diff options
Diffstat (limited to 'libtomcrypt/src/headers')
| -rw-r--r-- | libtomcrypt/src/headers/tomcrypt.h | 34 | ||||
| -rw-r--r-- | libtomcrypt/src/headers/tomcrypt_argchk.h | 29 | ||||
| -rw-r--r-- | libtomcrypt/src/headers/tomcrypt_cfg.h | 231 | ||||
| -rw-r--r-- | libtomcrypt/src/headers/tomcrypt_cipher.h | 273 | ||||
| -rw-r--r-- | libtomcrypt/src/headers/tomcrypt_custom.h | 572 | ||||
| -rw-r--r-- | libtomcrypt/src/headers/tomcrypt_dropbear.h | 84 | ||||
| -rw-r--r-- | libtomcrypt/src/headers/tomcrypt_hash.h | 170 | ||||
| -rw-r--r-- | libtomcrypt/src/headers/tomcrypt_mac.h | 263 | ||||
| -rw-r--r-- | libtomcrypt/src/headers/tomcrypt_macros.h | 296 | ||||
| -rw-r--r-- | libtomcrypt/src/headers/tomcrypt_math.h | 249 | ||||
| -rw-r--r-- | libtomcrypt/src/headers/tomcrypt_misc.h | 102 | ||||
| -rw-r--r-- | libtomcrypt/src/headers/tomcrypt_pk.h | 351 | ||||
| -rw-r--r-- | libtomcrypt/src/headers/tomcrypt_pkcs.h | 65 | ||||
| -rw-r--r-- | libtomcrypt/src/headers/tomcrypt_prng.h | 89 |
14 files changed, 2180 insertions, 628 deletions
diff --git a/libtomcrypt/src/headers/tomcrypt.h b/libtomcrypt/src/headers/tomcrypt.h index ad4b7ec..1a56611 100644 --- a/libtomcrypt/src/headers/tomcrypt.h +++ b/libtomcrypt/src/headers/tomcrypt.h @@ -1,9 +1,19 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + #ifndef TOMCRYPT_H_ #define TOMCRYPT_H_ #include <assert.h> #include <stdio.h> #include <string.h> #include <stdlib.h> +#include <stddef.h> #include <time.h> #include <ctype.h> #include <limits.h> @@ -16,8 +26,8 @@ extern "C" { #endif /* version */ -#define CRYPT 0x0117 -#define SCRYPT "1.17" +#define CRYPT 0x0118 +#define SCRYPT "1.18.1" /* max size of either a cipher/hash block or symmetric key [largest of the two] */ #define MAXBLOCKSIZE 128 @@ -55,13 +65,19 @@ enum { CRYPT_FILE_NOTFOUND, /* File Not Found */ CRYPT_PK_INVALID_TYPE, /* Invalid type of PK key */ - CRYPT_PK_INVALID_SYSTEM,/* Invalid PK system specified */ - CRYPT_PK_DUP, /* Duplicate key already in key ring */ - CRYPT_PK_NOT_FOUND, /* Key not found in keyring */ + + CRYPT_OVERFLOW, /* An overflow of a value was detected/prevented */ + + CRYPT_UNUSED1, /* UNUSED1 */ + + CRYPT_INPUT_TOO_LONG, /* The input was longer than expected. */ + CRYPT_PK_INVALID_SIZE, /* Invalid size input for PK parameters */ CRYPT_INVALID_PRIME_SIZE,/* Invalid size of prime requested */ - CRYPT_PK_INVALID_PADDING /* Invalid padding on input */ + CRYPT_PK_INVALID_PADDING, /* Invalid padding on input */ + + CRYPT_HASH_OVERFLOW /* Hash applied to too many bits */ }; #include <tomcrypt_cfg.h> @@ -83,6 +99,6 @@ enum { #endif /* TOMCRYPT_H_ */ -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/headers/tomcrypt_argchk.h b/libtomcrypt/src/headers/tomcrypt_argchk.h index 63a6ef0..3994aa2 100644 --- a/libtomcrypt/src/headers/tomcrypt_argchk.h +++ b/libtomcrypt/src/headers/tomcrypt_argchk.h @@ -1,5 +1,14 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + /* Defines the LTC_ARGCHK macro used within the library */ -/* ARGTYPE is defined in mycrypt_cfg.h */ +/* ARGTYPE is defined in tomcrypt_cfg.h */ #if ARGTYPE == 0 #include <signal.h> @@ -13,9 +22,15 @@ /* this is the default LibTomCrypt macro */ -void crypt_argchk(char *v, char *s, int d) ATTRIB_NORETURN; -#define LTC_ARGCHK(x) if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } -#define LTC_ARGCHKVD(x) LTC_ARGCHK(x) +#if defined(__clang__) || defined(__GNUC_MINOR__) +#define NORETURN __attribute__ ((noreturn)) +#else +#define NORETURN +#endif + +void crypt_argchk(const char *v, const char *s, int d) NORETURN; +#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) +#define LTC_ARGCHKVD(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) #elif ARGTYPE == 1 @@ -41,6 +56,6 @@ void crypt_argchk(char *v, char *s, int d) ATTRIB_NORETURN; #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/headers/tomcrypt_cfg.h b/libtomcrypt/src/headers/tomcrypt_cfg.h index f7ad3cc..af2a095 100644 --- a/libtomcrypt/src/headers/tomcrypt_cfg.h +++ b/libtomcrypt/src/headers/tomcrypt_cfg.h @@ -1,3 +1,12 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + /* This is the build config file. * * With this you can setup what to inlcude/exclude automatically during any build. Just comment @@ -8,15 +17,13 @@ #define TOMCRYPT_CFG_H #if defined(_WIN32) || defined(_MSC_VER) -#define LTC_CALL __cdecl -#else -#ifndef LTC_CALL + #define LTC_CALL __cdecl +#elif !defined(LTC_CALL) #define LTC_CALL #endif -#endif #ifndef LTC_EXPORT -#define LTC_EXPORT + #define LTC_EXPORT #endif /* certain platforms use macros for these, making the prototypes broken */ @@ -43,94 +50,234 @@ LTC_EXPORT int LTC_CALL XSTRCMP(const char *s1, const char *s2); #endif +/* some compilers do not like "inline" (or maybe "static inline"), namely: HP cc, IBM xlc */ +#if defined(__HP_cc) || defined(__xlc__) + #define LTC_INLINE +#elif defined(_MSC_VER) + #define LTC_INLINE __inline +#else + #define LTC_INLINE inline +#endif + /* type of argument checking, 0=default, 1=fatal and 2=error+continue, 3=nothing */ #ifndef ARGTYPE #define ARGTYPE 0 #endif -/* Controls endianess and size of registers. Leave uncommented to get platform neutral [slower] code - * +#undef LTC_ENCRYPT +#define LTC_ENCRYPT 0 +#undef LTC_DECRYPT +#define LTC_DECRYPT 1 + +/* Controls endianess and size of registers. Leave uncommented to get platform neutral [slower] code + * * Note: in order to use the optimized macros your platform must support unaligned 32 and 64 bit read/writes. * The x86 platforms allow this but some others [ARM for instance] do not. On those platforms you **MUST** * use the portable [slower] macros. */ - -/* detect x86-32 machines somewhat */ -#if !defined(__STRICT_ANSI__) && (defined(INTEL_CC) || (defined(_MSC_VER) && defined(WIN32)) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__)))) +/* detect x86/i386 32bit */ +#if defined(__i386__) || defined(__i386) || defined(_M_IX86) #define ENDIAN_LITTLE #define ENDIAN_32BITWORD #define LTC_FAST - #define LTC_FAST_TYPE unsigned long -#endif - -/* detects MIPS R5900 processors (PS2) */ -#if (defined(__R5900) || defined(R5900) || defined(__R5900__)) && (defined(_mips) || defined(__mips__) || defined(mips)) - #define ENDIAN_LITTLE - #define ENDIAN_64BITWORD #endif -/* detect amd64 */ -#if !defined(__STRICT_ANSI__) && defined(__x86_64__) +/* detect amd64/x64 */ +#if defined(__x86_64__) || defined(_M_X64) || defined(_M_AMD64) #define ENDIAN_LITTLE #define ENDIAN_64BITWORD #define LTC_FAST - #define LTC_FAST_TYPE unsigned long #endif /* detect PPC32 */ -#if !defined(__STRICT_ANSI__) && defined(LTC_PPC32) +#if defined(LTC_PPC32) #define ENDIAN_BIG #define ENDIAN_32BITWORD #define LTC_FAST - #define LTC_FAST_TYPE unsigned long -#endif +#endif + +/* detects MIPS R5900 processors (PS2) */ +#if (defined(__R5900) || defined(R5900) || defined(__R5900__)) && (defined(_mips) || defined(__mips__) || defined(mips)) + #define ENDIAN_64BITWORD + #if defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__) + #define ENDIAN_BIG + #endif + #define ENDIAN_LITTLE + #endif +#endif + +/* detect AIX */ +#if defined(_AIX) && defined(_BIG_ENDIAN) + #define ENDIAN_BIG + #if defined(__LP64__) || defined(_ARCH_PPC64) + #define ENDIAN_64BITWORD + #else + #define ENDIAN_32BITWORD + #endif +#endif -/* detect sparc and sparc64 */ -#if defined(__sparc__) +/* detect HP-UX */ +#if defined(__hpux) || defined(__hpux__) #define ENDIAN_BIG - #if defined(__arch64__) + #if defined(__ia64) || defined(__ia64__) || defined(__LP64__) #define ENDIAN_64BITWORD #else #define ENDIAN_32BITWORD #endif #endif +/* detect Apple OS X */ +#if defined(__APPLE__) && defined(__MACH__) + #if defined(__LITTLE_ENDIAN__) || defined(__x86_64__) + #define ENDIAN_LITTLE + #else + #define ENDIAN_BIG + #endif + #if defined(__LP64__) || defined(__x86_64__) + #define ENDIAN_64BITWORD + #else + #define ENDIAN_32BITWORD + #endif +#endif -#ifdef LTC_NO_FAST - #ifdef LTC_FAST - #undef LTC_FAST +/* detect SPARC and SPARC64 */ +#if defined(__sparc__) || defined(__sparc) + #define ENDIAN_BIG + #if defined(__arch64__) || defined(__sparcv9) || defined(__sparc_v9__) + #define ENDIAN_64BITWORD + #else + #define ENDIAN_32BITWORD + #endif +#endif + +/* detect IBM S390(x) */ +#if defined(__s390x__) || defined(__s390__) + #define ENDIAN_BIG + #if defined(__s390x__) + #define ENDIAN_64BITWORD + #else + #define ENDIAN_32BITWORD + #endif +#endif + +/* detect PPC64 */ +#if defined(__powerpc64__) || defined(__ppc64__) || defined(__PPC64__) + #define ENDIAN_64BITWORD + #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ + #define ENDIAN_BIG + #elif __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + #define ENDIAN_LITTLE #endif + #define LTC_FAST +#endif + +/* endianness fallback */ +#if !defined(ENDIAN_BIG) && !defined(ENDIAN_LITTLE) + #if defined(_BYTE_ORDER) && _BYTE_ORDER == _BIG_ENDIAN || \ + defined(__BYTE_ORDER) && __BYTE_ORDER == __BIG_ENDIAN || \ + defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ || \ + defined(__BIG_ENDIAN__) || \ + defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \ + defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__) + #define ENDIAN_BIG + #elif defined(_BYTE_ORDER) && _BYTE_ORDER == _LITTLE_ENDIAN || \ + defined(__BYTE_ORDER) && __BYTE_ORDER == __LITTLE_ENDIAN || \ + defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ || \ + defined(__LITTLE_ENDIAN__) || \ + defined(__ARMEL__) || defined(__THUMBEL__) || defined(__AARCH64EL__) || \ + defined(_MIPSEL) || defined(__MIPSEL) || defined(__MIPSEL__) + #define ENDIAN_LITTLE + #else + #error Cannot detect endianness + #endif +#endif + +/* ulong64: 64-bit data type */ +#ifdef _MSC_VER + #define CONST64(n) n ## ui64 + typedef unsigned __int64 ulong64; +#else + #define CONST64(n) n ## ULL + typedef unsigned long long ulong64; +#endif + +/* ulong32: "32-bit at least" data type */ +#if defined(__x86_64__) || defined(_M_X64) || defined(_M_AMD64) || \ + defined(__powerpc64__) || defined(__ppc64__) || defined(__PPC64__) || \ + defined(__s390x__) || defined(__arch64__) || defined(__aarch64__) || \ + defined(__sparcv9) || defined(__sparc_v9__) || defined(__sparc64__) || \ + defined(__ia64) || defined(__ia64__) || defined(__itanium__) || defined(_M_IA64) || \ + defined(__LP64__) || defined(_LP64) || defined(__64BIT__) + typedef unsigned ulong32; + #if !defined(ENDIAN_64BITWORD) && !defined(ENDIAN_32BITWORD) + #define ENDIAN_64BITWORD + #endif +#else + typedef unsigned long ulong32; + #if !defined(ENDIAN_64BITWORD) && !defined(ENDIAN_32BITWORD) + #define ENDIAN_32BITWORD + #endif +#endif + +#if defined(ENDIAN_64BITWORD) && !defined(_MSC_VER) +typedef unsigned long long ltc_mp_digit; +#else +typedef unsigned long ltc_mp_digit; #endif /* No asm is a quick way to disable anything "not portable" */ #ifdef LTC_NO_ASM - #undef ENDIAN_LITTLE - #undef ENDIAN_BIG + #define ENDIAN_NEUTRAL #undef ENDIAN_32BITWORD #undef ENDIAN_64BITWORD #undef LTC_FAST - #undef LTC_FAST_TYPE #define LTC_NO_ROLC - #define LTC_NO_BSWAP + #define LTC_NO_BSWAP #endif -/* #define ENDIAN_LITTLE */ -/* #define ENDIAN_BIG */ +/* No LTC_FAST if: explicitly disabled OR non-gcc/non-clang compiler OR old gcc OR using -ansi -std=c99 */ +#if defined(LTC_NO_FAST) || (__GNUC__ < 4) || defined(__STRICT_ANSI__) + #undef LTC_FAST +#endif -/* #define ENDIAN_32BITWORD */ -/* #define ENDIAN_64BITWORD */ +#ifdef LTC_FAST + #define LTC_FAST_TYPE_PTR_CAST(x) ((LTC_FAST_TYPE*)(void*)(x)) + #ifdef ENDIAN_64BITWORD + typedef ulong64 __attribute__((__may_alias__)) LTC_FAST_TYPE; + #else + typedef ulong32 __attribute__((__may_alias__)) LTC_FAST_TYPE; + #endif +#endif -#if (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD)) - #error You must specify a word size as well as endianess in tomcrypt_cfg.h +#if !defined(ENDIAN_NEUTRAL) && (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD)) + #error You must specify a word size as well as endianess in tomcrypt_cfg.h #endif #if !(defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) #define ENDIAN_NEUTRAL #endif +#if (defined(ENDIAN_32BITWORD) && defined(ENDIAN_64BITWORD)) + #error Cannot be 32 and 64 bit words... +#endif + +/* gcc 4.3 and up has a bswap builtin; detect it by gcc version. + * clang also supports the bswap builtin, and although clang pretends + * to be gcc (macro-wise, anyway), clang pretends to be a version + * prior to gcc 4.3, so we can't detect bswap that way. Instead, + * clang has a __has_builtin mechanism that can be used to check + * for builtins: + * http://clang.llvm.org/docs/LanguageExtensions.html#feature_check */ +#ifndef __has_builtin + #define __has_builtin(x) 0 +#endif +#if !defined(LTC_NO_BSWAP) && defined(__GNUC__) && \ + ((__GNUC__ * 100 + __GNUC_MINOR__ >= 403) || \ + (__has_builtin(__builtin_bswap32) && __has_builtin(__builtin_bswap64))) + #define LTC_HAVE_BSWAP_BUILTIN #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/headers/tomcrypt_cipher.h b/libtomcrypt/src/headers/tomcrypt_cipher.h index f23fd97..2ed201d 100644 --- a/libtomcrypt/src/headers/tomcrypt_cipher.h +++ b/libtomcrypt/src/headers/tomcrypt_cipher.h @@ -1,6 +1,15 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + /* ---- SYMMETRIC KEY STUFF ----- * - * We put each of the ciphers scheduled keys in their own structs then we put all of + * We put each of the ciphers scheduled keys in their own structs then we put all of * the key formats in one union. This makes the function prototypes easier to use. */ #ifdef LTC_BLOWFISH @@ -109,7 +118,7 @@ struct noekeon_key { }; #endif -#ifdef LTC_SKIPJACK +#ifdef LTC_SKIPJACK struct skipjack_key { unsigned char key[10]; }; @@ -117,18 +126,18 @@ struct skipjack_key { #ifdef LTC_KHAZAD struct khazad_key { - ulong64 roundKeyEnc[8 + 1]; - ulong64 roundKeyDec[8 + 1]; + ulong64 roundKeyEnc[8 + 1]; + ulong64 roundKeyDec[8 + 1]; }; #endif #ifdef LTC_ANUBIS -struct anubis_key { - int keyBits; - int R; - ulong32 roundKeyEnc[18 + 1][4]; - ulong32 roundKeyDec[18 + 1][4]; -}; +struct anubis_key { + int keyBits; + int R; + ulong32 roundKeyEnc[18 + 1][4]; + ulong32 roundKeyDec[18 + 1][4]; +}; #endif #ifdef LTC_MULTI2 @@ -138,6 +147,13 @@ struct multi2_key { }; #endif +#ifdef LTC_CAMELLIA +struct camellia_key { + int R; + ulong64 kw[4], k[24], kl[6]; +}; +#endif + typedef union Symmetric_key { #ifdef LTC_DES struct des_key des; @@ -175,7 +191,7 @@ typedef union Symmetric_key { #endif #ifdef LTC_NOEKEON struct noekeon_key noekeon; -#endif +#endif #ifdef LTC_SKIPJACK struct skipjack_key skipjack; #endif @@ -190,10 +206,13 @@ typedef union Symmetric_key { #endif #ifdef LTC_KASUMI struct kasumi_key kasumi; -#endif +#endif #ifdef LTC_MULTI2 struct multi2_key multi2; #endif +#ifdef LTC_CAMELLIA + struct camellia_key camellia; +#endif void *data; } symmetric_key; @@ -201,10 +220,10 @@ typedef union Symmetric_key { /** A block cipher ECB structure */ typedef struct { /** The index of the cipher chosen */ - int cipher, + int cipher, /** The block size of the given cipher */ blocklen; - /** The scheduled key */ + /** The scheduled key */ symmetric_key key; } symmetric_ECB; #endif @@ -213,14 +232,14 @@ typedef struct { /** A block cipher CFB structure */ typedef struct { /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen, + int cipher, + /** The block size of the given cipher */ + blocklen, /** The padding offset */ padlen; /** The current IV */ - unsigned char IV[MAXBLOCKSIZE], - /** The pad used to encrypt/decrypt */ + unsigned char IV[MAXBLOCKSIZE], + /** The pad used to encrypt/decrypt */ pad[MAXBLOCKSIZE]; /** The scheduled key */ symmetric_key key; @@ -231,9 +250,9 @@ typedef struct { /** A block cipher OFB structure */ typedef struct { /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen, + int cipher, + /** The block size of the given cipher */ + blocklen, /** The padding offset */ padlen; /** The current IV */ @@ -247,8 +266,8 @@ typedef struct { /** A block cipher CBC structure */ typedef struct { /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ + int cipher, + /** The block size of the given cipher */ blocklen; /** The current IV */ unsigned char IV[MAXBLOCKSIZE]; @@ -263,18 +282,18 @@ typedef struct { typedef struct { /** The index of the cipher chosen */ int cipher, - /** The block size of the given cipher */ - blocklen, + /** The block size of the given cipher */ + blocklen, /** The padding offset */ - padlen, + padlen, /** The mode (endianess) of the CTR, 0==little, 1==big */ mode, /** counter width */ ctrlen; - /** The counter */ - unsigned char ctr[MAXBLOCKSIZE], - /** The pad used to encrypt/decrypt */ + /** The counter */ + unsigned char ctr[MAXBLOCKSIZE], + /** The pad used to encrypt/decrypt */ pad[MAXBLOCKSIZE]; /** The scheduled key */ symmetric_key key; @@ -290,7 +309,7 @@ typedef struct { /** The current IV */ unsigned char IV[16], - + /** the tweak key */ tweak[16], @@ -300,7 +319,7 @@ typedef struct { /** The scheduled symmetric key */ symmetric_key key; -#ifdef LRW_TABLES +#ifdef LTC_LRW_TABLES /** The pre-computed multiplication table */ unsigned char PC[16][256][16]; #endif @@ -311,9 +330,9 @@ typedef struct { /** A block cipher F8 structure */ typedef struct { /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen, + int cipher, + /** The block size of the given cipher */ + blocklen, /** The padding offset */ padlen; /** The current IV */ @@ -330,18 +349,18 @@ typedef struct { /** cipher descriptor table, last entry has "name == NULL" to mark the end of table */ extern struct ltc_cipher_descriptor { /** name of cipher */ - char *name; + const char *name; /** internal ID */ unsigned char ID; /** min keysize (octets) */ - int min_key_length, + int min_key_length, /** max keysize (octets) */ - max_key_length, + max_key_length, /** block size (octets) */ - block_length, + block_length, /** default number of rounds */ default_rounds; - /** Setup the cipher + /** Setup the cipher @param key The input symmetric key @param keylen The length of the input key (octets) @param num_rounds The requested number of rounds (0==default) @@ -368,10 +387,10 @@ extern struct ltc_cipher_descriptor { */ int (*test)(void); - /** Terminate the context + /** Terminate the context @param skey The scheduled key */ - void (*done)(symmetric_key *skey); + void (*done)(symmetric_key *skey); /** Determine a key size @param keysize [in/out] The size of the key desired and the suggested size @@ -380,7 +399,7 @@ extern struct ltc_cipher_descriptor { int (*keysize)(int *keysize); /** Accelerators **/ - /** Accelerated ECB encryption + /** Accelerated ECB encryption @param pt Plaintext @param ct Ciphertext @param blocks The number of complete blocks to process @@ -389,7 +408,7 @@ extern struct ltc_cipher_descriptor { */ int (*accel_ecb_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, symmetric_key *skey); - /** Accelerated ECB decryption + /** Accelerated ECB decryption @param pt Plaintext @param ct Ciphertext @param blocks The number of complete blocks to process @@ -398,7 +417,7 @@ extern struct ltc_cipher_descriptor { */ int (*accel_ecb_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, symmetric_key *skey); - /** Accelerated CBC encryption + /** Accelerated CBC encryption @param pt Plaintext @param ct Ciphertext @param blocks The number of complete blocks to process @@ -408,7 +427,7 @@ extern struct ltc_cipher_descriptor { */ int (*accel_cbc_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, symmetric_key *skey); - /** Accelerated CBC decryption + /** Accelerated CBC decryption @param pt Plaintext @param ct Ciphertext @param blocks The number of complete blocks to process @@ -418,7 +437,7 @@ extern struct ltc_cipher_descriptor { */ int (*accel_cbc_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, symmetric_key *skey); - /** Accelerated CTR encryption + /** Accelerated CTR encryption @param pt Plaintext @param ct Ciphertext @param blocks The number of complete blocks to process @@ -429,7 +448,7 @@ extern struct ltc_cipher_descriptor { */ int (*accel_ctr_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey); - /** Accelerated LRW + /** Accelerated LRW @param pt Plaintext @param ct Ciphertext @param blocks The number of complete blocks to process @@ -440,7 +459,7 @@ extern struct ltc_cipher_descriptor { */ int (*accel_lrw_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey); - /** Accelerated LRW + /** Accelerated LRW @param ct Ciphertext @param pt Plaintext @param blocks The number of complete blocks to process @@ -480,8 +499,8 @@ extern struct ltc_cipher_descriptor { /** Accelerated GCM packet (one shot) @param key The secret key @param keylen The length of the secret key - @param IV The initial vector - @param IVlen The length of the initial vector + @param IV The initialization vector + @param IVlen The length of the initialization vector @param adata The additional authentication data (header) @param adatalen The length of the adata @param pt The plaintext @@ -497,14 +516,14 @@ extern struct ltc_cipher_descriptor { const unsigned char *IV, unsigned long IVlen, const unsigned char *adata, unsigned long adatalen, unsigned char *pt, unsigned long ptlen, - unsigned char *ct, + unsigned char *ct, unsigned char *tag, unsigned long *taglen, int direction); - /** Accelerated one shot LTC_OMAC + /** Accelerated one shot LTC_OMAC @param key The secret key - @param keylen The key length (octets) - @param in The message + @param keylen The key length (octets) + @param in The message @param inlen Length of message (octets) @param out [out] Destination for tag @param outlen [in/out] Initial and final size of out @@ -515,10 +534,10 @@ extern struct ltc_cipher_descriptor { const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); - /** Accelerated one shot XCBC + /** Accelerated one shot XCBC @param key The secret key - @param keylen The key length (octets) - @param in The message + @param keylen The key length (octets) + @param in The message @param inlen Length of message (octets) @param out [out] Destination for tag @param outlen [in/out] Initial and final size of out @@ -529,10 +548,10 @@ extern struct ltc_cipher_descriptor { const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); - /** Accelerated one shot F9 + /** Accelerated one shot F9 @param key The secret key - @param keylen The key length (octets) - @param in The message + @param keylen The key length (octets) + @param in The message @param inlen Length of message (octets) @param out [out] Destination for tag @param outlen [in/out] Initial and final size of out @@ -543,6 +562,36 @@ extern struct ltc_cipher_descriptor { const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); + + /** Accelerated XTS encryption + @param pt Plaintext + @param ct Ciphertext + @param blocks The number of complete blocks to process + @param tweak The 128-bit encryption tweak (input/output). + The tweak should not be encrypted on input, but + next tweak will be copied encrypted on output. + @param skey1 The first scheduled key context + @param skey2 The second scheduled key context + @return CRYPT_OK if successful + */ + int (*accel_xts_encrypt)(const unsigned char *pt, unsigned char *ct, + unsigned long blocks, unsigned char *tweak, symmetric_key *skey1, + symmetric_key *skey2); + + /** Accelerated XTS decryption + @param ct Ciphertext + @param pt Plaintext + @param blocks The number of complete blocks to process + @param tweak The 128-bit encryption tweak (input/output). + The tweak should not be encrypted on input, but + next tweak will be copied encrypted on output. + @param skey1 The first scheduled key context + @param skey2 The second scheduled key context + @return CRYPT_OK if successful + */ + int (*accel_xts_decrypt)(const unsigned char *ct, unsigned char *pt, + unsigned long blocks, unsigned char *tweak, symmetric_key *skey1, + symmetric_key *skey2); } cipher_descriptor[]; #ifdef LTC_BLOWFISH @@ -577,6 +626,7 @@ extern const struct ltc_cipher_descriptor rc6_desc; #ifdef LTC_RC2 int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); +int rc2_setup_ex(const unsigned char *key, int keylen, int bits, int num_rounds, symmetric_key *skey); int rc2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); int rc2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int rc2_test(void); @@ -756,8 +806,18 @@ int multi2_keysize(int *keysize); extern const struct ltc_cipher_descriptor multi2_desc; #endif +#ifdef LTC_CAMELLIA +int camellia_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); +int camellia_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); +int camellia_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); +int camellia_test(void); +void camellia_done(symmetric_key *skey); +int camellia_keysize(int *keysize); +extern const struct ltc_cipher_descriptor camellia_desc; +#endif + #ifdef LTC_ECB_MODE -int ecb_start(int cipher, const unsigned char *key, +int ecb_start(int cipher, const unsigned char *key, int keylen, int num_rounds, symmetric_ECB *ecb); int ecb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_ECB *ecb); int ecb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_ECB *ecb); @@ -765,7 +825,7 @@ int ecb_done(symmetric_ECB *ecb); #endif #ifdef LTC_CFB_MODE -int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, +int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, int keylen, int num_rounds, symmetric_CFB *cfb); int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb); int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb); @@ -775,7 +835,7 @@ int cfb_done(symmetric_CFB *cfb); #endif #ifdef LTC_OFB_MODE -int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key, +int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key, int keylen, int num_rounds, symmetric_OFB *ofb); int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_OFB *ofb); int ofb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_OFB *ofb); @@ -815,14 +875,14 @@ int ctr_test(void); #ifdef LTC_LRW_MODE -#define LRW_ENCRYPT 0 -#define LRW_DECRYPT 1 +#define LRW_ENCRYPT LTC_ENCRYPT +#define LRW_DECRYPT LTC_DECRYPT int lrw_start( int cipher, const unsigned char *IV, const unsigned char *key, int keylen, const unsigned char *tweak, - int num_rounds, + int num_rounds, symmetric_LRW *lrw); int lrw_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_LRW *lrw); int lrw_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_LRW *lrw); @@ -833,11 +893,11 @@ int lrw_test(void); /* don't call */ int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, int mode, symmetric_LRW *lrw); -#endif +#endif #ifdef LTC_F8_MODE -int f8_start( int cipher, const unsigned char *IV, - const unsigned char *key, int keylen, +int f8_start( int cipher, const unsigned char *IV, + const unsigned char *key, int keylen, const unsigned char *salt_key, int skeylen, int num_rounds, symmetric_F8 *f8); int f8_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_F8 *f8); @@ -855,21 +915,21 @@ typedef struct { } symmetric_xts; int xts_start( int cipher, - const unsigned char *key1, - const unsigned char *key2, + const unsigned char *key1, + const unsigned char *key2, unsigned long keylen, - int num_rounds, + int num_rounds, symmetric_xts *xts); int xts_encrypt( const unsigned char *pt, unsigned long ptlen, unsigned char *ct, - const unsigned char *tweak, + unsigned char *tweak, symmetric_xts *xts); int xts_decrypt( const unsigned char *ct, unsigned long ptlen, unsigned char *pt, - const unsigned char *tweak, + unsigned char *tweak, symmetric_xts *xts); void xts_done(symmetric_xts *xts); @@ -882,10 +942,67 @@ int find_cipher_any(const char *name, int blocklen, int keylen); int find_cipher_id(unsigned char ID); int register_cipher(const struct ltc_cipher_descriptor *cipher); int unregister_cipher(const struct ltc_cipher_descriptor *cipher); +int register_all_ciphers(void); int cipher_is_valid(int idx); LTC_MUTEX_PROTO(ltc_cipher_mutex) -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ---- stream ciphers ---- */ + +#ifdef LTC_CHACHA + +typedef struct { + ulong32 input[16]; + unsigned char kstream[64]; + unsigned long ksleft; + unsigned long ivlen; + int rounds; +} chacha_state; + +int chacha_setup(chacha_state *st, const unsigned char *key, unsigned long keylen, int rounds); +int chacha_ivctr32(chacha_state *st, const unsigned char *iv, unsigned long ivlen, ulong32 counter); +int chacha_ivctr64(chacha_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 counter); +int chacha_crypt(chacha_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); +int chacha_keystream(chacha_state *st, unsigned char *out, unsigned long outlen); +int chacha_done(chacha_state *st); +int chacha_test(void); + +#endif /* LTC_CHACHA */ + +#ifdef LTC_RC4_STREAM + +typedef struct { + unsigned int x, y; + unsigned char buf[256]; +} rc4_state; + +int rc4_stream_setup(rc4_state *st, const unsigned char *key, unsigned long keylen); +int rc4_stream_crypt(rc4_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); +int rc4_stream_keystream(rc4_state *st, unsigned char *out, unsigned long outlen); +int rc4_stream_done(rc4_state *st); +int rc4_stream_test(void); + +#endif /* LTC_RC4_STREAM */ + +#ifdef LTC_SOBER128_STREAM + +typedef struct { + ulong32 R[17], /* Working storage for the shift register */ + initR[17], /* saved register contents */ + konst, /* key dependent constant */ + sbuf; /* partial word encryption buffer */ + int nbuf; /* number of part-word stream bits buffered */ +} sober128_state; + +int sober128_stream_setup(sober128_state *st, const unsigned char *key, unsigned long keylen); +int sober128_stream_setiv(sober128_state *st, const unsigned char *iv, unsigned long ivlen); +int sober128_stream_crypt(sober128_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); +int sober128_stream_keystream(sober128_state *st, unsigned char *out, unsigned long outlen); +int sober128_stream_done(sober128_state *st); +int sober128_stream_test(void); + +#endif /* LTC_SOBER128_STREAM */ + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/headers/tomcrypt_custom.h b/libtomcrypt/src/headers/tomcrypt_custom.h index 0d59e31..6fb0f27 100644 --- a/libtomcrypt/src/headers/tomcrypt_custom.h +++ b/libtomcrypt/src/headers/tomcrypt_custom.h @@ -1,8 +1,16 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + #ifndef TOMCRYPT_CUSTOM_H_ #define TOMCRYPT_CUSTOM_H_ -/* compile options depend on Dropbear options.h */ -#include "options.h" +#include "tomcrypt_dropbear.h" void * m_malloc(size_t size); /* m_calloc is limited in size, enough for libtomcrypt */ @@ -17,86 +25,139 @@ void m_free_direct(void* ptr); /* macros for various libc functions you can change for embedded targets */ #ifndef XMALLOC - #ifdef malloc - #define LTC_NO_PROTOTYPES - #endif #define XMALLOC malloc #endif #ifndef XREALLOC - #ifdef realloc - #define LTC_NO_PROTOTYPES - #endif #define XREALLOC realloc #endif #ifndef XCALLOC - #ifdef calloc - #define LTC_NO_PROTOTYPES - #endif #define XCALLOC calloc #endif #ifndef XFREE - #ifdef free - #define LTC_NO_PROTOTYPES - #endif #define XFREE free #endif #ifndef XMEMSET - #ifdef memset - #define LTC_NO_PROTOTYPES - #endif #define XMEMSET memset #endif #ifndef XMEMCPY - #ifdef memcpy - #define LTC_NO_PROTOTYPES - #endif #define XMEMCPY memcpy #endif +#ifndef XMEMMOVE +#define XMEMMOVE memmove +#endif #ifndef XMEMCMP - #ifdef memcmp - #define LTC_NO_PROTOTYPES - #endif #define XMEMCMP memcmp #endif +/* A memory compare function that has to run in constant time, + * c.f. mem_neq() API summary. + */ +#ifndef XMEM_NEQ +#define XMEM_NEQ mem_neq +#endif #ifndef XSTRCMP - #ifdef strcmp - #define LTC_NO_PROTOTYPES - #endif #define XSTRCMP strcmp #endif #ifndef XCLOCK #define XCLOCK clock #endif -#ifndef XCLOCKS_PER_SEC -#define XCLOCKS_PER_SEC CLOCKS_PER_SEC + +#ifndef XQSORT +#define XQSORT qsort #endif +#if ( defined(malloc) || defined(realloc) || defined(calloc) || defined(free) || \ + defined(memset) || defined(memcpy) || defined(memcmp) || defined(strcmp) || \ + defined(clock) || defined(qsort) ) && !defined(LTC_NO_PROTOTYPES) +#define LTC_NO_PROTOTYPES +#endif + +/* shortcut to disable automatic inclusion */ +#if defined LTC_NOTHING && !defined LTC_EASY + #define LTC_NO_CIPHERS + #define LTC_NO_MODES + #define LTC_NO_HASHES + #define LTC_NO_MACS #define LTC_NO_PRNGS #define LTC_NO_PK -#ifdef DROPBEAR_SMALL_CODE -#define LTC_SMALL_CODE -#endif -/* These spit out warnings etc */ -#define LTC_NO_ROLC -#ifndef XQSORT - #ifdef qsort - #define LTC_NO_PROTOTYPES - #endif -#define XQSORT qsort + #define LTC_NO_PKCS + #define LTC_NO_MISC +#endif /* LTC_NOTHING */ + +/* Easy button? */ +#ifdef LTC_EASY + #define LTC_NO_CIPHERS + #define LTC_RIJNDAEL + #define LTC_BLOWFISH + #define LTC_DES + #define LTC_CAST5 + + #define LTC_NO_MODES + #define LTC_ECB_MODE + #define LTC_CBC_MODE + #define LTC_CTR_MODE + + #define LTC_NO_HASHES + #define LTC_SHA1 + #define LTC_SHA3 + #define LTC_SHA512 + #define LTC_SHA384 + #define LTC_SHA256 + #define LTC_SHA224 + #define LTC_HASH_HELPERS + + #define LTC_NO_MACS + #define LTC_HMAC + #define LTC_OMAC + #define LTC_CCM_MODE + + #define LTC_NO_PRNGS + #define LTC_SPRNG + #define LTC_YARROW + #define LTC_DEVRANDOM + #define LTC_TRY_URANDOM_FIRST + #define LTC_RNG_GET_BYTES + #define LTC_RNG_MAKE_PRNG + + #define LTC_NO_PK + #define LTC_MRSA + #define LTC_MECC + + #define LTC_NO_MISC + #define LTC_BASE64 #endif +/* The minimal set of functionality to run the tests */ +#ifdef LTC_MINIMAL + #define LTC_RIJNDAEL + #define LTC_SHA256 + #define LTC_YARROW + #define LTC_CTR_MODE + + #define LTC_RNG_MAKE_PRNG + #define LTC_RNG_GET_BYTES + #define LTC_DEVRANDOM + #define LTC_TRY_URANDOM_FIRST + + #undef LTC_NO_FILE +#endif /* Enable self-test test vector checking */ -/* Not for dropbear */ -/*#define LTC_TEST*/ +#ifndef LTC_NO_TEST + #define LTC_TEST +#endif +/* Enable extended self-tests */ +/* #define LTC_TEST_EXT */ + +/* Use small code where possible */ +/* #define LTC_SMALL_CODE */ /* clean the stack of functions which put private information on stack */ /* #define LTC_CLEAN_STACK */ /* disable all file related functions */ -#define LTC_NO_FILE +/* #define LTC_NO_FILE */ /* disable all forms of ASM */ /* #define LTC_NO_ASM */ @@ -107,93 +168,430 @@ void m_free_direct(void* ptr); /* disable BSWAP on x86 */ /* #define LTC_NO_BSWAP */ +/* ---> math provider? <--- */ +#ifndef LTC_NO_MATH -#ifdef DROPBEAR_BLOWFISH -#define LTC_BLOWFISH -#endif +/* LibTomMath */ +/* #define LTM_DESC */ -#ifdef DROPBEAR_AES -#define LTC_RIJNDAEL -#endif +/* TomsFastMath */ +/* #define TFM_DESC */ -#ifdef DROPBEAR_TWOFISH -#define LTC_TWOFISH +/* GNU Multiple Precision Arithmetic Library */ +/* #define GMP_DESC */ + +#endif /* LTC_NO_MATH */ + +/* ---> Symmetric Block Ciphers <--- */ +#ifndef LTC_NO_CIPHERS +#define LTC_BLOWFISH +#define LTC_RC2 +#define LTC_RC5 +#define LTC_RC6 +#define LTC_SAFERP +#define LTC_RIJNDAEL +#define LTC_XTEA /* _TABLES tells it to use tables during setup, _SMALL means to use the smaller scheduled key format * (saves 4KB of ram), _ALL_TABLES enables all tables during setup */ -/* enabling just TWOFISH_SMALL will make the binary ~1kB smaller, turning on - * TWOFISH_TABLES will make it a few kB bigger, but perhaps reduces runtime - * memory usage? */ -#define LTC_TWOFISH_SMALL -/*#define LTC_TWOFISH_TABLES*/ +#define LTC_TWOFISH +#ifndef LTC_NO_TABLES + #define LTC_TWOFISH_TABLES + /* #define LTC_TWOFISH_ALL_TABLES */ +#else + #define LTC_TWOFISH_SMALL #endif - -#ifdef DROPBEAR_3DES +/* #define LTC_TWOFISH_SMALL */ +/* LTC_DES includes EDE triple-DES */ #define LTC_DES -#endif - +#define LTC_CAST5 +#define LTC_NOEKEON +#define LTC_SKIPJACK +#define LTC_SAFER +#define LTC_KHAZAD +#define LTC_ANUBIS +#define LTC_ANUBIS_TWEAK +#define LTC_KSEED +#define LTC_KASUMI +#define LTC_MULTI2 +#define LTC_CAMELLIA + +/* stream ciphers */ +#define LTC_CHACHA +#define LTC_RC4_STREAM +#define LTC_SOBER128_STREAM + +#endif /* LTC_NO_CIPHERS */ + + +/* ---> Block Cipher Modes of Operation <--- */ +#ifndef LTC_NO_MODES + +#define LTC_CFB_MODE +#define LTC_OFB_MODE +#define LTC_ECB_MODE #define LTC_CBC_MODE - -#ifdef DROPBEAR_ENABLE_CTR_MODE #define LTC_CTR_MODE + +/* F8 chaining mode */ +#define LTC_F8_MODE + +/* LRW mode */ +#define LTC_LRW_MODE +#ifndef LTC_NO_TABLES + /* like GCM mode this will enable 16 8x128 tables [64KB] that make + * seeking very fast. + */ + #define LTC_LRW_TABLES #endif -#define LTC_SHA1 +/* XTS mode */ +#define LTC_XTS_MODE -#ifdef DROPBEAR_MD5 +#endif /* LTC_NO_MODES */ + +/* ---> One-Way Hash Functions <--- */ +#ifndef LTC_NO_HASHES + +#define LTC_CHC_HASH +#define LTC_WHIRLPOOL +#define LTC_SHA3 +#define LTC_SHA512 +#define LTC_SHA512_256 +#define LTC_SHA512_224 +#define LTC_SHA384 +#define LTC_SHA256 +#define LTC_SHA224 +#define LTC_TIGER +#define LTC_SHA1 #define LTC_MD5 +#define LTC_MD4 +#define LTC_MD2 +#define LTC_RIPEMD128 +#define LTC_RIPEMD160 +#define LTC_RIPEMD256 +#define LTC_RIPEMD320 +#define LTC_BLAKE2S +#define LTC_BLAKE2B + +#define LTC_HASH_HELPERS + +#endif /* LTC_NO_HASHES */ + + +/* ---> MAC functions <--- */ +#ifndef LTC_NO_MACS + +#define LTC_HMAC +#define LTC_OMAC +#define LTC_PMAC +#define LTC_XCBC +#define LTC_F9_MODE +#define LTC_PELICAN +#define LTC_POLY1305 +#define LTC_BLAKE2SMAC +#define LTC_BLAKE2BMAC + +/* ---> Encrypt + Authenticate Modes <--- */ + +#define LTC_EAX_MODE + +#define LTC_OCB_MODE +#define LTC_OCB3_MODE +#define LTC_CCM_MODE +#define LTC_GCM_MODE +#define LTC_CHACHA20POLY1305_MODE + +/* Use 64KiB tables */ +#ifndef LTC_NO_TABLES + #define LTC_GCM_TABLES #endif -#ifdef DROPBEAR_SHA256 -#define LTC_SHA256 +/* USE SSE2? requires GCC works on x86_32 and x86_64*/ +#ifdef LTC_GCM_TABLES +/* #define LTC_GCM_TABLES_SSE2 */ #endif -#ifdef DROPBEAR_SHA384 -#define LTC_SHA384 + +#endif /* LTC_NO_MACS */ + + +/* --> Pseudo Random Number Generators <--- */ +#ifndef LTC_NO_PRNGS + +/* Yarrow */ +#define LTC_YARROW + +/* a PRNG that simply reads from an available system source */ +#define LTC_SPRNG + +/* The RC4 stream cipher based PRNG */ +#define LTC_RC4 + +/* The ChaCha20 stream cipher based PRNG */ +#define LTC_CHACHA20_PRNG + +/* Fortuna PRNG */ +#define LTC_FORTUNA + +/* Greg's SOBER128 stream cipher based PRNG */ +#define LTC_SOBER128 + +/* the *nix style /dev/random device */ +#define LTC_DEVRANDOM +/* try /dev/urandom before trying /dev/random + * are you sure you want to disable this? http://www.2uo.de/myths-about-urandom/ */ +#define LTC_TRY_URANDOM_FIRST +/* rng_get_bytes() */ +#define LTC_RNG_GET_BYTES +/* rng_make_prng() */ +#define LTC_RNG_MAKE_PRNG + +/* enable the ltc_rng hook to integrate e.g. embedded hardware RNG's easily */ +/* #define LTC_PRNG_ENABLE_LTC_RNG */ + +#endif /* LTC_NO_PRNGS */ + +#ifdef LTC_YARROW + +/* which descriptor of AES to use? */ +/* 0 = rijndael_enc 1 = aes_enc, 2 = rijndael [full], 3 = aes [full] */ +#ifdef ENCRYPT_ONLY + #define LTC_YARROW_AES 0 +#else + #define LTC_YARROW_AES 2 #endif -#ifdef DROPBEAR_SHA512 -#define LTC_SHA512 + #endif -#define LTC_HMAC +#ifdef LTC_FORTUNA + +#ifndef LTC_FORTUNA_WD +/* reseed every N calls to the read function */ +#define LTC_FORTUNA_WD 10 +#endif + +#ifndef LTC_FORTUNA_POOLS +/* number of pools (4..32) can save a bit of ram by lowering the count */ +#define LTC_FORTUNA_POOLS 32 +#endif + +#endif /* LTC_FORTUNA */ + -#ifdef DROPBEAR_ECC +/* ---> Public Key Crypto <--- */ +#ifndef LTC_NO_PK + +/* Include RSA support */ +#define LTC_MRSA + +/* Include Diffie-Hellman support */ +/* is_prime fails for GMP */ +#define LTC_MDH +/* Supported Key Sizes */ +#define LTC_DH768 +#define LTC_DH1024 +#define LTC_DH1536 +#define LTC_DH2048 + +#ifndef TFM_DESC +/* tfm has a problem in fp_isprime for larger key sizes */ +#define LTC_DH3072 +#define LTC_DH4096 +#define LTC_DH6144 +#define LTC_DH8192 +#endif + +/* Include Katja (a Rabin variant like RSA) */ +/* #define LTC_MKAT */ + +/* Digital Signature Algorithm */ +#define LTC_MDSA + +/* ECC */ #define LTC_MECC + +/* use Shamir's trick for point mul (speeds up signature verification) */ #define LTC_ECC_SHAMIR + +#if defined(TFM_DESC) && defined(LTC_MECC) + #define LTC_MECC_ACCEL +#endif + +/* do we want fixed point ECC */ +/* #define LTC_MECC_FP */ + +#endif /* LTC_NO_PK */ + +#if defined(LTC_MRSA) && !defined(LTC_NO_RSA_BLINDING) +/* Enable RSA blinding when doing private key operations by default */ +#define LTC_RSA_BLINDING +#endif /* LTC_NO_RSA_BLINDING */ + +#if defined(LTC_MRSA) && !defined(LTC_NO_RSA_CRT_HARDENING) +/* Enable RSA CRT hardening when doing private key operations by default */ +#define LTC_RSA_CRT_HARDENING +#endif /* LTC_NO_RSA_CRT_HARDENING */ + +#if defined(LTC_MECC) && !defined(LTC_NO_ECC_TIMING_RESISTANT) +/* Enable ECC timing resistant version by default */ #define LTC_ECC_TIMING_RESISTANT -#define MPI -#define LTM_DESC -#ifdef DROPBEAR_ECC_256 -#define ECC256 #endif -#ifdef DROPBEAR_ECC_384 -#define ECC384 + +/* PKCS #1 (RSA) and #5 (Password Handling) stuff */ +#ifndef LTC_NO_PKCS + +#define LTC_PKCS_1 +#define LTC_PKCS_5 + +/* Include ASN.1 DER (required by DSA/RSA) */ +#define LTC_DER + +#endif /* LTC_NO_PKCS */ + +/* misc stuff */ +#ifndef LTC_NO_MISC + +/* Various tidbits of modern neatoness */ +#define LTC_BASE64 +/* ... and it's URL safe version */ +#define LTC_BASE64_URL + +/* Keep LTC_NO_HKDF for compatibility reasons + * superseeded by LTC_NO_MISC*/ +#ifndef LTC_NO_HKDF +/* HKDF Key Derivation/Expansion stuff */ +#define LTC_HKDF +#endif /* LTC_NO_HKDF */ + +#define LTC_ADLER32 + +#define LTC_CRC32 + +#endif /* LTC_NO_MISC */ + +/* cleanup */ + +#ifdef LTC_MECC +/* Supported ECC Key Sizes */ +#ifndef LTC_NO_CURVES + #define LTC_ECC112 + #define LTC_ECC128 + #define LTC_ECC160 + #define LTC_ECC192 + #define LTC_ECC224 + #define LTC_ECC256 + #define LTC_ECC384 + #define LTC_ECC521 #endif -#ifdef DROPBEAR_ECC_521 -#define ECC521 #endif + +#if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_MKAT) + /* Include the MPI functionality? (required by the PK algorithms) */ + #define LTC_MPI + + #ifndef LTC_PK_MAX_RETRIES + /* iterations limit for retry-loops */ + #define LTC_PK_MAX_RETRIES 20 + #endif #endif -/* Various tidbits of modern neatoness */ -#define LTC_BASE64 +#ifdef LTC_MRSA + #define LTC_PKCS_1 +#endif + +#if defined(LTC_PELICAN) && !defined(LTC_RIJNDAEL) + #error Pelican-MAC requires LTC_RIJNDAEL +#endif + +#if defined(LTC_EAX_MODE) && !(defined(LTC_CTR_MODE) && defined(LTC_OMAC)) + #error LTC_EAX_MODE requires CTR and LTC_OMAC mode +#endif + +#if defined(LTC_YARROW) && !defined(LTC_CTR_MODE) + #error LTC_YARROW requires LTC_CTR_MODE chaining mode to be defined! +#endif + +#if defined(LTC_DER) && !defined(LTC_MPI) + #error ASN.1 DER requires MPI functionality +#endif -/* default no pthread functions */ +/* Dropbear patched out LTC_MECC */ +#if (defined(LTC_MDSA) || defined(LTC_MRSA) || /*defined(LTC_MECC) ||*/ defined(LTC_MKAT)) && !defined(LTC_DER) + #error PK requires ASN.1 DER functionality, make sure LTC_DER is enabled +#endif + +#if defined(LTC_CHACHA20POLY1305_MODE) && (!defined(LTC_CHACHA) || !defined(LTC_POLY1305)) + #error LTC_CHACHA20POLY1305_MODE requires LTC_CHACHA + LTC_POLY1305 +#endif + +#if defined(LTC_CHACHA20_PRNG) && !defined(LTC_CHACHA) + #error LTC_CHACHA20_PRNG requires LTC_CHACHA +#endif + +#if defined(LTC_RC4) && !defined(LTC_RC4_STREAM) + #error LTC_RC4 requires LTC_RC4_STREAM +#endif + +#if defined(LTC_SOBER128) && !defined(LTC_SOBER128_STREAM) + #error LTC_SOBER128 requires LTC_SOBER128_STREAM +#endif + +#if defined(LTC_BLAKE2SMAC) && !defined(LTC_BLAKE2S) + #error LTC_BLAKE2SMAC requires LTC_BLAKE2S +#endif + +#if defined(LTC_BLAKE2BMAC) && !defined(LTC_BLAKE2B) + #error LTC_BLAKE2BMAC requires LTC_BLAKE2B +#endif + +#if defined(LTC_SPRNG) && !defined(LTC_RNG_GET_BYTES) + #error LTC_SPRNG requires LTC_RNG_GET_BYTES +#endif + +#if defined(LTC_NO_MATH) && (defined(LTM_DESC) || defined(TFM_DESC) || defined(GMP_DESC)) + #error LTC_NO_MATH defined, but also a math descriptor +#endif + +/* THREAD management */ +#ifdef LTC_PTHREAD + +#include <pthread.h> + +#define LTC_MUTEX_GLOBAL(x) pthread_mutex_t x = PTHREAD_MUTEX_INITIALIZER; +#define LTC_MUTEX_PROTO(x) extern pthread_mutex_t x; +#define LTC_MUTEX_TYPE(x) pthread_mutex_t x; +#define LTC_MUTEX_INIT(x) LTC_ARGCHK(pthread_mutex_init(x, NULL) == 0); +#define LTC_MUTEX_LOCK(x) LTC_ARGCHK(pthread_mutex_lock(x) == 0); +#define LTC_MUTEX_UNLOCK(x) LTC_ARGCHK(pthread_mutex_unlock(x) == 0); +#define LTC_MUTEX_DESTROY(x) LTC_ARGCHK(pthread_mutex_destroy(x) == 0); + +#else + +/* default no functions */ #define LTC_MUTEX_GLOBAL(x) #define LTC_MUTEX_PROTO(x) #define LTC_MUTEX_TYPE(x) #define LTC_MUTEX_INIT(x) #define LTC_MUTEX_LOCK(x) #define LTC_MUTEX_UNLOCK(x) -#define FORTUNA_POOLS 0 +#define LTC_MUTEX_DESTROY(x) + +#endif /* Debuggers */ -/* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and LTC_RC4 work (see the code) */ +/* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and RC4 work (see the code) */ /* #define LTC_VALGRIND */ #endif +#ifndef LTC_NO_FILE + /* buffer size for reading from a file via fread(..) */ + #ifndef LTC_FILE_READ_BUFSIZE + #define LTC_FILE_READ_BUFSIZE 8192 + #endif +#endif - -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/headers/tomcrypt_dropbear.h b/libtomcrypt/src/headers/tomcrypt_dropbear.h new file mode 100644 index 0000000..b0ce45b --- /dev/null +++ b/libtomcrypt/src/headers/tomcrypt_dropbear.h @@ -0,0 +1,84 @@ +/* compile options depend on Dropbear options.h */ +#include "options.h" + +/* Dropbear config */ + +#define LTC_NOTHING + +/* Use small code where possible */ +#if DROPBEAR_SMALL_CODE +#define LTC_SMALL_CODE +#endif + +#if DROPBEAR_BLOWFISH +#define LTC_BLOWFISH +#endif +#if DROPBEAR_AES +#define LTC_RIJNDAEL +#endif +/* _TABLES tells it to use tables during setup, _SMALL means to use the smaller scheduled key format + * (saves 4KB of ram), _ALL_TABLES enables all tables during setup */ +#if DROPBEAR_TWOFISH +#define LTC_TWOFISH +#define LTC_TWOFISH_SMALL +#endif + +#if DROPBEAR_3DES +#define LTC_DES +#endif + +#if DROPBEAR_ENABLE_CTR_MODE +#define LTC_CBC_MODE +#endif + +#if DROPBEAR_ENABLE_CTR_MODE +#define LTC_CTR_MODE +#endif + + +#if DROPBEAR_SHA512 +#define LTC_SHA512 +#endif + +#if DROPBEAR_SHA384 +#define LTC_SHA384 +#endif + +#if DROPBEAR_SHA256 +#define LTC_SHA256 +#endif + +#define LTC_SHA1 + +#if DROPBEAR_MD5 +#define LTC_MD5 +#endif + +/* ECC */ +#if DROPBEAR_ECC +#define LTC_MECC +#define LTM_DESC + +/* use Shamir's trick for point mul (speeds up signature verification) */ +#define LTC_ECC_SHAMIR + +#if DROPBEAR_ECC_256 +#define LTC_ECC256 +#endif +#if DROPBEAR_ECC_384 +#define LTC_ECC384 +#endif +#if DROPBEAR_ECC_521 +#define LTC_ECC521 +#endif + +#endif /* DROPBEAR_ECC */ + +#define LTC_HMAC +#define LTC_HASH_HELPERS + +#define LTC_NO_TEST + +#define LTC_BASE64 + +/* end Dropbear config */ diff --git a/libtomcrypt/src/headers/tomcrypt_hash.h b/libtomcrypt/src/headers/tomcrypt_hash.h index 56b272a..ef494f7 100644 --- a/libtomcrypt/src/headers/tomcrypt_hash.h +++ b/libtomcrypt/src/headers/tomcrypt_hash.h @@ -1,4 +1,25 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + /* ---- HASH FUNCTIONS ---- */ +#ifdef LTC_SHA3 +struct sha3_state { + ulong64 saved; /* the portion of the input message that we didn't consume yet */ + ulong64 s[25]; + unsigned char sb[25 * 8]; /* used for storing `ulong64 s[25]` as little-endian bytes */ + unsigned short byte_index; /* 0..7--the next byte after the set one (starts from 0; 0--none are buffered) */ + unsigned short word_index; /* 0..24--the next word to integrate input (starts from 0) */ + unsigned short capacity_words; /* the double size of the hash output in words (e.g. 16 for Keccak 512) */ + unsigned short xof_flag; +}; +#endif + #ifdef LTC_SHA512 struct sha512_state { ulong64 length, state[8]; @@ -102,6 +123,30 @@ struct chc_state { }; #endif +#ifdef LTC_BLAKE2S +struct blake2s_state { + ulong32 h[8]; + ulong32 t[2]; + ulong32 f[2]; + unsigned char buf[64]; + unsigned long curlen; + unsigned long outlen; + unsigned char last_node; +}; +#endif + +#ifdef LTC_BLAKE2B +struct blake2b_state { + ulong64 h[8]; + ulong64 t[2]; + ulong64 f[2]; + unsigned char buf[128]; + unsigned long curlen; + unsigned long outlen; + unsigned char last_node; +}; +#endif + typedef union Hash_state { char dummy[1]; #ifdef LTC_CHC_HASH @@ -110,6 +155,9 @@ typedef union Hash_state { #ifdef LTC_WHIRLPOOL struct whirlpool_state whirlpool; #endif +#ifdef LTC_SHA3 + struct sha3_state sha3; +#endif #ifdef LTC_SHA512 struct sha512_state sha512; #endif @@ -143,13 +191,20 @@ typedef union Hash_state { #ifdef LTC_RIPEMD320 struct rmd320_state rmd320; #endif +#ifdef LTC_BLAKE2S + struct blake2s_state blake2s; +#endif +#ifdef LTC_BLAKE2B + struct blake2b_state blake2b; +#endif + void *data; } hash_state; /** hash descriptor */ extern struct ltc_hash_descriptor { /** name of hash */ - char *name; + const char *name; /** internal ID */ unsigned char ID; /** Size of digest in octets */ @@ -166,7 +221,7 @@ extern struct ltc_hash_descriptor { @return CRYPT_OK if successful */ int (*init)(hash_state *hash); - /** Process a block of data + /** Process a block of data @param hash The hash state @param in The data to hash @param inlen The length of the data (octets) @@ -186,7 +241,7 @@ extern struct ltc_hash_descriptor { /* accelerated hmac callback: if you need to-do multiple packets just use the generic hmac_memory and provide a hash callback */ int (*hmac_block)(const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, + const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); } hash_descriptor[]; @@ -208,6 +263,30 @@ int whirlpool_test(void); extern const struct ltc_hash_descriptor whirlpool_desc; #endif +#ifdef LTC_SHA3 +int sha3_512_init(hash_state * md); +int sha3_512_test(void); +extern const struct ltc_hash_descriptor sha3_512_desc; +int sha3_384_init(hash_state * md); +int sha3_384_test(void); +extern const struct ltc_hash_descriptor sha3_384_desc; +int sha3_256_init(hash_state * md); +int sha3_256_test(void); +extern const struct ltc_hash_descriptor sha3_256_desc; +int sha3_224_init(hash_state * md); +int sha3_224_test(void); +extern const struct ltc_hash_descriptor sha3_224_desc; +/* process + done are the same for all variants */ +int sha3_process(hash_state * md, const unsigned char *in, unsigned long inlen); +int sha3_done(hash_state *md, unsigned char *hash); +/* SHAKE128 + SHAKE256 */ +int sha3_shake_init(hash_state *md, int num); +#define sha3_shake_process(a,b,c) sha3_process(a,b,c) +int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen); +int sha3_shake_test(void); +int sha3_shake_memory(int num, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); +#endif + #ifdef LTC_SHA512 int sha512_init(hash_state * md); int sha512_process(hash_state * md, const unsigned char *in, unsigned long inlen); @@ -227,6 +306,28 @@ int sha384_test(void); extern const struct ltc_hash_descriptor sha384_desc; #endif +#ifdef LTC_SHA512_256 +#ifndef LTC_SHA512 + #error LTC_SHA512 is required for LTC_SHA512_256 +#endif +int sha512_256_init(hash_state * md); +#define sha512_256_process sha512_process +int sha512_256_done(hash_state * md, unsigned char *hash); +int sha512_256_test(void); +extern const struct ltc_hash_descriptor sha512_256_desc; +#endif + +#ifdef LTC_SHA512_224 +#ifndef LTC_SHA512 + #error LTC_SHA512 is required for LTC_SHA512_224 +#endif +int sha512_224_init(hash_state * md); +#define sha512_224_process sha512_process +int sha512_224_done(hash_state * md, unsigned char *hash); +int sha512_224_test(void); +extern const struct ltc_hash_descriptor sha512_224_desc; +#endif + #ifdef LTC_SHA256 int sha256_init(hash_state * md); int sha256_process(hash_state * md, const unsigned char *in, unsigned long inlen); @@ -254,6 +355,50 @@ int sha1_test(void); extern const struct ltc_hash_descriptor sha1_desc; #endif +#ifdef LTC_BLAKE2S +extern const struct ltc_hash_descriptor blake2s_256_desc; +int blake2s_256_init(hash_state * md); +int blake2s_256_test(void); + +extern const struct ltc_hash_descriptor blake2s_224_desc; +int blake2s_224_init(hash_state * md); +int blake2s_224_test(void); + +extern const struct ltc_hash_descriptor blake2s_160_desc; +int blake2s_160_init(hash_state * md); +int blake2s_160_test(void); + +extern const struct ltc_hash_descriptor blake2s_128_desc; +int blake2s_128_init(hash_state * md); +int blake2s_128_test(void); + +int blake2s_init(hash_state * md, unsigned long outlen, const unsigned char *key, unsigned long keylen); +int blake2s_process(hash_state * md, const unsigned char *in, unsigned long inlen); +int blake2s_done(hash_state * md, unsigned char *hash); +#endif + +#ifdef LTC_BLAKE2B +extern const struct ltc_hash_descriptor blake2b_512_desc; +int blake2b_512_init(hash_state * md); +int blake2b_512_test(void); + +extern const struct ltc_hash_descriptor blake2b_384_desc; +int blake2b_384_init(hash_state * md); +int blake2b_384_test(void); + +extern const struct ltc_hash_descriptor blake2b_256_desc; +int blake2b_256_init(hash_state * md); +int blake2b_256_test(void); + +extern const struct ltc_hash_descriptor blake2b_160_desc; +int blake2b_160_init(hash_state * md); +int blake2b_160_test(void); + +int blake2b_init(hash_state * md, unsigned long outlen, const unsigned char *key, unsigned long keylen); +int blake2b_process(hash_state * md, const unsigned char *in, unsigned long inlen); +int blake2b_done(hash_state * md, unsigned char *hash); +#endif + #ifdef LTC_MD5 int md5_init(hash_state * md); int md5_process(hash_state * md, const unsigned char *in, unsigned long inlen); @@ -325,17 +470,21 @@ int find_hash_oid(const unsigned long *ID, unsigned long IDlen); int find_hash_any(const char *name, int digestlen); int register_hash(const struct ltc_hash_descriptor *hash); int unregister_hash(const struct ltc_hash_descriptor *hash); +int register_all_hashes(void); int hash_is_valid(int idx); LTC_MUTEX_PROTO(ltc_hash_mutex) -int hash_memory(int hash, - const unsigned char *in, unsigned long inlen, +int hash_memory(int hash, + const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); int hash_memory_multi(int hash, unsigned char *out, unsigned long *outlen, const unsigned char *in, unsigned long inlen, ...); + +#ifndef LTC_NO_FILE int hash_filehandle(int hash, FILE *in, unsigned char *out, unsigned long *outlen); int hash_file(int hash, const char *fname, unsigned char *out, unsigned long *outlen); +#endif /* a simple macro for making hash "process" functions */ #define HASH_PROCESS(func_name, compress_name, state_var, block_size) \ @@ -348,6 +497,9 @@ int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \ return CRYPT_INVALID_ARG; \ } \ + if ((md-> state_var .length + inlen) < md-> state_var .length) { \ + return CRYPT_HASH_OVERFLOW; \ + } \ while (inlen > 0) { \ if (md-> state_var .curlen == 0 && inlen >= block_size) { \ if ((err = compress_name (md, (unsigned char *)in)) != CRYPT_OK) { \ @@ -358,7 +510,7 @@ int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) inlen -= block_size; \ } else { \ n = MIN(inlen, (block_size - md-> state_var .curlen)); \ - memcpy(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \ + XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \ md-> state_var .curlen += n; \ in += n; \ inlen -= n; \ @@ -374,6 +526,6 @@ int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) return CRYPT_OK; \ } -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/headers/tomcrypt_mac.h b/libtomcrypt/src/headers/tomcrypt_mac.h index d030d73..04f825d 100644 --- a/libtomcrypt/src/headers/tomcrypt_mac.h +++ b/libtomcrypt/src/headers/tomcrypt_mac.h @@ -1,3 +1,12 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + #ifdef LTC_HMAC typedef struct Hmac_state { hash_state md; @@ -10,23 +19,23 @@ int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned lon int hmac_process(hmac_state *hmac, const unsigned char *in, unsigned long inlen); int hmac_done(hmac_state *hmac, unsigned char *out, unsigned long *outlen); int hmac_test(void); -int hmac_memory(int hash, +int hmac_memory(int hash, const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, + const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); -int hmac_memory_multi(int hash, +int hmac_memory_multi(int hash, const unsigned char *key, unsigned long keylen, unsigned char *out, unsigned long *outlen, const unsigned char *in, unsigned long inlen, ...); int hmac_file(int hash, const char *fname, const unsigned char *key, - unsigned long keylen, + unsigned long keylen, unsigned char *dst, unsigned long *dstlen); #endif #ifdef LTC_OMAC typedef struct { - int cipher_idx, + int cipher_idx, buflen, blklen; unsigned char block[MAXBLOCKSIZE], @@ -38,17 +47,17 @@ typedef struct { int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned long keylen); int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen); int omac_done(omac_state *omac, unsigned char *out, unsigned long *outlen); -int omac_memory(int cipher, +int omac_memory(int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); -int omac_memory_multi(int cipher, +int omac_memory_multi(int cipher, const unsigned char *key, unsigned long keylen, unsigned char *out, unsigned long *outlen, const unsigned char *in, unsigned long inlen, ...); -int omac_file(int cipher, +int omac_file(int cipher, const unsigned char *key, unsigned long keylen, - const char *filename, + const char *filename, unsigned char *out, unsigned long *outlen); int omac_test(void); #endif /* LTC_OMAC */ @@ -73,19 +82,19 @@ int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned l int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen); int pmac_done(pmac_state *pmac, unsigned char *out, unsigned long *outlen); -int pmac_memory(int cipher, +int pmac_memory(int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *msg, unsigned long msglen, unsigned char *out, unsigned long *outlen); -int pmac_memory_multi(int cipher, +int pmac_memory_multi(int cipher, const unsigned char *key, unsigned long keylen, unsigned char *out, unsigned long *outlen, const unsigned char *in, unsigned long inlen, ...); -int pmac_file(int cipher, +int pmac_file(int cipher, const unsigned char *key, unsigned long keylen, - const char *filename, + const char *filename, unsigned char *out, unsigned long *outlen); int pmac_test(void); @@ -96,6 +105,47 @@ void pmac_shift_xor(pmac_state *pmac); #endif /* PMAC */ +#ifdef LTC_POLY1305 +typedef struct { + ulong32 r[5]; + ulong32 h[5]; + ulong32 pad[4]; + unsigned long leftover; + unsigned char buffer[16]; + int final; +} poly1305_state; + +int poly1305_init(poly1305_state *st, const unsigned char *key, unsigned long keylen); +int poly1305_process(poly1305_state *st, const unsigned char *in, unsigned long inlen); +int poly1305_done(poly1305_state *st, unsigned char *mac, unsigned long *maclen); +int poly1305_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen); +int poly1305_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...); +int poly1305_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen); +int poly1305_test(void); +#endif /* LTC_POLY1305 */ + +#ifdef LTC_BLAKE2SMAC +typedef hash_state blake2smac_state; +int blake2smac_init(blake2smac_state *st, unsigned long outlen, const unsigned char *key, unsigned long keylen); +int blake2smac_process(blake2smac_state *st, const unsigned char *in, unsigned long inlen); +int blake2smac_done(blake2smac_state *st, unsigned char *mac, unsigned long *maclen); +int blake2smac_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen); +int blake2smac_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...); +int blake2smac_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen); +int blake2smac_test(void); +#endif /* LTC_BLAKE2SMAC */ + +#ifdef LTC_BLAKE2BMAC +typedef hash_state blake2bmac_state; +int blake2bmac_init(blake2bmac_state *st, unsigned long outlen, const unsigned char *key, unsigned long keylen); +int blake2bmac_process(blake2bmac_state *st, const unsigned char *in, unsigned long inlen); +int blake2bmac_done(blake2bmac_state *st, unsigned char *mac, unsigned long *maclen); +int blake2bmac_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen); +int blake2bmac_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...); +int blake2bmac_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen); +int blake2bmac_test(void); +#endif /* LTC_BLAKE2BMAC */ + #ifdef LTC_EAX_MODE #if !(defined(LTC_OMAC) && defined(LTC_CTR_MODE)) @@ -152,32 +202,32 @@ typedef struct { block_len; /* length of block */ } ocb_state; -int ocb_init(ocb_state *ocb, int cipher, +int ocb_init(ocb_state *ocb, int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *nonce); int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct); int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt); -int ocb_done_encrypt(ocb_state *ocb, +int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, + unsigned char *ct, unsigned char *tag, unsigned long *taglen); -int ocb_done_decrypt(ocb_state *ocb, +int ocb_done_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, + unsigned char *pt, const unsigned char *tag, unsigned long taglen, int *stat); int ocb_encrypt_authenticate_memory(int cipher, const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, + const unsigned char *nonce, const unsigned char *pt, unsigned long ptlen, unsigned char *ct, unsigned char *tag, unsigned long *taglen); int ocb_decrypt_verify_memory(int cipher, const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, + const unsigned char *nonce, const unsigned char *ct, unsigned long ctlen, unsigned char *pt, const unsigned char *tag, unsigned long taglen, @@ -193,10 +243,111 @@ int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, #endif /* LTC_OCB_MODE */ +#ifdef LTC_OCB3_MODE +typedef struct { + unsigned char Offset_0[MAXBLOCKSIZE], /* Offset_0 value */ + Offset_current[MAXBLOCKSIZE], /* Offset_{current_block_index} value */ + L_dollar[MAXBLOCKSIZE], /* L_$ value */ + L_star[MAXBLOCKSIZE], /* L_* value */ + L_[32][MAXBLOCKSIZE], /* L_{i} values */ + tag_part[MAXBLOCKSIZE], /* intermediate result of tag calculation */ + checksum[MAXBLOCKSIZE]; /* current checksum */ + + /* AAD related members */ + unsigned char aSum_current[MAXBLOCKSIZE], /* AAD related helper variable */ + aOffset_current[MAXBLOCKSIZE], /* AAD related helper variable */ + adata_buffer[MAXBLOCKSIZE]; /* AAD buffer */ + int adata_buffer_bytes; /* bytes in AAD buffer */ + unsigned long ablock_index; /* index # for current adata (AAD) block */ + + symmetric_key key; /* scheduled key for cipher */ + unsigned long block_index; /* index # for current data block */ + int cipher, /* cipher idx */ + tag_len, /* length of tag */ + block_len; /* length of block */ +} ocb3_state; + +int ocb3_init(ocb3_state *ocb, int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, unsigned long noncelen, + unsigned long taglen); + +int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct); +int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt); +int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct); +int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt); +int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen); +int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen); + +int ocb3_encrypt_authenticate_memory(int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, unsigned long noncelen, + const unsigned char *adata, unsigned long adatalen, + const unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen); + +int ocb3_decrypt_verify_memory(int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, unsigned long noncelen, + const unsigned char *adata, unsigned long adatalen, + const unsigned char *ct, unsigned long ctlen, + unsigned char *pt, + const unsigned char *tag, unsigned long taglen, + int *stat); + +int ocb3_test(void); + +#ifdef LTC_SOURCE +/* internal helper functions */ +int ocb3_int_ntz(unsigned long x); +void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len); +#endif /* LTC_SOURCE */ + +#endif /* LTC_OCB3_MODE */ + #ifdef LTC_CCM_MODE -#define CCM_ENCRYPT 0 -#define CCM_DECRYPT 1 +#define CCM_ENCRYPT LTC_ENCRYPT +#define CCM_DECRYPT LTC_DECRYPT + +typedef struct { + symmetric_key K; + int cipher, /* which cipher */ + taglen, /* length of the tag */ + x; /* index in PAD */ + + unsigned long L, /* L value */ + ptlen, /* length that will be enc / dec */ + current_ptlen, /* current processed length */ + aadlen, /* length of the aad */ + current_aadlen, /* length of the currently provided add */ + noncelen; /* length of the nonce */ + + unsigned char PAD[16], + ctr[16], + CTRPAD[16], + CTRlen; +} ccm_state; + +int ccm_init(ccm_state *ccm, int cipher, + const unsigned char *key, int keylen, int ptlen, int taglen, int aad_len); + +int ccm_reset(ccm_state *ccm); + +int ccm_add_nonce(ccm_state *ccm, + const unsigned char *nonce, unsigned long noncelen); + +int ccm_add_aad(ccm_state *ccm, + const unsigned char *adata, unsigned long adatalen); + +int ccm_process(ccm_state *ccm, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + int direction); + +int ccm_done(ccm_state *ccm, + unsigned char *tag, unsigned long *taglen); int ccm_memory(int cipher, const unsigned char *key, unsigned long keylen, @@ -218,20 +369,20 @@ void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char * /* table shared between GCM and LRW */ -#if defined(LTC_GCM_TABLES) || defined(LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST)) +#if defined(LTC_GCM_TABLES) || defined(LTC_LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST)) extern const unsigned char gcm_shift_table[]; #endif #ifdef LTC_GCM_MODE -#define GCM_ENCRYPT 0 -#define GCM_DECRYPT 1 +#define GCM_ENCRYPT LTC_ENCRYPT +#define GCM_DECRYPT LTC_DECRYPT #define LTC_GCM_MODE_IV 0 #define LTC_GCM_MODE_AAD 1 #define LTC_GCM_MODE_TEXT 2 -typedef struct { +typedef struct { symmetric_key K; unsigned char H[16], /* multiplier */ X[16], /* accumulator */ @@ -253,7 +404,7 @@ typedef struct { __attribute__ ((aligned (16))) #endif ; -#endif +#endif } gcm_state; void gcm_mult_h(gcm_state *gcm, unsigned char *I); @@ -263,7 +414,7 @@ int gcm_init(gcm_state *gcm, int cipher, int gcm_reset(gcm_state *gcm); -int gcm_add_iv(gcm_state *gcm, +int gcm_add_iv(gcm_state *gcm, const unsigned char *IV, unsigned long IVlen); int gcm_add_aad(gcm_state *gcm, @@ -274,7 +425,7 @@ int gcm_process(gcm_state *gcm, unsigned char *ct, int direction); -int gcm_done(gcm_state *gcm, +int gcm_done(gcm_state *gcm, unsigned char *tag, unsigned long *taglen); int gcm_memory( int cipher, @@ -282,7 +433,7 @@ int gcm_memory( int cipher, const unsigned char *IV, unsigned long IVlen, const unsigned char *adata, unsigned long adatalen, unsigned char *pt, unsigned long ptlen, - unsigned char *ct, + unsigned char *ct, unsigned char *tag, unsigned long *taglen, int direction); int gcm_test(void); @@ -328,17 +479,17 @@ typedef struct { int xcbc_init(xcbc_state *xcbc, int cipher, const unsigned char *key, unsigned long keylen); int xcbc_process(xcbc_state *xcbc, const unsigned char *in, unsigned long inlen); int xcbc_done(xcbc_state *xcbc, unsigned char *out, unsigned long *outlen); -int xcbc_memory(int cipher, +int xcbc_memory(int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); -int xcbc_memory_multi(int cipher, +int xcbc_memory_multi(int cipher, const unsigned char *key, unsigned long keylen, unsigned char *out, unsigned long *outlen, const unsigned char *in, unsigned long inlen, ...); -int xcbc_file(int cipher, +int xcbc_file(int cipher, const unsigned char *key, unsigned long keylen, - const char *filename, + const char *filename, unsigned char *out, unsigned long *outlen); int xcbc_test(void); @@ -362,23 +513,53 @@ typedef struct { int f9_init(f9_state *f9, int cipher, const unsigned char *key, unsigned long keylen); int f9_process(f9_state *f9, const unsigned char *in, unsigned long inlen); int f9_done(f9_state *f9, unsigned char *out, unsigned long *outlen); -int f9_memory(int cipher, +int f9_memory(int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); -int f9_memory_multi(int cipher, +int f9_memory_multi(int cipher, const unsigned char *key, unsigned long keylen, unsigned char *out, unsigned long *outlen, const unsigned char *in, unsigned long inlen, ...); -int f9_file(int cipher, +int f9_file(int cipher, const unsigned char *key, unsigned long keylen, - const char *filename, + const char *filename, unsigned char *out, unsigned long *outlen); int f9_test(void); #endif +#ifdef LTC_CHACHA20POLY1305_MODE -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +typedef struct { + poly1305_state poly; + chacha_state chacha; + ulong64 aadlen; + ulong64 ctlen; + int aadflg; +} chacha20poly1305_state; + +#define CHACHA20POLY1305_ENCRYPT LTC_ENCRYPT +#define CHACHA20POLY1305_DECRYPT LTC_DECRYPT + +int chacha20poly1305_init(chacha20poly1305_state *st, const unsigned char *key, unsigned long keylen); +int chacha20poly1305_setiv(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen); +int chacha20poly1305_setiv_rfc7905(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 sequence_number); +int chacha20poly1305_add_aad(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen); +int chacha20poly1305_encrypt(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); +int chacha20poly1305_decrypt(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); +int chacha20poly1305_done(chacha20poly1305_state *st, unsigned char *tag, unsigned long *taglen); +int chacha20poly1305_memory(const unsigned char *key, unsigned long keylen, + const unsigned char *iv, unsigned long ivlen, + const unsigned char *aad, unsigned long aadlen, + const unsigned char *in, unsigned long inlen, + unsigned char *out, + unsigned char *tag, unsigned long *taglen, + int direction); +int chacha20poly1305_test(void); + +#endif /* LTC_CHACHA20POLY1305_MODE */ + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/headers/tomcrypt_macros.h b/libtomcrypt/src/headers/tomcrypt_macros.h index 6e4d757..94e368f 100644 --- a/libtomcrypt/src/headers/tomcrypt_macros.h +++ b/libtomcrypt/src/headers/tomcrypt_macros.h @@ -1,73 +1,73 @@ -/* fix for MSVC ...evil! */ -#ifdef _MSC_VER - #define CONST64(n) n ## ui64 - typedef unsigned __int64 ulong64; -#else - #define CONST64(n) n ## ULL - typedef unsigned long long ulong64; -#endif - -/* this is the "32-bit at least" data type - * Re-define it to suit your platform but it must be at least 32-bits +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. */ -#if defined(__x86_64__) || (defined(__sparc__) && defined(__arch64__)) - typedef unsigned ulong32; -#else - typedef unsigned long ulong32; -#endif /* ---- HELPER MACROS ---- */ #ifdef ENDIAN_NEUTRAL #define STORE32L(x, y) \ - { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } + do { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) #define LOAD32L(x, y) \ - { x = ((unsigned long)((y)[3] & 255)<<24) | \ - ((unsigned long)((y)[2] & 255)<<16) | \ - ((unsigned long)((y)[1] & 255)<<8) | \ - ((unsigned long)((y)[0] & 255)); } + do { x = ((ulong32)((y)[3] & 255)<<24) | \ + ((ulong32)((y)[2] & 255)<<16) | \ + ((ulong32)((y)[1] & 255)<<8) | \ + ((ulong32)((y)[0] & 255)); } while(0) #define STORE64L(x, y) \ - { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ + do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) #define LOAD64L(x, y) \ - { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ + do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \ (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } + (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0) #define STORE32H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ - (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } + do { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ + (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } while(0) #define LOAD32H(x, y) \ - { x = ((unsigned long)((y)[0] & 255)<<24) | \ - ((unsigned long)((y)[1] & 255)<<16) | \ - ((unsigned long)((y)[2] & 255)<<8) | \ - ((unsigned long)((y)[3] & 255)); } + do { x = ((ulong32)((y)[0] & 255)<<24) | \ + ((ulong32)((y)[1] & 255)<<16) | \ + ((ulong32)((y)[2] & 255)<<8) | \ + ((ulong32)((y)[3] & 255)); } while(0) #define STORE64H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ +do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } + (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0) #define LOAD64H(x, y) \ - { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ +do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \ (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \ - (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } + (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } while(0) + + +#elif defined(ENDIAN_LITTLE) -#endif /* ENDIAN_NEUTRAL */ +#ifdef LTC_HAVE_BSWAP_BUILTIN -#ifdef ENDIAN_LITTLE +#define STORE32H(x, y) \ +do { ulong32 __t = __builtin_bswap32 ((x)); \ + XMEMCPY ((y), &__t, 4); } while(0) -#if !defined(LTC_NO_BSWAP) && (defined(INTEL_CC) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__) || defined(__x86_64__)))) +#define LOAD32H(x, y) \ +do { XMEMCPY (&(x), (y), 4); \ + (x) = __builtin_bswap32 ((x)); } while(0) + +#elif !defined(LTC_NO_BSWAP) && (defined(INTEL_CC) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__) || defined(__x86_64__)))) #define STORE32H(x, y) \ asm __volatile__ ( \ @@ -85,144 +85,152 @@ asm __volatile__ ( \ #else #define STORE32H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ - (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } + do { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ + (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } while(0) #define LOAD32H(x, y) \ - { x = ((unsigned long)((y)[0] & 255)<<24) | \ - ((unsigned long)((y)[1] & 255)<<16) | \ - ((unsigned long)((y)[2] & 255)<<8) | \ - ((unsigned long)((y)[3] & 255)); } + do { x = ((ulong32)((y)[0] & 255)<<24) | \ + ((ulong32)((y)[1] & 255)<<16) | \ + ((ulong32)((y)[2] & 255)<<8) | \ + ((ulong32)((y)[3] & 255)); } while(0) #endif +#ifdef LTC_HAVE_BSWAP_BUILTIN + +#define STORE64H(x, y) \ +do { ulong64 __t = __builtin_bswap64 ((x)); \ + XMEMCPY ((y), &__t, 8); } while(0) + +#define LOAD64H(x, y) \ +do { XMEMCPY (&(x), (y), 8); \ + (x) = __builtin_bswap64 ((x)); } while(0) /* x86_64 processor */ -#if !defined(LTC_NO_BSWAP) && (defined(__GNUC__) && defined(__x86_64__)) +#elif !defined(LTC_NO_BSWAP) && (defined(__GNUC__) && defined(__x86_64__)) #define STORE64H(x, y) \ asm __volatile__ ( \ "bswapq %0 \n\t" \ "movq %0,(%1)\n\t" \ "bswapq %0 \n\t" \ - ::"r"(x), "r"(y)); + ::"r"(x), "r"(y): "memory"); #define LOAD64H(x, y) \ asm __volatile__ ( \ "movq (%1),%0\n\t" \ "bswapq %0\n\t" \ - :"=r"(x): "r"(y)); + :"=r"(x): "r"(y): "memory"); #else #define STORE64H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ +do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } + (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0) #define LOAD64H(x, y) \ - { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ +do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \ (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \ - (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } + (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } while(0) #endif -#ifdef ENDIAN_32BITWORD +#ifdef ENDIAN_32BITWORD #define STORE32L(x, y) \ - { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } + do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) #define LOAD32L(x, y) \ - XMEMCPY(&(x), y, 4); + do { XMEMCPY(&(x), y, 4); } while(0) #define STORE64L(x, y) \ - { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ + do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) #define LOAD64L(x, y) \ - { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ + do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \ (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } + (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0) #else /* 64-bit words then */ #define STORE32L(x, y) \ - { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } + do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) #define LOAD32L(x, y) \ - { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } + do { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } while(0) #define STORE64L(x, y) \ - { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } + do { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } while(0) #define LOAD64L(x, y) \ - { XMEMCPY(&(x), y, 8); } + do { XMEMCPY(&(x), y, 8); } while(0) #endif /* ENDIAN_64BITWORD */ -#endif /* ENDIAN_LITTLE */ +#elif defined(ENDIAN_BIG) -#ifdef ENDIAN_BIG #define STORE32L(x, y) \ - { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } + do { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) #define LOAD32L(x, y) \ - { x = ((unsigned long)((y)[3] & 255)<<24) | \ - ((unsigned long)((y)[2] & 255)<<16) | \ - ((unsigned long)((y)[1] & 255)<<8) | \ - ((unsigned long)((y)[0] & 255)); } + do { x = ((ulong32)((y)[3] & 255)<<24) | \ + ((ulong32)((y)[2] & 255)<<16) | \ + ((ulong32)((y)[1] & 255)<<8) | \ + ((ulong32)((y)[0] & 255)); } while(0) #define STORE64L(x, y) \ - { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ +do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) #define LOAD64L(x, y) \ - { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48) | \ +do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48) | \ (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32) | \ (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16) | \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } + (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0) -#ifdef ENDIAN_32BITWORD +#ifdef ENDIAN_32BITWORD #define STORE32H(x, y) \ - { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } + do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) #define LOAD32H(x, y) \ - XMEMCPY(&(x), y, 4); + do { XMEMCPY(&(x), y, 4); } while(0) #define STORE64H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ + do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } + (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0) #define LOAD64H(x, y) \ - { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48)| \ + do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48)| \ (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32)| \ (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16)| \ - (((ulong64)((y)[6] & 255))<<8)| (((ulong64)((y)[7] & 255))); } + (((ulong64)((y)[6] & 255))<<8)| (((ulong64)((y)[7] & 255))); } while(0) #else /* 64-bit words then */ #define STORE32H(x, y) \ - { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } + do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) #define LOAD32H(x, y) \ - { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } + do { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } while(0) #define STORE64H(x, y) \ - { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } + do { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } while(0) #define LOAD64H(x, y) \ - { XMEMCPY(&(x), y, 8); } + do { XMEMCPY(&(x), y, 8); } while(0) #endif /* ENDIAN_64BITWORD */ #endif /* ENDIAN_BIG */ @@ -233,6 +241,7 @@ asm __volatile__ ( \ /* 32-bit Rotates */ #if defined(_MSC_VER) +#define LTC_ROx_ASM /* instrinsic rotate */ #include <stdlib.h> @@ -243,8 +252,9 @@ asm __volatile__ ( \ #define ROLc(x,n) _lrotl(x,n) #elif !defined(__STRICT_ANSI__) && defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(LTC_NO_ASM) +#define LTC_ROx_ASM -static inline unsigned ROL(unsigned word, int i) +static inline ulong32 ROL(ulong32 word, int i) { asm ("roll %%cl,%0" :"=r" (word) @@ -252,7 +262,7 @@ static inline unsigned ROL(unsigned word, int i) return word; } -static inline unsigned ROR(unsigned word, int i) +static inline ulong32 ROR(ulong32 word, int i) { asm ("rorl %%cl,%0" :"=r" (word) @@ -262,21 +272,22 @@ static inline unsigned ROR(unsigned word, int i) #ifndef LTC_NO_ROLC -static inline unsigned ROLc(unsigned word, const int i) -{ - asm ("roll %2,%0" - :"=r" (word) - :"0" (word),"I" (i)); - return word; -} - -static inline unsigned RORc(unsigned word, const int i) -{ - asm ("rorl %2,%0" - :"=r" (word) - :"0" (word),"I" (i)); - return word; -} +#define ROLc(word,i) ({ \ + ulong32 __ROLc_tmp = (word); \ + __asm__ ("roll %2, %0" : \ + "=r" (__ROLc_tmp) : \ + "0" (__ROLc_tmp), \ + "I" (i)); \ + __ROLc_tmp; \ + }) +#define RORc(word,i) ({ \ + ulong32 __RORc_tmp = (word); \ + __asm__ ("rorl %2, %0" : \ + "=r" (__RORc_tmp) : \ + "0" (__RORc_tmp), \ + "I" (i)); \ + __RORc_tmp; \ + }) #else @@ -286,8 +297,9 @@ static inline unsigned RORc(unsigned word, const int i) #endif #elif !defined(__STRICT_ANSI__) && defined(LTC_PPC32) +#define LTC_ROx_ASM -static inline unsigned ROL(unsigned word, int i) +static inline ulong32 ROL(ulong32 word, int i) { asm ("rotlw %0,%0,%2" :"=r" (word) @@ -295,7 +307,7 @@ static inline unsigned ROL(unsigned word, int i) return word; } -static inline unsigned ROR(unsigned word, int i) +static inline ulong32 ROR(ulong32 word, int i) { asm ("rotlw %0,%0,%2" :"=r" (word) @@ -305,7 +317,7 @@ static inline unsigned ROR(unsigned word, int i) #ifndef LTC_NO_ROLC -static inline unsigned ROLc(unsigned word, const int i) +static inline ulong32 ROLc(ulong32 word, const int i) { asm ("rotlwi %0,%0,%2" :"=r" (word) @@ -313,7 +325,7 @@ static inline unsigned ROLc(unsigned word, const int i) return word; } -static inline unsigned RORc(unsigned word, const int i) +static inline ulong32 RORc(ulong32 word, const int i) { asm ("rotrwi %0,%0,%2" :"=r" (word) @@ -332,18 +344,18 @@ static inline unsigned RORc(unsigned word, const int i) #else /* rotates the hard way */ -#define ROL(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) -#define ROR(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) -#define ROLc(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) -#define RORc(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) +#define ROL(x, y) ( (((ulong32)(x)<<(ulong32)((y)&31)) | (((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL) +#define ROR(x, y) ( ((((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((y)&31)) | ((ulong32)(x)<<(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL) +#define ROLc(x, y) ( (((ulong32)(x)<<(ulong32)((y)&31)) | (((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL) +#define RORc(x, y) ( ((((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((y)&31)) | ((ulong32)(x)<<(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL) #endif /* 64-bit Rotates */ -#if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(LTC_NO_ASM) +#if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(_WIN64) && !defined(LTC_NO_ASM) -static inline unsigned long ROL64(unsigned long word, int i) +static inline ulong64 ROL64(ulong64 word, int i) { asm("rolq %%cl,%0" :"=r" (word) @@ -351,7 +363,7 @@ static inline unsigned long ROL64(unsigned long word, int i) return word; } -static inline unsigned long ROR64(unsigned long word, int i) +static inline ulong64 ROR64(ulong64 word, int i) { asm("rorq %%cl,%0" :"=r" (word) @@ -361,21 +373,22 @@ static inline unsigned long ROR64(unsigned long word, int i) #ifndef LTC_NO_ROLC -static inline unsigned long ROL64c(unsigned long word, const int i) -{ - asm("rolq %2,%0" - :"=r" (word) - :"0" (word),"J" (i)); - return word; -} - -static inline unsigned long ROR64c(unsigned long word, const int i) -{ - asm("rorq %2,%0" - :"=r" (word) - :"0" (word),"J" (i)); - return word; -} +#define ROL64c(word,i) ({ \ + ulong64 __ROL64c_tmp = word; \ + __asm__ ("rolq %2, %0" : \ + "=r" (__ROL64c_tmp) : \ + "0" (__ROL64c_tmp), \ + "J" (i)); \ + __ROL64c_tmp; \ + }) +#define ROR64c(word,i) ({ \ + ulong64 __ROR64c_tmp = word; \ + __asm__ ("rorq %2, %0" : \ + "=r" (__ROR64c_tmp) : \ + "0" (__ROR64c_tmp), \ + "J" (i)); \ + __ROR64c_tmp; \ + }) #else /* LTC_NO_ROLC */ @@ -388,19 +401,19 @@ static inline unsigned long ROR64c(unsigned long word, const int i) #define ROL64(x, y) \ ( (((x)<<((ulong64)(y)&63)) | \ - (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)64-((y)&63)))) & CONST64(0xFFFFFFFFFFFFFFFF)) + (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF)) #define ROR64(x, y) \ ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \ - ((x)<<((ulong64)(64-((y)&CONST64(63)))))) & CONST64(0xFFFFFFFFFFFFFFFF)) + ((x)<<(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF)) #define ROL64c(x, y) \ ( (((x)<<((ulong64)(y)&63)) | \ - (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)64-((y)&63)))) & CONST64(0xFFFFFFFFFFFFFFFF)) + (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF)) #define ROR64c(x, y) \ ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \ - ((x)<<((ulong64)(64-((y)&CONST64(63)))))) & CONST64(0xFFFFFFFFFFFFFFFF)) + ((x)<<(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF)) #endif @@ -412,13 +425,22 @@ static inline unsigned long ROR64c(unsigned long word, const int i) #define MIN(x, y) ( ((x)<(y))?(x):(y) ) #endif +#ifndef LTC_UNUSED_PARAM + #define LTC_UNUSED_PARAM(x) (void)(x) +#endif + /* extract a byte portably */ #ifdef _MSC_VER #define byte(x, n) ((unsigned char)((x) >> (8 * (n)))) #else #define byte(x, n) (((x) >> (8 * (n))) & 255) -#endif +#endif + +/* there is no snprintf before Visual C++ 2015 */ +#if defined(_MSC_VER) && _MSC_VER < 1900 +#define snprintf _snprintf +#endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/headers/tomcrypt_math.h b/libtomcrypt/src/headers/tomcrypt_math.h index aee6105..d8e7e36 100644 --- a/libtomcrypt/src/headers/tomcrypt_math.h +++ b/libtomcrypt/src/headers/tomcrypt_math.h @@ -1,3 +1,12 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + /** math functions **/ #define LTC_MP_LT -1 @@ -15,10 +24,19 @@ typedef void rsa_key; #endif +#ifndef LTC_MILLER_RABIN_REPS + /* Number of rounds of the Miller-Rabin test + * "Reasonable values of reps are between 15 and 50." c.f. gmp doc of mpz_probab_prime_p() + * As of https://security.stackexchange.com/a/4546 we should use 40 rounds */ + #define LTC_MILLER_RABIN_REPS 40 +#endif + +int radix_to_bin(const void *in, int radix, void *out, unsigned long *len); + /** math descriptor */ typedef struct { /** Name of the math provider */ - char *name; + const char *name; /** Bits per digit, amount of bits must fit in an unsigned long */ int bits_per_digit; @@ -30,15 +48,15 @@ typedef struct { @return CRYPT_OK on success */ int (*init)(void **a); - - /** init copy + + /** init copy @param dst The number to initialize and write to @param src The number to copy from @return CRYPT_OK on success */ int (*init_copy)(void **dst, void *src); - /** deinit + /** deinit @param a The number to free @return CRYPT_OK on success */ @@ -52,35 +70,36 @@ typedef struct { @return CRYPT_OK on success */ int (*neg)(void *src, void *dst); - - /** copy + + /** copy @param src The number to copy from - @param dst The number to write to + @param dst The number to write to @return CRYPT_OK on success */ int (*copy)(void *src, void *dst); /* ---- trivial low level functions ---- */ - /** set small constant + /** set small constant @param a Number to write to - @param n Source upto bits_per_digit (actually meant for very small constants) - @return CRYPT_OK on succcess + @param n Source upto bits_per_digit (actually meant for very small constants) + @return CRYPT_OK on success */ - int (*set_int)(void *a, unsigned long n); + int (*set_int)(void *a, ltc_mp_digit n); - /** get small constant - @param a Number to read, only fetches upto bits_per_digit from the number - @return The lower bits_per_digit of the integer (unsigned) + /** get small constant + @param a Small number to read, + only fetches up to bits_per_digit from the number + @return The lower bits_per_digit of the integer (unsigned) */ unsigned long (*get_int)(void *a); - /** get digit n + /** get digit n @param a The number to read from @param n The number of the digit to fetch @return The bits_per_digit sized n'th digit of a */ - unsigned long (*get_digit)(void *a, int n); + ltc_mp_digit (*get_digit)(void *a, int n); /** Get the number of digits that represent the number @param a The number to count @@ -91,16 +110,20 @@ typedef struct { /** compare two integers @param a The left side integer @param b The right side integer - @return LTC_MP_LT if a < b, LTC_MP_GT if a > b and LTC_MP_EQ otherwise. (signed comparison) + @return LTC_MP_LT if a < b, + LTC_MP_GT if a > b and + LTC_MP_EQ otherwise. (signed comparison) */ int (*compare)(void *a, void *b); - /** compare against int + /** compare against int @param a The left side integer @param b The right side integer (upto bits_per_digit) - @return LTC_MP_LT if a < b, LTC_MP_GT if a > b and LTC_MP_EQ otherwise. (signed comparison) + @return LTC_MP_LT if a < b, + LTC_MP_GT if a > b and + LTC_MP_EQ otherwise. (signed comparison) */ - int (*compare_d)(void *a, unsigned long n); + int (*compare_d)(void *a, ltc_mp_digit n); /** Count the number of bits used to represent the integer @param a The integer to count @@ -108,7 +131,7 @@ typedef struct { */ int (*count_bits)(void * a); - /** Count the number of LSB bits which are zero + /** Count the number of LSB bits which are zero @param a The integer to count @return The number of contiguous zero LSB bits */ @@ -122,8 +145,8 @@ typedef struct { int (*twoexpt)(void *a , int n); /* ---- radix conversions ---- */ - - /** read ascii string + + /** read ascii string @param a The integer to store into @param str The string to read @param radix The radix the integer has been represented in (2-64) @@ -139,13 +162,13 @@ typedef struct { */ int (*write_radix)(void *a, char *str, int radix); - /** get size as unsigned char string - @param a The integer to get the size (when stored in array of octets) - @return The length of the integer + /** get size as unsigned char string + @param a The integer to get the size (when stored in array of octets) + @return The length of the integer in octets */ unsigned long (*unsigned_size)(void *a); - /** store an integer as an array of octets + /** store an integer as an array of octets @param src The integer to store @param dst The buffer to store the integer in @return CRYPT_OK on success @@ -154,15 +177,17 @@ typedef struct { /** read an array of octets and store as integer @param dst The integer to load - @param src The array of octets - @param len The number of octets + @param src The array of octets + @param len The number of octets @return CRYPT_OK on success */ - int (*unsigned_read)(void *dst, unsigned char *src, unsigned long len); + int (*unsigned_read)( void *dst, + unsigned char *src, + unsigned long len); /* ---- basic math ---- */ - /** add two integers + /** add two integers @param a The first source integer @param b The second source integer @param c The destination of "a + b" @@ -170,16 +195,16 @@ typedef struct { */ int (*add)(void *a, void *b, void *c); - - /** add two integers + /** add two integers @param a The first source integer - @param b The second source integer (single digit of upto bits_per_digit in length) + @param b The second source integer + (single digit of upto bits_per_digit in length) @param c The destination of "a + b" @return CRYPT_OK on success */ - int (*addi)(void *a, unsigned long b, void *c); + int (*addi)(void *a, ltc_mp_digit b, void *c); - /** subtract two integers + /** subtract two integers @param a The first source integer @param b The second source integer @param c The destination of "a - b" @@ -187,29 +212,32 @@ typedef struct { */ int (*sub)(void *a, void *b, void *c); - /** subtract two integers + /** subtract two integers @param a The first source integer - @param b The second source integer (single digit of upto bits_per_digit in length) + @param b The second source integer + (single digit of upto bits_per_digit in length) @param c The destination of "a - b" @return CRYPT_OK on success */ - int (*subi)(void *a, unsigned long b, void *c); + int (*subi)(void *a, ltc_mp_digit b, void *c); - /** multiply two integers + /** multiply two integers @param a The first source integer - @param b The second source integer (single digit of upto bits_per_digit in length) + @param b The second source integer + (single digit of upto bits_per_digit in length) @param c The destination of "a * b" @return CRYPT_OK on success */ int (*mul)(void *a, void *b, void *c); - /** multiply two integers + /** multiply two integers @param a The first source integer - @param b The second source integer (single digit of upto bits_per_digit in length) + @param b The second source integer + (single digit of upto bits_per_digit in length) @param c The destination of "a * b" @return CRYPT_OK on success */ - int (*muli)(void *a, unsigned long b, void *c); + int (*muli)(void *a, ltc_mp_digit b, void *c); /** Square an integer @param a The integer to square @@ -227,9 +255,9 @@ typedef struct { */ int (*mpdiv)(void *a, void *b, void *c, void *d); - /** divide by two + /** divide by two @param a The integer to divide (shift right) - @param b The destination + @param b The destination @return CRYPT_OK on success */ int (*div_2)(void *a, void *b); @@ -240,9 +268,9 @@ typedef struct { @param c The destination for the residue @return CRYPT_OK on success */ - int (*modi)(void *a, unsigned long b, unsigned long *c); + int (*modi)(void *a, ltc_mp_digit b, ltc_mp_digit *c); - /** gcd + /** gcd @param a The first integer @param b The second integer @param c The destination for (a, b) @@ -250,7 +278,7 @@ typedef struct { */ int (*gcd)(void *a, void *b, void *c); - /** lcm + /** lcm @param a The first integer @param b The second integer @param c The destination for [a, b] @@ -260,7 +288,7 @@ typedef struct { /** Modular multiplication @param a The first source - @param b The second source + @param b The second source @param c The modulus @param d The destination (a*b mod c) @return CRYPT_OK on success @@ -277,7 +305,7 @@ typedef struct { /** Modular inversion @param a The value to invert - @param b The modulus + @param b The modulus @param c The destination (1/a mod b) @return CRYPT_OK on success */ @@ -285,14 +313,14 @@ typedef struct { /* ---- reduction ---- */ - /** setup montgomery - @param a The modulus - @param b The destination for the reduction digit + /** setup Montgomery + @param a The modulus + @param b The destination for the reduction digit @return CRYPT_OK on success */ int (*montgomery_setup)(void *a, void **b); - /** get normalization value + /** get normalization value @param a The destination for the normalization value @param b The modulus @return CRYPT_OK on success @@ -310,7 +338,7 @@ typedef struct { /** clean up (frees memory) @param a The value "b" from montgomery_setup() @return CRYPT_OK on success - */ + */ void (*montgomery_deinit)(void *a); /* ---- exponentiation ---- */ @@ -326,24 +354,30 @@ typedef struct { /** Primality testing @param a The integer to test - @param b The destination of the result (FP_YES if prime) + @param b The number of Miller-Rabin tests that shall be executed + @param c The destination of the result (FP_YES if prime) @return CRYPT_OK on success */ - int (*isprime)(void *a, int *b); + int (*isprime)(void *a, int b, int *c); /* ---- (optional) ecc point math ---- */ /** ECC GF(p) point multiplication (from the NIST curves) @param k The integer to multiply the point by @param G The point to multiply - @param R The destination for kG + @param R The destination for kG @param modulus The modulus for the field - @param map Boolean indicated whether to map back to affine or not (can be ignored if you work in affine only) + @param map Boolean indicated whether to map back to affine or not + (can be ignored if you work in affine only) @return CRYPT_OK on success */ - int (*ecc_ptmul)(void *k, ecc_point *G, ecc_point *R, void *modulus, int map); + int (*ecc_ptmul)( void *k, + ecc_point *G, + ecc_point *R, + void *modulus, + int map); - /** ECC GF(p) point addition + /** ECC GF(p) point addition @param P The first point @param Q The second point @param R The destination of P + Q @@ -351,24 +385,33 @@ typedef struct { @param mp The "b" value from montgomery_setup() @return CRYPT_OK on success */ - int (*ecc_ptadd)(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp); + int (*ecc_ptadd)(ecc_point *P, + ecc_point *Q, + ecc_point *R, + void *modulus, + void *mp); - /** ECC GF(p) point double + /** ECC GF(p) point double @param P The first point @param R The destination of 2P @param modulus The modulus @param mp The "b" value from montgomery_setup() @return CRYPT_OK on success */ - int (*ecc_ptdbl)(ecc_point *P, ecc_point *R, void *modulus, void *mp); + int (*ecc_ptdbl)(ecc_point *P, + ecc_point *R, + void *modulus, + void *mp); - /** ECC mapping from projective to affine, currently uses (x,y,z) => (x/z^2, y/z^3, 1) + /** ECC mapping from projective to affine, + currently uses (x,y,z) => (x/z^2, y/z^3, 1) @param P The point to map @param modulus The modulus @param mp The "b" value from montgomery_setup() @return CRYPT_OK on success - @remark The mapping can be different but keep in mind a ecc_point only has three - integers (x,y,z) so if you use a different mapping you have to make it fit. + @remark The mapping can be different but keep in mind a + ecc_point only has three integers (x,y,z) so if + you use a different mapping you have to make it fit. */ int (*ecc_map)(ecc_point *P, void *modulus, void *mp); @@ -377,10 +420,10 @@ typedef struct { @param kA What to multiple A by @param B Second point to multiply @param kB What to multiple B by - @param C [out] Destination point (can overlap with A or B - @param modulus Modulus for curve + @param C [out] Destination point (can overlap with A or B) + @param modulus Modulus for curve @return CRYPT_OK on success - */ + */ int (*ecc_mul2add)(ecc_point *A, void *kA, ecc_point *B, void *kB, ecc_point *C, @@ -388,35 +431,70 @@ typedef struct { /* ---- (optional) rsa optimized math (for internal CRT) ---- */ - /** RSA Key Generation + /** RSA Key Generation @param prng An active PRNG state @param wprng The index of the PRNG desired - @param size The size of the modulus (key size) desired (octets) - @param e The "e" value (public key). e==65537 is a good choice + @param size The size of the key in octets + @param e The "e" value (public key). + e==65537 is a good choice @param key [out] Destination of a newly created private key pair @return CRYPT_OK if successful, upon error all allocated ram is freed */ - int (*rsa_keygen)(prng_state *prng, int wprng, int size, long e, rsa_key *key); - + int (*rsa_keygen)(prng_state *prng, + int wprng, + int size, + long e, + rsa_key *key); /** RSA exponentiation @param in The octet array representing the base @param inlen The length of the input @param out The destination (to be stored in an octet array format) - @param outlen The length of the output buffer and the resulting size (zero padded to the size of the modulus) + @param outlen The length of the output buffer and the resulting size + (zero padded to the size of the modulus) @param which PK_PUBLIC for public RSA and PK_PRIVATE for private RSA - @param key The RSA key to use + @param key The RSA key to use @return CRYPT_OK on success */ int (*rsa_me)(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, int which, rsa_key *key); + +/* ---- basic math continued ---- */ + + /** Modular addition + @param a The first source + @param b The second source + @param c The modulus + @param d The destination (a + b mod c) + @return CRYPT_OK on success + */ + int (*addmod)(void *a, void *b, void *c, void *d); + + /** Modular substraction + @param a The first source + @param b The second source + @param c The modulus + @param d The destination (a - b mod c) + @return CRYPT_OK on success + */ + int (*submod)(void *a, void *b, void *c, void *d); + +/* ---- misc stuff ---- */ + + /** Make a pseudo-random mpi + @param a The mpi to make random + @param size The desired length + @return CRYPT_OK on success + */ + int (*rand)(void *a, int size); } ltc_math_descriptor; extern ltc_math_descriptor ltc_mp; int ltc_init_multi(void **a, ...); void ltc_deinit_multi(void *a, ...); +void ltc_cleanup_multi(void **a, ...); #ifdef LTM_DESC extern const ltc_math_descriptor ltm_desc; @@ -439,6 +517,7 @@ extern const ltc_math_descriptor gmp_desc; #define mp_init_multi ltc_init_multi #define mp_clear(a) ltc_mp.deinit(a) #define mp_clear_multi ltc_deinit_multi +#define mp_cleanup_multi ltc_cleanup_multi #define mp_init_copy(a, b) ltc_mp.init_copy(a, b) #define mp_neg(a, b) ltc_mp.neg(a, b) @@ -475,6 +554,8 @@ extern const ltc_math_descriptor gmp_desc; #define mp_gcd(a, b, c) ltc_mp.gcd(a, b, c) #define mp_lcm(a, b, c) ltc_mp.lcm(a, b, c) +#define mp_addmod(a, b, c, d) ltc_mp.addmod(a, b, c, d) +#define mp_submod(a, b, c, d) ltc_mp.submod(a, b, c, d) #define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) #define mp_sqrmod(a, b, c) ltc_mp.sqrmod(a, b, c) #define mp_invmod(a, b, c) ltc_mp.invmod(a, b, c) @@ -485,16 +566,18 @@ extern const ltc_math_descriptor gmp_desc; #define mp_montgomery_free(a) ltc_mp.montgomery_deinit(a) #define mp_exptmod(a,b,c,d) ltc_mp.exptmod(a,b,c,d) -#define mp_prime_is_prime(a, b, c) ltc_mp.isprime(a, c) +#define mp_prime_is_prime(a, b, c) ltc_mp.isprime(a, b, c) #define mp_iszero(a) (mp_cmp_d(a, 0) == LTC_MP_EQ ? LTC_MP_YES : LTC_MP_NO) #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) -#define mp_exch(a, b) do { void *ABC__tmp = a; a = b; b = ABC__tmp; } while(0); +#define mp_exch(a, b) do { void *ABC__tmp = a; a = b; b = ABC__tmp; } while(0) #define mp_tohex(a, b) mp_toradix(a, b, 16) +#define mp_rand(a, b) ltc_mp.rand(a, b) + #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/headers/tomcrypt_misc.h b/libtomcrypt/src/headers/tomcrypt_misc.h index 239ad77..f21f30b 100644 --- a/libtomcrypt/src/headers/tomcrypt_misc.h +++ b/libtomcrypt/src/headers/tomcrypt_misc.h @@ -1,14 +1,61 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + /* ---- LTC_BASE64 Routines ---- */ #ifdef LTC_BASE64 -int base64_encode(const unsigned char *in, unsigned long len, +int base64_encode(const unsigned char *in, unsigned long len, + unsigned char *out, unsigned long *outlen); + +int base64_decode(const unsigned char *in, unsigned long len, + unsigned char *out, unsigned long *outlen); +int base64_strict_decode(const unsigned char *in, unsigned long len, + unsigned char *out, unsigned long *outlen); +#endif + +#ifdef LTC_BASE64_URL +int base64url_encode(const unsigned char *in, unsigned long len, + unsigned char *out, unsigned long *outlen); +int base64url_strict_encode(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); -int base64_decode(const unsigned char *in, unsigned long len, +int base64url_decode(const unsigned char *in, unsigned long len, + unsigned char *out, unsigned long *outlen); +int base64url_strict_decode(const unsigned char *in, unsigned long len, unsigned char *out, unsigned long *outlen); #endif +/* ===> LTC_HKDF -- RFC5869 HMAC-based Key Derivation Function <=== */ +#ifdef LTC_HKDF + +int hkdf_test(void); + +int hkdf_extract(int hash_idx, + const unsigned char *salt, unsigned long saltlen, + const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen); + +int hkdf_expand(int hash_idx, + const unsigned char *info, unsigned long infolen, + const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long outlen); + +int hkdf(int hash_idx, + const unsigned char *salt, unsigned long saltlen, + const unsigned char *info, unsigned long infolen, + const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long outlen); + +#endif /* LTC_HKDF */ + /* ---- MEM routines ---- */ -void zeromem(void *dst, size_t len); +int mem_neq(const void *a, const void *b, size_t len); +void zeromem(volatile void *dst, size_t len); void burn_stack(unsigned long len); const char *error_to_string(int err); @@ -18,6 +65,49 @@ extern const char *crypt_build_settings; /* ---- HMM ---- */ int crypt_fsa(void *mp, ...); -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ---- Dynamic language support ---- */ +int crypt_get_constant(const char* namein, int *valueout); +int crypt_list_all_constants(char *names_list, unsigned int *names_list_size); + +int crypt_get_size(const char* namein, unsigned int *sizeout); +int crypt_list_all_sizes(char *names_list, unsigned int *names_list_size); + +#ifdef LTM_DESC +void init_LTM(void); +#endif +#ifdef TFM_DESC +void init_TFM(void); +#endif +#ifdef GMP_DESC +void init_GMP(void); +#endif + +#ifdef LTC_ADLER32 +typedef struct adler32_state_s +{ + unsigned short s[2]; +} adler32_state; + +void adler32_init(adler32_state *ctx); +void adler32_update(adler32_state *ctx, const unsigned char *input, unsigned long length); +void adler32_finish(adler32_state *ctx, void *hash, unsigned long size); +int adler32_test(void); +#endif + +#ifdef LTC_CRC32 +typedef struct crc32_state_s +{ + ulong32 crc; +} crc32_state; + +void crc32_init(crc32_state *ctx); +void crc32_update(crc32_state *ctx, const unsigned char *input, unsigned long length); +void crc32_finish(crc32_state *ctx, void *hash, unsigned long size); +int crc32_test(void); +#endif + +int compare_testvector(const void* is, const unsigned long is_len, const void* should, const unsigned long should_len, const char* what, int which); + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/headers/tomcrypt_pk.h b/libtomcrypt/src/headers/tomcrypt_pk.h index cc05f6c..4ea6f88 100644 --- a/libtomcrypt/src/headers/tomcrypt_pk.h +++ b/libtomcrypt/src/headers/tomcrypt_pk.h @@ -1,3 +1,12 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + /* ---- NUMBER THEORY ---- */ enum { @@ -5,59 +14,82 @@ enum { PK_PRIVATE=1 }; +/* Indicates standard output formats that can be read e.g. by OpenSSL or GnuTLS */ +#define PK_STD 0x1000 + int rand_prime(void *N, long len, prng_state *prng, int wprng); +#ifdef LTC_SOURCE +/* internal helper functions */ +int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng); +int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng); + +enum public_key_algorithms { + PKA_RSA, + PKA_DSA +}; + +typedef struct Oid { + unsigned long OID[16]; + /** Number of OID digits in use */ + unsigned long OIDlen; +} oid_st; + +int pk_get_oid(int pk, oid_st *st); +#endif /* LTC_SOURCE */ + /* ---- RSA ---- */ #ifdef LTC_MRSA -/* Min and Max RSA key sizes (in bits) */ -#define MIN_RSA_SIZE 1024 -#define MAX_RSA_SIZE 4096 - -/** RSA LTC_PKCS style key */ +/** RSA PKCS style key */ typedef struct Rsa_key { /** Type of key, PK_PRIVATE or PK_PUBLIC */ int type; /** The public exponent */ - void *e; + void *e; /** The private exponent */ - void *d; + void *d; /** The modulus */ - void *N; + void *N; /** The p factor of N */ - void *p; + void *p; /** The q factor of N */ - void *q; + void *q; /** The 1/q mod p CRT param */ - void *qP; + void *qP; /** The d mod (p - 1) CRT param */ - void *dP; + void *dP; /** The d mod (q - 1) CRT param */ void *dQ; } rsa_key; int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key); +int rsa_get_size(rsa_key *key); + int rsa_exptmod(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, int which, rsa_key *key); void rsa_free(rsa_key *key); -/* These use LTC_PKCS #1 v2.0 padding */ +/* These use PKCS #1 v2.0 padding */ #define rsa_encrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, _key) \ - rsa_encrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, LTC_LTC_PKCS_1_OAEP, _key) + rsa_encrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, LTC_PKCS_1_OAEP, _key) #define rsa_decrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, _stat, _key) \ - rsa_decrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, LTC_LTC_PKCS_1_OAEP, _stat, _key) + rsa_decrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, LTC_PKCS_1_OAEP, _stat, _key) #define rsa_sign_hash(_in, _inlen, _out, _outlen, _prng, _prng_idx, _hash_idx, _saltlen, _key) \ - rsa_sign_hash_ex(_in, _inlen, _out, _outlen, LTC_LTC_PKCS_1_PSS, _prng, _prng_idx, _hash_idx, _saltlen, _key) + rsa_sign_hash_ex(_in, _inlen, _out, _outlen, LTC_PKCS_1_PSS, _prng, _prng_idx, _hash_idx, _saltlen, _key) #define rsa_verify_hash(_sig, _siglen, _hash, _hashlen, _hash_idx, _saltlen, _stat, _key) \ - rsa_verify_hash_ex(_sig, _siglen, _hash, _hashlen, LTC_LTC_PKCS_1_PSS, _hash_idx, _saltlen, _stat, _key) + rsa_verify_hash_ex(_sig, _siglen, _hash, _hashlen, LTC_PKCS_1_PSS, _hash_idx, _saltlen, _stat, _key) + +#define rsa_sign_saltlen_get_max(_hash_idx, _key) \ + rsa_sign_saltlen_get_max_ex(LTC_PKCS_1_PSS, _hash_idx, _key) -/* These can be switched between LTC_PKCS #1 v2.x and LTC_PKCS #1 v1.5 paddings */ +/* These can be switched between PKCS #1 v2.x and PKCS #1 v1.5 paddings */ int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, const unsigned char *lparam, unsigned long lparamlen, @@ -82,35 +114,52 @@ int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, int hash_idx, unsigned long saltlen, int *stat, rsa_key *key); -/* LTC_PKCS #1 import/export */ +int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, rsa_key *key); + +/* PKCS #1 import/export */ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key); int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); - + +int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key); +int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, + const void *passwd, unsigned long passwdlen, rsa_key *key); + +int rsa_set_key(const unsigned char *N, unsigned long Nlen, + const unsigned char *e, unsigned long elen, + const unsigned char *d, unsigned long dlen, + rsa_key *key); +int rsa_set_factors(const unsigned char *p, unsigned long plen, + const unsigned char *q, unsigned long qlen, + rsa_key *key); +int rsa_set_crt_params(const unsigned char *dP, unsigned long dPlen, + const unsigned char *dQ, unsigned long dQlen, + const unsigned char *qP, unsigned long qPlen, + rsa_key *key); #endif /* ---- Katja ---- */ -#ifdef MKAT +#ifdef LTC_MKAT /* Min and Max KAT key sizes (in bits) */ #define MIN_KAT_SIZE 1024 #define MAX_KAT_SIZE 4096 -/** Katja LTC_PKCS style key */ +/** Katja PKCS style key */ typedef struct KAT_key { /** Type of key, PK_PRIVATE or PK_PUBLIC */ int type; /** The private exponent */ - void *d; + void *d; /** The modulus */ - void *N; + void *N; /** The p factor of N */ - void *p; + void *p; /** The q factor of N */ - void *q; + void *q; /** The 1/q mod p CRT param */ - void *qP; + void *qP; /** The d mod (p - 1) CRT param */ - void *dP; + void *dP; /** The d mod (q - 1) CRT param */ void *dQ; /** The pq param */ @@ -125,24 +174,71 @@ int katja_exptmod(const unsigned char *in, unsigned long inlen, void katja_free(katja_key *key); -/* These use LTC_PKCS #1 v2.0 padding */ +/* These use PKCS #1 v2.0 padding */ int katja_encrypt_key(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, const unsigned char *lparam, unsigned long lparamlen, prng_state *prng, int prng_idx, int hash_idx, katja_key *key); - + int katja_decrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, + unsigned char *out, unsigned long *outlen, const unsigned char *lparam, unsigned long lparamlen, int hash_idx, int *stat, katja_key *key); -/* LTC_PKCS #1 import/export */ +/* PKCS #1 import/export */ int katja_export(unsigned char *out, unsigned long *outlen, int type, katja_key *key); int katja_import(const unsigned char *in, unsigned long inlen, katja_key *key); - + #endif +/* ---- DH Routines ---- */ +#ifdef LTC_MDH + +typedef struct { + int type; + void *x; + void *y; + void *base; + void *prime; +} dh_key; + +int dh_get_groupsize(dh_key *key); + +int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key); +int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key); + +int dh_set_pg(const unsigned char *p, unsigned long plen, + const unsigned char *g, unsigned long glen, + dh_key *key); +int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh_key *key); +int dh_set_pg_groupsize(int groupsize, dh_key *key); + +int dh_set_key(const unsigned char *in, unsigned long inlen, int type, dh_key *key); +int dh_generate_key(prng_state *prng, int wprng, dh_key *key); + +int dh_shared_secret(dh_key *private_key, dh_key *public_key, + unsigned char *out, unsigned long *outlen); + +void dh_free(dh_key *key); + +int dh_export_key(void *out, unsigned long *outlen, int type, dh_key *key); + +#ifdef LTC_SOURCE +typedef struct { + int size; + const char *name, *base, *prime; +} ltc_dh_set_type; + +extern const ltc_dh_set_type ltc_dh_sets[]; + +/* internal helper functions */ +int dh_check_pubkey(dh_key *key); +#endif + +#endif /* LTC_MDH */ + + /* ---- ECC Routines ---- */ #ifdef LTC_MECC @@ -158,22 +254,22 @@ typedef struct { int size; /** name of curve */ - char *name; + const char *name; /** The prime that defines the field the curve is in (encoded in hex) */ - char *prime; + const char *prime; /** The fields B param (hex) */ - char *B; + const char *B; /** The order of the curve (hex) */ - char *order; - + const char *order; + /** The x co-ordinate of the base point on the curve (hex) */ - char *Gx; - + const char *Gx; + /** The y co-ordinate of the base point on the curve (hex) */ - char *Gy; + const char *Gy; } ltc_ecc_set_type; /** A point on a ECC curve, stored in Jacbobian format such that (x,y,z) => (x/z^2, y/z^3, 1) when interpretted as affine */ @@ -196,8 +292,8 @@ typedef struct { /** Index into the ltc_ecc_sets[] for the parameters of this curve; if -1, then this key is using user supplied curve in dp */ int idx; - /** pointer to domain parameters; either points to NIST curves (identified by idx >= 0) or user supplied curve */ - const ltc_ecc_set_type *dp; + /** pointer to domain parameters; either points to NIST curves (identified by idx >= 0) or user supplied curve */ + const ltc_ecc_set_type *dp; /** The public key */ ecc_point pubkey; @@ -225,24 +321,32 @@ int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *key); int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, ltc_ecc_set_type *dp); -int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key, +int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key, unsigned char *out, unsigned long *outlen); int ecc_encrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, int hash, + unsigned char *out, unsigned long *outlen, + prng_state *prng, int wprng, int hash, ecc_key *key); int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, + unsigned char *out, unsigned long *outlen, ecc_key *key); -int ecc_sign_hash(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, +int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + prng_state *prng, int wprng, ecc_key *key); + +int ecc_sign_hash(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, prng_state *prng, int wprng, ecc_key *key); +int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen, + const unsigned char *hash, unsigned long hashlen, + int *stat, ecc_key *key); + int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, + const unsigned char *hash, unsigned long hashlen, int *stat, ecc_key *key); /* low level functions */ @@ -251,7 +355,7 @@ void ltc_ecc_del_point(ecc_point *p); int ltc_ecc_is_valid_idx(int n); /* point ops (mp == montgomery digit) */ -#if !defined(LTC_MECC_ACCEL) || defined(LTM_LTC_DESC) || defined(GMP_LTC_DESC) +#if !defined(LTC_MECC_ACCEL) || defined(LTM_DESC) || defined(GMP_DESC) /* R = 2P */ int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *mp); @@ -309,7 +413,7 @@ int ltc_ecc_map(ecc_point *P, void *modulus, void *mp); /** DSA key structure */ typedef struct { /** The key type, PK_PRIVATE or PK_PUBLIC */ - int type; + int type; /** The order of the sub-group used in octets */ int qord; @@ -331,6 +435,17 @@ typedef struct { } dsa_key; int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key); + +int dsa_set_pqg(const unsigned char *p, unsigned long plen, + const unsigned char *q, unsigned long qlen, + const unsigned char *g, unsigned long glen, + dsa_key *key); +int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamlen, dsa_key *key); +int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key); + +int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key *key); +int dsa_generate_key(prng_state *prng, int wprng, dsa_key *key); + void dsa_free(dsa_key *key); int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, @@ -342,26 +457,31 @@ int dsa_sign_hash(const unsigned char *in, unsigned long inlen, prng_state *prng, int wprng, dsa_key *key); int dsa_verify_hash_raw( void *r, void *s, - const unsigned char *hash, unsigned long hashlen, + const unsigned char *hash, unsigned long hashlen, int *stat, dsa_key *key); int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, + const unsigned char *hash, unsigned long hashlen, int *stat, dsa_key *key); int dsa_encrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, int hash, + unsigned char *out, unsigned long *outlen, + prng_state *prng, int wprng, int hash, dsa_key *key); - + int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, + unsigned char *out, unsigned long *outlen, dsa_key *key); - + int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key); int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key); int dsa_verify_key(dsa_key *key, int *stat); - +#ifdef LTC_SOURCE +/* internal helper functions */ +int dsa_int_validate_xy(dsa_key *key, int *stat); +int dsa_int_validate_pqg(dsa_key *key, int *stat); +int dsa_int_validate_primes(dsa_key *key, int *stat); +#endif int dsa_shared_secret(void *private_key, void *base, dsa_key *public_key, unsigned char *out, unsigned long *outlen); @@ -370,29 +490,39 @@ int dsa_shared_secret(void *private_key, void *base, #ifdef LTC_DER /* DER handling */ -enum { +typedef enum ltc_asn1_type_ { + /* 0 */ LTC_ASN1_EOL, LTC_ASN1_BOOLEAN, LTC_ASN1_INTEGER, LTC_ASN1_SHORT_INTEGER, LTC_ASN1_BIT_STRING, + /* 5 */ LTC_ASN1_OCTET_STRING, LTC_ASN1_NULL, LTC_ASN1_OBJECT_IDENTIFIER, LTC_ASN1_IA5_STRING, LTC_ASN1_PRINTABLE_STRING, + /* 10 */ LTC_ASN1_UTF8_STRING, LTC_ASN1_UTCTIME, LTC_ASN1_CHOICE, LTC_ASN1_SEQUENCE, LTC_ASN1_SET, - LTC_ASN1_SETOF -}; + /* 15 */ + LTC_ASN1_SETOF, + LTC_ASN1_RAW_BIT_STRING, + LTC_ASN1_TELETEX_STRING, + LTC_ASN1_CONSTRUCTED, + LTC_ASN1_CONTEXT_SPECIFIC, + /* 20 */ + LTC_ASN1_GENERALIZEDTIME, +} ltc_asn1_type; /** A LTC ASN.1 list type */ typedef struct ltc_asn1_list_ { /** The LTC ASN.1 enumerated type identifier */ - int type; + ltc_asn1_type type; /** The data to encode or place for decoding */ void *data; /** The size of the input or resulting output */ @@ -411,22 +541,37 @@ typedef struct ltc_asn1_list_ { LTC_MACRO_list[LTC_MACRO_temp].data = (void*)(Data); \ LTC_MACRO_list[LTC_MACRO_temp].size = (Size); \ LTC_MACRO_list[LTC_MACRO_temp].used = 0; \ - } while (0); + } while (0) /* SEQUENCE */ int der_encode_sequence_ex(ltc_asn1_list *list, unsigned long inlen, unsigned char *out, unsigned long *outlen, int type_of); - -#define der_encode_sequence(list, inlen, out, outlen) der_encode_sequence_ex(list, inlen, out, outlen, LTC_ASN1_SEQUENCE) + +#define der_encode_sequence(list, inlen, out, outlen) der_encode_sequence_ex(list, inlen, out, outlen, LTC_ASN1_SEQUENCE) int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen, ltc_asn1_list *list, unsigned long outlen, int ordered); - + #define der_decode_sequence(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 1) int der_length_sequence(ltc_asn1_list *list, unsigned long inlen, unsigned long *outlen); + +#ifdef LTC_SOURCE +/* internal helper functions */ +int der_length_sequence_ex(ltc_asn1_list *list, unsigned long inlen, + unsigned long *outlen, unsigned long *payloadlen); +/* SUBJECT PUBLIC KEY INFO */ +int der_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen, + unsigned int algorithm, void* public_key, unsigned long public_key_len, + unsigned long parameters_type, void* parameters, unsigned long parameters_len); + +int der_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen, + unsigned int algorithm, void* public_key, unsigned long* public_key_len, + unsigned long parameters_type, ltc_asn1_list* parameters, unsigned long parameters_len); +#endif /* LTC_SOURCE */ + /* SET */ #define der_decode_set(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 0) #define der_length_set der_length_sequence @@ -435,22 +580,23 @@ int der_encode_set(ltc_asn1_list *list, unsigned long inlen, int der_encode_setof(ltc_asn1_list *list, unsigned long inlen, unsigned char *out, unsigned long *outlen); - + /* VA list handy helpers with triplets of <type, size, data> */ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...); int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...); /* FLEXI DECODER handle unknown list decoder */ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out); -void der_free_sequence_flexi(ltc_asn1_list *list); +#define der_free_sequence_flexi der_sequence_free void der_sequence_free(ltc_asn1_list *in); +void der_sequence_shrink(ltc_asn1_list *in); /* BOOLEAN */ int der_length_boolean(unsigned long *outlen); -int der_encode_boolean(int in, +int der_encode_boolean(int in, unsigned char *out, unsigned long *outlen); int der_decode_boolean(const unsigned char *in, unsigned long inlen, - int *out); + int *out); /* INTEGER */ int der_encode_integer(void *num, unsigned char *out, unsigned long *outlen); int der_decode_integer(const unsigned char *in, unsigned long inlen, void *num); @@ -466,6 +612,10 @@ int der_encode_bit_string(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); int der_decode_bit_string(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); +int der_encode_raw_bit_string(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen); +int der_decode_raw_bit_string(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen); int der_length_bit_string(unsigned long nbits, unsigned long *outlen); /* OCTET STRING */ @@ -493,7 +643,19 @@ int der_length_ia5_string(const unsigned char *octets, unsigned long noctets, un int der_ia5_char_encode(int c); int der_ia5_value_decode(int v); -/* Printable STRING */ +/* TELETEX STRING */ +int der_decode_teletex_string(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen); +int der_length_teletex_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen); + +#ifdef LTC_SOURCE +/* internal helper functions */ +int der_teletex_char_encode(int c); +int der_teletex_value_decode(int v); +#endif /* LTC_SOURCE */ + + +/* PRINTABLE STRING */ int der_encode_printable_string(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); int der_decode_printable_string(const unsigned char *in, unsigned long inlen, @@ -504,10 +666,17 @@ int der_printable_char_encode(int c); int der_printable_value_decode(int v); /* UTF-8 */ -#if (defined(SIZE_MAX) || __STDC_VERSION__ >= 199901L || defined(WCHAR_MAX) || defined(_WCHAR_T) || defined(_WCHAR_T_DEFINED) || defined (__WCHAR_TYPE__)) && !defined(LTC_NO_WCHAR) +#if (defined(SIZE_MAX) || __STDC_VERSION__ >= 199901L || defined(WCHAR_MAX) || defined(__WCHAR_MAX__) || defined(_WCHAR_T) || defined(_WCHAR_T_DEFINED) || defined (__WCHAR_TYPE__)) && !defined(LTC_NO_WCHAR) #include <wchar.h> +#if defined(__WCHAR_MAX__) +#define LTC_WCHAR_MAX __WCHAR_MAX__ +#elif defined(WCHAR_MAX) +#define LTC_WCHAR_MAX WCHAR_MAX +#endif +/* please note that it might happen that LTC_WCHAR_MAX is undefined */ #else typedef ulong32 wchar_t; +#define LTC_WCHAR_MAX 0xFFFFFFFF #endif int der_encode_utf8_string(const wchar_t *in, unsigned long inlen, @@ -516,6 +685,10 @@ int der_encode_utf8_string(const wchar_t *in, unsigned long inlen, int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, wchar_t *out, unsigned long *outlen); unsigned long der_utf8_charsize(const wchar_t c); +#ifdef LTC_SOURCE +/* internal helper functions */ +int der_utf8_valid_char(const wchar_t c); +#endif /* LTC_SOURCE */ int der_length_utf8_string(const wchar_t *in, unsigned long noctets, unsigned long *outlen); @@ -536,7 +709,7 @@ typedef struct { off_mm; /* timezone offset minutes */ } ltc_utctime; -int der_encode_utctime(ltc_utctime *utctime, +int der_encode_utctime(ltc_utctime *utctime, unsigned char *out, unsigned long *outlen); int der_decode_utctime(const unsigned char *in, unsigned long *inlen, @@ -544,9 +717,31 @@ int der_decode_utctime(const unsigned char *in, unsigned long *inlen, int der_length_utctime(ltc_utctime *utctime, unsigned long *outlen); +/* GeneralizedTime */ +typedef struct { + unsigned YYYY, /* year */ + MM, /* month */ + DD, /* day */ + hh, /* hour */ + mm, /* minute */ + ss, /* second */ + fs, /* fractional seconds */ + off_dir, /* timezone offset direction 0 == +, 1 == - */ + off_hh, /* timezone offset hours */ + off_mm; /* timezone offset minutes */ +} ltc_generalizedtime; + +int der_encode_generalizedtime(ltc_generalizedtime *gtime, + unsigned char *out, unsigned long *outlen); + +int der_decode_generalizedtime(const unsigned char *in, unsigned long *inlen, + ltc_generalizedtime *out); + +int der_length_generalizedtime(ltc_generalizedtime *gtime, unsigned long *outlen); + #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/headers/tomcrypt_pkcs.h b/libtomcrypt/src/headers/tomcrypt_pkcs.h index 8c8c7e4..247e538 100644 --- a/libtomcrypt/src/headers/tomcrypt_pkcs.h +++ b/libtomcrypt/src/headers/tomcrypt_pkcs.h @@ -1,19 +1,29 @@ -/* LTC_PKCS Header Info */ - -/* ===> LTC_PKCS #1 -- RSA Cryptography <=== */ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + +/* PKCS Header Info */ + +/* ===> PKCS #1 -- RSA Cryptography <=== */ #ifdef LTC_PKCS_1 enum ltc_pkcs_1_v1_5_blocks { - LTC_LTC_PKCS_1_EMSA = 1, /* Block type 1 (LTC_PKCS #1 v1.5 signature padding) */ - LTC_LTC_PKCS_1_EME = 2 /* Block type 2 (LTC_PKCS #1 v1.5 encryption padding) */ + LTC_PKCS_1_EMSA = 1, /* Block type 1 (PKCS #1 v1.5 signature padding) */ + LTC_PKCS_1_EME = 2 /* Block type 2 (PKCS #1 v1.5 encryption padding) */ }; enum ltc_pkcs_1_paddings { - LTC_LTC_PKCS_1_V1_5 = 1, /* LTC_PKCS #1 v1.5 padding (\sa ltc_pkcs_1_v1_5_blocks) */ - LTC_LTC_PKCS_1_OAEP = 2, /* LTC_PKCS #1 v2.0 encryption padding */ - LTC_LTC_PKCS_1_PSS = 3 /* LTC_PKCS #1 v2.1 signature padding */ + LTC_PKCS_1_V1_5 = 1, /* PKCS #1 v1.5 padding (\sa ltc_pkcs_1_v1_5_blocks) */ + LTC_PKCS_1_OAEP = 2, /* PKCS #1 v2.0 encryption padding */ + LTC_PKCS_1_PSS = 3, /* PKCS #1 v2.1 signature padding */ + LTC_PKCS_1_V1_5_NA1 = 4 /* PKCS #1 v1.5 padding - No ASN.1 (\sa ltc_pkcs_1_v1_5_blocks) */ }; int pkcs_1_mgf1( int hash_idx, @@ -24,20 +34,20 @@ int pkcs_1_i2osp(void *n, unsigned long modulus_len, unsigned char *out); int pkcs_1_os2ip(void *n, unsigned char *in, unsigned long inlen); /* *** v1.5 padding */ -int pkcs_1_v1_5_encode(const unsigned char *msg, +int pkcs_1_v1_5_encode(const unsigned char *msg, unsigned long msglen, int block_type, unsigned long modulus_bitlen, - prng_state *prng, + prng_state *prng, int prng_idx, - unsigned char *out, + unsigned char *out, unsigned long *outlen); -int pkcs_1_v1_5_decode(const unsigned char *msg, +int pkcs_1_v1_5_decode(const unsigned char *msg, unsigned long msglen, int block_type, unsigned long modulus_bitlen, - unsigned char *out, + unsigned char *out, unsigned long *outlen, int *is_valid); @@ -55,7 +65,7 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, int *res); int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, - unsigned long saltlen, prng_state *prng, + unsigned long saltlen, prng_state *prng, int prng_idx, int hash_idx, unsigned long modulus_bitlen, unsigned char *out, unsigned long *outlen); @@ -67,23 +77,32 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, #endif /* LTC_PKCS_1 */ -/* ===> LTC_PKCS #5 -- Password Based Cryptography <=== */ +/* ===> PKCS #5 -- Password Based Cryptography <=== */ #ifdef LTC_PKCS_5 -/* Algorithm #1 (old) */ -int pkcs_5_alg1(const unsigned char *password, unsigned long password_len, - const unsigned char *salt, +/* Algorithm #1 (PBKDF1) */ +int pkcs_5_alg1(const unsigned char *password, unsigned long password_len, + const unsigned char *salt, int iteration_count, int hash_idx, unsigned char *out, unsigned long *outlen); -/* Algorithm #2 (new) */ -int pkcs_5_alg2(const unsigned char *password, unsigned long password_len, +/* Algorithm #1 (PBKDF1) - OpenSSL-compatible variant for arbitrarily-long keys. + Compatible with EVP_BytesToKey() */ +int pkcs_5_alg1_openssl(const unsigned char *password, + unsigned long password_len, + const unsigned char *salt, + int iteration_count, int hash_idx, + unsigned char *out, unsigned long *outlen); + +/* Algorithm #2 (PBKDF2) */ +int pkcs_5_alg2(const unsigned char *password, unsigned long password_len, const unsigned char *salt, unsigned long salt_len, int iteration_count, int hash_idx, unsigned char *out, unsigned long *outlen); +int pkcs_5_test (void); #endif /* LTC_PKCS_5 */ -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/headers/tomcrypt_prng.h b/libtomcrypt/src/headers/tomcrypt_prng.h index 508159d..c516b8c 100644 --- a/libtomcrypt/src/headers/tomcrypt_prng.h +++ b/libtomcrypt/src/headers/tomcrypt_prng.h @@ -1,17 +1,32 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + /* ---- PRNG Stuff ---- */ #ifdef LTC_YARROW struct yarrow_prng { int cipher, hash; unsigned char pool[MAXBLOCKSIZE]; symmetric_CTR ctr; - LTC_MUTEX_TYPE(prng_lock) }; #endif #ifdef LTC_RC4 struct rc4_prng { - int x, y; - unsigned char buf[256]; + rc4_state s; +}; +#endif + +#ifdef LTC_CHACHA20_PRNG +struct chacha20_prng { + chacha_state s; /* chacha state */ + unsigned char ent[40]; /* entropy buffer */ + unsigned long idx; /* entropy counter */ }; #endif @@ -23,50 +38,50 @@ struct fortuna_prng { unsigned char K[32], /* the current key */ IV[16]; /* IV for CTR mode */ - + unsigned long pool_idx, /* current pool we will add to */ pool0_len, /* length of 0'th pool */ - wd; + wd; ulong64 reset_cnt; /* number of times we have reset */ - LTC_MUTEX_TYPE(prng_lock) }; #endif #ifdef LTC_SOBER128 struct sober128_prng { - ulong32 R[17], /* Working storage for the shift register */ - initR[17], /* saved register contents */ - konst, /* key dependent constant */ - sbuf; /* partial word encryption buffer */ - - int nbuf, /* number of part-word stream bits buffered */ - flag, /* first add_entropy call or not? */ - set; /* did we call add_entropy to set key? */ - + sober128_state s; /* sober128 state */ + unsigned char ent[40]; /* entropy buffer */ + unsigned long idx; /* entropy counter */ }; #endif -typedef union Prng_state { - char dummy[1]; +typedef struct { + union { + char dummy[1]; #ifdef LTC_YARROW - struct yarrow_prng yarrow; + struct yarrow_prng yarrow; #endif #ifdef LTC_RC4 - struct rc4_prng rc4; + struct rc4_prng rc4; +#endif +#ifdef LTC_CHACHA20_PRNG + struct chacha20_prng chacha; #endif #ifdef LTC_FORTUNA - struct fortuna_prng fortuna; + struct fortuna_prng fortuna; #endif #ifdef LTC_SOBER128 - struct sober128_prng sober128; + struct sober128_prng sober128; #endif + }; + short ready; /* ready flag 0-1 */ + LTC_MUTEX_TYPE(lock) /* lock */ } prng_state; /** PRNG descriptor */ extern struct ltc_prng_descriptor { /** Name of the PRNG */ - char *name; + const char *name; /** size in bytes of exported state */ int export_size; /** Start a PRNG state @@ -98,7 +113,7 @@ extern struct ltc_prng_descriptor { @return CRYPT_OK if successful */ int (*done)(prng_state *prng); - /** Export a PRNG state + /** Export a PRNG state @param out [out] The destination for the state @param outlen [in/out] The max size and resulting size of the PRNG state @param prng The PRNG to export @@ -154,6 +169,18 @@ int rc4_test(void); extern const struct ltc_prng_descriptor rc4_desc; #endif +#ifdef LTC_CHACHA20_PRNG +int chacha20_prng_start(prng_state *prng); +int chacha20_prng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); +int chacha20_prng_ready(prng_state *prng); +unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_state *prng); +int chacha20_prng_done(prng_state *prng); +int chacha20_prng_export(unsigned char *out, unsigned long *outlen, prng_state *prng); +int chacha20_prng_import(const unsigned char *in, unsigned long inlen, prng_state *prng); +int chacha20_prng_test(void); +extern const struct ltc_prng_descriptor chacha20_prng_desc; +#endif + #ifdef LTC_SPRNG int sprng_start(prng_state *prng); int sprng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); @@ -181,19 +208,25 @@ extern const struct ltc_prng_descriptor sober128_desc; int find_prng(const char *name); int register_prng(const struct ltc_prng_descriptor *prng); int unregister_prng(const struct ltc_prng_descriptor *prng); +int register_all_prngs(void); int prng_is_valid(int idx); LTC_MUTEX_PROTO(ltc_prng_mutex) /* Slow RNG you **might** be able to use to seed a PRNG with. Be careful as this * might not work on all platforms as planned */ -unsigned long rng_get_bytes(unsigned char *out, - unsigned long outlen, +unsigned long rng_get_bytes(unsigned char *out, + unsigned long outlen, void (*callback)(void)); int rng_make_prng(int bits, int wprng, prng_state *prng, void (*callback)(void)); +#ifdef LTC_PRNG_ENABLE_LTC_RNG +extern unsigned long (*ltc_rng)(unsigned char *out, unsigned long outlen, + void (*callback)(void)); +#endif + -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ |