9 const PadOp padops[]= {
19 int pad, blocksize; /* 0 or 1 */
20 } PadMethodClientData;
22 int do_hbytes_pad(ClientData cd, Tcl_Interp *ip, const PadOp *op,
23 HBytes_Var v, Tcl_Obj *blocksz, const PadMethodInfo *meth,
24 int methargsc, Tcl_Obj *const *methargsv) {
25 PadMethodClientData pmcd;
28 if (op->use_algname) {
29 const BlockCipherAlgInfo *alg;
30 alg= enum_lookup_cached(ip,blocksz,blockcipheralginfos,
31 "blockcipher alg for pad");
32 if (!alg) return TCL_ERROR;
33 pmcd.blocksize= alg->blocksize;
35 rc= Tcl_GetIntFromObj(ip, blocksz, &pmcd.blocksize); if (rc) return rc;
36 if (pmcd.blocksize < 1) staticerr(ip, "block size must be at least 1", 0);
42 return meth->func(&pmcd,ip,methargsc,methargsv);
45 int do_padmethodinfo_rfc2406(ClientData cd, Tcl_Interp *ip,
46 Tcl_Obj *nxthdr_arg, int *ok) {
47 const PadMethodClientData *pmcd= (const void*)cd;
48 int i, rc, padlen, old_len;
50 if (pmcd->blocksize > 256)
51 return staticerr(ip, "block size too large for RFC2406 padding", 0);
57 rc= pat_hb(ip,nxthdr_arg,&nxthdr);
60 if (hbytes_len(&nxthdr) != 1) return
61 staticerr(ip, "RFC2406 next header field must be exactly 1 byte", 0);
62 padlen= pmcd->blocksize-1 - ((hbytes_len(pmcd->hb)+1) % pmcd->blocksize);
63 padding= hbytes_append(pmcd->hb, padlen+2);
64 for (i=1; i<=padlen; i++)
67 *padding++ = hbytes_data(&nxthdr)[0];
71 const Byte *padding, *trailer;
73 Tcl_Obj *nxthdr_valobj, *ro;
76 old_len= hbytes_len(pmcd->hb); if (old_len % pmcd->blocksize) goto quit;
77 trailer= hbytes_unappend(pmcd->hb, 2); if (!trailer) goto quit;
80 hbytes_array(&nxthdr,trailer+1,1);
81 nxthdr_valobj= ret_hb(ip,nxthdr);
82 ro= Tcl_ObjSetVar2(ip,nxthdr_arg,0,nxthdr_valobj,TCL_LEAVE_ERR_MSG);
83 if (!ro) { Tcl_DecrRefCount(nxthdr_valobj); return TCL_ERROR; }
85 padding= hbytes_unappend(pmcd->hb, padlen);
86 for (i=1; i<=padlen; i++)
87 if (*padding++ != i) goto quit;
98 int do_padmethodinfo_pkcs5(ClientData cd, Tcl_Interp *ip, int *ok) {
99 const PadMethodClientData *pmcd= (const void*)cd;
100 int padlen, old_len, i;
102 if (pmcd->blocksize > 255)
103 return staticerr(ip, "block size too large for pkcs#5", 0);
109 padlen= pmcd->blocksize - (hbytes_len(pmcd->hb) % pmcd->blocksize);
110 padding= hbytes_append(pmcd->hb, padlen);
111 memset(padding, padlen, padlen);
117 old_len= hbytes_len(pmcd->hb); if (old_len % pmcd->blocksize) goto bad;
118 padding= hbytes_unappend(pmcd->hb, 1); if (!padding) goto bad;
120 if (padlen < 1 || padlen > pmcd->blocksize) goto bad;
121 padding= hbytes_unappend(pmcd->hb, padlen-1); if (!padding) goto bad;
123 for (i=0; i<padlen-1; i++, padding++) if (*padding != padlen) goto bad;
135 int do_hbytes_hash(ClientData cd, Tcl_Interp *ip, const HashAlgInfo *alg,
136 HBytes_Value message, HBytes_Value *result) {
139 dest= hbytes_arrayspace(result,alg->hashsize);
140 alg->oneshot(dest, hbytes_data(&message), hbytes_len(&message));
144 #define OBJ_CIPHKEY(o) ((CiphKeyValue*)(o)->internalRep.otherValuePtr)
147 int valuelen, bufferslen;
148 Byte *value, *buffers;
150 void *alpha, *beta; /* key schedules etc.; each may be 0 */
153 static void freealg(CiphKeyValue *key) {
158 static void key_t_free(Tcl_Obj *obj) {
159 CiphKeyValue *key= OBJ_CIPHKEY(obj);
165 static void noalg(CiphKeyValue *key) {
167 key->alpha= key->beta= 0;
170 static void key_t_dup(Tcl_Obj *src_obj, Tcl_Obj *dup_obj) {
171 CiphKeyValue *src= OBJ_CIPHKEY(src_obj);
172 CiphKeyValue *dup= TALLOC(sizeof(*dup));
173 dup->valuelen= src->valuelen;
174 dup->value= src->valuelen ? TALLOC(src->valuelen) : 0;
175 dup->buffers= 0; dup->bufferslen= 0;
176 memcpy(dup->value, src->value, src->valuelen);
178 dup_obj->internalRep.otherValuePtr= dup;
179 dup_obj->typePtr= &blockcipherkey_type;
182 static void key_t_ustr(Tcl_Obj *o) {
183 obj_updatestr_array(o, OBJ_CIPHKEY(o)->value, OBJ_CIPHKEY(o)->valuelen);
186 static int key_t_sfa(Tcl_Interp *ip, Tcl_Obj *o) {
190 rc= Tcl_ConvertToType(ip,o,&hbytes_type); if (rc) return rc;
191 val= TALLOC(sizeof(*val));
192 val->valuelen= l= hbytes_len(OBJ_HBYTES(o));
193 val->value= TALLOC(l);
196 memcpy(val->value, hbytes_data(OBJ_HBYTES(o)), l);
200 o->internalRep.otherValuePtr= val;
201 o->typePtr= &blockcipherkey_type;
206 Tcl_ObjType blockcipherkey_type = {
208 key_t_free, key_t_dup, key_t_ustr, key_t_sfa
211 static CiphKeyValue *get_key(Tcl_Interp *ip, Tcl_Obj *key_obj,
212 const void *alg, int want_bufferslen) {
216 rc= Tcl_ConvertToType(ip,key_obj,&blockcipherkey_type); if (rc) return 0;
217 key= OBJ_CIPHKEY(key_obj);
219 if (key->alg != alg) {
225 if (key->bufferslen < want_bufferslen) {
227 key->buffers= TALLOC(want_bufferslen);
228 key->bufferslen= want_bufferslen;
233 int do_hbytes_blockcipher(ClientData cd, Tcl_Interp *ip,
234 const BlockCipherOp *op,
235 int objc, Tcl_Obj *const *objv) {
236 return op->func((void*)op,ip,objc,objv);
239 static int blockcipher_prep(Tcl_Interp *ip, Tcl_Obj *key_obj,
240 const HBytes_Value *iv, int decrypt,
241 const BlockCipherAlgInfo *alg,
242 const BlockCipherModeInfo *mode, int data_len,
243 const CiphKeyValue **key_r, const void **sched_r,
244 const Byte **iv_r, int *iv_lenbytes_r,
245 Byte **buffers_r, int *nblocks_r) {
246 void *sched, **schedp;
247 int want_bufferslen, want_iv;
251 if (data_len % alg->blocksize)
252 return staticerr(ip, "block cipher input not whole number of blocks",
253 "HBYTES BLOCKCIPHER LENGTH");
255 want_bufferslen= alg->blocksize * (mode->buf_blocks + mode->iv_blocks);
256 key= get_key(ip, key_obj, alg, want_bufferslen); if (!key) return TCL_ERROR;
258 schedp= (alg->decrypt.make_schedule==alg->encrypt.make_schedule
259 || !decrypt) ? &key->alpha : &key->beta;
262 if (key->valuelen < alg->key_min)
263 return staticerr(ip, "key too short", "HBYTES BLOCKCIPHER PARAMS");
264 if (key->valuelen > alg->key_max)
265 return staticerr(ip, "key too long", "HBYTES BLOCKCIPHER PARAMS");
267 sched= TALLOC(alg->schedule_size);
268 (decrypt ? &alg->decrypt : &alg->encrypt)->make_schedule
269 (sched, key->value, key->valuelen);
273 want_iv= alg->blocksize * mode->iv_blocks;
275 if (!hbytes_issentinel(iv))
276 return staticerr(ip,"iv supplied but mode does not take one", 0);
277 } else if (hbytes_issentinel(iv)) {
278 if (decrypt) return staticerr(ip,"must supply iv when decrypting", 0);
279 rc= get_urandom(ip, key->buffers, want_iv);
282 int iv_supplied= hbytes_len(iv);
283 if (iv_supplied > want_iv)
284 return staticerr(ip, "iv too large for algorithm and mode",
285 "HBYTES BLOCKCIPHER PARAMS");
286 memcpy(key->buffers, hbytes_data(iv), iv_supplied);
287 memset(key->buffers + iv_supplied, 0, want_iv - iv_supplied);
294 *iv_lenbytes_r= want_iv;
296 *buffers_r= key->buffers + want_iv;
297 *nblocks_r= data_len / alg->blocksize;
302 int do_blockcipherop_d(ClientData cd, Tcl_Interp *ip,
303 HBytes_Var v, const BlockCipherAlgInfo *alg,
304 Tcl_Obj *key_obj, const BlockCipherModeInfo *mode,
305 HBytes_Value iv, HBytes_Value *result) {
306 return do_blockcipherop_e(cd,ip,v,alg,key_obj,mode,iv,result);
309 int do_blockcipherop_e(ClientData cd, Tcl_Interp *ip,
310 HBytes_Var v, const BlockCipherAlgInfo *alg,
311 Tcl_Obj *key_obj, const BlockCipherModeInfo *mode,
312 HBytes_Value iv, HBytes_Value *result) {
313 const BlockCipherOp *op= (const void*)cd;
314 int encrypt= op->encrypt;
316 const CiphKeyValue *key;
324 return staticerr(ip, "mode does not support encrypt/decrypt", 0);
326 rc= blockcipher_prep(ip,key_obj,&iv,!encrypt,
327 alg,mode, hbytes_len(v.hb),
334 (encrypt ? mode->encrypt : mode->decrypt)
335 (hbytes_data(v.hb), nblocks, ivbuf, buffers, alg, encrypt, sched);
338 return staticerr(ip, failure, "HBYTES BLOCKCIPHER CRYPTFAIL CRYPT");
340 hbytes_array(result, ivbuf, iv_lenbytes);
345 int do_blockcipherop_mac(ClientData cd, Tcl_Interp *ip,
346 HBytes_Value msg, const BlockCipherAlgInfo *alg,
347 Tcl_Obj *key_obj, const BlockCipherModeInfo *mode,
348 HBytes_Value iv, HBytes_Value *result) {
349 const CiphKeyValue *key;
354 int nblocks, iv_lenbytes;
358 return staticerr(ip, "mode does not support mac generation", 0);
360 rc= blockcipher_prep(ip,key_obj,&iv,0,
361 alg,mode, hbytes_len(&msg),
367 failure= mode->mac(hbytes_data(&msg), nblocks, ivbuf, buffers, alg, sched);
369 return staticerr(ip,failure, "HBYTES BLOCKCIPHER CRYPTFAIL MAC");
371 hbytes_array(result, buffers, alg->blocksize * mode->mac_blocks);
376 int do_hbytes_hmac(ClientData cd, Tcl_Interp *ip, const HashAlgInfo *alg,
377 HBytes_Value message, Tcl_Obj *key_obj,
378 Tcl_Obj *maclen_obj, HBytes_Value *result) {
379 /* key->alpha = state after H(K XOR ipad <unfinished>
380 * key->beta = state after H(K XOR opad <unfinished>
381 * key->buffers = room for one block, or one state
388 rc= Tcl_GetIntFromObj(ip, maclen_obj, &ml); if (rc) return rc;
389 if (ml<0 || ml>alg->hashsize)
390 return staticerr(ip, "requested hmac output size out of range",
391 "HBYTES HMAC PARAMS");
396 key= get_key(ip, key_obj, alg,
397 alg->blocksize > alg->statesize
398 ? alg->blocksize : alg->statesize);
403 if (key->valuelen > alg->blocksize)
404 return staticerr(ip, "key to hmac longer than hash block size",
405 "HBYTES HMAC PARAMS");
407 memcpy(key->buffers, key->value, key->valuelen);
408 memset(key->buffers + key->valuelen, 0, alg->blocksize - key->valuelen);
409 for (i=0; i<alg->blocksize; i++) key->buffers[i] ^= 0x36;
411 key->alpha= TALLOC(alg->statesize);
412 alg->init(key->alpha);
413 alg->update(key->alpha, key->buffers, alg->blocksize);
415 key->beta= TALLOC(alg->statesize);
416 alg->init(key->beta);
417 for (i=0; i<alg->blocksize; i++) key->buffers[i] ^= (0x5c ^ 0x36);
418 alg->update(key->beta, key->buffers, alg->blocksize);
422 dest= hbytes_arrayspace(result, alg->hashsize);
424 memcpy(key->buffers, key->alpha, alg->statesize);
425 alg->update(key->buffers, hbytes_data(&message), hbytes_len(&message));
426 alg->final(key->buffers, dest);
428 memcpy(key->buffers, key->beta, alg->statesize);
429 alg->update(key->buffers, dest, alg->hashsize);
430 alg->final(key->buffers, dest);
432 hbytes_unappend(result, alg->hashsize - ml);
437 int do_blockcipherop_prop(ClientData cd, Tcl_Interp *ip,
438 const BlockCipherPropInfo *prop,
439 const BlockCipherAlgInfo *alg, int *result) {
440 *result= *(const int*)((const char*)alg + prop->int_offset);
444 int do_hbytes_hash_prop(ClientData cd, Tcl_Interp *ip,
445 const HashAlgPropInfo *prop,
446 const HashAlgInfo *alg, int *result) {
447 *result= *(const int*)((const char*)alg + prop->int_offset);