+
+#define OBJ_CIPHKEY(o) ((CiphKeyValue*)(o)->internalRep.otherValuePtr)
+
+typedef struct {
+ int valuelen, bufferslen;
+ Byte *value, *buffers;
+ const void *alg;
+ void *alpha, *beta; /* key schedules etc.; each may be 0 */
+} CiphKeyValue;
+
+static void freealg(CiphKeyValue *key) {
+ TFREE(key->alpha);
+ TFREE(key->beta);
+}
+
+static void key_t_free(Tcl_Obj *obj) {
+ CiphKeyValue *key= OBJ_CIPHKEY(obj);
+ freealg(key);
+ TFREE(key->value);
+ TFREE(key->buffers);
+}
+
+static void noalg(CiphKeyValue *key) {
+ key->alg= 0;
+ key->alpha= key->beta= 0;
+}
+
+static void key_t_dup(Tcl_Obj *src_obj, Tcl_Obj *dup_obj) {
+ CiphKeyValue *src= OBJ_CIPHKEY(src_obj);
+ CiphKeyValue *dup= TALLOC(sizeof(*dup));
+ dup->valuelen= src->valuelen;
+ dup->value= src->valuelen ? TALLOC(src->valuelen) : 0;
+ dup->buffers= 0; dup->bufferslen= 0;
+ memcpy(dup->value, src->value, src->valuelen);
+ noalg(dup);
+ dup_obj->internalRep.otherValuePtr= dup;
+ dup_obj->typePtr= &cht_blockcipherkey_type;
+}
+
+static void key_t_ustr(Tcl_Obj *o) {
+ cht_obj_updatestr_array(o, OBJ_CIPHKEY(o)->value, OBJ_CIPHKEY(o)->valuelen);
+}
+
+static int key_t_sfa(Tcl_Interp *ip, Tcl_Obj *o) {
+ int rc, l;
+ CiphKeyValue *val;
+
+ rc= Tcl_ConvertToType(ip,o,&cht_hbytes_type); if (rc) return rc;
+ val= TALLOC(sizeof(*val));
+ val->valuelen= l= cht_hb_len(OBJ_HBYTES(o));
+ val->value= TALLOC(l);
+ val->buffers= 0;
+ val->bufferslen= 0;
+ memcpy(val->value, cht_hb_data(OBJ_HBYTES(o)), l);
+ noalg(val);
+
+ cht_objfreeir(o);
+ o->internalRep.otherValuePtr= val;
+ o->typePtr= &cht_blockcipherkey_type;
+
+ return TCL_OK;
+}
+
+Tcl_ObjType cht_blockcipherkey_type = {
+ "blockcipher-key",
+ key_t_free, key_t_dup, key_t_ustr, key_t_sfa
+};
+
+static CiphKeyValue *get_key(Tcl_Interp *ip, Tcl_Obj *key_obj,
+ const void *alg, int want_bufferslen) {
+ CiphKeyValue *key;
+ int rc;
+
+ rc= Tcl_ConvertToType(ip,key_obj,&cht_blockcipherkey_type); if (rc) return 0;
+ key= OBJ_CIPHKEY(key_obj);
+
+ if (key->alg != alg) {
+ freealg(key);
+ noalg(key);
+ key->alg= alg;
+ }
+
+ if (key->bufferslen < want_bufferslen) {
+ TFREE(key->buffers);
+ key->buffers= TALLOC(want_bufferslen);
+ key->bufferslen= want_bufferslen;
+ }
+ return key;
+}
+
+int cht_do_hbcrypto_blockcipher(ClientData cd, Tcl_Interp *ip,
+ const BlockCipherOp *op,
+ int objc, Tcl_Obj *const *objv) {
+ return op->func((void*)op,ip,objc,objv);
+}
+
+static int blockcipher_prep(Tcl_Interp *ip, Tcl_Obj *key_obj,
+ const HBytes_Value *iv, int decrypt,
+ const BlockCipherAlgInfo *alg,
+ const BlockCipherModeInfo *mode, int data_len,
+ const CiphKeyValue **key_r, const void **sched_r,
+ const Byte **iv_r, int *iv_lenbytes_r,
+ Byte **buffers_r, int *nblocks_r) {
+ void *sched, **schedp;
+ int want_bufferslen, want_iv;
+ int rc;
+ CiphKeyValue *key;
+
+ if (data_len % alg->blocksize)
+ return cht_staticerr(ip, "block cipher input not whole number of blocks",
+ "HBYTES BLOCKCIPHER LENGTH");
+
+ want_bufferslen= alg->blocksize * (mode->buf_blocks + mode->iv_blocks);
+ key= get_key(ip, key_obj, alg, want_bufferslen); if (!key) return TCL_ERROR;
+
+ schedp= (alg->decrypt.make_schedule==alg->encrypt.make_schedule
+ || !decrypt) ? &key->alpha : &key->beta;
+ sched= *schedp;
+ if (!sched) {
+ if (key->valuelen < alg->key_min)
+ return cht_staticerr(ip, "key too short", "HBYTES BLOCKCIPHER PARAMS");
+ if (key->valuelen > alg->key_max)
+ return cht_staticerr(ip, "key too long", "HBYTES BLOCKCIPHER PARAMS");
+
+ sched= TALLOC(alg->schedule_size);
+ (decrypt ? &alg->decrypt : &alg->encrypt)->make_schedule
+ (sched, key->value, key->valuelen);
+ *schedp= sched;
+ }
+
+ want_iv= alg->blocksize * mode->iv_blocks;
+ if (!want_iv) {
+ if (!cht_hb_issentinel(iv))
+ return cht_staticerr(ip,"iv supplied but mode does not take one", 0);
+ } else if (cht_hb_issentinel(iv)) {
+ if (decrypt) return cht_staticerr(ip,"must supply iv when decrypting", 0);
+ rc= cht_get_urandom(ip, key->buffers, want_iv);
+ if (rc) return rc;
+ } else {
+ int iv_supplied= cht_hb_len(iv);
+ if (iv_supplied > want_iv)
+ return cht_staticerr(ip, "iv too large for algorithm and mode",
+ "HBYTES BLOCKCIPHER PARAMS");
+ memcpy(key->buffers, cht_hb_data(iv), iv_supplied);
+ memset(key->buffers + iv_supplied, 0, want_iv - iv_supplied);
+ }
+
+ *key_r= key;
+ *sched_r= sched;
+
+ *iv_r= key->buffers;
+ *iv_lenbytes_r= want_iv;
+
+ *buffers_r= key->buffers + want_iv;
+ *nblocks_r= data_len / alg->blocksize;
+
+ return TCL_OK;
+}
+
+int cht_do_blockcipherop_d(ClientData cd, Tcl_Interp *ip,
+ HBytes_Var v, const BlockCipherAlgInfo *alg,
+ Tcl_Obj *key_obj, const BlockCipherModeInfo *mode,
+ HBytes_Value iv, HBytes_Value *result) {
+ return cht_do_blockcipherop_e(cd,ip,v,alg,key_obj,mode,iv,result);
+}
+
+int cht_do_blockcipherop_e(ClientData cd, Tcl_Interp *ip,
+ HBytes_Var v, const BlockCipherAlgInfo *alg,
+ Tcl_Obj *key_obj, const BlockCipherModeInfo *mode,
+ HBytes_Value iv, HBytes_Value *result) {
+ const BlockCipherOp *op= (const void*)cd;
+ int encrypt= op->encrypt;
+ int rc, iv_lenbytes;
+ const CiphKeyValue *key;
+ const char *failure;
+ const Byte *ivbuf;
+ Byte *buffers;
+ const void *sched;
+ int nblocks;
+
+ if (!mode->encrypt)
+ return cht_staticerr(ip, "mode does not support encrypt/decrypt", 0);
+
+ rc= blockcipher_prep(ip,key_obj,&iv,!encrypt,
+ alg,mode, cht_hb_len(v.hb),
+ &key,&sched,
+ &ivbuf,&iv_lenbytes,
+ &buffers,&nblocks);
+ if (rc) return rc;
+
+ failure=
+ (encrypt ? mode->encrypt : mode->decrypt)
+ (cht_hb_data(v.hb), nblocks, ivbuf, buffers, alg, encrypt, sched);
+
+ if (failure)
+ return cht_staticerr(ip, failure, "HBYTES BLOCKCIPHER CRYPTFAIL CRYPT");
+
+ cht_hb_array(result, ivbuf, iv_lenbytes);
+
+ return TCL_OK;
+}
+
+int cht_do_blockcipherop_mac(ClientData cd, Tcl_Interp *ip,
+ HBytes_Value msg, const BlockCipherAlgInfo *alg,
+ Tcl_Obj *key_obj, const BlockCipherModeInfo *mode,
+ HBytes_Value iv, HBytes_Value *result) {
+ const CiphKeyValue *key;
+ const char *failure;
+ const Byte *ivbuf;
+ Byte *buffers;
+ const void *sched;
+ int nblocks, iv_lenbytes;
+ int rc;
+
+ if (!mode->mac)
+ return cht_staticerr(ip, "mode does not support mac generation", 0);
+
+ rc= blockcipher_prep(ip,key_obj,&iv,0,
+ alg,mode, cht_hb_len(&msg),
+ &key,&sched,
+ &ivbuf,&iv_lenbytes,
+ &buffers,&nblocks);
+ if (rc) return rc;
+
+ failure= mode->mac(cht_hb_data(&msg), nblocks, ivbuf, buffers, alg, sched);
+ if (failure)
+ return cht_staticerr(ip,failure, "HBYTES BLOCKCIPHER CRYPTFAIL MAC");
+
+ cht_hb_array(result, buffers, alg->blocksize * mode->mac_blocks);
+
+ return TCL_OK;
+}
+
+int cht_do_hbcrypto_hmac(ClientData cd, Tcl_Interp *ip, const HashAlgInfo *alg,
+ HBytes_Value message, Tcl_Obj *key_obj,
+ Tcl_Obj *maclen_obj, HBytes_Value *result) {
+ /* key->alpha = state after H(K XOR ipad <unfinished>
+ * key->beta = state after H(K XOR opad <unfinished>
+ * key->buffers = room for one block, or one state
+ */
+ CiphKeyValue *key;
+ Byte *dest;
+ int i, ml, rc;
+
+ if (maclen_obj) {
+ rc= Tcl_GetIntFromObj(ip, maclen_obj, &ml); if (rc) return rc;
+ if (ml<0 || ml>alg->hashsize)
+ return cht_staticerr(ip, "requested hmac output size out of range",
+ "HBYTES HMAC PARAMS");
+ } else {
+ ml= alg->hashsize;
+ }
+
+ key= get_key(ip, key_obj, alg,
+ alg->blocksize > alg->statesize
+ ? alg->blocksize : alg->statesize);
+
+ if (!key->alpha) {
+ assert(!key->beta);
+
+ if (key->valuelen > alg->blocksize)
+ return cht_staticerr(ip, "key to hmac longer than hash block size",
+ "HBYTES HMAC PARAMS");
+
+ memcpy(key->buffers, key->value, key->valuelen);
+ memset(key->buffers + key->valuelen, 0, alg->blocksize - key->valuelen);
+ for (i=0; i<alg->blocksize; i++) key->buffers[i] ^= 0x36;
+
+ key->alpha= TALLOC(alg->statesize);
+ alg->init(key->alpha);
+ alg->update(key->alpha, key->buffers, alg->blocksize);
+
+ key->beta= TALLOC(alg->statesize);
+ alg->init(key->beta);
+ for (i=0; i<alg->blocksize; i++) key->buffers[i] ^= (0x5c ^ 0x36);
+ alg->update(key->beta, key->buffers, alg->blocksize);
+ }
+ assert(key->beta);
+
+ dest= cht_hb_arrayspace(result, alg->hashsize);
+
+ memcpy(key->buffers, key->alpha, alg->statesize);
+ alg->update(key->buffers, cht_hb_data(&message), cht_hb_len(&message));
+ alg->final(key->buffers, dest);
+
+ memcpy(key->buffers, key->beta, alg->statesize);
+ alg->update(key->buffers, dest, alg->hashsize);
+ alg->final(key->buffers, dest);
+
+ cht_hb_unappend(result, alg->hashsize - ml);
+
+ return TCL_OK;
+}
+
+int cht_do_blockcipherop_prop(ClientData cd, Tcl_Interp *ip,
+ const BlockCipherPropInfo *prop,
+ const BlockCipherAlgInfo *alg, int *result) {
+ *result= *(const int*)((const char*)alg + prop->int_offset);
+ return TCL_OK;
+}
+
+int cht_do_hbcrypto_hash_prop(ClientData cd, Tcl_Interp *ip,
+ const HashAlgPropInfo *prop,
+ const HashAlgInfo *alg, int *result) {
+ *result= *(const int*)((const char*)alg + prop->int_offset);
+ return TCL_OK;
+}