Package list libcryptx-perl / c14794b
libtomcrypt update Karel Miko 2 years ago
36 changed file(s) with 1913 addition(s) and 960 deletion(s). Raw diff Collapse all Expand all
4040 ltc/mac/xcbc/xcbc_process.o ltc/math/ltm_desc.o ltc/math/multi.o ltc/math/radix_to_bin.o \
4141 ltc/math/rand_bn.o ltc/math/rand_prime.o ltc/math/tfm_desc.o ltc/math/fp/ltc_ecc_fp_mulmod.o \
4242 ltc/misc/adler32.o ltc/misc/burn_stack.o ltc/misc/compare_testvector.o ltc/misc/copy_or_zeromem.o \
43 ltc/misc/crc32.o ltc/misc/error_to_string.o ltc/misc/mem_neq.o ltc/misc/pk_get_oid.o \
44 ltc/misc/pk_oid_str.o ltc/misc/zeromem.o ltc/misc/base16/base16_decode.o ltc/misc/base16/base16_encode.o \
45 ltc/misc/base32/base32_decode.o ltc/misc/base32/base32_encode.o ltc/misc/base64/base64_decode.o \
46 ltc/misc/base64/base64_encode.o ltc/misc/crypt/crypt.o ltc/misc/crypt/crypt_argchk.o \
47 ltc/misc/crypt/crypt_cipher_descriptor.o ltc/misc/crypt/crypt_cipher_is_valid.o ltc/misc/crypt/crypt_constants.o \
48 ltc/misc/crypt/crypt_find_cipher.o ltc/misc/crypt/crypt_find_cipher_any.o ltc/misc/crypt/crypt_find_cipher_id.o \
49 ltc/misc/crypt/crypt_find_hash.o ltc/misc/crypt/crypt_find_hash_any.o ltc/misc/crypt/crypt_find_hash_id.o \
50 ltc/misc/crypt/crypt_find_hash_oid.o ltc/misc/crypt/crypt_find_prng.o ltc/misc/crypt/crypt_fsa.o \
51 ltc/misc/crypt/crypt_hash_descriptor.o ltc/misc/crypt/crypt_hash_is_valid.o ltc/misc/crypt/crypt_inits.o \
52 ltc/misc/crypt/crypt_ltc_mp_descriptor.o ltc/misc/crypt/crypt_prng_descriptor.o ltc/misc/crypt/crypt_prng_is_valid.o \
53 ltc/misc/crypt/crypt_prng_rng_descriptor.o ltc/misc/crypt/crypt_register_all_ciphers.o \
54 ltc/misc/crypt/crypt_register_all_hashes.o ltc/misc/crypt/crypt_register_all_prngs.o \
55 ltc/misc/crypt/crypt_register_cipher.o ltc/misc/crypt/crypt_register_hash.o ltc/misc/crypt/crypt_register_prng.o \
56 ltc/misc/crypt/crypt_sizes.o ltc/misc/crypt/crypt_unregister_cipher.o ltc/misc/crypt/crypt_unregister_hash.o \
57 ltc/misc/crypt/crypt_unregister_prng.o ltc/misc/hkdf/hkdf.o ltc/misc/padding/padding_depad.o \
58 ltc/misc/padding/padding_pad.o ltc/misc/pkcs12/pkcs12_kdf.o ltc/misc/pkcs12/pkcs12_utf8_to_utf16.o \
59 ltc/misc/pkcs5/pkcs_5_1.o ltc/misc/pkcs5/pkcs_5_2.o ltc/modes/cbc/cbc_decrypt.o ltc/modes/cbc/cbc_done.o \
60 ltc/modes/cbc/cbc_encrypt.o ltc/modes/cbc/cbc_getiv.o ltc/modes/cbc/cbc_setiv.o ltc/modes/cbc/cbc_start.o \
61 ltc/modes/cfb/cfb_decrypt.o ltc/modes/cfb/cfb_done.o ltc/modes/cfb/cfb_encrypt.o \
62 ltc/modes/cfb/cfb_getiv.o ltc/modes/cfb/cfb_setiv.o ltc/modes/cfb/cfb_start.o ltc/modes/ctr/ctr_decrypt.o \
63 ltc/modes/ctr/ctr_done.o ltc/modes/ctr/ctr_encrypt.o ltc/modes/ctr/ctr_getiv.o ltc/modes/ctr/ctr_setiv.o \
64 ltc/modes/ctr/ctr_start.o ltc/modes/ecb/ecb_decrypt.o ltc/modes/ecb/ecb_done.o ltc/modes/ecb/ecb_encrypt.o \
65 ltc/modes/ecb/ecb_start.o ltc/modes/ofb/ofb_decrypt.o ltc/modes/ofb/ofb_done.o ltc/modes/ofb/ofb_encrypt.o \
66 ltc/modes/ofb/ofb_getiv.o ltc/modes/ofb/ofb_setiv.o ltc/modes/ofb/ofb_start.o ltc/pk/asn1/der/bit/der_decode_bit_string.o \
67 ltc/pk/asn1/der/bit/der_decode_raw_bit_string.o ltc/pk/asn1/der/bit/der_encode_bit_string.o \
68 ltc/pk/asn1/der/bit/der_encode_raw_bit_string.o ltc/pk/asn1/der/bit/der_length_bit_string.o \
69 ltc/pk/asn1/der/boolean/der_decode_boolean.o ltc/pk/asn1/der/boolean/der_encode_boolean.o \
70 ltc/pk/asn1/der/boolean/der_length_boolean.o ltc/pk/asn1/der/choice/der_decode_choice.o \
71 ltc/pk/asn1/der/custom_type/der_decode_custom_type.o ltc/pk/asn1/der/custom_type/der_encode_custom_type.o \
72 ltc/pk/asn1/der/custom_type/der_length_custom_type.o ltc/pk/asn1/der/general/der_asn1_maps.o \
73 ltc/pk/asn1/der/general/der_decode_asn1_identifier.o ltc/pk/asn1/der/general/der_decode_asn1_length.o \
74 ltc/pk/asn1/der/general/der_encode_asn1_identifier.o ltc/pk/asn1/der/general/der_encode_asn1_length.o \
75 ltc/pk/asn1/der/general/der_length_asn1_identifier.o ltc/pk/asn1/der/general/der_length_asn1_length.o \
76 ltc/pk/asn1/der/generalizedtime/der_decode_generalizedtime.o ltc/pk/asn1/der/generalizedtime/der_encode_generalizedtime.o \
77 ltc/pk/asn1/der/generalizedtime/der_length_generalizedtime.o ltc/pk/asn1/der/ia5/der_decode_ia5_string.o \
78 ltc/pk/asn1/der/ia5/der_encode_ia5_string.o ltc/pk/asn1/der/ia5/der_length_ia5_string.o \
79 ltc/pk/asn1/der/integer/der_decode_integer.o ltc/pk/asn1/der/integer/der_encode_integer.o \
80 ltc/pk/asn1/der/integer/der_length_integer.o ltc/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
81 ltc/pk/asn1/der/object_identifier/der_encode_object_identifier.o ltc/pk/asn1/der/object_identifier/der_length_object_identifier.o \
82 ltc/pk/asn1/der/octet/der_decode_octet_string.o ltc/pk/asn1/der/octet/der_encode_octet_string.o \
83 ltc/pk/asn1/der/octet/der_length_octet_string.o ltc/pk/asn1/der/printable_string/der_decode_printable_string.o \
84 ltc/pk/asn1/der/printable_string/der_encode_printable_string.o ltc/pk/asn1/der/printable_string/der_length_printable_string.o \
85 ltc/pk/asn1/der/sequence/der_decode_sequence_ex.o ltc/pk/asn1/der/sequence/der_decode_sequence_flexi.o \
86 ltc/pk/asn1/der/sequence/der_decode_sequence_multi.o ltc/pk/asn1/der/sequence/der_encode_sequence_ex.o \
87 ltc/pk/asn1/der/sequence/der_encode_sequence_multi.o ltc/pk/asn1/der/sequence/der_length_sequence.o \
88 ltc/pk/asn1/der/sequence/der_sequence_free.o ltc/pk/asn1/der/sequence/der_sequence_shrink.o \
89 ltc/pk/asn1/der/set/der_encode_set.o ltc/pk/asn1/der/set/der_encode_setof.o ltc/pk/asn1/der/short_integer/der_decode_short_integer.o \
43 ltc/misc/crc32.o ltc/misc/error_to_string.o ltc/misc/mem_neq.o ltc/misc/zeromem.o \
44 ltc/misc/base16/base16_decode.o ltc/misc/base16/base16_encode.o ltc/misc/base32/base32_decode.o \
45 ltc/misc/base32/base32_encode.o ltc/misc/base64/base64_decode.o ltc/misc/base64/base64_encode.o \
46 ltc/misc/crypt/crypt.o ltc/misc/crypt/crypt_argchk.o ltc/misc/crypt/crypt_cipher_descriptor.o \
47 ltc/misc/crypt/crypt_cipher_is_valid.o ltc/misc/crypt/crypt_constants.o ltc/misc/crypt/crypt_find_cipher.o \
48 ltc/misc/crypt/crypt_find_cipher_any.o ltc/misc/crypt/crypt_find_cipher_id.o ltc/misc/crypt/crypt_find_hash.o \
49 ltc/misc/crypt/crypt_find_hash_any.o ltc/misc/crypt/crypt_find_hash_id.o ltc/misc/crypt/crypt_find_hash_oid.o \
50 ltc/misc/crypt/crypt_find_prng.o ltc/misc/crypt/crypt_fsa.o ltc/misc/crypt/crypt_hash_descriptor.o \
51 ltc/misc/crypt/crypt_hash_is_valid.o ltc/misc/crypt/crypt_inits.o ltc/misc/crypt/crypt_ltc_mp_descriptor.o \
52 ltc/misc/crypt/crypt_prng_descriptor.o ltc/misc/crypt/crypt_prng_is_valid.o ltc/misc/crypt/crypt_prng_rng_descriptor.o \
53 ltc/misc/crypt/crypt_register_all_ciphers.o ltc/misc/crypt/crypt_register_all_hashes.o \
54 ltc/misc/crypt/crypt_register_all_prngs.o ltc/misc/crypt/crypt_register_cipher.o \
55 ltc/misc/crypt/crypt_register_hash.o ltc/misc/crypt/crypt_register_prng.o ltc/misc/crypt/crypt_sizes.o \
56 ltc/misc/crypt/crypt_unregister_cipher.o ltc/misc/crypt/crypt_unregister_hash.o ltc/misc/crypt/crypt_unregister_prng.o \
57 ltc/misc/hkdf/hkdf.o ltc/misc/padding/padding_depad.o ltc/misc/padding/padding_pad.o \
58 ltc/misc/pbes/pbes.o ltc/misc/pbes/pbes1.o ltc/misc/pbes/pbes2.o ltc/misc/pkcs12/pkcs12_kdf.o \
59 ltc/misc/pkcs12/pkcs12_utf8_to_utf16.o ltc/misc/pkcs5/pkcs_5_1.o ltc/misc/pkcs5/pkcs_5_2.o \
60 ltc/modes/cbc/cbc_decrypt.o ltc/modes/cbc/cbc_done.o ltc/modes/cbc/cbc_encrypt.o \
61 ltc/modes/cbc/cbc_getiv.o ltc/modes/cbc/cbc_setiv.o ltc/modes/cbc/cbc_start.o ltc/modes/cfb/cfb_decrypt.o \
62 ltc/modes/cfb/cfb_done.o ltc/modes/cfb/cfb_encrypt.o ltc/modes/cfb/cfb_getiv.o ltc/modes/cfb/cfb_setiv.o \
63 ltc/modes/cfb/cfb_start.o ltc/modes/ctr/ctr_decrypt.o ltc/modes/ctr/ctr_done.o ltc/modes/ctr/ctr_encrypt.o \
64 ltc/modes/ctr/ctr_getiv.o ltc/modes/ctr/ctr_setiv.o ltc/modes/ctr/ctr_start.o ltc/modes/ecb/ecb_decrypt.o \
65 ltc/modes/ecb/ecb_done.o ltc/modes/ecb/ecb_encrypt.o ltc/modes/ecb/ecb_start.o ltc/modes/ofb/ofb_decrypt.o \
66 ltc/modes/ofb/ofb_done.o ltc/modes/ofb/ofb_encrypt.o ltc/modes/ofb/ofb_getiv.o ltc/modes/ofb/ofb_setiv.o \
67 ltc/modes/ofb/ofb_start.o ltc/pk/asn1/der/bit/der_decode_bit_string.o ltc/pk/asn1/der/bit/der_decode_raw_bit_string.o \
68 ltc/pk/asn1/der/bit/der_encode_bit_string.o ltc/pk/asn1/der/bit/der_encode_raw_bit_string.o \
69 ltc/pk/asn1/der/bit/der_length_bit_string.o ltc/pk/asn1/der/boolean/der_decode_boolean.o \
70 ltc/pk/asn1/der/boolean/der_encode_boolean.o ltc/pk/asn1/der/boolean/der_length_boolean.o \
71 ltc/pk/asn1/der/choice/der_decode_choice.o ltc/pk/asn1/der/custom_type/der_decode_custom_type.o \
72 ltc/pk/asn1/der/custom_type/der_encode_custom_type.o ltc/pk/asn1/der/custom_type/der_length_custom_type.o \
73 ltc/pk/asn1/der/general/der_asn1_maps.o ltc/pk/asn1/der/general/der_decode_asn1_identifier.o \
74 ltc/pk/asn1/der/general/der_decode_asn1_length.o ltc/pk/asn1/der/general/der_encode_asn1_identifier.o \
75 ltc/pk/asn1/der/general/der_encode_asn1_length.o ltc/pk/asn1/der/general/der_length_asn1_identifier.o \
76 ltc/pk/asn1/der/general/der_length_asn1_length.o ltc/pk/asn1/der/generalizedtime/der_decode_generalizedtime.o \
77 ltc/pk/asn1/der/generalizedtime/der_encode_generalizedtime.o ltc/pk/asn1/der/generalizedtime/der_length_generalizedtime.o \
78 ltc/pk/asn1/der/ia5/der_decode_ia5_string.o ltc/pk/asn1/der/ia5/der_encode_ia5_string.o \
79 ltc/pk/asn1/der/ia5/der_length_ia5_string.o ltc/pk/asn1/der/integer/der_decode_integer.o \
80 ltc/pk/asn1/der/integer/der_encode_integer.o ltc/pk/asn1/der/integer/der_length_integer.o \
81 ltc/pk/asn1/der/object_identifier/der_decode_object_identifier.o ltc/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
82 ltc/pk/asn1/der/object_identifier/der_length_object_identifier.o ltc/pk/asn1/der/octet/der_decode_octet_string.o \
83 ltc/pk/asn1/der/octet/der_encode_octet_string.o ltc/pk/asn1/der/octet/der_length_octet_string.o \
84 ltc/pk/asn1/der/printable_string/der_decode_printable_string.o ltc/pk/asn1/der/printable_string/der_encode_printable_string.o \
85 ltc/pk/asn1/der/printable_string/der_length_printable_string.o ltc/pk/asn1/der/sequence/der_decode_sequence_ex.o \
86 ltc/pk/asn1/der/sequence/der_decode_sequence_flexi.o ltc/pk/asn1/der/sequence/der_decode_sequence_multi.o \
87 ltc/pk/asn1/der/sequence/der_encode_sequence_ex.o ltc/pk/asn1/der/sequence/der_encode_sequence_multi.o \
88 ltc/pk/asn1/der/sequence/der_length_sequence.o ltc/pk/asn1/der/sequence/der_sequence_free.o \
89 ltc/pk/asn1/der/sequence/der_sequence_shrink.o ltc/pk/asn1/der/set/der_encode_set.o \
90 ltc/pk/asn1/der/set/der_encode_setof.o ltc/pk/asn1/der/short_integer/der_decode_short_integer.o \
9091 ltc/pk/asn1/der/short_integer/der_encode_short_integer.o ltc/pk/asn1/der/short_integer/der_length_short_integer.o \
9192 ltc/pk/asn1/der/teletex_string/der_decode_teletex_string.o ltc/pk/asn1/der/teletex_string/der_length_teletex_string.o \
9293 ltc/pk/asn1/der/utctime/der_decode_utctime.o ltc/pk/asn1/der/utctime/der_encode_utctime.o \
9394 ltc/pk/asn1/der/utctime/der_length_utctime.o ltc/pk/asn1/der/utf8/der_decode_utf8_string.o \
9495 ltc/pk/asn1/der/utf8/der_encode_utf8_string.o ltc/pk/asn1/der/utf8/der_length_utf8_string.o \
95 ltc/pk/asn1/x509/x509_decode_subject_public_key_info.o ltc/pk/asn1/x509/x509_encode_subject_public_key_info.o \
96 ltc/pk/dh/dh.o ltc/pk/dh/dh_check_pubkey.o ltc/pk/dh/dh_export.o ltc/pk/dh/dh_export_key.o \
97 ltc/pk/dh/dh_free.o ltc/pk/dh/dh_generate_key.o ltc/pk/dh/dh_import.o ltc/pk/dh/dh_set.o \
98 ltc/pk/dh/dh_set_pg_dhparam.o ltc/pk/dh/dh_shared_secret.o ltc/pk/dsa/dsa_decrypt_key.o \
99 ltc/pk/dsa/dsa_encrypt_key.o ltc/pk/dsa/dsa_export.o ltc/pk/dsa/dsa_free.o ltc/pk/dsa/dsa_generate_key.o \
100 ltc/pk/dsa/dsa_generate_pqg.o ltc/pk/dsa/dsa_import.o ltc/pk/dsa/dsa_make_key.o ltc/pk/dsa/dsa_set.o \
101 ltc/pk/dsa/dsa_set_pqg_dsaparam.o ltc/pk/dsa/dsa_shared_secret.o ltc/pk/dsa/dsa_sign_hash.o \
102 ltc/pk/dsa/dsa_verify_hash.o ltc/pk/dsa/dsa_verify_key.o ltc/pk/ecc/ecc.o ltc/pk/ecc/ecc_ansi_x963_export.o \
103 ltc/pk/ecc/ecc_ansi_x963_import.o ltc/pk/ecc/ecc_decrypt_key.o ltc/pk/ecc/ecc_encrypt_key.o \
104 ltc/pk/ecc/ecc_export.o ltc/pk/ecc/ecc_export_openssl.o ltc/pk/ecc/ecc_find_curve.o \
105 ltc/pk/ecc/ecc_free.o ltc/pk/ecc/ecc_get_key.o ltc/pk/ecc/ecc_get_oid_str.o ltc/pk/ecc/ecc_get_size.o \
106 ltc/pk/ecc/ecc_import.o ltc/pk/ecc/ecc_import_openssl.o ltc/pk/ecc/ecc_import_pkcs8.o \
107 ltc/pk/ecc/ecc_import_x509.o ltc/pk/ecc/ecc_make_key.o ltc/pk/ecc/ecc_set_curve.o \
96 ltc/pk/asn1/oid/pk_get_oid.o ltc/pk/asn1/oid/pk_oid_cmp.o ltc/pk/asn1/oid/pk_oid_str.o \
97 ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.o ltc/pk/asn1/x509/x509_decode_subject_public_key_info.o \
98 ltc/pk/asn1/x509/x509_encode_subject_public_key_info.o ltc/pk/dh/dh.o ltc/pk/dh/dh_check_pubkey.o \
99 ltc/pk/dh/dh_export.o ltc/pk/dh/dh_export_key.o ltc/pk/dh/dh_free.o ltc/pk/dh/dh_generate_key.o \
100 ltc/pk/dh/dh_import.o ltc/pk/dh/dh_set.o ltc/pk/dh/dh_set_pg_dhparam.o ltc/pk/dh/dh_shared_secret.o \
101 ltc/pk/dsa/dsa_decrypt_key.o ltc/pk/dsa/dsa_encrypt_key.o ltc/pk/dsa/dsa_export.o \
102 ltc/pk/dsa/dsa_free.o ltc/pk/dsa/dsa_generate_key.o ltc/pk/dsa/dsa_generate_pqg.o \
103 ltc/pk/dsa/dsa_import.o ltc/pk/dsa/dsa_make_key.o ltc/pk/dsa/dsa_set.o ltc/pk/dsa/dsa_set_pqg_dsaparam.o \
104 ltc/pk/dsa/dsa_shared_secret.o ltc/pk/dsa/dsa_sign_hash.o ltc/pk/dsa/dsa_verify_hash.o \
105 ltc/pk/dsa/dsa_verify_key.o ltc/pk/ecc/ecc.o ltc/pk/ecc/ecc_ansi_x963_export.o ltc/pk/ecc/ecc_ansi_x963_import.o \
106 ltc/pk/ecc/ecc_decrypt_key.o ltc/pk/ecc/ecc_encrypt_key.o ltc/pk/ecc/ecc_export.o \
107 ltc/pk/ecc/ecc_export_openssl.o ltc/pk/ecc/ecc_find_curve.o ltc/pk/ecc/ecc_free.o \
108 ltc/pk/ecc/ecc_get_key.o ltc/pk/ecc/ecc_get_oid_str.o ltc/pk/ecc/ecc_get_size.o ltc/pk/ecc/ecc_import.o \
109 ltc/pk/ecc/ecc_import_openssl.o ltc/pk/ecc/ecc_import_pkcs8.o ltc/pk/ecc/ecc_import_x509.o \
110 ltc/pk/ecc/ecc_make_key.o ltc/pk/ecc/ecc_recover_key.o ltc/pk/ecc/ecc_set_curve.o \
108111 ltc/pk/ecc/ecc_set_curve_internal.o ltc/pk/ecc/ecc_set_key.o ltc/pk/ecc/ecc_shared_secret.o \
109112 ltc/pk/ecc/ecc_sign_hash.o ltc/pk/ecc/ecc_sizes.o ltc/pk/ecc/ecc_verify_hash.o ltc/pk/ecc/ltc_ecc_export_point.o \
110113 ltc/pk/ecc/ltc_ecc_import_point.o ltc/pk/ecc/ltc_ecc_is_point.o ltc/pk/ecc/ltc_ecc_is_point_at_infinity.o \
121124 ltc/prngs/rng_get_bytes.o ltc/prngs/rng_make_prng.o ltc/prngs/sober128.o ltc/prngs/sprng.o \
122125 ltc/prngs/yarrow.o ltc/stream/chacha/chacha_crypt.o ltc/stream/chacha/chacha_done.o \
123126 ltc/stream/chacha/chacha_ivctr32.o ltc/stream/chacha/chacha_ivctr64.o ltc/stream/chacha/chacha_keystream.o \
124 ltc/stream/chacha/chacha_setup.o ltc/stream/rabbit/rabbit.o ltc/stream/rc4/rc4_stream.o \
127 ltc/stream/chacha/chacha_memory.o ltc/stream/chacha/chacha_setup.o ltc/stream/rabbit/rabbit.o \
128 ltc/stream/rabbit/rabbit_memory.o ltc/stream/rc4/rc4_stream.o ltc/stream/rc4/rc4_stream_memory.o \
125129 ltc/stream/salsa20/salsa20_crypt.o ltc/stream/salsa20/salsa20_done.o ltc/stream/salsa20/salsa20_ivctr64.o \
126 ltc/stream/salsa20/salsa20_keystream.o ltc/stream/salsa20/salsa20_setup.o ltc/stream/salsa20/xsalsa20_setup.o \
127 ltc/stream/sober128/sober128_stream.o ltc/stream/sosemanuk/sosemanuk.o ltm/bncore.o \
128 ltm/bn_error.o ltm/bn_fast_mp_invmod.o ltm/bn_fast_mp_montgomery_reduce.o ltm/bn_fast_s_mp_mul_digs.o \
129 ltm/bn_fast_s_mp_mul_high_digs.o ltm/bn_fast_s_mp_sqr.o ltm/bn_mp_2expt.o ltm/bn_mp_abs.o \
130 ltm/bn_mp_add.o ltm/bn_mp_addmod.o ltm/bn_mp_add_d.o ltm/bn_mp_and.o ltm/bn_mp_clamp.o \
131 ltm/bn_mp_clear.o ltm/bn_mp_clear_multi.o ltm/bn_mp_cmp.o ltm/bn_mp_cmp_d.o ltm/bn_mp_cmp_mag.o \
132 ltm/bn_mp_cnt_lsb.o ltm/bn_mp_copy.o ltm/bn_mp_count_bits.o ltm/bn_mp_div.o ltm/bn_mp_div_2.o \
133 ltm/bn_mp_div_2d.o ltm/bn_mp_div_3.o ltm/bn_mp_div_d.o ltm/bn_mp_dr_is_modulus.o \
134 ltm/bn_mp_dr_reduce.o ltm/bn_mp_dr_setup.o ltm/bn_mp_exch.o ltm/bn_mp_export.o ltm/bn_mp_exptmod.o \
135 ltm/bn_mp_exptmod_fast.o ltm/bn_mp_expt_d.o ltm/bn_mp_expt_d_ex.o ltm/bn_mp_exteuclid.o \
136 ltm/bn_mp_fread.o ltm/bn_mp_fwrite.o ltm/bn_mp_gcd.o ltm/bn_mp_get_int.o ltm/bn_mp_get_long.o \
137 ltm/bn_mp_grow.o ltm/bn_mp_import.o ltm/bn_mp_init.o ltm/bn_mp_init_copy.o ltm/bn_mp_init_multi.o \
138 ltm/bn_mp_init_set.o ltm/bn_mp_init_set_int.o ltm/bn_mp_init_size.o ltm/bn_mp_invmod.o \
139 ltm/bn_mp_invmod_slow.o ltm/bn_mp_is_square.o ltm/bn_mp_jacobi.o ltm/bn_mp_karatsuba_mul.o \
140 ltm/bn_mp_karatsuba_sqr.o ltm/bn_mp_lcm.o ltm/bn_mp_lshd.o ltm/bn_mp_mod.o ltm/bn_mp_mod_2d.o \
141 ltm/bn_mp_mod_d.o ltm/bn_mp_montgomery_calc_normalization.o ltm/bn_mp_montgomery_reduce.o \
142 ltm/bn_mp_montgomery_setup.o ltm/bn_mp_mul.o ltm/bn_mp_mulmod.o ltm/bn_mp_mul_2.o \
143 ltm/bn_mp_mul_2d.o ltm/bn_mp_mul_d.o ltm/bn_mp_neg.o ltm/bn_mp_n_root.o ltm/bn_mp_n_root_ex.o \
144 ltm/bn_mp_or.o ltm/bn_mp_prime_fermat.o ltm/bn_mp_prime_is_divisible.o ltm/bn_mp_prime_is_prime.o \
145 ltm/bn_mp_prime_miller_rabin.o ltm/bn_mp_prime_next_prime.o ltm/bn_mp_prime_rabin_miller_trials.o \
146 ltm/bn_mp_prime_random_ex.o ltm/bn_mp_radix_size.o ltm/bn_mp_radix_smap.o ltm/bn_mp_rand.o \
147 ltm/bn_mp_read_radix.o ltm/bn_mp_read_signed_bin.o ltm/bn_mp_read_unsigned_bin.o \
148 ltm/bn_mp_reduce.o ltm/bn_mp_reduce_2k.o ltm/bn_mp_reduce_2k_l.o ltm/bn_mp_reduce_2k_setup.o \
149 ltm/bn_mp_reduce_2k_setup_l.o ltm/bn_mp_reduce_is_2k.o ltm/bn_mp_reduce_is_2k_l.o \
150 ltm/bn_mp_reduce_setup.o ltm/bn_mp_rshd.o ltm/bn_mp_set.o ltm/bn_mp_set_int.o ltm/bn_mp_set_long.o \
151 ltm/bn_mp_shrink.o ltm/bn_mp_signed_bin_size.o ltm/bn_mp_sqr.o ltm/bn_mp_sqrmod.o \
152 ltm/bn_mp_sqrt.o ltm/bn_mp_sqrtmod_prime.o ltm/bn_mp_sub.o ltm/bn_mp_submod.o ltm/bn_mp_sub_d.o \
153 ltm/bn_mp_toom_mul.o ltm/bn_mp_toom_sqr.o ltm/bn_mp_toradix.o ltm/bn_mp_toradix_n.o \
154 ltm/bn_mp_to_signed_bin.o ltm/bn_mp_to_signed_bin_n.o ltm/bn_mp_to_unsigned_bin.o \
130 ltc/stream/salsa20/salsa20_keystream.o ltc/stream/salsa20/salsa20_memory.o ltc/stream/salsa20/salsa20_setup.o \
131 ltc/stream/salsa20/xsalsa20_memory.o ltc/stream/salsa20/xsalsa20_setup.o ltc/stream/sober128/sober128_stream.o \
132 ltc/stream/sober128/sober128_stream_memory.o ltc/stream/sosemanuk/sosemanuk.o ltc/stream/sosemanuk/sosemanuk_memory.o \
133 ltm/bncore.o ltm/bn_error.o ltm/bn_fast_mp_invmod.o ltm/bn_fast_mp_montgomery_reduce.o \
134 ltm/bn_fast_s_mp_mul_digs.o ltm/bn_fast_s_mp_mul_high_digs.o ltm/bn_fast_s_mp_sqr.o \
135 ltm/bn_mp_2expt.o ltm/bn_mp_abs.o ltm/bn_mp_add.o ltm/bn_mp_addmod.o ltm/bn_mp_add_d.o \
136 ltm/bn_mp_and.o ltm/bn_mp_clamp.o ltm/bn_mp_clear.o ltm/bn_mp_clear_multi.o ltm/bn_mp_cmp.o \
137 ltm/bn_mp_cmp_d.o ltm/bn_mp_cmp_mag.o ltm/bn_mp_cnt_lsb.o ltm/bn_mp_copy.o ltm/bn_mp_count_bits.o \
138 ltm/bn_mp_div.o ltm/bn_mp_div_2.o ltm/bn_mp_div_2d.o ltm/bn_mp_div_3.o ltm/bn_mp_div_d.o \
139 ltm/bn_mp_dr_is_modulus.o ltm/bn_mp_dr_reduce.o ltm/bn_mp_dr_setup.o ltm/bn_mp_exch.o \
140 ltm/bn_mp_export.o ltm/bn_mp_exptmod.o ltm/bn_mp_exptmod_fast.o ltm/bn_mp_expt_d.o \
141 ltm/bn_mp_expt_d_ex.o ltm/bn_mp_exteuclid.o ltm/bn_mp_fread.o ltm/bn_mp_fwrite.o \
142 ltm/bn_mp_gcd.o ltm/bn_mp_get_int.o ltm/bn_mp_get_long.o ltm/bn_mp_grow.o ltm/bn_mp_import.o \
143 ltm/bn_mp_init.o ltm/bn_mp_init_copy.o ltm/bn_mp_init_multi.o ltm/bn_mp_init_set.o \
144 ltm/bn_mp_init_set_int.o ltm/bn_mp_init_size.o ltm/bn_mp_invmod.o ltm/bn_mp_invmod_slow.o \
145 ltm/bn_mp_is_square.o ltm/bn_mp_jacobi.o ltm/bn_mp_karatsuba_mul.o ltm/bn_mp_karatsuba_sqr.o \
146 ltm/bn_mp_lcm.o ltm/bn_mp_lshd.o ltm/bn_mp_mod.o ltm/bn_mp_mod_2d.o ltm/bn_mp_mod_d.o \
147 ltm/bn_mp_montgomery_calc_normalization.o ltm/bn_mp_montgomery_reduce.o ltm/bn_mp_montgomery_setup.o \
148 ltm/bn_mp_mul.o ltm/bn_mp_mulmod.o ltm/bn_mp_mul_2.o ltm/bn_mp_mul_2d.o ltm/bn_mp_mul_d.o \
149 ltm/bn_mp_neg.o ltm/bn_mp_n_root.o ltm/bn_mp_n_root_ex.o ltm/bn_mp_or.o ltm/bn_mp_prime_fermat.o \
150 ltm/bn_mp_prime_is_divisible.o ltm/bn_mp_prime_is_prime.o ltm/bn_mp_prime_miller_rabin.o \
151 ltm/bn_mp_prime_next_prime.o ltm/bn_mp_prime_rabin_miller_trials.o ltm/bn_mp_prime_random_ex.o \
152 ltm/bn_mp_radix_size.o ltm/bn_mp_radix_smap.o ltm/bn_mp_rand.o ltm/bn_mp_read_radix.o \
153 ltm/bn_mp_read_signed_bin.o ltm/bn_mp_read_unsigned_bin.o ltm/bn_mp_reduce.o ltm/bn_mp_reduce_2k.o \
154 ltm/bn_mp_reduce_2k_l.o ltm/bn_mp_reduce_2k_setup.o ltm/bn_mp_reduce_2k_setup_l.o \
155 ltm/bn_mp_reduce_is_2k.o ltm/bn_mp_reduce_is_2k_l.o ltm/bn_mp_reduce_setup.o ltm/bn_mp_rshd.o \
156 ltm/bn_mp_set.o ltm/bn_mp_set_int.o ltm/bn_mp_set_long.o ltm/bn_mp_shrink.o ltm/bn_mp_signed_bin_size.o \
157 ltm/bn_mp_sqr.o ltm/bn_mp_sqrmod.o ltm/bn_mp_sqrt.o ltm/bn_mp_sqrtmod_prime.o ltm/bn_mp_sub.o \
158 ltm/bn_mp_submod.o ltm/bn_mp_sub_d.o ltm/bn_mp_toom_mul.o ltm/bn_mp_toom_sqr.o ltm/bn_mp_toradix.o \
159 ltm/bn_mp_toradix_n.o ltm/bn_mp_to_signed_bin.o ltm/bn_mp_to_signed_bin_n.o ltm/bn_mp_to_unsigned_bin.o \
155160 ltm/bn_mp_to_unsigned_bin_n.o ltm/bn_mp_unsigned_bin_size.o ltm/bn_mp_xor.o ltm/bn_mp_zero.o \
156161 ltm/bn_prime_tab.o ltm/bn_reverse.o ltm/bn_s_mp_add.o ltm/bn_s_mp_exptmod.o ltm/bn_s_mp_mul_digs.o \
157162 ltm/bn_s_mp_mul_high_digs.o ltm/bn_s_mp_sqr.o ltm/bn_s_mp_sub.o
4343 ltc/mac/xcbc/xcbc_process.obj ltc/math/ltm_desc.obj ltc/math/multi.obj ltc/math/radix_to_bin.obj \
4444 ltc/math/rand_bn.obj ltc/math/rand_prime.obj ltc/math/tfm_desc.obj ltc/math/fp/ltc_ecc_fp_mulmod.obj \
4545 ltc/misc/adler32.obj ltc/misc/burn_stack.obj ltc/misc/compare_testvector.obj ltc/misc/copy_or_zeromem.obj \
46 ltc/misc/crc32.obj ltc/misc/error_to_string.obj ltc/misc/mem_neq.obj ltc/misc/pk_get_oid.obj \
47 ltc/misc/pk_oid_str.obj ltc/misc/zeromem.obj ltc/misc/base16/base16_decode.obj ltc/misc/base16/base16_encode.obj \
48 ltc/misc/base32/base32_decode.obj ltc/misc/base32/base32_encode.obj ltc/misc/base64/base64_decode.obj \
49 ltc/misc/base64/base64_encode.obj ltc/misc/crypt/crypt.obj ltc/misc/crypt/crypt_argchk.obj \
50 ltc/misc/crypt/crypt_cipher_descriptor.obj ltc/misc/crypt/crypt_cipher_is_valid.obj \
51 ltc/misc/crypt/crypt_constants.obj ltc/misc/crypt/crypt_find_cipher.obj ltc/misc/crypt/crypt_find_cipher_any.obj \
52 ltc/misc/crypt/crypt_find_cipher_id.obj ltc/misc/crypt/crypt_find_hash.obj ltc/misc/crypt/crypt_find_hash_any.obj \
53 ltc/misc/crypt/crypt_find_hash_id.obj ltc/misc/crypt/crypt_find_hash_oid.obj ltc/misc/crypt/crypt_find_prng.obj \
54 ltc/misc/crypt/crypt_fsa.obj ltc/misc/crypt/crypt_hash_descriptor.obj ltc/misc/crypt/crypt_hash_is_valid.obj \
55 ltc/misc/crypt/crypt_inits.obj ltc/misc/crypt/crypt_ltc_mp_descriptor.obj ltc/misc/crypt/crypt_prng_descriptor.obj \
46 ltc/misc/crc32.obj ltc/misc/error_to_string.obj ltc/misc/mem_neq.obj ltc/misc/zeromem.obj \
47 ltc/misc/base16/base16_decode.obj ltc/misc/base16/base16_encode.obj ltc/misc/base32/base32_decode.obj \
48 ltc/misc/base32/base32_encode.obj ltc/misc/base64/base64_decode.obj ltc/misc/base64/base64_encode.obj \
49 ltc/misc/crypt/crypt.obj ltc/misc/crypt/crypt_argchk.obj ltc/misc/crypt/crypt_cipher_descriptor.obj \
50 ltc/misc/crypt/crypt_cipher_is_valid.obj ltc/misc/crypt/crypt_constants.obj ltc/misc/crypt/crypt_find_cipher.obj \
51 ltc/misc/crypt/crypt_find_cipher_any.obj ltc/misc/crypt/crypt_find_cipher_id.obj \
52 ltc/misc/crypt/crypt_find_hash.obj ltc/misc/crypt/crypt_find_hash_any.obj ltc/misc/crypt/crypt_find_hash_id.obj \
53 ltc/misc/crypt/crypt_find_hash_oid.obj ltc/misc/crypt/crypt_find_prng.obj ltc/misc/crypt/crypt_fsa.obj \
54 ltc/misc/crypt/crypt_hash_descriptor.obj ltc/misc/crypt/crypt_hash_is_valid.obj ltc/misc/crypt/crypt_inits.obj \
55 ltc/misc/crypt/crypt_ltc_mp_descriptor.obj ltc/misc/crypt/crypt_prng_descriptor.obj \
5656 ltc/misc/crypt/crypt_prng_is_valid.obj ltc/misc/crypt/crypt_prng_rng_descriptor.obj \
5757 ltc/misc/crypt/crypt_register_all_ciphers.obj ltc/misc/crypt/crypt_register_all_hashes.obj \
5858 ltc/misc/crypt/crypt_register_all_prngs.obj ltc/misc/crypt/crypt_register_cipher.obj \
5959 ltc/misc/crypt/crypt_register_hash.obj ltc/misc/crypt/crypt_register_prng.obj ltc/misc/crypt/crypt_sizes.obj \
6060 ltc/misc/crypt/crypt_unregister_cipher.obj ltc/misc/crypt/crypt_unregister_hash.obj \
6161 ltc/misc/crypt/crypt_unregister_prng.obj ltc/misc/hkdf/hkdf.obj ltc/misc/padding/padding_depad.obj \
62 ltc/misc/padding/padding_pad.obj ltc/misc/pkcs12/pkcs12_kdf.obj ltc/misc/pkcs12/pkcs12_utf8_to_utf16.obj \
63 ltc/misc/pkcs5/pkcs_5_1.obj ltc/misc/pkcs5/pkcs_5_2.obj ltc/modes/cbc/cbc_decrypt.obj \
64 ltc/modes/cbc/cbc_done.obj ltc/modes/cbc/cbc_encrypt.obj ltc/modes/cbc/cbc_getiv.obj \
65 ltc/modes/cbc/cbc_setiv.obj ltc/modes/cbc/cbc_start.obj ltc/modes/cfb/cfb_decrypt.obj \
66 ltc/modes/cfb/cfb_done.obj ltc/modes/cfb/cfb_encrypt.obj ltc/modes/cfb/cfb_getiv.obj \
67 ltc/modes/cfb/cfb_setiv.obj ltc/modes/cfb/cfb_start.obj ltc/modes/ctr/ctr_decrypt.obj \
68 ltc/modes/ctr/ctr_done.obj ltc/modes/ctr/ctr_encrypt.obj ltc/modes/ctr/ctr_getiv.obj \
69 ltc/modes/ctr/ctr_setiv.obj ltc/modes/ctr/ctr_start.obj ltc/modes/ecb/ecb_decrypt.obj \
70 ltc/modes/ecb/ecb_done.obj ltc/modes/ecb/ecb_encrypt.obj ltc/modes/ecb/ecb_start.obj \
71 ltc/modes/ofb/ofb_decrypt.obj ltc/modes/ofb/ofb_done.obj ltc/modes/ofb/ofb_encrypt.obj \
72 ltc/modes/ofb/ofb_getiv.obj ltc/modes/ofb/ofb_setiv.obj ltc/modes/ofb/ofb_start.obj \
73 ltc/pk/asn1/der/bit/der_decode_bit_string.obj ltc/pk/asn1/der/bit/der_decode_raw_bit_string.obj \
74 ltc/pk/asn1/der/bit/der_encode_bit_string.obj ltc/pk/asn1/der/bit/der_encode_raw_bit_string.obj \
75 ltc/pk/asn1/der/bit/der_length_bit_string.obj ltc/pk/asn1/der/boolean/der_decode_boolean.obj \
76 ltc/pk/asn1/der/boolean/der_encode_boolean.obj ltc/pk/asn1/der/boolean/der_length_boolean.obj \
77 ltc/pk/asn1/der/choice/der_decode_choice.obj ltc/pk/asn1/der/custom_type/der_decode_custom_type.obj \
78 ltc/pk/asn1/der/custom_type/der_encode_custom_type.obj ltc/pk/asn1/der/custom_type/der_length_custom_type.obj \
79 ltc/pk/asn1/der/general/der_asn1_maps.obj ltc/pk/asn1/der/general/der_decode_asn1_identifier.obj \
80 ltc/pk/asn1/der/general/der_decode_asn1_length.obj ltc/pk/asn1/der/general/der_encode_asn1_identifier.obj \
81 ltc/pk/asn1/der/general/der_encode_asn1_length.obj ltc/pk/asn1/der/general/der_length_asn1_identifier.obj \
82 ltc/pk/asn1/der/general/der_length_asn1_length.obj ltc/pk/asn1/der/generalizedtime/der_decode_generalizedtime.obj \
83 ltc/pk/asn1/der/generalizedtime/der_encode_generalizedtime.obj ltc/pk/asn1/der/generalizedtime/der_length_generalizedtime.obj \
84 ltc/pk/asn1/der/ia5/der_decode_ia5_string.obj ltc/pk/asn1/der/ia5/der_encode_ia5_string.obj \
85 ltc/pk/asn1/der/ia5/der_length_ia5_string.obj ltc/pk/asn1/der/integer/der_decode_integer.obj \
86 ltc/pk/asn1/der/integer/der_encode_integer.obj ltc/pk/asn1/der/integer/der_length_integer.obj \
87 ltc/pk/asn1/der/object_identifier/der_decode_object_identifier.obj ltc/pk/asn1/der/object_identifier/der_encode_object_identifier.obj \
88 ltc/pk/asn1/der/object_identifier/der_length_object_identifier.obj ltc/pk/asn1/der/octet/der_decode_octet_string.obj \
89 ltc/pk/asn1/der/octet/der_encode_octet_string.obj ltc/pk/asn1/der/octet/der_length_octet_string.obj \
90 ltc/pk/asn1/der/printable_string/der_decode_printable_string.obj ltc/pk/asn1/der/printable_string/der_encode_printable_string.obj \
91 ltc/pk/asn1/der/printable_string/der_length_printable_string.obj ltc/pk/asn1/der/sequence/der_decode_sequence_ex.obj \
92 ltc/pk/asn1/der/sequence/der_decode_sequence_flexi.obj ltc/pk/asn1/der/sequence/der_decode_sequence_multi.obj \
93 ltc/pk/asn1/der/sequence/der_encode_sequence_ex.obj ltc/pk/asn1/der/sequence/der_encode_sequence_multi.obj \
94 ltc/pk/asn1/der/sequence/der_length_sequence.obj ltc/pk/asn1/der/sequence/der_sequence_free.obj \
95 ltc/pk/asn1/der/sequence/der_sequence_shrink.obj ltc/pk/asn1/der/set/der_encode_set.obj \
96 ltc/pk/asn1/der/set/der_encode_setof.obj ltc/pk/asn1/der/short_integer/der_decode_short_integer.obj \
62 ltc/misc/padding/padding_pad.obj ltc/misc/pbes/pbes.obj ltc/misc/pbes/pbes1.obj ltc/misc/pbes/pbes2.obj \
63 ltc/misc/pkcs12/pkcs12_kdf.obj ltc/misc/pkcs12/pkcs12_utf8_to_utf16.obj ltc/misc/pkcs5/pkcs_5_1.obj \
64 ltc/misc/pkcs5/pkcs_5_2.obj ltc/modes/cbc/cbc_decrypt.obj ltc/modes/cbc/cbc_done.obj \
65 ltc/modes/cbc/cbc_encrypt.obj ltc/modes/cbc/cbc_getiv.obj ltc/modes/cbc/cbc_setiv.obj \
66 ltc/modes/cbc/cbc_start.obj ltc/modes/cfb/cfb_decrypt.obj ltc/modes/cfb/cfb_done.obj \
67 ltc/modes/cfb/cfb_encrypt.obj ltc/modes/cfb/cfb_getiv.obj ltc/modes/cfb/cfb_setiv.obj \
68 ltc/modes/cfb/cfb_start.obj ltc/modes/ctr/ctr_decrypt.obj ltc/modes/ctr/ctr_done.obj \
69 ltc/modes/ctr/ctr_encrypt.obj ltc/modes/ctr/ctr_getiv.obj ltc/modes/ctr/ctr_setiv.obj \
70 ltc/modes/ctr/ctr_start.obj ltc/modes/ecb/ecb_decrypt.obj ltc/modes/ecb/ecb_done.obj \
71 ltc/modes/ecb/ecb_encrypt.obj ltc/modes/ecb/ecb_start.obj ltc/modes/ofb/ofb_decrypt.obj \
72 ltc/modes/ofb/ofb_done.obj ltc/modes/ofb/ofb_encrypt.obj ltc/modes/ofb/ofb_getiv.obj \
73 ltc/modes/ofb/ofb_setiv.obj ltc/modes/ofb/ofb_start.obj ltc/pk/asn1/der/bit/der_decode_bit_string.obj \
74 ltc/pk/asn1/der/bit/der_decode_raw_bit_string.obj ltc/pk/asn1/der/bit/der_encode_bit_string.obj \
75 ltc/pk/asn1/der/bit/der_encode_raw_bit_string.obj ltc/pk/asn1/der/bit/der_length_bit_string.obj \
76 ltc/pk/asn1/der/boolean/der_decode_boolean.obj ltc/pk/asn1/der/boolean/der_encode_boolean.obj \
77 ltc/pk/asn1/der/boolean/der_length_boolean.obj ltc/pk/asn1/der/choice/der_decode_choice.obj \
78 ltc/pk/asn1/der/custom_type/der_decode_custom_type.obj ltc/pk/asn1/der/custom_type/der_encode_custom_type.obj \
79 ltc/pk/asn1/der/custom_type/der_length_custom_type.obj ltc/pk/asn1/der/general/der_asn1_maps.obj \
80 ltc/pk/asn1/der/general/der_decode_asn1_identifier.obj ltc/pk/asn1/der/general/der_decode_asn1_length.obj \
81 ltc/pk/asn1/der/general/der_encode_asn1_identifier.obj ltc/pk/asn1/der/general/der_encode_asn1_length.obj \
82 ltc/pk/asn1/der/general/der_length_asn1_identifier.obj ltc/pk/asn1/der/general/der_length_asn1_length.obj \
83 ltc/pk/asn1/der/generalizedtime/der_decode_generalizedtime.obj ltc/pk/asn1/der/generalizedtime/der_encode_generalizedtime.obj \
84 ltc/pk/asn1/der/generalizedtime/der_length_generalizedtime.obj ltc/pk/asn1/der/ia5/der_decode_ia5_string.obj \
85 ltc/pk/asn1/der/ia5/der_encode_ia5_string.obj ltc/pk/asn1/der/ia5/der_length_ia5_string.obj \
86 ltc/pk/asn1/der/integer/der_decode_integer.obj ltc/pk/asn1/der/integer/der_encode_integer.obj \
87 ltc/pk/asn1/der/integer/der_length_integer.obj ltc/pk/asn1/der/object_identifier/der_decode_object_identifier.obj \
88 ltc/pk/asn1/der/object_identifier/der_encode_object_identifier.obj ltc/pk/asn1/der/object_identifier/der_length_object_identifier.obj \
89 ltc/pk/asn1/der/octet/der_decode_octet_string.obj ltc/pk/asn1/der/octet/der_encode_octet_string.obj \
90 ltc/pk/asn1/der/octet/der_length_octet_string.obj ltc/pk/asn1/der/printable_string/der_decode_printable_string.obj \
91 ltc/pk/asn1/der/printable_string/der_encode_printable_string.obj ltc/pk/asn1/der/printable_string/der_length_printable_string.obj \
92 ltc/pk/asn1/der/sequence/der_decode_sequence_ex.obj ltc/pk/asn1/der/sequence/der_decode_sequence_flexi.obj \
93 ltc/pk/asn1/der/sequence/der_decode_sequence_multi.obj ltc/pk/asn1/der/sequence/der_encode_sequence_ex.obj \
94 ltc/pk/asn1/der/sequence/der_encode_sequence_multi.obj ltc/pk/asn1/der/sequence/der_length_sequence.obj \
95 ltc/pk/asn1/der/sequence/der_sequence_free.obj ltc/pk/asn1/der/sequence/der_sequence_shrink.obj \
96 ltc/pk/asn1/der/set/der_encode_set.obj ltc/pk/asn1/der/set/der_encode_setof.obj ltc/pk/asn1/der/short_integer/der_decode_short_integer.obj \
9797 ltc/pk/asn1/der/short_integer/der_encode_short_integer.obj ltc/pk/asn1/der/short_integer/der_length_short_integer.obj \
9898 ltc/pk/asn1/der/teletex_string/der_decode_teletex_string.obj ltc/pk/asn1/der/teletex_string/der_length_teletex_string.obj \
9999 ltc/pk/asn1/der/utctime/der_decode_utctime.obj ltc/pk/asn1/der/utctime/der_encode_utctime.obj \
100100 ltc/pk/asn1/der/utctime/der_length_utctime.obj ltc/pk/asn1/der/utf8/der_decode_utf8_string.obj \
101101 ltc/pk/asn1/der/utf8/der_encode_utf8_string.obj ltc/pk/asn1/der/utf8/der_length_utf8_string.obj \
102 ltc/pk/asn1/x509/x509_decode_subject_public_key_info.obj ltc/pk/asn1/x509/x509_encode_subject_public_key_info.obj \
103 ltc/pk/dh/dh.obj ltc/pk/dh/dh_check_pubkey.obj ltc/pk/dh/dh_export.obj ltc/pk/dh/dh_export_key.obj \
104 ltc/pk/dh/dh_free.obj ltc/pk/dh/dh_generate_key.obj ltc/pk/dh/dh_import.obj ltc/pk/dh/dh_set.obj \
105 ltc/pk/dh/dh_set_pg_dhparam.obj ltc/pk/dh/dh_shared_secret.obj ltc/pk/dsa/dsa_decrypt_key.obj \
106 ltc/pk/dsa/dsa_encrypt_key.obj ltc/pk/dsa/dsa_export.obj ltc/pk/dsa/dsa_free.obj \
107 ltc/pk/dsa/dsa_generate_key.obj ltc/pk/dsa/dsa_generate_pqg.obj ltc/pk/dsa/dsa_import.obj \
108 ltc/pk/dsa/dsa_make_key.obj ltc/pk/dsa/dsa_set.obj ltc/pk/dsa/dsa_set_pqg_dsaparam.obj \
102 ltc/pk/asn1/oid/pk_get_oid.obj ltc/pk/asn1/oid/pk_oid_cmp.obj ltc/pk/asn1/oid/pk_oid_str.obj \
103 ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.obj ltc/pk/asn1/x509/x509_decode_subject_public_key_info.obj \
104 ltc/pk/asn1/x509/x509_encode_subject_public_key_info.obj ltc/pk/dh/dh.obj ltc/pk/dh/dh_check_pubkey.obj \
105 ltc/pk/dh/dh_export.obj ltc/pk/dh/dh_export_key.obj ltc/pk/dh/dh_free.obj ltc/pk/dh/dh_generate_key.obj \
106 ltc/pk/dh/dh_import.obj ltc/pk/dh/dh_set.obj ltc/pk/dh/dh_set_pg_dhparam.obj ltc/pk/dh/dh_shared_secret.obj \
107 ltc/pk/dsa/dsa_decrypt_key.obj ltc/pk/dsa/dsa_encrypt_key.obj ltc/pk/dsa/dsa_export.obj \
108 ltc/pk/dsa/dsa_free.obj ltc/pk/dsa/dsa_generate_key.obj ltc/pk/dsa/dsa_generate_pqg.obj \
109 ltc/pk/dsa/dsa_import.obj ltc/pk/dsa/dsa_make_key.obj ltc/pk/dsa/dsa_set.obj ltc/pk/dsa/dsa_set_pqg_dsaparam.obj \
109110 ltc/pk/dsa/dsa_shared_secret.obj ltc/pk/dsa/dsa_sign_hash.obj ltc/pk/dsa/dsa_verify_hash.obj \
110111 ltc/pk/dsa/dsa_verify_key.obj ltc/pk/ecc/ecc.obj ltc/pk/ecc/ecc_ansi_x963_export.obj \
111112 ltc/pk/ecc/ecc_ansi_x963_import.obj ltc/pk/ecc/ecc_decrypt_key.obj ltc/pk/ecc/ecc_encrypt_key.obj \
113114 ltc/pk/ecc/ecc_free.obj ltc/pk/ecc/ecc_get_key.obj ltc/pk/ecc/ecc_get_oid_str.obj \
114115 ltc/pk/ecc/ecc_get_size.obj ltc/pk/ecc/ecc_import.obj ltc/pk/ecc/ecc_import_openssl.obj \
115116 ltc/pk/ecc/ecc_import_pkcs8.obj ltc/pk/ecc/ecc_import_x509.obj ltc/pk/ecc/ecc_make_key.obj \
116 ltc/pk/ecc/ecc_set_curve.obj ltc/pk/ecc/ecc_set_curve_internal.obj ltc/pk/ecc/ecc_set_key.obj \
117 ltc/pk/ecc/ecc_shared_secret.obj ltc/pk/ecc/ecc_sign_hash.obj ltc/pk/ecc/ecc_sizes.obj \
118 ltc/pk/ecc/ecc_verify_hash.obj ltc/pk/ecc/ltc_ecc_export_point.obj ltc/pk/ecc/ltc_ecc_import_point.obj \
119 ltc/pk/ecc/ltc_ecc_is_point.obj ltc/pk/ecc/ltc_ecc_is_point_at_infinity.obj ltc/pk/ecc/ltc_ecc_map.obj \
120 ltc/pk/ecc/ltc_ecc_mul2add.obj ltc/pk/ecc/ltc_ecc_mulmod.obj ltc/pk/ecc/ltc_ecc_mulmod_timing.obj \
121 ltc/pk/ecc/ltc_ecc_points.obj ltc/pk/ecc/ltc_ecc_projective_add_point.obj ltc/pk/ecc/ltc_ecc_projective_dbl_point.obj \
122 ltc/pk/ecc/ltc_ecc_verify_key.obj ltc/pk/pkcs1/pkcs_1_i2osp.obj ltc/pk/pkcs1/pkcs_1_mgf1.obj \
123 ltc/pk/pkcs1/pkcs_1_oaep_decode.obj ltc/pk/pkcs1/pkcs_1_oaep_encode.obj ltc/pk/pkcs1/pkcs_1_os2ip.obj \
124 ltc/pk/pkcs1/pkcs_1_pss_decode.obj ltc/pk/pkcs1/pkcs_1_pss_encode.obj ltc/pk/pkcs1/pkcs_1_v1_5_decode.obj \
125 ltc/pk/pkcs1/pkcs_1_v1_5_encode.obj ltc/pk/rsa/rsa_decrypt_key.obj ltc/pk/rsa/rsa_encrypt_key.obj \
126 ltc/pk/rsa/rsa_export.obj ltc/pk/rsa/rsa_exptmod.obj ltc/pk/rsa/rsa_free.obj ltc/pk/rsa/rsa_get_size.obj \
127 ltc/pk/rsa/rsa_import.obj ltc/pk/rsa/rsa_import_pkcs8.obj ltc/pk/rsa/rsa_import_x509.obj \
128 ltc/pk/rsa/rsa_make_key.obj ltc/pk/rsa/rsa_set.obj ltc/pk/rsa/rsa_sign_hash.obj ltc/pk/rsa/rsa_sign_saltlen_get.obj \
129 ltc/pk/rsa/rsa_verify_hash.obj ltc/prngs/chacha20.obj ltc/prngs/fortuna.obj ltc/prngs/rc4.obj \
130 ltc/prngs/rng_get_bytes.obj ltc/prngs/rng_make_prng.obj ltc/prngs/sober128.obj ltc/prngs/sprng.obj \
131 ltc/prngs/yarrow.obj ltc/stream/chacha/chacha_crypt.obj ltc/stream/chacha/chacha_done.obj \
132 ltc/stream/chacha/chacha_ivctr32.obj ltc/stream/chacha/chacha_ivctr64.obj ltc/stream/chacha/chacha_keystream.obj \
133 ltc/stream/chacha/chacha_setup.obj ltc/stream/rabbit/rabbit.obj ltc/stream/rc4/rc4_stream.obj \
134 ltc/stream/salsa20/salsa20_crypt.obj ltc/stream/salsa20/salsa20_done.obj ltc/stream/salsa20/salsa20_ivctr64.obj \
135 ltc/stream/salsa20/salsa20_keystream.obj ltc/stream/salsa20/salsa20_setup.obj ltc/stream/salsa20/xsalsa20_setup.obj \
136 ltc/stream/sober128/sober128_stream.obj ltc/stream/sosemanuk/sosemanuk.obj ltm/bncore.obj \
117 ltc/pk/ecc/ecc_recover_key.obj ltc/pk/ecc/ecc_set_curve.obj ltc/pk/ecc/ecc_set_curve_internal.obj \
118 ltc/pk/ecc/ecc_set_key.obj ltc/pk/ecc/ecc_shared_secret.obj ltc/pk/ecc/ecc_sign_hash.obj \
119 ltc/pk/ecc/ecc_sizes.obj ltc/pk/ecc/ecc_verify_hash.obj ltc/pk/ecc/ltc_ecc_export_point.obj \
120 ltc/pk/ecc/ltc_ecc_import_point.obj ltc/pk/ecc/ltc_ecc_is_point.obj ltc/pk/ecc/ltc_ecc_is_point_at_infinity.obj \
121 ltc/pk/ecc/ltc_ecc_map.obj ltc/pk/ecc/ltc_ecc_mul2add.obj ltc/pk/ecc/ltc_ecc_mulmod.obj \
122 ltc/pk/ecc/ltc_ecc_mulmod_timing.obj ltc/pk/ecc/ltc_ecc_points.obj ltc/pk/ecc/ltc_ecc_projective_add_point.obj \
123 ltc/pk/ecc/ltc_ecc_projective_dbl_point.obj ltc/pk/ecc/ltc_ecc_verify_key.obj ltc/pk/pkcs1/pkcs_1_i2osp.obj \
124 ltc/pk/pkcs1/pkcs_1_mgf1.obj ltc/pk/pkcs1/pkcs_1_oaep_decode.obj ltc/pk/pkcs1/pkcs_1_oaep_encode.obj \
125 ltc/pk/pkcs1/pkcs_1_os2ip.obj ltc/pk/pkcs1/pkcs_1_pss_decode.obj ltc/pk/pkcs1/pkcs_1_pss_encode.obj \
126 ltc/pk/pkcs1/pkcs_1_v1_5_decode.obj ltc/pk/pkcs1/pkcs_1_v1_5_encode.obj ltc/pk/rsa/rsa_decrypt_key.obj \
127 ltc/pk/rsa/rsa_encrypt_key.obj ltc/pk/rsa/rsa_export.obj ltc/pk/rsa/rsa_exptmod.obj \
128 ltc/pk/rsa/rsa_free.obj ltc/pk/rsa/rsa_get_size.obj ltc/pk/rsa/rsa_import.obj ltc/pk/rsa/rsa_import_pkcs8.obj \
129 ltc/pk/rsa/rsa_import_x509.obj ltc/pk/rsa/rsa_make_key.obj ltc/pk/rsa/rsa_set.obj \
130 ltc/pk/rsa/rsa_sign_hash.obj ltc/pk/rsa/rsa_sign_saltlen_get.obj ltc/pk/rsa/rsa_verify_hash.obj \
131 ltc/prngs/chacha20.obj ltc/prngs/fortuna.obj ltc/prngs/rc4.obj ltc/prngs/rng_get_bytes.obj \
132 ltc/prngs/rng_make_prng.obj ltc/prngs/sober128.obj ltc/prngs/sprng.obj ltc/prngs/yarrow.obj \
133 ltc/stream/chacha/chacha_crypt.obj ltc/stream/chacha/chacha_done.obj ltc/stream/chacha/chacha_ivctr32.obj \
134 ltc/stream/chacha/chacha_ivctr64.obj ltc/stream/chacha/chacha_keystream.obj ltc/stream/chacha/chacha_memory.obj \
135 ltc/stream/chacha/chacha_setup.obj ltc/stream/rabbit/rabbit.obj ltc/stream/rabbit/rabbit_memory.obj \
136 ltc/stream/rc4/rc4_stream.obj ltc/stream/rc4/rc4_stream_memory.obj ltc/stream/salsa20/salsa20_crypt.obj \
137 ltc/stream/salsa20/salsa20_done.obj ltc/stream/salsa20/salsa20_ivctr64.obj ltc/stream/salsa20/salsa20_keystream.obj \
138 ltc/stream/salsa20/salsa20_memory.obj ltc/stream/salsa20/salsa20_setup.obj ltc/stream/salsa20/xsalsa20_memory.obj \
139 ltc/stream/salsa20/xsalsa20_setup.obj ltc/stream/sober128/sober128_stream.obj ltc/stream/sober128/sober128_stream_memory.obj \
140 ltc/stream/sosemanuk/sosemanuk.obj ltc/stream/sosemanuk/sosemanuk_memory.obj ltm/bncore.obj \
137141 ltm/bn_error.obj ltm/bn_fast_mp_invmod.obj ltm/bn_fast_mp_montgomery_reduce.obj ltm/bn_fast_s_mp_mul_digs.obj \
138142 ltm/bn_fast_s_mp_mul_high_digs.obj ltm/bn_fast_s_mp_sqr.obj ltm/bn_mp_2expt.obj ltm/bn_mp_abs.obj \
139143 ltm/bn_mp_add.obj ltm/bn_mp_addmod.obj ltm/bn_mp_add_d.obj ltm/bn_mp_and.obj ltm/bn_mp_clamp.obj \
10081008 int chacha_keystream(chacha_state *st, unsigned char *out, unsigned long outlen);
10091009 int chacha_done(chacha_state *st);
10101010 int chacha_test(void);
1011 int chacha_memory(const unsigned char *key, unsigned long keylen, unsigned long rounds,
1012 const unsigned char *iv, unsigned long ivlen, ulong64 counter,
1013 const unsigned char *datain, unsigned long datalen, unsigned char *dataout);
10111014
10121015 #endif /* LTC_CHACHA */
10131016
10271030 int salsa20_keystream(salsa20_state *st, unsigned char *out, unsigned long outlen);
10281031 int salsa20_done(salsa20_state *st);
10291032 int salsa20_test(void);
1033 int salsa20_memory(const unsigned char *key, unsigned long keylen, unsigned long rounds,
1034 const unsigned char *iv, unsigned long ivlen, ulong64 counter,
1035 const unsigned char *datain, unsigned long datalen, unsigned char *dataout);
10301036
10311037 #endif /* LTC_SALSA20 */
10321038
10361042 const unsigned char *nonce, unsigned long noncelen,
10371043 int rounds);
10381044 int xsalsa20_test(void);
1045 int xsalsa20_memory(const unsigned char *key, unsigned long keylen, unsigned long rounds,
1046 const unsigned char *nonce, unsigned long noncelen,
1047 const unsigned char *datain, unsigned long datalen, unsigned char *dataout);
10391048
10401049 #endif /* LTC_XSALSA20 */
10411050
10541063 unsigned ptr;
10551064 } sosemanuk_state;
10561065
1057 int sosemanuk_setup(sosemanuk_state *ss, const unsigned char *key, unsigned long keylen);
1058 int sosemanuk_setiv(sosemanuk_state *ss, const unsigned char *iv, unsigned long ivlen);
1059 int sosemanuk_crypt(sosemanuk_state *ss, const unsigned char *in, unsigned long inlen, unsigned char *out);
1060 int sosemanuk_keystream(sosemanuk_state *ss, unsigned char *out, unsigned long outlen);
1061 int sosemanuk_done(sosemanuk_state *ss);
1066 int sosemanuk_setup(sosemanuk_state *st, const unsigned char *key, unsigned long keylen);
1067 int sosemanuk_setiv(sosemanuk_state *st, const unsigned char *iv, unsigned long ivlen);
1068 int sosemanuk_crypt(sosemanuk_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
1069 int sosemanuk_keystream(sosemanuk_state *st, unsigned char *out, unsigned long outlen);
1070 int sosemanuk_done(sosemanuk_state *st);
10621071 int sosemanuk_test(void);
1072 int sosemanuk_memory(const unsigned char *key, unsigned long keylen,
1073 const unsigned char *iv, unsigned long ivlen,
1074 const unsigned char *datain, unsigned long datalen,
1075 unsigned char *dataout);
10631076
10641077 #endif /* LTC_SOSEMANUK */
10651078
10841097 int rabbit_keystream(rabbit_state* st, unsigned char *out, unsigned long outlen);
10851098 int rabbit_done(rabbit_state *st);
10861099 int rabbit_test(void);
1100 int rabbit_memory(const unsigned char *key, unsigned long keylen,
1101 const unsigned char *iv, unsigned long ivlen,
1102 const unsigned char *datain, unsigned long datalen,
1103 unsigned char *dataout);
10871104
10881105 #endif /* LTC_RABBIT */
10891106
10991116 int rc4_stream_keystream(rc4_state *st, unsigned char *out, unsigned long outlen);
11001117 int rc4_stream_done(rc4_state *st);
11011118 int rc4_stream_test(void);
1119 int rc4_stream_memory(const unsigned char *key, unsigned long keylen,
1120 const unsigned char *datain, unsigned long datalen,
1121 unsigned char *dataout);
11021122
11031123 #endif /* LTC_RC4_STREAM */
11041124
11181138 int sober128_stream_keystream(sober128_state *st, unsigned char *out, unsigned long outlen);
11191139 int sober128_stream_done(sober128_state *st);
11201140 int sober128_stream_test(void);
1141 int sober128_stream_memory(const unsigned char *key, unsigned long keylen,
1142 const unsigned char *iv, unsigned long ivlen,
1143 const unsigned char *datain, unsigned long datalen,
1144 unsigned char *dataout);
11211145
11221146 #endif /* LTC_SOBER128_STREAM */
11231147
462462
463463 #define LTC_PKCS_1
464464 #define LTC_PKCS_5
465 #define LTC_PKCS_8
465466 #define LTC_PKCS_12
466467
467468 /* Include ASN.1 DER (required by DSA/RSA) */
493494 #define LTC_CRC32
494495
495496 #define LTC_PADDING
497
498 #define LTC_PBES
496499
497500 #endif /* LTC_NO_MISC */
498501
559562 #define LTC_PKCS_1
560563 #endif
561564
565 #if defined(LTC_MRSA) || defined(LTC_MECC)
566 #define LTC_PKCS_8
567 #endif
568
569 #ifdef LTC_PKCS_8
570 #define LTC_PADDING
571 #define LTC_PBES
572 #endif
573
562574 #if defined(LTC_PELICAN) && !defined(LTC_RIJNDAEL)
563575 #error Pelican-MAC requires LTC_RIJNDAEL
564576 #endif
243243 void *k;
244244 } ecc_key;
245245
246 /** Formats of ECC signatures */
247 typedef enum ecc_signature_type_ {
248 /* ASN.1 encoded, ANSI X9.62 */
249 LTC_ECCSIG_ANSIX962 = 0x0,
250 /* raw R, S values */
251 LTC_ECCSIG_RFC7518 = 0x1,
252 /* raw R, S, V (+27) values */
253 LTC_ECCSIG_ETH27 = 0x2
254 } ecc_signature_type;
255
246256 /** the ECC params provided */
247257 extern const ltc_ecc_curve ltc_ecc_curves[];
248258
286296 unsigned char *out, unsigned long *outlen,
287297 const ecc_key *key);
288298
289 int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen,
290 unsigned char *out, unsigned long *outlen,
291 prng_state *prng, int wprng, const ecc_key *key);
292
293 int ecc_sign_hash(const unsigned char *in, unsigned long inlen,
294 unsigned char *out, unsigned long *outlen,
295 prng_state *prng, int wprng, const ecc_key *key);
296
297 int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen,
298 const unsigned char *hash, unsigned long hashlen,
299 int *stat, const ecc_key *key);
300
301 int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
299 #define ecc_sign_hash_rfc7518(in_, inlen_, out_, outlen_, prng_, wprng_, key_) \
300 ecc_sign_hash_ex(in_, inlen_, out_, outlen_, prng_, wprng_, LTC_ECCSIG_RFC7518, NULL, key_)
301
302 #define ecc_sign_hash(in_, inlen_, out_, outlen_, prng_, wprng_, key_) \
303 ecc_sign_hash_ex(in_, inlen_, out_, outlen_, prng_, wprng_, LTC_ECCSIG_ANSIX962, NULL, key_)
304
305 #define ecc_verify_hash_rfc7518(sig_, siglen_, hash_, hashlen_, stat_, key_) \
306 ecc_verify_hash_ex(sig_, siglen_, hash_, hashlen_, LTC_ECCSIG_RFC7518, stat_, key_)
307
308 #define ecc_verify_hash(sig_, siglen_, hash_, hashlen_, stat_, key_) \
309 ecc_verify_hash_ex(sig_, siglen_, hash_, hashlen_, LTC_ECCSIG_ANSIX962, stat_, key_)
310
311 int ecc_sign_hash_ex(const unsigned char *in, unsigned long inlen,
312 unsigned char *out, unsigned long *outlen,
313 prng_state *prng, int wprng, ecc_signature_type sigformat,
314 int *recid, const ecc_key *key);
315
316 int ecc_verify_hash_ex(const unsigned char *sig, unsigned long siglen,
317 const unsigned char *hash, unsigned long hashlen,
318 ecc_signature_type sigformat, int *stat, const ecc_key *key);
319
320 int ecc_recover_key(const unsigned char *sig, unsigned long siglen,
302321 const unsigned char *hash, unsigned long hashlen,
303 int *stat, const ecc_key *key);
322 int recid, ecc_signature_type sigformat, ecc_key *key);
304323
305324 #endif
306325
1818 * Internal Enums
1919 */
2020
21 enum public_key_algorithms {
21 enum ltc_oid_id {
2222 PKA_RSA,
2323 PKA_DSA,
2424 PKA_EC,
2929 * Internal Types
3030 */
3131
32 typedef struct Oid {
33 unsigned long OID[16];
34 /** Number of OID digits in use */
35 unsigned long OIDlen;
36 } oid_st;
37
3832 typedef struct {
3933 int size;
4034 const char *name, *base, *prime;
4135 } ltc_dh_set_type;
4236
37
38 typedef int (*fn_kdf_t)(const unsigned char *password, unsigned long password_len,
39 const unsigned char *salt, unsigned long salt_len,
40 int iteration_count, int hash_idx,
41 unsigned char *out, unsigned long *outlen);
42
43 typedef struct {
44 /* KDF */
45 fn_kdf_t kdf;
46 /* Hash or HMAC */
47 const char* h;
48 /* cipher */
49 const char* c;
50 unsigned long keylen;
51 /* not used for pbkdf2 */
52 unsigned long blocklen;
53 } pbes_properties;
54
55 typedef struct
56 {
57 pbes_properties type;
58 const void *pwd;
59 unsigned long pwdlen;
60 ltc_asn1_list *enc_data;
61 ltc_asn1_list *salt;
62 ltc_asn1_list *iv;
63 unsigned long iterations;
64 /* only used for RC2 */
65 unsigned long key_bits;
66 } pbes_arg;
4367
4468 /*
4569 * Internal functions
172196
173197 void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned long len, int coz);
174198
199 int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *dec_size);
200
201 int pbes1_extract(const ltc_asn1_list *s, pbes_arg *res);
202 int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res);
203
175204
176205 /* tomcrypt_pk.h */
177206
178207 int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng);
179208 int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng);
180209
181 int pk_get_oid(int pk, oid_st *st);
210 int pk_get_oid(enum ltc_oid_id id, const char **st);
182211 int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen);
183212 int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen);
184213
264293 #endif /* LTC_MDSA */
265294
266295 #ifdef LTC_DER
296
297 #define LTC_ASN1_IS_TYPE(e, t) (((e) != NULL) && ((e)->type == (t)))
298
267299 /* DER handling */
268300 int der_decode_custom_type_ex(const unsigned char *in, unsigned long inlen,
269301 ltc_asn1_list *root,
302334 unsigned int algorithm, void* public_key, unsigned long* public_key_len,
303335 ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long *parameters_len);
304336
337 int pk_oid_cmp_with_ulong(const char *o1, const unsigned long *o2, unsigned long o2size);
338 int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2);
339
305340 #endif /* LTC_DER */
306341
307342 /* tomcrypt_pkcs.h */
343
344 #ifdef LTC_PKCS_8
345
346 int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen,
347 const void *pwd, unsigned long pwdlen,
348 ltc_asn1_list **decoded_list);
349
350 #endif /* LTC_PKCS_8 */
351
308352
309353 #ifdef LTC_PKCS_12
310354
435435 #if defined(LTC_PKCS_5)
436436 " PKCS#5 "
437437 #endif
438 #if defined(LTC_PKCS_8)
439 " PKCS#8 "
440 #endif
438441 #if defined(LTC_PKCS_12)
439442 " PKCS#12 "
440443 #endif
443446 #endif
444447 #if defined(LTC_HKDF)
445448 " HKDF "
449 #endif
450 #if defined(LTC_PBES)
451 " PBES1 "
452 " PBES2 "
446453 #endif
447454 #if defined(LTC_DEVRANDOM)
448455 " LTC_DEVRANDOM "
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8 #include "tomcrypt_private.h"
9
10 #ifdef LTC_PBES
11
12 /**
13 Decrypt Data encrypted via either PBES1 or PBES2
14
15 @param arg The according PBES parameters
16 @param dec_data [out] The decrypted data
17 @param dec_size [in/out] The length of the encrypted resp. decrypted data
18 @return CRYPT_OK on success
19 */
20 int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *dec_size)
21 {
22 int err, hid = -1, cid = -1;
23 unsigned char k[32], *iv;
24 unsigned long klen, keylen, dlen;
25 long diff;
26 symmetric_CBC cbc;
27
28 LTC_ARGCHK(arg != NULL);
29 LTC_ARGCHK(arg->type.kdf != NULL);
30 LTC_ARGCHK(dec_data != NULL);
31 LTC_ARGCHK(dec_size != NULL);
32
33 hid = find_hash(arg->type.h);
34 if (hid == -1) return CRYPT_INVALID_HASH;
35 cid = find_cipher(arg->type.c);
36 if (cid == -1) return CRYPT_INVALID_CIPHER;
37
38 klen = arg->type.keylen;
39
40 /* RC2 special case */
41 if (arg->key_bits != 0) {
42 /* We can't handle odd lengths of Key Bits */
43 if ((arg->key_bits % 8) != 0) return CRYPT_INVALID_KEYSIZE;
44 /* Internally we use bytes, not bits */
45 klen = arg->key_bits / 8;
46 }
47 keylen = klen;
48
49 if (arg->iv != NULL) {
50 iv = arg->iv->data;
51 } else {
52 iv = k + klen;
53 klen += arg->type.blocklen;
54 }
55
56 if (klen > sizeof(k)) return CRYPT_INVALID_ARG;
57
58 if ((err = arg->type.kdf(arg->pwd, arg->pwdlen, arg->salt->data, arg->salt->size, arg->iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR;
59 if ((err = cbc_start(cid, iv, k, keylen, 0, &cbc)) != CRYPT_OK) goto LBL_ERROR;
60 if ((err = cbc_decrypt(arg->enc_data->data, dec_data, arg->enc_data->size, &cbc)) != CRYPT_OK) goto LBL_ERROR;
61 if ((err = cbc_done(&cbc)) != CRYPT_OK) goto LBL_ERROR;
62 dlen = arg->enc_data->size;
63 if ((err = padding_depad(dec_data, &dlen, LTC_PAD_PKCS7)) != CRYPT_OK) goto LBL_ERROR;
64 diff = (long)arg->enc_data->size - (long)dlen;
65 if ((diff <= 0) || (diff > cipher_descriptor[cid].block_length)) {
66 err = CRYPT_PK_INVALID_PADDING;
67 goto LBL_ERROR;
68 }
69 *dec_size = dlen;
70 return CRYPT_OK;
71
72 LBL_ERROR:
73 zeromem(k, sizeof(k));
74 zeromem(dec_data, *dec_size);
75 return err;
76 }
77
78 #endif
79
80 /* ref: $Format:%D$ */
81 /* git commit: $Format:%H$ */
82 /* commit time: $Format:%ai$ */
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8 #include "tomcrypt_private.h"
9
10 #ifdef LTC_PBES
11
12 static int _pkcs_5_alg1_wrap(const unsigned char *password, unsigned long password_len,
13 const unsigned char *salt, unsigned long salt_len,
14 int iteration_count, int hash_idx,
15 unsigned char *out, unsigned long *outlen)
16 {
17 LTC_UNUSED_PARAM(salt_len);
18 return pkcs_5_alg1(password, password_len, salt, iteration_count, hash_idx, out, outlen);
19 }
20
21 static int _pkcs_12_wrap(const unsigned char *password, unsigned long password_len,
22 const unsigned char *salt, unsigned long salt_len,
23 int iteration_count, int hash_idx,
24 unsigned char *out, unsigned long *outlen)
25 {
26 int err;
27 /* convert password to unicode/utf16-be */
28 unsigned long pwlen = password_len * 2;
29 unsigned char* pw;
30 if (*outlen < 32) return CRYPT_INVALID_ARG;
31 pw = XMALLOC(pwlen + 2);
32 if (pw == NULL) return CRYPT_MEM;
33 if ((err = pkcs12_utf8_to_utf16(password, password_len, pw, &pwlen) != CRYPT_OK)) goto LBL_ERROR;
34 pw[pwlen++] = 0;
35 pw[pwlen++] = 0;
36 /* derive KEY */
37 if ((err = pkcs12_kdf(hash_idx, pw, pwlen, salt, salt_len, iteration_count, 1, out, 24)) != CRYPT_OK) goto LBL_ERROR;
38 /* derive IV */
39 if ((err = pkcs12_kdf(hash_idx, pw, pwlen, salt, salt_len, iteration_count, 2, out+24, 8)) != CRYPT_OK) goto LBL_ERROR;
40
41 *outlen = 32;
42 LBL_ERROR:
43 zeromem(pw, pwlen);
44 XFREE(pw);
45 return err;
46 }
47
48 static const pbes_properties _pbes1_types[] = {
49 { _pkcs_5_alg1_wrap, "md2", "des", 8, 8 },
50 { _pkcs_5_alg1_wrap, "md2", "rc2", 8, 8 },
51 { _pkcs_5_alg1_wrap, "md5", "des", 8, 8 },
52 { _pkcs_5_alg1_wrap, "md5", "rc2", 8, 8 },
53 { _pkcs_5_alg1_wrap, "sha1", "des", 8, 8 },
54 { _pkcs_5_alg1_wrap, "sha1", "rc2", 8, 8 },
55 { _pkcs_12_wrap, "sha1", "3des", 24, 8 },
56 };
57
58 typedef struct {
59 const pbes_properties *data;
60 const char *oid;
61 } oid_to_pbes;
62
63 static const oid_to_pbes _pbes1_list[] = {
64 { &_pbes1_types[0], "1.2.840.113549.1.5.1" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.1 pbeWithMD2AndDES-CBC */
65 { &_pbes1_types[1], "1.2.840.113549.1.5.4" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.4 pbeWithMD2AndRC2-CBC */
66 { &_pbes1_types[2], "1.2.840.113549.1.5.3" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.3 pbeWithMD5AndDES-CBC */
67 { &_pbes1_types[3], "1.2.840.113549.1.5.6" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.6 pbeWithMD5AndRC2-CBC */
68 { &_pbes1_types[4], "1.2.840.113549.1.5.10" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.10 pbeWithSHA1AndDES-CBC */
69 { &_pbes1_types[5], "1.2.840.113549.1.5.11" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.11 pbeWithSHA1AndRC2-CBC */
70 { &_pbes1_types[6], "1.2.840.113549.1.12.1.3" }, /* http://www.oid-info.com/get/1.2.840.113549.1.12.1.3 pbeWithSHAAnd3-KeyTripleDES-CBC */
71 { 0 },
72 };
73
74 static int _pbes1_from_oid(const ltc_asn1_list *oid, pbes_properties *res)
75 {
76 unsigned int i;
77 for (i = 0; _pbes1_list[i].data != NULL; ++i) {
78 if (pk_oid_cmp_with_asn1(_pbes1_list[i].oid, oid) == CRYPT_OK) {
79 if (res != NULL) *res = *_pbes1_list[i].data;
80 return CRYPT_OK;
81 }
82 }
83 return CRYPT_INVALID_ARG;
84 }
85
86 /**
87 Extract PBES1 parameters
88
89 @param s The start of the sequence with potential PBES1 parameters
90 @param res Pointer to where the extracted parameters should be stored
91 @return CRYPT_OK on success
92 */
93 int pbes1_extract(const ltc_asn1_list *s, pbes_arg *res)
94 {
95 int err;
96
97 LTC_ARGCHK(s != NULL);
98 LTC_ARGCHK(res != NULL);
99
100 if ((err = _pbes1_from_oid(s, &res->type)) != CRYPT_OK) return err;
101
102 if (!LTC_ASN1_IS_TYPE(s->next, LTC_ASN1_SEQUENCE) ||
103 !LTC_ASN1_IS_TYPE(s->next->child, LTC_ASN1_OCTET_STRING) ||
104 !LTC_ASN1_IS_TYPE(s->next->child->next, LTC_ASN1_INTEGER)) {
105 return CRYPT_INVALID_PACKET;
106 }
107 /* PBES1: encrypted pkcs8 - pbeWithMD5AndDES-CBC:
108 * 0:d=0 hl=4 l= 329 cons: SEQUENCE
109 * 4:d=1 hl=2 l= 27 cons: SEQUENCE
110 * 6:d=2 hl=2 l= 9 prim: OBJECT :pbeWithMD5AndDES-CBC (== 1.2.840.113549.1.5.3) (== *s)
111 * 17:d=2 hl=2 l= 14 cons: SEQUENCE (== *lalgparam)
112 * 19:d=3 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:8EDF749A06CCDE51 (== salt)
113 * 29:d=3 hl=2 l= 2 prim: INTEGER :0800 (== iterations)
114 * 33:d=1 hl=4 l= 296 prim: OCTET STRING :bytes (== encrypted data)
115 */
116 res->salt = s->next->child;
117 res->iterations = mp_get_int(s->next->child->next->data);
118
119 return CRYPT_OK;
120 }
121
122 #endif
123
124 /* ref: $Format:%D$ */
125 /* git commit: $Format:%H$ */
126 /* commit time: $Format:%ai$ */
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8 #include "tomcrypt_private.h"
9
10 #ifdef LTC_PBES
11
12 static const char *_oid_pbes2 = "1.2.840.113549.1.5.13";
13 static const char *_oid_pbkdf2 = "1.2.840.113549.1.5.12";
14
15 typedef struct {
16 const char *oid;
17 const char *id;
18 } oid_id_st;
19
20 static const oid_id_st _hmac_oid_names[] = {
21 { "1.2.840.113549.2.7", "sha1" },
22 { "1.2.840.113549.2.8", "sha224" },
23 { "1.2.840.113549.2.9", "sha256" },
24 { "1.2.840.113549.2.10", "sha384" },
25 { "1.2.840.113549.2.11", "sha512" },
26 { "1.2.840.113549.2.12", "sha512-224" },
27 { "1.2.840.113549.2.13", "sha512-256" },
28 };
29
30 static const pbes_properties _pbes2_default_types[] = {
31 { pkcs_5_alg2, "sha1", "des", 8, 0 },
32 { pkcs_5_alg2, "sha1", "rc2", 4, 0 },
33 { pkcs_5_alg2, "sha1", "3des", 24, 0 },
34 { pkcs_5_alg2, "sha1", "aes", 16, 0 },
35 { pkcs_5_alg2, "sha1", "aes", 24, 0 },
36 { pkcs_5_alg2, "sha1", "aes", 32, 0 },
37 };
38
39 typedef struct {
40 const pbes_properties *data;
41 const char* oid;
42 } oid_to_pbes;
43
44 static const oid_to_pbes _pbes2_list[] = {
45 { &_pbes2_default_types[0], "1.3.14.3.2.7" }, /* http://www.oid-info.com/get/1.3.14.3.2.7 desCBC */
46 { &_pbes2_default_types[1], "1.2.840.113549.3.2" }, /* http://www.oid-info.com/get/1.2.840.113549.3.2 rc2CBC */
47 { &_pbes2_default_types[2], "1.2.840.113549.3.7" }, /* http://www.oid-info.com/get/1.2.840.113549.3.7 des-EDE3-CBC */
48 { &_pbes2_default_types[3], "2.16.840.1.101.3.4.1.2" }, /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.2 aes128-CBC */
49 { &_pbes2_default_types[4], "2.16.840.1.101.3.4.1.22" }, /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.22 aes192-CBC */
50 { &_pbes2_default_types[5], "2.16.840.1.101.3.4.1.42" }, /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.42 aes256-CBC */
51 };
52
53 static int _pbes2_from_oid(const ltc_asn1_list *cipher_oid, const ltc_asn1_list *hmac_oid, pbes_properties *res)
54 {
55 unsigned int i;
56 for (i = 0; i < sizeof(_pbes2_list)/sizeof(_pbes2_list[0]); ++i) {
57 if (pk_oid_cmp_with_asn1(_pbes2_list[i].oid, cipher_oid) == CRYPT_OK) {
58 *res = *_pbes2_list[i].data;
59 break;
60 }
61 }
62 if (res->c == NULL) return CRYPT_INVALID_CIPHER;
63 if (hmac_oid != NULL) {
64 for (i = 0; i < sizeof(_hmac_oid_names)/sizeof(_hmac_oid_names[0]); ++i) {
65 if (pk_oid_cmp_with_asn1(_hmac_oid_names[i].oid, hmac_oid) == CRYPT_OK) {
66 res->h = _hmac_oid_names[i].id;
67 return CRYPT_OK;
68 }
69 }
70 return CRYPT_INVALID_HASH;
71 }
72 return CRYPT_OK;
73 }
74
75
76 /**
77 Extract PBES2 parameters
78
79 @param s The start of the sequence with potential PBES2 parameters
80 @param res Pointer to where the extracted parameters should be stored
81 @return CRYPT_OK on success
82 */
83 int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res)
84 {
85 unsigned long klen;
86 ltc_asn1_list *lkdf, *lenc, *loptseq, *lhmac;
87 int err;
88
89 LTC_ARGCHK(s != NULL);
90 LTC_ARGCHK(res != NULL);
91
92 if ((err = pk_oid_cmp_with_asn1(_oid_pbes2, s)) != CRYPT_OK) return err;
93
94 if (!LTC_ASN1_IS_TYPE(s->next, LTC_ASN1_SEQUENCE) ||
95 !LTC_ASN1_IS_TYPE(s->next->child, LTC_ASN1_SEQUENCE) ||
96 !LTC_ASN1_IS_TYPE(s->next->child->child, LTC_ASN1_OBJECT_IDENTIFIER) ||
97 !LTC_ASN1_IS_TYPE(s->next->child->child->next, LTC_ASN1_SEQUENCE) ||
98 !LTC_ASN1_IS_TYPE(s->next->child->next, LTC_ASN1_SEQUENCE) ||
99 !LTC_ASN1_IS_TYPE(s->next->child->next->child, LTC_ASN1_OBJECT_IDENTIFIER)) {
100 return CRYPT_INVALID_PACKET;
101 }
102 /* PBES2: encrypted pkcs8 - PBES2+PBKDF2+des-ede3-cbc:
103 * 0:d=0 hl=4 l= 380 cons: SEQUENCE
104 * 4:d=1 hl=2 l= 78 cons: SEQUENCE
105 * 6:d=2 hl=2 l= 9 prim: OBJECT :PBES2 (== 1.2.840.113549.1.5.13) (== *s)
106 * 17:d=2 hl=2 l= 65 cons: SEQUENCE
107 * 19:d=3 hl=2 l= 41 cons: SEQUENCE
108 * 21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2 (== *lkdf)
109 * 32:d=4 hl=2 l= 28 cons: SEQUENCE
110 * 34:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:28BA4ABF6AA76A3D (== res->salt)
111 * 44:d=5 hl=2 l= 2 prim: INTEGER :0800 (== res->iterations)
112 * 48:d=5 hl=2 l= 12 cons: SEQUENCE (== *loptseq - this sequence is optional, may be missing)
113 * 50:d=6 hl=2 l= 8 prim: OBJECT :hmacWithSHA256 (== *lhmac)
114 * 60:d=6 hl=2 l= 0 prim: NULL
115 * 62:d=3 hl=2 l= 20 cons: SEQUENCE
116 * 64:d=4 hl=2 l= 8 prim: OBJECT :des-ede3-cbc (== *lenc)
117 * 74:d=4 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:B1404C4688DC9A5A
118 * 84:d=1 hl=4 l= 296 prim: OCTET STRING :bytes (== encrypted data)
119 */
120 lkdf = s->next->child->child;
121 lenc = s->next->child->next->child;
122
123 if ((err = pk_oid_cmp_with_asn1(_oid_pbkdf2, lkdf)) != CRYPT_OK) return err;
124
125 if (!LTC_ASN1_IS_TYPE(lkdf->next, LTC_ASN1_SEQUENCE) ||
126 !LTC_ASN1_IS_TYPE(lkdf->next->child, LTC_ASN1_OCTET_STRING) ||
127 !LTC_ASN1_IS_TYPE(lkdf->next->child->next, LTC_ASN1_INTEGER)) {
128 return CRYPT_INVALID_PACKET;
129 }
130
131 loptseq = lkdf->next->child->next->next;
132 res->salt = lkdf->next->child;
133 res->iterations = mp_get_int(lkdf->next->child->next->data);
134
135 /* this sequence is optional */
136 lhmac = NULL;
137 if (LTC_ASN1_IS_TYPE(loptseq, LTC_ASN1_SEQUENCE) &&
138 LTC_ASN1_IS_TYPE(loptseq->child, LTC_ASN1_OBJECT_IDENTIFIER)) {
139 lhmac = loptseq->child;
140 }
141 if ((err = _pbes2_from_oid(lenc, lhmac, &res->type)) != CRYPT_OK) return err;
142
143 if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_OCTET_STRING)) {
144 /* 'NON-RC2'-CBC */
145 res->iv = lenc->next;
146 } else if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_SEQUENCE)) {
147 /* RC2-CBC is a bit special ...
148 *
149 * RC2-CBC-Parameter ::= SEQUENCE {
150 * rc2ParameterVersion INTEGER OPTIONAL,
151 * iv OCTET STRING (SIZE(8)) }
152 */
153 if (LTC_ASN1_IS_TYPE(lenc->next->child, LTC_ASN1_INTEGER) &&
154 LTC_ASN1_IS_TYPE(lenc->next->child->next, LTC_ASN1_OCTET_STRING)) {
155 klen = mp_get_int(lenc->next->child->data);
156 res->iv = lenc->next->child->next;
157 /*
158 * Effective Key Bits Encoding
159 * 40 160
160 * 64 120
161 * 128 58
162 * b >= 256 b
163 */
164 switch (klen) {
165 case 160:
166 res->key_bits = 40;
167 break;
168 case 120:
169 res->key_bits = 64;
170 break;
171 case 58:
172 res->key_bits = 128;
173 break;
174 default:
175 /* We don't handle undefined Key Bits */
176 if (klen < 256) return CRYPT_INVALID_KEYSIZE;
177
178 res->key_bits = klen;
179 break;
180 }
181 } else if (LTC_ASN1_IS_TYPE(lenc->next->child, LTC_ASN1_OCTET_STRING)) {
182 res->iv = lenc->next->child;
183 /*
184 * If the rc2ParameterVersion field is omitted, the "effective key bits"
185 * defaults to 32.
186 */
187 res->key_bits = 32;
188 } else {
189 return CRYPT_INVALID_PACKET;
190 }
191 }
192
193 return CRYPT_OK;
194 }
195
196 #endif
197
198 /* ref: $Format:%D$ */
199 /* git commit: $Format:%H$ */
200 /* commit time: $Format:%ai$ */
+0
-60
src/ltc/misc/pk_get_oid.c less more
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8 #include "tomcrypt_private.h"
9
10 #ifdef LTC_DER
11 static const oid_st rsa_oid = {
12 { 1, 2, 840, 113549, 1, 1, 1 },
13 7,
14 };
15
16 static const oid_st dsa_oid = {
17 { 1, 2, 840, 10040, 4, 1 },
18 6,
19 };
20
21 static const oid_st ec_oid = {
22 { 1, 2, 840, 10045, 2, 1 },
23 6,
24 };
25
26 static const oid_st ec_primef = {
27 { 1, 2, 840, 10045, 1, 1 },
28 6,
29 };
30
31 /*
32 Returns the OID of the public key algorithm.
33 @return CRYPT_OK if valid
34 */
35 int pk_get_oid(int pk, oid_st *st)
36 {
37 switch (pk) {
38 case PKA_RSA:
39 XMEMCPY(st, &rsa_oid, sizeof(*st));
40 break;
41 case PKA_DSA:
42 XMEMCPY(st, &dsa_oid, sizeof(*st));
43 break;
44 case PKA_EC:
45 XMEMCPY(st, &ec_oid, sizeof(*st));
46 break;
47 case PKA_EC_PRIMEF:
48 XMEMCPY(st, &ec_primef, sizeof(*st));
49 break;
50 default:
51 return CRYPT_INVALID_ARG;
52 }
53 return CRYPT_OK;
54 }
55 #endif
56
57 /* ref: $Format:%D$ */
58 /* git commit: $Format:%H$ */
59 /* commit time: $Format:%ai$ */
+0
-82
src/ltc/misc/pk_oid_str.c less more
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8
9 #include "tomcrypt_private.h"
10
11 int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen)
12 {
13 unsigned long i, j, limit;
14
15 LTC_ARGCHK(oid != NULL);
16 LTC_ARGCHK(oidlen != NULL);
17
18 limit = *oidlen;
19 *oidlen = 0; /* make sure that we return zero oidlen on error */
20 for (i = 0; i < limit; i++) oid[i] = 0;
21
22 if ((OID == NULL) || (strlen(OID) == 0)) return CRYPT_OK;
23
24 for (i = 0, j = 0; i < strlen(OID); i++) {
25 if (OID[i] == '.') {
26 if (++j >= limit) return CRYPT_ERROR;
27 }
28 else if ((OID[i] >= '0') && (OID[i] <= '9')) {
29 oid[j] = oid[j] * 10 + (OID[i] - '0');
30 }
31 else {
32 return CRYPT_ERROR;
33 }
34 }
35 if (j == 0) return CRYPT_ERROR;
36 *oidlen = j + 1;
37 return CRYPT_OK;
38 }
39
40 int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen)
41 {
42 int i;
43 unsigned long j, k;
44 char tmp[256] = { 0 };
45 unsigned long tmpsz = sizeof(tmp);
46
47 LTC_ARGCHK(oid != NULL);
48 LTC_ARGCHK(OID != NULL);
49 LTC_ARGCHK(outlen != NULL);
50
51 for (i = oidlen - 1, k = 0; i >= 0; i--) {
52 j = oid[i];
53 if (j == 0) {
54 tmp[k] = '0';
55 if (++k >= tmpsz) return CRYPT_ERROR;
56 }
57 else {
58 while (j > 0) {
59 tmp[k] = '0' + (j % 10);
60 if (++k >= tmpsz) return CRYPT_ERROR;
61 j /= 10;
62 }
63 }
64 if (i > 0) {
65 tmp[k] = '.';
66 if (++k >= tmpsz) return CRYPT_ERROR;
67 }
68 }
69 if (*outlen < k + 1) {
70 *outlen = k + 1;
71 return CRYPT_BUFFER_OVERFLOW;
72 }
73 for (j = 0; j < k; j++) OID[j] = tmp[k - j - 1];
74 OID[k] = '\0';
75 *outlen = k; /* the length without terminating NUL byte */
76 return CRYPT_OK;
77 }
78
79 /* ref: $Format:%D$ */
80 /* git commit: $Format:%H$ */
81 /* commit time: $Format:%ai$ */
2626 unsigned int tmp, i, j, n;
2727 unsigned char ch;
2828 unsigned char D[MAXBLOCKSIZE], A[MAXBLOCKSIZE], B[MAXBLOCKSIZE];
29 unsigned char *I = NULL, *key = NULL;
29 unsigned char *I, *key;
3030 int err = CRYPT_ERROR;
3131
3232 LTC_ARGCHK(pw != NULL);
7070 y++;
7171 } else {
7272 if (y == 0) {
73 words[0] = t / 40;
74 words[1] = t % 40;
73 if (t <= 79) {
74 words[0] = t / 40;
75 words[1] = t % 40;
76 } else {
77 words[0] = 2;
78 words[1] = t - 80;
79 }
7580 y = 2;
7681 } else {
7782 words[y++] = t;
4747 return CRYPT_INVALID_ARG;
4848 }
4949
50 /* word1 = 0,1,2,3 and word2 0..39 */
51 if (words[0] > 3 || (words[0] < 2 && words[1] > 39)) {
50 /* word1 = 0,1,2 and word2 0..39 */
51 if (words[0] > 2 || (words[0] < 2 && words[1] > 39)) {
5252 return CRYPT_INVALID_ARG;
5353 }
5454
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8 #include "tomcrypt_private.h"
9
10 #ifdef LTC_DER
11
12 typedef struct {
13 enum ltc_oid_id id;
14 const char* oid;
15 } oid_table_entry;
16
17 static const oid_table_entry pka_oids[] = {
18 { PKA_RSA, "1.2.840.113549.1.1.1" },
19 { PKA_DSA, "1.2.840.10040.4.1" },
20 { PKA_EC, "1.2.840.10045.2.1" },
21 { PKA_EC_PRIMEF, "1.2.840.10045.1.1" },
22 };
23
24 /*
25 Returns the OID requested.
26 @return CRYPT_OK if valid
27 */
28 int pk_get_oid(enum ltc_oid_id id, const char **st)
29 {
30 unsigned int i;
31 LTC_ARGCHK(st != NULL);
32 for (i = 0; i < sizeof(pka_oids)/sizeof(pka_oids[0]); ++i) {
33 if (pka_oids[i].id == id) {
34 *st = pka_oids[i].oid;
35 return CRYPT_OK;
36 }
37 }
38 return CRYPT_INVALID_ARG;
39 }
40 #endif
41
42 /* ref: $Format:%D$ */
43 /* git commit: $Format:%H$ */
44 /* commit time: $Format:%ai$ */
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8 #include "tomcrypt_private.h"
9
10 #ifdef LTC_DER
11
12 /*
13 Compare an OID string to an array of `unsigned long`.
14 @return CRYPT_OK if equal
15 */
16 int pk_oid_cmp_with_ulong(const char *o1, const unsigned long *o2, unsigned long o2size)
17 {
18 unsigned long i;
19 char tmp[256] = { 0 };
20 int err;
21
22 if (o1 == NULL || o2 == NULL) return CRYPT_ERROR;
23
24 i = sizeof(tmp);
25 if ((err = pk_oid_num_to_str(o2, o2size, tmp, &i)) != CRYPT_OK) {
26 return err;
27 }
28
29 if (XSTRCMP(o1, tmp) != 0) {
30 return CRYPT_PK_INVALID_TYPE;
31 }
32
33 return CRYPT_OK;
34 }
35
36 /*
37 Compare an OID string to an OID element decoded from ASN.1.
38 @return CRYPT_OK if equal
39 */
40 int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2)
41 {
42 if (o1 == NULL || o2 == NULL) return CRYPT_ERROR;
43
44 if (o2->type != LTC_ASN1_OBJECT_IDENTIFIER) return CRYPT_INVALID_ARG;
45
46 return pk_oid_cmp_with_ulong(o1, o2->data, o2->size);
47 }
48
49 #endif
50
51 /* ref: $Format:%D$ */
52 /* git commit: $Format:%H$ */
53 /* commit time: $Format:%ai$ */
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8
9 #include "tomcrypt_private.h"
10
11 int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen)
12 {
13 unsigned long i, j, limit, OID_len, oid_j;
14
15 LTC_ARGCHK(oidlen != NULL);
16
17 limit = *oidlen;
18 *oidlen = 0; /* make sure that we return zero oidlen on error */
19 for (i = 0; i < limit; i++) oid[i] = 0;
20
21 if (OID == NULL) return CRYPT_OK;
22
23 OID_len = strlen(OID);
24 if (OID_len == 0) return CRYPT_OK;
25
26 for (i = 0, j = 0; i < OID_len; i++) {
27 if (OID[i] == '.') {
28 if (++j >= limit) continue;
29 }
30 else if ((OID[i] >= '0') && (OID[i] <= '9')) {
31 if ((j >= limit) || (oid == NULL)) continue;
32 oid_j = oid[j];
33 oid[j] = oid[j] * 10 + (OID[i] - '0');
34 if (oid[j] < oid_j) return CRYPT_OVERFLOW;
35 }
36 else {
37 return CRYPT_ERROR;
38 }
39 }
40 if (j == 0) return CRYPT_ERROR;
41 if (j >= limit) {
42 *oidlen = j;
43 return CRYPT_BUFFER_OVERFLOW;
44 }
45 *oidlen = j + 1;
46 return CRYPT_OK;
47 }
48
49 int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen)
50 {
51 int i;
52 unsigned long j, k;
53 char tmp[256] = { 0 };
54
55 LTC_ARGCHK(oid != NULL);
56 LTC_ARGCHK(OID != NULL);
57 LTC_ARGCHK(outlen != NULL);
58
59 for (i = oidlen - 1, k = 0; i >= 0; i--) {
60 j = oid[i];
61 if (j == 0) {
62 tmp[k] = '0';
63 if (++k >= sizeof(tmp)) return CRYPT_ERROR;
64 }
65 else {
66 while (j > 0) {
67 tmp[k] = '0' + (j % 10);
68 if (++k >= sizeof(tmp)) return CRYPT_ERROR;
69 j /= 10;
70 }
71 }
72 if (i > 0) {
73 tmp[k] = '.';
74 if (++k >= sizeof(tmp)) return CRYPT_ERROR;
75 }
76 }
77 if (*outlen < k + 1) {
78 *outlen = k + 1;
79 return CRYPT_BUFFER_OVERFLOW;
80 }
81 for (j = 0; j < k; j++) OID[j] = tmp[k - j - 1];
82 OID[k] = '\0';
83 *outlen = k; /* the length without terminating NUL byte */
84 return CRYPT_OK;
85 }
86
87 /* ref: $Format:%D$ */
88 /* git commit: $Format:%H$ */
89 /* commit time: $Format:%ai$ */
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8 #include "tomcrypt_private.h"
9
10 #ifdef LTC_PKCS_8
11
12 /**
13 PKCS#8 decrypt if necessary & flexi-decode
14
15 @param in Pointer to the ASN.1 encoded input data
16 @param inlen Length of the input data
17 @param pwd Pointer to the password that was used when encrypting
18 @param pwdlen Length of the password
19 @param decoded_list Pointer to a pointer for the flexi-decoded list
20 @return CRYPT_OK on success
21 */
22 int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen,
23 const void *pwd, unsigned long pwdlen,
24 ltc_asn1_list **decoded_list)
25 {
26 unsigned long len = inlen;
27 unsigned long dec_size;
28 unsigned char *dec_data = NULL;
29 ltc_asn1_list *l = NULL;
30 int err;
31
32 LTC_ARGCHK(in != NULL);
33 LTC_ARGCHK(decoded_list != NULL);
34
35 *decoded_list = NULL;
36 if ((err = der_decode_sequence_flexi(in, &len, &l)) == CRYPT_OK) {
37 /* the following "if" detects whether it is encrypted or not */
38 /* PKCS8 Setup
39 * 0:d=0 hl=4 l= 380 cons: SEQUENCE
40 * 4:d=1 hl=2 l= 78 cons: SEQUENCE
41 * 6:d=2 hl=2 l= 9 prim: OBJECT :OID indicating PBES1 or PBES2 (== *lalgoid)
42 * 17:d=2 hl=2 l= 65 cons: SEQUENCE
43 * Stuff in between is dependent on whether it's PBES1 or PBES2
44 * 84:d=1 hl=4 l= 296 prim: OCTET STRING :bytes (== encrypted data)
45 */
46 if (l->type == LTC_ASN1_SEQUENCE &&
47 LTC_ASN1_IS_TYPE(l->child, LTC_ASN1_SEQUENCE) &&
48 LTC_ASN1_IS_TYPE(l->child->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
49 LTC_ASN1_IS_TYPE(l->child->child->next, LTC_ASN1_SEQUENCE) &&
50 LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_OCTET_STRING)) {
51 ltc_asn1_list *lalgoid = l->child->child;
52 pbes_arg pbes;
53
54 XMEMSET(&pbes, 0, sizeof(pbes));
55
56 if (pbes1_extract(lalgoid, &pbes) == CRYPT_OK) {
57 /* Successfully extracted PBES1 parameters */
58 } else if (pbes2_extract(lalgoid, &pbes) == CRYPT_OK) {
59 /* Successfully extracted PBES2 parameters */
60 } else {
61 /* unsupported encryption */
62 err = CRYPT_INVALID_PACKET;
63 goto LBL_DONE;
64 }
65
66 pbes.enc_data = l->child->next;
67 pbes.pwd = pwd;
68 pbes.pwdlen = pwdlen;
69
70 dec_size = pbes.enc_data->size;
71 if ((dec_data = XMALLOC(dec_size)) == NULL) {
72 err = CRYPT_MEM;
73 goto LBL_DONE;
74 }
75
76 if ((err = pbes_decrypt(&pbes, dec_data, &dec_size)) != CRYPT_OK) goto LBL_DONE;
77
78 der_free_sequence_flexi(l);
79 l = NULL;
80 err = der_decode_sequence_flexi(dec_data, &dec_size, &l);
81 if (err != CRYPT_OK) goto LBL_DONE;
82 *decoded_list = l;
83 }
84 else {
85 /* not encrypted */
86 err = CRYPT_OK;
87 *decoded_list = l;
88 }
89 /* Set l to NULL so it won't be free'd */
90 l = NULL;
91 }
92
93 LBL_DONE:
94 if (l) der_free_sequence_flexi(l);
95 if (dec_data) {
96 zeromem(dec_data, dec_size);
97 XFREE(dec_data);
98 }
99 return err;
100 }
101
102 #endif
103
104 /* ref: $Format:%D$ */
105 /* git commit: $Format:%H$ */
106 /* commit time: $Format:%ai$ */
4242 {
4343 int err;
4444 unsigned long len, alg_id_num;
45 oid_st oid;
45 const char* oid;
4646 unsigned char *tmpbuf;
4747 unsigned long tmpoid[16];
4848 ltc_asn1_list alg_id[2];
9191 *parameters_len = alg_id[1].size;
9292 }
9393
94 if ((alg_id[0].size != oid.OIDlen) ||
95 XMEMCMP(oid.OID, alg_id[0].data, oid.OIDlen * sizeof(oid.OID[0])) != 0) {
96 /* OID mismatch */
97 err = CRYPT_PK_INVALID_TYPE;
98 goto LBL_ERR;
94 if ((err = pk_oid_cmp_with_asn1(oid, &alg_id[0])) != CRYPT_OK) {
95 /* OID mismatch */
96 goto LBL_ERR;
9997 }
10098
10199 len = subject_pubkey[1].size/8;
4242 {
4343 int err;
4444 ltc_asn1_list alg_id[2];
45 oid_st oid;
45 const char *OID;
46 unsigned long oid[16], oidlen;
4647
4748 LTC_ARGCHK(out != NULL);
4849 LTC_ARGCHK(outlen != NULL);
4950
50 err = pk_get_oid(algorithm, &oid);
51 if (err != CRYPT_OK) {
51 if ((err = pk_get_oid(algorithm, &OID)) != CRYPT_OK) {
5252 return err;
5353 }
5454
55 LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid.OID, oid.OIDlen);
55 oidlen = sizeof(oid)/sizeof(oid[0]);
56 if ((err = pk_oid_str_to_num(OID, oid, &oidlen)) != CRYPT_OK) {
57 return err;
58 }
59
60 LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, oidlen);
5661 LTC_SET_ASN1(alg_id, 1, parameters_type, parameters, parameters_len);
5762
5863 return der_encode_sequence_multi(out, outlen,
2626 unsigned char bin_a[256], bin_b[256], bin_k[256], bin_g[512], bin_xy[512];
2727 unsigned long len_a, len_b, len_k, len_g, len_xy;
2828 unsigned long cofactor, one = 1;
29 oid_st oid;
29 const char *OID;
30 unsigned long oid[16], oidlen;
3031 ltc_asn1_list seq_fieldid[2], seq_curve[2], seq_ecparams[6], seq_priv[4], pub_xy, ecparams;
3132 int flag_oid = type & PK_CURVEOID ? 1 : 0;
3233 int flag_com = type & PK_COMPRESSED ? 1 : 0;
7172 cofactor = key->dp.cofactor;
7273
7374 /* we support only prime-field EC */
74 if ((err = pk_get_oid(PKA_EC_PRIMEF, &oid)) != CRYPT_OK) { goto error; }
75 if ((err = pk_get_oid(PKA_EC_PRIMEF, &OID)) != CRYPT_OK) { goto error; }
7576
7677 if (flag_oid) {
7778 /* http://tools.ietf.org/html/rfc5912
101102 }
102103 */
103104
105 oidlen = sizeof(oid)/sizeof(oid[0]);
106 if ((err = pk_oid_str_to_num(OID, oid, &oidlen)) != CRYPT_OK) {
107 goto error;
108 }
109
104110 /* FieldID SEQUENCE */
105 LTC_SET_ASN1(seq_fieldid, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid.OID, oid.OIDlen);
111 LTC_SET_ASN1(seq_fieldid, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, oidlen);
106112 LTC_SET_ASN1(seq_fieldid, 1, LTC_ASN1_INTEGER, prime, 1UL);
107113
108114 /* Curve SEQUENCE */
1010
1111 #ifdef LTC_MECC
1212
13 #define LTC_ASN1_IS_TYPE(e, t) (((e) != NULL) && ((e)->type == (t)))
13 typedef struct {
14 ltc_asn1_type t;
15 ltc_asn1_list **pp;
16 } der_flexi_check;
1417
15 enum algorithm_oid {
16 PBE_MD2_DES, /* 0 */
17 PBE_MD2_RC2,
18 PBE_MD5_DES,
19 PBE_MD5_RC2,
20 PBE_SHA1_DES,
21 PBE_SHA1_RC2, /* 5 */
22 PBES2,
23 PBKDF2,
24 DES_CBC,
25 RC2_CBC,
26 DES_EDE3_CBC, /* 10 */
27 HMAC_WITH_SHA1,
28 HMAC_WITH_SHA224,
29 HMAC_WITH_SHA256,
30 HMAC_WITH_SHA384,
31 HMAC_WITH_SHA512, /* 15 */
32 PBE_SHA1_3DES
33 };
18 #define LTC_SET_DER_FLEXI_CHECK(list, index, Type, P) \
19 do { \
20 int LTC_SDFC_temp##__LINE__ = (index); \
21 list[LTC_SDFC_temp##__LINE__].t = Type; \
22 list[LTC_SDFC_temp##__LINE__].pp = P; \
23 } while (0)
3424
35 static const oid_st oid_list[] = {
36 { { 1,2,840,113549,1,5,1 }, 7 }, /* [0] http://www.oid-info.com/get/1.2.840.113549.1.5.1 pbeWithMD2AndDES-CBC */
37 { { 1,2,840,113549,1,5,4 }, 7 }, /* [1] http://www.oid-info.com/get/1.2.840.113549.1.5.4 pbeWithMD2AndRC2-CBC */
38 { { 1,2,840,113549,1,5,3 }, 7 }, /* [2] http://www.oid-info.com/get/1.2.840.113549.1.5.3 pbeWithMD5AndDES-CBC */
39 { { 1,2,840,113549,1,5,6 }, 7 }, /* [3] http://www.oid-info.com/get/1.2.840.113549.1.5.6 pbeWithMD5AndRC2-CBC */
40 { { 1,2,840,113549,1,5,10 }, 7 }, /* [4] http://www.oid-info.com/get/1.2.840.113549.1.5.10 pbeWithSHA1AndDES-CBC */
41 { { 1,2,840,113549,1,5,11 }, 7 }, /* [5] http://www.oid-info.com/get/1.2.840.113549.1.5.11 pbeWithSHA1AndRC2-CBC */
42 { { 1,2,840,113549,1,5,13 }, 7 }, /* [6] http://www.oid-info.com/get/1.2.840.113549.1.5.13 pbes2 */
43 { { 1,2,840,113549,1,5,12 }, 7 }, /* [7] http://www.oid-info.com/get/1.2.840.113549.1.5.12 pBKDF2 */
44 { { 1,3,14,3,2,7 }, 6 }, /* [8] http://www.oid-info.com/get/1.3.14.3.2.7 desCBC */
45 { { 1,2,840,113549,3,2 }, 6 }, /* [9] http://www.oid-info.com/get/1.2.840.113549.3.2 rc2CBC */
46 { { 1,2,840,113549,3,7 }, 6 }, /* [10] http://www.oid-info.com/get/1.2.840.113549.3.7 des-EDE3-CBC */
47 { { 1,2,840,113549,2,7 }, 6 }, /* [11] http://www.oid-info.com/get/1.2.840.113549.2.7 hmacWithSHA1 */
48 { { 1,2,840,113549,2,8 }, 6 }, /* [12] http://www.oid-info.com/get/1.2.840.113549.2.8 hmacWithSHA224 */
49 { { 1,2,840,113549,2,9 }, 6 }, /* [13] http://www.oid-info.com/get/1.2.840.113549.2.9 hmacWithSHA256 */
50 { { 1,2,840,113549,2,10 }, 6 }, /* [14] http://www.oid-info.com/get/1.2.840.113549.2.10 hmacWithSHA384 */
51 { { 1,2,840,113549,2,11 }, 6 }, /* [15] http://www.oid-info.com/get/1.2.840.113549.2.11 hmacWithSHA512 */
52 { { 1,2,840,113549,1,12,1,3 }, 8 }, /* [16] http://www.oid-info.com/get/1.2.840.113549.1.12.1.3 pbeWithSHAAnd3-KeyTripleDES-CBC */
53 { { 0 }, 0 },
54 };
55
56 static int _oid_to_id(const unsigned long *oid, unsigned long oid_size)
25 static int _der_flexi_sequence_cmp(const ltc_asn1_list *flexi, der_flexi_check *check)
5726 {
58 int i, j;
59 for (j = 0; oid_list[j].OIDlen > 0; j++) {
60 int match = 1;
61 if (oid_list[j].OIDlen != oid_size) continue;
62 for (i = 0; i < (int)oid_size && match; i++) if (oid_list[j].OID[i] != oid[i]) match = 0;
63 if (match) return j;
27 const ltc_asn1_list *cur;
28 if (flexi->type != LTC_ASN1_SEQUENCE)
29 return CRYPT_INVALID_PACKET;
30 cur = flexi->child;
31 while(check->t != LTC_ASN1_EOL) {
32 if (!LTC_ASN1_IS_TYPE(cur, check->t))
33 return CRYPT_INVALID_PACKET;
34 if (check->pp != NULL) *check->pp = (ltc_asn1_list*)cur;
35 cur = cur->next;
36 check++;
6437 }
65 return -1;
66 }
67
68 static int _pbes1_decrypt(const unsigned char *enc_data, unsigned long enc_size,
69 const unsigned char *pass, unsigned long pass_size,
70 const unsigned char *salt, unsigned long salt_size,
71 unsigned long iterations,
72 const unsigned long *oid, unsigned long oid_size,
73 unsigned char *dec_data, unsigned long *dec_size)
74 {
75 int id = _oid_to_id(oid, oid_size);
76 int err, hid = -1, cid = -1;
77 unsigned int keylen, blklen;
78 unsigned char key_iv[32] = { 0 }, pad;
79 unsigned long len = sizeof(key_iv), pwlen = pass_size;
80 symmetric_CBC cbc;
81 unsigned char *pw = NULL;
82
83 /* https://tools.ietf.org/html/rfc8018#section-6.1.2 */
84 if (id == PBE_MD2_DES || id == PBE_MD2_RC2) hid = find_hash("md2");
85 if (id == PBE_MD5_DES || id == PBE_MD5_RC2) hid = find_hash("md5");
86 if (id == PBE_SHA1_DES || id == PBE_SHA1_RC2 || id == PBE_SHA1_3DES) hid = find_hash("sha1");
87
88 if (id == PBE_MD2_RC2 || id == PBE_MD5_RC2 || id == PBE_SHA1_RC2) {
89 cid = find_cipher("rc2");
90 keylen = 8;
91 blklen = 8;
92 }
93 if (id == PBE_MD2_DES || id == PBE_MD5_DES || id == PBE_SHA1_DES) {
94 cid = find_cipher("des");
95 keylen = 8;
96 blklen = 8;
97 }
98 if (id == PBE_SHA1_3DES) {
99 cid = find_cipher("3des");
100 keylen = 24;
101 blklen = 8;
102 }
103
104 if (id == PBE_SHA1_3DES) {
105 /* convert password to unicode/utf16-be */
106 pwlen = pass_size * 2;
107 pw = XMALLOC(pwlen + 2);
108 if (pw == NULL) goto LBL_ERROR;
109 if ((err = pkcs12_utf8_to_utf16(pass, pass_size, pw, &pwlen) != CRYPT_OK)) goto LBL_ERROR;
110 pw[pwlen++] = 0;
111 pw[pwlen++] = 0;
112 /* derive KEY */
113 if ((err = pkcs12_kdf(hid, pw, pwlen, salt, salt_size, iterations, 1, key_iv, keylen)) != CRYPT_OK) goto LBL_ERROR;
114 /* derive IV */
115 if ((err = pkcs12_kdf(hid, pw, pwlen, salt, salt_size, iterations, 2, key_iv+24, blklen)) != CRYPT_OK) goto LBL_ERROR;
116 }
117 else {
118 if ((err = pkcs_5_alg1(pass, pass_size, salt, iterations, hid, key_iv, &len)) != CRYPT_OK) goto LBL_ERROR;
119 /* the output has 16 bytes: [KEY-8-bytes][IV-8-bytes] */
120 }
121
122 if (hid != -1 && cid != -1) {
123 if (salt_size != 8 || enc_size < blklen) goto LBL_ERROR;
124 if ((err = cbc_start(cid, key_iv + keylen, key_iv, keylen, 0, &cbc)) != CRYPT_OK) goto LBL_ERROR;
125 if ((err = cbc_decrypt(enc_data, dec_data, enc_size, &cbc)) != CRYPT_OK) goto LBL_ERROR;
126 if ((err = cbc_done(&cbc)) != CRYPT_OK) goto LBL_ERROR;
127 pad = dec_data[enc_size-1];
128 if (pad < 1 || pad > blklen) goto LBL_ERROR;
129 *dec_size = enc_size - pad;
130 err = CRYPT_OK;
131 goto LBL_DONE;
132 }
133
134 LBL_ERROR:
135 err = CRYPT_INVALID_ARG;
136 LBL_DONE:
137 zeromem(key_iv, sizeof(key_iv));
138 if (pw) { zeromem(pw, pwlen); XFREE(pw); }
139 return err;
140 }
141
142 static int _pbes2_pbkdf2_decrypt(const unsigned char *enc_data, unsigned long enc_size,
143 const unsigned char *pass, unsigned long pass_size,
144 const unsigned char *salt, unsigned long salt_size,
145 const unsigned char *iv, unsigned long iv_size,
146 unsigned long iterations,
147 int hmacid,
148 int encid,
149 int extra_arg,
150 unsigned char *dec_data, unsigned long *dec_size)
151 {
152 int err, hid = -1, cid = -1;
153 unsigned char k[32], pad;
154 unsigned long klen = sizeof(k);
155 symmetric_CBC cbc;
156
157 /* https://tools.ietf.org/html/rfc8018#section-6.2.2 */
158
159 if (hmacid == HMAC_WITH_SHA1) hid = find_hash("sha1");
160 if (hmacid == HMAC_WITH_SHA224) hid = find_hash("sha224");
161 if (hmacid == HMAC_WITH_SHA256) hid = find_hash("sha256");
162 if (hmacid == HMAC_WITH_SHA384) hid = find_hash("sha384");
163 if (hmacid == HMAC_WITH_SHA512) hid = find_hash("sha512");
164 if (hid == -1) return CRYPT_INVALID_ARG;
165
166 if (encid == DES_EDE3_CBC) {
167 /* https://tools.ietf.org/html/rfc8018#appendix-B.2.2 */
168 cid = find_cipher("3des");
169 klen = 24;
170 if (klen > sizeof(k) || iv_size != 8 || iv == NULL || cid == -1) goto LBL_ERROR;
171 if ((err = pkcs_5_alg2(pass, pass_size, salt, salt_size, iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR;
172 if ((err = cbc_start(cid, iv, k, klen, 0, &cbc)) != CRYPT_OK) goto LBL_ERROR;
173 if ((err = cbc_decrypt(enc_data, dec_data, enc_size, &cbc)) != CRYPT_OK) goto LBL_ERROR;
174 if ((err = cbc_done(&cbc)) != CRYPT_OK) goto LBL_ERROR;
175 pad = dec_data[enc_size-1];
176 if (pad < 1 || pad > 8) goto LBL_ERROR;
177 *dec_size = enc_size - pad;
178 return CRYPT_OK;
179 }
180
181 if (encid == DES_CBC) {
182 /* https://tools.ietf.org/html/rfc8018#appendix-B.2.1 */
183 cid = find_cipher("des");
184 klen = 8; /* 64 bits */
185 if (klen > sizeof(k) || iv_size != 8 || iv == NULL || cid == -1) goto LBL_ERROR;
186 if ((err = pkcs_5_alg2(pass, pass_size, salt, salt_size, iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR;
187 if ((err = cbc_start(cid, iv, k, klen, 0, &cbc)) != CRYPT_OK) goto LBL_ERROR;
188 if ((err = cbc_decrypt(enc_data, dec_data, enc_size, &cbc)) != CRYPT_OK) goto LBL_ERROR;
189 if ((err = cbc_done(&cbc)) != CRYPT_OK) goto LBL_ERROR;
190 pad = dec_data[enc_size-1];
191 if (pad < 1 || pad > 8) goto LBL_ERROR;
192 *dec_size = enc_size - pad;
193 return CRYPT_OK;
194 }
195
196 if (encid == RC2_CBC) {
197 /* https://tools.ietf.org/html/rfc8018#appendix-B.2.3 */
198 cid = find_cipher("rc2");
199 klen = 4; /* default: 32 bits */
200 if (extra_arg == 160) klen = 5;
201 if (extra_arg == 120) klen = 8;
202 if (extra_arg == 58) klen = 16;
203 if (extra_arg >= 256) klen = extra_arg / 8;
204 if (klen > sizeof(k) || iv_size != 8 || iv == NULL || cid == -1) goto LBL_ERROR;
205 if ((err = pkcs_5_alg2(pass, pass_size, salt, salt_size, iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR;
206 if ((err = cbc_start(cid, iv, k, klen, 0, &cbc)) != CRYPT_OK) goto LBL_ERROR;
207 if ((err = cbc_decrypt(enc_data, dec_data, enc_size, &cbc)) != CRYPT_OK) goto LBL_ERROR;
208 if ((err = cbc_done(&cbc)) != CRYPT_OK) goto LBL_ERROR;
209 pad = dec_data[enc_size-1];
210 if (pad < 1 || pad > 8) goto LBL_ERROR;
211 *dec_size = enc_size - pad;
212 return CRYPT_OK;
213 }
214
215 LBL_ERROR:
216 zeromem(k, sizeof(k));
217 return CRYPT_INVALID_ARG;
218 }
219
220 static int _der_decode_pkcs8_flexi(const unsigned char *in, unsigned long inlen,
221 const void *pwd, unsigned long pwdlen,
222 ltc_asn1_list **decoded_list)
223 {
224 unsigned long len = inlen;
225 unsigned long dec_size;
226 unsigned char *dec_data = NULL;
227 ltc_asn1_list *l = NULL;
228 int err;
229
230 *decoded_list = NULL;
231 if ((err = der_decode_sequence_flexi(in, &len, &l)) == CRYPT_OK) {
232 /* the following "if" detects whether it is encrypted or not */
233 if (l->type == LTC_ASN1_SEQUENCE &&
234 LTC_ASN1_IS_TYPE(l->child, LTC_ASN1_SEQUENCE) &&
235 LTC_ASN1_IS_TYPE(l->child->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
236 LTC_ASN1_IS_TYPE(l->child->child->next, LTC_ASN1_SEQUENCE) &&
237 LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_OCTET_STRING)) {
238 ltc_asn1_list *lalgoid = l->child->child;
239 ltc_asn1_list *lalgparam = l->child->child->next;
240 unsigned char *enc_data = l->child->next->data;
241 unsigned long enc_size = l->child->next->size;
242 dec_size = enc_size;
243 if ((dec_data = XMALLOC(dec_size)) == NULL) {
244 err = CRYPT_MEM;
245 goto LBL_DONE;
246 }
247 if (LTC_ASN1_IS_TYPE(lalgparam->child, LTC_ASN1_OCTET_STRING) &&
248 LTC_ASN1_IS_TYPE(lalgparam->child->next, LTC_ASN1_INTEGER)) {
249 /* PBES1: encrypted pkcs8 - pbeWithMD5AndDES-CBC:
250 * 0:d=0 hl=4 l= 329 cons: SEQUENCE
251 * 4:d=1 hl=2 l= 27 cons: SEQUENCE (== *lalg)
252 * 6:d=2 hl=2 l= 9 prim: OBJECT :pbeWithMD5AndDES-CBC (== 1.2.840.113549.1.5.3)
253 * 17:d=2 hl=2 l= 14 cons: SEQUENCE (== *lalgparam)
254 * 19:d=3 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:8EDF749A06CCDE51 (== salt)
255 * 29:d=3 hl=2 l= 2 prim: INTEGER :0800 (== iterations)
256 * 33:d=1 hl=4 l= 296 prim: OCTET STRING :bytes (== encrypted data)
257 */
258 unsigned long iter = mp_get_int(lalgparam->child->next->data);
259 unsigned long salt_size = lalgparam->child->size;
260 unsigned char *salt = lalgparam->child->data;
261 err = _pbes1_decrypt(enc_data, enc_size, pwd, pwdlen, salt, salt_size, iter, lalgoid->data, lalgoid->size, dec_data, &dec_size);
262 if (err != CRYPT_OK) goto LBL_DONE;
263 }
264 else if (PBES2 == _oid_to_id(lalgoid->data, lalgoid->size) &&
265 LTC_ASN1_IS_TYPE(lalgparam->child, LTC_ASN1_SEQUENCE) &&
266 LTC_ASN1_IS_TYPE(lalgparam->child->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
267 LTC_ASN1_IS_TYPE(lalgparam->child->child->next, LTC_ASN1_SEQUENCE) &&
268 LTC_ASN1_IS_TYPE(lalgparam->child->next, LTC_ASN1_SEQUENCE) &&
269 LTC_ASN1_IS_TYPE(lalgparam->child->next->child, LTC_ASN1_OBJECT_IDENTIFIER)) {
270 /* PBES2: encrypted pkcs8 - PBES2+PBKDF2+des-ede3-cbc:
271 * 0:d=0 hl=4 l= 380 cons: SEQUENCE
272 * 4:d=1 hl=2 l= 78 cons: SEQUENCE (== *lalg)
273 * 6:d=2 hl=2 l= 9 prim: OBJECT :PBES2 (== 1.2.840.113549.1.5.13)
274 * 17:d=2 hl=2 l= 65 cons: SEQUENCE (== *lalgparam)
275 * 19:d=3 hl=2 l= 41 cons: SEQUENCE
276 * 21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2
277 * 32:d=4 hl=2 l= 28 cons: SEQUENCE
278 * 34:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:28BA4ABF6AA76A3D (== salt)
279 * 44:d=5 hl=2 l= 2 prim: INTEGER :0800 (== iterations)
280 * 48:d=5 hl=2 l= 12 cons: SEQUENCE (this sequence is optional, may be missing)
281 * 50:d=6 hl=2 l= 8 prim: OBJECT :hmacWithSHA256
282 * 60:d=6 hl=2 l= 0 prim: NULL
283 * 62:d=3 hl=2 l= 20 cons: SEQUENCE
284 * 64:d=4 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
285 * 74:d=4 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:B1404C4688DC9A5A
286 * 84:d=1 hl=4 l= 296 prim: OCTET STRING :bytes (== encrypted data)
287 */
288 ltc_asn1_list *lkdf = lalgparam->child->child;
289 ltc_asn1_list *lenc = lalgparam->child->next->child;
290 int kdfid = _oid_to_id(lkdf->data, lkdf->size);
291 int encid = _oid_to_id(lenc->data, lenc->size);
292 if (PBKDF2 == kdfid &&
293 LTC_ASN1_IS_TYPE(lkdf->next, LTC_ASN1_SEQUENCE) &&
294 LTC_ASN1_IS_TYPE(lkdf->next->child, LTC_ASN1_OCTET_STRING) &&
295 LTC_ASN1_IS_TYPE(lkdf->next->child->next, LTC_ASN1_INTEGER)) {
296 unsigned long iter = mp_get_int(lkdf->next->child->next->data);
297 unsigned long salt_size = lkdf->next->child->size;
298 unsigned char *salt = lkdf->next->child->data;
299 unsigned char *iv = NULL;
300 unsigned long iv_size = 0;
301 unsigned long arg = 0;
302 ltc_asn1_list *loptseq = lkdf->next->child->next->next;
303 int hmacid = HMAC_WITH_SHA1; /* this is default */
304 if (LTC_ASN1_IS_TYPE(loptseq, LTC_ASN1_SEQUENCE) &&
305 LTC_ASN1_IS_TYPE(loptseq->child, LTC_ASN1_OBJECT_IDENTIFIER)) {
306 /* this sequence is optional */
307 hmacid = _oid_to_id(loptseq->child->data, loptseq->child->size);
308 }
309 if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_OCTET_STRING)) {
310 /* DES-CBC + DES_EDE3_CBC */
311 iv = lenc->next->data;
312 iv_size = lenc->next->size;
313 }
314 else if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_SEQUENCE) &&
315 LTC_ASN1_IS_TYPE(lenc->next->child, LTC_ASN1_INTEGER) &&
316 LTC_ASN1_IS_TYPE(lenc->next->child->next, LTC_ASN1_OCTET_STRING)) {
317 /* RC2-CBC is a bit special */
318 iv = lenc->next->child->next->data;
319 iv_size = lenc->next->child->next->size;
320 arg = mp_get_int(lenc->next->child->data);
321 }
322 err = _pbes2_pbkdf2_decrypt(enc_data, enc_size, pwd, pwdlen, salt, salt_size, iv, iv_size, iter, hmacid, encid, arg, dec_data, &dec_size);
323 if (err != CRYPT_OK) goto LBL_DONE;
324 }
325 else {
326 /* non-PBKDF2 algorithms are not supported */
327 err = CRYPT_INVALID_PACKET;
328 goto LBL_DONE;
329 }
330 }
331 else {
332 /* unsupported encryption */
333 err = CRYPT_INVALID_PACKET;
334 goto LBL_DONE;
335 }
336 der_free_sequence_flexi(l);
337 l = NULL;
338 err = der_decode_sequence_flexi(dec_data, &dec_size, &l);
339 if (err != CRYPT_OK) goto LBL_DONE;
340 *decoded_list = l;
341 }
342 else {
343 /* not encrypted */
344 err = CRYPT_OK;
345 *decoded_list = l;
346 }
347 }
348
349 LBL_DONE:
350 if (dec_data) XFREE(dec_data);
351 return err;
38 return CRYPT_OK;
35239 }
35340
35441 /* NOTE: _der_decode_pkcs8_flexi & related stuff can be shared with rsa_import_pkcs8() */
35845 ecc_key *key)
35946 {
36047 void *a, *b, *gx, *gy;
361 unsigned long len, cofactor;
362 oid_st ecoid;
48 unsigned long len, cofactor, n;
49 const char *pka_ec_oid;
36350 int err;
36451 char OID[256];
36552 const ltc_ecc_curve *curve;
36653 ltc_asn1_list *p = NULL, *l = NULL;
54 der_flexi_check flexi_should[7];
55 ltc_asn1_list *seq, *priv_key;
36756
36857 LTC_ARGCHK(in != NULL);
36958 LTC_ARGCHK(key != NULL);
37059 LTC_ARGCHK(ltc_mp.name != NULL);
37160
37261 /* get EC alg oid */
373 err = pk_get_oid(PKA_EC, &ecoid);
62 err = pk_get_oid(PKA_EC, &pka_ec_oid);
37463 if (err != CRYPT_OK) return err;
37564
37665 /* init key */
37766 err = mp_init_multi(&a, &b, &gx, &gy, NULL);
37867 if (err != CRYPT_OK) return err;
37968
380 if ((err = _der_decode_pkcs8_flexi(in, inlen, pwd, pwdlen, &l)) == CRYPT_OK) {
381 if (l->type == LTC_ASN1_SEQUENCE &&
382 LTC_ASN1_IS_TYPE(l->child, LTC_ASN1_INTEGER) &&
383 LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_SEQUENCE) &&
384 LTC_ASN1_IS_TYPE(l->child->next->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
385 LTC_ASN1_IS_TYPE(l->child->next->next, LTC_ASN1_OCTET_STRING)) {
386 ltc_asn1_list *lseq = l->child->next;
387 ltc_asn1_list *lpri = l->child->next->next;
388 ltc_asn1_list *lecoid = l->child->next->child;
38969
390 if ((lecoid->size != ecoid.OIDlen) ||
391 XMEMCMP(ecoid.OID, lecoid->data, ecoid.OIDlen * sizeof(ecoid.OID[0]))) {
392 err = CRYPT_PK_INVALID_TYPE;
393 goto LBL_DONE;
394 }
70 if ((err = pkcs8_decode_flexi(in, inlen, pwd, pwdlen, &l)) == CRYPT_OK) {
39571
396 if (LTC_ASN1_IS_TYPE(lseq->child->next, LTC_ASN1_OBJECT_IDENTIFIER)) {
72 /* Setup for basic structure */
73 n=0;
74 LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, NULL);
75 LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &seq);
76 LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &priv_key);
77 LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL);
78
79 if (((err = _der_flexi_sequence_cmp(l, flexi_should)) == CRYPT_OK) &&
80 (pk_oid_cmp_with_asn1(pka_ec_oid, seq->child) == CRYPT_OK)) {
81 ltc_asn1_list *version, *field, *point, *point_g, *order, *p_cofactor;
82
83 /* Setup for CASE 2 */
84 n=0;
85 LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &version);
86 LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &field);
87 LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &point);
88 LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &point_g);
89 LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &order);
90 LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &p_cofactor);
91 LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL);
92
93 if (LTC_ASN1_IS_TYPE(seq->child->next, LTC_ASN1_OBJECT_IDENTIFIER)) {
39794 /* CASE 1: curve by OID (AKA short variant):
398 * 0:d=0 hl=2 l= 100 cons: SEQUENCE
399 * 2:d=1 hl=2 l= 1 prim: INTEGER :00
400 * 5:d=1 hl=2 l= 16 cons: SEQUENCE (== *lseq)
401 * 7:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
402 * 16:d=2 hl=2 l= 5 prim: OBJECT :secp256k1 (== 1.3.132.0.10)
403 * 23:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== privatekey)
95 * 0:d=0 hl=2 l= 100 cons: SEQUENCE
96 * 2:d=1 hl=2 l= 1 prim: INTEGER :00
97 * 5:d=1 hl=2 l= 16 cons: SEQUENCE (== *seq)
98 * 7:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
99 * 16:d=2 hl=2 l= 5 prim: OBJECT :(== *curve_oid (e.g. secp256k1 (== 1.3.132.0.10)))
100 * 23:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== *priv_key)
404101 */
405 ltc_asn1_list *loid = lseq->child->next;
102 ltc_asn1_list *curve_oid = seq->child->next;
406103 len = sizeof(OID);
407 if ((err = pk_oid_num_to_str(loid->data, loid->size, OID, &len)) != CRYPT_OK) { goto LBL_DONE; }
104 if ((err = pk_oid_num_to_str(curve_oid->data, curve_oid->size, OID, &len)) != CRYPT_OK) { goto LBL_DONE; }
408105 if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto LBL_DONE; }
409106 if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto LBL_DONE; }
410107 }
411 else if (LTC_ASN1_IS_TYPE(lseq->child->next, LTC_ASN1_SEQUENCE)) {
108 else if ((err = _der_flexi_sequence_cmp(seq->child->next, flexi_should)) == CRYPT_OK) {
412109 /* CASE 2: explicit curve parameters (AKA long variant):
413110 * 0:d=0 hl=3 l= 227 cons: SEQUENCE
414111 * 3:d=1 hl=2 l= 1 prim: INTEGER :00
415 * 6:d=1 hl=3 l= 142 cons: SEQUENCE (== *lseq)
112 * 6:d=1 hl=3 l= 142 cons: SEQUENCE (== *seq)
416113 * 9:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
417 * 18:d=2 hl=3 l= 130 cons: SEQUENCE (== *lcurve)
114 * 18:d=2 hl=3 l= 130 cons: SEQUENCE
418115 * 21:d=3 hl=2 l= 1 prim: INTEGER :01
419 * 24:d=3 hl=2 l= 44 cons: SEQUENCE (== *lfield)
116 * 24:d=3 hl=2 l= 44 cons: SEQUENCE (== *field)
420117 * 26:d=4 hl=2 l= 7 prim: OBJECT :prime-field
421 * 35:d=4 hl=2 l= 33 prim: INTEGER :(== curve.prime)
422 * 70:d=3 hl=2 l= 6 cons: SEQUENCE (== *lpoint)
118 * 35:d=4 hl=2 l= 33 prim: INTEGER :(== *prime / curve.prime)
119 * 70:d=3 hl=2 l= 6 cons: SEQUENCE (== *point)
423120 * 72:d=4 hl=2 l= 1 prim: OCTET STRING :bytes (== curve.A)
424121 * 75:d=4 hl=2 l= 1 prim: OCTET STRING :bytes (== curve.B)
425 * 78:d=3 hl=2 l= 33 prim: OCTET STRING :bytes (== curve.G-point)
426 * 113:d=3 hl=2 l= 33 prim: INTEGER :(== curve.order)
122 * 78:d=3 hl=2 l= 33 prim: OCTET STRING :bytes (== *g_point / curve.G-point)
123 * 113:d=3 hl=2 l= 33 prim: INTEGER :(== *order / curve.order)
427124 * 148:d=3 hl=2 l= 1 prim: INTEGER :(== curve.cofactor)
428 * 151:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== privatekey)
125 * 151:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== *priv_key)
429126 */
430 ltc_asn1_list *lcurve = lseq->child->next;
431127
432 if (LTC_ASN1_IS_TYPE(lcurve->child, LTC_ASN1_INTEGER) &&
433 LTC_ASN1_IS_TYPE(lcurve->child->next, LTC_ASN1_SEQUENCE) &&
434 LTC_ASN1_IS_TYPE(lcurve->child->next->next, LTC_ASN1_SEQUENCE) &&
435 LTC_ASN1_IS_TYPE(lcurve->child->next->next->next, LTC_ASN1_OCTET_STRING) &&
436 LTC_ASN1_IS_TYPE(lcurve->child->next->next->next->next, LTC_ASN1_INTEGER) &&
437 LTC_ASN1_IS_TYPE(lcurve->child->next->next->next->next->next, LTC_ASN1_INTEGER)) {
128 if (mp_get_int(version->data) != 1) {
129 goto LBL_DONE;
130 }
131 cofactor = mp_get_int(p_cofactor->data);
438132
439 ltc_asn1_list *lfield = lcurve->child->next;
440 ltc_asn1_list *lpoint = lcurve->child->next->next;
441 ltc_asn1_list *lg = lcurve->child->next->next->next;
442 ltc_asn1_list *lorder = lcurve->child->next->next->next->next;
443 cofactor = mp_get_int(lcurve->child->next->next->next->next->next->data);
133 if (LTC_ASN1_IS_TYPE(field->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
134 LTC_ASN1_IS_TYPE(field->child->next, LTC_ASN1_INTEGER) &&
135 LTC_ASN1_IS_TYPE(point->child, LTC_ASN1_OCTET_STRING) &&
136 LTC_ASN1_IS_TYPE(point->child->next, LTC_ASN1_OCTET_STRING)) {
444137
445 if (LTC_ASN1_IS_TYPE(lfield->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
446 LTC_ASN1_IS_TYPE(lfield->child->next, LTC_ASN1_INTEGER) &&
447 LTC_ASN1_IS_TYPE(lpoint->child, LTC_ASN1_OCTET_STRING) &&
448 LTC_ASN1_IS_TYPE(lpoint->child->next, LTC_ASN1_OCTET_STRING)) {
449
450 ltc_asn1_list *lprime = lfield->child->next;
451 if ((err = mp_read_unsigned_bin(a, lpoint->child->data, lpoint->child->size)) != CRYPT_OK) {
452 goto LBL_DONE;
453 }
454 if ((err = mp_read_unsigned_bin(b, lpoint->child->next->data, lpoint->child->next->size)) != CRYPT_OK) {
455 goto LBL_DONE;
456 }
457 if ((err = ltc_ecc_import_point(lg->data, lg->size, lprime->data, a, b, gx, gy)) != CRYPT_OK) {
458 goto LBL_DONE;
459 }
460 if ((err = ecc_set_curve_from_mpis(a, b, lprime->data, lorder->data, gx, gy, cofactor, key)) != CRYPT_OK) {
461 goto LBL_DONE;
462 }
138 ltc_asn1_list *prime = field->child->next;
139 if ((err = mp_read_unsigned_bin(a, point->child->data, point->child->size)) != CRYPT_OK) {
140 goto LBL_DONE;
141 }
142 if ((err = mp_read_unsigned_bin(b, point->child->next->data, point->child->next->size)) != CRYPT_OK) {
143 goto LBL_DONE;
144 }
145 if ((err = ltc_ecc_import_point(point_g->data, point_g->size, prime->data, a, b, gx, gy)) != CRYPT_OK) {
146 goto LBL_DONE;
147 }
148 if ((err = ecc_set_curve_from_mpis(a, b, prime->data, order->data, gx, gy, cofactor, key)) != CRYPT_OK) {
149 goto LBL_DONE;
463150 }
464151 }
465152 }
469156 }
470157
471158 /* load private key value 'k' */
472 len = lpri->size;
473 if ((err = der_decode_sequence_flexi(lpri->data, &len, &p)) == CRYPT_OK) {
159 len = priv_key->size;
160 if ((err = der_decode_sequence_flexi(priv_key->data, &len, &p)) == CRYPT_OK) {
474161 if (p->type == LTC_ASN1_SEQUENCE &&
475162 LTC_ASN1_IS_TYPE(p->child, LTC_ASN1_INTEGER) &&
476163 LTC_ASN1_IS_TYPE(p->child->next, LTC_ASN1_OCTET_STRING)) {
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8
9 #include "tomcrypt_private.h"
10
11 #ifdef LTC_MECC
12
13 #ifdef LTC_ECC_SHAMIR
14
15 /**
16 @file ecc_recover_key.c
17 ECC Crypto, Russ Williams
18 */
19
20 /**
21 Recover ECC public key from signature and hash
22 @param sig The signature to verify
23 @param siglen The length of the signature (octets)
24 @param hash The hash (message digest) that was signed
25 @param hashlen The length of the hash (octets)
26 @param recid The recovery ID ("v"), can be -1 if signature contains it
27 @param sigformat The format of the signature (ecc_signature_type)
28 @param key The recovered public ECC key
29 @return CRYPT_OK if successful (even if the signature is not valid)
30 */
31 int ecc_recover_key(const unsigned char *sig, unsigned long siglen,
32 const unsigned char *hash, unsigned long hashlen,
33 int recid, ecc_signature_type sigformat, ecc_key *key)
34 {
35 ecc_point *mG = NULL, *mQ = NULL, *mR = NULL;
36 void *p, *m, *a, *b;
37 void *r, *s, *v, *w, *t1, *t2, *u1, *u2, *v1, *v2, *e, *x, *y, *a_plus3;
38 void *mu = NULL, *ma = NULL;
39 void *mp = NULL;
40 int err;
41 unsigned long pbits, pbytes, i, shift_right;
42 unsigned char ch, buf[MAXBLOCKSIZE];
43
44 LTC_ARGCHK(sig != NULL);
45 LTC_ARGCHK(hash != NULL);
46 LTC_ARGCHK(key != NULL);
47
48 /* BEWARE: requires sqrtmod_prime */
49 if (ltc_mp.sqrtmod_prime == NULL) {
50 return CRYPT_ERROR;
51 }
52
53 /* allocate ints */
54 if ((err = mp_init_multi(&r, &s, &v, &w, &t1, &t2, &u1, &u2, &v1, &v2, &e, &x, &y, &a_plus3, NULL)) != CRYPT_OK) {
55 return err;
56 }
57
58 p = key->dp.order;
59 m = key->dp.prime;
60 a = key->dp.A;
61 b = key->dp.B;
62 if ((err = mp_add_d(a, 3, a_plus3)) != CRYPT_OK) {
63 goto error;
64 }
65
66 /* allocate points */
67 mG = ltc_ecc_new_point();
68 mQ = ltc_ecc_new_point();
69 mR = ltc_ecc_new_point();
70 if (mR == NULL || mQ == NULL || mG == NULL) {
71 err = CRYPT_MEM;
72 goto error;
73 }
74
75 if (sigformat == LTC_ECCSIG_ANSIX962) {
76 /* ANSI X9.62 format - ASN.1 encoded SEQUENCE{ INTEGER(r), INTEGER(s) } */
77 if ((err = der_decode_sequence_multi_ex(sig, siglen, LTC_DER_SEQ_SEQUENCE | LTC_DER_SEQ_STRICT,
78 LTC_ASN1_INTEGER, 1UL, r,
79 LTC_ASN1_INTEGER, 1UL, s,
80 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto error; }
81 }
82 else if (sigformat == LTC_ECCSIG_RFC7518) {
83 /* RFC7518 format - raw (r,s) */
84 i = mp_unsigned_bin_size(key->dp.order);
85 if (siglen != (2*i)) {
86 err = CRYPT_INVALID_PACKET;
87 goto error;
88 }
89 if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, i)) != CRYPT_OK) { goto error; }
90 if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+i, i)) != CRYPT_OK) { goto error; }
91 }
92 else if (sigformat == LTC_ECCSIG_ETH27) {
93 /* Ethereum (v,r,s) format */
94 if (key->dp.oidlen != 5 || key->dp.oid[0] != 1 || key->dp.oid[1] != 3 ||
95 key->dp.oid[2] != 132 || key->dp.oid[3] != 0 || key->dp.oid[4] != 10) {
96 /* Only valid for secp256k1 - OID 1.3.132.0.10 */
97 err = CRYPT_ERROR; goto error;
98 }
99 if (siglen != 65) { /* Only secp256k1 curves use this format, so must be 65 bytes long */
100 err = CRYPT_INVALID_PACKET;
101 goto error;
102 }
103 i = (unsigned long)sig[64];
104 if ((i>=27) && (i<31)) i -= 27; /* Ethereum adds 27 to recovery ID */
105 if (recid >= 0 && ((unsigned long)recid != i)) {
106 /* Recovery ID specified, but doesn't match signature */
107 err = CRYPT_INVALID_PACKET;
108 goto error;
109 }
110 recid = i;
111 if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, 32)) != CRYPT_OK) { goto error; }
112 if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+32, 32)) != CRYPT_OK) { goto error; }
113 }
114 else {
115 /* Unknown signature format */
116 err = CRYPT_ERROR;
117 goto error;
118 }
119
120 if (recid < 0 || (unsigned long)recid >= 2*(key->dp.cofactor+1)) {
121 /* Recovery ID is out of range, reject it */
122 err = CRYPT_INVALID_ARG;
123 goto error;
124 }
125
126 /* check for zero */
127 if (mp_cmp_d(r, 0) != LTC_MP_GT || mp_cmp_d(s, 0) != LTC_MP_GT ||
128 mp_cmp(r, p) != LTC_MP_LT || mp_cmp(s, p) != LTC_MP_LT) {
129 err = CRYPT_INVALID_PACKET;
130 goto error;
131 }
132
133 /* read hash - truncate if needed */
134 pbits = mp_count_bits(p);
135 pbytes = (pbits+7) >> 3;
136 if (pbits > hashlen*8) {
137 if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; }
138 }
139 else if (pbits % 8 == 0) {
140 if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, pbytes)) != CRYPT_OK) { goto error; }
141 }
142 else {
143 shift_right = 8 - pbits % 8;
144 for (i=0, ch=0; i<pbytes; i++) {
145 buf[i] = ch;
146 ch = (hash[i] << (8-shift_right));
147 buf[i] = buf[i] ^ (hash[i] >> shift_right);
148 }
149 if ((err = mp_read_unsigned_bin(e, (unsigned char *)buf, pbytes)) != CRYPT_OK) { goto error; }
150 }
151
152 /* decompress point from r=(x mod p) - BEWARE: requires sqrtmod_prime */
153 /* x = r + p*(recid/2) */
154 if ((err = mp_set(x, recid/2)) != CRYPT_OK) { goto error; }
155 if ((err = mp_mulmod(p, x, m, x)) != CRYPT_OK) { goto error; }
156 if ((err = mp_add(x, r, x)) != CRYPT_OK) { goto error; }
157 /* compute x^3 */
158 if ((err = mp_sqr(x, t1)) != CRYPT_OK) { goto error; }
159 if ((err = mp_mulmod(t1, x, m, t1)) != CRYPT_OK) { goto error; }
160 /* compute x^3 + a*x */
161 if ((err = mp_mulmod(a, x, m, t2)) != CRYPT_OK) { goto error; }
162 if ((err = mp_add(t1, t2, t1)) != CRYPT_OK) { goto error; }
163 /* compute x^3 + a*x + b */
164 if ((err = mp_add(t1, b, t1)) != CRYPT_OK) { goto error; }
165 /* compute sqrt(x^3 + a*x + b) */
166 if ((err = mp_sqrtmod_prime(t1, m, t2)) != CRYPT_OK) { goto error; }
167
168 /* fill in mR */
169 if ((err = mp_copy(x, mR->x)) != CRYPT_OK) { goto error; }
170 if ((mp_isodd(t2) && (recid%2)) || (!mp_isodd(t2) && !(recid%2))) {
171 if ((err = mp_mod(t2, m, mR->y)) != CRYPT_OK) { goto error; }
172 }
173 else {
174 if ((err = mp_submod(m, t2, m, mR->y)) != CRYPT_OK) { goto error; }
175 }
176 if ((err = mp_set(mR->z, 1)) != CRYPT_OK) { goto error; }
177
178 /* w = r^-1 mod n */
179 if ((err = mp_invmod(r, p, w)) != CRYPT_OK) { goto error; }
180 /* v1 = sw */
181 if ((err = mp_mulmod(s, w, p, v1)) != CRYPT_OK) { goto error; }
182 /* v2 = -ew */
183 if ((err = mp_mulmod(e, w, p, v2)) != CRYPT_OK) { goto error; }
184 if ((err = mp_submod(p, v2, p, v2)) != CRYPT_OK) { goto error; }
185
186 /* w = s^-1 mod n */
187 if ((err = mp_invmod(s, p, w)) != CRYPT_OK) { goto error; }
188 /* u1 = ew */
189 if ((err = mp_mulmod(e, w, p, u1)) != CRYPT_OK) { goto error; }
190 /* u2 = rw */
191 if ((err = mp_mulmod(r, w, p, u2)) != CRYPT_OK) { goto error; }
192
193 /* find mG */
194 if ((err = ltc_ecc_copy_point(&key->dp.base, mG)) != CRYPT_OK) { goto error; }
195
196 /* find the montgomery mp */
197 if ((err = mp_montgomery_setup(m, &mp)) != CRYPT_OK) { goto error; }
198
199 /* for curves with a == -3 keep ma == NULL */
200 if (mp_cmp(a_plus3, m) != LTC_MP_EQ) {
201 if ((err = mp_init_multi(&mu, &ma, NULL)) != CRYPT_OK) { goto error; }
202 if ((err = mp_montgomery_normalization(mu, m)) != CRYPT_OK) { goto error; }
203 if ((err = mp_mulmod(a, mu, m, ma)) != CRYPT_OK) { goto error; }
204 }
205
206 /* recover mQ from mR */
207 /* compute v1*mR + v2*mG = mQ using Shamir's trick */
208 if ((err = ltc_mp.ecc_mul2add(mR, v1, mG, v2, mQ, ma, m)) != CRYPT_OK) { goto error; }
209
210 /* compute u1*mG + u2*mQ = mG using Shamir's trick */
211 if ((err = ltc_mp.ecc_mul2add(mG, u1, mQ, u2, mG, ma, m)) != CRYPT_OK) { goto error; }
212
213 /* v = X_x1 mod n */
214 if ((err = mp_mod(mG->x, p, v)) != CRYPT_OK) { goto error; }
215
216 /* does v == r */
217 if (mp_cmp(v, r) == LTC_MP_EQ) {
218 /* found public key which verifies signature */
219 if ((err = ltc_ecc_copy_point(mQ, &key->pubkey)) != CRYPT_OK) { goto error; }
220 /* point on the curve + other checks */
221 if ((err = ltc_ecc_verify_key(key)) != CRYPT_OK) { goto error; }
222
223 key->type = PK_PUBLIC;
224
225 err = CRYPT_OK;
226 }
227 else {
228 /* not found - recid is wrong or we're unable to calculate public key for some other reason */
229 err = CRYPT_INVALID_ARG;
230 }
231
232 error:
233 if (ma != NULL) mp_clear(ma);
234 if (mu != NULL) mp_clear(mu);
235 if (mp != NULL) mp_montgomery_free(mp);
236 if (mR != NULL) ltc_ecc_del_point(mR);
237 if (mQ != NULL) ltc_ecc_del_point(mQ);
238 if (mG != NULL) ltc_ecc_del_point(mG);
239 mp_clear_multi(a_plus3, y, x, e, v2, v1, u2, u1, t2, t1, w, v, s, r, NULL);
240 return err;
241 }
242
243 #endif
244 #endif
245
246 /* ref: $Format:%D$ */
247 /* git commit: $Format:%H$ */
248 /* commit time: $Format:%ai$ */
1515 ECC Crypto, Tom St Denis
1616 */
1717
18 static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen,
19 unsigned char *out, unsigned long *outlen,
20 prng_state *prng, int wprng, const ecc_key *key, int sigformat)
18 /**
19 Sign a message digest
20 @param in The message digest to sign
21 @param inlen The length of the digest
22 @param out [out] The destination for the signature
23 @param outlen [in/out] The max size and resulting size of the signature
24 @param prng An active PRNG state
25 @param wprng The index of the PRNG you wish to use
26 @param sigformat The format of the signature to generate (ecc_signature_type)
27 @param recid [out] The recovery ID for this signature (optional)
28 @param key A private ECC key
29 @return CRYPT_OK if successful
30 */
31 int ecc_sign_hash_ex(const unsigned char *in, unsigned long inlen,
32 unsigned char *out, unsigned long *outlen,
33 prng_state *prng, int wprng, ecc_signature_type sigformat,
34 int *recid, const ecc_key *key)
2135 {
2236 ecc_key pubkey;
2337 void *r, *s, *e, *p, *b;
38 int v = 0;
2439 int err, max_iterations = LTC_PK_MAX_RETRIES;
2540 unsigned long pbits, pbytes, i, shift_right;
2641 unsigned char ch, buf[MAXBLOCKSIZE];
6883 /* find r = x1 mod n */
6984 if ((err = mp_mod(pubkey.pubkey.x, p, r)) != CRYPT_OK) { goto error; }
7085
86 if (recid || sigformat==LTC_ECCSIG_ETH27) {
87 /* find recovery ID (if needed) */
88 v = 0;
89 if (mp_copy(pubkey.pubkey.x, s) != CRYPT_OK) { goto error; }
90 while (mp_cmp_d(s, 0) == LTC_MP_GT && mp_cmp(s, p) != LTC_MP_LT) {
91 /* Compute x1 div n... this will almost never be reached for curves with order 1 */
92 v += 2;
93 if ((err = mp_sub(s, p, s)) != CRYPT_OK) { goto error; }
94 }
95 if (mp_isodd(pubkey.pubkey.y)) v += 1;
96 }
97
7198 if (mp_iszero(r) == LTC_MP_YES) {
7299 ecc_free(&pubkey);
73100 } else {
91118 goto errnokey;
92119 }
93120
94 if (sigformat == 1) {
95 /* RFC7518 format */
121 if (recid) *recid = v;
122
123 if (sigformat == LTC_ECCSIG_ANSIX962) {
124 /* store as ASN.1 SEQUENCE { r, s -- integer } */
125 err = der_encode_sequence_multi(out, outlen,
126 LTC_ASN1_INTEGER, 1UL, r,
127 LTC_ASN1_INTEGER, 1UL, s,
128 LTC_ASN1_EOL, 0UL, NULL);
129 }
130 else if (sigformat == LTC_ECCSIG_RFC7518) {
131 /* RFC7518 format - raw (r,s) */
96132 if (*outlen < 2*pbytes) { err = CRYPT_MEM; goto errnokey; }
97133 zeromem(out, 2*pbytes);
98134 i = mp_unsigned_bin_size(r);
102138 *outlen = 2*pbytes;
103139 err = CRYPT_OK;
104140 }
141 else if (sigformat == LTC_ECCSIG_ETH27) {
142 /* Ethereum (v,r,s) format */
143 if (key->dp.oidlen != 5 || key->dp.oid[0] != 1 || key->dp.oid[1] != 3 ||
144 key->dp.oid[2] != 132 || key->dp.oid[3] != 0 || key->dp.oid[4] != 10) {
145 /* Only valid for secp256k1 - OID 1.3.132.0.10 */
146 err = CRYPT_ERROR; goto errnokey;
147 }
148 if (*outlen < 65) { err = CRYPT_MEM; goto errnokey; }
149 zeromem(out, 65);
150 i = mp_unsigned_bin_size(r);
151 if ((err = mp_to_unsigned_bin(r, out + 32 - i)) != CRYPT_OK) { goto errnokey; }
152 i = mp_unsigned_bin_size(s);
153 if ((err = mp_to_unsigned_bin(s, out + 64 - i)) != CRYPT_OK) { goto errnokey; }
154 out[64] = (unsigned char)(v + 27); /* Recovery ID is 27/28 for Ethereum */
155 *outlen = 65;
156 err = CRYPT_OK;
157 }
105158 else {
106 /* store as ASN.1 SEQUENCE { r, s -- integer } */
107 err = der_encode_sequence_multi(out, outlen,
108 LTC_ASN1_INTEGER, 1UL, r,
109 LTC_ASN1_INTEGER, 1UL, s,
110 LTC_ASN1_EOL, 0UL, NULL);
159 /* Unknown signature format */
160 err = CRYPT_ERROR;
161 goto error;
111162 }
163
112164 goto errnokey;
113165 error:
114166 ecc_free(&pubkey);
117169 return err;
118170 }
119171
120 /**
121 Sign a message digest
122 @param in The message digest to sign
123 @param inlen The length of the digest
124 @param out [out] The destination for the signature
125 @param outlen [in/out] The max size and resulting size of the signature
126 @param prng An active PRNG state
127 @param wprng The index of the PRNG you wish to use
128 @param key A private ECC key
129 @return CRYPT_OK if successful
130 */
131 int ecc_sign_hash(const unsigned char *in, unsigned long inlen,
132 unsigned char *out, unsigned long *outlen,
133 prng_state *prng, int wprng, const ecc_key *key)
134 {
135 return _ecc_sign_hash(in, inlen, out, outlen, prng, wprng, key, 0);
136 }
137
138 /**
139 Sign a message digest in RFC7518 format
140 @param in The message digest to sign
141 @param inlen The length of the digest
142 @param out [out] The destination for the signature
143 @param outlen [in/out] The max size and resulting size of the signature
144 @param prng An active PRNG state
145 @param wprng The index of the PRNG you wish to use
146 @param key A private ECC key
147 @return CRYPT_OK if successful
148 */
149 int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen,
150 unsigned char *out, unsigned long *outlen,
151 prng_state *prng, int wprng, const ecc_key *key)
152 {
153 return _ecc_sign_hash(in, inlen, out, outlen, prng, wprng, key, 1);
154 }
155
156172 #endif
157173
158174 /* ref: $Format:%D$ */
1515 ECC Crypto, Tom St Denis
1616 */
1717
18 static int _ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
19 const unsigned char *hash, unsigned long hashlen,
20 int *stat, const ecc_key *key, int sigformat)
18 /**
19 Verify an ECC signature in RFC7518 format
20 @param sig The signature to verify
21 @param siglen The length of the signature (octets)
22 @param hash The hash (message digest) that was signed
23 @param hashlen The length of the hash (octets)
24 @param sigformat The format of the signature (ecc_signature_type)
25 @param stat Result of signature, 1==valid, 0==invalid
26 @param key The corresponding public ECC key
27 @return CRYPT_OK if successful (even if the signature is not valid)
28 */
29 int ecc_verify_hash_ex(const unsigned char *sig, unsigned long siglen,
30 const unsigned char *hash, unsigned long hashlen,
31 ecc_signature_type sigformat, int *stat, const ecc_key *key)
2132 {
22 ecc_point *mG = NULL, *mQ = NULL;
23 void *r, *s, *v, *w, *u1, *u2, *e, *p, *m, *a, *a_plus3 = NULL, *mu = NULL, *ma = NULL;
33 ecc_point *mG = NULL, *mQ = NULL;
34 void *r, *s, *v, *w, *u1, *u2, *e, *p, *m, *a, *a_plus3;
35 void *mu = NULL, *ma = NULL;
2436 void *mp = NULL;
2537 int err;
2638 unsigned long pbits, pbytes, i, shift_right;
5466 goto error;
5567 }
5668
57 if (sigformat == 1) {
58 /* RFC7518 format */
59 if ((siglen % 2) == 1) {
60 err = CRYPT_INVALID_PACKET;
61 goto error;
62 }
63 i = siglen / 2;
64 if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, i)) != CRYPT_OK) { goto error; }
65 if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+i, i)) != CRYPT_OK) { goto error; }
66 }
67 else {
68 /* ASN.1 format */
69 if (sigformat == LTC_ECCSIG_ANSIX962) {
70 /* ANSI X9.62 format - ASN.1 encoded SEQUENCE{ INTEGER(r), INTEGER(s) } */
6971 if ((err = der_decode_sequence_multi_ex(sig, siglen, LTC_DER_SEQ_SEQUENCE | LTC_DER_SEQ_STRICT,
7072 LTC_ASN1_INTEGER, 1UL, r,
7173 LTC_ASN1_INTEGER, 1UL, s,
7274 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto error; }
75 }
76 else if (sigformat == LTC_ECCSIG_RFC7518) {
77 /* RFC7518 format - raw (r,s) */
78 i = mp_unsigned_bin_size(key->dp.order);
79 if (siglen != (2*i)) {
80 err = CRYPT_INVALID_PACKET;
81 goto error;
82 }
83 if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, i)) != CRYPT_OK) { goto error; }
84 if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+i, i)) != CRYPT_OK) { goto error; }
85 }
86 else if (sigformat == LTC_ECCSIG_ETH27) {
87 /* Ethereum (v,r,s) format */
88 if (key->dp.oidlen != 5 || key->dp.oid[0] != 1 || key->dp.oid[1] != 3 ||
89 key->dp.oid[2] != 132 || key->dp.oid[3] != 0 || key->dp.oid[4] != 10) {
90 /* Only valid for secp256k1 - OID 1.3.132.0.10 */
91 err = CRYPT_ERROR; goto error;
92 }
93 if (siglen != 65) { /* Only secp256k1 curves use this format, so must be 65 bytes long */
94 err = CRYPT_INVALID_PACKET;
95 goto error;
96 }
97 if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, 32)) != CRYPT_OK) { goto error; }
98 if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+32, 32)) != CRYPT_OK) { goto error; }
99 }
100 else {
101 /* Unknown signature format */
102 err = CRYPT_ERROR;
103 goto error;
73104 }
74105
75106 /* check for zero */
152183 if (mu != NULL) mp_clear(mu);
153184 if (ma != NULL) mp_clear(ma);
154185 mp_clear_multi(r, s, v, w, u1, u2, e, a_plus3, NULL);
155 if (mp != NULL) {
156 mp_montgomery_free(mp);
157 }
186 if (mp != NULL) mp_montgomery_free(mp);
158187 return err;
159 }
160
161 /**
162 Verify an ECC signature
163 @param sig The signature to verify
164 @param siglen The length of the signature (octets)
165 @param hash The hash (message digest) that was signed
166 @param hashlen The length of the hash (octets)
167 @param stat Result of signature, 1==valid, 0==invalid
168 @param key The corresponding public ECC key
169 @return CRYPT_OK if successful (even if the signature is not valid)
170 */
171 int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
172 const unsigned char *hash, unsigned long hashlen,
173 int *stat, const ecc_key *key)
174 {
175 return _ecc_verify_hash(sig, siglen, hash, hashlen, stat, key, 0);
176 }
177
178 /**
179 Verify an ECC signature in RFC7518 format
180 @param sig The signature to verify
181 @param siglen The length of the signature (octets)
182 @param hash The hash (message digest) that was signed
183 @param hashlen The length of the hash (octets)
184 @param stat Result of signature, 1==valid, 0==invalid
185 @param key The corresponding public ECC key
186 @return CRYPT_OK if successful (even if the signature is not valid)
187 */
188 int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen,
189 const unsigned char *hash, unsigned long hashlen,
190 int *stat, const ecc_key *key)
191 {
192 return _ecc_verify_hash(sig, siglen, hash, hashlen, stat, key, 1);
193188 }
194189
195190 #endif
5555 unsigned char *buf1 = NULL, *buf2 = NULL;
5656 unsigned long buf1len, buf2len;
5757 unsigned long oid[16];
58 oid_st rsaoid;
58 const char *rsaoid;
5959 ltc_asn1_list alg_seq[2], top_seq[3];
60 ltc_asn1_list alg_seq_e[2], key_seq_e[2], top_seq_e[2];
60 ltc_asn1_list *l = NULL;
6161 unsigned char *decrypted = NULL;
6262 unsigned long decryptedlen;
6363
8282 if (err != CRYPT_OK) { goto LBL_FREE2; }
8383
8484 /* try to decode encrypted priv key */
85 LTC_SET_ASN1(key_seq_e, 0, LTC_ASN1_OCTET_STRING, buf1, buf1len);
86 LTC_SET_ASN1(key_seq_e, 1, LTC_ASN1_INTEGER, iter, 1UL);
87 LTC_SET_ASN1(alg_seq_e, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL);
88 LTC_SET_ASN1(alg_seq_e, 1, LTC_ASN1_SEQUENCE, key_seq_e, 2UL);
89 LTC_SET_ASN1(top_seq_e, 0, LTC_ASN1_SEQUENCE, alg_seq_e, 2UL);
90 LTC_SET_ASN1(top_seq_e, 1, LTC_ASN1_OCTET_STRING, buf2, buf2len);
91 err=der_decode_sequence(in, inlen, top_seq_e, 2UL);
92 if (err == CRYPT_OK) {
93 LTC_UNUSED_PARAM(passwd);
94 LTC_UNUSED_PARAM(passwdlen);
95 /* XXX: TODO encrypted pkcs8 not implemented yet */
96 /* fprintf(stderr, "decrypt: iter=%ld salt.len=%ld encdata.len=%ld\n", mp_get_int(iter), key_seq_e[0].size, top_seq_e[1].size); */
97 err = CRYPT_PK_INVALID_TYPE;
85 if ((err = pkcs8_decode_flexi(in, inlen, passwd, passwdlen, &l)) != CRYPT_OK) {
9886 goto LBL_ERR;
9987 }
100 else {
101 decrypted = (unsigned char *)in;
102 decryptedlen = inlen;
103 }
88 decrypted = l->data;
89 decryptedlen = l->size;
10490
10591 /* try to decode unencrypted priv key */
10692 LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL);
11298 if (err != CRYPT_OK) { goto LBL_ERR; }
11399
114100 /* check alg oid */
115 if ((alg_seq[0].size != rsaoid.OIDlen) ||
116 XMEMCMP(rsaoid.OID, alg_seq[0].data, rsaoid.OIDlen * sizeof(rsaoid.OID[0])) != 0) {
117 err = CRYPT_PK_INVALID_TYPE;
101 if ((err = pk_oid_cmp_with_asn1(rsaoid, &alg_seq[0])) != CRYPT_OK) {
118102 goto LBL_ERR;
119103 }
120104
137121 LBL_ERR:
138122 rsa_free(key);
139123 LBL_FREE2:
124 if (l) der_free_sequence_flexi(l);
140125 mp_clear_multi(iter, zero, NULL);
141126 XFREE(buf2);
142127 LBL_FREE1:
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8
9 #include "tomcrypt_private.h"
10
11 #ifdef LTC_CHACHA
12
13 /**
14 Encrypt (or decrypt) bytes of ciphertext (or plaintext) with ChaCha
15 @param key The key
16 @param keylen The key length
17 @param iv The initial vector
18 @param ivlen The initial vector length
19 @param datain The plaintext (or ciphertext)
20 @param datalen The length of the input and output (octets)
21 @param rounds The number of rounds
22 @param dataout [out] The ciphertext (or plaintext)
23 @return CRYPT_OK if successful
24 */
25 int chacha_memory(const unsigned char *key, unsigned long keylen, unsigned long rounds,
26 const unsigned char *iv, unsigned long ivlen, ulong64 counter,
27 const unsigned char *datain, unsigned long datalen, unsigned char *dataout)
28 {
29 chacha_state st;
30 int err;
31
32 LTC_ARGCHK(ivlen <= 8 || counter < 4294967296); /* 2**32 */
33
34 if ((err = chacha_setup(&st, key, keylen, rounds)) != CRYPT_OK) goto WIPE_KEY;
35 if (ivlen > 8) {
36 if ((err = chacha_ivctr32(&st, iv, ivlen, counter)) != CRYPT_OK) goto WIPE_KEY;
37 } else {
38 if ((err = chacha_ivctr64(&st, iv, ivlen, counter)) != CRYPT_OK) goto WIPE_KEY;
39 }
40 err = chacha_crypt(&st, datain, datalen, dataout);
41 WIPE_KEY:
42 chacha_done(&st);
43 return err;
44 }
45
46 #endif /* LTC_CHACHA */
47
48 /* ref: $Format:%D$ */
49 /* git commit: $Format:%H$ */
50 /* commit time: $Format:%ai$ */
420420 if ((err = rabbit_crypt(&st, (unsigned char*)pt + 5, 29, out + 5)) != CRYPT_OK) return err;
421421 if ((err = rabbit_crypt(&st, (unsigned char*)pt + 34, 5, out + 34)) != CRYPT_OK) return err;
422422 if (compare_testvector(out, ptlen, ct, ptlen, "RABBIT-TV3", 1)) return CRYPT_FAIL_TESTVECTOR;
423
424 /* --- Test 4 (crypt in a single call) ------------------------------------ */
425
426 if ((err = rabbit_memory(k, sizeof(k), iv, sizeof(iv),
427 (unsigned char*)pt, sizeof(pt), out)) != CRYPT_OK) return err;
428 if (compare_testvector(out, ptlen, ct, ptlen, "RABBIT-TV4", 1)) return CRYPT_FAIL_TESTVECTOR;
423429 /* use 'out' (ciphertext) in the next decryption test */
424430
425 /* --- Test 4 (decrypt ciphertext) ------------------------------------ */
431 /* --- Test 5 (decrypt ciphertext) ------------------------------------ */
426432
427433 /* decrypt ct (out) and compare with pt (start with only setiv() to reset) */
428434 if ((err = rabbit_setiv(&st, iv, sizeof(iv))) != CRYPT_OK) return err;
429435 if ((err = rabbit_crypt(&st, out, ptlen, out2)) != CRYPT_OK) return err;
430 if (compare_testvector(out2, ptlen, pt, ptlen, "RABBIT-TV4", 1)) return CRYPT_FAIL_TESTVECTOR;
431
432 /* --- Test 5 (wipe state, incl key) ---------------------------------- */
436 if (compare_testvector(out2, ptlen, pt, ptlen, "RABBIT-TV5", 1)) return CRYPT_FAIL_TESTVECTOR;
437
438 /* --- Test 6 (wipe state, incl key) ---------------------------------- */
433439
434440 if ((err = rabbit_done(&st)) != CRYPT_OK) return err;
435 if (compare_testvector(&st, sizeof(st), nulls, sizeof(st), "RABBIT-TV5", 1)) return CRYPT_FAIL_TESTVECTOR;
441 if (compare_testvector(&st, sizeof(st), nulls, sizeof(st), "RABBIT-TV6", 1)) return CRYPT_FAIL_TESTVECTOR;
436442
437443 }
438444
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8
9 /* The implementation is based on:
10 * chacha-ref.c version 20080118
11 * Public domain from D. J. Bernstein
12 */
13
14 #include "tomcrypt_private.h"
15
16 #ifdef LTC_RABBIT
17
18 /**
19 Encrypt (or decrypt) bytes of ciphertext (or plaintext) with Rabbit
20 @param key The key
21 @param keylen The key length
22 @param iv The initial vector
23 @param ivlen The initial vector length
24 @param datain The plaintext (or ciphertext)
25 @param datalen The length of the input and output (octets)
26 @param dataout [out] The ciphertext (or plaintext)
27 @return CRYPT_OK if successful
28 */
29 int rabbit_memory(const unsigned char *key, unsigned long keylen,
30 const unsigned char *iv, unsigned long ivlen,
31 const unsigned char *datain, unsigned long datalen,
32 unsigned char *dataout)
33 {
34 rabbit_state st;
35 int err;
36
37 if ((err = rabbit_setup(&st, key, keylen)) != CRYPT_OK) goto WIPE_KEY;
38 if ((err = rabbit_setiv(&st, iv, ivlen)) != CRYPT_OK) goto WIPE_KEY;
39 err = rabbit_crypt(&st, datain, datalen, dataout);
40 WIPE_KEY:
41 rabbit_done(&st);
42 return err;
43 }
44
45 #endif /* LTC_RABBIT */
46
47 /* ref: $Format:%D$ */
48 /* git commit: $Format:%H$ */
49 /* commit time: $Format:%ai$ */
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8
9 #include "tomcrypt_private.h"
10
11 #ifdef LTC_RC4_STREAM
12
13 /**
14 Encrypt (or decrypt) bytes of ciphertext (or plaintext) with RC4
15 @param key The key
16 @param keylen The key length
17 @param datain The plaintext (or ciphertext)
18 @param datalen The length of the input and output (octets)
19 @param dataout [out] The ciphertext (or plaintext)
20 @return CRYPT_OK if successful
21 */
22 int rc4_stream_memory(const unsigned char *key, unsigned long keylen,
23 const unsigned char *datain, unsigned long datalen,
24 unsigned char *dataout)
25 {
26 rc4_state st;
27 int err;
28
29 if ((err = rc4_stream_setup(&st, key, keylen)) != CRYPT_OK) goto WIPE_KEY;
30 err = rc4_stream_crypt(&st, datain, datalen, dataout);
31 WIPE_KEY:
32 rc4_stream_done(&st);
33 return err;
34 }
35
36 #endif /* LTC_RC4_STREAM */
37
38 /* ref: $Format:%D$ */
39 /* git commit: $Format:%H$ */
40 /* commit time: $Format:%ai$ */
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8
9 #include "tomcrypt_private.h"
10
11 #ifdef LTC_SALSA20
12
13 /**
14 Encrypt (or decrypt) bytes of ciphertext (or plaintext) with Salsa20
15 @param key The key
16 @param keylen The key length
17 @param iv The initial vector
18 @param ivlen The initial vector length
19 @param datain The plaintext (or ciphertext)
20 @param datalen The length of the input and output (octets)
21 @param rounds The number of rounds
22 @param dataout [out] The ciphertext (or plaintext)
23 @return CRYPT_OK if successful
24 */
25 int salsa20_memory(const unsigned char *key, unsigned long keylen, unsigned long rounds,
26 const unsigned char *iv, unsigned long ivlen, ulong64 counter,
27 const unsigned char *datain, unsigned long datalen, unsigned char *dataout)
28 {
29 salsa20_state st;
30 int err;
31
32 if ((err = salsa20_setup(&st, key, keylen, rounds)) != CRYPT_OK) goto WIPE_KEY;
33 if ((err = salsa20_ivctr64(&st, iv, ivlen, counter)) != CRYPT_OK) goto WIPE_KEY;
34 err = salsa20_crypt(&st, datain, datalen, dataout);
35 WIPE_KEY:
36 salsa20_done(&st);
37 return err;
38 }
39
40 #endif /* LTC_SALSA20 */
41
42 /* ref: $Format:%D$ */
43 /* git commit: $Format:%H$ */
44 /* commit time: $Format:%ai$ */
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8
9 #include "tomcrypt_private.h"
10
11 #ifdef LTC_XSALSA20
12
13 /**
14 Encrypt (or decrypt) bytes of ciphertext (or plaintext) with XSalsa20
15 @param key The key
16 @param keylen The key length
17 @param nonce The initial vector
18 @param noncelen The initial vector length
19 @param datain The plaintext (or ciphertext)
20 @param datalen The length of the input and output (octets)
21 @param rounds The number of rounds
22 @param dataout [out] The ciphertext (or plaintext)
23 @return CRYPT_OK if successful
24 */
25 int xsalsa20_memory(const unsigned char *key, unsigned long keylen, unsigned long rounds,
26 const unsigned char *nonce, unsigned long noncelen,
27 const unsigned char *datain, unsigned long datalen, unsigned char *dataout)
28 {
29 salsa20_state st;
30 int err;
31
32 if ((err = xsalsa20_setup(&st, key, keylen, nonce, noncelen, rounds)) != CRYPT_OK) goto WIPE_KEY;
33 err = salsa20_crypt(&st, datain, datalen, dataout);
34 WIPE_KEY:
35 salsa20_done(&st);
36 return err;
37 }
38
39 #endif /* LTC_XSALSA20 */
40
41 /* ref: $Format:%D$ */
42 /* git commit: $Format:%H$ */
43 /* commit time: $Format:%ai$ */
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8
9 #include "tomcrypt_private.h"
10
11 #ifdef LTC_SOBER128_STREAM
12
13 /**
14 Encrypt (or decrypt) bytes of ciphertext (or plaintext) with SOBER128
15 @param key The key
16 @param keylen The key length
17 @param iv The initial vector
18 @param ivlen The initial vector length
19 @param datain The plaintext (or ciphertext)
20 @param datalen The length of the input and output (octets)
21 @param dataout [out] The ciphertext (or plaintext)
22 @return CRYPT_OK if successful
23 */
24 int sober128_stream_memory(const unsigned char *key, unsigned long keylen,
25 const unsigned char *iv, unsigned long ivlen,
26 const unsigned char *datain, unsigned long datalen,
27 unsigned char *dataout)
28 {
29 sober128_state st;
30 int err;
31
32 if ((err = sober128_stream_setup(&st, key, keylen)) != CRYPT_OK) goto WIPE_KEY;
33 if ((err = sober128_stream_setiv(&st, iv, ivlen)) != CRYPT_OK) goto WIPE_KEY;
34 err = sober128_stream_crypt(&st, datain, datalen, dataout);
35 WIPE_KEY:
36 sober128_stream_done(&st);
37 return err;
38 }
39
40 #endif /* LTC_SOBER128_STREAM */
41
42 /* ref: $Format:%D$ */
43 /* git commit: $Format:%H$ */
44 /* commit time: $Format:%ai$ */
195195 /*
196196 * Initialize Sosemanuk's state by providing a key. The key is an array of
197197 * 1 to 32 bytes.
198 * @param ss The Sosemanuk state
198 * @param st The Sosemanuk state
199199 * @param key Key
200200 * @param keylen Length of key in bytes
201201 * @return CRYPT_OK on success
202202 */
203 int sosemanuk_setup(sosemanuk_state *ss, const unsigned char *key, unsigned long keylen)
203 int sosemanuk_setup(sosemanuk_state *st, const unsigned char *key, unsigned long keylen)
204204 {
205205 /*
206206 * This key schedule is actually a truncated Serpent key schedule.
215215 r2 = w ## o2; \
216216 r3 = w ## o3; \
217217 S(r0, r1, r2, r3, r4); \
218 ss->kc[i ++] = r ## d0; \
219 ss->kc[i ++] = r ## d1; \
220 ss->kc[i ++] = r ## d2; \
221 ss->kc[i ++] = r ## d3; \
218 st->kc[i ++] = r ## d0; \
219 st->kc[i ++] = r ## d1; \
220 st->kc[i ++] = r ## d2; \
221 st->kc[i ++] = r ## d3; \
222222 } while (0)
223223
224224 #define SKS0 SKS(S0, 4, 5, 6, 7, 1, 4, 2, 0)
254254 ulong32 w0, w1, w2, w3, w4, w5, w6, w7;
255255 int i = 0;
256256