initial code for dumping imessages in a reasonable format
This commit is contained in:
Jeffrey Paul
@@ -0,0 +1,119 @@
|
||||
/* $OpenBSD: key_wrap.c,v 1.3 2011/01/11 15:42:05 deraadt Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/*
|
||||
* This code implements the AES Key Wrap algorithm described in RFC 3394.
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <string.h>
|
||||
|
||||
//haxs to compile on osx
|
||||
#include <CoreFoundation/CoreFoundation.h>
|
||||
#define timingsafe_bcmp bcmp
|
||||
#define ovbcopy bcopy
|
||||
#define explicit_bzero bzero
|
||||
#define htobe64 CFSwapInt64BigToHost
|
||||
#include "rijndael.h"
|
||||
#include "key_wrap.h"
|
||||
|
||||
|
||||
static const u_int8_t IV[8] =
|
||||
{ 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6 };
|
||||
|
||||
void
|
||||
aes_key_wrap_set_key(aes_key_wrap_ctx *ctx, const u_int8_t *K, size_t K_len)
|
||||
{
|
||||
rijndael_set_key(&ctx->ctx, K, K_len * NBBY);
|
||||
}
|
||||
|
||||
void
|
||||
aes_key_wrap_set_key_wrap_only(aes_key_wrap_ctx *ctx, const u_int8_t *K,
|
||||
size_t K_len)
|
||||
{
|
||||
rijndael_set_key_enc_only(&ctx->ctx, K, K_len * NBBY);
|
||||
}
|
||||
|
||||
void
|
||||
aes_key_wrap(aes_key_wrap_ctx *ctx, const u_int8_t *P, size_t n, u_int8_t *C)
|
||||
{
|
||||
u_int64_t B[2], t;
|
||||
u_int8_t *A, *R;
|
||||
size_t i;
|
||||
int j;
|
||||
|
||||
ovbcopy(P, C + 8, n * 8); /* P and C may overlap */
|
||||
A = C; /* A points to C[0] */
|
||||
memcpy(A, IV, 8); /* A = IV, an initial value */
|
||||
|
||||
for (j = 0, t = 1; j <= 5; j++) {
|
||||
R = C + 8;
|
||||
for (i = 1; i <= n; i++, t++) {
|
||||
/* B = A | R[i] */
|
||||
memcpy(&B[0], A, 8);
|
||||
memcpy(&B[1], R, 8);
|
||||
/* B = AES(K, B) */
|
||||
rijndael_encrypt(&ctx->ctx, (caddr_t)B, (caddr_t)B);
|
||||
/* MSB(64, B) = MSB(64, B) ^ t */
|
||||
B[0] ^= htobe64(t);
|
||||
/* A = MSB(64, B) */
|
||||
memcpy(A, &B[0], 8);
|
||||
/* R[i] = LSB(64, B) */
|
||||
memcpy(R, &B[1], 8);
|
||||
|
||||
R += 8;
|
||||
}
|
||||
}
|
||||
explicit_bzero(B, sizeof B);
|
||||
}
|
||||
|
||||
int
|
||||
aes_key_unwrap(aes_key_wrap_ctx *ctx, const u_int8_t *C, u_int8_t *P, size_t n)
|
||||
{
|
||||
u_int64_t B[2], t;
|
||||
u_int8_t A[8], *R;
|
||||
size_t i;
|
||||
int j;
|
||||
|
||||
memcpy(A, C, 8); /* A = C[0] */
|
||||
ovbcopy(C + 8, P, n * 8); /* P and C may overlap */
|
||||
|
||||
for (j = 5, t = 6 * n; j >= 0; j--) {
|
||||
R = P + (n - 1) * 8;
|
||||
for (i = n; i >= 1; i--, t--) {
|
||||
/* MSB(64, B) = A */
|
||||
memcpy(&B[0], A, 8);
|
||||
/* MSB(64, B) = MSB(64, B) ^ t */
|
||||
B[0] ^= htobe64(t);
|
||||
/* B = MSB(64, B) | R[i] */
|
||||
memcpy(&B[1], R, 8);
|
||||
/* B = AES-1(K, B) */
|
||||
rijndael_decrypt(&ctx->ctx, (caddr_t)B, (caddr_t)B);
|
||||
/* A = MSB(64, B) */
|
||||
memcpy(A, &B[0], 8);
|
||||
/* R[i] = LSB(64, B) */
|
||||
memcpy(R, &B[1], 8);
|
||||
|
||||
R -= 8;
|
||||
}
|
||||
}
|
||||
explicit_bzero(B, sizeof B);
|
||||
|
||||
/* check that A is an appropriate initial value */
|
||||
return timingsafe_bcmp(A, IV, 8) != 0;
|
||||
}
|
||||
@@ -0,0 +1,40 @@
|
||||
/* $OpenBSD: key_wrap.h,v 1.1 2008/08/12 15:43:00 damien Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#ifndef _KEY_WRAP_H_
|
||||
#define _KEY_WRAP_H_
|
||||
|
||||
typedef unsigned char u_int8_t;
|
||||
|
||||
typedef struct _aes_key_wrap_ctx {
|
||||
rijndael_ctx ctx;
|
||||
} aes_key_wrap_ctx;
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
void aes_key_wrap_set_key(aes_key_wrap_ctx *, const u_int8_t *, size_t);
|
||||
void aes_key_wrap_set_key_wrap_only(aes_key_wrap_ctx *, const u_int8_t *,
|
||||
size_t);
|
||||
void aes_key_wrap(aes_key_wrap_ctx *, const u_int8_t *, size_t, u_int8_t *);
|
||||
int aes_key_unwrap(aes_key_wrap_ctx *, const u_int8_t *, u_int8_t *,
|
||||
size_t);
|
||||
__END_DECLS
|
||||
|
||||
#endif /* _KEY_WRAP_H_ */
|
||||
@@ -0,0 +1,253 @@
|
||||
/* $OpenBSD: pbkdf2.c,v 1.1 2008/06/14 06:28:27 djm Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <limits.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include "sha1.h"
|
||||
|
||||
#include "pbkdf2.h"
|
||||
|
||||
/* #define PBKDF2_MAIN */
|
||||
|
||||
/*
|
||||
* HMAC-SHA-1 (from RFC 2202).
|
||||
*/
|
||||
static void
|
||||
hmac_sha1(const u_int8_t *text, size_t text_len, const u_int8_t *key,
|
||||
size_t key_len, u_int8_t digest[SHA1_DIGEST_LENGTH])
|
||||
{
|
||||
SHA1_CTX ctx;
|
||||
u_int8_t k_pad[SHA1_BLOCK_LENGTH];
|
||||
u_int8_t tk[SHA1_DIGEST_LENGTH];
|
||||
int i;
|
||||
|
||||
if (key_len > SHA1_BLOCK_LENGTH) {
|
||||
SHA1Init(&ctx);
|
||||
SHA1Update(&ctx, key, key_len);
|
||||
SHA1Final(tk, &ctx);
|
||||
|
||||
key = tk;
|
||||
key_len = SHA1_DIGEST_LENGTH;
|
||||
}
|
||||
|
||||
bzero(k_pad, sizeof k_pad);
|
||||
bcopy(key, k_pad, key_len);
|
||||
for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
|
||||
k_pad[i] ^= 0x36;
|
||||
|
||||
SHA1Init(&ctx);
|
||||
SHA1Update(&ctx, k_pad, SHA1_BLOCK_LENGTH);
|
||||
SHA1Update(&ctx, text, text_len);
|
||||
SHA1Final(digest, &ctx);
|
||||
|
||||
bzero(k_pad, sizeof k_pad);
|
||||
bcopy(key, k_pad, key_len);
|
||||
for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
|
||||
k_pad[i] ^= 0x5c;
|
||||
|
||||
SHA1Init(&ctx);
|
||||
SHA1Update(&ctx, k_pad, SHA1_BLOCK_LENGTH);
|
||||
SHA1Update(&ctx, digest, SHA1_DIGEST_LENGTH);
|
||||
SHA1Final(digest, &ctx);
|
||||
}
|
||||
|
||||
/*
|
||||
* Password-Based Key Derivation Function 2 (PKCS #5 v2.0).
|
||||
* Code based on IEEE Std 802.11-2007, Annex H.4.2.
|
||||
*/
|
||||
int
|
||||
pkcs5_pbkdf2(const char *pass, size_t pass_len, const char *salt, size_t salt_len,
|
||||
u_int8_t *key, size_t key_len, u_int rounds)
|
||||
{
|
||||
u_int8_t *asalt, obuf[SHA1_DIGEST_LENGTH];
|
||||
u_int8_t d1[SHA1_DIGEST_LENGTH], d2[SHA1_DIGEST_LENGTH];
|
||||
u_int i, j;
|
||||
u_int count;
|
||||
size_t r;
|
||||
|
||||
if (rounds < 1 || key_len == 0)
|
||||
return -1;
|
||||
if (salt_len == 0 || salt_len > SIZE_MAX - 1)
|
||||
return -1;
|
||||
if ((asalt = malloc(salt_len + 4)) == NULL)
|
||||
return -1;
|
||||
|
||||
memcpy(asalt, salt, salt_len);
|
||||
|
||||
for (count = 1; key_len > 0; count++) {
|
||||
asalt[salt_len + 0] = (count >> 24) & 0xff;
|
||||
asalt[salt_len + 1] = (count >> 16) & 0xff;
|
||||
asalt[salt_len + 2] = (count >> 8) & 0xff;
|
||||
asalt[salt_len + 3] = count & 0xff;
|
||||
hmac_sha1(asalt, salt_len + 4, pass, pass_len, d1);
|
||||
memcpy(obuf, d1, sizeof(obuf));
|
||||
|
||||
for (i = 1; i < rounds; i++) {
|
||||
hmac_sha1(d1, sizeof(d1), pass, pass_len, d2);
|
||||
memcpy(d1, d2, sizeof(d1));
|
||||
for (j = 0; j < sizeof(obuf); j++)
|
||||
obuf[j] ^= d1[j];
|
||||
}
|
||||
|
||||
r = MIN(key_len, SHA1_DIGEST_LENGTH);
|
||||
memcpy(key, obuf, r);
|
||||
key += r;
|
||||
key_len -= r;
|
||||
};
|
||||
bzero(asalt, salt_len + 4);
|
||||
free(asalt);
|
||||
bzero(d1, sizeof(d1));
|
||||
bzero(d2, sizeof(d2));
|
||||
bzero(obuf, sizeof(obuf));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef PBKDF2_MAIN
|
||||
struct test_vector {
|
||||
u_int rounds;
|
||||
const char *pass;
|
||||
const char *salt;
|
||||
const char expected[32];
|
||||
};
|
||||
|
||||
/*
|
||||
* Test vectors from RFC 3962
|
||||
*/
|
||||
struct test_vector test_vectors[] = {
|
||||
{
|
||||
1,
|
||||
"password",
|
||||
"ATHENA.MIT.EDUraeburn",
|
||||
{
|
||||
0xcd, 0xed, 0xb5, 0x28, 0x1b, 0xb2, 0xf8, 0x01,
|
||||
0x56, 0x5a, 0x11, 0x22, 0xb2, 0x56, 0x35, 0x15,
|
||||
0x0a, 0xd1, 0xf7, 0xa0, 0x4b, 0xb9, 0xf3, 0xa3,
|
||||
0x33, 0xec, 0xc0, 0xe2, 0xe1, 0xf7, 0x08, 0x37
|
||||
},
|
||||
}, {
|
||||
2,
|
||||
"password",
|
||||
"ATHENA.MIT.EDUraeburn",
|
||||
{
|
||||
0x01, 0xdb, 0xee, 0x7f, 0x4a, 0x9e, 0x24, 0x3e,
|
||||
0x98, 0x8b, 0x62, 0xc7, 0x3c, 0xda, 0x93, 0x5d,
|
||||
0xa0, 0x53, 0x78, 0xb9, 0x32, 0x44, 0xec, 0x8f,
|
||||
0x48, 0xa9, 0x9e, 0x61, 0xad, 0x79, 0x9d, 0x86
|
||||
},
|
||||
}, {
|
||||
1200,
|
||||
"password",
|
||||
"ATHENA.MIT.EDUraeburn",
|
||||
{
|
||||
0x5c, 0x08, 0xeb, 0x61, 0xfd, 0xf7, 0x1e, 0x4e,
|
||||
0x4e, 0xc3, 0xcf, 0x6b, 0xa1, 0xf5, 0x51, 0x2b,
|
||||
0xa7, 0xe5, 0x2d, 0xdb, 0xc5, 0xe5, 0x14, 0x2f,
|
||||
0x70, 0x8a, 0x31, 0xe2, 0xe6, 0x2b, 0x1e, 0x13
|
||||
},
|
||||
}, {
|
||||
5,
|
||||
"password",
|
||||
"\0224VxxV4\022", /* 0x1234567878563412 */
|
||||
{
|
||||
0xd1, 0xda, 0xa7, 0x86, 0x15, 0xf2, 0x87, 0xe6,
|
||||
0xa1, 0xc8, 0xb1, 0x20, 0xd7, 0x06, 0x2a, 0x49,
|
||||
0x3f, 0x98, 0xd2, 0x03, 0xe6, 0xbe, 0x49, 0xa6,
|
||||
0xad, 0xf4, 0xfa, 0x57, 0x4b, 0x6e, 0x64, 0xee
|
||||
},
|
||||
}, {
|
||||
1200,
|
||||
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
|
||||
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
|
||||
"pass phrase equals block size",
|
||||
{
|
||||
0x13, 0x9c, 0x30, 0xc0, 0x96, 0x6b, 0xc3, 0x2b,
|
||||
0xa5, 0x5f, 0xdb, 0xf2, 0x12, 0x53, 0x0a, 0xc9,
|
||||
0xc5, 0xec, 0x59, 0xf1, 0xa4, 0x52, 0xf5, 0xcc,
|
||||
0x9a, 0xd9, 0x40, 0xfe, 0xa0, 0x59, 0x8e, 0xd1
|
||||
},
|
||||
}, {
|
||||
1200,
|
||||
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
|
||||
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
|
||||
"pass phrase exceeds block size",
|
||||
{
|
||||
0x9c, 0xca, 0xd6, 0xd4, 0x68, 0x77, 0x0c, 0xd5,
|
||||
0x1b, 0x10, 0xe6, 0xa6, 0x87, 0x21, 0xbe, 0x61,
|
||||
0x1a, 0x8b, 0x4d, 0x28, 0x26, 0x01, 0xdb, 0x3b,
|
||||
0x36, 0xbe, 0x92, 0x46, 0x91, 0x5e, 0xc8, 0x2a
|
||||
},
|
||||
}, {
|
||||
50,
|
||||
"\360\235\204\236", /* g-clef (0xf09d849e) */
|
||||
"EXAMPLE.COMpianist",
|
||||
{
|
||||
0x6b, 0x9c, 0xf2, 0x6d, 0x45, 0x45, 0x5a, 0x43,
|
||||
0xa5, 0xb8, 0xbb, 0x27, 0x6a, 0x40, 0x3b, 0x39,
|
||||
0xe7, 0xfe, 0x37, 0xa0, 0xc4, 0x1e, 0x02, 0xc2,
|
||||
0x81, 0xff, 0x30, 0x69, 0xe1, 0xe9, 0x4f, 0x52
|
||||
},
|
||||
}
|
||||
};
|
||||
#define NVECS (sizeof(test_vectors) / sizeof(*test_vectors))
|
||||
|
||||
#include <stdio.h>
|
||||
#include <err.h>
|
||||
|
||||
static void
|
||||
printhex(const char *s, const u_int8_t *buf, size_t len)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
printf("%s: ", s);
|
||||
for (i = 0; i < len; i++)
|
||||
printf("%02x", buf[i]);
|
||||
printf("\n");
|
||||
fflush(stdout);
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
u_int i, j;
|
||||
u_char result[32];
|
||||
struct test_vector *vec;
|
||||
|
||||
for (i = 0; i < NVECS; i++) {
|
||||
vec = &test_vectors[i];
|
||||
printf("vector %u\n", i);
|
||||
for (j = 1; j < sizeof(result); j += 3) {
|
||||
if (pkcs5_pbkdf2(vec->pass, strlen(vec->pass),
|
||||
vec->salt, strlen(vec->salt),
|
||||
result, j, vec->rounds) != 0)
|
||||
errx(1, "pbkdf2 failed");
|
||||
if (memcmp(result, vec->expected, j) != 0) {
|
||||
printhex(" got", result, j);
|
||||
printhex("want", vec->expected, j);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
#endif /* PBKDF2_MAIN */
|
||||
@@ -0,0 +1,24 @@
|
||||
/* $OpenBSD: pbkdf2.h,v 1.1 2008/06/14 06:28:27 djm Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Password-Based Key Derivation Function 2 (PKCS #5 v2.0).
|
||||
* Code based on IEEE Std 802.11-2007, Annex H.4.2.
|
||||
*/
|
||||
int pkcs5_pbkdf2(const char *, size_t, const char *, size_t,
|
||||
u_int8_t *, size_t, u_int);
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,59 @@
|
||||
/* $OpenBSD: rijndael.h,v 1.13 2008/06/09 07:49:45 djm Exp $ */
|
||||
|
||||
/**
|
||||
* rijndael-alg-fst.h
|
||||
*
|
||||
* @version 3.0 (December 2000)
|
||||
*
|
||||
* Optimised ANSI C code for the Rijndael cipher (now AES)
|
||||
*
|
||||
* @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
|
||||
* @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
|
||||
* @author Paulo Barreto <paulo.barreto@terra.com.br>
|
||||
*
|
||||
* This code is hereby placed in the public domain.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
|
||||
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
|
||||
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
||||
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
||||
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
|
||||
* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#ifndef __RIJNDAEL_H
|
||||
#define __RIJNDAEL_H
|
||||
|
||||
#define AES_MAXKEYBITS (256)
|
||||
#define AES_MAXKEYBYTES (AES_MAXKEYBITS/8)
|
||||
/* for 256-bit keys, fewer for less */
|
||||
#define AES_MAXROUNDS 14
|
||||
|
||||
typedef unsigned char u_char;
|
||||
typedef unsigned char u8;
|
||||
typedef unsigned short u16;
|
||||
typedef unsigned int u32;
|
||||
|
||||
/* The structure for key information */
|
||||
typedef struct {
|
||||
int enc_only; /* context contains only encrypt schedule */
|
||||
int Nr; /* key-length-dependent number of rounds */
|
||||
u32 ek[4*(AES_MAXROUNDS + 1)]; /* encrypt key schedule */
|
||||
u32 dk[4*(AES_MAXROUNDS + 1)]; /* decrypt key schedule */
|
||||
} rijndael_ctx;
|
||||
|
||||
int rijndael_set_key(rijndael_ctx *, const u_char *, int);
|
||||
int rijndael_set_key_enc_only(rijndael_ctx *, const u_char *, int);
|
||||
void rijndael_decrypt(rijndael_ctx *, const u_char *, u_char *);
|
||||
void rijndael_encrypt(rijndael_ctx *, const u_char *, u_char *);
|
||||
|
||||
int rijndaelKeySetupEnc(unsigned int [], const unsigned char [], int);
|
||||
int rijndaelKeySetupDec(unsigned int [], const unsigned char [], int);
|
||||
void rijndaelEncrypt(const unsigned int [], int, const unsigned char [],
|
||||
unsigned char []);
|
||||
|
||||
#endif /* __RIJNDAEL_H */
|
||||
@@ -0,0 +1,178 @@
|
||||
/* $OpenBSD: sha1.c,v 1.9 2011/01/11 15:50:40 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* SHA-1 in C
|
||||
* By Steve Reid <steve@edmweb.com>
|
||||
* 100% Public Domain
|
||||
*
|
||||
* Test Vectors (from FIPS PUB 180-1)
|
||||
* "abc"
|
||||
* A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
|
||||
* "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
|
||||
* 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
|
||||
* A million repetitions of "a"
|
||||
* 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
|
||||
*/
|
||||
|
||||
/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
|
||||
/* #define SHA1HANDSOFF * Copies data before messing with it. */
|
||||
|
||||
#define SHA1HANDSOFF
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "sha1.h"
|
||||
|
||||
#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
|
||||
|
||||
/* blk0() and blk() perform the initial expand. */
|
||||
/* I got the idea of expanding during the round function from SSLeay */
|
||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||
#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
|
||||
|(rol(block->l[i],8)&0x00FF00FF))
|
||||
#else
|
||||
#define blk0(i) block->l[i]
|
||||
#endif
|
||||
#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
|
||||
^block->l[(i+2)&15]^block->l[i&15],1))
|
||||
|
||||
/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
|
||||
#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
|
||||
#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
|
||||
#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
|
||||
#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
|
||||
#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
|
||||
|
||||
/* Hash a single 512-bit block. This is the core of the algorithm. */
|
||||
|
||||
void
|
||||
SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH])
|
||||
{
|
||||
u_int32_t a, b, c, d, e;
|
||||
typedef union {
|
||||
unsigned char c[64];
|
||||
unsigned int l[16];
|
||||
} CHAR64LONG16;
|
||||
CHAR64LONG16* block;
|
||||
#ifdef SHA1HANDSOFF
|
||||
unsigned char workspace[SHA1_BLOCK_LENGTH];
|
||||
|
||||
block = (CHAR64LONG16 *)workspace;
|
||||
bcopy(buffer, block, SHA1_BLOCK_LENGTH);
|
||||
#else
|
||||
block = (CHAR64LONG16 *)buffer;
|
||||
#endif
|
||||
/* Copy context->state[] to working vars */
|
||||
a = state[0];
|
||||
b = state[1];
|
||||
c = state[2];
|
||||
d = state[3];
|
||||
e = state[4];
|
||||
|
||||
/* 4 rounds of 20 operations each. Loop unrolled. */
|
||||
R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
|
||||
R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
|
||||
R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
|
||||
R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
|
||||
R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
|
||||
R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
|
||||
R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
|
||||
R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
|
||||
R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
|
||||
R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
|
||||
R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
|
||||
R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
|
||||
R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
|
||||
R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
|
||||
R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
|
||||
R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
|
||||
R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
|
||||
R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
|
||||
R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
|
||||
R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
|
||||
|
||||
/* Add the working vars back into context.state[] */
|
||||
state[0] += a;
|
||||
state[1] += b;
|
||||
state[2] += c;
|
||||
state[3] += d;
|
||||
state[4] += e;
|
||||
/* Wipe variables */
|
||||
a = b = c = d = e = 0;
|
||||
}
|
||||
|
||||
|
||||
/* SHA1Init - Initialize new context */
|
||||
|
||||
void
|
||||
SHA1Init(SHA1_CTX *context)
|
||||
{
|
||||
/* SHA1 initialization constants */
|
||||
context->count = 0;
|
||||
context->state[0] = 0x67452301;
|
||||
context->state[1] = 0xEFCDAB89;
|
||||
context->state[2] = 0x98BADCFE;
|
||||
context->state[3] = 0x10325476;
|
||||
context->state[4] = 0xC3D2E1F0;
|
||||
}
|
||||
|
||||
|
||||
/* Run your data through this. */
|
||||
|
||||
void
|
||||
SHA1Update(SHA1_CTX *context, const unsigned char *data, unsigned int len)
|
||||
{
|
||||
unsigned int i;
|
||||
unsigned int j;
|
||||
|
||||
j = (u_int32_t)((context->count >> 3) & 63);
|
||||
context->count += (len << 3);
|
||||
if ((j + len) > 63) {
|
||||
bcopy(data, &context->buffer[j], (i = 64 - j));
|
||||
SHA1Transform(context->state, context->buffer);
|
||||
for ( ; i + 63 < len; i += 64) {
|
||||
SHA1Transform(context->state, &data[i]);
|
||||
}
|
||||
j = 0;
|
||||
}
|
||||
else i = 0;
|
||||
bcopy(&data[i], &context->buffer[j], len - i);
|
||||
}
|
||||
|
||||
|
||||
/* Add padding and return the message digest. */
|
||||
|
||||
void
|
||||
SHA1Final(unsigned char digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)
|
||||
{
|
||||
unsigned int i;
|
||||
unsigned char finalcount[8];
|
||||
|
||||
for (i = 0; i < 8; i++) {
|
||||
finalcount[i] = (unsigned char)((context->count >>
|
||||
((7 - (i & 7)) * 8)) & 255); /* Endian independent */
|
||||
}
|
||||
SHA1Update(context, (unsigned char *)"\200", 1);
|
||||
while ((context->count & 504) != 448) {
|
||||
SHA1Update(context, (unsigned char *)"\0", 1);
|
||||
}
|
||||
SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
|
||||
|
||||
if (digest)
|
||||
for (i = 0; i < SHA1_DIGEST_LENGTH; i++) {
|
||||
digest[i] = (unsigned char)((context->state[i >> 2] >>
|
||||
((3 - (i & 3)) * 8)) & 255);
|
||||
}
|
||||
bzero(&finalcount, 8);
|
||||
#if 0 /* We want to use this for "keyfill" */
|
||||
/* Wipe variables */
|
||||
i = 0;
|
||||
bzero(context->buffer, 64);
|
||||
bzero(context->state, 20);
|
||||
bzero(context->count, 8);
|
||||
#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite its own static vars */
|
||||
SHA1Transform(context->state, context->buffer);
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
@@ -0,0 +1,26 @@
|
||||
/* $OpenBSD: sha1.h,v 1.5 2007/09/10 22:19:42 henric Exp $ */
|
||||
|
||||
/*
|
||||
* SHA-1 in C
|
||||
* By Steve Reid <steve@edmweb.com>
|
||||
* 100% Public Domain
|
||||
*/
|
||||
|
||||
#ifndef _SHA1_H_
|
||||
#define _SHA1_H_
|
||||
|
||||
#define SHA1_BLOCK_LENGTH 64
|
||||
#define SHA1_DIGEST_LENGTH 20
|
||||
|
||||
typedef struct {
|
||||
u_int32_t state[5];
|
||||
u_int64_t count;
|
||||
unsigned char buffer[SHA1_BLOCK_LENGTH];
|
||||
} SHA1_CTX;
|
||||
|
||||
void SHA1Init(SHA1_CTX * context);
|
||||
void SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH]);
|
||||
void SHA1Update(SHA1_CTX *context, const unsigned char *data, unsigned int len);
|
||||
void SHA1Final(unsigned char digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context);
|
||||
|
||||
#endif /* _SHA1_H_ */
|
||||
Reference in New Issue
Block a user