lupyuen/local-nuttx-update
1
0
Fork 0
forked from nuttx/nuttx-update
Code Pull requests Activity

crypto:convert code style form openbsd to nuttx

Browse source 
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
This commit is contained in:
anjiahao 2022-07-27 19:51:53 +08:00 committed by Xiang Xiao
parent acd3350554
commit 82956a2894
48 changed files with 11663 additions and 9236 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

644
crypto/aes.c
View file

File diff suppressed because it is too large Load diff

327
crypto/blf.c
View file

@ -1,6 +1,7 @@
/* $OpenBSD: blf.c,v 1.8 2021/11/29 01:04:45 djm Exp $ */
/*
/****************************************************************************
* crypto/blf.c
* $OpenBSD: blf.c,v 1.8 2021/11/29 01:04:45 djm Exp $ *
*
* Blowfish block cipher for OpenBSD
* Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
* All rights reserved.
@ -28,15 +29,18 @@
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
****************************************************************************/
/*
* This code is derived from section 14.3 and the given source
/* This code is derived from section 14.3 and the given source
* in section V of Applied Cryptography, second edition.
* Blowfish is an unpatented fast block cipher designed by
* Bruce Schneier.
*/
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/param.h>
#include <sys/systm.h>
@ -45,77 +49,78 @@
#undef inline
#ifdef __GNUC__
#define inline __inline
#else /* !__GNUC__ */
#else
#define inline
#endif /* !__GNUC__ */
#endif
/* Function for Feistel Networks */
#define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \
+ (s)[0x100 + (((x)>>16)&0xFF)]) \
^ (s)[0x200 + (((x)>> 8)&0xFF)]) \
+ (s)[0x300 + ( (x) &0xFF)])
#define F(s, x) ((((s)[(((x) >> 24) & 0xff)] \
+ (s)[0x100 + (((x) >> 16) & 0xff)]) \
^ (s)[0x200 + (((x) >> 8) & 0xff)]) \
+ (s)[0x300 + ((x) & 0xff)])
#define BLFRND(s, p, i, j, n) (i ^= F(s, j) ^ (p)[n])
void
Blowfish_encipher(blf_ctx *c, u_int32_t *x)
/****************************************************************************
* Public Functions
****************************************************************************/
void blowfish_encipher(FAR blf_ctx *c, FAR uint32_t *x)
{
u_int32_t Xl;
u_int32_t Xr;
u_int32_t *s = c->S[0];
u_int32_t *p = c->P;
uint32_t xl;
uint32_t xr;
FAR uint32_t *s = c->S[0];
FAR uint32_t *p = c->P;
Xl = x[0];
Xr = x[1];
xl = x[0];
xr = x[1];
Xl ^= p[0];
BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2);
BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4);
BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6);
BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8);
BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10);
BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12);
BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14);
BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16);
xl ^= p[0];
BLFRND(s, p, xr, xl, 1); BLFRND(s, p, xl, xr, 2);
BLFRND(s, p, xr, xl, 3); BLFRND(s, p, xl, xr, 4);
BLFRND(s, p, xr, xl, 5); BLFRND(s, p, xl, xr, 6);
BLFRND(s, p, xr, xl, 7); BLFRND(s, p, xl, xr, 8);
BLFRND(s, p, xr, xl, 9); BLFRND(s, p, xl, xr, 10);
BLFRND(s, p, xr, xl, 11); BLFRND(s, p, xl, xr, 12);
BLFRND(s, p, xr, xl, 13); BLFRND(s, p, xl, xr, 14);
BLFRND(s, p, xr, xl, 15); BLFRND(s, p, xl, xr, 16);
x[0] = Xr ^ p[17];
x[1] = Xl;
x[0] = xr ^ p[17];
x[1] = xl;
}
void
Blowfish_decipher(blf_ctx *c, u_int32_t *x)
void blowfish_decipher(FAR blf_ctx *c, FAR uint32_t *x)
{
u_int32_t Xl;
u_int32_t Xr;
u_int32_t *s = c->S[0];
u_int32_t *p = c->P;
uint32_t xl;
uint32_t xr;
FAR uint32_t *s = c->S[0];
FAR uint32_t *p = c->P;
Xl = x[0];
Xr = x[1];
xl = x[0];
xr = x[1];
Xl ^= p[17];
BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15);
BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13);
BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11);
BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9);
BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7);
BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5);
BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3);
BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1);
xl ^= p[17];
BLFRND(s, p, xr, xl, 16); BLFRND(s, p, xl, xr, 15);
BLFRND(s, p, xr, xl, 14); BLFRND(s, p, xl, xr, 13);
BLFRND(s, p, xr, xl, 12); BLFRND(s, p, xl, xr, 11);
BLFRND(s, p, xr, xl, 10); BLFRND(s, p, xl, xr, 9);
BLFRND(s, p, xr, xl, 8); BLFRND(s, p, xl, xr, 7);
BLFRND(s, p, xr, xl, 6); BLFRND(s, p, xl, xr, 5);
BLFRND(s, p, xr, xl, 4); BLFRND(s, p, xl, xr, 3);
BLFRND(s, p, xr, xl, 2); BLFRND(s, p, xl, xr, 1);
x[0] = Xr ^ p[0];
x[1] = Xl;
x[0] = xr ^ p[0];
x[1] = xl;
}
void
Blowfish_initstate(blf_ctx *c)
void blowfish_initstate(FAR blf_ctx *c)
{
/* P-box and S-box tables initialized with digits of Pi */
static const blf_ctx initstate =
{ {
{
{
{
0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
@ -180,7 +185,8 @@ Blowfish_initstate(blf_ctx *c)
0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a
},
{
0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
@ -245,7 +251,8 @@ Blowfish_initstate(blf_ctx *c)
0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7
},
{
0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
@ -310,7 +317,8 @@ Blowfish_initstate(blf_ctx *c)
0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0
},
{
0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
@ -375,7 +383,8 @@ Blowfish_initstate(blf_ctx *c)
0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6
}
},
{
0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
@ -383,25 +392,29 @@ Blowfish_initstate(blf_ctx *c)
0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
0x9216d5d9, 0x8979fb1b
} };
}
};
*c = initstate;
}
u_int32_t
Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
u_int16_t *current)
uint32_t blowfish_stream2word(FAR const uint8_t *data, uint16_t databytes,
FAR uint16_t *current)
{
u_int8_t i;
u_int16_t j;
u_int32_t temp;
uint8_t i;
uint16_t j;
uint32_t temp;
temp = 0x00000000;
j = *current;
for (i = 0; i < 4; i++, j++) {
for (i = 0; i < 4; i++, j++)
{
if (j >= databytes)
{
j = 0;
}
temp = (temp << 8) | data[j];
}
@ -409,35 +422,41 @@ Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
return temp;
}
void
Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
void blowfish_expand0state(FAR blf_ctx *c,
FAR const uint8_t *key,
uint16_t keybytes)
{
u_int16_t i;
u_int16_t j;
u_int16_t k;
u_int32_t temp;
u_int32_t data[2];
uint16_t i;
uint16_t j;
uint16_t k;
uint32_t temp;
uint32_t data[2];
j = 0;
for (i = 0; i < BLF_N + 2; i++) {
for (i = 0; i < BLF_N + 2; i++)
{
/* Extract 4 int8 to 1 int32 from keystream */
temp = Blowfish_stream2word(key, keybytes, &j);
temp = blowfish_stream2word(key, keybytes, &j);
c->P[i] = c->P[i] ^ temp;
}
j = 0;
data[0] = 0x00000000;
data[1] = 0x00000000;
for (i = 0; i < BLF_N + 2; i += 2) {
Blowfish_encipher(c, data);
for (i = 0; i < BLF_N + 2; i += 2)
{
blowfish_encipher(c, data);
c->P[i] = data[0];
c->P[i + 1] = data[1];
}
for (i = 0; i < 4; i++) {
for (k = 0; k < 256; k += 2) {
Blowfish_encipher(c, data);
for (i = 0; i < 4; i++)
{
for (k = 0; k < 256; k += 2)
{
blowfish_encipher(c, data);
c->S[i][k] = data[0];
c->S[i][k + 1] = data[1];
@ -445,97 +464,103 @@ Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
}
}
void
Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
const u_int8_t *key, u_int16_t keybytes)
void blowfish_expandstate(FAR blf_ctx *c, FAR const uint8_t *data,
uint16_t databytes,
FAR const uint8_t *key, uint16_t keybytes)
{
u_int16_t i;
u_int16_t j;
u_int16_t k;
u_int32_t temp;
u_int32_t d[2];
uint16_t i;
uint16_t j;
uint16_t k;
uint32_t temp;
uint32_t d[2];
j = 0;
for (i = 0; i < BLF_N + 2; i++) {
for (i = 0; i < BLF_N + 2; i++)
{
/* Extract 4 int8 to 1 int32 from keystream */
temp = Blowfish_stream2word(key, keybytes, &j);
temp = blowfish_stream2word(key, keybytes, &j);
c->P[i] = c->P[i] ^ temp;
}
j = 0;
d[0] = 0x00000000;
d[1] = 0x00000000;
for (i = 0; i < BLF_N + 2; i += 2) {
d[0] ^= Blowfish_stream2word(data, databytes, &j);
d[1] ^= Blowfish_stream2word(data, databytes, &j);
Blowfish_encipher(c, d);
for (i = 0; i < BLF_N + 2; i += 2)
{
d[0] ^= blowfish_stream2word(data, databytes, &j);
d[1] ^= blowfish_stream2word(data, databytes, &j);
blowfish_encipher(c, d);
c->P[i] = d[0];
c->P[i + 1] = d[1];
}
for (i = 0; i < 4; i++) {
for (k = 0; k < 256; k += 2) {
d[0]^= Blowfish_stream2word(data, databytes, &j);
d[1] ^= Blowfish_stream2word(data, databytes, &j);
Blowfish_encipher(c, d);
for (i = 0; i < 4; i++)
{
for (k = 0; k < 256; k += 2)
{
d[0] ^= blowfish_stream2word(data, databytes, &j);
d[1] ^= blowfish_stream2word(data, databytes, &j);
blowfish_encipher(c, d);
c->S[i][k] = d[0];
c->S[i][k + 1] = d[1];
}
}
}
void
blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
void blf_key(FAR blf_ctx *c, FAR const uint8_t *k, uint16_t len)
{
/* Initialize S-boxes and subkeys with Pi */
Blowfish_initstate(c);
blowfish_initstate(c);
/* Transform S-boxes and subkeys with key */
Blowfish_expand0state(c, k, len);
blowfish_expand0state(c, k, len);
}
void
blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
void blf_enc(FAR blf_ctx *c, FAR uint32_t *data, uint16_t blocks)
{
u_int32_t *d;
u_int16_t i;
FAR uint32_t *d;
uint16_t i;
d = data;
for (i = 0; i < blocks; i++) {
Blowfish_encipher(c, d);
for (i = 0; i < blocks; i++)
{
blowfish_encipher(c, d);
d += 2;
}
}
void
blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
void blf_dec(FAR blf_ctx *c, FAR uint32_t *data, uint16_t blocks)
{
u_int32_t *d;
u_int16_t i;
FAR uint32_t *d;
uint16_t i;
d = data;
for (i = 0; i < blocks; i++) {
Blowfish_decipher(c, d);
for (i = 0; i < blocks; i++)
{
blowfish_decipher(c, d);
d += 2;
}
}
void
blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
void blf_ecb_encrypt(FAR blf_ctx *c, FAR uint8_t *data, uint32_t len)
{
u_int32_t l, r, d[2];
u_int32_t i;
uint32_t l;
uint32_t r;
uint32_t d[2];
uint32_t i;
for (i = 0; i < len; i += 8) {
for (i = 0; i < len; i += 8)
{
l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
d[0] = l;
d[1] = r;
Blowfish_encipher(c, d);
blowfish_encipher(c, d);
l = d[0];
r = d[1];
data[0] = l >> 24 & 0xff;
@ -550,18 +575,20 @@ blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
}
}
void
blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
void blf_ecb_decrypt(FAR blf_ctx *c, FAR uint8_t *data, uint32_t len)
{
u_int32_t l, r, d[2];
u_int32_t i;
uint32_t l;
uint32_t r;
uint32_t d[2];
uint32_t i;
for (i = 0; i < len; i += 8) {
for (i = 0; i < len; i += 8)
{
l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
d[0] = l;
d[1] = r;
Blowfish_decipher(c, d);
blowfish_decipher(c, d);
l = d[0];
r = d[1];
data[0] = l >> 24 & 0xff;
@ -576,20 +603,27 @@ blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
}
}
void
blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
void blf_cbc_encrypt(FAR blf_ctx *c, FAR uint8_t *iv,
FAR uint8_t *data, uint32_t len)
{
u_int32_t l, r, d[2];
u_int32_t i, j;
uint32_t l;
uint32_t r;
uint32_t d[2];
uint32_t i;
uint32_t j;
for (i = 0; i < len; i += 8) {
for (i = 0; i < len; i += 8)
{
for (j = 0; j < 8; j++)
{
data[j] ^= iv[j];
}
l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
d[0] = l;
d[1] = r;
Blowfish_encipher(c, d);
blowfish_encipher(c, d);
l = d[0];
r = d[1];
data[0] = l >> 24 & 0xff;
@ -605,21 +639,25 @@ blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
}
}
void
blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
void blf_cbc_decrypt(FAR blf_ctx *c, FAR uint8_t *iva,
FAR uint8_t *data, uint32_t len)
{
u_int32_t l, r, d[2];
u_int8_t *iv;
u_int32_t i, j;
uint32_t l;
uint32_t r;
uint32_t d[2];
FAR uint8_t *iv;
uint32_t i;
uint32_t j;
iv = data + len - 16;
data = data + len - 8;
for (i = len - 8; i >= 8; i -= 8) {
for (i = len - 8; i >= 8; i -= 8)
{
l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
d[0] = l;
d[1] = r;
Blowfish_decipher(c, d);
blowfish_decipher(c, d);
l = d[0];
r = d[1];
data[0] = l >> 24 & 0xff;
@ -635,11 +673,12 @@ blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
iv -= 8;
data -= 8;
}
l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
d[0] = l;
d[1] = r;
Blowfish_decipher(c, d);
blowfish_decipher(c, d);
l = d[0];
r = d[1];
data[0] = l >> 24 & 0xff;
@ -651,5 +690,7 @@ blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
data[6] = r >> 8 & 0xff;
data[7] = r & 0xff;
for (j = 0; j < 8; j++)
{
data[j] ^= iva[j];
}
}

382
crypto/cast.c
View file

@ -1,11 +1,16 @@
/* $OpenBSD: cast.c,v 1.4 2012/04/25 04:12:27 matthew Exp $ */
/*
/****************************************************************************
* crypto/cast.c
* $OpenBSD: cast.c,v 1.4 2012/04/25 04:12:27 matthew Exp $
*
* CAST-128 in C
* Written by Steve Reid <sreid@sea-to-sky.net>
* 100% Public Domain - no warranty
* Released 1997.10.11
*/
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/types.h>
#include <sys/systm.h>
@ -13,42 +18,61 @@
#include "castsb.h"
/* Macros to access 8-bit bytes out of a 32-bit word */
#define U_INT8_Ta(x) ( (u_int8_t) (x>>24) )
#define U_INT8_Tb(x) ( (u_int8_t) ((x>>16)&255) )
#define U_INT8_Tc(x) ( (u_int8_t) ((x>>8)&255) )
#define U_INT8_Td(x) ( (u_int8_t) ((x)&255) )
#define UINT8_TA(x) ( (uint8_t) (x>>24) )
#define UINT8_TB(x) ( (uint8_t) ((x>>16)&255) )
#define UINT8_TC(x) ( (uint8_t) ((x>>8)&255) )
#define UINT8_TD(x) ( (uint8_t) ((x)&255) )
/* Circular left shift */
#define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) )
/* CAST-128 uses three different round functions */
#define F1(l, r, i) \
t = ROL(key->xkey[i] + r, key->xkey[i+16]); \
l ^= ((cast_sbox1[U_INT8_Ta(t)] ^ cast_sbox2[U_INT8_Tb(t)]) - \
cast_sbox3[U_INT8_Tc(t)]) + cast_sbox4[U_INT8_Td(t)];
l ^= ((cast_sbox1[UINT8_TA(t)] ^ cast_sbox2[UINT8_TB(t)]) - \
cast_sbox3[UINT8_TC(t)]) + cast_sbox4[UINT8_TD(t)];
#define F2(l, r, i) \
t = ROL(key->xkey[i] ^ r, key->xkey[i+16]); \
l ^= ((cast_sbox1[U_INT8_Ta(t)] - cast_sbox2[U_INT8_Tb(t)]) + \
cast_sbox3[U_INT8_Tc(t)]) ^ cast_sbox4[U_INT8_Td(t)];
l ^= ((cast_sbox1[UINT8_TA(t)] - cast_sbox2[UINT8_TB(t)]) + \
cast_sbox3[UINT8_TC(t)]) ^ cast_sbox4[UINT8_TD(t)];
#define F3(l, r, i) \
t = ROL(key->xkey[i] - r, key->xkey[i+16]); \
l ^= ((cast_sbox1[U_INT8_Ta(t)] + cast_sbox2[U_INT8_Tb(t)]) ^ \
cast_sbox3[U_INT8_Tc(t)]) - cast_sbox4[U_INT8_Td(t)];
l ^= ((cast_sbox1[UINT8_TA(t)] + cast_sbox2[UINT8_TB(t)]) ^ \
cast_sbox3[UINT8_TC(t)]) - cast_sbox4[UINT8_TD(t)];
/****************************************************************************
* Public Functions
****************************************************************************/
/***** Encryption Function *****/
/* Encryption Function */
void
cast_encrypt(cast_key *key, u_int8_t *inblock, u_int8_t *outblock)
void cast_encrypt(FAR cast_key *key,
FAR uint8_t *inblock,
FAR uint8_t *outblock)
{
u_int32_t t, l, r;
uint32_t t;
uint32_t l;
uint32_t r;
/* Get inblock into l,r */
l = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
r = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
l = ((uint32_t)inblock[0] << 24) |
((uint32_t)inblock[1] << 16) |
((uint32_t)inblock[2] << 8) |
(uint32_t)inblock[3];
r = ((uint32_t)inblock[4] << 24) |
((uint32_t)inblock[5] << 16) |
((uint32_t)inblock[6] << 8) |
(uint32_t)inblock[7];
/* Do the work */
F1(l, r, 0);
F2(r, l, 1);
F3(l, r, 2);
@ -61,47 +85,67 @@ cast_encrypt(cast_key *key, u_int8_t *inblock, u_int8_t *outblock)
F1(r, l, 9);
F2(l, r, 10);
F3(r, l, 11);
/* Only do full 16 rounds if key length > 80 bits */
if (key->rounds > 12) {
if (key->rounds > 12)
{
F1(l, r, 12);
F2(r, l, 13);
F3(l, r, 14);
F1(r, l, 15);
}
/* Put l,r into outblock */
outblock[0] = U_INT8_Ta(r);
outblock[1] = U_INT8_Tb(r);
outblock[2] = U_INT8_Tc(r);
outblock[3] = U_INT8_Td(r);
outblock[4] = U_INT8_Ta(l);
outblock[5] = U_INT8_Tb(l);
outblock[6] = U_INT8_Tc(l);
outblock[7] = U_INT8_Td(l);
outblock[0] = UINT8_TA(r);
outblock[1] = UINT8_TB(r);
outblock[2] = UINT8_TC(r);
outblock[3] = UINT8_TD(r);
outblock[4] = UINT8_TA(l);
outblock[5] = UINT8_TB(l);
outblock[6] = UINT8_TC(l);
outblock[7] = UINT8_TD(l);
/* Wipe clean */
t = l = r = 0;
}
/* Decryption Function */
/***** Decryption Function *****/
void
cast_decrypt(cast_key *key, u_int8_t *inblock, u_int8_t *outblock)
void cast_decrypt(FAR cast_key *key,
FAR uint8_t *inblock,
FAR uint8_t *outblock)
{
u_int32_t t, l, r;
uint32_t t;
uint32_t l;
uint32_t r;
/* Get inblock into l,r */
r = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
l = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
r = ((uint32_t)inblock[0] << 24) |
((uint32_t)inblock[1] << 16) |
((uint32_t)inblock[2] << 8) |
(uint32_t)inblock[3];
l = ((uint32_t)inblock[4] << 24) |
((uint32_t)inblock[5] << 16) |
((uint32_t)inblock[6] << 8) |
(uint32_t)inblock[7];
/* Do the work */
/* Only do full 16 rounds if key length > 80 bits */
if (key->rounds > 12) {
if (key->rounds > 12)
{
F1(r, l, 15);
F3(l, r, 14);
F2(r, l, 13);
F1(l, r, 12);
}
F3(r, l, 11);
F2(l, r, 10);
F1(r, l, 9);
@ -114,161 +158,195 @@ cast_decrypt(cast_key *key, u_int8_t *inblock, u_int8_t *outblock)
F3(l, r, 2);
F2(r, l, 1);
F1(l, r, 0);
/* Put l,r into outblock */
outblock[0] = U_INT8_Ta(l);
outblock[1] = U_INT8_Tb(l);
outblock[2] = U_INT8_Tc(l);
outblock[3] = U_INT8_Td(l);
outblock[4] = U_INT8_Ta(r);
outblock[5] = U_INT8_Tb(r);
outblock[6] = U_INT8_Tc(r);
outblock[7] = U_INT8_Td(r);
outblock[0] = UINT8_TA(l);
outblock[1] = UINT8_TB(l);
outblock[2] = UINT8_TC(l);
outblock[3] = UINT8_TD(l);
outblock[4] = UINT8_TA(r);
outblock[5] = UINT8_TB(r);
outblock[6] = UINT8_TC(r);
outblock[7] = UINT8_TD(r);
/* Wipe clean */
t = l = r = 0;
}
/* Key Schedule */
/***** Key Schedule *****/
void
cast_setkey(cast_key *key, u_int8_t *rawkey, int keybytes)
void cast_setkey(FAR cast_key *key, FAR uint8_t *rawkey, int keybytes)
{
u_int32_t t[4], z[4], x[4];
uint32_t t[4];
uint32_t z[4];
uint32_t x[4];
int i;
/* Set number of rounds to 12 or 16, depending on key length */
key->rounds = (keybytes <= 10 ? 12 : 16);
/* Copy key to workspace x */
for (i = 0; i < 4; i++) {
for (i = 0; i < 4; i++)
{
x[i] = 0;
if ((i*4+0) < keybytes) x[i] = (u_int32_t)rawkey[i*4+0] << 24;
if ((i*4+1) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+1] << 16;
if ((i*4+2) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+2] << 8;
if ((i*4+3) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+3];
if ((i * 4 + 0) < keybytes)
{
x[i] = (uint32_t)rawkey[i * 4 + 0] << 24;
}
if ((i * 4 + 1) < keybytes)
{
x[i] |= (uint32_t)rawkey[i * 4 + 1] << 16;
}
if ((i * 4 + 2) < keybytes)
{
x[i] |= (uint32_t)rawkey[i * 4 + 2] << 8;
}
if ((i * 4 + 3) < keybytes)
{
x[i] |= (uint32_t)rawkey[i * 4 + 3];
}
}
/* Generate 32 subkeys, four at a time */
for (i = 0; i < 32; i+=4) {
switch (i & 4) {
for (i = 0; i < 32; i += 4)
{
switch (i & 4)
{
case 0:
t[0] = z[0] = x[0] ^ cast_sbox5[U_INT8_Tb(x[3])] ^
cast_sbox6[U_INT8_Td(x[3])] ^
cast_sbox7[U_INT8_Ta(x[3])] ^
cast_sbox8[U_INT8_Tc(x[3])] ^
cast_sbox7[U_INT8_Ta(x[2])];
t[1] = z[1] = x[2] ^ cast_sbox5[U_INT8_Ta(z[0])] ^
cast_sbox6[U_INT8_Tc(z[0])] ^
cast_sbox7[U_INT8_Tb(z[0])] ^
cast_sbox8[U_INT8_Td(z[0])] ^
cast_sbox8[U_INT8_Tc(x[2])];
t[2] = z[2] = x[3] ^ cast_sbox5[U_INT8_Td(z[1])] ^
cast_sbox6[U_INT8_Tc(z[1])] ^
cast_sbox7[U_INT8_Tb(z[1])] ^
cast_sbox8[U_INT8_Ta(z[1])] ^
cast_sbox5[U_INT8_Tb(x[2])];
t[3] = z[3] = x[1] ^ cast_sbox5[U_INT8_Tc(z[2])] ^
cast_sbox6[U_INT8_Tb(z[2])] ^
cast_sbox7[U_INT8_Td(z[2])] ^
cast_sbox8[U_INT8_Ta(z[2])] ^
cast_sbox6[U_INT8_Td(x[2])];
t[0] = z[0] = x[0] ^ cast_sbox5[UINT8_TB(x[3])] ^
cast_sbox6[UINT8_TD(x[3])] ^
cast_sbox7[UINT8_TA(x[3])] ^
cast_sbox8[UINT8_TC(x[3])] ^
cast_sbox7[UINT8_TA(x[2])];
t[1] = z[1] = x[2] ^ cast_sbox5[UINT8_TA(z[0])] ^
cast_sbox6[UINT8_TC(z[0])] ^
cast_sbox7[UINT8_TB(z[0])] ^
cast_sbox8[UINT8_TD(z[0])] ^
cast_sbox8[UINT8_TC(x[2])];
t[2] = z[2] = x[3] ^ cast_sbox5[UINT8_TD(z[1])] ^
cast_sbox6[UINT8_TC(z[1])] ^
cast_sbox7[UINT8_TB(z[1])] ^
cast_sbox8[UINT8_TA(z[1])] ^
cast_sbox5[UINT8_TB(x[2])];
t[3] = z[3] = x[1] ^ cast_sbox5[UINT8_TC(z[2])] ^
cast_sbox6[UINT8_TB(z[2])] ^
cast_sbox7[UINT8_TD(z[2])] ^
cast_sbox8[UINT8_TA(z[2])] ^
cast_sbox6[UINT8_TD(x[2])];
break;
case 4:
t[0] = x[0] = z[2] ^ cast_sbox5[U_INT8_Tb(z[1])] ^
cast_sbox6[U_INT8_Td(z[1])] ^
cast_sbox7[U_INT8_Ta(z[1])] ^
cast_sbox8[U_INT8_Tc(z[1])] ^
cast_sbox7[U_INT8_Ta(z[0])];
t[1] = x[1] = z[0] ^ cast_sbox5[U_INT8_Ta(x[0])] ^
cast_sbox6[U_INT8_Tc(x[0])] ^
cast_sbox7[U_INT8_Tb(x[0])] ^
cast_sbox8[U_INT8_Td(x[0])] ^
cast_sbox8[U_INT8_Tc(z[0])];
t[2] = x[2] = z[1] ^ cast_sbox5[U_INT8_Td(x[1])] ^
cast_sbox6[U_INT8_Tc(x[1])] ^
cast_sbox7[U_INT8_Tb(x[1])] ^
cast_sbox8[U_INT8_Ta(x[1])] ^
cast_sbox5[U_INT8_Tb(z[0])];
t[3] = x[3] = z[3] ^ cast_sbox5[U_INT8_Tc(x[2])] ^
cast_sbox6[U_INT8_Tb(x[2])] ^
cast_sbox7[U_INT8_Td(x[2])] ^
cast_sbox8[U_INT8_Ta(x[2])] ^
cast_sbox6[U_INT8_Td(z[0])];
t[0] = x[0] = z[2] ^ cast_sbox5[UINT8_TB(z[1])] ^
cast_sbox6[UINT8_TD(z[1])] ^
cast_sbox7[UINT8_TA(z[1])] ^
cast_sbox8[UINT8_TC(z[1])] ^
cast_sbox7[UINT8_TA(z[0])];
t[1] = x[1] = z[0] ^ cast_sbox5[UINT8_TA(x[0])] ^
cast_sbox6[UINT8_TC(x[0])] ^
cast_sbox7[UINT8_TB(x[0])] ^
cast_sbox8[UINT8_TD(x[0])] ^
cast_sbox8[UINT8_TC(z[0])];
t[2] = x[2] = z[1] ^ cast_sbox5[UINT8_TD(x[1])] ^
cast_sbox6[UINT8_TC(x[1])] ^
cast_sbox7[UINT8_TB(x[1])] ^
cast_sbox8[UINT8_TA(x[1])] ^
cast_sbox5[UINT8_TB(z[0])];
t[3] = x[3] = z[3] ^ cast_sbox5[UINT8_TC(x[2])] ^
cast_sbox6[UINT8_TB(x[2])] ^
cast_sbox7[UINT8_TD(x[2])] ^
cast_sbox8[UINT8_TA(x[2])] ^
cast_sbox6[UINT8_TD(z[0])];
break;
}
switch (i & 12) {
switch (i & 12)
{
case 0:
case 12:
key->xkey[i+0] = cast_sbox5[U_INT8_Ta(t[2])] ^
cast_sbox6[U_INT8_Tb(t[2])] ^
cast_sbox7[U_INT8_Td(t[1])] ^
cast_sbox8[U_INT8_Tc(t[1])];
key->xkey[i+1] = cast_sbox5[U_INT8_Tc(t[2])] ^
cast_sbox6[U_INT8_Td(t[2])] ^
cast_sbox7[U_INT8_Tb(t[1])] ^
cast_sbox8[U_INT8_Ta(t[1])];
key->xkey[i+2] = cast_sbox5[U_INT8_Ta(t[3])] ^
cast_sbox6[U_INT8_Tb(t[3])] ^
cast_sbox7[U_INT8_Td(t[0])] ^
cast_sbox8[U_INT8_Tc(t[0])];
key->xkey[i+3] = cast_sbox5[U_INT8_Tc(t[3])] ^
cast_sbox6[U_INT8_Td(t[3])] ^
cast_sbox7[U_INT8_Tb(t[0])] ^
cast_sbox8[U_INT8_Ta(t[0])];
key->xkey[i + 0] = cast_sbox5[UINT8_TA(t[2])] ^
cast_sbox6[UINT8_TB(t[2])] ^
cast_sbox7[UINT8_TD(t[1])] ^
cast_sbox8[UINT8_TC(t[1])];
key->xkey[i + 1] = cast_sbox5[UINT8_TC(t[2])] ^
cast_sbox6[UINT8_TD(t[2])] ^
cast_sbox7[UINT8_TB(t[1])] ^
cast_sbox8[UINT8_TA(t[1])];
key->xkey[i + 2] = cast_sbox5[UINT8_TA(t[3])] ^
cast_sbox6[UINT8_TB(t[3])] ^
cast_sbox7[UINT8_TD(t[0])] ^
cast_sbox8[UINT8_TC(t[0])];
key->xkey[i + 3] = cast_sbox5[UINT8_TC(t[3])] ^
cast_sbox6[UINT8_TD(t[3])] ^
cast_sbox7[UINT8_TB(t[0])] ^
cast_sbox8[UINT8_TA(t[0])];
break;
case 4:
case 8:
key->xkey[i+0] = cast_sbox5[U_INT8_Td(t[0])] ^
cast_sbox6[U_INT8_Tc(t[0])] ^
cast_sbox7[U_INT8_Ta(t[3])] ^
cast_sbox8[U_INT8_Tb(t[3])];
key->xkey[i+1] = cast_sbox5[U_INT8_Tb(t[0])] ^
cast_sbox6[U_INT8_Ta(t[0])] ^
cast_sbox7[U_INT8_Tc(t[3])] ^
cast_sbox8[U_INT8_Td(t[3])];
key->xkey[i+2] = cast_sbox5[U_INT8_Td(t[1])] ^
cast_sbox6[U_INT8_Tc(t[1])] ^
cast_sbox7[U_INT8_Ta(t[2])] ^
cast_sbox8[U_INT8_Tb(t[2])];
key->xkey[i+3] = cast_sbox5[U_INT8_Tb(t[1])] ^
cast_sbox6[U_INT8_Ta(t[1])] ^
cast_sbox7[U_INT8_Tc(t[2])] ^
cast_sbox8[U_INT8_Td(t[2])];
key->xkey[i + 0] = cast_sbox5[UINT8_TD(t[0])] ^
cast_sbox6[UINT8_TC(t[0])] ^
cast_sbox7[UINT8_TA(t[3])] ^
cast_sbox8[UINT8_TB(t[3])];
key->xkey[i + 1] = cast_sbox5[UINT8_TB(t[0])] ^
cast_sbox6[UINT8_TA(t[0])] ^
cast_sbox7[UINT8_TC(t[3])] ^
cast_sbox8[UINT8_TD(t[3])];
key->xkey[i + 2] = cast_sbox5[UINT8_TD(t[1])] ^
cast_sbox6[UINT8_TC(t[1])] ^
cast_sbox7[UINT8_TA(t[2])] ^
cast_sbox8[UINT8_TB(t[2])];
key->xkey[i + 3] = cast_sbox5[UINT8_TB(t[1])] ^
cast_sbox6[UINT8_TA(t[1])] ^
cast_sbox7[UINT8_TC(t[2])] ^
cast_sbox8[UINT8_TD(t[2])];
break;
}
switch (i & 12) {
switch (i & 12)
{
case 0:
key->xkey[i+0] ^= cast_sbox5[U_INT8_Tc(z[0])];
key->xkey[i+1] ^= cast_sbox6[U_INT8_Tc(z[1])];
key->xkey[i+2] ^= cast_sbox7[U_INT8_Tb(z[2])];
key->xkey[i+3] ^= cast_sbox8[U_INT8_Ta(z[3])];
key->xkey[i + 0] ^= cast_sbox5[UINT8_TC(z[0])];
key->xkey[i + 1] ^= cast_sbox6[UINT8_TC(z[1])];
key->xkey[i + 2] ^= cast_sbox7[UINT8_TB(z[2])];
key->xkey[i + 3] ^= cast_sbox8[UINT8_TA(z[3])];
break;
case 4:
key->xkey[i+0] ^= cast_sbox5[U_INT8_Ta(x[2])];
key->xkey[i+1] ^= cast_sbox6[U_INT8_Tb(x[3])];
key->xkey[i+2] ^= cast_sbox7[U_INT8_Td(x[0])];
key->xkey[i+3] ^= cast_sbox8[U_INT8_Td(x[1])];
key->xkey[i + 0] ^= cast_sbox5[UINT8_TA(x[2])];
key->xkey[i + 1] ^= cast_sbox6[UINT8_TB(x[3])];
key->xkey[i + 2] ^= cast_sbox7[UINT8_TD(x[0])];
key->xkey[i + 3] ^= cast_sbox8[UINT8_TD(x[1])];
break;
case 8:
key->xkey[i+0] ^= cast_sbox5[U_INT8_Tb(z[2])];
key->xkey[i+1] ^= cast_sbox6[U_INT8_Ta(z[3])];
key->xkey[i+2] ^= cast_sbox7[U_INT8_Tc(z[0])];
key->xkey[i+3] ^= cast_sbox8[U_INT8_Tc(z[1])];
key->xkey[i + 0] ^= cast_sbox5[UINT8_TB(z[2])];
key->xkey[i + 1] ^= cast_sbox6[UINT8_TA(z[3])];
key->xkey[i + 2] ^= cast_sbox7[UINT8_TC(z[0])];
key->xkey[i + 3] ^= cast_sbox8[UINT8_TC(z[1])];
break;
case 12:
key->xkey[i+0] ^= cast_sbox5[U_INT8_Td(x[0])];
key->xkey[i+1] ^= cast_sbox6[U_INT8_Td(x[1])];
key->xkey[i+2] ^= cast_sbox7[U_INT8_Ta(x[2])];
key->xkey[i+3] ^= cast_sbox8[U_INT8_Tb(x[3])];
key->xkey[i + 0] ^= cast_sbox5[UINT8_TD(x[0])];
key->xkey[i + 1] ^= cast_sbox6[UINT8_TD(x[1])];
key->xkey[i + 2] ^= cast_sbox7[UINT8_TA(x[2])];
key->xkey[i + 3] ^= cast_sbox8[UINT8_TB(x[3])];
break;
}
if (i >= 16) {
if (i >= 16)
{
key->xkey[i + 0] &= 31;
key->xkey[i + 1] &= 31;
key->xkey[i + 2] &= 31;
key->xkey[i + 3] &= 31;
}
}
/* Wipe clean */
explicit_bzero(t, sizeof(t));
explicit_bzero(x, sizeof(x));
explicit_bzero(z, sizeof(z));

1056
crypto/castsb.h
View file

File diff suppressed because it is too large Load diff

206
crypto/chacha_private.h
View file

@ -1,34 +1,38 @@
/* $OpenBSD: chacha_private.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $ */
/*
chacha-merged.c version 20080118
D. J. Bernstein
Public domain.
*/
/****************************************************************************
* crypto/chacha_private.h
* $OpenBSD: chacha_private.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $
*
* chacha-merged.c version 20080118
* D. J. Bernstein
* Public domain.
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/systm.h>
typedef unsigned char u8;
typedef unsigned int u32;
typedef struct
{
u32 input[16]; /* could be compressed */
} chacha_ctx;
uint32_t input[16]; /* could be compressed */
}
chacha_ctx;
#define U8C(v) (v##U)
#define U32C(v) (v##U)
#define U8V(v) ((u8)(v) & U8C(0xFF))
#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
#define U8V(v) ((uint8_t)(v) & U8C(0xFF))
#define U32V(v) ((uint32_t)(v) & U32C(0xFFFFFFFF))
#define ROTL32(v, n) \
(U32V((v) << (n)) | ((v) >> (32 - (n))))
#define U8TO32_LITTLE(p) \
(((u32)((p)[0]) ) | \
((u32)((p)[1]) << 8) | \
((u32)((p)[2]) << 16) | \
((u32)((p)[3]) << 24))
(((uint32_t)((p)[0])) | \
((uint32_t)((p)[1]) << 8) | \
((uint32_t)((p)[2]) << 16) | \
((uint32_t)((p)[3]) << 24)) \
#define U32TO8_LITTLE(p, v) \
do { \
@ -44,19 +48,25 @@ typedef struct
#define PLUSONE(v) (PLUS((v), 1))
#define QUARTERROUND(a, b, c, d) \
do \
{ \
a = PLUS(a, b); d = ROTATE(XOR(d, a), 16); \
c = PLUS(c, d); b = ROTATE(XOR(b, c), 12); \
a = PLUS(a, b); d = ROTATE(XOR(d, a), 8); \
c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
c = PLUS(c, d); b = ROTATE(XOR(b, c), 7); \
} \
while (0)
static const char sigma[16] = "expand 32-byte k";
static const char tau[16] = "expand 16-byte k";
static inline void
hchacha20(u32 derived_key[8], const u8 nonce[16], const u8 key[32])
static inline void hchacha20(FAR uint32_t *derived_key,
FAR const uint8_t *nonce,
FAR const uint8_t *key)
{
int i;
uint32_t x[] = {
uint32_t x[] =
{
U8TO32_LITTLE(sigma + 0),
U8TO32_LITTLE(sigma + 4),
U8TO32_LITTLE(sigma + 8),
@ -75,36 +85,46 @@ hchacha20(u32 derived_key[8], const u8 nonce[16], const u8 key[32])
U8TO32_LITTLE(nonce + 12)
};
for (i = 20;i > 0;i -= 2) {
QUARTERROUND( x[0], x[4], x[8],x[12])
QUARTERROUND( x[1], x[5], x[9],x[13])
QUARTERROUND( x[2], x[6],x[10],x[14])
QUARTERROUND( x[3], x[7],x[11],x[15])
QUARTERROUND( x[0], x[5],x[10],x[15])
QUARTERROUND( x[1], x[6],x[11],x[12])
QUARTERROUND( x[2], x[7], x[8],x[13])
QUARTERROUND( x[3], x[4], x[9],x[14])
}
memcpy(derived_key + 0, x + 0, sizeof(u32) * 4);
memcpy(derived_key + 4, x + 12, sizeof(u32) * 4);
}
static void
chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
for (i = 20; i > 0; i -= 2)
{
const char *constants;
QUARTERROUND(x[0], x[4], x[8], x[12]);
QUARTERROUND(x[1], x[5], x[9], x[13]);
QUARTERROUND(x[2], x[6], x[10], x[14]);
QUARTERROUND(x[3], x[7], x[11], x[15]);
QUARTERROUND(x[0], x[5], x[10], x[15]);
QUARTERROUND(x[1], x[6], x[11], x[12]);
QUARTERROUND(x[2], x[7], x[8], x[13]);
QUARTERROUND(x[3], x[4], x[9], x[14]);
}
memcpy(derived_key + 0, x + 0, sizeof(uint32_t) * 4);
memcpy(derived_key + 4, x + 12, sizeof(uint32_t) * 4);
}
static void chacha_keysetup(FAR chacha_ctx *x,
FAR const uint8_t *k,
FAR uint32_t kbits)
{
FAR const char *constants;
x->input[4] = U8TO32_LITTLE(k + 0);
x->input[5] = U8TO32_LITTLE(k + 4);
x->input[6] = U8TO32_LITTLE(k + 8);
x->input[7] = U8TO32_LITTLE(k + 12);
if (kbits == 256) { /* recommended */
if (kbits == 256)
{
/* recommended */
k += 16;
constants = sigma;
} else { /* kbits == 128 */
}
else
{
/* kbits == 128 */
constants = tau;
}
x->input[8] = U8TO32_LITTLE(k + 0);
x->input[9] = U8TO32_LITTLE(k + 4);
x->input[10] = U8TO32_LITTLE(k + 8);
@ -115,8 +135,9 @@ chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
x->input[3] = U8TO32_LITTLE(constants + 12);
}
static void
chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
static void chacha_ivsetup(FAR chacha_ctx *x,
FAR const uint8_t *iv,
FAR const uint8_t *counter)
{
x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
@ -124,16 +145,51 @@ chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
x->input[15] = U8TO32_LITTLE(iv + 4);
}
static void
chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
static void chacha_encrypt_bytes(FAR chacha_ctx *x,
FAR const uint8_t *m,
FAR uint8_t *c,
uint32_t bytes)
{
u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
u8 *ctarget = NULL;
u8 tmp[64];
uint32_t x0;
uint32_t x1;
uint32_t x2;
uint32_t x3;
uint32_t x4;
uint32_t x5;
uint32_t x6;
uint32_t x7;
uint32_t x8;
uint32_t x9;
uint32_t x10;
uint32_t x11;
uint32_t x12;
uint32_t x13;
uint32_t x14;
uint32_t x15;
uint32_t j0;
uint32_t j1;
uint32_t j2;
uint32_t j3;
uint32_t j4;
uint32_t j5;
uint32_t j6;
uint32_t j7;
uint32_t j8;
uint32_t j9;
uint32_t j10;
uint32_t j11;
uint32_t j12;
uint32_t j13;
uint32_t j14;
uint32_t j15;
FAR uint8_t *ctarget = NULL;
uint8_t tmp[64];
u_int i;
if (!bytes) return;
if (!bytes)
{
return;
}
j0 = x->input[0];
j1 = x->input[1];
@ -152,13 +208,20 @@ chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
j14 = x->input[14];
j15 = x->input[15];
for (;;) {
if (bytes < 64) {
for (i = 0;i < bytes;++i) tmp[i] = m[i];
for (; ; )
{
if (bytes < 64)
{
for (i = 0; i < bytes; ++i)
{
tmp[i] = m[i];
}
m = tmp;
ctarget = c;
c = tmp;
}
x0 = j0;
x1 = j1;
x2 = j2;
@ -175,16 +238,18 @@ chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
x13 = j13;
x14 = j14;
x15 = j15;
for (i = 20;i > 0;i -= 2) {
QUARTERROUND( x0, x4, x8,x12)
QUARTERROUND( x1, x5, x9,x13)
QUARTERROUND( x2, x6,x10,x14)
QUARTERROUND( x3, x7,x11,x15)
QUARTERROUND( x0, x5,x10,x15)
QUARTERROUND( x1, x6,x11,x12)
QUARTERROUND( x2, x7, x8,x13)
QUARTERROUND( x3, x4, x9,x14)
for (i = 20; i > 0; i -= 2)
{
QUARTERROUND(x0, x4, x8, x12);
QUARTERROUND(x1, x5, x9, x13);
QUARTERROUND(x2, x6, x10, x14);
QUARTERROUND(x3, x7, x11, x15);
QUARTERROUND(x0, x5, x10, x15);
QUARTERROUND(x1, x6, x11, x12);
QUARTERROUND(x2, x7, x8, x13);
QUARTERROUND(x3, x4, x9, x14);
}
x0 = PLUS(x0, j0);
x1 = PLUS(x1, j1);
x2 = PLUS(x2, j2);
@ -222,8 +287,10 @@ chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
#endif
j12 = PLUSONE(j12);
if (!j12) {
if (!j12)
{
j13 = PLUSONE(j13);
/* stopping at 2^70 bytes per nonce is user's responsibility */
}
@ -244,14 +311,21 @@ chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
U32TO8_LITTLE(c + 56, x14);
U32TO8_LITTLE(c + 60, x15);
if (bytes <= 64) {
if (bytes < 64) {
for (i = 0;i < bytes;++i) ctarget[i] = c[i];
if (bytes <= 64)
{
if (bytes < 64)
{
for (i = 0; i < bytes; ++i)
{
ctarget[i] = c[i];
}
}
x->input[12] = j12;
x->input[13] = j13;
return;
}
bytes -= 64;
c += 64;
#ifndef KEYSTREAM_ONLY

214
crypto/chachapoly.c
View file

@ -1,5 +1,7 @@
/* $OpenBSD: chachapoly.c,v 1.6 2020/07/22 13:54:30 tobhe Exp $ */
/*
/****************************************************************************
* crypto/chachapoly.c
* $OpenBSD: chachapoly.c,v 1.6 2020/07/22 13:54:30 tobhe Exp $
*
* Copyright (c) 2015 Mike Belopuhov
*
* Permission to use, copy, modify, and distribute this software for any
@ -13,7 +15,11 @@
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/param.h>
#include <sys/systm.h>
@ -22,132 +28,152 @@
#include <crypto/poly1305.h>
#include <crypto/chachapoly.h>
int
chacha20_setkey(void *sched, u_int8_t *key, int len)
#include "chacha_private.h"
/****************************************************************************
* Private Data
****************************************************************************/
static const uint8_t pad0[16];
/****************************************************************************
* Public Functions
****************************************************************************/
int chacha20_setkey(FAR void *sched, FAR uint8_t *key, int len)
{
struct chacha20_ctx *ctx = (struct chacha20_ctx *)sched;
FAR struct chacha20_ctx *ctx = (FAR struct chacha20_ctx *)sched;
if (len != CHACHA20_KEYSIZE + CHACHA20_SALT)
return (-1);
{
return -1;
}
/* initial counter is 1 */
ctx->nonce[0] = 1;
memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
CHACHA20_SALT);
chacha_keysetup((chacha_ctx *)&ctx->block, key, CHACHA20_KEYSIZE * 8);
return (0);
chacha_keysetup((FAR chacha_ctx *)&ctx->block, key, CHACHA20_KEYSIZE * 8);
return 0;
}
void
chacha20_reinit(caddr_t key, u_int8_t *iv)
void chacha20_reinit(caddr_t key, FAR uint8_t *iv)
{
struct chacha20_ctx *ctx = (struct chacha20_ctx *)key;
FAR struct chacha20_ctx *ctx = (FAR struct chacha20_ctx *)key;
chacha_ivsetup((chacha_ctx *)ctx->block, iv, ctx->nonce);
chacha_ivsetup((FAR chacha_ctx *)ctx->block, iv, ctx->nonce);
}
void
chacha20_crypt(caddr_t key, u_int8_t *data)
void chacha20_crypt(caddr_t key, FAR uint8_t *data)
{
struct chacha20_ctx *ctx = (struct chacha20_ctx *)key;
FAR struct chacha20_ctx *ctx = (FAR struct chacha20_ctx *)key;
chacha_encrypt_bytes((chacha_ctx *)ctx->block, data, data,
chacha_encrypt_bytes((FAR chacha_ctx *)ctx->block, data, data,
CHACHA20_BLOCK_LEN);
}
void
Chacha20_Poly1305_Init(void *xctx)
void chacha20_poly1305_init(FAR void *xctx)
{
CHACHA20_POLY1305_CTX *ctx = xctx;
FAR CHACHA20_POLY1305_CTX *ctx = xctx;
memset(ctx, 0, sizeof(*ctx));
}
void
Chacha20_Poly1305_Setkey(void *xctx, const uint8_t *key, uint16_t klen)
void chacha20_poly1305_setkey(FAR void *xctx, FAR const uint8_t *key,
uint16_t klen)
{
CHACHA20_POLY1305_CTX *ctx = xctx;
FAR CHACHA20_POLY1305_CTX *ctx = xctx;
/* salt is provided with the key material */
memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
CHACHA20_SALT);
chacha_keysetup((chacha_ctx *)&ctx->chacha, key, CHACHA20_KEYSIZE * 8);
chacha_keysetup((FAR chacha_ctx *)&ctx->chacha, key, CHACHA20_KEYSIZE * 8);
}
void
Chacha20_Poly1305_Reinit(void *xctx, const uint8_t *iv, uint16_t ivlen)
void chacha20_poly1305_reinit(FAR void *xctx, FAR const uint8_t *iv,
uint16_t ivlen)
{
CHACHA20_POLY1305_CTX *ctx = xctx;
FAR CHACHA20_POLY1305_CTX *ctx = xctx;
/* initial counter is 0 */
chacha_ivsetup((chacha_ctx *)&ctx->chacha, iv, ctx->nonce);
chacha_encrypt_bytes((chacha_ctx *)&ctx->chacha, ctx->key, ctx->key,
chacha_ivsetup((FAR chacha_ctx *)&ctx->chacha, iv, ctx->nonce);
chacha_encrypt_bytes((FAR chacha_ctx *)&ctx->chacha, ctx->key, ctx->key,
POLY1305_KEYLEN);
poly1305_init((poly1305_state *)&ctx->poly, ctx->key);
poly1305_init((FAR poly1305_state *)&ctx->poly, ctx->key);
}
int
Chacha20_Poly1305_Update(void *xctx, const uint8_t *data, uint16_t len)
int chacha20_poly1305_update(FAR void *xctx, FAR const uint8_t *data,
uint16_t len)
{
static const unsigned char zeroes[POLY1305_BLOCK_LEN];
CHACHA20_POLY1305_CTX *ctx = xctx;
FAR CHACHA20_POLY1305_CTX *ctx = xctx;
size_t rem;
poly1305_update((poly1305_state *)&ctx->poly, data, len);
poly1305_update((FAR poly1305_state *)&ctx->poly, data, len);
/* number of bytes in the last 16 byte block */
rem = (len + POLY1305_BLOCK_LEN) & (POLY1305_BLOCK_LEN - 1);
if (rem > 0)
poly1305_update((poly1305_state *)&ctx->poly, zeroes,
{
poly1305_update((FAR poly1305_state *)&ctx->poly, zeroes,
POLY1305_BLOCK_LEN - rem);
return (0);
}
void
Chacha20_Poly1305_Final(uint8_t tag[POLY1305_TAGLEN], void *xctx)
{
CHACHA20_POLY1305_CTX *ctx = xctx;
return 0;
}
poly1305_finish((poly1305_state *)&ctx->poly, tag);
void chacha20_poly1305_final(FAR uint8_t *tag, FAR void *xctx)
{
FAR CHACHA20_POLY1305_CTX *ctx = xctx;
poly1305_finish((FAR poly1305_state *)&ctx->poly, tag);
explicit_bzero(ctx, sizeof(*ctx));
}
static const uint8_t pad0[16] = { 0 };
void
chacha20poly1305_encrypt(
uint8_t *dst,
const uint8_t *src,
void chacha20poly1305_encrypt(
FAR uint8_t *dst,
FAR const uint8_t *src,
const size_t src_len,
const uint8_t *ad,
FAR const uint8_t *ad,
const size_t ad_len,
const uint64_t nonce,
const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
) {
FAR const uint8_t *key)
{
poly1305_state poly1305_ctx;
chacha_ctx ctx;
union {
union
{
uint8_t b0[CHACHA20POLY1305_KEY_SIZE];
uint64_t lens[2];
} b = { { 0 } };
} b =
{
{
0
}
};
uint64_t le_nonce = htole64(nonce);
chacha_keysetup(&ctx, key, CHACHA20POLY1305_KEY_SIZE * 8);
chacha_ivsetup(&ctx, (uint8_t *) &le_nonce, NULL);
chacha_ivsetup(&ctx, (FAR uint8_t *) &le_nonce, NULL);
chacha_encrypt_bytes(&ctx, b.b0, b.b0, sizeof(b.b0));
poly1305_init(&poly1305_ctx, b.b0);
poly1305_update(&poly1305_ctx, ad, ad_len);
poly1305_update(&poly1305_ctx, pad0, (0x10 - ad_len) & 0xf);
chacha_encrypt_bytes(&ctx, (uint8_t *) src, dst, src_len);
chacha_encrypt_bytes(&ctx, (FAR uint8_t *)src, dst, src_len);
poly1305_update(&poly1305_ctx, dst, src_len);
poly1305_update(&poly1305_ctx, pad0, (0x10 - src_len) & 0xf);
b.lens[0] = htole64(ad_len);
b.lens[1] = htole64(src_len);
poly1305_update(&poly1305_ctx, (uint8_t *)b.lens, sizeof(b.lens));
poly1305_update(&poly1305_ctx, (FAR uint8_t *)b.lens, sizeof(b.lens));
poly1305_finish(&poly1305_ctx, dst + src_len);
@ -155,16 +181,15 @@ chacha20poly1305_encrypt(
explicit_bzero(&b, sizeof(b));
}
int
chacha20poly1305_decrypt(
uint8_t *dst,
const uint8_t *src,
int chacha20poly1305_decrypt(
FAR uint8_t *dst,
FAR const uint8_t *src,
const size_t src_len,
const uint8_t *ad,
FAR const uint8_t *ad,
const size_t ad_len,
const uint64_t nonce,
const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
) {
FAR const uint8_t *key)
{
poly1305_state poly1305_ctx;
chacha_ctx ctx;
int ret;
@ -173,14 +198,22 @@ chacha20poly1305_decrypt(
uint8_t b0[CHACHA20POLY1305_KEY_SIZE];
uint8_t mac[CHACHA20POLY1305_AUTHTAG_SIZE];
uint64_t lens[2];
} b = { { 0 } };
} b =
{
{
0
}
};
uint64_t le_nonce = htole64(nonce);
if (src_len < CHACHA20POLY1305_AUTHTAG_SIZE)
{
return 0;
}
chacha_keysetup(&ctx, key, CHACHA20POLY1305_KEY_SIZE * 8);
chacha_ivsetup(&ctx, (uint8_t *) &le_nonce, NULL);
chacha_ivsetup(&ctx, (FAR uint8_t *) &le_nonce, NULL);
chacha_encrypt_bytes(&ctx, b.b0, b.b0, sizeof(b.b0));
poly1305_init(&poly1305_ctx, b.b0);
@ -193,30 +226,31 @@ chacha20poly1305_decrypt(
b.lens[0] = htole64(ad_len);
b.lens[1] = htole64(dst_len);
poly1305_update(&poly1305_ctx, (uint8_t *)b.lens, sizeof(b.lens));
poly1305_update(&poly1305_ctx, (FAR uint8_t *)b.lens, sizeof(b.lens));
poly1305_finish(&poly1305_ctx, b.mac);
ret = timingsafe_bcmp(b.mac, src + dst_len, CHACHA20POLY1305_AUTHTAG_SIZE);
if (!ret)
chacha_encrypt_bytes(&ctx, (uint8_t *) src, dst, dst_len);
{
chacha_encrypt_bytes(&ctx, (FAR uint8_t *) src, dst, dst_len);
}
explicit_bzero(&ctx, sizeof(ctx));
explicit_bzero(&ctx, sizeof(chacha_ctx));
explicit_bzero(&b, sizeof(b));
return !ret;
}
void
xchacha20poly1305_encrypt(
uint8_t *dst,
const uint8_t *src,
void xchacha20poly1305_encrypt(
FAR uint8_t *dst,
FAR const uint8_t *src,
const size_t src_len,
const uint8_t *ad,
FAR const uint8_t *ad,
const size_t ad_len,
const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
) {
FAR const uint8_t *nonce,
FAR const uint8_t *key)
{
int i;
uint32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(uint32_t)];
uint64_t h_nonce;
@ -226,24 +260,26 @@ xchacha20poly1305_encrypt(
hchacha20(derived_key, nonce, key);
for (i = 0; i < (sizeof(derived_key) / sizeof(derived_key[0])); i++)
(derived_key[i]) = htole32((derived_key[i]));
{
derived_key[i] = htole32(derived_key[i]);
}
chacha20poly1305_encrypt(dst, src, src_len, ad, ad_len,
h_nonce, (uint8_t *)derived_key);
h_nonce, (FAR uint8_t *)derived_key);
explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE);
}
int
xchacha20poly1305_decrypt(
uint8_t *dst,
const uint8_t *src,
int xchacha20poly1305_decrypt(
FAR uint8_t *dst,
FAR const uint8_t *src,
const size_t src_len,
const uint8_t *ad,
FAR const uint8_t *ad,
const size_t ad_len,
const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
) {
int ret, i;
FAR const uint8_t *nonce,
FAR const uint8_t *key)
{
int ret;
int i;
uint32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(uint32_t)];
uint64_t h_nonce;
@ -251,10 +287,12 @@ xchacha20poly1305_decrypt(
h_nonce = le64toh(h_nonce);
hchacha20(derived_key, nonce, key);
for (i = 0; i < (sizeof(derived_key) / sizeof(derived_key[0])); i++)
(derived_key[i]) = htole32((derived_key[i]));
{
derived_key[i] = htole32(derived_key[i]);
}
ret = chacha20poly1305_decrypt(dst, src, src_len, ad, ad_len,
h_nonce, (uint8_t *)derived_key);
h_nonce, (FAR uint8_t *)derived_key);
explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE);
return ret;

147
crypto/cmac.c
View file

@ -1,6 +1,7 @@
/* $OpenBSD: cmac.c,v 1.3 2017/05/02 17:07:06 mikeb Exp $ */
/*-
/****************************************************************************
* crypto/cmac.c
* $OpenBSD: cmac.c,v 1.3 2017/05/02 17:07:06 mikeb Exp $
*
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
*
* Permission to use, copy, modify, and distribute this software for any
@ -14,107 +15,145 @@
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
*
****************************************************************************/
/*
* This code implements the CMAC (Cipher-based Message Authentication)
/* This code implements the CMAC (Cipher-based Message Authentication)
* algorithm described in FIPS SP800-38B using the AES-128 cipher.
*/
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/param.h>
#include <sys/systm.h>
#include <crypto/aes.h>
#include <crypto/cmac.h>
#define LSHIFT(v, r) do { \
#define LSHIFT(v, r) do \
{ \
int i; \
for (i = 0; i < 15; i++) \
(r)[i] = (v)[i] << 1 | (v)[i + 1] >> 7; \
(r)[15] = (v)[15] << 1; \
} while (0)
#define XOR(v, r) do { \
#define XOR(v, r) do \
{ \
int i; \
for (i = 0; i < 16; i++) \
(r)[i] ^= (v)[i]; \
} while (0)
void
AES_CMAC_Init(AES_CMAC_CTX *ctx)
/****************************************************************************
* Public Functions
****************************************************************************/
void aes_cmac_init(FAR AES_CMAC_CTX *ctx)
{
memset(ctx->X, 0, sizeof ctx->X);
ctx->M_n = 0;
ctx->m_n = 0;
}
void
AES_CMAC_SetKey(AES_CMAC_CTX *ctx, const u_int8_t key[AES_CMAC_KEY_LENGTH])
void aes_cmac_setkey(FAR AES_CMAC_CTX *ctx,
FAR const uint8_t *key)
{
AES_Setkey(&ctx->aesctx, key, 16);
aes_setkey(&ctx->aesctx, key, 16);
}
void
AES_CMAC_Update(AES_CMAC_CTX *ctx, const u_int8_t *data, u_int len)
void aes_cmac_update(FAR AES_CMAC_CTX *ctx,
FAR const uint8_t *data,
u_int len)
{
u_int mlen;
if (ctx->M_n > 0) {
mlen = MIN(16 - ctx->M_n, len);
memcpy(ctx->M_last + ctx->M_n, data, mlen);
ctx->M_n += mlen;
if (ctx->M_n < 16 || len == mlen)
if (ctx->m_n > 0)
{
mlen = MIN(16 - ctx->m_n, len);
memcpy(ctx->m_last + ctx->m_n, data, mlen);
ctx->m_n += mlen;
if (ctx->m_n < 16 || len == mlen)
{
return;
XOR(ctx->M_last, ctx->X);
AES_Encrypt(&ctx->aesctx, ctx->X, ctx->X);
}
XOR(ctx->m_last, ctx->X);
aes_encrypt(&ctx->aesctx, ctx->X, ctx->X);
data += mlen;
len -= mlen;
}
while (len > 16) { /* not last block */
while (len > 16)
{
/* not last block */
XOR(data, ctx->X);
AES_Encrypt(&ctx->aesctx, ctx->X, ctx->X);
aes_encrypt(&ctx->aesctx, ctx->X, ctx->X);
data += 16;
len -= 16;
}
/* potential last block, save it */
memcpy(ctx->M_last, data, len);
ctx->M_n = len;
memcpy(ctx->m_last, data, len);
ctx->m_n = len;
}
void
AES_CMAC_Final(u_int8_t digest[AES_CMAC_DIGEST_LENGTH], AES_CMAC_CTX *ctx)
void aes_cmac_final(FAR uint8_t *digest,
FAR AES_CMAC_CTX *ctx)
{
u_int8_t K[16];
uint8_t K[16];
/* generate subkey K1 */
memset(K, 0, sizeof K);
AES_Encrypt(&ctx->aesctx, K, K);
aes_encrypt(&ctx->aesctx, K, K);
if (K[0] & 0x80) {
if (K[0] & 0x80)
{
LSHIFT(K, K);
K[15] ^= 0x87;
} else
LSHIFT(K, K);
if (ctx->M_n == 16) {
/* last block was a complete block */
XOR(K, ctx->M_last);
} else {
/* generate subkey K2 */
if (K[0] & 0x80) {
LSHIFT(K, K);
K[15] ^= 0x87;
} else
LSHIFT(K, K);
/* padding(M_last) */
ctx->M_last[ctx->M_n] = 0x80;
while (++ctx->M_n < 16)
ctx->M_last[ctx->M_n] = 0;
XOR(K, ctx->M_last);
}
XOR(ctx->M_last, ctx->X);
AES_Encrypt(&ctx->aesctx, ctx->X, digest);
else
{
LSHIFT(K, K);
}
if (ctx->m_n == 16)
{
/* last block was a complete block */
XOR(K, ctx->m_last);
}
else
{
/* generate subkey K2 */
if (K[0] & 0x80)
{
LSHIFT(K, K);
K[15] ^= 0x87;
}
else
{
LSHIFT(K, K);
}
/* padding(m_last) */
ctx->m_last[ctx->m_n] = 0x80;
while (++ctx->m_n < 16)
{
ctx->m_last[ctx->m_n] = 0;
}
XOR(K, ctx->m_last);
}
XOR(ctx->m_last, ctx->X);
aes_encrypt(&ctx->aesctx, ctx->X, digest);
explicit_bzero(K, sizeof K);
}

505
crypto/crypto.c
View file

@ -1,5 +1,7 @@
/* $OpenBSD: crypto.c,v 1.65 2014/07/13 23:24:47 deraadt Exp $ */
/*
/****************************************************************************
* crypto/crypto.c
* $OpenBSD: crypto.c,v 1.65 2014/07/13 23:24:47 deraadt Exp $
*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
* This code was written by Angelos D. Keromytis in Athens, Greece, in
@ -18,7 +20,11 @@
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
* PURPOSE.
*/
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/param.h>
#include <sys/systm.h>
@ -28,34 +34,47 @@
#include <crypto/cryptodev.h>
/****************************************************************************
* Public Functions
****************************************************************************/
void crypto_init(void);
struct cryptocap *crypto_drivers = NULL;
/****************************************************************************
* Public Data
****************************************************************************/
FAR static struct cryptocap *crypto_drivers = NULL;
int crypto_drivers_num = 0;
struct pool cryptop_pool;
struct pool cryptodesc_pool;
struct taskq *crypto_taskq;
FAR struct taskq *crypto_taskq;
/*
* Create a new session.
*/
int
crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard)
/* Create a new session. */
int crypto_newsession(FAR uint64_t *sid,
FAR struct cryptoini *cri,
int hard)
{
u_int32_t hid, lid, hid2 = -1;
struct cryptocap *cpc;
struct cryptoini *cr;
int err, s, turn = 0;
uint32_t hid;
uint32_t lid;
uint32_t hid2 = -1;
FAR struct cryptocap *cpc;
FAR struct cryptoini *cr;
int turn = 0;
int err;
int s;
if (crypto_drivers == NULL)
{
return EINVAL;
}
s = splvm();
/*
* The algorithm we use here is pretty stupid; just use the
/* The algorithm we use here is pretty stupid; just use the
* first driver that supports all the algorithms we need. Do
* a double-pass over all the drivers, ignoring software ones
* at first, to deal with cases of drivers that register after
@ -64,102 +83,132 @@ crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard)
* XXX We need more smarts here (in real life too, but that's
* XXX another story altogether).
*/
do {
for (hid = 0; hid < crypto_drivers_num; hid++) {
do
{
for (hid = 0; hid < crypto_drivers_num; hid++)
{
cpc = &crypto_drivers[hid];
/*
* If it's not initialized or has remaining sessions
/* If it's not initialized or has remaining sessions
* referencing it, skip.
*/
if (cpc->cc_newsession == NULL ||
(cpc->cc_flags & CRYPTOCAP_F_CLEANUP))
{
continue;
}
if (cpc->cc_flags & CRYPTOCAP_F_SOFTWARE) {
/*
* First round of search, ignore
if (cpc->cc_flags & CRYPTOCAP_F_SOFTWARE)
{
/* First round of search, ignore
* software drivers.
*/
if (turn == 0)
{
continue;
} else { /* !CRYPTOCAP_F_SOFTWARE */
/* Second round of search, only software. */
}
}
else
{
/* !CRYPTOCAP_F_SOFTWARE
* Second round of search, only software.
*/
if (turn == 1)
{
continue;
}
}
/* See if all the algorithms are supported. */
for (cr = cri; cr; cr = cr->cri_next) {
for (cr = cri; cr; cr = cr->cri_next)
{
if (cpc->cc_alg[cr->cri_alg] == 0)
{
break;
}
}
/*
* If even one algorithm is not supported,
/* If even one algorithm is not supported,
* keep searching.
*/
if (cr != NULL)
continue;
/*
* If we had a previous match, see how it compares
if (cr != NULL)
{
continue;
}
/* If we had a previous match, see how it compares
* to this one. Keep "remembering" whichever is
* the best of the two.
*/
if (hid2 != -1) {
/*
* Compare session numbers, pick the one
if (hid2 != -1)
{
/* Compare session numbers, pick the one
* with the lowest.
* XXX Need better metrics, this will
* XXX just do un-weighted round-robin.
*/
if (crypto_drivers[hid].cc_sessions <=
crypto_drivers[hid2].cc_sessions)
{
hid2 = hid;
} else {
/*
* Remember this one, for future
}
}
else
{
/* Remember this one, for future
* comparisons.
*/
hid2 = hid;
}
}
/*
* If we found something worth remembering, leave. The
/* If we found something worth remembering, leave. The
* side-effect is that we will always prefer a hardware
* driver over the software one.
*/
if (hid2 != -1)
{
break;
}
turn++;
/* If we only want hardware drivers, don't do second pass. */
} while (turn <= 2 && hard == 0);
}
while (turn <= 2 && hard == 0);
hid = hid2;
/*
* Can't do everything in one session.
*
/* Can't do everything in one session.
* XXX Fix this. We need to inject a "virtual" session
* XXX layer right about here.
*/
if (hid == -1) {
if (hid == -1)
{
splx(s);
return EINVAL;
}
/* Call the driver initialization routine. */
lid = hid; /* Pass the driver ID. */
err = crypto_drivers[hid].cc_newsession(&lid, cri);
if (err == 0) {
(*sid) = hid;
(*sid) <<= 32;
(*sid) |= (lid & 0xffffffff);
if (err == 0)
{
*sid = hid;
*sid <<= 32;
*sid |= (lid & 0xffffffff);
crypto_drivers[hid].cc_sessions++;
}
@ -167,62 +216,76 @@ crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard)
return err;
}
/*
* Delete an existing session (or a reserved session on an unregistered
/* Delete an existing session (or a reserved session on an unregistered
* driver).
*/
int
crypto_freesession(u_int64_t sid)
int crypto_freesession(uint64_t sid)
{
int err = 0, s;
u_int32_t hid;
int err = 0;
int s;
uint32_t hid;
if (crypto_drivers == NULL)
{
return EINVAL;
}
/* Determine two IDs. */
hid = (sid >> 32) & 0xffffffff;
if (hid >= crypto_drivers_num)
{
return ENOENT;
}
s = splvm();
if (crypto_drivers[hid].cc_sessions)
{
crypto_drivers[hid].cc_sessions--;
}
/* Call the driver cleanup routine, if available. */
if (crypto_drivers[hid].cc_freesession)
err = crypto_drivers[hid].cc_freesession(sid);
/*
* If this was the last session of a driver marked as invalid,
if (crypto_drivers[hid].cc_freesession)
{
err = crypto_drivers[hid].cc_freesession(sid);
}
/* If this was the last session of a driver marked as invalid,
* make the entry available for reuse.
*/
if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) &&
crypto_drivers[hid].cc_sessions == 0)
{
explicit_bzero(&crypto_drivers[hid], sizeof(struct cryptocap));
}
splx(s);
return err;
}
/*
* Find an empty slot.
*/
int32_t
crypto_get_driverid(u_int8_t flags)
/* Find an empty slot. */
int crypto_get_driverid(uint8_t flags)
{
struct cryptocap *newdrv;
int i, s;
FAR struct cryptocap *newdrv;
int i;
int s;
s = splvm();
if (crypto_drivers_num == 0) {
if (crypto_drivers_num == 0)
{
crypto_drivers_num = CRYPTO_DRIVERS_INITIAL;
crypto_drivers = mallocarray(crypto_drivers_num,
sizeof(struct cryptocap), M_CRYPTO_DATA, M_NOWAIT);
if (crypto_drivers == NULL) {
sizeof(struct cryptocap),
M_CRYPTO_DATA, M_NOWAIT);
if (crypto_drivers == NULL)
{
crypto_drivers_num = 0;
splx(s);
return -1;
@ -232,10 +295,12 @@ crypto_get_driverid(u_int8_t flags)
sizeof(struct cryptocap));
}
for (i = 0; i < crypto_drivers_num; i++) {
for (i = 0; i < crypto_drivers_num; i++)
{
if (crypto_drivers[i].cc_process == NULL &&
!(crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) &&
crypto_drivers[i].cc_sessions == 0) {
crypto_drivers[i].cc_sessions == 0)
{
crypto_drivers[i].cc_sessions = 1; /* Mark */
crypto_drivers[i].cc_flags = flags;
splx(s);
@ -244,15 +309,20 @@ crypto_get_driverid(u_int8_t flags)
}
/* Out of entries, allocate some more. */
if (i == crypto_drivers_num) {
if (crypto_drivers_num >= CRYPTO_DRIVERS_MAX) {
if (i == crypto_drivers_num)
{
if (crypto_drivers_num >= CRYPTO_DRIVERS_MAX)
{
splx(s);
return -1;
}
newdrv = mallocarray(crypto_drivers_num,
2 * sizeof(struct cryptocap), M_CRYPTO_DATA, M_NOWAIT);
if (newdrv == NULL) {
2 * sizeof(struct cryptocap),
M_CRYPTO_DATA, M_NOWAIT);
if (newdrv == NULL)
{
splx(s);
return -1;
}
@ -273,29 +343,32 @@ crypto_get_driverid(u_int8_t flags)
}
/* Shouldn't really get here... */
splx(s);
return -1;
}
/*
* Register a crypto driver. It should be called once for each algorithm
/* Register a crypto driver. It should be called once for each algorithm
* supported by the driver.
*/
int
crypto_kregister(u_int32_t driverid, int *kalg,
int (*kprocess)(struct cryptkop *))
int crypto_kregister(uint32_t driverid, FAR int *kalg,
CODE int (*kprocess)(FAR struct cryptkop *))
{
int s, i;
int s;
int i;
if (driverid >= crypto_drivers_num || kalg == NULL ||
crypto_drivers == NULL)
{
return EINVAL;
}
s = splvm();
for (i = 0; i <= CRK_ALGORITHM_MAX; i++) {
/*
* XXX Do some performance testing to determine
for (i = 0; i <= CRK_ALGORITHM_MAX; i++)
{
/* XXX Do some performance testing to determine
* placing. We probably need an auxiliary data
* structure that describes relative performances.
*/
@ -310,23 +383,27 @@ crypto_kregister(u_int32_t driverid, int *kalg,
}
/* Register a crypto driver. */
int
crypto_register(u_int32_t driverid, int *alg,
int (*newses)(u_int32_t *, struct cryptoini *),
int (*freeses)(u_int64_t), int (*process)(struct cryptop *))
{
int s, i;
int crypto_register(uint32_t driverid, FAR int *alg,
CODE int (*newses)(FAR uint32_t *,
FAR struct cryptoini *),
CODE int (*freeses)(uint64_t),
CODE int (*process)(FAR struct cryptop *))
{
int s;
int i;
if (driverid >= crypto_drivers_num || alg == NULL ||
crypto_drivers == NULL)
{
return EINVAL;
}
s = splvm();
for (i = 0; i <= CRYPTO_ALGORITHM_MAX; i++) {
/*
* XXX Do some performance testing to determine
for (i = 0; i <= CRYPTO_ALGORITHM_MAX; i++)
{
/* XXX Do some performance testing to determine
* placing. We probably need an auxiliary data
* structure that describes relative performances.
*/
@ -334,7 +411,6 @@ crypto_register(u_int32_t driverid, int *alg,
crypto_drivers[driverid].cc_alg[i] = alg[i];
}
crypto_drivers[driverid].cc_newsession = newses;
crypto_drivers[driverid].cc_process = process;
crypto_drivers[driverid].cc_freesession = freeses;
@ -345,119 +421,144 @@ crypto_register(u_int32_t driverid, int *alg,
return 0;
}
/*
* Unregister a crypto driver. If there are pending sessions using it,
/* Unregister a crypto driver. If there are pending sessions using it,
* leave enough information around so that subsequent calls using those
* sessions will correctly detect the driver being unregistered and reroute
* the request.
*/
int
crypto_unregister(u_int32_t driverid, int alg)
int crypto_unregister(uint32_t driverid, int alg)
{
int i = CRYPTO_ALGORITHM_MAX + 1, s;
u_int32_t ses;
int i = CRYPTO_ALGORITHM_MAX + 1;
int s;
uint32_t ses;
s = splvm();
/* Sanity checks. */
if (driverid >= crypto_drivers_num || crypto_drivers == NULL ||
((alg <= 0 || alg > CRYPTO_ALGORITHM_MAX) &&
alg != CRYPTO_ALGORITHM_MAX + 1) ||
crypto_drivers[driverid].cc_alg[alg] == 0) {
crypto_drivers[driverid].cc_alg[alg] == 0)
{
splx(s);
return EINVAL;
}
if (alg != CRYPTO_ALGORITHM_MAX + 1) {
if (alg != CRYPTO_ALGORITHM_MAX + 1)
{
crypto_drivers[driverid].cc_alg[alg] = 0;
/* Was this the last algorithm ? */
for (i = 1; i <= CRYPTO_ALGORITHM_MAX; i++)
{
if (crypto_drivers[driverid].cc_alg[i] != 0)
{
break;
}
}
}
/*
* If a driver unregistered its last algorithm or all of them
/* If a driver unregistered its last algorithm or all of them
* (alg == CRYPTO_ALGORITHM_MAX + 1), cleanup its entry.
*/
if (i == CRYPTO_ALGORITHM_MAX + 1 || alg == CRYPTO_ALGORITHM_MAX + 1) {
if (i == CRYPTO_ALGORITHM_MAX + 1 || alg == CRYPTO_ALGORITHM_MAX + 1)
{
ses = crypto_drivers[driverid].cc_sessions;
bzero(&crypto_drivers[driverid], sizeof(struct cryptocap));
if (ses != 0) {
/*
* If there are pending sessions, just mark as invalid.
*/
if (ses != 0)
{
/* If there are pending sessions, just mark as invalid. */
crypto_drivers[driverid].cc_flags |= CRYPTOCAP_F_CLEANUP;
crypto_drivers[driverid].cc_sessions = ses;
}
}
splx(s);
return 0;
}
/*
* Add crypto request to a queue, to be processed by a kernel thread.
*/
int
crypto_dispatch(struct cryptop *crp)
/* Add crypto request to a queue, to be processed by a kernel thread. */
int crypto_dispatch(FAR struct cryptop *crp)
{
if (crypto_taskq && !(crp->crp_flags & CRYPTO_F_NOQUEUE))
{
if (crypto_taskq && !(crp->crp_flags & CRYPTO_F_NOQUEUE)) {
task_set(&crp->crp_task, (void (*))crypto_invoke, crp, NULL);
task_add(crypto_taskq, &crp->crp_task);
} else {
}
else
{
crypto_invoke(crp);
}
return 0;
}
int
crypto_kdispatch(struct cryptkop *krp)
int crypto_kdispatch(FAR struct cryptkop *krp)
{
if (crypto_taskq)
{
if (crypto_taskq) {
task_set(&krp->krp_task, (void (*))crypto_kinvoke, krp, NULL);
task_add(crypto_taskq, &krp->krp_task);
} else {
}
else
{
crypto_kinvoke(krp);
}
return 0;
}
/*
* Dispatch an asymmetric crypto request to the appropriate crypto devices.
*/
int
crypto_kinvoke(struct cryptkop *krp)
/* Dispatch an asymmetric crypto request to the appropriate crypto devices. */
int crypto_kinvoke(FAR struct cryptkop *krp)
{
extern int cryptodevallowsoft;
u_int32_t hid;
uint32_t hid;
int error;
int s;
/* Sanity checks. */
if (krp == NULL || krp->krp_callback == NULL)
return (EINVAL);
{
return EINVAL;
}
s = splvm();
for (hid = 0; hid < crypto_drivers_num; hid++) {
for (hid = 0; hid < crypto_drivers_num; hid++)
{
if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) &&
cryptodevallowsoft == 0)
{
continue;
}
if (crypto_drivers[hid].cc_kprocess == NULL)
{
continue;
}
if ((crypto_drivers[hid].cc_kalg[krp->krp_op] &
CRYPTO_ALG_FLAG_SUPPORTED) == 0)
{
continue;
}
break;
}
if (hid == crypto_drivers_num) {
if (hid == crypto_drivers_num)
{
krp->krp_status = ENODEV;
crypto_kdone(krp);
splx(s);
return (0);
return 0;
}
krp->krp_hid = hid;
@ -465,32 +566,36 @@ crypto_kinvoke(struct cryptkop *krp)
crypto_drivers[hid].cc_koperations++;
error = crypto_drivers[hid].cc_kprocess(krp);
if (error) {
if (error)
{
krp->krp_status = error;
crypto_kdone(krp);
}
splx(s);
return (0);
return 0;
}
/*
* Dispatch a crypto request to the appropriate crypto devices.
*/
int
crypto_invoke(struct cryptop *crp)
/* Dispatch a crypto request to the appropriate crypto devices. */
int crypto_invoke(FAR struct cryptop *crp)
{
struct cryptodesc *crd;
u_int64_t nid;
u_int32_t hid;
FAR struct cryptodesc *crd;
uint64_t nid;
uint32_t hid;
int error;
int s;
/* Sanity checks. */
if (crp == NULL || crp->crp_callback == NULL)
{
return EINVAL;
}
s = splvm();
if (crp->crp_desc == NULL || crypto_drivers == NULL) {
if (crp->crp_desc == NULL || crypto_drivers == NULL)
{
crp->crp_etype = EINVAL;
crypto_done(crp);
splx(s);
@ -499,26 +604,36 @@ crypto_invoke(struct cryptop *crp)
hid = (crp->crp_sid >> 32) & 0xffffffff;
if (hid >= crypto_drivers_num)
{
goto migrate;
}
if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) {
if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP)
{
crypto_freesession(crp->crp_sid);
goto migrate;
}
if (crypto_drivers[hid].cc_process == NULL)
{
goto migrate;
}
crypto_drivers[hid].cc_operations++;
crypto_drivers[hid].cc_bytes += crp->crp_ilen;
error = crypto_drivers[hid].cc_process(crp);
if (error) {
if (error == ERESTART) {
if (error)
{
if (error == ERESTART)
{
/* Unregister driver and migrate session. */
crypto_unregister(hid, CRYPTO_ALGORITHM_MAX + 1);
goto migrate;
} else {
}
else
{
crp->crp_etype = error;
}
}
@ -527,12 +642,18 @@ crypto_invoke(struct cryptop *crp)
return 0;
migrate:
/* Migrate session. */
for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next)
{
crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI);
}
if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0)
{
crp->crp_sid = nid;
}
crp->crp_etype = EAGAIN;
crypto_done(crp);
@ -540,21 +661,22 @@ crypto_invoke(struct cryptop *crp)
return 0;
}
/*
* Release a set of crypto descriptors.
*/
void
crypto_freereq(struct cryptop *crp)
/* Release a set of crypto descriptors. */
void crypto_freereq(FAR struct cryptop *crp)
{
struct cryptodesc *crd;
FAR struct cryptodesc *crd;
int s;
if (crp == NULL)
{
return;
}
s = splvm();
while ((crd = crp->crp_desc) != NULL) {
while ((crd = crp->crp_desc) != NULL)
{
crp->crp_desc = crd->crd_next;
pool_put(&cryptodesc_pool, crd);
}
@ -563,28 +685,30 @@ crypto_freereq(struct cryptop *crp)
splx(s);
}
/*
* Acquire a set of crypto descriptors.
*/
struct cryptop *
crypto_getreq(int num)
/* Acquire a set of crypto descriptors. */
FAR struct cryptop *crypto_getreq(int num)
{
struct cryptodesc *crd;
struct cryptop *crp;
FAR struct cryptodesc *crd;
FAR struct cryptop *crp;
int s;
s = splvm();
crp = pool_get(&cryptop_pool, PR_NOWAIT);
if (crp == NULL) {
if (crp == NULL)
{
splx(s);
return NULL;
}
bzero(crp, sizeof(struct cryptop));
while (num--) {
while (num--)
{
crd = pool_get(&cryptodesc_pool, PR_NOWAIT);
if (crd == NULL) {
if (crd == NULL)
{
splx(s);
crypto_freereq(crp);
return NULL;
@ -599,8 +723,7 @@ crypto_getreq(int num)
return crp;
}
void
crypto_init(void)
void crypto_init(void)
{
crypto_taskq = taskq_create("crypto", 1, IPL_HIGH);
@ -610,54 +733,70 @@ crypto_init(void)
0, "cryptodesc", NULL);
}
/*
* Invoke the callback on behalf of the driver.
*/
void
crypto_done(struct cryptop *crp)
/* Invoke the callback on behalf of the driver. */
void crypto_done(FAR struct cryptop *crp)
{
crp->crp_flags |= CRYPTO_F_DONE;
if (crp->crp_flags & CRYPTO_F_NOQUEUE) {
if (crp->crp_flags & CRYPTO_F_NOQUEUE)
{
/* not from the crypto queue, wakeup the userland process */
crp->crp_callback(crp);
} else {
}
else
{
task_set(&crp->crp_task, (void (*))crp->crp_callback,
crp, NULL);
task_add(crypto_taskq, &crp->crp_task);
}
}
/*
* Invoke the callback on behalf of the driver.
*/
void
crypto_kdone(struct cryptkop *krp)
/* Invoke the callback on behalf of the driver. */
void crypto_kdone(FAR struct cryptkop *krp)
{
task_set(&krp->krp_task, (void (*))krp->krp_callback, krp, NULL);
task_add(crypto_taskq, &krp->krp_task);
}
int
crypto_getfeat(int *featp)
int crypto_getfeat(FAR int *featp)
{
extern int cryptodevallowsoft, userasymcrypto;
int hid, kalg, feat = 0;
extern int cryptodevallowsoft;
extern int userasymcrypto;
int hid;
int kalg;
int feat = 0;
if (userasymcrypto == 0)
{
goto out;
for (hid = 0; hid < crypto_drivers_num; hid++) {
}
for (hid = 0; hid < crypto_drivers_num; hid++)
{
if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) &&
cryptodevallowsoft == 0) {
cryptodevallowsoft == 0)
{
continue;
}
if (crypto_drivers[hid].cc_kprocess == NULL)
{
continue;
}
for (kalg = 0; kalg <= CRK_ALGORITHM_MAX; kalg++)
{
if ((crypto_drivers[hid].cc_kalg[kalg] &
CRYPTO_ALG_FLAG_SUPPORTED) != 0)
{
feat |= 1 << kalg;
}
}
}
out:
*featp = feat;
return (0);
return 0;
}

615
crypto/cryptodev.c
View file

File diff suppressed because it is too large Load diff

939
crypto/cryptosoft.c
View file

File diff suppressed because it is too large Load diff

182
crypto/des_locl.h
View file

@ -1,7 +1,9 @@
/* $OpenBSD: des_locl.h,v 1.7 2015/12/10 21:00:51 naddy Exp $ */
/* lib/des/des_locl.h */
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
/****************************************************************************
* crypto/des_locl.h
* $OpenBSD: des_locl.h,v 1.7 2015/12/10 21:00:51 naddy Exp $
*
* lib/des/des_locl.h
* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
@ -27,7 +29,8 @@
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
* This product includes software developed by
* Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -42,13 +45,18 @@
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* derivative of this code cannot be changed.
* i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
****************************************************************************/
#ifndef HEADER_DES_LOCL_H
#define HEADER_DES_LOCL_H
#ifndef __CRYPTO_DES_LOCL_H
#define __CRYPTO_DES_LOCL_H
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/types.h>
#include <sys/systm.h>
@ -56,106 +64,126 @@
typedef unsigned char des_cblock[8];
typedef struct des_ks_struct
{
union {
union
{
des_cblock cblock;
/* make sure things are correct size on machines with
* 8 byte longs */
* 8 byte longs
*/
int32_t pad[2];
} ks;
} des_key_schedule[16];
}
des_key_schedule[16];
#define DES_KEY_SZ (sizeof(des_cblock))
#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
void des_encrypt2(u_int32_t *data,caddr_t ks, int enc);
void des_encrypt2(FAR uint32_t *data, caddr_t ks, int enc);
#define ITERATIONS 16
#define HALF_ITERATIONS 8
#define c2l(c, l) \
do \
{ \
l = ((uint32_t)(*((c)++))); \
l |= ((uint32_t)(*((c)++))) << 8l; \
l |= ((uint32_t)(*((c)++))) << 16l; \
l |= ((uint32_t)(*((c)++))) << 24l; \
} \
while (0)
#define c2l(c,l) (l =((u_int32_t)(*((c)++))) , \
l|=((u_int32_t)(*((c)++)))<< 8L, \
l|=((u_int32_t)(*((c)++)))<<16L, \
l|=((u_int32_t)(*((c)++)))<<24L)
#define l2c(l,c) \
do \
{ \
*((c)++) = (unsigned char)(((l)) & 0xff); \
*((c)++) = (unsigned char)(((l) >> 8L) & 0xff); \
*((c)++) = (unsigned char)(((l) >> 16L) & 0xff); \
*((c)++) = (unsigned char)(((l) >> 24L) & 0xff); \
} \
while (0)
#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
*((c)++)=(unsigned char)(((l)>>16L)&0xff), \
*((c)++)=(unsigned char)(((l)>>24L)&0xff))
#define D_ENCRYPT(Q,R,S) {\
#define D_ENCRYPT(Q, R, S) \
do \
{ \
u = (R ^ s[S]); \
t = R ^ s[S + 1]; \
t = ((t >> 4L) + (t << 28L)); \
Q^= des_SPtrans[1][(t )&0x3f]| \
des_SPtrans[3][(t>> 8L)&0x3f]| \
des_SPtrans[5][(t>>16L)&0x3f]| \
des_SPtrans[7][(t>>24L)&0x3f]| \
des_SPtrans[0][(u )&0x3f]| \
des_SPtrans[2][(u>> 8L)&0x3f]| \
des_SPtrans[4][(u>>16L)&0x3f]| \
des_SPtrans[6][(u>>24L)&0x3f]; }
Q ^= des_sptrans[1][(t) & 0x3f]| \
des_sptrans[3][(t >> 8l) & 0x3f]| \
des_sptrans[5][(t >>16l) & 0x3f]| \
des_sptrans[7][(t >>24l) & 0x3f]| \
des_sptrans[0][(u) & 0x3f]| \
des_sptrans[2][(u >> 8l) & 0x3f]| \
des_sptrans[4][(u >>16l) & 0x3f]| \
des_sptrans[6][(u >>24l) & 0x3f]; \
} \
while (0)
/* IP and FP
* The problem is more of a geometric problem that random bit fiddling.
0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
The output has been subject to swaps of the form
0 1 -> 3 1 but the odd and even bits have been put into
2 3 2 0
different words. The main trick is to remember that
t=((l>>size)^r)&(mask);
r^=t;
l^=(t<<size);
can be used to swap and move bits between words.
So l = 0 1 2 3 r = 16 17 18 19
4 5 6 7 20 21 22 23
8 9 10 11 24 25 26 27
12 13 14 15 28 29 30 31
becomes (for size == 2 and mask == 0x3333)
t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
6^20 7^21 -- -- 4 5 20 21 6 7 22 23
10^24 11^25 -- -- 8 9 24 25 10 11 24 25
14^28 15^29 -- -- 12 13 28 29 14 15 28 29
Thanks for hints from Richard Outerbridge - he told me IP&FP
could be done in 15 xor, 10 shifts and 5 ands.
When I finally started to think of the problem in 2D
I first got ~42 operations without xors. When I remembered
how to use xors :-) I got it to its final state.
* 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
* 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
* 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
* 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
*
* 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
* 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
* 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
* 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
*
* The output has been subject to swaps of the form
* 0 1 -> 3 1 but the odd and even bits have been put into
* 2 3 2 0
* different words. The main trick is to remember that
* t=((l>>size)^r)&(mask);
* r^=t;
* l^=(t<<size);
* can be used to swap and move bits between words.
*
* So l = 0 1 2 3 r = 16 17 18 19
* 4 5 6 7 20 21 22 23
* 8 9 10 11 24 25 26 27
* 12 13 14 15 28 29 30 31
* becomes (for size == 2 and mask == 0x3333)
* t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
* 6^20 7^21 -- -- 4 5 20 21 6 7 22 23
* 10^24 11^25 -- -- 8 9 24 25 10 11 24 25
* 14^28 15^29 -- -- 12 13 28 29 14 15 28 29
*
* Thanks for hints from Richard Outerbridge - he told me IP&FP
* could be done in 15 xor, 10 shifts and 5 ands.
* When I finally started to think of the problem in 2D
* I first got ~42 operations without xors. When I remembered
* how to use xors :-) I got it to its final state.
*/
#define PERM_OP(a, b, t, n, m) ((t) = ((((a) >> (n)) ^ (b)) & (m)),\
(b) ^= (t),\
(a) ^= ((t) << (n)))
#define IP(l, r) \
do \
{ \
register u_int32_t tt; \
PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
PERM_OP(l,r,tt,16,0x0000ffffL); \
PERM_OP(r,l,tt, 2,0x33333333L); \
PERM_OP(l,r,tt, 8,0x00ff00ffL); \
PERM_OP(r,l,tt, 1,0x55555555L); \
}
register uint32_t tt; \
PERM_OP(r, l, tt, 4, 0x0f0f0f0fl); \
PERM_OP(l, r, tt, 16, 0x0000ffffl); \
PERM_OP(r, l, tt, 2, 0x33333333l); \
PERM_OP(l, r, tt, 8, 0x00ff00ffl); \
PERM_OP(r, l, tt, 1, 0x55555555l); \
} \
while (0)
#define FP(l, r) \
do \
{ \
register u_int32_t tt; \
register uint32_t tt; \
PERM_OP(l, r, tt, 1, 0x55555555L); \
PERM_OP(r, l, tt, 8, 0x00ff00ffL); \
PERM_OP(l, r, tt, 2, 0x33333333L); \
PERM_OP(r, l, tt, 16, 0x0000ffffL); \
PERM_OP(l, r, tt, 4, 0x0f0f0f0fL); \
}
#endif
} \
while (0)
#endif /* __CRYPTO_DES_LOCL_H */

45
crypto/ecb3_enc.c
View file

@ -1,7 +1,8 @@
/* $OpenBSD: ecb3_enc.c,v 1.3 2013/11/18 18:49:53 brad Exp $ */
/* lib/des/ecb3_enc.c */
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
/****************************************************************************
* crypto/ecb3_enc.c
* $OpenBSD: ecb3_enc.c,v 1.3 2013/11/18 18:49:53 brad Exp $
* lib/des/ecb3_enc.c
* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
@ -27,7 +28,8 @@
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
* This product includes software developed
* by Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -42,24 +44,33 @@
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* derivative of this code cannot be changed.
* i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include "des_locl.h"
void
des_ecb3_encrypt(caddr_t (*input), caddr_t (*output),
caddr_t ks1, caddr_t ks2, caddr_t ks3,
int encrypt)
{
register u_int32_t l0, l1;
register unsigned char *in, *out;
u_int32_t ll[2];
/****************************************************************************
* Public Functions
****************************************************************************/
in = (unsigned char *) input;
out = (unsigned char *) output;
void des_ecb3_encrypt(FAR des_cblock *input, FAR des_cblock *output,
caddr_t ks1, caddr_t ks2, caddr_t ks3, int encrypt)
{
register uint32_t l0;
register uint32_t l1;
FAR register unsigned char *in;
FAR register unsigned char *out;
uint32_t ll[2];
in = (FAR unsigned char *)input;
out = (FAR unsigned char *)output;
c2l(in, l0);
c2l(in, l1);
IP(l0, l1);

73
crypto/ecb_enc.c
View file

@ -1,7 +1,8 @@
/* $OpenBSD: ecb_enc.c,v 1.6 2015/12/10 21:00:51 naddy Exp $ */
/* lib/des/ecb_enc.c */
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
/****************************************************************************
* crypto/ecb_enc.c
* $OpenBSD: ecb_enc.c,v 1.6 2015/12/10 21:00:51 naddy Exp $
* lib/des/ecb_enc.c
* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
@ -27,7 +28,8 @@
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
* This product includes software developed by
* Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -42,23 +44,34 @@
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* derivative of this code cannot be changed.
* i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include "des_locl.h"
#include "spr.h"
void
des_encrypt2(u_int32_t *data, caddr_t ks, int encrypt)
/****************************************************************************
* Public Functions
****************************************************************************/
void des_encrypt2(FAR uint32_t *data, caddr_t ks, int encrypt)
{
register u_int32_t l, r, t, u;
register uint32_t l;
register uint32_t r;
register uint32_t t;
register uint32_t u;
#ifdef DES_USE_PTR
register unsigned char *des_SP=(unsigned char *)des_SPtrans;
FAR register unsigned char *des_sp = (FAR unsigned char *)des_sptrans;
#endif
register int i;
register u_int32_t *s;
FAR register uint32_t *s;
u = data[0];
r = data[1];
@ -68,33 +81,47 @@ des_encrypt2(u_int32_t *data, caddr_t ks, int encrypt)
* des_SPtrans values in sp.h to be rotated 1 bit to the right.
* One perl script later and things have a 5% speed up on a sparc2.
* Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
* for pointing this out. */
* for pointing this out.
*/
l = (r << 1) | (r >> 31);
r = (u << 1) | (u >> 31);
/* clear the top bits on machines with 8byte longs */
l &= 0xffffffffL;
r &= 0xffffffffL;
s = (u_int32_t *) ks;
l &= 0xffffffffl;
r &= 0xffffffffl;
s = (FAR uint32_t *)ks;
/* I don't know if it is worth the effort of loop unrolling the
* inner loop */
if (encrypt) {
for (i = 0; i < 32; i += 4) {
* inner loop
*/
if (encrypt)
{
for (i = 0; i < 32; i += 4)
{
D_ENCRYPT(l, r, i + 0); /* 1 */
D_ENCRYPT(r, l, i + 2); /* 2 */
}
} else {
for (i = 30; i > 0; i -= 4) {
}
else
{
for (i = 30; i > 0; i -= 4)
{
D_ENCRYPT(l, r, i - 0); /* 16 */
D_ENCRYPT(r, l, i - 2); /* 15 */
}
}
l = (l >> 1) | (l << 31);
r = (r >> 1) | (r << 31);
/* clear the top bits on machines with 8byte longs */
l &= 0xffffffffL;
r &= 0xffffffffL;
l &= 0xffffffffl;
r &= 0xffffffffl;
data[0] = l;
data[1] = r;

128
crypto/gmac.c
View file

@ -1,6 +1,7 @@
/* $OpenBSD: gmac.c,v 1.10 2017/05/02 11:44:32 mikeb Exp $ */
/*
/****************************************************************************
* crypto/gmac.c
* $OpenBSD: gmac.c,v 1.10 2017/05/02 11:44:32 mikeb Exp $
*
* Copyright (c) 2010 Mike Belopuhov
*
* Permission to use, copy, modify, and distribute this software for any
@ -14,13 +15,18 @@
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
*
*
*
* This code implements the Message Authentication part of the
* Galois/Counter Mode (as being described in the RFC 4543) using
* the AES cipher. FIPS SP 800-38D describes the algorithm details.
*/
*
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/param.h>
#include <sys/systm.h>
@ -28,19 +34,30 @@
#include <crypto/aes.h>
#include <crypto/gmac.h>
void ghash_gfmul(uint32_t *, uint32_t *, uint32_t *);
void ghash_update_mi(GHASH_CTX *, uint8_t *, size_t);
/****************************************************************************
* Public Functions
****************************************************************************/
void ghash_gfmul(FAR uint32_t *, FAR uint32_t *, FAR uint32_t *);
void ghash_update_mi(FAR GHASH_CTX *, FAR uint8_t *, size_t);
/* Allow overriding with optimized MD function */
void (*ghash_update)(GHASH_CTX *, uint8_t *, size_t) = ghash_update_mi;
CODE void (*ghash_update)(FAR GHASH_CTX *,
FAR uint8_t *,
size_t) = ghash_update_mi;
/* Computes a block multiplication in the GF(2^128) */
void
ghash_gfmul(uint32_t *X, uint32_t *Y, uint32_t *product)
void ghash_gfmul(FAR uint32_t *X, FAR uint32_t *Y, FAR uint32_t *product)
{
uint32_t v[4];
uint32_t z[4] = { 0, 0, 0, 0};
uint8_t *x = (uint8_t *)X;
uint32_t z[4] =
{
0, 0, 0, 0
};
FAR uint8_t *x = (FAR uint8_t *)X;
uint32_t mask;
int i;
@ -49,8 +66,10 @@ ghash_gfmul(uint32_t *X, uint32_t *Y, uint32_t *product)
v[2] = betoh32(Y[2]);
v[3] = betoh32(Y[3]);
for (i = 0; i < GMAC_BLOCK_LEN * 8; i++) {
for (i = 0; i < GMAC_BLOCK_LEN * 8; i++)
{
/* update Z */
mask = !!(x[i >> 3] & (1 << (~i & 7)));
mask = ~(mask - 1);
z[0] ^= v[0] & mask;
@ -59,6 +78,7 @@ ghash_gfmul(uint32_t *X, uint32_t *Y, uint32_t *product)
z[3] ^= v[3] & mask;
/* update V */
mask = ~((v[3] & 1) - 1);
v[3] = (v[2] << 31) | (v[3] >> 1);
v[2] = (v[1] << 31) | (v[2] >> 1);
@ -72,22 +92,22 @@ ghash_gfmul(uint32_t *X, uint32_t *Y, uint32_t *product)
product[3] = htobe32(z[3]);
}
void
ghash_update_mi(GHASH_CTX *ctx, uint8_t *X, size_t len)
void ghash_update_mi(FAR GHASH_CTX *ctx, FAR uint8_t *X, size_t len)
{
uint32_t *x = (uint32_t *)X;
uint32_t *s = (uint32_t *)ctx->S;
uint32_t *y = (uint32_t *)ctx->Z;
FAR uint32_t *x = (FAR uint32_t *)X;
FAR uint32_t *s = (FAR uint32_t *)ctx->S;
FAR uint32_t *y = (FAR uint32_t *)ctx->Z;
int i;
for (i = 0; i < len / GMAC_BLOCK_LEN; i++) {
for (i = 0; i < len / GMAC_BLOCK_LEN; i++)
{
s[0] = y[0] ^ x[0];
s[1] = y[1] ^ x[1];
s[2] = y[2] ^ x[2];
s[3] = y[3] ^ x[3];
ghash_gfmul((uint32_t *)ctx->S, (uint32_t *)ctx->H,
(uint32_t *)ctx->S);
ghash_gfmul((FAR uint32_t *)ctx->S, (FAR uint32_t *)ctx->H,
(FAR uint32_t *)ctx->S);
y = s;
x += 4;
@ -98,10 +118,9 @@ ghash_update_mi(GHASH_CTX *ctx, uint8_t *X, size_t len)
#define AESCTR_NONCESIZE 4
void
AES_GMAC_Init(void *xctx)
void aes_gmac_init(FAR void *xctx)
{
AES_GMAC_CTX *ctx = xctx;
FAR AES_GMAC_CTX *ctx = xctx;
bzero(ctx->ghash.H, GMAC_BLOCK_LEN);
bzero(ctx->ghash.S, GMAC_BLOCK_LEN);
@ -109,60 +128,75 @@ AES_GMAC_Init(void *xctx)
bzero(ctx->J, GMAC_BLOCK_LEN);
}
void
AES_GMAC_Setkey(void *xctx, const uint8_t *key, uint16_t klen)
void aes_gmac_setkey(FAR void *xctx, FAR const uint8_t *key, uint16_t klen)
{
AES_GMAC_CTX *ctx = xctx;
FAR AES_GMAC_CTX *ctx = xctx;
aes_setkey(&ctx->K, key, klen - AESCTR_NONCESIZE);
AES_Setkey(&ctx->K, key, klen - AESCTR_NONCESIZE);
/* copy out salt to the counter block */
bcopy(key + klen - AESCTR_NONCESIZE, ctx->J, AESCTR_NONCESIZE);
/* prepare a hash subkey */
AES_Encrypt(&ctx->K, ctx->ghash.H, ctx->ghash.H);
aes_encrypt(&ctx->K, ctx->ghash.H, ctx->ghash.H);
}
void
AES_GMAC_Reinit(void *xctx, const uint8_t *iv, uint16_t ivlen)
void aes_gmac_reinit(FAR void *xctx, FAR const uint8_t *iv, uint16_t ivlen)
{
AES_GMAC_CTX *ctx = xctx;
FAR AES_GMAC_CTX *ctx = xctx;
/* copy out IV to the counter block */
bcopy(iv, ctx->J + AESCTR_NONCESIZE, ivlen);
}
int
AES_GMAC_Update(void *xctx, const uint8_t *data, uint16_t len)
int aes_gmac_update(FAR void *xctx, FAR const uint8_t *data, uint16_t len)
{
AES_GMAC_CTX *ctx = xctx;
uint32_t blk[4] = { 0, 0, 0, 0 };
FAR AES_GMAC_CTX *ctx = xctx;
uint32_t blk[4] =
{
0, 0, 0, 0
};
int plen;
if (len > 0) {
if (len > 0)
{
plen = len % GMAC_BLOCK_LEN;
if (len >= GMAC_BLOCK_LEN)
(*ghash_update)(&ctx->ghash, (uint8_t *)data,
{
(*ghash_update)(&ctx->ghash, (FAR uint8_t *)data,
len - plen);
if (plen) {
memcpy((uint8_t *)blk, (uint8_t *)data + (len - plen),
}
if (plen)
{
memcpy((FAR uint8_t *)blk, (FAR uint8_t *)data + (len - plen),
plen);
(*ghash_update)(&ctx->ghash, (uint8_t *)blk,
(*ghash_update)(&ctx->ghash, (FAR uint8_t *)blk,
GMAC_BLOCK_LEN);
}
}
return (0);
}
void
AES_GMAC_Final(uint8_t digest[GMAC_DIGEST_LEN], void *xctx)
void aes_gmac_final(FAR uint8_t *digest, FAR void *xctx)
{
AES_GMAC_CTX *ctx = xctx;
FAR AES_GMAC_CTX *ctx = xctx;
uint8_t keystream[GMAC_BLOCK_LEN];
int i;
/* do one round of GCTR */
ctx->J[GMAC_BLOCK_LEN - 1] = 1;
AES_Encrypt(&ctx->K, ctx->J, keystream);
aes_encrypt(&ctx->K, ctx->J, keystream);
for (i = 0; i < GMAC_DIGEST_LEN; i++)
{
digest[i] = ctx->ghash.S[i] ^ keystream[i];
}
explicit_bzero(keystream, sizeof(keystream));
}

172
crypto/hmac.c
View file

@ -1,6 +1,7 @@
/* $OpenBSD: hmac.c,v 1.4 2016/09/19 18:09:40 tedu Exp $ */
/*-
/****************************************************************************
* crypto/hmac.c
* $OpenBSD: hmac.c,v 1.4 2016/09/19 18:09:40 tedu Exp $
*
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
*
* Permission to use, copy, modify, and distribute this software for any
@ -14,13 +15,17 @@
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
*
****************************************************************************/
/*
* This code implements the HMAC algorithm described in RFC 2104 using
/* This code implements the HMAC algorithm described in RFC 2104 using
* the MD5, SHA1 and SHA-256 hash functions.
*/
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/param.h>
#include <sys/systm.h>
@ -29,18 +34,26 @@
#include <crypto/sha2.h>
#include <crypto/hmac.h>
void
HMAC_MD5_Init(HMAC_MD5_CTX *ctx, const u_int8_t *key, u_int key_len)
/****************************************************************************
* Public Functions
****************************************************************************/
void hmca_md5_init(FAR HMAC_MD5_CTX *ctx,
FAR const uint8_t *key,
u_int key_len)
{
u_int8_t k_ipad[MD5_BLOCK_LENGTH];
uint8_t k_ipad[MD5_BLOCK_LENGTH];
int i;
if (key_len > MD5_BLOCK_LENGTH) {
MD5Init(&ctx->ctx);
MD5Update(&ctx->ctx, key, key_len);
MD5Final(ctx->key, &ctx->ctx);
if (key_len > MD5_BLOCK_LENGTH)
{
md5init(&ctx->ctx);
md5update(&ctx->ctx, key, key_len);
md5final(ctx->key, &ctx->ctx);
ctx->key_len = MD5_DIGEST_LENGTH;
} else {
}
else
{
bcopy(key, ctx->key, key_len);
ctx->key_len = key_len;
}
@ -48,53 +61,61 @@ HMAC_MD5_Init(HMAC_MD5_CTX *ctx, const u_int8_t *key, u_int key_len)
bzero(k_ipad, MD5_BLOCK_LENGTH);
memcpy(k_ipad, ctx->key, ctx->key_len);
for (i = 0; i < MD5_BLOCK_LENGTH; i++)
{
k_ipad[i] ^= 0x36;
}
MD5Init(&ctx->ctx);
MD5Update(&ctx->ctx, k_ipad, MD5_BLOCK_LENGTH);
md5init(&ctx->ctx);
md5update(&ctx->ctx, k_ipad, MD5_BLOCK_LENGTH);
explicit_bzero(k_ipad, sizeof k_ipad);
}
void
HMAC_MD5_Update(HMAC_MD5_CTX *ctx, const u_int8_t *data, u_int len)
void hmac_md5_update(FAR HMAC_MD5_CTX *ctx,
FAR const uint8_t *data,
u_int len)
{
MD5Update(&ctx->ctx, data, len);
md5update(&ctx->ctx, data, len);
}
void
HMAC_MD5_Final(u_int8_t digest[MD5_DIGEST_LENGTH], HMAC_MD5_CTX *ctx)
void hmac_md5_final(FAR uint8_t *digest, FAR HMAC_MD5_CTX *ctx)
{
u_int8_t k_opad[MD5_BLOCK_LENGTH];
uint8_t k_opad[MD5_BLOCK_LENGTH];
int i;
MD5Final(digest, &ctx->ctx);
md5final(digest, &ctx->ctx);
bzero(k_opad, MD5_BLOCK_LENGTH);
memcpy(k_opad, ctx->key, ctx->key_len);
for (i = 0; i < MD5_BLOCK_LENGTH; i++)
{
k_opad[i] ^= 0x5c;
}
MD5Init(&ctx->ctx);
MD5Update(&ctx->ctx, k_opad, MD5_BLOCK_LENGTH);
MD5Update(&ctx->ctx, digest, MD5_DIGEST_LENGTH);
MD5Final(digest, &ctx->ctx);
md5init(&ctx->ctx);
md5update(&ctx->ctx, k_opad, MD5_BLOCK_LENGTH);
md5update(&ctx->ctx, digest, MD5_DIGEST_LENGTH);
md5final(digest, &ctx->ctx);
explicit_bzero(k_opad, sizeof k_opad);
}
void
HMAC_SHA1_Init(HMAC_SHA1_CTX *ctx, const u_int8_t *key, u_int key_len)
void hmac_sha1_init(FAR HMAC_SHA1_CTX *ctx,
FAR const uint8_t *key,
u_int key_len)
{
u_int8_t k_ipad[SHA1_BLOCK_LENGTH];
uint8_t k_ipad[SHA1_BLOCK_LENGTH];
int i;
if (key_len > SHA1_BLOCK_LENGTH) {
SHA1Init(&ctx->ctx);
SHA1Update(&ctx->ctx, key, key_len);
SHA1Final(ctx->key, &ctx->ctx);
if (key_len > SHA1_BLOCK_LENGTH)
{
sha1init(&ctx->ctx);
sha1update(&ctx->ctx, key, key_len);
sha1final(ctx->key, &ctx->ctx);
ctx->key_len = SHA1_DIGEST_LENGTH;
} else {
}
else
{
bcopy(key, ctx->key, key_len);
ctx->key_len = key_len;
}
@ -102,53 +123,61 @@ HMAC_SHA1_Init(HMAC_SHA1_CTX *ctx, const u_int8_t *key, u_int key_len)
bzero(k_ipad, SHA1_BLOCK_LENGTH);
memcpy(k_ipad, ctx->key, ctx->key_len);
for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
{
k_ipad[i] ^= 0x36;
}
SHA1Init(&ctx->ctx);
SHA1Update(&ctx->ctx, k_ipad, SHA1_BLOCK_LENGTH);
sha1init(&ctx->ctx);
sha1update(&ctx->ctx, k_ipad, SHA1_BLOCK_LENGTH);
explicit_bzero(k_ipad, sizeof k_ipad);
}
void
HMAC_SHA1_Update(HMAC_SHA1_CTX *ctx, const u_int8_t *data, u_int len)
void hmac_sha1_update(FAR HMAC_SHA1_CTX *ctx,
FAR const uint8_t *data,
u_int len)
{
SHA1Update(&ctx->ctx, data, len);
sha1update(&ctx->ctx, data, len);
}
void
HMAC_SHA1_Final(u_int8_t digest[SHA1_DIGEST_LENGTH], HMAC_SHA1_CTX *ctx)
void hmca_sha1_final(FAR uint8_t *digest, FAR HMAC_SHA1_CTX *ctx)
{
u_int8_t k_opad[SHA1_BLOCK_LENGTH];
uint8_t k_opad[SHA1_BLOCK_LENGTH];
int i;
SHA1Final(digest, &ctx->ctx);
sha1final(digest, &ctx->ctx);
bzero(k_opad, SHA1_BLOCK_LENGTH);
memcpy(k_opad, ctx->key, ctx->key_len);
for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
{
k_opad[i] ^= 0x5c;
}
SHA1Init(&ctx->ctx);
SHA1Update(&ctx->ctx, k_opad, SHA1_BLOCK_LENGTH);
SHA1Update(&ctx->ctx, digest, SHA1_DIGEST_LENGTH);
SHA1Final(digest, &ctx->ctx);
sha1init(&ctx->ctx);
sha1update(&ctx->ctx, k_opad, SHA1_BLOCK_LENGTH);
sha1update(&ctx->ctx, digest, SHA1_DIGEST_LENGTH);
sha1final(digest, &ctx->ctx);
explicit_bzero(k_opad, sizeof k_opad);
}
void
HMAC_SHA256_Init(HMAC_SHA256_CTX *ctx, const u_int8_t *key, u_int key_len)
void hmac_sha256_init(FAR HMAC_SHA256_CTX *ctx,
FAR const uint8_t *key,
u_int key_len)
{
u_int8_t k_ipad[SHA256_BLOCK_LENGTH];
uint8_t k_ipad[SHA256_BLOCK_LENGTH];
int i;
if (key_len > SHA256_BLOCK_LENGTH) {
SHA256Init(&ctx->ctx);
SHA256Update(&ctx->ctx, key, key_len);
SHA256Final(ctx->key, &ctx->ctx);
if (key_len > SHA256_BLOCK_LENGTH)
{
sha256init(&ctx->ctx);
sha256update(&ctx->ctx, key, key_len);
sha256final(ctx->key, &ctx->ctx);
ctx->key_len = SHA256_DIGEST_LENGTH;
} else {
}
else
{
bcopy(key, ctx->key, key_len);
ctx->key_len = key_len;
}
@ -156,37 +185,42 @@ HMAC_SHA256_Init(HMAC_SHA256_CTX *ctx, const u_int8_t *key, u_int key_len)
bzero(k_ipad, SHA256_BLOCK_LENGTH);
memcpy(k_ipad, ctx->key, ctx->key_len);
for (i = 0; i < SHA256_BLOCK_LENGTH; i++)
{
k_ipad[i] ^= 0x36;
}
SHA256Init(&ctx->ctx);
SHA256Update(&ctx->ctx, k_ipad, SHA256_BLOCK_LENGTH);
sha256init(&ctx->ctx);
sha256update(&ctx->ctx, k_ipad, SHA256_BLOCK_LENGTH);
explicit_bzero(k_ipad, sizeof k_ipad);
}
void
HMAC_SHA256_Update(HMAC_SHA256_CTX *ctx, const u_int8_t *data, u_int len)
void hmac_sha256_update(FAR HMAC_SHA256_CTX *ctx,
FAR const uint8_t *data,
u_int len)
{
SHA256Update(&ctx->ctx, data, len);
sha256update(&ctx->ctx, data, len);
}
void
HMAC_SHA256_Final(u_int8_t digest[SHA256_DIGEST_LENGTH], HMAC_SHA256_CTX *ctx)
void hmac_sha256_final(FAR uint8_t *digest,
FAR HMAC_SHA256_CTX *ctx)
{
u_int8_t k_opad[SHA256_BLOCK_LENGTH];
uint8_t k_opad[SHA256_BLOCK_LENGTH];
int i;
SHA256Final(digest, &ctx->ctx);
sha256final(digest, &ctx->ctx);
bzero(k_opad, SHA256_BLOCK_LENGTH);
memcpy(k_opad, ctx->key, ctx->key_len);
for (i = 0; i < SHA256_BLOCK_LENGTH; i++)
{
k_opad[i] ^= 0x5c;
}
SHA256Init(&ctx->ctx);
SHA256Update(&ctx->ctx, k_opad, SHA256_BLOCK_LENGTH);
SHA256Update(&ctx->ctx, digest, SHA256_DIGEST_LENGTH);
SHA256Final(digest, &ctx->ctx);
sha256init(&ctx->ctx);
sha256update(&ctx->ctx, k_opad, SHA256_BLOCK_LENGTH);
sha256update(&ctx->ctx, digest, SHA256_DIGEST_LENGTH);
sha256final(digest, &ctx->ctx);
explicit_bzero(k_opad, sizeof k_opad);
}

66
crypto/idgen.c
View file

@ -1,5 +1,7 @@
/* $OpenBSD: idgen.c,v 1.8 2020/07/22 13:54:30 tobhe Exp $ */
/*
/****************************************************************************
* crypto/idgen.c
* $OpenBSD: idgen.c,v 1.8 2020/07/22 13:54:30 tobhe Exp $
*
* Copyright (c) 2008 Damien Miller <djm@mindrot.org>
*
* Permission to use, copy, modify, and distribute this software for any
@ -13,22 +15,25 @@
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
****************************************************************************/
/*
* IDGEN32: non-repeating ID generation covering an almost maximal 32-bit
/* IDGEN32: non-repeating ID generation covering an almost maximal 32-bit
* range.
*
* IDGEN32 is based on public domain SKIP32 by Greg Rose.
*/
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/types.h>
#include <sys/systm.h>
#include <sys/time.h>
#include <crypto/idgen.h>
static const u_int8_t idgen32_ftable[256] = {
static const uint8_t idgen32_ftable[256] =
{
0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4,
0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9,
0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e,
@ -63,10 +68,14 @@ static const u_int8_t idgen32_ftable[256] = {
0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46
};
static u_int16_t
idgen32_g(u_int8_t *key, int k, u_int16_t w)
static uint16_t idgen32_g(FAR uint8_t *key, int k, uint16_t w)
{
u_int8_t g1, g2, g3, g4, g5, g6;
uint8_t g1;
uint8_t g2;
uint8_t g3;
uint8_t g4;
uint8_t g5;
uint8_t g6;
u_int o = k * 4;
g1 = (w >> 8) & 0xff;
@ -80,29 +89,31 @@ idgen32_g(u_int8_t *key, int k, u_int16_t w)
return (g5 << 8) | g6;
}
static u_int32_t
idgen32_permute(struct idgen32_ctx *ctx, u_int32_t in)
static uint32_t idgen32_permute(FAR struct idgen32_ctx *ctx, uint32_t in)
{
u_int i, r;
u_int16_t wl, wr;
uint16_t wl;
uint16_t wr;
wl = (in >> 16) & 0x7fff;
wr = in & 0xffff;
/* Doubled up rounds, with an odd round at the end to swap */
for (i = r = 0; i < IDGEN32_ROUNDS / 2; ++i) {
for (i = r = 0; i < IDGEN32_ROUNDS / 2; ++i)
{
wr ^= (idgen32_g(ctx->id32_key, r, wl) ^ r);
r++;
wl ^= (idgen32_g(ctx->id32_key, r, wr) ^ r) & 0x7fff;
r++;
}
wr ^= (idgen32_g(ctx->id32_key, r, wl) ^ r);
return (wl << 16) | wr;
}
static void
idgen32_rekey(struct idgen32_ctx *ctx)
static void idgen32_rekey(FAR struct idgen32_ctx *ctx)
{
ctx->id32_counter = 0;
ctx->id32_hibit ^= 0x80000000;
@ -111,28 +122,35 @@ idgen32_rekey(struct idgen32_ctx *ctx)
ctx->id32_rekey_time = getuptime() + IDGEN32_REKEY_TIME;
}
void
idgen32_init(struct idgen32_ctx *ctx)
/****************************************************************************
* Public Functions
****************************************************************************/
void idgen32_init(FAR struct idgen32_ctx *ctx)
{
bzero(ctx, sizeof(*ctx));
ctx->id32_hibit = arc4random() & 0x80000000;
idgen32_rekey(ctx);
}
u_int32_t
idgen32(struct idgen32_ctx *ctx)
uint32_t idgen32(FAR struct idgen32_ctx *ctx)
{
u_int32_t ret;
uint32_t ret;
do {
do
{
/* Rekey a little early to avoid "card counting" attack */
if (ctx->id32_counter > IDGEN32_REKEY_LIMIT ||
ctx->id32_rekey_time < getuptime())
{
idgen32_rekey(ctx);
}
ret = ctx->id32_hibit | idgen32_permute(ctx,
(ctx->id32_offset + ctx->id32_counter++) & 0x7fffffff);
} while (ret == 0); /* Zero IDs are often special, so avoid */
}
while (ret == 0); /* Zero IDs are often special, so avoid */
return ret;
}

105
crypto/key_wrap.c
View file

@ -1,6 +1,7 @@
/* $OpenBSD: key_wrap.c,v 1.5 2017/05/02 17:07:06 mikeb Exp $ */
/*-
/****************************************************************************
* crypto/key_wrap.c
* $OpenBSD: key_wrap.c,v 1.5 2017/05/02 17:07:06 mikeb Exp $
*
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
*
* Permission to use, copy, modify, and distribute this software for any
@ -14,11 +15,13 @@
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
****************************************************************************/
/*
* This code implements the AES Key Wrap algorithm described in RFC 3394.
*/
/* This code implements the AES Key Wrap algorithm described in RFC 3394. */
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/param.h>
#include <sys/systm.h>
@ -26,27 +29,37 @@
#include <crypto/aes.h>
#include <crypto/key_wrap.h>
static const u_int8_t IV[8] =
{ 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6 };
void
aes_key_wrap_set_key(aes_key_wrap_ctx *ctx, const u_int8_t *K, size_t K_len)
static const uint8_t IV[8] =
{
AES_Setkey(&ctx->ctx, K, K_len);
0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6
};
/****************************************************************************
* Public Functions
****************************************************************************/
void aes_key_wrap_set_key(FAR aes_key_wrap_ctx *ctx,
FAR const uint8_t *K,
size_t k_len)
{
aes_setkey(&ctx->ctx, K, k_len);
}
void
aes_key_wrap_set_key_wrap_only(aes_key_wrap_ctx *ctx, const u_int8_t *K,
size_t K_len)
void aes_key_wrap_set_key_wrap_only(FAR aes_key_wrap_ctx *ctx,
FAR const uint8_t *K,
size_t k_len)
{
AES_Setkey(&ctx->ctx, K, K_len);
aes_setkey(&ctx->ctx, K, k_len);
}
void
aes_key_wrap(aes_key_wrap_ctx *ctx, const u_int8_t *P, size_t n, u_int8_t *C)
void aes_key_wrap(FAR aes_key_wrap_ctx *ctx,
FAR const uint8_t *P,
size_t n, FAR uint8_t *C)
{
u_int64_t B[2], t;
u_int8_t *A, *R;
uint64_t B[2];
uint64_t t;
FAR uint8_t *A;
FAR uint8_t *R;
size_t i;
int j;
@ -54,59 +67,89 @@ aes_key_wrap(aes_key_wrap_ctx *ctx, const u_int8_t *P, size_t n, u_int8_t *C)
A = C; /* A points to C[0] */
memcpy(A, IV, 8); /* A = IV, an initial value */
for (j = 0, t = 1; j <= 5; j++) {
for (j = 0, t = 1; j <= 5; j++)
{
R = C + 8;
for (i = 1; i <= n; i++, t++) {
for (i = 1; i <= n; i++, t++)
{
/* B = A | R[i] */
memcpy(&B[0], A, 8);
memcpy(&B[1], R, 8);
/* B = AES(K, B) */
AES_Encrypt(&ctx->ctx, (uint8_t *)B, (uint8_t *)B);
aes_encrypt(&ctx->ctx, (FAR uint8_t *)B, (FAR uint8_t *)B);
/* MSB(64, B) = MSB(64, B) ^ t */
B[0] ^= htobe64(t);
/* A = MSB(64, B) */
memcpy(A, &B[0], 8);
/* R[i] = LSB(64, B) */
memcpy(R, &B[1], 8);
R += 8;
}
}
explicit_bzero(B, sizeof B);
}
int
aes_key_unwrap(aes_key_wrap_ctx *ctx, const u_int8_t *C, u_int8_t *P, size_t n)
int aes_key_unwrap(FAR aes_key_wrap_ctx *ctx,
FAR const uint8_t *C,
FAR uint8_t *P, size_t n)
{
u_int64_t B[2], t;
u_int8_t A[8], *R;
uint64_t B[2];
uint64_t t;
uint8_t A[8];
FAR uint8_t *R;
size_t i;
int j;
memcpy(A, C, 8); /* A = C[0] */
memmove(P, C + 8, n * 8); /* P and C may overlap */
for (j = 5, t = 6 * n; j >= 0; j--) {
for (j = 5, t = 6 * n; j >= 0; j--)
{
R = P + (n - 1) * 8;
for (i = n; i >= 1; i--, t--) {
for (i = n; i >= 1; i--, t--)
{
/* MSB(64, B) = A */
memcpy(&B[0], A, 8);
/* MSB(64, B) = MSB(64, B) ^ t */
B[0] ^= htobe64(t);
/* B = MSB(64, B) | R[i] */
memcpy(&B[1], R, 8);
/* B = AES-1(K, B) */
AES_Decrypt(&ctx->ctx, (uint8_t *)B, (uint8_t *)B);
aes_decrypt(&ctx->ctx, (FAR uint8_t *)B, (FAR uint8_t *)B);
/* A = MSB(64, B) */
memcpy(A, &B[0], 8);
/* R[i] = LSB(64, B) */
memcpy(R, &B[1], 8);
R -= 8;
}
}
explicit_bzero(B, sizeof B);
/* check that A is an appropriate initial value */
return timingsafe_bcmp(A, IV, 8) != 0;
}

144
crypto/md5.c
View file

@ -1,6 +1,7 @@
/* $OpenBSD: md5.c,v 1.4 2014/12/28 10:04:35 tedu Exp $ */
/*
/****************************************************************************
* crypto/md5.c
* $OpenBSD: md5.c,v 1.4 2014/12/28 10:04:35 tedu Exp $
*
* This code implements the MD5 message-digest algorithm.
* The algorithm is due to Ron Rivest. This code was
* written by Colin Plumb in 1993, no copyright is claimed.
@ -15,13 +16,19 @@
* MD5Context structure, pass it to MD5Init, call MD5Update as
* needed on buffers full of bytes, and then call MD5Final, which
* will fill a supplied 16-byte array with the digest.
*/
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/param.h>
#include <sys/systm.h>
#include <crypto/md5.h>
#define PUT_64BIT_LE(cp, value) do { \
#define PUT_64BIT_LE(cp, value) \
do \
{ \
(cp)[7] = (value) >> 56; \
(cp)[6] = (value) >> 48; \
(cp)[5] = (value) >> 40; \
@ -29,26 +36,36 @@
(cp)[3] = (value) >> 24; \
(cp)[2] = (value) >> 16; \
(cp)[1] = (value) >> 8; \
(cp)[0] = (value); } while (0)
(cp)[0] = (value); \
} \
while (0)
#define PUT_32BIT_LE(cp, value) do { \
#define PUT_32BIT_LE(cp, value) \
do \
{ \
(cp)[3] = (value) >> 24; \
(cp)[2] = (value) >> 16; \
(cp)[1] = (value) >> 8; \
(cp)[0] = (value); } while (0)
(cp)[0] = (value); \
} \
while (0)
static u_int8_t PADDING[MD5_BLOCK_LENGTH] = {
static uint8_t PADDING[MD5_BLOCK_LENGTH] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
/*
* Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
/****************************************************************************
* Public Functions
****************************************************************************/
/* Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
* initialization constants.
*/
void
MD5Init(MD5_CTX *ctx)
void md5init(FAR MD5_CTX *ctx)
{
ctx->count = 0;
ctx->state[0] = 0x67452301;
@ -57,104 +74,127 @@ MD5Init(MD5_CTX *ctx)
ctx->state[3] = 0x10325476;
}
/*
* Update context to reflect the concatenation of another buffer full
/* Update context to reflect the concatenation of another buffer full
* of bytes.
*/
void
MD5Update(MD5_CTX *ctx, const void *inputptr, size_t len)
void md5update(FAR MD5_CTX *ctx, FAR const void *inputptr, size_t len)
{
const uint8_t *input = inputptr;
size_t have, need;
FAR const uint8_t *input = inputptr;
size_t have;
size_t need;
/* Check how many bytes we already have and how many more we need. */
have = (size_t)((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
need = MD5_BLOCK_LENGTH - have;
/* Update bitcount */
ctx->count += (u_int64_t)len << 3;
if (len >= need) {
if (have != 0) {
ctx->count += (uint64_t)len << 3;
if (len >= need)
{
if (have != 0)
{
memcpy(ctx->buffer + have, input, need);
MD5Transform(ctx->state, ctx->buffer);
md5transform(ctx->state, ctx->buffer);
input += need;
len -= need;
have = 0;
}
/* Process data in MD5_BLOCK_LENGTH-byte chunks. */
while (len >= MD5_BLOCK_LENGTH) {
MD5Transform(ctx->state, input);
while (len >= MD5_BLOCK_LENGTH)
{
md5transform(ctx->state, input);
input += MD5_BLOCK_LENGTH;
len -= MD5_BLOCK_LENGTH;
}
}
/* Handle any remaining bytes of data. */
if (len != 0)
{
memcpy(ctx->buffer + have, input, len);
}
}
/*
* Final wrapup - pad to 64-byte boundary with the bit pattern
/* Final wrapup - pad to 64-byte boundary with the bit pattern
* 1 0* (64-bit count of bits processed, MSB-first)
*/
void
MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx)
void md5final(FAR unsigned char *digest, FAR MD5_CTX *ctx)
{
u_int8_t count[8];
uint8_t count[8];
size_t padlen;
int i;
/* Convert count to 8 bytes in little endian order. */
PUT_64BIT_LE(count, ctx->count);
/* Pad out to 56 mod 64. */
padlen = MD5_BLOCK_LENGTH -
((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
if (padlen < 1 + 8)
{
padlen += MD5_BLOCK_LENGTH;
MD5Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
MD5Update(ctx, count, 8);
for (i = 0; i < 4; i++)
PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
explicit_bzero(ctx, sizeof(*ctx)); /* in case it's sensitive */
}
md5update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
md5update(ctx, count, 8);
for (i = 0; i < 4; i++)
{
PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
}
explicit_bzero(ctx, sizeof(*ctx)); /* in case it's sensitive */
}
/* The four core functions - F1 is optimized somewhat */
/* #define F1(x, y, z) (x & y | ~x & z) */
#define F1(x, y, z) (z ^ (x & (y ^ z)))
#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
#define F2(x, y, z) F1(z, x, y)
#define F3(x, y, z) (x ^ y ^ z)
#define F4(x, y, z) (y ^ (x | ~z))
#define F3(x, y, z) ((x) ^ (y) ^ (z))
#define F4(x, y, z) ((y) ^ ((x) | ~(z)))
/* This is the central step in the MD5 algorithm. */
#define MD5STEP(f, w, x, y, z, data, s) \
( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
/*
* The core of the MD5 algorithm, this alters an existing MD5 hash to
#define MD5STEP(f, w, x, y, z, data, s) \
((w) += f(x, y, z) + (data), \
(w) = (w) << (s) | (w) >> (32 - (s)), \
(w) += (x))
/* The core of the MD5 algorithm, this alters an existing MD5 hash to
* reflect the addition of 16 longwords of new data. MD5Update blocks
* the data and converts bytes into longwords for this routine.
*/
void
MD5Transform(u_int32_t state[4], const u_int8_t block[MD5_BLOCK_LENGTH])
void md5transform(FAR uint32_t *state, FAR const uint8_t *block)
{
u_int32_t a, b, c, d, in[MD5_BLOCK_LENGTH / 4];
uint32_t a;
uint32_t b;
uint32_t c;
uint32_t d;
uint32_t in[MD5_BLOCK_LENGTH / 4];
#if BYTE_ORDER == LITTLE_ENDIAN
memcpy(in, block, sizeof(in));
#else
for (a = 0; a < MD5_BLOCK_LENGTH / 4; a++) {
in[a] = (u_int32_t)(
(u_int32_t)(block[a * 4 + 0]) |
(u_int32_t)(block[a * 4 + 1]) << 8 |
(u_int32_t)(block[a * 4 + 2]) << 16 |
(u_int32_t)(block[a * 4 + 3]) << 24);
for (a = 0; a < MD5_BLOCK_LENGTH / 4; a++)
{
in[a] = (uint32_t)(
(uint32_t)(block[a * 4 + 0]) |
(uint32_t)(block[a * 4 + 1]) << 8 |
(uint32_t)(block[a * 4 + 2]) << 16 |
(uint32_t)(block[a * 4 + 3]) << 24);
}
#endif

64
crypto/podd.h
View file

@ -1,7 +1,8 @@
/* $OpenBSD: podd.h,v 1.1 2000/02/28 23:13:05 deraadt Exp $ */
/* lib/des/podd.h */
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
/****************************************************************************
* crypto/podd.h
* $OpenBSD: podd.h,v 1.1 2000/02/28 23:13:05 deraadt Exp $
* lib/des/podd.h
* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
@ -27,7 +28,8 @@
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
* This product includes software developed
* by Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -42,25 +44,39 @@
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* derivative of this code cannot be changed.
* i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
****************************************************************************/
static const unsigned char odd_parity[256]={
1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
static const unsigned char odd_parity[256] =
{
1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13,
13, 14, 14, 16, 16, 19, 19, 21, 21, 22, 22,
25, 25, 26, 26, 28, 28, 31, 31, 32, 32, 35,
35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44,
47, 47, 49, 49, 50, 50, 52, 52, 55, 55, 56,
56, 59, 59, 61, 61, 62, 62, 64, 64, 67, 67,
69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79,
79, 81, 81, 82, 82, 84, 84, 87, 87, 88, 88,
91, 91, 93, 93, 94, 94, 97, 97, 98, 98, 100,
100, 103, 103, 104, 104, 107, 107, 109, 109,
110, 110, 112, 112, 115, 115, 117, 117, 118,
118, 121, 121, 122, 122, 124, 124, 127, 127,
128, 128, 131, 131, 133, 133, 134, 134, 137,
137, 138, 138, 140, 140, 143, 143, 145, 145,
146, 146, 148, 148, 151, 151, 152, 152, 155,
155, 157, 157, 158, 158, 161, 161, 162, 162,
164, 164, 167, 167, 168, 168, 171, 171, 173,
173, 174, 174, 176, 176, 179, 179, 181, 181,
182, 182, 185, 185, 186, 186, 188, 188, 191,
191, 193, 193, 194, 194, 196, 196, 199, 199,
200, 200, 203, 203, 205, 205, 206, 206, 208,
208, 211, 211, 213, 213, 214, 214, 217, 217,
218, 218, 220, 220, 223, 223, 224, 224, 227,
227, 229, 229, 230, 230, 233, 233, 234, 234,
236, 236, 239, 239, 241, 241, 242, 242, 244,
244, 247, 247, 248, 248, 251, 251, 253, 253,
254, 254
};

130
crypto/poly1305.c
View file

@ -1,23 +1,30 @@
/* $OpenBSD: poly1305.c,v 1.2 2020/07/22 13:54:30 tobhe Exp $ */
/*
/****************************************************************************
* crypto/poly1305.c
* $OpenBSD: poly1305.c,v 1.2 2020/07/22 13:54:30 tobhe Exp $
*
* Public Domain poly1305 from Andrew Moon
* Based on poly1305-donna.c, poly1305-donna-32.h and poly1305-donna.h from:
* https://github.com/floodyberry/poly1305-donna
*/
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/types.h>
#include <sys/systm.h>
#include <crypto/poly1305.h>
/*
* poly1305 implementation using 32 bit * 32 bit = 64 bit multiplication
/* poly1305 implementation using 32 bit * 32 bit = 64 bit multiplication
* and 64 bit addition.
*/
/* interpret four 8 bit unsigned integers as a 32 bit unsigned integer in little endian */
static unsigned long
U8TO32(const unsigned char *p)
/* interpret four 8 bit unsigned integers as a
* 32 bit unsigned integer in little endian
*/
static unsigned long U8TO32(FAR const unsigned char *p)
{
return (((unsigned long)(p[0] & 0xff)) |
((unsigned long)(p[1] & 0xff) << 8) |
@ -25,9 +32,11 @@ U8TO32(const unsigned char *p)
((unsigned long)(p[3] & 0xff) << 24));
}
/* store a 32 bit unsigned integer as four 8 bit unsigned integers in little endian */
static void
U32TO8(unsigned char *p, unsigned long v)
/* store a 32 bit unsigned integer as four
* 8 bit unsigned integers in little endian
*/
static void U32TO8(FAR unsigned char *p, unsigned long v)
{
p[0] = (v) & 0xff;
p[1] = (v >> 8) & 0xff;
@ -35,10 +44,14 @@ U32TO8(unsigned char *p, unsigned long v)
p[3] = (v >> 24) & 0xff;
}
void
poly1305_init(poly1305_state *st, const unsigned char key[32])
/****************************************************************************
* Public Functions
****************************************************************************/
void poly1305_init(FAR poly1305_state *st, FAR const unsigned char *key)
{
/* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
st->r[0] = (U8TO32(&key[0])) & 0x3ffffff;
st->r[1] = (U8TO32(&key[3]) >> 2) & 0x3ffff03;
st->r[2] = (U8TO32(&key[6]) >> 4) & 0x3ffc0ff;
@ -46,6 +59,7 @@ poly1305_init(poly1305_state *st, const unsigned char key[32])
st->r[4] = (U8TO32(&key[12]) >> 8) & 0x00fffff;
/* h = 0 */
st->h[0] = 0;
st->h[1] = 0;
st->h[2] = 0;
@ -53,6 +67,7 @@ poly1305_init(poly1305_state *st, const unsigned char key[32])
st->h[4] = 0;
/* save pad for later */
st->pad[0] = U8TO32(&key[16]);
st->pad[1] = U8TO32(&key[20]);
st->pad[2] = U8TO32(&key[24]);
@ -62,14 +77,30 @@ poly1305_init(poly1305_state *st, const unsigned char key[32])
st->final = 0;
}
static void
poly1305_blocks(poly1305_state *st, const unsigned char *m, size_t bytes)
static void poly1305_blocks(FAR poly1305_state *st,
FAR const unsigned char *m,
size_t bytes)
{
const unsigned long hibit = (st->final) ? 0 : (1 << 24); /* 1 << 128 */
unsigned long r0, r1, r2, r3, r4;
unsigned long s1, s2, s3, s4;
unsigned long h0, h1, h2, h3, h4;
unsigned long long d0, d1, d2, d3, d4;
unsigned long r0;
unsigned long r1;
unsigned long r2;
unsigned long r3;
unsigned long r4;
unsigned long s1;
unsigned long s2;
unsigned long s3;
unsigned long s4;
unsigned long h0;
unsigned long h1;
unsigned long h2;
unsigned long h3;
unsigned long h4;
unsigned long long d0;
unsigned long long d1;
unsigned long long d2;
unsigned long long d3;
unsigned long long d4;
unsigned long c;
r0 = st->r[0];
@ -89,8 +120,10 @@ poly1305_blocks(poly1305_state *st, const unsigned char *m, size_t bytes)
h3 = st->h[3];
h4 = st->h[4];
while (bytes >= poly1305_block_size) {
while (bytes >= poly1305_block_size)
{
/* h += m[i] */
h0 += (U8TO32(m + 0)) & 0x3ffffff;
h1 += (U8TO32(m + 3) >> 2) & 0x3ffffff;
h2 += (U8TO32(m + 6) >> 4) & 0x3ffffff;
@ -98,6 +131,7 @@ poly1305_blocks(poly1305_state *st, const unsigned char *m, size_t bytes)
h4 += (U8TO32(m + 12) >> 8) | hibit;
/* h *= r */
d0 = ((unsigned long long)h0 * r0) +
((unsigned long long)h1 * s4) +
((unsigned long long)h2 * s3) +
@ -125,6 +159,7 @@ poly1305_blocks(poly1305_state *st, const unsigned char *m, size_t bytes)
((unsigned long long)h4 * r0);
/* (partial) h %= p */
c = (unsigned long)(d0 >> 26);
h0 = (unsigned long)d0 & 0x3ffffff;
d1 += c;
@ -155,29 +190,43 @@ poly1305_blocks(poly1305_state *st, const unsigned char *m, size_t bytes)
st->h[4] = h4;
}
void
poly1305_update(poly1305_state *st, const unsigned char *m, size_t bytes)
void poly1305_update(FAR poly1305_state *st,
FAR const unsigned char *m,
size_t bytes)
{
size_t i;
/* handle leftover */
if (st->leftover) {
if (st->leftover)
{
size_t want = (poly1305_block_size - st->leftover);
if (want > bytes)
{
want = bytes;
}
for (i = 0; i < want; i++)
{
st->buffer[st->leftover + i] = m[i];
}
bytes -= want;
m += want;
st->leftover += want;
if (st->leftover < poly1305_block_size)
{
return;
}
poly1305_blocks(st, st->buffer, poly1305_block_size);
st->leftover = 0;
}
/* process full blocks */
if (bytes >= poly1305_block_size) {
if (bytes >= poly1305_block_size)
{
size_t want = (bytes & ~(poly1305_block_size - 1));
poly1305_blocks(st, m, want);
m += want;
@ -185,23 +234,38 @@ poly1305_update(poly1305_state *st, const unsigned char *m, size_t bytes)
}
/* store leftover */
if (bytes) {
if (bytes)
{
for (i = 0; i < bytes; i++)
{
st->buffer[st->leftover + i] = m[i];
}
st->leftover += bytes;
}
}
void
poly1305_finish(poly1305_state *st, unsigned char mac[16])
void poly1305_finish(FAR poly1305_state *st, FAR unsigned char *mac)
{
unsigned long h0, h1, h2, h3, h4, c;
unsigned long g0, g1, g2, g3, g4;
unsigned long h0;
unsigned long h1;
unsigned long h2;
unsigned long h3;
unsigned long h4;
unsigned long c;
unsigned long g0;
unsigned long g1;
unsigned long g2;
unsigned long g3;
unsigned long g4;
unsigned long long f;
unsigned long mask;
/* process the remaining block */
if (st->leftover) {
if (st->leftover)
{
size_t i = st->leftover;
st->buffer[i++] = 1;
for (; i < poly1305_block_size; i++)
@ -211,6 +275,7 @@ poly1305_finish(poly1305_state *st, unsigned char mac[16])
}
/* fully carry h */
h0 = st->h[0];
h1 = st->h[1];
h2 = st->h[2];
@ -234,6 +299,7 @@ poly1305_finish(poly1305_state *st, unsigned char mac[16])
h1 += c;
/* compute h + -p */
g0 = h0 + 5;
c = g0 >> 26;
g0 &= 0x3ffffff;
@ -249,6 +315,7 @@ poly1305_finish(poly1305_state *st, unsigned char mac[16])
g4 = h4 + c - (1 << 26);
/* select h if h < p, or h + -p if h >= p */
mask = (g4 >> ((sizeof(unsigned long) * 8) - 1)) - 1;
g0 &= mask;
g1 &= mask;
@ -263,12 +330,14 @@ poly1305_finish(poly1305_state *st, unsigned char mac[16])
h4 = (h4 & mask) | g4;
/* h = h % (2^128) */
h0 = ((h0) | (h1 << 26)) & 0xffffffff;
h1 = ((h1 >> 6) | (h2 << 20)) & 0xffffffff;
h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff;
h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff;
/* mac = (h + pad) % (2^128) */
f = (unsigned long long)h0 + st->pad[0];
h0 = (unsigned long)f;
f = (unsigned long long)h1 + st->pad[1] + (f >> 32);
@ -284,6 +353,7 @@ poly1305_finish(poly1305_state *st, unsigned char mac[16])
U32TO8(mac + 12, h3);
/* zero out the state */
st->h[0] = 0;
st->h[1] = 0;
st->h[2] = 0;

2048
crypto/rijndael.c
View file

File diff suppressed because it is too large Load diff

154
crypto/rmd160.c
View file

@ -1,5 +1,7 @@
/* $OpenBSD: rmd160.c,v 1.5 2011/01/11 15:42:05 deraadt Exp $ */
/*
/****************************************************************************
* crypto/rmd160.c
* $OpenBSD: rmd160.c,v 1.5 2011/01/11 15:42:05 deraadt Exp $
*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -21,18 +23,25 @@
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Preneel, Bosselaers, Dobbertin, "The Cryptographic Hash Function RIPEMD-160",
*
* Preneel, Bosselaers, Dobbertin,
* "The Cryptographic Hash Function RIPEMD-160",
* RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
* ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
*/
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/endian.h>
#include <crypto/rmd160.h>
#define PUT_64BIT_LE(cp, value) do { \
#define PUT_64BIT_LE(cp, value) \
do \
{ \
(cp)[7] = (value) >> 56; \
(cp)[6] = (value) >> 48; \
(cp)[5] = (value) >> 40; \
@ -40,13 +49,19 @@
(cp)[3] = (value) >> 24; \
(cp)[2] = (value) >> 16; \
(cp)[1] = (value) >> 8; \
(cp)[0] = (value); } while (0)
(cp)[0] = (value); \
} \
while (0)
#define PUT_32BIT_LE(cp, value) do { \
#define PUT_32BIT_LE(cp, value) \
do \
{ \
(cp)[3] = (value) >> 24; \
(cp)[2] = (value) >> 16; \
(cp)[1] = (value) >> 8; \
(cp)[0] = (value); } while (0)
(cp)[0] = (value); \
} \
while (0)
#define H0 0x67452301U
#define H1 0xEFCDAB89U
@ -67,30 +82,37 @@
#define KK4 0x00000000U
/* rotate x left n bits. */
#define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
#define F0(x, y, z) ((x) ^ (y) ^ (z))
#define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
#define F2(x, y, z) (((x) | (~y)) ^ (z))
#define F3(x, y, z) (((x) & (z)) | ((y) & (~z)))
#define F4(x, y, z) ((x) ^ ((y) | (~z)))
#define F1(x, y, z) (((x) & (y)) | (~(x) & (z)))
#define F2(x, y, z) (((x) | ~(y)) ^ (z))
#define F3(x, y, z) (((x) & (z)) | ((y) & ~(z)))
#define F4(x, y, z) ((x) ^ ((y) | ~(z)))
#define R(a, b, c, d, e, Fj, Kj, sj, rj) \
do { \
do \
{ \
a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \
c = ROL(10, c); \
} while(0)
} \
while (0)
#define X(i) x[i]
static u_char PADDING[64] = {
static u_char PADDING[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
void
RMD160Init(RMD160_CTX *ctx)
/****************************************************************************
* Public Functions
****************************************************************************/
void rmd160init(FAR RMD160_CTX *ctx)
{
ctx->count = 0;
ctx->state[0] = H0;
@ -100,63 +122,90 @@ RMD160Init(RMD160_CTX *ctx)
ctx->state[4] = H4;
}
void
RMD160Update(RMD160_CTX *ctx, const u_char *input, u_int32_t len)
void rmd160update(FAR RMD160_CTX *ctx,
FAR const u_char *input,
uint32_t len)
{
u_int32_t have, off, need;
uint32_t have;
uint32_t off;
uint32_t need;
have = (ctx->count / 8) % 64;
need = 64 - have;
ctx->count += 8 * len;
off = 0;
if (len >= need) {
if (have) {
if (len >= need)
{
if (have)
{
memcpy(ctx->buffer + have, input, need);
RMD160Transform(ctx->state, ctx->buffer);
rmd160transform(ctx->state, ctx->buffer);
off = need;
have = 0;
}
/* now the buffer is empty */
while (off + 64 <= len) {
RMD160Transform(ctx->state, input+off);
while (off + 64 <= len)
{
rmd160transform(ctx->state, input + off);
off += 64;
}
}
if (off < len)
{
memcpy(ctx->buffer + have, input + off, len - off);
}
}
void
RMD160Final(u_char digest[20], RMD160_CTX *ctx)
void rmd160final(FAR u_char *digest, FAR RMD160_CTX *ctx)
{
int i;
u_char size[8];
u_int32_t padlen;
uint32_t padlen;
PUT_64BIT_LE(size, ctx->count);
/*
* pad to 64 byte blocks, at least one byte from PADDING plus 8 bytes
/* pad to 64 byte blocks, at least one byte from PADDING plus 8 bytes
* for the size
*/
padlen = 64 - ((ctx->count / 8) % 64);
if (padlen < 1 + 8)
{
padlen += 64;
RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
RMD160Update(ctx, size, 8);
}
rmd160update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
rmd160update(ctx, size, 8);
if (digest != NULL)
{
for (i = 0; i < 5; i++)
{
PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
}
}
explicit_bzero(ctx, sizeof (*ctx));
}
void
RMD160Transform(u_int32_t state[5], const u_char block[64])
void rmd160transform(FAR uint32_t *state, FAR const u_char *block)
{
u_int32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16];
uint32_t a;
uint32_t b;
uint32_t c;
uint32_t d;
uint32_t e;
uint32_t aa;
uint32_t bb;
uint32_t cc;
uint32_t dd;
uint32_t ee;
uint32_t t;
uint32_t x[16];
#if BYTE_ORDER == LITTLE_ENDIAN
memcpy(x, block, 64);
@ -164,11 +213,14 @@ RMD160Transform(u_int32_t state[5], const u_char block[64])
int i;
for (i = 0; i < 16; i++)
x[i] = (u_int32_t)(
(u_int32_t)(block[i*4 + 0]) |
(u_int32_t)(block[i*4 + 1]) << 8 |
(u_int32_t)(block[i*4 + 2]) << 16 |
(u_int32_t)(block[i*4 + 3]) << 24);
{
x[i] = (uint32_t)(
(uint32_t)(block[i * 4 + 0]) |
(uint32_t)(block[i * 4 + 1]) << 8 |
(uint32_t)(block[i * 4 + 2]) << 16 |
(uint32_t)(block[i * 4 + 3]) << 24);
}
#endif
a = state[0];
@ -178,6 +230,7 @@ RMD160Transform(u_int32_t state[5], const u_char block[64])
e = state[4];
/* Round 1 */
R(a, b, c, d, e, F0, K0, 11, 0);
R(e, a, b, c, d, F0, K0, 14, 1);
R(d, e, a, b, c, F0, K0, 15, 2);
@ -194,7 +247,9 @@ RMD160Transform(u_int32_t state[5], const u_char block[64])
R(c, d, e, a, b, F0, K0, 7, 13);
R(b, c, d, e, a, F0, K0, 9, 14);
R(a, b, c, d, e, F0, K0, 8, 15); /* #15 */
/* Round 2 */
R(e, a, b, c, d, F1, K1, 7, 7);
R(d, e, a, b, c, F1, K1, 6, 4);
R(c, d, e, a, b, F1, K1, 8, 13);
@ -211,7 +266,9 @@ RMD160Transform(u_int32_t state[5], const u_char block[64])
R(b, c, d, e, a, F1, K1, 7, 14);
R(a, b, c, d, e, F1, K1, 13, 11);
R(e, a, b, c, d, F1, K1, 12, 8); /* #31 */
/* Round 3 */
R(d, e, a, b, c, F2, K2, 11, 3);
R(c, d, e, a, b, F2, K2, 13, 10);
R(b, c, d, e, a, F2, K2, 6, 14);
@ -228,7 +285,9 @@ RMD160Transform(u_int32_t state[5], const u_char block[64])
R(a, b, c, d, e, F2, K2, 12, 11);
R(e, a, b, c, d, F2, K2, 7, 5);
R(d, e, a, b, c, F2, K2, 5, 12); /* #47 */
/* Round 4 */
R(c, d, e, a, b, F3, K3, 11, 1);
R(b, c, d, e, a, F3, K3, 12, 9);
R(a, b, c, d, e, F3, K3, 14, 11);
@ -245,7 +304,9 @@ RMD160Transform(u_int32_t state[5], const u_char block[64])
R(e, a, b, c, d, F3, K3, 6, 5);
R(d, e, a, b, c, F3, K3, 5, 6);
R(c, d, e, a, b, F3, K3, 12, 2); /* #63 */
/* Round 5 */
R(b, c, d, e, a, F4, K4, 9, 4);
R(a, b, c, d, e, F4, K4, 15, 0);
R(e, a, b, c, d, F4, K4, 5, 5);
@ -272,6 +333,7 @@ RMD160Transform(u_int32_t state[5], const u_char block[64])
e = state[4];
/* Parallel round 1 */
R(a, b, c, d, e, F4, KK0, 8, 5);
R(e, a, b, c, d, F4, KK0, 9, 14);
R(d, e, a, b, c, F4, KK0, 9, 7);
@ -288,7 +350,9 @@ RMD160Transform(u_int32_t state[5], const u_char block[64])
R(c, d, e, a, b, F4, KK0, 14, 10);
R(b, c, d, e, a, F4, KK0, 12, 3);
R(a, b, c, d, e, F4, KK0, 6, 12); /* #15 */
/* Parallel round 2 */
R(e, a, b, c, d, F3, KK1, 9, 6);
R(d, e, a, b, c, F3, KK1, 13, 11);
R(c, d, e, a, b, F3, KK1, 15, 3);
@ -305,7 +369,9 @@ RMD160Transform(u_int32_t state[5], const u_char block[64])
R(b, c, d, e, a, F3, KK1, 15, 9);
R(a, b, c, d, e, F3, KK1, 13, 1);
R(e, a, b, c, d, F3, KK1, 11, 2); /* #31 */
/* Parallel round 3 */
R(d, e, a, b, c, F2, KK2, 9, 15);
R(c, d, e, a, b, F2, KK2, 7, 5);
R(b, c, d, e, a, F2, KK2, 15, 1);
@ -322,7 +388,9 @@ RMD160Transform(u_int32_t state[5], const u_char block[64])
R(a, b, c, d, e, F2, KK2, 13, 0);
R(e, a, b, c, d, F2, KK2, 7, 4);
R(d, e, a, b, c, F2, KK2, 5, 13); /* #47 */
/* Parallel round 4 */
R(c, d, e, a, b, F1, KK3, 15, 8);
R(b, c, d, e, a, F1, KK3, 5, 6);
R(a, b, c, d, e, F1, KK3, 8, 4);
@ -339,7 +407,9 @@ RMD160Transform(u_int32_t state[5], const u_char block[64])
R(e, a, b, c, d, F1, KK3, 5, 7);
R(d, e, a, b, c, F1, KK3, 15, 10);
R(c, d, e, a, b, F1, KK3, 8, 14); /* #63 */
/* Parallel round 5 */
R(b, c, d, e, a, F0, KK4, 8, 12);
R(a, b, c, d, e, F0, KK4, 5, 15);
R(e, a, b, c, d, F0, KK4, 12, 10);

271
crypto/set_key.c
View file

@ -1,7 +1,8 @@
/* $OpenBSD: set_key.c,v 1.5 2021/03/12 10:22:46 jsg Exp $ */
/* lib/des/set_key.c */
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
/****************************************************************************
* crypto/set_key.c
* $OpenBSD: set_key.c,v 1.5 2021/03/12 10:22:46 jsg Exp $
* lib/des/set_key.c
* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
@ -27,7 +28,8 @@
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
* This product includes software developed by
* Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -42,36 +44,43 @@
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* derivative of this code cannot be changed.
* i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* set_key.c v 1.4 eay 24/9/91
*
* set_key.c v 1.4 eay 24/9/91
* 1.4 Speed up by 400% :-)
* 1.3 added register declarations.
* 1.2 unrolled make_key_sched a bit more
* 1.1 added norm_expand_bits
* 1.0 First working version
*/
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include "des_locl.h"
#include "podd.h"
#include "sk.h"
static int check_parity(des_cblock (*key));
static int check_parity(FAR des_cblock *key);
int des_check_key=0;
int des_check_key;
static int
check_parity(des_cblock (*key))
static int check_parity(FAR des_cblock *key)
{
int i;
for (i = 0; i < DES_KEY_SZ; i++) {
if ((*key)[i] != odd_parity[(*key)[i]])
return(0);
for (i = 0; i < DES_KEY_SZ; i++)
{
if (*key[i] != odd_parity[*key[i]])
{
return 0;
}
return (1);
}
return 1;
}
/* Weak and semi week keys as take from
@ -83,41 +92,88 @@ check_parity(des_cblock (*key))
* Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
* (and actual cblock values).
*/
#define NUM_WEAK_KEY 16
static des_cblock weak_keys[NUM_WEAK_KEY]={
/* weak keys */
{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
{0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F},
{0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0},
/* semi-weak keys */
{0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
{0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
{0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
{0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
{0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
{0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
{0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
{0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
{0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
{0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
int
des_is_weak_key(des_cblock (*key))
#define NUM_WEAK_KEY 16
static des_cblock weak_keys[NUM_WEAK_KEY] =
{
/* weak keys */
{
0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01
},
{
0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe
},
{
0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f
},
{
0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0
},
/* semi-weak keys */
{
0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe
},
{
0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01
},
{
0x1f, 0xe0, 0x1f, 0xe0, 0x0e, 0xf1, 0x0e, 0xf1
},
{
0xe0, 0x1f, 0xe0, 0x1f, 0xf1, 0x0e, 0xf1, 0x0e
},
{
0x01, 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1
},
{
0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1, 0x01
},
{
0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe
},
{
0xfe, 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e
},
{
0x01, 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e
},
{
0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e, 0x01
},
{
0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1, 0xfe
},
{
0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1
}
};
/****************************************************************************
* Public Functions
****************************************************************************/
int des_is_weak_key(FAR des_cblock *key)
{
int i;
for (i = 0; i < NUM_WEAK_KEY; i++) {
for (i = 0; i < NUM_WEAK_KEY; i++)
{
/* Added == 0 to comparison, I obviously don't run
* this section very often :-(, thanks to
* engineering@MorningStar.Com for the fix
* eay 93/06/29 */
* eay 93/06/29
*/
if (bcmp(weak_keys[i], key, sizeof(des_cblock)) == 0)
return (1);
{
return 1;
}
return (0);
}
return 0;
}
/* NOW DEFINED IN des_local.h
@ -130,85 +186,112 @@ des_is_weak_key(des_cblock (*key))
#define HPERM_OP(a, t, n, m) ((t) = ((((a) << (16 - (n)))^(a)) & (m)),\
(a) = (a)^(t)^(t >> (16 - (n))))
static int shifts2[16]={0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0};
static int shifts2[16] =
{
0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0
};
/* return 0 if key parity is odd (correct),
* return -1 if key parity error,
* return -2 if illegal weak key.
*/
int
des_set_key(des_cblock (*key), des_key_schedule schedule)
int des_set_key(FAR des_cblock *key, des_key_schedule schedule)
{
register u_int32_t c, d, t, s;
register unsigned char *in;
register u_int32_t *k;
register uint32_t c;
register uint32_t d;
register uint32_t t;
register uint32_t s;
FAR register unsigned char *in;
FAR register uint32_t *k;
register int i;
if (des_check_key) {
if (des_check_key)
{
if (!check_parity(key))
{
return(-1);
if (des_is_weak_key(key))
return(-2);
}
k = (u_int32_t *) schedule;
in = (unsigned char *) key;
if (des_is_weak_key(key))
{
return(-2);
}
}
k = (FAR uint32_t *)schedule;
in = (FAR unsigned char *)key;
c2l(in, c);
c2l(in, d);
/* do PC1 in 60 simple operations */
/* PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
HPERM_OP(c, t, -2, 0xcccc0000L);
HPERM_OP(c, t, -1, 0xaaaa0000L);
HPERM_OP(c, t, 8, 0x00ff0000L);
HPERM_OP(c, t, -1, 0xaaaa0000L);
HPERM_OP(d, t, -8, 0xff000000L);
HPERM_OP(d, t, 8, 0x00ff0000L);
HPERM_OP(d, t, 2, 0x33330000L);
d = ((d & 0x00aa00aaL) << 7L) | ((d & 0x55005500L) >> 7L) | (d & 0xaa55aa55L);
d = (d >> 8) | ((c & 0xf0000000L) >> 4);
c &= 0x0fffffffL; */
* HPERM_OP(c, t, -2, 0xcccc0000L);
* HPERM_OP(c, t, -1, 0xaaaa0000L);
* HPERM_OP(c, t, 8, 0x00ff0000L);
* HPERM_OP(c, t, -1, 0xaaaa0000L);
* HPERM_OP(d, t, -8, 0xff000000L);
* HPERM_OP(d, t, 8, 0x00ff0000L);
* HPERM_OP(d, t, 2, 0x33330000L);
* d = ((d & 0x00aa00aaL) << 7L) |
* ((d & 0x55005500L) >> 7L) | (d & 0xaa55aa55L);
* d = (d >> 8) | ((c & 0xf0000000L) >> 4);
* c &= 0x0fffffffL;
*/
/* I now do it in 47 simple operations :-)
* Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
* for the inspiration. :-) */
PERM_OP (d, c, t, 4, 0x0f0f0f0fL);
HPERM_OP(c, t, -2, 0xcccc0000L);
HPERM_OP(d, t, -2, 0xcccc0000L);
PERM_OP (d, c, t, 1, 0x55555555L);
PERM_OP (c, d, t, 8, 0x00ff00ffL);
PERM_OP (d, c, t, 1, 0x55555555L);
d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
c &= 0x0fffffffL;
* for the inspiration. :-)
*/
for (i = 0; i < ITERATIONS; i++) {
PERM_OP (d, c, t, 4, 0x0f0f0f0fl);
HPERM_OP(c, t, -2, 0xcccc0000l);
HPERM_OP(d, t, -2, 0xcccc0000l);
PERM_OP (d, c, t, 1, 0x55555555l);
PERM_OP (c, d, t, 8, 0x00ff00ffl);
PERM_OP (d, c, t, 1, 0x55555555l);
d = (((d & 0x000000ffl) << 16l) | (d & 0x0000ff00l) |
((d & 0x00ff0000l) >> 16l) | ((c & 0xf0000000l) >> 4l));
c &= 0x0fffffffl;
for (i = 0; i < ITERATIONS; i++)
{
if (shifts2[i])
{ c = ((c >> 2L) | (c << 26L)); d = ((d >> 2L) | (d << 26L)); }
{
c = ((c >> 2l) | (c << 26l)); d = ((d >> 2l) | (d << 26l));
}
else
{ c = ((c >> 1L) | (c << 27L)); d = ((d >> 1L) | (d << 27L)); }
c &= 0x0fffffffL;
d &= 0x0fffffffL;
{
c = ((c >> 1l) | (c << 27l)); d = ((d >> 1l) | (d << 27l));
}
c &= 0x0fffffffl;
d &= 0x0fffffffl;
/* could be a few less shifts but I am to lazy at this
* point in time to investigate */
* point in time to investigate
*/
s = des_skb[0][(c) & 0x3f] |
des_skb[1][((c >> 6) & 0x03) | ((c >> 7L) & 0x3c)]|
des_skb[2][((c >> 13) & 0x0f) | ((c >> 14L) & 0x30)]|
des_skb[3][((c >> 20) & 0x01) | ((c >> 21L) & 0x06) |
((c >> 22L) & 0x38)];
des_skb[1][((c >> 6) & 0x03) | ((c >> 7l) & 0x3c)] |
des_skb[2][((c >> 13) & 0x0f) | ((c >> 14l) & 0x30)] |
des_skb[3][((c >> 20) & 0x01) | ((c >> 21l) & 0x06) |
((c >> 22l) & 0x38)];
t = des_skb[4][(d) & 0x3f] |
des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)]|
des_skb[6][ (d >> 15L) & 0x3f ]|
des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
des_skb[5][((d >> 7l) & 0x03) | ((d >> 8l) & 0x3c)] |
des_skb[6][(d >> 15l) & 0x3f] |
des_skb[7][((d >> 21l) & 0x0f) | ((d >> 22l) & 0x30)];
/* table contained 0213 4657 */
*(k++) = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
s = ((s >> 16L) | (t & 0xffff0000L));
s = (s << 4L) | (s >> 28L);
*(k++) = s & 0xffffffffL;
*(k++) = ((t << 16l) | (s & 0x0000ffffl)) & 0xffffffffl;
s = ((s >> 16l) | (t & 0xffff0000l));
s = (s << 4l) | (s >> 28l);
*(k++) = s & 0xffffffffl;
}
return (0);
return 0;
}

273
crypto/sha1.c
View file

@ -1,6 +1,7 @@
/* $OpenBSD: sha1.c,v 1.11 2014/12/28 10:04:35 tedu Exp $ */
/*
/****************************************************************************
* crypto/sha1.c
* $OpenBSD: sha1.c,v 1.11 2014/12/28 10:04:35 tedu Exp $
*
* SHA-1 in C
* By Steve Reid <steve@edmweb.com>
* 100% Public Domain
@ -12,58 +13,120 @@
* 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
* A million repetitions of "a"
* 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
*/
/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
/* #define SHA1HANDSOFF * Copies data before messing with it. */
****************************************************************************/
#define SHA1HANDSOFF
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/param.h>
#include <sys/systm.h>
#include <crypto/sha1.h>
/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
/* #define SHA1HANDSOFF * Copies data before messing with it. */
#define SHA1HANDSOFF
#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
/* blk0() and blk() perform the initial expand. */
/* I got the idea of expanding during the round function from SSLeay */
#if BYTE_ORDER == LITTLE_ENDIAN
#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
|(rol(block->l[i],8)&0x00FF00FF))
# define blk0(i) (block->l[i] = (rol(block->l[i] , 24) & 0xff00ff00) \
| (rol(block->l[i], 8) & 0x00ff00ff))
#else
# define blk0(i) block->l[i]
#endif
#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
#define blk(i) (block->l[i & 15] = \
rol(block->l[(i + 13) & 15] ^ block->l[(i + 8) & 15] \
^ block->l[(i + 2) & 15] ^ block->l[i & 15], 1))
/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
#define R0(v,w,x,y,z,i) \
do \
{ \
z += ((w & (x ^ y)) ^ y) \
+ blk0(i) + 0x5a827999 + rol(v, 5); \
w = rol(w, 30); \
} \
while (0)
#define R1(v,w,x,y,z,i) \
do \
{ \
z += ((w & (x ^ y)) ^y) \
+ blk(i) + 0x5a827999 + rol(v, 5); \
w = rol(w, 30); \
} \
while (0)
#define R2(v,w,x,y,z,i) \
do \
{ \
z += (w ^ x ^ y) \
+ blk(i) + 0x6ed9eba1 + rol(v, 5); \
w = rol(w,30); \
} \
while (0)
#define R3(v,w,x,y,z,i) \
do \
{ \
z += (((w | x) & y) | (w & x)) \
+ blk(i)+ 0x8f1bbcdc + rol(v, 5); \
w = rol(w, 30); \
} \
while (0)
#define R4(v,w,x,y,z,i) \
do \
{ \
z += (w ^ x ^y) \
+ blk(i) + 0xca62c1d6 + rol(v, 5); \
w=rol(w, 30); \
} \
while (0)
/****************************************************************************
* Public Functions
****************************************************************************/
/* Hash a single 512-bit block. This is the core of the algorithm. */
void
SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH])
void sha1transform(FAR uint32_t *state,
FAR const unsigned char *buffer)
{
uint32_t a;
uint32_t b;
uint32_t c;
uint32_t d;
uint32_t e;
typedef union
{
u_int32_t a, b, c, d, e;
typedef union {
unsigned char c[64];
unsigned int l[16];
} CHAR64LONG16;
CHAR64LONG16* block;
FAR CHAR64LONG16 *block;
#ifdef SHA1HANDSOFF
unsigned char workspace[SHA1_BLOCK_LENGTH];
block = (CHAR64LONG16 *)workspace;
block = (FAR CHAR64LONG16 *)workspace;
memcpy(block, buffer, SHA1_BLOCK_LENGTH);
#else
block = (CHAR64LONG16 *)buffer;
block = (FAR CHAR64LONG16 *)buffer;
#endif
/* Copy context->state[] to working vars */
a = state[0];
b = state[1];
c = state[2];
@ -71,99 +134,173 @@ SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH])
e = state[4];
/* 4 rounds of 20 operations each. Loop unrolled. */
R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
R0(a, b, c, d, e, 0);
R0(e, a, b, c, d, 1);
R0(d, e, a, b, c, 2);
R0(c, d, e, a, b, 3);
R0(b, c, d, e, a, 4);
R0(a, b, c, d, e, 5);
R0(e, a, b, c, d, 6);
R0(d, e, a, b, c, 7);
R0(c, d, e, a, b, 8);
R0(b, c, d, e, a, 9);
R0(a, b, c, d, e, 10);
R0(e, a, b, c, d, 11);
R0(d, e, a, b, c, 12);
R0(c, d, e, a, b, 13);
R0(b, c, d, e, a, 14);
R0(a, b, c, d, e, 15);
R1(e, a, b, c, d, 16);
R1(d, e, a, b, c, 17);
R1(c, d, e, a, b, 18);
R1(b, c, d, e, a, 19);
R2(a, b, c, d, e, 20);
R2(e, a, b, c, d, 21);
R2(d, e, a, b, c, 22);
R2(c, d, e, a, b, 23);
R2(b, c, d, e, a, 24);
R2(a, b, c, d, e, 25);
R2(e, a, b, c, d, 26);
R2(d, e, a, b, c, 27);
R2(c, d, e, a, b, 28);
R2(b, c, d, e, a, 29);
R2(a, b, c, d, e, 30);
R2(e, a, b, c, d, 31);
R2(d, e, a, b, c, 32);
R2(c, d, e, a, b, 33);
R2(b, c, d, e, a, 34);
R2(a, b, c, d, e, 35);
R2(e, a, b, c, d, 36);
R2(d, e, a, b, c, 37);
R2(c, d, e, a, b, 38);
R2(b, c, d, e, a, 39);
R3(a, b, c, d, e, 40);
R3(e, a, b, c, d, 41);
R3(d, e, a, b, c, 42);
R3(c, d, e, a, b, 43);
R3(b, c, d, e, a, 44);
R3(a, b, c, d, e, 45);
R3(e, a, b, c, d, 46);
R3(d, e, a, b, c, 47);
R3(c, d, e, a, b, 48);
R3(b, c, d, e, a, 49);
R3(a, b, c, d, e, 50);
R3(e, a, b, c, d, 51);
R3(d, e, a, b, c, 52);
R3(c, d, e, a, b, 53);
R3(b, c, d, e, a, 54);
R3(a, b, c, d, e, 55);
R3(e, a, b, c, d, 56);
R3(d, e, a, b, c, 57);
R3(c, d, e, a, b, 58);
R3(b, c, d, e, a, 59);
R4(a, b, c, d, e, 60);
R4(e, a, b, c, d, 61);
R4(d, e, a, b, c, 62);
R4(c, d, e, a, b, 63);
R4(b, c, d, e, a, 64);
R4(a, b, c, d, e, 65);
R4(e, a, b, c, d, 66);
R4(d, e, a, b, c, 67);
R4(c, d, e, a, b, 68);
R4(b, c, d, e, a, 69);
R4(a, b, c, d, e, 70);
R4(e, a, b, c, d, 71);
R4(d, e, a, b, c, 72);
R4(c, d, e, a, b, 73);
R4(b, c, d, e, a, 74);
R4(a, b, c, d, e, 75);
R4(e, a, b, c, d, 76);
R4(d, e, a, b, c, 77);
R4(c, d, e, a, b, 78);
R4(b, c, d, e, a, 79);
/* Add the working vars back into context.state[] */
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
state[4] += e;
/* Wipe variables */
a = b = c = d = e = 0;
}
/* SHA1Init - Initialize new context */
void
SHA1Init(SHA1_CTX *context)
void sha1init(FAR SHA1_CTX *context)
{
/* SHA1 initialization constants */
context->count = 0;
context->state[0] = 0x67452301;
context->state[1] = 0xEFCDAB89;
context->state[2] = 0x98BADCFE;
context->state[1] = 0xefcdab89;
context->state[2] = 0x98badcfe;
context->state[3] = 0x10325476;
context->state[4] = 0xC3D2E1F0;
context->state[4] = 0xc3d2e1f0;
}
/* Run your data through this. */
void
SHA1Update(SHA1_CTX *context, const void *dataptr, unsigned int len)
void sha1update(FAR SHA1_CTX *context,
FAR const void *dataptr,
unsigned int len)
{
const uint8_t *data = dataptr;
FAR const uint8_t *data = dataptr;
unsigned int i;
unsigned int j;
j = (u_int32_t)((context->count >> 3) & 63);
j = (uint32_t)((context->count >> 3) & 63);
context->count += (len << 3);
if ((j + len) > 63) {
if ((j + len) > 63)
{
memcpy(&context->buffer[j], data, (i = 64 - j));
SHA1Transform(context->state, context->buffer);
for ( ; i + 63 < len; i += 64) {
SHA1Transform(context->state, &data[i]);
sha1transform(context->state, context->buffer);
for (; i + 63 < len; i += 64)
{
sha1transform(context->state, &data[i]);
}
j = 0;
}
else i = 0;
else
{
i = 0;
}
memcpy(&context->buffer[j], &data[i], len - i);
}
/* Add padding and return the message digest. */
void
SHA1Final(unsigned char digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)
void sha1final(FAR unsigned char *digest,
FAR SHA1_CTX *context)
{
unsigned int i;
unsigned char finalcount[8];
for (i = 0; i < 8; i++) {
for (i = 0; i < 8; i++)
{
finalcount[i] = (unsigned char)((context->count >>
((7 - (i & 7)) * 8)) & 255); /* Endian independent */
}
SHA1Update(context, "\200", 1);
while ((context->count & 504) != 448) {
SHA1Update(context, "\0", 1);
}
SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
for (i = 0; i < SHA1_DIGEST_LENGTH; i++) {
sha1update(context, "\200", 1);
while ((context->count & 504) != 448)
{
sha1update(context, "\0", 1);
}
sha1update(context, finalcount, 8); /* Should cause a SHA1Transform() */
for (i = 0; i < SHA1_DIGEST_LENGTH; i++)
{
digest[i] = (unsigned char)((context->state[i >> 2] >>
((3 - (i & 3)) * 8)) & 255);
}
explicit_bzero(&finalcount, sizeof(finalcount));
explicit_bzero(context, sizeof(*context));
}

723
crypto/sha2.c
View file

File diff suppressed because it is too large Load diff

104
crypto/siphash.c
View file

@ -1,6 +1,7 @@
/* $OpenBSD: siphash.c,v 1.5 2018/01/05 19:05:09 mikeb Exp $ */
/*-
/****************************************************************************
* crypto/siphash.c
* $OpenBSD: siphash.c,v 1.5 2018/01/05 19:05:09 mikeb Exp $
*
* Copyright (c) 2013 Andre Oppermann <andre@FreeBSD.org>
* All rights reserved.
*
@ -27,11 +28,11 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
****************************************************************************/
/*
* SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d
* are the number of compression rounds and the number of finalization rounds.
/* SipHash is a family of PRFs SipHash-c-d where the integer parameters
* c and d are the number of compression rounds and the number of
* finalization rounds.
* A compression round is identical to a finalization round and this round
* function is called SipRound. Given a 128-bit key k and a (possibly empty)
* byte string m, SipHash-c-d returns a 64-bit value SipHash-c-d(k; m).
@ -43,36 +44,45 @@
* https://131002.net/siphash/
*/
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/param.h>
#include <sys/systm.h>
#include <crypto/siphash.h>
static void SipHash_CRounds(SIPHASH_CTX *, int);
static void SipHash_Rounds(SIPHASH_CTX *, int);
static void siphash_crounds(FAR SIPHASH_CTX *, int);
static void siphash_rounds(FAR SIPHASH_CTX *, int);
void
SipHash_Init(SIPHASH_CTX *ctx, const SIPHASH_KEY *key)
/****************************************************************************
* Public Functions
****************************************************************************/
void siphash_init(FAR SIPHASH_CTX *ctx, FAR const SIPHASH_KEY *key)
{
uint64_t k0, k1;
k0 = lemtoh64(&key->k0);
k1 = lemtoh64(&key->k1);
ctx->v[0] = 0x736f6d6570736575ULL ^ k0;
ctx->v[1] = 0x646f72616e646f6dULL ^ k1;
ctx->v[2] = 0x6c7967656e657261ULL ^ k0;
ctx->v[3] = 0x7465646279746573ULL ^ k1;
ctx->v[0] = 0x736f6d6570736575ull ^ k0;
ctx->v[1] = 0x646f72616e646f6dull ^ k1;
ctx->v[2] = 0x6c7967656e657261ull ^ k0;
ctx->v[3] = 0x7465646279746573ull ^ k1;
memset(ctx->buf, 0, sizeof(ctx->buf));
ctx->bytes = 0;
}
void
SipHash_Update(SIPHASH_CTX *ctx, int rc, int rf, const void *src, size_t len)
void siphash_update(FAR SIPHASH_CTX *ctx,
int rc, int rf,
FAR const void *src, size_t len)
{
const uint8_t *ptr = src;
size_t left, used;
FAR const uint8_t *ptr = src;
size_t left;
size_t used;
if (len == 0)
return;
@ -80,76 +90,83 @@ SipHash_Update(SIPHASH_CTX *ctx, int rc, int rf, const void *src, size_t len)
used = ctx->bytes % sizeof(ctx->buf);
ctx->bytes += len;
if (used > 0) {
if (used > 0)
{
left = sizeof(ctx->buf) - used;
if (len >= left) {
if (len >= left)
{
memcpy(&ctx->buf[used], ptr, left);
SipHash_CRounds(ctx, rc);
siphash_crounds(ctx, rc);
len -= left;
ptr += left;
} else {
}
else
{
memcpy(&ctx->buf[used], ptr, len);
return;
}
}
while (len >= sizeof(ctx->buf)) {
while (len >= sizeof(ctx->buf))
{
memcpy(ctx->buf, ptr, sizeof(ctx->buf));
SipHash_CRounds(ctx, rc);
siphash_crounds(ctx, rc);
len -= sizeof(ctx->buf);
ptr += sizeof(ctx->buf);
}
if (len > 0)
{
memcpy(ctx->buf, ptr, len);
}
}
void
SipHash_Final(void *dst, SIPHASH_CTX *ctx, int rc, int rf)
void siphash_final(FAR void *dst, FAR SIPHASH_CTX *ctx, int rc, int rf)
{
uint64_t r;
htolem64(&r, SipHash_End(ctx, rc, rf));
htolem64(&r, siphash_end(ctx, rc, rf));
memcpy(dst, &r, sizeof r);
}
uint64_t
SipHash_End(SIPHASH_CTX *ctx, int rc, int rf)
uint64_t siphash_end(FAR SIPHASH_CTX *ctx, int rc, int rf)
{
uint64_t r;
size_t left, used;
size_t left;
size_t used;
used = ctx->bytes % sizeof(ctx->buf);
left = sizeof(ctx->buf) - used;
memset(&ctx->buf[used], 0, left - 1);
ctx->buf[7] = ctx->bytes;
SipHash_CRounds(ctx, rc);
siphash_crounds(ctx, rc);
ctx->v[2] ^= 0xff;
SipHash_Rounds(ctx, rf);
siphash_rounds(ctx, rf);
r = (ctx->v[0] ^ ctx->v[1]) ^ (ctx->v[2] ^ ctx->v[3]);
explicit_bzero(ctx, sizeof(*ctx));
return (r);
}
uint64_t
SipHash(const SIPHASH_KEY *key, int rc, int rf, const void *src, size_t len)
uint64_t siphash(FAR const SIPHASH_KEY *key,
int rc, int rf,
FAR const void *src, size_t len)
{
SIPHASH_CTX ctx;
SipHash_Init(&ctx, key);
SipHash_Update(&ctx, rc, rf, src, len);
return (SipHash_End(&ctx, rc, rf));
siphash_init(&ctx, key);
siphash_update(&ctx, rc, rf, src, len);
return (siphash_end(&ctx, rc, rf));
}
#define SIP_ROTL(x, b) ((x) << (b)) | ( (x) >> (64 - (b)))
static void
SipHash_Rounds(SIPHASH_CTX *ctx, int rounds)
static void siphash_rounds(FAR SIPHASH_CTX *ctx, int rounds)
{
while (rounds--)
{
while (rounds--) {
ctx->v[0] += ctx->v[1];
ctx->v[2] += ctx->v[3];
ctx->v[1] = SIP_ROTL(ctx->v[1], 13);
@ -170,12 +187,11 @@ SipHash_Rounds(SIPHASH_CTX *ctx, int rounds)
}
}
static void
SipHash_CRounds(SIPHASH_CTX *ctx, int rounds)
static void siphash_crounds(FAR SIPHASH_CTX *ctx, int rounds)
{
uint64_t m = lemtoh64((uint64_t *)ctx->buf);
ctx->v[3] ^= m;
SipHash_Rounds(ctx, rounds);
siphash_rounds(ctx, rounds);
ctx->v[0] ^= m;
}

313
crypto/sk.h
View file

@ -1,7 +1,8 @@
/* $OpenBSD: sk.h,v 1.2 2002/10/27 13:24:26 miod Exp $ */
/* lib/des/sk.h */
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
/****************************************************************************
* crypto/sk.h
* $OpenBSD: sk.h,v 1.2 2002/10/27 13:24:26 miod Exp $
* lib/des/sk.h
* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
@ -27,13 +28,15 @@
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
* This product includes software developed
* by Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* FOR ANY DIRECT, INDIRECT, INCIDENTAl, SPECIAl,
* EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
@ -41,155 +44,173 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* The licence and distribution terms for any publically
* available version or derivative of this code cannot be changed.
* i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
****************************************************************************/
static const u_int32_t des_skb[8][64]={
static const uint32_t des_skb[8][64] =
{
{
/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
0x00000000L,0x00000010L,0x20000000L,0x20000010L,
0x00010000L,0x00010010L,0x20010000L,0x20010010L,
0x00000800L,0x00000810L,0x20000800L,0x20000810L,
0x00010800L,0x00010810L,0x20010800L,0x20010810L,
0x00000020L,0x00000030L,0x20000020L,0x20000030L,
0x00010020L,0x00010030L,0x20010020L,0x20010030L,
0x00000820L,0x00000830L,0x20000820L,0x20000830L,
0x00010820L,0x00010830L,0x20010820L,0x20010830L,
0x00080000L,0x00080010L,0x20080000L,0x20080010L,
0x00090000L,0x00090010L,0x20090000L,0x20090010L,
0x00080800L,0x00080810L,0x20080800L,0x20080810L,
0x00090800L,0x00090810L,0x20090800L,0x20090810L,
0x00080020L,0x00080030L,0x20080020L,0x20080030L,
0x00090020L,0x00090030L,0x20090020L,0x20090030L,
0x00080820L,0x00080830L,0x20080820L,0x20080830L,
0x00090820L,0x00090830L,0x20090820L,0x20090830L,
},{
0x00000000l, 0x00000010l, 0x20000000l, 0x20000010l,
0x00010000l, 0x00010010l, 0x20010000l, 0x20010010l,
0x00000800l, 0x00000810l, 0x20000800l, 0x20000810l,
0x00010800l, 0x00010810l, 0x20010800l, 0x20010810l,
0x00000020l, 0x00000030l, 0x20000020l, 0x20000030l,
0x00010020l, 0x00010030l, 0x20010020l, 0x20010030l,
0x00000820l, 0x00000830l, 0x20000820l, 0x20000830l,
0x00010820l, 0x00010830l, 0x20010820l, 0x20010830l,
0x00080000l, 0x00080010l, 0x20080000l, 0x20080010l,
0x00090000l, 0x00090010l, 0x20090000l, 0x20090010l,
0x00080800l, 0x00080810l, 0x20080800l, 0x20080810l,
0x00090800l, 0x00090810l, 0x20090800l, 0x20090810l,
0x00080020l, 0x00080030l, 0x20080020l, 0x20080030l,
0x00090020l, 0x00090030l, 0x20090020l, 0x20090030l,
0x00080820l, 0x00080830l, 0x20080820l, 0x20080830l,
0x00090820l, 0x00090830l, 0x20090820l, 0x20090830l,
},
{
/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
0x00000000L,0x02000000L,0x00002000L,0x02002000L,
0x00200000L,0x02200000L,0x00202000L,0x02202000L,
0x00000004L,0x02000004L,0x00002004L,0x02002004L,
0x00200004L,0x02200004L,0x00202004L,0x02202004L,
0x00000400L,0x02000400L,0x00002400L,0x02002400L,
0x00200400L,0x02200400L,0x00202400L,0x02202400L,
0x00000404L,0x02000404L,0x00002404L,0x02002404L,
0x00200404L,0x02200404L,0x00202404L,0x02202404L,
0x10000000L,0x12000000L,0x10002000L,0x12002000L,
0x10200000L,0x12200000L,0x10202000L,0x12202000L,
0x10000004L,0x12000004L,0x10002004L,0x12002004L,
0x10200004L,0x12200004L,0x10202004L,0x12202004L,
0x10000400L,0x12000400L,0x10002400L,0x12002400L,
0x10200400L,0x12200400L,0x10202400L,0x12202400L,
0x10000404L,0x12000404L,0x10002404L,0x12002404L,
0x10200404L,0x12200404L,0x10202404L,0x12202404L,
},{
0x00000000l, 0x02000000l, 0x00002000l, 0x02002000l,
0x00200000l, 0x02200000l, 0x00202000l, 0x02202000l,
0x00000004l, 0x02000004l, 0x00002004l, 0x02002004l,
0x00200004l, 0x02200004l, 0x00202004l, 0x02202004l,
0x00000400l, 0x02000400l, 0x00002400l, 0x02002400l,
0x00200400l, 0x02200400l, 0x00202400l, 0x02202400l,
0x00000404l, 0x02000404l, 0x00002404l, 0x02002404l,
0x00200404l, 0x02200404l, 0x00202404l, 0x02202404l,
0x10000000l, 0x12000000l, 0x10002000l, 0x12002000l,
0x10200000l, 0x12200000l, 0x10202000l, 0x12202000l,
0x10000004l, 0x12000004l, 0x10002004l, 0x12002004l,
0x10200004l, 0x12200004l, 0x10202004l, 0x12202004l,
0x10000400l, 0x12000400l, 0x10002400l, 0x12002400l,
0x10200400l, 0x12200400l, 0x10202400l, 0x12202400l,
0x10000404l, 0x12000404l, 0x10002404l, 0x12002404l,
0x10200404l, 0x12200404l, 0x10202404l, 0x12202404l,
},
{
/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
0x00000000L,0x00000001L,0x00040000L,0x00040001L,
0x01000000L,0x01000001L,0x01040000L,0x01040001L,
0x00000002L,0x00000003L,0x00040002L,0x00040003L,
0x01000002L,0x01000003L,0x01040002L,0x01040003L,
0x00000200L,0x00000201L,0x00040200L,0x00040201L,
0x01000200L,0x01000201L,0x01040200L,0x01040201L,
0x00000202L,0x00000203L,0x00040202L,0x00040203L,
0x01000202L,0x01000203L,0x01040202L,0x01040203L,
0x08000000L,0x08000001L,0x08040000L,0x08040001L,
0x09000000L,0x09000001L,0x09040000L,0x09040001L,
0x08000002L,0x08000003L,0x08040002L,0x08040003L,
0x09000002L,0x09000003L,0x09040002L,0x09040003L,
0x08000200L,0x08000201L,0x08040200L,0x08040201L,
0x09000200L,0x09000201L,0x09040200L,0x09040201L,
0x08000202L,0x08000203L,0x08040202L,0x08040203L,
0x09000202L,0x09000203L,0x09040202L,0x09040203L,
},{
0x00000000l, 0x00000001l, 0x00040000l, 0x00040001l,
0x01000000l, 0x01000001l, 0x01040000l, 0x01040001l,
0x00000002l, 0x00000003l, 0x00040002l, 0x00040003l,
0x01000002l, 0x01000003l, 0x01040002l, 0x01040003l,
0x00000200l, 0x00000201l, 0x00040200l, 0x00040201l,
0x01000200l, 0x01000201l, 0x01040200l, 0x01040201l,
0x00000202l, 0x00000203l, 0x00040202l, 0x00040203l,
0x01000202l, 0x01000203l, 0x01040202l, 0x01040203l,
0x08000000l, 0x08000001l, 0x08040000l, 0x08040001l,
0x09000000l, 0x09000001l, 0x09040000l, 0x09040001l,
0x08000002l, 0x08000003l, 0x08040002l, 0x08040003l,
0x09000002l, 0x09000003l, 0x09040002l, 0x09040003l,
0x08000200l, 0x08000201l, 0x08040200l, 0x08040201l,
0x09000200l, 0x09000201l, 0x09040200l, 0x09040201l,
0x08000202l, 0x08000203l, 0x08040202l, 0x08040203l,
0x09000202l, 0x09000203l, 0x09040202l, 0x09040203l,
},
{
/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
0x00000000L,0x00100000L,0x00000100L,0x00100100L,
0x00000008L,0x00100008L,0x00000108L,0x00100108L,
0x00001000L,0x00101000L,0x00001100L,0x00101100L,
0x00001008L,0x00101008L,0x00001108L,0x00101108L,
0x04000000L,0x04100000L,0x04000100L,0x04100100L,
0x04000008L,0x04100008L,0x04000108L,0x04100108L,
0x04001000L,0x04101000L,0x04001100L,0x04101100L,
0x04001008L,0x04101008L,0x04001108L,0x04101108L,
0x00020000L,0x00120000L,0x00020100L,0x00120100L,
0x00020008L,0x00120008L,0x00020108L,0x00120108L,
0x00021000L,0x00121000L,0x00021100L,0x00121100L,
0x00021008L,0x00121008L,0x00021108L,0x00121108L,
0x04020000L,0x04120000L,0x04020100L,0x04120100L,
0x04020008L,0x04120008L,0x04020108L,0x04120108L,
0x04021000L,0x04121000L,0x04021100L,0x04121100L,
0x04021008L,0x04121008L,0x04021108L,0x04121108L,
},{
0x00000000l, 0x00100000l, 0x00000100l, 0x00100100l,
0x00000008l, 0x00100008l, 0x00000108l, 0x00100108l,
0x00001000l, 0x00101000l, 0x00001100l, 0x00101100l,
0x00001008l, 0x00101008l, 0x00001108l, 0x00101108l,
0x04000000l, 0x04100000l, 0x04000100l, 0x04100100l,
0x04000008l, 0x04100008l, 0x04000108l, 0x04100108l,
0x04001000l, 0x04101000l, 0x04001100l, 0x04101100l,
0x04001008l, 0x04101008l, 0x04001108l, 0x04101108l,
0x00020000l, 0x00120000l, 0x00020100l, 0x00120100l,
0x00020008l, 0x00120008l, 0x00020108l, 0x00120108l,
0x00021000l, 0x00121000l, 0x00021100l, 0x00121100l,
0x00021008l, 0x00121008l, 0x00021108l, 0x00121108l,
0x04020000l, 0x04120000l, 0x04020100l, 0x04120100l,
0x04020008l, 0x04120008l, 0x04020108l, 0x04120108l,
0x04021000l, 0x04121000l, 0x04021100l, 0x04121100l,
0x04021008l, 0x04121008l, 0x04021108l, 0x04121108l,
},
{
/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
0x00000000L,0x10000000L,0x00010000L,0x10010000L,
0x00000004L,0x10000004L,0x00010004L,0x10010004L,
0x20000000L,0x30000000L,0x20010000L,0x30010000L,
0x20000004L,0x30000004L,0x20010004L,0x30010004L,
0x00100000L,0x10100000L,0x00110000L,0x10110000L,
0x00100004L,0x10100004L,0x00110004L,0x10110004L,
0x20100000L,0x30100000L,0x20110000L,0x30110000L,
0x20100004L,0x30100004L,0x20110004L,0x30110004L,
0x00001000L,0x10001000L,0x00011000L,0x10011000L,
0x00001004L,0x10001004L,0x00011004L,0x10011004L,
0x20001000L,0x30001000L,0x20011000L,0x30011000L,
0x20001004L,0x30001004L,0x20011004L,0x30011004L,
0x00101000L,0x10101000L,0x00111000L,0x10111000L,
0x00101004L,0x10101004L,0x00111004L,0x10111004L,
0x20101000L,0x30101000L,0x20111000L,0x30111000L,
0x20101004L,0x30101004L,0x20111004L,0x30111004L,
},{
0x00000000l, 0x10000000l, 0x00010000l, 0x10010000l,
0x00000004l, 0x10000004l, 0x00010004l, 0x10010004l,
0x20000000l, 0x30000000l, 0x20010000l, 0x30010000l,
0x20000004l, 0x30000004l, 0x20010004l, 0x30010004l,
0x00100000l, 0x10100000l, 0x00110000l, 0x10110000l,
0x00100004l, 0x10100004l, 0x00110004l, 0x10110004l,
0x20100000l, 0x30100000l, 0x20110000l, 0x30110000l,
0x20100004l, 0x30100004l, 0x20110004l, 0x30110004l,
0x00001000l, 0x10001000l, 0x00011000l, 0x10011000l,
0x00001004l, 0x10001004l, 0x00011004l, 0x10011004l,
0x20001000l, 0x30001000l, 0x20011000l, 0x30011000l,
0x20001004l, 0x30001004l, 0x20011004l, 0x30011004l,
0x00101000l, 0x10101000l, 0x00111000l, 0x10111000l,
0x00101004l, 0x10101004l, 0x00111004l, 0x10111004l,
0x20101000l, 0x30101000l, 0x20111000l, 0x30111000l,
0x20101004l, 0x30101004l, 0x20111004l, 0x30111004l,
},
{
/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
0x00000000L,0x08000000L,0x00000008L,0x08000008L,
0x00000400L,0x08000400L,0x00000408L,0x08000408L,
0x00020000L,0x08020000L,0x00020008L,0x08020008L,
0x00020400L,0x08020400L,0x00020408L,0x08020408L,
0x00000001L,0x08000001L,0x00000009L,0x08000009L,
0x00000401L,0x08000401L,0x00000409L,0x08000409L,
0x00020001L,0x08020001L,0x00020009L,0x08020009L,
0x00020401L,0x08020401L,0x00020409L,0x08020409L,
0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
},{
0x00000000l, 0x08000000l, 0x00000008l, 0x08000008l,
0x00000400l, 0x08000400l, 0x00000408l, 0x08000408l,
0x00020000l, 0x08020000l, 0x00020008l, 0x08020008l,
0x00020400l, 0x08020400l, 0x00020408l, 0x08020408l,
0x00000001l, 0x08000001l, 0x00000009l, 0x08000009l,
0x00000401l, 0x08000401l, 0x00000409l, 0x08000409l,
0x00020001l, 0x08020001l, 0x00020009l, 0x08020009l,
0x00020401l, 0x08020401l, 0x00020409l, 0x08020409l,
0x02000000l, 0x0a000000l, 0x02000008l, 0x0a000008l,
0x02000400l, 0x0a000400l, 0x02000408l, 0x0a000408l,
0x02020000l, 0x0a020000l, 0x02020008l, 0x0a020008l,
0x02020400l, 0x0a020400l, 0x02020408l, 0x0a020408l,
0x02000001l, 0x0a000001l, 0x02000009l, 0x0a000009l,
0x02000401l, 0x0a000401l, 0x02000409l, 0x0a000409l,
0x02020001l, 0x0a020001l, 0x02020009l, 0x0a020009l,
0x02020401l, 0x0a020401l, 0x02020409l, 0x0a020409l,
},
{
/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
0x00000000L,0x00000100L,0x00080000L,0x00080100L,
0x01000000L,0x01000100L,0x01080000L,0x01080100L,
0x00000010L,0x00000110L,0x00080010L,0x00080110L,
0x01000010L,0x01000110L,0x01080010L,0x01080110L,
0x00200000L,0x00200100L,0x00280000L,0x00280100L,
0x01200000L,0x01200100L,0x01280000L,0x01280100L,
0x00200010L,0x00200110L,0x00280010L,0x00280110L,
0x01200010L,0x01200110L,0x01280010L,0x01280110L,
0x00000200L,0x00000300L,0x00080200L,0x00080300L,
0x01000200L,0x01000300L,0x01080200L,0x01080300L,
0x00000210L,0x00000310L,0x00080210L,0x00080310L,
0x01000210L,0x01000310L,0x01080210L,0x01080310L,
0x00200200L,0x00200300L,0x00280200L,0x00280300L,
0x01200200L,0x01200300L,0x01280200L,0x01280300L,
0x00200210L,0x00200310L,0x00280210L,0x00280310L,
0x01200210L,0x01200310L,0x01280210L,0x01280310L,
},{
0x00000000l, 0x00000100l, 0x00080000l, 0x00080100l,
0x01000000l, 0x01000100l, 0x01080000l, 0x01080100l,
0x00000010l, 0x00000110l, 0x00080010l, 0x00080110l,
0x01000010l, 0x01000110l, 0x01080010l, 0x01080110l,
0x00200000l, 0x00200100l, 0x00280000l, 0x00280100l,
0x01200000l, 0x01200100l, 0x01280000l, 0x01280100l,
0x00200010l, 0x00200110l, 0x00280010l, 0x00280110l,
0x01200010l, 0x01200110l, 0x01280010l, 0x01280110l,
0x00000200l, 0x00000300l, 0x00080200l, 0x00080300l,
0x01000200l, 0x01000300l, 0x01080200l, 0x01080300l,
0x00000210l, 0x00000310l, 0x00080210l, 0x00080310l,
0x01000210l, 0x01000310l, 0x01080210l, 0x01080310l,
0x00200200l, 0x00200300l, 0x00280200l, 0x00280300l,
0x01200200l, 0x01200300l, 0x01280200l, 0x01280300l,
0x00200210l, 0x00200310l, 0x00280210l, 0x00280310l,
0x01200210l, 0x01200310l, 0x01280210l, 0x01280310l,
},
{
/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
0x00000000L,0x04000000L,0x00040000L,0x04040000L,
0x00000002L,0x04000002L,0x00040002L,0x04040002L,
0x00002000L,0x04002000L,0x00042000L,0x04042000L,
0x00002002L,0x04002002L,0x00042002L,0x04042002L,
0x00000020L,0x04000020L,0x00040020L,0x04040020L,
0x00000022L,0x04000022L,0x00040022L,0x04040022L,
0x00002020L,0x04002020L,0x00042020L,0x04042020L,
0x00002022L,0x04002022L,0x00042022L,0x04042022L,
0x00000800L,0x04000800L,0x00040800L,0x04040800L,
0x00000802L,0x04000802L,0x00040802L,0x04040802L,
0x00002800L,0x04002800L,0x00042800L,0x04042800L,
0x00002802L,0x04002802L,0x00042802L,0x04042802L,
0x00000820L,0x04000820L,0x00040820L,0x04040820L,
0x00000822L,0x04000822L,0x00040822L,0x04040822L,
0x00002820L,0x04002820L,0x00042820L,0x04042820L,
0x00002822L,0x04002822L,0x00042822L,0x04042822L,
}};
0x00000000l, 0x04000000l, 0x00040000l, 0x04040000l,
0x00000002l, 0x04000002l, 0x00040002l, 0x04040002l,
0x00002000l, 0x04002000l, 0x00042000l, 0x04042000l,
0x00002002l, 0x04002002l, 0x00042002l, 0x04042002l,
0x00000020l, 0x04000020l, 0x00040020l, 0x04040020l,
0x00000022l, 0x04000022l, 0x00040022l, 0x04040022l,
0x00002020l, 0x04002020l, 0x00042020l, 0x04042020l,
0x00002022l, 0x04002022l, 0x00042022l, 0x04042022l,
0x00000800l, 0x04000800l, 0x00040800l, 0x04040800l,
0x00000802l, 0x04000802l, 0x00040802l, 0x04040802l,
0x00002800l, 0x04002800l, 0x00042800l, 0x04042800l,
0x00002802l, 0x04002802l, 0x00042802l, 0x04042802l,
0x00000820l, 0x04000820l, 0x00040820l, 0x04040820l,
0x00000822l, 0x04000822l, 0x00040822l, 0x04040822l,
0x00002820l, 0x04002820l, 0x00042820l, 0x04042820l,
0x00002822l, 0x04002822l, 0x00042822l, 0x04042822l,
}
};

308
crypto/spr.h
View file

@ -1,7 +1,8 @@
/* $OpenBSD: spr.h,v 1.2 2002/10/27 13:24:26 miod Exp $ */
/* lib/des/spr.h */
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
/****************************************************************************
* crypto/spr.h
* $OpenBSD: spr.h,v 1.2 2002/10/27 13:24:26 miod Exp $
* lib/des/spr.h
* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
@ -27,7 +28,8 @@
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
* This product includes software developed
* by Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -42,154 +44,172 @@
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* derivative of this code cannot be changed.
* i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
****************************************************************************/
static const u_int32_t des_SPtrans[8][64]={
static const uint32_t des_sptrans[8][64] =
{
{
/* nibble 0 */
0x00820200L, 0x00020000L, 0x80800000L, 0x80820200L,
0x00800000L, 0x80020200L, 0x80020000L, 0x80800000L,
0x80020200L, 0x00820200L, 0x00820000L, 0x80000200L,
0x80800200L, 0x00800000L, 0x00000000L, 0x80020000L,
0x00020000L, 0x80000000L, 0x00800200L, 0x00020200L,
0x80820200L, 0x00820000L, 0x80000200L, 0x00800200L,
0x80000000L, 0x00000200L, 0x00020200L, 0x80820000L,
0x00000200L, 0x80800200L, 0x80820000L, 0x00000000L,
0x00000000L, 0x80820200L, 0x00800200L, 0x80020000L,
0x00820200L, 0x00020000L, 0x80000200L, 0x00800200L,
0x80820000L, 0x00000200L, 0x00020200L, 0x80800000L,
0x80020200L, 0x80000000L, 0x80800000L, 0x00820000L,
0x80820200L, 0x00020200L, 0x00820000L, 0x80800200L,
0x00800000L, 0x80000200L, 0x80020000L, 0x00000000L,
0x00020000L, 0x00800000L, 0x80800200L, 0x00820200L,
0x80000000L, 0x80820000L, 0x00000200L, 0x80020200L,
},{
0x00820200l, 0x00020000l, 0x80800000l, 0x80820200l,
0x00800000l, 0x80020200l, 0x80020000l, 0x80800000l,
0x80020200l, 0x00820200l, 0x00820000l, 0x80000200l,
0x80800200l, 0x00800000l, 0x00000000l, 0x80020000l,
0x00020000l, 0x80000000l, 0x00800200l, 0x00020200l,
0x80820200l, 0x00820000l, 0x80000200l, 0x00800200l,
0x80000000l, 0x00000200l, 0x00020200l, 0x80820000l,
0x00000200l, 0x80800200l, 0x80820000l, 0x00000000l,
0x00000000l, 0x80820200l, 0x00800200l, 0x80020000l,
0x00820200l, 0x00020000l, 0x80000200l, 0x00800200l,
0x80820000l, 0x00000200l, 0x00020200l, 0x80800000l,
0x80020200l, 0x80000000l, 0x80800000l, 0x00820000l,
0x80820200l, 0x00020200l, 0x00820000l, 0x80800200l,
0x00800000l, 0x80000200l, 0x80020000l, 0x00000000l,
0x00020000l, 0x00800000l, 0x80800200l, 0x00820200l,
0x80000000l, 0x80820000l, 0x00000200l, 0x80020200l,
},
{
/* nibble 1 */
0x10042004L, 0x00000000L, 0x00042000L, 0x10040000L,
0x10000004L, 0x00002004L, 0x10002000L, 0x00042000L,
0x00002000L, 0x10040004L, 0x00000004L, 0x10002000L,
0x00040004L, 0x10042000L, 0x10040000L, 0x00000004L,
0x00040000L, 0x10002004L, 0x10040004L, 0x00002000L,
0x00042004L, 0x10000000L, 0x00000000L, 0x00040004L,
0x10002004L, 0x00042004L, 0x10042000L, 0x10000004L,
0x10000000L, 0x00040000L, 0x00002004L, 0x10042004L,
0x00040004L, 0x10042000L, 0x10002000L, 0x00042004L,
0x10042004L, 0x00040004L, 0x10000004L, 0x00000000L,
0x10000000L, 0x00002004L, 0x00040000L, 0x10040004L,
0x00002000L, 0x10000000L, 0x00042004L, 0x10002004L,
0x10042000L, 0x00002000L, 0x00000000L, 0x10000004L,
0x00000004L, 0x10042004L, 0x00042000L, 0x10040000L,
0x10040004L, 0x00040000L, 0x00002004L, 0x10002000L,
0x10002004L, 0x00000004L, 0x10040000L, 0x00042000L,
},{
0x10042004l, 0x00000000l, 0x00042000l, 0x10040000l,
0x10000004l, 0x00002004l, 0x10002000l, 0x00042000l,
0x00002000l, 0x10040004l, 0x00000004l, 0x10002000l,
0x00040004l, 0x10042000l, 0x10040000l, 0x00000004l,
0x00040000l, 0x10002004l, 0x10040004l, 0x00002000l,
0x00042004l, 0x10000000l, 0x00000000l, 0x00040004l,
0x10002004l, 0x00042004l, 0x10042000l, 0x10000004l,
0x10000000l, 0x00040000l, 0x00002004l, 0x10042004l,
0x00040004l, 0x10042000l, 0x10002000l, 0x00042004l,
0x10042004l, 0x00040004l, 0x10000004l, 0x00000000l,
0x10000000l, 0x00002004l, 0x00040000l, 0x10040004l,
0x00002000l, 0x10000000l, 0x00042004l, 0x10002004l,
0x10042000l, 0x00002000l, 0x00000000l, 0x10000004l,
0x00000004l, 0x10042004l, 0x00042000l, 0x10040000l,
0x10040004l, 0x00040000l, 0x00002004l, 0x10002000l,
0x10002004l, 0x00000004l, 0x10040000l, 0x00042000l,
},
{
/* nibble 2 */
0x41000000L, 0x01010040L, 0x00000040L, 0x41000040L,
0x40010000L, 0x01000000L, 0x41000040L, 0x00010040L,
0x01000040L, 0x00010000L, 0x01010000L, 0x40000000L,
0x41010040L, 0x40000040L, 0x40000000L, 0x41010000L,
0x00000000L, 0x40010000L, 0x01010040L, 0x00000040L,
0x40000040L, 0x41010040L, 0x00010000L, 0x41000000L,
0x41010000L, 0x01000040L, 0x40010040L, 0x01010000L,
0x00010040L, 0x00000000L, 0x01000000L, 0x40010040L,
0x01010040L, 0x00000040L, 0x40000000L, 0x00010000L,
0x40000040L, 0x40010000L, 0x01010000L, 0x41000040L,
0x00000000L, 0x01010040L, 0x00010040L, 0x41010000L,
0x40010000L, 0x01000000L, 0x41010040L, 0x40000000L,
0x40010040L, 0x41000000L, 0x01000000L, 0x41010040L,
0x00010000L, 0x01000040L, 0x41000040L, 0x00010040L,
0x01000040L, 0x00000000L, 0x41010000L, 0x40000040L,
0x41000000L, 0x40010040L, 0x00000040L, 0x01010000L,
},{
0x41000000l, 0x01010040l, 0x00000040l, 0x41000040l,
0x40010000l, 0x01000000l, 0x41000040l, 0x00010040l,
0x01000040l, 0x00010000l, 0x01010000l, 0x40000000l,
0x41010040l, 0x40000040l, 0x40000000l, 0x41010000l,
0x00000000l, 0x40010000l, 0x01010040l, 0x00000040l,
0x40000040l, 0x41010040l, 0x00010000l, 0x41000000l,
0x41010000l, 0x01000040l, 0x40010040l, 0x01010000l,
0x00010040l, 0x00000000l, 0x01000000l, 0x40010040l,
0x01010040l, 0x00000040l, 0x40000000l, 0x00010000l,
0x40000040l, 0x40010000l, 0x01010000l, 0x41000040l,
0x00000000l, 0x01010040l, 0x00010040l, 0x41010000l,
0x40010000l, 0x01000000l, 0x41010040l, 0x40000000l,
0x40010040l, 0x41000000l, 0x01000000l, 0x41010040l,
0x00010000l, 0x01000040l, 0x41000040l, 0x00010040l,
0x01000040l, 0x00000000l, 0x41010000l, 0x40000040l,
0x41000000l, 0x40010040l, 0x00000040l, 0x01010000l,
},
{
/* nibble 3 */
0x00100402L, 0x04000400L, 0x00000002L, 0x04100402L,
0x00000000L, 0x04100000L, 0x04000402L, 0x00100002L,
0x04100400L, 0x04000002L, 0x04000000L, 0x00000402L,
0x04000002L, 0x00100402L, 0x00100000L, 0x04000000L,
0x04100002L, 0x00100400L, 0x00000400L, 0x00000002L,
0x00100400L, 0x04000402L, 0x04100000L, 0x00000400L,
0x00000402L, 0x00000000L, 0x00100002L, 0x04100400L,
0x04000400L, 0x04100002L, 0x04100402L, 0x00100000L,
0x04100002L, 0x00000402L, 0x00100000L, 0x04000002L,
0x00100400L, 0x04000400L, 0x00000002L, 0x04100000L,
0x04000402L, 0x00000000L, 0x00000400L, 0x00100002L,
0x00000000L, 0x04100002L, 0x04100400L, 0x00000400L,
0x04000000L, 0x04100402L, 0x00100402L, 0x00100000L,
0x04100402L, 0x00000002L, 0x04000400L, 0x00100402L,
0x00100002L, 0x00100400L, 0x04100000L, 0x04000402L,
0x00000402L, 0x04000000L, 0x04000002L, 0x04100400L,
},{
0x00100402l, 0x04000400l, 0x00000002l, 0x04100402l,
0x00000000l, 0x04100000l, 0x04000402l, 0x00100002l,
0x04100400l, 0x04000002l, 0x04000000l, 0x00000402l,
0x04000002l, 0x00100402l, 0x00100000l, 0x04000000l,
0x04100002l, 0x00100400l, 0x00000400l, 0x00000002l,
0x00100400l, 0x04000402l, 0x04100000l, 0x00000400l,
0x00000402l, 0x00000000l, 0x00100002l, 0x04100400l,
0x04000400l, 0x04100002l, 0x04100402l, 0x00100000l,
0x04100002l, 0x00000402l, 0x00100000l, 0x04000002l,
0x00100400l, 0x04000400l, 0x00000002l, 0x04100000l,
0x04000402l, 0x00000000l, 0x00000400l, 0x00100002l,
0x00000000l, 0x04100002l, 0x04100400l, 0x00000400l,
0x04000000l, 0x04100402l, 0x00100402l, 0x00100000l,
0x04100402l, 0x00000002l, 0x04000400l, 0x00100402l,
0x00100002l, 0x00100400l, 0x04100000l, 0x04000402l,
0x00000402l, 0x04000000l, 0x04000002l, 0x04100400l,
},
{
/* nibble 4 */
0x02000000L, 0x00004000L, 0x00000100L, 0x02004108L,
0x02004008L, 0x02000100L, 0x00004108L, 0x02004000L,
0x00004000L, 0x00000008L, 0x02000008L, 0x00004100L,
0x02000108L, 0x02004008L, 0x02004100L, 0x00000000L,
0x00004100L, 0x02000000L, 0x00004008L, 0x00000108L,
0x02000100L, 0x00004108L, 0x00000000L, 0x02000008L,
0x00000008L, 0x02000108L, 0x02004108L, 0x00004008L,
0x02004000L, 0x00000100L, 0x00000108L, 0x02004100L,
0x02004100L, 0x02000108L, 0x00004008L, 0x02004000L,
0x00004000L, 0x00000008L, 0x02000008L, 0x02000100L,
0x02000000L, 0x00004100L, 0x02004108L, 0x00000000L,
0x00004108L, 0x02000000L, 0x00000100L, 0x00004008L,
0x02000108L, 0x00000100L, 0x00000000L, 0x02004108L,
0x02004008L, 0x02004100L, 0x00000108L, 0x00004000L,
0x00004100L, 0x02004008L, 0x02000100L, 0x00000108L,
0x00000008L, 0x00004108L, 0x02004000L, 0x02000008L,
},{
0x02000000l, 0x00004000l, 0x00000100l, 0x02004108l,
0x02004008l, 0x02000100l, 0x00004108l, 0x02004000l,
0x00004000l, 0x00000008l, 0x02000008l, 0x00004100l,
0x02000108l, 0x02004008l, 0x02004100l, 0x00000000l,
0x00004100l, 0x02000000l, 0x00004008l, 0x00000108l,
0x02000100l, 0x00004108l, 0x00000000l, 0x02000008l,
0x00000008l, 0x02000108l, 0x02004108l, 0x00004008l,
0x02004000l, 0x00000100l, 0x00000108l, 0x02004100l,
0x02004100l, 0x02000108l, 0x00004008l, 0x02004000l,
0x00004000l, 0x00000008l, 0x02000008l, 0x02000100l,
0x02000000l, 0x00004100l, 0x02004108l, 0x00000000l,
0x00004108l, 0x02000000l, 0x00000100l, 0x00004008l,
0x02000108l, 0x00000100l, 0x00000000l, 0x02004108l,
0x02004008l, 0x02004100l, 0x00000108l, 0x00004000l,
0x00004100l, 0x02004008l, 0x02000100l, 0x00000108l,
0x00000008l, 0x00004108l, 0x02004000l, 0x02000008l,
},
{
/* nibble 5 */
0x20000010L, 0x00080010L, 0x00000000L, 0x20080800L,
0x00080010L, 0x00000800L, 0x20000810L, 0x00080000L,
0x00000810L, 0x20080810L, 0x00080800L, 0x20000000L,
0x20000800L, 0x20000010L, 0x20080000L, 0x00080810L,
0x00080000L, 0x20000810L, 0x20080010L, 0x00000000L,
0x00000800L, 0x00000010L, 0x20080800L, 0x20080010L,
0x20080810L, 0x20080000L, 0x20000000L, 0x00000810L,
0x00000010L, 0x00080800L, 0x00080810L, 0x20000800L,
0x00000810L, 0x20000000L, 0x20000800L, 0x00080810L,
0x20080800L, 0x00080010L, 0x00000000L, 0x20000800L,
0x20000000L, 0x00000800L, 0x20080010L, 0x00080000L,
0x00080010L, 0x20080810L, 0x00080800L, 0x00000010L,
0x20080810L, 0x00080800L, 0x00080000L, 0x20000810L,
0x20000010L, 0x20080000L, 0x00080810L, 0x00000000L,
0x00000800L, 0x20000010L, 0x20000810L, 0x20080800L,
0x20080000L, 0x00000810L, 0x00000010L, 0x20080010L,
},{
0x20000010l, 0x00080010l, 0x00000000l, 0x20080800l,
0x00080010l, 0x00000800l, 0x20000810l, 0x00080000l,
0x00000810l, 0x20080810l, 0x00080800l, 0x20000000l,
0x20000800l, 0x20000010l, 0x20080000l, 0x00080810l,
0x00080000l, 0x20000810l, 0x20080010l, 0x00000000l,
0x00000800l, 0x00000010l, 0x20080800l, 0x20080010l,
0x20080810l, 0x20080000l, 0x20000000l, 0x00000810l,
0x00000010l, 0x00080800l, 0x00080810l, 0x20000800l,
0x00000810l, 0x20000000l, 0x20000800l, 0x00080810l,
0x20080800l, 0x00080010l, 0x00000000l, 0x20000800l,
0x20000000l, 0x00000800l, 0x20080010l, 0x00080000l,
0x00080010l, 0x20080810l, 0x00080800l, 0x00000010l,
0x20080810l, 0x00080800l, 0x00080000l, 0x20000810l,
0x20000010l, 0x20080000l, 0x00080810l, 0x00000000l,
0x00000800l, 0x20000010l, 0x20000810l, 0x20080800l,
0x20080000l, 0x00000810l, 0x00000010l, 0x20080010l,
},
{
/* nibble 6 */
0x00001000L, 0x00000080L, 0x00400080L, 0x00400001L,
0x00401081L, 0x00001001L, 0x00001080L, 0x00000000L,
0x00400000L, 0x00400081L, 0x00000081L, 0x00401000L,
0x00000001L, 0x00401080L, 0x00401000L, 0x00000081L,
0x00400081L, 0x00001000L, 0x00001001L, 0x00401081L,
0x00000000L, 0x00400080L, 0x00400001L, 0x00001080L,
0x00401001L, 0x00001081L, 0x00401080L, 0x00000001L,
0x00001081L, 0x00401001L, 0x00000080L, 0x00400000L,
0x00001081L, 0x00401000L, 0x00401001L, 0x00000081L,
0x00001000L, 0x00000080L, 0x00400000L, 0x00401001L,
0x00400081L, 0x00001081L, 0x00001080L, 0x00000000L,
0x00000080L, 0x00400001L, 0x00000001L, 0x00400080L,
0x00000000L, 0x00400081L, 0x00400080L, 0x00001080L,
0x00000081L, 0x00001000L, 0x00401081L, 0x00400000L,
0x00401080L, 0x00000001L, 0x00001001L, 0x00401081L,
0x00400001L, 0x00401080L, 0x00401000L, 0x00001001L,
},{
0x00001000l, 0x00000080l, 0x00400080l, 0x00400001l,
0x00401081l, 0x00001001l, 0x00001080l, 0x00000000l,
0x00400000l, 0x00400081l, 0x00000081l, 0x00401000l,
0x00000001l, 0x00401080l, 0x00401000l, 0x00000081l,
0x00400081l, 0x00001000l, 0x00001001l, 0x00401081l,
0x00000000l, 0x00400080l, 0x00400001l, 0x00001080l,
0x00401001l, 0x00001081l, 0x00401080l, 0x00000001l,
0x00001081l, 0x00401001l, 0x00000080l, 0x00400000l,
0x00001081l, 0x00401000l, 0x00401001l, 0x00000081l,
0x00001000l, 0x00000080l, 0x00400000l, 0x00401001l,
0x00400081l, 0x00001081l, 0x00001080l, 0x00000000l,
0x00000080l, 0x00400001l, 0x00000001l, 0x00400080l,
0x00000000l, 0x00400081l, 0x00400080l, 0x00001080l,
0x00000081l, 0x00001000l, 0x00401081l, 0x00400000l,
0x00401080l, 0x00000001l, 0x00001001l, 0x00401081l,
0x00400001l, 0x00401080l, 0x00401000l, 0x00001001l,
},
{
/* nibble 7 */
0x08200020L, 0x08208000L, 0x00008020L, 0x00000000L,
0x08008000L, 0x00200020L, 0x08200000L, 0x08208020L,
0x00000020L, 0x08000000L, 0x00208000L, 0x00008020L,
0x00208020L, 0x08008020L, 0x08000020L, 0x08200000L,
0x00008000L, 0x00208020L, 0x00200020L, 0x08008000L,
0x08208020L, 0x08000020L, 0x00000000L, 0x00208000L,
0x08000000L, 0x00200000L, 0x08008020L, 0x08200020L,
0x00200000L, 0x00008000L, 0x08208000L, 0x00000020L,
0x00200000L, 0x00008000L, 0x08000020L, 0x08208020L,
0x00008020L, 0x08000000L, 0x00000000L, 0x00208000L,
0x08200020L, 0x08008020L, 0x08008000L, 0x00200020L,
0x08208000L, 0x00000020L, 0x00200020L, 0x08008000L,
0x08208020L, 0x00200000L, 0x08200000L, 0x08000020L,
0x00208000L, 0x00008020L, 0x08008020L, 0x08200000L,
0x00000020L, 0x08208000L, 0x00208020L, 0x00000000L,
0x08000000L, 0x08200020L, 0x00008000L, 0x00208020L,
}};
0x08200020l, 0x08208000l, 0x00008020l, 0x00000000l,
0x08008000l, 0x00200020l, 0x08200000l, 0x08208020l,
0x00000020l, 0x08000000l, 0x00208000l, 0x00008020l,
0x00208020l, 0x08008020l, 0x08000020l, 0x08200000l,
0x00008000l, 0x00208020l, 0x00200020l, 0x08008000l,
0x08208020l, 0x08000020l, 0x00000000l, 0x00208000l,
0x08000000l, 0x00200000l, 0x08008020l, 0x08200020l,
0x00200000l, 0x00008000l, 0x08208000l, 0x00000020l,
0x00200000l, 0x00008000l, 0x08000020l, 0x08208020l,
0x00008020l, 0x08000000l, 0x00000000l, 0x00208000l,
0x08200020l, 0x08008020l, 0x08008000l, 0x00200020l,
0x08208000l, 0x00000020l, 0x00200020l, 0x08008000l,
0x08208020l, 0x00200000l, 0x08200000l, 0x08000020l,
0x00208000l, 0x00008020l, 0x08008020l, 0x08200000l,
0x00000020l, 0x08208000l, 0x00208020l, 0x00000000l,
0x08000000l, 0x08200020l, 0x00008000l, 0x00208020l,
}
};

467
crypto/xform.c
View file

@ -1,5 +1,7 @@
/* $OpenBSD: xform.c,v 1.61 2021/10/22 12:30:53 bluhm Exp $ */
/*
/****************************************************************************
* crypto/xform.c
* $OpenBSD: xform.c,v 1.61 2021/10/22 12:30:53 bluhm Exp $
*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
* Niels Provos (provos@physnet.uni-hamburg.de),
@ -9,11 +11,12 @@
* This code was written by John Ioannidis for BSD/OS in Athens, Greece,
* in November 1995.
*
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* Ported to OpenBSD and NetBSD, with additional transforms,
* in December 1996,
* by Angelos D. Keromytis.
*
* Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
* and Niels Provos.
* Additional transforms and features in 1997 and 1998 by
* Angelos D. Keromytis and Niels Provos.
*
* Additional features in 1999 by Angelos D. Keromytis.
*
@ -44,7 +47,11 @@
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
* PURPOSE.
*/
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/param.h>
#include <sys/systm.h>
@ -68,63 +75,73 @@
#include "des_locl.h"
extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, int);
/****************************************************************************
* Public Functions
****************************************************************************/
int des_set_key(void *, caddr_t);
int des3_setkey(void *, u_int8_t *, int);
int blf_setkey(void *, u_int8_t *, int);
int cast5_setkey(void *, u_int8_t *, int);
int aes_setkey(void *, u_int8_t *, int);
int aes_ctr_setkey(void *, u_int8_t *, int);
int aes_xts_setkey(void *, u_int8_t *, int);
int null_setkey(void *, u_int8_t *, int);
extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t,
caddr_t, caddr_t, int);
void des3_encrypt(caddr_t, u_int8_t *);
void blf_encrypt(caddr_t, u_int8_t *);
void cast5_encrypt(caddr_t, u_int8_t *);
void aes_encrypt(caddr_t, u_int8_t *);
void null_encrypt(caddr_t, u_int8_t *);
void aes_xts_encrypt(caddr_t, u_int8_t *);
int des_set_key(FAR void *, caddr_t);
int des3_setkey(FAR void *, FAR uint8_t *, int);
int blf_setkey(FAR void *, FAR uint8_t *, int);
int cast5_setkey(FAR void *, FAR uint8_t *, int);
int aes_setkey_xform(FAR void *, FAR uint8_t *, int);
int aes_ctr_setkey(FAR void *, FAR uint8_t *, int);
int aes_xts_setkey(FAR void *, FAR uint8_t *, int);
int null_setkey(FAR void *, FAR uint8_t *, int);
void des3_decrypt(caddr_t, u_int8_t *);
void blf_decrypt(caddr_t, u_int8_t *);
void cast5_decrypt(caddr_t, u_int8_t *);
void aes_decrypt(caddr_t, u_int8_t *);
void null_decrypt(caddr_t, u_int8_t *);
void aes_xts_decrypt(caddr_t, u_int8_t *);
void des3_encrypt(caddr_t, FAR uint8_t *);
void blf_encrypt(caddr_t, FAR uint8_t *);
void cast5_encrypt(caddr_t, FAR uint8_t *);
void aes_encrypt_xform(caddr_t, FAR uint8_t *);
void null_encrypt(caddr_t, FAR uint8_t *);
void aes_xts_encrypt(caddr_t, FAR uint8_t *);
void aes_ctr_crypt(caddr_t, u_int8_t *);
void des3_decrypt(caddr_t, FAR uint8_t *);
void blf_decrypt(caddr_t, FAR uint8_t *);
void cast5_decrypt(caddr_t, FAR uint8_t *);
void aes_decrypt_xform(caddr_t, FAR uint8_t *);
void null_decrypt(caddr_t, FAR uint8_t *);
void aes_xts_decrypt(caddr_t, FAR uint8_t *);
void aes_ctr_reinit(caddr_t, u_int8_t *);
void aes_xts_reinit(caddr_t, u_int8_t *);
void aes_gcm_reinit(caddr_t, u_int8_t *);
void aes_ctr_crypt(caddr_t, FAR uint8_t *);
int MD5Update_int(void *, const u_int8_t *, u_int16_t);
int SHA1Update_int(void *, const u_int8_t *, u_int16_t);
int RMD160Update_int(void *, const u_int8_t *, u_int16_t);
int SHA256Update_int(void *, const u_int8_t *, u_int16_t);
int SHA384Update_int(void *, const u_int8_t *, u_int16_t);
int SHA512Update_int(void *, const u_int8_t *, u_int16_t);
void aes_ctr_reinit(caddr_t, FAR uint8_t *);
void aes_xts_reinit(caddr_t, FAR uint8_t *);
void aes_gcm_reinit(caddr_t, FAR uint8_t *);
u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
int md5update_int(FAR void *, FAR const uint8_t *, uint16_t);
int sha1update_int(FAR void *, FAR const uint8_t *, uint16_t);
int rmd160update_int(FAR void *, FAR const uint8_t *, uint16_t);
int sha256update_int(FAR void *, FAR const uint8_t *, uint16_t);
int sha384update_int(FAR void *, FAR const uint8_t *, uint16_t);
int sha512update_int(FAR void *, FAR const uint8_t *, uint16_t);
struct aes_ctr_ctx {
uint32_t deflate_compress(FAR uint8_t *, uint32_t, FAR uint8_t **);
uint32_t deflate_decompress(FAR uint8_t *, uint32_t, FAR uint8_t **);
struct aes_ctr_ctx
{
AES_CTX ac_key;
u_int8_t ac_block[AESCTR_BLOCKSIZE];
uint8_t ac_block[AESCTR_BLOCKSIZE];
};
struct aes_xts_ctx {
struct aes_xts_ctx
{
rijndael_ctx key1;
rijndael_ctx key2;
u_int8_t tweak[AES_XTS_BLOCKSIZE];
uint8_t tweak[AES_XTS_BLOCKSIZE];
};
/* Helper */
void aes_xts_crypt(struct aes_xts_ctx *, u_int8_t *, u_int);
void aes_xts_crypt(FAR struct aes_xts_ctx *, FAR uint8_t *, u_int);
/* Encryption instances */
const struct enc_xform enc_xform_3des = {
const struct enc_xform enc_xform_3des =
{
CRYPTO_3DES_CBC, "3DES",
8, 8, 24, 24, 384,
des3_encrypt,
@ -133,7 +150,8 @@ const struct enc_xform enc_xform_3des = {
NULL
};
const struct enc_xform enc_xform_blf = {
const struct enc_xform enc_xform_blf =
{
CRYPTO_BLF_CBC, "Blowfish",
8, 8, 5, 56 /* 448 bits, max key */,
sizeof(blf_ctx),
@ -143,7 +161,8 @@ const struct enc_xform enc_xform_blf = {
NULL
};
const struct enc_xform enc_xform_cast5 = {
const struct enc_xform enc_xform_cast5 =
{
CRYPTO_CAST_CBC, "CAST-128",
8, 8, 5, 16,
sizeof(cast_key),
@ -153,17 +172,19 @@ const struct enc_xform enc_xform_cast5 = {
NULL
};
const struct enc_xform enc_xform_aes = {
const struct enc_xform enc_xform_aes =
{
CRYPTO_AES_CBC, "AES",
16, 16, 16, 32,
sizeof(AES_CTX),
aes_encrypt,
aes_decrypt,
aes_setkey,
aes_encrypt_xform,
aes_decrypt_xform,
aes_setkey_xform,
NULL
};
const struct enc_xform enc_xform_aes_ctr = {
const struct enc_xform enc_xform_aes_ctr =
{
CRYPTO_AES_CTR, "AES-CTR",
16, 8, 16 + 4, 32 + 4,
sizeof(struct aes_ctr_ctx),
@ -173,7 +194,8 @@ const struct enc_xform enc_xform_aes_ctr = {
aes_ctr_reinit
};
const struct enc_xform enc_xform_aes_gcm = {
const struct enc_xform enc_xform_aes_gcm =
{
CRYPTO_AES_GCM_16, "AES-GCM",
1, 8, 16 + 4, 32 + 4,
sizeof(struct aes_ctr_ctx),
@ -183,7 +205,8 @@ const struct enc_xform enc_xform_aes_gcm = {
aes_gcm_reinit
};
const struct enc_xform enc_xform_aes_gmac = {
const struct enc_xform enc_xform_aes_gmac =
{
CRYPTO_AES_GMAC, "AES-GMAC",
1, 8, 16 + 4, 32 + 4, 0,
NULL,
@ -192,7 +215,8 @@ const struct enc_xform enc_xform_aes_gmac = {
NULL
};
const struct enc_xform enc_xform_aes_xts = {
const struct enc_xform enc_xform_aes_xts =
{
CRYPTO_AES_XTS, "AES-XTS",
16, 8, 32, 64,
sizeof(struct aes_xts_ctx),
@ -202,7 +226,8 @@ const struct enc_xform enc_xform_aes_xts = {
aes_xts_reinit
};
const struct enc_xform enc_xform_chacha20_poly1305 = {
const struct enc_xform enc_xform_chacha20_poly1305 =
{
CRYPTO_CHACHA20_POLY1305, "CHACHA20-POLY1305",
1, 8, 32 + 4, 32 + 4,
sizeof(struct chacha20_ctx),
@ -212,7 +237,8 @@ const struct enc_xform enc_xform_chacha20_poly1305 = {
chacha20_reinit
};
const struct enc_xform enc_xform_null = {
const struct enc_xform enc_xform_null =
{
CRYPTO_NULL, "NULL",
4, 0, 0, 256, 0,
null_encrypt,
@ -222,320 +248,347 @@ const struct enc_xform enc_xform_null = {
};
/* Authentication instances */
const struct auth_hash auth_hash_hmac_md5_96 = {
const struct auth_hash auth_hash_hmac_md5_96 =
{
CRYPTO_MD5_HMAC, "HMAC-MD5",
16, 16, 12, sizeof(MD5_CTX), HMAC_MD5_BLOCK_LEN,
(void (*) (void *)) MD5Init, NULL, NULL,
MD5Update_int,
(void (*) (u_int8_t *, void *)) MD5Final
(void (*) (FAR void *)) md5init, NULL, NULL,
md5update_int,
(void (*) (FAR uint8_t *, FAR void *)) md5final
};
const struct auth_hash auth_hash_hmac_sha1_96 = {
const struct auth_hash auth_hash_hmac_sha1_96 =
{
CRYPTO_SHA1_HMAC, "HMAC-SHA1",
20, 20, 12, sizeof(SHA1_CTX), HMAC_SHA1_BLOCK_LEN,
(void (*) (void *)) SHA1Init, NULL, NULL,
SHA1Update_int,
(void (*) (u_int8_t *, void *)) SHA1Final
(void (*) (FAR void *)) sha1init, NULL, NULL,
sha1update_int,
(void (*) (FAR uint8_t *, FAR void *)) sha1final
};
const struct auth_hash auth_hash_hmac_ripemd_160_96 = {
const struct auth_hash auth_hash_hmac_ripemd_160_96 =
{
CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
20, 20, 12, sizeof(RMD160_CTX), HMAC_RIPEMD160_BLOCK_LEN,
(void (*)(void *)) RMD160Init, NULL, NULL,
RMD160Update_int,
(void (*)(u_int8_t *, void *)) RMD160Final
(void (*)(FAR void *)) rmd160init, NULL, NULL,
rmd160update_int,
(void (*)(FAR uint8_t *, FAR void *)) rmd160final
};
const struct auth_hash auth_hash_hmac_sha2_256_128 = {
const struct auth_hash auth_hash_hmac_sha2_256_128 =
{
CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
32, 32, 16, sizeof(SHA2_CTX), HMAC_SHA2_256_BLOCK_LEN,
(void (*)(void *)) SHA256Init, NULL, NULL,
SHA256Update_int,
(void (*)(u_int8_t *, void *)) SHA256Final
(void (*)(FAR void *)) sha256init, NULL, NULL,
sha256update_int,
(void (*)(FAR uint8_t *, FAR void *)) sha256final
};
const struct auth_hash auth_hash_hmac_sha2_384_192 = {
const struct auth_hash auth_hash_hmac_sha2_384_192 =
{
CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
48, 48, 24, sizeof(SHA2_CTX), HMAC_SHA2_384_BLOCK_LEN,
(void (*)(void *)) SHA384Init, NULL, NULL,
SHA384Update_int,
(void (*)(u_int8_t *, void *)) SHA384Final
(void (*)(FAR void *)) sha384init, NULL, NULL,
sha384update_int,
(void (*)(FAR uint8_t *, FAR void *)) sha384final
};
const struct auth_hash auth_hash_hmac_sha2_512_256 = {
const struct auth_hash auth_hash_hmac_sha2_512_256 =
{
CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
64, 64, 32, sizeof(SHA2_CTX), HMAC_SHA2_512_BLOCK_LEN,
(void (*)(void *)) SHA512Init, NULL, NULL,
SHA512Update_int,
(void (*)(u_int8_t *, void *)) SHA512Final
(void (*)(FAR void *)) sha512init, NULL, NULL,
sha512update_int,
(void (*)(FAR uint8_t *, FAR void *)) sha512final
};
const struct auth_hash auth_hash_gmac_aes_128 = {
const struct auth_hash auth_hash_gmac_aes_128 =
{
CRYPTO_AES_128_GMAC, "GMAC-AES-128",
16 + 4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),
AESCTR_BLOCKSIZE, AES_GMAC_Init, AES_GMAC_Setkey, AES_GMAC_Reinit,
AES_GMAC_Update, AES_GMAC_Final
AESCTR_BLOCKSIZE, aes_gmac_init, aes_gmac_setkey, aes_gmac_reinit,
aes_gmac_update, aes_gmac_final
};
const struct auth_hash auth_hash_gmac_aes_192 = {
const struct auth_hash auth_hash_gmac_aes_192 =
{
CRYPTO_AES_192_GMAC, "GMAC-AES-192",
24 + 4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),
AESCTR_BLOCKSIZE, AES_GMAC_Init, AES_GMAC_Setkey, AES_GMAC_Reinit,
AES_GMAC_Update, AES_GMAC_Final
AESCTR_BLOCKSIZE, aes_gmac_init, aes_gmac_setkey, aes_gmac_reinit,
aes_gmac_update, aes_gmac_final
};
const struct auth_hash auth_hash_gmac_aes_256 = {
const struct auth_hash auth_hash_gmac_aes_256 =
{
CRYPTO_AES_256_GMAC, "GMAC-AES-256",
32 + 4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),
AESCTR_BLOCKSIZE, AES_GMAC_Init, AES_GMAC_Setkey, AES_GMAC_Reinit,
AES_GMAC_Update, AES_GMAC_Final
AESCTR_BLOCKSIZE, aes_gmac_init, aes_gmac_setkey, aes_gmac_reinit,
aes_gmac_update, aes_gmac_final
};
const struct auth_hash auth_hash_chacha20_poly1305 = {
const struct auth_hash auth_hash_chacha20_poly1305 =
{
CRYPTO_CHACHA20_POLY1305_MAC, "CHACHA20-POLY1305",
CHACHA20_KEYSIZE + CHACHA20_SALT, POLY1305_BLOCK_LEN, POLY1305_TAGLEN,
sizeof(CHACHA20_POLY1305_CTX), CHACHA20_BLOCK_LEN,
Chacha20_Poly1305_Init, Chacha20_Poly1305_Setkey,
Chacha20_Poly1305_Reinit, Chacha20_Poly1305_Update,
Chacha20_Poly1305_Final
chacha20_poly1305_init, chacha20_poly1305_setkey,
chacha20_poly1305_reinit, chacha20_poly1305_update,
chacha20_poly1305_final
};
/* Compression instance */
const struct comp_algo comp_algo_deflate = {
const struct comp_algo comp_algo_deflate =
{
CRYPTO_DEFLATE_COMP, "Deflate",
90, deflate_compress,
deflate_decompress
};
/*
* Encryption wrapper routines.
*/
void
des3_encrypt(caddr_t key, u_int8_t *blk)
/* Encryption wrapper routines. */
void des3_encrypt(caddr_t key, FAR uint8_t *blk)
{
des_ecb3_encrypt((caddr_t)blk, (caddr_t)blk, key, key + 128, key + 256, 1);
}
void
des3_decrypt(caddr_t key, u_int8_t *blk)
void des3_decrypt(caddr_t key, FAR uint8_t *blk)
{
des_ecb3_encrypt((caddr_t)blk, (caddr_t)blk, key + 256, key + 128, key, 0);
}
int
des3_setkey(void *sched, u_int8_t *key, int len)
int des3_setkey(FAR void *sched, FAR uint8_t *key, int len)
{
if (des_set_key(key, sched) < 0 || des_set_key(key + 8, sched + 128)
< 0 || des_set_key(key + 16, sched + 256) < 0)
{
return -1;
}
return 0;
}
void
blf_encrypt(caddr_t key, u_int8_t *blk)
void blf_encrypt(caddr_t key, FAR uint8_t *blk)
{
blf_ecb_encrypt((blf_ctx *) key, blk, 8);
blf_ecb_encrypt((FAR blf_ctx *) key, blk, 8);
}
void
blf_decrypt(caddr_t key, u_int8_t *blk)
void blf_decrypt(caddr_t key, FAR uint8_t *blk)
{
blf_ecb_decrypt((blf_ctx *) key, blk, 8);
blf_ecb_decrypt((FAR blf_ctx *) key, blk, 8);
}
int
blf_setkey(void *sched, u_int8_t *key, int len)
int blf_setkey(FAR void *sched, FAR uint8_t *key, int len)
{
blf_key((blf_ctx *)sched, key, len);
blf_key((FAR blf_ctx *)sched, key, len);
return 0;
}
int
null_setkey(void *sched, u_int8_t *key, int len)
int null_setkey(FAR void *sched, FAR uint8_t *key, int len)
{
return 0;
}
void
null_encrypt(caddr_t key, u_int8_t *blk)
void null_encrypt(caddr_t key, FAR uint8_t *blk)
{
}
void
null_decrypt(caddr_t key, u_int8_t *blk)
void null_decrypt(caddr_t key, FAR uint8_t *blk)
{
}
void
cast5_encrypt(caddr_t key, u_int8_t *blk)
void cast5_encrypt(caddr_t key, FAR uint8_t *blk)
{
cast_encrypt((cast_key *) key, blk, blk);
cast_encrypt((FAR cast_key *) key, blk, blk);
}
void
cast5_decrypt(caddr_t key, u_int8_t *blk)
void cast5_decrypt(caddr_t key, FAR uint8_t *blk)
{
cast_decrypt((cast_key *) key, blk, blk);
cast_decrypt((FAR cast_key *) key, blk, blk);
}
int
cast5_setkey(void *sched, u_int8_t *key, int len)
int cast5_setkey(FAR void *sched, FAR uint8_t *key, int len)
{
cast_setkey((cast_key *)sched, key, len);
cast_setkey((FAR cast_key *)sched, key, len);
return 0;
}
void
aes_encrypt(caddr_t key, u_int8_t *blk)
void aes_encrypt_xform(caddr_t key, FAR uint8_t *blk)
{
AES_Encrypt((AES_CTX *)key, blk, blk);
aes_encrypt((FAR AES_CTX *)key, blk, blk);
}
void
aes_decrypt(caddr_t key, u_int8_t *blk)
void aes_decrypt_xform(caddr_t key, FAR uint8_t *blk)
{
AES_Decrypt((AES_CTX *)key, blk, blk);
aes_decrypt((FAR AES_CTX *)key, blk, blk);
}
int
aes_setkey(void *sched, u_int8_t *key, int len)
int aes_setkey_xform(FAR void *sched, FAR uint8_t *key, int len)
{
return AES_Setkey((AES_CTX *)sched, key, len);
return aes_setkey((FAR AES_CTX *)sched, key, len);
}
void
aes_ctr_reinit(caddr_t key, u_int8_t *iv)
void aes_ctr_reinit(caddr_t key, FAR uint8_t *iv)
{
struct aes_ctr_ctx *ctx;
FAR struct aes_ctr_ctx *ctx;
ctx = (struct aes_ctr_ctx *)key;
ctx = (FAR struct aes_ctr_ctx *)key;
bcopy(iv, ctx->ac_block + AESCTR_NONCESIZE, AESCTR_IVSIZE);
/* reset counter */
bzero(ctx->ac_block + AESCTR_NONCESIZE + AESCTR_IVSIZE, 4);
}
void
aes_gcm_reinit(caddr_t key, u_int8_t *iv)
void aes_gcm_reinit(caddr_t key, FAR uint8_t *iv)
{
struct aes_ctr_ctx *ctx;
FAR struct aes_ctr_ctx *ctx;
ctx = (struct aes_ctr_ctx *)key;
ctx = (FAR struct aes_ctr_ctx *)key;
bcopy(iv, ctx->ac_block + AESCTR_NONCESIZE, AESCTR_IVSIZE);
/* reset counter */
bzero(ctx->ac_block + AESCTR_NONCESIZE + AESCTR_IVSIZE, 4);
ctx->ac_block[AESCTR_BLOCKSIZE - 1] = 1; /* GCM starts with 1 */
}
void
aes_ctr_crypt(caddr_t key, u_int8_t *data)
void aes_ctr_crypt(caddr_t key, FAR uint8_t *data)
{
struct aes_ctr_ctx *ctx;
u_int8_t keystream[AESCTR_BLOCKSIZE];
FAR struct aes_ctr_ctx *ctx;
uint8_t keystream[AESCTR_BLOCKSIZE];
int i;
ctx = (struct aes_ctr_ctx *)key;
ctx = (FAR struct aes_ctr_ctx *)key;
/* increment counter */
for (i = AESCTR_BLOCKSIZE - 1;
i >= AESCTR_NONCESIZE + AESCTR_IVSIZE; i--)
{
if (++ctx->ac_block[i]) /* continue on overflow */
{
break;
AES_Encrypt(&ctx->ac_key, ctx->ac_block, keystream);
}
}
aes_encrypt(&ctx->ac_key, ctx->ac_block, keystream);
for (i = 0; i < AESCTR_BLOCKSIZE; i++)
{
data[i] ^= keystream[i];
}
explicit_bzero(keystream, sizeof(keystream));
}
int
aes_ctr_setkey(void *sched, u_int8_t *key, int len)
int aes_ctr_setkey(FAR void *sched, FAR uint8_t *key, int len)
{
struct aes_ctr_ctx *ctx;
FAR struct aes_ctr_ctx *ctx;
if (len < AESCTR_NONCESIZE)
{
return -1;
}
ctx = (struct aes_ctr_ctx *)sched;
if (AES_Setkey(&ctx->ac_key, key, len - AESCTR_NONCESIZE) != 0)
ctx = (FAR struct aes_ctr_ctx *)sched;
if (aes_setkey(&ctx->ac_key, key, len - AESCTR_NONCESIZE) != 0)
{
return -1;
}
bcopy(key + len - AESCTR_NONCESIZE, ctx->ac_block, AESCTR_NONCESIZE);
return 0;
}
void
aes_xts_reinit(caddr_t key, u_int8_t *iv)
void aes_xts_reinit(caddr_t key, FAR uint8_t *iv)
{
struct aes_xts_ctx *ctx = (struct aes_xts_ctx *)key;
u_int64_t blocknum;
FAR struct aes_xts_ctx *ctx = (FAR struct aes_xts_ctx *)key;
uint64_t blocknum;
u_int i;
/*
* Prepare tweak as E_k2(IV). IV is specified as LE representation
/* Prepare tweak as E_k2(IV). IV is specified as LE representation
* of a 64-bit block number which we allow to be passed in directly.
*/
memcpy(&blocknum, iv, AES_XTS_IVSIZE);
for (i = 0; i < AES_XTS_IVSIZE; i++) {
for (i = 0; i < AES_XTS_IVSIZE; i++)
{
ctx->tweak[i] = blocknum & 0xff;
blocknum >>= 8;
}
/* Last 64 bits of IV are always zero */
bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE);
rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak);
}
void
aes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data, u_int do_encrypt)
void aes_xts_crypt(FAR struct aes_xts_ctx *ctx,
FAR uint8_t *data,
u_int do_encrypt)
{
u_int8_t block[AES_XTS_BLOCKSIZE];
u_int i, carry_in, carry_out;
uint8_t block[AES_XTS_BLOCKSIZE];
u_int i;
u_int carry_in;
u_int carry_out;
for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
{
block[i] = data[i] ^ ctx->tweak[i];
}
if (do_encrypt)
{
rijndael_encrypt(&ctx->key1, block, data);
}
else
{
rijndael_decrypt(&ctx->key1, block, data);
}
for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
{
data[i] ^= ctx->tweak[i];
}
/* Exponentiate tweak */
carry_in = 0;
for (i = 0; i < AES_XTS_BLOCKSIZE; i++) {
for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
{
carry_out = ctx->tweak[i] & 0x80;
ctx->tweak[i] = (ctx->tweak[i] << 1) | carry_in;
carry_in = carry_out >> 7;
}
ctx->tweak[0] ^= (AES_XTS_ALPHA & -carry_in);
explicit_bzero(block, sizeof(block));
}
void
aes_xts_encrypt(caddr_t key, u_int8_t *data)
void aes_xts_encrypt(caddr_t key, FAR uint8_t *data)
{
aes_xts_crypt((struct aes_xts_ctx *)key, data, 1);
aes_xts_crypt((FAR struct aes_xts_ctx *)key, data, 1);
}
void
aes_xts_decrypt(caddr_t key, u_int8_t *data)
void aes_xts_decrypt(caddr_t key, FAR uint8_t *data)
{
aes_xts_crypt((struct aes_xts_ctx *)key, data, 0);
aes_xts_crypt((FAR struct aes_xts_ctx *)key, data, 0);
}
int
aes_xts_setkey(void *sched, u_int8_t *key, int len)
int aes_xts_setkey(FAR void *sched, FAR uint8_t *key, int len)
{
struct aes_xts_ctx *ctx;
FAR struct aes_xts_ctx *ctx;
if (len != 32 && len != 64)
{
return -1;
}
ctx = (struct aes_xts_ctx *)sched;
ctx = (FAR struct aes_xts_ctx *)sched;
rijndael_set_key(&ctx->key1, key, len * 4);
rijndael_set_key(&ctx->key2, key + (len / 2), len * 4);
@ -543,73 +596,65 @@ aes_xts_setkey(void *sched, u_int8_t *key, int len)
return 0;
}
/*
* And now for auth.
*/
/* And now for auth. */
int
RMD160Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
int rmd160update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
{
RMD160Update(ctx, buf, len);
rmd160update(ctx, buf, len);
return 0;
}
int
MD5Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
int md5update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
{
MD5Update(ctx, buf, len);
md5update(ctx, buf, len);
return 0;
}
int
SHA1Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
int sha1update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
{
SHA1Update(ctx, buf, len);
sha1update(ctx, buf, len);
return 0;
}
int
SHA256Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
int sha256update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
{
SHA256Update(ctx, buf, len);
sha256update(ctx, buf, len);
return 0;
}
int
SHA384Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
int sha384update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
{
SHA384Update(ctx, buf, len);
sha384update(ctx, buf, len);
return 0;
}
int
SHA512Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
int sha512update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
{
SHA512Update(ctx, buf, len);
sha512update(ctx, buf, len);
return 0;
}
uint32_t deflate_global(FAR uint8_t *, uint32_t, int, FAR uint8_t **);
u_int32_t deflate_global(u_int8_t *, u_int32_t, int, u_int8_t **);
struct deflate_buf {
u_int8_t *out;
u_int32_t size;
struct deflate_buf
{
FAR uint8_t *out;
uint32_t size;
int flag;
};
/*
* And compression
*/
/* And compression */
u_int32_t
deflate_compress(u_int8_t *data, u_int32_t size, u_int8_t **out)
uint32_t deflate_compress(FAR uint8_t *data,
uint32_t size,
FAR uint8_t **out)
{
return deflate_global(data, size, 0, out);
}
u_int32_t
deflate_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out)
uint32_t deflate_decompress(FAR uint8_t *data,
uint32_t size,
FAR uint8_t **out)
{
return deflate_global(data, size, 1, out);
}

33
include/crypto/aes.h
View file

@ -1,5 +1,7 @@
/* $OpenBSD: aes.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $ */
/*
/****************************************************************************
* include/crypto/aes.h
* $OpenBSD: aes.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $
*
* Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
* Copyright (c) 2016 Mike Belopuhov
*
@ -22,29 +24,32 @@
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
****************************************************************************/
#ifndef _AES_H_
#define _AES_H_
#ifndef __INCLUDE_CRYPTO_AES_H
#define __INCLUDE_CRYPTO_AES_H
#ifndef AES_MAXROUNDS
# define AES_MAXROUNDS (14)
#endif
typedef struct aes_ctx {
typedef struct aes_ctx
{
uint32_t sk[60];
uint32_t sk_exp[120];
unsigned num_rounds;
} AES_CTX;
int AES_Setkey(AES_CTX *, const uint8_t *, int);
void AES_Encrypt(AES_CTX *, const uint8_t *, uint8_t *);
void AES_Decrypt(AES_CTX *, const uint8_t *, uint8_t *);
void AES_Encrypt_ECB(AES_CTX *, const uint8_t *, uint8_t *, size_t);
void AES_Decrypt_ECB(AES_CTX *, const uint8_t *, uint8_t *, size_t);
int aes_setkey(FAR AES_CTX *, FAR const uint8_t *, int);
void aes_encrypt(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *);
void aes_decrypt(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *);
void aes_encrypt_ecb(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *,
size_t);
void aes_decrypt_ecb(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *,
size_t);
int AES_KeySetup_Encrypt(uint32_t *, const uint8_t *, int);
int AES_KeySetup_Decrypt(uint32_t *, const uint8_t *, int);
int aes_keysetup_encrypt(FAR uint32_t *, FAR const uint8_t *, int);
int aes_keysetup_decrypt(FAR uint32_t *, FAR const uint8_t *, int);
#endif /* _AES_H_ */
#endif /* __INCLUDE_CRYPTO_AES_H */

60
include/crypto/blf.h
View file

@ -1,6 +1,7 @@
/* $OpenBSD: blf.h,v 1.7 2021/11/29 01:04:45 djm Exp $ */
/*
/****************************************************************************
* include/crypto/blf.h
* $OpenBSD: blf.h,v 1.7 2021/11/29 01:04:45 djm Exp $
*
* Blowfish - a fast block cipher designed by Bruce Schneier
*
* Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
@ -27,10 +28,10 @@
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
****************************************************************************/
#ifndef _BLF_H_
#define _BLF_H_
#ifndef __INCLUDE_CRYPTO_BLF_H
#define __INCLUDE_CRYPTO_BLF_H
/* Schneier states the maximum key length to be 56 bytes.
* The way how the subkeys are initialized by the key up
@ -44,10 +45,13 @@
#define BLF_MAXUTILIZED ((BLF_N + 2) * 4) /* 576 bits */
/* Blowfish context */
typedef struct BlowfishContext {
u_int32_t S[4][256]; /* S-Boxes */
u_int32_t P[BLF_N + 2]; /* Subkeys */
} blf_ctx;
typedef struct blowfishcontext
{
uint32_t S[4][256]; /* S-Boxes */
uint32_t P[BLF_N + 2]; /* Subkeys */
}
blf_ctx;
/* Raw access to customized Blowfish
* blf_key is just:
@ -55,25 +59,29 @@ typedef struct BlowfishContext {
* Blowfish_expand0state( state, key, keylen )
*/
void Blowfish_encipher(blf_ctx *, u_int32_t *);
void Blowfish_decipher(blf_ctx *, u_int32_t *);
void Blowfish_initstate(blf_ctx *);
void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t);
void Blowfish_expandstate(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t);
void blowfish_encipher(FAR blf_ctx *, FAR uint32_t *);
void blowfish_decipher(FAR blf_ctx *, FAR uint32_t *);
void blowfish_initstate(FAR blf_ctx *);
void blowfish_expand0state(FAR blf_ctx *, FAR const uint8_t *, uint16_t);
void blowfish_expandstate(FAR blf_ctx *, FAR const uint8_t *,
uint16_t, FAR const uint8_t *, uint16_t);
/* Standard Blowfish */
void blf_key(blf_ctx *, const u_int8_t *, u_int16_t);
void blf_enc(blf_ctx *, u_int32_t *, u_int16_t);
void blf_dec(blf_ctx *, u_int32_t *, u_int16_t);
void blf_key(FAR blf_ctx *, FAR const uint8_t *, uint16_t);
void blf_enc(FAR blf_ctx *, FAR uint32_t *, uint16_t);
void blf_dec(FAR blf_ctx *, FAR uint32_t *, uint16_t);
/* Converts u_int8_t to u_int32_t */
u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t ,
u_int16_t *);
/* Converts uint8_t to uint32_t */
void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t);
void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t);
uint32_t blowfish_stream2word(FAR const uint8_t *, uint16_t,
FAR uint16_t *);
void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
#endif
void blf_ecb_encrypt(FAR blf_ctx *, FAR uint8_t *, uint32_t);
void blf_ecb_decrypt(FAR blf_ctx *, FAR uint8_t *, uint32_t);
void blf_cbc_encrypt(FAR blf_ctx *, FAR uint8_t *, FAR uint8_t *,
uint32_t);
void blf_cbc_decrypt(FAR blf_ctx *, FAR uint8_t *, FAR uint8_t *,
uint32_t);
#endif /* __INCLUDE_CRYPTO_BLF_H */

30
include/crypto/cast.h
View file

@ -1,22 +1,28 @@
/* $OpenBSD: cast.h,v 1.2 2002/03/14 01:26:51 millert Exp $ */
/*
/****************************************************************************
* include/crypto/cast.h
* $OpenBSD: cast.h,v 1.2 2002/03/14 01:26:51 millert Exp $
*
* CAST-128 in C
* Written by Steve Reid <sreid@sea-to-sky.net>
* 100% Public Domain - no warranty
* Released 1997.10.11
*/
****************************************************************************/
#ifndef _CAST_H_
#define _CAST_H_
#ifndef __INCLUDE_CRYPTO_CAST_H
#define __INCLUDE_CRYPTO_CAST_H
typedef struct {
u_int32_t xkey[32]; /* Key, after expansion */
typedef struct
{
uint32_t xkey[32]; /* Key, after expansion */
int rounds; /* Number of rounds to use, 12 or 16 */
} cast_key;
void cast_setkey(cast_key * key, u_int8_t * rawkey, int keybytes);
void cast_encrypt(cast_key * key, u_int8_t * inblock, u_int8_t * outblock);
void cast_decrypt(cast_key * key, u_int8_t * inblock, u_int8_t * outblock);
void cast_setkey(FAR cast_key *key, FAR uint8_t *rawkey, int keybytes);
void cast_encrypt(FAR cast_key *key,
FAR uint8_t *inblock,
FAR uint8_t *outblock);
void cast_decrypt(FAR cast_key *key,
FAR uint8_t *inblock,
FAR uint8_t *outblock);
#endif /* ifndef _CAST_H_ */
#endif /* __INCLUDE_CRYPTO_CAST_H */

78
include/crypto/chachapoly.h
View file

@ -1,5 +1,6 @@
/* $OpenBSD: chachapoly.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $ */
/*
/****************************************************************************
* include/crypto/chachapoly.h
* $OpenBSD: chachapoly.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $
* Copyright (c) 2015 Mike Belopuhov
*
* Permission to use, copy, modify, and distribute this software for any
@ -13,10 +14,10 @@
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
****************************************************************************/
#ifndef _CHACHAPOLY_H_
#define _CHACHAPOLY_H_
#ifndef __INCLUDE_CRYPTO_CHACHAPOLY_H
#define __INCLUDE_CRYPTO_CHACHAPOLY_H
#define CHACHA20_KEYSIZE 32
#define CHACHA20_CTR 4
@ -24,63 +25,74 @@
#define CHACHA20_NONCE 8
#define CHACHA20_BLOCK_LEN 64
struct chacha20_ctx {
struct chacha20_ctx
{
uint8_t block[CHACHA20_BLOCK_LEN];
uint8_t nonce[CHACHA20_NONCE];
};
int chacha20_setkey(void *, u_int8_t *, int);
void chacha20_reinit(caddr_t, u_int8_t *);
void chacha20_crypt(caddr_t, u_int8_t *);
int chacha20_setkey(FAR void *, FAR uint8_t *, int);
void chacha20_reinit(caddr_t, FAR uint8_t *);
void chacha20_crypt(caddr_t, FAR uint8_t *);
#define POLY1305_KEYLEN 32
#define POLY1305_TAGLEN 16
#define POLY1305_BLOCK_LEN 16
struct poly1305_ctx {
struct poly1305_ctx
{
/* r, h, pad, leftover */
unsigned long state[5 + 5 + 4];
size_t leftover;
unsigned char buffer[POLY1305_BLOCK_LEN];
unsigned char final;
};
typedef struct {
typedef struct
{
uint8_t key[POLY1305_KEYLEN];
/* counter, salt */
uint8_t nonce[CHACHA20_NONCE];
struct chacha20_ctx chacha;
struct poly1305_ctx poly;
} CHACHA20_POLY1305_CTX;
}
CHACHA20_POLY1305_CTX;
void Chacha20_Poly1305_Init(void *);
void Chacha20_Poly1305_Setkey(void *, const uint8_t *, uint16_t);
void Chacha20_Poly1305_Reinit(void *, const uint8_t *, uint16_t);
int Chacha20_Poly1305_Update(void *, const uint8_t *, uint16_t);
void Chacha20_Poly1305_Final(uint8_t[POLY1305_TAGLEN], void *);
void chacha20_poly1305_init(FAR void *);
void chacha20_poly1305_setkey(FAR void *, FAR const uint8_t *, uint16_t);
void chacha20_poly1305_reinit(FAR void *, FAR const uint8_t *, uint16_t);
int chacha20_poly1305_update(FAR void *, FAR const uint8_t *, uint16_t);
void chacha20_poly1305_final(FAR uint8_t *, FAR void *);
/* WireGuard crypto */
#define CHACHA20POLY1305_KEY_SIZE CHACHA20_KEYSIZE
#define CHACHA20POLY1305_AUTHTAG_SIZE POLY1305_TAGLEN
#define XCHACHA20POLY1305_NONCE_SIZE 24
void chacha20poly1305_encrypt(uint8_t *, const uint8_t *, const size_t,
const uint8_t *, const size_t, const uint64_t,
const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
void chacha20poly1305_encrypt(
FAR uint8_t *, FAR const uint8_t *, const size_t,
FAR const uint8_t *, const size_t, const uint64_t,
FAR const uint8_t *);
int chacha20poly1305_decrypt(uint8_t *, const uint8_t *, const size_t,
const uint8_t *, const size_t, const uint64_t,
const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
int chacha20poly1305_decrypt(
FAR uint8_t *, FAR const uint8_t *, const size_t,
FAR const uint8_t *, const size_t, const uint64_t,
FAR const uint8_t *);
void xchacha20poly1305_encrypt(uint8_t *, const uint8_t *, const size_t,
const uint8_t *, const size_t,
const uint8_t[XCHACHA20POLY1305_NONCE_SIZE],
const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
void xchacha20poly1305_encrypt(
FAR uint8_t *, FAR const uint8_t *, const size_t,
FAR const uint8_t *, const size_t,
FAR const uint8_t *,
FAR const uint8_t *);
int xchacha20poly1305_decrypt(uint8_t *, const uint8_t *, const size_t,
const uint8_t *, const size_t,
const uint8_t[XCHACHA20POLY1305_NONCE_SIZE],
const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
int xchacha20poly1305_decrypt(
FAR uint8_t *, FAR const uint8_t *, const size_t,
FAR const uint8_t *, const size_t,
FAR const uint8_t *,
FAR const uint8_t *);
#endif /* _CHACHAPOLY_H_ */
#endif /* __INCLUDE_CRYPTO_CHACHAPOLY_H */

35
include/crypto/cmac.h
View file

@ -1,6 +1,7 @@
/* $OpenBSD: cmac.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $ */
/*-
/****************************************************************************
* include/crypto/cmac.h
* $OpenBSD: cmac.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $
*
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
*
* Permission to use, copy, modify, and distribute this software for any
@ -14,28 +15,26 @@
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
*
****************************************************************************/
#ifndef _CMAC_H_
#define _CMAC_H_
#ifndef __INCLUDE_CRYPTO_CMAC_H_
#define __INCLUDE_CRYPTO_CMAC_H_
#define AES_CMAC_KEY_LENGTH 16
#define AES_CMAC_DIGEST_LENGTH 16
typedef struct _AES_CMAC_CTX {
typedef struct _AES_CMAC_CTX
{
AES_CTX aesctx;
u_int8_t X[16];
u_int8_t M_last[16];
u_int M_n;
u_int8_t m_last[16];
u_int m_n;
} AES_CMAC_CTX;
__BEGIN_DECLS
void AES_CMAC_Init(AES_CMAC_CTX *);
void AES_CMAC_SetKey(AES_CMAC_CTX *, const u_int8_t [AES_CMAC_KEY_LENGTH]);
void AES_CMAC_Update(AES_CMAC_CTX *, const u_int8_t *, u_int)
__attribute__((__bounded__(__string__,2,3)));
void AES_CMAC_Final(u_int8_t [AES_CMAC_DIGEST_LENGTH], AES_CMAC_CTX *)
__attribute__((__bounded__(__minbytes__,1,AES_CMAC_DIGEST_LENGTH)));
__END_DECLS
void aes_cmac_init(FAR AES_CMAC_CTX *);
void aes_cmac_setkey(FAR AES_CMAC_CTX *, FAR const u_int8_t *);
void aes_cmac_update(FAR AES_CMAC_CTX *, FAR const u_int8_t *, u_int);
void aes_cmac_final(FAR u_int8_t *, FAR AES_CMAC_CTX *);
#endif /* _CMAC_H_ */
#endif /* __INCLUDE_CRYPTO_CMAC_H_ */

198
include/crypto/cryptodev.h
View file

@ -1,6 +1,6 @@
/* $OpenBSD: cryptodev.h,v 1.58 2013/10/31 10:32:38 mikeb Exp $ */
/*
/****************************************************************************
* include/crypto/cryptodev.h
* $OpenBSD: cryptodev.h,v 1.58 2013/10/31 10:32:38 mikeb Exp $
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
* This code was written by Angelos D. Keromytis in Athens, Greece, in
@ -47,15 +47,19 @@
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F30602-01-2-0537.
*
*/
****************************************************************************/
#ifndef __INCLUDE_CRYPTO_CRYPTODEV_H
#define __INCLUDE_CRYPTO_CRYPTODEV_H
#ifndef _CRYPTO_CRYPTO_H_
#define _CRYPTO_CRYPTO_H_
/****************************************************************************
* Included Files
****************************************************************************/
#include <sys/ioccom.h>
#include <sys/task.h>
/* Some initial values */
#define CRYPTO_DRIVERS_INITIAL 4
#define CRYPTO_DRIVERS_MAX 128
#define CRYPTO_SW_SESSIONS 32
@ -67,17 +71,23 @@
#define HMAC_SHA2_256_BLOCK_LEN 64
#define HMAC_SHA2_384_BLOCK_LEN 128
#define HMAC_SHA2_512_BLOCK_LEN 128
#define HMAC_MAX_BLOCK_LEN HMAC_SHA2_512_BLOCK_LEN /* keep in sync */
#define HMAC_MAX_BLOCK_LEN HMAC_SHA2_512_BLOCK_LEN
/* keep in sync */
#define HMAC_IPAD_VAL 0x36
#define HMAC_OPAD_VAL 0x5C
/* Encryption algorithm block sizes */
#define DES_BLOCK_LEN 8
#define DES3_BLOCK_LEN 8
#define BLOWFISH_BLOCK_LEN 8
#define CAST128_BLOCK_LEN 8
#define RIJNDAEL128_BLOCK_LEN 16
#define EALG_MAX_BLOCK_LEN 16 /* Keep this updated */
#define EALG_MAX_BLOCK_LEN 16
/* Keep this updated */
/* Maximum hash algorithm result length */
#define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
@ -108,27 +118,33 @@
#define CRYPTO_ALGORITHM_MAX 23 /* Keep updated */
/* Algorithm flags */
#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */
#define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */
/* Standard initialization structure beginning */
struct cryptoini {
struct cryptoini
{
int cri_alg; /* Algorithm to use */
int cri_klen; /* Key length, in bits */
int cri_rnd; /* Algorithm rounds, where relevant */
caddr_t cri_key; /* key to use */
union {
u_int8_t iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
u_int8_t esn[4]; /* high-order ESN */
union
{
uint8_t iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
uint8_t esn[4]; /* high-order ESN */
} u;
#define cri_iv u.iv
#define cri_esn u.esn
struct cryptoini *cri_next;
FAR struct cryptoini *cri_next;
};
/* Describe boundaries of a single crypto operation */
struct cryptodesc {
struct cryptodesc
{
int crd_skip; /* How many bytes to ignore from start */
int crd_len; /* How many bytes to process */
int crd_inject; /* Where to inject results, if applicable */
@ -136,9 +152,9 @@ struct cryptodesc {
#define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */
#define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in
place, so don't copy. */
* place, so don't copy.
*/
#define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */
#define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */
#define CRD_F_COMP 0x10 /* Set when doing compression */
#define CRD_F_ESN 0x20 /* Set when ESN field is provided */
@ -150,20 +166,19 @@ struct cryptodesc {
#define crd_alg CRD_INI.cri_alg
#define crd_klen CRD_INI.cri_klen
struct cryptodesc *crd_next;
FAR struct cryptodesc *crd_next;
};
/* Structure describing complete operation */
struct cryptop {
struct task crp_task;
u_int64_t crp_sid; /* Session ID */
struct cryptop
{
struct task crp_task;
uint64_t crp_sid; /* Session ID */
int crp_ilen; /* Input data total length */
int crp_olen; /* Result total length */
int crp_alloctype; /* Type of buf to allocate if needed */
int crp_etype; /*
* Error type (zero means no error).
int crp_etype; /* Error type (zero means no error).
* All error codes except EAGAIN
* indicate possible data corruption (as in,
* the data have been touched). On all
@ -180,11 +195,11 @@ struct cryptop {
#define CRYPTO_F_NOQUEUE 0x0008 /* Don't use crypto queue/thread */
#define CRYPTO_F_DONE 0x0010 /* request completed */
void *crp_buf; /* Data to be processed */
void *crp_opaque; /* Opaque pointer, passed along */
struct cryptodesc *crp_desc; /* Linked list of processing descriptors */
FAR void *crp_buf; /* Data to be processed */
FAR void *crp_opaque; /* Opaque pointer, passed along */
FAR struct cryptodesc *crp_desc; /* Linked list of processing descriptors */
int (*crp_callback)(struct cryptop *); /* Callback function */
CODE int (*crp_callback)(FAR struct cryptop *); /* Callback function */
caddr_t crp_mac;
};
@ -196,14 +211,17 @@ struct cryptop {
#define CRYPTO_OP_ENCRYPT 0x1
/* bignum parameter, in packed bytes, ... */
struct crparam {
struct crparam
{
caddr_t crp_p;
u_int crp_nbits;
};
#define CRK_MAXPARAM 8
struct crypt_kop {
struct crypt_kop
{
u_int crk_op; /* ie. CRK_MOD_EXP or other */
u_int crk_status; /* return status */
u_short crk_iparams; /* # of input parameters */
@ -211,6 +229,7 @@ struct crypt_kop {
u_int crk_pad1;
struct crparam crk_param[CRK_MAXPARAM];
};
#define CRK_MOD_EXP 0
#define CRK_MOD_EXP_CRT 1
#define CRK_DSA_SIGN 2
@ -224,72 +243,74 @@ struct crypt_kop {
#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
struct cryptkop {
struct cryptkop
{
struct task krp_task;
u_int krp_op; /* ie. CRK_MOD_EXP or other */
u_int krp_status; /* return status */
u_short krp_iparams; /* # of input parameters */
u_short krp_oparams; /* # of output parameters */
u_int32_t krp_hid;
uint32_t krp_hid;
struct crparam krp_param[CRK_MAXPARAM]; /* kvm */
int (*krp_callback)(struct cryptkop *);
CODE int (*krp_callback)(FAR struct cryptkop *);
};
/* Crypto capabilities structure */
struct cryptocap {
u_int64_t cc_operations; /* Counter of how many ops done */
u_int64_t cc_bytes; /* Counter of how many bytes done */
u_int64_t cc_koperations; /* How many PK ops done */
u_int32_t cc_sessions; /* How many sessions allocated */
struct cryptocap
{
uint64_t cc_operations; /* Counter of how many ops done */
uint64_t cc_bytes; /* Counter of how many bytes done */
uint64_t cc_koperations; /* How many PK ops done */
uint32_t cc_sessions; /* How many sessions allocated */
/* Symmetric/hash algorithms supported */
int cc_alg[CRYPTO_ALGORITHM_MAX + 1];
/* Asymmetric algorithms supported */
int cc_kalg[CRK_ALGORITHM_MAX + 1];
int cc_queued; /* Operations queued */
u_int8_t cc_flags;
uint8_t cc_flags;
#define CRYPTOCAP_F_CLEANUP 0x01
#define CRYPTOCAP_F_SOFTWARE 0x02
#define CRYPTOCAP_F_ENCRYPT_MAC 0x04 /* Can do encrypt-then-MAC (IPsec) */
#define CRYPTOCAP_F_MAC_ENCRYPT 0x08 /* Can do MAC-then-encrypt (TLS) */
int (*cc_newsession) (u_int32_t *, struct cryptoini *);
int (*cc_process) (struct cryptop *);
int (*cc_freesession) (u_int64_t);
int (*cc_kprocess) (struct cryptkop *);
CODE int (*cc_newsession)(FAR uint32_t *, FAR struct cryptoini *);
CODE int (*cc_process)(FAR struct cryptop *);
CODE int (*cc_freesession)(uint64_t);
CODE int (*cc_kprocess)(FAR struct cryptkop *);
};
/*
* ioctl parameter to request creation of a session.
*/
struct session_op {
u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
/* ioctl parameter to request creation of a session. */
u_int32_t keylen; /* cipher key */
struct session_op
{
uint32_t cipher; /* ie. CRYPTO_AES_EBC */
uint32_t mac;
uint32_t keylen; /* cipher key */
caddr_t key;
int mackeylen; /* mac key */
caddr_t mackey;
u_int32_t ses; /* returns: session # */
uint32_t ses; /* returns: session # */
};
/*
* ioctl parameter to request a crypt/decrypt operation against a session.
*/
struct crypt_op {
u_int32_t ses;
u_int16_t op; /* ie. COP_ENCRYPT */
struct crypt_op
{
uint32_t ses;
#define COP_ENCRYPT 1
#define COP_DECRYPT 2
u_int16_t flags; /* always 0 */
u_int len;
uint16_t op; /* i.e. COP_ENCRYPT */
uint16_t flags;
unsigned len;
caddr_t src, dst; /* become iov[] inside kernel */
caddr_t mac; /* must be big enough for chosen MAC */
caddr_t iv;
@ -297,44 +318,45 @@ struct crypt_op {
#define CRYPTO_MAX_MAC_LEN 20
/*
* done against open of /dev/crypto, to get a cloned descriptor.
/* done against open of /dev/crypto, to get a cloned descriptor.
* Please use F_SETFD against the cloned descriptor.
*/
#define CRIOGET _IOWR('c', 100, u_int32_t)
#define CRIOGET _IOWR('c', 100, uint32_t)
/* the following are done against the cloned descriptor */
#define CIOCGSESSION _IOWR('c', 101, struct session_op)
#define CIOCFSESSION _IOW('c', 102, u_int32_t)
#define CIOCFSESSION _IOW('c', 102, uint32_t)
#define CIOCCRYPT _IOWR('c', 103, struct crypt_op)
#define CIOCKEY _IOWR('c', 104, struct crypt_kop)
#define CIOCASYMFEAT _IOR('c', 105, u_int32_t)
#define CIOCASYMFEAT _IOR('c', 105, uint32_t)
#ifdef _KERNEL
int crypto_newsession(u_int64_t *, struct cryptoini *, int);
int crypto_freesession(u_int64_t);
int crypto_dispatch(struct cryptop *);
int crypto_kdispatch(struct cryptkop *);
int crypto_register(u_int32_t, int *,
int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t),
int (*)(struct cryptop *));
int crypto_kregister(u_int32_t, int *, int (*)(struct cryptkop *));
int crypto_unregister(u_int32_t, int);
int32_t crypto_get_driverid(u_int8_t);
int crypto_invoke(struct cryptop *);
int crypto_kinvoke(struct cryptkop *);
void crypto_done(struct cryptop *);
void crypto_kdone(struct cryptkop *);
int crypto_getfeat(int *);
int crypto_newsession(FAR uint64_t *, FAR struct cryptoini *, int);
int crypto_freesession(uint64_t);
int crypto_dispatch(FAR struct cryptop *);
int crypto_kdispatch(FAR struct cryptkop *);
int crypto_register(uint32_t, FAR int *,
CODE int (*)(uint32_t *, struct cryptoini *),
CODE int (*)(uint64_t),
CODE int (*)(FAR struct cryptop *));
int crypto_kregister(uint32_t, FAR int *, CODE int (*)(struct cryptkop *));
int crypto_unregister(uint32_t, int);
int crypto_get_driverid(uint8_t);
int crypto_invoke(FAR struct cryptop *);
int crypto_kinvoke(FAR struct cryptkop *);
void crypto_done(FAR struct cryptop *);
void crypto_kdone(FAR struct cryptkop *);
int crypto_getfeat(FAR int *);
void cuio_copydata(struct uio *, int, int, caddr_t);
void cuio_copyback(struct uio *, int, int, const void *);
int cuio_getptr(struct uio *, int, int *);
int cuio_apply(struct uio *, int, int,
int (*f)(caddr_t, caddr_t, unsigned int), caddr_t);
void cuio_copydata(FAR struct uio *, int, int, caddr_t);
void cuio_copyback(FAR struct uio *, int, int, const void *);
int cuio_getptr(FAR struct uio *, int, FAR int *);
int cuio_apply(FAR struct uio *, int, int,
CODE int (*f)(caddr_t, caddr_t, unsigned int), caddr_t);
struct cryptop *crypto_getreq(int);
void crypto_freereq(struct cryptop *);
FAR struct cryptop *crypto_getreq(int);
void crypto_freereq(FAR struct cryptop *);
#endif /* _KERNEL */
#endif /* _CRYPTO_CRYPTO_H_ */
#endif /* __INCLUDE_CRYPTO_CRYPTODEV_H */

90
include/crypto/cryptosoft.h
View file

@ -1,6 +1,7 @@
/* $OpenBSD: cryptosoft.h,v 1.14 2012/12/07 17:03:22 mikeb Exp $ */
/*
/****************************************************************************
* include/crypto/cryptosoft.h
* $OpenBSD: cryptosoft.h,v 1.14 2012/12/07 17:03:22 mikeb Exp $
*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
* This code was written by Angelos D. Keromytis in Athens, Greece, in
@ -19,56 +20,71 @@
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
* PURPOSE.
*/
*
****************************************************************************/
#ifndef _CRYPTO_CRYPTOSOFT_H_
#define _CRYPTO_CRYPTOSOFT_H_
#ifndef __INCLUDE_CRYPTO_CRYPTOSOFT_H
#define __INCLUDE_CRYPTO_CRYPTOSOFT_H
/****************************************************************************
* Included Files
****************************************************************************/
/* Software session entry */
struct swcr_data {
struct swcr_data
{
int sw_alg; /* Algorithm */
union {
struct {
u_int8_t *SW_ictx;
u_int8_t *SW_octx;
u_int32_t SW_klen;
const struct auth_hash *SW_axf;
union
{
struct
{
FAR uint8_t *ictx;
FAR uint8_t *octx;
uint32_t klen;
FAR const struct auth_hash *axf;
} SWCR_AUTH;
struct {
u_int8_t *SW_kschedule;
const struct enc_xform *SW_exf;
struct
{
FAR uint8_t *kschedule;
FAR const struct enc_xform *exf;
} SWCR_ENC;
struct {
u_int32_t SW_size;
const struct comp_algo *SW_cxf;
struct
{
uint32_t size;
FAR const struct comp_algo *cxf;
} SWCR_COMP;
} SWCR_UN;
#define sw_ictx SWCR_UN.SWCR_AUTH.SW_ictx
#define sw_octx SWCR_UN.SWCR_AUTH.SW_octx
#define sw_klen SWCR_UN.SWCR_AUTH.SW_klen
#define sw_axf SWCR_UN.SWCR_AUTH.SW_axf
#define sw_kschedule SWCR_UN.SWCR_ENC.SW_kschedule
#define sw_exf SWCR_UN.SWCR_ENC.SW_exf
#define sw_size SWCR_UN.SWCR_COMP.SW_size
#define sw_cxf SWCR_UN.SWCR_COMP.SW_cxf
#define sw_ictx SWCR_UN.SWCR_AUTH.ictx
#define sw_octx SWCR_UN.SWCR_AUTH.octx
#define sw_klen SWCR_UN.SWCR_AUTH.klen
#define sw_axf SWCR_UN.SWCR_AUTH.axf
#define sw_kschedule SWCR_UN.SWCR_ENC.kschedule
#define sw_exf SWCR_UN.SWCR_ENC.exf
#define sw_size SWCR_UN.SWCR_COMP.size
#define sw_cxf SWCR_UN.SWCR_COMP.cxf
struct swcr_data *sw_next;
};
#ifdef _KERNEL
extern const u_int8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN];
extern const u_int8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN];
extern const uint8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN];
extern const uint8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN];
int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
int swcr_authcompute(struct cryptop *, struct cryptodesc *, struct swcr_data *,
int swcr_encdec(FAR struct cryptodesc *,
FAR struct swcr_data *, caddr_t, int);
int swcr_authcompute(FAR struct cryptop *, FAR struct cryptodesc *,
FAR struct swcr_data *, caddr_t, int);
int swcr_authenc(FAR struct cryptop *);
int swcr_compdec(FAR struct cryptodesc *, FAR struct swcr_data *,
caddr_t, int);
int swcr_authenc(struct cryptop *);
int swcr_compdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
int swcr_process(struct cryptop *);
int swcr_newsession(u_int32_t *, struct cryptoini *);
int swcr_freesession(u_int64_t);
int swcr_process(FAR struct cryptop *);
int swcr_newsession(FAR uint32_t *, FAR struct cryptoini *);
int swcr_freesession(uint64_t);
void swcr_init(void);
#endif /* _KERNEL */
#endif /* _CRYPTO_CRYPTO_H_ */
#endif /* __INCLUDE_CRYPTO_CRYPTOSOFT_H */

45
include/crypto/gmac.h
View file

@ -1,6 +1,7 @@
/* $OpenBSD: gmac.h,v 1.6 2017/05/02 11:44:32 mikeb Exp $ */
/*
/****************************************************************************
* include/crypto/gmac.h
* $OpenBSD: gmac.h,v 1.6 2017/05/02 11:44:32 mikeb Exp $
*
* Copyright (c) 2010 Mike Belopuhov
*
* Permission to use, copy, modify, and distribute this software for any
@ -14,36 +15,42 @@
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
****************************************************************************/
#ifndef _GMAC_H_
#define _GMAC_H_
#ifndef __INCLUDE_CRYPTO_GMAC_H
#define __INCLUDE_CRYPTO_GMAC_H
/****************************************************************************
* Included Files
****************************************************************************/
#include <crypto/aes.h>
#define GMAC_BLOCK_LEN 16
#define GMAC_DIGEST_LEN 16
typedef struct _GHASH_CTX {
typedef struct _GHASH_CTX
{
uint8_t H[GMAC_BLOCK_LEN]; /* hash subkey */
uint8_t S[GMAC_BLOCK_LEN]; /* state */
uint8_t Z[GMAC_BLOCK_LEN]; /* initial state */
} GHASH_CTX;
}
GHASH_CTX;
typedef struct _AES_GMAC_CTX {
typedef struct _AES_GMAC_CTX
{
GHASH_CTX ghash;
AES_CTX K;
uint8_t J[GMAC_BLOCK_LEN]; /* counter block */
} AES_GMAC_CTX;
}
AES_GMAC_CTX;
__BEGIN_DECLS
extern void (*ghash_update)(GHASH_CTX *, uint8_t *, size_t);
extern void (*ghash_update)(FAR GHASH_CTX *, FAR uint8_t *, size_t);
void AES_GMAC_Init(void *);
void AES_GMAC_Setkey(void *, const uint8_t *, uint16_t);
void AES_GMAC_Reinit(void *, const uint8_t *, uint16_t);
int AES_GMAC_Update(void *, const uint8_t *, uint16_t);
void AES_GMAC_Final(uint8_t [GMAC_DIGEST_LEN], void *);
__END_DECLS
void aes_gmac_init(FAR void *);
void aes_gmac_setkey(FAR void *, FAR const uint8_t *, uint16_t);
void aes_gmac_reinit(FAR void *, FAR const uint8_t *, uint16_t);
int aes_gmac_update(FAR void *, FAR const uint8_t *, uint16_t);
void aes_gmac_final(FAR uint8_t *, FAR void *);
#endif /* _GMAC_H_ */
#endif /* __INCLUDE_CRYPTO_GMAC_H */

57
include/crypto/hmac.h
View file

@ -1,6 +1,7 @@
/* $OpenBSD: hmac.h,v 1.3 2012/12/05 23:20:15 deraadt Exp $ */
/*-
/****************************************************************************
* include/crypto/hmac.h
* $OpenBSD: hmac.h,v 1.3 2012/12/05 23:20:15 deraadt Exp $
*
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
*
* Permission to use, copy, modify, and distribute this software for any
@ -14,52 +15,42 @@
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
*
****************************************************************************/
#ifndef _HMAC_H_
#define _HMAC_H_
#ifndef __INCLUDE_CRYPTO_HMAC_H_
#define __INCLUDE_CRYPTO_HMAC_H_
typedef struct _HMAC_MD5_CTX {
typedef struct _HMAC_MD5_CTX
{
MD5_CTX ctx;
u_int8_t key[MD5_BLOCK_LENGTH];
u_int key_len;
} HMAC_MD5_CTX;
typedef struct _HMAC_SHA1_CTX {
typedef struct _HMAC_SHA1_CTX
{
SHA1_CTX ctx;
u_int8_t key[SHA1_BLOCK_LENGTH];
u_int key_len;
} HMAC_SHA1_CTX;
typedef struct _HMAC_SHA256_CTX {
typedef struct _HMAC_SHA256_CTX
{
SHA2_CTX ctx;
u_int8_t key[SHA256_BLOCK_LENGTH];
u_int key_len;
} HMAC_SHA256_CTX;
__BEGIN_DECLS
void hmac_md5_init(FAR HMAC_MD5_CTX *, FAR const u_int8_t *, u_int);
void hmac_md5_update(FAR HMAC_MD5_CTX *, FAR const u_int8_t *, u_int);
void hmac_md5_final(FAR u_int8_t *, FAR HMAC_MD5_CTX *);
void hmac_sha1_init(FAR HMAC_SHA1_CTX *, FAR const u_int8_t *, u_int);
void hmac_sha1_update(FAR HMAC_SHA1_CTX *, FAR const u_int8_t *, u_int);
void hmac_sha1_final(FAR u_int8_t *, FAR HMAC_SHA1_CTX *);
void HMAC_MD5_Init(HMAC_MD5_CTX *, const u_int8_t *, u_int)
__attribute__((__bounded__(__string__,2,3)));
void HMAC_MD5_Update(HMAC_MD5_CTX *, const u_int8_t *, u_int)
__attribute__((__bounded__(__string__,2,3)));
void HMAC_MD5_Final(u_int8_t [MD5_DIGEST_LENGTH], HMAC_MD5_CTX *)
__attribute__((__bounded__(__minbytes__,1,MD5_DIGEST_LENGTH)));
void hmac_sha256_init(FAR HMAC_SHA256_CTX *, FAR const u_int8_t *, u_int);
void hmac_sha256_update(FAR HMAC_SHA256_CTX *, FAR const u_int8_t *, u_int);
void hmac_sha256_final(FAR u_int8_t *, FAR HMAC_SHA256_CTX *);
void HMAC_SHA1_Init(HMAC_SHA1_CTX *, const u_int8_t *, u_int)
__attribute__((__bounded__(__string__,2,3)));
void HMAC_SHA1_Update(HMAC_SHA1_CTX *, const u_int8_t *, u_int)
__attribute__((__bounded__(__string__,2,3)));
void HMAC_SHA1_Final(u_int8_t [SHA1_DIGEST_LENGTH], HMAC_SHA1_CTX *)
__attribute__((__bounded__(__minbytes__,1,SHA1_DIGEST_LENGTH)));
void HMAC_SHA256_Init(HMAC_SHA256_CTX *, const u_int8_t *, u_int)
__attribute__((__bounded__(__string__,2,3)));
void HMAC_SHA256_Update(HMAC_SHA256_CTX *, const u_int8_t *, u_int)
__attribute__((__bounded__(__string__,2,3)));
void HMAC_SHA256_Final(u_int8_t [SHA256_DIGEST_LENGTH], HMAC_SHA256_CTX *)
__attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH)));
__END_DECLS
#endif /* _HMAC_H_ */
#endif /* __INCLUDE_CRYPTO_HMAC_H_ */

20
include/crypto/idgen.h
View file

@ -1,5 +1,7 @@
/* $OpenBSD: idgen.h,v 1.3 2013/06/05 05:45:54 djm Exp $ */
/*
/****************************************************************************
* include/crypto/idgen.h
* $OpenBSD: idgen.h,v 1.3 2013/06/05 05:45:54 djm Exp $
*
* Copyright (c) 2008 Damien Miller <djm@mindrot.org>
*
* Permission to use, copy, modify, and distribute this software for any
@ -13,14 +15,19 @@
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
*
****************************************************************************/
#ifndef __INCLUDE_CRYPTO_IDGEN_H_
#define __INCLUDE_CRYPTO_IDGEN_H_
#define IDGEN32_ROUNDS 31
#define IDGEN32_KEYLEN 32
#define IDGEN32_REKEY_LIMIT 0x60000000
#define IDGEN32_REKEY_TIME 600
struct idgen32_ctx {
struct idgen32_ctx
{
u_int32_t id32_counter;
u_int32_t id32_offset;
u_int32_t id32_hibit;
@ -28,6 +35,7 @@ struct idgen32_ctx {
time_t id32_rekey_time;
};
void idgen32_init(struct idgen32_ctx *);
u_int32_t idgen32(struct idgen32_ctx *);
void idgen32_init(FAR struct idgen32_ctx *);
u_int32_t idgen32(FAR struct idgen32_ctx *);
#endif /* __INCLUDE_CRYPTO_IDGEN_H_ */

33
include/crypto/key_wrap.h
View file

@ -1,6 +1,6 @@
/* $OpenBSD: key_wrap.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $ */
/*-
/****************************************************************************
* include/crypto/key_wrap.h
*$OpenBSD: key_wrap.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
*
* Permission to use, copy, modify, and distribute this software for any
@ -14,23 +14,26 @@
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
*
****************************************************************************/
#ifndef _KEY_WRAP_H_
#define _KEY_WRAP_H_
#ifndef __INCLUDE_CRYPTO_KEY_WRAP_H_
#define __INCLUDE_CRYPTO_KEY_WRAP_H_
typedef struct _aes_key_wrap_ctx {
typedef struct _aes_key_wrap_ctx
{
AES_CTX ctx;
} aes_key_wrap_ctx;
__BEGIN_DECLS
void aes_key_wrap_set_key(aes_key_wrap_ctx *, const u_int8_t *, size_t);
void aes_key_wrap_set_key_wrap_only(aes_key_wrap_ctx *, const u_int8_t *,
void aes_key_wrap_set_key(FAR aes_key_wrap_ctx *,
FAR const u_int8_t *,
size_t);
void aes_key_wrap(aes_key_wrap_ctx *, const u_int8_t *, size_t, u_int8_t *);
int aes_key_unwrap(aes_key_wrap_ctx *, const u_int8_t *, u_int8_t *,
void aes_key_wrap_set_key_wrap_only(FAR aes_key_wrap_ctx *,
FAR const u_int8_t *,
size_t);
__END_DECLS
void aes_key_wrap(FAR aes_key_wrap_ctx *,
FAR const u_int8_t *, size_t, FAR u_int8_t *);
int aes_key_unwrap(FAR aes_key_wrap_ctx *,
FAR const u_int8_t *, FAR u_int8_t *, size_t);
#endif /* _KEY_WRAP_H_ */
#endif /* __INCLUDE_CRYPTO_KEY_WRAP_H_ */

40
include/crypto/md5.h
View file

@ -1,6 +1,8 @@
/* $OpenBSD: md5.h,v 1.3 2014/11/16 17:39:09 tedu Exp $ */
/*
/****************************************************************************
* include/crypto/md5.h
* $OpenBSD: md5.h,v 1.3 2014/11/16 17:39:09 tedu Exp $
*
*
* This code implements the MD5 message-digest algorithm.
* The algorithm is due to Ron Rivest. This code was
* written by Colin Plumb in 1993, no copyright is claimed.
@ -10,29 +12,25 @@
* This code has been tested against that, and is equivalent,
* except that you don't need to include two pages of legalese
* with every copy.
*/
*
****************************************************************************/
#ifndef _MD5_H_
#define _MD5_H_
#ifndef __INCLUDE_CRYPTO_MD5_H
#define __INCLUDE_CRYPTO_MD5_H
#define MD5_BLOCK_LENGTH 64
#define MD5_DIGEST_LENGTH 16
typedef struct MD5Context {
u_int32_t state[4]; /* state */
u_int64_t count; /* number of bits, mod 2^64 */
u_int8_t buffer[MD5_BLOCK_LENGTH]; /* input buffer */
typedef struct MD5CONTEXT
{
uint32_t state[4]; /* state */
uint64_t count; /* number of bits, mod 2^64 */
uint8_t buffer[MD5_BLOCK_LENGTH]; /* input buffer */
} MD5_CTX;
__BEGIN_DECLS
void MD5Init(MD5_CTX *);
void MD5Update(MD5_CTX *, const void *, size_t)
__attribute__((__bounded__(__string__,2,3)));
void MD5Final(u_int8_t [MD5_DIGEST_LENGTH], MD5_CTX *)
__attribute__((__bounded__(__minbytes__,1,MD5_DIGEST_LENGTH)));
void MD5Transform(u_int32_t [4], const u_int8_t [MD5_BLOCK_LENGTH])
__attribute__((__bounded__(__minbytes__,1,4)))
__attribute__((__bounded__(__minbytes__,2,MD5_BLOCK_LENGTH)));
__END_DECLS
void md5init(FAR MD5_CTX *);
void md5update(FAR MD5_CTX *, FAR const void *, size_t);
void md5final(FAR uint8_t *, FAR MD5_CTX *);
void md5transform(FAR uint32_t *, FAR const uint8_t *);
#endif /* _MD5_H_ */
#endif /* __INCLUDE_CRYPTO_MD5_H */

24
include/crypto/poly1305.h
View file

@ -1,17 +1,20 @@
/* $OpenBSD: poly1305.h,v 1.2 2020/07/22 13:54:30 tobhe Exp $ */
/*
/****************************************************************************
* include/crypto/poly1305.h
* $OpenBSD: poly1305.h,v 1.2 2020/07/22 13:54:30 tobhe Exp $
*
* Public Domain poly1305 from Andrew Moon
*
* poly1305 implementation using 32 bit * 32 bit = 64 bit multiplication
* and 64 bit addition from https://github.com/floodyberry/poly1305-donna
*/
****************************************************************************/
#ifndef _POLY1305_H_
#define _POLY1305_H_
#ifndef __INCLUDE_CRYPTO_POLY1305_H
#define __INCLUDE_CRYPTO_POLY1305_H
#define poly1305_block_size 16
typedef struct poly1305_state {
typedef struct poly1305_state
{
unsigned long r[5];
unsigned long h[5];
unsigned long pad[4];
@ -20,8 +23,9 @@ typedef struct poly1305_state {
unsigned char final;
} poly1305_state;
void poly1305_init(poly1305_state *, const unsigned char[32]);
void poly1305_update(poly1305_state *, const unsigned char *, size_t);
void poly1305_finish(poly1305_state *, unsigned char[16]);
void poly1305_init(FAR poly1305_state *, FAR const unsigned char *);
void poly1305_update(FAR poly1305_state *,
FAR const unsigned char *, size_t);
void poly1305_finish(FAR poly1305_state *, FAR unsigned char *);
#endif /* _POLY1305_H_ */
#endif /* __INCLUDE_CRYPTO_POLY1305_H */

52
include/crypto/rijndael.h
View file

@ -1,6 +1,7 @@
/* $OpenBSD: rijndael.h,v 1.13 2008/06/09 07:49:45 djm Exp $ */
/**
/****************************************************************************
* include/crypto/rijndael.h
* $OpenBSD: rijndael.h,v 1.13 2008/06/09 07:49:45 djm Exp $
*
* rijndael-alg-fst.h
*
* @version 3.0 (December 2000)
@ -24,35 +25,42 @@
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __RIJNDAEL_H
#define __RIJNDAEL_H
****************************************************************************/
#ifndef __INCLUDE_CRYPTO_RIJNDAEL_H
#define __INCLUDE_CRYPTO_RIJNDAEL_H
#define AES_MAXKEYBITS (256)
#define AES_MAXKEYBYTES (AES_MAXKEYBITS / 8)
/* for 256-bit keys, fewer for less */
#define AES_MAXROUNDS 14
typedef unsigned char u8;
typedef unsigned short u16;
typedef unsigned int u32;
/* The structure for key information */
typedef struct {
typedef struct
{
int enc_only; /* context contains only encrypt schedule */
int Nr; /* key-length-dependent number of rounds */
u32 ek[4*(AES_MAXROUNDS + 1)]; /* encrypt key schedule */
u32 dk[4*(AES_MAXROUNDS + 1)]; /* decrypt key schedule */
int nr; /* key-length-dependent number of rounds */
uint32_t ek[4 * (AES_MAXROUNDS + 1)]; /* encrypt key schedule */
uint32_t dk[4 * (AES_MAXROUNDS + 1)]; /* decrypt key schedule */
} rijndael_ctx;
int rijndael_set_key(rijndael_ctx *, const u_char *, int);
int rijndael_set_key_enc_only(rijndael_ctx *, const u_char *, int);
void rijndael_decrypt(rijndael_ctx *, const u_char *, u_char *);
void rijndael_encrypt(rijndael_ctx *, const u_char *, u_char *);
int rijndael_set_key(FAR rijndael_ctx *, FAR const u_char *, int);
int rijndael_set_key_enc_only(FAR rijndael_ctx *, FAR const u_char *, int);
void rijndael_decrypt(FAR rijndael_ctx *, FAR const u_char *, FAR u_char *);
void rijndael_encrypt(FAR rijndael_ctx *, FAR const u_char *, FAR u_char *);
int rijndaelKeySetupEnc(unsigned int [], const unsigned char [], int);
int rijndaelKeySetupDec(unsigned int [], const unsigned char [], int);
void rijndaelEncrypt(const unsigned int [], int, const unsigned char [],
int rijndael_keysetupenc(unsigned int [],
const unsigned char [],
int);
int rijndael_keysetupdec(unsigned int [],
const unsigned char [],
int);
void rijndael_encrypt1(const unsigned int [],
int,
const unsigned char [],
unsigned char []);
#endif /* __RIJNDAEL_H */
#endif /* __INCLUDE_CRYPTO_RIJNDAEL_H */

38
include/crypto/rmd160.h
View file

@ -1,5 +1,7 @@
/* $OpenBSD: rmd160.h,v 1.5 2009/07/05 19:33:46 millert Exp $ */
/*
/****************************************************************************
* include/crypto/rmd160.h
* $OpenBSD: rmd160.h,v 1.5 2009/07/05 19:33:46 millert Exp $
*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -21,29 +23,27 @@
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _RMD160_H
#define _RMD160_H
****************************************************************************/
#ifndef __INCLUDE_CRYPTO_RMD160_H
#define __INCLUDE_CRYPTO_RMD160_H
#define RMD160_BLOCK_LENGTH 64
#define RMD160_DIGEST_LENGTH 20
/* RMD160 context. */
typedef struct RMD160Context {
u_int32_t state[5]; /* state */
u_int64_t count; /* number of bits, mod 2^64 */
typedef struct RMD160CONTEXT
{
uint32_t state[5]; /* state */
uint64_t count; /* number of bits, mod 2^64 */
u_char buffer[RMD160_BLOCK_LENGTH]; /* input buffer */
} RMD160_CTX;
__BEGIN_DECLS
void RMD160Init(RMD160_CTX *);
void RMD160Transform(u_int32_t [5], const u_char [RMD160_BLOCK_LENGTH])
__attribute__((__bounded__(__minbytes__,1,5)))
__attribute__((__bounded__(__minbytes__,2,RMD160_BLOCK_LENGTH)));
void RMD160Update(RMD160_CTX *, const u_char *, u_int32_t)
__attribute__((__bounded__(__string__,2,3)));
void RMD160Final(u_char [RMD160_DIGEST_LENGTH], RMD160_CTX *)
__attribute__((__bounded__(__minbytes__,1,RMD160_DIGEST_LENGTH)));
__END_DECLS
void rmd160init(FAR RMD160_CTX *);
void rmd160transform(FAR uint32_t *,
FAR const u_char *);
void rmd160update(FAR RMD160_CTX *, FAR const u_char *, uint32_t);
void rmd160final(FAR u_char *, FAR RMD160_CTX *);
#endif /* _RMD160_H */
#endif /* __INCLUDE_CRYPTO_RMD160_H */

33
include/crypto/sha1.h
View file

@ -1,26 +1,31 @@
/* $OpenBSD: sha1.h,v 1.6 2014/11/16 17:39:09 tedu Exp $ */
/*
/****************************************************************************
* include/crypto/sha1.h
* $OpenBSD: sha1.h,v 1.6 2014/11/16 17:39:09 tedu Exp $
* SHA-1 in C
* By Steve Reid <steve@edmweb.com>
* 100% Public Domain
*/
****************************************************************************/
#ifndef _SHA1_H_
#define _SHA1_H_
#ifndef __INCLUDE_CRYPTO_SHA1_H
#define __INCLUDE_CRYPTO_SHA1_H
#define SHA1_BLOCK_LENGTH 64
#define SHA1_DIGEST_LENGTH 20
typedef struct {
u_int32_t state[5];
u_int64_t count;
typedef struct
{
uint32_t state[5];
uint64_t count;
unsigned char buffer[SHA1_BLOCK_LENGTH];
} SHA1_CTX;
void SHA1Init(SHA1_CTX * context);
void SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH]);
void SHA1Update(SHA1_CTX *context, const void *data, unsigned int len);
void SHA1Final(unsigned char digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context);
void sha1init(FAR SHA1_CTX * context);
void sha1transform(FAR uint32_t *state,
FAR const unsigned char *buffer);
void sha1update(FAR SHA1_CTX *context,
FAR const void *data,
unsigned int len);
void sha1final(FAR unsigned char *digest,
FAR SHA1_CTX *context);
#endif /* _SHA1_H_ */
#endif /* __INCLUDE_CRYPTO_SHA1_H */

59
include/crypto/sha2.h
View file

@ -1,6 +1,7 @@
/* $OpenBSD: sha2.h,v 1.5 2014/11/16 17:39:09 tedu Exp $ */
/*
/****************************************************************************
* include/crypto/sha2.h
* $OpenBSD: sha2.h,v 1.5 2014/11/16 17:39:09 tedu Exp $
*
* FILE: sha2.h
* AUTHOR: Aaron D. Gifford <me@aarongifford.com>
*
@ -32,13 +33,13 @@
* SUCH DAMAGE.
*
* $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
*/
****************************************************************************/
#ifndef _SHA2_H
#define _SHA2_H
#ifndef __INCLUDE_CRYPTO_SHA2_H
#define __INCLUDE_CRYPTO_SHA2_H
/* SHA-256/384/512 Various Length Definitions */
/*** SHA-256/384/512 Various Length Definitions ***********************/
#define SHA256_BLOCK_LENGTH 64
#define SHA256_DIGEST_LENGTH 32
#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1)
@ -49,35 +50,29 @@
#define SHA512_DIGEST_LENGTH 64
#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1)
/* SHA-256/384/512 Context Structure */
/*** SHA-256/384/512 Context Structure *******************************/
typedef struct _SHA2_CTX {
union {
u_int32_t st32[8];
u_int64_t st64[8];
typedef struct _SHA2_CTX
{
union
{
uint32_t st32[8];
uint64_t st64[8];
} state;
u_int64_t bitcount[2];
u_int8_t buffer[SHA512_BLOCK_LENGTH];
uint64_t bitcount[2];
uint8_t buffer[SHA512_BLOCK_LENGTH];
} SHA2_CTX;
__BEGIN_DECLS
void SHA256Init(SHA2_CTX *);
void SHA256Update(SHA2_CTX *, const void *, size_t)
__attribute__((__bounded__(__string__,2,3)));
void SHA256Final(u_int8_t[SHA256_DIGEST_LENGTH], SHA2_CTX *)
__attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH)));
void sha256init(FAR SHA2_CTX *);
void sha256update(FAR SHA2_CTX *, FAR const void *, size_t);
void sha256final(FAR uint8_t *, FAR SHA2_CTX *);
void SHA384Init(SHA2_CTX *);
void SHA384Update(SHA2_CTX *, const void *, size_t)
__attribute__((__bounded__(__string__,2,3)));
void SHA384Final(u_int8_t[SHA384_DIGEST_LENGTH], SHA2_CTX *)
__attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH)));
void sha384init(FAR SHA2_CTX *);
void sha384update(FAR SHA2_CTX *, FAR const void *, size_t);
void sha384final(FAR uint8_t *, FAR SHA2_CTX *);
void SHA512Init(SHA2_CTX *);
void SHA512Update(SHA2_CTX *, const void *, size_t)
__attribute__((__bounded__(__string__,2,3)));
void SHA512Final(u_int8_t[SHA512_DIGEST_LENGTH], SHA2_CTX *)
__attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH)));
__END_DECLS
void sha512init(FAR SHA2_CTX *);
void sha512update(FAR SHA2_CTX *, FAR const void *, size_t);
void sha512final(FAR uint8_t *, FAR SHA2_CTX *);
#endif /* _SHA2_H */
#endif /* __INCLUDE_CRYPTO_SHA2_H */

69
include/crypto/siphash.h
View file

@ -1,5 +1,7 @@
/* $OpenBSD: siphash.h,v 1.5 2015/02/20 11:51:03 tedu Exp $ */
/*-
/****************************************************************************
* include/crypto/siphash.h
* $OpenBSD: siphash.h,v 1.5 2015/02/20 11:51:03 tedu Exp $
*
* Copyright (c) 2013 Andre Oppermann <andre@FreeBSD.org>
* All rights reserved.
*
@ -28,60 +30,61 @@
* SUCH DAMAGE.
*
* $FreeBSD$
*/
*
****************************************************************************/
/*
* SipHash is a family of pseudorandom functions (a.k.a. keyed hash functions)
/* SipHash is a family of pseudorandom functions
* (a.k.a. keyed hash functions)
* optimized for speed on short messages returning a 64bit hash/digest value.
*
* The number of rounds is defined during the initialization:
* SipHash24_Init() for the fast and resonable strong version
* SipHash48_Init() for the strong version (half as fast)
* siphash24_init() for the fast and resonable strong version
* siphash48_init() for the strong version (half as fast)
*
* struct SIPHASH_CTX ctx;
* SipHash24_Init(&ctx);
* SipHash_SetKey(&ctx, "16bytes long key");
* SipHash_Update(&ctx, pointer_to_string, length_of_string);
* SipHash_Final(output, &ctx);
* siphash24_init(&ctx);
* siphash_setkey(&ctx, "16bytes long key");
* siphash_update(&ctx, pointer_to_string, length_of_string);
* siphash_final(output, &ctx);
*/
#ifndef _SIPHASH_H_
#define _SIPHASH_H_
#ifndef __INCLUDE_CRYPTO_SIPHASH_H_
#define __INCLUDE_CRYPTO_SIPHASH_H_
#define SIPHASH_BLOCK_LENGTH 8
#define SIPHASH_KEY_LENGTH 16
#define SIPHASH_DIGEST_LENGTH 8
typedef struct _SIPHASH_CTX {
typedef struct _SIPHASH_CTX
{
uint64_t v[4];
uint8_t buf[SIPHASH_BLOCK_LENGTH];
uint32_t bytes;
} SIPHASH_CTX;
typedef struct {
typedef struct
{
uint64_t k0;
uint64_t k1;
} SIPHASH_KEY;
void SipHash_Init(SIPHASH_CTX *, const SIPHASH_KEY *);
void SipHash_Update(SIPHASH_CTX *, int, int, const void *, size_t)
__bounded((__buffer__, 4, 5));
uint64_t SipHash_End(SIPHASH_CTX *, int, int);
void SipHash_Final(void *, SIPHASH_CTX *, int, int)
__bounded((__minbytes__, 1, SIPHASH_DIGEST_LENGTH));
uint64_t SipHash(const SIPHASH_KEY *, int, int, const void *, size_t)
__bounded((__buffer__, 4, 5));
void siphash_init(FAR SIPHASH_CTX *, FAR const SIPHASH_KEY *);
void siphash_update(FAR SIPHASH_CTX *, int, int, FAR const void *, size_t);
uint64_t siphash_end(FAR SIPHASH_CTX *, int, int);
void siphash_final(FAR void *, FAR SIPHASH_CTX *, int, int);
uint64_t siphash(FAR const SIPHASH_KEY *,
int, int, FAR const void *, size_t);
#define SipHash24_Init(_c, _k) SipHash_Init((_c), (_k))
#define SipHash24_Update(_c, _p, _l) SipHash_Update((_c), 2, 4, (_p), (_l))
#define SipHash24_End(_d) SipHash_End((_d), 2, 4)
#define SipHash24_Final(_d, _c) SipHash_Final((_d), (_c), 2, 4)
#define SipHash24(_k, _p, _l) SipHash((_k), 2, 4, (_p), (_l))
#define SipHash24_Init(_c, _k) siphash_init((_c), (_k))
#define SipHash24_Update(_c, _p, _l) siphash_update((_c), 2, 4, (_p), (_l))
#define SipHash24_End(_d) siphash_end((_d), 2, 4)
#define SipHash24_Final(_d, _c) siphash_final((_d), (_c), 2, 4)
#define SipHash24(_k, _p, _l) siphash((_k), 2, 4, (_p), (_l))
#define SipHash48_Init(_c, _k) SipHash_Init((_c), (_k))
#define SipHash48_Update(_c, _p, _l) SipHash_Update((_c), 4, 8, (_p), (_l))
#define SipHash48_End(_d) SipHash_End((_d), 4, 8)
#define SipHash48_Final(_d, _c) SipHash_Final((_d), (_c), 4, 8)
#define SipHash48(_k, _p, _l) SipHash((_k), 4, 8, (_p), (_l))
#define SipHash48_Init(_c, _k) siphash_init((_c), (_k))
#define SipHash48_Update(_c, _p, _l) siphash_update((_c), 4, 8, (_p), (_l))
#define SipHash48_End(_d) siphash_end((_d), 4, 8)
#define SipHash48_Final(_d, _c) siphash_final((_d), (_c), 4, 8)
#define SipHash48(_k, _p, _l) siphash((_k), 4, 8, (_p), (_l))
#endif /* _SIPHASH_H_ */

80
include/crypto/xform.h
View file

@ -1,6 +1,7 @@
/* $OpenBSD: xform.h,v 1.32 2021/10/22 12:30:53 bluhm Exp $ */
/*
/****************************************************************************
* include/crypto/xform.h
* $OpenBSD: xform.h,v 1.32 2021/10/22 12:30:53 bluhm Exp $
*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
* This code was written by Angelos D. Keromytis in Athens, Greece, in
@ -19,10 +20,14 @@
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
* PURPOSE.
*/
****************************************************************************/
#ifndef _CRYPTO_XFORM_H_
#define _CRYPTO_XFORM_H_
#ifndef __INCLUDE_CRYPTO_XFORM_H
#define __INCLUDE_CRYPTO_XFORM_H
/****************************************************************************
* Included Files
****************************************************************************/
#include <crypto/md5.h>
#include <crypto/sha1.h>
@ -39,44 +44,49 @@
#define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */
/* Declarations */
struct auth_hash {
struct auth_hash
{
int type;
char *name;
u_int16_t keysize;
u_int16_t hashsize;
u_int16_t authsize;
u_int16_t ctxsize;
u_int16_t blocksize;
void (*Init) (void *);
void (*Setkey) (void *, const u_int8_t *, u_int16_t);
void (*Reinit) (void *, const u_int8_t *, u_int16_t);
int (*Update) (void *, const u_int8_t *, u_int16_t);
void (*Final) (u_int8_t *, void *);
FAR char *name;
uint16_t keysize;
uint16_t hashsize;
uint16_t authsize;
uint16_t ctxsize;
uint16_t blocksize;
CODE void (*init) (FAR void *);
CODE void (*setkey) (FAR void *, FAR const uint8_t *, uint16_t);
CODE void (*reinit) (FAR void *, FAR const uint8_t *, uint16_t);
CODE int (*update) (FAR void *, FAR const uint8_t *, uint16_t);
CODE void (*final) (FAR uint8_t *, FAR void *);
};
struct enc_xform {
struct enc_xform
{
int type;
char *name;
u_int16_t blocksize;
u_int16_t ivsize;
u_int16_t minkey;
u_int16_t maxkey;
u_int16_t ctxsize;
void (*encrypt) (caddr_t, u_int8_t *);
void (*decrypt) (caddr_t, u_int8_t *);
int (*setkey) (void *, u_int8_t *, int len);
void (*reinit) (caddr_t, u_int8_t *);
FAR char *name;
uint16_t blocksize;
uint16_t ivsize;
uint16_t minkey;
uint16_t maxkey;
uint16_t ctxsize;
CODE void (*encrypt) (caddr_t, FAR uint8_t *);
CODE void (*decrypt) (caddr_t, FAR uint8_t *);
CODE int (*setkey) (void *, FAR uint8_t *, int len);
CODE void (*reinit) (caddr_t, FAR uint8_t *);
};
struct comp_algo {
struct comp_algo
{
int type;
char *name;
FAR char *name;
size_t minlen;
u_int32_t (*compress) (u_int8_t *, u_int32_t, u_int8_t **);
u_int32_t (*decompress) (u_int8_t *, u_int32_t, u_int8_t **);
CODE uint32_t (*compress) (FAR uint8_t *, uint32_t, FAR uint8_t **);
CODE uint32_t (*decompress) (FAR uint8_t *, uint32_t, FAR uint8_t **);
};
union authctx {
union authctx
{
MD5_CTX md5ctx;
SHA1_CTX sha1ctx;
RMD160_CTX rmd160ctx;
@ -108,4 +118,4 @@ extern const struct auth_hash auth_hash_chacha20_poly1305;
extern const struct comp_algo comp_algo_deflate;
#endif /* _CRYPTO_XFORM_H_ */
#endif /* __INCLUDE_CRYPTO_XFORM_H */