Commit df7d6bf6 authored by Niels Möller's avatar Niels Möller
Browse files

*** empty log message ***

Rev: ChangeLog:1.360
Rev: src/nettle/.cvsignore:1.2
Rev: src/nettle/ChangeLog:1.3
Rev: src/nettle/aes.c:1.2
Rev: src/nettle/des.c:1.1
Rev: src/nettle/des.h:1.1
Rev: src/nettle/desCode.h:1.1
Rev: src/nettle/descore.README:1.1
Rev: src/nettle/desdata.c:1.1
Rev: src/nettle/desinfo.h:1.1
Rev: src/nettle/testsuite/.cvsignore:1.2
parent caa82fb0
2001-06-12 Niels Mller <nisse@cuckoo.hack.org>
* src/dsa.c, src/dsa_keygen.c, src/md5.c, src/rijndael.c,
src/sha.c: Adapted to the nettle API.
* configure.in: Use src/nettle instead of src/symmetric.
* src/Makefile.am.in: Likewise.
2001-06-09 Niels Mller <nisse@cuckoo.hack.org>
* src/io.c (do_consuming_read): In the EOF case, call
......
......@@ -8,5 +8,9 @@ config.h.in
config.log
config.status
configure
desdata
keymap.h
parity.h
rotors.h
stamp-h
stamp-h.in
......@@ -8,5 +8,9 @@
/config.log
/config.status
/configure
/desdata
/keymap.h
/parity.h
/rotors.h
/stamp-h
/stamp-h.in
2001-06-12 Niels Mller <nisse@cuckoo.hack.org>
* testsuite/Makefile.am (TS_PROGS): Added tests for des and sha1.
* testsuite/sha1-test.m4: New file.
* testsuite/des-test.m4: New file.
* Added SHA1 files.
* Added desCore files.
* Makefile.am: Added desCore and sha1.
2001-04-17 Niels Mller <nisse@cuckoo.hack.org>
* install-sh: Copied the standard install script.
......
/* aes.h
/* aes.c
*
* The aes/rijndael block cipher.
*/
......
/* des.c
*
* The des block cipher.
*
* $Id$
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The GNU MP Library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the GNU MP Library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*/
#include "des.h"
#include "desCode.h"
#include <assert.h>
static ENCRYPT(DesSmallFipsEncrypt,TEMPSMALL, LOADFIPS,KEYMAPSMALL,SAVEFIPS)
static DECRYPT(DesSmallFipsDecrypt,TEMPSMALL, LOADFIPS,KEYMAPSMALL,SAVEFIPS)
/* various tables */
uint32_t des_keymap[] = {
#include "keymap.h"
};
static uint8_t rotors[] = {
#include "rotors.h"
};
static char parity[] = {
#include "parity.h"
};
int
des_set_key(struct des_ctx *ctx, const uint8_t *key)
{
register uint32_t n, w;
register char * b0, * b1;
char bits0[56], bits1[56];
uint32_t *method;
uint8_t *k;
/* check for bad parity and weak keys */
b0 = parity;
n = b0[key[0]]; n <<= 4;
n |= b0[key[1]]; n <<= 4;
n |= b0[key[2]]; n <<= 4;
n |= b0[key[3]]; n <<= 4;
n |= b0[key[4]]; n <<= 4;
n |= b0[key[5]]; n <<= 4;
n |= b0[key[6]]; n <<= 4;
n |= b0[key[7]];
w = 0x88888888l;
/* report bad parity in key */
if ( n & w )
{
ctx->status = DES_BAD_PARITY;
return 0;
}
ctx->status = DES_WEAK_KEY;
/* report a weak or semi-weak key */
if ( !((n - (w >> 3)) & w) ) { /* 1 in 10^10 keys passes this test */
if ( n < 0X41415151 ) {
if ( n < 0X31312121 ) {
if ( n < 0X14141515 ) {
/* 01 01 01 01 01 01 01 01 */
if ( n == 0X11111111 ) return 0;
/* 01 1F 01 1F 01 0E 01 0E */
if ( n == 0X13131212 ) return 0;
} else {
/* 01 E0 01 E0 01 F1 01 F1 */
if ( n == 0X14141515 ) return 0;
/* 01 FE 01 FE 01 FE 01 FE */
if ( n == 0X16161616 ) return 0;
}
} else {
if ( n < 0X34342525 ) {
/* 1F 01 1F 01 0E 01 0E 01 */
if ( n == 0X31312121 ) return 0;
/* 1F 1F 1F 1F 0E 0E 0E 0E */ /* ? */
if ( n == 0X33332222 ) return 0;;
} else {
/* 1F E0 1F E0 0E F1 0E F1 */
if ( n == 0X34342525 ) return 0;;
/* 1F FE 1F FE 0E FE 0E FE */
if ( n == 0X36362626 ) return 0;;
}
}
} else {
if ( n < 0X61616161 ) {
if ( n < 0X44445555 ) {
/* E0 01 E0 01 F1 01 F1 01 */
if ( n == 0X41415151 ) return 0;
/* E0 1F E0 1F F1 0E F1 0E */
if ( n == 0X43435252 ) return 0;
} else {
/* E0 E0 E0 E0 F1 F1 F1 F1 */ /* ? */
if ( n == 0X44445555 ) return 0;
/* E0 FE E0 FE F1 FE F1 FE */
if ( n == 0X46465656 ) return 0;
}
} else {
if ( n < 0X64646565 ) {
/* FE 01 FE 01 FE 01 FE 01 */
if ( n == 0X61616161 ) return 0;
/* FE 1F FE 1F FE 0E FE 0E */
if ( n == 0X63636262 ) return 0;
} else {
/* FE E0 FE E0 FE F1 FE F1 */
if ( n == 0X64646565 ) return 0;
/* FE FE FE FE FE FE FE FE */
if ( n == 0X66666666 ) return 0;
}
}
}
}
/* key is ok */
ctx->status = DES_OK;
/* explode the bits */
n = 56;
b0 = bits0;
b1 = bits1;
do {
w = (256 | *key++) << 2;
do {
--n;
b1[n] = 8 & w;
w >>= 1;
b0[n] = 4 & w;
} while ( w >= 16 );
} while ( n );
/* put the bits in the correct places */
n = 16;
k = rotors;
method = ctx->key;
do {
w = (b1[k[ 0 ]] | b0[k[ 1 ]]) << 4;
w |= (b1[k[ 2 ]] | b0[k[ 3 ]]) << 2;
w |= b1[k[ 4 ]] | b0[k[ 5 ]];
w <<= 8;
w |= (b1[k[ 6 ]] | b0[k[ 7 ]]) << 4;
w |= (b1[k[ 8 ]] | b0[k[ 9 ]]) << 2;
w |= b1[k[10 ]] | b0[k[11 ]];
w <<= 8;
w |= (b1[k[12 ]] | b0[k[13 ]]) << 4;
w |= (b1[k[14 ]] | b0[k[15 ]]) << 2;
w |= b1[k[16 ]] | b0[k[17 ]];
w <<= 8;
w |= (b1[k[18 ]] | b0[k[19 ]]) << 4;
w |= (b1[k[20 ]] | b0[k[21 ]]) << 2;
w |= b1[k[22 ]] | b0[k[23 ]];
method[0] = w;
w = (b1[k[ 0+24]] | b0[k[ 1+24]]) << 4;
w |= (b1[k[ 2+24]] | b0[k[ 3+24]]) << 2;
w |= b1[k[ 4+24]] | b0[k[ 5+24]];
w <<= 8;
w |= (b1[k[ 6+24]] | b0[k[ 7+24]]) << 4;
w |= (b1[k[ 8+24]] | b0[k[ 9+24]]) << 2;
w |= b1[k[10+24]] | b0[k[11+24]];
w <<= 8;
w |= (b1[k[12+24]] | b0[k[13+24]]) << 4;
w |= (b1[k[14+24]] | b0[k[15+24]]) << 2;
w |= b1[k[16+24]] | b0[k[17+24]];
w <<= 8;
w |= (b1[k[18+24]] | b0[k[19+24]]) << 4;
w |= (b1[k[20+24]] | b0[k[21+24]]) << 2;
w |= b1[k[22+24]] | b0[k[23+24]];
ROR(w, 4, 28); /* could be eliminated */
method[1] = w;
k += 48;
method += 2;
} while ( --n );
return 1;
}
void
des_encrypt(struct des_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src)
{
assert(!(length % DES_BLOCK_SIZE));
while (length)
{
DesSmallFipsEncrypt(dst, ctx->key, src);
length -= DES_BLOCK_SIZE;
src += DES_BLOCK_SIZE;
dst += DES_BLOCK_SIZE;
}
}
void
des_decrypt(struct des_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src)
{
assert(!(length % DES_BLOCK_SIZE));
while (length)
{
DesSmallFipsDecrypt(dst, ctx->key, src);
length -= DES_BLOCK_SIZE;
src += DES_BLOCK_SIZE;
dst += DES_BLOCK_SIZE;
}
}
/* des.h
*
* The des block cipher.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 1992, 2001, Dana L. How, Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The GNU MP Library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the GNU MP Library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
/*
* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `../lib/descore.README' for the complete copyright
* notice.
*
* Slightly edited by Niels Mller, 1997
*/
#ifndef NETTLE_DES_H
#define NETTLE_DES_H
#include <stdint.h>
#define DES_KEY_SIZE 8
#define DES_BLOCK_SIZE 8
/* Expanded key length */
#define _DES_KEY_LENGTH 32
enum des_error { DES_OK, DES_BAD_PARITY, DES_WEAK_KEY };
struct des_ctx
{
uint32_t key[_DES_KEY_LENGTH];
enum des_error status;
};
/* On success, returns 1 and sets ctx->status to DES_OK. On error,
* returns 0 and sets ctx->status accordingly. */
int
des_set_key(struct des_ctx *ctx, const uint8_t *key);
void
des_encrypt(struct des_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
void
des_decrypt(struct des_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
#endif /* NETTLE_DES_H */
/* desCode.h
*
* $Id$ */
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*/
#include "des.h"
extern uint32_t des_keymap[];
extern uint32_t des_bigmap[];
/* optional customization:
* the idea here is to alter the code so it will still run correctly
* on any machine, but the quickest on the specific machine in mind.
* note that these silly tweaks can give you a 15%-20% speed improvement
* on the sparc -- it's probably even more significant on the 68000. */
/* take care of machines with incredibly few registers */
#if defined(i386)
#define REGISTER /* only x, y, z will be declared register */
#else
#define REGISTER register
#endif /* i386 */
/* is auto inc/dec faster than 7bit unsigned indexing? */
#if defined(vax) || defined(mc68000)
#define FIXR r += 32;
#define FIXS s += 8;
#define PREV(v,o) *--v
#define NEXT(v,o) *v++
#else
#define FIXR
#define FIXS
#define PREV(v,o) v[o]
#define NEXT(v,o) v[o]
#endif
/* if no machine type, default is indexing, 6 registers and cheap literals */
#if !defined(i386) && !defined(vax) && !defined(mc68000) && !defined(sparc)
#define vax
#endif
/* handle a compiler which can't reallocate registers */
/* The BYTE type is used as parameter for the encrypt/decrypt functions.
* It's pretty bad to have the function prototypes depend on
* a macro definition that the users of the function doesn't
* know about. /Niels */
#if 0 /* didn't feel like deleting */
#define SREGFREE ; s = (uint8_t *) D
#define DEST s
#define D m0
#define BYTE uint32_t
#else
#define SREGFREE
#define DEST d
#define D d
#define BYTE uint8_t
#endif
/* handle constants in the optimal way for 386 & vax */
/* 386: we declare 3 register variables (see above) and use 3 more variables;
* vax: we use 6 variables, all declared register;
* we assume address literals are cheap & unrestricted;
* we assume immediate constants are cheap & unrestricted. */
#if defined(i386) || defined(vax)
#define MQ0 des_bigmap
#define MQ1 (des_bigmap + 64)
#define MQ2 (des_bigmap + 128)
#define MQ3 (des_bigmap + 192)
#define HQ0(z) /* z |= 0x01000000L; */
#define HQ2(z) /* z |= 0x03000200L; */
#define LQ0(z) 0xFCFC & z
#define LQ1(z) 0xFCFC & z
#define LQ2(z) 0xFCFC & z
#define LQ3(z) 0xFCFC & z
#define SQ 16
#define MS0 des_keymap
#define MS1 (des_keymap + 64)
#define MS2 (des_keymap + 128)
#define MS3 (des_keymap + 192)
#define MS4 (des_keymap + 256)
#define MS5 (des_keymap + 320)
#define MS6 (des_keymap + 384)
#define MS7 (des_keymap + 448)
#define HS(z)
#define LS0(z) 0xFC & z
#define LS1(z) 0xFC & z
#define LS2(z) 0xFC & z
#define LS3(z) 0xFC & z
#define REGQUICK
#define SETQUICK
#define REGSMALL
#define SETSMALL
#endif /* defined(i386) || defined(vax) */
/* handle constants in the optimal way for mc68000 */
/* in addition to the core 6 variables, we declare 3 registers holding constants
* and 4 registers holding address literals.
* at most 6 data values and 5 address values are actively used at once.
* we assume address literals are so expensive we never use them;
* we assume constant index offsets > 127 are expensive, so they are not used.
* we assume all constants are expensive and put them in registers,
* including shift counts greater than 8. */
#if defined(mc68000)
#define MQ0 m0
#define MQ1 m1
#define MQ2 m2
#define MQ3 m3
#define HQ0(z)
#define HQ2(z)
#define LQ0(z) k0 & z
#define LQ1(z) k0 & z
#define LQ2(z) k0 & z
#define LQ3(z) k0 & z
#define SQ k1
#define MS0 m0
#define MS1 m0
#define MS2 m1
#define MS3 m1
#define MS4 m2
#define MS5 m2
#define MS6 m3
#define MS7 m3
#define HS(z) z |= k0;
#define LS0(z) k1 & z
#define LS1(z) k2 & z
#define LS2(z) k1 & z
#define LS3(z) k2 & z
#define REGQUICK \
register uint32_t k0, k1; \
register uint32_t *m0, *m1, *m2, *m3;
#define SETQUICK \
; k0 = 0xFCFC \
; k1 = 16 \
/*k2 = 28 to speed up ROL */ \
; m0 = des_bigmap \
; m1 = m0 + 64 \
; m2 = m1 + 64 \
; m3 = m2 + 64
#define REGSMALL \
register uint32_t k0, k1, k2; \
register uint32_t *m0, *m1, *m2, *m3;
#define SETSMALL \
; k0 = 0x01000100L \
; k1 = 0x0FC \
; k2 = 0x1FC \
; m0 = des_keymap \
; m1 = m0 + 128 \
; m2 = m1 + 128 \
; m3 = m2 + 128
#endif /* defined(mc68000) */
/* handle constants in the optimal way for sparc */
/* in addition to the core 6 variables, we either declare:
* 4 registers holding address literals and 1 register holding a constant, or
* 8 registers holding address literals.
* up to 14 register variables are declared (sparc has %i0-%i5, %l0-%l7).
* we assume address literals are so expensive we never use them;
* we assume any constant with >10 bits is expensive and put it in a register,
* and any other is cheap and is coded in-line. */
#if defined(sparc)
#define MQ0 m0
#define MQ1 m1
#define MQ2 m2
#define MQ3 m3
#define HQ0(z)
#define HQ2(z)
#define LQ0(z) k0 & z
#define LQ1(z) k0 & z
#define LQ2(z) k0 & z
#define LQ3(z) k0 & z
#define SQ 16
#define MS0 m0
#define MS1 m1
#define MS2 m2
#define MS3 m3
#define MS4 m4
#define MS5 m5
#define MS6 m6
#define MS7 m7
#define HS(z)
#define LS0(z) 0xFC & z
#define LS1(z) 0xFC & z
#define LS2(z) 0xFC & z
#define LS3(z) 0xFC & z
#define REGQUICK \
register uint32_t k0; \
register uint32_t *m0, *m1, *m2, *m3;
#define SETQUICK \
; k0 = 0xFCFC \
; m0 = des_bigmap \
; m1 = m0 + 64 \
; m2 = m1 + 64 \
; m3 = m2 + 64
#define REGSMALL \
register uint32_t *m0, *m1, *m2, *m3, *m4, *m5, *m6, *m7;
#define SETSMALL \
; m0 = des_keymap \
; m1 = m0 + 64 \
; m2 = m1 + 64 \
; m3 = m2 + 64 \
; m4 = m3 + 64 \
; m5 = m4 + 64 \
; m6 = m5 + 64 \
; m7 = m6 + 64
#endif /* defined(sparc) */
/* some basic stuff */
/* generate addresses from a base and an index */
/* FIXME: This is used only as *ADD(msi,lsi(z)) or *ADD(mqi,lqi(z)).
* Why not use plain indexing instead? /Niels */
#define ADD(b,x) (uint32_t *) ((uint8_t *)b + (x))
/* low level rotate operations */
#define NOP(d,c,o)
#define ROL(d,c,o) d = d << c | d >> o
#define ROR(d,c,o) d = d >> c | d << o
#define ROL1(d) ROL(d, 1, 31)
#define ROR1(d) ROR(d, 1, 31)
/* elementary swap for doing IP/FP */
#define SWAP(x,y,m,b) \
z = ((x >> b) ^ y) & m; \
x ^= z << b; \
y ^= z
/* the following macros contain all the important code fragments */
/* load input data, then setup special registers holding constants */
#define TEMPQUICK(LOAD) \
REGQUICK \
LOAD() \
SETQUICK
#define TEMPSMALL(LOAD) \
REGSMALL \
LOAD() \
SETSMALL
/* load data */
#define LOADDATA(x,y) \
FIXS \
y = PREV(s, 7); y<<= 8; \
y |= PREV(s, 6); y<<= 8; \
y |= PREV(s, 5); y<<= 8; \
y |= PREV(s, 4); \
x = PREV(s, 3); x<<= 8; \
x |= PREV(s, 2); x<<= 8; \
x |= PREV(s, 1); x<<= 8; \
x |= PREV(s, 0) \
SREGFREE
/* load data without initial permutation and put into efficient position */
#define LOADCORE() \
LOADDATA(x, y); \
ROR1(x); \
ROR1(y)
/* load data, do the initial permutation and put into efficient position */
#define LOADFIPS() \
LOADDATA(y, x); \