Commit 2a477937 authored by bg's avatar bg

forgotten file (a lot of them)

parent e69f1207
/* camellia.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef CAMELLIA_H_
#define CAMELLIA_H_
#include <stdint.h>
typedef struct camellia128_ctx_s{
uint64_t klr;
uint64_t kll;
uint64_t kar;
uint64_t kal;
}camellia128_ctx_t;
void camellia128_init(const void* key, camellia128_ctx_t* s);
void camellia128_enc(void* block, const camellia128_ctx_t* s);
void camellia128_dec(void* block, const camellia128_ctx_t* s);
#endif /*CAMELLIA_H_*/
This diff is collapsed.
/* dsa.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef DSA_H_
#define DSA_H_
#include <stdint.h>
#include "hfal-basic.h"
#include "bigint.h"
typedef struct{
bigint_t p;
bigint_t q;
bigint_t g;
} dsa_domainparameters_t;
typedef bigint_t dsa_pubkey_t;
typedef bigint_t dsa_privkey_t;
typedef struct{
bigint_t r;
bigint_t s;
} dsa_signature_t;
typedef struct{
dsa_privkey_t priv;
dsa_pubkey_t pub;
dsa_domainparameters_t domain;
} dsa_ctx_t;
#define DSA_SIGNATURE_OK 1
#define DSA_SIGNATURE_FAIL 0
uint8_t dsa_sign_bigint(dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx, const bigint_t* k);
uint8_t dsa_sign_message(dsa_signature_t* s, const void* m, uint16_t m_len_b,
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx,
uint8_t(*rand_in)(void));
uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx);
uint8_t dsa_verify_message(const dsa_signature_t* s, const void* m, uint16_t m_len_b,
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx);
#endif /* DSA_H_ */
This diff is collapsed.
/* dsa_key_blob.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef DSA_KEY_BLOB_H_
#define DSA_KEY_BLOB_H_
void load_dsa_key_blob(dsa_ctx_t* ctx);
#endif /* DSA_KEY_BLOB_H_ */
/* dsa_sign.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <string.h>
#include "bigint.h"
#include "dsa.h"
#include "hashfunction_descriptor.h"
#include "hfal-basic.h"
#define MAX(a,b) (((a)>(b))?(a):(b))
uint8_t dsa_sign_bigint(dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx, const bigint_t* k){
bigint_t tmp, tmp2;
bigint_word_t tmp_b[ctx->domain.p.length_W+5], tmp2_b[ctx->domain.q.length_W+5];
tmp.wordv= tmp_b;
tmp2.wordv = tmp2_b;
bigint_expmod_u(&tmp, &(ctx->domain.g), k, &(ctx->domain.p));
bigint_reduce(&tmp, &(ctx->domain.q));
bigint_copy(&(s->r), &tmp);
bigint_mul_u(&tmp, &tmp, &(ctx->priv));
bigint_add_u(&tmp, &tmp, m);
bigint_inverse(&tmp2, k, &(ctx->domain.q));
bigint_mul_u(&tmp, &tmp, &tmp2);
bigint_reduce(&tmp, &(ctx->domain.q));
bigint_copy(&(s->s), &tmp);
if(s->s.length_W==0 || s->r.length_W==0){
return 1;
}
return 0;
}
uint8_t dsa_sign_message(dsa_signature_t* s, const void* m, uint16_t m_len_b,
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx,
uint8_t(*rand_in)(void)){
bigint_t z, k;
uint16_t i, n_B = ctx->domain.q.length_W;
unsigned hash_length = MAX(n_B,(hfal_hash_getHashsize(hash_desc)+sizeof(bigint_word_t)*8-1)/(sizeof(bigint_word_t)*8));
bigint_word_t hash_value[hash_length];
bigint_word_t k_b[n_B];
memset(hash_value, 0, hash_length*sizeof(bigint_word_t));
hfal_hash_mem(hash_desc, hash_value, m, m_len_b);
z.wordv = hash_value;
z.length_W = n_B;
bigint_changeendianess(&z);
k.wordv = k_b;
k.length_W = n_B;
do{
for(i=0; i<n_B*sizeof(bigint_word_t); ++i){
((uint8_t*)k_b)[i] = rand_in();
}
k.length_W = n_B;
bigint_adjust(&k);
}while(dsa_sign_bigint(s, &z, ctx, &k));
return 0;
}
/* dsa_verify.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <string.h>
#include "bigint.h"
#include "dsa.h"
#include "hfal-basic.h"
uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx){
if(s->r.length_W==0 || s->s.length_W==0){
return DSA_SIGNATURE_FAIL;
}
if(bigint_cmp_u(&(s->r), &(ctx->domain.q))>=0 || bigint_cmp_u(&(s->s), &(ctx->domain.q))>=0){
return DSA_SIGNATURE_FAIL;
}
bigint_t w, u1, u2, v1, v2;
bigint_word_t w_b[ctx->domain.q.length_W], u1_b[ctx->domain.q.length_W*2], u2_b[ctx->domain.q.length_W*2];
bigint_word_t v1_b[ctx->domain.p.length_W*2], v2_b[ctx->domain.p.length_W];
w.wordv = w_b;
u1.wordv = u1_b;
u2.wordv = u2_b;
v1.wordv = v1_b;
v2.wordv = v2_b;
bigint_inverse(&w, &(s->s), &(ctx->domain.q));
bigint_mul_u(&u1, &w, m);
bigint_reduce(&u1, &(ctx->domain.q));
bigint_mul_u(&u2, &w, &(s->r));
bigint_reduce(&u2, &(ctx->domain.q));
bigint_expmod_u(&v1, &(ctx->domain.g), &u1, &(ctx->domain.p));
bigint_expmod_u(&v2, &(ctx->pub), &u2, &(ctx->domain.p));
bigint_mul_u(&v1, &v1, &v2);
bigint_reduce(&v1, &(ctx->domain.p));
bigint_reduce(&v1, &(ctx->domain.q));
if(bigint_cmp_u(&v1, &(s->r))==0){
return DSA_SIGNATURE_OK;
}
return DSA_SIGNATURE_FAIL;
}
uint8_t dsa_verify_message(const dsa_signature_t* s, const void* m, uint16_t m_len_b,
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx){
bigint_t z;
uint16_t n_B = ctx->domain.q.length_W;
unsigned hash_length = (hfal_hash_getHashsize(hash_desc)+sizeof(bigint_word_t)*8-1)/(sizeof(bigint_word_t)*8);
bigint_word_t hash_value[hash_length];
memset(hash_value, 0, hash_length*sizeof(bigint_word_t));
hfal_hash_mem(hash_desc, hash_value, m, m_len_b);
z.wordv = hash_value;
z.length_W = n_B;
bigint_changeendianess(&z);
bigint_adjust(&z);
return dsa_verify_bigint(s, &z, ctx);
}
/* entropium.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file entropium.c
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2006-05-17
* \license GPLv3 or later
* \brief This file contains an implementaition of a pseudo-random-number generator.
*
* Extension 1:
* rndCore is expanded to 512 bits for more security.
*
\verbatim
################################################################################################
# #
# +---------------------------+ #
# | | #
# V | #
# (concat) | #
+---------------+ # o---------o (xor)+---------+ o---------o o----o o---------o # +--------------+
| entropy Block | -----> | sha-256 | --(offset)-< | rndCore | ---> | sha-256 | --+----| +1 |---> | sha-256 | -----> | random Block |
+---------------+ # o---------o (xor)+---------+ o---------o | o----o o---------o # +--------------+
# (xor) (xor) | #
# ^ ^ | #
# \ / | #
# (offset)---------------------+ #
# #
################################################################################################
\endverbatim
*/
#include <inttypes.h>
#include <string.h>
#include "sha256.h"
#include "entropium.h"
#include <stdio.h>
/**
* \brief secret entropy pool.
* This is the core of the random which is generated
*/
static
uint32_t rndCore[16];
/*************************************************************************/
/* idea is: hash the message and add it via xor to rndCore
*
* length in bits
*
* we simply first "hash" rndCore, then entropy.
*/
void entropium_addEntropy(unsigned length_b, const void* data){
sha256_ctx_t s;
static uint8_t offset=0; /* selects if higher or lower half gets updated */
sha256_init(&s);
sha256_nextBlock(&s, rndCore);
while (length_b>=512){
sha256_nextBlock(&s, data);
data = (uint8_t*)data+ 512/8;
length_b -= 512;
}
sha256_lastBlock(&s, data, length_b);
uint8_t i;
for (i=0; i<8; ++i){
rndCore[i+offset] ^= s.h[i];
}
offset ^= 8; /* hehe */
}
/*************************************************************************/
void entropium_getRandomBlock(void *b){
sha256_ctx_t s;
uint8_t offset=8;
sha256_init(&s);
sha256_lastBlock(&s, rndCore, 512); /* remember the byte order! */
uint8_t i;
for (i=0; i<8; ++i){
rndCore[i+offset] ^= s.h[i];
}
offset ^= 8; /* hehe */
memcpy(b, s.h, 32); /* back up first hash in b */
((uint8_t*)b)[*((uint8_t*)b)&31]++; /* the important increment step */
sha256_init(&s);
sha256_lastBlock(&s, b, 256);
memcpy(b, s.h, 32);
}
/*************************************************************************/
uint8_t entropium_getRandomByte(void){
static uint8_t block[32];
static uint8_t i = 0;
if(i == 0){
entropium_getRandomBlock((void*)block);
i = 32;
}
return block[--i];
}
void entropium_fillBlockRandom(void* block, unsigned length_B){
while(length_B>ENTROPIUM_RANDOMBLOCK_SIZE){
entropium_getRandomBlock(block);
block = (uint8_t*)block + ENTROPIUM_RANDOMBLOCK_SIZE;
length_B -= ENTROPIUM_RANDOMBLOCK_SIZE;
}
while(length_B){
*((uint8_t*)block) = entropium_getRandomByte();
block= (uint8_t*)block +1; --length_B;
}
}
/* entropium.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* File: entropium.h
* Author: Daniel Otte
* Date: 23.07.2006
* License: GPL
* Description: This file contains the declarations for the pseudo-random-number generator.
**/
/**
* \file entropium.h
* \author Daniel Otte
* \date 23.07.2006
* \license GPLv3 or later
* \brief This file contains the declarations for the pseudo-random-number generator.
**/
#ifndef ENTROPIUM_H_
#define ENTROPIUM_H_
#include <stdint.h>
/*
* length in bits
*/
#define ENTROPIUM_RANDOMBLOCK_SIZE 32 /* bytes */
/** \fn void entropium_addEntropy(unsigned length_b, const void* data)
* \brief add entropy to the prng
*
* This function adds data to the internal entropy pool
* \param length_b length of the data block in bits
* \param data pointer to the data
*/
void entropium_addEntropy(unsigned length_b, const void* data);
/** \fn void entropium_getRandomBlock(void* b)
* \brief generate a fixed size block of random data
*
* This function writes 32 bytes of random extracted from the entropy pool
* in the supplied buffer.
* \param b buffer where the random data gets written
*/
void entropium_getRandomBlock(void* b);
/** \fn uint8_t entropium_getRandomByte(void)
* \brief get a single byte of random data
*
* This function utilizes a internal buffer which gets automatically filled
* again.
* \return a byte of random data
*/
uint8_t entropium_getRandomByte(void);
/** \fn void entropium_fillBlockRandom(void* block, unsigned length_B)
* \brief get a block of random data
*
* This function writes random data extracted from the entropy pool in the
* supplied buffer. It shares a internal buffer with the
* entropium_getRandomByte() function.
* \param block pointer to the buffer where the random data goes
* \param length_B number of bytes to be written to the buffer
*/
void entropium_fillBlockRandom(void* block, unsigned length_B);
#endif /*PRNG_H_*/
/* hmac-md5.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
* implementation of HMAC as described in RFC2104
* Author: Daniel Otte
* email: daniel.otte@rub.de
* License: GPLv3 or later
**/
/*
* hmac = hash ( k^opad , hash( k^ipad , msg))
*/
#include <stdint.h>
#include <string.h>
#include "config.h"
#include "md5.h"
#include "hmac-md5.h"
#define IPAD 0x36
#define OPAD 0x5C
#ifndef HMAC_SHORTONLY
void hmac_md5_init(hmac_md5_ctx_t *s, void* key, uint16_t keylength_b){
uint8_t buffer[MD5_BLOCK_BYTES];
uint8_t i;
memset(buffer, 0, MD5_BLOCK_BYTES);
if (keylength_b > MD5_BLOCK_BITS){
md5((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);
}
for (i=0; i<MD5_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD;
}
md5_init(&(s->a));
md5_nextBlock(&(s->a), buffer);
for (i=0; i<MD5_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD^OPAD;
}
md5_init(&(s->b));
md5_nextBlock(&(s->b), buffer);
#if defined SECURE_WIPE_BUFFER
memset(buffer, 0, MD5_BLOCK_BYTES);
#endif
}
void hmac_md5_nextBlock(hmac_md5_ctx_t *s, const void* block){
md5_nextBlock(&(s->a), block);
}
void hmac_md5_lastBlock(hmac_md5_ctx_t *s, const void* block, uint16_t length_b){
md5_lastBlock(&(s->a), block, length_b);
}
void hmac_md5_final(void* dest, hmac_md5_ctx_t *s){
md5_ctx2hash((md5_hash_t*)dest, &(s->a));
md5_lastBlock(&(s->b), dest, MD5_HASH_BITS);
md5_ctx2hash((md5_hash_t*)dest, &(s->b));
}
#endif
/*
void hmac_md5_nextBlock()
void hmac_md5_lastBlock()
*/
/*
* keylength in bits!
* message length in bits!
*/
void hmac_md5(void* dest, void* key, uint16_t keylength_b, void* msg, uint32_t msglength_b){ /* a one-shot*/
md5_ctx_t s;
uint8_t i;
uint8_t buffer[MD5_BLOCK_BYTES];
memset(buffer, 0, MD5_BLOCK_BYTES);
/* if key is larger than a block we have to hash it*/
if (keylength_b > MD5_BLOCK_BITS){
md5((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);
}
for (i=0; i<MD5_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD;
}
md5_init(&s);
md5_nextBlock(&s, buffer);
while (msglength_b >= MD5_BLOCK_BITS){
md5_nextBlock(&s, msg);
msg = (uint8_t*)msg + MD5_BLOCK_BYTES;
msglength_b -= MD5_BLOCK_BITS;
}
md5_lastBlock(&s, msg, msglength_b);
/* since buffer still contains key xor ipad we can do ... */
for (i=0; i<MD5_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD ^ OPAD;
}
md5_ctx2hash(dest, &s); /* save inner hash temporary to dest */
md5_init(&s);
md5_nextBlock(&s, buffer);
md5_lastBlock(&s, dest, MD5_HASH_BITS);
md5_ctx2hash(dest, &s);
}
/* hmac-md5.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef HMACMD5_H_
#define HMACMD5_H_
#include "md5.h"
#define HMAC_MD5_BITS MD5_HASH_BITS
#define HMAC_MD5_BYTES MD5_HASH_BYTES
#define HMAC_MD5_BLOCK_BITS MD5_BLOCK_BITS
#define HMAC_MD5_BLOCK_BYTES MD5_BLOCK_BYTES
typedef struct{
md5_ctx_t a,b;
} hmac_md5_ctx_t;
void hmac_md5_init(hmac_md5_ctx_t *s, void* key, uint16_t keylength_b);
void hmac_md5_nextBlock(hmac_md5_ctx_t *s, const void* block);
void hmac_md5_lastBlock(hmac_md5_ctx_t *s, const void* block, uint16_t length_b);
void hmac_md5_final(void* dest, hmac_md5_ctx_t *s);
void hmac_md5(void* dest, void* key, uint16_t keylength_b, void* msg, uint32_t msglength_b);
#endif /*HMACMD5_H_*/
/* hmac-sha1.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
* implementation of HMAC as described in RFC2104
* Author: Daniel Otte
* email: daniel.otte@rub.de
* License: GPLv3 or later
**/
/*
* hmac = hash ( k^opad , hash( k^ipad , msg))
*/
#include <stdint.h>
#include <string.h>
#include "config.h"
#include "sha1.h"
#include "hmac-sha1.h"
#define IPAD 0x36
#define OPAD 0x5C
#ifndef HMAC_SHORTONLY
void hmac_sha1_init(hmac_sha1_ctx_t *s, const void* key, uint16_t keylength_b){
uint8_t buffer[SHA1_BLOCK_BYTES];
uint8_t i;
memset(buffer, 0, SHA1_BLOCK_BYTES);
if (keylength_b > SHA1_BLOCK_BITS){
sha1((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);