Mirrors_Framework/nuttx
1
0
Fork 0
mirror of https://github.com/apache/nuttx.git synced 2026-05-20 20:44:39 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

crypto: Initial copy from https://github.com/openbsd/sys/crypto

Browse Source 
public header files put into include/crpyto
private header/source files put into crpyto

crypto.c cryptodev.[c|h] cryptosoft.[c|h] come from:
commit id is f245bed2a7593bf0decce50caaed4ce05fefd6cf

the rest come from:
commit id is 61b0e532b2dce0a91cf3ea67d346645a61a88cdd

Signed-off-by: anjiahao <anjiahao@xiaomi.com>
This commit is contained in:
anjiahao
2022-07-18 15:00:30 +08:00
committed by Xiang Xiao
parent 2b071b7a42
commit c7d347c7f0
50 changed files with 12438 additions and 1248 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crypto/aes.c
+834 -798
View File
File diff suppressed because it is too large Load Diff
crypto/blf.c
+655
View File
File diff suppressed because it is too large Load Diff
crypto/cast.c
+277
View File
@@ -0,0 +1,277 @@
/* $OpenBSD: cast.c,v 1.4 2012/04/25 04:12:27 matthew Exp $ */
/*
* CAST-128 in C
* Written by Steve Reid <sreid@sea-to-sky.net>
* 100% Public Domain - no warranty
* Released 1997.10.11
*/
#include <sys/types.h>
#include <sys/systm.h>
#include <crypto/cast.h>
#include <crypto/castsb.h>
/* Macros to access 8-bit bytes out of a 32-bit word */
#define U_INT8_Ta(x) ( (u_int8_t) (x>>24) )
#define U_INT8_Tb(x) ( (u_int8_t) ((x>>16)&255) )
#define U_INT8_Tc(x) ( (u_int8_t) ((x>>8)&255) )
#define U_INT8_Td(x) ( (u_int8_t) ((x)&255) )
/* Circular left shift */
#define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) )
/* CAST-128 uses three different round functions */
#define F1(l, r, i) \
t = ROL(key->xkey[i] + r, key->xkey[i+16]); \
l ^= ((cast_sbox1[U_INT8_Ta(t)] ^ cast_sbox2[U_INT8_Tb(t)]) - \
cast_sbox3[U_INT8_Tc(t)]) + cast_sbox4[U_INT8_Td(t)];
#define F2(l, r, i) \
t = ROL(key->xkey[i] ^ r, key->xkey[i+16]); \
l ^= ((cast_sbox1[U_INT8_Ta(t)] - cast_sbox2[U_INT8_Tb(t)]) + \
cast_sbox3[U_INT8_Tc(t)]) ^ cast_sbox4[U_INT8_Td(t)];
#define F3(l, r, i) \
t = ROL(key->xkey[i] - r, key->xkey[i+16]); \
l ^= ((cast_sbox1[U_INT8_Ta(t)] + cast_sbox2[U_INT8_Tb(t)]) ^ \
cast_sbox3[U_INT8_Tc(t)]) - cast_sbox4[U_INT8_Td(t)];
/***** Encryption Function *****/
void
cast_encrypt(cast_key *key, u_int8_t *inblock, u_int8_t *outblock)
{
u_int32_t t, l, r;
/* Get inblock into l,r */
l = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
r = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
/* Do the work */
F1(l, r, 0);
F2(r, l, 1);
F3(l, r, 2);
F1(r, l, 3);
F2(l, r, 4);
F3(r, l, 5);
F1(l, r, 6);
F2(r, l, 7);
F3(l, r, 8);
F1(r, l, 9);
F2(l, r, 10);
F3(r, l, 11);
/* Only do full 16 rounds if key length > 80 bits */
if (key->rounds > 12) {
F1(l, r, 12);
F2(r, l, 13);
F3(l, r, 14);
F1(r, l, 15);
}
/* Put l,r into outblock */
outblock[0] = U_INT8_Ta(r);
outblock[1] = U_INT8_Tb(r);
outblock[2] = U_INT8_Tc(r);
outblock[3] = U_INT8_Td(r);
outblock[4] = U_INT8_Ta(l);
outblock[5] = U_INT8_Tb(l);
outblock[6] = U_INT8_Tc(l);
outblock[7] = U_INT8_Td(l);
/* Wipe clean */
t = l = r = 0;
}
/***** Decryption Function *****/
void
cast_decrypt(cast_key *key, u_int8_t *inblock, u_int8_t *outblock)
{
u_int32_t t, l, r;
/* Get inblock into l,r */
r = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
l = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
/* Do the work */
/* Only do full 16 rounds if key length > 80 bits */
if (key->rounds > 12) {
F1(r, l, 15);
F3(l, r, 14);
F2(r, l, 13);
F1(l, r, 12);
}
F3(r, l, 11);
F2(l, r, 10);
F1(r, l, 9);
F3(l, r, 8);
F2(r, l, 7);
F1(l, r, 6);
F3(r, l, 5);
F2(l, r, 4);
F1(r, l, 3);
F3(l, r, 2);
F2(r, l, 1);
F1(l, r, 0);
/* Put l,r into outblock */
outblock[0] = U_INT8_Ta(l);
outblock[1] = U_INT8_Tb(l);
outblock[2] = U_INT8_Tc(l);
outblock[3] = U_INT8_Td(l);
outblock[4] = U_INT8_Ta(r);
outblock[5] = U_INT8_Tb(r);
outblock[6] = U_INT8_Tc(r);
outblock[7] = U_INT8_Td(r);
/* Wipe clean */
t = l = r = 0;
}
/***** Key Schedule *****/
void
cast_setkey(cast_key *key, u_int8_t *rawkey, int keybytes)
{
u_int32_t t[4], z[4], x[4];
int i;
/* Set number of rounds to 12 or 16, depending on key length */
key->rounds = (keybytes <= 10 ? 12 : 16);
/* Copy key to workspace x */
for (i = 0; i < 4; i++) {
x[i] = 0;
if ((i*4+0) < keybytes) x[i] = (u_int32_t)rawkey[i*4+0] << 24;
if ((i*4+1) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+1] << 16;
if ((i*4+2) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+2] << 8;
if ((i*4+3) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+3];
}
/* Generate 32 subkeys, four at a time */
for (i = 0; i < 32; i+=4) {
switch (i & 4) {
case 0:
t[0] = z[0] = x[0] ^ cast_sbox5[U_INT8_Tb(x[3])] ^
cast_sbox6[U_INT8_Td(x[3])] ^
cast_sbox7[U_INT8_Ta(x[3])] ^
cast_sbox8[U_INT8_Tc(x[3])] ^
cast_sbox7[U_INT8_Ta(x[2])];
t[1] = z[1] = x[2] ^ cast_sbox5[U_INT8_Ta(z[0])] ^
cast_sbox6[U_INT8_Tc(z[0])] ^
cast_sbox7[U_INT8_Tb(z[0])] ^
cast_sbox8[U_INT8_Td(z[0])] ^
cast_sbox8[U_INT8_Tc(x[2])];
t[2] = z[2] = x[3] ^ cast_sbox5[U_INT8_Td(z[1])] ^
cast_sbox6[U_INT8_Tc(z[1])] ^
cast_sbox7[U_INT8_Tb(z[1])] ^
cast_sbox8[U_INT8_Ta(z[1])] ^
cast_sbox5[U_INT8_Tb(x[2])];
t[3] = z[3] = x[1] ^ cast_sbox5[U_INT8_Tc(z[2])] ^
cast_sbox6[U_INT8_Tb(z[2])] ^
cast_sbox7[U_INT8_Td(z[2])] ^
cast_sbox8[U_INT8_Ta(z[2])] ^
cast_sbox6[U_INT8_Td(x[2])];
break;
case 4:
t[0] = x[0] = z[2] ^ cast_sbox5[U_INT8_Tb(z[1])] ^
cast_sbox6[U_INT8_Td(z[1])] ^
cast_sbox7[U_INT8_Ta(z[1])] ^
cast_sbox8[U_INT8_Tc(z[1])] ^
cast_sbox7[U_INT8_Ta(z[0])];
t[1] = x[1] = z[0] ^ cast_sbox5[U_INT8_Ta(x[0])] ^
cast_sbox6[U_INT8_Tc(x[0])] ^
cast_sbox7[U_INT8_Tb(x[0])] ^
cast_sbox8[U_INT8_Td(x[0])] ^
cast_sbox8[U_INT8_Tc(z[0])];
t[2] = x[2] = z[1] ^ cast_sbox5[U_INT8_Td(x[1])] ^
cast_sbox6[U_INT8_Tc(x[1])] ^
cast_sbox7[U_INT8_Tb(x[1])] ^
cast_sbox8[U_INT8_Ta(x[1])] ^
cast_sbox5[U_INT8_Tb(z[0])];
t[3] = x[3] = z[3] ^ cast_sbox5[U_INT8_Tc(x[2])] ^
cast_sbox6[U_INT8_Tb(x[2])] ^
cast_sbox7[U_INT8_Td(x[2])] ^
cast_sbox8[U_INT8_Ta(x[2])] ^
cast_sbox6[U_INT8_Td(z[0])];
break;
}
switch (i & 12) {
case 0:
case 12:
key->xkey[i+0] = cast_sbox5[U_INT8_Ta(t[2])] ^
cast_sbox6[U_INT8_Tb(t[2])] ^
cast_sbox7[U_INT8_Td(t[1])] ^
cast_sbox8[U_INT8_Tc(t[1])];
key->xkey[i+1] = cast_sbox5[U_INT8_Tc(t[2])] ^
cast_sbox6[U_INT8_Td(t[2])] ^
cast_sbox7[U_INT8_Tb(t[1])] ^
cast_sbox8[U_INT8_Ta(t[1])];
key->xkey[i+2] = cast_sbox5[U_INT8_Ta(t[3])] ^
cast_sbox6[U_INT8_Tb(t[3])] ^
cast_sbox7[U_INT8_Td(t[0])] ^
cast_sbox8[U_INT8_Tc(t[0])];
key->xkey[i+3] = cast_sbox5[U_INT8_Tc(t[3])] ^
cast_sbox6[U_INT8_Td(t[3])] ^
cast_sbox7[U_INT8_Tb(t[0])] ^
cast_sbox8[U_INT8_Ta(t[0])];
break;
case 4:
case 8:
key->xkey[i+0] = cast_sbox5[U_INT8_Td(t[0])] ^
cast_sbox6[U_INT8_Tc(t[0])] ^
cast_sbox7[U_INT8_Ta(t[3])] ^
cast_sbox8[U_INT8_Tb(t[3])];
key->xkey[i+1] = cast_sbox5[U_INT8_Tb(t[0])] ^
cast_sbox6[U_INT8_Ta(t[0])] ^
cast_sbox7[U_INT8_Tc(t[3])] ^
cast_sbox8[U_INT8_Td(t[3])];
key->xkey[i+2] = cast_sbox5[U_INT8_Td(t[1])] ^
cast_sbox6[U_INT8_Tc(t[1])] ^
cast_sbox7[U_INT8_Ta(t[2])] ^
cast_sbox8[U_INT8_Tb(t[2])];
key->xkey[i+3] = cast_sbox5[U_INT8_Tb(t[1])] ^
cast_sbox6[U_INT8_Ta(t[1])] ^
cast_sbox7[U_INT8_Tc(t[2])] ^
cast_sbox8[U_INT8_Td(t[2])];
break;
}
switch (i & 12) {
case 0:
key->xkey[i+0] ^= cast_sbox5[U_INT8_Tc(z[0])];
key->xkey[i+1] ^= cast_sbox6[U_INT8_Tc(z[1])];
key->xkey[i+2] ^= cast_sbox7[U_INT8_Tb(z[2])];
key->xkey[i+3] ^= cast_sbox8[U_INT8_Ta(z[3])];
break;
case 4:
key->xkey[i+0] ^= cast_sbox5[U_INT8_Ta(x[2])];
key->xkey[i+1] ^= cast_sbox6[U_INT8_Tb(x[3])];
key->xkey[i+2] ^= cast_sbox7[U_INT8_Td(x[0])];
key->xkey[i+3] ^= cast_sbox8[U_INT8_Td(x[1])];
break;
case 8:
key->xkey[i+0] ^= cast_sbox5[U_INT8_Tb(z[2])];
key->xkey[i+1] ^= cast_sbox6[U_INT8_Ta(z[3])];
key->xkey[i+2] ^= cast_sbox7[U_INT8_Tc(z[0])];
key->xkey[i+3] ^= cast_sbox8[U_INT8_Tc(z[1])];
break;
case 12:
key->xkey[i+0] ^= cast_sbox5[U_INT8_Td(x[0])];
key->xkey[i+1] ^= cast_sbox6[U_INT8_Td(x[1])];
key->xkey[i+2] ^= cast_sbox7[U_INT8_Ta(x[2])];
key->xkey[i+3] ^= cast_sbox8[U_INT8_Tb(x[3])];
break;
}
if (i >= 16) {
key->xkey[i+0] &= 31;
key->xkey[i+1] &= 31;
key->xkey[i+2] &= 31;
key->xkey[i+3] &= 31;
}
}
/* Wipe clean */
explicit_bzero(t, sizeof(t));
explicit_bzero(x, sizeof(x));
explicit_bzero(z, sizeof(z));
}
/* Made in Canada */
crypto/castsb.h
+544
View File
File diff suppressed because it is too large Load Diff
crypto/chacha_private.h
+261
View File
@@ -0,0 +1,261 @@
/* $OpenBSD: chacha_private.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $ */
/*
chacha-merged.c version 20080118
D. J. Bernstein
Public domain.
*/
#include <sys/systm.h>
typedef unsigned char u8;
typedef unsigned int u32;
typedef struct
{
u32 input[16]; /* could be compressed */
} chacha_ctx;
#define U8C(v) (v##U)
#define U32C(v) (v##U)
#define U8V(v) ((u8)(v) & U8C(0xFF))
#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
#define ROTL32(v, n) \
(U32V((v) << (n)) | ((v) >> (32 - (n))))
#define U8TO32_LITTLE(p) \
(((u32)((p)[0]) ) | \
((u32)((p)[1]) << 8) | \
((u32)((p)[2]) << 16) | \
((u32)((p)[3]) << 24))
#define U32TO8_LITTLE(p, v) \
do { \
(p)[0] = U8V((v) ); \
(p)[1] = U8V((v) >> 8); \
(p)[2] = U8V((v) >> 16); \
(p)[3] = U8V((v) >> 24); \
} while (0)
#define ROTATE(v,c) (ROTL32(v,c))
#define XOR(v,w) ((v) ^ (w))
#define PLUS(v,w) (U32V((v) + (w)))
#define PLUSONE(v) (PLUS((v),1))
#define QUARTERROUND(a,b,c,d) \
a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
static const char sigma[16] = "expand 32-byte k";
static const char tau[16] = "expand 16-byte k";
static inline void
hchacha20(u32 derived_key[8], const u8 nonce[16], const u8 key[32])
{
int i;
uint32_t x[] = {
U8TO32_LITTLE(sigma + 0),
U8TO32_LITTLE(sigma + 4),
U8TO32_LITTLE(sigma + 8),
U8TO32_LITTLE(sigma + 12),
U8TO32_LITTLE(key + 0),
U8TO32_LITTLE(key + 4),
U8TO32_LITTLE(key + 8),
U8TO32_LITTLE(key + 12),
U8TO32_LITTLE(key + 16),
U8TO32_LITTLE(key + 20),
U8TO32_LITTLE(key + 24),
U8TO32_LITTLE(key + 28),
U8TO32_LITTLE(nonce + 0),
U8TO32_LITTLE(nonce + 4),
U8TO32_LITTLE(nonce + 8),
U8TO32_LITTLE(nonce + 12)
};
for (i = 20;i > 0;i -= 2) {
QUARTERROUND( x[0], x[4], x[8],x[12])
QUARTERROUND( x[1], x[5], x[9],x[13])
QUARTERROUND( x[2], x[6],x[10],x[14])
QUARTERROUND( x[3], x[7],x[11],x[15])
QUARTERROUND( x[0], x[5],x[10],x[15])
QUARTERROUND( x[1], x[6],x[11],x[12])
QUARTERROUND( x[2], x[7], x[8],x[13])
QUARTERROUND( x[3], x[4], x[9],x[14])
}
memcpy(derived_key + 0, x + 0, sizeof(u32) * 4);
memcpy(derived_key + 4, x + 12, sizeof(u32) * 4);
}
static void
chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
{
const char *constants;
x->input[4] = U8TO32_LITTLE(k + 0);
x->input[5] = U8TO32_LITTLE(k + 4);
x->input[6] = U8TO32_LITTLE(k + 8);
x->input[7] = U8TO32_LITTLE(k + 12);
if (kbits == 256) { /* recommended */
k += 16;
constants = sigma;
} else { /* kbits == 128 */
constants = tau;
}
x->input[8] = U8TO32_LITTLE(k + 0);
x->input[9] = U8TO32_LITTLE(k + 4);
x->input[10] = U8TO32_LITTLE(k + 8);
x->input[11] = U8TO32_LITTLE(k + 12);
x->input[0] = U8TO32_LITTLE(constants + 0);
x->input[1] = U8TO32_LITTLE(constants + 4);
x->input[2] = U8TO32_LITTLE(constants + 8);
x->input[3] = U8TO32_LITTLE(constants + 12);
}
static void
chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
{
x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
x->input[14] = U8TO32_LITTLE(iv + 0);
x->input[15] = U8TO32_LITTLE(iv + 4);
}
static void
chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
{
u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
u8 *ctarget = NULL;
u8 tmp[64];
u_int i;
if (!bytes) return;
j0 = x->input[0];
j1 = x->input[1];
j2 = x->input[2];
j3 = x->input[3];
j4 = x->input[4];
j5 = x->input[5];
j6 = x->input[6];
j7 = x->input[7];
j8 = x->input[8];
j9 = x->input[9];
j10 = x->input[10];
j11 = x->input[11];
j12 = x->input[12];
j13 = x->input[13];
j14 = x->input[14];
j15 = x->input[15];
for (;;) {
if (bytes < 64) {
for (i = 0;i < bytes;++i) tmp[i] = m[i];
m = tmp;
ctarget = c;
c = tmp;
}
x0 = j0;
x1 = j1;
x2 = j2;
x3 = j3;
x4 = j4;
x5 = j5;
x6 = j6;
x7 = j7;
x8 = j8;
x9 = j9;
x10 = j10;
x11 = j11;
x12 = j12;
x13 = j13;
x14 = j14;
x15 = j15;
for (i = 20;i > 0;i -= 2) {
QUARTERROUND( x0, x4, x8,x12)
QUARTERROUND( x1, x5, x9,x13)
QUARTERROUND( x2, x6,x10,x14)
QUARTERROUND( x3, x7,x11,x15)
QUARTERROUND( x0, x5,x10,x15)
QUARTERROUND( x1, x6,x11,x12)
QUARTERROUND( x2, x7, x8,x13)
QUARTERROUND( x3, x4, x9,x14)
}
x0 = PLUS(x0,j0);
x1 = PLUS(x1,j1);
x2 = PLUS(x2,j2);
x3 = PLUS(x3,j3);
x4 = PLUS(x4,j4);
x5 = PLUS(x5,j5);
x6 = PLUS(x6,j6);
x7 = PLUS(x7,j7);
x8 = PLUS(x8,j8);
x9 = PLUS(x9,j9);
x10 = PLUS(x10,j10);
x11 = PLUS(x11,j11);
x12 = PLUS(x12,j12);
x13 = PLUS(x13,j13);
x14 = PLUS(x14,j14);
x15 = PLUS(x15,j15);
#ifndef KEYSTREAM_ONLY
x0 = XOR(x0,U8TO32_LITTLE(m + 0));
x1 = XOR(x1,U8TO32_LITTLE(m + 4));
x2 = XOR(x2,U8TO32_LITTLE(m + 8));
x3 = XOR(x3,U8TO32_LITTLE(m + 12));
x4 = XOR(x4,U8TO32_LITTLE(m + 16));
x5 = XOR(x5,U8TO32_LITTLE(m + 20));
x6 = XOR(x6,U8TO32_LITTLE(m + 24));
x7 = XOR(x7,U8TO32_LITTLE(m + 28));
x8 = XOR(x8,U8TO32_LITTLE(m + 32));
x9 = XOR(x9,U8TO32_LITTLE(m + 36));
x10 = XOR(x10,U8TO32_LITTLE(m + 40));
x11 = XOR(x11,U8TO32_LITTLE(m + 44));
x12 = XOR(x12,U8TO32_LITTLE(m + 48));
x13 = XOR(x13,U8TO32_LITTLE(m + 52));
x14 = XOR(x14,U8TO32_LITTLE(m + 56));
x15 = XOR(x15,U8TO32_LITTLE(m + 60));
#endif
j12 = PLUSONE(j12);
if (!j12) {
j13 = PLUSONE(j13);
/* stopping at 2^70 bytes per nonce is user's responsibility */
}
U32TO8_LITTLE(c + 0,x0);
U32TO8_LITTLE(c + 4,x1);
U32TO8_LITTLE(c + 8,x2);
U32TO8_LITTLE(c + 12,x3);
U32TO8_LITTLE(c + 16,x4);
U32TO8_LITTLE(c + 20,x5);
U32TO8_LITTLE(c + 24,x6);
U32TO8_LITTLE(c + 28,x7);
U32TO8_LITTLE(c + 32,x8);
U32TO8_LITTLE(c + 36,x9);
U32TO8_LITTLE(c + 40,x10);
U32TO8_LITTLE(c + 44,x11);
U32TO8_LITTLE(c + 48,x12);
U32TO8_LITTLE(c + 52,x13);
U32TO8_LITTLE(c + 56,x14);
U32TO8_LITTLE(c + 60,x15);
if (bytes <= 64) {
if (bytes < 64) {
for (i = 0;i < bytes;++i) ctarget[i] = c[i];
}
x->input[12] = j12;
x->input[13] = j13;
return;
}
bytes -= 64;
c += 64;
#ifndef KEYSTREAM_ONLY
m += 64;
#endif
}
}
crypto/chachapoly.c
+262
View File
@@ -0,0 +1,262 @@
/* $OpenBSD: chachapoly.c,v 1.6 2020/07/22 13:54:30 tobhe Exp $ */
/*
* Copyright (c) 2015 Mike Belopuhov
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <lib/libkern/libkern.h>
#include <crypto/chacha_private.h>
#include <crypto/poly1305.h>
#include <crypto/chachapoly.h>
int
chacha20_setkey(void *sched, u_int8_t *key, int len)
{
struct chacha20_ctx *ctx = (struct chacha20_ctx *)sched;
if (len != CHACHA20_KEYSIZE + CHACHA20_SALT)
return (-1);
/* initial counter is 1 */
ctx->nonce[0] = 1;
memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
CHACHA20_SALT);
chacha_keysetup((chacha_ctx *)&ctx->block, key, CHACHA20_KEYSIZE * 8);
return (0);
}
void
chacha20_reinit(caddr_t key, u_int8_t *iv)
{
struct chacha20_ctx *ctx = (struct chacha20_ctx *)key;
chacha_ivsetup((chacha_ctx *)ctx->block, iv, ctx->nonce);
}
void
chacha20_crypt(caddr_t key, u_int8_t *data)
{
struct chacha20_ctx *ctx = (struct chacha20_ctx *)key;
chacha_encrypt_bytes((chacha_ctx *)ctx->block, data, data,
CHACHA20_BLOCK_LEN);
}
void
Chacha20_Poly1305_Init(void *xctx)
{
CHACHA20_POLY1305_CTX *ctx = xctx;
memset(ctx, 0, sizeof(*ctx));
}
void
Chacha20_Poly1305_Setkey(void *xctx, const uint8_t *key, uint16_t klen)
{
CHACHA20_POLY1305_CTX *ctx = xctx;
/* salt is provided with the key material */
memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
CHACHA20_SALT);
chacha_keysetup((chacha_ctx *)&ctx->chacha, key, CHACHA20_KEYSIZE * 8);
}
void
Chacha20_Poly1305_Reinit(void *xctx, const uint8_t *iv, uint16_t ivlen)
{
CHACHA20_POLY1305_CTX *ctx = xctx;
/* initial counter is 0 */
chacha_ivsetup((chacha_ctx *)&ctx->chacha, iv, ctx->nonce);
chacha_encrypt_bytes((chacha_ctx *)&ctx->chacha, ctx->key, ctx->key,
POLY1305_KEYLEN);
poly1305_init((poly1305_state *)&ctx->poly, ctx->key);
}
int
Chacha20_Poly1305_Update(void *xctx, const uint8_t *data, uint16_t len)
{
static const char zeroes[POLY1305_BLOCK_LEN];
CHACHA20_POLY1305_CTX *ctx = xctx;
size_t rem;
poly1305_update((poly1305_state *)&ctx->poly, data, len);
/* number of bytes in the last 16 byte block */
rem = (len + POLY1305_BLOCK_LEN) & (POLY1305_BLOCK_LEN - 1);
if (rem > 0)
poly1305_update((poly1305_state *)&ctx->poly, zeroes,
POLY1305_BLOCK_LEN - rem);
return (0);
}
void
Chacha20_Poly1305_Final(uint8_t tag[POLY1305_TAGLEN], void *xctx)
{
CHACHA20_POLY1305_CTX *ctx = xctx;
poly1305_finish((poly1305_state *)&ctx->poly, tag);
explicit_bzero(ctx, sizeof(*ctx));
}
static const uint8_t pad0[16] = { 0 };
void
chacha20poly1305_encrypt(
uint8_t *dst,
const uint8_t *src,
const size_t src_len,
const uint8_t *ad,
const size_t ad_len,
const uint64_t nonce,
const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
) {
poly1305_state poly1305_ctx;
chacha_ctx chacha_ctx;
union {
uint8_t b0[CHACHA20POLY1305_KEY_SIZE];
uint64_t lens[2];
} b = { { 0 } };
uint64_t le_nonce = htole64(nonce);
chacha_keysetup(&chacha_ctx, key, CHACHA20POLY1305_KEY_SIZE * 8);
chacha_ivsetup(&chacha_ctx, (uint8_t *) &le_nonce, NULL);
chacha_encrypt_bytes(&chacha_ctx, b.b0, b.b0, sizeof(b.b0));
poly1305_init(&poly1305_ctx, b.b0);
poly1305_update(&poly1305_ctx, ad, ad_len);
poly1305_update(&poly1305_ctx, pad0, (0x10 - ad_len) & 0xf);
chacha_encrypt_bytes(&chacha_ctx, (uint8_t *) src, dst, src_len);
poly1305_update(&poly1305_ctx, dst, src_len);
poly1305_update(&poly1305_ctx, pad0, (0x10 - src_len) & 0xf);
b.lens[0] = htole64(ad_len);
b.lens[1] = htole64(src_len);
poly1305_update(&poly1305_ctx, (uint8_t *)b.lens, sizeof(b.lens));
poly1305_finish(&poly1305_ctx, dst + src_len);
explicit_bzero(&chacha_ctx, sizeof(chacha_ctx));
explicit_bzero(&b, sizeof(b));
}
int
chacha20poly1305_decrypt(
uint8_t *dst,
const uint8_t *src,
const size_t src_len,
const uint8_t *ad,
const size_t ad_len,
const uint64_t nonce,
const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
) {
poly1305_state poly1305_ctx;
chacha_ctx chacha_ctx;
int ret;
size_t dst_len;
union {
uint8_t b0[CHACHA20POLY1305_KEY_SIZE];
uint8_t mac[CHACHA20POLY1305_AUTHTAG_SIZE];
uint64_t lens[2];
} b = { { 0 } };
uint64_t le_nonce = htole64(nonce);
if (src_len < CHACHA20POLY1305_AUTHTAG_SIZE)
return 0;
chacha_keysetup(&chacha_ctx, key, CHACHA20POLY1305_KEY_SIZE * 8);
chacha_ivsetup(&chacha_ctx, (uint8_t *) &le_nonce, NULL);
chacha_encrypt_bytes(&chacha_ctx, b.b0, b.b0, sizeof(b.b0));
poly1305_init(&poly1305_ctx, b.b0);
poly1305_update(&poly1305_ctx, ad, ad_len);
poly1305_update(&poly1305_ctx, pad0, (0x10 - ad_len) & 0xf);
dst_len = src_len - CHACHA20POLY1305_AUTHTAG_SIZE;
poly1305_update(&poly1305_ctx, src, dst_len);
poly1305_update(&poly1305_ctx, pad0, (0x10 - dst_len) & 0xf);
b.lens[0] = htole64(ad_len);
b.lens[1] = htole64(dst_len);
poly1305_update(&poly1305_ctx, (uint8_t *)b.lens, sizeof(b.lens));
poly1305_finish(&poly1305_ctx, b.mac);
ret = timingsafe_bcmp(b.mac, src + dst_len, CHACHA20POLY1305_AUTHTAG_SIZE);
if (!ret)
chacha_encrypt_bytes(&chacha_ctx, (uint8_t *) src, dst, dst_len);
explicit_bzero(&chacha_ctx, sizeof(chacha_ctx));
explicit_bzero(&b, sizeof(b));
return !ret;
}
void
xchacha20poly1305_encrypt(
uint8_t *dst,
const uint8_t *src,
const size_t src_len,
const uint8_t *ad,
const size_t ad_len,
const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
) {
int i;
uint32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(uint32_t)];
uint64_t h_nonce;
memcpy(&h_nonce, nonce + 16, sizeof(h_nonce));
h_nonce = le64toh(h_nonce);
hchacha20(derived_key, nonce, key);
for(i = 0; i < (sizeof(derived_key)/sizeof(derived_key[0])); i++)
(derived_key[i]) = htole32((derived_key[i]));
chacha20poly1305_encrypt(dst, src, src_len, ad, ad_len,
h_nonce, (uint8_t *)derived_key);
explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE);
}
int
xchacha20poly1305_decrypt(
uint8_t *dst,
const uint8_t *src,
const size_t src_len,
const uint8_t *ad,
const size_t ad_len,
const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
) {
int ret, i;
uint32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(uint32_t)];
uint64_t h_nonce;
memcpy(&h_nonce, nonce + 16, sizeof(h_nonce));
h_nonce = le64toh(h_nonce);
hchacha20(derived_key, nonce, key);
for(i = 0; i < (sizeof(derived_key)/sizeof(derived_key[0])); i++)
(derived_key[i]) = htole32((derived_key[i]));
ret = chacha20poly1305_decrypt(dst, src, src_len, ad, ad_len,
h_nonce, (uint8_t *)derived_key);
explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE);
return ret;
}
crypto/cmac.c
+120
View File
@@ -0,0 +1,120 @@
/* $OpenBSD: cmac.c,v 1.3 2017/05/02 17:07:06 mikeb Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* This code implements the CMAC (Cipher-based Message Authentication)
* algorithm described in FIPS SP800-38B using the AES-128 cipher.
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <crypto/aes.h>
#include <crypto/cmac.h>
#define LSHIFT(v, r) do { \
int i; \
for (i = 0; i < 15; i++) \
(r)[i] = (v)[i] << 1 | (v)[i + 1] >> 7; \
(r)[15] = (v)[15] << 1; \
} while (0)
#define XOR(v, r) do { \
int i; \
for (i = 0; i < 16; i++) \
(r)[i] ^= (v)[i]; \
} while (0)
void
AES_CMAC_Init(AES_CMAC_CTX *ctx)
{
memset(ctx->X, 0, sizeof ctx->X);
ctx->M_n = 0;
}
void
AES_CMAC_SetKey(AES_CMAC_CTX *ctx, const u_int8_t key[AES_CMAC_KEY_LENGTH])
{
AES_Setkey(&ctx->aesctx, key, 16);
}
void
AES_CMAC_Update(AES_CMAC_CTX *ctx, const u_int8_t *data, u_int len)
{
u_int mlen;
if (ctx->M_n > 0) {
mlen = MIN(16 - ctx->M_n, len);
memcpy(ctx->M_last + ctx->M_n, data, mlen);
ctx->M_n += mlen;
if (ctx->M_n < 16 || len == mlen)
return;
XOR(ctx->M_last, ctx->X);
AES_Encrypt(&ctx->aesctx, ctx->X, ctx->X);
data += mlen;
len -= mlen;
}
while (len > 16) { /* not last block */
XOR(data, ctx->X);
AES_Encrypt(&ctx->aesctx, ctx->X, ctx->X);
data += 16;
len -= 16;
}
/* potential last block, save it */
memcpy(ctx->M_last, data, len);
ctx->M_n = len;
}
void
AES_CMAC_Final(u_int8_t digest[AES_CMAC_DIGEST_LENGTH], AES_CMAC_CTX *ctx)
{
u_int8_t K[16];
/* generate subkey K1 */
memset(K, 0, sizeof K);
AES_Encrypt(&ctx->aesctx, K, K);
if (K[0] & 0x80) {
LSHIFT(K, K);
K[15] ^= 0x87;
} else
LSHIFT(K, K);
if (ctx->M_n == 16) {
/* last block was a complete block */
XOR(K, ctx->M_last);
} else {
/* generate subkey K2 */
if (K[0] & 0x80) {
LSHIFT(K, K);
K[15] ^= 0x87;
} else
LSHIFT(K, K);
/* padding(M_last) */
ctx->M_last[ctx->M_n] = 0x80;
while (++ctx->M_n < 16)
ctx->M_last[ctx->M_n] = 0;
XOR(K, ctx->M_last);
}
XOR(ctx->M_last, ctx->X);
AES_Encrypt(&ctx->aesctx, ctx->X, digest);
explicit_bzero(K, sizeof K);
}
crypto/crypto.c
+648 -59
View File
File diff suppressed because it is too large Load Diff
crypto/cryptodev.c
+731 -140
View File
File diff suppressed because it is too large Load Diff
crypto/cryptosoft.c
+1238
View File
File diff suppressed because it is too large Load Diff
crypto/des_locl.h
+161
View File
@@ -0,0 +1,161 @@
/* $OpenBSD: des_locl.h,v 1.7 2015/12/10 21:00:51 naddy Exp $ */
/* lib/des/des_locl.h */
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
* by Eric Young (eay@mincom.oz.au).
* The implementation was written so as to conform with Netscapes SSL
* specification. This library and applications are
* FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
* as long as the following conditions are aheared to.
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed. If this code is used in a product,
* Eric Young should be given attribution as the author of the parts used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef HEADER_DES_LOCL_H
#define HEADER_DES_LOCL_H
#include <sys/types.h>
#include <sys/systm.h>
typedef unsigned char des_cblock[8];
typedef struct des_ks_struct
{
union {
des_cblock cblock;
/* make sure things are correct size on machines with
* 8 byte longs */
int32_t pad[2];
} ks;
} des_key_schedule[16];
#define DES_KEY_SZ (sizeof(des_cblock))
#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
void des_encrypt2(u_int32_t *data,des_key_schedule ks, int enc);
#define ITERATIONS 16
#define HALF_ITERATIONS 8
#define c2l(c,l) (l =((u_int32_t)(*((c)++))) , \
l|=((u_int32_t)(*((c)++)))<< 8L, \
l|=((u_int32_t)(*((c)++)))<<16L, \
l|=((u_int32_t)(*((c)++)))<<24L)
#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
*((c)++)=(unsigned char)(((l)>>16L)&0xff), \
*((c)++)=(unsigned char)(((l)>>24L)&0xff))
#define D_ENCRYPT(Q,R,S) {\
u=(R^s[S ]); \
t=R^s[S+1]; \
t=((t>>4L)+(t<<28L)); \
Q^= des_SPtrans[1][(t )&0x3f]| \
des_SPtrans[3][(t>> 8L)&0x3f]| \
des_SPtrans[5][(t>>16L)&0x3f]| \
des_SPtrans[7][(t>>24L)&0x3f]| \
des_SPtrans[0][(u )&0x3f]| \
des_SPtrans[2][(u>> 8L)&0x3f]| \
des_SPtrans[4][(u>>16L)&0x3f]| \
des_SPtrans[6][(u>>24L)&0x3f]; }
/* IP and FP
* The problem is more of a geometric problem that random bit fiddling.
0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
The output has been subject to swaps of the form
0 1 -> 3 1 but the odd and even bits have been put into
2 3 2 0
different words. The main trick is to remember that
t=((l>>size)^r)&(mask);
r^=t;
l^=(t<<size);
can be used to swap and move bits between words.
So l = 0 1 2 3 r = 16 17 18 19
4 5 6 7 20 21 22 23
8 9 10 11 24 25 26 27
12 13 14 15 28 29 30 31
becomes (for size == 2 and mask == 0x3333)
t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
6^20 7^21 -- -- 4 5 20 21 6 7 22 23
10^24 11^25 -- -- 8 9 24 25 10 11 24 25
14^28 15^29 -- -- 12 13 28 29 14 15 28 29
Thanks for hints from Richard Outerbridge - he told me IP&FP
could be done in 15 xor, 10 shifts and 5 ands.
When I finally started to think of the problem in 2D
I first got ~42 operations without xors. When I remembered
how to use xors :-) I got it to its final state.
*/
#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
(b)^=(t),\
(a)^=((t)<<(n)))
#define IP(l,r) \
{ \
register u_int32_t tt; \
PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
PERM_OP(l,r,tt,16,0x0000ffffL); \
PERM_OP(r,l,tt, 2,0x33333333L); \
PERM_OP(l,r,tt, 8,0x00ff00ffL); \
PERM_OP(r,l,tt, 1,0x55555555L); \
}
#define FP(l,r) \
{ \
register u_int32_t tt; \
PERM_OP(l,r,tt, 1,0x55555555L); \
PERM_OP(r,l,tt, 8,0x00ff00ffL); \
PERM_OP(l,r,tt, 2,0x33333333L); \
PERM_OP(r,l,tt,16,0x0000ffffL); \
PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
}
#endif
crypto/ecb3_enc.c
+76
View File
@@ -0,0 +1,76 @@
/* $OpenBSD: ecb3_enc.c,v 1.3 2013/11/18 18:49:53 brad Exp $ */
/* lib/des/ecb3_enc.c */
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
* by Eric Young (eay@mincom.oz.au).
* The implementation was written so as to conform with Netscapes SSL
* specification. This library and applications are
* FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
* as long as the following conditions are aheared to.
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed. If this code is used in a product,
* Eric Young should be given attribution as the author of the parts used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include "des_locl.h"
void
des_ecb3_encrypt(des_cblock (*input), des_cblock (*output),
des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3,
int encrypt)
{
register u_int32_t l0, l1;
register unsigned char *in, *out;
u_int32_t ll[2];
in = (unsigned char *) input;
out = (unsigned char *) output;
c2l(in, l0);
c2l(in, l1);
IP(l0, l1);
ll[0] = l0;
ll[1] = l1;
des_encrypt2(ll, ks1, encrypt);
des_encrypt2(ll, ks2, !encrypt);
des_encrypt2(ll, ks3, encrypt);
l0 = ll[0];
l1 = ll[1];
FP(l1, l0);
l2c(l0, out);
l2c(l1, out);
}
crypto/ecb_enc.c
+102
View File
@@ -0,0 +1,102 @@
/* $OpenBSD: ecb_enc.c,v 1.6 2015/12/10 21:00:51 naddy Exp $ */
/* lib/des/ecb_enc.c */
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
* by Eric Young (eay@mincom.oz.au).
* The implementation was written so as to conform with Netscapes SSL
* specification. This library and applications are
* FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
* as long as the following conditions are aheared to.
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed. If this code is used in a product,
* Eric Young should be given attribution as the author of the parts used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include "des_locl.h"
#include "spr.h"
void
des_encrypt2(u_int32_t *data, des_key_schedule ks, int encrypt)
{
register u_int32_t l, r, t, u;
#ifdef DES_USE_PTR
register unsigned char *des_SP=(unsigned char *)des_SPtrans;
#endif
register int i;
register u_int32_t *s;
u = data[0];
r = data[1];
/* Things have been modified so that the initial rotate is
* done outside the loop. This required the
* des_SPtrans values in sp.h to be rotated 1 bit to the right.
* One perl script later and things have a 5% speed up on a sparc2.
* Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
* for pointing this out. */
l = (r << 1) | (r >> 31);
r = (u << 1) | (u >> 31);
/* clear the top bits on machines with 8byte longs */
l &= 0xffffffffL;
r &= 0xffffffffL;
s = (u_int32_t *) ks;
/* I don't know if it is worth the effort of loop unrolling the
* inner loop */
if (encrypt) {
for (i = 0; i < 32; i += 4) {
D_ENCRYPT(l, r, i + 0); /* 1 */
D_ENCRYPT(r, l, i + 2); /* 2 */
}
} else {
for (i = 30; i > 0; i -= 4) {
D_ENCRYPT(l, r, i - 0); /* 16 */
D_ENCRYPT(r, l, i - 2); /* 15 */
}
}
l = (l >> 1) | (l << 31);
r = (r >> 1) | (r << 31);
/* clear the top bits on machines with 8byte longs */
l &= 0xffffffffL;
r &= 0xffffffffL;
data[0] = l;
data[1] = r;
l = r = t = u = 0;
}
crypto/gmac.c
+168
View File
@@ -0,0 +1,168 @@
/* $OpenBSD: gmac.c,v 1.10 2017/05/02 11:44:32 mikeb Exp $ */
/*
* Copyright (c) 2010 Mike Belopuhov
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* This code implements the Message Authentication part of the
* Galois/Counter Mode (as being described in the RFC 4543) using
* the AES cipher. FIPS SP 800-38D describes the algorithm details.
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <crypto/aes.h>
#include <crypto/gmac.h>
void ghash_gfmul(uint32_t *, uint32_t *, uint32_t *);
void ghash_update_mi(GHASH_CTX *, uint8_t *, size_t);
/* Allow overriding with optimized MD function */
void (*ghash_update)(GHASH_CTX *, uint8_t *, size_t) = ghash_update_mi;
/* Computes a block multiplication in the GF(2^128) */
void
ghash_gfmul(uint32_t *X, uint32_t *Y, uint32_t *product)
{
uint32_t v[4];
uint32_t z[4] = { 0, 0, 0, 0};
uint8_t *x = (uint8_t *)X;
uint32_t mask;
int i;
v[0] = betoh32(Y[0]);
v[1] = betoh32(Y[1]);
v[2] = betoh32(Y[2]);
v[3] = betoh32(Y[3]);
for (i = 0; i < GMAC_BLOCK_LEN * 8; i++) {
/* update Z */
mask = !!(x[i >> 3] & (1 << (~i & 7)));
mask = ~(mask - 1);
z[0] ^= v[0] & mask;
z[1] ^= v[1] & mask;
z[2] ^= v[2] & mask;
z[3] ^= v[3] & mask;
/* update V */
mask = ~((v[3] & 1) - 1);
v[3] = (v[2] << 31) | (v[3] >> 1);
v[2] = (v[1] << 31) | (v[2] >> 1);
v[1] = (v[0] << 31) | (v[1] >> 1);
v[0] = (v[0] >> 1) ^ (0xe1000000 & mask);
}
product[0] = htobe32(z[0]);
product[1] = htobe32(z[1]);
product[2] = htobe32(z[2]);
product[3] = htobe32(z[3]);
}
void
ghash_update_mi(GHASH_CTX *ctx, uint8_t *X, size_t len)
{
uint32_t *x = (uint32_t *)X;
uint32_t *s = (uint32_t *)ctx->S;
uint32_t *y = (uint32_t *)ctx->Z;
int i;
for (i = 0; i < len / GMAC_BLOCK_LEN; i++) {
s[0] = y[0] ^ x[0];
s[1] = y[1] ^ x[1];
s[2] = y[2] ^ x[2];
s[3] = y[3] ^ x[3];
ghash_gfmul((uint32_t *)ctx->S, (uint32_t *)ctx->H,
(uint32_t *)ctx->S);
y = s;
x += 4;
}
bcopy(ctx->S, ctx->Z, GMAC_BLOCK_LEN);
}
#define AESCTR_NONCESIZE 4
void
AES_GMAC_Init(void *xctx)
{
AES_GMAC_CTX *ctx = xctx;
bzero(ctx->ghash.H, GMAC_BLOCK_LEN);
bzero(ctx->ghash.S, GMAC_BLOCK_LEN);
bzero(ctx->ghash.Z, GMAC_BLOCK_LEN);
bzero(ctx->J, GMAC_BLOCK_LEN);
}
void
AES_GMAC_Setkey(void *xctx, const uint8_t *key, uint16_t klen)
{
AES_GMAC_CTX *ctx = xctx;
AES_Setkey(&ctx->K, key, klen - AESCTR_NONCESIZE);
/* copy out salt to the counter block */
bcopy(key + klen - AESCTR_NONCESIZE, ctx->J, AESCTR_NONCESIZE);
/* prepare a hash subkey */
AES_Encrypt(&ctx->K, ctx->ghash.H, ctx->ghash.H);
}
void
AES_GMAC_Reinit(void *xctx, const uint8_t *iv, uint16_t ivlen)
{
AES_GMAC_CTX *ctx = xctx;
/* copy out IV to the counter block */
bcopy(iv, ctx->J + AESCTR_NONCESIZE, ivlen);
}
int
AES_GMAC_Update(void *xctx, const uint8_t *data, uint16_t len)
{
AES_GMAC_CTX *ctx = xctx;
uint32_t blk[4] = { 0, 0, 0, 0 };
int plen;
if (len > 0) {
plen = len % GMAC_BLOCK_LEN;
if (len >= GMAC_BLOCK_LEN)
(*ghash_update)(&ctx->ghash, (uint8_t *)data,
len - plen);
if (plen) {
memcpy((uint8_t *)blk, (uint8_t *)data + (len - plen),
plen);
(*ghash_update)(&ctx->ghash, (uint8_t *)blk,
GMAC_BLOCK_LEN);
}
}
return (0);
}
void
AES_GMAC_Final(uint8_t digest[GMAC_DIGEST_LEN], void *xctx)
{
AES_GMAC_CTX *ctx = xctx;
uint8_t keystream[GMAC_BLOCK_LEN];
int i;
/* do one round of GCTR */
ctx->J[GMAC_BLOCK_LEN - 1] = 1;
AES_Encrypt(&ctx->K, ctx->J, keystream);
for (i = 0; i < GMAC_DIGEST_LEN; i++)
digest[i] = ctx->ghash.S[i] ^ keystream[i];
explicit_bzero(keystream, sizeof(keystream));
}
crypto/hmac.c
+192
View File
@@ -0,0 +1,192 @@
/* $OpenBSD: hmac.c,v 1.4 2016/09/19 18:09:40 tedu Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* This code implements the HMAC algorithm described in RFC 2104 using
* the MD5, SHA1 and SHA-256 hash functions.
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <crypto/md5.h>
#include <crypto/sha1.h>
#include <crypto/sha2.h>
#include <crypto/hmac.h>
void
HMAC_MD5_Init(HMAC_MD5_CTX *ctx, const u_int8_t *key, u_int key_len)
{
u_int8_t k_ipad[MD5_BLOCK_LENGTH];
int i;
if (key_len > MD5_BLOCK_LENGTH) {
MD5Init(&ctx->ctx);
MD5Update(&ctx->ctx, key, key_len);
MD5Final(ctx->key, &ctx->ctx);
ctx->key_len = MD5_DIGEST_LENGTH;
} else {
bcopy(key, ctx->key, key_len);
ctx->key_len = key_len;
}
bzero(k_ipad, MD5_BLOCK_LENGTH);
memcpy(k_ipad, ctx->key, ctx->key_len);
for (i = 0; i < MD5_BLOCK_LENGTH; i++)
k_ipad[i] ^= 0x36;
MD5Init(&ctx->ctx);
MD5Update(&ctx->ctx, k_ipad, MD5_BLOCK_LENGTH);
explicit_bzero(k_ipad, sizeof k_ipad);
}
void
HMAC_MD5_Update(HMAC_MD5_CTX *ctx, const u_int8_t *data, u_int len)
{
MD5Update(&ctx->ctx, data, len);
}
void
HMAC_MD5_Final(u_int8_t digest[MD5_DIGEST_LENGTH], HMAC_MD5_CTX *ctx)
{
u_int8_t k_opad[MD5_BLOCK_LENGTH];
int i;
MD5Final(digest, &ctx->ctx);
bzero(k_opad, MD5_BLOCK_LENGTH);
memcpy(k_opad, ctx->key, ctx->key_len);
for (i = 0; i < MD5_BLOCK_LENGTH; i++)
k_opad[i] ^= 0x5c;
MD5Init(&ctx->ctx);
MD5Update(&ctx->ctx, k_opad, MD5_BLOCK_LENGTH);
MD5Update(&ctx->ctx, digest, MD5_DIGEST_LENGTH);
MD5Final(digest, &ctx->ctx);
explicit_bzero(k_opad, sizeof k_opad);
}
void
HMAC_SHA1_Init(HMAC_SHA1_CTX *ctx, const u_int8_t *key, u_int key_len)
{
u_int8_t k_ipad[SHA1_BLOCK_LENGTH];
int i;
if (key_len > SHA1_BLOCK_LENGTH) {
SHA1Init(&ctx->ctx);
SHA1Update(&ctx->ctx, key, key_len);
SHA1Final(ctx->key, &ctx->ctx);
ctx->key_len = SHA1_DIGEST_LENGTH;
} else {
bcopy(key, ctx->key, key_len);
ctx->key_len = key_len;
}
bzero(k_ipad, SHA1_BLOCK_LENGTH);
memcpy(k_ipad, ctx->key, ctx->key_len);
for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
k_ipad[i] ^= 0x36;
SHA1Init(&ctx->ctx);
SHA1Update(&ctx->ctx, k_ipad, SHA1_BLOCK_LENGTH);
explicit_bzero(k_ipad, sizeof k_ipad);
}
void
HMAC_SHA1_Update(HMAC_SHA1_CTX *ctx, const u_int8_t *data, u_int len)
{
SHA1Update(&ctx->ctx, data, len);
}
void
HMAC_SHA1_Final(u_int8_t digest[SHA1_DIGEST_LENGTH], HMAC_SHA1_CTX *ctx)
{
u_int8_t k_opad[SHA1_BLOCK_LENGTH];
int i;
SHA1Final(digest, &ctx->ctx);
bzero(k_opad, SHA1_BLOCK_LENGTH);
memcpy(k_opad, ctx->key, ctx->key_len);
for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
k_opad[i] ^= 0x5c;
SHA1Init(&ctx->ctx);
SHA1Update(&ctx->ctx, k_opad, SHA1_BLOCK_LENGTH);
SHA1Update(&ctx->ctx, digest, SHA1_DIGEST_LENGTH);
SHA1Final(digest, &ctx->ctx);
explicit_bzero(k_opad, sizeof k_opad);
}
void
HMAC_SHA256_Init(HMAC_SHA256_CTX *ctx, const u_int8_t *key, u_int key_len)
{
u_int8_t k_ipad[SHA256_BLOCK_LENGTH];
int i;
if (key_len > SHA256_BLOCK_LENGTH) {
SHA256Init(&ctx->ctx);
SHA256Update(&ctx->ctx, key, key_len);
SHA256Final(ctx->key, &ctx->ctx);
ctx->key_len = SHA256_DIGEST_LENGTH;
} else {
bcopy(key, ctx->key, key_len);
ctx->key_len = key_len;
}
bzero(k_ipad, SHA256_BLOCK_LENGTH);
memcpy(k_ipad, ctx->key, ctx->key_len);
for (i = 0; i < SHA256_BLOCK_LENGTH; i++)
k_ipad[i] ^= 0x36;
SHA256Init(&ctx->ctx);
SHA256Update(&ctx->ctx, k_ipad, SHA256_BLOCK_LENGTH);
explicit_bzero(k_ipad, sizeof k_ipad);
}
void
HMAC_SHA256_Update(HMAC_SHA256_CTX *ctx, const u_int8_t *data, u_int len)
{
SHA256Update(&ctx->ctx, data, len);
}
void
HMAC_SHA256_Final(u_int8_t digest[SHA256_DIGEST_LENGTH], HMAC_SHA256_CTX *ctx)
{
u_int8_t k_opad[SHA256_BLOCK_LENGTH];
int i;
SHA256Final(digest, &ctx->ctx);
bzero(k_opad, SHA256_BLOCK_LENGTH);
memcpy(k_opad, ctx->key, ctx->key_len);
for (i = 0; i < SHA256_BLOCK_LENGTH; i++)
k_opad[i] ^= 0x5c;
SHA256Init(&ctx->ctx);
SHA256Update(&ctx->ctx, k_opad, SHA256_BLOCK_LENGTH);
SHA256Update(&ctx->ctx, digest, SHA256_DIGEST_LENGTH);
SHA256Final(digest, &ctx->ctx);
explicit_bzero(k_opad, sizeof k_opad);
}
crypto/idgen.c
+138
View File
@@ -0,0 +1,138 @@
/* $OpenBSD: idgen.c,v 1.8 2020/07/22 13:54:30 tobhe Exp $ */
/*
* Copyright (c) 2008 Damien Miller <djm@mindrot.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* IDGEN32: non-repeating ID generation covering an almost maximal 32-bit
* range.
*
* IDGEN32 is based on public domain SKIP32 by Greg Rose.
*/
#include <sys/types.h>
#include <sys/systm.h>
#include <sys/time.h>
#include <crypto/idgen.h>
static const u_int8_t idgen32_ftable[256] = {
0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4,
0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9,
0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e,
0x52, 0x95, 0xd9, 0x1e, 0x4e, 0x38, 0x44, 0x28,
0x0a, 0xdf, 0x02, 0xa0, 0x17, 0xf1, 0x60, 0x68,
0x12, 0xb7, 0x7a, 0xc3, 0xe9, 0xfa, 0x3d, 0x53,
0x96, 0x84, 0x6b, 0xba, 0xf2, 0x63, 0x9a, 0x19,
0x7c, 0xae, 0xe5, 0xf5, 0xf7, 0x16, 0x6a, 0xa2,
0x39, 0xb6, 0x7b, 0x0f, 0xc1, 0x93, 0x81, 0x1b,
0xee, 0xb4, 0x1a, 0xea, 0xd0, 0x91, 0x2f, 0xb8,
0x55, 0xb9, 0xda, 0x85, 0x3f, 0x41, 0xbf, 0xe0,
0x5a, 0x58, 0x80, 0x5f, 0x66, 0x0b, 0xd8, 0x90,
0x35, 0xd5, 0xc0, 0xa7, 0x33, 0x06, 0x65, 0x69,
0x45, 0x00, 0x94, 0x56, 0x6d, 0x98, 0x9b, 0x76,
0x97, 0xfc, 0xb2, 0xc2, 0xb0, 0xfe, 0xdb, 0x20,
0xe1, 0xeb, 0xd6, 0xe4, 0xdd, 0x47, 0x4a, 0x1d,
0x42, 0xed, 0x9e, 0x6e, 0x49, 0x3c, 0xcd, 0x43,
0x27, 0xd2, 0x07, 0xd4, 0xde, 0xc7, 0x67, 0x18,
0x89, 0xcb, 0x30, 0x1f, 0x8d, 0xc6, 0x8f, 0xaa,
0xc8, 0x74, 0xdc, 0xc9, 0x5d, 0x5c, 0x31, 0xa4,
0x70, 0x88, 0x61, 0x2c, 0x9f, 0x0d, 0x2b, 0x87,
0x50, 0x82, 0x54, 0x64, 0x26, 0x7d, 0x03, 0x40,
0x34, 0x4b, 0x1c, 0x73, 0xd1, 0xc4, 0xfd, 0x3b,
0xcc, 0xfb, 0x7f, 0xab, 0xe6, 0x3e, 0x5b, 0xa5,
0xad, 0x04, 0x23, 0x9c, 0x14, 0x51, 0x22, 0xf0,
0x29, 0x79, 0x71, 0x7e, 0xff, 0x8c, 0x0e, 0xe2,
0x0c, 0xef, 0xbc, 0x72, 0x75, 0x6f, 0x37, 0xa1,
0xec, 0xd3, 0x8e, 0x62, 0x8b, 0x86, 0x10, 0xe8,
0x08, 0x77, 0x11, 0xbe, 0x92, 0x4f, 0x24, 0xc5,
0x32, 0x36, 0x9d, 0xcf, 0xf3, 0xa6, 0xbb, 0xac,
0x5e, 0x6c, 0xa9, 0x13, 0x57, 0x25, 0xb5, 0xe3,
0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46
};
static u_int16_t
idgen32_g(u_int8_t *key, int k, u_int16_t w)
{
u_int8_t g1, g2, g3, g4, g5, g6;
u_int o = k * 4;
g1 = (w >> 8) & 0xff;
g2 = w & 0xff;
g3 = idgen32_ftable[g2 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g1;
g4 = idgen32_ftable[g3 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g2;
g5 = idgen32_ftable[g4 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g3;
g6 = idgen32_ftable[g5 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g4;
return (g5 << 8) | g6;
}
static u_int32_t
idgen32_permute(struct idgen32_ctx *ctx, u_int32_t in)
{
u_int i, r;
u_int16_t wl, wr;
wl = (in >> 16) & 0x7fff;
wr = in & 0xffff;
/* Doubled up rounds, with an odd round at the end to swap */
for (i = r = 0; i < IDGEN32_ROUNDS / 2; ++i) {
wr ^= (idgen32_g(ctx->id32_key, r, wl) ^ r);
r++;
wl ^= (idgen32_g(ctx->id32_key, r, wr) ^ r) & 0x7fff;
r++;
}
wr ^= (idgen32_g(ctx->id32_key, r, wl) ^ r);
return (wl << 16) | wr;
}
static void
idgen32_rekey(struct idgen32_ctx *ctx)
{
ctx->id32_counter = 0;
ctx->id32_hibit ^= 0x80000000;
ctx->id32_offset = arc4random();
arc4random_buf(ctx->id32_key, sizeof(ctx->id32_key));
ctx->id32_rekey_time = getuptime() + IDGEN32_REKEY_TIME;
}
void
idgen32_init(struct idgen32_ctx *ctx)
{
bzero(ctx, sizeof(*ctx));
ctx->id32_hibit = arc4random() & 0x80000000;
idgen32_rekey(ctx);
}
u_int32_t
idgen32(struct idgen32_ctx *ctx)
{
u_int32_t ret;
do {
/* Rekey a little early to avoid "card counting" attack */
if (ctx->id32_counter > IDGEN32_REKEY_LIMIT ||
ctx->id32_rekey_time < getuptime())
idgen32_rekey(ctx);
ret = ctx->id32_hibit | idgen32_permute(ctx,
(ctx->id32_offset + ctx->id32_counter++) & 0x7fffffff);
} while (ret == 0); /* Zero IDs are often special, so avoid */
return ret;
}
crypto/key_wrap.c
+112
View File
@@ -0,0 +1,112 @@
/* $OpenBSD: key_wrap.c,v 1.5 2017/05/02 17:07:06 mikeb Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* This code implements the AES Key Wrap algorithm described in RFC 3394.
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <crypto/aes.h>
#include <crypto/key_wrap.h>
static const u_int8_t IV[8] =
{ 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6 };
void
aes_key_wrap_set_key(aes_key_wrap_ctx *ctx, const u_int8_t *K, size_t K_len)
{
AES_Setkey(&ctx->ctx, K, K_len);
}
void
aes_key_wrap_set_key_wrap_only(aes_key_wrap_ctx *ctx, const u_int8_t *K,
size_t K_len)
{
AES_Setkey(&ctx->ctx, K, K_len);
}
void
aes_key_wrap(aes_key_wrap_ctx *ctx, const u_int8_t *P, size_t n, u_int8_t *C)
{
u_int64_t B[2], t;
u_int8_t *A, *R;
size_t i;
int j;
memmove(C + 8, P, n * 8); /* P and C may overlap */
A = C; /* A points to C[0] */
memcpy(A, IV, 8); /* A = IV, an initial value */
for (j = 0, t = 1; j <= 5; j++) {
R = C + 8;
for (i = 1; i <= n; i++, t++) {
/* B = A | R[i] */
memcpy(&B[0], A, 8);
memcpy(&B[1], R, 8);
/* B = AES(K, B) */
AES_Encrypt(&ctx->ctx, (caddr_t)B, (caddr_t)B);
/* MSB(64, B) = MSB(64, B) ^ t */
B[0] ^= htobe64(t);
/* A = MSB(64, B) */
memcpy(A, &B[0], 8);
/* R[i] = LSB(64, B) */
memcpy(R, &B[1], 8);
R += 8;
}
}
explicit_bzero(B, sizeof B);
}
int
aes_key_unwrap(aes_key_wrap_ctx *ctx, const u_int8_t *C, u_int8_t *P, size_t n)
{
u_int64_t B[2], t;
u_int8_t A[8], *R;
size_t i;
int j;
memcpy(A, C, 8); /* A = C[0] */
memmove(P, C + 8, n * 8); /* P and C may overlap */
for (j = 5, t = 6 * n; j >= 0; j--) {
R = P + (n - 1) * 8;
for (i = n; i >= 1; i--, t--) {
/* MSB(64, B) = A */
memcpy(&B[0], A, 8);
/* MSB(64, B) = MSB(64, B) ^ t */
B[0] ^= htobe64(t);
/* B = MSB(64, B) | R[i] */
memcpy(&B[1], R, 8);
/* B = AES-1(K, B) */
AES_Decrypt(&ctx->ctx, (caddr_t)B, (caddr_t)B);
/* A = MSB(64, B) */
memcpy(A, &B[0], 8);
/* R[i] = LSB(64, B) */
memcpy(R, &B[1], 8);
R -= 8;
}
}
explicit_bzero(B, sizeof B);
/* check that A is an appropriate initial value */
return timingsafe_bcmp(A, IV, 8) != 0;
}
crypto/md5.c
+238
View File
@@ -0,0 +1,238 @@
/* $OpenBSD: md5.c,v 1.4 2014/12/28 10:04:35 tedu Exp $ */
/*
* This code implements the MD5 message-digest algorithm.
* The algorithm is due to Ron Rivest. This code was
* written by Colin Plumb in 1993, no copyright is claimed.
* This code is in the public domain; do with it what you wish.
*
* Equivalent code is available from RSA Data Security, Inc.
* This code has been tested against that, and is equivalent,
* except that you don't need to include two pages of legalese
* with every copy.
*
* To compute the message digest of a chunk of bytes, declare an
* MD5Context structure, pass it to MD5Init, call MD5Update as
* needed on buffers full of bytes, and then call MD5Final, which
* will fill a supplied 16-byte array with the digest.
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <crypto/md5.h>
#define PUT_64BIT_LE(cp, value) do { \
(cp)[7] = (value) >> 56; \
(cp)[6] = (value) >> 48; \
(cp)[5] = (value) >> 40; \
(cp)[4] = (value) >> 32; \
(cp)[3] = (value) >> 24; \
(cp)[2] = (value) >> 16; \
(cp)[1] = (value) >> 8; \
(cp)[0] = (value); } while (0)
#define PUT_32BIT_LE(cp, value) do { \
(cp)[3] = (value) >> 24; \
(cp)[2] = (value) >> 16; \
(cp)[1] = (value) >> 8; \
(cp)[0] = (value); } while (0)
static u_int8_t PADDING[MD5_BLOCK_LENGTH] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
/*
* Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
* initialization constants.
*/
void
MD5Init(MD5_CTX *ctx)
{
ctx->count = 0;
ctx->state[0] = 0x67452301;
ctx->state[1] = 0xefcdab89;
ctx->state[2] = 0x98badcfe;
ctx->state[3] = 0x10325476;
}
/*
* Update context to reflect the concatenation of another buffer full
* of bytes.
*/
void
MD5Update(MD5_CTX *ctx, const void *inputptr, size_t len)
{
const uint8_t *input = inputptr;
size_t have, need;
/* Check how many bytes we already have and how many more we need. */
have = (size_t)((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
need = MD5_BLOCK_LENGTH - have;
/* Update bitcount */
ctx->count += (u_int64_t)len << 3;
if (len >= need) {
if (have != 0) {
memcpy(ctx->buffer + have, input, need);
MD5Transform(ctx->state, ctx->buffer);
input += need;
len -= need;
have = 0;
}
/* Process data in MD5_BLOCK_LENGTH-byte chunks. */
while (len >= MD5_BLOCK_LENGTH) {
MD5Transform(ctx->state, input);
input += MD5_BLOCK_LENGTH;
len -= MD5_BLOCK_LENGTH;
}
}
/* Handle any remaining bytes of data. */
if (len != 0)
memcpy(ctx->buffer + have, input, len);
}
/*
* Final wrapup - pad to 64-byte boundary with the bit pattern
* 1 0* (64-bit count of bits processed, MSB-first)
*/
void
MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx)
{
u_int8_t count[8];
size_t padlen;
int i;
/* Convert count to 8 bytes in little endian order. */
PUT_64BIT_LE(count, ctx->count);
/* Pad out to 56 mod 64. */
padlen = MD5_BLOCK_LENGTH -
((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
if (padlen < 1 + 8)
padlen += MD5_BLOCK_LENGTH;
MD5Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
MD5Update(ctx, count, 8);
for (i = 0; i < 4; i++)
PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
explicit_bzero(ctx, sizeof(*ctx)); /* in case it's sensitive */
}
/* The four core functions - F1 is optimized somewhat */
/* #define F1(x, y, z) (x & y | ~x & z) */
#define F1(x, y, z) (z ^ (x & (y ^ z)))
#define F2(x, y, z) F1(z, x, y)
#define F3(x, y, z) (x ^ y ^ z)
#define F4(x, y, z) (y ^ (x | ~z))
/* This is the central step in the MD5 algorithm. */
#define MD5STEP(f, w, x, y, z, data, s) \
( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
/*
* The core of the MD5 algorithm, this alters an existing MD5 hash to
* reflect the addition of 16 longwords of new data. MD5Update blocks
* the data and converts bytes into longwords for this routine.
*/
void
MD5Transform(u_int32_t state[4], const u_int8_t block[MD5_BLOCK_LENGTH])
{
u_int32_t a, b, c, d, in[MD5_BLOCK_LENGTH / 4];
#if BYTE_ORDER == LITTLE_ENDIAN
memcpy(in, block, sizeof(in));
#else
for (a = 0; a < MD5_BLOCK_LENGTH / 4; a++) {
in[a] = (u_int32_t)(
(u_int32_t)(block[a * 4 + 0]) |
(u_int32_t)(block[a * 4 + 1]) << 8 |
(u_int32_t)(block[a * 4 + 2]) << 16 |
(u_int32_t)(block[a * 4 + 3]) << 24);
}
#endif
a = state[0];
b = state[1];
c = state[2];
d = state[3];
MD5STEP(F1, a, b, c, d, in[ 0] + 0xd76aa478, 7);
MD5STEP(F1, d, a, b, c, in[ 1] + 0xe8c7b756, 12);
MD5STEP(F1, c, d, a, b, in[ 2] + 0x242070db, 17);
MD5STEP(F1, b, c, d, a, in[ 3] + 0xc1bdceee, 22);
MD5STEP(F1, a, b, c, d, in[ 4] + 0xf57c0faf, 7);
MD5STEP(F1, d, a, b, c, in[ 5] + 0x4787c62a, 12);
MD5STEP(F1, c, d, a, b, in[ 6] + 0xa8304613, 17);
MD5STEP(F1, b, c, d, a, in[ 7] + 0xfd469501, 22);
MD5STEP(F1, a, b, c, d, in[ 8] + 0x698098d8, 7);
MD5STEP(F1, d, a, b, c, in[ 9] + 0x8b44f7af, 12);
MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
MD5STEP(F2, a, b, c, d, in[ 1] + 0xf61e2562, 5);
MD5STEP(F2, d, a, b, c, in[ 6] + 0xc040b340, 9);
MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
MD5STEP(F2, b, c, d, a, in[ 0] + 0xe9b6c7aa, 20);
MD5STEP(F2, a, b, c, d, in[ 5] + 0xd62f105d, 5);
MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
MD5STEP(F2, b, c, d, a, in[ 4] + 0xe7d3fbc8, 20);
MD5STEP(F2, a, b, c, d, in[ 9] + 0x21e1cde6, 5);
MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
MD5STEP(F2, c, d, a, b, in[ 3] + 0xf4d50d87, 14);
MD5STEP(F2, b, c, d, a, in[ 8] + 0x455a14ed, 20);
MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
MD5STEP(F2, d, a, b, c, in[ 2] + 0xfcefa3f8, 9);
MD5STEP(F2, c, d, a, b, in[ 7] + 0x676f02d9, 14);
MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
MD5STEP(F3, a, b, c, d, in[ 5] + 0xfffa3942, 4);
MD5STEP(F3, d, a, b, c, in[ 8] + 0x8771f681, 11);
MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
MD5STEP(F3, a, b, c, d, in[ 1] + 0xa4beea44, 4);
MD5STEP(F3, d, a, b, c, in[ 4] + 0x4bdecfa9, 11);
MD5STEP(F3, c, d, a, b, in[ 7] + 0xf6bb4b60, 16);
MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
MD5STEP(F3, d, a, b, c, in[ 0] + 0xeaa127fa, 11);
MD5STEP(F3, c, d, a, b, in[ 3] + 0xd4ef3085, 16);
MD5STEP(F3, b, c, d, a, in[ 6] + 0x04881d05, 23);
MD5STEP(F3, a, b, c, d, in[ 9] + 0xd9d4d039, 4);
MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
MD5STEP(F3, b, c, d, a, in[2 ] + 0xc4ac5665, 23);
MD5STEP(F4, a, b, c, d, in[ 0] + 0xf4292244, 6);
MD5STEP(F4, d, a, b, c, in[7 ] + 0x432aff97, 10);
MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
MD5STEP(F4, b, c, d, a, in[5 ] + 0xfc93a039, 21);
MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
MD5STEP(F4, d, a, b, c, in[3 ] + 0x8f0ccc92, 10);
MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
MD5STEP(F4, b, c, d, a, in[1 ] + 0x85845dd1, 21);
MD5STEP(F4, a, b, c, d, in[8 ] + 0x6fa87e4f, 6);
MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
MD5STEP(F4, c, d, a, b, in[6 ] + 0xa3014314, 15);
MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
MD5STEP(F4, a, b, c, d, in[4 ] + 0xf7537e82, 6);
MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
MD5STEP(F4, c, d, a, b, in[2 ] + 0x2ad7d2bb, 15);
MD5STEP(F4, b, c, d, a, in[9 ] + 0xeb86d391, 21);
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
}
crypto/podd.h
+66
View File
@@ -0,0 +1,66 @@
/* $OpenBSD: podd.h,v 1.1 2000/02/28 23:13:05 deraadt Exp $ */
/* lib/des/podd.h */
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
* by Eric Young (eay@mincom.oz.au).
* The implementation was written so as to conform with Netscapes SSL
* specification. This library and applications are
* FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
* as long as the following conditions are aheared to.
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed. If this code is used in a product,
* Eric Young should be given attribution as the author of the parts used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
static const unsigned char odd_parity[256]={
1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
crypto/poly1305.c
+301
View File
@@ -0,0 +1,301 @@
/* $OpenBSD: poly1305.c,v 1.2 2020/07/22 13:54:30 tobhe Exp $ */
/*
* Public Domain poly1305 from Andrew Moon
* Based on poly1305-donna.c, poly1305-donna-32.h and poly1305-donna.h from:
* https://github.com/floodyberry/poly1305-donna
*/
#include <sys/types.h>
#include <sys/systm.h>
#include "poly1305.h"
/*
* poly1305 implementation using 32 bit * 32 bit = 64 bit multiplication
* and 64 bit addition.
*/
/* interpret four 8 bit unsigned integers as a 32 bit unsigned integer in little endian */
static unsigned long
U8TO32(const unsigned char *p)
{
return (((unsigned long)(p[0] & 0xff)) |
((unsigned long)(p[1] & 0xff) << 8) |
((unsigned long)(p[2] & 0xff) << 16) |
((unsigned long)(p[3] & 0xff) << 24));
}
/* store a 32 bit unsigned integer as four 8 bit unsigned integers in little endian */
static void
U32TO8(unsigned char *p, unsigned long v)
{
p[0] = (v) & 0xff;
p[1] = (v >> 8) & 0xff;
p[2] = (v >> 16) & 0xff;
p[3] = (v >> 24) & 0xff;
}
void
poly1305_init(poly1305_state *st, const unsigned char key[32])
{
/* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
st->r[0] = (U8TO32(&key[0])) & 0x3ffffff;
st->r[1] = (U8TO32(&key[3]) >> 2) & 0x3ffff03;
st->r[2] = (U8TO32(&key[6]) >> 4) & 0x3ffc0ff;
st->r[3] = (U8TO32(&key[9]) >> 6) & 0x3f03fff;
st->r[4] = (U8TO32(&key[12]) >> 8) & 0x00fffff;
/* h = 0 */
st->h[0] = 0;
st->h[1] = 0;
st->h[2] = 0;
st->h[3] = 0;
st->h[4] = 0;
/* save pad for later */
st->pad[0] = U8TO32(&key[16]);
st->pad[1] = U8TO32(&key[20]);
st->pad[2] = U8TO32(&key[24]);
st->pad[3] = U8TO32(&key[28]);
st->leftover = 0;
st->final = 0;
}
static void
poly1305_blocks(poly1305_state *st, const unsigned char *m, size_t bytes)
{
const unsigned long hibit = (st->final) ? 0 : (1 << 24); /* 1 << 128 */
unsigned long r0, r1, r2, r3, r4;
unsigned long s1, s2, s3, s4;
unsigned long h0, h1, h2, h3, h4;
unsigned long long d0, d1, d2, d3, d4;
unsigned long c;
r0 = st->r[0];
r1 = st->r[1];
r2 = st->r[2];
r3 = st->r[3];
r4 = st->r[4];
s1 = r1 * 5;
s2 = r2 * 5;
s3 = r3 * 5;
s4 = r4 * 5;
h0 = st->h[0];
h1 = st->h[1];
h2 = st->h[2];
h3 = st->h[3];
h4 = st->h[4];
while (bytes >= poly1305_block_size) {
/* h += m[i] */
h0 += (U8TO32(m + 0)) & 0x3ffffff;
h1 += (U8TO32(m + 3) >> 2) & 0x3ffffff;
h2 += (U8TO32(m + 6) >> 4) & 0x3ffffff;
h3 += (U8TO32(m + 9) >> 6) & 0x3ffffff;
h4 += (U8TO32(m + 12) >> 8) | hibit;
/* h *= r */
d0 = ((unsigned long long)h0 * r0) +
((unsigned long long)h1 * s4) +
((unsigned long long)h2 * s3) +
((unsigned long long)h3 * s2) +
((unsigned long long)h4 * s1);
d1 = ((unsigned long long)h0 * r1) +
((unsigned long long)h1 * r0) +
((unsigned long long)h2 * s4) +
((unsigned long long)h3 * s3) +
((unsigned long long)h4 * s2);
d2 = ((unsigned long long)h0 * r2) +
((unsigned long long)h1 * r1) +
((unsigned long long)h2 * r0) +
((unsigned long long)h3 * s4) +
((unsigned long long)h4 * s3);
d3 = ((unsigned long long)h0 * r3) +
((unsigned long long)h1 * r2) +
((unsigned long long)h2 * r1) +
((unsigned long long)h3 * r0) +
((unsigned long long)h4 * s4);
d4 = ((unsigned long long)h0 * r4) +
((unsigned long long)h1 * r3) +
((unsigned long long)h2 * r2) +
((unsigned long long)h3 * r1) +
((unsigned long long)h4 * r0);
/* (partial) h %= p */
c = (unsigned long)(d0 >> 26);
h0 = (unsigned long)d0 & 0x3ffffff;
d1 += c;
c = (unsigned long)(d1 >> 26);
h1 = (unsigned long)d1 & 0x3ffffff;
d2 += c;
c = (unsigned long)(d2 >> 26);
h2 = (unsigned long)d2 & 0x3ffffff;
d3 += c;
c = (unsigned long)(d3 >> 26);
h3 = (unsigned long)d3 & 0x3ffffff;
d4 += c;
c = (unsigned long)(d4 >> 26);
h4 = (unsigned long)d4 & 0x3ffffff;
h0 += c * 5;
c = (h0 >> 26);
h0 = h0 & 0x3ffffff;
h1 += c;
m += poly1305_block_size;
bytes -= poly1305_block_size;
}
st->h[0] = h0;
st->h[1] = h1;
st->h[2] = h2;
st->h[3] = h3;
st->h[4] = h4;
}
void
poly1305_update(poly1305_state *st, const unsigned char *m, size_t bytes)
{
size_t i;
/* handle leftover */
if (st->leftover) {
size_t want = (poly1305_block_size - st->leftover);
if (want > bytes)
want = bytes;
for (i = 0; i < want; i++)
st->buffer[st->leftover + i] = m[i];
bytes -= want;
m += want;
st->leftover += want;
if (st->leftover < poly1305_block_size)
return;
poly1305_blocks(st, st->buffer, poly1305_block_size);
st->leftover = 0;
}
/* process full blocks */
if (bytes >= poly1305_block_size) {
size_t want = (bytes & ~(poly1305_block_size - 1));
poly1305_blocks(st, m, want);
m += want;
bytes -= want;
}
/* store leftover */
if (bytes) {
for (i = 0; i < bytes; i++)
st->buffer[st->leftover + i] = m[i];
st->leftover += bytes;
}
}
void
poly1305_finish(poly1305_state *st, unsigned char mac[16])
{
unsigned long h0, h1, h2, h3, h4, c;
unsigned long g0, g1, g2, g3, g4;
unsigned long long f;
unsigned long mask;
/* process the remaining block */
if (st->leftover) {
size_t i = st->leftover;
st->buffer[i++] = 1;
for (; i < poly1305_block_size; i++)
st->buffer[i] = 0;
st->final = 1;
poly1305_blocks(st, st->buffer, poly1305_block_size);
}
/* fully carry h */
h0 = st->h[0];
h1 = st->h[1];
h2 = st->h[2];
h3 = st->h[3];
h4 = st->h[4];
c = h1 >> 26;
h1 = h1 & 0x3ffffff;
h2 += c;
c = h2 >> 26;
h2 = h2 & 0x3ffffff;
h3 += c;
c = h3 >> 26;
h3 = h3 & 0x3ffffff;
h4 += c;
c = h4 >> 26;
h4 = h4 & 0x3ffffff;
h0 += c * 5;
c = h0 >> 26;
h0 = h0 & 0x3ffffff;
h1 += c;
/* compute h + -p */
g0 = h0 + 5;
c = g0 >> 26;
g0 &= 0x3ffffff;
g1 = h1 + c;
c = g1 >> 26;
g1 &= 0x3ffffff;
g2 = h2 + c;
c = g2 >> 26;
g2 &= 0x3ffffff;
g3 = h3 + c;
c = g3 >> 26;
g3 &= 0x3ffffff;
g4 = h4 + c - (1 << 26);
/* select h if h < p, or h + -p if h >= p */
mask = (g4 >> ((sizeof(unsigned long) * 8) - 1)) - 1;
g0 &= mask;
g1 &= mask;
g2 &= mask;
g3 &= mask;
g4 &= mask;
mask = ~mask;
h0 = (h0 & mask) | g0;
h1 = (h1 & mask) | g1;
h2 = (h2 & mask) | g2;
h3 = (h3 & mask) | g3;
h4 = (h4 & mask) | g4;
/* h = h % (2^128) */
h0 = ((h0) | (h1 << 26)) & 0xffffffff;
h1 = ((h1 >> 6) | (h2 << 20)) & 0xffffffff;
h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff;
h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff;
/* mac = (h + pad) % (2^128) */
f = (unsigned long long)h0 + st->pad[0];
h0 = (unsigned long)f;
f = (unsigned long long)h1 + st->pad[1] + (f >> 32);
h1 = (unsigned long)f;
f = (unsigned long long)h2 + st->pad[2] + (f >> 32);
h2 = (unsigned long)f;
f = (unsigned long long)h3 + st->pad[3] + (f >> 32);
h3 = (unsigned long)f;
U32TO8(mac + 0, h0);
U32TO8(mac + 4, h1);
U32TO8(mac + 8, h2);
U32TO8(mac + 12, h3);
/* zero out the state */
st->h[0] = 0;
st->h[1] = 0;
st->h[2] = 0;
st->h[3] = 0;
st->h[4] = 0;
st->r[0] = 0;
st->r[1] = 0;
st->r[2] = 0;
st->r[3] = 0;
st->r[4] = 0;
st->pad[0] = 0;
st->pad[1] = 0;
st->pad[2] = 0;
st->pad[3] = 0;
}
crypto/rijndael.c
+1167
View File
File diff suppressed because it is too large Load Diff
crypto/rmd160.c
+366
View File
@@ -0,0 +1,366 @@
/* $OpenBSD: rmd160.c,v 1.5 2011/01/11 15:42:05 deraadt Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Preneel, Bosselaers, Dobbertin, "The Cryptographic Hash Function RIPEMD-160",
* RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
* ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/endian.h>
#include <crypto/rmd160.h>
#define PUT_64BIT_LE(cp, value) do { \
(cp)[7] = (value) >> 56; \
(cp)[6] = (value) >> 48; \
(cp)[5] = (value) >> 40; \
(cp)[4] = (value) >> 32; \
(cp)[3] = (value) >> 24; \
(cp)[2] = (value) >> 16; \
(cp)[1] = (value) >> 8; \
(cp)[0] = (value); } while (0)
#define PUT_32BIT_LE(cp, value) do { \
(cp)[3] = (value) >> 24; \
(cp)[2] = (value) >> 16; \
(cp)[1] = (value) >> 8; \
(cp)[0] = (value); } while (0)
#define H0 0x67452301U
#define H1 0xEFCDAB89U
#define H2 0x98BADCFEU
#define H3 0x10325476U
#define H4 0xC3D2E1F0U
#define K0 0x00000000U
#define K1 0x5A827999U
#define K2 0x6ED9EBA1U
#define K3 0x8F1BBCDCU
#define K4 0xA953FD4EU
#define KK0 0x50A28BE6U
#define KK1 0x5C4DD124U
#define KK2 0x6D703EF3U
#define KK3 0x7A6D76E9U
#define KK4 0x00000000U
/* rotate x left n bits. */
#define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
#define F0(x, y, z) ((x) ^ (y) ^ (z))
#define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
#define F2(x, y, z) (((x) | (~y)) ^ (z))
#define F3(x, y, z) (((x) & (z)) | ((y) & (~z)))
#define F4(x, y, z) ((x) ^ ((y) | (~z)))
#define R(a, b, c, d, e, Fj, Kj, sj, rj) \
do { \
a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \
c = ROL(10, c); \
} while(0)
#define X(i) x[i]
static u_char PADDING[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
void
RMD160Init(RMD160_CTX *ctx)
{
ctx->count = 0;
ctx->state[0] = H0;
ctx->state[1] = H1;
ctx->state[2] = H2;
ctx->state[3] = H3;
ctx->state[4] = H4;
}
void
RMD160Update(RMD160_CTX *ctx, const u_char *input, u_int32_t len)
{
u_int32_t have, off, need;
have = (ctx->count/8) % 64;
need = 64 - have;
ctx->count += 8 * len;
off = 0;
if (len >= need) {
if (have) {
memcpy(ctx->buffer + have, input, need);
RMD160Transform(ctx->state, ctx->buffer);
off = need;
have = 0;
}
/* now the buffer is empty */
while (off + 64 <= len) {
RMD160Transform(ctx->state, input+off);
off += 64;
}
}
if (off < len)
memcpy(ctx->buffer + have, input+off, len-off);
}
void
RMD160Final(u_char digest[20], RMD160_CTX *ctx)
{
int i;
u_char size[8];
u_int32_t padlen;
PUT_64BIT_LE(size, ctx->count);
/*
* pad to 64 byte blocks, at least one byte from PADDING plus 8 bytes
* for the size
*/
padlen = 64 - ((ctx->count/8) % 64);
if (padlen < 1 + 8)
padlen += 64;
RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
RMD160Update(ctx, size, 8);
if (digest != NULL)
for (i = 0; i < 5; i++)
PUT_32BIT_LE(digest + i*4, ctx->state[i]);
explicit_bzero(ctx, sizeof (*ctx));
}
void
RMD160Transform(u_int32_t state[5], const u_char block[64])
{
u_int32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16];
#if BYTE_ORDER == LITTLE_ENDIAN
memcpy(x, block, 64);
#else
int i;
for (i = 0; i < 16; i++)
x[i] = (u_int32_t)(
(u_int32_t)(block[i*4 + 0]) |
(u_int32_t)(block[i*4 + 1]) << 8 |
(u_int32_t)(block[i*4 + 2]) << 16 |
(u_int32_t)(block[i*4 + 3]) << 24);
#endif
a = state[0];
b = state[1];
c = state[2];
d = state[3];
e = state[4];
/* Round 1 */
R(a, b, c, d, e, F0, K0, 11, 0);
R(e, a, b, c, d, F0, K0, 14, 1);
R(d, e, a, b, c, F0, K0, 15, 2);
R(c, d, e, a, b, F0, K0, 12, 3);
R(b, c, d, e, a, F0, K0, 5, 4);
R(a, b, c, d, e, F0, K0, 8, 5);
R(e, a, b, c, d, F0, K0, 7, 6);
R(d, e, a, b, c, F0, K0, 9, 7);
R(c, d, e, a, b, F0, K0, 11, 8);
R(b, c, d, e, a, F0, K0, 13, 9);
R(a, b, c, d, e, F0, K0, 14, 10);
R(e, a, b, c, d, F0, K0, 15, 11);
R(d, e, a, b, c, F0, K0, 6, 12);
R(c, d, e, a, b, F0, K0, 7, 13);
R(b, c, d, e, a, F0, K0, 9, 14);
R(a, b, c, d, e, F0, K0, 8, 15); /* #15 */
/* Round 2 */
R(e, a, b, c, d, F1, K1, 7, 7);
R(d, e, a, b, c, F1, K1, 6, 4);
R(c, d, e, a, b, F1, K1, 8, 13);
R(b, c, d, e, a, F1, K1, 13, 1);
R(a, b, c, d, e, F1, K1, 11, 10);
R(e, a, b, c, d, F1, K1, 9, 6);
R(d, e, a, b, c, F1, K1, 7, 15);
R(c, d, e, a, b, F1, K1, 15, 3);
R(b, c, d, e, a, F1, K1, 7, 12);
R(a, b, c, d, e, F1, K1, 12, 0);
R(e, a, b, c, d, F1, K1, 15, 9);
R(d, e, a, b, c, F1, K1, 9, 5);
R(c, d, e, a, b, F1, K1, 11, 2);
R(b, c, d, e, a, F1, K1, 7, 14);
R(a, b, c, d, e, F1, K1, 13, 11);
R(e, a, b, c, d, F1, K1, 12, 8); /* #31 */
/* Round 3 */
R(d, e, a, b, c, F2, K2, 11, 3);
R(c, d, e, a, b, F2, K2, 13, 10);
R(b, c, d, e, a, F2, K2, 6, 14);
R(a, b, c, d, e, F2, K2, 7, 4);
R(e, a, b, c, d, F2, K2, 14, 9);
R(d, e, a, b, c, F2, K2, 9, 15);
R(c, d, e, a, b, F2, K2, 13, 8);
R(b, c, d, e, a, F2, K2, 15, 1);
R(a, b, c, d, e, F2, K2, 14, 2);
R(e, a, b, c, d, F2, K2, 8, 7);
R(d, e, a, b, c, F2, K2, 13, 0);
R(c, d, e, a, b, F2, K2, 6, 6);
R(b, c, d, e, a, F2, K2, 5, 13);
R(a, b, c, d, e, F2, K2, 12, 11);
R(e, a, b, c, d, F2, K2, 7, 5);
R(d, e, a, b, c, F2, K2, 5, 12); /* #47 */
/* Round 4 */
R(c, d, e, a, b, F3, K3, 11, 1);
R(b, c, d, e, a, F3, K3, 12, 9);
R(a, b, c, d, e, F3, K3, 14, 11);
R(e, a, b, c, d, F3, K3, 15, 10);
R(d, e, a, b, c, F3, K3, 14, 0);
R(c, d, e, a, b, F3, K3, 15, 8);
R(b, c, d, e, a, F3, K3, 9, 12);
R(a, b, c, d, e, F3, K3, 8, 4);
R(e, a, b, c, d, F3, K3, 9, 13);
R(d, e, a, b, c, F3, K3, 14, 3);
R(c, d, e, a, b, F3, K3, 5, 7);
R(b, c, d, e, a, F3, K3, 6, 15);
R(a, b, c, d, e, F3, K3, 8, 14);
R(e, a, b, c, d, F3, K3, 6, 5);
R(d, e, a, b, c, F3, K3, 5, 6);
R(c, d, e, a, b, F3, K3, 12, 2); /* #63 */
/* Round 5 */
R(b, c, d, e, a, F4, K4, 9, 4);
R(a, b, c, d, e, F4, K4, 15, 0);
R(e, a, b, c, d, F4, K4, 5, 5);
R(d, e, a, b, c, F4, K4, 11, 9);
R(c, d, e, a, b, F4, K4, 6, 7);
R(b, c, d, e, a, F4, K4, 8, 12);
R(a, b, c, d, e, F4, K4, 13, 2);
R(e, a, b, c, d, F4, K4, 12, 10);
R(d, e, a, b, c, F4, K4, 5, 14);
R(c, d, e, a, b, F4, K4, 12, 1);
R(b, c, d, e, a, F4, K4, 13, 3);
R(a, b, c, d, e, F4, K4, 14, 8);
R(e, a, b, c, d, F4, K4, 11, 11);
R(d, e, a, b, c, F4, K4, 8, 6);
R(c, d, e, a, b, F4, K4, 5, 15);
R(b, c, d, e, a, F4, K4, 6, 13); /* #79 */
aa = a ; bb = b; cc = c; dd = d; ee = e;
a = state[0];
b = state[1];
c = state[2];
d = state[3];
e = state[4];
/* Parallel round 1 */
R(a, b, c, d, e, F4, KK0, 8, 5);
R(e, a, b, c, d, F4, KK0, 9, 14);
R(d, e, a, b, c, F4, KK0, 9, 7);
R(c, d, e, a, b, F4, KK0, 11, 0);
R(b, c, d, e, a, F4, KK0, 13, 9);
R(a, b, c, d, e, F4, KK0, 15, 2);
R(e, a, b, c, d, F4, KK0, 15, 11);
R(d, e, a, b, c, F4, KK0, 5, 4);
R(c, d, e, a, b, F4, KK0, 7, 13);
R(b, c, d, e, a, F4, KK0, 7, 6);
R(a, b, c, d, e, F4, KK0, 8, 15);
R(e, a, b, c, d, F4, KK0, 11, 8);
R(d, e, a, b, c, F4, KK0, 14, 1);
R(c, d, e, a, b, F4, KK0, 14, 10);
R(b, c, d, e, a, F4, KK0, 12, 3);
R(a, b, c, d, e, F4, KK0, 6, 12); /* #15 */
/* Parallel round 2 */
R(e, a, b, c, d, F3, KK1, 9, 6);
R(d, e, a, b, c, F3, KK1, 13, 11);
R(c, d, e, a, b, F3, KK1, 15, 3);
R(b, c, d, e, a, F3, KK1, 7, 7);
R(a, b, c, d, e, F3, KK1, 12, 0);
R(e, a, b, c, d, F3, KK1, 8, 13);
R(d, e, a, b, c, F3, KK1, 9, 5);
R(c, d, e, a, b, F3, KK1, 11, 10);
R(b, c, d, e, a, F3, KK1, 7, 14);
R(a, b, c, d, e, F3, KK1, 7, 15);
R(e, a, b, c, d, F3, KK1, 12, 8);
R(d, e, a, b, c, F3, KK1, 7, 12);
R(c, d, e, a, b, F3, KK1, 6, 4);
R(b, c, d, e, a, F3, KK1, 15, 9);
R(a, b, c, d, e, F3, KK1, 13, 1);
R(e, a, b, c, d, F3, KK1, 11, 2); /* #31 */
/* Parallel round 3 */
R(d, e, a, b, c, F2, KK2, 9, 15);
R(c, d, e, a, b, F2, KK2, 7, 5);
R(b, c, d, e, a, F2, KK2, 15, 1);
R(a, b, c, d, e, F2, KK2, 11, 3);
R(e, a, b, c, d, F2, KK2, 8, 7);
R(d, e, a, b, c, F2, KK2, 6, 14);
R(c, d, e, a, b, F2, KK2, 6, 6);
R(b, c, d, e, a, F2, KK2, 14, 9);
R(a, b, c, d, e, F2, KK2, 12, 11);
R(e, a, b, c, d, F2, KK2, 13, 8);
R(d, e, a, b, c, F2, KK2, 5, 12);
R(c, d, e, a, b, F2, KK2, 14, 2);
R(b, c, d, e, a, F2, KK2, 13, 10);
R(a, b, c, d, e, F2, KK2, 13, 0);
R(e, a, b, c, d, F2, KK2, 7, 4);
R(d, e, a, b, c, F2, KK2, 5, 13); /* #47 */
/* Parallel round 4 */
R(c, d, e, a, b, F1, KK3, 15, 8);
R(b, c, d, e, a, F1, KK3, 5, 6);
R(a, b, c, d, e, F1, KK3, 8, 4);
R(e, a, b, c, d, F1, KK3, 11, 1);
R(d, e, a, b, c, F1, KK3, 14, 3);
R(c, d, e, a, b, F1, KK3, 14, 11);
R(b, c, d, e, a, F1, KK3, 6, 15);
R(a, b, c, d, e, F1, KK3, 14, 0);
R(e, a, b, c, d, F1, KK3, 6, 5);
R(d, e, a, b, c, F1, KK3, 9, 12);
R(c, d, e, a, b, F1, KK3, 12, 2);
R(b, c, d, e, a, F1, KK3, 9, 13);
R(a, b, c, d, e, F1, KK3, 12, 9);
R(e, a, b, c, d, F1, KK3, 5, 7);
R(d, e, a, b, c, F1, KK3, 15, 10);
R(c, d, e, a, b, F1, KK3, 8, 14); /* #63 */
/* Parallel round 5 */
R(b, c, d, e, a, F0, KK4, 8, 12);
R(a, b, c, d, e, F0, KK4, 5, 15);
R(e, a, b, c, d, F0, KK4, 12, 10);
R(d, e, a, b, c, F0, KK4, 9, 4);
R(c, d, e, a, b, F0, KK4, 12, 1);
R(b, c, d, e, a, F0, KK4, 5, 5);
R(a, b, c, d, e, F0, KK4, 14, 8);
R(e, a, b, c, d, F0, KK4, 6, 7);
R(d, e, a, b, c, F0, KK4, 8, 6);
R(c, d, e, a, b, F0, KK4, 13, 2);
R(b, c, d, e, a, F0, KK4, 6, 13);
R(a, b, c, d, e, F0, KK4, 5, 14);
R(e, a, b, c, d, F0, KK4, 15, 0);
R(d, e, a, b, c, F0, KK4, 13, 3);
R(c, d, e, a, b, F0, KK4, 11, 9);
R(b, c, d, e, a, F0, KK4, 11, 11); /* #79 */
t = state[1] + cc + d;
state[1] = state[2] + dd + e;
state[2] = state[3] + ee + a;
state[3] = state[4] + aa + b;
state[4] = state[0] + bb + c;
state[0] = t;
}
crypto/set_key.c
+214
View File
@@ -0,0 +1,214 @@
/* $OpenBSD: set_key.c,v 1.5 2021/03/12 10:22:46 jsg Exp $ */
/* lib/des/set_key.c */
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
* by Eric Young (eay@mincom.oz.au).
* The implementation was written so as to conform with Netscapes SSL
* specification. This library and applications are
* FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
* as long as the following conditions are aheared to.
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed. If this code is used in a product,
* Eric Young should be given attribution as the author of the parts used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* set_key.c v 1.4 eay 24/9/91
* 1.4 Speed up by 400% :-)
* 1.3 added register declarations.
* 1.2 unrolled make_key_sched a bit more
* 1.1 added norm_expand_bits
* 1.0 First working version
*/
#include "des_locl.h"
#include "podd.h"
#include "sk.h"
static int check_parity(des_cblock (*key));
int des_check_key=0;
static int
check_parity(des_cblock (*key))
{
int i;
for (i = 0; i < DES_KEY_SZ; i++) {
if ((*key)[i] != odd_parity[(*key)[i]])
return(0);
}
return (1);
}
/* Weak and semi week keys as take from
* %A D.W. Davies
* %A W.L. Price
* %T Security for Computer Networks
* %I John Wiley & Sons
* %D 1984
* Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
* (and actual cblock values).
*/
#define NUM_WEAK_KEY 16
static des_cblock weak_keys[NUM_WEAK_KEY]={
/* weak keys */
{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
{0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F},
{0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0},
/* semi-weak keys */
{0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
{0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
{0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
{0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
{0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
{0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
{0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
{0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
{0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
{0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
int
des_is_weak_key(des_cblock (*key))
{
int i;
for (i = 0; i < NUM_WEAK_KEY; i++) {
/* Added == 0 to comparison, I obviously don't run
* this section very often :-(, thanks to
* engineering@MorningStar.Com for the fix
* eay 93/06/29 */
if (bcmp(weak_keys[i], key, sizeof(des_cblock)) == 0)
return (1);
}
return (0);
}
/* NOW DEFINED IN des_local.h
* See ecb_encrypt.c for a pseudo description of these macros.
* #define PERM_OP(a, b, t, n, m) ((t) = ((((a) >> (n))^(b)) & (m)),\
* (b)^=(t),\
* (a) = ((a)^((t) << (n))))
*/
#define HPERM_OP(a, t, n, m) ((t) = ((((a) << (16 - (n)))^(a)) & (m)),\
(a) = (a)^(t)^(t >> (16 - (n))))
static int shifts2[16]={0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0};
/* return 0 if key parity is odd (correct),
* return -1 if key parity error,
* return -2 if illegal weak key.
*/
int
des_set_key(des_cblock (*key), des_key_schedule schedule)
{
register u_int32_t c, d, t, s;
register unsigned char *in;
register u_int32_t *k;
register int i;
if (des_check_key) {
if (!check_parity(key))
return(-1);
if (des_is_weak_key(key))
return(-2);
}
k = (u_int32_t *) schedule;
in = (unsigned char *) key;
c2l(in, c);
c2l(in, d);
/* do PC1 in 60 simple operations */
/* PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
HPERM_OP(c, t, -2, 0xcccc0000L);
HPERM_OP(c, t, -1, 0xaaaa0000L);
HPERM_OP(c, t, 8, 0x00ff0000L);
HPERM_OP(c, t, -1, 0xaaaa0000L);
HPERM_OP(d, t, -8, 0xff000000L);
HPERM_OP(d, t, 8, 0x00ff0000L);
HPERM_OP(d, t, 2, 0x33330000L);
d = ((d & 0x00aa00aaL) << 7L) | ((d & 0x55005500L) >> 7L) | (d & 0xaa55aa55L);
d = (d >> 8) | ((c & 0xf0000000L) >> 4);
c &= 0x0fffffffL; */
/* I now do it in 47 simple operations :-)
* Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
* for the inspiration. :-) */
PERM_OP (d, c, t, 4, 0x0f0f0f0fL);
HPERM_OP(c, t, -2, 0xcccc0000L);
HPERM_OP(d, t, -2, 0xcccc0000L);
PERM_OP (d, c, t, 1, 0x55555555L);
PERM_OP (c, d, t, 8, 0x00ff00ffL);
PERM_OP (d, c, t, 1, 0x55555555L);
d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
c &= 0x0fffffffL;
for (i = 0; i < ITERATIONS; i++) {
if (shifts2[i])
{ c = ((c >> 2L) | (c << 26L)); d = ((d >> 2L) | (d << 26L)); }
else
{ c = ((c >> 1L) | (c << 27L)); d = ((d >> 1L) | (d << 27L)); }
c &= 0x0fffffffL;
d &= 0x0fffffffL;
/* could be a few less shifts but I am to lazy at this
* point in time to investigate */
s = des_skb[0][ (c ) & 0x3f ]|
des_skb[1][((c >> 6) & 0x03) | ((c >> 7L) & 0x3c)]|
des_skb[2][((c >> 13) & 0x0f) | ((c >> 14L) & 0x30)]|
des_skb[3][((c >> 20) & 0x01) | ((c >> 21L) & 0x06) |
((c >> 22L) & 0x38)];
t = des_skb[4][ (d ) & 0x3f ]|
des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)]|
des_skb[6][ (d >> 15L) & 0x3f ]|
des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
/* table contained 0213 4657 */
*(k++) = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
s = ((s >> 16L) | (t & 0xffff0000L));
s = (s << 4L) | (s >> 28L);
*(k++) = s & 0xffffffffL;
}
return (0);
}
crypto/sha1.c
+169
View File
@@ -0,0 +1,169 @@
/* $OpenBSD: sha1.c,v 1.11 2014/12/28 10:04:35 tedu Exp $ */
/*
* SHA-1 in C
* By Steve Reid <steve@edmweb.com>
* 100% Public Domain
*
* Test Vectors (from FIPS PUB 180-1)
* "abc"
* A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
* "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
* 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
* A million repetitions of "a"
* 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
*/
/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
/* #define SHA1HANDSOFF * Copies data before messing with it. */
#define SHA1HANDSOFF
#include <sys/param.h>
#include <sys/systm.h>
#include <crypto/sha1.h>
#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
/* blk0() and blk() perform the initial expand. */
/* I got the idea of expanding during the round function from SSLeay */
#if BYTE_ORDER == LITTLE_ENDIAN
#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
|(rol(block->l[i],8)&0x00FF00FF))
#else
#define blk0(i) block->l[i]
#endif
#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
^block->l[(i+2)&15]^block->l[i&15],1))
/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
/* Hash a single 512-bit block. This is the core of the algorithm. */
void
SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH])
{
u_int32_t a, b, c, d, e;
typedef union {
unsigned char c[64];
unsigned int l[16];
} CHAR64LONG16;
CHAR64LONG16* block;
#ifdef SHA1HANDSOFF
unsigned char workspace[SHA1_BLOCK_LENGTH];
block = (CHAR64LONG16 *)workspace;
memcpy(block, buffer, SHA1_BLOCK_LENGTH);
#else
block = (CHAR64LONG16 *)buffer;
#endif
/* Copy context->state[] to working vars */
a = state[0];
b = state[1];
c = state[2];
d = state[3];
e = state[4];
/* 4 rounds of 20 operations each. Loop unrolled. */
R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
/* Add the working vars back into context.state[] */
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
state[4] += e;
/* Wipe variables */
a = b = c = d = e = 0;
}
/* SHA1Init - Initialize new context */
void
SHA1Init(SHA1_CTX *context)
{
/* SHA1 initialization constants */
context->count = 0;
context->state[0] = 0x67452301;
context->state[1] = 0xEFCDAB89;
context->state[2] = 0x98BADCFE;
context->state[3] = 0x10325476;
context->state[4] = 0xC3D2E1F0;
}
/* Run your data through this. */
void
SHA1Update(SHA1_CTX *context, const void *dataptr, unsigned int len)
{
const uint8_t *data = dataptr;
unsigned int i;
unsigned int j;
j = (u_int32_t)((context->count >> 3) & 63);
context->count += (len << 3);
if ((j + len) > 63) {
memcpy(&context->buffer[j], data, (i = 64 - j));
SHA1Transform(context->state, context->buffer);
for ( ; i + 63 < len; i += 64) {
SHA1Transform(context->state, &data[i]);
}
j = 0;
}
else i = 0;
memcpy(&context->buffer[j], &data[i], len - i);
}
/* Add padding and return the message digest. */
void
SHA1Final(unsigned char digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)
{
unsigned int i;
unsigned char finalcount[8];
for (i = 0; i < 8; i++) {
finalcount[i] = (unsigned char)((context->count >>
((7 - (i & 7)) * 8)) & 255); /* Endian independent */
}
SHA1Update(context, "\200", 1);
while ((context->count & 504) != 448) {
SHA1Update(context, "\0", 1);
}
SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
for (i = 0; i < SHA1_DIGEST_LENGTH; i++) {
digest[i] = (unsigned char)((context->state[i >> 2] >>
((3 - (i & 3)) * 8)) & 255);
}
explicit_bzero(&finalcount, sizeof(finalcount));
explicit_bzero(context, sizeof(*context));
}
crypto/sha2.c
+855
View File
File diff suppressed because it is too large Load Diff
crypto/siphash.c
+181
View File
@@ -0,0 +1,181 @@
/* $OpenBSD: siphash.c,v 1.5 2018/01/05 19:05:09 mikeb Exp $ */
/*-
* Copyright (c) 2013 Andre Oppermann <andre@FreeBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d
* are the number of compression rounds and the number of finalization rounds.
* A compression round is identical to a finalization round and this round
* function is called SipRound. Given a 128-bit key k and a (possibly empty)
* byte string m, SipHash-c-d returns a 64-bit value SipHash-c-d(k; m).
*
* Implemented from the paper "SipHash: a fast short-input PRF", 2012.09.18,
* by Jean-Philippe Aumasson and Daniel J. Bernstein,
* Permanent Document ID b9a943a805fbfc6fde808af9fc0ecdfa
* https://131002.net/siphash/siphash.pdf
* https://131002.net/siphash/
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <crypto/siphash.h>
static void SipHash_CRounds(SIPHASH_CTX *, int);
static void SipHash_Rounds(SIPHASH_CTX *, int);
void
SipHash_Init(SIPHASH_CTX *ctx, const SIPHASH_KEY *key)
{
uint64_t k0, k1;
k0 = lemtoh64(&key->k0);
k1 = lemtoh64(&key->k1);
ctx->v[0] = 0x736f6d6570736575ULL ^ k0;
ctx->v[1] = 0x646f72616e646f6dULL ^ k1;
ctx->v[2] = 0x6c7967656e657261ULL ^ k0;
ctx->v[3] = 0x7465646279746573ULL ^ k1;
memset(ctx->buf, 0, sizeof(ctx->buf));
ctx->bytes = 0;
}
void
SipHash_Update(SIPHASH_CTX *ctx, int rc, int rf, const void *src, size_t len)
{
const uint8_t *ptr = src;
size_t left, used;
if (len == 0)
return;
used = ctx->bytes % sizeof(ctx->buf);
ctx->bytes += len;
if (used > 0) {
left = sizeof(ctx->buf) - used;
if (len >= left) {
memcpy(&ctx->buf[used], ptr, left);
SipHash_CRounds(ctx, rc);
len -= left;
ptr += left;
} else {
memcpy(&ctx->buf[used], ptr, len);
return;
}
}
while (len >= sizeof(ctx->buf)) {
memcpy(ctx->buf, ptr, sizeof(ctx->buf));
SipHash_CRounds(ctx, rc);
len -= sizeof(ctx->buf);
ptr += sizeof(ctx->buf);
}
if (len > 0)
memcpy(ctx->buf, ptr, len);
}
void
SipHash_Final(void *dst, SIPHASH_CTX *ctx, int rc, int rf)
{
uint64_t r;
htolem64(&r, SipHash_End(ctx, rc, rf));
memcpy(dst, &r, sizeof r);
}
uint64_t
SipHash_End(SIPHASH_CTX *ctx, int rc, int rf)
{
uint64_t r;
size_t left, used;
used = ctx->bytes % sizeof(ctx->buf);
left = sizeof(ctx->buf) - used;
memset(&ctx->buf[used], 0, left - 1);
ctx->buf[7] = ctx->bytes;
SipHash_CRounds(ctx, rc);
ctx->v[2] ^= 0xff;
SipHash_Rounds(ctx, rf);
r = (ctx->v[0] ^ ctx->v[1]) ^ (ctx->v[2] ^ ctx->v[3]);
explicit_bzero(ctx, sizeof(*ctx));
return (r);
}
uint64_t
SipHash(const SIPHASH_KEY *key, int rc, int rf, const void *src, size_t len)
{
SIPHASH_CTX ctx;
SipHash_Init(&ctx, key);
SipHash_Update(&ctx, rc, rf, src, len);
return (SipHash_End(&ctx, rc, rf));
}
#define SIP_ROTL(x, b) ((x) << (b)) | ( (x) >> (64 - (b)))
static void
SipHash_Rounds(SIPHASH_CTX *ctx, int rounds)
{
while (rounds--) {
ctx->v[0] += ctx->v[1];
ctx->v[2] += ctx->v[3];
ctx->v[1] = SIP_ROTL(ctx->v[1], 13);
ctx->v[3] = SIP_ROTL(ctx->v[3], 16);
ctx->v[1] ^= ctx->v[0];
ctx->v[3] ^= ctx->v[2];
ctx->v[0] = SIP_ROTL(ctx->v[0], 32);
ctx->v[2] += ctx->v[1];
ctx->v[0] += ctx->v[3];
ctx->v[1] = SIP_ROTL(ctx->v[1], 17);
ctx->v[3] = SIP_ROTL(ctx->v[3], 21);
ctx->v[1] ^= ctx->v[2];
ctx->v[3] ^= ctx->v[0];
ctx->v[2] = SIP_ROTL(ctx->v[2], 32);
}
}
static void
SipHash_CRounds(SIPHASH_CTX *ctx, int rounds)
{
uint64_t m = lemtoh64((uint64_t *)ctx->buf);
ctx->v[3] ^= m;
SipHash_Rounds(ctx, rounds);
ctx->v[0] ^= m;
}
crypto/sk.h
+195
View File
@@ -0,0 +1,195 @@
/* $OpenBSD: sk.h,v 1.2 2002/10/27 13:24:26 miod Exp $ */
/* lib/des/sk.h */
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
* by Eric Young (eay@mincom.oz.au).
* The implementation was written so as to conform with Netscapes SSL
* specification. This library and applications are
* FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
* as long as the following conditions are aheared to.
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed. If this code is used in a product,
* Eric Young should be given attribution as the author of the parts used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
static const u_int32_t des_skb[8][64]={
{
/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
0x00000000L,0x00000010L,0x20000000L,0x20000010L,
0x00010000L,0x00010010L,0x20010000L,0x20010010L,
0x00000800L,0x00000810L,0x20000800L,0x20000810L,
0x00010800L,0x00010810L,0x20010800L,0x20010810L,
0x00000020L,0x00000030L,0x20000020L,0x20000030L,
0x00010020L,0x00010030L,0x20010020L,0x20010030L,
0x00000820L,0x00000830L,0x20000820L,0x20000830L,
0x00010820L,0x00010830L,0x20010820L,0x20010830L,
0x00080000L,0x00080010L,0x20080000L,0x20080010L,
0x00090000L,0x00090010L,0x20090000L,0x20090010L,
0x00080800L,0x00080810L,0x20080800L,0x20080810L,
0x00090800L,0x00090810L,0x20090800L,0x20090810L,
0x00080020L,0x00080030L,0x20080020L,0x20080030L,
0x00090020L,0x00090030L,0x20090020L,0x20090030L,
0x00080820L,0x00080830L,0x20080820L,0x20080830L,
0x00090820L,0x00090830L,0x20090820L,0x20090830L,
},{
/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
0x00000000L,0x02000000L,0x00002000L,0x02002000L,
0x00200000L,0x02200000L,0x00202000L,0x02202000L,
0x00000004L,0x02000004L,0x00002004L,0x02002004L,
0x00200004L,0x02200004L,0x00202004L,0x02202004L,
0x00000400L,0x02000400L,0x00002400L,0x02002400L,
0x00200400L,0x02200400L,0x00202400L,0x02202400L,
0x00000404L,0x02000404L,0x00002404L,0x02002404L,
0x00200404L,0x02200404L,0x00202404L,0x02202404L,
0x10000000L,0x12000000L,0x10002000L,0x12002000L,
0x10200000L,0x12200000L,0x10202000L,0x12202000L,
0x10000004L,0x12000004L,0x10002004L,0x12002004L,
0x10200004L,0x12200004L,0x10202004L,0x12202004L,
0x10000400L,0x12000400L,0x10002400L,0x12002400L,
0x10200400L,0x12200400L,0x10202400L,0x12202400L,
0x10000404L,0x12000404L,0x10002404L,0x12002404L,
0x10200404L,0x12200404L,0x10202404L,0x12202404L,
},{
/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
0x00000000L,0x00000001L,0x00040000L,0x00040001L,
0x01000000L,0x01000001L,0x01040000L,0x01040001L,
0x00000002L,0x00000003L,0x00040002L,0x00040003L,
0x01000002L,0x01000003L,0x01040002L,0x01040003L,
0x00000200L,0x00000201L,0x00040200L,0x00040201L,
0x01000200L,0x01000201L,0x01040200L,0x01040201L,
0x00000202L,0x00000203L,0x00040202L,0x00040203L,
0x01000202L,0x01000203L,0x01040202L,0x01040203L,
0x08000000L,0x08000001L,0x08040000L,0x08040001L,
0x09000000L,0x09000001L,0x09040000L,0x09040001L,
0x08000002L,0x08000003L,0x08040002L,0x08040003L,
0x09000002L,0x09000003L,0x09040002L,0x09040003L,
0x08000200L,0x08000201L,0x08040200L,0x08040201L,
0x09000200L,0x09000201L,0x09040200L,0x09040201L,
0x08000202L,0x08000203L,0x08040202L,0x08040203L,
0x09000202L,0x09000203L,0x09040202L,0x09040203L,
},{
/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
0x00000000L,0x00100000L,0x00000100L,0x00100100L,
0x00000008L,0x00100008L,0x00000108L,0x00100108L,
0x00001000L,0x00101000L,0x00001100L,0x00101100L,
0x00001008L,0x00101008L,0x00001108L,0x00101108L,
0x04000000L,0x04100000L,0x04000100L,0x04100100L,
0x04000008L,0x04100008L,0x04000108L,0x04100108L,
0x04001000L,0x04101000L,0x04001100L,0x04101100L,
0x04001008L,0x04101008L,0x04001108L,0x04101108L,
0x00020000L,0x00120000L,0x00020100L,0x00120100L,
0x00020008L,0x00120008L,0x00020108L,0x00120108L,
0x00021000L,0x00121000L,0x00021100L,0x00121100L,
0x00021008L,0x00121008L,0x00021108L,0x00121108L,
0x04020000L,0x04120000L,0x04020100L,0x04120100L,
0x04020008L,0x04120008L,0x04020108L,0x04120108L,
0x04021000L,0x04121000L,0x04021100L,0x04121100L,
0x04021008L,0x04121008L,0x04021108L,0x04121108L,
},{
/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
0x00000000L,0x10000000L,0x00010000L,0x10010000L,
0x00000004L,0x10000004L,0x00010004L,0x10010004L,
0x20000000L,0x30000000L,0x20010000L,0x30010000L,
0x20000004L,0x30000004L,0x20010004L,0x30010004L,
0x00100000L,0x10100000L,0x00110000L,0x10110000L,
0x00100004L,0x10100004L,0x00110004L,0x10110004L,
0x20100000L,0x30100000L,0x20110000L,0x30110000L,
0x20100004L,0x30100004L,0x20110004L,0x30110004L,
0x00001000L,0x10001000L,0x00011000L,0x10011000L,
0x00001004L,0x10001004L,0x00011004L,0x10011004L,
0x20001000L,0x30001000L,0x20011000L,0x30011000L,
0x20001004L,0x30001004L,0x20011004L,0x30011004L,
0x00101000L,0x10101000L,0x00111000L,0x10111000L,
0x00101004L,0x10101004L,0x00111004L,0x10111004L,
0x20101000L,0x30101000L,0x20111000L,0x30111000L,
0x20101004L,0x30101004L,0x20111004L,0x30111004L,
},{
/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
0x00000000L,0x08000000L,0x00000008L,0x08000008L,
0x00000400L,0x08000400L,0x00000408L,0x08000408L,
0x00020000L,0x08020000L,0x00020008L,0x08020008L,
0x00020400L,0x08020400L,0x00020408L,0x08020408L,
0x00000001L,0x08000001L,0x00000009L,0x08000009L,
0x00000401L,0x08000401L,0x00000409L,0x08000409L,
0x00020001L,0x08020001L,0x00020009L,0x08020009L,
0x00020401L,0x08020401L,0x00020409L,0x08020409L,
0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
},{
/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
0x00000000L,0x00000100L,0x00080000L,0x00080100L,
0x01000000L,0x01000100L,0x01080000L,0x01080100L,
0x00000010L,0x00000110L,0x00080010L,0x00080110L,
0x01000010L,0x01000110L,0x01080010L,0x01080110L,
0x00200000L,0x00200100L,0x00280000L,0x00280100L,
0x01200000L,0x01200100L,0x01280000L,0x01280100L,
0x00200010L,0x00200110L,0x00280010L,0x00280110L,
0x01200010L,0x01200110L,0x01280010L,0x01280110L,
0x00000200L,0x00000300L,0x00080200L,0x00080300L,
0x01000200L,0x01000300L,0x01080200L,0x01080300L,
0x00000210L,0x00000310L,0x00080210L,0x00080310L,
0x01000210L,0x01000310L,0x01080210L,0x01080310L,
0x00200200L,0x00200300L,0x00280200L,0x00280300L,
0x01200200L,0x01200300L,0x01280200L,0x01280300L,
0x00200210L,0x00200310L,0x00280210L,0x00280310L,
0x01200210L,0x01200310L,0x01280210L,0x01280310L,
},{
/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
0x00000000L,0x04000000L,0x00040000L,0x04040000L,
0x00000002L,0x04000002L,0x00040002L,0x04040002L,
0x00002000L,0x04002000L,0x00042000L,0x04042000L,
0x00002002L,0x04002002L,0x00042002L,0x04042002L,
0x00000020L,0x04000020L,0x00040020L,0x04040020L,
0x00000022L,0x04000022L,0x00040022L,0x04040022L,
0x00002020L,0x04002020L,0x00042020L,0x04042020L,
0x00002022L,0x04002022L,0x00042022L,0x04042022L,
0x00000800L,0x04000800L,0x00040800L,0x04040800L,
0x00000802L,0x04000802L,0x00040802L,0x04040802L,
0x00002800L,0x04002800L,0x00042800L,0x04042800L,
0x00002802L,0x04002802L,0x00042802L,0x04042802L,
0x00000820L,0x04000820L,0x00040820L,0x04040820L,
0x00000822L,0x04000822L,0x00040822L,0x04040822L,
0x00002820L,0x04002820L,0x00042820L,0x04042820L,
0x00002822L,0x04002822L,0x00042822L,0x04042822L,
}};
crypto/spr.h
+195
View File
@@ -0,0 +1,195 @@
/* $OpenBSD: spr.h,v 1.2 2002/10/27 13:24:26 miod Exp $ */
/* lib/des/spr.h */
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
* by Eric Young (eay@mincom.oz.au).
* The implementation was written so as to conform with Netscapes SSL
* specification. This library and applications are
* FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
* as long as the following conditions are aheared to.
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed. If this code is used in a product,
* Eric Young should be given attribution as the author of the parts used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
static const u_int32_t des_SPtrans[8][64]={
{
/* nibble 0 */
0x00820200L, 0x00020000L, 0x80800000L, 0x80820200L,
0x00800000L, 0x80020200L, 0x80020000L, 0x80800000L,
0x80020200L, 0x00820200L, 0x00820000L, 0x80000200L,
0x80800200L, 0x00800000L, 0x00000000L, 0x80020000L,
0x00020000L, 0x80000000L, 0x00800200L, 0x00020200L,
0x80820200L, 0x00820000L, 0x80000200L, 0x00800200L,
0x80000000L, 0x00000200L, 0x00020200L, 0x80820000L,
0x00000200L, 0x80800200L, 0x80820000L, 0x00000000L,
0x00000000L, 0x80820200L, 0x00800200L, 0x80020000L,
0x00820200L, 0x00020000L, 0x80000200L, 0x00800200L,
0x80820000L, 0x00000200L, 0x00020200L, 0x80800000L,
0x80020200L, 0x80000000L, 0x80800000L, 0x00820000L,
0x80820200L, 0x00020200L, 0x00820000L, 0x80800200L,
0x00800000L, 0x80000200L, 0x80020000L, 0x00000000L,
0x00020000L, 0x00800000L, 0x80800200L, 0x00820200L,
0x80000000L, 0x80820000L, 0x00000200L, 0x80020200L,
},{
/* nibble 1 */
0x10042004L, 0x00000000L, 0x00042000L, 0x10040000L,
0x10000004L, 0x00002004L, 0x10002000L, 0x00042000L,
0x00002000L, 0x10040004L, 0x00000004L, 0x10002000L,
0x00040004L, 0x10042000L, 0x10040000L, 0x00000004L,
0x00040000L, 0x10002004L, 0x10040004L, 0x00002000L,
0x00042004L, 0x10000000L, 0x00000000L, 0x00040004L,
0x10002004L, 0x00042004L, 0x10042000L, 0x10000004L,
0x10000000L, 0x00040000L, 0x00002004L, 0x10042004L,
0x00040004L, 0x10042000L, 0x10002000L, 0x00042004L,
0x10042004L, 0x00040004L, 0x10000004L, 0x00000000L,
0x10000000L, 0x00002004L, 0x00040000L, 0x10040004L,
0x00002000L, 0x10000000L, 0x00042004L, 0x10002004L,
0x10042000L, 0x00002000L, 0x00000000L, 0x10000004L,
0x00000004L, 0x10042004L, 0x00042000L, 0x10040000L,
0x10040004L, 0x00040000L, 0x00002004L, 0x10002000L,
0x10002004L, 0x00000004L, 0x10040000L, 0x00042000L,
},{
/* nibble 2 */
0x41000000L, 0x01010040L, 0x00000040L, 0x41000040L,
0x40010000L, 0x01000000L, 0x41000040L, 0x00010040L,
0x01000040L, 0x00010000L, 0x01010000L, 0x40000000L,
0x41010040L, 0x40000040L, 0x40000000L, 0x41010000L,
0x00000000L, 0x40010000L, 0x01010040L, 0x00000040L,
0x40000040L, 0x41010040L, 0x00010000L, 0x41000000L,
0x41010000L, 0x01000040L, 0x40010040L, 0x01010000L,
0x00010040L, 0x00000000L, 0x01000000L, 0x40010040L,
0x01010040L, 0x00000040L, 0x40000000L, 0x00010000L,
0x40000040L, 0x40010000L, 0x01010000L, 0x41000040L,
0x00000000L, 0x01010040L, 0x00010040L, 0x41010000L,
0x40010000L, 0x01000000L, 0x41010040L, 0x40000000L,
0x40010040L, 0x41000000L, 0x01000000L, 0x41010040L,
0x00010000L, 0x01000040L, 0x41000040L, 0x00010040L,
0x01000040L, 0x00000000L, 0x41010000L, 0x40000040L,
0x41000000L, 0x40010040L, 0x00000040L, 0x01010000L,
},{
/* nibble 3 */
0x00100402L, 0x04000400L, 0x00000002L, 0x04100402L,
0x00000000L, 0x04100000L, 0x04000402L, 0x00100002L,
0x04100400L, 0x04000002L, 0x04000000L, 0x00000402L,
0x04000002L, 0x00100402L, 0x00100000L, 0x04000000L,
0x04100002L, 0x00100400L, 0x00000400L, 0x00000002L,
0x00100400L, 0x04000402L, 0x04100000L, 0x00000400L,
0x00000402L, 0x00000000L, 0x00100002L, 0x04100400L,
0x04000400L, 0x04100002L, 0x04100402L, 0x00100000L,
0x04100002L, 0x00000402L, 0x00100000L, 0x04000002L,
0x00100400L, 0x04000400L, 0x00000002L, 0x04100000L,
0x04000402L, 0x00000000L, 0x00000400L, 0x00100002L,
0x00000000L, 0x04100002L, 0x04100400L, 0x00000400L,
0x04000000L, 0x04100402L, 0x00100402L, 0x00100000L,
0x04100402L, 0x00000002L, 0x04000400L, 0x00100402L,
0x00100002L, 0x00100400L, 0x04100000L, 0x04000402L,
0x00000402L, 0x04000000L, 0x04000002L, 0x04100400L,
},{
/* nibble 4 */
0x02000000L, 0x00004000L, 0x00000100L, 0x02004108L,
0x02004008L, 0x02000100L, 0x00004108L, 0x02004000L,
0x00004000L, 0x00000008L, 0x02000008L, 0x00004100L,
0x02000108L, 0x02004008L, 0x02004100L, 0x00000000L,
0x00004100L, 0x02000000L, 0x00004008L, 0x00000108L,
0x02000100L, 0x00004108L, 0x00000000L, 0x02000008L,
0x00000008L, 0x02000108L, 0x02004108L, 0x00004008L,
0x02004000L, 0x00000100L, 0x00000108L, 0x02004100L,
0x02004100L, 0x02000108L, 0x00004008L, 0x02004000L,
0x00004000L, 0x00000008L, 0x02000008L, 0x02000100L,
0x02000000L, 0x00004100L, 0x02004108L, 0x00000000L,
0x00004108L, 0x02000000L, 0x00000100L, 0x00004008L,
0x02000108L, 0x00000100L, 0x00000000L, 0x02004108L,
0x02004008L, 0x02004100L, 0x00000108L, 0x00004000L,
0x00004100L, 0x02004008L, 0x02000100L, 0x00000108L,
0x00000008L, 0x00004108L, 0x02004000L, 0x02000008L,
},{
/* nibble 5 */
0x20000010L, 0x00080010L, 0x00000000L, 0x20080800L,
0x00080010L, 0x00000800L, 0x20000810L, 0x00080000L,
0x00000810L, 0x20080810L, 0x00080800L, 0x20000000L,
0x20000800L, 0x20000010L, 0x20080000L, 0x00080810L,
0x00080000L, 0x20000810L, 0x20080010L, 0x00000000L,
0x00000800L, 0x00000010L, 0x20080800L, 0x20080010L,
0x20080810L, 0x20080000L, 0x20000000L, 0x00000810L,
0x00000010L, 0x00080800L, 0x00080810L, 0x20000800L,
0x00000810L, 0x20000000L, 0x20000800L, 0x00080810L,
0x20080800L, 0x00080010L, 0x00000000L, 0x20000800L,
0x20000000L, 0x00000800L, 0x20080010L, 0x00080000L,
0x00080010L, 0x20080810L, 0x00080800L, 0x00000010L,
0x20080810L, 0x00080800L, 0x00080000L, 0x20000810L,
0x20000010L, 0x20080000L, 0x00080810L, 0x00000000L,
0x00000800L, 0x20000010L, 0x20000810L, 0x20080800L,
0x20080000L, 0x00000810L, 0x00000010L, 0x20080010L,
},{
/* nibble 6 */
0x00001000L, 0x00000080L, 0x00400080L, 0x00400001L,
0x00401081L, 0x00001001L, 0x00001080L, 0x00000000L,
0x00400000L, 0x00400081L, 0x00000081L, 0x00401000L,
0x00000001L, 0x00401080L, 0x00401000L, 0x00000081L,
0x00400081L, 0x00001000L, 0x00001001L, 0x00401081L,
0x00000000L, 0x00400080L, 0x00400001L, 0x00001080L,
0x00401001L, 0x00001081L, 0x00401080L, 0x00000001L,
0x00001081L, 0x00401001L, 0x00000080L, 0x00400000L,
0x00001081L, 0x00401000L, 0x00401001L, 0x00000081L,
0x00001000L, 0x00000080L, 0x00400000L, 0x00401001L,
0x00400081L, 0x00001081L, 0x00001080L, 0x00000000L,
0x00000080L, 0x00400001L, 0x00000001L, 0x00400080L,
0x00000000L, 0x00400081L, 0x00400080L, 0x00001080L,
0x00000081L, 0x00001000L, 0x00401081L, 0x00400000L,
0x00401080L, 0x00000001L, 0x00001001L, 0x00401081L,
0x00400001L, 0x00401080L, 0x00401000L, 0x00001001L,
},{
/* nibble 7 */
0x08200020L, 0x08208000L, 0x00008020L, 0x00000000L,
0x08008000L, 0x00200020L, 0x08200000L, 0x08208020L,
0x00000020L, 0x08000000L, 0x00208000L, 0x00008020L,
0x00208020L, 0x08008020L, 0x08000020L, 0x08200000L,
0x00008000L, 0x00208020L, 0x00200020L, 0x08008000L,
0x08208020L, 0x08000020L, 0x00000000L, 0x00208000L,
0x08000000L, 0x00200000L, 0x08008020L, 0x08200020L,
0x00200000L, 0x00008000L, 0x08208000L, 0x00000020L,
0x00200000L, 0x00008000L, 0x08000020L, 0x08208020L,
0x00008020L, 0x08000000L, 0x00000000L, 0x00208000L,
0x08200020L, 0x08008020L, 0x08008000L, 0x00200020L,
0x08208000L, 0x00000020L, 0x00200020L, 0x08008000L,
0x08208020L, 0x00200000L, 0x08200000L, 0x08000020L,
0x00208000L, 0x00008020L, 0x08008020L, 0x08200000L,
0x00000020L, 0x08208000L, 0x00208020L, 0x00000000L,
0x08000000L, 0x08200020L, 0x00008000L, 0x00208020L,
}};
crypto/xform.c
+613
View File
File diff suppressed because it is too large Load Diff
include/crypto/aes.h
+50
View File
@@ -0,0 +1,50 @@
/* $OpenBSD: aes.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $ */
/*
* Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
* Copyright (c) 2016 Mike Belopuhov
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#ifndef _AES_H_
#define _AES_H_
#ifndef AES_MAXROUNDS
#define AES_MAXROUNDS (14)
#endif
typedef struct aes_ctx {
uint32_t sk[60];
uint32_t sk_exp[120];
unsigned num_rounds;
} AES_CTX;
int AES_Setkey(AES_CTX *, const uint8_t *, int);
void AES_Encrypt(AES_CTX *, const uint8_t *, uint8_t *);
void AES_Decrypt(AES_CTX *, const uint8_t *, uint8_t *);
void AES_Encrypt_ECB(AES_CTX *, const uint8_t *, uint8_t *, size_t);
void AES_Decrypt_ECB(AES_CTX *, const uint8_t *, uint8_t *, size_t);
int AES_KeySetup_Encrypt(uint32_t *, const uint8_t *, int);
int AES_KeySetup_Decrypt(uint32_t *, const uint8_t *, int);
#endif /* _AES_H_ */
include/crypto/blf.h
+79
View File
@@ -0,0 +1,79 @@
/* $OpenBSD: blf.h,v 1.7 2021/11/29 01:04:45 djm Exp $ */
/*
* Blowfish - a fast block cipher designed by Bruce Schneier
*
* Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _BLF_H_
#define _BLF_H_
/* Schneier states the maximum key length to be 56 bytes.
* The way how the subkeys are initialized by the key up
* to (N+2)*4 i.e. 72 bytes are utilized.
* Warning: For normal blowfish encryption only 56 bytes
* of the key affect all cipherbits.
*/
#define BLF_N 16 /* Number of Subkeys */
#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */
#define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */
/* Blowfish context */
typedef struct BlowfishContext {
u_int32_t S[4][256]; /* S-Boxes */
u_int32_t P[BLF_N + 2]; /* Subkeys */
} blf_ctx;
/* Raw access to customized Blowfish
* blf_key is just:
* Blowfish_initstate( state )
* Blowfish_expand0state( state, key, keylen )
*/
void Blowfish_encipher(blf_ctx *, u_int32_t *);
void Blowfish_decipher(blf_ctx *, u_int32_t *);
void Blowfish_initstate(blf_ctx *);
void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t);
void Blowfish_expandstate(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t);
/* Standard Blowfish */
void blf_key(blf_ctx *, const u_int8_t *, u_int16_t);
void blf_enc(blf_ctx *, u_int32_t *, u_int16_t);
void blf_dec(blf_ctx *, u_int32_t *, u_int16_t);
/* Converts u_int8_t to u_int32_t */
u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t ,
u_int16_t *);
void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t);
void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t);
void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
#endif
include/crypto/cast.h
+22
View File
@@ -0,0 +1,22 @@
/* $OpenBSD: cast.h,v 1.2 2002/03/14 01:26:51 millert Exp $ */
/*
* CAST-128 in C
* Written by Steve Reid <sreid@sea-to-sky.net>
* 100% Public Domain - no warranty
* Released 1997.10.11
*/
#ifndef _CAST_H_
#define _CAST_H_
typedef struct {
u_int32_t xkey[32]; /* Key, after expansion */
int rounds; /* Number of rounds to use, 12 or 16 */
} cast_key;
void cast_setkey(cast_key * key, u_int8_t * rawkey, int keybytes);
void cast_encrypt(cast_key * key, u_int8_t * inblock, u_int8_t * outblock);
void cast_decrypt(cast_key * key, u_int8_t * inblock, u_int8_t * outblock);
#endif /* ifndef _CAST_H_ */
include/crypto/chachapoly.h
+86
View File
@@ -0,0 +1,86 @@
/* $OpenBSD: chachapoly.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $ */
/*
* Copyright (c) 2015 Mike Belopuhov
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _CHACHAPOLY_H_
#define _CHACHAPOLY_H_
#define CHACHA20_KEYSIZE 32
#define CHACHA20_CTR 4
#define CHACHA20_SALT 4
#define CHACHA20_NONCE 8
#define CHACHA20_BLOCK_LEN 64
struct chacha20_ctx {
uint8_t block[CHACHA20_BLOCK_LEN];
uint8_t nonce[CHACHA20_NONCE];
};
int chacha20_setkey(void *, u_int8_t *, int);
void chacha20_reinit(caddr_t, u_int8_t *);
void chacha20_crypt(caddr_t, u_int8_t *);
#define POLY1305_KEYLEN 32
#define POLY1305_TAGLEN 16
#define POLY1305_BLOCK_LEN 16
struct poly1305_ctx {
/* r, h, pad, leftover */
unsigned long state[5+5+4];
size_t leftover;
unsigned char buffer[POLY1305_BLOCK_LEN];
unsigned char final;
};
typedef struct {
uint8_t key[POLY1305_KEYLEN];
/* counter, salt */
uint8_t nonce[CHACHA20_NONCE];
struct chacha20_ctx chacha;
struct poly1305_ctx poly;
} CHACHA20_POLY1305_CTX;
void Chacha20_Poly1305_Init(void *);
void Chacha20_Poly1305_Setkey(void *, const uint8_t *, uint16_t);
void Chacha20_Poly1305_Reinit(void *, const uint8_t *, uint16_t);
int Chacha20_Poly1305_Update(void *, const uint8_t *, uint16_t);
void Chacha20_Poly1305_Final(uint8_t[POLY1305_TAGLEN], void *);
/* WireGuard crypto */
#define CHACHA20POLY1305_KEY_SIZE CHACHA20_KEYSIZE
#define CHACHA20POLY1305_AUTHTAG_SIZE POLY1305_TAGLEN
#define XCHACHA20POLY1305_NONCE_SIZE 24
void chacha20poly1305_encrypt(uint8_t *, const uint8_t *, const size_t,
const uint8_t *, const size_t, const uint64_t,
const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
int chacha20poly1305_decrypt(uint8_t *, const uint8_t *, const size_t,
const uint8_t *, const size_t, const uint64_t,
const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
void xchacha20poly1305_encrypt(uint8_t *, const uint8_t *, const size_t,
const uint8_t *, const size_t,
const uint8_t[XCHACHA20POLY1305_NONCE_SIZE],
const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
int xchacha20poly1305_decrypt(uint8_t *, const uint8_t *, const size_t,
const uint8_t *, const size_t,
const uint8_t[XCHACHA20POLY1305_NONCE_SIZE],
const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
#endif /* _CHACHAPOLY_H_ */
include/crypto/cmac.h
+41
View File
@@ -0,0 +1,41 @@
/* $OpenBSD: cmac.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _CMAC_H_
#define _CMAC_H_
#define AES_CMAC_KEY_LENGTH 16
#define AES_CMAC_DIGEST_LENGTH 16
typedef struct _AES_CMAC_CTX {
AES_CTX aesctx;
u_int8_t X[16];
u_int8_t M_last[16];
u_int M_n;
} AES_CMAC_CTX;
__BEGIN_DECLS
void AES_CMAC_Init(AES_CMAC_CTX *);
void AES_CMAC_SetKey(AES_CMAC_CTX *, const u_int8_t [AES_CMAC_KEY_LENGTH]);
void AES_CMAC_Update(AES_CMAC_CTX *, const u_int8_t *, u_int)
__attribute__((__bounded__(__string__,2,3)));
void AES_CMAC_Final(u_int8_t [AES_CMAC_DIGEST_LENGTH], AES_CMAC_CTX *)
__attribute__((__bounded__(__minbytes__,1,AES_CMAC_DIGEST_LENGTH)));
__END_DECLS
#endif /* _CMAC_H_ */
include/crypto/cryptodev.h
+345
View File
@@ -0,0 +1,345 @@
/* $OpenBSD: cryptodev.h,v 1.58 2013/10/31 10:32:38 mikeb Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
* This code was written by Angelos D. Keromytis in Athens, Greece, in
* February 2000. Network Security Technologies Inc. (NSTI) kindly
* supported the development of this code.
*
* Copyright (c) 2000 Angelos D. Keromytis
*
* Permission to use, copy, and modify this software with or without fee
* is hereby granted, provided that this entire notice is included in
* all source code copies of any software which is or includes a copy or
* modification of this software.
*
* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
* PURPOSE.
*
* Copyright (c) 2001 Theo de Raadt
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* Effort sponsored in part by the Defense Advanced Research Projects
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F30602-01-2-0537.
*
*/
#ifndef _CRYPTO_CRYPTO_H_
#define _CRYPTO_CRYPTO_H_
#include <sys/ioccom.h>
#include <sys/task.h>
/* Some initial values */
#define CRYPTO_DRIVERS_INITIAL 4
#define CRYPTO_DRIVERS_MAX 128
#define CRYPTO_SW_SESSIONS 32
/* HMAC values */
#define HMAC_MD5_BLOCK_LEN 64
#define HMAC_SHA1_BLOCK_LEN 64
#define HMAC_RIPEMD160_BLOCK_LEN 64
#define HMAC_SHA2_256_BLOCK_LEN 64
#define HMAC_SHA2_384_BLOCK_LEN 128
#define HMAC_SHA2_512_BLOCK_LEN 128
#define HMAC_MAX_BLOCK_LEN HMAC_SHA2_512_BLOCK_LEN /* keep in sync */
#define HMAC_IPAD_VAL 0x36
#define HMAC_OPAD_VAL 0x5C
/* Encryption algorithm block sizes */
#define DES_BLOCK_LEN 8
#define DES3_BLOCK_LEN 8
#define BLOWFISH_BLOCK_LEN 8
#define CAST128_BLOCK_LEN 8
#define RIJNDAEL128_BLOCK_LEN 16
#define EALG_MAX_BLOCK_LEN 16 /* Keep this updated */
/* Maximum hash algorithm result length */
#define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
#define CRYPTO_DES_CBC 1
#define CRYPTO_3DES_CBC 2
#define CRYPTO_BLF_CBC 3
#define CRYPTO_CAST_CBC 4
#define CRYPTO_MD5_HMAC 6
#define CRYPTO_SHA1_HMAC 7
#define CRYPTO_RIPEMD160_HMAC 8
#define CRYPTO_MD5_KPDK 9
#define CRYPTO_SHA1_KPDK 10
#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */
#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */
#define CRYPTO_ARC4 12
#define CRYPTO_MD5 13
#define CRYPTO_SHA1 14
#define CRYPTO_DEFLATE_COMP 15 /* Deflate compression algorithm */
#define CRYPTO_NULL 16
#define CRYPTO_LZS_COMP 17 /* LZS compression algorithm */
#define CRYPTO_SHA2_256_HMAC 18
#define CRYPTO_SHA2_384_HMAC 19
#define CRYPTO_SHA2_512_HMAC 20
#define CRYPTO_AES_CTR 21
#define CRYPTO_AES_XTS 22
#define CRYPTO_AES_GCM_16 23
#define CRYPTO_AES_128_GMAC 24
#define CRYPTO_AES_192_GMAC 25
#define CRYPTO_AES_256_GMAC 26
#define CRYPTO_AES_GMAC 27
#define CRYPTO_ESN 28 /* Support for Extended Sequence Numbers */
#define CRYPTO_ALGORITHM_MAX 28 /* Keep updated */
/* Algorithm flags */
#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */
#define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */
/* Standard initialization structure beginning */
struct cryptoini {
int cri_alg; /* Algorithm to use */
int cri_klen; /* Key length, in bits */
int cri_rnd; /* Algorithm rounds, where relevant */
caddr_t cri_key; /* key to use */
union {
u_int8_t iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
u_int8_t esn[4]; /* high-order ESN */
} u;
#define cri_iv u.iv
#define cri_esn u.esn
struct cryptoini *cri_next;
};
/* Describe boundaries of a single crypto operation */
struct cryptodesc {
int crd_skip; /* How many bytes to ignore from start */
int crd_len; /* How many bytes to process */
int crd_inject; /* Where to inject results, if applicable */
int crd_flags;
#define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */
#define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in
place, so don't copy. */
#define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */
#define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */
#define CRD_F_COMP 0x10 /* Set when doing compression */
#define CRD_F_ESN 0x20 /* Set when ESN field is provided */
struct cryptoini CRD_INI; /* Initialization/context data */
#define crd_esn CRD_INI.cri_esn
#define crd_iv CRD_INI.cri_iv
#define crd_key CRD_INI.cri_key
#define crd_rnd CRD_INI.cri_rnd
#define crd_alg CRD_INI.cri_alg
#define crd_klen CRD_INI.cri_klen
struct cryptodesc *crd_next;
};
/* Structure describing complete operation */
struct cryptop {
struct task crp_task;
u_int64_t crp_sid; /* Session ID */
int crp_ilen; /* Input data total length */
int crp_olen; /* Result total length */
int crp_alloctype; /* Type of buf to allocate if needed */
int crp_etype; /*
* Error type (zero means no error).
* All error codes except EAGAIN
* indicate possible data corruption (as in,
* the data have been touched). On all
* errors, the crp_sid may have changed
* (reset to a new one), so the caller
* should always check and use the new
* value on future requests.
*/
int crp_flags;
#define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains, otherwise contig */
#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */
#define CRYPTO_F_REL 0x0004 /* Must return data in same place */
#define CRYPTO_F_NOQUEUE 0x0008 /* Don't use crypto queue/thread */
#define CRYPTO_F_DONE 0x0010 /* request completed */
void *crp_buf; /* Data to be processed */
void *crp_opaque; /* Opaque pointer, passed along */
struct cryptodesc *crp_desc; /* Linked list of processing descriptors */
int (*crp_callback)(struct cryptop *); /* Callback function */
caddr_t crp_mac;
};
#define CRYPTO_BUF_IOV 0x1
#define CRYPTO_BUF_MBUF 0x2
#define CRYPTO_OP_DECRYPT 0x0
#define CRYPTO_OP_ENCRYPT 0x1
/* bignum parameter, in packed bytes, ... */
struct crparam {
caddr_t crp_p;
u_int crp_nbits;
};
#define CRK_MAXPARAM 8
struct crypt_kop {
u_int crk_op; /* ie. CRK_MOD_EXP or other */
u_int crk_status; /* return status */
u_short crk_iparams; /* # of input parameters */
u_short crk_oparams; /* # of output parameters */
u_int crk_pad1;
struct crparam crk_param[CRK_MAXPARAM];
};
#define CRK_MOD_EXP 0
#define CRK_MOD_EXP_CRT 1
#define CRK_DSA_SIGN 2
#define CRK_DSA_VERIFY 3
#define CRK_DH_COMPUTE_KEY 4
#define CRK_ALGORITHM_MAX 4 /* Keep updated */
#define CRF_MOD_EXP (1 << CRK_MOD_EXP)
#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
struct cryptkop {
struct task krp_task;
u_int krp_op; /* ie. CRK_MOD_EXP or other */
u_int krp_status; /* return status */
u_short krp_iparams; /* # of input parameters */
u_short krp_oparams; /* # of output parameters */
u_int32_t krp_hid;
struct crparam krp_param[CRK_MAXPARAM]; /* kvm */
int (*krp_callback)(struct cryptkop *);
};
/* Crypto capabilities structure */
struct cryptocap {
u_int64_t cc_operations; /* Counter of how many ops done */
u_int64_t cc_bytes; /* Counter of how many bytes done */
u_int64_t cc_koperations; /* How many PK ops done */
u_int32_t cc_sessions; /* How many sessions allocated */
/* Symmetric/hash algorithms supported */
int cc_alg[CRYPTO_ALGORITHM_MAX + 1];
/* Asymmetric algorithms supported */
int cc_kalg[CRK_ALGORITHM_MAX + 1];
int cc_queued; /* Operations queued */
u_int8_t cc_flags;
#define CRYPTOCAP_F_CLEANUP 0x01
#define CRYPTOCAP_F_SOFTWARE 0x02
#define CRYPTOCAP_F_ENCRYPT_MAC 0x04 /* Can do encrypt-then-MAC (IPsec) */
#define CRYPTOCAP_F_MAC_ENCRYPT 0x08 /* Can do MAC-then-encrypt (TLS) */
int (*cc_newsession) (u_int32_t *, struct cryptoini *);
int (*cc_process) (struct cryptop *);
int (*cc_freesession) (u_int64_t);
int (*cc_kprocess) (struct cryptkop *);
};
/*
* ioctl parameter to request creation of a session.
*/
struct session_op {
u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
u_int32_t keylen; /* cipher key */
caddr_t key;
int mackeylen; /* mac key */
caddr_t mackey;
u_int32_t ses; /* returns: session # */
};
/*
* ioctl parameter to request a crypt/decrypt operation against a session.
*/
struct crypt_op {
u_int32_t ses;
u_int16_t op; /* ie. COP_ENCRYPT */
#define COP_ENCRYPT 1
#define COP_DECRYPT 2
u_int16_t flags; /* always 0 */
u_int len;
caddr_t src, dst; /* become iov[] inside kernel */
caddr_t mac; /* must be big enough for chosen MAC */
caddr_t iv;
};
#define CRYPTO_MAX_MAC_LEN 20
/*
* done against open of /dev/crypto, to get a cloned descriptor.
* Please use F_SETFD against the cloned descriptor.
*/
#define CRIOGET _IOWR('c', 100, u_int32_t)
/* the following are done against the cloned descriptor */
#define CIOCGSESSION _IOWR('c', 101, struct session_op)
#define CIOCFSESSION _IOW('c', 102, u_int32_t)
#define CIOCCRYPT _IOWR('c', 103, struct crypt_op)
#define CIOCKEY _IOWR('c', 104, struct crypt_kop)
#define CIOCASYMFEAT _IOR('c', 105, u_int32_t)
#ifdef _KERNEL
int crypto_newsession(u_int64_t *, struct cryptoini *, int);
int crypto_freesession(u_int64_t);
int crypto_dispatch(struct cryptop *);
int crypto_kdispatch(struct cryptkop *);
int crypto_register(u_int32_t, int *,
int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t),
int (*)(struct cryptop *));
int crypto_kregister(u_int32_t, int *, int (*)(struct cryptkop *));
int crypto_unregister(u_int32_t, int);
int32_t crypto_get_driverid(u_int8_t);
int crypto_invoke(struct cryptop *);
int crypto_kinvoke(struct cryptkop *);
void crypto_done(struct cryptop *);
void crypto_kdone(struct cryptkop *);
int crypto_getfeat(int *);
void cuio_copydata(struct uio *, int, int, caddr_t);
void cuio_copyback(struct uio *, int, int, const void *);
int cuio_getptr(struct uio *, int, int *);
int cuio_apply(struct uio *, int, int,
int (*f)(caddr_t, caddr_t, unsigned int), caddr_t);
struct cryptop *crypto_getreq(int);
void crypto_freereq(struct cryptop *);
#endif /* _KERNEL */
#endif /* _CRYPTO_CRYPTO_H_ */
include/crypto/cryptosoft.h
+74
View File
@@ -0,0 +1,74 @@
/* $OpenBSD: cryptosoft.h,v 1.14 2012/12/07 17:03:22 mikeb Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
* This code was written by Angelos D. Keromytis in Athens, Greece, in
* February 2000. Network Security Technologies Inc. (NSTI) kindly
* supported the development of this code.
*
* Copyright (c) 2000 Angelos D. Keromytis
*
* Permission to use, copy, and modify this software with or without fee
* is hereby granted, provided that this entire notice is included in
* all source code copies of any software which is or includes a copy or
* modification of this software.
*
* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
* PURPOSE.
*/
#ifndef _CRYPTO_CRYPTOSOFT_H_
#define _CRYPTO_CRYPTOSOFT_H_
/* Software session entry */
struct swcr_data {
int sw_alg; /* Algorithm */
union {
struct {
u_int8_t *SW_ictx;
u_int8_t *SW_octx;
u_int32_t SW_klen;
struct auth_hash *SW_axf;
} SWCR_AUTH;
struct {
u_int8_t *SW_kschedule;
struct enc_xform *SW_exf;
} SWCR_ENC;
struct {
u_int32_t SW_size;
struct comp_algo *SW_cxf;
} SWCR_COMP;
} SWCR_UN;
#define sw_ictx SWCR_UN.SWCR_AUTH.SW_ictx
#define sw_octx SWCR_UN.SWCR_AUTH.SW_octx
#define sw_klen SWCR_UN.SWCR_AUTH.SW_klen
#define sw_axf SWCR_UN.SWCR_AUTH.SW_axf
#define sw_kschedule SWCR_UN.SWCR_ENC.SW_kschedule
#define sw_exf SWCR_UN.SWCR_ENC.SW_exf
#define sw_size SWCR_UN.SWCR_COMP.SW_size
#define sw_cxf SWCR_UN.SWCR_COMP.SW_cxf
struct swcr_data *sw_next;
};
#ifdef _KERNEL
extern const u_int8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN];
extern const u_int8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN];
int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
int swcr_authcompute(struct cryptop *, struct cryptodesc *, struct swcr_data *,
caddr_t, int);
int swcr_authenc(struct cryptop *);
int swcr_compdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
int swcr_process(struct cryptop *);
int swcr_newsession(u_int32_t *, struct cryptoini *);
int swcr_freesession(u_int64_t);
void swcr_init(void);
#endif /* _KERNEL */
#endif /* _CRYPTO_CRYPTO_H_ */
include/crypto/gmac.h
+49
View File
@@ -0,0 +1,49 @@
/* $OpenBSD: gmac.h,v 1.6 2017/05/02 11:44:32 mikeb Exp $ */
/*
* Copyright (c) 2010 Mike Belopuhov
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _GMAC_H_
#define _GMAC_H_
#include <crypto/aes.h>
#define GMAC_BLOCK_LEN 16
#define GMAC_DIGEST_LEN 16
typedef struct _GHASH_CTX {
uint8_t H[GMAC_BLOCK_LEN]; /* hash subkey */
uint8_t S[GMAC_BLOCK_LEN]; /* state */
uint8_t Z[GMAC_BLOCK_LEN]; /* initial state */
} GHASH_CTX;
typedef struct _AES_GMAC_CTX {
GHASH_CTX ghash;
AES_CTX K;
uint8_t J[GMAC_BLOCK_LEN]; /* counter block */
} AES_GMAC_CTX;
__BEGIN_DECLS
extern void (*ghash_update)(GHASH_CTX *, uint8_t *, size_t);
void AES_GMAC_Init(void *);
void AES_GMAC_Setkey(void *, const uint8_t *, uint16_t);
void AES_GMAC_Reinit(void *, const uint8_t *, uint16_t);
int AES_GMAC_Update(void *, const uint8_t *, uint16_t);
void AES_GMAC_Final(uint8_t [GMAC_DIGEST_LEN], void *);
__END_DECLS
#endif /* _GMAC_H_ */
include/crypto/hmac.h
+65
View File
@@ -0,0 +1,65 @@
/* $OpenBSD: hmac.h,v 1.3 2012/12/05 23:20:15 deraadt Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _HMAC_H_
#define _HMAC_H_
typedef struct _HMAC_MD5_CTX {
MD5_CTX ctx;
u_int8_t key[MD5_BLOCK_LENGTH];
u_int key_len;
} HMAC_MD5_CTX;
typedef struct _HMAC_SHA1_CTX {
SHA1_CTX ctx;
u_int8_t key[SHA1_BLOCK_LENGTH];
u_int key_len;
} HMAC_SHA1_CTX;
typedef struct _HMAC_SHA256_CTX {
SHA2_CTX ctx;
u_int8_t key[SHA256_BLOCK_LENGTH];
u_int key_len;
} HMAC_SHA256_CTX;
__BEGIN_DECLS
void HMAC_MD5_Init(HMAC_MD5_CTX *, const u_int8_t *, u_int)
__attribute__((__bounded__(__string__,2,3)));
void HMAC_MD5_Update(HMAC_MD5_CTX *, const u_int8_t *, u_int)
__attribute__((__bounded__(__string__,2,3)));
void HMAC_MD5_Final(u_int8_t [MD5_DIGEST_LENGTH], HMAC_MD5_CTX *)
__attribute__((__bounded__(__minbytes__,1,MD5_DIGEST_LENGTH)));
void HMAC_SHA1_Init(HMAC_SHA1_CTX *, const u_int8_t *, u_int)
__attribute__((__bounded__(__string__,2,3)));
void HMAC_SHA1_Update(HMAC_SHA1_CTX *, const u_int8_t *, u_int)
__attribute__((__bounded__(__string__,2,3)));
void HMAC_SHA1_Final(u_int8_t [SHA1_DIGEST_LENGTH], HMAC_SHA1_CTX *)
__attribute__((__bounded__(__minbytes__,1,SHA1_DIGEST_LENGTH)));
void HMAC_SHA256_Init(HMAC_SHA256_CTX *, const u_int8_t *, u_int)
__attribute__((__bounded__(__string__,2,3)));
void HMAC_SHA256_Update(HMAC_SHA256_CTX *, const u_int8_t *, u_int)
__attribute__((__bounded__(__string__,2,3)));
void HMAC_SHA256_Final(u_int8_t [SHA256_DIGEST_LENGTH], HMAC_SHA256_CTX *)
__attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH)));
__END_DECLS
#endif /* _HMAC_H_ */
include/crypto/idgen.h
+33
View File
@@ -0,0 +1,33 @@
/* $OpenBSD: idgen.h,v 1.3 2013/06/05 05:45:54 djm Exp $ */
/*
* Copyright (c) 2008 Damien Miller <djm@mindrot.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#define IDGEN32_ROUNDS 31
#define IDGEN32_KEYLEN 32
#define IDGEN32_REKEY_LIMIT 0x60000000
#define IDGEN32_REKEY_TIME 600
struct idgen32_ctx {
u_int32_t id32_counter;
u_int32_t id32_offset;
u_int32_t id32_hibit;
u_int8_t id32_key[IDGEN32_KEYLEN];
time_t id32_rekey_time;
};
void idgen32_init(struct idgen32_ctx *);
u_int32_t idgen32(struct idgen32_ctx *);
include/crypto/key_wrap.h
+36
View File
@@ -0,0 +1,36 @@
/* $OpenBSD: key_wrap.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _KEY_WRAP_H_
#define _KEY_WRAP_H_
typedef struct _aes_key_wrap_ctx {
AES_CTX ctx;
} aes_key_wrap_ctx;
__BEGIN_DECLS
void aes_key_wrap_set_key(aes_key_wrap_ctx *, const u_int8_t *, size_t);
void aes_key_wrap_set_key_wrap_only(aes_key_wrap_ctx *, const u_int8_t *,
size_t);
void aes_key_wrap(aes_key_wrap_ctx *, const u_int8_t *, size_t, u_int8_t *);
int aes_key_unwrap(aes_key_wrap_ctx *, const u_int8_t *, u_int8_t *,
size_t);
__END_DECLS
#endif /* _KEY_WRAP_H_ */
include/crypto/md5.h
+38
View File
@@ -0,0 +1,38 @@
/* $OpenBSD: md5.h,v 1.3 2014/11/16 17:39:09 tedu Exp $ */
/*
* This code implements the MD5 message-digest algorithm.
* The algorithm is due to Ron Rivest. This code was
* written by Colin Plumb in 1993, no copyright is claimed.
* This code is in the public domain; do with it what you wish.
*
* Equivalent code is available from RSA Data Security, Inc.
* This code has been tested against that, and is equivalent,
* except that you don't need to include two pages of legalese
* with every copy.
*/
#ifndef _MD5_H_
#define _MD5_H_
#define MD5_BLOCK_LENGTH 64
#define MD5_DIGEST_LENGTH 16
typedef struct MD5Context {
u_int32_t state[4]; /* state */
u_int64_t count; /* number of bits, mod 2^64 */
u_int8_t buffer[MD5_BLOCK_LENGTH]; /* input buffer */
} MD5_CTX;
__BEGIN_DECLS
void MD5Init(MD5_CTX *);
void MD5Update(MD5_CTX *, const void *, size_t)
__attribute__((__bounded__(__string__,2,3)));
void MD5Final(u_int8_t [MD5_DIGEST_LENGTH], MD5_CTX *)
__attribute__((__bounded__(__minbytes__,1,MD5_DIGEST_LENGTH)));
void MD5Transform(u_int32_t [4], const u_int8_t [MD5_BLOCK_LENGTH])
__attribute__((__bounded__(__minbytes__,1,4)))
__attribute__((__bounded__(__minbytes__,2,MD5_BLOCK_LENGTH)));
__END_DECLS
#endif /* _MD5_H_ */
include/crypto/poly1305.h
+27
View File
@@ -0,0 +1,27 @@
/* $OpenBSD: poly1305.h,v 1.2 2020/07/22 13:54:30 tobhe Exp $ */
/*
* Public Domain poly1305 from Andrew Moon
*
* poly1305 implementation using 32 bit * 32 bit = 64 bit multiplication
* and 64 bit addition from https://github.com/floodyberry/poly1305-donna
*/
#ifndef _POLY1305_H_
#define _POLY1305_H_
#define poly1305_block_size 16
typedef struct poly1305_state {
unsigned long r[5];
unsigned long h[5];
unsigned long pad[4];
size_t leftover;
unsigned char buffer[poly1305_block_size];
unsigned char final;
} poly1305_state;
void poly1305_init(poly1305_state *, const unsigned char[32]);
void poly1305_update(poly1305_state *, const unsigned char *, size_t);
void poly1305_finish(poly1305_state *, unsigned char[16]);
#endif /* _POLY1305_H_ */
include/crypto/rijndael.h
+58
View File
@@ -0,0 +1,58 @@
/* $OpenBSD: rijndael.h,v 1.13 2008/06/09 07:49:45 djm Exp $ */
/**
* rijndael-alg-fst.h
*
* @version 3.0 (December 2000)
*
* Optimised ANSI C code for the Rijndael cipher (now AES)
*
* @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
* @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
* @author Paulo Barreto <paulo.barreto@terra.com.br>
*
* This code is hereby placed in the public domain.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __RIJNDAEL_H
#define __RIJNDAEL_H
#define AES_MAXKEYBITS (256)
#define AES_MAXKEYBYTES (AES_MAXKEYBITS/8)
/* for 256-bit keys, fewer for less */
#define AES_MAXROUNDS 14
typedef unsigned char u8;
typedef unsigned short u16;
typedef unsigned int u32;
/* The structure for key information */
typedef struct {
int enc_only; /* context contains only encrypt schedule */
int Nr; /* key-length-dependent number of rounds */
u32 ek[4*(AES_MAXROUNDS + 1)]; /* encrypt key schedule */
u32 dk[4*(AES_MAXROUNDS + 1)]; /* decrypt key schedule */
} rijndael_ctx;
int rijndael_set_key(rijndael_ctx *, const u_char *, int);
int rijndael_set_key_enc_only(rijndael_ctx *, const u_char *, int);
void rijndael_decrypt(rijndael_ctx *, const u_char *, u_char *);
void rijndael_encrypt(rijndael_ctx *, const u_char *, u_char *);
int rijndaelKeySetupEnc(unsigned int [], const unsigned char [], int);
int rijndaelKeySetupDec(unsigned int [], const unsigned char [], int);
void rijndaelEncrypt(const unsigned int [], int, const unsigned char [],
unsigned char []);
#endif /* __RIJNDAEL_H */
include/crypto/rmd160.h
+49
View File
@@ -0,0 +1,49 @@
/* $OpenBSD: rmd160.h,v 1.5 2009/07/05 19:33:46 millert Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _RMD160_H
#define _RMD160_H
#define RMD160_BLOCK_LENGTH 64
#define RMD160_DIGEST_LENGTH 20
/* RMD160 context. */
typedef struct RMD160Context {
u_int32_t state[5]; /* state */
u_int64_t count; /* number of bits, mod 2^64 */
u_char buffer[RMD160_BLOCK_LENGTH]; /* input buffer */
} RMD160_CTX;
__BEGIN_DECLS
void RMD160Init(RMD160_CTX *);
void RMD160Transform(u_int32_t [5], const u_char [RMD160_BLOCK_LENGTH])
__attribute__((__bounded__(__minbytes__,1,5)))
__attribute__((__bounded__(__minbytes__,2,RMD160_BLOCK_LENGTH)));
void RMD160Update(RMD160_CTX *, const u_char *, u_int32_t)
__attribute__((__bounded__(__string__,2,3)));
void RMD160Final(u_char [RMD160_DIGEST_LENGTH], RMD160_CTX *)
__attribute__((__bounded__(__minbytes__,1,RMD160_DIGEST_LENGTH)));
__END_DECLS
#endif /* _RMD160_H */
include/crypto/sha1.h
+26
View File
@@ -0,0 +1,26 @@
/* $OpenBSD: sha1.h,v 1.6 2014/11/16 17:39:09 tedu Exp $ */
/*
* SHA-1 in C
* By Steve Reid <steve@edmweb.com>
* 100% Public Domain
*/
#ifndef _SHA1_H_
#define _SHA1_H_
#define SHA1_BLOCK_LENGTH 64
#define SHA1_DIGEST_LENGTH 20
typedef struct {
u_int32_t state[5];
u_int64_t count;
unsigned char buffer[SHA1_BLOCK_LENGTH];
} SHA1_CTX;
void SHA1Init(SHA1_CTX * context);
void SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH]);
void SHA1Update(SHA1_CTX *context, const void *data, unsigned int len);
void SHA1Final(unsigned char digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context);
#endif /* _SHA1_H_ */
include/crypto/sha2.h
+83
View File
@@ -0,0 +1,83 @@
/* $OpenBSD: sha2.h,v 1.5 2014/11/16 17:39:09 tedu Exp $ */
/*
* FILE: sha2.h
* AUTHOR: Aaron D. Gifford <me@aarongifford.com>
*
* Copyright (c) 2000-2001, Aaron D. Gifford
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the copyright holder nor the names of contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
*/
#ifndef _SHA2_H
#define _SHA2_H
/*** SHA-256/384/512 Various Length Definitions ***********************/
#define SHA256_BLOCK_LENGTH 64
#define SHA256_DIGEST_LENGTH 32
#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1)
#define SHA384_BLOCK_LENGTH 128
#define SHA384_DIGEST_LENGTH 48
#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1)
#define SHA512_BLOCK_LENGTH 128
#define SHA512_DIGEST_LENGTH 64
#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1)
/*** SHA-256/384/512 Context Structure *******************************/
typedef struct _SHA2_CTX {
union {
u_int32_t st32[8];
u_int64_t st64[8];
} state;
u_int64_t bitcount[2];
u_int8_t buffer[SHA512_BLOCK_LENGTH];
} SHA2_CTX;
__BEGIN_DECLS
void SHA256Init(SHA2_CTX *);
void SHA256Update(SHA2_CTX *, const void *, size_t)
__attribute__((__bounded__(__string__,2,3)));
void SHA256Final(u_int8_t[SHA256_DIGEST_LENGTH], SHA2_CTX *)
__attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH)));
void SHA384Init(SHA2_CTX *);
void SHA384Update(SHA2_CTX *, const void *, size_t)
__attribute__((__bounded__(__string__,2,3)));
void SHA384Final(u_int8_t[SHA384_DIGEST_LENGTH], SHA2_CTX *)
__attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH)));
void SHA512Init(SHA2_CTX *);
void SHA512Update(SHA2_CTX *, const void *, size_t)
__attribute__((__bounded__(__string__,2,3)));
void SHA512Final(u_int8_t[SHA512_DIGEST_LENGTH], SHA2_CTX *)
__attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH)));
__END_DECLS
#endif /* _SHA2_H */
include/crypto/siphash.h
+87
View File
@@ -0,0 +1,87 @@
/* $OpenBSD: siphash.h,v 1.5 2015/02/20 11:51:03 tedu Exp $ */
/*-
* Copyright (c) 2013 Andre Oppermann <andre@FreeBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
/*
* SipHash is a family of pseudorandom functions (a.k.a. keyed hash functions)
* optimized for speed on short messages returning a 64bit hash/digest value.
*
* The number of rounds is defined during the initialization:
* SipHash24_Init() for the fast and resonable strong version
* SipHash48_Init() for the strong version (half as fast)
*
* struct SIPHASH_CTX ctx;
* SipHash24_Init(&ctx);
* SipHash_SetKey(&ctx, "16bytes long key");
* SipHash_Update(&ctx, pointer_to_string, length_of_string);
* SipHash_Final(output, &ctx);
*/
#ifndef _SIPHASH_H_
#define _SIPHASH_H_
#define SIPHASH_BLOCK_LENGTH 8
#define SIPHASH_KEY_LENGTH 16
#define SIPHASH_DIGEST_LENGTH 8
typedef struct _SIPHASH_CTX {
uint64_t v[4];
uint8_t buf[SIPHASH_BLOCK_LENGTH];
uint32_t bytes;
} SIPHASH_CTX;
typedef struct {
uint64_t k0;
uint64_t k1;
} SIPHASH_KEY;
void SipHash_Init(SIPHASH_CTX *, const SIPHASH_KEY *);
void SipHash_Update(SIPHASH_CTX *, int, int, const void *, size_t)
__bounded((__buffer__, 4, 5));
uint64_t SipHash_End(SIPHASH_CTX *, int, int);
void SipHash_Final(void *, SIPHASH_CTX *, int, int)
__bounded((__minbytes__, 1, SIPHASH_DIGEST_LENGTH));
uint64_t SipHash(const SIPHASH_KEY *, int, int, const void *, size_t)
__bounded((__buffer__, 4, 5));
#define SipHash24_Init(_c, _k) SipHash_Init((_c), (_k))
#define SipHash24_Update(_c, _p, _l) SipHash_Update((_c), 2, 4, (_p), (_l))
#define SipHash24_End(_d) SipHash_End((_d), 2, 4)
#define SipHash24_Final(_d, _c) SipHash_Final((_d), (_c), 2, 4)
#define SipHash24(_k, _p, _l) SipHash((_k), 2, 4, (_p), (_l))
#define SipHash48_Init(_c, _k) SipHash_Init((_c), (_k))
#define SipHash48_Update(_c, _p, _l) SipHash_Update((_c), 4, 8, (_p), (_l))
#define SipHash48_End(_d) SipHash_End((_d), 4, 8)
#define SipHash48_Final(_d, _c) SipHash_Final((_d), (_c), 4, 8)
#define SipHash48(_k, _p, _l) SipHash((_k), 4, 8, (_p), (_l))
#endif /* _SIPHASH_H_ */
include/crypto/xform.h
+111
View File
@@ -0,0 +1,111 @@
/* $OpenBSD: xform.h,v 1.32 2021/10/22 12:30:53 bluhm Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
* This code was written by Angelos D. Keromytis in Athens, Greece, in
* February 2000. Network Security Technologies Inc. (NSTI) kindly
* supported the development of this code.
*
* Copyright (c) 2000 Angelos D. Keromytis
*
* Permission to use, copy, and modify this software with or without fee
* is hereby granted, provided that this entire notice is included in
* all source code copies of any software which is or includes a copy or
* modification of this software.
*
* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
* PURPOSE.
*/
#ifndef _CRYPTO_XFORM_H_
#define _CRYPTO_XFORM_H_
#include <crypto/md5.h>
#include <crypto/sha1.h>
#include <crypto/rmd160.h>
#include <crypto/sha2.h>
#include <crypto/gmac.h>
#define AESCTR_NONCESIZE 4
#define AESCTR_IVSIZE 8
#define AESCTR_BLOCKSIZE 16
#define AES_XTS_BLOCKSIZE 16
#define AES_XTS_IVSIZE 8
#define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */
/* Declarations */
struct auth_hash {
int type;
char *name;
u_int16_t keysize;
u_int16_t hashsize;
u_int16_t authsize;
u_int16_t ctxsize;
u_int16_t blocksize;
void (*Init) (void *);
void (*Setkey) (void *, const u_int8_t *, u_int16_t);
void (*Reinit) (void *, const u_int8_t *, u_int16_t);
int (*Update) (void *, const u_int8_t *, u_int16_t);
void (*Final) (u_int8_t *, void *);
};
struct enc_xform {
int type;
char *name;
u_int16_t blocksize;
u_int16_t ivsize;
u_int16_t minkey;
u_int16_t maxkey;
u_int16_t ctxsize;
void (*encrypt) (caddr_t, u_int8_t *);
void (*decrypt) (caddr_t, u_int8_t *);
int (*setkey) (void *, u_int8_t *, int len);
void (*reinit) (caddr_t, u_int8_t *);
};
struct comp_algo {
int type;
char *name;
size_t minlen;
u_int32_t (*compress) (u_int8_t *, u_int32_t, u_int8_t **);
u_int32_t (*decompress) (u_int8_t *, u_int32_t, u_int8_t **);
};
union authctx {
MD5_CTX md5ctx;
SHA1_CTX sha1ctx;
RMD160_CTX rmd160ctx;
SHA2_CTX sha2_ctx;
AES_GMAC_CTX aes_gmac_ctx;
};
extern const struct enc_xform enc_xform_3des;
extern const struct enc_xform enc_xform_blf;
extern const struct enc_xform enc_xform_cast5;
extern const struct enc_xform enc_xform_aes;
extern const struct enc_xform enc_xform_aes_ctr;
extern const struct enc_xform enc_xform_aes_gcm;
extern const struct enc_xform enc_xform_aes_gmac;
extern const struct enc_xform enc_xform_aes_xts;
extern const struct enc_xform enc_xform_chacha20_poly1305;
extern const struct enc_xform enc_xform_null;
extern const struct auth_hash auth_hash_hmac_md5_96;
extern const struct auth_hash auth_hash_hmac_sha1_96;
extern const struct auth_hash auth_hash_hmac_ripemd_160_96;
extern const struct auth_hash auth_hash_hmac_sha2_256_128;
extern const struct auth_hash auth_hash_hmac_sha2_384_192;
extern const struct auth_hash auth_hash_hmac_sha2_512_256;
extern const struct auth_hash auth_hash_gmac_aes_128;
extern const struct auth_hash auth_hash_gmac_aes_192;
extern const struct auth_hash auth_hash_gmac_aes_256;
extern const struct auth_hash auth_hash_chacha20_poly1305;
extern const struct comp_algo comp_algo_deflate;
#endif /* _CRYPTO_XFORM_H_ */
include/nuttx/crypto/aes.h
-171
View File
@@ -1,171 +0,0 @@
/****************************************************************************
* include/nuttx/crypto/aes.h
*
* Copyright (C) 2011 Texas Instruments Incorporated - http://www.ti.com/
* Extracted from the CC3000 Host Driver Implementation.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the
* distribution.
*
* Neither the name of Texas Instruments Incorporated nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
****************************************************************************/
#ifndef __INCLUDE_NUTTX_CRYPTO_AES_H
#define __INCLUDE_NUTTX_CRYPTO_AES_H
/****************************************************************************
* Included Files
****************************************************************************/
#include <nuttx/config.h>
#include <stdint.h>
/****************************************************************************
* Pre-processor Definitions
****************************************************************************/
#define AES128_KEY_SIZE 16
/****************************************************************************
* Public Types
****************************************************************************/
struct aes_state_s
{
uint8_t expanded_key[176];
};
/****************************************************************************
* Public Data
****************************************************************************/
#ifdef __cplusplus
extern "C"
{
#endif
/****************************************************************************
* Public Function Prototypes
****************************************************************************/
/****************************************************************************
* Name: aes_encrypt
*
* Description:
* AES128 encryption: Given AES128 key and 16 bytes plain text, cipher
* text of 16 bytes is computed. The AES implementation is in mode ECB
* (Electronic Code Book).
*
* Input Parameters:
* key AES128 key of size 16 bytes
* state 16 bytes of plain text and cipher text
*
* Returned Value:
* None
*
****************************************************************************/
void aes_encrypt(FAR uint8_t *state, FAR const uint8_t *key);
/****************************************************************************
* Name: aes_decrypt
*
* Description:
* AES128 decryption: Given AES128 key and 16 bytes cipher text, plain
* text of 16 bytes is computed The AES implementation is in mode ECB
* (Electronic Code Book).
*
* Input Parameters:
* key AES128 key of size 16 bytes
* state 16 bytes of plain text and cipher text
*
* Returned Value:
* None
*
****************************************************************************/
void aes_decrypt(FAR uint8_t *state, FAR const uint8_t *key);
/****************************************************************************
* Name: aes_setupkey
*
* Description:
* Configure the given AES context for operation with the selected key.
*
* Input Parameters:
* state an AES context that can be used for AES operations
* key a pointer to a 16-byte buffer holding the AES-128 key
* len length of the key, must be 16
*
* TODO: Support other key lengths of 24 (AES-192) and 32 (AES-256)
*
* Returned Value:
* 0 if OK
* -EINVAL if len is not 16
*
****************************************************************************/
int aes_setupkey(FAR struct aes_state_s *state, FAR const uint8_t *key,
int len);
/****************************************************************************
* Name: aes_encipher
*
* Description:
* Encipher some 16-byte blocks (without any operation mode) using the
* previously defined key. The function can be called multiple times with
* the same state parameter.
*
* Returned Value:
* None
*
****************************************************************************/
void aes_encipher(FAR struct aes_state_s *state, FAR uint8_t *blocks,
int nblk);
/****************************************************************************
* Name: aes_decipher
*
* Description:
* Decipher some 16-byte blocks (without any operation mode) using the
* previously defined key. The function can be called multiple times with
* the same state parameter.
*
* Returned Value:
* None
*
****************************************************************************/
void aes_decipher(FAR struct aes_state_s *state, FAR uint8_t *blocks,
int nblk);
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* __INCLUDE_NUTTX_CRYPTO_AES_H */
include/nuttx/crypto/cryptodev.h
-80
View File
@@ -1,80 +0,0 @@
/****************************************************************************
* include/nuttx/crypto/cryptodev.h
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership. The
* ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the
* License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*
****************************************************************************/
#ifndef __INCLUDE_NUTTX_CRYPTO_CRYPTODEV_H
#define __INCLUDE_NUTTX_CRYPTO_CRYPTODEV_H
/****************************************************************************
* Included Files
****************************************************************************/
#include <nuttx/config.h>
/****************************************************************************
* Pre-processor Definitions
****************************************************************************/
#define RIJNDAEL128_BLOCK_LEN 16
#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN
#define CRYPTO_ALGORITHM_MIN 1
#define CRYPTO_AES_ECB 1
#define CRYPTO_AES_CBC 2
#define CRYPTO_AES_CTR 3
#define CRYPTO_ALGORITHM_MAX 1
#define CRYPTO_FLAG_HARDWARE 0x01000000 /* hardware accelerated */
#define CRYPTO_FLAG_SOFTWARE 0x02000000 /* software implementation */
#define COP_ENCRYPT 1
#define COP_DECRYPT 2
#define COP_F_BATCH 0x0008 /* Batch op if possible */
#define CIOCGSESSION 101
#define CIOCFSESSION 102
#define CIOCCRYPT 103
typedef char *caddr_t;
struct session_op
{
uint32_t cipher; /* ie. CRYPTO_AES_EBC */
uint32_t mac;
uint32_t keylen; /* cipher key */
caddr_t key;
int mackeylen; /* mac key */
caddr_t mackey;
uint32_t ses; /* returns: session # */
};
struct crypt_op
{
uint32_t ses;
uint16_t op; /* i.e. COP_ENCRYPT */
uint16_t flags;
unsigned len;
caddr_t src, dst; /* become iov[] inside kernel */
caddr_t mac; /* must be big enough for chosen MAC */
caddr_t iv;
};
#endif /* __INCLUDE_NUTTX_CRYPTO_CRYPTODEV_H */