Mercurial > dropbear

comparison chc.c @ 143:5d99163f7e32 libtomcrypt-orig

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
import of libtomcrypt 0.99
author Matt Johnston <matt@ucc.asn.au>
date Sun, 19 Dec 2004 11:34:45 +0000
parents
children
comparison
equal deleted inserted replaced
15:6362d3854bb4 143:5d99163f7e32
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org
10 */
11
12 #include "mycrypt.h"
13
14 #ifdef CHC_HASH
15
16 #define UNDEFED_HASH -17
17
18 /* chc settings */
19 static int cipher_idx=UNDEFED_HASH, /* which cipher */
20 cipher_blocksize; /* blocksize of cipher */
21
22
23 const struct _hash_descriptor chc_desc = {
24 "chc_hash", 12, 0, 0, { 0 }, 0,
25 &chc_init,
26 &chc_process,
27 &chc_done,
28 &chc_test
29 };
30
31 /* initialize the CHC state with a given cipher */
32 int chc_register(int cipher)
33 {
34 int err, kl, idx;
35
36 if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
37 return err;
38 }
39
40 /* will it be valid? */
41 kl = cipher_descriptor[cipher].block_length;
42
43 /* must be >64 bit block */
44 if (kl <= 8) {
45 return CRYPT_INVALID_CIPHER;
46 }
47
48 /* can we use the ideal keysize? */
49 if ((err = cipher_descriptor[cipher].keysize(&kl)) != CRYPT_OK) {
50 return err;
51 }
52 /* we require that key size == block size be a valid choice */
53 if (kl != cipher_descriptor[cipher].block_length) {
54 return CRYPT_INVALID_CIPHER;
55 }
56
57 /* determine if chc_hash has been register_hash'ed already */
58 if ((err = hash_is_valid(idx = find_hash("chc_hash"))) != CRYPT_OK) {
59 return err;
60 }
61
62 /* store into descriptor */
63 hash_descriptor[idx].hashsize =
64 hash_descriptor[idx].blocksize = cipher_descriptor[cipher].block_length;
65
66 /* store the idx and block size */
67 cipher_idx = cipher;
68 cipher_blocksize = cipher_descriptor[cipher].block_length;
69 return CRYPT_OK;
70 }
71
72 /* "hash init" is simply encrypt 0 with the 0 key. Simple way to make an IV */
73 int chc_init(hash_state *md)
74 {
75 symmetric_key *key;
76 unsigned char buf[MAXBLOCKSIZE];
77 int err;
78
79 _ARGCHK(md != NULL);
80
81 /* is the cipher valid? */
82 if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {
83 return err;
84 }
85
86 if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) {
87 return CRYPT_INVALID_CIPHER;
88 }
89
90 if ((key = XMALLOC(sizeof(*key))) == NULL) {
91 return CRYPT_MEM;
92 }
93
94 /* zero key and what not */
95 zeromem(buf, cipher_blocksize);
96 if ((err = cipher_descriptor[cipher_idx].setup(buf, cipher_blocksize, 0, key)) != CRYPT_OK) {
97 XFREE(key);
98 return err;
99 }
100
101 /* encrypt zero block */
102 cipher_descriptor[cipher_idx].ecb_encrypt(buf, md->chc.state, key);
103
104 /* zero other members */
105 md->chc.length = 0;
106 md->chc.curlen = 0;
107 zeromem(md->chc.buf, sizeof(md->chc.buf));
108 XFREE(key);
109 return CRYPT_OK;
110 }
111
112 /*
113 key <= state
114 T0,T1 <= block
115 T0 <= encrypt T0
116 state <= state xor T0 xor T1
117 */
118 static int chc_compress(hash_state *md, unsigned char *buf)
119 {
120 unsigned char T[2][MAXBLOCKSIZE];
121 symmetric_key *key;
122 int err, x;
123
124 if ((key = XMALLOC(sizeof(*key))) == NULL) {
125 return CRYPT_MEM;
126 }
127 if ((err = cipher_descriptor[cipher_idx].setup(md->chc.state, cipher_blocksize, 0, key)) != CRYPT_OK) {
128 XFREE(key);
129 return err;
130 }
131 memcpy(T[1], buf, cipher_blocksize);
132 cipher_descriptor[cipher_idx].ecb_encrypt(buf, T[0], key);
133 for (x = 0; x < cipher_blocksize; x++) {
134 md->chc.state[x] ^= T[0][x] ^ T[1][x];
135 }
136 XFREE(key);
137 #ifdef CLEAN_STACK
138 zeromem(T, sizeof(T));
139 zeromem(&key, sizeof(key));
140 #endif
141 return CRYPT_OK;
142 }
143
144 HASH_PROCESS(_chc_process, chc_compress, chc, (unsigned long)cipher_blocksize)
145
146 int chc_process(hash_state * md, const unsigned char *buf, unsigned long len)
147 {
148 int err;
149
150 _ARGCHK(md != NULL);
151 _ARGCHK(buf != NULL);
152
153 /* is the cipher valid? */
154 if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {
155 return err;
156 }
157 if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) {
158 return CRYPT_INVALID_CIPHER;
159 }
160
161 return _chc_process(md, buf, len);
162 }
163
164 int chc_done(hash_state *md, unsigned char *buf)
165 {
166 int err;
167
168 _ARGCHK(md != NULL);
169 _ARGCHK(buf != NULL);
170
171 /* is the cipher valid? */
172 if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {
173 return err;
174 }
175 if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) {
176 return CRYPT_INVALID_CIPHER;
177 }
178
179 if (md->chc.curlen >= sizeof(md->chc.buf)) {
180 return CRYPT_INVALID_ARG;
181 }
182
183 /* increase the length of the message */
184 md->chc.length += md->chc.curlen * 8;
185
186 /* append the '1' bit */
187 md->chc.buf[md->chc.curlen++] = (unsigned char)0x80;
188
189 /* if the length is currently above l-8 bytes we append zeros
190 * then compress. Then we can fall back to padding zeros and length
191 * encoding like normal.
192 */
193 if (md->chc.curlen > (unsigned long)(cipher_blocksize - 8)) {
194 while (md->chc.curlen < (unsigned long)cipher_blocksize) {
195 md->chc.buf[md->chc.curlen++] = (unsigned char)0;
196 }
197 chc_compress(md, md->chc.buf);
198 md->chc.curlen = 0;
199 }
200
201 /* pad upto l-8 bytes of zeroes */
202 while (md->chc.curlen < (unsigned long)(cipher_blocksize - 8)) {
203 md->chc.buf[md->chc.curlen++] = (unsigned char)0;
204 }
205
206 /* store length */
207 STORE64L(md->chc.length, md->chc.buf+(cipher_blocksize-8));
208 chc_compress(md, md->chc.buf);
209
210 /* copy output */
211 XMEMCPY(buf, md->chc.state, cipher_blocksize);
212
213 #ifdef CLEAN_STACK
214 zeromem(md, sizeof(hash_state));
215 #endif
216 return CRYPT_OK;
217 }
218
219 int chc_test(void)
220 {
221 static const struct {
222 unsigned char *msg,
223 md[MAXBLOCKSIZE];
224 int len;
225 } tests[] = {
226 {
227 (unsigned char *)"hello world",
228 { 0xcf, 0x57, 0x9d, 0xc3, 0x0a, 0x0e, 0xea, 0x61,
229 0x0d, 0x54, 0x47, 0xc4, 0x3c, 0x06, 0xf5, 0x4e },
230 16
231 }
232 };
233 int x, oldhashidx, idx;
234 unsigned char out[MAXBLOCKSIZE];
235 hash_state md;
236
237 /* AES can be under rijndael or aes... try to find it */
238 if ((idx = find_cipher("aes")) == -1) {
239 if ((idx = find_cipher("rijndael")) == -1) {
240 return CRYPT_NOP;
241 }
242 }
243 oldhashidx = cipher_idx;
244 chc_register(idx);
245
246 for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
247 chc_init(&md);
248 chc_process(&md, tests[x].msg, strlen((char *)tests[x].msg));
249 chc_done(&md, out);
250 if (memcmp(out, tests[x].md, tests[x].len)) {
251 return CRYPT_FAIL_TESTVECTOR;
252 }
253 }
254 if (oldhashidx != UNDEFED_HASH) {
255 chc_register(oldhashidx);
256 }
257
258 return CRYPT_OK;
259 }
260
261 #endif