/* LibTomCrypt, modular cryptographic library -- Tom St Denis * * LibTomCrypt is a library that provides various cryptographic * algorithms in a highly modular and flexible manner. * * The library is free for all purposes without any express * guarantee it works. * * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" /** @file chc.c CHC support. (Tom St Denis) */ #ifdef CHC_HASH #define UNDEFED_HASH -17 /* chc settings */ static int cipher_idx=UNDEFED_HASH, /* which cipher */ cipher_blocksize; /* blocksize of cipher */ const struct ltc_hash_descriptor chc_desc = { "chc_hash", 12, 0, 0, { 0 }, 0, &chc_init, &chc_process, &chc_done, &chc_test }; /** Initialize the CHC state with a given cipher @param cipher The index of the cipher you wish to bind @return CRYPT_OK if successful */ int chc_register(int cipher) { int err, kl, idx; if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { return err; } /* will it be valid? */ kl = cipher_descriptor[cipher].block_length; /* must be >64 bit block */ if (kl <= 8) { return CRYPT_INVALID_CIPHER; } /* can we use the ideal keysize? */ if ((err = cipher_descriptor[cipher].keysize(&kl)) != CRYPT_OK) { return err; } /* we require that key size == block size be a valid choice */ if (kl != cipher_descriptor[cipher].block_length) { return CRYPT_INVALID_CIPHER; } /* determine if chc_hash has been register_hash'ed already */ if ((err = hash_is_valid(idx = find_hash("chc_hash"))) != CRYPT_OK) { return err; } /* store into descriptor */ hash_descriptor[idx].hashsize = hash_descriptor[idx].blocksize = cipher_descriptor[cipher].block_length; /* store the idx and block size */ cipher_idx = cipher; cipher_blocksize = cipher_descriptor[cipher].block_length; return CRYPT_OK; } /** Initialize the hash state @param md The hash state you wish to initialize @return CRYPT_OK if successful */ int chc_init(hash_state *md) { symmetric_key *key; unsigned char buf[MAXBLOCKSIZE]; int err; LTC_ARGCHK(md != NULL); /* is the cipher valid? */ if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) { return err; } if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) { return CRYPT_INVALID_CIPHER; } if ((key = XMALLOC(sizeof(*key))) == NULL) { return CRYPT_MEM; } /* zero key and what not */ zeromem(buf, cipher_blocksize); if ((err = cipher_descriptor[cipher_idx].setup(buf, cipher_blocksize, 0, key)) != CRYPT_OK) { XFREE(key); return err; } /* encrypt zero block */ cipher_descriptor[cipher_idx].ecb_encrypt(buf, md->chc.state, key); /* zero other members */ md->chc.length = 0; md->chc.curlen = 0; zeromem(md->chc.buf, sizeof(md->chc.buf)); XFREE(key); return CRYPT_OK; } /* key <= state T0,T1 <= block T0 <= encrypt T0 state <= state xor T0 xor T1 */ static int chc_compress(hash_state *md, unsigned char *buf) { unsigned char T[2][MAXBLOCKSIZE]; symmetric_key *key; int err, x; if ((key = XMALLOC(sizeof(*key))) == NULL) { return CRYPT_MEM; } if ((err = cipher_descriptor[cipher_idx].setup(md->chc.state, cipher_blocksize, 0, key)) != CRYPT_OK) { XFREE(key); return err; } memcpy(T[1], buf, cipher_blocksize); cipher_descriptor[cipher_idx].ecb_encrypt(buf, T[0], key); for (x = 0; x < cipher_blocksize; x++) { md->chc.state[x] ^= T[0][x] ^ T[1][x]; } XFREE(key); #ifdef LTC_CLEAN_STACK zeromem(T, sizeof(T)); zeromem(&key, sizeof(key)); #endif return CRYPT_OK; } /* function for processing blocks */ int _chc_process(hash_state * md, const unsigned char *buf, unsigned long len); HASH_PROCESS(_chc_process, chc_compress, chc, (unsigned long)cipher_blocksize) /** Process a block of memory though the hash @param md The hash state @param in The data to hash @param inlen The length of the data (octets) @return CRYPT_OK if successful */ int chc_process(hash_state * md, const unsigned char *in, unsigned long inlen) { int err; LTC_ARGCHK(md != NULL); LTC_ARGCHK(in != NULL); /* is the cipher valid? */ if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) { return err; } if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) { return CRYPT_INVALID_CIPHER; } return _chc_process(md, in, inlen); } /** Terminate the hash to get the digest @param md The hash state @param out [out] The destination of the hash (length of the block size of the block cipher) @return CRYPT_OK if successful */ int chc_done(hash_state *md, unsigned char *out) { int err; LTC_ARGCHK(md != NULL); LTC_ARGCHK(out != NULL); /* is the cipher valid? */ if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) { return err; } if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) { return CRYPT_INVALID_CIPHER; } if (md->chc.curlen >= sizeof(md->chc.buf)) { return CRYPT_INVALID_ARG; } /* increase the length of the message */ md->chc.length += md->chc.curlen * 8; /* append the '1' bit */ md->chc.buf[md->chc.curlen++] = (unsigned char)0x80; /* if the length is currently above l-8 bytes we append zeros * then compress. Then we can fall back to padding zeros and length * encoding like normal. */ if (md->chc.curlen > (unsigned long)(cipher_blocksize - 8)) { while (md->chc.curlen < (unsigned long)cipher_blocksize) { md->chc.buf[md->chc.curlen++] = (unsigned char)0; } chc_compress(md, md->chc.buf); md->chc.curlen = 0; } /* pad upto l-8 bytes of zeroes */ while (md->chc.curlen < (unsigned long)(cipher_blocksize - 8)) { md->chc.buf[md->chc.curlen++] = (unsigned char)0; } /* store length */ STORE64L(md->chc.length, md->chc.buf+(cipher_blocksize-8)); chc_compress(md, md->chc.buf); /* copy output */ XMEMCPY(out, md->chc.state, cipher_blocksize); #ifdef LTC_CLEAN_STACK zeromem(md, sizeof(hash_state)); #endif return CRYPT_OK; } /** Self-test the hash @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled */ int chc_test(void) { static const struct { unsigned char *msg, md[MAXBLOCKSIZE]; int len; } tests[] = { { (unsigned char *)"hello world", { 0xcf, 0x57, 0x9d, 0xc3, 0x0a, 0x0e, 0xea, 0x61, 0x0d, 0x54, 0x47, 0xc4, 0x3c, 0x06, 0xf5, 0x4e }, 16 } }; int x, oldhashidx, idx; unsigned char out[MAXBLOCKSIZE]; hash_state md; /* AES can be under rijndael or aes... try to find it */ if ((idx = find_cipher("aes")) == -1) { if ((idx = find_cipher("rijndael")) == -1) { return CRYPT_NOP; } } oldhashidx = cipher_idx; chc_register(idx); for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { chc_init(&md); chc_process(&md, tests[x].msg, strlen((char *)tests[x].msg)); chc_done(&md, out); if (memcmp(out, tests[x].md, tests[x].len)) { return CRYPT_FAIL_TESTVECTOR; } } if (oldhashidx != UNDEFED_HASH) { chc_register(oldhashidx); } return CRYPT_OK; } #endif /* $Source: /cvs/libtom/libtomcrypt/src/hashes/chc/chc.c,v $ */ /* $Revision: 1.3 $ */ /* $Date: 2005/05/05 14:35:58 $ */