diff options
-rw-r--r-- | cipher/Makefile.am | 5 | ||||
-rw-r--r-- | cipher/Makefile.in | 16 | ||||
-rw-r--r-- | cipher/cast5.c | 615 | ||||
-rw-r--r-- | cipher/cast5.h | 50 | ||||
-rw-r--r-- | cipher/dsa.c | 245 | ||||
-rw-r--r-- | cipher/dsa.h | 49 | ||||
-rw-r--r-- | cipher/elgamal.c | 65 | ||||
-rw-r--r-- | cipher/elgamal.h | 4 | ||||
-rw-r--r-- | cipher/md.c | 20 | ||||
-rw-r--r-- | cipher/random.c | 94 | ||||
-rw-r--r-- | cipher/rsa.c | 214 | ||||
-rw-r--r-- | cipher/rsa.h | 54 | ||||
-rw-r--r-- | cipher/sha1.c | 400 | ||||
-rw-r--r-- | cipher/sha1.h | 50 |
14 files changed, 1564 insertions, 317 deletions
diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 939a4830..40b131dd 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -5,7 +5,6 @@ INCLUDES = -I$(top_srcdir)/include noinst_LIBRARIES = cipher -# please add "rsa.c" and "rsa.h" manually in Makefile.am cipher_SOURCES = blowfish.c \ blowfish.h \ elgamal.c \ @@ -18,6 +17,10 @@ cipher_SOURCES = blowfish.c \ random.c \ rmd.h \ rmd160.c \ + sha1.h \ + sha1.c \ + dsa.h \ + dsa.c \ md.c \ smallprime.c diff --git a/cipher/Makefile.in b/cipher/Makefile.in index 96081b73..8391d9e9 100644 --- a/cipher/Makefile.in +++ b/cipher/Makefile.in @@ -42,7 +42,6 @@ INCLUDES = -I$(top_srcdir)/include noinst_LIBRARIES = cipher -# please add "rsa.c" and "rsa.h" manually in Makefile.am cipher_SOURCES = blowfish.c \ blowfish.h \ elgamal.c \ @@ -55,6 +54,10 @@ cipher_SOURCES = blowfish.c \ random.c \ rmd.h \ rmd160.c \ + sha1.h \ + sha1.c \ + dsa.h \ + dsa.c \ md.c \ smallprime.c @@ -78,7 +81,7 @@ LIBS = @LIBS@ COMPILE = $(CC) -c $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) LINK = $(CC) $(LDFLAGS) -o $@ cipher_OBJECTS = blowfish.o elgamal.o gost.o md5.o primegen.o random.o \ -rmd160.o md.o smallprime.o +rmd160.o sha1.o dsa.o md.o smallprime.o EXTRA_cipher_SOURCES = LIBFILES = libcipher.a AR = ar @@ -95,10 +98,11 @@ DEP_DISTFILES = $(DIST_COMMON) $(SOURCES) $(BUILT_SOURCES) $(HEADERS) \ $(TEXINFOS) $(INFO_DEPS) $(MANS) $(EXTRA_DIST) $(DATA) TAR = tar -DEP_FILES = $(srcdir)/.deps/blowfish.P $(srcdir)/.deps/elgamal.P \ -$(srcdir)/.deps/gost.P $(srcdir)/.deps/md.P $(srcdir)/.deps/md5.P \ -$(srcdir)/.deps/primegen.P $(srcdir)/.deps/random.P \ -$(srcdir)/.deps/rmd160.P $(srcdir)/.deps/smallprime.P +DEP_FILES = $(srcdir)/.deps/blowfish.P $(srcdir)/.deps/dsa.P \ +$(srcdir)/.deps/elgamal.P $(srcdir)/.deps/gost.P $(srcdir)/.deps/md.P \ +$(srcdir)/.deps/md5.P $(srcdir)/.deps/primegen.P \ +$(srcdir)/.deps/random.P $(srcdir)/.deps/rmd160.P \ +$(srcdir)/.deps/sha1.P $(srcdir)/.deps/smallprime.P SOURCES = $(cipher_SOURCES) OBJECTS = $(cipher_OBJECTS) diff --git a/cipher/cast5.c b/cipher/cast5.c new file mode 100644 index 00000000..ef6c220a --- /dev/null +++ b/cipher/cast5.c @@ -0,0 +1,615 @@ +/* cast5.c - CAST5 cipher (RFC2144) + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include "util.h" +#include "types.h" +#include "cast5.h" + +static const u32 s1[256] = { +0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, +0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, +0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, +0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, +0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, +0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, +0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, +0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, +0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, +0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, +0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, +0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, +0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, +0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, +0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, +0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, +0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, +0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, +0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, +0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, +0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, +0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, +0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, +0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, +0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, +0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, +0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, +0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, +0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, +0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, +0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, +0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf +}; +static const u32 s2[256] = { +0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, +0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, +0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, +0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, +0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, +0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, +0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, +0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, +0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, +0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, +0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, +0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, +0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, +0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, +0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, +0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, +0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, +0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, +0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, +0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, +0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, +0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, +0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, +0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, +0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, +0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, +0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, +0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, +0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, +0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, +0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, +0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1 +}; +static const u32 s3[256] = { +0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, +0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, +0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, +0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, +0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, +0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, +0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, +0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, +0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, +0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, +0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, +0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, +0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, +0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, +0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, +0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, +0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, +0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, +0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, +0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, +0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, +0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, +0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, +0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, +0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, +0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, +0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, +0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, +0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, +0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, +0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, +0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783 +}; +static const u32 s4[256] = { +0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, +0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, +0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, +0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, +0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, +0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, +0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, +0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, +0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, +0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, +0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, +0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, +0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, +0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, +0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, +0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, +0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, +0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, +0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, +0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, +0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, +0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, +0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, +0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, +0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, +0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, +0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, +0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, +0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, +0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, +0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, +0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2 +}; +static const u32 s5[256] = { +0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, +0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, +0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, +0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, +0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, +0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, +0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, +0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, +0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, +0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, +0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, +0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, +0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, +0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, +0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, +0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, +0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, +0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, +0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, +0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, +0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, +0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, +0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, +0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, +0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, +0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, +0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, +0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, +0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, +0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, +0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, +0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4 +}; +static const u32 s6[256] = { +0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, +0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, +0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, +0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, +0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, +0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, +0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, +0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, +0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, +0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, +0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, +0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, +0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, +0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, +0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, +0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, +0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, +0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, +0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, +0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, +0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, +0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, +0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, +0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, +0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, +0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, +0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, +0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, +0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, +0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, +0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, +0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f +}; +static const u32 s7[256] = { +0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, +0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, +0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, +0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, +0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, +0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, +0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, +0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, +0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, +0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, +0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, +0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, +0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, +0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, +0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, +0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, +0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, +0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, +0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, +0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, +0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, +0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, +0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, +0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, +0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, +0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, +0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, +0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, +0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, +0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, +0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, +0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3 +}; +static const u32 s8[256] = { +0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, +0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, +0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, +0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, +0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, +0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, +0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, +0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, +0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, +0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, +0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, +0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, +0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, +0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, +0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, +0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, +0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, +0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, +0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, +0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, +0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, +0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, +0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, +0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, +0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, +0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, +0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, +0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, +0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, +0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, +0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, +0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e +}; + + + + + +static u32 +function_F( CAST5_context *bc, u32 x ) +{ + u16 a, b, c, d, y; + + d = x & 0x00ff; + x >>= 8; + c = x & 0x00ff; + x >>= 8; + b = x & 0x00ff; + x >>= 8; + a = x & 0x00ff; + y = bc->s0[a] + bc->s1[b]; + y ^= bc->s2[c]; + y += bc->s3[d]; + + return y; +} + + +static void +encrypt( CAST5_context *bc, u32 *ret_xl, u32 *ret_xr ) +{ + u32 xl, xr, temp; + int i; + + /* (L0,R0) <-- (m1...m64). (Split the plaintext into left and + * right 32-bit halves L0 = m1...m32 and R0 = m33...m64.) + */ + xl = *ret_xl; + xr = *ret_xr; + + for(i=0; i < 16; i++ ) { + /* (16 rounds) for i from 1 to 16, compute Li and Ri as follows: + * Li = Ri-1; + * Ri = Li-1 ^ f(Ri-1,Kmi,Kri), where f is defined in Section 2.2 + * (f is of Type 1, Type 2, or Type 3, depending on i). + */ + xl ^= bc->p[i]; + xr ^= function_F(bc, xl); + temp = xl; + xl = xr; + xr = temp; + } + + /* c1...c64 <-- (R16,L16). (Exchange final blocks L16, R16 and + * concatenate to form the ciphertext.) */ + temp = xl; + xl = xr; + xr = temp; + + xr ^= bc->p[CAST5_ROUNDS]; + xl ^= bc->p[CAST5_ROUNDS+1]; + + *ret_xl = xl; + *ret_xr = xr; +} + +static void +decrypted( CAST5_context *bc, u32 *ret_xl, u32 *ret_xr ) +{ + u32 xl, xr, temp; + int i; + + xl = *ret_xl; + xr = *ret_xr; + + for(i=CAST5_ROUNDS+1; i > 1; i-- ) { + xl ^= bc->p[i]; + xr ^= function_F(bc, xl); + temp = xl; + xl = xr; + xr = temp; + } + + temp = xl; + xl = xr; + xr = temp; + + xr ^= bc->p[1]; + xl ^= bc->p[0]; + + *ret_xl = xl; + *ret_xr = xr; +} + +static void +encrypted_block( CAST5_context *bc, byte *outbuf, byte *inbuf ) +{ + u32 d1, d2; + + d1 = ((u32*)inbuf)[0]; + d2 = ((u32*)inbuf)[1]; + encrypted( bc, &d1, &d2 ); + ((u32*)outbuf)[0] = d1; + ((u32*)outbuf)[1] = d2; +} + +static void +decrypted_block( CAST5_context *bc, byte *outbuf, byte *inbuf ) +{ + u32 d1, d2; + + d1 = ((u32*)inbuf)[0]; + d2 = ((u32*)inbuf)[1]; + decrypted( bc, &d1, &d2 ); + ((u32*)outbuf)[0] = d1; + ((u32*)outbuf)[1] = d2; +} + + +void +cast5_setkey( CAST5_context *c, byte *key, unsigned keylen ) +{ + int i, j, k; + u32 data, datal, datar; + + for(i=0; i < CAST5_ROUNDS+2; i++ ) + c->p[i] = ps[i]; + for(i=0; i < 256; i++ ) { + c->s0[i] = ks0[i]; + c->s1[i] = ks1[i]; + c->s2[i] = ks2[i]; + c->s3[i] = ks3[i]; + } + + for(i=j=0; i < BLOWFISH_ROUNDS+2; i++ ) { + data = 0; + for(k=0; k < 4; k++) { + data = (data << 8) | key[j]; + if( ++j >= keylen ) + j = 0; + } + c->p[i] ^= data; + } + + datal = datar = 0; + for(i=0; i < CAST5_ROUNDS+2; i += 2 ) { + encrypted( c, &datal, &datar ); + c->p[i] = datal; + c->p[i+1] = datar; + } + for(i=0; i < 256; i += 2 ) { + encrypted( c, &datal, &datar ); + c->s0[i] = datal; + c->s0[i+1] = datar; + } + for(i=0; i < 256; i += 2 ) { + encrypted( c, &datal, &datar ); + c->s1[i] = datal; + c->s1[i+1] = datar; + } + for(i=0; i < 256; i += 2 ) { + encrypted( c, &datal, &datar ); + c->s2[i] = datal; + c->s2[i+1] = datar; + } + for(i=0; i < 256; i += 2 ) { + encrypted( c, &datal, &datar ); + c->s3[i] = datal; + c->s3[i+1] = datar; + } +} + + +void +cast5_setiv( CAST5_context *c, byte *iv ) +{ + if( iv ) + memcpy( c->iv, iv, CAST5_BLOCKSIZE ); + else + memset( c->iv, 0, CAST5_BLOCKSIZE ); + c->count = 0; + encrypted_block( c, c->eniv, c->iv ); +} + + +void +cast5_encode( CAST5_context *c, byte *outbuf, byte *inbuf, + unsigned nblocks ) +{ + unsigned n; + + for(n=0; n < nblocks; n++ ) { + encrypted_block( c, outbuf, inbuf ); + inbuf += CAST5_BLOCKSIZE;; + outbuf += CAST5_BLOCKSIZE; + } +} + +void +cast5_decode( CAST5_context *c, byte *outbuf, byte *inbuf, + unsigned nblocks ) +{ + unsigned n; + + for(n=0; n < nblocks; n++ ) { + decrypted_block( c, outbuf, inbuf ); + inbuf += CAST5_BLOCKSIZE;; + outbuf += CAST5_BLOCKSIZE; + } +} + + + +/**************** + * FIXME: Make use of bigger chunks + * (out may overlap with a or b) + */ +static void +xorblock( byte *out, byte *a, byte *b, unsigned count ) +{ + for( ; count ; count--, a++, b++ ) + *out++ = *a ^ *b ; +} + + + +/**************** + * Encode buffer in CFB mode. nbytes can be an arbitrary value. + */ +void +cast5_encode_cfb( CAST5_context *c, byte *outbuf, + byte *inbuf, unsigned nbytes) +{ + unsigned n; + + if( c->count ) { /* must make a full block first */ + assert( c->count < CAST5_BLOCKSIZE ); + n = CAST5_BLOCKSIZE - c->count; + if( n > nbytes ) + n = nbytes; + xorblock( outbuf, c->eniv+c->count, inbuf, n); + memcpy( c->iv+c->count, outbuf, n); + c->count += n; + nbytes -= n; + inbuf += n; + outbuf += n; + assert( c->count <= CAST5_BLOCKSIZE); + if( c->count == CAST5_BLOCKSIZE ) { + encrypted_block( c, c->eniv, c->iv ); + c->count = 0; + } + else + return; + } + assert(!c->count); + while( nbytes >= CAST5_BLOCKSIZE ) { + xorblock( outbuf, c->eniv, inbuf, CAST5_BLOCKSIZE); + memcpy( c->iv, outbuf, CAST5_BLOCKSIZE); + encrypted_block( c, c->eniv, c->iv ); + nbytes -= CAST5_BLOCKSIZE; + inbuf += CAST5_BLOCKSIZE; + outbuf += CAST5_BLOCKSIZE; + } + + if( nbytes ) { + xorblock( outbuf, c->eniv, inbuf, nbytes ); + memcpy( c->iv, outbuf, nbytes ); + c->count = nbytes; + } + +} + + +void +cast5_decode_cfb( CAST5_context *c, byte *outbuf, + byte *inbuf, unsigned nbytes) +{ + unsigned n; + + if( c->count ) { /* must make a full block first */ + assert( c->count < CAST5_BLOCKSIZE ); + n = CAST5_BLOCKSIZE - c->count; + if( n > nbytes ) + n = nbytes; + memcpy( c->iv+c->count, inbuf, n); + xorblock( outbuf, c->eniv+c->count, inbuf, n); + c->count += n; + nbytes -= n; + inbuf += n; + outbuf += n; + assert( c->count <= CAST5_BLOCKSIZE); + if( c->count == CAST5_BLOCKSIZE ) { + encrypted_block( c, c->eniv, c->iv ); + c->count = 0; + } + else + return; + } + + assert(!c->count); + while( nbytes >= CAST5_BLOCKSIZE ) { + memcpy( c->iv, inbuf, CAST5_BLOCKSIZE); + xorblock( outbuf, c->eniv, inbuf, CAST5_BLOCKSIZE); + encrypted_block( c, c->eniv, c->iv ); + nbytes -= CAST5_BLOCKSIZE; + inbuf += CAST5_BLOCKSIZE; + outbuf += CAST5_BLOCKSIZE; + } + + if( nbytes ) { + memcpy( c->iv, inbuf, nbytes ); + xorblock( outbuf, c->eniv, inbuf, nbytes ); + c->count = nbytes; + } + +} + diff --git a/cipher/cast5.h b/cipher/cast5.h new file mode 100644 index 00000000..6e0b795f --- /dev/null +++ b/cipher/cast5.h @@ -0,0 +1,50 @@ +/* cast5.h + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ +#ifndef G10_CAST5_H +#define G10_CAST5_H + +#include "types.h" + +#define CAST5_BLOCKSIZE 8 + +typedef struct { + u32 s0[256]; + u32 s1[256]; + u32 s2[256]; + u32 s3[256]; + u32 p[16+2]; + byte iv[CAST5_BLOCKSIZE]; + byte eniv[CAST5_BLOCKSIZE]; + int count; +} CAST5_context; + +void cast5_setkey( CAST5_context *c, byte *key, unsigned keylen ); +void cast5_setiv( CAST5_context *c, byte *iv ); +void cast5_encode( CAST5_context *c, byte *outbuf, byte *inbuf, + unsigned nblocks ); +void cast5_decode( CAST5_context *c, byte *outbuf, byte *inbuf, + unsigned nblocks ); +void cast5_encode_cfb( CAST5_context *c, byte *outbuf, + byte *inbuf, unsigned nbytes); +void cast5_decode_cfb( CAST5_context *c, byte *outbuf, + byte *inbuf, unsigned nbytes); + + +#endif /*G10_CAST5_H*/ diff --git a/cipher/dsa.c b/cipher/dsa.c new file mode 100644 index 00000000..dd9100df --- /dev/null +++ b/cipher/dsa.c @@ -0,0 +1,245 @@ +/* dsa.c - DSA signature scheme + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "util.h" +#include "mpi.h" +#include "cipher.h" +#include "dsa.h" + + +void +dsa_free_public_key( DSA_public_key *pk ) +{ + mpi_free( pk->p ); pk->p = NULL; + mpi_free( pk->g ); pk->g = NULL; + mpi_free( pk->y ); pk->y = NULL; +} + +void +dsa_free_secret_key( DSA_secret_key *sk ) +{ + mpi_free( sk->p ); sk->p = NULL; + mpi_free( sk->g ); sk->g = NULL; + mpi_free( sk->y ); sk->y = NULL; + mpi_free( sk->x ); sk->x = NULL; +} + + +static void +test_keys( DSA_public_key *pk, DSA_secret_key *sk, unsigned nbits ) +{ + MPI test = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); + MPI out1_a = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); + MPI out1_b = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); + MPI out2 = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); + + mpi_set_bytes( test, nbits, get_random_byte, 0 ); + + dsa_sign( out1_a, out1_b, test, sk ); + if( !dsa_verify( out1_a, out1_b, test, pk ) ) + log_fatal("DSA operation: sign, verify failed\n"); + + mpi_free( test ); + mpi_free( out1_a ); + mpi_free( out1_b ); + mpi_free( out2 ); +} + + +/**************** + * generate a random secret exponent k from prime p, so + * that k is relatively prime to p-1 + */ +static MPI +gen_k( MPI p ) +{ + MPI k = mpi_alloc_secure( mpi_get_nlimbs(p) ); + MPI temp = mpi_alloc( mpi_get_nlimbs(p) ); + MPI p_1 = mpi_copy(p); + unsigned nbits = mpi_get_nbits(p); + + if( DBG_CIPHER ) + log_debug("choosing a random k "); + mpi_sub_ui( p_1, p, 1); + for(;;) { + if( DBG_CIPHER ) + fputc('.', stderr); + mpi_set_bytes( k, nbits, get_random_byte, 1 ); + mpi_set_bit( k, nbits-1 ); /* make sure it's high (really needed?) */ + if( mpi_cmp( k, p_1 ) >= 0 ) + continue; /* is not smaller than (p-1) */ + if( mpi_gcd( temp, k, p_1 ) ) + break; /* okay, k is relatively prime to (p-1) */ + } + if( DBG_CIPHER ) + fputc('\n', stderr); + mpi_free(p_1); + mpi_free(temp); + + return k; +} + +/**************** + * Generate a key pair with a key of size NBITS + * Returns: 2 structures filles with all needed values + */ +void +dsa_generate( DSA_public_key *pk, DSA_secret_key *sk, unsigned nbits ) +{ + MPI p; /* the prime */ + MPI g; + MPI x; /* the secret exponent */ + MPI y; + + p = generate_public_prime( nbits ); + /* FIXME: check wether we shall assert that (p-1)/2 is also prime + * Schneier votes against it + */ + g = mpi_alloc_set_ui(3); + + /* select a random number */ + x = mpi_alloc_secure( nbits/BITS_PER_MPI_LIMB ); + if( DBG_CIPHER ) + log_debug("choosing a random x "); + do { + if( DBG_CIPHER ) + fputc('.', stderr); + mpi_set_bytes( x, nbits, get_random_byte, 1 ); /* fixme: should be 2 */ + mpi_set_bit( x, nbits-1 ); /* make sure it's high (needed?) */ + } while( mpi_cmp( x, p ) >= 0 ); /* x must be smaller than p */ + + y = mpi_alloc(nbits/BITS_PER_MPI_LIMB); + mpi_powm( y, g, x, p ); + + if( DBG_CIPHER ) { + fputc('\n', stderr); + log_mpidump("dsa p= ", p ); + log_mpidump("dsa g= ", g ); + log_mpidump("dsa y= ", y ); + log_mpidump("dsa x= ", x ); + } + + + /* copy the stuff to the key structures */ + pk->p = mpi_copy(p); + pk->g = mpi_copy(g); + pk->y = mpi_copy(y); + sk->p = p; + sk->g = g; + sk->y = y; + sk->x = x; + + /* now we can test our keys (this should never fail!) */ + test_keys( pk, sk, nbits - 64 ); +} + + +/**************** + * Test wether the secret key is valid. + * Returns: if this is a valid key. + */ +int +dsa_check_secret_key( DSA_secret_key *sk ) +{ + int rc; + MPI y = mpi_alloc( mpi_get_nlimbs(sk->y) ); + + mpi_powm( y, sk->g, sk->x, sk->p ); + rc = !mpi_cmp( y, sk->y ); + mpi_free( y ); + return rc; +} + + + +/**************** + * Make an Elgamal signature out of INPUT + */ + +void +dsa_sign(MPI a, MPI b, MPI input, DSA_secret_key *skey ) +{ + MPI k; + MPI t = mpi_alloc( mpi_get_nlimbs(a) ); + MPI inv = mpi_alloc( mpi_get_nlimbs(a) ); + MPI p_1 = mpi_copy(skey->p); + + /* + * b = (t * inv) mod (p-1) + * b = (t * inv(k,(p-1),(p-1)) mod (p-1) + * b = (((M-x*a) mod (p-1)) * inv(k,(p-1),(p-1))) mod (p-1) + * + */ + mpi_sub_ui(p_1, p_1, 1); + k = gen_k( skey->p ); + mpi_powm( a, skey->g, k, skey->p ); + mpi_mul(t, skey->x, a ); + mpi_subm(t, input, t, p_1 ); + while( mpi_is_neg(t) ) + mpi_add(t, t, p_1); + mpi_invm(inv, k, p_1 ); + mpi_mulm(b, t, inv, p_1 ); + + #if 0 + if( DBG_CIPHER ) { + log_mpidump("dsa sign p= ", skey->p); + log_mpidump("dsa sign g= ", skey->g); + log_mpidump("dsa sign y= ", skey->y); + log_mpidump("dsa sign x= ", skey->x); + log_mpidump("dsa sign k= ", k); + log_mpidump("dsa sign M= ", input); + log_mpidump("dsa sign a= ", a); + log_mpidump("dsa sign b= ", b); + } + #endif + mpi_free(k); + mpi_free(t); + mpi_free(inv); + mpi_free(p_1); +} + + +/**************** + * Returns true if the signature composed from A and B is valid. + */ +int +dsa_verify(MPI a, MPI b, MPI input, DSA_public_key *pkey ) +{ + int rc; + MPI t1 = mpi_alloc( mpi_get_nlimbs(a) ); + MPI t2 = mpi_alloc( mpi_get_nlimbs(a) ); + + mpi_powm( t1, pkey->y, a, pkey->p ); + mpi_powm( t2, a, b, pkey->p ); + mpi_mulm( t1, t1, t2, pkey->p ); + + mpi_powm( t2, pkey->g, input, pkey->p ); + + rc = !mpi_cmp( t1, t2 ); + + mpi_free(t1); + mpi_free(t2); + return rc; +} + diff --git a/cipher/dsa.h b/cipher/dsa.h new file mode 100644 index 00000000..7ed38a4b --- /dev/null +++ b/cipher/dsa.h @@ -0,0 +1,49 @@ +/* dsa.h - DSA signature scheme + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ +#ifndef G10_DSA_H +#define G10_DSA_H + +#include "mpi.h" + +typedef struct { + MPI p; /* prime */ + MPI q; /* group order */ + MPI g; /* group generator */ + MPI y; /* g^x mod p */ +} DSA_public_key; + + +typedef struct { + MPI p; /* prime */ + MPI q; /* group order */ + MPI g; /* group generator */ + MPI y; /* g^x mod p */ + MPI x; /* secret exponent */ +} DSA_secret_key; + + +void dsa_free_public_key( DSA_public_key *pk ); +void dsa_free_secret_key( DSA_secret_key *sk ); +void dsa_generate( DSA_public_key *pk, DSA_secret_key *sk, unsigned nbits ); +int dsa_check_secret_key( DSA_secret_key *sk ); +void dsa_sign(MPI a, MPI b, MPI input, DSA_secret_key *skey); +int dsa_verify(MPI a, MPI b, MPI input, DSA_public_key *pkey); + +#endif /*G10_DSA_H*/ diff --git a/cipher/elgamal.c b/cipher/elgamal.c index 63ec06f5..4252b48d 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -60,10 +60,10 @@ test_keys( ELG_public_key *pk, ELG_secret_key *sk, unsigned nbits ) mpi_set_bytes( test, nbits, get_random_byte, 0 ); - elg_encrypted( out1_a, out1_b, test, pk ); - elg_decrypted( out2, out1_a, out1_b, sk ); + elg_encrypt( out1_a, out1_b, test, pk ); + elg_decrypt( out2, out1_a, out1_b, sk ); if( mpi_cmp( test, out2 ) ) - log_fatal("ElGamal operation: encrypted, decrypted failed\n"); + log_fatal("ElGamal operation: encrypt, decrypt failed\n"); elg_sign( out1_a, out1_b, test, sk ); if( !elg_verify( out1_a, out1_b, test, pk ) ) @@ -95,9 +95,10 @@ gen_k( MPI p ) if( DBG_CIPHER ) fputc('.', stderr); mpi_set_bytes( k, nbits, get_random_byte, 1 ); - mpi_set_bit( k, nbits-1 ); /* make sure it's high (really needed?) */ - if( mpi_cmp( k, p_1 ) >= 0 ) - continue; /* is not smaller than (p-1) */ + if( !(mpi_cmp( k, p_1 ) < 0) ) /* check: k < (p-1) */ + continue; /* no */ + if( !(mpi_cmp_ui( k, 0 ) > 0) ) /* check: k > 0 */ + continue; /* no */ if( mpi_gcd( temp, k, p_1 ) ) break; /* okay, k is relatively prime to (p-1) */ } @@ -117,17 +118,27 @@ void elg_generate( ELG_public_key *pk, ELG_secret_key *sk, unsigned nbits ) { MPI p; /* the prime */ + MPI p_min1; MPI g; MPI x; /* the secret exponent */ MPI y; - - p = generate_public_prime( nbits ); - /* FIXME: check wether we shall assert that (p-1)/2 is also prime - * Schneier votes against it + MPI temp; + + p = NULL; + p_min1 = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); + temp = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); + /*do {*/ + mpi_free(p); + /* FIXME!!!! Should generate a strong prime */ + p = generate_public_prime( nbits ); + mpi_sub_ui(p_min1, p, 1); + /*} while if( mpi_gcd( temp, k, p_1 ) )*/ + + + g = mpi_alloc_set_ui(3); /* fixme: 3 is bad (but better than 2)*/ + /* select a random number which has these properties: + * 0 < x < p-1 */ - g = mpi_alloc_set_ui(3); - - /* select a random number */ x = mpi_alloc_secure( nbits/BITS_PER_MPI_LIMB ); if( DBG_CIPHER ) log_debug("choosing a random x "); @@ -135,8 +146,7 @@ elg_generate( ELG_public_key *pk, ELG_secret_key *sk, unsigned nbits ) if( DBG_CIPHER ) fputc('.', stderr); mpi_set_bytes( x, nbits, get_random_byte, 1 ); /* fixme: should be 2 */ - mpi_set_bit( x, nbits-1 ); /* make sure it's high (needed?) */ - } while( mpi_cmp( x, p ) >= 0 ); /* x must be smaller than p */ + } while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) ); y = mpi_alloc(nbits/BITS_PER_MPI_LIMB); mpi_powm( y, g, x, p ); @@ -149,7 +159,6 @@ elg_generate( ELG_public_key *pk, ELG_secret_key *sk, unsigned nbits ) log_mpidump("elg x= ", x ); } - /* copy the stuff to the key structures */ pk->p = mpi_copy(p); pk->g = mpi_copy(g); @@ -161,6 +170,9 @@ elg_generate( ELG_public_key *pk, ELG_secret_key *sk, unsigned nbits ) /* now we can test our keys (this should never fail!) */ test_keys( pk, sk, nbits - 64 ); + + mpi_free( p_min1 ); + mpi_free( temp ); } @@ -182,7 +194,7 @@ elg_check_secret_key( ELG_secret_key *sk ) void -elg_encrypted(MPI a, MPI b, MPI input, ELG_public_key *pkey ) +elg_encrypt(MPI a, MPI b, MPI input, ELG_public_key *pkey ) { MPI k; @@ -212,7 +224,7 @@ elg_encrypted(MPI a, MPI b, MPI input, ELG_public_key *pkey ) void -elg_decrypted(MPI output, MPI a, MPI b, ELG_secret_key *skey ) +elg_decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey ) { MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); @@ -288,13 +300,24 @@ int elg_verify(MPI a, MPI b, MPI input, ELG_public_key *pkey ) { int rc; - MPI t1 = mpi_alloc( mpi_get_nlimbs(a) ); - MPI t2 = mpi_alloc( mpi_get_nlimbs(a) ); - + MPI t1; + MPI t2; + + if( !(mpi_cmp_ui( a, 0 ) > 0 && mpi_cmp( a, pkey->p ) < 0) ) + return 0; /* assertion 0 < a < p failed */ + + t1 = mpi_alloc( mpi_get_nlimbs(a) ); + t2 = mpi_alloc( mpi_get_nlimbs(a) ); + /* t1 = (y^a mod p) * (a^b mod p) mod p + * fixme: should be calculated by a call which evalutes + * t1 = y^a * a^b mod p + * direct. + */ mpi_powm( t1, pkey->y, a, pkey->p ); mpi_powm( t2, a, b, pkey->p ); mpi_mulm( t1, t1, t2, pkey->p ); + /* t2 = g ^ input mod p */ mpi_powm( t2, pkey->g, input, pkey->p ); rc = !mpi_cmp( t1, t2 ); diff --git a/cipher/elgamal.h b/cipher/elgamal.h index 4086a8fc..15121f55 100644 --- a/cipher/elgamal.h +++ b/cipher/elgamal.h @@ -41,8 +41,8 @@ void elg_free_public_key( ELG_public_key *pk ); void elg_free_secret_key( ELG_secret_key *sk ); void elg_generate( ELG_public_key *pk, ELG_secret_key *sk, unsigned nbits ); int elg_check_secret_key( ELG_secret_key *sk ); -void elg_encrypted(MPI a, MPI b, MPI input, ELG_public_key *pkey ); -void elg_decrypted(MPI output, MPI a, MPI b, ELG_secret_key *skey ); +void elg_encrypt(MPI a, MPI b, MPI input, ELG_public_key *pkey ); +void elg_decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey ); void elg_sign(MPI a, MPI b, MPI input, ELG_secret_key *skey); int elg_verify(MPI a, MPI b, MPI input, ELG_public_key *pkey); diff --git a/cipher/md.c b/cipher/md.c index a14d62f3..71403c8c 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -32,6 +32,7 @@ md_okay( int algo ) switch( algo ) { case DIGEST_ALGO_MD5: case DIGEST_ALGO_RMD160: + case DIGEST_ALGO_SHA1: return 0; default: return G10ERR_DIGEST_ALGO; @@ -51,6 +52,8 @@ md_open( int algo, int secure ) hd->u.md5 = md5_open( secure ); else if( algo == DIGEST_ALGO_RMD160 ) hd->u.rmd= rmd160_open( secure ); + else if( algo == DIGEST_ALGO_SHA1 ) + hd->u.sha1 = sha1_open( secure ); else return NULL; @@ -70,6 +73,8 @@ md_copy( MD_HANDLE *a ) hd->u.md5 = md5_copy( a->u.md5 ); else if( a->algo == DIGEST_ALGO_RMD160 ) hd->u.rmd= rmd160_copy( a->u.rmd ); + else if( a->algo == DIGEST_ALGO_SHA1 ) + hd->u.sha1= sha1_copy( a->u.sha1 ); else log_bug(NULL); return hd; @@ -89,6 +94,8 @@ md_makecontainer( int algo ) ; else if( algo == DIGEST_ALGO_RMD160 ) ; + else if( algo == DIGEST_ALGO_SHA1 ) + ; else log_bug(NULL); return hd; @@ -103,6 +110,8 @@ md_close(MD_HANDLE *a) md5_close( a->u.md5 ); else if( a->algo == DIGEST_ALGO_RMD160 ) rmd160_close( a->u.rmd ); + else if( a->algo == DIGEST_ALGO_SHA1 ) + sha1_close( a->u.sha1 ); else log_bug(NULL); m_free(a); @@ -116,6 +125,8 @@ md_write( MD_HANDLE *a, byte *inbuf, size_t inlen) md5_write( a->u.md5, inbuf, inlen ); else if( a->algo == DIGEST_ALGO_RMD160 ) rmd160_write( a->u.rmd, inbuf, inlen ); + else if( a->algo == DIGEST_ALGO_SHA1 ) + sha1_write( a->u.sha1, inbuf, inlen ); else log_bug(NULL); } @@ -128,6 +139,8 @@ md_putchar( MD_HANDLE *a, int c ) md5_putchar( a->u.md5, c ); else if( a->algo == DIGEST_ALGO_RMD160 ) rmd160_putchar( a->u.rmd, c ); + else if( a->algo == DIGEST_ALGO_SHA1 ) + sha1_putchar( a->u.sha1, c ); else log_bug(NULL); } @@ -151,6 +164,13 @@ md_final(MD_HANDLE *a) } return a->data; } + else if( a->algo == DIGEST_ALGO_SHA1 ) { + if( !a->datalen ) { + memcpy(a->data, sha1_final( a->u.sha1 ), 20 ); + a->datalen = 20; + } + return a->data; + } else log_bug(NULL); } diff --git a/cipher/random.c b/cipher/random.c index b4abbdda..2848aad7 100644 --- a/cipher/random.c +++ b/cipher/random.c @@ -22,14 +22,23 @@ #include <stdio.h> #include <stdlib.h> #include <errno.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> #include "util.h" #include "cipher.h" -static struct { - int level; +struct cache { int len; - byte buffer[100]; /* fixme: should this be allocated in secure space? */ -} cache; + byte buffer[100]; /* fixme: should be allocalted with m_alloc_secure()*/ +}; + +static struct cache cache[3]; +#define MASK_LEVEL(a) do {if( a > 2 ) a = 2; else if( a < 0 ) a = 0; } while(0) + + +static int open_device( const char *name, int minor ); +static void fill_buffer( byte *buffer, size_t length, int level ); /**************** * Fill the buffer with LENGTH bytes of cryptologic strong @@ -39,30 +48,77 @@ static struct { void randomize_buffer( byte *buffer, size_t length, int level ) { - FILE *fp; - - if( level == 2 ) - level = 1; /* 2 is much too slow */ - /* FIXME: do a stat and check that we have the correct device numbers*/ - fp = fopen(level < 2? "/dev/urandom":"/dev/random", "r"); - if( !fp ) - log_fatal("can't open random device: %s\n", strerror(errno) ); for( ; length; length-- ) - *buffer++ = getc(fp); - fclose(fp); + *buffer++ = get_random_byte(level); } byte get_random_byte( int level ) { - if( !cache.len || cache.level < level ) { - randomize_buffer(cache.buffer, DIM(cache.buffer), level ); - cache.level = level; - cache.len = DIM(cache.buffer); + MASK_LEVEL(level); + if( !cache[level].len ) { + fill_buffer(cache[level].buffer, DIM(cache[level].buffer), level ); + cache[level].len = DIM(cache[level].buffer); } - return cache.buffer[--cache.len]; + return cache[level].buffer[--cache[level].len]; } + + +static int +open_device( const char *name, int minor ) +{ + int fd; + struct stat sb; + + fd = open( name, O_RDONLY ); + if( fd == -1 ) + log_fatal("can't open %s: %s\n", name, strerror(errno) ); + if( fstat( fd, &sb ) ) + log_fatal("stat() off %s failed: %s\n", name, strerror(errno) ); + if( !S_ISCHR(sb.st_mode) + #ifdef __linux__ + || (sb.st_rdev >> 8) != 1 + || (sb.st_rdev & 0xff) != minor + #endif + ) + log_fatal("invalid random device!\n" ); + return fd; +} + + +static void +fill_buffer( byte *buffer, size_t length, int level ) +{ + FILE *fp; + static int fd_urandom = -1; + static int fd_random = -1; + int fd; + int n; + + if( level == 2 ) { + if( fd_random == -1 ) + fd_random = open_device( "/dev/random", 8 ); + fd = fd_random; + } + else { + if( fd_urandom == -1 ) + fd_urandom = open_device( "/dev/urandom", 9 ); + fd = fd_urandom; + } + + + do { + do { + n = read(fd, buffer, length ); + } while( n == -1 && errno == EINTR ); + if( n == -1 ) + log_fatal("read error on random device: %s\n", strerror(errno) ); + buffer += n; + length -= n; + } while( length ); +} + diff --git a/cipher/rsa.c b/cipher/rsa.c deleted file mode 100644 index db82b48d..00000000 --- a/cipher/rsa.c +++ /dev/null @@ -1,214 +0,0 @@ -/* rsa.c - RSA function - * Copyright (c) 1997 by Werner Koch (dd9jn) - * - * ATTENTION: This code should not be exported from the United States - * nor should it be used their without a license agreement with PKP. - * The RSA alorithm is protected by U.S. Patent #4,405,829 which - * expires on September 20, 2000! - * - * For a description of the algorithm, see: - * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. - * ISBN 0-471-11709-9. Pages 466 ff. - * - * This file is part of G10. - * - * G10 is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * G10 is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - */ - -#include <config.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include "util.h" -#include "mpi.h" -#include "cipher.h" - - -void -rsa_free_public_key( RSA_public_key *pk ) -{ - mpi_free( pk->n ); pk->n = NULL; - mpi_free( pk->e ); pk->e = NULL; -} - -void -rsa_free_secret_key( RSA_secret_key *sk ) -{ - mpi_free( sk->e ); sk->e = NULL; - mpi_free( sk->n ); sk->n = NULL; - mpi_free( sk->p ); sk->p = NULL; - mpi_free( sk->q ); sk->q = NULL; - mpi_free( sk->d ); sk->d = NULL; - mpi_free( sk->u ); sk->u = NULL; -} - - -static void -test_keys( RSA_public_key *pk, RSA_secret_key *sk, unsigned nbits ) -{ - MPI test = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); - MPI out1 = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); - MPI out2 = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); - - mpi_set_bytes( test, nbits, get_random_byte, 0 ); - - rsa_public( out1, test, pk ); - rsa_secret( out2, out1, sk ); - if( mpi_cmp( test, out2 ) ) - log_fatal("RSA operation: public, secret failed\n"); - rsa_secret( out1, test, sk ); - rsa_public( out2, out1, pk ); - if( mpi_cmp( test, out2 ) ) - log_fatal("RSA operation: secret, public failed\n"); - mpi_free( test ); - mpi_free( out1 ); - mpi_free( out2 ); -} - -/**************** - * Generate a key pair with a key of size NBITS - * Returns: 2 structures filles with all needed values - */ -void -rsa_generate( RSA_public_key *pk, RSA_secret_key *sk, unsigned nbits ) -{ - MPI p, q; /* the two primes */ - MPI d; /* the private key */ - MPI u; - MPI t1, t2; - MPI n; /* the public key */ - MPI e; /* the exponent */ - MPI phi; /* helper: (p-a)(q-1) */ - MPI g; - MPI f; - - /* select two (very secret) primes */ - p = generate_secret_prime( nbits / 2 ); - q = generate_secret_prime( nbits / 2 ); - if( mpi_cmp( p, q ) > 0 ) /* p shall be smaller than q (for calc of u)*/ - mpi_swap(p,q); - /* calculate Euler totient: phi = (p-1)(q-1) */ - t1 = mpi_alloc_secure( mpi_get_nlimbs(p) ); - t2 = mpi_alloc_secure( mpi_get_nlimbs(p) ); - phi = mpi_alloc_secure( nbits / BITS_PER_MPI_LIMB ); - g = mpi_alloc_secure( nbits / BITS_PER_MPI_LIMB ); - f = mpi_alloc_secure( nbits / BITS_PER_MPI_LIMB ); - mpi_sub_ui( t1, p, 1 ); - mpi_sub_ui( t2, q, 1 ); - mpi_mul( phi, t1, t2 ); - mpi_gcd(g, t1, t2); - mpi_fdiv_q(f, phi, g); - /* multiply them to make the private key */ - n = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); - mpi_mul( n, p, q ); - /* find a public exponent */ - e = mpi_alloc(1); - mpi_set_ui( e, 17); /* start with 17 */ - while( !mpi_gcd(t1, e, phi) ) /* (while gcd is not 1) */ - mpi_add_ui( e, e, 2); - /* calculate the secret key d = e^1 mod phi */ - d = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); - mpi_invm(d, e, f ); - /* calculate the inverse of p and q (used for chinese remainder theorem)*/ - u = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); - mpi_invm(u, p, q ); - - if( DBG_CIPHER ) { - log_mpidump(" p= ", p ); - log_mpidump(" q= ", q ); - log_mpidump("phi= ", phi ); - log_mpidump(" g= ", g ); - log_mpidump(" f= ", f ); - log_mpidump(" n= ", n ); - log_mpidump(" e= ", e ); - log_mpidump(" d= ", d ); - log_mpidump(" u= ", u ); - } - - mpi_free(t1); - mpi_free(t2); - mpi_free(phi); - mpi_free(f); - mpi_free(g); - - pk->n = mpi_copy(n); - pk->e = mpi_copy(e); - sk->n = n; - sk->e = e; - sk->p = p; - sk->q = q; - sk->d = d; - sk->u = u; - - /* now we can test our keys (this should never fail!) */ - test_keys( pk, sk, nbits - 64 ); -} - - -/**************** - * Test wether the secret key is valid. - * Returns: true if this is a valid key. - */ -int -rsa_check_secret_key( RSA_secret_key *sk ) -{ - int rc; - MPI temp = mpi_alloc( mpi_get_nlimbs(sk->p)*2 ); - - mpi_mul(temp, sk->p, sk->q ); - rc = mpi_cmp( temp, sk->n ); - mpi_free(temp); - return !rc; -} - - - -/**************** - * Public key operation. Encrypt INPUT with PKEY and put result into OUTPUT. - * - * c = m^e mod n - * - * Where c is OUTPUT, m is INPUT and e,n are elements of PKEY. - */ -void -rsa_public(MPI output, MPI input, RSA_public_key *pkey ) -{ - if( output == input ) { /* powm doesn't like output and input the same */ - MPI x = mpi_alloc( mpi_get_nlimbs(input)*2 ); - mpi_powm( x, input, pkey->e, pkey->n ); - mpi_set(output, x); - mpi_free(x); - } - else - mpi_powm( output, input, pkey->e, pkey->n ); -} - -/**************** - * Secret key operation. Encrypt INPUT with SKEY and put result into OUTPUT. - * - * m = c^d mod n - * - * Where m is OUTPUT, c is INPUT and d,n are elements of PKEY. - * - * FIXME: We should better use the Chinese Remainder Theorem - */ -void -rsa_secret(MPI output, MPI input, RSA_secret_key *skey ) -{ - mpi_powm( output, input, skey->d, skey->n ); -} - - - diff --git a/cipher/rsa.h b/cipher/rsa.h deleted file mode 100644 index 1b6d189b..00000000 --- a/cipher/rsa.h +++ /dev/null @@ -1,54 +0,0 @@ -/* rsa.h - * Copyright (c) 1997 by Werner Koch (dd9jn) - * - * ATTENTION: This code should not be exported from the United States - * nor should it be used their without a license agreement with PKP. - * The RSA alorithm is protected by U.S. Patent #4,405,829 which - * expires on September 20, 2000! - * - * This file is part of G10. - * - * G10 is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * G10 is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - */ -#ifndef G10_RSA_H -#define G10_RSA_H - -#include "mpi.h" - -typedef struct { - MPI e; /* exponent */ - MPI n; /* modulus */ -} RSA_public_key; - - -typedef struct { - MPI e; /* public exponent */ - MPI n; /* public modulus */ - MPI p; /* prime p. */ - MPI q; /* prime q. */ - MPI d; /* exponent */ - MPI u; /* inverse of p mod q. */ -} RSA_secret_key; - - -void rsa_free_public_key( RSA_public_key *pk ); -void rsa_free_secret_key( RSA_secret_key *sk ); -void rsa_generate( RSA_public_key *pk, RSA_secret_key *sk, unsigned nbits ); -int rsa_check_secret_key( RSA_secret_key *sk ); -void rsa_public(MPI output, MPI input, RSA_public_key *skey ); -void rsa_secret(MPI output, MPI input, RSA_secret_key *skey ); - - -#endif /*G10_RSA_H*/ diff --git a/cipher/sha1.c b/cipher/sha1.c new file mode 100644 index 00000000..95d6cc94 --- /dev/null +++ b/cipher/sha1.c @@ -0,0 +1,400 @@ +/* sha1.c - SHA1 hash function + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * Please see below for more legal informations! + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +/* I took the code for transform() from the Linux kernel + * (/usr/src/linux/drivers/char/random.c) which has + * + * a) This notice: + * --------------- + * SHA transform algorithm, taken from code written by Peter Gutman, + * and apparently in the public domain. + * + * b) This copyright notice: + * ------------------------- + * Version 1.00, last modified 26-May-96 + * + * Copyright Theodore Ts'o, 1994, 1995, 1996. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + + +/* Test vectors: + * + * "abc" + * A999 3E36 4706 816A BA3E 2571 7850 C26C 9CD0 D89D + * + * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + * 8498 3E44 1C3B D26E BAAE 4AA1 F951 29E5 E546 70F1 + */ + + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include "util.h" +#include "memory.h" +#include "cipher.h" /* grrrr */ +#include "sha1.h" + + +/* The SHA f()-functions. */ +#define f1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) /* Rounds 0-19 */ +#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */ +#define f3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) /* Rounds 40-59 */ +#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */ + +/* The SHA Mysterious Constants */ +#define K1 0x5A827999L /* Rounds 0-19 */ +#define K2 0x6ED9EBA1L /* Rounds 20-39 */ +#define K3 0x8F1BBCDCL /* Rounds 40-59 */ +#define K4 0xCA62C1D6L /* Rounds 60-79 */ + +#define ROTL(n,X) ( ( ( X ) << n ) | ( ( X ) >> ( 32 - n ) ) ) + +#define expand(W,i) ( W[ i & 15 ] = \ + ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \ + W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) ) ) + +#define subRound(a, b, c, d, e, f, k, data) \ + ( e += ROTL( 5, a ) + f( b, c, d ) + k + data, b = ROTL( 30, b ) ) + + +static void +initialize( SHA1HANDLE hd ) +{ + hd->h0 = 0x67452301; + hd->h1 = 0xefcdab89; + hd->h2 = 0x98badcfe; + hd->h3 = 0x10325476; + hd->h4 = 0xc3d2e1f0; + hd->bufcount = 0; + hd->nblocks = 0; +} + + +/**************** + * Transform the message X which consists of 16 32-bit-words + */ +static void +transform( SHA1HANDLE hd, byte *data ) +{ + u32 A, B, C, D, E; /* Local vars */ + u32 eData[ 16 ]; /* Expanded data */ + + /* Set up first buffer and local data buffer */ + A = hd->h0; + B = hd->h1; + C = hd->h2; + D = hd->h3; + E = hd->h4; + + #ifdef HAVE_BIG_ENDIAN + memcpy( eData, data, 64 ); + #else + { int i; + byte *p2; + for(i=0, p2=(byte*)eData; i < 16; i++, p2 += 4 ) { + p2[3] = *data++; + p2[2] = *data++; + p2[1] = *data++; + p2[0] = *data++; + } + } + #endif + + /* Heavy mangling, in 4 sub-rounds of 20 iterations each. */ + subRound( A, B, C, D, E, f1, K1, eData[ 0 ] ); + subRound( E, A, B, C, D, f1, K1, eData[ 1 ] ); + subRound( D, E, A, B, C, f1, K1, eData[ 2 ] ); + subRound( C, D, E, A, B, f1, K1, eData[ 3 ] ); + subRound( B, C, D, E, A, f1, K1, eData[ 4 ] ); + subRound( A, B, C, D, E, f1, K1, eData[ 5 ] ); + subRound( E, A, B, C, D, f1, K1, eData[ 6 ] ); + subRound( D, E, A, B, C, f1, K1, eData[ 7 ] ); + subRound( C, D, E, A, B, f1, K1, eData[ 8 ] ); + subRound( B, C, D, E, A, f1, K1, eData[ 9 ] ); + subRound( A, B, C, D, E, f1, K1, eData[ 10 ] ); + subRound( E, A, B, C, D, f1, K1, eData[ 11 ] ); + subRound( D, E, A, B, C, f1, K1, eData[ 12 ] ); + subRound( C, D, E, A, B, f1, K1, eData[ 13 ] ); + subRound( B, C, D, E, A, f1, K1, eData[ 14 ] ); + subRound( A, B, C, D, E, f1, K1, eData[ 15 ] ); + subRound( E, A, B, C, D, f1, K1, expand( eData, 16 ) ); + subRound( D, E, A, B, C, f1, K1, expand( eData, 17 ) ); + subRound( C, D, E, A, B, f1, K1, expand( eData, 18 ) ); + subRound( B, C, D, E, A, f1, K1, expand( eData, 19 ) ); + + subRound( A, B, C, D, E, f2, K2, expand( eData, 20 ) ); + subRound( E, A, B, C, D, f2, K2, expand( eData, 21 ) ); + subRound( D, E, A, B, C, f2, K2, expand( eData, 22 ) ); + subRound( C, D, E, A, B, f2, K2, expand( eData, 23 ) ); + subRound( B, C, D, E, A, f2, K2, expand( eData, 24 ) ); + subRound( A, B, C, D, E, f2, K2, expand( eData, 25 ) ); + subRound( E, A, B, C, D, f2, K2, expand( eData, 26 ) ); + subRound( D, E, A, B, C, f2, K2, expand( eData, 27 ) ); + subRound( C, D, E, A, B, f2, K2, expand( eData, 28 ) ); + subRound( B, C, D, E, A, f2, K2, expand( eData, 29 ) ); + subRound( A, B, C, D, E, f2, K2, expand( eData, 30 ) ); + subRound( E, A, B, C, D, f2, K2, expand( eData, 31 ) ); + subRound( D, E, A, B, C, f2, K2, expand( eData, 32 ) ); + subRound( C, D, E, A, B, f2, K2, expand( eData, 33 ) ); + subRound( B, C, D, E, A, f2, K2, expand( eData, 34 ) ); + subRound( A, B, C, D, E, f2, K2, expand( eData, 35 ) ); + subRound( E, A, B, C, D, f2, K2, expand( eData, 36 ) ); + subRound( D, E, A, B, C, f2, K2, expand( eData, 37 ) ); + subRound( C, D, E, A, B, f2, K2, expand( eData, 38 ) ); + subRound( B, C, D, E, A, f2, K2, expand( eData, 39 ) ); + + subRound( A, B, C, D, E, f3, K3, expand( eData, 40 ) ); + subRound( E, A, B, C, D, f3, K3, expand( eData, 41 ) ); + subRound( D, E, A, B, C, f3, K3, expand( eData, 42 ) ); + subRound( C, D, E, A, B, f3, K3, expand( eData, 43 ) ); + subRound( B, C, D, E, A, f3, K3, expand( eData, 44 ) ); + subRound( A, B, C, D, E, f3, K3, expand( eData, 45 ) ); + subRound( E, A, B, C, D, f3, K3, expand( eData, 46 ) ); + subRound( D, E, A, B, C, f3, K3, expand( eData, 47 ) ); + subRound( C, D, E, A, B, f3, K3, expand( eData, 48 ) ); + subRound( B, C, D, E, A, f3, K3, expand( eData, 49 ) ); + subRound( A, B, C, D, E, f3, K3, expand( eData, 50 ) ); + subRound( E, A, B, C, D, f3, K3, expand( eData, 51 ) ); + subRound( D, E, A, B, C, f3, K3, expand( eData, 52 ) ); + subRound( C, D, E, A, B, f3, K3, expand( eData, 53 ) ); + subRound( B, C, D, E, A, f3, K3, expand( eData, 54 ) ); + subRound( A, B, C, D, E, f3, K3, expand( eData, 55 ) ); + subRound( E, A, B, C, D, f3, K3, expand( eData, 56 ) ); + subRound( D, E, A, B, C, f3, K3, expand( eData, 57 ) ); + subRound( C, D, E, A, B, f3, K3, expand( eData, 58 ) ); + subRound( B, C, D, E, A, f3, K3, expand( eData, 59 ) ); + + subRound( A, B, C, D, E, f4, K4, expand( eData, 60 ) ); + subRound( E, A, B, C, D, f4, K4, expand( eData, 61 ) ); + subRound( D, E, A, B, C, f4, K4, expand( eData, 62 ) ); + subRound( C, D, E, A, B, f4, K4, expand( eData, 63 ) ); + subRound( B, C, D, E, A, f4, K4, expand( eData, 64 ) ); + subRound( A, B, C, D, E, f4, K4, expand( eData, 65 ) ); + subRound( E, A, B, C, D, f4, K4, expand( eData, 66 ) ); + subRound( D, E, A, B, C, f4, K4, expand( eData, 67 ) ); + subRound( C, D, E, A, B, f4, K4, expand( eData, 68 ) ); + subRound( B, C, D, E, A, f4, K4, expand( eData, 69 ) ); + subRound( A, B, C, D, E, f4, K4, expand( eData, 70 ) ); + subRound( E, A, B, C, D, f4, K4, expand( eData, 71 ) ); + subRound( D, E, A, B, C, f4, K4, expand( eData, 72 ) ); + subRound( C, D, E, A, B, f4, K4, expand( eData, 73 ) ); + subRound( B, C, D, E, A, f4, K4, expand( eData, 74 ) ); + subRound( A, B, C, D, E, f4, K4, expand( eData, 75 ) ); + subRound( E, A, B, C, D, f4, K4, expand( eData, 76 ) ); + subRound( D, E, A, B, C, f4, K4, expand( eData, 77 ) ); + subRound( C, D, E, A, B, f4, K4, expand( eData, 78 ) ); + subRound( B, C, D, E, A, f4, K4, expand( eData, 79 ) ); + + /* Build message digest */ + hd->h0 += A; + hd->h1 += B; + hd->h2 += C; + hd->h3 += D; + hd->h4 += E; +} + + + + +SHA1HANDLE +sha1_open( int secure ) +{ + SHA1HANDLE hd; + + hd = secure? m_alloc_secure( sizeof *hd ) + : m_alloc( sizeof *hd ); + initialize(hd); + return hd; +} + + +SHA1HANDLE +sha1_copy( SHA1HANDLE a ) +{ + SHA1HANDLE b; + + assert(a); + b = m_is_secure(a)? m_alloc_secure( sizeof *b ) + : m_alloc( sizeof *b ); + memcpy( b, a, sizeof *a ); + return b; +} + + +/* BAD Kludge!!! */ +MD_HANDLE * +sha1_copy2md( SHA1HANDLE a ) +{ + MD_HANDLE *md = md_makecontainer( DIGEST_ALGO_SHA1 ); + md->u.sha1 = sha1_copy( a ); + return md; +} + + + +void +sha1_close(SHA1HANDLE hd) +{ + if( hd ) + m_free(hd); +} + + + +/* Update the message digest with the contents + * of INBUF with length INLEN. + */ +void +sha1_write( SHA1HANDLE hd, byte *inbuf, size_t inlen) +{ + if( hd->bufcount == 64 ) { /* flush the buffer */ + transform( hd, hd->buffer ); + hd->bufcount = 0; + hd->nblocks++; + } + if( !inbuf ) + return; + if( hd->bufcount ) { + for( ; inlen && hd->bufcount < 64; inlen-- ) + hd->buffer[hd->bufcount++] = *inbuf++; + sha1_write( hd, NULL, 0 ); + if( !inlen ) + return; + } + + while( inlen >= 64 ) { + transform( hd, inbuf ); + hd->bufcount = 0; + hd->nblocks++; + inlen -= 64; + inbuf += 64; + } + for( ; inlen && hd->bufcount < 64; inlen-- ) + hd->buffer[hd->bufcount++] = *inbuf++; +} + + +/* The routine final terminates the computation and + * returns the digest. + * The handle is prepared for a new cycle, but adding bytes to the + * handle will the destroy the returned buffer. + * Returns: 20 bytes representing the digest. + */ + +byte * +sha1_final(SHA1HANDLE hd) +{ + u32 t, msb, lsb; + byte *p; + + sha1_write(hd, NULL, 0); /* flush */; + + msb = 0; + t = hd->nblocks; + if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */ + msb++; + msb += t >> 26; + t = lsb; + if( (lsb = t + hd->bufcount) < t ) /* add the bufcount */ + msb++; + t = lsb; + if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */ + msb++; + msb += t >> 29; + + if( hd->bufcount < 56 ) { /* enough room */ + hd->buffer[hd->bufcount++] = 0x80; /* pad */ + while( hd->bufcount < 56 ) + hd->buffer[hd->bufcount++] = 0; /* pad */ + } + else { /* need one extra block */ + hd->buffer[hd->bufcount++] = 0x80; /* pad character */ + while( hd->bufcount < 64 ) + hd->buffer[hd->bufcount++] = 0; + sha1_write(hd, NULL, 0); /* flush */; + memset(hd->buffer, 0, 56 ); /* fill next block with zeroes */ + } + /* append the 64 bit count */ + hd->buffer[56] = msb >> 24; + hd->buffer[57] = msb >> 16; + hd->buffer[58] = msb >> 8; + hd->buffer[59] = msb ; + hd->buffer[60] = lsb >> 24; + hd->buffer[61] = lsb >> 16; + hd->buffer[62] = lsb >> 8; + hd->buffer[63] = lsb ; + transform( hd, hd->buffer ); + + p = hd->buffer; + #ifdef HAVE_BIG_ENDIAN + #define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0) + #else /* little endian */ + #define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \ + *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0) + #endif + X(0); + X(1); + X(2); + X(3); + X(4); + #undef X + + initialize( hd ); /* prepare for next cycle */ + return hd->buffer; /* now contains the digest */ +} + + + diff --git a/cipher/sha1.h b/cipher/sha1.h new file mode 100644 index 00000000..ca03936f --- /dev/null +++ b/cipher/sha1.h @@ -0,0 +1,50 @@ +/* sha1.h - SHA1 hash function + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ +#ifndef G10_SHA1_H +#define G10_SHA1_H + +#include "types.h" + +typedef struct { + u32 h0,h1,h2,h3,h4; + u32 nblocks; + byte buffer[64]; + int bufcount; +} *SHA1HANDLE; + + +/**************** + * Process a single character, this character will be buffered to + * increase performance. + */ +#define sha1_putchar(h,c) \ + do { \ + if( (h)->bufcount == 64 ) \ + sha1_write( (h), NULL, 0 ); \ + (h)->buffer[(h)->bufcount++] = (c) & 0xff; \ + } while(0) + +SHA1HANDLE sha1_open( int secure ); +SHA1HANDLE sha1_copy( SHA1HANDLE a ); +void sha1_close( SHA1HANDLE hd ); +void sha1_write( SHA1HANDLE hd, byte *inbuf, size_t inlen ); +byte * sha1_final( SHA1HANDLE hd ); + +#endif /*G10_SHA1_H*/ |