Mercurial > dropbear

diff dss.c @ 640:76097ec1a29a dropbear-tfm

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- Bring in original tomsfastmath patch against 0.52 from Peter Turczak in 2008
author Matt Johnston <matt@ucc.asn.au>
date Mon, 21 Nov 2011 19:19:57 +0800
parents a124aff0cbf1
children 2b1bb792cd4d
line wrap: on
line diff
--- a/dss.c	Wed Nov 12 13:13:00 2008 +0000
+++ b/dss.c	Mon Nov 21 19:19:57 2011 +0800
@@ -47,23 +47,26 @@
 
 	TRACE(("enter buf_get_dss_pub_key"))
 	dropbear_assert(key != NULL);
-	key->p = m_malloc(sizeof(mp_int));
-	key->q = m_malloc(sizeof(mp_int));
-	key->g = m_malloc(sizeof(mp_int));
-	key->y = m_malloc(sizeof(mp_int));
-	m_mp_init_multi(key->p, key->q, key->g, key->y, NULL);
+	key->p = m_malloc(sizeof(fp_int));
+	key->q = m_malloc(sizeof(fp_int));
+	key->g = m_malloc(sizeof(fp_int));
+	key->y = m_malloc(sizeof(fp_int));
+	fp_init(key->p);
+	fp_init(key->q);
+	fp_init(key->g);
+	fp_init(key->y);
 	key->x = NULL;
 
 	buf_incrpos(buf, 4+SSH_SIGNKEY_DSS_LEN); /* int + "ssh-dss" */
-	if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE
-	 || buf_getmpint(buf, key->q) == DROPBEAR_FAILURE
-	 || buf_getmpint(buf, key->g) == DROPBEAR_FAILURE
-	 || buf_getmpint(buf, key->y) == DROPBEAR_FAILURE) {
-		TRACE(("leave buf_get_dss_pub_key: failed reading mpints"))
+	if (buf_getfpint(buf, key->p) == DROPBEAR_FAILURE
+	 || buf_getfpint(buf, key->q) == DROPBEAR_FAILURE
+	 || buf_getfpint(buf, key->g) == DROPBEAR_FAILURE
+	 || buf_getfpint(buf, key->y) == DROPBEAR_FAILURE) {
+		TRACE(("leave buf_get_dss_pub_key: failed reading fpints"))
 		return DROPBEAR_FAILURE;
 	}
 
-	if (mp_count_bits(key->p) < MIN_DSS_KEYLEN) {
+	if (fp_count_bits(key->p) < MIN_DSS_KEYLEN) {
 		dropbear_log(LOG_WARNING, "DSS key too short");
 		TRACE(("leave buf_get_dss_pub_key: short key"))
 		return DROPBEAR_FAILURE;
@@ -87,9 +90,9 @@
 		return DROPBEAR_FAILURE;
 	}
 
-	key->x = m_malloc(sizeof(mp_int));
-	m_mp_init(key->x);
-	ret = buf_getmpint(buf, key->x);
+	key->x = m_malloc(sizeof(fp_int));
+	m_fp_init(key->x);
+	ret = buf_getfpint(buf, key->x);
 	if (ret == DROPBEAR_FAILURE) {
 		m_free(key->x);
 	}
@@ -107,23 +110,23 @@
 		return;
 	}
 	if (key->p) {
-		mp_clear(key->p);
+		fp_zero(key->p);
 		m_free(key->p);
 	}
 	if (key->q) {
-		mp_clear(key->q);
+		fp_zero(key->q);
 		m_free(key->q);
 	}
 	if (key->g) {
-		mp_clear(key->g);
+		fp_zero(key->g);
 		m_free(key->g);
 	}
 	if (key->y) {
-		mp_clear(key->y);
+		fp_zero(key->y);
 		m_free(key->y);
 	}
 	if (key->x) {
-		mp_clear(key->x);
+		fp_zero(key->x);
 		m_free(key->x);
 	}
 	m_free(key);
@@ -133,19 +136,19 @@
 /* put the dss public key into the buffer in the required format:
  *
  * string	"ssh-dss"
- * mpint	p
- * mpint	q
- * mpint	g
- * mpint	y
+ * fpint	p
+ * fpint	q
+ * fpint	g
+ * fpint	y
  */
 void buf_put_dss_pub_key(buffer* buf, dss_key *key) {
 
 	dropbear_assert(key != NULL);
 	buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
-	buf_putmpint(buf, key->p);
-	buf_putmpint(buf, key->q);
-	buf_putmpint(buf, key->g);
-	buf_putmpint(buf, key->y);
+	buf_putfpint(buf, key->p);
+	buf_putfpint(buf, key->q);
+	buf_putfpint(buf, key->g);
+	buf_putfpint(buf, key->y);
 
 }
 
@@ -154,7 +157,7 @@
 
 	dropbear_assert(key != NULL);
 	buf_put_dss_pub_key(buf, key);
-	buf_putmpint(buf, key->x);
+	buf_putfpint(buf, key->x);
 
 }
 
@@ -167,17 +170,20 @@
 	unsigned char msghash[SHA1_HASH_SIZE];
 	hash_state hs;
 	int ret = DROPBEAR_FAILURE;
-	DEF_MP_INT(val1);
-	DEF_MP_INT(val2);
-	DEF_MP_INT(val3);
-	DEF_MP_INT(val4);
+	DEF_FP_INT(val1);
+	DEF_FP_INT(val2);
+	DEF_FP_INT(val3);
+	DEF_FP_INT(val4);
 	char * string = NULL;
 	int stringlen;
 
 	TRACE(("enter buf_dss_verify"))
 	dropbear_assert(key != NULL);
 
-	m_mp_init_multi(&val1, &val2, &val3, &val4, NULL);
+	fp_init(&val1);
+	fp_init(&val2);
+	fp_init(&val3);
+	fp_init(&val4);
 
 	/* get blob, check length */
 	string = buf_getstring(buf, &stringlen);
@@ -193,64 +199,64 @@
 	/* create the signature - s' and r' are the received signatures in buf */
 	/* w = (s')-1 mod q */
 	/* let val1 = s' */
-	bytes_to_mp(&val1, &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE);
+	bytes_to_fp(&val1, &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE);
 
-	if (mp_cmp(&val1, key->q) != MP_LT) {
+	if (fp_cmp(&val1, key->q) != FP_LT) {
 		TRACE(("verify failed, s' >= q"))
 		goto out;
 	}
 	/* let val2 = w = (s')^-1 mod q*/
-	if (mp_invmod(&val1, key->q, &val2) != MP_OKAY) {
+	if (fp_invmod(&val1, key->q, &val2) != FP_OKAY) {
 		goto out;
 	}
 
 	/* u1 = ((SHA(M')w) mod q */
 	/* let val1 = SHA(M') = msghash */
-	bytes_to_mp(&val1, msghash, SHA1_HASH_SIZE);
+	bytes_to_fp(&val1, msghash, SHA1_HASH_SIZE);
 
 	/* let val3 = u1 = ((SHA(M')w) mod q */
-	if (mp_mulmod(&val1, &val2, key->q, &val3) != MP_OKAY) {
+	if (fp_mulmod(&val1, &val2, key->q, &val3) != FP_OKAY) {
 		goto out;
 	}
 
 	/* u2 = ((r')w) mod q */
 	/* let val1 = r' */
-	bytes_to_mp(&val1, &string[0], SHA1_HASH_SIZE);
-	if (mp_cmp(&val1, key->q) != MP_LT) {
+	bytes_to_fp(&val1, &string[0], SHA1_HASH_SIZE);
+	if (fp_cmp(&val1, key->q) != FP_LT) {
 		TRACE(("verify failed, r' >= q"))
 		goto out;
 	}
 	/* let val4 = u2 = ((r')w) mod q */
-	if (mp_mulmod(&val1, &val2, key->q, &val4) != MP_OKAY) {
+	if (fp_mulmod(&val1, &val2, key->q, &val4) != FP_OKAY) {
 		goto out;
 	}
 
 	/* v = (((g)^u1 (y)^u2) mod p) mod q */
 	/* val2 = g^u1 mod p */
-	if (mp_exptmod(key->g, &val3, key->p, &val2) != MP_OKAY) {
+	if (fp_exptmod(key->g, &val3, key->p, &val2) != FP_OKAY) {
 		goto out;
 	}
 	/* val3 = y^u2 mod p */
-	if (mp_exptmod(key->y, &val4, key->p, &val3) != MP_OKAY) {
+	if (fp_exptmod(key->y, &val4, key->p, &val3) != FP_OKAY) {
 		goto out;
 	}
 	/* val4 = ((g)^u1 (y)^u2) mod p */
-	if (mp_mulmod(&val2, &val3, key->p, &val4) != MP_OKAY) {
+	if (fp_mulmod(&val2, &val3, key->p, &val4) != FP_OKAY) {
 		goto out;
 	}
 	/* val2 = v = (((g)^u1 (y)^u2) mod p) mod q */
-	if (mp_mod(&val4, key->q, &val2) != MP_OKAY) {
+	if (fp_mod(&val4, key->q, &val2) != FP_OKAY) {
 		goto out;
 	}
 	
 	/* check whether signatures verify */
-	if (mp_cmp(&val2, &val1) == MP_EQ) {
+	if (fp_cmp(&val2, &val1) == FP_EQ) {
 		/* good sig */
 		ret = DROPBEAR_SUCCESS;
 	}
 
 out:
-	mp_clear_multi(&val1, &val2, &val3, &val4, NULL);
+	m_fp_zero_multi(&val1, &val2, &val3, &val4, NULL);
 	m_free(string);
 
 	return ret;
@@ -262,16 +268,14 @@
 /* convert an unsigned mp into an array of bytes, malloced.
  * This array must be freed after use, len contains the length of the array,
  * if len != NULL */
-static unsigned char* mptobytes(mp_int *mp, int *len) {
+static unsigned char* fptobytes(fp_int *mp, int *len) {
 	
 	unsigned char* ret;
 	int size;
 
-	size = mp_unsigned_bin_size(mp);
+	size = fp_unsigned_bin_size(mp);
 	ret = m_malloc(size);
-	if (mp_to_unsigned_bin(mp, ret) != MP_OKAY) {
-		dropbear_exit("mem alloc error");
-	}
+	fp_to_unsigned_bin(mp, ret);
 	if (len != NULL) {
 		*len = size;
 	}
@@ -302,14 +306,14 @@
 	unsigned char privkeyhash[SHA512_HASH_SIZE];
 	unsigned char *privkeytmp;
 	unsigned char proto_k[SHA512_HASH_SIZE];
-	DEF_MP_INT(dss_protok);
+	DEF_FP_INT(dss_protok);
 #endif
-	DEF_MP_INT(dss_k);
-	DEF_MP_INT(dss_m);
-	DEF_MP_INT(dss_temp1);
-	DEF_MP_INT(dss_temp2);
-	DEF_MP_INT(dss_r);
-	DEF_MP_INT(dss_s);
+	DEF_FP_INT(dss_k);
+	DEF_FP_INT(dss_m);
+	DEF_FP_INT(dss_temp1);
+	DEF_FP_INT(dss_temp2);
+	DEF_FP_INT(dss_r);
+	DEF_FP_INT(dss_s);
 	hash_state hs;
 	
 	TRACE(("enter buf_put_dss_sign"))
@@ -320,11 +324,11 @@
 	sha1_process(&hs, data, len);
 	sha1_done(&hs, msghash);
 
-	m_mp_init_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
+	m_fp_init_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
 			&dss_m, NULL);
 #ifdef DSS_PROTOK	
 	/* hash the privkey */
-	privkeytmp = mptobytes(key->x, &i);
+	privkeytmp = fptobytes(key->x, &i);
 	sha512_init(&hs);
 	sha512_process(&hs, "the quick brown fox jumped over the lazy dog", 44);
 	sha512_process(&hs, privkeytmp, i);
@@ -339,78 +343,72 @@
 	sha512_done(&hs, proto_k);
 
 	/* generate k */
-	m_mp_init(&dss_protok);
-	bytes_to_mp(&dss_protok, proto_k, SHA512_HASH_SIZE);
-	if (mp_mod(&dss_protok, key->q, &dss_k) != MP_OKAY) {
+	m_fp_init(&dss_protok);
+	bytes_to_fp(&dss_protok, proto_k, SHA512_HASH_SIZE);
+	if (fp_mod(&dss_protok, key->q, &dss_k) != FP_OKAY) {
 		dropbear_exit("dss error");
 	}
-	mp_clear(&dss_protok);
+	m_fp_zero(&dss_protok);
 	m_burn(proto_k, SHA512_HASH_SIZE);
 #else /* DSS_PROTOK not defined*/
-	gen_random_mpint(key->q, &dss_k);
+	gen_random_fpint(key->q, &dss_k);
 #endif
 
 	/* now generate the actual signature */
-	bytes_to_mp(&dss_m, msghash, SHA1_HASH_SIZE);
+	bytes_to_fp(&dss_m, msghash, SHA1_HASH_SIZE);
 
 	/* g^k mod p */
-	if (mp_exptmod(key->g, &dss_k, key->p, &dss_temp1) !=  MP_OKAY) {
+	if (fp_exptmod(key->g, &dss_k, key->p, &dss_temp1) !=  FP_OKAY) {
 		dropbear_exit("dss error");
 	}
 	/* r = (g^k mod p) mod q */
-	if (mp_mod(&dss_temp1, key->q, &dss_r) != MP_OKAY) {
+	if (fp_mod(&dss_temp1, key->q, &dss_r) != FP_OKAY) {
 		dropbear_exit("dss error");
 	}
 
 	/* x*r mod q */
-	if (mp_mulmod(&dss_r, key->x, key->q, &dss_temp1) != MP_OKAY) {
+	if (fp_mulmod(&dss_r, key->x, key->q, &dss_temp1) != FP_OKAY) {
 		dropbear_exit("dss error");
 	}
 	/* (SHA1(M) + xr) mod q) */
-	if (mp_addmod(&dss_m, &dss_temp1, key->q, &dss_temp2) != MP_OKAY) {
+	if (fp_addmod(&dss_m, &dss_temp1, key->q, &dss_temp2) != FP_OKAY) {
 		dropbear_exit("dss error");
 	}
 	
 	/* (k^-1) mod q */
-	if (mp_invmod(&dss_k, key->q, &dss_temp1) != MP_OKAY) {
+	if (fp_invmod(&dss_k, key->q, &dss_temp1) != FP_OKAY) {
 		dropbear_exit("dss error");
 	}
 
 	/* s = (k^-1(SHA1(M) + xr)) mod q */
-	if (mp_mulmod(&dss_temp1, &dss_temp2, key->q, &dss_s) != MP_OKAY) {
+	if (fp_mulmod(&dss_temp1, &dss_temp2, key->q, &dss_s) != FP_OKAY) {
 		dropbear_exit("dss error");
 	}
 
 	buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
 	buf_putint(buf, 2*SHA1_HASH_SIZE);
 
-	writelen = mp_unsigned_bin_size(&dss_r);
+	writelen = fp_unsigned_bin_size(&dss_r);
 	dropbear_assert(writelen <= SHA1_HASH_SIZE);
 	/* need to pad to 160 bits with leading zeros */
 	for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) {
 		buf_putbyte(buf, 0);
 	}
-	if (mp_to_unsigned_bin(&dss_r, buf_getwriteptr(buf, writelen)) 
-			!= MP_OKAY) {
-		dropbear_exit("dss error");
-	}
-	mp_clear(&dss_r);
+	fp_to_unsigned_bin(&dss_r, buf_getwriteptr(buf, writelen));
+	fp_zero(&dss_r);
 	buf_incrwritepos(buf, writelen);
 
-	writelen = mp_unsigned_bin_size(&dss_s);
+	writelen = fp_unsigned_bin_size(&dss_s);
 	dropbear_assert(writelen <= SHA1_HASH_SIZE);
 	/* need to pad to 160 bits with leading zeros */
 	for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) {
 		buf_putbyte(buf, 0);
 	}
-	if (mp_to_unsigned_bin(&dss_s, buf_getwriteptr(buf, writelen)) 
-			!= MP_OKAY) {
-		dropbear_exit("dss error");
-	}
-	mp_clear(&dss_s);
+	fp_to_unsigned_bin(&dss_s, buf_getwriteptr(buf, writelen));
+	fp_zero(&dss_s);
 	buf_incrwritepos(buf, writelen);
 
-	mp_clear_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
+	m_fp_zero_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
 			&dss_m, NULL);
 	
 	/* create the signature to return */