int rsa_signdepad(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen)
{
unsigned long x;
_ARGCHK(in != NULL);
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
if (*outlen < inlen/3) {
return CRYPT_BUFFER_OVERFLOW;
}
/* check padding bytes */
for (x = 0; x < inlen/3; x++) {
if (in[x] != (unsigned char)0xFF || in[x+(inlen/3)+(inlen/3)] != (unsigned char)0xFF) {
return CRYPT_INVALID_PACKET;
}
}
for (x = 0; x < inlen/3; x++) {
out[x] = in[x+(inlen/3)];
}
*outlen = inlen/3;
return CRYPT_OK;
}
void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#endif
{
unsigned long L, R;
int r;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
/* load it */
LOAD32H(R, &ct[0]);
LOAD32H(L, &ct[4]);
/* undo last keying */
R ^= key->blowfish.K[17];
L ^= key->blowfish.K[16];
/* do 16 rounds */
for (r = 15; r > 0; ) {
L ^= F(R); R ^= key->blowfish.K[r--];
R ^= F(L); L ^= key->blowfish.K[r--];
L ^= F(R); R ^= key->blowfish.K[r--];
R ^= F(L); L ^= key->blowfish.K[r--];
}
/* store */
STORE32H(L, &pt[0]);
STORE32H(R, &pt[4]);
}
int rsa_signpad(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen)
{
unsigned long x, y;
_ARGCHK(in != NULL);
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
if (*outlen < (3 * inlen)) {
return CRYPT_BUFFER_OVERFLOW;
}
/* check inlen */
if (inlen > 512) {
return CRYPT_PK_INVALID_SIZE;
}
for (y = x = 0; x < inlen; x++)
out[y++] = (unsigned char)0xFF;
for (x = 0; x < inlen; x++)
out[y++] = in[x];
for (x = 0; x < inlen; x++)
out[y++] = (unsigned char)0xFF;
*outlen = 3 * inlen;
return CRYPT_OK;
}
int ofb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_OFB *ofb)
{
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(ofb != NULL);
return ofb_encrypt(ct, pt, len, ofb);
}
void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#endif
{
unsigned long a,b,c,d,temp;
int r;
_ARGCHK(key != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LOAD32L(a,&pt[0]); LOAD32L(b,&pt[4]);
LOAD32L(c,&pt[8]); LOAD32L(d,&pt[12]);
#define ROUND(i) \
a ^= RC[r+i]; \
THETA(key->noekeon.K, a,b,c,d); \
PI1(a,b,c,d); \
GAMMA(a,b,c,d); \
PI2(a,b,c,d);
for (r = 0; r < 16; r += 2) {
ROUND(0);
ROUND(1);
}
#undef ROUND
a ^= RC[16];
THETA(key->noekeon.K, a, b, c, d);
STORE32L(a,&ct[0]); STORE32L(b,&ct[4]);
STORE32L(c,&ct[8]); STORE32L(d,&ct[12]);
}
int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
unsigned long temp;
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
if (keylen != 16) {
return CRYPT_INVALID_KEYSIZE;
}
if (num_rounds != 16 && num_rounds != 0) {
return CRYPT_INVALID_ROUNDS;
}
LOAD32L(skey->noekeon.K[0],&key[0]);
LOAD32L(skey->noekeon.K[1],&key[4]);
LOAD32L(skey->noekeon.K[2],&key[8]);
LOAD32L(skey->noekeon.K[3],&key[12]);
LOAD32L(skey->noekeon.dK[0],&key[0]);
LOAD32L(skey->noekeon.dK[1],&key[4]);
LOAD32L(skey->noekeon.dK[2],&key[8]);
LOAD32L(skey->noekeon.dK[3],&key[12]);
THETA(zero, skey->noekeon.dK[0], skey->noekeon.dK[1], skey->noekeon.dK[2], skey->noekeon.dK[3]);
return CRYPT_OK;
}
int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb)
{
int err;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(cfb != NULL);
if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) {
return err;
}
/* is blocklen/padlen valid? */
if (cfb->blocklen < 0 || cfb->blocklen > (int)sizeof(cfb->IV) ||
cfb->padlen < 0 || cfb->padlen > (int)sizeof(cfb->pad)) {
return CRYPT_INVALID_ARG;
}
while (len-- > 0) {
if (cfb->padlen == cfb->blocklen) {
cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key);
cfb->padlen = 0;
}
cfb->pad[cfb->padlen] = *ct;
*pt = *ct ^ cfb->IV[cfb->padlen];
++pt;
++ct;
++cfb->padlen;
}
return CRYPT_OK;
}
void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
{
ulong32 R, L;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LOAD32H(R,&ct[0]);
LOAD32H(L,&ct[4]);
if (key->cast5.keylen > 10) {
R ^= FI(L, key->cast5.K[15], key->cast5.K[31]);
L ^= FIII(R, key->cast5.K[14], key->cast5.K[30]);
R ^= FII(L, key->cast5.K[13], key->cast5.K[29]);
L ^= FI(R, key->cast5.K[12], key->cast5.K[28]);
}
R ^= FIII(L, key->cast5.K[11], key->cast5.K[27]);
L ^= FII(R, key->cast5.K[10], key->cast5.K[26]);
R ^= FI(L, key->cast5.K[9], key->cast5.K[25]);
L ^= FIII(R, key->cast5.K[8], key->cast5.K[24]);
R ^= FII(L, key->cast5.K[7], key->cast5.K[23]);
L ^= FI(R, key->cast5.K[6], key->cast5.K[22]);
R ^= FIII(L, key->cast5.K[5], key->cast5.K[21]);
L ^= FII(R, key->cast5.K[4], key->cast5.K[20]);
R ^= FI(L, key->cast5.K[3], key->cast5.K[19]);
L ^= FIII(R, key->cast5.K[2], key->cast5.K[18]);
R ^= FII(L, key->cast5.K[1], key->cast5.K[17]);
L ^= FI(R, key->cast5.K[0], key->cast5.K[16]);
STORE32H(L,&pt[0]);
STORE32H(R,&pt[4]);
}
int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_CFB *cfb)
{
int x, err;
_ARGCHK(IV != NULL);
_ARGCHK(key != NULL);
_ARGCHK(cfb != NULL);
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
/* copy data */
cfb->cipher = cipher;
cfb->blocklen = cipher_descriptor[cipher].block_length;
for (x = 0; x < cfb->blocklen; x++)
cfb->IV[x] = IV[x];
/* init the cipher */
if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &cfb->key)) != CRYPT_OK) {
return err;
}
/* encrypt the IV */
cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->IV, cfb->IV, &cfb->key);
cfb->padlen = 0;
return CRYPT_OK;
}
int yarrow_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng)
{
hash_state md;
int err;
_ARGCHK(buf != NULL);
_ARGCHK(prng != NULL);
if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) {
return err;
}
/* start the hash */
hash_descriptor[prng->yarrow.hash].init(&md);
/* hash the current pool */
if ((err = hash_descriptor[prng->yarrow.hash].process(&md, prng->yarrow.pool,
hash_descriptor[prng->yarrow.hash].hashsize)) != CRYPT_OK) {
return err;
}
/* add the new entropy */
if ((err = hash_descriptor[prng->yarrow.hash].process(&md, buf, len)) != CRYPT_OK) {
return err;
}
/* store result */
if ((err = hash_descriptor[prng->yarrow.hash].done(&md, prng->yarrow.pool)) != CRYPT_OK) {
return err;
}
return CRYPT_OK;
}
int ctr_start(int cipher, const unsigned char *count, const unsigned char *key, int keylen,
int num_rounds, symmetric_CTR *ctr)
{
int x, err;
_ARGCHK(count != NULL);
_ARGCHK(key != NULL);
_ARGCHK(ctr != NULL);
/* bad param? */
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
/* setup cipher */
if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &ctr->key)) != CRYPT_OK) {
return err;
}
/* copy ctr */
ctr->blocklen = cipher_descriptor[cipher].block_length;
ctr->cipher = cipher;
ctr->padlen = 0;
ctr->mode = 0;
for (x = 0; x < ctr->blocklen; x++) {
ctr->ctr[x] = count[x];
}
cipher_descriptor[ctr->cipher].ecb_encrypt(ctr->ctr, ctr->pad, &ctr->key);
return CRYPT_OK;
}
int rsa_pad(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
int wprng, prng_state *prng)
{
unsigned char buf[1536];
unsigned long x;
int err;
_ARGCHK(in != NULL);
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
/* is output big enough? */
if (*outlen < (3 * inlen)) {
return CRYPT_BUFFER_OVERFLOW;
}
/* get random padding required */
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
return err;
}
/* check inlen */
if (inlen > 512) {
return CRYPT_PK_INVALID_SIZE;
}
if (prng_descriptor[wprng].read(buf, inlen*2-2, prng) != (inlen*2 - 2)) {
return CRYPT_ERROR_READPRNG;
}
/* pad it like a sandwhich
*
* Looks like 0xFF R1 M R2 0xFF
*
* Where R1/R2 are random and exactly equal to the length of M minus one byte.
*/
for (x = 0; x < inlen-1; x++) {
out[x+1] = buf[x];
}
for (x = 0; x < inlen; x++) {
out[x+inlen] = in[x];
}
for (x = 0; x < inlen-1; x++) {
out[x+inlen+inlen] = buf[x+inlen-1];
}
/* last and first bytes are 0xFF */
out[0] = out[inlen+inlen+inlen-1] = (unsigned char)0xFF;
/* clear up and return */
#ifdef CLEAN_STACK
zeromem(buf, sizeof(buf));
#endif
*outlen = inlen*3;
return CRYPT_OK;
}
int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key)
{
unsigned char buf2[5120];
unsigned long y, z;
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
_ARGCHK(key != NULL);
/* type valid? */
if (!(key->type == PK_PRIVATE || key->type == PK_PRIVATE_OPTIMIZED) &&
(type == PK_PRIVATE || type == PK_PRIVATE_OPTIMIZED)) {
return CRYPT_PK_INVALID_TYPE;
}
/* start at offset y=PACKET_SIZE */
y = PACKET_SIZE;
/* output key type */
buf2[y++] = type;
/* output modulus */
OUTPUT_BIGNUM(&key->N, buf2, y, z);
/* output public key */
OUTPUT_BIGNUM(&key->e, buf2, y, z);
if (type == PK_PRIVATE || type == PK_PRIVATE_OPTIMIZED) {
OUTPUT_BIGNUM(&key->d, buf2, y, z);
}
if (type == PK_PRIVATE_OPTIMIZED) {
OUTPUT_BIGNUM(&key->dQ, buf2, y, z);
OUTPUT_BIGNUM(&key->dP, buf2, y, z);
OUTPUT_BIGNUM(&key->pQ, buf2, y, z);
OUTPUT_BIGNUM(&key->qP, buf2, y, z);
OUTPUT_BIGNUM(&key->p, buf2, y, z);
OUTPUT_BIGNUM(&key->q, buf2, y, z);
}
/* check size */
if (*outlen < y) {
return CRYPT_BUFFER_OVERFLOW;
}
/* store packet header */
packet_store_header(buf2, PACKET_SECT_RSA, PACKET_SUB_KEY);
/* copy to the user buffer */
memcpy(out, buf2, (size_t)y);
*outlen = y;
/* clear stack and return */
#ifdef CLEAN_STACK
zeromem(buf2, sizeof(buf2));
#endif
return CRYPT_OK;
}
int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
#endif
{
unsigned long L[64], S[50], A, B, i, j, v, s, t, l;
_ARGCHK(skey != NULL);
_ARGCHK(key != NULL);
/* test parameters */
if (num_rounds == 0) {
num_rounds = rc5_desc.default_rounds;
}
if (num_rounds < 12 || num_rounds > 24) {
return CRYPT_INVALID_ROUNDS;
}
/* key must be between 64 and 1024 bits */
if (keylen < 8 || keylen > 128) {
return CRYPT_INVALID_KEYSIZE;
}
/* copy the key into the L array */
for (A = i = j = 0; i < (unsigned long)keylen; ) {
A = (A << 8) | ((unsigned long)(key[i++] & 255));
if ((i & 3) == 0) {
L[j++] = BSWAP(A);
A = 0;
}
}
if ((keylen & 3) != 0) {
A <<= (unsigned long)((8 * (4 - (keylen&3))));
L[j++] = BSWAP(A);
}
/* setup the S array */
t = (unsigned long)(2 * (num_rounds + 1));
S[0] = 0xB7E15163UL;
for (i = 1; i < t; i++) S[i] = S[i - 1] + 0x9E3779B9UL;
/* mix buffer */
s = 3 * MAX(t, j);
l = j;
for (A = B = i = j = v = 0; v < s; v++) {
A = S[i] = ROL(S[i] + A + B, 3);
B = L[j] = ROL(L[j] + A + B, (A+B));
i = (i + 1) % t;
j = (j + 1) % l;
}
/* copy to key */
for (i = 0; i < t; i++) {
skey->rc5.K[i] = S[i];
}
skey->rc5.rounds = num_rounds;
return CRYPT_OK;
}
int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
unsigned char *ct, unsigned char *tag, unsigned long *taglen)
{
_ARGCHK(ocb != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(tag != NULL);
_ARGCHK(taglen != NULL);
return __ocb_done(ocb, pt, ptlen, ct, tag, taglen, 0);
}
int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc)
{
_ARGCHK(IV != NULL);
_ARGCHK(cbc != NULL);
if (len != (unsigned long)cbc->blocklen) {
return CRYPT_INVALID_ARG;
}
memcpy(cbc->IV, IV, len);
return CRYPT_OK;
}
int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
#endif
{
unsigned long L[64], S[50], A, B, i, j, v, s, t, l;
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
/* test parameters */
if (num_rounds != 0 && num_rounds != 20) {
return CRYPT_INVALID_ROUNDS;
}
/* key must be between 64 and 1024 bits */
if (keylen < 8 || keylen > 128) {
return CRYPT_INVALID_KEYSIZE;
}
/* copy the key into the L array */
for (A = i = j = 0; i < (unsigned long)keylen; ) {
A = (A << 8) | ((unsigned long)(key[i++] & 255));
if (!(i & 3)) {
L[j++] = BSWAP(A);
A = 0;
}
}
/* handle odd sized keys */
if (keylen & 3) {
A <<= (8 * (4 - (keylen&3)));
L[j++] = BSWAP(A);
}
/* setup the S array */
t = 44; /* fixed at 20 rounds */
S[0] = 0xB7E15163UL;
for (i = 1; i < t; i++)
S[i] = S[i - 1] + 0x9E3779B9UL;
/* mix buffer */
s = 3 * MAX(t, j);
l = j;
for (A = B = i = j = v = 0; v < s; v++) {
A = S[i] = ROL(S[i] + A + B, 3);
B = L[j] = ROL(L[j] + A + B, (A+B));
i = (i + 1) % t;
j = (j + 1) % l;
}
/* copy to key */
for (i = 0; i < t; i++) {
skey->rc6.K[i] = S[i];
}
return CRYPT_OK;
}
int ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ECB *ecb)
{
int err;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(ecb != NULL);
if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) {
return err;
}
cipher_descriptor[ecb->cipher].ecb_decrypt(ct, pt, &ecb->key);
return CRYPT_OK;
}
int ecb_start(int cipher, const unsigned char *key, int keylen, int num_rounds, symmetric_ECB *ecb)
{
int err;
_ARGCHK(key != NULL);
_ARGCHK(ecb != NULL);
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
ecb->cipher = cipher;
ecb->blocklen = cipher_descriptor[cipher].block_length;
return cipher_descriptor[cipher].setup(key, keylen, num_rounds, &ecb->key);
}
unsigned long yarrow_read(unsigned char *buf, unsigned long len, prng_state *prng)
{
_ARGCHK(buf != NULL);
_ARGCHK(prng != NULL);
/* put buf in predictable state first */
zeromem(buf, len);
/* now randomize it */
if (ctr_encrypt(buf, buf, len, &prng->yarrow.ctr) != CRYPT_OK) {
return 0;
}
return len;
}
int sha256_done(hash_state * md, unsigned char *hash)
{
int i;
_ARGCHK(md != NULL);
_ARGCHK(hash != NULL);
if (md->sha256.curlen >= sizeof(md->sha256.buf)) {
return CRYPT_INVALID_ARG;
}
/* increase the length of the message */
md->sha256.length += md->sha256.curlen * 8;
/* append the '1' bit */
md->sha256.buf[md->sha256.curlen++] = (unsigned char)0x80;
/* if the length is currently above 56 bytes we append zeros
* then compress. Then we can fall back to padding zeros and length
* encoding like normal.
*/
if (md->sha256.curlen > 56) {
while (md->sha256.curlen < 64) {
md->sha256.buf[md->sha256.curlen++] = (unsigned char)0;
}
sha256_compress(md, md->sha256.buf);
md->sha256.curlen = 0;
}
/* pad upto 56 bytes of zeroes */
while (md->sha256.curlen < 56) {
md->sha256.buf[md->sha256.curlen++] = (unsigned char)0;
}
/* store length */
STORE64H(md->sha256.length, md->sha256.buf+56);
sha256_compress(md, md->sha256.buf);
/* copy output */
for (i = 0; i < 8; i++) {
STORE32H(md->sha256.state[i], hash+(4*i));
}
#ifdef CLEAN_STACK
zeromem(md, sizeof(hash_state));
#endif
return CRYPT_OK;
}
int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length)
{
int err;
_ARGCHK(eax != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
/* encrypt */
if ((err = ctr_encrypt(pt, ct, length, &eax->ctr)) != CRYPT_OK) {
return err;
}
/* omac ciphertext */
return omac_process(&eax->ctomac, ct, length);
}
int yarrow_ready(prng_state *prng)
{
int ks, err;
_ARGCHK(prng != NULL);
if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) {
return err;
}
if ((err = cipher_is_valid(prng->yarrow.cipher)) != CRYPT_OK) {
return err;
}
/* setup CTR mode using the "pool" as the key */
ks = (int)hash_descriptor[prng->yarrow.hash].hashsize;
if ((err = cipher_descriptor[prng->yarrow.cipher].keysize(&ks)) != CRYPT_OK) {
return err;
}
if ((err = ctr_start(prng->yarrow.cipher, /* what cipher to use */
prng->yarrow.pool, /* IV */
prng->yarrow.pool, ks, /* KEY and key size */
0, /* number of rounds */
&prng->yarrow.ctr)) != CRYPT_OK) {
return err;
}
return CRYPT_OK;
}
int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
{
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
return CRYPT_INVALID_ROUNDS;
}
if (keylen != 16) {
return CRYPT_INVALID_KEYSIZE;
}
Safer_Expand_Userkey(key, key+8, (unsigned int)(numrounds != 0?numrounds:SAFER_SK128_DEFAULT_NOF_ROUNDS), 1, skey->safer.key);
return CRYPT_OK;
}
int hmac_done(hmac_state *hmac, unsigned char *hashOut, unsigned long *outlen)
{
unsigned char buf[MAXBLOCKSIZE];
unsigned char isha[MAXBLOCKSIZE];
unsigned long hashsize, i;
int hash, err;
_ARGCHK(hmac != NULL);
_ARGCHK(hashOut != NULL);
hash = hmac->hash;
if((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
/* get the hash message digest size */
hashsize = hash_descriptor[hash].hashsize;
// Get the hash of the first HMAC vector plus the data
if ((err = hash_descriptor[hash].done(&hmac->md, isha)) != CRYPT_OK) {
return err;
}
// Create the second HMAC vector vector for step (3)
for(i=0; i < HMAC_BLOCKSIZE; i++) {
buf[i] = hmac->key[i] ^ 0x5C;
}
// Now calculate the "outer" hash for step (5), (6), and (7)
hash_descriptor[hash].init(&hmac->md);
hash_descriptor[hash].process(&hmac->md, buf, HMAC_BLOCKSIZE);
hash_descriptor[hash].process(&hmac->md, isha, hashsize);
hash_descriptor[hash].done(&hmac->md, buf);
// copy to output
for (i = 0; i < hashsize && i < *outlen; i++) {
hashOut[i] = buf[i];
}
*outlen = i;
#ifdef CLEAN_STACK
zeromem(isha, sizeof(buf));
zeromem(buf, sizeof(isha));
zeromem(hmac, sizeof(*hmac));
#endif
return CRYPT_OK;
}
int rand_prime(mp_int *N, long len, prng_state *prng, int wprng)
{
unsigned char buf[260];
int err, step, ormask;
_ARGCHK(N != NULL);
/* pass a negative size if you want a prime congruent to 3 mod 4 */
if (len < 0) {
step = 4;
ormask = 3;
len = -len;
} else {
step = 2;
ormask = 1;
}
/* allow sizes between 2 and 256 bytes for a prime size */
if (len < 2 || len > 256) {
return CRYPT_INVALID_PRIME_SIZE;
}
/* valid PRNG? */
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
return err;
}
/* read the prng */
if (prng_descriptor[wprng].read(buf+2, (unsigned long)len, prng) != (unsigned long)len) {
return CRYPT_ERROR_READPRNG;
}
/* set sign byte to zero */
buf[0] = (unsigned char)0;
/* Set the top byte to 0x01 which makes the number a len*8 bit number */
buf[1] = (unsigned char)0x01;
/* set the LSB to the desired settings
* (1 for any prime, 3 for primes congruent to 3 mod 4)
*/
buf[len+1] |= (unsigned char)ormask;
/* read the number in */
if (mp_read_raw(N, buf, 2+len) != MP_OKAY) {
return CRYPT_MEM;
}
/* add the step size to it while N is not prime */
if ((err = next_prime(N, step)) != CRYPT_OK) {
return err;
}
#ifdef CLEAN_STACK
zeromem(buf, sizeof(buf));
#endif
return CRYPT_OK;
}
int pmac_done(pmac_state *state, unsigned char *out, unsigned long *outlen)
{
int err, x;
_ARGCHK(state != NULL);
_ARGCHK(out != NULL);
if ((err = cipher_is_valid(state->cipher_idx)) != CRYPT_OK) {
return err;
}
if ((state->buflen > (int)sizeof(state->block)) || (state->buflen < 0) ||
(state->block_len > (int)sizeof(state->block)) || (state->buflen > state->block_len)) {
return CRYPT_INVALID_ARG;
}
/* handle padding. If multiple xor in L/x */
if (state->buflen == state->block_len) {
/* xor Lr against the checksum */
for (x = 0; x < state->block_len; x++) {
state->checksum[x] ^= state->block[x] ^ state->Lr[x];
}
} else {
/* otherwise xor message bytes then the 0x80 byte */
for (x = 0; x < state->buflen; x++) {
state->checksum[x] ^= state->block[x];
}
state->checksum[x] ^= 0x80;
}
/* encrypt it */
cipher_descriptor[state->cipher_idx].ecb_encrypt(state->checksum, state->checksum, &state->key);
/* store it */
for (x = 0; x < state->block_len && x <= (int)*outlen; x++) {
out[x] = state->checksum[x];
}
*outlen = x;
#ifdef CLEAN_STACK
zeromem(state, sizeof(*state));
#endif
return CRYPT_OK;
}
int rsa_depad(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen)
{
unsigned long x;
_ARGCHK(in != NULL);
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
if (*outlen < inlen/3) {
return CRYPT_BUFFER_OVERFLOW;
}
for (x = 0; x < inlen/3; x++) {
out[x] = in[x+(inlen/3)];
}
*outlen = inlen/3;
return CRYPT_OK;
}
int cast5_keysize(int *desired_keysize)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 5) {
return CRYPT_INVALID_KEYSIZE;
} else if (*desired_keysize > 16) {
*desired_keysize = 16;
}
return CRYPT_OK;
}
int noekeon_keysize(int *desired_keysize)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 16) {
return CRYPT_INVALID_KEYSIZE;
} else {
*desired_keysize = 16;
return CRYPT_OK;
}
}
