* (too short? error)
*
* hbytes range VALUE START SIZE => substring (or error)
+ * hbytes overwrite VAR START VALUE
+ * hbytes trimleft VAR removes any leading 0 octets
+ * hbytes repeat VALUE COUNT => COUNT copies of VALUE
*
- * hbytes h2ulong HEX => ulong (HEX len must be 4)
- * hbytes ulong2h UL => hex
- *
- * ulong ul2bitfields VALUE [SIZE TYPE [TYPE-ARG...] ...] => 0/1
- * ulong bitfields2ul BASE [SIZE TYPE [TYPE-ARG...] ...] => ULONG
- * goes from left (MSbit) to right (LSbit) where
- * SIZE is size in bits
- * TYPE [TYPE-ARGS...] is as below
- * zero
- * ignore
- * fixed ULONG-VALUE
- * uint VARNAME/VALUE (VARNAME if ul2bitfields;
- * ulong VARNAME/VALUE VALUE if bitfields2ul)
- *
- * ulong ul2int ULONG => INT can fail if >INT_MAX
- * ulong int2ul INT => ULONG can fail if <0
- *
- * hbytes shift l|r ULONG BITS fails if BITS >32
- * hbytes mask A B => A & B
+ * hbytes ushort2h LONG => LONG must be <2^16, returns as hex
+ * hbytes h2ushort HEX => |HEX| must be 2 bytes, returns as ulong
*
* hbytes compare A B
* => -2 A is lexically earlier than B and not a prefix of B (A<B)
* hbytes pkcs5 pa|ua VAR ALG => worked? (always 1 for p)
* hbytes pkcs5 pn|un VAR BLOCKSIZE => worked? (always 1 for p)
* hbytes blockcipher d|e VAR ALG KEY MODE [IV] => IV
+ * hbytes blockcipher mac MSG ALG KEY MODE IV => final block
+ * hbytes blockcipher prop PROPERTY ALG => property value
*
* hbytes hash ALG MESSAGE => hash
* hbytes hmac ALG MESSAGE KEY [MACLENGTH] => mac
+ * hbytes hash-prop PROPERTY ALG => property value
+ *
+ * ulong ul2int ULONG => INT can fail if >INT_MAX
+ * ulong int2ul INT => ULONG can fail if <0
+ * ulong mask A B => A & B
+ * ulong add A B => A + B (mod 2^32)
+ * ulong subtract A B => A - B (mod 2^32)
+ * ulong compare A B => 0 -1 (A<B) +1 (A>B)
+ * ulong shift l|r ULONG BITS fails if BITS >32
+ *
+ * ulong ul2bitfields VALUE [SIZE TYPE [TYPE-ARG...] ...] => 0/1
+ * ulong bitfields2ul BASE [SIZE TYPE [TYPE-ARG...] ...] => ULONG
+ * goes from left (MSbit) to right (LSbit) where
+ * SIZE is size in bits
+ * TYPE [TYPE-ARGS...] is as below
+ * zero
+ * ignore
+ * fixed ULONG-VALUE
+ * uint VARNAME/VALUE (VARNAME if ul2bitfields;
+ * ulong VARNAME/VALUE VALUE if bitfields2ul)
+ *
+ * Error codes
+ *
+ * HBYTES BLOCKCIPHER CRYPTFAIL CRYPT block cipher mode failed somehow (!)
+ * HBYTES BLOCKCIPHER CRYPTFAIL MAC HMAC failed somehow (!)
+ * HBYTES BLOCKCIPHER LENGTH block cipher input has unsuitable length
+ * HBYTES BLOCKCIPHER PARAMS key or iv not suitable
+ * HBYTES HMAC PARAMS key, input or output size not suitable
+ * HBYTES LENGTH OVERRUN block too long
+ * HBYTES LENGTH RANGE input length or offset is -ve or silly
+ * HBYTES LENGTH UNDERRUN block too short (or offset too big)
+ * HBYTES SYNTAX supposed hex block had wrong syntax
+ * HBYTES VALUE OVERFLOW value to be conv'd to hex too big/long
+ * SOCKADDR AFUNIX LENGTH path for AF_UNIX socket too long
+ * SOCKADDR SYNTAX IPV4 bad IPv4 socket address &/or port
+ * SOCKADDR SYNTAX OTHER bad socket addr, couldn't tell what kind
+ * ULONG BITCOUNT NEGATIVE -ve bitcount specified where not allowed
+ * ULONG BITCOUNT OVERRUN attempt to use more than 32 bits
+ * ULONG BITCOUNT UNDERRUN bitfields add up to less than 32
+ * ULONG VALUE NEGATIVE attempt convert -ve integers to ulong
+ * ULONG VALUE OVERFLOW converted value does not fit in result
*
* Refs: HMAC: RFC2104
*/
/* from hook.c */
-int staticerr(Tcl_Interp *ip, const char *m);
+int staticerr(Tcl_Interp *ip, const char *m, const char *ec);
int posixerr(Tcl_Interp *ip, int errnoval, const char *m);
void objfreeir(Tcl_Obj *o);
int get_urandom(Tcl_Interp *ip, Byte *buffer, int l);
typedef struct {
HBytes_Value *hb;
Tcl_Obj *obj, *var;
+ int copied;
} HBytes_Var;
void fini_hbv(Tcl_Interp *ip, int rc, HBytes_Var *agg);
/* from algtables.c */
+typedef struct {
+ const char *name;
+ int int_offset;
+} BlockCipherPropInfo, HashAlgPropInfo;
+
typedef struct {
const char *name;
int hashsize, blocksize, statesize;
void (*init)(void *state);
- void (*update)(void *state, const Byte *data, int len);
- void (*final)(void *state, Byte *digest);
- void (*oneshot)(Byte *digest, const Byte *data, int len);
+ void (*update)(void *state, const void *data, int len);
+ void (*final)(void *state, void *digest);
+ void (*oneshot)(void *digest, const void *data, int len);
} HashAlgInfo;
extern const HashAlgInfo hashalginfos[];
typedef struct {
- void (*make_schedule)(void *schedule, const Byte *key, int keylen);
+ void (*make_schedule)(void *schedule, const void *key, int keylen);
void (*crypt)(const void *schedule, const void *in, void *out);
/* in and out may be the same, but if they aren't they may not overlap */
/* in and out for crypt will have been through block_byteswap */
-} BlockCipherDirectionInfo;
+} BlockCipherPerDirectionInfo;
typedef struct {
const char *name;
int blocksize, schedule_size, key_min, key_max;
- void (*byteswap)(Byte *block);
- BlockCipherDirectionInfo encrypt, decrypt;
+ void (*byteswap)(void *block);
+ BlockCipherPerDirectionInfo encrypt, decrypt;
} BlockCipherAlgInfo;
extern const BlockCipherAlgInfo blockcipheralginfos[];
typedef struct {
const char *name;
- int iv_blocks, buf_blocks;
- const char *(*encrypt)(Byte *data, int blocks,
+ int iv_blocks, buf_blocks, mac_blocks;
+
+ /* Each function is allowed to use up to buf_blocks * blocksize
+ * bytes of space in buf. data is blocks * blocksize bytes
+ * long. data should be modified in place by encrypt and decrypt;
+ * modes may not change the size of data. iv is always provided and
+ * is always of length iv_blocks * blocksize; encrypt and
+ * decrypt may modify the iv value (in which case the Tcl caller
+ * will get the modified IV) but this is not recommended. mac
+ * should leave the mac, which must be mac_blocks * blocksize
+ * bytes, in buf. (Therefore mac_blocks must be at least
+ * buf_blocks.)
+ */
+ const char *(*encrypt)(Byte *data, int nblocks,
const Byte *iv, Byte *buf,
const BlockCipherAlgInfo *alg, int encr,
- int blocksize, const void *sch);
- const char *(*decrypt)(Byte *data, int blocks,
+ const void *sch);
+ const char *(*decrypt)(Byte *data, int nblocks,
const Byte *iv, Byte *buf,
const BlockCipherAlgInfo *alg, int encr,
- int blocksize, const void *sch);
- /* in each case, *iv is provided, but may be modified */
+ const void *sch);
+ const char *(*mac)(const Byte *data, int nblocks,
+ const Byte *iv, Byte *buf,
+ const BlockCipherAlgInfo *alg,
+ const void *sch);
} BlockCipherModeInfo;
extern const BlockCipherModeInfo blockciphermodeinfos[];