diff options
-rw-r--r-- | sbin/isakmpd/math_2n.c | 615 |
1 files changed, 358 insertions, 257 deletions
diff --git a/sbin/isakmpd/math_2n.c b/sbin/isakmpd/math_2n.c index 5cb18cf743a..6a10adf46fb 100644 --- a/sbin/isakmpd/math_2n.c +++ b/sbin/isakmpd/math_2n.c @@ -1,5 +1,5 @@ -/* $OpenBSD: math_2n.c,v 1.5 1999/04/05 21:01:23 niklas Exp $ */ -/* $EOM: math_2n.c,v 1.13 1999/04/05 08:04:25 niklas Exp $ */ +/* $OpenBSD: math_2n.c,v 1.6 1999/04/19 20:54:01 niklas Exp $ */ +/* $EOM: math_2n.c,v 1.14 1999/04/17 23:20:31 niklas Exp $ */ /* * Copyright (c) 1998 Niels Provos. All rights reserved. @@ -50,10 +50,10 @@ #include "sysdep.h" -#include "util.h" #include "math_2n.h" +#include "util.h" -u_int8_t hex2int (char); +static u_int8_t hex2int (char); static char int2hex[] = "0123456789abcdef"; CHUNK_TYPE b2n_mask[CHUNK_BITS] = { @@ -69,8 +69,8 @@ CHUNK_TYPE b2n_mask[CHUNK_BITS] = { #endif }; -/* Misc */ -u_int8_t +/* Convert a hex character to its integer value. */ +static u_int8_t hex2int (char c) { if (c <= '9') @@ -81,11 +81,11 @@ hex2int (char c) return 0; } - -void +int b2n_random (b2n_ptr n, u_int32_t bits) { - b2n_resize (n, (CHUNK_MASK + bits) >> CHUNK_SHIFTS); + if (b2n_resize (n, (CHUNK_MASK + bits) >> CHUNK_SHIFTS)) + return -1; getrandom ((u_int8_t *)n->limp, CHUNK_BYTES * n->chunks); @@ -97,6 +97,7 @@ b2n_random (b2n_ptr n, u_int32_t bits) } n->dirty = 1; + return 0; } /* b2n management functions */ @@ -105,7 +106,7 @@ void b2n_init (b2n_ptr n) { n->chunks = 0; - n->limp = NULL; + n->limp = 0; } void @@ -115,7 +116,7 @@ b2n_clear (b2n_ptr n) free (n->limp); } -void +int b2n_resize (b2n_ptr n, unsigned int chunks) { int old = n->chunks; @@ -126,14 +127,13 @@ b2n_resize (b2n_ptr n, unsigned int chunks) chunks = 1; if (chunks == old) - return; + return 0; size = CHUNK_BYTES * chunks; - /* XXX - is there anything I can do here? */ new = realloc (n->limp, size); - if (new == NULL) - return; + if (!new) + return -1; n->limp = new; n->chunks = chunks; @@ -141,32 +141,38 @@ b2n_resize (b2n_ptr n, unsigned int chunks) n->dirty = 1; if (chunks > old) - memset (n->limp + old, 0, size - CHUNK_BYTES*old); + memset (n->limp + old, 0, size - CHUNK_BYTES * old); + + return 0; } -/* Simple assignment functions */ +/* Simple assignment functions. */ -void +int b2n_set (b2n_ptr d, b2n_ptr s) { if (d == s) - return; + return 0; b2n_sigbit (s); - b2n_resize (d, (CHUNK_MASK + s->bits) >> CHUNK_SHIFTS); - memcpy (d->limp, s->limp, CHUNK_BYTES*d->chunks); + if (b2n_resize (d, (CHUNK_MASK + s->bits) >> CHUNK_SHIFTS)) + return -1; + memcpy (d->limp, s->limp, CHUNK_BYTES * d->chunks); d->bits = s->bits; d->dirty = s->dirty; + return 0; } -void +int b2n_set_null (b2n_ptr n) { - b2n_resize (n, 1); + if (b2n_resize (n, 1)) + return -1; n->limp[0] = n->bits = n->dirty = 0; + return 0; } -void +int b2n_set_ui (b2n_ptr n, unsigned int val) { #if CHUNK_BITS < 32 @@ -174,7 +180,8 @@ b2n_set_ui (b2n_ptr n, unsigned int val) chunks = (CHUNK_BYTES - 1 + sizeof (val)) / CHUNK_BYTES; - b2n_resize (n, chunks); + if (b2n_resize (n, chunks)) + return -1; for (i = 0; i < chunks; i++) { @@ -182,22 +189,23 @@ b2n_set_ui (b2n_ptr n, unsigned int val) val >>= CHUNK_BITS; } #else - b2n_resize (n, 1); + if (b2n_resize (n, 1)) + return -1; n->limp[0] = val; #endif n->dirty = 1; + return 0; } -/* Only takes hex at the moment */ - -void +/* XXX This one only takes hex at the moment. */ +int b2n_set_str (b2n_ptr n, char *str) { int i, j, w, len, chunks; CHUNK_TYPE tmp; if (strncasecmp (str, "0x", 2)) - return; + return -1; /* Make the hex string even lengthed */ len = strlen (str) - 2; @@ -211,54 +219,56 @@ b2n_set_str (b2n_ptr n, char *str) len /= 2; - chunks = (CHUNK_BYTES - 1 + len)/CHUNK_BYTES; - b2n_resize (n, chunks); + chunks = (CHUNK_BYTES - 1 + len) / CHUNK_BYTES; + if (b2n_resize (n, chunks)) + return -1; memset (n->limp, 0, CHUNK_BYTES * n->chunks); for (w = 0, i = 0; i < chunks; i++) { tmp = 0; - for (j = (i == 0 ? ((len-1) % CHUNK_BYTES)+1 : CHUNK_BYTES); j > 0; j--) + for (j = (i == 0 ? ((len - 1) % CHUNK_BYTES) + 1 : CHUNK_BYTES); j > 0; + j--) { tmp <<= 8; - tmp |= (hex2int(str[w]) << 4) | hex2int(str[w+1]); + tmp |= (hex2int (str[w]) << 4) | hex2int (str[w + 1]); w += 2; } - n->limp[chunks-1-i] = tmp; + n->limp[chunks - 1 - i] = tmp; } n->dirty = 1; + return 0; } -/* Output function, mainly for debugging perpurses */ - +/* Output function, mainly for debugging purposes. */ void b2n_print (b2n_ptr n) { int i, j, w, flag = 0; int left; - char buffer[2*CHUNK_BYTES]; + char buffer[2 * CHUNK_BYTES]; CHUNK_TYPE tmp; left = ((((7 + b2n_sigbit (n)) >> 3) - 1) % CHUNK_BYTES) + 1; - printf("0x"); + printf ("0x"); for (i = 0; i < n->chunks; i++) { - tmp = n->limp[n->chunks-1-i]; + tmp = n->limp[n->chunks - 1 - i]; memset (buffer, '0', sizeof (buffer)); for (w = 0, j = (i == 0 ? left : CHUNK_BYTES); j > 0; j--) { - buffer[w++] = int2hex[(tmp >> 4) & 0xF]; - buffer[w++] = int2hex[tmp & 0xF]; + buffer[w++] = int2hex[(tmp >> 4) & 0xf]; + buffer[w++] = int2hex[tmp & 0xf]; tmp >>= 8; } for (j = (i == 0 ? left - 1: CHUNK_BYTES - 1); j >= 0; j--) if (flag || (i == n->chunks - 1 && j == 0) || - buffer[2*j] != '0' || buffer[2*j+1] != '0') + buffer[2 * j] != '0' || buffer[2 * j + 1] != '0') { - putchar (buffer[2*j]); - putchar (buffer[2*j+1]); + putchar (buffer[2 * j]); + putchar (buffer[2 * j + 1]); flag = 1; } } @@ -270,7 +280,7 @@ b2n_sprint (char *buf, b2n_ptr n) { int i, k, j, w, flag = 0; int left; - char buffer[2*CHUNK_BYTES]; + char buffer[2 * CHUNK_BYTES]; CHUNK_TYPE tmp; left = ((((7 + b2n_sigbit (n)) >> 3) - 1) % CHUNK_BYTES) + 1; @@ -278,30 +288,30 @@ b2n_sprint (char *buf, b2n_ptr n) strcpy (buf, "0x"); k = 2; for (i = 0; i < n->chunks; i++) { - tmp = n->limp[n->chunks-1-i]; + tmp = n->limp[n->chunks - 1 - i]; memset (buffer, '0', sizeof (buffer)); for (w = 0, j = (i == 0 ? left : CHUNK_BYTES); j > 0; j--) { - buffer[w++] = int2hex[(tmp >> 4) & 0xF]; - buffer[w++] = int2hex[tmp & 0xF]; + buffer[w++] = int2hex[(tmp >> 4) & 0xf]; + buffer[w++] = int2hex[tmp & 0xf]; tmp >>= 8; } for (j = (i == 0 ? left - 1: CHUNK_BYTES - 1); j >= 0; j--) if (flag || (i == n->chunks - 1 && j == 0) || - buffer[2*j] != '0' || buffer[2*j+1] != '0') + buffer[2 * j] != '0' || buffer[2 * j + 1] != '0') { - buf[k++] = buffer[2*j]; - buf[k++] = buffer[2*j+1]; + buf[k++] = buffer[2 * j]; + buf[k++] = buffer[2 * j + 1]; flag = 1; } } - buf [k++] = 0; + buf[k++] = 0; return k; } -/* Arithmetic functions */ +/* Arithmetic functions. */ u_int32_t b2n_sigbit (b2n_ptr n) @@ -311,7 +321,7 @@ b2n_sigbit (b2n_ptr n) if (!n->dirty) return n->bits; - for (i = n->chunks-1; i > 0; i--) + for (i = n->chunks - 1; i > 0; i--) if (n->limp[i]) break; @@ -327,33 +337,24 @@ b2n_sigbit (b2n_ptr n) return n->bits; } - -/* - * Addition on GF(2)[x] is nice, its just an XOR. - */ - -void +/* Addition on GF(2)[x] is nice, its just an XOR. */ +int b2n_add (b2n_ptr d, b2n_ptr a, b2n_ptr b) { int i; b2n_ptr bmin, bmax; if (!b2n_cmp_null (a)) - { - b2n_set (d, b); - return; - } + return b2n_set (d, b); if (!b2n_cmp_null (b)) - { - b2n_set (d, a); - return; - } + return b2n_set (d, a); bmin = B2N_MIN (a,b); bmax = B2N_MAX (a,b); - b2n_resize (d, bmax->chunks); + if (b2n_resize (d, bmax->chunks)) + return -1; for (i = 0; i < bmin->chunks; i++) d->limp[i] = bmax->limp[i] ^ bmin->limp[i]; @@ -375,16 +376,13 @@ b2n_add (b2n_ptr d, b2n_ptr a, b2n_ptr b) * truncate the used amount of memory. */ if (d != bmax && !b2n_cmp_null (d)) - b2n_set_null (d); + return b2n_set_null (d); else d->dirty = 1; + return 0; } - -/* - * Compare two polynomials. - */ - +/* Compare two polynomials. */ int b2n_cmp (b2n_ptr n, b2n_ptr m) { @@ -417,16 +415,14 @@ b2n_cmp_null (b2n_ptr a) { if (a->limp[i]) return 1; - } while (++i < a->chunks); + } + while (++i < a->chunks); return 0; } -/* - * Left shift, needed for polynomial multiplication. - */ - -void +/* Left shift, needed for polynomial multiplication. */ +int b2n_lshift (b2n_ptr d, b2n_ptr n, unsigned int s) { int i, maj, min, chunks; @@ -434,30 +430,29 @@ b2n_lshift (b2n_ptr d, b2n_ptr n, unsigned int s) CHUNK_TYPE *p, *op; if (!s) - { - b2n_set (d, n); - return; - } + return b2n_set (d, n); maj = s >> CHUNK_SHIFTS; min = s & CHUNK_MASK; - add = (!(bits&CHUNK_MASK) || ((bits&CHUNK_MASK) + min) > CHUNK_MASK) ? 1 : 0; + add = (!(bits & CHUNK_MASK) || ((bits & CHUNK_MASK) + min) > CHUNK_MASK) + ? 1 : 0; chunks = n->chunks; - b2n_resize (d, chunks + maj + add); + if (b2n_resize (d, chunks + maj + add)) + return -1; memmove (d->limp + maj, n->limp, CHUNK_BYTES * chunks); if (maj) memset (d->limp, 0, CHUNK_BYTES * maj); if (add) - d->limp[d->chunks-1] = 0; + d->limp[d->chunks - 1] = 0; /* If !min there are no bit shifts, we are done */ if (!min) - return; + return 0; - op = p = &d->limp[d->chunks-1]; - for (i = d->chunks-2; i >= maj; i--) + op = p = &d->limp[d->chunks - 1]; + for (i = d->chunks - 2; i >= maj; i--) { op--; *p-- = (*p << min) | (*op >> (CHUNK_BITS - min)); @@ -466,33 +461,25 @@ b2n_lshift (b2n_ptr d, b2n_ptr n, unsigned int s) d->dirty = 0; d->bits = bits + (maj << CHUNK_SHIFTS) + min; + return 0; } -/* - * Right shift, needed for polynomial division. - */ - -void +/* Right shift, needed for polynomial division. */ +int b2n_rshift (b2n_ptr d, b2n_ptr n, unsigned int s) { int maj, min, size = n->chunks, newsize; b2n_ptr tmp; if (!s) - { - b2n_set (d, n); - return; - } + return b2n_set (d, n); maj = s >> CHUNK_SHIFTS; newsize = size - maj; if (size < maj) - { - b2n_set_null (d); - return; - } + return b2n_set_null (d); min = (CHUNK_BITS - (s & CHUNK_MASK)) & CHUNK_MASK; if (min) @@ -500,74 +487,78 @@ b2n_rshift (b2n_ptr d, b2n_ptr n, unsigned int s) if ((b2n_sigbit (n) & CHUNK_MASK) > min) newsize++; - b2n_lshift (d, n, min); + if (b2n_lshift (d, n, min)) + return -1; tmp = d; } else tmp = n; memmove (d->limp, tmp->limp + maj + (min ? 1 : 0), CHUNK_BYTES * newsize); - b2n_resize (d, newsize); + if (b2n_resize (d, newsize)) + return -1; d->bits = tmp->bits - ((maj + (min ? 1 : 0)) << CHUNK_SHIFTS); + return 0; } -/* - * Normal polynomial multiplication. - */ -void +/* Normal polynomial multiplication. */ +int b2n_mul (b2n_ptr d, b2n_ptr n, b2n_ptr m) { int i, j; b2n_t tmp, tmp2; if (!b2n_cmp_null (m) || !b2n_cmp_null (n)) - { - b2n_set_null (d); - return; - } + return b2n_set_null (d); if (b2n_sigbit (m) == 1) - { - b2n_set (d, n); - return; - } + return b2n_set (d, n); if (b2n_sigbit (n) == 1) - { - b2n_set (d, m); - return; - } + return b2n_set (d, m); b2n_init (tmp); b2n_init (tmp2); - b2n_set (tmp, B2N_MAX (n, m)); - b2n_set (tmp2, B2N_MIN (n, m)); + if (b2n_set (tmp, B2N_MAX (n, m))) + goto fail; + if (b2n_set (tmp2, B2N_MIN (n, m))) + goto fail; - b2n_set_null (d); + if (b2n_set_null (d)) + goto fail; for (i = 0; i < tmp2->chunks; i++) if (tmp2->limp[i]) for (j = 0; j < CHUNK_BITS; j++) { if (tmp2->limp[i] & b2n_mask[j]) - b2n_add (d, d, tmp); + if (b2n_add (d, d, tmp)) + goto fail; - b2n_lshift (tmp, tmp, 1); + if (b2n_lshift (tmp, tmp, 1)) + goto fail; } else - b2n_lshift (tmp, tmp, CHUNK_BITS); + if (b2n_lshift (tmp, tmp, CHUNK_BITS)) + goto fail; b2n_clear (tmp); b2n_clear (tmp2); + return 0; + + fail: + b2n_clear (tmp); + b2n_clear (tmp2); + return -1; } /* * Squaring in this polynomial ring is more efficient than normal * multiplication. */ -void +int b2n_square (b2n_ptr d, b2n_ptr n) { int i, j, maj, min, bits, chunk; @@ -578,7 +569,8 @@ b2n_square (b2n_ptr d, b2n_ptr n) maj = (maj + CHUNK_MASK) >> CHUNK_SHIFTS; b2n_init (t); - b2n_resize (t, 2 * maj + ((CHUNK_MASK + 2 * min) >> CHUNK_SHIFTS)); + if (b2n_resize (t, 2 * maj + ((CHUNK_MASK + 2 * min) >> CHUNK_SHIFTS))) + return -1; chunk = 0; bits = 0; @@ -603,33 +595,38 @@ b2n_square (b2n_ptr d, b2n_ptr n) t->dirty = 1; B2N_SWAP (d, t); b2n_clear (t); + return 0; } /* * Normal polynomial division. * These functions are far from optimal in speed. */ -void +int b2n_div_q (b2n_ptr d, b2n_ptr n, b2n_ptr m) { b2n_t r; + int rv; b2n_init (r); - b2n_div (d, r, n, m); + rv = b2n_div (d, r, n, m); b2n_clear (r); + return rv; } -void +int b2n_div_r (b2n_ptr r, b2n_ptr n, b2n_ptr m) { b2n_t q; + int rv; b2n_init (q); - b2n_div (q, r, n, m); + rv = b2n_div (q, r, n, m); b2n_clear (q); + return rv; } -void +int b2n_div (b2n_ptr q, b2n_ptr r, b2n_ptr n, b2n_ptr m) { int sn, sm, i, j, len, bits; @@ -638,20 +635,20 @@ b2n_div (b2n_ptr q, b2n_ptr r, b2n_ptr n, b2n_ptr m) /* If Teiler > Zaehler, the result is 0 */ if ((sm = b2n_sigbit (m)) > (sn = b2n_sigbit (n))) { - b2n_set_null (q); - b2n_set (r, n); - return; + if (b2n_set_null (q)) + return -1; + return b2n_set (r, n); } if (sm == 0) /* Division by Zero */ - return; + return -1; else if (sm == 1) { /* Division by the One-Element */ - b2n_set (q, n); - b2n_set_null (r); - return; + if (b2n_set (q, n)) + return -1; + return b2n_set_null (r); } b2n_init (nenn); @@ -659,16 +656,23 @@ b2n_div (b2n_ptr q, b2n_ptr r, b2n_ptr n, b2n_ptr m) b2n_init (shift); b2n_init (mask); - b2n_set (nenn, n); - b2n_set (div, m); - b2n_set (shift, m); - b2n_set_ui (mask, 1); - - b2n_resize (q, (sn - sm + CHUNK_MASK) >> CHUNK_SHIFTS); + if (b2n_set (nenn, n)) + goto fail; + if (b2n_set (div, m)) + goto fail; + if (b2n_set (shift, m)) + goto fail; + if (b2n_set_ui (mask, 1)) + goto fail; + + if (b2n_resize (q, (sn - sm + CHUNK_MASK) >> CHUNK_SHIFTS)) + goto fail; memset (q->limp, 0, CHUNK_BYTES * q->chunks); - b2n_lshift (shift, shift, sn - sm); - b2n_lshift (mask, mask, sn - sm); + if (b2n_lshift (shift, shift, sn - sm)) + goto fail; + if (b2n_lshift (mask, mask, sn - sm)) + goto fail; /* Number of significant octets */ len = (sn - 1) >> CHUNK_SHIFTS; @@ -680,11 +684,15 @@ b2n_div (b2n_ptr q, b2n_ptr r, b2n_ptr n, b2n_ptr m) { if (nenn->limp[i] & b2n_mask[j]) { - b2n_sub (nenn, nenn, shift); - b2n_add (q, q, mask); + if (b2n_sub (nenn, nenn, shift)) + goto fail; + if (b2n_add (q, q, mask)) + goto fail; } - b2n_rshift (shift, shift, 1); - b2n_rshift (mask, mask, 1); + if (b2n_rshift (shift, shift, 1)) + goto fail; + if (b2n_rshift (mask, mask, 1)) + goto fail; } B2N_SWAP (r, nenn); @@ -693,41 +701,54 @@ b2n_div (b2n_ptr q, b2n_ptr r, b2n_ptr n, b2n_ptr m) b2n_clear (div); b2n_clear (shift); b2n_clear (mask); + return 0; + +fail: + b2n_clear (nenn); + b2n_clear (div); + b2n_clear (shift); + b2n_clear (mask); + return -1; } -/* - * Functions for Operation on GF(2**n) ~= GF(2)[x]/p(x). - */ -void +/* Functions for Operation on GF(2**n) ~= GF(2)[x]/p(x). */ +int b2n_mod (b2n_ptr m, b2n_ptr n, b2n_ptr p) { int bits, size; - b2n_div_r (m, n, p); + + if (b2n_div_r (m, n, p)) + return -1; bits = b2n_sigbit (m); size = ((CHUNK_MASK + bits) >> CHUNK_SHIFTS); if (size == 0) size = 1; if (m->chunks > size) - b2n_resize (m, size); + if (b2n_resize (m, size)) + return -1; m->bits = bits; m->dirty = 0; + return 0; } -void +int b2n_gcd (b2n_ptr e, b2n_ptr go, b2n_ptr ho) { b2n_t g, h; b2n_init (g); - b2n_set (g, go); b2n_init (h); - b2n_set (h, ho); + if (b2n_set (g, go)) + goto fail; + if (b2n_set (h, ho)) + goto fail; while (b2n_cmp_null (h)) { - b2n_mod (g, g, h); + if (b2n_mod (g, g, h)) + goto fail; B2N_SWAP (g, h); } @@ -735,32 +756,42 @@ b2n_gcd (b2n_ptr e, b2n_ptr go, b2n_ptr ho) b2n_clear (g); b2n_clear (h); + return 0; + +fail: + b2n_clear (g); + b2n_clear (h); + return -1; } -void +int b2n_mul_inv (b2n_ptr ga, b2n_ptr be, b2n_ptr p) { b2n_t a; b2n_init (a); - b2n_set_ui (a, 1); + if (b2n_set_ui (a, 1)) + goto fail; - b2n_div_mod (ga, a, be, p); + if (b2n_div_mod (ga, a, be, p)) + goto fail; b2n_clear (a); + return 0; + + fail: + b2n_clear (a); + return -1; } -void +int b2n_div_mod (b2n_ptr ga, b2n_ptr a, b2n_ptr be, b2n_ptr p) { b2n_t s0, s1, s2, q, r0, r1; /* There is no multiplicative inverse to Null. */ - if (!b2n_cmp_null(be)) - { - b2n_set_null (ga); - return; - } + if (!b2n_cmp_null (be)) + return b2n_set_null (ga); b2n_init (s0); b2n_init (s1); @@ -769,20 +800,28 @@ b2n_div_mod (b2n_ptr ga, b2n_ptr a, b2n_ptr be, b2n_ptr p) b2n_init (r1); b2n_init (q); - b2n_set (r0, p); - b2n_set (r1, be); + if (b2n_set (r0, p)) + goto fail; + if (b2n_set (r1, be)) + goto fail; - b2n_set_null (s0); - b2n_set (s1, a); + if (b2n_set_null (s0)) + goto fail; + if (b2n_set (s1, a)) + goto fail; while (b2n_cmp_null (r1)) { - b2n_div(q, r0, r0, r1); + if (b2n_div (q, r0, r0, r1)) + goto fail; B2N_SWAP (r0, r1); - b2n_mul (s2, q, s1); - b2n_mod (s2, s2, p); - b2n_sub (s2, s0, s2); + if (b2n_mul (s2, q, s1)) + goto fail; + if (b2n_mod (s2, s2, p)) + goto fail; + if (b2n_sub (s2, s0, s2)) + goto fail; B2N_SWAP (s0, s1); B2N_SWAP (s1, s2); @@ -795,6 +834,16 @@ b2n_div_mod (b2n_ptr ga, b2n_ptr a, b2n_ptr be, b2n_ptr p) b2n_clear (r0); b2n_clear (r1); b2n_clear (q); + return 0; + +fail: + b2n_clear (s0); + b2n_clear (s1); + b2n_clear (s2); + b2n_clear (r0); + b2n_clear (r1); + b2n_clear (q); + return -1; } /* @@ -803,100 +852,129 @@ b2n_div_mod (b2n_ptr ga, b2n_ptr a, b2n_ptr be, b2n_ptr p) * 2 - 2*Trace. * If z is a square root, z + 1 is the other. */ -void +int b2n_trace (b2n_ptr ho, b2n_ptr a, b2n_ptr p) { int i, m = b2n_sigbit (p) - 1; b2n_t h; b2n_init (h); - b2n_set (h, a); + if (b2n_set (h, a)) + goto fail; for (i = 0; i < m - 1; i++) { - b2n_square (h, h); - b2n_mod (h, h, p); + if (b2n_square (h, h)) + goto fail; + if (b2n_mod (h, h, p)) + goto fail; - b2n_add (h, h, a); + if (b2n_add (h, h, a)) + goto fail; } B2N_SWAP (ho, h); b2n_clear (h); + return 0; + + fail: + b2n_clear (h); + return -1; } /* * The halftrace yields the square root if the degree of the * irreduceable polynomial is odd. */ -void +int b2n_halftrace (b2n_ptr ho, b2n_ptr a, b2n_ptr p) { int i, m = b2n_sigbit (p) - 1; b2n_t h; b2n_init (h); - b2n_set (h, a); + if (b2n_set (h, a)) + goto fail; for (i = 0; i < (m - 1) / 2; i++) { - b2n_square (h, h); - b2n_mod (h, h, p); - b2n_square (h, h); - b2n_mod (h, h, p); - - b2n_add (h, h, a); + if (b2n_square (h, h)) + goto fail; + if (b2n_mod (h, h, p)) + goto fail; + if (b2n_square (h, h)) + goto fail; + if (b2n_mod (h, h, p)) + goto fail; + + if (b2n_add (h, h, a)) + goto fail; } B2N_SWAP (ho, h); b2n_clear (h); + return 0; + + fail: + b2n_clear (h); + return -1; } /* * Solving the equation: y**2 + y = b in GF(2**m) where ip is the * irreduceable polynomial. If m is odd, use the half trace. */ -void +int b2n_sqrt (b2n_ptr zo, b2n_ptr b, b2n_ptr ip) { int i, m = b2n_sigbit (ip) - 1; b2n_t w, p, temp, z; if (!b2n_cmp_null (b)) - { - b2n_set_null (z); - return; - } + return b2n_set_null (z); if (m & 1) - { - b2n_halftrace (zo, b, ip); - return; - } + return b2n_halftrace (zo, b, ip); b2n_init (z); b2n_init (w); b2n_init (p); b2n_init (temp); - do { - b2n_random (p, m); - b2n_set_null (z); - b2n_set (w, p); - for (i = 1; i < m; i++) - { - b2n_square (z, z); /* z**2 */ - b2n_mod (z, z, ip); - b2n_square (w, w); /* w**2 */ - b2n_mod (w, w, ip); - - b2n_mul (temp, w, b); /* w**2 * b */ - b2n_mod (temp, temp, ip); - b2n_add (z, z, temp); /* z**2 + w**2 + b */ - - b2n_add (w, w, p); /* w**2 + p */ - } - } while (!b2n_cmp_null (w)); + do + { + if (b2n_random (p, m)) + goto fail; + if (b2n_set_null (z)) + goto fail; + if (b2n_set (w, p)) + goto fail; + + for (i = 1; i < m; i++) + { + if (b2n_square (z, z)) /* z**2 */ + goto fail; + if (b2n_mod (z, z, ip)) + goto fail; + + if (b2n_square (w, w)) /* w**2 */ + goto fail; + if (b2n_mod (w, w, ip)) + goto fail; + + if (b2n_mul (temp, w, b)) /* w**2 * b */ + goto fail; + if (b2n_mod (temp, temp, ip)) + goto fail; + if (b2n_add (z, z, temp)) /* z**2 + w**2 + b */ + goto fail; + + if (b2n_add (w, w, p)) /* w**2 + p */ + goto fail; + } + } + while (!b2n_cmp_null (w)); B2N_SWAP (zo, z); @@ -904,36 +982,55 @@ b2n_sqrt (b2n_ptr zo, b2n_ptr b, b2n_ptr ip) b2n_clear (p); b2n_clear (temp); b2n_clear (z); + return 0; + + fail: + b2n_clear (w); + b2n_clear (p); + b2n_clear (temp); + b2n_clear (z); + return -1; } -/* - * Exponentiation modulo a polynomial. - */ -void +/* Exponentiation modulo a polynomial. */ +int b2n_exp_mod (b2n_ptr d, b2n_ptr b0, u_int32_t e, b2n_ptr p) { b2n_t u, b; b2n_init (u); - b2n_set_ui (u, 1); b2n_init (b); - b2n_mod (b, b0, p); + if (b2n_set_ui (u, 1)) + goto fail; + if (b2n_mod (b, b0, p)) + goto fail; while (e) { if (e & 1) { - b2n_mul (u, u, b); - b2n_mod (u, u, p); + if (b2n_mul (u, u, b)) + goto fail; + if (b2n_mod (u, u, p)) + goto fail; } - b2n_square (b, b); - b2n_mod (b, b, p); + if (b2n_square (b, b)) + goto fail; + if (b2n_mod (b, b, p)) + goto fail; e >>= 1; } B2N_SWAP (d, u); + b2n_clear (u); b2n_clear (b); + return 0; + + fail: + b2n_clear (u); + b2n_clear (b); + return -1; } /* @@ -942,10 +1039,8 @@ b2n_exp_mod (b2n_ptr d, b2n_ptr b0, u_int32_t e, b2n_ptr p) * Multiplies a normal number by 3. */ -/* - * Normal addition behaves as Z_{2**n} and not F_{2**n}. - */ -void +/* Normal addition behaves as Z_{2**n} and not F_{2**n}. */ +int b2n_nadd (b2n_ptr d0, b2n_ptr a0, b2n_ptr b0) { int i, carry; @@ -953,22 +1048,20 @@ b2n_nadd (b2n_ptr d0, b2n_ptr a0, b2n_ptr b0) b2n_t d; if (!b2n_cmp_null (a0)) - { - b2n_set (d0, b0); - return; - } + return b2n_set (d0, b0); if (!b2n_cmp_null (b0)) - { - b2n_set (d0, a0); - return; - } + return b2n_set (d0, a0); b2n_init (d); a = B2N_MAX (a0, b0); b = B2N_MIN (a0, b0); - b2n_resize (d, a->chunks + 1); + if (b2n_resize (d, a->chunks + 1)) + { + b2n_clear (d); + return -1; + } for (carry = i = 0; i < b->chunks; i++) { @@ -989,25 +1082,25 @@ b2n_nadd (b2n_ptr d0, b2n_ptr a0, b2n_ptr b0) B2N_SWAP (d0, d); b2n_clear (d); + return 0; } -/* - * Very special sub, a > b. - */ -void +/* Very special sub, a > b. */ +int b2n_nsub (b2n_ptr d0, b2n_ptr a, b2n_ptr b) { int i, carry; b2n_t d; if (b2n_cmp (a, b) <= 0) - { - b2n_set_null (d0); - return; - } + return b2n_set_null (d0); b2n_init (d); - b2n_resize (d, a->chunks); + if (b2n_resize (d, a->chunks)) + { + b2n_clear (d); + return -1; + } for (carry = i = 0; i < b->chunks; i++) { @@ -1029,17 +1122,25 @@ b2n_nsub (b2n_ptr d0, b2n_ptr a, b2n_ptr b) B2N_SWAP (d0, d); b2n_clear (d); + return 0; } -void +int b2n_3mul (b2n_ptr d0, b2n_ptr e) { b2n_t d; b2n_init (d); - b2n_lshift (d, e, 1); + if (b2n_lshift (d, e, 1)) + goto fail; - b2n_nadd (d0, d, e); + if (b2n_nadd (d0, d, e)) + goto fail; + + b2n_clear (d); + return 0; + fail: b2n_clear (d); + return -1; } |