void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) #endif { ulong32 a,b,c,d,temp; int r; LTC_ARGCHK(skey != NULL); LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LOAD32H(a,&pt[0]); LOAD32H(b,&pt[4]); LOAD32H(c,&pt[8]); LOAD32H(d,&pt[12]); #define ROUND(i) \ a ^= RC[i]; \ THETA(skey->noekeon.K, a,b,c,d); \ PI1(a,b,c,d); \ GAMMA(a,b,c,d); \ PI2(a,b,c,d); for (r = 0; r < 16; ++r) { ROUND(r); } #undef ROUND a ^= RC[16]; THETA(skey->noekeon.K, a, b, c, d); STORE32H(a,&ct[0]); STORE32H(b,&ct[4]); STORE32H(c,&ct[8]); STORE32H(d,&ct[12]); }
int kasumi_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) { ulong32 left, right, temp; int n; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(skey != NULL); LOAD32H(left, ct); LOAD32H(right, ct+4); for (n = 7; n >= 0; ) { temp = FO(right, n, skey); temp = FL(temp, n--, skey); left ^= temp; temp = FL(left, n, skey); temp = FO(temp, n--, skey); right ^= temp; } STORE32H(left, pt); STORE32H(right, pt+4); return CRYPT_OK; }
int cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) #endif { ulong32 R, L; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(skey != NULL); LOAD32H(R,&ct[0]); LOAD32H(L,&ct[4]); if (skey->cast5.keylen > 10) { R ^= FI(L, skey->cast5.K[15], skey->cast5.K[31]); L ^= FIII(R, skey->cast5.K[14], skey->cast5.K[30]); R ^= FII(L, skey->cast5.K[13], skey->cast5.K[29]); L ^= FI(R, skey->cast5.K[12], skey->cast5.K[28]); } R ^= FIII(L, skey->cast5.K[11], skey->cast5.K[27]); L ^= FII(R, skey->cast5.K[10], skey->cast5.K[26]); R ^= FI(L, skey->cast5.K[9], skey->cast5.K[25]); L ^= FIII(R, skey->cast5.K[8], skey->cast5.K[24]); R ^= FII(L, skey->cast5.K[7], skey->cast5.K[23]); L ^= FI(R, skey->cast5.K[6], skey->cast5.K[22]); R ^= FIII(L, skey->cast5.K[5], skey->cast5.K[21]); L ^= FII(R, skey->cast5.K[4], skey->cast5.K[20]); R ^= FI(L, skey->cast5.K[3], skey->cast5.K[19]); L ^= FIII(R, skey->cast5.K[2], skey->cast5.K[18]); R ^= FII(L, skey->cast5.K[1], skey->cast5.K[17]); L ^= FI(R, skey->cast5.K[0], skey->cast5.K[16]); STORE32H(L,&pt[0]); STORE32H(R,&pt[4]); return CRYPT_OK; }
int noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) #endif { ulong32 a,b,c,d, temp; int r; LTC_ARGCHK(skey != NULL); LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LOAD32H(a,&ct[0]); LOAD32H(b,&ct[4]); LOAD32H(c,&ct[8]); LOAD32H(d,&ct[12]); #define ROUND(i) \ THETA(skey->noekeon.dK, a,b,c,d); \ a ^= RC[i]; \ PI1(a,b,c,d); \ GAMMA(a,b,c,d); \ PI2(a,b,c,d); for (r = 16; r > 0; --r) { ROUND(r); } #undef ROUND THETA(skey->noekeon.dK, a,b,c,d); a ^= RC[0]; STORE32H(a,&pt[0]); STORE32H(b, &pt[4]); STORE32H(c,&pt[8]); STORE32H(d, &pt[12]); return CRYPT_OK; }
void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key) #endif { unsigned long L, R; int r; _ARGCHK(pt != NULL); _ARGCHK(ct != NULL); _ARGCHK(key != NULL); /* load it */ LOAD32H(R, &ct[0]); LOAD32H(L, &ct[4]); /* undo last keying */ R ^= key->blowfish.K[17]; L ^= key->blowfish.K[16]; /* do 16 rounds */ for (r = 15; r > 0; ) { L ^= F(R); R ^= key->blowfish.K[r--]; R ^= F(L); L ^= key->blowfish.K[r--]; L ^= F(R); R ^= key->blowfish.K[r--]; R ^= F(L); L ^= key->blowfish.K[r--]; } /* store */ STORE32H(L, &pt[0]); STORE32H(R, &pt[4]); }
void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key) { ulong32 R, L; _ARGCHK(pt != NULL); _ARGCHK(ct != NULL); _ARGCHK(key != NULL); LOAD32H(L,&pt[0]); LOAD32H(R,&pt[4]); L ^= FI(R, key->cast5.K[0], key->cast5.K[16]); R ^= FII(L, key->cast5.K[1], key->cast5.K[17]); L ^= FIII(R, key->cast5.K[2], key->cast5.K[18]); R ^= FI(L, key->cast5.K[3], key->cast5.K[19]); L ^= FII(R, key->cast5.K[4], key->cast5.K[20]); R ^= FIII(L, key->cast5.K[5], key->cast5.K[21]); L ^= FI(R, key->cast5.K[6], key->cast5.K[22]); R ^= FII(L, key->cast5.K[7], key->cast5.K[23]); L ^= FIII(R, key->cast5.K[8], key->cast5.K[24]); R ^= FI(L, key->cast5.K[9], key->cast5.K[25]); L ^= FII(R, key->cast5.K[10], key->cast5.K[26]); R ^= FIII(L, key->cast5.K[11], key->cast5.K[27]); if (key->cast5.keylen > 10) { L ^= FI(R, key->cast5.K[12], key->cast5.K[28]); R ^= FII(L, key->cast5.K[13], key->cast5.K[29]); L ^= FIII(R, key->cast5.K[14], key->cast5.K[30]); R ^= FI(L, key->cast5.K[15], key->cast5.K[31]); } STORE32H(R,&ct[0]); STORE32H(L,&ct[4]); }
/** Decrypts a block of text with multi2 @param ct The input ciphertext (8 bytes) @param pt The output plaintext (8 bytes) @param skey The key as scheduled @return CRYPT_OK if successful */ int multi2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) { ulong32 p[2]; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(skey != NULL); LOAD32H(p[0], ct); LOAD32H(p[1], ct+4); decrypt(p, skey->multi2.N, skey->multi2.uk); STORE32H(p[0], pt); STORE32H(p[1], pt+4); return CRYPT_OK; }
void csp_sha1_done(csp_sha1_state * sha1, uint8_t * out) { uint32_t i; /* Increase the length of the message */ sha1->length += sha1->curlen * 8; /* Append the '1' bit */ sha1->buf[sha1->curlen++] = 0x80; /* If the length is currently above 56 bytes we append zeros * then compress. Then we can fall back to padding zeros and length * encoding like normal. */ if (sha1->curlen > 56) { while (sha1->curlen < 64) sha1->buf[sha1->curlen++] = 0; csp_sha1_compress(sha1, sha1->buf); sha1->curlen = 0; } /* Pad up to 56 bytes of zeroes */ while (sha1->curlen < 56) sha1->buf[sha1->curlen++] = 0; /* Store length */ STORE64H(sha1->length, sha1->buf + 56); csp_sha1_compress(sha1, sha1->buf); /* Copy output */ for (i = 0; i < 5; i++) STORE32H(sha1->state[i], out + (4 * i)); }
INT blowfish_ecb_encrypt(const UCHAR *pt, UCHAR *ct, symmetric_key *skey) #endif { ULONG L, R; INT r; #ifndef __GNUC__ ULONG *S1, *S2, *S3, *S4; #endif LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(skey != NULL); #ifndef __GNUC__ S1 = skey->blowfish.S[0]; S2 = skey->blowfish.S[1]; S3 = skey->blowfish.S[2]; S4 = skey->blowfish.S[3]; #endif /* load it */ LOAD32H(L, &pt[0]); LOAD32H(R, &pt[4]); /* do 16 rounds */ for (r = 0; r < 16; ) { L ^= skey->blowfish.K[r++]; R ^= F(L); R ^= skey->blowfish.K[r++]; L ^= F(R); L ^= skey->blowfish.K[r++]; R ^= F(L); R ^= skey->blowfish.K[r++]; L ^= F(R); } /* last keying */ R ^= skey->blowfish.K[17]; L ^= skey->blowfish.K[16]; /* store */ STORE32H(R, &ct[0]); STORE32H(L, &ct[4]); return CRYPT_OK; }
int blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) #endif { ulong32 L, R; int r; #ifndef __GNUC__ ulong32 *S1, *S2, *S3, *S4; #endif LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(skey != NULL); #ifndef __GNUC__ S1 = skey->blowfish.S[0]; S2 = skey->blowfish.S[1]; S3 = skey->blowfish.S[2]; S4 = skey->blowfish.S[3]; #endif /* load it */ LOAD32H(R, &ct[0]); LOAD32H(L, &ct[4]); /* undo last keying */ R ^= skey->blowfish.K[17]; L ^= skey->blowfish.K[16]; /* do 16 rounds */ for (r = 15; r > 0; ) { L ^= F(R); R ^= skey->blowfish.K[r--]; R ^= F(L); L ^= skey->blowfish.K[r--]; L ^= F(R); R ^= skey->blowfish.K[r--]; R ^= F(L); L ^= skey->blowfish.K[r--]; } /* store */ STORE32H(L, &pt[0]); STORE32H(R, &pt[4]); return CRYPT_OK; }
void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key) #endif { ulong32 L, R; int r; #ifndef __GNUC__ ulong32 *S1, *S2, *S3, *S4; #endif _ARGCHK(pt != NULL); _ARGCHK(ct != NULL); _ARGCHK(key != NULL); #ifndef __GNUC__ S1 = key->blowfish.S[0]; S2 = key->blowfish.S[1]; S3 = key->blowfish.S[2]; S4 = key->blowfish.S[3]; #endif /* load it */ LOAD32H(L, &pt[0]); LOAD32H(R, &pt[4]); /* do 16 rounds */ for (r = 0; r < 16; ) { L ^= key->blowfish.K[r++]; R ^= F(L); R ^= key->blowfish.K[r++]; L ^= F(R); L ^= key->blowfish.K[r++]; R ^= F(L); R ^= key->blowfish.K[r++]; L ^= F(R); } /* last keying */ R ^= key->blowfish.K[17]; L ^= key->blowfish.K[16]; /* store */ STORE32H(R, &ct[0]); STORE32H(L, &ct[4]); }
static void four_rounds(pelican_state *pelmac) { ulong32 s0, s1, s2, s3, t0, t1, t2, t3; int r; LOAD32H(s0, pelmac->state ); LOAD32H(s1, pelmac->state + 4); LOAD32H(s2, pelmac->state + 8); LOAD32H(s3, pelmac->state + 12); for (r = 0; r < 4; r++) { t0 = Te0(byte(s0, 3)) ^ Te1(byte(s1, 2)) ^ Te2(byte(s2, 1)) ^ Te3(byte(s3, 0)); t1 = Te0(byte(s1, 3)) ^ Te1(byte(s2, 2)) ^ Te2(byte(s3, 1)) ^ Te3(byte(s0, 0)); t2 = Te0(byte(s2, 3)) ^ Te1(byte(s3, 2)) ^ Te2(byte(s0, 1)) ^ Te3(byte(s1, 0)); t3 = Te0(byte(s3, 3)) ^ Te1(byte(s0, 2)) ^ Te2(byte(s1, 1)) ^ Te3(byte(s2, 0)); s0 = t0; s1 = t1; s2 = t2; s3 = t3; } STORE32H(s0, pelmac->state ); STORE32H(s1, pelmac->state + 4); STORE32H(s2, pelmac->state + 8); STORE32H(s3, pelmac->state + 12); }
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Sha256Finalise // // Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After // calling this, Sha256Initialised must be used to reuse the context. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// void Sha256Finalise ( Sha256Context* Context, SHA256_HASH* Digest ) { int i; if( Context->curlen >= sizeof(Context->buf) ) { return; } // Increase the length of the message Context->length += Context->curlen * 8; // Append the '1' bit Context->buf[Context->curlen++] = (uint8_t)0x80; // if the length is currently above 56 bytes we append zeros // then compress. Then we can fall back to padding zeros and length // encoding like normal. if( Context->curlen > 56 ) { while( Context->curlen < 64 ) { Context->buf[Context->curlen++] = (uint8_t)0; } TransformFunction(Context, Context->buf); Context->curlen = 0; } // Pad up to 56 bytes of zeroes while( Context->curlen < 56 ) { Context->buf[Context->curlen++] = (uint8_t)0; } // Store length STORE64H( Context->length, Context->buf+56 ); TransformFunction( Context, Context->buf ); // Copy output for( i=0; i<8; i++ ) { STORE32H( Context->state[i], Digest->bytes+(4*i) ); } }
/** Terminate the hash to get the digest @param md The hash state @param out [out] The destination of the hash (32 bytes) @return CRYPT_OK if successful */ int sha256_done(hash_state * md, unsigned char *out) { int i; LTC_ARGCHK(md != NULL); LTC_ARGCHK(out != NULL); if (md->sha256.curlen >= sizeof(md->sha256.buf)) { return CRYPT_INVALID_ARG; } /* increase the length of the message */ md->sha256.length += md->sha256.curlen * 8; /* append the '1' bit */ md->sha256.buf[md->sha256.curlen++] = (unsigned char)0x80; /* if the length is currently above 56 bytes we append zeros * then compress. Then we can fall back to padding zeros and length * encoding like normal. */ if (md->sha256.curlen > 56) { while (md->sha256.curlen < 64) { md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; } sha256_compress(md, md->sha256.buf); md->sha256.curlen = 0; } /* pad upto 56 bytes of zeroes */ while (md->sha256.curlen < 56) { md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; } /* store length */ STORE64H(md->sha256.length, md->sha256.buf+56); sha256_compress(md, md->sha256.buf); /* copy output */ for (i = 0; i < 8; i++) { STORE32H(md->sha256.state[i], out+(4*i)); } #ifdef LTC_CLEAN_STACK zeromem(md, sizeof(hash_state)); #endif return CRYPT_OK; }
/* Checks the mac in hashbuf, for the data in readbuf. * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ static int checkmac(buffer* macbuf, buffer* sourcebuf) { unsigned char macsize; hmac_state hmac; unsigned char tempbuf[MAX_MAC_LEN]; unsigned long hashsize; int len; macsize = ses.keys->recv_algo_mac->hashsize; if (macsize == 0) { return DROPBEAR_SUCCESS; } /* calculate the mac */ if (hmac_init(&hmac, find_hash(ses.keys->recv_algo_mac->hashdesc->name), ses.keys->recvmackey, ses.keys->recv_algo_mac->keysize) != CRYPT_OK) { dropbear_exit("HMAC error"); } /* sequence number */ STORE32H(ses.recvseq, tempbuf); if (hmac_process(&hmac, tempbuf, 4) != CRYPT_OK) { dropbear_exit("HMAC error"); } buf_setpos(sourcebuf, 0); len = sourcebuf->len; if (hmac_process(&hmac, buf_getptr(sourcebuf, len), len) != CRYPT_OK) { dropbear_exit("HMAC error"); } hashsize = sizeof(tempbuf); if (hmac_done(&hmac, tempbuf, &hashsize) != CRYPT_OK) { dropbear_exit("HMAC error"); } /* compare the hash */ if (memcmp(tempbuf, buf_getptr(macbuf, macsize), macsize) != 0) { return DROPBEAR_FAILURE; } else { return DROPBEAR_SUCCESS; } }
/* Create the packet mac, and append H(seqno|clearbuf) to the output */ static void writemac(buffer * outputbuffer, buffer * clearwritebuf) { int macsize; unsigned char seqbuf[4]; unsigned long hashsize; hmac_state hmac; TRACE(("enter writemac")); macsize = ses.keys->trans_algo_mac->hashsize; if (macsize > 0) { /* calculate the mac */ if (hmac_init(&hmac, find_hash(ses.keys->trans_algo_mac->hashdesc->name), ses.keys->transmackey, ses.keys->trans_algo_mac->keysize) != CRYPT_OK) { dropbear_exit("HMAC error"); } /* sequence number */ STORE32H(ses.transseq, seqbuf); if (hmac_process(&hmac, seqbuf, 4) != CRYPT_OK) { dropbear_exit("HMAC error"); } /* the actual contents */ buf_setpos(clearwritebuf, 0); if (hmac_process(&hmac, buf_getptr(clearwritebuf, clearwritebuf->len), clearwritebuf->len) != CRYPT_OK) { dropbear_exit("HMAC error"); } hashsize = macsize; if (hmac_done(&hmac, buf_getwriteptr(outputbuffer, macsize), &hashsize) != CRYPT_OK) { dropbear_exit("HMAC error"); } buf_incrwritepos(outputbuffer, macsize); } TRACE(("leave writemac")); }
/* Terminate the hash to get the digest @param digest The destination of the hash (32 bytes) */ void SHA256::Final(unsigned char digest[HASHLEN]) { int i; ASSERT(digest != NULL); ASSERT(curlen < sizeof(buf)); /* increase the length of the message */ length += curlen * 8; /* append the '1' bit */ buf[curlen++] = static_cast<unsigned char>(0x80); /* if the length is currently above 56 bytes we append zeros * then compress. Then we can fall back to padding zeros and length * encoding like normal. */ if (curlen > 56) { while (curlen < 64) { buf[curlen++] = 0; } sha256_compress(state, buf); curlen = 0; } /* pad upto 56 bytes of zeroes */ while (curlen < 56) { buf[curlen++] = 0; } /* store length */ STORE64H(length, buf+56); sha256_compress(state, buf); /* copy output */ for (i = 0; i < 8; i++) { STORE32H(state[i], digest+(4*i)); } #ifdef LTC_CLEAN_STACK trashMemory(state, sizeof(state)); trashMemory(buf, sizeof(buf)); #endif }
/** Terminate the hash to get the digest @param md The hash state @param out [out] The destination of the hash (32 bytes) @return 0 if successful */ int sha256_done(sha256_state * md, unsigned char *out) { int i; if (md == NULL || out == NULL) return -1; if (md->curlen >= sizeof(md->buf)) return -1; /* increase the length of the message */ md->length += md->curlen * 8; /* append the '1' bit */ md->buf[md->curlen++] = (unsigned char)0x80; /* if the length is currently above 56 bytes we append zeros * then compress. Then we can fall back to padding zeros and length * encoding like normal. */ if (md->curlen > 56) { while (md->curlen < 64) { md->buf[md->curlen++] = (unsigned char)0; } sha256_compress(md, md->buf); md->curlen = 0; } /* pad upto 56 bytes of zeroes */ while (md->curlen < 56) { md->buf[md->curlen++] = (unsigned char)0; } /* store length */ STORE64H(md->length, md->buf+56); sha256_compress(md, md->buf); /* copy output */ for (i = 0; i < 8; i++) { STORE32H(md->state[i], out+(4*i)); } return 0; }
void sha1_done(hash_state * md, unsigned char *hash) { int i; _ARGCHK(md != NULL); _ARGCHK(hash != NULL); /* increase the length of the message */ md->sha1.length += md->sha1.curlen * 8; /* append the '1' bit */ md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80; /* if the length is currently above 56 bytes we append zeros * then compress. Then we can fall back to padding zeros and length * encoding like normal. */ if (md->sha1.curlen > 56) { while (md->sha1.curlen < 64) { md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; } sha1_compress(md); md->sha1.curlen = 0; } /* pad upto 56 bytes of zeroes */ while (md->sha1.curlen < 56) { md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; } /* store length */ STORE64H(md->sha1.length, md->sha1.buf+56); sha1_compress(md); /* copy output */ for (i = 0; i < 5; i++) { STORE32H(md->sha1.state[i], hash+(4*i)); } #ifdef CLEAN_STACK zeromem(md, sizeof(hash_state)); #endif }
/*** Terminate the hash to get the digest @param sha1 The hash state @param out [out] The destination of the hash (20 bytes) */ void sha1_done(struct sha1_state *sha1, unsigned char *out) { int i; // assert(sha1 != NULL); // assert(out != NULL); // assert(sha1->curlen < sizeof(sha1->buf)); /** increase the length of the message */ sha1->length += sha1->curlen * 8; /** append the '1' bit */ sha1->buf[sha1->curlen++] = (unsigned char)0x80; /** if the length is currently above 56 bytes we append zeros * then compress. Then we can fall back to padding zeros and length * encoding like normal. */ if (sha1->curlen > 56) { while (sha1->curlen < 64) { sha1->buf[sha1->curlen++] = (unsigned char)0; } sha1_compress(sha1, sha1->buf); sha1->curlen = 0; } /** pad upto 56 bytes of zeroes */ while (sha1->curlen < 56) { sha1->buf[sha1->curlen++] = (unsigned char)0; } /** store length */ STORE64H(sha1->length, sha1->buf+56); sha1_compress(sha1, sha1->buf); /** copy output */ for (i = 0; i < 5; i++) { STORE32H(sha1->state[i], out+(4*i)); } }
/** Terminate the hash to get the digest @param state The hash state @param out [out] The destination of the hash (20 bytes) @return CRYPT_OK if successful */ int sha1_done(sha1_state* state, unsigned char* out) { int i; if (state->curlen >= sizeof(state->buf)) { return CRYPT_INVALID_ARG; } /* increase the length of the message */ state->length += state->curlen * 8; /* append the '1' bit */ state->buf[state->curlen++] = (unsigned char)0x80; /* if the length is currently above 56 bytes we append zeros * then compress. Then we can fall back to padding zeros and length * encoding like normal. */ if (state->curlen > 56) { while (state->curlen < 64) { state->buf[state->curlen++] = (unsigned char)0; } sha1_compress(state, state->buf); state->curlen = 0; } /* pad upto 56 bytes of zeroes */ while (state->curlen < 56) { state->buf[state->curlen++] = (unsigned char)0; } /* store length */ STORE64H(state->length, state->buf + 56); sha1_compress(state, state->buf); /* copy output */ for (i = 0; i < 5; i++) { STORE32H(state->state[i], out + (4 * i)); } return CRYPT_OK; }
/*** Terminate the hash to get the digest @param sha1 The hash state @param out [out] The destination of the hash (20 bytes) */ void __fastcall SHA1_Done( SHA1_State *sha1, uint8_t *out) { //Increase the length of the message. sha1->Length += sha1->Curlen * 8; //Append the '1' bit. sha1->Buffer[sha1->Curlen++] = (unsigned char)0x80; /** if the length is currently above 56 bytes we append zeros * then compress. Then we can fall back to padding zeros and length * encoding like normal. */ if (sha1->Curlen > 56) { while (sha1->Curlen < 64) sha1->Buffer[sha1->Curlen++] = (unsigned char)0; SHA1_Compress(sha1, sha1->Buffer); sha1->Curlen = 0; } //Pad upto 56 bytes of zeroes. while (sha1->Curlen < 56) sha1->Buffer[sha1->Curlen++] = (unsigned char)0; //Store length. STORE64H(sha1->Length, sha1->Buffer + 56); SHA1_Compress(sha1, sha1->Buffer); //Copy output. for (size_t Index = 0;Index < 5U;++Index) STORE32H(sha1->State[Index], out + (4U * Index)); return; }
/* put a 32bit uint into the buffer, incr bufferlen & pos if required */ void buf_putint(buffer* buf, int unsigned val) { STORE32H(val, buf_getwriteptr(buf, 4)); buf_incrwritepos(buf, 4); }
/** Decrypts a block of text with AES @param ct The input ciphertext (16 bytes) @param pt The output plaintext (16 bytes) @param skey The key as scheduled @return CRYPT_OK if successful */ int rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, rijndael_key *rijndael) { unsigned long s0, s1, s2, s3, t0, t1, t2, t3, *rk; int Nr, r; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(rijndael != NULL); Nr = rijndael->Nr; rk = rijndael->dK; /* * map byte array block to cipher state * and add initial round key: */ LOAD32H(s0, ct); s0 ^= rk[0]; LOAD32H(s1, ct + 4); s1 ^= rk[1]; LOAD32H(s2, ct + 8); s2 ^= rk[2]; LOAD32H(s3, ct + 12); s3 ^= rk[3]; /* * Nr - 1 full rounds: */ r = Nr >> 1; for (;;) { t0 = Td0(byte(s0, 3)) ^ Td1(byte(s3, 2)) ^ Td2(byte(s2, 1)) ^ Td3(byte(s1, 0)) ^ rk[4]; t1 = Td0(byte(s1, 3)) ^ Td1(byte(s0, 2)) ^ Td2(byte(s3, 1)) ^ Td3(byte(s2, 0)) ^ rk[5]; t2 = Td0(byte(s2, 3)) ^ Td1(byte(s1, 2)) ^ Td2(byte(s0, 1)) ^ Td3(byte(s3, 0)) ^ rk[6]; t3 = Td0(byte(s3, 3)) ^ Td1(byte(s2, 2)) ^ Td2(byte(s1, 1)) ^ Td3(byte(s0, 0)) ^ rk[7]; rk += 8; if (--r == 0) break; s0 = Td0(byte(t0, 3)) ^ Td1(byte(t3, 2)) ^ Td2(byte(t2, 1)) ^ Td3(byte(t1, 0)) ^ rk[0]; s1 = Td0(byte(t1, 3)) ^ Td1(byte(t0, 2)) ^ Td2(byte(t3, 1)) ^ Td3(byte(t2, 0)) ^ rk[1]; s2 = Td0(byte(t2, 3)) ^ Td1(byte(t1, 2)) ^ Td2(byte(t0, 1)) ^ Td3(byte(t3, 0)) ^ rk[2]; s3 = Td0(byte(t3, 3)) ^ Td1(byte(t2, 2)) ^ Td2(byte(t1, 1)) ^ Td3(byte(t0, 0)) ^ rk[3]; } /* * apply last round and * map cipher state to byte array block: */ s0 = (Td4[byte(t0, 3)] & 0xff000000) ^ (Td4[byte(t3, 2)] & 0x00ff0000) ^ (Td4[byte(t2, 1)] & 0x0000ff00) ^ (Td4[byte(t1, 0)] & 0x000000ff) ^ rk[0]; STORE32H(s0, pt); s1 = (Td4[byte(t1, 3)] & 0xff000000) ^ (Td4[byte(t0, 2)] & 0x00ff0000) ^ (Td4[byte(t3, 1)] & 0x0000ff00) ^ (Td4[byte(t2, 0)] & 0x000000ff) ^ rk[1]; STORE32H(s1, pt + 4); s2 = (Td4[byte(t2, 3)] & 0xff000000) ^ (Td4[byte(t1, 2)] & 0x00ff0000) ^ (Td4[byte(t0, 1)] & 0x0000ff00) ^ (Td4[byte(t3, 0)] & 0x000000ff) ^ rk[2]; STORE32H(s2, pt + 8); s3 = (Td4[byte(t3, 3)] & 0xff000000) ^ (Td4[byte(t2, 2)] & 0x00ff0000) ^ (Td4[byte(t1, 1)] & 0x0000ff00) ^ (Td4[byte(t0, 0)] & 0x000000ff) ^ rk[3]; STORE32H(s3, pt + 12); return CRYPT_OK; }
/* Test store/load macros with offsets */ int store_test(void) { unsigned char buf[256]; int y; ulong32 L, L1; ulong64 LL, LL1; #ifdef LTC_FAST int x, z; #endif for (y = 0; y < 4; y++) { L = 0x12345678UL; L1 = 0; STORE32L(L, buf + y); LOAD32L(L1, buf + y); if (L1 != L) { fprintf(stderr, "\n32L failed at offset %d\n", y); return 1; } STORE32H(L, buf + y); LOAD32H(L1, buf + y); if (L1 != L) { fprintf(stderr, "\n32H failed at offset %d\n", y); return 1; } } for (y = 0; y < 8; y++) { LL = CONST64 (0x01020304050607); LL1 = 0; STORE64L(LL, buf + y); LOAD64L(LL1, buf + y); if (LL1 != LL) { fprintf(stderr, "\n64L failed at offset %d\n", y); return 1; } STORE64H(LL, buf + y); LOAD64H(LL1, buf + y); if (LL1 != LL) { fprintf(stderr, "\n64H failed at offset %d\n", y); return 1; } } /* test LTC_FAST */ #ifdef LTC_FAST y = 16; for (z = 0; z < y; z++) { /* fill y bytes with random */ yarrow_read(buf+z, y, &yarrow_prng); yarrow_read(buf+z+y, y, &yarrow_prng); /* now XOR it byte for byte */ for (x = 0; x < y; x++) { buf[2*y+z+x] = buf[z+x] ^ buf[z+y+x]; } /* now XOR it word for word */ for (x = 0; x < y; x += sizeof(LTC_FAST_TYPE)) { *((LTC_FAST_TYPE*)(&buf[3*y+z+x])) = *((LTC_FAST_TYPE*)(&buf[z+x])) ^ *((LTC_FAST_TYPE*)(&buf[z+y+x])); } if (memcmp(&buf[2*y+z], &buf[3*y+z], y)) { fprintf(stderr, "\nLTC_FAST failed at offset %d\n", z); return 1; } } #endif return 0; }
int pkcs_5_alg2(const unsigned char *password, unsigned long password_len, const unsigned char *salt, unsigned long salt_len, int iteration_count, int hash_idx, unsigned char *out, unsigned long *outlen) { int err, itts; ulong32 blkno; unsigned long stored, left, x, y; unsigned char *buf[2]; hmac_state *hmac; LTC_ARGCHK(password != NULL); LTC_ARGCHK(salt != NULL); LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); /* test hash IDX */ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { return err; } buf[0] = XMALLOC(MAXBLOCKSIZE * 2); hmac = XMALLOC(sizeof(hmac_state)); if (hmac == NULL || buf[0] == NULL) { if (hmac != NULL) { XFREE(hmac); } if (buf[0] != NULL) { XFREE(buf[0]); } return CRYPT_MEM; } /* buf[1] points to the second block of MAXBLOCKSIZE bytes */ buf[1] = buf[0] + MAXBLOCKSIZE; left = *outlen; blkno = 1; stored = 0; while (left != 0) { /* process block number blkno */ zeromem(buf[0], MAXBLOCKSIZE*2); /* store current block number and increment for next pass */ STORE32H(blkno, buf[1]); ++blkno; /* get PRF(P, S||int(blkno)) */ if ((err = hmac_init(hmac, hash_idx, password, password_len)) != CRYPT_OK) { goto LBL_ERR; } if ((err = hmac_process(hmac, salt, salt_len)) != CRYPT_OK) { goto LBL_ERR; } if ((err = hmac_process(hmac, buf[1], 4)) != CRYPT_OK) { goto LBL_ERR; } x = MAXBLOCKSIZE; if ((err = hmac_done(hmac, buf[0], &x)) != CRYPT_OK) { goto LBL_ERR; } /* now compute repeated and XOR it in buf[1] */ XMEMCPY(buf[1], buf[0], x); for (itts = 1; itts < iteration_count; ++itts) { if ((err = hmac_memory(hash_idx, password, password_len, buf[0], x, buf[0], &x)) != CRYPT_OK) { goto LBL_ERR; } for (y = 0; y < x; y++) { buf[1][y] ^= buf[0][y]; } } /* now emit upto x bytes of buf[1] to output */ for (y = 0; y < x && left != 0; ++y) { out[stored++] = buf[1][y]; --left; } } *outlen = stored; err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK zeromem(buf[0], MAXBLOCKSIZE*2); zeromem(hmac, sizeof(hmac_state)); #endif XFREE(hmac); XFREE(buf[0]); return err; }
int f8_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_F8 *f8) { int err, x; unsigned char buf[MAXBLOCKSIZE]; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(f8 != NULL); if ((err = cipher_is_valid(f8->cipher)) != CRYPT_OK) { return err; } /* is blocklen/padlen valid? */ if (f8->blocklen < 0 || f8->blocklen > (int)sizeof(f8->IV) || f8->padlen < 0 || f8->padlen > (int)sizeof(f8->IV)) { return CRYPT_INVALID_ARG; } zeromem(buf, sizeof(buf)); /* make sure the pad is empty */ if (f8->padlen == f8->blocklen) { /* xor of IV, MIV and blockcnt == what goes into cipher */ STORE32H(f8->blockcnt, (buf+(f8->blocklen-4))); ++(f8->blockcnt); for (x = 0; x < f8->blocklen; x++) { f8->IV[x] ^= f8->MIV[x] ^ buf[x]; } if ((err = cipher_descriptor[f8->cipher].ecb_encrypt(f8->IV, f8->IV, &f8->key)) != CRYPT_OK) { return err; } f8->padlen = 0; } #ifdef LTC_FAST if (f8->padlen == 0) { while (len >= (unsigned long)f8->blocklen) { STORE32H(f8->blockcnt, (buf+(f8->blocklen-4))); ++(f8->blockcnt); for (x = 0; x < f8->blocklen; x += sizeof(LTC_FAST_TYPE)) { *((LTC_FAST_TYPE*)(&ct[x])) = *((LTC_FAST_TYPE*)(&pt[x])) ^ *((LTC_FAST_TYPE*)(&f8->IV[x])); *((LTC_FAST_TYPE*)(&f8->IV[x])) ^= *((LTC_FAST_TYPE*)(&f8->MIV[x])) ^ *((LTC_FAST_TYPE*)(&buf[x])); } if ((err = cipher_descriptor[f8->cipher].ecb_encrypt(f8->IV, f8->IV, &f8->key)) != CRYPT_OK) { return err; } len -= x; pt += x; ct += x; } } #endif while (len > 0) { if (f8->padlen == f8->blocklen) { /* xor of IV, MIV and blockcnt == what goes into cipher */ STORE32H(f8->blockcnt, (buf+(f8->blocklen-4))); ++(f8->blockcnt); for (x = 0; x < f8->blocklen; x++) { f8->IV[x] ^= f8->MIV[x] ^ buf[x]; } if ((err = cipher_descriptor[f8->cipher].ecb_encrypt(f8->IV, f8->IV, &f8->key)) != CRYPT_OK) { return err; } f8->padlen = 0; } *ct++ = *pt++ ^ f8->IV[f8->padlen++]; --len; } return CRYPT_OK; }
int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) #endif { ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk; int Nr, r; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(skey != NULL); Nr = skey->rijndael.Nr; rk = skey->rijndael.dK; /* * map byte array block to cipher state * and add initial round key: */ LOAD32H(s0, ct ); s0 ^= rk[0]; LOAD32H(s1, ct + 4); s1 ^= rk[1]; LOAD32H(s2, ct + 8); s2 ^= rk[2]; LOAD32H(s3, ct + 12); s3 ^= rk[3]; #ifdef LTC_SMALL_CODE for (r = 0; ; r++) { rk += 4; t0 = Td0(byte(s0, 3)) ^ Td1(byte(s3, 2)) ^ Td2(byte(s2, 1)) ^ Td3(byte(s1, 0)) ^ rk[0]; t1 = Td0(byte(s1, 3)) ^ Td1(byte(s0, 2)) ^ Td2(byte(s3, 1)) ^ Td3(byte(s2, 0)) ^ rk[1]; t2 = Td0(byte(s2, 3)) ^ Td1(byte(s1, 2)) ^ Td2(byte(s0, 1)) ^ Td3(byte(s3, 0)) ^ rk[2]; t3 = Td0(byte(s3, 3)) ^ Td1(byte(s2, 2)) ^ Td2(byte(s1, 1)) ^ Td3(byte(s0, 0)) ^ rk[3]; if (r == Nr-2) { break; } s0 = t0; s1 = t1; s2 = t2; s3 = t3; } rk += 4; #else /* * Nr - 1 full rounds: */ r = Nr >> 1; for (;;) { t0 = Td0(byte(s0, 3)) ^ Td1(byte(s3, 2)) ^ Td2(byte(s2, 1)) ^ Td3(byte(s1, 0)) ^ rk[4]; t1 = Td0(byte(s1, 3)) ^ Td1(byte(s0, 2)) ^ Td2(byte(s3, 1)) ^ Td3(byte(s2, 0)) ^ rk[5]; t2 = Td0(byte(s2, 3)) ^ Td1(byte(s1, 2)) ^ Td2(byte(s0, 1)) ^ Td3(byte(s3, 0)) ^ rk[6]; t3 = Td0(byte(s3, 3)) ^ Td1(byte(s2, 2)) ^ Td2(byte(s1, 1)) ^ Td3(byte(s0, 0)) ^ rk[7]; rk += 8; if (--r == 0) { break; } s0 = Td0(byte(t0, 3)) ^ Td1(byte(t3, 2)) ^ Td2(byte(t2, 1)) ^ Td3(byte(t1, 0)) ^ rk[0]; s1 = Td0(byte(t1, 3)) ^ Td1(byte(t0, 2)) ^ Td2(byte(t3, 1)) ^ Td3(byte(t2, 0)) ^ rk[1]; s2 = Td0(byte(t2, 3)) ^ Td1(byte(t1, 2)) ^ Td2(byte(t0, 1)) ^ Td3(byte(t3, 0)) ^ rk[2]; s3 = Td0(byte(t3, 3)) ^ Td1(byte(t2, 2)) ^ Td2(byte(t1, 1)) ^ Td3(byte(t0, 0)) ^ rk[3]; } #endif /* * apply last round and * map cipher state to byte array block: */ s0 = (Td4[byte(t0, 3)] & 0xff000000) ^ (Td4[byte(t3, 2)] & 0x00ff0000) ^ (Td4[byte(t2, 1)] & 0x0000ff00) ^ (Td4[byte(t1, 0)] & 0x000000ff) ^ rk[0]; STORE32H(s0, pt); s1 = (Td4[byte(t1, 3)] & 0xff000000) ^ (Td4[byte(t0, 2)] & 0x00ff0000) ^ (Td4[byte(t3, 1)] & 0x0000ff00) ^ (Td4[byte(t2, 0)] & 0x000000ff) ^ rk[1]; STORE32H(s1, pt+4); s2 = (Td4[byte(t2, 3)] & 0xff000000) ^ (Td4[byte(t1, 2)] & 0x00ff0000) ^ (Td4[byte(t0, 1)] & 0x0000ff00) ^ (Td4[byte(t3, 0)] & 0x000000ff) ^ rk[2]; STORE32H(s2, pt+8); s3 = (Td4[byte(t3, 3)] & 0xff000000) ^ (Td4[byte(t2, 2)] & 0x00ff0000) ^ (Td4[byte(t1, 1)] & 0x0000ff00) ^ (Td4[byte(t0, 0)] & 0x000000ff) ^ rk[3]; STORE32H(s3, pt+12); return CRYPT_OK; }
/** Perform PKCS #1 MGF1 (internal) @param hash_idx The index of the hash desired @param seed The seed for MGF1 @param seedlen The length of the seed @param mask [out] The destination @param masklen The length of the mask desired @return CRYPT_OK if successful */ int pkcs_1_mgf1(int hash_idx, const unsigned char *seed, unsigned long seedlen, unsigned char *mask, unsigned long masklen) { unsigned long hLen, x; ulong32 counter; int err; hash_state *md; unsigned char *buf; LTC_ARGCHK(seed != NULL); LTC_ARGCHK(mask != NULL); /* ensure valid hash */ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { return err; } /* get hash output size */ hLen = hash_descriptor[hash_idx].hashsize; /* allocate memory */ md = XMALLOC(sizeof(hash_state)); buf = XMALLOC(hLen); if (md == NULL || buf == NULL) { if (md != NULL) { XFREE(md); } if (buf != NULL) { XFREE(buf); } return CRYPT_MEM; } /* start counter */ counter = 0; while (masklen > 0) { /* handle counter */ STORE32H(counter, buf); ++counter; /* get hash of seed || counter */ if ((err = hash_descriptor[hash_idx].init(md)) != CRYPT_OK) { goto LBL_ERR; } if ((err = hash_descriptor[hash_idx].process(md, seed, seedlen)) != CRYPT_OK) { goto LBL_ERR; } if ((err = hash_descriptor[hash_idx].process(md, buf, 4)) != CRYPT_OK) { goto LBL_ERR; } if ((err = hash_descriptor[hash_idx].done(md, buf)) != CRYPT_OK) { goto LBL_ERR; } /* store it */ for (x = 0; x < hLen && masklen > 0; x++, masklen--) { *mask++ = buf[x]; } } err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK zeromem(buf, hLen); zeromem(md, sizeof(hash_state)); #endif XFREE(buf); XFREE(md); return err; }
void psSha256Final(psSha256_t *sha256, unsigned char hash[SHA256_HASHLEN]) { int32 i; #ifndef HAVE_NATIVE_INT64 uint32 n; #endif #ifdef CRYPTO_ASSERT psAssert(sha256 != NULL); psAssert(hash != NULL); if (sha256->curlen >= sizeof(sha256->buf)) { psTraceCrypto("psSha256Final error\n"); return; } #endif /* increase the length of the message */ #ifdef HAVE_NATIVE_INT64 sha256->length += sha256->curlen << 3; #else n = (sha256->lengthLo + (sha256->curlen << 3)) & 0xFFFFFFFFL; if (n < sha256->lengthLo) { sha256->lengthHi++; } sha256->lengthHi += (sha256->curlen >> 29); sha256->lengthLo = n; #endif /* HAVE_NATIVE_INT64 */ /* append the '1' bit */ sha256->buf[sha256->curlen++] = (unsigned char)0x80; /* if the length is currently above 56 bytes we append zeros then compress. Then we can fall back to padding zeros and length encoding like normal. */ if (sha256->curlen > 56) { while (sha256->curlen < 64) { sha256->buf[sha256->curlen++] = (unsigned char)0; } sha256_compress(sha256, sha256->buf); sha256->curlen = 0; } /* pad upto 56 bytes of zeroes */ while (sha256->curlen < 56) { sha256->buf[sha256->curlen++] = (unsigned char)0; } /* store length */ #ifdef HAVE_NATIVE_INT64 STORE64H(sha256->length, sha256->buf+56); #else STORE32H(sha256->lengthHi, sha256->buf+56); STORE32H(sha256->lengthLo, sha256->buf+60); #endif /* HAVE_NATIVE_INT64 */ sha256_compress(sha256, sha256->buf); /* copy output */ for (i = 0; i < 8; i++) { STORE32H(sha256->state[i], hash+(4*i)); } memset(sha256, 0x0, sizeof(psSha256_t)); }