X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=chiark-tcl.git;a=blobdiff_plain;f=crypto%2Fcrypto.c;fp=crypto%2Fcrypto.c;h=1fc1f8336bfe65cf14b5934987ac11c0f7d1ba93;hp=457dc9e37f242178a55b13acea3732199b7d8546;hb=f9ddca2f19d966e0d64d5bc6de023dbc3764552c;hpb=743de63e7b3214a5abc748ec0fa90160b6983551 diff --git a/crypto/crypto.c b/crypto/crypto.c index 457dc9e..1fc1f83 100644 --- a/crypto/crypto.c +++ b/crypto/crypto.c @@ -34,7 +34,7 @@ int do_hbytes_pkcs5(ClientData cd, Tcl_Interp *ip, } else { rc= Tcl_GetIntFromObj(ip, block, &blocksize); if (rc) return rc; if (blocksize < 1 || blocksize > 255) - return staticerr(ip, "block size out of pkcs#5 range 1..255"); + return staticerr(ip, "block size out of pkcs#5 range 1..255", 0); } if (meth->pad) { @@ -175,7 +175,8 @@ static int blockcipher_prep(Tcl_Interp *ip, Tcl_Obj *key_obj, CiphKeyValue *key; if (data_len % alg->blocksize) - return staticerr(ip, "block cipher input not whole number of blocks"); + return staticerr(ip, "block cipher input not whole number of blocks", + "HBYTES BLOCKCIPHER LENGTH"); want_bufferslen= alg->blocksize * (mode->buf_blocks + mode->iv_blocks); key= get_key(ip, key_obj, alg, want_bufferslen); if (!key) return TCL_ERROR; @@ -184,8 +185,10 @@ static int blockcipher_prep(Tcl_Interp *ip, Tcl_Obj *key_obj, || !decrypt) ? &key->alpha : &key->beta; sched= *schedp; if (!sched) { - if (key->valuelen < alg->key_min) return staticerr(ip, "key too short"); - if (key->valuelen > alg->key_max) return staticerr(ip, "key too long"); + if (key->valuelen < alg->key_min) + return staticerr(ip, "key too short", "HBYTES BLOCKCIPHER PARAMS"); + if (key->valuelen > alg->key_max) + return staticerr(ip, "key too long", "HBYTES BLOCKCIPHER PARAMS"); sched= TALLOC(alg->schedule_size); (decrypt ? &alg->decrypt : &alg->encrypt)->make_schedule @@ -196,15 +199,16 @@ static int blockcipher_prep(Tcl_Interp *ip, Tcl_Obj *key_obj, want_iv= alg->blocksize * mode->iv_blocks; if (!want_iv) { if (!hbytes_issentinel(iv)) - return staticerr(ip,"iv supplied but mode does not take one"); + return staticerr(ip,"iv supplied but mode does not take one", 0); } else if (hbytes_issentinel(iv)) { - if (decrypt) return staticerr(ip,"must supply iv when decrypting"); + if (decrypt) return staticerr(ip,"must supply iv when decrypting", 0); rc= get_urandom(ip, key->buffers, want_iv); if (rc) return rc; } else { int iv_supplied= hbytes_len(iv); if (iv_supplied > want_iv) - return staticerr(ip, "iv too large for algorithm and mode"); + return staticerr(ip, "iv too large for algorithm and mode", + "HBYTES BLOCKCIPHER PARAMS"); memcpy(key->buffers, hbytes_data(iv), iv_supplied); memset(key->buffers + iv_supplied, 0, want_iv - iv_supplied); } @@ -243,7 +247,7 @@ int do_blockcipherop_e(ClientData cd, Tcl_Interp *ip, int nblocks; if (!mode->encrypt) - return staticerr(ip, "mode does not support encrypt/decrypt"); + return staticerr(ip, "mode does not support encrypt/decrypt", 0); rc= blockcipher_prep(ip,key_obj,&iv,!encrypt, alg,mode, hbytes_len(v.hb), @@ -257,7 +261,7 @@ int do_blockcipherop_e(ClientData cd, Tcl_Interp *ip, (hbytes_data(v.hb), nblocks, ivbuf, buffers, alg, encrypt, sched); if (failure) - return staticerr(ip, failure); + return staticerr(ip, failure, "HBYTES BLOCKCIPHER CRYPTFAIL CRYPT"); hbytes_array(result, ivbuf, iv_lenbytes); @@ -277,7 +281,7 @@ int do_blockcipherop_mac(ClientData cd, Tcl_Interp *ip, int rc; if (!mode->mac) - return staticerr(ip, "mode does not support mac generation"); + return staticerr(ip, "mode does not support mac generation", 0); rc= blockcipher_prep(ip,key_obj,&iv,0, alg,mode, hbytes_len(&msg), @@ -288,19 +292,13 @@ int do_blockcipherop_mac(ClientData cd, Tcl_Interp *ip, failure= mode->mac(hbytes_data(&msg), nblocks, ivbuf, buffers, alg, sched); if (failure) - return staticerr(ip,failure); + return staticerr(ip,failure, "HBYTES BLOCKCIPHER CRYPTFAIL MAC"); hbytes_array(result, buffers, alg->blocksize * mode->mac_blocks); return TCL_OK; } -static void dbuf(const char *m, const Byte *a, int l) { - fprintf(stderr,"dbuf %s l=%d ",m,l); - while (l-->0) fprintf(stderr,"%02x",*a++); - putc('\n',stderr); -} - int do_hbytes_hmac(ClientData cd, Tcl_Interp *ip, const HashAlgInfo *alg, HBytes_Value message, Tcl_Obj *key_obj, Tcl_Obj *maclen_obj, HBytes_Value *result) { @@ -315,7 +313,8 @@ int do_hbytes_hmac(ClientData cd, Tcl_Interp *ip, const HashAlgInfo *alg, if (maclen_obj) { rc= Tcl_GetIntFromObj(ip, maclen_obj, &ml); if (rc) return rc; if (ml<0 || ml>alg->hashsize) - return staticerr(ip, "requested hmac output size out of range"); + return staticerr(ip, "requested hmac output size out of range", + "HBYTES HMAC PARAMS"); } else { ml= alg->hashsize; } @@ -328,23 +327,21 @@ int do_hbytes_hmac(ClientData cd, Tcl_Interp *ip, const HashAlgInfo *alg, assert(!key->beta); if (key->valuelen > alg->blocksize) - return staticerr(ip, "key to hmac longer than hash block size"); + return staticerr(ip, "key to hmac longer than hash block size", + "HBYTES HMAC PARAMS"); -dbuf("start key",key->value,key->valuelen); memcpy(key->buffers, key->value, key->valuelen); memset(key->buffers + key->valuelen, 0, alg->blocksize - key->valuelen); for (i=0; iblocksize; i++) key->buffers[i] ^= 0x36; key->alpha= TALLOC(alg->statesize); alg->init(key->alpha); -dbuf("inner key",key->buffers,alg->blocksize); alg->update(key->alpha, key->buffers, alg->blocksize); key->beta= TALLOC(alg->statesize); alg->init(key->beta); for (i=0; iblocksize; i++) key->buffers[i] ^= (0x5c ^ 0x36); alg->update(key->beta, key->buffers, alg->blocksize); -dbuf("inner key",key->buffers,alg->blocksize); } assert(key->beta); @@ -353,12 +350,10 @@ dbuf("inner key",key->buffers,alg->blocksize); memcpy(key->buffers, key->alpha, alg->statesize); alg->update(key->buffers, hbytes_data(&message), hbytes_len(&message)); alg->final(key->buffers, dest); -dbuf("inner hash",dest,alg->hashsize); memcpy(key->buffers, key->beta, alg->statesize); alg->update(key->buffers, dest, alg->hashsize); alg->final(key->buffers, dest); -dbuf("outer hash",dest,alg->hashsize); hbytes_unappend(result, alg->hashsize - ml);