New upstream version 0.070
gregor herrmann
3 years ago
0 | 0 | Changes for CryptX |
1 | ||
2 | 0.070 2021-02-12 | |
3 | - fix #66 remove -flto=auto (Makefile.PL) | |
4 | - fix #65 typo in docs (lib/Crypt/Cipher.pm) | |
5 | - bundled libtomcrypt update branch:develop (commit:910d6252 2021-01-19) | |
1 | 6 | |
2 | 7 | 0.069 2020-08-25 |
3 | 8 | - fix #64 ECC: segfault on invalid input |
3 | 3 | "Karel Miko" |
4 | 4 | ], |
5 | 5 | "dynamic_config" : 1, |
6 | "generated_by" : "ExtUtils::MakeMaker version 7.46, CPAN::Meta::Converter version 2.150010", | |
6 | "generated_by" : "ExtUtils::MakeMaker version 7.58, CPAN::Meta::Converter version 2.150010", | |
7 | 7 | "license" : [ |
8 | 8 | "perl_5" |
9 | 9 | ], |
49 | 49 | "url" : "https://github.com/DCIT/perl-CryptX" |
50 | 50 | } |
51 | 51 | }, |
52 | "version" : "0.069", | |
52 | "version" : "0.070", | |
53 | 53 | "x_serialization_backend" : "JSON::PP version 4.05" |
54 | 54 | } |
7 | 7 | configure_requires: |
8 | 8 | ExtUtils::MakeMaker: '0' |
9 | 9 | dynamic_config: 1 |
10 | generated_by: 'ExtUtils::MakeMaker version 7.46, CPAN::Meta::Converter version 2.150010' | |
10 | generated_by: 'ExtUtils::MakeMaker version 7.58, CPAN::Meta::Converter version 2.150010' | |
11 | 11 | license: perl |
12 | 12 | meta-spec: |
13 | 13 | url: http://module-build.sourceforge.net/META-spec-v1.4.html |
22 | 22 | resources: |
23 | 23 | bugtracker: https://github.com/DCIT/perl-CryptX/issues |
24 | 24 | repository: https://github.com/DCIT/perl-CryptX |
25 | version: '0.069' | |
25 | version: '0.070' | |
26 | 26 | x_serialization_backend: 'CPAN::Meta::YAML version 0.018' |
31 | 31 | $mycflags .= " $ENV{CPPFLAGS}" if $ENV{CPPFLAGS}; |
32 | 32 | |
33 | 33 | #FIX: gcc with -flto is a trouble maker see https://github.com/DCIT/perl-CryptX/issues/32 |
34 | #FIX: another issue with "-flto=auto" see https://github.com/DCIT/perl-CryptX/pull/66 | |
35 | $mycflags =~ s/-flto=[a-zA-Z0-9]+//g; # -flto=auto -flto=jobserver -flto=N ... | |
34 | 36 | $mycflags =~ s/-flto\b//g; |
35 | 37 | |
36 | 38 | #FIX: avoid -Wwrite-strings -Wcast-qual -pedantic -pedantic-errors -ansi -std=c89 |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw( ccm_encrypt_authenticate ccm_decrypt_verify )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw( chacha20poly1305_encrypt_authenticate chacha20poly1305_decrypt_verify )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw( eax_encrypt_authenticate eax_decrypt_verify )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw( gcm_encrypt_authenticate gcm_decrypt_verify )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw( ocb_encrypt_authenticate ocb_decrypt_verify )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | ### not used |
7 | 7 |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use base qw(Crypt::Checksum Exporter); |
7 | 7 | our %EXPORT_TAGS = ( all => [qw( adler32_data adler32_data_hex adler32_data_int adler32_file adler32_file_hex adler32_file_int )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use base qw(Crypt::Checksum Exporter); |
7 | 7 | our %EXPORT_TAGS = ( all => [qw( crc32_data crc32_data_hex crc32_data_int crc32_file crc32_file_hex crc32_file_int )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw/ adler32_data adler32_data_hex adler32_data_int adler32_file adler32_file_hex adler32_file_int |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Cipher); |
9 | 9 |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use Carp; |
7 | 7 | $Carp::Internal{(__PACKAGE__)}++; |
95 | 95 | |
96 | 96 | Decrypts $ciphertext and returns the $plaintext where $plaintext and $ciphertext should be of B<blocksize> bytes. |
97 | 97 | |
98 | $plaintext = $d->encrypt($ciphertext); | |
98 | $plaintext = $d->decrypt($ciphertext); | |
99 | 99 | |
100 | 100 | =head2 keysize |
101 | 101 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( blake2b_160 blake2b_160_hex blake2b_160_b64 blake2b_160_b64u blake2b_160_file blake2b_160_file_hex blake2b_160_file_b64 blake2b_160_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( blake2b_256 blake2b_256_hex blake2b_256_b64 blake2b_256_b64u blake2b_256_file blake2b_256_file_hex blake2b_256_file_b64 blake2b_256_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( blake2b_384 blake2b_384_hex blake2b_384_b64 blake2b_384_b64u blake2b_384_file blake2b_384_file_hex blake2b_384_file_b64 blake2b_384_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( blake2b_512 blake2b_512_hex blake2b_512_b64 blake2b_512_b64u blake2b_512_file blake2b_512_file_hex blake2b_512_file_b64 blake2b_512_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( blake2s_128 blake2s_128_hex blake2s_128_b64 blake2s_128_b64u blake2s_128_file blake2s_128_file_hex blake2s_128_file_b64 blake2s_128_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( blake2s_160 blake2s_160_hex blake2s_160_b64 blake2s_160_b64u blake2s_160_file blake2s_160_file_hex blake2s_160_file_b64 blake2s_160_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( blake2s_224 blake2s_224_hex blake2s_224_b64 blake2s_224_b64u blake2s_224_file blake2s_224_file_hex blake2s_224_file_b64 blake2s_224_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( blake2s_256 blake2s_256_hex blake2s_256_b64 blake2s_256_b64u blake2s_256_file blake2s_256_file_hex blake2s_256_file_b64 blake2s_256_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( chaes chaes_hex chaes_b64 chaes_b64u chaes_file chaes_file_hex chaes_file_b64 chaes_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( keccak224 keccak224_hex keccak224_b64 keccak224_b64u keccak224_file keccak224_file_hex keccak224_file_b64 keccak224_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( keccak256 keccak256_hex keccak256_b64 keccak256_b64u keccak256_file keccak256_file_hex keccak256_file_b64 keccak256_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( keccak384 keccak384_hex keccak384_b64 keccak384_b64u keccak384_file keccak384_file_hex keccak384_file_b64 keccak384_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( keccak512 keccak512_hex keccak512_b64 keccak512_b64u keccak512_file keccak512_file_hex keccak512_file_b64 keccak512_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( md2 md2_hex md2_b64 md2_b64u md2_file md2_file_hex md2_file_b64 md2_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( md4 md4_hex md4_b64 md4_b64u md4_file md4_file_hex md4_file_b64 md4_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( md5 md5_hex md5_b64 md5_b64u md5_file md5_file_hex md5_file_b64 md5_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( ripemd128 ripemd128_hex ripemd128_b64 ripemd128_b64u ripemd128_file ripemd128_file_hex ripemd128_file_b64 ripemd128_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( ripemd160 ripemd160_hex ripemd160_b64 ripemd160_b64u ripemd160_file ripemd160_file_hex ripemd160_file_b64 ripemd160_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( ripemd256 ripemd256_hex ripemd256_b64 ripemd256_b64u ripemd256_file ripemd256_file_hex ripemd256_file_b64 ripemd256_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( ripemd320 ripemd320_hex ripemd320_b64 ripemd320_b64u ripemd320_file ripemd320_file_hex ripemd320_file_b64 ripemd320_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( sha1 sha1_hex sha1_b64 sha1_b64u sha1_file sha1_file_hex sha1_file_b64 sha1_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( sha224 sha224_hex sha224_b64 sha224_b64u sha224_file sha224_file_hex sha224_file_b64 sha224_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( sha256 sha256_hex sha256_b64 sha256_b64u sha256_file sha256_file_hex sha256_file_b64 sha256_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( sha384 sha384_hex sha384_b64 sha384_b64u sha384_file sha384_file_hex sha384_file_b64 sha384_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( sha3_224 sha3_224_hex sha3_224_b64 sha3_224_b64u sha3_224_file sha3_224_file_hex sha3_224_file_b64 sha3_224_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( sha3_256 sha3_256_hex sha3_256_b64 sha3_256_b64u sha3_256_file sha3_256_file_hex sha3_256_file_b64 sha3_256_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( sha3_384 sha3_384_hex sha3_384_b64 sha3_384_b64u sha3_384_file sha3_384_file_hex sha3_384_file_b64 sha3_384_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( sha3_512 sha3_512_hex sha3_512_b64 sha3_512_b64u sha3_512_file sha3_512_file_hex sha3_512_file_b64 sha3_512_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( sha512 sha512_hex sha512_b64 sha512_b64u sha512_file sha512_file_hex sha512_file_b64 sha512_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( sha512_224 sha512_224_hex sha512_224_b64 sha512_224_b64u sha512_224_file sha512_224_file_hex sha512_224_file_b64 sha512_224_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( sha512_256 sha512_256_hex sha512_256_b64 sha512_256_b64u sha512_256_file sha512_256_file_hex sha512_256_file_b64 sha512_256_file_b64u )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use Carp; |
7 | 7 | $Carp::Internal{(__PACKAGE__)}++; |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( tiger192 tiger192_hex tiger192_b64 tiger192_b64u tiger192_file tiger192_file_hex tiger192_file_b64 tiger192_file_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Digest Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( whirlpool whirlpool_hex whirlpool_b64 whirlpool_b64u whirlpool_file whirlpool_file_hex whirlpool_file_b64 whirlpool_file_b64u )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw( digest_data digest_data_hex digest_data_b64 digest_data_b64u digest_file digest_file_hex digest_file_b64 digest_file_b64u )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw(pbkdf1 pbkdf2 hkdf hkdf_expand hkdf_extract)] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Mac Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( blake2b blake2b_hex blake2b_b64 blake2b_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Mac Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( blake2s blake2s_hex blake2s_b64 blake2s_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Mac Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( f9 f9_hex f9_b64 f9_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Mac Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( hmac hmac_hex hmac_b64 hmac_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Mac Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( omac omac_hex omac_b64 omac_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Mac Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( pmac pmac_hex pmac_b64 pmac_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Mac Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( pelican pelican_hex pelican_b64 pelican_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Mac Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( poly1305 poly1305_hex poly1305_b64 poly1305_b64u )] ); |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use base qw(Crypt::Mac Exporter); |
9 | 9 | our %EXPORT_TAGS = ( all => [qw( xcbc xcbc_hex xcbc_b64 xcbc_b64u )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use Carp; |
7 | 7 | $Carp::Internal{(__PACKAGE__)}++; |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | use Carp 'croak'; |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use Crypt::Cipher; |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use Crypt::Cipher; |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use Crypt::Cipher; |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use Crypt::Cipher; |
9 | 9 |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use warnings; |
6 | our $VERSION = '0.069'; | |
6 | our $VERSION = '0.070'; | |
7 | 7 | |
8 | 8 | use Crypt::Cipher; |
9 | 9 |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | ### not used |
7 | 7 |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw( dh_shared_secret )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw( dsa_encrypt dsa_decrypt dsa_sign_message dsa_verify_message dsa_sign_hash dsa_verify_hash )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw( ecc_encrypt ecc_decrypt ecc_sign_message ecc_verify_message ecc_sign_hash ecc_verify_hash ecc_shared_secret )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw( )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw(rsa_encrypt rsa_decrypt rsa_sign_message rsa_verify_message rsa_sign_hash rsa_verify_hash)] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw( )] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use Carp; |
7 | 7 |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use base qw(Crypt::PRNG Exporter); |
7 | 7 | our %EXPORT_TAGS = ( all => [qw(random_bytes random_bytes_hex random_bytes_b64 random_bytes_b64u random_string random_string_from rand irand)] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use base qw(Crypt::PRNG Exporter); |
7 | 7 | our %EXPORT_TAGS = ( all => [qw(random_bytes random_bytes_hex random_bytes_b64 random_bytes_b64u random_string random_string_from rand irand)] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use base qw(Crypt::PRNG Exporter); |
7 | 7 | our %EXPORT_TAGS = ( all => [qw(random_bytes random_bytes_hex random_bytes_b64 random_bytes_b64u random_string random_string_from rand irand)] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use base qw(Crypt::PRNG Exporter); |
7 | 7 | our %EXPORT_TAGS = ( all => [qw(random_bytes random_bytes_hex random_bytes_b64 random_bytes_b64u random_string random_string_from rand irand)] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use base qw(Crypt::PRNG Exporter); |
7 | 7 | our %EXPORT_TAGS = ( all => [qw(random_bytes random_bytes_hex random_bytes_b64 random_bytes_b64u random_string random_string_from rand irand)] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import'; |
7 | 7 | our %EXPORT_TAGS = ( all => [qw(random_bytes random_bytes_hex random_bytes_b64 random_bytes_b64u random_string random_string_from rand irand)] ); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use CryptX; |
7 | 7 |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use CryptX; |
7 | 7 |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use CryptX; |
7 | 7 |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use CryptX; |
7 | 7 |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use CryptX; |
7 | 7 |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use CryptX; |
7 | 7 |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings ; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | require XSLoader; |
7 | 7 | XSLoader::load('CryptX', $VERSION); |
1 | 1 | |
2 | 2 | use strict; |
3 | 3 | use warnings; |
4 | our $VERSION = '0.069'; | |
4 | our $VERSION = '0.070'; | |
5 | 5 | |
6 | 6 | use CryptX; |
7 | 7 | use Carp; |
79 | 79 | |
80 | 80 | #endif |
81 | 81 | |
82 | #define __LTC_AES_TAB_C__ | |
82 | #define LTC_AES_TAB_C | |
83 | 83 | #include "aes_tab.c" |
84 | 84 | |
85 | 85 | static ulong32 setup_mix(ulong32 temp) |
274 | 274 | @return CRYPT_OK if successful |
275 | 275 | */ |
276 | 276 | #ifdef LTC_CLEAN_STACK |
277 | static int _rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
277 | static int s_rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
278 | 278 | #else |
279 | 279 | int ECB_ENC(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
280 | 280 | #endif |
442 | 442 | #ifdef LTC_CLEAN_STACK |
443 | 443 | int ECB_ENC(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
444 | 444 | { |
445 | int err = _rijndael_ecb_encrypt(pt, ct, skey); | |
445 | int err = s_rijndael_ecb_encrypt(pt, ct, skey); | |
446 | 446 | burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2); |
447 | 447 | return err; |
448 | 448 | } |
458 | 458 | @return CRYPT_OK if successful |
459 | 459 | */ |
460 | 460 | #ifdef LTC_CLEAN_STACK |
461 | static int _rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
461 | static int s_rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
462 | 462 | #else |
463 | 463 | int ECB_DEC(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
464 | 464 | #endif |
627 | 627 | #ifdef LTC_CLEAN_STACK |
628 | 628 | int ECB_DEC(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
629 | 629 | { |
630 | int err = _rijndael_ecb_decrypt(ct, pt, skey); | |
630 | int err = s_rijndael_ecb_decrypt(ct, pt, skey); | |
631 | 631 | burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2); |
632 | 632 | return err; |
633 | 633 | } |
14 | 14 | Td4[x] = Si[x].[01, 01, 01, 01]; |
15 | 15 | */ |
16 | 16 | |
17 | #ifdef __LTC_AES_TAB_C__ | |
17 | #ifdef LTC_AES_TAB_C | |
18 | 18 | |
19 | 19 | /** |
20 | 20 | @file aes_tab.c |
1018 | 1018 | }; |
1019 | 1019 | #endif |
1020 | 1020 | |
1021 | #endif /* __LTC_AES_TAB_C__ */ | |
1021 | #endif /* LTC_AES_TAB_C */ |
875 | 875 | @return CRYPT_OK if successful |
876 | 876 | */ |
877 | 877 | #ifdef LTC_CLEAN_STACK |
878 | static int _anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) | |
878 | static int s_anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) | |
879 | 879 | #else |
880 | 880 | int anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) |
881 | 881 | #endif |
1012 | 1012 | int anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) |
1013 | 1013 | { |
1014 | 1014 | int err; |
1015 | err = _anubis_setup(key, keylen, num_rounds, skey); | |
1015 | err = s_anubis_setup(key, keylen, num_rounds, skey); | |
1016 | 1016 | burn_stack(sizeof(int) * 5 + sizeof(ulong32) * (MAX_N + MAX_N + 5)); |
1017 | 1017 | return err; |
1018 | 1018 | } |
471 | 471 | @return CRYPT_OK if successful |
472 | 472 | */ |
473 | 473 | #ifdef LTC_CLEAN_STACK |
474 | static int _blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
474 | static int s_blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
475 | 475 | #else |
476 | 476 | int blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
477 | 477 | #endif |
498 | 498 | #ifdef LTC_CLEAN_STACK |
499 | 499 | int blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
500 | 500 | { |
501 | int err = _blowfish_ecb_encrypt(pt, ct, skey); | |
501 | int err = s_blowfish_ecb_encrypt(pt, ct, skey); | |
502 | 502 | burn_stack(sizeof(ulong32) * 2 + sizeof(int)); |
503 | 503 | return err; |
504 | 504 | } |
512 | 512 | @return CRYPT_OK if successful |
513 | 513 | */ |
514 | 514 | #ifdef LTC_CLEAN_STACK |
515 | static int _blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
515 | static int s_blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
516 | 516 | #else |
517 | 517 | int blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
518 | 518 | #endif |
559 | 559 | #ifdef LTC_CLEAN_STACK |
560 | 560 | int blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
561 | 561 | { |
562 | int err = _blowfish_ecb_decrypt(ct, pt, skey); | |
562 | int err = s_blowfish_ecb_decrypt(ct, pt, skey); | |
563 | 563 | burn_stack(sizeof(ulong32) * 2 + sizeof(int)); |
564 | 564 | return err; |
565 | 565 | } |
397 | 397 | @return CRYPT_OK if successful |
398 | 398 | */ |
399 | 399 | #ifdef LTC_CLEAN_STACK |
400 | static int _cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) | |
400 | static int s_cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) | |
401 | 401 | #else |
402 | 402 | int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) |
403 | 403 | #endif |
484 | 484 | int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) |
485 | 485 | { |
486 | 486 | int z; |
487 | z = _cast5_setup(key, keylen, num_rounds, skey); | |
487 | z = s_cast5_setup(key, keylen, num_rounds, skey); | |
488 | 488 | burn_stack(sizeof(ulong32)*8 + 16 + sizeof(int)*2); |
489 | 489 | return z; |
490 | 490 | } |
491 | 491 | #endif |
492 | 492 | |
493 | #ifdef _MSC_VER | |
494 | #define INLINE __inline | |
495 | #else | |
496 | #define INLINE | |
497 | #endif | |
498 | ||
499 | INLINE static ulong32 FI(ulong32 R, ulong32 Km, ulong32 Kr) | |
493 | LTC_INLINE static ulong32 FI(ulong32 R, ulong32 Km, ulong32 Kr) | |
500 | 494 | { |
501 | 495 | ulong32 I; |
502 | 496 | I = (Km + R); |
504 | 498 | return ((S1[LTC_BYTE(I, 3)] ^ S2[LTC_BYTE(I,2)]) - S3[LTC_BYTE(I,1)]) + S4[LTC_BYTE(I,0)]; |
505 | 499 | } |
506 | 500 | |
507 | INLINE static ulong32 FII(ulong32 R, ulong32 Km, ulong32 Kr) | |
501 | LTC_INLINE static ulong32 FII(ulong32 R, ulong32 Km, ulong32 Kr) | |
508 | 502 | { |
509 | 503 | ulong32 I; |
510 | 504 | I = (Km ^ R); |
512 | 506 | return ((S1[LTC_BYTE(I, 3)] - S2[LTC_BYTE(I,2)]) + S3[LTC_BYTE(I,1)]) ^ S4[LTC_BYTE(I,0)]; |
513 | 507 | } |
514 | 508 | |
515 | INLINE static ulong32 FIII(ulong32 R, ulong32 Km, ulong32 Kr) | |
509 | LTC_INLINE static ulong32 FIII(ulong32 R, ulong32 Km, ulong32 Kr) | |
516 | 510 | { |
517 | 511 | ulong32 I; |
518 | 512 | I = (Km - R); |
527 | 521 | @param skey The key as scheduled |
528 | 522 | */ |
529 | 523 | #ifdef LTC_CLEAN_STACK |
530 | static int _cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
524 | static int s_cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
531 | 525 | #else |
532 | 526 | int cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
533 | 527 | #endif |
567 | 561 | #ifdef LTC_CLEAN_STACK |
568 | 562 | int cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
569 | 563 | { |
570 | int err =_cast5_ecb_encrypt(pt,ct,skey); | |
564 | int err = s_cast5_ecb_encrypt(pt,ct,skey); | |
571 | 565 | burn_stack(sizeof(ulong32)*3); |
572 | 566 | return err; |
573 | 567 | } |
580 | 574 | @param skey The key as scheduled |
581 | 575 | */ |
582 | 576 | #ifdef LTC_CLEAN_STACK |
583 | static int _cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
577 | static int s_cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
584 | 578 | #else |
585 | 579 | int cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
586 | 580 | #endif |
620 | 614 | #ifdef LTC_CLEAN_STACK |
621 | 615 | int cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
622 | 616 | { |
623 | int err = _cast5_ecb_decrypt(ct,pt,skey); | |
617 | int err = s_cast5_ecb_decrypt(ct,pt,skey); | |
624 | 618 | burn_stack(sizeof(ulong32)*3); |
625 | 619 | return err; |
626 | 620 | } |
1292 | 1292 | static void cookey(const ulong32 *raw1, ulong32 *keyout); |
1293 | 1293 | |
1294 | 1294 | #ifdef LTC_CLEAN_STACK |
1295 | static void _deskey(const unsigned char *key, short edf, ulong32 *keyout) | |
1295 | static void s_deskey(const unsigned char *key, short edf, ulong32 *keyout) | |
1296 | 1296 | #else |
1297 | 1297 | static void deskey(const unsigned char *key, short edf, ulong32 *keyout) |
1298 | 1298 | #endif |
1346 | 1346 | #ifdef LTC_CLEAN_STACK |
1347 | 1347 | static void deskey(const unsigned char *key, short edf, ulong32 *keyout) |
1348 | 1348 | { |
1349 | _deskey(key, edf, keyout); | |
1349 | s_deskey(key, edf, keyout); | |
1350 | 1350 | burn_stack(sizeof(int)*5 + sizeof(ulong32)*32 + sizeof(unsigned char)*112); |
1351 | 1351 | } |
1352 | 1352 | #endif |
1353 | 1353 | |
1354 | 1354 | #ifdef LTC_CLEAN_STACK |
1355 | static void _cookey(const ulong32 *raw1, ulong32 *keyout) | |
1355 | static void s_cookey(const ulong32 *raw1, ulong32 *keyout) | |
1356 | 1356 | #else |
1357 | 1357 | static void cookey(const ulong32 *raw1, ulong32 *keyout) |
1358 | 1358 | #endif |
1382 | 1382 | #ifdef LTC_CLEAN_STACK |
1383 | 1383 | static void cookey(const ulong32 *raw1, ulong32 *keyout) |
1384 | 1384 | { |
1385 | _cookey(raw1, keyout); | |
1385 | s_cookey(raw1, keyout); | |
1386 | 1386 | burn_stack(sizeof(ulong32 *) * 2 + sizeof(ulong32)*32 + sizeof(int)); |
1387 | 1387 | } |
1388 | 1388 | #endif |
1390 | 1390 | #ifndef LTC_CLEAN_STACK |
1391 | 1391 | static void desfunc(ulong32 *block, const ulong32 *keys) |
1392 | 1392 | #else |
1393 | static void _desfunc(ulong32 *block, const ulong32 *keys) | |
1393 | static void s_desfunc(ulong32 *block, const ulong32 *keys) | |
1394 | 1394 | #endif |
1395 | 1395 | { |
1396 | 1396 | ulong32 work, right, leftt; |
1504 | 1504 | #ifdef LTC_CLEAN_STACK |
1505 | 1505 | static void desfunc(ulong32 *block, const ulong32 *keys) |
1506 | 1506 | { |
1507 | _desfunc(block, keys); | |
1507 | s_desfunc(block, keys); | |
1508 | 1508 | burn_stack(sizeof(ulong32) * 4 + sizeof(int)); |
1509 | 1509 | } |
1510 | 1510 | #endif |
34 | 34 | |
35 | 35 | typedef unsigned short int ushort16; |
36 | 36 | |
37 | #define _LOW16(x) ((x)&0xffff) /* compiler should be able to optimize this away if x is 16 bits */ | |
38 | #define _HIGH16(x) ((x)>>16) | |
39 | #define _MUL(a,b) { \ | |
40 | ulong32 p = (ulong32)_LOW16(a) * b; \ | |
37 | #define LOW16(x) ((x)&0xffff) /* compiler should be able to optimize this away if x is 16 bits */ | |
38 | #define HIGH16(x) ((x)>>16) | |
39 | #define MUL(a,b) { \ | |
40 | ulong32 p = (ulong32)LOW16(a) * b; \ | |
41 | 41 | if (p) { \ |
42 | p = _LOW16(p) - _HIGH16(p); \ | |
43 | a = (ushort16)p - (ushort16)_HIGH16(p); \ | |
42 | p = LOW16(p) - HIGH16(p); \ | |
43 | a = (ushort16)p - (ushort16)HIGH16(p); \ | |
44 | 44 | } \ |
45 | 45 | else \ |
46 | 46 | a = 1 - a - b; \ |
47 | 47 | } |
48 | #define _STORE16(x,y) { (y)[0] = (unsigned char)(((x)>>8)&255); (y)[1] = (unsigned char)((x)&255); } | |
49 | #define _LOAD16(x,y) { x = ((ushort16)((y)[0] & 255)<<8) | ((ushort16)((y)[1] & 255)); } | |
50 | ||
51 | static ushort16 _mul_inv(ushort16 x) | |
48 | #define STORE16(x,y) { (y)[0] = (unsigned char)(((x)>>8)&255); (y)[1] = (unsigned char)((x)&255); } | |
49 | #define LOAD16(x,y) { x = ((ushort16)((y)[0] & 255)<<8) | ((ushort16)((y)[1] & 255)); } | |
50 | ||
51 | static ushort16 s_mul_inv(ushort16 x) | |
52 | 52 | { |
53 | 53 | ushort16 y = x; |
54 | 54 | unsigned i; |
55 | 55 | |
56 | 56 | for (i = 0; i < 15; i++) { |
57 | _MUL(y, _LOW16(y)); | |
58 | _MUL(y, x); | |
59 | } | |
60 | return _LOW16(y); | |
61 | } | |
62 | ||
63 | static ushort16 _add_inv(ushort16 x) | |
64 | { | |
65 | return _LOW16(0 - x); | |
66 | } | |
67 | ||
68 | static int _setup_key(const unsigned char *key, symmetric_key *skey) | |
57 | MUL(y, LOW16(y)); | |
58 | MUL(y, x); | |
59 | } | |
60 | return LOW16(y); | |
61 | } | |
62 | ||
63 | static ushort16 s_add_inv(ushort16 x) | |
64 | { | |
65 | return LOW16(0 - x); | |
66 | } | |
67 | ||
68 | static int s_setup_key(const unsigned char *key, symmetric_key *skey) | |
69 | 69 | { |
70 | 70 | int i, j; |
71 | 71 | ushort16 *e_key = skey->idea.ek; |
73 | 73 | |
74 | 74 | /* prepare enc key */ |
75 | 75 | for (i = 0; i < 8; i++) { |
76 | _LOAD16(e_key[i], key + 2 * i); | |
76 | LOAD16(e_key[i], key + 2 * i); | |
77 | 77 | } |
78 | 78 | for (; i < LTC_IDEA_KEYLEN; i++) { |
79 | 79 | j = (i - i % 8) - 8; |
80 | e_key[i] = _LOW16((e_key[j+(i+1)%8] << 9) | (e_key[j+(i+2)%8] >> 7)); | |
80 | e_key[i] = LOW16((e_key[j+(i+1)%8] << 9) | (e_key[j+(i+2)%8] >> 7)); | |
81 | 81 | } |
82 | 82 | |
83 | 83 | /* prepare dec key */ |
84 | 84 | for (i = 0; i < LTC_IDEA_ROUNDS; i++) { |
85 | d_key[i*6+0] = _mul_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+0]); | |
86 | d_key[i*6+1] = _add_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+1+(i>0 ? 1 : 0)]); | |
87 | d_key[i*6+2] = _add_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+2-(i>0 ? 1 : 0)]); | |
88 | d_key[i*6+3] = _mul_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+3]); | |
89 | d_key[i*6+4] = e_key[(LTC_IDEA_ROUNDS-1-i)*6+4]; | |
90 | d_key[i*6+5] = e_key[(LTC_IDEA_ROUNDS-1-i)*6+5]; | |
91 | } | |
92 | d_key[i*6+0] = _mul_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+0]); | |
93 | d_key[i*6+1] = _add_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+1]); | |
94 | d_key[i*6+2] = _add_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+2]); | |
95 | d_key[i*6+3] = _mul_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+3]); | |
96 | ||
97 | return CRYPT_OK; | |
98 | } | |
99 | ||
100 | static int _process_block(const unsigned char *in, unsigned char *out, const ushort16 *m_key) | |
85 | d_key[i*6+0] = s_mul_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+0]); | |
86 | d_key[i*6+1] = s_add_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+1+(i>0 ? 1 : 0)]); | |
87 | d_key[i*6+2] = s_add_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+2-(i>0 ? 1 : 0)]); | |
88 | d_key[i*6+3] = s_mul_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+3]); | |
89 | d_key[i*6+4] = e_key[(LTC_IDEA_ROUNDS-1-i)*6+4]; | |
90 | d_key[i*6+5] = e_key[(LTC_IDEA_ROUNDS-1-i)*6+5]; | |
91 | } | |
92 | d_key[i*6+0] = s_mul_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+0]); | |
93 | d_key[i*6+1] = s_add_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+1]); | |
94 | d_key[i*6+2] = s_add_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+2]); | |
95 | d_key[i*6+3] = s_mul_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+3]); | |
96 | ||
97 | return CRYPT_OK; | |
98 | } | |
99 | ||
100 | static int s_process_block(const unsigned char *in, unsigned char *out, const ushort16 *m_key) | |
101 | 101 | { |
102 | 102 | int i; |
103 | 103 | ushort16 x0, x1, x2, x3, t0, t1; |
104 | 104 | |
105 | _LOAD16(x0, in + 0); | |
106 | _LOAD16(x1, in + 2); | |
107 | _LOAD16(x2, in + 4); | |
108 | _LOAD16(x3, in + 6); | |
105 | LOAD16(x0, in + 0); | |
106 | LOAD16(x1, in + 2); | |
107 | LOAD16(x2, in + 4); | |
108 | LOAD16(x3, in + 6); | |
109 | 109 | |
110 | 110 | for (i = 0; i < LTC_IDEA_ROUNDS; i++) { |
111 | _MUL(x0, m_key[i*6+0]); | |
111 | MUL(x0, m_key[i*6+0]); | |
112 | 112 | x1 += m_key[i*6+1]; |
113 | 113 | x2 += m_key[i*6+2]; |
114 | _MUL(x3, m_key[i*6+3]); | |
114 | MUL(x3, m_key[i*6+3]); | |
115 | 115 | t0 = x0^x2; |
116 | _MUL(t0, m_key[i*6+4]); | |
116 | MUL(t0, m_key[i*6+4]); | |
117 | 117 | t1 = t0 + (x1^x3); |
118 | _MUL(t1, m_key[i*6+5]); | |
118 | MUL(t1, m_key[i*6+5]); | |
119 | 119 | t0 += t1; |
120 | 120 | x0 ^= t1; |
121 | 121 | x3 ^= t0; |
124 | 124 | x2 = t0; |
125 | 125 | } |
126 | 126 | |
127 | _MUL(x0, m_key[LTC_IDEA_ROUNDS*6+0]); | |
127 | MUL(x0, m_key[LTC_IDEA_ROUNDS*6+0]); | |
128 | 128 | x2 += m_key[LTC_IDEA_ROUNDS*6+1]; |
129 | 129 | x1 += m_key[LTC_IDEA_ROUNDS*6+2]; |
130 | _MUL(x3, m_key[LTC_IDEA_ROUNDS*6+3]); | |
131 | ||
132 | _STORE16(x0, out + 0); | |
133 | _STORE16(x2, out + 2); | |
134 | _STORE16(x1, out + 4); | |
135 | _STORE16(x3, out + 6); | |
130 | MUL(x3, m_key[LTC_IDEA_ROUNDS*6+3]); | |
131 | ||
132 | STORE16(x0, out + 0); | |
133 | STORE16(x2, out + 2); | |
134 | STORE16(x1, out + 4); | |
135 | STORE16(x3, out + 6); | |
136 | 136 | |
137 | 137 | return CRYPT_OK; |
138 | 138 | } |
145 | 145 | if (num_rounds != 0 && num_rounds != 8) return CRYPT_INVALID_ROUNDS; |
146 | 146 | if (keylen != 16) return CRYPT_INVALID_KEYSIZE; |
147 | 147 | |
148 | return _setup_key(key, skey); | |
148 | return s_setup_key(key, skey); | |
149 | 149 | } |
150 | 150 | |
151 | 151 | int idea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
152 | 152 | { |
153 | int err = _process_block(pt, ct, skey->idea.ek); | |
153 | int err = s_process_block(pt, ct, skey->idea.ek); | |
154 | 154 | #ifdef LTC_CLEAN_STACK |
155 | 155 | burn_stack(sizeof(ushort16) * 6 + sizeof(int)); |
156 | 156 | #endif |
159 | 159 | |
160 | 160 | int idea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
161 | 161 | { |
162 | int err = _process_block(ct, pt, skey->idea.dk); | |
162 | int err = s_process_block(ct, pt, skey->idea.dk); | |
163 | 163 | #ifdef LTC_CLEAN_STACK |
164 | 164 | burn_stack(sizeof(ushort16) * 6 + sizeof(int)); |
165 | 165 | #endif |
8 | 8 | |
9 | 9 | #ifdef LTC_MULTI2 |
10 | 10 | |
11 | static void pi1(ulong32 *p) | |
11 | static void s_pi1(ulong32 *p) | |
12 | 12 | { |
13 | 13 | p[1] ^= p[0]; |
14 | 14 | } |
15 | 15 | |
16 | static void pi2(ulong32 *p, const ulong32 *k) | |
16 | static void s_pi2(ulong32 *p, const ulong32 *k) | |
17 | 17 | { |
18 | 18 | ulong32 t; |
19 | 19 | t = (p[1] + k[0]) & 0xFFFFFFFFUL; |
22 | 22 | p[0] ^= t; |
23 | 23 | } |
24 | 24 | |
25 | static void pi3(ulong32 *p, const ulong32 *k) | |
25 | static void s_pi3(ulong32 *p, const ulong32 *k) | |
26 | 26 | { |
27 | 27 | ulong32 t; |
28 | 28 | t = p[0] + k[1]; |
34 | 34 | p[1] ^= t; |
35 | 35 | } |
36 | 36 | |
37 | static void pi4(ulong32 *p, const ulong32 *k) | |
37 | static void s_pi4(ulong32 *p, const ulong32 *k) | |
38 | 38 | { |
39 | 39 | ulong32 t; |
40 | 40 | t = (p[1] + k[3]) & 0xFFFFFFFFUL; |
42 | 42 | p[0] ^= t; |
43 | 43 | } |
44 | 44 | |
45 | static void setup(const ulong32 *dk, const ulong32 *k, ulong32 *uk) | |
45 | static void s_setup(const ulong32 *dk, const ulong32 *k, ulong32 *uk) | |
46 | 46 | { |
47 | 47 | int n, t; |
48 | 48 | ulong32 p[2]; |
51 | 51 | |
52 | 52 | t = 4; |
53 | 53 | n = 0; |
54 | pi1(p); | |
55 | pi2(p, k); | |
54 | s_pi1(p); | |
55 | s_pi2(p, k); | |
56 | 56 | uk[n++] = p[0]; |
57 | pi3(p, k); | |
57 | s_pi3(p, k); | |
58 | 58 | uk[n++] = p[1]; |
59 | pi4(p, k); | |
59 | s_pi4(p, k); | |
60 | 60 | uk[n++] = p[0]; |
61 | pi1(p); | |
61 | s_pi1(p); | |
62 | 62 | uk[n++] = p[1]; |
63 | pi2(p, k+t); | |
63 | s_pi2(p, k+t); | |
64 | 64 | uk[n++] = p[0]; |
65 | pi3(p, k+t); | |
65 | s_pi3(p, k+t); | |
66 | 66 | uk[n++] = p[1]; |
67 | pi4(p, k+t); | |
67 | s_pi4(p, k+t); | |
68 | 68 | uk[n++] = p[0]; |
69 | pi1(p); | |
69 | s_pi1(p); | |
70 | 70 | uk[n++] = p[1]; |
71 | 71 | } |
72 | 72 | |
73 | static void encrypt(ulong32 *p, int N, const ulong32 *uk) | |
73 | static void s_encrypt(ulong32 *p, int N, const ulong32 *uk) | |
74 | 74 | { |
75 | 75 | int n, t; |
76 | 76 | for (t = n = 0; ; ) { |
77 | pi1(p); if (++n == N) break; | |
78 | pi2(p, uk+t); if (++n == N) break; | |
79 | pi3(p, uk+t); if (++n == N) break; | |
80 | pi4(p, uk+t); if (++n == N) break; | |
77 | s_pi1(p); if (++n == N) break; | |
78 | s_pi2(p, uk+t); if (++n == N) break; | |
79 | s_pi3(p, uk+t); if (++n == N) break; | |
80 | s_pi4(p, uk+t); if (++n == N) break; | |
81 | 81 | t ^= 4; |
82 | 82 | } |
83 | 83 | } |
84 | 84 | |
85 | static void decrypt(ulong32 *p, int N, const ulong32 *uk) | |
85 | static void s_decrypt(ulong32 *p, int N, const ulong32 *uk) | |
86 | 86 | { |
87 | 87 | int n, t; |
88 | 88 | for (t = 4*(((N-1)>>2)&1), n = N; ; ) { |
89 | 89 | switch (n<=4 ? n : ((n-1)%4)+1) { |
90 | case 4: pi4(p, uk+t); --n; /* FALLTHROUGH */ | |
91 | case 3: pi3(p, uk+t); --n; /* FALLTHROUGH */ | |
92 | case 2: pi2(p, uk+t); --n; /* FALLTHROUGH */ | |
93 | case 1: pi1(p); --n; break; | |
90 | case 4: s_pi4(p, uk+t); --n; /* FALLTHROUGH */ | |
91 | case 3: s_pi3(p, uk+t); --n; /* FALLTHROUGH */ | |
92 | case 2: s_pi2(p, uk+t); --n; /* FALLTHROUGH */ | |
93 | case 1: s_pi1(p); --n; break; | |
94 | 94 | case 0: return; |
95 | 95 | } |
96 | 96 | t ^= 4; |
127 | 127 | } |
128 | 128 | LOAD32H(dk[0], key + 32); |
129 | 129 | LOAD32H(dk[1], key + 36); |
130 | setup(dk, sk, skey->multi2.uk); | |
130 | s_setup(dk, sk, skey->multi2.uk); | |
131 | 131 | |
132 | 132 | zeromem(sk, sizeof(sk)); |
133 | 133 | zeromem(dk, sizeof(dk)); |
149 | 149 | LTC_ARGCHK(skey != NULL); |
150 | 150 | LOAD32H(p[0], pt); |
151 | 151 | LOAD32H(p[1], pt+4); |
152 | encrypt(p, skey->multi2.N, skey->multi2.uk); | |
152 | s_encrypt(p, skey->multi2.N, skey->multi2.uk); | |
153 | 153 | STORE32H(p[0], ct); |
154 | 154 | STORE32H(p[1], ct+4); |
155 | 155 | return CRYPT_OK; |
170 | 170 | LTC_ARGCHK(skey != NULL); |
171 | 171 | LOAD32H(p[0], ct); |
172 | 172 | LOAD32H(p[1], ct+4); |
173 | decrypt(p, skey->multi2.N, skey->multi2.uk); | |
173 | s_decrypt(p, skey->multi2.N, skey->multi2.uk); | |
174 | 174 | STORE32H(p[0], pt); |
175 | 175 | STORE32H(p[1], pt+4); |
176 | 176 | return CRYPT_OK; |
101 | 101 | @return CRYPT_OK if successful |
102 | 102 | */ |
103 | 103 | #ifdef LTC_CLEAN_STACK |
104 | static int _noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
104 | static int s_noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
105 | 105 | #else |
106 | 106 | int noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
107 | 107 | #endif |
141 | 141 | #ifdef LTC_CLEAN_STACK |
142 | 142 | int noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
143 | 143 | { |
144 | int err = _noekeon_ecb_encrypt(pt, ct, skey); | |
144 | int err = s_noekeon_ecb_encrypt(pt, ct, skey); | |
145 | 145 | burn_stack(sizeof(ulong32) * 5 + sizeof(int)); |
146 | 146 | return err; |
147 | 147 | } |
155 | 155 | @return CRYPT_OK if successful |
156 | 156 | */ |
157 | 157 | #ifdef LTC_CLEAN_STACK |
158 | static int _noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
158 | static int s_noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
159 | 159 | #else |
160 | 160 | int noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
161 | 161 | #endif |
194 | 194 | #ifdef LTC_CLEAN_STACK |
195 | 195 | int noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
196 | 196 | { |
197 | int err = _noekeon_ecb_decrypt(ct, pt, skey); | |
197 | int err = s_noekeon_ecb_decrypt(ct, pt, skey); | |
198 | 198 | burn_stack(sizeof(ulong32) * 5 + sizeof(int)); |
199 | 199 | return err; |
200 | 200 | } |
138 | 138 | @return CRYPT_OK if successful |
139 | 139 | */ |
140 | 140 | #ifdef LTC_CLEAN_STACK |
141 | static int _rc2_ecb_encrypt( const unsigned char *pt, | |
141 | static int s_rc2_ecb_encrypt( const unsigned char *pt, | |
142 | 142 | unsigned char *ct, |
143 | 143 | const symmetric_key *skey) |
144 | 144 | #else |
199 | 199 | unsigned char *ct, |
200 | 200 | const symmetric_key *skey) |
201 | 201 | { |
202 | int err = _rc2_ecb_encrypt(pt, ct, skey); | |
202 | int err = s_rc2_ecb_encrypt(pt, ct, skey); | |
203 | 203 | burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 5); |
204 | 204 | return err; |
205 | 205 | } |
216 | 216 | @return CRYPT_OK if successful |
217 | 217 | */ |
218 | 218 | #ifdef LTC_CLEAN_STACK |
219 | static int _rc2_ecb_decrypt( const unsigned char *ct, | |
219 | static int s_rc2_ecb_decrypt( const unsigned char *ct, | |
220 | 220 | unsigned char *pt, |
221 | 221 | const symmetric_key *skey) |
222 | 222 | #else |
278 | 278 | unsigned char *pt, |
279 | 279 | const symmetric_key *skey) |
280 | 280 | { |
281 | int err = _rc2_ecb_decrypt(ct, pt, skey); | |
281 | int err = s_rc2_ecb_decrypt(ct, pt, skey); | |
282 | 282 | burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 4 + sizeof(int)); |
283 | 283 | return err; |
284 | 284 | } |
42 | 42 | @return CRYPT_OK if successful |
43 | 43 | */ |
44 | 44 | #ifdef LTC_CLEAN_STACK |
45 | static int _rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) | |
45 | static int s_rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) | |
46 | 46 | #else |
47 | 47 | int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) |
48 | 48 | #endif |
103 | 103 | int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) |
104 | 104 | { |
105 | 105 | int x; |
106 | x = _rc5_setup(key, keylen, num_rounds, skey); | |
106 | x = s_rc5_setup(key, keylen, num_rounds, skey); | |
107 | 107 | burn_stack(sizeof(ulong32) * 122 + sizeof(int)); |
108 | 108 | return x; |
109 | 109 | } |
117 | 117 | @return CRYPT_OK if successful |
118 | 118 | */ |
119 | 119 | #ifdef LTC_CLEAN_STACK |
120 | static int _rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
120 | static int s_rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
121 | 121 | #else |
122 | 122 | int rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
123 | 123 | #endif |
163 | 163 | #ifdef LTC_CLEAN_STACK |
164 | 164 | int rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
165 | 165 | { |
166 | int err = _rc5_ecb_encrypt(pt, ct, skey); | |
166 | int err = s_rc5_ecb_encrypt(pt, ct, skey); | |
167 | 167 | burn_stack(sizeof(ulong32) * 2 + sizeof(int)); |
168 | 168 | return err; |
169 | 169 | } |
177 | 177 | @return CRYPT_OK if successful |
178 | 178 | */ |
179 | 179 | #ifdef LTC_CLEAN_STACK |
180 | static int _rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
180 | static int s_rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
181 | 181 | #else |
182 | 182 | int rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
183 | 183 | #endif |
224 | 224 | #ifdef LTC_CLEAN_STACK |
225 | 225 | int rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
226 | 226 | { |
227 | int err = _rc5_ecb_decrypt(ct, pt, skey); | |
227 | int err = s_rc5_ecb_decrypt(ct, pt, skey); | |
228 | 228 | burn_stack(sizeof(ulong32) * 2 + sizeof(int)); |
229 | 229 | return err; |
230 | 230 | } |
39 | 39 | @return CRYPT_OK if successful |
40 | 40 | */ |
41 | 41 | #ifdef LTC_CLEAN_STACK |
42 | static int _rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) | |
42 | static int s_rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) | |
43 | 43 | #else |
44 | 44 | int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) |
45 | 45 | #endif |
98 | 98 | int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) |
99 | 99 | { |
100 | 100 | int x; |
101 | x = _rc6_setup(key, keylen, num_rounds, skey); | |
101 | x = s_rc6_setup(key, keylen, num_rounds, skey); | |
102 | 102 | burn_stack(sizeof(ulong32) * 122); |
103 | 103 | return x; |
104 | 104 | } |
111 | 111 | @param skey The key as scheduled |
112 | 112 | */ |
113 | 113 | #ifdef LTC_CLEAN_STACK |
114 | static int _rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
114 | static int s_rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
115 | 115 | #else |
116 | 116 | int rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
117 | 117 | #endif |
153 | 153 | #ifdef LTC_CLEAN_STACK |
154 | 154 | int rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
155 | 155 | { |
156 | int err = _rc6_ecb_encrypt(pt, ct, skey); | |
156 | int err = s_rc6_ecb_encrypt(pt, ct, skey); | |
157 | 157 | burn_stack(sizeof(ulong32) * 6 + sizeof(int)); |
158 | 158 | return err; |
159 | 159 | } |
166 | 166 | @param skey The key as scheduled |
167 | 167 | */ |
168 | 168 | #ifdef LTC_CLEAN_STACK |
169 | static int _rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
169 | static int s_rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
170 | 170 | #else |
171 | 171 | int rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
172 | 172 | #endif |
210 | 210 | #ifdef LTC_CLEAN_STACK |
211 | 211 | int rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
212 | 212 | { |
213 | int err = _rc6_ecb_decrypt(ct, pt, skey); | |
213 | int err = s_rc6_ecb_decrypt(ct, pt, skey); | |
214 | 214 | burn_stack(sizeof(ulong32) * 6 + sizeof(int)); |
215 | 215 | return err; |
216 | 216 | } |
23 | 23 | |
24 | 24 | #ifdef LTC_SAFER |
25 | 25 | |
26 | #define __LTC_SAFER_TAB_C__ | |
26 | #define LTC_SAFER_TAB_C | |
27 | 27 | #include "safer_tab.c" |
28 | 28 | |
29 | 29 | const struct ltc_cipher_descriptor safer_k64_desc = { |
90 | 90 | /******************* Types ****************************************************/ |
91 | 91 | |
92 | 92 | #ifdef LTC_CLEAN_STACK |
93 | static void _Safer_Expand_Userkey(const unsigned char *userkey_1, | |
93 | static void s_safer_expand_userkey(const unsigned char *userkey_1, | |
94 | 94 | const unsigned char *userkey_2, |
95 | 95 | unsigned int nof_rounds, |
96 | 96 | int strengthened, |
97 | 97 | safer_key_t key) |
98 | 98 | #else |
99 | static void Safer_Expand_Userkey(const unsigned char *userkey_1, | |
99 | static void safer_expand_userkey(const unsigned char *userkey_1, | |
100 | 100 | const unsigned char *userkey_2, |
101 | 101 | unsigned int nof_rounds, |
102 | 102 | int strengthened, |
159 | 159 | } |
160 | 160 | |
161 | 161 | #ifdef LTC_CLEAN_STACK |
162 | static void Safer_Expand_Userkey(const unsigned char *userkey_1, | |
162 | static void safer_expand_userkey(const unsigned char *userkey_1, | |
163 | 163 | const unsigned char *userkey_2, |
164 | 164 | unsigned int nof_rounds, |
165 | 165 | int strengthened, |
166 | 166 | safer_key_t key) |
167 | 167 | { |
168 | _Safer_Expand_Userkey(userkey_1, userkey_2, nof_rounds, strengthened, key); | |
168 | s_safer_expand_userkey(userkey_1, userkey_2, nof_rounds, strengthened, key); | |
169 | 169 | burn_stack(sizeof(unsigned char) * (2 * (LTC_SAFER_BLOCK_LEN + 1)) + sizeof(unsigned int)*2); |
170 | 170 | } |
171 | 171 | #endif |
183 | 183 | return CRYPT_INVALID_KEYSIZE; |
184 | 184 | } |
185 | 185 | |
186 | Safer_Expand_Userkey(key, key, (unsigned int)(num_rounds != 0 ?num_rounds:LTC_SAFER_K64_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); | |
186 | safer_expand_userkey(key, key, (unsigned int)(num_rounds != 0 ?num_rounds:LTC_SAFER_K64_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); | |
187 | 187 | return CRYPT_OK; |
188 | 188 | } |
189 | 189 | |
200 | 200 | return CRYPT_INVALID_KEYSIZE; |
201 | 201 | } |
202 | 202 | |
203 | Safer_Expand_Userkey(key, key, (unsigned int)(num_rounds != 0 ?num_rounds:LTC_SAFER_SK64_DEFAULT_NOF_ROUNDS), 1, skey->safer.key); | |
203 | safer_expand_userkey(key, key, (unsigned int)(num_rounds != 0 ?num_rounds:LTC_SAFER_SK64_DEFAULT_NOF_ROUNDS), 1, skey->safer.key); | |
204 | 204 | return CRYPT_OK; |
205 | 205 | } |
206 | 206 | |
217 | 217 | return CRYPT_INVALID_KEYSIZE; |
218 | 218 | } |
219 | 219 | |
220 | Safer_Expand_Userkey(key, key+8, (unsigned int)(num_rounds != 0 ?num_rounds:LTC_SAFER_K128_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); | |
220 | safer_expand_userkey(key, key+8, (unsigned int)(num_rounds != 0 ?num_rounds:LTC_SAFER_K128_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); | |
221 | 221 | return CRYPT_OK; |
222 | 222 | } |
223 | 223 | |
234 | 234 | return CRYPT_INVALID_KEYSIZE; |
235 | 235 | } |
236 | 236 | |
237 | Safer_Expand_Userkey(key, key+8, (unsigned int)(num_rounds != 0?num_rounds:LTC_SAFER_SK128_DEFAULT_NOF_ROUNDS), 1, skey->safer.key); | |
238 | return CRYPT_OK; | |
239 | } | |
240 | ||
241 | #ifdef LTC_CLEAN_STACK | |
242 | static int _safer_ecb_encrypt(const unsigned char *pt, | |
237 | safer_expand_userkey(key, key+8, (unsigned int)(num_rounds != 0?num_rounds:LTC_SAFER_SK128_DEFAULT_NOF_ROUNDS), 1, skey->safer.key); | |
238 | return CRYPT_OK; | |
239 | } | |
240 | ||
241 | #ifdef LTC_CLEAN_STACK | |
242 | static int s_safer_ecb_encrypt(const unsigned char *pt, | |
243 | 243 | unsigned char *ct, |
244 | 244 | const symmetric_key *skey) |
245 | 245 | #else |
286 | 286 | unsigned char *ct, |
287 | 287 | const symmetric_key *skey) |
288 | 288 | { |
289 | int err = _safer_ecb_encrypt(pt, ct, skey); | |
289 | int err = s_safer_ecb_encrypt(pt, ct, skey); | |
290 | 290 | burn_stack(sizeof(unsigned char) * 9 + sizeof(unsigned int) + sizeof(unsigned char *)); |
291 | 291 | return err; |
292 | 292 | } |
293 | 293 | #endif |
294 | 294 | |
295 | 295 | #ifdef LTC_CLEAN_STACK |
296 | static int _safer_ecb_decrypt(const unsigned char *ct, | |
296 | static int s_safer_ecb_decrypt(const unsigned char *ct, | |
297 | 297 | unsigned char *pt, |
298 | 298 | const symmetric_key *skey) |
299 | 299 | #else |
341 | 341 | unsigned char *pt, |
342 | 342 | const symmetric_key *skey) |
343 | 343 | { |
344 | int err = _safer_ecb_decrypt(ct, pt, skey); | |
344 | int err = s_safer_ecb_decrypt(ct, pt, skey); | |
345 | 345 | burn_stack(sizeof(unsigned char) * 9 + sizeof(unsigned int) + sizeof(unsigned char *)); |
346 | 346 | return err; |
347 | 347 | } |
5 | 5 | Tables for LTC_SAFER block ciphers |
6 | 6 | */ |
7 | 7 | |
8 | #ifdef __LTC_SAFER_TAB_C__ | |
8 | #ifdef LTC_SAFER_TAB_C | |
9 | 9 | |
10 | 10 | /* This is the box defined by ebox[x] = 45^x mod 257. |
11 | 11 | * Its assumed that the value "256" corresponds to zero. */ |
48 | 48 | 184, 64, 120, 45, 58, 233, 100, 31, 146, 144, 125, 57, 111, 224, 137, 48 |
49 | 49 | }; |
50 | 50 | |
51 | #endif /* __LTC_SAFER_TAB_C__ */ | |
51 | #endif /* LTC_SAFER_TAB_C */ | |
52 | 52 | |
53 | 53 |
8 | 8 | |
9 | 9 | #ifdef LTC_SAFERP |
10 | 10 | |
11 | #define __LTC_SAFER_TAB_C__ | |
11 | #define LTC_SAFER_TAB_C | |
12 | 12 | #include "safer_tab.c" |
13 | 13 | |
14 | 14 | const struct ltc_cipher_descriptor saferp_desc = |
136 | 136 | |
137 | 137 | #ifdef LTC_SMALL_CODE |
138 | 138 | |
139 | static void _round(unsigned char *b, int i, const symmetric_key *skey) | |
139 | static void s_round(unsigned char *b, int i, const symmetric_key *skey) | |
140 | 140 | { |
141 | 141 | ROUND(b, i); |
142 | 142 | } |
143 | 143 | |
144 | static void _iround(unsigned char *b, int i, const symmetric_key *skey) | |
144 | static void s_iround(unsigned char *b, int i, const symmetric_key *skey) | |
145 | 145 | { |
146 | 146 | iROUND(b, i); |
147 | 147 | } |
148 | 148 | |
149 | static void _lt(unsigned char *b, unsigned char *b2) | |
149 | static void s_lt(unsigned char *b, unsigned char *b2) | |
150 | 150 | { |
151 | 151 | LT(b, b2); |
152 | 152 | } |
153 | 153 | |
154 | static void _ilt(unsigned char *b, unsigned char *b2) | |
154 | static void s_ilt(unsigned char *b, unsigned char *b2) | |
155 | 155 | { |
156 | 156 | iLT(b, b2); |
157 | 157 | } |
158 | 158 | |
159 | 159 | #undef ROUND |
160 | #define ROUND(b, i) _round(b, i, skey) | |
160 | #define ROUND(b, i) s_round(b, i, skey) | |
161 | 161 | |
162 | 162 | #undef iROUND |
163 | #define iROUND(b, i) _iround(b, i, skey) | |
163 | #define iROUND(b, i) s_iround(b, i, skey) | |
164 | 164 | |
165 | 165 | #undef LT |
166 | #define LT(b, b2) _lt(b, b2) | |
166 | #define LT(b, b2) s_lt(b, b2) | |
167 | 167 | |
168 | 168 | #undef iLT |
169 | #define iLT(b, b2) _ilt(b, b2) | |
169 | #define iLT(b, b2) s_ilt(b, b2) | |
170 | 170 | |
171 | 171 | #endif |
172 | 172 |
26 | 26 | }; |
27 | 27 | |
28 | 28 | /* linear transformation */ |
29 | #define _LT(i,a,b,c,d,e) { \ | |
29 | #define s_lt(i,a,b,c,d,e) { \ | |
30 | 30 | a = ROLc(a, 13); \ |
31 | 31 | c = ROLc(c, 3); \ |
32 | 32 | d = ROLc(d ^ c ^ (a << 3), 7); \ |
36 | 36 | } |
37 | 37 | |
38 | 38 | /* inverse linear transformation */ |
39 | #define _ILT(i,a,b,c,d,e) { \ | |
39 | #define s_ilt(i,a,b,c,d,e) { \ | |
40 | 40 | c = RORc(c, 22); \ |
41 | 41 | a = RORc(a, 5); \ |
42 | 42 | c ^= d ^ (b << 7); \ |
49 | 49 | } |
50 | 50 | |
51 | 51 | /* order of output from S-box functions */ |
52 | #define _beforeS0(f) f(0,a,b,c,d,e) | |
53 | #define _afterS0(f) f(1,b,e,c,a,d) | |
54 | #define _afterS1(f) f(2,c,b,a,e,d) | |
55 | #define _afterS2(f) f(3,a,e,b,d,c) | |
56 | #define _afterS3(f) f(4,e,b,d,c,a) | |
57 | #define _afterS4(f) f(5,b,a,e,c,d) | |
58 | #define _afterS5(f) f(6,a,c,b,e,d) | |
59 | #define _afterS6(f) f(7,a,c,d,b,e) | |
60 | #define _afterS7(f) f(8,d,e,b,a,c) | |
52 | #define s_beforeS0(f) f(0,a,b,c,d,e) | |
53 | #define s_afterS0(f) f(1,b,e,c,a,d) | |
54 | #define s_afterS1(f) f(2,c,b,a,e,d) | |
55 | #define s_afterS2(f) f(3,a,e,b,d,c) | |
56 | #define s_afterS3(f) f(4,e,b,d,c,a) | |
57 | #define s_afterS4(f) f(5,b,a,e,c,d) | |
58 | #define s_afterS5(f) f(6,a,c,b,e,d) | |
59 | #define s_afterS6(f) f(7,a,c,d,b,e) | |
60 | #define s_afterS7(f) f(8,d,e,b,a,c) | |
61 | 61 | |
62 | 62 | /* order of output from inverse S-box functions */ |
63 | #define _beforeI7(f) f(8,a,b,c,d,e) | |
64 | #define _afterI7(f) f(7,d,a,b,e,c) | |
65 | #define _afterI6(f) f(6,a,b,c,e,d) | |
66 | #define _afterI5(f) f(5,b,d,e,c,a) | |
67 | #define _afterI4(f) f(4,b,c,e,a,d) | |
68 | #define _afterI3(f) f(3,a,b,e,c,d) | |
69 | #define _afterI2(f) f(2,b,d,e,c,a) | |
70 | #define _afterI1(f) f(1,a,b,c,e,d) | |
71 | #define _afterI0(f) f(0,a,d,b,e,c) | |
63 | #define s_beforeI7(f) f(8,a,b,c,d,e) | |
64 | #define s_afterI7(f) f(7,d,a,b,e,c) | |
65 | #define s_afterI6(f) f(6,a,b,c,e,d) | |
66 | #define s_afterI5(f) f(5,b,d,e,c,a) | |
67 | #define s_afterI4(f) f(4,b,c,e,a,d) | |
68 | #define s_afterI3(f) f(3,a,b,e,c,d) | |
69 | #define s_afterI2(f) f(2,b,d,e,c,a) | |
70 | #define s_afterI1(f) f(1,a,b,c,e,d) | |
71 | #define s_afterI0(f) f(0,a,d,b,e,c) | |
72 | 72 | |
73 | 73 | /* The instruction sequences for the S-box functions |
74 | 74 | * come from Dag Arne Osvik's paper "Speeding up Serpent". |
75 | 75 | */ |
76 | 76 | |
77 | #define _S0(i, r0, r1, r2, r3, r4) { \ | |
77 | #define s_s0(i, r0, r1, r2, r3, r4) { \ | |
78 | 78 | r3 ^= r0; \ |
79 | 79 | r4 = r1; \ |
80 | 80 | r1 &= r3; \ |
95 | 95 | r4 ^= r3; \ |
96 | 96 | } |
97 | 97 | |
98 | #define _I0(i, r0, r1, r2, r3, r4) { \ | |
98 | #define s_i0(i, r0, r1, r2, r3, r4) { \ | |
99 | 99 | r2 = ~r2; \ |
100 | 100 | r4 = r1; \ |
101 | 101 | r1 |= r0; \ |
117 | 117 | r4 ^= r2; \ |
118 | 118 | } |
119 | 119 | |
120 | #define _S1(i, r0, r1, r2, r3, r4) { \ | |
120 | #define s_s1(i, r0, r1, r2, r3, r4) { \ | |
121 | 121 | r0 = ~r0; \ |
122 | 122 | r2 = ~r2; \ |
123 | 123 | r4 = r0; \ |
138 | 138 | r0 ^= r4; \ |
139 | 139 | } |
140 | 140 | |
141 | #define _I1(i, r0, r1, r2, r3, r4) { \ | |
141 | #define s_i1(i, r0, r1, r2, r3, r4) { \ | |
142 | 142 | r4 = r1; \ |
143 | 143 | r1 ^= r3; \ |
144 | 144 | r3 &= r1; \ |
160 | 160 | r3 ^= r1; \ |
161 | 161 | } |
162 | 162 | |
163 | #define _S2(i, r0, r1, r2, r3, r4) { \ | |
163 | #define s_s2(i, r0, r1, r2, r3, r4) { \ | |
164 | 164 | r4 = r0; \ |
165 | 165 | r0 &= r2; \ |
166 | 166 | r0 ^= r3; \ |
179 | 179 | r4 = ~r4; \ |
180 | 180 | } |
181 | 181 | |
182 | #define _I2(i, r0, r1, r2, r3, r4) { \ | |
182 | #define s_i2(i, r0, r1, r2, r3, r4) { \ | |
183 | 183 | r2 ^= r3; \ |
184 | 184 | r3 ^= r0; \ |
185 | 185 | r4 = r3; \ |
201 | 201 | r3 ^= r0; \ |
202 | 202 | } |
203 | 203 | |
204 | #define _S3(i, r0, r1, r2, r3, r4) { \ | |
204 | #define s_s3(i, r0, r1, r2, r3, r4) { \ | |
205 | 205 | r4 = r0; \ |
206 | 206 | r0 |= r3; \ |
207 | 207 | r3 ^= r1; \ |
223 | 223 | r1 ^= r0; \ |
224 | 224 | } |
225 | 225 | |
226 | #define _I3(i, r0, r1, r2, r3, r4) { \ | |
226 | #define s_i3(i, r0, r1, r2, r3, r4) { \ | |
227 | 227 | r4 = r2; \ |
228 | 228 | r2 ^= r1; \ |
229 | 229 | r1 &= r2; \ |
244 | 244 | r2 ^= r4; \ |
245 | 245 | } |
246 | 246 | |
247 | #define _S4(i, r0, r1, r2, r3, r4) { \ | |
247 | #define s_s4(i, r0, r1, r2, r3, r4) { \ | |
248 | 248 | r1 ^= r3; \ |
249 | 249 | r3 = ~r3; \ |
250 | 250 | r2 ^= r3; \ |
267 | 267 | r4 ^= r2; \ |
268 | 268 | } |
269 | 269 | |
270 | #define _I4(i, r0, r1, r2, r3, r4) { \ | |
270 | #define s_i4(i, r0, r1, r2, r3, r4) { \ | |
271 | 271 | r4 = r2; \ |
272 | 272 | r2 &= r3; \ |
273 | 273 | r2 ^= r1; \ |
290 | 290 | r2 ^= r1; \ |
291 | 291 | } |
292 | 292 | |
293 | #define _S5(i, r0, r1, r2, r3, r4) { \ | |
293 | #define s_s5(i, r0, r1, r2, r3, r4) { \ | |
294 | 294 | r0 ^= r1; \ |
295 | 295 | r1 ^= r3; \ |
296 | 296 | r3 = ~r3; \ |
312 | 312 | r2 ^= r4; \ |
313 | 313 | } |
314 | 314 | |
315 | #define _I5(i, r0, r1, r2, r3, r4) { \ | |
315 | #define s_i5(i, r0, r1, r2, r3, r4) { \ | |
316 | 316 | r1 = ~r1; \ |
317 | 317 | r4 = r3; \ |
318 | 318 | r2 ^= r1; \ |
334 | 334 | r4 = ~r4; \ |
335 | 335 | } |
336 | 336 | |
337 | #define _S6(i, r0, r1, r2, r3, r4) { \ | |
337 | #define s_s6(i, r0, r1, r2, r3, r4) { \ | |
338 | 338 | r2 = ~r2; \ |
339 | 339 | r4 = r3; \ |
340 | 340 | r3 &= r0; \ |
355 | 355 | r2 ^= r3; \ |
356 | 356 | } |
357 | 357 | |
358 | #define _I6(i, r0, r1, r2, r3, r4) { \ | |
358 | #define s_i6(i, r0, r1, r2, r3, r4) { \ | |
359 | 359 | r0 ^= r2; \ |
360 | 360 | r4 = r2; \ |
361 | 361 | r2 &= r0; \ |
375 | 375 | r4 ^= r0; \ |
376 | 376 | } |
377 | 377 | |
378 | #define _S7(i, r0, r1, r2, r3, r4) { \ | |
378 | #define s_s7(i, r0, r1, r2, r3, r4) { \ | |
379 | 379 | r4 = r2; \ |
380 | 380 | r2 &= r1; \ |
381 | 381 | r2 ^= r3; \ |
398 | 398 | r4 ^= r1; \ |
399 | 399 | } |
400 | 400 | |
401 | #define _I7(i, r0, r1, r2, r3, r4) { \ | |
401 | #define s_i7(i, r0, r1, r2, r3, r4) { \ | |
402 | 402 | r4 = r2; \ |
403 | 403 | r2 ^= r0; \ |
404 | 404 | r0 &= r3; \ |
421 | 421 | } |
422 | 422 | |
423 | 423 | /* key xor */ |
424 | #define _KX(r, a, b, c, d, e) { \ | |
424 | #define s_kx(r, a, b, c, d, e) { \ | |
425 | 425 | a ^= k[4 * r + 0]; \ |
426 | 426 | b ^= k[4 * r + 1]; \ |
427 | 427 | c ^= k[4 * r + 2]; \ |
428 | 428 | d ^= k[4 * r + 3]; \ |
429 | 429 | } |
430 | 430 | |
431 | #define _LK(r, a, b, c, d, e) { \ | |
431 | #define s_lk(r, a, b, c, d, e) { \ | |
432 | 432 | a = k[(8-r)*4 + 0]; \ |
433 | 433 | b = k[(8-r)*4 + 1]; \ |
434 | 434 | c = k[(8-r)*4 + 2]; \ |
435 | 435 | d = k[(8-r)*4 + 3]; \ |
436 | 436 | } |
437 | 437 | |
438 | #define _SK(r, a, b, c, d, e) { \ | |
438 | #define s_sk(r, a, b, c, d, e) { \ | |
439 | 439 | k[(8-r)*4 + 4] = a; \ |
440 | 440 | k[(8-r)*4 + 5] = b; \ |
441 | 441 | k[(8-r)*4 + 6] = c; \ |
442 | 442 | k[(8-r)*4 + 7] = d; \ |
443 | 443 | } |
444 | 444 | |
445 | static int _setup_key(const unsigned char *key, int keylen, int rounds, ulong32 *k) | |
445 | static int s_setup_key(const unsigned char *key, int keylen, int rounds, ulong32 *k) | |
446 | 446 | { |
447 | 447 | int i; |
448 | 448 | ulong32 t; |
466 | 466 | k -= 20; |
467 | 467 | |
468 | 468 | for (i = 0; i < rounds/8; i++) { |
469 | _afterS2(_LK); _afterS2(_S3); _afterS3(_SK); | |
470 | _afterS1(_LK); _afterS1(_S2); _afterS2(_SK); | |
471 | _afterS0(_LK); _afterS0(_S1); _afterS1(_SK); | |
472 | _beforeS0(_LK); _beforeS0(_S0); _afterS0(_SK); | |
469 | s_afterS2(s_lk); s_afterS2(s_s3); s_afterS3(s_sk); | |
470 | s_afterS1(s_lk); s_afterS1(s_s2); s_afterS2(s_sk); | |
471 | s_afterS0(s_lk); s_afterS0(s_s1); s_afterS1(s_sk); | |
472 | s_beforeS0(s_lk); s_beforeS0(s_s0); s_afterS0(s_sk); | |
473 | 473 | k += 8*4; |
474 | _afterS6(_LK); _afterS6(_S7); _afterS7(_SK); | |
475 | _afterS5(_LK); _afterS5(_S6); _afterS6(_SK); | |
476 | _afterS4(_LK); _afterS4(_S5); _afterS5(_SK); | |
477 | _afterS3(_LK); _afterS3(_S4); _afterS4(_SK); | |
474 | s_afterS6(s_lk); s_afterS6(s_s7); s_afterS7(s_sk); | |
475 | s_afterS5(s_lk); s_afterS5(s_s6); s_afterS6(s_sk); | |
476 | s_afterS4(s_lk); s_afterS4(s_s5); s_afterS5(s_sk); | |
477 | s_afterS3(s_lk); s_afterS3(s_s4); s_afterS4(s_sk); | |
478 | 478 | } |
479 | _afterS2(_LK); _afterS2(_S3); _afterS3(_SK); | |
479 | s_afterS2(s_lk); s_afterS2(s_s3); s_afterS3(s_sk); | |
480 | 480 | |
481 | 481 | return CRYPT_OK; |
482 | 482 | } |
483 | 483 | |
484 | static int _enc_block(const unsigned char *in, unsigned char *out, const ulong32 *k) | |
484 | static int s_enc_block(const unsigned char *in, unsigned char *out, const ulong32 *k) | |
485 | 485 | { |
486 | 486 | ulong32 a, b, c, d, e; |
487 | 487 | unsigned int i = 1; |
492 | 492 | LOAD32L(d, in + 12); |
493 | 493 | |
494 | 494 | do { |
495 | _beforeS0(_KX); _beforeS0(_S0); _afterS0(_LT); | |
496 | _afterS0(_KX); _afterS0(_S1); _afterS1(_LT); | |
497 | _afterS1(_KX); _afterS1(_S2); _afterS2(_LT); | |
498 | _afterS2(_KX); _afterS2(_S3); _afterS3(_LT); | |
499 | _afterS3(_KX); _afterS3(_S4); _afterS4(_LT); | |
500 | _afterS4(_KX); _afterS4(_S5); _afterS5(_LT); | |
501 | _afterS5(_KX); _afterS5(_S6); _afterS6(_LT); | |
502 | _afterS6(_KX); _afterS6(_S7); | |
495 | s_beforeS0(s_kx); s_beforeS0(s_s0); s_afterS0(s_lt); | |
496 | s_afterS0(s_kx); s_afterS0(s_s1); s_afterS1(s_lt); | |
497 | s_afterS1(s_kx); s_afterS1(s_s2); s_afterS2(s_lt); | |
498 | s_afterS2(s_kx); s_afterS2(s_s3); s_afterS3(s_lt); | |
499 | s_afterS3(s_kx); s_afterS3(s_s4); s_afterS4(s_lt); | |
500 | s_afterS4(s_kx); s_afterS4(s_s5); s_afterS5(s_lt); | |
501 | s_afterS5(s_kx); s_afterS5(s_s6); s_afterS6(s_lt); | |
502 | s_afterS6(s_kx); s_afterS6(s_s7); | |
503 | 503 | |
504 | 504 | if (i == 4) break; |
505 | 505 | |
510 | 510 | d = a; |
511 | 511 | a = e; |
512 | 512 | k += 32; |
513 | _beforeS0(_LT); | |
513 | s_beforeS0(s_lt); | |
514 | 514 | } while (1); |
515 | 515 | |
516 | _afterS7(_KX); | |
516 | s_afterS7(s_kx); | |
517 | 517 | |
518 | 518 | STORE32L(d, out + 0); |
519 | 519 | STORE32L(e, out + 4); |
523 | 523 | return CRYPT_OK; |
524 | 524 | } |
525 | 525 | |
526 | static int _dec_block(const unsigned char *in, unsigned char *out, const ulong32 *k) | |
526 | static int s_dec_block(const unsigned char *in, unsigned char *out, const ulong32 *k) | |
527 | 527 | { |
528 | 528 | ulong32 a, b, c, d, e; |
529 | 529 | unsigned int i; |
536 | 536 | i = 4; |
537 | 537 | k += 96; |
538 | 538 | |
539 | _beforeI7(_KX); | |
539 | s_beforeI7(s_kx); | |
540 | 540 | goto start; |
541 | 541 | |
542 | 542 | do { |
544 | 544 | b = d; |
545 | 545 | d = e; |
546 | 546 | k -= 32; |
547 | _beforeI7(_ILT); | |
547 | s_beforeI7(s_ilt); | |
548 | 548 | start: |
549 | _beforeI7(_I7); _afterI7(_KX); | |
550 | _afterI7(_ILT); _afterI7(_I6); _afterI6(_KX); | |
551 | _afterI6(_ILT); _afterI6(_I5); _afterI5(_KX); | |
552 | _afterI5(_ILT); _afterI5(_I4); _afterI4(_KX); | |
553 | _afterI4(_ILT); _afterI4(_I3); _afterI3(_KX); | |
554 | _afterI3(_ILT); _afterI3(_I2); _afterI2(_KX); | |
555 | _afterI2(_ILT); _afterI2(_I1); _afterI1(_KX); | |
556 | _afterI1(_ILT); _afterI1(_I0); _afterI0(_KX); | |
549 | s_beforeI7(s_i7); s_afterI7(s_kx); | |
550 | s_afterI7(s_ilt); s_afterI7(s_i6); s_afterI6(s_kx); | |
551 | s_afterI6(s_ilt); s_afterI6(s_i5); s_afterI5(s_kx); | |
552 | s_afterI5(s_ilt); s_afterI5(s_i4); s_afterI4(s_kx); | |
553 | s_afterI4(s_ilt); s_afterI4(s_i3); s_afterI3(s_kx); | |
554 | s_afterI3(s_ilt); s_afterI3(s_i2); s_afterI2(s_kx); | |
555 | s_afterI2(s_ilt); s_afterI2(s_i1); s_afterI1(s_kx); | |
556 | s_afterI1(s_ilt); s_afterI1(s_i0); s_afterI0(s_kx); | |
557 | 557 | } while (--i != 0); |
558 | 558 | |
559 | 559 | STORE32L(a, out + 0); |
574 | 574 | if (num_rounds != 0 && num_rounds != 32) return CRYPT_INVALID_ROUNDS; |
575 | 575 | if (keylen != 16 && keylen != 24 && keylen != 32) return CRYPT_INVALID_KEYSIZE; |
576 | 576 | |
577 | err = _setup_key(key, keylen, 32, skey->serpent.k); | |
577 | err = s_setup_key(key, keylen, 32, skey->serpent.k); | |
578 | 578 | #ifdef LTC_CLEAN_STACK |
579 | 579 | burn_stack(sizeof(ulong32) * 14 + sizeof(int)); |
580 | 580 | #endif |
583 | 583 | |
584 | 584 | int serpent_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
585 | 585 | { |
586 | int err = _enc_block(pt, ct, skey->serpent.k); | |
586 | int err = s_enc_block(pt, ct, skey->serpent.k); | |
587 | 587 | #ifdef LTC_CLEAN_STACK |
588 | 588 | burn_stack(sizeof(ulong32) * 5 + sizeof(int)); |
589 | 589 | #endif |
592 | 592 | |
593 | 593 | int serpent_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
594 | 594 | { |
595 | int err = _dec_block(ct, pt, skey->serpent.k); | |
595 | int err = s_dec_block(ct, pt, skey->serpent.k); | |
596 | 596 | #ifdef LTC_CLEAN_STACK |
597 | 597 | burn_stack(sizeof(ulong32) * 5 + sizeof(int)); |
598 | 598 | #endif |
132 | 132 | @return CRYPT_OK if successful |
133 | 133 | */ |
134 | 134 | #ifdef LTC_CLEAN_STACK |
135 | static int _skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
135 | static int s_skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
136 | 136 | #else |
137 | 137 | int skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
138 | 138 | #endif |
182 | 182 | #ifdef LTC_CLEAN_STACK |
183 | 183 | int skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
184 | 184 | { |
185 | int err = _skipjack_ecb_encrypt(pt, ct, skey); | |
185 | int err = s_skipjack_ecb_encrypt(pt, ct, skey); | |
186 | 186 | burn_stack(sizeof(unsigned) * 8 + sizeof(int) * 2); |
187 | 187 | return err; |
188 | 188 | } |
196 | 196 | @return CRYPT_OK if successful |
197 | 197 | */ |
198 | 198 | #ifdef LTC_CLEAN_STACK |
199 | static int _skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
199 | static int s_skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
200 | 200 | #else |
201 | 201 | int skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
202 | 202 | #endif |
250 | 250 | #ifdef LTC_CLEAN_STACK |
251 | 251 | int skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
252 | 252 | { |
253 | int err = _skipjack_ecb_decrypt(ct, pt, skey); | |
253 | int err = s_skipjack_ecb_decrypt(ct, pt, skey); | |
254 | 254 | burn_stack(sizeof(unsigned) * 7 + sizeof(int) * 2); |
255 | 255 | return err; |
256 | 256 | } |
67 | 67 | |
68 | 68 | LOAD32H(y, &pt[0]); |
69 | 69 | LOAD32H(z, &pt[4]); |
70 | for (r = 0; r < 32; r += 4) { | |
70 | for (r = 0; r < 32; r++) { | |
71 | 71 | sum += delta; |
72 | 72 | y += ((z<<4) + skey->tea.k[0]) ^ (z + sum) ^ ((z>>5) + skey->tea.k[1]); |
73 | 73 | z += ((y<<4) + skey->tea.k[2]) ^ (y + sum) ^ ((y>>5) + skey->tea.k[3]); |
153 | 153 | zeromem(&skey, sizeof(skey)); |
154 | 154 | |
155 | 155 | l = sizeof(key); |
156 | if ((err = base16_decode(tests[i].key, XSTRLEN(tests[i].key), key, &l)) != CRYPT) return err; | |
156 | if ((err = base16_decode(tests[i].key, XSTRLEN(tests[i].key), key, &l)) != CRYPT_OK) return err; | |
157 | 157 | l = sizeof(ptct[0]); |
158 | if ((err = base16_decode(tests[i].pt, XSTRLEN(tests[i].pt), ptct[0], &l)) != CRYPT) return err; | |
158 | if ((err = base16_decode(tests[i].pt, XSTRLEN(tests[i].pt), ptct[0], &l)) != CRYPT_OK) return err; | |
159 | 159 | l = sizeof(ptct[1]); |
160 | if ((err = base16_decode(tests[i].ct, XSTRLEN(tests[i].ct), ptct[1], &l)) != CRYPT) return err; | |
160 | if ((err = base16_decode(tests[i].ct, XSTRLEN(tests[i].ct), ptct[1], &l)) != CRYPT_OK) return err; | |
161 | 161 | |
162 | 162 | if ((err = tea_setup(key, 16, 0, &skey)) != CRYPT_OK) { |
163 | 163 | return err; |
165 | 165 | tea_ecb_encrypt(ptct[0], tmp[0], &skey); |
166 | 166 | tea_ecb_decrypt(tmp[0], tmp[1], &skey); |
167 | 167 | |
168 | if (compare_testvector(tmp[0], 8, ptct[0], 8, "TEA Encrypt", i) != 0 || | |
169 | compare_testvector(tmp[1], 8, ptct[1], 8, "TEA Decrypt", i) != 0) { | |
168 | if (compare_testvector(tmp[0], 8, ptct[1], 8, "TEA Encrypt", i) != 0 || | |
169 | compare_testvector(tmp[1], 8, ptct[0], 8, "TEA Decrypt", i) != 0) { | |
170 | 170 | return CRYPT_FAIL_TESTVECTOR; |
171 | 171 | } |
172 | 172 |
57 | 57 | |
58 | 58 | #ifdef LTC_TWOFISH_TABLES |
59 | 59 | |
60 | #define __LTC_TWOFISH_TAB_C__ | |
60 | #define LTC_TWOFISH_TAB_C | |
61 | 61 | #include "twofish_tab.c" |
62 | 62 | |
63 | 63 | #define sbox(i, x) ((ulong32)SBOX[i][(x)&255]) |
82 | 82 | |
83 | 83 | /* computes S_i[x] */ |
84 | 84 | #ifdef LTC_CLEAN_STACK |
85 | static ulong32 _sbox(int i, ulong32 x) | |
85 | static ulong32 s_sbox(int i, ulong32 x) | |
86 | 86 | #else |
87 | 87 | static ulong32 sbox(int i, ulong32 x) |
88 | 88 | #endif |
124 | 124 | static ulong32 sbox(int i, ulong32 x) |
125 | 125 | { |
126 | 126 | ulong32 y; |
127 | y = _sbox(i, x); | |
127 | y = s_sbox(i, x); | |
128 | 128 | burn_stack(sizeof(unsigned char) * 11); |
129 | 129 | return y; |
130 | 130 | } |
281 | 281 | #else |
282 | 282 | |
283 | 283 | #ifdef LTC_CLEAN_STACK |
284 | static ulong32 _g_func(ulong32 x, const symmetric_key *key) | |
284 | static ulong32 s_g_func(ulong32 x, const symmetric_key *key) | |
285 | 285 | #else |
286 | 286 | static ulong32 g_func(ulong32 x, const symmetric_key *key) |
287 | 287 | #endif |
317 | 317 | static ulong32 g_func(ulong32 x, const symmetric_key *key) |
318 | 318 | { |
319 | 319 | ulong32 y; |
320 | y = _g_func(x, key); | |
320 | y = s_g_func(x, key); | |
321 | 321 | burn_stack(sizeof(unsigned char) * 4 + sizeof(ulong32)); |
322 | 322 | return y; |
323 | 323 | } |
334 | 334 | @return CRYPT_OK if successful |
335 | 335 | */ |
336 | 336 | #ifdef LTC_CLEAN_STACK |
337 | static int _twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) | |
337 | static int s_twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) | |
338 | 338 | #else |
339 | 339 | int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) |
340 | 340 | #endif |
447 | 447 | int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) |
448 | 448 | { |
449 | 449 | int x; |
450 | x = _twofish_setup(key, keylen, num_rounds, skey); | |
450 | x = s_twofish_setup(key, keylen, num_rounds, skey); | |
451 | 451 | burn_stack(sizeof(int) * 7 + sizeof(unsigned char) * 56 + sizeof(ulong32) * 2); |
452 | 452 | return x; |
453 | 453 | } |
461 | 461 | @return CRYPT_OK if successful |
462 | 462 | */ |
463 | 463 | #ifdef LTC_CLEAN_STACK |
464 | static int _twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
464 | static int s_twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) | |
465 | 465 | #else |
466 | 466 | int twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
467 | 467 | #endif |
521 | 521 | #ifdef LTC_CLEAN_STACK |
522 | 522 | int twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) |
523 | 523 | { |
524 | int err = _twofish_ecb_encrypt(pt, ct, skey); | |
524 | int err = s_twofish_ecb_encrypt(pt, ct, skey); | |
525 | 525 | burn_stack(sizeof(ulong32) * 10 + sizeof(int)); |
526 | 526 | return err; |
527 | 527 | } |
535 | 535 | @return CRYPT_OK if successful |
536 | 536 | */ |
537 | 537 | #ifdef LTC_CLEAN_STACK |
538 | static int _twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
538 | static int s_twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) | |
539 | 539 | #else |
540 | 540 | int twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
541 | 541 | #endif |
597 | 597 | #ifdef LTC_CLEAN_STACK |
598 | 598 | int twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
599 | 599 | { |
600 | int err =_twofish_ecb_decrypt(ct, pt, skey); | |
600 | int err = s_twofish_ecb_decrypt(ct, pt, skey); | |
601 | 601 | burn_stack(sizeof(ulong32) * 10 + sizeof(int)); |
602 | 602 | return err; |
603 | 603 | } |
5 | 5 | Twofish tables, Tom St Denis |
6 | 6 | */ |
7 | 7 | #ifdef LTC_TWOFISH_TABLES |
8 | #ifdef __LTC_TWOFISH_TAB_C__ | |
8 | #ifdef LTC_TWOFISH_TAB_C | |
9 | 9 | |
10 | 10 | /* pre generated 8x8 tables from the four 4x4s */ |
11 | 11 | static const unsigned char SBOX[2][256] = { |
481 | 481 | |
482 | 482 | #endif /* LTC_TWOFISH_ALL_TABLES */ |
483 | 483 | |
484 | #endif /* __LTC_TWOFISH_TAB_C__ */ | |
484 | #endif /* LTC_TWOFISH_TAB_C */ | |
485 | 485 | #endif |
51 | 51 | |
52 | 52 | #ifndef LTC_FAST |
53 | 53 | /* right shift */ |
54 | static void _gcm_rightshift(unsigned char *a) | |
54 | static void s_gcm_rightshift(unsigned char *a) | |
55 | 55 | { |
56 | 56 | int x; |
57 | 57 | for (x = 15; x > 0; x--) { |
85 | 85 | } |
86 | 86 | } |
87 | 87 | z = V[15] & 0x01; |
88 | _gcm_rightshift(V); | |
88 | s_gcm_rightshift(V); | |
89 | 89 | V[0] ^= poly[z]; |
90 | 90 | } |
91 | 91 | XMEMCPY(c, Z, 16); |
14 | 14 | @param aad_block [in] AAD data (block_len size) |
15 | 15 | @return CRYPT_OK if successful |
16 | 16 | */ |
17 | static int _ocb3_int_aad_add_block(ocb3_state *ocb, const unsigned char *aad_block) | |
17 | static int s_ocb3_int_aad_add_block(ocb3_state *ocb, const unsigned char *aad_block) | |
18 | 18 | { |
19 | 19 | unsigned char tmp[MAXBLOCKSIZE]; |
20 | 20 | int err; |
58 | 58 | ocb->adata_buffer_bytes += l; |
59 | 59 | |
60 | 60 | if (ocb->adata_buffer_bytes == ocb->block_len) { |
61 | if ((err = _ocb3_int_aad_add_block(ocb, ocb->adata_buffer)) != CRYPT_OK) { | |
61 | if ((err = s_ocb3_int_aad_add_block(ocb, ocb->adata_buffer)) != CRYPT_OK) { | |
62 | 62 | return err; |
63 | 63 | } |
64 | 64 | ocb->adata_buffer_bytes = 0; |
79 | 79 | last_block_len = datalen - full_blocks_len; |
80 | 80 | |
81 | 81 | for (x=0; x<full_blocks; x++) { |
82 | if ((err = _ocb3_int_aad_add_block(ocb, data+x*ocb->block_len)) != CRYPT_OK) { | |
82 | if ((err = s_ocb3_int_aad_add_block(ocb, data+x*ocb->block_len)) != CRYPT_OK) { | |
83 | 83 | return err; |
84 | 84 | } |
85 | 85 | } |
8 | 8 | |
9 | 9 | #ifdef LTC_OCB3_MODE |
10 | 10 | |
11 | static void _ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsigned long noncelen, unsigned long taglen) | |
11 | static void s_ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsigned long noncelen, unsigned long taglen) | |
12 | 12 | { |
13 | 13 | int x, y, bottom; |
14 | 14 | int idx, shift; |
165 | 165 | } |
166 | 166 | |
167 | 167 | /* initialize ocb->Offset_current = Offset_0 */ |
168 | _ocb3_int_calc_offset_zero(ocb, nonce, noncelen, taglen); | |
168 | s_ocb3_int_calc_offset_zero(ocb, nonce, noncelen, taglen); | |
169 | 169 | |
170 | 170 | /* initialize checksum to all zeros */ |
171 | 171 | zeromem(ocb->checksum, ocb->block_len); |
146 | 146 | { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } |
147 | 147 | }; |
148 | 148 | |
149 | static void blake2b_set_lastnode(hash_state *md) { md->blake2b.f[1] = CONST64(0xffffffffffffffff); } | |
149 | static void s_blake2b_set_lastnode(hash_state *md) { md->blake2b.f[1] = CONST64(0xffffffffffffffff); } | |
150 | 150 | |
151 | 151 | /* Some helper functions, not necessarily useful */ |
152 | static int blake2b_is_lastblock(const hash_state *md) { return md->blake2b.f[0] != 0; } | |
153 | ||
154 | static void blake2b_set_lastblock(hash_state *md) | |
152 | static int s_blake2b_is_lastblock(const hash_state *md) { return md->blake2b.f[0] != 0; } | |
153 | ||
154 | static void s_blake2b_set_lastblock(hash_state *md) | |
155 | 155 | { |
156 | 156 | if (md->blake2b.last_node) { |
157 | blake2b_set_lastnode(md); | |
157 | s_blake2b_set_lastnode(md); | |
158 | 158 | } |
159 | 159 | md->blake2b.f[0] = CONST64(0xffffffffffffffff); |
160 | 160 | } |
161 | 161 | |
162 | static void blake2b_increment_counter(hash_state *md, ulong64 inc) | |
162 | static void s_blake2b_increment_counter(hash_state *md, ulong64 inc) | |
163 | 163 | { |
164 | 164 | md->blake2b.t[0] += inc; |
165 | 165 | if (md->blake2b.t[0] < inc) md->blake2b.t[1]++; |
166 | 166 | } |
167 | 167 | |
168 | static void blake2b_init0(hash_state *md) | |
168 | static void s_blake2b_init0(hash_state *md) | |
169 | 169 | { |
170 | 170 | unsigned long i; |
171 | 171 | XMEMSET(&md->blake2b, 0, sizeof(md->blake2b)); |
176 | 176 | } |
177 | 177 | |
178 | 178 | /* init xors IV with input parameter block */ |
179 | static int blake2b_init_param(hash_state *md, const unsigned char *P) | |
179 | static int s_blake2b_init_param(hash_state *md, const unsigned char *P) | |
180 | 180 | { |
181 | 181 | unsigned long i; |
182 | 182 | |
183 | blake2b_init0(md); | |
183 | s_blake2b_init0(md); | |
184 | 184 | |
185 | 185 | /* IV XOR ParamBlock */ |
186 | 186 | for (i = 0; i < 8; ++i) { |
227 | 227 | P[O_FANOUT] = 1; |
228 | 228 | P[O_DEPTH] = 1; |
229 | 229 | |
230 | err = blake2b_init_param(md, P); | |
230 | err = s_blake2b_init_param(md, P); | |
231 | 231 | if (err != CRYPT_OK) return err; |
232 | 232 | |
233 | 233 | if (key) { |
298 | 298 | } while (0) |
299 | 299 | |
300 | 300 | #ifdef LTC_CLEAN_STACK |
301 | static int _blake2b_compress(hash_state *md, const unsigned char *buf) | |
301 | static int ss_blake2b_compress(hash_state *md, const unsigned char *buf) | |
302 | 302 | #else |
303 | static int blake2b_compress(hash_state *md, const unsigned char *buf) | |
303 | static int s_blake2b_compress(hash_state *md, const unsigned char *buf) | |
304 | 304 | #endif |
305 | 305 | { |
306 | 306 | ulong64 m[16]; |
347 | 347 | #undef ROUND |
348 | 348 | |
349 | 349 | #ifdef LTC_CLEAN_STACK |
350 | static int blake2b_compress(hash_state *md, const unsigned char *buf) | |
350 | static int s_blake2b_compress(hash_state *md, const unsigned char *buf) | |
351 | 351 | { |
352 | 352 | int err; |
353 | err = _blake2b_compress(md, buf); | |
353 | err = ss_blake2b_compress(md, buf); | |
354 | 354 | burn_stack(sizeof(ulong64) * 32 + sizeof(unsigned long)); |
355 | 355 | return err; |
356 | 356 | } |
378 | 378 | if (inlen > fill) { |
379 | 379 | md->blake2b.curlen = 0; |
380 | 380 | XMEMCPY(md->blake2b.buf + (left % sizeof(md->blake2b.buf)), in, fill); /* Fill buffer */ |
381 | blake2b_increment_counter(md, BLAKE2B_BLOCKBYTES); | |
382 | blake2b_compress(md, md->blake2b.buf); /* Compress */ | |
381 | s_blake2b_increment_counter(md, BLAKE2B_BLOCKBYTES); | |
382 | s_blake2b_compress(md, md->blake2b.buf); /* Compress */ | |
383 | 383 | in += fill; |
384 | 384 | inlen -= fill; |
385 | 385 | while (inlen > BLAKE2B_BLOCKBYTES) { |
386 | blake2b_increment_counter(md, BLAKE2B_BLOCKBYTES); | |
387 | blake2b_compress(md, in); | |
386 | s_blake2b_increment_counter(md, BLAKE2B_BLOCKBYTES); | |
387 | s_blake2b_compress(md, in); | |
388 | 388 | in += BLAKE2B_BLOCKBYTES; |
389 | 389 | inlen -= BLAKE2B_BLOCKBYTES; |
390 | 390 | } |
411 | 411 | |
412 | 412 | /* if(md->blakebs.outlen != outlen) return CRYPT_INVALID_ARG; */ |
413 | 413 | |
414 | if (blake2b_is_lastblock(md)) { | |
414 | if (s_blake2b_is_lastblock(md)) { | |
415 | 415 | return CRYPT_ERROR; |
416 | 416 | } |
417 | 417 | |
418 | blake2b_increment_counter(md, md->blake2b.curlen); | |
419 | blake2b_set_lastblock(md); | |
418 | s_blake2b_increment_counter(md, md->blake2b.curlen); | |
419 | s_blake2b_set_lastblock(md); | |
420 | 420 | XMEMSET(md->blake2b.buf + md->blake2b.curlen, 0, BLAKE2B_BLOCKBYTES - md->blake2b.curlen); /* Padding */ |
421 | blake2b_compress(md, md->blake2b.buf); | |
421 | s_blake2b_compress(md, md->blake2b.buf); | |
422 | 422 | |
423 | 423 | for (i = 0; i < 8; ++i) { /* Output full hash to temp buffer */ |
424 | 424 | STORE64L(md->blake2b.h[i], buffer + i * 8); |
138 | 138 | { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 }, |
139 | 139 | }; |
140 | 140 | |
141 | static void blake2s_set_lastnode(hash_state *md) { md->blake2s.f[1] = 0xffffffffUL; } | |
141 | static void s_blake2s_set_lastnode(hash_state *md) { md->blake2s.f[1] = 0xffffffffUL; } | |
142 | 142 | |
143 | 143 | /* Some helper functions, not necessarily useful */ |
144 | static int blake2s_is_lastblock(const hash_state *md) { return md->blake2s.f[0] != 0; } | |
145 | ||
146 | static void blake2s_set_lastblock(hash_state *md) | |
144 | static int s_blake2s_is_lastblock(const hash_state *md) { return md->blake2s.f[0] != 0; } | |
145 | ||
146 | static void s_blake2s_set_lastblock(hash_state *md) | |
147 | 147 | { |
148 | 148 | if (md->blake2s.last_node) { |
149 | blake2s_set_lastnode(md); | |
149 | s_blake2s_set_lastnode(md); | |
150 | 150 | } |
151 | 151 | md->blake2s.f[0] = 0xffffffffUL; |
152 | 152 | } |
153 | 153 | |
154 | static void blake2s_increment_counter(hash_state *md, const ulong32 inc) | |
154 | static void s_blake2s_increment_counter(hash_state *md, const ulong32 inc) | |
155 | 155 | { |
156 | 156 | md->blake2s.t[0] += inc; |
157 | 157 | if (md->blake2s.t[0] < inc) md->blake2s.t[1]++; |
158 | 158 | } |
159 | 159 | |
160 | static int blake2s_init0(hash_state *md) | |
160 | static int s_blake2s_init0(hash_state *md) | |
161 | 161 | { |
162 | 162 | int i; |
163 | 163 | XMEMSET(&md->blake2s, 0, sizeof(struct blake2s_state)); |
170 | 170 | } |
171 | 171 | |
172 | 172 | /* init2 xors IV with input parameter block */ |
173 | static int blake2s_init_param(hash_state *md, const unsigned char *P) | |
173 | static int s_blake2s_init_param(hash_state *md, const unsigned char *P) | |
174 | 174 | { |
175 | 175 | unsigned long i; |
176 | 176 | |
177 | blake2s_init0(md); | |
177 | s_blake2s_init0(md); | |
178 | 178 | |
179 | 179 | /* IV XOR ParamBlock */ |
180 | 180 | for (i = 0; i < 8; ++i) { |
221 | 221 | P[O_FANOUT] = 1; |
222 | 222 | P[O_DEPTH] = 1; |
223 | 223 | |
224 | err = blake2s_init_param(md, P); | |
224 | err = s_blake2s_init_param(md, P); | |
225 | 225 | if (err != CRYPT_OK) return err; |
226 | 226 | |
227 | 227 | if (key) { |
290 | 290 | } while (0) |
291 | 291 | |
292 | 292 | #ifdef LTC_CLEAN_STACK |
293 | static int _blake2s_compress(hash_state *md, const unsigned char *buf) | |
293 | static int ss_blake2s_compress(hash_state *md, const unsigned char *buf) | |
294 | 294 | #else |
295 | static int blake2s_compress(hash_state *md, const unsigned char *buf) | |
295 | static int s_blake2s_compress(hash_state *md, const unsigned char *buf) | |
296 | 296 | #endif |
297 | 297 | { |
298 | 298 | unsigned long i; |
336 | 336 | #undef ROUND |
337 | 337 | |
338 | 338 | #ifdef LTC_CLEAN_STACK |
339 | static int blake2s_compress(hash_state *md, const unsigned char *buf) | |
339 | static int s_blake2s_compress(hash_state *md, const unsigned char *buf) | |
340 | 340 | { |
341 | 341 | int err; |
342 | err = _blake2s_compress(md, buf); | |
342 | err = ss_blake2s_compress(md, buf); | |
343 | 343 | burn_stack(sizeof(ulong32) * (32) + sizeof(unsigned long)); |
344 | 344 | return err; |
345 | 345 | } |
367 | 367 | if (inlen > fill) { |
368 | 368 | md->blake2s.curlen = 0; |
369 | 369 | XMEMCPY(md->blake2s.buf + (left % sizeof(md->blake2s.buf)), in, fill); /* Fill buffer */ |
370 | blake2s_increment_counter(md, BLAKE2S_BLOCKBYTES); | |
371 | blake2s_compress(md, md->blake2s.buf); /* Compress */ | |
370 | s_blake2s_increment_counter(md, BLAKE2S_BLOCKBYTES); | |
371 | s_blake2s_compress(md, md->blake2s.buf); /* Compress */ | |
372 | 372 | in += fill; |
373 | 373 | inlen -= fill; |
374 | 374 | while (inlen > BLAKE2S_BLOCKBYTES) { |
375 | blake2s_increment_counter(md, BLAKE2S_BLOCKBYTES); | |
376 | blake2s_compress(md, in); | |
375 | s_blake2s_increment_counter(md, BLAKE2S_BLOCKBYTES); | |
376 | s_blake2s_compress(md, in); | |
377 | 377 | in += BLAKE2S_BLOCKBYTES; |
378 | 378 | inlen -= BLAKE2S_BLOCKBYTES; |
379 | 379 | } |
400 | 400 | |
401 | 401 | /* if(md->blake2s.outlen != outlen) return CRYPT_INVALID_ARG; */ |
402 | 402 | |
403 | if (blake2s_is_lastblock(md)) { | |
403 | if (s_blake2s_is_lastblock(md)) { | |
404 | 404 | return CRYPT_ERROR; |
405 | 405 | } |
406 | blake2s_increment_counter(md, md->blake2s.curlen); | |
407 | blake2s_set_lastblock(md); | |
406 | s_blake2s_increment_counter(md, md->blake2s.curlen); | |
407 | s_blake2s_set_lastblock(md); | |
408 | 408 | XMEMSET(md->blake2s.buf + md->blake2s.curlen, 0, BLAKE2S_BLOCKBYTES - md->blake2s.curlen); /* Padding */ |
409 | blake2s_compress(md, md->blake2s.buf); | |
409 | s_blake2s_compress(md, md->blake2s.buf); | |
410 | 410 | |
411 | 411 | for (i = 0; i < 8; ++i) { /* Output full hash to temp buffer */ |
412 | 412 | STORE32L(md->blake2s.h[i], buffer + i * 4); |
120 | 120 | T0 <= encrypt T0 |
121 | 121 | state <= state xor T0 xor T1 |
122 | 122 | */ |
123 | static int chc_compress(hash_state *md, const unsigned char *buf) | |
123 | static int s_chc_compress(hash_state *md, const unsigned char *buf) | |
124 | 124 | { |
125 | 125 | unsigned char T[2][MAXBLOCKSIZE]; |
126 | 126 | symmetric_key *key; |
153 | 153 | @param len The length of the data (octets) |
154 | 154 | @return CRYPT_OK if successful |
155 | 155 | */ |
156 | static int _chc_process(hash_state * md, const unsigned char *in, unsigned long inlen); | |
157 | static HASH_PROCESS(_chc_process, chc_compress, chc, (unsigned long)cipher_blocksize) | |
156 | static int ss_chc_process(hash_state * md, const unsigned char *in, unsigned long inlen); | |
157 | static HASH_PROCESS(ss_chc_process, s_chc_compress, chc, (unsigned long)cipher_blocksize) | |
158 | 158 | |
159 | 159 | /** |
160 | 160 | Process a block of memory though the hash |
178 | 178 | return CRYPT_INVALID_CIPHER; |
179 | 179 | } |
180 | 180 | |
181 | return _chc_process(md, in, inlen); | |
181 | return ss_chc_process(md, in, inlen); | |
182 | 182 | } |
183 | 183 | |
184 | 184 | /** |
220 | 220 | while (md->chc.curlen < (unsigned long)cipher_blocksize) { |
221 | 221 | md->chc.buf[md->chc.curlen++] = (unsigned char)0; |
222 | 222 | } |
223 | chc_compress(md, md->chc.buf); | |
223 | s_chc_compress(md, md->chc.buf); | |
224 | 224 | md->chc.curlen = 0; |
225 | 225 | } |
226 | 226 | |
231 | 231 | |
232 | 232 | /* store length */ |
233 | 233 | STORE64L(md->chc.length, md->chc.buf+(cipher_blocksize-8)); |
234 | chc_compress(md, md->chc.buf); | |
234 | s_chc_compress(md, md->chc.buf); | |
235 | 235 | |
236 | 236 | /* copy output */ |
237 | 237 | XMEMCPY(out, md->chc.state, cipher_blocksize); |
48 | 48 | }; |
49 | 49 | |
50 | 50 | /* adds 16 bytes to the checksum */ |
51 | static void md2_update_chksum(hash_state *md) | |
51 | static void s_md2_update_chksum(hash_state *md) | |
52 | 52 | { |
53 | 53 | int j; |
54 | 54 | unsigned char L; |
62 | 62 | } |
63 | 63 | } |
64 | 64 | |
65 | static void md2_compress(hash_state *md) | |
65 | static void s_md2_compress(hash_state *md) | |
66 | 66 | { |
67 | 67 | int j, k; |
68 | 68 | unsigned char t; |
125 | 125 | |
126 | 126 | /* is 16 bytes full? */ |
127 | 127 | if (md->md2.curlen == 16) { |
128 | md2_compress(md); | |
129 | md2_update_chksum(md); | |
128 | s_md2_compress(md); | |
129 | s_md2_update_chksum(md); | |
130 | 130 | md->md2.curlen = 0; |
131 | 131 | } |
132 | 132 | } |
158 | 158 | } |
159 | 159 | |
160 | 160 | /* hash and update */ |
161 | md2_compress(md); | |
162 | md2_update_chksum(md); | |
161 | s_md2_compress(md); | |
162 | s_md2_update_chksum(md); | |
163 | 163 | |
164 | 164 | /* hash checksum */ |
165 | 165 | XMEMCPY(md->md2.buf, md->md2.chksum, 16); |
166 | md2_compress(md); | |
166 | s_md2_compress(md); | |
167 | 167 | |
168 | 168 | /* output is lower 16 bytes of X */ |
169 | 169 | XMEMCPY(out, md->md2.X, 16); |
64 | 64 | } |
65 | 65 | |
66 | 66 | #ifdef LTC_CLEAN_STACK |
67 | static int _md4_compress(hash_state *md, const unsigned char *buf) | |
67 | static int ss_md4_compress(hash_state *md, const unsigned char *buf) | |
68 | 68 | #else |
69 | static int md4_compress(hash_state *md, const unsigned char *buf) | |
69 | static int s_md4_compress(hash_state *md, const unsigned char *buf) | |
70 | 70 | #endif |
71 | 71 | { |
72 | 72 | ulong32 x[16], a, b, c, d; |
148 | 148 | } |
149 | 149 | |
150 | 150 | #ifdef LTC_CLEAN_STACK |
151 | static int md4_compress(hash_state *md, const unsigned char *buf) | |
151 | static int s_md4_compress(hash_state *md, const unsigned char *buf) | |
152 | 152 | { |
153 | 153 | int err; |
154 | err = _md4_compress(md, buf); | |
154 | err = ss_md4_compress(md, buf); | |
155 | 155 | burn_stack(sizeof(ulong32) * 20 + sizeof(int)); |
156 | 156 | return err; |
157 | 157 | } |
181 | 181 | @param inlen The length of the data (octets) |
182 | 182 | @return CRYPT_OK if successful |
183 | 183 | */ |
184 | HASH_PROCESS(md4_process, md4_compress, md4, 64) | |
184 | HASH_PROCESS(md4_process, s_md4_compress, md4, 64) | |
185 | 185 | |
186 | 186 | /** |
187 | 187 | Terminate the hash to get the digest |
214 | 214 | while (md->md4.curlen < 64) { |
215 | 215 | md->md4.buf[md->md4.curlen++] = (unsigned char)0; |
216 | 216 | } |
217 | md4_compress(md, md->md4.buf); | |
217 | s_md4_compress(md, md->md4.buf); | |
218 | 218 | md->md4.curlen = 0; |
219 | 219 | } |
220 | 220 | |
225 | 225 | |
226 | 226 | /* store length */ |
227 | 227 | STORE64L(md->md4.length, md->md4.buf+56); |
228 | md4_compress(md, md->md4.buf); | |
228 | s_md4_compress(md, md->md4.buf); | |
229 | 229 | |
230 | 230 | /* copy output */ |
231 | 231 | for (i = 0; i < 4; i++) { |
89 | 89 | #endif |
90 | 90 | |
91 | 91 | #ifdef LTC_CLEAN_STACK |
92 | static int _md5_compress(hash_state *md, const unsigned char *buf) | |
92 | static int ss_md5_compress(hash_state *md, const unsigned char *buf) | |
93 | 93 | #else |
94 | static int md5_compress(hash_state *md, const unsigned char *buf) | |
94 | static int s_md5_compress(hash_state *md, const unsigned char *buf) | |
95 | 95 | #endif |
96 | 96 | { |
97 | 97 | ulong32 i, W[16], a, b, c, d; |
207 | 207 | } |
208 | 208 | |
209 | 209 | #ifdef LTC_CLEAN_STACK |
210 | static int md5_compress(hash_state *md, const unsigned char *buf) | |
210 | static int s_md5_compress(hash_state *md, const unsigned char *buf) | |
211 | 211 | { |
212 | 212 | int err; |
213 | err = _md5_compress(md, buf); | |
213 | err = ss_md5_compress(md, buf); | |
214 | 214 | burn_stack(sizeof(ulong32) * 21); |
215 | 215 | return err; |
216 | 216 | } |
240 | 240 | @param inlen The length of the data (octets) |
241 | 241 | @return CRYPT_OK if successful |
242 | 242 | */ |
243 | HASH_PROCESS(md5_process, md5_compress, md5, 64) | |
243 | HASH_PROCESS(md5_process, s_md5_compress, md5, 64) | |
244 | 244 | |
245 | 245 | /** |
246 | 246 | Terminate the hash to get the digest |
274 | 274 | while (md->md5.curlen < 64) { |
275 | 275 | md->md5.buf[md->md5.curlen++] = (unsigned char)0; |
276 | 276 | } |
277 | md5_compress(md, md->md5.buf); | |
277 | s_md5_compress(md, md->md5.buf); | |
278 | 278 | md->md5.curlen = 0; |
279 | 279 | } |
280 | 280 | |
285 | 285 | |
286 | 286 | /* store length */ |
287 | 287 | STORE64L(md->md5.length, md->md5.buf+56); |
288 | md5_compress(md, md->md5.buf); | |
288 | s_md5_compress(md, md->md5.buf); | |
289 | 289 | |
290 | 290 | /* copy output */ |
291 | 291 | for (i = 0; i < 4; i++) { |
72 | 72 | (a) = ROLc((a), (s)); |
73 | 73 | |
74 | 74 | #ifdef LTC_CLEAN_STACK |
75 | static int _rmd128_compress(hash_state *md, const unsigned char *buf) | |
75 | static int ss_rmd128_compress(hash_state *md, const unsigned char *buf) | |
76 | 76 | #else |
77 | static int rmd128_compress(hash_state *md, const unsigned char *buf) | |
77 | static int s_rmd128_compress(hash_state *md, const unsigned char *buf) | |
78 | 78 | #endif |
79 | 79 | { |
80 | 80 | ulong32 aa,bb,cc,dd,aaa,bbb,ccc,ddd,X[16]; |
246 | 246 | } |
247 | 247 | |
248 | 248 | #ifdef LTC_CLEAN_STACK |
249 | static int rmd128_compress(hash_state *md, const unsigned char *buf) | |
249 | static int s_rmd128_compress(hash_state *md, const unsigned char *buf) | |
250 | 250 | { |
251 | 251 | int err; |
252 | err = _rmd128_compress(md, buf); | |
252 | err = ss_rmd128_compress(md, buf); | |
253 | 253 | burn_stack(sizeof(ulong32) * 24 + sizeof(int)); |
254 | 254 | return err; |
255 | 255 | } |
279 | 279 | @param inlen The length of the data (octets) |
280 | 280 | @return CRYPT_OK if successful |
281 | 281 | */ |
282 | HASH_PROCESS(rmd128_process, rmd128_compress, rmd128, 64) | |
282 | HASH_PROCESS(rmd128_process, s_rmd128_compress, rmd128, 64) | |
283 | 283 | |
284 | 284 | /** |
285 | 285 | Terminate the hash to get the digest |
313 | 313 | while (md->rmd128.curlen < 64) { |
314 | 314 | md->rmd128.buf[md->rmd128.curlen++] = (unsigned char)0; |
315 | 315 | } |
316 | rmd128_compress(md, md->rmd128.buf); | |
316 | s_rmd128_compress(md, md->rmd128.buf); | |
317 | 317 | md->rmd128.curlen = 0; |
318 | 318 | } |
319 | 319 | |
324 | 324 | |
325 | 325 | /* store length */ |
326 | 326 | STORE64L(md->rmd128.length, md->rmd128.buf+56); |
327 | rmd128_compress(md, md->rmd128.buf); | |
327 | s_rmd128_compress(md, md->rmd128.buf); | |
328 | 328 | |
329 | 329 | /* copy output */ |
330 | 330 | for (i = 0; i < 4; i++) { |
92 | 92 | |
93 | 93 | |
94 | 94 | #ifdef LTC_CLEAN_STACK |
95 | static int _rmd160_compress(hash_state *md, const unsigned char *buf) | |
95 | static int ss_rmd160_compress(hash_state *md, const unsigned char *buf) | |
96 | 96 | #else |
97 | static int rmd160_compress(hash_state *md, const unsigned char *buf) | |
97 | static int s_rmd160_compress(hash_state *md, const unsigned char *buf) | |
98 | 98 | #endif |
99 | 99 | { |
100 | 100 | ulong32 aa,bb,cc,dd,ee,aaa,bbb,ccc,ddd,eee,X[16]; |
304 | 304 | } |
305 | 305 | |
306 | 306 | #ifdef LTC_CLEAN_STACK |
307 | static int rmd160_compress(hash_state *md, const unsigned char *buf) | |
307 | static int s_rmd160_compress(hash_state *md, const unsigned char *buf) | |
308 | 308 | { |
309 | 309 | int err; |
310 | err = _rmd160_compress(md, buf); | |
310 | err = ss_rmd160_compress(md, buf); | |
311 | 311 | burn_stack(sizeof(ulong32) * 26 + sizeof(int)); |
312 | 312 | return err; |
313 | 313 | } |
338 | 338 | @param inlen The length of the data (octets) |
339 | 339 | @return CRYPT_OK if successful |
340 | 340 | */ |
341 | HASH_PROCESS(rmd160_process, rmd160_compress, rmd160, 64) | |
341 | HASH_PROCESS(rmd160_process, s_rmd160_compress, rmd160, 64) | |
342 | 342 | |
343 | 343 | /** |
344 | 344 | Terminate the hash to get the digest |
372 | 372 | while (md->rmd160.curlen < 64) { |
373 | 373 | md->rmd160.buf[md->rmd160.curlen++] = (unsigned char)0; |
374 | 374 | } |
375 | rmd160_compress(md, md->rmd160.buf); | |
375 | s_rmd160_compress(md, md->rmd160.buf); | |
376 | 376 | md->rmd160.curlen = 0; |
377 | 377 | } |
378 | 378 | |
383 | 383 | |
384 | 384 | /* store length */ |
385 | 385 | STORE64L(md->rmd160.length, md->rmd160.buf+56); |
386 | rmd160_compress(md, md->rmd160.buf); | |
386 | s_rmd160_compress(md, md->rmd160.buf); | |
387 | 387 | |
388 | 388 | /* copy output */ |
389 | 389 | for (i = 0; i < 5; i++) { |
66 | 66 | (a) = ROLc((a), (s)); |
67 | 67 | |
68 | 68 | #ifdef LTC_CLEAN_STACK |
69 | static int _rmd256_compress(hash_state *md, const unsigned char *buf) | |
69 | static int ss_rmd256_compress(hash_state *md, const unsigned char *buf) | |
70 | 70 | #else |
71 | static int rmd256_compress(hash_state *md, const unsigned char *buf) | |
71 | static int s_rmd256_compress(hash_state *md, const unsigned char *buf) | |
72 | 72 | #endif |
73 | 73 | { |
74 | 74 | ulong32 aa,bb,cc,dd,aaa,bbb,ccc,ddd,tmp,X[16]; |
255 | 255 | } |
256 | 256 | |
257 | 257 | #ifdef LTC_CLEAN_STACK |
258 | static int rmd256_compress(hash_state *md, const unsigned char *buf) | |
258 | static int s_rmd256_compress(hash_state *md, const unsigned char *buf) | |
259 | 259 | { |
260 | 260 | int err; |
261 | err = _rmd256_compress(md, buf); | |
261 | err = ss_rmd256_compress(md, buf); | |
262 | 262 | burn_stack(sizeof(ulong32) * 25 + sizeof(int)); |
263 | 263 | return err; |
264 | 264 | } |
292 | 292 | @param inlen The length of the data (octets) |
293 | 293 | @return CRYPT_OK if successful |
294 | 294 | */ |
295 | HASH_PROCESS(rmd256_process, rmd256_compress, rmd256, 64) | |
295 | HASH_PROCESS(rmd256_process, s_rmd256_compress, rmd256, 64) | |
296 | 296 | |
297 | 297 | /** |
298 | 298 | Terminate the hash to get the digest |
326 | 326 | while (md->rmd256.curlen < 64) { |
327 | 327 | md->rmd256.buf[md->rmd256.curlen++] = (unsigned char)0; |
328 | 328 | } |
329 | rmd256_compress(md, md->rmd256.buf); | |
329 | s_rmd256_compress(md, md->rmd256.buf); | |
330 | 330 | md->rmd256.curlen = 0; |
331 | 331 | } |
332 | 332 | |
337 | 337 | |
338 | 338 | /* store length */ |
339 | 339 | STORE64L(md->rmd256.length, md->rmd256.buf+56); |
340 | rmd256_compress(md, md->rmd256.buf); | |
340 | s_rmd256_compress(md, md->rmd256.buf); | |
341 | 341 | |
342 | 342 | /* copy output */ |
343 | 343 | for (i = 0; i < 8; i++) { |
87 | 87 | |
88 | 88 | |
89 | 89 | #ifdef LTC_CLEAN_STACK |
90 | static int _rmd320_compress(hash_state *md, const unsigned char *buf) | |
90 | static int ss_rmd320_compress(hash_state *md, const unsigned char *buf) | |
91 | 91 | #else |
92 | static int rmd320_compress(hash_state *md, const unsigned char *buf) | |
92 | static int s_rmd320_compress(hash_state *md, const unsigned char *buf) | |
93 | 93 | #endif |
94 | 94 | { |
95 | 95 | ulong32 aa,bb,cc,dd,ee,aaa,bbb,ccc,ddd,eee,tmp,X[16]; |
318 | 318 | } |
319 | 319 | |
320 | 320 | #ifdef LTC_CLEAN_STACK |
321 | static int rmd320_compress(hash_state *md, const unsigned char *buf) | |
321 | static int s_rmd320_compress(hash_state *md, const unsigned char *buf) | |
322 | 322 | { |
323 | 323 | int err; |
324 | err = _rmd320_compress(md, buf); | |
324 | err = ss_rmd320_compress(md, buf); | |
325 | 325 | burn_stack(sizeof(ulong32) * 27 + sizeof(int)); |
326 | 326 | return err; |
327 | 327 | } |
357 | 357 | @param inlen The length of the data (octets) |
358 | 358 | @return CRYPT_OK if successful |
359 | 359 | */ |
360 | HASH_PROCESS(rmd320_process, rmd320_compress, rmd320, 64) | |
360 | HASH_PROCESS(rmd320_process, s_rmd320_compress, rmd320, 64) | |
361 | 361 | |
362 | 362 | /** |
363 | 363 | Terminate the hash to get the digest |
391 | 391 | while (md->rmd320.curlen < 64) { |
392 | 392 | md->rmd320.buf[md->rmd320.curlen++] = (unsigned char)0; |
393 | 393 | } |
394 | rmd320_compress(md, md->rmd320.buf); | |
394 | s_rmd320_compress(md, md->rmd320.buf); | |
395 | 395 | md->rmd320.curlen = 0; |
396 | 396 | } |
397 | 397 | |
402 | 402 | |
403 | 403 | /* store length */ |
404 | 404 | STORE64L(md->rmd320.length, md->rmd320.buf+56); |
405 | rmd320_compress(md, md->rmd320.buf); | |
405 | s_rmd320_compress(md, md->rmd320.buf); | |
406 | 406 | |
407 | 407 | /* copy output */ |
408 | 408 | for (i = 0; i < 10; i++) { |
33 | 33 | #define F3(x,y,z) (x ^ y ^ z) |
34 | 34 | |
35 | 35 | #ifdef LTC_CLEAN_STACK |
36 | static int _sha1_compress(hash_state *md, const unsigned char *buf) | |
36 | static int ss_sha1_compress(hash_state *md, const unsigned char *buf) | |
37 | 37 | #else |
38 | static int sha1_compress(hash_state *md, const unsigned char *buf) | |
38 | static int s_sha1_compress(hash_state *md, const unsigned char *buf) | |
39 | 39 | #endif |
40 | 40 | { |
41 | 41 | ulong32 a,b,c,d,e,W[80],i; |
139 | 139 | } |
140 | 140 | |
141 | 141 | #ifdef LTC_CLEAN_STACK |
142 | static int sha1_compress(hash_state *md, const unsigned char *buf) | |
142 | static int s_sha1_compress(hash_state *md, const unsigned char *buf) | |
143 | 143 | { |
144 | 144 | int err; |
145 | err = _sha1_compress(md, buf); | |
145 | err = ss_sha1_compress(md, buf); | |
146 | 146 | burn_stack(sizeof(ulong32) * 87); |
147 | 147 | return err; |
148 | 148 | } |
173 | 173 | @param inlen The length of the data (octets) |
174 | 174 | @return CRYPT_OK if successful |
175 | 175 | */ |
176 | HASH_PROCESS(sha1_process, sha1_compress, sha1, 64) | |
176 | HASH_PROCESS(sha1_process, s_sha1_compress, sha1, 64) | |
177 | 177 | |
178 | 178 | /** |
179 | 179 | Terminate the hash to get the digest |
206 | 206 | while (md->sha1.curlen < 64) { |
207 | 207 | md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; |
208 | 208 | } |
209 | sha1_compress(md, md->sha1.buf); | |
209 | s_sha1_compress(md, md->sha1.buf); | |
210 | 210 | md->sha1.curlen = 0; |
211 | 211 | } |
212 | 212 | |
217 | 217 | |
218 | 218 | /* store length */ |
219 | 219 | STORE64H(md->sha1.length, md->sha1.buf+56); |
220 | sha1_compress(md, md->sha1.buf); | |
220 | s_sha1_compress(md, md->sha1.buf); | |
221 | 221 | |
222 | 222 | /* copy output */ |
223 | 223 | for (i = 0; i < 5; i++) { |
57 | 57 | |
58 | 58 | /* compress 512-bits */ |
59 | 59 | #ifdef LTC_CLEAN_STACK |
60 | static int _sha256_compress(hash_state * md, const unsigned char *buf) | |
60 | static int ss_sha256_compress(hash_state * md, const unsigned char *buf) | |
61 | 61 | #else |
62 | static int sha256_compress(hash_state * md, const unsigned char *buf) | |
62 | static int s_sha256_compress(hash_state * md, const unsigned char *buf) | |
63 | 63 | #endif |
64 | 64 | { |
65 | 65 | ulong32 S[8], W[64], t0, t1; |
167 | 167 | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],61,0xa4506ceb); |
168 | 168 | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],62,0xbef9a3f7); |
169 | 169 | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],63,0xc67178f2); |
170 | ||
170 | #endif | |
171 | 171 | #undef RND |
172 | ||
173 | #endif | |
174 | 172 | |
175 | 173 | /* feedback */ |
176 | 174 | for (i = 0; i < 8; i++) { |
180 | 178 | } |
181 | 179 | |
182 | 180 | #ifdef LTC_CLEAN_STACK |
183 | static int sha256_compress(hash_state * md, const unsigned char *buf) | |
181 | static int s_sha256_compress(hash_state * md, const unsigned char *buf) | |
184 | 182 | { |
185 | 183 | int err; |
186 | err = _sha256_compress(md, buf); | |
184 | err = ss_sha256_compress(md, buf); | |
187 | 185 | burn_stack(sizeof(ulong32) * 74); |
188 | 186 | return err; |
189 | 187 | } |
218 | 216 | @param inlen The length of the data (octets) |
219 | 217 | @return CRYPT_OK if successful |
220 | 218 | */ |
221 | HASH_PROCESS(sha256_process, sha256_compress, sha256, 64) | |
219 | HASH_PROCESS(sha256_process,s_sha256_compress, sha256, 64) | |
222 | 220 | |
223 | 221 | /** |
224 | 222 | Terminate the hash to get the digest |
252 | 250 | while (md->sha256.curlen < 64) { |
253 | 251 | md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; |
254 | 252 | } |
255 | sha256_compress(md, md->sha256.buf); | |
253 | s_sha256_compress(md, md->sha256.buf); | |
256 | 254 | md->sha256.curlen = 0; |
257 | 255 | } |
258 | 256 | |
263 | 261 | |
264 | 262 | /* store length */ |
265 | 263 | STORE64H(md->sha256.length, md->sha256.buf+56); |
266 | sha256_compress(md, md->sha256.buf); | |
264 | s_sha256_compress(md, md->sha256.buf); | |
267 | 265 | |
268 | 266 | /* copy output */ |
269 | 267 | for (i = 0; i < 8; i++) { |
82 | 82 | |
83 | 83 | /* compress 1024-bits */ |
84 | 84 | #ifdef LTC_CLEAN_STACK |
85 | static int _sha512_compress(hash_state * md, const unsigned char *buf) | |
85 | static int ss_sha512_compress(hash_state * md, const unsigned char *buf) | |
86 | 86 | #else |
87 | static int sha512_compress(hash_state * md, const unsigned char *buf) | |
87 | static int s_sha512_compress(hash_state * md, const unsigned char *buf) | |
88 | 88 | #endif |
89 | 89 | { |
90 | 90 | ulong64 S[8], W[80], t0, t1; |
149 | 149 | |
150 | 150 | /* compress 1024-bits */ |
151 | 151 | #ifdef LTC_CLEAN_STACK |
152 | static int sha512_compress(hash_state * md, const unsigned char *buf) | |
152 | static int s_sha512_compress(hash_state * md, const unsigned char *buf) | |
153 | 153 | { |
154 | 154 | int err; |
155 | err = _sha512_compress(md, buf); | |
155 | err = ss_sha512_compress(md, buf); | |
156 | 156 | burn_stack(sizeof(ulong64) * 90 + sizeof(int)); |
157 | 157 | return err; |
158 | 158 | } |
186 | 186 | @param inlen The length of the data (octets) |
187 | 187 | @return CRYPT_OK if successful |
188 | 188 | */ |
189 | HASH_PROCESS(sha512_process, sha512_compress, sha512, 128) | |
189 | HASH_PROCESS(sha512_process, s_sha512_compress, sha512, 128) | |
190 | 190 | |
191 | 191 | /** |
192 | 192 | Terminate the hash to get the digest |
219 | 219 | while (md->sha512.curlen < 128) { |
220 | 220 | md->sha512.buf[md->sha512.curlen++] = (unsigned char)0; |
221 | 221 | } |
222 | sha512_compress(md, md->sha512.buf); | |
222 | s_sha512_compress(md, md->sha512.buf); | |
223 | 223 | md->sha512.curlen = 0; |
224 | 224 | } |
225 | 225 | |
233 | 233 | |
234 | 234 | /* store length */ |
235 | 235 | STORE64H(md->sha512.length, md->sha512.buf+120); |
236 | sha512_compress(md, md->sha512.buf); | |
236 | s_sha512_compress(md, md->sha512.buf); | |
237 | 237 | |
238 | 238 | /* copy output */ |
239 | 239 | for (i = 0; i < 8; i++) { |
130 | 130 | #define SHA3_KECCAK_SPONGE_WORDS 25 /* 1600 bits > 200 bytes > 25 x ulong64 */ |
131 | 131 | #define SHA3_KECCAK_ROUNDS 24 |
132 | 132 | |
133 | static const ulong64 keccakf_rndc[24] = { | |
133 | static const ulong64 s_keccakf_rndc[24] = { | |
134 | 134 | CONST64(0x0000000000000001), CONST64(0x0000000000008082), |
135 | 135 | CONST64(0x800000000000808a), CONST64(0x8000000080008000), |
136 | 136 | CONST64(0x000000000000808b), CONST64(0x0000000080000001), |
145 | 145 | CONST64(0x0000000080000001), CONST64(0x8000000080008008) |
146 | 146 | }; |
147 | 147 | |
148 | static const unsigned keccakf_rotc[24] = { | |
148 | static const unsigned s_keccakf_rotc[24] = { | |
149 | 149 | 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14, 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44 |
150 | 150 | }; |
151 | 151 | |
152 | static const unsigned keccakf_piln[24] = { | |
152 | static const unsigned s_keccakf_piln[24] = { | |
153 | 153 | 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1 |
154 | 154 | }; |
155 | 155 | |
156 | static void keccakf(ulong64 s[25]) | |
156 | static void s_keccakf(ulong64 s[25]) | |
157 | 157 | { |
158 | 158 | int i, j, round; |
159 | 159 | ulong64 t, bc[5]; |
172 | 172 | /* Rho Pi */ |
173 | 173 | t = s[1]; |
174 | 174 | for(i = 0; i < 24; i++) { |
175 | j = keccakf_piln[i]; | |
175 | j = s_keccakf_piln[i]; | |
176 | 176 | bc[0] = s[j]; |
177 | s[j] = ROL64(t, keccakf_rotc[i]); | |
177 | s[j] = ROL64(t, s_keccakf_rotc[i]); | |
178 | 178 | t = bc[0]; |
179 | 179 | } |
180 | 180 | /* Chi */ |
187 | 187 | } |
188 | 188 | } |
189 | 189 | /* Iota */ |
190 | s[0] ^= keccakf_rndc[round]; | |
191 | } | |
192 | } | |
193 | ||
194 | static LTC_INLINE int _done(hash_state *md, unsigned char *hash, ulong64 pad) | |
190 | s[0] ^= s_keccakf_rndc[round]; | |
191 | } | |
192 | } | |
193 | ||
194 | static LTC_INLINE int ss_done(hash_state *md, unsigned char *hash, ulong64 pad) | |
195 | 195 | { |
196 | 196 | unsigned i; |
197 | 197 | |
200 | 200 | |
201 | 201 | md->sha3.s[md->sha3.word_index] ^= (md->sha3.saved ^ (pad << (md->sha3.byte_index * 8))); |
202 | 202 | md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000); |
203 | keccakf(md->sha3.s); | |
203 | s_keccakf(md->sha3.s); | |
204 | 204 | |
205 | 205 | /* store sha3.s[] as little-endian bytes into sha3.sb */ |
206 | 206 | for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { |
282 | 282 | md->sha3.byte_index = 0; |
283 | 283 | md->sha3.saved = 0; |
284 | 284 | if(++md->sha3.word_index == (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words)) { |
285 | keccakf(md->sha3.s); | |
285 | s_keccakf(md->sha3.s); | |
286 | 286 | md->sha3.word_index = 0; |
287 | 287 | } |
288 | 288 | } |
296 | 296 | LOAD64L(t, in); |
297 | 297 | md->sha3.s[md->sha3.word_index] ^= t; |
298 | 298 | if(++md->sha3.word_index == (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words)) { |
299 | keccakf(md->sha3.s); | |
299 | s_keccakf(md->sha3.s); | |
300 | 300 | md->sha3.word_index = 0; |
301 | 301 | } |
302 | 302 | } |
311 | 311 | #ifdef LTC_SHA3 |
312 | 312 | int sha3_done(hash_state *md, unsigned char *out) |
313 | 313 | { |
314 | return _done(md, out, CONST64(0x06)); | |
314 | return ss_done(md, out, CONST64(0x06)); | |
315 | 315 | } |
316 | 316 | #endif |
317 | 317 | |
318 | 318 | #ifdef LTC_KECCAK |
319 | 319 | int keccak_done(hash_state *md, unsigned char *out) |
320 | 320 | { |
321 | return _done(md, out, CONST64(0x01)); | |
321 | return ss_done(md, out, CONST64(0x01)); | |
322 | 322 | } |
323 | 323 | #endif |
324 | 324 | |
337 | 337 | /* shake_xof operation must be done only once */ |
338 | 338 | md->sha3.s[md->sha3.word_index] ^= (md->sha3.saved ^ (CONST64(0x1F) << (md->sha3.byte_index * 8))); |
339 | 339 | md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000); |
340 | keccakf(md->sha3.s); | |
340 | s_keccakf(md->sha3.s); | |
341 | 341 | /* store sha3.s[] as little-endian bytes into sha3.sb */ |
342 | 342 | for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { |
343 | 343 | STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); |
348 | 348 | |
349 | 349 | for (idx = 0; idx < outlen; idx++) { |
350 | 350 | if(md->sha3.byte_index >= (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words) * 8) { |
351 | keccakf(md->sha3.s); | |
351 | s_keccakf(md->sha3.s); | |
352 | 352 | /* store sha3.s[] as little-endian bytes into sha3.sb */ |
353 | 353 | for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { |
354 | 354 | STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); |
546 | 546 | CONST64(0xCD56D9430EA8280E) /* 1020 */, CONST64(0xC12591D7535F5065) /* 1021 */, |
547 | 547 | CONST64(0xC83223F1720AEF96) /* 1022 */, CONST64(0xC3A0396F7363A51F) /* 1023 */}; |
548 | 548 | |
549 | #ifdef _MSC_VER | |
550 | #define INLINE __inline | |
551 | #else | |
552 | #define INLINE | |
553 | #endif | |
554 | ||
555 | 549 | /* one round of the hash function */ |
556 | INLINE static void tiger_round(ulong64 *a, ulong64 *b, ulong64 *c, ulong64 x, int mul) | |
550 | LTC_INLINE static void tiger_round(ulong64 *a, ulong64 *b, ulong64 *c, ulong64 x, int mul) | |
557 | 551 | { |
558 | 552 | ulong64 tmp; |
559 | 553 | tmp = (*c ^= x); |
567 | 561 | } |
568 | 562 | |
569 | 563 | /* one complete pass */ |
570 | static void pass(ulong64 *a, ulong64 *b, ulong64 *c, const ulong64 *x, int mul) | |
564 | static void s_pass(ulong64 *a, ulong64 *b, ulong64 *c, const ulong64 *x, int mul) | |
571 | 565 | { |
572 | 566 | tiger_round(a,b,c,x[0],mul); |
573 | 567 | tiger_round(b,c,a,x[1],mul); |
580 | 574 | } |
581 | 575 | |
582 | 576 | /* The key mixing schedule */ |
583 | static void key_schedule(ulong64 *x) | |
577 | static void s_key_schedule(ulong64 *x) | |
584 | 578 | { |
585 | 579 | x[0] -= x[7] ^ CONST64(0xA5A5A5A5A5A5A5A5); |
586 | 580 | x[1] ^= x[0]; |
601 | 595 | } |
602 | 596 | |
603 | 597 | #ifdef LTC_CLEAN_STACK |
604 | static int _tiger_compress(hash_state *md, const unsigned char *buf) | |
598 | static int ss_tiger_compress(hash_state *md, const unsigned char *buf) | |
605 | 599 | #else |
606 | static int tiger_compress(hash_state *md, const unsigned char *buf) | |
600 | static int s_tiger_compress(hash_state *md, const unsigned char *buf) | |
607 | 601 | #endif |
608 | 602 | { |
609 | 603 | ulong64 a, b, c, x[8]; |
617 | 611 | b = md->tiger.state[1]; |
618 | 612 | c = md->tiger.state[2]; |
619 | 613 | |
620 | pass(&a,&b,&c,x,5); | |
621 | key_schedule(x); | |
622 | pass(&c,&a,&b,x,7); | |
623 | key_schedule(x); | |
624 | pass(&b,&c,&a,x,9); | |
614 | s_pass(&a,&b,&c,x,5); | |
615 | s_key_schedule(x); | |
616 | s_pass(&c,&a,&b,x,7); | |
617 | s_key_schedule(x); | |
618 | s_pass(&b,&c,&a,x,9); | |
625 | 619 | |
626 | 620 | /* store state */ |
627 | 621 | md->tiger.state[0] = a ^ md->tiger.state[0]; |
632 | 626 | } |
633 | 627 | |
634 | 628 | #ifdef LTC_CLEAN_STACK |
635 | static int tiger_compress(hash_state *md, const unsigned char *buf) | |
629 | static int s_tiger_compress(hash_state *md, const unsigned char *buf) | |
636 | 630 | { |
637 | 631 | int err; |
638 | err = _tiger_compress(md, buf); | |
632 | err = ss_tiger_compress(md, buf); | |
639 | 633 | burn_stack(sizeof(ulong64) * 11 + sizeof(unsigned long)); |
640 | 634 | return err; |
641 | 635 | } |
664 | 658 | @param inlen The length of the data (octets) |
665 | 659 | @return CRYPT_OK if successful |
666 | 660 | */ |
667 | HASH_PROCESS(tiger_process, tiger_compress, tiger, 64) | |
661 | HASH_PROCESS(tiger_process, s_tiger_compress, tiger, 64) | |
668 | 662 | |
669 | 663 | /** |
670 | 664 | Terminate the hash to get the digest |
694 | 688 | while (md->tiger.curlen < 64) { |
695 | 689 | md->tiger.buf[md->tiger.curlen++] = (unsigned char)0; |
696 | 690 | } |
697 | tiger_compress(md, md->tiger.buf); | |
691 | s_tiger_compress(md, md->tiger.buf); | |
698 | 692 | md->tiger.curlen = 0; |
699 | 693 | } |
700 | 694 | |
705 | 699 | |
706 | 700 | /* store length */ |
707 | 701 | STORE64L(md->tiger.length, md->tiger.buf+56); |
708 | tiger_compress(md, md->tiger.buf); | |
702 | s_tiger_compress(md, md->tiger.buf); | |
709 | 703 | |
710 | 704 | /* copy output */ |
711 | 705 | STORE64L(md->tiger.state[0], &out[0]); |
28 | 28 | }; |
29 | 29 | |
30 | 30 | /* the sboxes */ |
31 | #define __LTC_WHIRLTAB_C__ | |
31 | #define LTC_WHIRLTAB_C | |
32 | 32 | #include "whirltab.c" |
33 | 33 | |
34 | 34 | /* get a_{i,j} */ |
46 | 46 | SB7(GB(a, i-7, 0))) |
47 | 47 | |
48 | 48 | #ifdef LTC_CLEAN_STACK |
49 | static int _whirlpool_compress(hash_state *md, const unsigned char *buf) | |
49 | static int ss_whirlpool_compress(hash_state *md, const unsigned char *buf) | |
50 | 50 | #else |
51 | static int whirlpool_compress(hash_state *md, const unsigned char *buf) | |
51 | static int s_whirlpool_compress(hash_state *md, const unsigned char *buf) | |
52 | 52 | #endif |
53 | 53 | { |
54 | 54 | ulong64 K[2][8], T[3][8]; |
102 | 102 | |
103 | 103 | |
104 | 104 | #ifdef LTC_CLEAN_STACK |
105 | static int whirlpool_compress(hash_state *md, const unsigned char *buf) | |
105 | static int s_whirlpool_compress(hash_state *md, const unsigned char *buf) | |
106 | 106 | { |
107 | 107 | int err; |
108 | err = _whirlpool_compress(md, buf); | |
108 | err = ss_whirlpool_compress(md, buf); | |
109 | 109 | burn_stack((5 * 8 * sizeof(ulong64)) + (2 * sizeof(int))); |
110 | 110 | return err; |
111 | 111 | } |
131 | 131 | @param inlen The length of the data (octets) |
132 | 132 | @return CRYPT_OK if successful |
133 | 133 | */ |
134 | HASH_PROCESS(whirlpool_process, whirlpool_compress, whirlpool, 64) | |
134 | HASH_PROCESS(whirlpool_process, s_whirlpool_compress, whirlpool, 64) | |
135 | 135 | |
136 | 136 | /** |
137 | 137 | Terminate the hash to get the digest |
164 | 164 | while (md->whirlpool.curlen < 64) { |
165 | 165 | md->whirlpool.buf[md->whirlpool.curlen++] = (unsigned char)0; |
166 | 166 | } |
167 | whirlpool_compress(md, md->whirlpool.buf); | |
167 | s_whirlpool_compress(md, md->whirlpool.buf); | |
168 | 168 | md->whirlpool.curlen = 0; |
169 | 169 | } |
170 | 170 | |
175 | 175 | |
176 | 176 | /* store length */ |
177 | 177 | STORE64H(md->whirlpool.length, md->whirlpool.buf+56); |
178 | whirlpool_compress(md, md->whirlpool.buf); | |
178 | s_whirlpool_compress(md, md->whirlpool.buf); | |
179 | 179 | |
180 | 180 | /* copy output */ |
181 | 181 | for (i = 0; i < 8; i++) { |
5 | 5 | LTC_WHIRLPOOL tables, Tom St Denis |
6 | 6 | */ |
7 | 7 | |
8 | #ifdef __LTC_WHIRLTAB_C__ | |
8 | #ifdef LTC_WHIRLTAB_C | |
9 | 9 | |
10 | 10 | static const ulong64 sbox0[] = { |
11 | 11 | CONST64(0x18186018c07830d8), CONST64(0x23238c2305af4626), CONST64(0xc6c63fc67ef991b8), CONST64(0xe8e887e8136fcdfb), |
582 | 582 | CONST64(0x6302aa71c81949d9), |
583 | 583 | }; |
584 | 584 | |
585 | #endif /* __LTC_WHIRLTAB_C__ */ | |
585 | #endif /* LTC_WHIRLTAB_C */ |
584 | 584 | #define LTC_PBES |
585 | 585 | #endif |
586 | 586 | |
587 | #if defined(LTC_CLEAN_STACK) | |
588 | /* if you're sure that you want to use it, remove the line below */ | |
589 | #error LTC_CLEAN_STACK is considered as broken | |
590 | #endif | |
591 | ||
592 | #if defined(LTC_PBES) && !defined(LTC_PKCS_5) | |
593 | #error LTC_PBES requires LTC_PKCS_5 | |
594 | #endif | |
595 | ||
596 | #if defined(LTC_PBES) && !defined(LTC_PKCS_12) | |
597 | #error LTC_PBES requires LTC_PKCS_12 | |
598 | #endif | |
599 | ||
600 | #if defined(LTC_PKCS_5) && !defined(LTC_HMAC) | |
601 | #error LTC_PKCS_5 requires LTC_HMAC | |
602 | #endif | |
603 | ||
604 | #if defined(LTC_PKCS_5) && !defined(LTC_HASH_HELPERS) | |
605 | #error LTC_PKCS_5 requires LTC_HASH_HELPERS | |
606 | #endif | |
607 | ||
587 | 608 | #if defined(LTC_PELICAN) && !defined(LTC_RIJNDAEL) |
588 | 609 | #error Pelican-MAC requires LTC_RIJNDAEL |
589 | 610 | #endif |
53 | 53 | #ifdef LTC_HAVE_BSWAP_BUILTIN |
54 | 54 | |
55 | 55 | #define STORE32H(x, y) \ |
56 | do { ulong32 __t = __builtin_bswap32 ((x)); \ | |
57 | XMEMCPY ((y), &__t, 4); } while(0) | |
56 | do { ulong32 ttt = __builtin_bswap32 ((x)); \ | |
57 | XMEMCPY ((y), &ttt, 4); } while(0) | |
58 | 58 | |
59 | 59 | #define LOAD32H(x, y) \ |
60 | 60 | do { XMEMCPY (&(x), (y), 4); \ |
92 | 92 | #ifdef LTC_HAVE_BSWAP_BUILTIN |
93 | 93 | |
94 | 94 | #define STORE64H(x, y) \ |
95 | do { ulong64 __t = __builtin_bswap64 ((x)); \ | |
96 | XMEMCPY ((y), &__t, 8); } while(0) | |
95 | do { ulong64 ttt = __builtin_bswap64 ((x)); \ | |
96 | XMEMCPY ((y), &ttt, 8); } while(0) | |
97 | 97 | |
98 | 98 | #define LOAD64H(x, y) \ |
99 | 99 | do { XMEMCPY (&(x), (y), 8); \ |
134 | 134 | #ifdef ENDIAN_32BITWORD |
135 | 135 | |
136 | 136 | #define STORE32L(x, y) \ |
137 | do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) | |
137 | do { ulong32 ttt = (x); XMEMCPY(y, &ttt, 4); } while(0) | |
138 | 138 | |
139 | 139 | #define LOAD32L(x, y) \ |
140 | 140 | do { XMEMCPY(&(x), y, 4); } while(0) |
154 | 154 | #else /* 64-bit words then */ |
155 | 155 | |
156 | 156 | #define STORE32L(x, y) \ |
157 | do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) | |
157 | do { ulong32 ttt = (x); XMEMCPY(y, &ttt, 4); } while(0) | |
158 | 158 | |
159 | 159 | #define LOAD32L(x, y) \ |
160 | 160 | do { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } while(0) |
161 | 161 | |
162 | 162 | #define STORE64L(x, y) \ |
163 | do { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } while(0) | |
163 | do { ulong64 ttt = (x); XMEMCPY(y, &ttt, 8); } while(0) | |
164 | 164 | |
165 | 165 | #define LOAD64L(x, y) \ |
166 | 166 | do { XMEMCPY(&(x), y, 8); } while(0) |
194 | 194 | #ifdef ENDIAN_32BITWORD |
195 | 195 | |
196 | 196 | #define STORE32H(x, y) \ |
197 | do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) | |
197 | do { ulong32 ttt = (x); XMEMCPY(y, &ttt, 4); } while(0) | |
198 | 198 | |
199 | 199 | #define LOAD32H(x, y) \ |
200 | 200 | do { XMEMCPY(&(x), y, 4); } while(0) |
214 | 214 | #else /* 64-bit words then */ |
215 | 215 | |
216 | 216 | #define STORE32H(x, y) \ |
217 | do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) | |
217 | do { ulong32 ttt = (x); XMEMCPY(y, &ttt, 4); } while(0) | |
218 | 218 | |
219 | 219 | #define LOAD32H(x, y) \ |
220 | 220 | do { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } while(0) |
221 | 221 | |
222 | 222 | #define STORE64H(x, y) \ |
223 | do { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } while(0) | |
223 | do { ulong64 ttt = (x); XMEMCPY(y, &ttt, 8); } while(0) | |
224 | 224 | |
225 | 225 | #define LOAD64H(x, y) \ |
226 | 226 | do { XMEMCPY(&(x), y, 8); } while(0) |
274 | 274 | #ifndef LTC_NO_ROLC |
275 | 275 | |
276 | 276 | #define ROLc(word,i) ({ \ |
277 | ulong32 __ROLc_tmp = (word); \ | |
277 | ulong32 ROLc_tmp = (word); \ | |
278 | 278 | __asm__ ("roll %2, %0" : \ |
279 | "=r" (__ROLc_tmp) : \ | |
280 | "0" (__ROLc_tmp), \ | |
279 | "=r" (ROLc_tmp) : \ | |
280 | "0" (ROLc_tmp), \ | |
281 | 281 | "I" (i)); \ |
282 | __ROLc_tmp; \ | |
282 | ROLc_tmp; \ | |
283 | 283 | }) |
284 | 284 | #define RORc(word,i) ({ \ |
285 | ulong32 __RORc_tmp = (word); \ | |
285 | ulong32 RORc_tmp = (word); \ | |
286 | 286 | __asm__ ("rorl %2, %0" : \ |
287 | "=r" (__RORc_tmp) : \ | |
288 | "0" (__RORc_tmp), \ | |
287 | "=r" (RORc_tmp) : \ | |
288 | "0" (RORc_tmp), \ | |
289 | 289 | "I" (i)); \ |
290 | __RORc_tmp; \ | |
290 | RORc_tmp; \ | |
291 | 291 | }) |
292 | 292 | |
293 | 293 | #else |
392 | 392 | #ifndef LTC_NO_ROLC |
393 | 393 | |
394 | 394 | #define ROL64c(word,i) ({ \ |
395 | ulong64 __ROL64c_tmp = word; \ | |
395 | ulong64 ROL64c_tmp = word; \ | |
396 | 396 | __asm__ ("rolq %2, %0" : \ |
397 | "=r" (__ROL64c_tmp) : \ | |
398 | "0" (__ROL64c_tmp), \ | |
397 | "=r" (ROL64c_tmp) : \ | |
398 | "0" (ROL64c_tmp), \ | |
399 | 399 | "J" (i)); \ |
400 | __ROL64c_tmp; \ | |
400 | ROL64c_tmp; \ | |
401 | 401 | }) |
402 | 402 | #define ROR64c(word,i) ({ \ |
403 | ulong64 __ROR64c_tmp = word; \ | |
403 | ulong64 ROR64c_tmp = word; \ | |
404 | 404 | __asm__ ("rorq %2, %0" : \ |
405 | "=r" (__ROR64c_tmp) : \ | |
406 | "0" (__ROR64c_tmp), \ | |
405 | "=r" (ROR64c_tmp) : \ | |
406 | "0" (ROR64c_tmp), \ | |
407 | 407 | "J" (i)); \ |
408 | __ROR64c_tmp; \ | |
408 | ROR64c_tmp; \ | |
409 | 409 | }) |
410 | 410 | |
411 | 411 | #else /* LTC_NO_ROLC */ |
145 | 145 | LTC_PAD_ISO_10126 = 0x1000U, |
146 | 146 | #endif |
147 | 147 | LTC_PAD_ANSI_X923 = 0x2000U, |
148 | /* The following padding modes don't contain the padding | |
149 | * length as last byte of the padding. | |
150 | */ | |
148 | 151 | LTC_PAD_ONE_AND_ZERO = 0x8000U, |
149 | 152 | LTC_PAD_ZERO = 0x9000U, |
150 | 153 | LTC_PAD_ZERO_ALWAYS = 0xA000U, |
54 | 54 | void rsa_free(rsa_key *key); |
55 | 55 | |
56 | 56 | /* These use PKCS #1 v2.0 padding */ |
57 | #define rsa_encrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, _key) \ | |
58 | rsa_encrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, LTC_PKCS_1_OAEP, _key) | |
59 | ||
60 | #define rsa_decrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, _stat, _key) \ | |
61 | rsa_decrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, LTC_PKCS_1_OAEP, _stat, _key) | |
62 | ||
63 | #define rsa_sign_hash(_in, _inlen, _out, _outlen, _prng, _prng_idx, _hash_idx, _saltlen, _key) \ | |
64 | rsa_sign_hash_ex(_in, _inlen, _out, _outlen, LTC_PKCS_1_PSS, _prng, _prng_idx, _hash_idx, _saltlen, _key) | |
65 | ||
66 | #define rsa_verify_hash(_sig, _siglen, _hash, _hashlen, _hash_idx, _saltlen, _stat, _key) \ | |
67 | rsa_verify_hash_ex(_sig, _siglen, _hash, _hashlen, LTC_PKCS_1_PSS, _hash_idx, _saltlen, _stat, _key) | |
68 | ||
69 | #define rsa_sign_saltlen_get_max(_hash_idx, _key) \ | |
70 | rsa_sign_saltlen_get_max_ex(LTC_PKCS_1_PSS, _hash_idx, _key) | |
57 | #define rsa_encrypt_key(in, inlen, out, outlen, lparam, lparamlen, prng, prng_idx, hash_idx, key) \ | |
58 | rsa_encrypt_key_ex(in, inlen, out, outlen, lparam, lparamlen, prng, prng_idx, hash_idx, LTC_PKCS_1_OAEP, key) | |
59 | ||
60 | #define rsa_decrypt_key(in, inlen, out, outlen, lparam, lparamlen, hash_idx, stat, key) \ | |
61 | rsa_decrypt_key_ex(in, inlen, out, outlen, lparam, lparamlen, hash_idx, LTC_PKCS_1_OAEP, stat, key) | |
62 | ||
63 | #define rsa_sign_hash(in, inlen, out, outlen, prng, prng_idx, hash_idx, saltlen, key) \ | |
64 | rsa_sign_hash_ex(in, inlen, out, outlen, LTC_PKCS_1_PSS, prng, prng_idx, hash_idx, saltlen, key) | |
65 | ||
66 | #define rsa_verify_hash(sig, siglen, hash, hashlen, hash_idx, saltlen, stat, key) \ | |
67 | rsa_verify_hash_ex(sig, siglen, hash, hashlen, LTC_PKCS_1_PSS, hash_idx, saltlen, stat, key) | |
68 | ||
69 | #define rsa_sign_saltlen_get_max(hash_idx, key) \ | |
70 | rsa_sign_saltlen_get_max_ex(LTC_PKCS_1_PSS, hash_idx, key) | |
71 | 71 | |
72 | 72 | /* These can be switched between PKCS #1 v2.x and PKCS #1 v1.5 paddings */ |
73 | 73 | int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, |
539 | 539 | LTC_MACRO_list[LTC_MACRO_temp].tag = 0; \ |
540 | 540 | } while (0) |
541 | 541 | |
542 | #define __LTC_SET_ASN1_IDENTIFIER(list, index, Class, Pc, Tag) \ | |
542 | #define LTC_SET_ASN1_IDENTIFIER(list, index, Class, Pc, Tag) \ | |
543 | 543 | do { \ |
544 | 544 | int LTC_MACRO_temp = (index); \ |
545 | 545 | ltc_asn1_list *LTC_MACRO_list = (list); \ |
553 | 553 | do { \ |
554 | 554 | int LTC_MACRO_temp##__LINE__ = (index); \ |
555 | 555 | LTC_SET_ASN1(list, LTC_MACRO_temp##__LINE__, LTC_ASN1_CUSTOM_TYPE, Data, 1); \ |
556 | __LTC_SET_ASN1_IDENTIFIER(list, LTC_MACRO_temp##__LINE__, Class, LTC_ASN1_PC_CONSTRUCTED, Tag); \ | |
556 | LTC_SET_ASN1_IDENTIFIER(list, LTC_MACRO_temp##__LINE__, Class, LTC_ASN1_PC_CONSTRUCTED, Tag); \ | |
557 | 557 | } while (0) |
558 | 558 | |
559 | 559 | #define LTC_SET_ASN1_CUSTOM_PRIMITIVE(list, index, Class, Tag, Type, Data, Size) \ |
560 | 560 | do { \ |
561 | 561 | int LTC_MACRO_temp##__LINE__ = (index); \ |
562 | 562 | LTC_SET_ASN1(list, LTC_MACRO_temp##__LINE__, LTC_ASN1_CUSTOM_TYPE, Data, Size); \ |
563 | __LTC_SET_ASN1_IDENTIFIER(list, LTC_MACRO_temp##__LINE__, Class, LTC_ASN1_PC_PRIMITIVE, Tag); \ | |
563 | LTC_SET_ASN1_IDENTIFIER(list, LTC_MACRO_temp##__LINE__, Class, LTC_ASN1_PC_PRIMITIVE, Tag); \ | |
564 | 564 | list[LTC_MACRO_temp##__LINE__].used = (int)(Type); \ |
565 | 565 | } while (0) |
566 | 566 |
89 | 89 | if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \ |
90 | 90 | return CRYPT_INVALID_ARG; \ |
91 | 91 | } \ |
92 | if ((md-> state_var .length + inlen) < md-> state_var .length) { \ | |
92 | if ((md-> state_var .length + inlen * 8) < md-> state_var .length) { \ | |
93 | 93 | return CRYPT_HASH_OVERFLOW; \ |
94 | 94 | } \ |
95 | 95 | while (inlen > 0) { \ |
416 | 416 | |
417 | 417 | /* tomcrypt_prng.h */ |
418 | 418 | |
419 | #define _LTC_PRNG_EXPORT(which) \ | |
419 | #define LTC_PRNG_EXPORT(which) \ | |
420 | 420 | int which ## _export(unsigned char *out, unsigned long *outlen, prng_state *prng) \ |
421 | 421 | { \ |
422 | 422 | unsigned long len = which ## _desc.export_size; \ |
8 | 8 | |
9 | 9 | #ifdef LTC_PELICAN |
10 | 10 | |
11 | #define __LTC_AES_TAB_C__ | |
11 | #define LTC_AES_TAB_C | |
12 | 12 | #define ENCRYPT_ONLY |
13 | 13 | #define PELI_TAB |
14 | 14 | #include "../../ciphers/aes/aes_tab.c" |
44 | 44 | return CRYPT_OK; |
45 | 45 | } |
46 | 46 | |
47 | static void _four_rounds(pelican_state *pelmac) | |
47 | static void s_four_rounds(pelican_state *pelmac) | |
48 | 48 | { |
49 | 49 | ulong32 s0, s1, s2, s3, t0, t1, t2, t3; |
50 | 50 | int r; |
107 | 107 | for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { |
108 | 108 | *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pelmac->state + x)) ^= *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)in + x)); |
109 | 109 | } |
110 | _four_rounds(pelmac); | |
110 | s_four_rounds(pelmac); | |
111 | 111 | in += 16; |
112 | 112 | inlen -= 16; |
113 | 113 | } |
117 | 117 | while (inlen--) { |
118 | 118 | pelmac->state[pelmac->buflen++] ^= *in++; |
119 | 119 | if (pelmac->buflen == 16) { |
120 | _four_rounds(pelmac); | |
120 | s_four_rounds(pelmac); | |
121 | 121 | pelmac->buflen = 0; |
122 | 122 | } |
123 | 123 | } |
141 | 141 | } |
142 | 142 | |
143 | 143 | if (pelmac->buflen == 16) { |
144 | _four_rounds(pelmac); | |
144 | s_four_rounds(pelmac); | |
145 | 145 | pelmac->buflen = 0; |
146 | 146 | } |
147 | 147 | pelmac->state[pelmac->buflen++] ^= 0x80; |
10 | 10 | #ifdef LTC_POLY1305 |
11 | 11 | |
12 | 12 | /* internal only */ |
13 | static void _poly1305_block(poly1305_state *st, const unsigned char *in, unsigned long inlen) | |
13 | static void s_poly1305_block(poly1305_state *st, const unsigned char *in, unsigned long inlen) | |
14 | 14 | { |
15 | 15 | const unsigned long hibit = (st->final) ? 0 : (1UL << 24); /* 1 << 128 */ |
16 | 16 | ulong32 r0,r1,r2,r3,r4; |
134 | 134 | in += want; |
135 | 135 | st->leftover += want; |
136 | 136 | if (st->leftover < 16) return CRYPT_OK; |
137 | _poly1305_block(st, st->buffer, 16); | |
137 | s_poly1305_block(st, st->buffer, 16); | |
138 | 138 | st->leftover = 0; |
139 | 139 | } |
140 | 140 | |
141 | 141 | /* process full blocks */ |
142 | 142 | if (inlen >= 16) { |
143 | 143 | unsigned long want = (inlen & ~(16 - 1)); |
144 | _poly1305_block(st, in, want); | |
144 | s_poly1305_block(st, in, want); | |
145 | 145 | in += want; |
146 | 146 | inlen -= want; |
147 | 147 | } |
179 | 179 | st->buffer[i++] = 1; |
180 | 180 | for (; i < 16; i++) st->buffer[i] = 0; |
181 | 181 | st->final = 1; |
182 | _poly1305_block(st, st->buffer, 16); | |
182 | s_poly1305_block(st, st->buffer, 16); | |
183 | 183 | } |
184 | 184 | |
185 | 185 | /* fully carry h */ |
565 | 565 | }; |
566 | 566 | |
567 | 567 | /* find a hole and free as required, return -1 if no hole found */ |
568 | static int _find_hole(void) | |
568 | static int s_find_hole(void) | |
569 | 569 | { |
570 | 570 | unsigned x; |
571 | 571 | int y, z; |
601 | 601 | } |
602 | 602 | |
603 | 603 | /* determine if a base is already in the cache and if so, where */ |
604 | static int _find_base(ecc_point *g) | |
604 | static int s_find_base(ecc_point *g) | |
605 | 605 | { |
606 | 606 | int x; |
607 | 607 | for (x = 0; x < FP_ENTRIES; x++) { |
619 | 619 | } |
620 | 620 | |
621 | 621 | /* add a new base to the cache */ |
622 | static int _add_entry(int idx, ecc_point *g) | |
622 | static int s_add_entry(int idx, ecc_point *g) | |
623 | 623 | { |
624 | 624 | unsigned x, y; |
625 | 625 | |
661 | 661 | * The algorithm builds patterns in increasing bit order by first making all |
662 | 662 | * single bit input patterns, then all two bit input patterns and so on |
663 | 663 | */ |
664 | static int _build_lut(int idx, void *a, void *modulus, void *mp, void *mu) | |
664 | static int s_build_lut(int idx, void *a, void *modulus, void *mp, void *mu) | |
665 | 665 | { |
666 | 666 | unsigned x, y, err, bitlen, lut_gap; |
667 | 667 | void *tmp; |
768 | 768 | } |
769 | 769 | |
770 | 770 | /* perform a fixed point ECC mulmod */ |
771 | static int _accel_fp_mul(int idx, void *k, ecc_point *R, void *a, void *modulus, void *mp, int map) | |
771 | static int s_accel_fp_mul(int idx, void *k, ecc_point *R, void *a, void *modulus, void *mp, int map) | |
772 | 772 | { |
773 | 773 | unsigned char kb[128]; |
774 | 774 | int x; |
891 | 891 | |
892 | 892 | #ifdef LTC_ECC_SHAMIR |
893 | 893 | /* perform a fixed point ECC mulmod */ |
894 | static int _accel_fp_mul2add(int idx1, int idx2, | |
894 | static int ss_accel_fp_mul2add(int idx1, int idx2, | |
895 | 895 | void *kA, void *kB, |
896 | 896 | ecc_point *R, void *a, void *modulus, void *mp) |
897 | 897 | { |
1114 | 1114 | mu = NULL; |
1115 | 1115 | LTC_MUTEX_LOCK(<c_ecc_fp_lock); |
1116 | 1116 | /* find point */ |
1117 | idx1 = _find_base(A); | |
1117 | idx1 = s_find_base(A); | |
1118 | 1118 | |
1119 | 1119 | /* no entry? */ |
1120 | 1120 | if (idx1 == -1) { |
1121 | 1121 | /* find hole and add it */ |
1122 | if ((idx1 = _find_hole()) >= 0) { | |
1123 | if ((err = _add_entry(idx1, A)) != CRYPT_OK) { | |
1122 | if ((idx1 = s_find_hole()) >= 0) { | |
1123 | if ((err = s_add_entry(idx1, A)) != CRYPT_OK) { | |
1124 | 1124 | goto LBL_ERR; |
1125 | 1125 | } |
1126 | 1126 | } |
1131 | 1131 | } |
1132 | 1132 | |
1133 | 1133 | /* find point */ |
1134 | idx2 = _find_base(B); | |
1134 | idx2 = s_find_base(B); | |
1135 | 1135 | |
1136 | 1136 | /* no entry? */ |
1137 | 1137 | if (idx2 == -1) { |
1138 | 1138 | /* find hole and add it */ |
1139 | if ((idx2 = _find_hole()) >= 0) { | |
1140 | if ((err = _add_entry(idx2, B)) != CRYPT_OK) { | |
1139 | if ((idx2 = s_find_hole()) >= 0) { | |
1140 | if ((err = s_add_entry(idx2, B)) != CRYPT_OK) { | |
1141 | 1141 | goto LBL_ERR; |
1142 | 1142 | } |
1143 | 1143 | } |
1161 | 1161 | } |
1162 | 1162 | |
1163 | 1163 | /* build the LUT */ |
1164 | if ((err = _build_lut(idx1, a, modulus, mp, mu)) != CRYPT_OK) { | |
1164 | if ((err = s_build_lut(idx1, a, modulus, mp, mu)) != CRYPT_OK) { | |
1165 | 1165 | goto LBL_ERR;; |
1166 | 1166 | } |
1167 | 1167 | } |
1182 | 1182 | } |
1183 | 1183 | |
1184 | 1184 | /* build the LUT */ |
1185 | if ((err = _build_lut(idx2, a, modulus, mp, mu)) != CRYPT_OK) { | |
1185 | if ((err = s_build_lut(idx2, a, modulus, mp, mu)) != CRYPT_OK) { | |
1186 | 1186 | goto LBL_ERR;; |
1187 | 1187 | } |
1188 | 1188 | } |
1193 | 1193 | /* compute mp */ |
1194 | 1194 | if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto LBL_ERR; } |
1195 | 1195 | } |
1196 | err = _accel_fp_mul2add(idx1, idx2, kA, kB, C, a, modulus, mp); | |
1196 | err = ss_accel_fp_mul2add(idx1, idx2, kA, kB, C, a, modulus, mp); | |
1197 | 1197 | } else { |
1198 | 1198 | err = ltc_ecc_mul2add(A, kA, B, kB, C, a, modulus); |
1199 | 1199 | } |
1227 | 1227 | mu = NULL; |
1228 | 1228 | LTC_MUTEX_LOCK(<c_ecc_fp_lock); |
1229 | 1229 | /* find point */ |
1230 | idx = _find_base(G); | |
1230 | idx = s_find_base(G); | |
1231 | 1231 | |
1232 | 1232 | /* no entry? */ |
1233 | 1233 | if (idx == -1) { |
1234 | 1234 | /* find hole and add it */ |
1235 | idx = _find_hole(); | |
1235 | idx = s_find_hole(); | |
1236 | 1236 | |
1237 | 1237 | if (idx >= 0) { |
1238 | if ((err = _add_entry(idx, G)) != CRYPT_OK) { | |
1238 | if ((err = s_add_entry(idx, G)) != CRYPT_OK) { | |
1239 | 1239 | goto LBL_ERR; |
1240 | 1240 | } |
1241 | 1241 | } |
1260 | 1260 | } |
1261 | 1261 | |
1262 | 1262 | /* build the LUT */ |
1263 | if ((err = _build_lut(idx, a, modulus, mp, mu)) != CRYPT_OK) { | |
1263 | if ((err = s_build_lut(idx, a, modulus, mp, mu)) != CRYPT_OK) { | |
1264 | 1264 | goto LBL_ERR;; |
1265 | 1265 | } |
1266 | 1266 | } |
1270 | 1270 | /* compute mp */ |
1271 | 1271 | if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto LBL_ERR; } |
1272 | 1272 | } |
1273 | err = _accel_fp_mul(idx, k, R, a, modulus, mp, map); | |
1273 | err = s_accel_fp_mul(idx, k, R, a, modulus, mp, map); | |
1274 | 1274 | } else { |
1275 | 1275 | err = ltc_ecc_mulmod(k, G, R, a, modulus, map); |
1276 | 1276 | } |
1286 | 1286 | } |
1287 | 1287 | |
1288 | 1288 | /* helper function for freeing the cache ... must be called with the cache mutex locked */ |
1289 | static void _ltc_ecc_fp_free_cache(void) | |
1289 | static void s_ltc_ecc_fp_free_cache(void) | |
1290 | 1290 | { |
1291 | 1291 | unsigned x, y; |
1292 | 1292 | for (x = 0; x < FP_ENTRIES; x++) { |
1311 | 1311 | void ltc_ecc_fp_free(void) |
1312 | 1312 | { |
1313 | 1313 | LTC_MUTEX_LOCK(<c_ecc_fp_lock); |
1314 | _ltc_ecc_fp_free_cache(); | |
1314 | s_ltc_ecc_fp_free_cache(); | |
1315 | 1315 | LTC_MUTEX_UNLOCK(<c_ecc_fp_lock); |
1316 | 1316 | } |
1317 | 1317 | |
1330 | 1330 | void *mu = NULL; |
1331 | 1331 | |
1332 | 1332 | LTC_MUTEX_LOCK(<c_ecc_fp_lock); |
1333 | if ((idx = _find_base(g)) >= 0) { | |
1333 | if ((idx = s_find_base(g)) >= 0) { | |
1334 | 1334 | /* it is already in the cache ... just check that the LUT is initialized */ |
1335 | 1335 | if(fp_cache[idx].lru_count >= 2) { |
1336 | 1336 | LTC_MUTEX_UNLOCK(<c_ecc_fp_lock); |
1338 | 1338 | } |
1339 | 1339 | } |
1340 | 1340 | |
1341 | if(idx == -1 && (idx = _find_hole()) == -1) { | |
1341 | if(idx == -1 && (idx = s_find_hole()) == -1) { | |
1342 | 1342 | err = CRYPT_BUFFER_OVERFLOW; |
1343 | 1343 | goto LBL_ERR; |
1344 | 1344 | } |
1345 | if ((err = _add_entry(idx, g)) != CRYPT_OK) { | |
1345 | if ((err = s_add_entry(idx, g)) != CRYPT_OK) { | |
1346 | 1346 | goto LBL_ERR; |
1347 | 1347 | } |
1348 | 1348 | /* compute mp */ |
1359 | 1359 | } |
1360 | 1360 | |
1361 | 1361 | /* build the LUT */ |
1362 | if ((err = _build_lut(idx, a, modulus, mp, mu)) != CRYPT_OK) { | |
1362 | if ((err = s_build_lut(idx, a, modulus, mp, mu)) != CRYPT_OK) { | |
1363 | 1363 | goto LBL_ERR; |
1364 | 1364 | } |
1365 | 1365 | fp_cache[idx].lru_count = 2; |
1497 | 1497 | /* |
1498 | 1498 | * start with an empty cache |
1499 | 1499 | */ |
1500 | _ltc_ecc_fp_free_cache(); | |
1500 | s_ltc_ecc_fp_free_cache(); | |
1501 | 1501 | |
1502 | 1502 | /* |
1503 | 1503 | * decode the input packet: It consists of a sequence with a few |
1567 | 1567 | ERR_OUT: |
1568 | 1568 | if(asn1_list) |
1569 | 1569 | XFREE(asn1_list); |
1570 | _ltc_ecc_fp_free_cache(); | |
1570 | s_ltc_ecc_fp_free_cache(); | |
1571 | 1571 | LTC_MUTEX_UNLOCK(<c_ecc_fp_lock); |
1572 | 1572 | return err; |
1573 | 1573 | } |
18 | 18 | if ((res = prng_is_valid(wprng)) != CRYPT_OK) return res; |
19 | 19 | |
20 | 20 | bytes = (bits+7) >> 3; |
21 | mask = 0xff << (8 - bits % 8); | |
21 | mask = 0xff >> (bits % 8 == 0 ? 0 : 8 - bits % 8); | |
22 | 22 | |
23 | 23 | /* allocate buffer */ |
24 | 24 | if ((buf = XCALLOC(1, bytes)) == NULL) return CRYPT_MEM; |
29 | 29 | goto cleanup; |
30 | 30 | } |
31 | 31 | /* mask bits */ |
32 | buf[0] &= ~mask; | |
32 | buf[0] &= mask; | |
33 | 33 | /* load value */ |
34 | 34 | if ((res = mp_read_unsigned_bin(N, buf, bytes)) != CRYPT_OK) goto cleanup; |
35 | 35 |
9 | 9 | */ |
10 | 10 | #ifdef LTC_ADLER32 |
11 | 11 | |
12 | static const unsigned long _adler32_base = 65521; | |
12 | static const unsigned long s_adler32_base = 65521; | |
13 | 13 | |
14 | 14 | void adler32_init(adler32_state *ctx) |
15 | 15 | { |
34 | 34 | length--; |
35 | 35 | } while (length % 8 != 0); |
36 | 36 | |
37 | if (s1 >= _adler32_base) { | |
38 | s1 -= _adler32_base; | |
37 | if (s1 >= s_adler32_base) { | |
38 | s1 -= s_adler32_base; | |
39 | 39 | } |
40 | s2 %= _adler32_base; | |
40 | s2 %= s_adler32_base; | |
41 | 41 | } |
42 | 42 | |
43 | 43 | while (length > 0) { |
61 | 61 | length -= 8; |
62 | 62 | input += 8; |
63 | 63 | |
64 | if (s1 >= _adler32_base) { | |
65 | s1 -= _adler32_base; | |
64 | if (s1 >= s_adler32_base) { | |
65 | s1 -= s_adler32_base; | |
66 | 66 | } |
67 | s2 %= _adler32_base; | |
67 | s2 %= s_adler32_base; | |
68 | 68 | } |
69 | 69 | |
70 | LTC_ARGCHKVD(s1 < _adler32_base); | |
71 | LTC_ARGCHKVD(s2 < _adler32_base); | |
70 | LTC_ARGCHKVD(s1 < s_adler32_base); | |
71 | LTC_ARGCHKVD(s2 < s_adler32_base); | |
72 | 72 | |
73 | 73 | ctx->s[0] = (unsigned short)s1; |
74 | 74 | ctx->s[1] = (unsigned short)s2; |
74 | 74 | relaxed = 2 |
75 | 75 | }; |
76 | 76 | |
77 | static int _base64_decode_internal(const char *in, unsigned long inlen, | |
77 | static int s_base64_decode_internal(const char *in, unsigned long inlen, | |
78 | 78 | unsigned char *out, unsigned long *outlen, |
79 | 79 | const unsigned char *map, int mode) |
80 | 80 | { |
148 | 148 | int base64_decode(const char *in, unsigned long inlen, |
149 | 149 | unsigned char *out, unsigned long *outlen) |
150 | 150 | { |
151 | return _base64_decode_internal(in, inlen, out, outlen, map_base64, insane); | |
151 | return s_base64_decode_internal(in, inlen, out, outlen, map_base64, insane); | |
152 | 152 | } |
153 | 153 | |
154 | 154 | /** |
162 | 162 | int base64_strict_decode(const char *in, unsigned long inlen, |
163 | 163 | unsigned char *out, unsigned long *outlen) |
164 | 164 | { |
165 | return _base64_decode_internal(in, inlen, out, outlen, map_base64, strict); | |
165 | return s_base64_decode_internal(in, inlen, out, outlen, map_base64, strict); | |
166 | 166 | } |
167 | 167 | |
168 | 168 | /** |
176 | 176 | int base64_sane_decode(const char *in, unsigned long inlen, |
177 | 177 | unsigned char *out, unsigned long *outlen) |
178 | 178 | { |
179 | return _base64_decode_internal(in, inlen, out, outlen, map_base64, relaxed); | |
179 | return s_base64_decode_internal(in, inlen, out, outlen, map_base64, relaxed); | |
180 | 180 | } |
181 | 181 | #endif /* LTC_BASE64 */ |
182 | 182 | |
192 | 192 | int base64url_decode(const char *in, unsigned long inlen, |
193 | 193 | unsigned char *out, unsigned long *outlen) |
194 | 194 | { |
195 | return _base64_decode_internal(in, inlen, out, outlen, map_base64url, insane); | |
195 | return s_base64_decode_internal(in, inlen, out, outlen, map_base64url, insane); | |
196 | 196 | } |
197 | 197 | |
198 | 198 | /** |
206 | 206 | int base64url_strict_decode(const char *in, unsigned long inlen, |
207 | 207 | unsigned char *out, unsigned long *outlen) |
208 | 208 | { |
209 | return _base64_decode_internal(in, inlen, out, outlen, map_base64url, strict); | |
209 | return s_base64_decode_internal(in, inlen, out, outlen, map_base64url, strict); | |
210 | 210 | } |
211 | 211 | |
212 | 212 | /** |
220 | 220 | int base64url_sane_decode(const char *in, unsigned long inlen, |
221 | 221 | unsigned char *out, unsigned long *outlen) |
222 | 222 | { |
223 | return _base64_decode_internal(in, inlen, out, outlen, map_base64url, relaxed); | |
223 | return s_base64_decode_internal(in, inlen, out, outlen, map_base64url, relaxed); | |
224 | 224 | } |
225 | 225 | #endif /* LTC_BASE64_URL */ |
226 | 226 |
20 | 20 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; |
21 | 21 | #endif /* LTC_BASE64_URL */ |
22 | 22 | |
23 | static int _base64_encode_internal(const unsigned char *in, unsigned long inlen, | |
23 | static int s_base64_encode_internal(const unsigned char *in, unsigned long inlen, | |
24 | 24 | char *out, unsigned long *outlen, |
25 | 25 | const char *codes, int pad) |
26 | 26 | { |
82 | 82 | int base64_encode(const unsigned char *in, unsigned long inlen, |
83 | 83 | char *out, unsigned long *outlen) |
84 | 84 | { |
85 | return _base64_encode_internal(in, inlen, out, outlen, codes_base64, 1); | |
85 | return s_base64_encode_internal(in, inlen, out, outlen, codes_base64, 1); | |
86 | 86 | } |
87 | 87 | #endif /* LTC_BASE64 */ |
88 | 88 | |
99 | 99 | int base64url_encode(const unsigned char *in, unsigned long inlen, |
100 | 100 | char *out, unsigned long *outlen) |
101 | 101 | { |
102 | return _base64_encode_internal(in, inlen, out, outlen, codes_base64url, 0); | |
102 | return s_base64_encode_internal(in, inlen, out, outlen, codes_base64url, 0); | |
103 | 103 | } |
104 | 104 | |
105 | 105 | int base64url_strict_encode(const unsigned char *in, unsigned long inlen, |
106 | 106 | char *out, unsigned long *outlen) |
107 | 107 | { |
108 | return _base64_encode_internal(in, inlen, out, outlen, codes_base64url, 1); | |
108 | return s_base64_encode_internal(in, inlen, out, outlen, codes_base64url, 1); | |
109 | 109 | } |
110 | 110 | #endif /* LTC_BASE64_URL */ |
111 | 111 |
10 | 10 | #define BCRYPT_WORDS 8 |
11 | 11 | #define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4) |
12 | 12 | |
13 | static int _bcrypt_hash(const unsigned char *pt, | |
13 | static int s_bcrypt_hash(const unsigned char *pt, | |
14 | 14 | const unsigned char *pass, unsigned long passlen, |
15 | 15 | const unsigned char *salt, unsigned long saltlen, |
16 | 16 | unsigned char *out, unsigned long *outlen) |
51 | 51 | return CRYPT_OK; |
52 | 52 | } |
53 | 53 | |
54 | static int _bcrypt_pbkdf_hash(const unsigned char *pass, unsigned long passlen, | |
54 | static int s_bcrypt_pbkdf_hash(const unsigned char *pass, unsigned long passlen, | |
55 | 55 | const unsigned char *salt, unsigned long saltlen, |
56 | 56 | unsigned char *out, unsigned long *outlen) |
57 | 57 | { |
58 | 58 | const unsigned char pt[] = "OxychromaticBlowfishSwatDynamite"; |
59 | return _bcrypt_hash(pt, pass, passlen, salt, saltlen, out, outlen); | |
59 | return s_bcrypt_hash(pt, pass, passlen, salt, saltlen, out, outlen); | |
60 | 60 | } |
61 | 61 | |
62 | 62 | /** |
142 | 142 | goto LBL_ERR; |
143 | 143 | } |
144 | 144 | y = MAXBLOCKSIZE; |
145 | if ((err = _bcrypt_pbkdf_hash(hashed_pass, hashed_pass_len, buf[0], x, buf[1], &y)) != CRYPT_OK) { | |
145 | if ((err = s_bcrypt_pbkdf_hash(hashed_pass, hashed_pass_len, buf[0], x, buf[1], &y)) != CRYPT_OK) { | |
146 | 146 | goto LBL_ERR; |
147 | 147 | } |
148 | 148 | XMEMCPY(buf[2], buf[1], y); |
154 | 154 | goto LBL_ERR; |
155 | 155 | } |
156 | 156 | y = MAXBLOCKSIZE; |
157 | if ((err = _bcrypt_pbkdf_hash(hashed_pass, hashed_pass_len, buf[0], x, buf[1], &y)) != CRYPT_OK) { | |
157 | if ((err = s_bcrypt_pbkdf_hash(hashed_pass, hashed_pass_len, buf[0], x, buf[1], &y)) != CRYPT_OK) { | |
158 | 158 | goto LBL_ERR; |
159 | 159 | } |
160 | 160 | for (x = 0; x < y; x++) { |
8 | 8 | */ |
9 | 9 | |
10 | 10 | #if defined(LTC_TEST) && defined(LTC_TEST_DBG) |
11 | static void _print_hex(const char* what, const void* v, const unsigned long l) | |
11 | static void s_print_hex(const char* what, const void* v, const unsigned long l) | |
12 | 12 | { |
13 | 13 | const unsigned char* p = v; |
14 | 14 | unsigned long x, y = 0, z; |
64 | 64 | #if defined(LTC_TEST) && defined(LTC_TEST_DBG) |
65 | 65 | if (res != 0) { |
66 | 66 | fprintf(stderr, "Testvector #%i of %s failed:\n", which, what); |
67 | _print_hex("SHOULD", should, should_len); | |
68 | _print_hex("IS ", is, is_len); | |
67 | s_print_hex("SHOULD", should, should_len); | |
68 | s_print_hex("IS ", is, is_len); | |
69 | 69 | #if LTC_TEST_DBG > 1 |
70 | 70 | } else { |
71 | 71 | fprintf(stderr, "Testvector #%i of %s passed!\n", which, what); |
9 | 9 | */ |
10 | 10 | #ifdef LTC_CRC32 |
11 | 11 | |
12 | static const ulong32 _CRC32_NEGL = 0xffffffffUL; | |
12 | static const ulong32 CRC32_NEGL = 0xffffffffUL; | |
13 | 13 | |
14 | 14 | #if defined(ENDIAN_LITTLE) |
15 | 15 | #define CRC32_INDEX(c) (c & 0xff) |
136 | 136 | void crc32_init(crc32_state *ctx) |
137 | 137 | { |
138 | 138 | LTC_ARGCHKVD(ctx != NULL); |
139 | ctx->crc = _CRC32_NEGL; | |
139 | ctx->crc = CRC32_NEGL; | |
140 | 140 | } |
141 | 141 | |
142 | 142 | void crc32_update(crc32_state *ctx, const unsigned char *input, unsigned long length) |
163 | 163 | |
164 | 164 | h = hash; |
165 | 165 | crc = ctx->crc; |
166 | crc ^= _CRC32_NEGL; | |
166 | crc ^= CRC32_NEGL; | |
167 | 167 | |
168 | 168 | if (size > 4) size = 4; |
169 | 169 | for (i = 0; i < size; i++) { |
16 | 16 | const int value; |
17 | 17 | } crypt_constant; |
18 | 18 | |
19 | #define _C_STRINGIFY(s) { #s, s } | |
20 | ||
21 | static const crypt_constant _crypt_constants[] = { | |
22 | ||
23 | _C_STRINGIFY(CRYPT_OK), | |
24 | _C_STRINGIFY(CRYPT_ERROR), | |
25 | _C_STRINGIFY(CRYPT_NOP), | |
26 | _C_STRINGIFY(CRYPT_INVALID_KEYSIZE), | |
27 | _C_STRINGIFY(CRYPT_INVALID_ROUNDS), | |
28 | _C_STRINGIFY(CRYPT_FAIL_TESTVECTOR), | |
29 | _C_STRINGIFY(CRYPT_BUFFER_OVERFLOW), | |
30 | _C_STRINGIFY(CRYPT_INVALID_PACKET), | |
31 | _C_STRINGIFY(CRYPT_INVALID_PRNGSIZE), | |
32 | _C_STRINGIFY(CRYPT_ERROR_READPRNG), | |
33 | _C_STRINGIFY(CRYPT_INVALID_CIPHER), | |
34 | _C_STRINGIFY(CRYPT_INVALID_HASH), | |
35 | _C_STRINGIFY(CRYPT_INVALID_PRNG), | |
36 | _C_STRINGIFY(CRYPT_MEM), | |
37 | _C_STRINGIFY(CRYPT_PK_TYPE_MISMATCH), | |
38 | _C_STRINGIFY(CRYPT_PK_NOT_PRIVATE), | |
39 | _C_STRINGIFY(CRYPT_INVALID_ARG), | |
40 | _C_STRINGIFY(CRYPT_FILE_NOTFOUND), | |
41 | _C_STRINGIFY(CRYPT_PK_INVALID_TYPE), | |
42 | _C_STRINGIFY(CRYPT_OVERFLOW), | |
43 | _C_STRINGIFY(CRYPT_PK_ASN1_ERROR), | |
44 | _C_STRINGIFY(CRYPT_INPUT_TOO_LONG), | |
45 | _C_STRINGIFY(CRYPT_PK_INVALID_SIZE), | |
46 | _C_STRINGIFY(CRYPT_INVALID_PRIME_SIZE), | |
47 | _C_STRINGIFY(CRYPT_PK_INVALID_PADDING), | |
48 | _C_STRINGIFY(CRYPT_HASH_OVERFLOW), | |
49 | ||
50 | _C_STRINGIFY(PK_PUBLIC), | |
51 | _C_STRINGIFY(PK_PRIVATE), | |
52 | ||
53 | _C_STRINGIFY(LTC_ENCRYPT), | |
54 | _C_STRINGIFY(LTC_DECRYPT), | |
19 | #define C_STRINGIFY(s) { #s, s } | |
20 | ||
21 | static const crypt_constant s_crypt_constants[] = { | |
22 | ||
23 | C_STRINGIFY(CRYPT_OK), | |
24 | C_STRINGIFY(CRYPT_ERROR), | |
25 | C_STRINGIFY(CRYPT_NOP), | |
26 | C_STRINGIFY(CRYPT_INVALID_KEYSIZE), | |
27 | C_STRINGIFY(CRYPT_INVALID_ROUNDS), | |
28 | C_STRINGIFY(CRYPT_FAIL_TESTVECTOR), | |
29 | C_STRINGIFY(CRYPT_BUFFER_OVERFLOW), | |
30 | C_STRINGIFY(CRYPT_INVALID_PACKET), | |
31 | C_STRINGIFY(CRYPT_INVALID_PRNGSIZE), | |
32 | C_STRINGIFY(CRYPT_ERROR_READPRNG), | |
33 | C_STRINGIFY(CRYPT_INVALID_CIPHER), | |
34 | C_STRINGIFY(CRYPT_INVALID_HASH), | |
35 | C_STRINGIFY(CRYPT_INVALID_PRNG), | |
36 | C_STRINGIFY(CRYPT_MEM), | |
37 | C_STRINGIFY(CRYPT_PK_TYPE_MISMATCH), | |
38 | C_STRINGIFY(CRYPT_PK_NOT_PRIVATE), | |
39 | C_STRINGIFY(CRYPT_INVALID_ARG), | |
40 | C_STRINGIFY(CRYPT_FILE_NOTFOUND), | |
41 | C_STRINGIFY(CRYPT_PK_INVALID_TYPE), | |
42 | C_STRINGIFY(CRYPT_OVERFLOW), | |
43 | C_STRINGIFY(CRYPT_PK_ASN1_ERROR), | |
44 | C_STRINGIFY(CRYPT_INPUT_TOO_LONG), | |
45 | C_STRINGIFY(CRYPT_PK_INVALID_SIZE), | |
46 | C_STRINGIFY(CRYPT_INVALID_PRIME_SIZE), | |
47 | C_STRINGIFY(CRYPT_PK_INVALID_PADDING), | |
48 | C_STRINGIFY(CRYPT_HASH_OVERFLOW), | |
49 | ||
50 | C_STRINGIFY(PK_PUBLIC), | |
51 | C_STRINGIFY(PK_PRIVATE), | |
52 | ||
53 | C_STRINGIFY(LTC_ENCRYPT), | |
54 | C_STRINGIFY(LTC_DECRYPT), | |
55 | 55 | |
56 | 56 | #ifdef LTC_PKCS_1 |
57 | 57 | {"LTC_PKCS_1", 1}, |
58 | 58 | /* Block types */ |
59 | _C_STRINGIFY(LTC_PKCS_1_EMSA), | |
60 | _C_STRINGIFY(LTC_PKCS_1_EME), | |
59 | C_STRINGIFY(LTC_PKCS_1_EMSA), | |
60 | C_STRINGIFY(LTC_PKCS_1_EME), | |
61 | 61 | |
62 | 62 | /* Padding types */ |
63 | _C_STRINGIFY(LTC_PKCS_1_V1_5), | |
64 | _C_STRINGIFY(LTC_PKCS_1_OAEP), | |
65 | _C_STRINGIFY(LTC_PKCS_1_PSS), | |
66 | _C_STRINGIFY(LTC_PKCS_1_V1_5_NA1), | |
63 | C_STRINGIFY(LTC_PKCS_1_V1_5), | |
64 | C_STRINGIFY(LTC_PKCS_1_OAEP), | |
65 | C_STRINGIFY(LTC_PKCS_1_PSS), | |
66 | C_STRINGIFY(LTC_PKCS_1_V1_5_NA1), | |
67 | 67 | #else |
68 | 68 | {"LTC_PKCS_1", 0}, |
69 | 69 | #endif |
71 | 71 | #ifdef LTC_PADDING |
72 | 72 | {"LTC_PADDING", 1}, |
73 | 73 | |
74 | _C_STRINGIFY(LTC_PAD_PKCS7), | |
74 | C_STRINGIFY(LTC_PAD_PKCS7), | |
75 | 75 | #ifdef LTC_RNG_GET_BYTES |
76 | _C_STRINGIFY(LTC_PAD_ISO_10126), | |
77 | #endif | |
78 | _C_STRINGIFY(LTC_PAD_ANSI_X923), | |
79 | _C_STRINGIFY(LTC_PAD_ONE_AND_ZERO), | |
80 | _C_STRINGIFY(LTC_PAD_ZERO), | |
81 | _C_STRINGIFY(LTC_PAD_ZERO_ALWAYS), | |
76 | C_STRINGIFY(LTC_PAD_ISO_10126), | |
77 | #endif | |
78 | C_STRINGIFY(LTC_PAD_ANSI_X923), | |
79 | C_STRINGIFY(LTC_PAD_ONE_AND_ZERO), | |
80 | C_STRINGIFY(LTC_PAD_ZERO), | |
81 | C_STRINGIFY(LTC_PAD_ZERO_ALWAYS), | |
82 | 82 | #else |
83 | 83 | {"LTC_PADDING", 0}, |
84 | 84 | #endif |
91 | 91 | |
92 | 92 | #ifdef LTC_MECC |
93 | 93 | {"LTC_MECC", 1}, |
94 | _C_STRINGIFY(ECC_BUF_SIZE), | |
95 | _C_STRINGIFY(ECC_MAXSIZE), | |
94 | C_STRINGIFY(ECC_BUF_SIZE), | |
95 | C_STRINGIFY(ECC_MAXSIZE), | |
96 | 96 | #else |
97 | 97 | {"LTC_MECC", 0}, |
98 | 98 | #endif |
99 | 99 | |
100 | 100 | #ifdef LTC_MDSA |
101 | 101 | {"LTC_MDSA", 1}, |
102 | _C_STRINGIFY(LTC_MDSA_DELTA), | |
103 | _C_STRINGIFY(LTC_MDSA_MAX_GROUP), | |
102 | C_STRINGIFY(LTC_MDSA_DELTA), | |
103 | C_STRINGIFY(LTC_MDSA_MAX_GROUP), | |
104 | 104 | #else |
105 | 105 | {"LTC_MDSA", 0}, |
106 | 106 | #endif |
107 | 107 | |
108 | 108 | #ifdef LTC_MILLER_RABIN_REPS |
109 | _C_STRINGIFY(LTC_MILLER_RABIN_REPS), | |
109 | C_STRINGIFY(LTC_MILLER_RABIN_REPS), | |
110 | 110 | #endif |
111 | 111 | |
112 | 112 | #ifdef LTC_DER |
113 | 113 | /* DER handling */ |
114 | 114 | {"LTC_DER", 1}, |
115 | _C_STRINGIFY(LTC_ASN1_EOL), | |
116 | _C_STRINGIFY(LTC_ASN1_BOOLEAN), | |
117 | _C_STRINGIFY(LTC_ASN1_INTEGER), | |
118 | _C_STRINGIFY(LTC_ASN1_SHORT_INTEGER), | |
119 | _C_STRINGIFY(LTC_ASN1_BIT_STRING), | |
120 | _C_STRINGIFY(LTC_ASN1_OCTET_STRING), | |
121 | _C_STRINGIFY(LTC_ASN1_NULL), | |
122 | _C_STRINGIFY(LTC_ASN1_OBJECT_IDENTIFIER), | |
123 | _C_STRINGIFY(LTC_ASN1_IA5_STRING), | |
124 | _C_STRINGIFY(LTC_ASN1_PRINTABLE_STRING), | |
125 | _C_STRINGIFY(LTC_ASN1_UTF8_STRING), | |
126 | _C_STRINGIFY(LTC_ASN1_UTCTIME), | |
127 | _C_STRINGIFY(LTC_ASN1_CHOICE), | |
128 | _C_STRINGIFY(LTC_ASN1_SEQUENCE), | |
129 | _C_STRINGIFY(LTC_ASN1_SET), | |
130 | _C_STRINGIFY(LTC_ASN1_SETOF), | |
131 | _C_STRINGIFY(LTC_ASN1_RAW_BIT_STRING), | |
132 | _C_STRINGIFY(LTC_ASN1_TELETEX_STRING), | |
133 | _C_STRINGIFY(LTC_ASN1_GENERALIZEDTIME), | |
134 | _C_STRINGIFY(LTC_ASN1_CUSTOM_TYPE), | |
135 | _C_STRINGIFY(LTC_DER_MAX_RECURSION), | |
115 | C_STRINGIFY(LTC_ASN1_EOL), | |
116 | C_STRINGIFY(LTC_ASN1_BOOLEAN), | |
117 | C_STRINGIFY(LTC_ASN1_INTEGER), | |
118 | C_STRINGIFY(LTC_ASN1_SHORT_INTEGER), | |
119 | C_STRINGIFY(LTC_ASN1_BIT_STRING), | |
120 | C_STRINGIFY(LTC_ASN1_OCTET_STRING), | |
121 | C_STRINGIFY(LTC_ASN1_NULL), | |
122 | C_STRINGIFY(LTC_ASN1_OBJECT_IDENTIFIER), | |
123 | C_STRINGIFY(LTC_ASN1_IA5_STRING), | |
124 | C_STRINGIFY(LTC_ASN1_PRINTABLE_STRING), | |
125 | C_STRINGIFY(LTC_ASN1_UTF8_STRING), | |
126 | C_STRINGIFY(LTC_ASN1_UTCTIME), | |
127 | C_STRINGIFY(LTC_ASN1_CHOICE), | |
128 | C_STRINGIFY(LTC_ASN1_SEQUENCE), | |
129 | C_STRINGIFY(LTC_ASN1_SET), | |
130 | C_STRINGIFY(LTC_ASN1_SETOF), | |
131 | C_STRINGIFY(LTC_ASN1_RAW_BIT_STRING), | |
132 | C_STRINGIFY(LTC_ASN1_TELETEX_STRING), | |
133 | C_STRINGIFY(LTC_ASN1_GENERALIZEDTIME), | |
134 | C_STRINGIFY(LTC_ASN1_CUSTOM_TYPE), | |
135 | C_STRINGIFY(LTC_DER_MAX_RECURSION), | |
136 | 136 | #else |
137 | 137 | {"LTC_DER", 0}, |
138 | 138 | #endif |
139 | 139 | |
140 | 140 | #ifdef LTC_CTR_MODE |
141 | 141 | {"LTC_CTR_MODE", 1}, |
142 | _C_STRINGIFY(CTR_COUNTER_LITTLE_ENDIAN), | |
143 | _C_STRINGIFY(CTR_COUNTER_BIG_ENDIAN), | |
144 | _C_STRINGIFY(LTC_CTR_RFC3686), | |
142 | C_STRINGIFY(CTR_COUNTER_LITTLE_ENDIAN), | |
143 | C_STRINGIFY(CTR_COUNTER_BIG_ENDIAN), | |
144 | C_STRINGIFY(LTC_CTR_RFC3686), | |
145 | 145 | #else |
146 | 146 | {"LTC_CTR_MODE", 0}, |
147 | 147 | #endif |
148 | 148 | #ifdef LTC_GCM_MODE |
149 | _C_STRINGIFY(LTC_GCM_MODE_IV), | |
150 | _C_STRINGIFY(LTC_GCM_MODE_AAD), | |
151 | _C_STRINGIFY(LTC_GCM_MODE_TEXT), | |
152 | #endif | |
153 | ||
154 | _C_STRINGIFY(LTC_MP_LT), | |
155 | _C_STRINGIFY(LTC_MP_EQ), | |
156 | _C_STRINGIFY(LTC_MP_GT), | |
157 | ||
158 | _C_STRINGIFY(LTC_MP_NO), | |
159 | _C_STRINGIFY(LTC_MP_YES), | |
160 | ||
161 | _C_STRINGIFY(MAXBLOCKSIZE), | |
162 | _C_STRINGIFY(TAB_SIZE), | |
163 | _C_STRINGIFY(ARGTYPE), | |
149 | C_STRINGIFY(LTC_GCM_MODE_IV), | |
150 | C_STRINGIFY(LTC_GCM_MODE_AAD), | |
151 | C_STRINGIFY(LTC_GCM_MODE_TEXT), | |
152 | #endif | |
153 | ||
154 | C_STRINGIFY(LTC_MP_LT), | |
155 | C_STRINGIFY(LTC_MP_EQ), | |
156 | C_STRINGIFY(LTC_MP_GT), | |
157 | ||
158 | C_STRINGIFY(LTC_MP_NO), | |
159 | C_STRINGIFY(LTC_MP_YES), | |
160 | ||
161 | C_STRINGIFY(MAXBLOCKSIZE), | |
162 | C_STRINGIFY(TAB_SIZE), | |
163 | C_STRINGIFY(ARGTYPE), | |
164 | 164 | |
165 | 165 | #ifdef LTM_DESC |
166 | 166 | {"LTM_DESC", 1}, |
228 | 228 | */ |
229 | 229 | int crypt_get_constant(const char* namein, int *valueout) { |
230 | 230 | int i; |
231 | int _crypt_constants_len = sizeof(_crypt_constants) / sizeof(_crypt_constants[0]); | |
232 | for (i=0; i<_crypt_constants_len; i++) { | |
233 | if (XSTRCMP(_crypt_constants[i].name, namein) == 0) { | |
234 | *valueout = _crypt_constants[i].value; | |
231 | int count = sizeof(s_crypt_constants) / sizeof(s_crypt_constants[0]); | |
232 | for (i=0; i<count; i++) { | |
233 | if (XSTRCMP(s_crypt_constants[i].name, namein) == 0) { | |
234 | *valueout = s_crypt_constants[i].value; | |
235 | 235 | return 0; |
236 | 236 | } |
237 | 237 | } |
253 | 253 | unsigned int total_len = 0; |
254 | 254 | char *ptr; |
255 | 255 | int number_len; |
256 | int count = sizeof(_crypt_constants) / sizeof(_crypt_constants[0]); | |
256 | int count = sizeof(s_crypt_constants) / sizeof(s_crypt_constants[0]); | |
257 | 257 | |
258 | 258 | /* calculate amount of memory required for the list */ |
259 | 259 | for (i=0; i<count; i++) { |
260 | number_len = snprintf(NULL, 0, "%s,%d\n", _crypt_constants[i].name, _crypt_constants[i].value); | |
260 | number_len = snprintf(NULL, 0, "%s,%d\n", s_crypt_constants[i].name, s_crypt_constants[i].value); | |
261 | 261 | if (number_len < 0) { |
262 | 262 | return -1; |
263 | 263 | } |
273 | 273 | /* build the names list */ |
274 | 274 | ptr = names_list; |
275 | 275 | for (i=0; i<count; i++) { |
276 | number_len = snprintf(ptr, total_len, "%s,%d\n", _crypt_constants[i].name, _crypt_constants[i].value); | |
276 | number_len = snprintf(ptr, total_len, "%s,%d\n", s_crypt_constants[i].name, s_crypt_constants[i].value); | |
277 | 277 | if (number_len < 0) return -1; |
278 | 278 | if ((unsigned int)number_len > total_len) return -1; |
279 | 279 | total_len -= number_len; |
16 | 16 | const unsigned int size; |
17 | 17 | } crypt_size; |
18 | 18 | |
19 | #define _SZ_STRINGIFY_S(s) { #s, sizeof(struct s) } | |
20 | #define _SZ_STRINGIFY_T(s) { #s, sizeof(s) } | |
21 | ||
22 | static const crypt_size _crypt_sizes[] = { | |
19 | #define SZ_STRINGIFY_S(s) { #s, sizeof(struct s) } | |
20 | #define SZ_STRINGIFY_T(s) { #s, sizeof(s) } | |
21 | ||
22 | static const crypt_size s_crypt_sizes[] = { | |
23 | 23 | /* hash state sizes */ |
24 | _SZ_STRINGIFY_S(ltc_hash_descriptor), | |
25 | _SZ_STRINGIFY_T(hash_state), | |
24 | SZ_STRINGIFY_S(ltc_hash_descriptor), | |
25 | SZ_STRINGIFY_T(hash_state), | |
26 | 26 | #ifdef LTC_CHC_HASH |
27 | _SZ_STRINGIFY_S(chc_state), | |
27 | SZ_STRINGIFY_S(chc_state), | |
28 | 28 | #endif |
29 | 29 | #ifdef LTC_WHIRLPOOL |
30 | _SZ_STRINGIFY_S(whirlpool_state), | |
30 | SZ_STRINGIFY_S(whirlpool_state), | |
31 | 31 | #endif |
32 | 32 | #ifdef LTC_SHA3 |
33 | _SZ_STRINGIFY_S(sha3_state), | |
33 | SZ_STRINGIFY_S(sha3_state), | |
34 | 34 | #endif |
35 | 35 | #ifdef LTC_SHA512 |
36 | _SZ_STRINGIFY_S(sha512_state), | |
36 | SZ_STRINGIFY_S(sha512_state), | |
37 | 37 | #endif |
38 | 38 | #ifdef LTC_SHA256 |
39 | _SZ_STRINGIFY_S(sha256_state), | |
39 | SZ_STRINGIFY_S(sha256_state), | |
40 | 40 | #endif |
41 | 41 | #ifdef LTC_SHA1 |
42 | _SZ_STRINGIFY_S(sha1_state), | |
42 | SZ_STRINGIFY_S(sha1_state), | |
43 | 43 | #endif |
44 | 44 | #ifdef LTC_MD5 |
45 | _SZ_STRINGIFY_S(md5_state), | |
45 | SZ_STRINGIFY_S(md5_state), | |
46 | 46 | #endif |
47 | 47 | #ifdef LTC_MD4 |
48 | _SZ_STRINGIFY_S(md4_state), | |
48 | SZ_STRINGIFY_S(md4_state), | |
49 | 49 | #endif |
50 | 50 | #ifdef LTC_MD2 |
51 | _SZ_STRINGIFY_S(md2_state), | |
51 | SZ_STRINGIFY_S(md2_state), | |
52 | 52 | #endif |
53 | 53 | #ifdef LTC_TIGER |
54 | _SZ_STRINGIFY_S(tiger_state), | |
54 | SZ_STRINGIFY_S(tiger_state), | |
55 | 55 | #endif |
56 | 56 | #ifdef LTC_RIPEMD128 |
57 | _SZ_STRINGIFY_S(rmd128_state), | |
57 | SZ_STRINGIFY_S(rmd128_state), | |
58 | 58 | #endif |
59 | 59 | #ifdef LTC_RIPEMD160 |
60 | _SZ_STRINGIFY_S(rmd160_state), | |
60 | SZ_STRINGIFY_S(rmd160_state), | |
61 | 61 | #endif |
62 | 62 | #ifdef LTC_RIPEMD256 |
63 | _SZ_STRINGIFY_S(rmd256_state), | |
63 | SZ_STRINGIFY_S(rmd256_state), | |
64 | 64 | #endif |
65 | 65 | #ifdef LTC_RIPEMD320 |
66 | _SZ_STRINGIFY_S(rmd320_state), | |
66 | SZ_STRINGIFY_S(rmd320_state), | |
67 | 67 | #endif |
68 | 68 | #ifdef LTC_BLAKE2S |
69 | _SZ_STRINGIFY_S(blake2s_state), | |
69 | SZ_STRINGIFY_S(blake2s_state), | |
70 | 70 | #endif |
71 | 71 | #ifdef LTC_BLAKE2B |
72 | _SZ_STRINGIFY_S(blake2b_state), | |
72 | SZ_STRINGIFY_S(blake2b_state), | |
73 | 73 | #endif |
74 | 74 | |
75 | 75 | /* block cipher key sizes */ |
76 | _SZ_STRINGIFY_S(ltc_cipher_descriptor), | |
77 | _SZ_STRINGIFY_T(symmetric_key), | |
76 | SZ_STRINGIFY_S(ltc_cipher_descriptor), | |
77 | SZ_STRINGIFY_T(symmetric_key), | |
78 | 78 | #ifdef LTC_ANUBIS |
79 | _SZ_STRINGIFY_S(anubis_key), | |
79 | SZ_STRINGIFY_S(anubis_key), | |
80 | 80 | #endif |
81 | 81 | #ifdef LTC_CAMELLIA |
82 | _SZ_STRINGIFY_S(camellia_key), | |
82 | SZ_STRINGIFY_S(camellia_key), | |
83 | 83 | #endif |
84 | 84 | #ifdef LTC_BLOWFISH |
85 | _SZ_STRINGIFY_S(blowfish_key), | |
85 | SZ_STRINGIFY_S(blowfish_key), | |
86 | 86 | #endif |
87 | 87 | #ifdef LTC_CAST5 |
88 | _SZ_STRINGIFY_S(cast5_key), | |
88 | SZ_STRINGIFY_S(cast5_key), | |
89 | 89 | #endif |
90 | 90 | #ifdef LTC_DES |
91 | _SZ_STRINGIFY_S(des_key), | |
92 | _SZ_STRINGIFY_S(des3_key), | |
91 | SZ_STRINGIFY_S(des_key), | |
92 | SZ_STRINGIFY_S(des3_key), | |
93 | 93 | #endif |
94 | 94 | #ifdef LTC_IDEA |
95 | _SZ_STRINGIFY_S(idea_key), | |
95 | SZ_STRINGIFY_S(idea_key), | |
96 | 96 | #endif |
97 | 97 | #ifdef LTC_KASUMI |
98 | _SZ_STRINGIFY_S(kasumi_key), | |
98 | SZ_STRINGIFY_S(kasumi_key), | |
99 | 99 | #endif |
100 | 100 | #ifdef LTC_KHAZAD |
101 | _SZ_STRINGIFY_S(khazad_key), | |
101 | SZ_STRINGIFY_S(khazad_key), | |
102 | 102 | #endif |
103 | 103 | #ifdef LTC_KSEED |
104 | _SZ_STRINGIFY_S(kseed_key), | |
104 | SZ_STRINGIFY_S(kseed_key), | |
105 | 105 | #endif |
106 | 106 | #ifdef LTC_MULTI2 |
107 | _SZ_STRINGIFY_S(multi2_key), | |
107 | SZ_STRINGIFY_S(multi2_key), | |
108 | 108 | #endif |
109 | 109 | #ifdef LTC_NOEKEON |
110 | _SZ_STRINGIFY_S(noekeon_key), | |
110 | SZ_STRINGIFY_S(noekeon_key), | |
111 | 111 | #endif |
112 | 112 | #ifdef LTC_RC2 |
113 | _SZ_STRINGIFY_S(rc2_key), | |
113 | SZ_STRINGIFY_S(rc2_key), | |
114 | 114 | #endif |
115 | 115 | #ifdef LTC_RC5 |
116 | _SZ_STRINGIFY_S(rc5_key), | |
116 | SZ_STRINGIFY_S(rc5_key), | |
117 | 117 | #endif |
118 | 118 | #ifdef LTC_RC6 |
119 | _SZ_STRINGIFY_S(rc6_key), | |
119 | SZ_STRINGIFY_S(rc6_key), | |
120 | 120 | #endif |
121 | 121 | #ifdef LTC_SERPENT |
122 | _SZ_STRINGIFY_S(serpent_key), | |
122 | SZ_STRINGIFY_S(serpent_key), | |
123 | 123 | #endif |
124 | 124 | #ifdef LTC_SKIPJACK |
125 | _SZ_STRINGIFY_S(skipjack_key), | |
125 | SZ_STRINGIFY_S(skipjack_key), | |
126 | 126 | #endif |
127 | 127 | #ifdef LTC_XTEA |
128 | _SZ_STRINGIFY_S(xtea_key), | |
128 | SZ_STRINGIFY_S(xtea_key), | |
129 | 129 | #endif |
130 | 130 | #ifdef LTC_RIJNDAEL |
131 | _SZ_STRINGIFY_S(rijndael_key), | |
131 | SZ_STRINGIFY_S(rijndael_key), | |
132 | 132 | #endif |
133 | 133 | #ifdef LTC_SAFER |
134 | _SZ_STRINGIFY_S(safer_key), | |
134 | SZ_STRINGIFY_S(safer_key), | |
135 | 135 | #endif |
136 | 136 | #ifdef LTC_SAFERP |
137 | _SZ_STRINGIFY_S(saferp_key), | |
137 | SZ_STRINGIFY_S(saferp_key), | |
138 | 138 | #endif |
139 | 139 | #ifdef LTC_TWOFISH |
140 | _SZ_STRINGIFY_S(twofish_key), | |
140 | SZ_STRINGIFY_S(twofish_key), | |
141 | 141 | #endif |
142 | 142 | |
143 | 143 | /* mode sizes */ |
144 | 144 | #ifdef LTC_ECB_MODE |
145 | _SZ_STRINGIFY_T(symmetric_ECB), | |
145 | SZ_STRINGIFY_T(symmetric_ECB), | |
146 | 146 | #endif |
147 | 147 | #ifdef LTC_CFB_MODE |
148 | _SZ_STRINGIFY_T(symmetric_CFB), | |
148 | SZ_STRINGIFY_T(symmetric_CFB), | |
149 | 149 | #endif |
150 | 150 | #ifdef LTC_OFB_MODE |
151 | _SZ_STRINGIFY_T(symmetric_OFB), | |
151 | SZ_STRINGIFY_T(symmetric_OFB), | |
152 | 152 | #endif |
153 | 153 | #ifdef LTC_CBC_MODE |
154 | _SZ_STRINGIFY_T(symmetric_CBC), | |
154 | SZ_STRINGIFY_T(symmetric_CBC), | |
155 | 155 | #endif |
156 | 156 | #ifdef LTC_CTR_MODE |
157 | _SZ_STRINGIFY_T(symmetric_CTR), | |
157 | SZ_STRINGIFY_T(symmetric_CTR), | |
158 | 158 | #endif |
159 | 159 | #ifdef LTC_LRW_MODE |
160 | _SZ_STRINGIFY_T(symmetric_LRW), | |
160 | SZ_STRINGIFY_T(symmetric_LRW), | |
161 | 161 | #endif |
162 | 162 | #ifdef LTC_F8_MODE |
163 | _SZ_STRINGIFY_T(symmetric_F8), | |
163 | SZ_STRINGIFY_T(symmetric_F8), | |
164 | 164 | #endif |
165 | 165 | #ifdef LTC_XTS_MODE |
166 | _SZ_STRINGIFY_T(symmetric_xts), | |
166 | SZ_STRINGIFY_T(symmetric_xts), | |
167 | 167 | #endif |
168 | 168 | |
169 | 169 | /* stream cipher sizes */ |
170 | 170 | #ifdef LTC_CHACHA |
171 | _SZ_STRINGIFY_T(chacha_state), | |
171 | SZ_STRINGIFY_T(chacha_state), | |
172 | 172 | #endif |
173 | 173 | #ifdef LTC_SALSA20 |
174 | _SZ_STRINGIFY_T(salsa20_state), | |
174 | SZ_STRINGIFY_T(salsa20_state), | |
175 | 175 | #endif |
176 | 176 | #ifdef LTC_SOSEMANUK |
177 | _SZ_STRINGIFY_T(sosemanuk_state), | |
177 | SZ_STRINGIFY_T(sosemanuk_state), | |
178 | 178 | #endif |
179 | 179 | #ifdef LTC_RABBIT |
180 | _SZ_STRINGIFY_T(rabbit_state), | |
180 | SZ_STRINGIFY_T(rabbit_state), | |
181 | 181 | #endif |
182 | 182 | #ifdef LTC_RC4_STREAM |
183 | _SZ_STRINGIFY_T(rc4_state), | |
183 | SZ_STRINGIFY_T(rc4_state), | |
184 | 184 | #endif |
185 | 185 | #ifdef LTC_SOBER128_STREAM |
186 | _SZ_STRINGIFY_T(sober128_state), | |
186 | SZ_STRINGIFY_T(sober128_state), | |
187 | 187 | #endif |
188 | 188 | |
189 | 189 | /* MAC sizes -- no states for ccm, lrw */ |
190 | 190 | #ifdef LTC_HMAC |
191 | _SZ_STRINGIFY_T(hmac_state), | |
191 | SZ_STRINGIFY_T(hmac_state), | |
192 | 192 | #endif |
193 | 193 | #ifdef LTC_OMAC |
194 | _SZ_STRINGIFY_T(omac_state), | |
194 | SZ_STRINGIFY_T(omac_state), | |
195 | 195 | #endif |
196 | 196 | #ifdef LTC_PMAC |
197 | _SZ_STRINGIFY_T(pmac_state), | |
197 | SZ_STRINGIFY_T(pmac_state), | |
198 | 198 | #endif |
199 | 199 | #ifdef LTC_POLY1305 |
200 | _SZ_STRINGIFY_T(poly1305_state), | |
200 | SZ_STRINGIFY_T(poly1305_state), | |
201 | 201 | #endif |
202 | 202 | #ifdef LTC_EAX_MODE |
203 | _SZ_STRINGIFY_T(eax_state), | |
203 | SZ_STRINGIFY_T(eax_state), | |
204 | 204 | #endif |
205 | 205 | #ifdef LTC_OCB_MODE |
206 | _SZ_STRINGIFY_T(ocb_state), | |
206 | SZ_STRINGIFY_T(ocb_state), | |
207 | 207 | #endif |
208 | 208 | #ifdef LTC_OCB3_MODE |
209 | _SZ_STRINGIFY_T(ocb3_state), | |
209 | SZ_STRINGIFY_T(ocb3_state), | |
210 | 210 | #endif |
211 | 211 | #ifdef LTC_CCM_MODE |
212 | _SZ_STRINGIFY_T(ccm_state), | |
212 | SZ_STRINGIFY_T(ccm_state), | |
213 | 213 | #endif |
214 | 214 | #ifdef LTC_GCM_MODE |
215 | _SZ_STRINGIFY_T(gcm_state), | |
215 | SZ_STRINGIFY_T(gcm_state), | |
216 | 216 | #endif |
217 | 217 | #ifdef LTC_PELICAN |
218 | _SZ_STRINGIFY_T(pelican_state), | |
218 | SZ_STRINGIFY_T(pelican_state), | |
219 | 219 | #endif |
220 | 220 | #ifdef LTC_XCBC |
221 | _SZ_STRINGIFY_T(xcbc_state), | |
221 | SZ_STRINGIFY_T(xcbc_state), | |
222 | 222 | #endif |
223 | 223 | #ifdef LTC_F9_MODE |
224 | _SZ_STRINGIFY_T(f9_state), | |
224 | SZ_STRINGIFY_T(f9_state), | |
225 | 225 | #endif |
226 | 226 | #ifdef LTC_CHACHA20POLY1305_MODE |
227 | _SZ_STRINGIFY_T(chacha20poly1305_state), | |
227 | SZ_STRINGIFY_T(chacha20poly1305_state), | |
228 | 228 | #endif |
229 | 229 | |
230 | 230 | /* asymmetric keys */ |
231 | 231 | #ifdef LTC_MRSA |
232 | _SZ_STRINGIFY_T(rsa_key), | |
232 | SZ_STRINGIFY_T(rsa_key), | |
233 | 233 | #endif |
234 | 234 | #ifdef LTC_MDSA |
235 | _SZ_STRINGIFY_T(dsa_key), | |
235 | SZ_STRINGIFY_T(dsa_key), | |
236 | 236 | #endif |
237 | 237 | #ifdef LTC_MDH |
238 | _SZ_STRINGIFY_T(dh_key), | |
238 | SZ_STRINGIFY_T(dh_key), | |
239 | 239 | #endif |
240 | 240 | #ifdef LTC_MECC |
241 | _SZ_STRINGIFY_T(ltc_ecc_curve), | |
242 | _SZ_STRINGIFY_T(ecc_point), | |
243 | _SZ_STRINGIFY_T(ecc_key), | |
241 | SZ_STRINGIFY_T(ltc_ecc_curve), | |
242 | SZ_STRINGIFY_T(ecc_point), | |
243 | SZ_STRINGIFY_T(ecc_key), | |
244 | 244 | #endif |
245 | 245 | |
246 | 246 | /* DER handling */ |
247 | 247 | #ifdef LTC_DER |
248 | _SZ_STRINGIFY_T(ltc_asn1_list), /* a list entry */ | |
249 | _SZ_STRINGIFY_T(ltc_utctime), | |
250 | _SZ_STRINGIFY_T(ltc_generalizedtime), | |
248 | SZ_STRINGIFY_T(ltc_asn1_list), /* a list entry */ | |
249 | SZ_STRINGIFY_T(ltc_utctime), | |
250 | SZ_STRINGIFY_T(ltc_generalizedtime), | |
251 | 251 | #endif |
252 | 252 | |
253 | 253 | /* prng state sizes */ |
254 | _SZ_STRINGIFY_S(ltc_prng_descriptor), | |
255 | _SZ_STRINGIFY_T(prng_state), | |
254 | SZ_STRINGIFY_S(ltc_prng_descriptor), | |
255 | SZ_STRINGIFY_T(prng_state), | |
256 | 256 | #ifdef LTC_FORTUNA |
257 | _SZ_STRINGIFY_S(fortuna_prng), | |
257 | SZ_STRINGIFY_S(fortuna_prng), | |
258 | 258 | #endif |
259 | 259 | #ifdef LTC_CHACHA20_PRNG |
260 | _SZ_STRINGIFY_S(chacha20_prng), | |
260 | SZ_STRINGIFY_S(chacha20_prng), | |
261 | 261 | #endif |
262 | 262 | #ifdef LTC_RC4 |
263 | _SZ_STRINGIFY_S(rc4_prng), | |
263 | SZ_STRINGIFY_S(rc4_prng), | |
264 | 264 | #endif |
265 | 265 | #ifdef LTC_SOBER128 |
266 | _SZ_STRINGIFY_S(sober128_prng), | |
266 | SZ_STRINGIFY_S(sober128_prng), | |
267 | 267 | #endif |
268 | 268 | #ifdef LTC_YARROW |
269 | _SZ_STRINGIFY_S(yarrow_prng), | |
269 | SZ_STRINGIFY_S(yarrow_prng), | |
270 | 270 | #endif |
271 | 271 | /* sprng has no state as it uses other potentially available sources */ |
272 | 272 | /* like /dev/random. See Developers Guide for more info. */ |
273 | 273 | |
274 | 274 | #ifdef LTC_ADLER32 |
275 | _SZ_STRINGIFY_T(adler32_state), | |
275 | SZ_STRINGIFY_T(adler32_state), | |
276 | 276 | #endif |
277 | 277 | #ifdef LTC_CRC32 |
278 | _SZ_STRINGIFY_T(crc32_state), | |
279 | #endif | |
280 | ||
281 | _SZ_STRINGIFY_T(ltc_mp_digit), | |
282 | _SZ_STRINGIFY_T(ltc_math_descriptor) | |
278 | SZ_STRINGIFY_T(crc32_state), | |
279 | #endif | |
280 | ||
281 | SZ_STRINGIFY_T(ltc_mp_digit), | |
282 | SZ_STRINGIFY_T(ltc_math_descriptor) | |
283 | 283 | |
284 | 284 | }; |
285 | 285 | |
289 | 289 | */ |
290 | 290 | int crypt_get_size(const char* namein, unsigned int *sizeout) { |
291 | 291 | int i; |
292 | int count = sizeof(_crypt_sizes) / sizeof(_crypt_sizes[0]); | |
292 | int count = sizeof(s_crypt_sizes) / sizeof(s_crypt_sizes[0]); | |
293 | 293 | for (i=0; i<count; i++) { |
294 | if (XSTRCMP(_crypt_sizes[i].name, namein) == 0) { | |
295 | *sizeout = _crypt_sizes[i].size; | |
294 | if (XSTRCMP(s_crypt_sizes[i].name, namein) == 0) { | |
295 | *sizeout = s_crypt_sizes[i].size; | |
296 | 296 | return 0; |
297 | 297 | } |
298 | 298 | } |
314 | 314 | unsigned int total_len = 0; |
315 | 315 | char *ptr; |
316 | 316 | int number_len; |
317 | int count = sizeof(_crypt_sizes) / sizeof(_crypt_sizes[0]); | |
317 | int count = sizeof(s_crypt_sizes) / sizeof(s_crypt_sizes[0]); | |
318 | 318 | |
319 | 319 | /* calculate amount of memory required for the list */ |
320 | 320 | for (i=0; i<count; i++) { |
321 | number_len = snprintf(NULL, 0, "%s,%u\n", _crypt_sizes[i].name, _crypt_sizes[i].size); | |
321 | number_len = snprintf(NULL, 0, "%s,%u\n", s_crypt_sizes[i].name, s_crypt_sizes[i].size); | |
322 | 322 | if (number_len < 0) { |
323 | 323 | return -1; |
324 | 324 | } |
335 | 335 | /* build the names list */ |
336 | 336 | ptr = names_list; |
337 | 337 | for (i=0; i<count; i++) { |
338 | number_len = snprintf(ptr, total_len, "%s,%u\n", _crypt_sizes[i].name, _crypt_sizes[i].size); | |
338 | number_len = snprintf(ptr, total_len, "%s,%u\n", s_crypt_sizes[i].name, s_crypt_sizes[i].size); | |
339 | 339 | if (number_len < 0) return -1; |
340 | 340 | if ((unsigned int)number_len > total_len) return -1; |
341 | 341 | total_len -= number_len; |
10 | 10 | @param mode Mask of (LTC_PAD_xxx | block_length) |
11 | 11 | @return CRYPT_OK on success |
12 | 12 | */ |
13 | static int _padding_padded_length(unsigned long *length, unsigned long mode) | |
13 | static int s_padding_padded_length(unsigned long *length, unsigned long mode) | |
14 | 14 | { |
15 | 15 | enum padding_type padding; |
16 | 16 | unsigned char pad, block_length, r, t; |
86 | 86 | LTC_ARGCHK(padded_length != NULL); |
87 | 87 | |
88 | 88 | l = length; |
89 | if ((err = _padding_padded_length(&l, mode)) != CRYPT_OK) { | |
89 | if ((err = s_padding_padded_length(&l, mode)) != CRYPT_OK) { | |
90 | 90 | return err; |
91 | 91 | } |
92 | 92 |
3 | 3 | |
4 | 4 | #ifdef LTC_PBES |
5 | 5 | |
6 | static int _pkcs_5_alg1_wrap(const unsigned char *password, unsigned long password_len, | |
6 | static int s_pkcs_5_alg1_wrap(const unsigned char *password, unsigned long password_len, | |
7 | 7 | const unsigned char *salt, unsigned long salt_len, |
8 | 8 | int iteration_count, int hash_idx, |
9 | 9 | unsigned char *out, unsigned long *outlen) |
12 | 12 | return pkcs_5_alg1(password, password_len, salt, iteration_count, hash_idx, out, outlen); |
13 | 13 | } |
14 | 14 | |
15 | static int _pkcs_12_wrap(const unsigned char *password, unsigned long password_len, | |
15 | static int s_pkcs_12_wrap(const unsigned char *password, unsigned long password_len, | |
16 | 16 | const unsigned char *salt, unsigned long salt_len, |
17 | 17 | int iteration_count, int hash_idx, |
18 | 18 | unsigned char *out, unsigned long *outlen) |
39 | 39 | return err; |
40 | 40 | } |
41 | 41 | |
42 | static const pbes_properties _pbes1_types[] = { | |
43 | { _pkcs_5_alg1_wrap, "md2", "des", 8, 8 }, | |
44 | { _pkcs_5_alg1_wrap, "md2", "rc2", 8, 8 }, | |
45 | { _pkcs_5_alg1_wrap, "md5", "des", 8, 8 }, | |
46 | { _pkcs_5_alg1_wrap, "md5", "rc2", 8, 8 }, | |
47 | { _pkcs_5_alg1_wrap, "sha1", "des", 8, 8 }, | |
48 | { _pkcs_5_alg1_wrap, "sha1", "rc2", 8, 8 }, | |
49 | { _pkcs_12_wrap, "sha1", "3des", 24, 8 }, | |
42 | static const pbes_properties s_pbes1_types[] = { | |
43 | { s_pkcs_5_alg1_wrap, "md2", "des", 8, 8 }, | |
44 | { s_pkcs_5_alg1_wrap, "md2", "rc2", 8, 8 }, | |
45 | { s_pkcs_5_alg1_wrap, "md5", "des", 8, 8 }, | |
46 | { s_pkcs_5_alg1_wrap, "md5", "rc2", 8, 8 }, | |
47 | { s_pkcs_5_alg1_wrap, "sha1", "des", 8, 8 }, | |
48 | { s_pkcs_5_alg1_wrap, "sha1", "rc2", 8, 8 }, | |
49 | { s_pkcs_12_wrap, "sha1", "3des", 24, 8 }, | |
50 | 50 | }; |
51 | 51 | |
52 | 52 | typedef struct { |
54 | 54 | const char *oid; |
55 | 55 | } oid_to_pbes; |
56 | 56 | |
57 | static const oid_to_pbes _pbes1_list[] = { | |
58 | { &_pbes1_types[0], "1.2.840.113549.1.5.1" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.1 pbeWithMD2AndDES-CBC */ | |
59 | { &_pbes1_types[1], "1.2.840.113549.1.5.4" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.4 pbeWithMD2AndRC2-CBC */ | |
60 | { &_pbes1_types[2], "1.2.840.113549.1.5.3" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.3 pbeWithMD5AndDES-CBC */ | |
61 | { &_pbes1_types[3], "1.2.840.113549.1.5.6" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.6 pbeWithMD5AndRC2-CBC */ | |
62 | { &_pbes1_types[4], "1.2.840.113549.1.5.10" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.10 pbeWithSHA1AndDES-CBC */ | |
63 | { &_pbes1_types[5], "1.2.840.113549.1.5.11" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.11 pbeWithSHA1AndRC2-CBC */ | |
64 | { &_pbes1_types[6], "1.2.840.113549.1.12.1.3" }, /* http://www.oid-info.com/get/1.2.840.113549.1.12.1.3 pbeWithSHAAnd3-KeyTripleDES-CBC */ | |
57 | static const oid_to_pbes s_pbes1_list[] = { | |
58 | { &s_pbes1_types[0], "1.2.840.113549.1.5.1" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.1 pbeWithMD2AndDES-CBC */ | |
59 | { &s_pbes1_types[1], "1.2.840.113549.1.5.4" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.4 pbeWithMD2AndRC2-CBC */ | |
60 | { &s_pbes1_types[2], "1.2.840.113549.1.5.3" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.3 pbeWithMD5AndDES-CBC */ | |
61 | { &s_pbes1_types[3], "1.2.840.113549.1.5.6" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.6 pbeWithMD5AndRC2-CBC */ | |
62 | { &s_pbes1_types[4], "1.2.840.113549.1.5.10" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.10 pbeWithSHA1AndDES-CBC */ | |
63 | { &s_pbes1_types[5], "1.2.840.113549.1.5.11" }, /* http://www.oid-info.com/get/1.2.840.113549.1.5.11 pbeWithSHA1AndRC2-CBC */ | |
64 | { &s_pbes1_types[6], "1.2.840.113549.1.12.1.3" }, /* http://www.oid-info.com/get/1.2.840.113549.1.12.1.3 pbeWithSHAAnd3-KeyTripleDES-CBC */ | |
65 | 65 | { 0 }, |
66 | 66 | }; |
67 | 67 | |
68 | static int _pbes1_from_oid(const ltc_asn1_list *oid, pbes_properties *res) | |
68 | static int s_pbes1_from_oid(const ltc_asn1_list *oid, pbes_properties *res) | |
69 | 69 | { |
70 | 70 | unsigned int i; |
71 | for (i = 0; _pbes1_list[i].data != NULL; ++i) { | |
72 | if (pk_oid_cmp_with_asn1(_pbes1_list[i].oid, oid) == CRYPT_OK) { | |
73 | if (res != NULL) *res = *_pbes1_list[i].data; | |
71 | for (i = 0; s_pbes1_list[i].data != NULL; ++i) { | |
72 | if (pk_oid_cmp_with_asn1(s_pbes1_list[i].oid, oid) == CRYPT_OK) { | |
73 | if (res != NULL) *res = *s_pbes1_list[i].data; | |
74 | 74 | return CRYPT_OK; |
75 | 75 | } |
76 | 76 | } |
91 | 91 | LTC_ARGCHK(s != NULL); |
92 | 92 | LTC_ARGCHK(res != NULL); |
93 | 93 | |
94 | if ((err = _pbes1_from_oid(s, &res->type)) != CRYPT_OK) return err; | |
94 | if ((err = s_pbes1_from_oid(s, &res->type)) != CRYPT_OK) return err; | |
95 | 95 | |
96 | 96 | if (!LTC_ASN1_IS_TYPE(s->next, LTC_ASN1_SEQUENCE) || |
97 | 97 | !LTC_ASN1_IS_TYPE(s->next->child, LTC_ASN1_OCTET_STRING) || |
3 | 3 | |
4 | 4 | #ifdef LTC_PBES |
5 | 5 | |
6 | static const char * const _oid_pbes2 = "1.2.840.113549.1.5.13"; | |
7 | static const char * const _oid_pbkdf2 = "1.2.840.113549.1.5.12"; | |
6 | static const char * const s_oid_pbes2 = "1.2.840.113549.1.5.13"; | |
7 | static const char * const s_oid_pbkdf2 = "1.2.840.113549.1.5.12"; | |
8 | 8 | |
9 | 9 | typedef struct { |
10 | 10 | const char *oid; |
11 | 11 | const char *id; |
12 | 12 | } oid_id_st; |
13 | 13 | |
14 | static const oid_id_st _hmac_oid_names[] = { | |
14 | static const oid_id_st s_hmac_oid_names[] = { | |
15 | 15 | { "1.2.840.113549.2.7", "sha1" }, |
16 | 16 | { "1.2.840.113549.2.8", "sha224" }, |
17 | 17 | { "1.2.840.113549.2.9", "sha256" }, |
21 | 21 | { "1.2.840.113549.2.13", "sha512-256" }, |
22 | 22 | }; |
23 | 23 | |
24 | static const pbes_properties _pbes2_default_types[] = { | |
24 | static const pbes_properties s_pbes2_default_types[] = { | |
25 | 25 | { pkcs_5_alg2, "sha1", "des", 8, 0 }, |
26 | 26 | { pkcs_5_alg2, "sha1", "rc2", 4, 0 }, |
27 | 27 | { pkcs_5_alg2, "sha1", "3des", 24, 0 }, |
35 | 35 | const char* oid; |
36 | 36 | } oid_to_pbes; |
37 | 37 | |
38 | static const oid_to_pbes _pbes2_list[] = { | |
39 | { &_pbes2_default_types[0], "1.3.14.3.2.7" }, /* http://www.oid-info.com/get/1.3.14.3.2.7 desCBC */ | |
40 | { &_pbes2_default_types[1], "1.2.840.113549.3.2" }, /* http://www.oid-info.com/get/1.2.840.113549.3.2 rc2CBC */ | |
41 | { &_pbes2_default_types[2], "1.2.840.113549.3.7" }, /* http://www.oid-info.com/get/1.2.840.113549.3.7 des-EDE3-CBC */ | |
42 | { &_pbes2_default_types[3], "2.16.840.1.101.3.4.1.2" }, /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.2 aes128-CBC */ | |
43 | { &_pbes2_default_types[4], "2.16.840.1.101.3.4.1.22" }, /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.22 aes192-CBC */ | |
44 | { &_pbes2_default_types[5], "2.16.840.1.101.3.4.1.42" }, /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.42 aes256-CBC */ | |
38 | static const oid_to_pbes s_pbes2_list[] = { | |
39 | { &s_pbes2_default_types[0], "1.3.14.3.2.7" }, /* http://www.oid-info.com/get/1.3.14.3.2.7 desCBC */ | |
40 | { &s_pbes2_default_types[1], "1.2.840.113549.3.2" }, /* http://www.oid-info.com/get/1.2.840.113549.3.2 rc2CBC */ | |
41 | { &s_pbes2_default_types[2], "1.2.840.113549.3.7" }, /* http://www.oid-info.com/get/1.2.840.113549.3.7 des-EDE3-CBC */ | |
42 | { &s_pbes2_default_types[3], "2.16.840.1.101.3.4.1.2" }, /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.2 aes128-CBC */ | |
43 | { &s_pbes2_default_types[4], "2.16.840.1.101.3.4.1.22" }, /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.22 aes192-CBC */ | |
44 | { &s_pbes2_default_types[5], "2.16.840.1.101.3.4.1.42" }, /* http://www.oid-info.com/get/2.16.840.1.101.3.4.1.42 aes256-CBC */ | |
45 | 45 | }; |
46 | 46 | |
47 | static int _pbes2_from_oid(const ltc_asn1_list *cipher_oid, const ltc_asn1_list *hmac_oid, pbes_properties *res) | |
47 | static int s_pbes2_from_oid(const ltc_asn1_list *cipher_oid, const ltc_asn1_list *hmac_oid, pbes_properties *res) | |
48 | 48 | { |
49 | 49 | unsigned int i; |
50 | for (i = 0; i < sizeof(_pbes2_list)/sizeof(_pbes2_list[0]); ++i) { | |
51 | if (pk_oid_cmp_with_asn1(_pbes2_list[i].oid, cipher_oid) == CRYPT_OK) { | |
52 | *res = *_pbes2_list[i].data; | |
50 | for (i = 0; i < sizeof(s_pbes2_list)/sizeof(s_pbes2_list[0]); ++i) { | |
51 | if (pk_oid_cmp_with_asn1(s_pbes2_list[i].oid, cipher_oid) == CRYPT_OK) { | |
52 | *res = *s_pbes2_list[i].data; | |
53 | 53 | break; |
54 | 54 | } |
55 | 55 | } |
56 | 56 | if (res->c == NULL) return CRYPT_INVALID_CIPHER; |
57 | 57 | if (hmac_oid != NULL) { |
58 | for (i = 0; i < sizeof(_hmac_oid_names)/sizeof(_hmac_oid_names[0]); ++i) { | |
59 | if (pk_oid_cmp_with_asn1(_hmac_oid_names[i].oid, hmac_oid) == CRYPT_OK) { | |
60 | res->h = _hmac_oid_names[i].id; | |
58 | for (i = 0; i < sizeof(s_hmac_oid_names)/sizeof(s_hmac_oid_names[0]); ++i) { | |
59 | if (pk_oid_cmp_with_asn1(s_hmac_oid_names[i].oid, hmac_oid) == CRYPT_OK) { | |
60 | res->h = s_hmac_oid_names[i].id; | |
61 | 61 | return CRYPT_OK; |
62 | 62 | } |
63 | 63 | } |
83 | 83 | LTC_ARGCHK(s != NULL); |
84 | 84 | LTC_ARGCHK(res != NULL); |
85 | 85 | |
86 | if ((err = pk_oid_cmp_with_asn1(_oid_pbes2, s)) != CRYPT_OK) return err; | |
86 | if ((err = pk_oid_cmp_with_asn1(s_oid_pbes2, s)) != CRYPT_OK) return err; | |
87 | 87 | |
88 | 88 | if (!LTC_ASN1_IS_TYPE(s->next, LTC_ASN1_SEQUENCE) || |
89 | 89 | !LTC_ASN1_IS_TYPE(s->next->child, LTC_ASN1_SEQUENCE) || |
114 | 114 | lkdf = s->next->child->child; |
115 | 115 | lenc = s->next->child->next->child; |
116 | 116 | |
117 | if ((err = pk_oid_cmp_with_asn1(_oid_pbkdf2, lkdf)) != CRYPT_OK) return err; | |
117 | if ((err = pk_oid_cmp_with_asn1(s_oid_pbkdf2, lkdf)) != CRYPT_OK) return err; | |
118 | 118 | |
119 | 119 | if (!LTC_ASN1_IS_TYPE(lkdf->next, LTC_ASN1_SEQUENCE) || |
120 | 120 | !LTC_ASN1_IS_TYPE(lkdf->next->child, LTC_ASN1_OCTET_STRING) || |
139 | 139 | LTC_ASN1_IS_TYPE(loptseq->child, LTC_ASN1_OBJECT_IDENTIFIER)) { |
140 | 140 | lhmac = loptseq->child; |
141 | 141 | } |
142 | if ((err = _pbes2_from_oid(lenc, lhmac, &res->type)) != CRYPT_OK) return err; | |
142 | if ((err = s_pbes2_from_oid(lenc, lhmac, &res->type)) != CRYPT_OK) return err; | |
143 | 143 | |
144 | 144 | if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_OCTET_STRING)) { |
145 | 145 | /* 'NON-RC2'-CBC */ |
28 | 28 | @param openssl_compat [in] Whether or not to grow the key to the buffer size ala OpenSSL |
29 | 29 | @return CRYPT_OK if successful |
30 | 30 | */ |
31 | static int _pkcs_5_alg1_common(const unsigned char *password, | |
31 | static int s_pkcs_5_alg1_common(const unsigned char *password, | |
32 | 32 | unsigned long password_len, |
33 | 33 | const unsigned char *salt, |
34 | 34 | int iteration_count, int hash_idx, |
48 | 48 | LTC_ARGCHK(salt != NULL); |
49 | 49 | LTC_ARGCHK(out != NULL); |
50 | 50 | LTC_ARGCHK(outlen != NULL); |
51 | ||
52 | if (iteration_count <= 0) { | |
53 | return CRYPT_INVALID_ARG; | |
54 | } | |
51 | 55 | |
52 | 56 | /* test hash IDX */ |
53 | 57 | if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { |
149 | 153 | int iteration_count, int hash_idx, |
150 | 154 | unsigned char *out, unsigned long *outlen) |
151 | 155 | { |
152 | return _pkcs_5_alg1_common(password, password_len, salt, iteration_count, | |
156 | return s_pkcs_5_alg1_common(password, password_len, salt, iteration_count, | |
153 | 157 | hash_idx, out, outlen, 0); |
154 | 158 | } |
155 | 159 | |
173 | 177 | int iteration_count, int hash_idx, |
174 | 178 | unsigned char *out, unsigned long *outlen) |
175 | 179 | { |
176 | return _pkcs_5_alg1_common(password, password_len, salt, iteration_count, | |
180 | return s_pkcs_5_alg1_common(password, password_len, salt, iteration_count, | |
177 | 181 | hash_idx, out, outlen, 1); |
178 | 182 | } |
179 | 183 |
34 | 34 | LTC_ARGCHK(salt != NULL); |
35 | 35 | LTC_ARGCHK(out != NULL); |
36 | 36 | LTC_ARGCHK(outlen != NULL); |
37 | ||
38 | if (iteration_count <= 0) { | |
39 | return CRYPT_INVALID_ARG; | |
40 | } | |
37 | 41 | |
38 | 42 | /* test hash IDX */ |
39 | 43 | if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { |
17 | 17 | @param ctr CTR state |
18 | 18 | @return CRYPT_OK if successful |
19 | 19 | */ |
20 | static int _ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr) | |
20 | static int s_ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr) | |
21 | 21 | { |
22 | 22 | int x, err; |
23 | 23 | |
104 | 104 | if ((cipher_descriptor[ctr->cipher].accel_ctr_encrypt != NULL) && (len >= (unsigned long)ctr->blocklen)) { |
105 | 105 | if (ctr->padlen < ctr->blocklen) { |
106 | 106 | fr = ctr->blocklen - ctr->padlen; |
107 | if ((err = _ctr_encrypt(pt, ct, fr, ctr)) != CRYPT_OK) { | |
107 | if ((err = s_ctr_encrypt(pt, ct, fr, ctr)) != CRYPT_OK) { | |
108 | 108 | return err; |
109 | 109 | } |
110 | 110 | pt += fr; |
122 | 122 | } |
123 | 123 | } |
124 | 124 | |
125 | return _ctr_encrypt(pt, ct, len, ctr); | |
125 | return s_ctr_encrypt(pt, ct, len, ctr); | |
126 | 126 | } |
127 | 127 | |
128 | 128 | #endif |
9 | 9 | |
10 | 10 | #ifdef LTC_DER |
11 | 11 | |
12 | static int _char_to_int(unsigned char x) | |
12 | static int s_char_to_int(unsigned char x) | |
13 | 13 | { |
14 | 14 | switch (x) { |
15 | 15 | case '0': return 0; |
27 | 27 | } |
28 | 28 | |
29 | 29 | #define DECODE_V(y, max) do {\ |
30 | y = _char_to_int(buf[x])*10 + _char_to_int(buf[x+1]); \ | |
30 | y = s_char_to_int(buf[x])*10 + s_char_to_int(buf[x+1]); \ | |
31 | 31 | if (y >= max) return CRYPT_INVALID_PACKET; \ |
32 | 32 | x += 2; \ |
33 | 33 | } while(0) |
34 | 34 | |
35 | 35 | #define DECODE_V4(y, max) do {\ |
36 | y = _char_to_int(buf[x])*1000 + _char_to_int(buf[x+1])*100 + _char_to_int(buf[x+2])*10 + _char_to_int(buf[x+3]); \ | |
36 | y = s_char_to_int(buf[x])*1000 + s_char_to_int(buf[x+1])*100 + s_char_to_int(buf[x+2])*10 + s_char_to_int(buf[x+3]); \ | |
37 | 37 | if (y >= max) return CRYPT_INVALID_PACKET; \ |
38 | 38 | x += 4; \ |
39 | 39 | } while(0) |
112 | 112 | unsigned fs = out->fs; |
113 | 113 | if (x >= sizeof(buf)) return CRYPT_INVALID_PACKET; |
114 | 114 | out->fs *= 10; |
115 | out->fs += _char_to_int(buf[x]); | |
115 | out->fs += s_char_to_int(buf[x]); | |
116 | 116 | if (fs > out->fs) return CRYPT_OVERFLOW; |
117 | 117 | x++; |
118 | 118 | } |
8 | 8 | |
9 | 9 | #ifdef LTC_DER |
10 | 10 | |
11 | static int _new_element(ltc_asn1_list **l) | |
11 | static int s_new_element(ltc_asn1_list **l) | |
12 | 12 | { |
13 | 13 | /* alloc new link */ |
14 | 14 | if (*l == NULL) { |
35 | 35 | @param depth The depth/level of decoding recursion we've already reached |
36 | 36 | @return CRYPT_OK on success. |
37 | 37 | */ |
38 | static int _der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out, unsigned long depth) | |
38 | static int s_der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out, unsigned long depth) | |
39 | 39 | { |
40 | 40 | ltc_asn1_list *l; |
41 | 41 | unsigned long err, identifier, len, totlen, data_offset, id_len, len_len; |
50 | 50 | |
51 | 51 | if (*inlen == 0) { |
52 | 52 | /* alloc new link */ |
53 | if ((err = _new_element(&l)) != CRYPT_OK) { | |
53 | if ((err = s_new_element(&l)) != CRYPT_OK) { | |
54 | 54 | goto error; |
55 | 55 | } |
56 | 56 | } |
58 | 58 | /* scan the input and and get lengths and what not */ |
59 | 59 | while (*inlen) { |
60 | 60 | /* alloc new link */ |
61 | if ((err = _new_element(&l)) != CRYPT_OK) { | |
61 | if ((err = s_new_element(&l)) != CRYPT_OK) { | |
62 | 62 | goto error; |
63 | 63 | } |
64 | 64 | |
446 | 446 | len_len = len; |
447 | 447 | |
448 | 448 | /* Sequence elements go as child */ |
449 | if ((err = _der_decode_sequence_flexi(in, &len, &(l->child), depth+1)) != CRYPT_OK) { | |
449 | if ((err = s_der_decode_sequence_flexi(in, &len, &(l->child), depth+1)) != CRYPT_OK) { | |
450 | 450 | goto error; |
451 | 451 | } |
452 | 452 | if (len_len != len) { |
533 | 533 | */ |
534 | 534 | int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out) |
535 | 535 | { |
536 | return _der_decode_sequence_flexi(in, inlen, out, 0); | |
536 | return s_der_decode_sequence_flexi(in, inlen, out, 0); | |
537 | 537 | } |
538 | 538 | |
539 | 539 | #endif |
19 | 19 | @param flags c.f. enum ltc_der_seq |
20 | 20 | @return CRYPT_OK on success |
21 | 21 | */ |
22 | static int _der_decode_sequence_va(const unsigned char *in, unsigned long inlen, va_list a1, va_list a2, unsigned int flags) | |
22 | static int s_der_decode_sequence_va(const unsigned char *in, unsigned long inlen, va_list a1, va_list a2, unsigned int flags) | |
23 | 23 | { |
24 | 24 | int err; |
25 | 25 | ltc_asn1_type type; |
141 | 141 | va_start(a1, inlen); |
142 | 142 | va_start(a2, inlen); |
143 | 143 | |
144 | err = _der_decode_sequence_va(in, inlen, a1, a2, LTC_DER_SEQ_SEQUENCE | LTC_DER_SEQ_RELAXED); | |
144 | err = s_der_decode_sequence_va(in, inlen, a1, a2, LTC_DER_SEQ_SEQUENCE | LTC_DER_SEQ_RELAXED); | |
145 | 145 | |
146 | 146 | va_end(a2); |
147 | 147 | va_end(a1); |
167 | 167 | va_start(a1, flags); |
168 | 168 | va_start(a2, flags); |
169 | 169 | |
170 | err = _der_decode_sequence_va(in, inlen, a1, a2, flags); | |
170 | err = s_der_decode_sequence_va(in, inlen, a1, a2, flags); | |
171 | 171 | |
172 | 172 | va_end(a2); |
173 | 173 | va_end(a1); |
9 | 9 | #ifdef LTC_DER |
10 | 10 | |
11 | 11 | /* LTC define to ASN.1 TAG */ |
12 | static int _ltc_to_asn1(ltc_asn1_type v) | |
12 | static int s_ltc_to_asn1(ltc_asn1_type v) | |
13 | 13 | { |
14 | 14 | return der_asn1_type_to_identifier_map[v]; |
15 | 15 | } |
16 | 16 | |
17 | 17 | |
18 | static int _qsort_helper(const void *a, const void *b) | |
18 | static int s_qsort_helper(const void *a, const void *b) | |
19 | 19 | { |
20 | 20 | ltc_asn1_list *A = (ltc_asn1_list *)a, *B = (ltc_asn1_list *)b; |
21 | 21 | int r; |
22 | 22 | |
23 | r = _ltc_to_asn1(A->type) - _ltc_to_asn1(B->type); | |
23 | r = s_ltc_to_asn1(A->type) - s_ltc_to_asn1(B->type); | |
24 | 24 | |
25 | 25 | /* for QSORT the order is UNDEFINED if they are "equal" which means it is NOT DETERMINISTIC. So we force it to be :-) */ |
26 | 26 | if (r == 0) { |
58 | 58 | } |
59 | 59 | |
60 | 60 | /* sort it by the "type" field */ |
61 | XQSORT(copy, inlen, sizeof(*copy), &_qsort_helper); | |
61 | XQSORT(copy, inlen, sizeof(*copy), &s_qsort_helper); | |
62 | 62 | |
63 | 63 | /* call der_encode_sequence_ex() */ |
64 | 64 | err = der_encode_sequence_ex(copy, inlen, out, outlen, LTC_ASN1_SET); |
13 | 13 | unsigned long size; |
14 | 14 | }; |
15 | 15 | |
16 | static int _qsort_helper(const void *a, const void *b) | |
16 | static int s_qsort_helper(const void *a, const void *b) | |
17 | 17 | { |
18 | 18 | struct edge *A = (struct edge *)a, *B = (struct edge *)b; |
19 | 19 | int r; |
125 | 125 | } |
126 | 126 | |
127 | 127 | /* sort based on contents (using edges) */ |
128 | XQSORT(edges, inlen, sizeof(*edges), &_qsort_helper); | |
128 | XQSORT(edges, inlen, sizeof(*edges), &s_qsort_helper); | |
129 | 129 | |
130 | 130 | /* copy static header */ |
131 | 131 | XMEMCPY(out, buf, hdrlen); |
8 | 8 | |
9 | 9 | #ifdef LTC_DER |
10 | 10 | |
11 | static int _char_to_int(unsigned char x) | |
11 | static int s_char_to_int(unsigned char x) | |
12 | 12 | { |
13 | 13 | switch (x) { |
14 | 14 | case '0': return 0; |
26 | 26 | } |
27 | 27 | |
28 | 28 | #define DECODE_V(y, max) \ |
29 | y = _char_to_int(buf[x])*10 + _char_to_int(buf[x+1]); \ | |
29 | y = s_char_to_int(buf[x])*10 + s_char_to_int(buf[x+1]); \ | |
30 | 30 | if (y >= max) return CRYPT_INVALID_PACKET; \ |
31 | 31 | x += 2; |
32 | 32 |
10 | 10 | #ifdef LTC_DER |
11 | 11 | |
12 | 12 | /** |
13 | Store a UTF8 STRING | |
13 | Decode a UTF8 STRING and recover an array of unicode characters. | |
14 | 14 | @param in The DER encoded UTF8 STRING |
15 | 15 | @param inlen The size of the DER UTF8 STRING |
16 | @param out [out] The array of utf8s stored (one per char) | |
17 | @param outlen [in/out] The number of utf8s stored | |
16 | @param out [out] The array of unicode characters (wchar_t*) | |
17 | @param outlen [in/out] The number of unicode characters in the array | |
18 | 18 | @return CRYPT_OK if successful |
19 | 19 | */ |
20 | 20 | int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, |
50 | 50 | return CRYPT_INVALID_PACKET; |
51 | 51 | } |
52 | 52 | |
53 | /* proceed to decode */ | |
53 | /* proceed to recover unicode characters from utf8 data. | |
54 | for reference see Section 3 of RFC 3629: | |
55 | ||
56 | https://tools.ietf.org/html/rfc3629#section-3 | |
57 | */ | |
54 | 58 | for (y = 0; x < inlen; ) { |
55 | /* get first byte */ | |
59 | /* read first byte */ | |
56 | 60 | tmp = in[x++]; |
57 | 61 | |
58 | /* count number of bytes */ | |
62 | /* a unicode character is recovered from a sequence of 1 to 4 utf8 bytes. | |
63 | the form of those bytes must match a row in the following table: | |
64 | ||
65 | 0xxxxxxx | |
66 | 110xxxxx 10xxxxxx | |
67 | 1110xxxx 10xxxxxx 10xxxxxx | |
68 | 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx | |
69 | ||
70 | the number of leading ones in the first byte (0,2,3,4) determines the | |
71 | number of remaining bytes to read (0,1,2,3) | |
72 | */ | |
73 | ||
74 | /* determine z, the number of leading ones. | |
75 | this is done by left-shifting tmp, which clears the ms-bits */ | |
59 | 76 | for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF); |
60 | 77 | |
61 | if (z == 1 || z > 4 || (x + (z - 1) > inlen)) { | |
78 | /* z should be in {0,2,3,4} */ | |
79 | if (z == 1 || z > 4) { | |
62 | 80 | return CRYPT_INVALID_PACKET; |
63 | 81 | } |
64 | 82 | |
65 | /* decode, grab upper bits */ | |
83 | /* right-shift tmp to restore least-sig bits */ | |
66 | 84 | tmp >>= z; |
67 | 85 | |
68 | /* grab remaining bytes */ | |
69 | if (z > 1) { --z; } | |
86 | /* now update z so it equals the number of additional bytes to read */ | |
87 | if (z > 0) { --z; } | |
88 | ||
89 | if (x + z > inlen) { | |
90 | return CRYPT_INVALID_PACKET; | |
91 | } | |
92 | ||
93 | /* read remaining bytes */ | |
70 | 94 | while (z-- != 0) { |
71 | 95 | if ((in[x] & 0xC0) != 0x80) { |
72 | 96 | return CRYPT_INVALID_PACKET; |
38 | 38 | unsigned long tmpbuf_len, tmp_inlen; |
39 | 39 | ltc_asn1_list *decoded_list = NULL, *l; |
40 | 40 | |
41 | LTC_ARGCHK(in != NULL); | |
42 | LTC_ARGCHK(inlen != 0); | |
41 | LTC_ARGCHK(in != NULL); | |
42 | LTC_ARGCHK(inlen != 0); | |
43 | LTC_ARGCHK(callback != NULL); | |
43 | 44 | |
44 | 45 | tmpbuf_len = inlen; |
45 | 46 | tmpbuf = XCALLOC(1, tmpbuf_len); |
80 | 81 | && (l->data != NULL) |
81 | 82 | && LOOKS_LIKE_SPKI(l->child)) { |
82 | 83 | if (algorithm == PKA_EC) { |
83 | err = ecc_import_subject_public_key_info(l->data, l->size, ctx); | |
84 | err = callback(l->data, l->size, ctx); | |
84 | 85 | } else { |
85 | 86 | err = x509_decode_subject_public_key_info(l->data, l->size, |
86 | 87 | algorithm, tmpbuf, &tmpbuf_len, |
4 | 4 | |
5 | 5 | #ifdef LTC_MDH |
6 | 6 | |
7 | static int _dh_groupsize_to_keysize(int groupsize) | |
7 | static int s_dh_groupsize_to_keysize(int groupsize) | |
8 | 8 | { |
9 | 9 | /* The strength estimates from https://tools.ietf.org/html/rfc3526#section-8 |
10 | 10 | * We use "Estimate 2" to get an appropriate private key (exponent) size. |
47 | 47 | return err; |
48 | 48 | } |
49 | 49 | |
50 | keysize = _dh_groupsize_to_keysize(mp_unsigned_bin_size(key->prime)); | |
50 | keysize = s_dh_groupsize_to_keysize(mp_unsigned_bin_size(key->prime)); | |
51 | 51 | if (keysize == 0) { |
52 | 52 | err = CRYPT_INVALID_KEYSIZE; |
53 | 53 | goto freemp; |
19 | 19 | @param g [out] bignum where generated 'g' is stored (must be initialized by caller) |
20 | 20 | @return CRYPT_OK if successful, upon error this function will free all allocated memory |
21 | 21 | */ |
22 | static int _dsa_make_params(prng_state *prng, int wprng, int group_size, int modulus_size, void *p, void *q, void *g) | |
22 | static int s_dsa_make_params(prng_state *prng, int wprng, int group_size, int modulus_size, void *p, void *q, void *g) | |
23 | 23 | { |
24 | 24 | unsigned long L, N, n, outbytes, seedbytes, counter, j, i; |
25 | 25 | int err, res, mr_tests_q, mr_tests_p, found_p, found_q, hash; |
216 | 216 | return err; |
217 | 217 | } |
218 | 218 | /* generate params */ |
219 | err = _dsa_make_params(prng, wprng, group_size, modulus_size, key->p, key->q, key->g); | |
219 | err = s_dsa_make_params(prng, wprng, group_size, modulus_size, key->p, key->q, key->g); | |
220 | 220 | if (err != CRYPT_OK) { |
221 | 221 | goto cleanup; |
222 | 222 | } |
13 | 13 | typedef i64 gf[16]; |
14 | 14 | |
15 | 15 | static const u8 |
16 | _9[32] = {9}; | |
16 | nine[32] = {9}; | |
17 | 17 | static const gf |
18 | 18 | gf0, |
19 | 19 | gf1 = {1}, |
20 | _121665 = {0xDB41,1}, | |
20 | gf121665 = {0xDB41,1}, | |
21 | 21 | D = {0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203}, |
22 | 22 | D2 = {0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406}, |
23 | 23 | X = {0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169}, |
194 | 194 | Z(a,a,c); |
195 | 195 | S(b,a); |
196 | 196 | Z(c,d,f); |
197 | M(a,c,_121665); | |
197 | M(a,c,gf121665); | |
198 | 198 | A(a,a,d); |
199 | 199 | M(c,c,a); |
200 | 200 | M(a,d,f); |
217 | 217 | |
218 | 218 | int tweetnacl_crypto_scalarmult_base(u8 *q,const u8 *n) |
219 | 219 | { |
220 | return tweetnacl_crypto_scalarmult(q,n,_9); | |
220 | return tweetnacl_crypto_scalarmult(q,n,nine); | |
221 | 221 | } |
222 | 222 | |
223 | 223 | static int tweetnacl_crypto_hash(u8 *out,const u8 *m,u64 n) |
7 | 7 | static const struct { |
8 | 8 | const char *OID; |
9 | 9 | const char *names[6]; |
10 | } _curve_names[] = { | |
10 | } s_curve_names[] = { | |
11 | 11 | #ifdef LTC_ECC_SECP112R1 |
12 | 12 | { |
13 | 13 | "1.3.132.0.6", { "SECP112R1", "ECC-112", NULL } |
184 | 184 | }; |
185 | 185 | |
186 | 186 | /* case-insensitive match + ignore '-', '_', ' ' */ |
187 | static int _name_match(const char *left, const char *right) | |
187 | static int s_name_match(const char *left, const char *right) | |
188 | 188 | { |
189 | 189 | char lc_r, lc_l; |
190 | 190 | |
215 | 215 | |
216 | 216 | *cu = NULL; |
217 | 217 | |
218 | for (i = 0; _curve_names[i].OID != NULL && !OID; i++) { | |
219 | if (XSTRCMP(_curve_names[i].OID, name_or_oid) == 0) { | |
220 | OID = _curve_names[i].OID; | |
218 | for (i = 0; s_curve_names[i].OID != NULL && !OID; i++) { | |
219 | if (XSTRCMP(s_curve_names[i].OID, name_or_oid) == 0) { | |
220 | OID = s_curve_names[i].OID; | |
221 | 221 | } |
222 | for (j = 0; _curve_names[i].names[j] != NULL && !OID; j++) { | |
223 | if (_name_match(_curve_names[i].names[j], name_or_oid)) { | |
224 | OID = _curve_names[i].OID; | |
222 | for (j = 0; s_curve_names[i].names[j] != NULL && !OID; j++) { | |
223 | if (s_name_match(s_curve_names[i].names[j], name_or_oid)) { | |
224 | OID = s_curve_names[i].OID; | |
225 | 225 | } |
226 | 226 | } |
227 | 227 | } |
4 | 4 | |
5 | 5 | #ifdef LTC_MECC |
6 | 6 | |
7 | static int _ecc_import_private_with_oid(const unsigned char *in, unsigned long inlen, ecc_key *key) | |
7 | static int s_ecc_import_private_with_oid(const unsigned char *in, unsigned long inlen, ecc_key *key) | |
8 | 8 | { |
9 | 9 | ltc_asn1_list seq_priv[4], custom[2]; |
10 | 10 | unsigned char bin_xy[2*ECC_MAXSIZE+2], bin_k[ECC_MAXSIZE]; |
38 | 38 | return err; |
39 | 39 | } |
40 | 40 | |
41 | static int _ecc_import_private_with_curve(const unsigned char *in, unsigned long inlen, ecc_key *key) | |
41 | static int s_ecc_import_private_with_curve(const unsigned char *in, unsigned long inlen, ecc_key *key) | |
42 | 42 | { |
43 | 43 | void *prime, *order, *a, *b, *gx, *gy; |
44 | 44 | ltc_asn1_list seq_fieldid[2], seq_curve[3], seq_ecparams[6], seq_priv[4], custom[2]; |
106 | 106 | goto success; |
107 | 107 | } |
108 | 108 | |
109 | if ((err = _ecc_import_private_with_oid(in, inlen, key)) == CRYPT_OK) { | |
109 | if ((err = s_ecc_import_private_with_oid(in, inlen, key)) == CRYPT_OK) { | |
110 | 110 | goto success; |
111 | 111 | } |
112 | 112 | |
113 | err = _ecc_import_private_with_curve(in, inlen, key); | |
113 | err = s_ecc_import_private_with_curve(in, inlen, key); | |
114 | 114 | |
115 | 115 | success: |
116 | 116 | return err; |
16 | 16 | list[LTC_SDFC_temp##__LINE__].pp = P; \ |
17 | 17 | } while (0) |
18 | 18 | |
19 | static int _der_flexi_sequence_cmp(const ltc_asn1_list *flexi, der_flexi_check *check) | |
19 | static int s_der_flexi_sequence_cmp(const ltc_asn1_list *flexi, der_flexi_check *check) | |
20 | 20 | { |
21 | 21 | const ltc_asn1_list *cur; |
22 | 22 | if (flexi->type != LTC_ASN1_SEQUENCE) { |
34 | 34 | return CRYPT_OK; |
35 | 35 | } |
36 | 36 | |
37 | /* NOTE: _der_decode_pkcs8_flexi & related stuff can be shared with rsa_import_pkcs8() */ | |
37 | /* NOTE: s_der_decode_pkcs8_flexi & related stuff can be shared with rsa_import_pkcs8() */ | |
38 | 38 | |
39 | 39 | int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, |
40 | 40 | const void *pwd, unsigned long pwdlen, |
72 | 72 | LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &priv_key); |
73 | 73 | LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); |
74 | 74 | |
75 | if (((err = _der_flexi_sequence_cmp(l, flexi_should)) == CRYPT_OK) && | |
75 | if (((err = s_der_flexi_sequence_cmp(l, flexi_should)) == CRYPT_OK) && | |
76 | 76 | (pk_oid_cmp_with_asn1(pka_ec_oid, seq->child) == CRYPT_OK)) { |
77 | 77 | ltc_asn1_list *version, *field, *point, *point_g, *order, *p_cofactor; |
78 | 78 | |
101 | 101 | if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto LBL_DONE; } |
102 | 102 | if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto LBL_DONE; } |
103 | 103 | } |
104 | else if ((err = _der_flexi_sequence_cmp(seq->child->next, flexi_should)) == CRYPT_OK) { | |
104 | else if ((err = s_der_flexi_sequence_cmp(seq->child->next, flexi_should)) == CRYPT_OK) { | |
105 | 105 | /* CASE 2: explicit curve parameters (AKA long variant): |
106 | 106 | * 0:d=0 hl=3 l= 227 cons: SEQUENCE |
107 | 107 | * 3:d=1 hl=2 l= 1 prim: INTEGER :00 |
3 | 3 | |
4 | 4 | #ifdef LTC_MECC |
5 | 5 | |
6 | static int _ecc_import_x509_with_oid(const unsigned char *in, unsigned long inlen, ecc_key *key) | |
6 | static int s_ecc_import_x509_with_oid(const unsigned char *in, unsigned long inlen, ecc_key *key) | |
7 | 7 | { |
8 | 8 | unsigned char bin_xy[2*ECC_MAXSIZE+2]; |
9 | 9 | unsigned long curveoid[16]; |
29 | 29 | return err; |
30 | 30 | } |
31 | 31 | |
32 | static int _ecc_import_x509_with_curve(const unsigned char *in, unsigned long inlen, ecc_key *key) | |
32 | static int s_ecc_import_x509_with_curve(const unsigned char *in, unsigned long inlen, ecc_key *key) | |
33 | 33 | { |
34 | 34 | void *prime, *order, *a, *b, *gx, *gy; |
35 | 35 | ltc_asn1_list seq_fieldid[2], seq_curve[3], seq_ecparams[6]; |
86 | 86 | { |
87 | 87 | int err; |
88 | 88 | |
89 | if ((err = _ecc_import_x509_with_oid(in, inlen, key)) == CRYPT_OK) { | |
89 | if ((err = s_ecc_import_x509_with_oid(in, inlen, key)) == CRYPT_OK) { | |
90 | 90 | goto success; |
91 | 91 | } |
92 | 92 | |
93 | err = _ecc_import_x509_with_curve(in, inlen, key); | |
93 | err = s_ecc_import_x509_with_curve(in, inlen, key); | |
94 | 94 | |
95 | 95 | success: |
96 | 96 | return err; |
105 | 105 | */ |
106 | 106 | int ecc_import_x509(const unsigned char *in, unsigned long inlen, ecc_key *key) |
107 | 107 | { |
108 | return x509_decode_public_key_from_certificate(in, inlen, PKA_EC, LTC_ASN1_EOL, NULL, NULL, NULL, key); | |
108 | return x509_decode_public_key_from_certificate(in, inlen, | |
109 | PKA_EC, | |
110 | LTC_ASN1_EOL, NULL, NULL, | |
111 | (public_key_decode_cb)ecc_import_subject_public_key_info, key); | |
109 | 112 | } |
110 | 113 | |
111 | 114 | #endif /* LTC_MECC */ |
4 | 4 | |
5 | 5 | #ifdef LTC_MECC |
6 | 6 | |
7 | static int _ecc_cmp_hex_bn(const char *left_hex, void *right_bn, void *tmp_bn) | |
7 | static int s_ecc_cmp_hex_bn(const char *left_hex, void *right_bn, void *tmp_bn) | |
8 | 8 | { |
9 | 9 | if (mp_read_radix(tmp_bn, left_hex, 16) != CRYPT_OK) return 0; |
10 | 10 | if (mp_cmp(tmp_bn, right_bn) != LTC_MP_EQ) return 0; |
11 | 11 | return 1; |
12 | 12 | } |
13 | 13 | |
14 | static void _ecc_oid_lookup(ecc_key *key) | |
14 | static void s_ecc_oid_lookup(ecc_key *key) | |
15 | 15 | { |
16 | 16 | void *bn; |
17 | 17 | const ltc_ecc_curve *curve; |
19 | 19 | key->dp.oidlen = 0; |
20 | 20 | if (mp_init(&bn) != CRYPT_OK) return; |
21 | 21 | for (curve = ltc_ecc_curves; curve->prime != NULL; curve++) { |
22 | if (_ecc_cmp_hex_bn(curve->prime, key->dp.prime, bn) != 1) continue; | |
23 | if (_ecc_cmp_hex_bn(curve->order, key->dp.order, bn) != 1) continue; | |
24 | if (_ecc_cmp_hex_bn(curve->A, key->dp.A, bn) != 1) continue; | |
25 | if (_ecc_cmp_hex_bn(curve->B, key->dp.B, bn) != 1) continue; | |
26 | if (_ecc_cmp_hex_bn(curve->Gx, key->dp.base.x, bn) != 1) continue; | |
27 | if (_ecc_cmp_hex_bn(curve->Gy, key->dp.base.y, bn) != 1) continue; | |
22 | if (s_ecc_cmp_hex_bn(curve->prime, key->dp.prime, bn) != 1) continue; | |
23 | if (s_ecc_cmp_hex_bn(curve->order, key->dp.order, bn) != 1) continue; | |
24 | if (s_ecc_cmp_hex_bn(curve->A, key->dp.A, bn) != 1) continue; | |
25 | if (s_ecc_cmp_hex_bn(curve->B, key->dp.B, bn) != 1) continue; | |
26 | if (s_ecc_cmp_hex_bn(curve->Gx, key->dp.base.x, bn) != 1) continue; | |
27 | if (s_ecc_cmp_hex_bn(curve->Gy, key->dp.base.y, bn) != 1) continue; | |
28 | 28 | if (key->dp.cofactor != curve->cofactor) continue; |
29 | 29 | break; /* found */ |
30 | 30 | } |
65 | 65 | for (i = 0; i < key->dp.oidlen; i++) key->dp.oid[i] = srckey->dp.oid[i]; |
66 | 66 | } |
67 | 67 | else { |
68 | _ecc_oid_lookup(key); /* try to find OID in ltc_ecc_curves */ | |
68 | s_ecc_oid_lookup(key); /* try to find OID in ltc_ecc_curves */ | |
69 | 69 | } |
70 | 70 | /* success */ |
71 | 71 | return CRYPT_OK; |
106 | 106 | key->dp.cofactor = cofactor; |
107 | 107 | key->dp.size = mp_unsigned_bin_size(prime); |
108 | 108 | /* try to find OID in ltc_ecc_curves */ |
109 | _ecc_oid_lookup(key); | |
109 | s_ecc_oid_lookup(key); | |
110 | 110 | /* success */ |
111 | 111 | return CRYPT_OK; |
112 | 112 |
6 | 6 | Curve/OID to SSH+ECDSA name string mapping per RFC5656 |
7 | 7 | Russ Williams |
8 | 8 | */ |
9 | ||
10 | #ifdef LTC_SSH | |
9 | 11 | |
10 | 12 | /** |
11 | 13 | Curve/OID to SSH+ECDSA name string mapping |
59 | 61 | return err; |
60 | 62 | } |
61 | 63 | |
64 | #endif |
8 | 8 | |
9 | 9 | #ifdef LTC_CURVE25519 |
10 | 10 | |
11 | static int _ed25519_decode(const unsigned char *in, unsigned long inlen, curve25519_key *key) | |
11 | static int s_ed25519_decode(const unsigned char *in, unsigned long inlen, curve25519_key *key) | |
12 | 12 | { |
13 | 13 | if (inlen != sizeof(key->pub)) return CRYPT_PK_INVALID_SIZE; |
14 | 14 | XMEMCPY(key->pub, in, sizeof(key->pub)); |
32 | 32 | if ((err = x509_decode_public_key_from_certificate(in, inlen, |
33 | 33 | PKA_ED25519, |
34 | 34 | LTC_ASN1_EOL, NULL, NULL, |
35 | (public_key_decode_cb)_ed25519_decode, key)) != CRYPT_OK) { | |
35 | (public_key_decode_cb)s_ed25519_decode, key)) != CRYPT_OK) { | |
36 | 36 | return err; |
37 | 37 | } |
38 | 38 | key->type = PK_PUBLIC; |
8 | 8 | |
9 | 9 | #ifdef LTC_MRSA |
10 | 10 | |
11 | static int _rsa_decode(const unsigned char *in, unsigned long inlen, rsa_key *key) | |
11 | static int s_rsa_decode(const unsigned char *in, unsigned long inlen, rsa_key *key) | |
12 | 12 | { |
13 | 13 | /* now it should be SEQUENCE { INTEGER, INTEGER } */ |
14 | 14 | return der_decode_sequence_multi(in, inlen, |
40 | 40 | if ((err = x509_decode_public_key_from_certificate(in, inlen, |
41 | 41 | PKA_RSA, LTC_ASN1_NULL, |
42 | 42 | NULL, NULL, |
43 | (public_key_decode_cb)_rsa_decode, key)) != CRYPT_OK) { | |
43 | (public_key_decode_cb)s_rsa_decode, key)) != CRYPT_OK) { | |
44 | 44 | rsa_free(key); |
45 | 45 | } else { |
46 | 46 | key->type = PK_PUBLIC; |
10 | 10 | #ifdef LTC_MRSA |
11 | 11 | #include <stdarg.h> |
12 | 12 | |
13 | static void _mpi_shrink_multi(void **a, ...) | |
13 | static void s_mpi_shrink_multi(void **a, ...) | |
14 | 14 | { |
15 | 15 | void **cur; |
16 | 16 | unsigned n; |
75 | 75 | void rsa_shrink_key(rsa_key *key) |
76 | 76 | { |
77 | 77 | LTC_ARGCHKVD(key != NULL); |
78 | _mpi_shrink_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL); | |
78 | s_mpi_shrink_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL); | |
79 | 79 | } |
80 | 80 | |
81 | 81 | /** |
8 | 8 | |
9 | 9 | #ifdef LTC_CURVE25519 |
10 | 10 | |
11 | static int _x25519_decode(const unsigned char *in, unsigned long inlen, curve25519_key *key) | |
11 | static int s_x25519_decode(const unsigned char *in, unsigned long inlen, curve25519_key *key) | |
12 | 12 | { |
13 | 13 | if (inlen != sizeof(key->pub)) return CRYPT_PK_INVALID_SIZE; |
14 | 14 | XMEMCPY(key->pub, in, sizeof(key->pub)); |
32 | 32 | if ((err = x509_decode_public_key_from_certificate(in, inlen, |
33 | 33 | PKA_X25519, |
34 | 34 | LTC_ASN1_EOL, NULL, NULL, |
35 | (public_key_decode_cb)_x25519_decode, key)) != CRYPT_OK) { | |
35 | (public_key_decode_cb)s_x25519_decode, key)) != CRYPT_OK) { | |
36 | 36 | return err; |
37 | 37 | } |
38 | 38 | key->type = PK_PUBLIC; |
143 | 143 | @param prng The PRNG to export |
144 | 144 | @return CRYPT_OK if successful |
145 | 145 | */ |
146 | _LTC_PRNG_EXPORT(chacha20_prng) | |
146 | LTC_PRNG_EXPORT(chacha20_prng) | |
147 | 147 | |
148 | 148 | /** |
149 | 149 | Import a PRNG state |
52 | 52 | }; |
53 | 53 | |
54 | 54 | /* update the IV */ |
55 | static void _fortuna_update_iv(prng_state *prng) | |
55 | static void s_fortuna_update_iv(prng_state *prng) | |
56 | 56 | { |
57 | 57 | int x; |
58 | 58 | unsigned char *IV; |
66 | 66 | |
67 | 67 | #ifdef LTC_FORTUNA_RESEED_RATELIMIT_TIMED |
68 | 68 | /* get the current time in 100ms steps */ |
69 | static ulong64 _fortuna_current_time(void) | |
69 | static ulong64 s_fortuna_current_time(void) | |
70 | 70 | { |
71 | 71 | ulong64 cur_time; |
72 | 72 | #if defined(_WIN32) |
92 | 92 | #endif |
93 | 93 | |
94 | 94 | /* reseed the PRNG */ |
95 | static int _fortuna_reseed(prng_state *prng) | |
95 | static int s_fortuna_reseed(prng_state *prng) | |
96 | 96 | { |
97 | 97 | unsigned char tmp[MAXBLOCKSIZE]; |
98 | 98 | hash_state md; |
100 | 100 | int err, x; |
101 | 101 | |
102 | 102 | #ifdef LTC_FORTUNA_RESEED_RATELIMIT_TIMED |
103 | ulong64 now = _fortuna_current_time(); | |
103 | ulong64 now = s_fortuna_current_time(); | |
104 | 104 | if (now == prng->u.fortuna.wd) { |
105 | 105 | return CRYPT_OK; |
106 | 106 | } |
148 | 148 | if ((err = rijndael_setup(prng->u.fortuna.K, 32, 0, &prng->u.fortuna.skey)) != CRYPT_OK) { |
149 | 149 | return err; |
150 | 150 | } |
151 | _fortuna_update_iv(prng); | |
151 | s_fortuna_update_iv(prng); | |
152 | 152 | |
153 | 153 | /* reset/update internals */ |
154 | 154 | prng->u.fortuna.pool0_len = 0; |
197 | 197 | if ((err = sha256_done(&md, prng->u.fortuna.K)) != CRYPT_OK) { |
198 | 198 | goto LBL_UNLOCK; |
199 | 199 | } |
200 | _fortuna_update_iv(prng); | |
200 | s_fortuna_update_iv(prng); | |
201 | 201 | |
202 | 202 | LBL_UNLOCK: |
203 | 203 | LTC_MUTEX_UNLOCK(&prng->lock); |
248 | 248 | return CRYPT_OK; |
249 | 249 | } |
250 | 250 | |
251 | static int _fortuna_add(unsigned long source, unsigned long pool, const unsigned char *in, unsigned long inlen, prng_state *prng) | |
251 | static int s_fortuna_add(unsigned long source, unsigned long pool, const unsigned char *in, unsigned long inlen, prng_state *prng) | |
252 | 252 | { |
253 | 253 | unsigned char tmp[2]; |
254 | 254 | int err; |
295 | 295 | |
296 | 296 | LTC_MUTEX_LOCK(&prng->lock); |
297 | 297 | |
298 | err = _fortuna_add(source, pool, in, inlen, prng); | |
298 | err = s_fortuna_add(source, pool, in, inlen, prng); | |
299 | 299 | |
300 | 300 | LTC_MUTEX_UNLOCK(&prng->lock); |
301 | 301 | |
319 | 319 | |
320 | 320 | LTC_MUTEX_LOCK(&prng->lock); |
321 | 321 | |
322 | err = _fortuna_add(0, prng->u.fortuna.pool_idx, in, inlen, prng); | |
322 | err = s_fortuna_add(0, prng->u.fortuna.pool_idx, in, inlen, prng); | |
323 | 323 | |
324 | 324 | if (err == CRYPT_OK) { |
325 | 325 | ++(prng->u.fortuna.pool_idx); |
345 | 345 | /* make sure the reseed doesn't fail because |
346 | 346 | * of the chosen rate limit */ |
347 | 347 | #ifdef LTC_FORTUNA_RESEED_RATELIMIT_TIMED |
348 | prng->u.fortuna.wd = _fortuna_current_time() - 1; | |
348 | prng->u.fortuna.wd = s_fortuna_current_time() - 1; | |
349 | 349 | #else |
350 | 350 | prng->u.fortuna.wd = LTC_FORTUNA_WD; |
351 | 351 | #endif |
352 | err = _fortuna_reseed(prng); | |
352 | err = s_fortuna_reseed(prng); | |
353 | 353 | prng->ready = (err == CRYPT_OK) ? 1 : 0; |
354 | 354 | |
355 | 355 | LTC_MUTEX_UNLOCK(&prng->lock); |
378 | 378 | |
379 | 379 | /* do we have to reseed? */ |
380 | 380 | if (prng->u.fortuna.pool0_len >= 64) { |
381 | if (_fortuna_reseed(prng) != CRYPT_OK) { | |
381 | if (s_fortuna_reseed(prng) != CRYPT_OK) { | |
382 | 382 | goto LBL_UNLOCK; |
383 | 383 | } |
384 | 384 | } |
397 | 397 | rijndael_ecb_encrypt(prng->u.fortuna.IV, out, &prng->u.fortuna.skey); |
398 | 398 | out += 16; |
399 | 399 | outlen -= 16; |
400 | _fortuna_update_iv(prng); | |
400 | s_fortuna_update_iv(prng); | |
401 | 401 | } |
402 | 402 | |
403 | 403 | /* left over bytes? */ |
404 | 404 | if (outlen > 0) { |
405 | 405 | rijndael_ecb_encrypt(prng->u.fortuna.IV, tmp, &prng->u.fortuna.skey); |
406 | 406 | XMEMCPY(out, tmp, outlen); |
407 | _fortuna_update_iv(prng); | |
407 | s_fortuna_update_iv(prng); | |
408 | 408 | } |
409 | 409 | |
410 | 410 | /* generate new key */ |
411 | 411 | rijndael_ecb_encrypt(prng->u.fortuna.IV, prng->u.fortuna.K , &prng->u.fortuna.skey); |
412 | _fortuna_update_iv(prng); | |
412 | s_fortuna_update_iv(prng); | |
413 | 413 | |
414 | 414 | rijndael_ecb_encrypt(prng->u.fortuna.IV, prng->u.fortuna.K+16, &prng->u.fortuna.skey); |
415 | _fortuna_update_iv(prng); | |
415 | s_fortuna_update_iv(prng); | |
416 | 416 | |
417 | 417 | if (rijndael_setup(prng->u.fortuna.K, 32, 0, &prng->u.fortuna.skey) != CRYPT_OK) { |
418 | 418 | tlen = 0; |
466 | 466 | @param prng The PRNG to export |
467 | 467 | @return CRYPT_OK if successful |
468 | 468 | */ |
469 | _LTC_PRNG_EXPORT(fortuna) | |
469 | LTC_PRNG_EXPORT(fortuna) | |
470 | 470 | |
471 | 471 | /** |
472 | 472 | Import a PRNG state |
146 | 146 | @param prng The PRNG to export |
147 | 147 | @return CRYPT_OK if successful |
148 | 148 | */ |
149 | _LTC_PRNG_EXPORT(rc4) | |
149 | LTC_PRNG_EXPORT(rc4) | |
150 | 150 | |
151 | 151 | /** |
152 | 152 | Import a PRNG state |
9 | 9 | |
10 | 10 | #if defined(LTC_DEVRANDOM) && !defined(_WIN32) |
11 | 11 | /* on *NIX read /dev/random */ |
12 | static unsigned long _rng_nix(unsigned char *buf, unsigned long len, | |
12 | static unsigned long s_rng_nix(unsigned char *buf, unsigned long len, | |
13 | 13 | void (*callback)(void)) |
14 | 14 | { |
15 | 15 | #ifdef LTC_NO_FILE |
52 | 52 | |
53 | 53 | #define ANSI_RNG |
54 | 54 | |
55 | static unsigned long _rng_ansic(unsigned char *buf, unsigned long len, | |
55 | static unsigned long s_rng_ansic(unsigned char *buf, unsigned long len, | |
56 | 56 | void (*callback)(void)) |
57 | 57 | { |
58 | 58 | clock_t t1; |
93 | 93 | #include <windows.h> |
94 | 94 | #include <wincrypt.h> |
95 | 95 | |
96 | static unsigned long _rng_win32(unsigned char *buf, unsigned long len, | |
96 | static unsigned long s_rng_win32(unsigned char *buf, unsigned long len, | |
97 | 97 | void (*callback)(void)) |
98 | 98 | { |
99 | 99 | HCRYPTPROV hProv = 0; |
139 | 139 | #endif |
140 | 140 | |
141 | 141 | #if defined(_WIN32) || defined(_WIN32_WCE) |
142 | x = _rng_win32(out, outlen, callback); if (x != 0) { return x; } | |
142 | x = s_rng_win32(out, outlen, callback); if (x != 0) { return x; } | |
143 | 143 | #elif defined(LTC_DEVRANDOM) |
144 | x = _rng_nix(out, outlen, callback); if (x != 0) { return x; } | |
144 | x = s_rng_nix(out, outlen, callback); if (x != 0) { return x; } | |
145 | 145 | #endif |
146 | 146 | #ifdef ANSI_RNG |
147 | x = _rng_ansic(out, outlen, callback); if (x != 0) { return x; } | |
147 | x = s_rng_ansic(out, outlen, callback); if (x != 0) { return x; } | |
148 | 148 | #endif |
149 | 149 | return 0; |
150 | 150 | } |
145 | 145 | @param prng The PRNG to export |
146 | 146 | @return CRYPT_OK if successful |
147 | 147 | */ |
148 | _LTC_PRNG_EXPORT(sober128) | |
148 | LTC_PRNG_EXPORT(sober128) | |
149 | 149 | |
150 | 150 | /** |
151 | 151 | Import a PRNG state |
266 | 266 | @param prng The PRNG to export |
267 | 267 | @return CRYPT_OK if successful |
268 | 268 | */ |
269 | _LTC_PRNG_EXPORT(yarrow) | |
269 | LTC_PRNG_EXPORT(yarrow) | |
270 | 270 | |
271 | 271 | /** |
272 | 272 | Import a PRNG state |
15 | 15 | x[a] += x[b]; x[d] = ROL(x[d] ^ x[a], 8); \ |
16 | 16 | x[c] += x[d]; x[b] = ROL(x[b] ^ x[c], 7); |
17 | 17 | |
18 | static void _chacha_block(unsigned char *output, const ulong32 *input, int rounds) | |
18 | static void s_chacha_block(unsigned char *output, const ulong32 *input, int rounds) | |
19 | 19 | { |
20 | 20 | ulong32 x[16]; |
21 | 21 | int i; |
65 | 65 | in += j; |
66 | 66 | } |
67 | 67 | for (;;) { |
68 | _chacha_block(buf, st->input, st->rounds); | |
68 | s_chacha_block(buf, st->input, st->rounds); | |
69 | 69 | if (st->ivlen == 8) { |
70 | 70 | /* IV-64bit, increment 64bit counter */ |
71 | 71 | if (0 == ++st->input[12] && 0 == ++st->input[13]) return CRYPT_OVERFLOW; |
60 | 60 | #ifdef LTC_RABBIT |
61 | 61 | |
62 | 62 | /* local/private prototypes (NB: rabbit_ctx and rabbit_state are different) */ |
63 | static LTC_INLINE ulong32 _rabbit_g_func(ulong32 x); | |
64 | static LTC_INLINE void _rabbit_next_state(rabbit_ctx *p_instance); | |
65 | static LTC_INLINE void _rabbit_gen_1_block(rabbit_state* st, unsigned char *out); | |
63 | static LTC_INLINE ulong32 ss_rabbit_g_func(ulong32 x); | |
64 | static LTC_INLINE void ss_rabbit_next_state(rabbit_ctx *p_instance); | |
65 | static LTC_INLINE void ss_rabbit_gen_1_block(rabbit_state* st, unsigned char *out); | |
66 | 66 | |
67 | 67 | /* -------------------------------------------------------------------------- */ |
68 | 68 | |
69 | 69 | /* Square a 32-bit unsigned integer to obtain the 64-bit result and return */ |
70 | 70 | /* the upper 32 bits XOR the lower 32 bits */ |
71 | static LTC_INLINE ulong32 _rabbit_g_func(ulong32 x) | |
71 | static LTC_INLINE ulong32 ss_rabbit_g_func(ulong32 x) | |
72 | 72 | { |
73 | 73 | ulong32 a, b, h, l; |
74 | 74 | |
87 | 87 | /* -------------------------------------------------------------------------- */ |
88 | 88 | |
89 | 89 | /* Calculate the next internal state */ |
90 | static LTC_INLINE void _rabbit_next_state(rabbit_ctx *p_instance) | |
90 | static LTC_INLINE void ss_rabbit_next_state(rabbit_ctx *p_instance) | |
91 | 91 | { |
92 | 92 | ulong32 g[8], c_old[8], i; |
93 | 93 | |
109 | 109 | |
110 | 110 | /* Calculate the g-values */ |
111 | 111 | for (i=0;i<8;i++) { |
112 | g[i] = _rabbit_g_func((ulong32)(p_instance->x[i] + p_instance->c[i])); | |
112 | g[i] = ss_rabbit_g_func((ulong32)(p_instance->x[i] + p_instance->c[i])); | |
113 | 113 | } |
114 | 114 | |
115 | 115 | /* Calculate new state values */ |
125 | 125 | |
126 | 126 | /* ------------------------------------------------------------------------- */ |
127 | 127 | |
128 | static LTC_INLINE void _rabbit_gen_1_block(rabbit_state* st, unsigned char *out) | |
128 | static LTC_INLINE void ss_rabbit_gen_1_block(rabbit_state* st, unsigned char *out) | |
129 | 129 | { |
130 | 130 | ulong32 *ptr; |
131 | 131 | |
132 | 132 | /* Iterate the work context once */ |
133 | _rabbit_next_state(&(st->work_ctx)); | |
133 | ss_rabbit_next_state(&(st->work_ctx)); | |
134 | 134 | |
135 | 135 | /* Generate 16 bytes of pseudo-random data */ |
136 | 136 | ptr = (ulong32*)&(st->work_ctx.x); |
194 | 194 | |
195 | 195 | /* Iterate the master context four times */ |
196 | 196 | for (i=0; i<4; i++) { |
197 | _rabbit_next_state(&(st->master_ctx)); | |
197 | ss_rabbit_next_state(&(st->master_ctx)); | |
198 | 198 | } |
199 | 199 | |
200 | 200 | /* Modify the counters */ |
254 | 254 | |
255 | 255 | /* Iterate the work context four times */ |
256 | 256 | for (i=0; i<4; i++) { |
257 | _rabbit_next_state(&(st->work_ctx)); | |
257 | ss_rabbit_next_state(&(st->work_ctx)); | |
258 | 258 | } |
259 | 259 | |
260 | 260 | /* reset keystream buffer and unused count */ |
288 | 288 | } |
289 | 289 | for (;;) { |
290 | 290 | /* gen a block for buf */ |
291 | _rabbit_gen_1_block(st, buf); | |
291 | ss_rabbit_gen_1_block(st, buf); | |
292 | 292 | if (inlen <= 16) { |
293 | 293 | /* XOR and send to out */ |
294 | 294 | for (i = 0; i < inlen; ++i) out[i] = in[i] ^ buf[i]; |
16 | 16 | x[d] ^= (ROL((x[c] + x[b]), 13)); \ |
17 | 17 | x[a] ^= (ROL((x[d] + x[c]), 18)); |
18 | 18 | |
19 | static void _salsa20_block(unsigned char *output, const ulong32 *input, int rounds) | |
19 | static void s_salsa20_block(unsigned char *output, const ulong32 *input, int rounds) | |
20 | 20 | { |
21 | 21 | ulong32 x[16]; |
22 | 22 | int i; |
66 | 66 | in += j; |
67 | 67 | } |
68 | 68 | for (;;) { |
69 | _salsa20_block(buf, st->input, st->rounds); | |
69 | s_salsa20_block(buf, st->input, st->rounds); | |
70 | 70 | /* Salsa20: 64-bit IV, increment 64-bit counter */ |
71 | 71 | if (0 == ++st->input[8] && 0 == ++st->input[9]) return CRYPT_OVERFLOW; |
72 | 72 | if (inlen <= 64) { |
20 | 20 | x[a] ^= (ROL((x[d] + x[c]), 18)); |
21 | 21 | |
22 | 22 | /* use modified salsa20 doubleround (no final addition as in salsa20) */ |
23 | static void _xsalsa20_doubleround(ulong32 *x, int rounds) | |
23 | static void s_xsalsa20_doubleround(ulong32 *x, int rounds) | |
24 | 24 | { |
25 | 25 | int i; |
26 | 26 | |
86 | 86 | LOAD32L(x[ 9], nonce + 12); |
87 | 87 | |
88 | 88 | /* use modified salsa20 doubleround (no final addition) */ |
89 | _xsalsa20_doubleround(x, rounds); | |
89 | s_xsalsa20_doubleround(x, rounds); | |
90 | 90 | |
91 | 91 | /* extract the subkey */ |
92 | 92 | for (i = 0; i < 8; ++i) { |
9 | 9 | |
10 | 10 | #ifdef LTC_SOBER128 |
11 | 11 | |
12 | #define __LTC_SOBER128TAB_C__ | |
12 | #define LTC_SOBER128TAB_C | |
13 | 13 | #include "sober128tab.c" |
14 | 14 | |
15 | 15 | /* don't change these... */ |
5 | 5 | SOBER-128 Tables |
6 | 6 | */ |
7 | 7 | |
8 | #ifdef __LTC_SOBER128TAB_C__ | |
8 | #ifdef LTC_SOBER128TAB_C | |
9 | 9 | |
10 | 10 | /* $ID$ */ |
11 | 11 | /* @(#)TuringMultab.h 1.3 (QUALCOMM) 02/09/03 */ |
162 | 162 | 0xf9e6053f, 0xa4b0d300, 0xd499cbcc, 0xb95e3d40, |
163 | 163 | }; |
164 | 164 | |
165 | #endif /* __LTC_SOBER128TAB_C__ */ | |
165 | #endif /* LTC_SOBER128TAB_C */ |
578 | 578 | * Compute the next block of bits of output stream. This is equivalent |
579 | 579 | * to one full rotation of the shift register. |
580 | 580 | */ |
581 | static LTC_INLINE void _sosemanuk_internal(sosemanuk_state *st) | |
581 | static LTC_INLINE void s_sosemanuk_internal(sosemanuk_state *st) | |
582 | 582 | { |
583 | 583 | /* |
584 | 584 | * MUL_A(x) computes alpha * x (in F_{2^32}). |
716 | 716 | * or in2[] is not allowed. Total overlap (out == in1 and/or out == in2) |
717 | 717 | * is allowed. |
718 | 718 | */ |
719 | static LTC_INLINE void _xorbuf(const unsigned char *in1, const unsigned char *in2, | |
719 | static LTC_INLINE void s_xorbuf(const unsigned char *in1, const unsigned char *in2, | |
720 | 720 | unsigned char *out, unsigned long datalen) |
721 | 721 | { |
722 | 722 | while (datalen -- > 0) { |
749 | 749 | if (rlen > inlen) { |
750 | 750 | rlen = inlen; |
751 | 751 | } |
752 | _xorbuf(st->buf + st->ptr, in, out, rlen); | |
752 | s_xorbuf(st->buf + st->ptr, in, out, rlen); | |
753 | 753 | in += rlen; |
754 | 754 | out += rlen; |
755 | 755 | inlen -= rlen; |
756 | 756 | st->ptr += rlen; |
757 | 757 | } |
758 | 758 | while (inlen > 0) { |
759 | _sosemanuk_internal(st); | |
759 | s_sosemanuk_internal(st); | |
760 | 760 | if (inlen >= sizeof(st->buf)) { |
761 | _xorbuf(st->buf, in, out, sizeof(st->buf)); | |
761 | s_xorbuf(st->buf, in, out, sizeof(st->buf)); | |
762 | 762 | in += sizeof(st->buf); |
763 | 763 | out += sizeof(st->buf); |
764 | 764 | inlen -= sizeof(st->buf); |
765 | 765 | } else { |
766 | _xorbuf(st->buf, in, out, inlen); | |
766 | s_xorbuf(st->buf, in, out, inlen); | |
767 | 767 | st->ptr = inlen; |
768 | 768 | inlen = 0; |
769 | 769 | } |