diff options
Diffstat (limited to 'crypto')
65 files changed, 0 insertions, 15065 deletions
diff --git a/crypto/Makefile b/crypto/Makefile deleted file mode 100644 index d7ac61f..0000000 --- a/crypto/Makefile +++ /dev/null @@ -1,130 +0,0 @@ -# Makefile for libcryptomodule.a -# -# David A. McGrew -# Cisco Systems, Inc. - -srcdir = . -top_srcdir = .. -top_builddir = ../ - - -CC = gcc -INCDIR = -Iinclude -I$(srcdir)/include -DEFS = -DHAVE_CONFIG_H -CPPFLAGS= -CFLAGS = -Wall -O4 -fexpensive-optimizations -funroll-loops -LIBS = -LDFLAGS = -L. -COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS) -CRYPTOLIB = -lcryptomodule - -RANLIB = ranlib - -# EXE defines the suffix on executables - it's .exe for cygwin, and -# null on linux, bsd, and OS X and other OSes. we define this so that -# `make clean` will work on the cygwin platform -EXE = -# Random source. -RNG_OBJS = rand_source.o - -ifdef ARCH - DEFS += -D$(ARCH)=1 -endif - -ifdef sysname - DEFS += -D$(sysname)=1 -endif - -.PHONY: dummy all runtest clean superclean - -dummy : all runtest - -# test applications - -testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \ - test/stat_driver$(EXE) test/sha1_driver$(EXE) \ - test/kernel_driver$(EXE) test/aes_calc$(EXE) test/rand_gen$(EXE) \ - test/env$(EXE) - -# data values used to test the aes_calc application - -k=000102030405060708090a0b0c0d0e0f -p=00112233445566778899aabbccddeeff -c=69c4e0d86a7b0430d8cdb78070b4c55a - -runtest: libcryptomodule.a $(testapp) - test/env$(EXE) # print out information on the build environment - @echo "running libcryptomodule test applications..." - test `test/aes_calc $k $p` = $c - test/cipher_driver$(EXE) -v >/dev/null - test/datatypes_driver$(EXE) -v >/dev/null - test/stat_driver$(EXE) >/dev/null - test/sha1_driver$(EXE) -v >/dev/null - test/kernel_driver$(EXE) -v >/dev/null - test/rand_gen$(EXE) -n 256 >/dev/null - @echo "libcryptomodule test applications passed." - -# libcryptomodule.a (the crypto engine) - -ciphers = cipher/cipher.o cipher/null_cipher.o \ - cipher/aes.o cipher/aes_icm.o \ - cipher/aes_cbc.o - -hashes = hash/null_auth.o hash/sha1.o \ - hash/hmac.o hash/auth.o - -math = math/datatypes.o math/stat.o - -rng = rng/$(RNG_OBJS) rng/rand_source.o rng/prng.o rng/ctr_prng.o - -err = kernel/err.o - -kernel = kernel/crypto_kernel.o kernel/alloc.o \ - kernel/key.o $(rng) $(err) - -xfm = ae_xfm/xfm.o - -cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(xfm) - -# the rule for making object files and test apps - -%.o: %.c - $(COMPILE) -c $< -o $@ - -%$(EXE): %.c libcryptomodule.a - $(COMPILE) $(LDFLAGS) $< -o $@ $(CRYPTOLIB) $(LIBS) - -ifndef AR - AR=ar -endif - -# and the crypto module library itself - -libcryptomodule.a: $(cryptobj) - $(AR) cr libcryptomodule.a $(cryptobj) - $(RANLIB) libcryptomodule.a - -all: libcryptomodule.a $(testapp) - -# housekeeping functions - -clean: - rm -f libcryptomodule.a - rm -f $(testapp) *.o */*.o - for a in * .* */*; do if [ -f "$$a~" ] ; then rm $$a~; fi; done; - rm -f `find . -name "*.[ch]~*~"` - rm -rf latex - -superclean: clean - rm -f *core TAGS ktrace.out - - -# the target 'package' builds a compressed tar archive of the source code - -distname = crypto-$(shell cat VERSION) - -package: superclean - cd ..; tar cvzf $(distname).tgz crypto/ - - -# EOF diff --git a/crypto/Makefile.in b/crypto/Makefile.in deleted file mode 100644 index c14dba5..0000000 --- a/crypto/Makefile.in +++ /dev/null @@ -1,130 +0,0 @@ -# Makefile for libcryptomodule.a -# -# David A. McGrew -# Cisco Systems, Inc. - -srcdir = @srcdir@ -top_srcdir = @top_srcdir@ -top_builddir = @top_builddir@ -VPATH = @srcdir@ - -CC = @CC@ -INCDIR = -Iinclude -I$(srcdir)/include -DEFS = @DEFS@ -CPPFLAGS= @CPPFLAGS@ -CFLAGS = @CFLAGS@ -LIBS = @LIBS@ -LDFLAGS = @LDFLAGS@ -L. -COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS) -CRYPTOLIB = -lcryptomodule - -RANLIB = @RANLIB@ - -# EXE defines the suffix on executables - it's .exe for cygwin, and -# null on linux, bsd, and OS X and other OSes. we define this so that -# `make clean` will work on the cygwin platform -EXE = @EXE@ -# Random source. -RNG_OBJS = @RNG_OBJS@ - -ifdef ARCH - DEFS += -D$(ARCH)=1 -endif - -ifdef sysname - DEFS += -D$(sysname)=1 -endif - -.PHONY: dummy all runtest clean superclean - -dummy : all runtest - -# test applications - -testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \ - test/stat_driver$(EXE) test/sha1_driver$(EXE) \ - test/kernel_driver$(EXE) test/aes_calc$(EXE) test/rand_gen$(EXE) \ - test/env$(EXE) - -# data values used to test the aes_calc application - -k=000102030405060708090a0b0c0d0e0f -p=00112233445566778899aabbccddeeff -c=69c4e0d86a7b0430d8cdb78070b4c55a - -runtest: libcryptomodule.a $(testapp) - test/env$(EXE) # print out information on the build environment - @echo "running libcryptomodule test applications..." - test `test/aes_calc $k $p` = $c - test/cipher_driver$(EXE) -v >/dev/null - test/datatypes_driver$(EXE) -v >/dev/null - test/stat_driver$(EXE) >/dev/null - test/sha1_driver$(EXE) -v >/dev/null - test/kernel_driver$(EXE) -v >/dev/null - test/rand_gen$(EXE) -n 256 >/dev/null - @echo "libcryptomodule test applications passed." - -# libcryptomodule.a (the crypto engine) - -ciphers = cipher/cipher.o cipher/null_cipher.o \ - cipher/aes.o cipher/aes_icm.o \ - cipher/aes_cbc.o - -hashes = hash/null_auth.o hash/sha1.o \ - hash/hmac.o hash/auth.o - -math = math/datatypes.o math/stat.o - -rng = rng/$(RNG_OBJS) rng/rand_source.o rng/prng.o rng/ctr_prng.o - -err = kernel/err.o - -kernel = kernel/crypto_kernel.o kernel/alloc.o \ - kernel/key.o $(rng) $(err) - -xfm = ae_xfm/xfm.o - -cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(xfm) - -# the rule for making object files and test apps - -%.o: %.c - $(COMPILE) -c $< -o $@ - -%$(EXE): %.c libcryptomodule.a - $(COMPILE) $(LDFLAGS) $< -o $@ $(CRYPTOLIB) $(LIBS) - -ifndef AR - AR=ar -endif - -# and the crypto module library itself - -libcryptomodule.a: $(cryptobj) - $(AR) cr libcryptomodule.a $(cryptobj) - $(RANLIB) libcryptomodule.a - -all: libcryptomodule.a $(testapp) - -# housekeeping functions - -clean: - rm -f libcryptomodule.a - rm -f $(testapp) *.o */*.o - for a in * .* */*; do if [ -f "$$a~" ] ; then rm $$a~; fi; done; - rm -f `find . -name "*.[ch]~*~"` - rm -rf latex - -superclean: clean - rm -f *core TAGS ktrace.out - - -# the target 'package' builds a compressed tar archive of the source code - -distname = crypto-$(shell cat VERSION) - -package: superclean - cd ..; tar cvzf $(distname).tgz crypto/ - - -# EOF diff --git a/crypto/VERSION b/crypto/VERSION deleted file mode 100644 index 3eefcb9..0000000 --- a/crypto/VERSION +++ /dev/null @@ -1 +0,0 @@ -1.0.0 diff --git a/crypto/ae_xfm/xfm.c b/crypto/ae_xfm/xfm.c deleted file mode 100644 index 4765b0a..0000000 --- a/crypto/ae_xfm/xfm.c +++ /dev/null @@ -1,571 +0,0 @@ -/* - * xfm.c - * - * Crypto transform implementation - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -#include "cryptoalg.h" -#include "aes_cbc.h" -#include "hmac.h" -#include "crypto_kernel.h" /* for crypto_get_random() */ - -#define KEY_LEN 16 -#define ENC_KEY_LEN 16 -#define MAC_KEY_LEN 16 -#define IV_LEN 16 -#define TAG_LEN 12 -#define MAX_EXPAND 27 - -err_status_t -aes_128_cbc_hmac_sha1_96_func(void *key, - void *clear, - unsigned clear_len, - void *iv, - void *opaque, - unsigned *opaque_len, - void *auth_tag) { - aes_cbc_ctx_t aes_ctx; - hmac_ctx_t hmac_ctx; - unsigned char enc_key[ENC_KEY_LEN]; - unsigned char mac_key[MAC_KEY_LEN]; - err_status_t status; - - /* check if we're doing authentication only */ - if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) { - - /* perform authentication only */ - - } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { - - /* - * bad parameter - we expect either all three pointers to be NULL, - * or none of those pointers to be NULL - */ - return err_status_fail; - - } else { - - /* derive encryption and authentication keys from the input key */ - status = hmac_init(&hmac_ctx, key, KEY_LEN); - if (status) return status; - status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key); - if (status) return status; - - status = hmac_init(&hmac_ctx, key, KEY_LEN); - if (status) return status; - status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key); - if (status) return status; - - - /* perform encryption and authentication */ - - /* set aes key */ - status = aes_cbc_context_init(&aes_ctx, key, direction_encrypt); - if (status) return status; - - /* set iv */ - status = crypto_get_random(iv, IV_LEN); - if (status) return status; - status = aes_cbc_set_iv(&aes_ctx, iv); - - /* encrypt the opaque data */ - status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len); - if (status) return status; - - /* authenticate clear and opaque data */ - status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN); - if (status) return status; - - status = hmac_start(&hmac_ctx); - if (status) return status; - - status = hmac_update(&hmac_ctx, clear, clear_len); - if (status) return status; - - status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag); - if (status) return status; - - } - - return err_status_ok; -} - -err_status_t -aes_128_cbc_hmac_sha1_96_inv(void *key, - void *clear, - unsigned clear_len, - void *iv, - void *opaque, - unsigned *opaque_len, - void *auth_tag) { - aes_cbc_ctx_t aes_ctx; - hmac_ctx_t hmac_ctx; - unsigned char enc_key[ENC_KEY_LEN]; - unsigned char mac_key[MAC_KEY_LEN]; - unsigned char tmp_tag[TAG_LEN]; - unsigned char *tag = auth_tag; - err_status_t status; - int i; - - /* check if we're doing authentication only */ - if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) { - - /* perform authentication only */ - - } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { - - /* - * bad parameter - we expect either all three pointers to be NULL, - * or none of those pointers to be NULL - */ - return err_status_fail; - - } else { - - /* derive encryption and authentication keys from the input key */ - status = hmac_init(&hmac_ctx, key, KEY_LEN); - if (status) return status; - status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key); - if (status) return status; - - status = hmac_init(&hmac_ctx, key, KEY_LEN); - if (status) return status; - status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key); - if (status) return status; - - /* perform encryption and authentication */ - - /* set aes key */ - status = aes_cbc_context_init(&aes_ctx, key, direction_decrypt); - if (status) return status; - - /* set iv */ - status = rand_source_get_octet_string(iv, IV_LEN); - if (status) return status; - status = aes_cbc_set_iv(&aes_ctx, iv); - - /* encrypt the opaque data */ - status = aes_cbc_nist_decrypt(&aes_ctx, opaque, opaque_len); - if (status) return status; - - /* authenticate clear and opaque data */ - status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN); - if (status) return status; - - status = hmac_start(&hmac_ctx); - if (status) return status; - - status = hmac_update(&hmac_ctx, clear, clear_len); - if (status) return status; - - status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, tmp_tag); - if (status) return status; - - /* compare the computed tag with the one provided as input */ - for (i=0; i < TAG_LEN; i++) - if (tmp_tag[i] != tag[i]) - return err_status_auth_fail; - - } - - return err_status_ok; -} - - -#define ENC 1 - -#undef DEBUG -#define DEBUG 0 - -err_status_t -aes_128_cbc_hmac_sha1_96_enc(void *key, - const void *clear, - unsigned clear_len, - void *iv, - void *opaque, - unsigned *opaque_len) { - aes_cbc_ctx_t aes_ctx; - hmac_ctx_t hmac_ctx; - unsigned char enc_key[ENC_KEY_LEN]; - unsigned char mac_key[MAC_KEY_LEN]; - unsigned char *auth_tag; - err_status_t status; - - /* check if we're doing authentication only */ - if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) { - - /* perform authentication only */ - - } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { - - /* - * bad parameter - we expect either all three pointers to be NULL, - * or none of those pointers to be NULL - */ - return err_status_fail; - - } else { - -#if DEBUG - printf("ENC using key %s\n", octet_string_hex_string(key, KEY_LEN)); -#endif - - /* derive encryption and authentication keys from the input key */ - status = hmac_init(&hmac_ctx, key, KEY_LEN); - if (status) return status; - status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key); - if (status) return status; - - status = hmac_init(&hmac_ctx, key, KEY_LEN); - if (status) return status; - status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key); - if (status) return status; - - - /* perform encryption and authentication */ - - /* set aes key */ - status = aes_cbc_context_init(&aes_ctx, key, direction_encrypt); - if (status) return status; - - /* set iv */ - status = rand_source_get_octet_string(iv, IV_LEN); - if (status) return status; - status = aes_cbc_set_iv(&aes_ctx, iv); - if (status) return status; - -#if DEBUG - printf("plaintext len: %d\n", *opaque_len); - printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN)); - printf("plaintext: %s\n", octet_string_hex_string(opaque, *opaque_len)); -#endif - -#if ENC - /* encrypt the opaque data */ - status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len); - if (status) return status; -#endif - -#if DEBUG - printf("ciphertext len: %d\n", *opaque_len); - printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len)); -#endif - - /* - * authenticate clear and opaque data, then write the - * authentication tag to the location immediately following the - * ciphertext - */ - status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN); - if (status) return status; - - status = hmac_start(&hmac_ctx); - if (status) return status; - - status = hmac_update(&hmac_ctx, clear, clear_len); - if (status) return status; -#if DEBUG - printf("hmac input: %s\n", - octet_string_hex_string(clear, clear_len)); -#endif - auth_tag = (unsigned char *)opaque; - auth_tag += *opaque_len; - status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag); - if (status) return status; -#if DEBUG - printf("hmac input: %s\n", - octet_string_hex_string(opaque, *opaque_len)); -#endif - /* bump up the opaque_len to reflect the authentication tag */ - *opaque_len += TAG_LEN; - -#if DEBUG - printf("prot data len: %d\n", *opaque_len); - printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len)); -#endif - } - - return err_status_ok; -} - -err_status_t -aes_128_cbc_hmac_sha1_96_dec(void *key, - const void *clear, - unsigned clear_len, - void *iv, - void *opaque, - unsigned *opaque_len) { - aes_cbc_ctx_t aes_ctx; - hmac_ctx_t hmac_ctx; - unsigned char enc_key[ENC_KEY_LEN]; - unsigned char mac_key[MAC_KEY_LEN]; - unsigned char tmp_tag[TAG_LEN]; - unsigned char *auth_tag; - unsigned ciphertext_len; - err_status_t status; - int i; - - /* check if we're doing authentication only */ - if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) { - - /* perform authentication only */ - - } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { - - /* - * bad parameter - we expect either all three pointers to be NULL, - * or none of those pointers to be NULL - */ - return err_status_fail; - - } else { -#if DEBUG - printf("DEC using key %s\n", octet_string_hex_string(key, KEY_LEN)); -#endif - - /* derive encryption and authentication keys from the input key */ - status = hmac_init(&hmac_ctx, key, KEY_LEN); - if (status) return status; - status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key); - if (status) return status; - - status = hmac_init(&hmac_ctx, key, KEY_LEN); - if (status) return status; - status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key); - if (status) return status; - -#if DEBUG - printf("prot data len: %d\n", *opaque_len); - printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len)); -#endif - - /* - * set the protected data length to that of the ciphertext, by - * subtracting out the length of the authentication tag - */ - ciphertext_len = *opaque_len - TAG_LEN; - -#if DEBUG - printf("ciphertext len: %d\n", ciphertext_len); -#endif - /* verify the authentication tag */ - - /* - * compute the authentication tag for the clear and opaque data, - * and write it to a temporary location - */ - status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN); - if (status) return status; - - status = hmac_start(&hmac_ctx); - if (status) return status; - - status = hmac_update(&hmac_ctx, clear, clear_len); - if (status) return status; - -#if DEBUG - printf("hmac input: %s\n", - octet_string_hex_string(clear, clear_len)); -#endif - - status = hmac_compute(&hmac_ctx, opaque, ciphertext_len, TAG_LEN, tmp_tag); - if (status) return status; - -#if DEBUG - printf("hmac input: %s\n", - octet_string_hex_string(opaque, ciphertext_len)); -#endif - - /* - * compare the computed tag with the one provided as input (which - * immediately follows the ciphertext) - */ - auth_tag = (unsigned char *)opaque; - auth_tag += ciphertext_len; -#if DEBUG - printf("auth_tag: %s\n", octet_string_hex_string(auth_tag, TAG_LEN)); - printf("tmp_tag: %s\n", octet_string_hex_string(tmp_tag, TAG_LEN)); -#endif - for (i=0; i < TAG_LEN; i++) { - if (tmp_tag[i] != auth_tag[i]) - return err_status_auth_fail; - } - - /* bump down the opaque_len to reflect the authentication tag */ - *opaque_len -= TAG_LEN; - - /* decrypt the confidential data */ - status = aes_cbc_context_init(&aes_ctx, key, direction_decrypt); - if (status) return status; - status = aes_cbc_set_iv(&aes_ctx, iv); - if (status) return status; - -#if DEBUG - printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len)); - printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN)); -#endif - -#if ENC - status = aes_cbc_nist_decrypt(&aes_ctx, opaque, &ciphertext_len); - if (status) return status; -#endif - -#if DEBUG - printf("plaintext len: %d\n", ciphertext_len); - printf("plaintext: %s\n", - octet_string_hex_string(opaque, ciphertext_len)); -#endif - - /* indicate the length of the plaintext */ - *opaque_len = ciphertext_len; - } - - return err_status_ok; -} - -cryptoalg_ctx_t cryptoalg_ctx = { - aes_128_cbc_hmac_sha1_96_enc, - aes_128_cbc_hmac_sha1_96_dec, - KEY_LEN, - IV_LEN, - TAG_LEN, - MAX_EXPAND, -}; - -cryptoalg_t cryptoalg = &cryptoalg_ctx; - -#define NULL_TAG_LEN 12 - -err_status_t -null_enc(void *key, - const void *clear, - unsigned clear_len, - void *iv, - void *opaque, - unsigned *opaque_len) { - int i; - unsigned char *auth_tag; - unsigned char *init_vec = iv; - - /* check if we're doing authentication only */ - if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) { - - /* perform authentication only */ - - } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { - - /* - * bad parameter - we expect either all three pointers to be NULL, - * or none of those pointers to be NULL - */ - return err_status_fail; - - } else { - -#if DEBUG - printf("NULL ENC using key %s\n", octet_string_hex_string(key, KEY_LEN)); - printf("NULL_TAG_LEN: %d\n", NULL_TAG_LEN); - printf("plaintext len: %d\n", *opaque_len); -#endif - for (i=0; i < IV_LEN; i++) - init_vec[i] = i + (i * 16); -#if DEBUG - printf("iv: %s\n", - octet_string_hex_string(iv, IV_LEN)); - printf("plaintext: %s\n", - octet_string_hex_string(opaque, *opaque_len)); -#endif - auth_tag = opaque; - auth_tag += *opaque_len; - for (i=0; i < NULL_TAG_LEN; i++) - auth_tag[i] = i + (i * 16); - *opaque_len += NULL_TAG_LEN; -#if DEBUG - printf("protected data len: %d\n", *opaque_len); - printf("protected data: %s\n", - octet_string_hex_string(opaque, *opaque_len)); -#endif - - } - - return err_status_ok; -} - -err_status_t -null_dec(void *key, - const void *clear, - unsigned clear_len, - void *iv, - void *opaque, - unsigned *opaque_len) { - unsigned char *auth_tag; - - /* check if we're doing authentication only */ - if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) { - - /* perform authentication only */ - - } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { - - /* - * bad parameter - we expect either all three pointers to be NULL, - * or none of those pointers to be NULL - */ - return err_status_fail; - - } else { - -#if DEBUG - printf("NULL DEC using key %s\n", octet_string_hex_string(key, KEY_LEN)); - - printf("protected data len: %d\n", *opaque_len); - printf("protected data: %s\n", - octet_string_hex_string(opaque, *opaque_len)); -#endif - auth_tag = opaque; - auth_tag += (*opaque_len - NULL_TAG_LEN); -#if DEBUG - printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN)); -#endif - *opaque_len -= NULL_TAG_LEN; -#if DEBUG - printf("plaintext len: %d\n", *opaque_len); - printf("plaintext: %s\n", - octet_string_hex_string(opaque, *opaque_len)); -#endif - } - - return err_status_ok; -} - -cryptoalg_ctx_t null_cryptoalg_ctx = { - null_enc, - null_dec, - KEY_LEN, - IV_LEN, - NULL_TAG_LEN, - MAX_EXPAND, -}; - -cryptoalg_t null_cryptoalg = &null_cryptoalg_ctx; - -int -cryptoalg_get_id(cryptoalg_t c) { - if (c == cryptoalg) - return 1; - return 0; -} - -cryptoalg_t -cryptoalg_find_by_id(int id) { - switch(id) { - case 1: - return cryptoalg; - default: - break; - } - return 0; -} diff --git a/crypto/cipher/aes.c b/crypto/cipher/aes.c deleted file mode 100644 index f1286c3..0000000 --- a/crypto/cipher/aes.c +++ /dev/null @@ -1,1951 +0,0 @@ -/* - * aes.c - * - * An implemnetation of the AES block cipher. - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include "aes.h" -#include "err.h" - -/* - * we use the tables T0, T1, T2, T3, and T4 to compute AES, and - * the tables U0, U1, U2, and U4 to compute its inverse - * - * different tables are used on little-endian (Intel, VMS) and - * big-endian processors (everything else) - * - * these tables are computed using the program tables/aes_tables; use - * this program to generate different tables for porting or - * optimization on a different platform - */ - -#ifndef WORDS_BIGENDIAN - -static uint32_t T0[256] = { - 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, - 0xdf2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, - 0x50303060, 0x3010102, 0xa96767ce, 0x7d2b2b56, - 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, - 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, - 0x15fafaef, 0xeb5959b2, 0xc947478e, 0xbf0f0fb, - 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, - 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, - 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, - 0x5a36366c, 0x413f3f7e, 0x2f7f7f5, 0x4fcccc83, - 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x8f1f1f9, - 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, - 0xc040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, - 0x28181830, 0xa1969637, 0xf05050a, 0xb59a9a2f, - 0x907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, - 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, - 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, - 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, - 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, - 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, - 0xf55353a6, 0x68d1d1b9, 0x0, 0x2cededc1, - 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, - 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, - 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, - 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, - 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, - 0xcf45458a, 0x10f9f9e9, 0x6020204, 0x817f7ffe, - 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, - 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, - 0xad92923f, 0xbc9d9d21, 0x48383870, 0x4f5f5f1, - 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, - 0x30101020, 0x1affffe5, 0xef3f3fd, 0x6dd2d2bf, - 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, - 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, - 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, - 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, - 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, - 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, - 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, - 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, - 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, - 0xdb494992, 0xa06060c, 0x6c242448, 0xe45c5cb8, - 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, - 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, - 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, - 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, - 0xb46c6cd8, 0xfa5656ac, 0x7f4f4f3, 0x25eaeacf, - 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, - 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, - 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, - 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, - 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, - 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, - 0xd8484890, 0x5030306, 0x1f6f6f7, 0x120e0e1c, - 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, - 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, - 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, - 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, - 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, - 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, - 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, - 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, - 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, - 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c, -}; - -static uint32_t T1[256] = { - 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, - 0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154, - 0x30306050, 0x1010203, 0x6767cea9, 0x2b2b567d, - 0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a, - 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87, - 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b, - 0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea, - 0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b, - 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a, - 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f, - 0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908, - 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f, - 0x404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e, - 0x18183028, 0x969637a1, 0x5050a0f, 0x9a9a2fb5, - 0x7070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d, - 0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f, - 0x909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e, - 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb, - 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce, - 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397, - 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c, - 0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed, - 0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b, - 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a, - 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16, - 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194, - 0x45458acf, 0xf9f9e910, 0x2020406, 0x7f7ffe81, - 0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3, - 0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a, - 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104, - 0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263, - 0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d, - 0xcdcd814c, 0xc0c1814, 0x13132635, 0xececc32f, - 0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39, - 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47, - 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695, - 0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f, - 0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83, - 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c, - 0xdedea779, 0x5e5ebce2, 0xb0b161d, 0xdbdbad76, - 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0xa0a141e, - 0x494992db, 0x6060c0a, 0x2424486c, 0x5c5cb8e4, - 0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6, - 0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b, - 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7, - 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0, - 0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25, - 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x8081018, - 0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72, - 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751, - 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21, - 0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85, - 0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa, - 0x484890d8, 0x3030605, 0xf6f6f701, 0xe0e1c12, - 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0, - 0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9, - 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233, - 0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7, - 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920, - 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a, - 0x8c8c038f, 0xa1a159f8, 0x89890980, 0xd0d1a17, - 0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8, - 0x414182c3, 0x999929b0, 0x2d2d5a77, 0xf0f1e11, - 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a, -}; - -static uint32_t T2[256] = { - 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, - 0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5, - 0x30605030, 0x1020301, 0x67cea967, 0x2b567d2b, - 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76, - 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d, - 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0, - 0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf, - 0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0, - 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26, - 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc, - 0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1, - 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15, - 0x4080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3, - 0x18302818, 0x9637a196, 0x50a0f05, 0x9a2fb59a, - 0x70e0907, 0x12243612, 0x801b9b80, 0xe2df3de2, - 0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75, - 0x9121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a, - 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0, - 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3, - 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784, - 0x53a6f553, 0xd1b968d1, 0x0, 0xedc12ced, - 0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b, - 0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39, - 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf, - 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb, - 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485, - 0x458acf45, 0xf9e910f9, 0x2040602, 0x7ffe817f, - 0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8, - 0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f, - 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5, - 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321, - 0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2, - 0xcd814ccd, 0xc18140c, 0x13263513, 0xecc32fec, - 0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917, - 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d, - 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573, - 0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc, - 0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388, - 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14, - 0xdea779de, 0x5ebce25e, 0xb161d0b, 0xdbad76db, - 0xe0db3be0, 0x32645632, 0x3a744e3a, 0xa141e0a, - 0x4992db49, 0x60c0a06, 0x24486c24, 0x5cb8e45c, - 0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662, - 0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79, - 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d, - 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9, - 0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea, - 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x8101808, - 0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e, - 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6, - 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f, - 0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a, - 0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66, - 0x4890d848, 0x3060503, 0xf6f701f6, 0xe1c120e, - 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9, - 0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e, - 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311, - 0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794, - 0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9, - 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf, - 0x8c038f8c, 0xa159f8a1, 0x89098089, 0xd1a170d, - 0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868, - 0x4182c341, 0x9929b099, 0x2d5a772d, 0xf1e110f, - 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16, -}; - -static uint32_t T3[256] = { - 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, - 0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5, - 0x60503030, 0x2030101, 0xcea96767, 0x567d2b2b, - 0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676, - 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d, - 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0, - 0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf, - 0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0, - 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626, - 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc, - 0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1, - 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515, - 0x80c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3, - 0x30281818, 0x37a19696, 0xa0f0505, 0x2fb59a9a, - 0xe090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2, - 0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575, - 0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a, - 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0, - 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3, - 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484, - 0xa6f55353, 0xb968d1d1, 0x0, 0xc12ceded, - 0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b, - 0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939, - 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf, - 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb, - 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585, - 0x8acf4545, 0xe910f9f9, 0x4060202, 0xfe817f7f, - 0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8, - 0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x58a8f8f, - 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5, - 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121, - 0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2, - 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec, - 0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717, - 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d, - 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373, - 0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc, - 0x44662222, 0x547e2a2a, 0x3bab9090, 0xb838888, - 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414, - 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb, - 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a, - 0x92db4949, 0xc0a0606, 0x486c2424, 0xb8e45c5c, - 0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262, - 0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979, - 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d, - 0x18c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9, - 0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea, - 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808, - 0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e, - 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6, - 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f, - 0x96dd4b4b, 0x61dcbdbd, 0xd868b8b, 0xf858a8a, - 0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666, - 0x90d84848, 0x6050303, 0xf701f6f6, 0x1c120e0e, - 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9, - 0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e, - 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111, - 0xd2bb6969, 0xa970d9d9, 0x7898e8e, 0x33a79494, - 0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9, - 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf, - 0x38f8c8c, 0x59f8a1a1, 0x9808989, 0x1a170d0d, - 0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868, - 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f, - 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616, -}; - -static uint32_t U0[256] = { - 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, - 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b, - 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5, - 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5, - 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d, - 0x2752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b, - 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, - 0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e, - 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927, - 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, - 0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362, - 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9, - 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52, - 0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566, - 0x728ebb2, 0x3c2b52f, 0x9a7bc586, 0xa50837d3, - 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, - 0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e, - 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4, - 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, - 0x39ec830b, 0xaaef6040, 0x69f715e, 0x51106ebd, - 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, - 0xb58d5491, 0x55dc471, 0x6fd40604, 0xff155060, - 0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967, - 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879, - 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x0, - 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c, - 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36, - 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, - 0xb1670a0c, 0xfe75793, 0xd296eeb4, 0x9e919b1b, - 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, - 0xaba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, - 0xb0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14, - 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3, - 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, - 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8, - 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684, - 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, - 0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177, - 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947, - 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, - 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498, - 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f, - 0xe49d3a2c, 0xd927850, 0x9bcc5f6a, 0x62467e54, - 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382, - 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf, - 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, - 0x97826cd, 0xf418596e, 0x1b79aec, 0xa89a4f83, - 0x656e95e6, 0x7ee6ffaa, 0x8cfbc21, 0xe6e815ef, - 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029, - 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235, - 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733, - 0x4a9804f1, 0xf7daec41, 0xe50cd7f, 0x2ff69117, - 0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4, - 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546, - 0x4ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, - 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d, - 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb, - 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a, - 0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773, - 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478, - 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, - 0x72c31d16, 0xc25e2bc, 0x8b493c28, 0x41950dff, - 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664, - 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0, -}; - -static uint32_t U1[256] = { - 0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96, - 0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x3e34b93, - 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525, - 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f, - 0x5ab1de49, 0x1bba2567, 0xeea4598, 0xc0fe5de1, - 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6, - 0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da, - 0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44, - 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd, - 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4, - 0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245, - 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994, - 0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7, - 0xd373ab23, 0x24b72e2, 0x8f1fe357, 0xab55662a, - 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x837d3a5, - 0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c, - 0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1, - 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a, - 0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475, - 0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51, - 0x8a213ef9, 0x6dd963d, 0x53eddae, 0xbde64d46, - 0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff, - 0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777, - 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db, - 0xa7ca147, 0xf427ce9, 0x1e84f8c9, 0x0, - 0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e, - 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627, - 0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a, - 0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e, - 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16, - 0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d, - 0xd090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8, - 0x19f15785, 0x775af4c, 0xdd99eebb, 0x607fa3fd, - 0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34, - 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863, - 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420, - 0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d, - 0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0, - 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722, - 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef, - 0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0xbd49836, - 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4, - 0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462, - 0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5, - 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3, - 0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b, - 0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8, - 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6, - 0x9be7bad9, 0x366f4ace, 0x99fead4, 0x7cb029d6, - 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0, - 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315, - 0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f, - 0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x496e4df, - 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f, - 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e, - 0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13, - 0x61d79a8c, 0xca1377a, 0x14f8598e, 0x3c13eb89, - 0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c, - 0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf, - 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886, - 0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f, - 0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41, - 0x1a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490, - 0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042, -}; - -static uint32_t U2[256] = { - 0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e, - 0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303, - 0x302055fa, 0x76adf66d, 0xcc889176, 0x2f5254c, - 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3, - 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0, - 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9, - 0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59, - 0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8, - 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71, - 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a, - 0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f, - 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x8f9942b, - 0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8, - 0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab, - 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508, - 0x2830f287, 0xbf23b2a5, 0x302ba6a, 0x16ed5c82, - 0xcf8a2b1c, 0x79a792b4, 0x7f3f0f2, 0x694ea1e2, - 0xda65cdf4, 0x506d5be, 0x34d11f62, 0xa6c48afe, - 0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb, - 0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110, - 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd, - 0x5491b58d, 0xc471055d, 0x6046fd4, 0x5060ff15, - 0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e, - 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee, - 0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x0, - 0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72, - 0xefdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739, - 0xf0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e, - 0xa0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91, - 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a, - 0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17, - 0x90e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9, - 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60, - 0x1f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e, - 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1, - 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011, - 0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1, - 0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3, - 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264, - 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90, - 0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b, - 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf, - 0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246, - 0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af, - 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312, - 0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb, - 0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a, - 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8, - 0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c, - 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066, - 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8, - 0x4f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6, - 0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04, - 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51, - 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0xbfb2e41, - 0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347, - 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c, - 0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1, - 0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37, - 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db, - 0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40, - 0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0xdff4195, - 0xa8397101, 0xc08deb3, 0xb4d89ce4, 0x566490c1, - 0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257, -}; - -static uint32_t U3[256] = { - 0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27, - 0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3, - 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02, - 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362, - 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe, - 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3, - 0x3e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952, - 0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9, - 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9, - 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace, - 0x63184adf, 0xe582311a, 0x97603351, 0x62457f53, - 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08, - 0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b, - 0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55, - 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837, - 0x30f28728, 0x23b2a5bf, 0x2ba6a03, 0xed5c8216, - 0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269, - 0x65cdf4da, 0x6d5be05, 0xd11f6234, 0xc48afea6, - 0x349d532e, 0xa2a055f3, 0x532e18a, 0xa475ebf6, - 0xb39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e, - 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6, - 0x91b58d54, 0x71055dc4, 0x46fd406, 0x60ff1550, - 0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9, - 0xb0bd42e8, 0x7888b89, 0xe7385b19, 0x79dbeec8, - 0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x0, - 0x9838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a, - 0xfdfbff0e, 0xf563885, 0x3d1ed5ae, 0x3627392d, - 0xa64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36, - 0xcb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b, - 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12, - 0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b, - 0xe0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e, - 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f, - 0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb, - 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4, - 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6, - 0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129, - 0x1d4b2f9e, 0xdcf330b2, 0xdec5286, 0x77d0e3c1, - 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9, - 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033, - 0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4, - 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad, - 0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e, - 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3, - 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225, - 0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b, - 0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f, - 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815, - 0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0, - 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2, - 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7, - 0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691, - 0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496, - 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165, - 0x9d04ea5e, 0x15d358c, 0xfa737487, 0xfb2e410b, - 0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6, - 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13, - 0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147, - 0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7, - 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44, - 0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3, - 0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d, - 0x397101a8, 0x8deb30c, 0xd89ce4b4, 0x6490c156, - 0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8, -}; - -#else /* assume big endian */ - -static uint32_t T0[256] = { - 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, - 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, - 0x60303050, 0x2010103, 0xce6767a9, 0x562b2b7d, - 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, - 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87, - 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, - 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, - 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b, - 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, - 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, - 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, - 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, - 0x804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, - 0x30181828, 0x379696a1, 0xa05050f, 0x2f9a9ab5, - 0xe070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, - 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, - 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, - 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, - 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, - 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497, - 0xa65353f5, 0xb9d1d168, 0x0, 0xc1eded2c, - 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, - 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b, - 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, - 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, - 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, - 0x8a4545cf, 0xe9f9f910, 0x4020206, 0xfe7f7f81, - 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, - 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x58f8f8a, - 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, - 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, - 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d, - 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, - 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, - 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, - 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, - 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, - 0x44222266, 0x542a2a7e, 0x3b9090ab, 0xb888883, - 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, - 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, - 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e, - 0x924949db, 0xc06060a, 0x4824246c, 0xb85c5ce4, - 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, - 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b, - 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, - 0x18d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, - 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, - 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, - 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, - 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651, - 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, - 0x964b4bdd, 0x61bdbddc, 0xd8b8b86, 0xf8a8a85, - 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, - 0x904848d8, 0x6030305, 0xf7f6f601, 0x1c0e0e12, - 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, - 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9, - 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, - 0xd26969bb, 0xa9d9d970, 0x78e8e89, 0x339494a7, - 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920, - 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, - 0x38c8c8f, 0x59a1a1f8, 0x9898980, 0x1a0d0d17, - 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, - 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, - 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a, -}; - -static uint32_t T1[256] = { - 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, - 0xdfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, - 0x50603030, 0x3020101, 0xa9ce6767, 0x7d562b2b, - 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676, - 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d, - 0x15effafa, 0xebb25959, 0xc98e4747, 0xbfbf0f0, - 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf, - 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0, - 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626, - 0x5a6c3636, 0x417e3f3f, 0x2f5f7f7, 0x4f83cccc, - 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x8f9f1f1, - 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515, - 0xc080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3, - 0x28301818, 0xa1379696, 0xf0a0505, 0xb52f9a9a, - 0x90e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2, - 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575, - 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a, - 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0, - 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3, - 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484, - 0xf5a65353, 0x68b9d1d1, 0x0, 0x2cc1eded, - 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b, - 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939, - 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf, - 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb, - 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585, - 0xcf8a4545, 0x10e9f9f9, 0x6040202, 0x81fe7f7f, - 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8, - 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f, - 0xad3f9292, 0xbc219d9d, 0x48703838, 0x4f1f5f5, - 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121, - 0x30201010, 0x1ae5ffff, 0xefdf3f3, 0x6dbfd2d2, - 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec, - 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717, - 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d, - 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373, - 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc, - 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888, - 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414, - 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb, - 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a, - 0xdb924949, 0xa0c0606, 0x6c482424, 0xe4b85c5c, - 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262, - 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979, - 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d, - 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9, - 0xb4d86c6c, 0xfaac5656, 0x7f3f4f4, 0x25cfeaea, - 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808, - 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e, - 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6, - 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f, - 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a, - 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666, - 0xd8904848, 0x5060303, 0x1f7f6f6, 0x121c0e0e, - 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9, - 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e, - 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111, - 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494, - 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9, - 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf, - 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d, - 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868, - 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f, - 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616, -}; - -static uint32_t T2[256] = { - 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b, - 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5, - 0x30506030, 0x1030201, 0x67a9ce67, 0x2b7d562b, - 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76, - 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d, - 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0, - 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af, - 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0, - 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26, - 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc, - 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1, - 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15, - 0x40c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3, - 0x18283018, 0x96a13796, 0x50f0a05, 0x9ab52f9a, - 0x7090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2, - 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75, - 0x91b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a, - 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0, - 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3, - 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384, - 0x53f5a653, 0xd168b9d1, 0x0, 0xed2cc1ed, - 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b, - 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239, - 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf, - 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb, - 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185, - 0x45cf8a45, 0xf910e9f9, 0x2060402, 0x7f81fe7f, - 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8, - 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f, - 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5, - 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221, - 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2, - 0xcd4c81cd, 0xc14180c, 0x13352613, 0xec2fc3ec, - 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17, - 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d, - 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673, - 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc, - 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88, - 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814, - 0xde79a7de, 0x5ee2bc5e, 0xb1d160b, 0xdb76addb, - 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0xa1e140a, - 0x49db9249, 0x60a0c06, 0x246c4824, 0x5ce4b85c, - 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462, - 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279, - 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d, - 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9, - 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea, - 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x8181008, - 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e, - 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6, - 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f, - 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a, - 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66, - 0x48d89048, 0x3050603, 0xf601f7f6, 0xe121c0e, - 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9, - 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e, - 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211, - 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394, - 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9, - 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df, - 0x8c8f038c, 0xa1f859a1, 0x89800989, 0xd171a0d, - 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068, - 0x41c38241, 0x99b02999, 0x2d775a2d, 0xf111e0f, - 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16, -}; - -static uint32_t T3[256] = { - 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6, - 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491, - 0x30305060, 0x1010302, 0x6767a9ce, 0x2b2b7d56, - 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec, - 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa, - 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb, - 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45, - 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b, - 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c, - 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83, - 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9, - 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a, - 0x4040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d, - 0x18182830, 0x9696a137, 0x5050f0a, 0x9a9ab52f, - 0x707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf, - 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea, - 0x9091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34, - 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b, - 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d, - 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713, - 0x5353f5a6, 0xd1d168b9, 0x0, 0xeded2cc1, - 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6, - 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72, - 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85, - 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed, - 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411, - 0x4545cf8a, 0xf9f910e9, 0x2020604, 0x7f7f81fe, - 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b, - 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05, - 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1, - 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342, - 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf, - 0xcdcd4c81, 0xc0c1418, 0x13133526, 0xecec2fc3, - 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e, - 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a, - 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6, - 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3, - 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b, - 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28, - 0xdede79a7, 0x5e5ee2bc, 0xb0b1d16, 0xdbdb76ad, - 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0xa0a1e14, - 0x4949db92, 0x6060a0c, 0x24246c48, 0x5c5ce4b8, - 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4, - 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2, - 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da, - 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049, - 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf, - 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x8081810, - 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c, - 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197, - 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e, - 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f, - 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc, - 0x4848d890, 0x3030506, 0xf6f601f7, 0xe0e121c, - 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069, - 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927, - 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322, - 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733, - 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9, - 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5, - 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0xd0d171a, - 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0, - 0x4141c382, 0x9999b029, 0x2d2d775a, 0xf0f111e, - 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c, -}; - -static uint32_t U0[256] = { - 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, - 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, - 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25, - 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, - 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1, - 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, - 0x38f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, - 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844, - 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd, - 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, - 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45, - 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94, - 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, - 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a, - 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, - 0x302887f2, 0x23bfa5b2, 0x2036aba, 0xed16825c, - 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1, - 0x65daf4cd, 0x605bed5, 0xd134621f, 0xc4a6fe8a, - 0x342e539d, 0xa2f355a0, 0x58ae132, 0xa4f6eb75, - 0xb83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051, - 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46, - 0x91548db5, 0x71c45d05, 0x406d46f, 0x605015ff, - 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77, - 0xb0e842bd, 0x7898b88, 0xe7195b38, 0x79c8eedb, - 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x0, - 0x9808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e, - 0xfd0efffb, 0xf853856, 0x3daed51e, 0x362d3927, - 0xa0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, - 0xc0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e, - 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16, - 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, - 0xe090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8, - 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, - 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, - 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163, - 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120, - 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, - 0x1d9e2f4b, 0xdcb230f3, 0xd8652ec, 0x77c1e3d0, - 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422, - 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, - 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36, - 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, - 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, - 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5, - 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3, - 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, - 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8, - 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6, - 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, - 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0, - 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, - 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, - 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df, - 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f, - 0x9d5eea04, 0x18c355d, 0xfa877473, 0xfb0b412e, - 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713, - 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89, - 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, - 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf, - 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86, - 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, - 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541, - 0x39a80171, 0x80cb3de, 0xd8b4e49c, 0x6456c190, - 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 -}; - -static uint32_t U1[256] = { - 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, - 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, - 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c, - 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3, - 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0, - 0x2c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9, - 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259, - 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8, - 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971, - 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a, - 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f, - 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b, - 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8, - 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab, - 0x7b2eb28, 0x32fb5c2, 0x9a86c57b, 0xa5d33708, - 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682, - 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2, - 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe, - 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb, - 0x390b83ec, 0xaa4060ef, 0x65e719f, 0x51bd6e10, - 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd, - 0xb591548d, 0x571c45d, 0x6f0406d4, 0xff605015, - 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e, - 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee, - 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x0, - 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72, - 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39, - 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e, - 0xb10c0a67, 0xf9357e7, 0xd2b4ee96, 0x9e1b9b91, - 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a, - 0xae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17, - 0xb0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9, - 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60, - 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e, - 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1, - 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611, - 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1, - 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3, - 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964, - 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390, - 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b, - 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf, - 0xe42c3a9d, 0xd507892, 0x9b6a5fcc, 0x62547e46, - 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af, - 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512, - 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb, - 0x9cd2678, 0xf46e5918, 0x1ec9ab7, 0xa8834f9a, - 0x65e6956e, 0x7eaaffe6, 0x821bccf, 0xe6ef15e8, - 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c, - 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266, - 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8, - 0x4af10498, 0xf741ecda, 0xe7fcd50, 0x2f1791f6, - 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604, - 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551, - 0x49d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41, - 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647, - 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c, - 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1, - 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737, - 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db, - 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340, - 0x72161dc3, 0xcbce225, 0x8b283c49, 0x41ff0d95, - 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1, - 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857 -}; - -static uint32_t U2[256] = { - 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27, - 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x3934be3, - 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502, - 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562, - 0x5a49deb1, 0x1b6725ba, 0xe9845ea, 0xc0e15dfe, - 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3, - 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552, - 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9, - 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9, - 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce, - 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253, - 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908, - 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b, - 0xd323ab73, 0x2e2724b, 0x8f57e31f, 0xab2a6655, - 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x8a5d337, - 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16, - 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69, - 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6, - 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6, - 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e, - 0x8af93e21, 0x63d96dd, 0x5aedd3e, 0xbd464de6, - 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050, - 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9, - 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8, - 0xa47a17c, 0xfe97c42, 0x1ec9f884, 0x0, - 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a, - 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d, - 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436, - 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b, - 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12, - 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b, - 0xd0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e, - 0x198557f1, 0x74caf75, 0xddbbee99, 0x60fda37f, - 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb, - 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4, - 0xdccad731, 0x85104263, 0x22401397, 0x112084c6, - 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729, - 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1, - 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9, - 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233, - 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0xb3698d4, - 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad, - 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e, - 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3, - 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25, - 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b, - 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f, - 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15, - 0x9bd9bae7, 0x36ce4a6f, 0x9d4ea9f, 0x7cd629b0, - 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2, - 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7, - 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791, - 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x4dfe496, - 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665, - 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b, - 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6, - 0x618c9ad7, 0xc7a37a1, 0x148e59f8, 0x3c89eb13, - 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47, - 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7, - 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844, - 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3, - 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d, - 0x17139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456, - 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8 -}; - -static uint32_t U3[256] = { - 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a, - 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b, - 0x30fa5520, 0x766df6ad, 0xcc769188, 0x24c25f5, - 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5, - 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d, - 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b, - 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95, - 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e, - 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27, - 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d, - 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562, - 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x82b94f9, - 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752, - 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66, - 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3, - 0x2887f230, 0xbfa5b223, 0x36aba02, 0x16825ced, - 0xcf1c2b8a, 0x79b492a7, 0x7f2f0f3, 0x69e2a14e, - 0xdaf4cd65, 0x5bed506, 0x34621fd1, 0xa6fe8ac4, - 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4, - 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd, - 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d, - 0x548db591, 0xc45d0571, 0x6d46f04, 0x5015ff60, - 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767, - 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79, - 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x0, - 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c, - 0xefffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736, - 0xfd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24, - 0xa67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b, - 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c, - 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12, - 0x90d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814, - 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3, - 0x1269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b, - 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8, - 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084, - 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7, - 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077, - 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247, - 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22, - 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698, - 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f, - 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254, - 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582, - 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf, - 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb, - 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883, - 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef, - 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629, - 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035, - 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533, - 0x4984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17, - 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4, - 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46, - 0x5eea049d, 0x8c355d01, 0x877473fa, 0xb412efb, - 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d, - 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb, - 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a, - 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73, - 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678, - 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2, - 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0xd9541ff, - 0xa8017139, 0xcb3de08, 0xb4e49cd8, 0x56c19064, - 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0 -}; - -#endif - -/* - * the following tables (aes_sbox, aes_inv_sbox, T4, U4) are - * endian-neutral - */ - -static uint8_t -aes_sbox[256] = { - 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, - 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, - 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, - 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, - 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, - 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, - 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, - 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, - 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, - 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, - 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, - 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, - 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, - 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, - 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, - 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, - 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, - 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, - 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, - 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, - 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, - 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, - 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, - 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, - 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, - 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, - 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, - 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, - 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, - 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, - 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, - 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 -}; - -#ifndef CPU_RISC -static uint8_t -aes_inv_sbox[256] = { - 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, - 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, - 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, - 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, - 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, - 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, - 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, - 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, - 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, - 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, - 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, - 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, - 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, - 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, - 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, - 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, - 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, - 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, - 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, - 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, - 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, - 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, - 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, - 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, - 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, - 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, - 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, - 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, - 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, - 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, - 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, - 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d -}; -#endif /* ! CPU_RISC */ - -#ifdef CPU_RISC -static uint32_t -T4[256] = { - 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b, - 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5, - 0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b, - 0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676, - 0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d, - 0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0, - 0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf, - 0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0, - 0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626, - 0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc, - 0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1, - 0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515, - 0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3, - 0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a, - 0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2, - 0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575, - 0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a, - 0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0, - 0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3, - 0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484, - 0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed, - 0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b, - 0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939, - 0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf, - 0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb, - 0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585, - 0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f, - 0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8, - 0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f, - 0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5, - 0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121, - 0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2, - 0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec, - 0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717, - 0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d, - 0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373, - 0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc, - 0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888, - 0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414, - 0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb, - 0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a, - 0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c, - 0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262, - 0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979, - 0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d, - 0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9, - 0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea, - 0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808, - 0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e, - 0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6, - 0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f, - 0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a, - 0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666, - 0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e, - 0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9, - 0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e, - 0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111, - 0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494, - 0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9, - 0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf, - 0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d, - 0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868, - 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f, - 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616 -}; - -static uint32_t U4[256] = { - 0x52525252, 0x9090909, 0x6a6a6a6a, 0xd5d5d5d5, - 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838, - 0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e, - 0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb, - 0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282, - 0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787, - 0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444, - 0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb, - 0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232, - 0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d, - 0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0xb0b0b0b, - 0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e, - 0x8080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666, - 0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2, - 0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949, - 0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525, - 0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464, - 0x86868686, 0x68686868, 0x98989898, 0x16161616, - 0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc, - 0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292, - 0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050, - 0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada, - 0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757, - 0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484, - 0x90909090, 0xd8d8d8d8, 0xabababab, 0x0, - 0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0xa0a0a0a, - 0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x5050505, - 0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x6060606, - 0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f, - 0xcacacaca, 0x3f3f3f3f, 0xf0f0f0f, 0x2020202, - 0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x3030303, - 0x1010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b, - 0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141, - 0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea, - 0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece, - 0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373, - 0x96969696, 0xacacacac, 0x74747474, 0x22222222, - 0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585, - 0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8, - 0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e, - 0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171, - 0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989, - 0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0xe0e0e0e, - 0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b, - 0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b, - 0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020, - 0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe, - 0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4, - 0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333, - 0x88888888, 0x7070707, 0xc7c7c7c7, 0x31313131, - 0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959, - 0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f, - 0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9, - 0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0xd0d0d0d, - 0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f, - 0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef, - 0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d, - 0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0, - 0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c, - 0x83838383, 0x53535353, 0x99999999, 0x61616161, - 0x17171717, 0x2b2b2b2b, 0x4040404, 0x7e7e7e7e, - 0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626, - 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363, - 0x55555555, 0x21212121, 0xc0c0c0c, 0x7d7d7d7d -}; -#endif /* CPU_RISC */ - - -/* aes internals */ - -extern debug_module_t mod_aes_icm; - -void -aes_expand_encryption_key(const v128_t *key, - aes_expanded_key_t expanded_key) { - int i; - gf2_8 rc; - - /* initialize round constant */ - rc = 1; - - expanded_key[0].v32[0] = key->v32[0]; - expanded_key[0].v32[1] = key->v32[1]; - expanded_key[0].v32[2] = key->v32[2]; - expanded_key[0].v32[3] = key->v32[3]; - -#if 0 - debug_print(mod_aes_icm, - "expanded key[0]: %s", v128_hex_string(&expanded_key[0])); -#endif - - /* loop over round keys */ - for (i=1; i < 11; i++) { - - /* munge first word of round key */ - expanded_key[i].v8[0] = aes_sbox[expanded_key[i-1].v8[13]] ^ rc; - expanded_key[i].v8[1] = aes_sbox[expanded_key[i-1].v8[14]]; - expanded_key[i].v8[2] = aes_sbox[expanded_key[i-1].v8[15]]; - expanded_key[i].v8[3] = aes_sbox[expanded_key[i-1].v8[12]]; - - expanded_key[i].v32[0] ^= expanded_key[i-1].v32[0]; - - /* set remaining 32 bit words to the exor of the one previous with - * the one four words previous */ - - expanded_key[i].v32[1] = - expanded_key[i].v32[0] ^ expanded_key[i-1].v32[1]; - - expanded_key[i].v32[2] = - expanded_key[i].v32[1] ^ expanded_key[i-1].v32[2]; - - expanded_key[i].v32[3] = - expanded_key[i].v32[2] ^ expanded_key[i-1].v32[3]; - -#if 0 - debug_print2(mod_aes_icm, - "expanded key[%d]: %s", i,v128_hex_string(&expanded_key[i])); -#endif - - /* modify round constant */ - rc = gf2_8_shift(rc); - - } -} - -void -aes_expand_decryption_key(const v128_t *key, - aes_expanded_key_t expanded_key) { - int i; - - aes_expand_encryption_key(key, expanded_key); - - /* invert the order of the round keys */ - for (i=0; i < 5; i++) { - v128_t tmp; - v128_copy(&tmp, &expanded_key[10-i]); - v128_copy(&expanded_key[10-i], &expanded_key[i]); - v128_copy(&expanded_key[i], &tmp); - } - - /* - * apply the inverse mixColumn transform to the round keys (except - * for the first and the last) - * - * mixColumn is implemented by using the tables U0, U1, U2, U3, - * followed by the T4 table (which cancels out the use of the sbox - * in the U-tables) - */ - for (i=1; i < 10; i++) { -#ifdef CPU_RISC - uint32_t tmp; - - tmp = expanded_key[i].v32[0]; - expanded_key[i].v32[0] = - U0[T4[(tmp >> 24) ] & 0xff] ^ - U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ - U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ - U3[T4[(tmp) & 0xff] & 0xff]; - - tmp = expanded_key[i].v32[1]; - expanded_key[i].v32[1] = - U0[T4[(tmp >> 24) ] & 0xff] ^ - U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ - U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ - U3[T4[(tmp) & 0xff] & 0xff]; - - tmp = expanded_key[i].v32[2]; - expanded_key[i].v32[2] = - U0[T4[(tmp >> 24) ] & 0xff] ^ - U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ - U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ - U3[T4[(tmp) & 0xff] & 0xff]; - - tmp = expanded_key[i].v32[3]; - expanded_key[i].v32[3] = - U0[T4[(tmp >> 24) ] & 0xff] ^ - U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ - U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ - U3[T4[(tmp) & 0xff] & 0xff]; -#else /* assume CPU_CISC */ - - uint32_t c0, c1, c2, c3; - - c0 = U0[aes_sbox[expanded_key[i].v8[0]]] - ^ U1[aes_sbox[expanded_key[i].v8[1]]] - ^ U2[aes_sbox[expanded_key[i].v8[2]]] - ^ U3[aes_sbox[expanded_key[i].v8[3]]]; - - c1 = U0[aes_sbox[expanded_key[i].v8[4]]] - ^ U1[aes_sbox[expanded_key[i].v8[5]]] - ^ U2[aes_sbox[expanded_key[i].v8[6]]] - ^ U3[aes_sbox[expanded_key[i].v8[7]]]; - - c2 = U0[aes_sbox[expanded_key[i].v8[8]]] - ^ U1[aes_sbox[expanded_key[i].v8[9]]] - ^ U2[aes_sbox[expanded_key[i].v8[10]]] - ^ U3[aes_sbox[expanded_key[i].v8[11]]]; - - c3 = U0[aes_sbox[expanded_key[i].v8[12]]] - ^ U1[aes_sbox[expanded_key[i].v8[13]]] - ^ U2[aes_sbox[expanded_key[i].v8[14]]] - ^ U3[aes_sbox[expanded_key[i].v8[15]]]; - - expanded_key[i].v32[0] = c0; - expanded_key[i].v32[1] = c1; - expanded_key[i].v32[2] = c2; - expanded_key[i].v32[3] = c3; - -#endif - } -} - -#ifdef CPU_CISC - - -static inline void -aes_round(v128_t *state, const v128_t *round_key) { - uint32_t column0, column1, column2, column3; - - /* compute the columns of the output square in terms of the octets - of state, using the tables T0, T1, T2, T3 */ - - column0 = T0[state->v8[0]] ^ T1[state->v8[5]] - ^ T2[state->v8[10]] ^ T3[state->v8[15]]; - - column1 = T0[state->v8[4]] ^ T1[state->v8[9]] - ^ T2[state->v8[14]] ^ T3[state->v8[3]]; - - column2 = T0[state->v8[8]] ^ T1[state->v8[13]] - ^ T2[state->v8[2]] ^ T3[state->v8[7]]; - - column3 = T0[state->v8[12]] ^ T1[state->v8[1]] - ^ T2[state->v8[6]] ^ T3[state->v8[11]]; - - state->v32[0] = column0 ^ round_key->v32[0]; - state->v32[1] = column1 ^ round_key->v32[1]; - state->v32[2] = column2 ^ round_key->v32[2]; - state->v32[3] = column3 ^ round_key->v32[3]; - -} - - -static inline void -aes_inv_round(v128_t *state, const v128_t *round_key) { - uint32_t column0, column1, column2, column3; - - /* compute the columns of the output square in terms of the octets - of state, using the tables U0, U1, U2, U3 */ - - column0 = U0[state->v8[0]] ^ U1[state->v8[13]] - ^ U2[state->v8[10]] ^ U3[state->v8[7]]; - - column1 = U0[state->v8[4]] ^ U1[state->v8[1]] - ^ U2[state->v8[14]] ^ U3[state->v8[11]]; - - column2 = U0[state->v8[8]] ^ U1[state->v8[5]] - ^ U2[state->v8[2]] ^ U3[state->v8[15]]; - - column3 = U0[state->v8[12]] ^ U1[state->v8[9]] - ^ U2[state->v8[6]] ^ U3[state->v8[3]]; - - state->v32[0] = column0 ^ round_key->v32[0]; - state->v32[1] = column1 ^ round_key->v32[1]; - state->v32[2] = column2 ^ round_key->v32[2]; - state->v32[3] = column3 ^ round_key->v32[3]; - -} - -static inline void -aes_final_round(v128_t *state, const v128_t *round_key) { - uint8_t tmp; - - /* byte substitutions and row shifts */ - /* first row - no shift */ - state->v8[0] = aes_sbox[state->v8[0]]; - state->v8[4] = aes_sbox[state->v8[4]]; - state->v8[8] = aes_sbox[state->v8[8]]; - state->v8[12] = aes_sbox[state->v8[12]]; - - /* second row - shift one left */ - tmp = aes_sbox[state->v8[1]]; - state->v8[1] = aes_sbox[state->v8[5]]; - state->v8[5] = aes_sbox[state->v8[9]]; - state->v8[9] = aes_sbox[state->v8[13]]; - state->v8[13] = tmp; - - /* third row - shift two left */ - tmp = aes_sbox[state->v8[10]]; - state->v8[10] = aes_sbox[state->v8[2]]; - state->v8[2] = tmp; - tmp = aes_sbox[state->v8[14]]; - state->v8[14] = aes_sbox[state->v8[6]]; - state->v8[6] = tmp; - - /* fourth row - shift three left */ - tmp = aes_sbox[state->v8[15]]; - state->v8[15] = aes_sbox[state->v8[11]]; - state->v8[11] = aes_sbox[state->v8[7]]; - state->v8[7] = aes_sbox[state->v8[3]]; - state->v8[3] = tmp; - - v128_xor_eq(state, round_key); -} - -static inline void -aes_inv_final_round(v128_t *state, const v128_t *round_key) { - uint8_t tmp; - - /* byte substitutions and row shifts */ - /* first row - no shift */ - state->v8[0] = aes_inv_sbox[state->v8[0]]; - state->v8[4] = aes_inv_sbox[state->v8[4]]; - state->v8[8] = aes_inv_sbox[state->v8[8]]; - state->v8[12] = aes_inv_sbox[state->v8[12]]; - - /* second row - shift one right */ - tmp = aes_inv_sbox[state->v8[13]]; - state->v8[13] = aes_inv_sbox[state->v8[9]]; - state->v8[9] = aes_inv_sbox[state->v8[5]]; - state->v8[5] = aes_inv_sbox[state->v8[1]]; - state->v8[1] = tmp; - - /* third row - shift two right */ - tmp = aes_inv_sbox[state->v8[2]]; - state->v8[2] = aes_inv_sbox[state->v8[10]]; - state->v8[10] = tmp; - tmp = aes_inv_sbox[state->v8[6]]; - state->v8[6] = aes_inv_sbox[state->v8[14]]; - state->v8[14] = tmp; - - /* fourth row - shift three right */ - tmp = aes_inv_sbox[state->v8[3]]; - state->v8[3] = aes_inv_sbox[state->v8[7]]; - state->v8[7] = aes_inv_sbox[state->v8[11]]; - state->v8[11] = aes_inv_sbox[state->v8[15]]; - state->v8[15] = tmp; - - v128_xor_eq(state, round_key); -} - - -#elif CPU_RISC - -static inline void -aes_round(v128_t *state, const v128_t *round_key) { - uint32_t column0, column1, column2, column3; - - /* compute the columns of the output square in terms of the octets - of state, using the tables T0, T1, T2, T3 */ -#ifdef WORDS_BIGENDIAN - column0 = T0[state->v32[0] >> 24] ^ T1[(state->v32[1] >> 16) & 0xff] - ^ T2[(state->v32[2] >> 8) & 0xff] ^ T3[state->v32[3] & 0xff]; - - column1 = T0[state->v32[1] >> 24] ^ T1[(state->v32[2] >> 16) & 0xff] - ^ T2[(state->v32[3] >> 8) & 0xff] ^ T3[state->v32[0] & 0xff]; - - column2 = T0[state->v32[2] >> 24] ^ T1[(state->v32[3] >> 16) & 0xff] - ^ T2[(state->v32[0] >> 8) & 0xff] ^ T3[state->v32[1] & 0xff]; - - column3 = T0[state->v32[3] >> 24] ^ T1[(state->v32[0] >> 16) & 0xff] - ^ T2[(state->v32[1] >> 8) & 0xff] ^ T3[state->v32[2] & 0xff]; -#else - column0 = T0[state->v32[0] & 0xff] ^ T1[(state->v32[1] >> 8) & 0xff] - ^ T2[(state->v32[2] >> 16) & 0xff] ^ T3[state->v32[3] >> 24]; - - column1 = T0[state->v32[1] & 0xff] ^ T1[(state->v32[2] >> 8) & 0xff] - ^ T2[(state->v32[3] >> 16) & 0xff] ^ T3[state->v32[0] >> 24]; - - column2 = T0[state->v32[2] & 0xff] ^ T1[(state->v32[3] >> 8) & 0xff] - ^ T2[(state->v32[0] >> 16) & 0xff] ^ T3[state->v32[1] >> 24]; - - column3 = T0[state->v32[3] & 0xff] ^ T1[(state->v32[0] >> 8) & 0xff] - ^ T2[(state->v32[1] >> 16) & 0xff] ^ T3[state->v32[2] >> 24]; -#endif /* WORDS_BIGENDIAN */ - - state->v32[0] = column0 ^ round_key->v32[0]; - state->v32[1] = column1 ^ round_key->v32[1]; - state->v32[2] = column2 ^ round_key->v32[2]; - state->v32[3] = column3 ^ round_key->v32[3]; - -} - -static inline void -aes_inv_round(v128_t *state, const v128_t *round_key) { - uint32_t column0, column1, column2, column3; - - /* compute the columns of the output square in terms of the octets - of state, using the tables U0, U1, U2, U3 */ - -#ifdef WORDS_BIGENDIAN - /* FIX! WRong indexes */ - column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff] - ^ U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff]; - - column1 = U0[state->v32[1] >> 24] ^ U1[(state->v32[0] >> 16) & 0xff] - ^ U2[(state->v32[3] >> 8) & 0xff] ^ U3[state->v32[2] & 0xff]; - - column2 = U0[state->v32[2] >> 24] ^ U1[(state->v32[1] >> 16) & 0xff] - ^ U2[(state->v32[0] >> 8) & 0xff] ^ U3[state->v32[3] & 0xff]; - - column3 = U0[state->v32[3] >> 24] ^ U1[(state->v32[2] >> 16) & 0xff] - ^ U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff]; -#else - column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff] - ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[state->v32[3] >> 24]; - - column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff] - ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[state->v32[0] >> 24]; - - column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff] - ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[state->v32[1] >> 24]; - - column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff] - ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[state->v32[2] >> 24]; -#endif /* WORDS_BIGENDIAN */ - - state->v32[0] = column0 ^ round_key->v32[0]; - state->v32[1] = column1 ^ round_key->v32[1]; - state->v32[2] = column2 ^ round_key->v32[2]; - state->v32[3] = column3 ^ round_key->v32[3]; - -} - -static inline void -aes_final_round(v128_t *state, const v128_t *round_key) { - uint32_t tmp0, tmp1, tmp2, tmp3; - - tmp0 = (T4[(state->v32[0] >> 24)] & 0xff000000) - ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) - ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) - ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff) - ^ round_key->v32[0]; - - tmp1 = (T4[(state->v32[1] >> 24)] & 0xff000000) - ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) - ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) - ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff) - ^ round_key->v32[1]; - - tmp2 = (T4[(state->v32[2] >> 24)] & 0xff000000) - ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) - ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) - ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff) - ^ round_key->v32[2]; - - tmp3 = (T4[(state->v32[3] >> 24)] & 0xff000000) - ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) - ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) - ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff) - ^ round_key->v32[3]; - - state->v32[0] = tmp0; - state->v32[1] = tmp1; - state->v32[2] = tmp2; - state->v32[3] = tmp3; - -} - -static inline void -aes_inv_final_round(v128_t *state, const v128_t *round_key) { - uint32_t tmp0, tmp1, tmp2, tmp3; - - tmp0 = (U4[(state->v32[0] >> 24)] & 0xff000000) - ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) - ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) - ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff) - ^ round_key->v32[0]; - - tmp1 = (U4[(state->v32[1] >> 24)] & 0xff000000) - ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) - ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) - ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff) - ^ round_key->v32[1]; - - tmp2 = (U4[(state->v32[2] >> 24)] & 0xff000000) - ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) - ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) - ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff) - ^ round_key->v32[2]; - - tmp3 = (U4[(state->v32[3] >> 24)] & 0xff000000) - ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) - ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) - ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff) - ^ round_key->v32[3]; - - state->v32[0] = tmp0; - state->v32[1] = tmp1; - state->v32[2] = tmp2; - state->v32[3] = tmp3; - -} - -#elif CPU_16 /* assume 16-bit word size on processor */ - -static inline void -aes_round(v128_t *state, const v128_t *round_key) { - uint32_t column0, column1, column2, column3; - uint16_t c - /* compute the columns of the output square in terms of the octets - of state, using the tables T0, T1, T2, T3 */ - - column0 = T0[state->v8[0]] ^ T1[state->v8[5]] - ^ T2[state->v8[10]] ^ T3[state->v8[15]]; - - column1 = T0[state->v8[4]] ^ T1[state->v8[9]] - ^ T2[state->v8[14]] ^ T3[state->v8[3]]; - - column2 = T0[state->v8[8]] ^ T1[state->v8[13]] - ^ T2[state->v8[2]] ^ T3[state->v8[7]]; - - column3 = T0[state->v8[12]] ^ T1[state->v8[1]] - ^ T2[state->v8[6]] ^ T3[state->v8[11]]; - - state->v32[0] = column0 ^ round_key->v32[0]; - state->v32[1] = column1 ^ round_key->v32[1]; - state->v32[2] = column2 ^ round_key->v32[2]; - state->v32[3] = column3 ^ round_key->v32[3]; - -} - - -static inline void -aes_inv_round(v128_t *state, const v128_t *round_key) { - uint32_t column0, column1, column2, column3; - - /* compute the columns of the output square in terms of the octets - of state, using the tables U0, U1, U2, U3 */ - - column0 = U0[state->v8[0]] ^ U1[state->v8[5]] - ^ U2[state->v8[10]] ^ U3[state->v8[15]]; - - column1 = U0[state->v8[4]] ^ U1[state->v8[9]] - ^ U2[state->v8[14]] ^ U3[state->v8[3]]; - - column2 = U0[state->v8[8]] ^ U1[state->v8[13]] - ^ U2[state->v8[2]] ^ U3[state->v8[7]]; - - column3 = U0[state->v8[12]] ^ U1[state->v8[1]] - ^ U2[state->v8[6]] ^ U3[state->v8[11]]; - - state->v32[0] = column0 ^ round_key->v32[0]; - state->v32[1] = column1 ^ round_key->v32[1]; - state->v32[2] = column2 ^ round_key->v32[2]; - state->v32[3] = column3 ^ round_key->v32[3]; - -} - -static inline void -aes_final_round(v128_t *state, const v128_t *round_key) { - uint8_t tmp; - - /* byte substitutions and row shifts */ - /* first row - no shift */ - state->v8[0] = aes_sbox[state->v8[0]]; - state->v8[4] = aes_sbox[state->v8[4]]; - state->v8[8] = aes_sbox[state->v8[8]]; - state->v8[12] = aes_sbox[state->v8[12]]; - - /* second row - shift one left */ - tmp = aes_sbox[state->v8[1]]; - state->v8[1] = aes_sbox[state->v8[5]]; - state->v8[5] = aes_sbox[state->v8[9]]; - state->v8[9] = aes_sbox[state->v8[13]]; - state->v8[13] = tmp; - - /* third row - shift two left */ - tmp = aes_sbox[state->v8[10]]; - state->v8[10] = aes_sbox[state->v8[2]]; - state->v8[2] = tmp; - tmp = aes_sbox[state->v8[14]]; - state->v8[14] = aes_sbox[state->v8[6]]; - state->v8[6] = tmp; - - /* fourth row - shift three left */ - tmp = aes_sbox[state->v8[15]]; - state->v8[15] = aes_sbox[state->v8[11]]; - state->v8[11] = aes_sbox[state->v8[7]]; - state->v8[7] = aes_sbox[state->v8[3]]; - state->v8[3] = tmp; - - v128_xor_eq(state, round_key); -} - -static inline void -aes_inv_final_round(v128_t *state, const v128_t *round_key) { - uint8_t tmp; - - /* byte substitutions and row shifts */ - /* first row - no shift */ - state->v8[0] = aes_inv_sbox[state->v8[0]]; - state->v8[4] = aes_inv_sbox[state->v8[4]]; - state->v8[8] = aes_inv_sbox[state->v8[8]]; - state->v8[12] = aes_inv_sbox[state->v8[12]]; - - /* second row - shift one left */ - tmp = aes_inv_sbox[state->v8[1]]; - state->v8[1] = aes_inv_sbox[state->v8[5]]; - state->v8[5] = aes_inv_sbox[state->v8[9]]; - state->v8[9] = aes_inv_sbox[state->v8[13]]; - state->v8[13] = tmp; - - /* third row - shift two left */ - tmp = aes_inv_sbox[state->v8[10]]; - state->v8[10] = aes_inv_sbox[state->v8[2]]; - state->v8[2] = tmp; - tmp = aes_inv_sbox[state->v8[14]]; - state->v8[14] = aes_inv_sbox[state->v8[6]]; - state->v8[6] = tmp; - - /* fourth row - shift three left */ - tmp = aes_inv_sbox[state->v8[15]]; - state->v8[15] = aes_inv_sbox[state->v8[11]]; - state->v8[11] = aes_inv_sbox[state->v8[7]]; - state->v8[7] = aes_inv_sbox[state->v8[3]]; - state->v8[3] = tmp; - - v128_xor_eq(state, round_key); -} - -#endif /* CPU type */ - - -void -aes_encrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) { - - /* add in the subkey */ - v128_xor_eq(plaintext, exp_key + 0); - - /* now do nine rounds */ - aes_round(plaintext, exp_key + 1); - aes_round(plaintext, exp_key + 2); - aes_round(plaintext, exp_key + 3); - aes_round(plaintext, exp_key + 4); - aes_round(plaintext, exp_key + 5); - aes_round(plaintext, exp_key + 6); - aes_round(plaintext, exp_key + 7); - aes_round(plaintext, exp_key + 8); - aes_round(plaintext, exp_key + 9); - /* the last round is different */ - - aes_final_round(plaintext, exp_key + 10); -} - -void -aes_decrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) { - - /* add in the subkey */ - v128_xor_eq(plaintext, exp_key + 0); - - /* now do nine rounds */ - aes_inv_round(plaintext, exp_key + 1); - aes_inv_round(plaintext, exp_key + 2); - aes_inv_round(plaintext, exp_key + 3); - aes_inv_round(plaintext, exp_key + 4); - aes_inv_round(plaintext, exp_key + 5); - aes_inv_round(plaintext, exp_key + 6); - aes_inv_round(plaintext, exp_key + 7); - aes_inv_round(plaintext, exp_key + 8); - aes_inv_round(plaintext, exp_key + 9); - /* the last round is different */ - aes_inv_final_round(plaintext, exp_key + 10); -} diff --git a/crypto/cipher/aes_cbc.c b/crypto/cipher/aes_cbc.c deleted file mode 100644 index 8fc6a32..0000000 --- a/crypto/cipher/aes_cbc.c +++ /dev/null @@ -1,444 +0,0 @@ -/* - * aes_cbc.c - * - * AES Cipher Block Chaining Mode - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include "aes_cbc.h" -#include "alloc.h" - -debug_module_t mod_aes_cbc = { - 0, /* debugging is off by default */ - "aes cbc" /* printable module name */ -}; - - - -err_status_t -aes_cbc_alloc(cipher_t **c, int key_len) { - extern cipher_type_t aes_cbc; - uint8_t *pointer; - int tmp; - - debug_print(mod_aes_cbc, - "allocating cipher with key length %d", key_len); - - if (key_len != 16) - return err_status_bad_param; - - /* allocate memory a cipher of type aes_icm */ - tmp = (sizeof(aes_cbc_ctx_t) + sizeof(cipher_t)); - pointer = (uint8_t*)crypto_alloc(tmp); - if (pointer == NULL) - return err_status_alloc_fail; - - /* set pointers */ - *c = (cipher_t *)pointer; - (*c)->type = &aes_cbc; - (*c)->state = pointer + sizeof(cipher_t); - - /* increment ref_count */ - aes_cbc.ref_count++; - - /* set key size */ - (*c)->key_len = key_len; - - return err_status_ok; -} - -err_status_t -aes_cbc_dealloc(cipher_t *c) { - extern cipher_type_t aes_cbc; - - /* zeroize entire state*/ - octet_string_set_to_zero((uint8_t *)c, - sizeof(aes_cbc_ctx_t) + sizeof(cipher_t)); - - /* free memory */ - crypto_free(c); - - /* decrement ref_count */ - aes_cbc.ref_count--; - - return err_status_ok; -} - -err_status_t -aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, - cipher_direction_t dir) { - v128_t tmp_key; - - /* set tmp_key (for alignment) */ - v128_copy_octet_string(&tmp_key, key); - - debug_print(mod_aes_cbc, - "key: %s", v128_hex_string(&tmp_key)); - - /* expand key for the appropriate direction */ - switch (dir) { - case (direction_encrypt): - aes_expand_encryption_key(&tmp_key, c->expanded_key); - break; - case (direction_decrypt): - aes_expand_decryption_key(&tmp_key, c->expanded_key); - break; - default: - return err_status_bad_param; - } - - - return err_status_ok; -} - - -err_status_t -aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv) { - int i; -/* v128_t *input = iv; */ - uint8_t *input = (uint8_t*) iv; - - /* set state and 'previous' block to iv */ - for (i=0; i < 16; i++) - c->previous.v8[i] = c->state.v8[i] = input[i]; - - debug_print(mod_aes_cbc, "setting iv: %s", v128_hex_string(&c->state)); - - return err_status_ok; -} - -err_status_t -aes_cbc_encrypt(aes_cbc_ctx_t *c, - unsigned char *data, - unsigned int *bytes_in_data) { - int i; - unsigned char *input = data; /* pointer to data being read */ - unsigned char *output = data; /* pointer to data being written */ - int bytes_to_encr = *bytes_in_data; - - /* - * verify that we're 16-octet aligned - */ - if (*bytes_in_data & 0xf) - return err_status_bad_param; - - /* - * note that we assume that the initialization vector has already - * been set, e.g. by calling aes_cbc_set_iv() - */ - debug_print(mod_aes_cbc, "iv: %s", - v128_hex_string(&c->state)); - - /* - * loop over plaintext blocks, exoring state into plaintext then - * encrypting and writing to output - */ - while (bytes_to_encr > 0) { - - /* exor plaintext into state */ - for (i=0; i < 16; i++) - c->state.v8[i] ^= *input++; - - debug_print(mod_aes_cbc, "inblock: %s", - v128_hex_string(&c->state)); - - aes_encrypt(&c->state, c->expanded_key); - - debug_print(mod_aes_cbc, "outblock: %s", - v128_hex_string(&c->state)); - - /* copy ciphertext to output */ - for (i=0; i < 16; i++) - *output++ = c->state.v8[i]; - - bytes_to_encr -= 16; - } - - return err_status_ok; -} - -err_status_t -aes_cbc_decrypt(aes_cbc_ctx_t *c, - unsigned char *data, - unsigned int *bytes_in_data) { - int i; - v128_t state, previous; - unsigned char *input = data; /* pointer to data being read */ - unsigned char *output = data; /* pointer to data being written */ - int bytes_to_encr = *bytes_in_data; - uint8_t tmp; - - /* - * verify that we're 16-octet aligned - */ - if (*bytes_in_data & 0x0f) - return err_status_bad_param; - - /* set 'previous' block to iv*/ - for (i=0; i < 16; i++) { - previous.v8[i] = c->previous.v8[i]; - } - - debug_print(mod_aes_cbc, "iv: %s", - v128_hex_string(&previous)); - - /* - * loop over ciphertext blocks, decrypting then exoring with state - * then writing plaintext to output - */ - while (bytes_to_encr > 0) { - - /* set state to ciphertext input block */ - for (i=0; i < 16; i++) { - state.v8[i] = *input++; - } - - debug_print(mod_aes_cbc, "inblock: %s", - v128_hex_string(&state)); - - /* decrypt state */ - aes_decrypt(&state, c->expanded_key); - - debug_print(mod_aes_cbc, "outblock: %s", - v128_hex_string(&state)); - - /* - * exor previous ciphertext block out of plaintext, and write new - * plaintext block to output, while copying old ciphertext block - * to the 'previous' block - */ - for (i=0; i < 16; i++) { - tmp = *output; - *output++ = state.v8[i] ^ previous.v8[i]; - previous.v8[i] = tmp; - } - - bytes_to_encr -= 16; - } - - return err_status_ok; -} - - -err_status_t -aes_cbc_nist_encrypt(aes_cbc_ctx_t *c, - unsigned char *data, - unsigned int *bytes_in_data) { - int i; - unsigned char *pad_start; - int num_pad_bytes; - err_status_t status; - - /* - * determine the number of padding bytes that we need to add - - * this value is always between 1 and 16, inclusive. - */ - num_pad_bytes = 16 - (*bytes_in_data & 0xf); - pad_start = data; - pad_start += *bytes_in_data; - *pad_start++ = 0xa0; - for (i=0; i < num_pad_bytes; i++) - *pad_start++ = 0x00; - - /* - * increment the data size - */ - *bytes_in_data += num_pad_bytes; - - /* - * now cbc encrypt the padded data - */ - status = aes_cbc_encrypt(c, data, bytes_in_data); - if (status) - return status; - - return err_status_ok; -} - - -err_status_t -aes_cbc_nist_decrypt(aes_cbc_ctx_t *c, - unsigned char *data, - unsigned int *bytes_in_data) { - unsigned char *pad_end; - int num_pad_bytes; - err_status_t status; - - /* - * cbc decrypt the padded data - */ - status = aes_cbc_decrypt(c, data, bytes_in_data); - if (status) - return status; - - /* - * determine the number of padding bytes in the decrypted plaintext - * - this value is always between 1 and 16, inclusive. - */ - num_pad_bytes = 1; - pad_end = data + (*bytes_in_data - 1); - while (*pad_end != 0xa0) { /* note: should check padding correctness */ - pad_end--; - num_pad_bytes++; - } - - /* decrement data size */ - *bytes_in_data -= num_pad_bytes; - - return err_status_ok; -} - - -char -aes_cbc_description[] = "aes cipher block chaining (cbc) mode"; - -/* - * Test case 0 is derived from FIPS 197 Appendix A; it uses an - * all-zero IV, so that the first block encryption matches the test - * case in that appendix. This property provides a check of the base - * AES encryption and decryption algorithms; if CBC fails on some - * particular platform, then you should print out AES intermediate - * data and compare with the detailed info provided in that appendix. - * - */ - - -uint8_t aes_cbc_test_case_0_key[16] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -}; - -uint8_t aes_cbc_test_case_0_plaintext[64] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff -}; - -uint8_t aes_cbc_test_case_0_ciphertext[80] = { - 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30, - 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a, - 0x03, 0x35, 0xed, 0x27, 0x67, 0xf2, 0x6d, 0xf1, - 0x64, 0x83, 0x2e, 0x23, 0x44, 0x38, 0x70, 0x8b - -}; - -uint8_t aes_cbc_test_case_0_iv[16] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; - - -cipher_test_case_t aes_cbc_test_case_0 = { - 16, /* octets in key */ - aes_cbc_test_case_0_key, /* key */ - aes_cbc_test_case_0_iv, /* initialization vector */ - 16, /* octets in plaintext */ - aes_cbc_test_case_0_plaintext, /* plaintext */ - 32, /* octets in ciphertext */ - aes_cbc_test_case_0_ciphertext, /* ciphertext */ - NULL /* pointer to next testcase */ -}; - - -/* - * this test case is taken directly from Appendix F.2 of NIST Special - * Publication SP 800-38A - */ - -uint8_t aes_cbc_test_case_1_key[16] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, -}; - -uint8_t aes_cbc_test_case_1_plaintext[64] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, - 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, - 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, - 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, - 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 -}; - -uint8_t aes_cbc_test_case_1_ciphertext[80] = { - 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, - 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, - 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, - 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2, - 0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b, - 0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16, - 0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09, - 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7, - 0x39, 0x34, 0x07, 0x03, 0x36, 0xd0, 0x77, 0x99, - 0xe0, 0xc4, 0x2f, 0xdd, 0xa8, 0xdf, 0x4c, 0xa3 -}; - -uint8_t aes_cbc_test_case_1_iv[16] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -}; - -cipher_test_case_t aes_cbc_test_case_1 = { - 16, /* octets in key */ - aes_cbc_test_case_1_key, /* key */ - aes_cbc_test_case_1_iv, /* initialization vector */ - 64, /* octets in plaintext */ - aes_cbc_test_case_1_plaintext, /* plaintext */ - 80, /* octets in ciphertext */ - aes_cbc_test_case_1_ciphertext, /* ciphertext */ - &aes_cbc_test_case_0 /* pointer to next testcase */ -}; - -cipher_type_t aes_cbc = { - (cipher_alloc_func_t) aes_cbc_alloc, - (cipher_dealloc_func_t) aes_cbc_dealloc, - (cipher_init_func_t) aes_cbc_context_init, - (cipher_encrypt_func_t) aes_cbc_nist_encrypt, - (cipher_decrypt_func_t) aes_cbc_nist_decrypt, - (cipher_set_iv_func_t) aes_cbc_set_iv, - (char *) aes_cbc_description, - (int) 0, /* instance count */ - (cipher_test_case_t *) &aes_cbc_test_case_0, - (debug_module_t *) &mod_aes_cbc -}; - - diff --git a/crypto/cipher/aes_icm.c b/crypto/cipher/aes_icm.c deleted file mode 100644 index 5a38dee..0000000 --- a/crypto/cipher/aes_icm.c +++ /dev/null @@ -1,512 +0,0 @@ -/* - * aes_icm.c - * - * AES Integer Counter Mode - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#define ALIGN_32 0 - -#include "aes_icm.h" -#include "alloc.h" - - -debug_module_t mod_aes_icm = { - 0, /* debugging is off by default */ - "aes icm" /* printable module name */ -}; - -/* - * integer counter mode works as follows: - * - * 16 bits - * <-----> - * +------+------+------+------+------+------+------+------+ - * | nonce | pakcet index | ctr |---+ - * +------+------+------+------+------+------+------+------+ | - * | - * +------+------+------+------+------+------+------+------+ v - * | salt |000000|->(+) - * +------+------+------+------+------+------+------+------+ | - * | - * +---------+ - * | encrypt | - * +---------+ - * | - * +------+------+------+------+------+------+------+------+ | - * | keystream block |<--+ - * +------+------+------+------+------+------+------+------+ - * - * All fields are big-endian - * - * ctr is the block counter, which increments from zero for - * each packet (16 bits wide) - * - * packet index is distinct for each packet (48 bits wide) - * - * nonce can be distinct across many uses of the same key, or - * can be a fixed value per key, or can be per-packet randomness - * (64 bits) - * - */ - -err_status_t -aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int forIsmacryp) { - extern cipher_type_t aes_icm; - uint8_t *pointer; - int tmp; - - debug_print(mod_aes_icm, - "allocating cipher with key length %d", key_len); - - /* - * Ismacryp, for example, uses 16 byte key + 8 byte - * salt so this function is called with key_len = 24. - * The check for key_len = 30 does not apply. Our usage - * of aes functions with key_len = values other than 30 - * has not broken anything. Don't know what would be the - * effect of skipping this check for srtp in general. - */ - if (!forIsmacryp && key_len != 30) - return err_status_bad_param; - - /* allocate memory a cipher of type aes_icm */ - tmp = (sizeof(aes_icm_ctx_t) + sizeof(cipher_t)); - pointer = (uint8_t*)crypto_alloc(tmp); - if (pointer == NULL) - return err_status_alloc_fail; - - /* set pointers */ - *c = (cipher_t *)pointer; - (*c)->type = &aes_icm; - (*c)->state = pointer + sizeof(cipher_t); - - /* increment ref_count */ - aes_icm.ref_count++; - - /* set key size */ - (*c)->key_len = key_len; - - return err_status_ok; -} - -err_status_t aes_icm_alloc(cipher_t **c, int key_len, int forIsmacryp) { - return aes_icm_alloc_ismacryp(c, key_len, 0); -} - -err_status_t -aes_icm_dealloc(cipher_t *c) { - extern cipher_type_t aes_icm; - - /* zeroize entire state*/ - octet_string_set_to_zero((uint8_t *)c, - sizeof(aes_icm_ctx_t) + sizeof(cipher_t)); - - /* free memory */ - crypto_free(c); - - /* decrement ref_count */ - aes_icm.ref_count--; - - return err_status_ok; -} - - -/* - * aes_icm_context_init(...) initializes the aes_icm_context - * using the value in key[]. - * - * the key is the secret key - * - * the salt is unpredictable (but not necessarily secret) data which - * randomizes the starting point in the keystream - */ - -err_status_t -aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key) { - v128_t tmp_key; - int i; - - /* set counter and initial values to 'offset' value */ - /* FIX!!! this assumes the salt is at key + 16, and thus that the */ - /* FIX!!! cipher key length is 16! */ - for (i = 0; i < 14; i++) { - c->counter.v8[i] = key[16 + i]; - c->offset.v8[i] = key[16 + i]; - } - - /* force last two octets of the offset to zero (for srtp compatibility) */ - c->offset.v8[14] = c->offset.v8[15] = 0; - c->counter.v8[14] = c->counter.v8[15] = 0; - - /* set tmp_key (for alignment) */ - v128_copy_octet_string(&tmp_key, key); - - debug_print(mod_aes_icm, - "key: %s", v128_hex_string(&tmp_key)); - debug_print(mod_aes_icm, - "offset: %s", v128_hex_string(&c->offset)); - - /* expand key */ - aes_expand_encryption_key(&tmp_key, c->expanded_key); - - /* indicate that the keystream_buffer is empty */ - c->bytes_in_buffer = 0; - - return err_status_ok; -} - -/* - * aes_icm_set_octet(c, i) sets the counter of the context which it is - * passed so that the next octet of keystream that will be generated - * is the ith octet - */ - -err_status_t -aes_icm_set_octet(aes_icm_ctx_t *c, - uint64_t octet_num) { - -#ifdef NO_64BIT_MATH - int tail_num = low32(octet_num) & 0x0f; - /* 64-bit right-shift 4 */ - uint64_t block_num = make64(high32(octet_num) >> 4, - ((high32(octet_num) & 0x0f)<<(32-4)) | - (low32(octet_num) >> 4)); -#else - int tail_num = (int)(octet_num % 16); - uint64_t block_num = octet_num / 16; -#endif - - - /* set counter value */ - /* FIX - There's no way this is correct */ - c->counter.v64[0] = c->offset.v64[0]; -#ifdef NO_64BIT_MATH - c->counter.v64[0] = make64(high32(c->offset.v64[0]) ^ high32(block_num), - low32(c->offset.v64[0]) ^ low32(block_num)); -#else - c->counter.v64[0] = c->offset.v64[0] ^ block_num; -#endif - - debug_print(mod_aes_icm, - "set_octet: %s", v128_hex_string(&c->counter)); - - /* fill keystream buffer, if needed */ - if (tail_num) { - v128_copy(&c->keystream_buffer, &c->counter); - aes_encrypt(&c->keystream_buffer, c->expanded_key); - c->bytes_in_buffer = sizeof(v128_t); - - debug_print(mod_aes_icm, "counter: %s", - v128_hex_string(&c->counter)); - debug_print(mod_aes_icm, "ciphertext: %s", - v128_hex_string(&c->keystream_buffer)); - - /* indicate number of bytes in keystream_buffer */ - c->bytes_in_buffer = sizeof(v128_t) - tail_num; - - } else { - - /* indicate that keystream_buffer is empty */ - c->bytes_in_buffer = 0; - } - - return err_status_ok; -} - -/* - * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with - * the offset - */ - -err_status_t -aes_icm_set_iv(aes_icm_ctx_t *c, void *iv) { - v128_t *nonce = (v128_t *) iv; - - debug_print(mod_aes_icm, - "setting iv: %s", v128_hex_string(nonce)); - - v128_xor(&c->counter, &c->offset, nonce); - - debug_print(mod_aes_icm, - "set_counter: %s", v128_hex_string(&c->counter)); - - /* indicate that the keystream_buffer is empty */ - c->bytes_in_buffer = 0; - - return err_status_ok; -} - - - -/* - * aes_icm_advance(...) refills the keystream_buffer and - * advances the block index of the sicm_context forward by one - * - * this is an internal, hopefully inlined function - */ - -static inline void -aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) { - /* fill buffer with new keystream */ - v128_copy(&c->keystream_buffer, &c->counter); - aes_encrypt(&c->keystream_buffer, c->expanded_key); - c->bytes_in_buffer = sizeof(v128_t); - - debug_print(mod_aes_icm, "counter: %s", - v128_hex_string(&c->counter)); - debug_print(mod_aes_icm, "ciphertext: %s", - v128_hex_string(&c->keystream_buffer)); - - /* clock counter forward */ - - if (forIsmacryp) { - uint32_t temp; - //alex's clock counter forward - temp = ntohl(c->counter.v32[3]); - c->counter.v32[3] = htonl(++temp); - } else { - if (!++(c->counter.v8[15])) - ++(c->counter.v8[14]); - } -} - -inline void aes_icm_advance(aes_icm_ctx_t *c) { - aes_icm_advance_ismacryp(c, 0); -} - - -/*e - * icm_encrypt deals with the following cases: - * - * bytes_to_encr < bytes_in_buffer - * - add keystream into data - * - * bytes_to_encr > bytes_in_buffer - * - add keystream into data until keystream_buffer is depleted - * - loop over blocks, filling keystream_buffer and then - * adding keystream into data - * - fill buffer then add in remaining (< 16) bytes of keystream - */ - -err_status_t -aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c, - unsigned char *buf, unsigned int *enc_len, - int forIsmacryp) { - unsigned int bytes_to_encr = *enc_len; - unsigned int i; - uint32_t *b; - - /* check that there's enough segment left but not for ismacryp*/ - if (!forIsmacryp && (bytes_to_encr + htons(c->counter.v16[7])) > 0xffff) - return err_status_terminus; - - debug_print(mod_aes_icm, "block index: %d", - htons(c->counter.v16[7])); - if (bytes_to_encr <= (unsigned int)c->bytes_in_buffer) { - - /* deal with odd case of small bytes_to_encr */ - for (i = (sizeof(v128_t) - c->bytes_in_buffer); - i < (sizeof(v128_t) - c->bytes_in_buffer + bytes_to_encr); i++) - { - *buf++ ^= c->keystream_buffer.v8[i]; - } - - c->bytes_in_buffer -= bytes_to_encr; - - /* return now to avoid the main loop */ - return err_status_ok; - - } else { - - /* encrypt bytes until the remaining data is 16-byte aligned */ - for (i=(sizeof(v128_t) - c->bytes_in_buffer); i < sizeof(v128_t); i++) - *buf++ ^= c->keystream_buffer.v8[i]; - - bytes_to_encr -= c->bytes_in_buffer; - c->bytes_in_buffer = 0; - - } - - /* now loop over entire 16-byte blocks of keystream */ - for (i=0; i < (bytes_to_encr/sizeof(v128_t)); i++) { - - /* fill buffer with new keystream */ - aes_icm_advance_ismacryp(c, forIsmacryp); - - /* - * add keystream into the data buffer (this would be a lot faster - * if we could assume 32-bit alignment!) - */ - -#if ALIGN_32 - b = (uint32_t *)buf; - *b++ ^= c->keystream_buffer.v32[0]; - *b++ ^= c->keystream_buffer.v32[1]; - *b++ ^= c->keystream_buffer.v32[2]; - *b++ ^= c->keystream_buffer.v32[3]; - buf = (uint8_t *)b; -#else - if ((((unsigned long) buf) & 0x03) != 0) { - *buf++ ^= c->keystream_buffer.v8[0]; - *buf++ ^= c->keystream_buffer.v8[1]; - *buf++ ^= c->keystream_buffer.v8[2]; - *buf++ ^= c->keystream_buffer.v8[3]; - *buf++ ^= c->keystream_buffer.v8[4]; - *buf++ ^= c->keystream_buffer.v8[5]; - *buf++ ^= c->keystream_buffer.v8[6]; - *buf++ ^= c->keystream_buffer.v8[7]; - *buf++ ^= c->keystream_buffer.v8[8]; - *buf++ ^= c->keystream_buffer.v8[9]; - *buf++ ^= c->keystream_buffer.v8[10]; - *buf++ ^= c->keystream_buffer.v8[11]; - *buf++ ^= c->keystream_buffer.v8[12]; - *buf++ ^= c->keystream_buffer.v8[13]; - *buf++ ^= c->keystream_buffer.v8[14]; - *buf++ ^= c->keystream_buffer.v8[15]; - } else { - b = (uint32_t *)buf; - *b++ ^= c->keystream_buffer.v32[0]; - *b++ ^= c->keystream_buffer.v32[1]; - *b++ ^= c->keystream_buffer.v32[2]; - *b++ ^= c->keystream_buffer.v32[3]; - buf = (uint8_t *)b; - } -#endif /* #if ALIGN_32 */ - - } - - /* if there is a tail end of the data, process it */ - if ((bytes_to_encr & 0xf) != 0) { - - /* fill buffer with new keystream */ - aes_icm_advance_ismacryp(c, forIsmacryp); - - for (i=0; i < (bytes_to_encr & 0xf); i++) - *buf++ ^= c->keystream_buffer.v8[i]; - - /* reset the keystream buffer size to right value */ - c->bytes_in_buffer = sizeof(v128_t) - i; - } else { - - /* no tail, so just reset the keystream buffer size to zero */ - c->bytes_in_buffer = 0; - - } - - return err_status_ok; -} - -err_status_t -aes_icm_encrypt(aes_icm_ctx_t *c, unsigned char *buf, unsigned int *enc_len) { - return aes_icm_encrypt_ismacryp(c, buf, enc_len, 0); -} - -err_status_t -aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output) { - unsigned int len = num_octets_to_output; - - /* zeroize the buffer */ - octet_string_set_to_zero(buffer, num_octets_to_output); - - /* exor keystream into buffer */ - return aes_icm_encrypt(c, buffer, &len); -} - - -char -aes_icm_description[] = "aes integer counter mode"; - -uint8_t aes_icm_test_case_0_key[30] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd -}; - -uint8_t aes_icm_test_case_0_nonce[16] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; - -uint8_t aes_icm_test_case_0_plaintext[32] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -}; - -uint8_t aes_icm_test_case_0_ciphertext[32] = { - 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, - 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, - 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, - 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab -}; - -cipher_test_case_t aes_icm_test_case_0 = { - 30, /* octets in key */ - aes_icm_test_case_0_key, /* key */ - aes_icm_test_case_0_nonce, /* packet index */ - 32, /* octets in plaintext */ - aes_icm_test_case_0_plaintext, /* plaintext */ - 32, /* octets in ciphertext */ - aes_icm_test_case_0_ciphertext, /* ciphertext */ - NULL /* pointer to next testcase */ -}; - - -/* - * note: the encrypt function is identical to the decrypt function - */ - -cipher_type_t aes_icm = { - (cipher_alloc_func_t) aes_icm_alloc, - (cipher_dealloc_func_t) aes_icm_dealloc, - (cipher_init_func_t) aes_icm_context_init, - (cipher_encrypt_func_t) aes_icm_encrypt, - (cipher_decrypt_func_t) aes_icm_encrypt, - (cipher_set_iv_func_t) aes_icm_set_iv, - (char *) aes_icm_description, - (int) 0, /* instance count */ - (cipher_test_case_t *) &aes_icm_test_case_0, - (debug_module_t *) &mod_aes_icm -}; diff --git a/crypto/cipher/cipher.c b/crypto/cipher/cipher.c deleted file mode 100644 index 573c5e2..0000000 --- a/crypto/cipher/cipher.c +++ /dev/null @@ -1,407 +0,0 @@ -/* - * cipher.c - * - * cipher meta-functions - * - * David A. McGrew - * Cisco Systems, Inc. - * - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "cipher.h" -#include "rand_source.h" /* used in invertibiltiy tests */ -#include "alloc.h" /* for crypto_alloc(), crypto_free() */ - -debug_module_t mod_cipher = { - 0, /* debugging is off by default */ - "cipher" /* printable module name */ -}; - -err_status_t -cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output) { - - /* zeroize the buffer */ - octet_string_set_to_zero(buffer, num_octets_to_output); - - /* exor keystream into buffer */ - return cipher_encrypt(c, buffer, (unsigned int *) &num_octets_to_output); -} - -/* some bookkeeping functions */ - -int -cipher_get_key_length(const cipher_t *c) { - return c->key_len; -} - -/* - * cipher_type_self_test(ct) tests a cipher of type ct against test cases - * provided in an array of values of key, salt, xtd_seq_num_t, - * plaintext, and ciphertext that is known to be good - */ - -#define SELF_TEST_BUF_OCTETS 128 -#define NUM_RAND_TESTS 128 -#define MAX_KEY_LEN 64 - -err_status_t -cipher_type_self_test(const cipher_type_t *ct) { - const cipher_test_case_t *test_case = ct->test_data; - cipher_t *c; - err_status_t status; - uint8_t buffer[SELF_TEST_BUF_OCTETS]; - uint8_t buffer2[SELF_TEST_BUF_OCTETS]; - unsigned int len; - int i, j, case_num = 0; - - debug_print(mod_cipher, "running self-test for cipher %s", - ct->description); - - /* - * check to make sure that we have at least one test case, and - * return an error if we don't - we need to be paranoid here - */ - if (test_case == NULL) - return err_status_cant_check; - - /* - * loop over all test cases, perform known-answer tests of both the - * encryption and decryption functions - */ - while (test_case != NULL) { - - /* allocate cipher */ - status = cipher_type_alloc(ct, &c, test_case->key_length_octets); - if (status) - return status; - - /* - * test the encrypt function - */ - debug_print(mod_cipher, "testing encryption", NULL); - - /* initialize cipher */ - status = cipher_init(c, test_case->key, direction_encrypt); - if (status) { - cipher_dealloc(c); - return status; - } - - /* copy plaintext into test buffer */ - if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) { - cipher_dealloc(c); - return err_status_bad_param; - } - for (i=0; i < test_case->plaintext_length_octets; i++) - buffer[i] = test_case->plaintext[i]; - - debug_print(mod_cipher, "plaintext: %s", - octet_string_hex_string(buffer, - test_case->plaintext_length_octets)); - - /* set the initialization vector */ - status = cipher_set_iv(c, test_case->idx); - if (status) { - cipher_dealloc(c); - return status; - } - - /* encrypt */ - len = test_case->plaintext_length_octets; - status = cipher_encrypt(c, buffer, &len); - if (status) { - cipher_dealloc(c); - return status; - } - - debug_print(mod_cipher, "ciphertext: %s", - octet_string_hex_string(buffer, - test_case->ciphertext_length_octets)); - - /* compare the resulting ciphertext with that in the test case */ - if (len != test_case->ciphertext_length_octets) - return err_status_algo_fail; - status = err_status_ok; - for (i=0; i < test_case->ciphertext_length_octets; i++) - if (buffer[i] != test_case->ciphertext[i]) { - status = err_status_algo_fail; - debug_print(mod_cipher, "test case %d failed", case_num); - debug_print(mod_cipher, "(failure at byte %d)", i); - break; - } - if (status) { - - debug_print(mod_cipher, "c computed: %s", - octet_string_hex_string(buffer, - 2*test_case->plaintext_length_octets)); - debug_print(mod_cipher, "c expected: %s", - octet_string_hex_string(test_case->ciphertext, - 2*test_case->plaintext_length_octets)); - - cipher_dealloc(c); - return err_status_algo_fail; - } - - /* - * test the decrypt function - */ - debug_print(mod_cipher, "testing decryption", NULL); - - /* re-initialize cipher for decryption */ - status = cipher_init(c, test_case->key, direction_decrypt); - if (status) { - cipher_dealloc(c); - return status; - } - - /* copy ciphertext into test buffer */ - if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) { - cipher_dealloc(c); - return err_status_bad_param; - } - for (i=0; i < test_case->ciphertext_length_octets; i++) - buffer[i] = test_case->ciphertext[i]; - - debug_print(mod_cipher, "ciphertext: %s", - octet_string_hex_string(buffer, - test_case->plaintext_length_octets)); - - /* set the initialization vector */ - status = cipher_set_iv(c, test_case->idx); - if (status) { - cipher_dealloc(c); - return status; - } - - /* decrypt */ - len = test_case->ciphertext_length_octets; - status = cipher_decrypt(c, buffer, &len); - if (status) { - cipher_dealloc(c); - return status; - } - - debug_print(mod_cipher, "plaintext: %s", - octet_string_hex_string(buffer, - test_case->plaintext_length_octets)); - - /* compare the resulting plaintext with that in the test case */ - if (len != test_case->plaintext_length_octets) - return err_status_algo_fail; - status = err_status_ok; - for (i=0; i < test_case->plaintext_length_octets; i++) - if (buffer[i] != test_case->plaintext[i]) { - status = err_status_algo_fail; - debug_print(mod_cipher, "test case %d failed", case_num); - debug_print(mod_cipher, "(failure at byte %d)", i); - } - if (status) { - - debug_print(mod_cipher, "p computed: %s", - octet_string_hex_string(buffer, - 2*test_case->plaintext_length_octets)); - debug_print(mod_cipher, "p expected: %s", - octet_string_hex_string(test_case->plaintext, - 2*test_case->plaintext_length_octets)); - - cipher_dealloc(c); - return err_status_algo_fail; - } - - /* deallocate the cipher */ - status = cipher_dealloc(c); - if (status) - return status; - - /* - * the cipher passed the test case, so move on to the next test - * case in the list; if NULL, we'l proceed to the next test - */ - test_case = test_case->next_test_case; - ++case_num; - } - - /* now run some random invertibility tests */ - - /* allocate cipher, using paramaters from the first test case */ - test_case = ct->test_data; - status = cipher_type_alloc(ct, &c, test_case->key_length_octets); - if (status) - return status; - - rand_source_init(); - - for (j=0; j < NUM_RAND_TESTS; j++) { - unsigned length; - int plaintext_len; - uint8_t key[MAX_KEY_LEN]; - uint8_t iv[MAX_KEY_LEN]; - - /* choose a length at random (leaving room for IV and padding) */ - length = rand() % (SELF_TEST_BUF_OCTETS - 64); - debug_print(mod_cipher, "random plaintext length %d\n", length); - status = rand_source_get_octet_string(buffer, length); - if (status) return status; - - debug_print(mod_cipher, "plaintext: %s", - octet_string_hex_string(buffer, length)); - - /* copy plaintext into second buffer */ - for (i=0; (unsigned int)i < length; i++) - buffer2[i] = buffer[i]; - - /* choose a key at random */ - if (test_case->key_length_octets > MAX_KEY_LEN) - return err_status_cant_check; - status = rand_source_get_octet_string(key, test_case->key_length_octets); - if (status) return status; - - /* chose a random initialization vector */ - status = rand_source_get_octet_string(iv, MAX_KEY_LEN); - if (status) return status; - - /* initialize cipher */ - status = cipher_init(c, key, direction_encrypt); - if (status) { - cipher_dealloc(c); - return status; - } - - /* set initialization vector */ - status = cipher_set_iv(c, test_case->idx); - if (status) { - cipher_dealloc(c); - return status; - } - - /* encrypt buffer with cipher */ - plaintext_len = length; - status = cipher_encrypt(c, buffer, &length); - if (status) { - cipher_dealloc(c); - return status; - } - debug_print(mod_cipher, "ciphertext: %s", - octet_string_hex_string(buffer, length)); - - /* - * re-initialize cipher for decryption, re-set the iv, then - * decrypt the ciphertext - */ - status = cipher_init(c, key, direction_decrypt); - if (status) { - cipher_dealloc(c); - return status; - } - status = cipher_set_iv(c, test_case->idx); - if (status) { - cipher_dealloc(c); - return status; - } - status = cipher_decrypt(c, buffer, &length); - if (status) { - cipher_dealloc(c); - return status; - } - - debug_print(mod_cipher, "plaintext[2]: %s", - octet_string_hex_string(buffer, length)); - - /* compare the resulting plaintext with the original one */ - if (length != plaintext_len) - return err_status_algo_fail; - status = err_status_ok; - for (i=0; i < plaintext_len; i++) - if (buffer[i] != buffer2[i]) { - status = err_status_algo_fail; - debug_print(mod_cipher, "random test case %d failed", case_num); - debug_print(mod_cipher, "(failure at byte %d)", i); - } - if (status) { - cipher_dealloc(c); - return err_status_algo_fail; - } - - } - - return err_status_ok; -} - - -/* - * cipher_bits_per_second(c, l, t) computes (an estimate of) the - * number of bits that a cipher implementation can encrypt in a second - * - * c is a cipher (which MUST be allocated and initialized already), l - * is the length in octets of the test data to be encrypted, and t is - * the number of trials - * - * if an error is encountered, the value 0 is returned - */ - -uint64_t -cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials) { - int i; - v128_t nonce; - clock_t timer; - unsigned char *enc_buf; - unsigned int len = octets_in_buffer; - - enc_buf = (unsigned char*) crypto_alloc(octets_in_buffer); - if (enc_buf == NULL) - return 0; /* indicate bad parameters by returning null */ - - /* time repeated trials */ - v128_set_to_zero(&nonce); - timer = clock(); - for(i=0; i < num_trials; i++, nonce.v32[3] = i) { - cipher_set_iv(c, &nonce); - cipher_encrypt(c, enc_buf, &len); - } - timer = clock() - timer; - - crypto_free(enc_buf); - - if (timer == 0) { - /* Too fast! */ - return 0; - } - - return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer; -} diff --git a/crypto/cipher/null_cipher.c b/crypto/cipher/null_cipher.c deleted file mode 100644 index 721f50c..0000000 --- a/crypto/cipher/null_cipher.c +++ /dev/null @@ -1,152 +0,0 @@ -/* - * null_cipher.c - * - * A null cipher implementation. This cipher leaves the plaintext - * unchanged. - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "datatypes.h" -#include "null_cipher.h" -#include "alloc.h" - -/* the null_cipher uses the cipher debug module */ - -extern debug_module_t mod_cipher; - -err_status_t -null_cipher_alloc(cipher_t **c, int key_len) { - extern cipher_type_t null_cipher; - uint8_t *pointer; - - debug_print(mod_cipher, - "allocating cipher with key length %d", key_len); - - /* allocate memory a cipher of type null_cipher */ - pointer = (uint8_t*)crypto_alloc(sizeof(null_cipher_ctx_t) + sizeof(cipher_t)); - if (pointer == NULL) - return err_status_alloc_fail; - - /* set pointers */ - *c = (cipher_t *)pointer; - (*c)->type = &null_cipher; - (*c)->state = pointer + sizeof(cipher_t); - - /* set key size */ - (*c)->key_len = key_len; - - /* increment ref_count */ - null_cipher.ref_count++; - - return err_status_ok; - -} - -err_status_t -null_cipher_dealloc(cipher_t *c) { - extern cipher_type_t null_cipher; - - /* zeroize entire state*/ - octet_string_set_to_zero((uint8_t *)c, - sizeof(null_cipher_ctx_t) + sizeof(cipher_t)); - - /* free memory of type null_cipher */ - crypto_free(c); - - /* decrement reference count */ - null_cipher.ref_count--; - - return err_status_ok; - -} - -err_status_t -null_cipher_init(null_cipher_ctx_t *ctx, const uint8_t *key) { - - debug_print(mod_cipher, "initializing null cipher", NULL); - - return err_status_ok; -} - -err_status_t -null_cipher_set_iv(null_cipher_ctx_t *c, void *iv) { - return err_status_ok; -} - -err_status_t -null_cipher_encrypt(null_cipher_ctx_t *c, - unsigned char *buf, unsigned int *bytes_to_encr) { - return err_status_ok; -} - -char -null_cipher_description[] = "null cipher"; - -cipher_test_case_t -null_cipher_test_0 = { - 0, /* octets in key */ - NULL, /* key */ - 0, /* packet index */ - 0, /* octets in plaintext */ - NULL, /* plaintext */ - 0, /* octets in plaintext */ - NULL, /* ciphertext */ - NULL /* pointer to next testcase */ -}; - - -/* - * note: the decrypt function is idential to the encrypt function - */ - -cipher_type_t null_cipher = { - (cipher_alloc_func_t) null_cipher_alloc, - (cipher_dealloc_func_t) null_cipher_dealloc, - (cipher_init_func_t) null_cipher_init, - (cipher_encrypt_func_t) null_cipher_encrypt, - (cipher_decrypt_func_t) null_cipher_encrypt, - (cipher_set_iv_func_t) null_cipher_set_iv, - (char *) null_cipher_description, - (int) 0, - (cipher_test_case_t *) &null_cipher_test_0, - (debug_module_t *) NULL -}; - diff --git a/crypto/hash/auth.c b/crypto/hash/auth.c deleted file mode 100644 index 8eb722d..0000000 --- a/crypto/hash/auth.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - * auth.c - * - * some bookkeeping functions for authentication functions - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "auth.h" - -/* the debug module for authentiation */ - -debug_module_t mod_auth = { - 0, /* debugging is off by default */ - "auth func" /* printable name for module */ -}; - - -int -auth_get_key_length(const auth_t *a) { - return a->key_len; -} - -int -auth_get_tag_length(const auth_t *a) { - return a->out_len; -} - -int -auth_get_prefix_length(const auth_t *a) { - return a->prefix_len; -} - -int -auth_type_get_ref_count(const auth_type_t *at) { - return at->ref_count; -} - -/* - * auth_type_self_test() tests an auth function of type ct against - * test cases provided in an array of values of key, data, and tag - * that is known to be good - */ - -/* should be big enough for most occasions */ -#define SELF_TEST_TAG_BUF_OCTETS 32 - -err_status_t -auth_type_self_test(const auth_type_t *at) { - auth_test_case_t *test_case = at->test_data; - auth_t *a; - err_status_t status; - uint8_t tag[SELF_TEST_TAG_BUF_OCTETS]; - int i, case_num = 0; - - debug_print(mod_auth, "running self-test for auth function %s", - at->description); - - /* - * check to make sure that we have at least one test case, and - * return an error if we don't - we need to be paranoid here - */ - if (test_case == NULL) - return err_status_cant_check; - - /* loop over all test cases */ - while (test_case != NULL) { - - /* check test case parameters */ - if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS) - return err_status_bad_param; - - /* allocate auth */ - status = auth_type_alloc(at, &a, test_case->key_length_octets, - test_case->tag_length_octets); - if (status) - return status; - - /* initialize auth */ - status = auth_init(a, test_case->key); - if (status) { - auth_dealloc(a); - return status; - } - - /* zeroize tag then compute */ - octet_string_set_to_zero(tag, test_case->tag_length_octets); - status = auth_compute(a, test_case->data, - test_case->data_length_octets, tag); - if (status) { - auth_dealloc(a); - return status; - } - - debug_print(mod_auth, "key: %s", - octet_string_hex_string(test_case->key, - test_case->key_length_octets)); - debug_print(mod_auth, "data: %s", - octet_string_hex_string(test_case->data, - test_case->data_length_octets)); - debug_print(mod_auth, "tag computed: %s", - octet_string_hex_string(tag, test_case->tag_length_octets)); - debug_print(mod_auth, "tag expected: %s", - octet_string_hex_string(test_case->tag, - test_case->tag_length_octets)); - - /* check the result */ - status = err_status_ok; - for (i=0; i < test_case->tag_length_octets; i++) - if (tag[i] != test_case->tag[i]) { - status = err_status_algo_fail; - debug_print(mod_auth, "test case %d failed", case_num); - debug_print(mod_auth, " (mismatch at octet %d)", i); - } - if (status) { - auth_dealloc(a); - return err_status_algo_fail; - } - - /* deallocate the auth function */ - status = auth_dealloc(a); - if (status) - return status; - - /* - * the auth function passed the test case, so move on to the next test - * case in the list; if NULL, we'll quit and return an OK - */ - test_case = test_case->next_test_case; - ++case_num; - } - - return err_status_ok; -} - - diff --git a/crypto/hash/hmac.c b/crypto/hash/hmac.c deleted file mode 100644 index 4336cf0..0000000 --- a/crypto/hash/hmac.c +++ /dev/null @@ -1,267 +0,0 @@ -/* - * hmac.c - * - * implementation of hmac auth_type_t - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright(c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "hmac.h" -#include "alloc.h" - -/* the debug module for authentiation */ - -debug_module_t mod_hmac = { - 0, /* debugging is off by default */ - "hmac sha-1" /* printable name for module */ -}; - - -err_status_t -hmac_alloc(auth_t **a, int key_len, int out_len) { - extern auth_type_t hmac; - uint8_t *pointer; - - debug_print(mod_hmac, "allocating auth func with key length %d", key_len); - debug_print(mod_hmac, " tag length %d", out_len); - - /* - * check key length - note that we don't support keys larger - * than 20 bytes yet - */ - if (key_len > 20) - return err_status_bad_param; - - /* check output length - should be less than 20 bytes */ - if (out_len > 20) - return err_status_bad_param; - - /* allocate memory for auth and hmac_ctx_t structures */ - pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t)); - if (pointer == NULL) - return err_status_alloc_fail; - - /* set pointers */ - *a = (auth_t *)pointer; - (*a)->type = &hmac; - (*a)->state = pointer + sizeof(auth_t); - (*a)->out_len = out_len; - (*a)->key_len = key_len; - (*a)->prefix_len = 0; - - /* increment global count of all hmac uses */ - hmac.ref_count++; - - return err_status_ok; -} - -err_status_t -hmac_dealloc(auth_t *a) { - extern auth_type_t hmac; - - /* zeroize entire state*/ - octet_string_set_to_zero((uint8_t *)a, - sizeof(hmac_ctx_t) + sizeof(auth_t)); - - /* free memory */ - crypto_free(a); - - /* decrement global count of all hmac uses */ - hmac.ref_count--; - - return err_status_ok; -} - -err_status_t -hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len) { - int i; - uint8_t ipad[64]; - - /* - * check key length - note that we don't support keys larger - * than 20 bytes yet - */ - if (key_len > 20) - return err_status_bad_param; - - /* - * set values of ipad and opad by exoring the key into the - * appropriate constant values - */ - for (i=0; i < key_len; i++) { - ipad[i] = key[i] ^ 0x36; - state->opad[i] = key[i] ^ 0x5c; - } - /* set the rest of ipad, opad to constant values */ - for ( ; i < 64; i++) { - ipad[i] = 0x36; - ((uint8_t *)state->opad)[i] = 0x5c; - } - - debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64)); - - /* initialize sha1 context */ - sha1_init(&state->init_ctx); - - /* hash ipad ^ key */ - sha1_update(&state->init_ctx, ipad, 64); - memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t)); - - return err_status_ok; -} - -err_status_t -hmac_start(hmac_ctx_t *state) { - - memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t)); - - return err_status_ok; -} - -err_status_t -hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets) { - - debug_print(mod_hmac, "input: %s", - octet_string_hex_string(message, msg_octets)); - - /* hash message into sha1 context */ - sha1_update(&state->ctx, message, msg_octets); - - return err_status_ok; -} - -err_status_t -hmac_compute(hmac_ctx_t *state, const void *message, - int msg_octets, int tag_len, uint8_t *result) { - uint32_t hash_value[5]; - uint32_t H[5]; - int i; - - /* check tag length, return error if we can't provide the value expected */ - if (tag_len > 20) - return err_status_bad_param; - - /* hash message, copy output into H */ - hmac_update(state, (const uint8_t*)message, msg_octets); - sha1_final(&state->ctx, H); - - /* - * note that we don't need to debug_print() the input, since the - * function hmac_update() already did that for us - */ - debug_print(mod_hmac, "intermediate state: %s", - octet_string_hex_string((uint8_t *)H, 20)); - - /* re-initialize hash context */ - sha1_init(&state->ctx); - - /* hash opad ^ key */ - sha1_update(&state->ctx, (uint8_t *)state->opad, 64); - - /* hash the result of the inner hash */ - sha1_update(&state->ctx, (uint8_t *)H, 20); - - /* the result is returned in the array hash_value[] */ - sha1_final(&state->ctx, hash_value); - - /* copy hash_value to *result */ - for (i=0; i < tag_len; i++) - result[i] = ((uint8_t *)hash_value)[i]; - - debug_print(mod_hmac, "output: %s", - octet_string_hex_string((uint8_t *)hash_value, tag_len)); - - return err_status_ok; -} - - -/* begin test case 0 */ - -uint8_t -hmac_test_case_0_key[20] = { - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b -}; - -uint8_t -hmac_test_case_0_data[8] = { - 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */ -}; - -uint8_t -hmac_test_case_0_tag[20] = { - 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, - 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, - 0xf1, 0x46, 0xbe, 0x00 -}; - -auth_test_case_t -hmac_test_case_0 = { - 20, /* octets in key */ - hmac_test_case_0_key, /* key */ - 8, /* octets in data */ - hmac_test_case_0_data, /* data */ - 20, /* octets in tag */ - hmac_test_case_0_tag, /* tag */ - NULL /* pointer to next testcase */ -}; - -/* end test case 0 */ - -char hmac_description[] = "hmac sha-1 authentication function"; - -/* - * auth_type_t hmac is the hmac metaobject - */ - -auth_type_t -hmac = { - (auth_alloc_func) hmac_alloc, - (auth_dealloc_func) hmac_dealloc, - (auth_init_func) hmac_init, - (auth_compute_func) hmac_compute, - (auth_update_func) hmac_update, - (auth_start_func) hmac_start, - (char *) hmac_description, - (int) 0, /* instance count */ - (auth_test_case_t *) &hmac_test_case_0, - (debug_module_t *) &mod_hmac -}; - diff --git a/crypto/hash/null_auth.c b/crypto/hash/null_auth.c deleted file mode 100644 index d73f3f8..0000000 --- a/crypto/hash/null_auth.c +++ /dev/null @@ -1,159 +0,0 @@ -/* - * null_auth.c - * - * implements the do-nothing auth algorithm - * - * David A. McGrew - * Cisco Systems, Inc. - * - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include "null_auth.h" -#include "alloc.h" - -/* null_auth uses the auth debug module */ - -extern debug_module_t mod_auth; - -err_status_t -null_auth_alloc(auth_t **a, int key_len, int out_len) { - extern auth_type_t null_auth; - uint8_t *pointer; - - debug_print(mod_auth, "allocating auth func with key length %d", key_len); - debug_print(mod_auth, " tag length %d", out_len); - - /* allocate memory for auth and null_auth_ctx_t structures */ - pointer = (uint8_t*)crypto_alloc(sizeof(null_auth_ctx_t) + sizeof(auth_t)); - if (pointer == NULL) - return err_status_alloc_fail; - - /* set pointers */ - *a = (auth_t *)pointer; - (*a)->type = &null_auth; - (*a)->state = pointer + sizeof (auth_t); - (*a)->out_len = out_len; - (*a)->prefix_len = out_len; - (*a)->key_len = key_len; - - /* increment global count of all null_auth uses */ - null_auth.ref_count++; - - return err_status_ok; -} - -err_status_t -null_auth_dealloc(auth_t *a) { - extern auth_type_t null_auth; - - /* zeroize entire state*/ - octet_string_set_to_zero((uint8_t *)a, - sizeof(null_auth_ctx_t) + sizeof(auth_t)); - - /* free memory */ - crypto_free(a); - - /* decrement global count of all null_auth uses */ - null_auth.ref_count--; - - return err_status_ok; -} - -err_status_t -null_auth_init(null_auth_ctx_t *state, const uint8_t *key, int key_len) { - - /* accept any length of key, and do nothing */ - - return err_status_ok; -} - -err_status_t -null_auth_compute(null_auth_ctx_t *state, uint8_t *message, - int msg_octets, int tag_len, uint8_t *result) { - - return err_status_ok; -} - -err_status_t -null_auth_update(null_auth_ctx_t *state, uint8_t *message, - int msg_octets) { - - return err_status_ok; -} - -err_status_t -null_auth_start(null_auth_ctx_t *state) { - return err_status_ok; -} - -/* - * auth_type_t - defines description, test case, and null_auth - * metaobject - */ - -/* begin test case 0 */ - -auth_test_case_t -null_auth_test_case_0 = { - 0, /* octets in key */ - NULL, /* key */ - 0, /* octets in data */ - NULL, /* data */ - 0, /* octets in tag */ - NULL, /* tag */ - NULL /* pointer to next testcase */ -}; - -/* end test case 0 */ - -char null_auth_description[] = "null authentication function"; - -auth_type_t -null_auth = { - (auth_alloc_func) null_auth_alloc, - (auth_dealloc_func) null_auth_dealloc, - (auth_init_func) null_auth_init, - (auth_compute_func) null_auth_compute, - (auth_update_func) null_auth_update, - (auth_start_func) null_auth_start, - (char *) null_auth_description, - (int) 0, /* instance count */ - (auth_test_case_t *) &null_auth_test_case_0 -}; diff --git a/crypto/hash/sha1.c b/crypto/hash/sha1.c deleted file mode 100644 index b9a8d10..0000000 --- a/crypto/hash/sha1.c +++ /dev/null @@ -1,405 +0,0 @@ -/* - * sha1.c - * - * an implementation of the Secure Hash Algorithm v.1 (SHA-1), - * specified in FIPS 180-1 - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include "sha1.h" - -debug_module_t mod_sha1 = { - 0, /* debugging is off by default */ - "sha-1" /* printable module name */ -}; - -/* SN == Rotate left N bits */ -#define S1(X) ((X << 1) | (X >> 31)) -#define S5(X) ((X << 5) | (X >> 27)) -#define S30(X) ((X << 30) | (X >> 2)) - -#define f0(B,C,D) ((B & C) | (~B & D)) -#define f1(B,C,D) (B ^ C ^ D) -#define f2(B,C,D) ((B & C) | (B & D) | (C & D)) -#define f3(B,C,D) (B ^ C ^ D) - -/* - * nota bene: the variable K0 appears in the curses library, so we - * give longer names to these variables to avoid spurious warnings - * on systems that uses curses - */ - -uint32_t SHA_K0 = 0x5A827999; /* Kt for 0 <= t <= 19 */ -uint32_t SHA_K1 = 0x6ED9EBA1; /* Kt for 20 <= t <= 39 */ -uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt for 40 <= t <= 59 */ -uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */ - -void -sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) { - sha1_ctx_t ctx; - - sha1_init(&ctx); - sha1_update(&ctx, msg, octets_in_msg); - sha1_final(&ctx, hash_value); - -} - -/* - * sha1_core(M, H) computes the core compression function, where M is - * the next part of the message (in network byte order) and H is the - * intermediate state { H0, H1, ...} (in host byte order) - * - * this function does not do any of the padding required in the - * complete SHA1 function - * - * this function is used in the SEAL 3.0 key setup routines - * (crypto/cipher/seal.c) - */ - -void -sha1_core(const uint32_t M[16], uint32_t hash_value[5]) { - uint32_t H0; - uint32_t H1; - uint32_t H2; - uint32_t H3; - uint32_t H4; - uint32_t W[80]; - uint32_t A, B, C, D, E, TEMP; - int t; - - /* copy hash_value into H0, H1, H2, H3, H4 */ - H0 = hash_value[0]; - H1 = hash_value[1]; - H2 = hash_value[2]; - H3 = hash_value[3]; - H4 = hash_value[4]; - - /* copy/xor message into array */ - - W[0] = be32_to_cpu(M[0]); - W[1] = be32_to_cpu(M[1]); - W[2] = be32_to_cpu(M[2]); - W[3] = be32_to_cpu(M[3]); - W[4] = be32_to_cpu(M[4]); - W[5] = be32_to_cpu(M[5]); - W[6] = be32_to_cpu(M[6]); - W[7] = be32_to_cpu(M[7]); - W[8] = be32_to_cpu(M[8]); - W[9] = be32_to_cpu(M[9]); - W[10] = be32_to_cpu(M[10]); - W[11] = be32_to_cpu(M[11]); - W[12] = be32_to_cpu(M[12]); - W[13] = be32_to_cpu(M[13]); - W[14] = be32_to_cpu(M[14]); - W[15] = be32_to_cpu(M[15]); - TEMP = W[13] ^ W[8] ^ W[2] ^ W[0]; W[16] = S1(TEMP); - TEMP = W[14] ^ W[9] ^ W[3] ^ W[1]; W[17] = S1(TEMP); - TEMP = W[15] ^ W[10] ^ W[4] ^ W[2]; W[18] = S1(TEMP); - TEMP = W[16] ^ W[11] ^ W[5] ^ W[3]; W[19] = S1(TEMP); - TEMP = W[17] ^ W[12] ^ W[6] ^ W[4]; W[20] = S1(TEMP); - TEMP = W[18] ^ W[13] ^ W[7] ^ W[5]; W[21] = S1(TEMP); - TEMP = W[19] ^ W[14] ^ W[8] ^ W[6]; W[22] = S1(TEMP); - TEMP = W[20] ^ W[15] ^ W[9] ^ W[7]; W[23] = S1(TEMP); - TEMP = W[21] ^ W[16] ^ W[10] ^ W[8]; W[24] = S1(TEMP); - TEMP = W[22] ^ W[17] ^ W[11] ^ W[9]; W[25] = S1(TEMP); - TEMP = W[23] ^ W[18] ^ W[12] ^ W[10]; W[26] = S1(TEMP); - TEMP = W[24] ^ W[19] ^ W[13] ^ W[11]; W[27] = S1(TEMP); - TEMP = W[25] ^ W[20] ^ W[14] ^ W[12]; W[28] = S1(TEMP); - TEMP = W[26] ^ W[21] ^ W[15] ^ W[13]; W[29] = S1(TEMP); - TEMP = W[27] ^ W[22] ^ W[16] ^ W[14]; W[30] = S1(TEMP); - TEMP = W[28] ^ W[23] ^ W[17] ^ W[15]; W[31] = S1(TEMP); - - /* process the remainder of the array */ - for (t=32; t < 80; t++) { - TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; - W[t] = S1(TEMP); - } - - A = H0; B = H1; C = H2; D = H3; E = H4; - - for (t=0; t < 20; t++) { - TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0; - E = D; D = C; C = S30(B); B = A; A = TEMP; - } - for ( ; t < 40; t++) { - TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1; - E = D; D = C; C = S30(B); B = A; A = TEMP; - } - for ( ; t < 60; t++) { - TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2; - E = D; D = C; C = S30(B); B = A; A = TEMP; - } - for ( ; t < 80; t++) { - TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3; - E = D; D = C; C = S30(B); B = A; A = TEMP; - } - - hash_value[0] = H0 + A; - hash_value[1] = H1 + B; - hash_value[2] = H2 + C; - hash_value[3] = H3 + D; - hash_value[4] = H4 + E; - - return; -} - -void -sha1_init(sha1_ctx_t *ctx) { - - /* initialize state vector */ - ctx->H[0] = 0x67452301; - ctx->H[1] = 0xefcdab89; - ctx->H[2] = 0x98badcfe; - ctx->H[3] = 0x10325476; - ctx->H[4] = 0xc3d2e1f0; - - /* indicate that message buffer is empty */ - ctx->octets_in_buffer = 0; - - /* reset message bit-count to zero */ - ctx->num_bits_in_msg = 0; - -} - -void -sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) { - int i; - uint8_t *buf = (uint8_t *)ctx->M; - - /* update message bit-count */ - ctx->num_bits_in_msg += octets_in_msg * 8; - - /* loop over 16-word blocks of M */ - while (octets_in_msg > 0) { - - if (octets_in_msg + ctx->octets_in_buffer >= 64) { - - /* - * copy words of M into msg buffer until that buffer is full, - * converting them into host byte order as needed - */ - octets_in_msg -= (64 - ctx->octets_in_buffer); - for (i=ctx->octets_in_buffer; i < 64; i++) - buf[i] = *msg++; - ctx->octets_in_buffer = 0; - - /* process a whole block */ - - debug_print(mod_sha1, "(update) running sha1_core()", NULL); - - sha1_core(ctx->M, ctx->H); - - } else { - - debug_print(mod_sha1, "(update) not running sha1_core()", NULL); - - for (i=ctx->octets_in_buffer; - i < (ctx->octets_in_buffer + octets_in_msg); i++) - buf[i] = *msg++; - ctx->octets_in_buffer += octets_in_msg; - octets_in_msg = 0; - } - - } - -} - -/* - * sha1_final(ctx, output) computes the result for ctx and copies it - * into the twenty octets located at *output - */ - -void -sha1_final(sha1_ctx_t *ctx, uint32_t *output) { - uint32_t A, B, C, D, E, TEMP; - uint32_t W[80]; - int i, t; - - /* - * process the remaining octets_in_buffer, padding and terminating as - * necessary - */ - { - int tail = ctx->octets_in_buffer % 4; - - /* copy/xor message into array */ - for (i=0; i < (ctx->octets_in_buffer+3)/4; i++) - W[i] = be32_to_cpu(ctx->M[i]); - - /* set the high bit of the octet immediately following the message */ - switch (tail) { - case (3): - W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xffffff00) | 0x80; - W[i] = 0x0; - break; - case (2): - W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xffff0000) | 0x8000; - W[i] = 0x0; - break; - case (1): - W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xff000000) | 0x800000; - W[i] = 0x0; - break; - case (0): - W[i] = 0x80000000; - break; - } - - /* zeroize remaining words */ - for (i++ ; i < 15; i++) - W[i] = 0x0; - - /* - * if there is room at the end of the word array, then set the - * last word to the bit-length of the message; otherwise, set that - * word to zero and then we need to do one more run of the - * compression algo. - */ - if (ctx->octets_in_buffer < 56) - W[15] = ctx->num_bits_in_msg; - else if (ctx->octets_in_buffer < 60) - W[15] = 0x0; - - /* process the word array */ - for (t=16; t < 80; t++) { - TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; - W[t] = S1(TEMP); - } - - A = ctx->H[0]; - B = ctx->H[1]; - C = ctx->H[2]; - D = ctx->H[3]; - E = ctx->H[4]; - - for (t=0; t < 20; t++) { - TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0; - E = D; D = C; C = S30(B); B = A; A = TEMP; - } - for ( ; t < 40; t++) { - TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1; - E = D; D = C; C = S30(B); B = A; A = TEMP; - } - for ( ; t < 60; t++) { - TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2; - E = D; D = C; C = S30(B); B = A; A = TEMP; - } - for ( ; t < 80; t++) { - TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3; - E = D; D = C; C = S30(B); B = A; A = TEMP; - } - - ctx->H[0] += A; - ctx->H[1] += B; - ctx->H[2] += C; - ctx->H[3] += D; - ctx->H[4] += E; - - } - - debug_print(mod_sha1, "(final) running sha1_core()", NULL); - - if (ctx->octets_in_buffer >= 56) { - - debug_print(mod_sha1, "(final) running sha1_core() again", NULL); - - /* we need to do one final run of the compression algo */ - - /* - * set initial part of word array to zeros, and set the - * final part to the number of bits in the message - */ - for (i=0; i < 15; i++) - W[i] = 0x0; - W[15] = ctx->num_bits_in_msg; - - /* process the word array */ - for (t=16; t < 80; t++) { - TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; - W[t] = S1(TEMP); - } - - A = ctx->H[0]; - B = ctx->H[1]; - C = ctx->H[2]; - D = ctx->H[3]; - E = ctx->H[4]; - - for (t=0; t < 20; t++) { - TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0; - E = D; D = C; C = S30(B); B = A; A = TEMP; - } - for ( ; t < 40; t++) { - TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1; - E = D; D = C; C = S30(B); B = A; A = TEMP; - } - for ( ; t < 60; t++) { - TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2; - E = D; D = C; C = S30(B); B = A; A = TEMP; - } - for ( ; t < 80; t++) { - TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3; - E = D; D = C; C = S30(B); B = A; A = TEMP; - } - - ctx->H[0] += A; - ctx->H[1] += B; - ctx->H[2] += C; - ctx->H[3] += D; - ctx->H[4] += E; - } - - /* copy result into output buffer */ - output[0] = be32_to_cpu(ctx->H[0]); - output[1] = be32_to_cpu(ctx->H[1]); - output[2] = be32_to_cpu(ctx->H[2]); - output[3] = be32_to_cpu(ctx->H[3]); - output[4] = be32_to_cpu(ctx->H[4]); - - /* indicate that message buffer in context is empty */ - ctx->octets_in_buffer = 0; - - return; -} - - - diff --git a/crypto/include/aes.h b/crypto/include/aes.h deleted file mode 100644 index d965280..0000000 --- a/crypto/include/aes.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * aes.h - * - * header file for the AES block cipher - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef _AES_H -#define _AES_H - -#include "config.h" - -#include "datatypes.h" -#include "gf2_8.h" - -/* aes internals */ - -typedef v128_t aes_expanded_key_t[11]; - -void -aes_expand_encryption_key(const v128_t *key, - aes_expanded_key_t expanded_key); - -void -aes_expand_decryption_key(const v128_t *key, - aes_expanded_key_t expanded_key); - -void -aes_encrypt(v128_t *plaintext, const aes_expanded_key_t exp_key); - -void -aes_decrypt(v128_t *plaintext, const aes_expanded_key_t exp_key); - -#if 0 -/* - * internal functions - */ - -void -aes_init_sbox(void); - -void -aes_compute_tables(void); -#endif - -#endif /* _AES_H */ diff --git a/crypto/include/aes_cbc.h b/crypto/include/aes_cbc.h deleted file mode 100644 index 9fb6682..0000000 --- a/crypto/include/aes_cbc.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * aes_cbc.h - * - * Header for AES Cipher Blobk Chaining Mode. - * - * David A. McGrew - * Cisco Systems, Inc. - * - */ - -#ifndef AES_CBC_H -#define AES_CBC_H - -#include "aes.h" -#include "cipher.h" - -typedef struct { - v128_t state; /* cipher chaining state */ - v128_t previous; /* previous ciphertext block */ - aes_expanded_key_t expanded_key; /* the cipher key */ -} aes_cbc_ctx_t; - -err_status_t -aes_cbc_set_key(aes_cbc_ctx_t *c, - const unsigned char *key); - -err_status_t -aes_cbc_encrypt(aes_cbc_ctx_t *c, - unsigned char *buf, - unsigned int *bytes_in_data); - -err_status_t -aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, - cipher_direction_t dir); - -err_status_t -aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv); - -err_status_t -aes_cbc_nist_encrypt(aes_cbc_ctx_t *c, - unsigned char *data, - unsigned int *bytes_in_data); - -err_status_t -aes_cbc_nist_decrypt(aes_cbc_ctx_t *c, - unsigned char *data, - unsigned int *bytes_in_data); - -#endif /* AES_CBC_H */ - diff --git a/crypto/include/aes_icm.h b/crypto/include/aes_icm.h deleted file mode 100644 index 17a1ddb..0000000 --- a/crypto/include/aes_icm.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * aes_icm.h - * - * Header for AES Integer Counter Mode. - * - * David A. McGrew - * Cisco Systems, Inc. - * - */ - -#ifndef AES_ICM_H -#define AES_ICM_H - -#include "aes.h" -#include "cipher.h" - -typedef struct { - v128_t counter; /* holds the counter value */ - v128_t offset; /* initial offset value */ - v128_t keystream_buffer; /* buffers bytes of keystream */ - aes_expanded_key_t expanded_key; /* the cipher key */ - int bytes_in_buffer; /* number of unused bytes in buffer */ -} aes_icm_ctx_t; - - -err_status_t -aes_icm_context_init(aes_icm_ctx_t *c, - const unsigned char *key); - -err_status_t -aes_icm_set_iv(aes_icm_ctx_t *c, void *iv); - -err_status_t -aes_icm_encrypt(aes_icm_ctx_t *c, - unsigned char *buf, unsigned int *bytes_to_encr); - -err_status_t -aes_icm_output(aes_icm_ctx_t *c, - unsigned char *buf, int bytes_to_output); - -err_status_t -aes_icm_dealloc(cipher_t *c); - -err_status_t -aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c, - unsigned char *buf, - unsigned int *enc_len, - int forIsmacryp); - -err_status_t -aes_icm_alloc_ismacryp(cipher_t **c, - int key_len, - int forIsmacryp); - -#endif /* AES_ICM_H */ - diff --git a/crypto/include/alloc.h b/crypto/include/alloc.h deleted file mode 100644 index 5980eed..0000000 --- a/crypto/include/alloc.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * alloc.h - * - * interface to memory allocation and deallocation, with optional debugging - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#ifndef CRYPTO_ALLOC_H -#define CRYPTO_ALLOC_H - -#include "datatypes.h" - -void * -crypto_alloc(size_t size); - -void -crypto_free(void *ptr); - -#endif /* CRYPTO_ALLOC_H */ diff --git a/crypto/include/auth.h b/crypto/include/auth.h deleted file mode 100644 index 295b5f6..0000000 --- a/crypto/include/auth.h +++ /dev/null @@ -1,159 +0,0 @@ -/* - * auth.h - * - * common interface to authentication functions - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef AUTH_H -#define AUTH_H - -#include "datatypes.h" -#include "err.h" /* error codes */ - -typedef struct auth_type_t *auth_type_pointer; -typedef struct auth_t *auth_pointer_t; - -typedef err_status_t (*auth_alloc_func) - (auth_pointer_t *ap, int key_len, int out_len); - -typedef err_status_t (*auth_init_func) - (void *state, const uint8_t *key, int key_len); - -typedef err_status_t (*auth_dealloc_func)(auth_pointer_t ap); - -typedef err_status_t (*auth_compute_func) - (void *state, uint8_t *buffer, int octets_to_auth, - int tag_len, uint8_t *tag); - -typedef err_status_t (*auth_update_func) - (void *state, uint8_t *buffer, int octets_to_auth); - -typedef err_status_t (*auth_start_func)(void *state); - -/* some syntactic sugar on these function types */ - -#define auth_type_alloc(at, a, klen, outlen) \ - ((at)->alloc((a), (klen), (outlen))) - -#define auth_init(a, key) \ - (((a)->type)->init((a)->state, (key), ((a)->key_len))) - -#define auth_compute(a, buf, len, res) \ - (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res))) - -#define auth_update(a, buf, len) \ - (((a)->type)->update((a)->state, (buf), (len))) - -#define auth_start(a)(((a)->type)->start((a)->state)) - -#define auth_dealloc(c) (((c)->type)->dealloc(c)) - -/* functions to get information about a particular auth_t */ - -int -auth_get_key_length(const struct auth_t *a); - -int -auth_get_tag_length(const struct auth_t *a); - -int -auth_get_prefix_length(const struct auth_t *a); - -/* - * auth_test_case_t is a (list of) key/message/tag values that are - * known to be correct for a particular cipher. this data can be used - * to test an implementation in an on-the-fly self test of the - * correcness of the implementation. (see the auth_type_self_test() - * function below) - */ - -typedef struct auth_test_case_t { - int key_length_octets; /* octets in key */ - uint8_t *key; /* key */ - int data_length_octets; /* octets in data */ - uint8_t *data; /* data */ - int tag_length_octets; /* octets in tag */ - uint8_t *tag; /* tag */ - struct auth_test_case_t *next_test_case; /* pointer to next testcase */ -} auth_test_case_t; - -/* auth_type_t */ - -typedef struct auth_type_t { - auth_alloc_func alloc; - auth_dealloc_func dealloc; - auth_init_func init; - auth_compute_func compute; - auth_update_func update; - auth_start_func start; - char *description; - int ref_count; - auth_test_case_t *test_data; - debug_module_t *debug; -} auth_type_t; - -typedef struct auth_t { - auth_type_t *type; - void *state; - int out_len; /* length of output tag in octets */ - int key_len; /* length of key in octets */ - int prefix_len; /* length of keystream prefix */ -} auth_t; - -/* - * auth_type_self_test() tests an auth_type against test cases - * provided in an array of values of key/message/tag that is known to - * be good - */ - -err_status_t -auth_type_self_test(const auth_type_t *at); - -/* - * auth_type_get_ref_count(at) returns the reference count (the number - * of instantiations) of the auth_type_t at - */ - -int -auth_type_get_ref_count(const auth_type_t *at); - -#endif /* AUTH_H */ diff --git a/crypto/include/cipher.h b/crypto/include/cipher.h deleted file mode 100644 index 96ee9dc..0000000 --- a/crypto/include/cipher.h +++ /dev/null @@ -1,218 +0,0 @@ -/* - * cipher.h - * - * common interface to ciphers - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#ifndef CIPHER_H -#define CIPHER_H - -#include "datatypes.h" -#include "rdbx.h" /* for xtd_seq_num_t */ -#include "err.h" /* for error codes */ - - -/** - * @brief cipher_direction_t defines a particular cipher operation. - * - * A cipher_direction_t is an enum that describes a particular cipher - * operation, i.e. encryption or decryption. For some ciphers, this - * distinction does not matter, but for others, it is essential. - */ - -typedef enum { - direction_encrypt, /**< encryption (convert plaintext to ciphertext) */ - direction_decrypt, /**< decryption (convert ciphertext to plaintext) */ - direction_any /**< encryption or decryption */ -} cipher_direction_t; - -/* - * the cipher_pointer and cipher_type_pointer definitions are needed - * as cipher_t and cipher_type_t are not yet defined - */ - -typedef struct cipher_type_t *cipher_type_pointer_t; -typedef struct cipher_t *cipher_pointer_t; - -/* - * a cipher_alloc_func_t allocates (but does not initialize) a cipher_t - */ - -typedef err_status_t (*cipher_alloc_func_t) - (cipher_pointer_t *cp, int key_len); - -/* - * a cipher_init_func_t [re-]initializes a cipher_t with a given key - * and direction (i.e., encrypt or decrypt) - */ - -typedef err_status_t (*cipher_init_func_t) - (void *state, const uint8_t *key, cipher_direction_t dir); - -/* a cipher_dealloc_func_t de-allocates a cipher_t */ - -typedef err_status_t (*cipher_dealloc_func_t)(cipher_pointer_t cp); - -/* a cipher_set_segment_func_t sets the segment index of a cipher_t */ - -typedef err_status_t (*cipher_set_segment_func_t) - (void *state, xtd_seq_num_t idx); - -/* a cipher_encrypt_func_t encrypts data in-place */ - -typedef err_status_t (*cipher_encrypt_func_t) - (void *state, uint8_t *buffer, unsigned int *octets_to_encrypt); - -/* a cipher_decrypt_func_t decrypts data in-place */ - -typedef err_status_t (*cipher_decrypt_func_t) - (void *state, uint8_t *buffer, unsigned int *octets_to_decrypt); - -/* - * a cipher_set_nonce_seq_func_t function sets both the nonce - * and the extended sequence number - */ - -typedef err_status_t (*cipher_set_iv_func_t) - (cipher_pointer_t cp, void *iv); - -/* - * cipher_test_case_t is a (list of) key, salt, xtd_seq_num_t, - * plaintext, and ciphertext values that are known to be correct for a - * particular cipher. this data can be used to test an implementation - * in an on-the-fly self test of the correcness of the implementation. - * (see the cipher_type_self_test() function below) - */ - -typedef struct cipher_test_case_t { - int key_length_octets; /* octets in key */ - uint8_t *key; /* key */ - uint8_t *idx; /* packet index */ - int plaintext_length_octets; /* octets in plaintext */ - uint8_t *plaintext; /* plaintext */ - int ciphertext_length_octets; /* octets in plaintext */ - uint8_t *ciphertext; /* ciphertext */ - struct cipher_test_case_t *next_test_case; /* pointer to next testcase */ -} cipher_test_case_t; - -/* cipher_type_t defines the 'metadata' for a particular cipher type */ - -typedef struct cipher_type_t { - cipher_alloc_func_t alloc; - cipher_dealloc_func_t dealloc; - cipher_init_func_t init; - cipher_encrypt_func_t encrypt; - cipher_encrypt_func_t decrypt; - cipher_set_iv_func_t set_iv; - char *description; - int ref_count; - cipher_test_case_t *test_data; - debug_module_t *debug; -} cipher_type_t; - -/* - * cipher_t defines an instantiation of a particular cipher, with fixed - * key length, key and salt values - */ - -typedef struct cipher_t { - cipher_type_t *type; - void *state; - int key_len; -#ifdef FORCE_64BIT_ALIGN - int pad; -#endif -} cipher_t; - -/* some syntactic sugar on these function types */ - -#define cipher_type_alloc(ct, c, klen) ((ct)->alloc((c), (klen))) - -#define cipher_dealloc(c) (((c)->type)->dealloc(c)) - -#define cipher_init(c, k, dir) (((c)->type)->init(((c)->state), (k), (dir))) - -#define cipher_encrypt(c, buf, len) \ - (((c)->type)->encrypt(((c)->state), (buf), (len))) - -#define cipher_decrypt(c, buf, len) \ - (((c)->type)->decrypt(((c)->state), (buf), (len))) - -#define cipher_set_iv(c, n) \ - ((c) ? (((c)->type)->set_iv(((cipher_pointer_t)(c)->state), (n))) : \ - err_status_no_such_op) - -err_status_t -cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output); - - -/* some bookkeeping functions */ - -int -cipher_get_key_length(const cipher_t *c); - - -/* - * cipher_type_self_test() tests a cipher against test cases provided in - * an array of values of key/xtd_seq_num_t/plaintext/ciphertext - * that is known to be good - */ - -err_status_t -cipher_type_self_test(const cipher_type_t *ct); - - -/* - * cipher_bits_per_second(c, l, t) computes (and estimate of) the - * number of bits that a cipher implementation can encrypt in a second - * - * c is a cipher (which MUST be allocated and initialized already), l - * is the length in octets of the test data to be encrypted, and t is - * the number of trials - * - * if an error is encountered, then the value 0 is returned - */ - -uint64_t -cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials); - -#endif /* CIPHER_H */ diff --git a/crypto/include/config.h b/crypto/include/config.h deleted file mode 100644 index 9c66dd1..0000000 --- a/crypto/include/config.h +++ /dev/null @@ -1,202 +0,0 @@ -/* crypto/include/config.h. Generated by configure. */ -/* config_in.h. Generated from configure.in by autoheader. */ - -/* Define if building for a CISC machine (e.g. Intel). */ -#define CPU_CISC 1 - -/* Define if building for a RISC machine (assume slow byte access). */ -/* #undef CPU_RISC */ - -/* Path to random device */ -#define DEV_URANDOM "/dev/urandom" - -/* Define to compile in dynamic debugging system. */ -#define ENABLE_DEBUGGING 1 - -/* Report errors to this file. */ -/* #undef ERR_REPORTING_FILE */ - -/* Define to use logging to stdout. */ -#define ERR_REPORTING_STDOUT 1 - -/* Define this to use ISMAcryp code. */ -/* #undef GENERIC_AESICM */ - -/* Define to 1 if you have the <arpa/inet.h> header file. */ -#define HAVE_ARPA_INET_H 1 - -/* Define to 1 if you have the <byteswap.h> header file. */ -#define HAVE_BYTESWAP_H 1 - -/* Define to 1 if you have the `inet_aton' function. */ -#define HAVE_INET_ATON 1 - -/* Define to 1 if the system has the type `int16_t'. */ -#define HAVE_INT16_T 1 - -/* Define to 1 if the system has the type `int32_t'. */ -#define HAVE_INT32_T 1 - -/* Define to 1 if the system has the type `int8_t'. */ -#define HAVE_INT8_T 1 - -/* Define to 1 if you have the <inttypes.h> header file. */ -#define HAVE_INTTYPES_H 1 - -/* Define to 1 if you have the `socket' library (-lsocket). */ -/* #undef HAVE_LIBSOCKET */ - -/* Define to 1 if you have the <machine/types.h> header file. */ -/* #undef HAVE_MACHINE_TYPES_H */ - -/* Define to 1 if you have the <memory.h> header file. */ -#define HAVE_MEMORY_H 1 - -/* Define to 1 if you have the <netinet/in.h> header file. */ -#define HAVE_NETINET_IN_H 1 - -/* Define to 1 if you have the `socket' function. */ -#define HAVE_SOCKET 1 - -/* Define to 1 if you have the <stdint.h> header file. */ -#define HAVE_STDINT_H 1 - -/* Define to 1 if you have the <stdlib.h> header file. */ -#define HAVE_STDLIB_H 1 - -/* Define to 1 if you have the <strings.h> header file. */ -#define HAVE_STRINGS_H 1 - -/* Define to 1 if you have the <string.h> header file. */ -#define HAVE_STRING_H 1 - -/* Define to 1 if you have the <syslog.h> header file. */ -#define HAVE_SYSLOG_H 1 - -/* Define to 1 if you have the <sys/int_types.h> header file. */ -/* #undef HAVE_SYS_INT_TYPES_H */ - -/* Define to 1 if you have the <sys/socket.h> header file. */ -#define HAVE_SYS_SOCKET_H 1 - -/* Define to 1 if you have the <sys/stat.h> header file. */ -#define HAVE_SYS_STAT_H 1 - -/* Define to 1 if you have the <sys/types.h> header file. */ -#define HAVE_SYS_TYPES_H 1 - -/* Define to 1 if you have the <sys/uio.h> header file. */ -#define HAVE_SYS_UIO_H 1 - -/* Define to 1 if the system has the type `uint16_t'. */ -#define HAVE_UINT16_T 1 - -/* Define to 1 if the system has the type `uint32_t'. */ -#define HAVE_UINT32_T 1 - -/* Define to 1 if the system has the type `uint64_t'. */ -#define HAVE_UINT64_T 1 - -/* Define to 1 if the system has the type `uint8_t'. */ -#define HAVE_UINT8_T 1 - -/* Define to 1 if you have the <unistd.h> header file. */ -#define HAVE_UNISTD_H 1 - -/* Define to 1 if you have the `usleep' function. */ -#define HAVE_USLEEP 1 - -/* Define to 1 if you have the <windows.h> header file. */ -/* #undef HAVE_WINDOWS_H */ - -/* Define to 1 if you have the <winsock2.h> header file. */ -/* #undef HAVE_WINSOCK2_H */ - -/* Define to use X86 inlined assembly code */ -/* #undef HAVE_X86 */ - -/* Define to the address where bug reports for this package should be sent. */ -#define PACKAGE_BUGREPORT "" - -/* Define to the full name of this package. */ -#define PACKAGE_NAME "" - -/* Define to the full name and version of this package. */ -#define PACKAGE_STRING "" - -/* Define to the one symbol short name of this package. */ -#define PACKAGE_TARNAME "" - -/* Define to the version of this package. */ -#define PACKAGE_VERSION "" - -/* The size of a `unsigned long', as computed by sizeof. */ -#if defined(__GNUC__) && defined(__LP64__) -#define SIZEOF_UNSIGNED_LONG 8 -#else -#define SIZEOF_UNSIGNED_LONG 4 -#endif - -/* The size of a `unsigned long long', as computed by sizeof. */ -#define SIZEOF_UNSIGNED_LONG_LONG 8 - -/* Define to use GDOI. */ -/* #undef SRTP_GDOI */ - -/* Define to compile for kernel contexts. */ -/* #undef SRTP_KERNEL */ - -/* Define to compile for Linux kernel context. */ -/* #undef SRTP_KERNEL_LINUX */ - -/* Define to 1 if you have the ANSI C header files. */ -#define STDC_HEADERS 1 - -/* Write errors to this file */ -/* #undef USE_ERR_REPORTING_FILE */ - -/* Define to use syslog logging. */ -/* #undef USE_SYSLOG */ - -/* Define to 1 if your processor stores words with the most significant byte - first (like Motorola and SPARC, unlike Intel and VAX). */ -/* #undef WORDS_BIGENDIAN */ - -/* Define to empty if `const' does not conform to ANSI C. */ -/* #undef const */ - -/* Define to `__inline__' or `__inline' if that's what the C compiler - calls it, or to nothing if 'inline' is not supported under any name. */ -#ifndef __cplusplus -/* #undef inline */ -#endif - -/* Define to `unsigned' if <sys/types.h> does not define. */ -/* #undef size_t */ - -/* Adjustments to build under MSVC. */ -#if defined(WIN32) -#undef DEV_URANDOM -#undef HAVE_BYTESWAP_H -#undef HAVE_INT16_T -#undef HAVE_INT32_T -#undef HAVE_INT8_T -#undef HAVE_INTTYPES_H -#undef HAVE_UINT16_T -#undef HAVE_UINT32_T -#undef HAVE_UINT64_T -#undef HAVE_UINT8_T -#undef HAVE_NETINET_IN_H -#define HAVE_WINSOCK2_H -#undef HAVE_STDINT_H -#ifndef __cplusplus -#define inline -#endif -typedef short int16_t; -#elif defined(IOS) -#undef HAVE_BYTESWAP_H -/* Adjustments to build on MacOS. */ -#elif defined(OSX) -#undef DEV_URANDOM -#undef HAVE_BYTESWAP_H -#endif diff --git a/crypto/include/crypto.h b/crypto/include/crypto.h deleted file mode 100644 index 0e9667d..0000000 --- a/crypto/include/crypto.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * crypto.h - * - * API for libcrypto - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -#ifndef CRYPTO_H -#define CRYPTO_H - -/** - * @brief A cipher_type_id_t is an identifier for a particular cipher - * type. - * - * A cipher_type_id_t is an integer that represents a particular - * cipher type, e.g. the Advanced Encryption Standard (AES). A - * NULL_CIPHER is avaliable; this cipher leaves the data unchanged, - * and can be selected to indicate that no encryption is to take - * place. - * - * @ingroup Ciphers - */ -typedef uint32_t cipher_type_id_t; - -/** - * @brief An auth_type_id_t is an identifier for a particular authentication - * function. - * - * An auth_type_id_t is an integer that represents a particular - * authentication function type, e.g. HMAC-SHA1. A NULL_AUTH is - * avaliable; this authentication function performs no computation, - * and can be selected to indicate that no authentication is to take - * place. - * - * @ingroup Authentication - */ -typedef uint32_t auth_type_id_t; - -#endif /* CRYPTO_H */ - - diff --git a/crypto/include/crypto_kernel.h b/crypto/include/crypto_kernel.h deleted file mode 100644 index b8cd9be..0000000 --- a/crypto/include/crypto_kernel.h +++ /dev/null @@ -1,258 +0,0 @@ -/* - * crypto_kernel.h - * - * header for the cryptographic kernel - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright(c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#ifndef CRYPTO_KERNEL -#define CRYPTO_KERNEL - -#include "rand_source.h" -#include "prng.h" -#include "cipher.h" -#include "auth.h" -#include "cryptoalg.h" -#include "stat.h" -#include "err.h" -#include "crypto_types.h" -#include "key.h" -#include "crypto.h" - -/* - * crypto_kernel_state_t defines the possible states: - * - * insecure - not yet initialized - * secure - initialized and passed self-tests - */ - -typedef enum { - crypto_kernel_state_insecure, - crypto_kernel_state_secure -} crypto_kernel_state_t; - -/* - * linked list of cipher types - */ - -typedef struct kernel_cipher_type { - cipher_type_id_t id; - cipher_type_t *cipher_type; - struct kernel_cipher_type *next; -} kernel_cipher_type_t; - -/* - * linked list of auth types - */ - -typedef struct kernel_auth_type { - auth_type_id_t id; - auth_type_t *auth_type; - struct kernel_auth_type *next; -} kernel_auth_type_t; - -/* - * linked list of debug modules - */ - -typedef struct kernel_debug_module { - debug_module_t *mod; - struct kernel_debug_module *next; -} kernel_debug_module_t; - - -/* - * crypto_kernel_t is the data structure for the crypto kernel - * - * note that there is *exactly one* instance of this data type, - * a global variable defined in crypto_kernel.c - */ - -typedef struct { - crypto_kernel_state_t state; /* current state of kernel */ - kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */ - kernel_auth_type_t *auth_type_list; /* list of all auth func types */ - kernel_debug_module_t *debug_module_list; /* list of all debug modules */ -} crypto_kernel_t; - - -/* - * crypto_kernel_t external api - */ - - -/* - * The function crypto_kernel_init() initialized the crypto kernel and - * runs the self-test operations on the random number generators and - * crypto algorithms. Possible return values are: - * - * err_status_ok initialization successful - * <other> init failure - * - * If any value other than err_status_ok is returned, the - * crypto_kernel MUST NOT be used. - */ - -err_status_t -crypto_kernel_init(void); - - -/* - * The function crypto_kernel_shutdown() de-initializes the - * crypto_kernel, zeroizes keys and other cryptographic material, and - * deallocates any dynamically allocated memory. Possible return - * values are: - * - * err_status_ok shutdown successful - * <other> shutdown failure - * - */ - -err_status_t -crypto_kernel_shutdown(void); - -/* - * The function crypto_kernel_stats() checks the the crypto_kernel, - * running tests on the ciphers, auth funcs, and rng, and prints out a - * status report. Possible return values are: - * - * err_status_ok all tests were passed - * <other> a test failed - * - */ - -err_status_t -crypto_kernel_status(void); - - -/* - * crypto_kernel_list_debug_modules() outputs a list of debugging modules - * - */ - -err_status_t -crypto_kernel_list_debug_modules(void); - -/* - * crypto_kernel_load_cipher_type() - * - */ - -err_status_t -crypto_kernel_load_cipher_type(cipher_type_t *ct, cipher_type_id_t id); - -err_status_t -crypto_kernel_load_auth_type(auth_type_t *ct, auth_type_id_t id); - -err_status_t -crypto_kernel_load_debug_module(debug_module_t *new_dm); - -/* - * crypto_kernel_alloc_cipher(id, cp, key_len); - * - * allocates a cipher of type id at location *cp, with key length - * key_len octets. Return values are: - * - * err_status_ok no problems - * err_status_alloc_fail an allocation failure occured - * err_status_fail couldn't find cipher with identifier 'id' - */ - -err_status_t -crypto_kernel_alloc_cipher(cipher_type_id_t id, - cipher_pointer_t *cp, - int key_len); - -/* - * crypto_kernel_alloc_auth(id, ap, key_len, tag_len); - * - * allocates an auth function of type id at location *ap, with key - * length key_len octets and output tag length of tag_len. Return - * values are: - * - * err_status_ok no problems - * err_status_alloc_fail an allocation failure occured - * err_status_fail couldn't find auth with identifier 'id' - */ - -err_status_t -crypto_kernel_alloc_auth(auth_type_id_t id, - auth_pointer_t *ap, - int key_len, - int tag_len); - - -/* - * crypto_kernel_set_debug_module(mod_name, v) - * - * sets dynamic debugging to the value v (0 for off, 1 for on) for the - * debug module with the name mod_name - * - * returns err_status_ok on success, err_status_fail otherwise - */ - -err_status_t -crypto_kernel_set_debug_module(char *mod_name, int v); - -/** - * @brief writes a random octet string. - * - * The function call crypto_get_random(dest, len) writes len octets of - * random data to the location to which dest points, and returns an - * error code. This error code @b must be checked, and if a failure is - * reported, the data in the buffer @b must @b not be used. - * - * @warning If the return code is not checked, then non-random - * data may be in the buffer. This function will fail - * unless it is called after crypto_kernel_init(). - * - * @return - * - err_status_ok if no problems occured. - * - [other] a problem occured, and no assumptions should - * be made about the contents of the destination - * buffer. - * - * @ingroup SRTP - */ -err_status_t -crypto_get_random(unsigned char *buffer, unsigned int length); - -#endif /* CRYPTO_KERNEL */ diff --git a/crypto/include/crypto_math.h b/crypto/include/crypto_math.h deleted file mode 100644 index 52f0837..0000000 --- a/crypto/include/crypto_math.h +++ /dev/null @@ -1,239 +0,0 @@ -/* - * math.h - * - * crypto math operations and data types - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef MATH_H -#define MATH_H - -#include "datatypes.h" - -unsigned char -v32_weight(v32_t a); - -unsigned char -v32_distance(v32_t x, v32_t y); - -unsigned int -v32_dot_product(v32_t a, v32_t b); - -char * -v16_bit_string(v16_t x); - -char * -v32_bit_string(v32_t x); - -char * -v64_bit_string(const v64_t *x); - -char * -octet_hex_string(uint8_t x); - -char * -v16_hex_string(v16_t x); - -char * -v32_hex_string(v32_t x); - -char * -v64_hex_string(const v64_t *x); - -int -hex_char_to_nibble(uint8_t c); - -int -is_hex_string(char *s); - -v16_t -hex_string_to_v16(char *s); - -v32_t -hex_string_to_v32(char *s); - -v64_t -hex_string_to_v64(char *s); - -/* the matrix A[] is stored in column format, i.e., A[i] is - the ith column of the matrix */ - -uint8_t -A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b); - -void -v16_copy_octet_string(v16_t *x, const uint8_t s[2]); - -void -v32_copy_octet_string(v32_t *x, const uint8_t s[4]); - -void -v64_copy_octet_string(v64_t *x, const uint8_t s[8]); - -void -v128_add(v128_t *z, v128_t *x, v128_t *y); - -int -octet_string_is_eq(uint8_t *a, uint8_t *b, int len); - -void -octet_string_set_to_zero(uint8_t *s, int len); - - - -/* - * the matrix A[] is stored in column format, i.e., A[i] is the ith - * column of the matrix -*/ -uint8_t -A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b); - - -#if 0 -#if WORDS_BIGENDIAN - -#define _v128_add(z, x, y) { \ - uint64_t tmp; \ - \ - tmp = x->v32[3] + y->v32[3]; \ - z->v32[3] = (uint32_t) tmp; \ - \ - tmp = x->v32[2] + y->v32[2] + (tmp >> 32); \ - z->v32[2] = (uint32_t) tmp; \ - \ - tmp = x->v32[1] + y->v32[1] + (tmp >> 32); \ - z->v32[1] = (uint32_t) tmp; \ - \ - tmp = x->v32[0] + y->v32[0] + (tmp >> 32); \ - z->v32[0] = (uint32_t) tmp; \ -} - -#else /* assume little endian architecture */ - -#define _v128_add(z, x, y) { \ - uint64_t tmp; \ - \ - tmp = htonl(x->v32[3]) + htonl(y->v32[3]); \ - z->v32[3] = ntohl((uint32_t) tmp); \ - \ - tmp = htonl(x->v32[2]) + htonl(y->v32[2]) \ - + htonl(tmp >> 32); \ - z->v32[2] = ntohl((uint32_t) tmp); \ - \ - tmp = htonl(x->v32[1]) + htonl(y->v32[1]) \ - + htonl(tmp >> 32); \ - z->v32[1] = ntohl((uint32_t) tmp); \ - \ - tmp = htonl(x->v32[0]) + htonl(y->v32[0]) \ - + htonl(tmp >> 32); \ - z->v32[0] = ntohl((uint32_t) tmp); \ -} - -#endif /* WORDS_BIGENDIAN */ -#endif - -#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ - -#define v128_set_to_zero(z) _v128_set_to_zero(z) -#define v128_copy(z, x) _v128_copy(z, x) -#define v128_xor(z, x, y) _v128_xor(z, x, y) -#define v128_and(z, x, y) _v128_and(z, x, y) -#define v128_or(z, x, y) _v128_or(z, x, y) -#define v128_complement(x) _v128_complement(x) -#define v128_is_eq(x, y) _v128_is_eq(x, y) -#define v128_xor_eq(x, y) _v128_xor_eq(x, y) -#define v128_get_bit(x, i) _v128_get_bit(x, i) -#define v128_set_bit(x, i) _v128_set_bit(x, i) -#define v128_clear_bit(x, i) _v128_clear_bit(x, i) -#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y) - -#else - -void -v128_set_to_zero(v128_t *x); - -int -v128_is_eq(const v128_t *x, const v128_t *y); - -void -v128_copy(v128_t *x, const v128_t *y); - -void -v128_xor(v128_t *z, v128_t *x, v128_t *y); - -void -v128_and(v128_t *z, v128_t *x, v128_t *y); - -void -v128_or(v128_t *z, v128_t *x, v128_t *y); - -void -v128_complement(v128_t *x); - -int -v128_get_bit(const v128_t *x, int i); - -void -v128_set_bit(v128_t *x, int i) ; - -void -v128_clear_bit(v128_t *x, int i); - -void -v128_set_bit_to(v128_t *x, int i, int y); - -#endif /* DATATYPES_USE_MACROS */ - -/* - * octet_string_is_eq(a,b, len) returns 1 if the length len strings a - * and b are not equal, returns 0 otherwise - */ - -int -octet_string_is_eq(uint8_t *a, uint8_t *b, int len); - -void -octet_string_set_to_zero(uint8_t *s, int len); - - -#endif /* MATH_H */ - - - diff --git a/crypto/include/crypto_types.h b/crypto/include/crypto_types.h deleted file mode 100644 index 0ce50f4..0000000 --- a/crypto/include/crypto_types.h +++ /dev/null @@ -1,206 +0,0 @@ -/* - * crypto_types.h - * - * constants for cipher types and auth func types - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright(c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef CRYPTO_TYPES_H -#define CRYPTO_TYPES_H - -/** - * @defgroup Algos Cryptographic Algorithms - * - * - * This library provides several different cryptographic algorithms, - * each of which can be selected by using the cipher_type_id_t and - * auth_type_id_t. These algorithms are documented below. - * - * Authentication functions that use the Universal Security Transform - * (UST) must be used in conjunction with a cipher other than the null - * cipher. These functions require a per-message pseudorandom input - * that is generated by the cipher. - * - * The identifiers STRONGHOLD_AUTH and STRONGHOLD_CIPHER identify the - * strongest available authentication function and cipher, - * respectively. They are resolved at compile time to the strongest - * available algorithm. The stronghold algorithms can serve as did - * the keep of a medieval fortification; they provide the strongest - * defense (or the last refuge). - * - * @{ - */ - -/** - * @defgroup Ciphers Cipher Types - * - * @brief Each cipher type is identified by an unsigned integer. The - * cipher types available in this edition of libSRTP are given - * by the #defines below. - * - * A cipher_type_id_t is an identifier for a cipher_type; only values - * given by the #defines above (or those present in the file - * crypto_types.h) should be used. - * - * The identifier STRONGHOLD_CIPHER indicates the strongest available - * cipher, allowing an application to choose the strongest available - * algorithm without any advance knowledge about the avaliable - * algorithms. - * - * @{ - */ - -/** - * @brief The null cipher performs no encryption. - * - * The NULL_CIPHER leaves its inputs unaltered, during both the - * encryption and decryption operations. This cipher can be chosen - * to indicate that no encryption is to be performed. - */ -#define NULL_CIPHER 0 - -/** - * @brief AES-128 Integer Counter Mode (AES ICM) - * - * AES-128 ICM is the variant of counter mode that is used by Secure RTP. - * This cipher uses a 16-octet key and a 30-octet offset (or salt) value. - */ -#define AES_128_ICM 1 - -/** - * @brief SEAL 3.0 - * - * SEAL is the Software-Optimized Encryption Algorithm of Coppersmith - * and Rogaway. Nota bene: this cipher is IBM proprietary. - */ -#define SEAL 2 - -/** - * @brief AES-128 Integer Counter Mode (AES ICM) - * - * AES-128 ICM is the variant of counter mode that is used by Secure RTP. - * This cipher uses a 16-octet key and a 30-octet offset (or salt) value. - */ -#define AES_128_CBC 3 - -/** - * @brief Strongest available cipher. - * - * This identifier resolves to the strongest cipher type available. - */ -#define STRONGHOLD_CIPHER AES_128_ICM - -/** - * @} - */ - - - -/** - * @defgroup Authentication Authentication Function Types - * - * @brief Each authentication function type is identified by an - * unsigned integer. The authentication function types available in - * this edition of libSRTP are given by the #defines below. - * - * An auth_type_id_t is an identifier for an authentication function type; - * only values given by the #defines above (or those present in the - * file crypto_types.h) should be used. - * - * The identifier STRONGHOLD_AUTH indicates the strongest available - * authentication function, allowing an application to choose the - * strongest available algorithm without any advance knowledge about - * the avaliable algorithms. The stronghold algorithms can serve as - * did the keep of a medieval fortification; they provide the - * strongest defense (or the last refuge). - * - * @{ - */ - -/** - * @brief The null authentication function performs no authentication. - * - * The NULL_AUTH function does nothing, and can be selected to indicate - * that authentication should not be performed. - */ -#define NULL_AUTH 0 - -/** - * @brief UST with TMMH Version 2 - * - * UST_TMMHv2 implements the Truncated Multi-Modular Hash using - * UST. This function must be used in conjunction with a cipher other - * than the null cipher. - * with a cipher. - */ -#define UST_TMMHv2 1 - -/** - * @brief (UST) AES-128 XORMAC - * - * UST_AES_128_XMAC implements AES-128 XORMAC, using UST. Nota bene: - * the XORMAC algorithm is IBM proprietary. - */ -#define UST_AES_128_XMAC 2 - -/** - * @brief HMAC-SHA1 - * - * HMAC_SHA1 implements the Hash-based MAC using the NIST Secure - * Hash Algorithm version 1 (SHA1). - */ -#define HMAC_SHA1 3 - -/** - * @brief Strongest available authentication function. - * - * This identifier resolves to the strongest available authentication - * function. - */ -#define STRONGHOLD_AUTH HMAC_SHA1 - -/** - * @} - */ -/** - * @} - */ - -#endif /* CRYPTO_TYPES_H */ diff --git a/crypto/include/cryptoalg.h b/crypto/include/cryptoalg.h deleted file mode 100644 index d9f0441..0000000 --- a/crypto/include/cryptoalg.h +++ /dev/null @@ -1,133 +0,0 @@ -/* - * cryptoalg.h - * - * API for authenticated encryption crypto algorithms - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef CRYPTOALG_H -#define CRYPTOALG_H - -#include "err.h" - -/** - * @defgroup Crypto Cryptography - * - * Zed uses a simple interface to a cryptographic transform. - * - * @{ - */ - -/** - * @brief applies a crypto algorithm - * - * The function pointer cryptoalg_func_t points to a function that - * implements a crypto transform, and provides a uniform API for - * accessing crypto mechanisms. - * - * @param key location of secret key - * - * @param clear data to be authenticated but not encrypted - * - * @param clear_len length of data to be authenticated but not encrypted - * - * @param iv location to write the Initialization Vector (IV) - * - * @param protect location of the data to be encrypted and - * authenticated (before the function call), and the ciphertext - * and authentication tag (after the call) - * - * @param protected_len location of the length of the data to be - * encrypted and authenticated (before the function call), and the - * length of the ciphertext (after the call) - * - */ - -typedef err_status_t (*cryptoalg_func_t) - (void *key, - const void *clear, - unsigned clear_len, - void *iv, - void *protect, - unsigned *protected_len); - -typedef -err_status_t (*cryptoalg_inv_t) - (void *key, /* location of secret key */ - const void *clear, /* data to be authenticated only */ - unsigned clear_len, /* length of data to be authenticated only */ - void *iv, /* location of iv */ - void *opaque, /* data to be decrypted and authenticated */ - unsigned *opaque_len /* location of the length of data to be - * decrypted and authd (before and after) - */ - ); - -typedef struct cryptoalg_ctx_t { - cryptoalg_func_t enc; - cryptoalg_inv_t dec; - unsigned key_len; - unsigned iv_len; - unsigned auth_tag_len; - unsigned max_expansion; -} cryptoalg_ctx_t; - -typedef cryptoalg_ctx_t *cryptoalg_t; - -#define cryptoalg_get_key_len(cryptoalg) ((cryptoalg)->key_len) - -#define cryptoalg_get_iv_len(cryptoalg) ((cryptoalg)->iv_len) - -#define cryptoalg_get_auth_tag_len(cryptoalg) ((cryptoalg)->auth_tag_len) - -int -cryptoalg_get_id(cryptoalg_t c); - -cryptoalg_t -cryptoalg_find_by_id(int id); - - -/** - * @} - */ - -#endif /* CRYPTOALG_H */ - - diff --git a/crypto/include/datatypes.h b/crypto/include/datatypes.h deleted file mode 100644 index f6ef3af..0000000 --- a/crypto/include/datatypes.h +++ /dev/null @@ -1,506 +0,0 @@ -/* - * datatypes.h - * - * data types for bit vectors and finite fields - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#ifndef _DATATYPES_H -#define _DATATYPES_H - -#include "integers.h" /* definitions of uint32_t, et cetera */ -#include "alloc.h" - -#include <stdarg.h> - -#ifndef SRTP_KERNEL -# include <stdio.h> -# include <string.h> -# include <time.h> -# ifdef HAVE_NETINET_IN_H -# include <netinet/in.h> -# elif defined HAVE_WINSOCK2_H -# include <winsock2.h> -# endif -#endif - - -/* if DATATYPES_USE_MACROS is defined, then little functions are macros */ -#define DATATYPES_USE_MACROS - -typedef union { - uint8_t v8[2]; - uint16_t value; -} v16_t; - -typedef union { - uint8_t v8[4]; - uint16_t v16[2]; - uint32_t value; -} v32_t; - -typedef union { - uint8_t v8[8]; - uint16_t v16[4]; - uint32_t v32[2]; - uint64_t value; -} v64_t; - -typedef union { - uint8_t v8[16]; - uint16_t v16[8]; - uint32_t v32[4]; - uint64_t v64[2]; -} v128_t; - - - -/* some useful and simple math functions */ - -#define pow_2(X) ( (unsigned int)1 << (X) ) /* 2^X */ - -#define pow_minus_one(X) ( (X) ? -1 : 1 ) /* (-1)^X */ - - -/* - * octet_get_weight(x) returns the hamming weight (number of bits equal to - * one) in the octet x - */ - -int -octet_get_weight(uint8_t octet); - -char * -octet_bit_string(uint8_t x); - -#define MAX_PRINT_STRING_LEN 1024 - -char * -octet_string_hex_string(const void *str, int length); - -char * -v128_bit_string(v128_t *x); - -char * -v128_hex_string(v128_t *x); - -uint8_t -nibble_to_hex_char(uint8_t nibble); - -char * -char_to_hex_string(char *x, int num_char); - -uint8_t -hex_string_to_octet(char *s); - -/* - * hex_string_to_octet_string(raw, hex, len) converts the hexadecimal - * string at *hex (of length len octets) to the equivalent raw data - * and writes it to *raw. - * - * if a character in the hex string that is not a hexadeciaml digit - * (0123456789abcdefABCDEF) is encountered, the function stops writing - * data to *raw - * - * the number of hex digits copied (which is two times the number of - * octets in *raw) is returned - */ - -int -hex_string_to_octet_string(char *raw, char *hex, int len); - -v128_t -hex_string_to_v128(char *s); - -void -v128_copy_octet_string(v128_t *x, const uint8_t s[16]); - -void -v128_left_shift(v128_t *x, int index); - -void -v128_right_shift(v128_t *x, int index); - -/* - * the following macros define the data manipulation functions - * - * If DATATYPES_USE_MACROS is defined, then these macros are used - * directly (and function call overhead is avoided). Otherwise, - * the macros are used through the functions defined in datatypes.c - * (and the compiler provides better warnings). - */ - -#define _v128_set_to_zero(x) \ -( \ - (x)->v32[0] = 0, \ - (x)->v32[1] = 0, \ - (x)->v32[2] = 0, \ - (x)->v32[3] = 0 \ -) - -#define _v128_copy(x, y) \ -( \ - (x)->v32[0] = (y)->v32[0], \ - (x)->v32[1] = (y)->v32[1], \ - (x)->v32[2] = (y)->v32[2], \ - (x)->v32[3] = (y)->v32[3] \ -) - -#define _v128_xor(z, x, y) \ -( \ - (z)->v32[0] = (x)->v32[0] ^ (y)->v32[0], \ - (z)->v32[1] = (x)->v32[1] ^ (y)->v32[1], \ - (z)->v32[2] = (x)->v32[2] ^ (y)->v32[2], \ - (z)->v32[3] = (x)->v32[3] ^ (y)->v32[3] \ -) - -#define _v128_and(z, x, y) \ -( \ - (z)->v32[0] = (x)->v32[0] & (y)->v32[0], \ - (z)->v32[1] = (x)->v32[1] & (y)->v32[1], \ - (z)->v32[2] = (x)->v32[2] & (y)->v32[2], \ - (z)->v32[3] = (x)->v32[3] & (y)->v32[3] \ -) - -#define _v128_or(z, x, y) \ -( \ - (z)->v32[0] = (x)->v32[0] | (y)->v32[0], \ - (z)->v32[1] = (x)->v32[1] | (y)->v32[1], \ - (z)->v32[2] = (x)->v32[2] | (y)->v32[2], \ - (z)->v32[3] = (x)->v32[3] | (y)->v32[3] \ -) - -#define _v128_complement(x) \ -( \ - (x)->v32[0] = ~(x)->v32[0], \ - (x)->v32[1] = ~(x)->v32[1], \ - (x)->v32[2] = ~(x)->v32[2], \ - (x)->v32[3] = ~(x)->v32[3] \ -) - -/* ok for NO_64BIT_MATH if it can compare uint64_t's (even as structures) */ -#define _v128_is_eq(x, y) \ - (((x)->v64[0] == (y)->v64[0]) && ((x)->v64[1] == (y)->v64[1])) - - -#ifdef NO_64BIT_MATH -#define _v128_xor_eq(z, x) \ -( \ - (z)->v32[0] ^= (x)->v32[0], \ - (z)->v32[1] ^= (x)->v32[1], \ - (z)->v32[2] ^= (x)->v32[2], \ - (z)->v32[3] ^= (x)->v32[3] \ -) -#else -#define _v128_xor_eq(z, x) \ -( \ - (z)->v64[0] ^= (x)->v64[0], \ - (z)->v64[1] ^= (x)->v64[1] \ -) -#endif - -/* NOTE! This assumes an odd ordering! */ -/* This will not be compatible directly with math on some processors */ -/* bit 0 is first 32-bit word, low order bit. in little-endian, that's - the first byte of the first 32-bit word. In big-endian, that's - the 3rd byte of the first 32-bit word */ -/* The get/set bit code is used by the replay code ONLY, and it doesn't - really care which bit is which. AES does care which bit is which, but - doesn't use the 128-bit get/set or 128-bit shifts */ - -#define _v128_get_bit(x, bit) \ -( \ - ((((x)->v32[(bit) >> 5]) >> ((bit) & 31)) & 1) \ -) - -#define _v128_set_bit(x, bit) \ -( \ - (((x)->v32[(bit) >> 5]) |= ((uint32_t)1 << ((bit) & 31))) \ -) - -#define _v128_clear_bit(x, bit) \ -( \ - (((x)->v32[(bit) >> 5]) &= ~((uint32_t)1 << ((bit) & 31))) \ -) - -#define _v128_set_bit_to(x, bit, value) \ -( \ - (value) ? _v128_set_bit(x, bit) : \ - _v128_clear_bit(x, bit) \ -) - - -#if 0 -/* nothing uses this */ -#ifdef WORDS_BIGENDIAN - -#define _v128_add(z, x, y) { \ - uint64_t tmp; \ - \ - tmp = x->v32[3] + y->v32[3]; \ - z->v32[3] = (uint32_t) tmp; \ - \ - tmp = x->v32[2] + y->v32[2] + (tmp >> 32); \ - z->v32[2] = (uint32_t) tmp; \ - \ - tmp = x->v32[1] + y->v32[1] + (tmp >> 32); \ - z->v32[1] = (uint32_t) tmp; \ - \ - tmp = x->v32[0] + y->v32[0] + (tmp >> 32); \ - z->v32[0] = (uint32_t) tmp; \ -} - -#else /* assume little endian architecture */ - -#define _v128_add(z, x, y) { \ - uint64_t tmp; \ - \ - tmp = htonl(x->v32[3]) + htonl(y->v32[3]); \ - z->v32[3] = ntohl((uint32_t) tmp); \ - \ - tmp = htonl(x->v32[2]) + htonl(y->v32[2]) \ - + htonl(tmp >> 32); \ - z->v32[2] = ntohl((uint32_t) tmp); \ - \ - tmp = htonl(x->v32[1]) + htonl(y->v32[1]) \ - + htonl(tmp >> 32); \ - z->v32[1] = ntohl((uint32_t) tmp); \ - \ - tmp = htonl(x->v32[0]) + htonl(y->v32[0]) \ - + htonl(tmp >> 32); \ - z->v32[0] = ntohl((uint32_t) tmp); \ -} -#endif /* WORDS_BIGENDIAN */ -#endif /* 0 */ - - -#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ - -#define v128_set_to_zero(z) _v128_set_to_zero(z) -#define v128_copy(z, x) _v128_copy(z, x) -#define v128_xor(z, x, y) _v128_xor(z, x, y) -#define v128_and(z, x, y) _v128_and(z, x, y) -#define v128_or(z, x, y) _v128_or(z, x, y) -#define v128_complement(x) _v128_complement(x) -#define v128_is_eq(x, y) _v128_is_eq(x, y) -#define v128_xor_eq(x, y) _v128_xor_eq(x, y) -#define v128_get_bit(x, i) _v128_get_bit(x, i) -#define v128_set_bit(x, i) _v128_set_bit(x, i) -#define v128_clear_bit(x, i) _v128_clear_bit(x, i) -#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y) - -#else - -void -v128_set_to_zero(v128_t *x); - -int -v128_is_eq(const v128_t *x, const v128_t *y); - -void -v128_copy(v128_t *x, const v128_t *y); - -void -v128_xor(v128_t *z, v128_t *x, v128_t *y); - -void -v128_and(v128_t *z, v128_t *x, v128_t *y); - -void -v128_or(v128_t *z, v128_t *x, v128_t *y); - -void -v128_complement(v128_t *x); - -int -v128_get_bit(const v128_t *x, int i); - -void -v128_set_bit(v128_t *x, int i) ; - -void -v128_clear_bit(v128_t *x, int i); - -void -v128_set_bit_to(v128_t *x, int i, int y); - -#endif /* DATATYPES_USE_MACROS */ - -/* - * octet_string_is_eq(a,b, len) returns 1 if the length len strings a - * and b are not equal, returns 0 otherwise - */ - -int -octet_string_is_eq(uint8_t *a, uint8_t *b, int len); - -void -octet_string_set_to_zero(uint8_t *s, int len); - - -#ifndef SRTP_KERNEL_LINUX - -/* - * Convert big endian integers to CPU byte order. - */ -#ifdef WORDS_BIGENDIAN -/* Nothing to do. */ -# define be32_to_cpu(x) (x) -# define be64_to_cpu(x) (x) -#elif defined(HAVE_BYTESWAP_H) -/* We have (hopefully) optimized versions in byteswap.h */ -# include <byteswap.h> -# define be32_to_cpu(x) bswap_32((x)) -# define be64_to_cpu(x) bswap_64((x)) -#else - -#if defined(__GNUC__) && defined(HAVE_X86) -/* Fall back. */ -static inline uint32_t be32_to_cpu(uint32_t v) { - /* optimized for x86. */ - asm("bswap %0" : "=r" (v) : "0" (v)); - return v; -} -# else /* HAVE_X86 */ -# ifdef HAVE_NETINET_IN_H -# include <netinet/in.h> -# elif defined HAVE_WINSOCK2_H -# include <winsock2.h> -# endif -# define be32_to_cpu(x) ntohl((x)) -# endif /* HAVE_X86 */ - -static inline uint64_t be64_to_cpu(uint64_t v) { -# ifdef NO_64BIT_MATH - /* use the make64 functions to do 64-bit math */ - v = make64(htonl(low32(v)),htonl(high32(v))); -# else - /* use the native 64-bit math */ - v= (uint64_t)((be32_to_cpu((uint32_t)(v >> 32))) | (((uint64_t)be32_to_cpu((uint32_t)v)) << 32)); -# endif - return v; -} - -#endif /* ! SRTP_KERNEL_LINUX */ - -#endif /* WORDS_BIGENDIAN */ - -/* - * functions manipulating bitvector_t - * - * A bitvector_t consists of an array of words and an integer - * representing the number of significant bits stored in the array. - * The bits are packed as follows: the least significant bit is that - * of word[0], while the most significant bit is the nth most - * significant bit of word[m], where length = bits_per_word * m + n. - * - */ - -#define bits_per_word 32 -#define bytes_per_word 4 - -typedef struct { - uint32_t length; - uint32_t *word; -} bitvector_t; - - -#define _bitvector_get_bit(v, bit_index) \ -( \ - ((((v)->word[((bit_index) >> 5)]) >> ((bit_index) & 31)) & 1) \ -) - - -#define _bitvector_set_bit(v, bit_index) \ -( \ - (((v)->word[((bit_index) >> 5)] |= ((uint32_t)1 << ((bit_index) & 31)))) \ -) - -#define _bitvector_clear_bit(v, bit_index) \ -( \ - (((v)->word[((bit_index) >> 5)] &= ~((uint32_t)1 << ((bit_index) & 31)))) \ -) - -#define _bitvector_get_length(v) \ -( \ - ((v)->length) \ -) - -#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ - -#define bitvector_get_bit(v, bit_index) _bitvector_get_bit(v, bit_index) -#define bitvector_set_bit(v, bit_index) _bitvector_set_bit(v, bit_index) -#define bitvector_clear_bit(v, bit_index) _bitvector_clear_bit(v, bit_index) -#define bitvector_get_length(v) _bitvector_get_length(v) - -#else - -int -bitvector_get_bit(const bitvector_t *v, int bit_index); - -void -bitvector_set_bit(bitvector_t *v, int bit_index); - -void -bitvector_clear_bit(bitvector_t *v, int bit_index); - -unsigned long -bitvector_get_length(const bitvector_t *v); - -#endif - -int -bitvector_alloc(bitvector_t *v, unsigned long length); - -void -bitvector_dealloc(bitvector_t *v); - -void -bitvector_set_to_zero(bitvector_t *x); - -void -bitvector_left_shift(bitvector_t *x, int index); - -char * -bitvector_bit_string(bitvector_t *x, char* buf, int len); - -#endif /* _DATATYPES_H */ diff --git a/crypto/include/err.h b/crypto/include/err.h deleted file mode 100644 index 1a6e170..0000000 --- a/crypto/include/err.h +++ /dev/null @@ -1,174 +0,0 @@ -/* - * err.h - * - * error status codes - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#ifndef ERR_H -#define ERR_H - -#include "datatypes.h" - -/** - * @defgroup Error Error Codes - * - * Error status codes are represented by the enumeration err_status_t. - * - * @{ - */ - - -/* - * @brief err_status_t defines error codes. - * - * The enumeration err_status_t defines error codes. Note that the - * value of err_status_ok is equal to zero, which can simplify error - * checking somewhat. - * - */ -typedef enum { - err_status_ok = 0, /**< nothing to report */ - err_status_fail = 1, /**< unspecified failure */ - err_status_bad_param = 2, /**< unsupported parameter */ - err_status_alloc_fail = 3, /**< couldn't allocate memory */ - err_status_dealloc_fail = 4, /**< couldn't deallocate properly */ - err_status_init_fail = 5, /**< couldn't initialize */ - err_status_terminus = 6, /**< can't process as much data as requested */ - err_status_auth_fail = 7, /**< authentication failure */ - err_status_cipher_fail = 8, /**< cipher failure */ - err_status_replay_fail = 9, /**< replay check failed (bad index) */ - err_status_replay_old = 10, /**< replay check failed (index too old) */ - err_status_algo_fail = 11, /**< algorithm failed test routine */ - err_status_no_such_op = 12, /**< unsupported operation */ - err_status_no_ctx = 13, /**< no appropriate context found */ - err_status_cant_check = 14, /**< unable to perform desired validation */ - err_status_key_expired = 15, /**< can't use key any more */ - err_status_socket_err = 16, /**< error in use of socket */ - err_status_signal_err = 17, /**< error in use POSIX signals */ - err_status_nonce_bad = 18, /**< nonce check failed */ - err_status_read_fail = 19, /**< couldn't read data */ - err_status_write_fail = 20, /**< couldn't write data */ - err_status_parse_err = 21, /**< error pasring data */ - err_status_encode_err = 22, /**< error encoding data */ - err_status_semaphore_err = 23,/**< error while using semaphores */ - err_status_pfkey_err = 24 /**< error while using pfkey */ -} err_status_t; - -/** - * @} - */ - -typedef enum { - err_level_emergency = 0, - err_level_alert, - err_level_critical, - err_level_error, - err_level_warning, - err_level_notice, - err_level_info, - err_level_debug, - err_level_none -} err_reporting_level_t; - -/* - * err_reporting_init prepares the error system. If - * ERR_REPORTING_SYSLOG is defined, it will open syslog. - * - * The ident argument is a string that will be prepended to - * all syslog messages. It is conventionally argv[0]. - */ - -err_status_t -err_reporting_init(char *ident); - -#ifdef SRTP_KERNEL_LINUX -extern err_reporting_level_t err_level; -#else - -/* - * keydaemon_report_error reports a 'printf' formatted error - * string, followed by a an arg list. The priority argument - * is equivalent to that defined for syslog. - * - * Errors will be reported to ERR_REPORTING_FILE, if defined, and to - * syslog, if ERR_REPORTING_SYSLOG is defined. - * - */ - -void -err_report(int priority, char *format, ...); -#endif /* ! SRTP_KERNEL_LINUX */ - - -/* - * debug_module_t defines a debug module - */ - -typedef struct { - int on; /* 1 if debugging is on, 0 if it is off */ - char *name; /* printable name for debug module */ -} debug_module_t; - -#ifdef ENABLE_DEBUGGING - -#define debug_on(mod) (mod).on = 1 - -#define debug_off(mod) (mod).on = 0 - -/* use err_report() to report debug message */ -#define debug_print(mod, format, arg) \ - if (mod.on) err_report(err_level_debug, ("%s: " format "\n"), mod.name, arg) -#define debug_print2(mod, format, arg1,arg2) \ - if (mod.on) err_report(err_level_debug, ("%s: " format "\n"), mod.name, arg1,arg2) - -#else - -/* define macros to do nothing */ -#define debug_print(mod, format, arg) - -#define debug_on(mod) - -#define debug_off(mod) - -#endif - -#endif /* ERR_H */ diff --git a/crypto/include/gf2_8.h b/crypto/include/gf2_8.h deleted file mode 100644 index 098d37c..0000000 --- a/crypto/include/gf2_8.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - * gf2_8.h - * - * GF(256) implementation - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#ifndef GF2_8_H -#define GF2_8_H - -#include "datatypes.h" /* for uint8_t definition */ - -typedef uint8_t gf2_8; - -#define gf2_8_field_polynomial 0x1B - -/* - * gf2_8_shift(x) returns - */ - -/* - * gf2_8_shift(z) returns the result of the GF(2^8) 'multiply by x' - * operation, using the field representation from AES; that is, the - * next gf2_8 value in the cyclic representation of that field. The - * value z should be an uint8_t. - */ - -#define gf2_8_shift(z) (((z) & 128) ? \ - (((z) << 1) ^ gf2_8_field_polynomial) : ((z) << 1)) - -gf2_8 -gf2_8_compute_inverse(gf2_8 x); - -void -test_gf2_8(void); - -gf2_8 -gf2_8_multiply(gf2_8 x, gf2_8 y); - -#endif /* GF2_8_H */ diff --git a/crypto/include/hmac.h b/crypto/include/hmac.h deleted file mode 100644 index 262c0e2..0000000 --- a/crypto/include/hmac.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - * hmac.h - * - * interface to hmac auth_type_t - * - * David A. McGrew - * Cisco Systems, Inc. - * - */ -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef HMAC_H -#define HMAC_H - -#include "auth.h" -#include "sha1.h" - -typedef struct { - uint8_t opad[64]; - sha1_ctx_t ctx; - sha1_ctx_t init_ctx; -} hmac_ctx_t; - -err_status_t -hmac_alloc(auth_t **a, int key_len, int out_len); - -err_status_t -hmac_dealloc(auth_t *a); - -err_status_t -hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len); - -err_status_t -hmac_start(hmac_ctx_t *state); - -err_status_t -hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets); - -err_status_t -hmac_compute(hmac_ctx_t *state, const void *message, - int msg_octets, int tag_len, uint8_t *result); - - -#endif /* HMAC_H */ diff --git a/crypto/include/integers.h b/crypto/include/integers.h deleted file mode 100644 index 3515d13..0000000 --- a/crypto/include/integers.h +++ /dev/null @@ -1,146 +0,0 @@ -/* - * integers.h - * - * defines integer types (or refers to their definitions) - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#ifndef INTEGERS_H -#define INTEGERS_H - -#include "config.h" /* configuration file, using autoconf */ - -#ifdef SRTP_KERNEL - -#include "kernel_compat.h" - -#else /* SRTP_KERNEL */ - -/* use standard integer definitions, if they're available */ -#ifdef HAVE_STDLIB_H -# include <stdlib.h> -#endif -#ifdef HAVE_STDINT_H -# include <stdint.h> -#endif -#ifdef HAVE_INTTYPES_H -# include <inttypes.h> -#endif -#ifdef HAVE_SYS_TYPES_H -# include <sys/types.h> -#endif -#ifdef HAVE_SYS_INT_TYPES_H -# include <sys/int_types.h> /* this exists on Sun OS */ -#endif -#ifdef HAVE_MACHINE_TYPES_H -# include <machine/types.h> -#endif - -/* Can we do 64 bit integers? */ -#ifndef HAVE_UINT64_T -# if SIZEOF_UNSIGNED_LONG == 8 -typedef unsigned long uint64_t; -# elif SIZEOF_UNSIGNED_LONG_LONG == 8 -typedef unsigned long long uint64_t; -# else -# define NO_64BIT_MATH 1 -# endif -#endif - -/* Reasonable defaults for 32 bit machines - you may need to - * edit these definitions for your own machine. */ -#ifndef HAVE_UINT8_T -typedef unsigned char uint8_t; -#endif -#ifndef HAVE_UINT16_T -typedef unsigned short int uint16_t; -#endif -#ifndef HAVE_UINT32_T -typedef unsigned int uint32_t; -#endif - -#ifdef NO_64BIT_MATH -typedef double uint64_t; -/* assert that sizeof(double) == 8 */ -extern uint64_t make64(uint32_t high, uint32_t low); -extern uint32_t high32(uint64_t value); -extern uint32_t low32(uint64_t value); -#endif - -#endif /* SRTP_KERNEL */ - -/* These macros are to load and store 32-bit values from un-aligned - addresses. This is required for processors that do not allow unaligned - loads. */ -#ifdef ALIGNMENT_32BIT_REQUIRED -/* Note that if it's in a variable, you can memcpy it */ -#ifdef WORDS_BIGENDIAN -#define PUT_32(addr,value) \ - { \ - ((unsigned char *) (addr))[0] = (value >> 24); \ - ((unsigned char *) (addr))[1] = (value >> 16) & 0xff; \ - ((unsigned char *) (addr))[2] = (value >> 8) & 0xff; \ - ((unsigned char *) (addr))[3] = (value) & 0xff; \ - } -#define GET_32(addr) ((((unsigned char *) (addr))[0] << 24) | \ - (((unsigned char *) (addr))[1] << 16) | \ - (((unsigned char *) (addr))[2] << 8) | \ - (((unsigned char *) (addr))[3])) -#else -#define PUT_32(addr,value) \ - { \ - ((unsigned char *) (addr))[3] = (value >> 24); \ - ((unsigned char *) (addr))[2] = (value >> 16) & 0xff; \ - ((unsigned char *) (addr))[1] = (value >> 8) & 0xff; \ - ((unsigned char *) (addr))[0] = (value) & 0xff; \ - } -#define GET_32(addr) ((((unsigned char *) (addr))[3] << 24) | \ - (((unsigned char *) (addr))[2] << 16) | \ - (((unsigned char *) (addr))[1] << 8) | \ - (((unsigned char *) (addr))[0])) -#endif // WORDS_BIGENDIAN -#else -#define PUT_32(addr,value) *(((uint32_t *) (addr)) = (value) -#define GET_32(addr) (*(((uint32_t *) (addr))) -#endif - -#endif /* INTEGERS_H */ diff --git a/crypto/include/kernel_compat.h b/crypto/include/kernel_compat.h deleted file mode 100644 index 59d1898..0000000 --- a/crypto/include/kernel_compat.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * kernel_compat.h - * - * Compatibility stuff for building in kernel context where standard - * C headers and library are not available. - * - * Marcus Sundberg - * Ingate Systems AB - */ -/* - * - * Copyright(c) 2005 Ingate Systems AB - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the author(s) nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef KERNEL_COMPAT_H -#define KERNEL_COMPAT_H - -#ifdef SRTP_KERNEL_LINUX - -#include <linux/kernel.h> -#include <linux/slab.h> -#include <linux/sched.h> -#include <linux/random.h> -#include <linux/byteorder/generic.h> - - -#define err_report(priority, ...) \ - do {\ - if (priority <= err_level) {\ - printk(__VA_ARGS__);\ - }\ - }while(0) - -#define clock() (jiffies) -#define time(x) (jiffies) - -/* rand() implementation. */ -#define RAND_MAX 32767 - -static inline int rand(void) -{ - uint32_t temp; - get_random_bytes(&temp, sizeof(temp)); - return temp % (RAND_MAX+1); -} - -/* stdio/stdlib implementation. */ -#define printf(...) printk(__VA_ARGS__) -#define exit(n) panic("%s:%d: exit(%d)\n", __FILE__, __LINE__, (n)) - -#endif /* SRTP_KERNEL_LINUX */ - -#endif /* KERNEL_COMPAT_H */ diff --git a/crypto/include/key.h b/crypto/include/key.h deleted file mode 100644 index e7e0744..0000000 --- a/crypto/include/key.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * key.h - * - * key usage limits enforcement - * - * David A. Mcgrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef KEY_H -#define KEY_H - -#include "rdbx.h" /* for xtd_seq_num_t */ -#include "err.h" - -typedef struct key_limit_ctx_t *key_limit_t; - -typedef enum { - key_event_normal, - key_event_soft_limit, - key_event_hard_limit -} key_event_t; - -err_status_t -key_limit_set(key_limit_t key, const xtd_seq_num_t s); - -err_status_t -key_limit_clone(key_limit_t original, key_limit_t *new_key); - -err_status_t -key_limit_check(const key_limit_t key); - -key_event_t -key_limit_update(key_limit_t key); - -typedef enum { - key_state_normal, - key_state_past_soft_limit, - key_state_expired -} key_state_t; - -typedef struct key_limit_ctx_t { - xtd_seq_num_t num_left; - key_state_t state; -} key_limit_ctx_t; - -#endif /* KEY_H */ diff --git a/crypto/include/null_auth.h b/crypto/include/null_auth.h deleted file mode 100644 index 44f9a4a..0000000 --- a/crypto/include/null_auth.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * null-auth.h - * - * David A. McGrew - * Cisco Systems, Inc. - * - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef NULL_AUTH_H -#define NULL_AUTH_H - -#include "auth.h" - -typedef struct { - char foo; -} null_auth_ctx_t; - -err_status_t -null_auth_alloc(auth_t **a, int key_len, int out_len); - -err_status_t -null_auth_dealloc(auth_t *a); - -err_status_t -null_auth_init(null_auth_ctx_t *state, const uint8_t *key, int key_len); - -err_status_t -null_auth_compute (null_auth_ctx_t *state, uint8_t *message, - int msg_octets, int tag_len, uint8_t *result); - - -#endif /* NULL_AUTH_H */ diff --git a/crypto/include/null_cipher.h b/crypto/include/null_cipher.h deleted file mode 100644 index 7d6bbdd..0000000 --- a/crypto/include/null_cipher.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * null-cipher.h - * - * header file for the null cipher - * - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#ifndef NULL_CIPHER_H -#define NULL_CIPHER_H - -#include "datatypes.h" -#include "cipher.h" - -typedef struct { - char foo ;/* empty, for now */ -} null_cipher_ctx_t; - - -/* - * none of these functions do anything (though future versions may keep - * track of bytes encrypted, number of instances, and/or other info). - */ - -err_status_t -null_cipher_init(null_cipher_ctx_t *c, const uint8_t *key); - -err_status_t -null_cipher_set_segment(null_cipher_ctx_t *c, - unsigned long index); - -err_status_t -null_cipher_encrypt(null_cipher_ctx_t *c, - unsigned char *buf, unsigned int *bytes_to_encr); - - -err_status_t -null_cipher_encrypt_aligned(null_cipher_ctx_t *c, - unsigned char *buf, int bytes_to_encr); - -#endif /* NULL_CIPHER_H */ diff --git a/crypto/include/prng.h b/crypto/include/prng.h deleted file mode 100644 index fb96b5e..0000000 --- a/crypto/include/prng.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * prng.h - * - * pseudorandom source - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -#ifndef PRNG_H -#define PRNG_H - -#include "rand_source.h" /* for rand_source_func_t definition */ -#include "aes.h" /* for aes */ -#include "aes_icm.h" /* for aes ctr */ - -#define MAX_PRNG_OUT_LEN 0xffffffffU - -/* - * x917_prng is an ANSI X9.17-like AES-based PRNG - */ - -typedef struct { - v128_t state; /* state data */ - aes_expanded_key_t key; /* secret key */ - uint32_t octet_count; /* number of octets output since last init */ - rand_source_func_t rand; /* random source for re-initialization */ -} x917_prng_t; - -err_status_t -x917_prng_init(rand_source_func_t random_source); - -err_status_t -x917_prng_get_octet_string(uint8_t *dest, uint32_t len); - - -/* - * ctr_prng is an AES-CTR based PRNG - */ - -typedef struct { - uint32_t octet_count; /* number of octets output since last init */ - aes_icm_ctx_t state; /* state data */ - rand_source_func_t rand; /* random source for re-initialization */ -} ctr_prng_t; - -err_status_t -ctr_prng_init(rand_source_func_t random_source); - -err_status_t -ctr_prng_get_octet_string(void *dest, uint32_t len); - - -#endif diff --git a/crypto/include/rand_source.h b/crypto/include/rand_source.h deleted file mode 100644 index b4c2110..0000000 --- a/crypto/include/rand_source.h +++ /dev/null @@ -1,91 +0,0 @@ -/* - * rand_source.h - * - * implements a random source based on /dev/random - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright(c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#ifndef RAND_SOURCE -#define RAND_SOURCE - -#include "err.h" -#include "datatypes.h" - -err_status_t -rand_source_init(void); - -/* - * rand_source_get_octet_string() writes a random octet string. - * - * The function call rand_source_get_octet_string(dest, len) writes - * len octets of random data to the location to which dest points, - * and returns an error code. This error code should be checked, - * and if a failure is reported, the data in the buffer MUST NOT - * be used. - * - * warning: If the return code is not checked, then non-random - * data may inadvertently be used. - * - * returns: - * - err_status_ok if no problems occured. - * - [other] a problem occured, and no assumptions should - * be made about the contents of the destination - * buffer. - */ - -err_status_t -rand_source_get_octet_string(void *dest, uint32_t length); - -err_status_t -rand_source_deinit(void); - -/* - * function prototype for a random source function - * - * A rand_source_func_t writes num_octets at the location indicated by - * dest and returns err_status_ok. Any other return value indicates - * failure. - */ - -typedef err_status_t (*rand_source_func_t) - (void *dest, uint32_t num_octets); - -#endif /* RAND_SOURCE */ diff --git a/crypto/include/rdb.h b/crypto/include/rdb.h deleted file mode 100644 index 5a26c5e..0000000 --- a/crypto/include/rdb.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - * replay-database.h - * - * interface for a replay database for packet security - * - * David A. McGrew - * Cisco Systems, Inc. - */ - - -#ifndef REPLAY_DB_H -#define REPLAY_DB_H - -#include "integers.h" /* for uint32_t */ -#include "datatypes.h" /* for v128_t */ -#include "err.h" /* for err_status_t */ - -/* - * if the ith least significant bit is one, then the packet index - * window_end-i is in the database - */ - -typedef struct { - uint32_t window_start; /* packet index of the first bit in bitmask */ - v128_t bitmask; -} rdb_t; - -#define rdb_bits_in_bitmask (8*sizeof(v128_t)) - -/* - * rdb init - * - * initalizes rdb - * - * returns err_status_ok on success, err_status_t_fail otherwise - */ - -err_status_t -rdb_init(rdb_t *rdb); - - -/* - * rdb_check - * - * checks to see if index appears in rdb - * - * returns err_status_fail if the index already appears in rdb, - * returns err_status_ok otherwise - */ - -err_status_t -rdb_check(const rdb_t *rdb, uint32_t index); - -/* - * rdb_add_index - * - * adds index to rdb_t (and does *not* check if index appears in db) - * - * returns err_status_ok on success, err_status_fail otherwise - * - */ - -err_status_t -rdb_add_index(rdb_t *rdb, uint32_t index); - -/* - * the functions rdb_increment() and rdb_get_value() are for use by - * senders, not receivers - DO NOT use these functions on the same - * rdb_t upon which rdb_add_index is used! - */ - - -/* - * rdb_increment(db) increments the sequence number in db, if it is - * not too high - * - * return values: - * - * err_status_ok no problem - * err_status_key_expired sequence number too high - * - */ -err_status_t -rdb_increment(rdb_t *rdb); - -/* - * rdb_get_value(db) returns the current sequence number of db - */ - -uint32_t -rdb_get_value(const rdb_t *rdb); - - -#endif /* REPLAY_DB_H */ diff --git a/crypto/include/rdbx.h b/crypto/include/rdbx.h deleted file mode 100644 index 1e581d1..0000000 --- a/crypto/include/rdbx.h +++ /dev/null @@ -1,186 +0,0 @@ -/* - * rdbx.h - * - * replay database with extended packet indices, using a rollover counter - * - * David A. McGrew - * Cisco Systems, Inc. - * - */ - -#ifndef RDBX_H -#define RDBX_H - -#include "datatypes.h" -#include "err.h" - -/* #define ROC_TEST */ - -#ifndef ROC_TEST - -typedef uint16_t sequence_number_t; /* 16 bit sequence number */ -typedef uint32_t rollover_counter_t; /* 32 bit rollover counter */ - -#else /* use small seq_num and roc datatypes for testing purposes */ - -typedef unsigned char sequence_number_t; /* 8 bit sequence number */ -typedef uint16_t rollover_counter_t; /* 16 bit rollover counter */ - -#endif - -#define seq_num_median (1 << (8*sizeof(sequence_number_t) - 1)) -#define seq_num_max (1 << (8*sizeof(sequence_number_t))) - -/* - * An xtd_seq_num_t is a 64-bit unsigned integer used as an 'extended' - * sequence number. - */ - -typedef uint64_t xtd_seq_num_t; - - -/* - * An rdbx_t is a replay database with extended range; it uses an - * xtd_seq_num_t and a bitmask of recently received indices. - */ - -typedef struct { - xtd_seq_num_t index; - bitvector_t bitmask; -} rdbx_t; - - -/* - * rdbx_init(rdbx_ptr, ws) - * - * initializes the rdbx pointed to by its argument with the window size ws, - * setting the rollover counter and sequence number to zero - */ - -err_status_t -rdbx_init(rdbx_t *rdbx, unsigned long ws); - - -/* - * rdbx_uninit(rdbx_ptr) - * - * frees memory associated with the rdbx - */ - -err_status_t -rdbx_uninit(rdbx_t *rdbx); - - -/* - * rdbx_estimate_index(rdbx, guess, s) - * - * given an rdbx and a sequence number s (from a newly arrived packet), - * sets the contents of *guess to contain the best guess of the packet - * index to which s corresponds, and returns the difference between - * *guess and the locally stored synch info - */ - -int -rdbx_estimate_index(const rdbx_t *rdbx, - xtd_seq_num_t *guess, - sequence_number_t s); - -/* - * rdbx_check(rdbx, delta); - * - * rdbx_check(&r, delta) checks to see if the xtd_seq_num_t - * which is at rdbx->window_start + delta is in the rdb - * - */ - -err_status_t -rdbx_check(const rdbx_t *rdbx, int difference); - -/* - * replay_add_index(rdbx, delta) - * - * adds the xtd_seq_num_t at rdbx->window_start + delta to replay_db - * (and does *not* check if that xtd_seq_num_t appears in db) - * - * this function should be called *only* after replay_check has - * indicated that the index does not appear in the rdbx, and a mutex - * should protect the rdbx between these calls if necessary. - */ - -err_status_t -rdbx_add_index(rdbx_t *rdbx, int delta); - - -/* - * rdbx_set_roc(rdbx, roc) initalizes the rdbx_t at the location rdbx - * to have the rollover counter value roc. If that value is less than - * the current rollover counter value, then the function returns - * err_status_replay_old; otherwise, err_status_ok is returned. - * - */ - -err_status_t -rdbx_set_roc(rdbx_t *rdbx, uint32_t roc); - -/* - * rdbx_get_roc(rdbx) returns the value of the rollover counter for - * the rdbx_t pointed to by rdbx - * - */ - -xtd_seq_num_t -rdbx_get_packet_index(const rdbx_t *rdbx); - -/* - * xtd_seq_num_t functions - these are *internal* functions of rdbx, and - * shouldn't be used to manipulate rdbx internal values. use the rdbx - * api instead! - */ - -/* - * rdbx_get_ws(rdbx_ptr) - * - * gets the window size which was used to initialize the rdbx - */ - -unsigned long -rdbx_get_window_size(const rdbx_t *rdbx); - - -/* index_init(&pi) initializes a packet index pi (sets it to zero) */ - -void -index_init(xtd_seq_num_t *pi); - -/* index_advance(&pi, s) advances a xtd_seq_num_t forward by s */ - -void -index_advance(xtd_seq_num_t *pi, sequence_number_t s); - - -/* - * index_guess(local, guess, s) - * - * given a xtd_seq_num_t local (which represents the highest - * known-to-be-good index) and a sequence number s (from a newly - * arrived packet), sets the contents of *guess to contain the best - * guess of the packet index to which s corresponds, and returns the - * difference between *guess and *local - */ - -int -index_guess(const xtd_seq_num_t *local, - xtd_seq_num_t *guess, - sequence_number_t s); - - -#endif /* RDBX_H */ - - - - - - - - - diff --git a/crypto/include/sha1.h b/crypto/include/sha1.h deleted file mode 100644 index e3af4d4..0000000 --- a/crypto/include/sha1.h +++ /dev/null @@ -1,108 +0,0 @@ -/* - * sha1.h - * - * interface to the Secure Hash Algorithm v.1 (SHA-1), specified in - * FIPS 180-1 - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef SHA1_H -#define SHA1_H - -#include "err.h" -#include "datatypes.h" - -typedef struct { - uint32_t H[5]; /* state vector */ - uint32_t M[16]; /* message buffer */ - int octets_in_buffer; /* octets of message in buffer */ - uint32_t num_bits_in_msg; /* total number of bits in message */ -} sha1_ctx_t; - -/* - * sha1(&ctx, msg, len, output) hashes the len octets starting at msg - * into the SHA1 context, then writes the result to the 20 octets at - * output - * - */ - -void -sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]); - -/* - * sha1_init(&ctx) initializes the SHA1 context ctx - * - * sha1_update(&ctx, msg, len) hashes the len octets starting at msg - * into the SHA1 context - * - * sha1_final(&ctx, output) performs the final processing of the SHA1 - * context and writes the result to the 20 octets at output - * - */ - -void -sha1_init(sha1_ctx_t *ctx); - -void -sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg); - -void -sha1_final(sha1_ctx_t *ctx, uint32_t output[5]); - -/* - * The sha1_core function is INTERNAL to SHA-1, but it is declared - * here because it is also used by the cipher SEAL 3.0 in its key - * setup algorithm. - */ - -/* - * sha1_core(M, H) computes the core sha1 compression function, where M is - * the next part of the message and H is the intermediate state {H0, - * H1, ...} - * - * this function does not do any of the padding required in the - * complete sha1 function - */ - -void -sha1_core(const uint32_t M[16], uint32_t hash_value[5]); - -#endif /* SHA1_H */ diff --git a/crypto/include/stat.h b/crypto/include/stat.h deleted file mode 100644 index e28b131..0000000 --- a/crypto/include/stat.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * stats.h - * - * interface to statistical test functions - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright(c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#ifndef STAT_H -#define STAT_H - -#include "datatypes.h" /* for uint8_t */ -#include "err.h" /* for err_status_t */ -#include "rand_source.h" /* for rand_source_func_t definition */ - -err_status_t -stat_test_monobit(uint8_t *data); - -err_status_t -stat_test_poker(uint8_t *data); - -err_status_t -stat_test_runs(uint8_t *data); - -err_status_t -stat_test_rand_source(rand_source_func_t rs); - -err_status_t -stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials); - -#endif /* STAT_H */ diff --git a/crypto/include/xfm.h b/crypto/include/xfm.h deleted file mode 100644 index 5837149..0000000 --- a/crypto/include/xfm.h +++ /dev/null @@ -1,139 +0,0 @@ -/* - * xfm.h - * - * interface for abstract crypto transform - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -#ifndef XFM_H -#define XFM_H - -#include "crypto_kernel.h" -#include "err.h" - -/** - * @defgroup Crypto Cryptography - * - * A simple interface to an abstract cryptographic transform that - * provides both confidentiality and message authentication. - * - * @{ - */ - -/** - * @brief applies a crypto transform - * - * The function pointer xfm_func_t points to a function that - * implements a crypto transform, and provides a uniform API for - * accessing crypto mechanisms. - * - * @param key location of secret key - * - * @param clear data to be authenticated only - * - * @param clear_len length of data to be authenticated only - * - * @param iv location to write the Initialization Vector (IV) - * - * @param protect location of the data to be encrypted and - * authenticated (before the function call), and the ciphertext - * and authentication tag (after the call) - * - * @param protected_len location of the length of the data to be - * encrypted and authenticated (before the function call), and the - * length of the ciphertext (after the call) - * - * @param auth_tag location to write auth tag - */ - -typedef err_status_t (*xfm_func_t) - (void *key, - void *clear, - unsigned clear_len, - void *iv, - void *protect, - unsigned *protected_len, - void *auth_tag - ); - -typedef -err_status_t (*xfm_inv_t) - (void *key, /* location of secret key */ - void *clear, /* data to be authenticated only */ - unsigned clear_len, /* length of data to be authenticated only */ - void *iv, /* location of iv */ - void *opaque, /* data to be decrypted and authenticated */ - unsigned *opaque_len, /* location of the length of data to be - * decrypted and authd (before and after) - */ - void *auth_tag /* location of auth tag */ - ); - -typedef struct xfm_ctx_t { - xfm_func_t func; - xfm_inv_t inv; - unsigned key_len; - unsigned iv_len; - unsigned auth_tag_len; -} xfm_ctx_t; - -typedef xfm_ctx_t *xfm_t; - -#define xfm_get_key_len(xfm) ((xfm)->key_len) - -#define xfm_get_iv_len(xfm) ((xfm)->iv_len) - -#define xfm_get_auth_tag_len(xfm) ((xfm)->auth_tag_len) - - -/* cryptoalgo - 5/28 */ - -typedef err_status_t (*cryptoalg_func_t) - (void *key, - void *clear, - unsigned clear_len, - void *iv, - void *opaque, - unsigned *opaque_len - ); - -typedef -err_status_t (*cryptoalg_inv_t) - (void *key, /* location of secret key */ - void *clear, /* data to be authenticated only */ - unsigned clear_len, /* length of data to be authenticated only */ - void *iv, /* location of iv */ - void *opaque, /* data to be decrypted and authenticated */ - unsigned *opaque_len /* location of the length of data to be - * decrypted and authd (before and after) - */ - ); - -typedef struct cryptoalg_ctx_t { - cryptoalg_func_t enc; - cryptoalg_inv_t dec; - unsigned key_len; - unsigned iv_len; - unsigned auth_tag_len; - unsigned max_expansion; -} cryptoalg_ctx_t; - -typedef cryptoalg_ctx_t *cryptoalg_t; - -#define cryptoalg_get_key_len(cryptoalg) ((cryptoalg)->key_len) - -#define cryptoalg_get_iv_len(cryptoalg) ((cryptoalg)->iv_len) - -#define cryptoalg_get_auth_tag_len(cryptoalg) ((cryptoalg)->auth_tag_len) - - - -/** - * @} - */ - -#endif /* XFM_H */ - - diff --git a/crypto/kernel/alloc.c b/crypto/kernel/alloc.c deleted file mode 100644 index 5dd0947..0000000 --- a/crypto/kernel/alloc.c +++ /dev/null @@ -1,119 +0,0 @@ -/* - * alloc.c - * - * memory allocation and deallocation - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "alloc.h" -#include "crypto_kernel.h" - -/* the debug module for memory allocation */ - -debug_module_t mod_alloc = { - 0, /* debugging is off by default */ - "alloc" /* printable name for module */ -}; - -/* - * Nota bene: the debugging statements for crypto_alloc() and - * crypto_free() have identical prefixes, which include the addresses - * of the memory locations on which they are operating. This fact can - * be used to locate memory leaks, by turning on memory debugging, - * grepping for 'alloc', then matching alloc and free calls by - * address. - */ - -#ifdef SRTP_KERNEL_LINUX - -#include <linux/interrupt.h> - -void * -crypto_alloc(size_t size) { - void *ptr; - - ptr = kmalloc(size, in_interrupt() ? GFP_ATOMIC : GFP_KERNEL); - - if (ptr) { - debug_print(mod_alloc, "(location: %p) allocated", ptr); - } else - debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n", size); - - return ptr; -} - -void -crypto_free(void *ptr) { - - debug_print(mod_alloc, "(location: %p) freed", ptr); - - kfree(ptr); -} - - -#elif defined(HAVE_STDLIB_H) - -void * -crypto_alloc(size_t size) { - void *ptr; - - ptr = malloc(size); - - if (ptr) { - debug_print(mod_alloc, "(location: %p) allocated", ptr); - } else - debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n", size); - - return ptr; -} - -void -crypto_free(void *ptr) { - - debug_print(mod_alloc, "(location: %p) freed", ptr); - - free(ptr); -} - -#else /* we need to define our own memory allocation routines */ - -#error no memory allocation defined yet - -#endif diff --git a/crypto/kernel/crypto_kernel.c b/crypto/kernel/crypto_kernel.c deleted file mode 100644 index 230dda6..0000000 --- a/crypto/kernel/crypto_kernel.c +++ /dev/null @@ -1,523 +0,0 @@ -/* - * crypto_kernel.c - * - * header for the cryptographic kernel - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright(c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include "alloc.h" - -#include "crypto_kernel.h" - -/* the debug module for the crypto_kernel */ - -debug_module_t mod_crypto_kernel = { - 0, /* debugging is off by default */ - "crypto kernel" /* printable name for module */ -}; - -/* - * other debug modules that can be included in the kernel - */ - -extern debug_module_t mod_auth; -extern debug_module_t mod_cipher; -extern debug_module_t mod_stat; -extern debug_module_t mod_alloc; - -/* - * cipher types that can be included in the kernel - */ - -extern cipher_type_t null_cipher; -extern cipher_type_t aes_icm; -extern cipher_type_t aes_cbc; - - -/* - * auth func types that can be included in the kernel - */ - -extern auth_type_t null_auth; -extern auth_type_t hmac; - -/* crypto_kernel is a global variable, the only one of its datatype */ - -crypto_kernel_t -crypto_kernel = { - crypto_kernel_state_insecure, /* start off in insecure state */ - NULL, /* no cipher types yet */ - NULL, /* no auth types yet */ - NULL /* no debug modules yet */ -}; - -#define MAX_RNG_TRIALS 25 - -err_status_t -crypto_kernel_init() { - err_status_t status; - - /* check the security state */ - if (crypto_kernel.state == crypto_kernel_state_secure) { - - /* - * we're already in the secure state, but we've been asked to - * re-initialize, so we just re-run the self-tests and then return - */ - return crypto_kernel_status(); - } - - /* initialize error reporting system */ - status = err_reporting_init("crypto"); - if (status) - return status; - - /* load debug modules */ - status = crypto_kernel_load_debug_module(&mod_crypto_kernel); - if (status) - return status; - status = crypto_kernel_load_debug_module(&mod_auth); - if (status) - return status; - status = crypto_kernel_load_debug_module(&mod_cipher); - if (status) - return status; - status = crypto_kernel_load_debug_module(&mod_stat); - if (status) - return status; - status = crypto_kernel_load_debug_module(&mod_alloc); - if (status) - return status; - - /* initialize random number generator */ - status = rand_source_init(); - if (status) - return status; - - /* run FIPS-140 statistical tests on rand_source */ - status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS); - if (status) - return status; - - /* initialize pseudorandom number generator */ - status = ctr_prng_init(rand_source_get_octet_string); - if (status) - return status; - - /* run FIPS-140 statistical tests on ctr_prng */ - status = stat_test_rand_source_with_repetition(ctr_prng_get_octet_string, MAX_RNG_TRIALS); - if (status) - return status; - - /* load cipher types */ - status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER); - if (status) - return status; - status = crypto_kernel_load_cipher_type(&aes_icm, AES_128_ICM); - if (status) - return status; - status = crypto_kernel_load_cipher_type(&aes_cbc, AES_128_CBC); - if (status) - return status; - - /* load auth func types */ - status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH); - if (status) - return status; - status = crypto_kernel_load_auth_type(&hmac, HMAC_SHA1); - if (status) - return status; - - /* change state to secure */ - crypto_kernel.state = crypto_kernel_state_secure; - - return err_status_ok; -} - -err_status_t -crypto_kernel_status() { - err_status_t status; - kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; - kernel_auth_type_t *atype = crypto_kernel.auth_type_list; - kernel_debug_module_t *dm = crypto_kernel.debug_module_list; - - /* run FIPS-140 statistical tests on rand_source */ - printf("testing rand_source..."); - status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS); - if (status) { - printf("failed\n"); - crypto_kernel.state = crypto_kernel_state_insecure; - return status; - } - printf("passed\n"); - - /* for each cipher type, describe and test */ - while(ctype != NULL) { - printf("cipher: %s\n", ctype->cipher_type->description); - printf(" instance count: %d\n", ctype->cipher_type->ref_count); - printf(" self-test: "); - status = cipher_type_self_test(ctype->cipher_type); - if (status) { - printf("failed with error code %d\n", status); - exit(status); - } - printf("passed\n"); - ctype = ctype->next; - } - - /* for each auth type, describe and test */ - while(atype != NULL) { - printf("auth func: %s\n", atype->auth_type->description); - printf(" instance count: %d\n", atype->auth_type->ref_count); - printf(" self-test: "); - status = auth_type_self_test(atype->auth_type); - if (status) { - printf("failed with error code %d\n", status); - exit(status); - } - printf("passed\n"); - atype = atype->next; - } - - /* describe each debug module */ - printf("debug modules loaded:\n"); - while (dm != NULL) { - printf(" %s ", dm->mod->name); - if (dm->mod->on) - printf("(on)\n"); - else - printf("(off)\n"); - dm = dm->next; - } - - return err_status_ok; -} - -err_status_t -crypto_kernel_list_debug_modules() { - kernel_debug_module_t *dm = crypto_kernel.debug_module_list; - - /* describe each debug module */ - printf("debug modules loaded:\n"); - while (dm != NULL) { - printf(" %s ", dm->mod->name); - if (dm->mod->on) - printf("(on)\n"); - else - printf("(off)\n"); - dm = dm->next; - } - - return err_status_ok; -} - -err_status_t -crypto_kernel_shutdown() { - err_status_t status; - - /* - * free dynamic memory used in crypto_kernel at present - */ - - /* walk down cipher type list, freeing memory */ - while (crypto_kernel.cipher_type_list != NULL) { - kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; - crypto_kernel.cipher_type_list = ctype->next; - debug_print(mod_crypto_kernel, - "freeing memory for cipher %s", - ctype->cipher_type->description); - crypto_free(ctype); - } - - /* walk down authetication module list, freeing memory */ - while (crypto_kernel.auth_type_list != NULL) { - kernel_auth_type_t *atype = crypto_kernel.auth_type_list; - crypto_kernel.auth_type_list = atype->next; - debug_print(mod_crypto_kernel, - "freeing memory for authentication %s", - atype->auth_type->description); - crypto_free(atype); - } - - /* walk down debug module list, freeing memory */ - while (crypto_kernel.debug_module_list != NULL) { - kernel_debug_module_t *kdm = crypto_kernel.debug_module_list; - crypto_kernel.debug_module_list = kdm->next; - debug_print(mod_crypto_kernel, - "freeing memory for debug module %s", - kdm->mod->name); - crypto_free(kdm); - } - - /* de-initialize random number generator */ status = rand_source_deinit(); - if (status) - return status; - - /* return to insecure state */ - crypto_kernel.state = crypto_kernel_state_insecure; - - return err_status_ok; -} - -err_status_t -crypto_kernel_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) { - kernel_cipher_type_t *ctype, *new_ctype; - err_status_t status; - - /* defensive coding */ - if (new_ct == NULL) - return err_status_bad_param; - - /* check cipher type by running self-test */ - status = cipher_type_self_test(new_ct); - if (status) { - return status; - } - - /* walk down list, checking if this type is in the list already */ - ctype = crypto_kernel.cipher_type_list; - while (ctype != NULL) { - if ((new_ct == ctype->cipher_type) || (id == ctype->id)) - return err_status_bad_param; - ctype = ctype->next; - } - - /* put new_ct at the head of the list */ - /* allocate memory */ - new_ctype = (kernel_cipher_type_t *) crypto_alloc(sizeof(kernel_cipher_type_t)); - if (new_ctype == NULL) - return err_status_alloc_fail; - - /* set fields */ - new_ctype->cipher_type = new_ct; - new_ctype->id = id; - new_ctype->next = crypto_kernel.cipher_type_list; - - /* set head of list to new cipher type */ - crypto_kernel.cipher_type_list = new_ctype; - - /* load debug module, if there is one present */ - if (new_ct->debug != NULL) - crypto_kernel_load_debug_module(new_ct->debug); - /* we could check for errors here */ - - return err_status_ok; -} - -err_status_t -crypto_kernel_load_auth_type(auth_type_t *new_at, auth_type_id_t id) { - kernel_auth_type_t *atype, *new_atype; - err_status_t status; - - /* defensive coding */ - if (new_at == NULL) - return err_status_bad_param; - - /* check auth type by running self-test */ - status = auth_type_self_test(new_at); - if (status) { - return status; - } - - /* walk down list, checking if this type is in the list already */ - atype = crypto_kernel.auth_type_list; - while (atype != NULL) { - if ((new_at == atype->auth_type) || (id == atype->id)) - return err_status_bad_param; - atype = atype->next; - } - - /* put new_at at the head of the list */ - /* allocate memory */ - new_atype = (kernel_auth_type_t *)crypto_alloc(sizeof(kernel_auth_type_t)); - if (new_atype == NULL) - return err_status_alloc_fail; - - /* set fields */ - new_atype->auth_type = new_at; - new_atype->id = id; - new_atype->next = crypto_kernel.auth_type_list; - - /* set head of list to new auth type */ - crypto_kernel.auth_type_list = new_atype; - - /* load debug module, if there is one present */ - if (new_at->debug != NULL) - crypto_kernel_load_debug_module(new_at->debug); - /* we could check for errors here */ - - return err_status_ok; - -} - - -cipher_type_t * -crypto_kernel_get_cipher_type(cipher_type_id_t id) { - kernel_cipher_type_t *ctype; - - /* walk down list, looking for id */ - ctype = crypto_kernel.cipher_type_list; - while (ctype != NULL) { - if (id == ctype->id) - return ctype->cipher_type; - ctype = ctype->next; - } - - /* haven't found the right one, indicate failure by returning NULL */ - return NULL; -} - - -err_status_t -crypto_kernel_alloc_cipher(cipher_type_id_t id, - cipher_pointer_t *cp, - int key_len) { - cipher_type_t *ct; - - /* - * if the crypto_kernel is not yet initialized, we refuse to allocate - * any ciphers - this is a bit extra-paranoid - */ - if (crypto_kernel.state != crypto_kernel_state_secure) - return err_status_init_fail; - - ct = crypto_kernel_get_cipher_type(id); - if (!ct) - return err_status_fail; - - return ((ct)->alloc(cp, key_len)); -} - - - -auth_type_t * -crypto_kernel_get_auth_type(auth_type_id_t id) { - kernel_auth_type_t *atype; - - /* walk down list, looking for id */ - atype = crypto_kernel.auth_type_list; - while (atype != NULL) { - if (id == atype->id) - return atype->auth_type; - atype = atype->next; - } - - /* haven't found the right one, indicate failure by returning NULL */ - return NULL; -} - -err_status_t -crypto_kernel_alloc_auth(auth_type_id_t id, - auth_pointer_t *ap, - int key_len, - int tag_len) { - auth_type_t *at; - - /* - * if the crypto_kernel is not yet initialized, we refuse to allocate - * any auth functions - this is a bit extra-paranoid - */ - if (crypto_kernel.state != crypto_kernel_state_secure) - return err_status_init_fail; - - at = crypto_kernel_get_auth_type(id); - if (!at) - return err_status_fail; - - return ((at)->alloc(ap, key_len, tag_len)); -} - -err_status_t -crypto_kernel_load_debug_module(debug_module_t *new_dm) { - kernel_debug_module_t *kdm, *new; - - /* defensive coding */ - if (new_dm == NULL) - return err_status_bad_param; - - /* walk down list, checking if this type is in the list already */ - kdm = crypto_kernel.debug_module_list; - while (kdm != NULL) { - if (strncmp(new_dm->name, kdm->mod->name, 64) == 0) - return err_status_bad_param; - kdm = kdm->next; - } - - /* put new_dm at the head of the list */ - /* allocate memory */ - new = (kernel_debug_module_t *)crypto_alloc(sizeof(kernel_debug_module_t)); - if (new == NULL) - return err_status_alloc_fail; - - /* set fields */ - new->mod = new_dm; - new->next = crypto_kernel.debug_module_list; - - /* set head of list to new cipher type */ - crypto_kernel.debug_module_list = new; - - return err_status_ok; -} - -err_status_t -crypto_kernel_set_debug_module(char *name, int on) { - kernel_debug_module_t *kdm; - - /* walk down list, checking if this type is in the list already */ - kdm = crypto_kernel.debug_module_list; - while (kdm != NULL) { - if (strncmp(name, kdm->mod->name, 64) == 0) { - kdm->mod->on = on; - return err_status_ok; - } - kdm = kdm->next; - } - - return err_status_fail; -} - -err_status_t -crypto_get_random(unsigned char *buffer, unsigned int length) { - if (crypto_kernel.state == crypto_kernel_state_secure) - return ctr_prng_get_octet_string(buffer, length); - else - return err_status_fail; -} diff --git a/crypto/kernel/err.c b/crypto/kernel/err.c deleted file mode 100644 index 4a3a858..0000000 --- a/crypto/kernel/err.c +++ /dev/null @@ -1,148 +0,0 @@ -/* - * err.c - * - * error status reporting functions - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright(c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "err.h" - -#ifdef ERR_REPORTING_SYSLOG -# ifdef HAVE_SYSLOG_H -# include <syslog.h> -# endif -#endif - - -/* err_level reflects the level of errors that are reported */ - -err_reporting_level_t err_level = err_level_none; - -#ifdef SRTP_KERNEL_LINUX -err_status_t -err_reporting_init(char *ident) { - - return err_status_ok; -} - -#else /* SRTP_KERNEL_LINUX */ - -/* err_file is the FILE to which errors are reported */ - -static FILE *err_file = NULL; - -err_status_t -err_reporting_init(char *ident) { -#ifdef ERR_REPORTING_SYSLOG - openlog(ident, LOG_PID, LOG_AUTHPRIV); -#endif - - /* - * Believe it or not, openlog doesn't return an error on failure. - * But then, neither does the syslog() call... - */ - -#ifdef ERR_REPORTING_STDOUT - err_file = stdout; -#elif defined(USE_ERR_REPORTING_FILE) - /* open file for error reporting */ - err_file = fopen(ERR_REPORTING_FILE, "w"); - if (err_file == NULL) - return err_status_init_fail; -#endif - - return err_status_ok; -} - -void -err_report(int priority, char *format, ...) { - va_list args; - - if (priority <= err_level) { - - va_start(args, format); - if (err_file != NULL) { - vfprintf(err_file, format, args); - /* fprintf(err_file, "\n"); */ - } -#ifdef ERR_REPORTING_SYSLOG - if (1) { /* FIXME: Make this a runtime option. */ - int syslogpri; - - switch (priority) { - case err_level_emergency: - syslogpri = LOG_EMERG; - break; - case err_level_alert: - syslogpri = LOG_ALERT; - break; - case err_level_critical: - syslogpri = LOG_CRIT; - break; - case err_level_error: - syslogpri = LOG_ERR; - break; - case err_level_warning: - syslogpri = LOG_WARNING; - break; - case err_level_notice: - syslogpri = LOG_NOTICE; - break; - case err_level_info: - syslogpri = LOG_INFO; - break; - case err_level_debug: - case err_level_none: - default: - syslogpri = LOG_DEBUG; - break; - } - - vsyslog(syslogpri, format, args); -#endif - va_end(args); - } -} -#endif /* SRTP_KERNEL_LINUX */ - -void -err_reporting_set_level(err_reporting_level_t lvl) { - err_level = lvl; -} diff --git a/crypto/kernel/key.c b/crypto/kernel/key.c deleted file mode 100644 index 9f63b22..0000000 --- a/crypto/kernel/key.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * key.c - * - * key usage limits enforcement - * - * David A. Mcgrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "key.h" - -#define soft_limit 0x10000 - -err_status_t -key_limit_set(key_limit_t key, const xtd_seq_num_t s) { -#ifdef NO_64BIT_MATH - if (high32(s) == 0 && low32(s) < soft_limit) - return err_status_bad_param; -#else - if (s < soft_limit) - return err_status_bad_param; -#endif - key->num_left = s; - key->state = key_state_normal; - return err_status_ok; -} - -err_status_t -key_limit_clone(key_limit_t original, key_limit_t *new_key) { - if (original == NULL) - return err_status_bad_param; - *new_key = original; - return err_status_ok; -} - -err_status_t -key_limit_check(const key_limit_t key) { - if (key->state == key_state_expired) - return err_status_key_expired; - return err_status_ok; -} - -key_event_t -key_limit_update(key_limit_t key) { -#ifdef NO_64BIT_MATH - if (low32(key->num_left) == 0) - { - // carry - key->num_left = make64(high32(key->num_left)-1,low32(key->num_left) - 1); - } - else - { - // no carry - key->num_left = make64(high32(key->num_left),low32(key->num_left) - 1); - } - if (high32(key->num_left) != 0 || low32(key->num_left) >= soft_limit) { - return key_event_normal; /* we're above the soft limit */ - } -#else - key->num_left--; - if (key->num_left >= soft_limit) { - return key_event_normal; /* we're above the soft limit */ - } -#endif - if (key->state == key_state_normal) { - /* we just passed the soft limit, so change the state */ - key->state = key_state_past_soft_limit; - } -#ifdef NO_64BIT_MATH - if (low32(key->num_left) == 0 && high32(key->num_left == 0)) -#else - if (key->num_left < 1) -#endif - { /* we just hit the hard limit */ - key->state = key_state_expired; - return key_event_hard_limit; - } - return key_event_soft_limit; -} - diff --git a/crypto/math/datatypes.c b/crypto/math/datatypes.c deleted file mode 100644 index 65446c3..0000000 --- a/crypto/math/datatypes.c +++ /dev/null @@ -1,718 +0,0 @@ -/* - * datatypes.c - * - * data types for finite fields and functions for input, output, and - * manipulation - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "datatypes.h" - -int -octet_weight[256] = { - 0, 1, 1, 2, 1, 2, 2, 3, - 1, 2, 2, 3, 2, 3, 3, 4, - 1, 2, 2, 3, 2, 3, 3, 4, - 2, 3, 3, 4, 3, 4, 4, 5, - 1, 2, 2, 3, 2, 3, 3, 4, - 2, 3, 3, 4, 3, 4, 4, 5, - 2, 3, 3, 4, 3, 4, 4, 5, - 3, 4, 4, 5, 4, 5, 5, 6, - 1, 2, 2, 3, 2, 3, 3, 4, - 2, 3, 3, 4, 3, 4, 4, 5, - 2, 3, 3, 4, 3, 4, 4, 5, - 3, 4, 4, 5, 4, 5, 5, 6, - 2, 3, 3, 4, 3, 4, 4, 5, - 3, 4, 4, 5, 4, 5, 5, 6, - 3, 4, 4, 5, 4, 5, 5, 6, - 4, 5, 5, 6, 5, 6, 6, 7, - 1, 2, 2, 3, 2, 3, 3, 4, - 2, 3, 3, 4, 3, 4, 4, 5, - 2, 3, 3, 4, 3, 4, 4, 5, - 3, 4, 4, 5, 4, 5, 5, 6, - 2, 3, 3, 4, 3, 4, 4, 5, - 3, 4, 4, 5, 4, 5, 5, 6, - 3, 4, 4, 5, 4, 5, 5, 6, - 4, 5, 5, 6, 5, 6, 6, 7, - 2, 3, 3, 4, 3, 4, 4, 5, - 3, 4, 4, 5, 4, 5, 5, 6, - 3, 4, 4, 5, 4, 5, 5, 6, - 4, 5, 5, 6, 5, 6, 6, 7, - 3, 4, 4, 5, 4, 5, 5, 6, - 4, 5, 5, 6, 5, 6, 6, 7, - 4, 5, 5, 6, 5, 6, 6, 7, - 5, 6, 6, 7, 6, 7, 7, 8 -}; - -int -octet_get_weight(uint8_t octet) { - extern int octet_weight[256]; - - return octet_weight[octet]; -} - -/* - * bit_string is a buffer that is used to hold output strings, e.g. - * for printing. - */ - -/* the value MAX_PRINT_STRING_LEN is defined in datatypes.h */ - -char bit_string[MAX_PRINT_STRING_LEN]; - -uint8_t -nibble_to_hex_char(uint8_t nibble) { - char buf[16] = {'0', '1', '2', '3', '4', '5', '6', '7', - '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; - return buf[nibble & 0xF]; -} - -char * -octet_string_hex_string(const void *s, int length) { - const uint8_t *str = (const uint8_t *)s; - int i; - - /* double length, since one octet takes two hex characters */ - length *= 2; - - /* truncate string if it would be too long */ - if (length > MAX_PRINT_STRING_LEN) - length = MAX_PRINT_STRING_LEN-1; - - for (i=0; i < length; i+=2) { - bit_string[i] = nibble_to_hex_char(*str >> 4); - bit_string[i+1] = nibble_to_hex_char(*str++ & 0xF); - } - bit_string[i] = 0; /* null terminate string */ - return bit_string; -} - -inline int -hex_char_to_nibble(uint8_t c) { - switch(c) { - case ('0'): return 0x0; - case ('1'): return 0x1; - case ('2'): return 0x2; - case ('3'): return 0x3; - case ('4'): return 0x4; - case ('5'): return 0x5; - case ('6'): return 0x6; - case ('7'): return 0x7; - case ('8'): return 0x8; - case ('9'): return 0x9; - case ('a'): return 0xa; - case ('A'): return 0xa; - case ('b'): return 0xb; - case ('B'): return 0xb; - case ('c'): return 0xc; - case ('C'): return 0xc; - case ('d'): return 0xd; - case ('D'): return 0xd; - case ('e'): return 0xe; - case ('E'): return 0xe; - case ('f'): return 0xf; - case ('F'): return 0xf; - default: return -1; /* this flags an error */ - } - /* NOTREACHED */ - return -1; /* this keeps compilers from complaining */ -} - -int -is_hex_string(char *s) { - while(*s != 0) - if (hex_char_to_nibble(*s++) == -1) - return 0; - return 1; -} - -/* - * hex_string_to_octet_string converts a hexadecimal string - * of length 2 * len to a raw octet string of length len - */ - -int -hex_string_to_octet_string(char *raw, char *hex, int len) { - uint8_t x; - int tmp; - int hex_len; - - hex_len = 0; - while (hex_len < len) { - tmp = hex_char_to_nibble(hex[0]); - if (tmp == -1) - return hex_len; - x = (tmp << 4); - hex_len++; - tmp = hex_char_to_nibble(hex[1]); - if (tmp == -1) - return hex_len; - x |= (tmp & 0xff); - hex_len++; - *raw++ = x; - hex += 2; - } - return hex_len; -} - -char * -v128_hex_string(v128_t *x) { - int i, j; - - for (i=j=0; i < 16; i++) { - bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4); - bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF); - } - - bit_string[j] = 0; /* null terminate string */ - return bit_string; -} - -char * -v128_bit_string(v128_t *x) { - int j, index; - uint32_t mask; - - for (j=index=0; j < 4; j++) { - for (mask=0x80000000; mask > 0; mask >>= 1) { - if (x->v32[j] & mask) - bit_string[index] = '1'; - else - bit_string[index] = '0'; - ++index; - } - } - bit_string[128] = 0; /* null terminate string */ - - return bit_string; -} - -void -v128_copy_octet_string(v128_t *x, const uint8_t s[16]) { -#ifdef ALIGNMENT_32BIT_REQUIRED - if ((((uint32_t) &s[0]) & 0x3) != 0) -#endif - { - x->v8[0] = s[0]; - x->v8[1] = s[1]; - x->v8[2] = s[2]; - x->v8[3] = s[3]; - x->v8[4] = s[4]; - x->v8[5] = s[5]; - x->v8[6] = s[6]; - x->v8[7] = s[7]; - x->v8[8] = s[8]; - x->v8[9] = s[9]; - x->v8[10] = s[10]; - x->v8[11] = s[11]; - x->v8[12] = s[12]; - x->v8[13] = s[13]; - x->v8[14] = s[14]; - x->v8[15] = s[15]; - } -#ifdef ALIGNMENT_32BIT_REQUIRED - else - { - v128_t *v = (v128_t *) &s[0]; - - v128_copy(x,v); - } -#endif -} - -#ifndef DATATYPES_USE_MACROS /* little functions are not macros */ - -void -v128_set_to_zero(v128_t *x) { - _v128_set_to_zero(x); -} - -void -v128_copy(v128_t *x, const v128_t *y) { - _v128_copy(x, y); -} - -void -v128_xor(v128_t *z, v128_t *x, v128_t *y) { - _v128_xor(z, x, y); -} - -void -v128_and(v128_t *z, v128_t *x, v128_t *y) { - _v128_and(z, x, y); -} - -void -v128_or(v128_t *z, v128_t *x, v128_t *y) { - _v128_or(z, x, y); -} - -void -v128_complement(v128_t *x) { - _v128_complement(x); -} - -int -v128_is_eq(const v128_t *x, const v128_t *y) { - return _v128_is_eq(x, y); -} - -int -v128_xor_eq(v128_t *x, const v128_t *y) { - return _v128_xor_eq(x, y); -} - -int -v128_get_bit(const v128_t *x, int i) { - return _v128_get_bit(x, i); -} - -void -v128_set_bit(v128_t *x, int i) { - _v128_set_bit(x, i); -} - -void -v128_clear_bit(v128_t *x, int i){ - _v128_clear_bit(x, i); -} - -void -v128_set_bit_to(v128_t *x, int i, int y){ - _v128_set_bit_to(x, i, y); -} - - -#endif /* DATATYPES_USE_MACROS */ - -void -v128_right_shift(v128_t *x, int index) { - const int base_index = index >> 5; - const int bit_index = index & 31; - int i, from; - uint32_t b; - - if (index > 127) { - v128_set_to_zero(x); - return; - } - - if (bit_index == 0) { - - /* copy each word from left size to right side */ - x->v32[4-1] = x->v32[4-1-base_index]; - for (i=4-1; i > base_index; i--) - x->v32[i-1] = x->v32[i-1-base_index]; - - } else { - - /* set each word to the "or" of the two bit-shifted words */ - for (i = 4; i > base_index; i--) { - from = i-1 - base_index; - b = x->v32[from] << bit_index; - if (from > 0) - b |= x->v32[from-1] >> (32-bit_index); - x->v32[i-1] = b; - } - - } - - /* now wrap up the final portion */ - for (i=0; i < base_index; i++) - x->v32[i] = 0; - -} - -void -v128_left_shift(v128_t *x, int index) { - int i; - const int base_index = index >> 5; - const int bit_index = index & 31; - - if (index > 127) { - v128_set_to_zero(x); - return; - } - - if (bit_index == 0) { - for (i=0; i < 4 - base_index; i++) - x->v32[i] = x->v32[i+base_index]; - } else { - for (i=0; i < 4 - base_index - 1; i++) - x->v32[i] = (x->v32[i+base_index] >> bit_index) ^ - (x->v32[i+base_index+1] << (32 - bit_index)); - x->v32[4 - base_index-1] = x->v32[4-1] >> bit_index; - } - - /* now wrap up the final portion */ - for (i = 4 - base_index; i < 4; i++) - x->v32[i] = 0; - -} - -/* functions manipulating bitvector_t */ - -#ifndef DATATYPES_USE_MACROS /* little functions are not macros */ - -int -bitvector_get_bit(const bitvector_t *v, int bit_index) -{ - return _bitvector_get_bit(v, bit_index); -} - -void -bitvector_set_bit(bitvector_t *v, int bit_index) -{ - _bitvector_set_bit(v, bit_index); -} - -void -bitvector_clear_bit(bitvector_t *v, int bit_index) -{ - _bitvector_clear_bit(v, bit_index); -} - - -#endif /* DATATYPES_USE_MACROS */ - -int -bitvector_alloc(bitvector_t *v, unsigned long length) { - unsigned long l; - - /* Round length up to a multiple of bits_per_word */ - length = (length + bits_per_word - 1) & ~(unsigned long)((bits_per_word - 1)); - - l = length / bits_per_word * bytes_per_word; - - /* allocate memory, then set parameters */ - if (l == 0) - v->word = NULL; - else { - v->word = (uint32_t*)crypto_alloc(l); - if (v->word == NULL) { - v->word = NULL; - v->length = 0; - return -1; - } - } - v->length = length; - - /* initialize bitvector to zero */ - bitvector_set_to_zero(v); - - return 0; -} - - -void -bitvector_dealloc(bitvector_t *v) { - if (v->word != NULL) - crypto_free(v->word); - v->word = NULL; - v->length = 0; -} - -void -bitvector_set_to_zero(bitvector_t *x) -{ - /* C99 guarantees that memset(0) will set the value 0 for uint32_t */ - memset(x->word, 0, x->length >> 3); -} - -char * -bitvector_bit_string(bitvector_t *x, char* buf, int len) { - int j, index; - uint32_t mask; - - for (j=index=0; j < (int)(x->length>>5) && index < len-1; j++) { - for (mask=0x80000000; mask > 0; mask >>= 1) { - if (x->word[j] & mask) - buf[index] = '1'; - else - buf[index] = '0'; - ++index; - if (index >= len-1) - break; - } - } - buf[index] = 0; /* null terminate string */ - - return buf; -} - -void -bitvector_left_shift(bitvector_t *x, int index) { - int i; - const int base_index = index >> 5; - const int bit_index = index & 31; - const int word_length = x->length >> 5; - - if (index >= (int)x->length) { - bitvector_set_to_zero(x); - return; - } - - if (bit_index == 0) { - for (i=0; i < word_length - base_index; i++) - x->word[i] = x->word[i+base_index]; - } else { - for (i=0; i < word_length - base_index - 1; i++) - x->word[i] = (x->word[i+base_index] >> bit_index) ^ - (x->word[i+base_index+1] << (32 - bit_index)); - x->word[word_length - base_index-1] = x->word[word_length-1] >> bit_index; - } - - /* now wrap up the final portion */ - for (i = word_length - base_index; i < word_length; i++) - x->word[i] = 0; - -} - - -int -octet_string_is_eq(uint8_t *a, uint8_t *b, int len) { - uint8_t *end = b + len; - while (b < end) - if (*a++ != *b++) - return 1; - return 0; -} - -void -octet_string_set_to_zero(uint8_t *s, int len) { - uint8_t *end = s + len; - - do { - *s = 0; - } while (++s < end); - -} - - -/* - * From RFC 1521: The Base64 Alphabet - * - * Value Encoding Value Encoding Value Encoding Value Encoding - * 0 A 17 R 34 i 51 z - * 1 B 18 S 35 j 52 0 - * 2 C 19 T 36 k 53 1 - * 3 D 20 U 37 l 54 2 - * 4 E 21 V 38 m 55 3 - * 5 F 22 W 39 n 56 4 - * 6 G 23 X 40 o 57 5 - * 7 H 24 Y 41 p 58 6 - * 8 I 25 Z 42 q 59 7 - * 9 J 26 a 43 r 60 8 - * 10 K 27 b 44 s 61 9 - * 11 L 28 c 45 t 62 + - * 12 M 29 d 46 u 63 / - * 13 N 30 e 47 v - * 14 O 31 f 48 w (pad) = - * 15 P 32 g 49 x - * 16 Q 33 h 50 y - */ - -int -base64_char_to_sextet(uint8_t c) { - switch(c) { - case 'A': - return 0; - case 'B': - return 1; - case 'C': - return 2; - case 'D': - return 3; - case 'E': - return 4; - case 'F': - return 5; - case 'G': - return 6; - case 'H': - return 7; - case 'I': - return 8; - case 'J': - return 9; - case 'K': - return 10; - case 'L': - return 11; - case 'M': - return 12; - case 'N': - return 13; - case 'O': - return 14; - case 'P': - return 15; - case 'Q': - return 16; - case 'R': - return 17; - case 'S': - return 18; - case 'T': - return 19; - case 'U': - return 20; - case 'V': - return 21; - case 'W': - return 22; - case 'X': - return 23; - case 'Y': - return 24; - case 'Z': - return 25; - case 'a': - return 26; - case 'b': - return 27; - case 'c': - return 28; - case 'd': - return 29; - case 'e': - return 30; - case 'f': - return 31; - case 'g': - return 32; - case 'h': - return 33; - case 'i': - return 34; - case 'j': - return 35; - case 'k': - return 36; - case 'l': - return 37; - case 'm': - return 38; - case 'n': - return 39; - case 'o': - return 40; - case 'p': - return 41; - case 'q': - return 42; - case 'r': - return 43; - case 's': - return 44; - case 't': - return 45; - case 'u': - return 46; - case 'v': - return 47; - case 'w': - return 48; - case 'x': - return 49; - case 'y': - return 50; - case 'z': - return 51; - case '0': - return 52; - case '1': - return 53; - case '2': - return 54; - case '3': - return 55; - case '4': - return 56; - case '5': - return 57; - case '6': - return 58; - case '7': - return 59; - case '8': - return 60; - case '9': - return 61; - case '+': - return 62; - case '/': - return 63; - case '=': - return 64; - default: - break; - } - return -1; -} - -/* - * base64_string_to_octet_string converts a hexadecimal string - * of length 2 * len to a raw octet string of length len - */ - -int -base64_string_to_octet_string(char *raw, char *base64, int len) { - uint8_t x; - int tmp; - int base64_len; - - base64_len = 0; - while (base64_len < len) { - tmp = base64_char_to_sextet(base64[0]); - if (tmp == -1) - return base64_len; - x = (tmp << 6); - base64_len++; - tmp = base64_char_to_sextet(base64[1]); - if (tmp == -1) - return base64_len; - x |= (tmp & 0xffff); - base64_len++; - *raw++ = x; - base64 += 2; - } - return base64_len; -} diff --git a/crypto/math/gf2_8.c b/crypto/math/gf2_8.c deleted file mode 100644 index 8a112ba..0000000 --- a/crypto/math/gf2_8.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * gf2_8.c - * - * GF(256) finite field implementation, with the representation used - * in the AES cipher. - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include "datatypes.h" -#include "gf2_8.h" - -/* gf2_8_shift() moved to gf2_8.h as an inline function */ - -inline gf2_8 -gf2_8_multiply(gf2_8 x, gf2_8 y) { - gf2_8 z = 0; - - if (y & 1) z ^= x; x = gf2_8_shift(x); - if (y & 2) z ^= x; x = gf2_8_shift(x); - if (y & 4) z ^= x; x = gf2_8_shift(x); - if (y & 8) z ^= x; x = gf2_8_shift(x); - if (y & 16) z ^= x; x = gf2_8_shift(x); - if (y & 32) z ^= x; x = gf2_8_shift(x); - if (y & 64) z ^= x; x = gf2_8_shift(x); - if (y & 128) z ^= x; - - return z; -} - - -/* this should use the euclidean algorithm */ - -gf2_8 -gf2_8_compute_inverse(gf2_8 x) { - unsigned int i; - - if (x == 0) return 0; /* zero is a special case */ - for (i=0; i < 256; i++) - if (gf2_8_multiply((gf2_8) i, x) == 1) - return (gf2_8) i; - - return 0; -} - diff --git a/crypto/math/math.c b/crypto/math/math.c deleted file mode 100644 index 31cc3d3..0000000 --- a/crypto/math/math.c +++ /dev/null @@ -1,802 +0,0 @@ -/* - * math.c - * - * crypto math operations and data types - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "crypto_math.h" - -int -octet_weight[256] = { - 0, 1, 1, 2, 1, 2, 2, 3, - 1, 2, 2, 3, 2, 3, 3, 4, - 1, 2, 2, 3, 2, 3, 3, 4, - 2, 3, 3, 4, 3, 4, 4, 5, - 1, 2, 2, 3, 2, 3, 3, 4, - 2, 3, 3, 4, 3, 4, 4, 5, - 2, 3, 3, 4, 3, 4, 4, 5, - 3, 4, 4, 5, 4, 5, 5, 6, - 1, 2, 2, 3, 2, 3, 3, 4, - 2, 3, 3, 4, 3, 4, 4, 5, - 2, 3, 3, 4, 3, 4, 4, 5, - 3, 4, 4, 5, 4, 5, 5, 6, - 2, 3, 3, 4, 3, 4, 4, 5, - 3, 4, 4, 5, 4, 5, 5, 6, - 3, 4, 4, 5, 4, 5, 5, 6, - 4, 5, 5, 6, 5, 6, 6, 7, - 1, 2, 2, 3, 2, 3, 3, 4, - 2, 3, 3, 4, 3, 4, 4, 5, - 2, 3, 3, 4, 3, 4, 4, 5, - 3, 4, 4, 5, 4, 5, 5, 6, - 2, 3, 3, 4, 3, 4, 4, 5, - 3, 4, 4, 5, 4, 5, 5, 6, - 3, 4, 4, 5, 4, 5, 5, 6, - 4, 5, 5, 6, 5, 6, 6, 7, - 2, 3, 3, 4, 3, 4, 4, 5, - 3, 4, 4, 5, 4, 5, 5, 6, - 3, 4, 4, 5, 4, 5, 5, 6, - 4, 5, 5, 6, 5, 6, 6, 7, - 3, 4, 4, 5, 4, 5, 5, 6, - 4, 5, 5, 6, 5, 6, 6, 7, - 4, 5, 5, 6, 5, 6, 6, 7, - 5, 6, 6, 7, 6, 7, 7, 8 -}; - -int -low_bit[256] = { - -1, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 4, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 5, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 4, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 6, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 4, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 5, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 4, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 7, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 4, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 5, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 4, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 6, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 4, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 5, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0, - 4, 0, 1, 0, 2, 0, 1, 0, - 3, 0, 1, 0, 2, 0, 1, 0 -}; - - -int -high_bit[256] = { - -1, 0, 1, 1, 2, 2, 2, 2, - 3, 3, 3, 3, 3, 3, 3, 3, - 4, 4, 4, 4, 4, 4, 4, 4, - 4, 4, 4, 4, 4, 4, 4, 4, - 5, 5, 5, 5, 5, 5, 5, 5, - 5, 5, 5, 5, 5, 5, 5, 5, - 5, 5, 5, 5, 5, 5, 5, 5, - 5, 5, 5, 5, 5, 5, 5, 5, - 6, 6, 6, 6, 6, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 6, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7 -}; - -int -octet_get_weight(uint8_t octet) { - extern int octet_weight[256]; - - return octet_weight[octet]; -} - -unsigned char -v32_weight(v32_t a) { - unsigned int wt = 0; - - wt += octet_weight[a.v8[0]]; /* note: endian-ness makes no difference */ - wt += octet_weight[a.v8[1]]; - wt += octet_weight[a.v8[2]]; - wt += octet_weight[a.v8[3]]; - - return wt; -} - -inline unsigned char -v32_distance(v32_t x, v32_t y) { - x.value ^= y.value; - return v32_weight(x); -} - -unsigned int -v32_dot_product(v32_t a, v32_t b) { - a.value &= b.value; - return v32_weight(a) & 1; -} - -/* - * _bit_string returns a NULL-terminated character string suitable for - * printing - */ - -#define MAX_STRING_LENGTH 1024 - -char bit_string[MAX_STRING_LENGTH]; - -char * -octet_bit_string(uint8_t x) { - int mask, index; - - for (mask = 1, index = 0; mask < 256; mask <<= 1) - if ((x & mask) == 0) - bit_string[index++] = '0'; - else - bit_string[index++] = '1'; - - bit_string[index++] = 0; /* NULL terminate string */ - - return bit_string; -} - -char * -v16_bit_string(v16_t x) { - int i, mask, index; - - for (i = index = 0; i < 2; i++) { - for (mask = 1; mask < 256; mask <<= 1) - if ((x.v8[i] & mask) == 0) - bit_string[index++] = '0'; - else - bit_string[index++] = '1'; - } - bit_string[index++] = 0; /* NULL terminate string */ - return bit_string; -} - -char * -v32_bit_string(v32_t x) { - int i, mask, index; - - for (i = index = 0; i < 4; i++) { - for (mask = 128; mask > 0; mask >>= 1) - if ((x.v8[i] & mask) == 0) - bit_string[index++] = '0'; - else - bit_string[index++] = '1'; - } - bit_string[index++] = 0; /* NULL terminate string */ - return bit_string; -} - -char * -v64_bit_string(const v64_t *x) { - int i, mask, index; - - for (i = index = 0; i < 8; i++) { - for (mask = 1; mask < 256; mask <<= 1) - if ((x->v8[i] & mask) == 0) - bit_string[index++] = '0'; - else - bit_string[index++] = '1'; - } - bit_string[index++] = 0; /* NULL terminate string */ - return bit_string; -} - -char * -v128_bit_string(v128_t *x) { - int j, index; - uint32_t mask; - - for (j=index=0; j < 4; j++) { - for (mask=0x80000000; mask > 0; mask >>= 1) { - if (x->v32[j] & mask) - bit_string[index] = '1'; - else - bit_string[index] = '0'; - ++index; - } - } - bit_string[128] = 0; /* null terminate string */ - - return bit_string; -} - -uint8_t -nibble_to_hex_char(uint8_t nibble) { - char buf[16] = {'0', '1', '2', '3', '4', '5', '6', '7', - '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; - return buf[nibble & 0xF]; -} - -char * -octet_hex_string(uint8_t x) { - - bit_string[0] = nibble_to_hex_char(x >> 4); - bit_string[1] = nibble_to_hex_char(x & 0xF); - - bit_string[2] = 0; /* null terminate string */ - return bit_string; -} - -char * -octet_string_hex_string(const void *str, int length) { - const uint8_t *s = str; - int i; - - /* double length, since one octet takes two hex characters */ - length *= 2; - - /* truncate string if it would be too long */ - if (length > MAX_STRING_LENGTH) - length = MAX_STRING_LENGTH-1; - - for (i=0; i < length; i+=2) { - bit_string[i] = nibble_to_hex_char(*s >> 4); - bit_string[i+1] = nibble_to_hex_char(*s++ & 0xF); - } - bit_string[i] = 0; /* null terminate string */ - return bit_string; -} - -char * -v16_hex_string(v16_t x) { - int i, j; - - for (i=j=0; i < 2; i++) { - bit_string[j++] = nibble_to_hex_char(x.v8[i] >> 4); - bit_string[j++] = nibble_to_hex_char(x.v8[i] & 0xF); - } - - bit_string[j] = 0; /* null terminate string */ - return bit_string; -} - -char * -v32_hex_string(v32_t x) { - int i, j; - - for (i=j=0; i < 4; i++) { - bit_string[j++] = nibble_to_hex_char(x.v8[i] >> 4); - bit_string[j++] = nibble_to_hex_char(x.v8[i] & 0xF); - } - - bit_string[j] = 0; /* null terminate string */ - return bit_string; -} - -char * -v64_hex_string(const v64_t *x) { - int i, j; - - for (i=j=0; i < 8; i++) { - bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4); - bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF); - } - - bit_string[j] = 0; /* null terminate string */ - return bit_string; -} - -char * -v128_hex_string(v128_t *x) { - int i, j; - - for (i=j=0; i < 16; i++) { - bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4); - bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF); - } - - bit_string[j] = 0; /* null terminate string */ - return bit_string; -} - -char * -char_to_hex_string(char *x, int num_char) { - int i, j; - - if (num_char >= 16) - num_char = 16; - for (i=j=0; i < num_char; i++) { - bit_string[j++] = nibble_to_hex_char(x[i] >> 4); - bit_string[j++] = nibble_to_hex_char(x[i] & 0xF); - } - - bit_string[j] = 0; /* null terminate string */ - return bit_string; -} - -int -hex_char_to_nibble(uint8_t c) { - switch(c) { - case ('0'): return 0x0; - case ('1'): return 0x1; - case ('2'): return 0x2; - case ('3'): return 0x3; - case ('4'): return 0x4; - case ('5'): return 0x5; - case ('6'): return 0x6; - case ('7'): return 0x7; - case ('8'): return 0x8; - case ('9'): return 0x9; - case ('a'): return 0xa; - case ('A'): return 0xa; - case ('b'): return 0xb; - case ('B'): return 0xb; - case ('c'): return 0xc; - case ('C'): return 0xc; - case ('d'): return 0xd; - case ('D'): return 0xd; - case ('e'): return 0xe; - case ('E'): return 0xe; - case ('f'): return 0xf; - case ('F'): return 0xf; - default: return -1; /* this flags an error */ - } - /* NOTREACHED */ - return -1; /* this keeps compilers from complaining */ -} - -int -is_hex_string(char *s) { - while(*s != 0) - if (hex_char_to_nibble(*s++) == -1) - return 0; - return 1; -} - -uint8_t -hex_string_to_octet(char *s) { - uint8_t x; - - x = (hex_char_to_nibble(s[0]) << 4) - | hex_char_to_nibble(s[1] & 0xFF); - - return x; -} - -/* - * hex_string_to_octet_string converts a hexadecimal string - * of length 2 * len to a raw octet string of length len - */ - -int -hex_string_to_octet_string(char *raw, char *hex, int len) { - uint8_t x; - int tmp; - int hex_len; - - hex_len = 0; - while (hex_len < len) { - tmp = hex_char_to_nibble(hex[0]); - if (tmp == -1) - return hex_len; - x = (tmp << 4); - hex_len++; - tmp = hex_char_to_nibble(hex[1]); - if (tmp == -1) - return hex_len; - x |= (tmp & 0xff); - hex_len++; - *raw++ = x; - hex += 2; - } - return hex_len; -} - -v16_t -hex_string_to_v16(char *s) { - v16_t x; - int i, j; - - for (i=j=0; i < 4; i += 2, j++) { - x.v8[j] = (hex_char_to_nibble(s[i]) << 4) - | hex_char_to_nibble(s[i+1] & 0xFF); - } - return x; -} - -v32_t -hex_string_to_v32(char *s) { - v32_t x; - int i, j; - - for (i=j=0; i < 8; i += 2, j++) { - x.v8[j] = (hex_char_to_nibble(s[i]) << 4) - | hex_char_to_nibble(s[i+1] & 0xFF); - } - return x; -} - -v64_t -hex_string_to_v64(char *s) { - v64_t x; - int i, j; - - for (i=j=0; i < 16; i += 2, j++) { - x.v8[j] = (hex_char_to_nibble(s[i]) << 4) - | hex_char_to_nibble(s[i+1] & 0xFF); - } - return x; -} - -v128_t -hex_string_to_v128(char *s) { - v128_t x; - int i, j; - - for (i=j=0; i < 32; i += 2, j++) { - x.v8[j] = (hex_char_to_nibble(s[i]) << 4) - | hex_char_to_nibble(s[i+1] & 0xFF); - } - return x; -} - - - -/* - * the matrix A[] is stored in column format, i.e., A[i] is the ith - * column of the matrix - */ - -uint8_t -A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b) { - int index = 0; - unsigned mask; - - for (mask=1; mask < 256; mask *= 2) { - if (x & mask) - b^= A[index]; - ++index; - } - - return b; -} - -inline void -v16_copy_octet_string(v16_t *x, const uint8_t s[2]) { - x->v8[0] = s[0]; - x->v8[1] = s[1]; -} - -inline void -v32_copy_octet_string(v32_t *x, const uint8_t s[4]) { - x->v8[0] = s[0]; - x->v8[1] = s[1]; - x->v8[2] = s[2]; - x->v8[3] = s[3]; -} - -inline void -v64_copy_octet_string(v64_t *x, const uint8_t s[8]) { - x->v8[0] = s[0]; - x->v8[1] = s[1]; - x->v8[2] = s[2]; - x->v8[3] = s[3]; - x->v8[4] = s[4]; - x->v8[5] = s[5]; - x->v8[6] = s[6]; - x->v8[7] = s[7]; -} - -void -v128_copy_octet_string(v128_t *x, const uint8_t s[16]) { - x->v8[0] = s[0]; - x->v8[1] = s[1]; - x->v8[2] = s[2]; - x->v8[3] = s[3]; - x->v8[4] = s[4]; - x->v8[5] = s[5]; - x->v8[6] = s[6]; - x->v8[7] = s[7]; - x->v8[8] = s[8]; - x->v8[9] = s[9]; - x->v8[10] = s[10]; - x->v8[11] = s[11]; - x->v8[12] = s[12]; - x->v8[13] = s[13]; - x->v8[14] = s[14]; - x->v8[15] = s[15]; - -} - -#ifndef DATATYPES_USE_MACROS /* little functions are not macros */ - -void -v128_set_to_zero(v128_t *x) { - _v128_set_to_zero(x); -} - -void -v128_copy(v128_t *x, const v128_t *y) { - _v128_copy(x, y); -} - -void -v128_xor(v128_t *z, v128_t *x, v128_t *y) { - _v128_xor(z, x, y); -} - -void -v128_and(v128_t *z, v128_t *x, v128_t *y) { - _v128_and(z, x, y); -} - -void -v128_or(v128_t *z, v128_t *x, v128_t *y) { - _v128_or(z, x, y); -} - -void -v128_complement(v128_t *x) { - _v128_complement(x); -} - -int -v128_is_eq(const v128_t *x, const v128_t *y) { - return _v128_is_eq(x, y); -} - -int -v128_get_bit(const v128_t *x, int i) { - return _v128_get_bit(x, i); -} - -void -v128_set_bit(v128_t *x, int i) { - _v128_set_bit(x, i); -} - -void -v128_clear_bit(v128_t *x, int i){ - _v128_clear_bit(x, i); -} - -void -v128_set_bit_to(v128_t *x, int i, int y){ - _v128_set_bit_to(x, i, y); -} - - -#endif /* DATATYPES_USE_MACROS */ - - -inline void -v128_left_shift2(v128_t *x, int num_bits) { - int i; - int word_shift = num_bits >> 5; - int bit_shift = num_bits & 31; - - for (i=0; i < (4-word_shift); i++) { - x->v32[i] = x->v32[i+word_shift] << bit_shift; - } - - for ( ; i < word_shift; i++) { - x->v32[i] = 0; - } - -} - -void -v128_right_shift(v128_t *x, int index) { - const int base_index = index >> 5; - const int bit_index = index & 31; - int i, from; - uint32_t b; - - if (index > 127) { - v128_set_to_zero(x); - return; - } - - if (bit_index == 0) { - - /* copy each word from left size to right side */ - x->v32[4-1] = x->v32[4-1-base_index]; - for (i=4-1; i > base_index; i--) - x->v32[i-1] = x->v32[i-1-base_index]; - - } else { - - /* set each word to the "or" of the two bit-shifted words */ - for (i = 4; i > base_index; i--) { - from = i-1 - base_index; - b = x->v32[from] << bit_index; - if (from > 0) - b |= x->v32[from-1] >> (32-bit_index); - x->v32[i-1] = b; - } - - } - - /* now wrap up the final portion */ - for (i=0; i < base_index; i++) - x->v32[i] = 0; - -} - -void -v128_left_shift(v128_t *x, int index) { - int i; - const int base_index = index >> 5; - const int bit_index = index & 31; - - if (index > 127) { - v128_set_to_zero(x); - return; - } - - if (bit_index == 0) { - for (i=0; i < 4 - base_index; i++) - x->v32[i] = x->v32[i+base_index]; - } else { - for (i=0; i < 4 - base_index - 1; i++) - x->v32[i] = (x->v32[i+base_index] << bit_index) ^ - (x->v32[i+base_index+1] >> (32 - bit_index)); - x->v32[4 - base_index-1] = x->v32[4-1] << bit_index; - } - - /* now wrap up the final portion */ - for (i = 4 - base_index; i < 4; i++) - x->v32[i] = 0; - -} - - -#if 0 -void -v128_add(v128_t *z, v128_t *x, v128_t *y) { - /* integer addition modulo 2^128 */ - -#ifdef WORDS_BIGENDIAN - uint64_t tmp; - - tmp = x->v32[3] + y->v32[3]; - z->v32[3] = (uint32_t) tmp; - - tmp = x->v32[2] + y->v32[2] + (tmp >> 32); - z->v32[2] = (uint32_t) tmp; - - tmp = x->v32[1] + y->v32[1] + (tmp >> 32); - z->v32[1] = (uint32_t) tmp; - - tmp = x->v32[0] + y->v32[0] + (tmp >> 32); - z->v32[0] = (uint32_t) tmp; - -#else /* assume little endian architecture */ - uint64_t tmp; - - tmp = htonl(x->v32[3]) + htonl(y->v32[3]); - z->v32[3] = ntohl((uint32_t) tmp); - - tmp = htonl(x->v32[2]) + htonl(y->v32[2]) + htonl(tmp >> 32); - z->v32[2] = ntohl((uint32_t) tmp); - - tmp = htonl(x->v32[1]) + htonl(y->v32[1]) + htonl(tmp >> 32); - z->v32[1] = ntohl((uint32_t) tmp); - - tmp = htonl(x->v32[0]) + htonl(y->v32[0]) + htonl(tmp >> 32); - z->v32[0] = ntohl((uint32_t) tmp); - -#endif /* WORDS_BIGENDIAN */ - -} -#endif - -int -octet_string_is_eq(uint8_t *a, uint8_t *b, int len) { - uint8_t *end = b + len; - while (b < end) - if (*a++ != *b++) - return 1; - return 0; -} - -void -octet_string_set_to_zero(uint8_t *s, int len) { - uint8_t *end = s + len; - - do { - *s = 0; - } while (++s < end); - -} - - -/* functions below not yet tested! */ - -int -v32_low_bit(v32_t *w) { - int value; - - value = low_bit[w->v8[0]]; - if (value != -1) - return value; - value = low_bit[w->v8[1]]; - if (value != -1) - return value + 8; - value = low_bit[w->v8[2]]; - if (value != -1) - return value + 16; - value = low_bit[w->v8[3]]; - if (value == -1) - return -1; - return value + 24; -} - -/* high_bit not done yet */ - - - - - diff --git a/crypto/math/stat.c b/crypto/math/stat.c deleted file mode 100644 index 5e46c20..0000000 --- a/crypto/math/stat.c +++ /dev/null @@ -1,367 +0,0 @@ -/* - * stats.c - * - * statistical tests for randomness (FIPS 140-2, Section 4.9) - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -#include "stat.h" - -debug_module_t mod_stat = { - 0, /* debugging is off by default */ - (char *)"stat test" /* printable module name */ -}; - -/* - * each test assumes that 20,000 bits (2500 octets) of data is - * provided as input - */ - -#define STAT_TEST_DATA_LEN 2500 - -err_status_t -stat_test_monobit(uint8_t *data) { - uint8_t *data_end = data + STAT_TEST_DATA_LEN; - uint16_t ones_count; - - ones_count = 0; - while (data < data_end) { - ones_count += octet_get_weight(*data); - data++; - } - - debug_print(mod_stat, "bit count: %d", ones_count); - - if ((ones_count < 9725) || (ones_count > 10275)) - return err_status_algo_fail; - - return err_status_ok; -} - -err_status_t -stat_test_poker(uint8_t *data) { - int i; - uint8_t *data_end = data + STAT_TEST_DATA_LEN; - double poker; - uint16_t f[16] = { - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0 - }; - - while (data < data_end) { - f[*data & 0x0f]++; /* increment freq. count for low nibble */ - f[(*data) >> 4]++; /* increment freq. count for high nibble */ - data++; - } - - poker = 0.0; - for (i=0; i < 16; i++) - poker += (double) f[i] * f[i]; - - poker *= (16.0 / 5000.0); - poker -= 5000.0; - - debug_print(mod_stat, "poker test: %f\n", poker); - - if ((poker < 2.16) || (poker > 46.17)) - return err_status_algo_fail; - - return err_status_ok; -} - - -/* - * runs[i] holds the number of runs of size (i-1) - */ - -err_status_t -stat_test_runs(uint8_t *data) { - uint8_t *data_end = data + STAT_TEST_DATA_LEN; - uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 }; - uint16_t gaps[6] = { 0, 0, 0, 0, 0, 0 }; - uint16_t lo_value[6] = { 2315, 1114, 527, 240, 103, 103 }; - uint16_t hi_value[6] = { 2685, 1386, 723, 384, 209, 209 }; - int state = 0; - uint16_t mask; - int i; - - /* - * the state variable holds the number of bits in the - * current run (or gap, if negative) - */ - - while (data < data_end) { - - /* loop over the bits of this byte */ - for (mask = 1; mask < 256; mask <<= 1) { - if (*data & mask) { - - /* next bit is a one */ - if (state > 0) { - - /* prefix is a run, so increment the run-count */ - state++; - - /* check for long runs */ - if (state > 25) { - debug_print(mod_stat, ">25 runs: %d", state); - return err_status_algo_fail; - } - - } else if (state < 0) { - - /* prefix is a gap */ - if (state < -25) { - debug_print(mod_stat, ">25 gaps: %d", state); - return err_status_algo_fail; /* long-runs test failed */ - } - if (state < -6) { - state = -6; /* group together gaps > 5 */ - } - gaps[-1-state]++; /* increment gap count */ - state = 1; /* set state at one set bit */ - } else { - - /* state is zero; this happens only at initialization */ - state = 1; - } - } else { - - /* next bit is a zero */ - if (state > 0) { - - /* prefix is a run */ - if (state > 25) { - debug_print(mod_stat, ">25 runs (2): %d", state); - return err_status_algo_fail; /* long-runs test failed */ - } - if (state > 6) { - state = 6; /* group together runs > 5 */ - } - runs[state-1]++; /* increment run count */ - state = -1; /* set state at one zero bit */ - } else if (state < 0) { - - /* prefix is a gap, so increment gap-count (decrement state) */ - state--; - - /* check for long gaps */ - if (state < -25) { - debug_print(mod_stat, ">25 gaps (2): %d", state); - return err_status_algo_fail; - } - - } else { - - /* state is zero; this happens only at initialization */ - state = -1; - } - } - } - - /* move along to next octet */ - data++; - } - - if (mod_stat.on) { - debug_print(mod_stat, "runs test", NULL); - for (i=0; i < 6; i++) - debug_print(mod_stat, " runs[]: %d", runs[i]); - for (i=0; i < 6; i++) - debug_print(mod_stat, " gaps[]: %d", gaps[i]); - } - - /* check run and gap counts against the fixed limits */ - for (i=0; i < 6; i++) - if ( (runs[i] < lo_value[i] ) || (runs[i] > hi_value[i]) - || (gaps[i] < lo_value[i] ) || (gaps[i] > hi_value[i])) - return err_status_algo_fail; - - - return err_status_ok; -} - - -/* - * the function stat_test_rand_source applys the FIPS-140-2 statistical - * tests to the random source defined by rs - * - */ - -#define RAND_SRC_BUF_OCTETS 50 /* this value MUST divide 2500! */ - -err_status_t -stat_test_rand_source(rand_source_func_t get_rand_bytes) { - int i; - double poker; - uint8_t *data, *data_end; - uint16_t f[16] = { - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0 - }; - uint8_t buffer[RAND_SRC_BUF_OCTETS]; - err_status_t status; - int ones_count = 0; - uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 }; - uint16_t gaps[6] = { 0, 0, 0, 0, 0, 0 }; - uint16_t lo_value[6] = { 2315, 1114, 527, 240, 103, 103 }; - uint16_t hi_value[6] = { 2685, 1386, 723, 384, 209, 209 }; - int state = 0; - uint16_t mask; - - /* counters for monobit, poker, and runs tests are initialized above */ - - /* main loop: fill buffer, update counters for stat tests */ - for (i=0; i < 2500; i+=RAND_SRC_BUF_OCTETS) { - - /* fill data buffer */ - status = get_rand_bytes(buffer, RAND_SRC_BUF_OCTETS); - if (status) { - debug_print(mod_stat, "couldn't get rand bytes: %d",status); - return status; - } - -#if 0 - debug_print(mod_stat, "%s", - octet_string_hex_string(buffer, RAND_SRC_BUF_OCTETS)); -#endif - - data = buffer; - data_end = data + RAND_SRC_BUF_OCTETS; - while (data < data_end) { - - /* update monobit test counter */ - ones_count += octet_get_weight(*data); - - /* update poker test counters */ - f[*data & 0x0f]++; /* increment freq. count for low nibble */ - f[(*data) >> 4]++; /* increment freq. count for high nibble */ - - /* update runs test counters */ - /* loop over the bits of this byte */ - for (mask = 1; mask < 256; mask <<= 1) { - if (*data & mask) { - - /* next bit is a one */ - if (state > 0) { - - /* prefix is a run, so increment the run-count */ - state++; - - /* check for long runs */ - if (state > 25) { - debug_print(mod_stat, ">25 runs (3): %d", state); - return err_status_algo_fail; - } - - } else if (state < 0) { - - /* prefix is a gap */ - if (state < -25) { - debug_print(mod_stat, ">25 gaps (3): %d", state); - return err_status_algo_fail; /* long-runs test failed */ - } - if (state < -6) { - state = -6; /* group together gaps > 5 */ - } - gaps[-1-state]++; /* increment gap count */ - state = 1; /* set state at one set bit */ - } else { - - /* state is zero; this happens only at initialization */ - state = 1; - } - } else { - - /* next bit is a zero */ - if (state > 0) { - - /* prefix is a run */ - if (state > 25) { - debug_print(mod_stat, ">25 runs (4): %d", state); - return err_status_algo_fail; /* long-runs test failed */ - } - if (state > 6) { - state = 6; /* group together runs > 5 */ - } - runs[state-1]++; /* increment run count */ - state = -1; /* set state at one zero bit */ - } else if (state < 0) { - - /* prefix is a gap, so increment gap-count (decrement state) */ - state--; - - /* check for long gaps */ - if (state < -25) { - debug_print(mod_stat, ">25 gaps (4): %d", state); - return err_status_algo_fail; - } - - } else { - - /* state is zero; this happens only at initialization */ - state = -1; - } - } - } - - /* advance data pointer */ - data++; - } - } - - /* check to see if test data is within bounds */ - - /* check monobit test data */ - - debug_print(mod_stat, "stat: bit count: %d", ones_count); - - if ((ones_count < 9725) || (ones_count > 10275)) { - debug_print(mod_stat, "stat: failed monobit test %d", ones_count); - return err_status_algo_fail; - } - - /* check poker test data */ - poker = 0.0; - for (i=0; i < 16; i++) - poker += (double) f[i] * f[i]; - - poker *= (16.0 / 5000.0); - poker -= 5000.0; - - debug_print(mod_stat, "stat: poker test: %f", poker); - - if ((poker < 2.16) || (poker > 46.17)) { - debug_print(mod_stat, "stat: failed poker test", NULL); - return err_status_algo_fail; - } - - /* check run and gap counts against the fixed limits */ - for (i=0; i < 6; i++) - if ((runs[i] < lo_value[i] ) || (runs[i] > hi_value[i]) - || (gaps[i] < lo_value[i] ) || (gaps[i] > hi_value[i])) { - debug_print(mod_stat, "stat: failed run/gap test", NULL); - return err_status_algo_fail; - } - - debug_print(mod_stat, "passed random stat test", NULL); - return err_status_ok; -} - -err_status_t -stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials) { - unsigned int i; - err_status_t err = err_status_algo_fail; - - for (i=0; i < num_trials; i++) { - err = stat_test_rand_source(source); - if (err == err_status_ok) { - return err_status_ok; - } - debug_print(mod_stat, "failed stat test (try number %d)\n", i); - } - - return err; -} diff --git a/crypto/replay/rdb.c b/crypto/replay/rdb.c deleted file mode 100644 index 215f2ab..0000000 --- a/crypto/replay/rdb.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * rdb.c - * - * Implements a replay database for packet security - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include "rdb.h" - - -/* - * this implementation of a replay database works as follows: - * - * window_start is the index of the first packet in the window - * bitmask a bit-buffer, containing the most recently entered - * index as the leftmost bit - * - */ - -/* rdb_init initalizes rdb */ - -err_status_t -rdb_init(rdb_t *rdb) { - v128_set_to_zero(&rdb->bitmask); - rdb->window_start = 0; - return err_status_ok; -} - -/* - * rdb_check checks to see if index appears in rdb - */ - -err_status_t -rdb_check(const rdb_t *rdb, uint32_t index) { - - /* if the index appears after (or at very end of) the window, its good */ - if (index >= rdb->window_start + rdb_bits_in_bitmask) - return err_status_ok; - - /* if the index appears before the window, its bad */ - if (index < rdb->window_start) - return err_status_replay_old; - - /* otherwise, the index appears within the window, so check the bitmask */ - if (v128_get_bit(&rdb->bitmask, (index - rdb->window_start)) == 1) - return err_status_replay_fail; - - /* otherwise, the index is okay */ - return err_status_ok; -} - -/* - * rdb_add_index adds index to rdb_t (and does *not* check if - * index appears in db) - * - * this function should be called only after rdb_check has - * indicated that the index does not appear in the rdb, e.g., a mutex - * should protect the rdb between these calls - */ - -err_status_t -rdb_add_index(rdb_t *rdb, uint32_t index) { - int delta; - - /* here we *assume* that index > rdb->window_start */ - - delta = (index - rdb->window_start); - if (delta < rdb_bits_in_bitmask) { - - /* if the index is within the window, set the appropriate bit */ - v128_set_bit(&rdb->bitmask, delta); - - } else { - - delta -= rdb_bits_in_bitmask - 1; - - /* shift the window forward by delta bits*/ - v128_left_shift(&rdb->bitmask, delta); - v128_set_bit(&rdb->bitmask, rdb_bits_in_bitmask - 1); - rdb->window_start += delta; - - } - - return err_status_ok; -} - -err_status_t -rdb_increment(rdb_t *rdb) { - - if (rdb->window_start++ > 0x7fffffff) - return err_status_key_expired; - return err_status_ok; -} - -uint32_t -rdb_get_value(const rdb_t *rdb) { - return rdb->window_start; -} diff --git a/crypto/replay/rdbx.c b/crypto/replay/rdbx.c deleted file mode 100644 index 633d0ba..0000000 --- a/crypto/replay/rdbx.c +++ /dev/null @@ -1,361 +0,0 @@ -/* - * rdbx.c - * - * a replay database with extended range, using a rollover counter - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "rdbx.h" - - -/* - * from draft-ietf-avt-srtp-00.txt: - * - * A receiver reconstructs the index i of a packet with sequence - * number s using the estimate - * - * i = 65,536 * t + s, - * - * where t is chosen from the set { r-1, r, r+1 } such that i is - * closest to the value 65,536 * r + s_l. If the value r+1 is used, - * then the rollover counter r in the cryptographic context is - * incremented by one (if the packet containing s is authentic). - */ - - - -/* - * rdbx implementation notes - * - * A xtd_seq_num_t is essentially a sequence number for which some of - * the data on the wire are implicit. It logically consists of a - * rollover counter and a sequence number; the sequence number is the - * explicit part, and the rollover counter is the implicit part. - * - * Upon receiving a sequence_number (e.g. in a newly received SRTP - * packet), the complete xtd_seq_num_t can be estimated by using a - * local xtd_seq_num_t as a basis. This is done using the function - * index_guess(&local, &guess, seq_from_packet). This function - * returns the difference of the guess and the local value. The local - * xtd_seq_num_t can be moved forward to the guess using the function - * index_advance(&guess, delta), where delta is the difference. - * - * - * A rdbx_t consists of a xtd_seq_num_t and a bitmask. The index is highest - * sequence number that has been received, and the bitmask indicates - * which of the recent indicies have been received as well. The - * highest bit in the bitmask corresponds to the index in the bitmask. - */ - - -void -index_init(xtd_seq_num_t *pi) { -#ifdef NO_64BIT_MATH - *pi = make64(0,0); -#else - *pi = 0; -#endif -} - -void -index_advance(xtd_seq_num_t *pi, sequence_number_t s) { -#ifdef NO_64BIT_MATH - /* a > ~b means a+b will generate a carry */ - /* s is uint16 here */ - *pi = make64(high32(*pi) + (s > ~low32(*pi) ? 1 : 0),low32(*pi) + s); -#else - *pi += s; -#endif -} - - -/* - * index_guess(local, guess, s) - * - * given a xtd_seq_num_t local (which represents the last - * known-to-be-good received xtd_seq_num_t) and a sequence number s - * (from a newly arrived packet), sets the contents of *guess to - * contain the best guess of the packet index to which s corresponds, - * and returns the difference between *guess and *local - * - * nota bene - the output is a signed integer, DON'T cast it to a - * unsigned integer! - */ - -int -index_guess(const xtd_seq_num_t *local, - xtd_seq_num_t *guess, - sequence_number_t s) { -#ifdef NO_64BIT_MATH - uint32_t local_roc = ((high32(*local) << 16) | - (low32(*local) >> 16)); - uint16_t local_seq = (uint16_t) (low32(*local)); -#else - uint32_t local_roc = (uint32_t)(*local >> 16); - uint16_t local_seq = (uint16_t) *local; -#endif -#ifdef NO_64BIT_MATH - uint32_t guess_roc = ((high32(*guess) << 16) | - (low32(*guess) >> 16)); - uint16_t guess_seq = (uint16_t) (low32(*guess)); -#else - uint32_t guess_roc = (uint32_t)(*guess >> 16); - uint16_t guess_seq = (uint16_t) *guess; -#endif - int difference; - - if (local_seq < seq_num_median) { - if (s - local_seq > seq_num_median) { - guess_roc = local_roc - 1; - // The return value is the relative difference from local_seq to s. - // The original value is negation of its purpose. According to document - // http://www.ietf.org/rfc/rfc3711.txt, when this condition is true, the - // resulting new index should be (local_roc-1, s). But original logic - // will end up positive difference and rdbx_check would pass. Hence after - // rdbx_add_index would make local index to be the wrong value because - // local index should not be updated in this case. For example, when - // local index is (1, 100) and next sequence is 65530, the wrong updated - // index would be (1, 205). - difference = s - local_seq - seq_num_max; - } else { - guess_roc = local_roc; - difference = s - local_seq; - } - } else { - if (local_seq - seq_num_median > s) { - guess_roc = local_roc+1; - difference = seq_num_max - local_seq + s; - } else { - difference = s - local_seq; - guess_roc = local_roc; - } - } - guess_seq = s; - - /* Note: guess_roc is 32 bits, so this generates a 48-bit result! */ -#ifdef NO_64BIT_MATH - *guess = make64(guess_roc >> 16, - (guess_roc << 16) | guess_seq); -#else - *guess = (((uint64_t) guess_roc) << 16) | guess_seq; -#endif - - return difference; -} - -/* - * rdbx - * - */ - - -/* - * rdbx_init(&r, ws) initializes the rdbx_t pointed to by r with window size ws - */ - -err_status_t -rdbx_init(rdbx_t *rdbx, unsigned long ws) { - if (ws == 0) - return err_status_bad_param; - - if (bitvector_alloc(&rdbx->bitmask, ws) != 0) - return err_status_alloc_fail; - - index_init(&rdbx->index); - - return err_status_ok; -} - -/* - * rdbx_uninit(&r) uninitializes the rdbx_t pointed to by r - */ - -err_status_t -rdbx_uninit(rdbx_t *rdbx) { - bitvector_dealloc(&rdbx->bitmask); - - return err_status_ok; -} - -/* - * rdbx_set_roc(rdbx, roc) initalizes the rdbx_t at the location rdbx - * to have the rollover counter value roc. If that value is less than - * the current rollover counter value, then the function returns - * err_status_replay_old; otherwise, err_status_ok is returned. - * - */ - -err_status_t -rdbx_set_roc(rdbx_t *rdbx, uint32_t roc) { - bitvector_set_to_zero(&rdbx->bitmask); - -#ifdef NO_64BIT_MATH - #error not yet implemented -#else - - /* make sure that we're not moving backwards */ - if (roc < (rdbx->index >> 16)) - return err_status_replay_old; - - rdbx->index &= 0xffff; /* retain lowest 16 bits */ - rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */ -#endif - - return err_status_ok; -} - -/* - * rdbx_get_packet_index(rdbx) returns the value of the packet index - * for the rdbx_t pointed to by rdbx - * - */ - -xtd_seq_num_t -rdbx_get_packet_index(const rdbx_t *rdbx) { - return rdbx->index; -} - -/* - * rdbx_get_window_size(rdbx) returns the value of the window size - * for the rdbx_t pointed to by rdbx - * - */ - -unsigned long -rdbx_get_window_size(const rdbx_t *rdbx) { - return bitvector_get_length(&rdbx->bitmask); -} - -/* - * rdbx_check(&r, delta) checks to see if the xtd_seq_num_t - * which is at rdbx->index + delta is in the rdb - */ - -err_status_t -rdbx_check(const rdbx_t *rdbx, int delta) { - - if (delta > 0) { /* if delta is positive, it's good */ - return err_status_ok; - } else if ((int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta < 0) { - /* if delta is lower than the bitmask, it's bad */ - return err_status_replay_old; - } else if (bitvector_get_bit(&rdbx->bitmask, - (int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta) == 1) { - /* delta is within the window, so check the bitmask */ - return err_status_replay_fail; - } - /* otherwise, the index is okay */ - - return err_status_ok; -} - -/* - * rdbx_add_index adds the xtd_seq_num_t at rdbx->window_start + d to - * replay_db (and does *not* check if that xtd_seq_num_t appears in db) - * - * this function should be called only after replay_check has - * indicated that the index does not appear in the rdbx, e.g., a mutex - * should protect the rdbx between these calls if need be - */ - -err_status_t -rdbx_add_index(rdbx_t *rdbx, int delta) { - - if (delta > 0) { - /* shift forward by delta */ - index_advance(&rdbx->index, delta); - bitvector_left_shift(&rdbx->bitmask, delta); - bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1); - } else { - /* delta is in window, so flip bit in bitmask */ - bitvector_set_bit(&rdbx->bitmask, -delta); - } - - /* note that we need not consider the case that delta == 0 */ - - return err_status_ok; -} - - - -/* - * rdbx_estimate_index(rdbx, guess, s) - * - * given an rdbx and a sequence number s (from a newly arrived packet), - * sets the contents of *guess to contain the best guess of the packet - * index to which s corresponds, and returns the difference between - * *guess and the locally stored synch info - */ - -int -rdbx_estimate_index(const rdbx_t *rdbx, - xtd_seq_num_t *guess, - sequence_number_t s) { - - /* - * if the sequence number and rollover counter in the rdbx are - * non-zero, then use the index_guess(...) function, otherwise, just - * set the rollover counter to zero (since the index_guess(...) - * function might incorrectly guess that the rollover counter is - * 0xffffffff) - */ - -#ifdef NO_64BIT_MATH - /* seq_num_median = 0x8000 */ - if (high32(rdbx->index) > 0 || - low32(rdbx->index) > seq_num_median) -#else - if (rdbx->index > seq_num_median) -#endif - return index_guess(&rdbx->index, guess, s); - -#ifdef NO_64BIT_MATH - *guess = make64(0,(uint32_t) s); -#else - *guess = s; -#endif - -#ifdef NO_64BIT_MATH - return s - (uint16_t) low32(rdbx->index); -#else - return s - (uint16_t) rdbx->index; -#endif -} diff --git a/crypto/replay/ut_sim.c b/crypto/replay/ut_sim.c deleted file mode 100644 index 43c411e..0000000 --- a/crypto/replay/ut_sim.c +++ /dev/null @@ -1,105 +0,0 @@ -/* - * ut_sim.c - * - * an unreliable transport simulator - * (for testing replay databases and suchlike) - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include "ut_sim.h" - - -int -ut_compar(const void *a, const void *b) { - return rand() > (RAND_MAX/2) ? -1 : 1; -} - -void -ut_init(ut_connection *utc) { - int i; - utc->index = 0; - - for (i=0; i < UT_BUF; i++) - utc->buffer[i] = i; - - qsort(utc->buffer, UT_BUF, sizeof(uint32_t), ut_compar); - - utc->index = UT_BUF - 1; -} - -uint32_t -ut_next_index(ut_connection *utc) { - uint32_t tmp; - - tmp = utc->buffer[0]; - utc->index++; - utc->buffer[0] = utc->index; - - qsort(utc->buffer, UT_BUF, sizeof(uint32_t), ut_compar); - - return tmp; -} - - - -#ifdef UT_TEST - -#include <stdio.h> - -int -main() { - uint32_t i, irecvd, idiff; - ut_connection utc; - - ut_init(&utc); - - for (i=0; i < 1000; i++) { - irecvd = ut_next_index(&utc); - idiff = i - irecvd; - printf("%lu\t%lu\t%d\n", i, irecvd, idiff); - } - - return 0; -} - - -#endif diff --git a/crypto/rng/ctr_prng.c b/crypto/rng/ctr_prng.c deleted file mode 100644 index ab76df3..0000000 --- a/crypto/rng/ctr_prng.c +++ /dev/null @@ -1,108 +0,0 @@ -/* - * ctr_prng.c - * - * counter mode based pseudorandom source - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright(c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include "prng.h" - -/* single, global prng structure */ - -ctr_prng_t ctr_prng; - -err_status_t -ctr_prng_init(rand_source_func_t random_source) { - uint8_t tmp_key[32]; - err_status_t status; - - /* initialize output count to zero */ - ctr_prng.octet_count = 0; - - /* set random source */ - ctr_prng.rand = random_source; - - /* initialize secret key from random source */ - status = random_source(tmp_key, 32); - if (status) - return status; - - /* initialize aes ctr context with random key */ - status = aes_icm_context_init(&ctr_prng.state, tmp_key); - if (status) - return status; - - return err_status_ok; -} - -err_status_t -ctr_prng_get_octet_string(void *dest, uint32_t len) { - err_status_t status; - - /* - * if we need to re-initialize the prng, do so now - * - * avoid 32-bit overflows by subtracting instead of adding - */ - if (ctr_prng.octet_count > MAX_PRNG_OUT_LEN - len) { - status = ctr_prng_init(ctr_prng.rand); - if (status) - return status; - } - ctr_prng.octet_count += len; - - /* - * write prng output - */ - status = aes_icm_output(&ctr_prng.state, (uint8_t*)dest, len); - if (status) - return status; - - return err_status_ok; -} - -err_status_t -ctr_prng_deinit(void) { - - /* nothing */ - - return err_status_ok; -} diff --git a/crypto/rng/prng.c b/crypto/rng/prng.c deleted file mode 100644 index 69350a4..0000000 --- a/crypto/rng/prng.c +++ /dev/null @@ -1,180 +0,0 @@ -/* - * prng.c - * - * pseudorandom source - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright(c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include "prng.h" - -/* single, global prng structure */ - -x917_prng_t x917_prng; - -err_status_t -x917_prng_init(rand_source_func_t random_source) { - v128_t tmp_key; - err_status_t status; - - /* initialize output count to zero */ - x917_prng.octet_count = 0; - - /* set random source */ - x917_prng.rand = random_source; - - /* initialize secret key from random source */ - status = random_source((uint8_t *)&tmp_key, 16); - if (status) - return status; - - /* expand aes key */ - aes_expand_encryption_key(&tmp_key, x917_prng.key); - - /* initialize prng state from random source */ - status = x917_prng.rand((uint8_t *)&x917_prng.state, 16); - if (status) - return status; - - return err_status_ok; -} - -err_status_t -x917_prng_get_octet_string(uint8_t *dest, uint32_t len) { - uint32_t t; - v128_t buffer; - uint32_t i, tail_len; - err_status_t status; - - /* - * if we need to re-initialize the prng, do so now - * - * avoid overflows by subtracting instead of adding - */ - if (x917_prng.octet_count > MAX_PRNG_OUT_LEN - len) { - status = x917_prng_init(x917_prng.rand); - if (status) - return status; - } - x917_prng.octet_count += len; - - /* find out the time */ - t = (uint32_t)time(NULL); - - /* loop until we have output enough data */ - for (i=0; i < len/16; i++) { - - /* exor time into state */ - x917_prng.state.v32[0] ^= t; - - /* copy state into buffer */ - v128_copy(&buffer, &x917_prng.state); - - /* apply aes to buffer */ - aes_encrypt(&buffer, x917_prng.key); - - /* write data to output */ - *dest++ = buffer.v8[0]; - *dest++ = buffer.v8[1]; - *dest++ = buffer.v8[2]; - *dest++ = buffer.v8[3]; - *dest++ = buffer.v8[4]; - *dest++ = buffer.v8[5]; - *dest++ = buffer.v8[6]; - *dest++ = buffer.v8[7]; - *dest++ = buffer.v8[8]; - *dest++ = buffer.v8[9]; - *dest++ = buffer.v8[10]; - *dest++ = buffer.v8[11]; - *dest++ = buffer.v8[12]; - *dest++ = buffer.v8[13]; - *dest++ = buffer.v8[14]; - *dest++ = buffer.v8[15]; - - /* exor time into buffer */ - buffer.v32[0] ^= t; - - /* encrypt buffer */ - aes_encrypt(&buffer, x917_prng.key); - - /* copy buffer into state */ - v128_copy(&x917_prng.state, &buffer); - - } - - /* if we need to output any more octets, we'll do so now */ - tail_len = len % 16; - if (tail_len) { - - /* exor time into state */ - x917_prng.state.v32[0] ^= t; - - /* copy value into buffer */ - v128_copy(&buffer, &x917_prng.state); - - /* apply aes to buffer */ - aes_encrypt(&buffer, x917_prng.key); - - /* write data to output */ - for (i=0; i < tail_len; i++) { - *dest++ = buffer.v8[i]; - } - - /* now update the state one more time */ - - /* exor time into buffer */ - buffer.v32[0] ^= t; - - /* encrypt buffer */ - aes_encrypt(&buffer, x917_prng.key); - - /* copy buffer into state */ - v128_copy(&x917_prng.state, &buffer); - - } - - return err_status_ok; -} - -err_status_t -x917_prng_deinit(void) { - - return err_status_ok; -} diff --git a/crypto/rng/rand_linux_kernel.c b/crypto/rng/rand_linux_kernel.c deleted file mode 100644 index c51978e..0000000 --- a/crypto/rng/rand_linux_kernel.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * rand_linux_kernel.c - * - * implements a random source using Linux kernel functions - * - * Marcus Sundberg - * Ingate Systems AB - */ -/* - * - * Copyright(c) 2005 Ingate Systems AB - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the author(s) nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "config.h" -#include "rand_source.h" - - -err_status_t -rand_source_init(void) { - return err_status_ok; -} - -err_status_t -rand_source_get_octet_string(void *dest, uint32_t len) { - - get_random_bytes(dest, len); - - return err_status_ok; -} - -err_status_t -rand_source_deinit(void) { - return err_status_ok; -} diff --git a/crypto/rng/rand_source.c b/crypto/rng/rand_source.c deleted file mode 100644 index 6f844c5..0000000 --- a/crypto/rng/rand_source.c +++ /dev/null @@ -1,151 +0,0 @@ -/* - * rand_source.c - * - * implements a random source based on /dev/random - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright(c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "config.h" - -#ifdef DEV_URANDOM -# include <fcntl.h> /* for open() */ -# include <unistd.h> /* for close() */ -#elif defined(HAVE_RAND_S) -# define _CRT_RAND_S -# include <stdlib.h> -#else -# include <stdio.h> -#endif - -#include "rand_source.h" - - -/* - * global dev_rand_fdes is file descriptor for /dev/random - * - * This variable is also used to indicate that the random source has - * been initialized. When this variable is set to the value of the - * #define RAND_SOURCE_NOT_READY, it indicates that the random source - * is not ready to be used. The value of the #define - * RAND_SOURCE_READY is for use whenever that variable is used as an - * indicator of the state of the random source, but not as a file - * descriptor. - */ - -#define RAND_SOURCE_NOT_READY (-1) -#define RAND_SOURCE_READY (17) - -static int dev_random_fdes = RAND_SOURCE_NOT_READY; - - -err_status_t -rand_source_init(void) { - if (dev_random_fdes >= 0) { - /* already open */ - return err_status_ok; - } -#ifdef DEV_URANDOM - /* open random source for reading */ - dev_random_fdes = open(DEV_URANDOM, O_RDONLY); - if (dev_random_fdes < 0) - return err_status_init_fail; -#elif defined(HAVE_RAND_S) - dev_random_fdes = RAND_SOURCE_READY; -#else - /* no random source available; let the user know */ - fprintf(stderr, "WARNING: no real random source present!\n"); - dev_random_fdes = RAND_SOURCE_READY; -#endif - return err_status_ok; -} - -err_status_t -rand_source_get_octet_string(void *dest, uint32_t len) { - - /* - * read len octets from /dev/random to dest, and - * check return value to make sure enough octets were - * written - */ -#ifdef DEV_URANDOM - if (read(dev_random_fdes, dest, len) != len) - return err_status_fail; -#elif defined(HAVE_RAND_S) - uint8_t *dst = (uint8_t *)dest; - while (len) - { - unsigned int val; - errno_t err = rand_s(&val); - - if (err != 0) - return err_status_fail; - - *dst++ = val & 0xff; - len--; - } -#else - /* Generic C-library (rand()) version */ - /* This is a random source of last resort */ - uint8_t *dst = (uint8_t *)dest; - while (len) - { - int val = rand(); - /* rand() returns 0-32767 (ugh) */ - /* Is this a good enough way to get random bytes? - It is if it passes FIPS-140... */ - *dst++ = val & 0xff; - len--; - } -#endif - return err_status_ok; -} - -err_status_t -rand_source_deinit(void) { - if (dev_random_fdes < 0) - return err_status_dealloc_fail; /* well, we haven't really failed, * - * but there is something wrong */ -#ifdef DEV_URANDOM - close(dev_random_fdes); -#endif - dev_random_fdes = RAND_SOURCE_NOT_READY; - - return err_status_ok; -} diff --git a/crypto/test/aes_calc.c b/crypto/test/aes_calc.c deleted file mode 100644 index 2fac07a..0000000 --- a/crypto/test/aes_calc.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * aes_calc.c - * - * A simple AES calculator for generating AES encryption values - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - - Example usage (with first NIST FIPS 197 test case): - -[sh]$ test/aes_calc 000102030405060708090a0b0c0d0e0f 00112233445566778899aabbccddeeff -v - plaintext: 00112233445566778899aabbccddeeff - key: 000102030405060708090a0b0c0d0e0f - ciphertext: 69c4e0d86a7b0430d8cdb78070b4c55a - - */ - -#include "aes.h" -#include <stdio.h> -#include <string.h> - -void -usage(char *prog_name) { - printf("usage: %s <key> <plaintext> [-v]\n", prog_name); - exit(255); -} - -#define AES_KEY_LEN 16 - -int -main (int argc, char *argv[]) { - v128_t data, key; - aes_expanded_key_t exp_key; - int len; - int verbose; - - if (argc == 3) { - /* we're not in verbose mode */ - verbose = 0; - } else if (argc == 4) { - if (strncmp(argv[3], "-v", 2) == 0) { - /* we're in verbose mode */ - verbose = 1; - } else { - /* unrecognized flag, complain and exit */ - usage(argv[0]); - } - } else { - /* we've been fed the wrong number of arguments - compain and exit */ - usage(argv[0]); - } - - /* read in key, checking length */ - if (strlen(argv[1]) > AES_KEY_LEN*2) { - fprintf(stderr, - "error: too many digits in key " - "(should be %d hexadecimal digits, found %u)\n", - AES_KEY_LEN*2, (unsigned)strlen(argv[1])); - exit(1); - } - len = hex_string_to_octet_string((char *)&key, argv[1], AES_KEY_LEN*2); - /* check that hex string is the right length */ - if (len < AES_KEY_LEN*2) { - fprintf(stderr, - "error: too few digits in key " - "(should be %d hexadecimal digits, found %d)\n", - AES_KEY_LEN*2, len); - exit(1); - } - - /* read in plaintext, checking length */ - if (strlen(argv[2]) > 16*2) { - fprintf(stderr, - "error: too many digits in plaintext " - "(should be %d hexadecimal digits, found %u)\n", - 16*2, (unsigned)strlen(argv[2])); - exit(1); - } - len = hex_string_to_octet_string((char *)(&data), argv[2], 16*2); - /* check that hex string is the right length */ - if (len < 16*2) { - fprintf(stderr, - "error: too few digits in plaintext " - "(should be %d hexadecimal digits, found %d)\n", - 16*2, len); - exit(1); - } - - if (verbose) { - /* print out plaintext */ - printf("plaintext:\t%s\n", octet_string_hex_string((uint8_t *)&data, 16)); - } - - /* encrypt plaintext */ - aes_expand_encryption_key(&key, exp_key); - - aes_encrypt(&data, exp_key); - - /* write ciphertext to output */ - if (verbose) { - printf("key:\t\t%s\n", v128_hex_string(&key)); - printf("ciphertext:\t"); - } - printf("%s\n", v128_hex_string(&data)); - - return 0; -} - diff --git a/crypto/test/auth_driver.c b/crypto/test/auth_driver.c deleted file mode 100644 index cd8a75d..0000000 --- a/crypto/test/auth_driver.c +++ /dev/null @@ -1,200 +0,0 @@ -/* - * auth_driver.c - * - * a driver for auth functions - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include <stdio.h> /* for printf() */ -#include <stdlib.h> /* for xalloc() */ -#include <unistd.h> /* for getopt() */ - -#include "auth.h" -#include "null_auth.h" - -#define PRINT_DEBUG_DATA 0 - -extern auth_type_t tmmhv2; - -const uint16_t msg0[9] = { - 0x6015, 0xf141, 0x5ba1, 0x29a0, 0xf604, 0xd1c, 0x2d9, 0xaa8a, 0x7931 -}; - -/* key1 is for TAG_WORDS = 2 */ - -const uint16_t key1[47] = { - 0xe627, 0x6a01, 0x5ea7, 0xf27a, 0xc536, 0x2192, 0x11be, 0xea35, - 0xdb9d, 0x63d6, 0xfa8a, 0xfc45, 0xe08b, 0xd216, 0xced2, 0x7853, - 0x1a82, 0x22f5, 0x90fb, 0x1c29, 0x708e, 0xd06f, 0x82c3, 0xbee6, - 0x4f21, 0x6f33, 0x65c0, 0xd211, 0xc25e, 0x9138, 0x4fa3, 0x7c1f, - 0x61ac, 0x3489, 0x2976, 0x8c19, 0x8252, 0xddbf, 0xcad3, 0xc28f, - 0x68d6, 0x58dd, 0x504f, 0x2bbf, 0x0278, 0x70b7, 0xcfca -}; - -double -auth_bits_per_second(auth_t *h, int msg_len); - - -void -usage(char *prog_name) { - printf("usage: %s [ -t | -v ]\n", prog_name); - exit(255); -} - -#define MAX_MSG_LEN 2048 - -int -main (int argc, char *argv[]) { - auth_t *a = NULL; - err_status_t status; - int i; - int c; - unsigned do_timing_test = 0; - unsigned do_validation = 0; - - /* process input arguments */ - while (1) { - c = getopt(argc, argv, "tv"); - if (c == -1) - break; - switch (c) { - case 't': - do_timing_test = 1; - break; - case 'v': - do_validation = 1; - break; - default: - usage(argv[0]); - } - } - - printf("auth driver\nDavid A. McGrew\nCisco Systems, Inc.\n"); - - if (!do_validation && !do_timing_test) - usage(argv[0]); - - if (do_validation) { - printf("running self-test for %s...", tmmhv2.description); - status = tmmhv2_add_big_test(); - if (status) { - printf("tmmhv2_add_big_test failed with error code %d\n", status); - exit(status); - } - status = auth_type_self_test(&tmmhv2); - if (status) { - printf("failed with error code %d\n", status); - exit(status); - } - printf("passed\n"); - } - - if (do_timing_test) { - - /* tmmhv2 timing test */ - status = auth_type_alloc(&tmmhv2, &a, 94, 4); - if (status) { - fprintf(stderr, "can't allocate tmmhv2\n"); - exit(status); - } - status = auth_init(a, (uint8_t *)key1); - if (status) { - printf("error initializaing auth function\n"); - exit(status); - } - - printf("timing %s (tag length %d)\n", - tmmhv2.description, auth_get_tag_length(a)); - for (i=8; i <= MAX_MSG_LEN; i *= 2) - printf("msg len: %d\tgigabits per second: %f\n", - i, auth_bits_per_second(a, i) / 1E9); - - status = auth_dealloc(a); - if (status) { - printf("error deallocating auth function\n"); - exit(status); - } - - } - - return 0; -} - -#define NUM_TRIALS 100000 - -#include <time.h> - -double -auth_bits_per_second(auth_t *a, int msg_len_octets) { - int i; - clock_t timer; - uint8_t *result; - int msg_len = (msg_len_octets + 1)/2; - uint16_t *msg_string; - - /* create random message */ - msg_string = (uint16_t *) crypto_alloc(msg_len_octets); - if (msg_string == NULL) - return 0.0; /* indicate failure */ - for (i=0; i < msg_len; i++) - msg_string[i] = (uint16_t) random(); - - /* allocate temporary storage for authentication tag */ - result = crypto_alloc(auth_get_tag_length(a)); - if (result == NULL) { - free(msg_string); - return 0.0; /* indicate failure */ - } - - timer = clock(); - for (i=0; i < NUM_TRIALS; i++) { - auth_compute(a, (uint8_t *)msg_string, msg_len_octets, (uint8_t *)result); - } - timer = clock() - timer; - - free(msg_string); - free(result); - - return (double) NUM_TRIALS * 8 * msg_len_octets * CLOCKS_PER_SEC / timer; -} - - diff --git a/crypto/test/cipher_driver.c b/crypto/test/cipher_driver.c deleted file mode 100644 index 25ca90a..0000000 --- a/crypto/test/cipher_driver.c +++ /dev/null @@ -1,491 +0,0 @@ -/* - * cipher_driver.c - * - * A driver for the generic cipher type - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include <stdio.h> /* for printf() */ -#include <stdlib.h> /* for rand() */ -#include <string.h> /* for memset() */ -#include <unistd.h> /* for getopt() */ -#include "cipher.h" -#include "aes_icm.h" -#include "null_cipher.h" - -#define PRINT_DEBUG 0 - -void -cipher_driver_test_throughput(cipher_t *c); - -err_status_t -cipher_driver_self_test(cipher_type_t *ct); - - -/* - * cipher_driver_test_buffering(ct) tests the cipher's output - * buffering for correctness by checking the consistency of succesive - * calls - */ - -err_status_t -cipher_driver_test_buffering(cipher_t *c); - - -/* - * functions for testing cipher cache thrash - */ -err_status_t -cipher_driver_test_array_throughput(cipher_type_t *ct, - int klen, int num_cipher); - -void -cipher_array_test_throughput(cipher_t *ca[], int num_cipher); - -uint64_t -cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher, - unsigned octets_in_buffer, int num_trials); - -err_status_t -cipher_array_delete(cipher_t *cipher_array[], int num_cipher); - -err_status_t -cipher_array_alloc_init(cipher_t ***cipher_array, int num_ciphers, - cipher_type_t *ctype, int klen); - -void -usage(char *prog_name) { - printf("usage: %s [ -t | -v | -a ]\n", prog_name); - exit(255); -} - -void -check_status(err_status_t s) { - if (s) { - printf("error (code %d)\n", s); - exit(s); - } - return; -} - -/* - * null_cipher, aes_icm, and aes_cbc are the cipher meta-objects - * defined in the files in crypto/cipher subdirectory. these are - * declared external so that we can use these cipher types here - */ - -extern cipher_type_t null_cipher; -extern cipher_type_t aes_icm; -extern cipher_type_t aes_cbc; - -int -main(int argc, char *argv[]) { - cipher_t *c = NULL; - err_status_t status; - unsigned char test_key[20] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13 - }; - int q; - unsigned do_timing_test = 0; - unsigned do_validation = 0; - unsigned do_array_timing_test = 0; - - /* process input arguments */ - while (1) { - q = getopt(argc, argv, "tva"); - if (q == -1) - break; - switch (q) { - case 't': - do_timing_test = 1; - break; - case 'v': - do_validation = 1; - break; - case 'a': - do_array_timing_test = 1; - break; - default: - usage(argv[0]); - } - } - - printf("cipher test driver\n" - "David A. McGrew\n" - "Cisco Systems, Inc.\n"); - - if (!do_validation && !do_timing_test && !do_array_timing_test) - usage(argv[0]); - - /* arry timing (cache thrash) test */ - if (do_array_timing_test) { - int max_num_cipher = 1 << 16; /* number of ciphers in cipher_array */ - int num_cipher; - - for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) - cipher_driver_test_array_throughput(&null_cipher, 0, num_cipher); - - for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) - cipher_driver_test_array_throughput(&aes_icm, 30, num_cipher); - - for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) - cipher_driver_test_array_throughput(&aes_cbc, 16, num_cipher); - - } - - if (do_validation) { - cipher_driver_self_test(&null_cipher); - cipher_driver_self_test(&aes_icm); - cipher_driver_self_test(&aes_cbc); - } - - /* do timing and/or buffer_test on null_cipher */ - status = cipher_type_alloc(&null_cipher, &c, 0); - check_status(status); - - status = cipher_init(c, NULL, direction_encrypt); - check_status(status); - - if (do_timing_test) - cipher_driver_test_throughput(c); - if (do_validation) { - status = cipher_driver_test_buffering(c); - check_status(status); - } - status = cipher_dealloc(c); - check_status(status); - - - /* run the throughput test on the aes_icm cipher */ - status = cipher_type_alloc(&aes_icm, &c, 30); - if (status) { - fprintf(stderr, "error: can't allocate cipher\n"); - exit(status); - } - - status = cipher_init(c, test_key, direction_encrypt); - check_status(status); - - if (do_timing_test) - cipher_driver_test_throughput(c); - - if (do_validation) { - status = cipher_driver_test_buffering(c); - check_status(status); - } - - status = cipher_dealloc(c); - check_status(status); - - return 0; -} - -void -cipher_driver_test_throughput(cipher_t *c) { - int i; - int min_enc_len = 32; - int max_enc_len = 2048; /* should be a power of two */ - int num_trials = 100000; - - printf("timing %s throughput:\n", c->type->description); - fflush(stdout); - for (i=min_enc_len; i <= max_enc_len; i = i * 2) - printf("msg len: %d\tgigabits per second: %f\n", - i, cipher_bits_per_second(c, i, num_trials) / 1e9); - -} - -err_status_t -cipher_driver_self_test(cipher_type_t *ct) { - err_status_t status; - - printf("running cipher self-test for %s...", ct->description); - status = cipher_type_self_test(ct); - if (status) { - printf("failed with error code %d\n", status); - exit(status); - } - printf("passed\n"); - - return err_status_ok; -} - -/* - * cipher_driver_test_buffering(ct) tests the cipher's output - * buffering for correctness by checking the consistency of succesive - * calls - */ - -err_status_t -cipher_driver_test_buffering(cipher_t *c) { - int i, j, num_trials = 1000; - unsigned len, buflen = 1024; - uint8_t buffer0[buflen], buffer1[buflen], *current, *end; - uint8_t idx[16] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x34 - }; - err_status_t status; - - printf("testing output buffering for cipher %s...", - c->type->description); - - for (i=0; i < num_trials; i++) { - - /* set buffers to zero */ - for (j=0; j < buflen; j++) - buffer0[j] = buffer1[j] = 0; - - /* initialize cipher */ - status = cipher_set_iv(c, idx); - if (status) - return status; - - /* generate 'reference' value by encrypting all at once */ - status = cipher_encrypt(c, buffer0, &buflen); - if (status) - return status; - - /* re-initialize cipher */ - status = cipher_set_iv(c, idx); - if (status) - return status; - - /* now loop over short lengths until buffer1 is encrypted */ - current = buffer1; - end = buffer1 + buflen; - while (current < end) { - - /* choose a short length */ - len = rand() & 0x01f; - - /* make sure that len doesn't cause us to overreach the buffer */ - if (current + len > end) - len = end - current; - - status = cipher_encrypt(c, current, &len); - if (status) - return status; - - /* advance pointer into buffer1 to reflect encryption */ - current += len; - - /* if buffer1 is all encrypted, break out of loop */ - if (current == end) - break; - } - - /* compare buffers */ - for (j=0; j < buflen; j++) - if (buffer0[j] != buffer1[j]) { -#if PRINT_DEBUG - printf("test case %d failed at byte %d\n", i, j); - printf("computed: %s\n", octet_string_hex_string(buffer1, buflen)); - printf("expected: %s\n", octet_string_hex_string(buffer0, buflen)); -#endif - return err_status_algo_fail; - } - } - - printf("passed\n"); - - return err_status_ok; -} - - -/* - * The function cipher_test_throughput_array() tests the effect of CPU - * cache thrash on cipher throughput. - * - * cipher_array_alloc_init(ctype, array, num_ciphers) creates an array - * of cipher_t of type ctype - */ - -err_status_t -cipher_array_alloc_init(cipher_t ***ca, int num_ciphers, - cipher_type_t *ctype, int klen) { - int i, j; - err_status_t status; - uint8_t *key; - cipher_t **cipher_array; - - /* allocate array of pointers to ciphers */ - cipher_array = (cipher_t **) malloc(sizeof(cipher_t *) * num_ciphers); - if (cipher_array == NULL) - return err_status_alloc_fail; - - /* set ca to location of cipher_array */ - *ca = cipher_array; - - /* allocate key */ - key = crypto_alloc(klen); - if (key == NULL) { - free(cipher_array); - return err_status_alloc_fail; - } - - /* allocate and initialize an array of ciphers */ - for (i=0; i < num_ciphers; i++) { - - /* allocate cipher */ - status = cipher_type_alloc(ctype, cipher_array, klen); - if (status) - return status; - - /* generate random key and initialize cipher */ - for (j=0; j < klen; j++) - key[j] = (uint8_t) rand(); - status = cipher_init(*cipher_array, key, direction_encrypt); - if (status) - return status; - -/* printf("%dth cipher is at %p\n", i, *cipher_array); */ -/* printf("%dth cipher description: %s\n", i, */ -/* (*cipher_array)->type->description); */ - - /* advance cipher array pointer */ - cipher_array++; - } - - return err_status_ok; -} - -err_status_t -cipher_array_delete(cipher_t *cipher_array[], int num_cipher) { - int i; - - for (i=0; i < num_cipher; i++) { - cipher_dealloc(cipher_array[i]); - } - - free(cipher_array); - - return err_status_ok; -} - - -/* - * cipher_array_bits_per_second(c, l, t) computes (an estimate of) the - * number of bits that a cipher implementation can encrypt in a second - * when distinct keys are used to encrypt distinct messages - * - * c is a cipher (which MUST be allocated an initialized already), l - * is the length in octets of the test data to be encrypted, and t is - * the number of trials - * - * if an error is encountered, the value 0 is returned - */ - -uint64_t -cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher, - unsigned octets_in_buffer, int num_trials) { - int i; - v128_t nonce; - clock_t timer; - unsigned char *enc_buf; - int cipher_index = 0; - - - enc_buf = crypto_alloc(octets_in_buffer); - if (enc_buf == NULL) - return 0; /* indicate bad parameters by returning null */ - - /* time repeated trials */ - v128_set_to_zero(&nonce); - timer = clock(); - for(i=0; i < num_trials; i++, nonce.v32[3] = i) { - - /* choose a cipher at random from the array*/ - cipher_index = (*((uint32_t *)enc_buf)) % num_cipher; - - /* encrypt buffer with cipher */ - cipher_set_iv(cipher_array[cipher_index], &nonce); - cipher_encrypt(cipher_array[cipher_index], enc_buf, &octets_in_buffer); - } - timer = clock() - timer; - - free(enc_buf); - - if (timer == 0) { - /* Too fast! */ - return 0; - } - - return CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer; -} - -void -cipher_array_test_throughput(cipher_t *ca[], int num_cipher) { - int i; - int min_enc_len = 16; - int max_enc_len = 2048; /* should be a power of two */ - int num_trials = 10000; - - printf("timing %s throughput with array size %d:\n", - (ca[0])->type->description, num_cipher); - fflush(stdout); - for (i=min_enc_len; i <= max_enc_len; i = i * 4) - printf("msg len: %d\tgigabits per second: %f\n", i, - cipher_array_bits_per_second(ca, num_cipher, i, num_trials) / 1e9); - -} - -err_status_t -cipher_driver_test_array_throughput(cipher_type_t *ct, - int klen, int num_cipher) { - cipher_t **ca = NULL; - err_status_t status; - - status = cipher_array_alloc_init(&ca, num_cipher, ct, klen); - if (status) { - printf("error: cipher_array_alloc_init() failed with error code %d\n", - status); - return status; - } - - cipher_array_test_throughput(ca, num_cipher); - - cipher_array_delete(ca, num_cipher); - - return err_status_ok; -} diff --git a/crypto/test/datatypes_driver.c b/crypto/test/datatypes_driver.c deleted file mode 100644 index f186652..0000000 --- a/crypto/test/datatypes_driver.c +++ /dev/null @@ -1,237 +0,0 @@ -/* - * datatypes_driver.c - * - * a test driver for crypto/math datatypes - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include <stdio.h> /* for printf() */ -#include <string.h> /* for strlen() */ -#include "datatypes.h" - -void -byte_order(void); - -void -test_hex_string_funcs(void); - -void -print_string(char *s); - -void -test_bswap(void); - -int -main (void) { - - /* - * this program includes various and sundry tests for fundamental - * datatypes. it's a grab-bag of throwaway code, retained only in - * case of future problems - */ - - int i, j; - v128_t x; - char *r = - "The Moving Finger writes; and, having writ,\n" - "Moves on: nor all thy Piety nor Wit\n" - "Shall lure it back to cancel half a Line,\n" - "Nor all thy Tears wash out a Word of it."; - char *s = "incomplet"; - - print_string(r); - print_string(s); - - byte_order(); - test_hex_string_funcs(); - - for (j=0; j < 128; j++) { - v128_set_to_zero(&x); - /* x.v32[0] = (1 << j); */ - v128_set_bit(&x, j); - printf("%s\n", v128_bit_string(&x)); - v128_clear_bit(&x, j); - printf("%s\n", v128_bit_string(&x)); - - } - - printf("----------------------------------------------\n"); - v128_set_to_zero(&x); - for (i=0; i < 128; i++) { - v128_set_bit(&x, i); - } - printf("%s\n", v128_bit_string(&x)); - - printf("----------------------------------------------\n"); - v128_set_to_zero(&x); - v128_set_bit(&x, 0); - for (i=0; i < 128; i++) { - printf("%s\n", v128_bit_string(&x)); - v128_right_shift(&x, 1); - } - printf("----------------------------------------------\n"); - v128_set_to_zero(&x); - v128_set_bit(&x, 127); - for (i=0; i < 128; i++) { - printf("%s\n", v128_bit_string(&x)); - v128_left_shift(&x, 1); - } - printf("----------------------------------------------\n"); - for (i=0; i < 128; i++) { - v128_set_to_zero(&x); - v128_set_bit(&x, 127); - v128_left_shift(&x, i); - printf("%s\n", v128_bit_string(&x)); - } - printf("----------------------------------------------\n"); - v128_set_to_zero(&x); - for (i=0; i < 128; i+=2) { - v128_set_bit(&x, i); - } - printf("bit_string: { %s }\n", v128_bit_string(&x)); - printf("get_bit: { "); - for (i=0; i < 128; i++) { - if (v128_get_bit(&x, i) == 1) - printf("1"); - else - printf("0"); - } - printf(" } \n"); - - test_bswap(); - - return 0; -} - - -/* byte_order() prints out byte ordering of datatypes */ - -void -byte_order(void) { - int i; - v128_t e; -#if 0 - v16_t b; - v32_t c; - v64_t d; - - for (i=0; i < sizeof(b); i++) - b.octet[i] = i; - for (i=0; i < sizeof(c); i++) - c.octet[i] = i; - for (i=0; i < sizeof(d); i++) - d.octet[i] = i; - - printf("v128_t:\t%s\n", v128_hex_string(&e)); - printf("v64_t:\t%s\n", v64_hex_string(&d)); - printf("v32_t:\t%s\n", v32_hex_string(c)); - printf("v16_t:\t%s\n", v16_hex_string(b)); - - c.value = 0x01020304; - printf("v32_t:\t%s\n", v32_hex_string(c)); - b.value = 0x0102; - printf("v16_t:\t%s\n", v16_hex_string(b)); - - printf("uint16_t ordering:\n"); - - c.value = 0x00010002; - printf("v32_t:\t%x%x\n", c.v16[0], c.v16[1]); -#endif - - printf("byte ordering of crypto/math datatypes:\n"); - for (i=0; i < sizeof(e); i++) - e.v8[i] = i; - printf("v128_t: %s\n", v128_hex_string(&e)); - -} - -void -test_hex_string_funcs(void) { - char hex1[] = "abadcafe"; - char hex2[] = "0123456789abcdefqqqqq"; - char raw[10]; - int len; - - len = hex_string_to_octet_string(raw, hex1, strlen(hex1)); - printf("computed length: %d\tstring: %s\n", len, - octet_string_hex_string(raw, len/2)); - printf("expected length: %u\tstring: %s\n", (unsigned)strlen(hex1), hex1); - - len = hex_string_to_octet_string(raw, hex2, strlen(hex2)); - printf("computed length: %d\tstring: %s\n", len, - octet_string_hex_string(raw, len/2)); - printf("expected length: %d\tstring: %s\n", 16, "0123456789abcdef"); - -} - -void -print_string(char *s) { - int i; - printf("%s\n", s); - printf("strlen(s) = %u\n", (unsigned)strlen(s)); - printf("{ "); - for (i=0; i < strlen(s); i++) { - printf("0x%x, ", s[i]); - if (((i+1) % 8) == 0) - printf("\n "); - } - printf("}\n"); -} - -void -test_bswap(void) { - uint32_t x = 0x11223344; - uint64_t y = 0x1122334455667788LL; - - printf("before: %0x\nafter: %0x\n", x, be32_to_cpu(x)); - printf("before: %0llx\nafter: %0llx\n", (unsigned long long)y, - (unsigned long long)be64_to_cpu(y)); - - y = 1234; - - printf("1234: %0llx\n", (unsigned long long)y); - printf("as octet string: %s\n", - octet_string_hex_string((uint8_t *) &y, 8)); - y = be64_to_cpu(y); - printf("bswapped octet string: %s\n", - octet_string_hex_string((uint8_t *) &y, 8)); -} diff --git a/crypto/test/env.c b/crypto/test/env.c deleted file mode 100644 index 37a6e27..0000000 --- a/crypto/test/env.c +++ /dev/null @@ -1,99 +0,0 @@ -/* - * env.c - * - * prints out a brief report on the build environment - * - * David McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include <stdio.h> -#include <string.h> /* for srtcmp() */ -#include "config.h" - -int -main(void) { - int err_count = 0; - char *str; - -#ifdef WORDS_BIGENDIAN - printf("CPU set to big-endian\t\t\t(WORDS_BIGENDIAN == 1)\n"); -#else - printf("CPU set to little-endian\t\t(WORDS_BIGENDIAN == 0)\n"); -#endif - -#ifdef CPU_RISC - printf("CPU set to RISC\t\t\t\t(CPU_RISC == 1)\n"); -#elif defined(CPU_CISC) - printf("CPU set to CISC\t\t\t\t(CPU_CISC == 1)\n"); -#else - printf("CPU set to an unknown type, probably due to a configuration error\n"); - err_count++; -#endif - -#ifdef CPU_ALTIVEC - printf("CPU set to ALTIVEC\t\t\t\t(CPU_ALTIVEC == 0)\n"); -#endif - -#ifndef NO_64BIT_MATH - printf("using native 64-bit type\t\t(NO_64_BIT_MATH == 0)\n"); -#else - printf("using built-in 64-bit math\t\t(NO_64_BIT_MATH == 1)\n"); -#endif - -#ifdef ERR_REPORTING_STDOUT - printf("using stdout for error reporting\t(ERR_REPORTING_STDOUT == 1)\n"); -#endif - -#ifdef DEV_URANDOM - str = DEV_URANDOM; -#else - str = ""; -#endif - printf("using %s as a random source\t(DEV_URANDOM == %s)\n", - str, str); - if (strcmp("", str) == 0) { - err_count++; - } - - if (err_count) - printf("warning: configuration is probably in error " - "(found %d problems)\n", err_count); - - return err_count; -} diff --git a/crypto/test/kernel_driver.c b/crypto/test/kernel_driver.c deleted file mode 100644 index 8ef8a5f..0000000 --- a/crypto/test/kernel_driver.c +++ /dev/null @@ -1,126 +0,0 @@ -/* - * kernel_driver.c - * - * a test driver for the crypto_kernel - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright(c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include <stdio.h> /* for printf() */ -#include <unistd.h> /* for getopt() */ -#include "crypto_kernel.h" - -void -usage(char *prog_name) { - printf("usage: %s [ -v ][ -d debug_module ]*\n", prog_name); - exit(255); -} - -int -main (int argc, char *argv[]) { - extern char *optarg; - int q; - int do_validation = 0; - err_status_t status; - - if (argc == 1) - usage(argv[0]); - - /* initialize kernel - we need to do this before anything else */ - status = crypto_kernel_init(); - if (status) { - printf("error: crypto_kernel init failed\n"); - exit(1); - } - printf("crypto_kernel successfully initalized\n"); - - /* process input arguments */ - while (1) { - q = getopt(argc, argv, "vd:"); - if (q == -1) - break; - switch (q) { - case 'v': - do_validation = 1; - break; - case 'd': - status = crypto_kernel_set_debug_module(optarg, 1); - if (status) { - printf("error: set debug module (%s) failed\n", optarg); - exit(1); - } - break; - default: - usage(argv[0]); - } - } - - if (do_validation) { - printf("checking crypto_kernel status...\n"); - status = crypto_kernel_status(); - if (status) { - printf("failed\n"); - exit(1); - } - printf("crypto_kernel passed self-tests\n"); - } - - status = crypto_kernel_shutdown(); - if (status) { - printf("error: crypto_kernel shutdown failed\n"); - exit(1); - } - printf("crypto_kernel successfully shut down\n"); - - return 0; -} - -/* - * crypto_kernel_cipher_test() is a test of the cipher interface - * of the crypto_kernel - */ - -err_status_t -crypto_kernel_cipher_test(void) { - - /* not implemented yet! */ - - return err_status_ok; -} diff --git a/crypto/test/rand_gen.c b/crypto/test/rand_gen.c deleted file mode 100644 index ccea097..0000000 --- a/crypto/test/rand_gen.c +++ /dev/null @@ -1,140 +0,0 @@ -/* - * rand_gen.c - * - * a random source (random number generator) - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright(c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include <stdio.h> /* for printf() */ -#include <unistd.h> /* for getopt() */ -#include "crypto_kernel.h" - -/* - * MAX_PRINT_STRING_LEN is defined in datatypes.h, and is the length - * of the largest hexadecimal string that can be generated by the - * function octet_string_hex_string(). - */ - -#define BUF_LEN (MAX_PRINT_STRING_LEN/2) - -void -usage(char *prog_name) { - printf("usage: %s -n <num_bytes> [-l][ -d debug_module ]*\n" - " -n <num> output <num> random bytes, where <num>" - " is between zero and %d\n" - " -l list the avaliable debug modules\n" - " -d <mod> turn on debugging module <mod>\n", - prog_name, BUF_LEN); - exit(255); -} - -int -main (int argc, char *argv[]) { - extern char *optarg; - int q; - int num_octets = 0; - unsigned do_list_mods = 0; - err_status_t status; - - if (argc == 1) - usage(argv[0]); - - /* initialize kernel - we need to do this before anything else */ - status = crypto_kernel_init(); - if (status) { - printf("error: crypto_kernel init failed\n"); - exit(1); - } - - /* process input arguments */ - while (1) { - q = getopt(argc, argv, "ld:n:"); - if (q == -1) - break; - switch (q) { - case 'd': - status = crypto_kernel_set_debug_module(optarg, 1); - if (status) { - printf("error: set debug module (%s) failed\n", optarg); - exit(1); - } - break; - case 'l': - do_list_mods = 1; - break; - case 'n': - num_octets = atoi(optarg); - if (num_octets < 0 || num_octets > BUF_LEN) - usage(argv[0]); - break; - default: - usage(argv[0]); - } - } - - if (do_list_mods) { - status = crypto_kernel_list_debug_modules(); - if (status) { - printf("error: list of debug modules failed\n"); - exit(1); - } - } - - if (num_octets > 0) { - uint8_t buffer[BUF_LEN]; - - status = crypto_get_random(buffer, num_octets); - if (status) { - printf("error: failure in random source\n"); - } else { - printf("%s\n", octet_string_hex_string(buffer, num_octets)); - } - } - - status = crypto_kernel_shutdown(); - if (status) { - printf("error: crypto_kernel shutdown failed\n"); - exit(1); - } - - return 0; -} - diff --git a/crypto/test/sha1_driver.c b/crypto/test/sha1_driver.c deleted file mode 100644 index f7cb6ca..0000000 --- a/crypto/test/sha1_driver.c +++ /dev/null @@ -1,533 +0,0 @@ -/* - * sha1_driver.c - * - * a test driver for SHA-1 - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2006, Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include <stdio.h> -#include "sha1.h" - -#define SHA_PASS 0 -#define SHA_FAIL 1 - -#define MAX_HASH_DATA_LEN 1024 -#define MAX_HASH_OUT_LEN 20 - -typedef struct hash_test_case_t { - unsigned data_len; /* number of octets in data */ - unsigned hash_len; /* number of octets output by hash */ - uint8_t data[MAX_HASH_DATA_LEN]; /* message data */ - uint8_t hash[MAX_HASH_OUT_LEN]; /* expected hash output */ - struct hash_test_case_t *next_test_case; -} hash_test_case_t; - -hash_test_case_t *sha1_test_case_list; - -err_status_t -hash_test_case_add(hash_test_case_t **list_ptr, - char *hex_data, - unsigned data_len, - char *hex_hash, - unsigned hash_len) { - hash_test_case_t *list_head = *list_ptr; - hash_test_case_t *test_case; - unsigned tmp_len; - - test_case = malloc(sizeof(hash_test_case_t)); - if (test_case == NULL) - return err_status_alloc_fail; - - tmp_len = hex_string_to_octet_string((char *)test_case->data, hex_data, data_len*2); - if (tmp_len != data_len*2) - return err_status_parse_err; - - tmp_len = hex_string_to_octet_string((char *)test_case->hash, hex_hash, hash_len*2); - if (tmp_len != hash_len*2) - return err_status_parse_err; - - test_case->data_len = data_len; - test_case->hash_len = hash_len; - - /* add the new test case to the head of the list */ - test_case->next_test_case = list_head; - *list_ptr = test_case; - - return err_status_ok; -} - -err_status_t -sha1_test_case_validate(const hash_test_case_t *test_case) { - sha1_ctx_t ctx; - uint32_t hash_value[5]; - - if (test_case == NULL) - return err_status_bad_param; - - if (test_case->hash_len != 20) - return err_status_bad_param; - if (test_case->data_len > MAX_HASH_DATA_LEN) - return err_status_bad_param; - - sha1_init(&ctx); - sha1_update(&ctx, test_case->data, test_case->data_len); - sha1_final(&ctx, hash_value); - if (0 == memcmp(test_case->hash, hash_value, 20)) { -#if VERBOSE - printf("PASSED: reference value: %s\n", - octet_string_hex_string((uint8_t *)test_case->hash, 20)); - printf("PASSED: computed value: %s\n", - octet_string_hex_string((uint8_t *)hash_value, 20)); -#endif - return err_status_ok; - } - - printf("reference value: %s\n", - octet_string_hex_string((uint8_t *)test_case->hash, 20)); - printf("computed value: %s\n", - octet_string_hex_string((uint8_t *)hash_value, 20)); - - return err_status_algo_fail; - -} - -struct hex_sha1_test_case_t { - unsigned bit_len; - char hex_data[MAX_HASH_DATA_LEN*2]; - char hex_hash[40]; -}; - -err_status_t -sha1_add_test_cases() { - int i; - err_status_t err; - - /* - * these test cases are taken from the "SHA-1 Sample Vectors" - * provided by NIST at http://csrc.nist.gov/cryptval/shs.html - */ - - struct hex_sha1_test_case_t tc[] = { - { - 0, - "", - "da39a3ee5e6b4b0d3255bfef95601890afd80709" - }, - { - 8, - "a8", - "99f2aa95e36f95c2acb0eaf23998f030638f3f15" - }, - { - 16, - "3000", - "f944dcd635f9801f7ac90a407fbc479964dec024" - }, - { - 24, - "42749e", - "a444319e9b6cc1e8464c511ec0969c37d6bb2619" - }, - { - 32, - "9fc3fe08", - "16a0ff84fcc156fd5d3ca3a744f20a232d172253" - }, - { - 40, - "b5c1c6f1af", - "fec9deebfcdedaf66dda525e1be43597a73a1f93" - }, - { - 48, - "e47571e5022e", - "8ce051181f0ed5e9d0c498f6bc4caf448d20deb5" - }, - { - 56, - "3e1b28839fb758", - "67da53837d89e03bf652ef09c369a3415937cfd3" - }, - { - 64, - "a81350cbb224cb90", - "305e4ff9888ad855a78573cddf4c5640cce7e946" - }, - { - 72, "c243d167923dec3ce1", - "5902b77b3265f023f9bbc396ba1a93fa3509bde7" - }, - { - 80, - "50ac18c59d6a37a29bf4", - "fcade5f5d156bf6f9af97bdfa9c19bccfb4ff6ab" - }, - { - 88, - "98e2b611ad3b1cccf634f6", - "1d20fbe00533c10e3cbd6b27088a5de0c632c4b5" - }, - { - 96, - "73fe9afb68e1e8712e5d4eec", - "7e1b7e0f7a8f3455a9c03e9580fd63ae205a2d93" - }, - { - 104, - "9e701ed7d412a9226a2a130e66", - "706f0677146307b20bb0e8d6311e329966884d13" - }, - { - 112, - "6d3ee90413b0a7cbf69e5e6144ca", - "a7241a703aaf0d53fe142f86bf2e849251fa8dff" - }, - { - 120, - "fae24d56514efcb530fd4802f5e71f", - "400f53546916d33ad01a5e6df66822dfbdc4e9e6" - }, - { - 128, - "c5a22dd6eda3fe2bdc4ddb3ce6b35fd1", - "fac8ab93c1ae6c16f0311872b984f729dc928ccd" - }, - { - 136, - "d98cded2adabf08fda356445c781802d95", - "fba6d750c18da58f6e2aab10112b9a5ef3301b3b" - }, - { - 144, - "bcc6d7087a84f00103ccb32e5f5487a751a2", - "29d27c2d44c205c8107f0351b05753ac708226b6" - }, - { - 152, - "36ecacb1055434190dbbc556c48bafcb0feb0d", - "b971bfc1ebd6f359e8d74cb7ecfe7f898d0ba845" - }, - { - 160, - "5ff9edb69e8f6bbd498eb4537580b7fba7ad31d0", - "96d08c430094b9fcc164ad2fb6f72d0a24268f68" - }, - { - 168, "c95b441d8270822a46a798fae5defcf7b26abace36", - "a287ea752a593d5209e287881a09c49fa3f0beb1" - }, - { - 176, - "83104c1d8a55b28f906f1b72cb53f68cbb097b44f860", - "a06c713779cbd88519ed4a585ac0cb8a5e9d612b" - }, - { - 184, - "755175528d55c39c56493d697b790f099a5ce741f7754b", - "bff7d52c13a3688132a1d407b1ab40f5b5ace298" - }, - { - 192, - "088fc38128bbdb9fd7d65228b3184b3faac6c8715f07272f", - "c7566b91d7b6f56bdfcaa9781a7b6841aacb17e9" - }, - { - 200, - "a4a586eb9245a6c87e3adf1009ac8a49f46c07e14185016895", - "ffa30c0b5c550ea4b1e34f8a60ec9295a1e06ac1" - }, - { - 208, - "8e7c555270c006092c2a3189e2a526b873e2e269f0fb28245256", - "29e66ed23e914351e872aa761df6e4f1a07f4b81" - }, - { - 216, - "a5f3bfa6bb0ba3b59f6b9cbdef8a558ec565e8aa3121f405e7f2f0", - "b28cf5e5b806a01491d41f69bd9248765c5dc292" - }, - { - 224, - "589054f0d2bd3c2c85b466bfd8ce18e6ec3e0b87d944cd093ba36469", - "60224fb72c46069652cd78bcd08029ef64da62f3" - }, - { - 232, - "a0abb12083b5bbc78128601bf1cbdbc0fdf4b862b24d899953d8da0ff3", - "b72c4a86f72608f24c05f3b9088ef92fba431df7" - }, - { - 240, - "82143f4cea6fadbf998e128a8811dc75301cf1db4f079501ea568da68eeb", - "73779ad5d6b71b9b8328ef7220ff12eb167076ac" - }, - { - 248, - "9f1231dd6df1ff7bc0b0d4f989d048672683ce35d956d2f57913046267e6f3", - "a09671d4452d7cf50015c914a1e31973d20cc1a0" - }, - { - 256, - "041c512b5eed791f80d3282f3a28df263bb1df95e1239a7650e5670fc2187919", - "e88cdcd233d99184a6fd260b8fca1b7f7687aee0" - }, - { - 264, - "17e81f6ae8c2e5579d69dafa6e070e7111461552d314b691e7a3e7a4feb3fae418", - "010def22850deb1168d525e8c84c28116cb8a269" - }, - { - 272, - "d15976b23a1d712ad28fad04d805f572026b54dd64961fda94d5355a0cc98620cf77", - "aeaa40ba1717ed5439b1e6ea901b294ba500f9ad" - }, - { - 280, - "09fce4d434f6bd32a44e04b848ff50ec9f642a8a85b37a264dc73f130f22838443328f", - "c6433791238795e34f080a5f1f1723f065463ca0" - }, - { - 288, "f17af27d776ec82a257d8d46d2b46b639462c56984cc1be9c1222eadb8b26594a25c709d", - "e21e22b89c1bb944a32932e6b2a2f20d491982c3" - }, - { - 296, - "b13ce635d6f8758143ffb114f2f601cb20b6276951416a2f94fbf4ad081779d79f4f195b22", - "575323a9661f5d28387964d2ba6ab92c17d05a8a" - }, - { - 304, - "5498793f60916ff1c918dde572cdea76da8629ba4ead6d065de3dfb48de94d234cc1c5002910", - "feb44494af72f245bfe68e86c4d7986d57c11db7" - }, - { - 312, - "498a1e0b39fa49582ae688cd715c86fbaf8a81b8b11b4d1594c49c902d197c8ba8a621fd6e3be5", - "cff2290b3648ba2831b98dde436a72f9ebf51eee" - }, - { - 320, - "3a36ae71521f9af628b3e34dcb0d4513f84c78ee49f10416a98857150b8b15cb5c83afb4b570376e", - "9b4efe9d27b965905b0c3dab67b8d7c9ebacd56c" - }, - { - 328, - "dcc76b40ae0ea3ba253e92ac50fcde791662c5b6c948538cffc2d95e9de99cac34dfca38910db2678f", - "afedb0ff156205bcd831cbdbda43db8b0588c113" - }, - { - 336, - "5b5ec6ec4fd3ad9c4906f65c747fd4233c11a1736b6b228b92e90cddabb0c7c2fcf9716d3fad261dff33", - "8deb1e858f88293a5e5e4d521a34b2a4efa70fc4" - }, - { - 344, - "df48a37b29b1d6de4e94717d60cdb4293fcf170bba388bddf7a9035a15d433f20fd697c3e4c8b8c5f590ab", - "95cbdac0f74afa69cebd0e5c7defbc6faf0cbeaf" - }, - { - 352, - "1f179b3b82250a65e1b0aee949e218e2f45c7a8dbfd6ba08de05c55acfc226b48c68d7f7057e5675cd96fcfc", - "f0307bcb92842e5ae0cd4f4f14f3df7f877fbef2" - }, - { - 360, - "ee3d72da3a44d971578972a8e6780ce64941267e0f7d0179b214fa97855e1790e888e09fbe3a70412176cb3b54", - "7b13bb0dbf14964bd63b133ac85e22100542ef55" - }, - { - 368, - "d4d4c7843d312b30f610b3682254c8be96d5f6684503f8fbfbcd15774fc1b084d3741afb8d24aaa8ab9c104f7258", - "c314d2b6cf439be678d2a74e890d96cfac1c02ed" - }, - { - 376, - "32c094944f5936a190a0877fb9178a7bf60ceae36fd530671c5b38c5dbd5e6a6c0d615c2ac8ad04b213cc589541cf6", - "4d0be361e410b47a9d67d8ce0bb6a8e01c53c078" - }, - { - 384, - "e5d3180c14bf27a5409fa12b104a8fd7e9639609bfde6ee82bbf9648be2546d29688a65e2e3f3da47a45ac14343c9c02", - "e5353431ffae097f675cbf498869f6fbb6e1c9f2" - }, - { - 392, - "e7b6e4b69f724327e41e1188a37f4fe38b1dba19cbf5a7311d6e32f1038e97ab506ee05aebebc1eed09fc0e357109818b9", - "b8720a7068a085c018ab18961de2765aa6cd9ac4" - }, - { - 400, - "bc880cb83b8ac68ef2fedc2da95e7677ce2aa18b0e2d8b322701f67af7d5e7a0d96e9e33326ccb7747cfff0852b961bfd475", - "b0732181568543ba85f2b6da602b4b065d9931aa" - }, - { - 408, - "235ea9c2ba7af25400f2e98a47a291b0bccdaad63faa2475721fda5510cc7dad814bce8dabb611790a6abe56030b798b75c944", - "9c22674cf3222c3ba921672694aafee4ce67b96b" - }, - { - 416, - "07e3e29fed63104b8410f323b975fd9fba53f636af8c4e68a53fb202ca35dd9ee07cb169ec5186292e44c27e5696a967f5e67709", - "d128335f4cecca9066cdae08958ce656ff0b4cfc" - }, - { - 424, - "65d2a1dd60a517eb27bfbf530cf6a5458f9d5f4730058bd9814379547f34241822bf67e6335a6d8b5ed06abf8841884c636a25733f", - "0b67c57ac578de88a2ae055caeaec8bb9b0085a0" - }, - { - 432, - "dcc86b3bd461615bab739d8daafac231c0f462e819ad29f9f14058f3ab5b75941d4241ea2f17ebb8a458831b37a9b16dead4a76a9b0e", - "c766f912a89d4ccda88e0cce6a713ef5f178b596" - }, - { - 440, - "4627d54f0568dc126b62a8c35fb46a9ac5024400f2995e51635636e1afc4373dbb848eb32df23914230560b82477e9c3572647a7f2bb92", - "9aa3925a9dcb177b15ccff9b78e70cf344858779" - }, - { - 448, - "ba531affd4381168ef24d8b275a84d9254c7f5cc55fded53aa8024b2c5c5c8aa7146fe1d1b83d62b70467e9a2e2cb67b3361830adbab28d7", - "4811fa30042fc076acf37c8e2274d025307e5943" - }, - { - 456, - "8764dcbcf89dcf4282eb644e3d568bdccb4b13508bfa7bfe0ffc05efd1390be22109969262992d377691eb4f77f3d59ea8466a74abf57b2ef4", - "6743018450c9730761ee2b130df9b91c1e118150" - }, - { - 464, - "497d9df9ddb554f3d17870b1a31986c1be277bc44feff713544217a9f579623d18b5ffae306c25a45521d2759a72c0459b58957255ab592f3be4", - "71ad4a19d37d92a5e6ef3694ddbeb5aa61ada645" - }, - { - 472, - "72c3c2e065aefa8d9f7a65229e818176eef05da83f835107ba90ec2e95472e73e538f783b416c04654ba8909f26a12db6e5c4e376b7615e4a25819", - "a7d9dc68dacefb7d6116186048cb355cc548e11d" - }, - { - 480, - "7cc9894454d0055ab5069a33984e2f712bef7e3124960d33559f5f3b81906bb66fe64da13c153ca7f5cabc89667314c32c01036d12ecaf5f9a78de98", - "142e429f0522ba5abf5131fa81df82d355b96909" - }, - { - 488, - "74e8404d5a453c5f4d306f2cfa338ca65501c840ddab3fb82117933483afd6913c56aaf8a0a0a6b2a342fc3d9dc7599f4a850dfa15d06c61966d74ea59", - "ef72db70dcbcab991e9637976c6faf00d22caae9" - }, - { - 496, - "46fe5ed326c8fe376fcc92dc9e2714e2240d3253b105adfbb256ff7a19bc40975c604ad7c0071c4fd78a7cb64786e1bece548fa4833c04065fe593f6fb10", - "f220a7457f4588d639dc21407c942e9843f8e26b" - }, - { - 504, - "836dfa2524d621cf07c3d2908835de859e549d35030433c796b81272fd8bc0348e8ddbc7705a5ad1fdf2155b6bc48884ac0cd376925f069a37849c089c8645", - "ddd2117b6e309c233ede85f962a0c2fc215e5c69" - }, - { - 512, - "7e3a4c325cb9c52b88387f93d01ae86d42098f5efa7f9457388b5e74b6d28b2438d42d8b64703324d4aa25ab6aad153ae30cd2b2af4d5e5c00a8a2d0220c6116", - "a3054427cdb13f164a610b348702724c808a0dcc" - } - }; - - - for (i=0; i < 65; i++) { - err = hash_test_case_add(&sha1_test_case_list, - tc[i].hex_data, - tc[i].bit_len/8, - tc[i].hex_hash, 20); - if (err) { - printf("error adding hash test case (code %d)\n", err); - return err; - } - } - - return err_status_ok; -} - - -err_status_t -sha1_validate(void) { - hash_test_case_t *test_case; - err_status_t err; - - err = sha1_add_test_cases(); - if (err) { - printf("error adding SHA1 test cases (error code %d)\n", err); - return err; - } - - if (sha1_test_case_list == NULL) - return err_status_cant_check; - - test_case = sha1_test_case_list; - while (test_case != NULL) { - err = sha1_test_case_validate(test_case); - if (err) { - printf("error validating hash test case (error code %d)\n", err); - return err; - } - test_case = test_case->next_test_case; - } - - return err_status_ok; -} - - - -int -main (void) { - err_status_t err; - - printf("sha1 test driver\n"); - - err = sha1_validate(); - if (err) { - printf("SHA1 did not pass validation testing\n"); - return 1; - } - printf("SHA1 passed validation tests\n"); - - return 0; - -} diff --git a/crypto/test/stat_driver.c b/crypto/test/stat_driver.c deleted file mode 100644 index 09cc44a..0000000 --- a/crypto/test/stat_driver.c +++ /dev/null @@ -1,101 +0,0 @@ -/* - * stat-driver.c - * - * test driver for the stat_test functions - * - * David A. McGrew - * Cisco Systems, Inc. - */ - - -#include <stdio.h> /* for printf() */ - -#include "err.h" -#include "stat.h" - -#include "cipher.h" - -typedef struct { - void *state; -} random_source_t; - -err_status_t -random_source_alloc(void); - -void -err_check(err_status_t s) { - if (s) { - printf("error (code %d)\n", s); - exit(1); - } -} - -int -main (int argc, char *argv[]) { - uint8_t buffer[2500]; - unsigned int buf_len = 2500; - int i, j; - extern cipher_type_t aes_icm; - cipher_t *c; - uint8_t key[30] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 - }; - v128_t nonce; - int num_trials = 500; - int num_fail; - - printf("statistical tests driver\n"); - - for (i=0; i < 2500; i++) - buffer[i] = 0; - - /* run tests */ - printf("running stat_tests on all-null buffer, expecting failure\n"); - printf("monobit %d\n", stat_test_monobit(buffer)); - printf("poker %d\n", stat_test_poker(buffer)); - printf("runs %d\n", stat_test_runs(buffer)); - - for (i=0; i < 2500; i++) - buffer[i] = rand(); - printf("running stat_tests on rand(), expecting success\n"); - printf("monobit %d\n", stat_test_monobit(buffer)); - printf("poker %d\n", stat_test_poker(buffer)); - printf("runs %d\n", stat_test_runs(buffer)); - - printf("running stat_tests on AES-128-ICM, expecting success\n"); - /* set buffer to cipher output */ - for (i=0; i < 2500; i++) - buffer[i] = 0; - err_check(cipher_type_alloc(&aes_icm, &c, 30)); - err_check(cipher_init(c, key, direction_encrypt)); - err_check(cipher_set_iv(c, &nonce)); - err_check(cipher_encrypt(c, buffer, &buf_len)); - /* run tests on cipher outout */ - printf("monobit %d\n", stat_test_monobit(buffer)); - printf("poker %d\n", stat_test_poker(buffer)); - printf("runs %d\n", stat_test_runs(buffer)); - - printf("runs test (please be patient): "); - fflush(stdout); - num_fail = 0; - v128_set_to_zero(&nonce); - for(j=0; j < num_trials; j++) { - for (i=0; i < 2500; i++) - buffer[i] = 0; - nonce.v32[3] = i; - err_check(cipher_set_iv(c, &nonce)); - err_check(cipher_encrypt(c, buffer, &buf_len)); - if (stat_test_runs(buffer)) { - num_fail++; - } - } - - printf("%d failures in %d tests\n", num_fail, num_trials); - printf("(nota bene: a small fraction of stat_test failures does not \n" - "indicate that the random source is invalid)\n"); - - return 0; -} |