gf2m.h" -#include "mp_gf2m-priv.h" -#include "mplogic.h" -#include "mpi-priv.h" - -const mp_digit mp_gf2m_sqr_tb[16] = -{ - 0, 1, 4, 5, 16, 17, 20, 21, - 64, 65, 68, 69, 80, 81, 84, 85 -}; - -/* Multiply two binary polynomials mp_digits a, b. - * Result is a polynomial with degree < 2 * MP_DIGIT_BITS - 1. - * Output in two mp_digits rh, rl. - */ -#if MP_DIGIT_BITS == 32 -void -s_bmul_1x1(mp_digit *rh, mp_digit *rl, const mp_digit a, const mp_digit b) -{ - register mp_digit h, l, s; - mp_digit tab[8], top2b = a >> 30; - register mp_digit a1, a2, a4; - - a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1; - - tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2; - tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4; - - s = tab[b & 0x7]; l = s; - s = tab[b >> 3 & 0x7]; l ^= s << 3; h = s >> 29; - s = tab[b >> 6 & 0x7]; l ^= s << 6; h ^= s >> 26; - s = tab[b >> 9 & 0x7]; l ^= s << 9; h ^= s >> 23; - s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20; - s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17; - s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14; - s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11; - s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >> 8; - s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >> 5; - s = tab[b >> 30 ]; l ^= s << 30; h ^= s >> 2; - - /* compensate for the top two bits of a */ - - if (top2b & 01) { l ^= b << 30; h ^= b >> 2; } - if (top2b & 02) { l ^= b << 31; h ^= b >> 1; } - - *rh = h; *rl = l; -} -#else -void -s_bmul_1x1(mp_digit *rh, mp_digit *rl, const mp_digit a, const mp_digit b) -{ - register mp_digit h, l, s; - mp_digit tab[16], top3b = a >> 61; - register mp_digit a1, a2, a4, a8; - - a1 = a & (0x1FFFFFFFFFFFFFFF); a2 = a1 << 1; - a4 = a2 << 1; a8 = a4 << 1; - tab[ 0] = 0; tab[ 1] = a1; tab[ 2] = a2; tab[ 3] = a1^a2; - tab[ 4] = a4; tab[ 5] = a1^a4; tab[ 6] = a2^a4; tab[ 7] = a1^a2^a4; - tab[ 8] = a8; tab[ 9] = a1^a8; tab[10] = a2^a8; tab[11] = a1^a2^a8; - tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8; - - s = tab[b & 0xF]; l = s; - s = tab[b >> 4 & 0xF]; l ^= s << 4; h = s >> 60; - s = tab[b >> 8 & 0xF]; l ^= s << 8; h ^= s >> 56; - s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52; - s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48; - s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44; - s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40; - s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36; - s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32; - s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28; - s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24; - s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20; - s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16; - s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12; - s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >> 8; - s = tab[b >> 60 ]; l ^= s << 60; h ^= s >> 4; - - /* compensate for the top three bits of a */ - - if (top3b & 01) { l ^= b << 61; h ^= b >> 3; } - if (top3b & 02) { l ^= b << 62; h ^= b >> 2; } - if (top3b & 04) { l ^= b << 63; h ^= b >> 1; } - - *rh = h; *rl = l; -} -#endif - -/* Compute xor-multiply of two binary polynomials (a1, a0) x (b1, b0) - * result is a binary polynomial in 4 mp_digits r[4]. - * The caller MUST ensure that r has the right amount of space allocated. - */ -void -s_bmul_2x2(mp_digit *r, const mp_digit a1, const mp_digit a0, const mp_digit b1, - const mp_digit b0) -{ - mp_digit m1, m0; - /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */ - s_bmul_1x1(r+3, r+2, a1, b1); - s_bmul_1x1(r+1, r, a0, b0); - s_bmul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1); - /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */ - r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */ - r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */ -} - -/* Compute xor-multiply of two binary polynomials (a2, a1, a0) x (b2, b1, b0) - * result is a binary polynomial in 6 mp_digits r[6]. - * The caller MUST ensure that r has the right amount of space allocated. - */ -void -s_bmul_3x3(mp_digit *r, const mp_digit a2, const mp_digit a1, const mp_digit a0, - const mp_digit b2, const mp_digit b1, const mp_digit b0) -{ - mp_digit zm[4]; - - s_bmul_1x1(r+5, r+4, a2, b2); /* fill top 2 words */ - s_bmul_2x2(zm, a1, a2^a0, b1, b2^b0); /* fill middle 4 words */ - s_bmul_2x2(r, a1, a0, b1, b0); /* fill bottom 4 words */ - - zm[3] ^= r[3]; - zm[2] ^= r[2]; - zm[1] ^= r[1] ^ r[5]; - zm[0] ^= r[0] ^ r[4]; - - r[5] ^= zm[3]; - r[4] ^= zm[2]; - r[3] ^= zm[1]; - r[2] ^= zm[0]; -} - -/* Compute xor-multiply of two binary polynomials (a3, a2, a1, a0) x (b3, b2, b1, b0) - * result is a binary polynomial in 8 mp_digits r[8]. - * The caller MUST ensure that r has the right amount of space allocated. - */ -void s_bmul_4x4(mp_digit *r, const mp_digit a3, const mp_digit a2, const mp_digit a1, - const mp_digit a0, const mp_digit b3, const mp_digit b2, const mp_digit b1, - const mp_digit b0) -{ - mp_digit zm[4]; - - s_bmul_2x2(r+4, a3, a2, b3, b2); /* fill top 4 words */ - s_bmul_2x2(zm, a3^a1, a2^a0, b3^b1, b2^b0); /* fill middle 4 words */ - s_bmul_2x2(r, a1, a0, b1, b0); /* fill bottom 4 words */ - - zm[3] ^= r[3] ^ r[7]; - zm[2] ^= r[2] ^ r[6]; - zm[1] ^= r[1] ^ r[5]; - zm[0] ^= r[0] ^ r[4]; - - r[5] ^= zm[3]; - r[4] ^= zm[2]; - r[3] ^= zm[1]; - r[2] ^= zm[0]; -} - -/* Compute addition of two binary polynomials a and b, - * store result in c; c could be a or b, a and b could be equal; - * c is the bitwise XOR of a and b. - */ -mp_err -mp_badd(const mp_int *a, const mp_int *b, mp_int *c) -{ - mp_digit *pa, *pb, *pc; - mp_size ix; - mp_size used_pa, used_pb; - mp_err res = MP_OKAY; - - /* Add all digits up to the precision of b. If b had more - * precision than a initially, swap a, b first - */ - if (MP_USED(a) >= MP_USED(b)) { - pa = MP_DIGITS(a); - pb = MP_DIGITS(b); - used_pa = MP_USED(a); - used_pb = MP_USED(b); - } else { - pa = MP_DIGITS(b); - pb = MP_DIGITS(a); - used_pa = MP_USED(b); - used_pb = MP_USED(a); - } - - /* Make sure c has enough precision for the output value */ - MP_CHECKOK( s_mp_pad(c, used_pa) ); - - /* Do word-by-word xor */ - pc = MP_DIGITS(c); - for (ix = 0; ix < used_pb; ix++) { - (*pc++) = (*pa++) ^ (*pb++); - } - - /* Finish the rest of digits until we're actually done */ - for (; ix < used_pa; ++ix) { - *pc++ = *pa++; - } - - MP_USED(c) = used_pa; - MP_SIGN(c) = ZPOS; - s_mp_clamp(c); - -CLEANUP: - return res; -} - -#define s_mp_div2(a) MP_CHECKOK( mpl_rsh((a), (a), 1) ); - -/* Compute binary polynomial multiply d = a * b */ -static void -s_bmul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *d) -{ - mp_digit a_i, a0b0, a1b1, carry = 0; - while (a_len--) { - a_i = *a++; - s_bmul_1x1(&a1b1, &a0b0, a_i, b); - *d++ = a0b0 ^ carry; - carry = a1b1; - } - *d = carry; -} - -/* Compute binary polynomial xor multiply accumulate d ^= a * b */ -static void -s_bmul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *d) -{ - mp_digit a_i, a0b0, a1b1, carry = 0; - while (a_len--) { - a_i = *a++; - s_bmul_1x1(&a1b1, &a0b0, a_i, b); - *d++ ^= a0b0 ^ carry; - carry = a1b1; - } - *d ^= carry; -} - -/* Compute binary polynomial xor multiply c = a * b. - * All parameters may be identical. - */ -mp_err -mp_bmul(const mp_int *a, const mp_int *b, mp_int *c) -{ - mp_digit *pb, b_i; - mp_int tmp; - mp_size ib, a_used, b_used; - mp_err res = MP_OKAY; - - MP_DIGITS(&tmp) = 0; - - ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); - - if (a == c) { - MP_CHECKOK( mp_init_copy(&tmp, a) ); - if (a == b) - b = &tmp; - a = &tmp; - } else if (b == c) { - MP_CHECKOK( mp_init_copy(&tmp, b) ); - b = &tmp; - } - - if (MP_USED(a) < MP_USED(b)) { - const mp_int *xch = b; /* switch a and b if b longer */ - b = a; - a = xch; - } - - MP_USED(c) = 1; MP_DIGIT(c, 0) = 0; - MP_CHECKOK( s_mp_pad(c, USED(a) + USED(b)) ); - - pb = MP_DIGITS(b); - s_bmul_d(MP_DIGITS(a), MP_USED(a), *pb++, MP_DIGITS(c)); - - /* Outer loop: Digits of b */ - a_used = MP_USED(a); - b_used = MP_USED(b); - MP_USED(c) = a_used + b_used; - for (ib = 1; ib < b_used; ib++) { - b_i = *pb++; - - /* Inner product: Digits of a */ - if (b_i) - s_bmul_d_add(MP_DIGITS(a), a_used, b_i, MP_DIGITS(c) + ib); - else - MP_DIGIT(c, ib + a_used) = b_i; - } - - s_mp_clamp(c); - - SIGN(c) = ZPOS; - -CLEANUP: - mp_clear(&tmp); - return res; -} - - -/* Compute modular reduction of a and store result in r. - * r could be a. - * For modular arithmetic, the irreducible polynomial f(t) is represented - * as an array of int[], where f(t) is of the form: - * f(t) = t^p[0] + t^p[1] + ... + t^p[k] - * where m = p[0] > p[1] > ... > p[k] = 0. - */ -mp_err -mp_bmod(const mp_int *a, const unsigned int p[], mp_int *r) -{ - int j, k; - int n, dN, d0, d1; - mp_digit zz, *z, tmp; - mp_size used; - mp_err res = MP_OKAY; - - /* The algorithm does the reduction in place in r, - * if a != r, copy a into r first so reduction can be done in r - */ - if (a != r) { - MP_CHECKOK( mp_copy(a, r) ); - } - z = MP_DIGITS(r); - - /* start reduction */ - dN = p[0] / MP_DIGIT_BITS; - used = MP_USED(r); - - for (j = used - 1; j > dN;) { - - zz = z[j]; - if (zz == 0) { - j--; continue; - } - z[j] = 0; - - for (k = 1; p[k] > 0; k++) { - /* reducing component t^p[k] */ - n = p[0] - p[k]; - d0 = n % MP_DIGIT_BITS; - d1 = MP_DIGIT_BITS - d0; - n /= MP_DIGIT_BITS; - z[j-n] ^= (zz>>d0); - if (d0) - z[j-n-1] ^= (zz<> d0); - if (d0) - z[j-n-1] ^= (zz << d1); - - } - - /* final round of reduction */ - while (j == dN) { - - d0 = p[0] % MP_DIGIT_BITS; - zz = z[dN] >> d0; - if (zz == 0) break; - d1 = MP_DIGIT_BITS - d0; - - /* clear up the top d1 bits */ - if (d0) z[dN] = (z[dN] << d1) >> d1; - *z ^= zz; /* reduction t^0 component */ - - for (k = 1; p[k] > 0; k++) { - /* reducing component t^p[k]*/ - n = p[k] / MP_DIGIT_BITS; - d0 = p[k] % MP_DIGIT_BITS; - d1 = MP_DIGIT_BITS - d0; - z[n] ^= (zz << d0); - tmp = zz >> d1; - if (d0 && tmp) - z[n+1] ^= tmp; - } - } - - s_mp_clamp(r); -CLEANUP: - return res; -} - -/* Compute the product of two polynomials a and b, reduce modulo p, - * Store the result in r. r could be a or b; a could be b. - */ -mp_err -mp_bmulmod(const mp_int *a, const mp_int *b, const unsigned int p[], mp_int *r) -{ - mp_err res; - - if (a == b) return mp_bsqrmod(a, p, r); - if ((res = mp_bmul(a, b, r) ) != MP_OKAY) - return res; - return mp_bmod(r, p, r); -} - -/* Compute binary polynomial squaring c = a*a mod p . - * Parameter r and a can be identical. - */ - -mp_err -mp_bsqrmod(const mp_int *a, const unsigned int p[], mp_int *r) -{ - mp_digit *pa, *pr, a_i; - mp_int tmp; - mp_size ia, a_used; - mp_err res; - - ARGCHK(a != NULL && r != NULL, MP_BADARG); - MP_DIGITS(&tmp) = 0; - - if (a == r) { - MP_CHECKOK( mp_init_copy(&tmp, a) ); - a = &tmp; - } - - MP_USED(r) = 1; MP_DIGIT(r, 0) = 0; - MP_CHECKOK( s_mp_pad(r, 2*USED(a)) ); - - pa = MP_DIGITS(a); - pr = MP_DIGITS(r); - a_used = MP_USED(a); - MP_USED(r) = 2 * a_used; - - for (ia = 0; ia < a_used; ia++) { - a_i = *pa++; - *pr++ = gf2m_SQR0(a_i); - *pr++ = gf2m_SQR1(a_i); - } - - MP_CHECKOK( mp_bmod(r, p, r) ); - s_mp_clamp(r); - SIGN(r) = ZPOS; - -CLEANUP: - mp_clear(&tmp); - return res; -} - -/* Compute binary polynomial y/x mod p, y divided by x, reduce modulo p. - * Store the result in r. r could be x or y, and x could equal y. - * Uses algorithm Modular_Division_GF(2^m) from - * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to - * the Great Divide". - */ -int -mp_bdivmod(const mp_int *y, const mp_int *x, const mp_int *pp, - const unsigned int p[], mp_int *r) -{ - mp_int aa, bb, uu; - mp_int *a, *b, *u, *v; - mp_err res = MP_OKAY; - - MP_DIGITS(&aa) = 0; - MP_DIGITS(&bb) = 0; - MP_DIGITS(&uu) = 0; - - MP_CHECKOK( mp_init_copy(&aa, x) ); - MP_CHECKOK( mp_init_copy(&uu, y) ); - MP_CHECKOK( mp_init_copy(&bb, pp) ); - MP_CHECKOK( s_mp_pad(r, USED(pp)) ); - MP_USED(r) = 1; MP_DIGIT(r, 0) = 0; - - a = &aa; b= &bb; u=&uu; v=r; - /* reduce x and y mod p */ - MP_CHECKOK( mp_bmod(a, p, a) ); - MP_CHECKOK( mp_bmod(u, p, u) ); - - while (!mp_isodd(a)) { - s_mp_div2(a); - if (mp_isodd(u)) { - MP_CHECKOK( mp_badd(u, pp, u) ); - } - s_mp_div2(u); - } - - do { - if (mp_cmp_mag(b, a) > 0) { - MP_CHECKOK( mp_badd(b, a, b) ); - MP_CHECKOK( mp_badd(v, u, v) ); - do { - s_mp_div2(b); - if (mp_isodd(v)) { - MP_CHECKOK( mp_badd(v, pp, v) ); - } - s_mp_div2(v); - } while (!mp_isodd(b)); - } - else if ((MP_DIGIT(a,0) == 1) && (MP_USED(a) == 1)) - break; - else { - MP_CHECKOK( mp_badd(a, b, a) ); - MP_CHECKOK( mp_badd(u, v, u) ); - do { - s_mp_div2(a); - if (mp_isodd(u)) { - MP_CHECKOK( mp_badd(u, pp, u) ); - } - s_mp_div2(u); - } while (!mp_isodd(a)); - } - } while (1); - - MP_CHECKOK( mp_copy(u, r) ); - -CLEANUP: - return res; - -} - -/* Convert the bit-string representation of a polynomial a into an array - * of integers corresponding to the bits with non-zero coefficient. - * Up to max elements of the array will be filled. Return value is total - * number of coefficients that would be extracted if array was large enough. - */ -int -mp_bpoly2arr(const mp_int *a, unsigned int p[], int max) -{ - int i, j, k; - mp_digit top_bit, mask; - - top_bit = 1; - top_bit <<= MP_DIGIT_BIT - 1; - - for (k = 0; k < max; k++) p[k] = 0; - k = 0; - - for (i = MP_USED(a) - 1; i >= 0; i--) { - mask = top_bit; - for (j = MP_DIGIT_BIT - 1; j >= 0; j--) { - if (MP_DIGITS(a)[i] & mask) { - if (k < max) p[k] = MP_DIGIT_BIT * i + j; - k++; - } - mask >>= 1; - } - } - - return k; -} - -/* Convert the coefficient array representation of a polynomial to a - * bit-string. The array must be terminated by 0. - */ -mp_err -mp_barr2poly(const unsigned int p[], mp_int *a) -{ - - mp_err res = MP_OKAY; - int i; - - mp_zero(a); - for (i = 0; p[i] > 0; i++) { - MP_CHECKOK( mpl_set_bit(a, p[i], 1) ); - } - MP_CHECKOK( mpl_set_bit(a, 0, 1) ); - -CLEANUP: - return res; -} diff --git a/security/nss/lib/freebl/mpi/mp_gf2m.h b/security/nss/lib/freebl/mpi/mp_gf2m.h deleted file mode 100644 index c4268f142..000000000 --- a/security/nss/lib/freebl/mpi/mp_gf2m.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Multi-precision Binary Polynomial Arithmetic - * Library. - * - * The Initial Developer of the Original Code is Sun Microsystems, Inc. - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sheueling Chang Shantz and - * Douglas Stebila of Sun Laboratories. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - */ - -#ifndef _MP_GF2M_H_ -#define _MP_GF2M_H_ - -#include "mpi.h" - -mp_err mp_badd(const mp_int *a, const mp_int *b, mp_int *c); -mp_err mp_bmul(const mp_int *a, const mp_int *b, mp_int *c); - -/* For modular arithmetic, the irreducible polynomial f(t) is represented - * as an array of int[], where f(t) is of the form: - * f(t) = t^p[0] + t^p[1] + ... + t^p[k] - * where m = p[0] > p[1] > ... > p[k] = 0. - */ -mp_err mp_bmod(const mp_int *a, const unsigned int p[], mp_int *r); -mp_err mp_bmulmod(const mp_int *a, const mp_int *b, const unsigned int p[], - mp_int *r); -mp_err mp_bsqrmod(const mp_int *a, const unsigned int p[], mp_int *r); -mp_err mp_bdivmod(const mp_int *y, const mp_int *x, const mp_int *pp, - const unsigned int p[], mp_int *r); - -int mp_bpoly2arr(const mp_int *a, unsigned int p[], int max); -mp_err mp_barr2poly(const unsigned int p[], mp_int *a); - -#endif /* _MP_GF2M_H_ */ diff --git a/security/nss/lib/freebl/mpi/mpi-config.h b/security/nss/lib/freebl/mpi/mpi-config.h deleted file mode 100644 index bf573e254..000000000 --- a/security/nss/lib/freebl/mpi/mpi-config.h +++ /dev/null @@ -1,109 +0,0 @@ -/* Default configuration for MPI library - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1997, 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * Netscape Communications Corporation - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -/* $Id$ */ - -#ifndef MPI_CONFIG_H_ -#define MPI_CONFIG_H_ - -/* - For boolean options, - 0 = no - 1 = yes - - Other options are documented individually. - - */ - -#ifndef MP_IOFUNC -#define MP_IOFUNC 0 /* include mp_print() ? */ -#endif - -#ifndef MP_MODARITH -#define MP_MODARITH 1 /* include modular arithmetic ? */ -#endif - -#ifndef MP_NUMTH -#define MP_NUMTH 1 /* include number theoretic functions? */ -#endif - -#ifndef MP_LOGTAB -#define MP_LOGTAB 1 /* use table of logs instead of log()? */ -#endif - -#ifndef MP_MEMSET -#define MP_MEMSET 1 /* use memset() to zero buffers? */ -#endif - -#ifndef MP_MEMCPY -#define MP_MEMCPY 1 /* use memcpy() to copy buffers? */ -#endif - -#ifndef MP_CRYPTO -#define MP_CRYPTO 1 /* erase memory on free? */ -#endif - -#ifndef MP_ARGCHK -/* - 0 = no parameter checks - 1 = runtime checks, continue execution and return an error to caller - 2 = assertions; dump core on parameter errors - */ -#ifdef DEBUG -#define MP_ARGCHK 2 /* how to check input arguments */ -#else -#define MP_ARGCHK 1 /* how to check input arguments */ -#endif -#endif - -#ifndef MP_DEBUG -#define MP_DEBUG 0 /* print diagnostic output? */ -#endif - -#ifndef MP_DEFPREC -#define MP_DEFPREC 64 /* default precision, in digits */ -#endif - -#ifndef MP_MACRO -#define MP_MACRO 0 /* use macros for frequent calls? */ -#endif - -#ifndef MP_SQUARE -#define MP_SQUARE 1 /* use separate squaring code? */ -#endif - -#endif /* ifndef MPI_CONFIG_H_ */ - - diff --git a/security/nss/lib/freebl/mpi/mpi-priv.h b/security/nss/lib/freebl/mpi/mpi-priv.h deleted file mode 100644 index 93c64491d..000000000 --- a/security/nss/lib/freebl/mpi/mpi-priv.h +++ /dev/null @@ -1,268 +0,0 @@ -/* - * mpi-priv.h - Private header file for MPI - * Arbitrary precision integer arithmetic library - * - * NOTE WELL: the content of this header file is NOT part of the "public" - * API for the MPI library, and may change at any time. - * Application programs that use libmpi should NOT include this header file. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * Netscape Communications Corporation - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ -#ifndef _MPI_PRIV_H_ -#define _MPI_PRIV_H_ 1 - -#include "mpi.h" -#include -#include -#include - -#if MP_DEBUG -#include - -#define DIAG(T,V) {fprintf(stderr,T);mp_print(V,stderr);fputc('\n',stderr);} -#else -#define DIAG(T,V) -#endif - -/* If we aren't using a wired-in logarithm table, we need to include - the math library to get the log() function - */ - -/* {{{ s_logv_2[] - log table for 2 in various bases */ - -#if MP_LOGTAB -/* - A table of the logs of 2 for various bases (the 0 and 1 entries of - this table are meaningless and should not be referenced). - - This table is used to compute output lengths for the mp_toradix() - function. Since a number n in radix r takes up about log_r(n) - digits, we estimate the output size by taking the least integer - greater than log_r(n), where: - - log_r(n) = log_2(n) * log_r(2) - - This table, therefore, is a table of log_r(2) for 2 <= r <= 36, - which are the output bases supported. - */ - -extern const float s_logv_2[]; -#define LOG_V_2(R) s_logv_2[(R)] - -#else - -/* - If MP_LOGTAB is not defined, use the math library to compute the - logarithms on the fly. Otherwise, use the table. - Pick which works best for your system. - */ - -#include -#define LOG_V_2(R) (log(2.0)/log(R)) - -#endif /* if MP_LOGTAB */ - -/* }}} */ - -/* {{{ Digit arithmetic macros */ - -/* - When adding and multiplying digits, the results can be larger than - can be contained in an mp_digit. Thus, an mp_word is used. These - macros mask off the upper and lower digits of the mp_word (the - mp_word may be more than 2 mp_digits wide, but we only concern - ourselves with the low-order 2 mp_digits) - */ - -#define CARRYOUT(W) (mp_digit)((W)>>DIGIT_BIT) -#define ACCUM(W) (mp_digit)(W) - -#define MP_MIN(a,b) (((a) < (b)) ? (a) : (b)) -#define MP_MAX(a,b) (((a) > (b)) ? (a) : (b)) -#define MP_HOWMANY(a,b) (((a) + (b) - 1)/(b)) -#define MP_ROUNDUP(a,b) (MP_HOWMANY(a,b) * (b)) - -/* }}} */ - -/* {{{ Comparison constants */ - -#define MP_LT -1 -#define MP_EQ 0 -#define MP_GT 1 - -/* }}} */ - -/* {{{ private function declarations */ - -/* - If MP_MACRO is false, these will be defined as actual functions; - otherwise, suitable macro definitions will be used. This works - around the fact that ANSI C89 doesn't support an 'inline' keyword - (although I hear C9x will ... about bloody time). At present, the - macro definitions are identical to the function bodies, but they'll - expand in place, instead of generating a function call. - - I chose these particular functions to be made into macros because - some profiling showed they are called a lot on a typical workload, - and yet they are primarily housekeeping. - */ -#if MP_MACRO == 0 - void s_mp_setz(mp_digit *dp, mp_size count); /* zero digits */ - void s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count); /* copy */ - void *s_mp_alloc(size_t nb, size_t ni); /* general allocator */ - void s_mp_free(void *ptr); /* general free function */ -extern unsigned long mp_allocs; -extern unsigned long mp_frees; -extern unsigned long mp_copies; -#else - - /* Even if these are defined as macros, we need to respect the settings - of the MP_MEMSET and MP_MEMCPY configuration options... - */ - #if MP_MEMSET == 0 - #define s_mp_setz(dp, count) \ - {int ix;for(ix=0;ix<(count);ix++)(dp)[ix]=0;} - #else - #define s_mp_setz(dp, count) memset(dp, 0, (count) * sizeof(mp_digit)) - #endif /* MP_MEMSET */ - - #if MP_MEMCPY == 0 - #define s_mp_copy(sp, dp, count) \ - {int ix;for(ix=0;ix<(count);ix++)(dp)[ix]=(sp)[ix];} - #else - #define s_mp_copy(sp, dp, count) memcpy(dp, sp, (count) * sizeof(mp_digit)) - #endif /* MP_MEMCPY */ - - #define s_mp_alloc(nb, ni) calloc(nb, ni) - #define s_mp_free(ptr) {if(ptr) free(ptr);} -#endif /* MP_MACRO */ - -mp_err s_mp_grow(mp_int *mp, mp_size min); /* increase allocated size */ -mp_err s_mp_pad(mp_int *mp, mp_size min); /* left pad with zeroes */ - -#if MP_MACRO == 0 - void s_mp_clamp(mp_int *mp); /* clip leading zeroes */ -#else - #define s_mp_clamp(mp)\ - { mp_size used = MP_USED(mp); \ - while (used > 1 && DIGIT(mp, used - 1) == 0) --used; \ - MP_USED(mp) = used; \ - } -#endif /* MP_MACRO */ - -void s_mp_exch(mp_int *a, mp_int *b); /* swap a and b in place */ - -mp_err s_mp_lshd(mp_int *mp, mp_size p); /* left-shift by p digits */ -void s_mp_rshd(mp_int *mp, mp_size p); /* right-shift by p digits */ -mp_err s_mp_mul_2d(mp_int *mp, mp_digit d); /* multiply by 2^d in place */ -void s_mp_div_2d(mp_int *mp, mp_digit d); /* divide by 2^d in place */ -void s_mp_mod_2d(mp_int *mp, mp_digit d); /* modulo 2^d in place */ -void s_mp_div_2(mp_int *mp); /* divide by 2 in place */ -mp_err s_mp_mul_2(mp_int *mp); /* multiply by 2 in place */ -mp_err s_mp_norm(mp_int *a, mp_int *b, mp_digit *pd); - /* normalize for division */ -mp_err s_mp_add_d(mp_int *mp, mp_digit d); /* unsigned digit addition */ -mp_err s_mp_sub_d(mp_int *mp, mp_digit d); /* unsigned digit subtract */ -mp_err s_mp_mul_d(mp_int *mp, mp_digit d); /* unsigned digit multiply */ -mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r); - /* unsigned digit divide */ -mp_err s_mp_reduce(mp_int *x, const mp_int *m, const mp_int *mu); - /* Barrett reduction */ -mp_err s_mp_add(mp_int *a, const mp_int *b); /* magnitude addition */ -mp_err s_mp_add_3arg(const mp_int *a, const mp_int *b, mp_int *c); -mp_err s_mp_sub(mp_int *a, const mp_int *b); /* magnitude subtract */ -mp_err s_mp_sub_3arg(const mp_int *a, const mp_int *b, mp_int *c); -mp_err s_mp_add_offset(mp_int *a, mp_int *b, mp_size offset); - /* a += b * RADIX^offset */ -mp_err s_mp_mul(mp_int *a, const mp_int *b); /* magnitude multiply */ -#if MP_SQUARE -mp_err s_mp_sqr(mp_int *a); /* magnitude square */ -#else -#define s_mp_sqr(a) s_mp_mul(a, a) -#endif -mp_err s_mp_div(mp_int *rem, mp_int *div, mp_int *quot); /* magnitude div */ -mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c); -mp_err s_mp_2expt(mp_int *a, mp_digit k); /* a = 2^k */ -int s_mp_cmp(const mp_int *a, const mp_int *b); /* magnitude comparison */ -int s_mp_cmp_d(const mp_int *a, mp_digit d); /* magnitude digit compare */ -int s_mp_ispow2(const mp_int *v); /* is v a power of 2? */ -int s_mp_ispow2d(mp_digit d); /* is d a power of 2? */ - -int s_mp_tovalue(char ch, int r); /* convert ch to value */ -char s_mp_todigit(mp_digit val, int r, int low); /* convert val to digit */ -int s_mp_outlen(int bits, int r); /* output length in bytes */ -mp_digit s_mp_invmod_radix(mp_digit P); /* returns (P ** -1) mod RADIX */ -mp_err s_mp_invmod_odd_m( const mp_int *a, const mp_int *m, mp_int *c); -mp_err s_mp_invmod_2d( const mp_int *a, mp_size k, mp_int *c); -mp_err s_mp_invmod_even_m(const mp_int *a, const mp_int *m, mp_int *c); - -/* ------ mpv functions, operate on arrays of digits, not on mp_int's ------ */ -#if defined (__OS2__) && defined (__IBMC__) -#define MPI_ASM_DECL __cdecl -#else -#define MPI_ASM_DECL -#endif - -void MPI_ASM_DECL s_mpv_mul_d(const mp_digit *a, mp_size a_len, - mp_digit b, mp_digit *c); -void MPI_ASM_DECL s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, - mp_digit b, mp_digit *c); -void MPI_ASM_DECL s_mpv_mul_d_add_prop(const mp_digit *a, - mp_size a_len, mp_digit b, - mp_digit *c); -void MPI_ASM_DECL s_mpv_sqr_add_prop(const mp_digit *a, - mp_size a_len, - mp_digit *sqrs); - -mp_err MPI_ASM_DECL s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, - mp_digit divisor, mp_digit *quot, mp_digit *rem); - -/* c += a * b * (MP_RADIX ** offset); */ -#define s_mp_mul_d_add_offset(a, b, c, off) \ -(s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off), MP_OKAY) - -typedef struct { - mp_int N; /* modulus N */ - mp_digit n0prime; /* n0' = - (n0 ** -1) mod MP_RADIX */ - mp_size b; /* R == 2 ** b, also b = # significant bits in N */ -} mp_mont_modulus; - -mp_err s_mp_mul_mont(const mp_int *a, const mp_int *b, mp_int *c, - mp_mont_modulus *mmm); -mp_err s_mp_redc(mp_int *T, mp_mont_modulus *mmm); - -/* }}} */ -#endif - diff --git a/security/nss/lib/freebl/mpi/mpi-test.c b/security/nss/lib/freebl/mpi/mpi-test.c deleted file mode 100644 index ed3880631..000000000 --- a/security/nss/lib/freebl/mpi/mpi-test.c +++ /dev/null @@ -1,1973 +0,0 @@ -/* - * mpi-test.c - * - * This is a general test suite for the MPI library, which tests - * all the functions in the library with known values. The program - * exits with a zero (successful) status if the tests pass, or a - * nonzero status if the tests fail. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * Netscape Communications Corporation - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include -#include - -#include "mpi.h" -#include "mpprime.h" - -#include "test-info.c" - -/* ZS means Zero Suppressed (no leading zeros) */ -#if MP_USE_LONG_DIGIT -#define ZS_DIGIT_FMT "%lX" -#elif MP_USE_LONG_LONG_DIGIT -#define ZS_DIGIT_FMT "%llX" -#elif MP_USE_UINT_DIGIT -#define ZS_DIGIT_FMT "%X" -#else -#error "unknown type of digit" -#endif - -/* - Test vectors - - If you intend to change any of these values, you must also recompute - the corresponding solutions below. Basically, these are just hex - strings (for the big integers) or integer values (for the digits). - - The comparison tests think they know what relationships hold between - these values. If you change that, you may have to adjust the code - for the comparison tests accordingly. Most of the other tests - should be fine as long as you re-compute the solutions, though. - */ -const char *mp1 = "639A868CDA0C569861B"; -const char *mp2 = "AAFC0A3FE45E5E09DBE2C29"; -const char *mp3 = "B55AA8DF8A7E83241F38AC7A9E479CAEF2E4D7C5"; -const char *mp4 = "-63DBC2265B88268DC801C10EA68476B7BDE0090F"; -const char *mp5 = "F595CB42"; -const char *mp5a = "-4B597E"; -const char *mp6 = "0"; -const char *mp7 = "EBFA7121CD838CE6439CC59DDB4CBEF3"; -const char *mp8 = "5"; -const char *mp9 = "F74A2876A1432698923B0767DA19DCF3D71795EE"; -const char *mp10 = "9184E72A000"; -const char *mp11 = "54D79A3557E8"; -const char *mp12 = "10000000000000000"; -const char *mp13 = -"34584F700C15A341E40BF7BFDD88A6630C8FF2B2067469372D391342BDAB6163963C" -"D5A5C79F708BDE26E0CCF2DB66CD6D6089E29A877C45F2B050D226E6DA88"; -const char *mp14 = -"AC3FA0EABAAC45724814D798942A1E28E14C81E0DE8055CED630E7689DA648683645DB6E" -"458D9F5338CC3D4E33A5D1C9BF42780133599E60DEE0049AFA8F9489501AE5C9AA2B8C13" -"FD21285A538B2CA87A626BB56E0A654C8707535E637FF4E39174157402BDE3AA30C9F134" -"0C1307BAA864B075A9CC828B6A5E2B2BF1AE406D920CC5E7657D7C0E697DEE5375773AF9" -"E200A1B8FAD7CD141F9EE47ABB55511FEB9A4D99EBA22F3A3FF6792FA7EE9E5DC0EE94F7" -"7A631EDF3D7DD7C2DAAAFDF234D60302AB63D5234CEAE941B9AF0ADDD9E6E3A940A94EE5" -"5DB45A7C66E61EDD0477419BBEFA44C325129601C4F45671C6A0E64665DF341D17FBC71F" -"77418BD9F4375DDB3B9D56126526D8E5E0F35A121FD4F347013DA880020A752324F31DDD" -"9BCDB13A3B86E207A2DE086825E6EEB87B3A64232CFD8205B799BC018634AAE193F19531" -"D6EBC19A75F27CFFAA03EB5974898F53FD569AA5CE60F431B53B0CDE715A5F382405C9C4" -"761A8E24888328F09F7BCE4E8D80C957DF177629C8421ACCD0C268C63C0DD47C3C0D954F" -"D79F7D7297C6788DF4B3E51381759864D880ACA246DF09533739B8BB6085EAF7AE8DC2D9" -"F224E6874926C8D24D34B457FD2C9A586C6B99582DC24F787A39E3942786CF1D494B6EB4" -"A513498CDA0B217C4E80BCE7DA1C704C35E071AC21E0DA9F57C27C3533F46A8D20B04137" -"C1B1384BE4B2EB46"; -const char *mp15 = -"39849CF7FD65AF2E3C4D87FE5526221103D90BA26A6642FFE3C3ECC0887BBBC57E011BF1" -"05D822A841653509C68F79EBE51C0099B8CBB04DEF31F36F5954208A3209AC122F0E11D8" -"4AE67A494D78336A2066D394D42E27EF6B03DDAF6D69F5112C93E714D27C94F82FC7EF77" -"445768C68EAE1C4A1407BE1B303243391D325090449764AE469CC53EC8012C4C02A72F37" -"07ED7275D2CC8D0A14B5BCC6BF264941520EBA97E3E6BAE4EE8BC87EE0DDA1F5611A6ECB" -"65F8AEF4F184E10CADBDFA5A2FEF828901D18C20785E5CC63473D638762DA80625003711" -"9E984AC43E707915B133543AF9D5522C3E7180DC58E1E5381C1FB7DC6A5F4198F3E88FA6" -"CBB6DFA8B2D1C763226B253E18BCCB79A29EE82D2DE735078C8AE3C3C86D476AAA08434C" -"09C274BDD40A1D8FDE38D6536C22F44E807EB73DE4FB36C9F51E0BC835DDBE3A8EFCF2FE" -"672B525769DC39230EE624D5EEDBD837C82A52E153F37378C3AD68A81A7ADBDF3345DBCE" -"8FA18CA1DE618EF94DF72EAD928D4F45B9E51632ACF158CF8332C51891D1D12C2A7E6684" -"360C4BF177C952579A9F442CFFEC8DAE4821A8E7A31C4861D8464CA9116C60866C5E72F7" -"434ADBED36D54ACDFDFF70A4EFB46E285131FE725F1C637D1C62115EDAD01C4189716327" -"BFAA79618B1656CBFA22C2C965687D0381CC2FE0245913C4D8D96108213680BD8E93E821" -"822AD9DDBFE4BD04"; -const char *mp16 = "4A724340668DB150339A70"; -const char *mp17 = "8ADB90F58"; -const char *mp18 = "C64C230AB20E5"; -const char *mp19 = -"F1C9DACDA287F2E3C88DCE2393B8F53DAAAC1196DC36510962B6B59454CFE64B"; -const char *mp20 = -"D445662C8B6FE394107B867797750C326E0F4A967E135FC430F6CD7207913AC7"; - -const mp_digit md1 = 0; -const mp_digit md2 = 0x1; -const mp_digit md3 = 0x80; -const mp_digit md4 = 0x9C97; -const mp_digit md5 = 0xF5BF; -const mp_digit md6 = 0x14A0; -const mp_digit md7 = 0x03E8; -const mp_digit md8 = 0x0101; -const mp_digit md9 = 0xA; - -/* - Solutions of the form x_mpABC, where: - - x = (p)roduct, (s)um, (d)ifference, (q)uotient, (r)emainder, (g)cd, - (i)nverse, (e)xponent, square roo(t), (g)cd, (l)cm. A - leading 'm' indicates a modular operation, e.g. ms_mp12 is the - modular sum of operands 1 and 2 - - ABC are the operand numbers involved in the computation. If a 'd' - precedes the number, it is a digit operand; if a 'c' precedes it, - it is a constant; otherwise, it is a full integer. - */ - -const char *p_mp12 = "4286AD72E095C9FE009938750743174ADDD7FD1E53"; -const char *p_mp34 = "-46BDBD66CA108C94A8CF46C325F7B6E2F2BA82D35" - "A1BFD6934C441EE369B60CA29BADC26845E918B"; -const char *p_mp57 = "E260C265A0A27C17AD5F4E59D6E0360217A2EBA6"; -const char *p_mp22 = "7233B5C1097FFC77CCF55928FDC3A5D31B712FDE7A1E91"; -const char *p_mp1d4 = "3CECEA2331F4220BEF68DED"; -const char *p_mp8d6 = "6720"; -const char *p_mp1113 = -"11590FC3831C8C3C51813142C88E566408DB04F9E27642F6471A1822E0100B12F7F1" -"5699A127C0FA9D26DCBFF458522661F30C6ADA4A07C8C90F9116893F6DBFBF24C3A2" -"4340"; -const char *p_mp1415 = -"26B36540DE8B3586699CCEAE218A2842C7D5A01590E70C4A26E789107FBCDB06AA2C" -"6DDC39E6FA18B16FCB2E934C9A5F844DAD60EE3B1EA82199EC5E9608F67F860FB965" -"736055DF0E8F2540EB28D07F47E309B5F5D7C94FF190AB9C83A6970160CA700B1081" -"F60518132AF28C6CEE6B7C473E461ABAC52C39CED50A08DD4E7EA8BA18DAD545126D" -"A388F6983C29B6BE3F9DCBC15766E8E6D626A92C5296A9C4653CAE5788350C0E2107" -"F57E5E8B6994C4847D727FF1A63A66A6CEF42B9C9E6BD04C92550B85D5527DE8A132" -"E6BE89341A9285C7CE7FB929D871BBCBD0ED2863B6B078B0DBB30FCA66D6C64284D6" -"57F394A0271E15B6EC7A9D530EBAC6CA262EF6F97E1A29FCE7749240E4AECA591ECF" -"272122BC587370F9371B67BB696B3CDC1BC8C5B64B6280994EBA00CDEB8EB0F5D06E" -"18F401D65FDCECF23DD7B9BB5B4C5458AEF2CCC09BA7F70EACB844750ACFD027521E" -"2E047DE8388B35F8512D3DA46FF1A12D4260213602BF7BFFDB6059439B1BD0676449" -"8D98C74F48FB3F548948D5BA0C8ECFCD054465132DC43466D6BBD59FBAF8D6D4E157" -"2D612B40A956C7D3E140F3B8562EF18568B24D335707D5BAC7495014DF2444172426" -"FD099DED560D30D1F945386604AFC85C64BD1E5F531F5C7840475FC0CF0F79810012" -"4572BAF5A9910CDBD02B27FFCC3C7E5E88EF59F3AE152476E33EDA696A4F751E0AE4" -"A3D2792DEA78E25B9110E12A19EFD09EA47FF9D6594DA445478BEB6901EAF8A35B2D" -"FD59BEE9BF7AA8535B7D326EFA5AA2121B5EBE04DD85827A3D43BD04F4AA6D7B62A2" -"B6D7A3077286A511A431E1EF75FCEBA3FAE9D5843A8ED17AA02BBB1B571F904699C5" -"A6073F87DDD012E2322AB3F41F2A61F428636FE86914148E19B8EF8314ED83332F2F" -"8C2ADE95071E792C0A68B903E060DD322A75FD0C2B992059FCCBB58AFA06B50D1634" -"BBD93F187FCE0566609FCC2BABB269C66CEB097598AA17957BB4FDA3E64A1B30402E" -"851CF9208E33D52E459A92C63FBB66435BB018E155E2C7F055E0B7AB82CD58FC4889" -"372ED9EEAC2A07E8E654AB445B9298D2830D6D4DFD117B9C8ABE3968927DC24B3633" -"BAD6E6466DB45DDAE87A0AB00336AC2CCCE176704F7214FCAB55743AB76C2B6CA231" -"7984610B27B5786DE55C184DDF556EDFEA79A3652831940DAD941E243F482DC17E50" -"284BC2FB1AD712A92542C573E55678878F02DFD9E3A863C7DF863227AEDE14B47AD3" -"957190124820ADC19F5353878EDB6BF7D0C77352A6E3BDB53EEB88F5AEF6226D6E68" -"756776A8FB49B77564147A641664C2A54F7E5B680CCC6A4D22D894E464DF20537094" -"548F1732452F9E7F810C0B4B430C073C0FBCE03F0D03F82630654BCE166AA772E1EE" -"DD0C08D3E3EBDF0AF54203B43AFDFC40D8FC79C97A4B0A4E1BEB14D8FCEFDDED8758" -"6ED65B18"; - -const char *mp_mp345 = "B9B6D3A3"; -const char *mp_mp335 = "16609C2D"; - -const char *s_mp13 = "B55AA8DF8A7E83241F38B2B446B06A4FB84E5DE0"; -const char *s_mp34 = "517EE6B92EF65C965736EB6BF7C325F73504CEB6"; -const char *s_mp46 = "-63DBC2265B88268DC801C10EA68476B7BDE0090F"; -const char *s_mp5d4 = "F59667D9"; -const char *s_mp2d5 = "AAFC0A3FE45E5E09DBF21E8"; -const char *s_mp1415 = -"E5C43DE2B811F4A084625F96E9504039E5258D8348E698CEB9F4D4292622042DB446" -"F75F4B65C1FB7A317257FA354BB5A45E789AEC254EAECE11F80A53E3B513822491DB" -"D9399DEC4807A2A3A10360129AC93F4A42388D3BF20B310DD0E9E9F4BE07FC88D53A" -"78A26091E0AB506A70813712CCBFBDD440A69A906E650EE090FDD6A42A95AC1A414D" -"317F1A9F781E6A30E9EE142ECDA45A1E3454A1417A7B9A613DA90831CF88EA1F2E82" -"41AE88CC4053220903C2E05BCDD42F02B8CF8868F84C64C5858BAD356143C5494607" -"EE22E11650148BAF65A985F6FC4CA540A55697F2B5AA95D6B8CF96EF638416DE1DD6" -"3BA9E2C09E22D03E75B60BE456C642F86B82A709253E5E087B507DE3A45F8392423F" -"4DBC284E8DC88C43CA77BC8DCEFB6129A59025F80F90FF978116DEBB9209E306FBB9" -"1B6111F8B8CFACB7C7C9BC12691C22EE88303E1713F1DFCEB622B8EA102F6365678B" -"C580ED87225467AA78E875868BD53B17574BA59305BC1AC666E4B7E9ED72FCFC200E" -"189D98FC8C5C7533739C53F52DDECDDFA5A8668BFBD40DABC9640F8FCAE58F532940" -"8162261320A25589E9FB51B50F80056471F24B7E1AEC35D1356FC2747FFC13A04B34" -"24FCECE10880BD9D97CA8CDEB2F5969BF4F30256EB5ED2BCD1DC64BDC2EE65217848" -"48A37FB13F84ED4FB7ACA18C4639EE64309BDD3D552AEB4AAF44295943DC1229A497" -"A84A"; - -const char *ms_mp345 = "1E71E292"; - -const char *d_mp12 = "-AAFBA6A55DD183FD854A60E"; -const char *d_mp34 = "119366B05E606A9B1E73A6D8944CC1366B0C4E0D4"; -const char *d_mp5d4 = "F5952EAB"; -const char *d_mp6d2 = "-1"; -const char *md_mp345 = "26596B86"; - -const char *q_mp42 = "-95825A1FFA1A155D5"; -const char *r_mp42 = "-6312E99D7700A3DCB32ADF2"; -const char *q_mp45a = "15344CDA3D841F661D2B61B6EDF7828CE36"; -const char *r_mp45a = "-47C47B"; -const char *q_mp7c2 = "75FD3890E6C1C67321CE62CEEDA65F79"; -const char *q_mp3d6 = "8CAFD53C272BD6FE8B0847BDC3B539EFAB5C3"; -const char *r_mp3d6 = "1E5"; -const char *r_mp5d5 = "1257"; -const char *r_mp47 = "B3A9018D970281A90FB729A181D95CB8"; -const char *q_mp1404 = -"-1B994D869142D3EF6123A3CBBC3C0114FA071CFCEEF4B7D231D65591D32501AD80F" -"FF49AE4EC80514CC071EF6B42521C2508F4CB2FEAD69A2D2EF3934087DCAF88CC4C4" -"659F1CA8A7F4D36817D802F778F1392337FE36302D6865BF0D4645625DF8BB044E19" -"930635BE2609FAC8D99357D3A9F81F2578DE15A300964188292107DAC980E0A08CD7" -"E938A2135FAD45D50CB1D8C2D4C4E60C27AB98B9FBD7E4DBF752C57D2674520E4BB2" -"7E42324C0EFE84FB3E38CF6950E699E86FD45FE40D428400F2F94EDF7E94FAE10B45" -"89329E1BF61E5A378C7B31C9C6A234F8254D4C24823B84D0BF8D671D8BC9154DFAC9" -"49BD8ACABD6BD32DD4DC587F22C86153CB3954BDF7C2A890D623642492C482CF3E2C" -"776FC019C3BBC61688B485E6FD35D6376089C1E33F880E84C4E51E8ABEACE1B3FB70" -"3EAD0E28D2D44E7F1C0A859C840775E94F8C1369D985A3C5E8114B21D68B3CBB75D2" -"791C586153C85B90CAA483E57A40E2D97950AAB84920A4396C950C87C7FFFE748358" -"42A0BF65445B26D40F05BE164B822CA96321F41D85A289C5F5CD5F438A78704C9683" -"422299D21899A22F853B0C93081CC9925E350132A0717A611DD932A68A0ACC6E4C7F" -"7F685EF8C1F4910AEA5DC00BB5A36FCA07FFEAA490C547F6E14A08FE87041AB803E1" -"BD9E23E4D367A2C35762F209073DFF48F3"; -const char *r_mp1404 = "12FF98621ABF63144BFFC3207AC8FC10D8D1A09"; - -const char *q_mp13c = - "34584F700C15A341E40BF7BFDD88A6630C8FF2B2067469372D391342" - "BDAB6163963CD5A5C79F708BDE26E0CCF2DB66CD6D6089E29A877C45"; -const char *r_mp13c = "F2B050D226E6DA88"; -const char *q_mp9c16 = "F74A2876A1432698923B0767DA19DCF3D71795E"; -const char *r_mp9c16 = "E"; - -const char *e_mp5d9 = "A8FD7145E727A20E52E73D22990D35D158090307A" - "13A5215AAC4E9AB1E96BD34E531209E03310400"; -const char *e_mp78 = "AA5F72C737DFFD8CCD108008BFE7C79ADC01A819B" - "32B75FB82EC0FB8CA83311DA36D4063F1E57857A2" - "1AB226563D84A15BB63CE975FF1453BD6750C58D9" - "D113175764F5D0B3C89B262D4702F4D9640A3"; -const char *me_mp817 = "E504493ACB02F7F802B327AB13BF25"; -const char *me_mp5d47 = "1D45ED0D78F2778157992C951DD2734C"; -const char *me_mp1512 = "FB5B2A28D902B9D9"; -const char *me_mp161718 = "423C6AC6DBD74"; -const char *me_mp5114 = -"64F0F72807993578BBA3C7C36FFB184028F9EB9A810C92079E1498D8A80FC848E1F0" -"25F1DE43B7F6AC063F5CC29D8A7C2D7A66269D72BF5CDC327AF88AF8EF9E601DCB0A" -"3F35BFF3525FB1B61CE3A25182F17C0A0633B4089EA15BDC47664A43FEF639748AAC" -"19CF58E83D8FA32CD10661D2D4210CC84792937E6F36CB601851356622E63ADD4BD5" -"542412C2E0C4958E51FD2524AABDC7D60CFB5DB332EEC9DC84210F10FAE0BA2018F2" -"14C9D6867C9D6E49CF28C18D06CE009FD4D04BFC8837C3FAAA773F5CCF6DED1C22DE" -"181786AFE188540586F2D74BF312E595244E6936AE52E45742109BAA76C36F2692F5" -"CEF97AD462B138BE92721194B163254CBAAEE9B9864B21CCDD5375BCAD0D24132724" -"113D3374B4BCF9AA49BA5ACBC12288C0BCF46DCE6CB4A241A91BD559B130B6E9CD3D" -"D7A2C8B280C2A278BA9BF5D93244D563015C9484B86D9FEB602501DC16EEBC3EFF19" -"53D7999682BF1A1E3B2E7B21F4BDCA3C355039FEF55B9C0885F98DC355CA7A6D8ECF" -"5F7F1A6E11A764F2343C823B879B44616B56BF6AE3FA2ACF5483660E618882018E3F" -"C8459313BACFE1F93CECC37B2576A5C0B2714BD3EEDEEC22F0E7E3E77B11396B9B99" -"D683F2447A4004BBD4A57F6A616CDDFEC595C4FC19884CC2FC21CF5BF5B0B81E0F83" -"B9DDA0CF4DFF35BB8D31245912BF4497FD0BD95F0C604E26EA5A8EA4F5EAE870A5BD" -"FE8C"; - -const char *e_mpc2d3 = "100000000000000000000000000000000"; - -const char *t_mp9 = "FB9B6E32FF0452A34746"; -const char *i_mp27 = "B6AD8DCCDAF92B6FE57D062FFEE3A99"; -const char *i_mp2019 = -"BDF3D88DC373A63EED92903115B03FC8501910AF68297B4C41870AED3EA9F839"; -/* "15E3FE09E8AE5523AABA197BD2D16318D3CA148EDF4AE1C1C52FC96AFAF5680B"; */ - - -const char *t_mp15 = -"795853094E59B0008093BCA8DECF68587C64BDCA2F3F7F8963DABC12F1CFFFA9B8C4" -"365232FD4751870A0EF6CA619287C5D8B7F1747D95076AB19645EF309773E9EACEA0" -"975FA4AE16251A8DA5865349C3A903E3B8A2C0DEA3C0720B6020C7FED69AFF62BB72" -"10FAC443F9FFA2950776F949E819260C2AF8D94E8A1431A40F8C23C1973DE5D49AA2" -"0B3FF5DA5C1D5324E712A78FF33A9B1748F83FA529905924A31DF38643B3F693EF9B" -"58D846BB1AEAE4523ECC843FF551C1B300A130B65C1677402778F98C51C10813250E" -"2496882877B069E877B59740DC1226F18A5C0F66F64A5F59A9FAFC5E9FC45AEC0E7A" -"BEE244F7DD3AC268CF512A0E52E4F5BE5B94"; - -const char *g_mp71 = "1"; -const char *g_mp25 = "7"; -const char *l_mp1011 = "C589E3D7D64A6942A000"; - -/* mp9 in radices from 5 to 64 inclusive */ -#define LOW_RADIX 5 -#define HIGH_RADIX 64 -const char *v_mp9[] = { - "404041130042310320100141302000203430214122130002340212132414134210033", - "44515230120451152500101352430105520150025145320010504454125502", - "644641136612541136016610100564613624243140151310023515322", - "173512120732412062323044435407317550316717172705712756", - "265785018434285762514442046172754680368422060744852", - "1411774500397290569709059837552310354075408897518", - "184064268501499311A17746095910428222A241708032A", - "47706011B225950B02BB45602AA039893118A85950892", - "1A188C826B982353CB58422563AC602B783101671A86", - "105957B358B89B018958908A9114BC3DDC410B77982", - "CB7B3387E23452178846C55DD9D70C7CA9AEA78E8", - "F74A2876A1432698923B0767DA19DCF3D71795EE", - "17BF7C3673B76D7G7A5GA836277296F806E7453A", - "2EBG8HH3HFA6185D6H0596AH96G24C966DD3HG2", - "6G3HGBFEG8I3F25EAF61B904EIA40CFDH2124F", - "10AHC3D29EBHDF3HD97905CG0JA8061855C3FI", - "3BA5A55J5K699B2D09C38A4B237CH51IHA132", - "EDEA90DJ0B5CB3FGG1C8587FEB99D3C143CA", - "31M26JI1BBD56K3I028MML4EEDMAJK60LGLE", - "GGG5M3142FKKG82EJ28111D70EMHC241E4E", - "4446F4D5H10982023N297BF0DKBBHLLJB0I", - "12E9DEEOBMKAKEP0IM284MIP7FO1O521M46", - "85NN0HD48NN2FDDB1F5BMMKIB8CK20MDPK", - "2D882A7A0O0JPCJ4APDRIB77IABAKDGJP2", - "MFMCI0R7S27AAA3O3L2S8K44HKA7O02CN", - "7IGQS73FFSHC50NNH44B6PTTNLC3M6H78", - "2KLUB3U9850CSN6ANIDNIF1LB29MJ43LH", - "UT52GTL18CJ9H4HR0TJTK6ESUFBHF5FE", - "BTVL87QQBMUGF8PFWU4W3VU7U922QTMW", - "4OG10HW0MSWJBIDEE2PDH24GA7RIHIAA", - "1W8W9AX2DRUX48GXOLMK0PE42H0FEUWN", - "SVWI84VBH069WR15W1U2VTK06USY8Z2", - "CPTPNPDa5TYCPPNLALENT9IMX2GL0W2", - "5QU21UJMRaUYYYYYN6GHSMPOYOXEEUY", - "2O2Q7C6RPPB1SXJ9bR4035SPaQQ3H2W", - "18d994IbT4PHbD7cGIPCRP00bbQO0bc", - "NcDUEEWRO7XT76260WGeBHPVa72RdA", - "BbX2WCF9VfSB5LPdJAdeXKV1fd6LC2", - "60QDKW67P4JSQaTdQg7JE9ISafLaVU", - "33ba9XbDbRdNF4BeDB2XYMhAVDaBdA", - "1RIPZJA8gT5L5H7fTcaRhQ39geMMTc", - "d65j70fBATjcDiidPYXUGcaBVVLME", - "LKA9jhPabDG612TXWkhfT2gMXNIP2", - "BgNaYhjfT0G8PBcYRP8khJCR3C9QE", - "6Wk8RhJTAgDh10fYAiUVB1aM0HacG", - "3dOCjaf78kd5EQNViUZWj3AfFL90I", - "290VWkL3aiJoW4MBbHk0Z0bDo22Ni", - "1DbDZ1hpPZNUDBUp6UigcJllEdC26", - "dFSOLBUM7UZX8Vnc6qokGIOiFo1h", - "NcoUYJOg0HVmKI9fR2ag0S8R2hrK", - "EOpiJ5Te7oDe2pn8ZhAUKkhFHlZh", - "8nXK8rp8neV8LWta1WDgd1QnlWsU", - "5T3d6bcSBtHgrH9bCbu84tblaa7r", - "3PlUDIYUvMqOVCir7AtquK5dWanq", - "2A70gDPX2AtiicvIGGk9poiMtgvu", - "1MjiRxjk10J6SVAxFguv9kZiUnIc", - "rpre2vIDeb4h3sp50r1YBbtEx9L", - "ZHcoip0AglDAfibrsUcJ9M1C8fm", - "NHP18+eoe6uU54W49Kc6ZK7+bT2", - "FTAA7QXGoQOaZi7PzePtFFN5vNk" -}; - -const unsigned char b_mp4[] = { - 0x01, -#if MP_DIGIT_MAX > MP_32BIT_MAX - 0x00, 0x00, 0x00, 0x00, -#endif - 0x63, 0xDB, 0xC2, 0x26, - 0x5B, 0x88, 0x26, 0x8D, - 0xC8, 0x01, 0xC1, 0x0E, - 0xA6, 0x84, 0x76, 0xB7, - 0xBD, 0xE0, 0x09, 0x0F -}; - -/* Search for a test suite name in the names table */ -int find_name(char *name); -void reason(char *fmt, ...); - -/*------------------------------------------------------------------------*/ -/*------------------------------------------------------------------------*/ - -char g_intbuf[4096]; /* buffer for integer comparison */ -char a_intbuf[4096]; /* buffer for integer comparison */ -int g_verbose = 1; /* print out reasons for failure? */ -int res; - -#define IFOK(x) { if (MP_OKAY > (res = (x))) { \ - reason("test %s failed: error %d\n", #x, res); return 1; }} - -int main(int argc, char *argv[]) -{ - int which, res; - - srand((unsigned int)time(NULL)); - - if (argc < 2) { - fprintf(stderr, "Usage: %s | list\n" - "Type '%s help' for assistance\n", argv[0], argv[0]); - return 2; - } else if(argc > 2) { - if(strcmp(argv[2], "quiet") == 0) - g_verbose = 0; - } - - if(strcmp(argv[1], "help") == 0) { - fprintf(stderr, "Help for mpi-test\n\n" - "This program is a test driver for the MPI library, which\n" - "tests all the various functions in the library to make sure\n" - "they are working correctly. The syntax is:\n" - " %s \n" - "...where is the name of the test you wish to\n" - "run. To get a list of the tests, use '%s list'.\n\n" - "The program exits with a status of zero if the test passes,\n" - "or non-zero if it fails. Ordinarily, failure is accompanied\n" - "by a diagnostic message to standard error. To suppress this\n" - "add the keyword 'quiet' after the suite-name on the command\n" - "line.\n\n", argv[0], argv[0]); - return 0; - } - - if ((which = find_name(argv[1])) < 0) { - fprintf(stderr, "%s: test suite '%s' is not known\n", argv[0], argv[1]); - return 2; - } - - if((res = (g_tests[which])()) < 0) { - fprintf(stderr, "%s: test suite not implemented yet\n", argv[0]); - return 2; - } else { - return res; - } - -} - -/*------------------------------------------------------------------------*/ - -int find_name(char *name) -{ - int ix = 0; - - while(ix < g_count) { - if (strcmp(name, g_names[ix]) == 0) - return ix; - - ++ix; - } - - return -1; -} - -/*------------------------------------------------------------------------*/ - -int test_list(void) -{ - int ix; - - fprintf(stderr, "There are currently %d test suites available\n", - g_count); - - for(ix = 1; ix < g_count; ix++) - fprintf(stdout, "%-20s %s\n", g_names[ix], g_descs[ix]); - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_copy(void) -{ - mp_int a, b; - int ix; - - mp_init(&a); mp_init(&b); - - mp_read_radix(&a, mp3, 16); - mp_copy(&a, &b); - - if(SIGN(&a) != SIGN(&b) || USED(&a) != USED(&b)) { - if(SIGN(&a) != SIGN(&b)) { - reason("error: sign of original is %d, sign of copy is %d\n", - SIGN(&a), SIGN(&b)); - } else { - reason("error: original precision is %d, copy precision is %d\n", - USED(&a), USED(&b)); - } - mp_clear(&a); mp_clear(&b); - return 1; - } - - for(ix = 0; ix < USED(&b); ix++) { - if(DIGIT(&a, ix) != DIGIT(&b, ix)) { - reason("error: digit %d " DIGIT_FMT " != " DIGIT_FMT "\n", - ix, DIGIT(&a, ix), DIGIT(&b, ix)); - mp_clear(&a); mp_clear(&b); - return 1; - } - } - - mp_clear(&a); mp_clear(&b); - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_exch(void) -{ - mp_int a, b; - - mp_init(&a); mp_init(&b); - mp_read_radix(&a, mp7, 16); mp_read_radix(&b, mp1, 16); - - mp_exch(&a, &b); - mp_toradix(&a, g_intbuf, 16); - - mp_clear(&a); - if(strcmp(g_intbuf, mp1) != 0) { - mp_clear(&b); - reason("error: exchange failed\n"); - return 1; - } - - mp_toradix(&b, g_intbuf, 16); - - mp_clear(&b); - if(strcmp(g_intbuf, mp7) != 0) { - reason("error: exchange failed\n"); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_zero(void) -{ - mp_int a; - - mp_init(&a); mp_read_radix(&a, mp7, 16); - mp_zero(&a); - - if(USED(&a) != 1 || DIGIT(&a, 1) != 0) { - mp_toradix(&a, g_intbuf, 16); - reason("error: result is %s\n", g_intbuf); - mp_clear(&a); - return 1; - } - - mp_clear(&a); - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_set(void) -{ - mp_int a; - - /* Test single digit set */ - mp_init(&a); mp_set(&a, 5); - if(DIGIT(&a, 0) != 5) { - mp_toradix(&a, g_intbuf, 16); - reason("error: result is %s, expected 5\n", g_intbuf); - mp_clear(&a); - return 1; - } - - /* Test integer set */ - mp_set_int(&a, -4938110); - mp_toradix(&a, g_intbuf, 16); - mp_clear(&a); - if(strcmp(g_intbuf, mp5a) != 0) { - reason("error: result is %s, expected %s\n", g_intbuf, mp5a); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_abs(void) -{ - mp_int a; - - mp_init(&a); mp_read_radix(&a, mp4, 16); - mp_abs(&a, &a); - - if(SIGN(&a) != ZPOS) { - reason("error: sign of result is negative\n"); - mp_clear(&a); - return 1; - } - - mp_clear(&a); - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_neg(void) -{ - mp_int a; - mp_sign s; - - mp_init(&a); mp_read_radix(&a, mp4, 16); - - s = SIGN(&a); - mp_neg(&a, &a); - if(SIGN(&a) == s) { - reason("error: sign of result is same as sign of nonzero input\n"); - mp_clear(&a); - return 1; - } - - mp_clear(&a); - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_add_d(void) -{ - mp_int a; - - mp_init(&a); - - mp_read_radix(&a, mp5, 16); - mp_add_d(&a, md4, &a); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, s_mp5d4) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, s_mp5d4); - mp_clear(&a); - return 1; - } - - mp_read_radix(&a, mp2, 16); - mp_add_d(&a, md5, &a); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, s_mp2d5) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, s_mp2d5); - mp_clear(&a); - return 1; - } - - mp_clear(&a); - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_add(void) -{ - mp_int a, b; - int res = 0; - - mp_init(&a); mp_init(&b); - - mp_read_radix(&a, mp1, 16); mp_read_radix(&b, mp3, 16); - mp_add(&a, &b, &a); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, s_mp13) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, s_mp13); - res = 1; goto CLEANUP; - } - - mp_read_radix(&a, mp4, 16); - mp_add(&a, &b, &a); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, s_mp34) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, s_mp34); - res = 1; goto CLEANUP; - } - - mp_read_radix(&a, mp4, 16); mp_read_radix(&b, mp6, 16); - mp_add(&a, &b, &a); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, s_mp46) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, s_mp46); - res = 1; goto CLEANUP; - } - - mp_read_radix(&a, mp14, 16); mp_read_radix(&b, mp15, 16); - mp_add(&a, &b, &a); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, s_mp1415) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, s_mp1415); - res = 1; - } - - CLEANUP: - mp_clear(&a); mp_clear(&b); - return res; -} - -/*------------------------------------------------------------------------*/ - -int test_sub_d(void) -{ - mp_int a; - - mp_init(&a); - mp_read_radix(&a, mp5, 16); - - mp_sub_d(&a, md4, &a); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, d_mp5d4) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, d_mp5d4); - mp_clear(&a); - return 1; - } - - mp_read_radix(&a, mp6, 16); - - mp_sub_d(&a, md2, &a); - mp_toradix(&a, g_intbuf, 16); - - mp_clear(&a); - if(strcmp(g_intbuf, d_mp6d2) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, d_mp6d2); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_sub(void) -{ - mp_int a, b; - - mp_init(&a); mp_init(&b); - - mp_read_radix(&a, mp1, 16); mp_read_radix(&b, mp2, 16); - mp_sub(&a, &b, &a); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, d_mp12) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, d_mp12); - mp_clear(&a); mp_clear(&b); - return 1; - } - - mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16); - mp_sub(&a, &b, &a); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, d_mp34) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, d_mp34); - mp_clear(&a); mp_clear(&b); - return 1; - } - - mp_clear(&a); mp_clear(&b); - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_mul_d(void) -{ - mp_int a; - - mp_init(&a); - mp_read_radix(&a, mp1, 16); - - IFOK( mp_mul_d(&a, md4, &a) ); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, p_mp1d4) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, p_mp1d4); - mp_clear(&a); - return 1; - } - - mp_read_radix(&a, mp8, 16); - IFOK( mp_mul_d(&a, md6, &a) ); - mp_toradix(&a, g_intbuf, 16); - - mp_clear(&a); - if(strcmp(g_intbuf, p_mp8d6) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, p_mp8d6); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_mul(void) -{ - mp_int a, b; - int res = 0; - - mp_init(&a); mp_init(&b); - mp_read_radix(&a, mp1, 16); mp_read_radix(&b, mp2, 16); - - IFOK( mp_mul(&a, &b, &a) ); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, p_mp12) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, p_mp12); - res = 1; goto CLEANUP; - } - - mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16); - IFOK( mp_mul(&a, &b, &a) ); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, p_mp34) !=0) { - reason("error: computed %s, expected %s\n", g_intbuf, p_mp34); - res = 1; goto CLEANUP; - } - - mp_read_radix(&a, mp5, 16); mp_read_radix(&b, mp7, 16); - IFOK( mp_mul(&a, &b, &a) ); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, p_mp57) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, p_mp57); - res = 1; goto CLEANUP; - } - - mp_read_radix(&a, mp11, 16); mp_read_radix(&b, mp13, 16); - IFOK( mp_mul(&a, &b, &a) ); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, p_mp1113) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, p_mp1113); - res = 1; goto CLEANUP; - } - - mp_read_radix(&a, mp14, 16); mp_read_radix(&b, mp15, 16); - IFOK( mp_mul(&a, &b, &a) ); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, p_mp1415) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, p_mp1415); - res = 1; - } - - CLEANUP: - mp_clear(&a); mp_clear(&b); - return res; - -} - -/*------------------------------------------------------------------------*/ - -int test_sqr(void) -{ - mp_int a; - - mp_init(&a); mp_read_radix(&a, mp2, 16); - - mp_sqr(&a, &a); - mp_toradix(&a, g_intbuf, 16); - - mp_clear(&a); - if(strcmp(g_intbuf, p_mp22) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, p_mp22); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_div_d(void) -{ - mp_int a, q; - mp_digit r; - int err = 0; - - mp_init(&a); mp_init(&q); - mp_read_radix(&a, mp3, 16); - - IFOK( mp_div_d(&a, md6, &q, &r) ); - mp_toradix(&q, g_intbuf, 16); - - if(strcmp(g_intbuf, q_mp3d6) != 0) { - reason("error: computed q = %s, expected %s\n", g_intbuf, q_mp3d6); - ++err; - } - - sprintf(g_intbuf, ZS_DIGIT_FMT, r); - - if(strcmp(g_intbuf, r_mp3d6) != 0) { - reason("error: computed r = %s, expected %s\n", g_intbuf, r_mp3d6); - ++err; - } - - mp_read_radix(&a, mp9, 16); - IFOK( mp_div_d(&a, 16, &q, &r) ); - mp_toradix(&q, g_intbuf, 16); - - if(strcmp(g_intbuf, q_mp9c16) != 0) { - reason("error: computed q = %s, expected %s\n", g_intbuf, q_mp9c16); - ++err; - } - - sprintf(g_intbuf, ZS_DIGIT_FMT, r); - - if(strcmp(g_intbuf, r_mp9c16) != 0) { - reason("error: computed r = %s, expected %s\n", g_intbuf, r_mp9c16); - ++err; - } - - mp_clear(&a); mp_clear(&q); - return err; -} - -/*------------------------------------------------------------------------*/ - -int test_div_2(void) -{ - mp_int a; - - mp_init(&a); mp_read_radix(&a, mp7, 16); - IFOK( mp_div_2(&a, &a) ); - mp_toradix(&a, g_intbuf, 16); - - mp_clear(&a); - if(strcmp(g_intbuf, q_mp7c2) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, q_mp7c2); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_div_2d(void) -{ - mp_int a, q, r; - - mp_init(&q); mp_init(&r); - mp_init(&a); mp_read_radix(&a, mp13, 16); - - IFOK( mp_div_2d(&a, 64, &q, &r) ); - mp_clear(&a); - - mp_toradix(&q, g_intbuf, 16); - - if(strcmp(g_intbuf, q_mp13c) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, q_mp13c); - mp_clear(&q); mp_clear(&r); - return 1; - } - - mp_clear(&q); - - mp_toradix(&r, g_intbuf, 16); - if(strcmp(g_intbuf, r_mp13c) != 0) { - reason("error, computed %s, expected %s\n", g_intbuf, r_mp13c); - mp_clear(&r); - return 1; - } - - mp_clear(&r); - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_div(void) -{ - mp_int a, b, r; - int err = 0; - - mp_init(&a); mp_init(&b); mp_init(&r); - - mp_read_radix(&a, mp4, 16); mp_read_radix(&b, mp2, 16); - IFOK( mp_div(&a, &b, &a, &r) ); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, q_mp42) != 0) { - reason("error: test 1 computed quot %s, expected %s\n", g_intbuf, q_mp42); - ++err; - } - - mp_toradix(&r, g_intbuf, 16); - - if(strcmp(g_intbuf, r_mp42) != 0) { - reason("error: test 1 computed rem %s, expected %s\n", g_intbuf, r_mp42); - ++err; - } - - mp_read_radix(&a, mp4, 16); mp_read_radix(&b, mp5a, 16); - IFOK( mp_div(&a, &b, &a, &r) ); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, q_mp45a) != 0) { - reason("error: test 2 computed quot %s, expected %s\n", g_intbuf, q_mp45a); - ++err; - } - - mp_toradix(&r, g_intbuf, 16); - - if(strcmp(g_intbuf, r_mp45a) != 0) { - reason("error: test 2 computed rem %s, expected %s\n", g_intbuf, r_mp45a); - ++err; - } - - mp_read_radix(&a, mp14, 16); mp_read_radix(&b, mp4, 16); - IFOK( mp_div(&a, &b, &a, &r) ); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, q_mp1404) != 0) { - reason("error: test 3 computed quot %s, expected %s\n", g_intbuf, q_mp1404); - ++err; - } - - mp_toradix(&r, g_intbuf, 16); - - if(strcmp(g_intbuf, r_mp1404) != 0) { - reason("error: test 3 computed rem %s, expected %s\n", g_intbuf, r_mp1404); - ++err; - } - - mp_clear(&a); mp_clear(&b); mp_clear(&r); - - return err; -} - -/*------------------------------------------------------------------------*/ - -int test_expt_d(void) -{ - mp_int a; - - mp_init(&a); mp_read_radix(&a, mp5, 16); - mp_expt_d(&a, md9, &a); - mp_toradix(&a, g_intbuf, 16); - - mp_clear(&a); - if(strcmp(g_intbuf, e_mp5d9) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, e_mp5d9); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_expt(void) -{ - mp_int a, b; - - mp_init(&a); mp_init(&b); - mp_read_radix(&a, mp7, 16); mp_read_radix(&b, mp8, 16); - - mp_expt(&a, &b, &a); - mp_toradix(&a, g_intbuf, 16); - mp_clear(&a); mp_clear(&b); - - if(strcmp(g_intbuf, e_mp78) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, e_mp78); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_2expt(void) -{ - mp_int a; - - mp_init(&a); - mp_2expt(&a, md3); - mp_toradix(&a, g_intbuf, 16); - mp_clear(&a); - - if(strcmp(g_intbuf, e_mpc2d3) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, e_mpc2d3); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_sqrt(void) -{ - mp_int a; - int res = 0; - - mp_init(&a); mp_read_radix(&a, mp9, 16); - mp_sqrt(&a, &a); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, t_mp9) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, t_mp9); - res = 1; goto CLEANUP; - } - - mp_read_radix(&a, mp15, 16); - mp_sqrt(&a, &a); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, t_mp15) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, t_mp15); - res = 1; - } - - CLEANUP: - mp_clear(&a); - return res; -} - -/*------------------------------------------------------------------------*/ - -int test_mod_d(void) -{ - mp_int a; - mp_digit r; - - mp_init(&a); mp_read_radix(&a, mp5, 16); - IFOK( mp_mod_d(&a, md5, &r) ); - sprintf(g_intbuf, ZS_DIGIT_FMT, r); - mp_clear(&a); - - if(strcmp(g_intbuf, r_mp5d5) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, r_mp5d5); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_mod(void) -{ - mp_int a, m; - - mp_init(&a); mp_init(&m); - mp_read_radix(&a, mp4, 16); mp_read_radix(&m, mp7, 16); - IFOK( mp_mod(&a, &m, &a) ); - mp_toradix(&a, g_intbuf, 16); - mp_clear(&a); mp_clear(&m); - - if(strcmp(g_intbuf, r_mp47) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, r_mp47); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_addmod(void) -{ - mp_int a, b, m; - - mp_init(&a); mp_init(&b); mp_init(&m); - mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16); - mp_read_radix(&m, mp5, 16); - - IFOK( mp_addmod(&a, &b, &m, &a) ); - mp_toradix(&a, g_intbuf, 16); - mp_clear(&a); mp_clear(&b); mp_clear(&m); - - if(strcmp(g_intbuf, ms_mp345) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, ms_mp345); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_submod(void) -{ - mp_int a, b, m; - - mp_init(&a); mp_init(&b); mp_init(&m); - mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16); - mp_read_radix(&m, mp5, 16); - - IFOK( mp_submod(&a, &b, &m, &a) ); - mp_toradix(&a, g_intbuf, 16); - mp_clear(&a); mp_clear(&b); mp_clear(&m); - - if(strcmp(g_intbuf, md_mp345) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, md_mp345); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_mulmod(void) -{ - mp_int a, b, m; - - mp_init(&a); mp_init(&b); mp_init(&m); - mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16); - mp_read_radix(&m, mp5, 16); - - IFOK( mp_mulmod(&a, &b, &m, &a) ); - mp_toradix(&a, g_intbuf, 16); - mp_clear(&a); mp_clear(&b); mp_clear(&m); - - if(strcmp(g_intbuf, mp_mp345) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, mp_mp345); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_sqrmod(void) -{ - mp_int a, m; - - mp_init(&a); mp_init(&m); - mp_read_radix(&a, mp3, 16); mp_read_radix(&m, mp5, 16); - - IFOK( mp_sqrmod(&a, &m, &a) ); - mp_toradix(&a, g_intbuf, 16); - mp_clear(&a); mp_clear(&m); - - if(strcmp(g_intbuf, mp_mp335) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, mp_mp335); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_exptmod(void) -{ - mp_int a, b, m; - int res = 0; - - mp_init(&a); mp_init(&b); mp_init(&m); - mp_read_radix(&a, mp8, 16); mp_read_radix(&b, mp1, 16); - mp_read_radix(&m, mp7, 16); - - IFOK( mp_exptmod(&a, &b, &m, &a) ); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, me_mp817) != 0) { - reason("case 1: error: computed %s, expected %s\n", g_intbuf, me_mp817); - res = 1; goto CLEANUP; - } - - mp_read_radix(&a, mp1, 16); mp_read_radix(&b, mp5, 16); - mp_read_radix(&m, mp12, 16); - - IFOK( mp_exptmod(&a, &b, &m, &a) ); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, me_mp1512) != 0) { - reason("case 2: error: computed %s, expected %s\n", g_intbuf, me_mp1512); - res = 1; goto CLEANUP; - } - - mp_read_radix(&a, mp5, 16); mp_read_radix(&b, mp1, 16); - mp_read_radix(&m, mp14, 16); - - IFOK( mp_exptmod(&a, &b, &m, &a) ); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, me_mp5114) != 0) { - reason("case 3: error: computed %s, expected %s\n", g_intbuf, me_mp5114); - res = 1; - } - - mp_read_radix(&a, mp16, 16); mp_read_radix(&b, mp17, 16); - mp_read_radix(&m, mp18, 16); - - IFOK( mp_exptmod(&a, &b, &m, &a) ); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, me_mp161718) != 0) { - reason("case 4: error: computed %s, expected %s\n", g_intbuf, me_mp161718); - res = 1; - } - - CLEANUP: - mp_clear(&a); mp_clear(&b); mp_clear(&m); - return res; -} - -/*------------------------------------------------------------------------*/ - -int test_exptmod_d(void) -{ - mp_int a, m; - - mp_init(&a); mp_init(&m); - mp_read_radix(&a, mp5, 16); mp_read_radix(&m, mp7, 16); - - IFOK( mp_exptmod_d(&a, md4, &m, &a) ); - mp_toradix(&a, g_intbuf, 16); - mp_clear(&a); mp_clear(&m); - - if(strcmp(g_intbuf, me_mp5d47) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, me_mp5d47); - return 1; - } - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_invmod(void) -{ - mp_int a, m, c; - mp_int p1, p2, p3, p4, p5; - mp_int t1, t2, t3, t4; - mp_err res; - - /* 5 128-bit primes. */ - static const char ivp1[] = { "AAD8A5A2A2BEF644BAEE7DB0CA643719" }; - static const char ivp2[] = { "CB371AD2B79A90BCC88D0430663E40B9" }; - static const char ivp3[] = { "C6C818D4DF2618406CA09280C0400099" }; - static const char ivp4[] = { "CE949C04512E68918006B1F0D7E93F27" }; - static const char ivp5[] = { "F8EE999B6416645040687440E0B89F51" }; - - mp_init(&a); mp_init(&m); - mp_read_radix(&a, mp2, 16); mp_read_radix(&m, mp7, 16); - - IFOK( mp_invmod(&a, &m, &a) ); - - mp_toradix(&a, g_intbuf, 16); - mp_clear(&a); mp_clear(&m); - - if(strcmp(g_intbuf, i_mp27) != 0) { - reason("error: invmod test 1 computed %s, expected %s\n", g_intbuf, i_mp27); - return 1; - } - - mp_init(&a); mp_init(&m); - mp_read_radix(&a, mp20, 16); mp_read_radix(&m, mp19, 16); - - IFOK( mp_invmod(&a, &m, &a) ); - - mp_toradix(&a, g_intbuf, 16); - mp_clear(&a); mp_clear(&m); - - if(strcmp(g_intbuf, i_mp2019) != 0) { - reason("error: invmod test 2 computed %s, expected %s\n", g_intbuf, i_mp2019); - return 1; - } - -/* Need the following test cases: - Odd modulus - - a is odd, relatively prime to m - - a is odd, not relatively prime to m - - a is even, relatively prime to m - - a is even, not relatively prime to m - Even modulus - - a is even (should fail) - - a is odd, not relatively prime to m - - a is odd, relatively prime to m, - m is not a power of 2 - - m has factor 2**k, k < 32 - - m has factor 2**k, k > 32 - m is a power of 2, 2**k - - k < 32 - - k > 32 -*/ - - mp_init(&a); mp_init(&m); mp_init(&c); - mp_init(&p1); mp_init(&p2); mp_init(&p3); mp_init(&p4); mp_init(&p5); - mp_init(&t1); mp_init(&t2); mp_init(&t3); mp_init(&t4); - - mp_read_radix(&p1, ivp1, 16); - mp_read_radix(&p2, ivp2, 16); - mp_read_radix(&p3, ivp3, 16); - mp_read_radix(&p4, ivp4, 16); - mp_read_radix(&p5, ivp5, 16); - - IFOK( mp_2expt(&t2, 68) ); /* t2 = 2**68 */ - IFOK( mp_2expt(&t3, 128) ); /* t3 = 2**128 */ - IFOK( mp_2expt(&t4, 31) ); /* t4 = 2**31 */ - -/* test 3: Odd modulus - a is odd, relatively prime to m */ - - IFOK( mp_mul(&p1, &p2, &a) ); - IFOK( mp_mul(&p3, &p4, &m) ); - IFOK( mp_invmod(&a, &m, &t1) ); - IFOK( mp_invmod_xgcd(&a, &m, &c) ); - - if (mp_cmp(&t1, &c) != 0) { - mp_toradix(&t1, g_intbuf, 16); - mp_toradix(&c, a_intbuf, 16); - reason("error: invmod test 3 computed %s, expected %s\n", - g_intbuf, a_intbuf); - return 1; - } - mp_clear(&a); mp_clear(&t1); mp_clear(&c); - mp_init(&a); mp_init(&t1); mp_init(&c); - -/* test 4: Odd modulus - a is odd, NOT relatively prime to m */ - - IFOK( mp_mul(&p1, &p3, &a) ); - /* reuse same m as before */ - - res = mp_invmod_xgcd(&a, &m, &c); - if (res != MP_UNDEF) - goto CLEANUP4; - - res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */ - if (res != MP_UNDEF) { -CLEANUP4: - reason("error: invmod test 4 succeeded, should have failed.\n"); - return 1; - } - mp_clear(&a); mp_clear(&t1); mp_clear(&c); - mp_init(&a); mp_init(&t1); mp_init(&c); - -/* test 5: Odd modulus - a is even, relatively prime to m */ - - IFOK( mp_mul(&p1, &t2, &a) ); - /* reuse m */ - IFOK( mp_invmod(&a, &m, &t1) ); - IFOK( mp_invmod_xgcd(&a, &m, &c) ); - - if (mp_cmp(&t1, &c) != 0) { - mp_toradix(&t1, g_intbuf, 16); - mp_toradix(&c, a_intbuf, 16); - reason("error: invmod test 5 computed %s, expected %s\n", - g_intbuf, a_intbuf); - return 1; - } - mp_clear(&a); mp_clear(&t1); mp_clear(&c); - mp_init(&a); mp_init(&t1); mp_init(&c); - -/* test 6: Odd modulus - a is odd, NOT relatively prime to m */ - - /* reuse t2 */ - IFOK( mp_mul(&t2, &p3, &a) ); - /* reuse same m as before */ - - res = mp_invmod_xgcd(&a, &m, &c); - if (res != MP_UNDEF) - goto CLEANUP6; - - res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */ - if (res != MP_UNDEF) { -CLEANUP6: - reason("error: invmod test 6 succeeded, should have failed.\n"); - return 1; - } - mp_clear(&a); mp_clear(&m); mp_clear(&c); mp_clear(&t1); - mp_init(&a); mp_init(&m); mp_init(&c); mp_init(&t1); - -/* test 7: Even modulus, even a, should fail */ - - IFOK( mp_mul(&p3, &t3, &m) ); /* even m */ - /* reuse t2 */ - IFOK( mp_mul(&p1, &t2, &a) ); /* even a */ - - res = mp_invmod_xgcd(&a, &m, &c); - if (res != MP_UNDEF) - goto CLEANUP7; - - res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */ - if (res != MP_UNDEF) { -CLEANUP7: - reason("error: invmod test 7 succeeded, should have failed.\n"); - return 1; - } - mp_clear(&a); mp_clear(&c); mp_clear(&t1); - mp_init(&a); mp_init(&c); mp_init(&t1); - -/* test 8: Even modulus - a is odd, not relatively prime to m */ - - /* reuse m */ - IFOK( mp_mul(&p3, &p1, &a) ); /* even a */ - - res = mp_invmod_xgcd(&a, &m, &c); - if (res != MP_UNDEF) - goto CLEANUP8; - - res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */ - if (res != MP_UNDEF) { -CLEANUP8: - reason("error: invmod test 8 succeeded, should have failed.\n"); - return 1; - } - mp_clear(&a); mp_clear(&m); mp_clear(&c); mp_clear(&t1); - mp_init(&a); mp_init(&m); mp_init(&c); mp_init(&t1); - -/* test 9: Even modulus - m has factor 2**k, k < 32 - * - a is odd, relatively prime to m, - */ - IFOK( mp_mul(&p3, &t4, &m) ); /* even m */ - IFOK( mp_mul(&p1, &p2, &a) ); - IFOK( mp_invmod(&a, &m, &t1) ); - IFOK( mp_invmod_xgcd(&a, &m, &c) ); - - if (mp_cmp(&t1, &c) != 0) { - mp_toradix(&t1, g_intbuf, 16); - mp_toradix(&c, a_intbuf, 16); - reason("error: invmod test 9 computed %s, expected %s\n", - g_intbuf, a_intbuf); - return 1; - } - mp_clear(&m); mp_clear(&t1); mp_clear(&c); - mp_init(&m); mp_init(&t1); mp_init(&c); - -/* test 10: Even modulus - m has factor 2**k, k > 32 - * - a is odd, relatively prime to m, - */ - IFOK( mp_mul(&p3, &t3, &m) ); /* even m */ - /* reuse a */ - IFOK( mp_invmod(&a, &m, &t1) ); - IFOK( mp_invmod_xgcd(&a, &m, &c) ); - - if (mp_cmp(&t1, &c) != 0) { - mp_toradix(&t1, g_intbuf, 16); - mp_toradix(&c, a_intbuf, 16); - reason("error: invmod test 10 computed %s, expected %s\n", - g_intbuf, a_intbuf); - return 1; - } - mp_clear(&t1); mp_clear(&c); - mp_init(&t1); mp_init(&c); - -/* test 11: Even modulus - m is a power of 2, 2**k | k < 32 - * - a is odd, relatively prime to m, - */ - IFOK( mp_invmod(&a, &t4, &t1) ); - IFOK( mp_invmod_xgcd(&a, &t4, &c) ); - - if (mp_cmp(&t1, &c) != 0) { - mp_toradix(&t1, g_intbuf, 16); - mp_toradix(&c, a_intbuf, 16); - reason("error: invmod test 11 computed %s, expected %s\n", - g_intbuf, a_intbuf); - return 1; - } - mp_clear(&t1); mp_clear(&c); - mp_init(&t1); mp_init(&c); - -/* test 12: Even modulus - m is a power of 2, 2**k | k > 32 - * - a is odd, relatively prime to m, - */ - IFOK( mp_invmod(&a, &t3, &t1) ); - IFOK( mp_invmod_xgcd(&a, &t3, &c) ); - - if (mp_cmp(&t1, &c) != 0) { - mp_toradix(&t1, g_intbuf, 16); - mp_toradix(&c, a_intbuf, 16); - reason("error: invmod test 12 computed %s, expected %s\n", - g_intbuf, a_intbuf); - return 1; - } - - mp_clear(&a); mp_clear(&m); mp_clear(&c); - mp_clear(&t1); mp_clear(&t2); mp_clear(&t3); mp_clear(&t4); - mp_clear(&p1); mp_clear(&p2); mp_clear(&p3); mp_clear(&p4); mp_clear(&p5); - - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_cmp_d(void) -{ - mp_int a; - - mp_init(&a); mp_read_radix(&a, mp8, 16); - - if(mp_cmp_d(&a, md8) >= 0) { - reason("error: %s >= " DIGIT_FMT "\n", mp8, md8); - mp_clear(&a); - return 1; - } - - mp_read_radix(&a, mp5, 16); - - if(mp_cmp_d(&a, md8) <= 0) { - reason("error: %s <= " DIGIT_FMT "\n", mp5, md8); - mp_clear(&a); - return 1; - } - - mp_read_radix(&a, mp6, 16); - - if(mp_cmp_d(&a, md1) != 0) { - reason("error: %s != " DIGIT_FMT "\n", mp6, md1); - mp_clear(&a); - return 1; - } - - mp_clear(&a); - return 0; - -} - -/*------------------------------------------------------------------------*/ - -int test_cmp_z(void) -{ - mp_int a; - - mp_init(&a); mp_read_radix(&a, mp6, 16); - - if(mp_cmp_z(&a) != 0) { - reason("error: someone thinks a zero value is non-zero\n"); - mp_clear(&a); - return 1; - } - - mp_read_radix(&a, mp1, 16); - - if(mp_cmp_z(&a) <= 0) { - reason("error: someone thinks a positive value is non-positive\n"); - mp_clear(&a); - return 1; - } - - mp_read_radix(&a, mp4, 16); - - if(mp_cmp_z(&a) >= 0) { - reason("error: someone thinks a negative value is non-negative\n"); - mp_clear(&a); - return 1; - } - - mp_clear(&a); - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_cmp(void) -{ - mp_int a, b; - - mp_init(&a); mp_init(&b); - mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16); - - if(mp_cmp(&a, &b) <= 0) { - reason("error: %s <= %s\n", mp3, mp4); - mp_clear(&a); mp_clear(&b); - return 1; - } - - mp_read_radix(&b, mp3, 16); - if(mp_cmp(&a, &b) != 0) { - reason("error: %s != %s\n", mp3, mp3); - mp_clear(&a); mp_clear(&b); - return 1; - } - - mp_read_radix(&a, mp5, 16); - if(mp_cmp(&a, &b) >= 0) { - reason("error: %s >= %s\n", mp5, mp3); - mp_clear(&a); mp_clear(&b); - return 1; - } - - mp_read_radix(&a, mp5a, 16); - if(mp_cmp_int(&a, 1000000) >= 0 || - (mp_cmp_int(&a, -5000000) <= 0) || - (mp_cmp_int(&a, -4938110) != 0)) { - reason("error: long integer comparison failed (%s)", mp5a); - mp_clear(&a); mp_clear(&b); - return 1; - } - - mp_clear(&a); mp_clear(&b); - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_cmp_mag(void) -{ - mp_int a, b; - - mp_init(&a); mp_init(&b); - mp_read_radix(&a, mp5, 16); mp_read_radix(&b, mp4, 16); - - if(mp_cmp_mag(&a, &b) >= 0) { - reason("error: %s >= %s\n", mp5, mp4); - mp_clear(&a); mp_clear(&b); - return 1; - } - - mp_read_radix(&b, mp5, 16); - if(mp_cmp_mag(&a, &b) != 0) { - reason("error: %s != %s\n", mp5, mp5); - mp_clear(&a); mp_clear(&b); - return 1; - } - - mp_read_radix(&a, mp1, 16); - if(mp_cmp_mag(&b, &a) >= 0) { - reason("error: %s >= %s\n", mp5, mp1); - mp_clear(&a); mp_clear(&b); - return 1; - } - - mp_clear(&a); mp_clear(&b); - return 0; - -} - -/*------------------------------------------------------------------------*/ - -int test_parity(void) -{ - mp_int a; - - mp_init(&a); mp_read_radix(&a, mp1, 16); - - if(!mp_isodd(&a)) { - reason("error: expected operand to be odd, but it isn't\n"); - mp_clear(&a); - return 1; - } - - mp_read_radix(&a, mp6, 16); - - if(!mp_iseven(&a)) { - reason("error: expected operand to be even, but it isn't\n"); - mp_clear(&a); - return 1; - } - - mp_clear(&a); - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_gcd(void) -{ - mp_int a, b; - int out = 0; - - mp_init(&a); mp_init(&b); - mp_read_radix(&a, mp7, 16); mp_read_radix(&b, mp1, 16); - - mp_gcd(&a, &b, &a); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, g_mp71) != 0) { - reason("error: computed %s, expected %s\n", g_intbuf, g_mp71); - out = 1; - } - - mp_clear(&a); mp_clear(&b); - return out; - -} - -/*------------------------------------------------------------------------*/ - -int test_lcm(void) -{ - mp_int a, b; - int out = 0; - - mp_init(&a); mp_init(&b); - mp_read_radix(&a, mp10, 16); mp_read_radix(&b, mp11, 16); - - mp_lcm(&a, &b, &a); - mp_toradix(&a, g_intbuf, 16); - - if(strcmp(g_intbuf, l_mp1011) != 0) { - reason("error: computed %s, expected%s\n", g_intbuf, l_mp1011); - out = 1; - } - - mp_clear(&a); mp_clear(&b); - - return out; - -} - -/*------------------------------------------------------------------------*/ - -int test_convert(void) -{ - int ix; - mp_int a; - - mp_init(&a); mp_read_radix(&a, mp9, 16); - - for(ix = LOW_RADIX; ix <= HIGH_RADIX; ix++) { - mp_toradix(&a, g_intbuf, ix); - - if(strcmp(g_intbuf, v_mp9[ix - LOW_RADIX]) != 0) { - reason("error: radix %d, computed %s, expected %s\n", - ix, g_intbuf, v_mp9[ix - LOW_RADIX]); - mp_clear(&a); - return 1; - } - } - - mp_clear(&a); - return 0; -} - -/*------------------------------------------------------------------------*/ - -int test_raw(void) -{ - int len, out = 0; - mp_int a; - char *buf; - - mp_init(&a); mp_read_radix(&a, mp4, 16); - - len = mp_raw_size(&a); - if(len != sizeof(b_mp4)) { - reason("error: test_raw: expected length %d, computed %d\n", sizeof(b_mp4), - len); - mp_clear(&a); - return 1; - } - - buf = calloc(len, sizeof(char)); - mp_toraw(&a, buf); - - if(memcmp(buf, b_mp4, sizeof(b_mp4)) != 0) { - reason("error: test_raw: binary output does not match test vector\n"); - out = 1; - } - - free(buf); - mp_clear(&a); - - return out; - -} - -/*------------------------------------------------------------------------*/ - -int test_pprime(void) -{ - mp_int p; - int err = 0; - mp_err res; - - mp_init(&p); - mp_read_radix(&p, mp7, 16); - - if(mpp_pprime(&p, 5) != MP_YES) { - reason("error: %s failed Rabin-Miller test, but is prime\n", mp7); - err = 1; - } - - IFOK( mp_set_int(&p, 9) ); - res = mpp_pprime(&p, 50); - if (res == MP_YES) { - reason("error: 9 is composite but passed Rabin-Miller test\n"); - err = 1; - } else if (res != MP_NO) { - reason("test mpp_pprime(9, 50) failed: error %d\n", res); - err = 1; - } - - IFOK( mp_set_int(&p, 15) ); - res = mpp_pprime(&p, 50); - if (res == MP_YES) { - reason("error: 15 is composite but passed Rabin-Miller test\n"); - err = 1; - } else if (res != MP_NO) { - reason("test mpp_pprime(15, 50) failed: error %d\n", res); - err = 1; - } - - mp_clear(&p); - - return err; - -} - -/*------------------------------------------------------------------------*/ - -int test_fermat(void) -{ - mp_int p; - mp_err res; - int err = 0; - - mp_init(&p); - mp_read_radix(&p, mp7, 16); - - if((res = mpp_fermat(&p, 2)) != MP_YES) { - reason("error: %s failed Fermat test on 2: %s\n", mp7, - mp_strerror(res)); - ++err; - } - - if((res = mpp_fermat(&p, 3)) != MP_YES) { - reason("error: %s failed Fermat test on 3: %s\n", mp7, - mp_strerror(res)); - ++err; - } - - mp_clear(&p); - - return err; - -} - -/*------------------------------------------------------------------------*/ -/* Like fprintf(), but only if we are behaving in a verbose manner */ - -void reason(char *fmt, ...) -{ - va_list ap; - - if(!g_verbose) - return; - - va_start(ap, fmt); - vfprintf(stderr, fmt, ap); - va_end(ap); -} - -/*------------------------------------------------------------------------*/ -/* HERE THERE BE DRAGONS */ diff --git a/security/nss/lib/freebl/mpi/mpi.c b/security/nss/lib/freebl/mpi/mpi.c deleted file mode 100644 index bc5cf2cff..000000000 --- a/security/nss/lib/freebl/mpi/mpi.c +++ /dev/null @@ -1,4799 +0,0 @@ -/* - * mpi.c - * - * Arbitrary precision integer arithmetic library - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Netscape Communications Corporation - * Douglas Stebila of Sun Laboratories. - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include "mpi-priv.h" -#if defined(OSF1) -#include -#endif - -#if MP_LOGTAB -/* - A table of the logs of 2 for various bases (the 0 and 1 entries of - this table are meaningless and should not be referenced). - - This table is used to compute output lengths for the mp_toradix() - function. Since a number n in radix r takes up about log_r(n) - digits, we estimate the output size by taking the least integer - greater than log_r(n), where: - - log_r(n) = log_2(n) * log_r(2) - - This table, therefore, is a table of log_r(2) for 2 <= r <= 36, - which are the output bases supported. - */ -#include "logtab.h" -#endif - -/* {{{ Constant strings */ - -/* Constant strings returned by mp_strerror() */ -static const char *mp_err_string[] = { - "unknown result code", /* say what? */ - "boolean true", /* MP_OKAY, MP_YES */ - "boolean false", /* MP_NO */ - "out of memory", /* MP_MEM */ - "argument out of range", /* MP_RANGE */ - "invalid input parameter", /* MP_BADARG */ - "result is undefined" /* MP_UNDEF */ -}; - -/* Value to digit maps for radix conversion */ - -/* s_dmap_1 - standard digits and letters */ -static const char *s_dmap_1 = - "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"; - -/* }}} */ - -unsigned long mp_allocs; -unsigned long mp_frees; -unsigned long mp_copies; - -/* {{{ Default precision manipulation */ - -/* Default precision for newly created mp_int's */ -static mp_size s_mp_defprec = MP_DEFPREC; - -mp_size mp_get_prec(void) -{ - return s_mp_defprec; - -} /* end mp_get_prec() */ - -void mp_set_prec(mp_size prec) -{ - if(prec == 0) - s_mp_defprec = MP_DEFPREC; - else - s_mp_defprec = prec; - -} /* end mp_set_prec() */ - -/* }}} */ - -/*------------------------------------------------------------------------*/ -/* {{{ mp_init(mp) */ - -/* - mp_init(mp) - - Initialize a new zero-valued mp_int. Returns MP_OKAY if successful, - MP_MEM if memory could not be allocated for the structure. - */ - -mp_err mp_init(mp_int *mp) -{ - return mp_init_size(mp, s_mp_defprec); - -} /* end mp_init() */ - -/* }}} */ - -/* {{{ mp_init_size(mp, prec) */ - -/* - mp_init_size(mp, prec) - - Initialize a new zero-valued mp_int with at least the given - precision; returns MP_OKAY if successful, or MP_MEM if memory could - not be allocated for the structure. - */ - -mp_err mp_init_size(mp_int *mp, mp_size prec) -{ - ARGCHK(mp != NULL && prec > 0, MP_BADARG); - - prec = MP_ROUNDUP(prec, s_mp_defprec); - if((DIGITS(mp) = s_mp_alloc(prec, sizeof(mp_digit))) == NULL) - return MP_MEM; - - SIGN(mp) = ZPOS; - USED(mp) = 1; - ALLOC(mp) = prec; - - return MP_OKAY; - -} /* end mp_init_size() */ - -/* }}} */ - -/* {{{ mp_init_copy(mp, from) */ - -/* - mp_init_copy(mp, from) - - Initialize mp as an exact copy of from. Returns MP_OKAY if - successful, MP_MEM if memory could not be allocated for the new - structure. - */ - -mp_err mp_init_copy(mp_int *mp, const mp_int *from) -{ - ARGCHK(mp != NULL && from != NULL, MP_BADARG); - - if(mp == from) - return MP_OKAY; - - if((DIGITS(mp) = s_mp_alloc(ALLOC(from), sizeof(mp_digit))) == NULL) - return MP_MEM; - - s_mp_copy(DIGITS(from), DIGITS(mp), USED(from)); - USED(mp) = USED(from); - ALLOC(mp) = ALLOC(from); - SIGN(mp) = SIGN(from); - - return MP_OKAY; - -} /* end mp_init_copy() */ - -/* }}} */ - -/* {{{ mp_copy(from, to) */ - -/* - mp_copy(from, to) - - Copies the mp_int 'from' to the mp_int 'to'. It is presumed that - 'to' has already been initialized (if not, use mp_init_copy() - instead). If 'from' and 'to' are identical, nothing happens. - */ - -mp_err mp_copy(const mp_int *from, mp_int *to) -{ - ARGCHK(from != NULL && to != NULL, MP_BADARG); - - if(from == to) - return MP_OKAY; - - ++mp_copies; - { /* copy */ - mp_digit *tmp; - - /* - If the allocated buffer in 'to' already has enough space to hold - all the used digits of 'from', we'll re-use it to avoid hitting - the memory allocater more than necessary; otherwise, we'd have - to grow anyway, so we just allocate a hunk and make the copy as - usual - */ - if(ALLOC(to) >= USED(from)) { - s_mp_setz(DIGITS(to) + USED(from), ALLOC(to) - USED(from)); - s_mp_copy(DIGITS(from), DIGITS(to), USED(from)); - - } else { - if((tmp = s_mp_alloc(ALLOC(from), sizeof(mp_digit))) == NULL) - return MP_MEM; - - s_mp_copy(DIGITS(from), tmp, USED(from)); - - if(DIGITS(to) != NULL) { -#if MP_CRYPTO - s_mp_setz(DIGITS(to), ALLOC(to)); -#endif - s_mp_free(DIGITS(to)); - } - - DIGITS(to) = tmp; - ALLOC(to) = ALLOC(from); - } - - /* Copy the precision and sign from the original */ - USED(to) = USED(from); - SIGN(to) = SIGN(from); - } /* end copy */ - - return MP_OKAY; - -} /* end mp_copy() */ - -/* }}} */ - -/* {{{ mp_exch(mp1, mp2) */ - -/* - mp_exch(mp1, mp2) - - Exchange mp1 and mp2 without allocating any intermediate memory - (well, unless you count the stack space needed for this call and the - locals it creates...). This cannot fail. - */ - -void mp_exch(mp_int *mp1, mp_int *mp2) -{ -#if MP_ARGCHK == 2 - assert(mp1 != NULL && mp2 != NULL); -#else - if(mp1 == NULL || mp2 == NULL) - return; -#endif - - s_mp_exch(mp1, mp2); - -} /* end mp_exch() */ - -/* }}} */ - -/* {{{ mp_clear(mp) */ - -/* - mp_clear(mp) - - Release the storage used by an mp_int, and void its fields so that - if someone calls mp_clear() again for the same int later, we won't - get tollchocked. - */ - -void mp_clear(mp_int *mp) -{ - if(mp == NULL) - return; - - if(DIGITS(mp) != NULL) { -#if MP_CRYPTO - s_mp_setz(DIGITS(mp), ALLOC(mp)); -#endif - s_mp_free(DIGITS(mp)); - DIGITS(mp) = NULL; - } - - USED(mp) = 0; - ALLOC(mp) = 0; - -} /* end mp_clear() */ - -/* }}} */ - -/* {{{ mp_zero(mp) */ - -/* - mp_zero(mp) - - Set mp to zero. Does not change the allocated size of the structure, - and therefore cannot fail (except on a bad argument, which we ignore) - */ -void mp_zero(mp_int *mp) -{ - if(mp == NULL) - return; - - s_mp_setz(DIGITS(mp), ALLOC(mp)); - USED(mp) = 1; - SIGN(mp) = ZPOS; - -} /* end mp_zero() */ - -/* }}} */ - -/* {{{ mp_set(mp, d) */ - -void mp_set(mp_int *mp, mp_digit d) -{ - if(mp == NULL) - return; - - mp_zero(mp); - DIGIT(mp, 0) = d; - -} /* end mp_set() */ - -/* }}} */ - -/* {{{ mp_set_int(mp, z) */ - -mp_err mp_set_int(mp_int *mp, long z) -{ - int ix; - unsigned long v = labs(z); - mp_err res; - - ARGCHK(mp != NULL, MP_BADARG); - - mp_zero(mp); - if(z == 0) - return MP_OKAY; /* shortcut for zero */ - - if (sizeof v <= sizeof(mp_digit)) { - DIGIT(mp,0) = v; - } else { - for (ix = sizeof(long) - 1; ix >= 0; ix--) { - if ((res = s_mp_mul_d(mp, (UCHAR_MAX + 1))) != MP_OKAY) - return res; - - res = s_mp_add_d(mp, (mp_digit)((v >> (ix * CHAR_BIT)) & UCHAR_MAX)); - if (res != MP_OKAY) - return res; - } - } - if(z < 0) - SIGN(mp) = NEG; - - return MP_OKAY; - -} /* end mp_set_int() */ - -/* }}} */ - -/* {{{ mp_set_ulong(mp, z) */ - -mp_err mp_set_ulong(mp_int *mp, unsigned long z) -{ - int ix; - mp_err res; - - ARGCHK(mp != NULL, MP_BADARG); - - mp_zero(mp); - if(z == 0) - return MP_OKAY; /* shortcut for zero */ - - if (sizeof z <= sizeof(mp_digit)) { - DIGIT(mp,0) = z; - } else { - for (ix = sizeof(long) - 1; ix >= 0; ix--) { - if ((res = s_mp_mul_d(mp, (UCHAR_MAX + 1))) != MP_OKAY) - return res; - - res = s_mp_add_d(mp, (mp_digit)((z >> (ix * CHAR_BIT)) & UCHAR_MAX)); - if (res != MP_OKAY) - return res; - } - } - return MP_OKAY; -} /* end mp_set_ulong() */ - -/* }}} */ - -/*------------------------------------------------------------------------*/ -/* {{{ Digit arithmetic */ - -/* {{{ mp_add_d(a, d, b) */ - -/* - mp_add_d(a, d, b) - - Compute the sum b = a + d, for a single digit d. Respects the sign of - its primary addend (single digits are unsigned anyway). - */ - -mp_err mp_add_d(const mp_int *a, mp_digit d, mp_int *b) -{ - mp_int tmp; - mp_err res; - - ARGCHK(a != NULL && b != NULL, MP_BADARG); - - if((res = mp_init_copy(&tmp, a)) != MP_OKAY) - return res; - - if(SIGN(&tmp) == ZPOS) { - if((res = s_mp_add_d(&tmp, d)) != MP_OKAY) - goto CLEANUP; - } else if(s_mp_cmp_d(&tmp, d) >= 0) { - if((res = s_mp_sub_d(&tmp, d)) != MP_OKAY) - goto CLEANUP; - } else { - mp_neg(&tmp, &tmp); - - DIGIT(&tmp, 0) = d - DIGIT(&tmp, 0); - } - - if(s_mp_cmp_d(&tmp, 0) == 0) - SIGN(&tmp) = ZPOS; - - s_mp_exch(&tmp, b); - -CLEANUP: - mp_clear(&tmp); - return res; - -} /* end mp_add_d() */ - -/* }}} */ - -/* {{{ mp_sub_d(a, d, b) */ - -/* - mp_sub_d(a, d, b) - - Compute the difference b = a - d, for a single digit d. Respects the - sign of its subtrahend (single digits are unsigned anyway). - */ - -mp_err mp_sub_d(const mp_int *a, mp_digit d, mp_int *b) -{ - mp_int tmp; - mp_err res; - - ARGCHK(a != NULL && b != NULL, MP_BADARG); - - if((res = mp_init_copy(&tmp, a)) != MP_OKAY) - return res; - - if(SIGN(&tmp) == NEG) { - if((res = s_mp_add_d(&tmp, d)) != MP_OKAY) - goto CLEANUP; - } else if(s_mp_cmp_d(&tmp, d) >= 0) { - if((res = s_mp_sub_d(&tmp, d)) != MP_OKAY) - goto CLEANUP; - } else { - mp_neg(&tmp, &tmp); - - DIGIT(&tmp, 0) = d - DIGIT(&tmp, 0); - SIGN(&tmp) = NEG; - } - - if(s_mp_cmp_d(&tmp, 0) == 0) - SIGN(&tmp) = ZPOS; - - s_mp_exch(&tmp, b); - -CLEANUP: - mp_clear(&tmp); - return res; - -} /* end mp_sub_d() */ - -/* }}} */ - -/* {{{ mp_mul_d(a, d, b) */ - -/* - mp_mul_d(a, d, b) - - Compute the product b = a * d, for a single digit d. Respects the sign - of its multiplicand (single digits are unsigned anyway) - */ - -mp_err mp_mul_d(const mp_int *a, mp_digit d, mp_int *b) -{ - mp_err res; - - ARGCHK(a != NULL && b != NULL, MP_BADARG); - - if(d == 0) { - mp_zero(b); - return MP_OKAY; - } - - if((res = mp_copy(a, b)) != MP_OKAY) - return res; - - res = s_mp_mul_d(b, d); - - return res; - -} /* end mp_mul_d() */ - -/* }}} */ - -/* {{{ mp_mul_2(a, c) */ - -mp_err mp_mul_2(const mp_int *a, mp_int *c) -{ - mp_err res; - - ARGCHK(a != NULL && c != NULL, MP_BADARG); - - if((res = mp_copy(a, c)) != MP_OKAY) - return res; - - return s_mp_mul_2(c); - -} /* end mp_mul_2() */ - -/* }}} */ - -/* {{{ mp_div_d(a, d, q, r) */ - -/* - mp_div_d(a, d, q, r) - - Compute the quotient q = a / d and remainder r = a mod d, for a - single digit d. Respects the sign of its divisor (single digits are - unsigned anyway). - */ - -mp_err mp_div_d(const mp_int *a, mp_digit d, mp_int *q, mp_digit *r) -{ - mp_err res; - mp_int qp; - mp_digit rem; - int pow; - - ARGCHK(a != NULL, MP_BADARG); - - if(d == 0) - return MP_RANGE; - - /* Shortcut for powers of two ... */ - if((pow = s_mp_ispow2d(d)) >= 0) { - mp_digit mask; - - mask = ((mp_digit)1 << pow) - 1; - rem = DIGIT(a, 0) & mask; - - if(q) { - mp_copy(a, q); - s_mp_div_2d(q, pow); - } - - if(r) - *r = rem; - - return MP_OKAY; - } - - if((res = mp_init_copy(&qp, a)) != MP_OKAY) - return res; - - res = s_mp_div_d(&qp, d, &rem); - - if(s_mp_cmp_d(&qp, 0) == 0) - SIGN(q) = ZPOS; - - if(r) - *r = rem; - - if(q) - s_mp_exch(&qp, q); - - mp_clear(&qp); - return res; - -} /* end mp_div_d() */ - -/* }}} */ - -/* {{{ mp_div_2(a, c) */ - -/* - mp_div_2(a, c) - - Compute c = a / 2, disregarding the remainder. - */ - -mp_err mp_div_2(const mp_int *a, mp_int *c) -{ - mp_err res; - - ARGCHK(a != NULL && c != NULL, MP_BADARG); - - if((res = mp_copy(a, c)) != MP_OKAY) - return res; - - s_mp_div_2(c); - - return MP_OKAY; - -} /* end mp_div_2() */ - -/* }}} */ - -/* {{{ mp_expt_d(a, d, b) */ - -mp_err mp_expt_d(const mp_int *a, mp_digit d, mp_int *c) -{ - mp_int s, x; - mp_err res; - - ARGCHK(a != NULL && c != NULL, MP_BADARG); - - if((res = mp_init(&s)) != MP_OKAY) - return res; - if((res = mp_init_copy(&x, a)) != MP_OKAY) - goto X; - - DIGIT(&s, 0) = 1; - - while(d != 0) { - if(d & 1) { - if((res = s_mp_mul(&s, &x)) != MP_OKAY) - goto CLEANUP; - } - - d /= 2; - - if((res = s_mp_sqr(&x)) != MP_OKAY) - goto CLEANUP; - } - - s_mp_exch(&s, c); - -CLEANUP: - mp_clear(&x); -X: - mp_clear(&s); - - return res; - -} /* end mp_expt_d() */ - -/* }}} */ - -/* }}} */ - -/*------------------------------------------------------------------------*/ -/* {{{ Full arithmetic */ - -/* {{{ mp_abs(a, b) */ - -/* - mp_abs(a, b) - - Compute b = |a|. 'a' and 'b' may be identical. - */ - -mp_err mp_abs(const mp_int *a, mp_int *b) -{ - mp_err res; - - ARGCHK(a != NULL && b != NULL, MP_BADARG); - - if((res = mp_copy(a, b)) != MP_OKAY) - return res; - - SIGN(b) = ZPOS; - - return MP_OKAY; - -} /* end mp_abs() */ - -/* }}} */ - -/* {{{ mp_neg(a, b) */ - -/* - mp_neg(a, b) - - Compute b = -a. 'a' and 'b' may be identical. - */ - -mp_err mp_neg(const mp_int *a, mp_int *b) -{ - mp_err res; - - ARGCHK(a != NULL && b != NULL, MP_BADARG); - - if((res = mp_copy(a, b)) != MP_OKAY) - return res; - - if(s_mp_cmp_d(b, 0) == MP_EQ) - SIGN(b) = ZPOS; - else - SIGN(b) = (SIGN(b) == NEG) ? ZPOS : NEG; - - return MP_OKAY; - -} /* end mp_neg() */ - -/* }}} */ - -/* {{{ mp_add(a, b, c) */ - -/* - mp_add(a, b, c) - - Compute c = a + b. All parameters may be identical. - */ - -mp_err mp_add(const mp_int *a, const mp_int *b, mp_int *c) -{ - mp_err res; - - ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); - - if(SIGN(a) == SIGN(b)) { /* same sign: add values, keep sign */ - MP_CHECKOK( s_mp_add_3arg(a, b, c) ); - } else if(s_mp_cmp(a, b) >= 0) { /* different sign: |a| >= |b| */ - MP_CHECKOK( s_mp_sub_3arg(a, b, c) ); - } else { /* different sign: |a| < |b| */ - MP_CHECKOK( s_mp_sub_3arg(b, a, c) ); - } - - if (s_mp_cmp_d(c, 0) == MP_EQ) - SIGN(c) = ZPOS; - -CLEANUP: - return res; - -} /* end mp_add() */ - -/* }}} */ - -/* {{{ mp_sub(a, b, c) */ - -/* - mp_sub(a, b, c) - - Compute c = a - b. All parameters may be identical. - */ - -mp_err mp_sub(const mp_int *a, const mp_int *b, mp_int *c) -{ - mp_err res; - int magDiff; - - ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); - - if (a == b) { - mp_zero(c); - return MP_OKAY; - } - - if (MP_SIGN(a) != MP_SIGN(b)) { - MP_CHECKOK( s_mp_add_3arg(a, b, c) ); - } else if (!(magDiff = s_mp_cmp(a, b))) { - mp_zero(c); - res = MP_OKAY; - } else if (magDiff > 0) { - MP_CHECKOK( s_mp_sub_3arg(a, b, c) ); - } else { - MP_CHECKOK( s_mp_sub_3arg(b, a, c) ); - MP_SIGN(c) = !MP_SIGN(a); - } - - if (s_mp_cmp_d(c, 0) == MP_EQ) - MP_SIGN(c) = MP_ZPOS; - -CLEANUP: - return res; - -} /* end mp_sub() */ - -/* }}} */ - -/* {{{ mp_mul(a, b, c) */ - -/* - mp_mul(a, b, c) - - Compute c = a * b. All parameters may be identical. - */ -mp_err mp_mul(const mp_int *a, const mp_int *b, mp_int * c) -{ - mp_digit *pb; - mp_int tmp; - mp_err res; - mp_size ib; - mp_size useda, usedb; - - ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); - - if (a == c) { - if ((res = mp_init_copy(&tmp, a)) != MP_OKAY) - return res; - if (a == b) - b = &tmp; - a = &tmp; - } else if (b == c) { - if ((res = mp_init_copy(&tmp, b)) != MP_OKAY) - return res; - b = &tmp; - } else { - MP_DIGITS(&tmp) = 0; - } - - if (MP_USED(a) < MP_USED(b)) { - const mp_int *xch = b; /* switch a and b, to do fewer outer loops */ - b = a; - a = xch; - } - - MP_USED(c) = 1; MP_DIGIT(c, 0) = 0; - if((res = s_mp_pad(c, USED(a) + USED(b))) != MP_OKAY) - goto CLEANUP; - - pb = MP_DIGITS(b); - s_mpv_mul_d(MP_DIGITS(a), MP_USED(a), *pb++, MP_DIGITS(c)); - - /* Outer loop: Digits of b */ - useda = MP_USED(a); - usedb = MP_USED(b); - for (ib = 1; ib < usedb; ib++) { - mp_digit b_i = *pb++; - - /* Inner product: Digits of a */ - if (b_i) - s_mpv_mul_d_add(MP_DIGITS(a), useda, b_i, MP_DIGITS(c) + ib); - else - MP_DIGIT(c, ib + useda) = b_i; - } - - s_mp_clamp(c); - - if(SIGN(a) == SIGN(b) || s_mp_cmp_d(c, 0) == MP_EQ) - SIGN(c) = ZPOS; - else - SIGN(c) = NEG; - -CLEANUP: - mp_clear(&tmp); - return res; -} /* end mp_mul() */ - -/* }}} */ - -/* {{{ mp_sqr(a, sqr) */ - -#if MP_SQUARE -/* - Computes the square of a. This can be done more - efficiently than a general multiplication, because many of the - computation steps are redundant when squaring. The inner product - step is a bit more complicated, but we save a fair number of - iterations of the multiplication loop. - */ - -/* sqr = a^2; Caller provides both a and tmp; */ -mp_err mp_sqr(const mp_int *a, mp_int *sqr) -{ - mp_digit *pa; - mp_digit d; - mp_err res; - mp_size ix; - mp_int tmp; - int count; - - ARGCHK(a != NULL && sqr != NULL, MP_BADARG); - - if (a == sqr) { - if((res = mp_init_copy(&tmp, a)) != MP_OKAY) - return res; - a = &tmp; - } else { - DIGITS(&tmp) = 0; - res = MP_OKAY; - } - - ix = 2 * MP_USED(a); - if (ix > MP_ALLOC(sqr)) { - MP_USED(sqr) = 1; - MP_CHECKOK( s_mp_grow(sqr, ix) ); - } - MP_USED(sqr) = ix; - MP_DIGIT(sqr, 0) = 0; - - pa = MP_DIGITS(a); - count = MP_USED(a) - 1; - if (count > 0) { - d = *pa++; - s_mpv_mul_d(pa, count, d, MP_DIGITS(sqr) + 1); - for (ix = 3; --count > 0; ix += 2) { - d = *pa++; - s_mpv_mul_d_add(pa, count, d, MP_DIGITS(sqr) + ix); - } /* for(ix ...) */ - MP_DIGIT(sqr, MP_USED(sqr)-1) = 0; /* above loop stopped short of this. */ - - /* now sqr *= 2 */ - s_mp_mul_2(sqr); - } else { - MP_DIGIT(sqr, 1) = 0; - } - - /* now add the squares of the digits of a to sqr. */ - s_mpv_sqr_add_prop(MP_DIGITS(a), MP_USED(a), MP_DIGITS(sqr)); - - SIGN(sqr) = ZPOS; - s_mp_clamp(sqr); - -CLEANUP: - mp_clear(&tmp); - return res; - -} /* end mp_sqr() */ -#endif - -/* }}} */ - -/* {{{ mp_div(a, b, q, r) */ - -/* - mp_div(a, b, q, r) - - Compute q = a / b and r = a mod b. Input parameters may be re-used - as output parameters. If q or r is NULL, that portion of the - computation will be discarded (although it will still be computed) - */ -mp_err mp_div(const mp_int *a, const mp_int *b, mp_int *q, mp_int *r) -{ - mp_err res; - mp_int *pQ, *pR; - mp_int qtmp, rtmp, btmp; - int cmp; - mp_sign signA = MP_SIGN(a); - mp_sign signB = MP_SIGN(b); - - ARGCHK(a != NULL && b != NULL, MP_BADARG); - - if(mp_cmp_z(b) == MP_EQ) - return MP_RANGE; - - DIGITS(&qtmp) = 0; - DIGITS(&rtmp) = 0; - DIGITS(&btmp) = 0; - - /* Set up some temporaries... */ - if (!r || r == a || r == b) { - MP_CHECKOK( mp_init_copy(&rtmp, a) ); - pR = &rtmp; - } else { - MP_CHECKOK( mp_copy(a, r) ); - pR = r; - } - - if (!q || q == a || q == b) { - MP_CHECKOK( mp_init_size(&qtmp, MP_USED(a)) ); - pQ = &qtmp; - } else { - MP_CHECKOK( s_mp_pad(q, MP_USED(a)) ); - pQ = q; - mp_zero(pQ); - } - - /* - If |a| <= |b|, we can compute the solution without division; - otherwise, we actually do the work required. - */ - if ((cmp = s_mp_cmp(a, b)) <= 0) { - if (cmp) { - /* r was set to a above. */ - mp_zero(pQ); - } else { - mp_set(pQ, 1); - mp_zero(pR); - } - } else { - MP_CHECKOK( mp_init_copy(&btmp, b) ); - MP_CHECKOK( s_mp_div(pR, &btmp, pQ) ); - } - - /* Compute the signs for the output */ - MP_SIGN(pR) = signA; /* Sr = Sa */ - /* Sq = ZPOS if Sa == Sb */ /* Sq = NEG if Sa != Sb */ - MP_SIGN(pQ) = (signA == signB) ? ZPOS : NEG; - - if(s_mp_cmp_d(pQ, 0) == MP_EQ) - SIGN(pQ) = ZPOS; - if(s_mp_cmp_d(pR, 0) == MP_EQ) - SIGN(pR) = ZPOS; - - /* Copy output, if it is needed */ - if(q && q != pQ) - s_mp_exch(pQ, q); - - if(r && r != pR) - s_mp_exch(pR, r); - -CLEANUP: - mp_clear(&btmp); - mp_clear(&rtmp); - mp_clear(&qtmp); - - return res; - -} /* end mp_div() */ - -/* }}} */ - -/* {{{ mp_div_2d(a, d, q, r) */ - -mp_err mp_div_2d(const mp_int *a, mp_digit d, mp_int *q, mp_int *r) -{ - mp_err res; - - ARGCHK(a != NULL, MP_BADARG); - - if(q) { - if((res = mp_copy(a, q)) != MP_OKAY) - return res; - } - if(r) { - if((res = mp_copy(a, r)) != MP_OKAY) - return res; - } - if(q) { - s_mp_div_2d(q, d); - } - if(r) { - s_mp_mod_2d(r, d); - } - - return MP_OKAY; - -} /* end mp_div_2d() */ - -/* }}} */ - -/* {{{ mp_expt(a, b, c) */ - -/* - mp_expt(a, b, c) - - Compute c = a ** b, that is, raise a to the b power. Uses a - standard iterative square-and-multiply technique. - */ - -mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c) -{ - mp_int s, x; - mp_err res; - mp_digit d; - int dig, bit; - - ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); - - if(mp_cmp_z(b) < 0) - return MP_RANGE; - - if((res = mp_init(&s)) != MP_OKAY) - return res; - - mp_set(&s, 1); - - if((res = mp_init_copy(&x, a)) != MP_OKAY) - goto X; - - /* Loop over low-order digits in ascending order */ - for(dig = 0; dig < (USED(b) - 1); dig++) { - d = DIGIT(b, dig); - - /* Loop over bits of each non-maximal digit */ - for(bit = 0; bit < DIGIT_BIT; bit++) { - if(d & 1) { - if((res = s_mp_mul(&s, &x)) != MP_OKAY) - goto CLEANUP; - } - - d >>= 1; - - if((res = s_mp_sqr(&x)) != MP_OKAY) - goto CLEANUP; - } - } - - /* Consider now the last digit... */ - d = DIGIT(b, dig); - - while(d) { - if(d & 1) { - if((res = s_mp_mul(&s, &x)) != MP_OKAY) - goto CLEANUP; - } - - d >>= 1; - - if((res = s_mp_sqr(&x)) != MP_OKAY) - goto CLEANUP; - } - - if(mp_iseven(b)) - SIGN(&s) = SIGN(a); - - res = mp_copy(&s, c); - -CLEANUP: - mp_clear(&x); -X: - mp_clear(&s); - - return res; - -} /* end mp_expt() */ - -/* }}} */ - -/* {{{ mp_2expt(a, k) */ - -/* Compute a = 2^k */ - -mp_err mp_2expt(mp_int *a, mp_digit k) -{ - ARGCHK(a != NULL, MP_BADARG); - - return s_mp_2expt(a, k); - -} /* end mp_2expt() */ - -/* }}} */ - -/* {{{ mp_mod(a, m, c) */ - -/* - mp_mod(a, m, c) - - Compute c = a (mod m). Result will always be 0 <= c < m. - */ - -mp_err mp_mod(const mp_int *a, const mp_int *m, mp_int *c) -{ - mp_err res; - int mag; - - ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG); - - if(SIGN(m) == NEG) - return MP_RANGE; - - /* - If |a| > m, we need to divide to get the remainder and take the - absolute value. - - If |a| < m, we don't need to do any division, just copy and adjust - the sign (if a is negative). - - If |a| == m, we can simply set the result to zero. - - This order is intended to minimize the average path length of the - comparison chain on common workloads -- the most frequent cases are - that |a| != m, so we do those first. - */ - if((mag = s_mp_cmp(a, m)) > 0) { - if((res = mp_div(a, m, NULL, c)) != MP_OKAY) - return res; - - if(SIGN(c) == NEG) { - if((res = mp_add(c, m, c)) != MP_OKAY) - return res; - } - - } else if(mag < 0) { - if((res = mp_copy(a, c)) != MP_OKAY) - return res; - - if(mp_cmp_z(a) < 0) { - if((res = mp_add(c, m, c)) != MP_OKAY) - return res; - - } - - } else { - mp_zero(c); - - } - - return MP_OKAY; - -} /* end mp_mod() */ - -/* }}} */ - -/* {{{ mp_mod_d(a, d, c) */ - -/* - mp_mod_d(a, d, c) - - Compute c = a (mod d). Result will always be 0 <= c < d - */ -mp_err mp_mod_d(const mp_int *a, mp_digit d, mp_digit *c) -{ - mp_err res; - mp_digit rem; - - ARGCHK(a != NULL && c != NULL, MP_BADARG); - - if(s_mp_cmp_d(a, d) > 0) { - if((res = mp_div_d(a, d, NULL, &rem)) != MP_OKAY) - return res; - - } else { - if(SIGN(a) == NEG) - rem = d - DIGIT(a, 0); - else - rem = DIGIT(a, 0); - } - - if(c) - *c = rem; - - return MP_OKAY; - -} /* end mp_mod_d() */ - -/* }}} */ - -/* {{{ mp_sqrt(a, b) */ - -/* - mp_sqrt(a, b) - - Compute the integer square root of a, and store the result in b. - Uses an integer-arithmetic version of Newton's iterative linear - approximation technique to determine this value; the result has the - following two properties: - - b^2 <= a - (b+1)^2 >= a - - It is a range error to pass a negative value. - */ -mp_err mp_sqrt(const mp_int *a, mp_int *b) -{ - mp_int x, t; - mp_err res; - mp_size used; - - ARGCHK(a != NULL && b != NULL, MP_BADARG); - - /* Cannot take square root of a negative value */ - if(SIGN(a) == NEG) - return MP_RANGE; - - /* Special cases for zero and one, trivial */ - if(mp_cmp_d(a, 1) <= 0) - return mp_copy(a, b); - - /* Initialize the temporaries we'll use below */ - if((res = mp_init_size(&t, USED(a))) != MP_OKAY) - return res; - - /* Compute an initial guess for the iteration as a itself */ - if((res = mp_init_copy(&x, a)) != MP_OKAY) - goto X; - - used = MP_USED(&x); - if (used > 1) { - s_mp_rshd(&x, used / 2); - } - - for(;;) { - /* t = (x * x) - a */ - mp_copy(&x, &t); /* can't fail, t is big enough for original x */ - if((res = mp_sqr(&t, &t)) != MP_OKAY || - (res = mp_sub(&t, a, &t)) != MP_OKAY) - goto CLEANUP; - - /* t = t / 2x */ - s_mp_mul_2(&x); - if((res = mp_div(&t, &x, &t, NULL)) != MP_OKAY) - goto CLEANUP; - s_mp_div_2(&x); - - /* Terminate the loop, if the quotient is zero */ - if(mp_cmp_z(&t) == MP_EQ) - break; - - /* x = x - t */ - if((res = mp_sub(&x, &t, &x)) != MP_OKAY) - goto CLEANUP; - - } - - /* Copy result to output parameter */ - mp_sub_d(&x, 1, &x); - s_mp_exch(&x, b); - - CLEANUP: - mp_clear(&x); - X: - mp_clear(&t); - - return res; - -} /* end mp_sqrt() */ - -/* }}} */ - -/* }}} */ - -/*------------------------------------------------------------------------*/ -/* {{{ Modular arithmetic */ - -#if MP_MODARITH -/* {{{ mp_addmod(a, b, m, c) */ - -/* - mp_addmod(a, b, m, c) - - Compute c = (a + b) mod m - */ - -mp_err mp_addmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c) -{ - mp_err res; - - ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG); - - if((res = mp_add(a, b, c)) != MP_OKAY) - return res; - if((res = mp_mod(c, m, c)) != MP_OKAY) - return res; - - return MP_OKAY; - -} - -/* }}} */ - -/* {{{ mp_submod(a, b, m, c) */ - -/* - mp_submod(a, b, m, c) - - Compute c = (a - b) mod m - */ - -mp_err mp_submod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c) -{ - mp_err res; - - ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG); - - if((res = mp_sub(a, b, c)) != MP_OKAY) - return res; - if((res = mp_mod(c, m, c)) != MP_OKAY) - return res; - - return MP_OKAY; - -} - -/* }}} */ - -/* {{{ mp_mulmod(a, b, m, c) */ - -/* - mp_mulmod(a, b, m, c) - - Compute c = (a * b) mod m - */ - -mp_err mp_mulmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c) -{ - mp_err res; - - ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG); - - if((res = mp_mul(a, b, c)) != MP_OKAY) - return res; - if((res = mp_mod(c, m, c)) != MP_OKAY) - return res; - - return MP_OKAY; - -} - -/* }}} */ - -/* {{{ mp_sqrmod(a, m, c) */ - -#if MP_SQUARE -mp_err mp_sqrmod(const mp_int *a, const mp_int *m, mp_int *c) -{ - mp_err res; - - ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG); - - if((res = mp_sqr(a, c)) != MP_OKAY) - return res; - if((res = mp_mod(c, m, c)) != MP_OKAY) - return res; - - return MP_OKAY; - -} /* end mp_sqrmod() */ -#endif - -/* }}} */ - -/* {{{ s_mp_exptmod(a, b, m, c) */ - -/* - s_mp_exptmod(a, b, m, c) - - Compute c = (a ** b) mod m. Uses a standard square-and-multiply - method with modular reductions at each step. (This is basically the - same code as mp_expt(), except for the addition of the reductions) - - The modular reductions are done using Barrett's algorithm (see - s_mp_reduce() below for details) - */ - -mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c) -{ - mp_int s, x, mu; - mp_err res; - mp_digit d; - int dig, bit; - - ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); - - if(mp_cmp_z(b) < 0 || mp_cmp_z(m) <= 0) - return MP_RANGE; - - if((res = mp_init(&s)) != MP_OKAY) - return res; - if((res = mp_init_copy(&x, a)) != MP_OKAY || - (res = mp_mod(&x, m, &x)) != MP_OKAY) - goto X; - if((res = mp_init(&mu)) != MP_OKAY) - goto MU; - - mp_set(&s, 1); - - /* mu = b^2k / m */ - s_mp_add_d(&mu, 1); - s_mp_lshd(&mu, 2 * USED(m)); - if((res = mp_div(&mu, m, &mu, NULL)) != MP_OKAY) - goto CLEANUP; - - /* Loop over digits of b in ascending order, except highest order */ - for(dig = 0; dig < (USED(b) - 1); dig++) { - d = DIGIT(b, dig); - - /* Loop over the bits of the lower-order digits */ - for(bit = 0; bit < DIGIT_BIT; bit++) { - if(d & 1) { - if((res = s_mp_mul(&s, &x)) != MP_OKAY) - goto CLEANUP; - if((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY) - goto CLEANUP; - } - - d >>= 1; - - if((res = s_mp_sqr(&x)) != MP_OKAY) - goto CLEANUP; - if((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY) - goto CLEANUP; - } - } - - /* Now do the last digit... */ - d = DIGIT(b, dig); - - while(d) { - if(d & 1) { - if((res = s_mp_mul(&s, &x)) != MP_OKAY) - goto CLEANUP; - if((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY) - goto CLEANUP; - } - - d >>= 1; - - if((res = s_mp_sqr(&x)) != MP_OKAY) - goto CLEANUP; - if((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY) - goto CLEANUP; - } - - s_mp_exch(&s, c); - - CLEANUP: - mp_clear(&mu); - MU: - mp_clear(&x); - X: - mp_clear(&s); - - return res; - -} /* end s_mp_exptmod() */ - -/* }}} */ - -/* {{{ mp_exptmod_d(a, d, m, c) */ - -mp_err mp_exptmod_d(const mp_int *a, mp_digit d, const mp_int *m, mp_int *c) -{ - mp_int s, x; - mp_err res; - - ARGCHK(a != NULL && c != NULL, MP_BADARG); - - if((res = mp_init(&s)) != MP_OKAY) - return res; - if((res = mp_init_copy(&x, a)) != MP_OKAY) - goto X; - - mp_set(&s, 1); - - while(d != 0) { - if(d & 1) { - if((res = s_mp_mul(&s, &x)) != MP_OKAY || - (res = mp_mod(&s, m, &s)) != MP_OKAY) - goto CLEANUP; - } - - d /= 2; - - if((res = s_mp_sqr(&x)) != MP_OKAY || - (res = mp_mod(&x, m, &x)) != MP_OKAY) - goto CLEANUP; - } - - s_mp_exch(&s, c); - -CLEANUP: - mp_clear(&x); -X: - mp_clear(&s); - - return res; - -} /* end mp_exptmod_d() */ - -/* }}} */ -#endif /* if MP_MODARITH */ - -/* }}} */ - -/*------------------------------------------------------------------------*/ -/* {{{ Comparison functions */ - -/* {{{ mp_cmp_z(a) */ - -/* - mp_cmp_z(a) - - Compare a <=> 0. Returns <0 if a<0, 0 if a=0, >0 if a>0. - */ - -int mp_cmp_z(const mp_int *a) -{ - if(SIGN(a) == NEG) - return MP_LT; - else if(USED(a) == 1 && DIGIT(a, 0) == 0) - return MP_EQ; - else - return MP_GT; - -} /* end mp_cmp_z() */ - -/* }}} */ - -/* {{{ mp_cmp_d(a, d) */ - -/* - mp_cmp_d(a, d) - - Compare a <=> d. Returns <0 if a0 if a>d - */ - -int mp_cmp_d(const mp_int *a, mp_digit d) -{ - ARGCHK(a != NULL, MP_EQ); - - if(SIGN(a) == NEG) - return MP_LT; - - return s_mp_cmp_d(a, d); - -} /* end mp_cmp_d() */ - -/* }}} */ - -/* {{{ mp_cmp(a, b) */ - -int mp_cmp(const mp_int *a, const mp_int *b) -{ - ARGCHK(a != NULL && b != NULL, MP_EQ); - - if(SIGN(a) == SIGN(b)) { - int mag; - - if((mag = s_mp_cmp(a, b)) == MP_EQ) - return MP_EQ; - - if(SIGN(a) == ZPOS) - return mag; - else - return -mag; - - } else if(SIGN(a) == ZPOS) { - return MP_GT; - } else { - return MP_LT; - } - -} /* end mp_cmp() */ - -/* }}} */ - -/* {{{ mp_cmp_mag(a, b) */ - -/* - mp_cmp_mag(a, b) - - Compares |a| <=> |b|, and returns an appropriate comparison result - */ - -int mp_cmp_mag(mp_int *a, mp_int *b) -{ - ARGCHK(a != NULL && b != NULL, MP_EQ); - - return s_mp_cmp(a, b); - -} /* end mp_cmp_mag() */ - -/* }}} */ - -/* {{{ mp_cmp_int(a, z) */ - -/* - This just converts z to an mp_int, and uses the existing comparison - routines. This is sort of inefficient, but it's not clear to me how - frequently this wil get used anyway. For small positive constants, - you can always use mp_cmp_d(), and for zero, there is mp_cmp_z(). - */ -int mp_cmp_int(const mp_int *a, long z) -{ - mp_int tmp; - int out; - - ARGCHK(a != NULL, MP_EQ); - - mp_init(&tmp); mp_set_int(&tmp, z); - out = mp_cmp(a, &tmp); - mp_clear(&tmp); - - return out; - -} /* end mp_cmp_int() */ - -/* }}} */ - -/* {{{ mp_isodd(a) */ - -/* - mp_isodd(a) - - Returns a true (non-zero) value if a is odd, false (zero) otherwise. - */ -int mp_isodd(const mp_int *a) -{ - ARGCHK(a != NULL, 0); - - return (int)(DIGIT(a, 0) & 1); - -} /* end mp_isodd() */ - -/* }}} */ - -/* {{{ mp_iseven(a) */ - -int mp_iseven(const mp_int *a) -{ - return !mp_isodd(a); - -} /* end mp_iseven() */ - -/* }}} */ - -/* }}} */ - -/*------------------------------------------------------------------------*/ -/* {{{ Number theoretic functions */ - -#if MP_NUMTH -/* {{{ mp_gcd(a, b, c) */ - -/* - Like the old mp_gcd() function, except computes the GCD using the - binary algorithm due to Josef Stein in 1961 (via Knuth). - */ -mp_err mp_gcd(mp_int *a, mp_int *b, mp_int *c) -{ - mp_err res; - mp_int u, v, t; - mp_size k = 0; - - ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); - - if(mp_cmp_z(a) == MP_EQ && mp_cmp_z(b) == MP_EQ) - return MP_RANGE; - if(mp_cmp_z(a) == MP_EQ) { - return mp_copy(b, c); - } else if(mp_cmp_z(b) == MP_EQ) { - return mp_copy(a, c); - } - - if((res = mp_init(&t)) != MP_OKAY) - return res; - if((res = mp_init_copy(&u, a)) != MP_OKAY) - goto U; - if((res = mp_init_copy(&v, b)) != MP_OKAY) - goto V; - - SIGN(&u) = ZPOS; - SIGN(&v) = ZPOS; - - /* Divide out common factors of 2 until at least 1 of a, b is even */ - while(mp_iseven(&u) && mp_iseven(&v)) { - s_mp_div_2(&u); - s_mp_div_2(&v); - ++k; - } - - /* Initialize t */ - if(mp_isodd(&u)) { - if((res = mp_copy(&v, &t)) != MP_OKAY) - goto CLEANUP; - - /* t = -v */ - if(SIGN(&v) == ZPOS) - SIGN(&t) = NEG; - else - SIGN(&t) = ZPOS; - - } else { - if((res = mp_copy(&u, &t)) != MP_OKAY) - goto CLEANUP; - - } - - for(;;) { - while(mp_iseven(&t)) { - s_mp_div_2(&t); - } - - if(mp_cmp_z(&t) == MP_GT) { - if((res = mp_copy(&t, &u)) != MP_OKAY) - goto CLEANUP; - - } else { - if((res = mp_copy(&t, &v)) != MP_OKAY) - goto CLEANUP; - - /* v = -t */ - if(SIGN(&t) == ZPOS) - SIGN(&v) = NEG; - else - SIGN(&v) = ZPOS; - } - - if((res = mp_sub(&u, &v, &t)) != MP_OKAY) - goto CLEANUP; - - if(s_mp_cmp_d(&t, 0) == MP_EQ) - break; - } - - s_mp_2expt(&v, k); /* v = 2^k */ - res = mp_mul(&u, &v, c); /* c = u * v */ - - CLEANUP: - mp_clear(&v); - V: - mp_clear(&u); - U: - mp_clear(&t); - - return res; - -} /* end mp_gcd() */ - -/* }}} */ - -/* {{{ mp_lcm(a, b, c) */ - -/* We compute the least common multiple using the rule: - - ab = [a, b](a, b) - - ... by computing the product, and dividing out the gcd. - */ - -mp_err mp_lcm(mp_int *a, mp_int *b, mp_int *c) -{ - mp_int gcd, prod; - mp_err res; - - ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); - - /* Set up temporaries */ - if((res = mp_init(&gcd)) != MP_OKAY) - return res; - if((res = mp_init(&prod)) != MP_OKAY) - goto GCD; - - if((res = mp_mul(a, b, &prod)) != MP_OKAY) - goto CLEANUP; - if((res = mp_gcd(a, b, &gcd)) != MP_OKAY) - goto CLEANUP; - - res = mp_div(&prod, &gcd, c, NULL); - - CLEANUP: - mp_clear(&prod); - GCD: - mp_clear(&gcd); - - return res; - -} /* end mp_lcm() */ - -/* }}} */ - -/* {{{ mp_xgcd(a, b, g, x, y) */ - -/* - mp_xgcd(a, b, g, x, y) - - Compute g = (a, b) and values x and y satisfying Bezout's identity - (that is, ax + by = g). This uses the binary extended GCD algorithm - based on the Stein algorithm used for mp_gcd() - See algorithm 14.61 in Handbook of Applied Cryptogrpahy. - */ - -mp_err mp_xgcd(const mp_int *a, const mp_int *b, mp_int *g, mp_int *x, mp_int *y) -{ - mp_int gx, xc, yc, u, v, A, B, C, D; - mp_int *clean[9]; - mp_err res; - int last = -1; - - if(mp_cmp_z(b) == 0) - return MP_RANGE; - - /* Initialize all these variables we need */ - MP_CHECKOK( mp_init(&u) ); - clean[++last] = &u; - MP_CHECKOK( mp_init(&v) ); - clean[++last] = &v; - MP_CHECKOK( mp_init(&gx) ); - clean[++last] = &gx; - MP_CHECKOK( mp_init(&A) ); - clean[++last] = &A; - MP_CHECKOK( mp_init(&B) ); - clean[++last] = &B; - MP_CHECKOK( mp_init(&C) ); - clean[++last] = &C; - MP_CHECKOK( mp_init(&D) ); - clean[++last] = &D; - MP_CHECKOK( mp_init_copy(&xc, a) ); - clean[++last] = &xc; - mp_abs(&xc, &xc); - MP_CHECKOK( mp_init_copy(&yc, b) ); - clean[++last] = &yc; - mp_abs(&yc, &yc); - - mp_set(&gx, 1); - - /* Divide by two until at least one of them is odd */ - while(mp_iseven(&xc) && mp_iseven(&yc)) { - mp_size nx = mp_trailing_zeros(&xc); - mp_size ny = mp_trailing_zeros(&yc); - mp_size n = MP_MIN(nx, ny); - s_mp_div_2d(&xc,n); - s_mp_div_2d(&yc,n); - MP_CHECKOK( s_mp_mul_2d(&gx,n) ); - } - - mp_copy(&xc, &u); - mp_copy(&yc, &v); - mp_set(&A, 1); mp_set(&D, 1); - - /* Loop through binary GCD algorithm */ - do { - while(mp_iseven(&u)) { - s_mp_div_2(&u); - - if(mp_iseven(&A) && mp_iseven(&B)) { - s_mp_div_2(&A); s_mp_div_2(&B); - } else { - MP_CHECKOK( mp_add(&A, &yc, &A) ); - s_mp_div_2(&A); - MP_CHECKOK( mp_sub(&B, &xc, &B) ); - s_mp_div_2(&B); - } - } - - while(mp_iseven(&v)) { - s_mp_div_2(&v); - - if(mp_iseven(&C) && mp_iseven(&D)) { - s_mp_div_2(&C); s_mp_div_2(&D); - } else { - MP_CHECKOK( mp_add(&C, &yc, &C) ); - s_mp_div_2(&C); - MP_CHECKOK( mp_sub(&D, &xc, &D) ); - s_mp_div_2(&D); - } - } - - if(mp_cmp(&u, &v) >= 0) { - MP_CHECKOK( mp_sub(&u, &v, &u) ); - MP_CHECKOK( mp_sub(&A, &C, &A) ); - MP_CHECKOK( mp_sub(&B, &D, &B) ); - } else { - MP_CHECKOK( mp_sub(&v, &u, &v) ); - MP_CHECKOK( mp_sub(&C, &A, &C) ); - MP_CHECKOK( mp_sub(&D, &B, &D) ); - } - } while (mp_cmp_z(&u) != 0); - - /* copy results to output */ - if(x) - MP_CHECKOK( mp_copy(&C, x) ); - - if(y) - MP_CHECKOK( mp_copy(&D, y) ); - - if(g) - MP_CHECKOK( mp_mul(&gx, &v, g) ); - - CLEANUP: - while(last >= 0) - mp_clear(clean[last--]); - - return res; - -} /* end mp_xgcd() */ - -/* }}} */ - -mp_size mp_trailing_zeros(const mp_int *mp) -{ - mp_digit d; - mp_size n = 0; - int ix; - - if (!mp || !MP_DIGITS(mp) || !mp_cmp_z(mp)) - return n; - - for (ix = 0; !(d = MP_DIGIT(mp,ix)) && (ix < MP_USED(mp)); ++ix) - n += MP_DIGIT_BIT; - if (!d) - return 0; /* shouldn't happen, but ... */ -#if !defined(MP_USE_UINT_DIGIT) - if (!(d & 0xffffffffU)) { - d >>= 32; - n += 32; - } -#endif - if (!(d & 0xffffU)) { - d >>= 16; - n += 16; - } - if (!(d & 0xffU)) { - d >>= 8; - n += 8; - } - if (!(d & 0xfU)) { - d >>= 4; - n += 4; - } - if (!(d & 0x3U)) { - d >>= 2; - n += 2; - } - if (!(d & 0x1U)) { - d >>= 1; - n += 1; - } -#if MP_ARGCHK == 2 - assert(0 != (d & 1)); -#endif - return n; -} - -/* Given a and prime p, computes c and k such that a*c == 2**k (mod p). -** Returns k (positive) or error (negative). -** This technique from the paper "Fast Modular Reciprocals" (unpublished) -** by Richard Schroeppel (a.k.a. Captain Nemo). -*/ -mp_err s_mp_almost_inverse(const mp_int *a, const mp_int *p, mp_int *c) -{ - mp_err res; - mp_err k = 0; - mp_int d, f, g; - - ARGCHK(a && p && c, MP_BADARG); - - MP_DIGITS(&d) = 0; - MP_DIGITS(&f) = 0; - MP_DIGITS(&g) = 0; - MP_CHECKOK( mp_init(&d) ); - MP_CHECKOK( mp_init_copy(&f, a) ); /* f = a */ - MP_CHECKOK( mp_init_copy(&g, p) ); /* g = p */ - - mp_set(c, 1); - mp_zero(&d); - - if (mp_cmp_z(&f) == 0) { - res = MP_UNDEF; - } else - for (;;) { - int diff_sign; - while (mp_iseven(&f)) { - mp_size n = mp_trailing_zeros(&f); - if (!n) { - res = MP_UNDEF; - goto CLEANUP; - } - s_mp_div_2d(&f, n); - MP_CHECKOK( s_mp_mul_2d(&d, n) ); - k += n; - } - if (mp_cmp_d(&f, 1) == MP_EQ) { /* f == 1 */ - res = k; - break; - } - diff_sign = mp_cmp(&f, &g); - if (diff_sign < 0) { /* f < g */ - s_mp_exch(&f, &g); - s_mp_exch(c, &d); - } else if (diff_sign == 0) { /* f == g */ - res = MP_UNDEF; /* a and p are not relatively prime */ - break; - } - if ((MP_DIGIT(&f,0) % 4) == (MP_DIGIT(&g,0) % 4)) { - MP_CHECKOK( mp_sub(&f, &g, &f) ); /* f = f - g */ - MP_CHECKOK( mp_sub(c, &d, c) ); /* c = c - d */ - } else { - MP_CHECKOK( mp_add(&f, &g, &f) ); /* f = f + g */ - MP_CHECKOK( mp_add(c, &d, c) ); /* c = c + d */ - } - } - if (res >= 0) { - while (MP_SIGN(c) != MP_ZPOS) { - MP_CHECKOK( mp_add(c, p, c) ); - } - res = k; - } - -CLEANUP: - mp_clear(&d); - mp_clear(&f); - mp_clear(&g); - return res; -} - -/* Compute T = (P ** -1) mod MP_RADIX. Also works for 16-bit mp_digits. -** This technique from the paper "Fast Modular Reciprocals" (unpublished) -** by Richard Schroeppel (a.k.a. Captain Nemo). -*/ -mp_digit s_mp_invmod_radix(mp_digit P) -{ - mp_digit T = P; - T *= 2 - (P * T); - T *= 2 - (P * T); - T *= 2 - (P * T); - T *= 2 - (P * T); -#if !defined(MP_USE_UINT_DIGIT) - T *= 2 - (P * T); - T *= 2 - (P * T); -#endif - return T; -} - -/* Given c, k, and prime p, where a*c == 2**k (mod p), -** Compute x = (a ** -1) mod p. This is similar to Montgomery reduction. -** This technique from the paper "Fast Modular Reciprocals" (unpublished) -** by Richard Schroeppel (a.k.a. Captain Nemo). -*/ -mp_err s_mp_fixup_reciprocal(const mp_int *c, const mp_int *p, int k, mp_int *x) -{ - int k_orig = k; - mp_digit r; - mp_size ix; - mp_err res; - - if (mp_cmp_z(c) < 0) { /* c < 0 */ - MP_CHECKOK( mp_add(c, p, x) ); /* x = c + p */ - } else { - MP_CHECKOK( mp_copy(c, x) ); /* x = c */ - } - - /* make sure x is large enough */ - ix = MP_HOWMANY(k, MP_DIGIT_BIT) + MP_USED(p) + 1; - ix = MP_MAX(ix, MP_USED(x)); - MP_CHECKOK( s_mp_pad(x, ix) ); - - r = 0 - s_mp_invmod_radix(MP_DIGIT(p,0)); - - for (ix = 0; k > 0; ix++) { - int j = MP_MIN(k, MP_DIGIT_BIT); - mp_digit v = r * MP_DIGIT(x, ix); - if (j < MP_DIGIT_BIT) { - v &= ((mp_digit)1 << j) - 1; /* v = v mod (2 ** j) */ - } - s_mp_mul_d_add_offset(p, v, x, ix); /* x += p * v * (RADIX ** ix) */ - k -= j; - } - s_mp_clamp(x); - s_mp_div_2d(x, k_orig); - res = MP_OKAY; - -CLEANUP: - return res; -} - -/* compute mod inverse using Schroeppel's method, only if m is odd */ -mp_err s_mp_invmod_odd_m(const mp_int *a, const mp_int *m, mp_int *c) -{ - int k; - mp_err res; - mp_int x; - - ARGCHK(a && m && c, MP_BADARG); - - if(mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0) - return MP_RANGE; - if (mp_iseven(m)) - return MP_UNDEF; - - MP_DIGITS(&x) = 0; - - if (a == c) { - if ((res = mp_init_copy(&x, a)) != MP_OKAY) - return res; - if (a == m) - m = &x; - a = &x; - } else if (m == c) { - if ((res = mp_init_copy(&x, m)) != MP_OKAY) - return res; - m = &x; - } else { - MP_DIGITS(&x) = 0; - } - - MP_CHECKOK( s_mp_almost_inverse(a, m, c) ); - k = res; - MP_CHECKOK( s_mp_fixup_reciprocal(c, m, k, c) ); -CLEANUP: - mp_clear(&x); - return res; -} - -/* Known good algorithm for computing modular inverse. But slow. */ -mp_err mp_invmod_xgcd(const mp_int *a, const mp_int *m, mp_int *c) -{ - mp_int g, x; - mp_err res; - - ARGCHK(a && m && c, MP_BADARG); - - if(mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0) - return MP_RANGE; - - MP_DIGITS(&g) = 0; - MP_DIGITS(&x) = 0; - MP_CHECKOK( mp_init(&x) ); - MP_CHECKOK( mp_init(&g) ); - - MP_CHECKOK( mp_xgcd(a, m, &g, &x, NULL) ); - - if (mp_cmp_d(&g, 1) != MP_EQ) { - res = MP_UNDEF; - goto CLEANUP; - } - - res = mp_mod(&x, m, c); - SIGN(c) = SIGN(a); - -CLEANUP: - mp_clear(&x); - mp_clear(&g); - - return res; -} - -/* modular inverse where modulus is 2**k. */ -/* c = a**-1 mod 2**k */ -mp_err s_mp_invmod_2d(const mp_int *a, mp_size k, mp_int *c) -{ - mp_err res; - mp_size ix = k + 4; - mp_int t0, t1, val, tmp, two2k; - - static const mp_digit d2 = 2; - static const mp_int two = { MP_ZPOS, 1, 1, (mp_digit *)&d2 }; - - if (mp_iseven(a)) - return MP_UNDEF; - if (k <= MP_DIGIT_BIT) { - mp_digit i = s_mp_invmod_radix(MP_DIGIT(a,0)); - if (k < MP_DIGIT_BIT) - i &= ((mp_digit)1 << k) - (mp_digit)1; - mp_set(c, i); - return MP_OKAY; - } - MP_DIGITS(&t0) = 0; - MP_DIGITS(&t1) = 0; - MP_DIGITS(&val) = 0; - MP_DIGITS(&tmp) = 0; - MP_DIGITS(&two2k) = 0; - MP_CHECKOK( mp_init_copy(&val, a) ); - s_mp_mod_2d(&val, k); - MP_CHECKOK( mp_init_copy(&t0, &val) ); - MP_CHECKOK( mp_init_copy(&t1, &t0) ); - MP_CHECKOK( mp_init(&tmp) ); - MP_CHECKOK( mp_init(&two2k) ); - MP_CHECKOK( s_mp_2expt(&two2k, k) ); - do { - MP_CHECKOK( mp_mul(&val, &t1, &tmp) ); - MP_CHECKOK( mp_sub(&two, &tmp, &tmp) ); - MP_CHECKOK( mp_mul(&t1, &tmp, &t1) ); - s_mp_mod_2d(&t1, k); - while (MP_SIGN(&t1) != MP_ZPOS) { - MP_CHECKOK( mp_add(&t1, &two2k, &t1) ); - } - if (mp_cmp(&t1, &t0) == MP_EQ) - break; - MP_CHECKOK( mp_copy(&t1, &t0) ); - } while (--ix > 0); - if (!ix) { - res = MP_UNDEF; - } else { - mp_exch(c, &t1); - } - -CLEANUP: - mp_clear(&t0); - mp_clear(&t1); - mp_clear(&val); - mp_clear(&tmp); - mp_clear(&two2k); - return res; -} - -mp_err s_mp_invmod_even_m(const mp_int *a, const mp_int *m, mp_int *c) -{ - mp_err res; - mp_size k; - mp_int oddFactor, evenFactor; /* factors of the modulus */ - mp_int oddPart, evenPart; /* parts to combine via CRT. */ - mp_int C2, tmp1, tmp2; - - /*static const mp_digit d1 = 1; */ - /*static const mp_int one = { MP_ZPOS, 1, 1, (mp_digit *)&d1 }; */ - - if ((res = s_mp_ispow2(m)) >= 0) { - k = res; - return s_mp_invmod_2d(a, k, c); - } - MP_DIGITS(&oddFactor) = 0; - MP_DIGITS(&evenFactor) = 0; - MP_DIGITS(&oddPart) = 0; - MP_DIGITS(&evenPart) = 0; - MP_DIGITS(&C2) = 0; - MP_DIGITS(&tmp1) = 0; - MP_DIGITS(&tmp2) = 0; - - MP_CHECKOK( mp_init_copy(&oddFactor, m) ); /* oddFactor = m */ - MP_CHECKOK( mp_init(&evenFactor) ); - MP_CHECKOK( mp_init(&oddPart) ); - MP_CHECKOK( mp_init(&evenPart) ); - MP_CHECKOK( mp_init(&C2) ); - MP_CHECKOK( mp_init(&tmp1) ); - MP_CHECKOK( mp_init(&tmp2) ); - - k = mp_trailing_zeros(m); - s_mp_div_2d(&oddFactor, k); - MP_CHECKOK( s_mp_2expt(&evenFactor, k) ); - - /* compute a**-1 mod oddFactor. */ - MP_CHECKOK( s_mp_invmod_odd_m(a, &oddFactor, &oddPart) ); - /* compute a**-1 mod evenFactor, where evenFactor == 2**k. */ - MP_CHECKOK( s_mp_invmod_2d( a, k, &evenPart) ); - - /* Use Chinese Remainer theorem to compute a**-1 mod m. */ - /* let m1 = oddFactor, v1 = oddPart, - * let m2 = evenFactor, v2 = evenPart. - */ - - /* Compute C2 = m1**-1 mod m2. */ - MP_CHECKOK( s_mp_invmod_2d(&oddFactor, k, &C2) ); - - /* compute u = (v2 - v1)*C2 mod m2 */ - MP_CHECKOK( mp_sub(&evenPart, &oddPart, &tmp1) ); - MP_CHECKOK( mp_mul(&tmp1, &C2, &tmp2) ); - s_mp_mod_2d(&tmp2, k); - while (MP_SIGN(&tmp2) != MP_ZPOS) { - MP_CHECKOK( mp_add(&tmp2, &evenFactor, &tmp2) ); - } - - /* compute answer = v1 + u*m1 */ - MP_CHECKOK( mp_mul(&tmp2, &oddFactor, c) ); - MP_CHECKOK( mp_add(&oddPart, c, c) ); - /* not sure this is necessary, but it's low cost if not. */ - MP_CHECKOK( mp_mod(c, m, c) ); - -CLEANUP: - mp_clear(&oddFactor); - mp_clear(&evenFactor); - mp_clear(&oddPart); - mp_clear(&evenPart); - mp_clear(&C2); - mp_clear(&tmp1); - mp_clear(&tmp2); - return res; -} - - -/* {{{ mp_invmod(a, m, c) */ - -/* - mp_invmod(a, m, c) - - Compute c = a^-1 (mod m), if there is an inverse for a (mod m). - This is equivalent to the question of whether (a, m) = 1. If not, - MP_UNDEF is returned, and there is no inverse. - */ - -mp_err mp_invmod(const mp_int *a, const mp_int *m, mp_int *c) -{ - - ARGCHK(a && m && c, MP_BADARG); - - if(mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0) - return MP_RANGE; - - if (mp_isodd(m)) { - return s_mp_invmod_odd_m(a, m, c); - } - if (mp_iseven(a)) - return MP_UNDEF; /* not invertable */ - - return s_mp_invmod_even_m(a, m, c); - -} /* end mp_invmod() */ - -/* }}} */ -#endif /* if MP_NUMTH */ - -/* }}} */ - -/*------------------------------------------------------------------------*/ -/* {{{ mp_print(mp, ofp) */ - -#if MP_IOFUNC -/* - mp_print(mp, ofp) - - Print a textual representation of the given mp_int on the output - stream 'ofp'. Output is generated using the internal radix. - */ - -void mp_print(mp_int *mp, FILE *ofp) -{ - int ix; - - if(mp == NULL || ofp == NULL) - return; - - fputc((SIGN(mp) == NEG) ? '-' : '+', ofp); - - for(ix = USED(mp) - 1; ix >= 0; ix--) { - fprintf(ofp, DIGIT_FMT, DIGIT(mp, ix)); - } - -} /* end mp_print() */ - -#endif /* if MP_IOFUNC */ - -/* }}} */ - -/*------------------------------------------------------------------------*/ -/* {{{ More I/O Functions */ - -/* {{{ mp_read_raw(mp, str, len) */ - -/* - mp_read_raw(mp, str, len) - - Read in a raw value (base 256) into the given mp_int - */ - -mp_err mp_read_raw(mp_int *mp, char *str, int len) -{ - int ix; - mp_err res; - unsigned char *ustr = (unsigned char *)str; - - ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG); - - mp_zero(mp); - - /* Get sign from first byte */ - if(ustr[0]) - SIGN(mp) = NEG; - else - SIGN(mp) = ZPOS; - - /* Read the rest of the digits */ - for(ix = 1; ix < len; ix++) { - if((res = mp_mul_d(mp, 256, mp)) != MP_OKAY) - return res; - if((res = mp_add_d(mp, ustr[ix], mp)) != MP_OKAY) - return res; - } - - return MP_OKAY; - -} /* end mp_read_raw() */ - -/* }}} */ - -/* {{{ mp_raw_size(mp) */ - -int mp_raw_size(mp_int *mp) -{ - ARGCHK(mp != NULL, 0); - - return (USED(mp) * sizeof(mp_digit)) + 1; - -} /* end mp_raw_size() */ - -/* }}} */ - -/* {{{ mp_toraw(mp, str) */ - -mp_err mp_toraw(mp_int *mp, char *str) -{ - int ix, jx, pos = 1; - - ARGCHK(mp != NULL && str != NULL, MP_BADARG); - - str[0] = (char)SIGN(mp); - - /* Iterate over each digit... */ - for(ix = USED(mp) - 1; ix >= 0; ix--) { - mp_digit d = DIGIT(mp, ix); - - /* Unpack digit bytes, high order first */ - for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) { - str[pos++] = (char)(d >> (jx * CHAR_BIT)); - } - } - - return MP_OKAY; - -} /* end mp_toraw() */ - -/* }}} */ - -/* {{{ mp_read_radix(mp, str, radix) */ - -/* - mp_read_radix(mp, str, radix) - - Read an integer from the given string, and set mp to the resulting - value. The input is presumed to be in base 10. Leading non-digit - characters are ignored, and the function reads until a non-digit - character or the end of the string. - */ - -mp_err mp_read_radix(mp_int *mp, const char *str, int radix) -{ - int ix = 0, val = 0; - mp_err res; - mp_sign sig = ZPOS; - - ARGCHK(mp != NULL && str != NULL && radix >= 2 && radix <= MAX_RADIX, - MP_BADARG); - - mp_zero(mp); - - /* Skip leading non-digit characters until a digit or '-' or '+' */ - while(str[ix] && - (s_mp_tovalue(str[ix], radix) < 0) && - str[ix] != '-' && - str[ix] != '+') { - ++ix; - } - - if(str[ix] == '-') { - sig = NEG; - ++ix; - } else if(str[ix] == '+') { - sig = ZPOS; /* this is the default anyway... */ - ++ix; - } - - while((val = s_mp_tovalue(str[ix], radix)) >= 0) { - if((res = s_mp_mul_d(mp, radix)) != MP_OKAY) - return res; - if((res = s_mp_add_d(mp, val)) != MP_OKAY) - return res; - ++ix; - } - - if(s_mp_cmp_d(mp, 0) == MP_EQ) - SIGN(mp) = ZPOS; - else - SIGN(mp) = sig; - - return MP_OKAY; - -} /* end mp_read_radix() */ - -mp_err mp_read_variable_radix(mp_int *a, const char * str, int default_radix) -{ - int radix = default_radix; - int cx; - mp_sign sig = ZPOS; - mp_err res; - - /* Skip leading non-digit characters until a digit or '-' or '+' */ - while ((cx = *str) != 0 && - (s_mp_tovalue(cx, radix) < 0) && - cx != '-' && - cx != '+') { - ++str; - } - - if (cx == '-') { - sig = NEG; - ++str; - } else if (cx == '+') { - sig = ZPOS; /* this is the default anyway... */ - ++str; - } - - if (str[0] == '0') { - if ((str[1] | 0x20) == 'x') { - radix = 16; - str += 2; - } else { - radix = 8; - str++; - } - } - res = mp_read_radix(a, str, radix); - if (res == MP_OKAY) { - MP_SIGN(a) = (s_mp_cmp_d(a, 0) == MP_EQ) ? ZPOS : sig; - } - return res; -} - -/* }}} */ - -/* {{{ mp_radix_size(mp, radix) */ - -int mp_radix_size(mp_int *mp, int radix) -{ - int bits; - - if(!mp || radix < 2 || radix > MAX_RADIX) - return 0; - - bits = USED(mp) * DIGIT_BIT - 1; - - return s_mp_outlen(bits, radix); - -} /* end mp_radix_size() */ - -/* }}} */ - -/* {{{ mp_toradix(mp, str, radix) */ - -mp_err mp_toradix(mp_int *mp, char *str, int radix) -{ - int ix, pos = 0; - - ARGCHK(mp != NULL && str != NULL, MP_BADARG); - ARGCHK(radix > 1 && radix <= MAX_RADIX, MP_RANGE); - - if(mp_cmp_z(mp) == MP_EQ) { - str[0] = '0'; - str[1] = '\0'; - } else { - mp_err res; - mp_int tmp; - mp_sign sgn; - mp_digit rem, rdx = (mp_digit)radix; - char ch; - - if((res = mp_init_copy(&tmp, mp)) != MP_OKAY) - return res; - - /* Save sign for later, and take absolute value */ - sgn = SIGN(&tmp); SIGN(&tmp) = ZPOS; - - /* Generate output digits in reverse order */ - while(mp_cmp_z(&tmp) != 0) { - if((res = mp_div_d(&tmp, rdx, &tmp, &rem)) != MP_OKAY) { - mp_clear(&tmp); - return res; - } - - /* Generate digits, use capital letters */ - ch = s_mp_todigit(rem, radix, 0); - - str[pos++] = ch; - } - - /* Add - sign if original value was negative */ - if(sgn == NEG) - str[pos++] = '-'; - - /* Add trailing NUL to end the string */ - str[pos--] = '\0'; - - /* Reverse the digits and sign indicator */ - ix = 0; - while(ix < pos) { - char tmp = str[ix]; - - str[ix] = str[pos]; - str[pos] = tmp; - ++ix; - --pos; - } - - mp_clear(&tmp); - } - - return MP_OKAY; - -} /* end mp_toradix() */ - -/* }}} */ - -/* {{{ mp_tovalue(ch, r) */ - -int mp_tovalue(char ch, int r) -{ - return s_mp_tovalue(ch, r); - -} /* end mp_tovalue() */ - -/* }}} */ - -/* }}} */ - -/* {{{ mp_strerror(ec) */ - -/* - mp_strerror(ec) - - Return a string describing the meaning of error code 'ec'. The - string returned is allocated in static memory, so the caller should - not attempt to modify or free the memory associated with this - string. - */ -const char *mp_strerror(mp_err ec) -{ - int aec = (ec < 0) ? -ec : ec; - - /* Code values are negative, so the senses of these comparisons - are accurate */ - if(ec < MP_LAST_CODE || ec > MP_OKAY) { - return mp_err_string[0]; /* unknown error code */ - } else { - return mp_err_string[aec + 1]; - } - -} /* end mp_strerror() */ - -/* }}} */ - -/*========================================================================*/ -/*------------------------------------------------------------------------*/ -/* Static function definitions (internal use only) */ - -/* {{{ Memory management */ - -/* {{{ s_mp_grow(mp, min) */ - -/* Make sure there are at least 'min' digits allocated to mp */ -mp_err s_mp_grow(mp_int *mp, mp_size min) -{ - if(min > ALLOC(mp)) { - mp_digit *tmp; - - /* Set min to next nearest default precision block size */ - min = MP_ROUNDUP(min, s_mp_defprec); - - if((tmp = s_mp_alloc(min, sizeof(mp_digit))) == NULL) - return MP_MEM; - - s_mp_copy(DIGITS(mp), tmp, USED(mp)); - -#if MP_CRYPTO - s_mp_setz(DIGITS(mp), ALLOC(mp)); -#endif - s_mp_free(DIGITS(mp)); - DIGITS(mp) = tmp; - ALLOC(mp) = min; - } - - return MP_OKAY; - -} /* end s_mp_grow() */ - -/* }}} */ - -/* {{{ s_mp_pad(mp, min) */ - -/* Make sure the used size of mp is at least 'min', growing if needed */ -mp_err s_mp_pad(mp_int *mp, mp_size min) -{ - if(min > USED(mp)) { - mp_err res; - - /* Make sure there is room to increase precision */ - if (min > ALLOC(mp)) { - if ((res = s_mp_grow(mp, min)) != MP_OKAY) - return res; - } else { - s_mp_setz(DIGITS(mp) + USED(mp), min - USED(mp)); - } - - /* Increase precision; should already be 0-filled */ - USED(mp) = min; - } - - return MP_OKAY; - -} /* end s_mp_pad() */ - -/* }}} */ - -/* {{{ s_mp_setz(dp, count) */ - -#if MP_MACRO == 0 -/* Set 'count' digits pointed to by dp to be zeroes */ -void s_mp_setz(mp_digit *dp, mp_size count) -{ -#if MP_MEMSET == 0 - int ix; - - for(ix = 0; ix < count; ix++) - dp[ix] = 0; -#else - memset(dp, 0, count * sizeof(mp_digit)); -#endif - -} /* end s_mp_setz() */ -#endif - -/* }}} */ - -/* {{{ s_mp_copy(sp, dp, count) */ - -#if MP_MACRO == 0 -/* Copy 'count' digits from sp to dp */ -void s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count) -{ -#if MP_MEMCPY == 0 - int ix; - - for(ix = 0; ix < count; ix++) - dp[ix] = sp[ix]; -#else - memcpy(dp, sp, count * sizeof(mp_digit)); -#endif - -} /* end s_mp_copy() */ -#endif - -/* }}} */ - -/* {{{ s_mp_alloc(nb, ni) */ - -#if MP_MACRO == 0 -/* Allocate ni records of nb bytes each, and return a pointer to that */ -void *s_mp_alloc(size_t nb, size_t ni) -{ - ++mp_allocs; - return calloc(nb, ni); - -} /* end s_mp_alloc() */ -#endif - -/* }}} */ - -/* {{{ s_mp_free(ptr) */ - -#if MP_MACRO == 0 -/* Free the memory pointed to by ptr */ -void s_mp_free(void *ptr) -{ - if(ptr) { - ++mp_frees; - free(ptr); - } -} /* end s_mp_free() */ -#endif - -/* }}} */ - -/* {{{ s_mp_clamp(mp) */ - -#if MP_MACRO == 0 -/* Remove leading zeroes from the given value */ -void s_mp_clamp(mp_int *mp) -{ - mp_size used = MP_USED(mp); - while (used > 1 && DIGIT(mp, used - 1) == 0) - --used; - MP_USED(mp) = used; -} /* end s_mp_clamp() */ -#endif - -/* }}} */ - -/* {{{ s_mp_exch(a, b) */ - -/* Exchange the data for a and b; (b, a) = (a, b) */ -void s_mp_exch(mp_int *a, mp_int *b) -{ - mp_int tmp; - - tmp = *a; - *a = *b; - *b = tmp; - -} /* end s_mp_exch() */ - -/* }}} */ - -/* }}} */ - -/* {{{ Arithmetic helpers */ - -/* {{{ s_mp_lshd(mp, p) */ - -/* - Shift mp leftward by p digits, growing if needed, and zero-filling - the in-shifted digits at the right end. This is a convenient - alternative to multiplication by powers of the radix - The value of USED(mp) must already have been set to the value for - the shifted result. - */ - -mp_err s_mp_lshd(mp_int *mp, mp_size p) -{ - mp_err res; - mp_size pos; - int ix; - - if(p == 0) - return MP_OKAY; - - if (MP_USED(mp) == 1 && MP_DIGIT(mp, 0) == 0) - return MP_OKAY; - - if((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY) - return res; - - pos = USED(mp) - 1; - - /* Shift all the significant figures over as needed */ - for(ix = pos - p; ix >= 0; ix--) - DIGIT(mp, ix + p) = DIGIT(mp, ix); - - /* Fill the bottom digits with zeroes */ - for(ix = 0; ix < p; ix++) - DIGIT(mp, ix) = 0; - - return MP_OKAY; - -} /* end s_mp_lshd() */ - -/* }}} */ - -/* {{{ s_mp_mul_2d(mp, d) */ - -/* - Multiply the integer by 2^d, where d is a number of bits. This - amounts to a bitwise shift of the value. - */ -mp_err s_mp_mul_2d(mp_int *mp, mp_digit d) -{ - mp_err res; - mp_digit dshift, bshift; - mp_digit mask; - - ARGCHK(mp != NULL, MP_BADARG); - - dshift = d / MP_DIGIT_BIT; - bshift = d % MP_DIGIT_BIT; - /* bits to be shifted out of the top word */ - mask = ((mp_digit)~0 << (MP_DIGIT_BIT - bshift)); - mask &= MP_DIGIT(mp, MP_USED(mp) - 1); - - if (MP_OKAY != (res = s_mp_pad(mp, MP_USED(mp) + dshift + (mask != 0) ))) - return res; - - if (dshift && MP_OKAY != (res = s_mp_lshd(mp, dshift))) - return res; - - if (bshift) { - mp_digit *pa = MP_DIGITS(mp); - mp_digit *alim = pa + MP_USED(mp); - mp_digit prev = 0; - - for (pa += dshift; pa < alim; ) { - mp_digit x = *pa; - *pa++ = (x << bshift) | prev; - prev = x >> (DIGIT_BIT - bshift); - } - } - - s_mp_clamp(mp); - return MP_OKAY; -} /* end s_mp_mul_2d() */ - -/* {{{ s_mp_rshd(mp, p) */ - -/* - Shift mp rightward by p digits. Maintains the invariant that - digits above the precision are all zero. Digits shifted off the - end are lost. Cannot fail. - */ - -void s_mp_rshd(mp_int *mp, mp_size p) -{ - mp_size ix; - mp_digit *src, *dst; - - if(p == 0) - return; - - /* Shortcut when all digits are to be shifted off */ - if(p >= USED(mp)) { - s_mp_setz(DIGITS(mp), ALLOC(mp)); - USED(mp) = 1; - SIGN(mp) = ZPOS; - return; - } - - /* Shift all the significant figures over as needed */ - dst = MP_DIGITS(mp); - src = dst + p; - for (ix = USED(mp) - p; ix > 0; ix--) - *dst++ = *src++; - - MP_USED(mp) -= p; - /* Fill the top digits with zeroes */ - while (p-- > 0) - *dst++ = 0; - -#if 0 - /* Strip off any leading zeroes */ - s_mp_clamp(mp); -#endif - -} /* end s_mp_rshd() */ - -/* }}} */ - -/* {{{ s_mp_div_2(mp) */ - -/* Divide by two -- take advantage of radix properties to do it fast */ -void s_mp_div_2(mp_int *mp) -{ - s_mp_div_2d(mp, 1); - -} /* end s_mp_div_2() */ - -/* }}} */ - -/* {{{ s_mp_mul_2(mp) */ - -mp_err s_mp_mul_2(mp_int *mp) -{ - mp_digit *pd; - int ix, used; - mp_digit kin = 0; - - /* Shift digits leftward by 1 bit */ - used = MP_USED(mp); - pd = MP_DIGITS(mp); - for (ix = 0; ix < used; ix++) { - mp_digit d = *pd; - *pd++ = (d << 1) | kin; - kin = (d >> (DIGIT_BIT - 1)); - } - - /* Deal with rollover from last digit */ - if (kin) { - if (ix >= ALLOC(mp)) { - mp_err res; - if((res = s_mp_grow(mp, ALLOC(mp) + 1)) != MP_OKAY) - return res; - } - - DIGIT(mp, ix) = kin; - USED(mp) += 1; - } - - return MP_OKAY; - -} /* end s_mp_mul_2() */ - -/* }}} */ - -/* {{{ s_mp_mod_2d(mp, d) */ - -/* - Remainder the integer by 2^d, where d is a number of bits. This - amounts to a bitwise AND of the value, and does not require the full - division code - */ -void s_mp_mod_2d(mp_int *mp, mp_digit d) -{ - mp_size ndig = (d / DIGIT_BIT), nbit = (d % DIGIT_BIT); - mp_size ix; - mp_digit dmask; - - if(ndig >= USED(mp)) - return; - - /* Flush all the bits above 2^d in its digit */ - dmask = ((mp_digit)1 << nbit) - 1; - DIGIT(mp, ndig) &= dmask; - - /* Flush all digits above the one with 2^d in it */ - for(ix = ndig + 1; ix < USED(mp); ix++) - DIGIT(mp, ix) = 0; - - s_mp_clamp(mp); - -} /* end s_mp_mod_2d() */ - -/* }}} */ - -/* {{{ s_mp_div_2d(mp, d) */ - -/* - Divide the integer by 2^d, where d is a number of bits. This - amounts to a bitwise shift of the value, and does not require the - full division code (used in Barrett reduction, see below) - */ -void s_mp_div_2d(mp_int *mp, mp_digit d) -{ - int ix; - mp_digit save, next, mask; - - s_mp_rshd(mp, d / DIGIT_BIT); - d %= DIGIT_BIT; - if (d) { - mask = ((mp_digit)1 << d) - 1; - save = 0; - for(ix = USED(mp) - 1; ix >= 0; ix--) { - next = DIGIT(mp, ix) & mask; - DIGIT(mp, ix) = (DIGIT(mp, ix) >> d) | (save << (DIGIT_BIT - d)); - save = next; - } - } - s_mp_clamp(mp); - -} /* end s_mp_div_2d() */ - -/* }}} */ - -/* {{{ s_mp_norm(a, b, *d) */ - -/* - s_mp_norm(a, b, *d) - - Normalize a and b for division, where b is the divisor. In order - that we might make good guesses for quotient digits, we want the - leading digit of b to be at least half the radix, which we - accomplish by multiplying a and b by a power of 2. The exponent - (shift count) is placed in *pd, so that the remainder can be shifted - back at the end of the division process. - */ - -mp_err s_mp_norm(mp_int *a, mp_int *b, mp_digit *pd) -{ - mp_digit d; - mp_digit mask; - mp_digit b_msd; - mp_err res = MP_OKAY; - - d = 0; - mask = DIGIT_MAX & ~(DIGIT_MAX >> 1); /* mask is msb of digit */ - b_msd = DIGIT(b, USED(b) - 1); - while (!(b_msd & mask)) { - b_msd <<= 1; - ++d; - } - - if (d) { - MP_CHECKOK( s_mp_mul_2d(a, d) ); - MP_CHECKOK( s_mp_mul_2d(b, d) ); - } - - *pd = d; -CLEANUP: - return res; - -} /* end s_mp_norm() */ - -/* }}} */ - -/* }}} */ - -/* {{{ Primitive digit arithmetic */ - -/* {{{ s_mp_add_d(mp, d) */ - -/* Add d to |mp| in place */ -mp_err s_mp_add_d(mp_int *mp, mp_digit d) /* unsigned digit addition */ -{ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) - mp_word w, k = 0; - mp_size ix = 1; - - w = (mp_word)DIGIT(mp, 0) + d; - DIGIT(mp, 0) = ACCUM(w); - k = CARRYOUT(w); - - while(ix < USED(mp) && k) { - w = (mp_word)DIGIT(mp, ix) + k; - DIGIT(mp, ix) = ACCUM(w); - k = CARRYOUT(w); - ++ix; - } - - if(k != 0) { - mp_err res; - - if((res = s_mp_pad(mp, USED(mp) + 1)) != MP_OKAY) - return res; - - DIGIT(mp, ix) = (mp_digit)k; - } - - return MP_OKAY; -#else - mp_digit * pmp = MP_DIGITS(mp); - mp_digit sum, mp_i, carry = 0; - mp_err res = MP_OKAY; - int used = (int)MP_USED(mp); - - mp_i = *pmp; - *pmp++ = sum = d + mp_i; - carry = (sum < d); - while (carry && --used > 0) { - mp_i = *pmp; - *pmp++ = sum = carry + mp_i; - carry = !sum; - } - if (carry && !used) { - /* mp is growing */ - used = MP_USED(mp); - MP_CHECKOK( s_mp_pad(mp, used + 1) ); - MP_DIGIT(mp, used) = carry; - } -CLEANUP: - return res; -#endif -} /* end s_mp_add_d() */ - -/* }}} */ - -/* {{{ s_mp_sub_d(mp, d) */ - -/* Subtract d from |mp| in place, assumes |mp| > d */ -mp_err s_mp_sub_d(mp_int *mp, mp_digit d) /* unsigned digit subtract */ -{ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) - mp_word w, b = 0; - mp_size ix = 1; - - /* Compute initial subtraction */ - w = (RADIX + (mp_word)DIGIT(mp, 0)) - d; - b = CARRYOUT(w) ? 0 : 1; - DIGIT(mp, 0) = ACCUM(w); - - /* Propagate borrows leftward */ - while(b && ix < USED(mp)) { - w = (RADIX + (mp_word)DIGIT(mp, ix)) - b; - b = CARRYOUT(w) ? 0 : 1; - DIGIT(mp, ix) = ACCUM(w); - ++ix; - } - - /* Remove leading zeroes */ - s_mp_clamp(mp); - - /* If we have a borrow out, it's a violation of the input invariant */ - if(b) - return MP_RANGE; - else - return MP_OKAY; -#else - mp_digit *pmp = MP_DIGITS(mp); - mp_digit mp_i, diff, borrow; - mp_size used = MP_USED(mp); - - mp_i = *pmp; - *pmp++ = diff = mp_i - d; - borrow = (diff > mp_i); - while (borrow && --used) { - mp_i = *pmp; - *pmp++ = diff = mp_i - borrow; - borrow = (diff > mp_i); - } - s_mp_clamp(mp); - return (borrow && !used) ? MP_RANGE : MP_OKAY; -#endif -} /* end s_mp_sub_d() */ - -/* }}} */ - -/* {{{ s_mp_mul_d(a, d) */ - -/* Compute a = a * d, single digit multiplication */ -mp_err s_mp_mul_d(mp_int *a, mp_digit d) -{ - mp_err res; - mp_size used; - int pow; - - if (!d) { - mp_zero(a); - return MP_OKAY; - } - if (d == 1) - return MP_OKAY; - if (0 <= (pow = s_mp_ispow2d(d))) { - return s_mp_mul_2d(a, (mp_digit)pow); - } - - used = MP_USED(a); - MP_CHECKOK( s_mp_pad(a, used + 1) ); - - s_mpv_mul_d(MP_DIGITS(a), used, d, MP_DIGITS(a)); - - s_mp_clamp(a); - -CLEANUP: - return res; - -} /* end s_mp_mul_d() */ - -/* }}} */ - -/* {{{ s_mp_div_d(mp, d, r) */ - -/* - s_mp_div_d(mp, d, r) - - Compute the quotient mp = mp / d and remainder r = mp mod d, for a - single digit d. If r is null, the remainder will be discarded. - */ - -mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r) -{ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD) - mp_word w = 0, q; -#else - mp_digit w, q; -#endif - int ix; - mp_err res; - mp_int quot; - mp_int rem; - - if(d == 0) - return MP_RANGE; - if (d == 1) { - if (r) - *r = 0; - return MP_OKAY; - } - /* could check for power of 2 here, but mp_div_d does that. */ - if (MP_USED(mp) == 1) { - mp_digit n = MP_DIGIT(mp,0); - mp_digit rem; - - q = n / d; - rem = n % d; - MP_DIGIT(mp,0) = q; - if (r) - *r = rem; - return MP_OKAY; - } - - MP_DIGITS(&rem) = 0; - MP_DIGITS(") = 0; - /* Make room for the quotient */ - MP_CHECKOK( mp_init_size(", USED(mp)) ); - -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD) - for(ix = USED(mp) - 1; ix >= 0; ix--) { - w = (w << DIGIT_BIT) | DIGIT(mp, ix); - - if(w >= d) { - q = w / d; - w = w % d; - } else { - q = 0; - } - - s_mp_lshd(", 1); - DIGIT(", 0) = (mp_digit)q; - } -#else - { - mp_digit p; -#if !defined(MP_ASSEMBLY_DIV_2DX1D) - mp_digit norm; -#endif - - MP_CHECKOK( mp_init_copy(&rem, mp) ); - -#if !defined(MP_ASSEMBLY_DIV_2DX1D) - MP_DIGIT(", 0) = d; - MP_CHECKOK( s_mp_norm(&rem, ", &norm) ); - if (norm) - d <<= norm; - MP_DIGIT(", 0) = 0; -#endif - - p = 0; - for (ix = USED(&rem) - 1; ix >= 0; ix--) { - w = DIGIT(&rem, ix); - - if (p) { - MP_CHECKOK( s_mpv_div_2dx1d(p, w, d, &q, &w) ); - } else if (w >= d) { - q = w / d; - w = w % d; - } else { - q = 0; - } - - MP_CHECKOK( s_mp_lshd(", 1) ); - DIGIT(", 0) = q; - p = w; - } -#if !defined(MP_ASSEMBLY_DIV_2DX1D) - if (norm) - w >>= norm; -#endif - } -#endif - - /* Deliver the remainder, if desired */ - if(r) - *r = (mp_digit)w; - - s_mp_clamp("); - mp_exch(", mp); -CLEANUP: - mp_clear("); - mp_clear(&rem); - - return res; -} /* end s_mp_div_d() */ - -/* }}} */ - - -/* }}} */ - -/* {{{ Primitive full arithmetic */ - -/* {{{ s_mp_add(a, b) */ - -/* Compute a = |a| + |b| */ -mp_err s_mp_add(mp_int *a, const mp_int *b) /* magnitude addition */ -{ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) - mp_word w = 0; -#else - mp_digit d, sum, carry = 0; -#endif - mp_digit *pa, *pb; - mp_size ix; - mp_size used; - mp_err res; - - /* Make sure a has enough precision for the output value */ - if((USED(b) > USED(a)) && (res = s_mp_pad(a, USED(b))) != MP_OKAY) - return res; - - /* - Add up all digits up to the precision of b. If b had initially - the same precision as a, or greater, we took care of it by the - padding step above, so there is no problem. If b had initially - less precision, we'll have to make sure the carry out is duly - propagated upward among the higher-order digits of the sum. - */ - pa = MP_DIGITS(a); - pb = MP_DIGITS(b); - used = MP_USED(b); - for(ix = 0; ix < used; ix++) { -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) - w = w + *pa + *pb++; - *pa++ = ACCUM(w); - w = CARRYOUT(w); -#else - d = *pa; - sum = d + *pb++; - d = (sum < d); /* detect overflow */ - *pa++ = sum += carry; - carry = d + (sum < carry); /* detect overflow */ -#endif - } - - /* If we run out of 'b' digits before we're actually done, make - sure the carries get propagated upward... - */ - used = MP_USED(a); -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) - while (w && ix < used) { - w = w + *pa; - *pa++ = ACCUM(w); - w = CARRYOUT(w); - ++ix; - } -#else - while (carry && ix < used) { - sum = carry + *pa; - *pa++ = sum; - carry = !sum; - ++ix; - } -#endif - - /* If there's an overall carry out, increase precision and include - it. We could have done this initially, but why touch the memory - allocator unless we're sure we have to? - */ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) - if (w) { - if((res = s_mp_pad(a, used + 1)) != MP_OKAY) - return res; - - DIGIT(a, ix) = (mp_digit)w; - } -#else - if (carry) { - if((res = s_mp_pad(a, used + 1)) != MP_OKAY) - return res; - - DIGIT(a, used) = carry; - } -#endif - - return MP_OKAY; -} /* end s_mp_add() */ - -/* }}} */ - -/* Compute c = |a| + |b| */ /* magnitude addition */ -mp_err s_mp_add_3arg(const mp_int *a, const mp_int *b, mp_int *c) -{ - mp_digit *pa, *pb, *pc; -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) - mp_word w = 0; -#else - mp_digit sum, carry = 0, d; -#endif - mp_size ix; - mp_size used; - mp_err res; - - MP_SIGN(c) = MP_SIGN(a); - if (MP_USED(a) < MP_USED(b)) { - const mp_int *xch = a; - a = b; - b = xch; - } - - /* Make sure a has enough precision for the output value */ - if (MP_OKAY != (res = s_mp_pad(c, MP_USED(a)))) - return res; - - /* - Add up all digits up to the precision of b. If b had initially - the same precision as a, or greater, we took care of it by the - exchange step above, so there is no problem. If b had initially - less precision, we'll have to make sure the carry out is duly - propagated upward among the higher-order digits of the sum. - */ - pa = MP_DIGITS(a); - pb = MP_DIGITS(b); - pc = MP_DIGITS(c); - used = MP_USED(b); - for (ix = 0; ix < used; ix++) { -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) - w = w + *pa++ + *pb++; - *pc++ = ACCUM(w); - w = CARRYOUT(w); -#else - d = *pa++; - sum = d + *pb++; - d = (sum < d); /* detect overflow */ - *pc++ = sum += carry; - carry = d + (sum < carry); /* detect overflow */ -#endif - } - - /* If we run out of 'b' digits before we're actually done, make - sure the carries get propagated upward... - */ - for (used = MP_USED(a); ix < used; ++ix) { -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) - w = w + *pa++; - *pc++ = ACCUM(w); - w = CARRYOUT(w); -#else - *pc++ = sum = carry + *pa++; - carry = (sum < carry); -#endif - } - - /* If there's an overall carry out, increase precision and include - it. We could have done this initially, but why touch the memory - allocator unless we're sure we have to? - */ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) - if (w) { - if((res = s_mp_pad(c, used + 1)) != MP_OKAY) - return res; - - DIGIT(c, used) = (mp_digit)w; - ++used; - } -#else - if (carry) { - if((res = s_mp_pad(c, used + 1)) != MP_OKAY) - return res; - - DIGIT(c, used) = carry; - ++used; - } -#endif - MP_USED(c) = used; - return MP_OKAY; -} -/* {{{ s_mp_add_offset(a, b, offset) */ - -/* Compute a = |a| + ( |b| * (RADIX ** offset) ) */ -mp_err s_mp_add_offset(mp_int *a, mp_int *b, mp_size offset) -{ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) - mp_word w, k = 0; -#else - mp_digit d, sum, carry = 0; -#endif - mp_size ib; - mp_size ia; - mp_size lim; - mp_err res; - - /* Make sure a has enough precision for the output value */ - lim = MP_USED(b) + offset; - if((lim > USED(a)) && (res = s_mp_pad(a, lim)) != MP_OKAY) - return res; - - /* - Add up all digits up to the precision of b. If b had initially - the same precision as a, or greater, we took care of it by the - padding step above, so there is no problem. If b had initially - less precision, we'll have to make sure the carry out is duly - propagated upward among the higher-order digits of the sum. - */ - lim = USED(b); - for(ib = 0, ia = offset; ib < lim; ib++, ia++) { -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) - w = (mp_word)DIGIT(a, ia) + DIGIT(b, ib) + k; - DIGIT(a, ia) = ACCUM(w); - k = CARRYOUT(w); -#else - d = MP_DIGIT(a, ia); - sum = d + MP_DIGIT(b, ib); - d = (sum < d); - MP_DIGIT(a,ia) = sum += carry; - carry = d + (sum < carry); -#endif - } - - /* If we run out of 'b' digits before we're actually done, make - sure the carries get propagated upward... - */ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) - for (lim = MP_USED(a); k && (ia < lim); ++ia) { - w = (mp_word)DIGIT(a, ia) + k; - DIGIT(a, ia) = ACCUM(w); - k = CARRYOUT(w); - } -#else - for (lim = MP_USED(a); carry && (ia < lim); ++ia) { - d = MP_DIGIT(a, ia); - MP_DIGIT(a,ia) = sum = d + carry; - carry = (sum < d); - } -#endif - - /* If there's an overall carry out, increase precision and include - it. We could have done this initially, but why touch the memory - allocator unless we're sure we have to? - */ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) - if(k) { - if((res = s_mp_pad(a, USED(a) + 1)) != MP_OKAY) - return res; - - DIGIT(a, ia) = (mp_digit)k; - } -#else - if (carry) { - if((res = s_mp_pad(a, lim + 1)) != MP_OKAY) - return res; - - DIGIT(a, lim) = carry; - } -#endif - s_mp_clamp(a); - - return MP_OKAY; - -} /* end s_mp_add_offset() */ - -/* }}} */ - -/* {{{ s_mp_sub(a, b) */ - -/* Compute a = |a| - |b|, assumes |a| >= |b| */ -mp_err s_mp_sub(mp_int *a, const mp_int *b) /* magnitude subtract */ -{ - mp_digit *pa, *pb, *limit; -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) - mp_sword w = 0; -#else - mp_digit d, diff, borrow = 0; -#endif - - /* - Subtract and propagate borrow. Up to the precision of b, this - accounts for the digits of b; after that, we just make sure the - carries get to the right place. This saves having to pad b out to - the precision of a just to make the loops work right... - */ - pa = MP_DIGITS(a); - pb = MP_DIGITS(b); - limit = pb + MP_USED(b); - while (pb < limit) { -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) - w = w + *pa - *pb++; - *pa++ = ACCUM(w); - w >>= MP_DIGIT_BIT; -#else - d = *pa; - diff = d - *pb++; - d = (diff > d); /* detect borrow */ - if (borrow && --diff == MP_DIGIT_MAX) - ++d; - *pa++ = diff; - borrow = d; -#endif - } - limit = MP_DIGITS(a) + MP_USED(a); -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) - while (w && pa < limit) { - w = w + *pa; - *pa++ = ACCUM(w); - w >>= MP_DIGIT_BIT; - } -#else - while (borrow && pa < limit) { - d = *pa; - *pa++ = diff = d - borrow; - borrow = (diff > d); - } -#endif - - /* Clobber any leading zeroes we created */ - s_mp_clamp(a); - - /* - If there was a borrow out, then |b| > |a| in violation - of our input invariant. We've already done the work, - but we'll at least complain about it... - */ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) - return w ? MP_RANGE : MP_OKAY; -#else - return borrow ? MP_RANGE : MP_OKAY; -#endif -} /* end s_mp_sub() */ - -/* }}} */ - -/* Compute c = |a| - |b|, assumes |a| >= |b| */ /* magnitude subtract */ -mp_err s_mp_sub_3arg(const mp_int *a, const mp_int *b, mp_int *c) -{ - mp_digit *pa, *pb, *pc; -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) - mp_sword w = 0; -#else - mp_digit d, diff, borrow = 0; -#endif - int ix, limit; - mp_err res; - - MP_SIGN(c) = MP_SIGN(a); - - /* Make sure a has enough precision for the output value */ - if (MP_OKAY != (res = s_mp_pad(c, MP_USED(a)))) - return res; - - /* - Subtract and propagate borrow. Up to the precision of b, this - accounts for the digits of b; after that, we just make sure the - carries get to the right place. This saves having to pad b out to - the precision of a just to make the loops work right... - */ - pa = MP_DIGITS(a); - pb = MP_DIGITS(b); - pc = MP_DIGITS(c); - limit = MP_USED(b); - for (ix = 0; ix < limit; ++ix) { -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) - w = w + *pa++ - *pb++; - *pc++ = ACCUM(w); - w >>= MP_DIGIT_BIT; -#else - d = *pa++; - diff = d - *pb++; - d = (diff > d); - if (borrow && --diff == MP_DIGIT_MAX) - ++d; - *pc++ = diff; - borrow = d; -#endif - } - for (limit = MP_USED(a); ix < limit; ++ix) { -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) - w = w + *pa++; - *pc++ = ACCUM(w); - w >>= MP_DIGIT_BIT; -#else - d = *pa++; - *pc++ = diff = d - borrow; - borrow = (diff > d); -#endif - } - - /* Clobber any leading zeroes we created */ - MP_USED(c) = ix; - s_mp_clamp(c); - - /* - If there was a borrow out, then |b| > |a| in violation - of our input invariant. We've already done the work, - but we'll at least complain about it... - */ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) - return w ? MP_RANGE : MP_OKAY; -#else - return borrow ? MP_RANGE : MP_OKAY; -#endif -} -/* {{{ s_mp_mul(a, b) */ - -/* Compute a = |a| * |b| */ -mp_err s_mp_mul(mp_int *a, const mp_int *b) -{ - return mp_mul(a, b, a); -} /* end s_mp_mul() */ - -/* }}} */ - -#if defined(MP_USE_UINT_DIGIT) && defined(MP_USE_LONG_LONG_MULTIPLY) -/* This trick works on Sparc V8 CPUs with the Workshop compilers. */ -#define MP_MUL_DxD(a, b, Phi, Plo) \ - { unsigned long long product = (unsigned long long)a * b; \ - Plo = (mp_digit)product; \ - Phi = (mp_digit)(product >> MP_DIGIT_BIT); } -#elif defined(OSF1) -#define MP_MUL_DxD(a, b, Phi, Plo) \ - { Plo = asm ("mulq %a0, %a1, %v0", a, b);\ - Phi = asm ("umulh %a0, %a1, %v0", a, b); } -#else -#define MP_MUL_DxD(a, b, Phi, Plo) \ - { mp_digit a0b1, a1b0; \ - Plo = (a & MP_HALF_DIGIT_MAX) * (b & MP_HALF_DIGIT_MAX); \ - Phi = (a >> MP_HALF_DIGIT_BIT) * (b >> MP_HALF_DIGIT_BIT); \ - a0b1 = (a & MP_HALF_DIGIT_MAX) * (b >> MP_HALF_DIGIT_BIT); \ - a1b0 = (a >> MP_HALF_DIGIT_BIT) * (b & MP_HALF_DIGIT_MAX); \ - a1b0 += a0b1; \ - Phi += a1b0 >> MP_HALF_DIGIT_BIT; \ - if (a1b0 < a0b1) \ - Phi += MP_HALF_RADIX; \ - a1b0 <<= MP_HALF_DIGIT_BIT; \ - Plo += a1b0; \ - if (Plo < a1b0) \ - ++Phi; \ - } -#endif - -#if !defined(MP_ASSEMBLY_MULTIPLY) -/* c = a * b */ -void s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD) - mp_digit d = 0; - - /* Inner product: Digits of a */ - while (a_len--) { - mp_word w = ((mp_word)b * *a++) + d; - *c++ = ACCUM(w); - d = CARRYOUT(w); - } - *c = d; -#else - mp_digit carry = 0; - while (a_len--) { - mp_digit a_i = *a++; - mp_digit a0b0, a1b1; - - MP_MUL_DxD(a_i, b, a1b1, a0b0); - - a0b0 += carry; - if (a0b0 < carry) - ++a1b1; - *c++ = a0b0; - carry = a1b1; - } - *c = carry; -#endif -} - -/* c += a * b */ -void s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, - mp_digit *c) -{ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD) - mp_digit d = 0; - - /* Inner product: Digits of a */ - while (a_len--) { - mp_word w = ((mp_word)b * *a++) + *c + d; - *c++ = ACCUM(w); - d = CARRYOUT(w); - } - *c = d; -#else - mp_digit carry = 0; - while (a_len--) { - mp_digit a_i = *a++; - mp_digit a0b0, a1b1; - - MP_MUL_DxD(a_i, b, a1b1, a0b0); - - a0b0 += carry; - if (a0b0 < carry) - ++a1b1; - a0b0 += a_i = *c; - if (a0b0 < a_i) - ++a1b1; - *c++ = a0b0; - carry = a1b1; - } - *c = carry; -#endif -} - -/* Presently, this is only used by the Montgomery arithmetic code. */ -/* c += a * b */ -void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD) - mp_digit d = 0; - - /* Inner product: Digits of a */ - while (a_len--) { - mp_word w = ((mp_word)b * *a++) + *c + d; - *c++ = ACCUM(w); - d = CARRYOUT(w); - } - - while (d) { - mp_word w = (mp_word)*c + d; - *c++ = ACCUM(w); - d = CARRYOUT(w); - } -#else - mp_digit carry = 0; - while (a_len--) { - mp_digit a_i = *a++; - mp_digit a0b0, a1b1; - - MP_MUL_DxD(a_i, b, a1b1, a0b0); - - a0b0 += carry; - if (a0b0 < carry) - ++a1b1; - - a0b0 += a_i = *c; - if (a0b0 < a_i) - ++a1b1; - - *c++ = a0b0; - carry = a1b1; - } - while (carry) { - mp_digit c_i = *c; - carry += c_i; - *c++ = carry; - carry = carry < c_i; - } -#endif -} -#endif - -#if defined(MP_USE_UINT_DIGIT) && defined(MP_USE_LONG_LONG_MULTIPLY) -/* This trick works on Sparc V8 CPUs with the Workshop compilers. */ -#define MP_SQR_D(a, Phi, Plo) \ - { unsigned long long square = (unsigned long long)a * a; \ - Plo = (mp_digit)square; \ - Phi = (mp_digit)(square >> MP_DIGIT_BIT); } -#elif defined(OSF1) -#define MP_SQR_D(a, Phi, Plo) \ - { Plo = asm ("mulq %a0, %a0, %v0", a);\ - Phi = asm ("umulh %a0, %a0, %v0", a); } -#else -#define MP_SQR_D(a, Phi, Plo) \ - { mp_digit Pmid; \ - Plo = (a & MP_HALF_DIGIT_MAX) * (a & MP_HALF_DIGIT_MAX); \ - Phi = (a >> MP_HALF_DIGIT_BIT) * (a >> MP_HALF_DIGIT_BIT); \ - Pmid = (a & MP_HALF_DIGIT_MAX) * (a >> MP_HALF_DIGIT_BIT); \ - Phi += Pmid >> (MP_HALF_DIGIT_BIT - 1); \ - Pmid <<= (MP_HALF_DIGIT_BIT + 1); \ - Plo += Pmid; \ - if (Plo < Pmid) \ - ++Phi; \ - } -#endif - -#if !defined(MP_ASSEMBLY_SQUARE) -/* Add the squares of the digits of a to the digits of b. */ -void s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps) -{ -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD) - mp_word w; - mp_digit d; - mp_size ix; - - w = 0; -#define ADD_SQUARE(n) \ - d = pa[n]; \ - w += (d * (mp_word)d) + ps[2*n]; \ - ps[2*n] = ACCUM(w); \ - w = (w >> DIGIT_BIT) + ps[2*n+1]; \ - ps[2*n+1] = ACCUM(w); \ - w = (w >> DIGIT_BIT) - - for (ix = a_len; ix >= 4; ix -= 4) { - ADD_SQUARE(0); - ADD_SQUARE(1); - ADD_SQUARE(2); - ADD_SQUARE(3); - pa += 4; - ps += 8; - } - if (ix) { - ps += 2*ix; - pa += ix; - switch (ix) { - case 3: ADD_SQUARE(-3); /* FALLTHRU */ - case 2: ADD_SQUARE(-2); /* FALLTHRU */ - case 1: ADD_SQUARE(-1); /* FALLTHRU */ - case 0: break; - } - } - while (w) { - w += *ps; - *ps++ = ACCUM(w); - w = (w >> DIGIT_BIT); - } -#else - mp_digit carry = 0; - while (a_len--) { - mp_digit a_i = *pa++; - mp_digit a0a0, a1a1; - - MP_SQR_D(a_i, a1a1, a0a0); - - /* here a1a1 and a0a0 constitute a_i ** 2 */ - a0a0 += carry; - if (a0a0 < carry) - ++a1a1; - - /* now add to ps */ - a0a0 += a_i = *ps; - if (a0a0 < a_i) - ++a1a1; - *ps++ = a0a0; - a1a1 += a_i = *ps; - carry = (a1a1 < a_i); - *ps++ = a1a1; - } - while (carry) { - mp_digit s_i = *ps; - carry += s_i; - *ps++ = carry; - carry = carry < s_i; - } -#endif -} -#endif - -#if (defined(MP_NO_MP_WORD) || defined(MP_NO_DIV_WORD)) \ -&& !defined(MP_ASSEMBLY_DIV_2DX1D) -/* -** Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized -** so its high bit is 1. This code is from NSPR. -*/ -mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor, - mp_digit *qp, mp_digit *rp) -{ - mp_digit d1, d0, q1, q0; - mp_digit r1, r0, m; - - d1 = divisor >> MP_HALF_DIGIT_BIT; - d0 = divisor & MP_HALF_DIGIT_MAX; - r1 = Nhi % d1; - q1 = Nhi / d1; - m = q1 * d0; - r1 = (r1 << MP_HALF_DIGIT_BIT) | (Nlo >> MP_HALF_DIGIT_BIT); - if (r1 < m) { - q1--, r1 += divisor; - if (r1 >= divisor && r1 < m) { - q1--, r1 += divisor; - } - } - r1 -= m; - r0 = r1 % d1; - q0 = r1 / d1; - m = q0 * d0; - r0 = (r0 << MP_HALF_DIGIT_BIT) | (Nlo & MP_HALF_DIGIT_MAX); - if (r0 < m) { - q0--, r0 += divisor; - if (r0 >= divisor && r0 < m) { - q0--, r0 += divisor; - } - } - if (qp) - *qp = (q1 << MP_HALF_DIGIT_BIT) | q0; - if (rp) - *rp = r0 - m; - return MP_OKAY; -} -#endif - -#if MP_SQUARE -/* {{{ s_mp_sqr(a) */ - -mp_err s_mp_sqr(mp_int *a) -{ - mp_err res; - mp_int tmp; - - if((res = mp_init_size(&tmp, 2 * USED(a))) != MP_OKAY) - return res; - res = mp_sqr(a, &tmp); - if (res == MP_OKAY) { - s_mp_exch(&tmp, a); - } - mp_clear(&tmp); - return res; -} - -/* }}} */ -#endif - -/* {{{ s_mp_div(a, b) */ - -/* - s_mp_div(a, b) - - Compute a = a / b and b = a mod b. Assumes b > a. - */ - -mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */ - mp_int *div, /* i: divisor */ - mp_int *quot) /* i: 0; o: quotient */ -{ - mp_int part, t; -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD) - mp_word q_msd; -#else - mp_digit q_msd; -#endif - mp_err res; - mp_digit d; - mp_digit div_msd; - int ix; - - if(mp_cmp_z(div) == 0) - return MP_RANGE; - - /* Shortcut if divisor is power of two */ - if((ix = s_mp_ispow2(div)) >= 0) { - MP_CHECKOK( mp_copy(rem, quot) ); - s_mp_div_2d(quot, (mp_digit)ix); - s_mp_mod_2d(rem, (mp_digit)ix); - - return MP_OKAY; - } - - DIGITS(&t) = 0; - MP_SIGN(rem) = ZPOS; - MP_SIGN(div) = ZPOS; - - /* A working temporary for division */ - MP_CHECKOK( mp_init_size(&t, MP_ALLOC(rem))); - - /* Normalize to optimize guessing */ - MP_CHECKOK( s_mp_norm(rem, div, &d) ); - - part = *rem; - - /* Perform the division itself...woo! */ - MP_USED(quot) = MP_ALLOC(quot); - - /* Find a partial substring of rem which is at least div */ - /* If we didn't find one, we're finished dividing */ - while (MP_USED(rem) > MP_USED(div) || s_mp_cmp(rem, div) >= 0) { - int i; - int unusedRem; - - unusedRem = MP_USED(rem) - MP_USED(div); - MP_DIGITS(&part) = MP_DIGITS(rem) + unusedRem; - MP_ALLOC(&part) = MP_ALLOC(rem) - unusedRem; - MP_USED(&part) = MP_USED(div); - if (s_mp_cmp(&part, div) < 0) { - -- unusedRem; -#if MP_ARGCHK == 2 - assert(unusedRem >= 0); -#endif - -- MP_DIGITS(&part); - ++ MP_USED(&part); - ++ MP_ALLOC(&part); - } - - /* Compute a guess for the next quotient digit */ - q_msd = MP_DIGIT(&part, MP_USED(&part) - 1); - div_msd = MP_DIGIT(div, MP_USED(div) - 1); - if (q_msd >= div_msd) { - q_msd = 1; - } else if (MP_USED(&part) > 1) { -#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD) - q_msd = (q_msd << MP_DIGIT_BIT) | MP_DIGIT(&part, MP_USED(&part) - 2); - q_msd /= div_msd; - if (q_msd == RADIX) - --q_msd; -#else - mp_digit r; - MP_CHECKOK( s_mpv_div_2dx1d(q_msd, MP_DIGIT(&part, MP_USED(&part) - 2), - div_msd, &q_msd, &r) ); -#endif - } else { - q_msd = 0; - } -#if MP_ARGCHK == 2 - assert(q_msd > 0); /* This case should never occur any more. */ -#endif - if (q_msd <= 0) - break; - - /* See what that multiplies out to */ - mp_copy(div, &t); - MP_CHECKOK( s_mp_mul_d(&t, (mp_digit)q_msd) ); - - /* - If it's too big, back it off. We should not have to do this - more than once, or, in rare cases, twice. Knuth describes a - method by which this could be reduced to a maximum of once, but - I didn't implement that here. - * When using s_mpv_div_2dx1d, we may have to do this 3 times. - */ - for (i = 4; s_mp_cmp(&t, &part) > 0 && i > 0; --i) { - --q_msd; - s_mp_sub(&t, div); /* t -= div */ - } - if (i < 0) { - res = MP_RANGE; - goto CLEANUP; - } - - /* At this point, q_msd should be the right next digit */ - MP_CHECKOK( s_mp_sub(&part, &t) ); /* part -= t */ - s_mp_clamp(rem); - - /* - Include the digit in the quotient. We allocated enough memory - for any quotient we could ever possibly get, so we should not - have to check for failures here - */ - MP_DIGIT(quot, unusedRem) = (mp_digit)q_msd; - } - - /* Denormalize remainder */ - if (d) { - s_mp_div_2d(rem, d); - } - - s_mp_clamp(quot); - -CLEANUP: - mp_clear(&t); - - return res; - -} /* end s_mp_div() */ - - -/* }}} */ - -/* {{{ s_mp_2expt(a, k) */ - -mp_err s_mp_2expt(mp_int *a, mp_digit k) -{ - mp_err res; - mp_size dig, bit; - - dig = k / DIGIT_BIT; - bit = k % DIGIT_BIT; - - mp_zero(a); - if((res = s_mp_pad(a, dig + 1)) != MP_OKAY) - return res; - - DIGIT(a, dig) |= ((mp_digit)1 << bit); - - return MP_OKAY; - -} /* end s_mp_2expt() */ - -/* }}} */ - -/* {{{ s_mp_reduce(x, m, mu) */ - -/* - Compute Barrett reduction, x (mod m), given a precomputed value for - mu = b^2k / m, where b = RADIX and k = #digits(m). This should be - faster than straight division, when many reductions by the same - value of m are required (such as in modular exponentiation). This - can nearly halve the time required to do modular exponentiation, - as compared to using the full integer divide to reduce. - - This algorithm was derived from the _Handbook of Applied - Cryptography_ by Menezes, Oorschot and VanStone, Ch. 14, - pp. 603-604. - */ - -mp_err s_mp_reduce(mp_int *x, const mp_int *m, const mp_int *mu) -{ - mp_int q; - mp_err res; - - if((res = mp_init_copy(&q, x)) != MP_OKAY) - return res; - - s_mp_rshd(&q, USED(m) - 1); /* q1 = x / b^(k-1) */ - s_mp_mul(&q, mu); /* q2 = q1 * mu */ - s_mp_rshd(&q, USED(m) + 1); /* q3 = q2 / b^(k+1) */ - - /* x = x mod b^(k+1), quick (no division) */ - s_mp_mod_2d(x, DIGIT_BIT * (USED(m) + 1)); - - /* q = q * m mod b^(k+1), quick (no division) */ - s_mp_mul(&q, m); - s_mp_mod_2d(&q, DIGIT_BIT * (USED(m) + 1)); - - /* x = x - q */ - if((res = mp_sub(x, &q, x)) != MP_OKAY) - goto CLEANUP; - - /* If x < 0, add b^(k+1) to it */ - if(mp_cmp_z(x) < 0) { - mp_set(&q, 1); - if((res = s_mp_lshd(&q, USED(m) + 1)) != MP_OKAY) - goto CLEANUP; - if((res = mp_add(x, &q, x)) != MP_OKAY) - goto CLEANUP; - } - - /* Back off if it's too big */ - while(mp_cmp(x, m) >= 0) { - if((res = s_mp_sub(x, m)) != MP_OKAY) - break; - } - - CLEANUP: - mp_clear(&q); - - return res; - -} /* end s_mp_reduce() */ - -/* }}} */ - -/* }}} */ - -/* {{{ Primitive comparisons */ - -/* {{{ s_mp_cmp(a, b) */ - -/* Compare |a| <=> |b|, return 0 if equal, <0 if a0 if a>b */ -int s_mp_cmp(const mp_int *a, const mp_int *b) -{ - mp_size used_a = MP_USED(a); - { - mp_size used_b = MP_USED(b); - - if (used_a > used_b) - goto IS_GT; - if (used_a < used_b) - goto IS_LT; - } - { - mp_digit *pa, *pb; - mp_digit da = 0, db = 0; - -#define CMP_AB(n) if ((da = pa[n]) != (db = pb[n])) goto done - - pa = MP_DIGITS(a) + used_a; - pb = MP_DIGITS(b) + used_a; - while (used_a >= 4) { - pa -= 4; - pb -= 4; - used_a -= 4; - CMP_AB(3); - CMP_AB(2); - CMP_AB(1); - CMP_AB(0); - } - while (used_a-- > 0 && ((da = *--pa) == (db = *--pb))) - /* do nothing */; -done: - if (da > db) - goto IS_GT; - if (da < db) - goto IS_LT; - } - return MP_EQ; -IS_LT: - return MP_LT; -IS_GT: - return MP_GT; -} /* end s_mp_cmp() */ - -/* }}} */ - -/* {{{ s_mp_cmp_d(a, d) */ - -/* Compare |a| <=> d, return 0 if equal, <0 if a0 if a>d */ -int s_mp_cmp_d(const mp_int *a, mp_digit d) -{ - if(USED(a) > 1) - return MP_GT; - - if(DIGIT(a, 0) < d) - return MP_LT; - else if(DIGIT(a, 0) > d) - return MP_GT; - else - return MP_EQ; - -} /* end s_mp_cmp_d() */ - -/* }}} */ - -/* {{{ s_mp_ispow2(v) */ - -/* - Returns -1 if the value is not a power of two; otherwise, it returns - k such that v = 2^k, i.e. lg(v). - */ -int s_mp_ispow2(const mp_int *v) -{ - mp_digit d; - int extra = 0, ix; - - ix = MP_USED(v) - 1; - d = MP_DIGIT(v, ix); /* most significant digit of v */ - - extra = s_mp_ispow2d(d); - if (extra < 0 || ix == 0) - return extra; - - while (--ix >= 0) { - if (DIGIT(v, ix) != 0) - return -1; /* not a power of two */ - extra += MP_DIGIT_BIT; - } - - return extra; - -} /* end s_mp_ispow2() */ - -/* }}} */ - -/* {{{ s_mp_ispow2d(d) */ - -int s_mp_ispow2d(mp_digit d) -{ - if ((d != 0) && ((d & (d-1)) == 0)) { /* d is a power of 2 */ - int pow = 0; -#if defined (MP_USE_UINT_DIGIT) - if (d & 0xffff0000U) - pow += 16; - if (d & 0xff00ff00U) - pow += 8; - if (d & 0xf0f0f0f0U) - pow += 4; - if (d & 0xccccccccU) - pow += 2; - if (d & 0xaaaaaaaaU) - pow += 1; -#elif defined(MP_USE_LONG_LONG_DIGIT) - if (d & 0xffffffff00000000ULL) - pow += 32; - if (d & 0xffff0000ffff0000ULL) - pow += 16; - if (d & 0xff00ff00ff00ff00ULL) - pow += 8; - if (d & 0xf0f0f0f0f0f0f0f0ULL) - pow += 4; - if (d & 0xccccccccccccccccULL) - pow += 2; - if (d & 0xaaaaaaaaaaaaaaaaULL) - pow += 1; -#elif defined(MP_USE_LONG_DIGIT) - if (d & 0xffffffff00000000UL) - pow += 32; - if (d & 0xffff0000ffff0000UL) - pow += 16; - if (d & 0xff00ff00ff00ff00UL) - pow += 8; - if (d & 0xf0f0f0f0f0f0f0f0UL) - pow += 4; - if (d & 0xccccccccccccccccUL) - pow += 2; - if (d & 0xaaaaaaaaaaaaaaaaUL) - pow += 1; -#else -#error "unknown type for mp_digit" -#endif - return pow; - } - return -1; - -} /* end s_mp_ispow2d() */ - -/* }}} */ - -/* }}} */ - -/* {{{ Primitive I/O helpers */ - -/* {{{ s_mp_tovalue(ch, r) */ - -/* - Convert the given character to its digit value, in the given radix. - If the given character is not understood in the given radix, -1 is - returned. Otherwise the digit's numeric value is returned. - - The results will be odd if you use a radix < 2 or > 62, you are - expected to know what you're up to. - */ -int s_mp_tovalue(char ch, int r) -{ - int val, xch; - - if(r > 36) - xch = ch; - else - xch = toupper(ch); - - if(isdigit(xch)) - val = xch - '0'; - else if(isupper(xch)) - val = xch - 'A' + 10; - else if(islower(xch)) - val = xch - 'a' + 36; - else if(xch == '+') - val = 62; - else if(xch == '/') - val = 63; - else - return -1; - - if(val < 0 || val >= r) - return -1; - - return val; - -} /* end s_mp_tovalue() */ - -/* }}} */ - -/* {{{ s_mp_todigit(val, r, low) */ - -/* - Convert val to a radix-r digit, if possible. If val is out of range - for r, returns zero. Otherwise, returns an ASCII character denoting - the value in the given radix. - - The results may be odd if you use a radix < 2 or > 64, you are - expected to know what you're doing. - */ - -char s_mp_todigit(mp_digit val, int r, int low) -{ - char ch; - - if(val >= r) - return 0; - - ch = s_dmap_1[val]; - - if(r <= 36 && low) - ch = tolower(ch); - - return ch; - -} /* end s_mp_todigit() */ - -/* }}} */ - -/* {{{ s_mp_outlen(bits, radix) */ - -/* - Return an estimate for how long a string is needed to hold a radix - r representation of a number with 'bits' significant bits, plus an - extra for a zero terminator (assuming C style strings here) - */ -int s_mp_outlen(int bits, int r) -{ - return (int)((double)bits * LOG_V_2(r) + 1.5) + 1; - -} /* end s_mp_outlen() */ - -/* }}} */ - -/* }}} */ - -/* {{{ mp_read_unsigned_octets(mp, str, len) */ -/* mp_read_unsigned_octets(mp, str, len) - Read in a raw value (base 256) into the given mp_int - No sign bit, number is positive. Leading zeros ignored. - */ - -mp_err -mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len) -{ - int count; - mp_err res; - mp_digit d; - - ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG); - - mp_zero(mp); - - count = len % sizeof(mp_digit); - if (count) { - for (d = 0; count-- > 0; --len) { - d = (d << 8) | *str++; - } - MP_DIGIT(mp, 0) = d; - } - - /* Read the rest of the digits */ - for(; len > 0; len -= sizeof(mp_digit)) { - for (d = 0, count = sizeof(mp_digit); count > 0; --count) { - d = (d << 8) | *str++; - } - if (MP_EQ == mp_cmp_z(mp)) { - if (!d) - continue; - } else { - if((res = s_mp_lshd(mp, 1)) != MP_OKAY) - return res; - } - MP_DIGIT(mp, 0) = d; - } - return MP_OKAY; -} /* end mp_read_unsigned_octets() */ -/* }}} */ - -/* {{{ mp_unsigned_octet_size(mp) */ -int -mp_unsigned_octet_size(const mp_int *mp) -{ - int bytes; - int ix; - mp_digit d = 0; - - ARGCHK(mp != NULL, MP_BADARG); - ARGCHK(MP_ZPOS == SIGN(mp), MP_BADARG); - - bytes = (USED(mp) * sizeof(mp_digit)); - - /* subtract leading zeros. */ - /* Iterate over each digit... */ - for(ix = USED(mp) - 1; ix >= 0; ix--) { - d = DIGIT(mp, ix); - if (d) - break; - bytes -= sizeof(d); - } - if (!bytes) - return 1; - - /* Have MSD, check digit bytes, high order first */ - for(ix = sizeof(mp_digit) - 1; ix >= 0; ix--) { - unsigned char x = (unsigned char)(d >> (ix * CHAR_BIT)); - if (x) - break; - --bytes; - } - return bytes; -} /* end mp_unsigned_octet_size() */ -/* }}} */ - -/* {{{ mp_to_unsigned_octets(mp, str) */ -/* output a buffer of big endian octets no longer than specified. */ -mp_err -mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) -{ - int ix, pos = 0; - int bytes; - - ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); - - bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes <= maxlen, MP_BADARG); - - /* Iterate over each digit... */ - for(ix = USED(mp) - 1; ix >= 0; ix--) { - mp_digit d = DIGIT(mp, ix); - int jx; - - /* Unpack digit bytes, high order first */ - for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) { - unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT)); - if (!pos && !x) /* suppress leading zeros */ - continue; - str[pos++] = x; - } - } - return pos; -} /* end mp_to_unsigned_octets() */ -/* }}} */ - -/* {{{ mp_to_signed_octets(mp, str) */ -/* output a buffer of big endian octets no longer than specified. */ -mp_err -mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) -{ - int ix, pos = 0; - int bytes; - - ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); - - bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes <= maxlen, MP_BADARG); - - /* Iterate over each digit... */ - for(ix = USED(mp) - 1; ix >= 0; ix--) { - mp_digit d = DIGIT(mp, ix); - int jx; - - /* Unpack digit bytes, high order first */ - for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) { - unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT)); - if (!pos) { - if (!x) /* suppress leading zeros */ - continue; - if (x & 0x80) { /* add one leading zero to make output positive. */ - ARGCHK(bytes + 1 <= maxlen, MP_BADARG); - if (bytes + 1 > maxlen) - return MP_BADARG; - str[pos++] = 0; - } - } - str[pos++] = x; - } - } - return pos; -} /* end mp_to_signed_octets() */ -/* }}} */ - -/* {{{ mp_to_fixlen_octets(mp, str) */ -/* output a buffer of big endian octets exactly as long as requested. */ -mp_err -mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length) -{ - int ix, pos = 0; - int bytes; - - ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); - - bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes <= length, MP_BADARG); - - /* place any needed leading zeros */ - for (;length > bytes; --length) { - *str++ = 0; - } - - /* Iterate over each digit... */ - for(ix = USED(mp) - 1; ix >= 0; ix--) { - mp_digit d = DIGIT(mp, ix); - int jx; - - /* Unpack digit bytes, high order first */ - for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) { - unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT)); - if (!pos && !x) /* suppress leading zeros */ - continue; - str[pos++] = x; - } - } - return MP_OKAY; -} /* end mp_to_fixlen_octets() */ -/* }}} */ - - -/*------------------------------------------------------------------------*/ -/* HERE THERE BE DRAGONS */ diff --git a/security/nss/lib/freebl/mpi/mpi.h b/security/nss/lib/freebl/mpi/mpi.h deleted file mode 100644 index a587c0a76..000000000 --- a/security/nss/lib/freebl/mpi/mpi.h +++ /dev/null @@ -1,334 +0,0 @@ -/* - * mpi.h - * - * Arbitrary precision integer arithmetic library - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * Netscape Communications Corporation - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#ifndef _H_MPI_ -#define _H_MPI_ - -#include "mpi-config.h" - -#if MP_DEBUG -#undef MP_IOFUNC -#define MP_IOFUNC 1 -#endif - -#if MP_IOFUNC -#include -#include -#endif - -#include - -#if defined(BSDI) -#undef ULLONG_MAX -#endif - -#if defined( macintosh ) -#include -#elif defined( _WIN32_WCE) -/* #include What do we need here ?? */ -#else -#include -#endif - -#define MP_NEG 1 -#define MP_ZPOS 0 - -#define MP_OKAY 0 /* no error, all is well */ -#define MP_YES 0 /* yes (boolean result) */ -#define MP_NO -1 /* no (boolean result) */ -#define MP_MEM -2 /* out of memory */ -#define MP_RANGE -3 /* argument out of range */ -#define MP_BADARG -4 /* invalid parameter */ -#define MP_UNDEF -5 /* answer is undefined */ -#define MP_LAST_CODE MP_UNDEF - -typedef unsigned int mp_sign; -typedef unsigned int mp_size; -typedef int mp_err; - -#define MP_32BIT_MAX 4294967295U - -#if !defined(ULONG_MAX) -#error "ULONG_MAX not defined" -#elif !defined(UINT_MAX) -#error "UINT_MAX not defined" -#elif !defined(USHRT_MAX) -#error "USHRT_MAX not defined" -#endif - -#if defined(ULONG_LONG_MAX) /* GCC, HPUX */ -#define MP_ULONG_LONG_MAX ULONG_LONG_MAX -#elif defined(ULLONG_MAX) /* Solaris */ -#define MP_ULONG_LONG_MAX ULLONG_MAX -/* MP_ULONG_LONG_MAX was defined to be ULLONG_MAX */ -#elif defined(ULONGLONG_MAX) /* IRIX, AIX */ -#define MP_ULONG_LONG_MAX ULONGLONG_MAX -#endif - -/* We only use unsigned long for mp_digit iff long is more than 32 bits. */ -#if !defined(MP_USE_UINT_DIGIT) && ULONG_MAX > MP_32BIT_MAX -typedef unsigned long mp_digit; -#define MP_DIGIT_MAX ULONG_MAX -#define MP_DIGIT_FMT "%016lX" /* printf() format for 1 digit */ -#define MP_HALF_DIGIT_MAX UINT_MAX -#undef MP_NO_MP_WORD -#define MP_NO_MP_WORD 1 -#undef MP_USE_LONG_DIGIT -#define MP_USE_LONG_DIGIT 1 -#undef MP_USE_LONG_LONG_DIGIT - -#elif !defined(MP_USE_UINT_DIGIT) && defined(MP_ULONG_LONG_MAX) -typedef unsigned long long mp_digit; -#define MP_DIGIT_MAX MP_ULONG_LONG_MAX -#define MP_DIGIT_FMT "%016llX" /* printf() format for 1 digit */ -#define MP_HALF_DIGIT_MAX UINT_MAX -#undef MP_NO_MP_WORD -#define MP_NO_MP_WORD 1 -#undef MP_USE_LONG_LONG_DIGIT -#define MP_USE_LONG_LONG_DIGIT 1 -#undef MP_USE_LONG_DIGIT - -#else -typedef unsigned int mp_digit; -#define MP_DIGIT_MAX UINT_MAX -#define MP_DIGIT_FMT "%08X" /* printf() format for 1 digit */ -#define MP_HALF_DIGIT_MAX USHRT_MAX -#undef MP_USE_UINT_DIGIT -#define MP_USE_UINT_DIGIT 1 -#undef MP_USE_LONG_LONG_DIGIT -#undef MP_USE_LONG_DIGIT -#endif - -#if !defined(MP_NO_MP_WORD) -#if defined(MP_USE_UINT_DIGIT) && \ - (defined(MP_ULONG_LONG_MAX) || (ULONG_MAX > UINT_MAX)) - -#if (ULONG_MAX > UINT_MAX) -typedef unsigned long mp_word; -typedef long mp_sword; -#define MP_WORD_MAX ULONG_MAX - -#else -typedef unsigned long long mp_word; -typedef long long mp_sword; -#define MP_WORD_MAX MP_ULONG_LONG_MAX -#endif - -#else -#define MP_NO_MP_WORD 1 -#endif -#endif /* !defined(MP_NO_MP_WORD) */ - -#if !defined(MP_WORD_MAX) && defined(MP_DEFINE_SMALL_WORD) -typedef unsigned int mp_word; -typedef int mp_sword; -#define MP_WORD_MAX UINT_MAX -#endif - -#define MP_DIGIT_BIT (CHAR_BIT*sizeof(mp_digit)) -#define MP_WORD_BIT (CHAR_BIT*sizeof(mp_word)) -#define MP_RADIX (1+(mp_word)MP_DIGIT_MAX) - -#define MP_HALF_DIGIT_BIT (MP_DIGIT_BIT/2) -#define MP_HALF_RADIX (1+(mp_digit)MP_HALF_DIGIT_MAX) -/* MP_HALF_RADIX really ought to be called MP_SQRT_RADIX, but it's named -** MP_HALF_RADIX because it's the radix for MP_HALF_DIGITs, and it's -** consistent with the other _HALF_ names. -*/ - - -/* Macros for accessing the mp_int internals */ -#define MP_SIGN(MP) ((MP)->sign) -#define MP_USED(MP) ((MP)->used) -#define MP_ALLOC(MP) ((MP)->alloc) -#define MP_DIGITS(MP) ((MP)->dp) -#define MP_DIGIT(MP,N) (MP)->dp[(N)] - -/* This defines the maximum I/O base (minimum is 2) */ -#define MP_MAX_RADIX 64 - -typedef struct { - mp_sign sign; /* sign of this quantity */ - mp_size alloc; /* how many digits allocated */ - mp_size used; /* how many digits used */ - mp_digit *dp; /* the digits themselves */ -} mp_int; - -/* Default precision */ -mp_size mp_get_prec(void); -void mp_set_prec(mp_size prec); - -/* Memory management */ -mp_err mp_init(mp_int *mp); -mp_err mp_init_size(mp_int *mp, mp_size prec); -mp_err mp_init_copy(mp_int *mp, const mp_int *from); -mp_err mp_copy(const mp_int *from, mp_int *to); -void mp_exch(mp_int *mp1, mp_int *mp2); -void mp_clear(mp_int *mp); -void mp_zero(mp_int *mp); -void mp_set(mp_int *mp, mp_digit d); -mp_err mp_set_int(mp_int *mp, long z); -#define mp_set_long(mp,z) mp_set_int(mp,z) -mp_err mp_set_ulong(mp_int *mp, unsigned long z); - -/* Single digit arithmetic */ -mp_err mp_add_d(const mp_int *a, mp_digit d, mp_int *b); -mp_err mp_sub_d(const mp_int *a, mp_digit d, mp_int *b); -mp_err mp_mul_d(const mp_int *a, mp_digit d, mp_int *b); -mp_err mp_mul_2(const mp_int *a, mp_int *c); -mp_err mp_div_d(const mp_int *a, mp_digit d, mp_int *q, mp_digit *r); -mp_err mp_div_2(const mp_int *a, mp_int *c); -mp_err mp_expt_d(const mp_int *a, mp_digit d, mp_int *c); - -/* Sign manipulations */ -mp_err mp_abs(const mp_int *a, mp_int *b); -mp_err mp_neg(const mp_int *a, mp_int *b); - -/* Full arithmetic */ -mp_err mp_add(const mp_int *a, const mp_int *b, mp_int *c); -mp_err mp_sub(const mp_int *a, const mp_int *b, mp_int *c); -mp_err mp_mul(const mp_int *a, const mp_int *b, mp_int *c); -#if MP_SQUARE -mp_err mp_sqr(const mp_int *a, mp_int *b); -#else -#define mp_sqr(a, b) mp_mul(a, a, b) -#endif -mp_err mp_div(const mp_int *a, const mp_int *b, mp_int *q, mp_int *r); -mp_err mp_div_2d(const mp_int *a, mp_digit d, mp_int *q, mp_int *r); -mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c); -mp_err mp_2expt(mp_int *a, mp_digit k); -mp_err mp_sqrt(const mp_int *a, mp_int *b); - -/* Modular arithmetic */ -#if MP_MODARITH -mp_err mp_mod(const mp_int *a, const mp_int *m, mp_int *c); -mp_err mp_mod_d(const mp_int *a, mp_digit d, mp_digit *c); -mp_err mp_addmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c); -mp_err mp_submod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c); -mp_err mp_mulmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c); -#if MP_SQUARE -mp_err mp_sqrmod(const mp_int *a, const mp_int *m, mp_int *c); -#else -#define mp_sqrmod(a, m, c) mp_mulmod(a, a, m, c) -#endif -mp_err mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c); -mp_err mp_exptmod_d(const mp_int *a, mp_digit d, const mp_int *m, mp_int *c); -#endif /* MP_MODARITH */ - -/* Comparisons */ -int mp_cmp_z(const mp_int *a); -int mp_cmp_d(const mp_int *a, mp_digit d); -int mp_cmp(const mp_int *a, const mp_int *b); -int mp_cmp_mag(mp_int *a, mp_int *b); -int mp_cmp_int(const mp_int *a, long z); -int mp_isodd(const mp_int *a); -int mp_iseven(const mp_int *a); - -/* Number theoretic */ -#if MP_NUMTH -mp_err mp_gcd(mp_int *a, mp_int *b, mp_int *c); -mp_err mp_lcm(mp_int *a, mp_int *b, mp_int *c); -mp_err mp_xgcd(const mp_int *a, const mp_int *b, mp_int *g, mp_int *x, mp_int *y); -mp_err mp_invmod(const mp_int *a, const mp_int *m, mp_int *c); -mp_err mp_invmod_xgcd(const mp_int *a, const mp_int *m, mp_int *c); -#endif /* end MP_NUMTH */ - -/* Input and output */ -#if MP_IOFUNC -void mp_print(mp_int *mp, FILE *ofp); -#endif /* end MP_IOFUNC */ - -/* Base conversion */ -mp_err mp_read_raw(mp_int *mp, char *str, int len); -int mp_raw_size(mp_int *mp); -mp_err mp_toraw(mp_int *mp, char *str); -mp_err mp_read_radix(mp_int *mp, const char *str, int radix); -mp_err mp_read_variable_radix(mp_int *a, const char * str, int default_radix); -int mp_radix_size(mp_int *mp, int radix); -mp_err mp_toradix(mp_int *mp, char *str, int radix); -int mp_tovalue(char ch, int r); - -#define mp_tobinary(M, S) mp_toradix((M), (S), 2) -#define mp_tooctal(M, S) mp_toradix((M), (S), 8) -#define mp_todecimal(M, S) mp_toradix((M), (S), 10) -#define mp_tohex(M, S) mp_toradix((M), (S), 16) - -/* Error strings */ -const char *mp_strerror(mp_err ec); - -/* Octet string conversion functions */ -mp_err mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len); -int mp_unsigned_octet_size(const mp_int *mp); -mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen); -mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen); -mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size len); - -/* Miscellaneous */ -mp_size mp_trailing_zeros(const mp_int *mp); - -#define MP_CHECKOK(x) if (MP_OKAY > (res = (x))) goto CLEANUP -#define MP_CHECKERR(x) if (MP_OKAY > (res = (x))) goto CLEANUP - -#if defined(MP_API_COMPATIBLE) -#define NEG MP_NEG -#define ZPOS MP_ZPOS -#define DIGIT_MAX MP_DIGIT_MAX -#define DIGIT_BIT MP_DIGIT_BIT -#define DIGIT_FMT MP_DIGIT_FMT -#define RADIX MP_RADIX -#define MAX_RADIX MP_MAX_RADIX -#define SIGN(MP) MP_SIGN(MP) -#define USED(MP) MP_USED(MP) -#define ALLOC(MP) MP_ALLOC(MP) -#define DIGITS(MP) MP_DIGITS(MP) -#define DIGIT(MP,N) MP_DIGIT(MP,N) - -#if MP_ARGCHK == 1 -#define ARGCHK(X,Y) {if(!(X)){return (Y);}} -#elif MP_ARGCHK == 2 -#include -#define ARGCHK(X,Y) assert(X) -#else -#define ARGCHK(X,Y) /* */ -#endif -#endif /* defined MP_API_COMPATIBLE */ - -#endif /* end _H_MPI_ */ diff --git a/security/nss/lib/freebl/mpi/mpi_hp.c b/security/nss/lib/freebl/mpi/mpi_hp.c deleted file mode 100644 index e30630c19..000000000 --- a/security/nss/lib/freebl/mpi/mpi_hp.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * $Id$ - */ - -/* This file contains routines that perform vector multiplication. */ - -#include "mpi-priv.h" -#include - -#include -/* #include */ -#include - -extern void multacc512( - int length, /* doublewords in multiplicand vector. */ - const mp_digit *scalaraddr, /* Address of scalar. */ - const mp_digit *multiplicand, /* The multiplicand vector. */ - mp_digit * result); /* Where to accumulate the result. */ - -extern void maxpy_little( - int length, /* doublewords in multiplicand vector. */ - const mp_digit *scalaraddr, /* Address of scalar. */ - const mp_digit *multiplicand, /* The multiplicand vector. */ - mp_digit * result); /* Where to accumulate the result. */ - -extern void add_diag_little( - int length, /* doublewords in input vector. */ - const mp_digit *root, /* The vector to square. */ - mp_digit * result); /* Where to accumulate the result. */ - -void -s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps) -{ - add_diag_little(a_len, pa, ps); -} - -#define MAX_STACK_DIGITS 258 -#define MULTACC512_LEN (512 / MP_DIGIT_BIT) -#define HP_MPY_ADD_FN (a_len == MULTACC512_LEN ? multacc512 : maxpy_little) - -/* c = a * b */ -void -s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ - mp_digit x[MAX_STACK_DIGITS]; - mp_digit *px = x; - size_t xSize = 0; - - if (a == c) { - if (a_len > MAX_STACK_DIGITS) { - xSize = sizeof(mp_digit) * (a_len + 2); - px = malloc(xSize); - if (!px) - return; - } - memcpy(px, a, a_len * sizeof(*a)); - a = px; - } - s_mp_setz(c, a_len + 1); - HP_MPY_ADD_FN(a_len, &b, a, c); - if (px != x && px) { - memset(px, 0, xSize); - free(px); - } -} - -/* c += a * b, where a is a_len words long. */ -void -s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ - c[a_len] = 0; /* so carry propagation stops here. */ - HP_MPY_ADD_FN(a_len, &b, a, c); -} - -/* c += a * b, where a is y words long. */ -void -s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, - mp_digit *c) -{ - HP_MPY_ADD_FN(a_len, &b, a, c); -} - diff --git a/security/nss/lib/freebl/mpi/mpi_i86pc.s b/security/nss/lib/freebl/mpi/mpi_i86pc.s deleted file mode 100644 index f6c167b1a..000000000 --- a/security/nss/lib/freebl/mpi/mpi_i86pc.s +++ /dev/null @@ -1,342 +0,0 @@ - / - / The contents of this file are subject to the Mozilla Public - / License Version 1.1 (the "License"); you may not use this file - / except in compliance with the License. You may obtain a copy of - / the License at http://www.mozilla.org/MPL/ - / - / Software distributed under the License is distributed on an "AS - / IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - / implied. See the License for the specific language governing - / rights and limitations under the License. - / - / The Original Code is the Netscape security libraries. - / - / The Initial Developer of the Original Code is Netscape - / Communications Corporation. Portions created by Netscape are - / Copyright (C) 2001 Netscape Communications Corporation. All - / Rights Reserved. - / - / Contributor(s): - / - / Alternatively, the contents of this file may be used under the - / terms of the GNU General Public License Version 2 or later (the - / "GPL"), in which case the provisions of the GPL are applicable - / instead of those above. If you wish to allow use of your - / version of this file only under the terms of the GPL and not to - / allow others to use your version of this file under the MPL, - / indicate your decision by deleting the provisions above and - / replace them with the notice and other provisions required by - / the GPL. If you do not delete the provisions above, a recipient - / may use your version of this file under either the MPL or the - / GPL. - / $Id$ - / - -.text - - / ebp - 36: caller's esi - / ebp - 32: caller's edi - / ebp - 28: - / ebp - 24: - / ebp - 20: - / ebp - 16: - / ebp - 12: - / ebp - 8: - / ebp - 4: - / ebp + 0: caller's ebp - / ebp + 4: return address - / ebp + 8: a argument - / ebp + 12: a_len argument - / ebp + 16: b argument - / ebp + 20: c argument - / registers: - / eax: - / ebx: carry - / ecx: a_len - / edx: - / esi: a ptr - / edi: c ptr -.globl s_mpv_mul_d -.type s_mpv_mul_d,@function -s_mpv_mul_d: - push %ebp - mov %esp,%ebp - sub $28,%esp - push %edi - push %esi - push %ebx - movl $0,%ebx / carry = 0 - mov 12(%ebp),%ecx / ecx = a_len - mov 20(%ebp),%edi - cmp $0,%ecx - je L2 / jmp if a_len == 0 - mov 8(%ebp),%esi / esi = a - cld -L1: - lodsl / eax = [ds:esi]; esi += 4 - mov 16(%ebp),%edx / edx = b - mull %edx / edx:eax = Phi:Plo = a_i * b - - add %ebx,%eax / add carry (%ebx) to edx:eax - adc $0,%edx - mov %edx,%ebx / high half of product becomes next carry - - stosl / [es:edi] = ax; edi += 4; - dec %ecx / --a_len - jnz L1 / jmp if a_len != 0 -L2: - mov %ebx,0(%edi) / *c = carry - pop %ebx - pop %esi - pop %edi - leave - ret - nop - - / ebp - 36: caller's esi - / ebp - 32: caller's edi - / ebp - 28: - / ebp - 24: - / ebp - 20: - / ebp - 16: - / ebp - 12: - / ebp - 8: - / ebp - 4: - / ebp + 0: caller's ebp - / ebp + 4: return address - / ebp + 8: a argument - / ebp + 12: a_len argument - / ebp + 16: b argument - / ebp + 20: c argument - / registers: - / eax: - / ebx: carry - / ecx: a_len - / edx: - / esi: a ptr - / edi: c ptr -.globl s_mpv_mul_d_add -.type s_mpv_mul_d_add,@function -s_mpv_mul_d_add: - push %ebp - mov %esp,%ebp - sub $28,%esp - push %edi - push %esi - push %ebx - movl $0,%ebx / carry = 0 - mov 12(%ebp),%ecx / ecx = a_len - mov 20(%ebp),%edi - cmp $0,%ecx - je L4 / jmp if a_len == 0 - mov 8(%ebp),%esi / esi = a - cld -L3: - lodsl / eax = [ds:esi]; esi += 4 - mov 16(%ebp),%edx / edx = b - mull %edx / edx:eax = Phi:Plo = a_i * b - - add %ebx,%eax / add carry (%ebx) to edx:eax - adc $0,%edx - mov 0(%edi),%ebx / add in current word from *c - add %ebx,%eax - adc $0,%edx - mov %edx,%ebx / high half of product becomes next carry - - stosl / [es:edi] = ax; edi += 4; - dec %ecx / --a_len - jnz L3 / jmp if a_len != 0 -L4: - mov %ebx,0(%edi) / *c = carry - pop %ebx - pop %esi - pop %edi - leave - ret - nop - - / ebp - 36: caller's esi - / ebp - 32: caller's edi - / ebp - 28: - / ebp - 24: - / ebp - 20: - / ebp - 16: - / ebp - 12: - / ebp - 8: - / ebp - 4: - / ebp + 0: caller's ebp - / ebp + 4: return address - / ebp + 8: a argument - / ebp + 12: a_len argument - / ebp + 16: b argument - / ebp + 20: c argument - / registers: - / eax: - / ebx: carry - / ecx: a_len - / edx: - / esi: a ptr - / edi: c ptr -.globl s_mpv_mul_d_add_prop -.type s_mpv_mul_d_add_prop,@function -s_mpv_mul_d_add_prop: - push %ebp - mov %esp,%ebp - sub $28,%esp - push %edi - push %esi - push %ebx - movl $0,%ebx / carry = 0 - mov 12(%ebp),%ecx / ecx = a_len - mov 20(%ebp),%edi - cmp $0,%ecx - je L6 / jmp if a_len == 0 - cld - mov 8(%ebp),%esi / esi = a -L5: - lodsl / eax = [ds:esi]; esi += 4 - mov 16(%ebp),%edx / edx = b - mull %edx / edx:eax = Phi:Plo = a_i * b - - add %ebx,%eax / add carry (%ebx) to edx:eax - adc $0,%edx - mov 0(%edi),%ebx / add in current word from *c - add %ebx,%eax - adc $0,%edx - mov %edx,%ebx / high half of product becomes next carry - - stosl / [es:edi] = ax; edi += 4; - dec %ecx / --a_len - jnz L5 / jmp if a_len != 0 -L6: - cmp $0,%ebx / is carry zero? - jz L8 - mov 0(%edi),%eax / add in current word from *c - add %ebx,%eax - stosl / [es:edi] = ax; edi += 4; - jnc L8 -L7: - mov 0(%edi),%eax / add in current word from *c - adc $0,%eax - stosl / [es:edi] = ax; edi += 4; - jc L7 -L8: - pop %ebx - pop %esi - pop %edi - leave - ret - nop - - / ebp - 20: caller's esi - / ebp - 16: caller's edi - / ebp - 12: - / ebp - 8: carry - / ebp - 4: a_len local - / ebp + 0: caller's ebp - / ebp + 4: return address - / ebp + 8: pa argument - / ebp + 12: a_len argument - / ebp + 16: ps argument - / ebp + 20: - / registers: - / eax: - / ebx: carry - / ecx: a_len - / edx: - / esi: a ptr - / edi: c ptr - -.globl s_mpv_sqr_add_prop -.type s_mpv_sqr_add_prop,@function -s_mpv_sqr_add_prop: - push %ebp - mov %esp,%ebp - sub $12,%esp - push %edi - push %esi - push %ebx - movl $0,%ebx / carry = 0 - mov 12(%ebp),%ecx / a_len - mov 16(%ebp),%edi / edi = ps - cmp $0,%ecx - je L11 / jump if a_len == 0 - cld - mov 8(%ebp),%esi / esi = pa -L10: - lodsl / %eax = [ds:si]; si += 4; - mull %eax - - add %ebx,%eax / add "carry" - adc $0,%edx - mov 0(%edi),%ebx - add %ebx,%eax / add low word from result - mov 4(%edi),%ebx - stosl / [es:di] = %eax; di += 4; - adc %ebx,%edx / add high word from result - movl $0,%ebx - mov %edx,%eax - adc $0,%ebx - stosl / [es:di] = %eax; di += 4; - dec %ecx / --a_len - jnz L10 / jmp if a_len != 0 -L11: - cmp $0,%ebx / is carry zero? - jz L14 - mov 0(%edi),%eax / add in current word from *c - add %ebx,%eax - stosl / [es:edi] = ax; edi += 4; - jnc L14 -L12: - mov 0(%edi),%eax / add in current word from *c - adc $0,%eax - stosl / [es:edi] = ax; edi += 4; - jc L12 -L14: - pop %ebx - pop %esi - pop %edi - leave - ret - nop - - / - / Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized - / so its high bit is 1. This code is from NSPR. - / - / mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor, - / mp_digit *qp, mp_digit *rp) - - / esp + 0: Caller's ebx - / esp + 4: return address - / esp + 8: Nhi argument - / esp + 12: Nlo argument - / esp + 16: divisor argument - / esp + 20: qp argument - / esp + 24: rp argument - / registers: - / eax: - / ebx: carry - / ecx: a_len - / edx: - / esi: a ptr - / edi: c ptr - / - -.globl s_mpv_div_2dx1d -.type s_mpv_div_2dx1d,@function -s_mpv_div_2dx1d: - push %ebx - mov 8(%esp),%edx - mov 12(%esp),%eax - mov 16(%esp),%ebx - div %ebx - mov 20(%esp),%ebx - mov %eax,0(%ebx) - mov 24(%esp),%ebx - mov %edx,0(%ebx) - xor %eax,%eax / return zero - pop %ebx - ret - nop - diff --git a/security/nss/lib/freebl/mpi/mpi_mips.s b/security/nss/lib/freebl/mpi/mpi_mips.s deleted file mode 100644 index bb846ee57..000000000 --- a/security/nss/lib/freebl/mpi/mpi_mips.s +++ /dev/null @@ -1,502 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * $Id$ - */ -#include - .set noreorder - .set noat - - .section .text, 1, 0x00000006, 4, 4 -.text: - .section .text - - .ent s_mpv_mul_d_add - .globl s_mpv_mul_d_add - -s_mpv_mul_d_add: - #/* c += a * b */ - #void s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, - # mp_digit *c) - #{ - # mp_digit a0, a1; regs a4, a5 - # mp_digit c0, c1; regs a6, a7 - # mp_digit cy = 0; reg t2 - # mp_word w0, w1; regs t0, t1 - # - # if (a_len) { - beq a1,zero,.L.1 - move t2,zero # cy = 0 - dsll32 a2,a2,0 # "b" is sometimes negative (?!?!) - dsrl32 a2,a2,0 # This clears the upper 32 bits. - # a0 = a[0]; - lwu a4,0(a0) - # w0 = ((mp_word)b * a0); - dmultu a2,a4 - # if (--a_len) { - addiu a1,a1,-1 - beq a1,zero,.L.2 - # while (a_len >= 2) { - sltiu t3,a1,2 - bne t3,zero,.L.3 - # a1 = a[1]; - lwu a5,4(a0) -.L.4: - # a_len -= 2; - addiu a1,a1,-2 - # c0 = c[0]; - lwu a6,0(a3) - # w0 += cy; - mflo t0 - daddu t0,t0,t2 - # w0 += c0; - daddu t0,t0,a6 - # w1 = (mp_word)b * a1; - dmultu a2,a5 # - # cy = CARRYOUT(w0); - dsrl32 t2,t0,0 - # c[0] = ACCUM(w0); - sw t0,0(a3) - # a0 = a[2]; - lwu a4,8(a0) - # a += 2; - addiu a0,a0,8 - # c1 = c[1]; - lwu a7,4(a3) - # w1 += cy; - mflo t1 - daddu t1,t1,t2 - # w1 += c1; - daddu t1,t1,a7 - # w0 = (mp_word)b * a0; - dmultu a2,a4 # - # cy = CARRYOUT(w1); - dsrl32 t2,t1,0 - # c[1] = ACCUM(w1); - sw t1,4(a3) - # c += 2; - addiu a3,a3,8 - sltiu t3,a1,2 - beq t3,zero,.L.4 - # a1 = a[1]; - lwu a5,4(a0) - # } -.L.3: - # c0 = c[0]; - lwu a6,0(a3) - # w0 += cy; - # if (a_len) { - mflo t0 - beq a1,zero,.L.5 - daddu t0,t0,t2 - # w1 = (mp_word)b * a1; - dmultu a2,a5 - # w0 += c0; - daddu t0,t0,a6 # - # cy = CARRYOUT(w0); - dsrl32 t2,t0,0 - # c[0] = ACCUM(w0); - sw t0,0(a3) - # c1 = c[1]; - lwu a7,4(a3) - # w1 += cy; - mflo t1 - daddu t1,t1,t2 - # w1 += c1; - daddu t1,t1,a7 - # c[1] = ACCUM(w1); - sw t1,4(a3) - # cy = CARRYOUT(w1); - dsrl32 t2,t1,0 - # c += 1; - b .L.6 - addiu a3,a3,4 - # } else { -.L.5: - # w0 += c0; - daddu t0,t0,a6 - # c[0] = ACCUM(w0); - sw t0,0(a3) - # cy = CARRYOUT(w0); - b .L.6 - dsrl32 t2,t0,0 - # } - # } else { -.L.2: - # c0 = c[0]; - lwu a6,0(a3) - # w0 += c0; - mflo t0 - daddu t0,t0,a6 - # c[0] = ACCUM(w0); - sw t0,0(a3) - # cy = CARRYOUT(w0); - dsrl32 t2,t0,0 - # } -.L.6: - # c[1] = cy; - jr ra - sw t2,4(a3) - # } -.L.1: - jr ra - nop - #} - # - .end s_mpv_mul_d_add - - .ent s_mpv_mul_d_add_prop - .globl s_mpv_mul_d_add_prop - -s_mpv_mul_d_add_prop: - #/* c += a * b */ - #void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, - # mp_digit *c) - #{ - # mp_digit a0, a1; regs a4, a5 - # mp_digit c0, c1; regs a6, a7 - # mp_digit cy = 0; reg t2 - # mp_word w0, w1; regs t0, t1 - # - # if (a_len) { - beq a1,zero,.M.1 - move t2,zero # cy = 0 - dsll32 a2,a2,0 # "b" is sometimes negative (?!?!) - dsrl32 a2,a2,0 # This clears the upper 32 bits. - # a0 = a[0]; - lwu a4,0(a0) - # w0 = ((mp_word)b * a0); - dmultu a2,a4 - # if (--a_len) { - addiu a1,a1,-1 - beq a1,zero,.M.2 - # while (a_len >= 2) { - sltiu t3,a1,2 - bne t3,zero,.M.3 - # a1 = a[1]; - lwu a5,4(a0) -.M.4: - # a_len -= 2; - addiu a1,a1,-2 - # c0 = c[0]; - lwu a6,0(a3) - # w0 += cy; - mflo t0 - daddu t0,t0,t2 - # w0 += c0; - daddu t0,t0,a6 - # w1 = (mp_word)b * a1; - dmultu a2,a5 # - # cy = CARRYOUT(w0); - dsrl32 t2,t0,0 - # c[0] = ACCUM(w0); - sw t0,0(a3) - # a0 = a[2]; - lwu a4,8(a0) - # a += 2; - addiu a0,a0,8 - # c1 = c[1]; - lwu a7,4(a3) - # w1 += cy; - mflo t1 - daddu t1,t1,t2 - # w1 += c1; - daddu t1,t1,a7 - # w0 = (mp_word)b * a0; - dmultu a2,a4 # - # cy = CARRYOUT(w1); - dsrl32 t2,t1,0 - # c[1] = ACCUM(w1); - sw t1,4(a3) - # c += 2; - addiu a3,a3,8 - sltiu t3,a1,2 - beq t3,zero,.M.4 - # a1 = a[1]; - lwu a5,4(a0) - # } -.M.3: - # c0 = c[0]; - lwu a6,0(a3) - # w0 += cy; - # if (a_len) { - mflo t0 - beq a1,zero,.M.5 - daddu t0,t0,t2 - # w1 = (mp_word)b * a1; - dmultu a2,a5 - # w0 += c0; - daddu t0,t0,a6 # - # cy = CARRYOUT(w0); - dsrl32 t2,t0,0 - # c[0] = ACCUM(w0); - sw t0,0(a3) - # c1 = c[1]; - lwu a7,4(a3) - # w1 += cy; - mflo t1 - daddu t1,t1,t2 - # w1 += c1; - daddu t1,t1,a7 - # c[1] = ACCUM(w1); - sw t1,4(a3) - # cy = CARRYOUT(w1); - dsrl32 t2,t1,0 - # c += 1; - b .M.6 - addiu a3,a3,8 - # } else { -.M.5: - # w0 += c0; - daddu t0,t0,a6 - # c[0] = ACCUM(w0); - sw t0,0(a3) - # cy = CARRYOUT(w0); - dsrl32 t2,t0,0 - b .M.6 - addiu a3,a3,4 - # } - # } else { -.M.2: - # c0 = c[0]; - lwu a6,0(a3) - # w0 += c0; - mflo t0 - daddu t0,t0,a6 - # c[0] = ACCUM(w0); - sw t0,0(a3) - # cy = CARRYOUT(w0); - dsrl32 t2,t0,0 - addiu a3,a3,4 - # } -.M.6: - - # while (cy) { - beq t2,zero,.M.1 - nop -.M.7: - # mp_word w = (mp_word)*c + cy; - lwu a6,0(a3) - daddu t2,t2,a6 - # *c++ = ACCUM(w); - sw t2,0(a3) - # cy = CARRYOUT(w); - dsrl32 t2,t2,0 - bne t2,zero,.M.7 - addiu a3,a3,4 - - # } -.M.1: - jr ra - nop - #} - # - .end s_mpv_mul_d_add_prop - - .ent s_mpv_mul_d - .globl s_mpv_mul_d - -s_mpv_mul_d: - #/* c = a * b */ - #void s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, - # mp_digit *c) - #{ - # mp_digit a0, a1; regs a4, a5 - # mp_digit cy = 0; reg t2 - # mp_word w0, w1; regs t0, t1 - # - # if (a_len) { - beq a1,zero,.N.1 - move t2,zero # cy = 0 - dsll32 a2,a2,0 # "b" is sometimes negative (?!?!) - dsrl32 a2,a2,0 # This clears the upper 32 bits. - # a0 = a[0]; - lwu a4,0(a0) - # w0 = ((mp_word)b * a0); - dmultu a2,a4 - # if (--a_len) { - addiu a1,a1,-1 - beq a1,zero,.N.2 - # while (a_len >= 2) { - sltiu t3,a1,2 - bne t3,zero,.N.3 - # a1 = a[1]; - lwu a5,4(a0) -.N.4: - # a_len -= 2; - addiu a1,a1,-2 - # w0 += cy; - mflo t0 - daddu t0,t0,t2 - # cy = CARRYOUT(w0); - dsrl32 t2,t0,0 - # w1 = (mp_word)b * a1; - dmultu a2,a5 - # c[0] = ACCUM(w0); - sw t0,0(a3) - # a0 = a[2]; - lwu a4,8(a0) - # a += 2; - addiu a0,a0,8 - # w1 += cy; - mflo t1 - daddu t1,t1,t2 - # cy = CARRYOUT(w1); - dsrl32 t2,t1,0 - # w0 = (mp_word)b * a0; - dmultu a2,a4 - # c[1] = ACCUM(w1); - sw t1,4(a3) - # c += 2; - addiu a3,a3,8 - sltiu t3,a1,2 - beq t3,zero,.N.4 - # a1 = a[1]; - lwu a5,4(a0) - # } -.N.3: - # w0 += cy; - # if (a_len) { - mflo t0 - beq a1,zero,.N.5 - daddu t0,t0,t2 - # w1 = (mp_word)b * a1; - dmultu a2,a5 # - # cy = CARRYOUT(w0); - dsrl32 t2,t0,0 - # c[0] = ACCUM(w0); - sw t0,0(a3) - # w1 += cy; - mflo t1 - daddu t1,t1,t2 - # c[1] = ACCUM(w1); - sw t1,4(a3) - # cy = CARRYOUT(w1); - dsrl32 t2,t1,0 - # c += 1; - b .N.6 - addiu a3,a3,4 - # } else { -.N.5: - # c[0] = ACCUM(w0); - sw t0,0(a3) - # cy = CARRYOUT(w0); - b .N.6 - dsrl32 t2,t0,0 - # } - # } else { -.N.2: - mflo t0 - # c[0] = ACCUM(w0); - sw t0,0(a3) - # cy = CARRYOUT(w0); - dsrl32 t2,t0,0 - # } -.N.6: - # c[1] = cy; - jr ra - sw t2,4(a3) - # } -.N.1: - jr ra - nop - #} - # - .end s_mpv_mul_d - - - .ent s_mpv_sqr_add_prop - .globl s_mpv_sqr_add_prop - #void s_mpv_sqr_add_prop(const mp_digit *a, mp_size a_len, mp_digit *sqrs); - # registers - # a0 *a - # a1 a_len - # a2 *sqr - # a3 digit from *a, a_i - # a4 square of digit from a - # a5,a6 next 2 digits in sqr - # a7,t0 carry -s_mpv_sqr_add_prop: - move a7,zero - move t0,zero - lwu a3,0(a0) - addiu a1,a1,-1 # --a_len - dmultu a3,a3 - beq a1,zero,.P.3 # jump if we've already done the only sqr - addiu a0,a0,4 # ++a -.P.2: - lwu a5,0(a2) - lwu a6,4(a2) - addiu a2,a2,8 # sqrs += 2; - dsll32 a6,a6,0 - daddu a5,a5,a6 - lwu a3,0(a0) - addiu a0,a0,4 # ++a - mflo a4 - daddu a6,a5,a4 - sltu a7,a6,a5 # a7 = a6 < a5 detect overflow - dmultu a3,a3 - daddu a4,a6,t0 - sltu t0,a4,a6 - add t0,t0,a7 - sw a4,-8(a2) - addiu a1,a1,-1 # --a_len - dsrl32 a4,a4,0 - bne a1,zero,.P.2 # loop if a_len > 0 - sw a4,-4(a2) -.P.3: - lwu a5,0(a2) - lwu a6,4(a2) - addiu a2,a2,8 # sqrs += 2; - dsll32 a6,a6,0 - daddu a5,a5,a6 - mflo a4 - daddu a6,a5,a4 - sltu a7,a6,a5 # a7 = a6 < a5 detect overflow - daddu a4,a6,t0 - sltu t0,a4,a6 - add t0,t0,a7 - sw a4,-8(a2) - beq t0,zero,.P.9 # jump if no carry - dsrl32 a4,a4,0 -.P.8: - sw a4,-4(a2) - /* propagate final carry */ - lwu a5,0(a2) - daddu a6,a5,t0 - sltu t0,a6,a5 - bne t0,zero,.P.8 # loop if carry persists - addiu a2,a2,4 # sqrs++ -.P.9: - jr ra - sw a4,-4(a2) - - .end s_mpv_sqr_add_prop diff --git a/security/nss/lib/freebl/mpi/mpi_sparc.c b/security/nss/lib/freebl/mpi/mpi_sparc.c deleted file mode 100644 index a7bf863fd..000000000 --- a/security/nss/lib/freebl/mpi/mpi_sparc.c +++ /dev/null @@ -1,358 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * $Id$ - */ - -/* Multiplication performance enhancements for sparc v8+vis CPUs. */ - -#include "mpi-priv.h" -#include -#include -#include - -/* In the functions below, */ -/* vector y must be 8-byte aligned, and n must be even */ -/* returns carry out of high order word of result */ -/* maximum n is 256 */ - -/* vector x += vector y * scaler a; where y is of length n words. */ -extern mp_digit mul_add_inp(mp_digit *x, const mp_digit *y, int n, mp_digit a); - -/* vector z = vector x + vector y * scaler a; where y is of length n words. */ -extern mp_digit mul_add(mp_digit *z, const mp_digit *x, const mp_digit *y, - int n, mp_digit a); - -/* v8 versions of these functions run on any Sparc v8 CPU. */ - -/* This trick works on Sparc V8 CPUs with the Workshop compilers. */ -#define MP_MUL_DxD(a, b, Phi, Plo) \ - { unsigned long long product = (unsigned long long)a * b; \ - Plo = (mp_digit)product; \ - Phi = (mp_digit)(product >> MP_DIGIT_BIT); } - -/* c = a * b */ -static void -v8_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ -#if !defined(MP_NO_MP_WORD) - mp_digit d = 0; - - /* Inner product: Digits of a */ - while (a_len--) { - mp_word w = ((mp_word)b * *a++) + d; - *c++ = ACCUM(w); - d = CARRYOUT(w); - } - *c = d; -#else - mp_digit carry = 0; - while (a_len--) { - mp_digit a_i = *a++; - mp_digit a0b0, a1b1; - - MP_MUL_DxD(a_i, b, a1b1, a0b0); - - a0b0 += carry; - if (a0b0 < carry) - ++a1b1; - *c++ = a0b0; - carry = a1b1; - } - *c = carry; -#endif -} - -/* c += a * b */ -static void -v8_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ -#if !defined(MP_NO_MP_WORD) - mp_digit d = 0; - - /* Inner product: Digits of a */ - while (a_len--) { - mp_word w = ((mp_word)b * *a++) + *c + d; - *c++ = ACCUM(w); - d = CARRYOUT(w); - } - *c = d; -#else - mp_digit carry = 0; - while (a_len--) { - mp_digit a_i = *a++; - mp_digit a0b0, a1b1; - - MP_MUL_DxD(a_i, b, a1b1, a0b0); - - a0b0 += carry; - if (a0b0 < carry) - ++a1b1; - a0b0 += a_i = *c; - if (a0b0 < a_i) - ++a1b1; - *c++ = a0b0; - carry = a1b1; - } - *c = carry; -#endif -} - -/* Presently, this is only used by the Montgomery arithmetic code. */ -/* c += a * b */ -static void -v8_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ -#if !defined(MP_NO_MP_WORD) - mp_digit d = 0; - - /* Inner product: Digits of a */ - while (a_len--) { - mp_word w = ((mp_word)b * *a++) + *c + d; - *c++ = ACCUM(w); - d = CARRYOUT(w); - } - - while (d) { - mp_word w = (mp_word)*c + d; - *c++ = ACCUM(w); - d = CARRYOUT(w); - } -#else - mp_digit carry = 0; - while (a_len--) { - mp_digit a_i = *a++; - mp_digit a0b0, a1b1; - - MP_MUL_DxD(a_i, b, a1b1, a0b0); - - a0b0 += carry; - if (a0b0 < carry) - ++a1b1; - - a0b0 += a_i = *c; - if (a0b0 < a_i) - ++a1b1; - - *c++ = a0b0; - carry = a1b1; - } - while (carry) { - mp_digit c_i = *c; - carry += c_i; - *c++ = carry; - carry = carry < c_i; - } -#endif -} - -/* vis versions of these functions run only on v8+vis or v9+vis CPUs. */ - -/* c = a * b */ -static void -vis_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ - mp_digit d; - mp_digit x[258]; - if (a_len <= 256) { - if (a == c || ((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) { - mp_digit * px; - px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x; - memcpy(px, a, a_len * sizeof(*a)); - a = px; - if (a_len & 1) { - px[a_len] = 0; - } - } - s_mp_setz(c, a_len + 1); - d = mul_add_inp(c, a, a_len, b); - c[a_len] = d; - } else { - v8_mpv_mul_d(a, a_len, b, c); - } -} - -/* c += a * b, where a is a_len words long. */ -static void -vis_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ - mp_digit d; - mp_digit x[258]; - if (a_len <= 256) { - if (((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) { - mp_digit * px; - px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x; - memcpy(px, a, a_len * sizeof(*a)); - a = px; - if (a_len & 1) { - px[a_len] = 0; - } - } - d = mul_add_inp(c, a, a_len, b); - c[a_len] = d; - } else { - v8_mpv_mul_d_add(a, a_len, b, c); - } -} - -/* c += a * b, where a is y words long. */ -static void -vis_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, - mp_digit *c) -{ - mp_digit d; - mp_digit x[258]; - if (a_len <= 256) { - if (((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) { - mp_digit * px; - px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x; - memcpy(px, a, a_len * sizeof(*a)); - a = px; - if (a_len & 1) { - px[a_len] = 0; - } - } - d = mul_add_inp(c, a, a_len, b); - if (d) { - c += a_len; - do { - mp_digit sum = d + *c; - *c++ = sum; - d = sum < d; - } while (d); - } - } else { - v8_mpv_mul_d_add_prop(a, a_len, b, c); - } -} - -#if defined(SOLARIS2_5) -static int -isSparcV8PlusVis(void) -{ - long buflen; - int rv = 0; /* false */ - char buf[256]; - buflen = sysinfo(SI_MACHINE, buf, sizeof buf); - if (buflen > 0) { - rv = (!strcmp(buf, "sun4u") || !strcmp(buf, "sun4u1")); - } - return rv; -} -#else /* SunOS2.6or higher has SI_ISALIST */ - -static int -isSparcV8PlusVis(void) -{ - long buflen; - int rv = 0; /* false */ - char buf[256]; - buflen = sysinfo(SI_ISALIST, buf, sizeof buf); - if (buflen > 0) { -#if defined(MP_USE_LONG_DIGIT) - char * found = strstr(buf, "sparcv9+vis"); -#else - char * found = strstr(buf, "sparcv8plus+vis"); -#endif - rv = (found != 0); - } - return rv; -} -#endif - -typedef void MPVmpy(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c); - -/* forward static function declarations */ -static MPVmpy sp_mpv_mul_d; -static MPVmpy sp_mpv_mul_d_add; -static MPVmpy sp_mpv_mul_d_add_prop; - -static MPVmpy *p_mpv_mul_d = &sp_mpv_mul_d; -static MPVmpy *p_mpv_mul_d_add = &sp_mpv_mul_d_add; -static MPVmpy *p_mpv_mul_d_add_prop = &sp_mpv_mul_d_add_prop; - -static void -initPtrs(void) -{ - if (isSparcV8PlusVis()) { - p_mpv_mul_d = &vis_mpv_mul_d; - p_mpv_mul_d_add = &vis_mpv_mul_d_add; - p_mpv_mul_d_add_prop = &vis_mpv_mul_d_add_prop; - } else { - p_mpv_mul_d = &v8_mpv_mul_d; - p_mpv_mul_d_add = &v8_mpv_mul_d_add; - p_mpv_mul_d_add_prop = &v8_mpv_mul_d_add_prop; - } -} - -static void -sp_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ - initPtrs(); - (* p_mpv_mul_d)(a, a_len, b, c); -} - -static void -sp_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ - initPtrs(); - (* p_mpv_mul_d_add)(a, a_len, b, c); -} - -static void -sp_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ - initPtrs(); - (* p_mpv_mul_d_add_prop)(a, a_len, b, c); -} - - -/* This is the external interface */ - -void -s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ - (* p_mpv_mul_d)(a, a_len, b, c); -} - -void -s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ - (* p_mpv_mul_d_add)(a, a_len, b, c); -} - -void -s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) -{ - (* p_mpv_mul_d_add_prop)(a, a_len, b, c); -} - - diff --git a/security/nss/lib/freebl/mpi/mpi_x86.asm b/security/nss/lib/freebl/mpi/mpi_x86.asm deleted file mode 100644 index ed2fc5e58..000000000 --- a/security/nss/lib/freebl/mpi/mpi_x86.asm +++ /dev/null @@ -1,351 +0,0 @@ -; -; mpi_x86.asm - assembly language implementation of s_mpv_ functions. -; -; The contents of this file are subject to the Mozilla Public -; License Version 1.1 (the "License"); you may not use this file -; except in compliance with the License. You may obtain a copy of -; the License at http://www.mozilla.org/MPL/ -; -; Software distributed under the License is distributed on an "AS -; IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -; implied. See the License for the specific language governing -; rights and limitations under the License. -; -; The Original Code is the Netscape security libraries. -; -; The Initial Developer of the Original Code is Netscape -; Communications Corporation. Portions created by Netscape are -; Copyright (C) 2000 Netscape Communications Corporation. All -; Rights Reserved. -; -; Contributor(s): -; -; Alternatively, the contents of this file may be used under the -; terms of the GNU General Public License Version 2 or later (the -; "GPL"), in which case the provisions of the GPL are applicable -; instead of those above. If you wish to allow use of your -; version of this file only under the terms of the GPL and not to -; allow others to use your version of this file under the MPL, -; indicate your decision by deleting the provisions above and -; replace them with the notice and other provisions required by -; the GPL. If you do not delete the provisions above, a recipient -; may use your version of this file under either the MPL or the -; GPL. -; $Id$ -; - - .386p - .MODEL FLAT - ASSUME CS: FLAT, DS: FLAT, SS: FLAT -_TEXT SEGMENT - -; ebp - 36: caller's esi -; ebp - 32: caller's edi -; ebp - 28: -; ebp - 24: -; ebp - 20: -; ebp - 16: -; ebp - 12: -; ebp - 8: -; ebp - 4: -; ebp + 0: caller's ebp -; ebp + 4: return address -; ebp + 8: a argument -; ebp + 12: a_len argument -; ebp + 16: b argument -; ebp + 20: c argument -; registers: -; eax: -; ebx: carry -; ecx: a_len -; edx: -; esi: a ptr -; edi: c ptr - -public _s_mpv_mul_d -_s_mpv_mul_d PROC NEAR - push ebp - mov ebp,esp - sub esp,28 - push edi - push esi - push ebx - mov ebx,0 ; carry = 0 - mov ecx,[ebp+12] ; ecx = a_len - mov edi,[ebp+20] - cmp ecx,0 - je L_2 ; jmp if a_len == 0 - mov esi,[ebp+8] ; esi = a - cld -L_1: - lodsd ; eax = [ds:esi]; esi += 4 - mov edx,[ebp+16] ; edx = b - mul edx ; edx:eax = Phi:Plo = a_i * b - - add eax,ebx ; add carry (ebx) to edx:eax - adc edx,0 - mov ebx,edx ; high half of product becomes next carry - - stosd ; [es:edi] = ax; edi += 4; - dec ecx ; --a_len - jnz L_1 ; jmp if a_len != 0 -L_2: - mov [edi],ebx ; *c = carry - pop ebx - pop esi - pop edi - leave - ret - nop -_s_mpv_mul_d ENDP - -; ebp - 36: caller's esi -; ebp - 32: caller's edi -; ebp - 28: -; ebp - 24: -; ebp - 20: -; ebp - 16: -; ebp - 12: -; ebp - 8: -; ebp - 4: -; ebp + 0: caller's ebp -; ebp + 4: return address -; ebp + 8: a argument -; ebp + 12: a_len argument -; ebp + 16: b argument -; ebp + 20: c argument -; registers: -; eax: -; ebx: carry -; ecx: a_len -; edx: -; esi: a ptr -; edi: c ptr -public _s_mpv_mul_d_add -_s_mpv_mul_d_add PROC NEAR - push ebp - mov ebp,esp - sub esp,28 - push edi - push esi - push ebx - mov ebx,0 ; carry = 0 - mov ecx,[ebp+12] ; ecx = a_len - mov edi,[ebp+20] - cmp ecx,0 - je L_4 ; jmp if a_len == 0 - mov esi,[ebp+8] ; esi = a - cld -L_3: - lodsd ; eax = [ds:esi]; esi += 4 - mov edx,[ebp+16] ; edx = b - mul edx ; edx:eax = Phi:Plo = a_i * b - - add eax,ebx ; add carry (ebx) to edx:eax - adc edx,0 - mov ebx,[edi] ; add in current word from *c - add eax,ebx - adc edx,0 - mov ebx,edx ; high half of product becomes next carry - - stosd ; [es:edi] = ax; edi += 4; - dec ecx ; --a_len - jnz L_3 ; jmp if a_len != 0 -L_4: - mov [edi],ebx ; *c = carry - pop ebx - pop esi - pop edi - leave - ret - nop -_s_mpv_mul_d_add ENDP - -; ebp - 36: caller's esi -; ebp - 32: caller's edi -; ebp - 28: -; ebp - 24: -; ebp - 20: -; ebp - 16: -; ebp - 12: -; ebp - 8: -; ebp - 4: -; ebp + 0: caller's ebp -; ebp + 4: return address -; ebp + 8: a argument -; ebp + 12: a_len argument -; ebp + 16: b argument -; ebp + 20: c argument -; registers: -; eax: -; ebx: carry -; ecx: a_len -; edx: -; esi: a ptr -; edi: c ptr -public _s_mpv_mul_d_add_prop -_s_mpv_mul_d_add_prop PROC NEAR - push ebp - mov ebp,esp - sub esp,28 - push edi - push esi - push ebx - mov ebx,0 ; carry = 0 - mov ecx,[ebp+12] ; ecx = a_len - mov edi,[ebp+20] - cmp ecx,0 - je L_6 ; jmp if a_len == 0 - cld - mov esi,[ebp+8] ; esi = a -L_5: - lodsd ; eax = [ds:esi]; esi += 4 - mov edx,[ebp+16] ; edx = b - mul edx ; edx:eax = Phi:Plo = a_i * b - - add eax,ebx ; add carry (ebx) to edx:eax - adc edx,0 - mov ebx,[edi] ; add in current word from *c - add eax,ebx - adc edx,0 - mov ebx,edx ; high half of product becomes next carry - - stosd ; [es:edi] = ax; edi += 4; - dec ecx ; --a_len - jnz L_5 ; jmp if a_len != 0 -L_6: - cmp ebx,0 ; is carry zero? - jz L_8 - mov eax,[edi] ; add in current word from *c - add eax,ebx - stosd ; [es:edi] = ax; edi += 4; - jnc L_8 -L_7: - mov eax,[edi] ; add in current word from *c - adc eax,0 - stosd ; [es:edi] = ax; edi += 4; - jc L_7 -L_8: - pop ebx - pop esi - pop edi - leave - ret - nop -_s_mpv_mul_d_add_prop ENDP - -; ebp - 20: caller's esi -; ebp - 16: caller's edi -; ebp - 12: -; ebp - 8: carry -; ebp - 4: a_len local -; ebp + 0: caller's ebp -; ebp + 4: return address -; ebp + 8: pa argument -; ebp + 12: a_len argument -; ebp + 16: ps argument -; ebp + 20: -; registers: -; eax: -; ebx: carry -; ecx: a_len -; edx: -; esi: a ptr -; edi: c ptr - -public _s_mpv_sqr_add_prop -_s_mpv_sqr_add_prop PROC NEAR - push ebp - mov ebp,esp - sub esp,12 - push edi - push esi - push ebx - mov ebx,0 ; carry = 0 - mov ecx,[ebp+12] ; a_len - mov edi,[ebp+16] ; edi = ps - cmp ecx,0 - je L_11 ; jump if a_len == 0 - cld - mov esi,[ebp+8] ; esi = pa -L_10: - lodsd ; eax = [ds:si]; si += 4; - mul eax - - add eax,ebx ; add "carry" - adc edx,0 - mov ebx,[edi] - add eax,ebx ; add low word from result - mov ebx,[edi+4] - stosd ; [es:di] = eax; di += 4; - adc edx,ebx ; add high word from result - mov ebx,0 - mov eax,edx - adc ebx,0 - stosd ; [es:di] = eax; di += 4; - dec ecx ; --a_len - jnz L_10 ; jmp if a_len != 0 -L_11: - cmp ebx,0 ; is carry zero? - jz L_14 - mov eax,[edi] ; add in current word from *c - add eax,ebx - stosd ; [es:edi] = ax; edi += 4; - jnc L_14 -L_12: - mov eax,[edi] ; add in current word from *c - adc eax,0 - stosd ; [es:edi] = ax; edi += 4; - jc L_12 -L_14: - pop ebx - pop esi - pop edi - leave - ret - nop -_s_mpv_sqr_add_prop ENDP - -; -; Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized -; so its high bit is 1. This code is from NSPR. -; -; mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor, -; mp_digit *qp, mp_digit *rp) - -; Dump of assembler code for function s_mpv_div_2dx1d: -; -; esp + 0: Caller's ebx -; esp + 4: return address -; esp + 8: Nhi argument -; esp + 12: Nlo argument -; esp + 16: divisor argument -; esp + 20: qp argument -; esp + 24: rp argument -; registers: -; eax: -; ebx: carry -; ecx: a_len -; edx: -; esi: a ptr -; edi: c ptr -; -public _s_mpv_div_2dx1d -_s_mpv_div_2dx1d PROC NEAR - push ebx - mov edx,[esp+8] - mov eax,[esp+12] - mov ebx,[esp+16] - div ebx - mov ebx,[esp+20] - mov [ebx],eax - mov ebx,[esp+24] - mov [ebx],edx - xor eax,eax ; return zero - pop ebx - ret - nop -_s_mpv_div_2dx1d ENDP - -_TEXT ENDS -END diff --git a/security/nss/lib/freebl/mpi/mpi_x86.s b/security/nss/lib/freebl/mpi/mpi_x86.s deleted file mode 100644 index 07d7a6159..000000000 --- a/security/nss/lib/freebl/mpi/mpi_x86.s +++ /dev/null @@ -1,345 +0,0 @@ - # - # The contents of this file are subject to the Mozilla Public - # License Version 1.1 (the "License"); you may not use this file - # except in compliance with the License. You may obtain a copy of - # the License at http://www.mozilla.org/MPL/ - # - # Software distributed under the License is distributed on an "AS - # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - # implied. See the License for the specific language governing - # rights and limitations under the License. - # - # The Original Code is the Netscape security libraries. - # - # The Initial Developer of the Original Code is Netscape - # Communications Corporation. Portions created by Netscape are - # Copyright (C) 2000 Netscape Communications Corporation. All - # Rights Reserved. - # - # Contributor(s): - # - # Alternatively, the contents of this file may be used under the - # terms of the GNU General Public License Version 2 or later (the - # "GPL"), in which case the provisions of the GPL are applicable - # instead of those above. If you wish to allow use of your - # version of this file only under the terms of the GPL and not to - # allow others to use your version of this file under the MPL, - # indicate your decision by deleting the provisions above and - # replace them with the notice and other provisions required by - # the GPL. If you do not delete the provisions above, a recipient - # may use your version of this file under either the MPL or the - # GPL. - # $Id$ - # - -.text - - # ebp - 36: caller's esi - # ebp - 32: caller's edi - # ebp - 28: - # ebp - 24: - # ebp - 20: - # ebp - 16: - # ebp - 12: - # ebp - 8: - # ebp - 4: - # ebp + 0: caller's ebp - # ebp + 4: return address - # ebp + 8: a argument - # ebp + 12: a_len argument - # ebp + 16: b argument - # ebp + 20: c argument - # registers: - # eax: - # ebx: carry - # ecx: a_len - # edx: - # esi: a ptr - # edi: c ptr -.globl s_mpv_mul_d -.type s_mpv_mul_d,@function -s_mpv_mul_d: - push %ebp - mov %esp,%ebp - sub $28,%esp - push %edi - push %esi - push %ebx - movl $0,%ebx # carry = 0 - mov 12(%ebp),%ecx # ecx = a_len - mov 20(%ebp),%edi - cmp $0,%ecx - je 2f # jmp if a_len == 0 - mov 8(%ebp),%esi # esi = a - cld -1: - lodsl # eax = [ds:esi]; esi += 4 - mov 16(%ebp),%edx # edx = b - mull %edx # edx:eax = Phi:Plo = a_i * b - - add %ebx,%eax # add carry (%ebx) to edx:eax - adc $0,%edx - mov %edx,%ebx # high half of product becomes next carry - - stosl # [es:edi] = ax; edi += 4; - dec %ecx # --a_len - jnz 1b # jmp if a_len != 0 -2: - mov %ebx,0(%edi) # *c = carry - pop %ebx - pop %esi - pop %edi - leave - ret - nop - - # ebp - 36: caller's esi - # ebp - 32: caller's edi - # ebp - 28: - # ebp - 24: - # ebp - 20: - # ebp - 16: - # ebp - 12: - # ebp - 8: - # ebp - 4: - # ebp + 0: caller's ebp - # ebp + 4: return address - # ebp + 8: a argument - # ebp + 12: a_len argument - # ebp + 16: b argument - # ebp + 20: c argument - # registers: - # eax: - # ebx: carry - # ecx: a_len - # edx: - # esi: a ptr - # edi: c ptr -.globl s_mpv_mul_d_add -.type s_mpv_mul_d_add,@function -s_mpv_mul_d_add: - push %ebp - mov %esp,%ebp - sub $28,%esp - push %edi - push %esi - push %ebx - movl $0,%ebx # carry = 0 - mov 12(%ebp),%ecx # ecx = a_len - mov 20(%ebp),%edi - cmp $0,%ecx - je 4f # jmp if a_len == 0 - mov 8(%ebp),%esi # esi = a - cld -3: - lodsl # eax = [ds:esi]; esi += 4 - mov 16(%ebp),%edx # edx = b - mull %edx # edx:eax = Phi:Plo = a_i * b - - add %ebx,%eax # add carry (%ebx) to edx:eax - adc $0,%edx - mov 0(%edi),%ebx # add in current word from *c - add %ebx,%eax - adc $0,%edx - mov %edx,%ebx # high half of product becomes next carry - - stosl # [es:edi] = ax; edi += 4; - dec %ecx # --a_len - jnz 3b # jmp if a_len != 0 -4: - mov %ebx,0(%edi) # *c = carry - pop %ebx - pop %esi - pop %edi - leave - ret - nop - - # ebp - 36: caller's esi - # ebp - 32: caller's edi - # ebp - 28: - # ebp - 24: - # ebp - 20: - # ebp - 16: - # ebp - 12: - # ebp - 8: - # ebp - 4: - # ebp + 0: caller's ebp - # ebp + 4: return address - # ebp + 8: a argument - # ebp + 12: a_len argument - # ebp + 16: b argument - # ebp + 20: c argument - # registers: - # eax: - # ebx: carry - # ecx: a_len - # edx: - # esi: a ptr - # edi: c ptr -.globl s_mpv_mul_d_add_prop -.type s_mpv_mul_d_add_prop,@function -s_mpv_mul_d_add_prop: - push %ebp - mov %esp,%ebp - sub $28,%esp - push %edi - push %esi - push %ebx - movl $0,%ebx # carry = 0 - mov 12(%ebp),%ecx # ecx = a_len - mov 20(%ebp),%edi - cmp $0,%ecx - je 6f # jmp if a_len == 0 - cld - mov 8(%ebp),%esi # esi = a -5: - lodsl # eax = [ds:esi]; esi += 4 - mov 16(%ebp),%edx # edx = b - mull %edx # edx:eax = Phi:Plo = a_i * b - - add %ebx,%eax # add carry (%ebx) to edx:eax - adc $0,%edx - mov 0(%edi),%ebx # add in current word from *c - add %ebx,%eax - adc $0,%edx - mov %edx,%ebx # high half of product becomes next carry - - stosl # [es:edi] = ax; edi += 4; - dec %ecx # --a_len - jnz 5b # jmp if a_len != 0 -6: - cmp $0,%ebx # is carry zero? - jz 8f - mov 0(%edi),%eax # add in current word from *c - add %ebx,%eax - stosl # [es:edi] = ax; edi += 4; - jnc 8f -7: - mov 0(%edi),%eax # add in current word from *c - adc $0,%eax - stosl # [es:edi] = ax; edi += 4; - jc 7b -8: - pop %ebx - pop %esi - pop %edi - leave - ret - nop - - # ebp - 20: caller's esi - # ebp - 16: caller's edi - # ebp - 12: - # ebp - 8: carry - # ebp - 4: a_len local - # ebp + 0: caller's ebp - # ebp + 4: return address - # ebp + 8: pa argument - # ebp + 12: a_len argument - # ebp + 16: ps argument - # ebp + 20: - # registers: - # eax: - # ebx: carry - # ecx: a_len - # edx: - # esi: a ptr - # edi: c ptr - -.globl s_mpv_sqr_add_prop -.type s_mpv_sqr_add_prop,@function -s_mpv_sqr_add_prop: - push %ebp - mov %esp,%ebp - sub $12,%esp - push %edi - push %esi - push %ebx - movl $0,%ebx # carry = 0 - mov 12(%ebp),%ecx # a_len - mov 16(%ebp),%edi # edi = ps - cmp $0,%ecx - je 11f # jump if a_len == 0 - cld - mov 8(%ebp),%esi # esi = pa -10: - lodsl # %eax = [ds:si]; si += 4; - mull %eax - - add %ebx,%eax # add "carry" - adc $0,%edx - mov 0(%edi),%ebx - add %ebx,%eax # add low word from result - mov 4(%edi),%ebx - stosl # [es:di] = %eax; di += 4; - adc %ebx,%edx # add high word from result - movl $0,%ebx - mov %edx,%eax - adc $0,%ebx - stosl # [es:di] = %eax; di += 4; - dec %ecx # --a_len - jnz 10b # jmp if a_len != 0 -11: - cmp $0,%ebx # is carry zero? - jz 14f - mov 0(%edi),%eax # add in current word from *c - add %ebx,%eax - stosl # [es:edi] = ax; edi += 4; - jnc 14f -12: - mov 0(%edi),%eax # add in current word from *c - adc $0,%eax - stosl # [es:edi] = ax; edi += 4; - jc 12b -14: - pop %ebx - pop %esi - pop %edi - leave - ret - nop - - # - # Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized - # so its high bit is 1. This code is from NSPR. - # - # mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor, - # mp_digit *qp, mp_digit *rp) - - # esp + 0: Caller's ebx - # esp + 4: return address - # esp + 8: Nhi argument - # esp + 12: Nlo argument - # esp + 16: divisor argument - # esp + 20: qp argument - # esp + 24: rp argument - # registers: - # eax: - # ebx: carry - # ecx: a_len - # edx: - # esi: a ptr - # edi: c ptr - # - -.globl s_mpv_div_2dx1d -.type s_mpv_div_2dx1d,@function -s_mpv_div_2dx1d: - push %ebx - mov 8(%esp),%edx - mov 12(%esp),%eax - mov 16(%esp),%ebx - div %ebx - mov 20(%esp),%ebx - mov %eax,0(%ebx) - mov 24(%esp),%ebx - mov %edx,0(%ebx) - xor %eax,%eax # return zero - pop %ebx - ret - nop - - # Magic indicating no need for an executable stack -.section .note.GNU-stack, "", @progbits -.previous diff --git a/security/nss/lib/freebl/mpi/mplogic.c b/security/nss/lib/freebl/mpi/mplogic.c deleted file mode 100644 index 225bcf9d1..000000000 --- a/security/nss/lib/freebl/mpi/mplogic.c +++ /dev/null @@ -1,462 +0,0 @@ -/* - * mplogic.c - * - * Bitwise logical operations on MPI values - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include "mpi-priv.h" -#include "mplogic.h" - -/* {{{ Lookup table for population count */ - -static unsigned char bitc[] = { - 0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4, - 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, - 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, - 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, - 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, - 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, - 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, - 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, - 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, - 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, - 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, - 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, - 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, - 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, - 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, - 4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8 -}; - -/* }}} */ - -/*------------------------------------------------------------------------*/ -/* - mpl_not(a, b) - compute b = ~a - mpl_and(a, b, c) - compute c = a & b - mpl_or(a, b, c) - compute c = a | b - mpl_xor(a, b, c) - compute c = a ^ b - */ - -/* {{{ mpl_not(a, b) */ - -mp_err mpl_not(mp_int *a, mp_int *b) -{ - mp_err res; - unsigned int ix; - - ARGCHK(a != NULL && b != NULL, MP_BADARG); - - if((res = mp_copy(a, b)) != MP_OKAY) - return res; - - /* This relies on the fact that the digit type is unsigned */ - for(ix = 0; ix < USED(b); ix++) - DIGIT(b, ix) = ~DIGIT(b, ix); - - s_mp_clamp(b); - - return MP_OKAY; - -} /* end mpl_not() */ - -/* }}} */ - -/* {{{ mpl_and(a, b, c) */ - -mp_err mpl_and(mp_int *a, mp_int *b, mp_int *c) -{ - mp_int *which, *other; - mp_err res; - unsigned int ix; - - ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); - - if(USED(a) <= USED(b)) { - which = a; - other = b; - } else { - which = b; - other = a; - } - - if((res = mp_copy(which, c)) != MP_OKAY) - return res; - - for(ix = 0; ix < USED(which); ix++) - DIGIT(c, ix) &= DIGIT(other, ix); - - s_mp_clamp(c); - - return MP_OKAY; - -} /* end mpl_and() */ - -/* }}} */ - -/* {{{ mpl_or(a, b, c) */ - -mp_err mpl_or(mp_int *a, mp_int *b, mp_int *c) -{ - mp_int *which, *other; - mp_err res; - unsigned int ix; - - ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); - - if(USED(a) >= USED(b)) { - which = a; - other = b; - } else { - which = b; - other = a; - } - - if((res = mp_copy(which, c)) != MP_OKAY) - return res; - - for(ix = 0; ix < USED(which); ix++) - DIGIT(c, ix) |= DIGIT(other, ix); - - return MP_OKAY; - -} /* end mpl_or() */ - -/* }}} */ - -/* {{{ mpl_xor(a, b, c) */ - -mp_err mpl_xor(mp_int *a, mp_int *b, mp_int *c) -{ - mp_int *which, *other; - mp_err res; - unsigned int ix; - - ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); - - if(USED(a) >= USED(b)) { - which = a; - other = b; - } else { - which = b; - other = a; - } - - if((res = mp_copy(which, c)) != MP_OKAY) - return res; - - for(ix = 0; ix < USED(which); ix++) - DIGIT(c, ix) ^= DIGIT(other, ix); - - s_mp_clamp(c); - - return MP_OKAY; - -} /* end mpl_xor() */ - -/* }}} */ - -/*------------------------------------------------------------------------*/ -/* - mpl_rsh(a, b, d) - b = a >> d - mpl_lsh(a, b, d) - b = a << d - */ - -/* {{{ mpl_rsh(a, b, d) */ - -mp_err mpl_rsh(const mp_int *a, mp_int *b, mp_digit d) -{ - mp_err res; - - ARGCHK(a != NULL && b != NULL, MP_BADARG); - - if((res = mp_copy(a, b)) != MP_OKAY) - return res; - - s_mp_div_2d(b, d); - - return MP_OKAY; - -} /* end mpl_rsh() */ - -/* }}} */ - -/* {{{ mpl_lsh(a, b, d) */ - -mp_err mpl_lsh(const mp_int *a, mp_int *b, mp_digit d) -{ - mp_err res; - - ARGCHK(a != NULL && b != NULL, MP_BADARG); - - if((res = mp_copy(a, b)) != MP_OKAY) - return res; - - return s_mp_mul_2d(b, d); - -} /* end mpl_lsh() */ - -/* }}} */ - -/*------------------------------------------------------------------------*/ -/* - mpl_num_set(a, num) - - Count the number of set bits in the binary representation of a. - Returns MP_OKAY and sets 'num' to be the number of such bits, if - possible. If num is NULL, the result is thrown away, but it is - not considered an error. - - mpl_num_clear() does basically the same thing for clear bits. - */ - -/* {{{ mpl_num_set(a, num) */ - -mp_err mpl_num_set(mp_int *a, int *num) -{ - unsigned int ix; - int db, nset = 0; - mp_digit cur; - unsigned char reg; - - ARGCHK(a != NULL, MP_BADARG); - - for(ix = 0; ix < USED(a); ix++) { - cur = DIGIT(a, ix); - - for(db = 0; db < sizeof(mp_digit); db++) { - reg = (unsigned char)(cur >> (CHAR_BIT * db)); - - nset += bitc[reg]; - } - } - - if(num) - *num = nset; - - return MP_OKAY; - -} /* end mpl_num_set() */ - -/* }}} */ - -/* {{{ mpl_num_clear(a, num) */ - -mp_err mpl_num_clear(mp_int *a, int *num) -{ - unsigned int ix; - int db, nset = 0; - mp_digit cur; - unsigned char reg; - - ARGCHK(a != NULL, MP_BADARG); - - for(ix = 0; ix < USED(a); ix++) { - cur = DIGIT(a, ix); - - for(db = 0; db < sizeof(mp_digit); db++) { - reg = (unsigned char)(cur >> (CHAR_BIT * db)); - - nset += bitc[UCHAR_MAX - reg]; - } - } - - if(num) - *num = nset; - - return MP_OKAY; - - -} /* end mpl_num_clear() */ - -/* }}} */ - -/*------------------------------------------------------------------------*/ -/* - mpl_parity(a) - - Determines the bitwise parity of the value given. Returns MP_EVEN - if an even number of digits are set, MP_ODD if an odd number are - set. - */ - -/* {{{ mpl_parity(a) */ - -mp_err mpl_parity(mp_int *a) -{ - unsigned int ix; - int par = 0; - mp_digit cur; - - ARGCHK(a != NULL, MP_BADARG); - - for(ix = 0; ix < USED(a); ix++) { - int shft = (sizeof(mp_digit) * CHAR_BIT) / 2; - - cur = DIGIT(a, ix); - - /* Compute parity for current digit */ - while(shft != 0) { - cur ^= (cur >> shft); - shft >>= 1; - } - cur &= 1; - - /* XOR with running parity so far */ - par ^= cur; - } - - if(par) - return MP_ODD; - else - return MP_EVEN; - -} /* end mpl_parity() */ - -/* }}} */ - -/* - mpl_set_bit - - Returns MP_OKAY or some error code. - Grows a if needed to set a bit to 1. - */ -mp_err mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value) -{ - mp_size ix; - mp_err rv; - mp_digit mask; - - ARGCHK(a != NULL, MP_BADARG); - - ix = bitNum / MP_DIGIT_BIT; - if (ix + 1 > MP_USED(a)) { - rv = s_mp_pad(a, ix + 1); - if (rv != MP_OKAY) - return rv; - } - - bitNum = bitNum % MP_DIGIT_BIT; - mask = (mp_digit)1 << bitNum; - if (value) - MP_DIGIT(a,ix) |= mask; - else - MP_DIGIT(a,ix) &= ~mask; - s_mp_clamp(a); - return MP_OKAY; -} - -/* - mpl_get_bit - - returns 0 or 1 or some (negative) error code. - */ -mp_err mpl_get_bit(const mp_int *a, mp_size bitNum) -{ - mp_size bit, ix; - mp_err rv; - - ARGCHK(a != NULL, MP_BADARG); - - ix = bitNum / MP_DIGIT_BIT; - ARGCHK(ix <= MP_USED(a) - 1, MP_RANGE); - - bit = bitNum % MP_DIGIT_BIT; - rv = (mp_err)(MP_DIGIT(a, ix) >> bit) & 1; - return rv; -} - -/* - mpl_get_bits - - Extracts numBits bits from a, where the least significant extracted bit - is bit lsbNum. Returns a negative value if error occurs. - - Because sign bit is used to indicate error, maximum number of bits to - be returned is the lesser of (a) the number of bits in an mp_digit, or - (b) one less than the number of bits in an mp_err. - - lsbNum + numbits can be greater than the number of significant bits in - integer a, as long as bit lsbNum is in the high order digit of a. - */ -mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits) -{ - mp_size rshift = (lsbNum % MP_DIGIT_BIT); - mp_size lsWndx = (lsbNum / MP_DIGIT_BIT); - mp_digit * digit = MP_DIGITS(a) + lsWndx; - mp_digit mask = ((1 << numBits) - 1); - - ARGCHK(numBits < CHAR_BIT * sizeof mask, MP_BADARG); - ARGCHK(MP_HOWMANY(lsbNum, MP_DIGIT_BIT) <= MP_USED(a), MP_RANGE); - - if ((numBits + lsbNum % MP_DIGIT_BIT <= MP_DIGIT_BIT) || - (lsWndx + 1 >= MP_USED(a))) { - mask &= (digit[0] >> rshift); - } else { - mask &= ((digit[0] >> rshift) | (digit[1] << (MP_DIGIT_BIT - rshift))); - } - return (mp_err)mask; -} - -/* - mpl_significant_bits - returns number of significnant bits in abs(a). - returns 1 if value is zero. - */ -mp_err mpl_significant_bits(const mp_int *a) -{ - mp_err bits = 0; - int ix; - - ARGCHK(a != NULL, MP_BADARG); - - ix = MP_USED(a); - for (ix = MP_USED(a); ix > 0; ) { - mp_digit d; - d = MP_DIGIT(a, --ix); - if (d) { - while (d) { - ++bits; - d >>= 1; - } - break; - } - } - bits += ix * MP_DIGIT_BIT; - if (!bits) - bits = 1; - return bits; -} - -/*------------------------------------------------------------------------*/ -/* HERE THERE BE DRAGONS */ diff --git a/security/nss/lib/freebl/mpi/mplogic.h b/security/nss/lib/freebl/mpi/mplogic.h deleted file mode 100644 index 8efa4327c..000000000 --- a/security/nss/lib/freebl/mpi/mplogic.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * mplogic.h - * - * Bitwise logical operations on MPI values - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#ifndef _H_MPLOGIC_ -#define _H_MPLOGIC_ - -#include "mpi.h" - -/* - The logical operations treat an mp_int as if it were a bit vector, - without regard to its sign (an mp_int is represented in a signed - magnitude format). Values are treated as if they had an infinite - string of zeros left of the most-significant bit. - */ - -/* Parity results */ - -#define MP_EVEN MP_YES -#define MP_ODD MP_NO - -/* Bitwise functions */ - -mp_err mpl_not(mp_int *a, mp_int *b); /* one's complement */ -mp_err mpl_and(mp_int *a, mp_int *b, mp_int *c); /* bitwise AND */ -mp_err mpl_or(mp_int *a, mp_int *b, mp_int *c); /* bitwise OR */ -mp_err mpl_xor(mp_int *a, mp_int *b, mp_int *c); /* bitwise XOR */ - -/* Shift functions */ - -mp_err mpl_rsh(const mp_int *a, mp_int *b, mp_digit d); /* right shift */ -mp_err mpl_lsh(const mp_int *a, mp_int *b, mp_digit d); /* left shift */ - -/* Bit count and parity */ - -mp_err mpl_num_set(mp_int *a, int *num); /* count set bits */ -mp_err mpl_num_clear(mp_int *a, int *num); /* count clear bits */ -mp_err mpl_parity(mp_int *a); /* determine parity */ - -/* Get & Set the value of a bit */ - -mp_err mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value); -mp_err mpl_get_bit(const mp_int *a, mp_size bitNum); -mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits); -mp_err mpl_significant_bits(const mp_int *a); - -#endif /* end _H_MPLOGIC_ */ diff --git a/security/nss/lib/freebl/mpi/mpmontg.c b/security/nss/lib/freebl/mpi/mpmontg.c deleted file mode 100644 index 7cd936956..000000000 --- a/security/nss/lib/freebl/mpi/mpmontg.c +++ /dev/null @@ -1,584 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 - * Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sheueling Chang Shantz , - * Stephen Fung , and - * Douglas Stebila of Sun Laboratories. - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * $Id$ - */ - -/* This file implements moduluar exponentiation using Montgomery's - * method for modular reduction. This file implements the method - * described as "Improvement 1" in the paper "A Cryptogrpahic Library for - * the Motorola DSP56000" by Stephen R. Dusse' and Burton S. Kaliski Jr. - * published in "Advances in Cryptology: Proceedings of EUROCRYPT '90" - * "Lecture Notes in Computer Science" volume 473, 1991, pg 230-244, - * published by Springer Verlag. - */ - -/* #define MP_USING_MONT_MULF 1 */ -#include -#include "mpi-priv.h" -#include "mplogic.h" -#include "mpprime.h" -#ifdef MP_USING_MONT_MULF -#include "montmulf.h" -#endif - -#define STATIC -/* #define DEBUG 1 */ - -#define MAX_WINDOW_BITS 6 -#define MAX_ODD_INTS 32 /* 2 ** (WINDOW_BITS - 1) */ - -#if defined(_WIN32_WCE) -#define ABORT res = MP_UNDEF; goto CLEANUP -#else -#define ABORT abort() -#endif - -/* computes T = REDC(T), 2^b == R */ -mp_err s_mp_redc(mp_int *T, mp_mont_modulus *mmm) -{ - mp_err res; - mp_size i; - - i = MP_USED(T) + MP_USED(&mmm->N) + 2; - MP_CHECKOK( s_mp_pad(T, i) ); - for (i = 0; i < MP_USED(&mmm->N); ++i ) { - mp_digit m_i = MP_DIGIT(T, i) * mmm->n0prime; - /* T += N * m_i * (MP_RADIX ** i); */ - MP_CHECKOK( s_mp_mul_d_add_offset(&mmm->N, m_i, T, i) ); - } - s_mp_clamp(T); - - /* T /= R */ - s_mp_div_2d(T, mmm->b); - - if ((res = s_mp_cmp(T, &mmm->N)) >= 0) { - /* T = T - N */ - MP_CHECKOK( s_mp_sub(T, &mmm->N) ); -#ifdef DEBUG - if ((res = mp_cmp(T, &mmm->N)) >= 0) { - res = MP_UNDEF; - goto CLEANUP; - } -#endif - } - res = MP_OKAY; -CLEANUP: - return res; -} - -#if !defined(MP_ASSEMBLY_MUL_MONT) && !defined(MP_MONT_USE_MP_MUL) -mp_err s_mp_mul_mont(const mp_int *a, const mp_int *b, mp_int *c, - mp_mont_modulus *mmm) -{ - mp_digit *pb; - mp_digit m_i; - mp_err res; - mp_size ib; - mp_size useda, usedb; - - ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); - - if (MP_USED(a) < MP_USED(b)) { - const mp_int *xch = b; /* switch a and b, to do fewer outer loops */ - b = a; - a = xch; - } - - MP_USED(c) = 1; MP_DIGIT(c, 0) = 0; - ib = MP_USED(a) + MP_MAX(MP_USED(b), MP_USED(&mmm->N)) + 2; - if((res = s_mp_pad(c, ib)) != MP_OKAY) - goto CLEANUP; - - useda = MP_USED(a); - pb = MP_DIGITS(b); - s_mpv_mul_d(MP_DIGITS(a), useda, *pb++, MP_DIGITS(c)); - s_mp_setz(MP_DIGITS(c) + useda + 1, ib - (useda + 1)); - m_i = MP_DIGIT(c, 0) * mmm->n0prime; - s_mp_mul_d_add_offset(&mmm->N, m_i, c, 0); - - /* Outer loop: Digits of b */ - usedb = MP_USED(b); - for (ib = 1; ib < usedb; ib++) { - mp_digit b_i = *pb++; - - /* Inner product: Digits of a */ - if (b_i) - s_mpv_mul_d_add_prop(MP_DIGITS(a), useda, b_i, MP_DIGITS(c) + ib); - m_i = MP_DIGIT(c, ib) * mmm->n0prime; - s_mp_mul_d_add_offset(&mmm->N, m_i, c, ib); - } - if (usedb < MP_USED(&mmm->N)) { - for (usedb = MP_USED(&mmm->N); ib < usedb; ++ib ) { - m_i = MP_DIGIT(c, ib) * mmm->n0prime; - s_mp_mul_d_add_offset(&mmm->N, m_i, c, ib); - } - } - s_mp_clamp(c); - s_mp_div_2d(c, mmm->b); - if (s_mp_cmp(c, &mmm->N) >= 0) { - MP_CHECKOK( s_mp_sub(c, &mmm->N) ); - } - res = MP_OKAY; - -CLEANUP: - return res; -} -#endif - -STATIC -mp_err s_mp_to_mont(const mp_int *x, mp_mont_modulus *mmm, mp_int *xMont) -{ - mp_err res; - - /* xMont = x * R mod N where N is modulus */ - MP_CHECKOK( mpl_lsh(x, xMont, mmm->b) ); /* xMont = x << b */ - MP_CHECKOK( mp_div(xMont, &mmm->N, 0, xMont) ); /* mod N */ -CLEANUP: - return res; -} - -#ifdef MP_USING_MONT_MULF - -unsigned int mp_using_mont_mulf = 1; - -/* computes montgomery square of the integer in mResult */ -#define SQR \ - conv_i32_to_d32_and_d16(dm1, d16Tmp, mResult, nLen); \ - mont_mulf_noconv(mResult, dm1, d16Tmp, \ - dTmp, dn, MP_DIGITS(modulus), nLen, dn0) - -/* computes montgomery product of x and the integer in mResult */ -#define MUL(x) \ - conv_i32_to_d32(dm1, mResult, nLen); \ - mont_mulf_noconv(mResult, dm1, oddPowers[x], \ - dTmp, dn, MP_DIGITS(modulus), nLen, dn0) - -/* Do modular exponentiation using floating point multiply code. */ -mp_err mp_exptmod_f(const mp_int * montBase, - const mp_int * exponent, - const mp_int * modulus, - mp_int * result, - mp_mont_modulus *mmm, - int nLen, - mp_size bits_in_exponent, - mp_size window_bits, - mp_size odd_ints) -{ - mp_digit *mResult; - double *dBuf = 0, *dm1, *dn, *dSqr, *d16Tmp, *dTmp; - double dn0; - mp_size i; - mp_err res; - int expOff; - int dSize = 0, oddPowSize, dTmpSize; - mp_int accum1; - double *oddPowers[MAX_ODD_INTS]; - - /* function for computing n0prime only works if n0 is odd */ - - MP_DIGITS(&accum1) = 0; - - for (i = 0; i < MAX_ODD_INTS; ++i) - oddPowers[i] = 0; - - MP_CHECKOK( mp_init_size(&accum1, 3 * nLen + 2) ); - - mp_set(&accum1, 1); - MP_CHECKOK( s_mp_to_mont(&accum1, mmm, &accum1) ); - MP_CHECKOK( s_mp_pad(&accum1, nLen) ); - - oddPowSize = 2 * nLen + 1; - dTmpSize = 2 * oddPowSize; - dSize = sizeof(double) * (nLen * 4 + 1 + - ((odd_ints + 1) * oddPowSize) + dTmpSize); - dBuf = (double *)malloc(dSize); - dm1 = dBuf; /* array of d32 */ - dn = dBuf + nLen; /* array of d32 */ - dSqr = dn + nLen; /* array of d32 */ - d16Tmp = dSqr + nLen; /* array of d16 */ - dTmp = d16Tmp + oddPowSize; - - for (i = 0; i < odd_ints; ++i) { - oddPowers[i] = dTmp; - dTmp += oddPowSize; - } - mResult = (mp_digit *)(dTmp + dTmpSize); /* size is nLen + 1 */ - - /* Make dn and dn0 */ - conv_i32_to_d32(dn, MP_DIGITS(modulus), nLen); - dn0 = (double)(mmm->n0prime & 0xffff); - - /* Make dSqr */ - conv_i32_to_d32_and_d16(dm1, oddPowers[0], MP_DIGITS(montBase), nLen); - mont_mulf_noconv(mResult, dm1, oddPowers[0], - dTmp, dn, MP_DIGITS(modulus), nLen, dn0); - conv_i32_to_d32(dSqr, mResult, nLen); - - for (i = 1; i < odd_ints; ++i) { - mont_mulf_noconv(mResult, dSqr, oddPowers[i - 1], - dTmp, dn, MP_DIGITS(modulus), nLen, dn0); - conv_i32_to_d16(oddPowers[i], mResult, nLen); - } - - s_mp_copy(MP_DIGITS(&accum1), mResult, nLen); /* from, to, len */ - - for (expOff = bits_in_exponent - window_bits; expOff >= 0; expOff -= window_bits) { - mp_size smallExp; - MP_CHECKOK( mpl_get_bits(exponent, expOff, window_bits) ); - smallExp = (mp_size)res; - - if (window_bits == 1) { - if (!smallExp) { - SQR; - } else if (smallExp & 1) { - SQR; MUL(0); - } else { - ABORT; - } - } else if (window_bits == 4) { - if (!smallExp) { - SQR; SQR; SQR; SQR; - } else if (smallExp & 1) { - SQR; SQR; SQR; SQR; MUL(smallExp/2); - } else if (smallExp & 2) { - SQR; SQR; SQR; MUL(smallExp/4); SQR; - } else if (smallExp & 4) { - SQR; SQR; MUL(smallExp/8); SQR; SQR; - } else if (smallExp & 8) { - SQR; MUL(smallExp/16); SQR; SQR; SQR; - } else { - ABORT; - } - } else if (window_bits == 5) { - if (!smallExp) { - SQR; SQR; SQR; SQR; SQR; - } else if (smallExp & 1) { - SQR; SQR; SQR; SQR; SQR; MUL(smallExp/2); - } else if (smallExp & 2) { - SQR; SQR; SQR; SQR; MUL(smallExp/4); SQR; - } else if (smallExp & 4) { - SQR; SQR; SQR; MUL(smallExp/8); SQR; SQR; - } else if (smallExp & 8) { - SQR; SQR; MUL(smallExp/16); SQR; SQR; SQR; - } else if (smallExp & 0x10) { - SQR; MUL(smallExp/32); SQR; SQR; SQR; SQR; - } else { - ABORT; - } - } else if (window_bits == 6) { - if (!smallExp) { - SQR; SQR; SQR; SQR; SQR; SQR; - } else if (smallExp & 1) { - SQR; SQR; SQR; SQR; SQR; SQR; MUL(smallExp/2); - } else if (smallExp & 2) { - SQR; SQR; SQR; SQR; SQR; MUL(smallExp/4); SQR; - } else if (smallExp & 4) { - SQR; SQR; SQR; SQR; MUL(smallExp/8); SQR; SQR; - } else if (smallExp & 8) { - SQR; SQR; SQR; MUL(smallExp/16); SQR; SQR; SQR; - } else if (smallExp & 0x10) { - SQR; SQR; MUL(smallExp/32); SQR; SQR; SQR; SQR; - } else if (smallExp & 0x20) { - SQR; MUL(smallExp/64); SQR; SQR; SQR; SQR; SQR; - } else { - ABORT; - } - } else { - ABORT; - } - } - - s_mp_copy(mResult, MP_DIGITS(&accum1), nLen); /* from, to, len */ - - res = s_mp_redc(&accum1, mmm); - mp_exch(&accum1, result); - -CLEANUP: - mp_clear(&accum1); - if (dBuf) { - if (dSize) - memset(dBuf, 0, dSize); - free(dBuf); - } - - return res; -} -#undef SQR -#undef MUL -#endif - -#define SQR(a,b) \ - MP_CHECKOK( mp_sqr(a, b) );\ - MP_CHECKOK( s_mp_redc(b, mmm) ) - -#if defined(MP_MONT_USE_MP_MUL) -#define MUL(x,a,b) \ - MP_CHECKOK( mp_mul(a, oddPowers + (x), b) ); \ - MP_CHECKOK( s_mp_redc(b, mmm) ) -#else -#define MUL(x,a,b) \ - MP_CHECKOK( s_mp_mul_mont(a, oddPowers + (x), b, mmm) ) -#endif - -#define SWAPPA ptmp = pa1; pa1 = pa2; pa2 = ptmp - -/* Do modular exponentiation using integer multiply code. */ -mp_err mp_exptmod_i(const mp_int * montBase, - const mp_int * exponent, - const mp_int * modulus, - mp_int * result, - mp_mont_modulus *mmm, - int nLen, - mp_size bits_in_exponent, - mp_size window_bits, - mp_size odd_ints) -{ - mp_int *pa1, *pa2, *ptmp; - mp_size i; - mp_err res; - int expOff; - mp_int accum1, accum2, power2, oddPowers[MAX_ODD_INTS]; - - /* power2 = base ** 2; oddPowers[i] = base ** (2*i + 1); */ - /* oddPowers[i] = base ** (2*i + 1); */ - - MP_DIGITS(&accum1) = 0; - MP_DIGITS(&accum2) = 0; - MP_DIGITS(&power2) = 0; - for (i = 0; i < MAX_ODD_INTS; ++i) { - MP_DIGITS(oddPowers + i) = 0; - } - - MP_CHECKOK( mp_init_size(&accum1, 3 * nLen + 2) ); - MP_CHECKOK( mp_init_size(&accum2, 3 * nLen + 2) ); - - MP_CHECKOK( mp_init_copy(&oddPowers[0], montBase) ); - - mp_init_size(&power2, nLen + 2 * MP_USED(montBase) + 2); - MP_CHECKOK( mp_sqr(montBase, &power2) ); /* power2 = montBase ** 2 */ - MP_CHECKOK( s_mp_redc(&power2, mmm) ); - - for (i = 1; i < odd_ints; ++i) { - mp_init_size(oddPowers + i, nLen + 2 * MP_USED(&power2) + 2); - MP_CHECKOK( mp_mul(oddPowers + (i - 1), &power2, oddPowers + i) ); - MP_CHECKOK( s_mp_redc(oddPowers + i, mmm) ); - } - - /* set accumulator to montgomery residue of 1 */ - mp_set(&accum1, 1); - MP_CHECKOK( s_mp_to_mont(&accum1, mmm, &accum1) ); - pa1 = &accum1; - pa2 = &accum2; - - for (expOff = bits_in_exponent - window_bits; expOff >= 0; expOff -= window_bits) { - mp_size smallExp; - MP_CHECKOK( mpl_get_bits(exponent, expOff, window_bits) ); - smallExp = (mp_size)res; - - if (window_bits == 1) { - if (!smallExp) { - SQR(pa1,pa2); SWAPPA; - } else if (smallExp & 1) { - SQR(pa1,pa2); MUL(0,pa2,pa1); - } else { - ABORT; - } - } else if (window_bits == 4) { - if (!smallExp) { - SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); - } else if (smallExp & 1) { - SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); - MUL(smallExp/2, pa1,pa2); SWAPPA; - } else if (smallExp & 2) { - SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); - MUL(smallExp/4,pa2,pa1); SQR(pa1,pa2); SWAPPA; - } else if (smallExp & 4) { - SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/8,pa1,pa2); - SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA; - } else if (smallExp & 8) { - SQR(pa1,pa2); MUL(smallExp/16,pa2,pa1); SQR(pa1,pa2); - SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA; - } else { - ABORT; - } - } else if (window_bits == 5) { - if (!smallExp) { - SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); - SQR(pa1,pa2); SWAPPA; - } else if (smallExp & 1) { - SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); - SQR(pa1,pa2); MUL(smallExp/2,pa2,pa1); - } else if (smallExp & 2) { - SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); - MUL(smallExp/4,pa1,pa2); SQR(pa2,pa1); - } else if (smallExp & 4) { - SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); - MUL(smallExp/8,pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); - } else if (smallExp & 8) { - SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/16,pa1,pa2); - SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); - } else if (smallExp & 0x10) { - SQR(pa1,pa2); MUL(smallExp/32,pa2,pa1); SQR(pa1,pa2); - SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); - } else { - ABORT; - } - } else if (window_bits == 6) { - if (!smallExp) { - SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); - SQR(pa1,pa2); SQR(pa2,pa1); - } else if (smallExp & 1) { - SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); - SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/2,pa1,pa2); SWAPPA; - } else if (smallExp & 2) { - SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); - SQR(pa1,pa2); MUL(smallExp/4,pa2,pa1); SQR(pa1,pa2); SWAPPA; - } else if (smallExp & 4) { - SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); - MUL(smallExp/8,pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA; - } else if (smallExp & 8) { - SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); - MUL(smallExp/16,pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); - SQR(pa1,pa2); SWAPPA; - } else if (smallExp & 0x10) { - SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/32,pa1,pa2); - SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA; - } else if (smallExp & 0x20) { - SQR(pa1,pa2); MUL(smallExp/64,pa2,pa1); SQR(pa1,pa2); - SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA; - } else { - ABORT; - } - } else { - ABORT; - } - } - - res = s_mp_redc(pa1, mmm); - mp_exch(pa1, result); - -CLEANUP: - mp_clear(&accum1); - mp_clear(&accum2); - mp_clear(&power2); - for (i = 0; i < odd_ints; ++i) { - mp_clear(oddPowers + i); - } - return res; -} -#undef SQR -#undef MUL - - -mp_err mp_exptmod(const mp_int *inBase, const mp_int *exponent, - const mp_int *modulus, mp_int *result) -{ - const mp_int *base; - mp_size bits_in_exponent, i, window_bits, odd_ints; - mp_err res; - int nLen; - mp_int montBase, goodBase; - mp_mont_modulus mmm; - - /* function for computing n0prime only works if n0 is odd */ - if (!mp_isodd(modulus)) - return s_mp_exptmod(inBase, exponent, modulus, result); - - MP_DIGITS(&montBase) = 0; - MP_DIGITS(&goodBase) = 0; - - if (mp_cmp(inBase, modulus) < 0) { - base = inBase; - } else { - MP_CHECKOK( mp_init(&goodBase) ); - base = &goodBase; - MP_CHECKOK( mp_mod(inBase, modulus, &goodBase) ); - } - - nLen = MP_USED(modulus); - MP_CHECKOK( mp_init_size(&montBase, 2 * nLen + 2) ); - - mmm.N = *modulus; /* a copy of the mp_int struct */ - i = mpl_significant_bits(modulus); - i += MP_DIGIT_BIT - 1; - mmm.b = i - i % MP_DIGIT_BIT; - - /* compute n0', given n0, n0' = -(n0 ** -1) mod MP_RADIX - ** where n0 = least significant mp_digit of N, the modulus. - */ - mmm.n0prime = 0 - s_mp_invmod_radix( MP_DIGIT(modulus, 0) ); - - MP_CHECKOK( s_mp_to_mont(base, &mmm, &montBase) ); - - bits_in_exponent = mpl_significant_bits(exponent); - if (bits_in_exponent > 480) - window_bits = 6; - else if (bits_in_exponent > 160) - window_bits = 5; - else if (bits_in_exponent > 20) - window_bits = 4; - /* RSA public key exponents are typically under 20 bits (common values - * are: 3, 17, 65537) and a 4-bit window is inefficient - */ - else - window_bits = 1; - odd_ints = 1 << (window_bits - 1); - i = bits_in_exponent % window_bits; - if (i != 0) { - bits_in_exponent += window_bits - i; - } - -#ifdef MP_USING_MONT_MULF - if (mp_using_mont_mulf) { - MP_CHECKOK( s_mp_pad(&montBase, nLen) ); - res = mp_exptmod_f(&montBase, exponent, modulus, result, &mmm, nLen, - bits_in_exponent, window_bits, odd_ints); - } else -#endif - res = mp_exptmod_i(&montBase, exponent, modulus, result, &mmm, nLen, - bits_in_exponent, window_bits, odd_ints); - -CLEANUP: - mp_clear(&montBase); - mp_clear(&goodBase); - /* Don't mp_clear mmm.N because it is merely a copy of modulus. - ** Just zap it. - */ - memset(&mmm, 0, sizeof mmm); - return res; -} diff --git a/security/nss/lib/freebl/mpi/mpprime.c b/security/nss/lib/freebl/mpi/mpprime.c deleted file mode 100644 index 636dbb188..000000000 --- a/security/nss/lib/freebl/mpi/mpprime.c +++ /dev/null @@ -1,622 +0,0 @@ -/* - * mpprime.c - * - * Utilities for finding and working with prime and pseudo-prime - * integers - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1997, 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * Netscape Communications Corporation - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - */ - -#include "mpi-priv.h" -#include "mpprime.h" -#include "mplogic.h" -#include -#include - -#define SMALL_TABLE 0 /* determines size of hard-wired prime table */ - -#define RANDOM() rand() - -#include "primes.c" /* pull in the prime digit table */ - -/* - Test if any of a given vector of digits divides a. If not, MP_NO - is returned; otherwise, MP_YES is returned and 'which' is set to - the index of the integer in the vector which divided a. - */ -mp_err s_mpp_divp(mp_int *a, const mp_digit *vec, int size, int *which); - -/* {{{ mpp_divis(a, b) */ - -/* - mpp_divis(a, b) - - Returns MP_YES if a is divisible by b, or MP_NO if it is not. - */ - -mp_err mpp_divis(mp_int *a, mp_int *b) -{ - mp_err res; - mp_int rem; - - if((res = mp_init(&rem)) != MP_OKAY) - return res; - - if((res = mp_mod(a, b, &rem)) != MP_OKAY) - goto CLEANUP; - - if(mp_cmp_z(&rem) == 0) - res = MP_YES; - else - res = MP_NO; - -CLEANUP: - mp_clear(&rem); - return res; - -} /* end mpp_divis() */ - -/* }}} */ - -/* {{{ mpp_divis_d(a, d) */ - -/* - mpp_divis_d(a, d) - - Return MP_YES if a is divisible by d, or MP_NO if it is not. - */ - -mp_err mpp_divis_d(mp_int *a, mp_digit d) -{ - mp_err res; - mp_digit rem; - - ARGCHK(a != NULL, MP_BADARG); - - if(d == 0) - return MP_NO; - - if((res = mp_mod_d(a, d, &rem)) != MP_OKAY) - return res; - - if(rem == 0) - return MP_YES; - else - return MP_NO; - -} /* end mpp_divis_d() */ - -/* }}} */ - -/* {{{ mpp_random(a) */ - -/* - mpp_random(a) - - Assigns a random value to a. This value is generated using the - standard C library's rand() function, so it should not be used for - cryptographic purposes, but it should be fine for primality testing, - since all we really care about there is good statistical properties. - - As many digits as a currently has are filled with random digits. - */ - -mp_err mpp_random(mp_int *a) - -{ - mp_digit next = 0; - unsigned int ix, jx; - - ARGCHK(a != NULL, MP_BADARG); - - for(ix = 0; ix < USED(a); ix++) { - for(jx = 0; jx < sizeof(mp_digit); jx++) { - next = (next << CHAR_BIT) | (RANDOM() & UCHAR_MAX); - } - DIGIT(a, ix) = next; - } - - return MP_OKAY; - -} /* end mpp_random() */ - -/* }}} */ - -/* {{{ mpp_random_size(a, prec) */ - -mp_err mpp_random_size(mp_int *a, mp_size prec) -{ - mp_err res; - - ARGCHK(a != NULL && prec > 0, MP_BADARG); - - if((res = s_mp_pad(a, prec)) != MP_OKAY) - return res; - - return mpp_random(a); - -} /* end mpp_random_size() */ - -/* }}} */ - -/* {{{ mpp_divis_vector(a, vec, size, which) */ - -/* - mpp_divis_vector(a, vec, size, which) - - Determines if a is divisible by any of the 'size' digits in vec. - Returns MP_YES and sets 'which' to the index of the offending digit, - if it is; returns MP_NO if it is not. - */ - -mp_err mpp_divis_vector(mp_int *a, const mp_digit *vec, int size, int *which) -{ - ARGCHK(a != NULL && vec != NULL && size > 0, MP_BADARG); - - return s_mpp_divp(a, vec, size, which); - -} /* end mpp_divis_vector() */ - -/* }}} */ - -/* {{{ mpp_divis_primes(a, np) */ - -/* - mpp_divis_primes(a, np) - - Test whether a is divisible by any of the first 'np' primes. If it - is, returns MP_YES and sets *np to the value of the digit that did - it. If not, returns MP_NO. - */ -mp_err mpp_divis_primes(mp_int *a, mp_digit *np) -{ - int size, which; - mp_err res; - - ARGCHK(a != NULL && np != NULL, MP_BADARG); - - size = (int)*np; - if(size > prime_tab_size) - size = prime_tab_size; - - res = mpp_divis_vector(a, prime_tab, size, &which); - if(res == MP_YES) - *np = prime_tab[which]; - - return res; - -} /* end mpp_divis_primes() */ - -/* }}} */ - -/* {{{ mpp_fermat(a, w) */ - -/* - Using w as a witness, try pseudo-primality testing based on Fermat's - little theorem. If a is prime, and (w, a) = 1, then w^a == w (mod - a). So, we compute z = w^a (mod a) and compare z to w; if they are - equal, the test passes and we return MP_YES. Otherwise, we return - MP_NO. - */ -mp_err mpp_fermat(mp_int *a, mp_digit w) -{ - mp_int base, test; - mp_err res; - - if((res = mp_init(&base)) != MP_OKAY) - return res; - - mp_set(&base, w); - - if((res = mp_init(&test)) != MP_OKAY) - goto TEST; - - /* Compute test = base^a (mod a) */ - if((res = mp_exptmod(&base, a, a, &test)) != MP_OKAY) - goto CLEANUP; - - - if(mp_cmp(&base, &test) == 0) - res = MP_YES; - else - res = MP_NO; - - CLEANUP: - mp_clear(&test); - TEST: - mp_clear(&base); - - return res; - -} /* end mpp_fermat() */ - -/* }}} */ - -/* - Perform the fermat test on each of the primes in a list until - a) one of them shows a is not prime, or - b) the list is exhausted. - Returns: MP_YES if it passes tests. - MP_NO if fermat test reveals it is composite - Some MP error code if some other error occurs. - */ -mp_err mpp_fermat_list(mp_int *a, const mp_digit *primes, mp_size nPrimes) -{ - mp_err rv = MP_YES; - - while (nPrimes-- > 0 && rv == MP_YES) { - rv = mpp_fermat(a, *primes++); - } - return rv; -} - -/* {{{ mpp_pprime(a, nt) */ - -/* - mpp_pprime(a, nt) - - Performs nt iteration of the Miller-Rabin probabilistic primality - test on a. Returns MP_YES if the tests pass, MP_NO if one fails. - If MP_NO is returned, the number is definitely composite. If MP_YES - is returned, it is probably prime (but that is not guaranteed). - */ - -mp_err mpp_pprime(mp_int *a, int nt) -{ - mp_err res; - mp_int x, amo, m, z; /* "amo" = "a minus one" */ - int iter; - unsigned int jx; - mp_size b; - - ARGCHK(a != NULL, MP_BADARG); - - MP_DIGITS(&x) = 0; - MP_DIGITS(&amo) = 0; - MP_DIGITS(&m) = 0; - MP_DIGITS(&z) = 0; - - /* Initialize temporaries... */ - MP_CHECKOK( mp_init(&amo)); - /* Compute amo = a - 1 for what follows... */ - MP_CHECKOK( mp_sub_d(a, 1, &amo) ); - - b = mp_trailing_zeros(&amo); - if (!b) { /* a was even ? */ - res = MP_NO; - goto CLEANUP; - } - - MP_CHECKOK( mp_init_size(&x, MP_USED(a)) ); - MP_CHECKOK( mp_init(&z) ); - MP_CHECKOK( mp_init(&m) ); - MP_CHECKOK( mp_div_2d(&amo, b, &m, 0) ); - - /* Do the test nt times... */ - for(iter = 0; iter < nt; iter++) { - - /* Choose a random value for x < a */ - s_mp_pad(&x, USED(a)); - mpp_random(&x); - MP_CHECKOK( mp_mod(&x, a, &x) ); - - /* Compute z = (x ** m) mod a */ - MP_CHECKOK( mp_exptmod(&x, &m, a, &z) ); - - if(mp_cmp_d(&z, 1) == 0 || mp_cmp(&z, &amo) == 0) { - res = MP_YES; - continue; - } - - res = MP_NO; /* just in case the following for loop never executes. */ - for (jx = 1; jx < b; jx++) { - /* z = z^2 (mod a) */ - MP_CHECKOK( mp_sqrmod(&z, a, &z) ); - res = MP_NO; /* previous line set res to MP_YES */ - - if(mp_cmp_d(&z, 1) == 0) { - break; - } - if(mp_cmp(&z, &amo) == 0) { - res = MP_YES; - break; - } - } /* end testing loop */ - - /* If the test passes, we will continue iterating, but a failed - test means the candidate is definitely NOT prime, so we will - immediately break out of this loop - */ - if(res == MP_NO) - break; - - } /* end iterations loop */ - -CLEANUP: - mp_clear(&m); - mp_clear(&z); - mp_clear(&x); - mp_clear(&amo); - return res; - -} /* end mpp_pprime() */ - -/* }}} */ - -/* Produce table of composites from list of primes and trial value. -** trial must be odd. List of primes must not include 2. -** sieve should have dimension >= MAXPRIME/2, where MAXPRIME is largest -** prime in list of primes. After this function is finished, -** if sieve[i] is non-zero, then (trial + 2*i) is composite. -** Each prime used in the sieve costs one division of trial, and eliminates -** one or more values from the search space. (3 eliminates 1/3 of the values -** alone!) Each value left in the search space costs 1 or more modular -** exponentations. So, these divisions are a bargain! -*/ -mp_err mpp_sieve(mp_int *trial, const mp_digit *primes, mp_size nPrimes, - unsigned char *sieve, mp_size nSieve) -{ - mp_err res; - mp_digit rem; - mp_size ix; - unsigned long offset; - - memset(sieve, 0, nSieve); - - for(ix = 0; ix < nPrimes; ix++) { - mp_digit prime = primes[ix]; - mp_size i; - if((res = mp_mod_d(trial, prime, &rem)) != MP_OKAY) - return res; - - if (rem == 0) { - offset = 0; - } else { - offset = prime - (rem / 2); - } - for (i = offset; i < nSieve ; i += prime) { - sieve[i] = 1; - } - } - - return MP_OKAY; -} - -#define SIEVE_SIZE 32*1024 - -mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong, - unsigned long * nTries) -{ - mp_digit np; - mp_err res; - int i = 0; - mp_int trial; - mp_int q; - mp_size num_tests; - /* - * Always make sieve the last variabale allocated so that - * Mac builds don't break by adding an extra variable - * on the stack. -javi - */ -#if defined(macintosh) || defined (XP_OS2) \ - || (defined(HPUX) && defined(__ia64)) - unsigned char *sieve; - - sieve = malloc(SIEVE_SIZE); - ARGCHK(sieve != NULL, MP_MEM); -#else - unsigned char sieve[SIEVE_SIZE]; -#endif - - ARGCHK(start != 0, MP_BADARG); - ARGCHK(nBits > 16, MP_RANGE); - - MP_DIGITS(&trial) = 0; - MP_DIGITS(&q) = 0; - MP_CHECKOK( mp_init(&trial) ); - MP_CHECKOK( mp_init(&q) ); - /* values taken from table 4.4, HandBook of Applied Cryptography */ - if (nBits >= 1300) { - num_tests = 2; - } else if (nBits >= 850) { - num_tests = 3; - } else if (nBits >= 650) { - num_tests = 4; - } else if (nBits >= 550) { - num_tests = 5; - } else if (nBits >= 450) { - num_tests = 6; - } else if (nBits >= 400) { - num_tests = 7; - } else if (nBits >= 350) { - num_tests = 8; - } else if (nBits >= 300) { - num_tests = 9; - } else if (nBits >= 250) { - num_tests = 12; - } else if (nBits >= 200) { - num_tests = 15; - } else if (nBits >= 150) { - num_tests = 18; - } else if (nBits >= 100) { - num_tests = 27; - } else - num_tests = 50; - - if (strong) - --nBits; - MP_CHECKOK( mpl_set_bit(start, nBits - 1, 1) ); - MP_CHECKOK( mpl_set_bit(start, 0, 1) ); - for (i = mpl_significant_bits(start) - 1; i >= nBits; --i) { - MP_CHECKOK( mpl_set_bit(start, i, 0) ); - } - /* start sieveing with prime value of 3. */ - MP_CHECKOK(mpp_sieve(start, prime_tab + 1, prime_tab_size - 1, - sieve, SIEVE_SIZE) ); - -#ifdef DEBUG_SIEVE - res = 0; - for (i = 0; i < SIEVE_SIZE; ++i) { - if (!sieve[i]) - ++res; - } - fprintf(stderr,"sieve found %d potential primes.\n", res); -#define FPUTC(x,y) fputc(x,y) -#else -#define FPUTC(x,y) -#endif - - res = MP_NO; - for(i = 0; i < SIEVE_SIZE; ++i) { - if (sieve[i]) /* this number is composite */ - continue; - MP_CHECKOK( mp_add_d(start, 2 * i, &trial) ); - FPUTC('.', stderr); - /* run a Fermat test */ - res = mpp_fermat(&trial, 2); - if (res != MP_OKAY) { - if (res == MP_NO) - continue; /* was composite */ - goto CLEANUP; - } - - FPUTC('+', stderr); - /* If that passed, run some Miller-Rabin tests */ - res = mpp_pprime(&trial, num_tests); - if (res != MP_OKAY) { - if (res == MP_NO) - continue; /* was composite */ - goto CLEANUP; - } - FPUTC('!', stderr); - - if (!strong) - break; /* success !! */ - - /* At this point, we have strong evidence that our candidate - is itself prime. If we want a strong prime, we need now - to test q = 2p + 1 for primality... - */ - MP_CHECKOK( mp_mul_2(&trial, &q) ); - MP_CHECKOK( mp_add_d(&q, 1, &q) ); - - /* Test q for small prime divisors ... */ - np = prime_tab_size; - res = mpp_divis_primes(&q, &np); - if (res == MP_YES) { /* is composite */ - mp_clear(&q); - continue; - } - if (res != MP_NO) - goto CLEANUP; - - /* And test with Fermat, as with its parent ... */ - res = mpp_fermat(&q, 2); - if (res != MP_YES) { - mp_clear(&q); - if (res == MP_NO) - continue; /* was composite */ - goto CLEANUP; - } - - /* And test with Miller-Rabin, as with its parent ... */ - res = mpp_pprime(&q, num_tests); - if (res != MP_YES) { - mp_clear(&q); - if (res == MP_NO) - continue; /* was composite */ - goto CLEANUP; - } - - /* If it passed, we've got a winner */ - mp_exch(&q, &trial); - mp_clear(&q); - break; - - } /* end of loop through sieved values */ - if (res == MP_YES) - mp_exch(&trial, start); -CLEANUP: - mp_clear(&trial); - mp_clear(&q); - if (nTries) - *nTries += i; -#if defined(macintosh) || defined(XP_OS2) \ - || (defined(HPUX) && defined(__ia64)) - if (sieve != NULL) { - memset(sieve, 0, SIEVE_SIZE); - free (sieve); - } -#endif - return res; -} - -/*========================================================================*/ -/*------------------------------------------------------------------------*/ -/* Static functions visible only to the library internally */ - -/* {{{ s_mpp_divp(a, vec, size, which) */ - -/* - Test for divisibility by members of a vector of digits. Returns - MP_NO if a is not divisible by any of them; returns MP_YES and sets - 'which' to the index of the offender, if it is. Will stop on the - first digit against which a is divisible. - */ - -mp_err s_mpp_divp(mp_int *a, const mp_digit *vec, int size, int *which) -{ - mp_err res; - mp_digit rem; - - int ix; - - for(ix = 0; ix < size; ix++) { - if((res = mp_mod_d(a, vec[ix], &rem)) != MP_OKAY) - return res; - - if(rem == 0) { - if(which) - *which = ix; - return MP_YES; - } - } - - return MP_NO; - -} /* end s_mpp_divp() */ - -/* }}} */ - -/*------------------------------------------------------------------------*/ -/* HERE THERE BE DRAGONS */ diff --git a/security/nss/lib/freebl/mpi/mpprime.h b/security/nss/lib/freebl/mpi/mpprime.h deleted file mode 100644 index 1204580f6..000000000 --- a/security/nss/lib/freebl/mpi/mpprime.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * mpprime.h - * - * Utilities for finding and working with prime and pseudo-prime - * integers - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1997, 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#ifndef _H_MP_PRIME_ -#define _H_MP_PRIME_ - -#include "mpi.h" - -extern const int prime_tab_size; /* number of primes available */ -extern const mp_digit prime_tab[]; - -/* Tests for divisibility */ -mp_err mpp_divis(mp_int *a, mp_int *b); -mp_err mpp_divis_d(mp_int *a, mp_digit d); - -/* Random selection */ -mp_err mpp_random(mp_int *a); -mp_err mpp_random_size(mp_int *a, mp_size prec); - -/* Pseudo-primality testing */ -mp_err mpp_divis_vector(mp_int *a, const mp_digit *vec, int size, int *which); -mp_err mpp_divis_primes(mp_int *a, mp_digit *np); -mp_err mpp_fermat(mp_int *a, mp_digit w); -mp_err mpp_fermat_list(mp_int *a, const mp_digit *primes, mp_size nPrimes); -mp_err mpp_pprime(mp_int *a, int nt); -mp_err mpp_sieve(mp_int *trial, const mp_digit *primes, mp_size nPrimes, - unsigned char *sieve, mp_size nSieve); -mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong, - unsigned long * nTries); - -#endif /* end _H_MP_PRIME_ */ diff --git a/security/nss/lib/freebl/mpi/mpv_sparc.c b/security/nss/lib/freebl/mpi/mpv_sparc.c deleted file mode 100644 index a0a0b78fb..000000000 --- a/security/nss/lib/freebl/mpi/mpv_sparc.c +++ /dev/null @@ -1,249 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is a SPARC/VIS optimized multiply and add function - * - * The Initial Developer of the Original Code is Sun Microsystems Inc. - * Portions created by Sun Microsystems Inc. are - * Copyright (C) 1999-2000 Sun Microsystems Inc. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * $Id$ - */ - -#include "vis_proto.h" - -/***************************************************************/ - -typedef int t_s32; -typedef unsigned int t_u32; -#if defined(__sparcv9) -typedef long t_s64; -typedef unsigned long t_u64; -#else -typedef long long t_s64; -typedef unsigned long long t_u64; -#endif -typedef double t_d64; - -/***************************************************************/ - -typedef union { - t_d64 d64; - struct { - t_s32 i0; - t_s32 i1; - } i32s; -} d64_2_i32; - -/***************************************************************/ - -#define BUFF_SIZE 256 - -#define A_BITS 19 -#define A_MASK ((1 << A_BITS) - 1) - -/***************************************************************/ - -static t_u64 mask_cnst[] = { - 0x8000000080000000ull -}; - -/***************************************************************/ - -#define DEF_VARS(N) \ - t_d64 *py = (t_d64*)y; \ - t_d64 mask = *((t_d64*)mask_cnst); \ - t_d64 ca = (1u << 31) - 1; \ - t_d64 da = (t_d64)a; \ - t_s64 buff[N], s; \ - d64_2_i32 dy - -/***************************************************************/ - -#define MUL_U32_S64_2(i) \ - dy.d64 = vis_fxnor(mask, py[i]); \ - buff[2*(i) ] = (ca - (t_d64)dy.i32s.i0) * da; \ - buff[2*(i)+1] = (ca - (t_d64)dy.i32s.i1) * da - -#define MUL_U32_S64_2_D(i) \ - dy.d64 = vis_fxnor(mask, py[i]); \ - d0 = ca - (t_d64)dy.i32s.i0; \ - d1 = ca - (t_d64)dy.i32s.i1; \ - buff[4*(i) ] = (t_s64)(d0 * da); \ - buff[4*(i)+1] = (t_s64)(d0 * db); \ - buff[4*(i)+2] = (t_s64)(d1 * da); \ - buff[4*(i)+3] = (t_s64)(d1 * db) - -/***************************************************************/ - -#define ADD_S64_U32(i) \ - s = buff[i] + x[i] + c; \ - z[i] = s; \ - c = (s >> 32) - -#define ADD_S64_U32_D(i) \ - s = buff[2*(i)] +(((t_s64)(buff[2*(i)+1]))<> 32) - -/***************************************************************/ - -#define MUL_U32_S64_8(i) \ - MUL_U32_S64_2(i); \ - MUL_U32_S64_2(i+1); \ - MUL_U32_S64_2(i+2); \ - MUL_U32_S64_2(i+3) - -#define MUL_U32_S64_D_8(i) \ - MUL_U32_S64_2_D(i); \ - MUL_U32_S64_2_D(i+1); \ - MUL_U32_S64_2_D(i+2); \ - MUL_U32_S64_2_D(i+3) - -/***************************************************************/ - -#define ADD_S64_U32_8(i) \ - ADD_S64_U32(i); \ - ADD_S64_U32(i+1); \ - ADD_S64_U32(i+2); \ - ADD_S64_U32(i+3); \ - ADD_S64_U32(i+4); \ - ADD_S64_U32(i+5); \ - ADD_S64_U32(i+6); \ - ADD_S64_U32(i+7) - -#define ADD_S64_U32_D_8(i) \ - ADD_S64_U32_D(i); \ - ADD_S64_U32_D(i+1); \ - ADD_S64_U32_D(i+2); \ - ADD_S64_U32_D(i+3); \ - ADD_S64_U32_D(i+4); \ - ADD_S64_U32_D(i+5); \ - ADD_S64_U32_D(i+6); \ - ADD_S64_U32_D(i+7) - -/***************************************************************/ - -t_u32 mul_add(t_u32 *z, t_u32 *x, t_u32 *y, int n, t_u32 a) -{ - if (a < (1 << A_BITS)) { - - if (n == 8) { - DEF_VARS(8); - t_s32 c = 0; - - MUL_U32_S64_8(0); - ADD_S64_U32_8(0); - - return c; - - } else if (n == 16) { - DEF_VARS(16); - t_s32 c = 0; - - MUL_U32_S64_8(0); - MUL_U32_S64_8(4); - ADD_S64_U32_8(0); - ADD_S64_U32_8(8); - - return c; - - } else { - DEF_VARS(BUFF_SIZE); - t_s32 i, c = 0; - -#pragma pipeloop(0) - for (i = 0; i < (n+1)/2; i ++) { - MUL_U32_S64_2(i); - } - -#pragma pipeloop(0) - for (i = 0; i < n; i ++) { - ADD_S64_U32(i); - } - - return c; - - } - } else { - - if (n == 8) { - DEF_VARS(2*8); - t_d64 d0, d1, db; - t_u32 uc = 0; - - da = (t_d64)(a & A_MASK); - db = (t_d64)(a >> A_BITS); - - MUL_U32_S64_D_8(0); - ADD_S64_U32_D_8(0); - - return uc; - - } else if (n == 16) { - DEF_VARS(2*16); - t_d64 d0, d1, db; - t_u32 uc = 0; - - da = (t_d64)(a & A_MASK); - db = (t_d64)(a >> A_BITS); - - MUL_U32_S64_D_8(0); - MUL_U32_S64_D_8(4); - ADD_S64_U32_D_8(0); - ADD_S64_U32_D_8(8); - - return uc; - - } else { - DEF_VARS(2*BUFF_SIZE); - t_d64 d0, d1, db; - t_u32 i, uc = 0; - - da = (t_d64)(a & A_MASK); - db = (t_d64)(a >> A_BITS); - -#pragma pipeloop(0) - for (i = 0; i < (n+1)/2; i ++) { - MUL_U32_S64_2_D(i); - } - -#pragma pipeloop(0) - for (i = 0; i < n; i ++) { - ADD_S64_U32_D(i); - } - - return uc; - } - } -} - -/***************************************************************/ - -t_u32 mul_add_inp(t_u32 *x, t_u32 *y, int n, t_u32 a) -{ - return mul_add(x, x, y, n, a); -} - -/***************************************************************/ diff --git a/security/nss/lib/freebl/mpi/mpv_sparcv8.s b/security/nss/lib/freebl/mpi/mpv_sparcv8.s deleted file mode 100644 index 81fdd1b93..000000000 --- a/security/nss/lib/freebl/mpi/mpv_sparcv8.s +++ /dev/null @@ -1,1641 +0,0 @@ -!/* -! * The contents of this file are subject to the Mozilla Public -! * License Version 1.1 (the "License"); you may not use this file -! * except in compliance with the License. You may obtain a copy of -! * the License at http://www.mozilla.org/MPL/ -! * -! * Software distributed under the License is distributed on an "AS -! * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -! * implied. See the License for the specific language governing -! * rights and limitations under the License. -! * -! * The Original Code is a SPARC/VIS optimized multiply and add function -! * -! * The Initial Developer of the Original Code is Sun Microsystems Inc. -! * Portions created by Sun Microsystems Inc. are -! * Copyright (C) 1999-2000 Sun Microsystems Inc. All Rights Reserved. -! * -! * Contributor(s): -! * -! * Alternatively, the contents of this file may be used under the -! * terms of the GNU General Public License Version 2 or later (the -! * "GPL"), in which case the provisions of the GPL are applicable -! * instead of those above. If you wish to allow use of your -! * version of this file only under the terms of the GPL and not to -! * allow others to use your version of this file under the MPL, -! * indicate your decision by deleting the provisions above and -! * replace them with the notice and other provisions required by -! * the GPL. If you do not delete the provisions above, a recipient -! * may use your version of this file under either the MPL or the -! * GPL. -! * $Id$ -! */ - - - .section ".text",#alloc,#execinstr -/* 000000 3 ( 0 0) */ .file "mpv_sparc.c" -/* 000000 14 ( 0 0) */ .align 8 -! -! SUBROUTINE .L_const_seg_900000106 -! -! OFFSET SOURCE LINE LABEL INSTRUCTION (ISSUE TIME) (COMPLETION TIME) - - .L_const_seg_900000106: /* frequency 1.0 confidence 0.0 */ -/* 000000 19 ( 0 0) */ .word 1127219200,0 -/* 0x0008 20 ( 0 0) */ .word 1105199103,-4194304 -/* 0x0010 21 ( 0 0) */ .align 16 -/* 0x0010 27 ( 0 0) */ .global mul_add - -! -! ENTRY mul_add -! - - .global mul_add - mul_add: /* frequency 1.0 confidence 0.0 */ -/* 0x0010 29 ( 0 1) */ sethi %hi(0x1800),%g1 -/* 0x0014 30 ( 0 1) */ sethi %hi(mask_cnst),%g2 -/* 0x0018 31 ( 1 2) */ xor %g1,-984,%g1 -/* 0x001c 32 ( 1 2) */ add %g2,%lo(mask_cnst),%g2 -/* 0x0020 33 ( 2 4) */ save %sp,%g1,%sp - -! -! ENTRY .L900000154 -! - - .L900000154: /* frequency 1.0 confidence 0.0 */ -/* 0x0024 35 ( 0 2) */ call (.+0x8) ! params = ! Result = -/* 0x0028 ( 1 2) */ sethi %hi((_GLOBAL_OFFSET_TABLE_-(.L900000154-.))),%g5 -/* 0x002c 177 ( 2 3) */ sethi %hi(.L_const_seg_900000106),%g3 -/* 0x0030 178 ( 2 3) */ add %g5,%lo((_GLOBAL_OFFSET_TABLE_-(.L900000154-.))),%g5 -/* 0x0034 179 ( 3 4) */ or %g0,%i4,%o1 -/* 0x0038 180 ( 3 4) */ st %o1,[%fp+84] -/* 0x003c 181 ( 3 4) */ add %g5,%o7,%o3 -/* 0x0040 182 ( 4 5) */ add %g3,%lo(.L_const_seg_900000106),%g3 -/* 0x0044 183 ( 4 6) */ ld [%o3+%g2],%g2 -/* 0x0048 184 ( 4 5) */ or %g0,%i3,%o2 -/* 0x004c 185 ( 5 6) */ sethi %hi(0x80000),%g4 -/* 0x0050 186 ( 5 7) */ ld [%o3+%g3],%o0 -/* 0x0054 187 ( 5 6) */ or %g0,%i2,%g5 -/* 0x0058 188 ( 6 7) */ or %g0,%o2,%o3 -/* 0x005c 189 ( 6 10) */ ldd [%g2],%f0 -/* 0x0060 190 ( 6 7) */ subcc %o1,%g4,%g0 -/* 0x0064 191 ( 6 7) */ bcc,pn %icc,.L77000048 ! tprob=0.50 -/* 0x0068 ( 7 8) */ subcc %o2,8,%g0 -/* 0x006c 193 ( 7 8) */ bne,pn %icc,.L77000037 ! tprob=0.50 -/* 0x0070 ( 8 12) */ ldd [%o0],%f8 -/* 0x0074 195 ( 9 13) */ ldd [%g5],%f4 -/* 0x0078 196 (10 14) */ ldd [%g5+8],%f6 -/* 0x007c 197 (11 15) */ ldd [%g5+16],%f10 -/* 0x0080 198 (11 14) */ fmovs %f8,%f12 -/* 0x0084 199 (12 16) */ fxnor %f0,%f4,%f4 -/* 0x0088 200 (12 14) */ ld [%fp+84],%f13 -/* 0x008c 201 (13 17) */ ldd [%o0+8],%f14 -/* 0x0090 202 (13 17) */ fxnor %f0,%f6,%f6 -/* 0x0094 203 (14 18) */ ldd [%g5+24],%f16 -/* 0x0098 204 (14 18) */ fxnor %f0,%f10,%f10 -/* 0x009c 208 (15 17) */ ld [%i1],%g2 -/* 0x00a0 209 (15 20) */ fsubd %f12,%f8,%f8 -/* 0x00a4 210 (16 21) */ fitod %f4,%f18 -/* 0x00a8 211 (16 18) */ ld [%i1+4],%g3 -/* 0x00ac 212 (17 22) */ fitod %f5,%f4 -/* 0x00b0 213 (17 19) */ ld [%i1+8],%g4 -/* 0x00b4 214 (18 23) */ fitod %f6,%f20 -/* 0x00b8 215 (18 20) */ ld [%i1+12],%g5 -/* 0x00bc 216 (19 21) */ ld [%i1+16],%o0 -/* 0x00c0 217 (19 24) */ fitod %f7,%f6 -/* 0x00c4 218 (20 22) */ ld [%i1+20],%o1 -/* 0x00c8 219 (20 24) */ fxnor %f0,%f16,%f16 -/* 0x00cc 220 (21 26) */ fsubd %f14,%f18,%f12 -/* 0x00d0 221 (21 23) */ ld [%i1+24],%o2 -/* 0x00d4 222 (22 27) */ fsubd %f14,%f4,%f4 -/* 0x00d8 223 (22 24) */ ld [%i1+28],%o3 -/* 0x00dc 224 (23 28) */ fitod %f10,%f18 -/* 0x00e0 225 (24 29) */ fsubd %f14,%f20,%f20 -/* 0x00e4 226 (25 30) */ fitod %f11,%f10 -/* 0x00e8 227 (26 31) */ fsubd %f14,%f6,%f6 -/* 0x00ec 228 (26 31) */ fmuld %f12,%f8,%f12 -/* 0x00f0 229 (27 32) */ fitod %f16,%f22 -/* 0x00f4 230 (27 32) */ fmuld %f4,%f8,%f4 -/* 0x00f8 231 (28 33) */ fsubd %f14,%f18,%f18 -/* 0x00fc 232 (29 34) */ fitod %f17,%f16 -/* 0x0100 233 (29 34) */ fmuld %f20,%f8,%f20 -/* 0x0104 234 (30 35) */ fsubd %f14,%f10,%f10 -/* 0x0108 235 (31 36) */ fdtox %f12,%f12 -/* 0x010c 236 (31 32) */ std %f12,[%sp+152] -/* 0x0110 237 (31 36) */ fmuld %f6,%f8,%f6 -/* 0x0114 238 (32 37) */ fdtox %f4,%f4 -/* 0x0118 239 (32 33) */ std %f4,[%sp+144] -/* 0x011c 240 (33 38) */ fsubd %f14,%f22,%f4 -/* 0x0120 241 (33 38) */ fmuld %f18,%f8,%f12 -/* 0x0124 242 (34 39) */ fdtox %f20,%f18 -/* 0x0128 243 (34 35) */ std %f18,[%sp+136] -/* 0x012c 244 (35 37) */ ldx [%sp+152],%o4 -/* 0x0130 245 (35 40) */ fsubd %f14,%f16,%f14 -/* 0x0134 246 (35 40) */ fmuld %f10,%f8,%f10 -/* 0x0138 247 (36 41) */ fdtox %f6,%f6 -/* 0x013c 248 (36 37) */ std %f6,[%sp+128] -/* 0x0140 249 (37 39) */ ldx [%sp+144],%o5 -/* 0x0144 250 (37 38) */ add %o4,%g2,%o4 -/* 0x0148 251 (38 39) */ st %o4,[%i0] -/* 0x014c 252 (38 39) */ srax %o4,32,%g2 -/* 0x0150 253 (38 43) */ fdtox %f12,%f6 -/* 0x0154 254 (38 43) */ fmuld %f4,%f8,%f4 -/* 0x0158 255 (39 40) */ std %f6,[%sp+120] -/* 0x015c 256 (39 40) */ add %o5,%g3,%g3 -/* 0x0160 257 (40 42) */ ldx [%sp+136],%o7 -/* 0x0164 258 (40 41) */ add %g3,%g2,%g2 -/* 0x0168 259 (40 45) */ fmuld %f14,%f8,%f6 -/* 0x016c 260 (40 45) */ fdtox %f10,%f8 -/* 0x0170 261 (41 42) */ std %f8,[%sp+112] -/* 0x0174 262 (41 42) */ srax %g2,32,%o5 -/* 0x0178 263 (42 44) */ ldx [%sp+128],%g3 -/* 0x017c 264 (42 43) */ add %o7,%g4,%g4 -/* 0x0180 265 (43 44) */ st %g2,[%i0+4] -/* 0x0184 266 (43 44) */ add %g4,%o5,%g4 -/* 0x0188 267 (43 48) */ fdtox %f4,%f4 -/* 0x018c 268 (44 46) */ ldx [%sp+120],%o5 -/* 0x0190 269 (44 45) */ add %g3,%g5,%g3 -/* 0x0194 270 (44 45) */ srax %g4,32,%g5 -/* 0x0198 271 (45 46) */ std %f4,[%sp+104] -/* 0x019c 272 (45 46) */ add %g3,%g5,%g3 -/* 0x01a0 273 (45 50) */ fdtox %f6,%f4 -/* 0x01a4 274 (46 47) */ std %f4,[%sp+96] -/* 0x01a8 275 (46 47) */ add %o5,%o0,%o0 -/* 0x01ac 276 (46 47) */ srax %g3,32,%o5 -/* 0x01b0 277 (47 49) */ ldx [%sp+112],%g5 -/* 0x01b4 278 (47 48) */ add %o0,%o5,%o0 -/* 0x01b8 279 (48 49) */ st %g4,[%i0+8] -/* 0x01bc 280 (49 51) */ ldx [%sp+104],%o5 -/* 0x01c0 281 (49 50) */ add %g5,%o1,%o1 -/* 0x01c4 282 (49 50) */ srax %o0,32,%g5 -/* 0x01c8 283 (50 51) */ st %o0,[%i0+16] -/* 0x01cc 284 (50 51) */ add %o1,%g5,%o1 -/* 0x01d0 285 (51 53) */ ldx [%sp+96],%g5 -/* 0x01d4 286 (51 52) */ add %o5,%o2,%o2 -/* 0x01d8 287 (51 52) */ srax %o1,32,%o5 -/* 0x01dc 288 (52 53) */ st %o1,[%i0+20] -/* 0x01e0 289 (52 53) */ add %o2,%o5,%o2 -/* 0x01e4 290 (53 54) */ st %o2,[%i0+24] -/* 0x01e8 291 (53 54) */ srax %o2,32,%g4 -/* 0x01ec 292 (53 54) */ add %g5,%o3,%g2 -/* 0x01f0 293 (54 55) */ st %g3,[%i0+12] -/* 0x01f4 294 (54 55) */ add %g2,%g4,%g2 -/* 0x01f8 295 (55 56) */ st %g2,[%i0+28] -/* 0x01fc 299 (55 56) */ srax %g2,32,%o7 -/* 0x0200 300 (56 57) */ or %g0,%o7,%i0 -/* 0x0204 (57 64) */ ret ! Result = %o1 %o0 %f0 %f1 -/* 0x0208 (59 61) */ restore %g0,%g0,%g0 - -! -! ENTRY .L77000037 -! - - .L77000037: /* frequency 1.0 confidence 0.0 */ -/* 0x020c 307 ( 0 1) */ subcc %o2,16,%g0 -/* 0x0210 308 ( 0 1) */ bne,pn %icc,.L77000076 ! tprob=0.50 -/* 0x0214 ( 1 5) */ ldd [%o0],%f8 -/* 0x0218 310 ( 2 6) */ ldd [%g5],%f4 -/* 0x021c 311 ( 3 7) */ ldd [%g5+8],%f6 -/* 0x0220 317 ( 4 8) */ ldd [%o0+8],%f14 -/* 0x0224 318 ( 4 7) */ fmovs %f8,%f12 -/* 0x0228 319 ( 5 7) */ ld [%fp+84],%f13 -/* 0x022c 320 ( 5 9) */ fxnor %f0,%f4,%f4 -/* 0x0230 321 ( 6 10) */ ldd [%g5+16],%f10 -/* 0x0234 322 ( 6 10) */ fxnor %f0,%f6,%f6 -/* 0x0238 323 ( 7 11) */ ldd [%g5+24],%f16 -/* 0x023c 324 ( 8 12) */ ldd [%g5+32],%f20 -/* 0x0240 325 ( 8 13) */ fsubd %f12,%f8,%f8 -/* 0x0244 331 ( 9 11) */ ld [%i1+40],%o7 -/* 0x0248 332 ( 9 14) */ fitod %f4,%f18 -/* 0x024c 333 (10 14) */ ldd [%g5+40],%f22 -/* 0x0250 334 (10 15) */ fitod %f5,%f4 -/* 0x0254 335 (11 12) */ stx %o7,[%sp+96] -/* 0x0258 336 (11 16) */ fitod %f6,%f24 -/* 0x025c 337 (12 14) */ ld [%i1+44],%o7 -/* 0x0260 338 (12 16) */ fxnor %f0,%f10,%f10 -/* 0x0264 339 (13 17) */ ldd [%g5+48],%f26 -/* 0x0268 340 (13 18) */ fitod %f7,%f6 -/* 0x026c 341 (14 15) */ stx %o7,[%sp+104] -/* 0x0270 342 (14 19) */ fsubd %f14,%f18,%f18 -/* 0x0274 343 (15 17) */ ld [%i1+48],%o7 -/* 0x0278 344 (15 20) */ fsubd %f14,%f4,%f4 -/* 0x027c 345 (16 18) */ ld [%i1+36],%o5 -/* 0x0280 346 (16 21) */ fitod %f10,%f28 -/* 0x0284 347 (17 18) */ stx %o7,[%sp+112] -/* 0x0288 348 (17 21) */ fxnor %f0,%f16,%f16 -/* 0x028c 349 (18 20) */ ld [%i1],%g2 -/* 0x0290 350 (18 23) */ fsubd %f14,%f24,%f24 -/* 0x0294 351 (19 20) */ stx %o5,[%sp+120] -/* 0x0298 352 (19 24) */ fitod %f11,%f10 -/* 0x029c 353 (19 24) */ fmuld %f18,%f8,%f18 -/* 0x02a0 354 (20 22) */ ld [%i1+52],%o5 -/* 0x02a4 355 (20 25) */ fsubd %f14,%f6,%f6 -/* 0x02a8 356 (20 25) */ fmuld %f4,%f8,%f4 -/* 0x02ac 357 (21 26) */ fitod %f16,%f30 -/* 0x02b0 358 (22 26) */ fxnor %f0,%f20,%f20 -/* 0x02b4 359 (22 24) */ ld [%i1+4],%g3 -/* 0x02b8 360 (23 27) */ ldd [%g5+56],%f2 -/* 0x02bc 361 (23 28) */ fsubd %f14,%f28,%f28 -/* 0x02c0 362 (23 28) */ fmuld %f24,%f8,%f24 -/* 0x02c4 363 (24 25) */ stx %o5,[%sp+128] -/* 0x02c8 364 (24 29) */ fdtox %f18,%f18 -/* 0x02cc 365 (25 26) */ std %f18,[%sp+272] -/* 0x02d0 366 (25 30) */ fitod %f17,%f16 -/* 0x02d4 367 (25 30) */ fmuld %f6,%f8,%f6 -/* 0x02d8 368 (26 31) */ fsubd %f14,%f10,%f10 -/* 0x02dc 369 (27 32) */ fitod %f20,%f18 -/* 0x02e0 370 (28 33) */ fdtox %f4,%f4 -/* 0x02e4 371 (28 29) */ std %f4,[%sp+264] -/* 0x02e8 372 (28 33) */ fmuld %f28,%f8,%f28 -/* 0x02ec 373 (29 31) */ ld [%i1+8],%g4 -/* 0x02f0 374 (29 34) */ fsubd %f14,%f30,%f4 -/* 0x02f4 375 (30 34) */ fxnor %f0,%f22,%f22 -/* 0x02f8 376 (30 32) */ ld [%i1+12],%g5 -/* 0x02fc 377 (31 33) */ ld [%i1+16],%o0 -/* 0x0300 378 (31 36) */ fitod %f21,%f20 -/* 0x0304 379 (31 36) */ fmuld %f10,%f8,%f10 -/* 0x0308 380 (32 34) */ ld [%i1+20],%o1 -/* 0x030c 381 (32 37) */ fdtox %f24,%f24 -/* 0x0310 382 (33 34) */ std %f24,[%sp+256] -/* 0x0314 383 (33 38) */ fsubd %f14,%f16,%f16 -/* 0x0318 384 (34 36) */ ldx [%sp+272],%o7 -/* 0x031c 385 (34 39) */ fdtox %f6,%f6 -/* 0x0320 386 (34 39) */ fmuld %f4,%f8,%f4 -/* 0x0324 387 (35 36) */ std %f6,[%sp+248] -/* 0x0328 388 (35 40) */ fitod %f22,%f24 -/* 0x032c 389 (36 38) */ ld [%i1+32],%o4 -/* 0x0330 390 (36 41) */ fsubd %f14,%f18,%f6 -/* 0x0334 391 (36 37) */ add %o7,%g2,%g2 -/* 0x0338 392 (37 39) */ ldx [%sp+264],%o7 -/* 0x033c 393 (37 41) */ fxnor %f0,%f26,%f26 -/* 0x0340 394 (37 38) */ srax %g2,32,%o5 -/* 0x0344 395 (38 39) */ st %g2,[%i0] -/* 0x0348 396 (38 43) */ fitod %f23,%f18 -/* 0x034c 397 (38 43) */ fmuld %f16,%f8,%f16 -/* 0x0350 398 (39 41) */ ldx [%sp+248],%g2 -/* 0x0354 399 (39 44) */ fdtox %f28,%f22 -/* 0x0358 400 (39 40) */ add %o7,%g3,%g3 -/* 0x035c 401 (40 42) */ ldx [%sp+256],%o7 -/* 0x0360 402 (40 45) */ fsubd %f14,%f20,%f20 -/* 0x0364 403 (40 41) */ add %g3,%o5,%g3 -/* 0x0368 404 (41 42) */ std %f22,[%sp+240] -/* 0x036c 405 (41 46) */ fitod %f26,%f22 -/* 0x0370 406 (41 42) */ srax %g3,32,%o5 -/* 0x0374 407 (41 42) */ add %g2,%g5,%g2 -/* 0x0378 408 (42 43) */ st %g3,[%i0+4] -/* 0x037c 409 (42 47) */ fdtox %f10,%f10 -/* 0x0380 410 (42 43) */ add %o7,%g4,%g4 -/* 0x0384 411 (42 47) */ fmuld %f6,%f8,%f6 -/* 0x0388 412 (43 44) */ std %f10,[%sp+232] -/* 0x038c 413 (43 47) */ fxnor %f0,%f2,%f12 -/* 0x0390 414 (43 44) */ add %g4,%o5,%g4 -/* 0x0394 415 (44 45) */ st %g4,[%i0+8] -/* 0x0398 416 (44 45) */ srax %g4,32,%o5 -/* 0x039c 417 (44 49) */ fsubd %f14,%f24,%f10 -/* 0x03a0 418 (45 47) */ ldx [%sp+240],%o7 -/* 0x03a4 419 (45 50) */ fdtox %f4,%f4 -/* 0x03a8 420 (45 46) */ add %g2,%o5,%g2 -/* 0x03ac 421 (45 50) */ fmuld %f20,%f8,%f20 -/* 0x03b0 422 (46 47) */ std %f4,[%sp+224] -/* 0x03b4 423 (46 47) */ srax %g2,32,%g5 -/* 0x03b8 424 (46 51) */ fsubd %f14,%f18,%f4 -/* 0x03bc 425 (47 48) */ st %g2,[%i0+12] -/* 0x03c0 426 (47 52) */ fitod %f27,%f24 -/* 0x03c4 427 (47 48) */ add %o7,%o0,%g3 -/* 0x03c8 428 (48 50) */ ldx [%sp+232],%o5 -/* 0x03cc 429 (48 53) */ fdtox %f16,%f16 -/* 0x03d0 430 (48 49) */ add %g3,%g5,%g2 -/* 0x03d4 431 (49 50) */ std %f16,[%sp+216] -/* 0x03d8 432 (49 50) */ srax %g2,32,%g4 -/* 0x03dc 433 (49 54) */ fitod %f12,%f18 -/* 0x03e0 434 (49 54) */ fmuld %f10,%f8,%f10 -/* 0x03e4 435 (50 51) */ st %g2,[%i0+16] -/* 0x03e8 436 (50 55) */ fsubd %f14,%f22,%f16 -/* 0x03ec 437 (50 51) */ add %o5,%o1,%g2 -/* 0x03f0 438 (51 53) */ ld [%i1+24],%o2 -/* 0x03f4 439 (51 56) */ fitod %f13,%f12 -/* 0x03f8 440 (51 52) */ add %g2,%g4,%g2 -/* 0x03fc 441 (51 56) */ fmuld %f4,%f8,%f22 -/* 0x0400 442 (52 54) */ ldx [%sp+224],%g3 -/* 0x0404 443 (52 53) */ srax %g2,32,%g4 -/* 0x0408 444 (52 57) */ fdtox %f6,%f6 -/* 0x040c 445 (53 54) */ std %f6,[%sp+208] -/* 0x0410 446 (53 58) */ fdtox %f20,%f6 -/* 0x0414 447 (54 55) */ stx %o4,[%sp+136] -/* 0x0418 448 (54 59) */ fsubd %f14,%f24,%f4 -/* 0x041c 449 (55 56) */ std %f6,[%sp+200] -/* 0x0420 450 (55 60) */ fsubd %f14,%f18,%f6 -/* 0x0424 451 (55 60) */ fmuld %f16,%f8,%f16 -/* 0x0428 452 (56 57) */ st %g2,[%i0+20] -/* 0x042c 453 (56 57) */ add %g3,%o2,%g2 -/* 0x0430 454 (56 61) */ fdtox %f10,%f10 -/* 0x0434 455 (57 59) */ ld [%i1+28],%o3 -/* 0x0438 456 (57 58) */ add %g2,%g4,%g2 -/* 0x043c 457 (58 60) */ ldx [%sp+216],%g5 -/* 0x0440 458 (58 59) */ srax %g2,32,%g4 -/* 0x0444 459 (59 60) */ std %f10,[%sp+192] -/* 0x0448 460 (59 64) */ fsubd %f14,%f12,%f10 -/* 0x044c 461 (59 64) */ fmuld %f4,%f8,%f4 -/* 0x0450 462 (60 61) */ st %g2,[%i0+24] -/* 0x0454 463 (60 61) */ add %g5,%o3,%g2 -/* 0x0458 464 (60 65) */ fdtox %f22,%f12 -/* 0x045c 465 (60 65) */ fmuld %f6,%f8,%f6 -/* 0x0460 466 (61 63) */ ldx [%sp+136],%o0 -/* 0x0464 467 (61 62) */ add %g2,%g4,%g2 -/* 0x0468 468 (62 64) */ ldx [%sp+208],%g3 -/* 0x046c 469 (62 63) */ srax %g2,32,%g4 -/* 0x0470 470 (63 65) */ ldx [%sp+120],%o1 -/* 0x0474 471 (64 66) */ ldx [%sp+200],%g5 -/* 0x0478 472 (64 65) */ add %g3,%o0,%g3 -/* 0x047c 473 (64 69) */ fdtox %f4,%f4 -/* 0x0480 474 (64 69) */ fmuld %f10,%f8,%f8 -/* 0x0484 475 (65 66) */ std %f12,[%sp+184] -/* 0x0488 476 (65 66) */ add %g3,%g4,%g3 -/* 0x048c 477 (65 70) */ fdtox %f16,%f12 -/* 0x0490 478 (66 67) */ std %f12,[%sp+176] -/* 0x0494 479 (66 67) */ srax %g3,32,%o0 -/* 0x0498 480 (66 67) */ add %g5,%o1,%g5 -/* 0x049c 481 (67 69) */ ldx [%sp+192],%o2 -/* 0x04a0 482 (67 68) */ add %g5,%o0,%g5 -/* 0x04a4 483 (68 70) */ ldx [%sp+96],%g4 -/* 0x04a8 484 (68 69) */ srax %g5,32,%o1 -/* 0x04ac 485 (69 71) */ ld [%i1+56],%o4 -/* 0x04b0 486 (70 72) */ ldx [%sp+104],%o0 -/* 0x04b4 487 (70 71) */ add %o2,%g4,%g4 -/* 0x04b8 488 (71 72) */ std %f4,[%sp+168] -/* 0x04bc 489 (71 72) */ add %g4,%o1,%g4 -/* 0x04c0 490 (71 76) */ fdtox %f6,%f4 -/* 0x04c4 491 (72 74) */ ldx [%sp+184],%o3 -/* 0x04c8 492 (72 73) */ srax %g4,32,%o2 -/* 0x04cc 493 (73 75) */ ldx [%sp+112],%o1 -/* 0x04d0 494 (74 75) */ std %f4,[%sp+160] -/* 0x04d4 495 (74 75) */ add %o3,%o0,%o0 -/* 0x04d8 496 (74 79) */ fdtox %f8,%f4 -/* 0x04dc 497 (75 77) */ ldx [%sp+176],%o5 -/* 0x04e0 498 (75 76) */ add %o0,%o2,%o0 -/* 0x04e4 499 (76 77) */ stx %o4,[%sp+144] -/* 0x04e8 500 (77 78) */ st %g2,[%i0+28] -/* 0x04ec 501 (77 78) */ add %o5,%o1,%g2 -/* 0x04f0 502 (77 78) */ srax %o0,32,%o1 -/* 0x04f4 503 (78 79) */ std %f4,[%sp+152] -/* 0x04f8 504 (78 79) */ add %g2,%o1,%o1 -/* 0x04fc 505 (79 81) */ ldx [%sp+168],%o7 -/* 0x0500 506 (79 80) */ srax %o1,32,%o3 -/* 0x0504 507 (80 82) */ ldx [%sp+128],%o2 -/* 0x0508 508 (81 83) */ ld [%i1+60],%o4 -/* 0x050c 509 (82 83) */ add %o7,%o2,%o2 -/* 0x0510 510 (83 84) */ add %o2,%o3,%o2 -/* 0x0514 511 (83 85) */ ldx [%sp+144],%o5 -/* 0x0518 512 (84 86) */ ldx [%sp+160],%g2 -/* 0x051c 513 (85 87) */ ldx [%sp+152],%o3 -/* 0x0520 514 (86 87) */ st %g3,[%i0+32] -/* 0x0524 515 (86 87) */ add %g2,%o5,%g2 -/* 0x0528 516 (86 87) */ srax %o2,32,%o5 -/* 0x052c 517 (87 88) */ st %g5,[%i0+36] -/* 0x0530 518 (87 88) */ add %g2,%o5,%g2 -/* 0x0534 519 (87 88) */ add %o3,%o4,%g3 -/* 0x0538 520 (88 89) */ st %o0,[%i0+44] -/* 0x053c 521 (88 89) */ srax %g2,32,%g5 -/* 0x0540 522 (89 90) */ st %o1,[%i0+48] -/* 0x0544 523 (89 90) */ add %g3,%g5,%g3 -/* 0x0548 524 (90 91) */ st %o2,[%i0+52] -/* 0x054c 528 (90 91) */ srax %g3,32,%o7 -/* 0x0550 529 (91 92) */ st %g4,[%i0+40] -/* 0x0554 530 (92 93) */ st %g2,[%i0+56] -/* 0x0558 531 (93 94) */ st %g3,[%i0+60] -/* 0x055c 532 (93 94) */ or %g0,%o7,%i0 -/* 0x0560 (94 101) */ ret ! Result = %o1 %o0 %f0 %f1 -/* 0x0564 (96 98) */ restore %g0,%g0,%g0 - -! -! ENTRY .L77000076 -! - - .L77000076: /* frequency 1.0 confidence 0.0 */ -/* 0x0568 540 ( 0 4) */ ldd [%o0],%f6 -/* 0x056c 546 ( 0 1) */ add %o2,1,%g2 -/* 0x0570 547 ( 0 3) */ fmovd %f0,%f14 -/* 0x0574 548 ( 0 1) */ or %g0,0,%o7 -/* 0x0578 549 ( 1 3) */ ld [%fp+84],%f9 -/* 0x057c 550 ( 1 2) */ srl %g2,31,%g3 -/* 0x0580 551 ( 1 2) */ add %fp,-2264,%o5 -/* 0x0584 552 ( 2 3) */ add %g2,%g3,%g2 -/* 0x0588 553 ( 2 6) */ ldd [%o0+8],%f18 -/* 0x058c 554 ( 2 3) */ add %fp,-2256,%o4 -/* 0x0590 555 ( 3 6) */ fmovs %f6,%f8 -/* 0x0594 556 ( 3 4) */ sra %g2,1,%o1 -/* 0x0598 557 ( 3 4) */ or %g0,0,%g2 -/* 0x059c 558 ( 4 5) */ subcc %o1,0,%g0 -/* 0x05a0 559 ( 4 5) */ sub %o1,1,%o2 -/* 0x05a4 563 ( 5 6) */ add %g5,32,%o0 -/* 0x05a8 564 ( 6 11) */ fsubd %f8,%f6,%f16 -/* 0x05ac 565 ( 6 7) */ ble,pt %icc,.L900000161 ! tprob=0.50 -/* 0x05b0 ( 6 7) */ subcc %o3,0,%g0 -/* 0x05b4 567 ( 7 8) */ subcc %o1,7,%g0 -/* 0x05b8 568 ( 7 8) */ bl,pn %icc,.L77000077 ! tprob=0.50 -/* 0x05bc ( 7 8) */ sub %o1,2,%o1 -/* 0x05c0 570 ( 8 12) */ ldd [%g5],%f2 -/* 0x05c4 571 ( 9 13) */ ldd [%g5+8],%f4 -/* 0x05c8 572 ( 9 10) */ or %g0,5,%g2 -/* 0x05cc 573 (10 14) */ ldd [%g5+16],%f0 -/* 0x05d0 574 (11 15) */ fxnor %f14,%f2,%f2 -/* 0x05d4 575 (11 15) */ ldd [%g5+24],%f12 -/* 0x05d8 576 (12 16) */ fxnor %f14,%f4,%f6 -/* 0x05dc 577 (12 16) */ ldd [%g5+32],%f10 -/* 0x05e0 578 (13 17) */ fxnor %f14,%f0,%f8 -/* 0x05e4 579 (15 20) */ fitod %f3,%f0 -/* 0x05e8 580 (16 21) */ fitod %f2,%f4 -/* 0x05ec 581 (17 22) */ fitod %f7,%f2 -/* 0x05f0 582 (18 23) */ fitod %f6,%f6 -/* 0x05f4 583 (20 25) */ fsubd %f18,%f0,%f0 -/* 0x05f8 584 (21 26) */ fsubd %f18,%f4,%f4 - -! -! ENTRY .L900000149 -! - - .L900000149: /* frequency 1.0 confidence 0.0 */ -/* 0x05fc 586 ( 0 4) */ fxnor %f14,%f12,%f22 -/* 0x0600 587 ( 0 5) */ fmuld %f4,%f16,%f4 -/* 0x0604 588 ( 0 1) */ add %g2,2,%g2 -/* 0x0608 589 ( 0 1) */ add %o4,32,%o4 -/* 0x060c 590 ( 1 6) */ fitod %f9,%f24 -/* 0x0610 591 ( 1 6) */ fmuld %f0,%f16,%f20 -/* 0x0614 592 ( 1 2) */ add %o0,8,%o0 -/* 0x0618 593 ( 1 2) */ subcc %g2,%o1,%g0 -/* 0x061c 594 ( 2 6) */ ldd [%o0],%f12 -/* 0x0620 595 ( 2 7) */ fsubd %f18,%f2,%f0 -/* 0x0624 596 ( 2 3) */ add %o5,32,%o5 -/* 0x0628 597 ( 3 8) */ fsubd %f18,%f6,%f2 -/* 0x062c 598 ( 5 10) */ fdtox %f4,%f4 -/* 0x0630 599 ( 6 11) */ fdtox %f20,%f6 -/* 0x0634 600 ( 6 7) */ std %f4,[%o5-32] -/* 0x0638 601 ( 7 12) */ fitod %f8,%f4 -/* 0x063c 602 ( 7 8) */ std %f6,[%o4-32] -/* 0x0640 603 ( 8 12) */ fxnor %f14,%f10,%f8 -/* 0x0644 604 ( 8 13) */ fmuld %f2,%f16,%f6 -/* 0x0648 605 ( 9 14) */ fitod %f23,%f2 -/* 0x064c 606 ( 9 14) */ fmuld %f0,%f16,%f20 -/* 0x0650 607 ( 9 10) */ add %o0,8,%o0 -/* 0x0654 608 (10 14) */ ldd [%o0],%f10 -/* 0x0658 609 (10 15) */ fsubd %f18,%f24,%f0 -/* 0x065c 610 (12 17) */ fsubd %f18,%f4,%f4 -/* 0x0660 611 (13 18) */ fdtox %f6,%f6 -/* 0x0664 612 (14 19) */ fdtox %f20,%f20 -/* 0x0668 613 (14 15) */ std %f6,[%o5-16] -/* 0x066c 614 (15 20) */ fitod %f22,%f6 -/* 0x0670 615 (15 16) */ ble,pt %icc,.L900000149 ! tprob=0.50 -/* 0x0674 (15 16) */ std %f20,[%o4-16] - -! -! ENTRY .L900000152 -! - - .L900000152: /* frequency 1.0 confidence 0.0 */ -/* 0x0678 618 ( 0 4) */ fxnor %f14,%f12,%f12 -/* 0x067c 619 ( 0 5) */ fmuld %f0,%f16,%f22 -/* 0x0680 620 ( 0 1) */ add %o5,80,%o5 -/* 0x0684 621 ( 0 1) */ add %o4,80,%o4 -/* 0x0688 622 ( 1 5) */ fxnor %f14,%f10,%f0 -/* 0x068c 623 ( 1 6) */ fmuld %f4,%f16,%f24 -/* 0x0690 624 ( 1 2) */ subcc %g2,%o2,%g0 -/* 0x0694 625 ( 1 2) */ add %o0,8,%g5 -/* 0x0698 626 ( 2 7) */ fitod %f8,%f20 -/* 0x069c 627 ( 3 8) */ fitod %f9,%f8 -/* 0x06a0 628 ( 4 9) */ fsubd %f18,%f6,%f6 -/* 0x06a4 629 ( 5 10) */ fitod %f12,%f26 -/* 0x06a8 630 ( 6 11) */ fitod %f13,%f4 -/* 0x06ac 631 ( 7 12) */ fsubd %f18,%f2,%f12 -/* 0x06b0 632 ( 8 13) */ fitod %f0,%f2 -/* 0x06b4 633 ( 9 14) */ fitod %f1,%f0 -/* 0x06b8 634 (10 15) */ fsubd %f18,%f20,%f10 -/* 0x06bc 635 (10 15) */ fmuld %f6,%f16,%f20 -/* 0x06c0 636 (11 16) */ fsubd %f18,%f8,%f8 -/* 0x06c4 637 (12 17) */ fsubd %f18,%f26,%f6 -/* 0x06c8 638 (12 17) */ fmuld %f12,%f16,%f12 -/* 0x06cc 639 (13 18) */ fsubd %f18,%f4,%f4 -/* 0x06d0 640 (14 19) */ fsubd %f18,%f2,%f2 -/* 0x06d4 641 (15 20) */ fsubd %f18,%f0,%f0 -/* 0x06d8 642 (15 20) */ fmuld %f10,%f16,%f10 -/* 0x06dc 643 (16 21) */ fdtox %f24,%f24 -/* 0x06e0 644 (16 17) */ std %f24,[%o5-80] -/* 0x06e4 645 (16 21) */ fmuld %f8,%f16,%f8 -/* 0x06e8 646 (17 22) */ fdtox %f22,%f22 -/* 0x06ec 647 (17 18) */ std %f22,[%o4-80] -/* 0x06f0 648 (17 22) */ fmuld %f6,%f16,%f6 -/* 0x06f4 649 (18 23) */ fdtox %f20,%f20 -/* 0x06f8 650 (18 19) */ std %f20,[%o5-64] -/* 0x06fc 651 (18 23) */ fmuld %f4,%f16,%f4 -/* 0x0700 652 (19 24) */ fdtox %f12,%f12 -/* 0x0704 653 (19 20) */ std %f12,[%o4-64] -/* 0x0708 654 (19 24) */ fmuld %f2,%f16,%f2 -/* 0x070c 655 (20 25) */ fdtox %f10,%f10 -/* 0x0710 656 (20 21) */ std %f10,[%o5-48] -/* 0x0714 657 (20 25) */ fmuld %f0,%f16,%f0 -/* 0x0718 658 (21 26) */ fdtox %f8,%f8 -/* 0x071c 659 (21 22) */ std %f8,[%o4-48] -/* 0x0720 660 (22 27) */ fdtox %f6,%f6 -/* 0x0724 661 (22 23) */ std %f6,[%o5-32] -/* 0x0728 662 (23 28) */ fdtox %f4,%f4 -/* 0x072c 663 (23 24) */ std %f4,[%o4-32] -/* 0x0730 664 (24 29) */ fdtox %f2,%f2 -/* 0x0734 665 (24 25) */ std %f2,[%o5-16] -/* 0x0738 666 (25 30) */ fdtox %f0,%f0 -/* 0x073c 667 (25 26) */ bg,pn %icc,.L77000043 ! tprob=0.50 -/* 0x0740 (25 26) */ std %f0,[%o4-16] - -! -! ENTRY .L77000077 -! - - .L77000077: /* frequency 1.0 confidence 0.0 */ -/* 0x0744 670 ( 0 4) */ ldd [%g5],%f0 - -! -! ENTRY .L900000160 -! - - .L900000160: /* frequency 1.0 confidence 0.0 */ -/* 0x0748 672 ( 0 4) */ fxnor %f14,%f0,%f0 -/* 0x074c 673 ( 0 1) */ add %g2,1,%g2 -/* 0x0750 674 ( 0 1) */ add %g5,8,%g5 -/* 0x0754 675 ( 1 2) */ subcc %g2,%o2,%g0 -/* 0x0758 676 ( 4 9) */ fitod %f0,%f2 -/* 0x075c 677 ( 5 10) */ fitod %f1,%f0 -/* 0x0760 678 ( 9 14) */ fsubd %f18,%f2,%f2 -/* 0x0764 679 (10 15) */ fsubd %f18,%f0,%f0 -/* 0x0768 680 (14 19) */ fmuld %f2,%f16,%f2 -/* 0x076c 681 (15 20) */ fmuld %f0,%f16,%f0 -/* 0x0770 682 (19 24) */ fdtox %f2,%f2 -/* 0x0774 683 (19 20) */ std %f2,[%o5] -/* 0x0778 684 (19 20) */ add %o5,16,%o5 -/* 0x077c 685 (20 25) */ fdtox %f0,%f0 -/* 0x0780 686 (20 21) */ std %f0,[%o4] -/* 0x0784 687 (20 21) */ add %o4,16,%o4 -/* 0x0788 688 (20 21) */ ble,a,pt %icc,.L900000160 ! tprob=0.50 -/* 0x078c (23 27) */ ldd [%g5],%f0 - -! -! ENTRY .L77000043 -! - - .L77000043: /* frequency 1.0 confidence 0.0 */ -/* 0x0790 696 ( 0 1) */ subcc %o3,0,%g0 - -! -! ENTRY .L900000161 -! - - .L900000161: /* frequency 1.0 confidence 0.0 */ -/* 0x0794 698 ( 0 1) */ ble,a,pt %icc,.L900000159 ! tprob=0.50 -/* 0x0798 ( 0 1) */ or %g0,%o7,%i0 -/* 0x079c 703 ( 0 2) */ ldx [%fp-2256],%o2 -/* 0x07a0 704 ( 0 1) */ or %g0,%i1,%g3 -/* 0x07a4 705 ( 1 2) */ sub %o3,1,%o5 -/* 0x07a8 706 ( 1 2) */ or %g0,0,%g4 -/* 0x07ac 707 ( 2 3) */ add %fp,-2264,%g5 -/* 0x07b0 708 ( 2 3) */ or %g0,%i0,%g2 -/* 0x07b4 709 ( 3 4) */ subcc %o3,6,%g0 -/* 0x07b8 710 ( 3 4) */ sub %o5,2,%o4 -/* 0x07bc 711 ( 3 4) */ bl,pn %icc,.L77000078 ! tprob=0.50 -/* 0x07c0 ( 3 5) */ ldx [%fp-2264],%o0 -/* 0x07c4 713 ( 4 6) */ ld [%g3],%o1 -/* 0x07c8 714 ( 4 5) */ add %g2,4,%g2 -/* 0x07cc 715 ( 4 5) */ or %g0,3,%g4 -/* 0x07d0 716 ( 5 7) */ ld [%g3+4],%o3 -/* 0x07d4 717 ( 5 6) */ add %g3,8,%g3 -/* 0x07d8 718 ( 5 6) */ add %fp,-2240,%g5 -/* 0x07dc 719 ( 6 7) */ add %o0,%o1,%o0 -/* 0x07e0 720 ( 6 8) */ ldx [%fp-2248],%o1 -/* 0x07e4 721 ( 7 8) */ st %o0,[%g2-4] -/* 0x07e8 722 ( 7 8) */ srax %o0,32,%o0 - -! -! ENTRY .L900000145 -! - - .L900000145: /* frequency 1.0 confidence 0.0 */ -/* 0x07ec 724 ( 0 2) */ ld [%g3],%o7 -/* 0x07f0 725 ( 0 1) */ add %o2,%o3,%o2 -/* 0x07f4 726 ( 0 1) */ sra %o0,0,%o3 -/* 0x07f8 727 ( 1 3) */ ldx [%g5],%o0 -/* 0x07fc 728 ( 1 2) */ add %o2,%o3,%o2 -/* 0x0800 729 ( 1 2) */ add %g4,3,%g4 -/* 0x0804 730 ( 2 3) */ st %o2,[%g2] -/* 0x0808 731 ( 2 3) */ srax %o2,32,%o3 -/* 0x080c 732 ( 2 3) */ subcc %g4,%o4,%g0 -/* 0x0810 733 ( 3 5) */ ld [%g3+4],%o2 -/* 0x0814 734 ( 4 5) */ stx %o2,[%sp+96] -/* 0x0818 735 ( 4 5) */ add %o1,%o7,%o1 -/* 0x081c 736 ( 5 7) */ ldx [%g5+8],%o2 -/* 0x0820 737 ( 5 6) */ add %o1,%o3,%o1 -/* 0x0824 738 ( 5 6) */ add %g2,12,%g2 -/* 0x0828 739 ( 6 7) */ st %o1,[%g2-8] -/* 0x082c 740 ( 6 7) */ srax %o1,32,%o7 -/* 0x0830 741 ( 6 7) */ add %g3,12,%g3 -/* 0x0834 742 ( 7 9) */ ld [%g3-4],%o3 -/* 0x0838 743 ( 8 10) */ ldx [%sp+96],%o1 -/* 0x083c 744 (10 11) */ add %o0,%o1,%o0 -/* 0x0840 745 (10 12) */ ldx [%g5+16],%o1 -/* 0x0844 746 (11 12) */ add %o0,%o7,%o0 -/* 0x0848 747 (11 12) */ add %g5,24,%g5 -/* 0x084c 748 (11 12) */ st %o0,[%g2-4] -/* 0x0850 749 (11 12) */ ble,pt %icc,.L900000145 ! tprob=0.50 -/* 0x0854 (12 13) */ srax %o0,32,%o0 - -! -! ENTRY .L900000148 -! - - .L900000148: /* frequency 1.0 confidence 0.0 */ -/* 0x0858 752 ( 0 1) */ add %o2,%o3,%o2 -/* 0x085c 753 ( 0 1) */ sra %o0,0,%o3 -/* 0x0860 754 ( 0 2) */ ld [%g3],%o0 -/* 0x0864 755 ( 1 2) */ add %o2,%o3,%o3 -/* 0x0868 756 ( 1 2) */ add %g2,8,%g2 -/* 0x086c 757 ( 2 3) */ srax %o3,32,%o2 -/* 0x0870 758 ( 2 3) */ st %o3,[%g2-8] -/* 0x0874 759 ( 2 3) */ add %o1,%o0,%o0 -/* 0x0878 760 ( 3 4) */ add %o0,%o2,%o0 -/* 0x087c 761 ( 3 4) */ st %o0,[%g2-4] -/* 0x0880 762 ( 3 4) */ subcc %g4,%o5,%g0 -/* 0x0884 763 ( 3 4) */ bg,pn %icc,.L77000061 ! tprob=0.50 -/* 0x0888 ( 4 5) */ srax %o0,32,%o7 -/* 0x088c 765 ( 4 5) */ add %g3,4,%g3 - -! -! ENTRY .L77000078 -! - - .L77000078: /* frequency 1.0 confidence 0.0 */ -/* 0x0890 767 ( 0 2) */ ld [%g3],%o2 - -! -! ENTRY .L900000158 -! - - .L900000158: /* frequency 1.0 confidence 0.0 */ -/* 0x0894 769 ( 0 2) */ ldx [%g5],%o0 -/* 0x0898 770 ( 0 1) */ sra %o7,0,%o1 -/* 0x089c 771 ( 0 1) */ add %g4,1,%g4 -/* 0x08a0 772 ( 1 2) */ add %g3,4,%g3 -/* 0x08a4 773 ( 1 2) */ add %g5,8,%g5 -/* 0x08a8 774 ( 2 3) */ add %o0,%o2,%o0 -/* 0x08ac 775 ( 2 3) */ subcc %g4,%o5,%g0 -/* 0x08b0 776 ( 3 4) */ add %o0,%o1,%o0 -/* 0x08b4 777 ( 3 4) */ st %o0,[%g2] -/* 0x08b8 778 ( 3 4) */ add %g2,4,%g2 -/* 0x08bc 779 ( 4 5) */ srax %o0,32,%o7 -/* 0x08c0 780 ( 4 5) */ ble,a,pt %icc,.L900000158 ! tprob=0.50 -/* 0x08c4 ( 4 6) */ ld [%g3],%o2 - -! -! ENTRY .L77000047 -! - - .L77000047: /* frequency 1.0 confidence 0.0 */ -/* 0x08c8 783 ( 0 1) */ or %g0,%o7,%i0 -/* 0x08cc ( 1 8) */ ret ! Result = %o1 %o0 %f0 %f1 -/* 0x08d0 ( 3 5) */ restore %g0,%g0,%g0 - -! -! ENTRY .L77000048 -! - - .L77000048: /* frequency 1.0 confidence 0.0 */ -/* 0x08d4 794 ( 0 1) */ bne,pn %icc,.L77000050 ! tprob=0.50 -/* 0x08d8 ( 0 1) */ sethi %hi(0xfff80000),%g2 -/* 0x08dc 796 ( 0 4) */ ldd [%g5],%f4 -/* 0x08e0 804 ( 0 1) */ srl %o1,19,%g3 -/* 0x08e4 805 ( 1 2) */ st %g3,[%sp+240] -/* 0x08e8 806 ( 1 2) */ andn %o1,%g2,%g2 -/* 0x08ec 807 ( 2 6) */ ldd [%o0],%f8 -/* 0x08f0 808 ( 3 4) */ st %g2,[%sp+244] -/* 0x08f4 809 ( 3 7) */ fxnor %f0,%f4,%f4 -/* 0x08f8 810 ( 4 8) */ ldd [%g5+8],%f6 -/* 0x08fc 814 ( 5 9) */ ldd [%o0+8],%f18 -/* 0x0900 815 ( 5 8) */ fmovs %f8,%f12 -/* 0x0904 816 ( 6 10) */ ldd [%g5+16],%f10 -/* 0x0908 817 ( 6 9) */ fmovs %f8,%f16 -/* 0x090c 818 ( 7 11) */ ldd [%g5+24],%f20 -/* 0x0910 819 ( 7 12) */ fitod %f4,%f14 -/* 0x0914 823 ( 8 10) */ ld [%i1],%g2 -/* 0x0918 824 ( 8 13) */ fitod %f5,%f4 -/* 0x091c 825 ( 9 11) */ ld [%sp+240],%f13 -/* 0x0920 826 ( 9 13) */ fxnor %f0,%f6,%f6 -/* 0x0924 827 (10 12) */ ld [%sp+244],%f17 -/* 0x0928 828 (10 14) */ fxnor %f0,%f10,%f10 -/* 0x092c 829 (11 13) */ ld [%i1+28],%o3 -/* 0x0930 830 (11 15) */ fxnor %f0,%f20,%f20 -/* 0x0934 831 (12 14) */ ld [%i1+4],%g3 -/* 0x0938 832 (12 17) */ fsubd %f12,%f8,%f12 -/* 0x093c 833 (13 14) */ stx %o3,[%sp+96] -/* 0x0940 834 (13 18) */ fsubd %f18,%f14,%f14 -/* 0x0944 835 (14 16) */ ld [%i1+8],%g4 -/* 0x0948 836 (14 19) */ fsubd %f16,%f8,%f8 -/* 0x094c 837 (15 17) */ ld [%i1+12],%g5 -/* 0x0950 838 (15 20) */ fsubd %f18,%f4,%f4 -/* 0x0954 839 (16 18) */ ld [%i1+16],%o0 -/* 0x0958 840 (16 21) */ fitod %f6,%f22 -/* 0x095c 841 (17 19) */ ld [%i1+20],%o1 -/* 0x0960 842 (17 22) */ fitod %f7,%f6 -/* 0x0964 843 (18 20) */ ld [%i1+24],%o2 -/* 0x0968 844 (18 23) */ fitod %f10,%f16 -/* 0x096c 845 (18 23) */ fmuld %f14,%f12,%f24 -/* 0x0970 846 (19 24) */ fitod %f20,%f28 -/* 0x0974 847 (19 24) */ fmuld %f14,%f8,%f14 -/* 0x0978 848 (20 25) */ fitod %f11,%f10 -/* 0x097c 849 (20 25) */ fmuld %f4,%f12,%f26 -/* 0x0980 850 (21 26) */ fsubd %f18,%f22,%f22 -/* 0x0984 851 (21 26) */ fmuld %f4,%f8,%f4 -/* 0x0988 852 (22 27) */ fsubd %f18,%f6,%f6 -/* 0x098c 853 (23 28) */ fdtox %f24,%f24 -/* 0x0990 854 (23 24) */ std %f24,[%sp+224] -/* 0x0994 855 (24 29) */ fdtox %f14,%f14 -/* 0x0998 856 (24 25) */ std %f14,[%sp+232] -/* 0x099c 857 (25 30) */ fdtox %f26,%f14 -/* 0x09a0 858 (25 26) */ std %f14,[%sp+208] -/* 0x09a4 859 (26 28) */ ldx [%sp+224],%o4 -/* 0x09a8 860 (26 31) */ fitod %f21,%f20 -/* 0x09ac 861 (26 31) */ fmuld %f22,%f12,%f30 -/* 0x09b0 862 (27 29) */ ldx [%sp+232],%o5 -/* 0x09b4 863 (27 32) */ fsubd %f18,%f16,%f16 -/* 0x09b8 864 (27 32) */ fmuld %f22,%f8,%f22 -/* 0x09bc 865 (28 29) */ sllx %o4,19,%o4 -/* 0x09c0 866 (28 33) */ fdtox %f4,%f4 -/* 0x09c4 867 (28 29) */ std %f4,[%sp+216] -/* 0x09c8 868 (28 33) */ fmuld %f6,%f12,%f24 -/* 0x09cc 869 (29 34) */ fsubd %f18,%f28,%f26 -/* 0x09d0 870 (29 30) */ add %o5,%o4,%o4 -/* 0x09d4 871 (29 34) */ fmuld %f6,%f8,%f6 -/* 0x09d8 872 (30 35) */ fsubd %f18,%f10,%f10 -/* 0x09dc 873 (30 31) */ add %o4,%g2,%g2 -/* 0x09e0 874 (30 31) */ st %g2,[%i0] -/* 0x09e4 875 (31 33) */ ldx [%sp+208],%o7 -/* 0x09e8 876 (31 32) */ srlx %g2,32,%o5 -/* 0x09ec 877 (31 36) */ fsubd %f18,%f20,%f18 -/* 0x09f0 878 (32 37) */ fdtox %f30,%f28 -/* 0x09f4 879 (32 33) */ std %f28,[%sp+192] -/* 0x09f8 880 (32 37) */ fmuld %f16,%f12,%f14 -/* 0x09fc 881 (33 34) */ sllx %o7,19,%o4 -/* 0x0a00 882 (33 35) */ ldx [%sp+216],%o7 -/* 0x0a04 883 (33 38) */ fdtox %f22,%f20 -/* 0x0a08 884 (33 38) */ fmuld %f16,%f8,%f16 -/* 0x0a0c 885 (34 35) */ std %f20,[%sp+200] -/* 0x0a10 886 (34 39) */ fdtox %f24,%f20 -/* 0x0a14 887 (34 39) */ fmuld %f26,%f12,%f22 -/* 0x0a18 888 (35 36) */ std %f20,[%sp+176] -/* 0x0a1c 889 (35 36) */ add %o7,%o4,%o4 -/* 0x0a20 890 (35 40) */ fdtox %f6,%f6 -/* 0x0a24 891 (35 40) */ fmuld %f10,%f12,%f4 -/* 0x0a28 892 (36 38) */ ldx [%sp+192],%o3 -/* 0x0a2c 893 (36 37) */ add %o4,%g3,%g3 -/* 0x0a30 894 (36 41) */ fmuld %f10,%f8,%f10 -/* 0x0a34 895 (37 38) */ std %f6,[%sp+184] -/* 0x0a38 896 (37 38) */ add %g3,%o5,%g3 -/* 0x0a3c 897 (37 42) */ fdtox %f14,%f6 -/* 0x0a40 898 (37 42) */ fmuld %f26,%f8,%f20 -/* 0x0a44 899 (38 40) */ ldx [%sp+200],%o4 -/* 0x0a48 900 (38 39) */ sllx %o3,19,%o3 -/* 0x0a4c 901 (38 39) */ srlx %g3,32,%o5 -/* 0x0a50 902 (38 43) */ fdtox %f16,%f14 -/* 0x0a54 903 (39 40) */ std %f6,[%sp+160] -/* 0x0a58 904 (39 44) */ fmuld %f18,%f12,%f12 -/* 0x0a5c 905 (40 42) */ ldx [%sp+176],%o7 -/* 0x0a60 906 (40 41) */ add %o4,%o3,%o3 -/* 0x0a64 907 (40 45) */ fdtox %f4,%f16 -/* 0x0a68 908 (40 45) */ fmuld %f18,%f8,%f18 -/* 0x0a6c 909 (41 42) */ std %f14,[%sp+168] -/* 0x0a70 910 (41 42) */ add %o3,%g4,%g4 -/* 0x0a74 911 (41 46) */ fdtox %f10,%f4 -/* 0x0a78 912 (42 44) */ ldx [%sp+184],%o3 -/* 0x0a7c 913 (42 43) */ sllx %o7,19,%o4 -/* 0x0a80 914 (42 43) */ add %g4,%o5,%g4 -/* 0x0a84 915 (42 47) */ fdtox %f22,%f14 -/* 0x0a88 916 (43 44) */ std %f16,[%sp+144] -/* 0x0a8c 917 (43 44) */ srlx %g4,32,%o5 -/* 0x0a90 918 (43 48) */ fdtox %f20,%f6 -/* 0x0a94 919 (44 46) */ ldx [%sp+160],%o7 -/* 0x0a98 920 (44 45) */ add %o3,%o4,%o3 -/* 0x0a9c 921 (44 49) */ fdtox %f12,%f16 -/* 0x0aa0 922 (45 46) */ std %f4,[%sp+152] -/* 0x0aa4 923 (45 46) */ add %o3,%g5,%g5 -/* 0x0aa8 924 (45 50) */ fdtox %f18,%f8 -/* 0x0aac 925 (46 48) */ ldx [%sp+168],%o3 -/* 0x0ab0 926 (46 47) */ sllx %o7,19,%o4 -/* 0x0ab4 927 (46 47) */ add %g5,%o5,%g5 -/* 0x0ab8 928 (47 48) */ std %f14,[%sp+128] -/* 0x0abc 929 (47 48) */ srlx %g5,32,%o5 -/* 0x0ac0 930 (48 49) */ std %f6,[%sp+136] -/* 0x0ac4 931 (48 49) */ add %o3,%o4,%o3 -/* 0x0ac8 932 (49 50) */ std %f16,[%sp+112] -/* 0x0acc 933 (49 50) */ add %o3,%o0,%o0 -/* 0x0ad0 934 (50 52) */ ldx [%sp+144],%o7 -/* 0x0ad4 935 (50 51) */ add %o0,%o5,%o0 -/* 0x0ad8 936 (51 53) */ ldx [%sp+152],%o3 -/* 0x0adc 937 (52 53) */ std %f8,[%sp+120] -/* 0x0ae0 938 (52 53) */ sllx %o7,19,%o4 -/* 0x0ae4 939 (52 53) */ srlx %o0,32,%o7 -/* 0x0ae8 940 (53 54) */ stx %o0,[%sp+104] -/* 0x0aec 941 (53 54) */ add %o3,%o4,%o3 -/* 0x0af0 942 (54 56) */ ldx [%sp+128],%o5 -/* 0x0af4 943 (54 55) */ add %o3,%o1,%o1 -/* 0x0af8 944 (55 57) */ ldx [%sp+136],%o0 -/* 0x0afc 945 (55 56) */ add %o1,%o7,%o1 -/* 0x0b00 946 (56 57) */ st %g3,[%i0+4] -/* 0x0b04 947 (56 57) */ sllx %o5,19,%o3 -/* 0x0b08 948 (57 59) */ ldx [%sp+112],%o4 -/* 0x0b0c 949 (57 58) */ add %o0,%o3,%o3 -/* 0x0b10 950 (58 60) */ ldx [%sp+120],%o0 -/* 0x0b14 951 (58 59) */ add %o3,%o2,%o2 -/* 0x0b18 952 (58 59) */ srlx %o1,32,%o3 -/* 0x0b1c 953 (59 60) */ st %o1,[%i0+20] -/* 0x0b20 954 (59 60) */ sllx %o4,19,%g2 -/* 0x0b24 955 (59 60) */ add %o2,%o3,%o2 -/* 0x0b28 956 (60 62) */ ldx [%sp+96],%o4 -/* 0x0b2c 957 (60 61) */ srlx %o2,32,%g3 -/* 0x0b30 958 (60 61) */ add %o0,%g2,%g2 -/* 0x0b34 959 (61 63) */ ldx [%sp+104],%o0 -/* 0x0b38 960 (62 63) */ st %o2,[%i0+24] -/* 0x0b3c 961 (62 63) */ add %g2,%o4,%g2 -/* 0x0b40 962 (63 64) */ st %o0,[%i0+16] -/* 0x0b44 963 (63 64) */ add %g2,%g3,%g2 -/* 0x0b48 964 (64 65) */ st %g4,[%i0+8] -/* 0x0b4c 968 (64 65) */ srlx %g2,32,%o7 -/* 0x0b50 969 (65 66) */ st %g5,[%i0+12] -/* 0x0b54 970 (66 67) */ st %g2,[%i0+28] -/* 0x0b58 971 (66 67) */ or %g0,%o7,%i0 -/* 0x0b5c (67 74) */ ret ! Result = %o1 %o0 %f0 %f1 -/* 0x0b60 (69 71) */ restore %g0,%g0,%g0 - -! -! ENTRY .L77000050 -! - - .L77000050: /* frequency 1.0 confidence 0.0 */ -/* 0x0b64 978 ( 0 1) */ subcc %o2,16,%g0 -/* 0x0b68 979 ( 0 1) */ bne,pn %icc,.L77000073 ! tprob=0.50 -/* 0x0b6c ( 0 1) */ sethi %hi(0xfff80000),%g2 -/* 0x0b70 981 ( 1 5) */ ldd [%g5],%f4 -/* 0x0b74 982 ( 2 6) */ ldd [%g5+8],%f6 -/* 0x0b78 989 ( 2 3) */ andn %o1,%g2,%g2 -/* 0x0b7c 993 ( 2 3) */ srl %o1,19,%g3 -/* 0x0b80 994 ( 3 7) */ ldd [%g5+16],%f8 -/* 0x0b84 995 ( 4 8) */ fxnor %f0,%f4,%f4 -/* 0x0b88 996 ( 4 5) */ st %g2,[%sp+356] -/* 0x0b8c 997 ( 5 9) */ ldd [%o0],%f20 -/* 0x0b90 998 ( 5 9) */ fxnor %f0,%f6,%f6 -/* 0x0b94 999 ( 6 7) */ st %g3,[%sp+352] -/* 0x0b98 1000 ( 6 10) */ fxnor %f0,%f8,%f8 -/* 0x0b9c 1005 ( 7 11) */ ldd [%o0+8],%f30 -/* 0x0ba0 1006 ( 8 13) */ fitod %f4,%f22 -/* 0x0ba4 1007 ( 8 12) */ ldd [%g5+24],%f10 -/* 0x0ba8 1008 ( 9 12) */ fmovs %f20,%f24 -/* 0x0bac 1009 ( 9 13) */ ldd [%g5+32],%f12 -/* 0x0bb0 1010 (10 15) */ fitod %f5,%f4 -/* 0x0bb4 1011 (10 14) */ ldd [%g5+40],%f14 -/* 0x0bb8 1012 (11 14) */ fmovs %f20,%f26 -/* 0x0bbc 1013 (11 15) */ ldd [%g5+48],%f16 -/* 0x0bc0 1014 (12 14) */ ld [%sp+356],%f25 -/* 0x0bc4 1015 (12 17) */ fitod %f6,%f28 -/* 0x0bc8 1016 (13 15) */ ld [%sp+352],%f27 -/* 0x0bcc 1017 (13 18) */ fitod %f8,%f32 -/* 0x0bd0 1018 (14 19) */ fsubd %f30,%f22,%f22 -/* 0x0bd4 1019 (14 18) */ ldd [%g5+56],%f18 -/* 0x0bd8 1020 (15 20) */ fsubd %f24,%f20,%f24 -/* 0x0bdc 1021 (16 21) */ fsubd %f26,%f20,%f20 -/* 0x0be0 1022 (17 22) */ fsubd %f30,%f4,%f4 -/* 0x0be4 1023 (18 23) */ fsubd %f30,%f28,%f26 -/* 0x0be8 1024 (19 24) */ fitod %f7,%f6 -/* 0x0bec 1025 (20 25) */ fsubd %f30,%f32,%f28 -/* 0x0bf0 1026 (20 25) */ fmuld %f22,%f24,%f32 -/* 0x0bf4 1027 (21 26) */ fmuld %f22,%f20,%f22 -/* 0x0bf8 1028 (21 25) */ fxnor %f0,%f10,%f10 -/* 0x0bfc 1029 (22 27) */ fmuld %f4,%f24,%f44 -/* 0x0c00 1030 (22 27) */ fitod %f9,%f8 -/* 0x0c04 1031 (23 28) */ fmuld %f4,%f20,%f4 -/* 0x0c08 1032 (23 27) */ fxnor %f0,%f12,%f12 -/* 0x0c0c 1033 (24 29) */ fsubd %f30,%f6,%f6 -/* 0x0c10 1034 (24 29) */ fmuld %f26,%f24,%f46 -/* 0x0c14 1035 (25 30) */ fitod %f10,%f34 -/* 0x0c18 1036 (26 31) */ fdtox %f22,%f22 -/* 0x0c1c 1037 (26 27) */ std %f22,[%sp+336] -/* 0x0c20 1038 (27 32) */ fmuld %f26,%f20,%f22 -/* 0x0c24 1039 (27 32) */ fdtox %f44,%f26 -/* 0x0c28 1040 (27 28) */ std %f26,[%sp+328] -/* 0x0c2c 1041 (28 33) */ fdtox %f4,%f4 -/* 0x0c30 1042 (28 29) */ std %f4,[%sp+320] -/* 0x0c34 1043 (29 34) */ fmuld %f6,%f24,%f26 -/* 0x0c38 1044 (29 34) */ fsubd %f30,%f8,%f8 -/* 0x0c3c 1045 (30 35) */ fdtox %f46,%f4 -/* 0x0c40 1046 (30 31) */ std %f4,[%sp+312] -/* 0x0c44 1047 (31 36) */ fmuld %f28,%f24,%f4 -/* 0x0c48 1048 (31 36) */ fdtox %f32,%f32 -/* 0x0c4c 1049 (31 32) */ std %f32,[%sp+344] -/* 0x0c50 1050 (32 37) */ fitod %f11,%f10 -/* 0x0c54 1051 (32 37) */ fmuld %f6,%f20,%f32 -/* 0x0c58 1052 (33 38) */ fsubd %f30,%f34,%f34 -/* 0x0c5c 1053 (34 39) */ fdtox %f22,%f6 -/* 0x0c60 1054 (34 35) */ std %f6,[%sp+304] -/* 0x0c64 1058 (35 40) */ fitod %f12,%f36 -/* 0x0c68 1059 (35 40) */ fmuld %f28,%f20,%f6 -/* 0x0c6c 1060 (36 41) */ fdtox %f26,%f22 -/* 0x0c70 1061 (36 37) */ std %f22,[%sp+296] -/* 0x0c74 1062 (37 42) */ fmuld %f8,%f24,%f22 -/* 0x0c78 1063 (37 42) */ fdtox %f4,%f4 -/* 0x0c7c 1064 (37 38) */ std %f4,[%sp+280] -/* 0x0c80 1065 (38 43) */ fmuld %f8,%f20,%f8 -/* 0x0c84 1066 (38 43) */ fsubd %f30,%f10,%f10 -/* 0x0c88 1067 (39 44) */ fmuld %f34,%f24,%f4 -/* 0x0c8c 1068 (39 44) */ fitod %f13,%f12 -/* 0x0c90 1069 (40 45) */ fsubd %f30,%f36,%f36 -/* 0x0c94 1070 (41 46) */ fdtox %f6,%f6 -/* 0x0c98 1071 (41 42) */ std %f6,[%sp+272] -/* 0x0c9c 1072 (42 46) */ fxnor %f0,%f14,%f14 -/* 0x0ca0 1073 (42 47) */ fmuld %f34,%f20,%f6 -/* 0x0ca4 1074 (43 48) */ fdtox %f22,%f22 -/* 0x0ca8 1075 (43 44) */ std %f22,[%sp+264] -/* 0x0cac 1076 (44 49) */ fdtox %f8,%f8 -/* 0x0cb0 1077 (44 45) */ std %f8,[%sp+256] -/* 0x0cb4 1078 (44 49) */ fmuld %f10,%f24,%f22 -/* 0x0cb8 1079 (45 50) */ fdtox %f4,%f4 -/* 0x0cbc 1080 (45 46) */ std %f4,[%sp+248] -/* 0x0cc0 1081 (45 50) */ fmuld %f10,%f20,%f8 -/* 0x0cc4 1082 (46 51) */ fsubd %f30,%f12,%f4 -/* 0x0cc8 1083 (46 51) */ fmuld %f36,%f24,%f10 -/* 0x0ccc 1084 (47 52) */ fitod %f14,%f38 -/* 0x0cd0 1085 (48 53) */ fdtox %f6,%f6 -/* 0x0cd4 1086 (48 49) */ std %f6,[%sp+240] -/* 0x0cd8 1087 (49 54) */ fdtox %f22,%f12 -/* 0x0cdc 1088 (49 50) */ std %f12,[%sp+232] -/* 0x0ce0 1089 (49 54) */ fmuld %f36,%f20,%f6 -/* 0x0ce4 1090 (50 55) */ fdtox %f8,%f8 -/* 0x0ce8 1091 (50 51) */ std %f8,[%sp+224] -/* 0x0cec 1092 (51 56) */ fdtox %f10,%f22 -/* 0x0cf0 1093 (51 52) */ std %f22,[%sp+216] -/* 0x0cf4 1094 (51 56) */ fmuld %f4,%f24,%f8 -/* 0x0cf8 1095 (52 57) */ fitod %f15,%f14 -/* 0x0cfc 1096 (52 57) */ fmuld %f4,%f20,%f4 -/* 0x0d00 1097 (53 58) */ fsubd %f30,%f38,%f22 -/* 0x0d04 1098 (54 58) */ fxnor %f0,%f16,%f16 -/* 0x0d08 1099 (55 60) */ fdtox %f6,%f6 -/* 0x0d0c 1100 (55 56) */ std %f6,[%sp+208] -/* 0x0d10 1101 (56 61) */ fdtox %f8,%f6 -/* 0x0d14 1102 (56 57) */ std %f6,[%sp+200] -/* 0x0d18 1103 (57 62) */ fsubd %f30,%f14,%f10 -/* 0x0d1c 1104 (58 63) */ fitod %f16,%f40 -/* 0x0d20 1105 (58 63) */ fmuld %f22,%f24,%f6 -/* 0x0d24 1106 (59 64) */ fdtox %f4,%f4 -/* 0x0d28 1107 (59 60) */ std %f4,[%sp+192] -/* 0x0d2c 1108 (60 65) */ fitod %f17,%f16 -/* 0x0d30 1109 (60 65) */ fmuld %f22,%f20,%f4 -/* 0x0d34 1110 (61 65) */ fxnor %f0,%f18,%f18 -/* 0x0d38 1111 (62 67) */ fdtox %f32,%f32 -/* 0x0d3c 1112 (62 63) */ std %f32,[%sp+288] -/* 0x0d40 1113 (62 67) */ fmuld %f10,%f24,%f8 -/* 0x0d44 1114 (63 68) */ fdtox %f6,%f6 -/* 0x0d48 1115 (63 64) */ std %f6,[%sp+184] -/* 0x0d4c 1116 (63 68) */ fmuld %f10,%f20,%f22 -/* 0x0d50 1117 (64 69) */ fsubd %f30,%f40,%f6 -/* 0x0d54 1118 (65 70) */ fdtox %f4,%f4 -/* 0x0d58 1119 (65 66) */ std %f4,[%sp+176] -/* 0x0d5c 1120 (66 71) */ fsubd %f30,%f16,%f10 -/* 0x0d60 1121 (67 72) */ fdtox %f8,%f4 -/* 0x0d64 1122 (67 68) */ std %f4,[%sp+168] -/* 0x0d68 1123 (68 73) */ fdtox %f22,%f4 -/* 0x0d6c 1124 (68 69) */ std %f4,[%sp+160] -/* 0x0d70 1125 (69 74) */ fitod %f18,%f42 -/* 0x0d74 1126 (69 74) */ fmuld %f6,%f24,%f4 -/* 0x0d78 1127 (70 75) */ fmuld %f6,%f20,%f22 -/* 0x0d7c 1128 (71 76) */ fmuld %f10,%f24,%f6 -/* 0x0d80 1129 (72 77) */ fmuld %f10,%f20,%f8 -/* 0x0d84 1130 (74 79) */ fdtox %f4,%f4 -/* 0x0d88 1131 (74 75) */ std %f4,[%sp+152] -/* 0x0d8c 1132 (75 80) */ fsubd %f30,%f42,%f4 -/* 0x0d90 1133 (76 81) */ fdtox %f6,%f6 -/* 0x0d94 1134 (76 77) */ std %f6,[%sp+136] -/* 0x0d98 1135 (77 82) */ fdtox %f22,%f22 -/* 0x0d9c 1136 (77 78) */ std %f22,[%sp+144] -/* 0x0da0 1137 (78 83) */ fdtox %f8,%f22 -/* 0x0da4 1138 (78 79) */ std %f22,[%sp+128] -/* 0x0da8 1139 (79 84) */ fitod %f19,%f22 -/* 0x0dac 1140 (80 85) */ fmuld %f4,%f24,%f6 -/* 0x0db0 1141 (81 86) */ fmuld %f4,%f20,%f4 -/* 0x0db4 1142 (84 89) */ fsubd %f30,%f22,%f22 -/* 0x0db8 1143 (85 90) */ fdtox %f6,%f6 -/* 0x0dbc 1144 (85 86) */ std %f6,[%sp+120] -/* 0x0dc0 1145 (86 91) */ fdtox %f4,%f4 -/* 0x0dc4 1146 (86 87) */ std %f4,[%sp+112] -/* 0x0dc8 1150 (87 89) */ ldx [%sp+336],%g2 -/* 0x0dcc 1151 (88 90) */ ldx [%sp+344],%g3 -/* 0x0dd0 1152 (89 91) */ ld [%i1],%g4 -/* 0x0dd4 1153 (89 90) */ sllx %g2,19,%g2 -/* 0x0dd8 1154 (89 94) */ fmuld %f22,%f20,%f4 -/* 0x0ddc 1155 (90 92) */ ldx [%sp+328],%g5 -/* 0x0de0 1156 (90 91) */ add %g3,%g2,%g2 -/* 0x0de4 1157 (90 95) */ fmuld %f22,%f24,%f6 -/* 0x0de8 1158 (91 93) */ ldx [%sp+320],%g3 -/* 0x0dec 1159 (91 92) */ add %g2,%g4,%g4 -/* 0x0df0 1160 (92 94) */ ldx [%sp+304],%o0 -/* 0x0df4 1161 (93 94) */ st %g4,[%i0] -/* 0x0df8 1162 (93 94) */ sllx %g3,19,%g2 -/* 0x0dfc 1163 (93 94) */ srlx %g4,32,%g4 -/* 0x0e00 1164 (94 96) */ ld [%i1+4],%g3 -/* 0x0e04 1165 (94 95) */ add %g5,%g2,%g2 -/* 0x0e08 1166 (94 99) */ fdtox %f4,%f4 -/* 0x0e0c 1167 (95 97) */ ldx [%sp+312],%g5 -/* 0x0e10 1168 (95 100) */ fdtox %f6,%f6 -/* 0x0e14 1169 (96 98) */ ldx [%sp+288],%o1 -/* 0x0e18 1170 (96 97) */ add %g2,%g3,%g2 -/* 0x0e1c 1171 (96 97) */ sllx %o0,19,%g3 -/* 0x0e20 1172 (97 99) */ ldx [%sp+272],%o2 -/* 0x0e24 1173 (97 98) */ add %g2,%g4,%g2 -/* 0x0e28 1174 (97 98) */ add %g5,%g3,%g3 -/* 0x0e2c 1175 (98 100) */ ld [%i1+8],%g4 -/* 0x0e30 1176 (98 99) */ srlx %g2,32,%o0 -/* 0x0e34 1177 (99 101) */ ldx [%sp+296],%g5 -/* 0x0e38 1178 (100 101) */ st %g2,[%i0+4] -/* 0x0e3c 1179 (100 101) */ sllx %o2,19,%g2 -/* 0x0e40 1180 (100 101) */ add %g3,%g4,%g3 -/* 0x0e44 1181 (101 103) */ ldx [%sp+256],%o2 -/* 0x0e48 1182 (101 102) */ sllx %o1,19,%g4 -/* 0x0e4c 1183 (101 102) */ add %g3,%o0,%g3 -/* 0x0e50 1184 (102 104) */ ld [%i1+12],%o0 -/* 0x0e54 1185 (102 103) */ srlx %g3,32,%o1 -/* 0x0e58 1186 (102 103) */ add %g5,%g4,%g4 -/* 0x0e5c 1187 (103 105) */ ldx [%sp+280],%g5 -/* 0x0e60 1188 (104 105) */ st %g3,[%i0+8] -/* 0x0e64 1189 (104 105) */ sllx %o2,19,%g3 -/* 0x0e68 1190 (104 105) */ add %g4,%o0,%g4 -/* 0x0e6c 1191 (105 107) */ ld [%i1+16],%o0 -/* 0x0e70 1192 (105 106) */ add %g5,%g2,%g2 -/* 0x0e74 1193 (105 106) */ add %g4,%o1,%g4 -/* 0x0e78 1194 (106 108) */ ldx [%sp+264],%g5 -/* 0x0e7c 1195 (106 107) */ srlx %g4,32,%o1 -/* 0x0e80 1196 (107 109) */ ldx [%sp+240],%o2 -/* 0x0e84 1197 (107 108) */ add %g2,%o0,%g2 -/* 0x0e88 1198 (108 110) */ ld [%i1+20],%o0 -/* 0x0e8c 1199 (108 109) */ add %g5,%g3,%g3 -/* 0x0e90 1200 (108 109) */ add %g2,%o1,%g2 -/* 0x0e94 1201 (109 111) */ ldx [%sp+248],%g5 -/* 0x0e98 1202 (109 110) */ srlx %g2,32,%o1 -/* 0x0e9c 1203 (110 111) */ st %g4,[%i0+12] -/* 0x0ea0 1204 (110 111) */ sllx %o2,19,%g4 -/* 0x0ea4 1205 (110 111) */ add %g3,%o0,%g3 -/* 0x0ea8 1206 (111 113) */ ld [%i1+24],%o0 -/* 0x0eac 1207 (111 112) */ add %g5,%g4,%g4 -/* 0x0eb0 1208 (111 112) */ add %g3,%o1,%g3 -/* 0x0eb4 1209 (112 114) */ ldx [%sp+224],%o2 -/* 0x0eb8 1210 (112 113) */ srlx %g3,32,%o1 -/* 0x0ebc 1211 (113 115) */ ldx [%sp+232],%g5 -/* 0x0ec0 1212 (113 114) */ add %g4,%o0,%g4 -/* 0x0ec4 1213 (114 115) */ st %g2,[%i0+16] -/* 0x0ec8 1214 (114 115) */ sllx %o2,19,%g2 -/* 0x0ecc 1215 (114 115) */ add %g4,%o1,%g4 -/* 0x0ed0 1216 (115 117) */ ld [%i1+28],%o0 -/* 0x0ed4 1217 (115 116) */ srlx %g4,32,%o1 -/* 0x0ed8 1218 (115 116) */ add %g5,%g2,%g2 -/* 0x0edc 1222 (116 118) */ ldx [%sp+208],%o2 -/* 0x0ee0 1223 (117 119) */ ldx [%sp+216],%g5 -/* 0x0ee4 1224 (117 118) */ add %g2,%o0,%g2 -/* 0x0ee8 1225 (118 119) */ st %g3,[%i0+20] -/* 0x0eec 1226 (118 119) */ sllx %o2,19,%g3 -/* 0x0ef0 1227 (118 119) */ add %g2,%o1,%g2 -/* 0x0ef4 1228 (119 121) */ ld [%i1+32],%o0 -/* 0x0ef8 1229 (119 120) */ srlx %g2,32,%o1 -/* 0x0efc 1230 (119 120) */ add %g5,%g3,%g3 -/* 0x0f00 1231 (120 122) */ ldx [%sp+192],%o2 -/* 0x0f04 1232 (121 123) */ ldx [%sp+200],%g5 -/* 0x0f08 1233 (121 122) */ add %g3,%o0,%g3 -/* 0x0f0c 1234 (122 123) */ st %g4,[%i0+24] -/* 0x0f10 1235 (122 123) */ sllx %o2,19,%g4 -/* 0x0f14 1236 (122 123) */ add %g3,%o1,%g3 -/* 0x0f18 1237 (123 125) */ ld [%i1+36],%o0 -/* 0x0f1c 1238 (123 124) */ srlx %g3,32,%o1 -/* 0x0f20 1239 (123 124) */ add %g5,%g4,%g4 -/* 0x0f24 1240 (124 126) */ ldx [%sp+176],%o2 -/* 0x0f28 1241 (125 127) */ ldx [%sp+184],%g5 -/* 0x0f2c 1242 (125 126) */ add %g4,%o0,%g4 -/* 0x0f30 1243 (126 127) */ st %g2,[%i0+28] -/* 0x0f34 1244 (126 127) */ sllx %o2,19,%g2 -/* 0x0f38 1245 (126 127) */ add %g4,%o1,%g4 -/* 0x0f3c 1246 (127 129) */ ld [%i1+40],%o0 -/* 0x0f40 1247 (127 128) */ srlx %g4,32,%o1 -/* 0x0f44 1248 (127 128) */ add %g5,%g2,%g2 -/* 0x0f48 1249 (128 130) */ ldx [%sp+160],%o2 -/* 0x0f4c 1250 (129 131) */ ldx [%sp+168],%g5 -/* 0x0f50 1251 (129 130) */ add %g2,%o0,%g2 -/* 0x0f54 1252 (130 131) */ st %g3,[%i0+32] -/* 0x0f58 1253 (130 131) */ sllx %o2,19,%g3 -/* 0x0f5c 1254 (130 131) */ add %g2,%o1,%g2 -/* 0x0f60 1255 (131 133) */ ld [%i1+44],%o0 -/* 0x0f64 1256 (131 132) */ srlx %g2,32,%o1 -/* 0x0f68 1257 (131 132) */ add %g5,%g3,%g3 -/* 0x0f6c 1258 (132 134) */ ldx [%sp+144],%o2 -/* 0x0f70 1259 (133 135) */ ldx [%sp+152],%g5 -/* 0x0f74 1260 (133 134) */ add %g3,%o0,%g3 -/* 0x0f78 1261 (134 135) */ st %g4,[%i0+36] -/* 0x0f7c 1262 (134 135) */ sllx %o2,19,%g4 -/* 0x0f80 1263 (134 135) */ add %g3,%o1,%g3 -/* 0x0f84 1264 (135 137) */ ld [%i1+48],%o0 -/* 0x0f88 1265 (135 136) */ srlx %g3,32,%o1 -/* 0x0f8c 1266 (135 136) */ add %g5,%g4,%g4 -/* 0x0f90 1267 (136 138) */ ldx [%sp+128],%o2 -/* 0x0f94 1268 (137 139) */ ldx [%sp+136],%g5 -/* 0x0f98 1269 (137 138) */ add %g4,%o0,%g4 -/* 0x0f9c 1270 (138 139) */ std %f4,[%sp+96] -/* 0x0fa0 1271 (138 139) */ add %g4,%o1,%g4 -/* 0x0fa4 1272 (139 140) */ st %g2,[%i0+40] -/* 0x0fa8 1273 (139 140) */ sllx %o2,19,%g2 -/* 0x0fac 1274 (139 140) */ srlx %g4,32,%o1 -/* 0x0fb0 1275 (140 142) */ ld [%i1+52],%o0 -/* 0x0fb4 1276 (140 141) */ add %g5,%g2,%g2 -/* 0x0fb8 1277 (141 142) */ std %f6,[%sp+104] -/* 0x0fbc 1278 (142 144) */ ldx [%sp+120],%g5 -/* 0x0fc0 1279 (142 143) */ add %g2,%o0,%g2 -/* 0x0fc4 1280 (143 144) */ st %g3,[%i0+44] -/* 0x0fc8 1281 (143 144) */ add %g2,%o1,%g2 -/* 0x0fcc 1282 (144 146) */ ldx [%sp+112],%o2 -/* 0x0fd0 1283 (144 145) */ srlx %g2,32,%o1 -/* 0x0fd4 1284 (145 147) */ ld [%i1+56],%o0 -/* 0x0fd8 1285 (146 147) */ st %g4,[%i0+48] -/* 0x0fdc 1286 (146 147) */ sllx %o2,19,%g3 -/* 0x0fe0 1287 (147 149) */ ldx [%sp+96],%o2 -/* 0x0fe4 1288 (147 148) */ add %g5,%g3,%g3 -/* 0x0fe8 1289 (148 150) */ ldx [%sp+104],%g5 -/* 0x0fec 1290 (148 149) */ add %g3,%o0,%g3 -/* 0x0ff0 1291 (149 151) */ ld [%i1+60],%o0 -/* 0x0ff4 1292 (149 150) */ sllx %o2,19,%g4 -/* 0x0ff8 1293 (149 150) */ add %g3,%o1,%g3 -/* 0x0ffc 1294 (150 151) */ st %g2,[%i0+52] -/* 0x1000 1295 (150 151) */ srlx %g3,32,%o1 -/* 0x1004 1296 (150 151) */ add %g5,%g4,%g4 -/* 0x1008 1297 (151 152) */ st %g3,[%i0+56] -/* 0x100c 1298 (151 152) */ add %g4,%o0,%g2 -/* 0x1010 1299 (152 153) */ add %g2,%o1,%g2 -/* 0x1014 1300 (152 153) */ st %g2,[%i0+60] -/* 0x1018 1304 (153 154) */ srlx %g2,32,%o7 - -! -! ENTRY .L77000061 -! - - .L77000061: /* frequency 1.0 confidence 0.0 */ -/* 0x119c 1437 ( 0 1) */ or %g0,%o7,%i0 - -! -! ENTRY .L900000159 -! - - .L900000159: /* frequency 1.0 confidence 0.0 */ -/* 0x11a0 ( 0 7) */ ret ! Result = %o1 %o0 %f0 %f1 -/* 0x11a4 ( 2 4) */ restore %g0,%g0,%g0 - -! -! ENTRY .L77000073 -! - - .L77000073: /* frequency 1.0 confidence 0.0 */ - - - or %g0, %i4, %o2 - or %g0, %o0, %o1 - or %g0, %i3, %o0 - -! -! ENTRY .L77000052 -! - - .L77000052: /* frequency 1.0 confidence 0.0 */ -/* 0x1028 1318 ( 0 1) */ andn %o2,%g2,%g2 -/* 0x102c 1319 ( 0 1) */ st %g2,[%sp+96] -/* 0x1030 1325 ( 0 1) */ add %o0,1,%g3 -/* 0x1034 1326 ( 0 1) */ fmovd %f0,%f14 -/* 0x1038 1327 ( 1 2) */ srl %o2,19,%g2 -/* 0x103c 1328 ( 1 2) */ st %g2,[%sp+92] -/* 0x1040 1329 ( 1 2) */ or %g0,0,%o5 -/* 0x1044 1330 ( 2 3) */ srl %g3,31,%g2 -/* 0x1048 1331 ( 2 5) */ ldd [%o1],%f6 -/* 0x104c 1335 ( 2 3) */ sethi %hi(0x1800),%g1 -/* 0x1050 1336 ( 3 4) */ add %g3,%g2,%g2 -/* 0x1054 1337 ( 3 4) */ xor %g1,-304,%g1 -/* 0x1058 1338 ( 3 6) */ ldd [%o1+8],%f20 -/* 0x105c 1339 ( 4 5) */ sra %g2,1,%o3 -/* 0x1060 1340 ( 4 5) */ fmovs %f6,%f8 -/* 0x1064 1341 ( 4 5) */ add %g1,%fp,%g3 -/* 0x1068 1342 ( 5 6) */ fmovs %f6,%f10 -/* 0x106c 1343 ( 5 7) */ ld [%sp+96],%f9 -/* 0x1070 1344 ( 5 6) */ subcc %o3,0,%g0 -/* 0x1074 1345 ( 6 8) */ ld [%sp+92],%f11 -/* 0x1078 1346 ( 6 7) */ sethi %hi(0x1800),%g1 -/* 0x107c 1347 ( 6 7) */ or %g0,%i2,%o1 -/* 0x1080 1348 ( 7 10) */ fsubd %f8,%f6,%f18 -/* 0x1084 1349 ( 7 8) */ xor %g1,-296,%g1 -/* 0x1088 1350 ( 7 8) */ or %g0,0,%g4 -/* 0x108c 1351 ( 8 11) */ fsubd %f10,%f6,%f16 -/* 0x1090 1352 ( 8 9) */ bleu,pt %icc,.L990000162 ! tprob=0.50 -/* 0x1094 ( 8 9) */ subcc %o0,0,%g0 -/* 0x1098 1354 ( 9 10) */ add %g1,%fp,%g2 -/* 0x109c 1355 ( 9 10) */ sethi %hi(0x1800),%g1 -/* 0x10a0 1356 (10 11) */ xor %g1,-288,%g1 -/* 0x10a4 1357 (10 11) */ subcc %o3,7,%g0 -/* 0x10a8 1358 (11 12) */ add %g1,%fp,%o7 -/* 0x10ac 1359 (11 12) */ sethi %hi(0x1800),%g1 -/* 0x10b0 1360 (12 13) */ xor %g1,-280,%g1 -/* 0x10b4 1361 (13 14) */ add %g1,%fp,%o4 -/* 0x10b8 1362 (13 14) */ bl,pn %icc,.L77000054 ! tprob=0.50 -/* 0x10bc (13 14) */ sub %o3,2,%o2 -/* 0x10c0 1364 (14 17) */ ldd [%o1],%f2 -/* 0x10c4 1365 (14 15) */ add %o1,16,%g5 -/* 0x10c8 1366 (14 15) */ or %g0,4,%g4 -/* 0x10cc 1367 (15 18) */ ldd [%o1+8],%f0 -/* 0x10d0 1368 (15 16) */ add %o1,8,%o1 -/* 0x10d4 1369 (16 18) */ fxnor %f14,%f2,%f6 -/* 0x10d8 1370 (16 19) */ ldd [%g5],%f4 -/* 0x10dc 1371 (16 17) */ add %o1,16,%o1 -/* 0x10e0 1372 (17 19) */ fxnor %f14,%f0,%f12 -/* 0x10e4 1373 (17 20) */ ldd [%o1],%f0 -/* 0x10e8 1374 (17 18) */ add %o1,8,%o1 -/* 0x10ec 1375 (18 21) */ fitod %f7,%f2 -/* 0x10f0 1376 (19 22) */ fitod %f6,%f6 -/* 0x10f4 1377 (20 22) */ fxnor %f14,%f4,%f10 -/* 0x10f8 1378 (21 24) */ fsubd %f20,%f2,%f2 -/* 0x10fc 1379 (22 24) */ fxnor %f14,%f0,%f8 -/* 0x1100 1380 (23 26) */ fitod %f13,%f4 -/* 0x1104 1381 (24 27) */ fsubd %f20,%f6,%f6 -/* 0x1108 1382 (24 27) */ fmuld %f2,%f16,%f0 - -! -! ENTRY .L990000154 -! - - .L990000154: /* frequency 1.0 confidence 0.0 */ -/* 0x110c 1384 ( 0 3) */ ldd [%o1],%f24 -/* 0x1110 1385 ( 0 1) */ add %g4,3,%g4 -/* 0x1114 1386 ( 0 1) */ add %o4,96,%o4 -/* 0x1118 1387 ( 1 4) */ fitod %f11,%f22 -/* 0x111c 1388 ( 2 5) */ fsubd %f20,%f4,%f26 -/* 0x1120 1389 ( 2 3) */ subcc %g4,%o2,%g0 -/* 0x1124 1390 ( 2 3) */ add %o7,96,%o7 -/* 0x1128 1391 ( 2 5) */ fmuld %f6,%f18,%f28 -/* 0x112c 1392 ( 3 6) */ fmuld %f6,%f16,%f6 -/* 0x1130 1393 ( 3 4) */ add %g2,96,%g2 -/* 0x1134 1394 ( 3 4) */ add %g3,96,%g3 -/* 0x1138 1395 ( 4 7) */ fdtox %f0,%f0 -/* 0x113c 1396 ( 5 8) */ fitod %f12,%f4 -/* 0x1140 1397 ( 5 8) */ fmuld %f2,%f18,%f2 -/* 0x1144 1398 ( 6 9) */ fdtox %f28,%f12 -/* 0x1148 1399 ( 7 10) */ fdtox %f6,%f6 -/* 0x114c 1400 ( 7 8) */ std %f12,[%g3-96] -/* 0x1150 1401 ( 8 9) */ std %f6,[%g2-96] -/* 0x1154 1402 ( 8 11) */ fdtox %f2,%f2 -/* 0x1158 1403 ( 9 12) */ fsubd %f20,%f4,%f6 -/* 0x115c 1404 ( 9 10) */ std %f2,[%o7-96] -/* 0x1160 1405 ( 9 10) */ add %o1,8,%o1 -/* 0x1164 1406 (10 12) */ fxnor %f14,%f24,%f12 -/* 0x1168 1407 (10 13) */ fmuld %f26,%f16,%f4 -/* 0x116c 1408 (10 11) */ std %f0,[%o4-96] -/* 0x1170 1409 (11 14) */ ldd [%o1],%f0 -/* 0x1174 1410 (11 14) */ fitod %f9,%f2 -/* 0x1178 1411 (12 15) */ fsubd %f20,%f22,%f28 -/* 0x117c 1412 (12 15) */ fmuld %f6,%f18,%f24 -/* 0x1180 1413 (13 16) */ fmuld %f6,%f16,%f22 -/* 0x1184 1414 (13 16) */ fdtox %f4,%f4 -/* 0x1188 1415 (14 17) */ fitod %f10,%f6 -/* 0x118c 1416 (14 17) */ fmuld %f26,%f18,%f10 -/* 0x1190 1417 (15 18) */ fdtox %f24,%f24 -/* 0x1194 1418 (16 19) */ fdtox %f22,%f22 -/* 0x1198 1419 (16 17) */ std %f24,[%g3-64] -/* 0x119c 1420 (17 18) */ std %f22,[%g2-64] -/* 0x11a0 1421 (17 20) */ fdtox %f10,%f10 -/* 0x11a4 1422 (18 21) */ fsubd %f20,%f6,%f6 -/* 0x11a8 1423 (18 19) */ std %f10,[%o7-64] -/* 0x11ac 1424 (18 19) */ add %o1,8,%o1 -/* 0x11b0 1425 (19 21) */ fxnor %f14,%f0,%f10 -/* 0x11b4 1426 (19 22) */ fmuld %f28,%f16,%f0 -/* 0x11b8 1427 (19 20) */ std %f4,[%o4-64] -/* 0x11bc 1428 (20 23) */ ldd [%o1],%f22 -/* 0x11c0 1429 (20 23) */ fitod %f13,%f4 -/* 0x11c4 1430 (21 24) */ fsubd %f20,%f2,%f2 -/* 0x11c8 1431 (21 24) */ fmuld %f6,%f18,%f26 -/* 0x11cc 1432 (22 25) */ fmuld %f6,%f16,%f24 -/* 0x11d0 1433 (22 25) */ fdtox %f0,%f0 -/* 0x11d4 1434 (23 26) */ fitod %f8,%f6 -/* 0x11d8 1435 (23 26) */ fmuld %f28,%f18,%f8 -/* 0x11dc 1436 (24 27) */ fdtox %f26,%f26 -/* 0x11e0 1437 (25 28) */ fdtox %f24,%f24 -/* 0x11e4 1438 (25 26) */ std %f26,[%g3-32] -/* 0x11e8 1439 (26 27) */ std %f24,[%g2-32] -/* 0x11ec 1440 (26 29) */ fdtox %f8,%f8 -/* 0x11f0 1441 (27 30) */ fsubd %f20,%f6,%f6 -/* 0x11f4 1442 (27 28) */ std %f8,[%o7-32] -/* 0x11f8 1443 (27 28) */ add %o1,8,%o1 -/* 0x11fc 1444 (28 30) */ fxnor %f14,%f22,%f8 -/* 0x1200 1445 (28 29) */ std %f0,[%o4-32] -/* 0x1204 1446 (28 29) */ bcs,pt %icc,.L990000154 ! tprob=0.50 -/* 0x1208 (28 31) */ fmuld %f2,%f16,%f0 - -! -! ENTRY .L990000157 -! - - .L990000157: /* frequency 1.0 confidence 0.0 */ -/* 0x120c 1449 ( 0 3) */ fitod %f12,%f28 -/* 0x1210 1450 ( 0 3) */ fmuld %f6,%f18,%f24 -/* 0x1214 1451 ( 0 1) */ add %g3,128,%g3 -/* 0x1218 1452 ( 1 4) */ fitod %f10,%f12 -/* 0x121c 1453 ( 1 4) */ fmuld %f6,%f16,%f26 -/* 0x1220 1454 ( 1 2) */ add %g2,128,%g2 -/* 0x1224 1455 ( 2 5) */ fsubd %f20,%f4,%f4 -/* 0x1228 1456 ( 2 5) */ fmuld %f2,%f18,%f22 -/* 0x122c 1457 ( 2 3) */ add %o7,128,%o7 -/* 0x1230 1458 ( 3 6) */ fdtox %f24,%f6 -/* 0x1234 1459 ( 3 4) */ std %f6,[%g3-128] -/* 0x1238 1460 ( 3 4) */ add %o4,128,%o4 -/* 0x123c 1461 ( 4 7) */ fsubd %f20,%f28,%f2 -/* 0x1240 1462 ( 4 5) */ subcc %g4,%o3,%g0 -/* 0x1244 1463 ( 5 8) */ fitod %f11,%f6 -/* 0x1248 1464 ( 5 8) */ fmuld %f4,%f18,%f24 -/* 0x124c 1465 ( 6 9) */ fdtox %f26,%f10 -/* 0x1250 1466 ( 6 7) */ std %f10,[%g2-128] -/* 0x1254 1467 ( 7 10) */ fdtox %f22,%f10 -/* 0x1258 1468 ( 7 8) */ std %f10,[%o7-128] -/* 0x125c 1469 ( 7 10) */ fmuld %f2,%f18,%f26 -/* 0x1260 1470 ( 8 11) */ fsubd %f20,%f12,%f10 -/* 0x1264 1471 ( 8 11) */ fmuld %f2,%f16,%f2 -/* 0x1268 1472 ( 9 12) */ fsubd %f20,%f6,%f22 -/* 0x126c 1473 ( 9 12) */ fmuld %f4,%f16,%f12 -/* 0x1270 1474 (10 13) */ fdtox %f0,%f0 -/* 0x1274 1475 (10 11) */ std %f0,[%o4-128] -/* 0x1278 1476 (11 14) */ fitod %f8,%f4 -/* 0x127c 1477 (11 14) */ fmuld %f10,%f18,%f6 -/* 0x1280 1478 (12 15) */ fdtox %f26,%f0 -/* 0x1284 1479 (12 13) */ std %f0,[%g3-96] -/* 0x1288 1480 (12 15) */ fmuld %f10,%f16,%f10 -/* 0x128c 1481 (13 16) */ fdtox %f2,%f2 -/* 0x1290 1482 (13 14) */ std %f2,[%g2-96] -/* 0x1294 1483 (14 17) */ fitod %f9,%f0 -/* 0x1298 1484 (14 17) */ fmuld %f22,%f18,%f2 -/* 0x129c 1485 (15 18) */ fdtox %f24,%f8 -/* 0x12a0 1486 (15 16) */ std %f8,[%o7-96] -/* 0x12a4 1487 (16 19) */ fsubd %f20,%f4,%f4 -/* 0x12a8 1488 (16 19) */ fmuld %f22,%f16,%f8 -/* 0x12ac 1489 (17 20) */ fdtox %f12,%f12 -/* 0x12b0 1490 (17 18) */ std %f12,[%o4-96] -/* 0x12b4 1491 (18 21) */ fsubd %f20,%f0,%f0 -/* 0x12b8 1492 (19 22) */ fdtox %f6,%f6 -/* 0x12bc 1493 (19 20) */ std %f6,[%g3-64] -/* 0x12c0 1494 (20 23) */ fdtox %f10,%f10 -/* 0x12c4 1495 (20 21) */ std %f10,[%g2-64] -/* 0x12c8 1496 (20 23) */ fmuld %f4,%f18,%f6 -/* 0x12cc 1497 (21 24) */ fdtox %f2,%f2 -/* 0x12d0 1498 (21 22) */ std %f2,[%o7-64] -/* 0x12d4 1499 (21 24) */ fmuld %f4,%f16,%f4 -/* 0x12d8 1500 (22 25) */ fmuld %f0,%f18,%f2 -/* 0x12dc 1501 (22 25) */ fdtox %f8,%f8 -/* 0x12e0 1502 (22 23) */ std %f8,[%o4-64] -/* 0x12e4 1503 (23 26) */ fdtox %f6,%f6 -/* 0x12e8 1504 (23 24) */ std %f6,[%g3-32] -/* 0x12ec 1505 (23 26) */ fmuld %f0,%f16,%f0 -/* 0x12f0 1506 (24 27) */ fdtox %f4,%f4 -/* 0x12f4 1507 (24 25) */ std %f4,[%g2-32] -/* 0x12f8 1508 (25 28) */ fdtox %f2,%f2 -/* 0x12fc 1509 (25 26) */ std %f2,[%o7-32] -/* 0x1300 1510 (26 29) */ fdtox %f0,%f0 -/* 0x1304 1511 (26 27) */ bcc,pn %icc,.L77000056 ! tprob=0.50 -/* 0x1308 (26 27) */ std %f0,[%o4-32] - -! -! ENTRY .L77000054 -! - - .L77000054: /* frequency 1.0 confidence 0.0 */ -/* 0x130c 1514 ( 0 3) */ ldd [%o1],%f0 - -! -! ENTRY .L990000161 -! - - .L990000161: /* frequency 1.0 confidence 0.0 */ -/* 0x1310 1516 ( 0 2) */ fxnor %f14,%f0,%f0 -/* 0x1314 1517 ( 0 1) */ add %g4,1,%g4 -/* 0x1318 1518 ( 0 1) */ add %o1,8,%o1 -/* 0x131c 1519 ( 1 2) */ subcc %g4,%o3,%g0 -/* 0x1320 1520 ( 2 5) */ fitod %f0,%f2 -/* 0x1324 1521 ( 3 6) */ fitod %f1,%f0 -/* 0x1328 1522 ( 5 8) */ fsubd %f20,%f2,%f2 -/* 0x132c 1523 ( 6 9) */ fsubd %f20,%f0,%f0 -/* 0x1330 1524 ( 8 11) */ fmuld %f2,%f18,%f6 -/* 0x1334 1525 ( 9 12) */ fmuld %f2,%f16,%f4 -/* 0x1338 1526 (10 13) */ fmuld %f0,%f18,%f2 -/* 0x133c 1527 (11 14) */ fdtox %f6,%f6 -/* 0x1340 1528 (11 12) */ std %f6,[%g3] -/* 0x1344 1529 (11 14) */ fmuld %f0,%f16,%f0 -/* 0x1348 1530 (12 15) */ fdtox %f4,%f4 -/* 0x134c 1531 (12 13) */ std %f4,[%g2] -/* 0x1350 1532 (12 13) */ add %g2,32,%g2 -/* 0x1354 1533 (13 16) */ fdtox %f2,%f2 -/* 0x1358 1534 (13 14) */ std %f2,[%o7] -/* 0x135c 1535 (13 14) */ add %o7,32,%o7 -/* 0x1360 1536 (14 17) */ fdtox %f0,%f0 -/* 0x1364 1537 (14 15) */ std %f0,[%o4] -/* 0x1368 1538 (14 15) */ add %o4,32,%o4 -/* 0x136c 1539 (15 16) */ add %g3,32,%g3 -/* 0x1370 1540 (15 16) */ bcs,a,pt %icc,.L990000161 ! tprob=0.50 -/* 0x1374 (16 19) */ ldd [%o1],%f0 - -! -! ENTRY .L77000056 -! - - .L77000056: /* frequency 1.0 confidence 0.0 */ -/* 0x1378 1548 ( 0 1) */ subcc %o0,0,%g0 - -! -! ENTRY .L990000162 -! - - .L990000162: /* frequency 1.0 confidence 0.0 */ -/* 0x137c 1550 ( 0 1) */ bleu,pt %icc,.L77770061 ! tprob=0.50 -/* 0x1380 ( 0 1) */ nop -/* 0x1384 1555 ( 0 1) */ sethi %hi(0x1800),%g1 -/* 0x1388 1556 ( 1 2) */ xor %g1,-304,%g1 -/* 0x138c 1557 ( 1 2) */ or %g0,%i1,%g4 -/* 0x1390 1558 ( 2 3) */ add %g1,%fp,%g5 -/* 0x1394 1559 ( 2 3) */ sethi %hi(0x1800),%g1 -/* 0x1398 1560 ( 3 4) */ xor %g1,-296,%g1 -/* 0x139c 1561 ( 3 4) */ or %g0,%o0,%o7 -/* 0x13a0 1562 ( 4 5) */ add %g1,%fp,%g2 -/* 0x13a4 1563 ( 4 5) */ or %g0,0,%i2 -/* 0x13a8 1564 ( 5 6) */ or %g0,%i0,%g3 -/* 0x13ac 1565 ( 5 6) */ subcc %o0,6,%g0 -/* 0x13b0 1566 ( 5 6) */ bl,pn %icc,.L77000058 ! tprob=0.50 -/* 0x13b4 ( 6 7) */ sethi %hi(0x1800),%g1 -/* 0x13b8 1568 ( 6 8) */ ld [%g4],%o2 -/* 0x13bc 1569 ( 6 7) */ add %g3,4,%g3 -/* 0x13c0 1570 ( 7 8) */ xor %g1,-264,%g1 -/* 0x13c4 1571 ( 7 8) */ sub %o7,3,%o4 -/* 0x13c8 1572 ( 8 9) */ add %g1,%fp,%g2 -/* 0x13cc 1573 ( 8 9) */ sethi %hi(0x1800),%g1 -/* 0x13d0 1574 ( 9 10) */ xor %g1,-272,%g1 -/* 0x13d4 1575 ( 9 10) */ or %g0,2,%i2 -/* 0x13d8 1576 (10 11) */ add %g1,%fp,%g5 -/* 0x13dc 1577 (10 11) */ sethi %hi(0x1800),%g1 -/* 0x13e0 1578 (11 12) */ xor %g1,-296,%g1 -/* 0x13e4 1579 (12 13) */ add %g1,%fp,%g1 -/* 0x13e8 1580 (13 15) */ ldx [%g1],%o1 -/* 0x13ec 1581 (14 16) */ ldx [%g1-8],%o0 -/* 0x13f0 1582 (15 16) */ sllx %o1,19,%o1 -/* 0x13f4 1583 (15 17) */ ldx [%g1+16],%o3 -/* 0x13f8 1584 (16 17) */ add %o0,%o1,%o0 -/* 0x13fc 1585 (16 18) */ ld [%g4+4],%o1 -/* 0x1400 1586 (16 17) */ add %g4,8,%g4 -/* 0x1404 1587 (17 18) */ sllx %o3,19,%o3 -/* 0x1408 1588 (17 18) */ add %o0,%o2,%o0 -/* 0x140c 1589 (17 19) */ ldx [%g1+8],%o2 -/* 0x1410 1590 (18 19) */ st %o0,[%g3-4] -/* 0x1414 1591 (18 19) */ srlx %o0,32,%o0 - -! -! ENTRY .L990000142 -! - - .L990000142: /* frequency 1.0 confidence 0.0 */ -/* 0x1418 1593 ( 0 1) */ add %o2,%o3,%o2 -/* 0x141c 1594 ( 0 1) */ add %i2,4,%i2 -/* 0x1420 1595 ( 0 2) */ ld [%g4],%o3 -/* 0x1424 1596 ( 1 2) */ srl %o0,0,%o5 -/* 0x1428 1597 ( 1 2) */ add %o2,%o1,%o1 -/* 0x142c 1598 ( 1 3) */ ldx [%g2],%o0 -/* 0x1430 1599 ( 3 4) */ sllx %o0,19,%o2 -/* 0x1434 1600 ( 3 5) */ ldx [%g5],%o0 -/* 0x1438 1601 ( 3 4) */ add %o1,%o5,%o1 -/* 0x143c 1602 ( 4 5) */ st %o1,[%g3] -/* 0x1440 1603 ( 4 5) */ srlx %o1,32,%o5 -/* 0x1444 1604 ( 4 5) */ subcc %i2,%o4,%g0 -/* 0x1448 1605 ( 5 7) */ ldx [%g2+16],%o1 -/* 0x144c 1606 ( 5 6) */ add %o0,%o2,%o0 -/* 0x1450 1607 ( 5 6) */ add %g3,16,%g3 -/* 0x1454 1608 ( 6 8) */ ld [%g4+4],%o2 -/* 0x1458 1609 ( 6 7) */ add %o0,%o3,%o0 -/* 0x145c 1610 ( 7 8) */ sllx %o1,19,%o3 -/* 0x1460 1611 ( 7 9) */ ldx [%g5+16],%o1 -/* 0x1464 1612 ( 7 8) */ add %o0,%o5,%o0 -/* 0x1468 1613 ( 8 9) */ st %o0,[%g3-12] -/* 0x146c 1614 ( 8 9) */ srlx %o0,32,%o5 -/* 0x1470 1615 ( 8 9) */ add %g4,16,%g4 -/* 0x1474 1616 ( 9 11) */ ldx [%g2+32],%o0 -/* 0x1478 1617 ( 9 10) */ add %o1,%o3,%o1 -/* 0x147c 1618 ( 9 10) */ add %g2,64,%g2 -/* 0x1480 1619 (10 12) */ ld [%g4-8],%o3 -/* 0x1484 1620 (10 11) */ add %o1,%o2,%o2 -/* 0x1488 1621 (11 12) */ sllx %o0,19,%o1 -/* 0x148c 1622 (11 13) */ ldx [%g5+32],%o0 -/* 0x1490 1623 (11 12) */ add %o2,%o5,%o2 -/* 0x1494 1624 (12 13) */ st %o2,[%g3-8] -/* 0x1498 1625 (12 13) */ srlx %o2,32,%o5 -/* 0x149c 1626 (12 13) */ add %g5,64,%g5 -/* 0x14a0 1627 (13 15) */ ldx [%g2-16],%o2 -/* 0x14a4 1628 (13 14) */ add %o0,%o1,%o0 -/* 0x14a8 1629 (14 16) */ ld [%g4-4],%o1 -/* 0x14ac 1630 (14 15) */ add %o0,%o3,%o0 -/* 0x14b0 1631 (15 16) */ sllx %o2,19,%o3 -/* 0x14b4 1632 (15 17) */ ldx [%g5-16],%o2 -/* 0x14b8 1633 (15 16) */ add %o0,%o5,%o0 -/* 0x14bc 1634 (16 17) */ st %o0,[%g3-4] -/* 0x14c0 1635 (16 17) */ bcs,pt %icc,.L990000142 ! tprob=0.50 -/* 0x14c4 (16 17) */ srlx %o0,32,%o0 - -! -! ENTRY .L990000145 -! - - .L990000145: /* frequency 1.0 confidence 0.0 */ -/* 0x14c8 1638 ( 0 1) */ add %o2,%o3,%o3 -/* 0x14cc 1639 ( 0 1) */ add %g3,4,%g3 -/* 0x14d0 1640 ( 1 2) */ srl %o0,0,%o2 -/* 0x14d4 1641 ( 1 2) */ add %o3,%o1,%o0 -/* 0x14d8 1642 ( 2 3) */ add %o0,%o2,%o0 -/* 0x14dc 1643 ( 2 3) */ st %o0,[%g3-4] -/* 0x14e0 1644 ( 2 3) */ subcc %i2,%o7,%g0 -/* 0x14e4 1645 ( 2 3) */ bcc,pn %icc,.L77770061 ! tprob=0.50 -/* 0x14e8 ( 3 4) */ srlx %o0,32,%o5 - -! -! ENTRY .L77000058 -! - - .L77000058: /* frequency 1.0 confidence 0.0 */ -/* 0x14ec 1648 ( 0 2) */ ldx [%g2],%o2 - -! -! ENTRY .L990000160 -! - - .L990000160: /* frequency 1.0 confidence 0.0 */ -/* 0x14f0 1650 ( 0 1) */ sllx %o2,19,%o3 -/* 0x14f4 1651 ( 0 2) */ ldx [%g5],%o0 -/* 0x14f8 1652 ( 0 1) */ add %i2,1,%i2 -/* 0x14fc 1653 ( 1 2) */ srl %o5,0,%o1 -/* 0x1500 1654 ( 1 3) */ ld [%g4],%o2 -/* 0x1504 1655 ( 1 2) */ add %g2,16,%g2 -/* 0x1508 1656 ( 2 3) */ add %o0,%o3,%o0 -/* 0x150c 1657 ( 2 3) */ add %g5,16,%g5 -/* 0x1510 1658 ( 3 4) */ add %o0,%o2,%o0 -/* 0x1514 1659 ( 3 4) */ add %g4,4,%g4 -/* 0x1518 1660 ( 4 5) */ add %o0,%o1,%o0 -/* 0x151c 1661 ( 4 5) */ st %o0,[%g3] -/* 0x1520 1662 ( 4 5) */ subcc %i2,%o7,%g0 -/* 0x1524 1663 ( 5 6) */ srlx %o0,32,%o5 -/* 0x1528 1664 ( 5 6) */ add %g3,4,%g3 -/* 0x152c 1665 ( 5 6) */ bcs,a,pt %icc,.L990000160 ! tprob=0.50 -/* 0x1530 ( 6 8) */ ldx [%g2],%o2 - -! -! ENTRY .L77770061 -! - - .L77770061: /* frequency 1.0 confidence 0.0 */ -/* 0x1534 ( 0 2) */ ret ! Result = %o1 %o0 %f0 %f1 -/* 0x1538 ( 2 3) */ restore %g0,%o5,%o0 - - - - -/* 0x11a8 1441 ( 0 0) */ .type mul_add,2 -/* 0x11a8 1442 ( 0 0) */ .size mul_add,(.-mul_add) -/* 0x11a8 1445 ( 0 0) */ .align 16 -/* 0x11b0 1451 ( 0 0) */ .global mul_add_inp - -! -! ENTRY mul_add_inp -! - - .global mul_add_inp - mul_add_inp: /* frequency 1.0 confidence 0.0 */ -/* 0x11b0 1453 ( 0 1) */ or %g0,%o2,%g1 -/* 0x11b4 1454 ( 0 1) */ or %g0,%o3,%o4 -/* 0x11b8 1455 ( 1 2) */ or %g0,%o0,%g3 -/* 0x11bc 1456 ( 1 2) */ or %g0,%o1,%g2 -/* 0x11c0 1466 ( 2 3) */ or %g0,%g1,%o3 -/* 0x11c4 1467 ( 2 3) */ or %g0,%g3,%o1 -/* 0x11c8 1468 ( 3 4) */ or %g0,%g2,%o2 -/* 0x11cc 1469 ( 3 4) */ or %g0,%o7,%g1 -/* 0x11d0 1470 ( 4 6) */ call mul_add ! params = ! Result = -/* 0x11d4 ( 5 6) */ or %g0,%g1,%o7 -/* 0x11d8 1472 ( 0 0) */ .type mul_add_inp,2 -/* 0x11d8 1473 ( 0 0) */ .size mul_add_inp,(.-mul_add_inp) - - .section ".data",#alloc,#write -/* 0x11d8 6 ( 0 0) */ .align 8 - -! -! ENTRY mask_cnst -! - - mask_cnst: /* frequency 1.0 confidence 0.0 */ -/* 0x11d8 8 ( 0 0) */ .word -2147483648 -/* 0x11dc 9 ( 0 0) */ .word -2147483648 -/* 0x11e0 10 ( 0 0) */ .type mask_cnst,#object -/* 0x11e0 11 ( 0 0) */ .size mask_cnst,8 - diff --git a/security/nss/lib/freebl/mpi/mpv_sparcv9.s b/security/nss/lib/freebl/mpi/mpv_sparcv9.s deleted file mode 100644 index 1a7997e4a..000000000 --- a/security/nss/lib/freebl/mpi/mpv_sparcv9.s +++ /dev/null @@ -1,1673 +0,0 @@ -!/* -! * The contents of this file are subject to the Mozilla Public -! * License Version 1.1 (the "License"); you may not use this file -! * except in compliance with the License. You may obtain a copy of -! * the License at http://www.mozilla.org/MPL/ -! * -! * Software distributed under the License is distributed on an "AS -! * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -! * implied. See the License for the specific language governing -! * rights and limitations under the License. -! * -! * The Original Code is a SPARC/VIS optimized multiply and add function -! * -! * The Initial Developer of the Original Code is Sun Microsystems Inc. -! * Portions created by Sun Microsystems Inc. are -! * Copyright (C) 1999-2000 Sun Microsystems Inc. All Rights Reserved. -! * -! * Contributor(s): -! * -! * Alternatively, the contents of this file may be used under the -! * terms of the GNU General Public License Version 2 or later (the -! * "GPL"), in which case the provisions of the GPL are applicable -! * instead of those above. If you wish to allow use of your -! * version of this file only under the terms of the GPL and not to -! * allow others to use your version of this file under the MPL, -! * indicate your decision by deleting the provisions above and -! * replace them with the notice and other provisions required by -! * the GPL. If you do not delete the provisions above, a recipient -! * may use your version of this file under either the MPL or the -! * GPL. -! * $Id$ -! */ - - .section ".text",#alloc,#execinstr -/* 000000 0 ( 0 0) */ .register %g2,#scratch -/* 000000 ( 0 0) */ .register %g3,#scratch -/* 000000 3 ( 0 0) */ .file "mpv_sparc.c" -/* 000000 15 ( 0 0) */ .align 8 -! -! SUBROUTINE .L_const_seg_900000101 -! -! OFFSET SOURCE LINE LABEL INSTRUCTION (ISSUE TIME) (COMPLETION TIME) - - .L_const_seg_900000101: /* frequency 1.0 confidence 0.0 */ -/* 000000 20 ( 0 0) */ .word 1127219200,0 -/* 0x0008 21 ( 0 0) */ .word 1105199103,-4194304 -/* 0x0010 22 ( 0 0) */ .align 8 -/* 0x0010 28 ( 0 0) */ .global mul_add - -! -! ENTRY mul_add -! - - .global mul_add - mul_add: /* frequency 1.0 confidence 0.0 */ -/* 0x0010 30 ( 0 1) */ sethi %hi(0x1c00),%g1 -/* 0x0014 31 ( 0 1) */ sethi %hi(mask_cnst),%g2 -/* 0x0018 32 ( 1 2) */ xor %g1,-48,%g1 -/* 0x001c 33 ( 1 2) */ add %g2,%lo(mask_cnst),%g2 -/* 0x0020 34 ( 2 3) */ save %sp,%g1,%sp - -! -! ENTRY .L900000149 -! - - .L900000149: /* frequency 1.0 confidence 0.0 */ -/* 0x0024 36 ( 0 2) */ call (.+0x8) ! params = ! Result = -/* 0x0028 ( 1 2) */ sethi %hi((_GLOBAL_OFFSET_TABLE_-(.L900000149-.))),%g5 -/* 0x002c 178 ( 2 3) */ sethi %hi(.L_const_seg_900000101),%g3 -/* 0x0030 179 ( 2 3) */ add %g5,%lo((_GLOBAL_OFFSET_TABLE_-(.L900000149-.))),%g5 -/* 0x0034 180 ( 3 4) */ add %g3,%lo(.L_const_seg_900000101),%g3 -/* 0x0038 181 ( 3 4) */ add %g5,%o7,%o1 -/* 0x003c 182 ( 4 5) */ sethi %hi(0x80000),%g4 -/* 0x0040 183 ( 4 6) */ ldx [%o1+%g2],%g2 -/* 0x0044 184 ( 4 5) */ or %g0,%i2,%o2 -/* 0x0048 185 ( 5 6) */ subcc %i4,%g4,%g0 -/* 0x004c 186 ( 5 7) */ ldx [%o1+%g3],%o0 -/* 0x0050 187 ( 6 7) */ or %g0,%i0,%o7 -/* 0x0054 188 ( 6 7) */ or %g0,%i1,%o5 -/* 0x0058 189 ( 6 9) */ ldd [%g2],%f0 -/* 0x005c 190 ( 6 7) */ bcc,pn %icc,.L77000048 ! tprob=0.50 -/* 0x0060 ( 7 8) */ subcc %i3,8,%g0 -/* 0x0064 192 ( 7 8) */ bne,pn %icc,.L900000158 ! tprob=0.50 -/* 0x0068 ( 8 9) */ subcc %i3,16,%g0 -/* 0x006c 194 ( 9 12) */ ldd [%o2],%f4 -/* 0x0070 195 (10 11) */ st %i4,[%sp+2287] -/* 0x0074 196 (11 14) */ ldd [%o0],%f8 -/* 0x0078 197 (11 13) */ fxnor %f0,%f4,%f4 -/* 0x007c 198 (12 15) */ ldd [%o2+8],%f10 -/* 0x0080 199 (13 16) */ fitod %f4,%f12 -/* 0x0084 200 (13 16) */ ldd [%o0+8],%f14 -/* 0x0088 201 (14 17) */ ld [%sp+2287],%f7 -/* 0x008c 202 (14 17) */ fitod %f5,%f4 -/* 0x0090 203 (15 17) */ fxnor %f0,%f10,%f10 -/* 0x0094 204 (15 18) */ ldd [%o2+16],%f16 -/* 0x0098 205 (16 19) */ ldd [%o2+24],%f18 -/* 0x009c 206 (17 20) */ fsubd %f14,%f4,%f4 -/* 0x00a0 210 (17 20) */ ld [%i1],%g2 -/* 0x00a4 211 (18 20) */ fxnor %f0,%f16,%f16 -/* 0x00a8 212 (18 21) */ ld [%i1+4],%g3 -/* 0x00ac 213 (19 22) */ ld [%i1+8],%g4 -/* 0x00b0 214 (20 23) */ fitod %f16,%f20 -/* 0x00b4 215 (20 23) */ ld [%i1+16],%o0 -/* 0x00b8 216 (21 24) */ ld [%i1+12],%g5 -/* 0x00bc 217 (22 25) */ ld [%i1+20],%o1 -/* 0x00c0 218 (23 26) */ ld [%i1+24],%o2 -/* 0x00c4 219 (24 25) */ fmovs %f8,%f6 -/* 0x00c8 220 (24 27) */ ld [%i1+28],%o3 -/* 0x00cc 221 (26 29) */ fsubd %f6,%f8,%f6 -/* 0x00d0 222 (27 30) */ fsubd %f14,%f12,%f8 -/* 0x00d4 223 (28 31) */ fitod %f10,%f12 -/* 0x00d8 224 (29 32) */ fmuld %f4,%f6,%f4 -/* 0x00dc 225 (29 32) */ fitod %f11,%f10 -/* 0x00e0 226 (30 33) */ fmuld %f8,%f6,%f8 -/* 0x00e4 227 (31 34) */ fsubd %f14,%f12,%f12 -/* 0x00e8 228 (32 35) */ fdtox %f4,%f4 -/* 0x00ec 229 (32 33) */ std %f4,[%sp+2271] -/* 0x00f0 230 (33 36) */ fdtox %f8,%f8 -/* 0x00f4 231 (33 34) */ std %f8,[%sp+2279] -/* 0x00f8 232 (34 37) */ fmuld %f12,%f6,%f12 -/* 0x00fc 233 (34 37) */ fsubd %f14,%f10,%f10 -/* 0x0100 234 (35 38) */ fsubd %f14,%f20,%f4 -/* 0x0104 235 (36 39) */ fitod %f17,%f8 -/* 0x0108 236 (37 39) */ fxnor %f0,%f18,%f16 -/* 0x010c 237 (37 39) */ ldx [%sp+2279],%o4 -/* 0x0110 238 (37 40) */ fmuld %f10,%f6,%f10 -/* 0x0114 239 (38 41) */ fdtox %f12,%f12 -/* 0x0118 240 (38 39) */ std %f12,[%sp+2263] -/* 0x011c 241 (38 41) */ fmuld %f4,%f6,%f4 -/* 0x0120 242 (39 42) */ fitod %f16,%f18 -/* 0x0124 243 (39 40) */ add %o4,%g2,%g2 -/* 0x0128 244 (39 40) */ st %g2,[%i0] -/* 0x012c 245 (40 42) */ ldx [%sp+2271],%o4 -/* 0x0130 246 (40 43) */ fsubd %f14,%f8,%f8 -/* 0x0134 247 (40 41) */ srax %g2,32,%o5 -/* 0x0138 248 (41 44) */ fdtox %f10,%f10 -/* 0x013c 249 (41 42) */ std %f10,[%sp+2255] -/* 0x0140 250 (42 45) */ fdtox %f4,%f4 -/* 0x0144 251 (42 43) */ std %f4,[%sp+2247] -/* 0x0148 252 (42 43) */ add %o4,%g3,%o4 -/* 0x014c 253 (43 46) */ fitod %f17,%f12 -/* 0x0150 254 (43 45) */ ldx [%sp+2263],%g2 -/* 0x0154 255 (43 44) */ add %o4,%o5,%g3 -/* 0x0158 256 (43 46) */ fmuld %f8,%f6,%f8 -/* 0x015c 257 (44 47) */ fsubd %f14,%f18,%f10 -/* 0x0160 258 (44 45) */ st %g3,[%i0+4] -/* 0x0164 259 (44 45) */ srax %g3,32,%g3 -/* 0x0168 260 (45 46) */ add %g2,%g4,%g4 -/* 0x016c 261 (45 47) */ ldx [%sp+2255],%g2 -/* 0x0170 262 (46 49) */ fsubd %f14,%f12,%f4 -/* 0x0174 263 (46 47) */ add %g4,%g3,%g3 -/* 0x0178 264 (46 48) */ ldx [%sp+2247],%g4 -/* 0x017c 265 (47 50) */ fmuld %f10,%f6,%f10 -/* 0x0180 266 (47 50) */ fdtox %f8,%f8 -/* 0x0184 267 (47 48) */ std %f8,[%sp+2239] -/* 0x0188 268 (48 49) */ add %g4,%o0,%g4 -/* 0x018c 269 (48 49) */ add %g2,%g5,%g2 -/* 0x0190 270 (48 49) */ st %g3,[%i0+8] -/* 0x0194 271 (49 52) */ fmuld %f4,%f6,%f4 -/* 0x0198 272 (49 50) */ srax %g3,32,%o0 -/* 0x019c 273 (49 51) */ ldx [%sp+2239],%g5 -/* 0x01a0 274 (50 53) */ fdtox %f10,%f6 -/* 0x01a4 275 (50 51) */ std %f6,[%sp+2231] -/* 0x01a8 276 (50 51) */ add %g2,%o0,%g2 -/* 0x01ac 277 (51 52) */ srax %g2,32,%g3 -/* 0x01b0 278 (51 52) */ add %g5,%o1,%o1 -/* 0x01b4 279 (51 52) */ st %g2,[%i0+12] -/* 0x01b8 280 (52 55) */ fdtox %f4,%f4 -/* 0x01bc 281 (52 53) */ std %f4,[%sp+2223] -/* 0x01c0 282 (52 53) */ add %g4,%g3,%g3 -/* 0x01c4 283 (53 54) */ srax %g3,32,%g4 -/* 0x01c8 284 (53 54) */ st %g3,[%i0+16] -/* 0x01cc 285 (54 56) */ ldx [%sp+2231],%o0 -/* 0x01d0 286 (54 55) */ add %o1,%g4,%g4 -/* 0x01d4 287 (55 56) */ srax %g4,32,%g2 -/* 0x01d8 288 (55 57) */ ldx [%sp+2223],%g5 -/* 0x01dc 289 (56 57) */ add %o0,%o2,%o2 -/* 0x01e0 290 (56 57) */ st %g4,[%i0+20] -/* 0x01e4 291 (57 58) */ add %o2,%g2,%g2 -/* 0x01e8 292 (57 58) */ add %g5,%o3,%g5 -/* 0x01ec 293 (57 58) */ st %g2,[%i0+24] -/* 0x01f0 294 (58 59) */ srax %g2,32,%g3 -/* 0x01f4 295 (59 60) */ add %g5,%g3,%g2 -/* 0x01f8 296 (59 60) */ st %g2,[%i0+28] -/* 0x01fc 300 (60 61) */ srax %g2,32,%o3 -/* 0x0200 301 (61 62) */ srl %o3,0,%i0 -/* 0x0204 (62 64) */ ret ! Result = %o1 %o0 %f0 %f1 -/* 0x0208 (64 65) */ restore %g0,%g0,%g0 - -! -! ENTRY .L900000158 -! - - .L900000158: /* frequency 1.0 confidence 0.0 */ -/* 0x020c 308 ( 0 1) */ bne,a,pn %icc,.L900000157 ! tprob=0.50 -/* 0x0210 ( 0 1) */ st %i4,[%sp+2223] -/* 0x0214 315 ( 1 4) */ ldd [%o2],%f4 -/* 0x0218 316 ( 2 3) */ st %i4,[%sp+2351] -/* 0x021c 317 ( 3 6) */ ldd [%o0],%f8 -/* 0x0220 318 ( 3 5) */ fxnor %f0,%f4,%f4 -/* 0x0224 319 ( 4 7) */ ldd [%o2+8],%f10 -/* 0x0228 320 ( 5 8) */ ldd [%o0+8],%f14 -/* 0x022c 321 ( 5 8) */ fitod %f4,%f12 -/* 0x0230 322 ( 6 9) */ ld [%sp+2351],%f7 -/* 0x0234 323 ( 6 8) */ fxnor %f0,%f10,%f10 -/* 0x0238 324 ( 7 10) */ ldd [%o2+16],%f16 -/* 0x023c 325 ( 7 10) */ fitod %f5,%f4 -/* 0x0240 326 ( 8 11) */ ldd [%o2+24],%f18 -/* 0x0244 330 ( 9 12) */ ldd [%o2+32],%f20 -/* 0x0248 331 ( 9 11) */ fxnor %f0,%f16,%f16 -/* 0x024c 335 (10 13) */ ld [%i1],%g2 -/* 0x0250 336 (10 13) */ fsubd %f14,%f4,%f4 -/* 0x0254 337 (11 14) */ ldd [%o2+40],%f22 -/* 0x0258 338 (11 14) */ fitod %f16,%f28 -/* 0x025c 339 (12 15) */ ld [%i1+4],%g3 -/* 0x0260 340 (13 16) */ ld [%i1+8],%g4 -/* 0x0264 341 (13 15) */ fxnor %f0,%f22,%f22 -/* 0x0268 342 (14 17) */ ld [%i1+12],%g5 -/* 0x026c 343 (15 18) */ ld [%i1+16],%o0 -/* 0x0270 344 (16 19) */ ldd [%o2+48],%f24 -/* 0x0274 345 (17 20) */ ld [%i1+20],%o1 -/* 0x0278 346 (17 18) */ fmovs %f8,%f6 -/* 0x027c 347 (18 21) */ ldd [%o2+56],%f26 -/* 0x0280 348 (19 22) */ ld [%i1+24],%o2 -/* 0x0284 349 (19 22) */ fsubd %f6,%f8,%f6 -/* 0x0288 350 (20 23) */ ld [%i1+28],%o3 -/* 0x028c 351 (20 23) */ fsubd %f14,%f12,%f8 -/* 0x0290 355 (21 24) */ ld [%i1+32],%o4 -/* 0x0294 356 (21 24) */ fitod %f10,%f12 -/* 0x0298 357 (22 25) */ ld [%i1+36],%o7 -/* 0x029c 358 (22 25) */ fitod %f11,%f10 -/* 0x02a0 359 (22 25) */ fmuld %f4,%f6,%f4 -/* 0x02a4 360 (23 26) */ ld [%i1+40],%l1 -/* 0x02a8 361 (23 26) */ fmuld %f8,%f6,%f8 -/* 0x02ac 362 (24 27) */ ld [%i1+56],%l5 -/* 0x02b0 363 (24 27) */ fsubd %f14,%f12,%f12 -/* 0x02b4 364 (25 28) */ fsubd %f14,%f10,%f10 -/* 0x02b8 365 (26 29) */ fdtox %f8,%f8 -/* 0x02bc 366 (26 27) */ std %f8,[%sp+2343] -/* 0x02c0 367 (27 30) */ fitod %f17,%f8 -/* 0x02c4 368 (27 30) */ fmuld %f12,%f6,%f12 -/* 0x02c8 369 (28 31) */ fdtox %f4,%f4 -/* 0x02cc 370 (28 29) */ std %f4,[%sp+2335] -/* 0x02d0 371 (28 31) */ fmuld %f10,%f6,%f10 -/* 0x02d4 372 (29 31) */ fxnor %f0,%f18,%f16 -/* 0x02d8 373 (30 33) */ fdtox %f12,%f12 -/* 0x02dc 374 (30 31) */ std %f12,[%sp+2327] -/* 0x02e0 375 (31 33) */ ldx [%sp+2343],%o5 -/* 0x02e4 376 (31 34) */ fsubd %f14,%f8,%f8 -/* 0x02e8 377 (32 35) */ fsubd %f14,%f28,%f4 -/* 0x02ec 378 (33 36) */ fitod %f17,%f12 -/* 0x02f0 379 (33 34) */ add %o5,%g2,%g2 -/* 0x02f4 380 (33 34) */ st %g2,[%i0] -/* 0x02f8 381 (34 36) */ ldx [%sp+2335],%o5 -/* 0x02fc 382 (34 37) */ fitod %f16,%f18 -/* 0x0300 383 (34 35) */ srax %g2,32,%l0 -/* 0x0304 384 (35 37) */ fxnor %f0,%f20,%f16 -/* 0x0308 385 (35 38) */ fmuld %f8,%f6,%f20 -/* 0x030c 386 (36 39) */ fdtox %f10,%f10 -/* 0x0310 387 (36 37) */ std %f10,[%sp+2319] -/* 0x0314 388 (36 37) */ add %o5,%g3,%g3 -/* 0x0318 389 (36 39) */ fmuld %f4,%f6,%f4 -/* 0x031c 390 (37 40) */ fitod %f16,%f8 -/* 0x0320 391 (37 38) */ add %g3,%l0,%g3 -/* 0x0324 392 (37 38) */ st %g3,[%i0+4] -/* 0x0328 393 (38 40) */ ldx [%sp+2327],%o5 -/* 0x032c 394 (38 41) */ fsubd %f14,%f18,%f18 -/* 0x0330 395 (38 39) */ srax %g3,32,%l3 -/* 0x0334 396 (39 41) */ ldx [%sp+2319],%l2 -/* 0x0338 397 (39 42) */ fdtox %f4,%f4 -/* 0x033c 398 (40 41) */ std %f4,[%sp+2311] -/* 0x0340 399 (40 43) */ fdtox %f20,%f20 -/* 0x0344 400 (40 41) */ add %o5,%g4,%g4 -/* 0x0348 401 (41 42) */ std %f20,[%sp+2303] -/* 0x034c 402 (41 44) */ fsubd %f14,%f12,%f4 -/* 0x0350 403 (41 42) */ add %g4,%l3,%g4 -/* 0x0354 404 (41 44) */ fmuld %f18,%f6,%f18 -/* 0x0358 405 (42 43) */ st %g4,[%i0+8] -/* 0x035c 406 (42 45) */ fitod %f17,%f16 -/* 0x0360 407 (42 43) */ srax %g4,32,%l4 -/* 0x0364 408 (43 46) */ ld [%i1+44],%l0 -/* 0x0368 409 (43 46) */ fsubd %f14,%f8,%f20 -/* 0x036c 410 (43 44) */ add %l2,%g5,%l2 -/* 0x0370 411 (44 46) */ ldx [%sp+2311],%g5 -/* 0x0374 412 (44 47) */ fitod %f22,%f8 -/* 0x0378 413 (44 45) */ add %l2,%l4,%l2 -/* 0x037c 414 (44 47) */ fmuld %f4,%f6,%f4 -/* 0x0380 415 (45 46) */ st %l2,[%i0+12] -/* 0x0384 416 (45 48) */ fsubd %f14,%f16,%f10 -/* 0x0388 417 (46 49) */ ld [%i1+52],%l3 -/* 0x038c 418 (46 49) */ fdtox %f18,%f18 -/* 0x0390 419 (46 47) */ add %g5,%o0,%l4 -/* 0x0394 420 (46 49) */ fmuld %f20,%f6,%f12 -/* 0x0398 421 (47 48) */ std %f18,[%sp+2295] -/* 0x039c 422 (47 48) */ srax %l2,32,%o0 -/* 0x03a0 423 (47 50) */ fitod %f23,%f16 -/* 0x03a4 424 (48 51) */ ld [%i1+48],%o5 -/* 0x03a8 425 (48 51) */ fsubd %f14,%f8,%f8 -/* 0x03ac 426 (48 49) */ add %l4,%o0,%l4 -/* 0x03b0 427 (49 50) */ st %l4,[%i0+16] -/* 0x03b4 428 (49 50) */ srax %l4,32,%o0 -/* 0x03b8 429 (49 51) */ fxnor %f0,%f24,%f18 -/* 0x03bc 430 (50 52) */ ldx [%sp+2303],%g5 -/* 0x03c0 431 (50 53) */ fdtox %f4,%f4 -/* 0x03c4 432 (51 52) */ std %f4,[%sp+2287] -/* 0x03c8 433 (51 54) */ fdtox %f12,%f12 -/* 0x03cc 434 (51 54) */ fmuld %f10,%f6,%f4 -/* 0x03d0 435 (52 53) */ std %f12,[%sp+2279] -/* 0x03d4 436 (52 55) */ fsubd %f14,%f16,%f12 -/* 0x03d8 437 (52 53) */ add %g5,%o1,%g2 -/* 0x03dc 438 (52 55) */ fmuld %f8,%f6,%f8 -/* 0x03e0 439 (53 55) */ ldx [%sp+2295],%g5 -/* 0x03e4 440 (53 56) */ fitod %f18,%f10 -/* 0x03e8 441 (53 54) */ add %g2,%o0,%g2 -/* 0x03ec 442 (54 55) */ st %g2,[%i0+20] -/* 0x03f0 443 (54 57) */ fitod %f19,%f16 -/* 0x03f4 444 (54 55) */ srax %g2,32,%o0 -/* 0x03f8 445 (55 58) */ fdtox %f8,%f8 -/* 0x03fc 446 (55 56) */ std %f8,[%sp+2263] -/* 0x0400 447 (55 56) */ add %g5,%o2,%g3 -/* 0x0404 448 (56 58) */ ldx [%sp+2287],%g5 -/* 0x0408 449 (56 59) */ fsubd %f14,%f10,%f10 -/* 0x040c 450 (56 57) */ add %g3,%o0,%g3 -/* 0x0410 451 (57 58) */ st %g3,[%i0+24] -/* 0x0414 452 (57 60) */ fsubd %f14,%f16,%f8 -/* 0x0418 453 (57 58) */ srax %g3,32,%o0 -/* 0x041c 454 (58 61) */ fdtox %f4,%f4 -/* 0x0420 455 (58 59) */ std %f4,[%sp+2271] -/* 0x0424 456 (58 59) */ add %g5,%o3,%g4 -/* 0x0428 457 (59 61) */ fxnor %f0,%f26,%f18 -/* 0x042c 458 (59 62) */ fmuld %f12,%f6,%f4 -/* 0x0430 459 (59 60) */ add %g4,%o0,%g4 -/* 0x0434 460 (60 61) */ st %g4,[%i0+28] -/* 0x0438 461 (60 63) */ fmuld %f10,%f6,%f10 -/* 0x043c 462 (60 61) */ srax %g4,32,%o0 -/* 0x0440 463 (61 63) */ ldx [%sp+2279],%g5 -/* 0x0444 464 (61 64) */ fitod %f18,%f12 -/* 0x0448 465 (61 64) */ fmuld %f8,%f6,%f8 -/* 0x044c 466 (62 65) */ fdtox %f4,%f4 -/* 0x0450 467 (62 63) */ std %f4,[%sp+2255] -/* 0x0454 468 (63 64) */ add %g5,%o4,%l2 -/* 0x0458 469 (63 65) */ ldx [%sp+2271],%g5 -/* 0x045c 470 (63 66) */ fdtox %f10,%f16 -/* 0x0460 471 (64 67) */ fsubd %f14,%f12,%f4 -/* 0x0464 472 (64 65) */ std %f16,[%sp+2247] -/* 0x0468 473 (64 65) */ add %l2,%o0,%l2 -/* 0x046c 474 (65 68) */ fdtox %f8,%f8 -/* 0x0470 475 (65 66) */ std %f8,[%sp+2239] -/* 0x0474 476 (65 66) */ add %g5,%o7,%l4 -/* 0x0478 477 (66 69) */ fitod %f19,%f10 -/* 0x047c 478 (66 68) */ ldx [%sp+2263],%g5 -/* 0x0480 479 (66 67) */ srax %l2,32,%o0 -/* 0x0484 480 (67 68) */ add %l4,%o0,%l4 -/* 0x0488 481 (67 70) */ fmuld %f4,%f6,%f4 -/* 0x048c 482 (67 69) */ ldx [%sp+2255],%o0 -/* 0x0490 483 (68 69) */ srax %l4,32,%o1 -/* 0x0494 484 (68 69) */ add %g5,%l1,%l1 -/* 0x0498 485 (68 69) */ st %l2,[%i0+32] -/* 0x049c 486 (69 72) */ fsubd %f14,%f10,%f8 -/* 0x04a0 487 (69 71) */ ldx [%sp+2239],%o3 -/* 0x04a4 488 (69 70) */ add %l1,%o1,%o1 -/* 0x04a8 489 (70 72) */ ldx [%sp+2247],%g5 -/* 0x04ac 490 (70 71) */ srax %o1,32,%o2 -/* 0x04b0 491 (70 71) */ add %o0,%l0,%o0 -/* 0x04b4 492 (71 74) */ fdtox %f4,%f4 -/* 0x04b8 493 (71 72) */ std %f4,[%sp+2231] -/* 0x04bc 494 (71 72) */ add %o0,%o2,%o2 -/* 0x04c0 495 (72 73) */ add %o3,%l3,%l3 -/* 0x04c4 496 (72 75) */ fmuld %f8,%f6,%f4 -/* 0x04c8 497 (72 73) */ add %g5,%o5,%g5 -/* 0x04cc 498 (73 74) */ srax %o2,32,%o3 -/* 0x04d0 499 (73 74) */ st %l4,[%i0+36] -/* 0x04d4 500 (74 75) */ add %g5,%o3,%g2 -/* 0x04d8 501 (74 76) */ ldx [%sp+2231],%o0 -/* 0x04dc 502 (75 76) */ srax %g2,32,%g3 -/* 0x04e0 503 (75 78) */ fdtox %f4,%f4 -/* 0x04e4 504 (75 76) */ std %f4,[%sp+2223] -/* 0x04e8 505 (76 77) */ st %o1,[%i0+40] -/* 0x04ec 506 (76 77) */ add %l3,%g3,%g3 -/* 0x04f0 507 (76 77) */ add %o0,%l5,%g5 -/* 0x04f4 508 (77 78) */ st %o2,[%i0+44] -/* 0x04f8 509 (77 78) */ srax %g3,32,%g4 -/* 0x04fc 510 (78 79) */ st %g2,[%i0+48] -/* 0x0500 511 (78 79) */ add %g5,%g4,%g4 -/* 0x0504 512 (79 80) */ st %g3,[%i0+52] -/* 0x0508 513 (79 80) */ srax %g4,32,%g5 -/* 0x050c 514 (80 83) */ ld [%i1+60],%g3 -/* 0x0510 515 (81 83) */ ldx [%sp+2223],%g2 -/* 0x0514 516 (82 83) */ st %g4,[%i0+56] -/* 0x0518 517 (83 84) */ add %g2,%g3,%g2 -/* 0x051c 518 (84 85) */ add %g2,%g5,%g2 -/* 0x0520 519 (84 85) */ st %g2,[%i0+60] -/* 0x0524 523 (85 86) */ srax %g2,32,%o3 -/* 0x0528 524 (86 87) */ srl %o3,0,%i0 -/* 0x052c (87 89) */ ret ! Result = %o1 %o0 %f0 %f1 -/* 0x0530 (89 90) */ restore %g0,%g0,%g0 - -! -! ENTRY .L900000157 -! - - .L900000157: /* frequency 1.0 confidence 0.0 */ -/* 0x0534 532 ( 0 1) */ fmovd %f0,%f14 -/* 0x0538 533 ( 0 3) */ ldd [%o0],%f8 -/* 0x053c 539 ( 0 1) */ add %i3,1,%g2 -/* 0x0540 540 ( 1 4) */ ld [%sp+2223],%f7 -/* 0x0544 541 ( 1 2) */ srl %g2,31,%g3 -/* 0x0548 545 ( 1 2) */ add %fp,-217,%g4 -/* 0x054c 546 ( 2 3) */ add %g2,%g3,%g2 -/* 0x0550 547 ( 2 3) */ or %g0,0,%g5 -/* 0x0554 548 ( 2 5) */ ldd [%o0+8],%f18 -/* 0x0558 549 ( 3 4) */ fmovs %f8,%f6 -/* 0x055c 550 ( 3 4) */ sra %g2,1,%o1 -/* 0x0560 551 ( 3 4) */ or %g0,0,%o0 -/* 0x0564 552 ( 4 5) */ subcc %o1,0,%g0 -/* 0x0568 553 ( 5 6) */ or %g0,%o1,%o3 -/* 0x056c 554 ( 5 8) */ fsubd %f6,%f8,%f16 -/* 0x0570 555 ( 5 6) */ ble,pt %icc,.L900000156 ! tprob=0.50 -/* 0x0574 ( 6 7) */ subcc %i3,0,%g0 -/* 0x0578 557 ( 6 7) */ sub %o1,1,%g2 -/* 0x057c 558 ( 7 8) */ or %g0,0,%i0 -/* 0x0580 559 ( 7 8) */ or %g0,1,%g3 -/* 0x0584 560 ( 8 9) */ subcc %o3,10,%g0 -/* 0x0588 561 ( 8 9) */ bl,pn %icc,.L77000077 ! tprob=0.50 -/* 0x058c ( 9 10) */ or %g0,0,%o1 -/* 0x0590 563 ( 9 12) */ ldd [%i2+8],%f0 -/* 0x0594 564 ( 9 10) */ sub %o3,3,%o3 -/* 0x0598 565 (10 13) */ ldd [%i2],%f2 -/* 0x059c 566 (10 11) */ or %g0,7,%o0 -/* 0x05a0 567 (10 11) */ or %g0,2,%i0 -/* 0x05a4 568 (11 13) */ fxnor %f14,%f0,%f8 -/* 0x05a8 569 (11 14) */ ldd [%i2+16],%f4 -/* 0x05ac 570 (11 12) */ or %g0,16,%o2 -/* 0x05b0 571 (12 14) */ fxnor %f14,%f2,%f2 -/* 0x05b4 572 (12 15) */ ldd [%i2+24],%f6 -/* 0x05b8 573 (12 13) */ or %g0,48,%o4 -/* 0x05bc 574 (13 16) */ fitod %f8,%f12 -/* 0x05c0 575 (13 14) */ or %g0,24,%o1 -/* 0x05c4 576 (13 14) */ or %g0,3,%g3 -/* 0x05c8 577 (14 17) */ fitod %f2,%f0 -/* 0x05cc 578 (15 18) */ fitod %f3,%f20 -/* 0x05d0 579 (15 18) */ ldd [%i2+32],%f2 -/* 0x05d4 580 (16 19) */ fitod %f9,%f10 -/* 0x05d8 581 (16 19) */ ldd [%i2+40],%f8 -/* 0x05dc 582 (17 20) */ fsubd %f18,%f0,%f0 -/* 0x05e0 583 (18 21) */ fsubd %f18,%f20,%f22 -/* 0x05e4 584 (19 22) */ fsubd %f18,%f12,%f20 -/* 0x05e8 585 (19 22) */ ldd [%i2+48],%f12 -/* 0x05ec 586 (20 23) */ fsubd %f18,%f10,%f10 -/* 0x05f0 587 (20 23) */ fmuld %f0,%f16,%f0 -/* 0x05f4 588 (21 23) */ fxnor %f14,%f4,%f4 -/* 0x05f8 589 (21 24) */ fmuld %f22,%f16,%f22 -/* 0x05fc 590 (22 24) */ fxnor %f14,%f6,%f6 -/* 0x0600 591 (22 25) */ fmuld %f20,%f16,%f20 -/* 0x0604 592 (23 26) */ fdtox %f0,%f0 -/* 0x0608 593 (23 24) */ std %f0,[%fp-217] -/* 0x060c 594 (23 26) */ fmuld %f10,%f16,%f10 -/* 0x0610 595 (24 27) */ fdtox %f22,%f22 -/* 0x0614 596 (24 25) */ std %f22,[%fp-209] -/* 0x0618 597 (25 28) */ fitod %f5,%f0 -/* 0x061c 598 (26 29) */ fdtox %f10,%f10 -/* 0x0620 599 (27 30) */ fdtox %f20,%f20 -/* 0x0624 600 (27 28) */ std %f20,[%fp-201] -/* 0x0628 601 (28 31) */ fitod %f4,%f4 -/* 0x062c 602 (28 29) */ std %f10,[%fp-193] -/* 0x0630 603 (29 31) */ fxnor %f14,%f2,%f10 -/* 0x0634 604 (30 33) */ fitod %f7,%f2 -/* 0x0638 605 (31 34) */ fsubd %f18,%f0,%f0 -/* 0x063c 606 (32 35) */ fsubd %f18,%f4,%f4 -/* 0x0640 607 (33 35) */ fxnor %f14,%f8,%f8 - -! -! ENTRY .L900000144 -! - - .L900000144: /* frequency 1.0 confidence 0.0 */ -/* 0x0644 609 ( 0 3) */ fitod %f11,%f22 -/* 0x0648 610 ( 0 1) */ add %o0,3,%o0 -/* 0x064c 611 ( 0 1) */ add %g3,6,%g3 -/* 0x0650 612 ( 0 3) */ fmuld %f0,%f16,%f0 -/* 0x0654 613 ( 1 4) */ fmuld %f4,%f16,%f24 -/* 0x0658 614 ( 1 2) */ subcc %o0,%o3,%g0 -/* 0x065c 615 ( 1 2) */ add %i0,6,%i0 -/* 0x0660 616 ( 1 4) */ fsubd %f18,%f2,%f2 -/* 0x0664 617 ( 2 5) */ fitod %f6,%f4 -/* 0x0668 618 ( 3 6) */ fdtox %f0,%f0 -/* 0x066c 619 ( 3 4) */ add %o4,8,%i1 -/* 0x0670 620 ( 4 7) */ ldd [%i2+%i1],%f20 -/* 0x0674 621 ( 4 7) */ fdtox %f24,%f6 -/* 0x0678 622 ( 4 5) */ add %o2,16,%o4 -/* 0x067c 623 ( 5 8) */ fsubd %f18,%f4,%f4 -/* 0x0680 624 ( 5 6) */ std %f6,[%o4+%g4] -/* 0x0684 625 ( 5 6) */ add %o1,16,%o2 -/* 0x0688 626 ( 6 8) */ fxnor %f14,%f12,%f6 -/* 0x068c 627 ( 6 7) */ std %f0,[%o2+%g4] -/* 0x0690 628 ( 7 10) */ fitod %f9,%f0 -/* 0x0694 629 ( 7 10) */ fmuld %f2,%f16,%f2 -/* 0x0698 630 ( 8 11) */ fmuld %f4,%f16,%f24 -/* 0x069c 631 ( 8 11) */ fsubd %f18,%f22,%f12 -/* 0x06a0 632 ( 9 12) */ fitod %f10,%f4 -/* 0x06a4 633 (10 13) */ fdtox %f2,%f2 -/* 0x06a8 634 (10 11) */ add %i1,8,%o1 -/* 0x06ac 635 (11 14) */ ldd [%i2+%o1],%f22 -/* 0x06b0 636 (11 14) */ fdtox %f24,%f10 -/* 0x06b4 637 (11 12) */ add %o4,16,%i4 -/* 0x06b8 638 (12 15) */ fsubd %f18,%f4,%f4 -/* 0x06bc 639 (12 13) */ std %f10,[%i4+%g4] -/* 0x06c0 640 (12 13) */ add %o2,16,%i1 -/* 0x06c4 641 (13 15) */ fxnor %f14,%f20,%f10 -/* 0x06c8 642 (13 14) */ std %f2,[%i1+%g4] -/* 0x06cc 643 (14 17) */ fitod %f7,%f2 -/* 0x06d0 644 (14 17) */ fmuld %f12,%f16,%f12 -/* 0x06d4 645 (15 18) */ fmuld %f4,%f16,%f24 -/* 0x06d8 646 (15 18) */ fsubd %f18,%f0,%f0 -/* 0x06dc 647 (16 19) */ fitod %f8,%f4 -/* 0x06e0 648 (17 20) */ fdtox %f12,%f20 -/* 0x06e4 649 (17 18) */ add %o1,8,%o4 -/* 0x06e8 650 (18 21) */ ldd [%i2+%o4],%f12 -/* 0x06ec 651 (18 21) */ fdtox %f24,%f8 -/* 0x06f0 652 (18 19) */ add %i4,16,%o2 -/* 0x06f4 653 (19 22) */ fsubd %f18,%f4,%f4 -/* 0x06f8 654 (19 20) */ std %f8,[%o2+%g4] -/* 0x06fc 655 (19 20) */ add %i1,16,%o1 -/* 0x0700 656 (20 22) */ fxnor %f14,%f22,%f8 -/* 0x0704 657 (20 21) */ ble,pt %icc,.L900000144 ! tprob=0.50 -/* 0x0708 (20 21) */ std %f20,[%o1+%g4] - -! -! ENTRY .L900000147 -! - - .L900000147: /* frequency 1.0 confidence 0.0 */ -/* 0x070c 660 ( 0 3) */ fitod %f6,%f6 -/* 0x0710 661 ( 0 3) */ fmuld %f4,%f16,%f24 -/* 0x0714 662 ( 0 1) */ add %i4,32,%l4 -/* 0x0718 663 ( 1 4) */ fsubd %f18,%f2,%f2 -/* 0x071c 664 ( 1 4) */ fmuld %f0,%f16,%f22 -/* 0x0720 665 ( 1 2) */ add %i1,32,%l3 -/* 0x0724 666 ( 2 5) */ fitod %f10,%f28 -/* 0x0728 667 ( 2 3) */ sra %o0,0,%o2 -/* 0x072c 668 ( 2 3) */ add %i4,48,%l2 -/* 0x0730 669 ( 3 6) */ fsubd %f18,%f6,%f4 -/* 0x0734 670 ( 3 4) */ add %i1,48,%l1 -/* 0x0738 671 ( 3 4) */ add %i4,64,%l0 -/* 0x073c 672 ( 4 7) */ fitod %f11,%f26 -/* 0x0740 673 ( 4 5) */ sllx %o2,3,%o1 -/* 0x0744 674 ( 4 5) */ add %i1,64,%i5 -/* 0x0748 675 ( 5 8) */ fitod %f8,%f6 -/* 0x074c 676 ( 5 6) */ add %i4,80,%i4 -/* 0x0750 677 ( 5 6) */ add %i1,80,%i1 -/* 0x0754 678 ( 6 8) */ fxnor %f14,%f12,%f0 -/* 0x0758 679 ( 6 9) */ fmuld %f4,%f16,%f20 -/* 0x075c 680 ( 6 7) */ add %i4,16,%o4 -/* 0x0760 681 ( 7 10) */ fitod %f9,%f4 -/* 0x0764 682 ( 7 10) */ fmuld %f2,%f16,%f12 -/* 0x0768 683 ( 7 8) */ add %i1,16,%o3 -/* 0x076c 684 ( 8 11) */ fsubd %f18,%f28,%f10 -/* 0x0770 685 ( 8 9) */ subcc %o0,%g2,%g0 -/* 0x0774 686 ( 8 9) */ add %g3,12,%g3 -/* 0x0778 687 ( 9 12) */ fitod %f0,%f2 -/* 0x077c 688 (10 13) */ fsubd %f18,%f26,%f8 -/* 0x0780 689 (11 14) */ fitod %f1,%f0 -/* 0x0784 690 (11 14) */ fmuld %f10,%f16,%f10 -/* 0x0788 691 (12 15) */ fdtox %f24,%f24 -/* 0x078c 692 (12 13) */ std %f24,[%l4+%g4] -/* 0x0790 693 (12 13) */ add %i0,12,%i0 -/* 0x0794 694 (13 16) */ fsubd %f18,%f6,%f6 -/* 0x0798 695 (13 16) */ fmuld %f8,%f16,%f8 -/* 0x079c 696 (14 17) */ fdtox %f22,%f22 -/* 0x07a0 697 (14 15) */ std %f22,[%l3+%g4] -/* 0x07a4 698 (15 18) */ fsubd %f18,%f4,%f4 -/* 0x07a8 699 (16 19) */ fdtox %f20,%f20 -/* 0x07ac 700 (16 17) */ std %f20,[%l2+%g4] -/* 0x07b0 701 (16 19) */ fmuld %f6,%f16,%f6 -/* 0x07b4 702 (17 20) */ fsubd %f18,%f2,%f2 -/* 0x07b8 703 (18 21) */ fsubd %f18,%f0,%f0 -/* 0x07bc 704 (18 21) */ fmuld %f4,%f16,%f4 -/* 0x07c0 705 (19 22) */ fdtox %f12,%f12 -/* 0x07c4 706 (19 20) */ std %f12,[%l1+%g4] -/* 0x07c8 707 (20 23) */ fdtox %f10,%f10 -/* 0x07cc 708 (20 21) */ std %f10,[%l0+%g4] -/* 0x07d0 709 (20 23) */ fmuld %f2,%f16,%f2 -/* 0x07d4 710 (21 24) */ fdtox %f8,%f8 -/* 0x07d8 711 (21 22) */ std %f8,[%i5+%g4] -/* 0x07dc 712 (21 24) */ fmuld %f0,%f16,%f0 -/* 0x07e0 713 (22 25) */ fdtox %f6,%f6 -/* 0x07e4 714 (22 23) */ std %f6,[%i4+%g4] -/* 0x07e8 715 (23 26) */ fdtox %f4,%f4 -/* 0x07ec 716 (23 24) */ std %f4,[%i1+%g4] -/* 0x07f0 717 (24 27) */ fdtox %f2,%f2 -/* 0x07f4 718 (24 25) */ std %f2,[%o4+%g4] -/* 0x07f8 719 (25 28) */ fdtox %f0,%f0 -/* 0x07fc 720 (25 26) */ bg,pn %icc,.L77000043 ! tprob=0.50 -/* 0x0800 (25 26) */ std %f0,[%o3+%g4] - -! -! ENTRY .L77000077 -! - - .L77000077: /* frequency 1.0 confidence 0.0 */ -/* 0x0804 723 ( 0 3) */ ldd [%i2+%o1],%f0 - -! -! ENTRY .L900000155 -! - - .L900000155: /* frequency 1.0 confidence 0.0 */ -/* 0x0808 725 ( 0 2) */ fxnor %f14,%f0,%f0 -/* 0x080c 726 ( 0 1) */ sra %i0,0,%o1 -/* 0x0810 727 ( 0 1) */ add %o0,1,%o0 -/* 0x0814 728 ( 1 2) */ sllx %o1,3,%i4 -/* 0x0818 729 ( 1 2) */ add %i0,2,%i0 -/* 0x081c 730 ( 2 5) */ fitod %f0,%f2 -/* 0x0820 731 ( 2 3) */ sra %g3,0,%o1 -/* 0x0824 732 ( 2 3) */ add %g3,2,%g3 -/* 0x0828 733 ( 3 6) */ fitod %f1,%f0 -/* 0x082c 734 ( 3 4) */ sllx %o1,3,%i1 -/* 0x0830 735 ( 3 4) */ subcc %o0,%g2,%g0 -/* 0x0834 736 ( 4 5) */ sra %o0,0,%o2 -/* 0x0838 737 ( 5 8) */ fsubd %f18,%f2,%f2 -/* 0x083c 738 ( 5 6) */ sllx %o2,3,%o1 -/* 0x0840 739 ( 6 9) */ fsubd %f18,%f0,%f0 -/* 0x0844 740 ( 8 11) */ fmuld %f2,%f16,%f2 -/* 0x0848 741 ( 9 12) */ fmuld %f0,%f16,%f0 -/* 0x084c 742 (11 14) */ fdtox %f2,%f2 -/* 0x0850 743 (11 12) */ std %f2,[%i4+%g4] -/* 0x0854 744 (12 15) */ fdtox %f0,%f0 -/* 0x0858 745 (12 13) */ std %f0,[%i1+%g4] -/* 0x085c 746 (12 13) */ ble,a,pt %icc,.L900000155 ! tprob=0.50 -/* 0x0860 (14 17) */ ldd [%i2+%o1],%f0 - -! -! ENTRY .L77000043 -! - - .L77000043: /* frequency 1.0 confidence 0.0 */ -/* 0x0864 754 ( 0 1) */ subcc %i3,0,%g0 - -! -! ENTRY .L900000156 -! - - .L900000156: /* frequency 1.0 confidence 0.0 */ -/* 0x0868 756 ( 0 1) */ ble,a,pt %icc,.L77000061 ! tprob=0.50 -/* 0x086c ( 0 1) */ or %g0,%g5,%o3 -/* 0x0870 761 ( 0 2) */ ldx [%fp-209],%i1 -/* 0x0874 762 ( 1 2) */ sub %i3,1,%g3 -/* 0x0878 763 ( 1 2) */ or %g0,0,%i0 -/* 0x087c 764 ( 2 3) */ subcc %i3,5,%g0 -/* 0x0880 765 ( 2 3) */ bl,pn %icc,.L77000078 ! tprob=0.50 -/* 0x0884 ( 2 4) */ ldx [%fp-217],%i2 -/* 0x0888 767 ( 3 6) */ ld [%o5],%i3 -/* 0x088c 768 ( 3 4) */ or %g0,8,%g2 -/* 0x0890 769 ( 3 4) */ or %g0,16,%o4 -/* 0x0894 770 ( 4 5) */ sub %g3,1,%o3 -/* 0x0898 771 ( 4 5) */ or %g0,3,%i0 -/* 0x089c 772 ( 5 6) */ add %i2,%i3,%o1 -/* 0x08a0 773 ( 5 8) */ ld [%o5+4],%i2 -/* 0x08a4 774 ( 6 7) */ st %o1,[%o7] -/* 0x08a8 775 ( 6 7) */ srax %o1,32,%o1 -/* 0x08ac 776 ( 7 9) */ ldx [%fp-201],%o2 -/* 0x08b0 777 ( 7 8) */ add %i1,%i2,%o0 -/* 0x08b4 778 ( 7 8) */ or %g0,%o1,%i1 -/* 0x08b8 779 ( 8 11) */ ld [%o5+8],%o1 -/* 0x08bc 780 ( 8 9) */ add %o0,%i1,%o0 -/* 0x08c0 781 ( 9 10) */ st %o0,[%o7+4] -/* 0x08c4 782 ( 9 10) */ srax %o0,32,%o0 - -! -! ENTRY .L900000140 -! - - .L900000140: /* frequency 1.0 confidence 0.0 */ -/* 0x08c8 784 ( 0 1) */ add %g2,4,%i1 -/* 0x08cc 785 ( 0 1) */ add %o4,8,%o4 -/* 0x08d0 786 ( 1 3) */ ldx [%o4+%g4],%i2 -/* 0x08d4 787 ( 1 2) */ sra %o0,0,%g5 -/* 0x08d8 788 ( 1 2) */ add %o2,%o1,%o1 -/* 0x08dc 789 ( 2 5) */ ld [%o5+%i1],%o0 -/* 0x08e0 790 ( 2 3) */ add %o1,%g5,%o1 -/* 0x08e4 791 ( 2 3) */ add %i0,2,%i0 -/* 0x08e8 792 ( 3 4) */ st %o1,[%o7+%g2] -/* 0x08ec 793 ( 3 4) */ srax %o1,32,%g5 -/* 0x08f0 794 ( 3 4) */ subcc %i0,%o3,%g0 -/* 0x08f4 795 ( 4 5) */ add %g2,8,%g2 -/* 0x08f8 796 ( 4 5) */ add %o4,8,%o4 -/* 0x08fc 797 ( 5 7) */ ldx [%o4+%g4],%o2 -/* 0x0900 798 ( 5 6) */ add %i2,%o0,%o0 -/* 0x0904 799 ( 6 9) */ ld [%o5+%g2],%o1 -/* 0x0908 800 ( 6 7) */ add %o0,%g5,%o0 -/* 0x090c 801 ( 7 8) */ st %o0,[%o7+%i1] -/* 0x0910 802 ( 7 8) */ ble,pt %icc,.L900000140 ! tprob=0.50 -/* 0x0914 ( 7 8) */ srax %o0,32,%o0 - -! -! ENTRY .L900000143 -! - - .L900000143: /* frequency 1.0 confidence 0.0 */ -/* 0x0918 805 ( 0 1) */ sra %o0,0,%o3 -/* 0x091c 806 ( 0 1) */ add %o2,%o1,%o0 -/* 0x0920 807 ( 1 2) */ add %o0,%o3,%o0 -/* 0x0924 808 ( 1 2) */ st %o0,[%o7+%g2] -/* 0x0928 809 ( 1 2) */ subcc %i0,%g3,%g0 -/* 0x092c 810 ( 2 3) */ srax %o0,32,%g5 -/* 0x0930 811 ( 2 3) */ bg,a,pn %icc,.L77000061 ! tprob=0.50 -/* 0x0934 ( 3 4) */ or %g0,%g5,%o3 - -! -! ENTRY .L77000078 -! - - .L77000078: /* frequency 1.0 confidence 0.0 */ -/* 0x0938 814 ( 0 1) */ sra %i0,0,%o0 - -! -! ENTRY .L900000154 -! - - .L900000154: /* frequency 1.0 confidence 0.0 */ -/* 0x093c 816 ( 0 1) */ sllx %o0,2,%g2 -/* 0x0940 817 ( 0 1) */ add %i0,1,%i0 -/* 0x0944 818 ( 1 2) */ sllx %o0,3,%o4 -/* 0x0948 819 ( 1 4) */ ld [%o5+%g2],%o2 -/* 0x094c 820 ( 1 2) */ subcc %i0,%g3,%g0 -/* 0x0950 821 ( 2 4) */ ldx [%o4+%g4],%o0 -/* 0x0954 822 ( 2 3) */ sra %g5,0,%o1 -/* 0x0958 823 ( 4 5) */ add %o0,%o2,%o0 -/* 0x095c 824 ( 5 6) */ add %o0,%o1,%o0 -/* 0x0960 825 ( 5 6) */ st %o0,[%o7+%g2] -/* 0x0964 826 ( 6 7) */ srax %o0,32,%g5 -/* 0x0968 827 ( 6 7) */ ble,pt %icc,.L900000154 ! tprob=0.50 -/* 0x096c ( 7 8) */ sra %i0,0,%o0 - -! -! ENTRY .L77000047 -! - - .L77000047: /* frequency 1.0 confidence 0.0 */ -/* 0x0970 834 ( 0 1) */ or %g0,%g5,%o3 - -! -! ENTRY .L77000061 -! - - .L77000061: /* frequency 1.0 confidence 0.0 */ - -/* 0x0974 835 ( 1 2) */ srl %o3,0,%i0 -/* 0x0978 ( 2 4) */ ret ! Result = %o1 %o0 %f0 %f1 -/* 0x097c ( 4 5) */ restore %g0,%g0,%g0 - -! -! ENTRY .L77000048 -! - - .L77000048: /* frequency 1.0 confidence 0.0 */ -/* 0x0980 844 ( 0 1) */ bne,pn %icc,.L77000050 ! tprob=0.50 -/* 0x0984 ( 0 1) */ sethi %hi(0xfff80000),%g2 -/* 0x0988 854 ( 0 3) */ ldd [%o2],%f4 -/* 0x098c 855 ( 1 4) */ ldd [%o0],%f6 -/* 0x0990 856 ( 1 2) */ srl %i4,19,%g3 -/* 0x0994 857 ( 1 2) */ andn %i4,%g2,%g2 -/* 0x0998 858 ( 2 3) */ st %g3,[%sp+2351] -/* 0x099c 859 ( 2 4) */ fxnor %f0,%f4,%f4 -/* 0x09a0 860 ( 3 4) */ st %g2,[%sp+2355] -/* 0x09a4 861 ( 4 7) */ ldd [%o2+8],%f12 -/* 0x09a8 862 ( 4 7) */ fitod %f4,%f10 -/* 0x09ac 863 ( 5 8) */ ldd [%o0+8],%f16 -/* 0x09b0 864 ( 5 8) */ fitod %f5,%f4 -/* 0x09b4 865 ( 6 9) */ ldd [%o2+16],%f18 -/* 0x09b8 866 ( 6 8) */ fxnor %f0,%f12,%f12 -/* 0x09bc 867 ( 7 10) */ ld [%sp+2351],%f9 -/* 0x09c0 868 ( 7 10) */ fsubd %f16,%f10,%f10 -/* 0x09c4 869 ( 8 11) */ ld [%sp+2355],%f15 -/* 0x09c8 870 ( 8 11) */ fitod %f12,%f22 -/* 0x09cc 871 ( 9 12) */ ldd [%o2+24],%f20 -/* 0x09d0 872 ( 9 12) */ fitod %f13,%f12 -/* 0x09d4 876 (10 13) */ ld [%i1],%g2 -/* 0x09d8 877 (10 13) */ fsubd %f16,%f4,%f4 -/* 0x09dc 878 (11 14) */ ld [%i1+4],%g3 -/* 0x09e0 879 (11 14) */ fsubd %f16,%f22,%f22 -/* 0x09e4 880 (12 15) */ ld [%i1+8],%g4 -/* 0x09e8 881 (12 14) */ fxnor %f0,%f18,%f18 -/* 0x09ec 882 (13 16) */ ld [%i1+12],%g5 -/* 0x09f0 883 (13 16) */ fsubd %f16,%f12,%f12 -/* 0x09f4 884 (14 17) */ ld [%i1+16],%o0 -/* 0x09f8 885 (14 17) */ fitod %f18,%f26 -/* 0x09fc 886 (15 18) */ ld [%i1+20],%o1 -/* 0x0a00 887 (15 17) */ fxnor %f0,%f20,%f20 -/* 0x0a04 888 (16 19) */ ld [%i1+24],%o2 -/* 0x0a08 889 (17 20) */ ld [%i1+28],%o3 -/* 0x0a0c 890 (19 20) */ fmovs %f6,%f8 -/* 0x0a10 891 (20 21) */ fmovs %f6,%f14 -/* 0x0a14 892 (22 25) */ fsubd %f8,%f6,%f8 -/* 0x0a18 893 (23 26) */ fsubd %f14,%f6,%f6 -/* 0x0a1c 894 (25 28) */ fmuld %f10,%f8,%f14 -/* 0x0a20 895 (26 29) */ fmuld %f10,%f6,%f10 -/* 0x0a24 896 (27 30) */ fmuld %f4,%f8,%f24 -/* 0x0a28 897 (28 31) */ fdtox %f14,%f14 -/* 0x0a2c 898 (28 29) */ std %f14,[%sp+2335] -/* 0x0a30 899 (28 31) */ fmuld %f22,%f8,%f28 -/* 0x0a34 900 (29 32) */ fitod %f19,%f14 -/* 0x0a38 901 (29 32) */ fmuld %f22,%f6,%f18 -/* 0x0a3c 902 (30 33) */ fdtox %f10,%f10 -/* 0x0a40 903 (30 31) */ std %f10,[%sp+2343] -/* 0x0a44 904 (30 33) */ fmuld %f4,%f6,%f4 -/* 0x0a48 905 (31 34) */ fmuld %f12,%f8,%f22 -/* 0x0a4c 906 (32 35) */ fdtox %f18,%f18 -/* 0x0a50 907 (32 33) */ std %f18,[%sp+2311] -/* 0x0a54 908 (32 35) */ fmuld %f12,%f6,%f10 -/* 0x0a58 909 (33 35) */ ldx [%sp+2335],%o4 -/* 0x0a5c 910 (33 36) */ fdtox %f24,%f12 -/* 0x0a60 911 (34 35) */ std %f12,[%sp+2319] -/* 0x0a64 912 (34 37) */ fsubd %f16,%f26,%f12 -/* 0x0a68 913 (35 37) */ ldx [%sp+2343],%o5 -/* 0x0a6c 914 (35 36) */ sllx %o4,19,%o4 -/* 0x0a70 915 (35 38) */ fdtox %f4,%f4 -/* 0x0a74 916 (36 37) */ std %f4,[%sp+2327] -/* 0x0a78 917 (36 39) */ fdtox %f28,%f24 -/* 0x0a7c 918 (37 38) */ std %f24,[%sp+2303] -/* 0x0a80 919 (37 40) */ fitod %f20,%f4 -/* 0x0a84 920 (37 38) */ add %o5,%o4,%o4 -/* 0x0a88 921 (37 40) */ fmuld %f12,%f8,%f24 -/* 0x0a8c 922 (38 40) */ ldx [%sp+2319],%o7 -/* 0x0a90 923 (38 41) */ fsubd %f16,%f14,%f14 -/* 0x0a94 924 (38 39) */ add %o4,%g2,%o4 -/* 0x0a98 925 (38 41) */ fmuld %f12,%f6,%f12 -/* 0x0a9c 926 (39 41) */ ldx [%sp+2327],%o5 -/* 0x0aa0 927 (39 42) */ fitod %f21,%f18 -/* 0x0aa4 928 (40 41) */ st %o4,[%i0] -/* 0x0aa8 929 (40 41) */ sllx %o7,19,%o7 -/* 0x0aac 930 (40 43) */ fdtox %f22,%f20 -/* 0x0ab0 931 (41 42) */ std %f20,[%sp+2287] -/* 0x0ab4 932 (41 44) */ fdtox %f10,%f10 -/* 0x0ab8 933 (41 42) */ add %o5,%o7,%o5 -/* 0x0abc 934 (41 44) */ fmuld %f14,%f8,%f20 -/* 0x0ac0 935 (42 43) */ std %f10,[%sp+2295] -/* 0x0ac4 936 (42 43) */ srlx %o4,32,%o7 -/* 0x0ac8 937 (42 45) */ fsubd %f16,%f4,%f4 -/* 0x0acc 938 (42 45) */ fmuld %f14,%f6,%f14 -/* 0x0ad0 939 (43 45) */ ldx [%sp+2311],%g2 -/* 0x0ad4 940 (43 46) */ fdtox %f24,%f10 -/* 0x0ad8 941 (43 44) */ add %o5,%g3,%g3 -/* 0x0adc 942 (44 45) */ std %f10,[%sp+2271] -/* 0x0ae0 943 (44 45) */ add %g3,%o7,%g3 -/* 0x0ae4 944 (44 47) */ fdtox %f12,%f12 -/* 0x0ae8 945 (45 47) */ ldx [%sp+2303],%l0 -/* 0x0aec 946 (45 48) */ fsubd %f16,%f18,%f10 -/* 0x0af0 947 (45 48) */ fmuld %f4,%f8,%f16 -/* 0x0af4 948 (46 47) */ std %f12,[%sp+2279] -/* 0x0af8 949 (46 49) */ fdtox %f20,%f12 -/* 0x0afc 950 (46 49) */ fmuld %f4,%f6,%f4 -/* 0x0b00 951 (47 48) */ std %f12,[%sp+2255] -/* 0x0b04 952 (47 48) */ sllx %l0,19,%l0 -/* 0x0b08 953 (47 50) */ fdtox %f14,%f12 -/* 0x0b0c 954 (48 50) */ ldx [%sp+2287],%o5 -/* 0x0b10 955 (48 49) */ add %g2,%l0,%g2 -/* 0x0b14 956 (48 51) */ fmuld %f10,%f8,%f8 -/* 0x0b18 957 (49 51) */ ldx [%sp+2295],%l1 -/* 0x0b1c 958 (49 50) */ srlx %g3,32,%l0 -/* 0x0b20 959 (49 50) */ add %g2,%g4,%g4 -/* 0x0b24 960 (49 52) */ fmuld %f10,%f6,%f6 -/* 0x0b28 961 (50 51) */ std %f12,[%sp+2263] -/* 0x0b2c 962 (50 51) */ sllx %o5,19,%g2 -/* 0x0b30 963 (50 51) */ add %g4,%l0,%g4 -/* 0x0b34 964 (51 53) */ ldx [%sp+2279],%l0 -/* 0x0b38 965 (51 52) */ srlx %g4,32,%o5 -/* 0x0b3c 966 (51 52) */ add %l1,%g2,%g2 -/* 0x0b40 967 (52 53) */ st %g3,[%i0+4] -/* 0x0b44 968 (52 53) */ add %g2,%g5,%g2 -/* 0x0b48 969 (52 55) */ fdtox %f16,%f10 -/* 0x0b4c 970 (53 55) */ ldx [%sp+2271],%o7 -/* 0x0b50 971 (53 54) */ add %g2,%o5,%g2 -/* 0x0b54 972 (53 56) */ fdtox %f4,%f4 -/* 0x0b58 973 (54 55) */ std %f10,[%sp+2239] -/* 0x0b5c 974 (55 56) */ sllx %o7,19,%o7 -/* 0x0b60 975 (55 56) */ std %f4,[%sp+2247] -/* 0x0b64 976 (55 58) */ fdtox %f8,%f4 -/* 0x0b68 977 (56 57) */ add %l0,%o7,%o7 -/* 0x0b6c 978 (56 58) */ ldx [%sp+2263],%o5 -/* 0x0b70 979 (57 58) */ add %o7,%o0,%o0 -/* 0x0b74 980 (57 58) */ std %f4,[%sp+2223] -/* 0x0b78 981 (57 60) */ fdtox %f6,%f4 -/* 0x0b7c 982 (58 60) */ ldx [%sp+2255],%g5 -/* 0x0b80 983 (58 59) */ srlx %g2,32,%o7 -/* 0x0b84 984 (59 60) */ std %f4,[%sp+2231] -/* 0x0b88 985 (59 60) */ add %o0,%o7,%o0 -/* 0x0b8c 986 (60 61) */ sllx %g5,19,%g5 -/* 0x0b90 987 (60 62) */ ldx [%sp+2247],%l1 -/* 0x0b94 988 (61 62) */ add %o5,%g5,%g5 -/* 0x0b98 989 (61 62) */ st %g2,[%i0+12] -/* 0x0b9c 990 (62 64) */ ldx [%sp+2239],%l0 -/* 0x0ba0 991 (62 63) */ srlx %o0,32,%o4 -/* 0x0ba4 992 (62 63) */ add %g5,%o1,%o1 -/* 0x0ba8 993 (63 64) */ add %o1,%o4,%o1 -/* 0x0bac 994 (63 65) */ ldx [%sp+2223],%o7 -/* 0x0bb0 995 (64 65) */ sllx %l0,19,%g3 -/* 0x0bb4 996 (64 66) */ ldx [%sp+2231],%o5 -/* 0x0bb8 997 (65 66) */ add %l1,%g3,%o4 -/* 0x0bbc 998 (65 66) */ st %o0,[%i0+16] -/* 0x0bc0 999 (66 67) */ add %o4,%o2,%o2 -/* 0x0bc4 1000 (66 67) */ st %o1,[%i0+20] -/* 0x0bc8 1001 (67 68) */ srlx %o1,32,%o4 -/* 0x0bcc 1002 (67 68) */ st %g4,[%i0+8] -/* 0x0bd0 1003 (68 69) */ sllx %o7,19,%g2 -/* 0x0bd4 1004 (68 69) */ add %o2,%o4,%o4 -/* 0x0bd8 1005 (68 69) */ st %o4,[%i0+24] -/* 0x0bdc 1006 (69 70) */ add %o5,%g2,%g2 -/* 0x0be0 1007 (70 71) */ srlx %o4,32,%g3 -/* 0x0be4 1008 (70 71) */ add %g2,%o3,%g2 -/* 0x0be8 1009 (71 72) */ add %g2,%g3,%g2 -/* 0x0bec 1010 (71 72) */ st %g2,[%i0+28] -/* 0x0bf0 1014 (72 73) */ srlx %g2,32,%o3 -/* 0x0bf4 1015 (73 74) */ srl %o3,0,%i0 -/* 0x0bf8 (74 76) */ ret ! Result = %o1 %o0 %f0 %f1 -/* 0x0bfc (76 77) */ restore %g0,%g0,%g0 - -! -! ENTRY .L77000050 -! - - .L77000050: /* frequency 1.0 confidence 0.0 */ -/* 0x0c00 1022 ( 0 1) */ subcc %i3,16,%g0 -/* 0x0c04 1023 ( 0 1) */ bne,pn %icc,.L77000073 ! tprob=0.50 -/* 0x0c08 ( 0 1) */ sethi %hi(0xfff80000),%g2 -/* 0x0c0c 1034 ( 1 4) */ ldd [%o2],%f4 -/* 0x0c10 1035 ( 1 2) */ andn %i4,%g2,%g2 -/* 0x0c14 1036 ( 2 3) */ st %g2,[%sp+2483] -/* 0x0c18 1037 ( 2 3) */ srl %i4,19,%g2 -/* 0x0c1c 1038 ( 3 4) */ st %g2,[%sp+2479] -/* 0x0c20 1039 ( 3 5) */ fxnor %f0,%f4,%f4 -/* 0x0c24 1040 ( 4 7) */ ldd [%o0],%f8 -/* 0x0c28 1041 ( 5 8) */ fitod %f4,%f10 -/* 0x0c2c 1042 ( 5 8) */ ldd [%o0+8],%f16 -/* 0x0c30 1043 ( 6 9) */ ldd [%o2+8],%f14 -/* 0x0c34 1044 ( 6 9) */ fitod %f5,%f4 -/* 0x0c38 1045 ( 7 10) */ ld [%sp+2483],%f13 -/* 0x0c3c 1046 ( 8 11) */ ld [%sp+2479],%f7 -/* 0x0c40 1047 ( 8 11) */ fsubd %f16,%f10,%f10 -/* 0x0c44 1048 ( 9 11) */ fxnor %f0,%f14,%f14 -/* 0x0c48 1049 (10 13) */ fsubd %f16,%f4,%f4 -/* 0x0c4c 1050 (14 15) */ fmovs %f8,%f12 -/* 0x0c50 1051 (15 16) */ fmovs %f8,%f6 -/* 0x0c54 1052 (17 20) */ fsubd %f12,%f8,%f12 -/* 0x0c58 1053 (18 21) */ fsubd %f6,%f8,%f6 -/* 0x0c5c 1054 (19 22) */ fitod %f14,%f8 -/* 0x0c60 1055 (20 23) */ fmuld %f10,%f12,%f18 -/* 0x0c64 1056 (20 23) */ fitod %f15,%f14 -/* 0x0c68 1057 (21 24) */ fmuld %f10,%f6,%f10 -/* 0x0c6c 1058 (22 25) */ fsubd %f16,%f8,%f8 -/* 0x0c70 1059 (22 25) */ fmuld %f4,%f12,%f20 -/* 0x0c74 1060 (23 26) */ fmuld %f4,%f6,%f4 -/* 0x0c78 1061 (23 26) */ fsubd %f16,%f14,%f14 -/* 0x0c7c 1062 (24 27) */ fdtox %f10,%f10 -/* 0x0c80 1063 (24 25) */ std %f10,[%sp+2463] -/* 0x0c84 1064 (25 28) */ fmuld %f8,%f12,%f10 -/* 0x0c88 1065 (25 28) */ fdtox %f18,%f18 -/* 0x0c8c 1066 (25 26) */ std %f18,[%sp+2471] -/* 0x0c90 1067 (26 29) */ fmuld %f8,%f6,%f8 -/* 0x0c94 1068 (26 29) */ fdtox %f4,%f4 -/* 0x0c98 1069 (26 27) */ std %f4,[%sp+2447] -/* 0x0c9c 1070 (27 30) */ fmuld %f14,%f12,%f4 -/* 0x0ca0 1071 (27 30) */ fdtox %f20,%f18 -/* 0x0ca4 1072 (27 28) */ std %f18,[%sp+2455] -/* 0x0ca8 1073 (28 31) */ fdtox %f10,%f10 -/* 0x0cac 1074 (28 29) */ std %f10,[%sp+2439] -/* 0x0cb0 1075 (28 31) */ fmuld %f14,%f6,%f14 -/* 0x0cb4 1076 (29 32) */ fdtox %f8,%f8 -/* 0x0cb8 1077 (29 30) */ std %f8,[%sp+2431] -/* 0x0cbc 1078 (30 33) */ ldd [%o2+16],%f10 -/* 0x0cc0 1079 (30 33) */ fdtox %f4,%f4 -/* 0x0cc4 1080 (31 34) */ ldd [%o2+24],%f8 -/* 0x0cc8 1081 (31 34) */ fdtox %f14,%f14 -/* 0x0ccc 1082 (32 33) */ std %f4,[%sp+2423] -/* 0x0cd0 1083 (32 34) */ fxnor %f0,%f10,%f10 -/* 0x0cd4 1084 (33 35) */ fxnor %f0,%f8,%f4 -/* 0x0cd8 1085 (33 34) */ std %f14,[%sp+2415] -/* 0x0cdc 1086 (34 37) */ fitod %f10,%f8 -/* 0x0ce0 1087 (35 38) */ fitod %f11,%f10 -/* 0x0ce4 1088 (36 39) */ fitod %f4,%f14 -/* 0x0ce8 1089 (37 40) */ fsubd %f16,%f8,%f8 -/* 0x0cec 1090 (38 41) */ fsubd %f16,%f10,%f10 -/* 0x0cf0 1091 (39 42) */ fsubd %f16,%f14,%f14 -/* 0x0cf4 1092 (40 43) */ fmuld %f8,%f12,%f18 -/* 0x0cf8 1093 (40 43) */ fitod %f5,%f4 -/* 0x0cfc 1094 (41 44) */ fmuld %f8,%f6,%f8 -/* 0x0d00 1095 (42 45) */ fmuld %f10,%f12,%f20 -/* 0x0d04 1096 (43 46) */ fmuld %f10,%f6,%f10 -/* 0x0d08 1097 (43 46) */ fsubd %f16,%f4,%f4 -/* 0x0d0c 1098 (44 47) */ fdtox %f8,%f8 -/* 0x0d10 1099 (44 45) */ std %f8,[%sp+2399] -/* 0x0d14 1100 (45 48) */ fmuld %f14,%f12,%f8 -/* 0x0d18 1101 (45 48) */ fdtox %f18,%f18 -/* 0x0d1c 1102 (45 46) */ std %f18,[%sp+2407] -/* 0x0d20 1103 (46 49) */ fdtox %f10,%f10 -/* 0x0d24 1104 (46 47) */ std %f10,[%sp+2383] -/* 0x0d28 1105 (46 49) */ fmuld %f14,%f6,%f14 -/* 0x0d2c 1106 (47 50) */ fmuld %f4,%f12,%f10 -/* 0x0d30 1107 (47 50) */ fdtox %f20,%f18 -/* 0x0d34 1108 (47 48) */ std %f18,[%sp+2391] -/* 0x0d38 1109 (48 51) */ fdtox %f8,%f8 -/* 0x0d3c 1110 (48 49) */ std %f8,[%sp+2375] -/* 0x0d40 1111 (48 51) */ fmuld %f4,%f6,%f4 -/* 0x0d44 1112 (49 52) */ fdtox %f14,%f14 -/* 0x0d48 1113 (49 50) */ std %f14,[%sp+2367] -/* 0x0d4c 1117 (50 53) */ ldd [%o2+32],%f8 -/* 0x0d50 1118 (50 53) */ fdtox %f10,%f10 -/* 0x0d54 1119 (51 54) */ fdtox %f4,%f4 -/* 0x0d58 1120 (51 52) */ std %f4,[%sp+2351] -/* 0x0d5c 1121 (52 54) */ fxnor %f0,%f8,%f8 -/* 0x0d60 1122 (52 55) */ ldd [%o2+40],%f14 -/* 0x0d64 1123 (53 54) */ std %f10,[%sp+2359] -/* 0x0d68 1124 (54 57) */ fitod %f8,%f4 -/* 0x0d6c 1125 (55 57) */ fxnor %f0,%f14,%f10 -/* 0x0d70 1126 (56 59) */ fitod %f9,%f8 -/* 0x0d74 1127 (57 60) */ fsubd %f16,%f4,%f4 -/* 0x0d78 1128 (58 61) */ fitod %f10,%f14 -/* 0x0d7c 1129 (59 62) */ fsubd %f16,%f8,%f8 -/* 0x0d80 1130 (60 63) */ fmuld %f4,%f12,%f18 -/* 0x0d84 1131 (60 63) */ fitod %f11,%f10 -/* 0x0d88 1132 (61 64) */ fmuld %f4,%f6,%f4 -/* 0x0d8c 1133 (61 64) */ fsubd %f16,%f14,%f14 -/* 0x0d90 1134 (62 65) */ fmuld %f8,%f12,%f20 -/* 0x0d94 1135 (63 66) */ fmuld %f8,%f6,%f8 -/* 0x0d98 1136 (63 66) */ fsubd %f16,%f10,%f10 -/* 0x0d9c 1137 (64 67) */ fdtox %f4,%f4 -/* 0x0da0 1138 (64 65) */ std %f4,[%sp+2335] -/* 0x0da4 1139 (65 68) */ fmuld %f14,%f12,%f4 -/* 0x0da8 1140 (65 68) */ fdtox %f18,%f18 -/* 0x0dac 1141 (65 66) */ std %f18,[%sp+2343] -/* 0x0db0 1142 (66 69) */ fdtox %f8,%f8 -/* 0x0db4 1143 (66 67) */ std %f8,[%sp+2319] -/* 0x0db8 1144 (66 69) */ fmuld %f14,%f6,%f14 -/* 0x0dbc 1145 (67 70) */ fmuld %f10,%f12,%f8 -/* 0x0dc0 1146 (67 70) */ fdtox %f20,%f18 -/* 0x0dc4 1147 (67 68) */ std %f18,[%sp+2327] -/* 0x0dc8 1148 (68 71) */ fdtox %f4,%f4 -/* 0x0dcc 1149 (68 69) */ std %f4,[%sp+2311] -/* 0x0dd0 1150 (68 71) */ fmuld %f10,%f6,%f10 -/* 0x0dd4 1151 (69 72) */ fdtox %f14,%f14 -/* 0x0dd8 1152 (69 70) */ std %f14,[%sp+2303] -/* 0x0ddc 1153 (70 73) */ ldd [%o2+48],%f4 -/* 0x0de0 1154 (70 73) */ fdtox %f8,%f8 -/* 0x0de4 1155 (71 74) */ fdtox %f10,%f10 -/* 0x0de8 1156 (71 72) */ std %f10,[%sp+2287] -/* 0x0dec 1157 (72 74) */ fxnor %f0,%f4,%f4 -/* 0x0df0 1158 (72 75) */ ldd [%o2+56],%f14 -/* 0x0df4 1159 (73 74) */ std %f8,[%sp+2295] -/* 0x0df8 1160 (74 77) */ fitod %f4,%f10 -/* 0x0dfc 1161 (75 78) */ fitod %f5,%f4 -/* 0x0e00 1162 (76 78) */ fxnor %f0,%f14,%f8 -/* 0x0e04 1163 (77 80) */ fsubd %f16,%f10,%f10 -/* 0x0e08 1164 (78 81) */ fsubd %f16,%f4,%f4 -/* 0x0e0c 1165 (79 82) */ fitod %f8,%f14 -/* 0x0e10 1166 (80 83) */ fmuld %f10,%f12,%f18 -/* 0x0e14 1167 (80 83) */ fitod %f9,%f8 -/* 0x0e18 1168 (81 84) */ fmuld %f10,%f6,%f10 -/* 0x0e1c 1169 (82 85) */ fmuld %f4,%f12,%f20 -/* 0x0e20 1170 (82 85) */ fsubd %f16,%f14,%f14 -/* 0x0e24 1171 (83 86) */ fdtox %f18,%f18 -/* 0x0e28 1172 (83 84) */ std %f18,[%sp+2279] -/* 0x0e2c 1173 (83 86) */ fmuld %f4,%f6,%f4 -/* 0x0e30 1174 (84 87) */ fdtox %f10,%f10 -/* 0x0e34 1175 (84 85) */ std %f10,[%sp+2271] -/* 0x0e38 1176 (85 88) */ fdtox %f20,%f10 -/* 0x0e3c 1177 (85 86) */ std %f10,[%sp+2263] -/* 0x0e40 1178 (86 89) */ fdtox %f4,%f4 -/* 0x0e44 1179 (86 87) */ std %f4,[%sp+2255] -/* 0x0e48 1180 (86 89) */ fmuld %f14,%f12,%f10 -/* 0x0e4c 1181 (87 90) */ fmuld %f14,%f6,%f4 -/* 0x0e50 1182 (89 92) */ fdtox %f10,%f10 -/* 0x0e54 1183 (89 90) */ std %f10,[%sp+2247] -/* 0x0e58 1184 (90 93) */ fdtox %f4,%f4 -/* 0x0e5c 1185 (90 91) */ std %f4,[%sp+2239] -/* 0x0e60 1189 (91 93) */ ldx [%sp+2463],%g2 -/* 0x0e64 1190 (91 94) */ fsubd %f16,%f8,%f4 -/* 0x0e68 1191 (92 94) */ ldx [%sp+2471],%g3 -/* 0x0e6c 1192 (93 96) */ ld [%i1],%g4 -/* 0x0e70 1193 (93 94) */ sllx %g2,19,%g2 -/* 0x0e74 1194 (94 96) */ ldx [%sp+2455],%g5 -/* 0x0e78 1195 (94 95) */ add %g3,%g2,%g2 -/* 0x0e7c 1196 (94 97) */ fmuld %f4,%f6,%f6 -/* 0x0e80 1197 (95 97) */ ldx [%sp+2447],%g3 -/* 0x0e84 1198 (95 96) */ add %g2,%g4,%g4 -/* 0x0e88 1199 (95 98) */ fmuld %f4,%f12,%f4 -/* 0x0e8c 1200 (96 97) */ st %g4,[%i0] -/* 0x0e90 1201 (96 97) */ srlx %g4,32,%g4 -/* 0x0e94 1202 (97 100) */ ld [%i1+8],%o0 -/* 0x0e98 1203 (97 98) */ sllx %g3,19,%g2 -/* 0x0e9c 1204 (97 100) */ fdtox %f6,%f6 -/* 0x0ea0 1205 (98 101) */ ld [%i1+4],%g3 -/* 0x0ea4 1206 (98 99) */ add %g5,%g2,%g2 -/* 0x0ea8 1207 (98 101) */ fdtox %f4,%f4 -/* 0x0eac 1208 (99 101) */ ldx [%sp+2439],%g5 -/* 0x0eb0 1209 (100 103) */ ld [%i1+12],%o1 -/* 0x0eb4 1210 (100 101) */ add %g2,%g3,%g2 -/* 0x0eb8 1211 (101 103) */ ldx [%sp+2431],%g3 -/* 0x0ebc 1212 (101 102) */ add %g2,%g4,%g4 -/* 0x0ec0 1213 (102 103) */ st %g4,[%i0+4] -/* 0x0ec4 1214 (103 104) */ std %f6,[%sp+2223] -/* 0x0ec8 1215 (103 104) */ sllx %g3,19,%g2 -/* 0x0ecc 1216 (104 106) */ ldx [%sp+2423],%g3 -/* 0x0ed0 1217 (104 105) */ add %g5,%g2,%g2 -/* 0x0ed4 1218 (105 107) */ ldx [%sp+2415],%g5 -/* 0x0ed8 1219 (105 106) */ add %g2,%o0,%g2 -/* 0x0edc 1220 (106 107) */ std %f4,[%sp+2231] -/* 0x0ee0 1221 (106 107) */ srlx %g4,32,%o0 -/* 0x0ee4 1222 (107 109) */ ldx [%sp+2407],%g4 -/* 0x0ee8 1223 (107 108) */ sllx %g5,19,%g5 -/* 0x0eec 1224 (107 108) */ add %g2,%o0,%g2 -/* 0x0ef0 1225 (108 109) */ st %g2,[%i0+8] -/* 0x0ef4 1226 (108 109) */ srlx %g2,32,%o0 -/* 0x0ef8 1227 (108 109) */ add %g3,%g5,%g3 -/* 0x0efc 1228 (109 111) */ ldx [%sp+2399],%g5 -/* 0x0f00 1229 (109 110) */ add %g3,%o1,%g3 -/* 0x0f04 1230 (110 113) */ ld [%i1+16],%o1 -/* 0x0f08 1231 (110 111) */ add %g3,%o0,%g3 -/* 0x0f0c 1232 (111 112) */ st %g3,[%i0+12] -/* 0x0f10 1233 (111 112) */ sllx %g5,19,%g5 -/* 0x0f14 1234 (112 113) */ srlx %g3,32,%o0 -/* 0x0f18 1235 (112 113) */ add %g4,%g5,%g2 -/* 0x0f1c 1236 (112 114) */ ldx [%sp+2383],%g5 -/* 0x0f20 1237 (113 115) */ ldx [%sp+2391],%g4 -/* 0x0f24 1238 (113 114) */ add %g2,%o1,%g2 -/* 0x0f28 1239 (114 117) */ ld [%i1+20],%o1 -/* 0x0f2c 1240 (114 115) */ sllx %g5,19,%g5 -/* 0x0f30 1241 (114 115) */ add %g2,%o0,%g2 -/* 0x0f34 1242 (115 116) */ st %g2,[%i0+16] -/* 0x0f38 1243 (115 116) */ srlx %g2,32,%o0 -/* 0x0f3c 1244 (115 116) */ add %g4,%g5,%g3 -/* 0x0f40 1245 (116 118) */ ldx [%sp+2367],%g5 -/* 0x0f44 1246 (116 117) */ add %g3,%o1,%g3 -/* 0x0f48 1247 (117 119) */ ldx [%sp+2375],%g4 -/* 0x0f4c 1248 (117 118) */ add %g3,%o0,%g3 -/* 0x0f50 1249 (118 121) */ ld [%i1+24],%o1 -/* 0x0f54 1250 (118 119) */ sllx %g5,19,%g5 -/* 0x0f58 1251 (119 120) */ st %g3,[%i0+20] -/* 0x0f5c 1252 (119 120) */ add %g4,%g5,%g2 -/* 0x0f60 1253 (120 122) */ ldx [%sp+2351],%g5 -/* 0x0f64 1254 (120 121) */ srlx %g3,32,%o0 -/* 0x0f68 1255 (120 121) */ add %g2,%o1,%g2 -/* 0x0f6c 1256 (121 123) */ ldx [%sp+2359],%g4 -/* 0x0f70 1257 (121 122) */ add %g2,%o0,%g2 -/* 0x0f74 1258 (122 125) */ ld [%i1+28],%o1 -/* 0x0f78 1259 (122 123) */ sllx %g5,19,%g5 -/* 0x0f7c 1260 (123 124) */ st %g2,[%i0+24] -/* 0x0f80 1261 (123 124) */ add %g4,%g5,%g3 -/* 0x0f84 1265 (124 126) */ ldx [%sp+2335],%g5 -/* 0x0f88 1266 (124 125) */ srlx %g2,32,%o0 -/* 0x0f8c 1267 (124 125) */ add %g3,%o1,%g3 -/* 0x0f90 1268 (125 127) */ ldx [%sp+2343],%g4 -/* 0x0f94 1269 (125 126) */ add %g3,%o0,%g3 -/* 0x0f98 1270 (126 127) */ sllx %g5,19,%g5 -/* 0x0f9c 1271 (126 129) */ ld [%i1+32],%o1 -/* 0x0fa0 1272 (127 128) */ add %g4,%g5,%g2 -/* 0x0fa4 1273 (127 129) */ ldx [%sp+2319],%g5 -/* 0x0fa8 1274 (128 130) */ ldx [%sp+2327],%g4 -/* 0x0fac 1275 (128 129) */ srlx %g3,32,%o0 -/* 0x0fb0 1276 (128 129) */ add %g2,%o1,%g2 -/* 0x0fb4 1277 (129 130) */ st %g3,[%i0+28] -/* 0x0fb8 1278 (129 130) */ sllx %g5,19,%g5 -/* 0x0fbc 1279 (129 130) */ add %g2,%o0,%g2 -/* 0x0fc0 1280 (130 133) */ ld [%i1+36],%o1 -/* 0x0fc4 1281 (130 131) */ add %g4,%g5,%g3 -/* 0x0fc8 1282 (131 133) */ ldx [%sp+2303],%g5 -/* 0x0fcc 1283 (131 132) */ srlx %g2,32,%o0 -/* 0x0fd0 1284 (132 134) */ ldx [%sp+2311],%g4 -/* 0x0fd4 1285 (132 133) */ add %g3,%o1,%g3 -/* 0x0fd8 1286 (133 134) */ sllx %g5,19,%g5 -/* 0x0fdc 1287 (133 134) */ st %g2,[%i0+32] -/* 0x0fe0 1288 (133 134) */ add %g3,%o0,%g3 -/* 0x0fe4 1289 (134 135) */ add %g4,%g5,%g2 -/* 0x0fe8 1290 (134 136) */ ldx [%sp+2287],%g5 -/* 0x0fec 1291 (135 137) */ ldx [%sp+2295],%g4 -/* 0x0ff0 1292 (135 136) */ srlx %g3,32,%o0 -/* 0x0ff4 1293 (136 139) */ ld [%i1+40],%o1 -/* 0x0ff8 1294 (136 137) */ sllx %g5,19,%g5 -/* 0x0ffc 1295 (137 138) */ st %g3,[%i0+36] -/* 0x1000 1296 (137 138) */ add %g4,%g5,%g3 -/* 0x1004 1297 (138 140) */ ldx [%sp+2271],%g5 -/* 0x1008 1298 (138 139) */ add %g2,%o1,%g2 -/* 0x100c 1299 (139 141) */ ldx [%sp+2279],%g4 -/* 0x1010 1300 (139 140) */ add %g2,%o0,%g2 -/* 0x1014 1301 (140 143) */ ld [%i1+44],%o1 -/* 0x1018 1302 (140 141) */ sllx %g5,19,%g5 -/* 0x101c 1303 (141 142) */ st %g2,[%i0+40] -/* 0x1020 1304 (141 142) */ srlx %g2,32,%o0 -/* 0x1024 1305 (141 142) */ add %g4,%g5,%g2 -/* 0x1028 1306 (142 144) */ ldx [%sp+2255],%g5 -/* 0x102c 1307 (142 143) */ add %g3,%o1,%g3 -/* 0x1030 1308 (143 145) */ ldx [%sp+2263],%g4 -/* 0x1034 1309 (143 144) */ add %g3,%o0,%g3 -/* 0x1038 1310 (144 147) */ ld [%i1+48],%o1 -/* 0x103c 1311 (144 145) */ sllx %g5,19,%g5 -/* 0x1040 1312 (145 146) */ srlx %g3,32,%o0 -/* 0x1044 1313 (145 146) */ st %g3,[%i0+44] -/* 0x1048 1314 (145 146) */ add %g4,%g5,%g3 -/* 0x104c 1315 (146 148) */ ldx [%sp+2239],%g5 -/* 0x1050 1316 (146 147) */ add %g2,%o1,%g2 -/* 0x1054 1317 (147 150) */ ld [%i1+52],%o1 -/* 0x1058 1318 (147 148) */ add %g2,%o0,%g2 -/* 0x105c 1319 (148 150) */ ldx [%sp+2247],%g4 -/* 0x1060 1320 (148 149) */ sllx %g5,19,%g5 -/* 0x1064 1321 (149 150) */ srlx %g2,32,%o0 -/* 0x1068 1322 (149 150) */ st %g2,[%i0+48] -/* 0x106c 1323 (149 150) */ add %g3,%o1,%g3 -/* 0x1070 1324 (150 153) */ ld [%i1+56],%o1 -/* 0x1074 1325 (150 151) */ add %g4,%g5,%g2 -/* 0x1078 1326 (150 151) */ add %g3,%o0,%g3 -/* 0x107c 1327 (151 153) */ ldx [%sp+2223],%g5 -/* 0x1080 1328 (151 152) */ srlx %g3,32,%o0 -/* 0x1084 1329 (152 154) */ ldx [%sp+2231],%g4 -/* 0x1088 1330 (152 153) */ add %g2,%o1,%g2 -/* 0x108c 1331 (153 154) */ sllx %g5,19,%g5 -/* 0x1090 1332 (153 156) */ ld [%i1+60],%o1 -/* 0x1094 1333 (153 154) */ add %g2,%o0,%g2 -/* 0x1098 1334 (154 155) */ st %g3,[%i0+52] -/* 0x109c 1335 (154 155) */ add %g4,%g5,%g3 -/* 0x10a0 1336 (155 156) */ st %g2,[%i0+56] -/* 0x10a4 1337 (155 156) */ srlx %g2,32,%g2 -/* 0x10a8 1338 (155 156) */ add %g3,%o1,%g3 -/* 0x10ac 1339 (156 157) */ add %g3,%g2,%g2 -/* 0x10b0 1340 (156 157) */ st %g2,[%i0+60] -/* 0x10b4 1344 (157 158) */ srlx %g2,32,%o3 -/* 0x10b8 1345 (158 159) */ srl %o3,0,%i0 -/* 0x10bc (159 161) */ ret ! Result = %o1 %o0 %f0 %f1 -/* 0x10c0 (161 162) */ restore %g0,%g0,%g0 - -! -! ENTRY .L77000073 -! - - .L77000073: /* frequency 1.0 confidence 0.0 */ - - - or %g0, %i4, %o2 - or %g0, %o0, %o1 - or %g0, %i3, %o0 - -! -! ENTRY .L77000052 -! - - .L77000052: /* frequency 1.0 confidence 0.0 */ -/* 0x1028 1318 ( 0 1) */ andn %o2,%g2,%g2 -/* 0x102c 1319 ( 0 1) */ st %g2,[%sp+2227] -/* 0x1030 1325 ( 0 1) */ add %o0,1,%g3 -/* 0x1034 1326 ( 0 1) */ fmovd %f0,%f14 -/* 0x1038 1327 ( 1 2) */ srl %o2,19,%g2 -/* 0x103c 1328 ( 1 2) */ st %g2,[%sp+2223] -/* 0x1040 1329 ( 1 2) */ or %g0,0,%o5 -/* 0x1044 1330 ( 2 3) */ srl %g3,31,%g2 -/* 0x1048 1331 ( 2 5) */ ldd [%o1],%f6 -/* 0x104c 1335 ( 2 3) */ sethi %hi(0x1000),%g1 -/* 0x1050 1336 ( 3 4) */ add %g3,%g2,%g2 -/* 0x1054 1337 ( 3 4) */ xor %g1,-625,%g1 -/* 0x1058 1338 ( 3 6) */ ldd [%o1+8],%f20 -/* 0x105c 1339 ( 4 5) */ sra %g2,1,%o3 -/* 0x1060 1340 ( 4 5) */ fmovs %f6,%f8 -/* 0x1064 1341 ( 4 5) */ add %g1,%fp,%g3 -/* 0x1068 1342 ( 5 6) */ fmovs %f6,%f10 -/* 0x106c 1343 ( 5 7) */ ld [%sp+2227],%f9 -/* 0x1070 1344 ( 5 6) */ subcc %o3,0,%g0 -/* 0x1074 1345 ( 6 8) */ ld [%sp+2223],%f11 -/* 0x1078 1346 ( 6 7) */ sethi %hi(0x1000),%g1 -/* 0x107c 1347 ( 6 7) */ or %g0,%i2,%o1 -/* 0x1080 1348 ( 7 10) */ fsubd %f8,%f6,%f18 -/* 0x1084 1349 ( 7 8) */ xor %g1,-617,%g1 -/* 0x1088 1350 ( 7 8) */ or %g0,0,%g4 -/* 0x108c 1351 ( 8 11) */ fsubd %f10,%f6,%f16 -/* 0x1090 1352 ( 8 9) */ bleu,pt %icc,.L990000162 ! tprob=0.50 -/* 0x1094 ( 8 9) */ subcc %o0,0,%g0 -/* 0x1098 1354 ( 9 10) */ add %g1,%fp,%g2 -/* 0x109c 1355 ( 9 10) */ sethi %hi(0x1000),%g1 -/* 0x10a0 1356 (10 11) */ xor %g1,-609,%g1 -/* 0x10a4 1357 (10 11) */ subcc %o3,7,%g0 -/* 0x10a8 1358 (11 12) */ add %g1,%fp,%o7 -/* 0x10ac 1359 (11 12) */ sethi %hi(0x1000),%g1 -/* 0x10b0 1360 (12 13) */ xor %g1,-601,%g1 -/* 0x10b4 1361 (13 14) */ add %g1,%fp,%o4 -/* 0x10b8 1362 (13 14) */ bl,pn %icc,.L77000054 ! tprob=0.50 -/* 0x10bc (13 14) */ sub %o3,2,%o2 -/* 0x10c0 1364 (14 17) */ ldd [%o1],%f2 -/* 0x10c4 1365 (14 15) */ add %o1,16,%g5 -/* 0x10c8 1366 (14 15) */ or %g0,4,%g4 -/* 0x10cc 1367 (15 18) */ ldd [%o1+8],%f0 -/* 0x10d0 1368 (15 16) */ add %o1,8,%o1 -/* 0x10d4 1369 (16 18) */ fxnor %f14,%f2,%f6 -/* 0x10d8 1370 (16 19) */ ldd [%g5],%f4 -/* 0x10dc 1371 (16 17) */ add %o1,16,%o1 -/* 0x10e0 1372 (17 19) */ fxnor %f14,%f0,%f12 -/* 0x10e4 1373 (17 20) */ ldd [%o1],%f0 -/* 0x10e8 1374 (17 18) */ add %o1,8,%o1 -/* 0x10ec 1375 (18 21) */ fitod %f7,%f2 -/* 0x10f0 1376 (19 22) */ fitod %f6,%f6 -/* 0x10f4 1377 (20 22) */ fxnor %f14,%f4,%f10 -/* 0x10f8 1378 (21 24) */ fsubd %f20,%f2,%f2 -/* 0x10fc 1379 (22 24) */ fxnor %f14,%f0,%f8 -/* 0x1100 1380 (23 26) */ fitod %f13,%f4 -/* 0x1104 1381 (24 27) */ fsubd %f20,%f6,%f6 -/* 0x1108 1382 (24 27) */ fmuld %f2,%f16,%f0 - -! -! ENTRY .L990000154 -! - - .L990000154: /* frequency 1.0 confidence 0.0 */ -/* 0x110c 1384 ( 0 3) */ ldd [%o1],%f24 -/* 0x1110 1385 ( 0 1) */ add %g4,3,%g4 -/* 0x1114 1386 ( 0 1) */ add %o4,96,%o4 -/* 0x1118 1387 ( 1 4) */ fitod %f11,%f22 -/* 0x111c 1388 ( 2 5) */ fsubd %f20,%f4,%f26 -/* 0x1120 1389 ( 2 3) */ subcc %g4,%o2,%g0 -/* 0x1124 1390 ( 2 3) */ add %o7,96,%o7 -/* 0x1128 1391 ( 2 5) */ fmuld %f6,%f18,%f28 -/* 0x112c 1392 ( 3 6) */ fmuld %f6,%f16,%f6 -/* 0x1130 1393 ( 3 4) */ add %g2,96,%g2 -/* 0x1134 1394 ( 3 4) */ add %g3,96,%g3 -/* 0x1138 1395 ( 4 7) */ fdtox %f0,%f0 -/* 0x113c 1396 ( 5 8) */ fitod %f12,%f4 -/* 0x1140 1397 ( 5 8) */ fmuld %f2,%f18,%f2 -/* 0x1144 1398 ( 6 9) */ fdtox %f28,%f12 -/* 0x1148 1399 ( 7 10) */ fdtox %f6,%f6 -/* 0x114c 1400 ( 7 8) */ std %f12,[%g3-96] -/* 0x1150 1401 ( 8 9) */ std %f6,[%g2-96] -/* 0x1154 1402 ( 8 11) */ fdtox %f2,%f2 -/* 0x1158 1403 ( 9 12) */ fsubd %f20,%f4,%f6 -/* 0x115c 1404 ( 9 10) */ std %f2,[%o7-96] -/* 0x1160 1405 ( 9 10) */ add %o1,8,%o1 -/* 0x1164 1406 (10 12) */ fxnor %f14,%f24,%f12 -/* 0x1168 1407 (10 13) */ fmuld %f26,%f16,%f4 -/* 0x116c 1408 (10 11) */ std %f0,[%o4-96] -/* 0x1170 1409 (11 14) */ ldd [%o1],%f0 -/* 0x1174 1410 (11 14) */ fitod %f9,%f2 -/* 0x1178 1411 (12 15) */ fsubd %f20,%f22,%f28 -/* 0x117c 1412 (12 15) */ fmuld %f6,%f18,%f24 -/* 0x1180 1413 (13 16) */ fmuld %f6,%f16,%f22 -/* 0x1184 1414 (13 16) */ fdtox %f4,%f4 -/* 0x1188 1415 (14 17) */ fitod %f10,%f6 -/* 0x118c 1416 (14 17) */ fmuld %f26,%f18,%f10 -/* 0x1190 1417 (15 18) */ fdtox %f24,%f24 -/* 0x1194 1418 (16 19) */ fdtox %f22,%f22 -/* 0x1198 1419 (16 17) */ std %f24,[%g3-64] -/* 0x119c 1420 (17 18) */ std %f22,[%g2-64] -/* 0x11a0 1421 (17 20) */ fdtox %f10,%f10 -/* 0x11a4 1422 (18 21) */ fsubd %f20,%f6,%f6 -/* 0x11a8 1423 (18 19) */ std %f10,[%o7-64] -/* 0x11ac 1424 (18 19) */ add %o1,8,%o1 -/* 0x11b0 1425 (19 21) */ fxnor %f14,%f0,%f10 -/* 0x11b4 1426 (19 22) */ fmuld %f28,%f16,%f0 -/* 0x11b8 1427 (19 20) */ std %f4,[%o4-64] -/* 0x11bc 1428 (20 23) */ ldd [%o1],%f22 -/* 0x11c0 1429 (20 23) */ fitod %f13,%f4 -/* 0x11c4 1430 (21 24) */ fsubd %f20,%f2,%f2 -/* 0x11c8 1431 (21 24) */ fmuld %f6,%f18,%f26 -/* 0x11cc 1432 (22 25) */ fmuld %f6,%f16,%f24 -/* 0x11d0 1433 (22 25) */ fdtox %f0,%f0 -/* 0x11d4 1434 (23 26) */ fitod %f8,%f6 -/* 0x11d8 1435 (23 26) */ fmuld %f28,%f18,%f8 -/* 0x11dc 1436 (24 27) */ fdtox %f26,%f26 -/* 0x11e0 1437 (25 28) */ fdtox %f24,%f24 -/* 0x11e4 1438 (25 26) */ std %f26,[%g3-32] -/* 0x11e8 1439 (26 27) */ std %f24,[%g2-32] -/* 0x11ec 1440 (26 29) */ fdtox %f8,%f8 -/* 0x11f0 1441 (27 30) */ fsubd %f20,%f6,%f6 -/* 0x11f4 1442 (27 28) */ std %f8,[%o7-32] -/* 0x11f8 1443 (27 28) */ add %o1,8,%o1 -/* 0x11fc 1444 (28 30) */ fxnor %f14,%f22,%f8 -/* 0x1200 1445 (28 29) */ std %f0,[%o4-32] -/* 0x1204 1446 (28 29) */ bcs,pt %icc,.L990000154 ! tprob=0.50 -/* 0x1208 (28 31) */ fmuld %f2,%f16,%f0 - -! -! ENTRY .L990000157 -! - - .L990000157: /* frequency 1.0 confidence 0.0 */ -/* 0x120c 1449 ( 0 3) */ fitod %f12,%f28 -/* 0x1210 1450 ( 0 3) */ fmuld %f6,%f18,%f24 -/* 0x1214 1451 ( 0 1) */ add %g3,128,%g3 -/* 0x1218 1452 ( 1 4) */ fitod %f10,%f12 -/* 0x121c 1453 ( 1 4) */ fmuld %f6,%f16,%f26 -/* 0x1220 1454 ( 1 2) */ add %g2,128,%g2 -/* 0x1224 1455 ( 2 5) */ fsubd %f20,%f4,%f4 -/* 0x1228 1456 ( 2 5) */ fmuld %f2,%f18,%f22 -/* 0x122c 1457 ( 2 3) */ add %o7,128,%o7 -/* 0x1230 1458 ( 3 6) */ fdtox %f24,%f6 -/* 0x1234 1459 ( 3 4) */ std %f6,[%g3-128] -/* 0x1238 1460 ( 3 4) */ add %o4,128,%o4 -/* 0x123c 1461 ( 4 7) */ fsubd %f20,%f28,%f2 -/* 0x1240 1462 ( 4 5) */ subcc %g4,%o3,%g0 -/* 0x1244 1463 ( 5 8) */ fitod %f11,%f6 -/* 0x1248 1464 ( 5 8) */ fmuld %f4,%f18,%f24 -/* 0x124c 1465 ( 6 9) */ fdtox %f26,%f10 -/* 0x1250 1466 ( 6 7) */ std %f10,[%g2-128] -/* 0x1254 1467 ( 7 10) */ fdtox %f22,%f10 -/* 0x1258 1468 ( 7 8) */ std %f10,[%o7-128] -/* 0x125c 1469 ( 7 10) */ fmuld %f2,%f18,%f26 -/* 0x1260 1470 ( 8 11) */ fsubd %f20,%f12,%f10 -/* 0x1264 1471 ( 8 11) */ fmuld %f2,%f16,%f2 -/* 0x1268 1472 ( 9 12) */ fsubd %f20,%f6,%f22 -/* 0x126c 1473 ( 9 12) */ fmuld %f4,%f16,%f12 -/* 0x1270 1474 (10 13) */ fdtox %f0,%f0 -/* 0x1274 1475 (10 11) */ std %f0,[%o4-128] -/* 0x1278 1476 (11 14) */ fitod %f8,%f4 -/* 0x127c 1477 (11 14) */ fmuld %f10,%f18,%f6 -/* 0x1280 1478 (12 15) */ fdtox %f26,%f0 -/* 0x1284 1479 (12 13) */ std %f0,[%g3-96] -/* 0x1288 1480 (12 15) */ fmuld %f10,%f16,%f10 -/* 0x128c 1481 (13 16) */ fdtox %f2,%f2 -/* 0x1290 1482 (13 14) */ std %f2,[%g2-96] -/* 0x1294 1483 (14 17) */ fitod %f9,%f0 -/* 0x1298 1484 (14 17) */ fmuld %f22,%f18,%f2 -/* 0x129c 1485 (15 18) */ fdtox %f24,%f8 -/* 0x12a0 1486 (15 16) */ std %f8,[%o7-96] -/* 0x12a4 1487 (16 19) */ fsubd %f20,%f4,%f4 -/* 0x12a8 1488 (16 19) */ fmuld %f22,%f16,%f8 -/* 0x12ac 1489 (17 20) */ fdtox %f12,%f12 -/* 0x12b0 1490 (17 18) */ std %f12,[%o4-96] -/* 0x12b4 1491 (18 21) */ fsubd %f20,%f0,%f0 -/* 0x12b8 1492 (19 22) */ fdtox %f6,%f6 -/* 0x12bc 1493 (19 20) */ std %f6,[%g3-64] -/* 0x12c0 1494 (20 23) */ fdtox %f10,%f10 -/* 0x12c4 1495 (20 21) */ std %f10,[%g2-64] -/* 0x12c8 1496 (20 23) */ fmuld %f4,%f18,%f6 -/* 0x12cc 1497 (21 24) */ fdtox %f2,%f2 -/* 0x12d0 1498 (21 22) */ std %f2,[%o7-64] -/* 0x12d4 1499 (21 24) */ fmuld %f4,%f16,%f4 -/* 0x12d8 1500 (22 25) */ fmuld %f0,%f18,%f2 -/* 0x12dc 1501 (22 25) */ fdtox %f8,%f8 -/* 0x12e0 1502 (22 23) */ std %f8,[%o4-64] -/* 0x12e4 1503 (23 26) */ fdtox %f6,%f6 -/* 0x12e8 1504 (23 24) */ std %f6,[%g3-32] -/* 0x12ec 1505 (23 26) */ fmuld %f0,%f16,%f0 -/* 0x12f0 1506 (24 27) */ fdtox %f4,%f4 -/* 0x12f4 1507 (24 25) */ std %f4,[%g2-32] -/* 0x12f8 1508 (25 28) */ fdtox %f2,%f2 -/* 0x12fc 1509 (25 26) */ std %f2,[%o7-32] -/* 0x1300 1510 (26 29) */ fdtox %f0,%f0 -/* 0x1304 1511 (26 27) */ bcc,pn %icc,.L77000056 ! tprob=0.50 -/* 0x1308 (26 27) */ std %f0,[%o4-32] - -! -! ENTRY .L77000054 -! - - .L77000054: /* frequency 1.0 confidence 0.0 */ -/* 0x130c 1514 ( 0 3) */ ldd [%o1],%f0 - -! -! ENTRY .L990000161 -! - - .L990000161: /* frequency 1.0 confidence 0.0 */ -/* 0x1310 1516 ( 0 2) */ fxnor %f14,%f0,%f0 -/* 0x1314 1517 ( 0 1) */ add %g4,1,%g4 -/* 0x1318 1518 ( 0 1) */ add %o1,8,%o1 -/* 0x131c 1519 ( 1 2) */ subcc %g4,%o3,%g0 -/* 0x1320 1520 ( 2 5) */ fitod %f0,%f2 -/* 0x1324 1521 ( 3 6) */ fitod %f1,%f0 -/* 0x1328 1522 ( 5 8) */ fsubd %f20,%f2,%f2 -/* 0x132c 1523 ( 6 9) */ fsubd %f20,%f0,%f0 -/* 0x1330 1524 ( 8 11) */ fmuld %f2,%f18,%f6 -/* 0x1334 1525 ( 9 12) */ fmuld %f2,%f16,%f4 -/* 0x1338 1526 (10 13) */ fmuld %f0,%f18,%f2 -/* 0x133c 1527 (11 14) */ fdtox %f6,%f6 -/* 0x1340 1528 (11 12) */ std %f6,[%g3] -/* 0x1344 1529 (11 14) */ fmuld %f0,%f16,%f0 -/* 0x1348 1530 (12 15) */ fdtox %f4,%f4 -/* 0x134c 1531 (12 13) */ std %f4,[%g2] -/* 0x1350 1532 (12 13) */ add %g2,32,%g2 -/* 0x1354 1533 (13 16) */ fdtox %f2,%f2 -/* 0x1358 1534 (13 14) */ std %f2,[%o7] -/* 0x135c 1535 (13 14) */ add %o7,32,%o7 -/* 0x1360 1536 (14 17) */ fdtox %f0,%f0 -/* 0x1364 1537 (14 15) */ std %f0,[%o4] -/* 0x1368 1538 (14 15) */ add %o4,32,%o4 -/* 0x136c 1539 (15 16) */ add %g3,32,%g3 -/* 0x1370 1540 (15 16) */ bcs,a,pt %icc,.L990000161 ! tprob=0.50 -/* 0x1374 (16 19) */ ldd [%o1],%f0 - -! -! ENTRY .L77000056 -! - - .L77000056: /* frequency 1.0 confidence 0.0 */ -/* 0x1378 1548 ( 0 1) */ subcc %o0,0,%g0 - -! -! ENTRY .L990000162 -! - - .L990000162: /* frequency 1.0 confidence 0.0 */ -/* 0x137c 1550 ( 0 1) */ bleu,pt %icc,.L77770061 ! tprob=0.50 -/* 0x1380 ( 0 1) */ nop -/* 0x1384 1555 ( 0 1) */ sethi %hi(0x1000),%g1 -/* 0x1388 1556 ( 1 2) */ xor %g1,-625,%g1 -/* 0x138c 1557 ( 1 2) */ or %g0,%i1,%g4 -/* 0x1390 1558 ( 2 3) */ add %g1,%fp,%g5 -/* 0x1394 1559 ( 2 3) */ sethi %hi(0x1000),%g1 -/* 0x1398 1560 ( 3 4) */ xor %g1,-617,%g1 -/* 0x139c 1561 ( 3 4) */ or %g0,%o0,%o7 -/* 0x13a0 1562 ( 4 5) */ add %g1,%fp,%g2 -/* 0x13a4 1563 ( 4 5) */ or %g0,0,%i2 -/* 0x13a8 1564 ( 5 6) */ or %g0,%i0,%g3 -/* 0x13ac 1565 ( 5 6) */ subcc %o0,6,%g0 -/* 0x13b0 1566 ( 5 6) */ bl,pn %icc,.L77000058 ! tprob=0.50 -/* 0x13b4 ( 6 7) */ sethi %hi(0x1000),%g1 -/* 0x13b8 1568 ( 6 8) */ ld [%g4],%o2 -/* 0x13bc 1569 ( 6 7) */ add %g3,4,%g3 -/* 0x13c0 1570 ( 7 8) */ xor %g1,-585,%g1 -/* 0x13c4 1571 ( 7 8) */ sub %o7,3,%o4 -/* 0x13c8 1572 ( 8 9) */ add %g1,%fp,%g2 -/* 0x13cc 1573 ( 8 9) */ sethi %hi(0x1000),%g1 -/* 0x13d0 1574 ( 9 10) */ xor %g1,-593,%g1 -/* 0x13d4 1575 ( 9 10) */ or %g0,2,%i2 -/* 0x13d8 1576 (10 11) */ add %g1,%fp,%g5 -/* 0x13dc 1577 (10 11) */ sethi %hi(0x1000),%g1 -/* 0x13e0 1578 (11 12) */ xor %g1,-617,%g1 -/* 0x13e4 1579 (12 13) */ add %g1,%fp,%g1 -/* 0x13e8 1580 (13 15) */ ldx [%g1],%o1 -/* 0x13ec 1581 (14 16) */ ldx [%g1-8],%o0 -/* 0x13f0 1582 (15 16) */ sllx %o1,19,%o1 -/* 0x13f4 1583 (15 17) */ ldx [%g1+16],%o3 -/* 0x13f8 1584 (16 17) */ add %o0,%o1,%o0 -/* 0x13fc 1585 (16 18) */ ld [%g4+4],%o1 -/* 0x1400 1586 (16 17) */ add %g4,8,%g4 -/* 0x1404 1587 (17 18) */ sllx %o3,19,%o3 -/* 0x1408 1588 (17 18) */ add %o0,%o2,%o0 -/* 0x140c 1589 (17 19) */ ldx [%g1+8],%o2 -/* 0x1410 1590 (18 19) */ st %o0,[%g3-4] -/* 0x1414 1591 (18 19) */ srlx %o0,32,%o0 - -! -! ENTRY .L990000142 -! - - .L990000142: /* frequency 1.0 confidence 0.0 */ -/* 0x1418 1593 ( 0 1) */ add %o2,%o3,%o2 -/* 0x141c 1594 ( 0 1) */ add %i2,4,%i2 -/* 0x1420 1595 ( 0 2) */ ld [%g4],%o3 -/* 0x1424 1596 ( 1 2) */ srl %o0,0,%o5 -/* 0x1428 1597 ( 1 2) */ add %o2,%o1,%o1 -/* 0x142c 1598 ( 1 3) */ ldx [%g2],%o0 -/* 0x1430 1599 ( 3 4) */ sllx %o0,19,%o2 -/* 0x1434 1600 ( 3 5) */ ldx [%g5],%o0 -/* 0x1438 1601 ( 3 4) */ add %o1,%o5,%o1 -/* 0x143c 1602 ( 4 5) */ st %o1,[%g3] -/* 0x1440 1603 ( 4 5) */ srlx %o1,32,%o5 -/* 0x1444 1604 ( 4 5) */ subcc %i2,%o4,%g0 -/* 0x1448 1605 ( 5 7) */ ldx [%g2+16],%o1 -/* 0x144c 1606 ( 5 6) */ add %o0,%o2,%o0 -/* 0x1450 1607 ( 5 6) */ add %g3,16,%g3 -/* 0x1454 1608 ( 6 8) */ ld [%g4+4],%o2 -/* 0x1458 1609 ( 6 7) */ add %o0,%o3,%o0 -/* 0x145c 1610 ( 7 8) */ sllx %o1,19,%o3 -/* 0x1460 1611 ( 7 9) */ ldx [%g5+16],%o1 -/* 0x1464 1612 ( 7 8) */ add %o0,%o5,%o0 -/* 0x1468 1613 ( 8 9) */ st %o0,[%g3-12] -/* 0x146c 1614 ( 8 9) */ srlx %o0,32,%o5 -/* 0x1470 1615 ( 8 9) */ add %g4,16,%g4 -/* 0x1474 1616 ( 9 11) */ ldx [%g2+32],%o0 -/* 0x1478 1617 ( 9 10) */ add %o1,%o3,%o1 -/* 0x147c 1618 ( 9 10) */ add %g2,64,%g2 -/* 0x1480 1619 (10 12) */ ld [%g4-8],%o3 -/* 0x1484 1620 (10 11) */ add %o1,%o2,%o2 -/* 0x1488 1621 (11 12) */ sllx %o0,19,%o1 -/* 0x148c 1622 (11 13) */ ldx [%g5+32],%o0 -/* 0x1490 1623 (11 12) */ add %o2,%o5,%o2 -/* 0x1494 1624 (12 13) */ st %o2,[%g3-8] -/* 0x1498 1625 (12 13) */ srlx %o2,32,%o5 -/* 0x149c 1626 (12 13) */ add %g5,64,%g5 -/* 0x14a0 1627 (13 15) */ ldx [%g2-16],%o2 -/* 0x14a4 1628 (13 14) */ add %o0,%o1,%o0 -/* 0x14a8 1629 (14 16) */ ld [%g4-4],%o1 -/* 0x14ac 1630 (14 15) */ add %o0,%o3,%o0 -/* 0x14b0 1631 (15 16) */ sllx %o2,19,%o3 -/* 0x14b4 1632 (15 17) */ ldx [%g5-16],%o2 -/* 0x14b8 1633 (15 16) */ add %o0,%o5,%o0 -/* 0x14bc 1634 (16 17) */ st %o0,[%g3-4] -/* 0x14c0 1635 (16 17) */ bcs,pt %icc,.L990000142 ! tprob=0.50 -/* 0x14c4 (16 17) */ srlx %o0,32,%o0 - -! -! ENTRY .L990000145 -! - - .L990000145: /* frequency 1.0 confidence 0.0 */ -/* 0x14c8 1638 ( 0 1) */ add %o2,%o3,%o3 -/* 0x14cc 1639 ( 0 1) */ add %g3,4,%g3 -/* 0x14d0 1640 ( 1 2) */ srl %o0,0,%o2 -/* 0x14d4 1641 ( 1 2) */ add %o3,%o1,%o0 -/* 0x14d8 1642 ( 2 3) */ add %o0,%o2,%o0 -/* 0x14dc 1643 ( 2 3) */ st %o0,[%g3-4] -/* 0x14e0 1644 ( 2 3) */ subcc %i2,%o7,%g0 -/* 0x14e4 1645 ( 2 3) */ bcc,pn %icc,.L77770061 ! tprob=0.50 -/* 0x14e8 ( 3 4) */ srlx %o0,32,%o5 - -! -! ENTRY .L77000058 -! - - .L77000058: /* frequency 1.0 confidence 0.0 */ -/* 0x14ec 1648 ( 0 2) */ ldx [%g2],%o2 - -! -! ENTRY .L990000160 -! - - .L990000160: /* frequency 1.0 confidence 0.0 */ -/* 0x14f0 1650 ( 0 1) */ sllx %o2,19,%o3 -/* 0x14f4 1651 ( 0 2) */ ldx [%g5],%o0 -/* 0x14f8 1652 ( 0 1) */ add %i2,1,%i2 -/* 0x14fc 1653 ( 1 2) */ srl %o5,0,%o1 -/* 0x1500 1654 ( 1 3) */ ld [%g4],%o2 -/* 0x1504 1655 ( 1 2) */ add %g2,16,%g2 -/* 0x1508 1656 ( 2 3) */ add %o0,%o3,%o0 -/* 0x150c 1657 ( 2 3) */ add %g5,16,%g5 -/* 0x1510 1658 ( 3 4) */ add %o0,%o2,%o0 -/* 0x1514 1659 ( 3 4) */ add %g4,4,%g4 -/* 0x1518 1660 ( 4 5) */ add %o0,%o1,%o0 -/* 0x151c 1661 ( 4 5) */ st %o0,[%g3] -/* 0x1520 1662 ( 4 5) */ subcc %i2,%o7,%g0 -/* 0x1524 1663 ( 5 6) */ srlx %o0,32,%o5 -/* 0x1528 1664 ( 5 6) */ add %g3,4,%g3 -/* 0x152c 1665 ( 5 6) */ bcs,a,pt %icc,.L990000160 ! tprob=0.50 -/* 0x1530 ( 6 8) */ ldx [%g2],%o2 - -! -! ENTRY .L77770061 -! - - .L77770061: /* frequency 1.0 confidence 0.0 */ -/* 0x1534 ( 0 2) */ ret ! Result = %o1 %o0 %f0 %f1 -/* 0x1538 ( 2 3) */ restore %g0,%o5,%o0 - - -/* 0x124c 1476 ( 0 0) */ .type mul_add,2 -/* 0x124c 1477 ( 0 0) */ .size mul_add,(.-mul_add) -/* 0x124c 1480 ( 0 0) */ .align 8 -/* 0x1250 1486 ( 0 0) */ .global mul_add_inp - -! -! ENTRY mul_add_inp -! - - .global mul_add_inp - mul_add_inp: /* frequency 1.0 confidence 0.0 */ -/* 0x1250 1488 ( 0 1) */ save %sp,-176,%sp -/* 0x1254 1500 ( 1 2) */ sra %i2,0,%o3 -/* 0x1258 1501 ( 1 2) */ or %g0,%i1,%o2 -/* 0x125c 1502 ( 2 3) */ or %g0,%i0,%o0 -/* 0x1260 1503 ( 2 3) */ or %g0,%i0,%o1 -/* 0x1264 1504 ( 3 5) */ call mul_add ! params = ! Result = -/* 0x1268 ( 4 5) */ srl %i3,0,%o4 -/* 0x126c 1506 ( 5 6) */ srl %o0,0,%i0 -/* 0x1270 ( 6 8) */ ret ! Result = %o1 %o0 %f0 %f1 -/* 0x1274 ( 8 9) */ restore %g0,%g0,%g0 -/* 0x1278 1509 ( 0 0) */ .type mul_add_inp,2 -/* 0x1278 1510 ( 0 0) */ .size mul_add_inp,(.-mul_add_inp) - - .section ".data",#alloc,#write -/* 0x1278 6 ( 0 0) */ .align 8 - -! -! ENTRY mask_cnst -! - - mask_cnst: /* frequency 1.0 confidence 0.0 */ -/* 0x1278 8 ( 0 0) */ .xword -9223372034707292160 -/* 0x1280 9 ( 0 0) */ .type mask_cnst,#object -/* 0x1280 10 ( 0 0) */ .size mask_cnst,8 - diff --git a/security/nss/lib/freebl/mpi/mpvalpha.c b/security/nss/lib/freebl/mpi/mpvalpha.c deleted file mode 100644 index 5118e73c3..000000000 --- a/security/nss/lib/freebl/mpi/mpvalpha.c +++ /dev/null @@ -1,214 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is Multiple Precision Integer optimization code for - * the Compaq Alpha processor. - * - * The Initial Developer of the Original Code is - * Richard C. Swift. - * Portions created by the Initial Developer are Copyright (C) 2001 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): Richard C. Swift (swift@netscape.com) - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "mpi-priv.h" -#include - - -#define MP_MUL_DxD(a, b, Phi, Plo) \ - { Plo = asm ("mulq %a0, %a1, %v0", a, b); \ - Phi = asm ("umulh %a0, %a1, %v0", a, b); } \ - -/* This is empty for the loop in s_mpv_mul_d */ -#define CARRY_ADD - -#define ONE_MUL \ - a_i = *a++; \ - MP_MUL_DxD(a_i, b, a1b1, a0b0); \ - a0b0 += carry; \ - if (a0b0 < carry) \ - ++a1b1; \ - CARRY_ADD \ - *c++ = a0b0; \ - carry = a1b1; \ - -#define FOUR_MUL \ - ONE_MUL \ - ONE_MUL \ - ONE_MUL \ - ONE_MUL \ - -#define SIXTEEN_MUL \ - FOUR_MUL \ - FOUR_MUL \ - FOUR_MUL \ - FOUR_MUL \ - -#define THIRTYTWO_MUL \ - SIXTEEN_MUL \ - SIXTEEN_MUL \ - -#define ONETWENTYEIGHT_MUL \ - THIRTYTWO_MUL \ - THIRTYTWO_MUL \ - THIRTYTWO_MUL \ - THIRTYTWO_MUL \ - - -#define EXPAND_256(CALL) \ - mp_digit carry = 0; \ - mp_digit a_i; \ - mp_digit a0b0, a1b1; \ - if (a_len &255) { \ - if (a_len &1) { \ - ONE_MUL \ - } \ - if (a_len &2) { \ - ONE_MUL \ - ONE_MUL \ - } \ - if (a_len &4) { \ - FOUR_MUL \ - } \ - if (a_len &8) { \ - FOUR_MUL \ - FOUR_MUL \ - } \ - if (a_len & 16 ) { \ - SIXTEEN_MUL \ - } \ - if (a_len & 32 ) { \ - THIRTYTWO_MUL \ - } \ - if (a_len & 64 ) { \ - THIRTYTWO_MUL \ - THIRTYTWO_MUL \ - } \ - if (a_len & 128) { \ - ONETWENTYEIGHT_MUL \ - } \ - a_len = a_len & (-256); \ - } \ - if (a_len>=256 ) { \ - carry = CALL(a, a_len, b, c, carry); \ - c += a_len; \ - } \ - -#define FUNC_NAME(NAME) \ -mp_digit NAME(const mp_digit *a, \ - mp_size a_len, \ - mp_digit b, mp_digit *c, \ - mp_digit carry) \ - -#define DECLARE_MUL_256(FNAME) \ -FUNC_NAME(FNAME) \ -{ \ - mp_digit a_i; \ - mp_digit a0b0, a1b1; \ - while (a_len) { \ - ONETWENTYEIGHT_MUL \ - ONETWENTYEIGHT_MUL \ - a_len-= 256; \ - } \ - return carry; \ -} \ - -/* Expanding the loop in s_mpv_mul_d appeared to slow down the - (admittedly) small number of tests (i.e., timetest) used to - measure performance, so this define disables that optimization. */ -#define DO_NOT_EXPAND 1 - -/* Need forward declaration so it can be instantiated after - the routine that uses it; this helps locality somewhat */ -#if !defined(DO_NOT_EXPAND) -FUNC_NAME(s_mpv_mul_d_MUL256); -#endif - -/* c = a * b */ -void s_mpv_mul_d(const mp_digit *a, mp_size a_len, - mp_digit b, mp_digit *c) -{ -#if defined(DO_NOT_EXPAND) - mp_digit carry = 0; - while (a_len--) { - mp_digit a_i = *a++; - mp_digit a0b0, a1b1; - - MP_MUL_DxD(a_i, b, a1b1, a0b0); - - a0b0 += carry; - if (a0b0 < carry) - ++a1b1; - *c++ = a0b0; - carry = a1b1; - } -#else - EXPAND_256(s_mpv_mul_d_MUL256) -#endif - *c = carry; -} - -#if !defined(DO_NOT_EXPAND) -DECLARE_MUL_256(s_mpv_mul_d_MUL256) -#endif - -#undef CARRY_ADD -/* This is redefined for the loop in s_mpv_mul_d_add */ -#define CARRY_ADD \ - a0b0 += a_i = *c; \ - if (a0b0 < a_i) \ - ++a1b1; \ - -/* Need forward declaration so it can be instantiated between the - two routines that use it; this helps locality somewhat */ -FUNC_NAME(s_mpv_mul_d_add_MUL256); - -/* c += a * b */ -void s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, - mp_digit b, mp_digit *c) -{ - EXPAND_256(s_mpv_mul_d_add_MUL256) - *c = carry; -} - -/* Instantiate multiply 256 routine here */ -DECLARE_MUL_256(s_mpv_mul_d_add_MUL256) - -/* Presently, this is only used by the Montgomery arithmetic code. */ -/* c += a * b */ -void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, - mp_digit b, mp_digit *c) -{ - EXPAND_256(s_mpv_mul_d_add_MUL256) - while (carry) { - mp_digit c_i = *c; - carry += c_i; - *c++ = carry; - carry = carry < c_i; - } -} - diff --git a/security/nss/lib/freebl/mpi/mulsqr.c b/security/nss/lib/freebl/mpi/mulsqr.c deleted file mode 100644 index db2b5ce8a..000000000 --- a/security/nss/lib/freebl/mpi/mulsqr.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Test whether to include squaring code given the current settings - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1997, 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - */ - -#include -#include -#include -#include - -#define MP_SQUARE 1 /* make sure squaring code is included */ - -#include "mpi.h" -#include "mpprime.h" - -int main(int argc, char *argv[]) -{ - int ntests, prec, ix; - unsigned int seed; - clock_t start, stop; - double multime, sqrtime; - mp_int a, c; - - seed = (unsigned int)time(NULL); - - if(argc < 3) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - if((ntests = abs(atoi(argv[1]))) == 0) { - fprintf(stderr, "%s: must request at least 1 test.\n", argv[0]); - return 1; - } - if((prec = abs(atoi(argv[2]))) < CHAR_BIT) { - fprintf(stderr, "%s: must request at least %d bits.\n", argv[0], - CHAR_BIT); - return 1; - } - - prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT; - - mp_init_size(&a, prec); - mp_init_size(&c, 2 * prec); - - /* Test multiplication by self */ - srand(seed); - start = clock(); - for(ix = 0; ix < ntests; ix++) { - mpp_random_size(&a, prec); - mp_mul(&a, &a, &c); - } - stop = clock(); - - multime = (double)(stop - start) / CLOCKS_PER_SEC; - - /* Test squaring */ - srand(seed); - start = clock(); - for(ix = 0; ix < ntests; ix++) { - mpp_random_size(&a, prec); - mp_sqr(&a, &c); - } - stop = clock(); - - sqrtime = (double)(stop - start) / CLOCKS_PER_SEC; - - printf("Multiply: %.4f\n", multime); - printf("Square: %.4f\n", sqrtime); - if(multime < sqrtime) { - printf("Speedup: %.1f%%\n", 100.0 * (1.0 - multime / sqrtime)); - printf("Prefer: multiply\n"); - } else { - printf("Speedup: %.1f%%\n", 100.0 * (1.0 - sqrtime / multime)); - printf("Prefer: square\n"); - } - - mp_clear(&a); mp_clear(&c); - return 0; - -} diff --git a/security/nss/lib/freebl/mpi/multest b/security/nss/lib/freebl/mpi/multest deleted file mode 100755 index 08fec8388..000000000 --- a/security/nss/lib/freebl/mpi/multest +++ /dev/null @@ -1,107 +0,0 @@ -#!/bin/sh -# -# multest -# -# Run multiply and square timing tests, to compute a chart for the -# current processor and compiler combination. -# -## The contents of this file are subject to the Mozilla Public -## License Version 1.1 (the "License"); you may not use this file -## except in compliance with the License. You may obtain a copy of -## the License at http://www.mozilla.org/MPL/ -## -## Software distributed under the License is distributed on an "AS -## IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -## implied. See the License for the specific language governing -## rights and limitations under the License. -## -## The Original Code is the MPI Arbitrary Precision Integer Arithmetic -## library. -## -## The Initial Developer of the Original Code is -## Michael J. Fromberger -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 2000 Michael J. Fromberger. All Rights Reserved -## -## Contributor(s): -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the GPL. -## -# $Id$ -# - -ECHO=/bin/echo -MAKE=gmake - -$ECHO "\n** Running multiply and square timing tests\n" - -$ECHO "Bringing 'mulsqr' up to date ... " -if $MAKE mulsqr ; then - : -else - $ECHO "\nMake failed to build mulsqr.\n" - exit 1 -fi - -if [ ! -x ./mulsqr ] ; then - $ECHO "\nCannot find 'mulsqr' program, testing cannot continue.\n" - exit 1 -fi - -sizes='64 128 192 256 320 384 448 512 640 768 896 1024 1536 2048' -ntests=500000 - -$ECHO "Running timing tests, please wait ... " - -trap 'echo "oop!";rm -f tt*.tmp;exit 0' INT HUP - -touch tt$$.tmp -$ECHO $ntests tests >> tt$$.tmp -for size in $sizes ; do - $ECHO "$size bits ... \c" - set -A res `./mulsqr $ntests $size|head -3|tr -d '%'|awk '{print $2}'` - $ECHO $size"\t"${res[0]}"\t"${res[1]}"\t"${res[2]} >> tt$$.tmp - $ECHO "(done)" -done -mv tt$$.tmp mulsqr-results.txt -rm -f tt$$.tmp - -$ECHO "\n** Running Karatsuba-Ofman multiplication tests\n" - -$ECHO "Brining 'karatsuba' up to date ... " -if $MAKE karatsuba ; then - : -else - $ECHO "\nMake failed to build karatsuba.\n" - exit 1 -fi - -if [ ! -x ./karatsuba ] ; then - $ECHO "\nCannot find 'karatsuba' program, testing cannot continue.\n" - exit 1 -fi - -ntests=100000 - -trap 'echo "oop!";rm -f tt*.tmp;exit 0' INT HUP - -touch tt$$.tmp -for size in $sizes ; do - $ECHO "$size bits ... " - ./karatsuba $ntests $size >> tt$$.tmp - tail -2 tt$$.tmp -done -mv tt$$.tmp karatsuba-results.txt -rm -f tt$$.tmp - -exit 0 diff --git a/security/nss/lib/freebl/mpi/primes.c b/security/nss/lib/freebl/mpi/primes.c deleted file mode 100644 index 14f927b6c..000000000 --- a/security/nss/lib/freebl/mpi/primes.c +++ /dev/null @@ -1,871 +0,0 @@ -/* - * These tables of primes wwere generated using the 'sieve' program - * (sieve.c) and converted to this format with 'ptab.pl'. - * - * The 'small' table is just the first 128 primes. The 'large' table - * is a table of all the prime values that will fit into a single - * mp_digit (given the current size of an mp_digit, which is two bytes). - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1997, 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#if SMALL_TABLE -#define MP_PRIME_TAB_SIZE 128 -#else -#define MP_PRIME_TAB_SIZE 6542 -#endif - -const int prime_tab_size = MP_PRIME_TAB_SIZE; -const mp_digit prime_tab[] = { - 0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013, - 0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035, - 0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053, 0x0059, - 0x0061, 0x0065, 0x0067, 0x006B, 0x006D, 0x0071, 0x007F, 0x0083, - 0x0089, 0x008B, 0x0095, 0x0097, 0x009D, 0x00A3, 0x00A7, 0x00AD, - 0x00B3, 0x00B5, 0x00BF, 0x00C1, 0x00C5, 0x00C7, 0x00D3, 0x00DF, - 0x00E3, 0x00E5, 0x00E9, 0x00EF, 0x00F1, 0x00FB, 0x0101, 0x0107, - 0x010D, 0x010F, 0x0115, 0x0119, 0x011B, 0x0125, 0x0133, 0x0137, - 0x0139, 0x013D, 0x014B, 0x0151, 0x015B, 0x015D, 0x0161, 0x0167, - 0x016F, 0x0175, 0x017B, 0x017F, 0x0185, 0x018D, 0x0191, 0x0199, - 0x01A3, 0x01A5, 0x01AF, 0x01B1, 0x01B7, 0x01BB, 0x01C1, 0x01C9, - 0x01CD, 0x01CF, 0x01D3, 0x01DF, 0x01E7, 0x01EB, 0x01F3, 0x01F7, - 0x01FD, 0x0209, 0x020B, 0x021D, 0x0223, 0x022D, 0x0233, 0x0239, - 0x023B, 0x0241, 0x024B, 0x0251, 0x0257, 0x0259, 0x025F, 0x0265, - 0x0269, 0x026B, 0x0277, 0x0281, 0x0283, 0x0287, 0x028D, 0x0293, - 0x0295, 0x02A1, 0x02A5, 0x02AB, 0x02B3, 0x02BD, 0x02C5, 0x02CF, -#if ! SMALL_TABLE - 0x02D7, 0x02DD, 0x02E3, 0x02E7, 0x02EF, 0x02F5, 0x02F9, 0x0301, - 0x0305, 0x0313, 0x031D, 0x0329, 0x032B, 0x0335, 0x0337, 0x033B, - 0x033D, 0x0347, 0x0355, 0x0359, 0x035B, 0x035F, 0x036D, 0x0371, - 0x0373, 0x0377, 0x038B, 0x038F, 0x0397, 0x03A1, 0x03A9, 0x03AD, - 0x03B3, 0x03B9, 0x03C7, 0x03CB, 0x03D1, 0x03D7, 0x03DF, 0x03E5, - 0x03F1, 0x03F5, 0x03FB, 0x03FD, 0x0407, 0x0409, 0x040F, 0x0419, - 0x041B, 0x0425, 0x0427, 0x042D, 0x043F, 0x0443, 0x0445, 0x0449, - 0x044F, 0x0455, 0x045D, 0x0463, 0x0469, 0x047F, 0x0481, 0x048B, - 0x0493, 0x049D, 0x04A3, 0x04A9, 0x04B1, 0x04BD, 0x04C1, 0x04C7, - 0x04CD, 0x04CF, 0x04D5, 0x04E1, 0x04EB, 0x04FD, 0x04FF, 0x0503, - 0x0509, 0x050B, 0x0511, 0x0515, 0x0517, 0x051B, 0x0527, 0x0529, - 0x052F, 0x0551, 0x0557, 0x055D, 0x0565, 0x0577, 0x0581, 0x058F, - 0x0593, 0x0595, 0x0599, 0x059F, 0x05A7, 0x05AB, 0x05AD, 0x05B3, - 0x05BF, 0x05C9, 0x05CB, 0x05CF, 0x05D1, 0x05D5, 0x05DB, 0x05E7, - 0x05F3, 0x05FB, 0x0607, 0x060D, 0x0611, 0x0617, 0x061F, 0x0623, - 0x062B, 0x062F, 0x063D, 0x0641, 0x0647, 0x0649, 0x064D, 0x0653, - 0x0655, 0x065B, 0x0665, 0x0679, 0x067F, 0x0683, 0x0685, 0x069D, - 0x06A1, 0x06A3, 0x06AD, 0x06B9, 0x06BB, 0x06C5, 0x06CD, 0x06D3, - 0x06D9, 0x06DF, 0x06F1, 0x06F7, 0x06FB, 0x06FD, 0x0709, 0x0713, - 0x071F, 0x0727, 0x0737, 0x0745, 0x074B, 0x074F, 0x0751, 0x0755, - 0x0757, 0x0761, 0x076D, 0x0773, 0x0779, 0x078B, 0x078D, 0x079D, - 0x079F, 0x07B5, 0x07BB, 0x07C3, 0x07C9, 0x07CD, 0x07CF, 0x07D3, - 0x07DB, 0x07E1, 0x07EB, 0x07ED, 0x07F7, 0x0805, 0x080F, 0x0815, - 0x0821, 0x0823, 0x0827, 0x0829, 0x0833, 0x083F, 0x0841, 0x0851, - 0x0853, 0x0859, 0x085D, 0x085F, 0x0869, 0x0871, 0x0883, 0x089B, - 0x089F, 0x08A5, 0x08AD, 0x08BD, 0x08BF, 0x08C3, 0x08CB, 0x08DB, - 0x08DD, 0x08E1, 0x08E9, 0x08EF, 0x08F5, 0x08F9, 0x0905, 0x0907, - 0x091D, 0x0923, 0x0925, 0x092B, 0x092F, 0x0935, 0x0943, 0x0949, - 0x094D, 0x094F, 0x0955, 0x0959, 0x095F, 0x096B, 0x0971, 0x0977, - 0x0985, 0x0989, 0x098F, 0x099B, 0x09A3, 0x09A9, 0x09AD, 0x09C7, - 0x09D9, 0x09E3, 0x09EB, 0x09EF, 0x09F5, 0x09F7, 0x09FD, 0x0A13, - 0x0A1F, 0x0A21, 0x0A31, 0x0A39, 0x0A3D, 0x0A49, 0x0A57, 0x0A61, - 0x0A63, 0x0A67, 0x0A6F, 0x0A75, 0x0A7B, 0x0A7F, 0x0A81, 0x0A85, - 0x0A8B, 0x0A93, 0x0A97, 0x0A99, 0x0A9F, 0x0AA9, 0x0AAB, 0x0AB5, - 0x0ABD, 0x0AC1, 0x0ACF, 0x0AD9, 0x0AE5, 0x0AE7, 0x0AED, 0x0AF1, - 0x0AF3, 0x0B03, 0x0B11, 0x0B15, 0x0B1B, 0x0B23, 0x0B29, 0x0B2D, - 0x0B3F, 0x0B47, 0x0B51, 0x0B57, 0x0B5D, 0x0B65, 0x0B6F, 0x0B7B, - 0x0B89, 0x0B8D, 0x0B93, 0x0B99, 0x0B9B, 0x0BB7, 0x0BB9, 0x0BC3, - 0x0BCB, 0x0BCF, 0x0BDD, 0x0BE1, 0x0BE9, 0x0BF5, 0x0BFB, 0x0C07, - 0x0C0B, 0x0C11, 0x0C25, 0x0C2F, 0x0C31, 0x0C41, 0x0C5B, 0x0C5F, - 0x0C61, 0x0C6D, 0x0C73, 0x0C77, 0x0C83, 0x0C89, 0x0C91, 0x0C95, - 0x0C9D, 0x0CB3, 0x0CB5, 0x0CB9, 0x0CBB, 0x0CC7, 0x0CE3, 0x0CE5, - 0x0CEB, 0x0CF1, 0x0CF7, 0x0CFB, 0x0D01, 0x0D03, 0x0D0F, 0x0D13, - 0x0D1F, 0x0D21, 0x0D2B, 0x0D2D, 0x0D3D, 0x0D3F, 0x0D4F, 0x0D55, - 0x0D69, 0x0D79, 0x0D81, 0x0D85, 0x0D87, 0x0D8B, 0x0D8D, 0x0DA3, - 0x0DAB, 0x0DB7, 0x0DBD, 0x0DC7, 0x0DC9, 0x0DCD, 0x0DD3, 0x0DD5, - 0x0DDB, 0x0DE5, 0x0DE7, 0x0DF3, 0x0DFD, 0x0DFF, 0x0E09, 0x0E17, - 0x0E1D, 0x0E21, 0x0E27, 0x0E2F, 0x0E35, 0x0E3B, 0x0E4B, 0x0E57, - 0x0E59, 0x0E5D, 0x0E6B, 0x0E71, 0x0E75, 0x0E7D, 0x0E87, 0x0E8F, - 0x0E95, 0x0E9B, 0x0EB1, 0x0EB7, 0x0EB9, 0x0EC3, 0x0ED1, 0x0ED5, - 0x0EDB, 0x0EED, 0x0EEF, 0x0EF9, 0x0F07, 0x0F0B, 0x0F0D, 0x0F17, - 0x0F25, 0x0F29, 0x0F31, 0x0F43, 0x0F47, 0x0F4D, 0x0F4F, 0x0F53, - 0x0F59, 0x0F5B, 0x0F67, 0x0F6B, 0x0F7F, 0x0F95, 0x0FA1, 0x0FA3, - 0x0FA7, 0x0FAD, 0x0FB3, 0x0FB5, 0x0FBB, 0x0FD1, 0x0FD3, 0x0FD9, - 0x0FE9, 0x0FEF, 0x0FFB, 0x0FFD, 0x1003, 0x100F, 0x101F, 0x1021, - 0x1025, 0x102B, 0x1039, 0x103D, 0x103F, 0x1051, 0x1069, 0x1073, - 0x1079, 0x107B, 0x1085, 0x1087, 0x1091, 0x1093, 0x109D, 0x10A3, - 0x10A5, 0x10AF, 0x10B1, 0x10BB, 0x10C1, 0x10C9, 0x10E7, 0x10F1, - 0x10F3, 0x10FD, 0x1105, 0x110B, 0x1115, 0x1127, 0x112D, 0x1139, - 0x1145, 0x1147, 0x1159, 0x115F, 0x1163, 0x1169, 0x116F, 0x1181, - 0x1183, 0x118D, 0x119B, 0x11A1, 0x11A5, 0x11A7, 0x11AB, 0x11C3, - 0x11C5, 0x11D1, 0x11D7, 0x11E7, 0x11EF, 0x11F5, 0x11FB, 0x120D, - 0x121D, 0x121F, 0x1223, 0x1229, 0x122B, 0x1231, 0x1237, 0x1241, - 0x1247, 0x1253, 0x125F, 0x1271, 0x1273, 0x1279, 0x127D, 0x128F, - 0x1297, 0x12AF, 0x12B3, 0x12B5, 0x12B9, 0x12BF, 0x12C1, 0x12CD, - 0x12D1, 0x12DF, 0x12FD, 0x1307, 0x130D, 0x1319, 0x1327, 0x132D, - 0x1337, 0x1343, 0x1345, 0x1349, 0x134F, 0x1357, 0x135D, 0x1367, - 0x1369, 0x136D, 0x137B, 0x1381, 0x1387, 0x138B, 0x1391, 0x1393, - 0x139D, 0x139F, 0x13AF, 0x13BB, 0x13C3, 0x13D5, 0x13D9, 0x13DF, - 0x13EB, 0x13ED, 0x13F3, 0x13F9, 0x13FF, 0x141B, 0x1421, 0x142F, - 0x1433, 0x143B, 0x1445, 0x144D, 0x1459, 0x146B, 0x146F, 0x1471, - 0x1475, 0x148D, 0x1499, 0x149F, 0x14A1, 0x14B1, 0x14B7, 0x14BD, - 0x14CB, 0x14D5, 0x14E3, 0x14E7, 0x1505, 0x150B, 0x1511, 0x1517, - 0x151F, 0x1525, 0x1529, 0x152B, 0x1537, 0x153D, 0x1541, 0x1543, - 0x1549, 0x155F, 0x1565, 0x1567, 0x156B, 0x157D, 0x157F, 0x1583, - 0x158F, 0x1591, 0x1597, 0x159B, 0x15B5, 0x15BB, 0x15C1, 0x15C5, - 0x15CD, 0x15D7, 0x15F7, 0x1607, 0x1609, 0x160F, 0x1613, 0x1615, - 0x1619, 0x161B, 0x1625, 0x1633, 0x1639, 0x163D, 0x1645, 0x164F, - 0x1655, 0x1669, 0x166D, 0x166F, 0x1675, 0x1693, 0x1697, 0x169F, - 0x16A9, 0x16AF, 0x16B5, 0x16BD, 0x16C3, 0x16CF, 0x16D3, 0x16D9, - 0x16DB, 0x16E1, 0x16E5, 0x16EB, 0x16ED, 0x16F7, 0x16F9, 0x1709, - 0x170F, 0x1723, 0x1727, 0x1733, 0x1741, 0x175D, 0x1763, 0x1777, - 0x177B, 0x178D, 0x1795, 0x179B, 0x179F, 0x17A5, 0x17B3, 0x17B9, - 0x17BF, 0x17C9, 0x17CB, 0x17D5, 0x17E1, 0x17E9, 0x17F3, 0x17F5, - 0x17FF, 0x1807, 0x1813, 0x181D, 0x1835, 0x1837, 0x183B, 0x1843, - 0x1849, 0x184D, 0x1855, 0x1867, 0x1871, 0x1877, 0x187D, 0x187F, - 0x1885, 0x188F, 0x189B, 0x189D, 0x18A7, 0x18AD, 0x18B3, 0x18B9, - 0x18C1, 0x18C7, 0x18D1, 0x18D7, 0x18D9, 0x18DF, 0x18E5, 0x18EB, - 0x18F5, 0x18FD, 0x1915, 0x191B, 0x1931, 0x1933, 0x1945, 0x1949, - 0x1951, 0x195B, 0x1979, 0x1981, 0x1993, 0x1997, 0x1999, 0x19A3, - 0x19A9, 0x19AB, 0x19B1, 0x19B5, 0x19C7, 0x19CF, 0x19DB, 0x19ED, - 0x19FD, 0x1A03, 0x1A05, 0x1A11, 0x1A17, 0x1A21, 0x1A23, 0x1A2D, - 0x1A2F, 0x1A35, 0x1A3F, 0x1A4D, 0x1A51, 0x1A69, 0x1A6B, 0x1A7B, - 0x1A7D, 0x1A87, 0x1A89, 0x1A93, 0x1AA7, 0x1AAB, 0x1AAD, 0x1AB1, - 0x1AB9, 0x1AC9, 0x1ACF, 0x1AD5, 0x1AD7, 0x1AE3, 0x1AF3, 0x1AFB, - 0x1AFF, 0x1B05, 0x1B23, 0x1B25, 0x1B2F, 0x1B31, 0x1B37, 0x1B3B, - 0x1B41, 0x1B47, 0x1B4F, 0x1B55, 0x1B59, 0x1B65, 0x1B6B, 0x1B73, - 0x1B7F, 0x1B83, 0x1B91, 0x1B9D, 0x1BA7, 0x1BBF, 0x1BC5, 0x1BD1, - 0x1BD7, 0x1BD9, 0x1BEF, 0x1BF7, 0x1C09, 0x1C13, 0x1C19, 0x1C27, - 0x1C2B, 0x1C2D, 0x1C33, 0x1C3D, 0x1C45, 0x1C4B, 0x1C4F, 0x1C55, - 0x1C73, 0x1C81, 0x1C8B, 0x1C8D, 0x1C99, 0x1CA3, 0x1CA5, 0x1CB5, - 0x1CB7, 0x1CC9, 0x1CE1, 0x1CF3, 0x1CF9, 0x1D09, 0x1D1B, 0x1D21, - 0x1D23, 0x1D35, 0x1D39, 0x1D3F, 0x1D41, 0x1D4B, 0x1D53, 0x1D5D, - 0x1D63, 0x1D69, 0x1D71, 0x1D75, 0x1D7B, 0x1D7D, 0x1D87, 0x1D89, - 0x1D95, 0x1D99, 0x1D9F, 0x1DA5, 0x1DA7, 0x1DB3, 0x1DB7, 0x1DC5, - 0x1DD7, 0x1DDB, 0x1DE1, 0x1DF5, 0x1DF9, 0x1E01, 0x1E07, 0x1E0B, - 0x1E13, 0x1E17, 0x1E25, 0x1E2B, 0x1E2F, 0x1E3D, 0x1E49, 0x1E4D, - 0x1E4F, 0x1E6D, 0x1E71, 0x1E89, 0x1E8F, 0x1E95, 0x1EA1, 0x1EAD, - 0x1EBB, 0x1EC1, 0x1EC5, 0x1EC7, 0x1ECB, 0x1EDD, 0x1EE3, 0x1EEF, - 0x1EF7, 0x1EFD, 0x1F01, 0x1F0D, 0x1F0F, 0x1F1B, 0x1F39, 0x1F49, - 0x1F4B, 0x1F51, 0x1F67, 0x1F75, 0x1F7B, 0x1F85, 0x1F91, 0x1F97, - 0x1F99, 0x1F9D, 0x1FA5, 0x1FAF, 0x1FB5, 0x1FBB, 0x1FD3, 0x1FE1, - 0x1FE7, 0x1FEB, 0x1FF3, 0x1FFF, 0x2011, 0x201B, 0x201D, 0x2027, - 0x2029, 0x202D, 0x2033, 0x2047, 0x204D, 0x2051, 0x205F, 0x2063, - 0x2065, 0x2069, 0x2077, 0x207D, 0x2089, 0x20A1, 0x20AB, 0x20B1, - 0x20B9, 0x20C3, 0x20C5, 0x20E3, 0x20E7, 0x20ED, 0x20EF, 0x20FB, - 0x20FF, 0x210D, 0x2113, 0x2135, 0x2141, 0x2149, 0x214F, 0x2159, - 0x215B, 0x215F, 0x2173, 0x217D, 0x2185, 0x2195, 0x2197, 0x21A1, - 0x21AF, 0x21B3, 0x21B5, 0x21C1, 0x21C7, 0x21D7, 0x21DD, 0x21E5, - 0x21E9, 0x21F1, 0x21F5, 0x21FB, 0x2203, 0x2209, 0x220F, 0x221B, - 0x2221, 0x2225, 0x222B, 0x2231, 0x2239, 0x224B, 0x224F, 0x2263, - 0x2267, 0x2273, 0x2275, 0x227F, 0x2285, 0x2287, 0x2291, 0x229D, - 0x229F, 0x22A3, 0x22B7, 0x22BD, 0x22DB, 0x22E1, 0x22E5, 0x22ED, - 0x22F7, 0x2303, 0x2309, 0x230B, 0x2327, 0x2329, 0x232F, 0x2333, - 0x2335, 0x2345, 0x2351, 0x2353, 0x2359, 0x2363, 0x236B, 0x2383, - 0x238F, 0x2395, 0x23A7, 0x23AD, 0x23B1, 0x23BF, 0x23C5, 0x23C9, - 0x23D5, 0x23DD, 0x23E3, 0x23EF, 0x23F3, 0x23F9, 0x2405, 0x240B, - 0x2417, 0x2419, 0x2429, 0x243D, 0x2441, 0x2443, 0x244D, 0x245F, - 0x2467, 0x246B, 0x2479, 0x247D, 0x247F, 0x2485, 0x249B, 0x24A1, - 0x24AF, 0x24B5, 0x24BB, 0x24C5, 0x24CB, 0x24CD, 0x24D7, 0x24D9, - 0x24DD, 0x24DF, 0x24F5, 0x24F7, 0x24FB, 0x2501, 0x2507, 0x2513, - 0x2519, 0x2527, 0x2531, 0x253D, 0x2543, 0x254B, 0x254F, 0x2573, - 0x2581, 0x258D, 0x2593, 0x2597, 0x259D, 0x259F, 0x25AB, 0x25B1, - 0x25BD, 0x25CD, 0x25CF, 0x25D9, 0x25E1, 0x25F7, 0x25F9, 0x2605, - 0x260B, 0x260F, 0x2615, 0x2627, 0x2629, 0x2635, 0x263B, 0x263F, - 0x264B, 0x2653, 0x2659, 0x2665, 0x2669, 0x266F, 0x267B, 0x2681, - 0x2683, 0x268F, 0x269B, 0x269F, 0x26AD, 0x26B3, 0x26C3, 0x26C9, - 0x26CB, 0x26D5, 0x26DD, 0x26EF, 0x26F5, 0x2717, 0x2719, 0x2735, - 0x2737, 0x274D, 0x2753, 0x2755, 0x275F, 0x276B, 0x276D, 0x2773, - 0x2777, 0x277F, 0x2795, 0x279B, 0x279D, 0x27A7, 0x27AF, 0x27B3, - 0x27B9, 0x27C1, 0x27C5, 0x27D1, 0x27E3, 0x27EF, 0x2803, 0x2807, - 0x280D, 0x2813, 0x281B, 0x281F, 0x2821, 0x2831, 0x283D, 0x283F, - 0x2849, 0x2851, 0x285B, 0x285D, 0x2861, 0x2867, 0x2875, 0x2881, - 0x2897, 0x289F, 0x28BB, 0x28BD, 0x28C1, 0x28D5, 0x28D9, 0x28DB, - 0x28DF, 0x28ED, 0x28F7, 0x2903, 0x2905, 0x2911, 0x2921, 0x2923, - 0x293F, 0x2947, 0x295D, 0x2965, 0x2969, 0x296F, 0x2975, 0x2983, - 0x2987, 0x298F, 0x299B, 0x29A1, 0x29A7, 0x29AB, 0x29BF, 0x29C3, - 0x29D5, 0x29D7, 0x29E3, 0x29E9, 0x29ED, 0x29F3, 0x2A01, 0x2A13, - 0x2A1D, 0x2A25, 0x2A2F, 0x2A4F, 0x2A55, 0x2A5F, 0x2A65, 0x2A6B, - 0x2A6D, 0x2A73, 0x2A83, 0x2A89, 0x2A8B, 0x2A97, 0x2A9D, 0x2AB9, - 0x2ABB, 0x2AC5, 0x2ACD, 0x2ADD, 0x2AE3, 0x2AEB, 0x2AF1, 0x2AFB, - 0x2B13, 0x2B27, 0x2B31, 0x2B33, 0x2B3D, 0x2B3F, 0x2B4B, 0x2B4F, - 0x2B55, 0x2B69, 0x2B6D, 0x2B6F, 0x2B7B, 0x2B8D, 0x2B97, 0x2B99, - 0x2BA3, 0x2BA5, 0x2BA9, 0x2BBD, 0x2BCD, 0x2BE7, 0x2BEB, 0x2BF3, - 0x2BF9, 0x2BFD, 0x2C09, 0x2C0F, 0x2C17, 0x2C23, 0x2C2F, 0x2C35, - 0x2C39, 0x2C41, 0x2C57, 0x2C59, 0x2C69, 0x2C77, 0x2C81, 0x2C87, - 0x2C93, 0x2C9F, 0x2CAD, 0x2CB3, 0x2CB7, 0x2CCB, 0x2CCF, 0x2CDB, - 0x2CE1, 0x2CE3, 0x2CE9, 0x2CEF, 0x2CFF, 0x2D07, 0x2D1D, 0x2D1F, - 0x2D3B, 0x2D43, 0x2D49, 0x2D4D, 0x2D61, 0x2D65, 0x2D71, 0x2D89, - 0x2D9D, 0x2DA1, 0x2DA9, 0x2DB3, 0x2DB5, 0x2DC5, 0x2DC7, 0x2DD3, - 0x2DDF, 0x2E01, 0x2E03, 0x2E07, 0x2E0D, 0x2E19, 0x2E1F, 0x2E25, - 0x2E2D, 0x2E33, 0x2E37, 0x2E39, 0x2E3F, 0x2E57, 0x2E5B, 0x2E6F, - 0x2E79, 0x2E7F, 0x2E85, 0x2E93, 0x2E97, 0x2E9D, 0x2EA3, 0x2EA5, - 0x2EB1, 0x2EB7, 0x2EC1, 0x2EC3, 0x2ECD, 0x2ED3, 0x2EE7, 0x2EEB, - 0x2F05, 0x2F09, 0x2F0B, 0x2F11, 0x2F27, 0x2F29, 0x2F41, 0x2F45, - 0x2F4B, 0x2F4D, 0x2F51, 0x2F57, 0x2F6F, 0x2F75, 0x2F7D, 0x2F81, - 0x2F83, 0x2FA5, 0x2FAB, 0x2FB3, 0x2FC3, 0x2FCF, 0x2FD1, 0x2FDB, - 0x2FDD, 0x2FE7, 0x2FED, 0x2FF5, 0x2FF9, 0x3001, 0x300D, 0x3023, - 0x3029, 0x3037, 0x303B, 0x3055, 0x3059, 0x305B, 0x3067, 0x3071, - 0x3079, 0x307D, 0x3085, 0x3091, 0x3095, 0x30A3, 0x30A9, 0x30B9, - 0x30BF, 0x30C7, 0x30CB, 0x30D1, 0x30D7, 0x30DF, 0x30E5, 0x30EF, - 0x30FB, 0x30FD, 0x3103, 0x3109, 0x3119, 0x3121, 0x3127, 0x312D, - 0x3139, 0x3143, 0x3145, 0x314B, 0x315D, 0x3161, 0x3167, 0x316D, - 0x3173, 0x317F, 0x3191, 0x3199, 0x319F, 0x31A9, 0x31B1, 0x31C3, - 0x31C7, 0x31D5, 0x31DB, 0x31ED, 0x31F7, 0x31FF, 0x3209, 0x3215, - 0x3217, 0x321D, 0x3229, 0x3235, 0x3259, 0x325D, 0x3263, 0x326B, - 0x326F, 0x3275, 0x3277, 0x327B, 0x328D, 0x3299, 0x329F, 0x32A7, - 0x32AD, 0x32B3, 0x32B7, 0x32C9, 0x32CB, 0x32CF, 0x32D1, 0x32E9, - 0x32ED, 0x32F3, 0x32F9, 0x3307, 0x3325, 0x332B, 0x332F, 0x3335, - 0x3341, 0x3347, 0x335B, 0x335F, 0x3367, 0x336B, 0x3373, 0x3379, - 0x337F, 0x3383, 0x33A1, 0x33A3, 0x33AD, 0x33B9, 0x33C1, 0x33CB, - 0x33D3, 0x33EB, 0x33F1, 0x33FD, 0x3401, 0x340F, 0x3413, 0x3419, - 0x341B, 0x3437, 0x3445, 0x3455, 0x3457, 0x3463, 0x3469, 0x346D, - 0x3481, 0x348B, 0x3491, 0x3497, 0x349D, 0x34A5, 0x34AF, 0x34BB, - 0x34C9, 0x34D3, 0x34E1, 0x34F1, 0x34FF, 0x3509, 0x3517, 0x351D, - 0x352D, 0x3533, 0x353B, 0x3541, 0x3551, 0x3565, 0x356F, 0x3571, - 0x3577, 0x357B, 0x357D, 0x3581, 0x358D, 0x358F, 0x3599, 0x359B, - 0x35A1, 0x35B7, 0x35BD, 0x35BF, 0x35C3, 0x35D5, 0x35DD, 0x35E7, - 0x35EF, 0x3605, 0x3607, 0x3611, 0x3623, 0x3631, 0x3635, 0x3637, - 0x363B, 0x364D, 0x364F, 0x3653, 0x3659, 0x3661, 0x366B, 0x366D, - 0x368B, 0x368F, 0x36AD, 0x36AF, 0x36B9, 0x36BB, 0x36CD, 0x36D1, - 0x36E3, 0x36E9, 0x36F7, 0x3701, 0x3703, 0x3707, 0x371B, 0x373F, - 0x3745, 0x3749, 0x374F, 0x375D, 0x3761, 0x3775, 0x377F, 0x378D, - 0x37A3, 0x37A9, 0x37AB, 0x37C9, 0x37D5, 0x37DF, 0x37F1, 0x37F3, - 0x37F7, 0x3805, 0x380B, 0x3821, 0x3833, 0x3835, 0x3841, 0x3847, - 0x384B, 0x3853, 0x3857, 0x385F, 0x3865, 0x386F, 0x3871, 0x387D, - 0x388F, 0x3899, 0x38A7, 0x38B7, 0x38C5, 0x38C9, 0x38CF, 0x38D5, - 0x38D7, 0x38DD, 0x38E1, 0x38E3, 0x38FF, 0x3901, 0x391D, 0x3923, - 0x3925, 0x3929, 0x392F, 0x393D, 0x3941, 0x394D, 0x395B, 0x396B, - 0x3979, 0x397D, 0x3983, 0x398B, 0x3991, 0x3995, 0x399B, 0x39A1, - 0x39A7, 0x39AF, 0x39B3, 0x39BB, 0x39BF, 0x39CD, 0x39DD, 0x39E5, - 0x39EB, 0x39EF, 0x39FB, 0x3A03, 0x3A13, 0x3A15, 0x3A1F, 0x3A27, - 0x3A2B, 0x3A31, 0x3A4B, 0x3A51, 0x3A5B, 0x3A63, 0x3A67, 0x3A6D, - 0x3A79, 0x3A87, 0x3AA5, 0x3AA9, 0x3AB7, 0x3ACD, 0x3AD5, 0x3AE1, - 0x3AE5, 0x3AEB, 0x3AF3, 0x3AFD, 0x3B03, 0x3B11, 0x3B1B, 0x3B21, - 0x3B23, 0x3B2D, 0x3B39, 0x3B45, 0x3B53, 0x3B59, 0x3B5F, 0x3B71, - 0x3B7B, 0x3B81, 0x3B89, 0x3B9B, 0x3B9F, 0x3BA5, 0x3BA7, 0x3BAD, - 0x3BB7, 0x3BB9, 0x3BC3, 0x3BCB, 0x3BD1, 0x3BD7, 0x3BE1, 0x3BE3, - 0x3BF5, 0x3BFF, 0x3C01, 0x3C0D, 0x3C11, 0x3C17, 0x3C1F, 0x3C29, - 0x3C35, 0x3C43, 0x3C4F, 0x3C53, 0x3C5B, 0x3C65, 0x3C6B, 0x3C71, - 0x3C85, 0x3C89, 0x3C97, 0x3CA7, 0x3CB5, 0x3CBF, 0x3CC7, 0x3CD1, - 0x3CDD, 0x3CDF, 0x3CF1, 0x3CF7, 0x3D03, 0x3D0D, 0x3D19, 0x3D1B, - 0x3D1F, 0x3D21, 0x3D2D, 0x3D33, 0x3D37, 0x3D3F, 0x3D43, 0x3D6F, - 0x3D73, 0x3D75, 0x3D79, 0x3D7B, 0x3D85, 0x3D91, 0x3D97, 0x3D9D, - 0x3DAB, 0x3DAF, 0x3DB5, 0x3DBB, 0x3DC1, 0x3DC9, 0x3DCF, 0x3DF3, - 0x3E05, 0x3E09, 0x3E0F, 0x3E11, 0x3E1D, 0x3E23, 0x3E29, 0x3E2F, - 0x3E33, 0x3E41, 0x3E57, 0x3E63, 0x3E65, 0x3E77, 0x3E81, 0x3E87, - 0x3EA1, 0x3EB9, 0x3EBD, 0x3EBF, 0x3EC3, 0x3EC5, 0x3EC9, 0x3ED7, - 0x3EDB, 0x3EE1, 0x3EE7, 0x3EEF, 0x3EFF, 0x3F0B, 0x3F0D, 0x3F37, - 0x3F3B, 0x3F3D, 0x3F41, 0x3F59, 0x3F5F, 0x3F65, 0x3F67, 0x3F79, - 0x3F7D, 0x3F8B, 0x3F91, 0x3FAD, 0x3FBF, 0x3FCD, 0x3FD3, 0x3FDD, - 0x3FE9, 0x3FEB, 0x3FF1, 0x3FFD, 0x401B, 0x4021, 0x4025, 0x402B, - 0x4031, 0x403F, 0x4043, 0x4045, 0x405D, 0x4061, 0x4067, 0x406D, - 0x4087, 0x4091, 0x40A3, 0x40A9, 0x40B1, 0x40B7, 0x40BD, 0x40DB, - 0x40DF, 0x40EB, 0x40F7, 0x40F9, 0x4109, 0x410B, 0x4111, 0x4115, - 0x4121, 0x4133, 0x4135, 0x413B, 0x413F, 0x4159, 0x4165, 0x416B, - 0x4177, 0x417B, 0x4193, 0x41AB, 0x41B7, 0x41BD, 0x41BF, 0x41CB, - 0x41E7, 0x41EF, 0x41F3, 0x41F9, 0x4205, 0x4207, 0x4219, 0x421F, - 0x4223, 0x4229, 0x422F, 0x4243, 0x4253, 0x4255, 0x425B, 0x4261, - 0x4273, 0x427D, 0x4283, 0x4285, 0x4289, 0x4291, 0x4297, 0x429D, - 0x42B5, 0x42C5, 0x42CB, 0x42D3, 0x42DD, 0x42E3, 0x42F1, 0x4307, - 0x430F, 0x431F, 0x4325, 0x4327, 0x4333, 0x4337, 0x4339, 0x434F, - 0x4357, 0x4369, 0x438B, 0x438D, 0x4393, 0x43A5, 0x43A9, 0x43AF, - 0x43B5, 0x43BD, 0x43C7, 0x43CF, 0x43E1, 0x43E7, 0x43EB, 0x43ED, - 0x43F1, 0x43F9, 0x4409, 0x440B, 0x4417, 0x4423, 0x4429, 0x443B, - 0x443F, 0x4445, 0x444B, 0x4451, 0x4453, 0x4459, 0x4465, 0x446F, - 0x4483, 0x448F, 0x44A1, 0x44A5, 0x44AB, 0x44AD, 0x44BD, 0x44BF, - 0x44C9, 0x44D7, 0x44DB, 0x44F9, 0x44FB, 0x4505, 0x4511, 0x4513, - 0x452B, 0x4531, 0x4541, 0x4549, 0x4553, 0x4555, 0x4561, 0x4577, - 0x457D, 0x457F, 0x458F, 0x45A3, 0x45AD, 0x45AF, 0x45BB, 0x45C7, - 0x45D9, 0x45E3, 0x45EF, 0x45F5, 0x45F7, 0x4601, 0x4603, 0x4609, - 0x4613, 0x4625, 0x4627, 0x4633, 0x4639, 0x463D, 0x4643, 0x4645, - 0x465D, 0x4679, 0x467B, 0x467F, 0x4681, 0x468B, 0x468D, 0x469D, - 0x46A9, 0x46B1, 0x46C7, 0x46C9, 0x46CF, 0x46D3, 0x46D5, 0x46DF, - 0x46E5, 0x46F9, 0x4705, 0x470F, 0x4717, 0x4723, 0x4729, 0x472F, - 0x4735, 0x4739, 0x474B, 0x474D, 0x4751, 0x475D, 0x476F, 0x4771, - 0x477D, 0x4783, 0x4787, 0x4789, 0x4799, 0x47A5, 0x47B1, 0x47BF, - 0x47C3, 0x47CB, 0x47DD, 0x47E1, 0x47ED, 0x47FB, 0x4801, 0x4807, - 0x480B, 0x4813, 0x4819, 0x481D, 0x4831, 0x483D, 0x4847, 0x4855, - 0x4859, 0x485B, 0x486B, 0x486D, 0x4879, 0x4897, 0x489B, 0x48A1, - 0x48B9, 0x48CD, 0x48E5, 0x48EF, 0x48F7, 0x4903, 0x490D, 0x4919, - 0x491F, 0x492B, 0x4937, 0x493D, 0x4945, 0x4955, 0x4963, 0x4969, - 0x496D, 0x4973, 0x4997, 0x49AB, 0x49B5, 0x49D3, 0x49DF, 0x49E1, - 0x49E5, 0x49E7, 0x4A03, 0x4A0F, 0x4A1D, 0x4A23, 0x4A39, 0x4A41, - 0x4A45, 0x4A57, 0x4A5D, 0x4A6B, 0x4A7D, 0x4A81, 0x4A87, 0x4A89, - 0x4A8F, 0x4AB1, 0x4AC3, 0x4AC5, 0x4AD5, 0x4ADB, 0x4AED, 0x4AEF, - 0x4B07, 0x4B0B, 0x4B0D, 0x4B13, 0x4B1F, 0x4B25, 0x4B31, 0x4B3B, - 0x4B43, 0x4B49, 0x4B59, 0x4B65, 0x4B6D, 0x4B77, 0x4B85, 0x4BAD, - 0x4BB3, 0x4BB5, 0x4BBB, 0x4BBF, 0x4BCB, 0x4BD9, 0x4BDD, 0x4BDF, - 0x4BE3, 0x4BE5, 0x4BE9, 0x4BF1, 0x4BF7, 0x4C01, 0x4C07, 0x4C0D, - 0x4C0F, 0x4C15, 0x4C1B, 0x4C21, 0x4C2D, 0x4C33, 0x4C4B, 0x4C55, - 0x4C57, 0x4C61, 0x4C67, 0x4C73, 0x4C79, 0x4C7F, 0x4C8D, 0x4C93, - 0x4C99, 0x4CCD, 0x4CE1, 0x4CE7, 0x4CF1, 0x4CF3, 0x4CFD, 0x4D05, - 0x4D0F, 0x4D1B, 0x4D27, 0x4D29, 0x4D2F, 0x4D33, 0x4D41, 0x4D51, - 0x4D59, 0x4D65, 0x4D6B, 0x4D81, 0x4D83, 0x4D8D, 0x4D95, 0x4D9B, - 0x4DB1, 0x4DB3, 0x4DC9, 0x4DCF, 0x4DD7, 0x4DE1, 0x4DED, 0x4DF9, - 0x4DFB, 0x4E05, 0x4E0B, 0x4E17, 0x4E19, 0x4E1D, 0x4E2B, 0x4E35, - 0x4E37, 0x4E3D, 0x4E4F, 0x4E53, 0x4E5F, 0x4E67, 0x4E79, 0x4E85, - 0x4E8B, 0x4E91, 0x4E95, 0x4E9B, 0x4EA1, 0x4EAF, 0x4EB3, 0x4EB5, - 0x4EC1, 0x4ECD, 0x4ED1, 0x4ED7, 0x4EE9, 0x4EFB, 0x4F07, 0x4F09, - 0x4F19, 0x4F25, 0x4F2D, 0x4F3F, 0x4F49, 0x4F63, 0x4F67, 0x4F6D, - 0x4F75, 0x4F7B, 0x4F81, 0x4F85, 0x4F87, 0x4F91, 0x4FA5, 0x4FA9, - 0x4FAF, 0x4FB7, 0x4FBB, 0x4FCF, 0x4FD9, 0x4FDB, 0x4FFD, 0x4FFF, - 0x5003, 0x501B, 0x501D, 0x5029, 0x5035, 0x503F, 0x5045, 0x5047, - 0x5053, 0x5071, 0x5077, 0x5083, 0x5093, 0x509F, 0x50A1, 0x50B7, - 0x50C9, 0x50D5, 0x50E3, 0x50ED, 0x50EF, 0x50FB, 0x5107, 0x510B, - 0x510D, 0x5111, 0x5117, 0x5123, 0x5125, 0x5135, 0x5147, 0x5149, - 0x5171, 0x5179, 0x5189, 0x518F, 0x5197, 0x51A1, 0x51A3, 0x51A7, - 0x51B9, 0x51C1, 0x51CB, 0x51D3, 0x51DF, 0x51E3, 0x51F5, 0x51F7, - 0x5209, 0x5213, 0x5215, 0x5219, 0x521B, 0x521F, 0x5227, 0x5243, - 0x5245, 0x524B, 0x5261, 0x526D, 0x5273, 0x5281, 0x5293, 0x5297, - 0x529D, 0x52A5, 0x52AB, 0x52B1, 0x52BB, 0x52C3, 0x52C7, 0x52C9, - 0x52DB, 0x52E5, 0x52EB, 0x52FF, 0x5315, 0x531D, 0x5323, 0x5341, - 0x5345, 0x5347, 0x534B, 0x535D, 0x5363, 0x5381, 0x5383, 0x5387, - 0x538F, 0x5395, 0x5399, 0x539F, 0x53AB, 0x53B9, 0x53DB, 0x53E9, - 0x53EF, 0x53F3, 0x53F5, 0x53FB, 0x53FF, 0x540D, 0x5411, 0x5413, - 0x5419, 0x5435, 0x5437, 0x543B, 0x5441, 0x5449, 0x5453, 0x5455, - 0x545F, 0x5461, 0x546B, 0x546D, 0x5471, 0x548F, 0x5491, 0x549D, - 0x54A9, 0x54B3, 0x54C5, 0x54D1, 0x54DF, 0x54E9, 0x54EB, 0x54F7, - 0x54FD, 0x5507, 0x550D, 0x551B, 0x5527, 0x552B, 0x5539, 0x553D, - 0x554F, 0x5551, 0x555B, 0x5563, 0x5567, 0x556F, 0x5579, 0x5585, - 0x5597, 0x55A9, 0x55B1, 0x55B7, 0x55C9, 0x55D9, 0x55E7, 0x55ED, - 0x55F3, 0x55FD, 0x560B, 0x560F, 0x5615, 0x5617, 0x5623, 0x562F, - 0x5633, 0x5639, 0x563F, 0x564B, 0x564D, 0x565D, 0x565F, 0x566B, - 0x5671, 0x5675, 0x5683, 0x5689, 0x568D, 0x568F, 0x569B, 0x56AD, - 0x56B1, 0x56D5, 0x56E7, 0x56F3, 0x56FF, 0x5701, 0x5705, 0x5707, - 0x570B, 0x5713, 0x571F, 0x5723, 0x5747, 0x574D, 0x575F, 0x5761, - 0x576D, 0x5777, 0x577D, 0x5789, 0x57A1, 0x57A9, 0x57AF, 0x57B5, - 0x57C5, 0x57D1, 0x57D3, 0x57E5, 0x57EF, 0x5803, 0x580D, 0x580F, - 0x5815, 0x5827, 0x582B, 0x582D, 0x5855, 0x585B, 0x585D, 0x586D, - 0x586F, 0x5873, 0x587B, 0x588D, 0x5897, 0x58A3, 0x58A9, 0x58AB, - 0x58B5, 0x58BD, 0x58C1, 0x58C7, 0x58D3, 0x58D5, 0x58DF, 0x58F1, - 0x58F9, 0x58FF, 0x5903, 0x5917, 0x591B, 0x5921, 0x5945, 0x594B, - 0x594D, 0x5957, 0x595D, 0x5975, 0x597B, 0x5989, 0x5999, 0x599F, - 0x59B1, 0x59B3, 0x59BD, 0x59D1, 0x59DB, 0x59E3, 0x59E9, 0x59ED, - 0x59F3, 0x59F5, 0x59FF, 0x5A01, 0x5A0D, 0x5A11, 0x5A13, 0x5A17, - 0x5A1F, 0x5A29, 0x5A2F, 0x5A3B, 0x5A4D, 0x5A5B, 0x5A67, 0x5A77, - 0x5A7F, 0x5A85, 0x5A95, 0x5A9D, 0x5AA1, 0x5AA3, 0x5AA9, 0x5ABB, - 0x5AD3, 0x5AE5, 0x5AEF, 0x5AFB, 0x5AFD, 0x5B01, 0x5B0F, 0x5B19, - 0x5B1F, 0x5B25, 0x5B2B, 0x5B3D, 0x5B49, 0x5B4B, 0x5B67, 0x5B79, - 0x5B87, 0x5B97, 0x5BA3, 0x5BB1, 0x5BC9, 0x5BD5, 0x5BEB, 0x5BF1, - 0x5BF3, 0x5BFD, 0x5C05, 0x5C09, 0x5C0B, 0x5C0F, 0x5C1D, 0x5C29, - 0x5C2F, 0x5C33, 0x5C39, 0x5C47, 0x5C4B, 0x5C4D, 0x5C51, 0x5C6F, - 0x5C75, 0x5C77, 0x5C7D, 0x5C87, 0x5C89, 0x5CA7, 0x5CBD, 0x5CBF, - 0x5CC3, 0x5CC9, 0x5CD1, 0x5CD7, 0x5CDD, 0x5CED, 0x5CF9, 0x5D05, - 0x5D0B, 0x5D13, 0x5D17, 0x5D19, 0x5D31, 0x5D3D, 0x5D41, 0x5D47, - 0x5D4F, 0x5D55, 0x5D5B, 0x5D65, 0x5D67, 0x5D6D, 0x5D79, 0x5D95, - 0x5DA3, 0x5DA9, 0x5DAD, 0x5DB9, 0x5DC1, 0x5DC7, 0x5DD3, 0x5DD7, - 0x5DDD, 0x5DEB, 0x5DF1, 0x5DFD, 0x5E07, 0x5E0D, 0x5E13, 0x5E1B, - 0x5E21, 0x5E27, 0x5E2B, 0x5E2D, 0x5E31, 0x5E39, 0x5E45, 0x5E49, - 0x5E57, 0x5E69, 0x5E73, 0x5E75, 0x5E85, 0x5E8B, 0x5E9F, 0x5EA5, - 0x5EAF, 0x5EB7, 0x5EBB, 0x5ED9, 0x5EFD, 0x5F09, 0x5F11, 0x5F27, - 0x5F33, 0x5F35, 0x5F3B, 0x5F47, 0x5F57, 0x5F5D, 0x5F63, 0x5F65, - 0x5F77, 0x5F7B, 0x5F95, 0x5F99, 0x5FA1, 0x5FB3, 0x5FBD, 0x5FC5, - 0x5FCF, 0x5FD5, 0x5FE3, 0x5FE7, 0x5FFB, 0x6011, 0x6023, 0x602F, - 0x6037, 0x6053, 0x605F, 0x6065, 0x606B, 0x6073, 0x6079, 0x6085, - 0x609D, 0x60AD, 0x60BB, 0x60BF, 0x60CD, 0x60D9, 0x60DF, 0x60E9, - 0x60F5, 0x6109, 0x610F, 0x6113, 0x611B, 0x612D, 0x6139, 0x614B, - 0x6155, 0x6157, 0x615B, 0x616F, 0x6179, 0x6187, 0x618B, 0x6191, - 0x6193, 0x619D, 0x61B5, 0x61C7, 0x61C9, 0x61CD, 0x61E1, 0x61F1, - 0x61FF, 0x6209, 0x6217, 0x621D, 0x6221, 0x6227, 0x623B, 0x6241, - 0x624B, 0x6251, 0x6253, 0x625F, 0x6265, 0x6283, 0x628D, 0x6295, - 0x629B, 0x629F, 0x62A5, 0x62AD, 0x62D5, 0x62D7, 0x62DB, 0x62DD, - 0x62E9, 0x62FB, 0x62FF, 0x6305, 0x630D, 0x6317, 0x631D, 0x632F, - 0x6341, 0x6343, 0x634F, 0x635F, 0x6367, 0x636D, 0x6371, 0x6377, - 0x637D, 0x637F, 0x63B3, 0x63C1, 0x63C5, 0x63D9, 0x63E9, 0x63EB, - 0x63EF, 0x63F5, 0x6401, 0x6403, 0x6409, 0x6415, 0x6421, 0x6427, - 0x642B, 0x6439, 0x6443, 0x6449, 0x644F, 0x645D, 0x6467, 0x6475, - 0x6485, 0x648D, 0x6493, 0x649F, 0x64A3, 0x64AB, 0x64C1, 0x64C7, - 0x64C9, 0x64DB, 0x64F1, 0x64F7, 0x64F9, 0x650B, 0x6511, 0x6521, - 0x652F, 0x6539, 0x653F, 0x654B, 0x654D, 0x6553, 0x6557, 0x655F, - 0x6571, 0x657D, 0x658D, 0x658F, 0x6593, 0x65A1, 0x65A5, 0x65AD, - 0x65B9, 0x65C5, 0x65E3, 0x65F3, 0x65FB, 0x65FF, 0x6601, 0x6607, - 0x661D, 0x6629, 0x6631, 0x663B, 0x6641, 0x6647, 0x664D, 0x665B, - 0x6661, 0x6673, 0x667D, 0x6689, 0x668B, 0x6695, 0x6697, 0x669B, - 0x66B5, 0x66B9, 0x66C5, 0x66CD, 0x66D1, 0x66E3, 0x66EB, 0x66F5, - 0x6703, 0x6713, 0x6719, 0x671F, 0x6727, 0x6731, 0x6737, 0x673F, - 0x6745, 0x6751, 0x675B, 0x676F, 0x6779, 0x6781, 0x6785, 0x6791, - 0x67AB, 0x67BD, 0x67C1, 0x67CD, 0x67DF, 0x67E5, 0x6803, 0x6809, - 0x6811, 0x6817, 0x682D, 0x6839, 0x683B, 0x683F, 0x6845, 0x684B, - 0x684D, 0x6857, 0x6859, 0x685D, 0x6863, 0x6869, 0x686B, 0x6871, - 0x6887, 0x6899, 0x689F, 0x68B1, 0x68BD, 0x68C5, 0x68D1, 0x68D7, - 0x68E1, 0x68ED, 0x68EF, 0x68FF, 0x6901, 0x690B, 0x690D, 0x6917, - 0x6929, 0x692F, 0x6943, 0x6947, 0x6949, 0x694F, 0x6965, 0x696B, - 0x6971, 0x6983, 0x6989, 0x6997, 0x69A3, 0x69B3, 0x69B5, 0x69BB, - 0x69C1, 0x69C5, 0x69D3, 0x69DF, 0x69E3, 0x69E5, 0x69F7, 0x6A07, - 0x6A2B, 0x6A37, 0x6A3D, 0x6A4B, 0x6A67, 0x6A69, 0x6A75, 0x6A7B, - 0x6A87, 0x6A8D, 0x6A91, 0x6A93, 0x6AA3, 0x6AC1, 0x6AC9, 0x6AE1, - 0x6AE7, 0x6B05, 0x6B0F, 0x6B11, 0x6B23, 0x6B27, 0x6B2D, 0x6B39, - 0x6B41, 0x6B57, 0x6B59, 0x6B5F, 0x6B75, 0x6B87, 0x6B89, 0x6B93, - 0x6B95, 0x6B9F, 0x6BBD, 0x6BBF, 0x6BDB, 0x6BE1, 0x6BEF, 0x6BFF, - 0x6C05, 0x6C19, 0x6C29, 0x6C2B, 0x6C31, 0x6C35, 0x6C55, 0x6C59, - 0x6C5B, 0x6C5F, 0x6C65, 0x6C67, 0x6C73, 0x6C77, 0x6C7D, 0x6C83, - 0x6C8F, 0x6C91, 0x6C97, 0x6C9B, 0x6CA1, 0x6CA9, 0x6CAF, 0x6CB3, - 0x6CC7, 0x6CCB, 0x6CEB, 0x6CF5, 0x6CFD, 0x6D0D, 0x6D0F, 0x6D25, - 0x6D27, 0x6D2B, 0x6D31, 0x6D39, 0x6D3F, 0x6D4F, 0x6D5D, 0x6D61, - 0x6D73, 0x6D7B, 0x6D7F, 0x6D93, 0x6D99, 0x6DA5, 0x6DB1, 0x6DB7, - 0x6DC1, 0x6DC3, 0x6DCD, 0x6DCF, 0x6DDB, 0x6DF7, 0x6E03, 0x6E15, - 0x6E17, 0x6E29, 0x6E33, 0x6E3B, 0x6E45, 0x6E75, 0x6E77, 0x6E7B, - 0x6E81, 0x6E89, 0x6E93, 0x6E95, 0x6E9F, 0x6EBD, 0x6EBF, 0x6EE3, - 0x6EE9, 0x6EF3, 0x6EF9, 0x6EFB, 0x6F0D, 0x6F11, 0x6F17, 0x6F1F, - 0x6F2F, 0x6F3D, 0x6F4D, 0x6F53, 0x6F61, 0x6F65, 0x6F79, 0x6F7D, - 0x6F83, 0x6F85, 0x6F8F, 0x6F9B, 0x6F9D, 0x6FA3, 0x6FAF, 0x6FB5, - 0x6FBB, 0x6FBF, 0x6FCB, 0x6FCD, 0x6FD3, 0x6FD7, 0x6FE3, 0x6FE9, - 0x6FF1, 0x6FF5, 0x6FF7, 0x6FFD, 0x700F, 0x7019, 0x701F, 0x7027, - 0x7033, 0x7039, 0x704F, 0x7051, 0x7057, 0x7063, 0x7075, 0x7079, - 0x7087, 0x708D, 0x7091, 0x70A5, 0x70AB, 0x70BB, 0x70C3, 0x70C7, - 0x70CF, 0x70E5, 0x70ED, 0x70F9, 0x70FF, 0x7105, 0x7115, 0x7121, - 0x7133, 0x7151, 0x7159, 0x715D, 0x715F, 0x7163, 0x7169, 0x7183, - 0x7187, 0x7195, 0x71AD, 0x71C3, 0x71C9, 0x71CB, 0x71D1, 0x71DB, - 0x71E1, 0x71EF, 0x71F5, 0x71FB, 0x7207, 0x7211, 0x7217, 0x7219, - 0x7225, 0x722F, 0x723B, 0x7243, 0x7255, 0x7267, 0x7271, 0x7277, - 0x727F, 0x728F, 0x7295, 0x729B, 0x72A3, 0x72B3, 0x72C7, 0x72CB, - 0x72CD, 0x72D7, 0x72D9, 0x72E3, 0x72EF, 0x72F5, 0x72FD, 0x7303, - 0x730D, 0x7321, 0x732B, 0x733D, 0x7357, 0x735B, 0x7361, 0x737F, - 0x7381, 0x7385, 0x738D, 0x7393, 0x739F, 0x73AB, 0x73BD, 0x73C1, - 0x73C9, 0x73DF, 0x73E5, 0x73E7, 0x73F3, 0x7415, 0x741B, 0x742D, - 0x7439, 0x743F, 0x7441, 0x745D, 0x746B, 0x747B, 0x7489, 0x748D, - 0x749B, 0x74A7, 0x74AB, 0x74B1, 0x74B7, 0x74B9, 0x74DD, 0x74E1, - 0x74E7, 0x74FB, 0x7507, 0x751F, 0x7525, 0x753B, 0x753D, 0x754D, - 0x755F, 0x756B, 0x7577, 0x7589, 0x758B, 0x7591, 0x7597, 0x759D, - 0x75A1, 0x75A7, 0x75B5, 0x75B9, 0x75BB, 0x75D1, 0x75D9, 0x75E5, - 0x75EB, 0x75F5, 0x75FB, 0x7603, 0x760F, 0x7621, 0x762D, 0x7633, - 0x763D, 0x763F, 0x7655, 0x7663, 0x7669, 0x766F, 0x7673, 0x7685, - 0x768B, 0x769F, 0x76B5, 0x76B7, 0x76C3, 0x76DB, 0x76DF, 0x76F1, - 0x7703, 0x7705, 0x771B, 0x771D, 0x7721, 0x772D, 0x7735, 0x7741, - 0x774B, 0x7759, 0x775D, 0x775F, 0x7771, 0x7781, 0x77A7, 0x77AD, - 0x77B3, 0x77B9, 0x77C5, 0x77CF, 0x77D5, 0x77E1, 0x77E9, 0x77EF, - 0x77F3, 0x77F9, 0x7807, 0x7825, 0x782B, 0x7835, 0x783D, 0x7853, - 0x7859, 0x7861, 0x786D, 0x7877, 0x7879, 0x7883, 0x7885, 0x788B, - 0x7895, 0x7897, 0x78A1, 0x78AD, 0x78BF, 0x78D3, 0x78D9, 0x78DD, - 0x78E5, 0x78FB, 0x7901, 0x7907, 0x7925, 0x792B, 0x7939, 0x793F, - 0x794B, 0x7957, 0x795D, 0x7967, 0x7969, 0x7973, 0x7991, 0x7993, - 0x79A3, 0x79AB, 0x79AF, 0x79B1, 0x79B7, 0x79C9, 0x79CD, 0x79CF, - 0x79D5, 0x79D9, 0x79F3, 0x79F7, 0x79FF, 0x7A05, 0x7A0F, 0x7A11, - 0x7A15, 0x7A1B, 0x7A23, 0x7A27, 0x7A2D, 0x7A4B, 0x7A57, 0x7A59, - 0x7A5F, 0x7A65, 0x7A69, 0x7A7D, 0x7A93, 0x7A9B, 0x7A9F, 0x7AA1, - 0x7AA5, 0x7AED, 0x7AF5, 0x7AF9, 0x7B01, 0x7B17, 0x7B19, 0x7B1D, - 0x7B2B, 0x7B35, 0x7B37, 0x7B3B, 0x7B4F, 0x7B55, 0x7B5F, 0x7B71, - 0x7B77, 0x7B8B, 0x7B9B, 0x7BA1, 0x7BA9, 0x7BAF, 0x7BB3, 0x7BC7, - 0x7BD3, 0x7BE9, 0x7BEB, 0x7BEF, 0x7BF1, 0x7BFD, 0x7C07, 0x7C19, - 0x7C1B, 0x7C31, 0x7C37, 0x7C49, 0x7C67, 0x7C69, 0x7C73, 0x7C81, - 0x7C8B, 0x7C93, 0x7CA3, 0x7CD5, 0x7CDB, 0x7CE5, 0x7CED, 0x7CF7, - 0x7D03, 0x7D09, 0x7D1B, 0x7D1D, 0x7D33, 0x7D39, 0x7D3B, 0x7D3F, - 0x7D45, 0x7D4D, 0x7D53, 0x7D59, 0x7D63, 0x7D75, 0x7D77, 0x7D8D, - 0x7D8F, 0x7D9F, 0x7DAD, 0x7DB7, 0x7DBD, 0x7DBF, 0x7DCB, 0x7DD5, - 0x7DE9, 0x7DED, 0x7DFB, 0x7E01, 0x7E05, 0x7E29, 0x7E2B, 0x7E2F, - 0x7E35, 0x7E41, 0x7E43, 0x7E47, 0x7E55, 0x7E61, 0x7E67, 0x7E6B, - 0x7E71, 0x7E73, 0x7E79, 0x7E7D, 0x7E91, 0x7E9B, 0x7E9D, 0x7EA7, - 0x7EAD, 0x7EB9, 0x7EBB, 0x7ED3, 0x7EDF, 0x7EEB, 0x7EF1, 0x7EF7, - 0x7EFB, 0x7F13, 0x7F15, 0x7F19, 0x7F31, 0x7F33, 0x7F39, 0x7F3D, - 0x7F43, 0x7F4B, 0x7F5B, 0x7F61, 0x7F63, 0x7F6D, 0x7F79, 0x7F87, - 0x7F8D, 0x7FAF, 0x7FB5, 0x7FC3, 0x7FC9, 0x7FCD, 0x7FCF, 0x7FED, - 0x8003, 0x800B, 0x800F, 0x8015, 0x801D, 0x8021, 0x8023, 0x803F, - 0x8041, 0x8047, 0x804B, 0x8065, 0x8077, 0x808D, 0x808F, 0x8095, - 0x80A5, 0x80AB, 0x80AD, 0x80BD, 0x80C9, 0x80CB, 0x80D7, 0x80DB, - 0x80E1, 0x80E7, 0x80F5, 0x80FF, 0x8105, 0x810D, 0x8119, 0x811D, - 0x812F, 0x8131, 0x813B, 0x8143, 0x8153, 0x8159, 0x815F, 0x817D, - 0x817F, 0x8189, 0x819B, 0x819D, 0x81A7, 0x81AF, 0x81B3, 0x81BB, - 0x81C7, 0x81DF, 0x8207, 0x8209, 0x8215, 0x821F, 0x8225, 0x8231, - 0x8233, 0x823F, 0x8243, 0x8245, 0x8249, 0x824F, 0x8261, 0x826F, - 0x827B, 0x8281, 0x8285, 0x8293, 0x82B1, 0x82B5, 0x82BD, 0x82C7, - 0x82CF, 0x82D5, 0x82DF, 0x82F1, 0x82F9, 0x82FD, 0x830B, 0x831B, - 0x8321, 0x8329, 0x832D, 0x8333, 0x8335, 0x833F, 0x8341, 0x834D, - 0x8351, 0x8353, 0x8357, 0x835D, 0x8365, 0x8369, 0x836F, 0x838F, - 0x83A7, 0x83B1, 0x83B9, 0x83CB, 0x83D5, 0x83D7, 0x83DD, 0x83E7, - 0x83E9, 0x83ED, 0x83FF, 0x8405, 0x8411, 0x8413, 0x8423, 0x8425, - 0x843B, 0x8441, 0x8447, 0x844F, 0x8461, 0x8465, 0x8477, 0x8483, - 0x848B, 0x8491, 0x8495, 0x84A9, 0x84AF, 0x84CD, 0x84E3, 0x84EF, - 0x84F1, 0x84F7, 0x8509, 0x850D, 0x854B, 0x854F, 0x8551, 0x855D, - 0x8563, 0x856D, 0x856F, 0x857B, 0x8587, 0x85A3, 0x85A5, 0x85A9, - 0x85B7, 0x85CD, 0x85D3, 0x85D5, 0x85DB, 0x85E1, 0x85EB, 0x85F9, - 0x85FD, 0x85FF, 0x8609, 0x860F, 0x8617, 0x8621, 0x862F, 0x8639, - 0x863F, 0x8641, 0x864D, 0x8663, 0x8675, 0x867D, 0x8687, 0x8699, - 0x86A5, 0x86A7, 0x86B3, 0x86B7, 0x86C3, 0x86C5, 0x86CF, 0x86D1, - 0x86D7, 0x86E9, 0x86EF, 0x86F5, 0x8717, 0x871D, 0x871F, 0x872B, - 0x872F, 0x8735, 0x8747, 0x8759, 0x875B, 0x876B, 0x8771, 0x8777, - 0x877F, 0x8785, 0x878F, 0x87A1, 0x87A9, 0x87B3, 0x87BB, 0x87C5, - 0x87C7, 0x87CB, 0x87DD, 0x87F7, 0x8803, 0x8819, 0x881B, 0x881F, - 0x8821, 0x8837, 0x883D, 0x8843, 0x8851, 0x8861, 0x8867, 0x887B, - 0x8885, 0x8891, 0x8893, 0x88A5, 0x88CF, 0x88D3, 0x88EB, 0x88ED, - 0x88F3, 0x88FD, 0x8909, 0x890B, 0x8911, 0x891B, 0x8923, 0x8927, - 0x892D, 0x8939, 0x8945, 0x894D, 0x8951, 0x8957, 0x8963, 0x8981, - 0x8995, 0x899B, 0x89B3, 0x89B9, 0x89C3, 0x89CF, 0x89D1, 0x89DB, - 0x89EF, 0x89F5, 0x89FB, 0x89FF, 0x8A0B, 0x8A19, 0x8A23, 0x8A35, - 0x8A41, 0x8A49, 0x8A4F, 0x8A5B, 0x8A5F, 0x8A6D, 0x8A77, 0x8A79, - 0x8A85, 0x8AA3, 0x8AB3, 0x8AB5, 0x8AC1, 0x8AC7, 0x8ACB, 0x8ACD, - 0x8AD1, 0x8AD7, 0x8AF1, 0x8AF5, 0x8B07, 0x8B09, 0x8B0D, 0x8B13, - 0x8B21, 0x8B57, 0x8B5D, 0x8B91, 0x8B93, 0x8BA3, 0x8BA9, 0x8BAF, - 0x8BBB, 0x8BD5, 0x8BD9, 0x8BDB, 0x8BE1, 0x8BF7, 0x8BFD, 0x8BFF, - 0x8C0B, 0x8C17, 0x8C1D, 0x8C27, 0x8C39, 0x8C3B, 0x8C47, 0x8C53, - 0x8C5D, 0x8C6F, 0x8C7B, 0x8C81, 0x8C89, 0x8C8F, 0x8C99, 0x8C9F, - 0x8CA7, 0x8CAB, 0x8CAD, 0x8CB1, 0x8CC5, 0x8CDD, 0x8CE3, 0x8CE9, - 0x8CF3, 0x8D01, 0x8D0B, 0x8D0D, 0x8D23, 0x8D29, 0x8D37, 0x8D41, - 0x8D5B, 0x8D5F, 0x8D71, 0x8D79, 0x8D85, 0x8D91, 0x8D9B, 0x8DA7, - 0x8DAD, 0x8DB5, 0x8DC5, 0x8DCB, 0x8DD3, 0x8DD9, 0x8DDF, 0x8DF5, - 0x8DF7, 0x8E01, 0x8E15, 0x8E1F, 0x8E25, 0x8E51, 0x8E63, 0x8E69, - 0x8E73, 0x8E75, 0x8E79, 0x8E7F, 0x8E8D, 0x8E91, 0x8EAB, 0x8EAF, - 0x8EB1, 0x8EBD, 0x8EC7, 0x8ECF, 0x8ED3, 0x8EDB, 0x8EE7, 0x8EEB, - 0x8EF7, 0x8EFF, 0x8F15, 0x8F1D, 0x8F23, 0x8F2D, 0x8F3F, 0x8F45, - 0x8F4B, 0x8F53, 0x8F59, 0x8F65, 0x8F69, 0x8F71, 0x8F83, 0x8F8D, - 0x8F99, 0x8F9F, 0x8FAB, 0x8FAD, 0x8FB3, 0x8FB7, 0x8FB9, 0x8FC9, - 0x8FD5, 0x8FE1, 0x8FEF, 0x8FF9, 0x9007, 0x900D, 0x9017, 0x9023, - 0x9025, 0x9031, 0x9037, 0x903B, 0x9041, 0x9043, 0x904F, 0x9053, - 0x906D, 0x9073, 0x9085, 0x908B, 0x9095, 0x909B, 0x909D, 0x90AF, - 0x90B9, 0x90C1, 0x90C5, 0x90DF, 0x90E9, 0x90FD, 0x9103, 0x9113, - 0x9127, 0x9133, 0x913D, 0x9145, 0x914F, 0x9151, 0x9161, 0x9167, - 0x917B, 0x9185, 0x9199, 0x919D, 0x91BB, 0x91BD, 0x91C1, 0x91C9, - 0x91D9, 0x91DB, 0x91ED, 0x91F1, 0x91F3, 0x91F9, 0x9203, 0x9215, - 0x9221, 0x922F, 0x9241, 0x9247, 0x9257, 0x926B, 0x9271, 0x9275, - 0x927D, 0x9283, 0x9287, 0x928D, 0x9299, 0x92A1, 0x92AB, 0x92AD, - 0x92B9, 0x92BF, 0x92C3, 0x92C5, 0x92CB, 0x92D5, 0x92D7, 0x92E7, - 0x92F3, 0x9301, 0x930B, 0x9311, 0x9319, 0x931F, 0x933B, 0x933D, - 0x9343, 0x9355, 0x9373, 0x9395, 0x9397, 0x93A7, 0x93B3, 0x93B5, - 0x93C7, 0x93D7, 0x93DD, 0x93E5, 0x93EF, 0x93F7, 0x9401, 0x9409, - 0x9413, 0x943F, 0x9445, 0x944B, 0x944F, 0x9463, 0x9467, 0x9469, - 0x946D, 0x947B, 0x9497, 0x949F, 0x94A5, 0x94B5, 0x94C3, 0x94E1, - 0x94E7, 0x9505, 0x9509, 0x9517, 0x9521, 0x9527, 0x952D, 0x9535, - 0x9539, 0x954B, 0x9557, 0x955D, 0x955F, 0x9575, 0x9581, 0x9589, - 0x958F, 0x959B, 0x959F, 0x95AD, 0x95B1, 0x95B7, 0x95B9, 0x95BD, - 0x95CF, 0x95E3, 0x95E9, 0x95F9, 0x961F, 0x962F, 0x9631, 0x9635, - 0x963B, 0x963D, 0x9665, 0x968F, 0x969D, 0x96A1, 0x96A7, 0x96A9, - 0x96C1, 0x96CB, 0x96D1, 0x96D3, 0x96E5, 0x96EF, 0x96FB, 0x96FD, - 0x970D, 0x970F, 0x9715, 0x9725, 0x972B, 0x9733, 0x9737, 0x9739, - 0x9743, 0x9749, 0x9751, 0x975B, 0x975D, 0x976F, 0x977F, 0x9787, - 0x9793, 0x97A5, 0x97B1, 0x97B7, 0x97C3, 0x97CD, 0x97D3, 0x97D9, - 0x97EB, 0x97F7, 0x9805, 0x9809, 0x980B, 0x9815, 0x9829, 0x982F, - 0x983B, 0x9841, 0x9851, 0x986B, 0x986F, 0x9881, 0x9883, 0x9887, - 0x98A7, 0x98B1, 0x98B9, 0x98BF, 0x98C3, 0x98C9, 0x98CF, 0x98DD, - 0x98E3, 0x98F5, 0x98F9, 0x98FB, 0x990D, 0x9917, 0x991F, 0x9929, - 0x9931, 0x993B, 0x993D, 0x9941, 0x9947, 0x9949, 0x9953, 0x997D, - 0x9985, 0x9991, 0x9995, 0x999B, 0x99AD, 0x99AF, 0x99BF, 0x99C7, - 0x99CB, 0x99CD, 0x99D7, 0x99E5, 0x99F1, 0x99FB, 0x9A0F, 0x9A13, - 0x9A1B, 0x9A25, 0x9A4B, 0x9A4F, 0x9A55, 0x9A57, 0x9A61, 0x9A75, - 0x9A7F, 0x9A8B, 0x9A91, 0x9A9D, 0x9AB7, 0x9AC3, 0x9AC7, 0x9ACF, - 0x9AEB, 0x9AF3, 0x9AF7, 0x9AFF, 0x9B17, 0x9B1D, 0x9B27, 0x9B2F, - 0x9B35, 0x9B45, 0x9B51, 0x9B59, 0x9B63, 0x9B6F, 0x9B77, 0x9B8D, - 0x9B93, 0x9B95, 0x9B9F, 0x9BA1, 0x9BA7, 0x9BB1, 0x9BB7, 0x9BBD, - 0x9BC5, 0x9BCB, 0x9BCF, 0x9BDD, 0x9BF9, 0x9C01, 0x9C11, 0x9C23, - 0x9C2B, 0x9C2F, 0x9C35, 0x9C49, 0x9C4D, 0x9C5F, 0x9C65, 0x9C67, - 0x9C7F, 0x9C97, 0x9C9D, 0x9CA3, 0x9CAF, 0x9CBB, 0x9CBF, 0x9CC1, - 0x9CD7, 0x9CD9, 0x9CE3, 0x9CE9, 0x9CF1, 0x9CFD, 0x9D01, 0x9D15, - 0x9D27, 0x9D2D, 0x9D31, 0x9D3D, 0x9D55, 0x9D5B, 0x9D61, 0x9D97, - 0x9D9F, 0x9DA5, 0x9DA9, 0x9DC3, 0x9DE7, 0x9DEB, 0x9DED, 0x9DF1, - 0x9E0B, 0x9E17, 0x9E23, 0x9E27, 0x9E2D, 0x9E33, 0x9E3B, 0x9E47, - 0x9E51, 0x9E53, 0x9E5F, 0x9E6F, 0x9E81, 0x9E87, 0x9E8F, 0x9E95, - 0x9EA1, 0x9EB3, 0x9EBD, 0x9EBF, 0x9EF5, 0x9EF9, 0x9EFB, 0x9F05, - 0x9F23, 0x9F2F, 0x9F37, 0x9F3B, 0x9F43, 0x9F53, 0x9F61, 0x9F6D, - 0x9F73, 0x9F77, 0x9F7D, 0x9F89, 0x9F8F, 0x9F91, 0x9F95, 0x9FA3, - 0x9FAF, 0x9FB3, 0x9FC1, 0x9FC7, 0x9FDF, 0x9FE5, 0x9FEB, 0x9FF5, - 0xA001, 0xA00D, 0xA021, 0xA033, 0xA039, 0xA03F, 0xA04F, 0xA057, - 0xA05B, 0xA061, 0xA075, 0xA079, 0xA099, 0xA09D, 0xA0AB, 0xA0B5, - 0xA0B7, 0xA0BD, 0xA0C9, 0xA0D9, 0xA0DB, 0xA0DF, 0xA0E5, 0xA0F1, - 0xA0F3, 0xA0FD, 0xA105, 0xA10B, 0xA10F, 0xA111, 0xA11B, 0xA129, - 0xA12F, 0xA135, 0xA141, 0xA153, 0xA175, 0xA17D, 0xA187, 0xA18D, - 0xA1A5, 0xA1AB, 0xA1AD, 0xA1B7, 0xA1C3, 0xA1C5, 0xA1E3, 0xA1ED, - 0xA1FB, 0xA207, 0xA213, 0xA223, 0xA229, 0xA22F, 0xA231, 0xA243, - 0xA247, 0xA24D, 0xA26B, 0xA279, 0xA27D, 0xA283, 0xA289, 0xA28B, - 0xA291, 0xA295, 0xA29B, 0xA2A9, 0xA2AF, 0xA2B3, 0xA2BB, 0xA2C5, - 0xA2D1, 0xA2D7, 0xA2F7, 0xA301, 0xA309, 0xA31F, 0xA321, 0xA32B, - 0xA331, 0xA349, 0xA351, 0xA355, 0xA373, 0xA379, 0xA37B, 0xA387, - 0xA397, 0xA39F, 0xA3A5, 0xA3A9, 0xA3AF, 0xA3B7, 0xA3C7, 0xA3D5, - 0xA3DB, 0xA3E1, 0xA3E5, 0xA3E7, 0xA3F1, 0xA3FD, 0xA3FF, 0xA40F, - 0xA41D, 0xA421, 0xA423, 0xA427, 0xA43B, 0xA44D, 0xA457, 0xA459, - 0xA463, 0xA469, 0xA475, 0xA493, 0xA49B, 0xA4AD, 0xA4B9, 0xA4C3, - 0xA4C5, 0xA4CB, 0xA4D1, 0xA4D5, 0xA4E1, 0xA4ED, 0xA4EF, 0xA4F3, - 0xA4FF, 0xA511, 0xA529, 0xA52B, 0xA535, 0xA53B, 0xA543, 0xA553, - 0xA55B, 0xA561, 0xA56D, 0xA577, 0xA585, 0xA58B, 0xA597, 0xA59D, - 0xA5A3, 0xA5A7, 0xA5A9, 0xA5C1, 0xA5C5, 0xA5CB, 0xA5D3, 0xA5D9, - 0xA5DD, 0xA5DF, 0xA5E3, 0xA5E9, 0xA5F7, 0xA5FB, 0xA603, 0xA60D, - 0xA625, 0xA63D, 0xA649, 0xA64B, 0xA651, 0xA65D, 0xA673, 0xA691, - 0xA693, 0xA699, 0xA6AB, 0xA6B5, 0xA6BB, 0xA6C1, 0xA6C9, 0xA6CD, - 0xA6CF, 0xA6D5, 0xA6DF, 0xA6E7, 0xA6F1, 0xA6F7, 0xA6FF, 0xA70F, - 0xA715, 0xA723, 0xA729, 0xA72D, 0xA745, 0xA74D, 0xA757, 0xA759, - 0xA765, 0xA76B, 0xA76F, 0xA793, 0xA795, 0xA7AB, 0xA7B1, 0xA7B9, - 0xA7BF, 0xA7C9, 0xA7D1, 0xA7D7, 0xA7E3, 0xA7ED, 0xA7FB, 0xA805, - 0xA80B, 0xA81D, 0xA829, 0xA82B, 0xA837, 0xA83B, 0xA855, 0xA85F, - 0xA86D, 0xA87D, 0xA88F, 0xA897, 0xA8A9, 0xA8B5, 0xA8C1, 0xA8C7, - 0xA8D7, 0xA8E5, 0xA8FD, 0xA907, 0xA913, 0xA91B, 0xA931, 0xA937, - 0xA939, 0xA943, 0xA97F, 0xA985, 0xA987, 0xA98B, 0xA993, 0xA9A3, - 0xA9B1, 0xA9BB, 0xA9C1, 0xA9D9, 0xA9DF, 0xA9EB, 0xA9FD, 0xAA15, - 0xAA17, 0xAA35, 0xAA39, 0xAA3B, 0xAA47, 0xAA4D, 0xAA57, 0xAA59, - 0xAA5D, 0xAA6B, 0xAA71, 0xAA81, 0xAA83, 0xAA8D, 0xAA95, 0xAAAB, - 0xAABF, 0xAAC5, 0xAAC9, 0xAAE9, 0xAAEF, 0xAB01, 0xAB05, 0xAB07, - 0xAB0B, 0xAB0D, 0xAB11, 0xAB19, 0xAB4D, 0xAB5B, 0xAB71, 0xAB73, - 0xAB89, 0xAB9D, 0xABA7, 0xABAF, 0xABB9, 0xABBB, 0xABC1, 0xABC5, - 0xABD3, 0xABD7, 0xABDD, 0xABF1, 0xABF5, 0xABFB, 0xABFD, 0xAC09, - 0xAC15, 0xAC1B, 0xAC27, 0xAC37, 0xAC39, 0xAC45, 0xAC4F, 0xAC57, - 0xAC5B, 0xAC61, 0xAC63, 0xAC7F, 0xAC8B, 0xAC93, 0xAC9D, 0xACA9, - 0xACAB, 0xACAF, 0xACBD, 0xACD9, 0xACE1, 0xACE7, 0xACEB, 0xACED, - 0xACF1, 0xACF7, 0xACF9, 0xAD05, 0xAD3F, 0xAD45, 0xAD53, 0xAD5D, - 0xAD5F, 0xAD65, 0xAD81, 0xADA1, 0xADA5, 0xADC3, 0xADCB, 0xADD1, - 0xADD5, 0xADDB, 0xADE7, 0xADF3, 0xADF5, 0xADF9, 0xADFF, 0xAE05, - 0xAE13, 0xAE23, 0xAE2B, 0xAE49, 0xAE4D, 0xAE4F, 0xAE59, 0xAE61, - 0xAE67, 0xAE6B, 0xAE71, 0xAE8B, 0xAE8F, 0xAE9B, 0xAE9D, 0xAEA7, - 0xAEB9, 0xAEC5, 0xAED1, 0xAEE3, 0xAEE5, 0xAEE9, 0xAEF5, 0xAEFD, - 0xAF09, 0xAF13, 0xAF27, 0xAF2B, 0xAF33, 0xAF43, 0xAF4F, 0xAF57, - 0xAF5D, 0xAF6D, 0xAF75, 0xAF7F, 0xAF8B, 0xAF99, 0xAF9F, 0xAFA3, - 0xAFAB, 0xAFB7, 0xAFBB, 0xAFCF, 0xAFD5, 0xAFFD, 0xB005, 0xB015, - 0xB01B, 0xB03F, 0xB041, 0xB047, 0xB04B, 0xB051, 0xB053, 0xB069, - 0xB07B, 0xB07D, 0xB087, 0xB08D, 0xB0B1, 0xB0BF, 0xB0CB, 0xB0CF, - 0xB0E1, 0xB0E9, 0xB0ED, 0xB0FB, 0xB105, 0xB107, 0xB111, 0xB119, - 0xB11D, 0xB11F, 0xB131, 0xB141, 0xB14D, 0xB15B, 0xB165, 0xB173, - 0xB179, 0xB17F, 0xB1A9, 0xB1B3, 0xB1B9, 0xB1BF, 0xB1D3, 0xB1DD, - 0xB1E5, 0xB1F1, 0xB1F5, 0xB201, 0xB213, 0xB215, 0xB21F, 0xB22D, - 0xB23F, 0xB249, 0xB25B, 0xB263, 0xB269, 0xB26D, 0xB27B, 0xB281, - 0xB28B, 0xB2A9, 0xB2B7, 0xB2BD, 0xB2C3, 0xB2C7, 0xB2D3, 0xB2F9, - 0xB2FD, 0xB2FF, 0xB303, 0xB309, 0xB311, 0xB31D, 0xB327, 0xB32D, - 0xB33F, 0xB345, 0xB377, 0xB37D, 0xB381, 0xB387, 0xB393, 0xB39B, - 0xB3A5, 0xB3C5, 0xB3CB, 0xB3E1, 0xB3E3, 0xB3ED, 0xB3F9, 0xB40B, - 0xB40D, 0xB413, 0xB417, 0xB435, 0xB43D, 0xB443, 0xB449, 0xB45B, - 0xB465, 0xB467, 0xB46B, 0xB477, 0xB48B, 0xB495, 0xB49D, 0xB4B5, - 0xB4BF, 0xB4C1, 0xB4C7, 0xB4DD, 0xB4E3, 0xB4E5, 0xB4F7, 0xB501, - 0xB50D, 0xB50F, 0xB52D, 0xB53F, 0xB54B, 0xB567, 0xB569, 0xB56F, - 0xB573, 0xB579, 0xB587, 0xB58D, 0xB599, 0xB5A3, 0xB5AB, 0xB5AF, - 0xB5BB, 0xB5D5, 0xB5DF, 0xB5E7, 0xB5ED, 0xB5FD, 0xB5FF, 0xB609, - 0xB61B, 0xB629, 0xB62F, 0xB633, 0xB639, 0xB647, 0xB657, 0xB659, - 0xB65F, 0xB663, 0xB66F, 0xB683, 0xB687, 0xB69B, 0xB69F, 0xB6A5, - 0xB6B1, 0xB6B3, 0xB6D7, 0xB6DB, 0xB6E1, 0xB6E3, 0xB6ED, 0xB6EF, - 0xB705, 0xB70D, 0xB713, 0xB71D, 0xB729, 0xB735, 0xB747, 0xB755, - 0xB76D, 0xB791, 0xB795, 0xB7A9, 0xB7C1, 0xB7CB, 0xB7D1, 0xB7D3, - 0xB7EF, 0xB7F5, 0xB807, 0xB80F, 0xB813, 0xB819, 0xB821, 0xB827, - 0xB82B, 0xB82D, 0xB839, 0xB855, 0xB867, 0xB875, 0xB885, 0xB893, - 0xB8A5, 0xB8AF, 0xB8B7, 0xB8BD, 0xB8C1, 0xB8C7, 0xB8CD, 0xB8D5, - 0xB8EB, 0xB8F7, 0xB8F9, 0xB903, 0xB915, 0xB91B, 0xB91D, 0xB92F, - 0xB939, 0xB93B, 0xB947, 0xB951, 0xB963, 0xB983, 0xB989, 0xB98D, - 0xB993, 0xB999, 0xB9A1, 0xB9A7, 0xB9AD, 0xB9B7, 0xB9CB, 0xB9D1, - 0xB9DD, 0xB9E7, 0xB9EF, 0xB9F9, 0xBA07, 0xBA0D, 0xBA17, 0xBA25, - 0xBA29, 0xBA2B, 0xBA41, 0xBA53, 0xBA55, 0xBA5F, 0xBA61, 0xBA65, - 0xBA79, 0xBA7D, 0xBA7F, 0xBAA1, 0xBAA3, 0xBAAF, 0xBAB5, 0xBABF, - 0xBAC1, 0xBACB, 0xBADD, 0xBAE3, 0xBAF1, 0xBAFD, 0xBB09, 0xBB1F, - 0xBB27, 0xBB2D, 0xBB3D, 0xBB43, 0xBB4B, 0xBB4F, 0xBB5B, 0xBB61, - 0xBB69, 0xBB6D, 0xBB91, 0xBB97, 0xBB9D, 0xBBB1, 0xBBC9, 0xBBCF, - 0xBBDB, 0xBBED, 0xBBF7, 0xBBF9, 0xBC03, 0xBC1D, 0xBC23, 0xBC33, - 0xBC3B, 0xBC41, 0xBC45, 0xBC5D, 0xBC6F, 0xBC77, 0xBC83, 0xBC8F, - 0xBC99, 0xBCAB, 0xBCB7, 0xBCB9, 0xBCD1, 0xBCD5, 0xBCE1, 0xBCF3, - 0xBCFF, 0xBD0D, 0xBD17, 0xBD19, 0xBD1D, 0xBD35, 0xBD41, 0xBD4F, - 0xBD59, 0xBD5F, 0xBD61, 0xBD67, 0xBD6B, 0xBD71, 0xBD8B, 0xBD8F, - 0xBD95, 0xBD9B, 0xBD9D, 0xBDB3, 0xBDBB, 0xBDCD, 0xBDD1, 0xBDE3, - 0xBDEB, 0xBDEF, 0xBE07, 0xBE09, 0xBE15, 0xBE21, 0xBE25, 0xBE27, - 0xBE5B, 0xBE5D, 0xBE6F, 0xBE75, 0xBE79, 0xBE7F, 0xBE8B, 0xBE8D, - 0xBE93, 0xBE9F, 0xBEA9, 0xBEB1, 0xBEB5, 0xBEB7, 0xBECF, 0xBED9, - 0xBEDB, 0xBEE5, 0xBEE7, 0xBEF3, 0xBEF9, 0xBF0B, 0xBF33, 0xBF39, - 0xBF4D, 0xBF5D, 0xBF5F, 0xBF6B, 0xBF71, 0xBF7B, 0xBF87, 0xBF89, - 0xBF8D, 0xBF93, 0xBFA1, 0xBFAD, 0xBFB9, 0xBFCF, 0xBFD5, 0xBFDD, - 0xBFE1, 0xBFE3, 0xBFF3, 0xC005, 0xC011, 0xC013, 0xC019, 0xC029, - 0xC02F, 0xC031, 0xC037, 0xC03B, 0xC047, 0xC065, 0xC06D, 0xC07D, - 0xC07F, 0xC091, 0xC09B, 0xC0B3, 0xC0B5, 0xC0BB, 0xC0D3, 0xC0D7, - 0xC0D9, 0xC0EF, 0xC0F1, 0xC101, 0xC103, 0xC109, 0xC115, 0xC119, - 0xC12B, 0xC133, 0xC137, 0xC145, 0xC149, 0xC15B, 0xC173, 0xC179, - 0xC17B, 0xC181, 0xC18B, 0xC18D, 0xC197, 0xC1BD, 0xC1C3, 0xC1CD, - 0xC1DB, 0xC1E1, 0xC1E7, 0xC1FF, 0xC203, 0xC205, 0xC211, 0xC221, - 0xC22F, 0xC23F, 0xC24B, 0xC24D, 0xC253, 0xC25D, 0xC277, 0xC27B, - 0xC27D, 0xC289, 0xC28F, 0xC293, 0xC29F, 0xC2A7, 0xC2B3, 0xC2BD, - 0xC2CF, 0xC2D5, 0xC2E3, 0xC2FF, 0xC301, 0xC307, 0xC311, 0xC313, - 0xC317, 0xC325, 0xC347, 0xC349, 0xC34F, 0xC365, 0xC367, 0xC371, - 0xC37F, 0xC383, 0xC385, 0xC395, 0xC39D, 0xC3A7, 0xC3AD, 0xC3B5, - 0xC3BF, 0xC3C7, 0xC3CB, 0xC3D1, 0xC3D3, 0xC3E3, 0xC3E9, 0xC3EF, - 0xC401, 0xC41F, 0xC42D, 0xC433, 0xC437, 0xC455, 0xC457, 0xC461, - 0xC46F, 0xC473, 0xC487, 0xC491, 0xC499, 0xC49D, 0xC4A5, 0xC4B7, - 0xC4BB, 0xC4C9, 0xC4CF, 0xC4D3, 0xC4EB, 0xC4F1, 0xC4F7, 0xC509, - 0xC51B, 0xC51D, 0xC541, 0xC547, 0xC551, 0xC55F, 0xC56B, 0xC56F, - 0xC575, 0xC577, 0xC595, 0xC59B, 0xC59F, 0xC5A1, 0xC5A7, 0xC5C3, - 0xC5D7, 0xC5DB, 0xC5EF, 0xC5FB, 0xC613, 0xC623, 0xC635, 0xC641, - 0xC64F, 0xC655, 0xC659, 0xC665, 0xC685, 0xC691, 0xC697, 0xC6A1, - 0xC6A9, 0xC6B3, 0xC6B9, 0xC6CB, 0xC6CD, 0xC6DD, 0xC6EB, 0xC6F1, - 0xC707, 0xC70D, 0xC719, 0xC71B, 0xC72D, 0xC731, 0xC739, 0xC757, - 0xC763, 0xC767, 0xC773, 0xC775, 0xC77F, 0xC7A5, 0xC7BB, 0xC7BD, - 0xC7C1, 0xC7CF, 0xC7D5, 0xC7E1, 0xC7F9, 0xC7FD, 0xC7FF, 0xC803, - 0xC811, 0xC81D, 0xC827, 0xC829, 0xC839, 0xC83F, 0xC853, 0xC857, - 0xC86B, 0xC881, 0xC88D, 0xC88F, 0xC893, 0xC895, 0xC8A1, 0xC8B7, - 0xC8CF, 0xC8D5, 0xC8DB, 0xC8DD, 0xC8E3, 0xC8E7, 0xC8ED, 0xC8EF, - 0xC8F9, 0xC905, 0xC911, 0xC917, 0xC919, 0xC91F, 0xC92F, 0xC937, - 0xC93D, 0xC941, 0xC953, 0xC95F, 0xC96B, 0xC979, 0xC97D, 0xC989, - 0xC98F, 0xC997, 0xC99D, 0xC9AF, 0xC9B5, 0xC9BF, 0xC9CB, 0xC9D9, - 0xC9DF, 0xC9E3, 0xC9EB, 0xCA01, 0xCA07, 0xCA09, 0xCA25, 0xCA37, - 0xCA39, 0xCA4B, 0xCA55, 0xCA5B, 0xCA69, 0xCA73, 0xCA75, 0xCA7F, - 0xCA8D, 0xCA93, 0xCA9D, 0xCA9F, 0xCAB5, 0xCABB, 0xCAC3, 0xCAC9, - 0xCAD9, 0xCAE5, 0xCAED, 0xCB03, 0xCB05, 0xCB09, 0xCB17, 0xCB29, - 0xCB35, 0xCB3B, 0xCB53, 0xCB59, 0xCB63, 0xCB65, 0xCB71, 0xCB87, - 0xCB99, 0xCB9F, 0xCBB3, 0xCBB9, 0xCBC3, 0xCBD1, 0xCBD5, 0xCBD7, - 0xCBDD, 0xCBE9, 0xCBFF, 0xCC0D, 0xCC19, 0xCC1D, 0xCC23, 0xCC2B, - 0xCC41, 0xCC43, 0xCC4D, 0xCC59, 0xCC61, 0xCC89, 0xCC8B, 0xCC91, - 0xCC9B, 0xCCA3, 0xCCA7, 0xCCD1, 0xCCE5, 0xCCE9, 0xCD09, 0xCD15, - 0xCD1F, 0xCD25, 0xCD31, 0xCD3D, 0xCD3F, 0xCD49, 0xCD51, 0xCD57, - 0xCD5B, 0xCD63, 0xCD67, 0xCD81, 0xCD93, 0xCD97, 0xCD9F, 0xCDBB, - 0xCDC1, 0xCDD3, 0xCDD9, 0xCDE5, 0xCDE7, 0xCDF1, 0xCDF7, 0xCDFD, - 0xCE0B, 0xCE15, 0xCE21, 0xCE2F, 0xCE47, 0xCE4D, 0xCE51, 0xCE65, - 0xCE7B, 0xCE7D, 0xCE8F, 0xCE93, 0xCE99, 0xCEA5, 0xCEA7, 0xCEB7, - 0xCEC9, 0xCED7, 0xCEDD, 0xCEE3, 0xCEE7, 0xCEED, 0xCEF5, 0xCF07, - 0xCF0B, 0xCF19, 0xCF37, 0xCF3B, 0xCF4D, 0xCF55, 0xCF5F, 0xCF61, - 0xCF65, 0xCF6D, 0xCF79, 0xCF7D, 0xCF89, 0xCF9B, 0xCF9D, 0xCFA9, - 0xCFB3, 0xCFB5, 0xCFC5, 0xCFCD, 0xCFD1, 0xCFEF, 0xCFF1, 0xCFF7, - 0xD013, 0xD015, 0xD01F, 0xD021, 0xD033, 0xD03D, 0xD04B, 0xD04F, - 0xD069, 0xD06F, 0xD081, 0xD085, 0xD099, 0xD09F, 0xD0A3, 0xD0AB, - 0xD0BD, 0xD0C1, 0xD0CD, 0xD0E7, 0xD0FF, 0xD103, 0xD117, 0xD12D, - 0xD12F, 0xD141, 0xD157, 0xD159, 0xD15D, 0xD169, 0xD16B, 0xD171, - 0xD177, 0xD17D, 0xD181, 0xD187, 0xD195, 0xD199, 0xD1B1, 0xD1BD, - 0xD1C3, 0xD1D5, 0xD1D7, 0xD1E3, 0xD1FF, 0xD20D, 0xD211, 0xD217, - 0xD21F, 0xD235, 0xD23B, 0xD247, 0xD259, 0xD261, 0xD265, 0xD279, - 0xD27F, 0xD283, 0xD289, 0xD28B, 0xD29D, 0xD2A3, 0xD2A7, 0xD2B3, - 0xD2BF, 0xD2C7, 0xD2E3, 0xD2E9, 0xD2F1, 0xD2FB, 0xD2FD, 0xD315, - 0xD321, 0xD32B, 0xD343, 0xD34B, 0xD355, 0xD369, 0xD375, 0xD37B, - 0xD387, 0xD393, 0xD397, 0xD3A5, 0xD3B1, 0xD3C9, 0xD3EB, 0xD3FD, - 0xD405, 0xD40F, 0xD415, 0xD427, 0xD42F, 0xD433, 0xD43B, 0xD44B, - 0xD459, 0xD45F, 0xD463, 0xD469, 0xD481, 0xD483, 0xD489, 0xD48D, - 0xD493, 0xD495, 0xD4A5, 0xD4AB, 0xD4B1, 0xD4C5, 0xD4DD, 0xD4E1, - 0xD4E3, 0xD4E7, 0xD4F5, 0xD4F9, 0xD50B, 0xD50D, 0xD513, 0xD51F, - 0xD523, 0xD531, 0xD535, 0xD537, 0xD549, 0xD559, 0xD55F, 0xD565, - 0xD567, 0xD577, 0xD58B, 0xD591, 0xD597, 0xD5B5, 0xD5B9, 0xD5C1, - 0xD5C7, 0xD5DF, 0xD5EF, 0xD5F5, 0xD5FB, 0xD603, 0xD60F, 0xD62D, - 0xD631, 0xD643, 0xD655, 0xD65D, 0xD661, 0xD67B, 0xD685, 0xD687, - 0xD69D, 0xD6A5, 0xD6AF, 0xD6BD, 0xD6C3, 0xD6C7, 0xD6D9, 0xD6E1, - 0xD6ED, 0xD709, 0xD70B, 0xD711, 0xD715, 0xD721, 0xD727, 0xD73F, - 0xD745, 0xD74D, 0xD757, 0xD76B, 0xD77B, 0xD783, 0xD7A1, 0xD7A7, - 0xD7AD, 0xD7B1, 0xD7B3, 0xD7BD, 0xD7CB, 0xD7D1, 0xD7DB, 0xD7FB, - 0xD811, 0xD823, 0xD825, 0xD829, 0xD82B, 0xD82F, 0xD837, 0xD84D, - 0xD855, 0xD867, 0xD873, 0xD88F, 0xD891, 0xD8A1, 0xD8AD, 0xD8BF, - 0xD8CD, 0xD8D7, 0xD8E9, 0xD8F5, 0xD8FB, 0xD91B, 0xD925, 0xD933, - 0xD939, 0xD943, 0xD945, 0xD94F, 0xD951, 0xD957, 0xD96D, 0xD96F, - 0xD973, 0xD979, 0xD981, 0xD98B, 0xD991, 0xD99F, 0xD9A5, 0xD9A9, - 0xD9B5, 0xD9D3, 0xD9EB, 0xD9F1, 0xD9F7, 0xD9FF, 0xDA05, 0xDA09, - 0xDA0B, 0xDA0F, 0xDA15, 0xDA1D, 0xDA23, 0xDA29, 0xDA3F, 0xDA51, - 0xDA59, 0xDA5D, 0xDA5F, 0xDA71, 0xDA77, 0xDA7B, 0xDA7D, 0xDA8D, - 0xDA9F, 0xDAB3, 0xDABD, 0xDAC3, 0xDAC9, 0xDAE7, 0xDAE9, 0xDAF5, - 0xDB11, 0xDB17, 0xDB1D, 0xDB23, 0xDB25, 0xDB31, 0xDB3B, 0xDB43, - 0xDB55, 0xDB67, 0xDB6B, 0xDB73, 0xDB85, 0xDB8F, 0xDB91, 0xDBAD, - 0xDBAF, 0xDBB9, 0xDBC7, 0xDBCB, 0xDBCD, 0xDBEB, 0xDBF7, 0xDC0D, - 0xDC27, 0xDC31, 0xDC39, 0xDC3F, 0xDC49, 0xDC51, 0xDC61, 0xDC6F, - 0xDC75, 0xDC7B, 0xDC85, 0xDC93, 0xDC99, 0xDC9D, 0xDC9F, 0xDCA9, - 0xDCB5, 0xDCB7, 0xDCBD, 0xDCC7, 0xDCCF, 0xDCD3, 0xDCD5, 0xDCDF, - 0xDCF9, 0xDD0F, 0xDD15, 0xDD17, 0xDD23, 0xDD35, 0xDD39, 0xDD53, - 0xDD57, 0xDD5F, 0xDD69, 0xDD6F, 0xDD7D, 0xDD87, 0xDD89, 0xDD9B, - 0xDDA1, 0xDDAB, 0xDDBF, 0xDDC5, 0xDDCB, 0xDDCF, 0xDDE7, 0xDDE9, - 0xDDED, 0xDDF5, 0xDDFB, 0xDE0B, 0xDE19, 0xDE29, 0xDE3B, 0xDE3D, - 0xDE41, 0xDE4D, 0xDE4F, 0xDE59, 0xDE5B, 0xDE61, 0xDE6D, 0xDE77, - 0xDE7D, 0xDE83, 0xDE97, 0xDE9D, 0xDEA1, 0xDEA7, 0xDECD, 0xDED1, - 0xDED7, 0xDEE3, 0xDEF1, 0xDEF5, 0xDF01, 0xDF09, 0xDF13, 0xDF1F, - 0xDF2B, 0xDF33, 0xDF37, 0xDF3D, 0xDF4B, 0xDF55, 0xDF5B, 0xDF67, - 0xDF69, 0xDF73, 0xDF85, 0xDF87, 0xDF99, 0xDFA3, 0xDFAB, 0xDFB5, - 0xDFB7, 0xDFC3, 0xDFC7, 0xDFD5, 0xDFF1, 0xDFF3, 0xE003, 0xE005, - 0xE017, 0xE01D, 0xE027, 0xE02D, 0xE035, 0xE045, 0xE053, 0xE071, - 0xE07B, 0xE08F, 0xE095, 0xE09F, 0xE0B7, 0xE0B9, 0xE0D5, 0xE0D7, - 0xE0E3, 0xE0F3, 0xE0F9, 0xE101, 0xE125, 0xE129, 0xE131, 0xE135, - 0xE143, 0xE14F, 0xE159, 0xE161, 0xE16D, 0xE171, 0xE177, 0xE17F, - 0xE183, 0xE189, 0xE197, 0xE1AD, 0xE1B5, 0xE1BB, 0xE1BF, 0xE1C1, - 0xE1CB, 0xE1D1, 0xE1E5, 0xE1EF, 0xE1F7, 0xE1FD, 0xE203, 0xE219, - 0xE22B, 0xE22D, 0xE23D, 0xE243, 0xE257, 0xE25B, 0xE275, 0xE279, - 0xE287, 0xE29D, 0xE2AB, 0xE2AF, 0xE2BB, 0xE2C1, 0xE2C9, 0xE2CD, - 0xE2D3, 0xE2D9, 0xE2F3, 0xE2FD, 0xE2FF, 0xE311, 0xE323, 0xE327, - 0xE329, 0xE339, 0xE33B, 0xE34D, 0xE351, 0xE357, 0xE35F, 0xE363, - 0xE369, 0xE375, 0xE377, 0xE37D, 0xE383, 0xE39F, 0xE3C5, 0xE3C9, - 0xE3D1, 0xE3E1, 0xE3FB, 0xE3FF, 0xE401, 0xE40B, 0xE417, 0xE419, - 0xE423, 0xE42B, 0xE431, 0xE43B, 0xE447, 0xE449, 0xE453, 0xE455, - 0xE46D, 0xE471, 0xE48F, 0xE4A9, 0xE4AF, 0xE4B5, 0xE4C7, 0xE4CD, - 0xE4D3, 0xE4E9, 0xE4EB, 0xE4F5, 0xE507, 0xE521, 0xE525, 0xE537, - 0xE53F, 0xE545, 0xE54B, 0xE557, 0xE567, 0xE56D, 0xE575, 0xE585, - 0xE58B, 0xE593, 0xE5A3, 0xE5A5, 0xE5CF, 0xE609, 0xE611, 0xE615, - 0xE61B, 0xE61D, 0xE621, 0xE629, 0xE639, 0xE63F, 0xE653, 0xE657, - 0xE663, 0xE66F, 0xE675, 0xE681, 0xE683, 0xE68D, 0xE68F, 0xE695, - 0xE6AB, 0xE6AD, 0xE6B7, 0xE6BD, 0xE6C5, 0xE6CB, 0xE6D5, 0xE6E3, - 0xE6E9, 0xE6EF, 0xE6F3, 0xE705, 0xE70D, 0xE717, 0xE71F, 0xE72F, - 0xE73D, 0xE747, 0xE749, 0xE753, 0xE755, 0xE761, 0xE767, 0xE76B, - 0xE77F, 0xE789, 0xE791, 0xE7C5, 0xE7CD, 0xE7D7, 0xE7DD, 0xE7DF, - 0xE7E9, 0xE7F1, 0xE7FB, 0xE801, 0xE807, 0xE80F, 0xE819, 0xE81B, - 0xE831, 0xE833, 0xE837, 0xE83D, 0xE84B, 0xE84F, 0xE851, 0xE869, - 0xE875, 0xE879, 0xE893, 0xE8A5, 0xE8A9, 0xE8AF, 0xE8BD, 0xE8DB, - 0xE8E1, 0xE8E5, 0xE8EB, 0xE8ED, 0xE903, 0xE90B, 0xE90F, 0xE915, - 0xE917, 0xE92D, 0xE933, 0xE93B, 0xE94B, 0xE951, 0xE95F, 0xE963, - 0xE969, 0xE97B, 0xE983, 0xE98F, 0xE995, 0xE9A1, 0xE9B9, 0xE9D7, - 0xE9E7, 0xE9EF, 0xEA11, 0xEA19, 0xEA2F, 0xEA35, 0xEA43, 0xEA4D, - 0xEA5F, 0xEA6D, 0xEA71, 0xEA7D, 0xEA85, 0xEA89, 0xEAAD, 0xEAB3, - 0xEAB9, 0xEABB, 0xEAC5, 0xEAC7, 0xEACB, 0xEADF, 0xEAE5, 0xEAEB, - 0xEAF5, 0xEB01, 0xEB07, 0xEB09, 0xEB31, 0xEB39, 0xEB3F, 0xEB5B, - 0xEB61, 0xEB63, 0xEB6F, 0xEB81, 0xEB85, 0xEB9D, 0xEBAB, 0xEBB1, - 0xEBB7, 0xEBC1, 0xEBD5, 0xEBDF, 0xEBED, 0xEBFD, 0xEC0B, 0xEC1B, - 0xEC21, 0xEC29, 0xEC4D, 0xEC51, 0xEC5D, 0xEC69, 0xEC6F, 0xEC7B, - 0xECAD, 0xECB9, 0xECBF, 0xECC3, 0xECC9, 0xECCF, 0xECD7, 0xECDD, - 0xECE7, 0xECE9, 0xECF3, 0xECF5, 0xED07, 0xED11, 0xED1F, 0xED2F, - 0xED37, 0xED3D, 0xED41, 0xED55, 0xED59, 0xED5B, 0xED65, 0xED6B, - 0xED79, 0xED8B, 0xED95, 0xEDBB, 0xEDC5, 0xEDD7, 0xEDD9, 0xEDE3, - 0xEDE5, 0xEDF1, 0xEDF5, 0xEDF7, 0xEDFB, 0xEE09, 0xEE0F, 0xEE19, - 0xEE21, 0xEE49, 0xEE4F, 0xEE63, 0xEE67, 0xEE73, 0xEE7B, 0xEE81, - 0xEEA3, 0xEEAB, 0xEEC1, 0xEEC9, 0xEED5, 0xEEDF, 0xEEE1, 0xEEF1, - 0xEF1B, 0xEF27, 0xEF2F, 0xEF45, 0xEF4D, 0xEF63, 0xEF6B, 0xEF71, - 0xEF93, 0xEF95, 0xEF9B, 0xEF9F, 0xEFAD, 0xEFB3, 0xEFC3, 0xEFC5, - 0xEFDB, 0xEFE1, 0xEFE9, 0xF001, 0xF017, 0xF01D, 0xF01F, 0xF02B, - 0xF02F, 0xF035, 0xF043, 0xF047, 0xF04F, 0xF067, 0xF06B, 0xF071, - 0xF077, 0xF079, 0xF08F, 0xF0A3, 0xF0A9, 0xF0AD, 0xF0BB, 0xF0BF, - 0xF0C5, 0xF0CB, 0xF0D3, 0xF0D9, 0xF0E3, 0xF0E9, 0xF0F1, 0xF0F7, - 0xF107, 0xF115, 0xF11B, 0xF121, 0xF137, 0xF13D, 0xF155, 0xF175, - 0xF17B, 0xF18D, 0xF193, 0xF1A5, 0xF1AF, 0xF1B7, 0xF1D5, 0xF1E7, - 0xF1ED, 0xF1FD, 0xF209, 0xF20F, 0xF21B, 0xF21D, 0xF223, 0xF227, - 0xF233, 0xF23B, 0xF241, 0xF257, 0xF25F, 0xF265, 0xF269, 0xF277, - 0xF281, 0xF293, 0xF2A7, 0xF2B1, 0xF2B3, 0xF2B9, 0xF2BD, 0xF2BF, - 0xF2DB, 0xF2ED, 0xF2EF, 0xF2F9, 0xF2FF, 0xF305, 0xF30B, 0xF319, - 0xF341, 0xF359, 0xF35B, 0xF35F, 0xF367, 0xF373, 0xF377, 0xF38B, - 0xF38F, 0xF3AF, 0xF3C1, 0xF3D1, 0xF3D7, 0xF3FB, 0xF403, 0xF409, - 0xF40D, 0xF413, 0xF421, 0xF425, 0xF42B, 0xF445, 0xF44B, 0xF455, - 0xF463, 0xF475, 0xF47F, 0xF485, 0xF48B, 0xF499, 0xF4A3, 0xF4A9, - 0xF4AF, 0xF4BD, 0xF4C3, 0xF4DB, 0xF4DF, 0xF4ED, 0xF503, 0xF50B, - 0xF517, 0xF521, 0xF529, 0xF535, 0xF547, 0xF551, 0xF563, 0xF56B, - 0xF583, 0xF58D, 0xF595, 0xF599, 0xF5B1, 0xF5B7, 0xF5C9, 0xF5CF, - 0xF5D1, 0xF5DB, 0xF5F9, 0xF5FB, 0xF605, 0xF607, 0xF60B, 0xF60D, - 0xF635, 0xF637, 0xF653, 0xF65B, 0xF661, 0xF667, 0xF679, 0xF67F, - 0xF689, 0xF697, 0xF69B, 0xF6AD, 0xF6CB, 0xF6DD, 0xF6DF, 0xF6EB, - 0xF709, 0xF70F, 0xF72D, 0xF731, 0xF743, 0xF74F, 0xF751, 0xF755, - 0xF763, 0xF769, 0xF773, 0xF779, 0xF781, 0xF787, 0xF791, 0xF79D, - 0xF79F, 0xF7A5, 0xF7B1, 0xF7BB, 0xF7BD, 0xF7CF, 0xF7D3, 0xF7E7, - 0xF7EB, 0xF7F1, 0xF7FF, 0xF805, 0xF80B, 0xF821, 0xF827, 0xF82D, - 0xF835, 0xF847, 0xF859, 0xF863, 0xF865, 0xF86F, 0xF871, 0xF877, - 0xF87B, 0xF881, 0xF88D, 0xF89F, 0xF8A1, 0xF8AB, 0xF8B3, 0xF8B7, - 0xF8C9, 0xF8CB, 0xF8D1, 0xF8D7, 0xF8DD, 0xF8E7, 0xF8EF, 0xF8F9, - 0xF8FF, 0xF911, 0xF91D, 0xF925, 0xF931, 0xF937, 0xF93B, 0xF941, - 0xF94F, 0xF95F, 0xF961, 0xF96D, 0xF971, 0xF977, 0xF99D, 0xF9A3, - 0xF9A9, 0xF9B9, 0xF9CD, 0xF9E9, 0xF9FD, 0xFA07, 0xFA0D, 0xFA13, - 0xFA21, 0xFA25, 0xFA3F, 0xFA43, 0xFA51, 0xFA5B, 0xFA6D, 0xFA7B, - 0xFA97, 0xFA99, 0xFA9D, 0xFAAB, 0xFABB, 0xFABD, 0xFAD9, 0xFADF, - 0xFAE7, 0xFAED, 0xFB0F, 0xFB17, 0xFB1B, 0xFB2D, 0xFB2F, 0xFB3F, - 0xFB47, 0xFB4D, 0xFB75, 0xFB7D, 0xFB8F, 0xFB93, 0xFBB1, 0xFBB7, - 0xFBC3, 0xFBC5, 0xFBE3, 0xFBE9, 0xFBF3, 0xFC01, 0xFC29, 0xFC37, - 0xFC41, 0xFC43, 0xFC4F, 0xFC59, 0xFC61, 0xFC65, 0xFC6D, 0xFC73, - 0xFC79, 0xFC95, 0xFC97, 0xFC9B, 0xFCA7, 0xFCB5, 0xFCC5, 0xFCCD, - 0xFCEB, 0xFCFB, 0xFD0D, 0xFD0F, 0xFD19, 0xFD2B, 0xFD31, 0xFD51, - 0xFD55, 0xFD67, 0xFD6D, 0xFD6F, 0xFD7B, 0xFD85, 0xFD97, 0xFD99, - 0xFD9F, 0xFDA9, 0xFDB7, 0xFDC9, 0xFDE5, 0xFDEB, 0xFDF3, 0xFE03, - 0xFE05, 0xFE09, 0xFE1D, 0xFE27, 0xFE2F, 0xFE41, 0xFE4B, 0xFE4D, - 0xFE57, 0xFE5F, 0xFE63, 0xFE69, 0xFE75, 0xFE7B, 0xFE8F, 0xFE93, - 0xFE95, 0xFE9B, 0xFE9F, 0xFEB3, 0xFEBD, 0xFED7, 0xFEE9, 0xFEF3, - 0xFEF5, 0xFF07, 0xFF0D, 0xFF1D, 0xFF2B, 0xFF2F, 0xFF49, 0xFF4D, - 0xFF5B, 0xFF65, 0xFF71, 0xFF7F, 0xFF85, 0xFF8B, 0xFF8F, 0xFF9D, - 0xFFA7, 0xFFA9, 0xFFC7, 0xFFD9, 0xFFEF, 0xFFF1, -#endif -}; - diff --git a/security/nss/lib/freebl/mpi/stats b/security/nss/lib/freebl/mpi/stats deleted file mode 100755 index dd63ca0db..000000000 --- a/security/nss/lib/freebl/mpi/stats +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/perl - -# -# Treat each line as a sequence of comma and/or space delimited -# floating point numbers, and compute basic statistics on them. -# These are written to standard output -# -## The contents of this file are subject to the Mozilla Public -## License Version 1.1 (the "License"); you may not use this file -## except in compliance with the License. You may obtain a copy of -## the License at http://www.mozilla.org/MPL/ -## -## Software distributed under the License is distributed on an "AS -## IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -## implied. See the License for the specific language governing -## rights and limitations under the License. -## -## The Original Code is the MPI Arbitrary Precision Integer Arithmetic -## library. -## -## The Initial Developer of the Original Code is -## Michael J. Fromberger -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved -## -## Contributor(s): -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the GPL. -## -# $Id$ -# - -$min = 1.7976931348623157E+308; -$max = 2.2250738585072014E-308; -$sum = $num = 0; - -while(<>) { - chomp; - - @nums = split(/[\s,]+/, $_); - next if($#nums < 0); - - $num += scalar @nums; - foreach (@nums) { - $min = $_ if($_ < $min); - $max = $_ if($_ > $max); - $sum += $_; - } -} - -if($num) { - $avg = $sum / $num; -} else { - $min = $max = 0; -} - -printf "%d\tmin=%.2f, avg=%.2f, max=%.2f, sum=%.2f\n", - $num, $min, $avg, $max, $sum; - -# end diff --git a/security/nss/lib/freebl/mpi/target.mk b/security/nss/lib/freebl/mpi/target.mk deleted file mode 100644 index ee175d2a4..000000000 --- a/security/nss/lib/freebl/mpi/target.mk +++ /dev/null @@ -1,220 +0,0 @@ -## The contents of this file are subject to the Mozilla Public -## License Version 1.1 (the "License"); you may not use this file -## except in compliance with the License. You may obtain a copy of -## the License at http://www.mozilla.org/MPL/ -## -## Software distributed under the License is distributed on an "AS -## IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -## implied. See the License for the specific language governing -## rights and limitations under the License. -## -## The Original Code is the MPI Arbitrary Precision Integer Arithmetic -## library. -## -## The Initial Developer of the Original Code is -## Michael J. Fromberger -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. -## -## Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 -## Sun Microsystems, Inc. All Rights Reserved. -## -## Contributor(s): -## Netscape Communications Corporation -## Richard C. Swift (swift@netscape.com) -## Douglas Stebila , Sun Microsystems Laboratories -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the -## GPL. -## - -## -## Define CFLAGS to contain any local options your compiler -## setup requires. -## -## Conditional compilation options are no longer here; see -## the file 'mpi-config.h' instead. -## -MPICMN = -I. -DMP_API_COMPATIBLE -DMP_IOFUNC -CFLAGS= -O $(MPICMN) -#CFLAGS=-ansi -fullwarn -woff 1521 -O3 $(MPICMN) -#CFLAGS=-ansi -pedantic -Wall -O3 $(MPICMN) -#CFLAGS=-ansi -pedantic -Wall -g -O2 -DMP_DEBUG=1 $(MPICMN) - -ifeq ($(TARGET),mipsIRIX) -#IRIX -#MPICMN += -DMP_MONT_USE_MP_MUL -MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -MPICMN += -DMP_USE_UINT_DIGIT -#MPICMN += -DMP_NO_MP_WORD -AS_OBJS = mpi_mips.o -#ASFLAGS = -O -OPT:Olimit=4000 -dollar -fullwarn -xansi -n32 -mips3 -exceptions -ASFLAGS = -O -OPT:Olimit=4000 -dollar -fullwarn -xansi -n32 -mips3 -#CFLAGS=-ansi -n32 -O3 -fullwarn -woff 1429 -D_SGI_SOURCE $(MPICMN) -CFLAGS=-ansi -n32 -O2 -fullwarn -woff 1429 -D_SGI_SOURCE $(MPICMN) -#CFLAGS=-ansi -n32 -g -fullwarn -woff 1429 -D_SGI_SOURCE $(MPICMN) -#CFLAGS=-ansi -64 -O2 -fullwarn -woff 1429 -D_SGI_SOURCE -DMP_NO_MP_WORD \ - $(MPICMN) -endif - -ifeq ($(TARGET),alphaOSF1) -#Alpha/OSF1 -MPICMN += -DMP_ASSEMBLY_MULTIPLY -AS_OBJS+= mpvalpha.o -#CFLAGS= -O -Olimit 4000 -ieee_with_inexact -std1 -DOSF1 -D_REENTRANT $(MPICMN) -CFLAGS= -O -Olimit 4000 -ieee_with_inexact -std1 -DOSF1 -D_REENTRANT \ - -DMP_NO_MP_WORD $(MPICMN) -endif - -ifeq ($(TARGET),v9SOLARIS) -#Solaris 64 -SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xchip=ultra -xarch=v9a -KPIC -mt -#SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xdepend -xchip=ultra -xarch=v9a -KPIC -mt -SOLARIS_ASM_FLAGS = -xchip=ultra -xarch=v9a -KPIC -mt -AS_OBJS += montmulfv9.o -AS_OBJS += mpi_sparc.o mpv_sparcv9.o -MPICMN += -DMP_USE_UINT_DIGIT -#MPICMN += -DMP_NO_MP_WORD -MPICMN += -DMP_ASSEMBLY_MULTIPLY -MPICMN += -DMP_USING_MONT_MULF -CFLAGS= -O -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \ - -DSOLARIS2_8 -xarch=v9 -DXP_UNIX $(MPICMN) -#CFLAGS= -g -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \ - -DSOLARIS2_8 -xarch=v9 -DXP_UNIX $(MPICMN) -endif - -ifeq ($(TARGET),v8plusSOLARIS) -#Solaris 32 -SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xdepend -xchip=ultra -xarch=v8plusa -KPIC -mt -SOLARIS_ASM_FLAGS = -xchip=ultra -xarch=v8plusa -KPIC -mt -AS_OBJS += montmulfv8.o -AS_OBJS += mpi_sparc.o mpv_sparcv8.o -#AS_OBJS = montmulf.o -MPICMN += -DMP_ASSEMBLY_MULTIPLY -MPICMN += -DMP_USING_MONT_MULF -MPICMN += -DMP_USE_UINT_DIGIT -MPICMN += -DMP_NO_MP_WORD -CFLAGS=-O -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \ - -DSOLARIS2_6 -xarch=v8plus -DXP_UNIX $(MPICMN) -endif - -ifeq ($(TARGET),v8SOLARIS) -#Solaris 32 -#SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xdepend -xchip=ultra -xarch=v8 -KPIC -mt -#SOLARIS_ASM_FLAGS = -xchip=ultra -xarch=v8plusa -KPIC -mt -#AS_OBJS = montmulfv8.o mpi_sparc.o mpv_sparcv8.o -#AS_OBJS = montmulf.o -#MPICMN += -DMP_USING_MONT_MULF -#MPICMN += -DMP_ASSEMBLY_MULTIPLY -MPICMN += -DMP_USE_LONG_LONG_MULTIPLY -DMP_USE_UINT_DIGIT -MPICMN += -DMP_NO_MP_WORD -CFLAGS=-O -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \ - -DSOLARIS2_6 -xarch=v8 -DXP_UNIX $(MPICMN) -endif - -ifeq ($(TARGET),ia64HPUX) -#HPUX 32 on ia64 -- 64 bit digits SCREAM. -# This one is for DD32 which is the 32-bit ABI with 64-bit registers. -CFLAGS= +O3 -DHPUX10 -D_POSIX_C_SOURCE=199506L -Aa +Z -DHPUX -Dhppa \ - -D_HPUX_SOURCE -Aa +e -z +p +DD32 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN) -#CFLAGS= -O -DHPUX10 -D_POSIX_C_SOURCE=199506L -Aa +Z -DHPUX -Dhppa \ - -D_HPUX_SOURCE -Aa +e -z +p +DD32 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN) -#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \ - -D_HPUX_SOURCE -Aa +e -z +p +DD32 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN) -endif - -ifeq ($(TARGET),ia64HPUX64) -#HPUX 32 on ia64 -# This one is for DD64 which is the 64-bit ABI -CFLAGS= +O3 -DHPUX10 -D_POSIX_C_SOURCE=199506L -Aa +Z -DHPUX -Dhppa \ - -D_HPUX_SOURCE -Aa +e -z +p +DD64 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN) -#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \ - -D_HPUX_SOURCE -Aa +e -z +p +DD64 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN) -endif - -ifeq ($(TARGET),PA2.0WHPUX) -#HPUX64 (HP PA 2.0 Wide) using MAXPY and 64-bit digits -MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -AS_OBJS = mpi_hp.o hpma512.o hppa20.o -CFLAGS= -O -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \ - -D_HPUX_SOURCE -Aa +e -z +DA2.0W +DS2.0 +O3 +DChpux -DHPUX11 -DXP_UNIX \ - $(MPICMN) -#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \ - -D_HPUX_SOURCE -Aa +e -z +DA2.0W +DS2.0 +DChpux -DHPUX11 -DXP_UNIX \ - $(MPICMN) -AS = $(CC) $(CFLAGS) -c -endif - -ifeq ($(TARGET),PA2.0NHPUX) -#HPUX32 (HP PA 2.0 Narrow) hybrid model, using 32-bit digits -# This one is for DA2.0 (N) which is the 32-bit ABI with 64-bit registers. -MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -AS_OBJS = mpi_hp.o hpma512.o hppa20.o -CFLAGS= +O3 -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \ - -D_HPUX_SOURCE -Aa +e -z +DA2.0 +DS2.0 +DChpux -DHPUX11 -DXP_UNIX \ - -Wl,+k $(MPICMN) -#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \ - -D_HPUX_SOURCE -Aa +e -z +DA2.0 +DS2.0 +DChpux -DHPUX11 -DXP_UNIX \ - -Wl,+k $(MPICMN) -AS = $(CC) $(CFLAGS) -c -endif - -ifeq ($(TARGET),PA1.1HPUX) -#HPUX32 (HP PA 1.1) Pure 32 bit -MPICMN += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD -#MPICMN += -DMP_USE_LONG_LONG_MULTIPLY -CFLAGS= -O -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \ - -D_HPUX_SOURCE +DAportable +DS1.1 -DHPUX11 -DXP_UNIX $(MPICMN) -##CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \ -# -D_HPUX_SOURCE +DAportable +DS1.1 -DHPUX11 -DXP_UNIX $(MPICMN) -endif - -ifeq ($(TARGET),32AIX) -# -CC = xlC_r -MPICMN += -DMP_USE_UINT_DIGIT -MPICMN += -DMP_NO_DIV_WORD -#MPICMN += -DMP_NO_MUL_WORD -MPICMN += -DMP_NO_ADD_WORD -MPICMN += -DMP_NO_SUB_WORD -#MPICMN += -DMP_NO_MP_WORD -#MPICMN += -DMP_USE_LONG_LONG_MULTIPLY -CFLAGS = -O -DAIX -DSYSV -qarch=com -DAIX4_3 -DXP_UNIX -UDEBUG -DNDEBUG $(MPICMN) -#CFLAGS = -g -DAIX -DSYSV -qarch=com -DAIX4_3 -DXP_UNIX -UDEBUG -DNDEBUG $(MPICMN) -#CFLAGS += -pg -endif - -ifeq ($(TARGET),64AIX) -# -CC = xlC_r -MPICMN += -DMP_USE_UINT_DIGIT -CFLAGS = -O -O2 -DAIX -DSYSV -qarch=com -DAIX_64BIT -DAIX4_3 -DXP_UNIX -UDEBUG -DNDEBUG $(MPICMN) -OBJECT_MODE=64 -export OBJECT_MODE -endif - -ifeq ($(TARGET),x86LINUX) -#Linux -AS_OBJS = mpi_x86.o -MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D -MPICMN += -DMP_MONT_USE_MP_MUL -CFLAGS= -O2 -fPIC -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall \ - -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR \ - -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT $(MPICMN) -#CFLAGS= -g -fPIC -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall \ - -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR \ - -DXP_UNIX -DDEBUG -UNDEBUG -D_REENTRANT $(MPICMN) -#CFLAGS= -g -fPIC -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall \ - -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR \ - -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT $(MPICMN) -endif diff --git a/security/nss/lib/freebl/mpi/test-arrays.txt b/security/nss/lib/freebl/mpi/test-arrays.txt deleted file mode 100644 index d247154be..000000000 --- a/security/nss/lib/freebl/mpi/test-arrays.txt +++ /dev/null @@ -1,86 +0,0 @@ -# -# Test suite table for MPI library -# -# Format of entries: -# suite-name:function-name:description -# -# suite-name The name used to identify this test in mpi-test -# function-name The function called to perform this test in mpi-test.c -# description A brief description of what the suite tests -# -## The contents of this file are subject to the Mozilla Public -## License Version 1.1 (the "License"); you may not use this file -## except in compliance with the License. You may obtain a copy of -## the License at http://www.mozilla.org/MPL/ -## -## Software distributed under the License is distributed on an "AS -## IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -## implied. See the License for the specific language governing -## rights and limitations under the License. -## -## The Original Code is the MPI Arbitrary Precision Integer Arithmetic -## library. -## -## The Initial Developer of the Original Code is -## Michael J. Fromberger -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved -## -## Contributor(s): -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the GPL. -## -# $Id$ -# -list:test_list:print out a list of the available test suites -copy:test_copy:test assignment of mp-int structures -exchange:test_exch:test exchange of mp-int structures -zero:test_zero:test zeroing of an mp-int -set:test_set:test setting an mp-int to a small constant -absolute-value:test_abs:test the absolute value function -negate:test_neg:test the arithmetic negation function -add-digit:test_add_d:test digit addition -add:test_add:test full addition -subtract-digit:test_sub_d:test digit subtraction -subtract:test_sub:test full subtraction -multiply-digit:test_mul_d:test digit multiplication -multiply:test_mul:test full multiplication -square:test_sqr:test full squaring function -divide-digit:test_div_d:test digit division -divide-2:test_div_2:test division by two -divide-2d:test_div_2d:test division & remainder by 2^d -divide:test_div:test full division -expt-digit:test_expt_d:test digit exponentiation -expt:test_expt:test full exponentiation -expt-2:test_2expt:test power-of-two exponentiation -square-root:test_sqrt:test integer square root function -modulo-digit:test_mod_d:test digit modular reduction -modulo:test_mod:test full modular reduction -mod-add:test_addmod:test modular addition -mod-subtract:test_submod:test modular subtraction -mod-multiply:test_mulmod:test modular multiplication -mod-square:test_sqrmod:test modular squaring function -mod-expt:test_exptmod:test full modular exponentiation -mod-expt-digit:test_exptmod_d:test digit modular exponentiation -mod-inverse:test_invmod:test modular inverse function -compare-digit:test_cmp_d:test digit comparison function -compare-zero:test_cmp_z:test zero comparison function -compare:test_cmp:test general signed comparison -compare-magnitude:test_cmp_mag:test general magnitude comparison -parity:test_parity:test parity comparison functions -gcd:test_gcd:test greatest common divisor functions -lcm:test_lcm:test least common multiple function -conversion:test_convert:test general radix conversion facilities -binary:test_raw:test raw output format -pprime:test_pprime:test probabilistic primality tester -fermat:test_fermat:test Fermat pseudoprimality tester diff --git a/security/nss/lib/freebl/mpi/test-info.c b/security/nss/lib/freebl/mpi/test-info.c deleted file mode 100644 index f84013e2e..000000000 --- a/security/nss/lib/freebl/mpi/test-info.c +++ /dev/null @@ -1,191 +0,0 @@ -/* - * test-info.c - * - * Arbitrary precision integer arithmetic library - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -/* Table mapping test suite names to index numbers */ -const int g_count = 42; -const char *g_names[] = { - "list", /* print out a list of the available test suites */ - "copy", /* test assignment of mp-int structures */ - "exchange", /* test exchange of mp-int structures */ - "zero", /* test zeroing of an mp-int */ - "set", /* test setting an mp-int to a small constant */ - "absolute-value", /* test the absolute value function */ - "negate", /* test the arithmetic negation function */ - "add-digit", /* test digit addition */ - "add", /* test full addition */ - "subtract-digit", /* test digit subtraction */ - "subtract", /* test full subtraction */ - "multiply-digit", /* test digit multiplication */ - "multiply", /* test full multiplication */ - "square", /* test full squaring function */ - "divide-digit", /* test digit division */ - "divide-2", /* test division by two */ - "divide-2d", /* test division & remainder by 2^d */ - "divide", /* test full division */ - "expt-digit", /* test digit exponentiation */ - "expt", /* test full exponentiation */ - "expt-2", /* test power-of-two exponentiation */ - "square-root", /* test integer square root function */ - "modulo-digit", /* test digit modular reduction */ - "modulo", /* test full modular reduction */ - "mod-add", /* test modular addition */ - "mod-subtract", /* test modular subtraction */ - "mod-multiply", /* test modular multiplication */ - "mod-square", /* test modular squaring function */ - "mod-expt", /* test full modular exponentiation */ - "mod-expt-digit", /* test digit modular exponentiation */ - "mod-inverse", /* test modular inverse function */ - "compare-digit", /* test digit comparison function */ - "compare-zero", /* test zero comparison function */ - "compare", /* test general signed comparison */ - "compare-magnitude", /* test general magnitude comparison */ - "parity", /* test parity comparison functions */ - "gcd", /* test greatest common divisor functions */ - "lcm", /* test least common multiple function */ - "conversion", /* test general radix conversion facilities */ - "binary", /* test raw output format */ - "pprime", /* test probabilistic primality tester */ - "fermat" /* test Fermat pseudoprimality tester */ -}; - -/* Test function prototypes */ -int test_list(void); -int test_copy(void); -int test_exch(void); -int test_zero(void); -int test_set(void); -int test_abs(void); -int test_neg(void); -int test_add_d(void); -int test_add(void); -int test_sub_d(void); -int test_sub(void); -int test_mul_d(void); -int test_mul(void); -int test_sqr(void); -int test_div_d(void); -int test_div_2(void); -int test_div_2d(void); -int test_div(void); -int test_expt_d(void); -int test_expt(void); -int test_2expt(void); -int test_sqrt(void); -int test_mod_d(void); -int test_mod(void); -int test_addmod(void); -int test_submod(void); -int test_mulmod(void); -int test_sqrmod(void); -int test_exptmod(void); -int test_exptmod_d(void); -int test_invmod(void); -int test_cmp_d(void); -int test_cmp_z(void); -int test_cmp(void); -int test_cmp_mag(void); -int test_parity(void); -int test_gcd(void); -int test_lcm(void); -int test_convert(void); -int test_raw(void); -int test_pprime(void); -int test_fermat(void); - -/* Table mapping index numbers to functions */ -int (*g_tests[])(void) = { - test_list, test_copy, test_exch, test_zero, - test_set, test_abs, test_neg, test_add_d, - test_add, test_sub_d, test_sub, test_mul_d, - test_mul, test_sqr, test_div_d, test_div_2, - test_div_2d, test_div, test_expt_d, test_expt, - test_2expt, test_sqrt, test_mod_d, test_mod, - test_addmod, test_submod, test_mulmod, test_sqrmod, - test_exptmod, test_exptmod_d, test_invmod, test_cmp_d, - test_cmp_z, test_cmp, test_cmp_mag, test_parity, - test_gcd, test_lcm, test_convert, test_raw, - test_pprime, test_fermat -}; - -/* Table mapping index numbers to descriptions */ -const char *g_descs[] = { - "print out a list of the available test suites", - "test assignment of mp-int structures", - "test exchange of mp-int structures", - "test zeroing of an mp-int", - "test setting an mp-int to a small constant", - "test the absolute value function", - "test the arithmetic negation function", - "test digit addition", - "test full addition", - "test digit subtraction", - "test full subtraction", - "test digit multiplication", - "test full multiplication", - "test full squaring function", - "test digit division", - "test division by two", - "test division & remainder by 2^d", - "test full division", - "test digit exponentiation", - "test full exponentiation", - "test power-of-two exponentiation", - "test integer square root function", - "test digit modular reduction", - "test full modular reduction", - "test modular addition", - "test modular subtraction", - "test modular multiplication", - "test modular squaring function", - "test full modular exponentiation", - "test digit modular exponentiation", - "test modular inverse function", - "test digit comparison function", - "test zero comparison function", - "test general signed comparison", - "test general magnitude comparison", - "test parity comparison functions", - "test greatest common divisor functions", - "test least common multiple function", - "test general radix conversion facilities", - "test raw output format", - "test probabilistic primality tester", - "test Fermat pseudoprimality tester" -}; - diff --git a/security/nss/lib/freebl/mpi/tests/LICENSE b/security/nss/lib/freebl/mpi/tests/LICENSE deleted file mode 100644 index c2c5d0190..000000000 --- a/security/nss/lib/freebl/mpi/tests/LICENSE +++ /dev/null @@ -1,6 +0,0 @@ -Within this directory, each of the file listed below is licensed under -the terms given in the file LICENSE-MPL, also in this directory. - -pi1k.txt -pi2k.txt -pi5k.txt diff --git a/security/nss/lib/freebl/mpi/tests/LICENSE-MPL b/security/nss/lib/freebl/mpi/tests/LICENSE-MPL deleted file mode 100644 index 9ff410e4b..000000000 --- a/security/nss/lib/freebl/mpi/tests/LICENSE-MPL +++ /dev/null @@ -1,32 +0,0 @@ -The contents of this file are subject to the Mozilla Public -License Version 1.1 (the "License"); you may not use this file -except in compliance with the License. You may obtain a copy of -the License at http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS -IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -implied. See the License for the specific language governing -rights and limitations under the License. - -The Original Code is the Netscape security libraries. - -The Initial Developer of the Original Code is Netscape -Communications Corporation. Portions created by Netscape are -Copyright (C) 1994-2000 Netscape Communications Corporation. All -Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the -terms of the GNU General Public License Version 2 or later (the -"GPL"), in which case the provisions of the GPL are applicable -instead of those above. If you wish to allow use of your -version of this file only under the terms of the GPL and not to -allow others to use your version of this file under the MPL, -indicate your decision by deleting the provisions above and -replace them with the notice and other provisions required by -the GPL. If you do not delete the provisions above, a recipient -may use your version of this file under either the MPL or the -GPL. - - diff --git a/security/nss/lib/freebl/mpi/tests/mptest-1.c b/security/nss/lib/freebl/mpi/tests/mptest-1.c deleted file mode 100644 index 6861e616e..000000000 --- a/security/nss/lib/freebl/mpi/tests/mptest-1.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Simple test driver for MPI library - * - * Test 1: Simple input test (drives single-digit multiply and add, - * as well as I/O routines) - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include - -#ifdef MAC_CW_SIOUX -#include -#endif - -#include "mpi.h" - -int main(int argc, char *argv[]) -{ - int ix; - mp_int mp; - -#ifdef MAC_CW_SIOUX - argc = ccommand(&argv); -#endif - - mp_init(&mp); - - for(ix = 1; ix < argc; ix++) { - mp_read_radix(&mp, argv[ix], 10); - mp_print(&mp, stdout); - fputc('\n', stdout); - } - - mp_clear(&mp); - return 0; -} diff --git a/security/nss/lib/freebl/mpi/tests/mptest-2.c b/security/nss/lib/freebl/mpi/tests/mptest-2.c deleted file mode 100644 index d350d1d49..000000000 --- a/security/nss/lib/freebl/mpi/tests/mptest-2.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Simple test driver for MPI library - * - * Test 2: Basic addition and subtraction test - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include - -#include "mpi.h" - -int main(int argc, char *argv[]) -{ - mp_int a, b, c; - - if(argc < 3) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - printf("Test 2: Basic addition and subtraction\n\n"); - - mp_init(&a); - mp_init(&b); - - mp_read_radix(&a, argv[1], 10); - mp_read_radix(&b, argv[2], 10); - printf("a = "); mp_print(&a, stdout); fputc('\n', stdout); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - - mp_init(&c); - printf("c = a + b\n"); - - mp_add(&a, &b, &c); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - - printf("c = a - b\n"); - - mp_sub(&a, &b, &c); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - - mp_clear(&c); - mp_clear(&b); - mp_clear(&a); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/tests/mptest-3.c b/security/nss/lib/freebl/mpi/tests/mptest-3.c deleted file mode 100644 index ac2dd2c6c..000000000 --- a/security/nss/lib/freebl/mpi/tests/mptest-3.c +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Simple test driver for MPI library - * - * Test 3: Multiplication, division, and exponentiation test - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include - -#include - -#include "mpi.h" - -#define SQRT 1 /* define nonzero to get square-root test */ -#define EXPT 0 /* define nonzero to get exponentiate test */ - -int main(int argc, char *argv[]) -{ - int ix; - mp_int a, b, c, d; - mp_digit r; - mp_err res; - - if(argc < 3) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - printf("Test 3: Multiplication and division\n\n"); - srand(time(NULL)); - - mp_init(&a); - mp_init(&b); - - mp_read_variable_radix(&a, argv[1], 10); - mp_read_variable_radix(&b, argv[2], 10); - printf("a = "); mp_print(&a, stdout); fputc('\n', stdout); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - - mp_init(&c); - printf("\nc = a * b\n"); - - mp_mul(&a, &b, &c); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - - printf("\nc = b * 32523\n"); - - mp_mul_d(&b, 32523, &c); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - - mp_init(&d); - printf("\nc = a / b, d = a mod b\n"); - - mp_div(&a, &b, &c, &d); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - printf("d = "); mp_print(&d, stdout); fputc('\n', stdout); - - ix = rand() % 256; - printf("\nc = a / %d, r = a mod %d\n", ix, ix); - mp_div_d(&a, (mp_digit)ix, &c, &r); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - printf("r = %04X\n", r); - -#if EXPT - printf("\nc = a ** b\n"); - mp_expt(&a, &b, &c); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); -#endif - - ix = rand() % 256; - printf("\nc = 2^%d\n", ix); - mp_2expt(&c, ix); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - -#if SQRT - printf("\nc = sqrt(a)\n"); - if((res = mp_sqrt(&a, &c)) != MP_OKAY) { - printf("mp_sqrt: %s\n", mp_strerror(res)); - } else { - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - mp_sqr(&c, &c); - printf("c^2 = "); mp_print(&c, stdout); fputc('\n', stdout); - } -#endif - - mp_clear(&d); - mp_clear(&c); - mp_clear(&b); - mp_clear(&a); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/tests/mptest-3a.c b/security/nss/lib/freebl/mpi/tests/mptest-3a.c deleted file mode 100644 index 014bd386c..000000000 --- a/security/nss/lib/freebl/mpi/tests/mptest-3a.c +++ /dev/null @@ -1,141 +0,0 @@ -/* - * Simple test driver for MPI library - * - * Test 3a: Multiplication vs. squaring timing test - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include - -#include - -#include "mpi.h" -#include "mpprime.h" - -int main(int argc, char *argv[]) -{ - int ix, num, prec = 8; - double d1, d2; - clock_t start, finish; - time_t seed; - mp_int a, c, d; - - seed = time(NULL); - - if(argc < 2) { - fprintf(stderr, "Usage: %s []\n", argv[0]); - return 1; - } - - if((num = atoi(argv[1])) < 0) - num = -num; - - if(!num) { - fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]); - return 1; - } - - if(argc > 2) { - if((prec = atoi(argv[2])) <= 0) - prec = 8; - else - prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT; - } - - printf("Test 3a: Multiplication vs squaring timing test\n" - "Precision: %d digits (%u bits)\n" - "# of tests: %d\n\n", prec, prec * DIGIT_BIT, num); - - mp_init_size(&a, prec); - - mp_init(&c); mp_init(&d); - - printf("Verifying accuracy ... \n"); - srand((unsigned int)seed); - for(ix = 0; ix < num; ix++) { - mpp_random_size(&a, prec); - mp_mul(&a, &a, &c); - mp_sqr(&a, &d); - - if(mp_cmp(&c, &d) != 0) { - printf("Error! Results not accurate:\n"); - printf("a = "); mp_print(&a, stdout); fputc('\n', stdout); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - printf("d = "); mp_print(&d, stdout); fputc('\n', stdout); - mp_sub(&c, &d, &d); - printf("dif "); mp_print(&d, stdout); fputc('\n', stdout); - mp_clear(&c); mp_clear(&d); - mp_clear(&a); - return 1; - } - } - printf("Accuracy is confirmed for the %d test samples\n", num); - mp_clear(&d); - - printf("Testing squaring ... \n"); - srand((unsigned int)seed); - start = clock(); - for(ix = 0; ix < num; ix++) { - mpp_random_size(&a, prec); - mp_sqr(&a, &c); - } - finish = clock(); - - d2 = (double)(finish - start) / CLOCKS_PER_SEC; - - printf("Testing multiplication ... \n"); - srand((unsigned int)seed); - start = clock(); - for(ix = 0; ix < num; ix++) { - mpp_random(&a); - mp_mul(&a, &a, &c); - } - finish = clock(); - - d1 = (double)(finish - start) / CLOCKS_PER_SEC; - - printf("Multiplication time: %.3f sec (%.3f each)\n", d1, d1 / num); - printf("Squaring time: %.3f sec (%.3f each)\n", d2, d2 / num); - printf("Improvement: %.2f%%\n", (1.0 - (d2 / d1)) * 100.0); - - mp_clear(&c); - mp_clear(&a); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/tests/mptest-4.c b/security/nss/lib/freebl/mpi/tests/mptest-4.c deleted file mode 100644 index 6a9920cd8..000000000 --- a/security/nss/lib/freebl/mpi/tests/mptest-4.c +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Simple test driver for MPI library - * - * Test 4: Modular arithmetic tests - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include - -#include "mpi.h" - -int main(int argc, char *argv[]) -{ - int ix; - mp_int a, b, c, m; - mp_digit r; - - if(argc < 4) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - printf("Test 4: Modular arithmetic\n\n"); - - mp_init(&a); - mp_init(&b); - mp_init(&m); - - mp_read_radix(&a, argv[1], 10); - mp_read_radix(&b, argv[2], 10); - mp_read_radix(&m, argv[3], 10); - printf("a = "); mp_print(&a, stdout); fputc('\n', stdout); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - printf("m = "); mp_print(&m, stdout); fputc('\n', stdout); - - mp_init(&c); - printf("\nc = a (mod m)\n"); - - mp_mod(&a, &m, &c); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - - printf("\nc = b (mod m)\n"); - - mp_mod(&b, &m, &c); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - - printf("\nc = b (mod 1853)\n"); - - mp_mod_d(&b, 1853, &r); - printf("c = %04X\n", r); - - printf("\nc = (a + b) mod m\n"); - - mp_addmod(&a, &b, &m, &c); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - - printf("\nc = (a - b) mod m\n"); - - mp_submod(&a, &b, &m, &c); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - - printf("\nc = (a * b) mod m\n"); - - mp_mulmod(&a, &b, &m, &c); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - - printf("\nc = (a ** b) mod m\n"); - - mp_exptmod(&a, &b, &m, &c); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - - printf("\nIn-place modular squaring test:\n"); - for(ix = 0; ix < 5; ix++) { - printf("a = (a * a) mod m a = "); - mp_sqrmod(&a, &m, &a); - mp_print(&a, stdout); - fputc('\n', stdout); - } - - - mp_clear(&c); - mp_clear(&m); - mp_clear(&b); - mp_clear(&a); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/tests/mptest-4a.c b/security/nss/lib/freebl/mpi/tests/mptest-4a.c deleted file mode 100644 index 22610b8a5..000000000 --- a/security/nss/lib/freebl/mpi/tests/mptest-4a.c +++ /dev/null @@ -1,135 +0,0 @@ -/* - * mptest4a - modular exponentiation speed test - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include - -#include - -#include "mpi.h" -#include "mpprime.h" - -typedef struct { - unsigned int sec; - unsigned int usec; -} instant_t; - -instant_t now(void) -{ - struct timeval clk; - instant_t res; - - res.sec = res.usec = 0; - - if(gettimeofday(&clk, NULL) != 0) - return res; - - res.sec = clk.tv_sec; - res.usec = clk.tv_usec; - - return res; -} - -extern mp_err s_mp_pad(); - -int main(int argc, char *argv[]) -{ - int ix, num, prec = 8; - unsigned int d; - instant_t start, finish; - time_t seed; - mp_int a, m, c; - - seed = time(NULL); - - if(argc < 2) { - fprintf(stderr, "Usage: %s []\n", argv[0]); - return 1; - } - - if((num = atoi(argv[1])) < 0) - num = -num; - - if(!num) { - fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]); - return 1; - } - - if(argc > 2) { - if((prec = atoi(argv[2])) <= 0) - prec = 8; - } - - printf("Test 3a: Modular exponentiation timing test\n" - "Precision: %d digits (%d bits)\n" - "# of tests: %d\n\n", prec, prec * DIGIT_BIT, num); - - mp_init_size(&a, prec); - mp_init_size(&m, prec); - mp_init_size(&c, prec); - s_mp_pad(&a, prec); - s_mp_pad(&m, prec); - s_mp_pad(&c, prec); - - printf("Testing modular exponentiation ... \n"); - srand((unsigned int)seed); - - start = now(); - for(ix = 0; ix < num; ix++) { - mpp_random(&a); - mpp_random(&c); - mpp_random(&m); - mp_exptmod(&a, &c, &m, &c); - } - finish = now(); - - d = (finish.sec - start.sec) * 1000000; - d -= start.usec; d += finish.usec; - - printf("Total time elapsed: %u usec\n", d); - printf("Time per exponentiation: %u usec (%.3f sec)\n", - (d / num), (double)(d / num) / 1000000); - - mp_clear(&c); - mp_clear(&a); - mp_clear(&m); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/tests/mptest-4b.c b/security/nss/lib/freebl/mpi/tests/mptest-4b.c deleted file mode 100644 index 77a38eb8d..000000000 --- a/security/nss/lib/freebl/mpi/tests/mptest-4b.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * mptest-4b.c - * - * Test speed of a large modular exponentiation of a primitive element - * modulo a prime. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include - -#include - -#include "mpi.h" -#include "mpprime.h" - -char *g_prime = - "34BD53C07350E817CCD49721020F1754527959C421C1533244769D4CF060A8B1C3DA" - "25094BE723FB1E2369B55FEEBBE0FAC16425161BF82684062B5EC5D7D47D1B23C117" - "0FA19745E44A55E148314E582EB813AC9EE5126295E2E380CACC2F6D206B293E5ED9" - "23B54EE961A8C69CD625CE4EC38B70C649D7F014432AEF3A1C93"; -char *g_gen = "5"; - -typedef struct { - unsigned int sec; - unsigned int usec; -} instant_t; - -instant_t now(void) -{ - struct timeval clk; - instant_t res; - - res.sec = res.usec = 0; - - if(gettimeofday(&clk, NULL) != 0) - return res; - - res.sec = clk.tv_sec; - res.usec = clk.tv_usec; - - return res; -} - -extern mp_err s_mp_pad(); - -int main(int argc, char *argv[]) -{ - instant_t start, finish; - mp_int prime, gen, expt, res; - unsigned int ix, diff; - int num; - - srand(time(NULL)); - - if(argc < 2) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - if((num = atoi(argv[1])) < 0) - num = -num; - - if(num == 0) - ++num; - - mp_init(&prime); mp_init(&gen); mp_init(&res); - mp_read_radix(&prime, g_prime, 16); - mp_read_radix(&gen, g_gen, 16); - - mp_init_size(&expt, USED(&prime) - 1); - s_mp_pad(&expt, USED(&prime) - 1); - - printf("Testing %d modular exponentations ... \n", num); - - start = now(); - for(ix = 0; ix < num; ix++) { - mpp_random(&expt); - mp_exptmod(&gen, &expt, &prime, &res); - } - finish = now(); - - diff = (finish.sec - start.sec) * 1000000; - diff += finish.usec; diff -= start.usec; - - printf("%d operations took %u usec (%.3f sec)\n", - num, diff, (double)diff / 1000000.0); - printf("That is %.3f sec per operation.\n", - ((double)diff / 1000000.0) / num); - - mp_clear(&expt); - mp_clear(&res); - mp_clear(&gen); - mp_clear(&prime); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/tests/mptest-5.c b/security/nss/lib/freebl/mpi/tests/mptest-5.c deleted file mode 100644 index 4b161d1b8..000000000 --- a/security/nss/lib/freebl/mpi/tests/mptest-5.c +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Simple test driver for MPI library - * - * Test 5: Other number theoretic functions - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include - -#include "mpi.h" - -int main(int argc, char *argv[]) -{ - mp_int a, b, c, x, y; - - if(argc < 3) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - printf("Test 5: Number theoretic functions\n\n"); - - mp_init(&a); - mp_init(&b); - - mp_read_radix(&a, argv[1], 10); - mp_read_radix(&b, argv[2], 10); - - printf("a = "); mp_print(&a, stdout); fputc('\n', stdout); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - - mp_init(&c); - printf("\nc = (a, b)\n"); - - mp_gcd(&a, &b, &c); - printf("Euclid: c = "); mp_print(&c, stdout); fputc('\n', stdout); -/* - mp_bgcd(&a, &b, &c); - printf("Binary: c = "); mp_print(&c, stdout); fputc('\n', stdout); -*/ - mp_init(&x); - mp_init(&y); - printf("\nc = (a, b) = ax + by\n"); - - mp_xgcd(&a, &b, &c, &x, &y); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - printf("x = "); mp_print(&x, stdout); fputc('\n', stdout); - printf("y = "); mp_print(&y, stdout); fputc('\n', stdout); - - printf("\nc = a^-1 (mod b)\n"); - if(mp_invmod(&a, &b, &c) == MP_UNDEF) { - printf("a has no inverse mod b\n"); - } else { - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - } - - mp_clear(&y); - mp_clear(&x); - mp_clear(&c); - mp_clear(&b); - mp_clear(&a); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/tests/mptest-5a.c b/security/nss/lib/freebl/mpi/tests/mptest-5a.c deleted file mode 100644 index 82552b766..000000000 --- a/security/nss/lib/freebl/mpi/tests/mptest-5a.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Simple test driver for MPI library - * - * Test 5a: Greatest common divisor speed test, binary vs. Euclid - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include -#include - -#include - -#include "mpi.h" -#include "mpprime.h" - -typedef struct { - unsigned int sec; - unsigned int usec; -} instant_t; - -instant_t now(void) -{ - struct timeval clk; - instant_t res; - - res.sec = res.usec = 0; - - if(gettimeofday(&clk, NULL) != 0) - return res; - - res.sec = clk.tv_sec; - res.usec = clk.tv_usec; - - return res; -} - -#define PRECISION 16 - -int main(int argc, char *argv[]) -{ - int ix, num, prec = PRECISION; - mp_int a, b, c, d; - instant_t start, finish; - time_t seed; - unsigned int d1, d2; - - seed = time(NULL); - - if(argc < 2) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - if((num = atoi(argv[1])) < 0) - num = -num; - - printf("Test 5a: Euclid vs. Binary, a GCD speed test\n\n" - "Number of tests: %d\n" - "Precision: %d digits\n\n", num, prec); - - mp_init_size(&a, prec); - mp_init_size(&b, prec); - mp_init(&c); - mp_init(&d); - - printf("Verifying accuracy ... \n"); - srand((unsigned int)seed); - for(ix = 0; ix < num; ix++) { - mpp_random_size(&a, prec); - mpp_random_size(&b, prec); - - mp_gcd(&a, &b, &c); - mp_bgcd(&a, &b, &d); - - if(mp_cmp(&c, &d) != 0) { - printf("Error! Results not accurate:\n"); - printf("a = "); mp_print(&a, stdout); fputc('\n', stdout); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - printf("d = "); mp_print(&d, stdout); fputc('\n', stdout); - - mp_clear(&a); mp_clear(&b); mp_clear(&c); mp_clear(&d); - return 1; - } - } - mp_clear(&d); - printf("Accuracy confirmed for the %d test samples\n", num); - - printf("Testing Euclid ... \n"); - srand((unsigned int)seed); - start = now(); - for(ix = 0; ix < num; ix++) { - mpp_random_size(&a, prec); - mpp_random_size(&b, prec); - mp_gcd(&a, &b, &c); - - } - finish = now(); - - d1 = (finish.sec - start.sec) * 1000000; - d1 -= start.usec; d1 += finish.usec; - - printf("Testing binary ... \n"); - srand((unsigned int)seed); - start = now(); - for(ix = 0; ix < num; ix++) { - mpp_random_size(&a, prec); - mpp_random_size(&b, prec); - mp_bgcd(&a, &b, &c); - } - finish = now(); - - d2 = (finish.sec - start.sec) * 1000000; - d2 -= start.usec; d2 += finish.usec; - - printf("Euclidean algorithm time: %u usec\n", d1); - printf("Binary algorithm time: %u usec\n", d2); - printf("Improvement: %.2f%%\n", - (1.0 - ((double)d2 / (double)d1)) * 100.0); - - mp_clear(&c); - mp_clear(&b); - mp_clear(&a); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/tests/mptest-6.c b/security/nss/lib/freebl/mpi/tests/mptest-6.c deleted file mode 100644 index 5e91716de..000000000 --- a/security/nss/lib/freebl/mpi/tests/mptest-6.c +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Simple test driver for MPI library - * - * Test 6: Output functions - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include - -#include "mpi.h" - -void print_buf(FILE *ofp, char *buf, int len) -{ - int ix, brk = 0; - - for(ix = 0; ix < len; ix++) { - fprintf(ofp, "%02X ", buf[ix]); - - brk = (brk + 1) & 0xF; - if(!brk) - fputc('\n', ofp); - } - - if(brk) - fputc('\n', ofp); - -} - -int main(int argc, char *argv[]) -{ - int ix, size; - mp_int a; - char *buf; - - if(argc < 2) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - printf("Test 6: Output functions\n\n"); - - mp_init(&a); - - mp_read_radix(&a, argv[1], 10); - - printf("\nConverting to a string:\n"); - - printf("Rx Size Representation\n"); - for(ix = 2; ix <= MAX_RADIX; ix++) { - size = mp_radix_size(&a, ix); - - buf = calloc(size, sizeof(char)); - mp_toradix(&a, buf, ix); - printf("%2d: %3d: %s\n", ix, size, buf); - free(buf); - - } - - printf("\nRaw output:\n"); - size = mp_raw_size(&a); - buf = calloc(size, sizeof(char)); - - printf("Size: %d bytes\n", size); - - mp_toraw(&a, buf); - print_buf(stdout, buf, size); - free(buf); - - mp_clear(&a); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/tests/mptest-7.c b/security/nss/lib/freebl/mpi/tests/mptest-7.c deleted file mode 100644 index 4b41a1a4f..000000000 --- a/security/nss/lib/freebl/mpi/tests/mptest-7.c +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Simple test driver for MPI library - * - * Test 7: Random and divisibility tests - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include -#include - -#define MP_IOFUNC -#include "mpi.h" - -#include "mpprime.h" - -int main(int argc, char *argv[]) -{ - mp_digit num; - mp_int a, b; - - srand(time(NULL)); - - if(argc < 3) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - printf("Test 7: Random & divisibility tests\n\n"); - - mp_init(&a); - mp_init(&b); - - mp_read_radix(&a, argv[1], 10); - mp_read_radix(&b, argv[2], 10); - - printf("a = "); mp_print(&a, stdout); fputc('\n', stdout); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - - if(mpp_divis(&a, &b) == MP_YES) - printf("a is divisible by b\n"); - else - printf("a is not divisible by b\n"); - - if(mpp_divis(&b, &a) == MP_YES) - printf("b is divisible by a\n"); - else - printf("b is not divisible by a\n"); - - printf("\nb = mpp_random()\n"); - mpp_random(&b); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - mpp_random(&b); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - mpp_random(&b); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - - printf("\nTesting a for divisibility by first 170 primes\n"); - num = 170; - if(mpp_divis_primes(&a, &num) == MP_YES) - printf("It is divisible by at least one of them\n"); - else - printf("It is not divisible by any of them\n"); - - mp_clear(&b); - mp_clear(&a); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/tests/mptest-8.c b/security/nss/lib/freebl/mpi/tests/mptest-8.c deleted file mode 100644 index e2ddc2c19..000000000 --- a/security/nss/lib/freebl/mpi/tests/mptest-8.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Simple test driver for MPI library - * - * Test 8: Probabilistic primality tester - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include -#include - -#define MP_IOFUNC -#include "mpi.h" - -#include "mpprime.h" - -int main(int argc, char *argv[]) -{ - int ix; - mp_digit num; - mp_int a; - - srand(time(NULL)); - - if(argc < 2) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - printf("Test 8: Probabilistic primality testing\n\n"); - - mp_init(&a); - - mp_read_radix(&a, argv[1], 10); - - printf("a = "); mp_print(&a, stdout); fputc('\n', stdout); - - printf("\nChecking for divisibility by small primes ... \n"); - num = 170; - if(mpp_divis_primes(&a, &num) == MP_YES) { - printf("it is not prime\n"); - goto CLEANUP; - } - printf("Passed that test (not divisible by any small primes).\n"); - - for(ix = 0; ix < 10; ix++) { - printf("\nPerforming Rabin-Miller test, iteration %d\n", ix + 1); - - if(mpp_pprime(&a, 5) == MP_NO) { - printf("it is not prime\n"); - goto CLEANUP; - } - } - printf("All tests passed; a is probably prime\n"); - -CLEANUP: - mp_clear(&a); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/tests/mptest-9.c b/security/nss/lib/freebl/mpi/tests/mptest-9.c deleted file mode 100644 index 07d6410c7..000000000 --- a/security/nss/lib/freebl/mpi/tests/mptest-9.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - * mptest-9.c - * - * Test logical functions - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include -#include - -#include "mpi.h" -#include "mplogic.h" - -int main(int argc, char *argv[]) -{ - mp_int a, b, c; - int pco; - mp_err res; - - printf("Test 9: Logical functions\n\n"); - - if(argc < 3) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - mp_init(&a); mp_init(&b); mp_init(&c); - mp_read_radix(&a, argv[1], 16); - mp_read_radix(&b, argv[2], 16); - - printf("a = "); mp_print(&a, stdout); fputc('\n', stdout); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - - mpl_not(&a, &c); - printf("~a = "); mp_print(&c, stdout); fputc('\n', stdout); - - mpl_and(&a, &b, &c); - printf("a & b = "); mp_print(&c, stdout); fputc('\n', stdout); - - mpl_or(&a, &b, &c); - printf("a | b = "); mp_print(&c, stdout); fputc('\n', stdout); - - mpl_xor(&a, &b, &c); - printf("a ^ b = "); mp_print(&c, stdout); fputc('\n', stdout); - - mpl_rsh(&a, &c, 1); - printf("a >> 1 = "); mp_print(&c, stdout); fputc('\n', stdout); - mpl_rsh(&a, &c, 5); - printf("a >> 5 = "); mp_print(&c, stdout); fputc('\n', stdout); - mpl_rsh(&a, &c, 16); - printf("a >> 16 = "); mp_print(&c, stdout); fputc('\n', stdout); - - mpl_lsh(&a, &c, 1); - printf("a << 1 = "); mp_print(&c, stdout); fputc('\n', stdout); - mpl_lsh(&a, &c, 5); - printf("a << 5 = "); mp_print(&c, stdout); fputc('\n', stdout); - mpl_lsh(&a, &c, 16); - printf("a << 16 = "); mp_print(&c, stdout); fputc('\n', stdout); - - mpl_num_set(&a, &pco); - printf("population(a) = %d\n", pco); - mpl_num_set(&b, &pco); - printf("population(b) = %d\n", pco); - - res = mpl_parity(&a); - if(res == MP_EVEN) - printf("a has even parity\n"); - else - printf("a has odd parity\n"); - - mp_clear(&c); - mp_clear(&b); - mp_clear(&a); - - return 0; -} - diff --git a/security/nss/lib/freebl/mpi/tests/mptest-b.c b/security/nss/lib/freebl/mpi/tests/mptest-b.c deleted file mode 100644 index da89cb3e0..000000000 --- a/security/nss/lib/freebl/mpi/tests/mptest-b.c +++ /dev/null @@ -1,211 +0,0 @@ -/* - * Simple test driver for MPI library - * - * Test GF2m: Binary Polynomial Arithmetic - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Multi-precision Binary Polynomial Arithmetic - * Library. - * - * Contributor(s): - * Sheueling Chang Shantz and - * Douglas Stebila of Sun Laboratories. - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - */ - -#include -#include -#include -#include -#include - -#include "mp_gf2m.h" - -int main(int argc, char *argv[]) -{ - int ix; - mp_int pp, a, b, x, y, order; - mp_int c, d, e; - mp_digit r; - mp_err res; - unsigned int p[] = {163,7,6,3,0}; - unsigned int ptemp[10]; - - printf("Test b: Binary Polynomial Arithmetic\n\n"); - - mp_init(&pp); - mp_init(&a); - mp_init(&b); - mp_init(&x); - mp_init(&y); - mp_init(&order); - - mp_read_radix(&pp, "0800000000000000000000000000000000000000C9", 16); - mp_read_radix(&a, "1", 16); - mp_read_radix(&b, "020A601907B8C953CA1481EB10512F78744A3205FD", 16); - mp_read_radix(&x, "03F0EBA16286A2D57EA0991168D4994637E8343E36", 16); - mp_read_radix(&y, "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", 16); - mp_read_radix(&order, "040000000000000000000292FE77E70C12A4234C33", 16); - printf("pp = "); mp_print(&pp, stdout); fputc('\n', stdout); - printf("a = "); mp_print(&a, stdout); fputc('\n', stdout); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - printf("x = "); mp_print(&x, stdout); fputc('\n', stdout); - printf("y = "); mp_print(&y, stdout); fputc('\n', stdout); - printf("order = "); mp_print(&order, stdout); fputc('\n', stdout); - - mp_init(&c); - mp_init(&d); - mp_init(&e); - - /* Test polynomial conversion */ - ix = mp_bpoly2arr(&pp, ptemp, 10); - if ( - (ix != 5) || - (ptemp[0] != p[0]) || - (ptemp[1] != p[1]) || - (ptemp[2] != p[2]) || - (ptemp[3] != p[3]) || - (ptemp[4] != p[4]) - ) { - printf("Polynomial to array conversion not correct\n"); - return -1; - } - - printf("Polynomial conversion test #1 successful.\n"); - MP_CHECKOK( mp_barr2poly(p, &c) ); - if (mp_cmp(&pp, &c) != 0) { - printf("Array to polynomial conversion not correct\n"); - return -1; - } - printf("Polynomial conversion test #2 successful.\n"); - - /* Test addition */ - MP_CHECKOK( mp_badd(&a, &a, &c) ); - if (mp_cmp_z(&c) != 0) { - printf("a+a should equal zero\n"); - return -1; - } - printf("Addition test #1 successful.\n"); - MP_CHECKOK( mp_badd(&a, &b, &c) ); - MP_CHECKOK( mp_badd(&b, &c, &c) ); - if (mp_cmp(&c, &a) != 0) { - printf("c = (a + b) + b should equal a\n"); - printf("a = "); mp_print(&a, stdout); fputc('\n', stdout); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - return -1; - } - printf("Addition test #2 successful.\n"); - - /* Test multiplication */ - mp_set(&c, 2); - MP_CHECKOK( mp_bmul(&b, &c, &c) ); - MP_CHECKOK( mp_badd(&b, &c, &c) ); - mp_set(&d, 3); - MP_CHECKOK( mp_bmul(&b, &d, &d) ); - if (mp_cmp(&c, &d) != 0) { - printf("c = (2 * b) + b should equal c = 3 * b\n"); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - printf("d = "); mp_print(&d, stdout); fputc('\n', stdout); - return -1; - } - printf("Multiplication test #1 successful.\n"); - - /* Test modular reduction */ - MP_CHECKOK( mp_bmod(&b, p, &c) ); - if (mp_cmp(&b, &c) != 0) { - printf("c = b mod p should equal b\n"); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - return -1; - } - printf("Modular reduction test #1 successful.\n"); - MP_CHECKOK( mp_badd(&b, &pp, &c) ); - MP_CHECKOK( mp_bmod(&c, p, &c) ); - if (mp_cmp(&b, &c) != 0) { - printf("c = (b + p) mod p should equal b\n"); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - return -1; - } - printf("Modular reduction test #2 successful.\n"); - MP_CHECKOK( mp_bmul(&b, &pp, &c) ); - MP_CHECKOK( mp_bmod(&c, p, &c) ); - if (mp_cmp_z(&c) != 0) { - printf("c = (b * p) mod p should equal 0\n"); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - return -1; - } - printf("Modular reduction test #3 successful.\n"); - - /* Test modular multiplication */ - MP_CHECKOK( mp_bmulmod(&b, &pp, p, &c) ); - if (mp_cmp_z(&c) != 0) { - printf("c = (b * p) mod p should equal 0\n"); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - return -1; - } - printf("Modular multiplication test #1 successful.\n"); - mp_set(&c, 1); - MP_CHECKOK( mp_badd(&pp, &c, &c) ); - MP_CHECKOK( mp_bmulmod(&b, &c, p, &c) ); - if (mp_cmp(&b, &c) != 0) { - printf("c = (b * (p + 1)) mod p should equal b\n"); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - return -1; - } - printf("Modular multiplication test #2 successful.\n"); - - /* Test modular squaring */ - MP_CHECKOK( mp_copy(&b, &c) ); - MP_CHECKOK( mp_bmulmod(&b, &c, p, &c) ); - MP_CHECKOK( mp_bsqrmod(&b, p, &d) ); - if (mp_cmp(&c, &d) != 0) { - printf("c = (b * b) mod p should equal d = b^2 mod p\n"); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - printf("d = "); mp_print(&d, stdout); fputc('\n', stdout); - return -1; - } - printf("Modular squaring test #1 successful.\n"); - - /* Test modular division */ - MP_CHECKOK( mp_bdivmod(&b, &x, &pp, p, &c) ); - MP_CHECKOK( mp_bmulmod(&c, &x, p, &c) ); - if (mp_cmp(&b, &c) != 0) { - printf("c = (b / x) * x mod p should equal b\n"); - printf("b = "); mp_print(&b, stdout); fputc('\n', stdout); - printf("c = "); mp_print(&c, stdout); fputc('\n', stdout); - return -1; - } - printf("Modular division test #1 successful.\n"); - -CLEANUP: - - mp_clear(&order); - mp_clear(&y); - mp_clear(&x); - mp_clear(&b); - mp_clear(&a); - mp_clear(&pp); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/tests/pi1k.txt b/security/nss/lib/freebl/mpi/tests/pi1k.txt deleted file mode 100644 index 5ff6209ff..000000000 --- a/security/nss/lib/freebl/mpi/tests/pi1k.txt +++ /dev/null @@ -1 +0,0 @@ -31415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679821480865132823066470938446095505822317253594081284811174502841027019385211055596446229489549303819644288109756659334461284756482337867831652712019091456485669234603486104543266482133936072602491412737245870066063155881748815209209628292540917153643678925903600113305305488204665213841469519415116094330572703657595919530921861173819326117931051185480744623799627495673518857527248912279381830119491298336733624406566430860213949463952247371907021798609437027705392171762931767523846748184676694051320005681271452635608277857713427577896091736371787214684409012249534301465495853710507922796892589235420199561121290219608640344181598136297747713099605187072113499999983729780499510597317328160963185950244594553469083026425223082533446850352619311881710100031378387528865875332083814206171776691473035982534904287554687311595628638823537875937519577818577805321712268066130019278766111959092164201989 diff --git a/security/nss/lib/freebl/mpi/tests/pi2k.txt b/security/nss/lib/freebl/mpi/tests/pi2k.txt deleted file mode 100644 index 9ce82acd1..000000000 --- a/security/nss/lib/freebl/mpi/tests/pi2k.txt +++ /dev/null @@ -1 +0,0 @@ -314159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848111745028410270193852110555964462294895493038196442881097566593344612847564823378678316527120190914564856692346034861045432664821339360726024914127372458700660631558817488152092096282925409171536436789259036001133053054882046652138414695194151160943305727036575959195309218611738193261179310511854807446237996274956735188575272489122793818301194912983367336244065664308602139494639522473719070217986094370277053921717629317675238467481846766940513200056812714526356082778577134275778960917363717872146844090122495343014654958537105079227968925892354201995611212902196086403441815981362977477130996051870721134999999837297804995105973173281609631859502445945534690830264252230825334468503526193118817101000313783875288658753320838142061717766914730359825349042875546873115956286388235378759375195778185778053217122680661300192787661119590921642019893809525720106548586327886593615338182796823030195203530185296899577362259941389124972177528347913151557485724245415069595082953311686172785588907509838175463746493931925506040092770167113900984882401285836160356370766010471018194295559619894676783744944825537977472684710404753464620804668425906949129331367702898915210475216205696602405803815019351125338243003558764024749647326391419927260426992279678235478163600934172164121992458631503028618297455570674983850549458858692699569092721079750930295532116534498720275596023648066549911988183479775356636980742654252786255181841757467289097777279380008164706001614524919217321721477235014144197356854816136115735255213347574184946843852332390739414333454776241686251898356948556209921922218427255025425688767179049460165346680498862723279178608578438382796797668145410095388378636095068006422512520511739298489608412848862694560424196528502221066118630674427862203919494504712371378696095636437191728746776465757396241389086583264599581339047802759010 diff --git a/security/nss/lib/freebl/mpi/tests/pi5k.txt b/security/nss/lib/freebl/mpi/tests/pi5k.txt deleted file mode 100644 index 901fac2ea..000000000 --- a/security/nss/lib/freebl/mpi/tests/pi5k.txt +++ /dev/null @@ -1 +0,0 @@ -314159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848111745028410270193852110555964462294895493038196442881097566593344612847564823378678316527120190914564856692346034861045432664821339360726024914127372458700660631558817488152092096282925409171536436789259036001133053054882046652138414695194151160943305727036575959195309218611738193261179310511854807446237996274956735188575272489122793818301194912983367336244065664308602139494639522473719070217986094370277053921717629317675238467481846766940513200056812714526356082778577134275778960917363717872146844090122495343014654958537105079227968925892354201995611212902196086403441815981362977477130996051870721134999999837297804995105973173281609631859502445945534690830264252230825334468503526193118817101000313783875288658753320838142061717766914730359825349042875546873115956286388235378759375195778185778053217122680661300192787661119590921642019893809525720106548586327886593615338182796823030195203530185296899577362259941389124972177528347913151557485724245415069595082953311686172785588907509838175463746493931925506040092770167113900984882401285836160356370766010471018194295559619894676783744944825537977472684710404753464620804668425906949129331367702898915210475216205696602405803815019351125338243003558764024749647326391419927260426992279678235478163600934172164121992458631503028618297455570674983850549458858692699569092721079750930295532116534498720275596023648066549911988183479775356636980742654252786255181841757467289097777279380008164706001614524919217321721477235014144197356854816136115735255213347574184946843852332390739414333454776241686251898356948556209921922218427255025425688767179049460165346680498862723279178608578438382796797668145410095388378636095068006422512520511739298489608412848862694560424196528502221066118630674427862203919494504712371378696095636437191728746776465757396241389086583264599581339047802759009946576407895126946839835259570982582262052248940772671947826848260147699090264013639443745530506820349625245174939965143142980919065925093722169646151570985838741059788595977297549893016175392846813826868386894277415599185592524595395943104997252468084598727364469584865383673622262609912460805124388439045124413654976278079771569143599770012961608944169486855584840635342207222582848864815845602850601684273945226746767889525213852254995466672782398645659611635488623057745649803559363456817432411251507606947945109659609402522887971089314566913686722874894056010150330861792868092087476091782493858900971490967598526136554978189312978482168299894872265880485756401427047755513237964145152374623436454285844479526586782105114135473573952311342716610213596953623144295248493718711014576540359027993440374200731057853906219838744780847848968332144571386875194350643021845319104848100537061468067491927819119793995206141966342875444064374512371819217999839101591956181467514269123974894090718649423196156794520809514655022523160388193014209376213785595663893778708303906979207734672218256259966150142150306803844773454920260541466592520149744285073251866600213243408819071048633173464965145390579626856100550810665879699816357473638405257145910289706414011097120628043903975951567715770042033786993600723055876317635942187312514712053292819182618612586732157919841484882916447060957527069572209175671167229109816909152801735067127485832228718352093539657251210835791513698820914442100675103346711031412671113699086585163983150197016515116851714376576183515565088490998985998238734552833163550764791853589322618548963213293308985706420467525907091548141654985946163718027098199430992448895757128289059232332609729971208443357326548938239119325974636673058360414281388303203824903758985243744170291327656180937734440307074692112019130203303801976211011004492932151608424448596376698389522868478312355265821314495768572624334418930396864262434107732269780280731891544110104468232527162010526522721116603966655730925471105578537634668206531098965269186205647693125705863566201855810072936065987648611791045334885034611365768675324944166803962657978771855608455296541266540853061434443185867697514566140680070023787765913440171274947042056223053899456131407112700040785473326993908145466464588079727082668306343285878569830523580893306575740679545716377525420211495576158140025012622859413021647155097925923099079654737612551765675135751782966645477917450112996148903046399471329621073404375189573596145890193897131117904297828564750320319869151402870808599048010941214722131794764777262241425485454033215718530614228813758504306332175182979866223717215916077166925474873898665494945011465406284336639379003976926567214638530673609657120918076383271664162748888007869256029022847210403172118608204190004229661711963779213375751149595015660496318629472654736425230817703675159067350235072835405670403867435136222247715891504953098444893330963408780769325993978054193414473774418426312986080998886874132604721 diff --git a/security/nss/lib/freebl/mpi/timetest b/security/nss/lib/freebl/mpi/timetest deleted file mode 100755 index d78f3c56a..000000000 --- a/security/nss/lib/freebl/mpi/timetest +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/sh - -# -# Simple timing test for the MPI library. Basically, we use prime -# generation as a timing test, since it exercises most of the pathways -# of the library fairly heavily. The 'primegen' tool outputs a line -# summarizing timing results. We gather these and process them for -# statistical information, which is collected into a file. -# -## The contents of this file are subject to the Mozilla Public -## License Version 1.1 (the "License"); you may not use this file -## except in compliance with the License. You may obtain a copy of -## the License at http://www.mozilla.org/MPL/ -## -## Software distributed under the License is distributed on an "AS -## IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -## implied. See the License for the specific language governing -## rights and limitations under the License. -## -## The Original Code is the MPI Arbitrary Precision Integer Arithmetic -## library. -## -## The Initial Developer of the Original Code is -## Michael J. Fromberger -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 2000 Michael J. Fromberger. All Rights Reserved -## -## Contributor(s): -## Netscape Communications Corporation -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the GPL. -## -# $Id$ -# - -# Avoid using built-in shell echoes -ECHO=/bin/echo -MAKE=gmake - -# Use a fixed seed so timings will be more consistent -# This one is the 11th-18th decimal digits of 'e' -#export SEED=45904523 -SEED=45904523; export SEED - -#------------------------------------------------------------------------ - -$ECHO "\n** Running timing tests for MPI library\n" - -$ECHO "Bringing 'metime' up to date ... " -if $MAKE metime ; then - : -else - $ECHO "\nMake failed to build metime.\n" - exit 1 -fi - -if [ ! -x ./metime ] ; then - $ECHO "\nCannot find 'metime' program, testing cannot continue.\n" - exit 1 -fi - -#------------------------------------------------------------------------ - -$ECHO "Bringing 'primegen' up to date ... " -if $MAKE primegen ; then - : -else - $ECHO "\nMake failed to build primegen.\n" - exit 1 -fi - -if [ ! -x ./primegen ] ; then - $ECHO "\nCannot find 'primegen' program, testing cannot continue.\n" - exit 1 -fi - -#------------------------------------------------------------------------ - -rm -f timing-results.txt -touch timing-results.txt - -sizes="256 512 1024 2048" -ntests=10 - -trap 'echo "oop!";rm -f tt*.tmp timing-results.txt;exit 0' INT HUP - -$ECHO "\n-- Modular exponentiation\n" -$ECHO "Modular exponentiation:" >> timing-results.txt - -$ECHO "Running $ntests modular exponentiations per test:" -for size in $sizes ; do - $ECHO "- Gathering statistics for $size bits ... " - secs=`./metime $ntests $size | tail -1 | awk '{print $2}'` - $ECHO "$size: " $secs " seconds per op" >> timing-results.txt - tail -1 timing-results.txt -done - -$ECHO ""; - -sizes="256 512 1024" -ntests=1 - -$ECHO "\n-- Prime generation\n" -$ECHO "Prime generation:" >> timing-results.txt - -$ECHO "Generating $ntests prime values per test:" -for size in $sizes ; do - $ECHO "- Gathering statistics for $size bits ... " - ./primegen $size $ntests | grep ticks | awk '{print $7}' | tr -d '(' > tt$$.tmp - $ECHO "$size:" >> timing-results.txt - perl stats tt$$.tmp >> timing-results.txt - tail -1 timing-results.txt - rm -f tt$$.tmp -done - -$ECHO "" - -trap 'rm -f tt*.tmp timing-results.txt' INT HUP - -exit 0 - diff --git a/security/nss/lib/freebl/mpi/types.pl b/security/nss/lib/freebl/mpi/types.pl deleted file mode 100755 index 5f2a2f4d1..000000000 --- a/security/nss/lib/freebl/mpi/types.pl +++ /dev/null @@ -1,158 +0,0 @@ -#!/usr/bin/perl - -# -# types.pl - find recommended type definitions for digits and words -# -# This script scans the Makefile for the C compiler and compilation -# flags currently in use, and using this combination, attempts to -# compile a simple test program that outputs the sizes of the various -# unsigned integer types, in bytes. Armed with these, it finds all -# the "viable" type combinations for mp_digit and mp_word, where -# viability is defined by the requirement that mp_word be at least two -# times the precision of mp_digit. -# -# Of these, the one with the largest digit size is chosen, and -# appropriate typedef statements are written to standard output. -# -## The contents of this file are subject to the Mozilla Public -## License Version 1.1 (the "License"); you may not use this file -## except in compliance with the License. You may obtain a copy of -## the License at http://www.mozilla.org/MPL/ -## -## Software distributed under the License is distributed on an "AS -## IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -## implied. See the License for the specific language governing -## rights and limitations under the License. -## -## The Original Code is the MPI Arbitrary Precision Integer Arithmetic -## library. -## -## The Initial Developer of the Original Code is -## Michael J. Fromberger -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 2000 Michael J. Fromberger. All Rights Reserved -## -## Contributor(s): -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the GPL. -## -# $Id$ -# - -@_=split(/\//,$0);chomp($prog=pop(@_)); - -# The array of integer types to be considered... -@TYPES = ( - "unsigned char", - "unsigned short", - "unsigned int", - "unsigned long" -); - -# Macro names for the maximum unsigned value of each type -%TMAX = ( - "unsigned char" => "UCHAR_MAX", - "unsigned short" => "USHRT_MAX", - "unsigned int" => "UINT_MAX", - "unsigned long" => "ULONG_MAX" -); - -# Read the Makefile to find out which C compiler to use -open(MFP, ") { - chomp; - if(/^CC=(.*)$/) { - $cc = $1; - last if $cflags; - } elsif(/^CFLAGS=(.*)$/) { - $cflags = $1; - last if $cc; - } -} -close(MFP); - -# If we couldn't find that, use 'cc' by default -$cc = "cc" unless $cc; - -printf STDERR "Using '%s' as the C compiler.\n", $cc; - -print STDERR "Determining type sizes ... \n"; -open(OFP, ">tc$$.c") or die "$prog: tc$$.c: $!\n"; -print OFP "#include \n\nint main(void)\n{\n"; -foreach $type (@TYPES) { - printf OFP "\tprintf(\"%%d\\n\", (int)sizeof(%s));\n", $type; -} -print OFP "\n\treturn 0;\n}\n"; -close(OFP); - -system("$cc $cflags -o tc$$ tc$$.c"); - -die "$prog: unable to build test program\n" unless(-x "tc$$"); - -open(IFP, "./tc$$|") or die "$prog: can't execute test program\n"; -$ix = 0; -while() { - chomp; - $size{$TYPES[$ix++]} = $_; -} -close(IFP); - -unlink("tc$$"); -unlink("tc$$.c"); - -print STDERR "Selecting viable combinations ... \n"; -while(($type, $size) = each(%size)) { - push(@ts, [ $size, $type ]); -} - -# Sort them ascending by size -@ts = sort { $a->[0] <=> $b->[0] } @ts; - -# Try all possible combinations, finding pairs in which the word size -# is twice the digit size. The number of possible pairs is too small -# to bother doing this more efficiently than by brute force -for($ix = 0; $ix <= $#ts; $ix++) { - $w = $ts[$ix]; - - for($jx = 0; $jx <= $#ts; $jx++) { - $d = $ts[$jx]; - - if($w->[0] == 2 * $d->[0]) { - push(@valid, [ $d, $w ]); - } - } -} - -# Sort descending by digit size -@valid = sort { $b->[0]->[0] <=> $a->[0]->[0] } @valid; - -# Select the maximum as the recommended combination -$rec = shift(@valid); - -printf("typedef %-18s mp_sign;\n", "char"); -printf("typedef %-18s mp_digit; /* %d byte type */\n", - $rec->[0]->[1], $rec->[0]->[0]); -printf("typedef %-18s mp_word; /* %d byte type */\n", - $rec->[1]->[1], $rec->[1]->[0]); -printf("typedef %-18s mp_size;\n", "unsigned int"); -printf("typedef %-18s mp_err;\n\n", "int"); - -printf("#define %-18s (CHAR_BIT*sizeof(mp_digit))\n", "DIGIT_BIT"); -printf("#define %-18s %s\n", "DIGIT_MAX", $TMAX{$rec->[0]->[1]}); -printf("#define %-18s (CHAR_BIT*sizeof(mp_word))\n", "MP_WORD_BIT"); -printf("#define %-18s %s\n\n", "MP_WORD_MAX", $TMAX{$rec->[1]->[1]}); -printf("#define %-18s (DIGIT_MAX+1)\n\n", "RADIX"); - -printf("#define %-18s \"%%0%dX\"\n", "DIGIT_FMT", (2 * $rec->[0]->[0])); - -exit 0; diff --git a/security/nss/lib/freebl/mpi/utils/LICENSE b/security/nss/lib/freebl/mpi/utils/LICENSE deleted file mode 100644 index 5f96df7ab..000000000 --- a/security/nss/lib/freebl/mpi/utils/LICENSE +++ /dev/null @@ -1,4 +0,0 @@ -Within this directory, each of the file listed below is licensed under -the terms given in the file LICENSE-MPL, also in this directory. - -PRIMES diff --git a/security/nss/lib/freebl/mpi/utils/LICENSE-MPL b/security/nss/lib/freebl/mpi/utils/LICENSE-MPL deleted file mode 100644 index 9ff410e4b..000000000 --- a/security/nss/lib/freebl/mpi/utils/LICENSE-MPL +++ /dev/null @@ -1,32 +0,0 @@ -The contents of this file are subject to the Mozilla Public -License Version 1.1 (the "License"); you may not use this file -except in compliance with the License. You may obtain a copy of -the License at http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS -IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -implied. See the License for the specific language governing -rights and limitations under the License. - -The Original Code is the Netscape security libraries. - -The Initial Developer of the Original Code is Netscape -Communications Corporation. Portions created by Netscape are -Copyright (C) 1994-2000 Netscape Communications Corporation. All -Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the -terms of the GNU General Public License Version 2 or later (the -"GPL"), in which case the provisions of the GPL are applicable -instead of those above. If you wish to allow use of your -version of this file only under the terms of the GPL and not to -allow others to use your version of this file under the MPL, -indicate your decision by deleting the provisions above and -replace them with the notice and other provisions required by -the GPL. If you do not delete the provisions above, a recipient -may use your version of this file under either the MPL or the -GPL. - - diff --git a/security/nss/lib/freebl/mpi/utils/PRIMES b/security/nss/lib/freebl/mpi/utils/PRIMES deleted file mode 100644 index ed65703ff..000000000 --- a/security/nss/lib/freebl/mpi/utils/PRIMES +++ /dev/null @@ -1,41 +0,0 @@ -Probable primes (sorted by number of significant bits) - - 128: 81386202757205669562183851789305348631 - - 128: 180241813863264101444573802809858694397 - - 128: 245274683055224433281596312431122059021 - - 128: 187522309397665259809392608791686659539 - - 256: 83252422946206411852330647237287722547866360773229941071371588246436\ - 513990159 - - 256: 79132571131322331023736933767063051273085304521895229780914612117520\ - 058517909 - - 256: 72081815425552909748220041100909735706208853818662000557743644603407\ - 965465527 - - 256: 87504602391905701494845474079163412737334477797316409702279059573654\ - 274811271 - - 512: 12233064210800062190450937494718705259777386009095453001870729392786\ - 63450255179083524798507997690270500580265258111668148238355016411719\ - 9168737693316468563 - - 512: 12003639081420725322369909586347545220275253633035565716386136197501\ - 88208318984400479275215620499883521216480724155582768193682335576385\ - 2069481074929084063 - -1024: 16467877625718912296741904171202513097057724053648819680815842057593\ - 20371835940722471475475803725455063836431454757000451907612224427007\ - 63984592414360595161051906727075047683803534852982766542661204179549\ - 77327573530800542562611753617736693359790119074768292178493884576587\ - 0230450429880021317876149636714743053 - -1024: 16602953991090311275234291158294516471009930684624948451178742895360\ - 86073703307475884280944414508444679430090561246728195735962931545473\ - 40743240318558456247740186704660778277799687988031119436541068736925\ - 20563780233711166724859277827382391527748470939542560819625727876091\ - 5372193745283891895989104479029844957 diff --git a/security/nss/lib/freebl/mpi/utils/README b/security/nss/lib/freebl/mpi/utils/README deleted file mode 100644 index 86887bf81..000000000 --- a/security/nss/lib/freebl/mpi/utils/README +++ /dev/null @@ -1,239 +0,0 @@ -The contents of this file are subject to the Mozilla Public -License Version 1.1 (the "License"); you may not use this file -except in compliance with the License. You may obtain a copy of -the License at http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS -IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -implied. See the License for the specific language governing -rights and limitations under the License. - -The Original Code is the MPI Arbitrary Precision Integer Arithmetic -library. - -The Initial Developer of the Original Code is -Michael J. Fromberger - -Portions created by Michael J. Fromberger are -Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the -terms of the GNU General Public License Version 2 or later (the -"GPL"), in which case the provisions of the GPL are applicable -instead of those above. If you wish to allow use of your -version of this file only under the terms of the GPL and not to -allow others to use your version of this file under the MPL, -indicate your decision by deleting the provisions above and -replace them with the notice and other provisions required by -the GPL. If you do not delete the provisions above, a recipient -may use your version of this file under either the MPL or the -GPL. - - - -Additional MPI utilities ------------------------- - -The files 'mpprime.h' and 'mpprime.c' define some useful extensions to -the MPI library for dealing with prime numbers (in particular, testing -for divisbility, and the Rabin-Miller probabilistic primality test). - -The files 'mplogic.h' and 'mplogic.c' define extensions to the MPI -library for doing bitwise logical operations and shifting. - -This document assumes you have read the help file for the MPI library -and understand its conventions. - -Divisibility (mpprime.h) ------------- - -To test a number for divisibility by another number: - -mpp_divis(a, b) - test if b|a -mpp_divis_d(a, d) - test if d|a - -Each of these functions returns MP_YES if its initial argument is -divisible by its second, or MP_NO if it is not. Other errors may be -returned as appropriate (such as MP_RANGE if you try to test for -divisibility by zero). - -Randomness (mpprime.h) ----------- - -To generate random data: - -mpp_random(a) - fill a with random data -mpp_random_size(a, p) - fill a with p digits of random data - -The mpp_random_size() function increases the precision of a to at -least p, then fills all those digits randomly. The mp_random() -function fills a to its current precision (as determined by the number -of significant digits, USED(a)) - -Note that these functions simply use the C library's rand() function -to fill a with random digits up to its precision. This should be -adequate for primality testing, but should not be used for -cryptographic applications where truly random values are required for -security. - -You should call srand() in your driver program in order to seed the -random generator; this function doesn't call it. - -Primality Testing (mpprime.h) ------------------ - -mpp_divis_vector(a, v, s, w) - is a divisible by any of the s values - in v, and if so, w = which. -mpp_divis_primes(a, np) - is a divisible by any of the first np primes? -mpp_fermat(a, w) - is a pseudoprime with respect to witness w? -mpp_pprime(a, nt) - run nt iterations of Rabin-Miller on a. - -The mpp_divis_vector() function tests a for divisibility by each -member of an array of digits. The array is v, the size of that array -is s. Returns MP_YES if a is divisible, and stores the index of the -offending digit in w. Returns MP_NO if a is not divisible by any of -the digits in the array. - -A small table of primes is compiled into the library (typically the -first 128 primes, although you can change this by editing the file -'primes.c' before you build). The global variable prime_tab_size -contains the number of primes in the table, and the values themselves -are in the array prime_tab[], which is an array of mp_digit. - -The mpp_divis_primes() function is basically just a wrapper around -mpp_divis_vector() that uses prime_tab[] as the test vector. The np -parameter is a pointer to an mp_digit -- on input, it should specify -the number of primes to be tested against. If a is divisible by any -of the primes, MP_YES is returned and np is given the prime value that -divided a (you can use this if you're factoring, for example). -Otherwise, MP_NO is returned and np is untouched. - -The function mpp_fermat() performs Fermat's test, using w as a -witness. This test basically relies on the fact that if a is prime, -and w is relatively prime to a, then: - - w^a = w (mod a) - -That is, - - w^(a - 1) = 1 (mod a) - -The function returns MP_YES if the test passes, MP_NO if it fails. If -w is relatively prime to a, and the test fails, a is definitely -composite. If w is relatively prime to a and the test passes, then a -is either prime, or w is a false witness (the probability of this -happening depends on the choice of w and of a ... consult a number -theory textbook for more information about this). - -Note: If (w, a) != 1, the output of this test is meaningless. ----- - -The function mpp_pprime() performs the Rabin-Miller probabilistic -primality test for nt rounds. If all the tests pass, MP_YES is -returned, and a is probably prime. The probability that an answer of -MP_YES is incorrect is no greater than 1 in 4^nt, and in fact is -usually much less than that (this is a pessimistic estimate). If any -test fails, MP_NO is returned, and a is definitely composite. - -Bruce Schneier recommends at least 5 iterations of this test for most -cryptographic applications; Knuth suggests that 25 are reasonable. -Run it as many times as you feel are necessary. - -See the programs 'makeprime.c' and 'isprime.c' for reasonable examples -of how to use these functions for primality testing. - - -Bitwise Logic (mplogic.c) -------------- - -The four commonest logical operations are implemented as: - -mpl_not(a, b) - Compute bitwise (one's) complement, b = ~a - -mpl_and(a, b, c) - Compute bitwise AND, c = a & b - -mpl_or(a, b, c) - Compute bitwise OR, c = a | b - -mpl_xor(a, b, c) - Compute bitwise XOR, c = a ^ b - -Left and right shifts are available as well. These take a number to -shift, a destination, and a shift amount. The shift amount must be a -digit value between 0 and DIGIT_BIT inclusive; if it is not, MP_RANGE -will be returned and the shift will not happen. - -mpl_rsh(a, b, d) - Compute logical right shift, b = a >> d - -mpl_lsh(a, b, d) - Compute logical left shift, b = a << d - -Since these are logical shifts, they fill with zeroes (the library -uses a signed magnitude representation, so there are no sign bits to -extend anyway). - - -Command-line Utilities ----------------------- - -A handful of interesting command-line utilities are provided. These -are: - -lap.c - Find the order of a mod m. Usage is 'lap '. - This uses a dumb algorithm, so don't use it for - a really big modulus. - -invmod.c - Find the inverse of a mod m, if it exists. Usage - is 'invmod ' - -sieve.c - A simple bitmap-based implementation of the Sieve - of Eratosthenes. Used to generate the table of - primes in primes.c. Usage is 'sieve ' - -prng.c - Uses the routines in bbs_rand.{h,c} to generate - one or more 32-bit pseudo-random integers. This - is mainly an example, not intended for use in a - cryptographic application (the system time is - the only source of entropy used) - -dec2hex.c - Convert decimal to hexadecimal - -hex2dec.c - Convert hexadecimal to decimal - -basecvt.c - General radix conversion tool (supports 2-64) - -isprime.c - Probabilistically test an integer for primality - using the Rabin-Miller pseudoprime test combined - with division by small primes. - -primegen.c - Generate primes at random. - -exptmod.c - Perform modular exponentiation - -ptab.pl - A Perl script to munge the output of the sieve - program into a compilable C structure. - - -Other Files ------------ - -PRIMES - Some randomly generated numbers which are prime with - extremely high probability. - -README - You're reading me already. - - -About the Author ----------------- - -This software was written by Michael J. Fromberger. You can contact -the author as follows: - -E-mail: - -Postal: 8000 Cummings Hall, Thayer School of Engineering - Dartmouth College, Hanover, New Hampshire, USA - -PGP key: http://linguist.dartmouth.edu/~sting/keys/mjf.html - 9736 188B 5AFA 23D6 D6AA BE0D 5856 4525 289D 9907 - -Last updated: $Id$ diff --git a/security/nss/lib/freebl/mpi/utils/basecvt.c b/security/nss/lib/freebl/mpi/utils/basecvt.c deleted file mode 100644 index 90ed0f66b..000000000 --- a/security/nss/lib/freebl/mpi/utils/basecvt.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * basecvt.c - * - * Convert integer values specified on the command line from one input - * base to another. Accepts input and output bases between 2 and 36 - * inclusive. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include - -#include "mpi.h" - -#define IBASE 10 -#define OBASE 16 -#define USAGE "Usage: %s ibase obase [value]\n" -#define MAXBASE 64 -#define MINBASE 2 - -int main(int argc, char *argv[]) -{ - int ix, ibase = IBASE, obase = OBASE; - mp_int val; - - ix = 1; - if(ix < argc) { - ibase = atoi(argv[ix++]); - - if(ibase < MINBASE || ibase > MAXBASE) { - fprintf(stderr, "%s: input radix must be between %d and %d inclusive\n", - argv[0], MINBASE, MAXBASE); - return 1; - } - } - if(ix < argc) { - obase = atoi(argv[ix++]); - - if(obase < MINBASE || obase > MAXBASE) { - fprintf(stderr, "%s: output radix must be between %d and %d inclusive\n", - argv[0], MINBASE, MAXBASE); - return 1; - } - } - - mp_init(&val); - while(ix < argc) { - char *out; - int outlen; - - mp_read_radix(&val, argv[ix++], ibase); - - outlen = mp_radix_size(&val, obase); - out = calloc(outlen, sizeof(char)); - mp_toradix(&val, out, obase); - - printf("%s\n", out); - free(out); - } - - mp_clear(&val); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/utils/bbs_rand.c b/security/nss/lib/freebl/mpi/utils/bbs_rand.c deleted file mode 100644 index c3e8b869b..000000000 --- a/security/nss/lib/freebl/mpi/utils/bbs_rand.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Blum, Blum & Shub PRNG using the MPI library - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include "bbs_rand.h" - -#define SEED 1 -#define MODULUS 2 - -/* This modulus is the product of two randomly generated 512-bit - prime integers, each of which is congruent to 3 (mod 4). */ -static char *bbs_modulus = -"75A2A6E1D27393B86562B9CE7279A8403CB4258A637DAB5233465373E37837383EDC" -"332282B8575927BC4172CE8C147B4894050EE9D2BDEED355C121037270CA2570D127" -"7D2390CD1002263326635CC6B259148DE3A1A03201980A925E395E646A5E9164B0EC" -"28559EBA58C87447245ADD0651EDA507056A1129E3A3E16E903D64B437"; - -static int bbs_init = 0; /* flag set when library is initialized */ -static mp_int bbs_state; /* the current state of the generator */ - -/* Suggested size of random seed data */ -int bbs_seed_size = (sizeof(bbs_modulus) / 2); - -void bbs_srand(unsigned char *data, int len) -{ - if((bbs_init & SEED) == 0) { - mp_init(&bbs_state); - bbs_init |= SEED; - } - - mp_read_raw(&bbs_state, (char *)data, len); - -} /* end bbs_srand() */ - -unsigned int bbs_rand(void) -{ - static mp_int modulus; - unsigned int result = 0, ix; - - if((bbs_init & MODULUS) == 0) { - mp_init(&modulus); - mp_read_radix(&modulus, bbs_modulus, 16); - bbs_init |= MODULUS; - } - - for(ix = 0; ix < sizeof(unsigned int); ix++) { - mp_digit d; - - mp_sqrmod(&bbs_state, &modulus, &bbs_state); - d = DIGIT(&bbs_state, 0); - - result = (result << CHAR_BIT) | (d & UCHAR_MAX); - } - - return result; - -} /* end bbs_rand() */ - -/*------------------------------------------------------------------------*/ -/* HERE THERE BE DRAGONS */ diff --git a/security/nss/lib/freebl/mpi/utils/bbs_rand.h b/security/nss/lib/freebl/mpi/utils/bbs_rand.h deleted file mode 100644 index de4587421..000000000 --- a/security/nss/lib/freebl/mpi/utils/bbs_rand.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * bbs_rand.h - * - * Blum, Blum & Shub PRNG using the MPI library - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#ifndef _H_BBSRAND_ -#define _H_BBSRAND_ - -#include -#include "mpi.h" - -#define BBS_RAND_MAX UINT_MAX - -/* Suggested length of seed data */ -extern int bbs_seed_size; - -void bbs_srand(unsigned char *data, int len); -unsigned int bbs_rand(void); - -#endif /* end _H_BBSRAND_ */ diff --git a/security/nss/lib/freebl/mpi/utils/bbsrand.c b/security/nss/lib/freebl/mpi/utils/bbsrand.c deleted file mode 100644 index 28600fabe..000000000 --- a/security/nss/lib/freebl/mpi/utils/bbsrand.c +++ /dev/null @@ -1,64 +0,0 @@ -/* - * bbsrand.c - * - * Test driver for routines in bbs_rand.h - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include - -#include "bbs_rand.h" - -#define NUM_TESTS 100 - -int main(void) -{ - unsigned int seed, result, ix; - - seed = time(NULL); - bbs_srand((unsigned char *)&seed, sizeof(seed)); - - for(ix = 0; ix < NUM_TESTS; ix++) { - result = bbs_rand(); - - printf("Test %3u: %08X\n", ix + 1, result); - } - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/utils/dec2hex.c b/security/nss/lib/freebl/mpi/utils/dec2hex.c deleted file mode 100644 index 9bdcfa018..000000000 --- a/security/nss/lib/freebl/mpi/utils/dec2hex.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * dec2hex.c - * - * Convert decimal integers into hexadecimal - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include - -#include "mpi.h" - -int main(int argc, char *argv[]) -{ - mp_int a; - char *buf; - int len; - - if(argc < 2) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - mp_init(&a); mp_read_radix(&a, argv[1], 10); - len = mp_radix_size(&a, 16); - buf = malloc(len); - mp_toradix(&a, buf, 16); - - printf("%s\n", buf); - - free(buf); - mp_clear(&a); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/utils/exptmod.c b/security/nss/lib/freebl/mpi/utils/exptmod.c deleted file mode 100644 index d5e66ac37..000000000 --- a/security/nss/lib/freebl/mpi/utils/exptmod.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * exptmod.c - * - * Command line tool to perform modular exponentiation on arbitrary - * precision integers. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include - -#include "mpi.h" - -int main(int argc, char *argv[]) -{ - mp_int a, b, m; - mp_err res; - char *str; - int len, rval = 0; - - if(argc < 3) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - mp_init(&a); mp_init(&b); mp_init(&m); - mp_read_radix(&a, argv[1], 10); - mp_read_radix(&b, argv[2], 10); - mp_read_radix(&m, argv[3], 10); - - if((res = mp_exptmod(&a, &b, &m, &a)) != MP_OKAY) { - fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res)); - rval = 1; - } else { - len = mp_radix_size(&a, 10); - str = calloc(len, sizeof(char)); - mp_toradix(&a, str, 10); - - printf("%s\n", str); - - free(str); - } - - mp_clear(&a); mp_clear(&b); mp_clear(&m); - - return rval; -} diff --git a/security/nss/lib/freebl/mpi/utils/fact.c b/security/nss/lib/freebl/mpi/utils/fact.c deleted file mode 100644 index 02b6711c9..000000000 --- a/security/nss/lib/freebl/mpi/utils/fact.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * fact.c - * - * Compute factorial of input integer - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include - -#include "mpi.h" - -mp_err mp_fact(mp_int *a, mp_int *b); - -int main(int argc, char *argv[]) -{ - mp_int a; - mp_err res; - - if(argc < 2) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - mp_init(&a); - mp_read_radix(&a, argv[1], 10); - - if((res = mp_fact(&a, &a)) != MP_OKAY) { - fprintf(stderr, "%s: error: %s\n", argv[0], - mp_strerror(res)); - mp_clear(&a); - return 1; - } - - { - char *buf; - int len; - - len = mp_radix_size(&a, 10); - buf = malloc(len); - mp_todecimal(&a, buf); - - puts(buf); - - free(buf); - } - - mp_clear(&a); - return 0; -} - -mp_err mp_fact(mp_int *a, mp_int *b) -{ - mp_int ix, s; - mp_err res = MP_OKAY; - - if(mp_cmp_z(a) < 0) - return MP_UNDEF; - - mp_init(&s); - mp_add_d(&s, 1, &s); /* s = 1 */ - mp_init(&ix); - mp_add_d(&ix, 1, &ix); /* ix = 1 */ - - for(/* */; mp_cmp(&ix, a) <= 0; mp_add_d(&ix, 1, &ix)) { - if((res = mp_mul(&s, &ix, &s)) != MP_OKAY) - break; - } - - mp_clear(&ix); - - /* Copy out results if we got them */ - if(res == MP_OKAY) - mp_copy(&s, b); - - mp_clear(&s); - - return res; -} diff --git a/security/nss/lib/freebl/mpi/utils/gcd.c b/security/nss/lib/freebl/mpi/utils/gcd.c deleted file mode 100644 index b36c7f281..000000000 --- a/security/nss/lib/freebl/mpi/utils/gcd.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * gcd.c - * - * Greatest common divisor - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include - -#include "mpi.h" - -char *g_prog = NULL; - -void print_mp_int(mp_int *mp, FILE *ofp); - -int main(int argc, char *argv[]) -{ - mp_int a, b, x, y; - mp_err res; - int ext = 0; - - g_prog = argv[0]; - - if(argc < 3) { - fprintf(stderr, "Usage: %s \n", g_prog); - return 1; - } - - mp_init(&a); mp_read_radix(&a, argv[1], 10); - mp_init(&b); mp_read_radix(&b, argv[2], 10); - - /* If we were called 'xgcd', compute x, y so that g = ax + by */ - if(strcmp(g_prog, "xgcd") == 0) { - ext = 1; - mp_init(&x); mp_init(&y); - } - - if(ext) { - if((res = mp_xgcd(&a, &b, &a, &x, &y)) != MP_OKAY) { - fprintf(stderr, "%s: error: %s\n", g_prog, mp_strerror(res)); - mp_clear(&a); mp_clear(&b); - mp_clear(&x); mp_clear(&y); - return 1; - } - } else { - if((res = mp_gcd(&a, &b, &a)) != MP_OKAY) { - fprintf(stderr, "%s: error: %s\n", g_prog, - mp_strerror(res)); - mp_clear(&a); mp_clear(&b); - return 1; - } - } - - print_mp_int(&a, stdout); - if(ext) { - fputs("x = ", stdout); print_mp_int(&x, stdout); - fputs("y = ", stdout); print_mp_int(&y, stdout); - } - - mp_clear(&a); mp_clear(&b); - - if(ext) { - mp_clear(&x); - mp_clear(&y); - } - - return 0; - -} - -void print_mp_int(mp_int *mp, FILE *ofp) -{ - char *buf; - int len; - - len = mp_radix_size(mp, 10); - buf = calloc(len, sizeof(char)); - mp_todecimal(mp, buf); - fprintf(ofp, "%s\n", buf); - free(buf); - -} diff --git a/security/nss/lib/freebl/mpi/utils/hex2dec.c b/security/nss/lib/freebl/mpi/utils/hex2dec.c deleted file mode 100644 index 97aad55c9..000000000 --- a/security/nss/lib/freebl/mpi/utils/hex2dec.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * hex2dec.c - * - * Convert decimal integers into hexadecimal - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include - -#include "mpi.h" - -int main(int argc, char *argv[]) -{ - mp_int a; - char *buf; - int len; - - if(argc < 2) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - mp_init(&a); mp_read_radix(&a, argv[1], 16); - len = mp_radix_size(&a, 10); - buf = malloc(len); - mp_toradix(&a, buf, 10); - - printf("%s\n", buf); - - free(buf); - mp_clear(&a); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/utils/identest.c b/security/nss/lib/freebl/mpi/utils/identest.c deleted file mode 100644 index a75d2b352..000000000 --- a/security/nss/lib/freebl/mpi/utils/identest.c +++ /dev/null @@ -1,79 +0,0 @@ -#include -#include -#include "mpi.h" -#include "mpprime.h" -#include -#include - -#define MAX_PREC (4096 / MP_DIGIT_BIT) - -mp_err identity_test(void) -{ - mp_size preca, precb; - mp_err res; - mp_int a, b; - mp_int t1, t2, t3, t4, t5; - - preca = (rand() % MAX_PREC) + 1; - precb = (rand() % MAX_PREC) + 1; - - MP_DIGITS(&a) = 0; - MP_DIGITS(&b) = 0; - MP_DIGITS(&t1) = 0; - MP_DIGITS(&t2) = 0; - MP_DIGITS(&t3) = 0; - MP_DIGITS(&t4) = 0; - MP_DIGITS(&t5) = 0; - - MP_CHECKOK( mp_init(&a) ); - MP_CHECKOK( mp_init(&b) ); - MP_CHECKOK( mp_init(&t1) ); - MP_CHECKOK( mp_init(&t2) ); - MP_CHECKOK( mp_init(&t3) ); - MP_CHECKOK( mp_init(&t4) ); - MP_CHECKOK( mp_init(&t5) ); - - MP_CHECKOK( mpp_random_size(&a, preca) ); - MP_CHECKOK( mpp_random_size(&b, precb) ); - - if (mp_cmp(&a, &b) < 0) - mp_exch(&a, &b); - - MP_CHECKOK( mp_mod(&a, &b, &t1) ); /* t1 = a%b */ - MP_CHECKOK( mp_div(&a, &b, &t2, NULL) ); /* t2 = a/b */ - MP_CHECKOK( mp_mul(&b, &t2, &t3) ); /* t3 = (a/b)*b */ - MP_CHECKOK( mp_add(&t1, &t3, &t4) ); /* t4 = a%b + (a/b)*b */ - MP_CHECKOK( mp_sub(&t4, &a, &t5) ); /* t5 = a%b + (a/b)*b - a */ - if (mp_cmp_z(&t5) != 0) { - res = MP_UNDEF; - goto CLEANUP; - } - -CLEANUP: - mp_clear(&t5); - mp_clear(&t4); - mp_clear(&t3); - mp_clear(&t2); - mp_clear(&t1); - mp_clear(&b); - mp_clear(&a); - return res; -} - -int -main(void) -{ - unsigned int seed = (unsigned int)time(NULL); - unsigned long count = 0; - mp_err res; - - srand(seed); - - while (MP_OKAY == (res = identity_test())) { - if ((++count % 100) == 0) - fputc('.', stderr); - } - - fprintf(stderr, "\ntest failed, err %d\n", res); - return res; -} diff --git a/security/nss/lib/freebl/mpi/utils/invmod.c b/security/nss/lib/freebl/mpi/utils/invmod.c deleted file mode 100644 index df58bb6d1..000000000 --- a/security/nss/lib/freebl/mpi/utils/invmod.c +++ /dev/null @@ -1,89 +0,0 @@ -/* - * invmod.c - * - * Compute modular inverses - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1997, 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include - -#include "mpi.h" - -int main(int argc, char *argv[]) -{ - mp_int a, m; - mp_err res; - char *buf; - int len, out = 0; - - if(argc < 3) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - mp_init(&a); mp_init(&m); - mp_read_radix(&a, argv[1], 10); - mp_read_radix(&m, argv[2], 10); - - if(mp_cmp(&a, &m) > 0) - mp_mod(&a, &m, &a); - - switch((res = mp_invmod(&a, &m, &a))) { - case MP_OKAY: - len = mp_radix_size(&a, 10); - buf = malloc(len); - - mp_toradix(&a, buf, 10); - printf("%s\n", buf); - free(buf); - break; - - case MP_UNDEF: - printf("No inverse\n"); - out = 1; - break; - - default: - printf("error: %s (%d)\n", mp_strerror(res), res); - out = 2; - break; - } - - mp_clear(&a); - mp_clear(&m); - - return out; -} diff --git a/security/nss/lib/freebl/mpi/utils/isprime.c b/security/nss/lib/freebl/mpi/utils/isprime.c deleted file mode 100644 index f9cd9707b..000000000 --- a/security/nss/lib/freebl/mpi/utils/isprime.c +++ /dev/null @@ -1,118 +0,0 @@ -/* - * isprime.c - * - * Probabilistic primality tester command-line tool - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include - -#include "mpi.h" -#include "mpprime.h" - -#define RM_TESTS 15 /* how many iterations of Rabin-Miller? */ -#define MINIMUM 1024 /* don't bother us with a < this */ - -int g_tests = RM_TESTS; -char *g_prog = NULL; - -int main(int argc, char *argv[]) -{ - mp_int a; - mp_digit np = prime_tab_size; /* from mpprime.h */ - int res = 0; - - g_prog = argv[0]; - - if(argc < 2) { - fprintf(stderr, "Usage: %s , where is a decimal integer\n" - "Use '0x' prefix for a hexadecimal value\n", g_prog); - return 1; - } - - /* Read number of tests from environment, if present */ - { - char *tmp; - - if((tmp = getenv("RM_TESTS")) != NULL) { - if((g_tests = atoi(tmp)) <= 0) - g_tests = RM_TESTS; - } - } - - mp_init(&a); - if(argv[1][0] == '0' && argv[1][1] == 'x') - mp_read_radix(&a, argv[1] + 2, 16); - else - mp_read_radix(&a, argv[1], 10); - - if(mp_cmp_d(&a, MINIMUM) <= 0) { - fprintf(stderr, "%s: please use a value greater than %d\n", - g_prog, MINIMUM); - mp_clear(&a); - return 1; - } - - /* Test for divisibility by small primes */ - if(mpp_divis_primes(&a, &np) != MP_NO) { - printf("Not prime (divisible by small prime %d)\n", np); - res = 2; - goto CLEANUP; - } - - /* Test with Fermat's test, using 2 as a witness */ - if(mpp_fermat(&a, 2) != MP_YES) { - printf("Not prime (failed Fermat test)\n"); - res = 2; - goto CLEANUP; - } - - /* Test with Rabin-Miller probabilistic test */ - if(mpp_pprime(&a, g_tests) == MP_NO) { - printf("Not prime (failed pseudoprime test)\n"); - res = 2; - goto CLEANUP; - } - - printf("Probably prime, 1 in 4^%d chance of false positive\n", g_tests); - -CLEANUP: - mp_clear(&a); - - return res; - -} diff --git a/security/nss/lib/freebl/mpi/utils/lap.c b/security/nss/lib/freebl/mpi/utils/lap.c deleted file mode 100644 index ababed7f3..000000000 --- a/security/nss/lib/freebl/mpi/utils/lap.c +++ /dev/null @@ -1,118 +0,0 @@ -/* - * lap.c - * - * Find least annihilating power of a mod m - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include - -#include "mpi.h" - -void sig_catch(int ign); - -int g_quit = 0; - -int main(int argc, char *argv[]) -{ - mp_int a, m, p, k; - - if(argc < 3) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - mp_init(&a); - mp_init(&m); - mp_init(&p); - mp_add_d(&p, 1, &p); - - mp_read_radix(&a, argv[1], 10); - mp_read_radix(&m, argv[2], 10); - - mp_init_copy(&k, &a); - - signal(SIGINT, sig_catch); -#ifndef __OS2__ - signal(SIGHUP, sig_catch); -#endif - signal(SIGTERM, sig_catch); - - while(mp_cmp(&p, &m) < 0) { - if(g_quit) { - int len; - char *buf; - - len = mp_radix_size(&p, 10); - buf = malloc(len); - mp_toradix(&p, buf, 10); - - fprintf(stderr, "Terminated at: %s\n", buf); - free(buf); - return 1; - } - if(mp_cmp_d(&k, 1) == 0) { - int len; - char *buf; - - len = mp_radix_size(&p, 10); - buf = malloc(len); - mp_toradix(&p, buf, 10); - - printf("%s\n", buf); - - free(buf); - break; - } - - mp_mulmod(&k, &a, &m, &k); - mp_add_d(&p, 1, &p); - } - - if(mp_cmp(&p, &m) >= 0) - printf("No annihilating power.\n"); - - mp_clear(&p); - mp_clear(&m); - mp_clear(&a); - return 0; -} - -void sig_catch(int ign) -{ - g_quit = 1; -} diff --git a/security/nss/lib/freebl/mpi/utils/makeprime.c b/security/nss/lib/freebl/mpi/utils/makeprime.c deleted file mode 100644 index c4deaa9f0..000000000 --- a/security/nss/lib/freebl/mpi/utils/makeprime.c +++ /dev/null @@ -1,144 +0,0 @@ -/* - * makeprime.c - * - * A simple prime generator function (and test driver). Prints out the - * first prime it finds greater than or equal to the starting value. - * - * Usage: makeprime - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include - -/* These two must be included for make_prime() to work */ - -#include "mpi.h" -#include "mpprime.h" - -/* - make_prime(p, nr) - - Find the smallest prime integer greater than or equal to p, where - primality is verified by 'nr' iterations of the Rabin-Miller - probabilistic primality test. The caller is responsible for - generating the initial value of p. - - Returns MP_OKAY if a prime has been generated, otherwise the error - code indicates some other problem. The value of p is clobbered; the - caller should keep a copy if the value is needed. - */ -mp_err make_prime(mp_int *p, int nr); - -/* The main() is not required -- it's just a test driver */ -int main(int argc, char *argv[]) -{ - mp_int start; - mp_err res; - - if(argc < 2) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - mp_init(&start); - if(argv[1][0] == '0' && tolower(argv[1][1]) == 'x') { - mp_read_radix(&start, argv[1] + 2, 16); - } else { - mp_read_radix(&start, argv[1], 10); - } - mp_abs(&start, &start); - - if((res = make_prime(&start, 5)) != MP_OKAY) { - fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res)); - mp_clear(&start); - - return 1; - - } else { - char *buf = malloc(mp_radix_size(&start, 10)); - - mp_todecimal(&start, buf); - printf("%s\n", buf); - free(buf); - - mp_clear(&start); - - return 0; - } - -} /* end main() */ - -/*------------------------------------------------------------------------*/ - -mp_err make_prime(mp_int *p, int nr) -{ - mp_err res; - - if(mp_iseven(p)) { - mp_add_d(p, 1, p); - } - - do { - mp_digit which = prime_tab_size; - - /* First test for divisibility by a few small primes */ - if((res = mpp_divis_primes(p, &which)) == MP_YES) - continue; - else if(res != MP_NO) - goto CLEANUP; - - /* If that passes, try one iteration of Fermat's test */ - if((res = mpp_fermat(p, 2)) == MP_NO) - continue; - else if(res != MP_YES) - goto CLEANUP; - - /* If that passes, run Rabin-Miller as often as requested */ - if((res = mpp_pprime(p, nr)) == MP_YES) - break; - else if(res != MP_NO) - goto CLEANUP; - - } while((res = mp_add_d(p, 2, p)) == MP_OKAY); - - CLEANUP: - return res; - -} /* end make_prime() */ - -/*------------------------------------------------------------------------*/ -/* HERE THERE BE DRAGONS */ diff --git a/security/nss/lib/freebl/mpi/utils/metime.c b/security/nss/lib/freebl/mpi/utils/metime.c deleted file mode 100644 index 3f39b23a9..000000000 --- a/security/nss/lib/freebl/mpi/utils/metime.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * metime.c - * - * Modular exponentiation timing test - * - * $Id$ - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 2000 Michael J. Fromberger. All Rights Reserved. - * - * Contributor(s): - * Netscape Communications Corporation - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include - -#include "mpi.h" -#include "mpprime.h" - -double clk_to_sec(clock_t start, clock_t stop); - -int main(int argc, char *argv[]) -{ - int ix, num, prec = 8; - unsigned int seed; - clock_t start, stop; - double sec; - - mp_int a, m, c; - - if(getenv("SEED") != NULL) - seed = abs(atoi(getenv("SEED"))); - else - seed = (unsigned int)time(NULL); - - if(argc < 2) { - fprintf(stderr, "Usage: %s []\n", argv[0]); - return 1; - } - - if((num = atoi(argv[1])) < 0) - num = -num; - - if(!num) { - fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]); - return 1; - } - - if(argc > 2) { - if((prec = atoi(argv[2])) <= 0) - prec = 8; - else - prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT; - - } - - printf("Modular exponentiation timing test\n" - "Precision: %d digits (%d bits)\n" - "# of tests: %d\n\n", prec, prec * DIGIT_BIT, num); - - mp_init_size(&a, prec); - mp_init_size(&m, prec); - mp_init_size(&c, prec); - - srand(seed); - - start = clock(); - for(ix = 0; ix < num; ix++) { - - mpp_random_size(&a, prec); - mpp_random_size(&c, prec); - mpp_random_size(&m, prec); - /* set msb and lsb of m */ - DIGIT(&m,0) |= 1; - DIGIT(&m, USED(&m)-1) |= (mp_digit)1 << (DIGIT_BIT - 1); - if (mp_cmp(&a, &m) > 0) - mp_sub(&a, &m, &a); - - mp_exptmod(&a, &c, &m, &c); - } - stop = clock(); - - sec = clk_to_sec(start, stop); - - printf("Total: %.3f seconds\n", sec); - printf("Individual: %.3f seconds\n", sec / num); - - mp_clear(&c); - mp_clear(&a); - mp_clear(&m); - - return 0; -} - -double clk_to_sec(clock_t start, clock_t stop) -{ - return (double)(stop - start) / CLOCKS_PER_SEC; -} - -/*------------------------------------------------------------------------*/ -/* HERE THERE BE DRAGONS */ diff --git a/security/nss/lib/freebl/mpi/utils/pi.c b/security/nss/lib/freebl/mpi/utils/pi.c deleted file mode 100644 index 367118586..000000000 --- a/security/nss/lib/freebl/mpi/utils/pi.c +++ /dev/null @@ -1,194 +0,0 @@ -/* - * pi.c - * - * Compute pi to an arbitrary number of digits. Uses Machin's formula, - * like everyone else on the planet: - * - * pi = 16 * arctan(1/5) - 4 * arctan(1/239) - * - * This is pretty effective for up to a few thousand digits, but it - * gets pretty slow after that. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include - -#include "mpi.h" - -mp_err arctan(mp_digit mul, mp_digit x, mp_digit prec, mp_int *sum); - -int main(int argc, char *argv[]) -{ - mp_err res; - mp_digit ndigits; - mp_int sum1, sum2; - clock_t start, stop; - int out = 0; - - /* Make the user specify precision on the command line */ - if(argc < 2) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - if((ndigits = abs(atoi(argv[1]))) == 0) { - fprintf(stderr, "%s: you must request at least 1 digit\n", argv[0]); - return 1; - } - - start = clock(); - mp_init(&sum1); mp_init(&sum2); - - /* sum1 = 16 * arctan(1/5) */ - if((res = arctan(16, 5, ndigits, &sum1)) != MP_OKAY) { - fprintf(stderr, "%s: arctan: %s\n", argv[0], mp_strerror(res)); - out = 1; goto CLEANUP; - } - - /* sum2 = 4 * arctan(1/239) */ - if((res = arctan(4, 239, ndigits, &sum2)) != MP_OKAY) { - fprintf(stderr, "%s: arctan: %s\n", argv[0], mp_strerror(res)); - out = 1; goto CLEANUP; - } - - /* pi = sum1 - sum2 */ - if((res = mp_sub(&sum1, &sum2, &sum1)) != MP_OKAY) { - fprintf(stderr, "%s: mp_sub: %s\n", argv[0], mp_strerror(res)); - out = 1; goto CLEANUP; - } - stop = clock(); - - /* Write the output in decimal */ - { - char *buf = malloc(mp_radix_size(&sum1, 10)); - - if(buf == NULL) { - fprintf(stderr, "%s: out of memory\n", argv[0]); - out = 1; goto CLEANUP; - } - mp_todecimal(&sum1, buf); - printf("%s\n", buf); - free(buf); - } - - fprintf(stderr, "Computation took %.2f sec.\n", - (double)(stop - start) / CLOCKS_PER_SEC); - - CLEANUP: - mp_clear(&sum1); - mp_clear(&sum2); - - return out; - -} - -/* Compute sum := mul * arctan(1/x), to 'prec' digits of precision */ -mp_err arctan(mp_digit mul, mp_digit x, mp_digit prec, mp_int *sum) -{ - mp_int t, v; - mp_digit q = 1, rd; - mp_err res; - int sign = 1; - - prec += 3; /* push inaccuracies off the end */ - - mp_init(&t); mp_set(&t, 10); - mp_init(&v); - if((res = mp_expt_d(&t, prec, &t)) != MP_OKAY || /* get 10^prec */ - (res = mp_mul_d(&t, mul, &t)) != MP_OKAY || /* ... times mul */ - (res = mp_mul_d(&t, x, &t)) != MP_OKAY) /* ... times x */ - goto CLEANUP; - - /* - The extra multiplication by x in the above takes care of what - would otherwise have to be a special case for 1 / x^1 during the - first loop iteration. A little sneaky, but effective. - - We compute arctan(1/x) by the formula: - - 1 1 1 1 - - - ----- + ----- - ----- + ... - x 3 x^3 5 x^5 7 x^7 - - We multiply through by 'mul' beforehand, which gives us a couple - more iterations and more precision - */ - - x *= x; /* works as long as x < sqrt(RADIX), which it is here */ - - mp_zero(sum); - - do { - if((res = mp_div_d(&t, x, &t, &rd)) != MP_OKAY) - goto CLEANUP; - - if(sign < 0 && rd != 0) - mp_add_d(&t, 1, &t); - - if((res = mp_div_d(&t, q, &v, &rd)) != MP_OKAY) - goto CLEANUP; - - if(sign < 0 && rd != 0) - mp_add_d(&v, 1, &v); - - if(sign > 0) - res = mp_add(sum, &v, sum); - else - res = mp_sub(sum, &v, sum); - - if(res != MP_OKAY) - goto CLEANUP; - - sign *= -1; - q += 2; - - } while(mp_cmp_z(&t) != 0); - - /* Chop off inaccurate low-order digits */ - mp_div_d(sum, 1000, sum, NULL); - - CLEANUP: - mp_clear(&v); - mp_clear(&t); - - return res; -} - -/*------------------------------------------------------------------------*/ -/* HERE THERE BE DRAGONS */ diff --git a/security/nss/lib/freebl/mpi/utils/primegen.c b/security/nss/lib/freebl/mpi/utils/primegen.c deleted file mode 100644 index 1f7a593e1..000000000 --- a/security/nss/lib/freebl/mpi/utils/primegen.c +++ /dev/null @@ -1,198 +0,0 @@ -/* - * primegen.c - * - * Generates random integers which are prime with a high degree of - * probability using the Miller-Rabin probabilistic primality testing - * algorithm. - * - * Usage: - * primegen [] - * - * - number of significant bits each prime should have - * - number of primes to generate - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include -#include - -#include "mpi.h" -#include "mplogic.h" -#include "mpprime.h" - -#undef MACOS /* define if running on a Macintosh */ - -#ifdef MACOS -#include -#endif - -#define NUM_TESTS 5 /* Number of Rabin-Miller iterations to test with */ - -#ifdef DEBUG -#define FPUTC(x,y) fputc(x,y) -#else -#define FPUTC(x,y) -#endif - -int main(int argc, char *argv[]) -{ - unsigned char *raw; - char *out; - unsigned long nTries; - int rawlen, bits, outlen, ngen, ix, jx; - int g_strong = 0; - mp_int testval; - mp_err res; - clock_t start, end; - -#ifdef MACOS - argc = ccommand(&argv); -#endif - - /* We'll just use the C library's rand() for now, although this - won't be good enough for cryptographic purposes */ - if((out = getenv("SEED")) == NULL) { - srand((unsigned int)time(NULL)); - } else { - srand((unsigned int)atoi(out)); - } - - if(argc < 2) { - fprintf(stderr, "Usage: %s [ [strong]]\n", argv[0]); - return 1; - } - - if((bits = abs(atoi(argv[1]))) < CHAR_BIT) { - fprintf(stderr, "%s: please request at least %d bits.\n", - argv[0], CHAR_BIT); - return 1; - } - - /* If optional third argument is given, use that as the number of - primes to generate; otherwise generate one prime only. - */ - if(argc < 3) { - ngen = 1; - } else { - ngen = abs(atoi(argv[2])); - } - - /* If fourth argument is given, and is the word "strong", we'll - generate strong (Sophie Germain) primes. - */ - if(argc > 3 && strcmp(argv[3], "strong") == 0) - g_strong = 1; - - /* testval - candidate being tested; nTries - number tried so far */ - if ((res = mp_init(&testval)) != MP_OKAY) { - fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res)); - return 1; - } - - if(g_strong) { - printf("Requested %d strong prime value(s) of %d bits.\n", - ngen, bits); - } else { - printf("Requested %d prime value(s) of %d bits.\n", ngen, bits); - } - - rawlen = (bits / CHAR_BIT) + ((bits % CHAR_BIT) ? 1 : 0) + 1; - - if((raw = calloc(rawlen, sizeof(unsigned char))) == NULL) { - fprintf(stderr, "%s: out of memory, sorry.\n", argv[0]); - return 1; - } - - /* This loop is one for each prime we need to generate */ - for(jx = 0; jx < ngen; jx++) { - - raw[0] = 0; /* sign is positive */ - - /* Pack the initializer with random bytes */ - for(ix = 1; ix < rawlen; ix++) - raw[ix] = (rand() * rand()) & UCHAR_MAX; - - raw[1] |= 0x80; /* set high-order bit of test value */ - raw[rawlen - 1] |= 1; /* set low-order bit of test value */ - - /* Make an mp_int out of the initializer */ - mp_read_raw(&testval, (char *)raw, rawlen); - - /* Initialize candidate counter */ - nTries = 0; - - start = clock(); /* time generation for this prime */ - do { - res = mpp_make_prime(&testval, bits, g_strong, &nTries); - if (res != MP_NO) - break; - /* This code works whether digits are 16 or 32 bits */ - res = mp_add_d(&testval, 32 * 1024, &testval); - res = mp_add_d(&testval, 32 * 1024, &testval); - FPUTC(',', stderr); - } while (1); - end = clock(); - - if (res != MP_YES) { - break; - } - FPUTC('\n', stderr); - puts("The following value is probably prime:"); - outlen = mp_radix_size(&testval, 10); - out = calloc(outlen, sizeof(unsigned char)); - mp_toradix(&testval, (char *)out, 10); - printf("10: %s\n", out); - mp_toradix(&testval, (char *)out, 16); - printf("16: %s\n\n", out); - free(out); - - printf("Number of candidates tried: %lu\n", nTries); - printf("This computation took %ld clock ticks (%.2f seconds)\n", - (end - start), ((double)(end - start) / CLOCKS_PER_SEC)); - - FPUTC('\n', stderr); - } /* end of loop to generate all requested primes */ - - if(res != MP_OKAY) - fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res)); - - free(raw); - mp_clear(&testval); - - return 0; -} diff --git a/security/nss/lib/freebl/mpi/utils/prng.c b/security/nss/lib/freebl/mpi/utils/prng.c deleted file mode 100644 index 9b8f7983a..000000000 --- a/security/nss/lib/freebl/mpi/utils/prng.c +++ /dev/null @@ -1,87 +0,0 @@ -/* - * prng.c - * - * Command-line pseudo-random number generator - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include -#include - -#ifdef __OS2__ -#include -#include -#else -#include -#endif - -#include "bbs_rand.h" - -int main(int argc, char *argv[]) -{ - unsigned char *seed; - unsigned int ix, num = 1; - pid_t pid; - - if(argc > 1) { - num = atoi(argv[1]); - if(num <= 0) - num = 1; - } - - pid = getpid(); - srand(time(NULL) * (unsigned int)pid); - - /* Not a perfect seed, but not bad */ - seed = malloc(bbs_seed_size); - for(ix = 0; ix < bbs_seed_size; ix++) { - seed[ix] = rand() % UCHAR_MAX; - } - - bbs_srand(seed, bbs_seed_size); - memset(seed, 0, bbs_seed_size); - free(seed); - - while(num-- > 0) { - ix = bbs_rand(); - - printf("%u\n", ix); - } - - return 0; - -} diff --git a/security/nss/lib/freebl/mpi/utils/ptab.pl b/security/nss/lib/freebl/mpi/utils/ptab.pl deleted file mode 100755 index f9c56b6c3..000000000 --- a/security/nss/lib/freebl/mpi/utils/ptab.pl +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/linguist/bin/perl -## -## The contents of this file are subject to the Mozilla Public -## License Version 1.1 (the "License"); you may not use this file -## except in compliance with the License. You may obtain a copy of -## the License at http://www.mozilla.org/MPL/ -## -## Software distributed under the License is distributed on an "AS -## IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -## implied. See the License for the specific language governing -## rights and limitations under the License. -## -## The Original Code is the MPI Arbitrary Precision Integer Arithmetic -## library. -## -## The Initial Developer of the Original Code is -## Michael J. Fromberger -## -## Portions created by Michael J. Fromberger are -## Copyright (C) 1998, 2000 Michael J. Fromberger. All Rights Reserved. -## -## Contributor(s): -## -## Alternatively, the contents of this file may be used under the -## terms of the GNU General Public License Version 2 or later (the -## "GPL"), in which case the provisions of the GPL are applicable -## instead of those above. If you wish to allow use of your -## version of this file only under the terms of the GPL and not to -## allow others to use your version of this file under the MPL, -## indicate your decision by deleting the provisions above and -## replace them with the notice and other provisions required by -## the GPL. If you do not delete the provisions above, a recipient -## may use your version of this file under either the MPL or the -## GPL. -## -## $Id$ -## - -while(<>) { - chomp; - push(@primes, $_); -} - -printf("mp_size prime_tab_size = %d;\n", ($#primes + 1)); -print "mp_digit prime_tab[] = {\n"; - -print "\t"; -$last = pop(@primes); -foreach $prime (sort {$a<=>$b} @primes) { - printf("0x%04X, ", $prime); - $brk = ($brk + 1) % 8; - print "\n\t" if(!$brk); -} -printf("0x%04X", $last); -print "\n" if($brk); -print "};\n\n"; - -exit 0; diff --git a/security/nss/lib/freebl/mpi/utils/sieve.c b/security/nss/lib/freebl/mpi/utils/sieve.c deleted file mode 100644 index 4dd20604c..000000000 --- a/security/nss/lib/freebl/mpi/utils/sieve.c +++ /dev/null @@ -1,265 +0,0 @@ -/* - * sieve.c - * - * Finds prime numbers using the Sieve of Eratosthenes - * - * This implementation uses a bitmap to represent all odd integers in a - * given range. We iterate over this bitmap, crossing off the - * multiples of each prime we find. At the end, all the remaining set - * bits correspond to prime integers. - * - * Here, we make two passes -- once we have generated a sieve-ful of - * primes, we copy them out, reset the sieve using the highest - * generated prime from the first pass as a base. Then we cross out - * all the multiples of all the primes we found the first time through, - * and re-sieve. In this way, we get double use of the memory we - * allocated for the sieve the first time though. Since we also - * implicitly ignore multiples of 2, this amounts to 4 times the - * values. - * - * This could (and probably will) be generalized to re-use the sieve a - * few more times. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the MPI Arbitrary Precision Integer Arithmetic - * library. - * - * The Initial Developer of the Original Code is Michael J. Fromberger. - * Portions created by Michael J. Fromberger are - * Copyright (C) 1998, 1999, 2000 Michael J. Fromberger. - * All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the GPL. - * - * $Id$ - */ - -#include -#include -#include - -typedef unsigned char byte; - -typedef struct { - int size; - byte *bits; - long base; - int next; - int nbits; -} sieve; - -void sieve_init(sieve *sp, long base, int nbits); -void sieve_grow(sieve *sp, int nbits); -long sieve_next(sieve *sp); -void sieve_reset(sieve *sp, long base); -void sieve_cross(sieve *sp, long val); -void sieve_clear(sieve *sp); - -#define S_ISSET(S, B) (((S)->bits[(B)/CHAR_BIT]>>((B)%CHAR_BIT))&1) -#define S_SET(S, B) ((S)->bits[(B)/CHAR_BIT]|=(1<<((B)%CHAR_BIT))) -#define S_CLR(S, B) ((S)->bits[(B)/CHAR_BIT]&=~(1<<((B)%CHAR_BIT))) -#define S_VAL(S, B) ((S)->base+(2*(B))) -#define S_BIT(S, V) (((V)-((S)->base))/2) - -int main(int argc, char *argv[]) -{ - sieve s; - long pr, *p; - int c, ix, cur = 0; - - if(argc < 2) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; - } - - c = atoi(argv[1]); - if(c < 0) c = -c; - - fprintf(stderr, "%s: sieving to %d positions\n", argv[0], c); - - sieve_init(&s, 3, c); - - c = 0; - while((pr = sieve_next(&s)) > 0) { - ++c; - } - - p = calloc(c, sizeof(long)); - if(!p) { - fprintf(stderr, "%s: out of memory after first half\n", argv[0]); - sieve_clear(&s); - exit(1); - } - - fprintf(stderr, "%s: half done ... \n", argv[0]); - - for(ix = 0; ix < s.nbits; ix++) { - if(S_ISSET(&s, ix)) { - p[cur] = S_VAL(&s, ix); - printf("%ld\n", p[cur]); - ++cur; - } - } - - sieve_reset(&s, p[cur - 1]); - fprintf(stderr, "%s: crossing off %d found primes ... \n", argv[0], cur); - for(ix = 0; ix < cur; ix++) { - sieve_cross(&s, p[ix]); - if(!(ix % 1000)) - fputc('.', stderr); - } - fputc('\n', stderr); - - free(p); - - fprintf(stderr, "%s: sieving again from %ld ... \n", argv[0], p[cur - 1]); - c = 0; - while((pr = sieve_next(&s)) > 0) { - ++c; - } - - fprintf(stderr, "%s: done!\n", argv[0]); - for(ix = 0; ix < s.nbits; ix++) { - if(S_ISSET(&s, ix)) { - printf("%ld\n", S_VAL(&s, ix)); - } - } - - sieve_clear(&s); - - return 0; -} - -void sieve_init(sieve *sp, long base, int nbits) -{ - sp->size = (nbits / CHAR_BIT); - - if(nbits % CHAR_BIT) - ++sp->size; - - sp->bits = calloc(sp->size, sizeof(byte)); - memset(sp->bits, UCHAR_MAX, sp->size); - if(!(base & 1)) - ++base; - sp->base = base; - - sp->next = 0; - sp->nbits = sp->size * CHAR_BIT; -} - -void sieve_grow(sieve *sp, int nbits) -{ - int ns = (nbits / CHAR_BIT); - - if(nbits % CHAR_BIT) - ++ns; - - if(ns > sp->size) { - byte *tmp; - int ix; - - tmp = calloc(ns, sizeof(byte)); - if(tmp == NULL) { - fprintf(stderr, "Error: out of memory in sieve_grow\n"); - return; - } - - memcpy(tmp, sp->bits, sp->size); - for(ix = sp->size; ix < ns; ix++) { - tmp[ix] = UCHAR_MAX; - } - - free(sp->bits); - sp->bits = tmp; - sp->size = ns; - - sp->nbits = sp->size * CHAR_BIT; - } -} - -long sieve_next(sieve *sp) -{ - long out; - int ix = 0; - long val; - - if(sp->next > sp->nbits) - return -1; - - out = S_VAL(sp, sp->next); -#ifdef DEBUG - fprintf(stderr, "Sieving %ld\n", out); -#endif - - /* Sieve out all multiples of the current prime */ - val = out; - while(ix < sp->nbits) { - val += out; - ix = S_BIT(sp, val); - if((val & 1) && ix < sp->nbits) { /* && S_ISSET(sp, ix)) { */ - S_CLR(sp, ix); -#ifdef DEBUG - fprintf(stderr, "Crossing out %ld (bit %d)\n", val, ix); -#endif - } - } - - /* Scan ahead to the next prime */ - ++sp->next; - while(sp->next < sp->nbits && !S_ISSET(sp, sp->next)) - ++sp->next; - - return out; -} - -void sieve_cross(sieve *sp, long val) -{ - int ix = 0; - long cur = val; - - while(cur < sp->base) - cur += val; - - ix = S_BIT(sp, cur); - while(ix < sp->nbits) { - if(cur & 1) - S_CLR(sp, ix); - cur += val; - ix = S_BIT(sp, cur); - } -} - -void sieve_reset(sieve *sp, long base) -{ - memset(sp->bits, UCHAR_MAX, sp->size); - sp->base = base; - sp->next = 0; -} - -void sieve_clear(sieve *sp) -{ - if(sp->bits) - free(sp->bits); - - sp->bits = NULL; -} diff --git a/security/nss/lib/freebl/mpi/vis_32.il b/security/nss/lib/freebl/mpi/vis_32.il deleted file mode 100644 index 443b6a00e..000000000 --- a/security/nss/lib/freebl/mpi/vis_32.il +++ /dev/null @@ -1,1320 +0,0 @@ -! -! The contents of this file are subject to the Mozilla Public -! License Version 1.1 (the "License"); you may not use this file -! except in compliance with the License. You may obtain a copy of -! the License at http://www.mozilla.org/MPL/ -! -! Software distributed under the License is distributed on an "AS -! IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -! implied. See the License for the specific language governing -! rights and limitations under the License. -! -! The Original Code is vis inline macros (32 bit). (vis_32.il 3.3) -! -! The Initial Developer of the Original Code is Sun Microsystems Inc. -! Portions created by Sun Microsystems Inc. are -! Copyright (C) 1995-2000 Sun Microsystems Inc. All Rights Reserved. -! -! Contributor(s): -! -! Alternatively, the contents of this file may be used under the -! terms of the GNU General Public License Version 2 or later (the -! "GPL"), in which case the provisions of the GPL are applicable -! instead of those above. If you wish to allow use of your -! version of this file only under the terms of the GPL and not to -! allow others to use your version of this file under the MPL, -! indicate your decision by deleting the provisions above and -! replace them with the notice and other provisions required by -! the GPL. If you do not delete the provisions above, a recipient -! may use your version of this file under either the MPL or the -! GPL. -! $Id$ -! -! @(#)vis_32.il 3.3 00/03/02 SMI - -! The interface to the VIS instructions as declared below (and in the VIS -! User's Manual) will not change, but the macro implementation might change -! in the future. - -!-------------------------------------------------------------------- -! Pure edge handling instructions -! -! int vis_edge8(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge8,8 - edge8 %o0,%o1,%o0 - .end -! -! int vis_edge8l(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge8l,8 - edge8l %o0,%o1,%o0 - .end -! -! int vis_edge16(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge16,8 - edge16 %o0,%o1,%o0 - .end -! -! int vis_edge16l(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge16l,8 - edge16l %o0,%o1,%o0 - .end -! -! int vis_edge32(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge32,8 - edge32 %o0,%o1,%o0 - .end -! -! int vis_edge32l(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge32l,8 - edge32l %o0,%o1,%o0 - .end - -!-------------------------------------------------------------------- -! Edge handling instructions with negative return values if cc set -! -! int vis_edge8cc(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge8cc,8 - edge8 %o0,%o1,%o0 - mov 0,%o1 - movgu %icc,-1024,%o1 - or %o1,%o0,%o0 - .end -! -! int vis_edge8lcc(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge8lcc,8 - edge8l %o0,%o1,%o0 - mov 0,%o1 - movgu %icc,-1024,%o1 - or %o1,%o0,%o0 - .end -! -! int vis_edge16cc(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge16cc,8 - edge16 %o0,%o1,%o0 - mov 0,%o1 - movgu %icc,-1024,%o1 - or %o1,%o0,%o0 - .end -! -! int vis_edge16lcc(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge16lcc,8 - edge16l %o0,%o1,%o0 - mov 0,%o1 - movgu %icc,-1024,%o1 - or %o1,%o0,%o0 - .end -! -! int vis_edge32cc(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge32cc,8 - edge32 %o0,%o1,%o0 - mov 0,%o1 - movgu %icc,-1024,%o1 - or %o1,%o0,%o0 - .end -! -! int vis_edge32lcc(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge32lcc,8 - edge32l %o0,%o1,%o0 - mov 0,%o1 - movgu %icc,-1024,%o1 - or %o1,%o0,%o0 - .end - -!-------------------------------------------------------------------- -! Alignment instructions -! -! void *vis_alignaddr(void */*rs1*/, int /*rs2*/); -! - .inline vis_alignaddr,8 - alignaddr %o0,%o1,%o0 - .end -! -! void *vis_alignaddrl(void */*rs1*/, int /*rs2*/); -! - .inline vis_alignaddrl,8 - alignaddrl %o0,%o1,%o0 - .end -! -! double vis_faligndata(double /*frs1*/, double /*frs2*/); -! - .inline vis_faligndata,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - faligndata %f4,%f10,%f0 - .end - -!-------------------------------------------------------------------- -! Partitioned comparison instructions -! -! int vis_fcmple16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmple16,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fcmple16 %f4,%f10,%o0 - .end -! -! int vis_fcmpne16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmpne16,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fcmpne16 %f4,%f10,%o0 - .end -! -! int vis_fcmple32(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmple32,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fcmple32 %f4,%f10,%o0 - .end -! -! int vis_fcmpne32(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmpne32,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fcmpne32 %f4,%f10,%o0 - .end -! -! int vis_fcmpgt16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmpgt16,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fcmpgt16 %f4,%f10,%o0 - .end -! -! int vis_fcmpeq16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmpeq16,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fcmpeq16 %f4,%f10,%o0 - .end -! -! int vis_fcmpgt32(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmpgt32,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fcmpgt32 %f4,%f10,%o0 - .end -! -! int vis_fcmpeq32(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmpeq32,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fcmpeq32 %f4,%f10,%o0 - .end - -!-------------------------------------------------------------------- -! Partitioned arithmetic -! -! double vis_fmul8x16(float /*frs1*/, double /*frs2*/); -! - .inline vis_fmul8x16,12 - st %o0,[%sp+0x44] - ld [%sp+0x44],%f4 - st %o1,[%sp+0x48] - st %o2,[%sp+0x4c] - ldd [%sp+0x48],%f10 - fmul8x16 %f4,%f10,%f0 - .end -! -! double vis_fmul8x16_dummy(float /*frs1*/, int /*dummy*/, double /*frs2*/); -! - .inline vis_fmul8x16_dummy,16 - st %o0,[%sp+0x44] - ld [%sp+0x44],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fmul8x16 %f4,%f10,%f0 - .end -! -! double vis_fmul8x16au(float /*frs1*/, float /*frs2*/); -! - .inline vis_fmul8x16au,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fmul8x16au %f4,%f10,%f0 - .end -! -! double vis_fmul8x16al(float /*frs1*/, float /*frs2*/); -! - .inline vis_fmul8x16al,8 - st %o0,[%sp+0x44] - ld [%sp+0x44],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fmul8x16al %f4,%f10,%f0 - .end -! -! double vis_fmul8sux16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fmul8sux16,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fmul8sux16 %f4,%f10,%f0 - .end -! -! double vis_fmul8ulx16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fmul8ulx16,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fmul8ulx16 %f4,%f10,%f0 - .end -! -! double vis_fmuld8sux16(float /*frs1*/, float /*frs2*/); -! - .inline vis_fmuld8sux16,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fmuld8sux16 %f4,%f10,%f0 - .end -! -! double vis_fmuld8ulx16(float /*frs1*/, float /*frs2*/); -! - .inline vis_fmuld8ulx16,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fmuld8ulx16 %f4,%f10,%f0 - .end -! -! double vis_fpadd16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fpadd16,16 - std %o0,[%sp+0x40] - ldd [%sp+0x40],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fpadd16 %f4,%f10,%f0 - .end -! -! float vis_fpadd16s(float /*frs1*/, float /*frs2*/); -! - .inline vis_fpadd16s,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fpadd16s %f4,%f10,%f0 - .end -! -! double vis_fpadd32(double /*frs1*/, double /*frs2*/); -! - .inline vis_fpadd32,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fpadd32 %f4,%f10,%f0 - .end -! -! float vis_fpadd32s(float /*frs1*/, float /*frs2*/); -! - .inline vis_fpadd32s,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fpadd32s %f4,%f10,%f0 - .end -! -! double vis_fpsub16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fpsub16,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fpsub16 %f4,%f10,%f0 - .end -! -! float vis_fpsub16s(float /*frs1*/, float /*frs2*/); -! - .inline vis_fpsub16s,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fpsub16s %f4,%f10,%f0 - .end -! -! double vis_fpsub32(double /*frs1*/, double /*frs2*/); -! - .inline vis_fpsub32,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fpsub32 %f4,%f10,%f0 - .end -! -! float vis_fpsub32s(float /*frs1*/, float /*frs2*/); -! - .inline vis_fpsub32s,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fpsub32s %f4,%f10,%f0 - .end - -!-------------------------------------------------------------------- -! Pixel packing -! -! float vis_fpack16(double /*frs2*/); -! - .inline vis_fpack16,8 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - fpack16 %f4,%f0 - .end - -! -! double vis_fpack16_pair(double /*frs2*/, double /*frs2*/); -! - .inline vis_fpack16_pair,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fpack16 %f4,%f0 - fpack16 %f10,%f1 - .end -! -! void vis_st2_fpack16(double, double, double *) -! - .inline vis_st2_fpack16,20 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fpack16 %f4,%f0 - fpack16 %f10,%f1 - st %f0,[%o4+0] - st %f1,[%o4+4] - .end -! -! void vis_std_fpack16(double, double, double *) -! - .inline vis_std_fpack16,20 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fpack16 %f4,%f0 - fpack16 %f10,%f1 - std %f0,[%o4] - .end -! -! void vis_st2_fpackfix(double, double, double *) -! - .inline vis_st2_fpackfix,20 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fpackfix %f4,%f0 - fpackfix %f10,%f1 - st %f0,[%o4+0] - st %f1,[%o4+4] - .end -! -! double vis_fpack16_to_hi(double /*frs1*/, double /*frs2*/); -! - .inline vis_fpack16_to_hi,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f0 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f4 - fpack16 %f4,%f0 - .end - -! double vis_fpack16_to_lo(double /*frs1*/, double /*frs2*/); -! - .inline vis_fpack16_to_lo,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f0 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f4 - fpack16 %f4,%f3 - fmovs %f3,%f1 /* without this, optimizer goes wrong */ - .end - -! -! double vis_fpack32(double /*frs1*/, double /*frs2*/); -! - .inline vis_fpack32,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fpack32 %f4,%f10,%f0 - .end -! -! float vis_fpackfix(double /*frs2*/); -! - .inline vis_fpackfix,8 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - fpackfix %f4,%f0 - .end -! -! double vis_fpackfix_pair(double /*frs2*/, double /*frs2*/); -! - .inline vis_fpackfix_pair,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f6 - fpackfix %f4,%f0 - fpackfix %f6,%f1 - .end - -!-------------------------------------------------------------------- -! Motion estimation -! -! double vis_pdist(double /*frs1*/, double /*frs2*/, double /*frd*/); -! - .inline vis_pdist,24 - std %o4,[%sp+0x48] - ldd [%sp+0x48],%f0 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - pdist %f4,%f10,%f0 - .end - -!-------------------------------------------------------------------- -! Channel merging -! -! double vis_fpmerge(float /*frs1*/, float /*frs2*/); -! - .inline vis_fpmerge,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fpmerge %f4,%f10,%f0 - .end - -!-------------------------------------------------------------------- -! Pixel expansion -! -! double vis_fexpand(float /*frs2*/); -! - .inline vis_fexpand,4 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - fexpand %f4,%f0 - .end - -! double vis_fexpand_hi(double /*frs2*/); -! - .inline vis_fexpand_hi,8 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - fexpand %f4,%f0 - .end - -! double vis_fexpand_lo(double /*frs2*/); -! - .inline vis_fexpand_lo,8 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - fmovs %f5, %f2 - fexpand %f2,%f0 - .end - -!-------------------------------------------------------------------- -! Bitwise logical operations -! -! double vis_fnor(double /*frs1*/, double /*frs2*/); -! - .inline vis_fnor,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fnor %f4,%f10,%f0 - .end -! -! float vis_fnors(float /*frs1*/, float /*frs2*/); -! - .inline vis_fnors,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fnors %f4,%f10,%f0 - .end -! -! double vis_fandnot(double /*frs1*/, double /*frs2*/); -! - .inline vis_fandnot,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fandnot1 %f4,%f10,%f0 - .end -! -! float vis_fandnots(float /*frs1*/, float /*frs2*/); -! - .inline vis_fandnots,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fandnot1s %f4,%f10,%f0 - .end -! -! double vis_fnot(double /*frs1*/); -! - .inline vis_fnot,8 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - fnot1 %f4,%f0 - .end -! -! float vis_fnots(float /*frs1*/); -! - .inline vis_fnots,4 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - fnot1s %f4,%f0 - .end -! -! double vis_fxor(double /*frs1*/, double /*frs2*/); -! - .inline vis_fxor,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fxor %f4,%f10,%f0 - .end -! -! float vis_fxors(float /*frs1*/, float /*frs2*/); -! - .inline vis_fxors,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fxors %f4,%f10,%f0 - .end -! -! double vis_fnand(double /*frs1*/, double /*frs2*/); -! - .inline vis_fnand,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fnand %f4,%f10,%f0 - .end -! -! float vis_fnands(float /*frs1*/, float /*frs2*/); -! - .inline vis_fnands,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fnands %f4,%f10,%f0 - .end -! -! double vis_fand(double /*frs1*/, double /*frs2*/); -! - .inline vis_fand,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fand %f4,%f10,%f0 - .end -! -! float vis_fands(float /*frs1*/, float /*frs2*/); -! - .inline vis_fands,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fands %f4,%f10,%f0 - .end -! -! double vis_fxnor(double /*frs1*/, double /*frs2*/); -! - .inline vis_fxnor,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fxnor %f4,%f10,%f0 - .end -! -! float vis_fxnors(float /*frs1*/, float /*frs2*/); -! - .inline vis_fxnors,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fxnors %f4,%f10,%f0 - .end -! -! double vis_fsrc(double /*frs1*/); -! - .inline vis_fsrc,8 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - fsrc1 %f4,%f0 - .end -! -! float vis_fsrcs(float /*frs1*/); -! - .inline vis_fsrcs,4 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - fsrc1s %f4,%f0 - .end -! -! double vis_fornot(double /*frs1*/, double /*frs2*/); -! - .inline vis_fornot,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - fornot1 %f4,%f10,%f0 - .end -! -! float vis_fornots(float /*frs1*/, float /*frs2*/); -! - .inline vis_fornots,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fornot1s %f4,%f10,%f0 - .end -! -! double vis_for(double /*frs1*/, double /*frs2*/); -! - .inline vis_for,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - std %o2,[%sp+0x48] - ldd [%sp+0x48],%f10 - for %f4,%f10,%f0 - .end -! -! float vis_fors(float /*frs1*/, float /*frs2*/); -! - .inline vis_fors,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - st %o1,[%sp+0x48] - ld [%sp+0x48],%f10 - fors %f4,%f10,%f0 - .end -! -! double vis_fzero(/* void */) -! - .inline vis_fzero,0 - fzero %f0 - .end -! -! float vis_fzeros(/* void */) -! - .inline vis_fzeros,0 - fzeros %f0 - .end -! -! double vis_fone(/* void */) -! - .inline vis_fone,0 - fone %f0 - .end -! -! float vis_fones(/* void */) -! - .inline vis_fones,0 - fones %f0 - .end - -!-------------------------------------------------------------------- -! Partial store instructions -! -! vis_stdfa_ASI_PST8P(double frd, void *rs1, int rmask) -! - .inline vis_stdfa_ASI_PST8P,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]%o3,0xc0 ! ASI_PST8_P - .end -! -! vis_stdfa_ASI_PST8PL(double frd, void *rs1, int rmask) -! - .inline vis_stdfa_ASI_PST8PL,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]%o3,0xc8 ! ASI_PST8_PL - .end -! -! vis_stdfa_ASI_PST8P_int_pair(void *rs1, void *rs2, void *rs3, int rmask); -! - .inline vis_stdfa_ASI_PST8P_int_pair,16 - ld [%o0],%f4 - ld [%o1],%f5 - stda %f4,[%o2]%o3,0xc0 ! ASI_PST8_P - .end -! -! vis_stdfa_ASI_PST8S(double frd, void *rs1, int rmask) -! - .inline vis_stdfa_ASI_PST8S,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]%o3,0xc1 ! ASI_PST8_S - .end -! -! vis_stdfa_ASI_PST16P(double frd, void *rs1, int rmask) -! - .inline vis_stdfa_ASI_PST16P,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]%o3,0xc2 ! ASI_PST16_P - .end -! -! vis_stdfa_ASI_PST16S(double frd, void *rs1, int rmask) -! - .inline vis_stdfa_ASI_PST16S,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]%o3,0xc3 ! ASI_PST16_S - .end -! -! vis_stdfa_ASI_PST32P(double frd, void *rs1, int rmask) -! - .inline vis_stdfa_ASI_PST32P,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]%o3,0xc4 ! ASI_PST32_P - .end -! -! vis_stdfa_ASI_PST32S(double frd, void *rs1, int rmask) -! - .inline vis_stdfa_ASI_PST32S,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]%o3,0xc5 ! ASI_PST32_S - .end - -!-------------------------------------------------------------------- -! Short store instructions -! -! vis_stdfa_ASI_FL8P(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL8P,12 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]0xd0 ! ASI_FL8_P - .end -! -! vis_stdfa_ASI_FL8P_index(double frd, void *rs1, long index) -! - .inline vis_stdfa_ASI_FL8P_index,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2+%o3]0xd0 ! ASI_FL8_P - .end -! -! vis_stdfa_ASI_FL8S(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL8S,12 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]0xd1 ! ASI_FL8_S - .end -! -! vis_stdfa_ASI_FL16P(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL16P,12 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]0xd2 ! ASI_FL16_P - .end -! -! vis_stdfa_ASI_FL16P_index(double frd, void *rs1, long index) -! - .inline vis_stdfa_ASI_FL16P_index,16 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2+%o3]0xd2 ! ASI_FL16_P - .end -! -! vis_stdfa_ASI_FL16S(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL16S,12 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]0xd3 ! ASI_FL16_S - .end -! -! vis_stdfa_ASI_FL8PL(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL8PL,12 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]0xd8 ! ASI_FL8_PL - .end -! -! vis_stdfa_ASI_FL8SL(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL8SL,12 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]0xd9 ! ASI_FL8_SL - .end -! -! vis_stdfa_ASI_FL16PL(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL16PL,12 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]0xda ! ASI_FL16_PL - .end -! -! vis_stdfa_ASI_FL16SL(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL16SL,12 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]0xdb ! ASI_FL16_SL - .end - -!-------------------------------------------------------------------- -! Short load instructions -! -! double vis_lddfa_ASI_FL8P(void *rs1) -! - .inline vis_lddfa_ASI_FL8P,4 - ldda [%o0]0xd0,%f4 ! ASI_FL8_P - fmovd %f4,%f0 ! Compiler can clean this up - .end -! -! double vis_lddfa_ASI_FL8P_index(void *rs1, long index) -! - .inline vis_lddfa_ASI_FL8P_index,8 - ldda [%o0+%o1]0xd0,%f4 - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL8P_hi(void *rs1, unsigned int index) -! - .inline vis_lddfa_ASI_FL8P_hi,8 - sra %o1,16,%o1 - ldda [%o0+%o1]0xd0,%f4 - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL8P_lo(void *rs1, unsigned int index) -! - .inline vis_lddfa_ASI_FL8P_lo,8 - sll %o1,16,%o1 - sra %o1,16,%o1 - ldda [%o0+%o1]0xd0,%f4 - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL8S(void *rs1) -! - .inline vis_lddfa_ASI_FL8S,4 - ldda [%o0]0xd1,%f4 ! ASI_FL8_S - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL16P(void *rs1) -! - .inline vis_lddfa_ASI_FL16P,4 - ldda [%o0]0xd2,%f4 ! ASI_FL16_P - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL16P_index(void *rs1, long index) -! - .inline vis_lddfa_ASI_FL16P_index,8 - ldda [%o0+%o1]0xd2,%f4 ! ASI_FL16_P - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL16S(void *rs1) -! - .inline vis_lddfa_ASI_FL16S,4 - ldda [%o0]0xd3,%f4 ! ASI_FL16_S - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL8PL(void *rs1) -! - .inline vis_lddfa_ASI_FL8PL,4 - ldda [%o0]0xd8,%f4 ! ASI_FL8_PL - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL8PL_index(void *rs1, long index) -! - .inline vis_lddfa_ASI_FL8PL_index,8 - ldda [%o0+%o1]0xd8,%f4 ! ASI_FL8_PL - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL8SL(void *rs1) -! - .inline vis_lddfa_ASI_FL8SL,4 - ldda [%o0]0xd9,%f4 ! ASI_FL8_SL - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL16PL(void *rs1) -! - .inline vis_lddfa_ASI_FL16PL,4 - ldda [%o0]0xda,%f4 ! ASI_FL16_PL - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL16PL_index(void *rs1, long index) -! - .inline vis_lddfa_ASI_FL16PL_index,8 - ldda [%o0+%o1]0xda,%f4 ! ASI_FL16_PL - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL16SL(void *rs1) -! - .inline vis_lddfa_ASI_FL16SL,4 - ldda [%o0]0xdb,%f4 ! ASI_FL16_SL - fmovd %f4,%f0 - .end - -!-------------------------------------------------------------------- -! Graphics status register -! -! unsigned int vis_read_gsr(void) -! - .inline vis_read_gsr,0 - rd %gsr,%o0 - .end -! -! void vis_write_gsr(unsigned int /* GSR */) -! - .inline vis_write_gsr,4 - wr %g0,%o0,%gsr - .end - -!-------------------------------------------------------------------- -! Voxel texture mapping -! -! unsigned long vis_array8(unsigned long long /*rs1 */, int /*rs2*/) -! - .inline vis_array8,12 - sllx %o0,32,%o0 - srl %o1,0,%o1 ! clear the most significant 32 bits of %o1 - or %o0,%o1,%o3 ! join %o0 and %o1 into %o3 - array8 %o3,%o2,%o0 - .end -! -! unsigned long vis_array16(unsigned long long /*rs1*/, int /*rs2*/) -! - .inline vis_array16,12 - sllx %o0,32,%o0 - srl %o1,0,%o1 ! clear the most significant 32 bits of %o1 - or %o0,%o1,%o3 ! join %o0 and %o1 into %o3 - array16 %o3,%o2,%o0 - .end -! -! unsigned long vis_array32(unsigned long long /*rs1*/, int /*rs2*/) -! - .inline vis_array32,12 - sllx %o0,32,%o0 - srl %o1,0,%o1 ! clear the most significant 32 bits of %o1 - or %o0,%o1,%o3 ! join %o0 and %o1 into %o3 - array32 %o3,%o2,%o0 - .end - -!-------------------------------------------------------------------- -! Register aliasing and type casts -! -! float vis_read_hi(double /* frs1 */); -! - .inline vis_read_hi,8 - std %o0,[%sp+0x48] ! store double frs1 - ldd [%sp+0x48],%f0 ! %f0:%f1 = double frs1; return %f0; - .end -! -! float vis_read_lo(double /* frs1 */); -! - .inline vis_read_lo,8 - std %o0,[%sp+0x48] ! store double frs1 - ldd [%sp+0x48],%f0 ! %f0:%f1 = double frs1; - fmovs %f1,%f0 ! %f0 = low word (frs1); return %f0; - .end -! -! double vis_write_hi(double /* frs1 */, float /* frs2 */); -! - .inline vis_write_hi,12 - std %o0,[%sp+0x48] ! store double frs1; - ldd [%sp+0x48],%f0 ! %f0:%f1 = double frs1; - st %o2,[%sp+0x44] ! store float frs2; - ld [%sp+0x44],%f2 ! %f2 = float frs2; - fmovs %f2,%f0 ! %f0 = float frs2; return %f0:f1; - .end -! -! double vis_write_lo(double /* frs1 */, float /* frs2 */); -! - .inline vis_write_lo,12 - std %o0,[%sp+0x48] ! store double frs1; - ldd [%sp+0x48],%f0 ! %f0:%f1 = double frs1; - st %o2,[%sp+0x44] ! store float frs2; - ld [%sp+0x44],%f2 ! %f2 = float frs2; - fmovs %f2,%f1 ! %f1 = float frs2; return %f0:f1; - .end -! -! double vis_freg_pair(float /* frs1 */, float /* frs2 */); -! - .inline vis_freg_pair,8 - st %o0,[%sp+0x48] ! store float frs1 - ld [%sp+0x48],%f0 - st %o1,[%sp+0x48] ! store float frs2 - ld [%sp+0x48],%f1 - .end -! -! float vis_to_float(unsigned int /*value*/); -! - .inline vis_to_float,4 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f0 - .end -! -! double vis_to_double(unsigned int /*value1*/, unsigned int /*value2*/); -! - .inline vis_to_double,8 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f0 - .end -! -! double vis_to_double_dup(unsigned int /*value*/); -! - .inline vis_to_double_dup,4 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f1 - fmovs %f1,%f0 ! duplicate value - .end -! -! double vis_ll_to_double(unsigned long long /*value*/); -! - .inline vis_ll_to_double,8 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f0 - .end - -!-------------------------------------------------------------------- -! Address space identifier (ASI) register -! -! unsigned int vis_read_asi(void) -! - .inline vis_read_asi,0 - rd %asi,%o0 - .end -! -! void vis_write_asi(unsigned int /* ASI */) -! - .inline vis_write_asi,4 - wr %g0,%o0,%asi - .end - -!-------------------------------------------------------------------- -! Load/store from/into alternate space -! -! float vis_ldfa_ASI_REG(void *rs1) -! - .inline vis_ldfa_ASI_REG,4 - lda [%o0+0]%asi,%f4 - fmovs %f4,%f0 ! Compiler can clean this up - .end -! -! float vis_ldfa_ASI_P(void *rs1) -! - .inline vis_ldfa_ASI_P,4 - lda [%o0]0x80,%f4 ! ASI_P - fmovs %f4,%f0 ! Compiler can clean this up - .end -! -! float vis_ldfa_ASI_PL(void *rs1) -! - .inline vis_ldfa_ASI_PL,4 - lda [%o0]0x88,%f4 ! ASI_PL - fmovs %f4,%f0 ! Compiler can clean this up - .end -! -! double vis_lddfa_ASI_REG(void *rs1) -! - .inline vis_lddfa_ASI_REG,4 - ldda [%o0+0]%asi,%f4 - fmovd %f4,%f0 ! Compiler can clean this up - .end -! -! double vis_lddfa_ASI_P(void *rs1) -! - .inline vis_lddfa_ASI_P,4 - ldda [%o0]0x80,%f4 ! ASI_P - fmovd %f4,%f0 ! Compiler can clean this up - .end -! -! double vis_lddfa_ASI_PL(void *rs1) -! - .inline vis_lddfa_ASI_PL,4 - ldda [%o0]0x88,%f4 ! ASI_PL - fmovd %f4,%f0 ! Compiler can clean this up - .end -! -! vis_stfa_ASI_REG(float frs, void *rs1) -! - .inline vis_stfa_ASI_REG,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - sta %f4,[%o1+0]%asi - .end -! -! vis_stfa_ASI_P(float frs, void *rs1) -! - .inline vis_stfa_ASI_P,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - sta %f4,[%o1]0x80 ! ASI_P - .end -! -! vis_stfa_ASI_PL(float frs, void *rs1) -! - .inline vis_stfa_ASI_PL,8 - st %o0,[%sp+0x48] - ld [%sp+0x48],%f4 - sta %f4,[%o1]0x88 ! ASI_PL - .end -! -! vis_stdfa_ASI_REG(double frd, void *rs1) -! - .inline vis_stdfa_ASI_REG,12 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2+0]%asi - .end -! -! vis_stdfa_ASI_P(double frd, void *rs1) -! - .inline vis_stdfa_ASI_P,12 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]0x80 ! ASI_P - .end -! -! vis_stdfa_ASI_PL(double frd, void *rs1) -! - .inline vis_stdfa_ASI_PL,12 - std %o0,[%sp+0x48] - ldd [%sp+0x48],%f4 - stda %f4,[%o2]0x88 ! ASI_PL - .end -! -! unsigned short vis_lduha_ASI_REG(void *rs1) -! - .inline vis_lduha_ASI_REG,4 - lduha [%o0+0]%asi,%o0 - .end -! -! unsigned short vis_lduha_ASI_P(void *rs1) -! - .inline vis_lduha_ASI_P,4 - lduha [%o0]0x80,%o0 ! ASI_P - .end -! -! unsigned short vis_lduha_ASI_PL(void *rs1) -! - .inline vis_lduha_ASI_PL,4 - lduha [%o0]0x88,%o0 ! ASI_PL - .end -! -! unsigned short vis_lduha_ASI_P_index(void *rs1, long index) -! - .inline vis_lduha_ASI_P_index,8 - lduha [%o0+%o1]0x80,%o0 ! ASI_P - .end -! -! unsigned short vis_lduha_ASI_PL_index(void *rs1, long index) -! - .inline vis_lduha_ASI_PL_index,8 - lduha [%o0+%o1]0x88,%o0 ! ASI_PL - .end - -!-------------------------------------------------------------------- -! Prefetch -! -! void vis_prefetch_read(void * /*address*/); -! - .inline vis_prefetch_read,4 - prefetch [%o0+0],0 - .end -! -! void vis_prefetch_write(void * /*address*/); -! - .inline vis_prefetch_write,4 - prefetch [%o0+0],2 - .end diff --git a/security/nss/lib/freebl/mpi/vis_64.il b/security/nss/lib/freebl/mpi/vis_64.il deleted file mode 100644 index 7a57e9b79..000000000 --- a/security/nss/lib/freebl/mpi/vis_64.il +++ /dev/null @@ -1,1026 +0,0 @@ -! -! The contents of this file are subject to the Mozilla Public -! License Version 1.1 (the "License"); you may not use this file -! except in compliance with the License. You may obtain a copy of -! the License at http://www.mozilla.org/MPL/ -! -! Software distributed under the License is distributed on an "AS -! IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -! implied. See the License for the specific language governing -! rights and limitations under the License. -! -! The Original Code is vis inline macros (64 bit). (vis_64.il 3.4) -! -! The Initial Developer of the Original Code is Sun Microsystems Inc. -! Portions created by Sun Microsystems Inc. are -! Copyright (C) 1998-2000 Sun Microsystems Inc. All Rights Reserved. -! -! Contributor(s): -! -! Alternatively, the contents of this file may be used under the -! terms of the GNU General Public License Version 2 or later (the -! "GPL"), in which case the provisions of the GPL are applicable -! instead of those above. If you wish to allow use of your -! version of this file only under the terms of the GPL and not to -! allow others to use your version of this file under the MPL, -! indicate your decision by deleting the provisions above and -! replace them with the notice and other provisions required by -! the GPL. If you do not delete the provisions above, a recipient -! may use your version of this file under either the MPL or the -! GPL. -! $Id$ -! -! @(#)vis_64.il 3.4 00/03/02 SMI - -! This file is to be used in place of vis.il in 64-bit builds. - -!-------------------------------------------------------------------- -! Pure edge handling instructions -! -! int vis_edge8(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge8,16 - edge8 %o0,%o1,%o0 - .end -! -! int vis_edge8l(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge8l,16 - edge8l %o0,%o1,%o0 - .end -! -! int vis_edge16(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge16,16 - edge16 %o0,%o1,%o0 - .end -! -! int vis_edge16l(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge16l,16 - edge16l %o0,%o1,%o0 - .end -! -! int vis_edge32(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge32,16 - edge32 %o0,%o1,%o0 - .end -! -! int vis_edge32l(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge32l,16 - edge32l %o0,%o1,%o0 - .end - -!-------------------------------------------------------------------- -! Edge handling instructions with negative return values if cc set -! -! int vis_edge8cc(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge8cc,16 - edge8 %o0,%o1,%o0 - mov 0,%o1 - movgu %xcc,-1024,%o1 - or %o1,%o0,%o0 - .end -! -! int vis_edge8lcc(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge8lcc,16 - edge8l %o0,%o1,%o0 - mov 0,%o1 - movgu %xcc,-1024,%o1 - or %o1,%o0,%o0 - .end -! -! int vis_edge16cc(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge16cc,16 - edge16 %o0,%o1,%o0 - mov 0,%o1 - movgu %xcc,-1024,%o1 - or %o1,%o0,%o0 - .end -! -! int vis_edge16lcc(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge16lcc,16 - edge16l %o0,%o1,%o0 - mov 0,%o1 - movgu %xcc,-1024,%o1 - or %o1,%o0,%o0 - .end -! -! int vis_edge32cc(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge32cc,16 - edge32 %o0,%o1,%o0 - mov 0,%o1 - movgu %xcc,-1024,%o1 - or %o1,%o0,%o0 - .end -! -! int vis_edge32lcc(void */*frs1*/, void */*frs2*/); -! - .inline vis_edge32lcc,16 - edge32l %o0,%o1,%o0 - mov 0,%o1 - movgu %xcc,-1024,%o1 - or %o1,%o0,%o0 - .end - -!-------------------------------------------------------------------- -! Alignment instructions -! -! void *vis_alignaddr(void */*rs1*/, int /*rs2*/); -! - .inline vis_alignaddr,12 - alignaddr %o0,%o1,%o0 - .end -! -! void *vis_alignaddrl(void */*rs1*/, int /*rs2*/); -! - .inline vis_alignaddrl,12 - alignaddrl %o0,%o1,%o0 - .end -! -! double vis_faligndata(double /*frs1*/, double /*frs2*/); -! - .inline vis_faligndata,16 - faligndata %f0,%f2,%f0 - .end - -!-------------------------------------------------------------------- -! Partitioned comparison instructions -! -! int vis_fcmple16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmple16,16 - fcmple16 %f0,%f2,%o0 - .end -! -! int vis_fcmpne16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmpne16,16 - fcmpne16 %f0,%f2,%o0 - .end -! -! int vis_fcmple32(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmple32,16 - fcmple32 %f0,%f2,%o0 - .end -! -! int vis_fcmpne32(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmpne32,16 - fcmpne32 %f0,%f2,%o0 - .end -! -! int vis_fcmpgt16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmpgt16,16 - fcmpgt16 %f0,%f2,%o0 - .end -! -! int vis_fcmpeq16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmpeq16,16 - fcmpeq16 %f0,%f2,%o0 - .end -! -! int vis_fcmpgt32(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmpgt32,16 - fcmpgt32 %f0,%f2,%o0 - .end -! -! int vis_fcmpeq32(double /*frs1*/, double /*frs2*/); -! - .inline vis_fcmpeq32,16 - fcmpeq32 %f0,%f2,%o0 - .end - -!-------------------------------------------------------------------- -! Partitioned arithmetic -! -! double vis_fmul8x16(float /*frs1*/, double /*frs2*/); -! - .inline vis_fmul8x16,12 - fmul8x16 %f1,%f2,%f0 - .end -! -! double vis_fmul8x16_dummy(float /*frs1*/, int /*dummy*/, double /*frs2*/); -! - .inline vis_fmul8x16_dummy,16 - fmul8x16 %f1,%f4,%f0 - .end -! -! double vis_fmul8x16au(float /*frs1*/, float /*frs2*/); -! - .inline vis_fmul8x16au,8 - fmul8x16au %f1,%f3,%f0 - .end -! -! double vis_fmul8x16al(float /*frs1*/, float /*frs2*/); -! - .inline vis_fmul8x16al,8 - fmul8x16al %f1,%f3,%f0 - .end -! -! double vis_fmul8sux16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fmul8sux16,16 - fmul8sux16 %f0,%f2,%f0 - .end -! -! double vis_fmul8ulx16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fmul8ulx16,16 - fmul8ulx16 %f0,%f2,%f0 - .end -! -! double vis_fmuld8sux16(float /*frs1*/, float /*frs2*/); -! - .inline vis_fmuld8sux16,8 - fmuld8sux16 %f1,%f3,%f0 - .end -! -! double vis_fmuld8ulx16(float /*frs1*/, float /*frs2*/); -! - .inline vis_fmuld8ulx16,8 - fmuld8ulx16 %f1,%f3,%f0 - .end -! -! double vis_fpadd16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fpadd16,16 - fpadd16 %f0,%f2,%f0 - .end -! -! float vis_fpadd16s(float /*frs1*/, float /*frs2*/); -! - .inline vis_fpadd16s,8 - fpadd16s %f1,%f3,%f0 - .end -! -! double vis_fpadd32(double /*frs1*/, double /*frs2*/); -! - .inline vis_fpadd32,16 - fpadd32 %f0,%f2,%f0 - .end -! -! float vis_fpadd32s(float /*frs1*/, float /*frs2*/); -! - .inline vis_fpadd32s,8 - fpadd32s %f1,%f3,%f0 - .end -! -! double vis_fpsub16(double /*frs1*/, double /*frs2*/); -! - .inline vis_fpsub16,16 - fpsub16 %f0,%f2,%f0 - .end -! -! float vis_fpsub16s(float /*frs1*/, float /*frs2*/); -! - .inline vis_fpsub16s,8 - fpsub16s %f1,%f3,%f0 - .end -! -! double vis_fpsub32(double /*frs1*/, double /*frs2*/); -! - .inline vis_fpsub32,16 - fpsub32 %f0,%f2,%f0 - .end -! -! float vis_fpsub32s(float /*frs1*/, float /*frs2*/); -! - .inline vis_fpsub32s,8 - fpsub32s %f1,%f3,%f0 - .end - -!-------------------------------------------------------------------- -! Pixel packing -! -! float vis_fpack16(double /*frs2*/); -! - .inline vis_fpack16,8 - fpack16 %f0,%f0 - .end -! -! double vis_fpack16_pair(double /*frs2*/, double /*frs2*/); -! - .inline vis_fpack16_pair,16 - fpack16 %f0,%f0 - fpack16 %f2,%f1 - .end -! -! void vis_st2_fpack16(double, double, double *) -! - .inline vis_st2_fpack16,24 - fpack16 %f0,%f0 - fpack16 %f2,%f1 - st %f0,[%o2+0] - st %f1,[%o2+4] - .end -! -! void vis_std_fpack16(double, double, double *) -! - .inline vis_std_fpack16,24 - fpack16 %f0,%f0 - fpack16 %f2,%f1 - std %f0,[%o2] - .end -! -! void vis_st2_fpackfix(double, double, double *) -! - .inline vis_st2_fpackfix,24 - fpackfix %f0,%f0 - fpackfix %f2,%f1 - st %f0,[%o2+0] - st %f1,[%o2+4] - .end -! -! double vis_fpack16_to_hi(double /*frs1*/, double /*frs2*/); -! - .inline vis_fpack16_to_hi,16 - fpack16 %f2,%f0 - .end - -! double vis_fpack16_to_lo(double /*frs1*/, double /*frs2*/); -! - .inline vis_fpack16_to_lo,16 - fpack16 %f2,%f3 - fmovs %f3,%f1 /* without this, optimizer goes wrong */ - .end - -! -! double vis_fpack32(double /*frs1*/, double /*frs2*/); -! - .inline vis_fpack32,16 - fpack32 %f0,%f2,%f0 - .end -! -! float vis_fpackfix(double /*frs2*/); -! - .inline vis_fpackfix,8 - fpackfix %f0,%f0 - .end -! -! double vis_fpackfix_pair(double /*frs2*/, double /*frs2*/); -! - .inline vis_fpackfix_pair,16 - fpackfix %f0,%f0 - fpackfix %f2,%f1 - .end - -!-------------------------------------------------------------------- -! Motion estimation -! -! double vis_pxldist64(double accum /*frd*/, double pxls1 /*frs1*/, -! double pxls2 /*frs2*/); -! - .inline vis_pxldist64,24 - pdist %f2,%f4,%f0 - .end - -!-------------------------------------------------------------------- -! Channel merging -! -! double vis_fpmerge(float /*frs1*/, float /*frs2*/); -! - .inline vis_fpmerge,8 - fpmerge %f1,%f3,%f0 - .end - -!-------------------------------------------------------------------- -! Pixel expansion -! -! double vis_fexpand(float /*frs2*/); -! - .inline vis_fexpand,4 - fexpand %f1,%f0 - .end - -! double vis_fexpand_hi(double /*frs2*/); -! - .inline vis_fexpand_hi,8 - fexpand %f0,%f0 - .end - -! double vis_fexpand_lo(double /*frs2*/); -! - .inline vis_fexpand_lo,8 - fexpand %f1,%f0 - .end - -!-------------------------------------------------------------------- -! Bitwise logical operations -! -! double vis_fnor(double /*frs1*/, double /*frs2*/); -! - .inline vis_fnor,16 - fnor %f0,%f2,%f0 - .end -! -! float vis_fnors(float /*frs1*/, float /*frs2*/); -! - .inline vis_fnors,8 - fnors %f1,%f3,%f0 - .end -! -! double vis_fandnot(double /*frs1*/, double /*frs2*/); -! - .inline vis_fandnot,16 - fandnot1 %f0,%f2,%f0 - .end -! -! float vis_fandnots(float /*frs1*/, float /*frs2*/); -! - .inline vis_fandnots,8 - fandnot1s %f1,%f3,%f0 - .end -! -! double vis_fnot(double /*frs1*/); -! - .inline vis_fnot,8 - fnot1 %f0,%f0 - .end -! -! float vis_fnots(float /*frs1*/); -! - .inline vis_fnots,4 - fnot1s %f1,%f0 - .end -! -! double vis_fxor(double /*frs1*/, double /*frs2*/); -! - .inline vis_fxor,16 - fxor %f0,%f2,%f0 - .end -! -! float vis_fxors(float /*frs1*/, float /*frs2*/); -! - .inline vis_fxors,8 - fxors %f1,%f3,%f0 - .end -! -! double vis_fnand(double /*frs1*/, double /*frs2*/); -! - .inline vis_fnand,16 - fnand %f0,%f2,%f0 - .end -! -! float vis_fnands(float /*frs1*/, float /*frs2*/); -! - .inline vis_fnands,8 - fnands %f1,%f3,%f0 - .end -! -! double vis_fand(double /*frs1*/, double /*frs2*/); -! - .inline vis_fand,16 - fand %f0,%f2,%f0 - .end -! -! float vis_fands(float /*frs1*/, float /*frs2*/); -! - .inline vis_fands,8 - fands %f1,%f3,%f0 - .end -! -! double vis_fxnor(double /*frs1*/, double /*frs2*/); -! - .inline vis_fxnor,16 - fxnor %f0,%f2,%f0 - .end -! -! float vis_fxnors(float /*frs1*/, float /*frs2*/); -! - .inline vis_fxnors,8 - fxnors %f1,%f3,%f0 - .end -! -! double vis_fsrc(double /*frs1*/); -! - .inline vis_fsrc,8 - fsrc1 %f0,%f0 - .end -! -! float vis_fsrcs(float /*frs1*/); -! - .inline vis_fsrcs,4 - fsrc1s %f1,%f0 - .end -! -! double vis_fornot(double /*frs1*/, double /*frs2*/); -! - .inline vis_fornot,16 - fornot1 %f0,%f2,%f0 - .end -! -! float vis_fornots(float /*frs1*/, float /*frs2*/); -! - .inline vis_fornots,8 - fornot1s %f1,%f3,%f0 - .end -! -! double vis_for(double /*frs1*/, double /*frs2*/); -! - .inline vis_for,16 - for %f0,%f2,%f0 - .end -! -! float vis_fors(float /*frs1*/, float /*frs2*/); -! - .inline vis_fors,8 - fors %f1,%f3,%f0 - .end -! -! double vis_fzero(/* void */) -! - .inline vis_fzero,0 - fzero %f0 - .end -! -! float vis_fzeros(/* void */) -! - .inline vis_fzeros,0 - fzeros %f0 - .end -! -! double vis_fone(/* void */) -! - .inline vis_fone,0 - fone %f0 - .end -! -! float vis_fones(/* void */) -! - .inline vis_fones,0 - fones %f0 - .end - -!-------------------------------------------------------------------- -! Partial store instructions -! -! vis_stdfa_ASI_PST8P(double frd, void *rs1, int rmask) -! - .inline vis_stdfa_ASI_PST8P,20 - stda %f0,[%o1]%o2,0xc0 ! ASI_PST8_P - .end -! -! vis_stdfa_ASI_PST8PL(double frd, void *rs1, int rmask) -! - .inline vis_stdfa_ASI_PST8PL,20 - stda %f0,[%o1]%o2,0xc8 ! ASI_PST8_PL - .end -! -! vis_stdfa_ASI_PST8P_int_pair(void *rs1, void *rs2, void *rs3, int rmask); -! - .inline vis_stdfa_ASI_PST8P_int_pair,28 - ld [%o0],%f4 - ld [%o1],%f5 - stda %f4,[%o2]%o3,0xc0 ! ASI_PST8_P - .end -! -! vis_stdfa_ASI_PST8S(double frd, void *rs1, int rmask) -! - .inline vis_stdfa_ASI_PST8S,20 - stda %f0,[%o1]%o2,0xc1 ! ASI_PST8_S - .end -! -! vis_stdfa_ASI_PST16P(double frd, void *rs1, int rmask) -! - .inline vis_stdfa_ASI_PST16P,20 - stda %f0,[%o1]%o2,0xc2 ! ASI_PST16_P - .end -! -! vis_stdfa_ASI_PST16S(double frd, void *rs1, int rmask) -! - .inline vis_stdfa_ASI_PST16S,20 - stda %f0,[%o1]%o2,0xc3 ! ASI_PST16_S - .end -! -! vis_stdfa_ASI_PST32P(double frd, void *rs1, int rmask) -! - .inline vis_stdfa_ASI_PST32P,20 - stda %f0,[%o1]%o2,0xc4 ! ASI_PST32_P - .end -! -! vis_stdfa_ASI_PST32S(double frd, void *rs1, int rmask) -! - .inline vis_stdfa_ASI_PST32S,20 - stda %f0,[%o1]%o2,0xc5 ! ASI_PST32_S - .end - -!-------------------------------------------------------------------- -! Short store instructions -! -! vis_stdfa_ASI_FL8P(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL8P,16 - stda %f0,[%o1]0xd0 ! ASI_FL8_P - .end -! -! vis_stdfa_ASI_FL8P_index(double frd, void *rs1, long index) -! - .inline vis_stdfa_ASI_FL8P_index,24 - stda %f0,[%o1+%o2]0xd0 ! ASI_FL8_P - .end -! -! vis_stdfa_ASI_FL8S(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL8S,16 - stda %f0,[%o1]0xd1 ! ASI_FL8_S - .end -! -! vis_stdfa_ASI_FL16P(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL16P,16 - stda %f0,[%o1]0xd2 ! ASI_FL16_P - .end -! -! vis_stdfa_ASI_FL16P_index(double frd, void *rs1, long index) -! - .inline vis_stdfa_ASI_FL16P_index,24 - stda %f0,[%o1+%o2]0xd2 ! ASI_FL16_P - .end -! -! vis_stdfa_ASI_FL16S(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL16S,16 - stda %f0,[%o1]0xd3 ! ASI_FL16_S - .end -! -! vis_stdfa_ASI_FL8PL(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL8PL,16 - stda %f0,[%o1]0xd8 ! ASI_FL8_PL - .end -! -! vis_stdfa_ASI_FL8SL(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL8SL,16 - stda %f0,[%o1]0xd9 ! ASI_FL8_SL - .end -! -! vis_stdfa_ASI_FL16PL(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL16PL,16 - stda %f0,[%o1]0xda ! ASI_FL16_PL - .end -! -! vis_stdfa_ASI_FL16SL(double frd, void *rs1) -! - .inline vis_stdfa_ASI_FL16SL,16 - stda %f0,[%o1]0xdb ! ASI_FL16_SL - .end - -!-------------------------------------------------------------------- -! Short load instructions -! -! double vis_lddfa_ASI_FL8P(void *rs1) -! - .inline vis_lddfa_ASI_FL8P,8 - ldda [%o0]0xd0,%f4 ! ASI_FL8_P - fmovd %f4,%f0 ! Compiler can clean this up - .end -! -! double vis_lddfa_ASI_FL8P_index(void *rs1, long index) -! - .inline vis_lddfa_ASI_FL8P_index,16 - ldda [%o0+%o1]0xd0,%f4 - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL8P_hi(void *rs1, unsigned int index) -! - .inline vis_lddfa_ASI_FL8P_hi,12 - sra %o1,16,%o1 - ldda [%o0+%o1]0xd0,%f4 - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL8P_lo(void *rs1, unsigned int index) -! - .inline vis_lddfa_ASI_FL8P_lo,12 - sll %o1,16,%o1 - sra %o1,16,%o1 - ldda [%o0+%o1]0xd0,%f4 - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL8S(void *rs1) -! - .inline vis_lddfa_ASI_FL8S,8 - ldda [%o0]0xd1,%f4 ! ASI_FL8_S - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL16P(void *rs1) -! - .inline vis_lddfa_ASI_FL16P,8 - ldda [%o0]0xd2,%f4 ! ASI_FL16_P - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL16P_index(void *rs1, long index) -! - .inline vis_lddfa_ASI_FL16P_index,16 - ldda [%o0+%o1]0xd2,%f4 ! ASI_FL16_P - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL16S(void *rs1) -! - .inline vis_lddfa_ASI_FL16S,8 - ldda [%o0]0xd3,%f4 ! ASI_FL16_S - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL8PL(void *rs1) -! - .inline vis_lddfa_ASI_FL8PL,8 - ldda [%o0]0xd8,%f4 ! ASI_FL8_PL - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL8PL_index(void *rs1, long index) -! - .inline vis_lddfa_ASI_FL8PL_index,16 - ldda [%o0+%o1]0xd8,%f4 ! ASI_FL8_PL - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL8SL(void *rs1) -! - .inline vis_lddfa_ASI_FL8SL,8 - ldda [%o0]0xd9,%f4 ! ASI_FL8_SL - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL16PL(void *rs1) -! - .inline vis_lddfa_ASI_FL16PL,8 - ldda [%o0]0xda,%f4 ! ASI_FL16_PL - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL16PL_index(void *rs1, long index) -! - .inline vis_lddfa_ASI_FL16PL_index,16 - ldda [%o0+%o1]0xda,%f4 ! ASI_FL16_PL - fmovd %f4,%f0 - .end -! -! double vis_lddfa_ASI_FL16SL(void *rs1) -! - .inline vis_lddfa_ASI_FL16SL,8 - ldda [%o0]0xdb,%f4 ! ASI_FL16_SL - fmovd %f4,%f0 - .end - -!-------------------------------------------------------------------- -! Graphics status register -! -! unsigned int vis_read_gsr(void) -! - .inline vis_read_gsr,0 - rd %gsr,%o0 - .end -! -! void vis_write_gsr(unsigned int /* GSR */) -! - .inline vis_write_gsr,4 - wr %g0,%o0,%gsr - .end - -!-------------------------------------------------------------------- -! Voxel texture mapping -! -! unsigned long vis_array8(unsigned long long /*rs1 */, int /*rs2*/) -! - .inline vis_array8,12 - array8 %o0,%o1,%o0 - .end -! -! unsigned long vis_array16(unsigned long long /*rs1*/, int /*rs2*/) -! - .inline vis_array16,12 - array16 %o0,%o1,%o0 - .end -! -! unsigned long vis_array32(unsigned long long /*rs1*/, int /*rs2*/) -! - .inline vis_array32,12 - array32 %o0,%o1,%o0 - .end - -!-------------------------------------------------------------------- -! Register aliasing and type casts -! -! float vis_read_hi(double /* frs1 */); -! - .inline vis_read_hi,8 - fmovs %f0,%f0 - .end -! -! float vis_read_lo(double /* frs1 */); -! - .inline vis_read_lo,8 - fmovs %f1,%f0 ! %f0 = low word (frs1); return %f0; - .end -! -! double vis_write_hi(double /* frs1 */, float /* frs2 */); -! - .inline vis_write_hi,12 - fmovs %f3,%f0 ! %f3 = float frs2; return %f0:f1; - .end -! -! double vis_write_lo(double /* frs1 */, float /* frs2 */); -! - .inline vis_write_lo,12 - fmovs %f3,%f1 ! %f3 = float frs2; return %f0:f1; - .end -! -! double vis_freg_pair(float /* frs1 */, float /* frs2 */); -! - .inline vis_freg_pair,8 - fmovs %f1,%f0 ! %f1 = float frs1; put in hi; - fmovs %f3,%f1 ! %f3 = float frs2; put in lo; return %f0:f1; - .end -! -! float vis_to_float(unsigned int /*value*/); -! - .inline vis_to_float,4 - st %o0,[%sp+2183] - ld [%sp+2183],%f0 - .end -! -! double vis_to_double(unsigned int /*value1*/, unsigned int /*value2*/); -! - .inline vis_to_double,8 - st %o0,[%sp+2183] - ld [%sp+2183],%f0 - st %o1,[%sp+2183] - ld [%sp+2183],%f1 - .end -! -! double vis_to_double_dup(unsigned int /*value*/); -! - .inline vis_to_double_dup,4 - st %o0,[%sp+2183] - ld [%sp+2183],%f1 - fmovs %f1,%f0 ! duplicate value - .end -! -! double vis_ll_to_double(unsigned long long /*value*/); -! - .inline vis_ll_to_double,8 - stx %o0,[%sp+2183] - ldd [%sp+2183],%f0 - .end - -!-------------------------------------------------------------------- -! Address space identifier (ASI) register -! -! unsigned int vis_read_asi(void) -! - .inline vis_read_asi,0 - rd %asi,%o0 - .end -! -! void vis_write_asi(unsigned int /* ASI */) -! - .inline vis_write_asi,4 - wr %g0,%o0,%asi - .end - -!-------------------------------------------------------------------- -! Load/store from/into alternate space -! -! float vis_ldfa_ASI_REG(void *rs1) -! - .inline vis_ldfa_ASI_REG,8 - lda [%o0+0]%asi,%f4 - fmovs %f4,%f0 ! Compiler can clean this up - .end -! -! float vis_ldfa_ASI_P(void *rs1) -! - .inline vis_ldfa_ASI_P,8 - lda [%o0]0x80,%f4 ! ASI_P - fmovs %f4,%f0 ! Compiler can clean this up - .end -! -! float vis_ldfa_ASI_PL(void *rs1) -! - .inline vis_ldfa_ASI_PL,8 - lda [%o0]0x88,%f4 ! ASI_PL - fmovs %f4,%f0 ! Compiler can clean this up - .end -! -! double vis_lddfa_ASI_REG(void *rs1) -! - .inline vis_lddfa_ASI_REG,8 - ldda [%o0+0]%asi,%f4 - fmovd %f4,%f0 ! Compiler can clean this up - .end -! -! double vis_lddfa_ASI_P(void *rs1) -! - .inline vis_lddfa_ASI_P,8 - ldda [%o0]0x80,%f4 ! ASI_P - fmovd %f4,%f0 ! Compiler can clean this up - .end -! -! double vis_lddfa_ASI_PL(void *rs1) -! - .inline vis_lddfa_ASI_PL,8 - ldda [%o0]0x88,%f4 ! ASI_PL - fmovd %f4,%f0 ! Compiler can clean this up - .end -! -! vis_stfa_ASI_REG(float frs, void *rs1) -! - .inline vis_stfa_ASI_REG,12 - sta %f1,[%o1+0]%asi - .end -! -! vis_stfa_ASI_P(float frs, void *rs1) -! - .inline vis_stfa_ASI_P,12 - sta %f1,[%o1]0x80 ! ASI_P - .end -! -! vis_stfa_ASI_PL(float frs, void *rs1) -! - .inline vis_stfa_ASI_PL,12 - sta %f1,[%o1]0x88 ! ASI_PL - .end -! -! vis_stdfa_ASI_REG(double frd, void *rs1) -! - .inline vis_stdfa_ASI_REG,16 - stda %f0,[%o1+0]%asi - .end -! -! vis_stdfa_ASI_P(double frd, void *rs1) -! - .inline vis_stdfa_ASI_P,16 - stda %f0,[%o1]0x80 ! ASI_P - .end -! -! vis_stdfa_ASI_PL(double frd, void *rs1) -! - .inline vis_stdfa_ASI_PL,16 - stda %f0,[%o1]0x88 ! ASI_PL - .end -! -! unsigned short vis_lduha_ASI_REG(void *rs1) -! - .inline vis_lduha_ASI_REG,8 - lduha [%o0+0]%asi,%o0 - .end -! -! unsigned short vis_lduha_ASI_P(void *rs1) -! - .inline vis_lduha_ASI_P,8 - lduha [%o0]0x80,%o0 ! ASI_P - .end -! -! unsigned short vis_lduha_ASI_PL(void *rs1) -! - .inline vis_lduha_ASI_PL,8 - lduha [%o0]0x88,%o0 ! ASI_PL - .end -! -! unsigned short vis_lduha_ASI_P_index(void *rs1, long index) -! - .inline vis_lduha_ASI_P_index,16 - lduha [%o0+%o1]0x80,%o0 ! ASI_P - .end -! -! unsigned short vis_lduha_ASI_PL_index(void *rs1, long index) -! - .inline vis_lduha_ASI_PL_index,16 - lduha [%o0+%o1]0x88,%o0 ! ASI_PL - .end - -!-------------------------------------------------------------------- -! Prefetch -! -! void vis_prefetch_read(void * /*address*/); -! - .inline vis_prefetch_read,8 - prefetch [%o0+0],0 - .end -! -! void vis_prefetch_write(void * /*address*/); -! - .inline vis_prefetch_write,8 - prefetch [%o0+0],2 - .end diff --git a/security/nss/lib/freebl/mpi/vis_proto.h b/security/nss/lib/freebl/mpi/vis_proto.h deleted file mode 100644 index 44192ad53..000000000 --- a/security/nss/lib/freebl/mpi/vis_proto.h +++ /dev/null @@ -1,263 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is prototypes for vis.il (vis_proto.h 1.3) - * - * The Initial Developer of the Original Code is Sun Microsystems Inc. - * Portions created by Sun Microsystems Inc. are - * Copyright (C) 1995, 1997 Sun Microsystems Inc. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * $Id$ - */ - -/* - * Prototypes for the inline templates in vis.il - */ - -#ifndef VIS_PROTO_H -#define VIS_PROTO_H - -#pragma ident "@(#)vis_proto.h 1.3 97/03/30 SMI" - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -/* Pure edge handling instructions */ -int vis_edge8(void * /*frs1*/, void * /*frs2*/); -int vis_edge8l(void * /*frs1*/, void * /*frs2*/); -int vis_edge16(void * /*frs1*/, void * /*frs2*/); -int vis_edge16l(void * /*frs1*/, void * /*frs2*/); -int vis_edge32(void * /*frs1*/, void * /*frs2*/); -int vis_edge32l(void * /*frs1*/, void * /*frs2*/); - -/* Edge handling instructions with negative return values if cc set. */ -int vis_edge8cc(void * /*frs1*/, void * /*frs2*/); -int vis_edge8lcc(void * /*frs1*/, void * /*frs2*/); -int vis_edge16cc(void * /*frs1*/, void * /*frs2*/); -int vis_edge16lcc(void * /*frs1*/, void * /*frs2*/); -int vis_edge32cc(void * /*frs1*/, void * /*frs2*/); -int vis_edge32lcc(void * /*frs1*/, void * /*frs2*/); - -/* Alignment instructions. */ -void *vis_alignaddr(void * /*rs1*/, int /*rs2*/); -void *vis_alignaddrl(void * /*rs1*/, int /*rs2*/); -double vis_faligndata(double /*frs1*/, double /*frs2*/); - -/* Partitioned comparison instructions. */ -int vis_fcmple16(double /*frs1*/, double /*frs2*/); -int vis_fcmpne16(double /*frs1*/, double /*frs2*/); -int vis_fcmple32(double /*frs1*/, double /*frs2*/); -int vis_fcmpne32(double /*frs1*/, double /*frs2*/); -int vis_fcmpgt16(double /*frs1*/, double /*frs2*/); -int vis_fcmpeq16(double /*frs1*/, double /*frs2*/); -int vis_fcmpgt32(double /*frs1*/, double /*frs2*/); -int vis_fcmpeq32(double /*frs1*/, double /*frs2*/); - -/* Partitioned multiplication. */ -#if 0 -double vis_fmul8x16(float /*frs1*/, double /*frs2*/); -#endif -double vis_fmul8x16_dummy(float /*frs1*/, int /*dummy*/, double /*frs2*/); -double vis_fmul8x16au(float /*frs1*/, float /*frs2*/); -double vis_fmul8x16al(float /*frs1*/, float /*frs2*/); -double vis_fmul8sux16(double /*frs1*/, double /*frs2*/); -double vis_fmul8ulx16(double /*frs1*/, double /*frs2*/); -double vis_fmuld8ulx16(float /*frs1*/, float /*frs2*/); -double vis_fmuld8sux16(float /*frs1*/, float /*frs2*/); - -/* Partitioned addition & subtraction. */ -double vis_fpadd16(double /*frs1*/, double /*frs2*/); -float vis_fpadd16s(float /*frs1*/, float /*frs2*/); -double vis_fpadd32(double /*frs1*/, double /*frs2*/); -float vis_fpadd32s(float /*frs1*/, float /*frs2*/); -double vis_fpsub16(double /*frs1*/, double /*frs2*/); -float vis_fpsub16s(float /*frs1*/, float /*frs2*/); -double vis_fpsub32(double /*frs1*/, double /*frs2*/); -float vis_fpsub32s(float /*frs1*/, float /*frs2*/); - -/* Pixel packing & clamping. */ -float vis_fpack16(double /*frs2*/); -double vis_fpack32(double /*frs1*/, double /*frs2*/); -float vis_fpackfix(double /*frs2*/); - -/* Combined pack ops. */ -double vis_fpack16_pair(double /*frs2*/, double /*frs2*/); -double vis_fpackfix_pair(double /*frs2*/, double /*frs2*/); -void vis_st2_fpack16(double, double, double *); -void vis_std_fpack16(double, double, double *); -void vis_st2_fpackfix(double, double, double *); - -double vis_fpack16_to_hi(double /*frs1*/, double /*frs2*/); -double vis_fpack16_to_lo(double /*frs1*/, double /*frs2*/); - -/* Motion estimation. */ -double vis_pdist(double /*frs1*/, double /*frs2*/, double /*frd*/); - -/* Channel merging. */ -double vis_fpmerge(float /*frs1*/, float /*frs2*/); - -/* Pixel expansion. */ -double vis_fexpand(float /*frs2*/); -double vis_fexpand_hi(double /*frs2*/); -double vis_fexpand_lo(double /*frs2*/); - -/* Bitwise logical operators. */ -double vis_fnor(double /*frs1*/, double /*frs2*/); -float vis_fnors(float /*frs1*/, float /*frs2*/); -double vis_fandnot(double /*frs1*/, double /*frs2*/); -float vis_fandnots(float /*frs1*/, float /*frs2*/); -double vis_fnot(double /*frs1*/); -float vis_fnots(float /*frs1*/); -double vis_fxor(double /*frs1*/, double /*frs2*/); -float vis_fxors(float /*frs1*/, float /*frs2*/); -double vis_fnand(double /*frs1*/, double /*frs2*/); -float vis_fnands(float /*frs1*/, float /*frs2*/); -double vis_fand(double /*frs1*/, double /*frs2*/); -float vis_fands(float /*frs1*/, float /*frs2*/); -double vis_fxnor(double /*frs1*/, double /*frs2*/); -float vis_fxnors(float /*frs1*/, float /*frs2*/); -double vis_fsrc(double /*frs1*/); -float vis_fsrcs(float /*frs1*/); -double vis_fornot(double /*frs1*/, double /*frs2*/); -float vis_fornots(float /*frs1*/, float /*frs2*/); -double vis_for(double /*frs1*/, double /*frs2*/); -float vis_fors(float /*frs1*/, float /*frs2*/); -double vis_fzero(void); -float vis_fzeros(void); -double vis_fone(void); -float vis_fones(void); - -/* Partial stores. */ -void vis_stdfa_ASI_PST8P(double /*frd*/, void * /*rs1*/, int /*rmask*/); -void vis_stdfa_ASI_PST8PL(double /*frd*/, void * /*rs1*/, int /*rmask*/); -void vis_stdfa_ASI_PST8P_int_pair(void * /*rs1*/, void * /*rs2*/, - void * /*rs3*/, int /*rmask*/); -void vis_stdfa_ASI_PST8S(double /*frd*/, void * /*rs1*/, int /*rmask*/); -void vis_stdfa_ASI_PST16P(double /*frd*/, void * /*rs1*/, int /*rmask*/); -void vis_stdfa_ASI_PST16S(double /*frd*/, void * /*rs1*/, int /*rmask*/); -void vis_stdfa_ASI_PST32P(double /*frd*/, void * /*rs1*/, int /*rmask*/); -void vis_stdfa_ASI_PST32S(double /*frd*/, void * /*rs1*/, int /*rmask*/); - -/* Byte & short stores. */ -void vis_stdfa_ASI_FL8P(double /*frd*/, void * /*rs1*/); -void vis_stdfa_ASI_FL8P_index(double /*frd*/, void * /*rs1*/, long /*index*/); -void vis_stdfa_ASI_FL8S(double /*frd*/, void * /*rs1*/); -void vis_stdfa_ASI_FL16P(double /*frd*/, void * /*rs1*/); -void vis_stdfa_ASI_FL16P_index(double /*frd*/, void * /*rs1*/, long /*index*/); -void vis_stdfa_ASI_FL16S(double /*frd*/, void * /*rs1*/); -void vis_stdfa_ASI_FL8PL(double /*frd*/, void * /*rs1*/); -void vis_stdfa_ASI_FL8SL(double /*frd*/, void * /*rs1*/); -void vis_stdfa_ASI_FL16PL(double /*frd*/, void * /*rs1*/); -void vis_stdfa_ASI_FL16SL(double /*frd*/, void * /*rs1*/); - -/* Byte & short loads. */ -double vis_lddfa_ASI_FL8P(void * /*rs1*/); -double vis_lddfa_ASI_FL8P_index(void * /*rs1*/, long /*index*/); -double vis_lddfa_ASI_FL8P_hi(void * /*rs1*/, unsigned int /*index*/); -double vis_lddfa_ASI_FL8P_lo(void * /*rs1*/, unsigned int /*index*/); -double vis_lddfa_ASI_FL8S(void * /*rs1*/); -double vis_lddfa_ASI_FL16P(void * /*rs1*/); -double vis_lddfa_ASI_FL16P_index(void * /*rs1*/, long /*index*/); -double vis_lddfa_ASI_FL16S(void * /*rs1*/); -double vis_lddfa_ASI_FL8PL(void * /*rs1*/); -double vis_lddfa_ASI_FL8SL(void * /*rs1*/); -double vis_lddfa_ASI_FL16PL(void * /*rs1*/); -double vis_lddfa_ASI_FL16SL(void * /*rs1*/); - -/* Direct write to GSR, read from GSR */ -void vis_write_gsr(unsigned int /*GSR*/); -unsigned int vis_read_gsr(void); - -/* Voxel texture mapping. */ -#if !defined(_NO_LONGLONG) -unsigned long vis_array8(unsigned long long /*rs1*/, int /*rs2*/); -unsigned long vis_array16(unsigned long long /*rs1*/, int /*rs2*/); -unsigned long vis_array32(unsigned long long /*rs1*/, int /*rs2*/); -#endif /* !defined(_NO_LONGLONG) */ - -/* Register aliasing and type casts. */ -float vis_read_hi(double /*frs1*/); -float vis_read_lo(double /*frs1*/); -double vis_write_hi(double /*frs1*/, float /*frs2*/); -double vis_write_lo(double /*frs1*/, float /*frs2*/); -double vis_freg_pair(float /*frs1*/, float /*frs2*/); -float vis_to_float(unsigned int /*value*/); -double vis_to_double(unsigned int /*value1*/, unsigned int /*value2*/); -double vis_to_double_dup(unsigned int /*value*/); -#if !defined(_NO_LONGLONG) -double vis_ll_to_double(unsigned long long /*value*/); -#endif /* !defined(_NO_LONGLONG) */ - -/* Miscellany (no inlines) */ -void vis_error(char * /*fmt*/, int /*a0*/); -void vis_sim_init(void); - -/* For better performance */ -#define vis_fmul8x16(farg,darg) vis_fmul8x16_dummy((farg),0,(darg)) - -/* Nicknames for explicit ASI loads and stores. */ -#define vis_st_u8 vis_stdfa_ASI_FL8P -#define vis_st_u8_i vis_stdfa_ASI_FL8P_index -#define vis_st_u8_le vis_stdfa_ASI_FL8PL -#define vis_st_u16 vis_stdfa_ASI_FL16P -#define vis_st_u16_i vis_stdfa_ASI_FL16P_index -#define vis_st_u16_le vis_stdfa_ASI_FL16PL - -#define vis_ld_u8 vis_lddfa_ASI_FL8P -#define vis_ld_u8_i vis_lddfa_ASI_FL8P_index -#define vis_ld_u8_le vis_lddfa_ASI_FL8PL -#define vis_ld_u16 vis_lddfa_ASI_FL16P -#define vis_ld_u16_i vis_lddfa_ASI_FL16P_index -#define vis_ld_u16_le vis_lddfa_ASI_FL16PL - -#define vis_pst_8 vis_stdfa_ASI_PST8P -#define vis_pst_16 vis_stdfa_ASI_PST16P -#define vis_pst_32 vis_stdfa_ASI_PST32P - -#define vis_st_u8s vis_stdfa_ASI_FL8S -#define vis_st_u8s_le vis_stdfa_ASI_FL8SL -#define vis_st_u16s vis_stdfa_ASI_FL16S -#define vis_st_u16s_le vis_stdfa_ASI_FL16SL - -#define vis_ld_u8s vis_lddfa_ASI_FL8S -#define vis_ld_u8s_le vis_lddfa_ASI_FL8SL -#define vis_ld_u16s vis_lddfa_ASI_FL16S -#define vis_ld_u16s_le vis_lddfa_ASI_FL16SL - -#define vis_pst_8s vis_stdfa_ASI_PST8S -#define vis_pst_16s vis_stdfa_ASI_PST16S -#define vis_pst_32s vis_stdfa_ASI_PST32S - -/* "<" and ">=" may be implemented in terms of ">" and "<=". */ -#define vis_fcmplt16(a,b) vis_fcmpgt16((b),(a)) -#define vis_fcmplt32(a,b) vis_fcmpgt32((b),(a)) -#define vis_fcmpge16(a,b) vis_fcmple16((b),(a)) -#define vis_fcmpge32(a,b) vis_fcmple32((b),(a)) - -#ifdef __cplusplus -} // End of extern "C" -#endif /* __cplusplus */ - -#endif /* VIS_PROTO_H */ diff --git a/security/nss/lib/freebl/os2_rand.c b/security/nss/lib/freebl/os2_rand.c deleted file mode 100644 index ee1703d57..000000000 --- a/security/nss/lib/freebl/os2_rand.c +++ /dev/null @@ -1,330 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#define INCL_DOS -#define INCL_DOSERRORS -#include -#include -#include -#include -#include -#include - -static BOOL clockTickTime(unsigned long *phigh, unsigned long *plow) -{ - APIRET rc = NO_ERROR; - QWORD qword = {0,0}; - - rc = DosTmrQueryTime(&qword); - if (rc != NO_ERROR) - return FALSE; - - *phigh = qword.ulHi; - *plow = qword.ulLo; - - return TRUE; -} - -size_t RNG_GetNoise(void *buf, size_t maxbuf) -{ - unsigned long high = 0; - unsigned long low = 0; - clock_t val = 0; - int n = 0; - int nBytes = 0; - time_t sTime; - - if (maxbuf <= 0) - return 0; - - clockTickTime(&high, &low); - - /* get the maximally changing bits first */ - nBytes = sizeof(low) > maxbuf ? maxbuf : sizeof(low); - memcpy(buf, &low, nBytes); - n += nBytes; - maxbuf -= nBytes; - - if (maxbuf <= 0) - return n; - - nBytes = sizeof(high) > maxbuf ? maxbuf : sizeof(high); - memcpy(((char *)buf) + n, &high, nBytes); - n += nBytes; - maxbuf -= nBytes; - - if (maxbuf <= 0) - return n; - - /* get the number of milliseconds that have elapsed since application started */ - val = clock(); - - nBytes = sizeof(val) > maxbuf ? maxbuf : sizeof(val); - memcpy(((char *)buf) + n, &val, nBytes); - n += nBytes; - maxbuf -= nBytes; - - if (maxbuf <= 0) - return n; - - /* get the time in seconds since midnight Jan 1, 1970 */ - time(&sTime); - nBytes = sizeof(sTime) > maxbuf ? maxbuf : sizeof(sTime); - memcpy(((char *)buf) + n, &sTime, nBytes); - n += nBytes; - - return n; -} - -static BOOL -EnumSystemFiles(void (*func)(const char *)) -{ - APIRET rc; - ULONG sysInfo = 0; - char bootLetter[2]; - char sysDir[_MAX_PATH] = ""; - char filename[_MAX_PATH]; - HDIR hdir = HDIR_CREATE; - ULONG numFiles = 1; - FILEFINDBUF3 fileBuf = {0}; - ULONG buflen = sizeof(FILEFINDBUF3); - - if (DosQuerySysInfo(QSV_BOOT_DRIVE, QSV_BOOT_DRIVE, (PVOID)&sysInfo, - sizeof(ULONG)) == NO_ERROR) - { - bootLetter[0] = sysInfo + 'A' -1; - bootLetter[1] = '\0'; - strcpy(sysDir, bootLetter); - strcpy(sysDir+1, ":\\OS2\\"); - - strcpy( filename, sysDir ); - strcat( filename, "*.*" ); - } - - rc =DosFindFirst( filename, &hdir, FILE_NORMAL, &fileBuf, buflen, - &numFiles, FIL_STANDARD ); - if( rc == NO_ERROR ) - { - do { - // pass the full pathname to the callback - sprintf( filename, "%s\\%s", sysDir, fileBuf.achName ); - (*func)(filename); - - numFiles = 1; - rc = DosFindNext( hdir, &fileBuf, buflen, &numFiles ); - if( rc != NO_ERROR && rc != ERROR_NO_MORE_FILES ) - printf( "DosFindNext errod code = %d\n", rc ); - } while ( rc == NO_ERROR ); - - rc = DosFindClose(hdir); - if( rc != NO_ERROR ) - printf( "DosFindClose error code = %d", rc ); - } - else - printf( "DosFindFirst error code = %d", rc ); - - return TRUE; -} - -static int dwNumFiles, dwReadEvery; - -static void -CountFiles(const char *file) -{ - dwNumFiles++; -} - -static void -ReadFiles(const char *file) -{ - if ((dwNumFiles % dwReadEvery) == 0) - RNG_FileForRNG(file); - - dwNumFiles++; -} - -static void -ReadSystemFiles(void) -{ - // first count the number of files - dwNumFiles = 0; - if (!EnumSystemFiles(CountFiles)) - return; - - RNG_RandomUpdate(&dwNumFiles, sizeof(dwNumFiles)); - - // now read 10 files - if (dwNumFiles == 0) - return; - - dwReadEvery = dwNumFiles / 10; - if (dwReadEvery == 0) - dwReadEvery = 1; // less than 10 files - - dwNumFiles = 0; - EnumSystemFiles(ReadFiles); -} - -void RNG_SystemInfoForRNG(void) -{ - unsigned long *plong = 0; - PTIB ptib; - PPIB ppib; - APIRET rc = NO_ERROR; - DATETIME dt; - COUNTRYCODE cc = {0}; - COUNTRYINFO ci = {0}; - unsigned long actual = 0; - char path[_MAX_PATH]=""; - char fullpath[_MAX_PATH]=""; - unsigned long pathlength = sizeof(path); - FSALLOCATE fsallocate; - FILESTATUS3 fstatus; - unsigned long defaultdrive = 0; - unsigned long logicaldrives = 0; - unsigned long sysInfo[QSV_MAX] = {0}; - char buffer[20]; - int nBytes = 0; - - nBytes = RNG_GetNoise(buffer, sizeof(buffer)); - RNG_RandomUpdate(buffer, nBytes); - - /* allocate memory and use address and memory */ - plong = (unsigned long *)malloc(sizeof(*plong)); - RNG_RandomUpdate(&plong, sizeof(plong)); - RNG_RandomUpdate(plong, sizeof(*plong)); - free(plong); - - /* process info */ - rc = DosGetInfoBlocks(&ptib, &ppib); - if (rc == NO_ERROR) - { - RNG_RandomUpdate(ptib, sizeof(*ptib)); - RNG_RandomUpdate(ppib, sizeof(*ppib)); - } - - /* time */ - rc = DosGetDateTime(&dt); - if (rc == NO_ERROR) - { - RNG_RandomUpdate(&dt, sizeof(dt)); - } - - /* country */ - rc = DosQueryCtryInfo(sizeof(ci), &cc, &ci, &actual); - if (rc == NO_ERROR) - { - RNG_RandomUpdate(&cc, sizeof(cc)); - RNG_RandomUpdate(&ci, sizeof(ci)); - RNG_RandomUpdate(&actual, sizeof(actual)); - } - - /* current directory */ - rc = DosQueryCurrentDir(0, path, &pathlength); - strcat(fullpath, "\\"); - strcat(fullpath, path); - if (rc == NO_ERROR) - { - RNG_RandomUpdate(fullpath, strlen(fullpath)); - // path info - rc = DosQueryPathInfo(fullpath, FIL_STANDARD, &fstatus, sizeof(fstatus)); - if (rc == NO_ERROR) - { - RNG_RandomUpdate(&fstatus, sizeof(fstatus)); - } - } - - /* file system info */ - rc = DosQueryFSInfo(0, FSIL_ALLOC, &fsallocate, sizeof(fsallocate)); - if (rc == NO_ERROR) - { - RNG_RandomUpdate(&fsallocate, sizeof(fsallocate)); - } - - /* drive info */ - rc = DosQueryCurrentDisk(&defaultdrive, &logicaldrives); - if (rc == NO_ERROR) - { - RNG_RandomUpdate(&defaultdrive, sizeof(defaultdrive)); - RNG_RandomUpdate(&logicaldrives, sizeof(logicaldrives)); - } - - /* system info */ - rc = DosQuerySysInfo(1L, QSV_MAX, (PVOID)&sysInfo, sizeof(ULONG)*QSV_MAX); - if (rc == NO_ERROR) - { - RNG_RandomUpdate(&sysInfo, sizeof(sysInfo)); - } - - // now let's do some files - ReadSystemFiles(); - - /* more noise */ - nBytes = RNG_GetNoise(buffer, sizeof(buffer)); - RNG_RandomUpdate(buffer, nBytes); -} - -void RNG_FileForRNG(const char *filename) -{ - struct stat stat_buf; - unsigned char buffer[1024]; - FILE *file = 0; - int nBytes = 0; - static int totalFileBytes = 0; - - if (stat((char *)filename, &stat_buf) < 0) - return; - - RNG_RandomUpdate((unsigned char*)&stat_buf, sizeof(stat_buf)); - - file = fopen((char *)filename, "r"); - if (file != NULL) - { - for (;;) - { - size_t bytes = fread(buffer, 1, sizeof(buffer), file); - - if (bytes == 0) - break; - - RNG_RandomUpdate(buffer, bytes); - totalFileBytes += bytes; - if (totalFileBytes > 250000) - break; - } - fclose(file); - } - - nBytes = RNG_GetNoise(buffer, 20); - RNG_RandomUpdate(buffer, nBytes); -} diff --git a/security/nss/lib/freebl/pqg.c b/security/nss/lib/freebl/pqg.c deleted file mode 100644 index dca53e93d..000000000 --- a/security/nss/lib/freebl/pqg.c +++ /dev/null @@ -1,667 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* - * PQG parameter generation/verification. Based on FIPS 186-1. - * - * $Id$ - */ - -#include "prerr.h" -#include "secerr.h" - -#include "prtypes.h" -#include "blapi.h" -#include "secitem.h" -#include "mpi.h" -#include "mpprime.h" -#include "mplogic.h" -#include "secmpi.h" - -#define MAX_ITERATIONS 600 /* Maximum number of iterations of primegen */ -#define PQG_Q_PRIMALITY_TESTS 18 /* from HAC table 4.4 */ -#define PQG_P_PRIMALITY_TESTS 5 /* from HAC table 4.4 */ - - /* XXX to be replaced by define in blapit.h */ -#define BITS_IN_Q 160 - -/* For FIPS-compliance testing. -** The following array holds the seed defined in FIPS 186-1 appendix 5. -** This seed is used to generate P and Q according to appendix 2; use of -** this seed will exactly generate the PQG specified in appendix 2. -*/ -#ifdef FIPS_186_1_A5_TEST -static const unsigned char fips_186_1_a5_pqseed[] = { - 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, - 0xb6, 0x21, 0x1b, 0x40, 0x62, 0xba, 0x32, 0x24, - 0xe0, 0x42, 0x7d, 0xd3 -}; -#endif - -/* Get a seed for generating P and Q. If in testing mode, copy in the -** seed from FIPS 186-1 appendix 5. Otherwise, obtain bytes from the -** global random number generator. -*/ -static SECStatus -getPQseed(SECItem *seed) -{ - if (seed->data) { - PORT_Free(seed->data); - seed->data = NULL; - } - seed->data = (unsigned char*)PORT_ZAlloc(seed->len); - if (!seed->data) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return SECFailure; - } -#ifdef FIPS_186_1_A5_TEST - memcpy(seed->data, fips_186_1_a5_pqseed, seed->len); - return SECSuccess; -#else - return RNG_GenerateGlobalRandomBytes(seed->data, seed->len); -#endif -} - -/* Generate a candidate h value. If in testing mode, use the h value -** specified in FIPS 186-1 appendix 5, h = 2. Otherwise, obtain bytes -** from the global random number generator. -*/ -static SECStatus -generate_h_candidate(SECItem *hit, mp_int *H) -{ - SECStatus rv = SECSuccess; - mp_err err = MP_OKAY; -#ifdef FIPS_186_1_A5_TEST - memset(hit->data, 0, hit->len); - hit->data[hit->len-1] = 0x02; -#else - rv = RNG_GenerateGlobalRandomBytes(hit->data, hit->len); -#endif - if (rv) - return SECFailure; - err = mp_read_unsigned_octets(H, hit->data, hit->len); - if (err) { - MP_TO_SEC_ERROR(err); - return SECFailure; - } - return SECSuccess; -} - -/* Compute SHA[(SEED + addend) mod 2**g] -** Result is placed in shaOutBuf. -** This computation is used in steps 2 and 7 of FIPS 186 Appendix 2.2 . -*/ -static SECStatus -addToSeedThenSHA(const SECItem * seed, - unsigned long addend, - int g, - unsigned char * shaOutBuf) -{ - SECItem str = { 0, 0, 0 }; - mp_int s, sum, modulus, tmp; - mp_err err = MP_OKAY; - SECStatus rv = SECSuccess; - MP_DIGITS(&s) = 0; - MP_DIGITS(&sum) = 0; - MP_DIGITS(&modulus) = 0; - MP_DIGITS(&tmp) = 0; - CHECK_MPI_OK( mp_init(&s) ); - CHECK_MPI_OK( mp_init(&sum) ); - CHECK_MPI_OK( mp_init(&modulus) ); - SECITEM_TO_MPINT(*seed, &s); /* s = seed */ - /* seed += addend */ - if (addend < MP_DIGIT_MAX) { - CHECK_MPI_OK( mp_add_d(&s, (mp_digit)addend, &s) ); - } else { - CHECK_MPI_OK( mp_init(&tmp) ); - CHECK_MPI_OK( mp_set_ulong(&tmp, addend) ); - CHECK_MPI_OK( mp_add(&s, &tmp, &s) ); - } - CHECK_MPI_OK( mp_div_2d(&s, (mp_digit)g, NULL, &sum) );/*sum = s mod 2**g */ - MPINT_TO_SECITEM(&sum, &str, NULL); - rv = SHA1_HashBuf(shaOutBuf, str.data, str.len); /* SHA1 hash result */ -cleanup: - mp_clear(&s); - mp_clear(&sum); - mp_clear(&modulus); - mp_clear(&tmp); - if (str.data) - SECITEM_ZfreeItem(&str, PR_FALSE); - if (err) { - MP_TO_SEC_ERROR(err); - return SECFailure; - } - return rv; -} - -/* -** Perform steps 2 and 3 of FIPS 186, appendix 2.2. -** Generate Q from seed. -*/ -static SECStatus -makeQfromSeed( - unsigned int g, /* input. Length of seed in bits. */ -const SECItem * seed, /* input. */ - mp_int * Q) /* output. */ -{ - unsigned char sha1[SHA1_LENGTH]; - unsigned char sha2[SHA1_LENGTH]; - unsigned char U[SHA1_LENGTH]; - SECStatus rv = SECSuccess; - mp_err err = MP_OKAY; - int i; - /* ****************************************************************** - ** Step 2. - ** "Compute U = SHA[SEED] XOR SHA[(SEED+1) mod 2**g]." - **/ - CHECK_SEC_OK( SHA1_HashBuf(sha1, seed->data, seed->len) ); - CHECK_SEC_OK( addToSeedThenSHA(seed, 1, g, sha2) ); - for (i=0; i 0) /* H = H mod (P-1) */ - CHECK_MPI_OK( mp_sub(H, &pm1, H) ); - /* Let b = 2**n (smallest power of 2 greater than P). - ** Since P-1 >= b/2, and H < b, quotient(H/(P-1)) = 0 or 1 - ** so the above operation safely computes H mod (P-1) - */ - /* Check for H = to 0 or 1. Regen H if so. (Regen means return error). */ - if (mp_cmp_d(H, 1) <= 0) { - rv = SECFailure; - goto cleanup; - } - /* Compute G, according to the equation G = (H ** ((P-1)/Q)) mod P */ - CHECK_MPI_OK( mp_div(&pm1, Q, &exp, NULL) ); /* exp = (P-1)/Q */ - CHECK_MPI_OK( mp_exptmod(H, &exp, P, G) ); /* G = H ** exp mod P */ - /* Check for G == 0 or G == 1, return error if so. */ - if (mp_cmp_d(G, 1) <= 0) { - rv = SECFailure; - goto cleanup; - } - *passed = PR_TRUE; -cleanup: - mp_clear(&exp); - mp_clear(&pm1); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - return rv; -} - -SECStatus -PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy) -{ - unsigned int L; /* Length of P in bits. Per FIPS 186. */ - unsigned int seedBytes; - - if (j > 8 || !pParams || !pVfy) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - L = 512 + (j * 64); /* bits in P */ - seedBytes = L/8; - return PQG_ParamGenSeedLen(j, seedBytes, pParams, pVfy); -} - -/* This code uses labels and gotos, so that it can follow the numbered -** steps in the algorithms from FIPS 186 appendix 2.2 very closely, -** and so that the correctness of this code can be easily verified. -** So, please forgive the ugly c code. -**/ -SECStatus -PQG_ParamGenSeedLen(unsigned int j, unsigned int seedBytes, - PQGParams **pParams, PQGVerify **pVfy) -{ - unsigned int L; /* Length of P in bits. Per FIPS 186. */ - unsigned int n; /* Per FIPS 186, appendix 2.2. */ - unsigned int b; /* Per FIPS 186, appendix 2.2. */ - unsigned int g; /* Per FIPS 186, appendix 2.2. */ - unsigned int counter; /* Per FIPS 186, appendix 2.2. */ - unsigned int offset; /* Per FIPS 186, appendix 2.2. */ - SECItem *seed; /* Per FIPS 186, appendix 2.2. */ - PRArenaPool *arena = NULL; - PQGParams *params = NULL; - PQGVerify *verify = NULL; - PRBool passed; - SECItem hit = { 0, 0, 0 }; - mp_int P, Q, G, H, l; - mp_err err = MP_OKAY; - SECStatus rv = SECFailure; - int iterations = 0; - if (j > 8 || !pParams || !pVfy) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - /* Initialize an arena for the params. */ - arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE); - if (!arena) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return SECFailure; - } - params = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams)); - if (!params) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - PORT_FreeArena(arena, PR_TRUE); - return SECFailure; - } - params->arena = arena; - /* Initialize an arena for the verify. */ - arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE); - if (!arena) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - PORT_FreeArena(params->arena, PR_TRUE); - return SECFailure; - } - verify = (PQGVerify *)PORT_ArenaZAlloc(arena, sizeof(PQGVerify)); - if (!verify) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - PORT_FreeArena(arena, PR_TRUE); - PORT_FreeArena(params->arena, PR_TRUE); - return SECFailure; - } - verify->arena = arena; - seed = &verify->seed; - arena = NULL; - /* Initialize bignums */ - MP_DIGITS(&P) = 0; - MP_DIGITS(&Q) = 0; - MP_DIGITS(&G) = 0; - MP_DIGITS(&H) = 0; - MP_DIGITS(&l) = 0; - CHECK_MPI_OK( mp_init(&P) ); - CHECK_MPI_OK( mp_init(&Q) ); - CHECK_MPI_OK( mp_init(&G) ); - CHECK_MPI_OK( mp_init(&H) ); - CHECK_MPI_OK( mp_init(&l) ); - /* Compute lengths. */ - L = 512 + (j * 64); /* bits in P */ - n = (L - 1) / BITS_IN_Q; /* BITS_IN_Q is 160 */ - b = (L - 1) % BITS_IN_Q; - g = seedBytes * BITS_PER_BYTE; /* bits in seed, NOT G of PQG. */ -step_1: - /* ****************************************************************** - ** Step 1. - ** "Choose an abitrary sequence of at least 160 bits and call it SEED. - ** Let g be the length of SEED in bits." - */ - if (++iterations > MAX_ITERATIONS) { /* give up after a while */ - PORT_SetError(SEC_ERROR_NEED_RANDOM); - goto cleanup; - } - seed->len = seedBytes; - CHECK_SEC_OK( getPQseed(seed) ); - /* ****************************************************************** - ** Step 2. - ** "Compute U = SHA[SEED] XOR SHA[(SEED+1) mod 2**g]." - ** - ** Step 3. - ** "Form Q from U by setting the most signficant bit (the 2**159 bit) - ** and the least signficant bit to 1. In terms of boolean operations, - ** Q = U OR 2**159 OR 1. Note that 2**159 < Q < 2**160." - */ - CHECK_SEC_OK( makeQfromSeed(g, seed, &Q) ); - /* ****************************************************************** - ** Step 4. - ** "Use a robust primality testing algorithm to test whether q is prime." - ** - ** Appendix 2.1 states that a Rabin test with at least 50 iterations - ** "will give an acceptable probability of error." - */ - /*CHECK_SEC_OK( prm_RabinTest(&Q, &passed) );*/ - err = mpp_pprime(&Q, PQG_Q_PRIMALITY_TESTS); - passed = (err == MP_YES) ? SECSuccess : SECFailure; - /* ****************************************************************** - ** Step 5. "If q is not prime, goto step 1." - */ - if (passed != SECSuccess) - goto step_1; - /* ****************************************************************** - ** Step 6. "Let counter = 0 and offset = 2." - */ - counter = 0; - offset = 2; -step_7: - /* ****************************************************************** - ** Step 7. - ** "for k = 0 ... n let - ** V_k = SHA[(SEED + offset + k) mod 2**g]." - ** - ** Step 8. - ** "Let W be the sum of (V_k * 2**(k*160)) for k = 0 ... n - ** and let X = W + 2**(L-1). - ** Note that 0 <= W < 2**(L-1) and hence 2**(L-1) <= X < 2**L." - ** - ** Step 9. - ** "Let c = X mod 2q and set p = X - (c - 1). - ** Note that p is congruent to 1 mod 2q." - */ - CHECK_SEC_OK( makePfromQandSeed(L, offset, g, seed, &Q, &P) ); - /************************************************************* - ** Step 10. - ** "if p < 2**(L-1), then goto step 13." - */ - CHECK_MPI_OK( mpl_set_bit(&l, (mp_size)(L-1), 1) ); /* l = 2**(L-1) */ - if (mp_cmp(&P, &l) < 0) - goto step_13; - /************************************************************ - ** Step 11. - ** "Perform a robust primality test on p." - */ - /*CHECK_SEC_OK( prm_RabinTest(&P, &passed) );*/ - err = mpp_pprime(&P, PQG_P_PRIMALITY_TESTS); - passed = (err == MP_YES) ? SECSuccess : SECFailure; - /* ****************************************************************** - ** Step 12. "If p passes the test performed in step 11, go to step 15." - */ - if (passed == SECSuccess) - goto step_15; -step_13: - /* ****************************************************************** - ** Step 13. "Let counter = counter + 1 and offset = offset + n + 1." - */ - counter++; - offset += n + 1; - /* ****************************************************************** - ** Step 14. "If counter >= 4096 goto step 1, otherwise go to step 7." - */ - if (counter >= 4096) - goto step_1; - goto step_7; -step_15: - /* ****************************************************************** - ** Step 15. - ** "Save the value of SEED and the value of counter for use - ** in certifying the proper generation of p and q." - */ - /* Generate h. */ - SECITEM_AllocItem(NULL, &hit, seedBytes); /* h is no longer than p */ - if (!hit.data) goto cleanup; - do { - /* loop generate h until 1 1 */ - CHECK_SEC_OK( generate_h_candidate(&hit, &H) ); - CHECK_SEC_OK( makeGfromH(&P, &Q, &H, &G, &passed) ); - } while (passed != PR_TRUE); - /* All generation is done. Now, save the PQG params. */ - MPINT_TO_SECITEM(&P, ¶ms->prime, params->arena); - MPINT_TO_SECITEM(&Q, ¶ms->subPrime, params->arena); - MPINT_TO_SECITEM(&G, ¶ms->base, params->arena); - MPINT_TO_SECITEM(&H, &verify->h, verify->arena); - verify->counter = counter; - *pParams = params; - *pVfy = verify; -cleanup: - mp_clear(&P); - mp_clear(&Q); - mp_clear(&G); - mp_clear(&H); - mp_clear(&l); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - if (rv) { - PORT_FreeArena(params->arena, PR_TRUE); - PORT_FreeArena(verify->arena, PR_TRUE); - } - return rv; -} - -SECStatus -PQG_VerifyParams(const PQGParams *params, - const PQGVerify *vfy, SECStatus *result) -{ - SECStatus rv = SECSuccess; - int passed; - unsigned int g, n, L, offset; - mp_int P, Q, G, P_, Q_, G_, r, h; - mp_err err = MP_OKAY; - int j; -#define CHECKPARAM(cond) \ - if (!(cond)) { \ - *result = SECFailure; \ - goto cleanup; \ - } - if (!params || !vfy || !result) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - MP_DIGITS(&P) = 0; - MP_DIGITS(&Q) = 0; - MP_DIGITS(&G) = 0; - MP_DIGITS(&P_) = 0; - MP_DIGITS(&Q_) = 0; - MP_DIGITS(&G_) = 0; - MP_DIGITS(&r) = 0; - MP_DIGITS(&h) = 0; - CHECK_MPI_OK( mp_init(&P) ); - CHECK_MPI_OK( mp_init(&Q) ); - CHECK_MPI_OK( mp_init(&G) ); - CHECK_MPI_OK( mp_init(&P_) ); - CHECK_MPI_OK( mp_init(&Q_) ); - CHECK_MPI_OK( mp_init(&G_) ); - CHECK_MPI_OK( mp_init(&r) ); - CHECK_MPI_OK( mp_init(&h) ); - *result = SECSuccess; - SECITEM_TO_MPINT(params->prime, &P); - SECITEM_TO_MPINT(params->subPrime, &Q); - SECITEM_TO_MPINT(params->base, &G); - /* 1. Q is 160 bits long. */ - CHECKPARAM( mpl_significant_bits(&Q) == 160 ); - /* 2. P is one of the 9 valid lengths. */ - L = mpl_significant_bits(&P); - j = PQG_PBITS_TO_INDEX(L); - CHECKPARAM( j >= 0 && j <= 8 ); - /* 3. G < P */ - CHECKPARAM( mp_cmp(&G, &P) < 0 ); - /* 4. P % Q == 1 */ - CHECK_MPI_OK( mp_mod(&P, &Q, &r) ); - CHECKPARAM( mp_cmp_d(&r, 1) == 0 ); - /* 5. Q is prime */ - CHECKPARAM( mpp_pprime(&Q, PQG_Q_PRIMALITY_TESTS) == MP_YES ); - /* 6. P is prime */ - CHECKPARAM( mpp_pprime(&P, PQG_P_PRIMALITY_TESTS) == MP_YES ); - /* Steps 7-12 are done only if the optional PQGVerify is supplied. */ - if (!vfy) goto cleanup; - /* 7. counter < 4096 */ - CHECKPARAM( vfy->counter < 4096 ); - /* 8. g >= 160 and g < 2048 (g is length of seed in bits) */ - g = vfy->seed.len * 8; - CHECKPARAM( g >= 160 && g < 2048 ); - /* 9. Q generated from SEED matches Q in PQGParams. */ - CHECK_SEC_OK( makeQfromSeed(g, &vfy->seed, &Q_) ); - CHECKPARAM( mp_cmp(&Q, &Q_) == 0 ); - /* 10. P generated from (L, counter, g, SEED, Q) matches P in PQGParams. */ - n = (L - 1) / BITS_IN_Q; - offset = vfy->counter * (n + 1) + 2; - CHECK_SEC_OK( makePfromQandSeed(L, offset, g, &vfy->seed, &Q, &P_) ); - CHECKPARAM( mp_cmp(&P, &P_) == 0 ); - /* Next two are optional: if h == 0 ignore */ - if (vfy->h.len == 0) goto cleanup; - /* 11. 1 < h < P-1 */ - SECITEM_TO_MPINT(vfy->h, &h); - CHECK_MPI_OK( mpl_set_bit(&P, 0, 0) ); /* P is prime, p-1 == zero 1st bit */ - CHECKPARAM( mp_cmp_d(&h, 1) > 0 && mp_cmp(&h, &P) ); - CHECK_MPI_OK( mpl_set_bit(&P, 0, 1) ); /* set it back */ - /* 12. G generated from h matches G in PQGParams. */ - CHECK_SEC_OK( makeGfromH(&P, &Q, &h, &G_, &passed) ); - CHECKPARAM( passed && mp_cmp(&G, &G_) == 0 ); -cleanup: - mp_clear(&P); - mp_clear(&Q); - mp_clear(&G); - mp_clear(&P_); - mp_clear(&Q_); - mp_clear(&G_); - mp_clear(&r); - mp_clear(&h); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - return rv; -} - - diff --git a/security/nss/lib/freebl/prng_fips1861.c b/security/nss/lib/freebl/prng_fips1861.c deleted file mode 100644 index f79cdb0ce..000000000 --- a/security/nss/lib/freebl/prng_fips1861.c +++ /dev/null @@ -1,514 +0,0 @@ -/* - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#include "prerr.h" -#include "secerr.h" - -#include "prtypes.h" -#include "prinit.h" -#include "blapi.h" -#include "nssilock.h" -#include "secitem.h" -#include "sha_fast.h" -#include "secrng.h" /* for RNG_GetNoise() */ - -/* - * The minimum amount of seed data required before the generator will - * provide data. - * Note that this is a measure of the number of bytes sent to - * RNG_RandomUpdate, not the actual amount of entropy present in the - * generator. Naturally, it is impossible to know (at this level) just - * how much entropy is present in the provided seed data. A bare minimum - * of entropy would be 20 bytes, so by requiring 1K this code is making - * the tacit assumption that at least 1 byte of pure entropy is provided - * with every 8 bytes supplied to RNG_RandomUpdate. The reality of this - * assumption is left up to the caller. - */ -#define MIN_SEED_COUNT 1024 - -/* - * Steps taken from FIPS 186-1 Appendix 3.1 - */ - -/* - * According to FIPS 186-1, 160 <= b <= 512 - * For our purposes, we will assume b == 160 - */ -#define FIPS_B 160 -#define BSIZE FIPS_B / BITS_PER_BYTE - -/* - * Add two 160-bit numbers represented as arrays of 20 bytes. - * The numbers are big-endian, MSB first, so addition is done - * from the end of the buffer to the beginning. - */ -#define ADD_160BIT_PLUS_CARRY(dest, add1, add2, cy) \ - carry = cy; \ - for (i=BSIZE-1; i>=0; --i) { \ - carry += add1[i] + add2[i]; \ - dest[i] = (PRUint8)carry; \ - carry >>= 8; \ - } - -#define ADD_160BIT_2(dest, add1, add2) \ - ADD_160BIT_PLUS_CARRY(dest, add1, add2, 0) - - -/* - * FIPS requires result from Step 3c to be reduced mod q when generating - * random numbers for DSA. - * by definition q >= 2^159 + 1, thus xj < 2q - * thus reducing mod q is simple subtraction when xj > q - */ -#define dsa_reduce_mod_q(xj, q) \ - PORT_Assert(q[0] >= 0x80); \ - if (memcmp(xj,q,BSIZE) > 0) { \ - carry = 0; \ - for (i=BSIZE-1; i>=0; --i) { \ - carry += (signed int)xj[i] - (signed int)q[i]; \ - xj[i] = (PRUint8)carry; \ - carry >>= 8; \ - } \ - } - -/* - * Specialized SHA1-like function. This function appends zeroes to a - * single input block and runs a single instance of the compression function, - * as specified in FIPS 186-1 appendix 3.3. - */ -void -RNG_UpdateAndEnd_FIPS186_1(SHA1Context *ctx, - unsigned char *input, unsigned int inputLen, - unsigned char *hashout, unsigned int *pDigestLen, - unsigned int maxDigestLen); - -/* - * Global RNG context - */ -struct RNGContextStr { - PRUint8 XKEY[BSIZE]; /* Seed for next SHA iteration */ - PRUint8 Xj[BSIZE]; /* Output from previous operation */ - PZLock *lock; /* Lock to serialize access to global rng */ - PRUint8 avail; /* # bytes of output available, [0...20] */ - PRUint32 seedCount; /* number of seed bytes given to generator */ - PRBool isValid; /* false if RNG reaches an invalid state */ -}; -typedef struct RNGContextStr RNGContext; -static RNGContext *globalrng = NULL; - -/* - * Free the global RNG context - */ -static void -freeRNGContext() -{ - PZ_DestroyLock(globalrng->lock); - PORT_ZFree(globalrng, sizeof *globalrng); - globalrng = NULL; -} - -/* - * Implementation of the algorithm in FIPS 186-1 appendix 3.1, heretofore - * called alg3_1(). It is assumed a lock for the global rng context has - * already been acquired. - * Calling this function with XSEEDj == NULL is equivalent to saying there - * is no optional user input, which is further equivalent to saying that - * the optional user input is 0. - */ -static SECStatus -alg_fips186_1_x3_1(RNGContext *rng, - const unsigned char *XSEEDj, unsigned char *q) -{ - /* SHA1 context for G(t, XVAL) function */ - SHA1Context sha1cx; - /* input to hash function */ - PRUint8 XVAL[BSIZE]; - /* store a copy of the output to compare with the previous output */ - PRUint8 x_j[BSIZE]; - /* used by ADD_160BIT macros */ - int i, carry; - unsigned int len; - if (!rng->isValid) { - /* RNG has alread entered an invalid state. */ - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - /* - * Initialize t, taken care of in SHA-1 (same initial values) - */ - SHA1_Begin(&sha1cx); - /* - * XSEEDj is optional user input - * - * XVAL = (XKEY + XSEEDj) mod 2^b - * :always reduced mod 2^b, since storing as 160-bit value - */ - if (XSEEDj) { - /* XSEEDj > 0 */ - ADD_160BIT_2(XVAL, rng->XKEY, XSEEDj); - } else { - /* XSEEDj == 0 */ - memcpy(XVAL, rng->XKEY, BSIZE); - } - /* - * Xj = G(t, XVAL) mod q - * :In this code, (mod q) is only understood for DSA ops, - * :not general RNG (what would q be in non-DSA uses?). - * :If a q is specified, use it. - * :FIPS 186-1 specifies a different padding than the SHA1 180-1 - * :specification, this function is implemented below. - */ - RNG_UpdateAndEnd_FIPS186_1(&sha1cx, XVAL, BSIZE, x_j, &len, BSIZE); - if (q != NULL) { - dsa_reduce_mod_q(x_j, q); - } - /* [FIPS 140-1] verify output does not match previous output */ - if (memcmp(x_j, rng->Xj, BSIZE) == 0) { - /* failed FIPS 140-1 continuous RNG condition. RNG now invalid. */ - rng->isValid = PR_FALSE; - return SECFailure; - } - /* Xj is the output */ - memcpy(rng->Xj, x_j, BSIZE); - /* - * XKEY = (1 + XKEY + Xj) mod 2^b - * :always reduced mod 2^b, since storing as 160-bit value - */ - ADD_160BIT_PLUS_CARRY(rng->XKEY, rng->XKEY, x_j, 1); - /* Always have a full buffer after executing alg3_1() */ - rng->avail = BSIZE; - /* housekeeping */ - memset(x_j, 0, BSIZE); - memset(XVAL, 0, BSIZE); - return SECSuccess; -} - -/* Use NSPR to prevent RNG_RNGInit from being called from separate - * threads, creating a race condition. - */ -static PRCallOnceType coRNGInit = { 0, 0, 0 }; -static PRStatus rng_init(void) -{ - unsigned char bytes[120]; - unsigned int numBytes; - if (globalrng == NULL) { - /* create a new global RNG context */ - globalrng = (RNGContext *)PORT_ZAlloc(sizeof(RNGContext)); - if (globalrng == NULL) { - PORT_SetError(PR_OUT_OF_MEMORY_ERROR); - return PR_FAILURE; - } - /* create a lock for it */ - globalrng->lock = PZ_NewLock(nssILockOther); - if (globalrng->lock == NULL) { - PORT_SetError(PR_OUT_OF_MEMORY_ERROR); - return PR_FAILURE; - } - /* the RNG is in a valid state */ - globalrng->isValid = PR_TRUE; - /* Try to get some seed data for the RNG */ - numBytes = RNG_GetNoise(bytes, sizeof bytes); - RNG_RandomUpdate(bytes, numBytes); - } - return (globalrng != NULL) ? PR_SUCCESS : PR_FAILURE; -} - -/* - * Initialize the global RNG context and give it some seed input taken - * from the system. This function is thread-safe and will only allow - * the global context to be initialized once. The seed input is likely - * small, so it is imperative that RNG_RandomUpdate() be called with - * additional seed data before the generator is used. A good way to - * provide the generator with additional entropy is to call - * RNG_SystemInfoForRNG(). Note that NSS_Init() does exactly that. - */ -SECStatus -RNG_RNGInit(void) -{ - /* Allow only one call to initialize the context */ - PR_CallOnce(&coRNGInit, rng_init); - /* Make sure there is a context */ - return (globalrng != NULL) ? PR_SUCCESS : PR_FAILURE; -} - -/* -** Update the global random number generator with more seeding -** material -*/ -SECStatus -prng_RandomUpdate(RNGContext *rng, const void *data, size_t bytes, - unsigned char *q) -{ - SECStatus rv = SECSuccess; - unsigned char inputhash[BSIZE]; - /* check for a valid global RNG context */ - PORT_Assert(rng != NULL); - if (rng == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - /* RNG_SystemInfoForRNG() sometimes does this, not really an error */ - if (bytes == 0) - return SECSuccess; - /* If received 20 bytes of input, use it, else hash the input before - * locking. - */ - if (bytes == BSIZE) - memcpy(inputhash, data, BSIZE); - else - rv = SHA1_HashBuf(inputhash, data, bytes); - if (rv != SECSuccess) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - /* --- LOCKED --- */ - PZ_Lock(rng->lock); - /* - * Random information is initially supplied by a call to - * RNG_SystemInfoForRNG(). That function collects entropy from - * the system and calls RNG_RandomUpdate() to seed the generator. - * FIPS 186-1 3.1 step 1 specifies that a secret value for the - * seed-key must be chosen before the generator can begin. The - * size of XKEY is b-bytes, so fill it with the first b-bytes - * sent to RNG_RandomUpdate(). - */ - if (rng->seedCount == 0) { - /* This is the first call to RandomUpdate(). Use a SHA1 hash - * of the input to set the seed, XKEY. - * - * copy seed bytes into context's XKEY - */ - memcpy(rng->XKEY, inputhash, BSIZE); - /* - * Now continue with algorithm. Since the input was used to - * initialize XKEY, the "optional user input" at this stage - * will be a pad of zeros, XSEEDj = 0. - */ - rv = alg_fips186_1_x3_1(rng, NULL, q); - /* As per FIPS 140-1 continuous RNG requirement, the first - * iteration of output is discarded. So here there is really - * no output available. This forces another execution of alg3_1() - * before any bytes can be extracted from the generator. - */ - rng->avail = 0; - } else { - /* Execute the algorithm from FIPS 186-1 appendix 3.1 */ - rv = alg_fips186_1_x3_1(rng, inputhash, q); - } - /* If got this far, have added bytes of seed data. */ - rng->seedCount += bytes; - PZ_Unlock(rng->lock); - /* --- UNLOCKED --- */ - /* housekeeping */ - memset(inputhash, 0, BSIZE); - return rv; -} - -/* -** Update the global random number generator with more seeding -** material. Not DSA, so no q. -*/ -SECStatus -RNG_RandomUpdate(const void *data, size_t bytes) -{ - return prng_RandomUpdate(globalrng, data, bytes, NULL); -} - -/* -** Generate some random bytes, using the global random number generator -** object. -*/ -SECStatus -prng_GenerateGlobalRandomBytes(RNGContext *rng, - void *dest, size_t len, unsigned char *q) -{ - PRUint8 num; - SECStatus rv = SECSuccess; - unsigned char *output = dest; - /* check for a valid global RNG context */ - PORT_Assert(rng != NULL); - if (rng == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - /* --- LOCKED --- */ - PZ_Lock(rng->lock); - /* Check the amount of seed data in the generator. If not enough, - * don't produce any data. - */ - if (rng->seedCount < MIN_SEED_COUNT) { - PZ_Unlock(rng->lock); - PORT_SetError(SEC_ERROR_NEED_RANDOM); - return SECFailure; - } - /* - * If there are enough bytes of random data, send back Xj, - * else call alg3_1() with 0's to generate more random data. - */ - while (len > 0 && rv == SECSuccess) { - if (rng->avail == 0) { - /* All available bytes are used, so generate more. */ - rv = alg_fips186_1_x3_1(rng, NULL, q); - } - /* number of bytes to obtain on this iteration (max of 20) */ - num = PR_MIN(rng->avail, len); - /* if avail < BSIZE, the first avail bytes have already been used. */ - if (num) { - memcpy(output, rng->Xj + (BSIZE - rng->avail), num); - rng->avail -= num; - len -= num; - output += num; - } - } - PZ_Unlock(rng->lock); - /* --- UNLOCKED --- */ - return rv; -} - -/* -** Generate some random bytes, using the global random number generator -** object. Not DSA, so no q. -*/ -SECStatus -RNG_GenerateGlobalRandomBytes(void *dest, size_t len) -{ - return prng_GenerateGlobalRandomBytes(globalrng, dest, len, NULL); -} - -void -RNG_RNGShutdown(void) -{ - /* check for a valid global RNG context */ - PORT_Assert(globalrng != NULL); - if (globalrng == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return; - } - /* clear */ - freeRNGContext(); - /* zero the callonce struct to allow a new call to RNG_RNGInit() */ - memset(&coRNGInit, 0, sizeof coRNGInit); -} - -/* - * SHA: Generate hash value from context - * Specialized function for PRNG - * The PRNG specified in FIPS 186-1 3.3 uses a function, G, - * which has the same initialization and compression functions - * as SHA1 180-1, but uses different padding. FIPS 186-1 3.3 - * specifies that the message be padded with 0's until the size - * reaches 512 bits. - */ -void -RNG_UpdateAndEnd_FIPS186_1(SHA1Context *ctx, - unsigned char *input, unsigned int inputLen, - unsigned char *hashout, unsigned int *pDigestLen, - unsigned int maxDigestLen) -{ - register PRUint32 A; - static const unsigned char bulk_pad0[64] = { 0,0,0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }; - - PORT_Assert(maxDigestLen >= SHA1_LENGTH); - PORT_Assert(inputLen <= SHA1_INPUT_LEN); - - /* - * Add the input - */ - SHA1_Update(ctx, input, inputLen); - /* - * Pad with zeroes - * This will fill the input block and cause the compression function - * to be called. - */ - SHA1_Update(ctx, bulk_pad0, SHA1_INPUT_LEN - inputLen); - - /* - * Output hash - */ -#if defined(IS_LITTLE_ENDIAN) - SHA_BYTESWAP(ctx->H[0]); - SHA_BYTESWAP(ctx->H[1]); - SHA_BYTESWAP(ctx->H[2]); - SHA_BYTESWAP(ctx->H[3]); - SHA_BYTESWAP(ctx->H[4]); -#endif - memcpy(hashout, ctx->H, SHA1_LENGTH); - *pDigestLen = SHA1_LENGTH; - - /* - * Re-initialize the context (also zeroizes contents) - */ - SHA1_Begin(ctx); -} - -/* - * Specialized RNG for DSA - * - * As per FIPS 186-1 appendix 3.1, in step 5 the value Xj should - * be reduced mod q, a 160-bit prime number. Since this parameter is - * only meaningful in the context of DSA, the above RNG functions - * were implemented without it. They are re-implemented below for use - * with DSA. - * - */ - -/* -** Update the global random number generator with more seeding -** material. DSA needs a q parameter. -*/ -SECStatus -DSA_RandomUpdate(void *data, size_t bytes, unsigned char *q) -{ - if( q && (*q == 0) ) { - ++q; - } - return prng_RandomUpdate(globalrng, data, bytes, q); -} - -/* -** Generate some random bytes, using the global random number generator -** object. In DSA mode, so there is a q. -*/ -SECStatus -DSA_GenerateGlobalRandomBytes(void *dest, size_t len, unsigned char *q) -{ - if( q && (*q == 0) ) { - ++q; - } - return prng_GenerateGlobalRandomBytes(globalrng, dest, len, q); -} diff --git a/security/nss/lib/freebl/rijndael.c b/security/nss/lib/freebl/rijndael.c deleted file mode 100644 index 261a91a48..000000000 --- a/security/nss/lib/freebl/rijndael.c +++ /dev/null @@ -1,1137 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#include "prinit.h" -#include "prerr.h" -#include "secerr.h" - -#include "prtypes.h" -#include "blapi.h" -#include "rijndael.h" - -/* - * There are currently five ways to build this code, varying in performance - * and code size. - * - * RIJNDAEL_INCLUDE_TABLES Include all tables from rijndael32.tab - * RIJNDAEL_GENERATE_TABLES Generate tables on first - * encryption/decryption, then store them; - * use the function gfm - * RIJNDAEL_GENERATE_TABLES_MACRO Same as above, but use macros to do - * the generation - * RIJNDAEL_GENERATE_VALUES Do not store tables, generate the table - * values "on-the-fly", using gfm - * RIJNDAEL_GENERATE_VALUES_MACRO Same as above, but use macros - * - * The default is RIJNDAEL_INCLUDE_TABLES. - */ - -/* - * When building RIJNDAEL_INCLUDE_TABLES, includes S**-1, Rcon, T[0..4], - * T**-1[0..4], IMXC[0..4] - * When building anything else, includes S, S**-1, Rcon - */ -#include "rijndael32.tab" - -#if defined(RIJNDAEL_INCLUDE_TABLES) -/* - * RIJNDAEL_INCLUDE_TABLES - */ -#define T0(i) _T0[i] -#define T1(i) _T1[i] -#define T2(i) _T2[i] -#define T3(i) _T3[i] -#define TInv0(i) _TInv0[i] -#define TInv1(i) _TInv1[i] -#define TInv2(i) _TInv2[i] -#define TInv3(i) _TInv3[i] -#define IMXC0(b) _IMXC0[b] -#define IMXC1(b) _IMXC1[b] -#define IMXC2(b) _IMXC2[b] -#define IMXC3(b) _IMXC3[b] -/* The S-box can be recovered from the T-tables */ -#ifdef IS_LITTLE_ENDIAN -#define SBOX(b) ((PRUint8)_T3[b]) -#else -#define SBOX(b) ((PRUint8)_T1[b]) -#endif -#define SINV(b) (_SInv[b]) - -#else /* not RIJNDAEL_INCLUDE_TABLES */ - -/* - * Code for generating T-table values. - */ - -#ifdef IS_LITTLE_ENDIAN -#define WORD4(b0, b1, b2, b3) \ - (((b3) << 24) | ((b2) << 16) | ((b1) << 8) | (b0)) -#else -#define WORD4(b0, b1, b2, b3) \ - (((b0) << 24) | ((b1) << 16) | ((b2) << 8) | (b3)) -#endif - -/* - * Define the S and S**-1 tables (both have been stored) - */ -#define SBOX(b) (_S[b]) -#define SINV(b) (_SInv[b]) - -/* - * The function xtime, used for Galois field multiplication - */ -#define XTIME(a) \ - ((a & 0x80) ? ((a << 1) ^ 0x1b) : (a << 1)) - -/* Choose GFM method (macros or function) */ -#if defined(RIJNDAEL_GENERATE_TABLES_MACRO) || \ - defined(RIJNDAEL_GENERATE_VALUES_MACRO) - -/* - * Galois field GF(2**8) multipliers, in macro form - */ -#define GFM01(a) \ - (a) /* a * 01 = a, the identity */ -#define GFM02(a) \ - (XTIME(a) & 0xff) /* a * 02 = xtime(a) */ -#define GFM04(a) \ - (GFM02(GFM02(a))) /* a * 04 = xtime**2(a) */ -#define GFM08(a) \ - (GFM02(GFM04(a))) /* a * 08 = xtime**3(a) */ -#define GFM03(a) \ - (GFM01(a) ^ GFM02(a)) /* a * 03 = a * (01 + 02) */ -#define GFM09(a) \ - (GFM01(a) ^ GFM08(a)) /* a * 09 = a * (01 + 08) */ -#define GFM0B(a) \ - (GFM01(a) ^ GFM02(a) ^ GFM08(a)) /* a * 0B = a * (01 + 02 + 08) */ -#define GFM0D(a) \ - (GFM01(a) ^ GFM04(a) ^ GFM08(a)) /* a * 0D = a * (01 + 04 + 08) */ -#define GFM0E(a) \ - (GFM02(a) ^ GFM04(a) ^ GFM08(a)) /* a * 0E = a * (02 + 04 + 08) */ - -#else /* RIJNDAEL_GENERATE_TABLES or RIJNDAEL_GENERATE_VALUES */ - -/* GF_MULTIPLY - * - * multiply two bytes represented in GF(2**8), mod (x**4 + 1) - */ -PRUint8 gfm(PRUint8 a, PRUint8 b) -{ - PRUint8 res = 0; - while (b > 0) { - res = (b & 0x01) ? res ^ a : res; - a = XTIME(a); - b >>= 1; - } - return res; -} - -#define GFM01(a) \ - (a) /* a * 01 = a, the identity */ -#define GFM02(a) \ - (XTIME(a) & 0xff) /* a * 02 = xtime(a) */ -#define GFM03(a) \ - (gfm(a, 0x03)) /* a * 03 */ -#define GFM09(a) \ - (gfm(a, 0x09)) /* a * 09 */ -#define GFM0B(a) \ - (gfm(a, 0x0B)) /* a * 0B */ -#define GFM0D(a) \ - (gfm(a, 0x0D)) /* a * 0D */ -#define GFM0E(a) \ - (gfm(a, 0x0E)) /* a * 0E */ - -#endif /* choosing GFM function */ - -/* - * The T-tables - */ -#define G_T0(i) \ - ( WORD4( GFM02(SBOX(i)), GFM01(SBOX(i)), GFM01(SBOX(i)), GFM03(SBOX(i)) ) ) -#define G_T1(i) \ - ( WORD4( GFM03(SBOX(i)), GFM02(SBOX(i)), GFM01(SBOX(i)), GFM01(SBOX(i)) ) ) -#define G_T2(i) \ - ( WORD4( GFM01(SBOX(i)), GFM03(SBOX(i)), GFM02(SBOX(i)), GFM01(SBOX(i)) ) ) -#define G_T3(i) \ - ( WORD4( GFM01(SBOX(i)), GFM01(SBOX(i)), GFM03(SBOX(i)), GFM02(SBOX(i)) ) ) - -/* - * The inverse T-tables - */ -#define G_TInv0(i) \ - ( WORD4( GFM0E(SINV(i)), GFM09(SINV(i)), GFM0D(SINV(i)), GFM0B(SINV(i)) ) ) -#define G_TInv1(i) \ - ( WORD4( GFM0B(SINV(i)), GFM0E(SINV(i)), GFM09(SINV(i)), GFM0D(SINV(i)) ) ) -#define G_TInv2(i) \ - ( WORD4( GFM0D(SINV(i)), GFM0B(SINV(i)), GFM0E(SINV(i)), GFM09(SINV(i)) ) ) -#define G_TInv3(i) \ - ( WORD4( GFM09(SINV(i)), GFM0D(SINV(i)), GFM0B(SINV(i)), GFM0E(SINV(i)) ) ) - -/* - * The inverse mix column tables - */ -#define G_IMXC0(i) \ - ( WORD4( GFM0E(i), GFM09(i), GFM0D(i), GFM0B(i) ) ) -#define G_IMXC1(i) \ - ( WORD4( GFM0B(i), GFM0E(i), GFM09(i), GFM0D(i) ) ) -#define G_IMXC2(i) \ - ( WORD4( GFM0D(i), GFM0B(i), GFM0E(i), GFM09(i) ) ) -#define G_IMXC3(i) \ - ( WORD4( GFM09(i), GFM0D(i), GFM0B(i), GFM0E(i) ) ) - -/* Now choose the T-table indexing method */ -#if defined(RIJNDAEL_GENERATE_VALUES) -/* generate values for the tables with a function*/ -static PRUint32 gen_TInvXi(PRUint8 tx, PRUint8 i) -{ - PRUint8 si01, si02, si03, si04, si08, si09, si0B, si0D, si0E; - si01 = SINV(i); - si02 = XTIME(si01); - si04 = XTIME(si02); - si08 = XTIME(si04); - si03 = si02 ^ si01; - si09 = si08 ^ si01; - si0B = si08 ^ si03; - si0D = si09 ^ si04; - si0E = si08 ^ si04 ^ si02; - switch (tx) { - case 0: - return WORD4(si0E, si09, si0D, si0B); - case 1: - return WORD4(si0B, si0E, si09, si0D); - case 2: - return WORD4(si0D, si0B, si0E, si09); - case 3: - return WORD4(si09, si0D, si0B, si0E); - } - return -1; -} -#define T0(i) G_T0(i) -#define T1(i) G_T1(i) -#define T2(i) G_T2(i) -#define T3(i) G_T3(i) -#define TInv0(i) gen_TInvXi(0, i) -#define TInv1(i) gen_TInvXi(1, i) -#define TInv2(i) gen_TInvXi(2, i) -#define TInv3(i) gen_TInvXi(3, i) -#define IMXC0(b) G_IMXC0(b) -#define IMXC1(b) G_IMXC1(b) -#define IMXC2(b) G_IMXC2(b) -#define IMXC3(b) G_IMXC3(b) -#elif defined(RIJNDAEL_GENERATE_VALUES_MACRO) -/* generate values for the tables with macros */ -#define T0(i) G_T0(i) -#define T1(i) G_T1(i) -#define T2(i) G_T2(i) -#define T3(i) G_T3(i) -#define TInv0(i) G_TInv0(i) -#define TInv1(i) G_TInv1(i) -#define TInv2(i) G_TInv2(i) -#define TInv3(i) G_TInv3(i) -#define IMXC0(b) G_IMXC0(b) -#define IMXC1(b) G_IMXC1(b) -#define IMXC2(b) G_IMXC2(b) -#define IMXC3(b) G_IMXC3(b) -#else /* RIJNDAEL_GENERATE_TABLES or RIJNDAEL_GENERATE_TABLES_MACRO */ -/* Generate T and T**-1 table values and store, then index */ -/* The inverse mix column tables are still generated */ -#define T0(i) rijndaelTables->T0[i] -#define T1(i) rijndaelTables->T1[i] -#define T2(i) rijndaelTables->T2[i] -#define T3(i) rijndaelTables->T3[i] -#define TInv0(i) rijndaelTables->TInv0[i] -#define TInv1(i) rijndaelTables->TInv1[i] -#define TInv2(i) rijndaelTables->TInv2[i] -#define TInv3(i) rijndaelTables->TInv3[i] -#define IMXC0(b) G_IMXC0(b) -#define IMXC1(b) G_IMXC1(b) -#define IMXC2(b) G_IMXC2(b) -#define IMXC3(b) G_IMXC3(b) -#endif /* choose T-table indexing method */ - -#endif /* not RIJNDAEL_INCLUDE_TABLES */ - -#if defined(RIJNDAEL_GENERATE_TABLES) || \ - defined(RIJNDAEL_GENERATE_TABLES_MACRO) - -/* Code to generate and store the tables */ - -struct rijndael_tables_str { - PRUint32 T0[256]; - PRUint32 T1[256]; - PRUint32 T2[256]; - PRUint32 T3[256]; - PRUint32 TInv0[256]; - PRUint32 TInv1[256]; - PRUint32 TInv2[256]; - PRUint32 TInv3[256]; -}; - -static struct rijndael_tables_str *rijndaelTables = NULL; -static PRCallOnceType coRTInit = { 0, 0, 0 }; -static PRStatus -init_rijndael_tables(void) -{ - PRUint32 i; - PRUint8 si01, si02, si03, si04, si08, si09, si0B, si0D, si0E; - struct rijndael_tables_str *rts; - rts = (struct rijndael_tables_str *) - PORT_Alloc(sizeof(struct rijndael_tables_str)); - if (!rts) return PR_FAILURE; - for (i=0; i<256; i++) { - /* The forward values */ - si01 = SBOX(i); - si02 = XTIME(si01); - si03 = si02 ^ si01; - rts->T0[i] = WORD4(si02, si01, si01, si03); - rts->T1[i] = WORD4(si03, si02, si01, si01); - rts->T2[i] = WORD4(si01, si03, si02, si01); - rts->T3[i] = WORD4(si01, si01, si03, si02); - /* The inverse values */ - si01 = SINV(i); - si02 = XTIME(si01); - si04 = XTIME(si02); - si08 = XTIME(si04); - si03 = si02 ^ si01; - si09 = si08 ^ si01; - si0B = si08 ^ si03; - si0D = si09 ^ si04; - si0E = si08 ^ si04 ^ si02; - rts->TInv0[i] = WORD4(si0E, si09, si0D, si0B); - rts->TInv1[i] = WORD4(si0B, si0E, si09, si0D); - rts->TInv2[i] = WORD4(si0D, si0B, si0E, si09); - rts->TInv3[i] = WORD4(si09, si0D, si0B, si0E); - } - /* wait until all the values are in to set */ - rijndaelTables = rts; - return PR_SUCCESS; -} - -#endif /* code to generate tables */ - -/************************************************************************** - * - * Stuff related to the Rijndael key schedule - * - *************************************************************************/ - -#define SUBBYTE(w) \ - ((SBOX((w >> 24) & 0xff) << 24) | \ - (SBOX((w >> 16) & 0xff) << 16) | \ - (SBOX((w >> 8) & 0xff) << 8) | \ - (SBOX((w ) & 0xff) )) - -#ifdef IS_LITTLE_ENDIAN -#define ROTBYTE(b) \ - ((b >> 8) | (b << 24)) -#else -#define ROTBYTE(b) \ - ((b << 8) | (b >> 24)) -#endif - -/* rijndael_key_expansion7 - * - * Generate the expanded key from the key input by the user. - * XXX - * Nk == 7 (224 key bits) is a weird case. Since Nk > 6, an added SubByte - * transformation is done periodically. The period is every 4 bytes, and - * since 7%4 != 0 this happens at different times for each key word (unlike - * Nk == 8 where it happens twice in every key word, in the same positions). - * For now, I'm implementing this case "dumbly", w/o any unrolling. - */ -static SECStatus -rijndael_key_expansion7(AESContext *cx, const unsigned char *key, unsigned int Nk) -{ - unsigned int i; - PRUint32 *W; - PRUint32 *pW; - PRUint32 tmp; - W = cx->expandedKey; - /* 1. the first Nk words contain the cipher key */ - memcpy(W, key, Nk * 4); - i = Nk; - /* 2. loop until full expanded key is obtained */ - pW = W + i - 1; - for (; i < cx->Nb * (cx->Nr + 1); ++i) { - tmp = *pW++; - if (i % Nk == 0) - tmp = SUBBYTE(ROTBYTE(tmp)) ^ Rcon[i / Nk - 1]; - else if (i % Nk == 4) - tmp = SUBBYTE(tmp); - *pW = W[i - Nk] ^ tmp; - } - return SECSuccess; -} - -/* rijndael_key_expansion - * - * Generate the expanded key from the key input by the user. - */ -static SECStatus -rijndael_key_expansion(AESContext *cx, const unsigned char *key, unsigned int Nk) -{ - unsigned int i; - PRUint32 *W; - PRUint32 *pW; - PRUint32 tmp; - unsigned int round_key_words = cx->Nb * (cx->Nr + 1); - if (Nk == 7) - return rijndael_key_expansion7(cx, key, Nk); - W = cx->expandedKey; - /* The first Nk words contain the input cipher key */ - memcpy(W, key, Nk * 4); - i = Nk; - pW = W + i - 1; - /* Loop over all sets of Nk words, except the last */ - while (i < round_key_words - Nk) { - tmp = *pW++; - tmp = SUBBYTE(ROTBYTE(tmp)) ^ Rcon[i / Nk - 1]; - *pW = W[i++ - Nk] ^ tmp; - tmp = *pW++; *pW = W[i++ - Nk] ^ tmp; - tmp = *pW++; *pW = W[i++ - Nk] ^ tmp; - tmp = *pW++; *pW = W[i++ - Nk] ^ tmp; - if (Nk == 4) - continue; - switch (Nk) { - case 8: tmp = *pW++; tmp = SUBBYTE(tmp); *pW = W[i++ - Nk] ^ tmp; - case 7: tmp = *pW++; *pW = W[i++ - Nk] ^ tmp; - case 6: tmp = *pW++; *pW = W[i++ - Nk] ^ tmp; - case 5: tmp = *pW++; *pW = W[i++ - Nk] ^ tmp; - } - } - /* Generate the last word */ - tmp = *pW++; - tmp = SUBBYTE(ROTBYTE(tmp)) ^ Rcon[i / Nk - 1]; - *pW = W[i++ - Nk] ^ tmp; - /* There may be overflow here, if Nk % (Nb * (Nr + 1)) > 0. However, - * since the above loop generated all but the last Nk key words, there - * is no more need for the SubByte transformation. - */ - if (Nk < 8) { - for (; i < round_key_words; ++i) { - tmp = *pW++; - *pW = W[i - Nk] ^ tmp; - } - } else { - /* except in the case when Nk == 8. Then one more SubByte may have - * to be performed, at i % Nk == 4. - */ - for (; i < round_key_words; ++i) { - tmp = *pW++; - if (i % Nk == 4) - tmp = SUBBYTE(tmp); - *pW = W[i - Nk] ^ tmp; - } - } - return SECSuccess; -} - -/* rijndael_invkey_expansion - * - * Generate the expanded key for the inverse cipher from the key input by - * the user. - */ -static SECStatus -rijndael_invkey_expansion(AESContext *cx, const unsigned char *key, unsigned int Nk) -{ - unsigned int r; - PRUint32 *roundkeyw; - PRUint8 *b; - int Nb = cx->Nb; - /* begins like usual key expansion ... */ - if (rijndael_key_expansion(cx, key, Nk) != SECSuccess) - return SECFailure; - /* ... but has the additional step of InvMixColumn, - * excepting the first and last round keys. - */ - roundkeyw = cx->expandedKey + cx->Nb; - for (r=1; rNr; ++r) { - /* each key word, roundkeyw, represents a column in the key - * matrix. Each column is multiplied by the InvMixColumn matrix. - * [ 0E 0B 0D 09 ] [ b0 ] - * [ 09 0E 0B 0D ] * [ b1 ] - * [ 0D 09 0E 0B ] [ b2 ] - * [ 0B 0D 09 0E ] [ b3 ] - */ - b = (PRUint8 *)roundkeyw; - *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]); - b = (PRUint8 *)roundkeyw; - *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]); - b = (PRUint8 *)roundkeyw; - *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]); - b = (PRUint8 *)roundkeyw; - *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]); - if (Nb <= 4) - continue; - switch (Nb) { - case 8: b = (PRUint8 *)roundkeyw; - *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ - IMXC2(b[2]) ^ IMXC3(b[3]); - case 7: b = (PRUint8 *)roundkeyw; - *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ - IMXC2(b[2]) ^ IMXC3(b[3]); - case 6: b = (PRUint8 *)roundkeyw; - *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ - IMXC2(b[2]) ^ IMXC3(b[3]); - case 5: b = (PRUint8 *)roundkeyw; - *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ - IMXC2(b[2]) ^ IMXC3(b[3]); - } - } - return SECSuccess; -} -/************************************************************************** - * - * Stuff related to Rijndael encryption/decryption, optimized for - * a 128-bit blocksize. - * - *************************************************************************/ - -#ifdef IS_LITTLE_ENDIAN -#define BYTE0WORD(w) ((w) & 0x000000ff) -#define BYTE1WORD(w) ((w) & 0x0000ff00) -#define BYTE2WORD(w) ((w) & 0x00ff0000) -#define BYTE3WORD(w) ((w) & 0xff000000) -#else -#define BYTE0WORD(w) ((w) & 0xff000000) -#define BYTE1WORD(w) ((w) & 0x00ff0000) -#define BYTE2WORD(w) ((w) & 0x0000ff00) -#define BYTE3WORD(w) ((w) & 0x000000ff) -#endif - -typedef union { - PRUint32 w[4]; - PRUint8 b[16]; -} rijndael_state; - -#define COLUMN_0(state) state.w[0] -#define COLUMN_1(state) state.w[1] -#define COLUMN_2(state) state.w[2] -#define COLUMN_3(state) state.w[3] - -#define STATE_BYTE(i) state.b[i] - -static SECStatus -rijndael_encryptBlock128(AESContext *cx, - unsigned char *output, - const unsigned char *input) -{ - unsigned int r; - PRUint32 *roundkeyw; - rijndael_state state; - PRUint32 C0, C1, C2, C3; -#if defined(_X86_) -#define pIn input -#define pOut output -#else - unsigned char *pIn, *pOut; - PRUint32 inBuf[4], outBuf[4]; - - if ((ptrdiff_t)input & 0x3) { - memcpy(inBuf, input, sizeof inBuf); - pIn = (unsigned char *)inBuf; - } else { - pIn = (unsigned char *)input; - } - if ((ptrdiff_t)output & 0x3) { - pOut = (unsigned char *)outBuf; - } else { - pOut = (unsigned char *)output; - } -#endif - roundkeyw = cx->expandedKey; - /* Step 1: Add Round Key 0 to initial state */ - COLUMN_0(state) = *((PRUint32 *)(pIn )) ^ *roundkeyw++; - COLUMN_1(state) = *((PRUint32 *)(pIn + 4 )) ^ *roundkeyw++; - COLUMN_2(state) = *((PRUint32 *)(pIn + 8 )) ^ *roundkeyw++; - COLUMN_3(state) = *((PRUint32 *)(pIn + 12)) ^ *roundkeyw++; - /* Step 2: Loop over rounds [1..NR-1] */ - for (r=1; rNr; ++r) { - /* Do ShiftRow, ByteSub, and MixColumn all at once */ - C0 = T0(STATE_BYTE(0)) ^ - T1(STATE_BYTE(5)) ^ - T2(STATE_BYTE(10)) ^ - T3(STATE_BYTE(15)); - C1 = T0(STATE_BYTE(4)) ^ - T1(STATE_BYTE(9)) ^ - T2(STATE_BYTE(14)) ^ - T3(STATE_BYTE(3)); - C2 = T0(STATE_BYTE(8)) ^ - T1(STATE_BYTE(13)) ^ - T2(STATE_BYTE(2)) ^ - T3(STATE_BYTE(7)); - C3 = T0(STATE_BYTE(12)) ^ - T1(STATE_BYTE(1)) ^ - T2(STATE_BYTE(6)) ^ - T3(STATE_BYTE(11)); - /* Round key addition */ - COLUMN_0(state) = C0 ^ *roundkeyw++; - COLUMN_1(state) = C1 ^ *roundkeyw++; - COLUMN_2(state) = C2 ^ *roundkeyw++; - COLUMN_3(state) = C3 ^ *roundkeyw++; - } - /* Step 3: Do the last round */ - /* Final round does not employ MixColumn */ - C0 = ((BYTE0WORD(T2(STATE_BYTE(0)))) | - (BYTE1WORD(T3(STATE_BYTE(5)))) | - (BYTE2WORD(T0(STATE_BYTE(10)))) | - (BYTE3WORD(T1(STATE_BYTE(15))))) ^ - *roundkeyw++; - C1 = ((BYTE0WORD(T2(STATE_BYTE(4)))) | - (BYTE1WORD(T3(STATE_BYTE(9)))) | - (BYTE2WORD(T0(STATE_BYTE(14)))) | - (BYTE3WORD(T1(STATE_BYTE(3))))) ^ - *roundkeyw++; - C2 = ((BYTE0WORD(T2(STATE_BYTE(8)))) | - (BYTE1WORD(T3(STATE_BYTE(13)))) | - (BYTE2WORD(T0(STATE_BYTE(2)))) | - (BYTE3WORD(T1(STATE_BYTE(7))))) ^ - *roundkeyw++; - C3 = ((BYTE0WORD(T2(STATE_BYTE(12)))) | - (BYTE1WORD(T3(STATE_BYTE(1)))) | - (BYTE2WORD(T0(STATE_BYTE(6)))) | - (BYTE3WORD(T1(STATE_BYTE(11))))) ^ - *roundkeyw++; - *((PRUint32 *) pOut ) = C0; - *((PRUint32 *)(pOut + 4)) = C1; - *((PRUint32 *)(pOut + 8)) = C2; - *((PRUint32 *)(pOut + 12)) = C3; -#if defined(_X86_) -#undef pIn -#undef pOut -#else - if ((ptrdiff_t)output & 0x3) { - memcpy(output, outBuf, sizeof outBuf); - } -#endif - return SECSuccess; -} - -static SECStatus -rijndael_decryptBlock128(AESContext *cx, - unsigned char *output, - const unsigned char *input) -{ - int r; - PRUint32 *roundkeyw; - rijndael_state state; - PRUint32 C0, C1, C2, C3; -#if defined(_X86_) -#define pIn input -#define pOut output -#else - unsigned char *pIn, *pOut; - PRUint32 inBuf[4], outBuf[4]; - - if ((ptrdiff_t)input & 0x3) { - memcpy(inBuf, input, sizeof inBuf); - pIn = (unsigned char *)inBuf; - } else { - pIn = (unsigned char *)input; - } - if ((ptrdiff_t)output & 0x3) { - pOut = (unsigned char *)outBuf; - } else { - pOut = (unsigned char *)output; - } -#endif - roundkeyw = cx->expandedKey + cx->Nb * cx->Nr + 3; - /* reverse the final key addition */ - COLUMN_3(state) = *((PRUint32 *)(pIn + 12)) ^ *roundkeyw--; - COLUMN_2(state) = *((PRUint32 *)(pIn + 8)) ^ *roundkeyw--; - COLUMN_1(state) = *((PRUint32 *)(pIn + 4)) ^ *roundkeyw--; - COLUMN_0(state) = *((PRUint32 *)(pIn )) ^ *roundkeyw--; - /* Loop over rounds in reverse [NR..1] */ - for (r=cx->Nr; r>1; --r) { - /* Invert the (InvByteSub*InvMixColumn)(InvShiftRow(state)) */ - C0 = TInv0(STATE_BYTE(0)) ^ - TInv1(STATE_BYTE(13)) ^ - TInv2(STATE_BYTE(10)) ^ - TInv3(STATE_BYTE(7)); - C1 = TInv0(STATE_BYTE(4)) ^ - TInv1(STATE_BYTE(1)) ^ - TInv2(STATE_BYTE(14)) ^ - TInv3(STATE_BYTE(11)); - C2 = TInv0(STATE_BYTE(8)) ^ - TInv1(STATE_BYTE(5)) ^ - TInv2(STATE_BYTE(2)) ^ - TInv3(STATE_BYTE(15)); - C3 = TInv0(STATE_BYTE(12)) ^ - TInv1(STATE_BYTE(9)) ^ - TInv2(STATE_BYTE(6)) ^ - TInv3(STATE_BYTE(3)); - /* Invert the key addition step */ - COLUMN_3(state) = C3 ^ *roundkeyw--; - COLUMN_2(state) = C2 ^ *roundkeyw--; - COLUMN_1(state) = C1 ^ *roundkeyw--; - COLUMN_0(state) = C0 ^ *roundkeyw--; - } - /* inverse sub */ - pOut[ 0] = SINV(STATE_BYTE( 0)); - pOut[ 1] = SINV(STATE_BYTE(13)); - pOut[ 2] = SINV(STATE_BYTE(10)); - pOut[ 3] = SINV(STATE_BYTE( 7)); - pOut[ 4] = SINV(STATE_BYTE( 4)); - pOut[ 5] = SINV(STATE_BYTE( 1)); - pOut[ 6] = SINV(STATE_BYTE(14)); - pOut[ 7] = SINV(STATE_BYTE(11)); - pOut[ 8] = SINV(STATE_BYTE( 8)); - pOut[ 9] = SINV(STATE_BYTE( 5)); - pOut[10] = SINV(STATE_BYTE( 2)); - pOut[11] = SINV(STATE_BYTE(15)); - pOut[12] = SINV(STATE_BYTE(12)); - pOut[13] = SINV(STATE_BYTE( 9)); - pOut[14] = SINV(STATE_BYTE( 6)); - pOut[15] = SINV(STATE_BYTE( 3)); - /* final key addition */ - *((PRUint32 *)(pOut + 12)) ^= *roundkeyw--; - *((PRUint32 *)(pOut + 8)) ^= *roundkeyw--; - *((PRUint32 *)(pOut + 4)) ^= *roundkeyw--; - *((PRUint32 *) pOut ) ^= *roundkeyw--; -#if defined(_X86_) -#undef pIn -#undef pOut -#else - if ((ptrdiff_t)output & 0x3) { - memcpy(output, outBuf, sizeof outBuf); - } -#endif - return SECSuccess; -} - -/************************************************************************** - * - * Stuff related to general Rijndael encryption/decryption, for blocksizes - * greater than 128 bits. - * - * XXX This code is currently untested! So far, AES specs have only been - * released for 128 bit blocksizes. This will be tested, but for now - * only the code above has been tested using known values. - * - *************************************************************************/ - -#define COLUMN(array, j) *((PRUint32 *)(array + j)) - -SECStatus -rijndael_encryptBlock(AESContext *cx, - unsigned char *output, - const unsigned char *input) -{ - return SECFailure; -#ifdef rijndael_large_blocks_fixed - unsigned int j, r, Nb; - unsigned int c2=0, c3=0; - PRUint32 *roundkeyw; - PRUint8 clone[RIJNDAEL_MAX_STATE_SIZE]; - Nb = cx->Nb; - roundkeyw = cx->expandedKey; - /* Step 1: Add Round Key 0 to initial state */ - for (j=0; j<4*Nb; j+=4) { - COLUMN(clone, j) = COLUMN(input, j) ^ *roundkeyw++; - } - /* Step 2: Loop over rounds [1..NR-1] */ - for (r=1; rNr; ++r) { - for (j=0; jNb; - roundkeyw = cx->expandedKey + cx->Nb * cx->Nr + 3; - /* reverse key addition */ - for (j=4*Nb; j>=0; j-=4) { - COLUMN(clone, j) = COLUMN(input, j) ^ *roundkeyw--; - } - /* Loop over rounds in reverse [NR..1] */ - for (r=cx->Nr; r>1; --r) { - /* Invert the (InvByteSub*InvMixColumn)(InvShiftRow(state)) */ - for (j=0; j=0; j-=4) { - COLUMN(clone, j) = COLUMN(output, j) ^ *roundkeyw--; - } - } - /* inverse sub */ - for (j=0; j<4*Nb; ++j) { - output[j] = SINV(clone[j]); - } - /* final key addition */ - for (j=4*Nb; j>=0; j-=4) { - COLUMN(output, j) ^= *roundkeyw--; - } - return SECSuccess; -#endif -} - -/************************************************************************** - * - * Rijndael modes of operation (ECB and CBC) - * - *************************************************************************/ - -static SECStatus -rijndael_encryptECB(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen, - unsigned int blocksize) -{ - SECStatus rv; - AESBlockFunc *encryptor; - encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE) - ? &rijndael_encryptBlock128 - : &rijndael_encryptBlock; - while (inputLen > 0) { - rv = (*encryptor)(cx, output, input); - if (rv != SECSuccess) - return rv; - output += blocksize; - input += blocksize; - inputLen -= blocksize; - } - return SECSuccess; -} - -static SECStatus -rijndael_encryptCBC(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen, - unsigned int blocksize) -{ - unsigned int j; - SECStatus rv; - AESBlockFunc *encryptor; - unsigned char *lastblock; - unsigned char inblock[RIJNDAEL_MAX_STATE_SIZE * 8]; - - if (!inputLen) - return SECSuccess; - lastblock = cx->iv; - encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE) - ? &rijndael_encryptBlock128 - : &rijndael_encryptBlock; - while (inputLen > 0) { - /* XOR with the last block (IV if first block) */ - for (j=0; jiv, lastblock, blocksize); - return SECSuccess; -} - -static SECStatus -rijndael_decryptECB(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen, - unsigned int blocksize) -{ - SECStatus rv; - AESBlockFunc *decryptor; - decryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE) - ? &rijndael_decryptBlock128 - : &rijndael_decryptBlock; - while (inputLen > 0) { - rv = (*decryptor)(cx, output, input); - if (rv != SECSuccess) - return rv; - output += blocksize; - input += blocksize; - inputLen -= blocksize; - } - return SECSuccess; -} - -static SECStatus -rijndael_decryptCBC(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen, - unsigned int blocksize) -{ - SECStatus rv; - AESBlockFunc *decryptor; - const unsigned char *in; - unsigned char *out; - unsigned int j; - unsigned char newIV[RIJNDAEL_MAX_BLOCKSIZE]; - - if (!inputLen) - return SECSuccess; - PORT_Assert(output - input >= 0 || input - output >= (int)inputLen ); - decryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE) - ? &rijndael_decryptBlock128 - : &rijndael_decryptBlock; - in = input + (inputLen - blocksize); - memcpy(newIV, in, blocksize); - out = output + (inputLen - blocksize); - while (inputLen > blocksize) { - rv = (*decryptor)(cx, out, in); - if (rv != SECSuccess) - return rv; - for (j=0; jiv[j]; - } - memcpy(cx->iv, newIV, blocksize); - return SECSuccess; -} - -/************************************************************************ - * - * BLAPI Interface functions - * - * The following functions implement the encryption routines defined in - * BLAPI for the AES cipher, Rijndael. - * - ***********************************************************************/ - -/* AES_CreateContext - * - * create a new context for Rijndael operations - */ -AESContext * -AES_CreateContext(const unsigned char *key, const unsigned char *iv, - int mode, int encrypt, - unsigned int keysize, unsigned int blocksize) -{ - AESContext *cx; - unsigned int Nk; - /* According to Rijndael AES Proposal, section 12.1, block and key - * lengths between 128 and 256 bits are supported, as long as the - * length in bytes is divisible by 4. - */ - if (key == NULL || - keysize < RIJNDAEL_MIN_BLOCKSIZE || - keysize > RIJNDAEL_MAX_BLOCKSIZE || - keysize % 4 != 0 || - blocksize < RIJNDAEL_MIN_BLOCKSIZE || - blocksize > RIJNDAEL_MAX_BLOCKSIZE || - blocksize % 4 != 0) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - if (mode != NSS_AES && mode != NSS_AES_CBC) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - if (mode == NSS_AES_CBC && iv == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - cx = PORT_ZNew(AESContext); - if (!cx) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return NULL; - } - /* Nb = (block size in bits) / 32 */ - cx->Nb = blocksize / 4; - /* Nk = (key size in bits) / 32 */ - Nk = keysize / 4; - /* Obtain number of rounds from "table" */ - cx->Nr = RIJNDAEL_NUM_ROUNDS(Nk, cx->Nb); - /* copy in the iv, if neccessary */ - if (mode == NSS_AES_CBC) { - memcpy(cx->iv, iv, blocksize); - cx->worker = (encrypt) ? &rijndael_encryptCBC : &rijndael_decryptCBC; - } else { - cx->worker = (encrypt) ? &rijndael_encryptECB : &rijndael_decryptECB; - } - /* Allocate memory for the expanded key */ - cx->expandedKey = PORT_ZNewArray(PRUint32, cx->Nb * (cx->Nr + 1)); - if (!cx->expandedKey) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - goto cleanup; - } - /* Generate expanded key */ - if (encrypt) { - if (rijndael_key_expansion(cx, key, Nk) != SECSuccess) - goto cleanup; - } else { - if (rijndael_invkey_expansion(cx, key, Nk) != SECSuccess) - goto cleanup; - } - return cx; -cleanup: - if (cx->expandedKey) - PORT_ZFree(cx->expandedKey, cx->Nb * (cx->Nr + 1)); - PORT_ZFree(cx, sizeof *cx); - return NULL; -} - -/* - * AES_DestroyContext - * - * Zero an AES cipher context. If freeit is true, also free the pointer - * to the context. - */ -void -AES_DestroyContext(AESContext *cx, PRBool freeit) -{ - PORT_ZFree(cx->expandedKey, cx->Nb * (cx->Nr + 1)); - memset(cx, 0, sizeof *cx); - if (freeit) - PORT_Free(cx); -} - -/* - * AES_Encrypt - * - * Encrypt an arbitrary-length buffer. The output buffer must already be - * allocated to at least inputLen. - */ -SECStatus -AES_Encrypt(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - int blocksize; - /* Check args */ - if (cx == NULL || output == NULL || input == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - blocksize = 4 * cx->Nb; - if (inputLen % blocksize != 0) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - return SECFailure; - } - if (maxOutputLen < inputLen) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; - } - *outputLen = inputLen; -#if defined(RIJNDAEL_GENERATE_TABLES) || \ - defined(RIJNDAEL_GENERATE_TABLES_MACRO) - if (rijndaelTables == NULL) { - if (PR_CallOnce(&coRTInit, init_rijndael_tables) - != PR_SUCCESS) { - return PR_FAILURE; - } - } -#endif - return (*cx->worker)(cx, output, outputLen, maxOutputLen, - input, inputLen, blocksize); -} - -/* - * AES_Decrypt - * - * Decrypt and arbitrary-length buffer. The output buffer must already be - * allocated to at least inputLen. - */ -SECStatus -AES_Decrypt(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) -{ - int blocksize; - /* Check args */ - if (cx == NULL || output == NULL || input == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - blocksize = 4 * cx->Nb; - if (inputLen % blocksize != 0) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - return SECFailure; - } - if (maxOutputLen < inputLen) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; - } - *outputLen = inputLen; -#if defined(RIJNDAEL_GENERATE_TABLES) || \ - defined(RIJNDAEL_GENERATE_TABLES_MACRO) - if (rijndaelTables == NULL) { - if (PR_CallOnce(&coRTInit, init_rijndael_tables) - != PR_SUCCESS) { - return PR_FAILURE; - } - } -#endif - return (*cx->worker)(cx, output, outputLen, maxOutputLen, - input, inputLen, blocksize); -} - diff --git a/security/nss/lib/freebl/rijndael.h b/security/nss/lib/freebl/rijndael.h deleted file mode 100644 index facd1b6db..000000000 --- a/security/nss/lib/freebl/rijndael.h +++ /dev/null @@ -1,86 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#ifndef _RIJNDAEL_H_ -#define _RIJNDAEL_H_ 1 - -#define RIJNDAEL_MIN_BLOCKSIZE 16 /* bytes */ -#define RIJNDAEL_MAX_BLOCKSIZE 32 /* bytes */ - -typedef SECStatus AESFunc(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen, - unsigned int blocksize); - -typedef SECStatus AESBlockFunc(AESContext *cx, - unsigned char *output, - const unsigned char *input); - -/* AESContextStr - * - * Values which maintain the state for Rijndael encryption/decryption. - * - * iv - initialization vector for CBC mode - * Nb - the number of bytes in a block, specified by user - * Nr - the number of rounds, specified by a table - * expandedKey - the round keys in 4-byte words, the length is Nr * Nb - * worker - the encryption/decryption function to use with this context - */ -struct AESContextStr -{ - unsigned int Nb; - unsigned int Nr; - PRUint32 *expandedKey; - AESFunc *worker; - unsigned char iv[RIJNDAEL_MAX_BLOCKSIZE]; -}; - -/* RIJNDAEL_NUM_ROUNDS - * - * Number of rounds per execution - * Nk - number of key bytes - * Nb - blocksize (in bytes) - */ -#define RIJNDAEL_NUM_ROUNDS(Nk, Nb) \ - (PR_MAX(Nk, Nb) + 6) - -/* RIJNDAEL_NUM_ROUNDS - * - * Maximum number of bytes in the state (spec includes up to 256-bit block - * size) - */ -#define RIJNDAEL_MAX_STATE_SIZE 32 - -#endif /* _RIJNDAEL_H_ */ diff --git a/security/nss/lib/freebl/rijndael32.tab b/security/nss/lib/freebl/rijndael32.tab deleted file mode 100644 index 6b78e2e8b..000000000 --- a/security/nss/lib/freebl/rijndael32.tab +++ /dev/null @@ -1,1215 +0,0 @@ -#ifndef RIJNDAEL_INCLUDE_TABLES -static const PRUint8 _S[256] = -{ - 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, -202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, -183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, - 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, - 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, - 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, -208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, - 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, -205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, - 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, -224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, -231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, -186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, -112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, -225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, -140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22 -}; -#endif /* not RIJNDAEL_INCLUDE_TABLES */ - -static const PRUint8 _SInv[256] = -{ - 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251, -124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203, - 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78, - 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37, -114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146, -108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132, -144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6, -208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107, - 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, -150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110, - 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, -252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, - 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, - 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, -160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, - 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125 -}; - -#ifdef RIJNDAEL_INCLUDE_TABLES -#ifdef IS_LITTLE_ENDIAN -static const PRUint32 _T0[256] = -{ -0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0x0df2f2ff, 0xbd6b6bd6, -0xb16f6fde, 0x54c5c591, 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, -0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, 0x45caca8f, 0x9d82821f, -0x40c9c989, 0x877d7dfa, 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, -0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453, -0x967272e4, 0x5bc0c09b, 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, -0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, 0x5c343468, 0xf4a5a551, -0x34e5e5d1, 0x08f1f1f9, 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, -0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, 0x28181830, 0xa1969637, -0x0f05050a, 0xb59a9a2f, 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, -0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 0x1b090912, 0x9e83831d, -0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, -0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, 0x7b292952, 0x3ee3e3dd, -0x712f2f5e, 0x97848413, 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, -0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 0xbe6a6ad4, 0x46cbcb8d, -0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, -0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 0xc5434386, 0xd74d4d9a, -0x55333366, 0x94858511, 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe, -0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, 0xf35151a2, 0xfea3a35d, -0xc0404080, 0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, -0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 0x30101020, 0x1affffe5, -0x0ef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, -0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, 0x57c4c493, 0xf2a7a755, -0x827e7efc, 0x473d3d7a, 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, -0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54, -0xab90903b, 0x8388880b, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, -0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, 0x3be0e0db, 0x56323264, -0x4e3a3a74, 0x1e0a0a14, 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, -0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531, -0x37e4e4d3, 0x8b7979f2, 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, -0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0xb46c6cd8, 0xfa5656ac, -0x07f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, -0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, 0x241c1c38, 0xf1a6a657, -0xc7b4b473, 0x51c6c697, 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, -0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x907070e0, 0x423e3e7c, -0xc4b5b571, 0xaa6666cc, 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c, -0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 0x91868617, 0x58c1c199, -0x271d1d3a, 0xb99e9e27, 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, -0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, 0xb69b9b2d, 0x221e1e3c, -0x92878715, 0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, -0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, 0x31e6e6d7, -0xc6424284, 0xb86868d0, 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, -0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c -}; -#else -static const PRUint32 _T0[256] = -{ -0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd, -0xde6f6fb1, 0x91c5c554, 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d, -0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d, -0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, -0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7, -0xe4727296, 0x9bc0c05b, 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, -0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 0x6834345c, 0x51a5a5f4, -0xd1e5e534, 0xf9f1f108, 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, -0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1, -0x0a05050f, 0x2f9a9ab5, 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, -0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, 0x1209091b, 0x1d83839e, -0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, -0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e, -0x5e2f2f71, 0x13848497, 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c, -0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 0xd46a6abe, 0x8dcbcb46, -0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, -0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7, -0x66333355, 0x11858594, 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81, -0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 0xa25151f3, 0x5da3a3fe, -0x804040c0, 0x058f8f8a, 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, -0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a, -0xfdf3f30e, 0xbfd2d26d, 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, -0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 0x93c4c457, 0x55a7a7f2, -0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, -0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e, -0x3b9090ab, 0x0b888883, 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, -0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 0xdbe0e03b, 0x64323256, -0x743a3a4e, 0x140a0a1e, 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4, -0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4, -0xd3e4e437, 0xf279798b, 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, -0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 0xd86c6cb4, 0xac5656fa, -0xf3f4f407, 0xcfeaea25, 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, -0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1, -0x73b4b4c7, 0x97c6c651, 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, -0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, 0xe0707090, 0x7c3e3e42, -0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12, -0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158, -0x3a1d1d27, 0x279e9eb9, 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, -0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, 0x2d9b9bb6, 0x3c1e1e22, -0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, -0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631, -0x844242c6, 0xd06868b8, 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, -0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a -}; -#endif - -#ifdef IS_LITTLE_ENDIAN -static const PRUint32 _T1[256] = -{ -0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, 0xf2f2ff0d, 0x6b6bd6bd, -0x6f6fdeb1, 0xc5c59154, 0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d, -0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a, 0xcaca8f45, 0x82821f9d, -0xc9c98940, 0x7d7dfa87, 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b, -0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea, 0x9c9c23bf, 0xa4a453f7, -0x7272e496, 0xc0c09b5b, 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a, -0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f, 0x3434685c, 0xa5a551f4, -0xe5e5d134, 0xf1f1f908, 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f, -0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e, 0x18183028, 0x969637a1, -0x05050a0f, 0x9a9a2fb5, 0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d, -0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f, 0x0909121b, 0x83831d9e, -0x2c2c5874, 0x1a1a342e, 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb, -0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce, 0x2929527b, 0xe3e3dd3e, -0x2f2f5e71, 0x84841397, 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c, -0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed, 0x6a6ad4be, 0xcbcb8d46, -0xbebe67d9, 0x3939724b, 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a, -0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16, 0x434386c5, 0x4d4d9ad7, -0x33336655, 0x85851194, 0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81, -0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3, 0x5151a2f3, 0xa3a35dfe, -0x404080c0, 0x8f8f058a, 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104, -0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263, 0x10102030, 0xffffe51a, -0xf3f3fd0e, 0xd2d2bf6d, 0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f, -0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39, 0xc4c49357, 0xa7a755f2, -0x7e7efc82, 0x3d3d7a47, 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695, -0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f, 0x22224466, 0x2a2a547e, -0x90903bab, 0x88880b83, 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c, -0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76, 0xe0e0db3b, 0x32326456, -0x3a3a744e, 0x0a0a141e, 0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4, -0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6, 0x919139a8, 0x959531a4, -0xe4e4d337, 0x7979f28b, 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7, -0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0, 0x6c6cd8b4, 0x5656acfa, -0xf4f4f307, 0xeaeacf25, 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018, -0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72, 0x1c1c3824, 0xa6a657f1, -0xb4b473c7, 0xc6c69751, 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21, -0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85, 0x7070e090, 0x3e3e7c42, -0xb5b571c4, 0x6666ccaa, 0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12, -0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0, 0x86861791, 0xc1c19958, -0x1d1d3a27, 0x9e9e27b9, 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233, -0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7, 0x9b9b2db6, 0x1e1e3c22, -0x87871592, 0xe9e9c920, 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a, -0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17, 0xbfbf65da, 0xe6e6d731, -0x424284c6, 0x6868d0b8, 0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11, -0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a -}; -#else -static const PRUint32 _T1[256] = -{ -0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 0x0dfff2f2, 0xbdd66b6b, -0xb1de6f6f, 0x5491c5c5, 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b, -0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676, 0x458fcaca, 0x9d1f8282, -0x4089c9c9, 0x87fa7d7d, 0x15effafa, 0xebb25959, 0xc98e4747, 0x0bfbf0f0, -0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf, 0xbf239c9c, 0xf753a4a4, -0x96e47272, 0x5b9bc0c0, 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626, -0x5a6c3636, 0x417e3f3f, 0x02f5f7f7, 0x4f83cccc, 0x5c683434, 0xf451a5a5, -0x34d1e5e5, 0x08f9f1f1, 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515, -0x0c080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3, 0x28301818, 0xa1379696, -0x0f0a0505, 0xb52f9a9a, 0x090e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2, -0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575, 0x1b120909, 0x9e1d8383, -0x74582c2c, 0x2e341a1a, 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0, -0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3, 0x7b522929, 0x3edde3e3, -0x715e2f2f, 0x97138484, 0xf5a65353, 0x68b9d1d1, 0x00000000, 0x2cc1eded, -0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b, 0xbed46a6a, 0x468dcbcb, -0xd967bebe, 0x4b723939, 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf, -0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb, 0xc5864343, 0xd79a4d4d, -0x55663333, 0x94118585, 0xcf8a4545, 0x10e9f9f9, 0x06040202, 0x81fe7f7f, -0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8, 0xf3a25151, 0xfe5da3a3, -0xc0804040, 0x8a058f8f, 0xad3f9292, 0xbc219d9d, 0x48703838, 0x04f1f5f5, -0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121, 0x30201010, 0x1ae5ffff, -0x0efdf3f3, 0x6dbfd2d2, 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec, -0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717, 0x5793c4c4, 0xf255a7a7, -0x82fc7e7e, 0x477a3d3d, 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373, -0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc, 0x66442222, 0x7e542a2a, -0xab3b9090, 0x830b8888, 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414, -0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb, 0x3bdbe0e0, 0x56643232, -0x4e743a3a, 0x1e140a0a, 0xdb924949, 0x0a0c0606, 0x6c482424, 0xe4b85c5c, -0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262, 0xa8399191, 0xa4319595, -0x37d3e4e4, 0x8bf27979, 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d, -0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9, 0xb4d86c6c, 0xfaac5656, -0x07f3f4f4, 0x25cfeaea, 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808, -0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e, 0x24381c1c, 0xf157a6a6, -0xc773b4b4, 0x5197c6c6, 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f, -0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a, 0x90e07070, 0x427c3e3e, -0xc471b5b5, 0xaacc6666, 0xd8904848, 0x05060303, 0x01f7f6f6, 0x121c0e0e, -0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9, 0x91178686, 0x5899c1c1, -0x273a1d1d, 0xb9279e9e, 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111, -0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494, 0xb62d9b9b, 0x223c1e1e, -0x92158787, 0x20c9e9e9, 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf, -0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d, 0xda65bfbf, 0x31d7e6e6, -0xc6844242, 0xb8d06868, 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f, -0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616 -}; -#endif - -#ifdef IS_LITTLE_ENDIAN -static const PRUint32 _T2[256] = -{ -0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, 0xf2ff0df2, 0x6bd6bd6b, -0x6fdeb16f, 0xc59154c5, 0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b, -0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76, 0xca8f45ca, 0x821f9d82, -0xc98940c9, 0x7dfa877d, 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0, -0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf, 0x9c23bf9c, 0xa453f7a4, -0x72e49672, 0xc09b5bc0, 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26, -0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc, 0x34685c34, 0xa551f4a5, -0xe5d134e5, 0xf1f908f1, 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15, -0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3, 0x18302818, 0x9637a196, -0x050a0f05, 0x9a2fb59a, 0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2, -0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75, 0x09121b09, 0x831d9e83, -0x2c58742c, 0x1a342e1a, 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0, -0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3, 0x29527b29, 0xe3dd3ee3, -0x2f5e712f, 0x84139784, 0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced, -0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b, 0x6ad4be6a, 0xcb8d46cb, -0xbe67d9be, 0x39724b39, 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf, -0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb, 0x4386c543, 0x4d9ad74d, -0x33665533, 0x85119485, 0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f, -0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8, 0x51a2f351, 0xa35dfea3, -0x4080c040, 0x8f058a8f, 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5, -0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321, 0x10203010, 0xffe51aff, -0xf3fd0ef3, 0xd2bf6dd2, 0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec, -0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917, 0xc49357c4, 0xa755f2a7, -0x7efc827e, 0x3d7a473d, 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573, -0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc, 0x22446622, 0x2a547e2a, -0x903bab90, 0x880b8388, 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14, -0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db, 0xe0db3be0, 0x32645632, -0x3a744e3a, 0x0a141e0a, 0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c, -0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662, 0x9139a891, 0x9531a495, -0xe4d337e4, 0x79f28b79, 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d, -0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9, 0x6cd8b46c, 0x56acfa56, -0xf4f307f4, 0xeacf25ea, 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808, -0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e, 0x1c38241c, 0xa657f1a6, -0xb473c7b4, 0xc69751c6, 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f, -0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a, 0x70e09070, 0x3e7c423e, -0xb571c4b5, 0x66ccaa66, 0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e, -0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9, 0x86179186, 0xc19958c1, -0x1d3a271d, 0x9e27b99e, 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311, -0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794, 0x9b2db69b, 0x1e3c221e, -0x87159287, 0xe9c920e9, 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf, -0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d, 0xbf65dabf, 0xe6d731e6, -0x4284c642, 0x68d0b868, 0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f, -0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16 -}; -#else -static const PRUint32 _T2[256] = -{ -0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b, 0xf20dfff2, 0x6bbdd66b, -0x6fb1de6f, 0xc55491c5, 0x30506030, 0x01030201, 0x67a9ce67, 0x2b7d562b, -0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76, 0xca458fca, 0x829d1f82, -0xc94089c9, 0x7d87fa7d, 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0, -0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af, 0x9cbf239c, 0xa4f753a4, -0x7296e472, 0xc05b9bc0, 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26, -0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc, 0x345c6834, 0xa5f451a5, -0xe534d1e5, 0xf108f9f1, 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15, -0x040c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3, 0x18283018, 0x96a13796, -0x050f0a05, 0x9ab52f9a, 0x07090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2, -0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75, 0x091b1209, 0x839e1d83, -0x2c74582c, 0x1a2e341a, 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0, -0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3, 0x297b5229, 0xe33edde3, -0x2f715e2f, 0x84971384, 0x53f5a653, 0xd168b9d1, 0x00000000, 0xed2cc1ed, -0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b, 0x6abed46a, 0xcb468dcb, -0xbed967be, 0x394b7239, 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf, -0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb, 0x43c58643, 0x4dd79a4d, -0x33556633, 0x85941185, 0x45cf8a45, 0xf910e9f9, 0x02060402, 0x7f81fe7f, -0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8, 0x51f3a251, 0xa3fe5da3, -0x40c08040, 0x8f8a058f, 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5, -0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221, 0x10302010, 0xff1ae5ff, -0xf30efdf3, 0xd26dbfd2, 0xcd4c81cd, 0x0c14180c, 0x13352613, 0xec2fc3ec, -0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17, 0xc45793c4, 0xa7f255a7, -0x7e82fc7e, 0x3d477a3d, 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673, -0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc, 0x22664422, 0x2a7e542a, -0x90ab3b90, 0x88830b88, 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814, -0xde79a7de, 0x5ee2bc5e, 0x0b1d160b, 0xdb76addb, 0xe03bdbe0, 0x32566432, -0x3a4e743a, 0x0a1e140a, 0x49db9249, 0x060a0c06, 0x246c4824, 0x5ce4b85c, -0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462, 0x91a83991, 0x95a43195, -0xe437d3e4, 0x798bf279, 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d, -0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9, 0x6cb4d86c, 0x56faac56, -0xf407f3f4, 0xea25cfea, 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x08181008, -0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e, 0x1c24381c, 0xa6f157a6, -0xb4c773b4, 0xc65197c6, 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f, -0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a, 0x7090e070, 0x3e427c3e, -0xb5c471b5, 0x66aacc66, 0x48d89048, 0x03050603, 0xf601f7f6, 0x0e121c0e, -0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9, 0x86911786, 0xc15899c1, -0x1d273a1d, 0x9eb9279e, 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211, -0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394, 0x9bb62d9b, 0x1e223c1e, -0x87921587, 0xe920c9e9, 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df, -0x8c8f038c, 0xa1f859a1, 0x89800989, 0x0d171a0d, 0xbfda65bf, 0xe631d7e6, -0x42c68442, 0x68b8d068, 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f, -0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16 -}; -#endif - -#ifdef IS_LITTLE_ENDIAN -static const PRUint32 _T3[256] = -{ -0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, 0xff0df2f2, 0xd6bd6b6b, -0xdeb16f6f, 0x9154c5c5, 0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b, -0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676, 0x8f45caca, 0x1f9d8282, -0x8940c9c9, 0xfa877d7d, 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0, -0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf, 0x23bf9c9c, 0x53f7a4a4, -0xe4967272, 0x9b5bc0c0, 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626, -0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc, 0x685c3434, 0x51f4a5a5, -0xd134e5e5, 0xf908f1f1, 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515, -0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3, 0x30281818, 0x37a19696, -0x0a0f0505, 0x2fb59a9a, 0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2, -0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575, 0x121b0909, 0x1d9e8383, -0x58742c2c, 0x342e1a1a, 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0, -0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3, 0x527b2929, 0xdd3ee3e3, -0x5e712f2f, 0x13978484, 0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded, -0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b, 0xd4be6a6a, 0x8d46cbcb, -0x67d9bebe, 0x724b3939, 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf, -0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb, 0x86c54343, 0x9ad74d4d, -0x66553333, 0x11948585, 0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f, -0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8, 0xa2f35151, 0x5dfea3a3, -0x80c04040, 0x058a8f8f, 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5, -0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121, 0x20301010, 0xe51affff, -0xfd0ef3f3, 0xbf6dd2d2, 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec, -0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717, 0x9357c4c4, 0x55f2a7a7, -0xfc827e7e, 0x7a473d3d, 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373, -0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc, 0x44662222, 0x547e2a2a, -0x3bab9090, 0x0b838888, 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414, -0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb, 0xdb3be0e0, 0x64563232, -0x744e3a3a, 0x141e0a0a, 0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c, -0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262, 0x39a89191, 0x31a49595, -0xd337e4e4, 0xf28b7979, 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d, -0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9, 0xd8b46c6c, 0xacfa5656, -0xf307f4f4, 0xcf25eaea, 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808, -0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e, 0x38241c1c, 0x57f1a6a6, -0x73c7b4b4, 0x9751c6c6, 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f, -0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a, 0xe0907070, 0x7c423e3e, -0x71c4b5b5, 0xccaa6666, 0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e, -0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9, 0x17918686, 0x9958c1c1, -0x3a271d1d, 0x27b99e9e, 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111, -0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494, 0x2db69b9b, 0x3c221e1e, -0x15928787, 0xc920e9e9, 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf, -0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d, 0x65dabfbf, 0xd731e6e6, -0x84c64242, 0xd0b86868, 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f, -0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616 -}; -#else -static const PRUint32 _T3[256] = -{ -0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6, 0xf2f20dff, 0x6b6bbdd6, -0x6f6fb1de, 0xc5c55491, 0x30305060, 0x01010302, 0x6767a9ce, 0x2b2b7d56, -0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec, 0xcaca458f, 0x82829d1f, -0xc9c94089, 0x7d7d87fa, 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb, -0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45, 0x9c9cbf23, 0xa4a4f753, -0x727296e4, 0xc0c05b9b, 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c, -0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83, 0x34345c68, 0xa5a5f451, -0xe5e534d1, 0xf1f108f9, 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a, -0x04040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d, 0x18182830, 0x9696a137, -0x05050f0a, 0x9a9ab52f, 0x0707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf, -0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea, 0x09091b12, 0x83839e1d, -0x2c2c7458, 0x1a1a2e34, 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b, -0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d, 0x29297b52, 0xe3e33edd, -0x2f2f715e, 0x84849713, 0x5353f5a6, 0xd1d168b9, 0x00000000, 0xeded2cc1, -0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6, 0x6a6abed4, 0xcbcb468d, -0xbebed967, 0x39394b72, 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85, -0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed, 0x4343c586, 0x4d4dd79a, -0x33335566, 0x85859411, 0x4545cf8a, 0xf9f910e9, 0x02020604, 0x7f7f81fe, -0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b, 0x5151f3a2, 0xa3a3fe5d, -0x4040c080, 0x8f8f8a05, 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1, -0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342, 0x10103020, 0xffff1ae5, -0xf3f30efd, 0xd2d26dbf, 0xcdcd4c81, 0x0c0c1418, 0x13133526, 0xecec2fc3, -0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e, 0xc4c45793, 0xa7a7f255, -0x7e7e82fc, 0x3d3d477a, 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6, -0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3, 0x22226644, 0x2a2a7e54, -0x9090ab3b, 0x8888830b, 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28, -0xdede79a7, 0x5e5ee2bc, 0x0b0b1d16, 0xdbdb76ad, 0xe0e03bdb, 0x32325664, -0x3a3a4e74, 0x0a0a1e14, 0x4949db92, 0x06060a0c, 0x24246c48, 0x5c5ce4b8, -0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4, 0x9191a839, 0x9595a431, -0xe4e437d3, 0x79798bf2, 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da, -0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049, 0x6c6cb4d8, 0x5656faac, -0xf4f407f3, 0xeaea25cf, 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x08081810, -0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c, 0x1c1c2438, 0xa6a6f157, -0xb4b4c773, 0xc6c65197, 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e, -0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f, 0x707090e0, 0x3e3e427c, -0xb5b5c471, 0x6666aacc, 0x4848d890, 0x03030506, 0xf6f601f7, 0x0e0e121c, -0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069, 0x86869117, 0xc1c15899, -0x1d1d273a, 0x9e9eb927, 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322, -0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733, 0x9b9bb62d, 0x1e1e223c, -0x87879215, 0xe9e920c9, 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5, -0x8c8c8f03, 0xa1a1f859, 0x89898009, 0x0d0d171a, 0xbfbfda65, 0xe6e631d7, -0x4242c684, 0x6868b8d0, 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e, -0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c -}; -#endif - -#ifdef IS_LITTLE_ENDIAN -static const PRUint32 _TInv0[256] = -{ -0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, 0xf1459d1f, -0xab58faac, 0x9303e34b, 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5, -0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5, 0x495ab1de, 0x671bba25, -0x980eea45, 0xe1c0fe5d, 0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b, -0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, 0x2d83bed4, 0xd3217458, -0x2969e049, 0x44c8c98e, 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927, -0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, 0x184adf63, 0x82311ae5, -0x60335197, 0x457f5362, 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9, -0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52, 0x23d373ab, 0xe2024b72, -0x578f1fe3, 0x2aab5566, 0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3, -0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 0x2b1ccf8a, 0x92b479a7, -0xf0f207f3, 0xa1e2694e, 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4, -0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, 0x39ec830b, 0xaaef6040, -0x069f715e, 0x51106ebd, 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, -0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060, 0x24fb9819, 0x97e9bdd6, -0xcc434089, 0x779ed967, 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879, -0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000, 0x83868009, 0x48ed2b32, -0xac70111e, 0x4e725a6c, 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36, -0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, 0xb1670a0c, 0x0fe75793, -0xd296eeb4, 0x9e919b1b, 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, -0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 0x0b0d090e, 0xadc78bf2, -0xb9a8b62d, 0xc8a91e14, 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3, -0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, 0x7629438b, 0xdcc623cb, -0x68fcedb6, 0x63f1e4b8, 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684, -0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, 0xf330b2dc, -0xec52860d, 0xd0e3c177, 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947, -0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, 0xc74e4987, 0xc1d138d9, -0xfea2ca8c, 0x360bd498, 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f, -0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54, 0xc2138df6, 0xe8b8d890, -0x5ef7392e, 0xf5afc382, 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf, -0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 0x097826cd, 0xf418596e, -0x01b79aec, 0xa89a4f83, 0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef, -0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029, 0xafb2a431, 0x31233f2a, -0x3094a5c6, 0xc066a235, 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733, -0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117, 0x8dd64d76, 0x4db0ef43, -0x544daacc, 0xdf0496e4, 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546, -0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 0x5a1d67b3, 0x52d2db92, -0x335610e9, 0x1347d66d, 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb, -0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a, 0x59dfd29c, 0x3f73f255, -0x79ce1418, 0xbf37c773, 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478, -0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 0x0c25e2bc, -0x8b493c28, 0x41950dff, 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664, -0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0 -}; -#else -static const PRUint32 _TInv0[256] = -{ -0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, 0x3bab6bcb, 0x1f9d45f1, -0xacfa58ab, 0x4be30393, 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25, -0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, 0xdeb15a49, 0x25ba1b67, -0x45ea0e98, 0x5dfec0e1, 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, -0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, 0xd4be832d, 0x587421d3, -0x49e06929, 0x8ec9c844, 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd, -0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, 0x63df4a18, 0xe51a3182, -0x97513360, 0x62537f45, 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94, -0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, 0xab73d323, 0x724b02e2, -0xe31f8f57, 0x6655ab2a, 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, -0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c, 0x8acf1c2b, 0xa779b492, -0xf307f2f0, 0x4e69e2a1, 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a, -0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75, 0x0b83ec39, 0x4060efaa, -0x5e719f06, 0xbd6e1051, 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46, -0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff, 0x1998fb24, 0xd6bde997, -0x894043cc, 0x67d99e77, 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb, -0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000, 0x09808683, 0x322bed48, -0x1e1170ac, 0x6c5a724e, 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927, -0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, 0x0c0a67b1, 0x9357e70f, -0xb4ee96d2, 0x1b9b919e, 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16, -0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, 0x0e090d0b, 0xf28bc7ad, -0x2db6a8b9, 0x141ea9c8, 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, -0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, 0x8b432976, 0xcb23c6dc, -0xb6edfc68, 0xb8e4f163, 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120, -0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, 0x1d9e2f4b, 0xdcb230f3, -0x0d8652ec, 0x77c1e3d0, 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422, -0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, 0x87494ec7, 0xd938d1c1, -0x8ccaa2fe, 0x98d40b36, 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, -0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, 0xf68d13c2, 0x90d8b8e8, -0x2e39f75e, 0x82c3aff5, 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3, -0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, 0xcd267809, 0x6e5918f4, -0xec9ab701, 0x834f9aa8, 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6, -0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, 0x31a4b2af, 0x2a3f2331, -0xc6a59430, 0x35a266c0, 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, -0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, 0x764dd68d, 0x43efb04d, -0xccaa4d54, 0xe49604df, 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f, -0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e, 0xb3671d5a, 0x92dbd252, -0xe9105633, 0x6dd64713, 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89, -0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, 0x9cd2df59, 0x55f2733f, -0x1814ce79, 0x73c737bf, 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86, -0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, 0x161dc372, 0xbce2250c, -0x283c498b, 0xff0d9541, 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190, -0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 -}; -#endif - -#ifdef IS_LITTLE_ENDIAN -static const PRUint32 _TInv1[256] = -{ -0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96, 0x6bab3bcb, 0x459d1ff1, -0x58faacab, 0x03e34b93, 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525, -0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f, 0x5ab1de49, 0x1bba2567, -0x0eea4598, 0xc0fe5de1, 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6, -0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da, 0x83bed42d, 0x217458d3, -0x69e04929, 0xc8c98e44, 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd, -0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4, 0x4adf6318, 0x311ae582, -0x33519760, 0x7f536245, 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994, -0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7, 0xd373ab23, 0x024b72e2, -0x8f1fe357, 0xab55662a, 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5, -0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c, 0x1ccf8a2b, 0xb479a792, -0xf207f3f0, 0xe2694ea1, 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a, -0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475, 0xec830b39, 0xef6040aa, -0x9f715e06, 0x106ebd51, 0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46, -0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff, 0xfb981924, 0xe9bdd697, -0x434089cc, 0x9ed96777, 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db, -0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000, 0x86800983, 0xed2b3248, -0x70111eac, 0x725a6c4e, 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627, -0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a, 0x670a0cb1, 0xe757930f, -0x96eeb4d2, 0x919b1b9e, 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16, -0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d, 0x0d090e0b, 0xc78bf2ad, -0xa8b62db9, 0xa91e14c8, 0x19f15785, 0x0775af4c, 0xdd99eebb, 0x607fa3fd, -0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34, 0x29438b76, 0xc623cbdc, -0xfcedb668, 0xf1e4b863, 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420, -0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d, 0x2f9e1d4b, 0x30b2dcf3, -0x52860dec, 0xe3c177d0, 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722, -0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef, 0x4e4987c7, 0xd138d9c1, -0xa2ca8cfe, 0x0bd49836, 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4, -0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462, 0x138df6c2, 0xb8d890e8, -0xf7392e5e, 0xafc382f5, 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3, -0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b, 0x7826cd09, 0x18596ef4, -0xb79aec01, 0x9a4f83a8, 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6, -0x9be7bad9, 0x366f4ace, 0x099fead4, 0x7cb029d6, 0xb2a431af, 0x233f2a31, -0x94a5c630, 0x66a235c0, 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315, -0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f, 0xd64d768d, 0xb0ef434d, -0x4daacc54, 0x0496e4df, 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f, -0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e, 0x1d67b35a, 0xd2db9252, -0x5610e933, 0x47d66d13, 0x61d79a8c, 0x0ca1377a, 0x14f8598e, 0x3c13eb89, -0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c, 0xdfd29c59, 0x73f2553f, -0xce141879, 0x37c773bf, 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886, -0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f, 0xc31d1672, 0x25e2bc0c, -0x493c288b, 0x950dff41, 0x01a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490, -0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042 -}; -#else -static const PRUint32 _TInv1[256] = -{ -0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, 0xcb3bab6b, 0xf11f9d45, -0xabacfa58, 0x934be303, 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c, -0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3, 0x49deb15a, 0x6725ba1b, -0x9845ea0e, 0xe15dfec0, 0x02c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9, -0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259, 0x2dd4be83, 0xd3587421, -0x2949e069, 0x448ec9c8, 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971, -0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a, 0x1863df4a, 0x82e51a31, -0x60975133, 0x4562537f, 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b, -0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8, 0x23ab73d3, 0xe2724b02, -0x57e31f8f, 0x2a6655ab, 0x07b2eb28, 0x032fb5c2, 0x9a86c57b, 0xa5d33708, -0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682, 0x2b8acf1c, 0x92a779b4, -0xf0f307f2, 0xa14e69e2, 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe, -0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb, 0x390b83ec, 0xaa4060ef, -0x065e719f, 0x51bd6e10, 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd, -0xb591548d, 0x0571c45d, 0x6f0406d4, 0xff605015, 0x241998fb, 0x97d6bde9, -0xcc894043, 0x7767d99e, 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee, -0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x00000000, 0x83098086, 0x48322bed, -0xac1e1170, 0x4e6c5a72, 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39, -0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e, 0xb10c0a67, 0x0f9357e7, -0xd2b4ee96, 0x9e1b9b91, 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a, -0x0ae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17, 0x0b0e090d, 0xadf28bc7, -0xb92db6a8, 0xc8141ea9, 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60, -0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e, 0x768b4329, 0xdccb23c6, -0x68b6edfc, 0x63b8e4f1, 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611, -0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1, 0x4b1d9e2f, 0xf3dcb230, -0xec0d8652, 0xd077c1e3, 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964, -0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390, 0xc787494e, 0xc1d938d1, -0xfe8ccaa2, 0x3698d40b, 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf, -0xe42c3a9d, 0x0d507892, 0x9b6a5fcc, 0x62547e46, 0xc2f68d13, 0xe890d8b8, -0x5e2e39f7, 0xf582c3af, 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512, -0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb, 0x09cd2678, 0xf46e5918, -0x01ec9ab7, 0xa8834f9a, 0x65e6956e, 0x7eaaffe6, 0x0821bccf, 0xe6ef15e8, -0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c, 0xaf31a4b2, 0x312a3f23, -0x30c6a594, 0xc035a266, 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8, -0x4af10498, 0xf741ecda, 0x0e7fcd50, 0x2f1791f6, 0x8d764dd6, 0x4d43efb0, -0x54ccaa4d, 0xdfe49604, 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551, -0x049d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41, 0x5ab3671d, 0x5292dbd2, -0x33e91056, 0x136dd647, 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c, -0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1, 0x599cd2df, 0x3f55f273, -0x791814ce, 0xbf73c737, 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db, -0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340, 0x72161dc3, 0x0cbce225, -0x8b283c49, 0x41ff0d95, 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1, -0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857 -}; -#endif - -#ifdef IS_LITTLE_ENDIAN -static const PRUint32 _TInv2[256] = -{ -0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e, 0xab3bcb6b, 0x9d1ff145, -0xfaacab58, 0xe34b9303, 0x302055fa, 0x76adf66d, 0xcc889176, 0x02f5254c, -0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3, 0xb1de495a, 0xba25671b, -0xea45980e, 0xfe5de1c0, 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9, -0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59, 0xbed42d83, 0x7458d321, -0xe0492969, 0xc98e44c8, 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71, -0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a, 0xdf63184a, 0x1ae58231, -0x51976033, 0x5362457f, 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b, -0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8, 0x73ab23d3, 0x4b72e202, -0x1fe3578f, 0x55662aab, 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508, -0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82, 0xcf8a2b1c, 0x79a792b4, -0x07f3f0f2, 0x694ea1e2, 0xda65cdf4, 0x0506d5be, 0x34d11f62, 0xa6c48afe, -0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb, 0x830b39ec, 0x6040aaef, -0x715e069f, 0x6ebd5110, 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd, -0x5491b58d, 0xc471055d, 0x06046fd4, 0x5060ff15, 0x981924fb, 0xbdd697e9, -0x4089cc43, 0xd967779e, 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee, -0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000, 0x80098386, 0x2b3248ed, -0x111eac70, 0x5a6c4e72, 0x0efdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739, -0x0f0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e, 0x0a0cb167, 0x57930fe7, -0xeeb4d296, 0x9b1b9e91, 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a, -0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17, 0x090e0b0d, 0x8bf2adc7, -0xb62db9a8, 0x1e14c8a9, 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60, -0x01f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e, 0x438b7629, 0x23cbdcc6, -0xedb668fc, 0xe4b863f1, 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011, -0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1, 0x9e1d4b2f, 0xb2dcf330, -0x860dec52, 0xc177d0e3, 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264, -0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90, 0x4987c74e, 0x38d9c1d1, -0xca8cfea2, 0xd498360b, 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf, -0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246, 0x8df6c213, 0xd890e8b8, -0x392e5ef7, 0xc382f5af, 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312, -0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb, 0x26cd0978, 0x596ef418, -0x9aec01b7, 0x4f83a89a, 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8, -0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c, 0xa431afb2, 0x3f2a3123, -0xa5c63094, 0xa235c066, 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8, -0x04f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6, 0x4d768dd6, 0xef434db0, -0xaacc544d, 0x96e4df04, 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51, -0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41, 0x67b35a1d, 0xdb9252d2, -0x10e93356, 0xd66d1347, 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c, -0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1, 0xd29c59df, 0xf2553f73, -0x141879ce, 0xc773bf37, 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db, -0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40, 0x1d1672c3, 0xe2bc0c25, -0x3c288b49, 0x0dff4195, 0xa8397101, 0x0c08deb3, 0xb4d89ce4, 0x566490c1, -0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257 -}; -#else -static const PRUint32 _TInv2[256] = -{ -0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27, 0x6bcb3bab, 0x45f11f9d, -0x58abacfa, 0x03934be3, 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502, -0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562, 0x5a49deb1, 0x1b6725ba, -0x0e9845ea, 0xc0e15dfe, 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3, -0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552, 0x832dd4be, 0x21d35874, -0x692949e0, 0xc8448ec9, 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9, -0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce, 0x4a1863df, 0x3182e51a, -0x33609751, 0x7f456253, 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908, -0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b, 0xd323ab73, 0x02e2724b, -0x8f57e31f, 0xab2a6655, 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x08a5d337, -0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16, 0x1c2b8acf, 0xb492a779, -0xf2f0f307, 0xe2a14e69, 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6, -0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6, 0xec390b83, 0xefaa4060, -0x9f065e71, 0x1051bd6e, 0x8af93e21, 0x063d96dd, 0x05aedd3e, 0xbd464de6, -0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050, 0xfb241998, 0xe997d6bd, -0x43cc8940, 0x9e7767d9, 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8, -0x0a47a17c, 0x0fe97c42, 0x1ec9f884, 0x00000000, 0x86830980, 0xed48322b, -0x70ac1e11, 0x724e6c5a, 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d, -0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436, 0x67b10c0a, 0xe70f9357, -0x96d2b4ee, 0x919e1b9b, 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12, -0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b, 0x0d0b0e09, 0xc7adf28b, -0xa8b92db6, 0xa9c8141e, 0x198557f1, 0x074caf75, 0xddbbee99, 0x60fda37f, -0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb, 0x29768b43, 0xc6dccb23, -0xfc68b6ed, 0xf163b8e4, 0xdccad731, 0x85104263, 0x22401397, 0x112084c6, -0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729, 0x2f4b1d9e, 0x30f3dcb2, -0x52ec0d86, 0xe3d077c1, 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9, -0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233, 0x4ec78749, 0xd1c1d938, -0xa2fe8cca, 0x0b3698d4, 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad, -0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e, 0x13c2f68d, 0xb8e890d8, -0xf75e2e39, 0xaff582c3, 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25, -0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b, 0x7809cd26, 0x18f46e59, -0xb701ec9a, 0x9aa8834f, 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15, -0x9bd9bae7, 0x36ce4a6f, 0x09d4ea9f, 0x7cd629b0, 0xb2af31a4, 0x23312a3f, -0x9430c6a5, 0x66c035a2, 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7, -0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791, 0xd68d764d, 0xb04d43ef, -0x4d54ccaa, 0x04dfe496, 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665, -0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b, 0x1d5ab367, 0xd25292db, -0x5633e910, 0x47136dd6, 0x618c9ad7, 0x0c7a37a1, 0x148e59f8, 0x3c89eb13, -0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47, 0xdf599cd2, 0x733f55f2, -0xce791814, 0x37bf73c7, 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844, -0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3, 0xc372161d, 0x250cbce2, -0x498b283c, 0x9541ff0d, 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456, -0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8 -}; -#endif - -#ifdef IS_LITTLE_ENDIAN -static const PRUint32 _TInv3[256] = -{ -0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27, 0x3bcb6bab, 0x1ff1459d, -0xacab58fa, 0x4b9303e3, 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02, -0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362, 0xde495ab1, 0x25671bba, -0x45980eea, 0x5de1c0fe, 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3, -0x03e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952, 0xd42d83be, 0x58d32174, -0x492969e0, 0x8e44c8c9, 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9, -0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace, 0x63184adf, 0xe582311a, -0x97603351, 0x62457f53, 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08, -0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b, 0xab23d373, 0x72e2024b, -0xe3578f1f, 0x662aab55, 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837, -0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216, 0x8a2b1ccf, 0xa792b479, -0xf3f0f207, 0x4ea1e269, 0x65cdf4da, 0x06d5be05, 0xd11f6234, 0xc48afea6, -0x349d532e, 0xa2a055f3, 0x0532e18a, 0xa475ebf6, 0x0b39ec83, 0x40aaef60, -0x5e069f71, 0xbd51106e, 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6, -0x91b58d54, 0x71055dc4, 0x046fd406, 0x60ff1550, 0x1924fb98, 0xd697e9bd, -0x89cc4340, 0x67779ed9, 0xb0bd42e8, 0x07888b89, 0xe7385b19, 0x79dbeec8, -0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000, 0x09838680, 0x3248ed2b, -0x1eac7011, 0x6c4e725a, 0xfdfbff0e, 0x0f563885, 0x3d1ed5ae, 0x3627392d, -0x0a64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36, 0x0cb1670a, 0x930fe757, -0xb4d296ee, 0x1b9e919b, 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12, -0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b, 0x0e0b0d09, 0xf2adc78b, -0x2db9a8b6, 0x14c8a91e, 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f, -0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb, 0x8b762943, 0xcbdcc623, -0xb668fced, 0xb863f1e4, 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6, -0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129, 0x1d4b2f9e, 0xdcf330b2, -0x0dec5286, 0x77d0e3c1, 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9, -0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033, 0x87c74e49, 0xd9c1d138, -0x8cfea2ca, 0x98360bd4, 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad, -0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e, 0xf6c2138d, 0x90e8b8d8, -0x2e5ef739, 0x82f5afc3, 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225, -0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b, 0xcd097826, 0x6ef41859, -0xec01b79a, 0x83a89a4f, 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815, -0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0, 0x31afb2a4, 0x2a31233f, -0xc63094a5, 0x35c066a2, 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7, -0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691, 0x768dd64d, 0x434db0ef, -0xcc544daa, 0xe4df0496, 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165, -0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b, 0xb35a1d67, 0x9252d2db, -0xe9335610, 0x6d1347d6, 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13, -0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147, 0x9c59dfd2, 0x553f73f2, -0x1879ce14, 0x73bf37c7, 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44, -0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3, 0x1672c31d, 0xbc0c25e2, -0x288b493c, 0xff41950d, 0x397101a8, 0x08deb30c, 0xd89ce4b4, 0x6490c156, -0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8 -}; -#else -static const PRUint32 _TInv3[256] = -{ -0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a, 0xab6bcb3b, 0x9d45f11f, -0xfa58abac, 0xe303934b, 0x30fa5520, 0x766df6ad, 0xcc769188, 0x024c25f5, -0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5, 0xb15a49de, 0xba1b6725, -0xea0e9845, 0xfec0e15d, 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b, -0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95, 0xbe832dd4, 0x7421d358, -0xe0692949, 0xc9c8448e, 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27, -0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d, 0xdf4a1863, 0x1a3182e5, -0x51336097, 0x537f4562, 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x082b94f9, -0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752, 0x73d323ab, 0x4b02e272, -0x1f8f57e3, 0x55ab2a66, 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3, -0x2887f230, 0xbfa5b223, 0x036aba02, 0x16825ced, 0xcf1c2b8a, 0x79b492a7, -0x07f2f0f3, 0x69e2a14e, 0xdaf4cd65, 0x05bed506, 0x34621fd1, 0xa6fe8ac4, -0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4, 0x83ec390b, 0x60efaa40, -0x719f065e, 0x6e1051bd, 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d, -0x548db591, 0xc45d0571, 0x06d46f04, 0x5015ff60, 0x98fb2419, 0xbde997d6, -0x4043cc89, 0xd99e7767, 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79, -0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x00000000, 0x80868309, 0x2bed4832, -0x1170ac1e, 0x5a724e6c, 0x0efffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736, -0x0fd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24, 0x0a67b10c, 0x57e70f93, -0xee96d2b4, 0x9b919e1b, 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c, -0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12, 0x090d0b0e, 0x8bc7adf2, -0xb6a8b92d, 0x1ea9c814, 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3, -0x01269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b, 0x4329768b, 0x23c6dccb, -0xedfc68b6, 0xe4f163b8, 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084, -0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7, 0x9e2f4b1d, 0xb230f3dc, -0x8652ec0d, 0xc1e3d077, 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247, -0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22, 0x494ec787, 0x38d1c1d9, -0xcaa2fe8c, 0xd40b3698, 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f, -0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254, 0x8d13c2f6, 0xd8b8e890, -0x39f75e2e, 0xc3aff582, 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf, -0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb, 0x267809cd, 0x5918f46e, -0x9ab701ec, 0x4f9aa883, 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef, -0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629, 0xa4b2af31, 0x3f23312a, -0xa59430c6, 0xa266c035, 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533, -0x04984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17, 0x4dd68d76, 0xefb04d43, -0xaa4d54cc, 0x9604dfe4, 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46, -0x5eea049d, 0x8c355d01, 0x877473fa, 0x0b412efb, 0x671d5ab3, 0xdbd25292, -0x105633e9, 0xd647136d, 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb, -0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a, 0xd2df599c, 0xf2733f55, -0x14ce7918, 0xc737bf73, 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678, -0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2, 0x1dc37216, 0xe2250cbc, -0x3c498b28, 0x0d9541ff, 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064, -0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0 -}; -#endif - -#ifdef IS_LITTLE_ENDIAN -static const PRUint32 _IMXC0[256] = -{ -0x00000000, 0x0b0d090e, 0x161a121c, 0x1d171b12, 0x2c342438, 0x27392d36, -0x3a2e3624, 0x31233f2a, 0x58684870, 0x5365417e, 0x4e725a6c, 0x457f5362, -0x745c6c48, 0x7f516546, 0x62467e54, 0x694b775a, 0xb0d090e0, 0xbbdd99ee, -0xa6ca82fc, 0xadc78bf2, 0x9ce4b4d8, 0x97e9bdd6, 0x8afea6c4, 0x81f3afca, -0xe8b8d890, 0xe3b5d19e, 0xfea2ca8c, 0xf5afc382, 0xc48cfca8, 0xcf81f5a6, -0xd296eeb4, 0xd99be7ba, 0x7bbb3bdb, 0x70b632d5, 0x6da129c7, 0x66ac20c9, -0x578f1fe3, 0x5c8216ed, 0x41950dff, 0x4a9804f1, 0x23d373ab, 0x28de7aa5, -0x35c961b7, 0x3ec468b9, 0x0fe75793, 0x04ea5e9d, 0x19fd458f, 0x12f04c81, -0xcb6bab3b, 0xc066a235, 0xdd71b927, 0xd67cb029, 0xe75f8f03, 0xec52860d, -0xf1459d1f, 0xfa489411, 0x9303e34b, 0x980eea45, 0x8519f157, 0x8e14f859, -0xbf37c773, 0xb43ace7d, 0xa92dd56f, 0xa220dc61, 0xf66d76ad, 0xfd607fa3, -0xe07764b1, 0xeb7a6dbf, 0xda595295, 0xd1545b9b, 0xcc434089, 0xc74e4987, -0xae053edd, 0xa50837d3, 0xb81f2cc1, 0xb31225cf, 0x82311ae5, 0x893c13eb, -0x942b08f9, 0x9f2601f7, 0x46bde64d, 0x4db0ef43, 0x50a7f451, 0x5baafd5f, -0x6a89c275, 0x6184cb7b, 0x7c93d069, 0x779ed967, 0x1ed5ae3d, 0x15d8a733, -0x08cfbc21, 0x03c2b52f, 0x32e18a05, 0x39ec830b, 0x24fb9819, 0x2ff69117, -0x8dd64d76, 0x86db4478, 0x9bcc5f6a, 0x90c15664, 0xa1e2694e, 0xaaef6040, -0xb7f87b52, 0xbcf5725c, 0xd5be0506, 0xdeb30c08, 0xc3a4171a, 0xc8a91e14, -0xf98a213e, 0xf2872830, 0xef903322, 0xe49d3a2c, 0x3d06dd96, 0x360bd498, -0x2b1ccf8a, 0x2011c684, 0x1132f9ae, 0x1a3ff0a0, 0x0728ebb2, 0x0c25e2bc, -0x656e95e6, 0x6e639ce8, 0x737487fa, 0x78798ef4, 0x495ab1de, 0x4257b8d0, -0x5f40a3c2, 0x544daacc, 0xf7daec41, 0xfcd7e54f, 0xe1c0fe5d, 0xeacdf753, -0xdbeec879, 0xd0e3c177, 0xcdf4da65, 0xc6f9d36b, 0xafb2a431, 0xa4bfad3f, -0xb9a8b62d, 0xb2a5bf23, 0x83868009, 0x888b8907, 0x959c9215, 0x9e919b1b, -0x470a7ca1, 0x4c0775af, 0x51106ebd, 0x5a1d67b3, 0x6b3e5899, 0x60335197, -0x7d244a85, 0x7629438b, 0x1f6234d1, 0x146f3ddf, 0x097826cd, 0x02752fc3, -0x335610e9, 0x385b19e7, 0x254c02f5, 0x2e410bfb, 0x8c61d79a, 0x876cde94, -0x9a7bc586, 0x9176cc88, 0xa055f3a2, 0xab58faac, 0xb64fe1be, 0xbd42e8b0, -0xd4099fea, 0xdf0496e4, 0xc2138df6, 0xc91e84f8, 0xf83dbbd2, 0xf330b2dc, -0xee27a9ce, 0xe52aa0c0, 0x3cb1477a, 0x37bc4e74, 0x2aab5566, 0x21a65c68, -0x10856342, 0x1b886a4c, 0x069f715e, 0x0d927850, 0x64d90f0a, 0x6fd40604, -0x72c31d16, 0x79ce1418, 0x48ed2b32, 0x43e0223c, 0x5ef7392e, 0x55fa3020, -0x01b79aec, 0x0aba93e2, 0x17ad88f0, 0x1ca081fe, 0x2d83bed4, 0x268eb7da, -0x3b99acc8, 0x3094a5c6, 0x59dfd29c, 0x52d2db92, 0x4fc5c080, 0x44c8c98e, -0x75ebf6a4, 0x7ee6ffaa, 0x63f1e4b8, 0x68fcedb6, 0xb1670a0c, 0xba6a0302, -0xa77d1810, 0xac70111e, 0x9d532e34, 0x965e273a, 0x8b493c28, 0x80443526, -0xe90f427c, 0xe2024b72, 0xff155060, 0xf418596e, 0xc53b6644, 0xce366f4a, -0xd3217458, 0xd82c7d56, 0x7a0ca137, 0x7101a839, 0x6c16b32b, 0x671bba25, -0x5638850f, 0x5d358c01, 0x40229713, 0x4b2f9e1d, 0x2264e947, 0x2969e049, -0x347efb5b, 0x3f73f255, 0x0e50cd7f, 0x055dc471, 0x184adf63, 0x1347d66d, -0xcadc31d7, 0xc1d138d9, 0xdcc623cb, 0xd7cb2ac5, 0xe6e815ef, 0xede51ce1, -0xf0f207f3, 0xfbff0efd, 0x92b479a7, 0x99b970a9, 0x84ae6bbb, 0x8fa362b5, -0xbe805d9f, 0xb58d5491, 0xa89a4f83, 0xa397468d -}; -#else -static const PRUint32 _IMXC0[256] = -{ -0x00000000, 0x0e090d0b, 0x1c121a16, 0x121b171d, 0x3824342c, 0x362d3927, -0x24362e3a, 0x2a3f2331, 0x70486858, 0x7e416553, 0x6c5a724e, 0x62537f45, -0x486c5c74, 0x4665517f, 0x547e4662, 0x5a774b69, 0xe090d0b0, 0xee99ddbb, -0xfc82caa6, 0xf28bc7ad, 0xd8b4e49c, 0xd6bde997, 0xc4a6fe8a, 0xcaaff381, -0x90d8b8e8, 0x9ed1b5e3, 0x8ccaa2fe, 0x82c3aff5, 0xa8fc8cc4, 0xa6f581cf, -0xb4ee96d2, 0xbae79bd9, 0xdb3bbb7b, 0xd532b670, 0xc729a16d, 0xc920ac66, -0xe31f8f57, 0xed16825c, 0xff0d9541, 0xf104984a, 0xab73d323, 0xa57ade28, -0xb761c935, 0xb968c43e, 0x9357e70f, 0x9d5eea04, 0x8f45fd19, 0x814cf012, -0x3bab6bcb, 0x35a266c0, 0x27b971dd, 0x29b07cd6, 0x038f5fe7, 0x0d8652ec, -0x1f9d45f1, 0x119448fa, 0x4be30393, 0x45ea0e98, 0x57f11985, 0x59f8148e, -0x73c737bf, 0x7dce3ab4, 0x6fd52da9, 0x61dc20a2, 0xad766df6, 0xa37f60fd, -0xb16477e0, 0xbf6d7aeb, 0x955259da, 0x9b5b54d1, 0x894043cc, 0x87494ec7, -0xdd3e05ae, 0xd33708a5, 0xc12c1fb8, 0xcf2512b3, 0xe51a3182, 0xeb133c89, -0xf9082b94, 0xf701269f, 0x4de6bd46, 0x43efb04d, 0x51f4a750, 0x5ffdaa5b, -0x75c2896a, 0x7bcb8461, 0x69d0937c, 0x67d99e77, 0x3daed51e, 0x33a7d815, -0x21bccf08, 0x2fb5c203, 0x058ae132, 0x0b83ec39, 0x1998fb24, 0x1791f62f, -0x764dd68d, 0x7844db86, 0x6a5fcc9b, 0x6456c190, 0x4e69e2a1, 0x4060efaa, -0x527bf8b7, 0x5c72f5bc, 0x0605bed5, 0x080cb3de, 0x1a17a4c3, 0x141ea9c8, -0x3e218af9, 0x302887f2, 0x223390ef, 0x2c3a9de4, 0x96dd063d, 0x98d40b36, -0x8acf1c2b, 0x84c61120, 0xaef93211, 0xa0f03f1a, 0xb2eb2807, 0xbce2250c, -0xe6956e65, 0xe89c636e, 0xfa877473, 0xf48e7978, 0xdeb15a49, 0xd0b85742, -0xc2a3405f, 0xccaa4d54, 0x41ecdaf7, 0x4fe5d7fc, 0x5dfec0e1, 0x53f7cdea, -0x79c8eedb, 0x77c1e3d0, 0x65daf4cd, 0x6bd3f9c6, 0x31a4b2af, 0x3fadbfa4, -0x2db6a8b9, 0x23bfa5b2, 0x09808683, 0x07898b88, 0x15929c95, 0x1b9b919e, -0xa17c0a47, 0xaf75074c, 0xbd6e1051, 0xb3671d5a, 0x99583e6b, 0x97513360, -0x854a247d, 0x8b432976, 0xd134621f, 0xdf3d6f14, 0xcd267809, 0xc32f7502, -0xe9105633, 0xe7195b38, 0xf5024c25, 0xfb0b412e, 0x9ad7618c, 0x94de6c87, -0x86c57b9a, 0x88cc7691, 0xa2f355a0, 0xacfa58ab, 0xbee14fb6, 0xb0e842bd, -0xea9f09d4, 0xe49604df, 0xf68d13c2, 0xf8841ec9, 0xd2bb3df8, 0xdcb230f3, -0xcea927ee, 0xc0a02ae5, 0x7a47b13c, 0x744ebc37, 0x6655ab2a, 0x685ca621, -0x42638510, 0x4c6a881b, 0x5e719f06, 0x5078920d, 0x0a0fd964, 0x0406d46f, -0x161dc372, 0x1814ce79, 0x322bed48, 0x3c22e043, 0x2e39f75e, 0x2030fa55, -0xec9ab701, 0xe293ba0a, 0xf088ad17, 0xfe81a01c, 0xd4be832d, 0xdab78e26, -0xc8ac993b, 0xc6a59430, 0x9cd2df59, 0x92dbd252, 0x80c0c54f, 0x8ec9c844, -0xa4f6eb75, 0xaaffe67e, 0xb8e4f163, 0xb6edfc68, 0x0c0a67b1, 0x02036aba, -0x10187da7, 0x1e1170ac, 0x342e539d, 0x3a275e96, 0x283c498b, 0x26354480, -0x7c420fe9, 0x724b02e2, 0x605015ff, 0x6e5918f4, 0x44663bc5, 0x4a6f36ce, -0x587421d3, 0x567d2cd8, 0x37a10c7a, 0x39a80171, 0x2bb3166c, 0x25ba1b67, -0x0f853856, 0x018c355d, 0x13972240, 0x1d9e2f4b, 0x47e96422, 0x49e06929, -0x5bfb7e34, 0x55f2733f, 0x7fcd500e, 0x71c45d05, 0x63df4a18, 0x6dd64713, -0xd731dcca, 0xd938d1c1, 0xcb23c6dc, 0xc52acbd7, 0xef15e8e6, 0xe11ce5ed, -0xf307f2f0, 0xfd0efffb, 0xa779b492, 0xa970b999, 0xbb6bae84, 0xb562a38f, -0x9f5d80be, 0x91548db5, 0x834f9aa8, 0x8d4697a3 -}; -#endif - -#ifdef IS_LITTLE_ENDIAN -static const PRUint32 _IMXC1[256] = -{ -0x00000000, 0x0d090e0b, 0x1a121c16, 0x171b121d, 0x3424382c, 0x392d3627, -0x2e36243a, 0x233f2a31, 0x68487058, 0x65417e53, 0x725a6c4e, 0x7f536245, -0x5c6c4874, 0x5165467f, 0x467e5462, 0x4b775a69, 0xd090e0b0, 0xdd99eebb, -0xca82fca6, 0xc78bf2ad, 0xe4b4d89c, 0xe9bdd697, 0xfea6c48a, 0xf3afca81, -0xb8d890e8, 0xb5d19ee3, 0xa2ca8cfe, 0xafc382f5, 0x8cfca8c4, 0x81f5a6cf, -0x96eeb4d2, 0x9be7bad9, 0xbb3bdb7b, 0xb632d570, 0xa129c76d, 0xac20c966, -0x8f1fe357, 0x8216ed5c, 0x950dff41, 0x9804f14a, 0xd373ab23, 0xde7aa528, -0xc961b735, 0xc468b93e, 0xe757930f, 0xea5e9d04, 0xfd458f19, 0xf04c8112, -0x6bab3bcb, 0x66a235c0, 0x71b927dd, 0x7cb029d6, 0x5f8f03e7, 0x52860dec, -0x459d1ff1, 0x489411fa, 0x03e34b93, 0x0eea4598, 0x19f15785, 0x14f8598e, -0x37c773bf, 0x3ace7db4, 0x2dd56fa9, 0x20dc61a2, 0x6d76adf6, 0x607fa3fd, -0x7764b1e0, 0x7a6dbfeb, 0x595295da, 0x545b9bd1, 0x434089cc, 0x4e4987c7, -0x053eddae, 0x0837d3a5, 0x1f2cc1b8, 0x1225cfb3, 0x311ae582, 0x3c13eb89, -0x2b08f994, 0x2601f79f, 0xbde64d46, 0xb0ef434d, 0xa7f45150, 0xaafd5f5b, -0x89c2756a, 0x84cb7b61, 0x93d0697c, 0x9ed96777, 0xd5ae3d1e, 0xd8a73315, -0xcfbc2108, 0xc2b52f03, 0xe18a0532, 0xec830b39, 0xfb981924, 0xf691172f, -0xd64d768d, 0xdb447886, 0xcc5f6a9b, 0xc1566490, 0xe2694ea1, 0xef6040aa, -0xf87b52b7, 0xf5725cbc, 0xbe0506d5, 0xb30c08de, 0xa4171ac3, 0xa91e14c8, -0x8a213ef9, 0x872830f2, 0x903322ef, 0x9d3a2ce4, 0x06dd963d, 0x0bd49836, -0x1ccf8a2b, 0x11c68420, 0x32f9ae11, 0x3ff0a01a, 0x28ebb207, 0x25e2bc0c, -0x6e95e665, 0x639ce86e, 0x7487fa73, 0x798ef478, 0x5ab1de49, 0x57b8d042, -0x40a3c25f, 0x4daacc54, 0xdaec41f7, 0xd7e54ffc, 0xc0fe5de1, 0xcdf753ea, -0xeec879db, 0xe3c177d0, 0xf4da65cd, 0xf9d36bc6, 0xb2a431af, 0xbfad3fa4, -0xa8b62db9, 0xa5bf23b2, 0x86800983, 0x8b890788, 0x9c921595, 0x919b1b9e, -0x0a7ca147, 0x0775af4c, 0x106ebd51, 0x1d67b35a, 0x3e58996b, 0x33519760, -0x244a857d, 0x29438b76, 0x6234d11f, 0x6f3ddf14, 0x7826cd09, 0x752fc302, -0x5610e933, 0x5b19e738, 0x4c02f525, 0x410bfb2e, 0x61d79a8c, 0x6cde9487, -0x7bc5869a, 0x76cc8891, 0x55f3a2a0, 0x58faacab, 0x4fe1beb6, 0x42e8b0bd, -0x099fead4, 0x0496e4df, 0x138df6c2, 0x1e84f8c9, 0x3dbbd2f8, 0x30b2dcf3, -0x27a9ceee, 0x2aa0c0e5, 0xb1477a3c, 0xbc4e7437, 0xab55662a, 0xa65c6821, -0x85634210, 0x886a4c1b, 0x9f715e06, 0x9278500d, 0xd90f0a64, 0xd406046f, -0xc31d1672, 0xce141879, 0xed2b3248, 0xe0223c43, 0xf7392e5e, 0xfa302055, -0xb79aec01, 0xba93e20a, 0xad88f017, 0xa081fe1c, 0x83bed42d, 0x8eb7da26, -0x99acc83b, 0x94a5c630, 0xdfd29c59, 0xd2db9252, 0xc5c0804f, 0xc8c98e44, -0xebf6a475, 0xe6ffaa7e, 0xf1e4b863, 0xfcedb668, 0x670a0cb1, 0x6a0302ba, -0x7d1810a7, 0x70111eac, 0x532e349d, 0x5e273a96, 0x493c288b, 0x44352680, -0x0f427ce9, 0x024b72e2, 0x155060ff, 0x18596ef4, 0x3b6644c5, 0x366f4ace, -0x217458d3, 0x2c7d56d8, 0x0ca1377a, 0x01a83971, 0x16b32b6c, 0x1bba2567, -0x38850f56, 0x358c015d, 0x22971340, 0x2f9e1d4b, 0x64e94722, 0x69e04929, -0x7efb5b34, 0x73f2553f, 0x50cd7f0e, 0x5dc47105, 0x4adf6318, 0x47d66d13, -0xdc31d7ca, 0xd138d9c1, 0xc623cbdc, 0xcb2ac5d7, 0xe815efe6, 0xe51ce1ed, -0xf207f3f0, 0xff0efdfb, 0xb479a792, 0xb970a999, 0xae6bbb84, 0xa362b58f, -0x805d9fbe, 0x8d5491b5, 0x9a4f83a8, 0x97468da3 -}; -#else -static const PRUint32 _IMXC1[256] = -{ -0x00000000, 0x0b0e090d, 0x161c121a, 0x1d121b17, 0x2c382434, 0x27362d39, -0x3a24362e, 0x312a3f23, 0x58704868, 0x537e4165, 0x4e6c5a72, 0x4562537f, -0x74486c5c, 0x7f466551, 0x62547e46, 0x695a774b, 0xb0e090d0, 0xbbee99dd, -0xa6fc82ca, 0xadf28bc7, 0x9cd8b4e4, 0x97d6bde9, 0x8ac4a6fe, 0x81caaff3, -0xe890d8b8, 0xe39ed1b5, 0xfe8ccaa2, 0xf582c3af, 0xc4a8fc8c, 0xcfa6f581, -0xd2b4ee96, 0xd9bae79b, 0x7bdb3bbb, 0x70d532b6, 0x6dc729a1, 0x66c920ac, -0x57e31f8f, 0x5ced1682, 0x41ff0d95, 0x4af10498, 0x23ab73d3, 0x28a57ade, -0x35b761c9, 0x3eb968c4, 0x0f9357e7, 0x049d5eea, 0x198f45fd, 0x12814cf0, -0xcb3bab6b, 0xc035a266, 0xdd27b971, 0xd629b07c, 0xe7038f5f, 0xec0d8652, -0xf11f9d45, 0xfa119448, 0x934be303, 0x9845ea0e, 0x8557f119, 0x8e59f814, -0xbf73c737, 0xb47dce3a, 0xa96fd52d, 0xa261dc20, 0xf6ad766d, 0xfda37f60, -0xe0b16477, 0xebbf6d7a, 0xda955259, 0xd19b5b54, 0xcc894043, 0xc787494e, -0xaedd3e05, 0xa5d33708, 0xb8c12c1f, 0xb3cf2512, 0x82e51a31, 0x89eb133c, -0x94f9082b, 0x9ff70126, 0x464de6bd, 0x4d43efb0, 0x5051f4a7, 0x5b5ffdaa, -0x6a75c289, 0x617bcb84, 0x7c69d093, 0x7767d99e, 0x1e3daed5, 0x1533a7d8, -0x0821bccf, 0x032fb5c2, 0x32058ae1, 0x390b83ec, 0x241998fb, 0x2f1791f6, -0x8d764dd6, 0x867844db, 0x9b6a5fcc, 0x906456c1, 0xa14e69e2, 0xaa4060ef, -0xb7527bf8, 0xbc5c72f5, 0xd50605be, 0xde080cb3, 0xc31a17a4, 0xc8141ea9, -0xf93e218a, 0xf2302887, 0xef223390, 0xe42c3a9d, 0x3d96dd06, 0x3698d40b, -0x2b8acf1c, 0x2084c611, 0x11aef932, 0x1aa0f03f, 0x07b2eb28, 0x0cbce225, -0x65e6956e, 0x6ee89c63, 0x73fa8774, 0x78f48e79, 0x49deb15a, 0x42d0b857, -0x5fc2a340, 0x54ccaa4d, 0xf741ecda, 0xfc4fe5d7, 0xe15dfec0, 0xea53f7cd, -0xdb79c8ee, 0xd077c1e3, 0xcd65daf4, 0xc66bd3f9, 0xaf31a4b2, 0xa43fadbf, -0xb92db6a8, 0xb223bfa5, 0x83098086, 0x8807898b, 0x9515929c, 0x9e1b9b91, -0x47a17c0a, 0x4caf7507, 0x51bd6e10, 0x5ab3671d, 0x6b99583e, 0x60975133, -0x7d854a24, 0x768b4329, 0x1fd13462, 0x14df3d6f, 0x09cd2678, 0x02c32f75, -0x33e91056, 0x38e7195b, 0x25f5024c, 0x2efb0b41, 0x8c9ad761, 0x8794de6c, -0x9a86c57b, 0x9188cc76, 0xa0a2f355, 0xabacfa58, 0xb6bee14f, 0xbdb0e842, -0xd4ea9f09, 0xdfe49604, 0xc2f68d13, 0xc9f8841e, 0xf8d2bb3d, 0xf3dcb230, -0xeecea927, 0xe5c0a02a, 0x3c7a47b1, 0x37744ebc, 0x2a6655ab, 0x21685ca6, -0x10426385, 0x1b4c6a88, 0x065e719f, 0x0d507892, 0x640a0fd9, 0x6f0406d4, -0x72161dc3, 0x791814ce, 0x48322bed, 0x433c22e0, 0x5e2e39f7, 0x552030fa, -0x01ec9ab7, 0x0ae293ba, 0x17f088ad, 0x1cfe81a0, 0x2dd4be83, 0x26dab78e, -0x3bc8ac99, 0x30c6a594, 0x599cd2df, 0x5292dbd2, 0x4f80c0c5, 0x448ec9c8, -0x75a4f6eb, 0x7eaaffe6, 0x63b8e4f1, 0x68b6edfc, 0xb10c0a67, 0xba02036a, -0xa710187d, 0xac1e1170, 0x9d342e53, 0x963a275e, 0x8b283c49, 0x80263544, -0xe97c420f, 0xe2724b02, 0xff605015, 0xf46e5918, 0xc544663b, 0xce4a6f36, -0xd3587421, 0xd8567d2c, 0x7a37a10c, 0x7139a801, 0x6c2bb316, 0x6725ba1b, -0x560f8538, 0x5d018c35, 0x40139722, 0x4b1d9e2f, 0x2247e964, 0x2949e069, -0x345bfb7e, 0x3f55f273, 0x0e7fcd50, 0x0571c45d, 0x1863df4a, 0x136dd647, -0xcad731dc, 0xc1d938d1, 0xdccb23c6, 0xd7c52acb, 0xe6ef15e8, 0xede11ce5, -0xf0f307f2, 0xfbfd0eff, 0x92a779b4, 0x99a970b9, 0x84bb6bae, 0x8fb562a3, -0xbe9f5d80, 0xb591548d, 0xa8834f9a, 0xa38d4697 -}; -#endif - -#ifdef IS_LITTLE_ENDIAN -static const PRUint32 _IMXC2[256] = -{ -0x00000000, 0x090e0b0d, 0x121c161a, 0x1b121d17, 0x24382c34, 0x2d362739, -0x36243a2e, 0x3f2a3123, 0x48705868, 0x417e5365, 0x5a6c4e72, 0x5362457f, -0x6c48745c, 0x65467f51, 0x7e546246, 0x775a694b, 0x90e0b0d0, 0x99eebbdd, -0x82fca6ca, 0x8bf2adc7, 0xb4d89ce4, 0xbdd697e9, 0xa6c48afe, 0xafca81f3, -0xd890e8b8, 0xd19ee3b5, 0xca8cfea2, 0xc382f5af, 0xfca8c48c, 0xf5a6cf81, -0xeeb4d296, 0xe7bad99b, 0x3bdb7bbb, 0x32d570b6, 0x29c76da1, 0x20c966ac, -0x1fe3578f, 0x16ed5c82, 0x0dff4195, 0x04f14a98, 0x73ab23d3, 0x7aa528de, -0x61b735c9, 0x68b93ec4, 0x57930fe7, 0x5e9d04ea, 0x458f19fd, 0x4c8112f0, -0xab3bcb6b, 0xa235c066, 0xb927dd71, 0xb029d67c, 0x8f03e75f, 0x860dec52, -0x9d1ff145, 0x9411fa48, 0xe34b9303, 0xea45980e, 0xf1578519, 0xf8598e14, -0xc773bf37, 0xce7db43a, 0xd56fa92d, 0xdc61a220, 0x76adf66d, 0x7fa3fd60, -0x64b1e077, 0x6dbfeb7a, 0x5295da59, 0x5b9bd154, 0x4089cc43, 0x4987c74e, -0x3eddae05, 0x37d3a508, 0x2cc1b81f, 0x25cfb312, 0x1ae58231, 0x13eb893c, -0x08f9942b, 0x01f79f26, 0xe64d46bd, 0xef434db0, 0xf45150a7, 0xfd5f5baa, -0xc2756a89, 0xcb7b6184, 0xd0697c93, 0xd967779e, 0xae3d1ed5, 0xa73315d8, -0xbc2108cf, 0xb52f03c2, 0x8a0532e1, 0x830b39ec, 0x981924fb, 0x91172ff6, -0x4d768dd6, 0x447886db, 0x5f6a9bcc, 0x566490c1, 0x694ea1e2, 0x6040aaef, -0x7b52b7f8, 0x725cbcf5, 0x0506d5be, 0x0c08deb3, 0x171ac3a4, 0x1e14c8a9, -0x213ef98a, 0x2830f287, 0x3322ef90, 0x3a2ce49d, 0xdd963d06, 0xd498360b, -0xcf8a2b1c, 0xc6842011, 0xf9ae1132, 0xf0a01a3f, 0xebb20728, 0xe2bc0c25, -0x95e6656e, 0x9ce86e63, 0x87fa7374, 0x8ef47879, 0xb1de495a, 0xb8d04257, -0xa3c25f40, 0xaacc544d, 0xec41f7da, 0xe54ffcd7, 0xfe5de1c0, 0xf753eacd, -0xc879dbee, 0xc177d0e3, 0xda65cdf4, 0xd36bc6f9, 0xa431afb2, 0xad3fa4bf, -0xb62db9a8, 0xbf23b2a5, 0x80098386, 0x8907888b, 0x9215959c, 0x9b1b9e91, -0x7ca1470a, 0x75af4c07, 0x6ebd5110, 0x67b35a1d, 0x58996b3e, 0x51976033, -0x4a857d24, 0x438b7629, 0x34d11f62, 0x3ddf146f, 0x26cd0978, 0x2fc30275, -0x10e93356, 0x19e7385b, 0x02f5254c, 0x0bfb2e41, 0xd79a8c61, 0xde94876c, -0xc5869a7b, 0xcc889176, 0xf3a2a055, 0xfaacab58, 0xe1beb64f, 0xe8b0bd42, -0x9fead409, 0x96e4df04, 0x8df6c213, 0x84f8c91e, 0xbbd2f83d, 0xb2dcf330, -0xa9ceee27, 0xa0c0e52a, 0x477a3cb1, 0x4e7437bc, 0x55662aab, 0x5c6821a6, -0x63421085, 0x6a4c1b88, 0x715e069f, 0x78500d92, 0x0f0a64d9, 0x06046fd4, -0x1d1672c3, 0x141879ce, 0x2b3248ed, 0x223c43e0, 0x392e5ef7, 0x302055fa, -0x9aec01b7, 0x93e20aba, 0x88f017ad, 0x81fe1ca0, 0xbed42d83, 0xb7da268e, -0xacc83b99, 0xa5c63094, 0xd29c59df, 0xdb9252d2, 0xc0804fc5, 0xc98e44c8, -0xf6a475eb, 0xffaa7ee6, 0xe4b863f1, 0xedb668fc, 0x0a0cb167, 0x0302ba6a, -0x1810a77d, 0x111eac70, 0x2e349d53, 0x273a965e, 0x3c288b49, 0x35268044, -0x427ce90f, 0x4b72e202, 0x5060ff15, 0x596ef418, 0x6644c53b, 0x6f4ace36, -0x7458d321, 0x7d56d82c, 0xa1377a0c, 0xa8397101, 0xb32b6c16, 0xba25671b, -0x850f5638, 0x8c015d35, 0x97134022, 0x9e1d4b2f, 0xe9472264, 0xe0492969, -0xfb5b347e, 0xf2553f73, 0xcd7f0e50, 0xc471055d, 0xdf63184a, 0xd66d1347, -0x31d7cadc, 0x38d9c1d1, 0x23cbdcc6, 0x2ac5d7cb, 0x15efe6e8, 0x1ce1ede5, -0x07f3f0f2, 0x0efdfbff, 0x79a792b4, 0x70a999b9, 0x6bbb84ae, 0x62b58fa3, -0x5d9fbe80, 0x5491b58d, 0x4f83a89a, 0x468da397 -}; -#else -static const PRUint32 _IMXC2[256] = -{ -0x00000000, 0x0d0b0e09, 0x1a161c12, 0x171d121b, 0x342c3824, 0x3927362d, -0x2e3a2436, 0x23312a3f, 0x68587048, 0x65537e41, 0x724e6c5a, 0x7f456253, -0x5c74486c, 0x517f4665, 0x4662547e, 0x4b695a77, 0xd0b0e090, 0xddbbee99, -0xcaa6fc82, 0xc7adf28b, 0xe49cd8b4, 0xe997d6bd, 0xfe8ac4a6, 0xf381caaf, -0xb8e890d8, 0xb5e39ed1, 0xa2fe8cca, 0xaff582c3, 0x8cc4a8fc, 0x81cfa6f5, -0x96d2b4ee, 0x9bd9bae7, 0xbb7bdb3b, 0xb670d532, 0xa16dc729, 0xac66c920, -0x8f57e31f, 0x825ced16, 0x9541ff0d, 0x984af104, 0xd323ab73, 0xde28a57a, -0xc935b761, 0xc43eb968, 0xe70f9357, 0xea049d5e, 0xfd198f45, 0xf012814c, -0x6bcb3bab, 0x66c035a2, 0x71dd27b9, 0x7cd629b0, 0x5fe7038f, 0x52ec0d86, -0x45f11f9d, 0x48fa1194, 0x03934be3, 0x0e9845ea, 0x198557f1, 0x148e59f8, -0x37bf73c7, 0x3ab47dce, 0x2da96fd5, 0x20a261dc, 0x6df6ad76, 0x60fda37f, -0x77e0b164, 0x7aebbf6d, 0x59da9552, 0x54d19b5b, 0x43cc8940, 0x4ec78749, -0x05aedd3e, 0x08a5d337, 0x1fb8c12c, 0x12b3cf25, 0x3182e51a, 0x3c89eb13, -0x2b94f908, 0x269ff701, 0xbd464de6, 0xb04d43ef, 0xa75051f4, 0xaa5b5ffd, -0x896a75c2, 0x84617bcb, 0x937c69d0, 0x9e7767d9, 0xd51e3dae, 0xd81533a7, -0xcf0821bc, 0xc2032fb5, 0xe132058a, 0xec390b83, 0xfb241998, 0xf62f1791, -0xd68d764d, 0xdb867844, 0xcc9b6a5f, 0xc1906456, 0xe2a14e69, 0xefaa4060, -0xf8b7527b, 0xf5bc5c72, 0xbed50605, 0xb3de080c, 0xa4c31a17, 0xa9c8141e, -0x8af93e21, 0x87f23028, 0x90ef2233, 0x9de42c3a, 0x063d96dd, 0x0b3698d4, -0x1c2b8acf, 0x112084c6, 0x3211aef9, 0x3f1aa0f0, 0x2807b2eb, 0x250cbce2, -0x6e65e695, 0x636ee89c, 0x7473fa87, 0x7978f48e, 0x5a49deb1, 0x5742d0b8, -0x405fc2a3, 0x4d54ccaa, 0xdaf741ec, 0xd7fc4fe5, 0xc0e15dfe, 0xcdea53f7, -0xeedb79c8, 0xe3d077c1, 0xf4cd65da, 0xf9c66bd3, 0xb2af31a4, 0xbfa43fad, -0xa8b92db6, 0xa5b223bf, 0x86830980, 0x8b880789, 0x9c951592, 0x919e1b9b, -0x0a47a17c, 0x074caf75, 0x1051bd6e, 0x1d5ab367, 0x3e6b9958, 0x33609751, -0x247d854a, 0x29768b43, 0x621fd134, 0x6f14df3d, 0x7809cd26, 0x7502c32f, -0x5633e910, 0x5b38e719, 0x4c25f502, 0x412efb0b, 0x618c9ad7, 0x6c8794de, -0x7b9a86c5, 0x769188cc, 0x55a0a2f3, 0x58abacfa, 0x4fb6bee1, 0x42bdb0e8, -0x09d4ea9f, 0x04dfe496, 0x13c2f68d, 0x1ec9f884, 0x3df8d2bb, 0x30f3dcb2, -0x27eecea9, 0x2ae5c0a0, 0xb13c7a47, 0xbc37744e, 0xab2a6655, 0xa621685c, -0x85104263, 0x881b4c6a, 0x9f065e71, 0x920d5078, 0xd9640a0f, 0xd46f0406, -0xc372161d, 0xce791814, 0xed48322b, 0xe0433c22, 0xf75e2e39, 0xfa552030, -0xb701ec9a, 0xba0ae293, 0xad17f088, 0xa01cfe81, 0x832dd4be, 0x8e26dab7, -0x993bc8ac, 0x9430c6a5, 0xdf599cd2, 0xd25292db, 0xc54f80c0, 0xc8448ec9, -0xeb75a4f6, 0xe67eaaff, 0xf163b8e4, 0xfc68b6ed, 0x67b10c0a, 0x6aba0203, -0x7da71018, 0x70ac1e11, 0x539d342e, 0x5e963a27, 0x498b283c, 0x44802635, -0x0fe97c42, 0x02e2724b, 0x15ff6050, 0x18f46e59, 0x3bc54466, 0x36ce4a6f, -0x21d35874, 0x2cd8567d, 0x0c7a37a1, 0x017139a8, 0x166c2bb3, 0x1b6725ba, -0x38560f85, 0x355d018c, 0x22401397, 0x2f4b1d9e, 0x642247e9, 0x692949e0, -0x7e345bfb, 0x733f55f2, 0x500e7fcd, 0x5d0571c4, 0x4a1863df, 0x47136dd6, -0xdccad731, 0xd1c1d938, 0xc6dccb23, 0xcbd7c52a, 0xe8e6ef15, 0xe5ede11c, -0xf2f0f307, 0xfffbfd0e, 0xb492a779, 0xb999a970, 0xae84bb6b, 0xa38fb562, -0x80be9f5d, 0x8db59154, 0x9aa8834f, 0x97a38d46 -}; -#endif - -#ifdef IS_LITTLE_ENDIAN -static const PRUint32 _IMXC3[256] = -{ -0x00000000, 0x0e0b0d09, 0x1c161a12, 0x121d171b, 0x382c3424, 0x3627392d, -0x243a2e36, 0x2a31233f, 0x70586848, 0x7e536541, 0x6c4e725a, 0x62457f53, -0x48745c6c, 0x467f5165, 0x5462467e, 0x5a694b77, 0xe0b0d090, 0xeebbdd99, -0xfca6ca82, 0xf2adc78b, 0xd89ce4b4, 0xd697e9bd, 0xc48afea6, 0xca81f3af, -0x90e8b8d8, 0x9ee3b5d1, 0x8cfea2ca, 0x82f5afc3, 0xa8c48cfc, 0xa6cf81f5, -0xb4d296ee, 0xbad99be7, 0xdb7bbb3b, 0xd570b632, 0xc76da129, 0xc966ac20, -0xe3578f1f, 0xed5c8216, 0xff41950d, 0xf14a9804, 0xab23d373, 0xa528de7a, -0xb735c961, 0xb93ec468, 0x930fe757, 0x9d04ea5e, 0x8f19fd45, 0x8112f04c, -0x3bcb6bab, 0x35c066a2, 0x27dd71b9, 0x29d67cb0, 0x03e75f8f, 0x0dec5286, -0x1ff1459d, 0x11fa4894, 0x4b9303e3, 0x45980eea, 0x578519f1, 0x598e14f8, -0x73bf37c7, 0x7db43ace, 0x6fa92dd5, 0x61a220dc, 0xadf66d76, 0xa3fd607f, -0xb1e07764, 0xbfeb7a6d, 0x95da5952, 0x9bd1545b, 0x89cc4340, 0x87c74e49, -0xddae053e, 0xd3a50837, 0xc1b81f2c, 0xcfb31225, 0xe582311a, 0xeb893c13, -0xf9942b08, 0xf79f2601, 0x4d46bde6, 0x434db0ef, 0x5150a7f4, 0x5f5baafd, -0x756a89c2, 0x7b6184cb, 0x697c93d0, 0x67779ed9, 0x3d1ed5ae, 0x3315d8a7, -0x2108cfbc, 0x2f03c2b5, 0x0532e18a, 0x0b39ec83, 0x1924fb98, 0x172ff691, -0x768dd64d, 0x7886db44, 0x6a9bcc5f, 0x6490c156, 0x4ea1e269, 0x40aaef60, -0x52b7f87b, 0x5cbcf572, 0x06d5be05, 0x08deb30c, 0x1ac3a417, 0x14c8a91e, -0x3ef98a21, 0x30f28728, 0x22ef9033, 0x2ce49d3a, 0x963d06dd, 0x98360bd4, -0x8a2b1ccf, 0x842011c6, 0xae1132f9, 0xa01a3ff0, 0xb20728eb, 0xbc0c25e2, -0xe6656e95, 0xe86e639c, 0xfa737487, 0xf478798e, 0xde495ab1, 0xd04257b8, -0xc25f40a3, 0xcc544daa, 0x41f7daec, 0x4ffcd7e5, 0x5de1c0fe, 0x53eacdf7, -0x79dbeec8, 0x77d0e3c1, 0x65cdf4da, 0x6bc6f9d3, 0x31afb2a4, 0x3fa4bfad, -0x2db9a8b6, 0x23b2a5bf, 0x09838680, 0x07888b89, 0x15959c92, 0x1b9e919b, -0xa1470a7c, 0xaf4c0775, 0xbd51106e, 0xb35a1d67, 0x996b3e58, 0x97603351, -0x857d244a, 0x8b762943, 0xd11f6234, 0xdf146f3d, 0xcd097826, 0xc302752f, -0xe9335610, 0xe7385b19, 0xf5254c02, 0xfb2e410b, 0x9a8c61d7, 0x94876cde, -0x869a7bc5, 0x889176cc, 0xa2a055f3, 0xacab58fa, 0xbeb64fe1, 0xb0bd42e8, -0xead4099f, 0xe4df0496, 0xf6c2138d, 0xf8c91e84, 0xd2f83dbb, 0xdcf330b2, -0xceee27a9, 0xc0e52aa0, 0x7a3cb147, 0x7437bc4e, 0x662aab55, 0x6821a65c, -0x42108563, 0x4c1b886a, 0x5e069f71, 0x500d9278, 0x0a64d90f, 0x046fd406, -0x1672c31d, 0x1879ce14, 0x3248ed2b, 0x3c43e022, 0x2e5ef739, 0x2055fa30, -0xec01b79a, 0xe20aba93, 0xf017ad88, 0xfe1ca081, 0xd42d83be, 0xda268eb7, -0xc83b99ac, 0xc63094a5, 0x9c59dfd2, 0x9252d2db, 0x804fc5c0, 0x8e44c8c9, -0xa475ebf6, 0xaa7ee6ff, 0xb863f1e4, 0xb668fced, 0x0cb1670a, 0x02ba6a03, -0x10a77d18, 0x1eac7011, 0x349d532e, 0x3a965e27, 0x288b493c, 0x26804435, -0x7ce90f42, 0x72e2024b, 0x60ff1550, 0x6ef41859, 0x44c53b66, 0x4ace366f, -0x58d32174, 0x56d82c7d, 0x377a0ca1, 0x397101a8, 0x2b6c16b3, 0x25671bba, -0x0f563885, 0x015d358c, 0x13402297, 0x1d4b2f9e, 0x472264e9, 0x492969e0, -0x5b347efb, 0x553f73f2, 0x7f0e50cd, 0x71055dc4, 0x63184adf, 0x6d1347d6, -0xd7cadc31, 0xd9c1d138, 0xcbdcc623, 0xc5d7cb2a, 0xefe6e815, 0xe1ede51c, -0xf3f0f207, 0xfdfbff0e, 0xa792b479, 0xa999b970, 0xbb84ae6b, 0xb58fa362, -0x9fbe805d, 0x91b58d54, 0x83a89a4f, 0x8da39746 -}; -#else -static const PRUint32 _IMXC3[256] = -{ -0x00000000, 0x090d0b0e, 0x121a161c, 0x1b171d12, 0x24342c38, 0x2d392736, -0x362e3a24, 0x3f23312a, 0x48685870, 0x4165537e, 0x5a724e6c, 0x537f4562, -0x6c5c7448, 0x65517f46, 0x7e466254, 0x774b695a, 0x90d0b0e0, 0x99ddbbee, -0x82caa6fc, 0x8bc7adf2, 0xb4e49cd8, 0xbde997d6, 0xa6fe8ac4, 0xaff381ca, -0xd8b8e890, 0xd1b5e39e, 0xcaa2fe8c, 0xc3aff582, 0xfc8cc4a8, 0xf581cfa6, -0xee96d2b4, 0xe79bd9ba, 0x3bbb7bdb, 0x32b670d5, 0x29a16dc7, 0x20ac66c9, -0x1f8f57e3, 0x16825ced, 0x0d9541ff, 0x04984af1, 0x73d323ab, 0x7ade28a5, -0x61c935b7, 0x68c43eb9, 0x57e70f93, 0x5eea049d, 0x45fd198f, 0x4cf01281, -0xab6bcb3b, 0xa266c035, 0xb971dd27, 0xb07cd629, 0x8f5fe703, 0x8652ec0d, -0x9d45f11f, 0x9448fa11, 0xe303934b, 0xea0e9845, 0xf1198557, 0xf8148e59, -0xc737bf73, 0xce3ab47d, 0xd52da96f, 0xdc20a261, 0x766df6ad, 0x7f60fda3, -0x6477e0b1, 0x6d7aebbf, 0x5259da95, 0x5b54d19b, 0x4043cc89, 0x494ec787, -0x3e05aedd, 0x3708a5d3, 0x2c1fb8c1, 0x2512b3cf, 0x1a3182e5, 0x133c89eb, -0x082b94f9, 0x01269ff7, 0xe6bd464d, 0xefb04d43, 0xf4a75051, 0xfdaa5b5f, -0xc2896a75, 0xcb84617b, 0xd0937c69, 0xd99e7767, 0xaed51e3d, 0xa7d81533, -0xbccf0821, 0xb5c2032f, 0x8ae13205, 0x83ec390b, 0x98fb2419, 0x91f62f17, -0x4dd68d76, 0x44db8678, 0x5fcc9b6a, 0x56c19064, 0x69e2a14e, 0x60efaa40, -0x7bf8b752, 0x72f5bc5c, 0x05bed506, 0x0cb3de08, 0x17a4c31a, 0x1ea9c814, -0x218af93e, 0x2887f230, 0x3390ef22, 0x3a9de42c, 0xdd063d96, 0xd40b3698, -0xcf1c2b8a, 0xc6112084, 0xf93211ae, 0xf03f1aa0, 0xeb2807b2, 0xe2250cbc, -0x956e65e6, 0x9c636ee8, 0x877473fa, 0x8e7978f4, 0xb15a49de, 0xb85742d0, -0xa3405fc2, 0xaa4d54cc, 0xecdaf741, 0xe5d7fc4f, 0xfec0e15d, 0xf7cdea53, -0xc8eedb79, 0xc1e3d077, 0xdaf4cd65, 0xd3f9c66b, 0xa4b2af31, 0xadbfa43f, -0xb6a8b92d, 0xbfa5b223, 0x80868309, 0x898b8807, 0x929c9515, 0x9b919e1b, -0x7c0a47a1, 0x75074caf, 0x6e1051bd, 0x671d5ab3, 0x583e6b99, 0x51336097, -0x4a247d85, 0x4329768b, 0x34621fd1, 0x3d6f14df, 0x267809cd, 0x2f7502c3, -0x105633e9, 0x195b38e7, 0x024c25f5, 0x0b412efb, 0xd7618c9a, 0xde6c8794, -0xc57b9a86, 0xcc769188, 0xf355a0a2, 0xfa58abac, 0xe14fb6be, 0xe842bdb0, -0x9f09d4ea, 0x9604dfe4, 0x8d13c2f6, 0x841ec9f8, 0xbb3df8d2, 0xb230f3dc, -0xa927eece, 0xa02ae5c0, 0x47b13c7a, 0x4ebc3774, 0x55ab2a66, 0x5ca62168, -0x63851042, 0x6a881b4c, 0x719f065e, 0x78920d50, 0x0fd9640a, 0x06d46f04, -0x1dc37216, 0x14ce7918, 0x2bed4832, 0x22e0433c, 0x39f75e2e, 0x30fa5520, -0x9ab701ec, 0x93ba0ae2, 0x88ad17f0, 0x81a01cfe, 0xbe832dd4, 0xb78e26da, -0xac993bc8, 0xa59430c6, 0xd2df599c, 0xdbd25292, 0xc0c54f80, 0xc9c8448e, -0xf6eb75a4, 0xffe67eaa, 0xe4f163b8, 0xedfc68b6, 0x0a67b10c, 0x036aba02, -0x187da710, 0x1170ac1e, 0x2e539d34, 0x275e963a, 0x3c498b28, 0x35448026, -0x420fe97c, 0x4b02e272, 0x5015ff60, 0x5918f46e, 0x663bc544, 0x6f36ce4a, -0x7421d358, 0x7d2cd856, 0xa10c7a37, 0xa8017139, 0xb3166c2b, 0xba1b6725, -0x8538560f, 0x8c355d01, 0x97224013, 0x9e2f4b1d, 0xe9642247, 0xe0692949, -0xfb7e345b, 0xf2733f55, 0xcd500e7f, 0xc45d0571, 0xdf4a1863, 0xd647136d, -0x31dccad7, 0x38d1c1d9, 0x23c6dccb, 0x2acbd7c5, 0x15e8e6ef, 0x1ce5ede1, -0x07f2f0f3, 0x0efffbfd, 0x79b492a7, 0x70b999a9, 0x6bae84bb, 0x62a38fb5, -0x5d80be9f, 0x548db591, 0x4f9aa883, 0x4697a38d -}; -#endif - -#endif /* RIJNDAEL_INCLUDE_TABLES */ - -#ifdef IS_LITTLE_ENDIAN -static const PRUint32 Rcon[30] = { -0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010, 0x00000020, -0x00000040, 0x00000080, 0x0000001b, 0x00000036, 0x0000006c, 0x000000d8, -0x000000ab, 0x0000004d, 0x0000009a, 0x0000002f, 0x0000005e, 0x000000bc, -0x00000063, 0x000000c6, 0x00000097, 0x00000035, 0x0000006a, 0x000000d4, -0x000000b3, 0x0000007d, 0x000000fa, 0x000000ef, 0x000000c5, 0x00000091 -}; -#else -static const PRUint32 Rcon[30] = { -0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, -0x40000000, 0x80000000, 0x1b000000, 0x36000000, 0x6c000000, 0xd8000000, -0xab000000, 0x4d000000, 0x9a000000, 0x2f000000, 0x5e000000, 0xbc000000, -0x63000000, 0xc6000000, 0x97000000, 0x35000000, 0x6a000000, 0xd4000000, -0xb3000000, 0x7d000000, 0xfa000000, 0xef000000, 0xc5000000, 0x91000000 -}; -#endif - diff --git a/security/nss/lib/freebl/rijndael_tables.c b/security/nss/lib/freebl/rijndael_tables.c deleted file mode 100644 index 6f1957468..000000000 --- a/security/nss/lib/freebl/rijndael_tables.c +++ /dev/null @@ -1,244 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ - -#include "stdio.h" -#include "prtypes.h" -#include "blapi.h" - -/* - * what follows is code thrown together to generate the myriad of tables - * used by Rijndael, the AES cipher. - */ - - -#define WORD_LE(b0, b1, b2, b3) \ - (((b3) << 24) | ((b2) << 16) | ((b1) << 8) | b0) - -#define WORD_BE(b0, b1, b2, b3) \ - (((b0) << 24) | ((b1) << 16) | ((b2) << 8) | b3) - -static const PRUint8 __S[256] = -{ - 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, -202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, -183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, - 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, - 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, - 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, -208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, - 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, -205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, - 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, -224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, -231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, -186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, -112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, -225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, -140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22, -}; - -static const PRUint8 __SInv[256] = -{ - 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251, -124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203, - 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78, - 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37, -114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146, -108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132, -144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6, -208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107, - 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, -150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110, - 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, -252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, - 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, - 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, -160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, - 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125 -}; - -/* GF_MULTIPLY - * - * multiply two bytes represented in GF(2**8), mod (x**4 + 1) - */ -PRUint8 gf_multiply(PRUint8 a, PRUint8 b) -{ - PRUint8 res = 0; - while (b > 0) { - res = (b & 0x01) ? res ^ a : res; - a = (a & 0x80) ? ((a << 1) ^ 0x1b) : (a << 1); - b >>= 1; - } - return res; -} - -void -make_T_Table(char *table, const PRUint8 Sx[256], FILE *file, - unsigned char m0, unsigned char m1, - unsigned char m2, unsigned char m3) -{ - PRUint32 Ti; - int i; - fprintf(file, "#ifdef IS_LITTLE_ENDIAN\n"); - fprintf(file, "static const PRUint32 _T%s[256] = \n{\n", table); - for (i=0; i<256; i++) { - Ti = WORD_LE( gf_multiply(Sx[i], m0), - gf_multiply(Sx[i], m1), - gf_multiply(Sx[i], m2), - gf_multiply(Sx[i], m3) ); - if (Ti == 0) - fprintf(file, "0x00000000%c%c", (i==255)?' ':',', - (i%6==5)?'\n':' '); - else - fprintf(file, "%#.8x%c%c", Ti, (i==255)?' ':',', - (i%6==5)?'\n':' '); - } - fprintf(file, "\n};\n"); - fprintf(file, "#else\n"); - fprintf(file, "static const PRUint32 _T%s[256] = \n{\n", table); - for (i=0; i<256; i++) { - Ti = WORD_BE( gf_multiply(Sx[i], m0), - gf_multiply(Sx[i], m1), - gf_multiply(Sx[i], m2), - gf_multiply(Sx[i], m3) ); - if (Ti == 0) - fprintf(file, "0x00000000%c%c", (i==255)?' ':',', - (i%6==5)?'\n':' '); - else - fprintf(file, "%#.8x%c%c", Ti, (i==255)?' ':',', - (i%6==5)?'\n':' '); - } - fprintf(file, "\n};\n"); - fprintf(file, "#endif\n\n"); -} - -void make_InvMixCol_Table(int num, FILE *file, PRUint8 m0, PRUint8 m1, PRUint8 m2, PRUint8 m3) -{ - PRUint16 i; - PRUint8 b0, b1, b2, b3; - fprintf(file, "#ifdef IS_LITTLE_ENDIAN\n"); - fprintf(file, "static const PRUint32 _IMXC%d[256] = \n{\n", num); - for (i=0; i<256; i++) { - b0 = gf_multiply(i, m0); - b1 = gf_multiply(i, m1); - b2 = gf_multiply(i, m2); - b3 = gf_multiply(i, m3); - fprintf(file, "0x%.2x%.2x%.2x%.2x%c%c", b3, b2, b1, b0, (i==255)?' ':',', (i%6==5)?'\n':' '); - } - fprintf(file, "\n};\n"); - fprintf(file, "#else\n"); - fprintf(file, "static const PRUint32 _IMXC%d[256] = \n{\n", num); - for (i=0; i<256; i++) { - b0 = gf_multiply(i, m0); - b1 = gf_multiply(i, m1); - b2 = gf_multiply(i, m2); - b3 = gf_multiply(i, m3); - fprintf(file, "0x%.2x%.2x%.2x%.2x%c%c", b0, b1, b2, b3, (i==255)?' ':',', (i%6==5)?'\n':' '); - } - fprintf(file, "\n};\n"); - fprintf(file, "#endif\n\n"); -} - -int main() -{ - int i, j; - PRUint8 cur, last; - PRUint32 tmp; - FILE *optfile; - optfile = fopen("rijndael32.tab", "w"); - /* output S, if there are no T tables */ - fprintf(optfile, "#ifndef RIJNDAEL_INCLUDE_TABLES\n"); - fprintf(optfile, "static const PRUint8 _S[256] = \n{\n"); - for (i=0; i<256; i++) { - fprintf(optfile, "%3d%c%c", __S[i],(i==255)?' ':',', - (i%16==15)?'\n':' '); - } - fprintf(optfile, "};\n#endif /* not RIJNDAEL_INCLUDE_TABLES */\n\n"); - /* output S**-1 */ - fprintf(optfile, "static const PRUint8 _SInv[256] = \n{\n"); - for (i=0; i<256; i++) { - fprintf(optfile, "%3d%c%c", __SInv[i],(i==255)?' ':',', - (i%16==15)?'\n':' '); - } - fprintf(optfile, "};\n\n"); - fprintf(optfile, "#ifdef RIJNDAEL_INCLUDE_TABLES\n"); - /* The 32-bit word tables for optimized implementation */ - /* T0 = [ S[a] * 02, S[a], S[a], S[a] * 03 ] */ - make_T_Table("0", __S, optfile, 0x02, 0x01, 0x01, 0x03); - /* T1 = [ S[a] * 03, S[a] * 02, S[a], S[a] ] */ - make_T_Table("1", __S, optfile, 0x03, 0x02, 0x01, 0x01); - /* T2 = [ S[a], S[a] * 03, S[a] * 02, S[a] ] */ - make_T_Table("2", __S, optfile, 0x01, 0x03, 0x02, 0x01); - /* T3 = [ S[a], S[a], S[a] * 03, S[a] * 02 ] */ - make_T_Table("3", __S, optfile, 0x01, 0x01, 0x03, 0x02); - /* TInv0 = [ Si[a] * 0E, Si[a] * 09, Si[a] * 0D, Si[a] * 0B ] */ - make_T_Table("Inv0", __SInv, optfile, 0x0e, 0x09, 0x0d, 0x0b); - /* TInv1 = [ Si[a] * 0B, Si[a] * 0E, Si[a] * 09, Si[a] * 0D ] */ - make_T_Table("Inv1", __SInv, optfile, 0x0b, 0x0e, 0x09, 0x0d); - /* TInv2 = [ Si[a] * 0D, Si[a] * 0B, Si[a] * 0E, Si[a] * 09 ] */ - make_T_Table("Inv2", __SInv, optfile, 0x0d, 0x0b, 0x0e, 0x09); - /* TInv3 = [ Si[a] * 09, Si[a] * 0D, Si[a] * 0B, Si[a] * 0E ] */ - make_T_Table("Inv3", __SInv, optfile, 0x09, 0x0d, 0x0b, 0x0e); - /* byte multiply tables for inverse key expansion (mimics InvMixColumn) */ - make_InvMixCol_Table(0, optfile, 0x0e, 0x09, 0x0d, 0x0b); - make_InvMixCol_Table(1, optfile, 0x0b, 0x0E, 0x09, 0x0d); - make_InvMixCol_Table(2, optfile, 0x0d, 0x0b, 0x0e, 0x09); - make_InvMixCol_Table(3, optfile, 0x09, 0x0d, 0x0b, 0x0e); - fprintf(optfile, "#endif /* RIJNDAEL_INCLUDE_TABLES */\n\n"); - /* round constants for key expansion */ - fprintf(optfile, "#ifdef IS_LITTLE_ENDIAN\n"); - fprintf(optfile, "static const PRUint32 Rcon[30] = {\n"); - cur = 0x01; - for (i=0; i<30; i++) { - fprintf(optfile, "%#.8x%c%c", WORD_LE(cur, 0, 0, 0), - (i==29)?' ':',', (i%6==5)?'\n':' '); - last = cur; - cur = gf_multiply(last, 0x02); - } - fprintf(optfile, "};\n"); - fprintf(optfile, "#else\n"); - fprintf(optfile, "static const PRUint32 Rcon[30] = {\n"); - cur = 0x01; - for (i=0; i<30; i++) { - fprintf(optfile, "%#.8x%c%c", WORD_BE(cur, 0, 0, 0), - (i==29)?' ':',', (i%6==5)?'\n':' '); - last = cur; - cur = gf_multiply(last, 0x02); - } - fprintf(optfile, "};\n"); - fprintf(optfile, "#endif\n\n"); - fclose(optfile); - return 0; -} diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c deleted file mode 100644 index 715a7fcc3..000000000 --- a/security/nss/lib/freebl/rsa.c +++ /dev/null @@ -1,942 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - */ - -/* - * RSA key generation, public key op, private key op. - * - * $Id$ - */ - -#include "secerr.h" - -#include "prclist.h" -#include "nssilock.h" -#include "prinit.h" -#include "blapi.h" -#include "mpi.h" -#include "mpprime.h" -#include "mplogic.h" -#include "secmpi.h" -#include "secitem.h" - -/* -** Number of times to attempt to generate a prime (p or q) from a random -** seed (the seed changes for each iteration). -*/ -#define MAX_PRIME_GEN_ATTEMPTS 10 -/* -** Number of times to attempt to generate a key. The primes p and q change -** for each attempt. -*/ -#define MAX_KEY_GEN_ATTEMPTS 10 - -/* -** RSABlindingParamsStr -** -** For discussion of Paul Kocher's timing attack against an RSA private key -** operation, see http://www.cryptography.com/timingattack/paper.html. The -** countermeasure to this attack, known as blinding, is also discussed in -** the Handbook of Applied Cryptography, 11.118-11.119. -*/ -struct RSABlindingParamsStr -{ - /* Blinding-specific parameters */ - PRCList link; /* link to list of structs */ - SECItem modulus; /* list element "key" */ - mp_int f, g; /* Blinding parameters */ - int counter; /* number of remaining uses of (f, g) */ -}; - -/* -** RSABlindingParamsListStr -** -** List of key-specific blinding params. The arena holds the volatile pool -** of memory for each entry and the list itself. The lock is for list -** operations, in this case insertions and iterations, as well as control -** of the counter for each set of blinding parameters. -*/ -struct RSABlindingParamsListStr -{ - PZLock *lock; /* Lock for the list */ - PRCList head; /* Pointer to the list */ -}; - -/* -** The master blinding params list. -*/ -static struct RSABlindingParamsListStr blindingParamsList = { 0 }; - -/* Number of times to reuse (f, g). Suggested by Paul Kocher */ -#define RSA_BLINDING_PARAMS_MAX_REUSE 50 - -/* Global, allows optional use of blinding. On by default. */ -/* Cannot be changed at the moment, due to thread-safety issues. */ -static PRBool nssRSAUseBlinding = PR_TRUE; - -static SECStatus -rsa_keygen_from_primes(mp_int *p, mp_int *q, mp_int *e, RSAPrivateKey *key, - unsigned int keySizeInBits) -{ - mp_int n, d, phi; - mp_int psub1, qsub1, tmp; - mp_err err = MP_OKAY; - SECStatus rv = SECSuccess; - MP_DIGITS(&n) = 0; - MP_DIGITS(&d) = 0; - MP_DIGITS(&phi) = 0; - MP_DIGITS(&psub1) = 0; - MP_DIGITS(&qsub1) = 0; - MP_DIGITS(&tmp) = 0; - CHECK_MPI_OK( mp_init(&n) ); - CHECK_MPI_OK( mp_init(&d) ); - CHECK_MPI_OK( mp_init(&phi) ); - CHECK_MPI_OK( mp_init(&psub1) ); - CHECK_MPI_OK( mp_init(&qsub1) ); - CHECK_MPI_OK( mp_init(&tmp) ); - /* 1. Compute n = p*q */ - CHECK_MPI_OK( mp_mul(p, q, &n) ); - /* verify that the modulus has the desired number of bits */ - if ((unsigned)mpl_significant_bits(&n) != keySizeInBits) { - PORT_SetError(SEC_ERROR_NEED_RANDOM); - rv = SECFailure; - goto cleanup; - } - /* 2. Compute phi = (p-1)*(q-1) */ - CHECK_MPI_OK( mp_sub_d(p, 1, &psub1) ); - CHECK_MPI_OK( mp_sub_d(q, 1, &qsub1) ); - CHECK_MPI_OK( mp_mul(&psub1, &qsub1, &phi) ); - /* 3. Compute d = e**-1 mod(phi) */ - err = mp_invmod(e, &phi, &d); - /* Verify that phi(n) and e have no common divisors */ - if (err != MP_OKAY) { - if (err == MP_UNDEF) { - PORT_SetError(SEC_ERROR_NEED_RANDOM); - err = MP_OKAY; /* to keep PORT_SetError from being called again */ - rv = SECFailure; - } - goto cleanup; - } - MPINT_TO_SECITEM(&n, &key->modulus, key->arena); - MPINT_TO_SECITEM(&d, &key->privateExponent, key->arena); - /* 4. Compute exponent1 = d mod (p-1) */ - CHECK_MPI_OK( mp_mod(&d, &psub1, &tmp) ); - MPINT_TO_SECITEM(&tmp, &key->exponent1, key->arena); - /* 5. Compute exponent2 = d mod (q-1) */ - CHECK_MPI_OK( mp_mod(&d, &qsub1, &tmp) ); - MPINT_TO_SECITEM(&tmp, &key->exponent2, key->arena); - /* 6. Compute coefficient = q**-1 mod p */ - CHECK_MPI_OK( mp_invmod(q, p, &tmp) ); - MPINT_TO_SECITEM(&tmp, &key->coefficient, key->arena); -cleanup: - mp_clear(&n); - mp_clear(&d); - mp_clear(&phi); - mp_clear(&psub1); - mp_clear(&qsub1); - mp_clear(&tmp); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - return rv; -} -static SECStatus -generate_prime(mp_int *prime, int primeLen) -{ - mp_err err = MP_OKAY; - SECStatus rv = SECSuccess; - unsigned long counter = 0; - int piter; - unsigned char *pb = NULL; - pb = PORT_Alloc(primeLen); - if (!pb) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - goto cleanup; - } - for (piter = 0; piter < MAX_PRIME_GEN_ATTEMPTS; piter++) { - CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(pb, primeLen) ); - pb[0] |= 0xC0; /* set two high-order bits */ - pb[primeLen-1] |= 0x01; /* set low-order bit */ - CHECK_MPI_OK( mp_read_unsigned_octets(prime, pb, primeLen) ); - err = mpp_make_prime(prime, primeLen * 8, PR_FALSE, &counter); - if (err != MP_NO) - goto cleanup; - /* keep going while err == MP_NO */ - } -cleanup: - if (pb) - PORT_ZFree(pb, primeLen); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - return rv; -} - -/* -** Generate and return a new RSA public and private key. -** Both keys are encoded in a single RSAPrivateKey structure. -** "cx" is the random number generator context -** "keySizeInBits" is the size of the key to be generated, in bits. -** 512, 1024, etc. -** "publicExponent" when not NULL is a pointer to some data that -** represents the public exponent to use. The data is a byte -** encoded integer, in "big endian" order. -*/ -RSAPrivateKey * -RSA_NewKey(int keySizeInBits, SECItem *publicExponent) -{ - unsigned int primeLen; - mp_int p, q, e; - int kiter; - mp_err err = MP_OKAY; - SECStatus rv = SECSuccess; - int prerr = 0; - RSAPrivateKey *key = NULL; - PRArenaPool *arena = NULL; - /* Require key size to be a multiple of 16 bits. */ - if (!publicExponent || keySizeInBits % 16 != 0) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - /* 1. Allocate arena & key */ - arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE); - if (!arena) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return NULL; - } - key = (RSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(RSAPrivateKey)); - if (!key) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - PORT_FreeArena(arena, PR_TRUE); - return NULL; - } - key->arena = arena; - /* length of primes p and q (in bytes) */ - primeLen = keySizeInBits / (2 * BITS_PER_BYTE); - MP_DIGITS(&p) = 0; - MP_DIGITS(&q) = 0; - MP_DIGITS(&e) = 0; - CHECK_MPI_OK( mp_init(&p) ); - CHECK_MPI_OK( mp_init(&q) ); - CHECK_MPI_OK( mp_init(&e) ); - /* 2. Set the version number (PKCS1 v1.5 says it should be zero) */ - SECITEM_AllocItem(arena, &key->version, 1); - key->version.data[0] = 0; - /* 3. Set the public exponent */ - SECITEM_CopyItem(arena, &key->publicExponent, publicExponent); - SECITEM_TO_MPINT(*publicExponent, &e); - kiter = 0; - do { - prerr = 0; - PORT_SetError(0); - CHECK_SEC_OK( generate_prime(&p, primeLen) ); - CHECK_SEC_OK( generate_prime(&q, primeLen) ); - /* Assure q < p */ - if (mp_cmp(&p, &q) < 0) - mp_exch(&p, &q); - /* Attempt to use these primes to generate a key */ - rv = rsa_keygen_from_primes(&p, &q, &e, key, keySizeInBits); - if (rv == SECSuccess) - break; /* generated two good primes */ - prerr = PORT_GetError(); - kiter++; - /* loop until have primes */ - } while (prerr == SEC_ERROR_NEED_RANDOM && kiter < MAX_KEY_GEN_ATTEMPTS); - if (prerr) - goto cleanup; - MPINT_TO_SECITEM(&p, &key->prime1, arena); - MPINT_TO_SECITEM(&q, &key->prime2, arena); -cleanup: - mp_clear(&p); - mp_clear(&q); - mp_clear(&e); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - if (rv && arena) { - PORT_FreeArena(arena, PR_TRUE); - key = NULL; - } - return key; -} - -static unsigned int -rsa_modulusLen(SECItem *modulus) -{ - unsigned char byteZero = modulus->data[0]; - unsigned int modLen = modulus->len - !byteZero; - return modLen; -} - -/* -** Perform a raw public-key operation -** Length of input and output buffers are equal to key's modulus len. -*/ -SECStatus -RSA_PublicKeyOp(RSAPublicKey *key, - unsigned char *output, - const unsigned char *input) -{ - unsigned int modLen; - mp_int n, e, m, c; - mp_err err = MP_OKAY; - SECStatus rv = SECSuccess; - if (!key || !output || !input) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - MP_DIGITS(&n) = 0; - MP_DIGITS(&e) = 0; - MP_DIGITS(&m) = 0; - MP_DIGITS(&c) = 0; - CHECK_MPI_OK( mp_init(&n) ); - CHECK_MPI_OK( mp_init(&e) ); - CHECK_MPI_OK( mp_init(&m) ); - CHECK_MPI_OK( mp_init(&c) ); - modLen = rsa_modulusLen(&key->modulus); - /* 1. Obtain public key (n, e) */ - if (rsa_modulusLen(&key->publicExponent) > modLen) { - /* exponent should not be greater than modulus */ - PORT_SetError(SEC_ERROR_INVALID_KEY); - rv = SECFailure; - goto cleanup; - } - SECITEM_TO_MPINT(key->modulus, &n); - SECITEM_TO_MPINT(key->publicExponent, &e); - if (e.used > n.used) { - /* exponent should not be greater than modulus */ - PORT_SetError(SEC_ERROR_INVALID_KEY); - rv = SECFailure; - goto cleanup; - } - /* 2. Represent message as integer in range [0..n-1] */ - CHECK_MPI_OK( mp_read_unsigned_octets(&m, input, modLen) ); - /* 3. Compute c = m**e mod n */ -#ifdef USE_MPI_EXPT_D - /* XXX see which is faster */ - if (MP_USED(&e) == 1) { - CHECK_MPI_OK( mp_exptmod_d(&m, MP_DIGIT(&e, 0), &n, &c) ); - } else -#endif - CHECK_MPI_OK( mp_exptmod(&m, &e, &n, &c) ); - /* 4. result c is ciphertext */ - err = mp_to_fixlen_octets(&c, output, modLen); - if (err >= 0) err = MP_OKAY; -cleanup: - mp_clear(&n); - mp_clear(&e); - mp_clear(&m); - mp_clear(&c); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - return rv; -} - -/* -** RSA Private key operation (no CRT). -*/ -static SECStatus -rsa_PrivateKeyOpNoCRT(RSAPrivateKey *key, mp_int *m, mp_int *c, mp_int *n, - unsigned int modLen) -{ - mp_int d; - mp_err err = MP_OKAY; - SECStatus rv = SECSuccess; - MP_DIGITS(&d) = 0; - CHECK_MPI_OK( mp_init(&d) ); - SECITEM_TO_MPINT(key->privateExponent, &d); - /* 1. m = c**d mod n */ - CHECK_MPI_OK( mp_exptmod(c, &d, n, m) ); -cleanup: - mp_clear(&d); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - return rv; -} - -/* -** RSA Private key operation using CRT. -*/ -static SECStatus -rsa_PrivateKeyOpCRTNoCheck(RSAPrivateKey *key, mp_int *m, mp_int *c) -{ - mp_int p, q, d_p, d_q, qInv; - mp_int m1, m2, h, ctmp; - mp_err err = MP_OKAY; - SECStatus rv = SECSuccess; - MP_DIGITS(&p) = 0; - MP_DIGITS(&q) = 0; - MP_DIGITS(&d_p) = 0; - MP_DIGITS(&d_q) = 0; - MP_DIGITS(&qInv) = 0; - MP_DIGITS(&m1) = 0; - MP_DIGITS(&m2) = 0; - MP_DIGITS(&h) = 0; - MP_DIGITS(&ctmp) = 0; - CHECK_MPI_OK( mp_init(&p) ); - CHECK_MPI_OK( mp_init(&q) ); - CHECK_MPI_OK( mp_init(&d_p) ); - CHECK_MPI_OK( mp_init(&d_q) ); - CHECK_MPI_OK( mp_init(&qInv) ); - CHECK_MPI_OK( mp_init(&m1) ); - CHECK_MPI_OK( mp_init(&m2) ); - CHECK_MPI_OK( mp_init(&h) ); - CHECK_MPI_OK( mp_init(&ctmp) ); - /* copy private key parameters into mp integers */ - SECITEM_TO_MPINT(key->prime1, &p); /* p */ - SECITEM_TO_MPINT(key->prime2, &q); /* q */ - SECITEM_TO_MPINT(key->exponent1, &d_p); /* d_p = d mod (p-1) */ - SECITEM_TO_MPINT(key->exponent2, &d_q); /* d_q = d mod (q-1) */ - SECITEM_TO_MPINT(key->coefficient, &qInv); /* qInv = q**-1 mod p */ - /* 1. m1 = c**d_p mod p */ - CHECK_MPI_OK( mp_mod(c, &p, &ctmp) ); - CHECK_MPI_OK( mp_exptmod(&ctmp, &d_p, &p, &m1) ); - /* 2. m2 = c**d_q mod q */ - CHECK_MPI_OK( mp_mod(c, &q, &ctmp) ); - CHECK_MPI_OK( mp_exptmod(&ctmp, &d_q, &q, &m2) ); - /* 3. h = (m1 - m2) * qInv mod p */ - CHECK_MPI_OK( mp_submod(&m1, &m2, &p, &h) ); - CHECK_MPI_OK( mp_mulmod(&h, &qInv, &p, &h) ); - /* 4. m = m2 + h * q */ - CHECK_MPI_OK( mp_mul(&h, &q, m) ); - CHECK_MPI_OK( mp_add(m, &m2, m) ); -cleanup: - mp_clear(&p); - mp_clear(&q); - mp_clear(&d_p); - mp_clear(&d_q); - mp_clear(&qInv); - mp_clear(&m1); - mp_clear(&m2); - mp_clear(&h); - mp_clear(&ctmp); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - return rv; -} - -/* -** An attack against RSA CRT was described by Boneh, DeMillo, and Lipton in: -** "On the Importance of Eliminating Errors in Cryptographic Computations", -** http://theory.stanford.edu/~dabo/papers/faults.ps.gz -** -** As a defense against the attack, carry out the private key operation, -** followed up with a public key operation to invert the result. -** Verify that result against the input. -*/ -static SECStatus -rsa_PrivateKeyOpCRTCheckedPubKey(RSAPrivateKey *key, mp_int *m, mp_int *c) -{ - mp_int n, e, v; - mp_err err = MP_OKAY; - SECStatus rv = SECSuccess; - MP_DIGITS(&n) = 0; - MP_DIGITS(&e) = 0; - MP_DIGITS(&v) = 0; - CHECK_MPI_OK( mp_init(&n) ); - CHECK_MPI_OK( mp_init(&e) ); - CHECK_MPI_OK( mp_init(&v) ); - CHECK_SEC_OK( rsa_PrivateKeyOpCRTNoCheck(key, m, c) ); - SECITEM_TO_MPINT(key->modulus, &n); - SECITEM_TO_MPINT(key->publicExponent, &e); - /* Perform a public key operation v = m ** e mod n */ - CHECK_MPI_OK( mp_exptmod(m, &e, &n, &v) ); - if (mp_cmp(&v, c) != 0) { - rv = SECFailure; - } -cleanup: - mp_clear(&n); - mp_clear(&e); - mp_clear(&v); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - return rv; -} - -static PRCallOnceType coBPInit = { 0, 0, 0 }; -static PRStatus -init_blinding_params_list(void) -{ - blindingParamsList.lock = PZ_NewLock(nssILockOther); - if (!blindingParamsList.lock) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return PR_FAILURE; - } - PR_INIT_CLIST(&blindingParamsList.head); - return PR_SUCCESS; -} - -static SECStatus -generate_blinding_params(struct RSABlindingParamsStr *rsabp, - RSAPrivateKey *key, mp_int *n, unsigned int modLen) -{ - SECStatus rv = SECSuccess; - mp_int e, k; - mp_err err = MP_OKAY; - unsigned char *kb = NULL; - MP_DIGITS(&e) = 0; - MP_DIGITS(&k) = 0; - CHECK_MPI_OK( mp_init(&e) ); - CHECK_MPI_OK( mp_init(&k) ); - SECITEM_TO_MPINT(key->publicExponent, &e); - /* generate random k < n */ - kb = PORT_Alloc(modLen); - if (!kb) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - goto cleanup; - } - CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(kb, modLen) ); - CHECK_MPI_OK( mp_read_unsigned_octets(&k, kb, modLen) ); - /* k < n */ - CHECK_MPI_OK( mp_mod(&k, n, &k) ); - /* f = k**e mod n */ - CHECK_MPI_OK( mp_exptmod(&k, &e, n, &rsabp->f) ); - /* g = k**-1 mod n */ - CHECK_MPI_OK( mp_invmod(&k, n, &rsabp->g) ); - /* Initialize the counter for this (f, g) */ - rsabp->counter = RSA_BLINDING_PARAMS_MAX_REUSE; -cleanup: - if (kb) - PORT_ZFree(kb, modLen); - mp_clear(&k); - mp_clear(&e); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - return rv; -} - -static SECStatus -init_blinding_params(struct RSABlindingParamsStr *rsabp, RSAPrivateKey *key, - mp_int *n, unsigned int modLen) -{ - SECStatus rv = SECSuccess; - mp_err err = MP_OKAY; - MP_DIGITS(&rsabp->f) = 0; - MP_DIGITS(&rsabp->g) = 0; - /* initialize blinding parameters */ - CHECK_MPI_OK( mp_init(&rsabp->f) ); - CHECK_MPI_OK( mp_init(&rsabp->g) ); - /* List elements are keyed using the modulus */ - SECITEM_CopyItem(NULL, &rsabp->modulus, &key->modulus); - CHECK_SEC_OK( generate_blinding_params(rsabp, key, n, modLen) ); - return SECSuccess; -cleanup: - mp_clear(&rsabp->f); - mp_clear(&rsabp->g); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - return rv; -} - -static SECStatus -get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen, - mp_int *f, mp_int *g) -{ - SECStatus rv = SECSuccess; - mp_err err = MP_OKAY; - int cmp; - PRCList *el; - struct RSABlindingParamsStr *rsabp = NULL; - /* Init the list if neccessary (the init function is only called once!) */ - if (blindingParamsList.lock == NULL) { - if (PR_CallOnce(&coBPInit, init_blinding_params_list) != PR_SUCCESS) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } - } - /* Acquire the list lock */ - PZ_Lock(blindingParamsList.lock); - /* Walk the list looking for the private key */ - for (el = PR_NEXT_LINK(&blindingParamsList.head); - el != &blindingParamsList.head; - el = PR_NEXT_LINK(el)) { - rsabp = (struct RSABlindingParamsStr *)el; - cmp = SECITEM_CompareItem(&rsabp->modulus, &key->modulus); - if (cmp == 0) { - /* Check the usage counter for the parameters */ - if (--rsabp->counter <= 0) { - /* Regenerate the blinding parameters */ - CHECK_SEC_OK( generate_blinding_params(rsabp, key, n, modLen) ); - } - /* Return the parameters */ - CHECK_MPI_OK( mp_copy(&rsabp->f, f) ); - CHECK_MPI_OK( mp_copy(&rsabp->g, g) ); - /* Now that the params are located, release the list lock. */ - PZ_Unlock(blindingParamsList.lock); /* XXX when fails? */ - return SECSuccess; - } else if (cmp > 0) { - /* The key is not in the list. Break to param creation. */ - break; - } - } - /* At this point, the key is not in the list. el should point to the - ** list element that this key should be inserted before. NOTE: the list - ** lock is still held, so there cannot be a race condition here. - */ - rsabp = (struct RSABlindingParamsStr *) - PORT_ZAlloc(sizeof(struct RSABlindingParamsStr)); - if (!rsabp) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - goto cleanup; - } - /* Initialize the list pointer for the element */ - PR_INIT_CLIST(&rsabp->link); - /* Initialize the blinding parameters - ** This ties up the list lock while doing some heavy, element-specific - ** operations, but we don't want to insert the element until it is valid, - ** which requires computing the blinding params. If this proves costly, - ** it could be done after the list lock is released, and then if it fails - ** the lock would have to be reobtained and the invalid element removed. - */ - rv = init_blinding_params(rsabp, key, n, modLen); - if (rv != SECSuccess) { - PORT_ZFree(rsabp, sizeof(struct RSABlindingParamsStr)); - goto cleanup; - } - /* Insert the new element into the list - ** If inserting in the middle of the list, el points to the link - ** to insert before. Otherwise, the link needs to be appended to - ** the end of the list, which is the same as inserting before the - ** head (since el would have looped back to the head). - */ - PR_INSERT_BEFORE(&rsabp->link, el); - /* Return the parameters */ - CHECK_MPI_OK( mp_copy(&rsabp->f, f) ); - CHECK_MPI_OK( mp_copy(&rsabp->g, g) ); - /* Release the list lock */ - PZ_Unlock(blindingParamsList.lock); /* XXX when fails? */ - return SECSuccess; -cleanup: - /* It is possible to reach this after the lock is already released. - ** Ignore the error in that case. - */ - PZ_Unlock(blindingParamsList.lock); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - return SECFailure; -} - -/* -** Perform a raw private-key operation -** Length of input and output buffers are equal to key's modulus len. -*/ -static SECStatus -rsa_PrivateKeyOp(RSAPrivateKey *key, - unsigned char *output, - const unsigned char *input, - PRBool check) -{ - unsigned int modLen; - unsigned int offset; - SECStatus rv = SECSuccess; - mp_err err; - mp_int n, c, m; - mp_int f, g; - if (!key || !output || !input) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - /* check input out of range (needs to be in range [0..n-1]) */ - modLen = rsa_modulusLen(&key->modulus); - offset = (key->modulus.data[0] == 0) ? 1 : 0; /* may be leading 0 */ - if (memcmp(input, key->modulus.data + offset, modLen) >= 0) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - MP_DIGITS(&n) = 0; - MP_DIGITS(&c) = 0; - MP_DIGITS(&m) = 0; - MP_DIGITS(&f) = 0; - MP_DIGITS(&g) = 0; - CHECK_MPI_OK( mp_init(&n) ); - CHECK_MPI_OK( mp_init(&c) ); - CHECK_MPI_OK( mp_init(&m) ); - CHECK_MPI_OK( mp_init(&f) ); - CHECK_MPI_OK( mp_init(&g) ); - SECITEM_TO_MPINT(key->modulus, &n); - OCTETS_TO_MPINT(input, &c, modLen); - /* If blinding, compute pre-image of ciphertext by multiplying by - ** blinding factor - */ - if (nssRSAUseBlinding) { - CHECK_SEC_OK( get_blinding_params(key, &n, modLen, &f, &g) ); - /* c' = c*f mod n */ - CHECK_MPI_OK( mp_mulmod(&c, &f, &n, &c) ); - } - /* Do the private key operation m = c**d mod n */ - if ( key->prime1.len == 0 || - key->prime2.len == 0 || - key->exponent1.len == 0 || - key->exponent2.len == 0 || - key->coefficient.len == 0) { - CHECK_SEC_OK( rsa_PrivateKeyOpNoCRT(key, &m, &c, &n, modLen) ); - } else if (check) { - CHECK_SEC_OK( rsa_PrivateKeyOpCRTCheckedPubKey(key, &m, &c) ); - } else { - CHECK_SEC_OK( rsa_PrivateKeyOpCRTNoCheck(key, &m, &c) ); - } - /* If blinding, compute post-image of plaintext by multiplying by - ** blinding factor - */ - if (nssRSAUseBlinding) { - /* m = m'*g mod n */ - CHECK_MPI_OK( mp_mulmod(&m, &g, &n, &m) ); - } - err = mp_to_fixlen_octets(&m, output, modLen); - if (err >= 0) err = MP_OKAY; -cleanup: - mp_clear(&n); - mp_clear(&c); - mp_clear(&m); - mp_clear(&f); - mp_clear(&g); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - return rv; -} - -SECStatus -RSA_PrivateKeyOp(RSAPrivateKey *key, - unsigned char *output, - const unsigned char *input) -{ - return rsa_PrivateKeyOp(key, output, input, PR_FALSE); -} - -SECStatus -RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key, - unsigned char *output, - const unsigned char *input) -{ - return rsa_PrivateKeyOp(key, output, input, PR_TRUE); -} - -static SECStatus -swap_in_key_value(PRArenaPool *arena, mp_int *mpval, SECItem *buffer) -{ - int len; - mp_err err = MP_OKAY; - memset(buffer->data, 0, buffer->len); - len = mp_unsigned_octet_size(mpval); - if (len <= 0) return SECFailure; - if ((unsigned int)len <= buffer->len) { - /* The new value is no longer than the old buffer, so use it */ - err = mp_to_unsigned_octets(mpval, buffer->data, len); - if (err >= 0) err = MP_OKAY; - buffer->len = len; - } else if (arena) { - /* The new value is longer, but working within an arena */ - (void)SECITEM_AllocItem(arena, buffer, len); - err = mp_to_unsigned_octets(mpval, buffer->data, len); - if (err >= 0) err = MP_OKAY; - } else { - /* The new value is longer, no arena, can't handle this key */ - return SECFailure; - } - return (err == MP_OKAY) ? SECSuccess : SECFailure; -} - -SECStatus -RSA_PrivateKeyCheck(RSAPrivateKey *key) -{ - mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res; - mp_err err = MP_OKAY; - SECStatus rv = SECSuccess; - MP_DIGITS(&n) = 0; - MP_DIGITS(&psub1)= 0; - MP_DIGITS(&qsub1)= 0; - MP_DIGITS(&e) = 0; - MP_DIGITS(&d) = 0; - MP_DIGITS(&d_p) = 0; - MP_DIGITS(&d_q) = 0; - MP_DIGITS(&qInv) = 0; - MP_DIGITS(&res) = 0; - CHECK_MPI_OK( mp_init(&n) ); - CHECK_MPI_OK( mp_init(&p) ); - CHECK_MPI_OK( mp_init(&q) ); - CHECK_MPI_OK( mp_init(&psub1)); - CHECK_MPI_OK( mp_init(&qsub1)); - CHECK_MPI_OK( mp_init(&e) ); - CHECK_MPI_OK( mp_init(&d) ); - CHECK_MPI_OK( mp_init(&d_p) ); - CHECK_MPI_OK( mp_init(&d_q) ); - CHECK_MPI_OK( mp_init(&qInv) ); - CHECK_MPI_OK( mp_init(&res) ); - SECITEM_TO_MPINT(key->modulus, &n); - SECITEM_TO_MPINT(key->prime1, &p); - SECITEM_TO_MPINT(key->prime2, &q); - SECITEM_TO_MPINT(key->publicExponent, &e); - SECITEM_TO_MPINT(key->privateExponent, &d); - SECITEM_TO_MPINT(key->exponent1, &d_p); - SECITEM_TO_MPINT(key->exponent2, &d_q); - SECITEM_TO_MPINT(key->coefficient, &qInv); - /* p > q */ - if (mp_cmp(&p, &q) <= 0) { - /* mind the p's and q's (and d_p's and d_q's) */ - SECItem tmp; - mp_exch(&p, &q); - mp_exch(&d_p,&d_q); - tmp = key->prime1; - key->prime1 = key->prime2; - key->prime2 = tmp; - tmp = key->exponent1; - key->exponent1 = key->exponent2; - key->exponent2 = tmp; - } -#define VERIFY_MPI_EQUAL(m1, m2) \ - if (mp_cmp(m1, m2) != 0) { \ - rv = SECFailure; \ - goto cleanup; \ - } -#define VERIFY_MPI_EQUAL_1(m) \ - if (mp_cmp_d(m, 1) != 0) { \ - rv = SECFailure; \ - goto cleanup; \ - } - /* - * The following errors cannot be recovered from. - */ - /* n == p * q */ - CHECK_MPI_OK( mp_mul(&p, &q, &res) ); - VERIFY_MPI_EQUAL(&res, &n); - /* gcd(e, p-1) == 1 */ - CHECK_MPI_OK( mp_sub_d(&p, 1, &psub1) ); - CHECK_MPI_OK( mp_gcd(&e, &psub1, &res) ); - VERIFY_MPI_EQUAL_1(&res); - /* gcd(e, q-1) == 1 */ - CHECK_MPI_OK( mp_sub_d(&q, 1, &qsub1) ); - CHECK_MPI_OK( mp_gcd(&e, &qsub1, &res) ); - VERIFY_MPI_EQUAL_1(&res); - /* d*e == 1 mod p-1 */ - CHECK_MPI_OK( mp_mulmod(&d, &e, &psub1, &res) ); - VERIFY_MPI_EQUAL_1(&res); - /* d*e == 1 mod q-1 */ - CHECK_MPI_OK( mp_mulmod(&d, &e, &qsub1, &res) ); - VERIFY_MPI_EQUAL_1(&res); - /* - * The following errors can be recovered from. - */ - /* d_p == d mod p-1 */ - CHECK_MPI_OK( mp_mod(&d, &psub1, &res) ); - if (mp_cmp(&d_p, &res) != 0) { - /* swap in the correct value */ - CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent1) ); - } - /* d_q == d mod q-1 */ - CHECK_MPI_OK( mp_mod(&d, &qsub1, &res) ); - if (mp_cmp(&d_q, &res) != 0) { - /* swap in the correct value */ - CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent2) ); - } - /* q * q**-1 == 1 mod p */ - CHECK_MPI_OK( mp_mulmod(&q, &qInv, &p, &res) ); - if (mp_cmp_d(&res, 1) != 0) { - /* compute the correct value */ - CHECK_MPI_OK( mp_invmod(&q, &p, &qInv) ); - CHECK_SEC_OK( swap_in_key_value(key->arena, &qInv, &key->coefficient) ); - } -cleanup: - mp_clear(&n); - mp_clear(&p); - mp_clear(&q); - mp_clear(&psub1); - mp_clear(&qsub1); - mp_clear(&e); - mp_clear(&d); - mp_clear(&d_p); - mp_clear(&d_q); - mp_clear(&qInv); - mp_clear(&res); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } - return rv; -} - -/* cleanup at shutdown */ -void RSA_Cleanup(void) -{ - if (!coBPInit.initialized) - return; - - while (!PR_CLIST_IS_EMPTY(&blindingParamsList.head)) - { - struct RSABlindingParamsStr * rsabp = (struct RSABlindingParamsStr *) - PR_LIST_HEAD(&blindingParamsList.head); - PR_REMOVE_LINK(&rsabp->link); - mp_clear(&rsabp->f); - mp_clear(&rsabp->g); - SECITEM_FreeItem(&rsabp->modulus,PR_FALSE); - PORT_Free(rsabp); - } - - if (blindingParamsList.lock) - { - PZ_DestroyLock(blindingParamsList.lock); - blindingParamsList.lock = NULL; - } - - coBPInit.initialized = 0; - coBPInit.inProgress = 0; - coBPInit.status = 0; -} - -/* - * need a central place for this function to free up all the memory that - * free_bl may have allocated along the way. Currently only RSA does this, - * so I've put it here for now. - */ -void BL_Cleanup(void) -{ - RSA_Cleanup(); -} diff --git a/security/nss/lib/freebl/secmpi.h b/security/nss/lib/freebl/secmpi.h deleted file mode 100644 index cddcbb03d..000000000 --- a/security/nss/lib/freebl/secmpi.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "mpi.h" - -#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup - -#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup - -#define OCTETS_TO_MPINT(oc, mp, len) \ - CHECK_MPI_OK(mp_read_unsigned_octets((mp), oc, len)) - -#define SECITEM_TO_MPINT(it, mp) \ - CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len)) - -#define MPINT_TO_SECITEM(mp, it, arena) \ - SECITEM_AllocItem(arena, (it), mp_unsigned_octet_size(mp)); \ - err = mp_to_unsigned_octets(mp, (it)->data, (it)->len); \ - if (err < 0) goto cleanup; else err = MP_OKAY; - -#define MP_TO_SEC_ERROR(err) \ - switch (err) { \ - case MP_MEM: PORT_SetError(SEC_ERROR_NO_MEMORY); break; \ - case MP_RANGE: PORT_SetError(SEC_ERROR_BAD_DATA); break; \ - case MP_BADARG: PORT_SetError(SEC_ERROR_INVALID_ARGS); break; \ - default: PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); break; \ - } diff --git a/security/nss/lib/freebl/secrng.h b/security/nss/lib/freebl/secrng.h deleted file mode 100644 index a7e9aed4a..000000000 --- a/security/nss/lib/freebl/secrng.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#ifndef _SECRNG_H_ -#define _SECRNG_H_ -/* - * secrng.h - public data structures and prototypes for the secure random - * number generator - * - * $Id$ - */ - -/******************************************/ -/* -** Random number generation. A cryptographically strong random number -** generator. -*/ - -#include "blapi.h" - -SEC_BEGIN_PROTOS - -/* -** The following 3 functions are provided by the security library -** but are differently implemented for the UNIX, Mac and Win -** versions -*/ - -/* -** Get the "noisiest" information available on the system. -** The amount of data returned depends on the system implementation. -** It will not exceed maxbytes, but may be (much) less. -** Returns number of noise bytes copied into buf, or zero if error. -*/ -extern size_t RNG_GetNoise(void *buf, size_t maxbytes); - -/* -** RNG_SystemInfoForRNG should be called before any use of SSL. It -** gathers up the system specific information to help seed the -** state of the global random number generator. -*/ -extern void RNG_SystemInfoForRNG(void); - -/* -** Use the contents (and stat) of a file to help seed the -** global random number generator. -*/ -extern void RNG_FileForRNG(const char *filename); - -SEC_END_PROTOS - -#endif /* _SECRNG_H_ */ diff --git a/security/nss/lib/freebl/sha.c b/security/nss/lib/freebl/sha.c deleted file mode 100644 index c8480c72c..000000000 --- a/security/nss/lib/freebl/sha.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is SHA 180-1 Reference Implementation (Compact version) - * - * The Initial Developer of the Original Code is Paul Kocher of - * Cryptography Research. Portions created by Paul Kocher are - * Copyright (C) 1995-9 by Cryptography Research, Inc. All - * Rights Reserved. - * - * Contributor(s): - * - * Paul Kocher - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "sha.h" - -static void shaHashBlock(SHA_CTX *ctx); - -void shaInit(SHA_CTX *ctx) { - int i; - - ctx->lenW = 0; - ctx->sizeHi = ctx->sizeLo = 0; - - /* Initialize H with the magic constants (see FIPS180 for constants) - */ - ctx->H[0] = 0x67452301L; - ctx->H[1] = 0xefcdab89L; - ctx->H[2] = 0x98badcfeL; - ctx->H[3] = 0x10325476L; - ctx->H[4] = 0xc3d2e1f0L; - - for (i = 0; i < 80; i++) - ctx->W[i] = 0; -} - - -void shaUpdate(SHA_CTX *ctx, unsigned char *dataIn, int len) { - int i; - - /* Read the data into W and process blocks as they get full - */ - for (i = 0; i < len; i++) { - ctx->W[ctx->lenW / 4] <<= 8; - ctx->W[ctx->lenW / 4] |= (unsigned long)dataIn[i]; - if ((++ctx->lenW) % 64 == 0) { - shaHashBlock(ctx); - ctx->lenW = 0; - } - ctx->sizeLo += 8; - ctx->sizeHi += (ctx->sizeLo < 8); - } -} - - -void shaFinal(SHA_CTX *ctx, unsigned char hashout[20]) { - unsigned char pad0x80 = 0x80; - unsigned char pad0x00 = 0x00; - unsigned char padlen[8]; - int i; - - /* Pad with a binary 1 (e.g. 0x80), then zeroes, then length - */ - padlen[0] = (unsigned char)((ctx->sizeHi >> 24) & 255); - padlen[1] = (unsigned char)((ctx->sizeHi >> 16) & 255); - padlen[2] = (unsigned char)((ctx->sizeHi >> 8) & 255); - padlen[3] = (unsigned char)((ctx->sizeHi >> 0) & 255); - padlen[4] = (unsigned char)((ctx->sizeLo >> 24) & 255); - padlen[5] = (unsigned char)((ctx->sizeLo >> 16) & 255); - padlen[6] = (unsigned char)((ctx->sizeLo >> 8) & 255); - padlen[7] = (unsigned char)((ctx->sizeLo >> 0) & 255); - shaUpdate(ctx, &pad0x80, 1); - while (ctx->lenW != 56) - shaUpdate(ctx, &pad0x00, 1); - shaUpdate(ctx, padlen, 8); - - /* Output hash - */ - for (i = 0; i < 20; i++) { - hashout[i] = (unsigned char)(ctx->H[i / 4] >> 24); - ctx->H[i / 4] <<= 8; - } - - /* - * Re-initialize the context (also zeroizes contents) - */ - shaInit(ctx); -} - - -void shaBlock(unsigned char *dataIn, int len, unsigned char hashout[20]) { - SHA_CTX ctx; - - shaInit(&ctx); - shaUpdate(&ctx, dataIn, len); - shaFinal(&ctx, hashout); -} - - -#define SHA_ROTL(X,n) (((X) << (n)) | ((X) >> (32-(n)))) - -static void shaHashBlock(SHA_CTX *ctx) { - int t; - unsigned long A,B,C,D,E,TEMP; - - for (t = 16; t <= 79; t++) - ctx->W[t] = - SHA_ROTL(ctx->W[t-3] ^ ctx->W[t-8] ^ ctx->W[t-14] ^ ctx->W[t-16], 1); - - A = ctx->H[0]; - B = ctx->H[1]; - C = ctx->H[2]; - D = ctx->H[3]; - E = ctx->H[4]; - - for (t = 0; t <= 19; t++) { - TEMP = SHA_ROTL(A,5) + (((C^D)&B)^D) + E + ctx->W[t] + 0x5a827999L; - E = D; D = C; C = SHA_ROTL(B, 30); B = A; A = TEMP; - } - for (t = 20; t <= 39; t++) { - TEMP = SHA_ROTL(A,5) + (B^C^D) + E + ctx->W[t] + 0x6ed9eba1L; - E = D; D = C; C = SHA_ROTL(B, 30); B = A; A = TEMP; - } - for (t = 40; t <= 59; t++) { - TEMP = SHA_ROTL(A,5) + ((B&C)|(D&(B|C))) + E + ctx->W[t] + 0x8f1bbcdcL; - E = D; D = C; C = SHA_ROTL(B, 30); B = A; A = TEMP; - } - for (t = 60; t <= 79; t++) { - TEMP = SHA_ROTL(A,5) + (B^C^D) + E + ctx->W[t] + 0xca62c1d6L; - E = D; D = C; C = SHA_ROTL(B, 30); B = A; A = TEMP; - } - - ctx->H[0] += A; - ctx->H[1] += B; - ctx->H[2] += C; - ctx->H[3] += D; - ctx->H[4] += E; -} - diff --git a/security/nss/lib/freebl/sha.h b/security/nss/lib/freebl/sha.h deleted file mode 100644 index 0522a00b2..000000000 --- a/security/nss/lib/freebl/sha.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is SHA 180-1 Header File - * - * The Initial Developer of the Original Code is Paul Kocher of - * Cryptography Research. Portions created by Paul Kocher are - * Copyright (C) 1995-9 by Cryptography Research, Inc. All - * Rights Reserved. - * - * Contributor(s): - * - * Paul Kocher - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -typedef struct { - unsigned long H[5]; - unsigned long W[80]; - int lenW; - unsigned long sizeHi,sizeLo; -} SHA_CTX; - - -void shaInit(SHA_CTX *ctx); -void shaUpdate(SHA_CTX *ctx, unsigned char *dataIn, int len); -void shaFinal(SHA_CTX *ctx, unsigned char hashout[20]); -void shaBlock(unsigned char *dataIn, int len, unsigned char hashout[20]); - diff --git a/security/nss/lib/freebl/sha512.c b/security/nss/lib/freebl/sha512.c deleted file mode 100644 index e52652284..000000000 --- a/security/nss/lib/freebl/sha512.c +++ /dev/null @@ -1,1371 +0,0 @@ -/* - * sha512.c - implementation of SHA256, SHA384 and SHA512 - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2002 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ -#include "prcpucfg.h" -#if defined(_X86_) || defined(SHA_NO_LONG_LONG) -#define NOUNROLL512 1 -#undef HAVE_LONG_LONG -#endif -#include "prtypes.h" /* for PRUintXX */ -#include "secport.h" /* for PORT_XXX */ -#include "blapi.h" - -/* ============= Common constants and defines ======================= */ - -#define W ctx->u.w -#define B ctx->u.b -#define H ctx->h - -#define SHR(x,n) (x >> n) -#define SHL(x,n) (x << n) -#define Ch(x,y,z) ((x & y) ^ (~x & z)) -#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) - -/* Padding used with all flavors of SHA */ -static const PRUint8 pad[240] = { -0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 - /* compiler will fill the rest in with zeros */ -}; - -/* ============= SHA256 implemenmtation ================================== */ - -/* SHA-256 constants, K256. */ -static const PRUint32 K256[64] = { - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -}; - -/* SHA-256 initial hash values */ -static const PRUint32 H256[8] = { - 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, - 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 -}; - -struct SHA256ContextStr { - union { - PRUint32 w[64]; /* message schedule, input buffer, plus 48 words */ - PRUint8 b[256]; - } u; - PRUint32 h[8]; /* 8 state variables */ - PRUint32 sizeHi,sizeLo; /* 64-bit count of hashed bytes. */ -}; - -#if defined(_MSC_VER) && defined(_X86_) -#ifndef FORCEINLINE -#if (MSC_VER >= 1200) -#define FORCEINLINE __forceinline -#else -#define FORCEINLINE __inline -#endif -#endif -#define FASTCALL __fastcall - -static FORCEINLINE PRUint32 FASTCALL -swap4b(PRUint32 dwd) -{ - __asm { - mov eax,dwd - bswap eax - } -} - -#define SHA_HTONL(x) swap4b(x) -#define BYTESWAP4(x) x = SHA_HTONL(x) - -#elif defined(LINUX) && defined(_X86_) -#undef __OPTIMIZE__ -#define __OPTIMIZE__ 1 -#undef __pentium__ -#define __pentium__ 1 -#include -#define SHA_HTONL(x) bswap_32(x) -#define BYTESWAP4(x) x = SHA_HTONL(x) - -#else /* neither windows nor Linux PC */ -#define SWAP4MASK 0x00FF00FF -#define SHA_HTONL(x) (t1 = (x), t1 = (t1 << 16) | (t1 >> 16), \ - ((t1 & SWAP4MASK) << 8) | ((t1 >> 8) & SWAP4MASK)) -#define BYTESWAP4(x) x = SHA_HTONL(x) -#endif - -#if defined(_MSC_VER) && defined(_X86_) -#pragma intrinsic (_lrotr, _lrotl) -#define ROTR32(x,n) _lrotr(x,n) -#define ROTL32(x,n) _lrotl(x,n) -#else -#define ROTR32(x,n) ((x >> n) | (x << ((8 * sizeof x) - n))) -#define ROTL32(x,n) ((x << n) | (x >> ((8 * sizeof x) - n))) -#endif - -/* Capitol Sigma and lower case sigma functions */ -#define S0(x) (ROTR32(x, 2) ^ ROTR32(x,13) ^ ROTR32(x,22)) -#define S1(x) (ROTR32(x, 6) ^ ROTR32(x,11) ^ ROTR32(x,25)) -#define s0(x) (t1 = x, ROTR32(t1, 7) ^ ROTR32(t1,18) ^ SHR(t1, 3)) -#define s1(x) (t2 = x, ROTR32(t2,17) ^ ROTR32(t2,19) ^ SHR(t2,10)) - -SHA256Context * -SHA256_NewContext(void) -{ - SHA256Context *ctx = PORT_New(SHA256Context); - return ctx; -} - -void -SHA256_DestroyContext(SHA256Context *ctx, PRBool freeit) -{ - if (freeit) { - PORT_ZFree(ctx, sizeof *ctx); - } -} - -void -SHA256_Begin(SHA256Context *ctx) -{ - memset(ctx, 0, sizeof *ctx); - memcpy(H, H256, sizeof H256); -} - -static void -SHA256_Compress(SHA256Context *ctx) -{ - { - register PRUint32 t1, t2; - -#if defined(IS_LITTLE_ENDIAN) - BYTESWAP4(W[0]); - BYTESWAP4(W[1]); - BYTESWAP4(W[2]); - BYTESWAP4(W[3]); - BYTESWAP4(W[4]); - BYTESWAP4(W[5]); - BYTESWAP4(W[6]); - BYTESWAP4(W[7]); - BYTESWAP4(W[8]); - BYTESWAP4(W[9]); - BYTESWAP4(W[10]); - BYTESWAP4(W[11]); - BYTESWAP4(W[12]); - BYTESWAP4(W[13]); - BYTESWAP4(W[14]); - BYTESWAP4(W[15]); -#endif - -#define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16]) - - /* prepare the "message schedule" */ -#ifdef NOUNROLL256 - { - int t; - for (t = 16; t < 64; ++t) { - INITW(t); - } - } -#else - INITW(16); - INITW(17); - INITW(18); - INITW(19); - - INITW(20); - INITW(21); - INITW(22); - INITW(23); - INITW(24); - INITW(25); - INITW(26); - INITW(27); - INITW(28); - INITW(29); - - INITW(30); - INITW(31); - INITW(32); - INITW(33); - INITW(34); - INITW(35); - INITW(36); - INITW(37); - INITW(38); - INITW(39); - - INITW(40); - INITW(41); - INITW(42); - INITW(43); - INITW(44); - INITW(45); - INITW(46); - INITW(47); - INITW(48); - INITW(49); - - INITW(50); - INITW(51); - INITW(52); - INITW(53); - INITW(54); - INITW(55); - INITW(56); - INITW(57); - INITW(58); - INITW(59); - - INITW(60); - INITW(61); - INITW(62); - INITW(63); - -#endif -#undef INITW - } - { - PRUint32 a, b, c, d, e, f, g, h; - - a = H[0]; - b = H[1]; - c = H[2]; - d = H[3]; - e = H[4]; - f = H[5]; - g = H[6]; - h = H[7]; - -#define ROUND(n,a,b,c,d,e,f,g,h) \ - h += S1(e) + Ch(e,f,g) + K256[n] + W[n]; \ - d += h; \ - h += S0(a) + Maj(a,b,c); - -#ifdef NOUNROLL256 - { - int t; - for (t = 0; t < 64; t+= 8) { - ROUND(t+0,a,b,c,d,e,f,g,h) - ROUND(t+1,h,a,b,c,d,e,f,g) - ROUND(t+2,g,h,a,b,c,d,e,f) - ROUND(t+3,f,g,h,a,b,c,d,e) - ROUND(t+4,e,f,g,h,a,b,c,d) - ROUND(t+5,d,e,f,g,h,a,b,c) - ROUND(t+6,c,d,e,f,g,h,a,b) - ROUND(t+7,b,c,d,e,f,g,h,a) - } - } -#else - ROUND( 0,a,b,c,d,e,f,g,h) - ROUND( 1,h,a,b,c,d,e,f,g) - ROUND( 2,g,h,a,b,c,d,e,f) - ROUND( 3,f,g,h,a,b,c,d,e) - ROUND( 4,e,f,g,h,a,b,c,d) - ROUND( 5,d,e,f,g,h,a,b,c) - ROUND( 6,c,d,e,f,g,h,a,b) - ROUND( 7,b,c,d,e,f,g,h,a) - - ROUND( 8,a,b,c,d,e,f,g,h) - ROUND( 9,h,a,b,c,d,e,f,g) - ROUND(10,g,h,a,b,c,d,e,f) - ROUND(11,f,g,h,a,b,c,d,e) - ROUND(12,e,f,g,h,a,b,c,d) - ROUND(13,d,e,f,g,h,a,b,c) - ROUND(14,c,d,e,f,g,h,a,b) - ROUND(15,b,c,d,e,f,g,h,a) - - ROUND(16,a,b,c,d,e,f,g,h) - ROUND(17,h,a,b,c,d,e,f,g) - ROUND(18,g,h,a,b,c,d,e,f) - ROUND(19,f,g,h,a,b,c,d,e) - ROUND(20,e,f,g,h,a,b,c,d) - ROUND(21,d,e,f,g,h,a,b,c) - ROUND(22,c,d,e,f,g,h,a,b) - ROUND(23,b,c,d,e,f,g,h,a) - - ROUND(24,a,b,c,d,e,f,g,h) - ROUND(25,h,a,b,c,d,e,f,g) - ROUND(26,g,h,a,b,c,d,e,f) - ROUND(27,f,g,h,a,b,c,d,e) - ROUND(28,e,f,g,h,a,b,c,d) - ROUND(29,d,e,f,g,h,a,b,c) - ROUND(30,c,d,e,f,g,h,a,b) - ROUND(31,b,c,d,e,f,g,h,a) - - ROUND(32,a,b,c,d,e,f,g,h) - ROUND(33,h,a,b,c,d,e,f,g) - ROUND(34,g,h,a,b,c,d,e,f) - ROUND(35,f,g,h,a,b,c,d,e) - ROUND(36,e,f,g,h,a,b,c,d) - ROUND(37,d,e,f,g,h,a,b,c) - ROUND(38,c,d,e,f,g,h,a,b) - ROUND(39,b,c,d,e,f,g,h,a) - - ROUND(40,a,b,c,d,e,f,g,h) - ROUND(41,h,a,b,c,d,e,f,g) - ROUND(42,g,h,a,b,c,d,e,f) - ROUND(43,f,g,h,a,b,c,d,e) - ROUND(44,e,f,g,h,a,b,c,d) - ROUND(45,d,e,f,g,h,a,b,c) - ROUND(46,c,d,e,f,g,h,a,b) - ROUND(47,b,c,d,e,f,g,h,a) - - ROUND(48,a,b,c,d,e,f,g,h) - ROUND(49,h,a,b,c,d,e,f,g) - ROUND(50,g,h,a,b,c,d,e,f) - ROUND(51,f,g,h,a,b,c,d,e) - ROUND(52,e,f,g,h,a,b,c,d) - ROUND(53,d,e,f,g,h,a,b,c) - ROUND(54,c,d,e,f,g,h,a,b) - ROUND(55,b,c,d,e,f,g,h,a) - - ROUND(56,a,b,c,d,e,f,g,h) - ROUND(57,h,a,b,c,d,e,f,g) - ROUND(58,g,h,a,b,c,d,e,f) - ROUND(59,f,g,h,a,b,c,d,e) - ROUND(60,e,f,g,h,a,b,c,d) - ROUND(61,d,e,f,g,h,a,b,c) - ROUND(62,c,d,e,f,g,h,a,b) - ROUND(63,b,c,d,e,f,g,h,a) -#endif - - H[0] += a; - H[1] += b; - H[2] += c; - H[3] += d; - H[4] += e; - H[5] += f; - H[6] += g; - H[7] += h; - } -#undef ROUND -} - -#undef s0 -#undef s1 -#undef S0 -#undef S1 - -void -SHA256_Update(SHA256Context *ctx, const unsigned char *input, - unsigned int inputLen) -{ - unsigned int inBuf = ctx->sizeLo & 0x3f; - if (!inputLen) - return; - - /* Add inputLen into the count of bytes processed, before processing */ - if ((ctx->sizeLo += inputLen) < inputLen) - ctx->sizeHi++; - - /* if data already in buffer, attemp to fill rest of buffer */ - if (inBuf) { - unsigned int todo = SHA256_BLOCK_LENGTH - inBuf; - if (inputLen < todo) - todo = inputLen; - memcpy(B + inBuf, input, todo); - input += todo; - inputLen -= todo; - if (inBuf + todo == SHA256_BLOCK_LENGTH) - SHA256_Compress(ctx); - } - - /* if enough data to fill one or more whole buffers, process them. */ - while (inputLen >= SHA256_BLOCK_LENGTH) { - memcpy(B, input, SHA256_BLOCK_LENGTH); - input += SHA256_BLOCK_LENGTH; - inputLen -= SHA256_BLOCK_LENGTH; - SHA256_Compress(ctx); - } - /* if data left over, fill it into buffer */ - if (inputLen) - memcpy(B, input, inputLen); -} - -void -SHA256_End(SHA256Context *ctx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - unsigned int inBuf = ctx->sizeLo & 0x3f; - unsigned int padLen = (inBuf < 56) ? (56 - inBuf) : (56 + 64 - inBuf); - PRUint32 hi, lo; -#ifdef SWAP4MASK - PRUint32 t1; -#endif - - hi = (ctx->sizeHi << 3) | (ctx->sizeLo >> 29); - lo = (ctx->sizeLo << 3); - - SHA256_Update(ctx, pad, padLen); - -#if defined(IS_LITTLE_ENDIAN) - W[14] = SHA_HTONL(hi); - W[15] = SHA_HTONL(lo); -#else - W[14] = hi; - W[15] = lo; -#endif - SHA256_Compress(ctx); - - /* now output the answer */ -#if defined(IS_LITTLE_ENDIAN) - BYTESWAP4(H[0]); - BYTESWAP4(H[1]); - BYTESWAP4(H[2]); - BYTESWAP4(H[3]); - BYTESWAP4(H[4]); - BYTESWAP4(H[5]); - BYTESWAP4(H[6]); - BYTESWAP4(H[7]); -#endif - padLen = PR_MIN(SHA256_LENGTH, maxDigestLen); - memcpy(digest, H, padLen); - if (digestLen) - *digestLen = padLen; -} - -SECStatus -SHA256_HashBuf(unsigned char *dest, const unsigned char *src, - uint32 src_length) -{ - SHA256Context ctx; - unsigned int outLen; - - SHA256_Begin(&ctx); - SHA256_Update(&ctx, src, src_length); - SHA256_End(&ctx, dest, &outLen, SHA256_LENGTH); - - return SECSuccess; -} - - -SECStatus -SHA256_Hash(unsigned char *dest, const char *src) -{ - return SHA256_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src)); -} - - -void SHA256_TraceState(SHA256Context *ctx) { } - -unsigned int -SHA256_FlattenSize(SHA256Context *ctx) -{ - return sizeof *ctx; -} - -SECStatus -SHA256_Flatten(SHA256Context *ctx,unsigned char *space) -{ - PORT_Memcpy(space, ctx, sizeof *ctx); - return SECSuccess; -} - -SHA256Context * -SHA256_Resurrect(unsigned char *space, void *arg) -{ - SHA256Context *ctx = SHA256_NewContext(); - if (ctx) - PORT_Memcpy(ctx, space, sizeof *ctx); - return ctx; -} - - -/* ======= SHA512 and SHA384 common constants and defines ================= */ - -/* common #defines for SHA512 and SHA384 */ -#if defined(HAVE_LONG_LONG) -#define ROTR64(x,n) ((x >> n) | (x << (64 - n))) -#define ROTL64(x,n) ((x << n) | (x >> (64 - n))) - -#define S0(x) (ROTR64(x,28) ^ ROTR64(x,34) ^ ROTR64(x,39)) -#define S1(x) (ROTR64(x,14) ^ ROTR64(x,18) ^ ROTR64(x,41)) -#define s0(x) (t1 = x, ROTR64(t1, 1) ^ ROTR64(t1, 8) ^ SHR(t1,7)) -#define s1(x) (t2 = x, ROTR64(t2,19) ^ ROTR64(t2,61) ^ SHR(t2,6)) - -#if PR_BYTES_PER_LONG == 8 -#define ULLC(hi,lo) 0x ## hi ## lo ## UL -#elif defined(_MSC_VER) -#define ULLC(hi,lo) 0x ## hi ## lo ## ui64 -#else -#define ULLC(hi,lo) 0x ## hi ## lo ## ULL -#endif - -#define SHA_MASK16 ULLC(0000FFFF,0000FFFF) -#define SHA_MASK8 ULLC(00FF00FF,00FF00FF) -#define SHA_HTONLL(x) (t1 = x, \ - t1 = ((t1 & SHA_MASK8 ) << 8) | ((t1 >> 8) & SHA_MASK8 ), \ - t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16), \ - (t1 >> 32) | (t1 << 32)) -#define BYTESWAP8(x) x = SHA_HTONLL(x) - -#else /* no long long */ - -#if defined(IS_LITTLE_ENDIAN) -#define ULLC(hi,lo) { 0x ## lo ## U, 0x ## hi ## U } -#else -#define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U } -#endif - -#define SHA_HTONLL(x) ( BYTESWAP4(x.lo), BYTESWAP4(x.hi), \ - x.hi ^= x.lo ^= x.hi ^= x.lo, x) -#define BYTESWAP8(x) do { PRUint32 tmp; BYTESWAP4(x.lo); BYTESWAP4(x.hi); \ - tmp = x.lo; x.lo = x.hi; x.hi = tmp; } while (0) -#endif - -/* SHA-384 and SHA-512 constants, K512. */ -static const PRUint64 K512[80] = { -#if PR_BYTES_PER_LONG == 8 - 0x428a2f98d728ae22UL , 0x7137449123ef65cdUL , - 0xb5c0fbcfec4d3b2fUL , 0xe9b5dba58189dbbcUL , - 0x3956c25bf348b538UL , 0x59f111f1b605d019UL , - 0x923f82a4af194f9bUL , 0xab1c5ed5da6d8118UL , - 0xd807aa98a3030242UL , 0x12835b0145706fbeUL , - 0x243185be4ee4b28cUL , 0x550c7dc3d5ffb4e2UL , - 0x72be5d74f27b896fUL , 0x80deb1fe3b1696b1UL , - 0x9bdc06a725c71235UL , 0xc19bf174cf692694UL , - 0xe49b69c19ef14ad2UL , 0xefbe4786384f25e3UL , - 0x0fc19dc68b8cd5b5UL , 0x240ca1cc77ac9c65UL , - 0x2de92c6f592b0275UL , 0x4a7484aa6ea6e483UL , - 0x5cb0a9dcbd41fbd4UL , 0x76f988da831153b5UL , - 0x983e5152ee66dfabUL , 0xa831c66d2db43210UL , - 0xb00327c898fb213fUL , 0xbf597fc7beef0ee4UL , - 0xc6e00bf33da88fc2UL , 0xd5a79147930aa725UL , - 0x06ca6351e003826fUL , 0x142929670a0e6e70UL , - 0x27b70a8546d22ffcUL , 0x2e1b21385c26c926UL , - 0x4d2c6dfc5ac42aedUL , 0x53380d139d95b3dfUL , - 0x650a73548baf63deUL , 0x766a0abb3c77b2a8UL , - 0x81c2c92e47edaee6UL , 0x92722c851482353bUL , - 0xa2bfe8a14cf10364UL , 0xa81a664bbc423001UL , - 0xc24b8b70d0f89791UL , 0xc76c51a30654be30UL , - 0xd192e819d6ef5218UL , 0xd69906245565a910UL , - 0xf40e35855771202aUL , 0x106aa07032bbd1b8UL , - 0x19a4c116b8d2d0c8UL , 0x1e376c085141ab53UL , - 0x2748774cdf8eeb99UL , 0x34b0bcb5e19b48a8UL , - 0x391c0cb3c5c95a63UL , 0x4ed8aa4ae3418acbUL , - 0x5b9cca4f7763e373UL , 0x682e6ff3d6b2b8a3UL , - 0x748f82ee5defb2fcUL , 0x78a5636f43172f60UL , - 0x84c87814a1f0ab72UL , 0x8cc702081a6439ecUL , - 0x90befffa23631e28UL , 0xa4506cebde82bde9UL , - 0xbef9a3f7b2c67915UL , 0xc67178f2e372532bUL , - 0xca273eceea26619cUL , 0xd186b8c721c0c207UL , - 0xeada7dd6cde0eb1eUL , 0xf57d4f7fee6ed178UL , - 0x06f067aa72176fbaUL , 0x0a637dc5a2c898a6UL , - 0x113f9804bef90daeUL , 0x1b710b35131c471bUL , - 0x28db77f523047d84UL , 0x32caab7b40c72493UL , - 0x3c9ebe0a15c9bebcUL , 0x431d67c49c100d4cUL , - 0x4cc5d4becb3e42b6UL , 0x597f299cfc657e2aUL , - 0x5fcb6fab3ad6faecUL , 0x6c44198c4a475817UL -#else - ULLC(428a2f98,d728ae22), ULLC(71374491,23ef65cd), - ULLC(b5c0fbcf,ec4d3b2f), ULLC(e9b5dba5,8189dbbc), - ULLC(3956c25b,f348b538), ULLC(59f111f1,b605d019), - ULLC(923f82a4,af194f9b), ULLC(ab1c5ed5,da6d8118), - ULLC(d807aa98,a3030242), ULLC(12835b01,45706fbe), - ULLC(243185be,4ee4b28c), ULLC(550c7dc3,d5ffb4e2), - ULLC(72be5d74,f27b896f), ULLC(80deb1fe,3b1696b1), - ULLC(9bdc06a7,25c71235), ULLC(c19bf174,cf692694), - ULLC(e49b69c1,9ef14ad2), ULLC(efbe4786,384f25e3), - ULLC(0fc19dc6,8b8cd5b5), ULLC(240ca1cc,77ac9c65), - ULLC(2de92c6f,592b0275), ULLC(4a7484aa,6ea6e483), - ULLC(5cb0a9dc,bd41fbd4), ULLC(76f988da,831153b5), - ULLC(983e5152,ee66dfab), ULLC(a831c66d,2db43210), - ULLC(b00327c8,98fb213f), ULLC(bf597fc7,beef0ee4), - ULLC(c6e00bf3,3da88fc2), ULLC(d5a79147,930aa725), - ULLC(06ca6351,e003826f), ULLC(14292967,0a0e6e70), - ULLC(27b70a85,46d22ffc), ULLC(2e1b2138,5c26c926), - ULLC(4d2c6dfc,5ac42aed), ULLC(53380d13,9d95b3df), - ULLC(650a7354,8baf63de), ULLC(766a0abb,3c77b2a8), - ULLC(81c2c92e,47edaee6), ULLC(92722c85,1482353b), - ULLC(a2bfe8a1,4cf10364), ULLC(a81a664b,bc423001), - ULLC(c24b8b70,d0f89791), ULLC(c76c51a3,0654be30), - ULLC(d192e819,d6ef5218), ULLC(d6990624,5565a910), - ULLC(f40e3585,5771202a), ULLC(106aa070,32bbd1b8), - ULLC(19a4c116,b8d2d0c8), ULLC(1e376c08,5141ab53), - ULLC(2748774c,df8eeb99), ULLC(34b0bcb5,e19b48a8), - ULLC(391c0cb3,c5c95a63), ULLC(4ed8aa4a,e3418acb), - ULLC(5b9cca4f,7763e373), ULLC(682e6ff3,d6b2b8a3), - ULLC(748f82ee,5defb2fc), ULLC(78a5636f,43172f60), - ULLC(84c87814,a1f0ab72), ULLC(8cc70208,1a6439ec), - ULLC(90befffa,23631e28), ULLC(a4506ceb,de82bde9), - ULLC(bef9a3f7,b2c67915), ULLC(c67178f2,e372532b), - ULLC(ca273ece,ea26619c), ULLC(d186b8c7,21c0c207), - ULLC(eada7dd6,cde0eb1e), ULLC(f57d4f7f,ee6ed178), - ULLC(06f067aa,72176fba), ULLC(0a637dc5,a2c898a6), - ULLC(113f9804,bef90dae), ULLC(1b710b35,131c471b), - ULLC(28db77f5,23047d84), ULLC(32caab7b,40c72493), - ULLC(3c9ebe0a,15c9bebc), ULLC(431d67c4,9c100d4c), - ULLC(4cc5d4be,cb3e42b6), ULLC(597f299c,fc657e2a), - ULLC(5fcb6fab,3ad6faec), ULLC(6c44198c,4a475817) -#endif -}; - -struct SHA512ContextStr { - union { - PRUint64 w[80]; /* message schedule, input buffer, plus 64 words */ - PRUint32 l[160]; - PRUint8 b[640]; - } u; - PRUint64 h[8]; /* 8 state variables */ - PRUint64 sizeLo; /* 64-bit count of hashed bytes. */ -}; - -/* =========== SHA512 implementation ===================================== */ - -/* SHA-512 initial hash values */ -static const PRUint64 H512[8] = { -#if PR_BYTES_PER_LONG == 8 - 0x6a09e667f3bcc908UL , 0xbb67ae8584caa73bUL , - 0x3c6ef372fe94f82bUL , 0xa54ff53a5f1d36f1UL , - 0x510e527fade682d1UL , 0x9b05688c2b3e6c1fUL , - 0x1f83d9abfb41bd6bUL , 0x5be0cd19137e2179UL -#else - ULLC(6a09e667,f3bcc908), ULLC(bb67ae85,84caa73b), - ULLC(3c6ef372,fe94f82b), ULLC(a54ff53a,5f1d36f1), - ULLC(510e527f,ade682d1), ULLC(9b05688c,2b3e6c1f), - ULLC(1f83d9ab,fb41bd6b), ULLC(5be0cd19,137e2179) -#endif -}; - - -SHA512Context * -SHA512_NewContext(void) -{ - SHA512Context *ctx = PORT_New(SHA512Context); - return ctx; -} - -void -SHA512_DestroyContext(SHA512Context *ctx, PRBool freeit) -{ - if (freeit) { - PORT_ZFree(ctx, sizeof *ctx); - } -} - -void -SHA512_Begin(SHA512Context *ctx) -{ - memset(ctx, 0, sizeof *ctx); - memcpy(H, H512, sizeof H512); -} - -#if defined(SHA512_TRACE) -#if defined(HAVE_LONG_LONG) -#define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %016lx, %s = %016lx\n", \ - n, #e, d, #a, h); -#else -#define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %08x%08x, %s = %08x%08x\n", \ - n, #e, d.hi, d.lo, #a, h.hi, h.lo); -#endif -#else -#define DUMP(n,a,d,e,h) -#endif - -#if defined(HAVE_LONG_LONG) - -#define ADDTO(x,y) y += x - -#define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16]) - -#define ROUND(n,a,b,c,d,e,f,g,h) \ - h += S1(e) + Ch(e,f,g) + K512[n] + W[n]; \ - d += h; \ - h += S0(a) + Maj(a,b,c); \ - DUMP(n,a,d,e,h) - -#else /* use only 32-bit variables, and don't unroll loops */ - -#undef NOUNROLL512 -#define NOUNROLL512 1 - -#define ADDTO(x,y) y.lo += x.lo; y.hi += x.hi + (x.lo > y.lo) - -#define ROTR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n)) -#define ROTR64A(x,n,lo,hi) (x.lo << (64-n) | x.hi >> (n-32)) -#define SHR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n)) - -/* Capitol Sigma and lower case sigma functions */ -#define s0lo(x) (ROTR64a(x,1,lo,hi) ^ ROTR64a(x,8,lo,hi) ^ SHR64a(x,7,lo,hi)) -#define s0hi(x) (ROTR64a(x,1,hi,lo) ^ ROTR64a(x,8,hi,lo) ^ (x.hi >> 7)) - -#define s1lo(x) (ROTR64a(x,19,lo,hi) ^ ROTR64A(x,61,lo,hi) ^ SHR64a(x,6,lo,hi)) -#define s1hi(x) (ROTR64a(x,19,hi,lo) ^ ROTR64A(x,61,hi,lo) ^ (x.hi >> 6)) - -#define S0lo(x)(ROTR64a(x,28,lo,hi) ^ ROTR64A(x,34,lo,hi) ^ ROTR64A(x,39,lo,hi)) -#define S0hi(x)(ROTR64a(x,28,hi,lo) ^ ROTR64A(x,34,hi,lo) ^ ROTR64A(x,39,hi,lo)) - -#define S1lo(x)(ROTR64a(x,14,lo,hi) ^ ROTR64a(x,18,lo,hi) ^ ROTR64A(x,41,lo,hi)) -#define S1hi(x)(ROTR64a(x,14,hi,lo) ^ ROTR64a(x,18,hi,lo) ^ ROTR64A(x,41,hi,lo)) - -/* 32-bit versions of Ch and Maj */ -#define Chxx(x,y,z,lo) ((x.lo & y.lo) ^ (~x.lo & z.lo)) -#define Majx(x,y,z,lo) ((x.lo & y.lo) ^ (x.lo & z.lo) ^ (y.lo & z.lo)) - -#define INITW(t) \ - do { \ - PRUint32 lo, tm; \ - PRUint32 cy = 0; \ - lo = s1lo(W[t-2]); \ - lo += (tm = W[t-7].lo); if (lo < tm) cy++; \ - lo += (tm = s0lo(W[t-15])); if (lo < tm) cy++; \ - lo += (tm = W[t-16].lo); if (lo < tm) cy++; \ - W[t].lo = lo; \ - W[t].hi = cy + s1hi(W[t-2]) + W[t-7].hi + s0hi(W[t-15]) + W[t-16].hi; \ - } while (0) - -#define ROUND(n,a,b,c,d,e,f,g,h) \ - { \ - PRUint32 lo, tm, cy; \ - lo = S1lo(e); \ - lo += (tm = Chxx(e,f,g,lo)); cy = (lo < tm); \ - lo += (tm = K512[n].lo); if (lo < tm) cy++; \ - lo += (tm = W[n].lo); if (lo < tm) cy++; \ - h.lo += lo; if (h.lo < lo) cy++; \ - h.hi += cy + S1hi(e) + Chxx(e,f,g,hi) + K512[n].hi + W[n].hi; \ - d.lo += h.lo; \ - d.hi += h.hi + (d.lo < h.lo); \ - lo = S0lo(a); \ - lo += (tm = Majx(a,b,c,lo)); cy = (lo < tm); \ - h.lo += lo; if (h.lo < lo) cy++; \ - h.hi += cy + S0hi(a) + Majx(a,b,c,hi); \ - DUMP(n,a,d,e,h) \ - } -#endif - -static void -SHA512_Compress(SHA512Context *ctx) -{ -#if defined(IS_LITTLE_ENDIAN) - { -#if defined(HAVE_LONG_LONG) - PRUint64 t1; -#else - PRUint32 t1; -#endif - BYTESWAP8(W[0]); - BYTESWAP8(W[1]); - BYTESWAP8(W[2]); - BYTESWAP8(W[3]); - BYTESWAP8(W[4]); - BYTESWAP8(W[5]); - BYTESWAP8(W[6]); - BYTESWAP8(W[7]); - BYTESWAP8(W[8]); - BYTESWAP8(W[9]); - BYTESWAP8(W[10]); - BYTESWAP8(W[11]); - BYTESWAP8(W[12]); - BYTESWAP8(W[13]); - BYTESWAP8(W[14]); - BYTESWAP8(W[15]); - } -#endif - - { - PRUint64 t1, t2; -#ifdef NOUNROLL512 - { - /* prepare the "message schedule" */ - int t; - for (t = 16; t < 80; ++t) { - INITW(t); - } - } -#else - INITW(16); - INITW(17); - INITW(18); - INITW(19); - - INITW(20); - INITW(21); - INITW(22); - INITW(23); - INITW(24); - INITW(25); - INITW(26); - INITW(27); - INITW(28); - INITW(29); - - INITW(30); - INITW(31); - INITW(32); - INITW(33); - INITW(34); - INITW(35); - INITW(36); - INITW(37); - INITW(38); - INITW(39); - - INITW(40); - INITW(41); - INITW(42); - INITW(43); - INITW(44); - INITW(45); - INITW(46); - INITW(47); - INITW(48); - INITW(49); - - INITW(50); - INITW(51); - INITW(52); - INITW(53); - INITW(54); - INITW(55); - INITW(56); - INITW(57); - INITW(58); - INITW(59); - - INITW(60); - INITW(61); - INITW(62); - INITW(63); - INITW(64); - INITW(65); - INITW(66); - INITW(67); - INITW(68); - INITW(69); - - INITW(70); - INITW(71); - INITW(72); - INITW(73); - INITW(74); - INITW(75); - INITW(76); - INITW(77); - INITW(78); - INITW(79); -#endif - } -#ifdef SHA512_TRACE - { - int i; - for (i = 0; i < 80; ++i) { -#ifdef HAVE_LONG_LONG - printf("W[%2d] = %016lx\n", i, W[i]); -#else - printf("W[%2d] = %08x%08x\n", i, W[i].hi, W[i].lo); -#endif - } - } -#endif - { - PRUint64 a, b, c, d, e, f, g, h; - - a = H[0]; - b = H[1]; - c = H[2]; - d = H[3]; - e = H[4]; - f = H[5]; - g = H[6]; - h = H[7]; - -#ifdef NOUNROLL512 - { - int t; - for (t = 0; t < 80; t+= 8) { - ROUND(t+0,a,b,c,d,e,f,g,h) - ROUND(t+1,h,a,b,c,d,e,f,g) - ROUND(t+2,g,h,a,b,c,d,e,f) - ROUND(t+3,f,g,h,a,b,c,d,e) - ROUND(t+4,e,f,g,h,a,b,c,d) - ROUND(t+5,d,e,f,g,h,a,b,c) - ROUND(t+6,c,d,e,f,g,h,a,b) - ROUND(t+7,b,c,d,e,f,g,h,a) - } - } -#else - ROUND( 0,a,b,c,d,e,f,g,h) - ROUND( 1,h,a,b,c,d,e,f,g) - ROUND( 2,g,h,a,b,c,d,e,f) - ROUND( 3,f,g,h,a,b,c,d,e) - ROUND( 4,e,f,g,h,a,b,c,d) - ROUND( 5,d,e,f,g,h,a,b,c) - ROUND( 6,c,d,e,f,g,h,a,b) - ROUND( 7,b,c,d,e,f,g,h,a) - - ROUND( 8,a,b,c,d,e,f,g,h) - ROUND( 9,h,a,b,c,d,e,f,g) - ROUND(10,g,h,a,b,c,d,e,f) - ROUND(11,f,g,h,a,b,c,d,e) - ROUND(12,e,f,g,h,a,b,c,d) - ROUND(13,d,e,f,g,h,a,b,c) - ROUND(14,c,d,e,f,g,h,a,b) - ROUND(15,b,c,d,e,f,g,h,a) - - ROUND(16,a,b,c,d,e,f,g,h) - ROUND(17,h,a,b,c,d,e,f,g) - ROUND(18,g,h,a,b,c,d,e,f) - ROUND(19,f,g,h,a,b,c,d,e) - ROUND(20,e,f,g,h,a,b,c,d) - ROUND(21,d,e,f,g,h,a,b,c) - ROUND(22,c,d,e,f,g,h,a,b) - ROUND(23,b,c,d,e,f,g,h,a) - - ROUND(24,a,b,c,d,e,f,g,h) - ROUND(25,h,a,b,c,d,e,f,g) - ROUND(26,g,h,a,b,c,d,e,f) - ROUND(27,f,g,h,a,b,c,d,e) - ROUND(28,e,f,g,h,a,b,c,d) - ROUND(29,d,e,f,g,h,a,b,c) - ROUND(30,c,d,e,f,g,h,a,b) - ROUND(31,b,c,d,e,f,g,h,a) - - ROUND(32,a,b,c,d,e,f,g,h) - ROUND(33,h,a,b,c,d,e,f,g) - ROUND(34,g,h,a,b,c,d,e,f) - ROUND(35,f,g,h,a,b,c,d,e) - ROUND(36,e,f,g,h,a,b,c,d) - ROUND(37,d,e,f,g,h,a,b,c) - ROUND(38,c,d,e,f,g,h,a,b) - ROUND(39,b,c,d,e,f,g,h,a) - - ROUND(40,a,b,c,d,e,f,g,h) - ROUND(41,h,a,b,c,d,e,f,g) - ROUND(42,g,h,a,b,c,d,e,f) - ROUND(43,f,g,h,a,b,c,d,e) - ROUND(44,e,f,g,h,a,b,c,d) - ROUND(45,d,e,f,g,h,a,b,c) - ROUND(46,c,d,e,f,g,h,a,b) - ROUND(47,b,c,d,e,f,g,h,a) - - ROUND(48,a,b,c,d,e,f,g,h) - ROUND(49,h,a,b,c,d,e,f,g) - ROUND(50,g,h,a,b,c,d,e,f) - ROUND(51,f,g,h,a,b,c,d,e) - ROUND(52,e,f,g,h,a,b,c,d) - ROUND(53,d,e,f,g,h,a,b,c) - ROUND(54,c,d,e,f,g,h,a,b) - ROUND(55,b,c,d,e,f,g,h,a) - - ROUND(56,a,b,c,d,e,f,g,h) - ROUND(57,h,a,b,c,d,e,f,g) - ROUND(58,g,h,a,b,c,d,e,f) - ROUND(59,f,g,h,a,b,c,d,e) - ROUND(60,e,f,g,h,a,b,c,d) - ROUND(61,d,e,f,g,h,a,b,c) - ROUND(62,c,d,e,f,g,h,a,b) - ROUND(63,b,c,d,e,f,g,h,a) - - ROUND(64,a,b,c,d,e,f,g,h) - ROUND(65,h,a,b,c,d,e,f,g) - ROUND(66,g,h,a,b,c,d,e,f) - ROUND(67,f,g,h,a,b,c,d,e) - ROUND(68,e,f,g,h,a,b,c,d) - ROUND(69,d,e,f,g,h,a,b,c) - ROUND(70,c,d,e,f,g,h,a,b) - ROUND(71,b,c,d,e,f,g,h,a) - - ROUND(72,a,b,c,d,e,f,g,h) - ROUND(73,h,a,b,c,d,e,f,g) - ROUND(74,g,h,a,b,c,d,e,f) - ROUND(75,f,g,h,a,b,c,d,e) - ROUND(76,e,f,g,h,a,b,c,d) - ROUND(77,d,e,f,g,h,a,b,c) - ROUND(78,c,d,e,f,g,h,a,b) - ROUND(79,b,c,d,e,f,g,h,a) -#endif - - ADDTO(a,H[0]); - ADDTO(b,H[1]); - ADDTO(c,H[2]); - ADDTO(d,H[3]); - ADDTO(e,H[4]); - ADDTO(f,H[5]); - ADDTO(g,H[6]); - ADDTO(h,H[7]); - } -} - -void -SHA512_Update(SHA512Context *ctx, const unsigned char *input, - unsigned int inputLen) -{ - unsigned int inBuf; - if (!inputLen) - return; - -#if defined(HAVE_LONG_LONG) - inBuf = (unsigned int)ctx->sizeLo & 0x7f; - /* Add inputLen into the count of bytes processed, before processing */ - ctx->sizeLo += inputLen; -#else - inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f; - ctx->sizeLo.lo += inputLen; - if (ctx->sizeLo.lo < inputLen) ctx->sizeLo.hi++; -#endif - - /* if data already in buffer, attemp to fill rest of buffer */ - if (inBuf) { - unsigned int todo = SHA512_BLOCK_LENGTH - inBuf; - if (inputLen < todo) - todo = inputLen; - memcpy(B + inBuf, input, todo); - input += todo; - inputLen -= todo; - if (inBuf + todo == SHA512_BLOCK_LENGTH) - SHA512_Compress(ctx); - } - - /* if enough data to fill one or more whole buffers, process them. */ - while (inputLen >= SHA512_BLOCK_LENGTH) { - memcpy(B, input, SHA512_BLOCK_LENGTH); - input += SHA512_BLOCK_LENGTH; - inputLen -= SHA512_BLOCK_LENGTH; - SHA512_Compress(ctx); - } - /* if data left over, fill it into buffer */ - if (inputLen) - memcpy(B, input, inputLen); -} - -void -SHA512_End(SHA512Context *ctx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ -#if defined(HAVE_LONG_LONG) - unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f; - unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf); - PRUint64 lo, t1; - lo = (ctx->sizeLo << 3); -#else - unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f; - unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf); - PRUint64 lo = ctx->sizeLo; - PRUint32 t1; - lo.lo <<= 3; -#endif - - SHA512_Update(ctx, pad, padLen); - -#if defined(HAVE_LONG_LONG) - W[14] = 0; -#else - W[14].lo = 0; - W[14].hi = 0; -#endif - - W[15] = lo; -#if defined(IS_LITTLE_ENDIAN) - BYTESWAP8(W[15]); -#endif - SHA512_Compress(ctx); - - /* now output the answer */ -#if defined(IS_LITTLE_ENDIAN) - BYTESWAP8(H[0]); - BYTESWAP8(H[1]); - BYTESWAP8(H[2]); - BYTESWAP8(H[3]); - BYTESWAP8(H[4]); - BYTESWAP8(H[5]); - BYTESWAP8(H[6]); - BYTESWAP8(H[7]); -#endif - padLen = PR_MIN(SHA512_LENGTH, maxDigestLen); - memcpy(digest, H, padLen); - if (digestLen) - *digestLen = padLen; -} - -SECStatus -SHA512_HashBuf(unsigned char *dest, const unsigned char *src, - uint32 src_length) -{ - SHA512Context ctx; - unsigned int outLen; - - SHA512_Begin(&ctx); - SHA512_Update(&ctx, src, src_length); - SHA512_End(&ctx, dest, &outLen, SHA512_LENGTH); - - return SECSuccess; -} - - -SECStatus -SHA512_Hash(unsigned char *dest, const char *src) -{ - return SHA512_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src)); -} - - -void SHA512_TraceState(SHA512Context *ctx) { } - -unsigned int -SHA512_FlattenSize(SHA512Context *ctx) -{ - return sizeof *ctx; -} - -SECStatus -SHA512_Flatten(SHA512Context *ctx,unsigned char *space) -{ - PORT_Memcpy(space, ctx, sizeof *ctx); - return SECSuccess; -} - -SHA512Context * -SHA512_Resurrect(unsigned char *space, void *arg) -{ - SHA512Context *ctx = SHA512_NewContext(); - if (ctx) - PORT_Memcpy(ctx, space, sizeof *ctx); - return ctx; -} - -/* ======================================================================= */ -/* SHA384 uses a SHA512Context as the real context. -** The only differences between SHA384 an SHA512 are: -** a) the intialization values for the context, and -** b) the number of bytes of data produced as output. -*/ - -/* SHA-384 initial hash values */ -static const PRUint64 H384[8] = { -#if PR_BYTES_PER_LONG == 8 - 0xcbbb9d5dc1059ed8UL , 0x629a292a367cd507UL , - 0x9159015a3070dd17UL , 0x152fecd8f70e5939UL , - 0x67332667ffc00b31UL , 0x8eb44a8768581511UL , - 0xdb0c2e0d64f98fa7UL , 0x47b5481dbefa4fa4UL -#else - ULLC(cbbb9d5d,c1059ed8), ULLC(629a292a,367cd507), - ULLC(9159015a,3070dd17), ULLC(152fecd8,f70e5939), - ULLC(67332667,ffc00b31), ULLC(8eb44a87,68581511), - ULLC(db0c2e0d,64f98fa7), ULLC(47b5481d,befa4fa4) -#endif -}; - -SHA384Context * -SHA384_NewContext(void) -{ - return SHA512_NewContext(); -} - -void -SHA384_DestroyContext(SHA384Context *ctx, PRBool freeit) -{ - SHA512_DestroyContext(ctx, freeit); -} - -void -SHA384_Begin(SHA384Context *ctx) -{ - memset(ctx, 0, sizeof *ctx); - memcpy(H, H384, sizeof H384); -} - -void -SHA384_Update(SHA384Context *ctx, const unsigned char *input, - unsigned int inputLen) -{ - SHA512_Update(ctx, input, inputLen); -} - -void -SHA384_End(SHA384Context *ctx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ -#define SHA_MIN(a,b) (a < b ? a : b) - unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH); - SHA512_End(ctx, digest, digestLen, maxLen); -} - -SECStatus -SHA384_HashBuf(unsigned char *dest, const unsigned char *src, - uint32 src_length) -{ - SHA512Context ctx; - unsigned int outLen; - - SHA384_Begin(&ctx); - SHA512_Update(&ctx, src, src_length); - SHA512_End(&ctx, dest, &outLen, SHA384_LENGTH); - - return SECSuccess; -} - -SECStatus -SHA384_Hash(unsigned char *dest, const char *src) -{ - return SHA384_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src)); -} - -void SHA384_TraceState(SHA384Context *ctx) { } - -unsigned int -SHA384_FlattenSize(SHA384Context *ctx) -{ - return sizeof(SHA384Context); -} - -SECStatus -SHA384_Flatten(SHA384Context *ctx,unsigned char *space) -{ - return SHA512_Flatten(ctx, space); -} - -SHA384Context * -SHA384_Resurrect(unsigned char *space, void *arg) -{ - return SHA512_Resurrect(space, arg); -} - -/* ======================================================================= */ -#ifdef SELFTEST -#include - -static const char abc[] = { "abc" }; -static const char abcdbc[] = { - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" -}; -static const char abcdef[] = { - "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" - "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" -}; - -void -dumpHash32(const unsigned char *buf, unsigned int bufLen) -{ - unsigned int i; - for (i = 0; i < bufLen; i += 4) { - printf(" %02x%02x%02x%02x", buf[i], buf[i+1], buf[i+2], buf[i+3]); - } - printf("\n"); -} - -void test256(void) -{ - unsigned char outBuf[SHA256_LENGTH]; - - printf("SHA256, input = %s\n", abc); - SHA256_Hash(outBuf, abc); - dumpHash32(outBuf, sizeof outBuf); - - printf("SHA256, input = %s\n", abcdbc); - SHA256_Hash(outBuf, abcdbc); - dumpHash32(outBuf, sizeof outBuf); -} - -void -dumpHash64(const unsigned char *buf, unsigned int bufLen) -{ - unsigned int i; - for (i = 0; i < bufLen; i += 8) { - if (i % 32 == 0) - printf("\n"); - printf(" %02x%02x%02x%02x%02x%02x%02x%02x", - buf[i ], buf[i+1], buf[i+2], buf[i+3], - buf[i+4], buf[i+5], buf[i+6], buf[i+7]); - } - printf("\n"); -} - -void test512(void) -{ - unsigned char outBuf[SHA512_LENGTH]; - - printf("SHA512, input = %s\n", abc); - SHA512_Hash(outBuf, abc); - dumpHash64(outBuf, sizeof outBuf); - - printf("SHA512, input = %s\n", abcdef); - SHA512_Hash(outBuf, abcdef); - dumpHash64(outBuf, sizeof outBuf); -} - -void time512(void) -{ - unsigned char outBuf[SHA512_LENGTH]; - - SHA512_Hash(outBuf, abc); - SHA512_Hash(outBuf, abcdef); -} - -void test384(void) -{ - unsigned char outBuf[SHA384_LENGTH]; - - printf("SHA384, input = %s\n", abc); - SHA384_Hash(outBuf, abc); - dumpHash64(outBuf, sizeof outBuf); - - printf("SHA384, input = %s\n", abcdef); - SHA384_Hash(outBuf, abcdef); - dumpHash64(outBuf, sizeof outBuf); -} - -int main (int argc, char *argv[], char *envp[]) -{ - int i = 1; - if (argc > 1) { - i = atoi(argv[1]); - } - if (i < 2) { - test256(); - test512(); - test384(); - } else { - while (i-- > 0) { - time512(); - } - printf("done\n"); - } - return 0; -} - -void *PORT_Alloc(size_t len) { return malloc(len); } -void PORT_Free(void *ptr) { free(ptr); } -void PORT_ZFree(void *ptr, size_t len) { memset(ptr, 0, len); free(ptr); } -#endif diff --git a/security/nss/lib/freebl/sha_fast.c b/security/nss/lib/freebl/sha_fast.c deleted file mode 100644 index 5057d287a..000000000 --- a/security/nss/lib/freebl/sha_fast.c +++ /dev/null @@ -1,449 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is SHA 180-1 Reference Implementation (Optimized) - * - * The Initial Developer of the Original Code is Paul Kocher of - * Cryptography Research. Portions created by Paul Kocher are - * Copyright (C) 1995-9 by Cryptography Research, Inc. All - * Rights Reserved. - * - * Contributor(s): - * - * Paul Kocher - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -#include -#include "blapi.h" -#include "sha_fast.h" -#include "prerror.h" - -#ifdef TRACING_SSL -#include "ssl.h" -#include "ssltrace.h" -#endif - -#if defined(IS_LITTLE_ENDIAN) && defined(_MSC_VER) && defined(_X86_) -#undef SHA_HTONL -#ifndef FORCEINLINE -#if (MSC_VER >= 1200) -#define FORCEINLINE __forceinline -#else -#define FORCEINLINE __inline -#endif -#endif -#define FASTCALL __fastcall - -static FORCEINLINE PRUint32 FASTCALL -swap4b(PRUint32 dwd) -{ - __asm { - mov eax,dwd - bswap eax - } -} - -#define SHA_HTONL(x) swap4b(x) -#endif - -static void shaCompress(SHA1Context *ctx); - -#define W u.w -#define B u.b - -#if defined(_MSC_VER) && defined(_X86_) -#pragma intrinsic (_lrotr, _lrotl) -#define SHA_ROTL(x,n) _lrotl(x,n) -#else -#define SHA_ROTL(X,n) (((X) << (n)) | ((X) >> (32-(n)))) -#endif -#define SHA_F1(X,Y,Z) ((((Y)^(Z))&(X))^(Z)) -#define SHA_F2(X,Y,Z) ((X)^(Y)^(Z)) -#define SHA_F3(X,Y,Z) (((X)&(Y))|((Z)&((X)|(Y)))) -#define SHA_F4(X,Y,Z) ((X)^(Y)^(Z)) -#define SHA_MIX(t) ctx->W[t] = \ - (A = ctx->W[t-3] ^ ctx->W[t-8] ^ ctx->W[t-14] ^ ctx->W[t-16], SHA_ROTL(A, 1)) - - -/* - * SHA: Zeroize and initialize context - */ -void -SHA1_Begin(SHA1Context *ctx) -{ - memset(ctx, 0, sizeof(SHA1Context)); - - /* - * Initialize H with constants from FIPS180-1. - */ - ctx->H[0] = 0x67452301L; - ctx->H[1] = 0xefcdab89L; - ctx->H[2] = 0x98badcfeL; - ctx->H[3] = 0x10325476L; - ctx->H[4] = 0xc3d2e1f0L; -} - - -/* - * SHA: Add data to context. - */ -void -SHA1_Update(SHA1Context *ctx, const unsigned char *dataIn, unsigned int len) -{ - register unsigned int lenB = ctx->sizeLo & 63; - register unsigned int togo; - - if (!len) - return; - - /* accumulate the byte count. */ - ctx->sizeLo += len; - ctx->sizeHi += (ctx->sizeLo < len); - - /* - * Read the data into W and process blocks as they get full - */ - if (lenB > 0) { - togo = 64 - lenB; - if (len < togo) - togo = len; - memcpy(ctx->B + lenB, dataIn, togo); - len -= togo; - dataIn += togo; - lenB = (lenB + togo) & 63; - if (!lenB) { - shaCompress(ctx); - } - } - while (len >= 64) { - memcpy(ctx->B, dataIn, 64); - dataIn += 64; - len -= 64; - shaCompress(ctx); - } - if (len) { - memcpy(ctx->B, dataIn, len); - } -} - - -/* - * SHA: Generate hash value from context - */ -void -SHA1_End(SHA1Context *ctx, unsigned char *hashout, - unsigned int *pDigestLen, unsigned int maxDigestLen) -{ - register PRUint32 sizeHi, sizeLo, lenB; - static const unsigned char bulk_pad[64] = { 0x80,0,0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }; -#define A lenB - - PORT_Assert (maxDigestLen >= SHA1_LENGTH); - - /* - * Pad with a binary 1 (e.g. 0x80), then zeroes, then length in bits - */ - sizeHi = ctx->sizeHi; - sizeLo = ctx->sizeLo; - lenB = sizeLo & 63; - SHA1_Update(ctx, bulk_pad, (((55+64) - lenB) & 63) + 1); - PORT_Assert((ctx->sizeLo & 63) == 56); - - /* Convert size{Hi,Lo} from bytes to bits. */ - sizeHi = (sizeHi << 3) | (sizeLo >> 29); - sizeLo <<= 3; - - ctx->W[14] = SHA_HTONL(sizeHi); - ctx->W[15] = SHA_HTONL(sizeLo); - shaCompress(ctx); - - /* - * Output hash - */ -#if defined(IS_LITTLE_ENDIAN) - SHA_BYTESWAP(ctx->H[0]); - SHA_BYTESWAP(ctx->H[1]); - SHA_BYTESWAP(ctx->H[2]); - SHA_BYTESWAP(ctx->H[3]); - SHA_BYTESWAP(ctx->H[4]); -#endif - memcpy(hashout, ctx->H, SHA1_LENGTH); - *pDigestLen = SHA1_LENGTH; - - /* - * Re-initialize the context (also zeroizes contents) - */ - SHA1_Begin(ctx); -} - -#undef A -#undef B -/* - * SHA: Compression function, unrolled. - */ -static void -shaCompress(SHA1Context *ctx) -{ - register PRUint32 A, B, C, D, E; - -#if defined(IS_LITTLE_ENDIAN) - SHA_BYTESWAP(ctx->W[0]); - SHA_BYTESWAP(ctx->W[1]); - SHA_BYTESWAP(ctx->W[2]); - SHA_BYTESWAP(ctx->W[3]); - SHA_BYTESWAP(ctx->W[4]); - SHA_BYTESWAP(ctx->W[5]); - SHA_BYTESWAP(ctx->W[6]); - SHA_BYTESWAP(ctx->W[7]); - SHA_BYTESWAP(ctx->W[8]); - SHA_BYTESWAP(ctx->W[9]); - SHA_BYTESWAP(ctx->W[10]); - SHA_BYTESWAP(ctx->W[11]); - SHA_BYTESWAP(ctx->W[12]); - SHA_BYTESWAP(ctx->W[13]); - SHA_BYTESWAP(ctx->W[14]); - SHA_BYTESWAP(ctx->W[15]); -#endif - - /* - * This can be moved into the main code block below, but doing - * so can cause some compilers to run out of registers and resort - * to storing intermediates in RAM. - */ - - SHA_MIX(16); SHA_MIX(17); SHA_MIX(18); SHA_MIX(19); - SHA_MIX(20); SHA_MIX(21); SHA_MIX(22); SHA_MIX(23); SHA_MIX(24); - SHA_MIX(25); SHA_MIX(26); SHA_MIX(27); SHA_MIX(28); SHA_MIX(29); - SHA_MIX(30); SHA_MIX(31); SHA_MIX(32); SHA_MIX(33); SHA_MIX(34); - SHA_MIX(35); SHA_MIX(36); SHA_MIX(37); SHA_MIX(38); SHA_MIX(39); - SHA_MIX(40); SHA_MIX(41); SHA_MIX(42); SHA_MIX(43); SHA_MIX(44); - SHA_MIX(45); SHA_MIX(46); SHA_MIX(47); SHA_MIX(48); SHA_MIX(49); - SHA_MIX(50); SHA_MIX(51); SHA_MIX(52); SHA_MIX(53); SHA_MIX(54); - SHA_MIX(55); SHA_MIX(56); SHA_MIX(57); SHA_MIX(58); SHA_MIX(59); - SHA_MIX(60); SHA_MIX(61); SHA_MIX(62); SHA_MIX(63); SHA_MIX(64); - SHA_MIX(65); SHA_MIX(66); SHA_MIX(67); SHA_MIX(68); SHA_MIX(69); - SHA_MIX(70); SHA_MIX(71); SHA_MIX(72); SHA_MIX(73); SHA_MIX(74); - SHA_MIX(75); SHA_MIX(76); SHA_MIX(77); SHA_MIX(78); SHA_MIX(79); - - A = ctx->H[0]; - B = ctx->H[1]; - C = ctx->H[2]; - D = ctx->H[3]; - E = ctx->H[4]; - - E = SHA_ROTL(A,5)+SHA_F1(B,C,D)+E+ctx->W[ 0]+0x5a827999L; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F1(A,B,C)+D+ctx->W[ 1]+0x5a827999L; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F1(E,A,B)+C+ctx->W[ 2]+0x5a827999L; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F1(D,E,A)+B+ctx->W[ 3]+0x5a827999L; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F1(C,D,E)+A+ctx->W[ 4]+0x5a827999L; C=SHA_ROTL(C,30); - E = SHA_ROTL(A,5)+SHA_F1(B,C,D)+E+ctx->W[ 5]+0x5a827999L; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F1(A,B,C)+D+ctx->W[ 6]+0x5a827999L; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F1(E,A,B)+C+ctx->W[ 7]+0x5a827999L; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F1(D,E,A)+B+ctx->W[ 8]+0x5a827999L; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F1(C,D,E)+A+ctx->W[ 9]+0x5a827999L; C=SHA_ROTL(C,30); - E = SHA_ROTL(A,5)+SHA_F1(B,C,D)+E+ctx->W[10]+0x5a827999L; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F1(A,B,C)+D+ctx->W[11]+0x5a827999L; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F1(E,A,B)+C+ctx->W[12]+0x5a827999L; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F1(D,E,A)+B+ctx->W[13]+0x5a827999L; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F1(C,D,E)+A+ctx->W[14]+0x5a827999L; C=SHA_ROTL(C,30); - E = SHA_ROTL(A,5)+SHA_F1(B,C,D)+E+ctx->W[15]+0x5a827999L; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F1(A,B,C)+D+ctx->W[16]+0x5a827999L; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F1(E,A,B)+C+ctx->W[17]+0x5a827999L; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F1(D,E,A)+B+ctx->W[18]+0x5a827999L; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F1(C,D,E)+A+ctx->W[19]+0x5a827999L; C=SHA_ROTL(C,30); - - E = SHA_ROTL(A,5)+SHA_F2(B,C,D)+E+ctx->W[20]+0x6ed9eba1L; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F2(A,B,C)+D+ctx->W[21]+0x6ed9eba1L; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F2(E,A,B)+C+ctx->W[22]+0x6ed9eba1L; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F2(D,E,A)+B+ctx->W[23]+0x6ed9eba1L; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F2(C,D,E)+A+ctx->W[24]+0x6ed9eba1L; C=SHA_ROTL(C,30); - E = SHA_ROTL(A,5)+SHA_F2(B,C,D)+E+ctx->W[25]+0x6ed9eba1L; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F2(A,B,C)+D+ctx->W[26]+0x6ed9eba1L; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F2(E,A,B)+C+ctx->W[27]+0x6ed9eba1L; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F2(D,E,A)+B+ctx->W[28]+0x6ed9eba1L; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F2(C,D,E)+A+ctx->W[29]+0x6ed9eba1L; C=SHA_ROTL(C,30); - E = SHA_ROTL(A,5)+SHA_F2(B,C,D)+E+ctx->W[30]+0x6ed9eba1L; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F2(A,B,C)+D+ctx->W[31]+0x6ed9eba1L; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F2(E,A,B)+C+ctx->W[32]+0x6ed9eba1L; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F2(D,E,A)+B+ctx->W[33]+0x6ed9eba1L; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F2(C,D,E)+A+ctx->W[34]+0x6ed9eba1L; C=SHA_ROTL(C,30); - E = SHA_ROTL(A,5)+SHA_F2(B,C,D)+E+ctx->W[35]+0x6ed9eba1L; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F2(A,B,C)+D+ctx->W[36]+0x6ed9eba1L; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F2(E,A,B)+C+ctx->W[37]+0x6ed9eba1L; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F2(D,E,A)+B+ctx->W[38]+0x6ed9eba1L; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F2(C,D,E)+A+ctx->W[39]+0x6ed9eba1L; C=SHA_ROTL(C,30); - - E = SHA_ROTL(A,5)+SHA_F3(B,C,D)+E+ctx->W[40]+0x8f1bbcdcL; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F3(A,B,C)+D+ctx->W[41]+0x8f1bbcdcL; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F3(E,A,B)+C+ctx->W[42]+0x8f1bbcdcL; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F3(D,E,A)+B+ctx->W[43]+0x8f1bbcdcL; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F3(C,D,E)+A+ctx->W[44]+0x8f1bbcdcL; C=SHA_ROTL(C,30); - E = SHA_ROTL(A,5)+SHA_F3(B,C,D)+E+ctx->W[45]+0x8f1bbcdcL; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F3(A,B,C)+D+ctx->W[46]+0x8f1bbcdcL; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F3(E,A,B)+C+ctx->W[47]+0x8f1bbcdcL; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F3(D,E,A)+B+ctx->W[48]+0x8f1bbcdcL; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F3(C,D,E)+A+ctx->W[49]+0x8f1bbcdcL; C=SHA_ROTL(C,30); - E = SHA_ROTL(A,5)+SHA_F3(B,C,D)+E+ctx->W[50]+0x8f1bbcdcL; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F3(A,B,C)+D+ctx->W[51]+0x8f1bbcdcL; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F3(E,A,B)+C+ctx->W[52]+0x8f1bbcdcL; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F3(D,E,A)+B+ctx->W[53]+0x8f1bbcdcL; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F3(C,D,E)+A+ctx->W[54]+0x8f1bbcdcL; C=SHA_ROTL(C,30); - E = SHA_ROTL(A,5)+SHA_F3(B,C,D)+E+ctx->W[55]+0x8f1bbcdcL; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F3(A,B,C)+D+ctx->W[56]+0x8f1bbcdcL; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F3(E,A,B)+C+ctx->W[57]+0x8f1bbcdcL; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F3(D,E,A)+B+ctx->W[58]+0x8f1bbcdcL; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F3(C,D,E)+A+ctx->W[59]+0x8f1bbcdcL; C=SHA_ROTL(C,30); - - E = SHA_ROTL(A,5)+SHA_F4(B,C,D)+E+ctx->W[60]+0xca62c1d6L; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F4(A,B,C)+D+ctx->W[61]+0xca62c1d6L; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F4(E,A,B)+C+ctx->W[62]+0xca62c1d6L; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F4(D,E,A)+B+ctx->W[63]+0xca62c1d6L; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F4(C,D,E)+A+ctx->W[64]+0xca62c1d6L; C=SHA_ROTL(C,30); - E = SHA_ROTL(A,5)+SHA_F4(B,C,D)+E+ctx->W[65]+0xca62c1d6L; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F4(A,B,C)+D+ctx->W[66]+0xca62c1d6L; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F4(E,A,B)+C+ctx->W[67]+0xca62c1d6L; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F4(D,E,A)+B+ctx->W[68]+0xca62c1d6L; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F4(C,D,E)+A+ctx->W[69]+0xca62c1d6L; C=SHA_ROTL(C,30); - E = SHA_ROTL(A,5)+SHA_F4(B,C,D)+E+ctx->W[70]+0xca62c1d6L; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F4(A,B,C)+D+ctx->W[71]+0xca62c1d6L; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F4(E,A,B)+C+ctx->W[72]+0xca62c1d6L; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F4(D,E,A)+B+ctx->W[73]+0xca62c1d6L; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F4(C,D,E)+A+ctx->W[74]+0xca62c1d6L; C=SHA_ROTL(C,30); - E = SHA_ROTL(A,5)+SHA_F4(B,C,D)+E+ctx->W[75]+0xca62c1d6L; B=SHA_ROTL(B,30); - D = SHA_ROTL(E,5)+SHA_F4(A,B,C)+D+ctx->W[76]+0xca62c1d6L; A=SHA_ROTL(A,30); - C = SHA_ROTL(D,5)+SHA_F4(E,A,B)+C+ctx->W[77]+0xca62c1d6L; E=SHA_ROTL(E,30); - B = SHA_ROTL(C,5)+SHA_F4(D,E,A)+B+ctx->W[78]+0xca62c1d6L; D=SHA_ROTL(D,30); - A = SHA_ROTL(B,5)+SHA_F4(C,D,E)+A+ctx->W[79]+0xca62c1d6L; C=SHA_ROTL(C,30); - - ctx->H[0] += A; - ctx->H[1] += B; - ctx->H[2] += C; - ctx->H[3] += D; - ctx->H[4] += E; -} - -/************************************************************************* -** Code below this line added to make SHA code support BLAPI interface -*/ - -SHA1Context * -SHA1_NewContext(void) -{ - SHA1Context *cx; - - /* no need to ZNew, SHA1_Begin will init the context */ - cx = PORT_New(SHA1Context); - return cx; -} - -void -SHA1_DestroyContext(SHA1Context *cx, PRBool freeit) -{ - if (freeit) { - PORT_ZFree(cx, sizeof(SHA1Context)); - } -} - -SECStatus -SHA1_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SHA1Context ctx; - unsigned int outLen; - - SHA1_Begin(&ctx); - SHA1_Update(&ctx, src, src_length); - SHA1_End(&ctx, dest, &outLen, SHA1_LENGTH); - - return SECSuccess; -} - -/* Hash a null-terminated character string. */ -SECStatus -SHA1_Hash(unsigned char *dest, const char *src) -{ - return SHA1_HashBuf(dest, (const unsigned char *)src, PORT_Strlen (src)); -} - -/* - * need to support save/restore state in pkcs11. Stores all the info necessary - * for a structure into just a stream of bytes. - */ -unsigned int -SHA1_FlattenSize(SHA1Context *cx) -{ - return sizeof(SHA1Context); -} - -SECStatus -SHA1_Flatten(SHA1Context *cx,unsigned char *space) -{ - PORT_Memcpy(space,cx, sizeof(SHA1Context)); - return SECSuccess; -} - -SHA1Context * -SHA1_Resurrect(unsigned char *space,void *arg) -{ - SHA1Context *cx = SHA1_NewContext(); - if (cx == NULL) return NULL; - - PORT_Memcpy(cx,space, sizeof(SHA1Context)); - return cx; -} - -void -SHA1_TraceState(SHA1Context *ctx) -{ -#ifdef TRACING_SSL - uint32 W; - int i; - int len; - int fixWord = -1; - int remainder; /* bytes in last word */ - unsigned char buf[64 * 4]; - - SSL_TRC(99, ("%d: SSL: SHA1 state: %08x %08x %08x %08x %08x", SSL_GETPID(), - ctx->H[0], ctx->H[1], ctx->H[2], ctx->H[3], ctx->H[4])); - - len = (int)(ctx->sizeLo & 63); - remainder = len % 4; - if (remainder) - fixWord = len - remainder; - for (i = 0; i < len; i++) { - if (0 == (i % 4)) { - W = ctx->W[i / 4]; - if (i == fixWord) { - W <<= 8 * (4 - remainder); - } - } - buf[i] = (unsigned char)(W >> 24); - W <<= 8; - } - - PRINT_BUF(99, (0, "SHA1_TraceState: buffered input", buf, len)); - -#else - PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); -#endif -} diff --git a/security/nss/lib/freebl/sha_fast.h b/security/nss/lib/freebl/sha_fast.h deleted file mode 100644 index d371f9332..000000000 --- a/security/nss/lib/freebl/sha_fast.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is SHA 180-1 Reference Implementation (Optimized) - * - * The Initial Developer of the Original Code is Paul Kocher of - * Cryptography Research. Portions created by Paul Kocher are - * Copyright (C) 1995-9 by Cryptography Research, Inc. All - * Rights Reserved. - * - * Contributor(s): - * - * Paul Kocher - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#ifndef _SHA_FAST_H_ -#define _SHA_FAST_H_ - -#define SHA1_INPUT_LEN 64 - -struct SHA1ContextStr { - union { - PRUint32 w[80]; /* input buffer, plus 64 words */ - PRUint8 b[320]; - } u; - PRUint32 H[5]; /* 5 state variables */ - PRUint32 sizeHi,sizeLo; /* 64-bit count of hashed bytes. */ -}; - -#define SHA_MASK 0x00FF00FF -#if defined(IS_LITTLE_ENDIAN) -#define SHA_HTONL(x) (A = (x), A = (A << 16) | (A >> 16), \ - ((A & SHA_MASK) << 8) | ((A >> 8) & SHA_MASK)) -#else -#define SHA_HTONL(x) (x) -#endif -#define SHA_BYTESWAP(x) x = SHA_HTONL(x) - -#endif /* _SHA_FAST_H_ */ diff --git a/security/nss/lib/freebl/shsign.h b/security/nss/lib/freebl/shsign.h deleted file mode 100644 index b38af1add..000000000 --- a/security/nss/lib/freebl/shsign.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2003 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * shsign.h - header to build softoken signature files. - * - * $Id$ - */ - -#ifndef _SHSIGN_H_ -#define _SHSIGN_H_ - -#define SGN_SUFFIX ".chk" -#define NSS_SIGN_CHK_MAGIC1 0xf1 -#define NSS_SIGN_CHK_MAGIC2 0xc5 -#define NSS_SIGN_CHK_MAJOR_VERSION 0x01 -#define NSS_SIGN_CHK_MINOR_VERSION 0x02 - -#endif /* _SHSIGN_H_ */ diff --git a/security/nss/lib/freebl/shvfy.c b/security/nss/lib/freebl/shvfy.c deleted file mode 100644 index 67d87dc8a..000000000 --- a/security/nss/lib/freebl/shvfy.c +++ /dev/null @@ -1,295 +0,0 @@ - -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 2003 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * shvfy.c - routines to verify signature on a shared library. - * - * $Id$ - */ - -#include "shsign.h" -#include "prlink.h" -#include "prio.h" -#include "blapi.h" -#include "seccomon.h" -#include "stdio.h" -#include "prmem.h" - -/* #define DEBUG_SHVERIFY 1 */ - -static char * -mkCheckFileName(const char *libName) -{ - int ln_len = PORT_Strlen(libName); - char *output = PORT_Alloc(ln_len+sizeof(SGN_SUFFIX)); - int index = ln_len + 1 - sizeof("."SHLIB_SUFFIX); - - if ((index > 0) && - (PORT_Strncmp(&libName[index], - "."SHLIB_SUFFIX,sizeof("."SHLIB_SUFFIX)) == 0)) { - ln_len = index; - } - PORT_Memcpy(output,libName,ln_len); - PORT_Memcpy(&output[ln_len],SGN_SUFFIX,sizeof(SGN_SUFFIX)); - return output; -} - -static int -decodeInt(unsigned char *buf) -{ - return (buf[3]) | (buf[2] << 8) | (buf[1] << 16) | (buf[0] << 24); -} - -static SECStatus -readItem(PRFileDesc *fd, SECItem *item) -{ - unsigned char buf[4]; - int bytesRead; - - - bytesRead = PR_Read(fd, buf, 4); - if (bytesRead != 4) { - return SECFailure; - } - item->len = decodeInt(buf); - - item->data = PORT_Alloc(item->len); - if (item->data == NULL) { - item->len = 0; - return SECFailure; - } - bytesRead = PR_Read(fd, item->data, item->len); - if (bytesRead != item->len) { - PORT_Free(item->data); - item->data = NULL; - item->len = 0; - return SECFailure; - } - return SECSuccess; -} - -PRBool -BLAPI_SHVerify(const char *name, PRFuncPtr addr) -{ - /* find our shared library name */ - char *shName = PR_GetLibraryFilePathname(name, addr); - char *checkName = NULL; - PRFileDesc *checkFD = NULL; - PRFileDesc *shFD = NULL; - SHA1Context *hashcx = NULL; - SECItem signature = { 0, NULL, 0 }; - SECItem hash; - int bytesRead, offset; - SECStatus rv; - DSAPublicKey key; - int count; - - PRBool result = PR_FALSE; /* if anything goes wrong, - * the signature does not verify */ - unsigned char buf[512]; - unsigned char hashBuf[SHA1_LENGTH]; - - PORT_Memset(&key,0,sizeof(key)); - hash.data = hashBuf; - hash.len = sizeof(hashBuf); - - if (!shName) { - goto loser; - } - - /* figure out the name of our check file */ - checkName = mkCheckFileName(shName); - if (!checkName) { - goto loser; - } - - /* open the check File */ - checkFD = PR_Open(checkName, PR_RDONLY, 0); - if (checkFD == NULL) { -#ifdef DEBUG_SHVERIFY - fprintf(stderr, "Failed to open the check file %s: (%d, %d)\n", - checkName, (int)PR_GetError(), (int)PR_GetOSError()); -#endif /* DEBUG_SHVERIFY */ - goto loser; - } - - /* read and Verify the headerthe header */ - bytesRead = PR_Read(checkFD, buf, 12); - if (bytesRead != 12) { - goto loser; - } - if ((buf[0] != NSS_SIGN_CHK_MAGIC1) || (buf[1] != NSS_SIGN_CHK_MAGIC2)) { - goto loser; - } - if ((buf[2] != NSS_SIGN_CHK_MAJOR_VERSION) || - (buf[3] < NSS_SIGN_CHK_MINOR_VERSION)) { - goto loser; - } -#ifdef notdef - if (decodeInt(&buf[8]) != CKK_DSA) { - goto loser; - } -#endif - - /* seek past any future header extensions */ - offset = decodeInt(&buf[4]); - PR_Seek(checkFD, offset, PR_SEEK_SET); - - /* read the key */ - rv = readItem(checkFD,&key.params.prime); - if (rv != SECSuccess) { - goto loser; - } - rv = readItem(checkFD,&key.params.subPrime); - if (rv != SECSuccess) { - goto loser; - } - rv = readItem(checkFD,&key.params.base); - if (rv != SECSuccess) { - goto loser; - } - rv = readItem(checkFD,&key.publicValue); - if (rv != SECSuccess) { - goto loser; - } - /* read the siganture */ - rv = readItem(checkFD,&signature); - if (rv != SECSuccess) { - goto loser; - } - - /* done with the check file */ - PR_Close(checkFD); - checkFD = NULL; - - /* open our library file */ - shFD = PR_Open(shName, PR_RDONLY, 0); - if (shFD == NULL) { -#ifdef DEBUG_SHVERIFY - fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n", - shName, (int)PR_GetError(), (int)PR_GetOSError()); -#endif /* DEBUG_SHVERIFY */ - goto loser; - } - - /* hash our library file with SHA1 */ - hashcx = SHA1_NewContext(); - if (hashcx == NULL) { - goto loser; - } - SHA1_Begin(hashcx); - - count = 0; - while ((bytesRead = PR_Read(shFD, buf, sizeof(buf))) > 0) { - SHA1_Update(hashcx, buf, bytesRead); - count += bytesRead; - } - PR_Close(shFD); - shFD = NULL; - - SHA1_End(hashcx, hash.data, &hash.len, hash.len); - - - /* verify the hash against the check file */ - if (DSA_VerifyDigest(&key, &signature, &hash) == SECSuccess) { - result = PR_TRUE; - } -#ifdef DEBUG_SHVERIFY - { - int i,j; - fprintf(stderr,"File %s: %d bytes\n",shName, count); - fprintf(stderr," hash: %d bytes\n", hash.len); -#define STEP 10 - for (i=0; i < hash.len; i += STEP) { - fprintf(stderr," "); - for (j=0; j < STEP && (i+j) < hash.len; j++) { - fprintf(stderr," %02x", hash.data[i+j]); - } - fprintf(stderr,"\n"); - } - fprintf(stderr," signature: %d bytes\n", signature.len); - for (i=0; i < signature.len; i += STEP) { - fprintf(stderr," "); - for (j=0; j < STEP && (i+j) < signature.len; j++) { - fprintf(stderr," %02x", signature.data[i+j]); - } - fprintf(stderr,"\n"); - } - fprintf(stderr,"Verified : %s\n",result?"TRUE": "FALSE"); - } -#endif /* DEBUG_SHVERIFY */ - - -loser: - if (shName != NULL) { - PR_Free(shName); - } - if (checkName != NULL) { - PORT_Free(checkName); - } - if (checkFD != NULL) { - PR_Close(checkFD); - } - if (shFD != NULL) { - PR_Close(shFD); - } - if (hashcx != NULL) { - SHA1_DestroyContext(hashcx,PR_TRUE); - } - if (signature.data != NULL) { - PORT_Free(signature.data); - } - if (key.params.prime.data != NULL) { - PORT_Free(key.params.prime.data); - } - if (key.params.subPrime.data != NULL) { - PORT_Free(key.params.subPrime.data); - } - if (key.params.base.data != NULL) { - PORT_Free(key.params.base.data); - } - if (key.publicValue.data != NULL) { - PORT_Free(key.publicValue.data); - } - - return result; -} - -PRBool -BLAPI_VerifySelf(const char *name) -{ - /* to separate shlib to verify if name is NULL */ - if (name == NULL) { - return PR_TRUE; - } - return BLAPI_SHVerify(name, (PRFuncPtr) decodeInt); -} diff --git a/security/nss/lib/freebl/sparcfix.c b/security/nss/lib/freebl/sparcfix.c deleted file mode 100644 index 6ebc41cf0..000000000 --- a/security/nss/lib/freebl/sparcfix.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is a program to modify v8+vis objects for linking. - * - * The Initial Developer of the Original Code is Sun Microsystems Inc. - * Portions created by Sun Microsystems Inc. are - * Copyright (C) 1999-2000 Sun Microsystems Inc. All Rights Reserved. - * - * Contributor(s): - * Netscape Communications Corporation - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * $Id$ - */ -#include -#include -#include -#if defined(SOLARIS2_6) || defined(SOLARIS2_7) || defined(SOLARIS2_8) -#define NEW_SYSV_SPARC 1 -#include -#endif -#include -#include - -int -main(int argc, char *argv[]) -{ - Elf * elf; - off_t size; - int fd; - int count; -#if defined(NEW_SYSV_SPARC) - GElf_Ehdr hdr; - GElf_Ehdr *ehdr = &hdr; -#else - Elf32_Ehdr *ehdr; -#endif - - - elf_version(EV_CURRENT); - fd = open(argv[1], O_RDWR); - if (fd < 0) - goto loser; - elf = elf_begin(fd, ELF_C_RDWR, (Elf *)0); - if (!elf) - goto loser; - -#if defined(NEW_SYSV_SPARC) - gelf_getehdr(elf, ehdr); -#else - ehdr = elf32_getehdr(elf); - if (!ehdr) - goto loser; -#endif - - if (ehdr->e_machine == EM_SPARC32PLUS) { - ehdr->e_machine = EM_SPARC; - ehdr->e_flags &= ~(EF_SPARC_32PLUS | EF_SPARC_SUN_US1); -#if defined(NEW_SYSV_SPARC) - count = gelf_update_ehdr(elf, ehdr); - if (count < 0) - goto loser; -#endif - size = elf_update(elf, ELF_C_WRITE); - if (size < 0) - goto loser; - } - - do { - count = elf_end(elf); - } while (count > 0); - return count; - -loser: - return 1; -} diff --git a/security/nss/lib/freebl/sysrand.c b/security/nss/lib/freebl/sysrand.c deleted file mode 100644 index 410ab9cc7..000000000 --- a/security/nss/lib/freebl/sysrand.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "seccomon.h" -#if defined(XP_UNIX) || defined(XP_BEOS) -#include "unix_rand.c" -#endif -#ifdef XP_WIN -#include "win_rand.c" -#endif -#ifdef XP_MAC -#include "mac_rand.c" -#endif -#ifdef XP_OS2 -#include "os2_rand.c" -#endif diff --git a/security/nss/lib/freebl/unix_rand.c b/security/nss/lib/freebl/unix_rand.c deleted file mode 100644 index cd6726530..000000000 --- a/security/nss/lib/freebl/unix_rand.c +++ /dev/null @@ -1,991 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "secrng.h" - -size_t RNG_FileUpdate(const char *fileName, size_t limit); - -/* - * When copying data to the buffer we want the least signicant bytes - * from the input since those bits are changing the fastest. The address - * of least significant byte depends upon whether we are running on - * a big-endian or little-endian machine. - * - * Does this mean the least signicant bytes are the most significant - * to us? :-) - */ - -static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen) -{ - union endianness { - int32 i; - char c[4]; - } u; - - if (srclen <= dstlen) { - memcpy(dst, src, srclen); - return srclen; - } - u.i = 0x01020304; - if (u.c[0] == 0x01) { - /* big-endian case */ - memcpy(dst, (char*)src + (srclen - dstlen), dstlen); - } else { - /* little-endian case */ - memcpy(dst, src, dstlen); - } - return dstlen; -} - -#if defined(SCO) || defined(UNIXWARE) || defined(BSDI) || defined(FREEBSD) \ - || defined(NETBSD) || defined(NTO) || defined(DARWIN) || defined(OPENBSD) -#include - -#define getdtablesize() sysconf(_SC_OPEN_MAX) - -static size_t -GetHighResClock(void *buf, size_t maxbytes) -{ - int ticks; - struct tms buffer; - - ticks=times(&buffer); - return CopyLowBits(buf, maxbytes, &ticks, sizeof(ticks)); -} - -static void -GiveSystemInfo(void) -{ - long si; - - /* - * Is this really necessary? Why not use rand48 or something? - */ - si = sysconf(_SC_CHILD_MAX); - RNG_RandomUpdate(&si, sizeof(si)); - - si = sysconf(_SC_STREAM_MAX); - RNG_RandomUpdate(&si, sizeof(si)); - - si = sysconf(_SC_OPEN_MAX); - RNG_RandomUpdate(&si, sizeof(si)); -} -#endif - -#if defined(__sun) -#if defined(__svr4) || defined(SVR4) -#include -#include -#include - -int gettimeofday(struct timeval *); -int gethostname(char *, int); - -#define getdtablesize() sysconf(_SC_OPEN_MAX) - -static void -GiveSystemInfo(void) -{ - int rv; - char buf[2000]; - - rv = sysinfo(SI_MACHINE, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } - rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } - rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } -} - -static size_t -GetHighResClock(void *buf, size_t maxbytes) -{ - hrtime_t t; - t = gethrtime(); - if (t) { - return CopyLowBits(buf, maxbytes, &t, sizeof(t)); - } - return 0; -} -#else /* SunOS (Sun, but not SVR4) */ - -extern long sysconf(int name); - -static size_t -GetHighResClock(void *buf, size_t maxbytes) -{ - return 0; -} - -static void -GiveSystemInfo(void) -{ - long si; - - /* This is not very good */ - si = sysconf(_SC_CHILD_MAX); - RNG_RandomUpdate(&si, sizeof(si)); -} -#endif -#endif /* Sun */ - -#if defined(__hpux) -#include - -#define getdtablesize() sysconf(_SC_OPEN_MAX) - -#if defined(__ia64) -#include - -static size_t -GetHighResClock(void *buf, size_t maxbytes) -{ - PRUint64 t; - - t = _Asm_mov_from_ar(_AREG44); - return CopyLowBits(buf, maxbytes, &t, sizeof(t)); -} -#else -static size_t -GetHighResClock(void *buf, size_t maxbytes) -{ - extern int ret_cr16(); - int cr16val; - - cr16val = ret_cr16(); - return CopyLowBits(buf, maxbytes, &cr16val, sizeof(cr16val)); -} -#endif - -static void -GiveSystemInfo(void) -{ - long si; - - /* This is not very good */ - si = sysconf(_AES_OS_VERSION); - RNG_RandomUpdate(&si, sizeof(si)); - si = sysconf(_SC_CPU_VERSION); - RNG_RandomUpdate(&si, sizeof(si)); -} -#endif /* HPUX */ - -#if defined(OSF1) -#include -#include -#include -#include - -static void -GiveSystemInfo(void) -{ - char buf[BUFSIZ]; - int rv; - int off = 0; - - rv = sysinfo(SI_MACHINE, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } - rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } - rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } -} - -/* - * Use the "get the cycle counter" instruction on the alpha. - * The low 32 bits completely turn over in less than a minute. - * The high 32 bits are some non-counter gunk that changes sometimes. - */ -static size_t -GetHighResClock(void *buf, size_t maxbytes) -{ - unsigned long t; - - t = asm("rpcc %v0"); - return CopyLowBits(buf, maxbytes, &t, sizeof(t)); -} - -#endif /* Alpha */ - -#if defined(_IBMR2) -static size_t -GetHighResClock(void *buf, size_t maxbytes) -{ - return 0; -} - -static void -GiveSystemInfo(void) -{ - /* XXX haven't found any yet! */ -} -#endif /* IBM R2 */ - -#if defined(LINUX) -#include - -static size_t -GetHighResClock(void *buf, size_t maxbytes) -{ - return 0; -} - -static void -GiveSystemInfo(void) -{ - /* XXX sysinfo() does not seem be implemented anywhwere */ -#if 0 - struct sysinfo si; - char hn[2000]; - if (sysinfo(&si) == 0) { - RNG_RandomUpdate(&si, sizeof(si)); - } -#endif -} -#endif /* LINUX */ - -#if defined(NCR) - -#include -#include - -#define getdtablesize() sysconf(_SC_OPEN_MAX) - -static size_t -GetHighResClock(void *buf, size_t maxbytes) -{ - return 0; -} - -static void -GiveSystemInfo(void) -{ - int rv; - char buf[2000]; - - rv = sysinfo(SI_MACHINE, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } - rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } - rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } -} - -#endif /* NCR */ - - -#if defined(sgi) -#include -#undef PRIVATE -#include -#include -#include -#include -#include -#include - -static void -GiveSystemInfo(void) -{ - int rv; - char buf[4096]; - - rv = syssgi(SGI_SYSID, &buf[0]); - if (rv > 0) { - RNG_RandomUpdate(buf, MAXSYSIDSIZE); - } -#ifdef SGI_RDUBLK - rv = syssgi(SGI_RDUBLK, getpid(), &buf[0], sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, sizeof(buf)); - } -#endif /* SGI_RDUBLK */ - rv = syssgi(SGI_INVENT, SGI_INV_READ, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, sizeof(buf)); - } - rv = sysinfo(SI_MACHINE, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } - rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } - rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } -} - -static size_t GetHighResClock(void *buf, size_t maxbuf) -{ - unsigned phys_addr, raddr, cycleval; - static volatile unsigned *iotimer_addr = NULL; - static int tries = 0; - static int cntr_size; - int mfd; - long s0[2]; - struct timeval tv; - -#ifndef SGI_CYCLECNTR_SIZE -#define SGI_CYCLECNTR_SIZE 165 /* Size user needs to use to read CC */ -#endif - - if (iotimer_addr == NULL) { - if (tries++ > 1) { - /* Don't keep trying if it didn't work */ - return 0; - } - - /* - ** For SGI machines we can use the cycle counter, if it has one, - ** to generate some truly random numbers - */ - phys_addr = syssgi(SGI_QUERY_CYCLECNTR, &cycleval); - if (phys_addr) { - int pgsz = getpagesize(); - int pgoffmask = pgsz - 1; - - raddr = phys_addr & ~pgoffmask; - mfd = open("/dev/mmem", O_RDONLY); - if (mfd < 0) { - return 0; - } - iotimer_addr = (unsigned *) - mmap(0, pgoffmask, PROT_READ, MAP_PRIVATE, mfd, (int)raddr); - if (iotimer_addr == (void*)-1) { - close(mfd); - iotimer_addr = NULL; - return 0; - } - iotimer_addr = (unsigned*) - ((__psint_t)iotimer_addr | (phys_addr & pgoffmask)); - /* - * The file 'mfd' is purposefully not closed. - */ - cntr_size = syssgi(SGI_CYCLECNTR_SIZE); - if (cntr_size < 0) { - struct utsname utsinfo; - - /* - * We must be executing on a 6.0 or earlier system, since the - * SGI_CYCLECNTR_SIZE call is not supported. - * - * The only pre-6.1 platforms with 64-bit counters are - * IP19 and IP21 (Challenge, PowerChallenge, Onyx). - */ - uname(&utsinfo); - if (!strncmp(utsinfo.machine, "IP19", 4) || - !strncmp(utsinfo.machine, "IP21", 4)) - cntr_size = 64; - else - cntr_size = 32; - } - cntr_size /= 8; /* Convert from bits to bytes */ - } - } - - s0[0] = *iotimer_addr; - if (cntr_size > 4) - s0[1] = *(iotimer_addr + 1); - memcpy(buf, (char *)&s0[0], cntr_size); - return CopyLowBits(buf, maxbuf, &s0, cntr_size); -} -#endif - -#if defined(sony) -#include - -#define getdtablesize() sysconf(_SC_OPEN_MAX) - -static size_t -GetHighResClock(void *buf, size_t maxbytes) -{ - return 0; -} - -static void -GiveSystemInfo(void) -{ - int rv; - char buf[2000]; - - rv = sysinfo(SI_MACHINE, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } - rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } - rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } -} -#endif /* sony */ - -#if defined(sinix) -#include -#include - -int gettimeofday(struct timeval *, struct timezone *); -int gethostname(char *, int); - -#define getdtablesize() sysconf(_SC_OPEN_MAX) - -static size_t -GetHighResClock(void *buf, size_t maxbytes) -{ - int ticks; - struct tms buffer; - - ticks=times(&buffer); - return CopyLowBits(buf, maxbytes, &ticks, sizeof(ticks)); -} - -static void -GiveSystemInfo(void) -{ - int rv; - char buf[2000]; - - rv = sysinfo(SI_MACHINE, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } - rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } - rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } -} -#endif /* sinix */ - -#if defined(VMS) -#include - -static void -GiveSystemInfo(void) -{ - long si; - - /* - * This is copied from the SCO/UNIXWARE etc section. And like the comment - * there says, what's the point? This isn't random, it generates the same - * stuff every time its run! - */ - si = sysconf(_SC_CHILD_MAX); - RNG_RandomUpdate(&si, sizeof(si)); - - si = sysconf(_SC_STREAM_MAX); - RNG_RandomUpdate(&si, sizeof(si)); - - si = sysconf(_SC_OPEN_MAX); - RNG_RandomUpdate(&si, sizeof(si)); -} - -/* - * Use the "get the cycle counter" instruction on the alpha. - * The low 32 bits completely turn over in less than a minute. - * The high 32 bits are some non-counter gunk that changes sometimes. - */ -static size_t -GetHighResClock(void *buf, size_t maxbytes) -{ - unsigned long t; - - t = asm("rpcc %v0"); - return CopyLowBits(buf, maxbytes, &t, sizeof(t)); -} - -#endif /* VMS */ - -#ifdef BEOS -#include - -static size_t -GetHighResClock(void *buf, size_t maxbytes) -{ - bigtime_t bigtime; /* Actually an int64 */ - - bigtime = real_time_clock_usecs(); - return CopyLowBits(buf, maxbytes, &bigtime, sizeof(bigtime)); -} - -static void -GiveSystemInfo(void) -{ - system_info *info = NULL; - int32 val; - get_system_info(info); - if (info) { - val = info->boot_time; - RNG_RandomUpdate(&val, sizeof(val)); - val = info->used_pages; - RNG_RandomUpdate(&val, sizeof(val)); - val = info->used_ports; - RNG_RandomUpdate(&val, sizeof(val)); - val = info->used_threads; - RNG_RandomUpdate(&val, sizeof(val)); - val = info->used_teams; - RNG_RandomUpdate(&val, sizeof(val)); - } -} -#endif /* BEOS */ - -#if defined(nec_ews) -#include - -#define getdtablesize() sysconf(_SC_OPEN_MAX) - -static size_t -GetHighResClock(void *buf, size_t maxbytes) -{ - return 0; -} - -static void -GiveSystemInfo(void) -{ - int rv; - char buf[2000]; - - rv = sysinfo(SI_MACHINE, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } - rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } - rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf)); - if (rv > 0) { - RNG_RandomUpdate(buf, rv); - } -} -#endif /* nec_ews */ - -size_t RNG_GetNoise(void *buf, size_t maxbytes) -{ - struct timeval tv; - int n = 0; - int c; - - n = GetHighResClock(buf, maxbytes); - maxbytes -= n; - -#if defined(__sun) && (defined(_svr4) || defined(SVR4)) || defined(sony) - (void)gettimeofday(&tv); -#else - (void)gettimeofday(&tv, 0); -#endif - c = CopyLowBits((char*)buf+n, maxbytes, &tv.tv_usec, sizeof(tv.tv_usec)); - n += c; - maxbytes -= c; - c = CopyLowBits((char*)buf+n, maxbytes, &tv.tv_sec, sizeof(tv.tv_sec)); - n += c; - return n; -} - -#define SAFE_POPEN_MAXARGS 10 /* must be at least 2 */ - -/* - * safe_popen is static to this module and we know what arguments it is - * called with. Note that this version only supports a single open child - * process at any time. - */ -static pid_t safe_popen_pid; -static struct sigaction oldact; - -static FILE * -safe_popen(char *cmd) -{ - int p[2], fd, argc; - pid_t pid; - char *argv[SAFE_POPEN_MAXARGS + 1]; - FILE *fp; - static char blank[] = " \t"; - static struct sigaction newact; - - if (pipe(p) < 0) - return 0; - - /* Setup signals so that SIGCHLD is ignored as we want to do waitpid */ - newact.sa_handler = SIG_DFL; - newact.sa_flags = 0; - sigfillset(&newact.sa_mask); - sigaction (SIGCHLD, &newact, &oldact); - - pid = fork(); - switch (pid) { - case -1: - close(p[0]); - close(p[1]); - sigaction (SIGCHLD, &oldact, NULL); - return 0; - - case 0: - /* dup write-side of pipe to stderr and stdout */ - if (p[1] != 1) dup2(p[1], 1); - if (p[1] != 2) dup2(p[1], 2); - close(0); - for (fd = getdtablesize(); --fd > 2; close(fd)) - ; - - /* clean up environment in the child process */ - putenv("PATH=/bin:/usr/bin:/sbin:/usr/sbin:/etc:/usr/etc"); - putenv("SHELL=/bin/sh"); - putenv("IFS= \t"); - - /* - * The caller may have passed us a string that is in text - * space. It may be illegal to modify the string - */ - cmd = strdup(cmd); - /* format argv */ - argv[0] = strtok(cmd, blank); - argc = 1; - while ((argv[argc] = strtok(0, blank)) != 0) { - if (++argc == SAFE_POPEN_MAXARGS) { - argv[argc] = 0; - break; - } - } - - /* and away we go */ - execvp(argv[0], argv); - exit(127); - break; - - default: - close(p[1]); - fp = fdopen(p[0], "r"); - if (fp == 0) { - close(p[0]); - sigaction (SIGCHLD, &oldact, NULL); - return 0; - } - break; - } - - /* non-zero means there's a cmd running */ - safe_popen_pid = pid; - return fp; -} - -static int -safe_pclose(FILE *fp) -{ - pid_t pid; - int count, status; - - if ((pid = safe_popen_pid) == 0) - return -1; - safe_popen_pid = 0; - - /* if the child hasn't exited, kill it -- we're done with its output */ - count = 0; - while (waitpid(pid, &status, WNOHANG) == 0) { - if (kill(pid, SIGKILL) < 0 && errno == ESRCH) - break; - if (++count == 1000) - break; - } - - /* Reset SIGCHLD signal hander before returning */ - sigaction(SIGCHLD, &oldact, NULL); - - fclose(fp); - return status; -} - - -#if !defined(VMS) - -#ifdef DARWIN -#include -#endif - -void RNG_SystemInfoForRNG(void) -{ - FILE *fp; - char buf[BUFSIZ]; - size_t bytes; - const char * const *cp; - char *randfile; -#ifdef DARWIN - char **environ = *_NSGetEnviron(); -#else - extern char **environ; -#endif -#ifdef BEOS - static const char * const files[] = { - "/boot/var/swap", - "/boot/var/log/syslog", - "/boot/var/tmp", - "/boot/home/config/settings", - "/boot/home", - 0 - }; -#else - static const char * const files[] = { - "/etc/passwd", - "/etc/utmp", - "/tmp", - "/var/tmp", - "/usr/tmp", - 0 - }; -#endif - -#ifdef DO_PS -For now it is considered that it is too expensive to run the ps command -for the small amount of entropy it provides. -#if defined(__sun) && (!defined(__svr4) && !defined(SVR4)) || defined(bsdi) || defined(LINUX) - static char ps_cmd[] = "ps aux"; -#else - static char ps_cmd[] = "ps -el"; -#endif -#endif /* DO_PS */ -#if defined(BSDI) - static char netstat_ni_cmd[] = "netstat -nis"; -#else - static char netstat_ni_cmd[] = "netstat -ni"; -#endif - - GiveSystemInfo(); - - bytes = RNG_GetNoise(buf, sizeof(buf)); - RNG_RandomUpdate(buf, bytes); - - /* - * Pass the C environment and the addresses of the pointers to the - * hash function. This makes the random number function depend on the - * execution environment of the user and on the platform the program - * is running on. - */ - if (environ != NULL) { - cp = environ; - while (*cp) { - RNG_RandomUpdate(*cp, strlen(*cp)); - cp++; - } - RNG_RandomUpdate(environ, (char*)cp - (char*)environ); - } - - /* Give in system information */ - if (gethostname(buf, sizeof(buf)) > 0) { - RNG_RandomUpdate(buf, strlen(buf)); - } - GiveSystemInfo(); - - /* grab some data from system's PRNG before any other files. */ - bytes = RNG_FileUpdate("/dev/urandom", 1024); - - /* If the user points us to a random file, pass it through the rng */ - randfile = getenv("NSRANDFILE"); - if ( ( randfile != NULL ) && ( randfile[0] != '\0') ) { - RNG_FileForRNG(randfile); - } - - /* pass other files through */ - for (cp = files; *cp; cp++) - RNG_FileForRNG(*cp); - -/* - * Bug 100447: On BSD/OS 4.2 and 4.3, we have problem calling safe_popen - * in a pthreads environment. Therefore, we call safe_popen last and on - * BSD/OS we do not call safe_popen when we succeeded in getting data - * from /dev/urandom. - */ - -#ifdef BSDI - if (bytes) - return; -#endif - -#ifdef DO_PS - fp = safe_popen(ps_cmd); - if (fp != NULL) { - while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0) - RNG_RandomUpdate(buf, bytes); - safe_pclose(fp); - } -#endif - fp = safe_popen(netstat_ni_cmd); - if (fp != NULL) { - while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0) - RNG_RandomUpdate(buf, bytes); - safe_pclose(fp); - } - -} -#else -void RNG_SystemInfoForRNG(void) -{ - FILE *fp; - char buf[BUFSIZ]; - size_t bytes; - int extra; - char **cp; - extern char **environ; - char *randfile; - - GiveSystemInfo(); - - bytes = RNG_GetNoise(buf, sizeof(buf)); - RNG_RandomUpdate(buf, bytes); - - /* - * Pass the C environment and the addresses of the pointers to the - * hash function. This makes the random number function depend on the - * execution environment of the user and on the platform the program - * is running on. - */ - cp = environ; - while (*cp) { - RNG_RandomUpdate(*cp, strlen(*cp)); - cp++; - } - RNG_RandomUpdate(environ, (char*)cp - (char*)environ); - - /* Give in system information */ - if (gethostname(buf, sizeof(buf)) > 0) { - RNG_RandomUpdate(buf, strlen(buf)); - } - GiveSystemInfo(); - - /* If the user points us to a random file, pass it through the rng */ - randfile = getenv("NSRANDFILE"); - if ( ( randfile != NULL ) && ( randfile[0] != '\0') ) { - RNG_FileForRNG(randfile); - } - - /* - ** We need to generate at least 1024 bytes of seed data. Since we don't - ** do the file stuff for VMS, and because the environ list is so short - ** on VMS, we need to make sure we generate enough. So do another 1000 - ** bytes to be sure. - */ - extra = 1000; - while (extra > 0) { - cp = environ; - while (*cp) { - int n = strlen(*cp); - RNG_RandomUpdate(*cp, n); - extra -= n; - cp++; - } - } -} -#endif - -#define TOTAL_FILE_LIMIT 1000000 /* one million */ - -size_t RNG_FileUpdate(const char *fileName, size_t limit) -{ - FILE * file; - size_t bytes; - size_t fileBytes = 0; - struct stat stat_buf; - unsigned char buffer[BUFSIZ]; - static size_t totalFileBytes = 0; - - if (stat((char *)fileName, &stat_buf) < 0) - return fileBytes; - RNG_RandomUpdate(&stat_buf, sizeof(stat_buf)); - - file = fopen((char *)fileName, "r"); - if (file != NULL) { - while (limit > fileBytes) { - bytes = PR_MIN(sizeof buffer, limit - fileBytes); - bytes = fread(buffer, 1, bytes, file); - if (bytes == 0) - break; - RNG_RandomUpdate(buffer, bytes); - fileBytes += bytes; - totalFileBytes += bytes; - /* after TOTAL_FILE_LIMIT has been reached, only read in first - ** buffer of data from each subsequent file. - */ - if (totalFileBytes > TOTAL_FILE_LIMIT) - break; - } - fclose(file); - } - /* - * Pass yet another snapshot of our highest resolution clock into - * the hash function. - */ - bytes = RNG_GetNoise(buffer, sizeof(buffer)); - RNG_RandomUpdate(buffer, bytes); - return fileBytes; -} - -void RNG_FileForRNG(const char *fileName) -{ - RNG_FileUpdate(fileName, TOTAL_FILE_LIMIT); -} diff --git a/security/nss/lib/freebl/win_rand.c b/security/nss/lib/freebl/win_rand.c deleted file mode 100644 index bad0365cd..000000000 --- a/security/nss/lib/freebl/win_rand.c +++ /dev/null @@ -1,545 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "secrng.h" -#ifdef XP_WIN -#include - -#if defined(_WIN32_WCE) -#include /* Win CE puts lots of stuff here. */ -#include "prprf.h" /* for PR_snprintf */ -#else -#include -#include -#include -#include -#endif -#include - -#ifndef _WIN32 -#define VTD_Device_ID 5 -#define OP_OVERRIDE _asm _emit 0x66 -#include -#endif - -#include "prio.h" - -static PRInt32 filesToRead; -static DWORD totalFileBytes; -static DWORD maxFileBytes = 250000; /* 250 thousand */ -static DWORD dwNumFiles, dwReadEvery; - -static BOOL -CurrentClockTickTime(LPDWORD lpdwHigh, LPDWORD lpdwLow) -{ -#ifdef _WIN32 - LARGE_INTEGER liCount; - - if (!QueryPerformanceCounter(&liCount)) - return FALSE; - - *lpdwHigh = liCount.u.HighPart; - *lpdwLow = liCount.u.LowPart; - return TRUE; - -#else /* is WIN16 */ - BOOL bRetVal; - FARPROC lpAPI; - WORD w1, w2, w3, w4; - - // Get direct access to the VTD and query the current clock tick time - _asm { - xor di, di - mov es, di - mov ax, 1684h - mov bx, VTD_Device_ID - int 2fh - mov ax, es - or ax, di - jz EnumerateFailed - - ; VTD API is available. First store the API address (the address actually - ; contains an instruction that causes a fault, the fault handler then - ; makes the ring transition and calls the API in the VxD) - mov word ptr lpAPI, di - mov word ptr lpAPI+2, es - mov ax, 100h ; API function to VTD_Get_Real_Time -; call dword ptr [lpAPI] - call [lpAPI] - - ; Result is in EDX:EAX which we will get 16-bits at a time - mov w2, dx - OP_OVERRIDE - shr dx,10h ; really "shr edx, 16" - mov w1, dx - - mov w4, ax - OP_OVERRIDE - shr ax,10h ; really "shr eax, 16" - mov w3, ax - - mov bRetVal, 1 ; return TRUE - jmp EnumerateExit - - EnumerateFailed: - mov bRetVal, 0 ; return FALSE - - EnumerateExit: - } - - *lpdwHigh = MAKELONG(w2, w1); - *lpdwLow = MAKELONG(w4, w3); - - return bRetVal; -#endif /* is WIN16 */ -} - -size_t RNG_GetNoise(void *buf, size_t maxbuf) -{ - DWORD dwHigh, dwLow, dwVal; - int n = 0; - int nBytes; - - if (maxbuf <= 0) - return 0; - - CurrentClockTickTime(&dwHigh, &dwLow); - - // get the maximally changing bits first - nBytes = sizeof(dwLow) > maxbuf ? maxbuf : sizeof(dwLow); - memcpy((char *)buf, &dwLow, nBytes); - n += nBytes; - maxbuf -= nBytes; - - if (maxbuf <= 0) - return n; - - nBytes = sizeof(dwHigh) > maxbuf ? maxbuf : sizeof(dwHigh); - memcpy(((char *)buf) + n, &dwHigh, nBytes); - n += nBytes; - maxbuf -= nBytes; - - if (maxbuf <= 0) - return n; - - // get the number of milliseconds that have elapsed since Windows started - dwVal = GetTickCount(); - - nBytes = sizeof(dwVal) > maxbuf ? maxbuf : sizeof(dwVal); - memcpy(((char *)buf) + n, &dwVal, nBytes); - n += nBytes; - maxbuf -= nBytes; - - if (maxbuf <= 0) - return n; - -#if defined(_WIN32_WCE) - { - // get the number of milliseconds elapsed since Windows CE was started. - DWORD tickCount = GetTickCount(); - nBytes = (sizeof tickCount) > maxbuf ? maxbuf : (sizeof tickCount); - memcpy(((char *)buf) + n, &tickCount, nBytes); - n += nBytes; - } -#else - { - time_t sTime; - // get the time in seconds since midnight Jan 1, 1970 - time(&sTime); - nBytes = sizeof(sTime) > maxbuf ? maxbuf : sizeof(sTime); - memcpy(((char *)buf) + n, &sTime, nBytes); - n += nBytes; - } -#endif - - return n; -} - -#if defined(_WIN32_WCE) -static BOOL -EnumSystemFilesWithNSPR(const char * dirName, - BOOL recursive, - PRInt32 (*func)(const char *)) -{ - PRDir * pDir; - PRDirEntry * pEntry; - BOOL rv = FALSE; - - pDir = PR_OpenDir(dirName); - if (!pDir) - return rv; - while ((pEntry = PR_ReadDir(pDir, PR_SKIP_BOTH|PR_SKIP_HIDDEN)) != NULL) { - PRStatus status; - PRInt32 count; - PRInt32 stop; - PRFileInfo fileInfo; - char szFileName[_MAX_PATH]; - - count = (PRInt32)PR_snprintf(szFileName, sizeof szFileName, "%s\\%s", - dirName, PR_DirName(pEntry)); - if (count < 1) - continue; - status = PR_GetFileInfo(szFileName, &fileInfo); - if (status != PR_SUCCESS) - continue; - if (fileInfo.type == PR_FILE_FILE) { - stop = (*func)(szFileName); - rv = TRUE; - if (stop) - break; - continue; - } - if (recursive && fileInfo.type == PR_FILE_DIRECTORY) { - rv |= EnumSystemFilesWithNSPR(szFileName, recursive, func); - } - } - PR_CloseDir(pDir); - return rv; -} -#endif - -static BOOL -EnumSystemFiles(PRInt32 (*func)(const char *)) -{ -#if defined(_WIN32_WCE) - BOOL rv = FALSE; - rv |= EnumSystemFilesWithNSPR("\\Windows\\Temporary Internet Files", TRUE, func); - rv |= EnumSystemFilesWithNSPR("\\Temp", FALSE, func); - rv |= EnumSystemFilesWithNSPR("\\Windows", FALSE, func); - return rv; -#else - int iStatus; - char szSysDir[_MAX_PATH]; - char szFileName[_MAX_PATH]; -#ifdef _WIN32 - struct _finddata_t fdData; - long lFindHandle; -#else - struct _find_t fdData; -#endif - - if (!GetSystemDirectory(szSysDir, sizeof(szSysDir))) - return FALSE; - - // tack *.* on the end so we actually look for files. this will - // not overflow - strcpy(szFileName, szSysDir); - strcat(szFileName, "\\*.*"); - -#ifdef _WIN32 - lFindHandle = _findfirst(szFileName, &fdData); - if (lFindHandle == -1) - return FALSE; -#else - if (_dos_findfirst(szFileName, _A_NORMAL | _A_RDONLY | _A_ARCH | _A_SUBDIR, &fdData) != 0) - return FALSE; -#endif - - do { - // pass the full pathname to the callback - sprintf(szFileName, "%s\\%s", szSysDir, fdData.name); - (*func)(szFileName); - -#ifdef _WIN32 - iStatus = _findnext(lFindHandle, &fdData); -#else - iStatus = _dos_findnext(&fdData); -#endif - } while (iStatus == 0); - -#ifdef _WIN32 - _findclose(lFindHandle); -#endif - - return TRUE; -#endif -} - -static PRInt32 -CountFiles(const char *file) -{ - dwNumFiles++; - return 0; -} - -static PRInt32 -ReadFiles(const char *file) -{ - if ((dwNumFiles % dwReadEvery) == 0) { - ++filesToRead; - } - if (filesToRead) { - DWORD prevFileBytes = totalFileBytes; - RNG_FileForRNG(file); - if (prevFileBytes < totalFileBytes) { - --filesToRead; - } - } - dwNumFiles++; - return (totalFileBytes >= maxFileBytes); -} - -static void -ReadSystemFiles() -{ - // first count the number of files - dwNumFiles = 0; - if (!EnumSystemFiles(CountFiles)) - return; - - RNG_RandomUpdate(&dwNumFiles, sizeof(dwNumFiles)); - - // now read 10 files - filesToRead = 10; - if (dwNumFiles == 0) - return; - - dwReadEvery = dwNumFiles / 10; - if (dwReadEvery == 0) - dwReadEvery = 1; // less than 10 files - - dwNumFiles = 0; - EnumSystemFiles(ReadFiles); -} - -void RNG_SystemInfoForRNG(void) -{ - DWORD dwVal; - char buffer[256]; - int nBytes; -#ifdef _WIN32 - MEMORYSTATUS sMem; - HANDLE hVal; -#if !defined(_WIN32_WCE) - DWORD dwSerialNum; - DWORD dwComponentLen; - DWORD dwSysFlags; - char volName[128]; - DWORD dwSectors, dwBytes, dwFreeClusters, dwNumClusters; -#endif -#else - int iVal; - HTASK hTask; - WORD wDS, wCS; - LPSTR lpszEnv; -#endif - - nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes - RNG_RandomUpdate(buffer, nBytes); - -#ifdef _WIN32 - sMem.dwLength = sizeof(sMem); - GlobalMemoryStatus(&sMem); // assorted memory stats - RNG_RandomUpdate(&sMem, sizeof(sMem)); -#if !defined(_WIN32_WCE) - dwVal = GetLogicalDrives(); - RNG_RandomUpdate(&dwVal, sizeof(dwVal)); // bitfields in bits 0-25 -#endif -#else - dwVal = GetFreeSpace(0); - RNG_RandomUpdate(&dwVal, sizeof(dwVal)); - - _asm mov wDS, ds; - _asm mov wCS, cs; - RNG_RandomUpdate(&wDS, sizeof(wDS)); - RNG_RandomUpdate(&wCS, sizeof(wCS)); -#endif - -#ifdef _WIN32 -#if !defined(_WIN32_WCE) - dwVal = sizeof(buffer); - if (GetComputerName(buffer, &dwVal)) - RNG_RandomUpdate(buffer, dwVal); -#endif -/* XXX This is code that got yanked because of NSPR20. We should put it - * back someday. - */ -#ifdef notdef - { - POINT ptVal; - GetCursorPos(&ptVal); - RNG_RandomUpdate(&ptVal, sizeof(ptVal)); - } - - dwVal = GetQueueStatus(QS_ALLINPUT); // high and low significant - RNG_RandomUpdate(&dwVal, sizeof(dwVal)); - - { - HWND hWnd; - hWnd = GetClipboardOwner(); // 2 or 4 bytes - RNG_RandomUpdate((void *)&hWnd, sizeof(hWnd)); - } - - { - UUID sUuid; - UuidCreate(&sUuid); // this will fail on machines with no ethernet - RNG_RandomUpdate(&sUuid, sizeof(sUuid)); // boards. shove the bits in regardless - } -#endif - - hVal = GetCurrentProcess(); // 4 byte handle of current task - RNG_RandomUpdate(&hVal, sizeof(hVal)); - - dwVal = GetCurrentProcessId(); // process ID (4 bytes) - RNG_RandomUpdate(&dwVal, sizeof(dwVal)); - -#if !defined(_WIN32_WCE) - volName[0] = '\0'; - buffer[0] = '\0'; - GetVolumeInformation(NULL, - volName, - sizeof(volName), - &dwSerialNum, - &dwComponentLen, - &dwSysFlags, - buffer, - sizeof(buffer)); - - RNG_RandomUpdate(volName, strlen(volName)); - RNG_RandomUpdate(&dwSerialNum, sizeof(dwSerialNum)); - RNG_RandomUpdate(&dwComponentLen, sizeof(dwComponentLen)); - RNG_RandomUpdate(&dwSysFlags, sizeof(dwSysFlags)); - RNG_RandomUpdate(buffer, strlen(buffer)); - - if (GetDiskFreeSpace(NULL, &dwSectors, &dwBytes, &dwFreeClusters, &dwNumClusters)) { - RNG_RandomUpdate(&dwSectors, sizeof(dwSectors)); - RNG_RandomUpdate(&dwBytes, sizeof(dwBytes)); - RNG_RandomUpdate(&dwFreeClusters, sizeof(dwFreeClusters)); - RNG_RandomUpdate(&dwNumClusters, sizeof(dwNumClusters)); - } -#endif -#else /* is WIN16 */ - hTask = GetCurrentTask(); - RNG_RandomUpdate((void *)&hTask, sizeof(hTask)); - - iVal = GetNumTasks(); - RNG_RandomUpdate(&iVal, sizeof(iVal)); // number of running tasks - - lpszEnv = GetDOSEnvironment(); - while (*lpszEnv != '\0') { - RNG_RandomUpdate(lpszEnv, strlen(lpszEnv)); - - lpszEnv += strlen(lpszEnv) + 1; - } -#endif /* is WIN16 */ - - // now let's do some files - ReadSystemFiles(); - - nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes - RNG_RandomUpdate(buffer, nBytes); -} - -#if defined(_WIN32_WCE) -void RNG_FileForRNG(const char *filename) -{ - PRFileDesc * file; - int nBytes; - PRFileInfo infoBuf; - unsigned char buffer[1024]; - - /* windows doesn't initialize all the bytes in the stat buf, - * so initialize them all here to avoid UMRs. - */ - memset(&infoBuf, 0, sizeof infoBuf); - - if (PR_GetFileInfo(filename, &infoBuf) < 0) - return; - - RNG_RandomUpdate((unsigned char*)&infoBuf, sizeof(infoBuf)); - - file = PR_Open(filename, PR_RDONLY, 0); - if (file != NULL) { - for (;;) { - PRInt32 bytes = PR_Read(file, buffer, sizeof buffer); - - if (bytes <= 0) - break; - - RNG_RandomUpdate(buffer, bytes); - totalFileBytes += bytes; - if (totalFileBytes > maxFileBytes) - break; - } - - PR_Close(file); - } - - nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes - RNG_RandomUpdate(buffer, nBytes); -} - -#else /* not WinCE */ - -void RNG_FileForRNG(const char *filename) -{ - FILE* file; - int nBytes; - struct stat stat_buf; - unsigned char buffer[1024]; - - /* static DWORD totalFileBytes = 0; */ - - /* windows doesn't initialize all the bytes in the stat buf, - * so initialize them all here to avoid UMRs. - */ - memset(&stat_buf, 0, sizeof stat_buf); - - if (stat((char *)filename, &stat_buf) < 0) - return; - - RNG_RandomUpdate((unsigned char*)&stat_buf, sizeof(stat_buf)); - - file = fopen((char *)filename, "r"); - if (file != NULL) { - for (;;) { - size_t bytes = fread(buffer, 1, sizeof(buffer), file); - - if (bytes == 0) - break; - - RNG_RandomUpdate(buffer, bytes); - totalFileBytes += bytes; - if (totalFileBytes > maxFileBytes) - break; - } - - fclose(file); - } - - nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes - RNG_RandomUpdate(buffer, nBytes); -} - -#endif /* not WinCE */ -#endif /* is XP_WIN */ -- cgit v1.2.1