1*6dd041f3Sbeck /* $OpenBSD: bn.h,v 1.78 2024/04/10 14:58:06 beck Exp $ */ 2913ec974Sbeck /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) 3913ec974Sbeck * All rights reserved. 4913ec974Sbeck * 5913ec974Sbeck * This package is an SSL implementation written 6913ec974Sbeck * by Eric Young (eay@cryptsoft.com). 7913ec974Sbeck * The implementation was written so as to conform with Netscapes SSL. 8913ec974Sbeck * 9913ec974Sbeck * This library is free for commercial and non-commercial use as long as 10913ec974Sbeck * the following conditions are aheared to. The following conditions 11913ec974Sbeck * apply to all code found in this distribution, be it the RC4, RSA, 12913ec974Sbeck * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13913ec974Sbeck * included with this distribution is covered by the same copyright terms 14913ec974Sbeck * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15913ec974Sbeck * 16913ec974Sbeck * Copyright remains Eric Young's, and as such any Copyright notices in 17913ec974Sbeck * the code are not to be removed. 18913ec974Sbeck * If this package is used in a product, Eric Young should be given attribution 19913ec974Sbeck * as the author of the parts of the library used. 20913ec974Sbeck * This can be in the form of a textual message at program startup or 21913ec974Sbeck * in documentation (online or textual) provided with the package. 22913ec974Sbeck * 23913ec974Sbeck * Redistribution and use in source and binary forms, with or without 24913ec974Sbeck * modification, are permitted provided that the following conditions 25913ec974Sbeck * are met: 26913ec974Sbeck * 1. Redistributions of source code must retain the copyright 27913ec974Sbeck * notice, this list of conditions and the following disclaimer. 28913ec974Sbeck * 2. Redistributions in binary form must reproduce the above copyright 29913ec974Sbeck * notice, this list of conditions and the following disclaimer in the 30913ec974Sbeck * documentation and/or other materials provided with the distribution. 31913ec974Sbeck * 3. All advertising materials mentioning features or use of this software 32913ec974Sbeck * must display the following acknowledgement: 33913ec974Sbeck * "This product includes cryptographic software written by 34913ec974Sbeck * Eric Young (eay@cryptsoft.com)" 35913ec974Sbeck * The word 'cryptographic' can be left out if the rouines from the library 36913ec974Sbeck * being used are not cryptographic related :-). 37913ec974Sbeck * 4. If you include any Windows specific code (or a derivative thereof) from 38913ec974Sbeck * the apps directory (application code) you must include an acknowledgement: 39913ec974Sbeck * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40913ec974Sbeck * 41913ec974Sbeck * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42913ec974Sbeck * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43913ec974Sbeck * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44913ec974Sbeck * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45913ec974Sbeck * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46913ec974Sbeck * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47913ec974Sbeck * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48913ec974Sbeck * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49913ec974Sbeck * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50913ec974Sbeck * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51913ec974Sbeck * SUCH DAMAGE. 52913ec974Sbeck * 53913ec974Sbeck * The licence and distribution terms for any publically available version or 54913ec974Sbeck * derivative of this code cannot be changed. i.e. this code cannot simply be 55913ec974Sbeck * copied and put under another distribution licence 56913ec974Sbeck * [including the GNU Public Licence.] 57913ec974Sbeck */ 584fcf65c5Sdjm /* ==================================================================== 590a5d6edeSdjm * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 600a5d6edeSdjm * 610a5d6edeSdjm * Redistribution and use in source and binary forms, with or without 620a5d6edeSdjm * modification, are permitted provided that the following conditions 630a5d6edeSdjm * are met: 640a5d6edeSdjm * 650a5d6edeSdjm * 1. Redistributions of source code must retain the above copyright 660a5d6edeSdjm * notice, this list of conditions and the following disclaimer. 670a5d6edeSdjm * 680a5d6edeSdjm * 2. Redistributions in binary form must reproduce the above copyright 690a5d6edeSdjm * notice, this list of conditions and the following disclaimer in 700a5d6edeSdjm * the documentation and/or other materials provided with the 710a5d6edeSdjm * distribution. 720a5d6edeSdjm * 730a5d6edeSdjm * 3. All advertising materials mentioning features or use of this 740a5d6edeSdjm * software must display the following acknowledgment: 750a5d6edeSdjm * "This product includes software developed by the OpenSSL Project 760a5d6edeSdjm * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 770a5d6edeSdjm * 780a5d6edeSdjm * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 790a5d6edeSdjm * endorse or promote products derived from this software without 800a5d6edeSdjm * prior written permission. For written permission, please contact 810a5d6edeSdjm * openssl-core@openssl.org. 820a5d6edeSdjm * 830a5d6edeSdjm * 5. Products derived from this software may not be called "OpenSSL" 840a5d6edeSdjm * nor may "OpenSSL" appear in their names without prior written 850a5d6edeSdjm * permission of the OpenSSL Project. 860a5d6edeSdjm * 870a5d6edeSdjm * 6. Redistributions of any form whatsoever must retain the following 880a5d6edeSdjm * acknowledgment: 890a5d6edeSdjm * "This product includes software developed by the OpenSSL Project 900a5d6edeSdjm * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 910a5d6edeSdjm * 920a5d6edeSdjm * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 930a5d6edeSdjm * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 940a5d6edeSdjm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 950a5d6edeSdjm * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 960a5d6edeSdjm * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 970a5d6edeSdjm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 980a5d6edeSdjm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 990a5d6edeSdjm * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 1000a5d6edeSdjm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 1010a5d6edeSdjm * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 1020a5d6edeSdjm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 1030a5d6edeSdjm * OF THE POSSIBILITY OF SUCH DAMAGE. 1040a5d6edeSdjm * ==================================================================== 1050a5d6edeSdjm * 1060a5d6edeSdjm * This product includes cryptographic software written by Eric Young 1070a5d6edeSdjm * (eay@cryptsoft.com). This product includes software written by Tim 1080a5d6edeSdjm * Hudson (tjh@cryptsoft.com). 1090a5d6edeSdjm * 1100a5d6edeSdjm */ 1110a5d6edeSdjm /* ==================================================================== 1124fcf65c5Sdjm * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 1134fcf65c5Sdjm * 1144fcf65c5Sdjm * Portions of the attached software ("Contribution") are developed by 1154fcf65c5Sdjm * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 1164fcf65c5Sdjm * 1174fcf65c5Sdjm * The Contribution is licensed pursuant to the Eric Young open source 1184fcf65c5Sdjm * license provided above. 1194fcf65c5Sdjm * 1204fcf65c5Sdjm * The binary polynomial arithmetic software is originally written by 1214fcf65c5Sdjm * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. 1224fcf65c5Sdjm * 1234fcf65c5Sdjm */ 124913ec974Sbeck 125913ec974Sbeck #ifndef HEADER_BN_H 126913ec974Sbeck #define HEADER_BN_H 127913ec974Sbeck 128ef624301Sjsing #include <stdio.h> 129ef624301Sjsing #include <stdlib.h> 130ef624301Sjsing 13120175b85Sjsing #include <openssl/opensslconf.h> 13220175b85Sjsing 1334fcf65c5Sdjm #include <openssl/ossl_typ.h> 1340a5d6edeSdjm #include <openssl/crypto.h> 135c7d4b57fSbeck #include <openssl/bio.h> 136913ec974Sbeck 137913ec974Sbeck #ifdef __cplusplus 138913ec974Sbeck extern "C" { 139913ec974Sbeck #endif 140913ec974Sbeck 141913ec974Sbeck /* This next option uses the C libraries (2 word)/(1 word) function. 142913ec974Sbeck * If it is not defined, I use my C version (which is slower). 143913ec974Sbeck * The reason for this flag is that when the particular C compiler 144913ec974Sbeck * library routine is used, and the library is linked with a different 145913ec974Sbeck * compiler, the library is missing. This mostly happens when the 146ba5406e9Sbeck * library is built with gcc and then linked using normal cc. This would 147ba5406e9Sbeck * be a common occurrence because gcc normally produces code that is 148913ec974Sbeck * 2 times faster than system compilers for the big number stuff. 149913ec974Sbeck * For machines with only one compiler (or shared libraries), this should 150913ec974Sbeck * be on. Again this in only really a problem on machines 151ba5406e9Sbeck * using "long long's", are 32bit, and are not using my assembler code. */ 1529e593c41Smiod /* #define BN_DIV2W */ 153913ec974Sbeck 154012ec40aSmiod #ifdef _LP64 155012ec40aSmiod #undef BN_LLONG 156913ec974Sbeck #define BN_ULONG unsigned long 157913ec974Sbeck #define BN_LONG long 158913ec974Sbeck #define BN_BITS 128 159913ec974Sbeck #define BN_BYTES 8 160913ec974Sbeck #define BN_BITS2 64 161913ec974Sbeck #define BN_BITS4 32 162913ec974Sbeck #define BN_MASK2 (0xffffffffffffffffL) 163913ec974Sbeck #define BN_MASK2l (0xffffffffL) 164913ec974Sbeck #define BN_MASK2h (0xffffffff00000000L) 165913ec974Sbeck #define BN_MASK2h1 (0xffffffff80000000L) 166913ec974Sbeck #define BN_TBIT (0x8000000000000000L) 167913ec974Sbeck #define BN_DEC_CONV (10000000000000000000UL) 168913ec974Sbeck #define BN_DEC_FMT1 "%lu" 169913ec974Sbeck #define BN_DEC_FMT2 "%019lu" 170913ec974Sbeck #define BN_DEC_NUM 19 1710a5d6edeSdjm #define BN_HEX_FMT1 "%lX" 1720a5d6edeSdjm #define BN_HEX_FMT2 "%016lX" 173913ec974Sbeck #else 174913ec974Sbeck #define BN_ULLONG unsigned long long 175012ec40aSmiod #define BN_LLONG 1760a5d6edeSdjm #define BN_ULONG unsigned int 1770a5d6edeSdjm #define BN_LONG int 178913ec974Sbeck #define BN_BITS 64 179913ec974Sbeck #define BN_BYTES 4 180913ec974Sbeck #define BN_BITS2 32 181913ec974Sbeck #define BN_BITS4 16 182012ec40aSmiod #define BN_MASK (0xffffffffffffffffLL) 183913ec974Sbeck #define BN_MASK2 (0xffffffffL) 184913ec974Sbeck #define BN_MASK2l (0xffff) 185913ec974Sbeck #define BN_MASK2h1 (0xffff8000L) 186913ec974Sbeck #define BN_MASK2h (0xffff0000L) 187913ec974Sbeck #define BN_TBIT (0x80000000L) 188913ec974Sbeck #define BN_DEC_CONV (1000000000L) 1890a5d6edeSdjm #define BN_DEC_FMT1 "%u" 1900a5d6edeSdjm #define BN_DEC_FMT2 "%09u" 191913ec974Sbeck #define BN_DEC_NUM 9 1920a5d6edeSdjm #define BN_HEX_FMT1 "%X" 1930a5d6edeSdjm #define BN_HEX_FMT2 "%08X" 194913ec974Sbeck #endif 195913ec974Sbeck 196913ec974Sbeck #define BN_FLG_MALLOCED 0x01 197913ec974Sbeck #define BN_FLG_STATIC_DATA 0x02 1984fcf65c5Sdjm #define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing, 1994fcf65c5Sdjm * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, 2004fcf65c5Sdjm * BN_div() will call BN_div_no_branch, 2014fcf65c5Sdjm * BN_mod_inverse() will call BN_mod_inverse_no_branch. 2024fcf65c5Sdjm */ 2034fcf65c5Sdjm 204bc7751b7Stb void BN_set_flags(BIGNUM *b, int n); 205bc7751b7Stb int BN_get_flags(const BIGNUM *b, int n); 206bc7751b7Stb void BN_with_flags(BIGNUM *dest, const BIGNUM *src, int flags); 207913ec974Sbeck 208a096d42eStb /* Values for |top| in BN_rand() */ 209a096d42eStb #define BN_RAND_TOP_ANY -1 210a096d42eStb #define BN_RAND_TOP_ONE 0 211a096d42eStb #define BN_RAND_TOP_TWO 1 212a096d42eStb 213a096d42eStb /* Values for |bottom| in BN_rand() */ 214a096d42eStb #define BN_RAND_BOTTOM_ANY 0 215a096d42eStb #define BN_RAND_BOTTOM_ODD 1 216a096d42eStb 21734b1aa35Sjsing BN_GENCB *BN_GENCB_new(void); 21834b1aa35Sjsing void BN_GENCB_free(BN_GENCB *cb); 21934b1aa35Sjsing 2204fcf65c5Sdjm /* Wrapper function to make using BN_GENCB easier, */ 2214fcf65c5Sdjm int BN_GENCB_call(BN_GENCB *cb, int a, int b); 2226bbb7399Stb 2236bbb7399Stb /* Populate a BN_GENCB structure with an "old"-style callback */ 2246bbb7399Stb void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback)(int, int, void *), 2256bbb7399Stb void *cb_arg); 2266bbb7399Stb 2276bbb7399Stb /* Populate a BN_GENCB structure with a "new"-style callback */ 2286bbb7399Stb void BN_GENCB_set(BN_GENCB *gencb, int (*callback)(int, int, BN_GENCB *), 2296bbb7399Stb void *cb_arg); 2306bbb7399Stb 2316bbb7399Stb void *BN_GENCB_get_arg(BN_GENCB *cb); 232913ec974Sbeck 233ba5406e9Sbeck #define BN_prime_checks 0 /* default: select number of iterations 234ba5406e9Sbeck based on the size of the number */ 235ba5406e9Sbeck 23656a8f046Sschwarze /* 23756a8f046Sschwarze * BN_prime_checks_for_size() returns the number of Miller-Rabin 23856a8f046Sschwarze * iterations that will be done for checking that a random number 23956a8f046Sschwarze * is probably prime. The error rate for accepting a composite 24056a8f046Sschwarze * number as prime depends on the size of the prime |b|. The error 24156a8f046Sschwarze * rates used are for calculating an RSA key with 2 primes, and so 24256a8f046Sschwarze * the level is what you would expect for a key of double the size 24356a8f046Sschwarze * of the prime. 24456a8f046Sschwarze * 24556a8f046Sschwarze * This table is generated using the algorithm of FIPS PUB 186-4 24656a8f046Sschwarze * Digital Signature Standard (DSS), section F.1, page 117. 24756a8f046Sschwarze * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) 24856a8f046Sschwarze * 24956a8f046Sschwarze * The following magma script was used to generate the output: 25056a8f046Sschwarze * securitybits:=125; 25156a8f046Sschwarze * k:=1024; 25256a8f046Sschwarze * for t:=1 to 65 do 25356a8f046Sschwarze * for M:=3 to Floor(2*Sqrt(k-1)-1) do 25456a8f046Sschwarze * S:=0; 25556a8f046Sschwarze * // Sum over m 25656a8f046Sschwarze * for m:=3 to M do 25756a8f046Sschwarze * s:=0; 25856a8f046Sschwarze * // Sum over j 25956a8f046Sschwarze * for j:=2 to m do 26056a8f046Sschwarze * s+:=(RealField(32)!2)^-(j+(k-1)/j); 26156a8f046Sschwarze * end for; 26256a8f046Sschwarze * S+:=2^(m-(m-1)*t)*s; 26356a8f046Sschwarze * end for; 26456a8f046Sschwarze * A:=2^(k-2-M*t); 26556a8f046Sschwarze * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; 26656a8f046Sschwarze * pkt:=2.00743*Log(2)*k*2^-k*(A+B); 26756a8f046Sschwarze * seclevel:=Floor(-Log(2,pkt)); 26856a8f046Sschwarze * if seclevel ge securitybits then 26956a8f046Sschwarze * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; 27056a8f046Sschwarze * break; 27156a8f046Sschwarze * end if; 27256a8f046Sschwarze * end for; 27356a8f046Sschwarze * if seclevel ge securitybits then break; end if; 27456a8f046Sschwarze * end for; 27556a8f046Sschwarze * 27656a8f046Sschwarze * It can be run online at: 27756a8f046Sschwarze * http://magma.maths.usyd.edu.au/calc 27856a8f046Sschwarze * 27956a8f046Sschwarze * And will output: 28056a8f046Sschwarze * k: 1024, security: 129 bits (t: 6, M: 23) 28156a8f046Sschwarze * 28256a8f046Sschwarze * k is the number of bits of the prime, securitybits is the level 28356a8f046Sschwarze * we want to reach. 28456a8f046Sschwarze * 28556a8f046Sschwarze * prime length | RSA key size | # MR tests | security level 28656a8f046Sschwarze * -------------+--------------|------------+--------------- 28756a8f046Sschwarze * (b) >= 6394 | >= 12788 | 3 | 256 bit 28856a8f046Sschwarze * (b) >= 3747 | >= 7494 | 3 | 192 bit 28956a8f046Sschwarze * (b) >= 1345 | >= 2690 | 4 | 128 bit 29056a8f046Sschwarze * (b) >= 1080 | >= 2160 | 5 | 128 bit 29156a8f046Sschwarze * (b) >= 852 | >= 1704 | 5 | 112 bit 29256a8f046Sschwarze * (b) >= 476 | >= 952 | 5 | 80 bit 29356a8f046Sschwarze * (b) >= 400 | >= 800 | 6 | 80 bit 29456a8f046Sschwarze * (b) >= 347 | >= 694 | 7 | 80 bit 29556a8f046Sschwarze * (b) >= 308 | >= 616 | 8 | 80 bit 29656a8f046Sschwarze * (b) >= 55 | >= 110 | 27 | 64 bit 29756a8f046Sschwarze * (b) >= 6 | >= 12 | 34 | 64 bit 29856a8f046Sschwarze */ 29956a8f046Sschwarze 30056a8f046Sschwarze #define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ 30156a8f046Sschwarze (b) >= 1345 ? 4 : \ 30256a8f046Sschwarze (b) >= 476 ? 5 : \ 30356a8f046Sschwarze (b) >= 400 ? 6 : \ 30456a8f046Sschwarze (b) >= 347 ? 7 : \ 30556a8f046Sschwarze (b) >= 308 ? 8 : \ 30656a8f046Sschwarze (b) >= 55 ? 27 : \ 30756a8f046Sschwarze /* b >= 6 */ 34) 308913ec974Sbeck 309913ec974Sbeck #define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) 310da347917Sbeck 3116c6e9911Stb int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); 3126c6e9911Stb int BN_is_zero(const BIGNUM *a); 3136c6e9911Stb int BN_is_one(const BIGNUM *a); 3146c6e9911Stb int BN_is_word(const BIGNUM *a, const BN_ULONG w); 3156c6e9911Stb int BN_is_odd(const BIGNUM *a); 3166c6e9911Stb 317ce6fd31bSjsing void BN_zero(BIGNUM *a); 318ce6fd31bSjsing int BN_one(BIGNUM *a); 319913ec974Sbeck 320da347917Sbeck const BIGNUM *BN_value_one(void); 321913ec974Sbeck BN_CTX *BN_CTX_new(void); 322913ec974Sbeck void BN_CTX_free(BN_CTX *c); 323ba5406e9Sbeck void BN_CTX_start(BN_CTX *ctx); 324ba5406e9Sbeck BIGNUM *BN_CTX_get(BN_CTX *ctx); 325ba5406e9Sbeck void BN_CTX_end(BN_CTX *ctx); 326913ec974Sbeck int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); 327ba5406e9Sbeck int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); 328e6841c1dSdjm int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); 329e6841c1dSdjm int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); 330913ec974Sbeck int BN_num_bits(const BIGNUM *a); 331913ec974Sbeck int BN_num_bits_word(BN_ULONG); 332913ec974Sbeck BIGNUM *BN_new(void); 333913ec974Sbeck void BN_clear_free(BIGNUM *a); 334913ec974Sbeck BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); 335da347917Sbeck void BN_swap(BIGNUM *a, BIGNUM *b); 336913ec974Sbeck BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); 337913ec974Sbeck int BN_bn2bin(const BIGNUM *a, unsigned char *to); 338240e4e8fStb int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); 339240e4e8fStb BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); 340240e4e8fStb int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); 341da347917Sbeck BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); 342913ec974Sbeck int BN_bn2mpi(const BIGNUM *a, unsigned char *to); 343913ec974Sbeck int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 344913ec974Sbeck int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 345913ec974Sbeck int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 346ba5406e9Sbeck int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 347da347917Sbeck int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); 348da347917Sbeck int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); 3494fcf65c5Sdjm void BN_set_negative(BIGNUM *b, int n); 3507eab7658Stb 3517eab7658Stb int BN_is_negative(const BIGNUM *b); 352da347917Sbeck 353913ec974Sbeck int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, 354913ec974Sbeck BN_CTX *ctx); 355da347917Sbeck #define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) 356*6dd041f3Sbeck 357da347917Sbeck int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); 358da347917Sbeck int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); 359da347917Sbeck int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); 360da347917Sbeck int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); 361da347917Sbeck int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); 362da347917Sbeck int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 363da347917Sbeck const BIGNUM *m, BN_CTX *ctx); 364da347917Sbeck int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); 365da347917Sbeck int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); 366da347917Sbeck int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); 367da347917Sbeck int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx); 368da347917Sbeck int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); 369da347917Sbeck 370ba5406e9Sbeck BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); 371913ec974Sbeck BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); 372913ec974Sbeck int BN_mul_word(BIGNUM *a, BN_ULONG w); 373913ec974Sbeck int BN_add_word(BIGNUM *a, BN_ULONG w); 374913ec974Sbeck int BN_sub_word(BIGNUM *a, BN_ULONG w); 375913ec974Sbeck int BN_set_word(BIGNUM *a, BN_ULONG w); 376da347917Sbeck BN_ULONG BN_get_word(const BIGNUM *a); 377da347917Sbeck 378913ec974Sbeck int BN_cmp(const BIGNUM *a, const BIGNUM *b); 379913ec974Sbeck void BN_free(BIGNUM *a); 380913ec974Sbeck int BN_is_bit_set(const BIGNUM *a, int n); 381913ec974Sbeck int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); 382da347917Sbeck int BN_lshift1(BIGNUM *r, const BIGNUM *a); 383da347917Sbeck int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); 384da347917Sbeck 385da347917Sbeck int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 386913ec974Sbeck const BIGNUM *m, BN_CTX *ctx); 387da347917Sbeck int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 388913ec974Sbeck const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 3896d388760Sdjm int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, 3906d388760Sdjm const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); 391da347917Sbeck 392913ec974Sbeck int BN_mask_bits(BIGNUM *a, int n); 393ba5406e9Sbeck int BN_print_fp(FILE *fp, const BIGNUM *a); 394913ec974Sbeck int BN_print(BIO *fp, const BIGNUM *a); 395da347917Sbeck int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); 396da347917Sbeck int BN_rshift1(BIGNUM *r, const BIGNUM *a); 397913ec974Sbeck void BN_clear(BIGNUM *a); 398913ec974Sbeck BIGNUM *BN_dup(const BIGNUM *a); 399913ec974Sbeck int BN_ucmp(const BIGNUM *a, const BIGNUM *b); 400913ec974Sbeck int BN_set_bit(BIGNUM *a, int n); 401913ec974Sbeck int BN_clear_bit(BIGNUM *a, int n); 402913ec974Sbeck char * BN_bn2hex(const BIGNUM *a); 403913ec974Sbeck char * BN_bn2dec(const BIGNUM *a); 404913ec974Sbeck int BN_hex2bn(BIGNUM **a, const char *str); 405913ec974Sbeck int BN_dec2bn(BIGNUM **a, const char *str); 4060a5d6edeSdjm int BN_asc2bn(BIGNUM **a, const char *str); 407da347917Sbeck int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); 408da347917Sbeck int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */ 409da347917Sbeck BIGNUM *BN_mod_inverse(BIGNUM *ret, 410da347917Sbeck const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); 411da347917Sbeck BIGNUM *BN_mod_sqrt(BIGNUM *ret, 412da347917Sbeck const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); 4134fcf65c5Sdjm 41497222eddSmiod void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); 41597222eddSmiod 4162688c6a6Stb int BN_security_bits(int L, int N); 4172688c6a6Stb 4184fcf65c5Sdjm int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, 4194fcf65c5Sdjm const BIGNUM *rem, BN_GENCB *cb); 4204fcf65c5Sdjm int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); 4214fcf65c5Sdjm int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, 4224fcf65c5Sdjm int do_trial_division, BN_GENCB *cb); 4236d388760Sdjm 424913ec974Sbeck BN_MONT_CTX *BN_MONT_CTX_new(void ); 425da347917Sbeck int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 426da347917Sbeck BN_MONT_CTX *mont, BN_CTX *ctx); 427735750b6Stb int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, 428735750b6Stb BN_CTX *ctx); 429da347917Sbeck int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, 430da347917Sbeck BN_MONT_CTX *mont, BN_CTX *ctx); 431913ec974Sbeck void BN_MONT_CTX_free(BN_MONT_CTX *mont); 432cf5de1f6Smarkus int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); 433913ec974Sbeck BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); 4346d388760Sdjm BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, 4356d388760Sdjm const BIGNUM *mod, BN_CTX *ctx); 436913ec974Sbeck 4374fcf65c5Sdjm /* Primes from RFC 2409 */ 43858f50865Sjsing BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); 43958f50865Sjsing BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); 4404fcf65c5Sdjm 4414fcf65c5Sdjm /* Primes from RFC 3526 */ 44258f50865Sjsing BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); 44358f50865Sjsing BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); 44458f50865Sjsing BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); 44558f50865Sjsing BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); 44658f50865Sjsing BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); 44758f50865Sjsing BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); 448913ec974Sbeck 449da347917Sbeck void ERR_load_BN_strings(void); 450913ec974Sbeck 451913ec974Sbeck /* Error codes for the BN functions. */ 452913ec974Sbeck 453913ec974Sbeck /* Function codes. */ 4544fcf65c5Sdjm #define BN_F_BNRAND 127 4554fcf65c5Sdjm #define BN_F_BN_BLINDING_CONVERT_EX 100 4564fcf65c5Sdjm #define BN_F_BN_BLINDING_CREATE_PARAM 128 4574fcf65c5Sdjm #define BN_F_BN_BLINDING_INVERT_EX 101 458913ec974Sbeck #define BN_F_BN_BLINDING_NEW 102 459913ec974Sbeck #define BN_F_BN_BLINDING_UPDATE 103 460913ec974Sbeck #define BN_F_BN_BN2DEC 104 461913ec974Sbeck #define BN_F_BN_BN2HEX 105 462ba5406e9Sbeck #define BN_F_BN_CTX_GET 116 463913ec974Sbeck #define BN_F_BN_CTX_NEW 106 4644fcf65c5Sdjm #define BN_F_BN_CTX_START 129 465913ec974Sbeck #define BN_F_BN_DIV 107 4664fcf65c5Sdjm #define BN_F_BN_DIV_NO_BRANCH 138 4674fcf65c5Sdjm #define BN_F_BN_DIV_RECP 130 4686d388760Sdjm #define BN_F_BN_EXP 123 469913ec974Sbeck #define BN_F_BN_EXPAND2 108 470e123f381Smiod #define BN_F_BN_GENERATE_PRIME_EX 140 471da347917Sbeck #define BN_F_BN_EXPAND_INTERNAL 120 4724fcf65c5Sdjm #define BN_F_BN_GF2M_MOD 131 4734fcf65c5Sdjm #define BN_F_BN_GF2M_MOD_EXP 132 4744fcf65c5Sdjm #define BN_F_BN_GF2M_MOD_MUL 133 4754fcf65c5Sdjm #define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 4764fcf65c5Sdjm #define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 4774fcf65c5Sdjm #define BN_F_BN_GF2M_MOD_SQR 136 4784fcf65c5Sdjm #define BN_F_BN_GF2M_MOD_SQRT 137 479c109e398Sbeck #define BN_F_BN_MOD_EXP2_MONT 118 480913ec974Sbeck #define BN_F_BN_MOD_EXP_MONT 109 4816d388760Sdjm #define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 482c109e398Sbeck #define BN_F_BN_MOD_EXP_MONT_WORD 117 4836d388760Sdjm #define BN_F_BN_MOD_EXP_RECP 125 4846d388760Sdjm #define BN_F_BN_MOD_EXP_SIMPLE 126 485913ec974Sbeck #define BN_F_BN_MOD_INVERSE 110 4864fcf65c5Sdjm #define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 487da347917Sbeck #define BN_F_BN_MOD_LSHIFT_QUICK 119 488913ec974Sbeck #define BN_F_BN_MOD_MUL_RECIPROCAL 111 489da347917Sbeck #define BN_F_BN_MOD_SQRT 121 490913ec974Sbeck #define BN_F_BN_MPI2BN 112 491913ec974Sbeck #define BN_F_BN_NEW 113 492913ec974Sbeck #define BN_F_BN_RAND 114 493ce6fc090Sbeck #define BN_F_BN_RAND_RANGE 122 494913ec974Sbeck #define BN_F_BN_USUB 115 495913ec974Sbeck 496913ec974Sbeck /* Reason codes. */ 497913ec974Sbeck #define BN_R_ARG2_LT_ARG3 100 498913ec974Sbeck #define BN_R_BAD_RECIPROCAL 101 499ce6fc090Sbeck #define BN_R_BIGNUM_TOO_LONG 114 500e123f381Smiod #define BN_R_BITS_TOO_SMALL 117 501913ec974Sbeck #define BN_R_CALLED_WITH_EVEN_MODULUS 102 502913ec974Sbeck #define BN_R_DIV_BY_ZERO 103 503913ec974Sbeck #define BN_R_ENCODING_ERROR 104 504913ec974Sbeck #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 505da347917Sbeck #define BN_R_INPUT_NOT_REDUCED 110 5063c52cd97Stb #define BN_R_INVALID_ARGUMENT 118 507913ec974Sbeck #define BN_R_INVALID_LENGTH 106 508ce6fc090Sbeck #define BN_R_INVALID_RANGE 115 509da347917Sbeck #define BN_R_NOT_A_SQUARE 111 510913ec974Sbeck #define BN_R_NOT_INITIALIZED 107 511913ec974Sbeck #define BN_R_NO_INVERSE 108 5124fcf65c5Sdjm #define BN_R_NO_SOLUTION 116 513da347917Sbeck #define BN_R_P_IS_NOT_PRIME 112 514da347917Sbeck #define BN_R_TOO_MANY_ITERATIONS 113 515ba5406e9Sbeck #define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 516913ec974Sbeck 517913ec974Sbeck #ifdef __cplusplus 518913ec974Sbeck } 519913ec974Sbeck #endif 520913ec974Sbeck #endif 521