Context Navigation

mp2.c

Last change on this file was 2, checked in by jglee, 11 years ago
first commit
Property svn:executable set to ``*
File size: 10.5 KB

Rev	Line
[2]	1	/***************************************************************************
	2	* Copyright (c) 2002-2009, Broadcom Corporation
	3	* All Rights Reserved
	4	* Confidential Property of Broadcom Corporation
	5	*
	6	* THIS SOFTWARE MAY ONLY BE USED SUBJECT TO AN EXECUTED SOFTWARE LICENSE
	7	* AGREEMENT BETWEEN THE USER AND BROADCOM. YOU HAVE NO RIGHT TO USE OR
	8	* EXPLOIT THIS MATERIAL EXCEPT SUBJECT TO THE TERMS OF SUCH AN AGREEMENT.
	9	*
	10	* Filename: mp2.c
	11	*
	12	***************************************************************************/
	13	/*
	14	* Multiple-Precision Modular Arithmetic Routines
	15	*
	16	*
	17	* Change log: 07/17/02 - Created.
	18	* 07/29/02 - Split functions mpcopy(), mplong2mp(),
	19	* mpzero(), newabs() into separate files.
	20	* 07/30/02 - newabs & sign support removed definitely.
	21	*/
	22
	23
	24	#include "mp2.h"
	25
	26	/* global vars */
	27
	28	/* optimization: do not swap bytes in word, assume input is given
	29	* as little-endian 32-bit words. */
	30	#undef INPUT_IS_NOT_LITTLE_ENDIAN_WORD32_ARRAY
	31
	32	void mpadd (mp a, mp b, mp c)
	33	{
	34	register u32 *aa = a;
	35	register u32 *bb = b;
	36	register u32 *cc = c;
	37	register u32 i = 0;
	38	register u32 carry=0;
	39	register u32 sa;
	40	register u32 sb;
	41	register u32 bdigit;
	42
	43	/* ensure length(a) >= length(b) */
	44	if (mpcompare(aa, bb)<0)
	45	mpswap(aa,bb);
	46
	47	sa = *aa;
	48	sb = *bb;
	49
	50	/* Addition loop */
	51	aa++;
	52	bb++;
	53	cc++;
	54	for (; i<sa; i++, aa++, bb++, cc++)
	55	{
	56	bdigit = (i>=sb)? 0L : *bb;
	57
	58	cc = (u32) (aa + bdigit + carry);
	59	carry = 0;
	60	if (cc >= RADIX) / overflow */
	61	{
	62	*cc -= RADIX;
	63	carry = 1;
	64	}
	65	}
	66
	67	if (carry) {
	68	*cc = carry;
	69	sa++;
	70	}
	71
	72	/* Set length of sum c */
	73	*c = sa;
	74
	75	return;
	76	}
	77
	78	/* Substraction */
	79
	80	void mpsub (mp a, mp b, mp c)
	81	{
	82	register u32 *aa = a;
	83	register u32 *bb = b;
	84	register u32 *cc = c;
	85	register u32 sa = *aa;
	86	register u32 sb = *bb;
	87	register u32 ina;
	88
	89	register u32 bdigit;
	90	register u32 i = 1;
	91	register u32 carry=0;
	92
	93	u32 lastnz=1;
	94	u32 v, w;
	95
	96	if (aa==bb)
	97	{
	98	mpzero(cc);
	99	return;
	100	}
	101
	102	/* Substraction loop */
	103	aa++;
	104	bb++;
	105	cc++;
	106	for (; i<=sa; i++, aa++, bb++, cc++)
	107	{
	108	bdigit = (i>sb)? 0L : *bb;
	109	w = bdigit+carry;
	110
	111	/* check for underflow */
	112	carry = 0;
	113	ina = *aa;
	114	if (ina < w)
	115	{
	116	v = (u32)(ina+(RADIX-w));
	117	carry = 1;
	118	}else
	119	v = (u32)(ina - w);
	120
	121	if (v) lastnz=i;
	122	*cc = v;
	123	}
	124
	125	/* Set length of c */
	126	*c = lastnz;
	127
	128	return;
	129	}
	130
	131
	132	/* Comparison between a and b: return the sign of a-b */
	133	s32 mpcompare (mp a, mp b)
	134	{
	135	register u32 *aa = a;
	136	register u32 *bb = b;
	137	register u32 ina;
	138	register u32 inb;
	139
	140	u32 sa = *aa;
	141	u32 sb = *bb;
	142	u32 isazero = iszero(aa);
	143	u32 isbzero = iszero(bb);
	144
	145	/* Any zero? */
	146	if (isazero \|\| isbzero)
	147	return (isazero-isbzero);
	148
	149	/* different length? */
	150	if ( sa!= sb)
	151	return (sa < sb)? (-1): (1);
	152
	153	aa += sa;
	154	bb += sa;
	155	for (; sa>0; sa--, aa--, bb--)
	156	{
	157	ina = *aa;
	158	inb = *bb;
	159	if (ina != inb)
	160	return (ina > inb)? (1): (-1);
	161	}
	162	return (0);
	163	}
	164
	165	void mpmul (mp x, mp y, mp w)
	166	{
	167	register u32 n = (*x)-1;
	168	register u32 t = (*y)-1;
	169	register u32 i,j;
	170	register u32 *ww = w;
	171	u32 c, tt=t+1;
	172
	173	u32 sw = n+t+2;
	174
	175	for (i=sw; i>0; i--)
	176	*(ww++) = 0L;
	177	for (i=1; i<=tt; i++)
	178	{
	179	c = 0L;
	180	for (j=0; j<=n; j++)
	181	addmul (&c, &(w[i+j]), x[j+1], y[i]);
	182	w[i+j] = c;
	183	}
	184
	185	for (i=sw; i>1 && !w[i]; i--)
	186	;
	187	*w = i;
	188	return;
	189	}
	190
	191	/* Left shift 0<= k <30 bits */
	192	void mplshift (mp a, u32 k, mp b)
	193	{
	194	register u32 sa = *a;
	195	register u32 *aa = a+sa;
	196	register u32 *bb = b+sa;
	197	register u32 kk = k;
	198
	199	u32 w;
	200
	201	*b = sa;
	202
	203	/* shifting last chunk may yield an additional chunk */
	204	if ((w = (((u32)*aa) >> (NBITS-kk))) != 0L)
	205	{
	206	*(bb+1) = w;
	207	*b = sa+1;
	208	}
	209
	210	/* shift the remaining chunks */
	211	for (; sa>1; sa--, aa--,bb--)
	212	bb = ( ((((u32)(aa)) << kk) & MASK) \|
	213	((((u32)(*(aa-1))) >> (NBITS-kk))) );
	214
	215	bb = (((u32)aa) << kk) & MASK; /* last iteration, when sa == 1 */
	216	return;
	217	}
	218
	219	/* Right shift 0<= k <30 bits */
	220	void mprshift (mp a, u32 k, mp b)
	221	{
	222	register u32 *aa = a+1;
	223	register u32 *bb = b+1;
	224	register u32 kk = k;
	225	register u32 sa = *a;
	226	register u32 i=1;
	227
	228	/* shift the remaining chunks */
	229	for (; i<sa; i++, aa++, bb++)
	230	bb = ( (((u32)(aa)) >> kk) \| ((((u32)(*(aa+1))) << (NBITS-kk)) & MASK) );
	231
	232	/* shifting last chunk may clear it */
	233	if (((bb = (((u32)(aa)) >> kk)) == 0L) && (sa>1))
	234	sa--;
	235	*b = sa;
	236	return;
	237	}
	238
	239	/* Division of mp numbers:
	240	*
	241	* q = x / y,
	242	* r = x % y
	243	* - Assume y!=0
	244	* - always y*q + r == x,
	245	* - unless y \| x, sign(r) == sign(y)
	246	*
	247	* Result undefined if y = 0.
	248	*/
	249	int mpdiv (mp x1, mp y1, mp q, mp r)
	250	{
	251	register u32 i;
	252	register u32 ii;
	253	register u32 tt;
	254	register u32 imt;
	255
	256	u32 n,t,nt1,was_corrected;
	257	u32 sx, sy;
	258	u32 val, rem, leadingZeros;
	259	u32 qq[2] = {1L, 0L};
	260
	261	u32 xx[LONGEXTSIZE];
	262	u32 yy[EXTSIZE];
	263	u32 ybnt[LONGEXTSIZE];
	264	u32 aux[LONGEXTSIZE];
	265	// used : 4EXTSIZE+4LONGEXTSIZE 32-bit words
	266
	267	CLZ (leadingZeros, y1[*y1]);
	268	leadingZeros -= UNUSEDBITS;
	269
	270	/* normalization */
	271	mplshift(x1, leadingZeros, xx);
	272	mplshift(y1, leadingZeros, yy);
	273
	274	sx = *xx;
	275	sy = *yy;
	276	n = sx-1;
	277	t = sy-1;
	278	tt = t+1;
	279	if (n<t)
	280	{
	281	mpcopy(x1,r);
	282	mpzero(q);
	283	return 1;
	284	}
	285	nt1 = n-t+1;
	286
	287	for (i=0; i<=nt1; i++)
	288	q[i] = 0L;
	289
	290	mpclshift(yy,nt1-1,ybnt);
	291
	292	while (mpcompare(xx,ybnt)>=0)
	293	{
	294	q[nt1]++;
	295	mpsub (xx, ybnt, xx);
	296	}
	297
	298	for (i=n; i>=tt; i--)
	299	{
	300	ii = i+1;
	301	imt = i-t;
	302
	303	if (xx[ii] == yy[tt])
	304	{
	305	q[imt] = RADIX -1;
	306	}
	307	else
	308	{
	309	if (!smalldiv (xx[ii], xx[i], yy[tt], &(q[imt]),&rem))
	310	return 0;
	311	}
	312	if (t>0) {
	313	do
	314	{
	315	/* create xx bar */
	316	val = yy[t-1];
	317	yy[t-1]= (yy[tt]==0)? 1: 2;
	318	/* create qq */
	319	qq[1] = q[imt];
	320	mpmul (yy+t-1,qq,aux);
	321
	322	yy[t-1] = val;
	323
	324	/* create xxp */
	325	val = xx[i-2];
	326	xx[i-2] = ((xx[ii]==0)? ((xx[i]==0)? 1: 2): 3);
	327
	328	if ( mpcompare (aux,xx+i-2) > 0 )
	329	{
	330	was_corrected = 1;
	331	}
	332	else
	333	{
	334	was_corrected = 0;
	335	}
	336
	337	if (was_corrected == 1)
	338	{
	339	q[imt]--;
	340	}
	341
	342	xx[i-2] = val; /* restore xx[i-2] value */
	343	}
	344	while (was_corrected);
	345	}
	346
	347	mpclshift(yy,imt-1,aux);
	348	qq[1] = q[imt];
	349
	350	mpmul (aux, qq, ybnt);
	351	if (mpcompare(ybnt,xx)>0)
	352	{
	353	mpadd (xx, aux, xx);
	354	q[imt]--;
	355	}
	356	mpsub (xx, ybnt, xx);
	357	}
	358	mprshift (xx, leadingZeros, xx); /* because of normalization */
	359
	360	/* adjust lengths */
	361	for (i=nt1; i>1 && !q[i]; i--)
	362	;
	363	*q = i;
	364
	365	for (i=*xx; i>1 && !xx[i]; i--)
	366	;
	367	*xx = i;
	368
	369	/* copy the remainder to r */
	370	mpcopy (xx, r);
	371	return 1;
	372	}
	373
	374	/* Unpack a sequence of 30-bit chunks into 32-bit words, reversing
	375	* the order in the process (so it follows the ordering specified in
	376	* PKCS#1 v2.1 standard. In fact, this implements the IP2OS primitive).
	377	*
	378	* The resulting byte sequence is a valid octet string encoded in the
	379	* given mp number.
	380	*
	381	* n is the desired 32-bit-word size of the sequence (it returns the
	382	* actual size).
	383	* If bit sizes of mp numbers are not multiples of 32 zero padding
	384	* is used.
	385	*
	386	* Assumptions:
	387	* (1) n>= ceil((NBITS*size)/BITSOFLONG)
	388	* (2) size (=length in chunks of src30) > 1
	389	*/
	390
	391	void unpack (mp src30, u32 *dest32, u32 n)
	392	{
	393	register u32 i;
	394	register u32 shift;
	395	register u32 *lsrc30 = src30;
	396	register u32 *ldest32 = dest32;
	397	register u32 mask,w;
	398	register u32 size = *lsrc30;
	399	register u32 dlen = n;
	400
	401	ldest32 += (n-1);
	402	lsrc30++;
	403
	404	shift = 0;
	405
	406	for (i=size; 0<i; i--, lsrc30++, ldest32--)
	407	{
	408	mask = (~0x0UL) << shift;
	409	w = ((*(lsrc30) & mask) << UNUSEDBITS);
	410	if(i != 1) /* all except last iteration */
	411	w \|= (*(lsrc30+1) & ~(mask << UNUSEDBITS));
	412	#ifdef INPUT_IS_NOT_LITTLE_ENDIAN_WORD32_ARRAY
	413	v = ROTR32(w,shift+UNUSEDBITS);
	414	*ldest32 = SWAP(v);
	415	#else
	416	*(ldest32) = ROTR32(w,shift+UNUSEDBITS);
	417	#endif
	418
	419	if (shift == NBITS-UNUSEDBITS)
	420	{
	421	lsrc30++;
	422	i--;
	423	}
	424	shift = (shift+UNUSEDBITS) % 30;
	425	dlen--;
	426	}
	427
	428	/* pad with zero bits if desired size is larger than actual size */
	429	/* dlen could wrap to ~0, check it */
	430	if(dlen < n)
	431	{
	432	ldest32 = dest32;
	433	for (i=0; i<dlen; i++)
	434	*(ldest32++) = 0L;
	435	}
	436	return;
	437	}
	438
	439
	440
	441	/* Pack a sequence of 32-bit words into 30-bit chunks, reversing
	442	* the order in the process (so it follows the ordering specified in
	443	* PKCS#1 v2.1 standard. See the OS2IP primitive).
	444	*
	445	* The resulting sequence is a valid
	446	* representation of the given sequence as a mp number.
	447	*
	448	* n is the size of the input in 32-bit words.
	449	* The implementation assumes src32[n] is a "readable" address and n>=1.
	450	*/
	451
	452	void pack (u32 *src32, mp dest30, u32 n)
	453	{
	454	register u32 *lsrc32 = src32;
	455	register u32 *ldest30 = dest30;
	456	register u32 i;
	457	register u32 shift;
	458	register u32 mask, u, w=0L;
	459
	460	lsrc32 += (n-1);
	461	ldest30++;
	462
	463	/* First piece is always rightmost */
	464	#ifdef INPUT_IS_NOT_LITTLE_ENDIAN_WORD32_ARRAY
	465	u = SWAP(lsrc32);
	466	#else
	467	u = *lsrc32;
	468	#endif
	469	w = u & MASK;
	470	shift = 0;
	471	for (i=1; i<=n; i++, lsrc32--, ldest30++)
	472	{
	473	*ldest30 = ROTL32(w, shift);
	474
	475	/* Compute shifting offset */
	476	shift = ((shift+UNUSEDBITS) % 32);
	477
	478	/* Leftmost piece */
	479	mask = (0xFFFFFFFFUL >> shift);
	480	w = (u & ~mask); /* If shift==0 then ~mask==0 so w==0 */
	481	if (i<n)
	482	{
	483	if ( shift==0 )
	484	{
	485	lsrc32++;
	486	n++;
	487	}
	488	/* Add rightmost piece */
	489	/* Note: If shift==30 then value in (lsrc32-1) is not used, u is always 0 /
	490	#ifdef INPUT_IS_NOT_LITTLE_ENDIAN_WORD32_ARRAY
	491	u = SWAP(lsrc32-1);
	492	#else
	493	u = *(lsrc32-1);
	494	#endif
	495	w \|= ( u & (mask >> UNUSEDBITS));
	496	}
	497	}
	498	/* store last leftmost piece */
	499	*ldest30 = ROTL32(w, shift);
	500
	501	/* adjust length, just in case most significant bits are zero */
	502	for (i=n+1; i>1 && !(*ldest30); i--, ldest30--)
	503	;
	504	*dest30 = i;
	505
	506	return;
	507	}
	508
	509
	510	#define PAD_F (RSA_BITS / 32 - 10)
	511	/*
	512	* RSA Signature Verification (RSA Encryption)
	513	*/
	514	int rsa_decrypt (unsigned long * in, unsigned long * pubkey, unsigned long * decrypted_digest)
	515	{
	516	u32 i;
	517	u32 pad[] = { 0x00302130L, 0x0906052BL, 0x0E03021AL, 0x05000414L };
	518	u32 *lout;
	519
	520	lout = decrypted_digest;
	521
	522	i = rsa_decrypt_raw(in, pubkey, lout);
	523	if(OK != i)
	524	return i;
	525	/* Check Padding */
	526	if (*lout != 0x0001FFFFL)
	527	{
	528	return 0;
	529	}
	530	for (i=0, lout++; (i<PAD_F); i++, lout++)
	531	{
	532	if (*lout != 0xFFFFFFFFL)
	533	{
	534	return 0;
	535	}
	536	}
	537	for (i=0; (i<4); i++, lout++)
	538	{
	539	if (*lout != pad[i])
	540	{
	541	return 0;
	542	}
	543	}
	544
	545	return OK;
	546	}
	547
	548	/*
	549	* RAW RSA Encryption without padding check;
	550	*/
	551
	552	int rsa_decrypt_raw (unsigned long * in, unsigned long * pubkey, unsigned long * out)
	553	{
	554	u32 i;
	555	u32 tmp[LONGEXTSIZE];
	556	u32 input[EXTSIZE];
	557	u32 output[EXTSIZE];
	558	u32 modulus[EXTSIZE];
	559	u32 *lout;
	560
	561	lout = out;
	562
	563	/* Packing modulus */
	564	pack ((u32 *)pubkey, modulus, MPSIZE/BITSOFLONG);
	565
	566	/* Packing the input */
	567	pack ((u32 *)in, input, MPSIZE/BITSOFLONG);
	568
	569	mpcopy (input, output);
	570	for (i=0; i<17; i++)
	571	{
	572	mpmul(output, (i==16)? input: output, tmp);
	573	if (!mpdiv (tmp, modulus, tmp, output))
	574	{
	575	return 0;
	576	}
	577	}
	578
	579	/* Unpack RSA result */
	580	unpack (output, lout, MPSIZE/BITSOFLONG);
	581
	582	return OK;
	583	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: svn/trunk/newcon3bcm2_21bu/dta/src/bootloader/rsa/mp2.c

Download in other formats: