oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

rename des to hcrypto

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20466 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-04-20 08:29:05 +00:00
parent 8246986cda
commit 7ba2b2006c
121 changed files with 103 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/hcrypto/.cvsignore Normal file
View File

@@ -0,0 +1 @@
Makefile.in

974
lib/hcrypto/ChangeLog Normal file
View File

@@ -0,0 +1,974 @@
2007-04-20 Love H<>rnquist <20>strand <lha@it.su.se>
* test_crypto.in: try generate a couple of rsa keys of
diffrent (random) sizes, spelling.
* test_rsa.c: try generate a couple of rsa keys of
diffrent (random) sizes.
2007-04-19 Love H<>rnquist <20>strand <lha@it.su.se>
* mdtest.c: stop leaking memory
* test_imath.c: fix warnings, make test into function.
* test_imath.c: shortest program causing the problem.
* test_imath.c: basic imath test
2007-04-18 Love H<>rnquist <20>strand <lha@it.su.se>
* test_cipher.c (test_cipher): avoid leaking memory
2007-04-17 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa.c: plug memory leak
2007-04-16 Love H<>rnquist <20>strand <lha@it.su.se>
* Makefile.am: CLEANFILES += test.file
2007-04-15 Love H<>rnquist <20>strand <lha@it.su.se>
* Makefile.am: Add randi.h.
2007-04-11 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa.c: spelling.
2007-02-01 Love H<>rnquist <20>strand <lha@it.su.se>
* rand.c: Name the random file ~/.rnd, this is the same as
OpenSSL.
2007-01-31 Love H<>rnquist <20>strand <lha@it.su.se>
* rand-egd.c: Make get_bytes static.
* rand.c (RAND_write_file): default to failure.
2007-01-30 Love H<>rnquist <20>strand <lha@it.su.se>
* rand.c: Implement RAND_file_name.
* test_rand.c: test RAND_file_name().
* rand.c: Provide dummy implementation of RAND_file_name.
* rand.h: add RAND_file_name
2007-01-21 Love H<>rnquist <20>strand <lha@it.su.se>
* Makefile.am: clean more files
* rand-egd.c: access private functions though the RAND_METHOD
switch, move global egd function to rand-egd.c
* rand-fortuna.c: access private functions though the RAND_METHOD
switch
* rand-unix.c: unexport private functions.
* randi.h: Unexport internal functions.
* rand.c: access private functions though the RAND_METHOD switch,
don't truncate the seed-file, move global egd function to
rand-egd.c
* test_crypto.in: add basic random tests
* rand-egd.c: SGI cc doesn' like return void_returning_function();
in a void returning function.
2007-01-20 Love H<>rnquist <20>strand <lha@it.su.se>
* test_rand.c: Allow select rand method.
* rand-unix.c: expose _hc_rand_unix_status
* randi.h: expose _hc_rand_unix_status and the internal
RAND_METHODs
* rand.c: Implement RAND_load_file and RAND_write_file. Select
UNIX random device if available, otherwise use Fortuna.
* Add EGD/PRNGD support
2007-01-17 Love H<>rnquist <20>strand <lha@it.su.se>
* fortuna: Add fortuna based on Marko Kreen's pgcrypt, no enabled yet
2007-01-11 Love H<>rnquist <20>strand <lha@it.su.se>
* test_rsa.c: if RAND is unhappy, don't run the tests.
* test_engine_dso.c: if RAND is unhappy, don't run the tests.
* imath/imath.c: Update to imath-1.8 from Michael Fromberger
Fixed a bug in s_udiv() affecting the computation of quotient
digits. Thanks to Love <20>strand for isolating this bug. Also in
this release, defining USELLONG=Y or USELLONG=N on the command
line for make will switch support for the "long long" data type on
or off without having to edit the Makefile. The default is still
to permit use of "long long", even though the type is not standard
ANSI C90.
* imath/imath.c (s_udiv): Allocate one more for q, remove debug
printfs
2007-01-10 Love H<>rnquist <20>strand <lha@it.su.se>
* imath/imath.c (s_udiv): make a copy of a and b before we start
to make sure there is something un-tainted to print in cause of
failure. XXX remove this delta
(s_embar): make static
2007-01-09 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa.c: Correct the test if the rsa is a complete RSA private
key.
2007-01-08 Love H<>rnquist <20>strand <lha@it.su.se>
* imath/imath.c: More verbose debugging in case of assertion
failure. XXX temporary for AIX problem.
2007-01-06 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa-imath.c: Fix a silly typo, and with that enable CRT since
now it works.
* rsa-imath.c: With this crt works, but something is wrong in the
key generation, so keep it turned off for now.
* test_rsa.c: Allow testing effect of key-blinding
* test_rsa.c: Add timing info to rsa keygen.
* rsa-imath.c: don't include <imath/rsamath.h>
2007-01-05 Love H<>rnquist <20>strand <lha@it.su.se>
* imath: prune off stuff we dont use
* imath/import.sh: Prune off stuff we don't use from imathsource
* Makefile.am: Prune off stuff we don't use from imathsource
* rsa-imath.c: Use mp_int_exptmod directly.
* imath/iprime.c: Use a larger table of small primes, cut down
genenration in best cases to half compared to using a small table.
* rsa.h: add RSA_FLAG_NO_BLINDING
* rsa-imath.c: Add keyblinding, add a commented out CRT based RSA.
* rsa.c: Add iqmp.
2007-01-04 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa.c: add missing ;
* rsa.c: Add i2d_RSAPrivateKey.
* rsa.h: Add i2d_RSAPrivateKey.
* test_rsa.c: test RSA_generate_key_ex
* rsa-imath.c: Add imath_rsa_generate_key.
2006-12-31 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa.c: add RSA_generate_key_ex
* rsa.h: add RSA_generate_key_ex
2006-12-07 Love H<>rnquist <20>strand <lha@it.su.se>
* Makefile.am: CLEANFILES += test_crypto
2006-12-06 Love H<>rnquist <20>strand <lha@it.su.se>
* Makefile.am: Add rsakey.der to EXTRA_DIST.
2006-12-05 Love H<>rnquist <20>strand <lha@it.su.se>
* Makefile.am: Add test_crypto.in to EXTRA_DIST.
* test_crypto.in: Add more spaces to allow sh to parse this
* test_rsa.c: Explain what the fixed "sha1" checksum test tries to
test.
* test_crypto.in: test rsa, dh and engine code
2006-12-04 Love H<>rnquist <20>strand <lha@it.su.se>
* Makefile.am: rsa and crypto engine test cases
* test_rsa.c: Make faster and less verbose
* rsakey.der: test rsa key
* test_rsa.c: Test rsa operations
* rsa-imath.c: Fix the rsa-decrypt failed case that been hauting
me for a while.
2006-12-02 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa-imath.c: Use mp_int_to_binary to encode bignums
* rsa-imath.c: Check if header is there
2006-11-27 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa-imath.c: Return -1 for failure.
* rsa-imath.c: Its ok with smaller signatures.
* rsa-imath.c: Split error codes for now
2006-10-22 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa.c: Try to not leak memory.
2006-10-21 Love H<>rnquist <20>strand <lha@it.su.se>
* rand-unix.c (unix_bytes): read until the other side give us all
or fail.
* imath: import imath-1.7, fixes buffer overrun problems
* rsa.c (RSA_free): free the whole key
* test_engine_dso.c: Add more dh tests.
2006-10-20 Love H<>rnquist <20>strand <lha@it.su.se>
* imath/imath.c: Allocate more bits.
* dh-imath.c (dh_compute_key): fix signness test
* dh-imath.c: Try harder to generate a good keypair.
* dh-imath.c: Return -1 dh_compute_key on failure, pointed out by
Olga Kornievskaia.
2006-10-19 Love H<>rnquist <20>strand <lha@it.su.se>
* Makefile.am: Add hash.h and des-tables.h.
* dh.c (DH_compute_key): return -1 on bad public key.
* rsa.c: remove stray ;
* engine.c: Does function typecasts instead of void * type-casts.
* evp.c: Does function typecasts instead of void * type-casts.
2006-10-16 Love H<>rnquist <20>strand <lha@it.su.se>
* Makefile.am: add rand-unix.c
* rand.c: Move out rand-unix functions from the core lib.
* rand-unix.c: Move out rand-unix functions from the core lib.
2006-10-15 Love H<>rnquist <20>strand <lha@it.su.se>
* hmac.c (HMAC_CTX_cleanup): destroy the EVP_MD_CTX, so it will be
freed.
2006-10-14 Love H<>rnquist <20>strand <lha@it.su.se>
* bn.c: Drop heim_any.h, prefix der primitives with der_
* rsa.c: Drop heim_any.h.
2006-10-11 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa.c (RSA_free): Call the meth->finish before releasing the
engine.
2006-10-06 Love H<>rnquist <20>strand <lha@it.su.se>
* imath/imath.c: Cast argument to ctype(3) functions to (unsigned
char).
* imath/imrat.c: Cast argument to ctype(3) functions to (unsigned
char).
2006-09-22 Love H<>rnquist <20>strand <lha@it.su.se>
* ui.c (read_string): Try to not call signaction for signal 0 and
use NSIG if it exists to determin how many signals there exists,
also, only restore those signalhandlers that we got out.
Bug reported by and patch tested by Harald Barth.
2006-09-15 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa-imath.c: Add commeted out test that exponent is > 3
2006-05-13 Love H<>rnquist <20>strand <lha@it.su.se>
* bn.c (BN_rand): avoid shadowing.
2006-05-12 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa-imath.c: Fix the last one of the asserts.
2006-05-08 Love H<>rnquist <20>strand <lha@it.su.se>
* rand.c (get_device_fd): use /dev/urandom first.
* rctest.c: Less "pointer targets in passing argument differ in
signedness" warnings.
* rc2test.c: Less "pointer targets in passing argument differ in
signedness" warnings.
2006-05-07 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa-imath.c: Fix a off by one.
* test_engine_dso.c: print the lengths when they don't match.
* engine.c (ENGINE_load_builtin_engines): use RSA_imath_method for
the building engine.
* rsa.h: expose RSA_imath_method
* rsa.c (RSA_check_key): Do sign/verify instead.
* dsa.c: rename the DSA_METHOD
* dh.c: rename the DH_METHOD
* dh-imath.c: rename the DH_METHOD
* rsa.c: Default to use rsa-imath.
* Makefile.am: Add rsa-imath.c to libhcrypto
* rsa-imath.c: Add RSA support using imath.
2006-05-06 Love H<>rnquist <20>strand <lha@it.su.se>
* imath: Add imath-1.1.9
* dh.h: Expose DH_imath_method.
* Makefile.am: Add imath source, add test_engine_dso to TESTS.
* engine.c: Lets say we have RSA_null_method(), not really
useable, but still.
* test_engine_dso.c: If there are no arguments, use the internal
engine.
* engine.h: Cpp rename some ENGINE symbols.
* engine.c (ENGINE_load_builtin_engines): Load the internal
engine.
* dh.c: Default to use DH-imath.
* dh.c (DH_check_pubkey): describe what the function do
2006-05-05 Love H<>rnquist <20>strand <lha@it.su.se>
* dh.c (DH_compute_key): check return status value from
DH_check_pubkey
* Rename u_intXX_t to uintXX_t
2006-04-24 Love H<>rnquist <20>strand <lha@it.su.se>
* pkcs5.c: include <krb5-types.h>
* evp.c: Sprinkel some assertions.
* des.c: Move assertion and add another restriction, used as hint
to beam that its ok
2006-04-23 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa.c (RSA_check_key): don't do any checking if there is no
private key
* engine.c (add_engine): reassign engines variable after realloc
2006-04-21 Love H<>rnquist <20>strand <lha@it.su.se>
* evp.h: Add EVP_get_cipherbyname, unbreak EVP_BytesToKey
* evp.h: Add prototype for EVP_BytesToKey
* evp.c: Add stub for EVP_BytesToKey
2006-04-20 Love H<>rnquist <20>strand <lha@it.su.se>
* dh.h: Add cpp-rename for DH_check_pubkey
2006-04-17 Love H<>rnquist <20>strand <lha@it.su.se>
* rand.h: Add more RAND functions.
* rand.c: Split out unix /dev/random to a RAND_METHOD
* engine.h: add RAND support
* engine.c: add RAND support
* evp.h: s/rc4_64/rc2_64/
* rand.c: Add RAND_METHOD and some associated functions.
* rand.h: Add RAND_METHOD and some associated functions.
* test_bn.c: Test BN_rand
2006-04-16 Love H<>rnquist <20>strand <lha@it.su.se>
* engine.c (ENGINE_by_dso): less printf
* rsa.h (i2d_RSAPublicKey): fix prototype
* rsa.c (i2d_RSAPublicKey): fix prototype
2006-04-15 Love H<>rnquist <20>strand <lha@it.su.se>
* evp.h: Add EVP_rc2_64_cbc
* evp.c: Add EVP_rc2_64_cbc
* evp.h: Add SHA-256 symbols.
* evp.c: Add SHA-256.
* sha.h: Add SHA-256 symbols.
* mdtest.c: Test SHA-256.
* sha256.c: Inital (naive) SHA-256 implementation.
2006-04-14 Love H<>rnquist <20>strand <lha@it.su.se>
* des.c (DES_cfb64_encrypt): add asserts that the *num pointers is
>= 0, because if it is, its a programmer error.
2006-04-09 Love H<>rnquist <20>strand <lha@it.su.se>
* rc2.c (RC2_set_key): abort on erroneous input (len <= 0) size
that will case out out bound indexing, and its invalid input.
* rsa.c: Make compile again.
2006-04-03 Love H<>rnquist <20>strand <lha@it.su.se>
* rsa.c: Implement i2d_RSAPublicKey
* rsa.h: Add i2d_RSAPublicKey
2006-03-07 Love H<>rnquist <20>strand <lha@it.su.se>
* Makefile.am: EVP interface depends on dlopen, add it to LIBFLAGS
2006-02-28 Love H<>rnquist <20>strand <lha@it.su.se>
* Makefile.am: Add pkcs5 files.
* test_pkcs5.c: Testcases for pkcs5 pbe2.
* pkcs5.c (PKCS5_PBKDF2_HMAC_SHA1): new function.
* hmac.c: Digest key when it exceeds block size, not when it
exceeds the size of the output block.
2006-02-16 Love H<>rnquist <20>strand <lha@it.su.se>
* rand.c (RAND_bytes): Don't abort() on failure, return error.
* bn.c (BN_rand): check return value from RAND_bytes
2006-01-18 Love H<>rnquist <20>strand <lha@it.su.se>
* dh.c (DH_compute_key): check public key
* dh.h: Add DH_check_pubkey and defines it uses.
* dh.c (DH_check_pubkey): New function.
* bn.c: Remove unused fragment.
* test_bn.c: Compare numbers with BN_cmp().
2006-01-17 David Love <fx@gnu.org>
* bn.c: Include <limits.h>.
2006-01-13 Love H<>rnquist <20>strand <lha@it.su.se>
* *.h: use #include <hcrypto/...>
* Makefile.am: provide a symlink so the directory hcrypto/ seems
to exists
* engine.h: Expose dsa symbols
* Makefile.am: Rename library to hcrypto and install headerfiles
in hcrypto/.
* test_pkcs12.c: Test for PKCS12_key_gen.
* hmac.h: Drop HMAC_CTX_create and HMAC_CTX_destroy.
* engine.c (ENGINE_add_conf_module): Also load DH
* dh.h: Reorder includes to avoid compile errors, provide
DH_new_method().
* dh.c: Indent.
* bn.c: BN_get_negative was really named BN_is_negative, a comment
confused me.
* bn.h: BN_get_negative was really named BN_is_negative, a comment
confused me.
* pkcs12.h: Add PKCS12_key_gen().
* pkcs12.c: Add PKCS12_key_gen().
* Makefile.am: Add test_cipher, test_pkcs12, add pkcs12.[ch].
* evp.c: Rename rc2_40_cbc internal variable to something better.
Unbreak des-ede3-cbc.
2006-01-11 Love H<>rnquist <20>strand <lha@it.su.se>
* test_bn.c: Test BN_uadd.
* bn.c (BN_rand): don't leak memory on failure, catch malloc(0)
case
* bn.c (BN_rand): clear the bits above the bits that user
requested.
(BN_uadd): new function.
* bn.h (BN_uadd): new function.
2006-01-10 Love H<>rnquist <20>strand <lha@it.su.se>
* evp.c (EVP_CIPHER_CTX_cleanup): clean up less aggressively
* Makefile.am (check_PROGRAMS): add test_hmac
* test_hmac.c: Simple regression test for HMAC.
* hmac.c: Make hmac work.
* evp.c: return the right blocksize for digests.
2006-01-09 Love H<>rnquist <20>strand <lha@it.su.se>
* test_engine_dso.c: Add test for DH.
* dh.c: Add DH_new_method, add ENGINE refcounting.
* engine.[ch]: Add ENGINE_set_default_DH and ENGINE_get_default_DH
* test_engine_dso.c: Add test for RSA encryption.
2006-01-08 Love H<>rnquist <20>strand <lha@it.su.se>
* test_engine_dso.c: Add test for RSA.
* implement enough glue to support OpenSSLs EVP, RSA, DSA, DH,
HMAC, RAND and ENGINE interfaces for use in hx509. rename all
symbols to start with hc_ to avoid clobbering namespaces. contains
no RSA/DH/DSA code, just glue to support using dynamic
ENGINE. hx509 supports this via pkcs11 and there is a gmp ENGINE
module supporting RSA. Also contains a MD2 digest for completion.
2005-07-20 Love H<>rnquist <20>strand <lha@it.su.se>
* des.c,des.h,rnd_keys.c: change unsigned char * to void *
2005-06-30 Love H<>rnquist <20>strand <lha@it.su.se>
* rnd_keys.c: const poision for unwriteable strings
2005-06-19 Love H<>rnquist <20>strand <lha@it.su.se>
* des.c,aes.c,rc2.c: Rename parameter, as encrypt shadows a
global, from Andrew Bartlett
2005-06-02 Love H<>rnquist <20>strand <lha@it.su.se>
* rnd_keys.c: Include <stdlib.h> for srandom/random.
2005-05-29 Love H<>rnquist <20>strand <lha@it.su.se>
* des.c (DES_cbc_cksum): init u to make sure it have a value in
case of the empty in data
* destest.c: add test for the empty password ""
2005-05-27 Love H<>rnquist <20>strand <lha@it.su.se>
* rctest.c (cipher3): used unsigned char to avoid problems with
platforms using "signed char"
2005-05-13 Love H<>rnquist <20>strand <lha@it.su.se>
* rc2.c: use unsigned char to avoid signess warning
* des.c: use unsigned char to avoid signess warning
* aes.c (AES_cbc_encrypt): use unsigned char to avoid signess
warning
2005-05-03 Dave Love <fx@gnu.org>
* mdtest.c: Fix typo for HAVE_STDLIB_H.
2005-05-03 Love H<>rnquist <20>strand <lha@it.su.se>
* rnd_keys.c: Enabled to build on cygwin, based on patch from
David Love <fx@gnu.org>
2005-05-02 Dave Love <fx@gnu.org>
* mdtest.c: Include <krb5-types.h>.
2005-04-30 Love H<>rnquist <20>strand <lha@it.su.se>
* ui.c: Include <des.h>.
(UI_UTIL_read_pw_string): make the prompt argument const.
* des.h (UI_UTIL_read_pw_string): make the prompt argument const
* ui.c (UI_UTIL_read_pw_string): remove unused variable plen
* des.c: replace <strings.h> with <string.h>
2005-04-29 Dave Love <fx@gnu.org>
* Makefile.am: Add LIB_roken.
2005-04-27 Dave Love <fx@gnu.org>
* sha.c: Include hash.h first.
* md4.c: Include hash.h first.
* md5.c: Include hash.h first.
* hash.h: Include krb5-types.h
2005-04-26 Dave Love <fx@gnu.org>
* mdtest.c: Maybe include stdlib.h
2005-04-10 Love H<>rnquist <20>strand <lha@it.su.se>
* sha.h,md5.h, md4.h: don't include bit types, the user must do
that #ifdef wrap
* aes.h: #ifdef wrap
2005-03-23 Love H<>rnquist <20>strand <lha@it.su.se>
* des.h: fix prototype for DES_random_key
* rnd_keys.c: fix prototype for DES_random_key
* des.[ch]: provide compatibility function DES_key_sched, same as
DES_set_key
2005-03-20 Love H<>rnquist <20>strand <lha@it.su.se>
* destest.c: include config.h and protect some headers
* rnd_keys.c: move <des.h> to after include <krb5-types.h> so the
C99 integer types exists
2005-03-14 Love H<>rnquist <20>strand <lha@it.su.se>
* des.c: add DES_set_key_checked
* des.h: add DES_set_key_checked
2005-03-01 Love H<>rnquist <20>strand <lha@it.su.se>
* des-tables.h: Add the missing file
2005-02-23 Love H<>rnquist <20>strand <lha@it.su.se>
* ui.c: remove dependency on asprintf
* Makefile.am: make destest only once
* Replace the eay DES code with key scheule setup code by me and DES
s-box and p permutation from Richard Outerbridge implemtation (in
public domain). The DES modes are implemented by me. ui.c code are
from appl/login.
The implementation is about 3 times slower then Eric for encryption,
and about the same speed for key setup.
2004-08-10 Love H<>rnquist <20>strand <lha@it.su.se>
* rnd_keys.c (DES_rand_data): also try /dev/arandom
2004-06-02 Love H<>rnquist <20>strand <lha@it.su.se>
* rnd_keys.c: don't include krb4 headers
* rijndael-alg-fst.c: don't include krb4 headers
* aes.c: don't include krb4 headers
* aes.h: define AES_{EN,DE}CRYPT; remove #ifdefs, this is an
installed file
2004-04-25 Love H<>rnquist <20>strand <lha@it.su.se>
* rc2.c: handle non blocksized cbc messages
* aes.[ch]: add AES_cbc_encrypt
2004-04-24 Love H<>rnquist <20>strand <lha@it.su.se>
* rc2test.c: test vectors from RFC2268
* rc2.c (RC2_set_key): rewrite the mask calculation
* rc2.c (RC2_set_key): handle keys where effective bits are
diffrent from keylength
2004-04-23 Love H<>rnquist <20>strand <lha@it.su.se>
* rc2.c: rc2 implementation
* rc2.h: rc2 implementation
* rc2test.c: rc2 implementation
* Makefile.am: rc2 implementation
2004-03-25 Love H<>rnquist <20>strand <lha@it.su.se>
* Makefile.am: new arcfour implementation
* rc4.c: implemented from description in
draft-kaukonen-cipher-arcfour-03.txt
* rc4.h: replace with new implementation
* rc4_enc.c rc4_skey.c: remove
* rctest.c: test for arcfour
2003-12-07 Love H<>rnquist <20>strand <lha@it.su.se>
* rnd_keys.c: uninitialized variable, from Panasas Inc
2003-09-03 Love H<>rnquist <20>strand <lha@it.su.se>
* md4.c (MD4_Final): make the function threadsafe by removing
static on the local variable zeros
* md5.c (MD5_Final): make the function threadsafe by removing
static on the local variable zeros
* switch to the DES_ api, dont provide any compat glue
2003-08-27 Love H<>rnquist <20>strand <lha@it.su.se>
* sha.c: make the function threadsafe by removing static on the
local variable zeros
2003-07-23 Love H<>rnquist <20>strand <lha@it.su.se>
* rijndael-alg-fst.h,rijndael-alg-fst.c,aes.c,aes.h:
Makefile.am: add AES support
2003-03-19 Love H<>rnquist <20>strand <lha@it.su.se>
* des.1: sunOS -> SunOS, from jmc <jmc@prioris.mini.pw.edu.pl>
2003-03-19 Love H<>rnquist <20>strand <lha@it.su.se>
* des.1: spelling, from <jmc@prioris.mini.pw.edu.pl>
2002-08-28 Johan Danielsson <joda@pdc.kth.se>
* read_pwd.c: move NeXT SGTTY stuff here
2001-05-17 Assar Westerlund <assar@sics.se>
* Makefile.am: bump version to 3:1:0
2001-05-11 Assar Westerlund <assar@sics.se>
* str2key.c (des_string_to_key, des_string_to_2keys): avoid weak
keys
2001-02-16 Assar Westerlund <assar@sics.se>
* set_key.c: correct weak keys and update comment
2001-02-14 Assar Westerlund <assar@sics.se>
* set_key.c: correct the two last weak keys in accordance with
FIPS 74. noted by <jhutz@cmu.edu>
2001-01-30 Assar Westerlund <assar@sics.se>
* Makefile.am (libdes_la_LDFLAGS): bump version to 3:0:0
2000-10-19 Assar Westerlund <assar@sics.se>
* Makefile.in (LIBSRC, LIBOBJ): add rc4* and enc_{read,write}
files so that this library contains the same things as libdes in
Heimdal
2000-08-16 Assar Westerlund <assar@sics.se>
* Makefile.am: bump version to 2:1:0
2000-08-03 Johan Danielsson <joda@pdc.kth.se>
* enc_writ.c: BSIZE -> des_BSIZE to avoid conflicts with AIX
jfs/fsparam.h
* enc_read.c: BSIZE -> des_BSIZE to avoid conflicts with AIX
jfs/fsparam.h
* des_locl.h: BSIZE -> des_BSIZE to avoid conflicts with AIX
jfs/fsparam.h
2000-02-07 Assar Westerlund <assar@sics.se>
* Makefile.am: set version to 2:0:0
2000-01-26 Assar Westerlund <assar@sics.se>
* mdtest.c: update to pseudo-standard APIs for md4,md5,sha.
* md4.c, md4.h, md5.c, md5.h, sha.c, sha.h: move to the
pseudo-standard APIs
1999-12-06 Assar Westerlund <assar@sics.se>
* Makefile.am: set version to 1:0:1
1999-11-29 Assar Westerlund <assar@sics.se>
* fcrypt.c (crypt_md5): add trailing $
1999-11-13 Assar Westerlund <assar@sics.se>
* Makefile.am (include_HEADERS): add rc4.h
(libdes_la_SOURCES): add rc4_skey.c
1999-10-28 Assar Westerlund <assar@sics.se>
* md5crypt_test.c: change the test case. apparently we should not
include $ after the salt. also make it print more useful stuff
when failing.
1999-10-20 Assar Westerlund <assar@sics.se>
* Makefile.am: bump version to 0:2:0
1999-09-21 Johan Danielsson <joda@pdc.kth.se>
* des.h: make this work with mips 64-bit abi
1999-08-14 Johan Danielsson <joda@pdc.kth.se>
* fcrypt.c (crypt_md5): don't use snprintf
1999-08-13 Assar Westerlund <assar@sics.se>
* Makefile.am: add md5crypt_test
* Makefile.in: add md5crypt_test
* md5crypt_test.c: test md5 crypt
* fcrypt.c: always enable md5 crypt
1999-07-26 Johan Danielsson <joda@pdc.kth.se>
* Makefile.am: bump version number (changes to md*, sha)
1999-06-15 Assar Westerlund <assar@sics.se>
* sha.c (swap_u_int32_t): add _CRAY
Sat Apr 10 23:02:30 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* destest.c: fixes for crays
Thu Apr 1 11:26:38 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* Makefile.am: noinst_PROGRAMS -> check_PROGRAMS; add TESTS; don't
build rpw, and speed
Mon Mar 22 20:16:26 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* Makefile.am: hash.h
* sha.c: use hash.h; fixes for crays
* md5.c: use hash.h; fixes for crays
* md4.c: use hash.h; fixes for crays
* hash.h: common stuff from md4, md5, and sha1
Sat Mar 20 00:16:53 1999 Assar Westerlund <assar@sics.se>
* rnd_keys.c (des_rand_data): move declaration to get rid of
warning
Thu Mar 18 11:22:28 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* Makefile.am: include Makefile.am.common
Mon Mar 15 17:36:41 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* rnd_keys.c (des_rand_data): if not using setitimer, block
SIGCHLD around fork(), also make sure we get the status of the
child process
(fake_signal): emulate signal using sigaction
Tue Jan 12 05:06:54 1999 Assar Westerlund <assar@sics.se>
* des.h: sparcv9 is also 64 bits, use `unsigned int' instead of
`unsigned long'
Sun Nov 22 10:40:09 1998 Assar Westerlund <assar@sics.se>
* Makefile.in (WFLAGS): set
Mon May 25 05:24:56 1998 Assar Westerlund <assar@sics.se>
* Makefile.in (clean): try to remove shared library debris
Sun Apr 19 09:50:53 1998 Assar Westerlund <assar@sics.se>
* Makefile.in: add symlink magic for linux
Sun Nov 9 07:14:45 1997 Assar Westerlund <assar@sics.se>
* mdtest.c: print out old and new string

108
lib/hcrypto/DESperate.txt Normal file
View File

@@ -0,0 +1,108 @@
The hunt for getting a DES with plain BSD license w/o advertisement clause
==========================================================================
$Id$
This all feels very silly given that DES is about 30 years old and now
is deprecated.
Helpful documents on the way:
Schider's crypto wasn't that useful since it only told how to do DES,
not how to do des fast or how to not use DES. I find this to be a
common thread in the book, it explain each tool in great detail, but
not its limitations.
Dag Arne Osvik: Efficient Implementation of the Data Encryption Standard
Some threads on sci.crypto was also useful.
PC1 transformations
===================
Getting the PC1 bit mangling working was hard, I never got it to work.
Printning out the bit usage made me realize a lookup table could be
used since only 12 bits are used from the first half and 16 from the
second.
01110000 01110000 01110000 01110000 01111000 01111000 01111000 01111000
00001111 00001111 00001111 00001111 00000111 00000111 00000111 00000111
The pattern is getting more obvious if its printed out where the bits
are coming from.
8 16 24 - - - - -
7 15 23 - - - - -
6 14 22 - - - - -
5 13 21 - - - - -
4 12 20 28 - - - -
3 11 19 27 - - - -
2 10 18 26 - - - -
1 9 17 25 - - - -
- - - 60 56 48 40 -
- - - 59 55 47 39 -
- - - 58 54 46 38 -
- - - 57 53 45 37 -
- - - - 52 44 36 -
- - - - 51 43 35 -
- - - - 50 42 34 -
- - - - 49 41 33 -
Only 3 bits-table is needed for the first half and 4 bits for the
second half because they are on diffrent shift offsets.
So to get the bitpattern bit-pattern
gen_pattern("pc1_c_3", 7, [ 5, 13, 21 ], 0, 0x1000000);
gen_pattern("pc1_c_4", 15, [ 1, 9, 17, 25 ], 0, 0x1000000);
gen_pattern("pc1_d_3", 7, [ 49, 41, 33 ], 32, 0x1000000);
gen_pattern("pc1_d_4", 15, [ 57, 53, 45, 37 ], 32, 0x1000000);
PC2 transformations
===================
PC2 is also a table lookup, since its a 24 bit field, I use 4 6-bit
lookup tables. Printing the reverse of the PC2 table reveal that some
of the bits are not used, namely (9, 18, 22, 25) from c and (7, 10,
15, 26) from d.
pc2 from c
----------
5 24 7 16 6 10 20
18 - 12 3 15 23 1
9 19 2 - 14 22 11
- 13 4 - 17 21 8
pc2 from d
----------
51 35 31 52 39 45 -
50 32 - 43 36 29 48
- 41 38 47 33 40 42
49 37 30 46 - 34 44
So we generate tables for that too.
gen_pattern("pc2_c_1", 63, [ 5, 24, 7, 16, 6, 10 ], 0, 0x800000);
gen_pattern("pc2_c_2", 63, [ 20, 18, 12, 3, 15, 23 ], 0, 0x800000);
gen_pattern("pc2_c_3", 63, [ 1, 9, 19, 2, 14, 22 ], 0, 0x800000);
gen_pattern("pc2_c_4", 63, [ 11, 13, 4, 17, 21, 8 ], 0, 0x800000);
gen_pattern("pc2_d_1", 63, [ 51, 35, 31, 52, 39, 45 ], 28, 0x800000);
gen_pattern("pc2_d_2", 63, [ 50, 32, 43, 36, 29, 48 ], 28, 0x800000);
gen_pattern("pc2_d_3", 63, [ 41, 38, 47, 33, 40, 42 ], 28, 0x800000);
gen_pattern("pc2_d_4", 63, [ 49, 37, 30, 46, 34, 44 ], 28, 0x800000);
SBOX transformations
====================
The SBOX transformations are 6 bit to 4 bit transformations.
Here I grew tired and used Richard Outerbridge SBOXes. Thank you
Richard.

156
lib/hcrypto/Makefile.am Normal file
View File

@@ -0,0 +1,156 @@
# $Id$
include $(top_srcdir)/Makefile.am.common
lib_LTLIBRARIES = libhcrypto.la
libhcrypto_la_LDFLAGS = -version-info 4:0:0
libhcrypto_la_LIBADD = \
$(top_builddir)/lib/asn1/libasn1.la \
$(LIB_dlopen) \
$(LIBADD_roken)
hcryptoincludedir = $(includedir)/hcrypto
buildhcryptoinclude = $(buildinclude)/hcrypto
hcryptoinclude_HEADERS = \
aes.h \
bn.h \
des.h \
dh.h \
dsa.h \
engine.h \
evp.h \
hmac.h \
md2.h \
md4.h \
md5.h \
pkcs12.h \
rand.h \
rc2.h \
rc4.h \
rsa.h \
sha.h \
ui.h
install-build-headers:: $(hcryptoinclude_HEADERS)
@foo='$(hcryptoinclude_HEADERS)'; \
for f in $$foo; do \
f=`basename $$f`; \
if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
else file="$$f"; fi; \
if cmp -s $$file $(buildhcryptoinclude)/$$f 2> /dev/null ; then \
: ; else \
echo "cp $$file $(buildhcryptoinclude)/$$f";\
cp $$file $(buildhcryptoinclude)/$$f; \
fi ; \
done
PROGRAM_TESTS = \
destest \
mdtest \
rc2test \
rctest \
test_bn \
test_cipher \
test_engine_dso \
test_hmac \
test_imath \
test_pkcs5 \
test_pkcs12
SCRIPT_TESTS = \
test_crypto
noinst_PROGRAMS = test_rand
check_PROGRAMS = $(PROGRAM_TESTS) test_rsa
check_SCRIPTS = $(SCRIPT_TESTS)
TESTS = $(PROGRAM_TESTS) $(SCRIPT_TESTS)
LDADD = $(lib_LTLIBRARIES) $(LIB_roken)
libhcrypto_la_SOURCES = \
$(imathsource) \
aes.c \
aes.h \
bn.c \
bn.h \
des-tables.h \
des.c \
des.h \
dh.c \
dh.h \
dh-imath.c \
dsa.c \
dsa.h \
evp.c \
evp.h \
engine.c \
engine.h \
hash.h \
hmac.c \
hmac.h \
md2.c \
md2.h \
md4.c \
md4.h \
md5.c \
md5.h \
pkcs5.c \
pkcs12.c \
rand.c \
rand.h \
randi.h \
rand-fortuna.c \
rand-egd.c \
rand-unix.c \
rc2.c \
rc2.h \
rc4.c \
rc4.h \
rijndael-alg-fst.c \
rijndael-alg-fst.h \
rnd_keys.c \
rsa.c \
rsa-imath.c \
rsa.h \
sha.c \
sha.h \
sha256.c \
ui.c \
ui.h
imathsource = \
imath/imath.c \
imath/imath.h \
imath/iprime.c \
imath/iprime.h
$(libhcrypto_la_OBJECTS): hcrypto-link
hcrypto-link:
$(LN_S) $(srcdir)/../hcrypto hcrypto
touch hcrypto-link
do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g'
test_crypto: test_crypto.in Makefile
$(do_subst) < $(srcdir)/test_crypto.in > test_crypto.tmp
chmod +x test_crypto.tmp
mv test_crypto.tmp test_crypto
CLEANFILES = \
crypto-test \
crypto-test2 \
error \
hcrypto \
hcrypto-link \
test.file \
test_crypto \
test_crypto.tmp \
test_crypto.tmp
EXTRA_DIST = \
rsakey.der \
test_crypto.in

124
lib/hcrypto/aes.c Normal file
View File

@@ -0,0 +1,124 @@
/*
* Copyright (c) 2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
RCSID("$Id$");
#endif
#ifdef KRB5
#include <krb5-types.h>
#endif
#include <string.h>
#include "rijndael-alg-fst.h"
#include "aes.h"
int
AES_set_encrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
{
key->rounds = rijndaelKeySetupEnc(key->key, userkey, bits);
if (key->rounds == 0)
return -1;
return 0;
}
int
AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
{
key->rounds = rijndaelKeySetupDec(key->key, userkey, bits);
if (key->rounds == 0)
return -1;
return 0;
}
void
AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
{
rijndaelEncrypt(key->key, key->rounds, in, out);
}
void
AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
{
rijndaelDecrypt(key->key, key->rounds, in, out);
}
void
AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
unsigned long size, const AES_KEY *key,
unsigned char *iv, int forward_encrypt)
{
unsigned char tmp[AES_BLOCK_SIZE];
int i;
if (forward_encrypt) {
while (size >= AES_BLOCK_SIZE) {
for (i = 0; i < AES_BLOCK_SIZE; i++)
tmp[i] = in[i] ^ iv[i];
AES_encrypt(tmp, out, key);
memcpy(iv, out, AES_BLOCK_SIZE);
size -= AES_BLOCK_SIZE;
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
}
if (size) {
for (i = 0; i < size; i++)
tmp[i] = in[i] ^ iv[i];
for (i = size; i < AES_BLOCK_SIZE; i++)
tmp[i] = iv[i];
AES_encrypt(tmp, out, key);
memcpy(iv, out, AES_BLOCK_SIZE);
}
} else {
while (size >= AES_BLOCK_SIZE) {
memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(tmp, out, key);
for (i = 0; i < AES_BLOCK_SIZE; i++)
out[i] ^= iv[i];
memcpy(iv, tmp, AES_BLOCK_SIZE);
size -= AES_BLOCK_SIZE;
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
}
if (size) {
memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(tmp, out, key);
for (i = 0; i < size; i++)
out[i] ^= iv[i];
memcpy(iv, tmp, AES_BLOCK_SIZE);
}
}
}

71
lib/hcrypto/aes.h Normal file
View File

@@ -0,0 +1,71 @@
/*
* Copyright (c) 2003-2004 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
#ifndef HEIM_AES_H
#define HEIM_AES_H 1
/* symbol renaming */
#define AES_set_encrypt_key hc_AES_set_encrypt_key
#define AES_set_decrypt_key hc_AES_decrypt_key
#define AES_encrypt hc_AES_encrypt
#define AES_decrypt hc_AES_decrypt
#define AES_cbc_encrypt hc_AES_cbc_encrypt
/*
*
*/
#define AES_BLOCK_SIZE 16
#define AES_MAXNR 14
#define AES_ENCRYPT 1
#define AES_DECRYPT 0
typedef struct aes_key {
uint32_t key[(AES_MAXNR+1)*4];
int rounds;
} AES_KEY;
int AES_set_encrypt_key(const unsigned char *, const int, AES_KEY *);
int AES_set_decrypt_key(const unsigned char *, const int, AES_KEY *);
void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *);
void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *);
void AES_cbc_encrypt(const unsigned char *, unsigned char *,
const unsigned long, const AES_KEY *,
unsigned char *, int);
#endif /* HEIM_AES_H */

445
lib/hcrypto/bn.c Normal file
View File

@@ -0,0 +1,445 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <limits.h>
#include <krb5-types.h>
#include <rfc2459_asn1.h> /* XXX */
#include <der.h>
#include <bn.h>
#include <rand.h>
#include <hex.h>
BIGNUM *
BN_new(void)
{
heim_integer *hi;
hi = calloc(1, sizeof(*hi));
return (BIGNUM *)hi;
}
void
BN_free(BIGNUM *bn)
{
BN_clear(bn);
free(bn);
}
void
BN_clear(BIGNUM *bn)
{
heim_integer *hi = (heim_integer *)bn;
if (hi->data) {
memset(hi->data, 0, hi->length);
free(hi->data);
}
memset(hi, 0, sizeof(*hi));
}
void
BN_clear_free(BIGNUM *bn)
{
BN_free(bn);
}
BIGNUM *
BN_dup(const BIGNUM *bn)
{
BIGNUM *b = BN_new();
if (der_copy_heim_integer((const heim_integer *)bn, (heim_integer *)b)) {
BN_free(b);
return NULL;
}
return b;
}
/*
* If the caller really want to know the number of bits used, subtract
* one from the length, multiply by 8, and then lookup in the table
* how many bits the hightest byte uses.
*/
int
BN_num_bits(const BIGNUM *bn)
{
static unsigned char num2bits[256] = {
0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4, 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
};
const heim_integer *i = (const void *)bn;
if (i->length == 0)
return 0;
return (i->length - 1) * 8 + num2bits[((unsigned char *)i->data)[0]];
}
int
BN_num_bytes(const BIGNUM *bn)
{
return ((const heim_integer *)bn)->length;
}
/*
* Ignore negative flag.
*/
BIGNUM *
BN_bin2bn(const void *s, int len, BIGNUM *bn)
{
heim_integer *hi = (void *)bn;
if (len < 0)
return NULL;
if (hi == NULL) {
hi = (heim_integer *)BN_new();
if (hi == NULL)
return NULL;
}
if (hi->data)
BN_clear((BIGNUM *)hi);
hi->negative = 0;
hi->data = malloc(len);
if (hi->data == NULL && len != 0) {
if (bn == NULL)
BN_free((BIGNUM *)hi);
return NULL;
}
hi->length = len;
memcpy(hi->data, s, len);
return (BIGNUM *)hi;
}
int
BN_bn2bin(const BIGNUM *bn, void *to)
{
const heim_integer *hi = (const void *)bn;
memcpy(to, hi->data, hi->length);
return hi->length;
}
int
BN_hex2bn(BIGNUM **bnp, const char *in)
{
int negative;
ssize_t ret;
size_t len;
void *data;
len = strlen(in);
data = malloc(len);
if (data == NULL)
return 0;
if (*in == '-') {
negative = 1;
in++;
} else
negative = 0;
ret = hex_decode(in, data, len);
if (ret < 0) {
free(data);
return 0;
}
*bnp = BN_bin2bn(data, ret, NULL);
free(data);
if (*bnp == NULL)
return 0;
BN_set_negative(*bnp, negative);
return 1;
}
char *
BN_bn2hex(const BIGNUM *bn)
{
ssize_t ret;
size_t len;
void *data;
char *str;
len = BN_num_bytes(bn);
data = malloc(len);
if (data == NULL)
return 0;
len = BN_bn2bin(bn, data);
ret = hex_encode(data, len, &str);
free(data);
if (ret < 0)
return 0;
return str;
}
int
BN_cmp(const BIGNUM *bn1, const BIGNUM *bn2)
{
return der_heim_integer_cmp((const heim_integer *)bn1,
(const heim_integer *)bn2);
}
void
BN_set_negative(BIGNUM *bn, int flag)
{
((heim_integer *)bn)->negative = (flag ? 1 : 0);
}
int
BN_is_negative(BIGNUM *bn)
{
return ((heim_integer *)bn)->negative ? 1 : 0;
}
static const unsigned char is_set[8] = { 1, 2, 4, 8, 16, 32, 64, 128 };
int
BN_is_bit_set(const BIGNUM *bn, int bit)
{
heim_integer *hi = (heim_integer *)bn;
unsigned char *p = hi->data;
if ((bit / 8) > hi->length || hi->length == 0)
return 0;
return p[hi->length - 1 - (bit / 8)] & is_set[bit % 8];
}
int
BN_set_bit(BIGNUM *bn, int bit)
{
heim_integer *hi = (heim_integer *)bn;
unsigned char *p;
if ((bit / 8) > hi->length || hi->length == 0) {
size_t len = (bit + 7) / 8;
void *d = realloc(hi->data, len);
if (d == NULL)
return 0;
hi->data = d;
p = hi->data;
memset(&p[hi->length], 0, len);
hi->length = len;
} else
p = hi->data;
p[hi->length - 1 - (bit / 8)] |= is_set[bit % 8];
return 1;
}
int
BN_clear_bit(BIGNUM *bn, int bit)
{
heim_integer *hi = (heim_integer *)bn;
unsigned char *p = hi->data;
if ((bit / 8) > hi->length || hi->length == 0)
return 0;
p[hi->length - 1 - (bit / 8)] &= (unsigned char)(~(is_set[bit % 8]));
return 1;
}
int
BN_set_word(BIGNUM *bn, unsigned long num)
{
unsigned char p[sizeof(num)];
unsigned long num2;
int i, len;
for (num2 = num, i = 0; num2 > 0; i++)
num2 = num2 >> 8;
len = i - 1;
for (; i > 0; i--) {
p[i - 1] = (num & 0xff);
num = num >> 8;
}
bn = BN_bin2bn(p, len + 1, bn);
return bn != NULL;
}
unsigned long
BN_get_word(const BIGNUM *bn)
{
heim_integer *hi = (heim_integer *)bn;
unsigned long num = 0;
int i;
if (hi->negative || hi->length > sizeof(num))
return ULONG_MAX;
for (i = 0; i < hi->length; i++)
num = ((unsigned char *)hi->data)[i] | (num << 8);
return num;
}
int
BN_rand(BIGNUM *bn, int bits, int top, int bottom)
{
size_t len = (bits + 7) / 8;
heim_integer *i = (heim_integer *)bn;
BN_clear(bn);
i->negative = 0;
i->data = malloc(len);
if (i->data == NULL && len != 0)
return 0;
i->length = len;
if (RAND_bytes(i->data, i->length) != 1) {
free(i->data);
i->data = NULL;
return 0;
}
{
size_t j = len * 8;
while(j > bits) {
BN_clear_bit(bn, j - 1);
j--;
}
}
if (top == -1) {
;
} else if (top == 0 && bits > 0) {
BN_set_bit(bn, bits - 1);
} else if (top == 1 && bits > 1) {
BN_set_bit(bn, bits - 1);
BN_set_bit(bn, bits - 2);
} else {
BN_clear(bn);
return 0;
}
if (bottom && bits > 0)
BN_set_bit(bn, 0);
return 1;
}
/*
*
*/
int
BN_uadd(BIGNUM *res, const BIGNUM *a, const BIGNUM *b)
{
const heim_integer *ai = (const heim_integer *)a;
const heim_integer *bi = (const heim_integer *)b;
const unsigned char *ap, *bp;
unsigned char *cp;
heim_integer ci;
int carry = 0;
ssize_t len;
if (ai->negative && bi->negative)
return 0;
if (ai->length < bi->length) {
const heim_integer *si = bi;
bi = ai; ai = si;
}
ci.negative = 0;
ci.length = ai->length + 1;
ci.data = malloc(ci.length);
if (ci.data == NULL)
return 0;
ap = &((const unsigned char *)ai->data)[ai->length - 1];
bp = &((const unsigned char *)bi->data)[bi->length - 1];
cp = &((unsigned char *)ci.data)[ci.length - 1];
for (len = bi->length; len > 0; len--) {
carry = *ap + *bp + carry;
*cp = carry & 0xff;
carry = (carry & ~0xff) ? 1 : 0;
ap--; bp--; cp--;
}
for (len = ai->length - bi->length; len > 0; len--) {
carry = *ap + carry;
*cp = carry & 0xff;
carry = (carry & ~0xff) ? 1 : 0;
ap--; cp--;
}
if (!carry)
memmove(cp, cp + 1, --ci.length);
else
*cp = carry;
BN_clear(res);
*((heim_integer *)res) = ci;
return 1;
}
/*
* Callback when doing slow generation of numbers, like primes.
*/
void
BN_GENCB_set(BN_GENCB *gencb, int (*cb_2)(int, int, BN_GENCB *), void *ctx)
{
gencb->ver = 2;
gencb->cb.cb_2 = cb_2;
gencb->arg = ctx;
}
int
BN_GENCB_call(BN_GENCB *cb, int a, int b)
{
if (cb == NULL || cb->cb.cb_2 == NULL)
return 1;
return cb->cb.cb_2(a, b, cb);
}

121
lib/hcrypto/bn.h Normal file
View File

@@ -0,0 +1,121 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* $Id$
*/
#ifndef _HEIM_BN_H
#define _HEIM_BN_H 1
/* symbol renaming */
#define BN_GENCB_call hc_BN_GENCB_call
#define BN_GENCB_set hc_BN_GENCB_set
#define BN_bin2bn hc_BN_bin2bn
#define BN_bn2bin hc_BN_bn2bin
#define BN_bn2hex hc_BN_bn2hex
#define BN_clear hc_BN_clear
#define BN_clear_bit hc_BN_clear_bit
#define BN_clear_free hc_BN_clear_free
#define BN_cmp hc_BN_cmp
#define BN_dup hc_BN_dup
#define BN_free hc_BN_free
#define BN_is_negative hc_BN_is_negative
#define BN_get_word hc_BN_get_word
#define BN_hex2bn hc_BN_hex2bn
#define BN_is_bit_set hc_BN_is_bit_set
#define BN_new hc_BN_new
#define BN_num_bits hc_BN_num_bits
#define BN_num_bytes hc_BN_num_bytes
#define BN_rand hc_BN_rand
#define BN_set_bit hc_BN_set_bit
#define BN_set_negative hc_BN_set_negative
#define BN_set_word hc_BN_set_word
#define BN_uadd hc_BN_uadd
/*
*
*/
typedef void BIGNUM;
typedef struct BN_GENCB BN_GENCB;
typedef void BN_CTX;
typedef void BN_MONT_CTX;
typedef void BN_BLINDING;
struct BN_GENCB {
unsigned int ver;
void *arg;
union {
int (*cb_2)(int, int, BN_GENCB *);
} cb;
};
/*
*
*/
BIGNUM *BN_new(void);
void BN_free(BIGNUM *);
void BN_clear_free(BIGNUM *);
void BN_clear(BIGNUM *);
BIGNUM *BN_dup(const BIGNUM *);
int BN_num_bits(const BIGNUM *);
int BN_num_bytes(const BIGNUM *);
int BN_cmp(const BIGNUM *, const BIGNUM *);
void BN_set_negative(BIGNUM *, int);
int BN_is_negative(BIGNUM *);
int BN_is_bit_set(const BIGNUM *, int);
int BN_set_bit(BIGNUM *, int);
int BN_clear_bit(BIGNUM *, int);
int BN_set_word(BIGNUM *, unsigned long);
unsigned long BN_get_word(const BIGNUM *);
BIGNUM *BN_bin2bn(const void *,int len,BIGNUM *);
int BN_bn2bin(const BIGNUM *, void *);
int BN_hex2bn(BIGNUM **, const char *);
char * BN_bn2hex(const BIGNUM *);
int BN_uadd(BIGNUM *, const BIGNUM *, const BIGNUM *);
int BN_rand(BIGNUM *, int, int, int);
void BN_GENCB_set(BN_GENCB *, int (*)(int, int, BN_GENCB *), void *);
int BN_GENCB_call(BN_GENCB *, int, int);
#endif

196
lib/hcrypto/des-tables.h Normal file
View File

@@ -0,0 +1,196 @@
/* GENERATE FILE from gen-des.pl, do not edit */
/* pc1_c_3 bit pattern 5 13 21 */
static int pc1_c_3[8] = {
0x00000000, 0x00000010, 0x00001000, 0x00001010,
0x00100000, 0x00100010, 0x00101000, 0x00101010
};
/* pc1_c_4 bit pattern 1 9 17 25 */
static int pc1_c_4[16] = {
0x00000000, 0x00000001, 0x00000100, 0x00000101,
0x00010000, 0x00010001, 0x00010100, 0x00010101,
0x01000000, 0x01000001, 0x01000100, 0x01000101,
0x01010000, 0x01010001, 0x01010100, 0x01010101
};
/* pc1_d_3 bit pattern 49 41 33 */
static int pc1_d_3[8] = {
0x00000000, 0x01000000, 0x00010000, 0x01010000,
0x00000100, 0x01000100, 0x00010100, 0x01010100
};
/* pc1_d_4 bit pattern 57 53 45 37 */
static int pc1_d_4[16] = {
0x00000000, 0x00100000, 0x00001000, 0x00101000,
0x00000010, 0x00100010, 0x00001010, 0x00101010,
0x00000001, 0x00100001, 0x00001001, 0x00101001,
0x00000011, 0x00100011, 0x00001011, 0x00101011
};
/* pc2_c_1 bit pattern 5 24 7 16 6 10 */
static int pc2_c_1[64] = {
0x00000000, 0x00004000, 0x00040000, 0x00044000,
0x00000100, 0x00004100, 0x00040100, 0x00044100,
0x00020000, 0x00024000, 0x00060000, 0x00064000,
0x00020100, 0x00024100, 0x00060100, 0x00064100,
0x00000001, 0x00004001, 0x00040001, 0x00044001,
0x00000101, 0x00004101, 0x00040101, 0x00044101,
0x00020001, 0x00024001, 0x00060001, 0x00064001,
0x00020101, 0x00024101, 0x00060101, 0x00064101,
0x00080000, 0x00084000, 0x000c0000, 0x000c4000,
0x00080100, 0x00084100, 0x000c0100, 0x000c4100,
0x000a0000, 0x000a4000, 0x000e0000, 0x000e4000,
0x000a0100, 0x000a4100, 0x000e0100, 0x000e4100,
0x00080001, 0x00084001, 0x000c0001, 0x000c4001,
0x00080101, 0x00084101, 0x000c0101, 0x000c4101,
0x000a0001, 0x000a4001, 0x000e0001, 0x000e4001,
0x000a0101, 0x000a4101, 0x000e0101, 0x000e4101
};
/* pc2_c_2 bit pattern 20 18 12 3 15 23 */
static int pc2_c_2[64] = {
0x00000000, 0x00000002, 0x00000200, 0x00000202,
0x00200000, 0x00200002, 0x00200200, 0x00200202,
0x00001000, 0x00001002, 0x00001200, 0x00001202,
0x00201000, 0x00201002, 0x00201200, 0x00201202,
0x00000040, 0x00000042, 0x00000240, 0x00000242,
0x00200040, 0x00200042, 0x00200240, 0x00200242,
0x00001040, 0x00001042, 0x00001240, 0x00001242,
0x00201040, 0x00201042, 0x00201240, 0x00201242,
0x00000010, 0x00000012, 0x00000210, 0x00000212,
0x00200010, 0x00200012, 0x00200210, 0x00200212,
0x00001010, 0x00001012, 0x00001210, 0x00001212,
0x00201010, 0x00201012, 0x00201210, 0x00201212,
0x00000050, 0x00000052, 0x00000250, 0x00000252,
0x00200050, 0x00200052, 0x00200250, 0x00200252,
0x00001050, 0x00001052, 0x00001250, 0x00001252,
0x00201050, 0x00201052, 0x00201250, 0x00201252
};
/* pc2_c_3 bit pattern 1 9 19 2 14 22 */
static int pc2_c_3[64] = {
0x00000000, 0x00000004, 0x00000400, 0x00000404,
0x00400000, 0x00400004, 0x00400400, 0x00400404,
0x00000020, 0x00000024, 0x00000420, 0x00000424,
0x00400020, 0x00400024, 0x00400420, 0x00400424,
0x00008000, 0x00008004, 0x00008400, 0x00008404,
0x00408000, 0x00408004, 0x00408400, 0x00408404,
0x00008020, 0x00008024, 0x00008420, 0x00008424,
0x00408020, 0x00408024, 0x00408420, 0x00408424,
0x00800000, 0x00800004, 0x00800400, 0x00800404,
0x00c00000, 0x00c00004, 0x00c00400, 0x00c00404,
0x00800020, 0x00800024, 0x00800420, 0x00800424,
0x00c00020, 0x00c00024, 0x00c00420, 0x00c00424,
0x00808000, 0x00808004, 0x00808400, 0x00808404,
0x00c08000, 0x00c08004, 0x00c08400, 0x00c08404,
0x00808020, 0x00808024, 0x00808420, 0x00808424,
0x00c08020, 0x00c08024, 0x00c08420, 0x00c08424
};
/* pc2_c_4 bit pattern 11 13 4 17 21 8 */
static int pc2_c_4[64] = {
0x00000000, 0x00010000, 0x00000008, 0x00010008,
0x00000080, 0x00010080, 0x00000088, 0x00010088,
0x00100000, 0x00110000, 0x00100008, 0x00110008,
0x00100080, 0x00110080, 0x00100088, 0x00110088,
0x00000800, 0x00010800, 0x00000808, 0x00010808,
0x00000880, 0x00010880, 0x00000888, 0x00010888,
0x00100800, 0x00110800, 0x00100808, 0x00110808,
0x00100880, 0x00110880, 0x00100888, 0x00110888,
0x00002000, 0x00012000, 0x00002008, 0x00012008,
0x00002080, 0x00012080, 0x00002088, 0x00012088,
0x00102000, 0x00112000, 0x00102008, 0x00112008,
0x00102080, 0x00112080, 0x00102088, 0x00112088,
0x00002800, 0x00012800, 0x00002808, 0x00012808,
0x00002880, 0x00012880, 0x00002888, 0x00012888,
0x00102800, 0x00112800, 0x00102808, 0x00112808,
0x00102880, 0x00112880, 0x00102888, 0x00112888
};
/* pc2_d_1 bit pattern 51 35 31 52 39 45 */
static int pc2_d_1[64] = {
0x00000000, 0x00000080, 0x00002000, 0x00002080,
0x00000001, 0x00000081, 0x00002001, 0x00002081,
0x00200000, 0x00200080, 0x00202000, 0x00202080,
0x00200001, 0x00200081, 0x00202001, 0x00202081,
0x00020000, 0x00020080, 0x00022000, 0x00022080,
0x00020001, 0x00020081, 0x00022001, 0x00022081,
0x00220000, 0x00220080, 0x00222000, 0x00222080,
0x00220001, 0x00220081, 0x00222001, 0x00222081,
0x00000002, 0x00000082, 0x00002002, 0x00002082,
0x00000003, 0x00000083, 0x00002003, 0x00002083,
0x00200002, 0x00200082, 0x00202002, 0x00202082,
0x00200003, 0x00200083, 0x00202003, 0x00202083,
0x00020002, 0x00020082, 0x00022002, 0x00022082,
0x00020003, 0x00020083, 0x00022003, 0x00022083,
0x00220002, 0x00220082, 0x00222002, 0x00222082,
0x00220003, 0x00220083, 0x00222003, 0x00222083
};
/* pc2_d_2 bit pattern 50 32 43 36 29 48 */
static int pc2_d_2[64] = {
0x00000000, 0x00000010, 0x00800000, 0x00800010,
0x00010000, 0x00010010, 0x00810000, 0x00810010,
0x00000200, 0x00000210, 0x00800200, 0x00800210,
0x00010200, 0x00010210, 0x00810200, 0x00810210,
0x00100000, 0x00100010, 0x00900000, 0x00900010,
0x00110000, 0x00110010, 0x00910000, 0x00910010,
0x00100200, 0x00100210, 0x00900200, 0x00900210,
0x00110200, 0x00110210, 0x00910200, 0x00910210,
0x00000004, 0x00000014, 0x00800004, 0x00800014,
0x00010004, 0x00010014, 0x00810004, 0x00810014,
0x00000204, 0x00000214, 0x00800204, 0x00800214,
0x00010204, 0x00010214, 0x00810204, 0x00810214,
0x00100004, 0x00100014, 0x00900004, 0x00900014,
0x00110004, 0x00110014, 0x00910004, 0x00910014,
0x00100204, 0x00100214, 0x00900204, 0x00900214,
0x00110204, 0x00110214, 0x00910204, 0x00910214
};
/* pc2_d_3 bit pattern 41 38 47 33 40 42 */
static int pc2_d_3[64] = {
0x00000000, 0x00000400, 0x00001000, 0x00001400,
0x00080000, 0x00080400, 0x00081000, 0x00081400,
0x00000020, 0x00000420, 0x00001020, 0x00001420,
0x00080020, 0x00080420, 0x00081020, 0x00081420,
0x00004000, 0x00004400, 0x00005000, 0x00005400,
0x00084000, 0x00084400, 0x00085000, 0x00085400,
0x00004020, 0x00004420, 0x00005020, 0x00005420,
0x00084020, 0x00084420, 0x00085020, 0x00085420,
0x00000800, 0x00000c00, 0x00001800, 0x00001c00,
0x00080800, 0x00080c00, 0x00081800, 0x00081c00,
0x00000820, 0x00000c20, 0x00001820, 0x00001c20,
0x00080820, 0x00080c20, 0x00081820, 0x00081c20,
0x00004800, 0x00004c00, 0x00005800, 0x00005c00,
0x00084800, 0x00084c00, 0x00085800, 0x00085c00,
0x00004820, 0x00004c20, 0x00005820, 0x00005c20,
0x00084820, 0x00084c20, 0x00085820, 0x00085c20
};
/* pc2_d_4 bit pattern 49 37 30 46 34 44 */
static int pc2_d_4[64] = {
0x00000000, 0x00000100, 0x00040000, 0x00040100,
0x00000040, 0x00000140, 0x00040040, 0x00040140,
0x00400000, 0x00400100, 0x00440000, 0x00440100,
0x00400040, 0x00400140, 0x00440040, 0x00440140,
0x00008000, 0x00008100, 0x00048000, 0x00048100,
0x00008040, 0x00008140, 0x00048040, 0x00048140,
0x00408000, 0x00408100, 0x00448000, 0x00448100,
0x00408040, 0x00408140, 0x00448040, 0x00448140,
0x00000008, 0x00000108, 0x00040008, 0x00040108,
0x00000048, 0x00000148, 0x00040048, 0x00040148,
0x00400008, 0x00400108, 0x00440008, 0x00440108,
0x00400048, 0x00400148, 0x00440048, 0x00440148,
0x00008008, 0x00008108, 0x00048008, 0x00048108,
0x00008048, 0x00008148, 0x00048048, 0x00048148,
0x00408008, 0x00408108, 0x00448008, 0x00448108,
0x00408048, 0x00408148, 0x00448048, 0x00448148
};
static unsigned char odd_parity[256] = {
1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254,
};

967
lib/hcrypto/des.c Normal file
View File

@@ -0,0 +1,967 @@
/*
* Copyright (c) 2005 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* The document that got me started for real was "Efficient
* Implementation of the Data Encryption Standard" by Dag Arne Osvik.
* I never got to the PC1 transformation was working, instead I used
* table-lookup was used for all key schedule setup. The document was
* very useful since it de-mystified other implementations for me.
*
* The core DES function (SBOX + P transformation) is from Richard
* Outerbridge public domain DES implementation. My sanity is saved
* thanks to his work. Thank you Richard.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id$");
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <krb5-types.h>
#include <assert.h>
#include "des.h"
#include "ui.h"
static void desx(uint32_t [2], DES_key_schedule *, int);
static void IP(uint32_t [2]);
static void FP(uint32_t [2]);
#include "des-tables.h"
#define ROTATE_LEFT28(x,one) \
if (one) { \
x = ( ((x)<<(1)) & 0xffffffe) | ((x) >> 27); \
} else { \
x = ( ((x)<<(2)) & 0xffffffc) | ((x) >> 26); \
}
/*
*
*/
int
DES_set_odd_parity(DES_cblock *key)
{
int i;
for (i = 0; i < DES_CBLOCK_LEN; i++)
(*key)[i] = odd_parity[(*key)[i]];
return 0;
}
/*
*
*/
/* FIPS 74 */
static DES_cblock weak_keys[] = {
{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, /* weak keys */
{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
{0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
{0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE}, /* semi-weak keys */
{0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
{0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
{0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
{0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
{0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
{0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
{0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
{0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
{0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}
};
int
DES_is_weak_key(DES_cblock *key)
{
int i;
for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) {
if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0)
return 1;
}
return 0;
}
/*
*
*/
int
DES_set_key(DES_cblock *key, DES_key_schedule *ks)
{
uint32_t t1, t2;
uint32_t c, d;
int shifts[16] = { 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1 };
uint32_t *k = &ks->ks[0];
int i;
t1 = (*key)[0] << 24 | (*key)[1] << 16 | (*key)[2] << 8 | (*key)[3];
t2 = (*key)[4] << 24 | (*key)[5] << 16 | (*key)[6] << 8 | (*key)[7];
c = (pc1_c_3[(t1 >> (5 )) & 0x7] << 3)
| (pc1_c_3[(t1 >> (5 + 8 )) & 0x7] << 2)
| (pc1_c_3[(t1 >> (5 + 8 + 8 )) & 0x7] << 1)
| (pc1_c_3[(t1 >> (5 + 8 + 8 + 8)) & 0x7] << 0)
| (pc1_c_4[(t2 >> (4 )) & 0xf] << 3)
| (pc1_c_4[(t2 >> (4 + 8 )) & 0xf] << 2)
| (pc1_c_4[(t2 >> (4 + 8 + 8 )) & 0xf] << 1)
| (pc1_c_4[(t2 >> (4 + 8 + 8 + 8)) & 0xf] << 0);
d = (pc1_d_3[(t2 >> (1 )) & 0x7] << 3)
| (pc1_d_3[(t2 >> (1 + 8 )) & 0x7] << 2)
| (pc1_d_3[(t2 >> (1 + 8 + 8 )) & 0x7] << 1)
| (pc1_d_3[(t2 >> (1 + 8 + 8 + 8)) & 0x7] << 0)
| (pc1_d_4[(t1 >> (1 )) & 0xf] << 3)
| (pc1_d_4[(t1 >> (1 + 8 )) & 0xf] << 2)
| (pc1_d_4[(t1 >> (1 + 8 + 8 )) & 0xf] << 1)
| (pc1_d_4[(t1 >> (1 + 8 + 8 + 8)) & 0xf] << 0);
for (i = 0; i < 16; i++) {
uint32_t kc, kd;
ROTATE_LEFT28(c, shifts[i]);
ROTATE_LEFT28(d, shifts[i]);
kc = pc2_c_1[(c >> 22) & 0x3f] |
pc2_c_2[((c >> 16) & 0x30) | ((c >> 15) & 0xf)] |
pc2_c_3[((c >> 9 ) & 0x3c) | ((c >> 8 ) & 0x3)] |
pc2_c_4[((c >> 2 ) & 0x20) | ((c >> 1) & 0x18) | (c & 0x7)];
kd = pc2_d_1[(d >> 22) & 0x3f] |
pc2_d_2[((d >> 15) & 0x30) | ((d >> 14) & 0xf)] |
pc2_d_3[ (d >> 7 ) & 0x3f] |
pc2_d_4[((d >> 1 ) & 0x3c) | ((d ) & 0x3)];
/* Change to byte order used by the S boxes */
*k = (kc & 0x00fc0000L) << 6;
*k |= (kc & 0x00000fc0L) << 10;
*k |= (kd & 0x00fc0000L) >> 10;
*k++ |= (kd & 0x00000fc0L) >> 6;
*k = (kc & 0x0003f000L) << 12;
*k |= (kc & 0x0000003fL) << 16;
*k |= (kd & 0x0003f000L) >> 4;
*k++ |= (kd & 0x0000003fL);
}
return 0;
}
/*
*
*/
int
DES_set_key_checked(DES_cblock *key, DES_key_schedule *ks)
{
if (DES_is_weak_key(key)) {
memset(ks, 0, sizeof(*ks));
return 1;
}
return DES_set_key(key, ks);
}
/*
* Compatibility function for eay libdes
*/
int
DES_key_sched(DES_cblock *key, DES_key_schedule *ks)
{
return DES_set_key(key, ks);
}
/*
*
*/
static void
load(const unsigned char *b, uint32_t v[2])
{
v[0] = b[0] << 24;
v[0] |= b[1] << 16;
v[0] |= b[2] << 8;
v[0] |= b[3] << 0;
v[1] = b[4] << 24;
v[1] |= b[5] << 16;
v[1] |= b[6] << 8;
v[1] |= b[7] << 0;
}
static void
store(const uint32_t v[2], unsigned char *b)
{
b[0] = (v[0] >> 24) & 0xff;
b[1] = (v[0] >> 16) & 0xff;
b[2] = (v[0] >> 8) & 0xff;
b[3] = (v[0] >> 0) & 0xff;
b[4] = (v[1] >> 24) & 0xff;
b[5] = (v[1] >> 16) & 0xff;
b[6] = (v[1] >> 8) & 0xff;
b[7] = (v[1] >> 0) & 0xff;
}
/*
*
*/
void
DES_encrypt(uint32_t u[2], DES_key_schedule *ks, int forward_encrypt)
{
IP(u);
desx(u, ks, forward_encrypt);
FP(u);
}
/*
*
*/
void
DES_ecb_encrypt(DES_cblock *input, DES_cblock *output,
DES_key_schedule *ks, int forward_encrypt)
{
uint32_t u[2];
load(*input, u);
DES_encrypt(u, ks, forward_encrypt);
store(u, *output);
}
/*
*
*/
void
DES_cbc_encrypt(const void *in, void *out, long length,
DES_key_schedule *ks, DES_cblock *iv, int forward_encrypt)
{
const unsigned char *input = in;
unsigned char *output = out;
uint32_t u[2];
uint32_t uiv[2];
load(*iv, uiv);
if (forward_encrypt) {
while (length >= DES_CBLOCK_LEN) {
load(input, u);
u[0] ^= uiv[0]; u[1] ^= uiv[1];
DES_encrypt(u, ks, 1);
uiv[0] = u[0]; uiv[1] = u[1];
store(u, output);
length -= DES_CBLOCK_LEN;
input += DES_CBLOCK_LEN;
output += DES_CBLOCK_LEN;
}
if (length) {
unsigned char tmp[DES_CBLOCK_LEN];
memcpy(tmp, input, length);
memset(tmp + length, 0, DES_CBLOCK_LEN - length);
load(tmp, u);
u[0] ^= uiv[0]; u[1] ^= uiv[1];
DES_encrypt(u, ks, 1);
store(u, output);
}
} else {
uint32_t t[2];
while (length >= DES_CBLOCK_LEN) {
load(input, u);
t[0] = u[0]; t[1] = u[1];
DES_encrypt(u, ks, 0);
u[0] ^= uiv[0]; u[1] ^= uiv[1];
store(u, output);
uiv[0] = t[0]; uiv[1] = t[1];
length -= DES_CBLOCK_LEN;
input += DES_CBLOCK_LEN;
output += DES_CBLOCK_LEN;
}
if (length) {
unsigned char tmp[DES_CBLOCK_LEN];
memcpy(tmp, input, length);
memset(tmp + length, 0, DES_CBLOCK_LEN - length);
load(tmp, u);
DES_encrypt(u, ks, 0);
u[0] ^= uiv[0]; u[1] ^= uiv[1];
store(u, output);
}
}
uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0;
}
/*
*
*/
void
DES_pcbc_encrypt(const void *in, void *out, long length,
DES_key_schedule *ks, DES_cblock *iv, int forward_encrypt)
{
const unsigned char *input = in;
unsigned char *output = out;
uint32_t u[2];
uint32_t uiv[2];
load(*iv, uiv);
if (forward_encrypt) {
uint32_t t[2];
while (length >= DES_CBLOCK_LEN) {
load(input, u);
t[0] = u[0]; t[1] = u[1];
u[0] ^= uiv[0]; u[1] ^= uiv[1];
DES_encrypt(u, ks, 1);
uiv[0] = u[0] ^ t[0]; uiv[1] = u[1] ^ t[1];
store(u, output);
length -= DES_CBLOCK_LEN;
input += DES_CBLOCK_LEN;
output += DES_CBLOCK_LEN;
}
if (length) {
unsigned char tmp[DES_CBLOCK_LEN];
memcpy(tmp, input, length);
memset(tmp + length, 0, DES_CBLOCK_LEN - length);
load(tmp, u);
u[0] ^= uiv[0]; u[1] ^= uiv[1];
DES_encrypt(u, ks, 1);
store(u, output);
}
} else {
uint32_t t[2];
while (length >= DES_CBLOCK_LEN) {
load(input, u);
t[0] = u[0]; t[1] = u[1];
DES_encrypt(u, ks, 0);
u[0] ^= uiv[0]; u[1] ^= uiv[1];
store(u, output);
uiv[0] = t[0] ^ u[0]; uiv[1] = t[1] ^ u[1];
length -= DES_CBLOCK_LEN;
input += DES_CBLOCK_LEN;
output += DES_CBLOCK_LEN;
}
if (length) {
unsigned char tmp[DES_CBLOCK_LEN];
memcpy(tmp, input, length);
memset(tmp + length, 0, DES_CBLOCK_LEN - length);
load(tmp, u);
DES_encrypt(u, ks, 0);
u[0] ^= uiv[0]; u[1] ^= uiv[1];
}
}
uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0;
}
/*
*
*/
static void
_des3_encrypt(uint32_t u[2], DES_key_schedule *ks1, DES_key_schedule *ks2,
DES_key_schedule *ks3, int forward_encrypt)
{
IP(u);
if (forward_encrypt) {
desx(u, ks1, 1); /* IP + FP cancel out each other */
desx(u, ks2, 0);
desx(u, ks3, 1);
} else {
desx(u, ks3, 0);
desx(u, ks2, 1);
desx(u, ks1, 0);
}
FP(u);
}
/*
*
*/
void
DES_ecb3_encrypt(DES_cblock *input,
DES_cblock *output,
DES_key_schedule *ks1,
DES_key_schedule *ks2,
DES_key_schedule *ks3,
int forward_encrypt)
{
uint32_t u[2];
load(*input, u);
_des3_encrypt(u, ks1, ks2, ks3, forward_encrypt);
store(u, *output);
return;
}
/*
*
*/
void
DES_ede3_cbc_encrypt(const void *in, void *out,
long length, DES_key_schedule *ks1,
DES_key_schedule *ks2, DES_key_schedule *ks3,
DES_cblock *iv, int forward_encrypt)
{
const unsigned char *input = in;
unsigned char *output = out;
uint32_t u[2];
uint32_t uiv[2];
load(*iv, uiv);
if (forward_encrypt) {
while (length >= DES_CBLOCK_LEN) {
load(input, u);
u[0] ^= uiv[0]; u[1] ^= uiv[1];
_des3_encrypt(u, ks1, ks2, ks3, 1);
uiv[0] = u[0]; uiv[1] = u[1];
store(u, output);
length -= DES_CBLOCK_LEN;
input += DES_CBLOCK_LEN;
output += DES_CBLOCK_LEN;
}
if (length) {
unsigned char tmp[DES_CBLOCK_LEN];
memcpy(tmp, input, length);
memset(tmp + length, 0, DES_CBLOCK_LEN - length);
load(tmp, u);
u[0] ^= uiv[0]; u[1] ^= uiv[1];
_des3_encrypt(u, ks1, ks2, ks3, 1);
store(u, output);
}
} else {
uint32_t t[2];
while (length >= DES_CBLOCK_LEN) {
load(input, u);
t[0] = u[0]; t[1] = u[1];
_des3_encrypt(u, ks1, ks2, ks3, 0);
u[0] ^= uiv[0]; u[1] ^= uiv[1];
store(u, output);
uiv[0] = t[0]; uiv[1] = t[1];
length -= DES_CBLOCK_LEN;
input += DES_CBLOCK_LEN;
output += DES_CBLOCK_LEN;
}
if (length) {
unsigned char tmp[DES_CBLOCK_LEN];
memcpy(tmp, input, length);
memset(tmp + length, 0, DES_CBLOCK_LEN - length);
load(tmp, u);
_des3_encrypt(u, ks1, ks2, ks3, 0);
u[0] ^= uiv[0]; u[1] ^= uiv[1];
store(u, output);
}
}
store(uiv, *iv);
uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0;
}
/*
*
*/
void
DES_cfb64_encrypt(const void *in, void *out,
long length, DES_key_schedule *ks, DES_cblock *iv,
int *num, int forward_encrypt)
{
const unsigned char *input = in;
unsigned char *output = out;
unsigned char tmp[DES_CBLOCK_LEN];
uint32_t uiv[2];
load(*iv, uiv);
assert(*num >= 0 && *num < DES_CBLOCK_LEN);
if (forward_encrypt) {
int i = *num;
while (length > 0) {
if (i == 0)
DES_encrypt(uiv, ks, 1);
store(uiv, tmp);
for (; i < DES_CBLOCK_LEN && i < length; i++) {
output[i] = tmp[i] ^ input[i];
}
if (i == DES_CBLOCK_LEN)
load(output, uiv);
output += i;
input += i;
length -= i;
if (i == DES_CBLOCK_LEN)
i = 0;
}
store(uiv, *iv);
*num = i;
} else {
int i = *num;
unsigned char c;
while (length > 0) {
if (i == 0) {
DES_encrypt(uiv, ks, 1);
store(uiv, tmp);
}
for (; i < DES_CBLOCK_LEN && i < length; i++) {
c = input[i];
output[i] = tmp[i] ^ input[i];
(*iv)[i] = c;
}
output += i;
input += i;
length -= i;
if (i == DES_CBLOCK_LEN) {
i = 0;
load(*iv, uiv);
}
}
store(uiv, *iv);
*num = i;
}
}
/*
*
*/
uint32_t
DES_cbc_cksum(const void *in, DES_cblock *output,
long length, DES_key_schedule *ks, DES_cblock *iv)
{
const unsigned char *input = in;
uint32_t uiv[2];
uint32_t u[2] = { 0, 0 };
load(*iv, uiv);
while (length >= DES_CBLOCK_LEN) {
load(input, u);
u[0] ^= uiv[0]; u[1] ^= uiv[1];
DES_encrypt(u, ks, 1);
uiv[0] = u[0]; uiv[1] = u[1];
length -= DES_CBLOCK_LEN;
input += DES_CBLOCK_LEN;
}
if (length) {
unsigned char tmp[DES_CBLOCK_LEN];
memcpy(tmp, input, length);
memset(tmp + length, 0, DES_CBLOCK_LEN - length);
load(tmp, u);
u[0] ^= uiv[0]; u[1] ^= uiv[1];
DES_encrypt(u, ks, 1);
}
if (output)
store(u, *output);
uiv[0] = 0; u[0] = 0; uiv[1] = 0;
return u[1];
}
/*
*
*/
static unsigned char
bitswap8(unsigned char b)
{
unsigned char r = 0;
int i;
for (i = 0; i < 8; i++) {
r = r << 1 | (b & 1);
b = b >> 1;
}
return r;
}
void
DES_string_to_key(const char *str, DES_cblock *key)
{
const unsigned char *s;
unsigned char *k;
DES_key_schedule ks;
size_t i, len;
memset(key, 0, sizeof(*key));
k = *key;
s = (const unsigned char *)str;
len = strlen(str);
for (i = 0; i < len; i++) {
if ((i % 16) < 8)
k[i % 8] ^= s[i] << 1;
else
k[7 - (i % 8)] ^= bitswap8(s[i]);
}
DES_set_odd_parity(key);
if (DES_is_weak_key(key))
k[7] ^= 0xF0;
DES_set_key(key, &ks);
DES_cbc_cksum(s, key, len, &ks, key);
memset(&ks, 0, sizeof(ks));
DES_set_odd_parity(key);
if (DES_is_weak_key(key))
k[7] ^= 0xF0;
}
/*
*
*/
int
DES_read_password(DES_cblock *key, char *prompt, int verify)
{
char buf[512];
int ret;
ret = UI_UTIL_read_pw_string(buf, sizeof(buf) - 1, prompt, verify);
if (ret == 0)
DES_string_to_key(buf, key);
return ret;
}
/*
*
*/
void
_DES_ipfp_test(void)
{
DES_cblock k = "\x01\x02\x04\x08\x10\x20\x40\x80", k2;
uint32_t u[2] = { 1, 0 };
IP(u);
FP(u);
IP(u);
FP(u);
if (u[0] != 1 || u[1] != 0)
abort();
load(k, u);
store(u, k2);
if (memcmp(k, k2, 8) != 0)
abort();
}
/* D3DES (V5.09) -
*
* A portable, public domain, version of the Data Encryption Standard.
*
* Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge.
* Thanks to: Dan Hoey for his excellent Initial and Inverse permutation
* code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis
* Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau,
* for humouring me on.
*
* Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge.
* (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992.
*/
static uint32_t SP1[64] = {
0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L,
0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L,
0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L,
0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L,
0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L,
0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L,
0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L,
0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L,
0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L,
0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L,
0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L,
0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L,
0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L,
0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L,
0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L,
0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L };
static uint32_t SP2[64] = {
0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L,
0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L,
0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L,
0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L,
0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L,
0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L,
0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L,
0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L,
0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L,
0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L,
0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L,
0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L,
0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L,
0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L,
0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L,
0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L };
static uint32_t SP3[64] = {
0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L,
0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L,
0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L,
0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L,
0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L,
0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L,
0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L,
0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L,
0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L,
0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L,
0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L,
0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L,
0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L,
0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L,
0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L,
0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L };
static uint32_t SP4[64] = {
0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L,
0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L,
0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L,
0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L,
0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L,
0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L,
0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L,
0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L,
0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L,
0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L,
0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L,
0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L,
0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L,
0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L };
static uint32_t SP5[64] = {
0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L,
0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L,
0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L,
0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L,
0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L,
0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L,
0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L,
0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L,
0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L,
0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L,
0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L,
0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L,
0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L,
0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L,
0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L,
0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L };
static uint32_t SP6[64] = {
0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L,
0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L,
0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L,
0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L,
0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L,
0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L,
0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L,
0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L,
0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L,
0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L,
0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L,
0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L,
0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L,
0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L,
0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L,
0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L };
static uint32_t SP7[64] = {
0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L,
0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L,
0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L,
0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L,
0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L,
0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L,
0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L,
0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L,
0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L,
0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L,
0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L,
0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L,
0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L,
0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L,
0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L,
0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L };
static uint32_t SP8[64] = {
0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L,
0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L,
0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L,
0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L,
0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L,
0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L,
0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L,
0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L,
0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L,
0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L,
0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L,
0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L,
0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L,
0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L,
0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L,
0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L };
static void
IP(uint32_t v[2])
{
uint32_t work;
work = ((v[0] >> 4) ^ v[1]) & 0x0f0f0f0fL;
v[1] ^= work;
v[0] ^= (work << 4);
work = ((v[0] >> 16) ^ v[1]) & 0x0000ffffL;
v[1] ^= work;
v[0] ^= (work << 16);
work = ((v[1] >> 2) ^ v[0]) & 0x33333333L;
v[0] ^= work;
v[1] ^= (work << 2);
work = ((v[1] >> 8) ^ v[0]) & 0x00ff00ffL;
v[0] ^= work;
v[1] ^= (work << 8);
v[1] = ((v[1] << 1) | ((v[1] >> 31) & 1L)) & 0xffffffffL;
work = (v[0] ^ v[1]) & 0xaaaaaaaaL;
v[0] ^= work;
v[1] ^= work;
v[0] = ((v[0] << 1) | ((v[0] >> 31) & 1L)) & 0xffffffffL;
}
static void
FP(uint32_t v[2])
{
uint32_t work;
v[0] = (v[0] << 31) | (v[0] >> 1);
work = (v[1] ^ v[0]) & 0xaaaaaaaaL;
v[1] ^= work;
v[0] ^= work;
v[1] = (v[1] << 31) | (v[1] >> 1);
work = ((v[1] >> 8) ^ v[0]) & 0x00ff00ffL;
v[0] ^= work;
v[1] ^= (work << 8);
work = ((v[1] >> 2) ^ v[0]) & 0x33333333L;
v[0] ^= work;
v[1] ^= (work << 2);
work = ((v[0] >> 16) ^ v[1]) & 0x0000ffffL;
v[1] ^= work;
v[0] ^= (work << 16);
work = ((v[0] >> 4) ^ v[1]) & 0x0f0f0f0fL;
v[1] ^= work;
v[0] ^= (work << 4);
}
static void
desx(uint32_t block[2], DES_key_schedule *ks, int forward_encrypt)
{
uint32_t *keys;
uint32_t fval, work, right, left;
int round;
left = block[0];
right = block[1];
if (forward_encrypt) {
keys = &ks->ks[0];
for( round = 0; round < 8; round++ ) {
work = (right << 28) | (right >> 4);
work ^= *keys++;
fval = SP7[ work & 0x3fL];
fval |= SP5[(work >> 8) & 0x3fL];
fval |= SP3[(work >> 16) & 0x3fL];
fval |= SP1[(work >> 24) & 0x3fL];
work = right ^ *keys++;
fval |= SP8[ work & 0x3fL];
fval |= SP6[(work >> 8) & 0x3fL];
fval |= SP4[(work >> 16) & 0x3fL];
fval |= SP2[(work >> 24) & 0x3fL];
left ^= fval;
work = (left << 28) | (left >> 4);
work ^= *keys++;
fval = SP7[ work & 0x3fL];
fval |= SP5[(work >> 8) & 0x3fL];
fval |= SP3[(work >> 16) & 0x3fL];
fval |= SP1[(work >> 24) & 0x3fL];
work = left ^ *keys++;
fval |= SP8[ work & 0x3fL];
fval |= SP6[(work >> 8) & 0x3fL];
fval |= SP4[(work >> 16) & 0x3fL];
fval |= SP2[(work >> 24) & 0x3fL];
right ^= fval;
}
} else {
keys = &ks->ks[30];
for( round = 0; round < 8; round++ ) {
work = (right << 28) | (right >> 4);
work ^= *keys++;
fval = SP7[ work & 0x3fL];
fval |= SP5[(work >> 8) & 0x3fL];
fval |= SP3[(work >> 16) & 0x3fL];
fval |= SP1[(work >> 24) & 0x3fL];
work = right ^ *keys++;
fval |= SP8[ work & 0x3fL];
fval |= SP6[(work >> 8) & 0x3fL];
fval |= SP4[(work >> 16) & 0x3fL];
fval |= SP2[(work >> 24) & 0x3fL];
left ^= fval;
work = (left << 28) | (left >> 4);
keys -= 4;
work ^= *keys++;
fval = SP7[ work & 0x3fL];
fval |= SP5[(work >> 8) & 0x3fL];
fval |= SP3[(work >> 16) & 0x3fL];
fval |= SP1[(work >> 24) & 0x3fL];
work = left ^ *keys++;
fval |= SP8[ work & 0x3fL];
fval |= SP6[(work >> 8) & 0x3fL];
fval |= SP4[(work >> 16) & 0x3fL];
fval |= SP2[(work >> 24) & 0x3fL];
right ^= fval;
keys -= 4;
}
}
block[0] = right;
block[1] = left;
}

124
lib/hcrypto/des.h Normal file
View File

@@ -0,0 +1,124 @@
/*
* Copyright (c) 2005 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
#ifndef _DESperate_H
#define _DESperate_H 1
/* symbol renaming */
#define DES_set_odd_parity hc_DES_set_odd_parity
#define DES_is_weak_key hc_DES_is_weak_key
#define DES_key_sched hc_DES_key_sched
#define DES_set_key hc_DES_set_key
#define DES_set_key_checked hc_DES_set_key_checked
#define DES_set_key_sched hc_DES_set_key_sched
#define DES_new_random_key hc_DES_new_random_key
#define DES_string_to_key hc_DES_string_to_key
#define DES_read_password hc_DES_read_password
#define DES_rand_data hc_DES_rand_data
#define DES_set_random_generator_seed hc_DES_set_random_generator_seed
#define DES_generate_random_block hc_DES_generate_random_block
#define DES_set_sequence_number hc_DES_set_sequence_number
#define DES_init_random_number_generator hc_DES_init_random_number_generator
#define DES_random_key hc_DES_random_key
#define DES_encrypt hc_DES_encrypt
#define DES_ecb_encrypt hc_DES_ecb_encrypt
#define DES_ecb3_encrypt hc_DES_ecb3_encrypt
#define DES_pcbc_encrypt hc_DES_pcbc_encrypt
#define DES_cbc_encrypt hc_DES_cbc_encrypt
#define DES_cbc_cksum hc_DES_cbc_cksum
#define DES_ede3_cbc_encrypt hc_DES_ede3_cbc_encrypt
#define DES_cfb64_encrypt hc_DES_cfb64_encrypt
#define _DES_ipfp_test _hc_DES_ipfp_test
/*
*
*/
#define DES_CBLOCK_LEN 8
#define DES_KEY_SZ 8
#define DES_ENCRYPT 1
#define DES_DECRYPT 0
typedef unsigned char DES_cblock[DES_CBLOCK_LEN];
typedef struct DES_key_schedule
{
uint32_t ks[32];
} DES_key_schedule;
/*
*
*/
int DES_set_odd_parity(DES_cblock *);
int DES_is_weak_key(DES_cblock *);
int DES_set_key(DES_cblock *, DES_key_schedule *);
int DES_set_key_checked(DES_cblock *, DES_key_schedule *);
int DES_key_sched(DES_cblock *, DES_key_schedule *);
int DES_new_random_key(DES_cblock *);
void DES_string_to_key(const char *, DES_cblock *);
int DES_read_password(DES_cblock *, char *, int);
void DES_rand_data(void *, int);
void DES_set_random_generator_seed(DES_cblock *);
void DES_generate_random_block(DES_cblock *);
void DES_set_sequence_number(void *);
void DES_init_random_number_generator(DES_cblock *);
void DES_random_key(DES_cblock *);
void DES_encrypt(uint32_t [2], DES_key_schedule *, int);
void DES_ecb_encrypt(DES_cblock *, DES_cblock *, DES_key_schedule *, int);
void DES_ecb3_encrypt(DES_cblock *,DES_cblock *, DES_key_schedule *,
DES_key_schedule *, DES_key_schedule *, int);
void DES_pcbc_encrypt(const void *, void *, long,
DES_key_schedule *, DES_cblock *, int);
void DES_cbc_encrypt(const void *, void *, long,
DES_key_schedule *, DES_cblock *, int);
void DES_ede3_cbc_encrypt(const void *, void *, long,
DES_key_schedule *, DES_key_schedule *,
DES_key_schedule *, DES_cblock *, int);
void DES_cfb64_encrypt(const void *, void *, long,
DES_key_schedule *, DES_cblock *, int *, int);
uint32_t DES_cbc_cksum(const void *, DES_cblock *,
long, DES_key_schedule *, DES_cblock *);
void _DES_ipfp_test(void);
#endif /* _DESperate_H */

589
lib/hcrypto/destest.c Normal file
View File

@@ -0,0 +1,589 @@
/*
* Copyright (c) 2005 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
RCSID("$Id$");
#endif
#ifdef KRB5
#include <krb5-types.h>
#endif
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <err.h>
#include "des.h"
static void
ecb_test(char key[8], char in[8], char out[8])
{
unsigned char k[8], indata[8], outdata[8], outdata2[8], ansdata[8];
DES_key_schedule s;
memcpy(k, key, 8);
DES_set_odd_parity(&k);
memcpy(indata, in, 8);
memcpy(ansdata, out, 8);
DES_set_key(&k, &s);
DES_ecb_encrypt(&indata, &outdata, &s, 1);
if (memcmp(outdata, ansdata, sizeof(ansdata)) != 0)
errx(1, "des: encrypt");
DES_ecb_encrypt(&outdata, &outdata2, &s, 0);
if (memcmp(indata, outdata2, sizeof(outdata2)) != 0)
errx(1, "des: decrypt");
}
static void
ebc3_test(char key1[8], char key2[8], char key3[8], char in[8], char out[8])
{
unsigned char k1[8], k2[8], k3[8],
indata[8], outdata[8], outdata2[8], ansdata[8];
DES_key_schedule s1, s2, s3;
memcpy(k1, key1, 8);
memcpy(k2, key2, 8);
memcpy(k3, key3, 8);
memcpy(indata, in, 8);
memcpy(ansdata, out, 8);
DES_set_key(&k1, &s1);
DES_set_key(&k2, &s2);
DES_set_key(&k3, &s3);
DES_ecb3_encrypt(&indata, &outdata, &s1, &s2, &s3, 1);
if (memcmp(outdata, ansdata, sizeof(ansdata)) != 0)
errx(1, "des3: encrypt");
DES_ecb3_encrypt(&outdata, &outdata2, &s1, &s2, &s3, 0);
if (memcmp(indata, outdata2, sizeof(outdata2)) != 0)
errx(1, "des3: decrypt");
}
static void
cbc_test(char key1[8], char iv[8], char in[24], char out[24])
{
unsigned char k1[8],
indata[24], outdata[24], outdata2[24], ansdata[24];
DES_key_schedule s1;
DES_cblock ivdata;
memcpy(k1, key1, 8);
memcpy(ivdata, iv, 8);
memcpy(indata, in, 24);
memcpy(ansdata, out, 24);
DES_set_key(&k1, &s1);
DES_cbc_encrypt(indata, outdata, 24, &s1, &ivdata, 1);
if (memcmp(outdata, ansdata, sizeof(ansdata)) != 0)
errx(1, "cbc: encrypt");
DES_cbc_encrypt(outdata, outdata2, 24, &s1, &ivdata, 0);
if (memcmp(indata, outdata2, sizeof(outdata2)) != 0)
errx(1, "cbc: decrypt");
}
static void
cfb64_test(char key1[8], char iv[8], char in[23], char out[23])
{
unsigned char k1[8],
indata[23], outdata[23], outdata2[23], ansdata[23];
DES_key_schedule s1;
DES_cblock ivdata;
int num;
memcpy(k1, key1, 8);
memcpy(indata, in, 23);
memcpy(ansdata, out, 23);
DES_set_key(&k1, &s1);
num = 0;
memcpy(ivdata, iv, 8);
DES_cfb64_encrypt(indata, outdata, 23, &s1, &ivdata, &num, 1);
if (memcmp(outdata, ansdata, sizeof(ansdata)) != 0)
errx(1, "cfb64: encrypt");
num = 0;
memcpy(ivdata, iv, 8);
DES_cfb64_encrypt(outdata, outdata2, 23, &s1, &ivdata, &num, 0);
if (memcmp(indata, outdata2, sizeof(outdata2)) != 0)
errx(1, "cfb64: decrypt");
}
static void
cbc3_test(char key1[8], char key2[8], char key3[8],
char iv[8], char in[24], char out[24])
{
unsigned char k1[8], k2[8], k3[8],
indata[24], outdata[24], outdata2[24], ansdata[24];
DES_key_schedule s1, s2, s3;
DES_cblock ivdata, ivec_copy;
memcpy(k1, key1, 8);
memcpy(k2, key2, 8);
memcpy(k3, key3, 8);
memcpy(ivdata, iv, 8);
memcpy(indata, in, 24);
memcpy(ansdata, out, 24);
DES_set_key(&k1, &s1);
DES_set_key(&k2, &s2);
DES_set_key(&k3, &s3);
memcpy(&ivec_copy, &ivdata, sizeof(ivec_copy));
DES_ede3_cbc_encrypt(indata, outdata, 24,
&s1, &s2, &s3, &ivec_copy, 1);
if (memcmp(outdata, ansdata, sizeof(ansdata)) != 0)
errx(1, "cbc3: encrypt");
memcpy(&ivec_copy, &ivdata, sizeof(ivec_copy));
DES_ede3_cbc_encrypt(outdata, outdata2, 24,
&s1, &s2, &s3, &ivec_copy, 0);
if (memcmp(indata, outdata2, sizeof(outdata2)) != 0)
errx(1, "cbc3: decrypt");
}
static void
pcbc_test(char key1[8], char iv[8], char in[24], char out[24])
{
unsigned char k1[8],
indata[24], outdata[24], outdata2[24], ansdata[24];
DES_key_schedule s1;
DES_cblock ivdata;
memcpy(k1, key1, 8);
memcpy(ivdata, iv, 8);
memcpy(indata, in, 24);
memcpy(ansdata, out, 24);
DES_set_key(&k1, &s1);
DES_pcbc_encrypt(indata, outdata, 24, &s1, &ivdata, 1);
if (memcmp(outdata, ansdata, sizeof(ansdata)) != 0)
errx(1, "pcbc: encrypt");
DES_pcbc_encrypt(outdata, outdata2, 24, &s1, &ivdata, 0);
if (memcmp(indata, outdata2, sizeof(outdata2)) != 0)
errx(1, "pcbc: decrypt");
}
static void
cbc_cksum(char key1[8], char iv[8], char *in, size_t len,
uint32_t ret, char out[8])
{
unsigned char k1[8], indata[24], ansdata[8];
DES_key_schedule s1;
DES_cblock ivdata, outdata;
uint32_t r;
memcpy(k1, key1, 8);
memcpy(ivdata, iv, 8);
memcpy(indata, in, len);
memcpy(ansdata, out, 8);
DES_set_key(&k1, &s1);
r = DES_cbc_cksum(indata, &outdata, len, &s1, &ivdata);
if (ret != r)
errx(1, "cbc_cksum: cksum error");
if (memcmp(outdata, ansdata, sizeof(ansdata)) != 0)
errx(1, "cbc_cksum: checksum");
}
static void
s2k(char *password, const char *salt, char akey[8])
{
DES_cblock k;
size_t l = strlen(password) + strlen(salt);
char *pw = malloc(l + 1);
strcpy(pw, password);
strcat(pw, salt);
DES_string_to_key(pw, &k);
if (memcmp(akey, &k, 8) != 0)
errx(1, "key wrong for '%s'", pw);
free(pw);
}
/*
*
*/
int
main(int argc, char **argv)
{
_DES_ipfp_test();
ecb_test("\x31\x16\xe3\x57\x97\xa8\x68\xe5",
"\xbb\xe4\x48\x6e\xdf\x9a\x05\x4f",
"\xa8\x82\xa0\x15\x76\xeb\xfd\xc7");
ecb_test("\xfe\x4a\x19\xa1\x45\xa7\xb9\xd0",
"\x2a\x67\x3c\x07\x59\x4d\xde\xb8",
"\x9d\x61\xd5\x1c\xd7\xd0\xd3\x8b");
ecb_test("\xbf\x13\x25\xec\xa4\xbc\x1a\x54",
"\x16\xa5\xd9\x30\x0f\x55\x20\x71",
"\x04\x44\x6c\xe0\x32\x32\x78\xd2");
ebc3_test("\x7c\x2f\x79\xd5\xb5\x37\x01\xcb",
"\xb9\xbc\x86\xea\x04\x45\xab\x2c",
"\x19\x1c\xcd\x83\x8a\x29\x97\x3e",
"\x87\x03\x59\xdd\xf4\xc6\xeb\xb7",
"\xcc\x72\x66\x85\xed\xa2\xee\x09");
ebc3_test("\x10\x34\x32\x4c\xc4\x9b\x57\x5b",
"\xb0\x6e\xb6\x26\xd6\x52\x2c\x15",
"\xa7\x64\xf8\x20\xc1\x89\x73\xc1",
"\x37\xa4\xad\x4d\x76\xee\x7c\x02",
"\xdf\xb9\x2b\x99\x59\x71\xc4\x89");
ebc3_test("\xf8\xa7\xfd\xe6\x6d\x73\x34\x26",
"\x4c\xbf\x40\x5d\x5d\xf4\x31\xef",
"\x04\xdf\xf2\x58\xd0\x5e\x54\x68",
"\x44\x2a\xa2\x19\xbd\x0a\x2b\x61",
"\x17\x26\x39\xd5\xd5\xd9\x40\x71");
ebc3_test("\x13\x5e\x23\x07\x2c\x16\x0d\x25",
"\x64\x6d\x2f\xe0\x68\xa8\x16\x75",
"\x7c\x7c\x19\x64\xbc\xae\xe0\x0e",
"\x7b\x8c\x76\x76\xb0\x95\x7f\xed",
"\xe2\x6e\x05\x1d\xdc\x74\xc1\xb7");
ebc3_test("\xbc\x92\x32\xb6\x68\x0d\x73\x19",
"\x70\xef\x98\x19\xe9\xec\x04\x1c",
"\x02\x4c\x75\x08\xce\xc4\x34\x16",
"\x73\xab\x28\x69\x6a\x20\x2f\x99",
"\x3b\xb1\x2d\xb6\x21\x0a\x44\xca");
ebc3_test("\x01\x98\x16\xea\x85\xd5\x3b\x8a",
"\x73\x23\xb5\x49\xd9\x10\x5b\xea",
"\xb6\xc4\xce\xc4\x89\x92\x0e\x15",
"\xd9\x35\xcf\x21\x47\x7b\xdf\xb5",
"\xa1\x71\x57\x1f\x1e\x84\x08\xac");
ebc3_test("\x58\x6d\xbc\x04\x70\x4f\xe6\x3e",
"\xcd\x76\x26\x01\xae\xce\x0b\xe5",
"\xf2\x4f\x64\x16\x8f\x0d\x4f\x6b",
"\xa7\x0d\xa0\x56\xa0\x8b\x2a\x77",
"\xe5\x12\x9b\x8a\x92\xc8\xdd\xe1");
ebc3_test("\x40\xd6\xad\x43\x52\x23\xa7\xcd",
"\x04\x19\xae\x94\xce\x46\x31\xd3",
"\x45\x6e\x3b\xb5\x4f\x37\x5e\x9d",
"\xbd\xb0\x60\x75\x91\x02\x48\xf4",
"\xb5\xa1\xe6\x4b\x4e\xa3\x8c\x4b");
ebc3_test("\x91\xab\x80\x9b\x97\xf4\x58\x5e",
"\xc2\x68\x46\x61\x9e\x04\xa1\x29",
"\xc7\xe5\x5b\x32\xcb\x43\xc8\xa4",
"\x31\x38\x90\x1c\xc8\x78\x12\x50",
"\xf8\x65\xae\xa1\xdf\x4e\xbf\xa8");
cbc_test("\x57\x98\x7a\x8a\x29\x7c\xc1\xad",
"\xe1\x28\x69\x58\xd6\x91\x9f\x4e",
"\xa0\x11\x1a\xdd\xeb\x62\xb8\x9e\x28\x08\x6e\x0b\x6d\x6d\x57\x31\x1b\x4c\x82\x4c\xc3\x19\xe0\x93",
"\x42\xa5\x2f\x26\xbb\x92\x3a\x6b\x64\xe0\x3b\x1a\x33\x5a\x9c\x2b\xc8\xd9\x41\x37\x8d\x3e\x58\xbf");
cbc_test("\x23\xd6\xec\x86\x86\x4f\x02\xcd",
"\xfe\x8e\xa4\x07\x35\x41\x14\x99",
"\xe3\xc2\x5d\x6e\x81\xae\xa0\xe8\xc8\xdd\xd2\x0d\xf4\x26\x90\x10\xca\x8c\x07\x58\xb2\x17\xcc\x1a",
"\x97\xb9\xbc\xa6\xd1\x98\xc1\x7f\x4b\xac\x61\x8a\x16\xec\x1f\xee\x28\x6f\xe8\x25\xf0\x41\xbc\xde");
cbc_test("\x07\xe5\xc8\x52\xba\x3d\xef\xcd",
"\xa9\x21\x3e\x84\x44\x7c\xce\x1a",
"\xfc\x03\x72\x30\xb0\xcb\xe8\x99\x21\x54\x4d\xfa\x86\xdd\x99\xe1\x96\xe7\x7c\xb5\xbd\x5b\x6f\xd0",
"\x27\x76\x66\x62\x1f\xcf\x48\xdb\x15\x11\x73\x8b\xe0\xc9\xbd\x2b\x40\xae\x0c\x35\xeb\x93\xa3\x1c");
cbc_test("\xef\x2f\x07\xd6\x2f\x70\x4f\x68",
"\x16\x1e\xaf\x87\x3a\x83\x9f\x33",
"\xb8\x4c\xb3\xbf\xfa\x5d\xa9\xc7\x1c\x15\x8d\x39\xf2\x29\xf5\x5a\x3d\x21\x0d\x61\x05\xaa\x48\x92",
"\x51\x85\x2f\xad\x67\xb6\x0a\x15\xb8\x73\x15\xf1\x79\x9d\xed\xf5\x6c\x11\x22\xe5\x48\x51\xab\xae");
cbc_test("\xd0\x2c\x68\xc1\xe6\xb0\x76\x98",
"\xc7\x4f\x31\xa9\x5d\xd5\x5b\xcc",
"\x9d\x4b\x2a\x54\x60\xf1\xb0\x10\x34\x87\xdc\x25\xa5\x80\x6c\x4d\x0c\x7f\x53\x37\x58\x42\xc7\x26",
"\x79\xc5\xf0\x21\x0d\x7a\x38\xc0\x66\x9a\x07\x2f\xa4\x9c\x1f\xbb\x66\x4d\x6c\x86\x5b\x47\x44\x60");
cbc_test("\xd6\xe3\x75\x92\xb0\x8f\x45\x70",
"\xdc\xc6\xab\x3e\xf2\x7e\x13\xd6",
"\x38\x57\x27\x0a\xef\x74\x94\x82\x92\xfa\x28\xed\xff\x24\x1e\x0e\x8f\xaa\x9e\x24\x2f\x41\x65\x78",
"\x1d\xcc\x07\x55\xe8\xea\xd1\x08\x55\x11\x72\xfe\xdb\xdf\xa0\xc9\xb6\x3a\x2e\xdf\xf0\x67\xd3\xf4");
cbc_test("\xb3\xbc\xb5\x61\x04\xda\x1a\x34",
"\x8e\x4e\xa5\x8a\xeb\x6a\xea\xbb",
"\x72\x73\x51\xe0\x58\xc5\x2e\xe1\x64\x10\x05\x59\x64\x70\x3f\xbe\x43\xa2\xed\x7a\x5d\x1b\x9c\xc7",
"\xa6\xb2\xf2\xea\x96\x62\xfb\x2f\x2a\x6a\xa1\x2f\x8e\xe1\x12\xd2\xe4\x82\x4c\xc1\x00\x74\x9c\x8f");
cbc_test("\x8f\xdf\x01\x89\xfe\x13\x9b\x2c",
"\x66\x18\xf8\x80\xa1\x3b\x1b\x91",
"\x32\xdb\xae\xa7\x3b\x77\xb2\x6e\xcc\xa5\xa1\x2e\x15\x19\x49\x83\x2f\xfb\x94\xcc\xd1\xa1\x4b\x02",
"\x47\x31\xca\x04\x4d\x1a\x24\x39\xda\x71\xc5\xb8\x7f\xea\x79\xf5\x43\xa6\x53\x15\x78\x84\x34\x75");
cbc_test("\xe5\x34\xb6\x75\x68\x07\x70\x85",
"\x73\x98\x29\xf7\x7a\xe7\xe7\xb7",
"\x9c\x9e\x4c\xa6\x62\x21\xc4\x15\x47\x43\xd5\xf2\x3a\xf3\xfd\xb5\x53\xa7\x16\x9e\xa6\x4f\x0d\xac",
"\x81\x2d\xa4\x99\x60\xbf\x9c\xf4\x46\x1d\xee\xc6\xb0\xe1\x4a\x29\xea\xfd\xce\x4b\xa1\x45\x93\x7b");
cbc3_test("\x61\xcb\x8c\xb0\x32\x2a\xc2\x5d",
"\x98\xe3\x49\xc1\x0d\xb5\x67\xce",
"\xf2\x43\x10\x61\x85\x6b\xa7\x15",
"\x65\xf5\x8f\x1a\x2b\x33\xf2\xb5",
"\x8c\x06\xe0\x60\x68\x25\x9c\x95\x81\x46\xda\x41\x9d\xa8\x9c\x49\x2f\xee\x33\x35\x95\x11\xbd\xa0",
"\x93\x27\xed\xc7\x35\xb9\xe5\x3c\x7b\x10\x3e\x39\x01\x41\x61\x04\xe7\xf2\xd9\x63\x96\xca\x57\xf1");
cbc3_test("\x15\x61\x6b\x76\xae\x0e\x98\x01",
"\x76\xce\x9d\x94\xa7\xe3\x73\xa4",
"\x19\xd9\x15\x98\x9b\xba\x83\x40",
"\x60\xef\xc2\xc6\xa2\x40\x01\xc7",
"\x8b\x4d\xf4\x37\xad\x1c\xc2\x4e\xcc\xc4\x4b\x17\x67\xf7\xfa\xec\xf8\x94\x6f\x7a\x84\x56\x81\x09",
"\x68\xdf\x82\xcb\xd9\xcd\x3d\xca\x12\x0e\x2e\x39\xba\xf7\x5a\x8c\x41\xbd\x6f\x9d\x85\xfe\x1b\x1d");
cbc3_test("\xd5\x2a\x4f\xa4\x13\x9e\x73\x15",
"\x6d\x75\xa8\x15\x07\xd3\x7c\x79",
"\xd5\xe0\xa7\x91\xf8\xf2\x9d\xcd",
"\x4c\xdb\x56\xb8\x6f\x0e\x2a\x59",
"\xbe\x64\x20\x24\x7d\x2b\x6b\xf4\xd9\xc0\xa0\x9b\x8d\x88\x6e\x50\x6f\xf8\xb6\x4a\x7e\x52\x52\x93",
"\x01\x83\x75\x7b\xd6\x03\xff\xd8\xe9\x6d\x6c\x92\x24\x25\x35\xfa\x43\x4c\x40\xff\xec\xb0\x8b\x50");
cbc3_test("\x02\xad\x13\x31\xd5\xd6\xef\x7c",
"\x86\x3e\x02\xce\x94\x97\x37\xba",
"\x01\x07\x20\x04\xf8\x92\xb6\xb3",
"\x26\x79\x1b\xef\x90\x54\xd6\xc1",
"\x55\xee\xea\x81\x42\x8b\xbf\xfb\x6c\x14\xec\xbd\xba\x55\x0d\xc4\xd2\xd6\xf0\xea\xd1\x03\xde\x5b",
"\x69\x49\xc5\x48\x4f\xda\x03\x90\x84\xef\x86\xd2\x98\xa7\xae\xfa\x17\x35\x7e\x06\xbd\xd3\x51\x0b");
cbc3_test("\x3d\x9b\xae\x5b\x7f\x91\x85\xe0",
"\xdf\x07\xb3\xdf\x97\x0b\x43\x80",
"\xe3\x46\x58\xd9\x68\x79\xb3\xae",
"\xd4\x27\xee\x5d\x73\xb1\x82\xf5",
"\x44\x86\x9a\xa6\x79\x2d\x9e\x94\x11\x6c\x7b\xc6\xe8\xef\x63\x95\x71\xc6\x62\x20\x43\x87\xaf\x65",
"\xc2\xf5\xbc\x91\xc5\x7c\x69\xb2\x05\xcc\x28\x92\xc1\x96\x5a\xc2\xcb\x0c\x71\xc7\x51\x7d\x0c\xcc");
cbc3_test("\x43\x8c\x23\x92\xd5\x92\x67\xfb",
"\x5b\x5e\xb0\x31\x1c\x9d\x5d\x10",
"\x8a\xa2\x16\x64\xd6\xa4\xc4\x5b",
"\x06\xc5\xdd\xa3\x4a\x2b\x37\xb7",
"\x99\xd5\x76\xee\x7c\x4d\xcc\x18\x39\x78\x16\x7c\xcc\x1a\x0a\x27\xdb\xf1\x5f\xe1\x87\x86\xb7\x2c",
"\x91\xbe\xaf\x79\xd0\x14\x7c\x05\x60\x1c\x7e\xd6\x22\x15\xac\xed\xf3\x78\xa5\xc7\x52\xa0\x60\x49");
cbc3_test("\x80\xc2\x86\x7a\x51\x45\x29\x1c",
"\xc7\xfd\xad\xd0\x7c\x4a\xd0\x3e",
"\xe6\x89\x98\xfe\x01\x67\x20\x89",
"\x5c\x23\xe4\x26\x82\x27\xad\xeb",
"\xa1\x38\x4e\xf1\x07\x1a\xdd\x25\x47\xe6\xda\x9d\xa9\xfe\x98\x55\x05\x95\x75\xc2\x59\x18\xcf\xf1",
"\x36\x58\xea\xc5\xf8\x41\xa7\x49\xe8\x22\x75\xfe\xb6\x8b\xdd\x0d\xf0\x66\x42\xe6\x84\x23\x29\xff");
cbc3_test("\xbc\x68\x54\x85\x2c\xc1\xe0\x07",
"\x7c\x6e\x34\x04\x6b\x91\xc4\x54",
"\x9d\xa4\xda\xa1\xda\x6d\xdc\xd3",
"\x1c\x3d\xa9\x41\xa2\xe5\xff\x8a",
"\x0a\x58\xff\x5a\xec\xc1\x7e\x94\x24\xf4\x4f\xdc\x5b\x29\xe2\x78\x62\x8a\xd2\xe2\xd7\x45\x54\x17",
"\x80\x68\xa6\xed\x87\x40\xd5\x32\xd2\xb8\x32\x61\x35\xae\xae\xf7\x14\x1f\x98\xdb\xba\x21\x4f\x9f");
cbc3_test("\xa1\x2a\x7a\x67\xfe\xea\xd3\xe3",
"\x70\xe5\xd5\x4c\xf1\xce\x4c\x26",
"\x75\x4c\x85\x16\xb5\xc8\x07\xe9",
"\x4c\xa4\xb5\xdd\x86\x86\x70\x5a",
"\x0d\x07\xfd\x23\xc1\x1d\x65\xd8\xb2\x79\xb8\xa3\xc5\x8e\x47\xbe\x0f\xed\x7b\x15\x43\xe9\x7c\x5e",
"\xde\x17\xfe\x05\x43\x80\x85\xd0\x9c\x60\xe0\xbe\x8d\xa2\x65\x0e\x63\x02\x72\xb6\xf3\x7d\xda\x90");
pcbc_test("\xe3\xf2\xb0\x26\x7c\x4a\x94\x80",
"\x40\x08\x4c\x44\xa3\xb5\xf7\x97",
"\xe7\xbd\x54\xa1\xbb\x48\x67\xcd\xe0\xee\xff\x8d\x3d\x25\x2b\xf0\x61\x48\xbe\xf2\x63\x5d\xce\x4a",
"\xf5\xe9\x48\xdc\xb8\x61\x39\xa9\x90\x27\xec\x09\x23\x50\xe0\xa9\x78\xb2\x1c\x29\x3c\xa7\x6c\x88");
pcbc_test("\xfd\x54\x2a\x5b\x97\xa4\x5b\x52",
"\x37\x36\x6e\x22\x7e\x66\x08\x8c",
"\xe4\x2d\x81\x88\x86\xb2\x44\x55\x80\x3d\x3c\xbd\x42\x9f\x5d\xdb\x4b\x63\x23\x1c\x31\x13\xa6\x0f",
"\x9c\x9f\x65\x05\x79\x91\x71\x96\x82\x2a\xc0\xe5\xa0\x6f\x71\xab\x68\x32\xd4\xd7\x5e\x38\x38\xf6");
pcbc_test("\x25\x91\x08\xe5\x57\x85\xb6\x20",
"\x47\x6e\xbe\x9f\xb9\x6b\x55\xe9",
"\x44\xfd\xdd\x42\x07\x99\xf0\x8f\xdb\xa5\x14\x1e\x76\x07\x90\x5b\x29\x10\x21\xb9\x7e\xac\xc7\x77",
"\x88\x4f\xdc\x6e\x37\x5e\x4e\xac\x8d\x3f\x9d\xd1\x82\x51\x65\xf5\xf9\x08\xa7\xac\x01\x61\x19\x85");
pcbc_test("\x6d\x43\xc7\x9d\x6b\x97\x64\x40",
"\x56\xfb\xcb\xb3\x97\xb5\x70\x13",
"\x54\x67\xa9\x42\x86\x85\x81\x8f\xb4\x72\xa2\x5f\x2d\x90\xbb\x5c\xb5\xb9\x9b\x71\x8f\x2b\xae\x05",
"\x2c\xd1\x63\x6f\x11\x1d\x5e\x40\x8c\x47\x49\x12\x31\x48\xb7\x12\x4c\xc1\x6a\xaf\x0e\x33\x11\xe1");
pcbc_test("\x3b\xa2\xbc\xd5\x5d\x9d\xdf\x73",
"\x43\xb7\x26\x71\xce\x6d\x97\xac",
"\x4e\xf6\x7d\xd7\xfc\x6b\x35\x54\xae\xc9\xfe\xf7\xb7\x1e\x47\xa5\x61\x44\x50\xb3\xe4\xe8\x7d\xdc",
"\x4d\xda\xbd\xad\xc4\xde\xdc\xf4\xfc\xbd\xfc\xa7\xbd\xe4\x7e\x73\x28\xc5\x5c\xd0\x9a\x35\x39\xa6");
pcbc_test("\x46\x9e\xda\xdf\x0d\x97\x8a\xd3",
"\x6c\x9f\xdf\xc0\x48\x3b\xa5\x17",
"\xb9\xd8\x99\x61\x67\xf3\xec\xa9\xc1\x29\xa3\x8b\x63\xe2\xc2\x28\xaf\x56\x2d\x39\x1d\xeb\x7c\xbc",
"\x70\x5d\xd4\x54\x90\xb9\x6c\x0c\x93\x96\x6a\x4a\x4e\xb8\x80\xce\xb3\xcd\x64\xa7\x6c\xb2\xe4\xc9");
pcbc_test("\x31\x89\x51\x38\x2f\x97\xfe\xef",
"\x17\xdc\xf8\xde\xcc\x8f\x40\x3e",
"\xef\xcf\xe9\x9e\x11\xd8\x35\xdf\x58\x11\xd0\x0a\x68\xce\xe1\x6b\xb5\xca\x68\x47\xb7\xb9\x9a\x34",
"\x3a\x93\x47\x3c\x1b\xa9\xeb\x88\x13\xfd\x1b\xd8\x76\xb5\xd3\xe2\xb8\x83\x10\x56\x68\xab\xe1\x28");
pcbc_test("\xba\x1c\x70\x94\x62\x10\x19\xda",
"\x7a\x8b\xc0\x9e\x00\xbb\x7e\xcb",
"\x30\x74\x6b\xa6\xd6\x07\xae\x44\xd6\x5c\xe6\x18\x97\x90\xaa\x08\xcb\xa8\xf4\x8b\xea\x8b\x4f\xe6",
"\x0a\x77\x24\x7c\xcd\xf8\x06\x01\x20\x02\x14\x33\xd6\xf4\x4e\x89\xc0\x38\x65\x44\x6b\x9c\x92\x16");
pcbc_test("\xfe\x97\xf2\x6d\x8f\x0d\x86\x94",
"\x30\x8a\x7d\x9b\xf4\x28\x6e\x84",
"\x82\xb0\x9b\x42\xf6\xdc\x38\x41\x41\x03\x60\x28\x7f\x90\x08\x8b\x6c\x55\xe7\x76\xcd\xa7\xae\xbc",
"\x35\x0b\xf1\xc0\x56\x64\x6f\x7b\x3e\x1f\xd1\x90\xbd\xda\x10\xb1\xd1\x49\xc6\x62\x5f\xf9\x6c\xf9");
cbc_cksum("\x58\x83\x67\xfb\xdf\x51\x7c\xfd",
"\x46\x0a\xa5\x94\x6b\xd6\xaa\x91",
"\x15\x0b\x16\x3a\x56\x79\x33\xdf\x6e\xa0\xd9\x54\x14\x7b\x37\xa9\xb1\x15\xe1\x28\xfe\x35\xe9\x34",
24,
0x16466788,
"\xa7\xbd\x2a\x1b\x16\x46\x67\x88");
cbc_cksum("\xf1\xe0\x91\x1c\xfe\x10\xe5\xb5",
"\x9c\xc6\x7d\xf3\x3e\x58\x40\x06",
"\x9c\x90\x88\xfe\x9c\x38\xc0\xd5\xaa\xc6\xf2\xc2\x7d\x00\xf6\x5f\xbd\x87\x25\xbe\x41\x64\x9f\xb7",
24,
0xd8a127cc,
"\x93\x5d\x75\x62\xd8\xa1\x27\xcc");
cbc_cksum("\x20\xbf\xdc\xd5\x5b\x9d\xc8\x79",
"\x68\xdc\xe2\xfa\x18\xb3\xa9\xe0",
"\xef\xba\xc4\x8b\x78\xc2\x02\xc2\x74\x71\x9f\xfa\x4b\xa2\x8a\xe5\xfb\x82\x3d\x48\xcf\x28\x08\x42",
24,
0x45236285,
"\xc0\xb9\x2c\x86\x45\x23\x62\x85");
cbc_cksum("\x31\x6d\xa8\xc2\x43\x16\x64\xea",
"\x7b\x5e\x9f\x7c\xb8\xa3\xbd\x89",
"\x8a\xd4\xe4\x77\xbb\x45\x17\x3d\xd2\xef\xe6\xb9\x65\x8b\xb3\xa9\x28\xef\xd7\x0c\xa8\x47\x5d\xb8",
24,
0x3f021cb2,
"\x10\x94\x4c\x2f\x3f\x02\x1c\xb2");
cbc_cksum("\xd5\x75\x51\x8f\xc8\x97\x1a\xc4",
"\xbc\x7a\x70\x58\xae\x29\x60\x3a",
"\x8d\x2c\x70\xdb\x53\xda\x0f\x50\xd9\xb5\x81\x18\x26\x66\x84\xda\xf6\x32\xa0\xe5\xf9\x09\xfd\x35",
24,
0x2f64dd4f,
"\x89\xe4\x70\x0d\x2f\x64\xdd\x4f");
cbc_cksum("\xda\x6e\x32\x80\x20\xbc\x67\x54",
"\xf4\x93\x86\x43\x29\x57\x6e\xec",
"\xfe\xd8\xfe\xad\x4e\x05\xd8\xb8\x9b\x9f\xaa\xa5\x90\x6d\xcb\xff\x40\xab\xc5\x25\x2b\xda\xa7\x09",
24,
0x6281ce23,
"\xa1\x88\xc2\x3d\x62\x81\xce\x23");
cbc_cksum("\xb6\xc7\x75\x8a\xfb\xd3\xf8\xad",
"\xf1\x4f\xd7\x39\x4b\xec\xa3\x99",
"\x31\xd0\x45\x9d\x62\xe3\x49\xbb\x58\xc2\x58\xbe\x13\x51\x1e\x3f\x54\xe5\x31\x7d\xd0\x94\x57\x7a",
24,
0x09c7ee4e,
"\x2f\x40\xb3\xd2\x09\xc7\xee\x4e");
cbc_cksum("\xa8\x4f\x16\xf4\x89\x3d\xf7\xec",
"\x04\x78\xbc\xd3\x4f\x32\xfd\x46",
"\xe5\x44\x30\x5e\x55\xa3\x08\xe9\xcd\xd1\xbe\x63\x66\x26\x27\x62\xc3\x4f\x2a\x50\x69\x21\x24\xde",
24,
0xdf3357c7,
"\xa8\x6e\x80\x3b\xdf\x33\x57\xc7");
cbc_cksum("\xd6\x4f\x40\xef\x8a\x2a\xf1\x20",
"\xd5\x40\xe7\x86\x36\x26\x79\xc9",
"\xcc\x74\x2b\x78\xca\x47\xb0\xd3\xe6\x72\x42\x76\xee\x80\xb0\xe5\x78\x12\x3b\x4e\x76\x91\xda\x1a",
24,
0x14a5029a,
"\x33\xd2\xb5\x8a\x14\xa5\x02\x9a");
cbc_cksum("\xfb\x89\xa1\x9d\xa7\xec\xc1\x5e",
"\x9c\x7f\x47\xd0\x79\x5d\x4b\x97",
"\xb6\x8b\x48\xe0\x01\x78\xec\x50\x7f\xf1\xfd\xd2\x87\x76\xba\x4b\x9c\x5c\xc7\x25",
20,
0xa1471604,
"\x39\x5b\x7d\xb1\xa1\x47\x16\x04");
cbc_cksum("\x70\xb3\xc4\x0b\x5b\x4f\x98\xe5",
"\x86\xc0\x05\x1a\xd5\x8f\x78\x2c",
"\xef\x01\x7b\xd8\xff\x68\x5d\x66\xb6\xbe\xd8\xf5\xb9\xed\x4e\xec\xe3\x3c\x12\xc5",
20,
0xc4b74f9a,
"\x2b\x07\xe3\x90\xc4\xb7\x4f\x9a");
cbc_cksum("\xfe\x04\xcb\xfe\xef\x34\xe9\x58",
"\xd9\x28\xae\xc0\x2c\xd3\xf6\xb0",
"\x24\x25\x9b\x67\xda\x76\xa6\x64\x6f\x31\x94\x18\x2e\x06\x71\x82\xaf\xbd\x86\x63",
20,
0xbd7c84e6,
"\x70\x3e\x91\xf5\xbd\x7c\x84\xe6");
cbc_cksum("\x10\xc2\x70\x94\x9b\x16\x20\x1c",
"\x62\xed\x5a\x48\x6c\xf3\x51\xa0",
"\x90\x3e\x06\xc1\x63\x6a\x1f\x1a\xfe\x9d\x74\xb6\x13\xde\x62\xd2\x6f\x19\x37\x25",
20,
0x26761f96,
"\x8b\x6a\x9c\x85\x26\x76\x1f\x96");
cbc_cksum("\x61\x32\x7c\x7f\x31\xc7\x98\xe6",
"\xd9\xba\x0d\x9d\x9e\xa3\xcc\x66",
"\x98\x8f\xc6\x5a\x54\x04\x63\xd9\x53\x86\x5d\x75\x53\x48\xcc\xa3\x00\x7a\x12\xe5",
20,
0xf0f6ad33,
"\x6a\xfb\xed\xd3\xf0\xf6\xad\x33");
cbc_cksum("\x85\xdf\x01\x2c\xab\x3b\xec\x13",
"\xc6\x44\x87\x5b\x78\x2a\x74\x92",
"\x8b\xf5\x0d\xff\x5c\xb3\xc1\xcd\x9e\xf7\xb8\x8e\x3b\xf8\x61\x4d\x26\x6a\x7b\xe8",
20,
0x7acfe214,
"\x52\xb7\x05\xe9\x7a\xcf\xe2\x14");
cbc_cksum("\x49\xdf\xb0\x16\x7f\xec\x10\x52",
"\x09\xa3\x36\x8f\xe9\xe0\x06\x19",
"\x3a\x0f\x66\xf7\x7a\x47\x34\xe4\xaa\x09\x36\x90\xe9\x90\x19\xff\x99\x94\x92\x04",
20,
0x9a3a59bb,
"\xd3\xe2\xce\xfc\x9a\x3a\x59\xbb");
cbc_cksum("\x5b\xbf\x4c\xc8\xce\xf4\x51\x1a",
"\x7c\xee\xc0\x5a\x20\x2b\x10\x22",
"\x05\x1d\xec\xdb\x30\x73\xf2\x21\xbf\x64\xe0\x5f\xdf\x02\x79\xe9\x47\xf2\x9c\x4e",
20,
0xaf9d3602,
"\xaa\xf3\xa2\x5a\xaf\x9d\x36\x02");
cbc_cksum("\xad\xda\xa2\x19\x6d\x37\xda\x67",
"\xb2\x10\x0f\xd5\xda\xdd\x17\xfc",
"\x44\x02\x6b\xd6\xd4\x8c\x42\x58\x8b\x59\x35\xce\xd7\x04\x6b\x35\xa6\x5f\x28\x97",
20,
0xd112a978,
"\xb2\x5f\x6a\x07\xd1\x12\xa9\x78");
s2k("potatoe", "WHITEHOUSE.GOVdanny",
"\xdf\x3d\x32\xa7\x4f\xd9\x2a\x01");
s2k("password", "ATHENA.MIT.EDUraeburn",
"\xCB\xC2\x2F\xAE\x23\x52\x98\xE3");
s2k("\xf0\x9d\x84\x9e", "EXAMPLE.COMpianist",
"\x4f\xfb\x26\xba\xb0\xcd\x94\x13");
s2k("NNNN6666", "FFFFAAAA",
"\xc4\xbf\x6b\x25\xad\xf7\xa4\xf8");
s2k("", "",
"\x01\x01\x01\x01\x01\x01\x01\xf1");
if (1) {
cfb64_test("\x45\xc2\x0b\x01\x40\x08\x13\x8a",
"\x9a\xef\xf4\x37\x41\x69\x0b\xd6",
"\x5d\x12\x5d\xf5\xae\x1d\xc6\x47\x21\xd3\x16\xba\x45\x0e\x9d\x4c\x00\xfd\xf8\x64\xca\x69\x67",
"\xff\x99\x06\xd8\xe9\xbc\xae\x7e\xde\x49\x7b\x34\x5d\xa0\x74\x61\x9b\x6f\x70\x38\x40\x40\xba");
cfb64_test("\xdc\xe9\x51\xc4\x0b\xad\x85\xa8",
"\xf5\x56\x6c\xef\x42\xed\x9f\xa8",
"\x7d\xe5\xeb\x04\x5c\xaf\x8c\x5b\xf4\x88\xba\x4a\x99\x6a\x3a\x79\xc0\x88\x01\x05\xac\x98\x3c",
"\x53\x87\x11\xc4\xa6\xf3\x1e\x67\x56\xfc\x8c\x63\xf0\x2e\xd9\x0e\x4a\x86\x8e\x5b\xa7\xde\xcf");
cfb64_test("\x25\xf7\xa7\x0e\x85\x4f\x5b\xb6",
"\x83\xae\x73\x03\xea\xeb\x82\x05",
"\x1b\x80\x23\xdc\x61\x23\xa7\xde\x80\xf6\xec\xb1\xc1\x6d\x3e\x59\x1f\x76\x6d\xdf\xfa\x42\xc7",
"\xe2\xf7\x8d\x2f\x86\xce\x1f\xfc\xdb\x82\xb9\xb5\x9c\xa9\xf4\x9c\x2b\x3f\x34\x6c\x83\xf7\x7e");
cfb64_test("\xab\xd5\xd3\x68\xf1\x2c\x0e\x0d",
"\x8a\xea\xe8\xc0\xad\xb9\x51\x83",
"\x3d\xcb\x7d\xcf\x57\xa6\xf6\x16\x4f\x34\xb6\x5f\xc2\xa9\xf0\xec\x90\xc5\x43\xa0\x19\xfc\x3f",
"\xe9\x2c\x22\x20\xd4\x27\x90\x89\x40\x08\x4a\x23\x4d\x41\x05\x67\xe1\xde\xf5\x0b\x8b\x96\xb1");
cfb64_test("\x92\x38\xd3\xfd\x61\x83\x92\x0e",
"\x25\xb6\x34\x51\x6d\x6a\x35\xa2",
"\x98\x55\xab\x2a\xa2\x9e\xcf\xf4\x92\xdf\xb4\xc6\xc1\x34\x55\xf6\x13\x85\x4c\x50\xdc\x82\x1e",
"\x87\x96\x47\xa6\xcd\xff\xda\xd2\xad\x88\xaa\x25\xbd\xcd\x72\x61\x37\x14\x42\x14\xc7\x4b\x7f");
cfb64_test("\xf4\xcb\x97\xad\xef\x7f\x80\xb0",
"\xfc\xa0\x7d\xb6\x75\xb8\x48\xea",
"\xc2\x1e\x16\x2b\xb7\xcf\xc6\xa0\x4b\x76\x75\x61\x49\x66\x0d\xce\xd2\x12\xf2\x98\x07\x2f\xac",
"\xe2\x20\xbf\x29\x5b\x34\x20\x2a\x2e\x99\xa5\x50\x97\x1b\x4b\x18\xb4\xd6\x87\x35\x7b\x5f\x43");
cfb64_test("\x3b\x1c\x15\xec\xb9\x5e\xe0\xda",
"\x7d\x94\x23\x76\x96\x72\x62\xf4",
"\x5d\x83\xdb\x76\x52\x46\xa7\x84\x0a\x71\x2c\x09\x40\xbd\x3d\x75\x73\x28\x0b\x22\x07\x6f\x8a",
"\xf1\x01\x8f\xe2\x32\x35\xe6\x06\xcf\xbb\xe4\x15\x9e\x4e\xf0\xe8\x2e\xcd\xac\xbf\xa6\xc2\xec");
cfb64_test("\xc2\xcd\x76\x79\x7f\x51\xce\x86",
"\x38\xcf\x55\x7d\x0c\xd5\x35\xfe",
"\xc7\xe5\xe8\x1d\x19\x09\x9f\xd5\xdb\x89\x26\xc1\xf1\xc1\x18\x50\xcf\x8b\xf2\xe1\x87\xeb\xe6",
"\xd4\x5d\xca\x30\xb9\x41\xfa\x36\x83\xfc\x40\x2d\xd2\xe8\x94\x38\x49\xc8\xa3\x35\xb7\x5d\x9c");
cfb64_test("\x67\xfd\xc4\x31\x45\x40\xf7\xea",
"\xb9\x29\xe6\x78\xdd\x1a\x13\x84",
"\x12\x9b\xe5\xb3\xdd\x42\x6f\x45\x86\x97\x25\x87\x05\xee\x7e\x57\x8f\x22\x79\xb3\x22\xa2\x95",
"\x38\xef\x49\xbc\xdd\xbb\x6b\x73\xc0\xd7\xa6\x70\xe0\x1b\xde\x8d\xe6\xb4\xc6\x69\xca\x5e\x1e");
}
return 0;
}

243
lib/hcrypto/dh-imath.c Normal file
View File

@@ -0,0 +1,243 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <dh.h>
#include <roken.h>
#include "imath/imath.h"
RCSID("$Id$");
static void
BN2mpz(mpz_t *s, const BIGNUM *bn)
{
size_t len;
void *p;
len = BN_num_bytes(bn);
p = malloc(len);
BN_bn2bin(bn, p);
mp_int_read_unsigned(s, p, len);
free(p);
}
static BIGNUM *
mpz2BN(mpz_t *s)
{
size_t size;
BIGNUM *bn;
void *p;
size = mp_int_unsigned_len(s);
p = malloc(size);
if (p == NULL && size != 0)
return NULL;
mp_int_to_unsigned(s, p, size);
bn = BN_bin2bn(p, size, NULL);
free(p);
return bn;
}
/*
*
*/
#define DH_NUM_TRIES 10
static int
dh_generate_key(DH *dh)
{
mpz_t pub, priv_key, g, p;
int have_private_key = (dh->priv_key != NULL);
int codes, times = 0;
mp_result res;
if (dh->p == NULL || dh->g == NULL)
return 0;
while (times++ < DH_NUM_TRIES) {
if (!have_private_key) {
size_t bits = BN_num_bits(dh->p);
if (dh->priv_key)
BN_free(dh->priv_key);
dh->priv_key = BN_new();
if (dh->priv_key == NULL)
return 0;
if (!BN_rand(dh->priv_key, bits - 1, 0, 0)) {
BN_clear_free(dh->priv_key);
dh->priv_key = NULL;
return 0;
}
}
if (dh->pub_key)
BN_free(dh->pub_key);
mp_int_init(&pub);
mp_int_init(&priv_key);
mp_int_init(&g);
mp_int_init(&p);
BN2mpz(&priv_key, dh->priv_key);
BN2mpz(&g, dh->g);
BN2mpz(&p, dh->p);
res = mp_int_exptmod(&g, &priv_key, &p, &pub);
mp_int_clear(&priv_key);
mp_int_clear(&g);
mp_int_clear(&p);
if (res != MP_OK)
continue;
dh->pub_key = mpz2BN(&pub);
mp_int_clear(&pub);
if (dh->pub_key == NULL)
return 0;
if (DH_check_pubkey(dh, dh->pub_key, &codes) && codes == 0)
break;
if (have_private_key)
return 0;
}
if (times >= DH_NUM_TRIES) {
if (!have_private_key && dh->priv_key) {
BN_free(dh->priv_key);
dh->priv_key = NULL;
}
if (dh->pub_key) {
BN_free(dh->pub_key);
dh->pub_key = NULL;
}
return 0;
}
return 1;
}
static int
dh_compute_key(unsigned char *shared, const BIGNUM * pub, DH *dh)
{
mpz_t s, priv_key, p, peer_pub;
size_t size = 0;
mp_result res;
if (dh->pub_key == NULL || dh->g == NULL || dh->priv_key == NULL)
return -1;
mp_int_init(&p);
BN2mpz(&p, dh->p);
mp_int_init(&peer_pub);
BN2mpz(&peer_pub, pub);
/* check if peers pubkey is reasonable */
if (MP_SIGN(&peer_pub) == MP_NEG
|| mp_int_compare(&peer_pub, &p) >= 0
|| mp_int_compare_value(&peer_pub, 1) <= 0)
{
mp_int_clear(&p);
mp_int_clear(&peer_pub);
return -1;
}
mp_int_init(&priv_key);
BN2mpz(&priv_key, dh->priv_key);
mp_int_init(&s);
mp_int_exptmod(&peer_pub, &priv_key, &p, &s);
mp_int_clear(&p);
mp_int_clear(&peer_pub);
mp_int_clear(&priv_key);
size = mp_int_unsigned_len(&s);
res = mp_int_to_unsigned(&s, shared, size);
mp_int_clear(&s);
return (res == MP_OK) ? size : -1;
}
static int
dh_generate_params(DH *dh, int a, int b, BN_GENCB *callback)
{
/* groups should already be known, we don't care about this */
return 0;
}
static int
dh_init(DH *dh)
{
return 1;
}
static int
dh_finish(DH *dh)
{
return 1;
}
/*
*
*/
const DH_METHOD hc_dh_imath_method = {
"hcrypto imath DH",
dh_generate_key,
dh_compute_key,
NULL,
dh_init,
dh_finish,
0,
NULL,
dh_generate_params
};
const DH_METHOD *
DH_imath_method(void)
{
return &hc_dh_imath_method;
}

294
lib/hcrypto/dh.c Normal file
View File

@@ -0,0 +1,294 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <dh.h>
#include <roken.h>
/*
*
*/
DH *
DH_new(void)
{
return DH_new_method(NULL);
}
DH *
DH_new_method(ENGINE *engine)
{
DH *dh;
dh = calloc(1, sizeof(*dh));
if (dh == NULL)
return NULL;
dh->references = 1;
if (engine) {
ENGINE_up_ref(engine);
dh->engine = engine;
} else {
dh->engine = ENGINE_get_default_DH();
}
if (dh->engine) {
dh->meth = ENGINE_get_DH(dh->engine);
if (dh->meth == NULL) {
ENGINE_finish(engine);
free(dh);
return 0;
}
}
if (dh->meth == NULL)
dh->meth = DH_get_default_method();
(*dh->meth->init)(dh);
return dh;
}
void
DH_free(DH *dh)
{
if (dh->references <= 0)
abort();
if (--dh->references > 0)
return;
(*dh->meth->finish)(dh);
if (dh->engine)
ENGINE_finish(dh->engine);
#define free_if(f) if (f) { BN_free(f); }
free_if(dh->p);
free_if(dh->g);
free_if(dh->pub_key);
free_if(dh->priv_key);
free_if(dh->q);
free_if(dh->j);
free_if(dh->counter);
#undef free_if
memset(dh, 0, sizeof(*dh));
free(dh);
}
int
DH_up_ref(DH *dh)
{
return ++dh->references;
}
int
DH_size(const DH *dh)
{
return BN_num_bytes(dh->p);
}
int
DH_set_ex_data(DH *dh, int idx, void *data)
{
dh->ex_data.sk = data;
return 1;
}
void *
DH_get_ex_data(DH *dh, int idx)
{
return dh->ex_data.sk;
}
int
DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb)
{
if (dh->meth->generate_params)
return dh->meth->generate_params(dh, prime_len, generator, cb);
return 0;
}
/*
* Check that
*
* pub_key > 1 and pub_key < p - 1
*
* to avoid small subgroups attack.
*/
int
DH_check_pubkey(const DH *dh, const BIGNUM *pub_key, int *codes)
{
BIGNUM *bn = NULL, *sum = NULL;
int ret = 0;
*codes = 0;
bn = BN_new();
if (bn == NULL)
goto out;
if (!BN_set_word(bn, 1))
goto out;
if (BN_cmp(bn, pub_key) >= 0)
*codes |= DH_CHECK_PUBKEY_TOO_SMALL;
sum = BN_new();
if (sum == NULL)
goto out;
BN_uadd(sum, pub_key, bn);
if (BN_cmp(sum, dh->p) >= 0)
*codes |= DH_CHECK_PUBKEY_TOO_LARGE;
ret = 1;
out:
if (bn)
BN_free(bn);
if (sum)
BN_free(sum);
return ret;
}
int
DH_generate_key(DH *dh)
{
return dh->meth->generate_key(dh);
}
int
DH_compute_key(unsigned char *shared_key,
const BIGNUM *peer_pub_key, DH *dh)
{
int codes;
if (!DH_check_pubkey(dh, peer_pub_key, &codes) || codes != 0)
return -1;
return dh->meth->compute_key(shared_key, peer_pub_key, dh);
}
int
DH_set_method(DH *dh, const DH_METHOD *method)
{
(*dh->meth->finish)(dh);
if (dh->engine) {
ENGINE_finish(dh->engine);
dh->engine = NULL;
}
dh->meth = method;
(*dh->meth->init)(dh);
return 1;
}
/*
*
*/
static int
dh_null_generate_key(DH *dh)
{
return 0;
}
static int
dh_null_compute_key(unsigned char *shared,const BIGNUM *pub, DH *dh)
{
return 0;
}
static int
dh_null_init(DH *dh)
{
return 1;
}
static int
dh_null_finish(DH *dh)
{
return 1;
}
static int
dh_null_generate_params(DH *dh, int prime_num, int len, BN_GENCB *cb)
{
return 0;
}
static const DH_METHOD dh_null_method = {
"hcrypto null DH",
dh_null_generate_key,
dh_null_compute_key,
NULL,
dh_null_init,
dh_null_finish,
0,
NULL,
dh_null_generate_params
};
extern const DH_METHOD hc_dh_imath_method;
static const DH_METHOD *dh_default_method = &hc_dh_imath_method;
const DH_METHOD *
DH_null_method(void)
{
return &dh_null_method;
}
void
DH_set_default_method(const DH_METHOD *meth)
{
dh_default_method = meth;
}
const DH_METHOD *
DH_get_default_method(void)
{
return dh_default_method;
}

141
lib/hcrypto/dh.h Normal file
View File

@@ -0,0 +1,141 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* $Id$
*/
#ifndef _HEIM_DH_H
#define _HEIM_DH_H 1
/* symbol renaming */
#define DH_null_method hc_DH_null_method
#define DH_imath_method hc_DH_imath_method
#define DH_new hc_DH_new
#define DH_new_method hc_DH_new_method
#define DH_free hc_DH_free
#define DH_up_ref hc_DH_up_ref
#define DH_size hc_DH_size
#define DH_set_default_method hc_DH_set_default_method
#define DH_get_default_method hc_DH_get_default_method
#define DH_set_method hc_DH_set_method
#define DH_get_method hc_DH_get_method
#define DH_set_ex_data hc_DH_set_ex_data
#define DH_get_ex_data hc_DH_get_ex_data
#define DH_generate_parameters_ex hc_DH_generate_parameters_ex
#define DH_check_pubkey hc_DH_check_pubkey
#define DH_generate_key hc_DH_generate_key
#define DH_compute_key hc_DH_compute_key
/*
*
*/
typedef struct DH DH;
typedef struct DH_METHOD DH_METHOD;
#include <hcrypto/bn.h>
#include <hcrypto/engine.h>
struct DH_METHOD {
const char *name;
int (*generate_key)(DH *);
int (*compute_key)(unsigned char *,const BIGNUM *,DH *);
int (*bn_mod_exp)(const DH *, BIGNUM *, const BIGNUM *,
const BIGNUM *, const BIGNUM *, BN_CTX *,
BN_MONT_CTX *);
int (*init)(DH *);
int (*finish)(DH *);
int flags;
void *app_data;
int (*generate_params)(DH *, int, int, BN_GENCB *);
};
struct DH {
int pad;
int version;
BIGNUM *p;
BIGNUM *g;
long length;
BIGNUM *pub_key;
BIGNUM *priv_key;
int flags;
void *method_mont_p;
BIGNUM *q;
BIGNUM *j;
void *seed;
int seedlen;
BIGNUM *counter;
int references;
struct CRYPTO_EX_DATA {
void *sk;
int dummy;
} ex_data;
const DH_METHOD *meth;
ENGINE *engine;
};
/* DH_check_pubkey return codes in `codes' argument. */
#define DH_CHECK_PUBKEY_TOO_SMALL 1
#define DH_CHECK_PUBKEY_TOO_LARGE 2
/*
*
*/
const DH_METHOD *DH_null_method(void);
const DH_METHOD *DH_imath_method(void);
DH * DH_new(void);
DH * DH_new_method(ENGINE *);
void DH_free(DH *);
int DH_up_ref(DH *);
int DH_size(const DH *);
void DH_set_default_method(const DH_METHOD *);
const DH_METHOD *
DH_get_default_method(void);
int DH_set_method(DH *, const DH_METHOD *);
int DH_set_ex_data(DH *, int, void *);
void * DH_get_ex_data(DH *, int);
int DH_generate_parameters_ex(DH *, int, int, BN_GENCB *);
int DH_check_pubkey(const DH *, const BIGNUM *, int *);
int DH_generate_key(DH *);
int DH_compute_key(unsigned char *,const BIGNUM *,DH *);
#endif /* _HEIM_DH_H */

52
lib/hcrypto/dllmain.c Normal file
View File

@@ -0,0 +1,52 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id$");
#endif
#include <Windows.h>
BOOL WINAPI
DllMain (HANDLE hInst,
ULONG reason,
LPVOID lpReserved)
{
switch(reason) {
case DLL_PROCESS_ATTACH:
case DLL_PROCESS_DETACH:
default:
return TRUE;
}
}

125
lib/hcrypto/dsa.c Normal file
View File

@@ -0,0 +1,125 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <dsa.h>
#include <roken.h>
/*
*
*/
DSA *
DSA_new(void)
{
DSA *dsa = calloc(1, sizeof(*dsa));
dsa->meth = rk_UNCONST(DSA_get_default_method());
dsa->references = 1;
return dsa;
}
void
DSA_free(DSA *dsa)
{
if (dsa->references <= 0)
abort();
if (--dsa->references > 0)
return;
(*dsa->meth->finish)(dsa);
#define free_if(f) if (f) { BN_free(f); }
free_if(dsa->p);
free_if(dsa->q);
free_if(dsa->g);
free_if(dsa->pub_key);
free_if(dsa->priv_key);
free_if(dsa->kinv);
free_if(dsa->r);
#undef free_if
memset(dsa, 0, sizeof(*dsa));
free(dsa);
}
int
DSA_up_ref(DSA *dsa)
{
return ++dsa->references;
}
/*
*
*/
static const DSA_METHOD dsa_null_method = {
"hcrypto null DSA"
};
const DSA_METHOD *
DSA_null_method(void)
{
return &dsa_null_method;
}
const DSA_METHOD *dsa_default_mech = &dsa_null_method;
void
DSA_set_default_method(const DSA_METHOD *mech)
{
dsa_default_mech = mech;
}
const DSA_METHOD *
DSA_get_default_method(void)
{
return dsa_default_mech;
}
int
DSA_verify(int type, const unsigned char * digest, int digest_len,
const unsigned char *sig, int sig_len, DSA *dsa)
{
return -1;
}

140
lib/hcrypto/dsa.h Normal file
View File

@@ -0,0 +1,140 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* $Id$
*/
#ifndef _HEIM_DSA_H
#define _HEIM_DSA_H 1
#include <hcrypto/bn.h>
/* symbol renaming */
#define DSA_null_method hc_DSA_null_method
#define DSA_new hc_DSA_new
#define DSA_free hc_DSA_free
#define DSA_up_ref hc_DSA_up_ref
#define DSA_set_default_method hc_DSA_set_default_method
#define DSA_get_default_method hc_DSA_get_default_method
#define DSA_set_method hc_DSA_set_method
#define DSA_get_method hc_DSA_get_method
#define DSA_set_app_data hc_DSA_set_app_data
#define DSA_get_app_data hc_DSA_get_app_data
#define DSA_size hc_DSA_size
#define DSA_verify hc_DSA_verify
/*
*
*/
typedef struct DSA DSA;
typedef struct DSA_METHOD DSA_METHOD;
typedef struct DSA_SIG DSA_SIG;
struct DSA_SIG {
BIGNUM *r;
BIGNUM *s;
};
struct DSA_METHOD {
const char *name;
DSA_SIG * (*dsa_do_sign)(const unsigned char *, int, DSA *);
int (*dsa_sign_setup)(DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
int (*dsa_do_verify)(const unsigned char *, int, DSA_SIG *, DSA *);
int (*dsa_mod_exp)(DSA *, BIGNUM *, BIGNUM *, BIGNUM *,
BIGNUM *, BIGNUM *, BIGNUM *, BN_CTX *,
BN_MONT_CTX *);
int (*bn_mod_exp)(DSA *, BIGNUM *, BIGNUM *, const BIGNUM *,
const BIGNUM *, BN_CTX *,
BN_MONT_CTX *);
int (*init)(DSA *);
int (*finish)(DSA *);
int flags;
void *app_data;
};
struct DSA {
int pad;
long version;
int write_params;
BIGNUM *p;
BIGNUM *q;
BIGNUM *g;
BIGNUM *pub_key;
BIGNUM *priv_key;
BIGNUM *kinv;
BIGNUM *r;
int flags;
void *method_mont_p;
int references;
struct dsa_CRYPTO_EX_DATA {
void *sk;
int dummy;
} ex_data;
const DSA_METHOD *meth;
void *engine;
};
/*
*
*/
const DSA_METHOD *DSA_null_method(void);
/*
*
*/
DSA * DSA_new(void);
void DSA_free(DSA *);
int DSA_up_ref(DSA *);
void DSA_set_default_method(const DSA_METHOD *);
const DSA_METHOD * DSA_get_default_method(void);
const DSA_METHOD * DSA_get_method(const DSA *);
int DSA_set_method(DSA *, const DSA_METHOD *);
void DSA_set_app_data(DSA *, void *arg);
void * DSA_get_app_data(DSA *);
int DSA_size(const DSA *);
int DSA_verify(int, const unsigned char *, int,
const unsigned char *, int, DSA *);
#endif /* _HEIM_DSA_H */

345
lib/hcrypto/engine.c Normal file
View File

@@ -0,0 +1,345 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <engine.h>
#ifdef HAVE_DLFCN_H
#include <dlfcn.h>
#ifndef RTLD_NOW
#define RTLD_NOW 0
#endif
#endif
struct hc_engine {
int references;
char *name;
char *id;
void (*destroy)(ENGINE *);
const RSA_METHOD *rsa;
const DH_METHOD *dh;
const RAND_METHOD *rand;
};
int
ENGINE_finish(ENGINE *engine)
{
if (engine->references-- <= 0)
abort();
if (engine->references > 0)
return 1;
if (engine->name)
free(engine->name);
if (engine->id)
free(engine->id);
if(engine->destroy)
(*engine->destroy)(engine);
memset(engine, 0, sizeof(engine));
engine->references = -1;
free(engine);
return 1;
}
int
ENGINE_up_ref(ENGINE *engine)
{
if (engine->references < 0)
abort();
engine->references++;
return 1;
}
int
ENGINE_set_id(ENGINE *engine, const char *id)
{
engine->id = strdup(id);
return (engine->id == NULL) ? 0 : 1;
}
int
ENGINE_set_name(ENGINE *engine, const char *name)
{
engine->name = strdup(name);
return (engine->name == NULL) ? 0 : 1;
}
int
ENGINE_set_RSA(ENGINE *engine, const RSA_METHOD *method)
{
engine->rsa = method;
return 1;
}
int
ENGINE_set_DH(ENGINE *engine, const DH_METHOD *method)
{
engine->dh = method;
return 1;
}
int
ENGINE_set_destroy_function(ENGINE *e, void (*destroy)(ENGINE *))
{
e->destroy = destroy;
return 1;
}
const char *
ENGINE_get_id(const ENGINE *engine)
{
return engine->id;
}
const char *
ENGINE_get_name(const ENGINE *engine)
{
return engine->name;
}
const RSA_METHOD *
ENGINE_get_RSA(const ENGINE *engine)
{
return engine->rsa;
}
const DH_METHOD *
ENGINE_get_DH(const ENGINE *engine)
{
return engine->dh;
}
const RAND_METHOD *
ENGINE_get_RAND(const ENGINE *engine)
{
return engine->rand;
}
/*
*
*/
#define SG_default_engine(type) \
static ENGINE *type##_engine; \
int \
ENGINE_set_default_##type(ENGINE *engine) \
{ \
if (type##_engine) \
ENGINE_finish(type##_engine); \
type##_engine = engine; \
if (type##_engine) \
ENGINE_up_ref(type##_engine); \
return 1; \
} \
ENGINE * \
ENGINE_get_default_##type(void) \
{ \
if (type##_engine) \
ENGINE_up_ref(type##_engine); \
return type##_engine; \
}
SG_default_engine(RSA)
SG_default_engine(DH)
#undef SG_default_engine
/*
*
*/
static ENGINE **engines;
static unsigned int num_engines;
static int
add_engine(ENGINE *engine)
{
ENGINE **d, *dup;
dup = ENGINE_by_id(engine->id);
if (dup) {
ENGINE_finish(dup);
return 0;
}
d = realloc(engines, (num_engines + 1) * sizeof(*engines));
if (d == NULL)
return 1;
engines = d;
engines[num_engines++] = engine;
return 1;
}
void
ENGINE_load_builtin_engines(void)
{
ENGINE *engine;
int ret;
engine = calloc(1, sizeof(*engine));
if (engine == NULL)
return;
ENGINE_set_id(engine, "builtin");
ENGINE_set_name(engine,
"Heimdal crypto builtin engine version " PACKAGE_VERSION);
ENGINE_set_RSA(engine, RSA_imath_method());
ENGINE_set_DH(engine, DH_imath_method());
ret = add_engine(engine);
if (ret != 1)
ENGINE_finish(engine);
}
ENGINE *
ENGINE_by_dso(const char *path, const char *id)
{
#ifdef HAVE_DLOPEN
ENGINE *engine;
void *handle;
int ret;
engine = calloc(1, sizeof(*engine));
if (engine == NULL)
return NULL;
handle = dlopen(path, RTLD_NOW);
if (handle == NULL) {
/* printf("error: %s\n", dlerror()); */
free(engine);
return NULL;
}
{
unsigned long version;
openssl_v_check v_check;
v_check = (openssl_v_check)dlsym(handle, "v_check");
if (v_check == NULL) {
dlclose(handle);
free(engine);
return NULL;
}
version = (*v_check)(OPENSSL_DYNAMIC_VERSION);
if (version == 0) {
dlclose(handle);
free(engine);
return NULL;
}
}
{
openssl_bind_engine bind_engine;
bind_engine = (openssl_bind_engine)dlsym(handle, "bind_engine");
if (bind_engine == NULL) {
dlclose(handle);
free(engine);
return NULL;
}
ret = (*bind_engine)(engine, id, NULL); /* XXX fix third arg */
if (ret != 1) {
dlclose(handle);
free(engine);
return NULL;
}
}
ENGINE_up_ref(engine);
ret = add_engine(engine);
if (ret != 1) {
dlclose(handle);
ENGINE_finish(engine);
return NULL;
}
return engine;
#else
return NULL;
#endif
}
ENGINE *
ENGINE_by_id(const char *id)
{
int i;
for (i = 0; i < num_engines; i++) {
if (strcmp(id, engines[i]->id) == 0) {
ENGINE_up_ref(engines[i]);
return engines[i];
}
}
return NULL;
}
void
ENGINE_add_conf_module(void)
{
ENGINE *engine;
/*
* XXX Parse configuration file instead
*/
engine = ENGINE_by_dso("/usr/heimdal/lib/hc-modules/hc-gmp.so", NULL);
if (engine == NULL)
return;
{
const RSA_METHOD *method = ENGINE_get_RSA(engine);
if (method)
RSA_set_default_method(method);
}
{
const DH_METHOD *method = ENGINE_get_DH(engine);
if (method)
DH_set_default_method(method);
}
}

103
lib/hcrypto/engine.h Normal file
View File

@@ -0,0 +1,103 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* $Id$
*/
#ifndef _HEIM_ENGINE_H
#define _HEIM_ENGINE_H 1
/* symbol renaming */
#define ENGINE_add_conf_module hc_ENGINE_add_conf_module
#define ENGINE_by_dso hc_ENGINE_by_dso
#define ENGINE_by_id hc_ENGINE_by_id
#define ENGINE_finish hc_ENGINE_finish
#define ENGINE_get_DH hc_ENGINE_get_DH
#define ENGINE_get_RSA hc_ENGINE_get_RSA
#define ENGINE_get_RAND hc_ENGINE_get_RAND
#define ENGINE_get_id hc_ENGINE_get_id
#define ENGINE_get_name hc_ENGINE_get_name
#define ENGINE_load_builtin_engines hc_ENGINE_load_builtin_engines
#define ENGINE_set_DH hc_ENGINE_set_DH
#define ENGINE_set_RSA hc_ENGINE_set_RSA
#define ENGINE_set_id hc_ENGINE_set_id
#define ENGINE_set_name hc_ENGINE_set_name
#define ENGINE_set_destroy_function hc_ENGINE_set_destroy_function
#define ENGINE_up_ref hc_ENGINE_up_ref
#define ENGINE_get_default_DH hc_ENGINE_get_default_DH
#define ENGINE_get_default_RSA hc_ENGINE_get_default_RSA
#define ENGINE_set_default_DH hc_ENGINE_set_default_DH
#define ENGINE_set_default_RSA hc_ENGINE_set_default_RSA
/*
*
*/
typedef struct hc_engine ENGINE;
#include <hcrypto/rsa.h>
#include <hcrypto/dsa.h>
#include <hcrypto/dh.h>
#include <hcrypto/rand.h>
#define OPENSSL_DYNAMIC_VERSION (unsigned long)0x00020000
typedef int (*openssl_bind_engine)(ENGINE *, const char *, const void *);
typedef unsigned long (*openssl_v_check)(unsigned long);
void ENGINE_add_conf_module(void);
void ENGINE_load_builtin_engines(void);
ENGINE *ENGINE_by_id(const char *);
ENGINE *ENGINE_by_dso(const char *, const char *);
int ENGINE_finish(ENGINE *);
int ENGINE_up_ref(ENGINE *);
int ENGINE_set_id(ENGINE *, const char *);
int ENGINE_set_name(ENGINE *, const char *);
int ENGINE_set_RSA(ENGINE *, const RSA_METHOD *);
int ENGINE_set_DH(ENGINE *, const DH_METHOD *);
int ENGINE_set_destroy_function(ENGINE *, void (*)(ENGINE *));
const char * ENGINE_get_id(const ENGINE *);
const char * ENGINE_get_name(const ENGINE *);
const RSA_METHOD * ENGINE_get_RSA(const ENGINE *);
const DH_METHOD * ENGINE_get_DH(const ENGINE *);
const RAND_METHOD * ENGINE_get_RAND(const ENGINE *);
int ENGINE_set_default_RSA(ENGINE *);
ENGINE * ENGINE_get_default_RSA(void);
int ENGINE_set_default_DH(ENGINE *);
ENGINE * ENGINE_get_default_DH(void);
#endif /* _HEIM_ENGINE_H */

905
lib/hcrypto/evp.c Normal file
View File

@@ -0,0 +1,905 @@
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <evp.h>
#include <krb5-types.h>
#include <aes.h>
#include <des.h>
#include <sha.h>
#include <rc2.h>
#include <rc4.h>
#include <md2.h>
#include <md4.h>
#include <md5.h>
typedef int (*evp_md_init)(EVP_MD_CTX *);
typedef int (*evp_md_update)(EVP_MD_CTX *,const void *, size_t);
typedef int (*evp_md_final)(void *, EVP_MD_CTX *);
typedef int (*evp_md_cleanup)(EVP_MD_CTX *);
struct hc_evp_md {
int hash_size;
int block_size;
int ctx_size;
evp_md_init init;
evp_md_update update;
evp_md_final final;
evp_md_cleanup cleanup;
};
/*
*
*/
size_t
EVP_MD_size(const EVP_MD *md)
{
return md->hash_size;
}
size_t
EVP_MD_block_size(const EVP_MD *md)
{
return md->block_size;
}
EVP_MD_CTX *
EVP_MD_CTX_create(void)
{
return calloc(1, sizeof(EVP_MD_CTX));
}
void
EVP_MD_CTX_init(EVP_MD_CTX *ctx)
{
memset(ctx, 0, sizeof(*ctx));
}
void
EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
{
EVP_MD_CTX_cleanup(ctx);
free(ctx);
}
int
EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
{
if (ctx->md && ctx->md->cleanup)
(ctx->md->cleanup)(ctx);
ctx->md = NULL;
ctx->engine = NULL;
free(ctx->ptr);
return 1;
}
const EVP_MD *
EVP_MD_CTX_md(EVP_MD_CTX *ctx)
{
return ctx->md;
}
size_t
EVP_MD_CTX_size(EVP_MD_CTX *ctx)
{
return EVP_MD_size(ctx->md);
}
size_t
EVP_MD_CTX_block_size(EVP_MD_CTX *ctx)
{
return EVP_MD_block_size(ctx->md);
}
int
EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine)
{
if (ctx->md != md || ctx->engine != engine) {
EVP_MD_CTX_cleanup(ctx);
ctx->md = md;
ctx->engine = engine;
ctx->ptr = calloc(1, md->ctx_size);
if (ctx->ptr == NULL)
return 0;
}
(ctx->md->init)(ctx->ptr);
return 1;
}
int
EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size)
{
(ctx->md->update)(ctx->ptr, data, size);
return 1;
}
int
EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size)
{
(ctx->md->final)(hash, ctx->ptr);
if (size)
*size = ctx->md->hash_size;
return 1;
}
int
EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize,
const EVP_MD *md, ENGINE *engine)
{
EVP_MD_CTX *ctx;
int ret;
ctx = EVP_MD_CTX_create();
if (ctx == NULL)
return 0;
ret = EVP_DigestInit_ex(ctx, md, engine);
if (ret != 1)
return ret;
ret = EVP_DigestUpdate(ctx, data, dsize);
if (ret != 1)
return ret;
ret = EVP_DigestFinal_ex(ctx, hash, hsize);
if (ret != 1)
return ret;
EVP_MD_CTX_destroy(ctx);
return 1;
}
/*
*
*/
const EVP_MD *
EVP_sha256(void)
{
static const struct hc_evp_md sha256 = {
32,
64,
sizeof(SHA256_CTX),
(evp_md_init)SHA256_Init,
(evp_md_update)SHA256_Update,
(evp_md_final)SHA256_Final,
NULL
};
return &sha256;
}
static const struct hc_evp_md sha1 = {
20,
64,
sizeof(SHA_CTX),
(evp_md_init)SHA1_Init,
(evp_md_update)SHA1_Update,
(evp_md_final)SHA1_Final,
NULL
};
const EVP_MD *
EVP_sha1(void)
{
return &sha1;
}
const EVP_MD *
EVP_sha(void)
{
return &sha1;
}
const EVP_MD *
EVP_md5(void)
{
static const struct hc_evp_md md5 = {
16,
64,
sizeof(MD5_CTX),
(evp_md_init)MD5_Init,
(evp_md_update)MD5_Update,
(evp_md_final)MD5_Final,
NULL
};
return &md5;
}
const EVP_MD *
EVP_md4(void)
{
static const struct hc_evp_md md4 = {
16,
64,
sizeof(MD4_CTX),
(evp_md_init)MD4_Init,
(evp_md_update)MD4_Update,
(evp_md_final)MD4_Final,
NULL
};
return &md4;
}
const EVP_MD *
EVP_md2(void)
{
static const struct hc_evp_md md2 = {
16,
16,
sizeof(MD2_CTX),
(evp_md_init)MD2_Init,
(evp_md_update)MD2_Update,
(evp_md_final)MD2_Final,
NULL
};
return &md2;
}
/*
*
*/
static void
null_Init (void *m)
{
}
static void
null_Update (void *m, const void * data, size_t size)
{
}
static void
null_Final(void *res, struct md5 *m)
{
}
const EVP_MD *
EVP_md_null(void)
{
static const struct hc_evp_md null = {
0,
0,
0,
(evp_md_init)null_Init,
(evp_md_update)null_Update,
(evp_md_final)null_Final,
NULL
};
return &null;
}
#if 0
void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
int EVP_SignFinal(EVP_MD_CTX *, void *, size_t *, EVP_PKEY *);
int EVP_VerifyFinal(EVP_MD_CTX *, const void *, size_t, EVP_PKEY *);
#endif
/*
*
*/
size_t
EVP_CIPHER_block_size(const EVP_CIPHER *c)
{
return c->block_size;
}
size_t
EVP_CIPHER_key_length(const EVP_CIPHER *c)
{
return c->key_len;
}
size_t
EVP_CIPHER_iv_length(const EVP_CIPHER *c)
{
return c->iv_len;
}
void
EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c)
{
memset(c, 0, sizeof(*c));
}
int
EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
{
if (c->cipher && c->cipher->cleanup)
c->cipher->cleanup(c);
if (c->cipher_data) {
free(c->cipher_data);
c->cipher_data = NULL;
}
return 1;
}
#if 0
int
EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length)
{
return 0;
}
int
EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad)
{
return 0;
}
#endif
const EVP_CIPHER *
EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx)
{
return ctx->cipher;
}
size_t
EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
{
return EVP_CIPHER_block_size(ctx->cipher);
}
size_t
EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
{
return EVP_CIPHER_key_length(ctx->cipher);
}
size_t
EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
{
return EVP_CIPHER_iv_length(ctx->cipher);
}
unsigned long
EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher->flags;
}
int
EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx)
{
return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE;
}
void *
EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx)
{
return ctx->app_data;
}
void
EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
{
ctx->app_data = data;
}
int
EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine,
const void *key, const void *iv, int encp)
{
if (encp == -1)
encp = ctx->encrypt;
else
ctx->encrypt = (encp ? 1 : 0);
if (c && (c != ctx->cipher)) {
EVP_CIPHER_CTX_cleanup(ctx);
ctx->cipher = c;
ctx->key_len = c->key_len;
ctx->cipher_data = malloc(c->ctx_size);
if (ctx->cipher_data == NULL && c->ctx_size != 0)
return 0;
} else if (ctx->cipher == NULL) {
/* reuse of cipher, but not any cipher ever set! */
return 0;
}
switch (EVP_CIPHER_CTX_flags(ctx)) {
case EVP_CIPH_CBC_MODE:
assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv));
if (iv)
memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
break;
default:
return 0;
}
if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT))
ctx->cipher->init(ctx, key, iv, encp);
return 1;
}
int
EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size)
{
return ctx->cipher->do_cipher(ctx, out, in, size);
}
/*
*
*/
static int
enc_null_init(EVP_CIPHER_CTX *ctx,
const unsigned char * key,
const unsigned char * iv,
int encp)
{
return 1;
}
static int
enc_null_do_cipher(EVP_CIPHER_CTX *ctx,
unsigned char *out,
const unsigned char *in,
unsigned int size)
{
memmove(out, in, size);
return 1;
}
static int
enc_null_cleanup(EVP_CIPHER_CTX *ctx)
{
return 1;
}
const EVP_CIPHER *
EVP_enc_null(void)
{
static const EVP_CIPHER enc_null = {
0,
0,
0,
0,
EVP_CIPH_CBC_MODE,
enc_null_init,
enc_null_do_cipher,
enc_null_cleanup,
0,
NULL,
NULL,
NULL,
NULL
};
return &enc_null;
}
/*
*
*/
struct rc2_cbc {
unsigned int maximum_effective_key;
RC2_KEY key;
};
static int
rc2_init(EVP_CIPHER_CTX *ctx,
const unsigned char * key,
const unsigned char * iv,
int encp)
{
struct rc2_cbc *k = ctx->cipher_data;
k->maximum_effective_key = EVP_CIPHER_CTX_key_length(ctx) * 8;
RC2_set_key(&k->key,
EVP_CIPHER_CTX_key_length(ctx),
key,
k->maximum_effective_key);
return 1;
}
static int
rc2_do_cipher(EVP_CIPHER_CTX *ctx,
unsigned char *out,
const unsigned char *in,
unsigned int size)
{
struct rc2_cbc *k = ctx->cipher_data;
RC2_cbc_encrypt(in, out, size, &k->key, ctx->iv, ctx->encrypt);
return 1;
}
static int
rc2_cleanup(EVP_CIPHER_CTX *ctx)
{
memset(ctx->cipher_data, 0, sizeof(struct rc2_cbc));
return 1;
}
const EVP_CIPHER *
EVP_rc2_cbc(void)
{
static const EVP_CIPHER rc2_cbc = {
0,
RC2_BLOCK_SIZE,
RC2_KEY_LENGTH,
RC2_BLOCK_SIZE,
EVP_CIPH_CBC_MODE,
rc2_init,
rc2_do_cipher,
rc2_cleanup,
sizeof(struct rc2_cbc),
NULL,
NULL,
NULL,
NULL
};
return &rc2_cbc;
}
const EVP_CIPHER *
EVP_rc2_40_cbc(void)
{
static const EVP_CIPHER rc2_40_cbc = {
0,
RC2_BLOCK_SIZE,
5,
RC2_BLOCK_SIZE,
EVP_CIPH_CBC_MODE,
rc2_init,
rc2_do_cipher,
rc2_cleanup,
sizeof(struct rc2_cbc),
NULL,
NULL,
NULL,
NULL
};
return &rc2_40_cbc;
}
const EVP_CIPHER *
EVP_rc2_64_cbc(void)
{
static const EVP_CIPHER rc2_64_cbc = {
0,
RC2_BLOCK_SIZE,
8,
RC2_BLOCK_SIZE,
EVP_CIPH_CBC_MODE,
rc2_init,
rc2_do_cipher,
rc2_cleanup,
sizeof(struct rc2_cbc),
NULL,
NULL,
NULL,
NULL
};
return &rc2_64_cbc;
}
/*
*
*/
const EVP_CIPHER *
EVP_rc4(void)
{
printf("evp rc4\n");
abort();
return NULL;
}
const EVP_CIPHER *
EVP_rc4_40(void)
{
printf("evp rc4_40\n");
abort();
return NULL;
}
/*
*
*/
struct des_ede3_cbc {
DES_key_schedule ks[3];
};
static int
des_ede3_cbc_init(EVP_CIPHER_CTX *ctx,
const unsigned char * key,
const unsigned char * iv,
int encp)
{
struct des_ede3_cbc *k = ctx->cipher_data;
DES_key_sched((DES_cblock *)(key), &k->ks[0]);
DES_key_sched((DES_cblock *)(key + 8), &k->ks[1]);
DES_key_sched((DES_cblock *)(key + 16), &k->ks[2]);
return 1;
}
static int
des_ede3_cbc_do_cipher(EVP_CIPHER_CTX *ctx,
unsigned char *out,
const unsigned char *in,
unsigned int size)
{
struct des_ede3_cbc *k = ctx->cipher_data;
DES_ede3_cbc_encrypt(in, out, size,
&k->ks[0], &k->ks[1], &k->ks[2],
(DES_cblock *)ctx->iv, ctx->encrypt);
return 1;
}
static int
des_ede3_cbc_cleanup(EVP_CIPHER_CTX *ctx)
{
memset(ctx->cipher_data, 0, sizeof(struct des_ede3_cbc));
return 1;
}
const EVP_CIPHER *
EVP_des_ede3_cbc(void)
{
static const EVP_CIPHER des_ede3_cbc = {
0,
8,
24,
8,
EVP_CIPH_CBC_MODE,
des_ede3_cbc_init,
des_ede3_cbc_do_cipher,
des_ede3_cbc_cleanup,
sizeof(struct des_ede3_cbc),
NULL,
NULL,
NULL,
NULL
};
return &des_ede3_cbc;
}
/*
*
*/
static int
aes_init(EVP_CIPHER_CTX *ctx,
const unsigned char * key,
const unsigned char * iv,
int encp)
{
AES_KEY *k = ctx->cipher_data;
if (ctx->encrypt)
AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k);
else
AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k);
return 1;
}
static int
aes_do_cipher(EVP_CIPHER_CTX *ctx,
unsigned char *out,
const unsigned char *in,
unsigned int size)
{
AES_KEY *k = ctx->cipher_data;
AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt);
return 1;
}
static int
aes_cleanup(EVP_CIPHER_CTX *ctx)
{
memset(ctx->cipher_data, 0, sizeof(AES_KEY));
return 1;
}
const EVP_CIPHER *
EVP_aes_128_cbc(void)
{
static const EVP_CIPHER aes_128_cbc = {
0,
16,
16,
16,
EVP_CIPH_CBC_MODE,
aes_init,
aes_do_cipher,
aes_cleanup,
sizeof(AES_KEY),
NULL,
NULL,
NULL,
NULL
};
return &aes_128_cbc;
}
const EVP_CIPHER *
EVP_aes_192_cbc(void)
{
static const EVP_CIPHER aes_192_cbc = {
0,
16,
24,
16,
EVP_CIPH_CBC_MODE,
aes_init,
aes_do_cipher,
aes_cleanup,
sizeof(AES_KEY),
NULL,
NULL,
NULL,
NULL
};
return &aes_192_cbc;
}
const EVP_CIPHER *
EVP_aes_256_cbc(void)
{
static const EVP_CIPHER aes_256_cbc = {
0,
16,
32,
16,
EVP_CIPH_CBC_MODE,
aes_init,
aes_do_cipher,
aes_cleanup,
sizeof(AES_KEY),
NULL,
NULL,
NULL,
NULL
};
return &aes_256_cbc;
}
/*
*
*/
static const struct cipher_name {
const char *name;
const EVP_CIPHER *(*func)(void);
} cipher_name[] = {
{ "des-ede3-cbc", EVP_des_ede3_cbc },
{ "aes-128-cbc", EVP_aes_128_cbc },
{ "aes-192-cbc", EVP_aes_192_cbc },
{ "aes-256-cbc", EVP_aes_256_cbc }
};
const EVP_CIPHER *
EVP_get_cipherbyname(const char *name)
{
int i;
for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) {
if (strcasecmp(cipher_name[i].name, name) == 0)
return (*cipher_name[i].func)();
}
return NULL;
}
/*
*
*/
#ifndef min
#define min(a,b) (((a)>(b))?(b):(a))
#endif
int
EVP_BytesToKey(const EVP_CIPHER *type,
const EVP_MD *md,
const void *salt,
const void *data, size_t datalen,
unsigned int count,
void *keydata,
void *ivdata)
{
int ivlen, keylen, first = 0;
unsigned int mds = 0, i;
unsigned char *key = keydata;
unsigned char *iv = ivdata;
unsigned char *buf;
EVP_MD_CTX c;
keylen = EVP_CIPHER_key_length(type);
ivlen = EVP_CIPHER_iv_length(type);
if (data == NULL)
return keylen;
buf = malloc(EVP_MD_size(md));
if (buf == NULL)
return -1;
EVP_MD_CTX_init(&c);
first = 1;
while (1) {
EVP_DigestInit_ex(&c, md, NULL);
if (!first)
EVP_DigestUpdate(&c, buf, mds);
first = 0;
EVP_DigestUpdate(&c,data,datalen);
#define PKCS5_SALT_LEN 8
if (salt)
EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN);
EVP_DigestFinal_ex(&c, buf, &mds);
assert(mds == EVP_MD_size(md));
for (i = 1; i < count; i++) {
EVP_DigestInit_ex(&c, md, NULL);
EVP_DigestUpdate(&c, buf, mds);
EVP_DigestFinal_ex(&c, buf, &mds);
assert(mds == EVP_MD_size(md));
}
i = 0;
if (keylen) {
size_t sz = min(keylen, mds);
if (key) {
memcpy(key, buf, sz);
key += sz;
}
keylen -= sz;
i += sz;
}
if (ivlen && mds > i) {
size_t sz = min(ivlen, (mds - i));
if (iv) {
memcpy(iv, &buf[i], sz);
iv += sz;
}
ivlen -= sz;
}
if (keylen == 0 && ivlen == 0)
break;
}
EVP_MD_CTX_cleanup(&c);
free(buf);
return EVP_CIPHER_key_length(type);
}
/*
*
*/
void
OpenSSL_add_all_algorithms(void)
{
return;
}
void
OpenSSL_add_all_algorithms_conf(void)
{
return;
}
void
OpenSSL_add_all_algorithms_noconf(void)
{
return;
}

255
lib/hcrypto/evp.h Normal file
View File

@@ -0,0 +1,255 @@
/*
* Copyright (c) 2005 - 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
#ifndef HEIM_EVP_H
#define HEIM_EVP_H 1
#include <hcrypto/engine.h>
/* symbol renaming */
#define EVP_CIPHER_CTX_block_size hc_EVP_CIPHER_CTX_block_size
#define EVP_CIPHER_CTX_cipher hc_EVP_CIPHER_CTX_cipher
#define EVP_CIPHER_CTX_cleanup hc_EVP_CIPHER_CTX_cleanup
#define EVP_CIPHER_CTX_flags hc_EVP_CIPHER_CTX_flags
#define EVP_CIPHER_CTX_get_app_data hc_EVP_CIPHER_CTX_get_app_data
#define EVP_CIPHER_CTX_init hc_EVP_CIPHER_CTX_init
#define EVP_CIPHER_CTX_iv_length hc_EVP_CIPHER_CTX_iv_length
#define EVP_CIPHER_CTX_key_length hc_EVP_CIPHER_CTX_key_length
#define EVP_CIPHER_CTX_mode hc_EVP_CIPHER_CTX_mode
#define EVP_CIPHER_CTX_set_app_data hc_EVP_CIPHER_CTX_set_app_data
#define EVP_CIPHER_CTX_set_key_length hc_EVP_CIPHER_CTX_set_key_length
#define EVP_CIPHER_CTX_set_padding hc_EVP_CIPHER_CTX_set_padding
#define EVP_CIPHER_block_size hc_EVP_CIPHER_block_size
#define EVP_CIPHER_iv_length hc_EVP_CIPHER_iv_length
#define EVP_CIPHER_key_length hc_EVP_CIPHER_key_length
#define EVP_Cipher hc_EVP_Cipher
#define EVP_CipherInit_ex hc_EVP_CipherInit_ex
#define EVP_Digest hc_EVP_Digest
#define EVP_DigestFinal_ex hc_EVP_DigestFinal_ex
#define EVP_DigestInit_ex hc_EVP_DigestInit_ex
#define EVP_DigestUpdate hc_EVP_DigestUpdate
#define EVP_MD_CTX_block_size hc_EVP_MD_CTX_block_size
#define EVP_MD_CTX_cleanup hc_EVP_MD_CTX_cleanup
#define EVP_MD_CTX_create hc_EVP_MD_CTX_create
#define EVP_MD_CTX_init hc_EVP_MD_CTX_init
#define EVP_MD_CTX_destroy hc_EVP_MD_CTX_destroy
#define EVP_MD_CTX_md hc_EVP_MD_CTX_md
#define EVP_MD_CTX_size hc_EVP_MD_CTX_size
#define EVP_MD_block_size hc_EVP_MD_block_size
#define EVP_MD_size hc_EVP_MD_size
#define EVP_aes_128_cbc hc_EVP_aes_128_cbc
#define EVP_aes_192_cbc hc_EVP_aes_192_cbc
#define EVP_aes_256_cbc hc_EVP_aes_256_cbc
#define EVP_des_ede3_cbc hc_EVP_des_ede3_cbc
#define EVP_enc_null hc_EVP_enc_null
#define EVP_md2 hc_EVP_md2
#define EVP_md4 hc_EVP_md4
#define EVP_md5 hc_EVP_md5
#define EVP_md_null hc_EVP_md_null
#define EVP_rc2_40_cbc hc_EVP_rc2_40_cbc
#define EVP_rc2_64_cbc hc_EVP_rc2_64_cbc
#define EVP_rc2_cbc hc_EVP_rc2_cbc
#define EVP_rc4 hc_EVP_rc4
#define EVP_rc4_40 hc_EVP_rc4_40
#define EVP_sha hc_EVP_sha
#define EVP_sha1 hc_EVP_sha1
#define EVP_sha256 hc_EVP_sha256
#define PKCS5_PBKDF2_HMAC_SHA1 hc_PKCS5_PBKDF2_HMAC_SHA1
#define EVP_BytesToKey hc_EVP_BytesToKey
#define EVP_get_cipherbyname hc_EVP_get_cipherbyname
#define OpenSSL_add_all_algorithms hc_OpenSSL_add_all_algorithms
#define OpenSSL_add_all_algorithms_conf hc_OpenSSL_add_all_algorithms_conf
#define OpenSSL_add_all_algorithms_noconf hc_OpenSSL_add_all_algorithms_noconf
/*
*
*/
typedef struct hc_EVP_MD_CTX EVP_MD_CTX;
typedef struct hc_evp_pkey EVP_PKEY;
typedef struct hc_evp_md EVP_MD;
typedef struct hc_CIPHER EVP_CIPHER;
typedef struct hc_CIPHER_CTX EVP_CIPHER_CTX;
#define EVP_MAX_IV_LENGTH 16
#define EVP_MAX_BLOCK_LENGTH 32
#define EVP_MAX_MD_SIZE 64
struct hc_CIPHER {
int nid;
int block_size;
int key_len;
int iv_len;
unsigned long flags;
/* The lowest 3 bits is used as integer field for the mode the
* cipher is used in (use EVP_CIPHER.._mode() to extract the
* mode). The rest of the flag field is a bitfield.
*/
#define EVP_CIPH_CBC_MODE 2
#define EVP_CIPH_MODE 0x7
#define EVP_CIPH_ALWAYS_CALL_INIT 0x20
int (*init)(EVP_CIPHER_CTX*,const unsigned char*,const unsigned char*,int);
int (*do_cipher)(EVP_CIPHER_CTX *, unsigned char *,
const unsigned char *, unsigned int);
int (*cleanup)(EVP_CIPHER_CTX *);
int ctx_size;
void *set_asn1_parameters;
void *get_asn1_parameters;
void *ctrl;
void *app_data;
};
struct hc_CIPHER_CTX {
const EVP_CIPHER *cipher;
ENGINE *engine;
int encrypt;
int buf_len;
unsigned char oiv[EVP_MAX_IV_LENGTH];
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char buf[EVP_MAX_BLOCK_LENGTH];
int num;
void *app_data;
int key_len;
unsigned long flags;
void *cipher_data;
int final_used;
int block_mask;
unsigned char final[EVP_MAX_BLOCK_LENGTH];
};
struct hc_EVP_MD_CTX {
const EVP_MD *md;
ENGINE *engine;
void *ptr;
};
/*
* Avaible crypto algs
*/
const EVP_MD *EVP_md_null(void);
const EVP_MD *EVP_md2(void);
const EVP_MD *EVP_md4(void);
const EVP_MD *EVP_md5(void);
const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_sha256(void);
const EVP_CIPHER * EVP_aes_128_cbc(void);
const EVP_CIPHER * EVP_aes_192_cbc(void);
const EVP_CIPHER * EVP_aes_256_cbc(void);
const EVP_CIPHER * EVP_des_ede3_cbc(void);
const EVP_CIPHER * EVP_enc_null(void);
const EVP_CIPHER * EVP_rc2_40_cbc(void);
const EVP_CIPHER * EVP_rc2_64_cbc(void);
const EVP_CIPHER * EVP_rc2_cbc(void);
const EVP_CIPHER * EVP_rc4(void);
const EVP_CIPHER * EVP_rc4_40(void);
/*
*
*/
size_t EVP_MD_size(const EVP_MD *);
size_t EVP_MD_block_size(const EVP_MD *);
const EVP_MD *
EVP_MD_CTX_md(EVP_MD_CTX *);
size_t EVP_MD_CTX_size(EVP_MD_CTX *);
size_t EVP_MD_CTX_block_size(EVP_MD_CTX *);
EVP_MD_CTX *
EVP_MD_CTX_create(void);
void EVP_MD_CTX_init(EVP_MD_CTX *);
void EVP_MD_CTX_destroy(EVP_MD_CTX *);
int EVP_MD_CTX_cleanup(EVP_MD_CTX *);
int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *);
int EVP_DigestUpdate(EVP_MD_CTX *,const void *, size_t);
int EVP_DigestFinal_ex(EVP_MD_CTX *, void *, unsigned int *);
int EVP_Digest(const void *, size_t, void *, unsigned int *,
const EVP_MD *, ENGINE *);
/*
*
*/
const EVP_CIPHER *
EVP_get_cipherbyname(const char *);
size_t EVP_CIPHER_block_size(const EVP_CIPHER *);
size_t EVP_CIPHER_key_length(const EVP_CIPHER *);
size_t EVP_CIPHER_iv_length(const EVP_CIPHER *);
void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *);
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int);
int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *, int);
unsigned long
EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *);
int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *);
const EVP_CIPHER *
EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *);
size_t EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *);
size_t EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *);
size_t EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *);
void * EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *);
void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *, void *);
int EVP_CipherInit_ex(EVP_CIPHER_CTX *,const EVP_CIPHER *, ENGINE *,
const void *, const void *, int);
int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t);
int PKCS5_PBKDF2_HMAC_SHA1(const void *, size_t, const void *, size_t,
unsigned long, size_t, void *);
int EVP_BytesToKey(const EVP_CIPHER *, const EVP_MD *,
const void *, const void *, size_t,
unsigned int, void *, void *);
/*
*
*/
void OpenSSL_add_all_algorithms(void);
void OpenSSL_add_all_algorithms_conf(void);
void OpenSSL_add_all_algorithms_noconf(void);
#endif /* HEIM_EVP_H */

217
lib/hcrypto/gen-des.pl Normal file
View File

@@ -0,0 +1,217 @@
#!/usr/pkg/bin/perl
#
# $Id$
use strict;
print "/* GENERATE FILE from gen-des.pl, do not edit */\n\n";
my $gen = 1;
sub gen_pattern
{
my $n = shift;
my $r = shift;
my $a = shift;
my $o = shift;
my $s = shift;
print "/* $n bit pattern ";
foreach my $k (@$a) {
print "$k ";
}
print "*/\n";
print "static int $n\[", $r + 1, "\] = {\n ";
foreach my $i (0..$r) {
my $j = 0;
my $b = 1;
foreach my $k (reverse @$a) {
if ($i & $b) {
$j |= ($s >>($k - $o - 1));
}
$b = $b << 1;
}
printf "0x%08x", $j;
print ", " if ($i != $r);
if (($i % 4) == 3) {
print "\n";
print " " if ($i != $r);
}
}
print "};\n";
}
if ($gen) {
gen_pattern("pc1_c_3", 7, [ 5, 13, 21 ], 0, 0x1000000);
gen_pattern("pc1_c_4", 15, [ 1, 9, 17, 25 ], 0, 0x1000000);
gen_pattern("pc1_d_3", 7, [ 49, 41, 33 ], 32, 0x1000000);
gen_pattern("pc1_d_4", 15, [ 57, 53, 45, 37 ], 32, 0x1000000);
gen_pattern("pc2_c_1", 63, [ 5, 24, 7, 16, 6, 10 ], 0, 0x800000);
gen_pattern("pc2_c_2", 63, [ 20, 18, 12, 3, 15, 23 ], 0, 0x800000);
gen_pattern("pc2_c_3", 63, [ 1, 9, 19, 2, 14, 22 ], 0, 0x800000);
gen_pattern("pc2_c_4", 63, [ 11, 13, 4, 17, 21, 8 ], 0, 0x800000);
gen_pattern("pc2_d_1", 63, [ 51, 35, 31, 52, 39, 45 ], 28, 0x800000);
gen_pattern("pc2_d_2", 63, [ 50, 32, 43, 36, 29, 48 ], 28, 0x800000);
gen_pattern("pc2_d_3", 63, [ 41, 38, 47, 33, 40, 42 ], 28, 0x800000);
gen_pattern("pc2_d_4", 63, [ 49, 37, 30, 46, 34, 44 ], 28, 0x800000);
}
sub
pbox_mutation
{
my $n = shift;
my $res = 0;
my @pbox = (
16, 7, 20, 21,
29, 12, 28, 17,
1, 15, 23, 26,
5, 18, 31, 10,
2, 8, 24, 14,
32, 27, 3, 9,
19, 13, 30, 6,
22, 11, 4, 25
);
foreach my $i (0..31) {
if ($n & (1 << ($pbox[$i] - 1))) {
# print "$i ", ($pbox[$i] - 1), "\n";
$res |= 1 << $i;
}
}
return $res;
}
my @S1 = (
14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13,
);
my @S2 = (
15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9,
);
my @S3 = (
10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12,
);
my @S4 = (
7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14,
);
my @S5 = (
2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3,
);
my @S6 = (
12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13,
);
my @S7 = (
4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12,
);
my @S8 = (
13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11,
);
my @SBox = ( \@S1, \@S2, \@S3, \@S4, \@S5, \@S6, \@S7, \@S8 );
sub
one_num_in_one_sbox
{
my $i = shift;
my $n = shift;
my $r = shift;
my $index = (($n & 1) << 4) | (($n & 0x20)) |
(($n >> 1) & 0x1) << 0 |
(($n >> 2) & 0x1) << 1 |
(($n >> 3) & 0x1) << 2 |
(($n >> 4) & 0x1) << 3;
die "argh" if ($index > 63 || $index < 0);
my $S = $SBox[$i - 1];
my $val = $$S[$index];
my $res = $val << (($i - 1) * 4);
my $p = &pbox_mutation($res);
print " $r ";
# $p = ($p >> $r) | ($p << (32 - $r - 1));
printf "0x%08x", $p;
print ", " if ($n != 63 or 1);
if (($n % 4) == 3) {
print " /* $i */" if ($n == 3);
print "\n";
print "\t" if ($n != 63);
}
}
sub
one_sbox
{
my $i = shift;
my $s = 0;
# print "static uint32_t sbox". $i ."[] = {\n\t";
print "\t";
foreach my $n (0..63) {
one_num_in_one_sbox($i, $n, $s);
}
print "\n";
# print "};\n";
}
if ($gen and 0) {
foreach my $sbox (7, 1, 3, 5, 4, 6, 8, 2) {
one_sbox($sbox, 1);
}
}
#my $num = 1;
#printf "pbox: %d -> 0x%08x\n", $num, pbox_mutation($num);
#$num = 0xc000000;
#printf "pbox: 0x%08x -> 0x%08x\n", $num, pbox_mutation($num);
print "static unsigned char odd_parity[256] = { \n";
foreach my $i (0..255) {
my $num = 0;
foreach my $b (1..7) {
$num++ if (($i >> $b) & 1);
}
my $t;
if (($num & 1) == 0) {
$t = $i | 1;
} else {
$t = 0xfe & $i;
}
printf "%3d,", $t;
printf "\n" if (($i % 16) == 15);
};
print " };\n";

71
lib/hcrypto/hash.h Normal file
View File

@@ -0,0 +1,71 @@
/*
* Copyright (c) 1999 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of KTH nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
/* $Id$ */
/* stuff in common between md4, md5, and sha1 */
#ifndef __hash_h__
#define __hash_h__
#include <stdlib.h>
#include <string.h>
#include <stddef.h>
#ifdef KRB5
#include <krb5-types.h>
#endif
#ifndef min
#define min(a,b) (((a)>(b))?(b):(a))
#endif
/* Vector Crays doesn't have a good 32-bit type, or more precisely,
int32_t as defined by <bind/bitypes.h> isn't 32 bits, and we don't
want to depend in being able to redefine this type. To cope with
this we have to clamp the result in some places to [0,2^32); no
need to do this on other machines. Did I say this was a mess?
*/
#ifdef _CRAY
#define CRAYFIX(X) ((X) & 0xffffffff)
#else
#define CRAYFIX(X) (X)
#endif
static inline uint32_t
cshift (uint32_t x, unsigned int n)
{
x = CRAYFIX(x);
return CRAYFIX((x << n) | (x >> (32 - n)));
}
#endif /* __hash_h__ */

122
lib/hcrypto/hmac.c Normal file
View File

@@ -0,0 +1,122 @@
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <hmac.h>
void
HMAC_CTX_init(HMAC_CTX *ctx)
{
memset(ctx, 0, sizeof(*ctx));
}
void
HMAC_CTX_cleanup(HMAC_CTX *ctx)
{
if (ctx->buf) {
memset(ctx->buf, 0, ctx->key_length);
free(ctx->buf);
ctx->buf = NULL;
}
if (ctx->opad) {
memset(ctx->ipad, 0, ctx->key_length);
free(ctx->opad);
ctx->opad = NULL;
}
if (ctx->ipad) {
memset(ctx->ipad, 0, ctx->key_length);
free(ctx->ipad);
ctx->ipad = NULL;
}
if (ctx->ctx) {
EVP_MD_CTX_destroy(ctx->ctx);
ctx->ctx = NULL;
}
}
size_t
HMAC_size(const HMAC_CTX *ctx)
{
return EVP_MD_size(ctx->md);
}
void
HMAC_Init_ex(HMAC_CTX *ctx,
const void *key,
size_t keylen,
const EVP_MD *md,
ENGINE *engine)
{
unsigned char *p;
size_t i;
if (ctx->md != md) {
ctx->md = md;
if (ctx->buf)
free (ctx->buf);
ctx->key_length = EVP_MD_size(ctx->md);
ctx->buf = malloc(ctx->key_length);
}
#if 0
ctx->engine = engine;
#endif
if (keylen > EVP_MD_block_size(ctx->md)) {
EVP_Digest(key, keylen, ctx->buf, NULL, ctx->md, engine);
key = ctx->buf;
keylen = EVP_MD_size(ctx->md);
}
if (ctx->opad)
free(ctx->opad);
if (ctx->ipad)
free(ctx->ipad);
ctx->opad = malloc(EVP_MD_block_size(ctx->md));
ctx->ipad = malloc(EVP_MD_block_size(ctx->md));
memset(ctx->ipad, 0x36, EVP_MD_block_size(ctx->md));
memset(ctx->opad, 0x5c, EVP_MD_block_size(ctx->md));
for (i = 0, p = ctx->ipad; i < keylen; i++)
p[i] ^= ((const unsigned char *)key)[i];
for (i = 0, p = ctx->opad; i < keylen; i++)
p[i] ^= ((const unsigned char *)key)[i];
ctx->ctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine);
EVP_DigestUpdate(ctx->ctx, ctx->ipad, EVP_MD_block_size(ctx->md));
}
void
HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len)
{
EVP_DigestUpdate(ctx->ctx, data, len);
}
void
HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len)
{
EVP_DigestFinal_ex(ctx->ctx, ctx->buf, NULL);
EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine);
EVP_DigestUpdate(ctx->ctx, ctx->opad, EVP_MD_block_size(ctx->md));
EVP_DigestUpdate(ctx->ctx, ctx->buf, ctx->key_length);
EVP_DigestFinal_ex(ctx->ctx, md, len);
}
void *
HMAC(const EVP_MD *md,
const void *key, size_t key_size,
const void *data, size_t data_size,
void *hash, unsigned int *hash_len)
{
HMAC_CTX ctx;
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, key, key_size, md, NULL);
HMAC_Update(&ctx, data, data_size);
HMAC_Final(&ctx, hash, hash_len);
HMAC_CTX_cleanup(&ctx);
return hash;
}

82
lib/hcrypto/hmac.h Normal file
View File

@@ -0,0 +1,82 @@
/*
* Copyright (c) 2005 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
#ifndef HEIM_HMAC_H
#define HEIM_HMAC_H 1
#include <hcrypto/evp.h>
/* symbol renaming */
#define HMAC_CTX_init hc_HMAC_CTX_init
#define HMAC_CTX_cleanup hc_HMAC_CTX_cleanup
#define HMAC_size hc_HMAC_size
#define HMAC_Init_ex hc_HMAC_Init_ex
#define HMAC_Update hc_HMAC_Update
#define HMAC_Final hc_HMAC_Final
#define HMAC hc_HMAC
/*
*
*/
#define HMAC_MAX_MD_CBLOCK 64
typedef struct hc_HMAC_CTX HMAC_CTX;
struct hc_HMAC_CTX {
const EVP_MD *md;
ENGINE *engine;
EVP_MD_CTX *ctx;
size_t key_length;
void *opad;
void *ipad;
void *buf;
};
void HMAC_CTX_init(HMAC_CTX *);
void HMAC_CTX_cleanup(HMAC_CTX *ctx);
size_t HMAC_size(const HMAC_CTX *ctx);
void HMAC_Init_ex(HMAC_CTX *, const void *, size_t,
const EVP_MD *, ENGINE *);
void HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len);
void HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len);
void * HMAC(const EVP_MD *evp_md, const void *key, size_t key_len,
const void *data, size_t n, void *md, unsigned int *md_len);
#endif /* HEIM_HMAC_H */

21
lib/hcrypto/imath/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
IMath is Copyright 2002-2007 Michael J. Fromberger
You may use it subject to the following Licensing Terms:
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

3240
lib/hcrypto/imath/imath.c Executable file
View File

File diff suppressed because it is too large Load Diff

220
lib/hcrypto/imath/imath.h Executable file
View File

@@ -0,0 +1,220 @@
/*
Name: imath.h
Purpose: Arbitrary precision integer arithmetic routines.
Author: M. J. Fromberger <http://www.dartmouth.edu/~sting/>
Info: $Id$
Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved.
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files
(the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
#ifndef IMATH_H_
#define IMATH_H_
#include <limits.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef unsigned char mp_sign;
typedef unsigned int mp_size;
typedef int mp_result;
#ifdef USE_LONG_LONG
typedef unsigned int mp_digit;
typedef unsigned long long mp_word;
#else
typedef unsigned short mp_digit;
typedef unsigned int mp_word;
#endif
typedef struct mpz {
mp_digit single;
mp_digit *digits;
mp_size alloc;
mp_size used;
mp_sign sign;
} mpz_t, *mp_int;
#define MP_DIGITS(Z) ((Z)->digits)
#define MP_ALLOC(Z) ((Z)->alloc)
#define MP_USED(Z) ((Z)->used)
#define MP_SIGN(Z) ((Z)->sign)
extern const mp_result MP_OK;
extern const mp_result MP_FALSE;
extern const mp_result MP_TRUE;
extern const mp_result MP_MEMORY;
extern const mp_result MP_RANGE;
extern const mp_result MP_UNDEF;
extern const mp_result MP_TRUNC;
extern const mp_result MP_BADARG;
#define MP_DIGIT_BIT (sizeof(mp_digit) * CHAR_BIT)
#define MP_WORD_BIT (sizeof(mp_word) * CHAR_BIT)
#ifdef USE_LONG_LONG
# ifndef ULONG_LONG_MAX
# ifdef ULLONG_MAX
# define ULONG_LONG_MAX ULLONG_MAX
# else
# error "Maximum value of unsigned long long not defined!"
# endif
# endif
# define MP_DIGIT_MAX (ULONG_MAX * 1ULL)
# define MP_WORD_MAX ULONG_LONG_MAX
#else
# define MP_DIGIT_MAX (USHRT_MAX * 1UL)
# define MP_WORD_MAX (UINT_MAX * 1UL)
#endif
#define MP_MIN_RADIX 2
#define MP_MAX_RADIX 36
/* Values with fewer than this many significant digits use the
standard multiplication algorithm; otherwise, a recursive algorithm
is used. Choose a value to suit your platform.
*/
#define MP_MULT_THRESH 32
#define MP_DEFAULT_PREC 8 /* default memory allocation, in digits */
extern const mp_sign MP_NEG;
extern const mp_sign MP_ZPOS;
#define mp_int_is_odd(Z) ((Z)->digits[0] & 1)
#define mp_int_is_even(Z) !((Z)->digits[0] & 1)
mp_result mp_int_init(mp_int z);
mp_int mp_int_alloc(void);
mp_result mp_int_init_size(mp_int z, mp_size prec);
mp_result mp_int_init_copy(mp_int z, mp_int old);
mp_result mp_int_init_value(mp_int z, int value);
mp_result mp_int_set_value(mp_int z, int value);
void mp_int_clear(mp_int z);
void mp_int_free(mp_int z);
mp_result mp_int_copy(mp_int a, mp_int c); /* c = a */
void mp_int_swap(mp_int a, mp_int c); /* swap a, c */
void mp_int_zero(mp_int z); /* z = 0 */
mp_result mp_int_abs(mp_int a, mp_int c); /* c = |a| */
mp_result mp_int_neg(mp_int a, mp_int c); /* c = -a */
mp_result mp_int_add(mp_int a, mp_int b, mp_int c); /* c = a + b */
mp_result mp_int_add_value(mp_int a, int value, mp_int c);
mp_result mp_int_sub(mp_int a, mp_int b, mp_int c); /* c = a - b */
mp_result mp_int_sub_value(mp_int a, int value, mp_int c);
mp_result mp_int_mul(mp_int a, mp_int b, mp_int c); /* c = a * b */
mp_result mp_int_mul_value(mp_int a, int value, mp_int c);
mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c);
mp_result mp_int_sqr(mp_int a, mp_int c); /* c = a * a */
mp_result mp_int_div(mp_int a, mp_int b, /* q = a / b */
mp_int q, mp_int r); /* r = a % b */
mp_result mp_int_div_value(mp_int a, int value, /* q = a / value */
mp_int q, int *r); /* r = a % value */
mp_result mp_int_div_pow2(mp_int a, int p2, /* q = a / 2^p2 */
mp_int q, mp_int r); /* r = q % 2^p2 */
mp_result mp_int_mod(mp_int a, mp_int m, mp_int c); /* c = a % m */
#define mp_int_mod_value(A, V, R) mp_int_div_value((A), (V), 0, (R))
mp_result mp_int_expt(mp_int a, int b, mp_int c); /* c = a^b */
mp_result mp_int_expt_value(int a, int b, mp_int c); /* c = a^b */
int mp_int_compare(mp_int a, mp_int b); /* a <=> b */
int mp_int_compare_unsigned(mp_int a, mp_int b); /* |a| <=> |b| */
int mp_int_compare_zero(mp_int z); /* a <=> 0 */
int mp_int_compare_value(mp_int z, int value); /* a <=> v */
/* Returns true if v|a, false otherwise (including errors) */
int mp_int_divisible_value(mp_int a, int v);
/* Returns k >= 0 such that z = 2^k, if one exists; otherwise < 0 */
int mp_int_is_pow2(mp_int z);
mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m,
mp_int c); /* c = a^b (mod m) */
mp_result mp_int_exptmod_evalue(mp_int a, int value,
mp_int m, mp_int c); /* c = a^v (mod m) */
mp_result mp_int_exptmod_bvalue(int value, mp_int b,
mp_int m, mp_int c); /* c = v^b (mod m) */
mp_result mp_int_exptmod_known(mp_int a, mp_int b,
mp_int m, mp_int mu,
mp_int c); /* c = a^b (mod m) */
mp_result mp_int_redux_const(mp_int m, mp_int c);
mp_result mp_int_invmod(mp_int a, mp_int m, mp_int c); /* c = 1/a (mod m) */
mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c); /* c = gcd(a, b) */
mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, /* c = gcd(a, b) */
mp_int x, mp_int y); /* c = ax + by */
mp_result mp_int_sqrt(mp_int a, mp_int c); /* c = floor(sqrt(q)) */
/* Convert to an int, if representable (returns MP_RANGE if not). */
mp_result mp_int_to_int(mp_int z, int *out);
/* Convert to nul-terminated string with the specified radix, writing at
most limit characters including the nul terminator */
mp_result mp_int_to_string(mp_int z, mp_size radix,
char *str, int limit);
/* Return the number of characters required to represent
z in the given radix. May over-estimate. */
mp_result mp_int_string_len(mp_int z, mp_size radix);
/* Read zero-terminated string into z */
mp_result mp_int_read_string(mp_int z, mp_size radix, const char *str);
mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str,
char **end);
/* Return the number of significant bits in z */
mp_result mp_int_count_bits(mp_int z);
/* Convert z to two's complement binary, writing at most limit bytes */
mp_result mp_int_to_binary(mp_int z, unsigned char *buf, int limit);
/* Read a two's complement binary value into z from the given buffer */
mp_result mp_int_read_binary(mp_int z, unsigned char *buf, int len);
/* Return the number of bytes required to represent z in binary. */
mp_result mp_int_binary_len(mp_int z);
/* Convert z to unsigned binary, writing at most limit bytes */
mp_result mp_int_to_unsigned(mp_int z, unsigned char *buf, int limit);
/* Read an unsigned binary value into z from the given buffer */
mp_result mp_int_read_unsigned(mp_int z, unsigned char *buf, int len);
/* Return the number of bytes required to represent z as unsigned output */
mp_result mp_int_unsigned_len(mp_int z);
/* Return a statically allocated string describing error code res */
const char *mp_error_string(mp_result res);
#if DEBUG
void s_print(char *tag, mp_int z);
void s_print_buf(char *tag, mp_digit *buf, mp_size num);
#endif
#ifdef __cplusplus
}
#endif
#endif /* end IMATH_H_ */

26
lib/hcrypto/imath/import.sh Normal file
View File

@@ -0,0 +1,26 @@
#!/bin/sh
# $Id$
dir=$1
if test ! -f "$dir"/imdrover.c ; then
echo $dir doesnt seem to contain imath
exit 1
fi
rm *.[ch]
headers=`grep ^HDRS "$dir"/Makefile |sed 's/^HDRS=//' | sed 's/imdrover.h//'`
code=`echo $headers | sed 's/imrat.h//g'`
code=`echo $headers | sed 's/rsamath.h//g'`
code=`echo $headers | sed 's/\.h/.c/g'`
for a in $headers $code LICENSE ; do
cp "$dir"/"$a" .
done
echo "imathsource = \\"
for a in $headers $code ; do
echo " imath/$a \\"
done | sort

186
lib/hcrypto/imath/iprime.c Executable file
View File

@@ -0,0 +1,186 @@
/*
Name: iprime.c
Purpose: Pseudoprimality testing routines
Author: M. J. Fromberger <http://www.dartmouth.edu/~sting/>
Info: $Id$
Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved.
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files
(the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
#include "iprime.h"
#include <stdlib.h>
static const int s_ptab[] = {
3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,
47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,
103, 107, 109, 113, 127, 131, 137, 139, 149, 151,
157, 163, 167, 173, 179, 181, 191, 193, 197, 199,
211, 223, 227, 229, 233, 239, 241, 251, 257, 263,
269, 271, 277, 281, 283, 293, 307, 311, 313, 317,
331, 337, 347, 349, 353, 359, 367, 373, 379, 383,
389, 397, 401, 409, 419, 421, 431, 433, 439, 443,
449, 457, 461, 463, 467, 479, 487, 491, 499, 503,
509, 521, 523, 541, 547, 557, 563, 569, 571, 577,
587, 593, 599, 601, 607, 613, 617, 619, 631, 641,
643, 647, 653, 659, 661, 673, 677, 683, 691, 701,
709, 719, 727, 733, 739, 743, 751, 757, 761, 769,
773, 787, 797, 809, 811, 821, 823, 827, 829, 839,
853, 857, 859, 863, 877, 881, 883, 887, 907, 911,
919, 929, 937, 941, 947, 953, 967, 971, 977, 983,
991, 997, 1009, 1013, 1019, 1021, 1031, 1033,
1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,
1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,
1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,
1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,
1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,
1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,
1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,
1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,
1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,
1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,
1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,
1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,
1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,
1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,
1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,
1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,
1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,
2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,
2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,
2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,
2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,
2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,
2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,
2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,
2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,
2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,
2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,
2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,
2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,
2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,
2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,
2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,
3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,
3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,
3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,
3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,
3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,
3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,
3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,
3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,
3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,
3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,
3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,
3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,
3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,
3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,
3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,
4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,
4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,
4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,
4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,
4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,
4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,
4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,
4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,
4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,
4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,
4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,
4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,
4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,
4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,
4957, 4967, 4969, 4973, 4987, 4993, 4999
};
static const int s_ptab_size = sizeof(s_ptab)/sizeof(s_ptab[0]);
/* {{{ mp_int_is_prime(z) */
/* Test whether z is likely to be prime:
MP_TRUE means it is probably prime
MP_FALSE means it is definitely composite
*/
mp_result mp_int_is_prime(mp_int z)
{
int i, rem;
mp_result res;
/* First check for divisibility by small primes; this eliminates a
large number of composite candidates quickly
*/
for(i = 0; i < s_ptab_size; ++i) {
if((res = mp_int_div_value(z, s_ptab[i], NULL, &rem)) != MP_OK)
return res;
if(rem == 0)
return MP_FALSE;
}
/* Now try Fermat's test for several prime witnesses (since we now
know from the above that z is not a multiple of any of them)
*/
{
mpz_t tmp;
if((res = mp_int_init(&tmp)) != MP_OK) return res;
for(i = 0; i < 10 && i < s_ptab_size; ++i) {
if((res = mp_int_exptmod_bvalue(s_ptab[i], z, z, &tmp)) != MP_OK)
return res;
if(mp_int_compare_value(&tmp, s_ptab[i]) != 0) {
mp_int_clear(&tmp);
return MP_FALSE;
}
}
mp_int_clear(&tmp);
}
return MP_TRUE;
}
/* }}} */
/* {{{ mp_int_find_prime(z) */
/* Find the first apparent prime in ascending order from z */
mp_result mp_int_find_prime(mp_int z)
{
mp_result res;
if(mp_int_is_even(z) && ((res = mp_int_add_value(z, 1, z)) != MP_OK))
return res;
while((res = mp_int_is_prime(z)) == MP_FALSE) {
if((res = mp_int_add_value(z, 2, z)) != MP_OK)
break;
}
return res;
}
/* }}} */
/* Here there be dragons */

51
lib/hcrypto/imath/iprime.h Executable file
View File

@@ -0,0 +1,51 @@
/*
Name: iprime.h
Purpose: Pseudoprimality testing routines
Author: M. J. Fromberger <http://www.dartmouth.edu/~sting/>
Info: $Id$
Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved.
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files
(the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
#ifndef IPRIME_H_
#define IPRIME_H_
#include "imath.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Test whether z is likely to be prime
MP_YES means it is probably prime
MP_NO means it is definitely composite
*/
mp_result mp_int_is_prime(mp_int z);
/* Find the first apparent prime in ascending order from z */
mp_result mp_int_find_prime(mp_int z);
#ifdef __cplusplus
}
#endif
#endif /* IPRIME_H_ */

138
lib/hcrypto/md2.c Normal file
View File

@@ -0,0 +1,138 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
RCSID("$Id$");
#endif
#include "hash.h"
#include "md2.h"
static const unsigned char subst[256] = {
41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
31, 26, 219, 153, 141, 51, 159, 17, 131, 20
};
void
MD2_Init (struct md2 *m)
{
memset(m, 0, sizeof(*m));
}
static void
calc(struct md2 *m, const void *v)
{
unsigned char x[48], L;
const unsigned char *p = v;
int i, j, t;
L = m->checksum[15];
for (i = 0; i < 16; i++)
L = m->checksum[i] ^= subst[p[i] ^ L];
for (i = 0; i < 16; i++) {
x[i] = m->state[i];
x[i + 16] = p[i];
x[i + 32] = x[i] ^ p[i];
}
t = 0;
for (i = 0; i < 18; i++) {
for (j = 0; j < 48; j++)
t = x[j] ^= subst[t];
t = (t + i) & 0xff;
}
memcpy(m->state, x, 16);
memset(x, 0, sizeof(x));
}
void
MD2_Update (struct md2 *m, const void *v, size_t len)
{
size_t idx = m->len & 0xf;
const unsigned char *p = v;
m->len += len;
if (len + idx >= 16) {
if (idx) {
memcpy(m->data + idx, p, 16 - idx);
calc(m, m->data);
p += 16;
len -= 16 - idx;
}
while (len >= 16) {
calc(m, p);
p += 16;
len -= 16;
}
idx = 0;
}
memcpy(m->data + idx, p, len);
}
void
MD2_Final (void *res, struct md2 *m)
{
unsigned char pad[16];
size_t padlen;
padlen = 16 - (m->len % 16);
memset(pad, padlen, padlen);
MD2_Update(m, pad, padlen);
memcpy(pad, m->checksum, 16);
MD2_Update(m, pad, 16);
memcpy(res, m->state, MD2_DIGEST_LENGTH);
memset(m, 0, sizeof(m));
}

63
lib/hcrypto/md2.h Normal file
View File

@@ -0,0 +1,63 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
#ifndef HEIM_MD2_H
#define HEIM_MD2_H 1
/* symbol renaming */
#define MD2_Init hc_MD2_Init
#define MD2_Update hc_MD2_Update
#define MD2_Final hc_MD2_Final
/*
*
*/
#define MD2_DIGEST_LENGTH 16
struct md2 {
size_t len;
unsigned char data[16]; /* stored unalligned data between Update's */
unsigned char checksum[16];
unsigned char state[16]; /* lower 16 bytes of X */
};
typedef struct md2 MD2_CTX;
void MD2_Init (struct md2 *m);
void MD2_Update (struct md2 *m, const void *p, size_t len);
void MD2_Final (void *res, struct md2 *m);
#endif /* HEIM_MD2_H */

250
lib/hcrypto/md4.c Normal file
View File

@@ -0,0 +1,250 @@
/*
* Copyright (c) 1995 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
RCSID("$Id$");
#endif
#include "hash.h"
#include "md4.h"
#define A m->counter[0]
#define B m->counter[1]
#define C m->counter[2]
#define D m->counter[3]
#define X data
void
MD4_Init (struct md4 *m)
{
m->sz[0] = 0;
m->sz[1] = 0;
D = 0x10325476;
C = 0x98badcfe;
B = 0xefcdab89;
A = 0x67452301;
}
#define F(x,y,z) CRAYFIX((x & y) | (~x & z))
#define G(x,y,z) ((x & y) | (x & z) | (y & z))
#define H(x,y,z) (x ^ y ^ z)
#define DOIT(a,b,c,d,k,s,i,OP) \
a = cshift(a + OP(b,c,d) + X[k] + i, s)
#define DO1(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,F)
#define DO2(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,G)
#define DO3(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,H)
static inline void
calc (struct md4 *m, uint32_t *data)
{
uint32_t AA, BB, CC, DD;
AA = A;
BB = B;
CC = C;
DD = D;
/* Round 1 */
DO1(A,B,C,D,0,3,0);
DO1(D,A,B,C,1,7,0);
DO1(C,D,A,B,2,11,0);
DO1(B,C,D,A,3,19,0);
DO1(A,B,C,D,4,3,0);
DO1(D,A,B,C,5,7,0);
DO1(C,D,A,B,6,11,0);
DO1(B,C,D,A,7,19,0);
DO1(A,B,C,D,8,3,0);
DO1(D,A,B,C,9,7,0);
DO1(C,D,A,B,10,11,0);
DO1(B,C,D,A,11,19,0);
DO1(A,B,C,D,12,3,0);
DO1(D,A,B,C,13,7,0);
DO1(C,D,A,B,14,11,0);
DO1(B,C,D,A,15,19,0);
/* Round 2 */
DO2(A,B,C,D,0,3,0x5A827999);
DO2(D,A,B,C,4,5,0x5A827999);
DO2(C,D,A,B,8,9,0x5A827999);
DO2(B,C,D,A,12,13,0x5A827999);
DO2(A,B,C,D,1,3,0x5A827999);
DO2(D,A,B,C,5,5,0x5A827999);
DO2(C,D,A,B,9,9,0x5A827999);
DO2(B,C,D,A,13,13,0x5A827999);
DO2(A,B,C,D,2,3,0x5A827999);
DO2(D,A,B,C,6,5,0x5A827999);
DO2(C,D,A,B,10,9,0x5A827999);
DO2(B,C,D,A,14,13,0x5A827999);
DO2(A,B,C,D,3,3,0x5A827999);
DO2(D,A,B,C,7,5,0x5A827999);
DO2(C,D,A,B,11,9,0x5A827999);
DO2(B,C,D,A,15,13,0x5A827999);
/* Round 3 */
DO3(A,B,C,D,0,3,0x6ED9EBA1);
DO3(D,A,B,C,8,9,0x6ED9EBA1);
DO3(C,D,A,B,4,11,0x6ED9EBA1);
DO3(B,C,D,A,12,15,0x6ED9EBA1);
DO3(A,B,C,D,2,3,0x6ED9EBA1);
DO3(D,A,B,C,10,9,0x6ED9EBA1);
DO3(C,D,A,B,6,11,0x6ED9EBA1);
DO3(B,C,D,A,14,15,0x6ED9EBA1);
DO3(A,B,C,D,1,3,0x6ED9EBA1);
DO3(D,A,B,C,9,9,0x6ED9EBA1);
DO3(C,D,A,B,5,11,0x6ED9EBA1);
DO3(B,C,D,A,13,15,0x6ED9EBA1);
DO3(A,B,C,D,3,3,0x6ED9EBA1);
DO3(D,A,B,C,11,9,0x6ED9EBA1);
DO3(C,D,A,B,7,11,0x6ED9EBA1);
DO3(B,C,D,A,15,15,0x6ED9EBA1);
A += AA;
B += BB;
C += CC;
D += DD;
}
/*
* From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu>
*/
#if defined(WORDS_BIGENDIAN)
static inline uint32_t
swap_uint32_t (uint32_t t)
{
uint32_t temp1, temp2;
temp1 = cshift(t, 16);
temp2 = temp1 >> 8;
temp1 &= 0x00ff00ff;
temp2 &= 0x00ff00ff;
temp1 <<= 8;
return temp1 | temp2;
}
#endif
struct x32{
unsigned int a:32;
unsigned int b:32;
};
void
MD4_Update (struct md4 *m, const void *v, size_t len)
{
const unsigned char *p = v;
size_t old_sz = m->sz[0];
size_t offset;
m->sz[0] += len * 8;
if (m->sz[0] < old_sz)
++m->sz[1];
offset = (old_sz / 8) % 64;
while(len > 0) {
size_t l = min(len, 64 - offset);
memcpy(m->save + offset, p, l);
offset += l;
p += l;
len -= l;
if(offset == 64) {
#if defined(WORDS_BIGENDIAN)
int i;
uint32_t current[16];
struct x32 *u = (struct x32*)m->save;
for(i = 0; i < 8; i++){
current[2*i+0] = swap_uint32_t(u[i].a);
current[2*i+1] = swap_uint32_t(u[i].b);
}
calc(m, current);
#else
calc(m, (uint32_t*)m->save);
#endif
offset = 0;
}
}
}
void
MD4_Final (void *res, struct md4 *m)
{
unsigned char zeros[72];
unsigned offset = (m->sz[0] / 8) % 64;
unsigned int dstart = (120 - offset - 1) % 64 + 1;
*zeros = 0x80;
memset (zeros + 1, 0, sizeof(zeros) - 1);
zeros[dstart+0] = (m->sz[0] >> 0) & 0xff;
zeros[dstart+1] = (m->sz[0] >> 8) & 0xff;
zeros[dstart+2] = (m->sz[0] >> 16) & 0xff;
zeros[dstart+3] = (m->sz[0] >> 24) & 0xff;
zeros[dstart+4] = (m->sz[1] >> 0) & 0xff;
zeros[dstart+5] = (m->sz[1] >> 8) & 0xff;
zeros[dstart+6] = (m->sz[1] >> 16) & 0xff;
zeros[dstart+7] = (m->sz[1] >> 24) & 0xff;
MD4_Update (m, zeros, dstart + 8);
{
int i;
unsigned char *r = (unsigned char *)res;
for (i = 0; i < 4; ++i) {
r[4*i] = m->counter[i] & 0xFF;
r[4*i+1] = (m->counter[i] >> 8) & 0xFF;
r[4*i+2] = (m->counter[i] >> 16) & 0xFF;
r[4*i+3] = (m->counter[i] >> 24) & 0xFF;
}
}
#if 0
{
int i;
uint32_t *r = (uint32_t *)res;
for (i = 0; i < 4; ++i)
r[i] = swap_uint32_t (m->counter[i]);
}
#endif
}

62
lib/hcrypto/md4.h Normal file
View File

@@ -0,0 +1,62 @@
/*
* Copyright (c) 1995 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
#ifndef HEIM_MD4_H
#define HEIM_MD4_H 1
/* symbol renaming */
#define MD4_Init hc_MD4_Init
#define MD4_Update hc_MD4_Update
#define MD4_Final hc_MD4_Final
/*
*
*/
#define MD4_DIGEST_LENGTH 16
struct md4 {
unsigned int sz[2];
uint32_t counter[4];
unsigned char save[64];
};
typedef struct md4 MD4_CTX;
void MD4_Init (struct md4 *m);
void MD4_Update (struct md4 *m, const void *p, size_t len);
void MD4_Final (void *res, struct md4 *m);
#endif /* HEIM_MD4_H */

274
lib/hcrypto/md5.c Normal file
View File

@@ -0,0 +1,274 @@
/*
* Copyright (c) 1995 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
RCSID("$Id$");
#endif
#include "hash.h"
#include "md5.h"
#define A m->counter[0]
#define B m->counter[1]
#define C m->counter[2]
#define D m->counter[3]
#define X data
void
MD5_Init (struct md5 *m)
{
m->sz[0] = 0;
m->sz[1] = 0;
D = 0x10325476;
C = 0x98badcfe;
B = 0xefcdab89;
A = 0x67452301;
}
#define F(x,y,z) CRAYFIX((x & y) | (~x & z))
#define G(x,y,z) CRAYFIX((x & z) | (y & ~z))
#define H(x,y,z) (x ^ y ^ z)
#define I(x,y,z) CRAYFIX(y ^ (x | ~z))
#define DOIT(a,b,c,d,k,s,i,OP) \
a = b + cshift(a + OP(b,c,d) + X[k] + (i), s)
#define DO1(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,F)
#define DO2(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,G)
#define DO3(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,H)
#define DO4(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,I)
static inline void
calc (struct md5 *m, uint32_t *data)
{
uint32_t AA, BB, CC, DD;
AA = A;
BB = B;
CC = C;
DD = D;
/* Round 1 */
DO1(A,B,C,D,0,7,0xd76aa478);
DO1(D,A,B,C,1,12,0xe8c7b756);
DO1(C,D,A,B,2,17,0x242070db);
DO1(B,C,D,A,3,22,0xc1bdceee);
DO1(A,B,C,D,4,7,0xf57c0faf);
DO1(D,A,B,C,5,12,0x4787c62a);
DO1(C,D,A,B,6,17,0xa8304613);
DO1(B,C,D,A,7,22,0xfd469501);
DO1(A,B,C,D,8,7,0x698098d8);
DO1(D,A,B,C,9,12,0x8b44f7af);
DO1(C,D,A,B,10,17,0xffff5bb1);
DO1(B,C,D,A,11,22,0x895cd7be);
DO1(A,B,C,D,12,7,0x6b901122);
DO1(D,A,B,C,13,12,0xfd987193);
DO1(C,D,A,B,14,17,0xa679438e);
DO1(B,C,D,A,15,22,0x49b40821);
/* Round 2 */
DO2(A,B,C,D,1,5,0xf61e2562);
DO2(D,A,B,C,6,9,0xc040b340);
DO2(C,D,A,B,11,14,0x265e5a51);
DO2(B,C,D,A,0,20,0xe9b6c7aa);
DO2(A,B,C,D,5,5,0xd62f105d);
DO2(D,A,B,C,10,9,0x2441453);
DO2(C,D,A,B,15,14,0xd8a1e681);
DO2(B,C,D,A,4,20,0xe7d3fbc8);
DO2(A,B,C,D,9,5,0x21e1cde6);
DO2(D,A,B,C,14,9,0xc33707d6);
DO2(C,D,A,B,3,14,0xf4d50d87);
DO2(B,C,D,A,8,20,0x455a14ed);
DO2(A,B,C,D,13,5,0xa9e3e905);
DO2(D,A,B,C,2,9,0xfcefa3f8);
DO2(C,D,A,B,7,14,0x676f02d9);
DO2(B,C,D,A,12,20,0x8d2a4c8a);
/* Round 3 */
DO3(A,B,C,D,5,4,0xfffa3942);
DO3(D,A,B,C,8,11,0x8771f681);
DO3(C,D,A,B,11,16,0x6d9d6122);
DO3(B,C,D,A,14,23,0xfde5380c);
DO3(A,B,C,D,1,4,0xa4beea44);
DO3(D,A,B,C,4,11,0x4bdecfa9);
DO3(C,D,A,B,7,16,0xf6bb4b60);
DO3(B,C,D,A,10,23,0xbebfbc70);
DO3(A,B,C,D,13,4,0x289b7ec6);
DO3(D,A,B,C,0,11,0xeaa127fa);
DO3(C,D,A,B,3,16,0xd4ef3085);
DO3(B,C,D,A,6,23,0x4881d05);
DO3(A,B,C,D,9,4,0xd9d4d039);
DO3(D,A,B,C,12,11,0xe6db99e5);
DO3(C,D,A,B,15,16,0x1fa27cf8);
DO3(B,C,D,A,2,23,0xc4ac5665);
/* Round 4 */
DO4(A,B,C,D,0,6,0xf4292244);
DO4(D,A,B,C,7,10,0x432aff97);
DO4(C,D,A,B,14,15,0xab9423a7);
DO4(B,C,D,A,5,21,0xfc93a039);
DO4(A,B,C,D,12,6,0x655b59c3);
DO4(D,A,B,C,3,10,0x8f0ccc92);
DO4(C,D,A,B,10,15,0xffeff47d);
DO4(B,C,D,A,1,21,0x85845dd1);
DO4(A,B,C,D,8,6,0x6fa87e4f);
DO4(D,A,B,C,15,10,0xfe2ce6e0);
DO4(C,D,A,B,6,15,0xa3014314);
DO4(B,C,D,A,13,21,0x4e0811a1);
DO4(A,B,C,D,4,6,0xf7537e82);
DO4(D,A,B,C,11,10,0xbd3af235);
DO4(C,D,A,B,2,15,0x2ad7d2bb);
DO4(B,C,D,A,9,21,0xeb86d391);
A += AA;
B += BB;
C += CC;
D += DD;
}
/*
* From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu>
*/
#if defined(WORDS_BIGENDIAN)
static inline uint32_t
swap_uint32_t (uint32_t t)
{
uint32_t temp1, temp2;
temp1 = cshift(t, 16);
temp2 = temp1 >> 8;
temp1 &= 0x00ff00ff;
temp2 &= 0x00ff00ff;
temp1 <<= 8;
return temp1 | temp2;
}
#endif
struct x32{
unsigned int a:32;
unsigned int b:32;
};
void
MD5_Update (struct md5 *m, const void *v, size_t len)
{
const unsigned char *p = v;
size_t old_sz = m->sz[0];
size_t offset;
m->sz[0] += len * 8;
if (m->sz[0] < old_sz)
++m->sz[1];
offset = (old_sz / 8) % 64;
while(len > 0){
size_t l = min(len, 64 - offset);
memcpy(m->save + offset, p, l);
offset += l;
p += l;
len -= l;
if(offset == 64){
#if defined(WORDS_BIGENDIAN)
int i;
uint32_t current[16];
struct x32 *u = (struct x32*)m->save;
for(i = 0; i < 8; i++){
current[2*i+0] = swap_uint32_t(u[i].a);
current[2*i+1] = swap_uint32_t(u[i].b);
}
calc(m, current);
#else
calc(m, (uint32_t*)m->save);
#endif
offset = 0;
}
}
}
void
MD5_Final (void *res, struct md5 *m)
{
unsigned char zeros[72];
unsigned offset = (m->sz[0] / 8) % 64;
unsigned int dstart = (120 - offset - 1) % 64 + 1;
*zeros = 0x80;
memset (zeros + 1, 0, sizeof(zeros) - 1);
zeros[dstart+0] = (m->sz[0] >> 0) & 0xff;
zeros[dstart+1] = (m->sz[0] >> 8) & 0xff;
zeros[dstart+2] = (m->sz[0] >> 16) & 0xff;
zeros[dstart+3] = (m->sz[0] >> 24) & 0xff;
zeros[dstart+4] = (m->sz[1] >> 0) & 0xff;
zeros[dstart+5] = (m->sz[1] >> 8) & 0xff;
zeros[dstart+6] = (m->sz[1] >> 16) & 0xff;
zeros[dstart+7] = (m->sz[1] >> 24) & 0xff;
MD5_Update (m, zeros, dstart + 8);
{
int i;
unsigned char *r = (unsigned char *)res;
for (i = 0; i < 4; ++i) {
r[4*i] = m->counter[i] & 0xFF;
r[4*i+1] = (m->counter[i] >> 8) & 0xFF;
r[4*i+2] = (m->counter[i] >> 16) & 0xFF;
r[4*i+3] = (m->counter[i] >> 24) & 0xFF;
}
}
#if 0
{
int i;
uint32_t *r = (uint32_t *)res;
for (i = 0; i < 4; ++i)
r[i] = swap_uint32_t (m->counter[i]);
}
#endif
}

62
lib/hcrypto/md5.h Normal file
View File

@@ -0,0 +1,62 @@
/*
* Copyright (c) 1995 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
#ifndef HEIM_MD5_H
#define HEIM_MD5_H 1
/* symbol renaming */
#define MD5_Init hc_MD5_Init
#define MD5_Update hc_MD5_Update
#define MD5_Final hc_MD5_Final
/*
*
*/
#define MD5_DIGEST_LENGTH 16
struct md5 {
unsigned int sz[2];
uint32_t counter[4];
unsigned char save[64];
};
typedef struct md5 MD5_CTX;
void MD5_Init (struct md5 *m);
void MD5_Update (struct md5 *m, const void *p, size_t len);
void MD5_Final (void *res, struct md5 *m); /* uint32_t res[4] */
#endif /* HEIM_MD5_H */

80
lib/hcrypto/md5crypt_test.c Normal file
View File

@@ -0,0 +1,80 @@
/*
* Copyright (c) 1999 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id$");
#endif
#include <stdio.h>
#include <string.h>
#include <des.h>
struct test {
const char *str;
const char *salt;
const char *result;
} tests[] = {
{"Hello world!", "$1$saltstring", "$1$saltstri$YMyguxXMBpd2TEZ.vS/3q1"},
{NULL, NULL, NULL}
};
static int
do_test (void)
{
struct test *t;
int res = 0;
for (t = tests; t->str != NULL; ++t) {
const char *c;
c = crypt (t->str, t->salt);
if (strcmp (c, t->result) != 0) {
res = 1;
printf ("should have been: \"%s\"\n", t->result);
printf ("result was: \"%s\"\n", c);
}
}
if (res)
printf ("failed\n");
else
printf ("success\n");
return res;
}
int
main (void)
{
return do_test ();
}

358
lib/hcrypto/mdtest.c Normal file
View File

@@ -0,0 +1,358 @@
/*
* Copyright (c) 1995 - 2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id$");
#endif
#include <stdio.h>
#ifdef HAVE_STDLIB_H
#include <stdlib.h>
#endif
#include <string.h>
#ifdef KRB5
#include <krb5-types.h>
#endif
#include <md2.h>
#include <md4.h>
#include <md5.h>
#include <sha.h>
#include <evp.h>
#define ONE_MILLION_A "one million a's"
struct hash_foo {
const char *name;
size_t psize;
size_t hsize;
void (*init)(void*);
void (*update)(void*, const void*, size_t);
void (*final)(void*, void*);
const EVP_MD * (*evp)(void);
} md2 = {
"MD2",
sizeof(MD2_CTX),
16,
(void (*)(void*))MD2_Init,
(void (*)(void*,const void*, size_t))MD2_Update,
(void (*)(void*, void*))MD2_Final,
EVP_md2
}, md4 = {
"MD4",
sizeof(MD4_CTX),
16,
(void (*)(void*))MD4_Init,
(void (*)(void*,const void*, size_t))MD4_Update,
(void (*)(void*, void*))MD4_Final,
EVP_md4
}, md5 = {
"MD5",
sizeof(MD5_CTX),
16,
(void (*)(void*))MD5_Init,
(void (*)(void*,const void*, size_t))MD5_Update,
(void (*)(void*, void*))MD5_Final,
EVP_md5
}, sha1 = {
"SHA-1",
sizeof(struct sha),
20,
(void (*)(void*))SHA1_Init,
(void (*)(void*,const void*, size_t))SHA1_Update,
(void (*)(void*, void*))SHA1_Final,
EVP_sha1
};
struct hash_foo sha256 = {
"SHA-256",
sizeof(SHA256_CTX),
32,
(void (*)(void*))SHA256_Init,
(void (*)(void*,const void*, size_t))SHA256_Update,
(void (*)(void*, void*))SHA256_Final,
EVP_sha256
};
#ifdef HAVE_SHA384
struct hash_foo sha384 = {
"SHA-384",
sizeof(struct sha512),
48,
(void (*)(void*))SHA384_Init,
(void (*)(void*,const void*, size_t))SHA384_Update,
(void (*)(void*, void*))SHA384_Final
};
#endif
#ifdef HAVE_SHA512
struct hash_foo sha512 = {
"SHA-512",
sizeof(struct sha512),
64,
(void (*)(void*))SHA512_Init,
(void (*)(void*,const void*, size_t))SHA512_Update,
(void (*)(void*, void*))SHA512_Final
};
#endif
struct test {
char *str;
unsigned char hash[64];
};
struct test md2_tests[] = {
{"",
"\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69\x27\x73" },
{"a",
"\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0\xb5\xd1" },
{"abc",
"\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde\xd6\xbb" },
{"message digest",
"\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe\x06\xb0" },
{"abcdefghijklmnopqrstuvwxyz",
"\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47\x94\x0b" },
{"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
"\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03\x38\xcd" },
{"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
"\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3\xef\xd8" },
{NULL }
};
struct test md4_tests[] = {
{"",
{0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31, 0xb7, 0x3c, 0x59,
0xd7, 0xe0, 0xc0, 0x89, 0xc0}},
{"a",
{0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46, 0x24, 0x5e, 0x05,
0xfb, 0xdb, 0xd6, 0xfb, 0x24}},
{"abc",
{0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52, 0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d}},
{"message digest",
{0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8, 0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b}},
{"abcdefghijklmnopqrstuvwxyz", {0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd, 0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9, }},
{"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
{0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35, 0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4}},
{"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
{0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19, 0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36, }},
{NULL, { 0x0 }}};
struct test md5_tests[] = {
{"", {0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e}},
{"a", {0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8, 0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61}},
{"abc", {0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0, 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72}},
{"message digest", {0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d, 0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0}},
{"abcdefghijklmnopqrstuvwxyz", {0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00, 0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b}},
{"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", {0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5, 0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f}},
{"12345678901234567890123456789012345678901234567890123456789012345678901234567890", {0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55, 0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a}},
{NULL, { 0x0 }}};
struct test sha1_tests[] = {
{ "abc",
{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A,
0xBA, 0x3E, 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C,
0x9C, 0xD0, 0xD8, 0x9D}},
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
{0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E,
0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5,
0xE5, 0x46, 0x70, 0xF1}},
{ ONE_MILLION_A,
{0x34, 0xaa, 0x97, 0x3c, 0xd4, 0xc4, 0xda, 0xa4,
0xf6, 0x1e, 0xeb, 0x2b, 0xdb, 0xad, 0x27, 0x31,
0x65, 0x34, 0x01, 0x6f}},
{ NULL }
};
struct test sha256_tests[] = {
{ "abc",
{ 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad }},
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
{ 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 }},
{ ONE_MILLION_A,
{0xcd,0xc7,0x6e,0x5c, 0x99,0x14,0xfb,0x92,
0x81,0xa1,0xc7,0xe2, 0x84,0xd7,0x3e,0x67,
0xf1,0x80,0x9a,0x48, 0xa4,0x97,0x20,0x0e,
0x04,0x6d,0x39,0xcc, 0xc7,0x11,0x2c,0xd0 }},
{ NULL }
};
#ifdef HAVE_SHA384
struct test sha384_tests[] = {
{ "abc",
{ 0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b,
0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07,
0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63,
0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed,
0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23,
0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7}},
{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno"
"ijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
{ 0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8,
0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47,
0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2,
0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12,
0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9,
0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39}},
{ ONE_MILLION_A,
{ 0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb,
0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c,
0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52,
0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b,
0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb,
0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85}},
{NULL}
};
#endif
#ifdef HAVE_SHA512
struct test sha512_tests[] = {
{ "abc",
{ 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f }},
{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno"
"ijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
{ 0x8e,0x95,0x9b,0x75,0xda,0xe3,0x13,0xda,
0x8c,0xf4,0xf7,0x28,0x14,0xfc,0x14,0x3f,
0x8f,0x77,0x79,0xc6,0xeb,0x9f,0x7f,0xa1,
0x72,0x99,0xae,0xad,0xb6,0x88,0x90,0x18,
0x50,0x1d,0x28,0x9e,0x49,0x00,0xf7,0xe4,
0x33,0x1b,0x99,0xde,0xc4,0xb5,0x43,0x3a,
0xc7,0xd3,0x29,0xee,0xb6,0xdd,0x26,0x54,
0x5e,0x96,0xe5,0x5b,0x87,0x4b,0xe9,0x09 }},
{ ONE_MILLION_A,
{ 0xe7,0x18,0x48,0x3d,0x0c,0xe7,0x69,0x64,
0x4e,0x2e,0x42,0xc7,0xbc,0x15,0xb4,0x63,
0x8e,0x1f,0x98,0xb1,0x3b,0x20,0x44,0x28,
0x56,0x32,0xa8,0x03,0xaf,0xa9,0x73,0xeb,
0xde,0x0f,0xf2,0x44,0x87,0x7e,0xa6,0x0a,
0x4c,0xb0,0x43,0x2c,0xe5,0x77,0xc3,0x1b,
0xeb,0x00,0x9c,0x5c,0x2c,0x49,0xaa,0x2e,
0x4e,0xad,0xb2,0x17,0xad,0x8c,0xc0,0x9b }},
{ NULL }
};
#endif
static int
hash_test (struct hash_foo *hash, struct test *tests)
{
struct test *t;
EVP_MD_CTX ectx;
unsigned int esize;
void *ctx = malloc(hash->psize);
unsigned char *res = malloc(hash->hsize);
printf ("%s... ", hash->name);
for (t = tests; t->str; ++t) {
char buf[1000];
EVP_MD_CTX_init(&ectx);
EVP_DigestInit_ex(&ectx, hash->evp(), NULL);
(*hash->init)(ctx);
if(strcmp(t->str, ONE_MILLION_A) == 0) {
int i;
memset(buf, 'a', sizeof(buf));
for(i = 0; i < 1000; i++) {
(*hash->update)(ctx, buf, sizeof(buf));
EVP_DigestUpdate(&ectx, buf, sizeof(buf));
}
} else {
(*hash->update)(ctx, (unsigned char *)t->str, strlen(t->str));
EVP_DigestUpdate(&ectx, t->str, strlen(t->str));
}
(*hash->final) (res, ctx);
if (memcmp (res, t->hash, hash->hsize) != 0) {
int i;
printf ("%s(\"%s\") failed\n", hash->name, t->str);
printf("should be: ");
for(i = 0; i < hash->hsize; ++i) {
if(i > 0 && (i % 16) == 0)
printf("\n ");
printf("%02x ", t->hash[i]);
}
printf("\nresult was: ");
for(i = 0; i < hash->hsize; ++i) {
if(i > 0 && (i % 16) == 0)
printf("\n ");
printf("%02x ", res[i]);
}
printf("\n");
return 1;
}
EVP_DigestFinal_ex(&ectx, res, &esize);
EVP_MD_CTX_cleanup(&ectx);
if (hash->hsize != esize) {
printf("EVP %s returned wrong hash size\n", hash->name);
return 1;
}
if (memcmp (res, t->hash, hash->hsize) != 0) {
printf("EVP %s failed here old function where successful!\n",
hash->name);
return 1;
}
}
free(ctx);
printf ("success\n");
return 0;
}
int
main (void)
{
return
hash_test(&md2, md2_tests) +
hash_test(&md4, md4_tests) +
hash_test(&md5, md5_tests) +
hash_test(&sha1, sha1_tests)
+ hash_test(&sha256, sha256_tests)
#ifdef HAVE_SHA384
+ hash_test(&sha384, sha384_tests)
#endif
#ifdef HAVE_SHA512
+ hash_test(&sha512, sha512_tests)
#endif
;
}

BIN
lib/hcrypto/passwd_dialog.aps Normal file
View File

Binary file not shown.

34
lib/hcrypto/passwd_dialog.clw Normal file
View File

@@ -0,0 +1,34 @@
; CLW file contains information for the MFC ClassWizard
[General Info]
Version=1
LastClass=
LastTemplate=CDialog
NewFileInclude1=#include "stdafx.h"
NewFileInclude2=#include "passwd_dialog.h"
LastPage=0
ClassCount=0
ResourceCount=2
Resource1=IDD_DIALOG1
Resource2=IDD_PASSWD_DIALOG
[DLG:IDD_DIALOG1]
Type=1
ControlCount=6
Control1=IDOK,button,1342242817
Control2=IDCANCEL,button,1342242816
Control3=IDC_STATIC,static,1342308352
Control4=IDC_STATIC,static,1342308352
Control5=IDC_EDIT1,edit,1350631552
Control6=IDC_EDIT2,edit,1350631584
[DLG:IDD_PASSWD_DIALOG]
Type=1
ControlCount=4
Control1=IDC_PASSWD_EDIT,edit,1350631456
Control2=IDOK,button,1342242817
Control3=IDCANCEL,button,1342242816
Control4=IDC_STATIC,static,1342177280

143
lib/hcrypto/passwd_dialog.rc Normal file
View File

@@ -0,0 +1,143 @@
//Microsoft Developer Studio generated resource script.
//
#include "resource.h"
#define APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 2 resource.
//
#include "afxres.h"
/////////////////////////////////////////////////////////////////////////////
#undef APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
// Swedish resources
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_SVE)
#ifdef _WIN32
LANGUAGE LANG_SWEDISH, SUBLANG_DEFAULT
#pragma code_page(1252)
#endif //_WIN32
/////////////////////////////////////////////////////////////////////////////
//
// Dialog
//
IDD_PASSWD_DIALOG DIALOG DISCARDABLE 0, 0, 186, 66
STYLE DS_ABSALIGN | DS_MODALFRAME | DS_SETFOREGROUND | DS_CENTER | WS_POPUP |
WS_VISIBLE | WS_CAPTION
CAPTION "Password query"
FONT 8, "MS Sans Serif"
BEGIN
EDITTEXT IDC_PASSWD_EDIT,30,22,125,14,ES_PASSWORD
DEFPUSHBUTTON "OK",IDOK,30,45,50,14
PUSHBUTTON "Cancel",IDCANCEL,105,45,50,14
LTEXT "Please insert password:",IDC_STATIC,30,13,87,8,NOT
WS_GROUP
END
/////////////////////////////////////////////////////////////////////////////
//
// DESIGNINFO
//
#ifdef APSTUDIO_INVOKED
GUIDELINES DESIGNINFO DISCARDABLE
BEGIN
IDD_PASSWD_DIALOG, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 179
TOPMARGIN, 7
BOTTOMMARGIN, 59
END
END
#endif // APSTUDIO_INVOKED
#ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
//
1 TEXTINCLUDE DISCARDABLE
BEGIN
"resource.h\0"
END
2 TEXTINCLUDE DISCARDABLE
BEGIN
"#include ""afxres.h""\r\n"
"\0"
END
3 TEXTINCLUDE DISCARDABLE
BEGIN
"\r\n"
"\0"
END
#endif // APSTUDIO_INVOKED
#ifndef _MAC
/////////////////////////////////////////////////////////////////////////////
//
// Version
//
VS_VERSION_INFO VERSIONINFO
FILEVERSION 1,0,0,1
PRODUCTVERSION 1,0,0,1
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
#else
FILEFLAGS 0x0L
#endif
FILEOS 0x40004L
FILETYPE 0x2L
FILESUBTYPE 0x0L
BEGIN
BLOCK "StringFileInfo"
BEGIN
BLOCK "040904b0"
BEGIN
VALUE "CompanyName", "Royal Institute of Technology (KTH)\0"
VALUE "FileDescription", "des\0"
VALUE "FileVersion", "4, 0, 9, 9\0"
VALUE "InternalName", "des\0"
VALUE "LegalCopyright", "Copyright <20> 1996 - 1998 Royal Institute of Technology (KTH)\0"
VALUE "OriginalFilename", "des.dll\0"
VALUE "ProductName", "KTH Kerberos\0"
VALUE "ProductVersion", "4,0,9,9\0"
END
END
BLOCK "VarFileInfo"
BEGIN
VALUE "Translation", 0x409, 1200
END
END
#endif // !_MAC
#endif // Swedish resources
/////////////////////////////////////////////////////////////////////////////
#ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
//
/////////////////////////////////////////////////////////////////////////////
#endif // not APSTUDIO_INVOKED

BIN
lib/hcrypto/passwd_dialog.res Normal file
View File

Binary file not shown.

92
lib/hcrypto/passwd_dlg.c Normal file
View File

@@ -0,0 +1,92 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* passwd_dlg.c - Dialog boxes for Windows95/NT
* Author: J<>rgen Karlsson - d93-jka@nada.kth.se
* Date: June 1996
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id$");
#endif
#ifdef WIN32 /* Visual C++ 4.0 (Windows95/NT) */
#include <Windows.h>
#include "passwd_dlg.h"
#include "Resource.h"
#define passwdBufSZ 64
char passwd[passwdBufSZ];
BOOL CALLBACK
pwd_dialog_proc(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
switch(uMsg)
{
case WM_COMMAND:
switch(wParam)
{
case IDOK:
if(!GetDlgItemText(hwndDlg,IDC_PASSWD_EDIT, passwd, passwdBufSZ))
EndDialog(hwndDlg, IDCANCEL);
case IDCANCEL:
EndDialog(hwndDlg, wParam);
return TRUE;
}
}
return FALSE;
}
/* return 0 if ok, 1 otherwise */
int
pwd_dialog(char *buf, int size)
{
int i;
HWND wnd = GetActiveWindow();
HANDLE hInst = GetModuleHandle("des");
switch(DialogBox(hInst,MAKEINTRESOURCE(IDD_PASSWD_DIALOG),wnd,pwd_dialog_proc))
{
case IDOK:
strlcpy(buf, passwd, size);
memset (passwd, 0, sizeof(passwd));
return 0;
case IDCANCEL:
default:
memset (passwd, 0, sizeof(passwd));
return 1;
}
}
#endif /* WIN32 */

47
lib/hcrypto/passwd_dlg.h Normal file
View File

@@ -0,0 +1,47 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* passwd_dlg.h - Dialog boxes for Windows95/NT
* Author: J<>rgen Karlsson - d93-jka@nada.kth.se
* Date: June 1996
*/
/* $Id$ */
#ifndef PASSWD_DLG_H
#define PASSWD_DLG_H
int pwd_dialog(char *buf, int size);
#endif /* PASSWD_DLG_H */

145
lib/hcrypto/pkcs12.c Normal file
View File

@@ -0,0 +1,145 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include <pkcs12.h>
#include <bn.h>
#include <roken.h>
int
PKCS12_key_gen(const void *key, size_t keylen,
const void *salt, size_t saltlen,
int id, int iteration, size_t outkeysize,
void *out, const EVP_MD *md)
{
unsigned char *v, *I, hash[EVP_MAX_MD_SIZE];
unsigned int size, size_I = 0;
unsigned char idc = id;
EVP_MD_CTX ctx;
unsigned char *outp = out;
int i, vlen;
EVP_MD_CTX_init(&ctx);
vlen = EVP_MD_block_size(md);
v = malloc(vlen + 1);
if (v == NULL)
return 0;
I = calloc(1, vlen * 2);
if (I == NULL) {
free(v);
return 0;
}
if (salt && saltlen > 0) {
for (i = 0; i < vlen; i++)
I[i] = ((unsigned char*)salt)[i % saltlen];
size_I += vlen;
}
if (key && keylen > 0) {
for (i = 0; i < vlen / 2; i++) {
I[(i * 2) + size_I] = 0;
I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)];
}
size_I += vlen;
}
while (1) {
BIGNUM *bnB, *bnOne;
if (!EVP_DigestInit_ex(&ctx, md, NULL))
return 0;
for (i = 0; i < vlen; i++)
EVP_DigestUpdate(&ctx, &idc, 1);
EVP_DigestUpdate(&ctx, I, size_I);
EVP_DigestFinal_ex(&ctx, hash, &size);
for (i = 1; i < iteration; i++)
EVP_Digest(hash, size, hash, &size, md, NULL);
memcpy(outp, hash, min(outkeysize, size));
if (outkeysize < size)
break;
outkeysize -= size;
outp += size;
for (i = 0; i < vlen; i++)
v[i] = hash[i % size];
bnB = BN_bin2bn(v, vlen, NULL);
bnOne = BN_new();
BN_set_word(bnOne, 1);
BN_uadd(bnB, bnB, bnOne);
for (i = 0; i < vlen * 2; i += vlen) {
BIGNUM *bnI;
int j;
bnI = BN_bin2bn(I + i, vlen, NULL);
BN_uadd(bnI, bnI, bnB);
j = BN_num_bytes(bnI);
if (j > vlen) {
assert(j == vlen + 1);
BN_bn2bin(bnI, v);
memcpy(I + i, v + 1, vlen);
} else {
memset(I + i, 0, vlen - j);
BN_bn2bin(bnI, I + i + vlen - j);
}
BN_free(bnI);
}
BN_free(bnB);
BN_free(bnOne);
size_I = vlen * 2;
}
EVP_MD_CTX_cleanup(&ctx);
free(I);
free(v);
return 1;
}

57
lib/hcrypto/pkcs12.h Normal file
View File

@@ -0,0 +1,57 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* $Id$
*/
#ifndef _HEIM_PKCS12_H
#define _HEIM_PKCS12_H 1
/* symbol renaming */
#define PKCS12_key_gen hc_PKCS12_key_gen
/*
*
*/
#include <hcrypto/evp.h>
#define PKCS12_KEY_ID 1
#define PKCS12_IV_ID 2
int PKCS12_key_gen(const void *, size_t, const void *,
size_t, int, int, size_t, void *, const EVP_MD *);
#endif /* _HEIM_PKCS12_H */

116
lib/hcrypto/pkcs5.c Normal file
View File

@@ -0,0 +1,116 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
RCSID("$Id$");
#ifdef KRB5
#include <krb5-types.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <evp.h>
#include <hmac.h>
#include <roken.h>
int
PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len,
const void * salt, size_t salt_len,
unsigned long iter,
size_t keylen, void *key)
{
size_t datalen, leftofkey, checksumsize;
char *data, *tmpcksum;
uint32_t keypart;
const EVP_MD *md;
unsigned long i;
int j;
char *p;
unsigned int hmacsize;
md = EVP_sha1();
checksumsize = EVP_MD_size(md);
datalen = salt_len + 4;
tmpcksum = malloc(checksumsize + datalen);
if (tmpcksum == NULL)
return 0;
data = &tmpcksum[checksumsize];
memcpy(data, salt, salt_len);
keypart = 1;
leftofkey = keylen;
p = key;
while (leftofkey) {
int len;
if (leftofkey > checksumsize)
len = checksumsize;
else
len = leftofkey;
data[datalen - 4] = (keypart >> 24) & 0xff;
data[datalen - 3] = (keypart >> 16) & 0xff;
data[datalen - 2] = (keypart >> 8) & 0xff;
data[datalen - 1] = (keypart) & 0xff;
HMAC(md, password, password_len, data, datalen,
tmpcksum, &hmacsize);
memcpy(p, tmpcksum, len);
for (i = 1; i < iter; i++) {
HMAC(md, password, password_len, tmpcksum, checksumsize,
tmpcksum, &hmacsize);
for (j = 0; j < len; j++)
p[j] ^= tmpcksum[j];
}
p += len;
leftofkey -= len;
keypart++;
}
free(tmpcksum);
return 1;
}

262
lib/hcrypto/rand-egd.c Normal file
View File

@@ -0,0 +1,262 @@
/*
* Copyright (c) 2007 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
RCSID("$Id$");
#include <sys/types.h>
#ifdef HAVE_SYS_UN_H
#include <sys/un.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <assert.h>
#include <rand.h>
#include <randi.h>
#include <roken.h>
static const char *egd_path = "/var/run/egd-pool";
#define MAX_EGD_DATA 255
static int
connect_egd(const char *path)
{
struct sockaddr_un addr;
int fd;
memset(&addr, 0, sizeof(addr));
if (strlen(path) > sizeof(addr.sun_path))
return -1;
addr.sun_family = AF_UNIX;
strlcpy(addr.sun_path, path, sizeof(addr.sun_path));
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd < 0)
return -1;
if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
close(fd);
return -1;
}
return fd;
}
static int
get_entropy(int fd, void *data, size_t len)
{
unsigned char msg[2];
assert(len <= MAX_EGD_DATA);
msg[0] = 0x02; /* read blocking data */
msg[1] = len; /* wanted length */
if (net_write(fd, msg, sizeof(msg)) != sizeof(msg))
return 0;
if (net_read(fd, data, len) != len)
return 0;
return 1;
}
static int
put_entropy(int fd, const void *data, size_t len)
{
unsigned char msg[4];
assert (len <= MAX_EGD_DATA);
msg[0] = 0x03; /* write data */
msg[1] = 0; /* dummy */
msg[2] = 0; /* entropy */
msg[3] = len; /* length */
if (net_write(fd, msg, sizeof(msg)) != sizeof(msg))
return 0;
if (net_write(fd, data, len) != len)
return 0;
return 1;
}
/*
*
*/
static void
egd_seed(const void *indata, int size)
{
size_t len;
int fd, ret = 1;
fd = connect_egd(egd_path);
if (fd < 0)
return;
while(size) {
len = size;
if (len > MAX_EGD_DATA)
len = MAX_EGD_DATA;
ret = put_entropy(fd, indata, len);
if (ret != 1)
break;
indata = ((unsigned char *)indata) + len;
size -= len;
}
close(fd);
}
static int
get_bytes(const char *path, unsigned char *outdata, int size)
{
size_t len;
int fd, ret = 1;
if (path == NULL)
path = egd_path;
fd = connect_egd(path);
if (fd < 0)
return 0;
while(size) {
len = size;
if (len > MAX_EGD_DATA)
len = MAX_EGD_DATA;
ret = get_entropy(fd, outdata, len);
if (ret != 1)
break;
outdata += len;
size -= len;
}
close(fd);
return ret;
}
static int
egd_bytes(unsigned char *outdata, int size)
{
return get_bytes(NULL, outdata, size);
}
static void
egd_cleanup(void)
{
}
static void
egd_add(const void *indata, int size, double entropi)
{
egd_seed(indata, size);
}
static int
egd_pseudorand(unsigned char *outdata, int size)
{
return get_bytes(NULL, outdata, size);
}
static int
egd_status(void)
{
int fd;
fd = connect_egd(egd_path);
if (fd < 0)
return 0;
close(fd);
return 1;
}
const RAND_METHOD hc_rand_egd_method = {
egd_seed,
egd_bytes,
egd_cleanup,
egd_add,
egd_pseudorand,
egd_status
};
const RAND_METHOD *
RAND_egd_method(void)
{
return &hc_rand_egd_method;
}
int
RAND_egd(const char *filename)
{
return RAND_egd_bytes(filename, 128);
}
int
RAND_egd_bytes(const char *filename, int size)
{
void *data;
int ret;
if (size <= 0)
return 0;
data = malloc(size);
if (data == NULL)
return 0;
ret = get_bytes(filename, data, size);
if (ret != 1) {
free(data);
return ret;
}
RAND_seed(data, size);
memset(data, 0, sizeof(data));
free(data);
return 1;
}

563
lib/hcrypto/rand-fortuna.c Normal file
View File

@@ -0,0 +1,563 @@
/*
* fortuna.c
* Fortuna-like PRNG.
*
* Copyright (c) 2005 Marko Kreen
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $PostgreSQL: pgsql/contrib/pgcrypto/fortuna.c,v 1.8 2006/10/04 00:29:46 momjian Exp $
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <rand.h>
#include <roken.h>
#include "randi.h"
#include "aes.h"
#include "sha.h"
/*
* Why Fortuna-like: There does not seem to be any definitive reference
* on Fortuna in the net. Instead this implementation is based on
* following references:
*
* http://en.wikipedia.org/wiki/Fortuna_(PRNG)
* - Wikipedia article
* http://jlcooke.ca/random/
* - Jean-Luc Cooke Fortuna-based /dev/random driver for Linux.
*/
/*
* There is some confusion about whether and how to carry forward
* the state of the pools. Seems like original Fortuna does not
* do it, resetting hash after each request. I guess expecting
* feeding to happen more often that requesting. This is absolutely
* unsuitable for pgcrypto, as nothing asynchronous happens here.
*
* J.L. Cooke fixed this by feeding previous hash to new re-initialized
* hash context.
*
* Fortuna predecessor Yarrow requires ability to query intermediate
* 'final result' from hash, without affecting it.
*
* This implementation uses the Yarrow method - asking intermediate
* results, but continuing with old state.
*/
/*
* Algorithm parameters
*/
#define NUM_POOLS 32
/* in microseconds */
#define RESEED_INTERVAL 100000 /* 0.1 sec */
/* for one big request, reseed after this many bytes */
#define RESEED_BYTES (1024*1024)
/*
* Skip reseed if pool 0 has less than this many
* bytes added since last reseed.
*/
#define POOL0_FILL (256/8)
/*
* Algorithm constants
*/
/* Both cipher key size and hash result size */
#define BLOCK 32
/* cipher block size */
#define CIPH_BLOCK 16
/* for internal wrappers */
#define MD_CTX SHA256_CTX
#define CIPH_CTX AES_KEY
struct fortuna_state
{
unsigned char counter[CIPH_BLOCK];
unsigned char result[CIPH_BLOCK];
unsigned char key[BLOCK];
MD_CTX pool[NUM_POOLS];
CIPH_CTX ciph;
unsigned reseed_count;
struct timeval last_reseed_time;
unsigned pool0_bytes;
unsigned rnd_pos;
int tricks_done;
};
typedef struct fortuna_state FState;
/*
* Use our own wrappers here.
* - Need to get intermediate result from digest, without affecting it.
* - Need re-set key on a cipher context.
* - Algorithms are guaranteed to exist.
* - No memory allocations.
*/
static void
ciph_init(CIPH_CTX * ctx, const unsigned char *key, int klen)
{
AES_set_encrypt_key(key, klen * 8, ctx);
}
static void
ciph_encrypt(CIPH_CTX * ctx, const unsigned char *in, unsigned char *out)
{
AES_encrypt(in, out, ctx);
}
static void
md_init(MD_CTX * ctx)
{
SHA256_Init(ctx);
}
static void
md_update(MD_CTX * ctx, const unsigned char *data, int len)
{
SHA256_Update(ctx, data, len);
}
static void
md_result(MD_CTX * ctx, unsigned char *dst)
{
SHA256_CTX tmp;
memcpy(&tmp, ctx, sizeof(*ctx));
SHA256_Final(dst, &tmp);
memset(&tmp, 0, sizeof(tmp));
}
/*
* initialize state
*/
static void
init_state(FState * st)
{
int i;
memset(st, 0, sizeof(*st));
for (i = 0; i < NUM_POOLS; i++)
md_init(&st->pool[i]);
}
/*
* Endianess does not matter.
* It just needs to change without repeating.
*/
static void
inc_counter(FState * st)
{
uint32_t *val = (uint32_t *) st->counter;
if (++val[0])
return;
if (++val[1])
return;
if (++val[2])
return;
++val[3];
}
/*
* This is called 'cipher in counter mode'.
*/
static void
encrypt_counter(FState * st, unsigned char *dst)
{
ciph_encrypt(&st->ciph, st->counter, dst);
inc_counter(st);
}
/*
* The time between reseed must be at least RESEED_INTERVAL
* microseconds.
*/
static int
enough_time_passed(FState * st)
{
int ok;
struct timeval tv;
struct timeval *last = &st->last_reseed_time;
gettimeofday(&tv, NULL);
/* check how much time has passed */
ok = 0;
if (tv.tv_sec > last->tv_sec + 1)
ok = 1;
else if (tv.tv_sec == last->tv_sec + 1)
{
if (1000000 + tv.tv_usec - last->tv_usec >= RESEED_INTERVAL)
ok = 1;
}
else if (tv.tv_usec - last->tv_usec >= RESEED_INTERVAL)
ok = 1;
/* reseed will happen, update last_reseed_time */
if (ok)
memcpy(last, &tv, sizeof(tv));
memset(&tv, 0, sizeof(tv));
return ok;
}
/*
* generate new key from all the pools
*/
static void
reseed(FState * st)
{
unsigned k;
unsigned n;
MD_CTX key_md;
unsigned char buf[BLOCK];
/* set pool as empty */
st->pool0_bytes = 0;
/*
* Both #0 and #1 reseed would use only pool 0. Just skip #0 then.
*/
n = ++st->reseed_count;
/*
* The goal: use k-th pool only 1/(2^k) of the time.
*/
md_init(&key_md);
for (k = 0; k < NUM_POOLS; k++)
{
md_result(&st->pool[k], buf);
md_update(&key_md, buf, BLOCK);
if (n & 1 || !n)
break;
n >>= 1;
}
/* add old key into mix too */
md_update(&key_md, st->key, BLOCK);
/* now we have new key */
md_result(&key_md, st->key);
/* use new key */
ciph_init(&st->ciph, st->key, BLOCK);
memset(&key_md, 0, sizeof(key_md));
memset(buf, 0, BLOCK);
}
/*
* Pick a random pool. This uses key bytes as random source.
*/
static unsigned
get_rand_pool(FState * st)
{
unsigned rnd;
/*
* This slightly prefers lower pools - thats OK.
*/
rnd = st->key[st->rnd_pos] % NUM_POOLS;
st->rnd_pos++;
if (st->rnd_pos >= BLOCK)
st->rnd_pos = 0;
return rnd;
}
/*
* update pools
*/
static void
add_entropy(FState * st, const unsigned char *data, unsigned len)
{
unsigned pos;
unsigned char hash[BLOCK];
MD_CTX md;
/* hash given data */
md_init(&md);
md_update(&md, data, len);
md_result(&md, hash);
/*
* Make sure the pool 0 is initialized, then update randomly.
*/
if (st->reseed_count == 0)
pos = 0;
else
pos = get_rand_pool(st);
md_update(&st->pool[pos], hash, BLOCK);
if (pos == 0)
st->pool0_bytes += len;
memset(hash, 0, BLOCK);
memset(&md, 0, sizeof(md));
}
/*
* Just take 2 next blocks as new key
*/
static void
rekey(FState * st)
{
encrypt_counter(st, st->key);
encrypt_counter(st, st->key + CIPH_BLOCK);
ciph_init(&st->ciph, st->key, BLOCK);
}
/*
* Hide public constants. (counter, pools > 0)
*
* This can also be viewed as spreading the startup
* entropy over all of the components.
*/
static void
startup_tricks(FState * st)
{
int i;
unsigned char buf[BLOCK];
/* Use next block as counter. */
encrypt_counter(st, st->counter);
/* Now shuffle pools, excluding #0 */
for (i = 1; i < NUM_POOLS; i++)
{
encrypt_counter(st, buf);
encrypt_counter(st, buf + CIPH_BLOCK);
md_update(&st->pool[i], buf, BLOCK);
}
memset(buf, 0, BLOCK);
/* Hide the key. */
rekey(st);
/* This can be done only once. */
st->tricks_done = 1;
}
static void
extract_data(FState * st, unsigned count, unsigned char *dst)
{
unsigned n;
unsigned block_nr = 0;
/* Should we reseed? */
if (st->pool0_bytes >= POOL0_FILL || st->reseed_count == 0)
if (enough_time_passed(st))
reseed(st);
/* Do some randomization on first call */
if (!st->tricks_done)
startup_tricks(st);
while (count > 0)
{
/* produce bytes */
encrypt_counter(st, st->result);
/* copy result */
if (count > CIPH_BLOCK)
n = CIPH_BLOCK;
else
n = count;
memcpy(dst, st->result, n);
dst += n;
count -= n;
/* must not give out too many bytes with one key */
block_nr++;
if (block_nr > (RESEED_BYTES / CIPH_BLOCK))
{
rekey(st);
block_nr = 0;
}
}
/* Set new key for next request. */
rekey(st);
}
/*
* public interface
*/
static FState main_state;
static int init_done;
static int have_entropy;
/*
* Try our best to do an inital seed
*/
#define INIT_BYTES 128
static int
fortuna_reseed(void)
{
int entropy_p = 0;
if (!init_done)
abort();
{
unsigned char buf[INIT_BYTES];
if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) {
add_entropy(&main_state, buf, sizeof(buf));
entropy_p = 1;
memset(buf, 0, sizeof(buf));
}
}
#ifdef HAVE_ARC4RANDOM
{
uint32_t buf[INIT_BYTES / sizeof(uint32_t)];
int i;
for (i = 0; i < sizeof(buf)/sizeof(buf[0]); i++)
buf[i] = arc4random();
add_entropy(&main_state, (void *)buf, sizeof(buf));
entropy_p = 1;
}
#endif
/*
* Only to get egd entropy if /dev/random or arc4rand failed since
* it can be horribly slow to generate new bits.
*/
if (!entropy_p) {
unsigned char buf[INIT_BYTES];
if ((*hc_rand_egd_method.bytes)(buf, sizeof(buf)) == 1) {
add_entropy(&main_state, buf, sizeof(buf));
entropy_p = 1;
memset(buf, 0, sizeof(buf));
}
}
{
pid_t pid = getpid();
add_entropy(&main_state, (void *)&pid, sizeof(pid));
}
{
struct timeval tv;
gettimeofday(&tv, NULL);
add_entropy(&main_state, (void *)&tv, sizeof(tv));
}
{
uid_t u = getuid();
add_entropy(&main_state, (void *)&u, sizeof(u));
}
return entropy_p;
}
static int
fortuna_init(void)
{
if (!init_done)
{
init_state(&main_state);
init_done = 1;
}
if (!have_entropy)
have_entropy = fortuna_reseed();
return (init_done && have_entropy);
}
static void
fortuna_seed(const void *indata, int size)
{
fortuna_init();
add_entropy(&main_state, indata, size);
if (size >= INIT_BYTES)
have_entropy = 1;
}
static int
fortuna_bytes(unsigned char *outdata, int size)
{
if (!fortuna_init())
return 0;
extract_data(&main_state, size, outdata);
return 1;
}
static void
fortuna_cleanup(void)
{
init_done = 0;
have_entropy = 0;
memset(&main_state, 0, sizeof(main_state));
}
static void
fortuna_add(const void *indata, int size, double entropi)
{
fortuna_seed(indata, size);
}
static int
fortuna_pseudorand(unsigned char *outdata, int size)
{
return fortuna_bytes(outdata, size);
}
static int
fortuna_status(void)
{
return fortuna_init() ? 1 : 0;
}
const RAND_METHOD hc_rand_fortuna_method = {
fortuna_seed,
fortuna_bytes,
fortuna_cleanup,
fortuna_add,
fortuna_pseudorand,
fortuna_status
};
const RAND_METHOD *
RAND_fortuna_method(void)
{
return &hc_rand_fortuna_method;
}

161
lib/hcrypto/rand-unix.c Normal file
View File

@@ -0,0 +1,161 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <rand.h>
#include <roken.h>
#include "randi.h"
/*
* Unix /dev/random
*/
static int
get_device_fd(int flags)
{
static const char *rnd_devices[] = {
"/dev/urandom",
"/dev/random",
"/dev/srandom",
"/dev/arandom",
NULL
};
const char **p;
for(p = rnd_devices; *p; p++) {
int fd = open(*p, flags | O_NDELAY);
if(fd >= 0)
return fd;
}
return -1;
}
static void
unix_seed(const void *indata, int size)
{
int fd;
if (size <= 0)
return;
fd = get_device_fd(O_WRONLY);
if (fd < 0)
return;
write(fd, indata, size);
close(fd);
}
static int
unix_bytes(unsigned char *outdata, int size)
{
ssize_t count;
int fd;
if (size <= 0)
return 0;
fd = get_device_fd(O_RDONLY);
if (fd < 0)
return 0;
while (size > 0) {
count = read (fd, outdata, size);
if (count < 0 && errno == EINTR)
continue;
else if (count <= 0) {
close(fd);
return 0;
}
outdata += count;
size -= count;
}
close(fd);
return 1;
}
static void
unix_cleanup(void)
{
}
static void
unix_add(const void *indata, int size, double entropi)
{
unix_seed(indata, size);
}
static int
unix_pseudorand(unsigned char *outdata, int size)
{
return unix_bytes(outdata, size);
}
static int
unix_status(void)
{
int fd;
fd = get_device_fd(O_RDONLY);
if (fd < 0)
return 0;
close(fd);
return 1;
}
const RAND_METHOD hc_rand_unix_method = {
unix_seed,
unix_bytes,
unix_cleanup,
unix_add,
unix_pseudorand,
unix_status
};
const RAND_METHOD *
RAND_unix_method(void)
{
return &hc_rand_unix_method;
}

215
lib/hcrypto/rand.c Normal file
View File

@@ -0,0 +1,215 @@
/*
* Copyright (c) 2006 - 2007 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <rand.h>
#include <randi.h>
#include <roken.h>
#ifndef O_BINARY
#define O_BINARY 0
#endif
const static RAND_METHOD *selected_meth = NULL;
static void
init_method(void)
{
if (selected_meth != NULL)
return;
if ((*hc_rand_unix_method.status)() == 1)
selected_meth = &hc_rand_unix_method;
else
selected_meth = &hc_rand_fortuna_method;
}
void
RAND_seed(const void *indata, size_t size)
{
init_method();
(*selected_meth->seed)(indata, size);
}
int
RAND_bytes(void *outdata, size_t size)
{
init_method();
return (*selected_meth->bytes)(outdata, size);
}
void
RAND_cleanup(void)
{
init_method();
(*selected_meth->cleanup)();
}
void
RAND_add(const void *indata, size_t size, double entropi)
{
init_method();
(*selected_meth->add)(indata, size, entropi);
}
int
RAND_pseudo_bytes(void *outdata, size_t size)
{
init_method();
return (*selected_meth->pseudorand)(outdata, size);
}
int
RAND_status(void)
{
init_method();
return (*selected_meth->status)();
}
int
RAND_set_rand_method(const RAND_METHOD *meth)
{
selected_meth = meth;
return 1;
}
const RAND_METHOD *
RAND_get_rand_method(void)
{
return selected_meth;
}
int
RAND_set_rand_engine(ENGINE *engine)
{
return 1;
}
#define RAND_FILE_SIZE 1024
int
RAND_load_file(const char *filename, size_t size)
{
unsigned char buf[128];
size_t len;
ssize_t slen;
int fd;
fd = open(filename, O_RDONLY | O_BINARY, 0600);
if (fd < 0)
return 0;
len = 0;
while(len < size) {
slen = read(fd, buf, sizeof(buf));
if (slen <= 0)
break;
RAND_seed(buf, slen);
len += slen;
}
close(fd);
return len ? 1 : 0;
}
int
RAND_write_file(const char *filename)
{
unsigned char buf[128];
size_t len;
int res = 0, fd;
fd = open(filename, O_WRONLY | O_CREAT | O_BINARY, 0600);
if (fd < 0)
return 0;
len = 0;
while(len < RAND_FILE_SIZE) {
res = RAND_bytes(buf, sizeof(buf));
if (res != 1)
break;
if (write(fd, buf, sizeof(buf)) != sizeof(buf)) {
res = 0;
break;
}
len += sizeof(buf);
}
close(fd);
return res;
}
const char *
RAND_file_name(char *filename, size_t size)
{
const char *e = NULL;
int pathp = 0, ret;
if (!issuid()) {
e = getenv("RANDFILE");
if (e == NULL) {
e = getenv("HOME");
if (e)
pathp = 1;
}
}
if (e == NULL) {
struct passwd *pw = getpwuid(getuid());
if (pw) {
e = pw->pw_dir;
pathp = 1;
}
}
if (e == NULL)
return NULL;
if (pathp)
ret = snprintf(filename, size, "%s/.rnd", e);
else
ret = snprintf(filename, size, "%s", e);
if (ret <= 0 || ret >= size)
return NULL;
return filename;
}

108
lib/hcrypto/rand.h Normal file
View File

@@ -0,0 +1,108 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* $Id$
*/
#ifndef _HEIM_RAND_H
#define _HEIM_RAND_H 1
typedef struct RAND_METHOD RAND_METHOD;
#include <hcrypto/bn.h>
#include <hcrypto/engine.h>
/* symbol renaming */
#define RAND_bytes hc_RAND_bytes
#define RAND_pseudo_bytes hc_RAND_pseudo_bytes
#define RAND_seed hc_RAND_seed
#define RAND_cleanup hc_RAND_cleanup
#define RAND_add hc_RAND_add
#define RAND_set_rand_method hc_RAND_set_rand_method
#define RAND_get_rand_method hc_RAND_get_rand_method
#define RAND_set_rand_engine hc_RAND_set_rand_engine
#define RAND_file_name hc_RAND_file_name
#define RAND_load_file hc_RAND_load_file
#define RAND_write_file hc_RAND_write_file
#define RAND_status hc_RAND_status
#define RAND_egd hc_RAND_egd
#define RAND_egd_bytes hc_RAND_egd_bytes
#define RAND_fortuna_method hc_RAND_fortuna_method
#define RAND_egd_method hc_RAND_egd_method
#define RAND_unix_method hc_RAND_unix_method
/*
*
*/
struct RAND_METHOD
{
void (*seed)(const void *, int);
int (*bytes)(unsigned char *, int);
void (*cleanup)(void);
void (*add)(const void *, int, double);
int (*pseudorand)(unsigned char *, int);
int (*status)(void);
};
/*
*
*/
int RAND_bytes(void *, size_t num);
int RAND_pseudo_bytes(void *, size_t);
void RAND_seed(const void *, size_t);
void RAND_cleanup(void);
void RAND_add(const void *, size_t, double);
int RAND_set_rand_method(const RAND_METHOD *);
const RAND_METHOD *
RAND_get_rand_method(void);
int RAND_set_rand_engine(ENGINE *);
const char *
RAND_file_name(char *, size_t);
int RAND_load_file(const char *, size_t);
int RAND_write_file(const char *);
int RAND_status(void);
int RAND_egd(const char *);
int RAND_egd_bytes(const char *, int);
const RAND_METHOD * RAND_fortuna_method(void);
const RAND_METHOD * RAND_unix_method(void);
const RAND_METHOD * RAND_egd_method(void);
#endif /* _HEIM_RAND_H */

45
lib/hcrypto/randi.h Normal file
View File

@@ -0,0 +1,45 @@
/*
* Copyright (c) 2007 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* $Id$
*/
#ifndef _HEIM_RANDI_H
#define _HEIM_RANDI_H 1
extern const RAND_METHOD hc_rand_fortuna_method;
extern const RAND_METHOD hc_rand_unix_method;
extern const RAND_METHOD hc_rand_egd_method;
#endif /* _HEIM_RANDI_H */

245
lib/hcrypto/rc2.c Normal file
View File

@@ -0,0 +1,245 @@
/*
* Copyright (c) 2004 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id$");
#endif
#include "rc2.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
/*
* Implemented from Peter Gutmann's "Specification for Ron Rivests Cipher No.2"
* rfc2268 and "On the Design and Security of RC2" was also useful.
*/
static unsigned int Sbox[256] = {
0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed,
0x28, 0xe9, 0xfd, 0x79, 0x4a, 0xa0, 0xd8, 0x9d,
0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e,
0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2,
0x17, 0x9a, 0x59, 0xf5, 0x87, 0xb3, 0x4f, 0x13,
0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32,
0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b,
0xf0, 0x95, 0x21, 0x22, 0x5c, 0x6b, 0x4e, 0x82,
0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c,
0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc,
0x12, 0x75, 0xca, 0x1f, 0x3b, 0xbe, 0xe4, 0xd1,
0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26,
0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57,
0x27, 0xf2, 0x1d, 0x9b, 0xbc, 0x94, 0x43, 0x03,
0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7,
0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7,
0x08, 0xe8, 0xea, 0xde, 0x80, 0x52, 0xee, 0xf7,
0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a,
0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74,
0x4b, 0x9f, 0xd0, 0x5e, 0x04, 0x18, 0xa4, 0xec,
0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc,
0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39,
0x99, 0x7c, 0x3a, 0x85, 0x23, 0xb8, 0xb4, 0x7a,
0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31,
0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae,
0x05, 0xdf, 0x29, 0x10, 0x67, 0x6c, 0xba, 0xc9,
0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c,
0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9,
0x0d, 0x38, 0x34, 0x1b, 0xab, 0x33, 0xff, 0xb0,
0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,
0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77,
0x0a, 0xa6, 0x20, 0x68, 0xfe, 0x7f, 0xc1, 0xad
};
void
RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
{
unsigned char k[128];
int j, T8, TM;
if (len <= 0)
abort();
if (len > 128)
len = 128;
if (bits <= 0 || bits > 1024)
bits = 1024;
for (j = 0; j < len; j++)
k[j] = data[j];
for (; j < 128; j++)
k[j] = Sbox[(k[j - len] + k[j - 1]) & 0xff];
T8 = (bits + 7) / 8;
j = (8*T8 - bits);
TM = 0xff >> j;
k[128 - T8] = Sbox[k[128 - T8] & TM];
for (j = 127 - T8; j >= 0; j--)
k[j] = Sbox[k[j + 1] ^ k[j + T8]];
for (j = 0; j < 64; j++)
key->data[j] = k[(j * 2) + 0] | (k[(j * 2) + 1] << 8);
memset(k, 0, sizeof(k));
}
#define ROT16L(w,n) ((w<<n)|(w>>(16-n)))
#define ROT16R(w,n) ((w>>n)|(w<<(16-n)))
void
RC2_encryptc(unsigned char *in, unsigned char *out, const RC2_KEY *key)
{
int i, j;
int w0, w1, w2, w3;
int t0, t1, t2, t3;
w0 = in[0] | (in[1] << 8);
w1 = in[2] | (in[3] << 8);
w2 = in[4] | (in[5] << 8);
w3 = in[6] | (in[7] << 8);
for (i = 0; i < 16; i++) {
j = i * 4;
t0 = (w0 + (w1 & ~w3) + (w2 & w3) + key->data[j + 0]) & 0xffff;
w0 = ROT16L(t0, 1);
t1 = (w1 + (w2 & ~w0) + (w3 & w0) + key->data[j + 1]) & 0xffff;
w1 = ROT16L(t1, 2);
t2 = (w2 + (w3 & ~w1) + (w0 & w1) + key->data[j + 2]) & 0xffff;
w2 = ROT16L(t2, 3);
t3 = (w3 + (w0 & ~w2) + (w1 & w2) + key->data[j + 3]) & 0xffff;
w3 = ROT16L(t3, 5);
if(i == 4 || i == 10) {
w0 += key->data[w3 & 63];
w1 += key->data[w0 & 63];
w2 += key->data[w1 & 63];
w3 += key->data[w2 & 63];
}
}
out[0] = w0 & 0xff;
out[1] = (w0 >> 8) & 0xff;
out[2] = w1 & 0xff;
out[3] = (w1 >> 8) & 0xff;
out[4] = w2 & 0xff;
out[5] = (w2 >> 8) & 0xff;
out[6] = w3 & 0xff;
out[7] = (w3 >> 8) & 0xff;
}
void
RC2_decryptc(unsigned char *in, unsigned char *out, const RC2_KEY *key)
{
int i, j;
int w0, w1, w2, w3;
int t0, t1, t2, t3;
w0 = in[0] | (in[1] << 8);
w1 = in[2] | (in[3] << 8);
w2 = in[4] | (in[5] << 8);
w3 = in[6] | (in[7] << 8);
for (i = 15; i >= 0; i--) {
j = i * 4;
if(i == 4 || i == 10) {
w3 = (w3 - key->data[w2 & 63]) & 0xffff;
w2 = (w2 - key->data[w1 & 63]) & 0xffff;
w1 = (w1 - key->data[w0 & 63]) & 0xffff;
w0 = (w0 - key->data[w3 & 63]) & 0xffff;
}
t3 = ROT16R(w3, 5);
w3 = (t3 - (w0 & ~w2) - (w1 & w2) - key->data[j + 3]) & 0xffff;
t2 = ROT16R(w2, 3);
w2 = (t2 - (w3 & ~w1) - (w0 & w1) - key->data[j + 2]) & 0xffff;
t1 = ROT16R(w1, 2);
w1 = (t1 - (w2 & ~w0) - (w3 & w0) - key->data[j + 1]) & 0xffff;
t0 = ROT16R(w0, 1);
w0 = (t0 - (w1 & ~w3) - (w2 & w3) - key->data[j + 0]) & 0xffff;
}
out[0] = w0 & 0xff;
out[1] = (w0 >> 8) & 0xff;
out[2] = w1 & 0xff;
out[3] = (w1 >> 8) & 0xff;
out[4] = w2 & 0xff;
out[5] = (w2 >> 8) & 0xff;
out[6] = w3 & 0xff;
out[7] = (w3 >> 8) & 0xff;
}
void
RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long size,
RC2_KEY *key, unsigned char *iv, int forward_encrypt)
{
unsigned char tmp[RC2_BLOCK_SIZE];
int i;
if (forward_encrypt) {
while (size >= RC2_BLOCK_SIZE) {
for (i = 0; i < RC2_BLOCK_SIZE; i++)
tmp[i] = in[i] ^ iv[i];
RC2_encryptc(tmp, out, key);
memcpy(iv, out, RC2_BLOCK_SIZE);
size -= RC2_BLOCK_SIZE;
in += RC2_BLOCK_SIZE;
out += RC2_BLOCK_SIZE;
}
if (size) {
for (i = 0; i < size; i++)
tmp[i] = in[i] ^ iv[i];
for (i = size; i < RC2_BLOCK_SIZE; i++)
tmp[i] = iv[i];
RC2_encryptc(tmp, out, key);
memcpy(iv, out, RC2_BLOCK_SIZE);
}
} else {
while (size >= RC2_BLOCK_SIZE) {
memcpy(tmp, in, RC2_BLOCK_SIZE);
RC2_decryptc(tmp, out, key);
for (i = 0; i < RC2_BLOCK_SIZE; i++)
out[i] ^= iv[i];
memcpy(iv, tmp, RC2_BLOCK_SIZE);
size -= RC2_BLOCK_SIZE;
in += RC2_BLOCK_SIZE;
out += RC2_BLOCK_SIZE;
}
if (size) {
memcpy(tmp, in, RC2_BLOCK_SIZE);
RC2_decryptc(tmp, out, key);
for (i = 0; i < size; i++)
out[i] ^= iv[i];
memcpy(iv, tmp, RC2_BLOCK_SIZE);
}
}
}

71
lib/hcrypto/rc2.h Normal file
View File

@@ -0,0 +1,71 @@
/*
* Copyright (c) 2004 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
/* symbol renaming */
#define RC2_set_key hc_RC2_set_key
#define RC2_encryptc hc_RC2_encryptc
#define RC2_decryptc hc_RC2_decryptc
#define RC2_cbc_encrypt hc_RC2_cbc_encrypt
/*
*
*/
#define RC2_ENCRYPT 1
#define RC2_DECRYPT 0
#define RC2_BLOCK_SIZE 8
#define RC2_BLOCK RC2_BLOCK_SIZE
#define RC2_KEY_LENGTH 16
typedef struct rc2_key {
unsigned int data[64];
} RC2_KEY;
#ifdef __cplusplus
extern "C" {
#endif
void RC2_set_key(RC2_KEY *, int, const unsigned char *,int);
void RC2_encryptc(unsigned char *, unsigned char *, const RC2_KEY *);
void RC2_decryptc(unsigned char *, unsigned char *, const RC2_KEY *);
void RC2_cbc_encrypt(const unsigned char *, unsigned char *, long,
RC2_KEY *, unsigned char *, int);
#ifdef __cplusplus
}
#endif

172
lib/hcrypto/rc2test.c Normal file
View File

@@ -0,0 +1,172 @@
/*
* Copyright (c) 2004 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id$");
#endif
#include <rc2.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
struct {
const void *key;
const int keylen;
const int bitsize;
const void *plain;
const void *cipher;
} tests[] = {
{
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
16,
0,
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\x1C\x19\x8A\x83\x8D\xF0\x28\xB7"
},
{
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
16,
0,
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\x21\x82\x9C\x78\xA9\xF9\xC0\x74"
},
{
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
16,
0,
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF",
"\x13\xDB\x35\x17\xD3\x21\x86\x9E"
},
{
"\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F",
16,
0,
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\x50\xDC\x01\x62\xBD\x75\x7F\x31"
},
{
"\x00\x00\x00\x00\x00\x00\x00\x00",
8,
63,
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\xeb\xb7\x73\xf9\x93\x27\x8e\xff"
},
{
"\xff\xff\xff\xff\xff\xff\xff\xff",
8,
64,
"\xff\xff\xff\xff\xff\xff\xff\xff",
"\x27\x8b\x27\xe4\x2e\x2f\x0d\x49"
},
{
"\x88",
1,
64,
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\x61\xa8\xa2\x44\xad\xac\xcc\xf0"
}
};
const unsigned char cbc_key[16] =
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00";
const char cbc_iv[8] =
"\x01\x01\x01\x01\x01\x01\x01\x01";
const unsigned char cbc_in_data[32] =
"\x20\x20\x20\x20\x20\x20\x20\x20"
"\x20\x20\x20\x20\x20\x20\x20\x20"
"\x20\x20\x20\x20\x20\x20\x20\x20"
"\x20\x20\x20\x20\x20\x20\x20\x20";
const char out_iv[8] = "\x00\x78\x1b\x6\xff\xb9\xfa\xe";
const char cbc_out_data[32] =
"\xb4\x3f\x89\x15\x69\x68\xda\x79"
"\x29\xab\x5f\x78\xc5\xba\x15\x82"
"\x80\x89\x57\x1b\xbe\x57\x2f\xdc"
"\x00\x78\x1b\x06\xff\xb9\xfa\x0e";
int
main(int argc, char **argv)
{
RC2_KEY key;
unsigned char t[8];
unsigned char out[40];
int i;
for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
RC2_set_key(&key, tests[i].keylen, tests[i].key, tests[i].bitsize);
memcpy(t, tests[i].plain, 8);
RC2_encryptc(t, t, &key);
if (memcmp(t, tests[i].cipher, 8) != 0) {
printf("encrypt %d\n", i);
exit(1);
}
RC2_decryptc(t, t, &key);
if (memcmp(t, tests[i].plain, 8) != 0) {
printf("decrypt: %d\n", i);
exit(1);
}
}
/* cbc test */
RC2_set_key(&key, 16, cbc_key, 0);
memcpy(t, cbc_iv, 8);
RC2_cbc_encrypt(cbc_in_data, out, 32, &key, t, 1);
if (memcmp(out_iv, t, 8) != 0)
abort();
if (memcmp(out, cbc_out_data, 32) != 0) {
printf("cbc test encrypt\n");
exit(1);
}
memcpy(t, cbc_iv, 8);
RC2_cbc_encrypt(out, out, 32, &key, t, 0);
if (memcmp(cbc_in_data, out, 32) != 0) {
printf("cbc test decrypt \n");
exit(1);
}
return 0;
}

82
lib/hcrypto/rc4.c Normal file
View File

@@ -0,0 +1,82 @@
/*
* Copyright (c) 2004 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* implemented from description in draft-kaukonen-cipher-arcfour-03.txt */
#ifdef HAVE_CONFIG_H
#include "config.h"
RCSID("$Id$");
#endif
#include <rc4.h>
#define SWAP(k,x,y) \
{ unsigned int _t; \
_t = k->state[x]; \
k->state[x] = k->state[y]; \
k->state[y] = _t; \
}
void
RC4_set_key(RC4_KEY *key, const int len, unsigned char *data)
{
int i, j;
for (i = 0; i < 256; i++)
key->state[i] = i;
for (i = 0, j = 0; i < 256; i++) {
j = (j + key->state[i] + data[i % len]) % 256;
SWAP(key, i, j);
}
key->x = key->y = 0;
}
void
RC4(RC4_KEY *key, const int len, const unsigned char *in, unsigned char *out)
{
int i, t;
unsigned x, y;
x = key->x;
y = key->y;
for (i = 0; i < len; i++) {
x = (x + 1) % 256;
y = (y + key->state[x]) % 256;
SWAP(key, x, y);
t = (key->state[x] + key->state[y]) % 256;
*out++ = key->state[t] ^ *in++;
}
key->x = x;
key->y = y;
}

46
lib/hcrypto/rc4.h Normal file
View File

@@ -0,0 +1,46 @@
/*
* Copyright (c) 2004 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
/* symbol renaming */
#define RC4_set_key hc_RC4_set_key
#define RC4 hc_RC4
typedef struct rc4_key {
unsigned int x, y;
unsigned int state[256];
} RC4_KEY;
void RC4_set_key(RC4_KEY *, const int, unsigned char *);
void RC4(RC4_KEY *, const int, const unsigned char *, unsigned char *);

166
lib/hcrypto/rctest.c Normal file
View File

@@ -0,0 +1,166 @@
/*
* Copyright (c) 2004 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id$");
#endif
#include <stdio.h>
#include <string.h>
#include <rc4.h>
static unsigned char plain1[8] =
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
static unsigned char key1[8] =
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
static unsigned char cipher1[8] =
{ 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 };
static unsigned char plain2[5] =
{ 0xdc, 0xee, 0x4c, 0xf9, 0x2c };
static unsigned char key2[5] =
{ 0x61, 0x8a, 0x63, 0xd2, 0xfb };
static unsigned char cipher2[5] =
{ 0xf1, 0x38, 0x29, 0xc9, 0xde };
static unsigned char plain3[] =
{
0x52, 0x75, 0x69, 0x73, 0x6c, 0x69, 0x6e, 0x6e,
0x75, 0x6e, 0x20, 0x6c, 0x61, 0x75, 0x6c, 0x75,
0x20, 0x6b, 0x6f, 0x72, 0x76, 0x69, 0x73, 0x73,
0x73, 0x61, 0x6e, 0x69, 0x2c, 0x20, 0x74, 0xe4,
0x68, 0x6b, 0xe4, 0x70, 0xe4, 0x69, 0x64, 0x65,
0x6e, 0x20, 0x70, 0xe4, 0xe4, 0x6c, 0x6c, 0xe4,
0x20, 0x74, 0xe4, 0x79, 0x73, 0x69, 0x6b, 0x75,
0x75, 0x2e, 0x20, 0x4b, 0x65, 0x73, 0xe4, 0x79,
0xf6, 0x6e, 0x20, 0x6f, 0x6e, 0x20, 0x6f, 0x6e,
0x6e, 0x69, 0x20, 0x6f, 0x6d, 0x61, 0x6e, 0x61,
0x6e, 0x69, 0x2c, 0x20, 0x6b, 0x61, 0x73, 0x6b,
0x69, 0x73, 0x61, 0x76, 0x75, 0x75, 0x6e, 0x20,
0x6c, 0x61, 0x61, 0x6b, 0x73, 0x6f, 0x74, 0x20,
0x76, 0x65, 0x72, 0x68, 0x6f, 0x75, 0x75, 0x2e,
0x20, 0x45, 0x6e, 0x20, 0x6d, 0x61, 0x20, 0x69,
0x6c, 0x6f, 0x69, 0x74, 0x73, 0x65, 0x2c, 0x20,
0x73, 0x75, 0x72, 0x65, 0x20, 0x68, 0x75, 0x6f,
0x6b, 0x61, 0x61, 0x2c, 0x20, 0x6d, 0x75, 0x74,
0x74, 0x61, 0x20, 0x6d, 0x65, 0x74, 0x73, 0xe4,
0x6e, 0x20, 0x74, 0x75, 0x6d, 0x6d, 0x75, 0x75,
0x73, 0x20, 0x6d, 0x75, 0x6c, 0x6c, 0x65, 0x20,
0x74, 0x75, 0x6f, 0x6b, 0x61, 0x61, 0x2e, 0x20,
0x50, 0x75, 0x75, 0x6e, 0x74, 0x6f, 0x20, 0x70,
0x69, 0x6c, 0x76, 0x65, 0x6e, 0x2c, 0x20, 0x6d,
0x69, 0x20, 0x68, 0x75, 0x6b, 0x6b, 0x75, 0x75,
0x2c, 0x20, 0x73, 0x69, 0x69, 0x6e, 0x74, 0x6f,
0x20, 0x76, 0x61, 0x72, 0x61, 0x6e, 0x20, 0x74,
0x75, 0x75, 0x6c, 0x69, 0x73, 0x65, 0x6e, 0x2c,
0x20, 0x6d, 0x69, 0x20, 0x6e, 0x75, 0x6b, 0x6b,
0x75, 0x75, 0x2e, 0x20, 0x54, 0x75, 0x6f, 0x6b,
0x73, 0x75, 0x74, 0x20, 0x76, 0x61, 0x6e, 0x61,
0x6d, 0x6f, 0x6e, 0x20, 0x6a, 0x61, 0x20, 0x76,
0x61, 0x72, 0x6a, 0x6f, 0x74, 0x20, 0x76, 0x65,
0x65, 0x6e, 0x2c, 0x20, 0x6e, 0x69, 0x69, 0x73,
0x74, 0xe4, 0x20, 0x73, 0x79, 0x64, 0xe4, 0x6d,
0x65, 0x6e, 0x69, 0x20, 0x6c, 0x61, 0x75, 0x6c,
0x75, 0x6e, 0x20, 0x74, 0x65, 0x65, 0x6e, 0x2e,
0x20, 0x2d, 0x20, 0x45, 0x69, 0x6e, 0x6f, 0x20,
0x4c, 0x65, 0x69, 0x6e, 0x6f };
static unsigned char key3[16] =
{ 0x29, 0x04, 0x19, 0x72, 0xfb, 0x42, 0xba, 0x5f,
0xc7, 0x12, 0x77, 0x12, 0xf1, 0x38, 0x29, 0xc9 };
const unsigned char cipher3[] =
{ 0x35, 0x81, 0x86, 0x99, 0x90, 0x01, 0xe6, 0xb5,
0xda, 0xf0, 0x5e, 0xce, 0xeb, 0x7e, 0xee, 0x21,
0xe0, 0x68, 0x9c, 0x1f, 0x00, 0xee, 0xa8, 0x1f,
0x7d, 0xd2, 0xca, 0xae, 0xe1, 0xd2, 0x76, 0x3e,
0x68, 0xaf, 0x0e, 0xad, 0x33, 0xd6, 0x6c, 0x26,
0x8b, 0xc9, 0x46, 0xc4, 0x84, 0xfb, 0xe9, 0x4c,
0x5f, 0x5e, 0x0b, 0x86, 0xa5, 0x92, 0x79, 0xe4,
0xf8, 0x24, 0xe7, 0xa6, 0x40, 0xbd, 0x22, 0x32,
0x10, 0xb0, 0xa6, 0x11, 0x60, 0xb7, 0xbc, 0xe9,
0x86, 0xea, 0x65, 0x68, 0x80, 0x03, 0x59, 0x6b,
0x63, 0x0a, 0x6b, 0x90, 0xf8, 0xe0, 0xca, 0xf6,
0x91, 0x2a, 0x98, 0xeb, 0x87, 0x21, 0x76, 0xe8,
0x3c, 0x20, 0x2c, 0xaa, 0x64, 0x16, 0x6d, 0x2c,
0xce, 0x57, 0xff, 0x1b, 0xca, 0x57, 0xb2, 0x13,
0xf0, 0xed, 0x1a, 0xa7, 0x2f, 0xb8, 0xea, 0x52,
0xb0, 0xbe, 0x01, 0xcd, 0x1e, 0x41, 0x28, 0x67,
0x72, 0x0b, 0x32, 0x6e, 0xb3, 0x89, 0xd0, 0x11,
0xbd, 0x70, 0xd8, 0xaf, 0x03, 0x5f, 0xb0, 0xd8,
0x58, 0x9d, 0xbc, 0xe3, 0xc6, 0x66, 0xf5, 0xea,
0x8d, 0x4c, 0x79, 0x54, 0xc5, 0x0c, 0x3f, 0x34,
0x0b, 0x04, 0x67, 0xf8, 0x1b, 0x42, 0x59, 0x61,
0xc1, 0x18, 0x43, 0x07, 0x4d, 0xf6, 0x20, 0xf2,
0x08, 0x40, 0x4b, 0x39, 0x4c, 0xf9, 0xd3, 0x7f,
0xf5, 0x4b, 0x5f, 0x1a, 0xd8, 0xf6, 0xea, 0x7d,
0xa3, 0xc5, 0x61, 0xdf, 0xa7, 0x28, 0x1f, 0x96,
0x44, 0x63, 0xd2, 0xcc, 0x35, 0xa4, 0xd1, 0xb0,
0x34, 0x90, 0xde, 0xc5, 0x1b, 0x07, 0x11, 0xfb,
0xd6, 0xf5, 0x5f, 0x79, 0x23, 0x4d, 0x5b, 0x7c,
0x76, 0x66, 0x22, 0xa6, 0x6d, 0xe9, 0x2b, 0xe9,
0x96, 0x46, 0x1d, 0x5e, 0x4d, 0xc8, 0x78, 0xef,
0x9b, 0xca, 0x03, 0x05, 0x21, 0xe8, 0x35, 0x1e,
0x4b, 0xae, 0xd2, 0xfd, 0x04, 0xf9, 0x46, 0x73,
0x68, 0xc4, 0xad, 0x6a, 0xc1, 0x86, 0xd0, 0x82,
0x45, 0xb2, 0x63, 0xa2, 0x66, 0x6d, 0x1f, 0x6c,
0x54, 0x20, 0xf1, 0x59, 0x9d, 0xfd, 0x9f, 0x43,
0x89, 0x21, 0xc2, 0xf5, 0xa4, 0x63, 0x93, 0x8c,
0xe0, 0x98, 0x22, 0x65, 0xee, 0xf7, 0x01, 0x79,
0xbc, 0x55, 0x3f, 0x33, 0x9e, 0xb1, 0xa4, 0xc1,
0xaf, 0x5f, 0x6a, 0x54, 0x7f };
int
main (void)
{
unsigned char buf[1024];
RC4_KEY key;
RC4_set_key(&key, 8, key1);
RC4(&key, 8, plain1, buf);
if (memcmp(buf, cipher1, 8) != 0)
return 1;
RC4_set_key(&key, 5, key2);
RC4(&key, 5, plain2, buf);
if (memcmp(buf, cipher2, 5) != 0)
return 1;
RC4_set_key(&key, 16, key3);
RC4(&key, 309, plain3, buf);
if (memcmp(buf, cipher3, 309) != 0)
return 1;
return 0;
}

18
lib/hcrypto/resource.h Normal file
View File

@@ -0,0 +1,18 @@
//{{NO_DEPENDENCIES}}
// Microsoft Developer Studio generated include file.
// Used by passwd_dialog.rc
//
#define IDD_PASSWD_DIALOG 101
#define IDC_EDIT1 1000
#define IDC_PASSWD_EDIT 1001
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 102
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1002
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif

1231
lib/hcrypto/rijndael-alg-fst.c Normal file
View File

File diff suppressed because it is too large Load Diff

46
lib/hcrypto/rijndael-alg-fst.h Normal file
View File

@@ -0,0 +1,46 @@
/* $NetBSD: rijndael-alg-fst.h,v 1.2 2000/10/02 17:19:15 itojun Exp $ */
/* $KAME: rijndael-alg-fst.h,v 1.5 2003/07/15 10:47:16 itojun Exp $ */
/**
* rijndael-alg-fst.h
*
* @version 3.0 (December 2000)
*
* Optimised ANSI C code for the Rijndael cipher (now AES)
*
* @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
* @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
* @author Paulo Barreto <paulo.barreto@terra.com.br>
*
* This code is hereby placed in the public domain.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __RIJNDAEL_ALG_FST_H
#define __RIJNDAEL_ALG_FST_H
/* symbol renaming */
#define rijndaelKeySetupEnc _hc_rijndaelKeySetupEnc
#define rijndaelKeySetupDec _hc_rijndaelKeySetupDec
#define rijndaelEncrypt _hc_rijndaelEncrypt
#define rijndaelDecrypt _hc_rijndaelDecrypt
#define RIJNDAEL_MAXKC (256/32)
#define RIJNDAEL_MAXKB (256/8)
#define RIJNDAEL_MAXNR 14
int rijndaelKeySetupEnc(uint32_t rk[/*4*(Nr + 1)*/], const uint8_t cipherKey[], int keyBits);
int rijndaelKeySetupDec(uint32_t rk[/*4*(Nr + 1)*/], const uint8_t cipherKey[], int keyBits);
void rijndaelEncrypt(const uint32_t rk[/*4*(Nr + 1)*/], int Nr, const uint8_t pt[16], uint8_t ct[16]);
void rijndaelDecrypt(const uint32_t rk[/*4*(Nr + 1)*/], int Nr, const uint8_t ct[16], uint8_t pt[16]);
#endif /* __RIJNDAEL_ALG_FST_H */

509
lib/hcrypto/rnd_keys.c Normal file
View File

@@ -0,0 +1,509 @@
/*
* Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
RCSID("$Id$");
#endif
#ifdef KRB5
#include <krb5-types.h>
#endif
#include <des.h>
#include <stdlib.h>
#include <string.h>
#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
#elif defined(HAVE_SYS_TIME_H)
#include <sys/time.h>
#else
#include <time.h>
#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_IO_H
#include <io.h>
#endif
#ifdef HAVE_SIGNAL_H
#include <signal.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
/*
* Generate "random" data by checksumming a file.
*
* Returns -1 if there were any problems with permissions or I/O
* errors.
*/
static
int
sumFile (const char *name, int len, void *res)
{
uint32_t sum[2] = { 0, 0 };
uint32_t buf[1024*2];
int fd, i;
fd = open (name, 0);
if (fd < 0)
return -1;
while (len > 0)
{
int n = read(fd, buf, sizeof(buf));
if (n < 0)
{
close(fd);
return n;
}
for (i = 0; i < (n/sizeof(buf[0])); i++)
{
sum[0] += buf[i];
i++;
sum[1] += buf[i];
}
len -= n;
}
close (fd);
memcpy (res, &sum, sizeof(sum));
return 0;
}
#if 0
static
int
md5sumFile (const char *name, int len, int32_t sum[4])
{
int32_t buf[1024*2];
int fd, cnt;
struct md5 md5;
fd = open (name, 0);
if (fd < 0)
return -1;
md5_init(&md5);
while (len > 0)
{
int n = read(fd, buf, sizeof(buf));
if (n < 0)
{
close(fd);
return n;
}
md5_update(&md5, buf, n);
len -= n;
}
md5_finito(&md5, (unsigned char *)sum);
close (fd);
return 0;
}
#endif
/*
* Create a sequence of random 64 bit blocks.
* The sequence is indexed with a long long and
* based on an initial des key used as a seed.
*/
static DES_key_schedule sequence_seed;
static uint32_t sequence_index[2];
/*
* Random number generator based on ideas from truerand in cryptolib
* as described on page 424 in Applied Cryptography 2 ed. by Bruce
* Schneier.
*/
static volatile int counter;
static volatile unsigned char *gdata; /* Global data */
static volatile int igdata; /* Index into global data */
static int gsize;
#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
/* Visual C++ 4.0 (Windows95/NT) */
static
RETSIGTYPE
sigALRM(int sig)
{
if (igdata < gsize)
gdata[igdata++] ^= counter & 0xff;
#ifndef HAVE_SIGACTION
signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */
#endif
SIGRETURN(0);
}
#endif
#if !defined(HAVE_RANDOM) && defined(HAVE_RAND)
#ifndef srandom
#define srandom srand
#endif
#ifndef random
#define random rand
#endif
#endif
#if !defined(HAVE_SETITIMER) || defined(WIN32) || defined(__EMX__) || defined(__OS2__) || defined(__CYGWIN32__)
static void
des_not_rand_data(unsigned char *data, int size)
{
int i;
srandom (time (NULL));
for(i = 0; i < size; ++i)
data[i] ^= random() % 0x100;
}
#endif
#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
#ifndef HAVE_SETITIMER
static void
pacemaker(struct timeval *tv)
{
fd_set fds;
pid_t pid;
pid = getppid();
while(1){
FD_ZERO(&fds);
FD_SET(0, &fds);
select(1, &fds, NULL, NULL, tv);
kill(pid, SIGALRM);
}
}
#endif
#ifdef HAVE_SIGACTION
/* XXX ugly hack, should perhaps use function from roken */
static RETSIGTYPE
(*fake_signal(int sig, RETSIGTYPE (*f)(int)))(int)
{
struct sigaction sa, osa;
sa.sa_handler = f;
sa.sa_flags = 0;
sigemptyset(&sa.sa_mask);
sigaction(sig, &sa, &osa);
return osa.sa_handler;
}
#define signal(S, F) fake_signal((S), (F))
#endif
/*
* Generate size bytes of "random" data using timed interrupts.
* It takes about 40ms/byte random data.
* It's not neccessary to be root to run it.
*/
void
DES_rand_data(void *outdata, int size)
{
unsigned char *data = outdata;
struct itimerval tv, otv;
RETSIGTYPE (*osa)(int);
int i, j;
#ifndef HAVE_SETITIMER
RETSIGTYPE (*ochld)(int);
pid_t pid;
#endif
const char *rnd_devices[] = {"/dev/random",
"/dev/srandom",
"/dev/urandom",
"/dev/arandom",
NULL};
const char **p;
for(p = rnd_devices; *p; p++) {
int fd = open(*p, O_RDONLY | O_NDELAY);
if(fd >= 0 && read(fd, data, size) == size) {
close(fd);
return;
}
close(fd);
}
/* Paranoia? Initialize data from /dev/mem if we can read it. */
if (size >= 8)
sumFile("/dev/mem", (1024*1024*2), data);
gdata = data;
gsize = size;
igdata = 0;
osa = signal(SIGALRM, sigALRM);
/* Start timer */
tv.it_value.tv_sec = 0;
tv.it_value.tv_usec = 10 * 1000; /* 10 ms */
tv.it_interval = tv.it_value;
#ifdef HAVE_SETITIMER
setitimer(ITIMER_REAL, &tv, &otv);
#else
ochld = signal(SIGCHLD, SIG_IGN);
pid = fork();
if(pid == -1){
signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
des_not_rand_data(data, size);
return;
}
if(pid == 0)
pacemaker(&tv.it_interval);
#endif
for(i = 0; i < 4; i++) {
for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */
counter++;
for (j = 0; j < size; j++) /* Only use 2 bits each lap */
gdata[j] = (gdata[j]>>2) | (gdata[j]<<6);
}
#ifdef HAVE_SETITIMER
setitimer(ITIMER_REAL, &otv, 0);
#else
kill(pid, SIGKILL);
while(waitpid(pid, NULL, 0) != pid);
signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
#endif
signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL);
}
#else
void
DES_rand_data(unsigned char *p, int s)
{
des_not_rand_data (p, s);
}
#endif
void
DES_generate_random_block(DES_cblock *block)
{
DES_rand_data((unsigned char *)block, sizeof(*block));
}
#define DES_rand_data_key hc_DES_rand_data_key
void
DES_rand_data_key(DES_cblock *key);
/*
* Generate a "random" DES key.
*/
void
DES_rand_data_key(DES_cblock *key)
{
unsigned char data[8];
DES_key_schedule sched;
do {
DES_rand_data(data, sizeof(data));
DES_rand_data((unsigned char*)key, sizeof(DES_cblock));
DES_set_odd_parity(key);
DES_set_key(key, &sched);
DES_ecb_encrypt(&data, key, &sched, DES_ENCRYPT);
memset(&data, 0, sizeof(data));
memset(&sched, 0, sizeof(sched));
DES_set_odd_parity(key);
} while(DES_is_weak_key(key));
}
/*
* Generate "random" data by checksumming /dev/mem
*
* It's neccessary to be root to run it. Returns -1 if there were any
* problems with permissions.
*/
#define DES_mem_rand8 hc_DES_mem_rand8
int
DES_mem_rand8(unsigned char *data);
int
DES_mem_rand8(unsigned char *data)
{
return 1;
}
/*
* In case the generator does not get initialized use this as fallback.
*/
static int initialized;
static void
do_initialize(void)
{
DES_cblock default_seed;
do {
DES_generate_random_block(&default_seed);
DES_set_odd_parity(&default_seed);
} while (DES_is_weak_key(&default_seed));
DES_init_random_number_generator(&default_seed);
}
#define zero_long_long(ll) do { ll[0] = ll[1] = 0; } while (0)
#define incr_long_long(ll) do { if (++ll[0] == 0) ++ll[1]; } while (0)
#define set_sequence_number(ll) \
memcpy((char *)sequence_index, (ll), sizeof(sequence_index));
/*
* Set the sequnce number to this value (a long long).
*/
void
DES_set_sequence_number(void *ll)
{
set_sequence_number(ll);
}
/*
* Set the generator seed and reset the sequence number to 0.
*/
void
DES_set_random_generator_seed(DES_cblock *seed)
{
DES_set_key(seed, &sequence_seed);
zero_long_long(sequence_index);
initialized = 1;
}
/*
* Generate a sequence of random des keys
* using the random block sequence, fixup
* parity and skip weak keys.
*/
int
DES_new_random_key(DES_cblock *key)
{
if (!initialized)
do_initialize();
do {
DES_ecb_encrypt((DES_cblock *) sequence_index,
key,
&sequence_seed,
DES_ENCRYPT);
incr_long_long(sequence_index);
/* random key must have odd parity and not be weak */
DES_set_odd_parity(key);
} while (DES_is_weak_key(key));
return(0);
}
/*
* des_init_random_number_generator:
*
* Initialize the sequence of random 64 bit blocks. The input seed
* can be a secret key since it should be well hidden and is also not
* kept.
*
*/
void
DES_init_random_number_generator(DES_cblock *seed)
{
struct timeval now;
DES_cblock uniq;
DES_cblock new_key;
gettimeofday(&now, (struct timezone *)0);
DES_generate_random_block(&uniq);
/* Pick a unique random key from the shared sequence. */
DES_set_random_generator_seed(seed);
set_sequence_number((unsigned char *)&uniq);
DES_new_random_key(&new_key);
/* Select a new nonshared sequence, */
DES_set_random_generator_seed(&new_key);
/* and use the current time to pick a key for the new sequence. */
set_sequence_number((unsigned char *)&now);
DES_new_random_key(&new_key);
DES_set_random_generator_seed(&new_key);
}
/* This is for backwards compatibility. */
void
DES_random_key(DES_cblock *ret)
{
DES_new_random_key(ret);
}
#ifdef TESTRUN
int
main()
{
unsigned char data[8];
int i;
while (1)
{
if (sumFile("/dev/mem", (1024*1024*8), data) != 0)
{ perror("sumFile"); exit(1); }
for (i = 0; i < 8; i++)
printf("%02x", data[i]);
printf("\n");
}
}
#endif
#ifdef TESTRUN2
int
main()
{
DES_cblock data;
int i;
while (1)
{
do_initialize();
DES_random_key(data);
for (i = 0; i < 8; i++)
printf("%02x", data[i]);
printf("\n");
}
}
#endif

661
lib/hcrypto/rsa-imath.c Normal file
View File

@@ -0,0 +1,661 @@
/*
* Copyright (c) 2006 - 2007 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <krb5-types.h>
#include <assert.h>
#include <rsa.h>
#include <roken.h>
#include "imath/imath.h"
#include "imath/iprime.h"
static void
BN2mpz(mpz_t *s, const BIGNUM *bn)
{
size_t len;
void *p;
mp_int_init(s);
len = BN_num_bytes(bn);
p = malloc(len);
BN_bn2bin(bn, p);
mp_int_read_unsigned(s, p, len);
free(p);
}
static BIGNUM *
mpz2BN(mpz_t *s)
{
size_t size;
BIGNUM *bn;
void *p;
size = mp_int_unsigned_len(s);
p = malloc(size);
if (p == NULL && size != 0)
return NULL;
mp_int_to_unsigned(s, p, size);
bn = BN_bin2bn(p, size, NULL);
free(p);
return bn;
}
static int random_num(mp_int, size_t);
static void
setup_blind(mp_int n, mp_int b, mp_int bi)
{
mp_int_init(b);
mp_int_init(bi);
random_num(b, mp_int_count_bits(n));
mp_int_mod(b, n, b);
mp_int_invmod(b, n, bi);
}
static void
blind(mp_int in, mp_int b, mp_int e, mp_int n)
{
mpz_t t1;
mp_int_init(&t1);
/* in' = (in * b^e) mod n */
mp_int_exptmod(b, e, n, &t1);
mp_int_mul(&t1, in, in);
mp_int_mod(in, n, in);
mp_int_clear(&t1);
}
static void
unblind(mp_int out, mp_int bi, mp_int n)
{
/* out' = (out * 1/b) mod n */
mp_int_mul(out, bi, out);
mp_int_mod(out, n, out);
}
static mp_result
rsa_private_calculate(mp_int in, mp_int p, mp_int q,
mp_int dmp1, mp_int dmq1, mp_int iqmp,
mp_int out)
{
mpz_t vp, vq, u;
mp_int_init(&vp); mp_int_init(&vq); mp_int_init(&u);
/* vq = c ^ (d mod (q - 1)) mod q */
/* vp = c ^ (d mod (p - 1)) mod p */
mp_int_mod(in, p, &u);
mp_int_exptmod(&u, dmp1, p, &vp);
mp_int_mod(in, q, &u);
mp_int_exptmod(&u, dmq1, q, &vq);
/* C2 = 1/q mod p (iqmp) */
/* u = (vp - vq)C2 mod p. */
mp_int_sub(&vp, &vq, &u);
if (mp_int_compare_zero(&u) < 0)
mp_int_add(&u, p, &u);
mp_int_mul(&u, iqmp, &u);
mp_int_mod(&u, p, &u);
/* c ^ d mod n = vq + u q */
mp_int_mul(&u, q, &u);
mp_int_add(&u, &vq, out);
mp_int_clear(&vp);
mp_int_clear(&vq);
mp_int_clear(&u);
return MP_OK;
}
/*
*
*/
static int
imath_rsa_public_encrypt(int flen, const unsigned char* from,
unsigned char* to, RSA* rsa, int padding)
{
unsigned char *p, *p0;
mp_result res;
size_t size, padlen;
mpz_t enc, dec, n, e;
if (padding != RSA_PKCS1_PADDING)
return -1;
size = RSA_size(rsa);
if (size < RSA_PKCS1_PADDING_SIZE || size - RSA_PKCS1_PADDING_SIZE < flen)
return -2;
BN2mpz(&n, rsa->n);
BN2mpz(&e, rsa->e);
p = p0 = malloc(size - 1);
if (p0 == NULL) {
mp_int_clear(&e);
mp_int_clear(&n);
return -3;
}
padlen = size - flen - 3;
assert(padlen >= 8);
*p++ = 2;
if (RAND_bytes(p, padlen) != 1) {
mp_int_clear(&e);
mp_int_clear(&n);
free(p0);
return -4;
}
while(padlen) {
if (*p == 0)
*p = 1;
padlen--;
p++;
}
*p++ = 0;
memcpy(p, from, flen);
p += flen;
assert((p - p0) == size - 1);
mp_int_init(&enc);
mp_int_init(&dec);
mp_int_read_unsigned(&dec, p0, size - 1);
free(p0);
res = mp_int_exptmod(&dec, &e, &n, &enc);
mp_int_clear(&dec);
mp_int_clear(&e);
mp_int_clear(&n);
{
size_t ssize;
ssize = mp_int_unsigned_len(&enc);
assert(size >= ssize);
mp_int_to_unsigned(&enc, to, ssize);
size = ssize;
}
mp_int_clear(&enc);
return size;
}
static int
imath_rsa_public_decrypt(int flen, const unsigned char* from,
unsigned char* to, RSA* rsa, int padding)
{
unsigned char *p;
mp_result res;
size_t size;
mpz_t s, us, n, e;
if (padding != RSA_PKCS1_PADDING)
return -1;
if (flen > RSA_size(rsa))
return -2;
BN2mpz(&n, rsa->n);
BN2mpz(&e, rsa->e);
#if 0
/* Check that the exponent is larger then 3 */
if (mp_int_compare_value(&e, 3) <= 0) {
mp_int_clear(&n);
mp_int_clear(&e);
return -3;
}
#endif
mp_int_init(&s);
mp_int_init(&us);
mp_int_read_unsigned(&s, rk_UNCONST(from), flen);
if (mp_int_compare(&s, &n) >= 0) {
mp_int_clear(&n);
mp_int_clear(&e);
return -4;
}
res = mp_int_exptmod(&s, &e, &n, &us);
mp_int_clear(&s);
mp_int_clear(&n);
mp_int_clear(&e);
if (res != MP_OK)
return -5;
p = to;
size = mp_int_unsigned_len(&us);
assert(size <= RSA_size(rsa));
mp_int_to_unsigned(&us, p, size);
mp_int_clear(&us);
/* head zero was skipped by mp_int_to_unsigned */
if (*p == 0)
return -6;
if (*p != 1)
return -7;
size--; p++;
while (size && *p == 0xff) {
size--; p++;
}
if (size == 0 || *p != 0)
return -8;
size--; p++;
memmove(to, p, size);
return size;
}
static int
imath_rsa_private_encrypt(int flen, const unsigned char* from,
unsigned char* to, RSA* rsa, int padding)
{
unsigned char *p, *p0;
mp_result res;
size_t size;
mpz_t in, out, n, e, b, bi;
int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0;
if (padding != RSA_PKCS1_PADDING)
return -1;
size = RSA_size(rsa);
if (size < RSA_PKCS1_PADDING_SIZE || size - RSA_PKCS1_PADDING_SIZE < flen)
return -2;
p0 = p = malloc(size);
*p++ = 0;
*p++ = 1;
memset(p, 0xff, size - flen - 3);
p += size - flen - 3;
*p++ = 0;
memcpy(p, from, flen);
p += flen;
assert((p - p0) == size);
BN2mpz(&n, rsa->n);
BN2mpz(&e, rsa->e);
mp_int_init(&in);
mp_int_init(&out);
mp_int_read_unsigned(&in, p0, size);
free(p0);
if(mp_int_compare_zero(&in) < 0 ||
mp_int_compare(&in, &n) >= 0) {
size = 0;
goto out;
}
if (blinding) {
setup_blind(&n, &b, &bi);
blind(&in, &b, &e, &n);
}
if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) {
mpz_t p, q, dmp1, dmq1, iqmp;
BN2mpz(&p, rsa->p);
BN2mpz(&q, rsa->q);
BN2mpz(&dmp1, rsa->dmp1);
BN2mpz(&dmq1, rsa->dmq1);
BN2mpz(&iqmp, rsa->iqmp);
res = rsa_private_calculate(&in, &p, &q, &dmp1, &dmq1, &iqmp, &out);
mp_int_clear(&p);
mp_int_clear(&q);
mp_int_clear(&dmp1);
mp_int_clear(&dmq1);
mp_int_clear(&iqmp);
} else {
mpz_t d;
BN2mpz(&d, rsa->d);
res = mp_int_exptmod(&in, &d, &n, &out);
mp_int_clear(&d);
if (res != MP_OK) {
size = 0;
goto out;
}
}
if (blinding) {
unblind(&out, &bi, &n);
mp_int_clear(&b);
mp_int_clear(&bi);
}
{
size_t ssize;
ssize = mp_int_unsigned_len(&out);
assert(size >= ssize);
mp_int_to_unsigned(&out, to, size);
size = ssize;
}
out:
mp_int_clear(&e);
mp_int_clear(&n);
mp_int_clear(&in);
mp_int_clear(&out);
return size;
}
static int
imath_rsa_private_decrypt(int flen, const unsigned char* from,
unsigned char* to, RSA* rsa, int padding)
{
unsigned char *ptr;
mp_result res;
size_t size;
mpz_t in, out, n, e, b, bi;
int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0;
if (padding != RSA_PKCS1_PADDING)
return -1;
size = RSA_size(rsa);
if (flen > size)
return -2;
mp_int_init(&in);
mp_int_init(&out);
BN2mpz(&n, rsa->n);
BN2mpz(&e, rsa->e);
res = mp_int_read_unsigned(&in, rk_UNCONST(from), flen);
if (res != MP_OK) {
size = -1;
goto out;
}
if(mp_int_compare_zero(&in) < 0 ||
mp_int_compare(&in, &n) >= 0) {
size = 0;
goto out;
}
if (blinding) {
setup_blind(&n, &b, &bi);
blind(&in, &b, &e, &n);
}
if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) {
mpz_t p, q, dmp1, dmq1, iqmp;
BN2mpz(&p, rsa->p);
BN2mpz(&q, rsa->q);
BN2mpz(&dmp1, rsa->dmp1);
BN2mpz(&dmq1, rsa->dmq1);
BN2mpz(&iqmp, rsa->iqmp);
res = rsa_private_calculate(&in, &p, &q, &dmp1, &dmq1, &iqmp, &out);
mp_int_clear(&p);
mp_int_clear(&q);
mp_int_clear(&dmp1);
mp_int_clear(&dmq1);
mp_int_clear(&iqmp);
} else {
mpz_t d;
if(mp_int_compare_zero(&in) < 0 ||
mp_int_compare(&in, &n) >= 0)
return MP_RANGE;
BN2mpz(&d, rsa->d);
res = mp_int_exptmod(&in, &d, &n, &out);
mp_int_clear(&d);
if (res != MP_OK) {
size = 0;
goto out;
}
}
if (blinding) {
unblind(&out, &bi, &n);
mp_int_clear(&b);
mp_int_clear(&bi);
}
ptr = to;
{
size_t ssize;
ssize = mp_int_unsigned_len(&out);
assert(size >= ssize);
mp_int_to_unsigned(&out, ptr, ssize);
size = ssize;
}
/* head zero was skipped by mp_int_to_unsigned */
if (*ptr != 2)
return -3;
size--; ptr++;
while (size && *ptr != 0) {
size--; ptr++;
}
if (size == 0)
return -4;
size--; ptr++;
memmove(to, ptr, size);
out:
mp_int_clear(&e);
mp_int_clear(&n);
mp_int_clear(&in);
mp_int_clear(&out);
return size;
}
static int
random_num(mp_int num, size_t len)
{
unsigned char *p;
mp_result res;
len = (len + 7) / 8;
p = malloc(len);
if (p == NULL)
return 1;
if (RAND_bytes(p, len) != 1) {
free(p);
return 1;
}
res = mp_int_read_unsigned(num, p, len);
free(p);
if (res != MP_OK)
return 1;
return 0;
}
#define CHECK(f, v) if ((f) != (v)) { goto out; }
static int
imath_rsa_generate_key(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
{
mpz_t el, p, q, n, d, dmp1, dmq1, iqmp, t1, t2, t3;
int counter, ret;
if (bits < 789)
return -1;
ret = -1;
mp_int_init(&el);
mp_int_init(&p);
mp_int_init(&q);
mp_int_init(&n);
mp_int_init(&d);
mp_int_init(&dmp1);
mp_int_init(&dmq1);
mp_int_init(&iqmp);
mp_int_init(&t1);
mp_int_init(&t2);
mp_int_init(&t3);
BN2mpz(&el, e);
/* generate p and q so that p != q and bits(pq) ~ bits */
counter = 0;
do {
BN_GENCB_call(cb, 2, counter++);
CHECK(random_num(&p, bits / 2 + 1), 0);
CHECK(mp_int_find_prime(&p), MP_TRUE);
CHECK(mp_int_sub_value(&p, 1, &t1), MP_OK);
CHECK(mp_int_gcd(&t1, &el, &t2), MP_OK);
} while(mp_int_compare_value(&t2, 1) != 0);
BN_GENCB_call(cb, 3, 0);
counter = 0;
do {
BN_GENCB_call(cb, 2, counter++);
CHECK(random_num(&q, bits / 2 + 1), 0);
CHECK(mp_int_find_prime(&q), MP_TRUE);
if (mp_int_compare(&p, &q) == 0) /* don't let p and q be the same */
continue;
CHECK(mp_int_sub_value(&q, 1, &t1), MP_OK);
CHECK(mp_int_gcd(&t1, &el, &t2), MP_OK);
} while(mp_int_compare_value(&t2, 1) != 0);
/* make p > q */
if (mp_int_compare(&p, &q) < 0)
mp_int_swap(&p, &q);
BN_GENCB_call(cb, 3, 1);
/* calculate n, n = p * q */
CHECK(mp_int_mul(&p, &q, &n), MP_OK);
/* calculate d, d = 1/e mod (p - 1)(q - 1) */
CHECK(mp_int_sub_value(&p, 1, &t1), MP_OK);
CHECK(mp_int_sub_value(&q, 1, &t2), MP_OK);
CHECK(mp_int_mul(&t1, &t2, &t3), MP_OK);
CHECK(mp_int_invmod(&el, &t3, &d), MP_OK);
/* calculate dmp1 dmp1 = d mod (p-1) */
CHECK(mp_int_mod(&d, &t1, &dmp1), MP_OK);
/* calculate dmq1 dmq1 = d mod (q-1) */
CHECK(mp_int_mod(&d, &t2, &dmq1), MP_OK);
/* calculate iqmp iqmp = 1/q mod p */
CHECK(mp_int_invmod(&q, &p, &iqmp), MP_OK);
/* fill in RSA key */
rsa->e = mpz2BN(&el);
rsa->p = mpz2BN(&p);
rsa->q = mpz2BN(&q);
rsa->n = mpz2BN(&n);
rsa->d = mpz2BN(&d);
rsa->dmp1 = mpz2BN(&dmp1);
rsa->dmq1 = mpz2BN(&dmq1);
rsa->iqmp = mpz2BN(&iqmp);
ret = 1;
out:
mp_int_clear(&el);
mp_int_clear(&p);
mp_int_clear(&q);
mp_int_clear(&n);
mp_int_clear(&d);
mp_int_clear(&dmp1);
mp_int_clear(&dmq1);
mp_int_clear(&iqmp);
mp_int_clear(&t1);
mp_int_clear(&t2);
mp_int_clear(&t3);
return ret;
}
static int
imath_rsa_init(RSA *rsa)
{
return 1;
}
static int
imath_rsa_finish(RSA *rsa)
{
return 1;
}
const RSA_METHOD hc_rsa_imath_method = {
"hcrypto imath RSA",
imath_rsa_public_encrypt,
imath_rsa_public_decrypt,
imath_rsa_private_encrypt,
imath_rsa_private_decrypt,
NULL,
NULL,
imath_rsa_init,
imath_rsa_finish,
0,
NULL,
NULL,
NULL,
imath_rsa_generate_key
};
const RSA_METHOD *
RSA_imath_method(void)
{
return &hc_rsa_imath_method;
}

472
lib/hcrypto/rsa.c Normal file
View File

@@ -0,0 +1,472 @@
/*
* Copyright (c) 2006 - 2007 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <krb5-types.h>
#include <rfc2459_asn1.h>
#include <rsa.h>
#include <roken.h>
RSA *
RSA_new(void)
{
return RSA_new_method(NULL);
}
RSA *
RSA_new_method(ENGINE *engine)
{
RSA *rsa;
rsa = calloc(1, sizeof(*rsa));
if (rsa == NULL)
return NULL;
rsa->references = 1;
if (engine) {
ENGINE_up_ref(engine);
rsa->engine = engine;
} else {
rsa->engine = ENGINE_get_default_RSA();
}
if (rsa->engine) {
rsa->meth = ENGINE_get_RSA(rsa->engine);
if (rsa->meth == NULL) {
ENGINE_finish(engine);
free(rsa);
return 0;
}
}
if (rsa->meth == NULL)
rsa->meth = rk_UNCONST(RSA_get_default_method());
(*rsa->meth->init)(rsa);
return rsa;
}
void
RSA_free(RSA *rsa)
{
if (rsa->references <= 0)
abort();
if (--rsa->references > 0)
return;
(*rsa->meth->finish)(rsa);
if (rsa->engine)
ENGINE_finish(rsa->engine);
#define free_if(f) if (f) { BN_free(f); }
free_if(rsa->n);
free_if(rsa->e);
free_if(rsa->d);
free_if(rsa->p);
free_if(rsa->q);
free_if(rsa->dmp1);
free_if(rsa->dmq1);
free_if(rsa->iqmp);
#undef free_if
memset(rsa, 0, sizeof(*rsa));
free(rsa);
}
int
RSA_up_ref(RSA *rsa)
{
return ++rsa->references;
}
const RSA_METHOD *
RSA_get_method(const RSA *rsa)
{
return rsa->meth;
}
int
RSA_set_method(RSA *rsa, const RSA_METHOD *method)
{
(*rsa->meth->finish)(rsa);
if (rsa->engine) {
ENGINE_finish(rsa->engine);
rsa->engine = NULL;
}
rsa->meth = method;
(*rsa->meth->init)(rsa);
return 1;
}
int
RSA_set_app_data(RSA *rsa, void *arg)
{
rsa->ex_data.sk = arg;
return 1;
}
void *
RSA_get_app_data(RSA *rsa)
{
return rsa->ex_data.sk;
}
int
RSA_check_key(const RSA *key)
{
static const unsigned char inbuf[] = "hello, world!";
RSA *rsa = rk_UNCONST(key);
void *buffer;
int ret;
/*
* XXX I have no clue how to implement this w/o a bignum library.
* Well, when we have a RSA key pair, we can try to encrypt/sign
* and then decrypt/verify.
*/
if ((rsa->d == NULL || rsa->n == NULL) &&
(rsa->p == NULL || rsa->q || rsa->dmp1 == NULL || rsa->dmq1 == NULL || rsa->iqmp == NULL))
return 0;
buffer = malloc(RSA_size(rsa));
if (buffer == NULL)
return 0;
ret = RSA_private_encrypt(sizeof(inbuf), inbuf, buffer,
rsa, RSA_PKCS1_PADDING);
if (ret == -1) {
free(buffer);
return 0;
}
ret = RSA_public_decrypt(ret, buffer, buffer,
rsa, RSA_PKCS1_PADDING);
if (ret == -1) {
free(buffer);
return 0;
}
if (ret == sizeof(inbuf) && memcmp(buffer, inbuf, sizeof(inbuf)) == 0) {
free(buffer);
return 1;
}
free(buffer);
return 0;
}
int
RSA_size(const RSA *rsa)
{
return BN_num_bytes(rsa->n);
}
#define RSAFUNC(name, body) \
int \
name(int flen,const unsigned char* f, unsigned char* t, RSA* r, int p){\
return body; \
}
RSAFUNC(RSA_public_encrypt, (r)->meth->rsa_pub_enc(flen, f, t, r, p))
RSAFUNC(RSA_public_decrypt, (r)->meth->rsa_pub_dec(flen, f, t, r, p))
RSAFUNC(RSA_private_encrypt, (r)->meth->rsa_priv_enc(flen, f, t, r, p))
RSAFUNC(RSA_private_decrypt, (r)->meth->rsa_priv_dec(flen, f, t, r, p))
/* XXX */
int
RSA_sign(int type, const unsigned char *from, unsigned int flen,
unsigned char *to, unsigned int *tlen, RSA *rsa)
{
return -1;
}
int
RSA_verify(int type, const unsigned char *from, unsigned int flen,
unsigned char *to, unsigned int tlen, RSA *rsa)
{
return -1;
}
/*
* A NULL RSA_METHOD that returns failure for all operations. This is
* used as the default RSA method if we don't have any native
* support.
*/
static RSAFUNC(null_rsa_public_encrypt, -1)
static RSAFUNC(null_rsa_public_decrypt, -1)
static RSAFUNC(null_rsa_private_encrypt, -1)
static RSAFUNC(null_rsa_private_decrypt, -1)
/*
*
*/
int
RSA_generate_key_ex(RSA *r, int bits, BIGNUM *e, BN_GENCB *cb)
{
if (r->meth->rsa_keygen)
return (*r->meth->rsa_keygen)(r, bits, e, cb);
return 0;
}
/*
*
*/
static int
null_rsa_init(RSA *rsa)
{
return 1;
}
static int
null_rsa_finish(RSA *rsa)
{
return 1;
}
static const RSA_METHOD rsa_null_method = {
"hcrypto null RSA",
null_rsa_public_encrypt,
null_rsa_public_decrypt,
null_rsa_private_encrypt,
null_rsa_private_decrypt,
NULL,
NULL,
null_rsa_init,
null_rsa_finish,
0,
NULL,
NULL,
NULL
};
const RSA_METHOD *
RSA_null_method(void)
{
return &rsa_null_method;
}
extern const RSA_METHOD hc_rsa_imath_method;
static const RSA_METHOD *default_rsa_method = &hc_rsa_imath_method;
const RSA_METHOD *
RSA_get_default_method(void)
{
return default_rsa_method;
}
void
RSA_set_default_method(const RSA_METHOD *meth)
{
default_rsa_method = meth;
}
/*
*
*/
static BIGNUM *
heim_int2BN(const heim_integer *i)
{
BIGNUM *bn;
bn = BN_bin2bn(i->data, i->length, NULL);
if (bn)
BN_set_negative(bn, i->negative);
return bn;
}
static int
bn2heim_int(BIGNUM *bn, heim_integer *integer)
{
integer->length = BN_num_bytes(bn);
integer->data = malloc(integer->length);
if (integer->data == NULL) {
integer->length = 0;
return ENOMEM;
}
BN_bn2bin(bn, integer->data);
integer->negative = BN_is_negative(bn);
return 0;
}
RSA *
d2i_RSAPrivateKey(RSA *rsa, const unsigned char **pp, size_t len)
{
RSAPrivateKey data;
RSA *k = rsa;
size_t size;
int ret;
ret = decode_RSAPrivateKey(*pp, len, &data, &size);
if (ret)
return NULL;
*pp += size;
if (k == NULL) {
k = RSA_new();
if (k == NULL) {
free_RSAPrivateKey(&data);
return NULL;
}
}
k->n = heim_int2BN(&data.modulus);
k->e = heim_int2BN(&data.publicExponent);
k->d = heim_int2BN(&data.privateExponent);
k->p = heim_int2BN(&data.prime1);
k->q = heim_int2BN(&data.prime2);
k->dmp1 = heim_int2BN(&data.exponent1);
k->dmq1 = heim_int2BN(&data.exponent2);
k->iqmp = heim_int2BN(&data.coefficient);
free_RSAPrivateKey(&data);
if (k->n == NULL || k->e == NULL || k->d == NULL || k->p == NULL ||
k->q == NULL || k->dmp1 == NULL || k->dmq1 == NULL || k->iqmp == NULL)
{
RSA_free(k);
return NULL;
}
return k;
}
int
i2d_RSAPrivateKey(RSA *rsa, unsigned char **pp)
{
RSAPrivateKey data;
size_t size;
int ret;
if (rsa->n == NULL || rsa->e == NULL || rsa->d == NULL || rsa->p == NULL ||
rsa->q == NULL || rsa->dmp1 == NULL || rsa->dmq1 == NULL ||
rsa->iqmp == NULL)
return -1;
memset(&data, 0, sizeof(data));
ret = bn2heim_int(rsa->n, &data.modulus);
ret |= bn2heim_int(rsa->e, &data.publicExponent);
ret |= bn2heim_int(rsa->d, &data.privateExponent);
ret |= bn2heim_int(rsa->p, &data.prime1);
ret |= bn2heim_int(rsa->q, &data.prime2);
ret |= bn2heim_int(rsa->dmp1, &data.exponent1);
ret |= bn2heim_int(rsa->dmq1, &data.exponent2);
ret |= bn2heim_int(rsa->iqmp, &data.coefficient);
if (ret) {
free_RSAPrivateKey(&data);
return -1;
}
if (pp == NULL) {
size = length_RSAPrivateKey(&data);
free_RSAPrivateKey(&data);
} else {
void *p;
size_t len;
ASN1_MALLOC_ENCODE(RSAPrivateKey, p, len, &data, &size, ret);
free_RSAPrivateKey(&data);
if (ret)
return -1;
if (len != size)
abort();
memcpy(*pp, p, size);
free(p);
*pp += size;
}
return size;
}
int
i2d_RSAPublicKey(RSA *rsa, unsigned char **pp)
{
RSAPublicKey data;
size_t size;
int ret;
memset(&data, 0, sizeof(data));
if (bn2heim_int(rsa->n, &data.modulus) ||
bn2heim_int(rsa->e, &data.publicExponent))
{
free_RSAPublicKey(&data);
return -1;
}
if (pp == NULL) {
size = length_RSAPublicKey(&data);
free_RSAPublicKey(&data);
} else {
void *p;
size_t len;
ASN1_MALLOC_ENCODE(RSAPublicKey, p, len, &data, &size, ret);
free_RSAPublicKey(&data);
if (ret)
return -1;
if (len != size)
abort();
memcpy(*pp, p, size);
free(p);
*pp += size;
}
return size;
}

175
lib/hcrypto/rsa.h Normal file
View File

@@ -0,0 +1,175 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* $Id$
*/
#ifndef _HEIM_RSA_H
#define _HEIM_RSA_H 1
/* symbol renaming */
#define RSA_null_method hc_RSA_null_method
#define RSA_imath_method hc_RSA_imath_method
#define RSA_new hc_RSA_new
#define RSA_new_method hc_RSA_new_method
#define RSA_free hc_RSA_free
#define RSA_up_ref hc_RSA_up_ref
#define RSA_set_default_method hc_RSA_set_default_method
#define RSA_get_default_method hc_RSA_get_default_method
#define RSA_set_method hc_RSA_set_method
#define RSA_get_method hc_RSA_get_method
#define RSA_set_app_data hc_RSA_set_app_data
#define RSA_get_app_data hc_RSA_get_app_data
#define RSA_check_key hc_RSA_check_key
#define RSA_size hc_RSA_size
#define RSA_public_encrypt hc_RSA_public_encrypt
#define RSA_public_decrypt hc_RSA_public_decrypt
#define RSA_private_encrypt hc_RSA_private_encrypt
#define RSA_private_decrypt hc_RSA_private_decrypt
#define RSA_sign hc_RSA_sign
#define RSA_verify hc_RSA_verify
#define RSA_generate_key_ex hc_RSA_generate_key_ex
#define d2i_RSAPrivateKey hc_d2i_RSAPrivateKey
#define i2d_RSAPrivateKey hc_i2d_RSAPrivateKey
#define i2d_RSAPublicKey hc_i2d_RSAPublicKey
/*
*
*/
typedef struct RSA RSA;
typedef struct RSA_METHOD RSA_METHOD;
#include <hcrypto/bn.h>
#include <hcrypto/engine.h>
struct RSA_METHOD {
const char *name;
int (*rsa_pub_enc)(int,const unsigned char *, unsigned char *, RSA *,int);
int (*rsa_pub_dec)(int,const unsigned char *, unsigned char *, RSA *,int);
int (*rsa_priv_enc)(int,const unsigned char *, unsigned char *, RSA *,int);
int (*rsa_priv_dec)(int,const unsigned char *, unsigned char *, RSA *,int);
void *rsa_mod_exp;
void *bn_mod_exp;
int (*init)(RSA *rsa);
int (*finish)(RSA *rsa);
int flags;
char *app_data;
int (*rsa_sign)(int, const unsigned char *, unsigned int,
unsigned char *, unsigned int *, const RSA *);
int (*rsa_verify)(int, const unsigned char *, unsigned int,
unsigned char *, unsigned int, const RSA *);
int (*rsa_keygen)(RSA *, int, BIGNUM *, BN_GENCB *);
};
struct RSA {
int pad;
long version;
const RSA_METHOD *meth;
void *engine;
BIGNUM *n;
BIGNUM *e;
BIGNUM *d;
BIGNUM *p;
BIGNUM *q;
BIGNUM *dmp1;
BIGNUM *dmq1;
BIGNUM *iqmp;
struct rsa_CRYPTO_EX_DATA {
void *sk;
int dummy;
} ex_data;
int references;
int flags;
void *_method_mod_n;
void *_method_mod_p;
void *_method_mod_q;
char *bignum_data;
void *blinding;
void *mt_blinding;
};
#define RSA_FLAG_NO_BLINDING 0x0080
#define RSA_PKCS1_PADDING 1
#define RSA_PKCS1_OAEP_PADDING 4
#define RSA_PKCS1_PADDING_SIZE 11
/*
*
*/
const RSA_METHOD *RSA_null_method(void);
const RSA_METHOD *RSA_imath_method(void);
/*
*
*/
RSA * RSA_new(void);
RSA * RSA_new_method(ENGINE *);
void RSA_free(RSA *);
int RSA_up_ref(RSA *);
void RSA_set_default_method(const RSA_METHOD *);
const RSA_METHOD * RSA_get_default_method(void);
const RSA_METHOD * RSA_get_method(const RSA *);
int RSA_set_method(RSA *, const RSA_METHOD *);
int RSA_set_app_data(RSA *, void *arg);
void * RSA_get_app_data(RSA *);
int RSA_check_key(const RSA *);
int RSA_size(const RSA *);
int RSA_public_encrypt(int,const unsigned char*,unsigned char*,RSA *,int);
int RSA_private_encrypt(int,const unsigned char*,unsigned char*,RSA *,int);
int RSA_public_decrypt(int,const unsigned char*,unsigned char*,RSA *,int);
int RSA_private_decrypt(int,const unsigned char*,unsigned char*,RSA *,int);
int RSA_sign(int, const unsigned char *, unsigned int,
unsigned char *, unsigned int *, RSA *);
int RSA_verify(int, const unsigned char *, unsigned int,
unsigned char *, unsigned int, RSA *);
int RSA_generate_key_ex(RSA *, int, BIGNUM *, BN_GENCB *);
RSA * d2i_RSAPrivateKey(RSA *, const unsigned char **, size_t);
int i2d_RSAPrivateKey(RSA *, unsigned char **);
int i2d_RSAPublicKey(RSA *, unsigned char **);
#endif /* _HEIM_RSA_H */

BIN
lib/hcrypto/rsakey.der Normal file
View File

Binary file not shown.

300
lib/hcrypto/sha.c Normal file
View File

@@ -0,0 +1,300 @@
/*
* Copyright (c) 1995 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
RCSID("$Id$");
#endif
#include "hash.h"
#include "sha.h"
#define A m->counter[0]
#define B m->counter[1]
#define C m->counter[2]
#define D m->counter[3]
#define E m->counter[4]
#define X data
void
SHA1_Init (struct sha *m)
{
m->sz[0] = 0;
m->sz[1] = 0;
A = 0x67452301;
B = 0xefcdab89;
C = 0x98badcfe;
D = 0x10325476;
E = 0xc3d2e1f0;
}
#define F0(x,y,z) CRAYFIX((x & y) | (~x & z))
#define F1(x,y,z) (x ^ y ^ z)
#define F2(x,y,z) ((x & y) | (x & z) | (y & z))
#define F3(x,y,z) F1(x,y,z)
#define K0 0x5a827999
#define K1 0x6ed9eba1
#define K2 0x8f1bbcdc
#define K3 0xca62c1d6
#define DO(t,f,k) \
do { \
uint32_t temp; \
\
temp = cshift(AA, 5) + f(BB,CC,DD) + EE + data[t] + k; \
EE = DD; \
DD = CC; \
CC = cshift(BB, 30); \
BB = AA; \
AA = temp; \
} while(0)
static inline void
calc (struct sha *m, uint32_t *in)
{
uint32_t AA, BB, CC, DD, EE;
uint32_t data[80];
int i;
AA = A;
BB = B;
CC = C;
DD = D;
EE = E;
for (i = 0; i < 16; ++i)
data[i] = in[i];
for (i = 16; i < 80; ++i)
data[i] = cshift(data[i-3] ^ data[i-8] ^ data[i-14] ^ data[i-16], 1);
/* t=[0,19] */
DO(0,F0,K0);
DO(1,F0,K0);
DO(2,F0,K0);
DO(3,F0,K0);
DO(4,F0,K0);
DO(5,F0,K0);
DO(6,F0,K0);
DO(7,F0,K0);
DO(8,F0,K0);
DO(9,F0,K0);
DO(10,F0,K0);
DO(11,F0,K0);
DO(12,F0,K0);
DO(13,F0,K0);
DO(14,F0,K0);
DO(15,F0,K0);
DO(16,F0,K0);
DO(17,F0,K0);
DO(18,F0,K0);
DO(19,F0,K0);
/* t=[20,39] */
DO(20,F1,K1);
DO(21,F1,K1);
DO(22,F1,K1);
DO(23,F1,K1);
DO(24,F1,K1);
DO(25,F1,K1);
DO(26,F1,K1);
DO(27,F1,K1);
DO(28,F1,K1);
DO(29,F1,K1);
DO(30,F1,K1);
DO(31,F1,K1);
DO(32,F1,K1);
DO(33,F1,K1);
DO(34,F1,K1);
DO(35,F1,K1);
DO(36,F1,K1);
DO(37,F1,K1);
DO(38,F1,K1);
DO(39,F1,K1);
/* t=[40,59] */
DO(40,F2,K2);
DO(41,F2,K2);
DO(42,F2,K2);
DO(43,F2,K2);
DO(44,F2,K2);
DO(45,F2,K2);
DO(46,F2,K2);
DO(47,F2,K2);
DO(48,F2,K2);
DO(49,F2,K2);
DO(50,F2,K2);
DO(51,F2,K2);
DO(52,F2,K2);
DO(53,F2,K2);
DO(54,F2,K2);
DO(55,F2,K2);
DO(56,F2,K2);
DO(57,F2,K2);
DO(58,F2,K2);
DO(59,F2,K2);
/* t=[60,79] */
DO(60,F3,K3);
DO(61,F3,K3);
DO(62,F3,K3);
DO(63,F3,K3);
DO(64,F3,K3);
DO(65,F3,K3);
DO(66,F3,K3);
DO(67,F3,K3);
DO(68,F3,K3);
DO(69,F3,K3);
DO(70,F3,K3);
DO(71,F3,K3);
DO(72,F3,K3);
DO(73,F3,K3);
DO(74,F3,K3);
DO(75,F3,K3);
DO(76,F3,K3);
DO(77,F3,K3);
DO(78,F3,K3);
DO(79,F3,K3);
A += AA;
B += BB;
C += CC;
D += DD;
E += EE;
}
/*
* From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu>
*/
#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
static inline uint32_t
swap_uint32_t (uint32_t t)
{
#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n)))
uint32_t temp1, temp2;
temp1 = cshift(t, 16);
temp2 = temp1 >> 8;
temp1 &= 0x00ff00ff;
temp2 &= 0x00ff00ff;
temp1 <<= 8;
return temp1 | temp2;
}
#endif
struct x32{
unsigned int a:32;
unsigned int b:32;
};
void
SHA1_Update (struct sha *m, const void *v, size_t len)
{
const unsigned char *p = v;
size_t old_sz = m->sz[0];
size_t offset;
m->sz[0] += len * 8;
if (m->sz[0] < old_sz)
++m->sz[1];
offset = (old_sz / 8) % 64;
while(len > 0){
size_t l = min(len, 64 - offset);
memcpy(m->save + offset, p, l);
offset += l;
p += l;
len -= l;
if(offset == 64){
#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
int i;
uint32_t current[16];
struct x32 *u = (struct x32*)m->save;
for(i = 0; i < 8; i++){
current[2*i+0] = swap_uint32_t(u[i].a);
current[2*i+1] = swap_uint32_t(u[i].b);
}
calc(m, current);
#else
calc(m, (uint32_t*)m->save);
#endif
offset = 0;
}
}
}
void
SHA1_Final (void *res, struct sha *m)
{
unsigned char zeros[72];
unsigned offset = (m->sz[0] / 8) % 64;
unsigned int dstart = (120 - offset - 1) % 64 + 1;
*zeros = 0x80;
memset (zeros + 1, 0, sizeof(zeros) - 1);
zeros[dstart+7] = (m->sz[0] >> 0) & 0xff;
zeros[dstart+6] = (m->sz[0] >> 8) & 0xff;
zeros[dstart+5] = (m->sz[0] >> 16) & 0xff;
zeros[dstart+4] = (m->sz[0] >> 24) & 0xff;
zeros[dstart+3] = (m->sz[1] >> 0) & 0xff;
zeros[dstart+2] = (m->sz[1] >> 8) & 0xff;
zeros[dstart+1] = (m->sz[1] >> 16) & 0xff;
zeros[dstart+0] = (m->sz[1] >> 24) & 0xff;
SHA1_Update (m, zeros, dstart + 8);
{
int i;
unsigned char *r = (unsigned char*)res;
for (i = 0; i < 5; ++i) {
r[4*i+3] = m->counter[i] & 0xFF;
r[4*i+2] = (m->counter[i] >> 8) & 0xFF;
r[4*i+1] = (m->counter[i] >> 16) & 0xFF;
r[4*i] = (m->counter[i] >> 24) & 0xFF;
}
}
#if 0
{
int i;
uint32_t *r = (uint32_t *)res;
for (i = 0; i < 5; ++i)
r[i] = swap_uint32_t (m->counter[i]);
}
#endif
}

83
lib/hcrypto/sha.h Normal file
View File

@@ -0,0 +1,83 @@
/*
* Copyright (c) 1995 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
#ifndef HEIM_SHA_H
#define HEIM_SHA_H 1
/* symbol renaming */
#define SHA1_Init hc_SHA1_Init
#define SHA1_Update hc_SHA1_Update
#define SHA1_Final hc_SHA1_Final
#define SHA256_Init hc_SHA256_Init
#define SHA256_Update hc_SHA256_Update
#define SHA256_Final hc_SHA256_Final
/*
* SHA-1
*/
#define SHA_DIGEST_LENGTH 20
struct sha {
unsigned int sz[2];
uint32_t counter[5];
unsigned char save[64];
};
typedef struct sha SHA_CTX;
void SHA1_Init (struct sha *m);
void SHA1_Update (struct sha *m, const void *v, size_t len);
void SHA1_Final (void *res, struct sha *m);
/*
* SHA-2 256
*/
#define SHA256_DIGEST_LENGTH 32
struct hc_sha256state {
unsigned int sz[2];
uint32_t counter[8];
unsigned char save[64];
};
typedef struct hc_sha256state SHA256_CTX;
void SHA256_Init (SHA256_CTX *);
void SHA256_Update (SHA256_CTX *, const void *, size_t);
void SHA256_Final (void *, SHA256_CTX *);
#endif /* HEIM_SHA_H */

233
lib/hcrypto/sha256.c Normal file
View File

@@ -0,0 +1,233 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
RCSID("$Id$");
#endif
#include "hash.h"
#include "sha.h"
#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#define ROTR(x,n) (((x)>>(n)) | ((x) << (32 - (n))))
#define Sigma0(x) (ROTR(x,2) ^ ROTR(x,13) ^ ROTR(x,22))
#define Sigma1(x) (ROTR(x,6) ^ ROTR(x,11) ^ ROTR(x,25))
#define sigma0(x) (ROTR(x,7) ^ ROTR(x,18) ^ ((x)>>3))
#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ ((x)>>10))
#define A m->counter[0]
#define B m->counter[1]
#define C m->counter[2]
#define D m->counter[3]
#define E m->counter[4]
#define F m->counter[5]
#define G m->counter[6]
#define H m->counter[7]
static const uint32_t constant_256[64] = {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};
void
SHA256_Init (SHA256_CTX *m)
{
m->sz[0] = 0;
m->sz[1] = 0;
A = 0x6a09e667;
B = 0xbb67ae85;
C = 0x3c6ef372;
D = 0xa54ff53a;
E = 0x510e527f;
F = 0x9b05688c;
G = 0x1f83d9ab;
H = 0x5be0cd19;
}
static void
calc (SHA256_CTX *m, uint32_t *in)
{
uint32_t AA, BB, CC, DD, EE, FF, GG, HH;
uint32_t data[64];
int i;
AA = A;
BB = B;
CC = C;
DD = D;
EE = E;
FF = F;
GG = G;
HH = H;
for (i = 0; i < 16; ++i)
data[i] = in[i];
for (i = 16; i < 64; ++i)
data[i] = sigma1(data[i-2]) + data[i-7] +
sigma0(data[i-15]) + data[i - 16];
for (i = 0; i < 64; i++) {
uint32_t T1, T2;
T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i];
T2 = Sigma0(AA) + Maj(AA,BB,CC);
HH = GG;
GG = FF;
FF = EE;
EE = DD + T1;
DD = CC;
CC = BB;
BB = AA;
AA = T1 + T2;
}
A += AA;
B += BB;
C += CC;
D += DD;
E += EE;
F += FF;
G += GG;
H += HH;
}
/*
* From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu>
*/
#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
static inline uint32_t
swap_uint32_t (uint32_t t)
{
#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n)))
uint32_t temp1, temp2;
temp1 = cshift(t, 16);
temp2 = temp1 >> 8;
temp1 &= 0x00ff00ff;
temp2 &= 0x00ff00ff;
temp1 <<= 8;
return temp1 | temp2;
}
#endif
struct x32{
unsigned int a:32;
unsigned int b:32;
};
void
SHA256_Update (SHA256_CTX *m, const void *v, size_t len)
{
const unsigned char *p = v;
size_t old_sz = m->sz[0];
size_t offset;
m->sz[0] += len * 8;
if (m->sz[0] < old_sz)
++m->sz[1];
offset = (old_sz / 8) % 64;
while(len > 0){
size_t l = min(len, 64 - offset);
memcpy(m->save + offset, p, l);
offset += l;
p += l;
len -= l;
if(offset == 64){
#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
int i;
uint32_t current[16];
struct x32 *u = (struct x32*)m->save;
for(i = 0; i < 8; i++){
current[2*i+0] = swap_uint32_t(u[i].a);
current[2*i+1] = swap_uint32_t(u[i].b);
}
calc(m, current);
#else
calc(m, (uint32_t*)m->save);
#endif
offset = 0;
}
}
}
void
SHA256_Final (void *res, SHA256_CTX *m)
{
unsigned char zeros[72];
unsigned offset = (m->sz[0] / 8) % 64;
unsigned int dstart = (120 - offset - 1) % 64 + 1;
*zeros = 0x80;
memset (zeros + 1, 0, sizeof(zeros) - 1);
zeros[dstart+7] = (m->sz[0] >> 0) & 0xff;
zeros[dstart+6] = (m->sz[0] >> 8) & 0xff;
zeros[dstart+5] = (m->sz[0] >> 16) & 0xff;
zeros[dstart+4] = (m->sz[0] >> 24) & 0xff;
zeros[dstart+3] = (m->sz[1] >> 0) & 0xff;
zeros[dstart+2] = (m->sz[1] >> 8) & 0xff;
zeros[dstart+1] = (m->sz[1] >> 16) & 0xff;
zeros[dstart+0] = (m->sz[1] >> 24) & 0xff;
SHA256_Update (m, zeros, dstart + 8);
{
int i;
unsigned char *r = (unsigned char*)res;
for (i = 0; i < 8; ++i) {
r[4*i+3] = m->counter[i] & 0xFF;
r[4*i+2] = (m->counter[i] >> 8) & 0xFF;
r[4*i+1] = (m->counter[i] >> 16) & 0xFF;
r[4*i] = (m->counter[i] >> 24) & 0xFF;
}
}
}

354
lib/hcrypto/test_bn.c Normal file
View File

@@ -0,0 +1,354 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef RCSID
RCSID("$Id$");
#endif
#include <sys/types.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <bn.h>
static int
set_get(unsigned long num)
{
BIGNUM *bn;
bn = BN_new();
if (!BN_set_word(bn, num))
return 1;
if (BN_get_word(bn) != num)
return 1;
BN_free(bn);
return 0;
}
#define CHECK(x) do { ret += x; } while(0)
static int
test_BN_set_get(void)
{
int ret = 0;
CHECK(set_get(0));
CHECK(set_get(1));
CHECK(set_get(0xff));
CHECK(set_get(0x1ff));
CHECK(set_get(0xffff));
CHECK(set_get(0xf000));
CHECK(set_get(ULONG_MAX / 2));
CHECK(set_get(ULONG_MAX - 1));
return ret;
}
static int
test_BN_bit(void)
{
BIGNUM *bn;
int ret = 0;
bn = BN_new();
/* test setting and getting of "word" */
if (!BN_set_word(bn, 1))
return 1;
if (!BN_is_bit_set(bn, 0))
ret += 1;
if (!BN_is_bit_set(bn, 0))
ret += 1;
if (!BN_set_word(bn, 2))
return 1;
if (!BN_is_bit_set(bn, 1))
ret += 1;
if (!BN_set_word(bn, 3))
return 1;
if (!BN_is_bit_set(bn, 0))
ret += 1;
if (!BN_is_bit_set(bn, 1))
ret += 1;
if (!BN_set_word(bn, 0x100))
return 1;
if (!BN_is_bit_set(bn, 8))
ret += 1;
if (!BN_set_word(bn, 0x1000))
return 1;
if (!BN_is_bit_set(bn, 12))
ret += 1;
/* test bitsetting */
if (!BN_set_word(bn, 1))
return 1;
if (!BN_set_bit(bn, 1))
return 1;
if (BN_get_word(bn) != 3)
return 1;
if (!BN_clear_bit(bn, 0))
return 1;
if (BN_get_word(bn) != 2)
return 1;
/* test bitsetting past end of current end */
BN_clear(bn);
if (!BN_set_bit(bn, 12))
return 1;
if (BN_get_word(bn) != 0x1000)
return 1;
/* test bit and byte counting functions */
if (BN_num_bits(bn) != 13)
return 1;
if (BN_num_bytes(bn) != 2)
return 1;
BN_free(bn);
return ret;
}
struct ietest {
char *data;
size_t len;
unsigned long num;
} ietests[] = {
{ "", 0, 0 },
{ "\x01", 1, 1 },
{ "\x02", 1, 2 },
{ "\xf2", 1, 0xf2 },
{ "\x01\x00", 2, 256 }
};
static int
test_BN_import_export(void)
{
BIGNUM *bn;
int ret = 0;
int i;
bn = BN_new();
for (i = 0; i < sizeof(ietests)/sizeof(ietests[0]); i++) {
size_t len;
unsigned char *p;
if (!BN_bin2bn((unsigned char*)ietests[i].data, ietests[i].len, bn))
return 1;
if (BN_get_word(bn) != ietests[i].num)
return 1;
len = BN_num_bytes(bn);
if (len != ietests[i].len)
return 1;
p = malloc(len + 1);
p[len] = 0xf4;
BN_bn2bin(bn, p);
if (p[len] != 0xf4)
return 1;
if (memcmp(p, ietests[i].data, ietests[i].len) != 0)
return 1;
free(p);
}
BN_free(bn);
return ret;
}
static int
test_BN_uadd(void)
{
BIGNUM *a, *b, *c;
char *p;
a = BN_new();
b = BN_new();
c = BN_new();
BN_set_word(a, 1);
BN_set_word(b, 2);
BN_uadd(c, a, b);
if (BN_get_word(c) != 3)
return 1;
BN_uadd(c, b, a);
if (BN_get_word(c) != 3)
return 1;
BN_set_word(b, 0xff);
BN_uadd(c, a, b);
if (BN_get_word(c) != 0x100)
return 1;
BN_uadd(c, b, a);
if (BN_get_word(c) != 0x100)
return 1;
BN_set_word(a, 0xff);
BN_uadd(c, a, b);
if (BN_get_word(c) != 0x1fe)
return 1;
BN_uadd(c, b, a);
if (BN_get_word(c) != 0x1fe)
return 1;
BN_free(a);
BN_free(b);
BN_hex2bn(&a, "50212A3B611D46642C825A16A354CE0FD4D85DD2");
BN_hex2bn(&b, "84B6C7E8D28ACA1614954DA");
BN_uadd(c, b, a);
p = BN_bn2hex(c);
if (strcmp(p, "50212A3B611D466434CDC695307D7AB13621B2AC") != 0) {
free(p);
return 1;
}
BN_uadd(c, a, b);
p = BN_bn2hex(c);
if (strcmp(p, "50212A3B611D466434CDC695307D7AB13621B2AC") != 0) {
free(p);
return 1;
}
free(p);
BN_free(a);
BN_free(b);
BN_free(c);
return 0;
}
static int
test_BN_cmp(void)
{
BIGNUM *a, *b;
a = BN_new();
b = BN_new();
if (!BN_set_word(a, 1))
return 1;
if (!BN_set_word(b, 1))
return 1;
if (BN_cmp(a, b) != 0)
return 1;
if (BN_cmp(b, a) != 0)
return 1;
if (!BN_set_word(b, 2))
return 1;
if (BN_cmp(a, b) >= 0)
return 1;
if (BN_cmp(b, a) <= 0)
return 1;
BN_set_negative(b, 1);
if (BN_cmp(a, b) <= 0)
return 1;
if (BN_cmp(b, a) >= 0)
return 1;
BN_free(a);
BN_free(b);
BN_hex2bn(&a, "50212A3B611D46642C825A16A354CE0FD4D85DD1");
BN_hex2bn(&b, "50212A3B611D46642C825A16A354CE0FD4D85DD2");
if (BN_cmp(a, b) >= 0)
return 1;
if (BN_cmp(b, a) <= 0)
return 1;
BN_set_negative(b, 1);
if (BN_cmp(a, b) <= 0)
return 1;
if (BN_cmp(b, a) >= 0)
return 1;
BN_free(a);
BN_free(b);
return 0;
}
static int
test_BN_rand(void)
{
BIGNUM *bn;
bn = BN_new();
if (bn == NULL)
return 1;
if (!BN_rand(bn, 1024, 0, 0))
return 1;
BN_free(bn);
return 0;
}
int
main(int argc, char **argv)
{
int ret = 0;
ret += test_BN_set_get();
ret += test_BN_bit();
ret += test_BN_import_export();
ret += test_BN_uadd();
ret += test_BN_cmp();
ret += test_BN_rand();
return ret;
}

146
lib/hcrypto/test_cipher.c Normal file
View File

@@ -0,0 +1,146 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef RCSID
RCSID("$Id$");
#endif
#include <sys/types.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <evp.h>
struct tests {
void *key;
size_t keysize;
void *iv;
size_t datasize;
void *indata;
void *outdata;
size_t outdatasize;
};
struct tests aes_tests[] = {
{ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
32,
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16,
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
"\xdc\x95\xc0\x78\xa2\x40\x89\x89\xad\x48\xa2\x14\x92\x84\x20\x87"
}
};
struct tests rc2_40_tests[] = {
{ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16,
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16,
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
"\xc0\xb8\xff\xa5\xd6\xeb\xc9\x62\xcc\x52\x5f\xfe\x9a\x3c\x97\xe6"
}
};
struct tests des_ede3_cbc_tests[] = {
{ "1917ffe6bb772efc297643bc63567e9a002e4d431d5ffd58",
24,
"\xbf\x9a\x12\xb7\x26\x69\xfd\x05",
16,
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
"\x9d\x50\xf4\xc6\x01\xdb\x45\x49\x11\x8f\x36\x06\x06\x08\x2e\xe5"
}
};
static int
test_cipher(const EVP_CIPHER *c, struct tests *t)
{
EVP_CIPHER_CTX ectx;
EVP_CIPHER_CTX dctx;
void *d;
EVP_CIPHER_CTX_init(&ectx);
EVP_CIPHER_CTX_init(&dctx);
if (!EVP_CipherInit_ex(&ectx, c, NULL, t->key, t->iv, 1))
return 1;
if (!EVP_CipherInit_ex(&dctx, c, NULL, t->key, t->iv, 0))
return 1;
d = malloc(t->datasize);
if (!EVP_Cipher(&ectx, d, t->indata, t->datasize))
return 1;
if (memcmp(d, t->outdata, t->datasize) != 0) {
printf("encrypt not the same\n");
return 1;
}
if (!EVP_Cipher(&dctx, d, d, t->datasize))
return 1;
if (memcmp(d, t->indata, t->datasize) != 0) {
printf("decrypt not the same\n");
return 1;
}
EVP_CIPHER_CTX_cleanup(&ectx);
EVP_CIPHER_CTX_cleanup(&dctx);
free(d);
return 0;
}
int
main(int argc, char **argv)
{
int ret = 0;
int i;
for (i = 0; i < sizeof(aes_tests)/sizeof(aes_tests[0]); i++)
ret += test_cipher(EVP_aes_256_cbc(), &aes_tests[i]);
for (i = 0; i < sizeof(rc2_40_tests)/sizeof(rc2_40_tests[0]); i++)
ret += test_cipher(EVP_rc2_40_cbc(), &rc2_40_tests[i]);
for (i = 0; i < sizeof(rc2_40_tests)/sizeof(rc2_40_tests[0]); i++)
ret += test_cipher(EVP_des_ede3_cbc(), &des_ede3_cbc_tests[i]);
return ret;
}

70
lib/hcrypto/test_crypto.in Normal file
View File

@@ -0,0 +1,70 @@
#!/bin/sh
#
# Copyright (c) 2006 - 2007 Kungliga Tekniska H<>gskolan
# (Royal Institute of Technology, Stockholm, Sweden).
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# 3. Neither the name of the Institute nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $Id$
#
srcdir="@srcdir@"
rsa="${TESTS_ENVIRONMENT} ./test_rsa"
engine="${TESTS_ENVIRONMENT} ./test_engine_dso"
rand="${TESTS_ENVIRONMENT} ./test_rand"
${rsa} --key=${srcdir}/rsakey.der || \
{ echo "rsa test failed" ; exit 1; }
${engine} --rsa=${srcdir}/rsakey.der || \
{ echo "engine test failed" ; exit 1; }
${rsa} --loops=4 || { echo "rsa test for 4 loops failed" ; exit 1; }
for a in unix fortuna egd ;do
${rand} --method=${a} crypto-test 2>error
res=$?
if test "X$res" != X0 ; then
grep "random not ready yet" error || exit 1
echo "random method $a out for lunch"
continue
fi
${rand} --method=${a} crypto-test2 2>error
res=$?
if test "X$res" != X0 ; then
grep "random not ready yet" error || exit 1
echo "random metod $a out for dinner"
continue
fi
cmp crypto-test crypto-test2 && { echo "rand output same!" ; exit 1; }
done
exit 0

333
lib/hcrypto/test_engine_dso.c Normal file
View File

@@ -0,0 +1,333 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef RCSID
RCSID("$Id$");
#endif
#include <stdio.h>
#include <roken.h>
#include <getarg.h>
#include <engine.h>
#include <evp.h>
struct {
const char *cpriv;
const char *cpub;
const char *spriv;
const char *spub;
} dhtests[] = {
{
"5C0946275D07223AEAF04301D964498F3285946057B4C50D13B4FE12C88DFD8D499DD3CC00C1BC17C0D343F2FE053C9F53389110551715B1EDF261A0314485C4835D01F7B8894027D534A2D81D63619D2F58C9864AC9816086B3FF75C01B3FAFF355425AB7369A6ABDC8B633F0A0DC4D29B50F364E7594B297183D14E5CDC05D",
"2D66DC5998B7AEE3332DC1061C6E6F6CF0FCCD74534187E2CDC9ACBCADF0FC9D5900451F44832A762F01E9CEEF1CBD7D69D020AC524D09FAD087DFADEAC36C845157B83937B51C8DB7F500C3C54FB2A05E074E40BA982186E7FEB2534EDDB387D5480AAA355B398CCAD0886F3952C3718490B7884FA67BD8B6943CDDA20134C6",
"42644BA7CF74689E18BA72BF80FCA674D1A2ADF81795EB3828E67C30E42ABD07A8E90E27F046189FAC122D915276870B72427388EAAB5D06994FC38885BBACCEA1CFC45951B730D73C1A8F83208CD1351746601648C11D70BC95B817C86E4A5C40D633654615041C7934BB3CAF4E02754D542033DB024E94C7E561A29ED0C6EC",
"C233633AB116E2DB20B4E08DA42DE8766293E6D9042F7A2C2A2F34F18FE66010B074CCF3C9B03EF27B14F0746B738AF22776224161D767D96AEC230A1DFA6DECFFCE9FED23B96F50CCB0093E59817AD0CEAEB7993AB5764679948BFB1293C9560B07AA3DFA229E341EB17C9FAE0B1D483082461D2DDBCEEE6FE7C0A34D96F66D"
},
{
"76295C1280B890970F0F7EB01BBD9C5DF9BB8F590EB384A39EBF85CD141451407F955FD1D39012AA1F8BA53FD6A5A37CB2835CEDB27D1EBF1FE8AC9F2FFD628BD9BF7B8DD77CB80C8DC0A75F4567C7700442B26972833EB9738A8728A1FC274C59CED5E3ADA224B46711112AAA1CB831D2D6125E183ADA4F805A05024C9C6DDB",
"1E0AB5EBAAC7985FE67A574447FAE58AE4CB95416278D4C239A789D4532FA8E6F82BA10BE411D8A0A06B9E1DECE704466B3523496A8A4165B97FBCFB9CE9C4FF2DEEE786BA046E8C270FA8A9055D2F6E42EDDB32C73CF7875551A56EB69C0F14A3745745845B81C347401B27D074C60C5177BA9C14BBB1C8C219B78E15126EF8",
"68D84A8F92082F113542CFD990DEEFAD9C7EFA545268F8B3EBDF4CCBAF2865CF03EF60044EB4AF4154E6804CC2BDD673B801507446CEFC692DA577B6DC6E0272B7B081A1BEFDC2A4FAC83DB8845E3DA0D1B64DB33AA2164FEDB08A01E815336BD58F4E6DE6A265468E61C8C988B8AEC0D52DB714448DDC007E7C3382C07357DB",
"393815D507A2EF80DE2D0F2A55AAB1C25B870ACA3FC97438B4336CBF979BF9A4F8DA1B61C667129F9123045E07E24976040EC5E2368DD4EF70690102D74E900B260D3826256FD473733A7569BF514652AB78C48C334FDCA26C44ABF322643AF15BFF693A37BB2C19CA9FE5F1537FCFE2B24CF74D4E57060D35ABF115B4B6CD21"
},
{
"7307D6C3CB874327A95F7A6A91C336CEAA086736525DF3F8EC49497CF444C68D264EB70CD6904FE56E240EEF34E6C5177911C478A7F250A0F54183BCBE64B42BAB5D019E73E2F17C095C211E4815E6BA5FDD72786AF987ABBC9109ECEEF439AF9E2141D5222CE7DC0152D8E9A6CCCE301D21A7D1D6ACB9B91B5E28379C91890D",
"83FBD7BFFDF415BBB7E21D399CB2F36A61AFDBAFC542E428E444C66AA03617C0C55C639FE2428905B57035892AE1BD2C4060E807D9E003B0C204FFC8FDD69CC8ADE7A8E18DCBFFF64E3EF9DA2C117390374241466E48A020A1B2F575AE42C233F8BD357B8331CC203E0345DFC19C73E6F1F70B6C2786E681D73BF48B15FE9992",
"61BCF748BB05A48861578B8CB1855200B2E62A40E126BD7323E5B714645A54A2C8761EE39EE39BA6D2FE19B688168EDEA6DC5056400B5315ED299E7926176B887012E58634D78F05D7BCF0E1B81B1B41F5F8EF0B0711D3A64F9A317DD183AE039A4D3BE02A515892362F8C7BB6EB6434BB25418A438ED33D50C475122CBBE862",
"7DB8D69D1605D9812B7F2F3E92BCEEB3426FEEE3265A174D71B2B6E16B332B43DF0B3C2FA152E48DE2FAC110D8CECE122C3398558E7987B27CACE12722C0032AC7E7766A9BCC881BA35B9DB9E751BD4E51F7683DE092F6C1D4DD937CDCE9C16E6F7D77CC6AAD806E4082E8E22E28592C4D78256354393FE831E811E03ED0A81A"
},
{
"60C18B62F786DE6A4A8B13EB6DA2380B4C6731F861C715D9496DCF4A9F01CD33DDB52F1AB4D1F820FAF7AD4EFEB66586F7F08135714B13D77FE652B9EEAB2C543596A9ED307C1629CF535DD14AB22F081AE4ADF7A3E0BC7B33E0EC7A7306F9A737F55807974B5E1B7B6394BD0373917128B43A17757B34BAE1B600763E957F75",
"0DEDA337C38EA005D5B8567EAB681CE91892C2C62C9D42BF748FBFE681E11F25D98280E42E1539A10EEE9177EF2F40216987936AF19D9B5EBE22EEAC27242D77CE3A5061F2E5CFACF15CD0F80E736AE8642252FE91E129DE3C78CFB85A0B1BB87B059CBB24483444F8A07244F4E89370BA78D58BD409DFBB3D41921B8879B9C7",
"462C0707CF3366C2242A808CFDB79B77E8B3AF9D796583EB9CCD7BF4E8792AB0A818E49FFE53CA241F56988F825B366BF1E78481F8086A123259B9D83AC643E85845BF6B2C5412FFDDFAA8C9ED203CA4B3C1BFD777286099976472FA15B3CCC8418CF162F03C0C3E85D7EFC5CF5ACB9B2C039CCF3A1A9C6BB6B9C09C18D86CBD",
"56DB382EDB8C2D95934D20261CE1A37090B0802D451E647DB1DA3B73CDB5A878EAD598A8817302449370F9D45E34F5C45F73D02BF4EB2B3712A8665F446F5D2B774039E5444AB74807859FA58DF9EBA4B12BA4545ACED827E4ED64CC71F937D64A1033BC43403F2490C1B715A74822B8D50A72A102213F0CF7A1B98B771B34C4"
},
{
"61B7321207F4A73646E43E99221F902D2F38095E84CE7346A1510FE71BA7B9B34DCB6609E4DDDA8C82426E82D1C23F1E761130ECE4638D77554A7618E1608625049328FCC1F8845CA9A88E847106B01BD31EF6500E3C7EE81A048924BEAA3EDF367E5F4575341206C7A76427571898294B07BD918D4C2642854CC89D439042E5",
"29AA38E63E4DD7C651E25DEC7A5A53E48114F52813793D36A9DBDD4F7C06FC38406E330764E0B2AFD811C39D857EA5F904105360E06856DC0780C7D61C53165833F0AEA15CB54732DE113F44C8FCFB86F4A876DD42D7A55356D91C0173F2B012680FB54C13EF54B65DF4AEDE2E13419B1316435187CEF07D44DB3DF57C4703FD",
"5ED5AFB04CBFEE43EF3D9B60A57080831563648A2380D98F1EA4A96CF153903A40A2E564DED87E7254DF3270568AB952BF6F400681DD6AD919C9B06AC0F45F0646BCF37B217191AA0B7B7BED226B61F48B46DEA2E5A09E41F316583823A38A60FFD79085F43F60D98871ECA1A0F667701425094E88885A81DE9DA6C293E95060",
"4DE4F24EAA3E2790FBCB1B13C2ED0EFD846EC33154DBEBBEFD895E1399B3617D55EC2CE8D71CF380B55D93636FEF741328D6B1E224D46F8A8B60A41D08DD86E88DE806AA781791364E6D88BF68571BF5D8C35CB04BA302227B7E4CB6A67AB7510ACBCDBF2F8A95EB5DEE693CCA5CC425A0F1CA2D18C369A767906A2477E32704"
}
};
static void
dh_test(DH *server, DH *client)
{
void *skey, *ckey;
int ssize, csize;
skey = emalloc(DH_size(server));
ckey = emalloc(DH_size(client));
ssize = DH_compute_key(skey, client->pub_key, server);
if (ssize == -1)
errx(1, "DH_compute_key failed for server");
csize = DH_compute_key(ckey, server->pub_key, client);
if (csize == -1)
errx(1, "DH_compute_key failed for client");
if (ssize != csize)
errx(1, "DH_compute_key size mismatch");
if (memcmp(skey, ckey, csize) != 0)
errx(1, "DH_compute_key key mismatch");
free(skey);
free(ckey);
}
static int version_flag;
static int help_flag;
static char *id_flag;
static char *rsa_flag;
static int dh_flag = 1;
static struct getargs args[] = {
{ "id", 0, arg_string, &id_flag,
"selects the engine id", "engine-id" },
{ "rsa", 0, arg_string, &rsa_flag,
"tests RSA modes", "private-rsa-der-file" },
{ "dh", 0, arg_negative_flag, &dh_flag,
"test dh", NULL },
{ "version", 0, arg_flag, &version_flag,
"print version", NULL },
{ "help", 0, arg_flag, &help_flag,
NULL, NULL }
};
static void
usage (int ret)
{
arg_printusage (args,
sizeof(args)/sizeof(*args),
NULL,
"filename.so");
exit (ret);
}
int
main(int argc, char **argv)
{
ENGINE *engine = NULL;
int idx = 0;
int have_rsa, have_dh;
setprogname(argv[0]);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx))
usage(1);
if (help_flag)
usage(0);
if(version_flag){
print_version(NULL);
exit(0);
}
argc -= idx;
argv += idx;
OpenSSL_add_all_algorithms();
if (argc == 0) {
OpenSSL_add_all_algorithms();
ENGINE_load_builtin_engines();
engine = ENGINE_by_id("builtin");
} else {
engine = ENGINE_by_dso(argv[0], id_flag);
}
if (engine == NULL)
errx(1, "ENGINE_by_dso failed");
printf("name: %s\n", ENGINE_get_name(engine));
printf("id: %s\n", ENGINE_get_id(engine));
have_rsa = ENGINE_get_RSA(engine) != NULL;
have_dh = ENGINE_get_DH(engine) != NULL;
printf("RSA: %s", have_rsa ? "yes," : "no");
if (have_rsa)
printf(" %s", ENGINE_get_RSA(engine)->name);
printf("\n");
printf("DH: %s", have_dh ? "yes," : "no");
if (have_dh)
printf(" %s", ENGINE_get_DH(engine)->name);
printf("\n");
if (RAND_status() != 1)
errx(77, "no functional random device, can't execute tests");
if (rsa_flag && have_rsa) {
unsigned char buf[1024 * 4];
const unsigned char *p;
size_t size;
int keylen;
RSA *rsa;
FILE *f;
f = fopen(rsa_flag, "r");
if (f == NULL)
err(1, "could not open file %s", rsa_flag);
size = fread(buf, 1, sizeof(buf), f);
if (size == 0)
err(1, "failed to read file %s", rsa_flag);
if (size == sizeof(buf))
err(1, "key too long in file %s!", rsa_flag);
fclose(f);
p = buf;
rsa = d2i_RSAPrivateKey(NULL, &p, size);
if (rsa == NULL)
err(1, "failed to parse key in file %s", rsa_flag);
RSA_set_method(rsa, ENGINE_get_RSA(engine));
/*
* try rsa signing
*/
memcpy(buf, "hejsan", 7);
keylen = RSA_private_encrypt(7, buf, buf, rsa, RSA_PKCS1_PADDING);
if (keylen <= 0)
errx(1, "failed to private encrypt");
keylen = RSA_public_decrypt(keylen, buf, buf, rsa, RSA_PKCS1_PADDING);
if (keylen <= 0)
errx(1, "failed to public decrypt");
if (keylen != 7)
errx(1, "output buffer not same length: %d", (int)keylen);
if (memcmp(buf, "hejsan", 7) != 0)
errx(1, "string not the same after decryption");
/*
* try rsa encryption
*/
memcpy(buf, "hejsan", 7);
keylen = RSA_public_encrypt(7, buf, buf, rsa, RSA_PKCS1_PADDING);
if (keylen <= 0)
errx(1, "failed to public encrypt");
keylen = RSA_private_decrypt(keylen, buf, buf, rsa, RSA_PKCS1_PADDING);
if (keylen <= 0)
errx(1, "failed to private decrypt");
if (keylen != 7)
errx(1, "output buffer not same length: %d", (int)keylen);
if (memcmp(buf, "hejsan", 7) != 0)
errx(1, "string not the same after decryption");
RSA_free(rsa);
printf("rsa test passed\n");
}
if (dh_flag) {
DH *server, *client;
int i;
/* RFC2412-MODP-group2 */
const char *p =
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
"FFFFFFFF" "FFFFFFFF";
const char *g = "02";
/*
* Try generated keys
*/
for (i = 0; i < 10; i++) {
server = DH_new_method(engine);
client = DH_new_method(engine);
BN_hex2bn(&server->p, p);
BN_hex2bn(&client->p, p);
BN_hex2bn(&server->g, g);
BN_hex2bn(&client->g, g);
if (!DH_generate_key(server))
errx(1, "DH_generate_key failed for server");
if (!DH_generate_key(client))
errx(1, "DH_generate_key failed for client");
dh_test(server, client);
DH_free(server);
DH_free(client);
}
/*
* Try known result
*/
for (i = 0; i < sizeof(dhtests)/sizeof(dhtests[0]); i++) {
server = DH_new_method(engine);
client = DH_new_method(engine);
BN_hex2bn(&server->p, p);
BN_hex2bn(&client->p, p);
BN_hex2bn(&server->g, g);
BN_hex2bn(&client->g, g);
BN_hex2bn(&client->priv_key, dhtests[i].cpriv);
BN_hex2bn(&client->pub_key, dhtests[i].cpub);
BN_hex2bn(&server->priv_key, dhtests[i].spriv);
BN_hex2bn(&server->pub_key, dhtests[i].spub);
dh_test(server, client);
DH_free(server);
DH_free(client);
}
printf("DH test passed\n");
}
ENGINE_finish(engine);
return 0;
}

81
lib/hcrypto/test_hmac.c Normal file
View File

@@ -0,0 +1,81 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef RCSID
RCSID("$Id$");
#endif
#include <sys/types.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <hmac.h>
#include <evp.h>
int
main(int argc, char **argv)
{
unsigned char buf[4] = { 0, 0, 0, 0 };
char hmackey[] = "hello-world";
size_t hmackey_size = sizeof(hmackey);
unsigned int hmaclen;
unsigned char hmac[EVP_MAX_MD_SIZE];
HMAC_CTX c;
char answer[20] = "\x2c\xfa\x32\xb7\x2b\x8a\xf6\xdf\xcf\xda"
"\x6f\xd1\x52\x4d\x54\x58\x73\x0f\xf3\x24";
HMAC_CTX_init(&c);
HMAC_Init_ex(&c, hmackey, hmackey_size, EVP_sha1(), NULL);
HMAC_Update(&c, buf, sizeof(buf));
HMAC_Final(&c, hmac, &hmaclen);
HMAC_CTX_cleanup(&c);
if (hmaclen != 20) {
printf("hmaclen = %d\n", (int)hmaclen);
return 1;
}
if (memcmp(hmac, answer, hmaclen) != 0) {
printf("wrong answer\n");
return 1;
}
return 0;
}

76
lib/hcrypto/test_imath.c Normal file
View File

@@ -0,0 +1,76 @@
/*
* Copyright (c) 2007 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <config.h>
RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <err.h>
#include "imath/imath.h"
static void
umr_exptmod(void)
{
mp_result res;
mpz_t tmp, z;
res = mp_int_init(&tmp);
if (res != MP_OK)
errx(1, "ini_init");
res = mp_int_init(&z);
if (res != MP_OK)
errx(1, "ini_init");
res = mp_int_read_unsigned(&z, (void*)
"\x31\xD2\xA3\x66\xB0\x82\xD2\x61\x20\x85\xDF\xAE\x14\x73\x7C\x3A\xF5\x87\xCE\xED\xD6\x46\xBB\x45\x7C\xAF\x0F\x32\x56\xA7\x93\x87\x79\x36\xED\x29\xB8\xBF\x8B\xD8\x45\x6A\x87\x59\xDD\x03\x93\xD2\x8A\x61\xC0\x61\xA7\x7B\xA6\x24\x2A\xB6\x56\x80\x5D\xE9\x07\xD6\x1F\xF4\x00\xD7\xB4\x8B\xB0\xF9\xF5\x37\x52\xD2\x3A\xE5\xA5\xC4\x46\x65\x25\xEE\xE0\xCC\x12\x0A\x82\x68\x8B\xDF\x51\x92\xB5\x70\x87\xB5\x47\x3B\x40\xF7\x34\x35\x2E\x86\x08\x68\x6B\xAD\x2D\xB1\x12\x52\x9F\xF2\x1E\xB1\xFC\xA0\x19\x87\x7F\x6A\x1A\x35\xDA\xA1", 128);
if (res != MP_OK)
errx(1, "int_read");
res = mp_int_exptmod_bvalue(3, &z, &z, &tmp);
if (res != MP_OK)
errx(1, "exptmod_bvalue");
mp_int_clear(&tmp);
mp_int_clear(&z);
}
int
main(int argc, char **argv)
{
umr_exptmod();
return 0;
}

128
lib/hcrypto/test_pkcs12.c Normal file
View File

@@ -0,0 +1,128 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef RCSID
RCSID("$Id$");
#endif
#include <sys/types.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <pkcs12.h>
#include <evp.h>
struct tests {
int id;
const char *password;
void *salt;
size_t saltsize;
int iterations;
size_t keylen;
const EVP_MD * (*md)(void);
void *key;
};
struct tests p12_pbe_tests[] = {
{ PKCS12_KEY_ID,
"foobar",
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16,
100,
16,
EVP_sha1,
"\x79\x95\xbf\x3f\x1c\x6d\xe\xe8\xd3\x71\xc4\x94\xd\xb\x18\xb5"
},
{ PKCS12_KEY_ID,
"foobar",
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16,
2048,
24,
EVP_sha1,
"\x0b\xb5\xe\xa6\x71\x0d\x0c\xf7\x44\xe\xe1\x9b\xb5\xdf\xf1\xdc\x4f\xb0\xca\xe\xee\x4f\xb9\xfd"
},
{ PKCS12_IV_ID,
"foobar",
"\x3c\xdf\x84\x32\x59\xd3\xda\x69",
8,
2048,
8,
EVP_sha1,
"\xbf\x9a\x12\xb7\x26\x69\xfd\x05"
}
};
static int
test_pkcs12_pbe(struct tests *t)
{
void *key;
key = malloc(t->keylen);
if (!PKCS12_key_gen(t->password, strlen(t->password),
t->salt, t->saltsize,
t->id, t->iterations, t->keylen,
key, t->md()))
{
printf("key_gen failed\n");
return 1;
}
if (memcmp(t->key, key, t->keylen) != 0) {
printf("incorrect key\n");
free(key);
return 1;
}
free(key);
return 0;
}
int
main(int argc, char **argv)
{
int ret = 0;
int i;
for (i = 0; i < sizeof(p12_pbe_tests)/sizeof(p12_pbe_tests[0]); i++)
ret += test_pkcs12_pbe(&p12_pbe_tests[i]);
return ret;
}

158
lib/hcrypto/test_pkcs5.c Normal file
View File

@@ -0,0 +1,158 @@
/*
* Copyright (c) 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef RCSID
RCSID("$Id$");
#endif
#include <sys/types.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <err.h>
#include <evp.h>
struct tests {
const char *password;
const char *salt;
int iterations;
const void *pbkdf2_128;
const void *pbkdf2_256;
};
const struct tests pkcs5_tests[] = {
{ "password",
"ATHENA.MIT.EDUraeburn",
1,
"\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15",
"\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15"
"\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37"
},
{ "password",
"ATHENA.MIT.EDUraeburn",
2,
"\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d",
"\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d"
"\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86"
},
{ "password",
"ATHENA.MIT.EDUraeburn",
1200,
"\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b",
"\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b"
"\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13"
},
{
"password", "\x12\x34\x56\x78\x78\x56\x34\x12",
5,
"\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49",
"\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49"
"\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee"
},
{
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"pass phrase equals block size",
1200,
"\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9",
"\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9"
"\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1"
},
{
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"pass phrase exceeds block size",
1200,
"\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61",
"\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61"
"\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a"
},
{
"\xf0\x9d\x84\x9e" /* g-clef */,
"EXAMPLE.COMpianist",
50,
"\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39",
"\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39"
"\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52"
}
};
static int
test_pkcs5_pbe2(const struct tests *t)
{
unsigned char key[32];
int ret, error = 0;
ret = PKCS5_PBKDF2_HMAC_SHA1(t->password, strlen(t->password),
t->salt, strlen(t->salt),
t->iterations,
16, key);
if (ret != 1)
errx(1, "PKCS5_PBKDF2_HMAC_SHA1: %d", ret);
if (memcmp(t->pbkdf2_128, key, 16) != 0) {
printf("incorrect 128 key\n");
error++;
}
ret = PKCS5_PBKDF2_HMAC_SHA1(t->password, strlen(t->password),
t->salt, strlen(t->salt),
t->iterations,
32, key);
if (ret != 1)
errx(1, "PKCS5_PBKDF2_HMAC_SHA1: %d", ret);
if (memcmp(t->pbkdf2_256, key, 32) != 0) {
printf("incorrect 256 key\n");
error++;
}
return error;
}
int
main(int argc, char **argv)
{
int ret = 0;
int i;
for (i = 0; i < sizeof(pkcs5_tests)/sizeof(pkcs5_tests[0]); i++)
ret += test_pkcs5_pbe2(&pkcs5_tests[i]);
return ret;
}

146
lib/hcrypto/test_rand.c Normal file
View File

@@ -0,0 +1,146 @@
/*
* Copyright (c) 2007 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef RCSID
RCSID("$Id$");
#endif
#include <stdio.h>
#include <roken.h>
#include <getarg.h>
#include "rand.h"
/*
*
*/
static int version_flag;
static int help_flag;
static int len = 1024 * 1024;
static char *rand_method;
static struct getargs args[] = {
{ "length", 0, arg_integer, &len,
"length", NULL },
{ "method", 0, arg_string, &rand_method,
"method", NULL },
{ "version", 0, arg_flag, &version_flag,
"print version", NULL },
{ "help", 0, arg_flag, &help_flag,
NULL, NULL }
};
/*
*
*/
/*
*
*/
static void
usage (int ret)
{
arg_printusage (args,
sizeof(args)/sizeof(args[0]),
NULL,
"out-random-file");
exit (ret);
}
int
main(int argc, char **argv)
{
int idx = 0;
char *buffer;
char path[MAXPATHLEN];
setprogname(argv[0]);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx))
usage(1);
if (help_flag)
usage(0);
if(version_flag){
print_version(NULL);
exit(0);
}
argc -= idx;
argv += idx;
if (argc < 1)
usage(1);
buffer = emalloc(len);
if (rand_method) {
if (strcasecmp(rand_method, "fortuna") == 0)
RAND_set_rand_method(RAND_fortuna_method());
else if (strcasecmp(rand_method, "unix") == 0)
RAND_set_rand_method(RAND_unix_method());
else if (strcasecmp(rand_method, "egd") == 0)
RAND_set_rand_method(RAND_egd_method());
else
errx(1, "unknown method %s", rand_method);
}
if (RAND_file_name(path, sizeof(path)) == NULL)
errx(1, "RAND_file_name failed");
if (RAND_status() != 1)
errx(1, "random not ready yet");
if (RAND_bytes(buffer, len) != 1)
errx(1, "RAND_bytes");
rk_dumpdata(argv[0], buffer, len);
free(buffer);
if (RAND_write_file("test.file") != 1)
errx(1, "RAND_write_file");
if (RAND_load_file("test.file", 1024) != 1)
errx(1, "RAND_load_file");
return 0;
}

376
lib/hcrypto/test_rsa.c Normal file
View File

@@ -0,0 +1,376 @@
/*
* Copyright (c) 2006 - 2007 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef RCSID
RCSID("$Id$");
#endif
#include <stdio.h>
#include <roken.h>
#include <getarg.h>
#include <engine.h>
#include <evp.h>
/*
*
*/
static int version_flag;
static int help_flag;
static int time_keygen;
static char *time_key;
static int key_blinding = 1;
static char *rsa_key;
static char *id_flag;
static int loops = 1;
static struct getargs args[] = {
{ "loops", 0, arg_integer, &loops,
"number of loops", "loops" },
{ "id", 0, arg_string, &id_flag,
"selects the engine id", "engine-id" },
{ "time-keygen", 0, arg_flag, &time_keygen,
"time rsa generation", NULL },
{ "time-key", 0, arg_string, &time_key,
"rsa key file", NULL },
{ "key-blinding", 0, arg_negative_flag, &key_blinding,
"key blinding", NULL },
{ "key", 0, arg_string, &rsa_key,
"rsa key file", NULL },
{ "version", 0, arg_flag, &version_flag,
"print version", NULL },
{ "help", 0, arg_flag, &help_flag,
NULL, NULL }
};
/*
*
*/
static void
check_rsa(const unsigned char *in, size_t len, RSA *rsa, int padding)
{
unsigned char *res, *res2;
int keylen;
res = malloc(RSA_size(rsa));
if (res == NULL)
errx(1, "res: ENOMEM");
res2 = malloc(RSA_size(rsa));
if (res2 == NULL)
errx(1, "res2: ENOMEM");
/* signing */
keylen = RSA_private_encrypt(len, in, res, rsa, padding);
if (keylen <= 0)
errx(1, "failed to private encrypt: %d %d", (int)len, (int)keylen);
if (keylen > RSA_size(rsa))
errx(1, "keylen > RSA_size(rsa)");
keylen = RSA_public_decrypt(keylen, res, res2, rsa, padding);
if (keylen <= 0)
errx(1, "failed to public decrypt: %d", (int)keylen);
if (keylen != len)
errx(1, "output buffer not same length: %d", (int)keylen);
if (memcmp(res2, in, len) != 0)
errx(1, "string not the same after decryption");
/* encryption */
keylen = RSA_public_encrypt(len, in, res, rsa, padding);
if (keylen <= 0)
errx(1, "failed to public encrypt: %d", (int)keylen);
if (keylen > RSA_size(rsa))
errx(1, "keylen > RSA_size(rsa)");
keylen = RSA_private_decrypt(keylen, res, res2, rsa, padding);
if (keylen <= 0)
errx(1, "failed to private decrypt: %d", (int)keylen);
if (keylen != len)
errx(1, "output buffer not same length: %d", (int)keylen);
if (memcmp(res2, in, len) != 0)
errx(1, "string not the same after decryption");
free(res);
free(res2);
}
static int
cb_func(int a, int b, BN_GENCB *c)
{
return 1;
}
static RSA *
read_key(ENGINE *engine, const char *rsa_key)
{
unsigned char buf[1024 * 4];
const unsigned char *p;
size_t size;
RSA *rsa;
FILE *f;
f = fopen(rsa_key, "r");
if (f == NULL)
err(1, "could not open file %s", rsa_key);
size = fread(buf, 1, sizeof(buf), f);
fclose(f);
if (size == 0)
err(1, "failed to read file %s", rsa_key);
if (size == sizeof(buf))
err(1, "key too long in file %s!", rsa_key);
p = buf;
rsa = d2i_RSAPrivateKey(NULL, &p, size);
if (rsa == NULL)
err(1, "failed to parse key in file %s", rsa_key);
RSA_set_method(rsa, ENGINE_get_RSA(engine));
if (!key_blinding)
rsa->flags |= RSA_FLAG_NO_BLINDING;
return rsa;
}
/*
*
*/
static void
usage (int ret)
{
arg_printusage (args,
sizeof(args)/sizeof(*args),
NULL,
"filename.so");
exit (ret);
}
int
main(int argc, char **argv)
{
ENGINE *engine = NULL;
int i, j, idx = 0;
RSA *rsa;
setprogname(argv[0]);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx))
usage(1);
if (help_flag)
usage(0);
if(version_flag){
print_version(NULL);
exit(0);
}
argc -= idx;
argv += idx;
OpenSSL_add_all_algorithms();
if (argc == 0) {
OpenSSL_add_all_algorithms();
ENGINE_load_builtin_engines();
engine = ENGINE_by_id("builtin");
} else {
engine = ENGINE_by_dso(argv[0], id_flag);
}
if (engine == NULL)
errx(1, "ENGINE_by_dso failed");
if (ENGINE_get_RSA(engine) == NULL)
return 77;
printf("rsa %s\n", ENGINE_get_RSA(engine)->name);
if (RAND_status() != 1)
errx(77, "no functional random device, refusing to run tests");
if (time_keygen) {
struct timeval tv1, tv2;
const int num = 10;
BIGNUM *e;
rsa = RSA_new_method(engine);
if (!key_blinding)
rsa->flags |= RSA_FLAG_NO_BLINDING;
e = BN_new();
BN_set_word(e, 0x10001);
gettimeofday(&tv1, NULL);
for (i = 0; i < num; i++) {
rsa = RSA_new_method(engine);
if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1)
errx(1, "RSA_generate_key_ex");
RSA_free(rsa);
}
gettimeofday(&tv2, NULL);
timevalsub(&tv2, &tv1);
printf("time %lu.%06lu\n",
(unsigned long)tv2.tv_sec,
(unsigned long)tv2.tv_usec);
BN_free(e);
ENGINE_finish(engine);
return 0;
}
if (time_key) {
const int size = 20;
const int num = 128;
struct timeval tv1, tv2;
unsigned char *p;
rsa = read_key(engine, time_key);
p = emalloc(num * size);
RAND_bytes(p, num * size);
gettimeofday(&tv1, NULL);
for (i = 0; i < num; i++)
check_rsa(p + (i * size), size, rsa, RSA_PKCS1_PADDING);
gettimeofday(&tv2, NULL);
timevalsub(&tv2, &tv1);
printf("time %lu.%06lu\n",
(unsigned long)tv2.tv_sec,
(unsigned long)tv2.tv_usec);
RSA_free(rsa);
ENGINE_finish(engine);
return 0;
}
if (rsa_key) {
rsa = read_key(engine, rsa_key);
/*
* Assuming that you use the RSA key in the distribution, this
* test will generate a signature have a starting zero and thus
* will generate a checksum that is 127 byte instead of the
* checksum that is 128 byte (like the key).
*/
{
const unsigned char sha1[20] = {
0x6d, 0x33, 0xf9, 0x40, 0x75, 0x5b, 0x4e, 0xc5, 0x90, 0x35,
0x48, 0xab, 0x75, 0x02, 0x09, 0x76, 0x9a, 0xb4, 0x7d, 0x6b
};
check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
}
for (i = 0; i < 128; i++) {
unsigned char sha1[20];
RAND_bytes(sha1, sizeof(sha1));
check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
}
for (i = 0; i < 128; i++) {
unsigned char des3[21];
RAND_bytes(des3, sizeof(des3));
check_rsa(des3, sizeof(des3), rsa, RSA_PKCS1_PADDING);
}
for (i = 0; i < 128; i++) {
unsigned char aes[32];
RAND_bytes(aes, sizeof(aes));
check_rsa(aes, sizeof(aes), rsa, RSA_PKCS1_PADDING);
}
RSA_free(rsa);
}
for (i = 0; i < loops; i++) {
BN_GENCB cb;
BIGNUM *e;
unsigned int n;
rsa = RSA_new_method(engine);
if (!key_blinding)
rsa->flags |= RSA_FLAG_NO_BLINDING;
e = BN_new();
BN_set_word(e, 0x10001);
BN_GENCB_set(&cb, cb_func, NULL);
RAND_bytes(&n, sizeof(n));
n &= 0x1ff;
n += 1024;
if (RSA_generate_key_ex(rsa, n, e, &cb) != 1)
errx(1, "RSA_generate_key_ex");
BN_free(e);
for (j = 0; j < 8; j++) {
unsigned char sha1[20];
RAND_bytes(sha1, sizeof(sha1));
check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
}
RSA_free(rsa);
}
ENGINE_finish(engine);
return 0;
}

164
lib/hcrypto/ui.c Normal file
View File

@@ -0,0 +1,164 @@
/*
* Copyright (c) 1997 - 2000, 2005 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id$");
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <termios.h>
#include <roken.h>
#include <ui.h>
static sig_atomic_t intr_flag;
static void
intr(int sig)
{
intr_flag++;
}
#ifndef NSIG
#define NSIG 47
#endif
static int
read_string(const char *preprompt, const char *prompt,
char *buf, size_t len, int echo)
{
struct sigaction sigs[NSIG];
int oksigs[NSIG];
struct sigaction sa;
FILE *tty;
int ret = 0;
int of = 0;
int i;
int c;
char *p;
struct termios t_new, t_old;
memset(&oksigs, 0, sizeof(oksigs));
memset(&sa, 0, sizeof(sa));
sa.sa_handler = intr;
sigemptyset(&sa.sa_mask);
sa.sa_flags = 0;
for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++)
if (i != SIGALRM)
if (sigaction(i, &sa, &sigs[i]) == 0)
oksigs[i] = 1;
if((tty = fopen("/dev/tty", "r")) == NULL)
tty = stdin;
fprintf(stderr, "%s%s", preprompt, prompt);
fflush(stderr);
if(echo == 0){
tcgetattr(fileno(tty), &t_old);
memcpy(&t_new, &t_old, sizeof(t_new));
t_new.c_lflag &= ~ECHO;
tcsetattr(fileno(tty), TCSANOW, &t_new);
}
intr_flag = 0;
p = buf;
while(intr_flag == 0){
c = getc(tty);
if(c == EOF){
if(!ferror(tty))
ret = 1;
break;
}
if(c == '\n')
break;
if(of == 0)
*p++ = c;
of = (p == buf + len);
}
if(of)
p--;
*p = 0;
if(echo == 0){
printf("\n");
tcsetattr(fileno(tty), TCSANOW, &t_old);
}
if(tty != stdin)
fclose(tty);
for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++)
if (oksigs[i])
sigaction(i, &sigs[i], NULL);
if(ret)
return -3;
if(intr_flag)
return -2;
if(of)
return -1;
return 0;
}
int
UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify)
{
int ret;
ret = read_string("", prompt, buf, length, 0);
if (ret)
return ret;
if (verify) {
char *buf2;
buf2 = malloc(length);
if (buf2 == NULL)
return 1;
ret = read_string("Verify password - ", prompt, buf2, length, 0);
if (ret) {
free(buf2);
return ret;
}
if (strcmp(buf2, buf) != 0)
ret = 1;
free(buf2);
}
return ret;
}

45
lib/hcrypto/ui.h Normal file
View File

@@ -0,0 +1,45 @@
/*
* Copyright (c) 2005 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
#ifndef _HEIM_UI_H
#define _HEIM_UI_H 1
/* symbol renaming */
#define UI_UTIL_read_pw_string hc_UI_UTIL_read_pw_string
int UI_UTIL_read_pw_string(char *, int, const char *, int); /* XXX */
#endif /* _HEIM_UI_H */