2 * FILE: d0_bignum-openssl.c
3 * AUTHOR: Rudolf Polzer - divVerent@xonotic.org
5 * Copyright (c) 2010, Rudolf Polzer
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the copyright holder nor the names of contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 /* NOTE: this file links against openssl (http://www.openssl.org), which is
37 * under the OpenSSL License. You may have to abide to its terms too if you use
39 * To alternatively link to GMP, provide the option --without-openssl to
43 #include "d0_bignum.h"
47 #include <openssl/bn.h>
48 #include <openssl/crypto.h>
50 // for stupid OpenSSL versions in Mac OS X
51 #ifndef BN_is_negative
52 #define BN_is_negative(a) ((a)->neg != 0)
53 #define BN_set_negative(a,n) ((a)->neg = ((n) && !BN_is_zero(a)))
61 static d0_bignum_t temp;
63 static unsigned char numbuf[65536];
64 static void *tempmutex = NULL; // hold this mutex when using ctx or temp or numbuf
71 void locking_function(int mode, int l, const char *file, int line)
74 if(mode & CRYPTO_LOCK)
80 typedef struct CRYPTO_dynlock_value
85 struct CRYPTO_dynlock_value *dyn_create_function(const char *file, int line)
87 return (struct CRYPTO_dynlock_value *) d0_createmutex();
90 void dyn_lock_function(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)
93 if(mode & CRYPTO_LOCK)
99 void dyn_destroy_function(struct CRYPTO_dynlock_value *l, const char *file, int line)
101 void *m = (void *) l;
105 D0_WARN_UNUSED_RESULT D0_BOOL d0_bignum_INITIALIZE(void)
109 unsigned char buf[256];
112 tempmutex = d0_createmutex();
113 d0_lockmutex(tempmutex);
115 n = CRYPTO_num_locks();
116 locks = d0_malloc(n * sizeof(*locks));
117 for(i = 0; i < n; ++i)
118 locks[i] = d0_createmutex();
120 CRYPTO_set_locking_callback(locking_function);
121 CRYPTO_set_dynlock_create_callback(dyn_create_function);
122 CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
123 CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
126 d0_bignum_init(&temp);
130 HCRYPTPROV hCryptProv;
131 if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
133 if(!CryptGenRandom(hCryptProv, sizeof(buf), (PBYTE) &buf[0]))
135 fprintf(stderr, "WARNING: could not initialize random number generator (CryptGenRandom failed)\n");
138 CryptReleaseContext(hCryptProv, 0);
140 else if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_NEWKEYSET))
142 if(!CryptGenRandom(hCryptProv, sizeof(buf), (PBYTE) &buf[0]))
144 fprintf(stderr, "WARNING: could not initialize random number generator (CryptGenRandom failed)\n");
147 CryptReleaseContext(hCryptProv, 0);
151 fprintf(stderr, "WARNING: could not initialize random number generator (CryptAcquireContext failed)\n");
156 f = fopen("/dev/urandom", "rb");
158 f = fopen("/dev/random", "rb");
162 if(fread(buf, sizeof(buf), 1, f) != 1)
164 fprintf(stderr, "WARNING: could not initialize random number generator (read from random device failed)\n");
171 fprintf(stderr, "WARNING: could not initialize random number generator (no random device found)\n");
175 RAND_add(buf, sizeof(buf), sizeof(buf));
177 d0_unlockmutex(tempmutex);
180 // FIXME initialize the RNG on Windows on UNIX it is done right already
183 void d0_bignum_SHUTDOWN(void)
187 d0_lockmutex(tempmutex);
189 d0_bignum_clear(&temp);
193 n = CRYPTO_num_locks();
194 for(i = 0; i < n; ++i)
195 d0_destroymutex(locks[i]);
198 d0_unlockmutex(tempmutex);
199 d0_destroymutex(tempmutex);
203 D0_BOOL d0_iobuf_write_bignum(d0_iobuf_t *buf, const d0_bignum_t *bignum)
208 d0_lockmutex(tempmutex);
209 numbuf[0] = BN_is_zero(&bignum->z) ? 0 : BN_is_negative(&bignum->z) ? 3 : 1;
210 if((numbuf[0] & 3) != 0) // nonzero
212 count = BN_num_bytes(&bignum->z);
213 if(count > sizeof(numbuf) - 1)
215 d0_unlockmutex(tempmutex);
218 BN_bn2bin(&bignum->z, numbuf+1);
220 ret = d0_iobuf_write_packet(buf, numbuf, count + 1);
221 d0_unlockmutex(tempmutex);
225 d0_bignum_t *d0_iobuf_read_bignum(d0_iobuf_t *buf, d0_bignum_t *bignum)
227 size_t count = sizeof(numbuf);
229 d0_lockmutex(tempmutex);
230 if(!d0_iobuf_read_packet(buf, numbuf, &count))
232 d0_unlockmutex(tempmutex);
237 d0_unlockmutex(tempmutex);
241 bignum = d0_bignum_new();
244 d0_unlockmutex(tempmutex);
247 if(numbuf[0] & 3) // nonzero
249 BN_bin2bn(numbuf+1, count-1, &bignum->z);
250 if(numbuf[0] & 2) // negative
251 BN_set_negative(&bignum->z, 1);
257 d0_unlockmutex(tempmutex);
261 ssize_t d0_bignum_export_unsigned(const d0_bignum_t *bignum, void *buf, size_t bufsize)
264 count = BN_num_bytes(&bignum->z);
269 // pad from left (big endian numbers!)
270 memset(buf, 0, bufsize - count);
271 buf += bufsize - count;
273 BN_bn2bin(&bignum->z, buf);
277 d0_bignum_t *d0_bignum_import_unsigned(d0_bignum_t *bignum, const void *buf, size_t bufsize)
280 if(!bignum) bignum = d0_bignum_new(); if(!bignum) return NULL;
281 BN_bin2bn(buf, bufsize, &bignum->z);
285 d0_bignum_t *d0_bignum_new(void)
287 d0_bignum_t *b = d0_malloc(sizeof(d0_bignum_t));
292 void d0_bignum_free(d0_bignum_t *a)
298 void d0_bignum_init(d0_bignum_t *b)
303 void d0_bignum_clear(d0_bignum_t *a)
308 size_t d0_bignum_size(const d0_bignum_t *r)
310 return BN_num_bits(&r->z);
313 int d0_bignum_cmp(const d0_bignum_t *a, const d0_bignum_t *b)
315 return BN_cmp(&a->z, &b->z);
318 d0_bignum_t *d0_bignum_rand_range(d0_bignum_t *r, const d0_bignum_t *min, const d0_bignum_t *max)
320 if(!r) r = d0_bignum_new(); if(!r) return NULL;
321 d0_lockmutex(tempmutex);
322 BN_sub(&temp.z, &max->z, &min->z);
323 BN_rand_range(&r->z, &temp.z);
324 d0_unlockmutex(tempmutex);
325 BN_add(&r->z, &r->z, &min->z);
329 d0_bignum_t *d0_bignum_rand_bit_atmost(d0_bignum_t *r, size_t n)
331 if(!r) r = d0_bignum_new(); if(!r) return NULL;
332 BN_rand(&r->z, n, -1, 0);
336 d0_bignum_t *d0_bignum_rand_bit_exact(d0_bignum_t *r, size_t n)
338 if(!r) r = d0_bignum_new(); if(!r) return NULL;
339 BN_rand(&r->z, n, 0, 0);
343 d0_bignum_t *d0_bignum_zero(d0_bignum_t *r)
345 if(!r) r = d0_bignum_new(); if(!r) return NULL;
350 d0_bignum_t *d0_bignum_one(d0_bignum_t *r)
352 if(!r) r = d0_bignum_new(); if(!r) return NULL;
357 d0_bignum_t *d0_bignum_int(d0_bignum_t *r, int n)
359 if(!r) r = d0_bignum_new(); if(!r) return NULL;
360 BN_set_word(&r->z, n);
364 d0_bignum_t *d0_bignum_mov(d0_bignum_t *r, const d0_bignum_t *a)
368 if(!r) r = d0_bignum_new(); if(!r) return NULL;
369 BN_copy(&r->z, &a->z);
373 d0_bignum_t *d0_bignum_neg(d0_bignum_t *r, const d0_bignum_t *a)
375 if(!r) r = d0_bignum_new(); if(!r) return NULL;
377 BN_copy(&r->z, &a->z);
378 BN_set_negative(&r->z, !BN_is_negative(&r->z));
382 d0_bignum_t *d0_bignum_shl(d0_bignum_t *r, const d0_bignum_t *a, ssize_t n)
384 if(!r) r = d0_bignum_new(); if(!r) return NULL;
386 BN_lshift(&r->z, &a->z, n);
388 BN_rshift(&r->z, &a->z, -n);
390 BN_copy(&r->z, &a->z);
394 d0_bignum_t *d0_bignum_add(d0_bignum_t *r, const d0_bignum_t *a, const d0_bignum_t *b)
396 if(!r) r = d0_bignum_new(); if(!r) return NULL;
397 BN_add(&r->z, &a->z, &b->z);
401 d0_bignum_t *d0_bignum_sub(d0_bignum_t *r, const d0_bignum_t *a, const d0_bignum_t *b)
403 if(!r) r = d0_bignum_new(); if(!r) return NULL;
404 BN_sub(&r->z, &a->z, &b->z);
408 d0_bignum_t *d0_bignum_mul(d0_bignum_t *r, const d0_bignum_t *a, const d0_bignum_t *b)
410 if(!r) r = d0_bignum_new(); if(!r) return NULL;
411 d0_lockmutex(tempmutex);
412 BN_mul(&r->z, &a->z, &b->z, ctx);
413 d0_unlockmutex(tempmutex);
417 d0_bignum_t *d0_bignum_divmod(d0_bignum_t *q, d0_bignum_t *m, const d0_bignum_t *a, const d0_bignum_t *b)
421 d0_lockmutex(tempmutex);
425 BN_div(&q->z, &m->z, &a->z, &b->z, ctx);
427 BN_div(&q->z, NULL, &a->z, &b->z, ctx);
428 assert(!"I know this code is broken (rounds towards zero), need handle negative correctly");
431 BN_nnmod(&m->z, &a->z, &b->z, ctx);
432 d0_unlockmutex(tempmutex);
439 d0_bignum_t *d0_bignum_mod_add(d0_bignum_t *r, const d0_bignum_t *a, const d0_bignum_t *b, const d0_bignum_t *m)
441 if(!r) r = d0_bignum_new(); if(!r) return NULL;
442 d0_lockmutex(tempmutex);
443 BN_mod_add(&r->z, &a->z, &b->z, &m->z, ctx);
444 d0_unlockmutex(tempmutex);
448 d0_bignum_t *d0_bignum_mod_sub(d0_bignum_t *r, const d0_bignum_t *a, const d0_bignum_t *b, const d0_bignum_t *m)
450 if(!r) r = d0_bignum_new(); if(!r) return NULL;
451 d0_lockmutex(tempmutex);
452 BN_mod_sub(&r->z, &a->z, &b->z, &m->z, ctx);
453 d0_unlockmutex(tempmutex);
457 d0_bignum_t *d0_bignum_mod_mul(d0_bignum_t *r, const d0_bignum_t *a, const d0_bignum_t *b, const d0_bignum_t *m)
459 if(!r) r = d0_bignum_new(); if(!r) return NULL;
460 d0_lockmutex(tempmutex);
461 BN_mod_mul(&r->z, &a->z, &b->z, &m->z, ctx);
462 d0_unlockmutex(tempmutex);
466 d0_bignum_t *d0_bignum_mod_pow(d0_bignum_t *r, const d0_bignum_t *a, const d0_bignum_t *b, const d0_bignum_t *m)
468 if(!r) r = d0_bignum_new(); if(!r) return NULL;
469 d0_lockmutex(tempmutex);
470 BN_mod_exp(&r->z, &a->z, &b->z, &m->z, ctx);
471 d0_unlockmutex(tempmutex);
475 D0_BOOL d0_bignum_mod_inv(d0_bignum_t *r, const d0_bignum_t *a, const d0_bignum_t *m)
477 // here, r MUST be set, as otherwise we cannot return error state!
479 d0_lockmutex(tempmutex);
480 ret = !!BN_mod_inverse(&r->z, &a->z, &m->z, ctx);
481 d0_unlockmutex(tempmutex);
485 int d0_bignum_isprime(const d0_bignum_t *r, int param)
488 d0_lockmutex(tempmutex);
490 ret = BN_is_prime_fasttest(&r->z, 1, NULL, ctx, NULL, 1);
492 ret = BN_is_prime(&r->z, param, NULL, ctx, NULL);
493 d0_unlockmutex(tempmutex);
497 d0_bignum_t *d0_bignum_gcd(d0_bignum_t *r, d0_bignum_t *s, d0_bignum_t *t, const d0_bignum_t *a, const d0_bignum_t *b)
499 if(!r) r = d0_bignum_new(); if(!r) return NULL;
501 assert(!"Extended gcd not implemented");
503 assert(!"Extended gcd not implemented");
506 d0_lockmutex(tempmutex);
507 BN_gcd(&r->z, &a->z, &b->z, ctx);
508 d0_unlockmutex(tempmutex);
513 char *d0_bignum_tostring(const d0_bignum_t *x, unsigned int base)
519 s = BN_bn2dec(&x->z);
521 s = BN_bn2hex(&x->z);
523 assert(!"Other bases not implemented");