Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • nettle/nettle
  • briansmith/nettle
  • ajlawrence/nettle
  • mhoffmann/nettle
  • devnexen/nettle
  • wiml/nettle
  • lumag/nettle
  • michaelweiser/nettle
  • aberaud/nettle
  • mamonet/nettle
  • npocs/nettle
  • babelouest/nettle
  • ueno/nettle
  • rth/nettle
14 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 1662 additions and 533 deletions
balloon-sha384.c 0 → 100644
View file @ 99a9c929
/* balloon-sha384.c
Balloon password-hashing algorithm.
Copyright (C) 2022 Zoltan Fridrich
Copyright (C) 2022 Red Hat, Inc.
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "balloon.h"
#include "sha2.h"
void
balloon_sha384(size_t s_cost, size_t t_cost,
size_t passwd_length, const uint8_t *passwd,
size_t salt_length, const uint8_t *salt,
uint8_t *scratch, uint8_t *dst)
{
struct sha384_ctx ctx;
sha384_init(&ctx);
balloon(&ctx,
(nettle_hash_update_func*)sha384_update,
(nettle_hash_digest_func*)sha384_digest,
SHA384_DIGEST_SIZE, s_cost, t_cost,
passwd_length, passwd, salt_length, salt, scratch, dst);
}
balloon-sha512.c 0 → 100644
View file @ 99a9c929
/* balloon-sha512.c
Balloon password-hashing algorithm.
Copyright (C) 2022 Zoltan Fridrich
Copyright (C) 2022 Red Hat, Inc.
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "balloon.h"
#include "sha2.h"
void
balloon_sha512(size_t s_cost, size_t t_cost,
size_t passwd_length, const uint8_t *passwd,
size_t salt_length, const uint8_t *salt,
uint8_t *scratch, uint8_t *dst)
{
struct sha512_ctx ctx;
sha512_init(&ctx);
balloon(&ctx,
(nettle_hash_update_func*)sha512_update,
(nettle_hash_digest_func*)sha512_digest,
SHA512_DIGEST_SIZE, s_cost, t_cost,
passwd_length, passwd, salt_length, salt, scratch, dst);
}
balloon.c 0 → 100644
View file @ 99a9c929
/* balloon.c
Balloon password-hashing algorithm.
Copyright (C) 2022 Zoltan Fridrich
Copyright (C) 2022 Red Hat, Inc.
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/* For a description of the algorithm, see:
* Boneh, D., Corrigan-Gibbs, H., Schechter, S. (2017, May 12). Balloon Hashing:
* A Memory-Hard Function Providing Provable Protection Against Sequential Attacks.
* Retrieved Sep 1, 2022, from https://eprint.iacr.org/2016/027.pdf
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <string.h>
#include "balloon.h"
#include "macros.h"
#define DELTA 3
static void
hash(void *ctx,
nettle_hash_update_func *update,
nettle_hash_digest_func *digest,
uint64_t cnt,
size_t a_len, const uint8_t *a,
size_t b_len, const uint8_t *b,
uint8_t *dst)
{
uint8_t tmp[8];
LE_WRITE_UINT64(tmp, cnt);
update(ctx, sizeof(tmp), tmp);
if (a && a_len)
update(ctx, a_len, a);
if (b && b_len)
update(ctx, b_len, b);
digest(ctx, dst);
}
static void
hash_ints(void *ctx,
nettle_hash_update_func *update,
nettle_hash_digest_func *digest,
uint64_t i, uint64_t j, uint64_t k,
uint8_t *dst)
{
uint8_t tmp[24];
LE_WRITE_UINT64(tmp, i);
LE_WRITE_UINT64(tmp + 8, j);
LE_WRITE_UINT64(tmp + 16, k);
update(ctx, sizeof(tmp), tmp);
digest(ctx, dst);
}
/* Takes length bytes long big number stored
* in little endian format and computes modulus
*/
static size_t
block_to_int(size_t length, const uint8_t *block, size_t mod)
{
size_t i = length, r = 0;
while (i--)
{
r = (r << 8) + block[i];
r %= mod;
}
return r;
}
void
balloon(void *hash_ctx,
nettle_hash_update_func *update,
nettle_hash_digest_func *digest,
size_t digest_size, size_t s_cost, size_t t_cost,
size_t passwd_length, const uint8_t *passwd,
size_t salt_length, const uint8_t *salt,
uint8_t *scratch, uint8_t *dst)
{
const size_t BS = digest_size;
uint8_t *block = scratch;
uint8_t *buf = scratch + BS;
size_t i, j, k, cnt = 0;
hash(hash_ctx, update, digest,
cnt++, passwd_length, passwd, salt_length, salt, buf);
for (i = 1; i < s_cost; ++i)
hash(hash_ctx, update, digest,
cnt++, BS, buf + (i - 1) * BS, 0, NULL, buf + i * BS);
for (i = 0; i < t_cost; ++i)
{
for (j = 0; j < s_cost; ++j)
{
hash(hash_ctx, update, digest,
cnt++, BS, buf + (j ? j - 1 : s_cost - 1) * BS,
BS, buf + j * BS, buf + j * BS);
for (k = 0; k < DELTA; ++k)
{
hash_ints(hash_ctx, update, digest, i, j, k, block);
hash(hash_ctx, update, digest,
cnt++, salt_length, salt, BS, block, block);
hash(hash_ctx, update, digest,
cnt++, BS, buf + j * BS,
BS, buf + block_to_int(BS, block, s_cost) * BS,
buf + j * BS);
}
}
}
memcpy(dst, buf + (s_cost - 1) * BS, BS);
}
size_t
balloon_itch(size_t digest_size, size_t s_cost)
{
return (s_cost + 1) * digest_size;
}
balloon.h 0 → 100644
View file @ 99a9c929
/* balloon.h
Balloon password-hashing algorithm.
Copyright (C) 2022 Zoltan Fridrich
Copyright (C) 2022 Red Hat, Inc.
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/* For a description of the algorithm, see:
* Boneh, D., Corrigan-Gibbs, H., Schechter, S. (2017, May 12). Balloon Hashing:
* A Memory-Hard Function Providing Provable Protection Against Sequential Attacks.
* Retrieved Sep 1, 2022, from https://eprint.iacr.org/2016/027.pdf
*/
#ifndef NETTLE_BALLOON_H_INCLUDED
#define NETTLE_BALLOON_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define balloon nettle_balloon
#define balloon_itch nettle_balloon_itch
#define balloon_sha1 nettle_balloon_sha1
#define balloon_sha256 nettle_balloon_sha256
#define balloon_sha384 nettle_balloon_sha384
#define balloon_sha512 nettle_balloon_sha512
void
balloon(void *hash_ctx,
nettle_hash_update_func *update,
nettle_hash_digest_func *digest,
size_t digest_size, size_t s_cost, size_t t_cost,
size_t passwd_length, const uint8_t *passwd,
size_t salt_length, const uint8_t *salt,
uint8_t *scratch, uint8_t *dst);
size_t
balloon_itch(size_t digest_size, size_t s_cost);
void
balloon_sha1(size_t s_cost, size_t t_cost,
size_t passwd_length, const uint8_t *passwd,
size_t salt_length, const uint8_t *salt,
uint8_t *scratch, uint8_t *dst);
void
balloon_sha256(size_t s_cost, size_t t_cost,
size_t passwd_length, const uint8_t *passwd,
size_t salt_length, const uint8_t *salt,
uint8_t *scratch, uint8_t *dst);
void
balloon_sha384(size_t s_cost, size_t t_cost,
size_t passwd_length, const uint8_t *passwd,
size_t salt_length, const uint8_t *salt,
uint8_t *scratch, uint8_t *dst);
void
balloon_sha512(size_t s_cost, size_t t_cost,
size_t passwd_length, const uint8_t *passwd,
size_t salt_length, const uint8_t *salt,
uint8_t *scratch, uint8_t *dst);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_BALLOON_H_INCLUDED */
base16-decode.c
View file @ 99a9c929
/* base16-encode.c
*
* Hex decoding.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
Hex decoding.
Copyright (C) 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
......@@ -58,15 +66,16 @@ hex_decode_table[0x80] =
int
base16_decode_single(struct base16_decode_ctx *ctx,
uint8_t *dst,
uint8_t src)
char src)
{
/* Avoid signed char for indexing. */
unsigned char usrc = src;
int digit;
if (src >= 0x80)
if (usrc >= 0x80)
return -1;
/* FIXME: This code could use more clever choices of constants. */
digit = hex_decode_table[src];
digit = hex_decode_table[usrc];
switch (digit)
{
case -1:
......@@ -94,17 +103,15 @@ base16_decode_single(struct base16_decode_ctx *ctx,
int
base16_decode_update(struct base16_decode_ctx *ctx,
unsigned *dst_length,
size_t *dst_length,
uint8_t *dst,
unsigned src_length,
const uint8_t *src)
size_t src_length,
const char *src)
{
unsigned done;
unsigned i;
size_t done;
size_t i;
assert(*dst_length >= BASE16_DECODE_LENGTH(src_length));
for (i = 0, done = 0; i<src_length; i++)
for (i = done = 0; i<src_length; i++)
switch(base16_decode_single(ctx, dst + done, src[i]))
{
case -1:
......
base16-encode.c
View file @ 99a9c929
/* base16-encode.c
*
* Hex encoding.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
Hex encoding.
Copyright (C) 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
......@@ -35,10 +43,9 @@ hex_digits[16] = "0123456789abcdef";
#define DIGIT(x) (hex_digits[(x) & 0xf])
/* FIXME: Is this really needed? */
/* Encodes a single byte. Always stores two digits in dst[0] and dst[1]. */
void
base16_encode_single(uint8_t *dst,
base16_encode_single(char *dst,
uint8_t src)
{
dst[0] = DIGIT(src/0x10);
......@@ -47,12 +54,12 @@ base16_encode_single(uint8_t *dst,
/* Always stores BASE16_ENCODE_LENGTH(length) digits in dst. */
void
base16_encode_update(uint8_t *dst,
unsigned length,
base16_encode_update(char *dst,
size_t length,
const uint8_t *src)
{
unsigned i;
size_t i;
for (i = 0, dst; i<length; i++, dst += 2)
for (i = 0; i<length; i++, dst += 2)
base16_encode_single(dst, src[i]);
}
base16-meta.c
View file @ 99a9c929
/* base16-meta.c */
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
/* base16-meta.c
Copyright (C) 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
......@@ -29,28 +38,30 @@
#include "base16.h"
/* Same as the macros with the same name */
static unsigned
base16_encode_length(unsigned length)
static nettle_armor_length_func base16_encode_length;
static size_t
base16_encode_length(size_t length)
{
return BASE16_ENCODE_LENGTH(length);
}
static unsigned
base16_decode_length(unsigned length)
static nettle_armor_length_func base16_decode_length;
static size_t
base16_decode_length(size_t length)
{
return BASE16_DECODE_LENGTH(length);
}
static nettle_armor_init_func base16_encode_init;
static void
base16_encode_init(void *ctx)
{ (void) ctx; }
base16_encode_init(void *ctx UNUSED)
{ }
static unsigned
base16_encode_update_wrapper(void *ctx, uint8_t *dst,
unsigned length, const uint8_t *src)
static nettle_armor_encode_update_func base16_encode_update_wrapper;
static size_t
base16_encode_update_wrapper(void *ctx UNUSED, char *dst,
size_t length, const uint8_t *src)
{
(void) ctx;
base16_encode_update(dst, length, src);
return BASE16_ENCODE_LENGTH(length);
}
......@@ -58,9 +69,12 @@ base16_encode_update_wrapper(void *ctx, uint8_t *dst,
#undef base16_encode_update
#define base16_encode_update base16_encode_update_wrapper
static unsigned
base16_encode_final(void *ctx, uint8_t *dst)
{ (void) ctx; (void) dst; return 0; }
static nettle_armor_encode_final_func base16_encode_final;
static size_t
base16_encode_final(void *ctx UNUSED, char *dst UNUSED)
{
return 0;
}
#define BASE16_ENCODE_FINAL_LENGTH 0
......
base16.h
View file @ 99a9c929
/* base16.h
*
* Hex encoding and decoding, following spki conventions (i.e.
* allowing whitespace between digits).
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
Hex encoding and decoding, following spki conventions (i.e.
allowing whitespace between digits).
Copyright (C) 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_BASE16_H_INCLUDED
#define NETTLE_BASE16_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define base16_encode_single nettle_base16_encode_single
#define base16_encode_update nettle_base16_encode_update
......@@ -44,13 +56,13 @@
/* Encodes a single byte. Always stores two digits in dst[0] and dst[1]. */
void
base16_encode_single(uint8_t *dst,
base16_encode_single(char *dst,
uint8_t src);
/* Always stores BASE16_ENCODE_LENGTH(length) digits in dst. */
void
base16_encode_update(uint8_t *dst,
unsigned length,
base16_encode_update(char *dst,
size_t length,
const uint8_t *src);
......@@ -62,8 +74,8 @@ base16_encode_update(uint8_t *dst,
struct base16_decode_ctx
{
unsigned word; /* Leftover bits */
unsigned bits; /* Number buffered bits */
unsigned char word; /* Leftover bits */
unsigned char bits; /* Number buffered bits */
};
void
......@@ -74,25 +86,25 @@ base16_decode_init(struct base16_decode_ctx *ctx);
int
base16_decode_single(struct base16_decode_ctx *ctx,
uint8_t *dst,
uint8_t src);
char src);
/* Returns 1 on success, 0 on error. DST should point to an area of
* size at least BASE16_DECODE_LENGTH(length), and for sanity
* checking, *DST_LENGTH should be initialized to the size of that
* area before the call. *DST_LENGTH is updated to the amount of
* decoded output. */
* size at least BASE16_DECODE_LENGTH(length). The amount of data
* generated is returned in *DST_LENGTH. */
/* FIXME: Currently results in an assertion failure if *DST_LENGTH is
* too small. Return some error instead? */
int
base16_decode_update(struct base16_decode_ctx *ctx,
unsigned *dst_length,
size_t *dst_length,
uint8_t *dst,
unsigned src_length,
const uint8_t *src);
size_t src_length,
const char *src);
/* Returns 1 on success. */
int
base16_decode_final(struct base16_decode_ctx *ctx);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_BASE16_H_INCLUDED */
base64-decode.c
View file @ 99a9c929
/* base64-encode.c
*
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
Copyright (C) 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
......@@ -35,43 +42,40 @@
#define TABLE_SPACE -2
#define TABLE_END -3
/* FIXME: Make sure that all whitespace characters, SPC, HT, VT, FF,
* CR and LF are ignored. */
static const signed char
decode_table[0x100] =
{
-1, -1, -1, -1, -1, -1, -1, -1, -1, -2, -2, -1, -1, -2, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-2, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63,
52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -3, -1, -1,
-1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1,
-1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
};
void
base64_decode_init(struct base64_decode_ctx *ctx)
{
static const signed char base64_decode_table[0x100] =
{
/* White space is HT, VT, FF, CR, LF and SPC */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -2, -2, -2, -2, -2, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-2, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63,
52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -3, -1, -1,
-1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1,
-1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
};
ctx->word = ctx->bits = ctx->padding = 0;
ctx->table = base64_decode_table;
}
int
base64_decode_single(struct base64_decode_ctx *ctx,
uint8_t *dst,
uint8_t src)
char src)
{
int data;
data = decode_table[src];
int data = ctx->table[(uint8_t) src];
switch(data)
{
......@@ -115,16 +119,14 @@ base64_decode_single(struct base64_decode_ctx *ctx,
int
base64_decode_update(struct base64_decode_ctx *ctx,
unsigned *dst_length,
size_t *dst_length,
uint8_t *dst,
unsigned src_length,
const uint8_t *src)
size_t src_length,
const char *src)
{
unsigned done;
unsigned i;
size_t done;
size_t i;
assert(*dst_length >= BASE64_DECODE_LENGTH(src_length));
for (i = 0, done = 0; i<src_length; i++)
switch(base64_decode_single(ctx, dst + done, src[i]))
{
......
base64-encode.c
View file @ 99a9c929
/* base64-encode.c
*
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
Copyright (C) 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
......@@ -31,18 +38,14 @@
#include "base64.h"
static const uint8_t encode_table[64] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789+/";
#define ENCODE(x) (encode_table[0x3F & (x)])
#define ENCODE(alphabet,x) ((alphabet)[0x3F & (x)])
void
base64_encode_raw(uint8_t *dst, unsigned length, const uint8_t *src)
static void
encode_raw(const char *alphabet,
char *dst, size_t length, const uint8_t *src)
{
const uint8_t *in = src + length;
uint8_t *out = dst + BASE64_ENCODE_RAW_LENGTH(length);
char *out = dst + BASE64_ENCODE_RAW_LENGTH(length);
unsigned left_over = length % 3;
......@@ -54,95 +57,63 @@ base64_encode_raw(uint8_t *dst, unsigned length, const uint8_t *src)
{
case 1:
*--out = '=';
*--out = ENCODE(in[0] << 4);
*--out = ENCODE(alphabet, (in[0] << 4));
break;
case 2:
*--out = ENCODE( in[1] << 2);
*--out = ENCODE((in[0] << 4) | (in[1] >> 4));
*--out = ENCODE(alphabet, (in[1] << 2));
*--out = ENCODE(alphabet, ((in[0] << 4) | (in[1] >> 4)));
break;
default:
abort();
}
*--out = ENCODE(in[0] >> 2);
*--out = ENCODE(alphabet, (in[0] >> 2));
}
while (in > src)
{
in -= 3;
*--out = ENCODE( in[2]);
*--out = ENCODE((in[1] << 2) | (in[2] >> 6));
*--out = ENCODE((in[0] << 4) | (in[1] >> 4));
*--out = ENCODE( in[0] >> 2);
*--out = ENCODE(alphabet, (in[2]));
*--out = ENCODE(alphabet, ((in[1] << 2) | (in[2] >> 6)));
*--out = ENCODE(alphabet, ((in[0] << 4) | (in[1] >> 4)));
*--out = ENCODE(alphabet, (in[0] >> 2));
}
assert(in == src);
assert(out == dst);
}
#if 0
unsigned
base64_encode(uint8_t *dst,
unsigned src_length,
const uint8_t *src)
{
unsigned dst_length = BASE64_ENCODE_RAW_LENGTH(src_length);
unsigned n = src_length / 3;
unsigned left_over = src_length % 3;
unsigned done = 0;
if (left_over)
{
const uint8_t *in = src + n * 3;
uint8_t *out = dst + dst_length;
switch(left_over)
{
case 1:
*--out = '=';
*--out = ENCODE(in[0] << 4);
break;
case 2:
*--out = ENCODE( in[1] << 2);
*--out = ENCODE((in[0] << 4) | (in[1] >> 4));
break;
default:
abort();
}
*--out = ENCODE(in[0] >> 2);
done = 4;
}
base64_encode_raw(n, dst, src);
done += n * 4;
assert(done == dst_length);
static const char base64_encode_table[64] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789+/";
return done;
void
base64_encode_raw(char *dst, size_t length, const uint8_t *src)
{
encode_raw(base64_encode_table, dst, length, src);
}
#endif
void
base64_encode_group(uint8_t *dst, uint32_t group)
base64_encode_group(char *dst, uint32_t group)
{
*dst++ = ENCODE(group >> 18);
*dst++ = ENCODE(group >> 12);
*dst++ = ENCODE(group >> 6);
*dst++ = ENCODE(group);
*dst++ = ENCODE(base64_encode_table, (group >> 18));
*dst++ = ENCODE(base64_encode_table, (group >> 12));
*dst++ = ENCODE(base64_encode_table, (group >> 6));
*dst++ = ENCODE(base64_encode_table, group);
}
void
base64_encode_init(struct base64_encode_ctx *ctx)
{
ctx->word = ctx->bits = 0;
ctx->alphabet = base64_encode_table;
}
/* Encodes a single byte. */
unsigned
size_t
base64_encode_single(struct base64_encode_ctx *ctx,
uint8_t *dst,
char *dst,
uint8_t src)
{
unsigned done = 0;
......@@ -152,7 +123,7 @@ base64_encode_single(struct base64_encode_ctx *ctx,
while (bits >= 6)
{
bits -= 6;
dst[done++] = ENCODE(word >> bits);
dst[done++] = ENCODE(ctx->alphabet, (word >> bits));
}
ctx->bits = bits;
......@@ -165,16 +136,16 @@ base64_encode_single(struct base64_encode_ctx *ctx,
/* Returns the number of output characters. DST should point to an
* area of size at least BASE64_ENCODE_LENGTH(length). */
unsigned
size_t
base64_encode_update(struct base64_encode_ctx *ctx,
uint8_t *dst,
unsigned length,
char *dst,
size_t length,
const uint8_t *src)
{
unsigned done = 0;
unsigned left = length;
size_t done = 0;
size_t left = length;
unsigned left_over;
unsigned bulk;
size_t bulk;
while (ctx->bits && left)
{
......@@ -189,7 +160,7 @@ base64_encode_update(struct base64_encode_ctx *ctx,
{
assert(!(bulk % 3));
base64_encode_raw(dst + done, bulk, src);
encode_raw(ctx->alphabet, dst + done, bulk, src);
done += BASE64_ENCODE_RAW_LENGTH(bulk);
src += bulk;
left = left_over;
......@@ -208,16 +179,16 @@ base64_encode_update(struct base64_encode_ctx *ctx,
/* DST should point to an area of size at least
* BASE64_ENCODE_FINAL_SIZE */
unsigned
size_t
base64_encode_final(struct base64_encode_ctx *ctx,
uint8_t *dst)
char *dst)
{
unsigned done = 0;
unsigned bits = ctx->bits;
if (bits)
{
dst[done++] = ENCODE(ctx->word << (6 - ctx->bits));
dst[done++] = ENCODE(ctx->alphabet, (ctx->word << (6 - ctx->bits)));
for (; bits < 6; bits += 2)
dst[done++] = '=';
......
base64-meta.c
View file @ 99a9c929
/* base64-meta.c */
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Dan Egnor, Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
/* base64-meta.c
Copyright (C) 2002 Dan Egnor, Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
......@@ -29,14 +38,16 @@
#include "base64.h"
/* Same as the macros with the same name */
static unsigned
base64_encode_length(unsigned length)
static nettle_armor_length_func base64_encode_length;
static size_t
base64_encode_length(size_t length)
{
return BASE64_ENCODE_LENGTH(length);
}
static unsigned
base64_decode_length(unsigned length)
static nettle_armor_length_func base64_decode_length;
static size_t
base64_decode_length(size_t length)
{
return BASE64_DECODE_LENGTH(length);
}
......
base64.h
View file @ 99a9c929
/* base64.h
*
* "ASCII armor" codecs.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Mller, Dan Egnor
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
Base-64 encoding and decoding.
Copyright (C) 2002 Niels Möller, Dan Egnor
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_BASE64_H_INCLUDED
#define NETTLE_BASE64_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define base64_encode_init nettle_base64_encode_init
#define base64url_encode_init nettle_base64url_encode_init
#define base64_encode_single nettle_base64_encode_single
#define base64_encode_update nettle_base64_encode_update
#define base64_encode_final nettle_base64_encode_final
#define base64_encode_raw nettle_base64_encode_raw
#define base64_encode_group nettle_base64_encode_group
#define base64_decode_init nettle_base64_decode_init
#define base64url_decode_init nettle_base64url_decode_init
#define base64_decode_single nettle_base64_decode_single
#define base64_decode_update nettle_base64_decode_update
#define base64_decode_final nettle_base64_decode_final
......@@ -50,7 +64,7 @@
/* We have at most 4 buffered bits, and a total of (4 + length * 8) bits. */
#define BASE64_ENCODE_LENGTH(length) (((length) * 8 + 4)/6)
/* Maximum lengbth of output generated by base64_encode_final. */
/* Maximum length of output generated by base64_encode_final. */
#define BASE64_ENCODE_FINAL_LENGTH 3
/* Exact length of output generated by base64_encode_raw, including
......@@ -59,43 +73,51 @@
struct base64_encode_ctx
{
unsigned word; /* Leftover bits */
unsigned bits; /* Number of bits, always 0, 2, or 4. */
const char *alphabet; /* Alphabet to use for encoding */
unsigned short word; /* Leftover bits */
unsigned char bits; /* Number of bits, always 0, 2, or 4. */
};
/* Initialize encoding context for base-64 */
void
base64_encode_init(struct base64_encode_ctx *ctx);
/* Initialize encoding context for URL safe alphabet, RFC 4648. */
void
base64url_encode_init(struct base64_encode_ctx *ctx);
/* Encodes a single byte. Returns amount of output (always 1 or 2). */
unsigned
size_t
base64_encode_single(struct base64_encode_ctx *ctx,
uint8_t *dst,
char *dst,
uint8_t src);
/* Returns the number of output characters. DST should point to an
* area of size at least BASE64_ENCODE_LENGTH(length). */
unsigned
size_t
base64_encode_update(struct base64_encode_ctx *ctx,
uint8_t *dst,
unsigned length,
char *dst,
size_t length,
const uint8_t *src);
/* DST should point to an area of size at least
* BASE64_ENCODE_FINAL_LENGTH */
unsigned
size_t
base64_encode_final(struct base64_encode_ctx *ctx,
uint8_t *dst);
char *dst);
/* Lower level functions */
/* Encodes a string in one go, including any padding at the end.
* Generates exactly BASE64_ENCODE_RAW_LENGTH(length) bytes of output.
* Supports overlapped operation, if src <= dst. */
* Supports overlapped operation, if src <= dst. FIXME: Use of overlap
* is deprecated, if needed there should be a separate public fucntion
* to do that.*/
void
base64_encode_raw(uint8_t *dst, unsigned length, const uint8_t *src);
base64_encode_raw(char *dst, size_t length, const uint8_t *src);
void
base64_encode_group(uint8_t *dst, uint32_t group);
base64_encode_group(char *dst, uint32_t group);
/* Base64 decoding */
......@@ -106,40 +128,45 @@ base64_encode_group(uint8_t *dst, uint32_t group);
struct base64_decode_ctx
{
unsigned word; /* Leftover bits */
unsigned bits; /* Number buffered bits */
const signed char *table; /* Decoding table */
unsigned short word; /* Leftover bits */
unsigned char bits; /* Number buffered bits */
/* Number of padding characters encountered */
unsigned padding;
unsigned char padding;
};
/* Initialize decoding context for base-64 */
void
base64_decode_init(struct base64_decode_ctx *ctx);
/* Initialize encoding context for URL safe alphabet, RFC 4648. */
void
base64url_decode_init(struct base64_decode_ctx *ctx);
/* Decodes a single byte. Returns amount of output (0 or 1), or -1 on
* errors. */
int
base64_decode_single(struct base64_decode_ctx *ctx,
uint8_t *dst,
uint8_t src);
char src);
/* Returns 1 on success, 0 on error. DST should point to an area of
* size at least BASE64_DECODE_LENGTH(length), and for sanity
* checking, *DST_LENGTH should be initialized to the size of that
* area before the call. *DST_LENGTH is updated to the amount of
* decoded output. */
/* FIXME: Currently results in an assertion failure if *DST_LENGTH is
* too small. Return some error instead? */
* size at least BASE64_DECODE_LENGTH(length). The amount of data
* generated is returned in *DST_LENGTH. */
int
base64_decode_update(struct base64_decode_ctx *ctx,
unsigned *dst_length,
size_t *dst_length,
uint8_t *dst,
unsigned src_length,
const uint8_t *src);
size_t src_length,
const char *src);
/* Returns 1 on success. */
int
base64_decode_final(struct base64_decode_ctx *ctx);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_BASE64_H_INCLUDED */
base64url-decode.c 0 → 100644
View file @ 99a9c929
/* base64url-decode.c
Copyright (C) 2015 Amos Jeffries, Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "base64.h"
void
base64url_decode_init(struct base64_decode_ctx *ctx)
{
static const signed char base64url_decode_table[0x100] =
{
/* White space is HT, VT, FF, CR, LF and SPC */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -2, -2, -2, -2, -2, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-2, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1,
52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -3, -1, -1,
-1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, 63,
-1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
};
ctx->word = ctx->bits = ctx->padding = 0;
ctx->table = base64url_decode_table;
}
base64url-encode.c 0 → 100644
View file @ 99a9c929
/* base64url-encode.c
Copyright (C) 2015 Amos Jeffries, Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "base64.h"
void
base64url_encode_init(struct base64_encode_ctx *ctx)
{
static const char base64url_encode_table[64] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789-_";
ctx->word = ctx->bits = 0;
ctx->alphabet = base64url_encode_table;
}
base64url-meta.c 0 → 100644
View file @ 99a9c929
/* base64url-meta.c
Copyright (C) 2015 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "nettle-meta.h"
#include "base64.h"
/* Same as the macros with the same name */
static nettle_armor_length_func base64url_encode_length;
static size_t
base64url_encode_length(size_t length)
{
return BASE64_ENCODE_LENGTH(length);
}
static nettle_armor_length_func base64url_decode_length;
static size_t
base64url_decode_length(size_t length)
{
return BASE64_DECODE_LENGTH(length);
}
#define base64url_encode_ctx base64_encode_ctx
#define base64url_encode_update base64_encode_update
#define base64url_encode_final base64_encode_final
#define base64url_decode_ctx base64_decode_ctx
#define base64url_decode_update base64_decode_update
#define base64url_decode_final base64_decode_final
const struct nettle_armor nettle_base64url
= _NETTLE_ARMOR(base64url, BASE64);
bf_test.c deleted 100644 → 0
View file @ f89ae0f0
/* bf_test.c
*
* $Id$
* Test the blow fish implementation. */
#include "blowfish.h"
#include <stdio.h>
#include <stdlib.h>
int main (int argc UNUSED, char **argv UNUSED)
{
if (bf_selftest())
{
fprintf(stderr, "Blowfish works.\n");
return EXIT_SUCCESS;
}
else
{
fprintf(stderr, "ERROR: Blowfish failed.\n");
return EXIT_FAILURE;
}
}
bignum-random-prime.c 0 → 100644
View file @ 99a9c929
/* bignum-random-prime.c
Generation of random provable primes.
Copyright (C) 2010, 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#ifndef RANDOM_PRIME_VERBOSE
#define RANDOM_PRIME_VERBOSE 0
#endif
#include <assert.h>
#include <stdlib.h>
#if RANDOM_PRIME_VERBOSE
#include <stdio.h>
#define VERBOSE(x) (fputs((x), stderr))
#else
#define VERBOSE(x)
#endif
#include "bignum.h"
#include "hogweed-internal.h"
#include "macros.h"
/* Use a table of p_2 = 3 to p_{172} = 1021, used for sieving numbers
of up to 20 bits. */
#define NPRIMES 171
#define TRIAL_DIV_BITS 20
#define TRIAL_DIV_MASK ((1 << TRIAL_DIV_BITS) - 1)
/* A 20-bit number x is divisible by p iff
((x * inverse) & TRIAL_DIV_MASK) <= limit
*/
struct trial_div_info {
uint32_t inverse; /* p^{-1} (mod 2^20) */
uint32_t limit; /* floor( (2^20 - 1) / p) */
};
static const uint16_t
primes[NPRIMES] = {
3,5,7,11,13,17,19,23,
29,31,37,41,43,47,53,59,
61,67,71,73,79,83,89,97,
101,103,107,109,113,127,131,137,
139,149,151,157,163,167,173,179,
181,191,193,197,199,211,223,227,
229,233,239,241,251,257,263,269,
271,277,281,283,293,307,311,313,
317,331,337,347,349,353,359,367,
373,379,383,389,397,401,409,419,
421,431,433,439,443,449,457,461,
463,467,479,487,491,499,503,509,
521,523,541,547,557,563,569,571,
577,587,593,599,601,607,613,617,
619,631,641,643,647,653,659,661,
673,677,683,691,701,709,719,727,
733,739,743,751,757,761,769,773,
787,797,809,811,821,823,827,829,
839,853,857,859,863,877,881,883,
887,907,911,919,929,937,941,947,
953,967,971,977,983,991,997,1009,
1013,1019,1021,
};
static const uint32_t
prime_square[NPRIMES+1] = {
9,25,49,121,169,289,361,529,
841,961,1369,1681,1849,2209,2809,3481,
3721,4489,5041,5329,6241,6889,7921,9409,
10201,10609,11449,11881,12769,16129,17161,18769,
19321,22201,22801,24649,26569,27889,29929,32041,
32761,36481,37249,38809,39601,44521,49729,51529,
52441,54289,57121,58081,63001,66049,69169,72361,
73441,76729,78961,80089,85849,94249,96721,97969,
100489,109561,113569,120409,121801,124609,128881,134689,
139129,143641,146689,151321,157609,160801,167281,175561,
177241,185761,187489,192721,196249,201601,208849,212521,
214369,218089,229441,237169,241081,249001,253009,259081,
271441,273529,292681,299209,310249,316969,323761,326041,
332929,344569,351649,358801,361201,368449,375769,380689,
383161,398161,410881,413449,418609,426409,434281,436921,
452929,458329,466489,477481,491401,502681,516961,528529,
537289,546121,552049,564001,573049,579121,591361,597529,
619369,635209,654481,657721,674041,677329,683929,687241,
703921,727609,734449,737881,744769,769129,776161,779689,
786769,822649,829921,844561,863041,877969,885481,896809,
908209,935089,942841,954529,966289,982081,994009,1018081,
1026169,1038361,1042441,1L<<20
};
static const struct trial_div_info
trial_div_table[NPRIMES] = {
{699051,349525},{838861,209715},{748983,149796},{953251,95325},
{806597,80659},{61681,61680},{772635,55188},{866215,45590},
{180789,36157},{1014751,33825},{793517,28339},{1023001,25575},
{48771,24385},{870095,22310},{217629,19784},{710899,17772},
{825109,17189},{281707,15650},{502135,14768},{258553,14364},
{464559,13273},{934875,12633},{1001449,11781},{172961,10810},
{176493,10381},{203607,10180},{568387,9799},{788837,9619},
{770193,9279},{1032063,8256},{544299,8004},{619961,7653},
{550691,7543},{182973,7037},{229159,6944},{427445,6678},
{701195,6432},{370455,6278},{90917,6061},{175739,5857},
{585117,5793},{225087,5489},{298817,5433},{228877,5322},
{442615,5269},{546651,4969},{244511,4702},{83147,4619},
{769261,4578},{841561,4500},{732687,4387},{978961,4350},
{133683,4177},{65281,4080},{629943,3986},{374213,3898},
{708079,3869},{280125,3785},{641833,3731},{618771,3705},
{930477,3578},{778747,3415},{623751,3371},{40201,3350},
{122389,3307},{950371,3167},{1042353,3111},{18131,3021},
{285429,3004},{549537,2970},{166487,2920},{294287,2857},
{919261,2811},{636339,2766},{900735,2737},{118605,2695},
{10565,2641},{188273,2614},{115369,2563},{735755,2502},
{458285,2490},{914767,2432},{370513,2421},{1027079,2388},
{629619,2366},{462401,2335},{649337,2294},{316165,2274},
{484655,2264},{65115,2245},{326175,2189},{1016279,2153},
{990915,2135},{556859,2101},{462791,2084},{844629,2060},
{404537,2012},{457123,2004},{577589,1938},{638347,1916},
{892325,1882},{182523,1862},{1002505,1842},{624371,1836},
{69057,1817},{210787,1786},{558769,1768},{395623,1750},
{992745,1744},{317855,1727},{384877,1710},{372185,1699},
{105027,1693},{423751,1661},{408961,1635},{908331,1630},
{74551,1620},{36933,1605},{617371,1591},{506045,1586},
{24929,1558},{529709,1548},{1042435,1535},{31867,1517},
{166037,1495},{928781,1478},{508975,1458},{4327,1442},
{779637,1430},{742091,1418},{258263,1411},{879631,1396},
{72029,1385},{728905,1377},{589057,1363},{348621,1356},
{671515,1332},{710453,1315},{84249,1296},{959363,1292},
{685853,1277},{467591,1274},{646643,1267},{683029,1264},
{439927,1249},{254461,1229},{660713,1223},{554195,1220},
{202911,1215},{753253,1195},{941457,1190},{776635,1187},
{509511,1182},{986147,1156},{768879,1151},{699431,1140},
{696417,1128},{86169,1119},{808997,1114},{25467,1107},
{201353,1100},{708087,1084},{1018339,1079},{341297,1073},
{434151,1066},{96287,1058},{950765,1051},{298257,1039},
{675933,1035},{167731,1029},{815445,1027},
};
/* Element j gives the index of the first prime of size 3+j bits */
static uint8_t
prime_by_size[9] = {
1,3,5,10,17,30,53,96,171
};
/* Combined Miller-Rabin test to the base a, and checking the
conditions from Pocklington's theorem, nm1dq holds (n-1)/q, with q
prime. */
static int
miller_rabin_pocklington(mpz_t n, mpz_t nm1, mpz_t nm1dq, mpz_t a)
{
mpz_t r;
mpz_t y;
int is_prime = 0;
/* Avoid the mp_bitcnt_t type for compatibility with older GMP
versions. */
unsigned k;
unsigned j;
VERBOSE(".");
if (mpz_even_p(n) || mpz_cmp_ui(n, 3) < 0)
return 0;
mpz_init(r);
mpz_init(y);
k = mpz_scan1(nm1, 0);
assert(k > 0);
mpz_fdiv_q_2exp (r, nm1, k);
mpz_powm(y, a, r, n);
if (mpz_cmp_ui(y, 1) == 0 || mpz_cmp(y, nm1) == 0)
goto passed_miller_rabin;
for (j = 1; j < k; j++)
{
mpz_powm_ui (y, y, 2, n);
if (mpz_cmp_ui (y, 1) == 0)
break;
if (mpz_cmp (y, nm1) == 0)
{
passed_miller_rabin:
/* We know that a^{n-1} = 1 (mod n)
Remains to check that gcd(a^{(n-1)/q} - 1, n) == 1 */
VERBOSE("x");
mpz_powm(y, a, nm1dq, n);
mpz_sub_ui(y, y, 1);
mpz_gcd(y, y, n);
is_prime = mpz_cmp_ui (y, 1) == 0;
VERBOSE(is_prime ? "\n" : "");
break;
}
}
mpz_clear(r);
mpz_clear(y);
return is_prime;
}
/* The most basic variant of Pocklingtons theorem:
Assume that q^e | (n-1), with q prime. If we can find an a such that
a^{n-1} = 1 (mod n)
gcd(a^{(n-1)/q} - 1, n) = 1
then any prime divisor p of n satisfies p = 1 (mod q^e).
Proof (Cohen, 8.3.2): Assume p is a prime factor of n. The central
idea of the proof is to consider the order, modulo p, of a. Denote
this by d.
a^{n-1} = 1 (mod n) implies a^{n-1} = 1 (mod p), hence d | (n-1).
Next, the condition gcd(a^{(n-1)/q} - 1, n) = 1 implies that
a^{(n-1)/q} != 1, hence d does not divide (n-1)/q. Since q is
prime, this means that q^e | d.
Finally, we have a^{p-1} = 1 (mod p), hence d | (p-1). So q^e | d |
(p-1), which gives the desired result: p = 1 (mod q^e).
* Variant, slightly stronger than Fact 4.59, HAC:
Assume n = 1 + 2rq, q an odd prime, r <= 2q, and
a^{n-1} = 1 (mod n)
gcd(a^{(n-1)/q} - 1, n) = 1
Then n is prime.
Proof: By Pocklington's theorem, any prime factor p satisfies p = 1
(mod q). Neither 1 or q+1 are primes, hence p >= 1 + 2q. If n is
composite, we have n >= (1+2q)^2. But the assumption r <= 2q
implies n <= 1 + 4q^2, a contradiction.
In bits, the requirement is that #n <= 2 #q, then
r = (n-1)/2q < 2^{#n - #q} <= 2^#q = 2 2^{#q-1}< 2 q
* Another variant with an extra test (Variant of Fact 4.42, HAC):
Assume n = 1 + 2rq, n odd, q an odd prime, 8 q^3 >= n
a^{n-1} = 1 (mod n)
gcd(a^{(n-1)/q} - 1, n) = 1
Also let x = floor(r / 2q), y = r mod 2q,
If y^2 - 4x is not a square, then n is prime.
Proof (adapted from Maurer, Journal of Cryptology, 8 (1995)):
Assume n is composite. There are at most two factors, both odd,
n = (1+2m_1 q)(1+2m_2 q) = 1 + 4 m_1 m_2 q^2 + 2 (m_1 + m_2) q
where we can assume m_1 >= m_2. Then the bound n <= 8 q^3 implies m_1
m_2 < 2q, restricting (m_1, m_2) to the domain 0 < m_2 <
sqrt(2q), 0 < m_1 < 2q / m_2.
We have the bound
m_1 + m_2 < 2q / m_2 + m_2 <= 2q + 1 (maximum value for m_2 = 1)
And the case m_1 = 2q, m_2 = 1 can be excluded, because it gives n
> 8q^3. So in fact, m_1 + m_2 < 2q.
Next, write r = (n-1)/2q = 2 m_1 m_2 q + m_1 + m_2.
If follows that m_1 + m_2 = y and m_1 m_2 = x. m_1 and m_2 are
thus the roots of the equation
m^2 - y m + x = 0
which has integer roots iff y^2 - 4 x is the square of an integer.
In bits, the requirement is that #n <= 3 #q, then
n < 2^#n <= 2^{3 #q} = 8 2^{3 (#q-1)} < 8 q^3
*/
/* Generate a prime number p of size bits with 2 p0q dividing (p-1).
p0 must be of size >= ceil(bits/3). The extra factor q can be
omitted (then p0 and p0q should be equal). If top_bits_set is one,
the topmost two bits are set to one, suitable for RSA primes. Also
returns r = (p-1)/p0q. */
void
_nettle_generate_pocklington_prime (mpz_t p, mpz_t r,
unsigned bits, int top_bits_set,
void *ctx, nettle_random_func *random,
const mpz_t p0,
const mpz_t q,
const mpz_t p0q)
{
mpz_t r_min, r_range, pm1, a, e;
int need_square_test;
unsigned p0_bits;
mpz_t x, y, p04;
p0_bits = mpz_sizeinbase (p0, 2);
assert (bits <= 3*p0_bits);
assert (bits > p0_bits);
need_square_test = (bits > 2 * p0_bits);
mpz_init (r_min);
mpz_init (r_range);
mpz_init (pm1);
mpz_init (a);
if (need_square_test)
{
mpz_init (x);
mpz_init (y);
mpz_init (p04);
mpz_mul_2exp (p04, p0, 2);
}
if (q)
mpz_init (e);
if (top_bits_set)
{
/* i = floor (2^{bits-3} / p0q), then 3I + 3 <= r <= 4I, with I
- 2 possible values. */
mpz_set_ui (r_min, 1);
mpz_mul_2exp (r_min, r_min, bits-3);
mpz_fdiv_q (r_min, r_min, p0q);
mpz_sub_ui (r_range, r_min, 2);
mpz_mul_ui (r_min, r_min, 3);
mpz_add_ui (r_min, r_min, 3);
}
else
{
/* i = floor (2^{bits-2} / p0q), I + 1 <= r <= 2I */
mpz_set_ui (r_range, 1);
mpz_mul_2exp (r_range, r_range, bits-2);
mpz_fdiv_q (r_range, r_range, p0q);
mpz_add_ui (r_min, r_range, 1);
}
for (;;)
{
uint8_t buf[1];
nettle_mpz_random (r, ctx, random, r_range);
mpz_add (r, r, r_min);
/* Set p = 2*r*p0q + 1 */
mpz_mul_2exp(r, r, 1);
mpz_mul (pm1, r, p0q);
mpz_add_ui (p, pm1, 1);
assert(mpz_sizeinbase(p, 2) == bits);
/* Should use GMP trial division interface when that
materializes, we don't need any testing beyond trial
division. */
if (!mpz_probab_prime_p (p, 1))
continue;
random(ctx, sizeof(buf), buf);
mpz_set_ui (a, buf[0] + 2);
if (q)
{
mpz_mul (e, r, q);
if (!miller_rabin_pocklington(p, pm1, e, a))
continue;
if (need_square_test)
{
/* Our e corresponds to 2r in the theorem */
mpz_tdiv_qr (x, y, e, p04);
goto square_test;
}
}
else
{
if (!miller_rabin_pocklington(p, pm1, r, a))
continue;
if (need_square_test)
{
mpz_tdiv_qr (x, y, r, p04);
square_test:
/* We have r' = 2r, x = floor (r/2q) = floor(r'/2q),
and y' = r' - x 4q = 2 (r - x 2q) = 2y.
Then y^2 - 4x is a square iff y'^2 - 16 x is a
square. */
mpz_mul (y, y, y);
mpz_submul_ui (y, x, 16);
if (mpz_perfect_square_p (y))
continue;
}
}
/* If we passed all the tests, we have found a prime. */
break;
}
mpz_clear (r_min);
mpz_clear (r_range);
mpz_clear (pm1);
mpz_clear (a);
if (need_square_test)
{
mpz_clear (x);
mpz_clear (y);
mpz_clear (p04);
}
if (q)
mpz_clear (e);
}
/* Generate random prime of a given size. Maurer's algorithm (Alg.
6.42 Handbook of applied cryptography), but with ratio = 1/2 (like
the variant in fips186-3). */
void
nettle_random_prime(mpz_t p, unsigned bits, int top_bits_set,
void *random_ctx, nettle_random_func *random,
void *progress_ctx, nettle_progress_func *progress)
{
assert (bits >= 3);
if (bits <= 10)
{
unsigned first;
unsigned choices;
uint8_t buf;
assert (!top_bits_set);
random (random_ctx, sizeof(buf), &buf);
first = prime_by_size[bits-3];
choices = prime_by_size[bits-2] - first;
mpz_set_ui (p, primes[first + buf % choices]);
}
else if (bits <= 20)
{
unsigned long highbit;
uint8_t buf[3];
unsigned long x;
unsigned j;
assert (!top_bits_set);
highbit = 1L << (bits - 1);
again:
random (random_ctx, sizeof(buf), buf);
x = READ_UINT24(buf);
x &= (highbit - 1);
x |= highbit | 1;
for (j = 0; prime_square[j] <= x; j++)
{
unsigned q = x * trial_div_table[j].inverse & TRIAL_DIV_MASK;
if (q <= trial_div_table[j].limit)
goto again;
}
mpz_set_ui (p, x);
}
else
{
mpz_t q, r;
mpz_init (q);
mpz_init (r);
/* Bit size ceil(k/2) + 1, slightly larger than used in Alg. 4.62
in Handbook of Applied Cryptography (which seems to be
incorrect for odd k). */
nettle_random_prime (q, (bits+3)/2, 0, random_ctx, random,
progress_ctx, progress);
_nettle_generate_pocklington_prime (p, r, bits, top_bits_set,
random_ctx, random,
q, NULL, q);
if (progress)
progress (progress_ctx, 'x');
mpz_clear (q);
mpz_clear (r);
}
}
bignum-random.c
View file @ 99a9c929
/* bignum-random.c
*
* Generating big random numbers
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
Generating big random numbers
Copyright (C) 2002, 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#if HAVE_LIBGMP
#include <stdlib.h>
#include "bignum.h"
#include "nettle-internal.h"
#include "gmp-glue.h"
void
nettle_mpz_random_size(mpz_t x,
void *ctx, nettle_random_func random,
void *ctx, nettle_random_func *random,
unsigned bits)
{
unsigned length = (bits + 7) / 8;
TMP_DECL(data, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
TMP_ALLOC(data, length);
TMP_GMP_DECL(data, uint8_t);
random(ctx, length, data);
TMP_GMP_ALLOC(data, length);
random(ctx, length, data);
nettle_mpz_set_str_256_u(x, length, data);
if (bits % 8)
mpz_fdiv_r_2exp(x, x, bits);
TMP_GMP_FREE(data);
}
/* Returns a random number x, 0 <= x < n */
void
nettle_mpz_random(mpz_t x,
void *ctx, nettle_random_func random,
void *ctx, nettle_random_func *random,
const mpz_t n)
{
/* FIXME: This leaves some bias, which may be bad for DSA. A better
* way might to generate a random number of mpz_sizeinbase(n, 2)
/* NOTE: This leaves some bias, which may be bad for DSA. A better
* way might be to generate a random number of mpz_sizeinbase(n, 2)
* bits, and loop until one smaller than n is found. */
/* From Daniel Bleichenbacher (via coderpunks):
......@@ -77,13 +85,12 @@ nettle_mpz_random(mpz_t x,
*/
/* Add a few bits extra, to decrease the bias from the final modulo
* operation. */
* operation. NIST FIPS 186-3 specifies 64 extra bits, for use with
* DSA. */
nettle_mpz_random_size(x,
ctx, random,
mpz_sizeinbase(n, 2) + 16);
mpz_sizeinbase(n, 2) + 64);
mpz_fdiv_r(x, x, n);
}
#endif /* HAVE_LIBGMP */
bignum.c
View file @ 99a9c929
/* bignum.c
*
* bignum operations that are missing from gmp.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
Bignum operations that are missing from gmp.
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#if HAVE_LIBGMP
#include <assert.h>
#include <string.h>
......@@ -48,7 +54,7 @@
*/
/* Including extra sign bit, if needed. Also one byte for zero. */
unsigned
size_t
nettle_mpz_sizeinbase_256_s(const mpz_t x)
{
if (mpz_sgn(x) >= 0)
......@@ -56,7 +62,7 @@ nettle_mpz_sizeinbase_256_s(const mpz_t x)
else
{
/* We'll output ~~x, so we need as many bits as for ~x */
unsigned size;
size_t size;
mpz_t c;
mpz_init(c);
......@@ -68,24 +74,24 @@ nettle_mpz_sizeinbase_256_s(const mpz_t x)
}
}
unsigned
size_t
nettle_mpz_sizeinbase_256_u(const mpz_t x)
{
return (mpz_sizeinbase(x,2) + 7) / 8;
}
static void
nettle_mpz_to_octets(unsigned length, uint8_t *s,
nettle_mpz_to_octets(size_t length, uint8_t *s,
const mpz_t x, uint8_t sign)
{
uint8_t *dst = s + length - 1;
unsigned size = mpz_size(x);
unsigned i;
size_t size = mpz_size(x);
size_t i;
for (i = 0; i<size; i++)
{
mp_limb_t limb = mpz_getlimbn(x, i);
unsigned j;
size_t j;
for (j = 0; length && j < sizeof(mp_limb_t); j++)
{
......@@ -100,7 +106,7 @@ nettle_mpz_to_octets(unsigned length, uint8_t *s,
}
void
nettle_mpz_get_str_256(unsigned length, uint8_t *s, const mpz_t x)
nettle_mpz_get_str_256(size_t length, uint8_t *s, const mpz_t x)
{
if (!length)
{
......@@ -120,9 +126,6 @@ nettle_mpz_get_str_256(unsigned length, uint8_t *s, const mpz_t x)
mpz_init(c);
mpz_com(c, x);
/* FIXME: A different trick is to complement all the limbs of c
* now. That way, nettle_mpz_to_octets need not complement each
* digit. */
assert(nettle_mpz_sizeinbase_256_u(c) <= length);
nettle_mpz_to_octets(length, s, c, 0xff);
......@@ -131,65 +134,53 @@ nettle_mpz_get_str_256(unsigned length, uint8_t *s, const mpz_t x)
}
/* Converting from strings */
static void
nettle_mpz_from_octets(mpz_t x,
unsigned length, const uint8_t *s,
uint8_t sign)
{
unsigned i;
mpz_t digit;
mpz_init(digit);
for (i = 0; i < length; i++)
{
mpz_set_ui(digit, sign ^ s[i]);
mpz_mul_2exp(digit, digit, (length - i - 1) * 8);
mpz_ior(x, x, digit);
}
mpz_clear(digit);
}
/* mpz_import was introduced in GMP-4.1 */
#define nettle_mpz_from_octets(x, length, s) \
mpz_import((x), (length), 1, 1, 0, 0, (s))
void
nettle_mpz_set_str_256_u(mpz_t x,
unsigned length, const uint8_t *s)
size_t length, const uint8_t *s)
{
mpz_set_ui(x, 0);
nettle_mpz_from_octets(x, length, s, 0);
nettle_mpz_from_octets(x, length, s);
}
void
nettle_mpz_init_set_str_256_u(mpz_t x,
unsigned length, const uint8_t *s)
size_t length, const uint8_t *s)
{
mpz_init_set_ui(x, 0);
nettle_mpz_from_octets(x, length, s, 0);
mpz_init(x);
nettle_mpz_from_octets(x, length, s);
}
void
nettle_mpz_set_str_256_s(mpz_t x,
unsigned length, const uint8_t *s)
size_t length, const uint8_t *s)
{
mpz_set_ui(x, 0);
if (!length)
return;
{
mpz_set_ui(x, 0);
return;
}
nettle_mpz_from_octets(x, length, s);
if (s[0] & 0x80)
{
nettle_mpz_from_octets(x, length, s, 0xff);
mpz_com(x, x);
mpz_t t;
mpz_init_set_ui(t, 1);
mpz_mul_2exp(t, t, length*8);
mpz_sub(x, x, t);
mpz_clear(t);
}
else
nettle_mpz_from_octets(x, length, s, 0);
}
void
nettle_mpz_init_set_str_256_s(mpz_t x,
unsigned length, const uint8_t *s)
size_t length, const uint8_t *s)
{
mpz_init(x);
nettle_mpz_set_str_256_s(x, length, s);
}
#endif /* HAVE_LIBGMP */
bignum.h
View file @ 99a9c929
/* bignum.h
*
* bignum operations that are missing from gmp.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
Bignum operations that are missing from gmp.
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_BIGNUM_H_INCLUDED
#define NETTLE_BIGNUM_H_INCLUDED
#include "nettle-meta.h"
#include <gmp.h>
#include "nettle-types.h"
/* For NETTLE_USE_MINI_GMP */
#include "version.h"
#if NETTLE_USE_MINI_GMP
# include "mini-gmp.h"
# define GMP_NUMB_MASK (~(mp_limb_t) 0)
/* Side-channel silent powm not available in mini-gmp. */
# define mpz_powm_sec mpz_powm
#else
# include <gmp.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* Size needed for signed encoding, including extra sign byte if
* necessary. */
unsigned
size_t
nettle_mpz_sizeinbase_256_s(const mpz_t x);
/* Size needed for unsigned encoding */
unsigned
size_t
nettle_mpz_sizeinbase_256_u(const mpz_t x);
/* Writes an integer as length octets, using big endian byte order,
* and two's complement for negative numbers. */
/* FIXME: Change order of arguments, putting the mpz_t first? */
void
nettle_mpz_get_str_256(unsigned length, uint8_t *s, const mpz_t x);
nettle_mpz_get_str_256(size_t length, uint8_t *s, const mpz_t x);
/* Reads a big endian, two's complement, integer. */
void
nettle_mpz_set_str_256_s(mpz_t x,
unsigned length, const uint8_t *s);
size_t length, const uint8_t *s);
void
nettle_mpz_init_set_str_256_s(mpz_t x,
unsigned length, const uint8_t *s);
size_t length, const uint8_t *s);
/* Similar, but for unsigned format. These function don't interpret
* the most significant bit as the sign. */
void
nettle_mpz_set_str_256_u(mpz_t x,
unsigned length, const uint8_t *s);
size_t length, const uint8_t *s);
void
nettle_mpz_init_set_str_256_u(mpz_t x,
unsigned length, const uint8_t *s);
size_t length, const uint8_t *s);
/* Returns a uniformly distributed random number 0 <= x < 2^n */
void
nettle_mpz_random_size(mpz_t x,
void *ctx, nettle_random_func random,
void *ctx, nettle_random_func *random,
unsigned bits);
/* Returns a number x, almost uniformly random in the range
* 0 <= x < n. */
void
nettle_mpz_random(mpz_t x,
void *ctx, nettle_random_func random,
void *ctx, nettle_random_func *random,
const mpz_t n);
void
nettle_random_prime(mpz_t p, unsigned bits, int top_bits_set,
void *ctx, nettle_random_func *random,
void *progress_ctx, nettle_progress_func *progress);
/* sexp parsing */
struct sexp_iterator;
/* If LIMIT is non-zero, the number must be at most LIMIT bits.
......@@ -85,4 +114,16 @@ struct sexp_iterator;
int
nettle_mpz_set_sexp(mpz_t x, unsigned limit, struct sexp_iterator *i);
/* der parsing */
struct asn1_der_iterator;
int
nettle_asn1_der_get_bignum(struct asn1_der_iterator *iterator,
mpz_t x, unsigned max_bits);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_BIGNUM_H_INCLUDED */