libtomcrypt update
Karel Miko
5 years ago
40 | 40 | ltc/mac/xcbc/xcbc_process.o ltc/math/ltm_desc.o ltc/math/multi.o ltc/math/radix_to_bin.o \ |
41 | 41 | ltc/math/rand_bn.o ltc/math/rand_prime.o ltc/math/tfm_desc.o ltc/math/fp/ltc_ecc_fp_mulmod.o \ |
42 | 42 | ltc/misc/adler32.o ltc/misc/burn_stack.o ltc/misc/compare_testvector.o ltc/misc/copy_or_zeromem.o \ |
43 | ltc/misc/crc32.o ltc/misc/error_to_string.o ltc/misc/mem_neq.o ltc/misc/pk_get_oid.o \ | |
44 | ltc/misc/pk_oid_str.o ltc/misc/zeromem.o ltc/misc/base16/base16_decode.o ltc/misc/base16/base16_encode.o \ | |
45 | ltc/misc/base32/base32_decode.o ltc/misc/base32/base32_encode.o ltc/misc/base64/base64_decode.o \ | |
46 | ltc/misc/base64/base64_encode.o ltc/misc/crypt/crypt.o ltc/misc/crypt/crypt_argchk.o \ | |
47 | ltc/misc/crypt/crypt_cipher_descriptor.o ltc/misc/crypt/crypt_cipher_is_valid.o ltc/misc/crypt/crypt_constants.o \ | |
48 | ltc/misc/crypt/crypt_find_cipher.o ltc/misc/crypt/crypt_find_cipher_any.o ltc/misc/crypt/crypt_find_cipher_id.o \ | |
49 | ltc/misc/crypt/crypt_find_hash.o ltc/misc/crypt/crypt_find_hash_any.o ltc/misc/crypt/crypt_find_hash_id.o \ | |
50 | ltc/misc/crypt/crypt_find_hash_oid.o ltc/misc/crypt/crypt_find_prng.o ltc/misc/crypt/crypt_fsa.o \ | |
51 | ltc/misc/crypt/crypt_hash_descriptor.o ltc/misc/crypt/crypt_hash_is_valid.o ltc/misc/crypt/crypt_inits.o \ | |
52 | ltc/misc/crypt/crypt_ltc_mp_descriptor.o ltc/misc/crypt/crypt_prng_descriptor.o ltc/misc/crypt/crypt_prng_is_valid.o \ | |
53 | ltc/misc/crypt/crypt_prng_rng_descriptor.o ltc/misc/crypt/crypt_register_all_ciphers.o \ | |
54 | ltc/misc/crypt/crypt_register_all_hashes.o ltc/misc/crypt/crypt_register_all_prngs.o \ | |
55 | ltc/misc/crypt/crypt_register_cipher.o ltc/misc/crypt/crypt_register_hash.o ltc/misc/crypt/crypt_register_prng.o \ | |
56 | ltc/misc/crypt/crypt_sizes.o ltc/misc/crypt/crypt_unregister_cipher.o ltc/misc/crypt/crypt_unregister_hash.o \ | |
57 | ltc/misc/crypt/crypt_unregister_prng.o ltc/misc/hkdf/hkdf.o ltc/misc/padding/padding_depad.o \ | |
58 | ltc/misc/padding/padding_pad.o ltc/misc/pkcs12/pkcs12_kdf.o ltc/misc/pkcs12/pkcs12_utf8_to_utf16.o \ | |
59 | ltc/misc/pkcs5/pkcs_5_1.o ltc/misc/pkcs5/pkcs_5_2.o ltc/modes/cbc/cbc_decrypt.o ltc/modes/cbc/cbc_done.o \ | |
60 | ltc/modes/cbc/cbc_encrypt.o ltc/modes/cbc/cbc_getiv.o ltc/modes/cbc/cbc_setiv.o ltc/modes/cbc/cbc_start.o \ | |
61 | ltc/modes/cfb/cfb_decrypt.o ltc/modes/cfb/cfb_done.o ltc/modes/cfb/cfb_encrypt.o \ | |
62 | ltc/modes/cfb/cfb_getiv.o ltc/modes/cfb/cfb_setiv.o ltc/modes/cfb/cfb_start.o ltc/modes/ctr/ctr_decrypt.o \ | |
63 | ltc/modes/ctr/ctr_done.o ltc/modes/ctr/ctr_encrypt.o ltc/modes/ctr/ctr_getiv.o ltc/modes/ctr/ctr_setiv.o \ | |
64 | ltc/modes/ctr/ctr_start.o ltc/modes/ecb/ecb_decrypt.o ltc/modes/ecb/ecb_done.o ltc/modes/ecb/ecb_encrypt.o \ | |
65 | ltc/modes/ecb/ecb_start.o ltc/modes/ofb/ofb_decrypt.o ltc/modes/ofb/ofb_done.o ltc/modes/ofb/ofb_encrypt.o \ | |
66 | ltc/modes/ofb/ofb_getiv.o ltc/modes/ofb/ofb_setiv.o ltc/modes/ofb/ofb_start.o ltc/pk/asn1/der/bit/der_decode_bit_string.o \ | |
67 | ltc/pk/asn1/der/bit/der_decode_raw_bit_string.o ltc/pk/asn1/der/bit/der_encode_bit_string.o \ | |
68 | ltc/pk/asn1/der/bit/der_encode_raw_bit_string.o ltc/pk/asn1/der/bit/der_length_bit_string.o \ | |
69 | ltc/pk/asn1/der/boolean/der_decode_boolean.o ltc/pk/asn1/der/boolean/der_encode_boolean.o \ | |
70 | ltc/pk/asn1/der/boolean/der_length_boolean.o ltc/pk/asn1/der/choice/der_decode_choice.o \ | |
71 | ltc/pk/asn1/der/custom_type/der_decode_custom_type.o ltc/pk/asn1/der/custom_type/der_encode_custom_type.o \ | |
72 | ltc/pk/asn1/der/custom_type/der_length_custom_type.o ltc/pk/asn1/der/general/der_asn1_maps.o \ | |
73 | ltc/pk/asn1/der/general/der_decode_asn1_identifier.o ltc/pk/asn1/der/general/der_decode_asn1_length.o \ | |
74 | ltc/pk/asn1/der/general/der_encode_asn1_identifier.o ltc/pk/asn1/der/general/der_encode_asn1_length.o \ | |
75 | ltc/pk/asn1/der/general/der_length_asn1_identifier.o ltc/pk/asn1/der/general/der_length_asn1_length.o \ | |
76 | ltc/pk/asn1/der/generalizedtime/der_decode_generalizedtime.o ltc/pk/asn1/der/generalizedtime/der_encode_generalizedtime.o \ | |
77 | ltc/pk/asn1/der/generalizedtime/der_length_generalizedtime.o ltc/pk/asn1/der/ia5/der_decode_ia5_string.o \ | |
78 | ltc/pk/asn1/der/ia5/der_encode_ia5_string.o ltc/pk/asn1/der/ia5/der_length_ia5_string.o \ | |
79 | ltc/pk/asn1/der/integer/der_decode_integer.o ltc/pk/asn1/der/integer/der_encode_integer.o \ | |
80 | ltc/pk/asn1/der/integer/der_length_integer.o ltc/pk/asn1/der/object_identifier/der_decode_object_identifier.o \ | |
81 | ltc/pk/asn1/der/object_identifier/der_encode_object_identifier.o ltc/pk/asn1/der/object_identifier/der_length_object_identifier.o \ | |
82 | ltc/pk/asn1/der/octet/der_decode_octet_string.o ltc/pk/asn1/der/octet/der_encode_octet_string.o \ | |
83 | ltc/pk/asn1/der/octet/der_length_octet_string.o ltc/pk/asn1/der/printable_string/der_decode_printable_string.o \ | |
84 | ltc/pk/asn1/der/printable_string/der_encode_printable_string.o ltc/pk/asn1/der/printable_string/der_length_printable_string.o \ | |
85 | ltc/pk/asn1/der/sequence/der_decode_sequence_ex.o ltc/pk/asn1/der/sequence/der_decode_sequence_flexi.o \ | |
86 | ltc/pk/asn1/der/sequence/der_decode_sequence_multi.o ltc/pk/asn1/der/sequence/der_encode_sequence_ex.o \ | |
87 | ltc/pk/asn1/der/sequence/der_encode_sequence_multi.o ltc/pk/asn1/der/sequence/der_length_sequence.o \ | |
88 | ltc/pk/asn1/der/sequence/der_sequence_free.o ltc/pk/asn1/der/sequence/der_sequence_shrink.o \ | |
89 | ltc/pk/asn1/der/set/der_encode_set.o ltc/pk/asn1/der/set/der_encode_setof.o ltc/pk/asn1/der/short_integer/der_decode_short_integer.o \ | |
43 | ltc/misc/crc32.o ltc/misc/error_to_string.o ltc/misc/mem_neq.o ltc/misc/zeromem.o \ | |
44 | ltc/misc/base16/base16_decode.o ltc/misc/base16/base16_encode.o ltc/misc/base32/base32_decode.o \ | |
45 | ltc/misc/base32/base32_encode.o ltc/misc/base64/base64_decode.o ltc/misc/base64/base64_encode.o \ | |
46 | ltc/misc/crypt/crypt.o ltc/misc/crypt/crypt_argchk.o ltc/misc/crypt/crypt_cipher_descriptor.o \ | |
47 | ltc/misc/crypt/crypt_cipher_is_valid.o ltc/misc/crypt/crypt_constants.o ltc/misc/crypt/crypt_find_cipher.o \ | |
48 | ltc/misc/crypt/crypt_find_cipher_any.o ltc/misc/crypt/crypt_find_cipher_id.o ltc/misc/crypt/crypt_find_hash.o \ | |
49 | ltc/misc/crypt/crypt_find_hash_any.o ltc/misc/crypt/crypt_find_hash_id.o ltc/misc/crypt/crypt_find_hash_oid.o \ | |
50 | ltc/misc/crypt/crypt_find_prng.o ltc/misc/crypt/crypt_fsa.o ltc/misc/crypt/crypt_hash_descriptor.o \ | |
51 | ltc/misc/crypt/crypt_hash_is_valid.o ltc/misc/crypt/crypt_inits.o ltc/misc/crypt/crypt_ltc_mp_descriptor.o \ | |
52 | ltc/misc/crypt/crypt_prng_descriptor.o ltc/misc/crypt/crypt_prng_is_valid.o ltc/misc/crypt/crypt_prng_rng_descriptor.o \ | |
53 | ltc/misc/crypt/crypt_register_all_ciphers.o ltc/misc/crypt/crypt_register_all_hashes.o \ | |
54 | ltc/misc/crypt/crypt_register_all_prngs.o ltc/misc/crypt/crypt_register_cipher.o \ | |
55 | ltc/misc/crypt/crypt_register_hash.o ltc/misc/crypt/crypt_register_prng.o ltc/misc/crypt/crypt_sizes.o \ | |
56 | ltc/misc/crypt/crypt_unregister_cipher.o ltc/misc/crypt/crypt_unregister_hash.o ltc/misc/crypt/crypt_unregister_prng.o \ | |
57 | ltc/misc/hkdf/hkdf.o ltc/misc/padding/padding_depad.o ltc/misc/padding/padding_pad.o \ | |
58 | ltc/misc/pbes/pbes.o ltc/misc/pbes/pbes1.o ltc/misc/pbes/pbes2.o ltc/misc/pkcs12/pkcs12_kdf.o \ | |
59 | ltc/misc/pkcs12/pkcs12_utf8_to_utf16.o ltc/misc/pkcs5/pkcs_5_1.o ltc/misc/pkcs5/pkcs_5_2.o \ | |
60 | ltc/modes/cbc/cbc_decrypt.o ltc/modes/cbc/cbc_done.o ltc/modes/cbc/cbc_encrypt.o \ | |
61 | ltc/modes/cbc/cbc_getiv.o ltc/modes/cbc/cbc_setiv.o ltc/modes/cbc/cbc_start.o ltc/modes/cfb/cfb_decrypt.o \ | |
62 | ltc/modes/cfb/cfb_done.o ltc/modes/cfb/cfb_encrypt.o ltc/modes/cfb/cfb_getiv.o ltc/modes/cfb/cfb_setiv.o \ | |
63 | ltc/modes/cfb/cfb_start.o ltc/modes/ctr/ctr_decrypt.o ltc/modes/ctr/ctr_done.o ltc/modes/ctr/ctr_encrypt.o \ | |
64 | ltc/modes/ctr/ctr_getiv.o ltc/modes/ctr/ctr_setiv.o ltc/modes/ctr/ctr_start.o ltc/modes/ecb/ecb_decrypt.o \ | |
65 | ltc/modes/ecb/ecb_done.o ltc/modes/ecb/ecb_encrypt.o ltc/modes/ecb/ecb_start.o ltc/modes/ofb/ofb_decrypt.o \ | |
66 | ltc/modes/ofb/ofb_done.o ltc/modes/ofb/ofb_encrypt.o ltc/modes/ofb/ofb_getiv.o ltc/modes/ofb/ofb_setiv.o \ | |
67 | ltc/modes/ofb/ofb_start.o ltc/pk/asn1/der/bit/der_decode_bit_string.o ltc/pk/asn1/der/bit/der_decode_raw_bit_string.o \ | |
68 | ltc/pk/asn1/der/bit/der_encode_bit_string.o ltc/pk/asn1/der/bit/der_encode_raw_bit_string.o \ | |
69 | ltc/pk/asn1/der/bit/der_length_bit_string.o ltc/pk/asn1/der/boolean/der_decode_boolean.o \ | |
70 | ltc/pk/asn1/der/boolean/der_encode_boolean.o ltc/pk/asn1/der/boolean/der_length_boolean.o \ | |
71 | ltc/pk/asn1/der/choice/der_decode_choice.o ltc/pk/asn1/der/custom_type/der_decode_custom_type.o \ | |
72 | ltc/pk/asn1/der/custom_type/der_encode_custom_type.o ltc/pk/asn1/der/custom_type/der_length_custom_type.o \ | |
73 | ltc/pk/asn1/der/general/der_asn1_maps.o ltc/pk/asn1/der/general/der_decode_asn1_identifier.o \ | |
74 | ltc/pk/asn1/der/general/der_decode_asn1_length.o ltc/pk/asn1/der/general/der_encode_asn1_identifier.o \ | |
75 | ltc/pk/asn1/der/general/der_encode_asn1_length.o ltc/pk/asn1/der/general/der_length_asn1_identifier.o \ | |
76 | ltc/pk/asn1/der/general/der_length_asn1_length.o ltc/pk/asn1/der/generalizedtime/der_decode_generalizedtime.o \ | |
77 | ltc/pk/asn1/der/generalizedtime/der_encode_generalizedtime.o ltc/pk/asn1/der/generalizedtime/der_length_generalizedtime.o \ | |
78 | ltc/pk/asn1/der/ia5/der_decode_ia5_string.o ltc/pk/asn1/der/ia5/der_encode_ia5_string.o \ | |
79 | ltc/pk/asn1/der/ia5/der_length_ia5_string.o ltc/pk/asn1/der/integer/der_decode_integer.o \ | |
80 | ltc/pk/asn1/der/integer/der_encode_integer.o ltc/pk/asn1/der/integer/der_length_integer.o \ | |
81 | ltc/pk/asn1/der/object_identifier/der_decode_object_identifier.o ltc/pk/asn1/der/object_identifier/der_encode_object_identifier.o \ | |
82 | ltc/pk/asn1/der/object_identifier/der_length_object_identifier.o ltc/pk/asn1/der/octet/der_decode_octet_string.o \ | |
83 | ltc/pk/asn1/der/octet/der_encode_octet_string.o ltc/pk/asn1/der/octet/der_length_octet_string.o \ | |
84 | ltc/pk/asn1/der/printable_string/der_decode_printable_string.o ltc/pk/asn1/der/printable_string/der_encode_printable_string.o \ | |
85 | ltc/pk/asn1/der/printable_string/der_length_printable_string.o ltc/pk/asn1/der/sequence/der_decode_sequence_ex.o \ | |
86 | ltc/pk/asn1/der/sequence/der_decode_sequence_flexi.o ltc/pk/asn1/der/sequence/der_decode_sequence_multi.o \ | |
87 | ltc/pk/asn1/der/sequence/der_encode_sequence_ex.o ltc/pk/asn1/der/sequence/der_encode_sequence_multi.o \ | |
88 | ltc/pk/asn1/der/sequence/der_length_sequence.o ltc/pk/asn1/der/sequence/der_sequence_free.o \ | |
89 | ltc/pk/asn1/der/sequence/der_sequence_shrink.o ltc/pk/asn1/der/set/der_encode_set.o \ | |
90 | ltc/pk/asn1/der/set/der_encode_setof.o ltc/pk/asn1/der/short_integer/der_decode_short_integer.o \ | |
90 | 91 | ltc/pk/asn1/der/short_integer/der_encode_short_integer.o ltc/pk/asn1/der/short_integer/der_length_short_integer.o \ |
91 | 92 | ltc/pk/asn1/der/teletex_string/der_decode_teletex_string.o ltc/pk/asn1/der/teletex_string/der_length_teletex_string.o \ |
92 | 93 | ltc/pk/asn1/der/utctime/der_decode_utctime.o ltc/pk/asn1/der/utctime/der_encode_utctime.o \ |
93 | 94 | ltc/pk/asn1/der/utctime/der_length_utctime.o ltc/pk/asn1/der/utf8/der_decode_utf8_string.o \ |
94 | 95 | ltc/pk/asn1/der/utf8/der_encode_utf8_string.o ltc/pk/asn1/der/utf8/der_length_utf8_string.o \ |
95 | ltc/pk/asn1/x509/x509_decode_subject_public_key_info.o ltc/pk/asn1/x509/x509_encode_subject_public_key_info.o \ | |
96 | ltc/pk/dh/dh.o ltc/pk/dh/dh_check_pubkey.o ltc/pk/dh/dh_export.o ltc/pk/dh/dh_export_key.o \ | |
97 | ltc/pk/dh/dh_free.o ltc/pk/dh/dh_generate_key.o ltc/pk/dh/dh_import.o ltc/pk/dh/dh_set.o \ | |
98 | ltc/pk/dh/dh_set_pg_dhparam.o ltc/pk/dh/dh_shared_secret.o ltc/pk/dsa/dsa_decrypt_key.o \ | |
99 | ltc/pk/dsa/dsa_encrypt_key.o ltc/pk/dsa/dsa_export.o ltc/pk/dsa/dsa_free.o ltc/pk/dsa/dsa_generate_key.o \ | |
100 | ltc/pk/dsa/dsa_generate_pqg.o ltc/pk/dsa/dsa_import.o ltc/pk/dsa/dsa_make_key.o ltc/pk/dsa/dsa_set.o \ | |
101 | ltc/pk/dsa/dsa_set_pqg_dsaparam.o ltc/pk/dsa/dsa_shared_secret.o ltc/pk/dsa/dsa_sign_hash.o \ | |
102 | ltc/pk/dsa/dsa_verify_hash.o ltc/pk/dsa/dsa_verify_key.o ltc/pk/ecc/ecc.o ltc/pk/ecc/ecc_ansi_x963_export.o \ | |
103 | ltc/pk/ecc/ecc_ansi_x963_import.o ltc/pk/ecc/ecc_decrypt_key.o ltc/pk/ecc/ecc_encrypt_key.o \ | |
104 | ltc/pk/ecc/ecc_export.o ltc/pk/ecc/ecc_export_openssl.o ltc/pk/ecc/ecc_find_curve.o \ | |
105 | ltc/pk/ecc/ecc_free.o ltc/pk/ecc/ecc_get_key.o ltc/pk/ecc/ecc_get_oid_str.o ltc/pk/ecc/ecc_get_size.o \ | |
106 | ltc/pk/ecc/ecc_import.o ltc/pk/ecc/ecc_import_openssl.o ltc/pk/ecc/ecc_import_pkcs8.o \ | |
107 | ltc/pk/ecc/ecc_import_x509.o ltc/pk/ecc/ecc_make_key.o ltc/pk/ecc/ecc_set_curve.o \ | |
96 | ltc/pk/asn1/oid/pk_get_oid.o ltc/pk/asn1/oid/pk_oid_cmp.o ltc/pk/asn1/oid/pk_oid_str.o \ | |
97 | ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.o ltc/pk/asn1/x509/x509_decode_subject_public_key_info.o \ | |
98 | ltc/pk/asn1/x509/x509_encode_subject_public_key_info.o ltc/pk/dh/dh.o ltc/pk/dh/dh_check_pubkey.o \ | |
99 | ltc/pk/dh/dh_export.o ltc/pk/dh/dh_export_key.o ltc/pk/dh/dh_free.o ltc/pk/dh/dh_generate_key.o \ | |
100 | ltc/pk/dh/dh_import.o ltc/pk/dh/dh_set.o ltc/pk/dh/dh_set_pg_dhparam.o ltc/pk/dh/dh_shared_secret.o \ | |
101 | ltc/pk/dsa/dsa_decrypt_key.o ltc/pk/dsa/dsa_encrypt_key.o ltc/pk/dsa/dsa_export.o \ | |
102 | ltc/pk/dsa/dsa_free.o ltc/pk/dsa/dsa_generate_key.o ltc/pk/dsa/dsa_generate_pqg.o \ | |
103 | ltc/pk/dsa/dsa_import.o ltc/pk/dsa/dsa_make_key.o ltc/pk/dsa/dsa_set.o ltc/pk/dsa/dsa_set_pqg_dsaparam.o \ | |
104 | ltc/pk/dsa/dsa_shared_secret.o ltc/pk/dsa/dsa_sign_hash.o ltc/pk/dsa/dsa_verify_hash.o \ | |
105 | ltc/pk/dsa/dsa_verify_key.o ltc/pk/ecc/ecc.o ltc/pk/ecc/ecc_ansi_x963_export.o ltc/pk/ecc/ecc_ansi_x963_import.o \ | |
106 | ltc/pk/ecc/ecc_decrypt_key.o ltc/pk/ecc/ecc_encrypt_key.o ltc/pk/ecc/ecc_export.o \ | |
107 | ltc/pk/ecc/ecc_export_openssl.o ltc/pk/ecc/ecc_find_curve.o ltc/pk/ecc/ecc_free.o \ | |
108 | ltc/pk/ecc/ecc_get_key.o ltc/pk/ecc/ecc_get_oid_str.o ltc/pk/ecc/ecc_get_size.o ltc/pk/ecc/ecc_import.o \ | |
109 | ltc/pk/ecc/ecc_import_openssl.o ltc/pk/ecc/ecc_import_pkcs8.o ltc/pk/ecc/ecc_import_x509.o \ | |
110 | ltc/pk/ecc/ecc_make_key.o ltc/pk/ecc/ecc_recover_key.o ltc/pk/ecc/ecc_set_curve.o \ | |
108 | 111 | ltc/pk/ecc/ecc_set_curve_internal.o ltc/pk/ecc/ecc_set_key.o ltc/pk/ecc/ecc_shared_secret.o \ |
109 | 112 | ltc/pk/ecc/ecc_sign_hash.o ltc/pk/ecc/ecc_sizes.o ltc/pk/ecc/ecc_verify_hash.o ltc/pk/ecc/ltc_ecc_export_point.o \ |
110 | 113 | ltc/pk/ecc/ltc_ecc_import_point.o ltc/pk/ecc/ltc_ecc_is_point.o ltc/pk/ecc/ltc_ecc_is_point_at_infinity.o \ |
121 | 124 | ltc/prngs/rng_get_bytes.o ltc/prngs/rng_make_prng.o ltc/prngs/sober128.o ltc/prngs/sprng.o \ |
122 | 125 | ltc/prngs/yarrow.o ltc/stream/chacha/chacha_crypt.o ltc/stream/chacha/chacha_done.o \ |
123 | 126 | ltc/stream/chacha/chacha_ivctr32.o ltc/stream/chacha/chacha_ivctr64.o ltc/stream/chacha/chacha_keystream.o \ |
124 | ltc/stream/chacha/chacha_setup.o ltc/stream/rabbit/rabbit.o ltc/stream/rc4/rc4_stream.o \ | |
127 | ltc/stream/chacha/chacha_memory.o ltc/stream/chacha/chacha_setup.o ltc/stream/rabbit/rabbit.o \ | |
128 | ltc/stream/rabbit/rabbit_memory.o ltc/stream/rc4/rc4_stream.o ltc/stream/rc4/rc4_stream_memory.o \ | |
125 | 129 | ltc/stream/salsa20/salsa20_crypt.o ltc/stream/salsa20/salsa20_done.o ltc/stream/salsa20/salsa20_ivctr64.o \ |
126 | ltc/stream/salsa20/salsa20_keystream.o ltc/stream/salsa20/salsa20_setup.o ltc/stream/salsa20/xsalsa20_setup.o \ | |
127 | ltc/stream/sober128/sober128_stream.o ltc/stream/sosemanuk/sosemanuk.o ltm/bncore.o \ | |
128 | ltm/bn_error.o ltm/bn_fast_mp_invmod.o ltm/bn_fast_mp_montgomery_reduce.o ltm/bn_fast_s_mp_mul_digs.o \ | |
129 | ltm/bn_fast_s_mp_mul_high_digs.o ltm/bn_fast_s_mp_sqr.o ltm/bn_mp_2expt.o ltm/bn_mp_abs.o \ | |
130 | ltm/bn_mp_add.o ltm/bn_mp_addmod.o ltm/bn_mp_add_d.o ltm/bn_mp_and.o ltm/bn_mp_clamp.o \ | |
131 | ltm/bn_mp_clear.o ltm/bn_mp_clear_multi.o ltm/bn_mp_cmp.o ltm/bn_mp_cmp_d.o ltm/bn_mp_cmp_mag.o \ | |
132 | ltm/bn_mp_cnt_lsb.o ltm/bn_mp_copy.o ltm/bn_mp_count_bits.o ltm/bn_mp_div.o ltm/bn_mp_div_2.o \ | |
133 | ltm/bn_mp_div_2d.o ltm/bn_mp_div_3.o ltm/bn_mp_div_d.o ltm/bn_mp_dr_is_modulus.o \ | |
134 | ltm/bn_mp_dr_reduce.o ltm/bn_mp_dr_setup.o ltm/bn_mp_exch.o ltm/bn_mp_export.o ltm/bn_mp_exptmod.o \ | |
135 | ltm/bn_mp_exptmod_fast.o ltm/bn_mp_expt_d.o ltm/bn_mp_expt_d_ex.o ltm/bn_mp_exteuclid.o \ | |
136 | ltm/bn_mp_fread.o ltm/bn_mp_fwrite.o ltm/bn_mp_gcd.o ltm/bn_mp_get_int.o ltm/bn_mp_get_long.o \ | |
137 | ltm/bn_mp_grow.o ltm/bn_mp_import.o ltm/bn_mp_init.o ltm/bn_mp_init_copy.o ltm/bn_mp_init_multi.o \ | |
138 | ltm/bn_mp_init_set.o ltm/bn_mp_init_set_int.o ltm/bn_mp_init_size.o ltm/bn_mp_invmod.o \ | |
139 | ltm/bn_mp_invmod_slow.o ltm/bn_mp_is_square.o ltm/bn_mp_jacobi.o ltm/bn_mp_karatsuba_mul.o \ | |
140 | ltm/bn_mp_karatsuba_sqr.o ltm/bn_mp_lcm.o ltm/bn_mp_lshd.o ltm/bn_mp_mod.o ltm/bn_mp_mod_2d.o \ | |
141 | ltm/bn_mp_mod_d.o ltm/bn_mp_montgomery_calc_normalization.o ltm/bn_mp_montgomery_reduce.o \ | |
142 | ltm/bn_mp_montgomery_setup.o ltm/bn_mp_mul.o ltm/bn_mp_mulmod.o ltm/bn_mp_mul_2.o \ | |
143 | ltm/bn_mp_mul_2d.o ltm/bn_mp_mul_d.o ltm/bn_mp_neg.o ltm/bn_mp_n_root.o ltm/bn_mp_n_root_ex.o \ | |
144 | ltm/bn_mp_or.o ltm/bn_mp_prime_fermat.o ltm/bn_mp_prime_is_divisible.o ltm/bn_mp_prime_is_prime.o \ | |
145 | ltm/bn_mp_prime_miller_rabin.o ltm/bn_mp_prime_next_prime.o ltm/bn_mp_prime_rabin_miller_trials.o \ | |
146 | ltm/bn_mp_prime_random_ex.o ltm/bn_mp_radix_size.o ltm/bn_mp_radix_smap.o ltm/bn_mp_rand.o \ | |
147 | ltm/bn_mp_read_radix.o ltm/bn_mp_read_signed_bin.o ltm/bn_mp_read_unsigned_bin.o \ | |
148 | ltm/bn_mp_reduce.o ltm/bn_mp_reduce_2k.o ltm/bn_mp_reduce_2k_l.o ltm/bn_mp_reduce_2k_setup.o \ | |
149 | ltm/bn_mp_reduce_2k_setup_l.o ltm/bn_mp_reduce_is_2k.o ltm/bn_mp_reduce_is_2k_l.o \ | |
150 | ltm/bn_mp_reduce_setup.o ltm/bn_mp_rshd.o ltm/bn_mp_set.o ltm/bn_mp_set_int.o ltm/bn_mp_set_long.o \ | |
151 | ltm/bn_mp_shrink.o ltm/bn_mp_signed_bin_size.o ltm/bn_mp_sqr.o ltm/bn_mp_sqrmod.o \ | |
152 | ltm/bn_mp_sqrt.o ltm/bn_mp_sqrtmod_prime.o ltm/bn_mp_sub.o ltm/bn_mp_submod.o ltm/bn_mp_sub_d.o \ | |
153 | ltm/bn_mp_toom_mul.o ltm/bn_mp_toom_sqr.o ltm/bn_mp_toradix.o ltm/bn_mp_toradix_n.o \ | |
154 | ltm/bn_mp_to_signed_bin.o ltm/bn_mp_to_signed_bin_n.o ltm/bn_mp_to_unsigned_bin.o \ | |
130 | ltc/stream/salsa20/salsa20_keystream.o ltc/stream/salsa20/salsa20_memory.o ltc/stream/salsa20/salsa20_setup.o \ | |
131 | ltc/stream/salsa20/xsalsa20_memory.o ltc/stream/salsa20/xsalsa20_setup.o ltc/stream/sober128/sober128_stream.o \ | |
132 | ltc/stream/sober128/sober128_stream_memory.o ltc/stream/sosemanuk/sosemanuk.o ltc/stream/sosemanuk/sosemanuk_memory.o \ | |
133 | ltm/bncore.o ltm/bn_error.o ltm/bn_fast_mp_invmod.o ltm/bn_fast_mp_montgomery_reduce.o \ | |
134 | ltm/bn_fast_s_mp_mul_digs.o ltm/bn_fast_s_mp_mul_high_digs.o ltm/bn_fast_s_mp_sqr.o \ | |
135 | ltm/bn_mp_2expt.o ltm/bn_mp_abs.o ltm/bn_mp_add.o ltm/bn_mp_addmod.o ltm/bn_mp_add_d.o \ | |
136 | ltm/bn_mp_and.o ltm/bn_mp_clamp.o ltm/bn_mp_clear.o ltm/bn_mp_clear_multi.o ltm/bn_mp_cmp.o \ | |
137 | ltm/bn_mp_cmp_d.o ltm/bn_mp_cmp_mag.o ltm/bn_mp_cnt_lsb.o ltm/bn_mp_copy.o ltm/bn_mp_count_bits.o \ | |
138 | ltm/bn_mp_div.o ltm/bn_mp_div_2.o ltm/bn_mp_div_2d.o ltm/bn_mp_div_3.o ltm/bn_mp_div_d.o \ | |
139 | ltm/bn_mp_dr_is_modulus.o ltm/bn_mp_dr_reduce.o ltm/bn_mp_dr_setup.o ltm/bn_mp_exch.o \ | |
140 | ltm/bn_mp_export.o ltm/bn_mp_exptmod.o ltm/bn_mp_exptmod_fast.o ltm/bn_mp_expt_d.o \ | |
141 | ltm/bn_mp_expt_d_ex.o ltm/bn_mp_exteuclid.o ltm/bn_mp_fread.o ltm/bn_mp_fwrite.o \ | |
142 | ltm/bn_mp_gcd.o ltm/bn_mp_get_int.o ltm/bn_mp_get_long.o ltm/bn_mp_grow.o ltm/bn_mp_import.o \ | |
143 | ltm/bn_mp_init.o ltm/bn_mp_init_copy.o ltm/bn_mp_init_multi.o ltm/bn_mp_init_set.o \ | |
144 | ltm/bn_mp_init_set_int.o ltm/bn_mp_init_size.o ltm/bn_mp_invmod.o ltm/bn_mp_invmod_slow.o \ | |
145 | ltm/bn_mp_is_square.o ltm/bn_mp_jacobi.o ltm/bn_mp_karatsuba_mul.o ltm/bn_mp_karatsuba_sqr.o \ | |
146 | ltm/bn_mp_lcm.o ltm/bn_mp_lshd.o ltm/bn_mp_mod.o ltm/bn_mp_mod_2d.o ltm/bn_mp_mod_d.o \ | |
147 | ltm/bn_mp_montgomery_calc_normalization.o ltm/bn_mp_montgomery_reduce.o ltm/bn_mp_montgomery_setup.o \ | |
148 | ltm/bn_mp_mul.o ltm/bn_mp_mulmod.o ltm/bn_mp_mul_2.o ltm/bn_mp_mul_2d.o ltm/bn_mp_mul_d.o \ | |
149 | ltm/bn_mp_neg.o ltm/bn_mp_n_root.o ltm/bn_mp_n_root_ex.o ltm/bn_mp_or.o ltm/bn_mp_prime_fermat.o \ | |
150 | ltm/bn_mp_prime_is_divisible.o ltm/bn_mp_prime_is_prime.o ltm/bn_mp_prime_miller_rabin.o \ | |
151 | ltm/bn_mp_prime_next_prime.o ltm/bn_mp_prime_rabin_miller_trials.o ltm/bn_mp_prime_random_ex.o \ | |
152 | ltm/bn_mp_radix_size.o ltm/bn_mp_radix_smap.o ltm/bn_mp_rand.o ltm/bn_mp_read_radix.o \ | |
153 | ltm/bn_mp_read_signed_bin.o ltm/bn_mp_read_unsigned_bin.o ltm/bn_mp_reduce.o ltm/bn_mp_reduce_2k.o \ | |
154 | ltm/bn_mp_reduce_2k_l.o ltm/bn_mp_reduce_2k_setup.o ltm/bn_mp_reduce_2k_setup_l.o \ | |
155 | ltm/bn_mp_reduce_is_2k.o ltm/bn_mp_reduce_is_2k_l.o ltm/bn_mp_reduce_setup.o ltm/bn_mp_rshd.o \ | |
156 | ltm/bn_mp_set.o ltm/bn_mp_set_int.o ltm/bn_mp_set_long.o ltm/bn_mp_shrink.o ltm/bn_mp_signed_bin_size.o \ | |
157 | ltm/bn_mp_sqr.o ltm/bn_mp_sqrmod.o ltm/bn_mp_sqrt.o ltm/bn_mp_sqrtmod_prime.o ltm/bn_mp_sub.o \ | |
158 | ltm/bn_mp_submod.o ltm/bn_mp_sub_d.o ltm/bn_mp_toom_mul.o ltm/bn_mp_toom_sqr.o ltm/bn_mp_toradix.o \ | |
159 | ltm/bn_mp_toradix_n.o ltm/bn_mp_to_signed_bin.o ltm/bn_mp_to_signed_bin_n.o ltm/bn_mp_to_unsigned_bin.o \ | |
155 | 160 | ltm/bn_mp_to_unsigned_bin_n.o ltm/bn_mp_unsigned_bin_size.o ltm/bn_mp_xor.o ltm/bn_mp_zero.o \ |
156 | 161 | ltm/bn_prime_tab.o ltm/bn_reverse.o ltm/bn_s_mp_add.o ltm/bn_s_mp_exptmod.o ltm/bn_s_mp_mul_digs.o \ |
157 | 162 | ltm/bn_s_mp_mul_high_digs.o ltm/bn_s_mp_sqr.o ltm/bn_s_mp_sub.o |
43 | 43 | ltc/mac/xcbc/xcbc_process.obj ltc/math/ltm_desc.obj ltc/math/multi.obj ltc/math/radix_to_bin.obj \ |
44 | 44 | ltc/math/rand_bn.obj ltc/math/rand_prime.obj ltc/math/tfm_desc.obj ltc/math/fp/ltc_ecc_fp_mulmod.obj \ |
45 | 45 | ltc/misc/adler32.obj ltc/misc/burn_stack.obj ltc/misc/compare_testvector.obj ltc/misc/copy_or_zeromem.obj \ |
46 | ltc/misc/crc32.obj ltc/misc/error_to_string.obj ltc/misc/mem_neq.obj ltc/misc/pk_get_oid.obj \ | |
47 | ltc/misc/pk_oid_str.obj ltc/misc/zeromem.obj ltc/misc/base16/base16_decode.obj ltc/misc/base16/base16_encode.obj \ | |
48 | ltc/misc/base32/base32_decode.obj ltc/misc/base32/base32_encode.obj ltc/misc/base64/base64_decode.obj \ | |
49 | ltc/misc/base64/base64_encode.obj ltc/misc/crypt/crypt.obj ltc/misc/crypt/crypt_argchk.obj \ | |
50 | ltc/misc/crypt/crypt_cipher_descriptor.obj ltc/misc/crypt/crypt_cipher_is_valid.obj \ | |
51 | ltc/misc/crypt/crypt_constants.obj ltc/misc/crypt/crypt_find_cipher.obj ltc/misc/crypt/crypt_find_cipher_any.obj \ | |
52 | ltc/misc/crypt/crypt_find_cipher_id.obj ltc/misc/crypt/crypt_find_hash.obj ltc/misc/crypt/crypt_find_hash_any.obj \ | |
53 | ltc/misc/crypt/crypt_find_hash_id.obj ltc/misc/crypt/crypt_find_hash_oid.obj ltc/misc/crypt/crypt_find_prng.obj \ | |
54 | ltc/misc/crypt/crypt_fsa.obj ltc/misc/crypt/crypt_hash_descriptor.obj ltc/misc/crypt/crypt_hash_is_valid.obj \ | |
55 | ltc/misc/crypt/crypt_inits.obj ltc/misc/crypt/crypt_ltc_mp_descriptor.obj ltc/misc/crypt/crypt_prng_descriptor.obj \ | |
46 | ltc/misc/crc32.obj ltc/misc/error_to_string.obj ltc/misc/mem_neq.obj ltc/misc/zeromem.obj \ | |
47 | ltc/misc/base16/base16_decode.obj ltc/misc/base16/base16_encode.obj ltc/misc/base32/base32_decode.obj \ | |
48 | ltc/misc/base32/base32_encode.obj ltc/misc/base64/base64_decode.obj ltc/misc/base64/base64_encode.obj \ | |
49 | ltc/misc/crypt/crypt.obj ltc/misc/crypt/crypt_argchk.obj ltc/misc/crypt/crypt_cipher_descriptor.obj \ | |
50 | ltc/misc/crypt/crypt_cipher_is_valid.obj ltc/misc/crypt/crypt_constants.obj ltc/misc/crypt/crypt_find_cipher.obj \ | |
51 | ltc/misc/crypt/crypt_find_cipher_any.obj ltc/misc/crypt/crypt_find_cipher_id.obj \ | |
52 | ltc/misc/crypt/crypt_find_hash.obj ltc/misc/crypt/crypt_find_hash_any.obj ltc/misc/crypt/crypt_find_hash_id.obj \ | |
53 | ltc/misc/crypt/crypt_find_hash_oid.obj ltc/misc/crypt/crypt_find_prng.obj ltc/misc/crypt/crypt_fsa.obj \ | |
54 | ltc/misc/crypt/crypt_hash_descriptor.obj ltc/misc/crypt/crypt_hash_is_valid.obj ltc/misc/crypt/crypt_inits.obj \ | |
55 | ltc/misc/crypt/crypt_ltc_mp_descriptor.obj ltc/misc/crypt/crypt_prng_descriptor.obj \ | |
56 | 56 | ltc/misc/crypt/crypt_prng_is_valid.obj ltc/misc/crypt/crypt_prng_rng_descriptor.obj \ |
57 | 57 | ltc/misc/crypt/crypt_register_all_ciphers.obj ltc/misc/crypt/crypt_register_all_hashes.obj \ |
58 | 58 | ltc/misc/crypt/crypt_register_all_prngs.obj ltc/misc/crypt/crypt_register_cipher.obj \ |
59 | 59 | ltc/misc/crypt/crypt_register_hash.obj ltc/misc/crypt/crypt_register_prng.obj ltc/misc/crypt/crypt_sizes.obj \ |
60 | 60 | ltc/misc/crypt/crypt_unregister_cipher.obj ltc/misc/crypt/crypt_unregister_hash.obj \ |
61 | 61 | ltc/misc/crypt/crypt_unregister_prng.obj ltc/misc/hkdf/hkdf.obj ltc/misc/padding/padding_depad.obj \ |
62 | ltc/misc/padding/padding_pad.obj ltc/misc/pkcs12/pkcs12_kdf.obj ltc/misc/pkcs12/pkcs12_utf8_to_utf16.obj \ | |
63 | ltc/misc/pkcs5/pkcs_5_1.obj ltc/misc/pkcs5/pkcs_5_2.obj ltc/modes/cbc/cbc_decrypt.obj \ | |
64 | ltc/modes/cbc/cbc_done.obj ltc/modes/cbc/cbc_encrypt.obj ltc/modes/cbc/cbc_getiv.obj \ | |
65 | ltc/modes/cbc/cbc_setiv.obj ltc/modes/cbc/cbc_start.obj ltc/modes/cfb/cfb_decrypt.obj \ | |
66 | ltc/modes/cfb/cfb_done.obj ltc/modes/cfb/cfb_encrypt.obj ltc/modes/cfb/cfb_getiv.obj \ | |
67 | ltc/modes/cfb/cfb_setiv.obj ltc/modes/cfb/cfb_start.obj ltc/modes/ctr/ctr_decrypt.obj \ | |
68 | ltc/modes/ctr/ctr_done.obj ltc/modes/ctr/ctr_encrypt.obj ltc/modes/ctr/ctr_getiv.obj \ | |
69 | ltc/modes/ctr/ctr_setiv.obj ltc/modes/ctr/ctr_start.obj ltc/modes/ecb/ecb_decrypt.obj \ | |
70 | ltc/modes/ecb/ecb_done.obj ltc/modes/ecb/ecb_encrypt.obj ltc/modes/ecb/ecb_start.obj \ | |
71 | ltc/modes/ofb/ofb_decrypt.obj ltc/modes/ofb/ofb_done.obj ltc/modes/ofb/ofb_encrypt.obj \ | |
72 | ltc/modes/ofb/ofb_getiv.obj ltc/modes/ofb/ofb_setiv.obj ltc/modes/ofb/ofb_start.obj \ | |
73 | ltc/pk/asn1/der/bit/der_decode_bit_string.obj ltc/pk/asn1/der/bit/der_decode_raw_bit_string.obj \ | |
74 | ltc/pk/asn1/der/bit/der_encode_bit_string.obj ltc/pk/asn1/der/bit/der_encode_raw_bit_string.obj \ | |
75 | ltc/pk/asn1/der/bit/der_length_bit_string.obj ltc/pk/asn1/der/boolean/der_decode_boolean.obj \ | |
76 | ltc/pk/asn1/der/boolean/der_encode_boolean.obj ltc/pk/asn1/der/boolean/der_length_boolean.obj \ | |
77 | ltc/pk/asn1/der/choice/der_decode_choice.obj ltc/pk/asn1/der/custom_type/der_decode_custom_type.obj \ | |
78 | ltc/pk/asn1/der/custom_type/der_encode_custom_type.obj ltc/pk/asn1/der/custom_type/der_length_custom_type.obj \ | |
79 | ltc/pk/asn1/der/general/der_asn1_maps.obj ltc/pk/asn1/der/general/der_decode_asn1_identifier.obj \ | |
80 | ltc/pk/asn1/der/general/der_decode_asn1_length.obj ltc/pk/asn1/der/general/der_encode_asn1_identifier.obj \ | |
81 | ltc/pk/asn1/der/general/der_encode_asn1_length.obj ltc/pk/asn1/der/general/der_length_asn1_identifier.obj \ | |
82 | ltc/pk/asn1/der/general/der_length_asn1_length.obj ltc/pk/asn1/der/generalizedtime/der_decode_generalizedtime.obj \ | |
83 | ltc/pk/asn1/der/generalizedtime/der_encode_generalizedtime.obj ltc/pk/asn1/der/generalizedtime/der_length_generalizedtime.obj \ | |
84 | ltc/pk/asn1/der/ia5/der_decode_ia5_string.obj ltc/pk/asn1/der/ia5/der_encode_ia5_string.obj \ | |
85 | ltc/pk/asn1/der/ia5/der_length_ia5_string.obj ltc/pk/asn1/der/integer/der_decode_integer.obj \ | |
86 | ltc/pk/asn1/der/integer/der_encode_integer.obj ltc/pk/asn1/der/integer/der_length_integer.obj \ | |
87 | ltc/pk/asn1/der/object_identifier/der_decode_object_identifier.obj ltc/pk/asn1/der/object_identifier/der_encode_object_identifier.obj \ | |
88 | ltc/pk/asn1/der/object_identifier/der_length_object_identifier.obj ltc/pk/asn1/der/octet/der_decode_octet_string.obj \ | |
89 | ltc/pk/asn1/der/octet/der_encode_octet_string.obj ltc/pk/asn1/der/octet/der_length_octet_string.obj \ | |
90 | ltc/pk/asn1/der/printable_string/der_decode_printable_string.obj ltc/pk/asn1/der/printable_string/der_encode_printable_string.obj \ | |
91 | ltc/pk/asn1/der/printable_string/der_length_printable_string.obj ltc/pk/asn1/der/sequence/der_decode_sequence_ex.obj \ | |
92 | ltc/pk/asn1/der/sequence/der_decode_sequence_flexi.obj ltc/pk/asn1/der/sequence/der_decode_sequence_multi.obj \ | |
93 | ltc/pk/asn1/der/sequence/der_encode_sequence_ex.obj ltc/pk/asn1/der/sequence/der_encode_sequence_multi.obj \ | |
94 | ltc/pk/asn1/der/sequence/der_length_sequence.obj ltc/pk/asn1/der/sequence/der_sequence_free.obj \ | |
95 | ltc/pk/asn1/der/sequence/der_sequence_shrink.obj ltc/pk/asn1/der/set/der_encode_set.obj \ | |
96 | ltc/pk/asn1/der/set/der_encode_setof.obj ltc/pk/asn1/der/short_integer/der_decode_short_integer.obj \ | |
62 | ltc/misc/padding/padding_pad.obj ltc/misc/pbes/pbes.obj ltc/misc/pbes/pbes1.obj ltc/misc/pbes/pbes2.obj \ | |
63 | ltc/misc/pkcs12/pkcs12_kdf.obj ltc/misc/pkcs12/pkcs12_utf8_to_utf16.obj ltc/misc/pkcs5/pkcs_5_1.obj \ | |
64 | ltc/misc/pkcs5/pkcs_5_2.obj ltc/modes/cbc/cbc_decrypt.obj ltc/modes/cbc/cbc_done.obj \ | |
65 | ltc/modes/cbc/cbc_encrypt.obj ltc/modes/cbc/cbc_getiv.obj ltc/modes/cbc/cbc_setiv.obj \ | |
66 | ltc/modes/cbc/cbc_start.obj ltc/modes/cfb/cfb_decrypt.obj ltc/modes/cfb/cfb_done.obj \ | |
67 | ltc/modes/cfb/cfb_encrypt.obj ltc/modes/cfb/cfb_getiv.obj ltc/modes/cfb/cfb_setiv.obj \ | |
68 | ltc/modes/cfb/cfb_start.obj ltc/modes/ctr/ctr_decrypt.obj ltc/modes/ctr/ctr_done.obj \ | |
69 | ltc/modes/ctr/ctr_encrypt.obj ltc/modes/ctr/ctr_getiv.obj ltc/modes/ctr/ctr_setiv.obj \ | |
70 | ltc/modes/ctr/ctr_start.obj ltc/modes/ecb/ecb_decrypt.obj ltc/modes/ecb/ecb_done.obj \ | |
71 | ltc/modes/ecb/ecb_encrypt.obj ltc/modes/ecb/ecb_start.obj ltc/modes/ofb/ofb_decrypt.obj \ | |
72 | ltc/modes/ofb/ofb_done.obj ltc/modes/ofb/ofb_encrypt.obj ltc/modes/ofb/ofb_getiv.obj \ | |
73 | ltc/modes/ofb/ofb_setiv.obj ltc/modes/ofb/ofb_start.obj ltc/pk/asn1/der/bit/der_decode_bit_string.obj \ | |
74 | ltc/pk/asn1/der/bit/der_decode_raw_bit_string.obj ltc/pk/asn1/der/bit/der_encode_bit_string.obj \ | |
75 | ltc/pk/asn1/der/bit/der_encode_raw_bit_string.obj ltc/pk/asn1/der/bit/der_length_bit_string.obj \ | |
76 | ltc/pk/asn1/der/boolean/der_decode_boolean.obj ltc/pk/asn1/der/boolean/der_encode_boolean.obj \ | |
77 | ltc/pk/asn1/der/boolean/der_length_boolean.obj ltc/pk/asn1/der/choice/der_decode_choice.obj \ | |
78 | ltc/pk/asn1/der/custom_type/der_decode_custom_type.obj ltc/pk/asn1/der/custom_type/der_encode_custom_type.obj \ | |
79 | ltc/pk/asn1/der/custom_type/der_length_custom_type.obj ltc/pk/asn1/der/general/der_asn1_maps.obj \ | |
80 | ltc/pk/asn1/der/general/der_decode_asn1_identifier.obj ltc/pk/asn1/der/general/der_decode_asn1_length.obj \ | |
81 | ltc/pk/asn1/der/general/der_encode_asn1_identifier.obj ltc/pk/asn1/der/general/der_encode_asn1_length.obj \ | |
82 | ltc/pk/asn1/der/general/der_length_asn1_identifier.obj ltc/pk/asn1/der/general/der_length_asn1_length.obj \ | |
83 | ltc/pk/asn1/der/generalizedtime/der_decode_generalizedtime.obj ltc/pk/asn1/der/generalizedtime/der_encode_generalizedtime.obj \ | |
84 | ltc/pk/asn1/der/generalizedtime/der_length_generalizedtime.obj ltc/pk/asn1/der/ia5/der_decode_ia5_string.obj \ | |
85 | ltc/pk/asn1/der/ia5/der_encode_ia5_string.obj ltc/pk/asn1/der/ia5/der_length_ia5_string.obj \ | |
86 | ltc/pk/asn1/der/integer/der_decode_integer.obj ltc/pk/asn1/der/integer/der_encode_integer.obj \ | |
87 | ltc/pk/asn1/der/integer/der_length_integer.obj ltc/pk/asn1/der/object_identifier/der_decode_object_identifier.obj \ | |
88 | ltc/pk/asn1/der/object_identifier/der_encode_object_identifier.obj ltc/pk/asn1/der/object_identifier/der_length_object_identifier.obj \ | |
89 | ltc/pk/asn1/der/octet/der_decode_octet_string.obj ltc/pk/asn1/der/octet/der_encode_octet_string.obj \ | |
90 | ltc/pk/asn1/der/octet/der_length_octet_string.obj ltc/pk/asn1/der/printable_string/der_decode_printable_string.obj \ | |
91 | ltc/pk/asn1/der/printable_string/der_encode_printable_string.obj ltc/pk/asn1/der/printable_string/der_length_printable_string.obj \ | |
92 | ltc/pk/asn1/der/sequence/der_decode_sequence_ex.obj ltc/pk/asn1/der/sequence/der_decode_sequence_flexi.obj \ | |
93 | ltc/pk/asn1/der/sequence/der_decode_sequence_multi.obj ltc/pk/asn1/der/sequence/der_encode_sequence_ex.obj \ | |
94 | ltc/pk/asn1/der/sequence/der_encode_sequence_multi.obj ltc/pk/asn1/der/sequence/der_length_sequence.obj \ | |
95 | ltc/pk/asn1/der/sequence/der_sequence_free.obj ltc/pk/asn1/der/sequence/der_sequence_shrink.obj \ | |
96 | ltc/pk/asn1/der/set/der_encode_set.obj ltc/pk/asn1/der/set/der_encode_setof.obj ltc/pk/asn1/der/short_integer/der_decode_short_integer.obj \ | |
97 | 97 | ltc/pk/asn1/der/short_integer/der_encode_short_integer.obj ltc/pk/asn1/der/short_integer/der_length_short_integer.obj \ |
98 | 98 | ltc/pk/asn1/der/teletex_string/der_decode_teletex_string.obj ltc/pk/asn1/der/teletex_string/der_length_teletex_string.obj \ |
99 | 99 | ltc/pk/asn1/der/utctime/der_decode_utctime.obj ltc/pk/asn1/der/utctime/der_encode_utctime.obj \ |
100 | 100 | ltc/pk/asn1/der/utctime/der_length_utctime.obj ltc/pk/asn1/der/utf8/der_decode_utf8_string.obj \ |
101 | 101 | ltc/pk/asn1/der/utf8/der_encode_utf8_string.obj ltc/pk/asn1/der/utf8/der_length_utf8_string.obj \ |
102 | ltc/pk/asn1/x509/x509_decode_subject_public_key_info.obj ltc/pk/asn1/x509/x509_encode_subject_public_key_info.obj \ | |
103 | ltc/pk/dh/dh.obj ltc/pk/dh/dh_check_pubkey.obj ltc/pk/dh/dh_export.obj ltc/pk/dh/dh_export_key.obj \ | |
104 | ltc/pk/dh/dh_free.obj ltc/pk/dh/dh_generate_key.obj ltc/pk/dh/dh_import.obj ltc/pk/dh/dh_set.obj \ | |
105 | ltc/pk/dh/dh_set_pg_dhparam.obj ltc/pk/dh/dh_shared_secret.obj ltc/pk/dsa/dsa_decrypt_key.obj \ | |
106 | ltc/pk/dsa/dsa_encrypt_key.obj ltc/pk/dsa/dsa_export.obj ltc/pk/dsa/dsa_free.obj \ | |
107 | ltc/pk/dsa/dsa_generate_key.obj ltc/pk/dsa/dsa_generate_pqg.obj ltc/pk/dsa/dsa_import.obj \ | |
108 | ltc/pk/dsa/dsa_make_key.obj ltc/pk/dsa/dsa_set.obj ltc/pk/dsa/dsa_set_pqg_dsaparam.obj \ | |
102 | ltc/pk/asn1/oid/pk_get_oid.obj ltc/pk/asn1/oid/pk_oid_cmp.obj ltc/pk/asn1/oid/pk_oid_str.obj \ | |
103 | ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.obj ltc/pk/asn1/x509/x509_decode_subject_public_key_info.obj \ | |
104 | ltc/pk/asn1/x509/x509_encode_subject_public_key_info.obj ltc/pk/dh/dh.obj ltc/pk/dh/dh_check_pubkey.obj \ | |
105 | ltc/pk/dh/dh_export.obj ltc/pk/dh/dh_export_key.obj ltc/pk/dh/dh_free.obj ltc/pk/dh/dh_generate_key.obj \ | |
106 | ltc/pk/dh/dh_import.obj ltc/pk/dh/dh_set.obj ltc/pk/dh/dh_set_pg_dhparam.obj ltc/pk/dh/dh_shared_secret.obj \ | |
107 | ltc/pk/dsa/dsa_decrypt_key.obj ltc/pk/dsa/dsa_encrypt_key.obj ltc/pk/dsa/dsa_export.obj \ | |
108 | ltc/pk/dsa/dsa_free.obj ltc/pk/dsa/dsa_generate_key.obj ltc/pk/dsa/dsa_generate_pqg.obj \ | |
109 | ltc/pk/dsa/dsa_import.obj ltc/pk/dsa/dsa_make_key.obj ltc/pk/dsa/dsa_set.obj ltc/pk/dsa/dsa_set_pqg_dsaparam.obj \ | |
109 | 110 | ltc/pk/dsa/dsa_shared_secret.obj ltc/pk/dsa/dsa_sign_hash.obj ltc/pk/dsa/dsa_verify_hash.obj \ |
110 | 111 | ltc/pk/dsa/dsa_verify_key.obj ltc/pk/ecc/ecc.obj ltc/pk/ecc/ecc_ansi_x963_export.obj \ |
111 | 112 | ltc/pk/ecc/ecc_ansi_x963_import.obj ltc/pk/ecc/ecc_decrypt_key.obj ltc/pk/ecc/ecc_encrypt_key.obj \ |
113 | 114 | ltc/pk/ecc/ecc_free.obj ltc/pk/ecc/ecc_get_key.obj ltc/pk/ecc/ecc_get_oid_str.obj \ |
114 | 115 | ltc/pk/ecc/ecc_get_size.obj ltc/pk/ecc/ecc_import.obj ltc/pk/ecc/ecc_import_openssl.obj \ |
115 | 116 | ltc/pk/ecc/ecc_import_pkcs8.obj ltc/pk/ecc/ecc_import_x509.obj ltc/pk/ecc/ecc_make_key.obj \ |
116 | ltc/pk/ecc/ecc_set_curve.obj ltc/pk/ecc/ecc_set_curve_internal.obj ltc/pk/ecc/ecc_set_key.obj \ | |
117 | ltc/pk/ecc/ecc_shared_secret.obj ltc/pk/ecc/ecc_sign_hash.obj ltc/pk/ecc/ecc_sizes.obj \ | |
118 | ltc/pk/ecc/ecc_verify_hash.obj ltc/pk/ecc/ltc_ecc_export_point.obj ltc/pk/ecc/ltc_ecc_import_point.obj \ | |
119 | ltc/pk/ecc/ltc_ecc_is_point.obj ltc/pk/ecc/ltc_ecc_is_point_at_infinity.obj ltc/pk/ecc/ltc_ecc_map.obj \ | |
120 | ltc/pk/ecc/ltc_ecc_mul2add.obj ltc/pk/ecc/ltc_ecc_mulmod.obj ltc/pk/ecc/ltc_ecc_mulmod_timing.obj \ | |
121 | ltc/pk/ecc/ltc_ecc_points.obj ltc/pk/ecc/ltc_ecc_projective_add_point.obj ltc/pk/ecc/ltc_ecc_projective_dbl_point.obj \ | |
122 | ltc/pk/ecc/ltc_ecc_verify_key.obj ltc/pk/pkcs1/pkcs_1_i2osp.obj ltc/pk/pkcs1/pkcs_1_mgf1.obj \ | |
123 | ltc/pk/pkcs1/pkcs_1_oaep_decode.obj ltc/pk/pkcs1/pkcs_1_oaep_encode.obj ltc/pk/pkcs1/pkcs_1_os2ip.obj \ | |
124 | ltc/pk/pkcs1/pkcs_1_pss_decode.obj ltc/pk/pkcs1/pkcs_1_pss_encode.obj ltc/pk/pkcs1/pkcs_1_v1_5_decode.obj \ | |
125 | ltc/pk/pkcs1/pkcs_1_v1_5_encode.obj ltc/pk/rsa/rsa_decrypt_key.obj ltc/pk/rsa/rsa_encrypt_key.obj \ | |
126 | ltc/pk/rsa/rsa_export.obj ltc/pk/rsa/rsa_exptmod.obj ltc/pk/rsa/rsa_free.obj ltc/pk/rsa/rsa_get_size.obj \ | |
127 | ltc/pk/rsa/rsa_import.obj ltc/pk/rsa/rsa_import_pkcs8.obj ltc/pk/rsa/rsa_import_x509.obj \ | |
128 | ltc/pk/rsa/rsa_make_key.obj ltc/pk/rsa/rsa_set.obj ltc/pk/rsa/rsa_sign_hash.obj ltc/pk/rsa/rsa_sign_saltlen_get.obj \ | |
129 | ltc/pk/rsa/rsa_verify_hash.obj ltc/prngs/chacha20.obj ltc/prngs/fortuna.obj ltc/prngs/rc4.obj \ | |
130 | ltc/prngs/rng_get_bytes.obj ltc/prngs/rng_make_prng.obj ltc/prngs/sober128.obj ltc/prngs/sprng.obj \ | |
131 | ltc/prngs/yarrow.obj ltc/stream/chacha/chacha_crypt.obj ltc/stream/chacha/chacha_done.obj \ | |
132 | ltc/stream/chacha/chacha_ivctr32.obj ltc/stream/chacha/chacha_ivctr64.obj ltc/stream/chacha/chacha_keystream.obj \ | |
133 | ltc/stream/chacha/chacha_setup.obj ltc/stream/rabbit/rabbit.obj ltc/stream/rc4/rc4_stream.obj \ | |
134 | ltc/stream/salsa20/salsa20_crypt.obj ltc/stream/salsa20/salsa20_done.obj ltc/stream/salsa20/salsa20_ivctr64.obj \ | |
135 | ltc/stream/salsa20/salsa20_keystream.obj ltc/stream/salsa20/salsa20_setup.obj ltc/stream/salsa20/xsalsa20_setup.obj \ | |
136 | ltc/stream/sober128/sober128_stream.obj ltc/stream/sosemanuk/sosemanuk.obj ltm/bncore.obj \ | |
117 | ltc/pk/ecc/ecc_recover_key.obj ltc/pk/ecc/ecc_set_curve.obj ltc/pk/ecc/ecc_set_curve_internal.obj \ | |
118 | ltc/pk/ecc/ecc_set_key.obj ltc/pk/ecc/ecc_shared_secret.obj ltc/pk/ecc/ecc_sign_hash.obj \ | |
119 | ltc/pk/ecc/ecc_sizes.obj ltc/pk/ecc/ecc_verify_hash.obj ltc/pk/ecc/ltc_ecc_export_point.obj \ | |
120 | ltc/pk/ecc/ltc_ecc_import_point.obj ltc/pk/ecc/ltc_ecc_is_point.obj ltc/pk/ecc/ltc_ecc_is_point_at_infinity.obj \ | |
121 | ltc/pk/ecc/ltc_ecc_map.obj ltc/pk/ecc/ltc_ecc_mul2add.obj ltc/pk/ecc/ltc_ecc_mulmod.obj \ | |
122 | ltc/pk/ecc/ltc_ecc_mulmod_timing.obj ltc/pk/ecc/ltc_ecc_points.obj ltc/pk/ecc/ltc_ecc_projective_add_point.obj \ | |
123 | ltc/pk/ecc/ltc_ecc_projective_dbl_point.obj ltc/pk/ecc/ltc_ecc_verify_key.obj ltc/pk/pkcs1/pkcs_1_i2osp.obj \ | |
124 | ltc/pk/pkcs1/pkcs_1_mgf1.obj ltc/pk/pkcs1/pkcs_1_oaep_decode.obj ltc/pk/pkcs1/pkcs_1_oaep_encode.obj \ | |
125 | ltc/pk/pkcs1/pkcs_1_os2ip.obj ltc/pk/pkcs1/pkcs_1_pss_decode.obj ltc/pk/pkcs1/pkcs_1_pss_encode.obj \ | |
126 | ltc/pk/pkcs1/pkcs_1_v1_5_decode.obj ltc/pk/pkcs1/pkcs_1_v1_5_encode.obj ltc/pk/rsa/rsa_decrypt_key.obj \ | |
127 | ltc/pk/rsa/rsa_encrypt_key.obj ltc/pk/rsa/rsa_export.obj ltc/pk/rsa/rsa_exptmod.obj \ | |
128 | ltc/pk/rsa/rsa_free.obj ltc/pk/rsa/rsa_get_size.obj ltc/pk/rsa/rsa_import.obj ltc/pk/rsa/rsa_import_pkcs8.obj \ | |
129 | ltc/pk/rsa/rsa_import_x509.obj ltc/pk/rsa/rsa_make_key.obj ltc/pk/rsa/rsa_set.obj \ | |
130 | ltc/pk/rsa/rsa_sign_hash.obj ltc/pk/rsa/rsa_sign_saltlen_get.obj ltc/pk/rsa/rsa_verify_hash.obj \ | |
131 | ltc/prngs/chacha20.obj ltc/prngs/fortuna.obj ltc/prngs/rc4.obj ltc/prngs/rng_get_bytes.obj \ | |
132 | ltc/prngs/rng_make_prng.obj ltc/prngs/sober128.obj ltc/prngs/sprng.obj ltc/prngs/yarrow.obj \ | |
133 | ltc/stream/chacha/chacha_crypt.obj ltc/stream/chacha/chacha_done.obj ltc/stream/chacha/chacha_ivctr32.obj \ | |
134 | ltc/stream/chacha/chacha_ivctr64.obj ltc/stream/chacha/chacha_keystream.obj ltc/stream/chacha/chacha_memory.obj \ | |
135 | ltc/stream/chacha/chacha_setup.obj ltc/stream/rabbit/rabbit.obj ltc/stream/rabbit/rabbit_memory.obj \ | |
136 | ltc/stream/rc4/rc4_stream.obj ltc/stream/rc4/rc4_stream_memory.obj ltc/stream/salsa20/salsa20_crypt.obj \ | |
137 | ltc/stream/salsa20/salsa20_done.obj ltc/stream/salsa20/salsa20_ivctr64.obj ltc/stream/salsa20/salsa20_keystream.obj \ | |
138 | ltc/stream/salsa20/salsa20_memory.obj ltc/stream/salsa20/salsa20_setup.obj ltc/stream/salsa20/xsalsa20_memory.obj \ | |
139 | ltc/stream/salsa20/xsalsa20_setup.obj ltc/stream/sober128/sober128_stream.obj ltc/stream/sober128/sober128_stream_memory.obj \ | |
140 | ltc/stream/sosemanuk/sosemanuk.obj ltc/stream/sosemanuk/sosemanuk_memory.obj ltm/bncore.obj \ | |
137 | 141 | ltm/bn_error.obj ltm/bn_fast_mp_invmod.obj ltm/bn_fast_mp_montgomery_reduce.obj ltm/bn_fast_s_mp_mul_digs.obj \ |
138 | 142 | ltm/bn_fast_s_mp_mul_high_digs.obj ltm/bn_fast_s_mp_sqr.obj ltm/bn_mp_2expt.obj ltm/bn_mp_abs.obj \ |
139 | 143 | ltm/bn_mp_add.obj ltm/bn_mp_addmod.obj ltm/bn_mp_add_d.obj ltm/bn_mp_and.obj ltm/bn_mp_clamp.obj \ |
1008 | 1008 | int chacha_keystream(chacha_state *st, unsigned char *out, unsigned long outlen); |
1009 | 1009 | int chacha_done(chacha_state *st); |
1010 | 1010 | int chacha_test(void); |
1011 | int chacha_memory(const unsigned char *key, unsigned long keylen, unsigned long rounds, | |
1012 | const unsigned char *iv, unsigned long ivlen, ulong64 counter, | |
1013 | const unsigned char *datain, unsigned long datalen, unsigned char *dataout); | |
1011 | 1014 | |
1012 | 1015 | #endif /* LTC_CHACHA */ |
1013 | 1016 | |
1027 | 1030 | int salsa20_keystream(salsa20_state *st, unsigned char *out, unsigned long outlen); |
1028 | 1031 | int salsa20_done(salsa20_state *st); |
1029 | 1032 | int salsa20_test(void); |
1033 | int salsa20_memory(const unsigned char *key, unsigned long keylen, unsigned long rounds, | |
1034 | const unsigned char *iv, unsigned long ivlen, ulong64 counter, | |
1035 | const unsigned char *datain, unsigned long datalen, unsigned char *dataout); | |
1030 | 1036 | |
1031 | 1037 | #endif /* LTC_SALSA20 */ |
1032 | 1038 | |
1036 | 1042 | const unsigned char *nonce, unsigned long noncelen, |
1037 | 1043 | int rounds); |
1038 | 1044 | int xsalsa20_test(void); |
1045 | int xsalsa20_memory(const unsigned char *key, unsigned long keylen, unsigned long rounds, | |
1046 | const unsigned char *nonce, unsigned long noncelen, | |
1047 | const unsigned char *datain, unsigned long datalen, unsigned char *dataout); | |
1039 | 1048 | |
1040 | 1049 | #endif /* LTC_XSALSA20 */ |
1041 | 1050 | |
1054 | 1063 | unsigned ptr; |
1055 | 1064 | } sosemanuk_state; |
1056 | 1065 | |
1057 | int sosemanuk_setup(sosemanuk_state *ss, const unsigned char *key, unsigned long keylen); | |
1058 | int sosemanuk_setiv(sosemanuk_state *ss, const unsigned char *iv, unsigned long ivlen); | |
1059 | int sosemanuk_crypt(sosemanuk_state *ss, const unsigned char *in, unsigned long inlen, unsigned char *out); | |
1060 | int sosemanuk_keystream(sosemanuk_state *ss, unsigned char *out, unsigned long outlen); | |
1061 | int sosemanuk_done(sosemanuk_state *ss); | |
1066 | int sosemanuk_setup(sosemanuk_state *st, const unsigned char *key, unsigned long keylen); | |
1067 | int sosemanuk_setiv(sosemanuk_state *st, const unsigned char *iv, unsigned long ivlen); | |
1068 | int sosemanuk_crypt(sosemanuk_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); | |
1069 | int sosemanuk_keystream(sosemanuk_state *st, unsigned char *out, unsigned long outlen); | |
1070 | int sosemanuk_done(sosemanuk_state *st); | |
1062 | 1071 | int sosemanuk_test(void); |
1072 | int sosemanuk_memory(const unsigned char *key, unsigned long keylen, | |
1073 | const unsigned char *iv, unsigned long ivlen, | |
1074 | const unsigned char *datain, unsigned long datalen, | |
1075 | unsigned char *dataout); | |
1063 | 1076 | |
1064 | 1077 | #endif /* LTC_SOSEMANUK */ |
1065 | 1078 | |
1084 | 1097 | int rabbit_keystream(rabbit_state* st, unsigned char *out, unsigned long outlen); |
1085 | 1098 | int rabbit_done(rabbit_state *st); |
1086 | 1099 | int rabbit_test(void); |
1100 | int rabbit_memory(const unsigned char *key, unsigned long keylen, | |
1101 | const unsigned char *iv, unsigned long ivlen, | |
1102 | const unsigned char *datain, unsigned long datalen, | |
1103 | unsigned char *dataout); | |
1087 | 1104 | |
1088 | 1105 | #endif /* LTC_RABBIT */ |
1089 | 1106 | |
1099 | 1116 | int rc4_stream_keystream(rc4_state *st, unsigned char *out, unsigned long outlen); |
1100 | 1117 | int rc4_stream_done(rc4_state *st); |
1101 | 1118 | int rc4_stream_test(void); |
1119 | int rc4_stream_memory(const unsigned char *key, unsigned long keylen, | |
1120 | const unsigned char *datain, unsigned long datalen, | |
1121 | unsigned char *dataout); | |
1102 | 1122 | |
1103 | 1123 | #endif /* LTC_RC4_STREAM */ |
1104 | 1124 | |
1118 | 1138 | int sober128_stream_keystream(sober128_state *st, unsigned char *out, unsigned long outlen); |
1119 | 1139 | int sober128_stream_done(sober128_state *st); |
1120 | 1140 | int sober128_stream_test(void); |
1141 | int sober128_stream_memory(const unsigned char *key, unsigned long keylen, | |
1142 | const unsigned char *iv, unsigned long ivlen, | |
1143 | const unsigned char *datain, unsigned long datalen, | |
1144 | unsigned char *dataout); | |
1121 | 1145 | |
1122 | 1146 | #endif /* LTC_SOBER128_STREAM */ |
1123 | 1147 |
462 | 462 | |
463 | 463 | #define LTC_PKCS_1 |
464 | 464 | #define LTC_PKCS_5 |
465 | #define LTC_PKCS_8 | |
465 | 466 | #define LTC_PKCS_12 |
466 | 467 | |
467 | 468 | /* Include ASN.1 DER (required by DSA/RSA) */ |
493 | 494 | #define LTC_CRC32 |
494 | 495 | |
495 | 496 | #define LTC_PADDING |
497 | ||
498 | #define LTC_PBES | |
496 | 499 | |
497 | 500 | #endif /* LTC_NO_MISC */ |
498 | 501 | |
559 | 562 | #define LTC_PKCS_1 |
560 | 563 | #endif |
561 | 564 | |
565 | #if defined(LTC_MRSA) || defined(LTC_MECC) | |
566 | #define LTC_PKCS_8 | |
567 | #endif | |
568 | ||
569 | #ifdef LTC_PKCS_8 | |
570 | #define LTC_PADDING | |
571 | #define LTC_PBES | |
572 | #endif | |
573 | ||
562 | 574 | #if defined(LTC_PELICAN) && !defined(LTC_RIJNDAEL) |
563 | 575 | #error Pelican-MAC requires LTC_RIJNDAEL |
564 | 576 | #endif |
243 | 243 | void *k; |
244 | 244 | } ecc_key; |
245 | 245 | |
246 | /** Formats of ECC signatures */ | |
247 | typedef enum ecc_signature_type_ { | |
248 | /* ASN.1 encoded, ANSI X9.62 */ | |
249 | LTC_ECCSIG_ANSIX962 = 0x0, | |
250 | /* raw R, S values */ | |
251 | LTC_ECCSIG_RFC7518 = 0x1, | |
252 | /* raw R, S, V (+27) values */ | |
253 | LTC_ECCSIG_ETH27 = 0x2 | |
254 | } ecc_signature_type; | |
255 | ||
246 | 256 | /** the ECC params provided */ |
247 | 257 | extern const ltc_ecc_curve ltc_ecc_curves[]; |
248 | 258 | |
286 | 296 | unsigned char *out, unsigned long *outlen, |
287 | 297 | const ecc_key *key); |
288 | 298 | |
289 | int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen, | |
290 | unsigned char *out, unsigned long *outlen, | |
291 | prng_state *prng, int wprng, const ecc_key *key); | |
292 | ||
293 | int ecc_sign_hash(const unsigned char *in, unsigned long inlen, | |
294 | unsigned char *out, unsigned long *outlen, | |
295 | prng_state *prng, int wprng, const ecc_key *key); | |
296 | ||
297 | int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen, | |
298 | const unsigned char *hash, unsigned long hashlen, | |
299 | int *stat, const ecc_key *key); | |
300 | ||
301 | int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, | |
299 | #define ecc_sign_hash_rfc7518(in_, inlen_, out_, outlen_, prng_, wprng_, key_) \ | |
300 | ecc_sign_hash_ex(in_, inlen_, out_, outlen_, prng_, wprng_, LTC_ECCSIG_RFC7518, NULL, key_) | |
301 | ||
302 | #define ecc_sign_hash(in_, inlen_, out_, outlen_, prng_, wprng_, key_) \ | |
303 | ecc_sign_hash_ex(in_, inlen_, out_, outlen_, prng_, wprng_, LTC_ECCSIG_ANSIX962, NULL, key_) | |
304 | ||
305 | #define ecc_verify_hash_rfc7518(sig_, siglen_, hash_, hashlen_, stat_, key_) \ | |
306 | ecc_verify_hash_ex(sig_, siglen_, hash_, hashlen_, LTC_ECCSIG_RFC7518, stat_, key_) | |
307 | ||
308 | #define ecc_verify_hash(sig_, siglen_, hash_, hashlen_, stat_, key_) \ | |
309 | ecc_verify_hash_ex(sig_, siglen_, hash_, hashlen_, LTC_ECCSIG_ANSIX962, stat_, key_) | |
310 | ||
311 | int ecc_sign_hash_ex(const unsigned char *in, unsigned long inlen, | |
312 | unsigned char *out, unsigned long *outlen, | |
313 | prng_state *prng, int wprng, ecc_signature_type sigformat, | |
314 | int *recid, const ecc_key *key); | |
315 | ||
316 | int ecc_verify_hash_ex(const unsigned char *sig, unsigned long siglen, | |
317 | const unsigned char *hash, unsigned long hashlen, | |
318 | ecc_signature_type sigformat, int *stat, const ecc_key *key); | |
319 | ||
320 | int ecc_recover_key(const unsigned char *sig, unsigned long siglen, | |
302 | 321 | const unsigned char *hash, unsigned long hashlen, |
303 | int *stat, const ecc_key *key); | |
322 | int recid, ecc_signature_type sigformat, ecc_key *key); | |
304 | 323 | |
305 | 324 | #endif |
306 | 325 |
18 | 18 | * Internal Enums |
19 | 19 | */ |
20 | 20 | |
21 | enum public_key_algorithms { | |
21 | enum ltc_oid_id { | |
22 | 22 | PKA_RSA, |
23 | 23 | PKA_DSA, |
24 | 24 | PKA_EC, |
29 | 29 | * Internal Types |
30 | 30 | */ |
31 | 31 | |
32 | typedef struct Oid { | |
33 | unsigned long OID[16]; | |
34 | /** Number of OID digits in use */ | |
35 | unsigned long OIDlen; | |
36 | } oid_st; | |
37 | ||
38 | 32 | typedef struct { |
39 | 33 | int size; |
40 | 34 | const char *name, *base, *prime; |
41 | 35 | } ltc_dh_set_type; |
42 | 36 | |
37 | ||
38 | typedef int (*fn_kdf_t)(const unsigned char *password, unsigned long password_len, | |
39 | const unsigned char *salt, unsigned long salt_len, | |
40 | int iteration_count, int hash_idx, | |
41 | unsigned char *out, unsigned long *outlen); | |
42 | ||
43 | typedef struct { | |
44 | /* KDF */ | |
45 | fn_kdf_t kdf; | |
46 | /* Hash or HMAC */ | |
47 | const char* h; | |
48 | /* cipher */ | |
49 | const char* c; | |
50 | unsigned long keylen; | |
51 | /* not used for pbkdf2 */ | |
52 | unsigned long blocklen; | |
53 | } pbes_properties; | |
54 | ||
55 | typedef struct | |
56 | { | |
57 | pbes_properties type; | |
58 | const void *pwd; | |
59 | unsigned long pwdlen; | |
60 | ltc_asn1_list *enc_data; | |
61 | ltc_asn1_list *salt; | |
62 | ltc_asn1_list *iv; | |
63 | unsigned long iterations; | |
64 | /* only used for RC2 */ | |
65 | unsigned long key_bits; | |
66 | } pbes_arg; | |
43 | 67 | |
44 | 68 | /* |
45 | 69 | * Internal functions |
172 | 196 | |
173 | 197 | void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned long len, int coz); |
174 | 198 | |
199 | int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *dec_size); | |
200 | ||
201 | int pbes1_extract(const ltc_asn1_list *s, pbes_arg *res); | |
202 | int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res); | |
203 | ||
175 | 204 | |
176 | 205 | /* tomcrypt_pk.h */ |
177 | 206 | |
178 | 207 | int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng); |
179 | 208 | int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng); |
180 | 209 | |
181 | int pk_get_oid(int pk, oid_st *st); | |
210 | int pk_get_oid(enum ltc_oid_id id, const char **st); | |
182 | 211 | int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen); |
183 | 212 | int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen); |
184 | 213 | |
264 | 293 | #endif /* LTC_MDSA */ |
265 | 294 | |
266 | 295 | #ifdef LTC_DER |
296 | ||
297 | #define LTC_ASN1_IS_TYPE(e, t) (((e) != NULL) && ((e)->type == (t))) | |
298 | ||
267 | 299 | /* DER handling */ |
268 | 300 | int der_decode_custom_type_ex(const unsigned char *in, unsigned long inlen, |
269 | 301 | ltc_asn1_list *root, |
302 | 334 | unsigned int algorithm, void* public_key, unsigned long* public_key_len, |
303 | 335 | ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long *parameters_len); |
304 | 336 | |
337 | int pk_oid_cmp_with_ulong(const char *o1, const unsigned long *o2, unsigned long o2size); | |
338 | int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2); | |
339 | ||
305 | 340 | #endif /* LTC_DER */ |
306 | 341 | |
307 | 342 | /* tomcrypt_pkcs.h */ |
343 | ||
344 | #ifdef LTC_PKCS_8 | |
345 | ||
346 | int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, | |
347 | const void *pwd, unsigned long pwdlen, | |
348 | ltc_asn1_list **decoded_list); | |
349 | ||
350 | #endif /* LTC_PKCS_8 */ | |
351 | ||
308 | 352 | |
309 | 353 | #ifdef LTC_PKCS_12 |
310 | 354 |
435 | 435 | #if defined(LTC_PKCS_5) |
436 | 436 | " PKCS#5 " |
437 | 437 | #endif |
438 | #if defined(LTC_PKCS_8) | |
439 | " PKCS#8 " | |
440 | #endif | |
438 | 441 | #if defined(LTC_PKCS_12) |
439 | 442 | " PKCS#12 " |
440 | 443 | #endif |
443 | 446 | #endif |
444 | 447 | #if defined(LTC_HKDF) |
445 | 448 | " HKDF " |
449 | #endif | |
450 | #if defined(LTC_PBES) | |
451 | " PBES1 " | |
452 | " PBES2 " | |
446 | 453 | #endif |
447 | 454 | #if defined(LTC_DEVRANDOM) |
448 | 455 | " LTC_DEVRANDOM " |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | #include "tomcrypt_private.h" | |
9 | ||
10 | #ifdef LTC_PBES | |
11 | ||
12 | /** | |
13 | Decrypt Data encrypted via either PBES1 or PBES2 | |
14 | ||
15 | @param arg The according PBES parameters | |
16 | @param dec_data [out] The decrypted data | |
17 | @param dec_size [in/out] The length of the encrypted resp. decrypted data | |
18 | @return CRYPT_OK on success | |
19 | */ | |
20 | int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *dec_size) | |
21 | { | |
22 | int err, hid = -1, cid = -1; | |
23 | unsigned char k[32], *iv; | |
24 | unsigned long klen, keylen, dlen; | |
25 | long diff; | |
26 | symmetric_CBC cbc; | |
27 | ||
28 | LTC_ARGCHK(arg != NULL); | |
29 | LTC_ARGCHK(arg->type.kdf != NULL); | |
30 | LTC_ARGCHK(dec_data != NULL); | |
31 | LTC_ARGCHK(dec_size != NULL); | |
32 | ||
33 | hid = find_hash(arg->type.h); | |
34 | if (hid == -1) return CRYPT_INVALID_HASH; | |
35 | cid = find_cipher(arg->type.c); | |
36 | if (cid == -1) return CRYPT_INVALID_CIPHER; | |
37 | ||
38 | klen = arg->type.keylen; | |
39 | ||
40 | /* RC2 special case */ | |
41 | if (arg->key_bits != 0) { | |
42 | /* We can't handle odd lengths of Key Bits */ | |
43 | if ((arg->key_bits % 8) != 0) return CRYPT_INVALID_KEYSIZE; | |
44 | /* Internally we use bytes, not bits */ | |
45 | klen = arg->key_bits / 8; | |
46 | } | |
47 | keylen = klen; | |
48 | ||
49 | if (arg->iv != NULL) { | |
50 | iv = arg->iv->data; | |
51 | } else { | |
52 | iv = k + klen; | |
53 | klen += arg->type.blocklen; | |
54 | } | |
55 | ||
56 | if (klen > sizeof(k)) return CRYPT_INVALID_ARG; | |
57 | ||
58 | if ((err = arg->type.kdf(arg->pwd, arg->pwdlen, arg->salt->data, arg->salt->size, arg->iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR; | |
59 | if ((err = cbc_start(cid, iv, k, keylen, 0, &cbc)) != CRYPT_OK) goto LBL_ERROR; | |
60 | if ((err = cbc_decrypt(arg->enc_data->data, dec_data, arg->enc_data->size, &cbc)) != CRYPT_OK) goto LBL_ERROR; | |
61 | if ((err = cbc_done(&cbc)) != CRYPT_OK) goto LBL_ERROR; | |
62 | dlen = arg->enc_data->size; | |
63 | if ((err = padding_depad(dec_data, &dlen, LTC_PAD_PKCS7)) != CRYPT_OK) goto LBL_ERROR; | |
64 | diff = (long)arg->enc_data->size - (long)dlen; | |
65 | if ((diff <= 0) || (diff > cipher_descriptor[cid].block_length)) { | |
66 | err = CRYPT_PK_INVALID_PADDING; | |
67 | goto LBL_ERROR; | |
68 | } | |
69 | *dec_size = dlen; | |
70 | return CRYPT_OK; | |
71 | ||
72 | LBL_ERROR: | |
73 | zeromem(k, sizeof(k)); | |
74 | zeromem(dec_data, *dec_size); | |
75 | return err; | |
76 | } | |
77 | ||
78 | #endif | |
79 | ||
80 | /* ref: $Format:%D$ */ | |
81 | /* git commit: $Format:%H$ */ | |
82 | /* commit time: $Format:%ai$ */ |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | #include "tomcrypt_private.h" | |
9 | ||
10 | #ifdef LTC_PBES | |
11 | ||
12 | static int _pkcs_5_alg1_wrap(const unsigned char *password, unsigned long password_len, | |
13 | const unsigned char *salt, unsigned long salt_len, | |
14 | int iteration_count, int hash_idx, | |
15 | unsigned char *out, unsigned long *outlen) | |
16 | { | |
17 | LTC_UNUSED_PARAM(salt_len); | |
18 | return pkcs_5_alg1(password, password_len, salt, iteration_count, hash_idx, out, outlen); | |
19 | } | |
20 | ||
21 | static int _pkcs_12_wrap(const unsigned char *password, unsigned long password_len, | |
22 | const unsigned char *salt, unsigned long salt_len, | |
23 | int iteration_count, int hash_idx, | |
24 | unsigned char *out, unsigned long *outlen) | |
25 | { | |
26 | int err; | |
27 | /* convert password to unicode/utf16-be */ | |
28 | unsigned long pwlen = password_len * 2; | |
29 | unsigned char* pw; | |
30 | if (*outlen < 32) return CRYPT_INVALID_ARG; | |
31 | pw = XMALLOC(pwlen + 2); | |
32 | if (pw == NULL) return CRYPT_MEM; | |
33 | if ((err = pkcs12_utf8_to_utf16(password, password_len, pw, &pwlen) != CRYPT_OK)) goto LBL_ERROR; | |
34 | pw[pwlen++] = 0; | |
35 | pw[pwlen++] = 0; | |
36 | /* derive KEY */ | |
37 | if ((err = pkcs12_kdf(hash_idx, pw, pwlen, salt, salt_len, iteration_count, 1, out, 24)) != CRYPT_OK) goto LBL_ERROR; | |
38 | /* derive IV */ | |
39 | if ((err = pkcs12_kdf(hash_idx, pw, pwlen, salt, salt_len, iteration_count, 2, out+24, 8)) != CRYPT_OK) goto LBL_ERROR; | |
40 | ||
41 | *outlen = 32; | |
42 | LBL_ERROR: | |
43 | zeromem(pw, pwlen); | |
44 | XFREE(pw); | |
45 | return err; | |
46 | } | |
47 | ||
48 | static const pbes_properties _pbes1_types[] = { | |
49 | { _pkcs_5_alg1_wrap, "md2", "des", 8, 8 }, | |
50 | { _pkcs_5_alg1_wrap, "md2", "rc2", 8, 8 }, | |
51 | { _pkcs_5_alg1_wrap, "md5", "des", 8, 8 }, | |
52 | { _pkcs_5_alg1_wrap, "md5", "rc2", 8, 8 }, | |
53 | { _pkcs_5_alg1_wrap, "sha1", "des", 8, 8 }, | |
54 | { _pkcs_5_alg1_wrap, "sha1", "rc2", 8, 8 }, | |
55 | { _pkcs_12_wrap, "sha1", "3des", 24, 8 }, | |
56 | }; | |
57 | ||
58 | typedef struct { | |
59 | const pbes_properties *data; | |
60 | const char *oid; | |
61 | } oid_to_pbes; | |
62 | ||
63 | static const oid_to_pbes _pbes1_list[] = { | |
64 | { &_pbes1_types[0], "1.2.840.113549.1.5.1" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.1 pbeWithMD2AndDES-CBC */ | |
65 | { &_pbes1_types[1], "1.2.840.113549.1.5.4" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.4 pbeWithMD2AndRC2-CBC */ | |
66 | { &_pbes1_types[2], "1.2.840.113549.1.5.3" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.3 pbeWithMD5AndDES-CBC */ | |
67 | { &_pbes1_types[3], "1.2.840.113549.1.5.6" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.6 pbeWithMD5AndRC2-CBC */ | |
68 | { &_pbes1_types[4], "1.2.840.113549.1.5.10" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.10 pbeWithSHA1AndDES-CBC */ | |
69 | { &_pbes1_types[5], "1.2.840.113549.1.5.11" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.11 pbeWithSHA1AndRC2-CBC */ | |
70 | { &_pbes1_types[6], "1.2.840.113549.1.12.1.3" }, /* http://www.oid-info.com/get/1.2.840.113549.1.12.1.3 pbeWithSHAAnd3-KeyTripleDES-CBC */ | |
71 | { 0 }, | |
72 | }; | |
73 | ||
74 | static int _pbes1_from_oid(const ltc_asn1_list *oid, pbes_properties *res) | |
75 | { | |
76 | unsigned int i; | |
77 | for (i = 0; _pbes1_list[i].data != NULL; ++i) { | |
78 | if (pk_oid_cmp_with_asn1(_pbes1_list[i].oid, oid) == CRYPT_OK) { | |
79 | if (res != NULL) *res = *_pbes1_list[i].data; | |
80 | return CRYPT_OK; | |
81 | } | |
82 | } | |
83 | return CRYPT_INVALID_ARG; | |
84 | } | |
85 | ||
86 | /** | |
87 | Extract PBES1 parameters | |
88 | ||
89 | @param s The start of the sequence with potential PBES1 parameters | |
90 | @param res Pointer to where the extracted parameters should be stored | |
91 | @return CRYPT_OK on success | |
92 | */ | |
93 | int pbes1_extract(const ltc_asn1_list *s, pbes_arg *res) | |
94 | { | |
95 | int err; | |
96 | ||
97 | LTC_ARGCHK(s != NULL); | |
98 | LTC_ARGCHK(res != NULL); | |
99 | ||
100 | if ((err = _pbes1_from_oid(s, &res->type)) != CRYPT_OK) return err; | |
101 | ||
102 | if (!LTC_ASN1_IS_TYPE(s->next, LTC_ASN1_SEQUENCE) || | |
103 | !LTC_ASN1_IS_TYPE(s->next->child, LTC_ASN1_OCTET_STRING) || | |
104 | !LTC_ASN1_IS_TYPE(s->next->child->next, LTC_ASN1_INTEGER)) { | |
105 | return CRYPT_INVALID_PACKET; | |
106 | } | |
107 | /* PBES1: encrypted pkcs8 - pbeWithMD5AndDES-CBC: | |
108 | * 0:d=0 hl=4 l= 329 cons: SEQUENCE | |
109 | * 4:d=1 hl=2 l= 27 cons: SEQUENCE | |
110 | * 6:d=2 hl=2 l= 9 prim: OBJECT :pbeWithMD5AndDES-CBC (== 1.2.840.113549.1.5.3) (== *s) | |
111 | * 17:d=2 hl=2 l= 14 cons: SEQUENCE (== *lalgparam) | |
112 | * 19:d=3 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:8EDF749A06CCDE51 (== salt) | |
113 | * 29:d=3 hl=2 l= 2 prim: INTEGER :0800 (== iterations) | |
114 | * 33:d=1 hl=4 l= 296 prim: OCTET STRING :bytes (== encrypted data) | |
115 | */ | |
116 | res->salt = s->next->child; | |
117 | res->iterations = mp_get_int(s->next->child->next->data); | |
118 | ||
119 | return CRYPT_OK; | |
120 | } | |
121 | ||
122 | #endif | |
123 | ||
124 | /* ref: $Format:%D$ */ | |
125 | /* git commit: $Format:%H$ */ | |
126 | /* commit time: $Format:%ai$ */ |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | #include "tomcrypt_private.h" | |
9 | ||
10 | #ifdef LTC_PBES | |
11 | ||
12 | static const char *_oid_pbes2 = "1.2.840.113549.1.5.13"; | |
13 | static const char *_oid_pbkdf2 = "1.2.840.113549.1.5.12"; | |
14 | ||
15 | typedef struct { | |
16 | const char *oid; | |
17 | const char *id; | |
18 | } oid_id_st; | |
19 | ||
20 | static const oid_id_st _hmac_oid_names[] = { | |
21 | { "1.2.840.113549.2.7", "sha1" }, | |
22 | { "1.2.840.113549.2.8", "sha224" }, | |
23 | { "1.2.840.113549.2.9", "sha256" }, | |
24 | { "1.2.840.113549.2.10", "sha384" }, | |
25 | { "1.2.840.113549.2.11", "sha512" }, | |
26 | { "1.2.840.113549.2.12", "sha512-224" }, | |
27 | { "1.2.840.113549.2.13", "sha512-256" }, | |
28 | }; | |
29 | ||
30 | static const pbes_properties _pbes2_default_types[] = { | |
31 | { pkcs_5_alg2, "sha1", "des", 8, 0 }, | |
32 | { pkcs_5_alg2, "sha1", "rc2", 4, 0 }, | |
33 | { pkcs_5_alg2, "sha1", "3des", 24, 0 }, | |
34 | { pkcs_5_alg2, "sha1", "aes", 16, 0 }, | |
35 | { pkcs_5_alg2, "sha1", "aes", 24, 0 }, | |
36 | { pkcs_5_alg2, "sha1", "aes", 32, 0 }, | |
37 | }; | |
38 | ||
39 | typedef struct { | |
40 | const pbes_properties *data; | |
41 | const char* oid; | |
42 | } oid_to_pbes; | |
43 | ||
44 | static const oid_to_pbes _pbes2_list[] = { | |
45 | { &_pbes2_default_types[0], "1.3.14.3.2.7" }, /* http://www.oid-info.com/get/1.3.14.3.2.7 desCBC */ | |
46 | { &_pbes2_default_types[1], "1.2.840.113549.3.2" }, /* http://www.oid-info.com/get/1.2.840.113549.3.2 rc2CBC */ | |
47 | { &_pbes2_default_types[2], "1.2.840.113549.3.7" }, /* http://www.oid-info.com/get/1.2.840.113549.3.7 des-EDE3-CBC */ | |
48 | { &_pbes2_default_types[3], "2.16.840.1.101.3.4.1.2" }, /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.2 aes128-CBC */ | |
49 | { &_pbes2_default_types[4], "2.16.840.1.101.3.4.1.22" }, /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.22 aes192-CBC */ | |
50 | { &_pbes2_default_types[5], "2.16.840.1.101.3.4.1.42" }, /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.42 aes256-CBC */ | |
51 | }; | |
52 | ||
53 | static int _pbes2_from_oid(const ltc_asn1_list *cipher_oid, const ltc_asn1_list *hmac_oid, pbes_properties *res) | |
54 | { | |
55 | unsigned int i; | |
56 | for (i = 0; i < sizeof(_pbes2_list)/sizeof(_pbes2_list[0]); ++i) { | |
57 | if (pk_oid_cmp_with_asn1(_pbes2_list[i].oid, cipher_oid) == CRYPT_OK) { | |
58 | *res = *_pbes2_list[i].data; | |
59 | break; | |
60 | } | |
61 | } | |
62 | if (res->c == NULL) return CRYPT_INVALID_CIPHER; | |
63 | if (hmac_oid != NULL) { | |
64 | for (i = 0; i < sizeof(_hmac_oid_names)/sizeof(_hmac_oid_names[0]); ++i) { | |
65 | if (pk_oid_cmp_with_asn1(_hmac_oid_names[i].oid, hmac_oid) == CRYPT_OK) { | |
66 | res->h = _hmac_oid_names[i].id; | |
67 | return CRYPT_OK; | |
68 | } | |
69 | } | |
70 | return CRYPT_INVALID_HASH; | |
71 | } | |
72 | return CRYPT_OK; | |
73 | } | |
74 | ||
75 | ||
76 | /** | |
77 | Extract PBES2 parameters | |
78 | ||
79 | @param s The start of the sequence with potential PBES2 parameters | |
80 | @param res Pointer to where the extracted parameters should be stored | |
81 | @return CRYPT_OK on success | |
82 | */ | |
83 | int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res) | |
84 | { | |
85 | unsigned long klen; | |
86 | ltc_asn1_list *lkdf, *lenc, *loptseq, *lhmac; | |
87 | int err; | |
88 | ||
89 | LTC_ARGCHK(s != NULL); | |
90 | LTC_ARGCHK(res != NULL); | |
91 | ||
92 | if ((err = pk_oid_cmp_with_asn1(_oid_pbes2, s)) != CRYPT_OK) return err; | |
93 | ||
94 | if (!LTC_ASN1_IS_TYPE(s->next, LTC_ASN1_SEQUENCE) || | |
95 | !LTC_ASN1_IS_TYPE(s->next->child, LTC_ASN1_SEQUENCE) || | |
96 | !LTC_ASN1_IS_TYPE(s->next->child->child, LTC_ASN1_OBJECT_IDENTIFIER) || | |
97 | !LTC_ASN1_IS_TYPE(s->next->child->child->next, LTC_ASN1_SEQUENCE) || | |
98 | !LTC_ASN1_IS_TYPE(s->next->child->next, LTC_ASN1_SEQUENCE) || | |
99 | !LTC_ASN1_IS_TYPE(s->next->child->next->child, LTC_ASN1_OBJECT_IDENTIFIER)) { | |
100 | return CRYPT_INVALID_PACKET; | |
101 | } | |
102 | /* PBES2: encrypted pkcs8 - PBES2+PBKDF2+des-ede3-cbc: | |
103 | * 0:d=0 hl=4 l= 380 cons: SEQUENCE | |
104 | * 4:d=1 hl=2 l= 78 cons: SEQUENCE | |
105 | * 6:d=2 hl=2 l= 9 prim: OBJECT :PBES2 (== 1.2.840.113549.1.5.13) (== *s) | |
106 | * 17:d=2 hl=2 l= 65 cons: SEQUENCE | |
107 | * 19:d=3 hl=2 l= 41 cons: SEQUENCE | |
108 | * 21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2 (== *lkdf) | |
109 | * 32:d=4 hl=2 l= 28 cons: SEQUENCE | |
110 | * 34:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:28BA4ABF6AA76A3D (== res->salt) | |
111 | * 44:d=5 hl=2 l= 2 prim: INTEGER :0800 (== res->iterations) | |
112 | * 48:d=5 hl=2 l= 12 cons: SEQUENCE (== *loptseq - this sequence is optional, may be missing) | |
113 | * 50:d=6 hl=2 l= 8 prim: OBJECT :hmacWithSHA256 (== *lhmac) | |
114 | * 60:d=6 hl=2 l= 0 prim: NULL | |
115 | * 62:d=3 hl=2 l= 20 cons: SEQUENCE | |
116 | * 64:d=4 hl=2 l= 8 prim: OBJECT :des-ede3-cbc (== *lenc) | |
117 | * 74:d=4 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:B1404C4688DC9A5A | |
118 | * 84:d=1 hl=4 l= 296 prim: OCTET STRING :bytes (== encrypted data) | |
119 | */ | |
120 | lkdf = s->next->child->child; | |
121 | lenc = s->next->child->next->child; | |
122 | ||
123 | if ((err = pk_oid_cmp_with_asn1(_oid_pbkdf2, lkdf)) != CRYPT_OK) return err; | |
124 | ||
125 | if (!LTC_ASN1_IS_TYPE(lkdf->next, LTC_ASN1_SEQUENCE) || | |
126 | !LTC_ASN1_IS_TYPE(lkdf->next->child, LTC_ASN1_OCTET_STRING) || | |
127 | !LTC_ASN1_IS_TYPE(lkdf->next->child->next, LTC_ASN1_INTEGER)) { | |
128 | return CRYPT_INVALID_PACKET; | |
129 | } | |
130 | ||
131 | loptseq = lkdf->next->child->next->next; | |
132 | res->salt = lkdf->next->child; | |
133 | res->iterations = mp_get_int(lkdf->next->child->next->data); | |
134 | ||
135 | /* this sequence is optional */ | |
136 | lhmac = NULL; | |
137 | if (LTC_ASN1_IS_TYPE(loptseq, LTC_ASN1_SEQUENCE) && | |
138 | LTC_ASN1_IS_TYPE(loptseq->child, LTC_ASN1_OBJECT_IDENTIFIER)) { | |
139 | lhmac = loptseq->child; | |
140 | } | |
141 | if ((err = _pbes2_from_oid(lenc, lhmac, &res->type)) != CRYPT_OK) return err; | |
142 | ||
143 | if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_OCTET_STRING)) { | |
144 | /* 'NON-RC2'-CBC */ | |
145 | res->iv = lenc->next; | |
146 | } else if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_SEQUENCE)) { | |
147 | /* RC2-CBC is a bit special ... | |
148 | * | |
149 | * RC2-CBC-Parameter ::= SEQUENCE { | |
150 | * rc2ParameterVersion INTEGER OPTIONAL, | |
151 | * iv OCTET STRING (SIZE(8)) } | |
152 | */ | |
153 | if (LTC_ASN1_IS_TYPE(lenc->next->child, LTC_ASN1_INTEGER) && | |
154 | LTC_ASN1_IS_TYPE(lenc->next->child->next, LTC_ASN1_OCTET_STRING)) { | |
155 | klen = mp_get_int(lenc->next->child->data); | |
156 | res->iv = lenc->next->child->next; | |
157 | /* | |
158 | * Effective Key Bits Encoding | |
159 | * 40 160 | |
160 | * 64 120 | |
161 | * 128 58 | |
162 | * b >= 256 b | |
163 | */ | |
164 | switch (klen) { | |
165 | case 160: | |
166 | res->key_bits = 40; | |
167 | break; | |
168 | case 120: | |
169 | res->key_bits = 64; | |
170 | break; | |
171 | case 58: | |
172 | res->key_bits = 128; | |
173 | break; | |
174 | default: | |
175 | /* We don't handle undefined Key Bits */ | |
176 | if (klen < 256) return CRYPT_INVALID_KEYSIZE; | |
177 | ||
178 | res->key_bits = klen; | |
179 | break; | |
180 | } | |
181 | } else if (LTC_ASN1_IS_TYPE(lenc->next->child, LTC_ASN1_OCTET_STRING)) { | |
182 | res->iv = lenc->next->child; | |
183 | /* | |
184 | * If the rc2ParameterVersion field is omitted, the "effective key bits" | |
185 | * defaults to 32. | |
186 | */ | |
187 | res->key_bits = 32; | |
188 | } else { | |
189 | return CRYPT_INVALID_PACKET; | |
190 | } | |
191 | } | |
192 | ||
193 | return CRYPT_OK; | |
194 | } | |
195 | ||
196 | #endif | |
197 | ||
198 | /* ref: $Format:%D$ */ | |
199 | /* git commit: $Format:%H$ */ | |
200 | /* commit time: $Format:%ai$ */ |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | #include "tomcrypt_private.h" | |
9 | ||
10 | #ifdef LTC_DER | |
11 | static const oid_st rsa_oid = { | |
12 | { 1, 2, 840, 113549, 1, 1, 1 }, | |
13 | 7, | |
14 | }; | |
15 | ||
16 | static const oid_st dsa_oid = { | |
17 | { 1, 2, 840, 10040, 4, 1 }, | |
18 | 6, | |
19 | }; | |
20 | ||
21 | static const oid_st ec_oid = { | |
22 | { 1, 2, 840, 10045, 2, 1 }, | |
23 | 6, | |
24 | }; | |
25 | ||
26 | static const oid_st ec_primef = { | |
27 | { 1, 2, 840, 10045, 1, 1 }, | |
28 | 6, | |
29 | }; | |
30 | ||
31 | /* | |
32 | Returns the OID of the public key algorithm. | |
33 | @return CRYPT_OK if valid | |
34 | */ | |
35 | int pk_get_oid(int pk, oid_st *st) | |
36 | { | |
37 | switch (pk) { | |
38 | case PKA_RSA: | |
39 | XMEMCPY(st, &rsa_oid, sizeof(*st)); | |
40 | break; | |
41 | case PKA_DSA: | |
42 | XMEMCPY(st, &dsa_oid, sizeof(*st)); | |
43 | break; | |
44 | case PKA_EC: | |
45 | XMEMCPY(st, &ec_oid, sizeof(*st)); | |
46 | break; | |
47 | case PKA_EC_PRIMEF: | |
48 | XMEMCPY(st, &ec_primef, sizeof(*st)); | |
49 | break; | |
50 | default: | |
51 | return CRYPT_INVALID_ARG; | |
52 | } | |
53 | return CRYPT_OK; | |
54 | } | |
55 | #endif | |
56 | ||
57 | /* ref: $Format:%D$ */ | |
58 | /* git commit: $Format:%H$ */ | |
59 | /* commit time: $Format:%ai$ */ |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | ||
9 | #include "tomcrypt_private.h" | |
10 | ||
11 | int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen) | |
12 | { | |
13 | unsigned long i, j, limit; | |
14 | ||
15 | LTC_ARGCHK(oid != NULL); | |
16 | LTC_ARGCHK(oidlen != NULL); | |
17 | ||
18 | limit = *oidlen; | |
19 | *oidlen = 0; /* make sure that we return zero oidlen on error */ | |
20 | for (i = 0; i < limit; i++) oid[i] = 0; | |
21 | ||
22 | if ((OID == NULL) || (strlen(OID) == 0)) return CRYPT_OK; | |
23 | ||
24 | for (i = 0, j = 0; i < strlen(OID); i++) { | |
25 | if (OID[i] == '.') { | |
26 | if (++j >= limit) return CRYPT_ERROR; | |
27 | } | |
28 | else if ((OID[i] >= '0') && (OID[i] <= '9')) { | |
29 | oid[j] = oid[j] * 10 + (OID[i] - '0'); | |
30 | } | |
31 | else { | |
32 | return CRYPT_ERROR; | |
33 | } | |
34 | } | |
35 | if (j == 0) return CRYPT_ERROR; | |
36 | *oidlen = j + 1; | |
37 | return CRYPT_OK; | |
38 | } | |
39 | ||
40 | int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen) | |
41 | { | |
42 | int i; | |
43 | unsigned long j, k; | |
44 | char tmp[256] = { 0 }; | |
45 | unsigned long tmpsz = sizeof(tmp); | |
46 | ||
47 | LTC_ARGCHK(oid != NULL); | |
48 | LTC_ARGCHK(OID != NULL); | |
49 | LTC_ARGCHK(outlen != NULL); | |
50 | ||
51 | for (i = oidlen - 1, k = 0; i >= 0; i--) { | |
52 | j = oid[i]; | |
53 | if (j == 0) { | |
54 | tmp[k] = '0'; | |
55 | if (++k >= tmpsz) return CRYPT_ERROR; | |
56 | } | |
57 | else { | |
58 | while (j > 0) { | |
59 | tmp[k] = '0' + (j % 10); | |
60 | if (++k >= tmpsz) return CRYPT_ERROR; | |
61 | j /= 10; | |
62 | } | |
63 | } | |
64 | if (i > 0) { | |
65 | tmp[k] = '.'; | |
66 | if (++k >= tmpsz) return CRYPT_ERROR; | |
67 | } | |
68 | } | |
69 | if (*outlen < k + 1) { | |
70 | *outlen = k + 1; | |
71 | return CRYPT_BUFFER_OVERFLOW; | |
72 | } | |
73 | for (j = 0; j < k; j++) OID[j] = tmp[k - j - 1]; | |
74 | OID[k] = '\0'; | |
75 | *outlen = k; /* the length without terminating NUL byte */ | |
76 | return CRYPT_OK; | |
77 | } | |
78 | ||
79 | /* ref: $Format:%D$ */ | |
80 | /* git commit: $Format:%H$ */ | |
81 | /* commit time: $Format:%ai$ */ |
26 | 26 | unsigned int tmp, i, j, n; |
27 | 27 | unsigned char ch; |
28 | 28 | unsigned char D[MAXBLOCKSIZE], A[MAXBLOCKSIZE], B[MAXBLOCKSIZE]; |
29 | unsigned char *I = NULL, *key = NULL; | |
29 | unsigned char *I, *key; | |
30 | 30 | int err = CRYPT_ERROR; |
31 | 31 | |
32 | 32 | LTC_ARGCHK(pw != NULL); |
70 | 70 | y++; |
71 | 71 | } else { |
72 | 72 | if (y == 0) { |
73 | words[0] = t / 40; | |
74 | words[1] = t % 40; | |
73 | if (t <= 79) { | |
74 | words[0] = t / 40; | |
75 | words[1] = t % 40; | |
76 | } else { | |
77 | words[0] = 2; | |
78 | words[1] = t - 80; | |
79 | } | |
75 | 80 | y = 2; |
76 | 81 | } else { |
77 | 82 | words[y++] = t; |
47 | 47 | return CRYPT_INVALID_ARG; |
48 | 48 | } |
49 | 49 | |
50 | /* word1 = 0,1,2,3 and word2 0..39 */ | |
51 | if (words[0] > 3 || (words[0] < 2 && words[1] > 39)) { | |
50 | /* word1 = 0,1,2 and word2 0..39 */ | |
51 | if (words[0] > 2 || (words[0] < 2 && words[1] > 39)) { | |
52 | 52 | return CRYPT_INVALID_ARG; |
53 | 53 | } |
54 | 54 |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | #include "tomcrypt_private.h" | |
9 | ||
10 | #ifdef LTC_DER | |
11 | ||
12 | typedef struct { | |
13 | enum ltc_oid_id id; | |
14 | const char* oid; | |
15 | } oid_table_entry; | |
16 | ||
17 | static const oid_table_entry pka_oids[] = { | |
18 | { PKA_RSA, "1.2.840.113549.1.1.1" }, | |
19 | { PKA_DSA, "1.2.840.10040.4.1" }, | |
20 | { PKA_EC, "1.2.840.10045.2.1" }, | |
21 | { PKA_EC_PRIMEF, "1.2.840.10045.1.1" }, | |
22 | }; | |
23 | ||
24 | /* | |
25 | Returns the OID requested. | |
26 | @return CRYPT_OK if valid | |
27 | */ | |
28 | int pk_get_oid(enum ltc_oid_id id, const char **st) | |
29 | { | |
30 | unsigned int i; | |
31 | LTC_ARGCHK(st != NULL); | |
32 | for (i = 0; i < sizeof(pka_oids)/sizeof(pka_oids[0]); ++i) { | |
33 | if (pka_oids[i].id == id) { | |
34 | *st = pka_oids[i].oid; | |
35 | return CRYPT_OK; | |
36 | } | |
37 | } | |
38 | return CRYPT_INVALID_ARG; | |
39 | } | |
40 | #endif | |
41 | ||
42 | /* ref: $Format:%D$ */ | |
43 | /* git commit: $Format:%H$ */ | |
44 | /* commit time: $Format:%ai$ */ |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | #include "tomcrypt_private.h" | |
9 | ||
10 | #ifdef LTC_DER | |
11 | ||
12 | /* | |
13 | Compare an OID string to an array of `unsigned long`. | |
14 | @return CRYPT_OK if equal | |
15 | */ | |
16 | int pk_oid_cmp_with_ulong(const char *o1, const unsigned long *o2, unsigned long o2size) | |
17 | { | |
18 | unsigned long i; | |
19 | char tmp[256] = { 0 }; | |
20 | int err; | |
21 | ||
22 | if (o1 == NULL || o2 == NULL) return CRYPT_ERROR; | |
23 | ||
24 | i = sizeof(tmp); | |
25 | if ((err = pk_oid_num_to_str(o2, o2size, tmp, &i)) != CRYPT_OK) { | |
26 | return err; | |
27 | } | |
28 | ||
29 | if (XSTRCMP(o1, tmp) != 0) { | |
30 | return CRYPT_PK_INVALID_TYPE; | |
31 | } | |
32 | ||
33 | return CRYPT_OK; | |
34 | } | |
35 | ||
36 | /* | |
37 | Compare an OID string to an OID element decoded from ASN.1. | |
38 | @return CRYPT_OK if equal | |
39 | */ | |
40 | int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2) | |
41 | { | |
42 | if (o1 == NULL || o2 == NULL) return CRYPT_ERROR; | |
43 | ||
44 | if (o2->type != LTC_ASN1_OBJECT_IDENTIFIER) return CRYPT_INVALID_ARG; | |
45 | ||
46 | return pk_oid_cmp_with_ulong(o1, o2->data, o2->size); | |
47 | } | |
48 | ||
49 | #endif | |
50 | ||
51 | /* ref: $Format:%D$ */ | |
52 | /* git commit: $Format:%H$ */ | |
53 | /* commit time: $Format:%ai$ */ |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | ||
9 | #include "tomcrypt_private.h" | |
10 | ||
11 | int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen) | |
12 | { | |
13 | unsigned long i, j, limit, OID_len, oid_j; | |
14 | ||
15 | LTC_ARGCHK(oidlen != NULL); | |
16 | ||
17 | limit = *oidlen; | |
18 | *oidlen = 0; /* make sure that we return zero oidlen on error */ | |
19 | for (i = 0; i < limit; i++) oid[i] = 0; | |
20 | ||
21 | if (OID == NULL) return CRYPT_OK; | |
22 | ||
23 | OID_len = strlen(OID); | |
24 | if (OID_len == 0) return CRYPT_OK; | |
25 | ||
26 | for (i = 0, j = 0; i < OID_len; i++) { | |
27 | if (OID[i] == '.') { | |
28 | if (++j >= limit) continue; | |
29 | } | |
30 | else if ((OID[i] >= '0') && (OID[i] <= '9')) { | |
31 | if ((j >= limit) || (oid == NULL)) continue; | |
32 | oid_j = oid[j]; | |
33 | oid[j] = oid[j] * 10 + (OID[i] - '0'); | |
34 | if (oid[j] < oid_j) return CRYPT_OVERFLOW; | |
35 | } | |
36 | else { | |
37 | return CRYPT_ERROR; | |
38 | } | |
39 | } | |
40 | if (j == 0) return CRYPT_ERROR; | |
41 | if (j >= limit) { | |
42 | *oidlen = j; | |
43 | return CRYPT_BUFFER_OVERFLOW; | |
44 | } | |
45 | *oidlen = j + 1; | |
46 | return CRYPT_OK; | |
47 | } | |
48 | ||
49 | int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen) | |
50 | { | |
51 | int i; | |
52 | unsigned long j, k; | |
53 | char tmp[256] = { 0 }; | |
54 | ||
55 | LTC_ARGCHK(oid != NULL); | |
56 | LTC_ARGCHK(OID != NULL); | |
57 | LTC_ARGCHK(outlen != NULL); | |
58 | ||
59 | for (i = oidlen - 1, k = 0; i >= 0; i--) { | |
60 | j = oid[i]; | |
61 | if (j == 0) { | |
62 | tmp[k] = '0'; | |
63 | if (++k >= sizeof(tmp)) return CRYPT_ERROR; | |
64 | } | |
65 | else { | |
66 | while (j > 0) { | |
67 | tmp[k] = '0' + (j % 10); | |
68 | if (++k >= sizeof(tmp)) return CRYPT_ERROR; | |
69 | j /= 10; | |
70 | } | |
71 | } | |
72 | if (i > 0) { | |
73 | tmp[k] = '.'; | |
74 | if (++k >= sizeof(tmp)) return CRYPT_ERROR; | |
75 | } | |
76 | } | |
77 | if (*outlen < k + 1) { | |
78 | *outlen = k + 1; | |
79 | return CRYPT_BUFFER_OVERFLOW; | |
80 | } | |
81 | for (j = 0; j < k; j++) OID[j] = tmp[k - j - 1]; | |
82 | OID[k] = '\0'; | |
83 | *outlen = k; /* the length without terminating NUL byte */ | |
84 | return CRYPT_OK; | |
85 | } | |
86 | ||
87 | /* ref: $Format:%D$ */ | |
88 | /* git commit: $Format:%H$ */ | |
89 | /* commit time: $Format:%ai$ */ |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | #include "tomcrypt_private.h" | |
9 | ||
10 | #ifdef LTC_PKCS_8 | |
11 | ||
12 | /** | |
13 | PKCS#8 decrypt if necessary & flexi-decode | |
14 | ||
15 | @param in Pointer to the ASN.1 encoded input data | |
16 | @param inlen Length of the input data | |
17 | @param pwd Pointer to the password that was used when encrypting | |
18 | @param pwdlen Length of the password | |
19 | @param decoded_list Pointer to a pointer for the flexi-decoded list | |
20 | @return CRYPT_OK on success | |
21 | */ | |
22 | int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, | |
23 | const void *pwd, unsigned long pwdlen, | |
24 | ltc_asn1_list **decoded_list) | |
25 | { | |
26 | unsigned long len = inlen; | |
27 | unsigned long dec_size; | |
28 | unsigned char *dec_data = NULL; | |
29 | ltc_asn1_list *l = NULL; | |
30 | int err; | |
31 | ||
32 | LTC_ARGCHK(in != NULL); | |
33 | LTC_ARGCHK(decoded_list != NULL); | |
34 | ||
35 | *decoded_list = NULL; | |
36 | if ((err = der_decode_sequence_flexi(in, &len, &l)) == CRYPT_OK) { | |
37 | /* the following "if" detects whether it is encrypted or not */ | |
38 | /* PKCS8 Setup | |
39 | * 0:d=0 hl=4 l= 380 cons: SEQUENCE | |
40 | * 4:d=1 hl=2 l= 78 cons: SEQUENCE | |
41 | * 6:d=2 hl=2 l= 9 prim: OBJECT :OID indicating PBES1 or PBES2 (== *lalgoid) | |
42 | * 17:d=2 hl=2 l= 65 cons: SEQUENCE | |
43 | * Stuff in between is dependent on whether it's PBES1 or PBES2 | |
44 | * 84:d=1 hl=4 l= 296 prim: OCTET STRING :bytes (== encrypted data) | |
45 | */ | |
46 | if (l->type == LTC_ASN1_SEQUENCE && | |
47 | LTC_ASN1_IS_TYPE(l->child, LTC_ASN1_SEQUENCE) && | |
48 | LTC_ASN1_IS_TYPE(l->child->child, LTC_ASN1_OBJECT_IDENTIFIER) && | |
49 | LTC_ASN1_IS_TYPE(l->child->child->next, LTC_ASN1_SEQUENCE) && | |
50 | LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_OCTET_STRING)) { | |
51 | ltc_asn1_list *lalgoid = l->child->child; | |
52 | pbes_arg pbes; | |
53 | ||
54 | XMEMSET(&pbes, 0, sizeof(pbes)); | |
55 | ||
56 | if (pbes1_extract(lalgoid, &pbes) == CRYPT_OK) { | |
57 | /* Successfully extracted PBES1 parameters */ | |
58 | } else if (pbes2_extract(lalgoid, &pbes) == CRYPT_OK) { | |
59 | /* Successfully extracted PBES2 parameters */ | |
60 | } else { | |
61 | /* unsupported encryption */ | |
62 | err = CRYPT_INVALID_PACKET; | |
63 | goto LBL_DONE; | |
64 | } | |
65 | ||
66 | pbes.enc_data = l->child->next; | |
67 | pbes.pwd = pwd; | |
68 | pbes.pwdlen = pwdlen; | |
69 | ||
70 | dec_size = pbes.enc_data->size; | |
71 | if ((dec_data = XMALLOC(dec_size)) == NULL) { | |
72 | err = CRYPT_MEM; | |
73 | goto LBL_DONE; | |
74 | } | |
75 | ||
76 | if ((err = pbes_decrypt(&pbes, dec_data, &dec_size)) != CRYPT_OK) goto LBL_DONE; | |
77 | ||
78 | der_free_sequence_flexi(l); | |
79 | l = NULL; | |
80 | err = der_decode_sequence_flexi(dec_data, &dec_size, &l); | |
81 | if (err != CRYPT_OK) goto LBL_DONE; | |
82 | *decoded_list = l; | |
83 | } | |
84 | else { | |
85 | /* not encrypted */ | |
86 | err = CRYPT_OK; | |
87 | *decoded_list = l; | |
88 | } | |
89 | /* Set l to NULL so it won't be free'd */ | |
90 | l = NULL; | |
91 | } | |
92 | ||
93 | LBL_DONE: | |
94 | if (l) der_free_sequence_flexi(l); | |
95 | if (dec_data) { | |
96 | zeromem(dec_data, dec_size); | |
97 | XFREE(dec_data); | |
98 | } | |
99 | return err; | |
100 | } | |
101 | ||
102 | #endif | |
103 | ||
104 | /* ref: $Format:%D$ */ | |
105 | /* git commit: $Format:%H$ */ | |
106 | /* commit time: $Format:%ai$ */ |
42 | 42 | { |
43 | 43 | int err; |
44 | 44 | unsigned long len, alg_id_num; |
45 | oid_st oid; | |
45 | const char* oid; | |
46 | 46 | unsigned char *tmpbuf; |
47 | 47 | unsigned long tmpoid[16]; |
48 | 48 | ltc_asn1_list alg_id[2]; |
91 | 91 | *parameters_len = alg_id[1].size; |
92 | 92 | } |
93 | 93 | |
94 | if ((alg_id[0].size != oid.OIDlen) || | |
95 | XMEMCMP(oid.OID, alg_id[0].data, oid.OIDlen * sizeof(oid.OID[0])) != 0) { | |
96 | /* OID mismatch */ | |
97 | err = CRYPT_PK_INVALID_TYPE; | |
98 | goto LBL_ERR; | |
94 | if ((err = pk_oid_cmp_with_asn1(oid, &alg_id[0])) != CRYPT_OK) { | |
95 | /* OID mismatch */ | |
96 | goto LBL_ERR; | |
99 | 97 | } |
100 | 98 | |
101 | 99 | len = subject_pubkey[1].size/8; |
42 | 42 | { |
43 | 43 | int err; |
44 | 44 | ltc_asn1_list alg_id[2]; |
45 | oid_st oid; | |
45 | const char *OID; | |
46 | unsigned long oid[16], oidlen; | |
46 | 47 | |
47 | 48 | LTC_ARGCHK(out != NULL); |
48 | 49 | LTC_ARGCHK(outlen != NULL); |
49 | 50 | |
50 | err = pk_get_oid(algorithm, &oid); | |
51 | if (err != CRYPT_OK) { | |
51 | if ((err = pk_get_oid(algorithm, &OID)) != CRYPT_OK) { | |
52 | 52 | return err; |
53 | 53 | } |
54 | 54 | |
55 | LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid.OID, oid.OIDlen); | |
55 | oidlen = sizeof(oid)/sizeof(oid[0]); | |
56 | if ((err = pk_oid_str_to_num(OID, oid, &oidlen)) != CRYPT_OK) { | |
57 | return err; | |
58 | } | |
59 | ||
60 | LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, oidlen); | |
56 | 61 | LTC_SET_ASN1(alg_id, 1, parameters_type, parameters, parameters_len); |
57 | 62 | |
58 | 63 | return der_encode_sequence_multi(out, outlen, |
26 | 26 | unsigned char bin_a[256], bin_b[256], bin_k[256], bin_g[512], bin_xy[512]; |
27 | 27 | unsigned long len_a, len_b, len_k, len_g, len_xy; |
28 | 28 | unsigned long cofactor, one = 1; |
29 | oid_st oid; | |
29 | const char *OID; | |
30 | unsigned long oid[16], oidlen; | |
30 | 31 | ltc_asn1_list seq_fieldid[2], seq_curve[2], seq_ecparams[6], seq_priv[4], pub_xy, ecparams; |
31 | 32 | int flag_oid = type & PK_CURVEOID ? 1 : 0; |
32 | 33 | int flag_com = type & PK_COMPRESSED ? 1 : 0; |
71 | 72 | cofactor = key->dp.cofactor; |
72 | 73 | |
73 | 74 | /* we support only prime-field EC */ |
74 | if ((err = pk_get_oid(PKA_EC_PRIMEF, &oid)) != CRYPT_OK) { goto error; } | |
75 | if ((err = pk_get_oid(PKA_EC_PRIMEF, &OID)) != CRYPT_OK) { goto error; } | |
75 | 76 | |
76 | 77 | if (flag_oid) { |
77 | 78 | /* http://tools.ietf.org/html/rfc5912 |
101 | 102 | } |
102 | 103 | */ |
103 | 104 | |
105 | oidlen = sizeof(oid)/sizeof(oid[0]); | |
106 | if ((err = pk_oid_str_to_num(OID, oid, &oidlen)) != CRYPT_OK) { | |
107 | goto error; | |
108 | } | |
109 | ||
104 | 110 | /* FieldID SEQUENCE */ |
105 | LTC_SET_ASN1(seq_fieldid, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid.OID, oid.OIDlen); | |
111 | LTC_SET_ASN1(seq_fieldid, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, oidlen); | |
106 | 112 | LTC_SET_ASN1(seq_fieldid, 1, LTC_ASN1_INTEGER, prime, 1UL); |
107 | 113 | |
108 | 114 | /* Curve SEQUENCE */ |
10 | 10 | |
11 | 11 | #ifdef LTC_MECC |
12 | 12 | |
13 | #define LTC_ASN1_IS_TYPE(e, t) (((e) != NULL) && ((e)->type == (t))) | |
13 | typedef struct { | |
14 | ltc_asn1_type t; | |
15 | ltc_asn1_list **pp; | |
16 | } der_flexi_check; | |
14 | 17 | |
15 | enum algorithm_oid { | |
16 | PBE_MD2_DES, /* 0 */ | |
17 | PBE_MD2_RC2, | |
18 | PBE_MD5_DES, | |
19 | PBE_MD5_RC2, | |
20 | PBE_SHA1_DES, | |
21 | PBE_SHA1_RC2, /* 5 */ | |
22 | PBES2, | |
23 | PBKDF2, | |
24 | DES_CBC, | |
25 | RC2_CBC, | |
26 | DES_EDE3_CBC, /* 10 */ | |
27 | HMAC_WITH_SHA1, | |
28 | HMAC_WITH_SHA224, | |
29 | HMAC_WITH_SHA256, | |
30 | HMAC_WITH_SHA384, | |
31 | HMAC_WITH_SHA512, /* 15 */ | |
32 | PBE_SHA1_3DES | |
33 | }; | |
18 | #define LTC_SET_DER_FLEXI_CHECK(list, index, Type, P) \ | |
19 | do { \ | |
20 | int LTC_SDFC_temp##__LINE__ = (index); \ | |
21 | list[LTC_SDFC_temp##__LINE__].t = Type; \ | |
22 | list[LTC_SDFC_temp##__LINE__].pp = P; \ | |
23 | } while (0) | |
34 | 24 | |
35 | static const oid_st oid_list[] = { | |
36 | { { 1,2,840,113549,1,5,1 }, 7 }, /* [0] http://www.oid-info.com/get/1.2.840.113549.1.5.1 pbeWithMD2AndDES-CBC */ | |
37 | { { 1,2,840,113549,1,5,4 }, 7 }, /* [1] http://www.oid-info.com/get/1.2.840.113549.1.5.4 pbeWithMD2AndRC2-CBC */ | |
38 | { { 1,2,840,113549,1,5,3 }, 7 }, /* [2] http://www.oid-info.com/get/1.2.840.113549.1.5.3 pbeWithMD5AndDES-CBC */ | |
39 | { { 1,2,840,113549,1,5,6 }, 7 }, /* [3] http://www.oid-info.com/get/1.2.840.113549.1.5.6 pbeWithMD5AndRC2-CBC */ | |
40 | { { 1,2,840,113549,1,5,10 }, 7 }, /* [4] http://www.oid-info.com/get/1.2.840.113549.1.5.10 pbeWithSHA1AndDES-CBC */ | |
41 | { { 1,2,840,113549,1,5,11 }, 7 }, /* [5] http://www.oid-info.com/get/1.2.840.113549.1.5.11 pbeWithSHA1AndRC2-CBC */ | |
42 | { { 1,2,840,113549,1,5,13 }, 7 }, /* [6] http://www.oid-info.com/get/1.2.840.113549.1.5.13 pbes2 */ | |
43 | { { 1,2,840,113549,1,5,12 }, 7 }, /* [7] http://www.oid-info.com/get/1.2.840.113549.1.5.12 pBKDF2 */ | |
44 | { { 1,3,14,3,2,7 }, 6 }, /* [8] http://www.oid-info.com/get/1.3.14.3.2.7 desCBC */ | |
45 | { { 1,2,840,113549,3,2 }, 6 }, /* [9] http://www.oid-info.com/get/1.2.840.113549.3.2 rc2CBC */ | |
46 | { { 1,2,840,113549,3,7 }, 6 }, /* [10] http://www.oid-info.com/get/1.2.840.113549.3.7 des-EDE3-CBC */ | |
47 | { { 1,2,840,113549,2,7 }, 6 }, /* [11] http://www.oid-info.com/get/1.2.840.113549.2.7 hmacWithSHA1 */ | |
48 | { { 1,2,840,113549,2,8 }, 6 }, /* [12] http://www.oid-info.com/get/1.2.840.113549.2.8 hmacWithSHA224 */ | |
49 | { { 1,2,840,113549,2,9 }, 6 }, /* [13] http://www.oid-info.com/get/1.2.840.113549.2.9 hmacWithSHA256 */ | |
50 | { { 1,2,840,113549,2,10 }, 6 }, /* [14] http://www.oid-info.com/get/1.2.840.113549.2.10 hmacWithSHA384 */ | |
51 | { { 1,2,840,113549,2,11 }, 6 }, /* [15] http://www.oid-info.com/get/1.2.840.113549.2.11 hmacWithSHA512 */ | |
52 | { { 1,2,840,113549,1,12,1,3 }, 8 }, /* [16] http://www.oid-info.com/get/1.2.840.113549.1.12.1.3 pbeWithSHAAnd3-KeyTripleDES-CBC */ | |
53 | { { 0 }, 0 }, | |
54 | }; | |
55 | ||
56 | static int _oid_to_id(const unsigned long *oid, unsigned long oid_size) | |
25 | static int _der_flexi_sequence_cmp(const ltc_asn1_list *flexi, der_flexi_check *check) | |
57 | 26 | { |
58 | int i, j; | |
59 | for (j = 0; oid_list[j].OIDlen > 0; j++) { | |
60 | int match = 1; | |
61 | if (oid_list[j].OIDlen != oid_size) continue; | |
62 | for (i = 0; i < (int)oid_size && match; i++) if (oid_list[j].OID[i] != oid[i]) match = 0; | |
63 | if (match) return j; | |
27 | const ltc_asn1_list *cur; | |
28 | if (flexi->type != LTC_ASN1_SEQUENCE) | |
29 | return CRYPT_INVALID_PACKET; | |
30 | cur = flexi->child; | |
31 | while(check->t != LTC_ASN1_EOL) { | |
32 | if (!LTC_ASN1_IS_TYPE(cur, check->t)) | |
33 | return CRYPT_INVALID_PACKET; | |
34 | if (check->pp != NULL) *check->pp = (ltc_asn1_list*)cur; | |
35 | cur = cur->next; | |
36 | check++; | |
64 | 37 | } |
65 | return -1; | |
66 | } | |
67 | ||
68 | static int _pbes1_decrypt(const unsigned char *enc_data, unsigned long enc_size, | |
69 | const unsigned char *pass, unsigned long pass_size, | |
70 | const unsigned char *salt, unsigned long salt_size, | |
71 | unsigned long iterations, | |
72 | const unsigned long *oid, unsigned long oid_size, | |
73 | unsigned char *dec_data, unsigned long *dec_size) | |
74 | { | |
75 | int id = _oid_to_id(oid, oid_size); | |
76 | int err, hid = -1, cid = -1; | |
77 | unsigned int keylen, blklen; | |
78 | unsigned char key_iv[32] = { 0 }, pad; | |
79 | unsigned long len = sizeof(key_iv), pwlen = pass_size; | |
80 | symmetric_CBC cbc; | |
81 | unsigned char *pw = NULL; | |
82 | ||
83 | /* https://tools.ietf.org/html/rfc8018#section-6.1.2 */ | |
84 | if (id == PBE_MD2_DES || id == PBE_MD2_RC2) hid = find_hash("md2"); | |
85 | if (id == PBE_MD5_DES || id == PBE_MD5_RC2) hid = find_hash("md5"); | |
86 | if (id == PBE_SHA1_DES || id == PBE_SHA1_RC2 || id == PBE_SHA1_3DES) hid = find_hash("sha1"); | |
87 | ||
88 | if (id == PBE_MD2_RC2 || id == PBE_MD5_RC2 || id == PBE_SHA1_RC2) { | |
89 | cid = find_cipher("rc2"); | |
90 | keylen = 8; | |
91 | blklen = 8; | |
92 | } | |
93 | if (id == PBE_MD2_DES || id == PBE_MD5_DES || id == PBE_SHA1_DES) { | |
94 | cid = find_cipher("des"); | |
95 | keylen = 8; | |
96 | blklen = 8; | |
97 | } | |
98 | if (id == PBE_SHA1_3DES) { | |
99 | cid = find_cipher("3des"); | |
100 | keylen = 24; | |
101 | blklen = 8; | |
102 | } | |
103 | ||
104 | if (id == PBE_SHA1_3DES) { | |
105 | /* convert password to unicode/utf16-be */ | |
106 | pwlen = pass_size * 2; | |
107 | pw = XMALLOC(pwlen + 2); | |
108 | if (pw == NULL) goto LBL_ERROR; | |
109 | if ((err = pkcs12_utf8_to_utf16(pass, pass_size, pw, &pwlen) != CRYPT_OK)) goto LBL_ERROR; | |
110 | pw[pwlen++] = 0; | |
111 | pw[pwlen++] = 0; | |
112 | /* derive KEY */ | |
113 | if ((err = pkcs12_kdf(hid, pw, pwlen, salt, salt_size, iterations, 1, key_iv, keylen)) != CRYPT_OK) goto LBL_ERROR; | |
114 | /* derive IV */ | |
115 | if ((err = pkcs12_kdf(hid, pw, pwlen, salt, salt_size, iterations, 2, key_iv+24, blklen)) != CRYPT_OK) goto LBL_ERROR; | |
116 | } | |
117 | else { | |
118 | if ((err = pkcs_5_alg1(pass, pass_size, salt, iterations, hid, key_iv, &len)) != CRYPT_OK) goto LBL_ERROR; | |
119 | /* the output has 16 bytes: [KEY-8-bytes][IV-8-bytes] */ | |
120 | } | |
121 | ||
122 | if (hid != -1 && cid != -1) { | |
123 | if (salt_size != 8 || enc_size < blklen) goto LBL_ERROR; | |
124 | if ((err = cbc_start(cid, key_iv + keylen, key_iv, keylen, 0, &cbc)) != CRYPT_OK) goto LBL_ERROR; | |
125 | if ((err = cbc_decrypt(enc_data, dec_data, enc_size, &cbc)) != CRYPT_OK) goto LBL_ERROR; | |
126 | if ((err = cbc_done(&cbc)) != CRYPT_OK) goto LBL_ERROR; | |
127 | pad = dec_data[enc_size-1]; | |
128 | if (pad < 1 || pad > blklen) goto LBL_ERROR; | |
129 | *dec_size = enc_size - pad; | |
130 | err = CRYPT_OK; | |
131 | goto LBL_DONE; | |
132 | } | |
133 | ||
134 | LBL_ERROR: | |
135 | err = CRYPT_INVALID_ARG; | |
136 | LBL_DONE: | |
137 | zeromem(key_iv, sizeof(key_iv)); | |
138 | if (pw) { zeromem(pw, pwlen); XFREE(pw); } | |
139 | return err; | |
140 | } | |
141 | ||
142 | static int _pbes2_pbkdf2_decrypt(const unsigned char *enc_data, unsigned long enc_size, | |
143 | const unsigned char *pass, unsigned long pass_size, | |
144 | const unsigned char *salt, unsigned long salt_size, | |
145 | const unsigned char *iv, unsigned long iv_size, | |
146 | unsigned long iterations, | |
147 | int hmacid, | |
148 | int encid, | |
149 | int extra_arg, | |
150 | unsigned char *dec_data, unsigned long *dec_size) | |
151 | { | |
152 | int err, hid = -1, cid = -1; | |
153 | unsigned char k[32], pad; | |
154 | unsigned long klen = sizeof(k); | |
155 | symmetric_CBC cbc; | |
156 | ||
157 | /* https://tools.ietf.org/html/rfc8018#section-6.2.2 */ | |
158 | ||
159 | if (hmacid == HMAC_WITH_SHA1) hid = find_hash("sha1"); | |
160 | if (hmacid == HMAC_WITH_SHA224) hid = find_hash("sha224"); | |
161 | if (hmacid == HMAC_WITH_SHA256) hid = find_hash("sha256"); | |
162 | if (hmacid == HMAC_WITH_SHA384) hid = find_hash("sha384"); | |
163 | if (hmacid == HMAC_WITH_SHA512) hid = find_hash("sha512"); | |
164 | if (hid == -1) return CRYPT_INVALID_ARG; | |
165 | ||
166 | if (encid == DES_EDE3_CBC) { | |
167 | /* https://tools.ietf.org/html/rfc8018#appendix-B.2.2 */ | |
168 | cid = find_cipher("3des"); | |
169 | klen = 24; | |
170 | if (klen > sizeof(k) || iv_size != 8 || iv == NULL || cid == -1) goto LBL_ERROR; | |
171 | if ((err = pkcs_5_alg2(pass, pass_size, salt, salt_size, iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR; | |
172 | if ((err = cbc_start(cid, iv, k, klen, 0, &cbc)) != CRYPT_OK) goto LBL_ERROR; | |
173 | if ((err = cbc_decrypt(enc_data, dec_data, enc_size, &cbc)) != CRYPT_OK) goto LBL_ERROR; | |
174 | if ((err = cbc_done(&cbc)) != CRYPT_OK) goto LBL_ERROR; | |
175 | pad = dec_data[enc_size-1]; | |
176 | if (pad < 1 || pad > 8) goto LBL_ERROR; | |
177 | *dec_size = enc_size - pad; | |
178 | return CRYPT_OK; | |
179 | } | |
180 | ||
181 | if (encid == DES_CBC) { | |
182 | /* https://tools.ietf.org/html/rfc8018#appendix-B.2.1 */ | |
183 | cid = find_cipher("des"); | |
184 | klen = 8; /* 64 bits */ | |
185 | if (klen > sizeof(k) || iv_size != 8 || iv == NULL || cid == -1) goto LBL_ERROR; | |
186 | if ((err = pkcs_5_alg2(pass, pass_size, salt, salt_size, iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR; | |
187 | if ((err = cbc_start(cid, iv, k, klen, 0, &cbc)) != CRYPT_OK) goto LBL_ERROR; | |
188 | if ((err = cbc_decrypt(enc_data, dec_data, enc_size, &cbc)) != CRYPT_OK) goto LBL_ERROR; | |
189 | if ((err = cbc_done(&cbc)) != CRYPT_OK) goto LBL_ERROR; | |
190 | pad = dec_data[enc_size-1]; | |
191 | if (pad < 1 || pad > 8) goto LBL_ERROR; | |
192 | *dec_size = enc_size - pad; | |
193 | return CRYPT_OK; | |
194 | } | |
195 | ||
196 | if (encid == RC2_CBC) { | |
197 | /* https://tools.ietf.org/html/rfc8018#appendix-B.2.3 */ | |
198 | cid = find_cipher("rc2"); | |
199 | klen = 4; /* default: 32 bits */ | |
200 | if (extra_arg == 160) klen = 5; | |
201 | if (extra_arg == 120) klen = 8; | |
202 | if (extra_arg == 58) klen = 16; | |
203 | if (extra_arg >= 256) klen = extra_arg / 8; | |
204 | if (klen > sizeof(k) || iv_size != 8 || iv == NULL || cid == -1) goto LBL_ERROR; | |
205 | if ((err = pkcs_5_alg2(pass, pass_size, salt, salt_size, iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR; | |
206 | if ((err = cbc_start(cid, iv, k, klen, 0, &cbc)) != CRYPT_OK) goto LBL_ERROR; | |
207 | if ((err = cbc_decrypt(enc_data, dec_data, enc_size, &cbc)) != CRYPT_OK) goto LBL_ERROR; | |
208 | if ((err = cbc_done(&cbc)) != CRYPT_OK) goto LBL_ERROR; | |
209 | pad = dec_data[enc_size-1]; | |
210 | if (pad < 1 || pad > 8) goto LBL_ERROR; | |
211 | *dec_size = enc_size - pad; | |
212 | return CRYPT_OK; | |
213 | } | |
214 | ||
215 | LBL_ERROR: | |
216 | zeromem(k, sizeof(k)); | |
217 | return CRYPT_INVALID_ARG; | |
218 | } | |
219 | ||
220 | static int _der_decode_pkcs8_flexi(const unsigned char *in, unsigned long inlen, | |
221 | const void *pwd, unsigned long pwdlen, | |
222 | ltc_asn1_list **decoded_list) | |
223 | { | |
224 | unsigned long len = inlen; | |
225 | unsigned long dec_size; | |
226 | unsigned char *dec_data = NULL; | |
227 | ltc_asn1_list *l = NULL; | |
228 | int err; | |
229 | ||
230 | *decoded_list = NULL; | |
231 | if ((err = der_decode_sequence_flexi(in, &len, &l)) == CRYPT_OK) { | |
232 | /* the following "if" detects whether it is encrypted or not */ | |
233 | if (l->type == LTC_ASN1_SEQUENCE && | |
234 | LTC_ASN1_IS_TYPE(l->child, LTC_ASN1_SEQUENCE) && | |
235 | LTC_ASN1_IS_TYPE(l->child->child, LTC_ASN1_OBJECT_IDENTIFIER) && | |
236 | LTC_ASN1_IS_TYPE(l->child->child->next, LTC_ASN1_SEQUENCE) && | |
237 | LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_OCTET_STRING)) { | |
238 | ltc_asn1_list *lalgoid = l->child->child; | |
239 | ltc_asn1_list *lalgparam = l->child->child->next; | |
240 | unsigned char *enc_data = l->child->next->data; | |
241 | unsigned long enc_size = l->child->next->size; | |
242 | dec_size = enc_size; | |
243 | if ((dec_data = XMALLOC(dec_size)) == NULL) { | |
244 | err = CRYPT_MEM; | |
245 | goto LBL_DONE; | |
246 | } | |
247 | if (LTC_ASN1_IS_TYPE(lalgparam->child, LTC_ASN1_OCTET_STRING) && | |
248 | LTC_ASN1_IS_TYPE(lalgparam->child->next, LTC_ASN1_INTEGER)) { | |
249 | /* PBES1: encrypted pkcs8 - pbeWithMD5AndDES-CBC: | |
250 | * 0:d=0 hl=4 l= 329 cons: SEQUENCE | |
251 | * 4:d=1 hl=2 l= 27 cons: SEQUENCE (== *lalg) | |
252 | * 6:d=2 hl=2 l= 9 prim: OBJECT :pbeWithMD5AndDES-CBC (== 1.2.840.113549.1.5.3) | |
253 | * 17:d=2 hl=2 l= 14 cons: SEQUENCE (== *lalgparam) | |
254 | * 19:d=3 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:8EDF749A06CCDE51 (== salt) | |
255 | * 29:d=3 hl=2 l= 2 prim: INTEGER :0800 (== iterations) | |
256 | * 33:d=1 hl=4 l= 296 prim: OCTET STRING :bytes (== encrypted data) | |
257 | */ | |
258 | unsigned long iter = mp_get_int(lalgparam->child->next->data); | |
259 | unsigned long salt_size = lalgparam->child->size; | |
260 | unsigned char *salt = lalgparam->child->data; | |
261 | err = _pbes1_decrypt(enc_data, enc_size, pwd, pwdlen, salt, salt_size, iter, lalgoid->data, lalgoid->size, dec_data, &dec_size); | |
262 | if (err != CRYPT_OK) goto LBL_DONE; | |
263 | } | |
264 | else if (PBES2 == _oid_to_id(lalgoid->data, lalgoid->size) && | |
265 | LTC_ASN1_IS_TYPE(lalgparam->child, LTC_ASN1_SEQUENCE) && | |
266 | LTC_ASN1_IS_TYPE(lalgparam->child->child, LTC_ASN1_OBJECT_IDENTIFIER) && | |
267 | LTC_ASN1_IS_TYPE(lalgparam->child->child->next, LTC_ASN1_SEQUENCE) && | |
268 | LTC_ASN1_IS_TYPE(lalgparam->child->next, LTC_ASN1_SEQUENCE) && | |
269 | LTC_ASN1_IS_TYPE(lalgparam->child->next->child, LTC_ASN1_OBJECT_IDENTIFIER)) { | |
270 | /* PBES2: encrypted pkcs8 - PBES2+PBKDF2+des-ede3-cbc: | |
271 | * 0:d=0 hl=4 l= 380 cons: SEQUENCE | |
272 | * 4:d=1 hl=2 l= 78 cons: SEQUENCE (== *lalg) | |
273 | * 6:d=2 hl=2 l= 9 prim: OBJECT :PBES2 (== 1.2.840.113549.1.5.13) | |
274 | * 17:d=2 hl=2 l= 65 cons: SEQUENCE (== *lalgparam) | |
275 | * 19:d=3 hl=2 l= 41 cons: SEQUENCE | |
276 | * 21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2 | |
277 | * 32:d=4 hl=2 l= 28 cons: SEQUENCE | |
278 | * 34:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:28BA4ABF6AA76A3D (== salt) | |
279 | * 44:d=5 hl=2 l= 2 prim: INTEGER :0800 (== iterations) | |
280 | * 48:d=5 hl=2 l= 12 cons: SEQUENCE (this sequence is optional, may be missing) | |
281 | * 50:d=6 hl=2 l= 8 prim: OBJECT :hmacWithSHA256 | |
282 | * 60:d=6 hl=2 l= 0 prim: NULL | |
283 | * 62:d=3 hl=2 l= 20 cons: SEQUENCE | |
284 | * 64:d=4 hl=2 l= 8 prim: OBJECT :des-ede3-cbc | |
285 | * 74:d=4 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:B1404C4688DC9A5A | |
286 | * 84:d=1 hl=4 l= 296 prim: OCTET STRING :bytes (== encrypted data) | |
287 | */ | |
288 | ltc_asn1_list *lkdf = lalgparam->child->child; | |
289 | ltc_asn1_list *lenc = lalgparam->child->next->child; | |
290 | int kdfid = _oid_to_id(lkdf->data, lkdf->size); | |
291 | int encid = _oid_to_id(lenc->data, lenc->size); | |
292 | if (PBKDF2 == kdfid && | |
293 | LTC_ASN1_IS_TYPE(lkdf->next, LTC_ASN1_SEQUENCE) && | |
294 | LTC_ASN1_IS_TYPE(lkdf->next->child, LTC_ASN1_OCTET_STRING) && | |
295 | LTC_ASN1_IS_TYPE(lkdf->next->child->next, LTC_ASN1_INTEGER)) { | |
296 | unsigned long iter = mp_get_int(lkdf->next->child->next->data); | |
297 | unsigned long salt_size = lkdf->next->child->size; | |
298 | unsigned char *salt = lkdf->next->child->data; | |
299 | unsigned char *iv = NULL; | |
300 | unsigned long iv_size = 0; | |
301 | unsigned long arg = 0; | |
302 | ltc_asn1_list *loptseq = lkdf->next->child->next->next; | |
303 | int hmacid = HMAC_WITH_SHA1; /* this is default */ | |
304 | if (LTC_ASN1_IS_TYPE(loptseq, LTC_ASN1_SEQUENCE) && | |
305 | LTC_ASN1_IS_TYPE(loptseq->child, LTC_ASN1_OBJECT_IDENTIFIER)) { | |
306 | /* this sequence is optional */ | |
307 | hmacid = _oid_to_id(loptseq->child->data, loptseq->child->size); | |
308 | } | |
309 | if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_OCTET_STRING)) { | |
310 | /* DES-CBC + DES_EDE3_CBC */ | |
311 | iv = lenc->next->data; | |
312 | iv_size = lenc->next->size; | |
313 | } | |
314 | else if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_SEQUENCE) && | |
315 | LTC_ASN1_IS_TYPE(lenc->next->child, LTC_ASN1_INTEGER) && | |
316 | LTC_ASN1_IS_TYPE(lenc->next->child->next, LTC_ASN1_OCTET_STRING)) { | |
317 | /* RC2-CBC is a bit special */ | |
318 | iv = lenc->next->child->next->data; | |
319 | iv_size = lenc->next->child->next->size; | |
320 | arg = mp_get_int(lenc->next->child->data); | |
321 | } | |
322 | err = _pbes2_pbkdf2_decrypt(enc_data, enc_size, pwd, pwdlen, salt, salt_size, iv, iv_size, iter, hmacid, encid, arg, dec_data, &dec_size); | |
323 | if (err != CRYPT_OK) goto LBL_DONE; | |
324 | } | |
325 | else { | |
326 | /* non-PBKDF2 algorithms are not supported */ | |
327 | err = CRYPT_INVALID_PACKET; | |
328 | goto LBL_DONE; | |
329 | } | |
330 | } | |
331 | else { | |
332 | /* unsupported encryption */ | |
333 | err = CRYPT_INVALID_PACKET; | |
334 | goto LBL_DONE; | |
335 | } | |
336 | der_free_sequence_flexi(l); | |
337 | l = NULL; | |
338 | err = der_decode_sequence_flexi(dec_data, &dec_size, &l); | |
339 | if (err != CRYPT_OK) goto LBL_DONE; | |
340 | *decoded_list = l; | |
341 | } | |
342 | else { | |
343 | /* not encrypted */ | |
344 | err = CRYPT_OK; | |
345 | *decoded_list = l; | |
346 | } | |
347 | } | |
348 | ||
349 | LBL_DONE: | |
350 | if (dec_data) XFREE(dec_data); | |
351 | return err; | |
38 | return CRYPT_OK; | |
352 | 39 | } |
353 | 40 | |
354 | 41 | /* NOTE: _der_decode_pkcs8_flexi & related stuff can be shared with rsa_import_pkcs8() */ |
358 | 45 | ecc_key *key) |
359 | 46 | { |
360 | 47 | void *a, *b, *gx, *gy; |
361 | unsigned long len, cofactor; | |
362 | oid_st ecoid; | |
48 | unsigned long len, cofactor, n; | |
49 | const char *pka_ec_oid; | |
363 | 50 | int err; |
364 | 51 | char OID[256]; |
365 | 52 | const ltc_ecc_curve *curve; |
366 | 53 | ltc_asn1_list *p = NULL, *l = NULL; |
54 | der_flexi_check flexi_should[7]; | |
55 | ltc_asn1_list *seq, *priv_key; | |
367 | 56 | |
368 | 57 | LTC_ARGCHK(in != NULL); |
369 | 58 | LTC_ARGCHK(key != NULL); |
370 | 59 | LTC_ARGCHK(ltc_mp.name != NULL); |
371 | 60 | |
372 | 61 | /* get EC alg oid */ |
373 | err = pk_get_oid(PKA_EC, &ecoid); | |
62 | err = pk_get_oid(PKA_EC, &pka_ec_oid); | |
374 | 63 | if (err != CRYPT_OK) return err; |
375 | 64 | |
376 | 65 | /* init key */ |
377 | 66 | err = mp_init_multi(&a, &b, &gx, &gy, NULL); |
378 | 67 | if (err != CRYPT_OK) return err; |
379 | 68 | |
380 | if ((err = _der_decode_pkcs8_flexi(in, inlen, pwd, pwdlen, &l)) == CRYPT_OK) { | |
381 | if (l->type == LTC_ASN1_SEQUENCE && | |
382 | LTC_ASN1_IS_TYPE(l->child, LTC_ASN1_INTEGER) && | |
383 | LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_SEQUENCE) && | |
384 | LTC_ASN1_IS_TYPE(l->child->next->child, LTC_ASN1_OBJECT_IDENTIFIER) && | |
385 | LTC_ASN1_IS_TYPE(l->child->next->next, LTC_ASN1_OCTET_STRING)) { | |
386 | ltc_asn1_list *lseq = l->child->next; | |
387 | ltc_asn1_list *lpri = l->child->next->next; | |
388 | ltc_asn1_list *lecoid = l->child->next->child; | |
389 | 69 | |
390 | if ((lecoid->size != ecoid.OIDlen) || | |
391 | XMEMCMP(ecoid.OID, lecoid->data, ecoid.OIDlen * sizeof(ecoid.OID[0]))) { | |
392 | err = CRYPT_PK_INVALID_TYPE; | |
393 | goto LBL_DONE; | |
394 | } | |
70 | if ((err = pkcs8_decode_flexi(in, inlen, pwd, pwdlen, &l)) == CRYPT_OK) { | |
395 | 71 | |
396 | if (LTC_ASN1_IS_TYPE(lseq->child->next, LTC_ASN1_OBJECT_IDENTIFIER)) { | |
72 | /* Setup for basic structure */ | |
73 | n=0; | |
74 | LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, NULL); | |
75 | LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &seq); | |
76 | LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &priv_key); | |
77 | LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); | |
78 | ||
79 | if (((err = _der_flexi_sequence_cmp(l, flexi_should)) == CRYPT_OK) && | |
80 | (pk_oid_cmp_with_asn1(pka_ec_oid, seq->child) == CRYPT_OK)) { | |
81 | ltc_asn1_list *version, *field, *point, *point_g, *order, *p_cofactor; | |
82 | ||
83 | /* Setup for CASE 2 */ | |
84 | n=0; | |
85 | LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &version); | |
86 | LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &field); | |
87 | LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &point); | |
88 | LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &point_g); | |
89 | LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &order); | |
90 | LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &p_cofactor); | |
91 | LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); | |
92 | ||
93 | if (LTC_ASN1_IS_TYPE(seq->child->next, LTC_ASN1_OBJECT_IDENTIFIER)) { | |
397 | 94 | /* CASE 1: curve by OID (AKA short variant): |
398 | * 0:d=0 hl=2 l= 100 cons: SEQUENCE | |
399 | * 2:d=1 hl=2 l= 1 prim: INTEGER :00 | |
400 | * 5:d=1 hl=2 l= 16 cons: SEQUENCE (== *lseq) | |
401 | * 7:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey | |
402 | * 16:d=2 hl=2 l= 5 prim: OBJECT :secp256k1 (== 1.3.132.0.10) | |
403 | * 23:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== privatekey) | |
95 | * 0:d=0 hl=2 l= 100 cons: SEQUENCE | |
96 | * 2:d=1 hl=2 l= 1 prim: INTEGER :00 | |
97 | * 5:d=1 hl=2 l= 16 cons: SEQUENCE (== *seq) | |
98 | * 7:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey | |
99 | * 16:d=2 hl=2 l= 5 prim: OBJECT :(== *curve_oid (e.g. secp256k1 (== 1.3.132.0.10))) | |
100 | * 23:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== *priv_key) | |
404 | 101 | */ |
405 | ltc_asn1_list *loid = lseq->child->next; | |
102 | ltc_asn1_list *curve_oid = seq->child->next; | |
406 | 103 | len = sizeof(OID); |
407 | if ((err = pk_oid_num_to_str(loid->data, loid->size, OID, &len)) != CRYPT_OK) { goto LBL_DONE; } | |
104 | if ((err = pk_oid_num_to_str(curve_oid->data, curve_oid->size, OID, &len)) != CRYPT_OK) { goto LBL_DONE; } | |
408 | 105 | if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto LBL_DONE; } |
409 | 106 | if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto LBL_DONE; } |
410 | 107 | } |
411 | else if (LTC_ASN1_IS_TYPE(lseq->child->next, LTC_ASN1_SEQUENCE)) { | |
108 | else if ((err = _der_flexi_sequence_cmp(seq->child->next, flexi_should)) == CRYPT_OK) { | |
412 | 109 | /* CASE 2: explicit curve parameters (AKA long variant): |
413 | 110 | * 0:d=0 hl=3 l= 227 cons: SEQUENCE |
414 | 111 | * 3:d=1 hl=2 l= 1 prim: INTEGER :00 |
415 | * 6:d=1 hl=3 l= 142 cons: SEQUENCE (== *lseq) | |
112 | * 6:d=1 hl=3 l= 142 cons: SEQUENCE (== *seq) | |
416 | 113 | * 9:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey |
417 | * 18:d=2 hl=3 l= 130 cons: SEQUENCE (== *lcurve) | |
114 | * 18:d=2 hl=3 l= 130 cons: SEQUENCE | |
418 | 115 | * 21:d=3 hl=2 l= 1 prim: INTEGER :01 |
419 | * 24:d=3 hl=2 l= 44 cons: SEQUENCE (== *lfield) | |
116 | * 24:d=3 hl=2 l= 44 cons: SEQUENCE (== *field) | |
420 | 117 | * 26:d=4 hl=2 l= 7 prim: OBJECT :prime-field |
421 | * 35:d=4 hl=2 l= 33 prim: INTEGER :(== curve.prime) | |
422 | * 70:d=3 hl=2 l= 6 cons: SEQUENCE (== *lpoint) | |
118 | * 35:d=4 hl=2 l= 33 prim: INTEGER :(== *prime / curve.prime) | |
119 | * 70:d=3 hl=2 l= 6 cons: SEQUENCE (== *point) | |
423 | 120 | * 72:d=4 hl=2 l= 1 prim: OCTET STRING :bytes (== curve.A) |
424 | 121 | * 75:d=4 hl=2 l= 1 prim: OCTET STRING :bytes (== curve.B) |
425 | * 78:d=3 hl=2 l= 33 prim: OCTET STRING :bytes (== curve.G-point) | |
426 | * 113:d=3 hl=2 l= 33 prim: INTEGER :(== curve.order) | |
122 | * 78:d=3 hl=2 l= 33 prim: OCTET STRING :bytes (== *g_point / curve.G-point) | |
123 | * 113:d=3 hl=2 l= 33 prim: INTEGER :(== *order / curve.order) | |
427 | 124 | * 148:d=3 hl=2 l= 1 prim: INTEGER :(== curve.cofactor) |
428 | * 151:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== privatekey) | |
125 | * 151:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== *priv_key) | |
429 | 126 | */ |
430 | ltc_asn1_list *lcurve = lseq->child->next; | |
431 | 127 | |
432 | if (LTC_ASN1_IS_TYPE(lcurve->child, LTC_ASN1_INTEGER) && | |
433 | LTC_ASN1_IS_TYPE(lcurve->child->next, LTC_ASN1_SEQUENCE) && | |
434 | LTC_ASN1_IS_TYPE(lcurve->child->next->next, LTC_ASN1_SEQUENCE) && | |
435 | LTC_ASN1_IS_TYPE(lcurve->child->next->next->next, LTC_ASN1_OCTET_STRING) && | |
436 | LTC_ASN1_IS_TYPE(lcurve->child->next->next->next->next, LTC_ASN1_INTEGER) && | |
437 | LTC_ASN1_IS_TYPE(lcurve->child->next->next->next->next->next, LTC_ASN1_INTEGER)) { | |
128 | if (mp_get_int(version->data) != 1) { | |
129 | goto LBL_DONE; | |
130 | } | |
131 | cofactor = mp_get_int(p_cofactor->data); | |
438 | 132 | |
439 | ltc_asn1_list *lfield = lcurve->child->next; | |
440 | ltc_asn1_list *lpoint = lcurve->child->next->next; | |
441 | ltc_asn1_list *lg = lcurve->child->next->next->next; | |
442 | ltc_asn1_list *lorder = lcurve->child->next->next->next->next; | |
443 | cofactor = mp_get_int(lcurve->child->next->next->next->next->next->data); | |
133 | if (LTC_ASN1_IS_TYPE(field->child, LTC_ASN1_OBJECT_IDENTIFIER) && | |
134 | LTC_ASN1_IS_TYPE(field->child->next, LTC_ASN1_INTEGER) && | |
135 | LTC_ASN1_IS_TYPE(point->child, LTC_ASN1_OCTET_STRING) && | |
136 | LTC_ASN1_IS_TYPE(point->child->next, LTC_ASN1_OCTET_STRING)) { | |
444 | 137 | |
445 | if (LTC_ASN1_IS_TYPE(lfield->child, LTC_ASN1_OBJECT_IDENTIFIER) && | |
446 | LTC_ASN1_IS_TYPE(lfield->child->next, LTC_ASN1_INTEGER) && | |
447 | LTC_ASN1_IS_TYPE(lpoint->child, LTC_ASN1_OCTET_STRING) && | |
448 | LTC_ASN1_IS_TYPE(lpoint->child->next, LTC_ASN1_OCTET_STRING)) { | |
449 | ||
450 | ltc_asn1_list *lprime = lfield->child->next; | |
451 | if ((err = mp_read_unsigned_bin(a, lpoint->child->data, lpoint->child->size)) != CRYPT_OK) { | |
452 | goto LBL_DONE; | |
453 | } | |
454 | if ((err = mp_read_unsigned_bin(b, lpoint->child->next->data, lpoint->child->next->size)) != CRYPT_OK) { | |
455 | goto LBL_DONE; | |
456 | } | |
457 | if ((err = ltc_ecc_import_point(lg->data, lg->size, lprime->data, a, b, gx, gy)) != CRYPT_OK) { | |
458 | goto LBL_DONE; | |
459 | } | |
460 | if ((err = ecc_set_curve_from_mpis(a, b, lprime->data, lorder->data, gx, gy, cofactor, key)) != CRYPT_OK) { | |
461 | goto LBL_DONE; | |
462 | } | |
138 | ltc_asn1_list *prime = field->child->next; | |
139 | if ((err = mp_read_unsigned_bin(a, point->child->data, point->child->size)) != CRYPT_OK) { | |
140 | goto LBL_DONE; | |
141 | } | |
142 | if ((err = mp_read_unsigned_bin(b, point->child->next->data, point->child->next->size)) != CRYPT_OK) { | |
143 | goto LBL_DONE; | |
144 | } | |
145 | if ((err = ltc_ecc_import_point(point_g->data, point_g->size, prime->data, a, b, gx, gy)) != CRYPT_OK) { | |
146 | goto LBL_DONE; | |
147 | } | |
148 | if ((err = ecc_set_curve_from_mpis(a, b, prime->data, order->data, gx, gy, cofactor, key)) != CRYPT_OK) { | |
149 | goto LBL_DONE; | |
463 | 150 | } |
464 | 151 | } |
465 | 152 | } |
469 | 156 | } |
470 | 157 | |
471 | 158 | /* load private key value 'k' */ |
472 | len = lpri->size; | |
473 | if ((err = der_decode_sequence_flexi(lpri->data, &len, &p)) == CRYPT_OK) { | |
159 | len = priv_key->size; | |
160 | if ((err = der_decode_sequence_flexi(priv_key->data, &len, &p)) == CRYPT_OK) { | |
474 | 161 | if (p->type == LTC_ASN1_SEQUENCE && |
475 | 162 | LTC_ASN1_IS_TYPE(p->child, LTC_ASN1_INTEGER) && |
476 | 163 | LTC_ASN1_IS_TYPE(p->child->next, LTC_ASN1_OCTET_STRING)) { |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | ||
9 | #include "tomcrypt_private.h" | |
10 | ||
11 | #ifdef LTC_MECC | |
12 | ||
13 | #ifdef LTC_ECC_SHAMIR | |
14 | ||
15 | /** | |
16 | @file ecc_recover_key.c | |
17 | ECC Crypto, Russ Williams | |
18 | */ | |
19 | ||
20 | /** | |
21 | Recover ECC public key from signature and hash | |
22 | @param sig The signature to verify | |
23 | @param siglen The length of the signature (octets) | |
24 | @param hash The hash (message digest) that was signed | |
25 | @param hashlen The length of the hash (octets) | |
26 | @param recid The recovery ID ("v"), can be -1 if signature contains it | |
27 | @param sigformat The format of the signature (ecc_signature_type) | |
28 | @param key The recovered public ECC key | |
29 | @return CRYPT_OK if successful (even if the signature is not valid) | |
30 | */ | |
31 | int ecc_recover_key(const unsigned char *sig, unsigned long siglen, | |
32 | const unsigned char *hash, unsigned long hashlen, | |
33 | int recid, ecc_signature_type sigformat, ecc_key *key) | |
34 | { | |
35 | ecc_point *mG = NULL, *mQ = NULL, *mR = NULL; | |
36 | void *p, *m, *a, *b; | |
37 | void *r, *s, *v, *w, *t1, *t2, *u1, *u2, *v1, *v2, *e, *x, *y, *a_plus3; | |
38 | void *mu = NULL, *ma = NULL; | |
39 | void *mp = NULL; | |
40 | int err; | |
41 | unsigned long pbits, pbytes, i, shift_right; | |
42 | unsigned char ch, buf[MAXBLOCKSIZE]; | |
43 | ||
44 | LTC_ARGCHK(sig != NULL); | |
45 | LTC_ARGCHK(hash != NULL); | |
46 | LTC_ARGCHK(key != NULL); | |
47 | ||
48 | /* BEWARE: requires sqrtmod_prime */ | |
49 | if (ltc_mp.sqrtmod_prime == NULL) { | |
50 | return CRYPT_ERROR; | |
51 | } | |
52 | ||
53 | /* allocate ints */ | |
54 | if ((err = mp_init_multi(&r, &s, &v, &w, &t1, &t2, &u1, &u2, &v1, &v2, &e, &x, &y, &a_plus3, NULL)) != CRYPT_OK) { | |
55 | return err; | |
56 | } | |
57 | ||
58 | p = key->dp.order; | |
59 | m = key->dp.prime; | |
60 | a = key->dp.A; | |
61 | b = key->dp.B; | |
62 | if ((err = mp_add_d(a, 3, a_plus3)) != CRYPT_OK) { | |
63 | goto error; | |
64 | } | |
65 | ||
66 | /* allocate points */ | |
67 | mG = ltc_ecc_new_point(); | |
68 | mQ = ltc_ecc_new_point(); | |
69 | mR = ltc_ecc_new_point(); | |
70 | if (mR == NULL || mQ == NULL || mG == NULL) { | |
71 | err = CRYPT_MEM; | |
72 | goto error; | |
73 | } | |
74 | ||
75 | if (sigformat == LTC_ECCSIG_ANSIX962) { | |
76 | /* ANSI X9.62 format - ASN.1 encoded SEQUENCE{ INTEGER(r), INTEGER(s) } */ | |
77 | if ((err = der_decode_sequence_multi_ex(sig, siglen, LTC_DER_SEQ_SEQUENCE | LTC_DER_SEQ_STRICT, | |
78 | LTC_ASN1_INTEGER, 1UL, r, | |
79 | LTC_ASN1_INTEGER, 1UL, s, | |
80 | LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto error; } | |
81 | } | |
82 | else if (sigformat == LTC_ECCSIG_RFC7518) { | |
83 | /* RFC7518 format - raw (r,s) */ | |
84 | i = mp_unsigned_bin_size(key->dp.order); | |
85 | if (siglen != (2*i)) { | |
86 | err = CRYPT_INVALID_PACKET; | |
87 | goto error; | |
88 | } | |
89 | if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, i)) != CRYPT_OK) { goto error; } | |
90 | if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+i, i)) != CRYPT_OK) { goto error; } | |
91 | } | |
92 | else if (sigformat == LTC_ECCSIG_ETH27) { | |
93 | /* Ethereum (v,r,s) format */ | |
94 | if (key->dp.oidlen != 5 || key->dp.oid[0] != 1 || key->dp.oid[1] != 3 || | |
95 | key->dp.oid[2] != 132 || key->dp.oid[3] != 0 || key->dp.oid[4] != 10) { | |
96 | /* Only valid for secp256k1 - OID 1.3.132.0.10 */ | |
97 | err = CRYPT_ERROR; goto error; | |
98 | } | |
99 | if (siglen != 65) { /* Only secp256k1 curves use this format, so must be 65 bytes long */ | |
100 | err = CRYPT_INVALID_PACKET; | |
101 | goto error; | |
102 | } | |
103 | i = (unsigned long)sig[64]; | |
104 | if ((i>=27) && (i<31)) i -= 27; /* Ethereum adds 27 to recovery ID */ | |
105 | if (recid >= 0 && ((unsigned long)recid != i)) { | |
106 | /* Recovery ID specified, but doesn't match signature */ | |
107 | err = CRYPT_INVALID_PACKET; | |
108 | goto error; | |
109 | } | |
110 | recid = i; | |
111 | if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, 32)) != CRYPT_OK) { goto error; } | |
112 | if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+32, 32)) != CRYPT_OK) { goto error; } | |
113 | } | |
114 | else { | |
115 | /* Unknown signature format */ | |
116 | err = CRYPT_ERROR; | |
117 | goto error; | |
118 | } | |
119 | ||
120 | if (recid < 0 || (unsigned long)recid >= 2*(key->dp.cofactor+1)) { | |
121 | /* Recovery ID is out of range, reject it */ | |
122 | err = CRYPT_INVALID_ARG; | |
123 | goto error; | |
124 | } | |
125 | ||
126 | /* check for zero */ | |
127 | if (mp_cmp_d(r, 0) != LTC_MP_GT || mp_cmp_d(s, 0) != LTC_MP_GT || | |
128 | mp_cmp(r, p) != LTC_MP_LT || mp_cmp(s, p) != LTC_MP_LT) { | |
129 | err = CRYPT_INVALID_PACKET; | |
130 | goto error; | |
131 | } | |
132 | ||
133 | /* read hash - truncate if needed */ | |
134 | pbits = mp_count_bits(p); | |
135 | pbytes = (pbits+7) >> 3; | |
136 | if (pbits > hashlen*8) { | |
137 | if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; } | |
138 | } | |
139 | else if (pbits % 8 == 0) { | |
140 | if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, pbytes)) != CRYPT_OK) { goto error; } | |
141 | } | |
142 | else { | |
143 | shift_right = 8 - pbits % 8; | |
144 | for (i=0, ch=0; i<pbytes; i++) { | |
145 | buf[i] = ch; | |
146 | ch = (hash[i] << (8-shift_right)); | |
147 | buf[i] = buf[i] ^ (hash[i] >> shift_right); | |
148 | } | |
149 | if ((err = mp_read_unsigned_bin(e, (unsigned char *)buf, pbytes)) != CRYPT_OK) { goto error; } | |
150 | } | |
151 | ||
152 | /* decompress point from r=(x mod p) - BEWARE: requires sqrtmod_prime */ | |
153 | /* x = r + p*(recid/2) */ | |
154 | if ((err = mp_set(x, recid/2)) != CRYPT_OK) { goto error; } | |
155 | if ((err = mp_mulmod(p, x, m, x)) != CRYPT_OK) { goto error; } | |
156 | if ((err = mp_add(x, r, x)) != CRYPT_OK) { goto error; } | |
157 | /* compute x^3 */ | |
158 | if ((err = mp_sqr(x, t1)) != CRYPT_OK) { goto error; } | |
159 | if ((err = mp_mulmod(t1, x, m, t1)) != CRYPT_OK) { goto error; } | |
160 | /* compute x^3 + a*x */ | |
161 | if ((err = mp_mulmod(a, x, m, t2)) != CRYPT_OK) { goto error; } | |
162 | if ((err = mp_add(t1, t2, t1)) != CRYPT_OK) { goto error; } | |
163 | /* compute x^3 + a*x + b */ | |
164 | if ((err = mp_add(t1, b, t1)) != CRYPT_OK) { goto error; } | |
165 | /* compute sqrt(x^3 + a*x + b) */ | |
166 | if ((err = mp_sqrtmod_prime(t1, m, t2)) != CRYPT_OK) { goto error; } | |
167 | ||
168 | /* fill in mR */ | |
169 | if ((err = mp_copy(x, mR->x)) != CRYPT_OK) { goto error; } | |
170 | if ((mp_isodd(t2) && (recid%2)) || (!mp_isodd(t2) && !(recid%2))) { | |
171 | if ((err = mp_mod(t2, m, mR->y)) != CRYPT_OK) { goto error; } | |
172 | } | |
173 | else { | |
174 | if ((err = mp_submod(m, t2, m, mR->y)) != CRYPT_OK) { goto error; } | |
175 | } | |
176 | if ((err = mp_set(mR->z, 1)) != CRYPT_OK) { goto error; } | |
177 | ||
178 | /* w = r^-1 mod n */ | |
179 | if ((err = mp_invmod(r, p, w)) != CRYPT_OK) { goto error; } | |
180 | /* v1 = sw */ | |
181 | if ((err = mp_mulmod(s, w, p, v1)) != CRYPT_OK) { goto error; } | |
182 | /* v2 = -ew */ | |
183 | if ((err = mp_mulmod(e, w, p, v2)) != CRYPT_OK) { goto error; } | |
184 | if ((err = mp_submod(p, v2, p, v2)) != CRYPT_OK) { goto error; } | |
185 | ||
186 | /* w = s^-1 mod n */ | |
187 | if ((err = mp_invmod(s, p, w)) != CRYPT_OK) { goto error; } | |
188 | /* u1 = ew */ | |
189 | if ((err = mp_mulmod(e, w, p, u1)) != CRYPT_OK) { goto error; } | |
190 | /* u2 = rw */ | |
191 | if ((err = mp_mulmod(r, w, p, u2)) != CRYPT_OK) { goto error; } | |
192 | ||
193 | /* find mG */ | |
194 | if ((err = ltc_ecc_copy_point(&key->dp.base, mG)) != CRYPT_OK) { goto error; } | |
195 | ||
196 | /* find the montgomery mp */ | |
197 | if ((err = mp_montgomery_setup(m, &mp)) != CRYPT_OK) { goto error; } | |
198 | ||
199 | /* for curves with a == -3 keep ma == NULL */ | |
200 | if (mp_cmp(a_plus3, m) != LTC_MP_EQ) { | |
201 | if ((err = mp_init_multi(&mu, &ma, NULL)) != CRYPT_OK) { goto error; } | |
202 | if ((err = mp_montgomery_normalization(mu, m)) != CRYPT_OK) { goto error; } | |
203 | if ((err = mp_mulmod(a, mu, m, ma)) != CRYPT_OK) { goto error; } | |
204 | } | |
205 | ||
206 | /* recover mQ from mR */ | |
207 | /* compute v1*mR + v2*mG = mQ using Shamir's trick */ | |
208 | if ((err = ltc_mp.ecc_mul2add(mR, v1, mG, v2, mQ, ma, m)) != CRYPT_OK) { goto error; } | |
209 | ||
210 | /* compute u1*mG + u2*mQ = mG using Shamir's trick */ | |
211 | if ((err = ltc_mp.ecc_mul2add(mG, u1, mQ, u2, mG, ma, m)) != CRYPT_OK) { goto error; } | |
212 | ||
213 | /* v = X_x1 mod n */ | |
214 | if ((err = mp_mod(mG->x, p, v)) != CRYPT_OK) { goto error; } | |
215 | ||
216 | /* does v == r */ | |
217 | if (mp_cmp(v, r) == LTC_MP_EQ) { | |
218 | /* found public key which verifies signature */ | |
219 | if ((err = ltc_ecc_copy_point(mQ, &key->pubkey)) != CRYPT_OK) { goto error; } | |
220 | /* point on the curve + other checks */ | |
221 | if ((err = ltc_ecc_verify_key(key)) != CRYPT_OK) { goto error; } | |
222 | ||
223 | key->type = PK_PUBLIC; | |
224 | ||
225 | err = CRYPT_OK; | |
226 | } | |
227 | else { | |
228 | /* not found - recid is wrong or we're unable to calculate public key for some other reason */ | |
229 | err = CRYPT_INVALID_ARG; | |
230 | } | |
231 | ||
232 | error: | |
233 | if (ma != NULL) mp_clear(ma); | |
234 | if (mu != NULL) mp_clear(mu); | |
235 | if (mp != NULL) mp_montgomery_free(mp); | |
236 | if (mR != NULL) ltc_ecc_del_point(mR); | |
237 | if (mQ != NULL) ltc_ecc_del_point(mQ); | |
238 | if (mG != NULL) ltc_ecc_del_point(mG); | |
239 | mp_clear_multi(a_plus3, y, x, e, v2, v1, u2, u1, t2, t1, w, v, s, r, NULL); | |
240 | return err; | |
241 | } | |
242 | ||
243 | #endif | |
244 | #endif | |
245 | ||
246 | /* ref: $Format:%D$ */ | |
247 | /* git commit: $Format:%H$ */ | |
248 | /* commit time: $Format:%ai$ */ |
15 | 15 | ECC Crypto, Tom St Denis |
16 | 16 | */ |
17 | 17 | |
18 | static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, | |
19 | unsigned char *out, unsigned long *outlen, | |
20 | prng_state *prng, int wprng, const ecc_key *key, int sigformat) | |
18 | /** | |
19 | Sign a message digest | |
20 | @param in The message digest to sign | |
21 | @param inlen The length of the digest | |
22 | @param out [out] The destination for the signature | |
23 | @param outlen [in/out] The max size and resulting size of the signature | |
24 | @param prng An active PRNG state | |
25 | @param wprng The index of the PRNG you wish to use | |
26 | @param sigformat The format of the signature to generate (ecc_signature_type) | |
27 | @param recid [out] The recovery ID for this signature (optional) | |
28 | @param key A private ECC key | |
29 | @return CRYPT_OK if successful | |
30 | */ | |
31 | int ecc_sign_hash_ex(const unsigned char *in, unsigned long inlen, | |
32 | unsigned char *out, unsigned long *outlen, | |
33 | prng_state *prng, int wprng, ecc_signature_type sigformat, | |
34 | int *recid, const ecc_key *key) | |
21 | 35 | { |
22 | 36 | ecc_key pubkey; |
23 | 37 | void *r, *s, *e, *p, *b; |
38 | int v = 0; | |
24 | 39 | int err, max_iterations = LTC_PK_MAX_RETRIES; |
25 | 40 | unsigned long pbits, pbytes, i, shift_right; |
26 | 41 | unsigned char ch, buf[MAXBLOCKSIZE]; |
68 | 83 | /* find r = x1 mod n */ |
69 | 84 | if ((err = mp_mod(pubkey.pubkey.x, p, r)) != CRYPT_OK) { goto error; } |
70 | 85 | |
86 | if (recid || sigformat==LTC_ECCSIG_ETH27) { | |
87 | /* find recovery ID (if needed) */ | |
88 | v = 0; | |
89 | if (mp_copy(pubkey.pubkey.x, s) != CRYPT_OK) { goto error; } | |
90 | while (mp_cmp_d(s, 0) == LTC_MP_GT && mp_cmp(s, p) != LTC_MP_LT) { | |
91 | /* Compute x1 div n... this will almost never be reached for curves with order 1 */ | |
92 | v += 2; | |
93 | if ((err = mp_sub(s, p, s)) != CRYPT_OK) { goto error; } | |
94 | } | |
95 | if (mp_isodd(pubkey.pubkey.y)) v += 1; | |
96 | } | |
97 | ||
71 | 98 | if (mp_iszero(r) == LTC_MP_YES) { |
72 | 99 | ecc_free(&pubkey); |
73 | 100 | } else { |
91 | 118 | goto errnokey; |
92 | 119 | } |
93 | 120 | |
94 | if (sigformat == 1) { | |
95 | /* RFC7518 format */ | |
121 | if (recid) *recid = v; | |
122 | ||
123 | if (sigformat == LTC_ECCSIG_ANSIX962) { | |
124 | /* store as ASN.1 SEQUENCE { r, s -- integer } */ | |
125 | err = der_encode_sequence_multi(out, outlen, | |
126 | LTC_ASN1_INTEGER, 1UL, r, | |
127 | LTC_ASN1_INTEGER, 1UL, s, | |
128 | LTC_ASN1_EOL, 0UL, NULL); | |
129 | } | |
130 | else if (sigformat == LTC_ECCSIG_RFC7518) { | |
131 | /* RFC7518 format - raw (r,s) */ | |
96 | 132 | if (*outlen < 2*pbytes) { err = CRYPT_MEM; goto errnokey; } |
97 | 133 | zeromem(out, 2*pbytes); |
98 | 134 | i = mp_unsigned_bin_size(r); |
102 | 138 | *outlen = 2*pbytes; |
103 | 139 | err = CRYPT_OK; |
104 | 140 | } |
141 | else if (sigformat == LTC_ECCSIG_ETH27) { | |
142 | /* Ethereum (v,r,s) format */ | |
143 | if (key->dp.oidlen != 5 || key->dp.oid[0] != 1 || key->dp.oid[1] != 3 || | |
144 | key->dp.oid[2] != 132 || key->dp.oid[3] != 0 || key->dp.oid[4] != 10) { | |
145 | /* Only valid for secp256k1 - OID 1.3.132.0.10 */ | |
146 | err = CRYPT_ERROR; goto errnokey; | |
147 | } | |
148 | if (*outlen < 65) { err = CRYPT_MEM; goto errnokey; } | |
149 | zeromem(out, 65); | |
150 | i = mp_unsigned_bin_size(r); | |
151 | if ((err = mp_to_unsigned_bin(r, out + 32 - i)) != CRYPT_OK) { goto errnokey; } | |
152 | i = mp_unsigned_bin_size(s); | |
153 | if ((err = mp_to_unsigned_bin(s, out + 64 - i)) != CRYPT_OK) { goto errnokey; } | |
154 | out[64] = (unsigned char)(v + 27); /* Recovery ID is 27/28 for Ethereum */ | |
155 | *outlen = 65; | |
156 | err = CRYPT_OK; | |
157 | } | |
105 | 158 | else { |
106 | /* store as ASN.1 SEQUENCE { r, s -- integer } */ | |
107 | err = der_encode_sequence_multi(out, outlen, | |
108 | LTC_ASN1_INTEGER, 1UL, r, | |
109 | LTC_ASN1_INTEGER, 1UL, s, | |
110 | LTC_ASN1_EOL, 0UL, NULL); | |
159 | /* Unknown signature format */ | |
160 | err = CRYPT_ERROR; | |
161 | goto error; | |
111 | 162 | } |
163 | ||
112 | 164 | goto errnokey; |
113 | 165 | error: |
114 | 166 | ecc_free(&pubkey); |
117 | 169 | return err; |
118 | 170 | } |
119 | 171 | |
120 | /** | |
121 | Sign a message digest | |
122 | @param in The message digest to sign | |
123 | @param inlen The length of the digest | |
124 | @param out [out] The destination for the signature | |
125 | @param outlen [in/out] The max size and resulting size of the signature | |
126 | @param prng An active PRNG state | |
127 | @param wprng The index of the PRNG you wish to use | |
128 | @param key A private ECC key | |
129 | @return CRYPT_OK if successful | |
130 | */ | |
131 | int ecc_sign_hash(const unsigned char *in, unsigned long inlen, | |
132 | unsigned char *out, unsigned long *outlen, | |
133 | prng_state *prng, int wprng, const ecc_key *key) | |
134 | { | |
135 | return _ecc_sign_hash(in, inlen, out, outlen, prng, wprng, key, 0); | |
136 | } | |
137 | ||
138 | /** | |
139 | Sign a message digest in RFC7518 format | |
140 | @param in The message digest to sign | |
141 | @param inlen The length of the digest | |
142 | @param out [out] The destination for the signature | |
143 | @param outlen [in/out] The max size and resulting size of the signature | |
144 | @param prng An active PRNG state | |
145 | @param wprng The index of the PRNG you wish to use | |
146 | @param key A private ECC key | |
147 | @return CRYPT_OK if successful | |
148 | */ | |
149 | int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen, | |
150 | unsigned char *out, unsigned long *outlen, | |
151 | prng_state *prng, int wprng, const ecc_key *key) | |
152 | { | |
153 | return _ecc_sign_hash(in, inlen, out, outlen, prng, wprng, key, 1); | |
154 | } | |
155 | ||
156 | 172 | #endif |
157 | 173 | |
158 | 174 | /* ref: $Format:%D$ */ |
15 | 15 | ECC Crypto, Tom St Denis |
16 | 16 | */ |
17 | 17 | |
18 | static int _ecc_verify_hash(const unsigned char *sig, unsigned long siglen, | |
19 | const unsigned char *hash, unsigned long hashlen, | |
20 | int *stat, const ecc_key *key, int sigformat) | |
18 | /** | |
19 | Verify an ECC signature in RFC7518 format | |
20 | @param sig The signature to verify | |
21 | @param siglen The length of the signature (octets) | |
22 | @param hash The hash (message digest) that was signed | |
23 | @param hashlen The length of the hash (octets) | |
24 | @param sigformat The format of the signature (ecc_signature_type) | |
25 | @param stat Result of signature, 1==valid, 0==invalid | |
26 | @param key The corresponding public ECC key | |
27 | @return CRYPT_OK if successful (even if the signature is not valid) | |
28 | */ | |
29 | int ecc_verify_hash_ex(const unsigned char *sig, unsigned long siglen, | |
30 | const unsigned char *hash, unsigned long hashlen, | |
31 | ecc_signature_type sigformat, int *stat, const ecc_key *key) | |
21 | 32 | { |
22 | ecc_point *mG = NULL, *mQ = NULL; | |
23 | void *r, *s, *v, *w, *u1, *u2, *e, *p, *m, *a, *a_plus3 = NULL, *mu = NULL, *ma = NULL; | |
33 | ecc_point *mG = NULL, *mQ = NULL; | |
34 | void *r, *s, *v, *w, *u1, *u2, *e, *p, *m, *a, *a_plus3; | |
35 | void *mu = NULL, *ma = NULL; | |
24 | 36 | void *mp = NULL; |
25 | 37 | int err; |
26 | 38 | unsigned long pbits, pbytes, i, shift_right; |
54 | 66 | goto error; |
55 | 67 | } |
56 | 68 | |
57 | if (sigformat == 1) { | |
58 | /* RFC7518 format */ | |
59 | if ((siglen % 2) == 1) { | |
60 | err = CRYPT_INVALID_PACKET; | |
61 | goto error; | |
62 | } | |
63 | i = siglen / 2; | |
64 | if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, i)) != CRYPT_OK) { goto error; } | |
65 | if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+i, i)) != CRYPT_OK) { goto error; } | |
66 | } | |
67 | else { | |
68 | /* ASN.1 format */ | |
69 | if (sigformat == LTC_ECCSIG_ANSIX962) { | |
70 | /* ANSI X9.62 format - ASN.1 encoded SEQUENCE{ INTEGER(r), INTEGER(s) } */ | |
69 | 71 | if ((err = der_decode_sequence_multi_ex(sig, siglen, LTC_DER_SEQ_SEQUENCE | LTC_DER_SEQ_STRICT, |
70 | 72 | LTC_ASN1_INTEGER, 1UL, r, |
71 | 73 | LTC_ASN1_INTEGER, 1UL, s, |
72 | 74 | LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto error; } |
75 | } | |
76 | else if (sigformat == LTC_ECCSIG_RFC7518) { | |
77 | /* RFC7518 format - raw (r,s) */ | |
78 | i = mp_unsigned_bin_size(key->dp.order); | |
79 | if (siglen != (2*i)) { | |
80 | err = CRYPT_INVALID_PACKET; | |
81 | goto error; | |
82 | } | |
83 | if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, i)) != CRYPT_OK) { goto error; } | |
84 | if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+i, i)) != CRYPT_OK) { goto error; } | |
85 | } | |
86 | else if (sigformat == LTC_ECCSIG_ETH27) { | |
87 | /* Ethereum (v,r,s) format */ | |
88 | if (key->dp.oidlen != 5 || key->dp.oid[0] != 1 || key->dp.oid[1] != 3 || | |
89 | key->dp.oid[2] != 132 || key->dp.oid[3] != 0 || key->dp.oid[4] != 10) { | |
90 | /* Only valid for secp256k1 - OID 1.3.132.0.10 */ | |
91 | err = CRYPT_ERROR; goto error; | |
92 | } | |
93 | if (siglen != 65) { /* Only secp256k1 curves use this format, so must be 65 bytes long */ | |
94 | err = CRYPT_INVALID_PACKET; | |
95 | goto error; | |
96 | } | |
97 | if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, 32)) != CRYPT_OK) { goto error; } | |
98 | if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+32, 32)) != CRYPT_OK) { goto error; } | |
99 | } | |
100 | else { | |
101 | /* Unknown signature format */ | |
102 | err = CRYPT_ERROR; | |
103 | goto error; | |
73 | 104 | } |
74 | 105 | |
75 | 106 | /* check for zero */ |
152 | 183 | if (mu != NULL) mp_clear(mu); |
153 | 184 | if (ma != NULL) mp_clear(ma); |
154 | 185 | mp_clear_multi(r, s, v, w, u1, u2, e, a_plus3, NULL); |
155 | if (mp != NULL) { | |
156 | mp_montgomery_free(mp); | |
157 | } | |
186 | if (mp != NULL) mp_montgomery_free(mp); | |
158 | 187 | return err; |
159 | } | |
160 | ||
161 | /** | |
162 | Verify an ECC signature | |
163 | @param sig The signature to verify | |
164 | @param siglen The length of the signature (octets) | |
165 | @param hash The hash (message digest) that was signed | |
166 | @param hashlen The length of the hash (octets) | |
167 | @param stat Result of signature, 1==valid, 0==invalid | |
168 | @param key The corresponding public ECC key | |
169 | @return CRYPT_OK if successful (even if the signature is not valid) | |
170 | */ | |
171 | int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, | |
172 | const unsigned char *hash, unsigned long hashlen, | |
173 | int *stat, const ecc_key *key) | |
174 | { | |
175 | return _ecc_verify_hash(sig, siglen, hash, hashlen, stat, key, 0); | |
176 | } | |
177 | ||
178 | /** | |
179 | Verify an ECC signature in RFC7518 format | |
180 | @param sig The signature to verify | |
181 | @param siglen The length of the signature (octets) | |
182 | @param hash The hash (message digest) that was signed | |
183 | @param hashlen The length of the hash (octets) | |
184 | @param stat Result of signature, 1==valid, 0==invalid | |
185 | @param key The corresponding public ECC key | |
186 | @return CRYPT_OK if successful (even if the signature is not valid) | |
187 | */ | |
188 | int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen, | |
189 | const unsigned char *hash, unsigned long hashlen, | |
190 | int *stat, const ecc_key *key) | |
191 | { | |
192 | return _ecc_verify_hash(sig, siglen, hash, hashlen, stat, key, 1); | |
193 | 188 | } |
194 | 189 | |
195 | 190 | #endif |
55 | 55 | unsigned char *buf1 = NULL, *buf2 = NULL; |
56 | 56 | unsigned long buf1len, buf2len; |
57 | 57 | unsigned long oid[16]; |
58 | oid_st rsaoid; | |
58 | const char *rsaoid; | |
59 | 59 | ltc_asn1_list alg_seq[2], top_seq[3]; |
60 | ltc_asn1_list alg_seq_e[2], key_seq_e[2], top_seq_e[2]; | |
60 | ltc_asn1_list *l = NULL; | |
61 | 61 | unsigned char *decrypted = NULL; |
62 | 62 | unsigned long decryptedlen; |
63 | 63 | |
82 | 82 | if (err != CRYPT_OK) { goto LBL_FREE2; } |
83 | 83 | |
84 | 84 | /* try to decode encrypted priv key */ |
85 | LTC_SET_ASN1(key_seq_e, 0, LTC_ASN1_OCTET_STRING, buf1, buf1len); | |
86 | LTC_SET_ASN1(key_seq_e, 1, LTC_ASN1_INTEGER, iter, 1UL); | |
87 | LTC_SET_ASN1(alg_seq_e, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL); | |
88 | LTC_SET_ASN1(alg_seq_e, 1, LTC_ASN1_SEQUENCE, key_seq_e, 2UL); | |
89 | LTC_SET_ASN1(top_seq_e, 0, LTC_ASN1_SEQUENCE, alg_seq_e, 2UL); | |
90 | LTC_SET_ASN1(top_seq_e, 1, LTC_ASN1_OCTET_STRING, buf2, buf2len); | |
91 | err=der_decode_sequence(in, inlen, top_seq_e, 2UL); | |
92 | if (err == CRYPT_OK) { | |
93 | LTC_UNUSED_PARAM(passwd); | |
94 | LTC_UNUSED_PARAM(passwdlen); | |
95 | /* XXX: TODO encrypted pkcs8 not implemented yet */ | |
96 | /* fprintf(stderr, "decrypt: iter=%ld salt.len=%ld encdata.len=%ld\n", mp_get_int(iter), key_seq_e[0].size, top_seq_e[1].size); */ | |
97 | err = CRYPT_PK_INVALID_TYPE; | |
85 | if ((err = pkcs8_decode_flexi(in, inlen, passwd, passwdlen, &l)) != CRYPT_OK) { | |
98 | 86 | goto LBL_ERR; |
99 | 87 | } |
100 | else { | |
101 | decrypted = (unsigned char *)in; | |
102 | decryptedlen = inlen; | |
103 | } | |
88 | decrypted = l->data; | |
89 | decryptedlen = l->size; | |
104 | 90 | |
105 | 91 | /* try to decode unencrypted priv key */ |
106 | 92 | LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL); |
112 | 98 | if (err != CRYPT_OK) { goto LBL_ERR; } |
113 | 99 | |
114 | 100 | /* check alg oid */ |
115 | if ((alg_seq[0].size != rsaoid.OIDlen) || | |
116 | XMEMCMP(rsaoid.OID, alg_seq[0].data, rsaoid.OIDlen * sizeof(rsaoid.OID[0])) != 0) { | |
117 | err = CRYPT_PK_INVALID_TYPE; | |
101 | if ((err = pk_oid_cmp_with_asn1(rsaoid, &alg_seq[0])) != CRYPT_OK) { | |
118 | 102 | goto LBL_ERR; |
119 | 103 | } |
120 | 104 | |
137 | 121 | LBL_ERR: |
138 | 122 | rsa_free(key); |
139 | 123 | LBL_FREE2: |
124 | if (l) der_free_sequence_flexi(l); | |
140 | 125 | mp_clear_multi(iter, zero, NULL); |
141 | 126 | XFREE(buf2); |
142 | 127 | LBL_FREE1: |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | ||
9 | #include "tomcrypt_private.h" | |
10 | ||
11 | #ifdef LTC_CHACHA | |
12 | ||
13 | /** | |
14 | Encrypt (or decrypt) bytes of ciphertext (or plaintext) with ChaCha | |
15 | @param key The key | |
16 | @param keylen The key length | |
17 | @param iv The initial vector | |
18 | @param ivlen The initial vector length | |
19 | @param datain The plaintext (or ciphertext) | |
20 | @param datalen The length of the input and output (octets) | |
21 | @param rounds The number of rounds | |
22 | @param dataout [out] The ciphertext (or plaintext) | |
23 | @return CRYPT_OK if successful | |
24 | */ | |
25 | int chacha_memory(const unsigned char *key, unsigned long keylen, unsigned long rounds, | |
26 | const unsigned char *iv, unsigned long ivlen, ulong64 counter, | |
27 | const unsigned char *datain, unsigned long datalen, unsigned char *dataout) | |
28 | { | |
29 | chacha_state st; | |
30 | int err; | |
31 | ||
32 | LTC_ARGCHK(ivlen <= 8 || counter < 4294967296); /* 2**32 */ | |
33 | ||
34 | if ((err = chacha_setup(&st, key, keylen, rounds)) != CRYPT_OK) goto WIPE_KEY; | |
35 | if (ivlen > 8) { | |
36 | if ((err = chacha_ivctr32(&st, iv, ivlen, counter)) != CRYPT_OK) goto WIPE_KEY; | |
37 | } else { | |
38 | if ((err = chacha_ivctr64(&st, iv, ivlen, counter)) != CRYPT_OK) goto WIPE_KEY; | |
39 | } | |
40 | err = chacha_crypt(&st, datain, datalen, dataout); | |
41 | WIPE_KEY: | |
42 | chacha_done(&st); | |
43 | return err; | |
44 | } | |
45 | ||
46 | #endif /* LTC_CHACHA */ | |
47 | ||
48 | /* ref: $Format:%D$ */ | |
49 | /* git commit: $Format:%H$ */ | |
50 | /* commit time: $Format:%ai$ */ |
420 | 420 | if ((err = rabbit_crypt(&st, (unsigned char*)pt + 5, 29, out + 5)) != CRYPT_OK) return err; |
421 | 421 | if ((err = rabbit_crypt(&st, (unsigned char*)pt + 34, 5, out + 34)) != CRYPT_OK) return err; |
422 | 422 | if (compare_testvector(out, ptlen, ct, ptlen, "RABBIT-TV3", 1)) return CRYPT_FAIL_TESTVECTOR; |
423 | ||
424 | /* --- Test 4 (crypt in a single call) ------------------------------------ */ | |
425 | ||
426 | if ((err = rabbit_memory(k, sizeof(k), iv, sizeof(iv), | |
427 | (unsigned char*)pt, sizeof(pt), out)) != CRYPT_OK) return err; | |
428 | if (compare_testvector(out, ptlen, ct, ptlen, "RABBIT-TV4", 1)) return CRYPT_FAIL_TESTVECTOR; | |
423 | 429 | /* use 'out' (ciphertext) in the next decryption test */ |
424 | 430 | |
425 | /* --- Test 4 (decrypt ciphertext) ------------------------------------ */ | |
431 | /* --- Test 5 (decrypt ciphertext) ------------------------------------ */ | |
426 | 432 | |
427 | 433 | /* decrypt ct (out) and compare with pt (start with only setiv() to reset) */ |
428 | 434 | if ((err = rabbit_setiv(&st, iv, sizeof(iv))) != CRYPT_OK) return err; |
429 | 435 | if ((err = rabbit_crypt(&st, out, ptlen, out2)) != CRYPT_OK) return err; |
430 | if (compare_testvector(out2, ptlen, pt, ptlen, "RABBIT-TV4", 1)) return CRYPT_FAIL_TESTVECTOR; | |
431 | ||
432 | /* --- Test 5 (wipe state, incl key) ---------------------------------- */ | |
436 | if (compare_testvector(out2, ptlen, pt, ptlen, "RABBIT-TV5", 1)) return CRYPT_FAIL_TESTVECTOR; | |
437 | ||
438 | /* --- Test 6 (wipe state, incl key) ---------------------------------- */ | |
433 | 439 | |
434 | 440 | if ((err = rabbit_done(&st)) != CRYPT_OK) return err; |
435 | if (compare_testvector(&st, sizeof(st), nulls, sizeof(st), "RABBIT-TV5", 1)) return CRYPT_FAIL_TESTVECTOR; | |
441 | if (compare_testvector(&st, sizeof(st), nulls, sizeof(st), "RABBIT-TV6", 1)) return CRYPT_FAIL_TESTVECTOR; | |
436 | 442 | |
437 | 443 | } |
438 | 444 |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | ||
9 | /* The implementation is based on: | |
10 | * chacha-ref.c version 20080118 | |
11 | * Public domain from D. J. Bernstein | |
12 | */ | |
13 | ||
14 | #include "tomcrypt_private.h" | |
15 | ||
16 | #ifdef LTC_RABBIT | |
17 | ||
18 | /** | |
19 | Encrypt (or decrypt) bytes of ciphertext (or plaintext) with Rabbit | |
20 | @param key The key | |
21 | @param keylen The key length | |
22 | @param iv The initial vector | |
23 | @param ivlen The initial vector length | |
24 | @param datain The plaintext (or ciphertext) | |
25 | @param datalen The length of the input and output (octets) | |
26 | @param dataout [out] The ciphertext (or plaintext) | |
27 | @return CRYPT_OK if successful | |
28 | */ | |
29 | int rabbit_memory(const unsigned char *key, unsigned long keylen, | |
30 | const unsigned char *iv, unsigned long ivlen, | |
31 | const unsigned char *datain, unsigned long datalen, | |
32 | unsigned char *dataout) | |
33 | { | |
34 | rabbit_state st; | |
35 | int err; | |
36 | ||
37 | if ((err = rabbit_setup(&st, key, keylen)) != CRYPT_OK) goto WIPE_KEY; | |
38 | if ((err = rabbit_setiv(&st, iv, ivlen)) != CRYPT_OK) goto WIPE_KEY; | |
39 | err = rabbit_crypt(&st, datain, datalen, dataout); | |
40 | WIPE_KEY: | |
41 | rabbit_done(&st); | |
42 | return err; | |
43 | } | |
44 | ||
45 | #endif /* LTC_RABBIT */ | |
46 | ||
47 | /* ref: $Format:%D$ */ | |
48 | /* git commit: $Format:%H$ */ | |
49 | /* commit time: $Format:%ai$ */ |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | ||
9 | #include "tomcrypt_private.h" | |
10 | ||
11 | #ifdef LTC_RC4_STREAM | |
12 | ||
13 | /** | |
14 | Encrypt (or decrypt) bytes of ciphertext (or plaintext) with RC4 | |
15 | @param key The key | |
16 | @param keylen The key length | |
17 | @param datain The plaintext (or ciphertext) | |
18 | @param datalen The length of the input and output (octets) | |
19 | @param dataout [out] The ciphertext (or plaintext) | |
20 | @return CRYPT_OK if successful | |
21 | */ | |
22 | int rc4_stream_memory(const unsigned char *key, unsigned long keylen, | |
23 | const unsigned char *datain, unsigned long datalen, | |
24 | unsigned char *dataout) | |
25 | { | |
26 | rc4_state st; | |
27 | int err; | |
28 | ||
29 | if ((err = rc4_stream_setup(&st, key, keylen)) != CRYPT_OK) goto WIPE_KEY; | |
30 | err = rc4_stream_crypt(&st, datain, datalen, dataout); | |
31 | WIPE_KEY: | |
32 | rc4_stream_done(&st); | |
33 | return err; | |
34 | } | |
35 | ||
36 | #endif /* LTC_RC4_STREAM */ | |
37 | ||
38 | /* ref: $Format:%D$ */ | |
39 | /* git commit: $Format:%H$ */ | |
40 | /* commit time: $Format:%ai$ */ |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | ||
9 | #include "tomcrypt_private.h" | |
10 | ||
11 | #ifdef LTC_SALSA20 | |
12 | ||
13 | /** | |
14 | Encrypt (or decrypt) bytes of ciphertext (or plaintext) with Salsa20 | |
15 | @param key The key | |
16 | @param keylen The key length | |
17 | @param iv The initial vector | |
18 | @param ivlen The initial vector length | |
19 | @param datain The plaintext (or ciphertext) | |
20 | @param datalen The length of the input and output (octets) | |
21 | @param rounds The number of rounds | |
22 | @param dataout [out] The ciphertext (or plaintext) | |
23 | @return CRYPT_OK if successful | |
24 | */ | |
25 | int salsa20_memory(const unsigned char *key, unsigned long keylen, unsigned long rounds, | |
26 | const unsigned char *iv, unsigned long ivlen, ulong64 counter, | |
27 | const unsigned char *datain, unsigned long datalen, unsigned char *dataout) | |
28 | { | |
29 | salsa20_state st; | |
30 | int err; | |
31 | ||
32 | if ((err = salsa20_setup(&st, key, keylen, rounds)) != CRYPT_OK) goto WIPE_KEY; | |
33 | if ((err = salsa20_ivctr64(&st, iv, ivlen, counter)) != CRYPT_OK) goto WIPE_KEY; | |
34 | err = salsa20_crypt(&st, datain, datalen, dataout); | |
35 | WIPE_KEY: | |
36 | salsa20_done(&st); | |
37 | return err; | |
38 | } | |
39 | ||
40 | #endif /* LTC_SALSA20 */ | |
41 | ||
42 | /* ref: $Format:%D$ */ | |
43 | /* git commit: $Format:%H$ */ | |
44 | /* commit time: $Format:%ai$ */ |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | ||
9 | #include "tomcrypt_private.h" | |
10 | ||
11 | #ifdef LTC_XSALSA20 | |
12 | ||
13 | /** | |
14 | Encrypt (or decrypt) bytes of ciphertext (or plaintext) with XSalsa20 | |
15 | @param key The key | |
16 | @param keylen The key length | |
17 | @param nonce The initial vector | |
18 | @param noncelen The initial vector length | |
19 | @param datain The plaintext (or ciphertext) | |
20 | @param datalen The length of the input and output (octets) | |
21 | @param rounds The number of rounds | |
22 | @param dataout [out] The ciphertext (or plaintext) | |
23 | @return CRYPT_OK if successful | |
24 | */ | |
25 | int xsalsa20_memory(const unsigned char *key, unsigned long keylen, unsigned long rounds, | |
26 | const unsigned char *nonce, unsigned long noncelen, | |
27 | const unsigned char *datain, unsigned long datalen, unsigned char *dataout) | |
28 | { | |
29 | salsa20_state st; | |
30 | int err; | |
31 | ||
32 | if ((err = xsalsa20_setup(&st, key, keylen, nonce, noncelen, rounds)) != CRYPT_OK) goto WIPE_KEY; | |
33 | err = salsa20_crypt(&st, datain, datalen, dataout); | |
34 | WIPE_KEY: | |
35 | salsa20_done(&st); | |
36 | return err; | |
37 | } | |
38 | ||
39 | #endif /* LTC_XSALSA20 */ | |
40 | ||
41 | /* ref: $Format:%D$ */ | |
42 | /* git commit: $Format:%H$ */ | |
43 | /* commit time: $Format:%ai$ */ |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | ||
9 | #include "tomcrypt_private.h" | |
10 | ||
11 | #ifdef LTC_SOBER128_STREAM | |
12 | ||
13 | /** | |
14 | Encrypt (or decrypt) bytes of ciphertext (or plaintext) with SOBER128 | |
15 | @param key The key | |
16 | @param keylen The key length | |
17 | @param iv The initial vector | |
18 | @param ivlen The initial vector length | |
19 | @param datain The plaintext (or ciphertext) | |
20 | @param datalen The length of the input and output (octets) | |
21 | @param dataout [out] The ciphertext (or plaintext) | |
22 | @return CRYPT_OK if successful | |
23 | */ | |
24 | int sober128_stream_memory(const unsigned char *key, unsigned long keylen, | |
25 | const unsigned char *iv, unsigned long ivlen, | |
26 | const unsigned char *datain, unsigned long datalen, | |
27 | unsigned char *dataout) | |
28 | { | |
29 | sober128_state st; | |
30 | int err; | |
31 | ||
32 | if ((err = sober128_stream_setup(&st, key, keylen)) != CRYPT_OK) goto WIPE_KEY; | |
33 | if ((err = sober128_stream_setiv(&st, iv, ivlen)) != CRYPT_OK) goto WIPE_KEY; | |
34 | err = sober128_stream_crypt(&st, datain, datalen, dataout); | |
35 | WIPE_KEY: | |
36 | sober128_stream_done(&st); | |
37 | return err; | |
38 | } | |
39 | ||
40 | #endif /* LTC_SOBER128_STREAM */ | |
41 | ||
42 | /* ref: $Format:%D$ */ | |
43 | /* git commit: $Format:%H$ */ | |
44 | /* commit time: $Format:%ai$ */ |
195 | 195 | /* |
196 | 196 | * Initialize Sosemanuk's state by providing a key. The key is an array of |
197 | 197 | * 1 to 32 bytes. |
198 | * @param ss The Sosemanuk state | |
198 | * @param st The Sosemanuk state | |
199 | 199 | * @param key Key |
200 | 200 | * @param keylen Length of key in bytes |
201 | 201 | * @return CRYPT_OK on success |
202 | 202 | */ |
203 | int sosemanuk_setup(sosemanuk_state *ss, const unsigned char *key, unsigned long keylen) | |
203 | int sosemanuk_setup(sosemanuk_state *st, const unsigned char *key, unsigned long keylen) | |
204 | 204 | { |
205 | 205 | /* |
206 | 206 | * This key schedule is actually a truncated Serpent key schedule. |
215 | 215 | r2 = w ## o2; \ |
216 | 216 | r3 = w ## o3; \ |
217 | 217 | S(r0, r1, r2, r3, r4); \ |
218 | ss->kc[i ++] = r ## d0; \ | |
219 | ss->kc[i ++] = r ## d1; \ | |
220 | ss->kc[i ++] = r ## d2; \ | |
221 | ss->kc[i ++] = r ## d3; \ | |
218 | st->kc[i ++] = r ## d0; \ | |
219 | st->kc[i ++] = r ## d1; \ | |
220 | st->kc[i ++] = r ## d2; \ | |
221 | st->kc[i ++] = r ## d3; \ | |
222 | 222 | } while (0) |
223 | 223 | |
224 | 224 | #define SKS0 SKS(S0, 4, 5, 6, 7, 1, 4, 2, 0) |
254 | 254 | ulong32 w0, w1, w2, w3, w4, w5, w6, w7; |
255 | 255 | int i = 0; |
256 | 256 | |
257 | LTC_ARGCHK(ss != NULL); | |
257 | LTC_ARGCHK(st != NULL); | |
258 | 258 | LTC_ARGCHK(key != NULL); |
259 | 259 | LTC_ARGCHK(keylen > 0 && keylen <= 32); |
260 | 260 | |
328 | 328 | * encryptions/decryptions are to be performed with the same key and |
329 | 329 | * sosemanuk_done() has not been called, only sosemanuk_setiv() need be called |
330 | 330 | * to set the state. |
331 | * @param ss The Sosemanuk state | |
331 | * @param st The Sosemanuk state | |
332 | 332 | * @param iv Initialization vector |
333 | 333 | * @param ivlen Length of iv in bytes |
334 | 334 | * @return CRYPT_OK on success |
335 | 335 | */ |
336 | int sosemanuk_setiv(sosemanuk_state *ss, const unsigned char *iv, unsigned long ivlen) | |
336 | int sosemanuk_setiv(sosemanuk_state *st, const unsigned char *iv, unsigned long ivlen) | |
337 | 337 | { |
338 | 338 | |
339 | 339 | /* |
340 | 340 | * The Serpent key addition step. |
341 | 341 | */ |
342 | 342 | #define KA(zc, x0, x1, x2, x3) do { \ |
343 | x0 ^= ss->kc[(zc)]; \ | |
344 | x1 ^= ss->kc[(zc) + 1]; \ | |
345 | x2 ^= ss->kc[(zc) + 2]; \ | |
346 | x3 ^= ss->kc[(zc) + 3]; \ | |
343 | x0 ^= st->kc[(zc)]; \ | |
344 | x1 ^= st->kc[(zc) + 1]; \ | |
345 | x2 ^= st->kc[(zc) + 2]; \ | |
346 | x3 ^= st->kc[(zc) + 3]; \ | |
347 | 347 | } while (0) |
348 | 348 | |
349 | 349 | /* |
373 | 373 | ulong32 r0, r1, r2, r3, r4; |
374 | 374 | unsigned char ivtmp[16] = {0}; |
375 | 375 | |
376 | LTC_ARGCHK(ss != NULL); | |
376 | LTC_ARGCHK(st != NULL); | |
377 | 377 | LTC_ARGCHK(ivlen <= 16); |
378 | 378 | LTC_ARGCHK(iv != NULL || ivlen == 0); |
379 | 379 | |
403 | 403 | FSS(36, S1, 1, 3, 2, 4, 0, 2, 1, 4, 3); |
404 | 404 | FSS(40, S2, 2, 1, 4, 3, 0, 4, 3, 1, 0); |
405 | 405 | FSS(44, S3, 4, 3, 1, 0, 2, 3, 1, 0, 2); |
406 | ss->s09 = r3; | |
407 | ss->s08 = r1; | |
408 | ss->s07 = r0; | |
409 | ss->s06 = r2; | |
406 | st->s09 = r3; | |
407 | st->s08 = r1; | |
408 | st->s07 = r0; | |
409 | st->s06 = r2; | |
410 | 410 | |
411 | 411 | FSS(48, S4, 3, 1, 0, 2, 4, 1, 4, 3, 2); |
412 | 412 | FSS(52, S5, 1, 4, 3, 2, 0, 4, 2, 1, 3); |
414 | 414 | FSS(60, S7, 4, 2, 0, 1, 3, 3, 1, 2, 4); |
415 | 415 | FSS(64, S0, 3, 1, 2, 4, 0, 1, 0, 2, 3); |
416 | 416 | FSS(68, S1, 1, 0, 2, 3, 4, 2, 1, 3, 0); |
417 | ss->r1 = r2; | |
418 | ss->s04 = r1; | |
419 | ss->r2 = r3; | |
420 | ss->s05 = r0; | |
417 | st->r1 = r2; | |
418 | st->s04 = r1; | |
419 | st->r2 = r3; | |
420 | st->s05 = r0; | |
421 | 421 | |
422 | 422 | FSS(72, S2, 2, 1, 3, 0, 4, 3, 0, 1, 4); |
423 | 423 | FSS(76, S3, 3, 0, 1, 4, 2, 0, 1, 4, 2); |
425 | 425 | FSS(84, S5, 1, 3, 0, 2, 4, 3, 2, 1, 0); |
426 | 426 | FSS(88, S6, 3, 2, 1, 0, 4, 3, 2, 4, 1); |
427 | 427 | FSF(92, S7, 3, 2, 4, 1, 0, 0, 1, 2, 3); |
428 | ss->s03 = r0; | |
429 | ss->s02 = r1; | |
430 | ss->s01 = r2; | |
431 | ss->s00 = r3; | |
432 | ||
433 | ss->ptr = sizeof(ss->buf); | |
428 | st->s03 = r0; | |
429 | st->s02 = r1; | |
430 | st->s01 = r2; | |
431 | st->s00 = r3; | |
432 | ||
433 | st->ptr = sizeof(st->buf); | |
434 | 434 | |
435 | 435 | #undef KA |
436 | 436 | #undef FSS |
584 | 584 | * Compute the next block of bits of output stream. This is equivalent |
585 | 585 | * to one full rotation of the shift register. |
586 | 586 | */ |
587 | static LTC_INLINE void _sosemanuk_internal(sosemanuk_state *ss) | |
587 | static LTC_INLINE void _sosemanuk_internal(sosemanuk_state *st) | |
588 | 588 | { |
589 | 589 | /* |
590 | 590 | * MUL_A(x) computes alpha * x (in F_{2^32}). |
655 | 655 | */ |
656 | 656 | #define SRD(S, x0, x1, x2, x3, ooff) do { \ |
657 | 657 | S(u0, u1, u2, u3, u4); \ |
658 | STORE32L(u ## x0 ^ v0, ss->buf + ooff); \ | |
659 | STORE32L(u ## x1 ^ v1, ss->buf + ooff + 4); \ | |
660 | STORE32L(u ## x2 ^ v2, ss->buf + ooff + 8); \ | |
661 | STORE32L(u ## x3 ^ v3, ss->buf + ooff + 12); \ | |
662 | } while (0) | |
663 | ||
664 | ulong32 s00 = ss->s00; | |
665 | ulong32 s01 = ss->s01; | |
666 | ulong32 s02 = ss->s02; | |
667 | ulong32 s03 = ss->s03; | |
668 | ulong32 s04 = ss->s04; | |
669 | ulong32 s05 = ss->s05; | |
670 | ulong32 s06 = ss->s06; | |
671 | ulong32 s07 = ss->s07; | |
672 | ulong32 s08 = ss->s08; | |
673 | ulong32 s09 = ss->s09; | |
674 | ulong32 r1 = ss->r1; | |
675 | ulong32 r2 = ss->r2; | |
658 | STORE32L(u ## x0 ^ v0, st->buf + ooff); \ | |
659 | STORE32L(u ## x1 ^ v1, st->buf + ooff + 4); \ | |
660 | STORE32L(u ## x2 ^ v2, st->buf + ooff + 8); \ | |
661 | STORE32L(u ## x3 ^ v3, st->buf + ooff + 12); \ | |
662 | } while (0) | |
663 | ||
664 | ulong32 s00 = st->s00; | |
665 | ulong32 s01 = st->s01; | |
666 | ulong32 s02 = st->s02; | |
667 | ulong32 s03 = st->s03; | |
668 | ulong32 s04 = st->s04; | |
669 | ulong32 s05 = st->s05; | |
670 | ulong32 s06 = st->s06; | |
671 | ulong32 s07 = st->s07; | |
672 | ulong32 s08 = st->s08; | |
673 | ulong32 s09 = st->s09; | |
674 | ulong32 r1 = st->r1; | |
675 | ulong32 r2 = st->r2; | |
676 | 676 | ulong32 u0, u1, u2, u3, u4; |
677 | 677 | ulong32 v0, v1, v2, v3; |
678 | 678 | |
702 | 702 | STEP(09, 00, 01, 02, 03, 04, 05, 06, 07, 08, v3, u3); |
703 | 703 | SRD(S2, 2, 3, 1, 4, 64); |
704 | 704 | |
705 | ss->s00 = s00; | |
706 | ss->s01 = s01; | |
707 | ss->s02 = s02; | |
708 | ss->s03 = s03; | |
709 | ss->s04 = s04; | |
710 | ss->s05 = s05; | |
711 | ss->s06 = s06; | |
712 | ss->s07 = s07; | |
713 | ss->s08 = s08; | |
714 | ss->s09 = s09; | |
715 | ss->r1 = r1; | |
716 | ss->r2 = r2; | |
705 | st->s00 = s00; | |
706 | st->s01 = s01; | |
707 | st->s02 = s02; | |
708 | st->s03 = s03; | |
709 | st->s04 = s04; | |
710 | st->s05 = s05; | |
711 | st->s06 = s06; | |
712 | st->s07 = s07; | |
713 | st->s08 = s08; | |
714 | st->s09 = s09; | |
715 | st->r1 = r1; | |
716 | st->r2 = r2; | |
717 | 717 | } |
718 | 718 | |
719 | 719 | /* |
736 | 736 | * buffer, combined by XOR with the stream, and the result is written |
737 | 737 | * in the "out" buffer. "in" and "out" must be either equal, or |
738 | 738 | * reference distinct buffers (no partial overlap is allowed). |
739 | * @param ss The Sosemanuk state | |
739 | * @param st The Sosemanuk state | |
740 | 740 | * @param in Data in |
741 | 741 | * @param inlen Length of data in bytes |
742 | 742 | * @param out Data out |
743 | 743 | * @return CRYPT_OK on success |
744 | 744 | */ |
745 | int sosemanuk_crypt(sosemanuk_state *ss, | |
745 | int sosemanuk_crypt(sosemanuk_state *st, | |
746 | 746 | const unsigned char *in, unsigned long inlen, unsigned char *out) |
747 | 747 | { |
748 | LTC_ARGCHK(ss != NULL); | |
748 | LTC_ARGCHK(st != NULL); | |
749 | 749 | LTC_ARGCHK(in != NULL); |
750 | 750 | LTC_ARGCHK(out != NULL); |
751 | 751 | |
752 | if (ss->ptr < (sizeof(ss->buf))) { | |
753 | unsigned long rlen = (sizeof(ss->buf)) - ss->ptr; | |
752 | if (st->ptr < (sizeof(st->buf))) { | |
753 | unsigned long rlen = (sizeof(st->buf)) - st->ptr; | |
754 | 754 | |
755 | 755 | if (rlen > inlen) { |
756 | 756 | rlen = inlen; |
757 | 757 | } |
758 | _xorbuf(ss->buf + ss->ptr, in, out, rlen); | |
758 | _xorbuf(st->buf + st->ptr, in, out, rlen); | |
759 | 759 | in += rlen; |
760 | 760 | out += rlen; |
761 | 761 | inlen -= rlen; |
762 | ss->ptr += rlen; | |
762 | st->ptr += rlen; | |
763 | 763 | } |
764 | 764 | while (inlen > 0) { |
765 | _sosemanuk_internal(ss); | |
766 | if (inlen >= sizeof(ss->buf)) { | |
767 | _xorbuf(ss->buf, in, out, sizeof(ss->buf)); | |
768 | in += sizeof(ss->buf); | |
769 | out += sizeof(ss->buf); | |
770 | inlen -= sizeof(ss->buf); | |
765 | _sosemanuk_internal(st); | |
766 | if (inlen >= sizeof(st->buf)) { | |
767 | _xorbuf(st->buf, in, out, sizeof(st->buf)); | |
768 | in += sizeof(st->buf); | |
769 | out += sizeof(st->buf); | |
770 | inlen -= sizeof(st->buf); | |
771 | 771 | } else { |
772 | _xorbuf(ss->buf, in, out, inlen); | |
773 | ss->ptr = inlen; | |
772 | _xorbuf(st->buf, in, out, inlen); | |
773 | st->ptr = inlen; | |
774 | 774 | inlen = 0; |
775 | 775 | } |
776 | 776 | } |
782 | 782 | /* |
783 | 783 | * Cipher operation, as a PRNG: the provided output buffer is filled with |
784 | 784 | * pseudo-random bytes as output from the stream cipher. |
785 | * @param ss The Sosemanuk state | |
785 | * @param st The Sosemanuk state | |
786 | 786 | * @param out Data out |
787 | 787 | * @param outlen Length of output in bytes |
788 | 788 | * @return CRYPT_OK on success |
789 | 789 | */ |
790 | int sosemanuk_keystream(sosemanuk_state *ss, unsigned char *out, unsigned long outlen) | |
790 | int sosemanuk_keystream(sosemanuk_state *st, unsigned char *out, unsigned long outlen) | |
791 | 791 | { |
792 | 792 | if (outlen == 0) return CRYPT_OK; /* nothing to do */ |
793 | 793 | LTC_ARGCHK(out != NULL); |
794 | 794 | XMEMSET(out, 0, outlen); |
795 | return sosemanuk_crypt(ss, out, outlen, out); | |
795 | return sosemanuk_crypt(st, out, outlen, out); | |
796 | 796 | } |
797 | 797 | |
798 | 798 | |
799 | 799 | /* |
800 | 800 | * Terminate and clear Sosemanuk key context |
801 | * @param ss The Sosemanuk state | |
801 | * @param st The Sosemanuk state | |
802 | 802 | * @return CRYPT_OK on success |
803 | 803 | */ |
804 | int sosemanuk_done(sosemanuk_state *ss) | |
804 | int sosemanuk_done(sosemanuk_state *st) | |
805 | 805 | { |
806 | LTC_ARGCHK(ss != NULL); | |
807 | XMEMSET(ss, 0, sizeof(sosemanuk_state)); | |
806 | LTC_ARGCHK(st != NULL); | |
807 | XMEMSET(st, 0, sizeof(sosemanuk_state)); | |
808 | 808 | return CRYPT_OK; |
809 | 809 | } |
810 | 810 |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | ||
9 | #include "tomcrypt_private.h" | |
10 | ||
11 | #ifdef LTC_SOSEMANUK | |
12 | ||
13 | /** | |
14 | Encrypt (or decrypt) bytes of ciphertext (or plaintext) with Sosemanuk | |
15 | @param key The key | |
16 | @param keylen The key length | |
17 | @param iv The initial vector | |
18 | @param ivlen The initial vector length | |
19 | @param datain The plaintext (or ciphertext) | |
20 | @param datalen The length of the input and output (octets) | |
21 | @param dataout [out] The ciphertext (or plaintext) | |
22 | @return CRYPT_OK if successful | |
23 | */ | |
24 | int sosemanuk_memory(const unsigned char *key, unsigned long keylen, | |
25 | const unsigned char *iv, unsigned long ivlen, | |
26 | const unsigned char *datain, unsigned long datalen, | |
27 | unsigned char *dataout) | |
28 | { | |
29 | sosemanuk_state st; | |
30 | int err; | |
31 | ||
32 | if ((err = sosemanuk_setup(&st, key, keylen)) != CRYPT_OK) goto WIPE_KEY; | |
33 | if ((err = sosemanuk_setiv(&st, iv, ivlen)) != CRYPT_OK) goto WIPE_KEY; | |
34 | err = sosemanuk_crypt(&st, datain, datalen, dataout); | |
35 | WIPE_KEY: | |
36 | sosemanuk_done(&st); | |
37 | return err; | |
38 | } | |
39 | ||
40 | #endif /* LTC_SOSEMANUK */ | |
41 | ||
42 | /* ref: $Format:%D$ */ | |
43 | /* git commit: $Format:%H$ */ | |
44 | /* commit time: $Format:%ai$ */ |