X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=chiark-tcl.git;a=blobdiff_plain;f=crypto%2Fcrypto.c;h=cf50712979a9beb73d6e2f1477070c164d9a0657;hp=7cc2914c65908d6b681617d0989d36c2bc54ba82;hb=da1c2c3cbb87a600f19e250f93ef9fa4f89844fc;hpb=b845521abfac164a92742f984eafb91d5d7c743d diff --git a/crypto/crypto.c b/crypto/crypto.c index 7cc2914..cf50712 100644 --- a/crypto/crypto.c +++ b/crypto/crypto.c @@ -5,13 +5,8 @@ #include "hbytes.h" #include "tables.h" -#include "serpent.h" -void memxor(Byte *dest, const Byte *src, int l) { - while (l--) *dest++ ^= *src++; -} - -const PadMethod padmethods[]= { +const PadOp padops[]= { { "un", 0, 0 }, { "ua", 0, 1 }, { "pn", 1, 0 }, @@ -19,35 +14,114 @@ const PadMethod padmethods[]= { { 0 } }; -int do_hbytes_pkcs5(ClientData cd, Tcl_Interp *ip, - const PadMethod *meth, HBytes_Var v, Tcl_Obj *block, - int *ok) { - int rc, blocksize, padlen, old_len, i; - Byte *padding; - const Byte *unpad; +typedef struct { + HBytes_Value *hb; + int pad, blocksize; /* 0 or 1 */ +} PadMethodClientData; + +int do_hbytes_pad(ClientData cd, Tcl_Interp *ip, const PadOp *op, + HBytes_Var v, Tcl_Obj *blocksz, const PadMethodInfo *meth, + int methargsc, Tcl_Obj *const *methargsv) { + PadMethodClientData pmcd; + int rc; - if (meth->use_algname) { + if (op->use_algname) { const BlockCipherAlgInfo *alg; - alg= enum_lookup_cached(ip,block,blockcipheralginfos,"cipher alg for pad"); + alg= enum_lookup_cached(ip,blocksz,blockcipheralginfos, + "blockcipher alg for pad"); if (!alg) return TCL_ERROR; - blocksize= alg->blocksize; + pmcd.blocksize= alg->blocksize; } else { - rc= Tcl_GetIntFromObj(ip, block, &blocksize); if (rc) return rc; - if (blocksize < 1 || blocksize > 255) - return staticerr(ip, "block size out of pkcs#5 range 1..255"); + rc= Tcl_GetIntFromObj(ip, blocksz, &pmcd.blocksize); if (rc) return rc; + if (pmcd.blocksize < 1) staticerr(ip, "block size must be at least 1", 0); } - if (meth->pad) { - padlen= blocksize - (hbytes_len(v.hb) % blocksize); - padding= hbytes_append(v.hb, padlen); + pmcd.hb= v.hb; + pmcd.pad= op->pad; + + return meth->func(&pmcd,ip,methargsc,methargsv); +} + +int do_padmethodinfo_rfc2406(ClientData cd, Tcl_Interp *ip, + Tcl_Obj *nxthdr_arg, int *ok) { + const PadMethodClientData *pmcd= (const void*)cd; + int i, rc, padlen, old_len; + + if (pmcd->blocksize > 256) + return staticerr(ip, "block size too large for RFC2406 padding", 0); + + if (pmcd->pad) { + Byte *padding; + HBytes_Value nxthdr; + + rc= pat_hb(ip,nxthdr_arg,&nxthdr); + if (rc) return rc; + + if (hbytes_len(&nxthdr) != 1) return + staticerr(ip, "RFC2406 next header field must be exactly 1 byte", 0); + padlen= pmcd->blocksize-1 - ((hbytes_len(pmcd->hb)+1) % pmcd->blocksize); + padding= hbytes_append(pmcd->hb, padlen+2); + for (i=1; i<=padlen; i++) + *padding++ = i; + *padding++ = padlen; + *padding++ = hbytes_data(&nxthdr)[0]; + *ok= 1; + + } else { + const Byte *padding, *trailer; + HBytes_Value nxthdr; + Tcl_Obj *nxthdr_valobj, *ro; + + *ok= 0; + old_len= hbytes_len(pmcd->hb); if (old_len % pmcd->blocksize) goto quit; + trailer= hbytes_unappend(pmcd->hb, 2); if (!trailer) goto quit; + + padlen= trailer[0]; + hbytes_array(&nxthdr,trailer+1,1); + nxthdr_valobj= ret_hb(ip,nxthdr); + ro= Tcl_ObjSetVar2(ip,nxthdr_arg,0,nxthdr_valobj,TCL_LEAVE_ERR_MSG); + if (!ro) { Tcl_DecrRefCount(nxthdr_valobj); return TCL_ERROR; } + + padding= hbytes_unappend(pmcd->hb, padlen); + for (i=1; i<=padlen; i++) + if (*padding++ != i) goto quit; + + *ok= 1; + + quit:; + + } + + return TCL_OK; +} + +int do_padmethodinfo_pkcs5(ClientData cd, Tcl_Interp *ip, int *ok) { + const PadMethodClientData *pmcd= (const void*)cd; + int padlen, old_len, i; + + if (pmcd->blocksize > 255) + return staticerr(ip, "block size too large for pkcs#5", 0); + + if (pmcd->pad) { + + Byte *padding; + + padlen= pmcd->blocksize - (hbytes_len(pmcd->hb) % pmcd->blocksize); + padding= hbytes_append(pmcd->hb, padlen); memset(padding, padlen, padlen); + } else { - old_len= hbytes_len(v.hb); if (old_len % blocksize) goto bad; - unpad= hbytes_unappend(v.hb, 1); if (!unpad) goto bad; - padlen= *unpad; - if (padlen < 1 || padlen > blocksize) goto bad; - unpad= hbytes_unappend(v.hb, padlen-1); if (!unpad) goto bad; - for (i=0; ihb); if (old_len % pmcd->blocksize) goto bad; + padding= hbytes_unappend(pmcd->hb, 1); if (!padding) goto bad; + padlen= *padding; + if (padlen < 1 || padlen > pmcd->blocksize) goto bad; + padding= hbytes_unappend(pmcd->hb, padlen-1); if (!padding) goto bad; + + for (i=0; ivalue, src->value, src->valuelen); noalg(dup); dup_obj->internalRep.otherValuePtr= dup; + dup_obj->typePtr= &blockcipherkey_type; } static void key_t_ustr(Tcl_Obj *o) { @@ -133,8 +208,8 @@ Tcl_ObjType blockcipherkey_type = { key_t_free, key_t_dup, key_t_ustr, key_t_sfa }; -CiphKeyValue *get_key(Tcl_Interp *ip, Tcl_Obj *key_obj, - const void *alg, int want_bufferslen) { +static CiphKeyValue *get_key(Tcl_Interp *ip, Tcl_Obj *key_obj, + const void *alg, int want_bufferslen) { CiphKeyValue *key; int rc; @@ -155,67 +230,147 @@ CiphKeyValue *get_key(Tcl_Interp *ip, Tcl_Obj *key_obj, return key; } -int do_hbytes_blockcipher(ClientData cd, Tcl_Interp *ip, int encrypt, - HBytes_Var v, const BlockCipherAlgInfo *alg, - Tcl_Obj *key_obj, const BlockCipherModeInfo *mode, - HBytes_Value iv, HBytes_Value *result) { - int rc, want_bufferslen, data_len, iv_want; - CiphKeyValue *key; - const char *failure; +int do_hbytes_blockcipher(ClientData cd, Tcl_Interp *ip, + const BlockCipherOp *op, + int objc, Tcl_Obj *const *objv) { + return op->func((void*)op,ip,objc,objv); +} + +static int blockcipher_prep(Tcl_Interp *ip, Tcl_Obj *key_obj, + const HBytes_Value *iv, int decrypt, + const BlockCipherAlgInfo *alg, + const BlockCipherModeInfo *mode, int data_len, + const CiphKeyValue **key_r, const void **sched_r, + const Byte **iv_r, int *iv_lenbytes_r, + Byte **buffers_r, int *nblocks_r) { void *sched, **schedp; + int want_bufferslen, want_iv; + int rc; + CiphKeyValue *key; + + if (data_len % alg->blocksize) + return staticerr(ip, "block cipher input not whole number of blocks", + "HBYTES BLOCKCIPHER LENGTH"); want_bufferslen= alg->blocksize * (mode->buf_blocks + mode->iv_blocks); - key= get_key(ip, key_obj, alg, want_bufferslen); + key= get_key(ip, key_obj, alg, want_bufferslen); if (!key) return TCL_ERROR; schedp= (alg->decrypt.make_schedule==alg->encrypt.make_schedule - || encrypt) ? &key->alpha : &key->beta; + || !decrypt) ? &key->alpha : &key->beta; sched= *schedp; if (!sched) { - if (key->valuelen < alg->key_min) return staticerr(ip, "key too short"); - if (key->valuelen > alg->key_max) return staticerr(ip, "key too long"); + if (key->valuelen < alg->key_min) + return staticerr(ip, "key too short", "HBYTES BLOCKCIPHER PARAMS"); + if (key->valuelen > alg->key_max) + return staticerr(ip, "key too long", "HBYTES BLOCKCIPHER PARAMS"); sched= TALLOC(alg->schedule_size); - (encrypt ? &alg->encrypt : &alg->decrypt)->make_schedule + (decrypt ? &alg->decrypt : &alg->encrypt)->make_schedule (sched, key->value, key->valuelen); *schedp= sched; } - iv_want= alg->blocksize * mode->iv_blocks; - if (hbytes_issentinel(&iv)) { - if (!encrypt) return staticerr(ip,"must supply iv when decrypting"); - rc= get_urandom(ip, key->buffers, iv_want); + want_iv= alg->blocksize * mode->iv_blocks; + if (!want_iv) { + if (!hbytes_issentinel(iv)) + return staticerr(ip,"iv supplied but mode does not take one", 0); + } else if (hbytes_issentinel(iv)) { + if (decrypt) return staticerr(ip,"must supply iv when decrypting", 0); + rc= get_urandom(ip, key->buffers, want_iv); if (rc) return rc; } else { - int iv_supplied= hbytes_len(&iv); - if (iv_supplied > iv_want) - return staticerr(ip, "iv too large for algorithm and mode"); - memcpy(key->buffers, hbytes_data(&iv), iv_supplied); - memset(key->buffers + iv_supplied, 0, iv_want - iv_supplied); + int iv_supplied= hbytes_len(iv); + if (iv_supplied > want_iv) + return staticerr(ip, "iv too large for algorithm and mode", + "HBYTES BLOCKCIPHER PARAMS"); + memcpy(key->buffers, hbytes_data(iv), iv_supplied); + memset(key->buffers + iv_supplied, 0, want_iv - iv_supplied); } - data_len= hbytes_len(v.hb); - if (data_len % alg->blocksize) - return staticerr(ip, "block cipher input not whole number of blocks"); + *key_r= key; + *sched_r= sched; + + *iv_r= key->buffers; + *iv_lenbytes_r= want_iv; + + *buffers_r= key->buffers + want_iv; + *nblocks_r= data_len / alg->blocksize; + + return TCL_OK; +} + +int do_blockcipherop_d(ClientData cd, Tcl_Interp *ip, + HBytes_Var v, const BlockCipherAlgInfo *alg, + Tcl_Obj *key_obj, const BlockCipherModeInfo *mode, + HBytes_Value iv, HBytes_Value *result) { + return do_blockcipherop_e(cd,ip,v,alg,key_obj,mode,iv,result); +} +int do_blockcipherop_e(ClientData cd, Tcl_Interp *ip, + HBytes_Var v, const BlockCipherAlgInfo *alg, + Tcl_Obj *key_obj, const BlockCipherModeInfo *mode, + HBytes_Value iv, HBytes_Value *result) { + const BlockCipherOp *op= (const void*)cd; + int encrypt= op->encrypt; + int rc, iv_lenbytes; + const CiphKeyValue *key; + const char *failure; + const Byte *ivbuf; + Byte *buffers; + const void *sched; + int nblocks; + + if (!mode->encrypt) + return staticerr(ip, "mode does not support encrypt/decrypt", 0); + + rc= blockcipher_prep(ip,key_obj,&iv,!encrypt, + alg,mode, hbytes_len(v.hb), + &key,&sched, + &ivbuf,&iv_lenbytes, + &buffers,&nblocks); + if (rc) return rc; + failure= (encrypt ? mode->encrypt : mode->decrypt) - (hbytes_data(v.hb), data_len / alg->blocksize, - key->buffers, key->buffers + iv_want, - alg, encrypt, - alg->blocksize, sched); + (hbytes_data(v.hb), nblocks, ivbuf, buffers, alg, encrypt, sched); if (failure) - return staticerr(ip, failure); + return staticerr(ip, failure, "HBYTES BLOCKCIPHER CRYPTFAIL CRYPT"); - hbytes_array(result, key->buffers, iv_want); + hbytes_array(result, ivbuf, iv_lenbytes); return TCL_OK; } -static void dbuf(const char *m, const Byte *a, int l) { - fprintf(stderr,"dbuf %s l=%d ",m,l); - while (l-->0) fprintf(stderr,"%02x",*a++); - putc('\n',stderr); +int do_blockcipherop_mac(ClientData cd, Tcl_Interp *ip, + HBytes_Value msg, const BlockCipherAlgInfo *alg, + Tcl_Obj *key_obj, const BlockCipherModeInfo *mode, + HBytes_Value iv, HBytes_Value *result) { + const CiphKeyValue *key; + const char *failure; + const Byte *ivbuf; + Byte *buffers; + const void *sched; + int nblocks, iv_lenbytes; + int rc; + + if (!mode->mac) + return staticerr(ip, "mode does not support mac generation", 0); + + rc= blockcipher_prep(ip,key_obj,&iv,0, + alg,mode, hbytes_len(&msg), + &key,&sched, + &ivbuf,&iv_lenbytes, + &buffers,&nblocks); + if (rc) return rc; + + failure= mode->mac(hbytes_data(&msg), nblocks, ivbuf, buffers, alg, sched); + if (failure) + return staticerr(ip,failure, "HBYTES BLOCKCIPHER CRYPTFAIL MAC"); + + hbytes_array(result, buffers, alg->blocksize * mode->mac_blocks); + + return TCL_OK; } int do_hbytes_hmac(ClientData cd, Tcl_Interp *ip, const HashAlgInfo *alg, @@ -232,7 +387,8 @@ int do_hbytes_hmac(ClientData cd, Tcl_Interp *ip, const HashAlgInfo *alg, if (maclen_obj) { rc= Tcl_GetIntFromObj(ip, maclen_obj, &ml); if (rc) return rc; if (ml<0 || ml>alg->hashsize) - return staticerr(ip, "requested hmac output size out of range"); + return staticerr(ip, "requested hmac output size out of range", + "HBYTES HMAC PARAMS"); } else { ml= alg->hashsize; } @@ -245,23 +401,21 @@ int do_hbytes_hmac(ClientData cd, Tcl_Interp *ip, const HashAlgInfo *alg, assert(!key->beta); if (key->valuelen > alg->blocksize) - return staticerr(ip, "key to hmac longer than hash block size"); + return staticerr(ip, "key to hmac longer than hash block size", + "HBYTES HMAC PARAMS"); -dbuf("start key",key->value,key->valuelen); memcpy(key->buffers, key->value, key->valuelen); memset(key->buffers + key->valuelen, 0, alg->blocksize - key->valuelen); for (i=0; iblocksize; i++) key->buffers[i] ^= 0x36; key->alpha= TALLOC(alg->statesize); alg->init(key->alpha); -dbuf("inner key",key->buffers,alg->blocksize); alg->update(key->alpha, key->buffers, alg->blocksize); key->beta= TALLOC(alg->statesize); alg->init(key->beta); for (i=0; iblocksize; i++) key->buffers[i] ^= (0x5c ^ 0x36); alg->update(key->beta, key->buffers, alg->blocksize); -dbuf("inner key",key->buffers,alg->blocksize); } assert(key->beta); @@ -270,14 +424,26 @@ dbuf("inner key",key->buffers,alg->blocksize); memcpy(key->buffers, key->alpha, alg->statesize); alg->update(key->buffers, hbytes_data(&message), hbytes_len(&message)); alg->final(key->buffers, dest); -dbuf("inner hash",dest,alg->hashsize); memcpy(key->buffers, key->beta, alg->statesize); alg->update(key->buffers, dest, alg->hashsize); alg->final(key->buffers, dest); -dbuf("outer hash",dest,alg->hashsize); hbytes_unappend(result, alg->hashsize - ml); return TCL_OK; } + +int do_blockcipherop_prop(ClientData cd, Tcl_Interp *ip, + const BlockCipherPropInfo *prop, + const BlockCipherAlgInfo *alg, int *result) { + *result= *(const int*)((const char*)alg + prop->int_offset); + return TCL_OK; +} + +int do_hbytes_hash_prop(ClientData cd, Tcl_Interp *ip, + const HashAlgPropInfo *prop, + const HashAlgInfo *alg, int *result) { + *result= *(const int*)((const char*)alg + prop->int_offset); + return TCL_OK; +}