Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision

Target

Select target project
  • briansmith/nettle
  • justus/nettle
  • nettle/nettle
  • michaelweiser/nettle
  • aberaud/nettle
  • npocs/nettle
  • ajlawrence/nettle
  • mhoffmann/nettle
  • lumag/nettle
  • mamonet/nettle
  • devnexen/nettle
  • babelouest/nettle
  • ueno/nettle
  • rth/nettle
  • wiml/nettle
15 results
Select Git revision
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 994 additions and 1037 deletions
der2dsa.c 0 → 100644
View file @ 53c76a47
/* der2dsa.c
Decoding of DSA keys in OpenSSL and X.509.1 format.
Copyright (C) 2005, 2009 Niels Möller, Magnus Holmgren
Copyright (C) 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "dsa.h"
#include "bignum.h"
#include "asn1.h"
#define GET(i, x, l) \
(asn1_der_iterator_next((i)) == ASN1_ITERATOR_PRIMITIVE \
&& (i)->type == ASN1_INTEGER \
&& asn1_der_get_bignum((i), (x), (l)) \
&& mpz_sgn((x)) > 0)
/* If q_bits > 0, q is required to be of exactly this size. */
int
dsa_params_from_der_iterator(struct dsa_params *params,
unsigned max_bits, unsigned q_bits,
struct asn1_der_iterator *i)
{
/* Dss-Parms ::= SEQUENCE {
p INTEGER,
q INTEGER,
g INTEGER
}
*/
if (i->type == ASN1_INTEGER
&& asn1_der_get_bignum(i, params->p, max_bits)
&& mpz_sgn(params->p) > 0)
{
unsigned p_bits = mpz_sizeinbase (params->p, 2);
return (GET(i, params->q, q_bits ? q_bits : p_bits)
&& (q_bits == 0 || mpz_sizeinbase(params->q, 2) == q_bits)
&& mpz_cmp (params->q, params->p) < 0
&& GET(i, params->g, p_bits)
&& mpz_cmp (params->g, params->p) < 0
&& asn1_der_iterator_next(i) == ASN1_ITERATOR_END);
}
else
return 0;
}
int
dsa_public_key_from_der_iterator(const struct dsa_params *params,
mpz_t pub,
struct asn1_der_iterator *i)
{
/* DSAPublicKey ::= INTEGER
*/
return (i->type == ASN1_INTEGER
&& asn1_der_get_bignum(i, pub,
mpz_sizeinbase (params->p, 2))
&& mpz_sgn(pub) > 0
&& mpz_cmp(pub, params->p) < 0);
}
int
dsa_openssl_private_key_from_der_iterator(struct dsa_params *params,
mpz_t pub,
mpz_t priv,
unsigned p_max_bits,
struct asn1_der_iterator *i)
{
/* DSAPrivateKey ::= SEQUENCE {
version Version,
p INTEGER,
q INTEGER,
g INTEGER,
pub_key INTEGER, -- y
priv_key INTEGER, -- x
}
*/
uint32_t version;
if (i->type == ASN1_SEQUENCE
&& asn1_der_decode_constructed_last(i) == ASN1_ITERATOR_PRIMITIVE
&& i->type == ASN1_INTEGER
&& asn1_der_get_uint32(i, &version)
&& version == 0
&& GET(i, params->p, p_max_bits))
{
unsigned p_bits = mpz_sizeinbase (params->p, 2);
return (GET(i, params->q, DSA_SHA1_Q_BITS)
&& GET(i, params->g, p_bits)
&& mpz_cmp (params->g, params->p) < 0
&& GET(i, pub, p_bits)
&& mpz_cmp (pub, params->p) < 0
&& GET(i, priv, DSA_SHA1_Q_BITS)
&& asn1_der_iterator_next(i) == ASN1_ITERATOR_END);
}
else
return 0;
}
int
dsa_openssl_private_key_from_der(struct dsa_params *params,
mpz_t pub,
mpz_t priv,
unsigned p_max_bits,
size_t length, const uint8_t *data)
{
struct asn1_der_iterator i;
enum asn1_iterator_result res;
res = asn1_der_iterator_first(&i, length, data);
return (res == ASN1_ITERATOR_CONSTRUCTED
&& dsa_openssl_private_key_from_der_iterator(params, pub, priv,
p_max_bits, &i));
}
der2rsa.c 0 → 100644
View file @ 53c76a47
/* der2rsa.c
Decoding of keys in PKCS#1 format.
Copyright (C) 2005 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "rsa.h"
#include "bignum.h"
#include "asn1.h"
#define GET(i, x, l) \
(asn1_der_iterator_next((i)) == ASN1_ITERATOR_PRIMITIVE \
&& (i)->type == ASN1_INTEGER \
&& asn1_der_get_bignum((i), (x), (l)) \
&& mpz_sgn((x)) > 0)
int
rsa_public_key_from_der_iterator(struct rsa_public_key *pub,
unsigned limit,
struct asn1_der_iterator *i)
{
/* RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n
publicExponent INTEGER -- e
}
*/
return (i->type == ASN1_SEQUENCE
&& asn1_der_decode_constructed_last(i) == ASN1_ITERATOR_PRIMITIVE
&& asn1_der_get_bignum(i, pub->n, limit)
&& mpz_sgn(pub->n) > 0
&& GET(i, pub->e, limit)
&& asn1_der_iterator_next(i) == ASN1_ITERATOR_END
&& rsa_public_key_prepare(pub));
}
int
rsa_private_key_from_der_iterator(struct rsa_public_key *pub,
struct rsa_private_key *priv,
unsigned limit,
struct asn1_der_iterator *i)
{
/* RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER, -- (inverse of q) mod p
otherPrimeInfos OtherPrimeInfos OPTIONAL
}
*/
uint32_t version;
if (i->type != ASN1_SEQUENCE)
return 0;
if (asn1_der_decode_constructed_last(i) == ASN1_ITERATOR_PRIMITIVE
&& i->type == ASN1_INTEGER
&& asn1_der_get_uint32(i, &version)
&& version <= 1
&& GET(i, pub->n, limit)
&& GET(i, pub->e, limit)
&& rsa_public_key_prepare(pub)
&& GET(i, priv->d, limit)
&& GET(i, priv->p, limit)
&& GET(i, priv->q, limit)
&& GET(i, priv->a, limit)
&& GET(i, priv->b, limit)
&& GET(i, priv->c, limit)
&& rsa_private_key_prepare(priv))
{
if (version == 1)
{
/* otherPrimeInfos must be present. We ignore the contents */
if (!(asn1_der_iterator_next(i) == ASN1_ITERATOR_CONSTRUCTED
&& i->type == ASN1_SEQUENCE))
return 0;
}
return (asn1_der_iterator_next(i) == ASN1_ITERATOR_END);
}
return 0;
}
int
rsa_keypair_from_der(struct rsa_public_key *pub,
struct rsa_private_key *priv,
unsigned limit,
size_t length, const uint8_t *data)
{
struct asn1_der_iterator i;
enum asn1_iterator_result res;
res = asn1_der_iterator_first(&i, length, data);
if (res != ASN1_ITERATOR_CONSTRUCTED)
return 0;
if (priv)
return rsa_private_key_from_der_iterator(pub, priv, limit, &i);
else
return rsa_public_key_from_der_iterator(pub, limit, &i);
}
des-compat.c deleted 100644 → 0
View file @ f89ae0f0
/* des-compat.h
*
* The des block cipher, libdes/openssl-style interface.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <string.h>
#include <assert.h>
#include "des-compat.h"
#include "cbc.h"
#include "macros.h"
#include "memxor.h"
struct des_compat_des3 { struct des_ctx *keys[3]; };
typedef void (*cbc_crypt_func)(void *, uint32_t, uint8_t *, const uint8_t *);
static void
des_compat_des3_encrypt(struct des_compat_des3 *ctx,
uint32_t length, uint8_t *dst, const uint8_t *src)
{
nettle_des_encrypt(ctx->keys[0], length, dst, src);
nettle_des_decrypt(ctx->keys[1], length, dst, dst);
nettle_des_encrypt(ctx->keys[2], length, dst, dst);
}
static void
des_compat_des3_decrypt(struct des_compat_des3 *ctx,
uint32_t length, uint8_t *dst, const uint8_t *src)
{
nettle_des_decrypt(ctx->keys[2], length, dst, src);
nettle_des_encrypt(ctx->keys[1], length, dst, dst);
nettle_des_decrypt(ctx->keys[0], length, dst, dst);
}
void
des_ecb3_encrypt(des_cblock *src, des_cblock *dst,
des_key_schedule k1, des_key_schedule k2,
des_key_schedule k3, int enc)
{
struct des_compat_des3 keys;
keys.keys[0] = k1;
keys.keys[1] = k2;
keys.keys[2] = k3;
((enc == DES_ENCRYPT) ? des_compat_des3_encrypt : des_compat_des3_decrypt)
(&keys, DES_BLOCK_SIZE, *dst, *src);
}
uint32_t
des_cbc_cksum(des_cblock *src, des_cblock *dst,
long length, des_key_schedule ctx,
des_cblock *iv)
{
/* FIXME: I'm not entirely sure how this function is supposed to
* work, in particular what it should return, and if iv can be
* modified. */
uint8_t block[DES_BLOCK_SIZE];
uint8_t *p;
memcpy(block, *iv, DES_BLOCK_SIZE);
assert(!(length % DES_BLOCK_SIZE));
for (p = *src; length; length -= DES_BLOCK_SIZE, p += DES_BLOCK_SIZE)
{
memxor(block, p, DES_BLOCK_SIZE);
nettle_des_encrypt(ctx, DES_BLOCK_SIZE, block, block);
}
memcpy(dst, block, DES_BLOCK_SIZE);
return LE_READ_UINT32(block + 4);
}
void
des_ncbc_encrypt(des_cblock *src, des_cblock *dst, long length,
des_key_schedule ctx, des_cblock *iv,
int enc)
{
switch (enc)
{
case DES_ENCRYPT:
nettle_cbc_encrypt(ctx, (cbc_crypt_func) des_encrypt,
DES_BLOCK_SIZE, *iv,
length, *dst, *src);
break;
case DES_DECRYPT:
nettle_cbc_decrypt(ctx,
(cbc_crypt_func) des_decrypt,
DES_BLOCK_SIZE, *iv,
length, *dst, *src);
break;
default:
abort();
}
}
void
des_cbc_encrypt(des_cblock *src, des_cblock *dst, long length,
des_key_schedule ctx, des_cblock *civ,
int enc)
{
des_cblock iv;
memcpy(iv, civ, DES_BLOCK_SIZE);
des_ncbc_encrypt(src, dst, length, ctx, &iv, enc);
}
void
des_ecb_encrypt(des_cblock *src, des_cblock *dst,
des_key_schedule ctx,
int enc)
{
((enc == DES_ENCRYPT) ? nettle_des_encrypt : nettle_des_decrypt)
(ctx, DES_BLOCK_SIZE, *dst, *src);
}
void
des_ede3_cbc_encrypt(des_cblock *src, des_cblock *dst, long length,
des_key_schedule k1,
des_key_schedule k2,
des_key_schedule k3,
des_cblock *iv,
int enc)
{
struct des_compat_des3 keys;
keys.keys[0] = k1;
keys.keys[1] = k2;
keys.keys[2] = k3;
switch (enc)
{
case DES_ENCRYPT:
nettle_cbc_encrypt(&keys, (cbc_crypt_func) des_compat_des3_encrypt,
DES_BLOCK_SIZE, *iv,
length, *dst, *src);
break;
case DES_DECRYPT:
nettle_cbc_decrypt(&keys, (cbc_crypt_func) des_compat_des3_decrypt,
DES_BLOCK_SIZE, *iv,
length, *dst, *src);
break;
default:
abort();
}
}
int
des_set_odd_parity(des_cblock *key)
{
nettle_des_fix_parity(DES_KEY_SIZE, *key, *key);
/* FIXME: What to return? */
return 0;
}
/* If des_check_key is non-zero, returns
*
* 0 for ok, -1 for bad parity, and -2 for weak keys.
*
* If des_check_key is zero (the default), always returns zero.
*/
int des_check_key = 0;
int
des_key_sched(des_cblock *key, des_key_schedule ctx)
{
if (!des_check_key)
/* Fix the parity */
des_set_odd_parity(key);
if (nettle_des_set_key(ctx, *key))
return 0;
else switch(ctx->status)
{
case DES_BAD_PARITY:
if (des_check_key)
return -1;
else
/* We fixed the parity above */
abort();
case DES_WEAK_KEY:
if (des_check_key)
return -2;
/* Pretend the key was good */
ctx->status = DES_OK;
return 0;
default:
abort();
}
}
int
des_is_weak_key(des_cblock *key)
{
struct des_ctx ctx;
return !nettle_des_set_key(&ctx, *key);
}
des-compat.h deleted 100644 → 0
View file @ f89ae0f0
/* des-compat.h
*
* The des block cipher, libdes/openssl-style interface.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#ifndef NETTLE_DES_COMPAT_H_INCLUDED
#define NETTLE_DES_COMPAT_H_INCLUDED
/* According to Assar, des_set_key, des_set_key_odd_parity,
* des_is_weak_key, plus the encryption functions (des_*_encrypt and
* des_cbc_cksum) would be a pretty useful subset. */
/* NOTE: This is quite experimental, and not all functions are
* implemented. Contributions, in particular test cases are welcome. */
#include "des.h"
/* We use some name mangling, to avoid collisions with either other
* nettle functions or with libcrypto. */
#define des_ecb3_encrypt nettle_openssl_des_ecb3_encrypt
#define des_cbc_cksum nettle_openssl_des_cbc_cksum
#define des_ncbc_encrypt nettle_openssl_des_ncbc_encrypt
#define des_cbc_encrypt nettle_openssl_des_cbc_encrypt
#define des_ecb_encrypt nettle_openssl_des_ecb_encrypt
#define des_ede3_cbc_encrypt nettle_openssl_des_ede3_cbc_encrypt
#define des_set_odd_parity nettle_openssl_des_set_odd_parity
#define des_check_key nettle_openssl_des_check_key
#define des_key_sched nettle_openssl_des_key_sched
#define des_is_weak_key nettle_openssl_des_is_weak_key
/* An extra alias */
#undef des_set_key
#define des_set_key nettle_openssl_des_key_sched
enum { DES_DECRYPT = 0, DES_ENCRYPT = 1 };
/* Types */
/* NOTE: Typedef:ed arrays should be avoided, but they're used here
* for compatibility. */
typedef uint32_t DES_LONG;
typedef struct des_ctx des_key_schedule[1];
typedef uint8_t des_cblock[DES_BLOCK_SIZE];
/* Aliases */
#define des_ecb2_encrypt(i,o,k1,k2,e) \
des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
/* Global flag */
extern int des_check_key;
/* Prototypes */
void
des_ecb3_encrypt(des_cblock *src, des_cblock *dst,
des_key_schedule k1, des_key_schedule k2,
des_key_schedule k3, int enc);
/* des_cbc_cksum in libdes returns a 32 bit integer, representing the
* latter half of the output block, using little endian byte order. */
uint32_t
des_cbc_cksum(des_cblock *src, des_cblock *dst,
long length, des_key_schedule ctx,
des_cblock *iv);
/* NOTE: Doesn't update iv. */
void
des_cbc_encrypt(des_cblock *src, des_cblock *dst, long length,
des_key_schedule ctx, des_cblock *iv,
int enc);
/* Similar, but updates iv. */
void
des_ncbc_encrypt(des_cblock *src, des_cblock *dst, long length,
des_key_schedule ctx, des_cblock *iv,
int enc);
void
des_ecb_encrypt(des_cblock *src, des_cblock *dst,
des_key_schedule ctx, int enc);
void
des_ede3_cbc_encrypt(des_cblock *src, des_cblock *dst, long length,
des_key_schedule k1,des_key_schedule k2, des_key_schedule k3,
des_cblock *iv,
int enc);
int
des_set_odd_parity(des_cblock *key);
int
des_key_sched(des_cblock *key, des_key_schedule ctx);
int
des_is_weak_key(des_cblock *key);
#endif /* NETTLE_DES_COMPAT_H_INCLUDED */
des.c
View file @ 53c76a47
/* des.c
*
* The des block cipher.
*
* $Id$
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
The des block cipher.
Copyright (C) 2001, 2010 Niels Möller
Copyright (C) 1992 Dana L. How
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
......@@ -52,21 +59,145 @@ rotors[] = {
#include "rotors.h"
};
static const char
parity[] = {
#include "parity.h"
};
static ENCRYPT(DesSmallFipsEncrypt,TEMPSMALL, LOADFIPS,KEYMAPSMALL,SAVEFIPS)
static DECRYPT(DesSmallFipsDecrypt,TEMPSMALL, LOADFIPS,KEYMAPSMALL,SAVEFIPS)
/* If parity bits are used, keys should have odd parity. We use a
small table, to not waste any memory on this fairly obscure DES
feature. */
static const unsigned
parity_16[16] =
{ 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0 };
#define PARITY(x) (parity_16[(x)&0xf] ^ parity_16[((x)>>4) & 0xf])
int
des_check_parity(size_t length, const uint8_t *key)
{
size_t i;
for (i = 0; i<length; i++)
if (!PARITY(key[i]))
return 0;
return 1;
}
void
des_fix_parity(unsigned length, uint8_t *dst,
des_fix_parity(size_t length, uint8_t *dst,
const uint8_t *src)
{
unsigned i;
size_t i;
for (i = 0; i<length; i++)
dst[i] = src[i] ^ (parity[src[i]] == 8);
dst[i] = src[i] ^ PARITY(src[i]) ^ 1;
}
/* Weak and semiweak keys, excluding parity:
*
* 00 00 00 00 00 00 00 00
* 7f 7f 7f 7f 7f 7f 7f 7f
* 0f 0f 0f 0f 07 07 07 07
* 70 70 70 70 78 78 78 78
*
* 00 7f 00 7f 00 7f 00 7f
* 7f 00 7f 00 7f 00 7f 00
*
* 0f 70 0f 70 07 78 07 78
* 70 0f 70 0f 78 07 78 07
*
* 00 70 00 70 00 78 00 78
* 70 00 70 00 78 00 78 00
*
* 0f 7f 0f 7f 07 7f 07 7f
* 7f 0f 7f 0f 7f 07 7f 07
*
* 00 0f 00 0f 00 07 00 07
* 0f 00 0f 00 07 00 07 00
*
* 70 7f 70 7f 78 7f 78 7f
* 7f 70 7f 70 7f 78 7f 78
*/
static int
des_weak_p(const uint8_t *key)
{
/* Hash function generated using gperf. */
static const unsigned char asso_values[0x81] =
{
16, 9, 26, 26, 26, 26, 26, 26, 26, 26,
26, 26, 26, 26, 26, 6, 2, 26, 26, 26,
26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
26, 26, 3, 1, 26, 26, 26, 26, 26, 26,
26, 26, 26, 26, 26, 26, 26, 0, 0
};
static const int8_t weak_key_hash[26][4] =
{
/* 0 */ {0x7f,0x7f, 0x7f,0x7f},
/* 1 */ {0x7f,0x70, 0x7f,0x78},
/* 2 */ {0x7f,0x0f, 0x7f,0x07},
/* 3 */ {0x70,0x7f, 0x78,0x7f},
/* 4 */ {0x70,0x70, 0x78,0x78},
/* 5 */ {0x70,0x0f, 0x78,0x07},
/* 6 */ {0x0f,0x7f, 0x07,0x7f},
/* 7 */ {0x0f,0x70, 0x07,0x78},
/* 8 */ {0x0f,0x0f, 0x07,0x07},
/* 9 */ {0x7f,0x00, 0x7f,0x00},
/* 10 */ {-1,-1,-1,-1},
/* 11 */ {-1,-1,-1,-1},
/* 12 */ {0x70,0x00, 0x78,0x00},
/* 13 */ {-1,-1,-1,-1},
/* 14 */ {-1,-1,-1,-1},
/* 15 */ {0x0f,0x00, 0x07,0x00},
/* 16 */ {0x00,0x7f, 0x00,0x7f},
/* 17 */ {0x00,0x70, 0x00,0x78},
/* 18 */ {0x00,0x0f, 0x00,0x07},
/* 19 */ {-1,-1,-1,-1},
/* 20 */ {-1,-1,-1,-1},
/* 21 */ {-1,-1,-1,-1},
/* 22 */ {-1,-1,-1,-1},
/* 23 */ {-1,-1,-1,-1},
/* 24 */ {-1,-1,-1,-1},
/* 25 */ {0x00,0x00, 0x00,0x00}
};
int8_t k0 = key[0] >> 1;
int8_t k1 = key[1] >> 1;
unsigned hash = asso_values[k1 + 1] + asso_values[k0];
const int8_t *candidate;
if (hash > 25)
return 0;
candidate = weak_key_hash[hash];
if (k0 != candidate[0]
|| k1 != candidate[1])
return 0;
if ( (key[2] >> 1) != k0
|| (key[3] >> 1) != k1)
return 0;
k0 = key[4] >> 1;
k1 = key[5] >> 1;
if (k0 != candidate[2]
|| k1 != candidate[3])
return 0;
if ( (key[6] >> 1) != k0
|| (key[7] >> 1) != k1)
return 0;
return 1;
}
int
......@@ -78,97 +209,13 @@ des_set_key(struct des_ctx *ctx, const uint8_t *key)
uint32_t *method;
const uint8_t *k;
{
register const char *b;
/* check for bad parity and weak keys */
b = parity;
n = b[key[0]]; n <<= 4;
n |= b[key[1]]; n <<= 4;
n |= b[key[2]]; n <<= 4;
n |= b[key[3]]; n <<= 4;
n |= b[key[4]]; n <<= 4;
n |= b[key[5]]; n <<= 4;
n |= b[key[6]]; n <<= 4;
n |= b[key[7]];
w = 0x88888888l;
}
/* report bad parity in key */
if ( n & w )
{
ctx->status = DES_BAD_PARITY;
return 0;
}
ctx->status = DES_OK;
/* report a weak or semi-weak key */
if ( !((n - (w >> 3)) & w) ) { /* 1 in 10^10 keys passes this test */
if ( n < 0X41415151 ) {
if ( n < 0X31312121 ) {
if ( n < 0X14141515 ) {
/* 01 01 01 01 01 01 01 01 */
if ( n == 0X11111111 ) goto weak;
/* 01 1F 01 1F 01 0E 01 0E */
if ( n == 0X13131212 ) goto weak;
} else {
/* 01 E0 01 E0 01 F1 01 F1 */
if ( n == 0X14141515 ) goto weak;
/* 01 FE 01 FE 01 FE 01 FE */
if ( n == 0X16161616 ) goto weak;
}
} else {
if ( n < 0X34342525 ) {
/* 1F 01 1F 01 0E 01 0E 01 */
if ( n == 0X31312121 ) goto weak;
/* 1F 1F 1F 1F 0E 0E 0E 0E */ /* ? */
if ( n == 0X33332222 ) goto weak;
} else {
/* 1F E0 1F E0 0E F1 0E F1 */
if ( n == 0X34342525 ) goto weak;
/* 1F FE 1F FE 0E FE 0E FE */
if ( n == 0X36362626 ) goto weak;
}
}
} else {
if ( n < 0X61616161 ) {
if ( n < 0X44445555 ) {
/* E0 01 E0 01 F1 01 F1 01 */
if ( n == 0X41415151 ) goto weak;
/* E0 1F E0 1F F1 0E F1 0E */
if ( n == 0X43435252 ) goto weak;
} else {
/* E0 E0 E0 E0 F1 F1 F1 F1 */ /* ? */
if ( n == 0X44445555 ) goto weak;
/* E0 FE E0 FE F1 FE F1 FE */
if ( n == 0X46465656 ) goto weak;
}
} else {
if ( n < 0X64646565 ) {
/* FE 01 FE 01 FE 01 FE 01 */
if ( n == 0X61616161 ) goto weak;
/* FE 1F FE 1F FE 0E FE 0E */
if ( n == 0X63636262 ) goto weak;
} else {
/* FE E0 FE E0 FE F1 FE F1 */
if ( n == 0X64646565 ) goto weak;
/* FE FE FE FE FE FE FE FE */
if ( n == 0X66666666 )
{
weak:
ctx->status = DES_WEAK_KEY;
}
}
}
}
}
/* NOTE: We go on and expand the key, even if it was weak */
/* explode the bits */
n = 56;
b0 = bits0;
b1 = bits1;
k = key;
do {
w = (256 | *key++) << 2;
w = (256 | *k++) << 2;
do {
--n;
b1[n] = 8 & w;
......@@ -224,16 +271,15 @@ des_set_key(struct des_ctx *ctx, const uint8_t *key)
method += 2;
} while ( --n );
return (ctx->status == DES_OK);
return !des_weak_p (key);
}
void
des_encrypt(struct des_ctx *ctx,
unsigned length, uint8_t *dst,
des_encrypt(const struct des_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src)
{
assert(!(length % DES_BLOCK_SIZE));
assert(ctx->status == DES_OK);
while (length)
{
......@@ -245,12 +291,11 @@ des_encrypt(struct des_ctx *ctx,
}
void
des_decrypt(struct des_ctx *ctx,
unsigned length, uint8_t *dst,
des_decrypt(const struct des_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src)
{
assert(!(length % DES_BLOCK_SIZE));
assert(ctx->status == DES_OK);
while (length)
{
......
des.h
View file @ 53c76a47
/* des.h
*
* The des block cipher. And triple des.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 1992, 2001, Dana L. How, Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
The des block cipher. And triple des.
Copyright (C) 1992 Dana L. How
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/*
* des - fast & portable DES encryption & decryption.
......@@ -29,7 +38,7 @@
* Please see the file `../lib/descore.README' for the complete copyright
* notice.
*
* Slightly edited by Niels Möller, 1997
* Slightly edited by Niels Möller, 1997
*/
#ifndef NETTLE_DES_H_INCLUDED
......@@ -37,10 +46,15 @@
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Namespace mangling */
#define des_set_key nettle_des_set_key
#define des_encrypt nettle_des_encrypt
#define des_decrypt nettle_des_decrypt
#define des_check_parity nettle_des_check_parity
#define des_fix_parity nettle_des_fix_parity
#define des3_set_key nettle_des3_set_key
#define des3_encrypt nettle_des3_encrypt
......@@ -52,30 +66,29 @@
/* Expanded key length */
#define _DES_KEY_LENGTH 32
enum des_error { DES_OK, DES_BAD_PARITY, DES_WEAK_KEY };
struct des_ctx
{
uint32_t key[_DES_KEY_LENGTH];
enum des_error status;
};
/* On success, returns 1 and sets ctx->status to DES_OK (zero). On
* error, returns 0 and sets ctx->status accordingly. */
/* Returns 1 for good keys and 0 for weak keys. */
int
des_set_key(struct des_ctx *ctx, const uint8_t *key);
void
des_encrypt(struct des_ctx *ctx,
unsigned length, uint8_t *dst,
des_encrypt(const struct des_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
void
des_decrypt(struct des_ctx *ctx,
unsigned length, uint8_t *dst,
des_decrypt(const struct des_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
int
des_check_parity(size_t length, const uint8_t *key);
void
des_fix_parity(unsigned length, uint8_t *dst,
des_fix_parity(size_t length, uint8_t *dst,
const uint8_t *src);
#define DES3_KEY_SIZE 24
......@@ -84,22 +97,24 @@ des_fix_parity(unsigned length, uint8_t *dst,
struct des3_ctx
{
struct des_ctx des[3];
enum des_error status;
};
/* On success, returns 1 and sets ctx->status to DES_OK (zero). On
* error, returns 0 and sets ctx->status accordingly. */
/* Returns 1 for good keys and 0 for weak keys. */
int
des3_set_key(struct des3_ctx *ctx, const uint8_t *key);
void
des3_encrypt(struct des3_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
des3_encrypt(const struct des3_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
void
des3_decrypt(struct des3_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
des3_decrypt(const struct des3_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_DES_H_INCLUDED */
des3.c
View file @ 53c76a47
/* des3.h
*
* Triple DES cipher. Three key encrypt-decrypt-encrypt.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
/* des3.c
Triple DES cipher. Three key encrypt-decrypt-encrypt.
Copyright (C) 2001, 2010 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
......@@ -33,25 +41,23 @@
* lsh/src/cascade.c, but as in practice it's never used for anything
* like triple DES, it's not worth the effort. */
/* On success, returns 1 and sets ctx->status to DES_OK (zero). On
* error, returns 0 and sets ctx->status accordingly. */
/* Returns 1 for good keys and 0 for weak keys. */
int
des3_set_key(struct des3_ctx *ctx, const uint8_t *key)
{
unsigned i;
int is_good = 1;
for (i = 0; i<3; i++, key += DES_KEY_SIZE)
if (!des_set_key(&ctx->des[i], key))
{
ctx->status = ctx->des[i].status;
return 0;
}
ctx->status = DES_OK;
return 1;
is_good = 0;
return is_good;
}
void
des3_encrypt(struct des3_ctx *ctx,
unsigned length, uint8_t *dst,
des3_encrypt(const struct des3_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src)
{
des_encrypt(&ctx->des[0],
......@@ -63,9 +69,9 @@ des3_encrypt(struct des3_ctx *ctx,
}
void
des3_decrypt(struct des3_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src)
des3_decrypt(const struct des3_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src)
{
des_decrypt(&ctx->des[2],
length, dst, src);
......
desCode.h
View file @ 53c76a47
/* desCode.h
*
* $Id$ */
*/
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
......
desKerb.c deleted 100644 → 0
View file @ f89ae0f0
/*
* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*/
#include "des.h"
#include "RCSID.h"
RCSID2(desKerb_cRcs, "$Id$");
/* permit the default style of des functions to be changed */
DesFunc *DesCryptFuncs[2] = { DesSmallFipsDecrypt, DesSmallFipsEncrypt };
/* kerberos-compatible key schedule function */
int
des_key_sched(const UINT8 *k, UINT32 *s)
{
return DesMethod(s, k);
}
/* kerberos-compatible des coding function */
int
des_ecb_encrypt(const UINT8 *s, UINT8 *d, const UINT32 *r, int e)
{
(*DesCryptFuncs[e])(d, r, s);
return 0;
}
desQuick.c deleted 100644 → 0
View file @ f89ae0f0
/*
* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*
* Slightly edited by Niels Mller, 1997
*/
#include "des.h"
#include "RCSID.h"
RCSID2(desQuick_cRcs, "$Id$");
extern UINT32 des_keymap[];
/* static information */
static int depth = 0; /* keep track of the request depth */
UINT32 des_bigmap[0x4000]; /* big lookup table */
/* fill in the 64k table used by the `quick' option */
void
DesQuickInit(void)
{
int s1, s3, x;
UINT32 * t0, * t1, * t2, * t3;
if ( depth++ )
return;
t0 = des_bigmap;
t1 = t0 + 64;
t2 = t1 + 64;
t3 = t2 + 64;
for ( s3 = 63; s3 >= 0; s3-- ) {
for ( s1 = 63; s1 >= 0; s1-- ) {
x = (s3 << 8) | s1;
t0[x] = des_keymap[s3+128] ^ des_keymap[s1+192];
t1[x] = des_keymap[s3 ] ^ des_keymap[s1+ 64];
t2[x] = des_keymap[s3+384] ^ des_keymap[s1+448];
t3[x] = des_keymap[s3+256] ^ des_keymap[s1+320];
}
}
}
/* free the 64k table, if necessary */
void
DesQuickDone(void)
{
}
desTest.c deleted 100644 → 0
View file @ f89ae0f0
/* desTest.c
*
* Exercise the DES routines and collect performance statistics.
*
* $ID:$ */
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*/
#ifndef lint
char desTest_cRcs[] = "$Id$";
#endif
#include "des.h"
#include <stdio.h>
#if 0
/* define now(w) to be the elapsed time in hundredths of a second */
#ifndef __NT__
# include <sys/time.h>
# include <sys/resource.h>
# include <unistd.h>
/* extern getrusage(); */
static struct rusage usage;
# define now(w) ( \
getrusage(RUSAGE_SELF, &usage), \
usage.ru_utime.tv_sec * 100 + \
usage.ru_utime.tv_usec / 10000 \
)
#else
# include <windows.h>
# define now(w) 0
#endif
#endif /* 0 */
/* test data
* the tests (key0-3, text0-3) are cribbed from code which is (c) 1988 MIT
*/
UINT8 keyt[8] = {0x5d, 0x85, 0x91, 0x73, 0xcb, 0x49, 0xdf, 0x2f};
UINT8 key0[8] = {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x80};
UINT8 key1[8] = {0x80, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01};
UINT8 key2[8] = {0x08, 0x19, 0x2a, 0x3b, 0x4c, 0x5d, 0x6e, 0x7f};
UINT8 key3[8] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
UINT8 textt[8] = {0x67, 0x1f, 0xc8, 0x93, 0x46, 0x5e, 0xab, 0x1e};
UINT8 text0[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
UINT8 text1[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40};
UINT8 text2[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
UINT8 text3[8] = {'N', 'o', 'w', ' ', 'i', 's', ' ', 't' };
/* work areas */
DesKeys keys;
UINT8 cipher[8], output[8];
/* noisy interfaces to the routines under test */
static void method(const UINT8 *key)
{
int j;
printf("\nkey:\t");
for ( j = 0; j < 8; j++ )
printf("%02X ", key[j]);
if ( des_key_sched(key, keys) )
printf("W");
printf("\t");
}
static void
encode(const UINT8 *src, UINT8 *dst)
{
int j;
printf("clear:\t");
for (j = 0; j < 8; j++)
printf("%02X ", src[j]);
des_ecb_encrypt(src, dst, keys, 1);
printf("\tcipher:\t");
for (j = 0; j < 8; j++)
printf("%02X ", dst[j]);
printf("\n");
}
static void
decode(const UINT8 *src, UINT8 *dst, const UINT8 *check)
{
int j;
printf("cipher:\t");
for (j = 0; j < 8; j++)
printf("%02X ", src[j]);
des_ecb_encrypt(src, dst, keys, 0);
printf("\tclear:\t");
for (j = 0; j < 8; j++)
printf("%02X ", dst[j]);
if(!memcmp(dst,check,8))
printf("Ok\n");
else
printf("FAIL\n");
}
/* run the tests */
int
main(int argc UNUSED, char **argv UNUSED)
{
int j, n;
#if 0
int m, e;
#endif
DesFunc *f;
static char * expect[] = {
"57 99 F7 2A D2 3F AE 4C", "9C C6 2D F4 3B 6E ED 74",
"90 E6 96 A2 AD 56 50 0D", "A3 80 E0 2A 6B E5 46 96",
"43 5C FF C5 68 B3 70 1D", "25 DD AC 3E 96 17 64 67",
"80 B5 07 E1 E6 A7 47 3D", "3F A4 0E 8A 98 4D 48 15",
};
static DesFunc *funcs[] = {
DesQuickCoreEncrypt, DesQuickFipsEncrypt,
DesSmallCoreEncrypt, DesSmallFipsEncrypt,
DesQuickCoreDecrypt, DesQuickFipsDecrypt,
DesSmallCoreDecrypt, DesSmallFipsDecrypt };
#if 0
static char * names[] = {
"QuickCore", "QuickFips",
"SmallCore", "SmallFips" };
#endif
n = 0;
DesQuickInit();
/* do timing info first */
j = 10000;
#if 0
m = now(0);
#endif
do
DesMethod(keys, keyt);
while ( --j );
#if 0
m = now(1) - m;
#endif
do {
DesCryptFuncs[0] = funcs[n+4];
f = DesCryptFuncs[1] = funcs[n ];
j = 100000;
#if 0
e = now(0);
#endif
do
(*f)(cipher, keys, textt);
while ( --j );
#if 0
e = now(1) - e;
printf( "%s: setkey,%5duS; encode,%3d.%1duS.\n",
names[n], m , e/10, e%10);
#endif
/* now check functionality */
method(key0);
printf("cipher?\t%s\n", expect[(n % 2) + 0]);
encode(text0, cipher);
decode(cipher, output, text0);
method(key1);
printf("cipher?\t%s\n", expect[(n % 2) + 2]);
encode(text1, cipher);
decode(cipher, output, text1);
method(key2);
printf("cipher?\t%s\n", expect[(n % 2) + 4]);
encode(text2, cipher);
decode(cipher, output, text2);
method(key3);
printf("cipher?\t%s\n", expect[(n % 2) + 6]);
encode(text3, cipher);
decode(cipher, output, text3);
printf("%c", "\n\f\n\0"[n]);
} while ( ++n < 4 );
DesQuickDone();
return 0;
}
desUtil.c deleted 100644 → 0
View file @ f89ae0f0
/* desUtil.c
*
* $id:$ */
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*/
#include "desCode.h"
#include "RCSID.h"
RCSID2(desUtil_cRcs, "$Id$");
/* various tables */
UINT32 des_keymap[] = {
#include "keymap.h"
};
static UINT8 rotors[] = {
#include "rotors.h"
};
static char parity[] = {
#include "parity.h"
};
RCSID2(ego, "\n\nFast DES Library Copyright (c) 1991 Dana L. How\n\n");
/* set up the method list from the key */
int
DesMethod(UINT32 *method, const UINT8 *k)
{
register UINT32 n, w;
register char * b0, * b1;
char bits0[56], bits1[56];
/* check for bad parity and weak keys */
b0 = parity;
n = b0[k[0]]; n <<= 4;
n |= b0[k[1]]; n <<= 4;
n |= b0[k[2]]; n <<= 4;
n |= b0[k[3]]; n <<= 4;
n |= b0[k[4]]; n <<= 4;
n |= b0[k[5]]; n <<= 4;
n |= b0[k[6]]; n <<= 4;
n |= b0[k[7]];
w = 0X88888888L;
/* report bad parity in key */
if ( n & w )
return -1;
/* report a weak or semi-weak key */
if ( !((n - (w >> 3)) & w) ) { /* 1 in 10^10 keys passes this test */
if ( n < 0X41415151 ) {
if ( n < 0X31312121 ) {
if ( n < 0X14141515 ) {
/* 01 01 01 01 01 01 01 01 */
if ( n == 0X11111111 ) return -2;
/* 01 1F 01 1F 01 0E 01 0E */
if ( n == 0X13131212 ) return -2;
} else {
/* 01 E0 01 E0 01 F1 01 F1 */
if ( n == 0X14141515 ) return -2;
/* 01 FE 01 FE 01 FE 01 FE */
if ( n == 0X16161616 ) return -2;
}
} else {
if ( n < 0X34342525 ) {
/* 1F 01 1F 01 0E 01 0E 01 */
if ( n == 0X31312121 ) return -2;
/* 1F 1F 1F 1F 0E 0E 0E 0E */ /* ? */
if ( n == 0X33332222 ) return -2;
} else {
/* 1F E0 1F E0 0E F1 0E F1 */
if ( n == 0X34342525 ) return -2;
/* 1F FE 1F FE 0E FE 0E FE */
if ( n == 0X36362626 ) return -2;
}
}
} else {
if ( n < 0X61616161 ) {
if ( n < 0X44445555 ) {
/* E0 01 E0 01 F1 01 F1 01 */
if ( n == 0X41415151 ) return -2;
/* E0 1F E0 1F F1 0E F1 0E */
if ( n == 0X43435252 ) return -2;
} else {
/* E0 E0 E0 E0 F1 F1 F1 F1 */ /* ? */
if ( n == 0X44445555 ) return -2;
/* E0 FE E0 FE F1 FE F1 FE */
if ( n == 0X46465656 ) return -2;
}
} else {
if ( n < 0X64646565 ) {
/* FE 01 FE 01 FE 01 FE 01 */
if ( n == 0X61616161 ) return -2;
/* FE 1F FE 1F FE 0E FE 0E */
if ( n == 0X63636262 ) return -2;
} else {
/* FE E0 FE E0 FE F1 FE F1 */
if ( n == 0X64646565 ) return -2;
/* FE FE FE FE FE FE FE FE */
if ( n == 0X66666666 ) return -2;
}
}
}
}
/* explode the bits */
n = 56;
b0 = bits0;
b1 = bits1;
do {
w = (256 | *k++) << 2;
do {
--n;
b1[n] = 8 & w;
w >>= 1;
b0[n] = 4 & w;
} while ( w >= 16 );
} while ( n );
/* put the bits in the correct places */
n = 16;
k = rotors;
do {
w = (b1[k[ 0 ]] | b0[k[ 1 ]]) << 4;
w |= (b1[k[ 2 ]] | b0[k[ 3 ]]) << 2;
w |= b1[k[ 4 ]] | b0[k[ 5 ]];
w <<= 8;
w |= (b1[k[ 6 ]] | b0[k[ 7 ]]) << 4;
w |= (b1[k[ 8 ]] | b0[k[ 9 ]]) << 2;
w |= b1[k[10 ]] | b0[k[11 ]];
w <<= 8;
w |= (b1[k[12 ]] | b0[k[13 ]]) << 4;
w |= (b1[k[14 ]] | b0[k[15 ]]) << 2;
w |= b1[k[16 ]] | b0[k[17 ]];
w <<= 8;
w |= (b1[k[18 ]] | b0[k[19 ]]) << 4;
w |= (b1[k[20 ]] | b0[k[21 ]]) << 2;
w |= b1[k[22 ]] | b0[k[23 ]];
method[0] = w;
w = (b1[k[ 0+24]] | b0[k[ 1+24]]) << 4;
w |= (b1[k[ 2+24]] | b0[k[ 3+24]]) << 2;
w |= b1[k[ 4+24]] | b0[k[ 5+24]];
w <<= 8;
w |= (b1[k[ 6+24]] | b0[k[ 7+24]]) << 4;
w |= (b1[k[ 8+24]] | b0[k[ 9+24]]) << 2;
w |= b1[k[10+24]] | b0[k[11+24]];
w <<= 8;
w |= (b1[k[12+24]] | b0[k[13+24]]) << 4;
w |= (b1[k[14+24]] | b0[k[15+24]]) << 2;
w |= b1[k[16+24]] | b0[k[17+24]];
w <<= 8;
w |= (b1[k[18+24]] | b0[k[19+24]]) << 4;
w |= (b1[k[20+24]] | b0[k[21+24]]) << 2;
w |= b1[k[22+24]] | b0[k[23+24]];
ROR(w, 4, 28); /* could be eliminated */
method[1] = w;
k += 48;
method += 2;
} while ( --n );
return 0;
}
descore.README
View file @ 53c76a47
......@@ -13,12 +13,10 @@ GNU Library General Public License for more details.
You should have received a copy of the GNU Library General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
Author's address: how@isl.stanford.edu
$Id$
==>> To compile after untarring/unsharring, just `make' <<==
......
desdata.c
View file @ 53c76a47
......@@ -2,7 +2,7 @@
*
* Generate tables used by des.c and desCode.h.
*
* $Id$ */
*/
/*
* des - fast & portable DES encryption & decryption.
......@@ -11,14 +11,10 @@
*
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <stdio.h>
#include "desinfo.h"
#include "desCode.h"
/* list of weak and semi-weak keys
......@@ -62,22 +58,25 @@ int sorder[] = {
7, 5, 3, 1, 6, 4, 2, 0,
};
int printf(const char *, ...);
int
main(int argc UNUSED, char **argv UNUSED)
main(int argc, char **argv)
{
uint32_t d, i, j, k, l, m, n, s;
unsigned long d, i, j, k, l, m, n, s; /* Always at least 32 bits */
char b[256], ksr[56];
if (argc <= 1)
return 1;
switch ( argv[1][0] ) {
default:
return 1;
/*
* <<< make the key parity table >>>
*/
case 'p':
(void)printf(
printf(
"/* automagically produced - do not fuss with this information */\n\n");
/* store parity information */
......@@ -99,9 +98,9 @@ case 'p':
/* print it out */
for ( i = 0; i < 256; i++ ) {
(void)printf("%d,", b[i]);
printf("%d,", b[i]);
if ( (i & 31) == 31 )
(void)printf("\n");
printf("\n");
}
break;
......@@ -112,7 +111,7 @@ case 'p':
*/
case 'r':
(void)printf("/* automagically made - do not fuss with this */\n\n");
printf("/* automagically made - do not fuss with this */\n\n");
/* KL specifies the initial key bit positions */
for (i = 0; i < 56; i++)
......@@ -136,11 +135,11 @@ case 'r':
m = ksr[KC[korder[j]] - 1];
m = (m / 8) * 7 + (m % 8) - 1;
m = 55 - m;
(void)printf(" %2ld,", (long) m);
printf(" %2ld,", (long) m);
if ((j % 12) == 11)
(void)printf("\n");
printf("\n");
}
(void)printf("\n");
printf("\n");
}
break;
......@@ -151,7 +150,7 @@ case 'r':
*/
case 'k':
(void)printf("/* automagically made - do not fuss with this */\n\n");
printf("/* automagically made - do not fuss with this */\n\n");
for ( i = 0; i <= 7 ; i++ ) {
s = sorder[i];
......@@ -179,15 +178,15 @@ case 'k':
/* perform p permutation */
for ( m = j = 0; j < 32; j++ )
if ( n & (1 << (SP[j] - 1)) )
m |= (1 << j);
m |= (1UL << j);
/* rotate right (alg keeps everything rotated by 1) */
ROR(m, 1, 31);
m = (m >> 1) | ((m & 1) << 31);
/* print it out */
(void)printf(" 0x%08lx,", (long) m);
printf(" 0x%08lx,", m);
if ( ( d & 3 ) == 3 )
(void)printf("\n");
printf("\n");
}
(void)printf("\n");
printf("\n");
}
break;
......
desinfo.h
View file @ 53c76a47
......@@ -3,7 +3,7 @@
* Tables describing DES rather than just this implementation.
* These are used in desdata but NOT in runtime code.
*
* $Id$ */
*/
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
......
drbg-ctr-aes256.c 0 → 100644
View file @ 53c76a47
/* drbg-ctr-aes256.c
Copyright (C) 2023 Simon Josefsson
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#include "drbg-ctr.h"
#include <string.h>
#include "macros.h"
#include "memxor.h"
#include "block-internal.h"
static void
drbg_ctr_aes256_output (const struct aes256_ctx *key, union nettle_block16 *V,
size_t n, uint8_t *dst)
{
for (; n >= AES_BLOCK_SIZE; n -= AES_BLOCK_SIZE, dst += AES_BLOCK_SIZE)
{
INCREMENT(AES_BLOCK_SIZE, V->b);
aes256_encrypt (key, AES_BLOCK_SIZE, dst, V->b);
}
if (n > 0)
{
union nettle_block16 block;
INCREMENT(AES_BLOCK_SIZE, V->b);
aes256_encrypt (key, AES_BLOCK_SIZE, block.b, V->b);
memcpy (dst, block.b, n);
}
}
/* provided_data is either NULL or a pointer to
DRBG_CTR_AES256_SEED_SIZE (= 48) bytes. */
static void
drbg_ctr_aes256_update (struct aes256_ctx *key,
union nettle_block16 *V, const uint8_t *provided_data)
{
union nettle_block16 tmp[3];
drbg_ctr_aes256_output (key, V, DRBG_CTR_AES256_SEED_SIZE, tmp[0].b);
if (provided_data)
memxor (tmp[0].b, provided_data, DRBG_CTR_AES256_SEED_SIZE);
aes256_set_encrypt_key (key, tmp[0].b);
block16_set (V, &tmp[2]);
}
void
drbg_ctr_aes256_init (struct drbg_ctr_aes256_ctx *ctx, uint8_t *seed_material)
{
static const uint8_t zero_key[AES256_KEY_SIZE] = {0};
aes256_set_encrypt_key (&ctx->key, zero_key);
block16_zero (&ctx->V);
drbg_ctr_aes256_update (&ctx->key, &ctx->V, seed_material);
}
void
drbg_ctr_aes256_random (struct drbg_ctr_aes256_ctx *ctx,
size_t n, uint8_t *dst)
{
drbg_ctr_aes256_output (&ctx->key, &ctx->V, n, dst);
drbg_ctr_aes256_update (&ctx->key, &ctx->V, NULL);
}
drbg-ctr.h 0 → 100644
View file @ 53c76a47
/* drbg-ctr.h
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_DRBG_CTR_H_INCLUDED
#define NETTLE_DRBG_CTR_H_INCLUDED
#include "nettle-types.h"
#include "aes.h"
#ifdef __cplusplus
extern "C"
{
#endif
/* Namespace mangling */
#define drbg_ctr_aes256_init nettle_drbg_ctr_aes256_init
#define drbg_ctr_aes256_random nettle_drbg_ctr_aes256_random
#define DRBG_CTR_AES256_SEED_SIZE (AES_BLOCK_SIZE + AES256_KEY_SIZE)
struct drbg_ctr_aes256_ctx
{
struct aes256_ctx key;
union nettle_block16 V;
};
/* Initialize using DRBG_CTR_AES256_SEED_SIZE bytes of
SEED_MATERIAL. */
void
drbg_ctr_aes256_init (struct drbg_ctr_aes256_ctx *ctx,
uint8_t *seed_material);
/* Output N bytes of random data into DST. */
void
drbg_ctr_aes256_random (struct drbg_ctr_aes256_ctx *ctx,
size_t n, uint8_t *dst);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_DRBG_CTR_H_INCLUDED */
dsa-gen-params.c 0 → 100644
View file @ 53c76a47
/* dsa-gen-params.c
Generation of DSA parameters
Copyright (C) 2002, 2013, 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include <stdlib.h>
#include "dsa.h"
#include "bignum.h"
#include "nettle-internal.h"
#include "hogweed-internal.h"
/* Valid sizes, according to FIPS 186-3 are (1024, 160), (2048, 224),
(2048, 256), (3072, 256). */
int
dsa_generate_params(struct dsa_params *params,
void *random_ctx, nettle_random_func *random,
void *progress_ctx, nettle_progress_func *progress,
unsigned p_bits, unsigned q_bits)
{
mpz_t r;
unsigned p0_bits;
unsigned a;
if (q_bits < 30 || p_bits < q_bits + 30)
return 0;
mpz_init (r);
nettle_random_prime (params->q, q_bits, 0, random_ctx, random,
progress_ctx, progress);
if (q_bits >= (p_bits + 2)/3)
_nettle_generate_pocklington_prime (params->p, r, p_bits, 0,
random_ctx, random,
params->q, NULL, params->q);
else
{
mpz_t p0, p0q;
mpz_init (p0);
mpz_init (p0q);
p0_bits = (p_bits + 3)/2;
nettle_random_prime (p0, p0_bits, 0,
random_ctx, random,
progress_ctx, progress);
if (progress)
progress (progress_ctx, 'q');
/* Generate p = 2 r q p0 + 1, such that 2^{n-1} < p < 2^n. */
mpz_mul (p0q, p0, params->q);
_nettle_generate_pocklington_prime (params->p, r, p_bits, 0,
random_ctx, random,
p0, params->q, p0q);
mpz_mul (r, r, p0);
mpz_clear (p0);
mpz_clear (p0q);
}
if (progress)
progress (progress_ctx, 'p');
for (a = 2; ; a++)
{
mpz_set_ui (params->g, a);
mpz_powm (params->g, params->g, r, params->p);
if (mpz_cmp_ui (params->g, 1) != 0)
break;
}
mpz_clear (r);
if (progress)
progress (progress_ctx, 'g');
return 1;
}
dsa-hash.c 0 → 100644
View file @ 53c76a47
/* dsa-hash.c
Copyright (C) 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "dsa.h"
#include "dsa-internal.h"
#include "gmp-glue.h"
/* Convert hash value to an integer. The general description of DSA in
FIPS186-3 allows both larger and smaller q; in the the former case
the hash is zero-padded at the left, in the latter case, the hash
is truncated at the right.
NOTE: We don't considered the hash value to be secret, so it's ok
if the running time of this conversion depends on h.
Output size is ceil(bit_size / GMP_NUMB_BITS).
*/
void
_nettle_dsa_hash (mp_limb_t *hp, unsigned bit_size,
size_t length, const uint8_t *digest)
{
unsigned octet_size = (bit_size + 7) / 8;
unsigned limb_size = NETTLE_BIT_SIZE_TO_LIMB_SIZE (bit_size);
if (length > octet_size)
length = octet_size;
mpn_set_base256(hp, limb_size, digest, length);
if (8 * length > bit_size)
/* We got a few extra bits, at the low end. Discard them. */
mpn_rshift (hp, hp, limb_size, 8*length - bit_size);
}
/* Uses little-endian order, and no trimming of left-over bits in the
last byte (bits will instead be reduced mod q later). */
void
_nettle_gostdsa_hash (mp_limb_t *hp, unsigned bit_size,
size_t length, const uint8_t *digest)
{
unsigned octet_size = (bit_size + 7) / 8;
unsigned limb_size = NETTLE_BIT_SIZE_TO_LIMB_SIZE (bit_size);
if (length > octet_size)
length = octet_size;
mpn_set_base256_le(hp, limb_size, digest, length);
}
dsa-internal.h 0 → 100644
View file @ 53c76a47
/* dsa-internal.h
The DSA publickey algorithm.
Copyright (C) 2002, 2013, 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_DSA_INTERNAL_H_INCLUDED
#define NETTLE_DSA_INTERNAL_H_INCLUDED
#include "nettle-types.h"
/* Internal functions. */
void
_nettle_dsa_hash (mp_limb_t *hp, unsigned bit_size,
size_t length, const uint8_t *digest);
void
_nettle_gostdsa_hash (mp_limb_t *hp, unsigned bit_size,
size_t length, const uint8_t *digest);
#endif /* NETTLE_DSA_INTERNAL_H_INCLUDED */