3 * Definitions for the MGF-1 mask generator
5 * (c) 2000 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Library General Public License as
14 * published by the Free Software Foundation; either version 2 of the
15 * License, or (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb; if not, write to the Free
24 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
28 #ifndef CATACOMB_MGF_DEF_H
29 #define CATACOMB_MGF_DEF_H
35 /*----- Header files ------------------------------------------------------*/
41 #include <mLib/bits.h>
44 #ifndef CATACOMB_ARENA_H
48 #ifndef CATACOMB_GCIPHER_H
52 #ifndef CATACOMB_GRAND_H
56 #ifndef CATACOMB_PARANOIA_H
57 # include "paranoia.h"
60 /*----- Macros ------------------------------------------------------------*/
62 #define MGF_DEF(PRE, pre) \
64 /* --- Useful constants --- */ \
66 const octet pre##_mgfkeysz[] = { KSZ_ANY, PRE##_HASHSZ }; \
68 /* --- @pre_mgfkeybegin@, @pre_mgfkeyadd@ --- * \
70 * Arguments: @pre_mgfctx *k@ = pointer to context to initialize \
71 * @const void *p@ = pointer to data to contribute \
75 * Use: A multi-step keying procedure for initializing an MGF \
76 * context. The data is contributed to a hashing context \
77 * which is then used for mask generation. If you only \
78 * have a fixed buffer, you can save a lot of effort by \
79 * simply calling @pre_mgfinit@. \
82 void pre##_mgfkeybegin(pre##_mgfctx *k) \
89 void pre##_mgfkeyadd(pre##_mgfctx *k, const void *p, size_t sz) \
91 pre##_hash(&k->k, p, sz); \
94 /* ---- @pre_mgfinit@ --- * \
96 * Arguments: @pre_mgfctx *k@ = pointer to context to initialize \
97 * @const void *p@ = pointer to data to contribute \
98 * @size_t sz@ = size of data to contribute \
102 * Use: A simpler interface to initialization if all of your \
103 * keying material is in one place. \
106 void pre##_mgfinit(pre##_mgfctx *k, const void *p, size_t sz) \
111 pre##_hash(&k->k, p, sz); \
114 /* --- @pre_mgfencrypt@ --- * \
116 * Arguments: @pre_mgfctx *k@ = pointer to masking context \
117 * @const void *s@ = pointer to source buffer \
118 * @void *d@ = pointer to destination buffer \
119 * @size_t sz@ = size of buffers \
123 * Use: Outputs pseudorandom data, or masks an input buffer. \
125 * If @s@ is nonzero, the source material is exclusive- \
126 * orred with the generated mask. If @d@ is zero, the \
127 * generator is simply spun around for a while, which \
128 * isn't very useful. \
131 void pre##_mgfencrypt(pre##_mgfctx *k, const void *s, \
132 void *d, size_t sz) \
134 const octet *ss = s; \
137 /* --- Empty the buffer if there's anything there --- */ \
140 const octet *p = k->buf + PRE##_HASHSZ - k->bsz; \
141 size_t n = sz > k->bsz ? k->bsz : sz; \
150 *dd++ = *ss++ ^ *p++; \
157 /* --- While necessary, generate some more mask --- */ \
160 pre##_ctx c = k->k; /* Not quick! */ \
163 STORE32(k->buf, k->c); \
165 pre##_hash(&c, k->buf, 4); \
166 pre##_done(&c, k->buf); \
167 n = sz > PRE##_HASHSZ ? PRE##_HASHSZ : sz; \
168 k->bsz = PRE##_HASHSZ - n; \
171 const octet *p = k->buf; \
177 *dd++ = *ss++ ^ *p++; \
185 /* --- @pre_mgfsetindex@ --- * \
187 * Arguments: @pre_mgfctx *k@ = pointer to masking context \
188 * @uint32 *c@ = new index to set \
192 * Use: Sets a new index. This may be used to step around the \
193 * output stream in a rather crude way. \
196 void pre##_mgfsetindex(pre##_mgfctx *k, uint32 c) \
202 /* --- Generic cipher interface --- */ \
204 static const gcipher_ops gops; \
206 typedef struct gctx { \
211 static gcipher *ginit(const void *k, size_t sz) \
213 gctx *g = S_CREATE(gctx); \
215 pre##_mgfinit(&g->k, k, sz); \
219 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
221 gctx *g = (gctx *)c; \
222 pre##_mgfencrypt(&g->k, s, t, sz); \
225 static void gdestroy(gcipher *c) \
227 gctx *g = (gctx *)c; \
232 static const gcipher_ops gops = { \
234 gencrypt, gencrypt, gdestroy, 0, 0 \
237 const gccipher pre##_mgf = { \
238 #pre "-mgf", pre##_mgfkeysz, 0, \
242 /* --- Generic random number generator interface --- */ \
244 typedef struct grctx { \
249 static void grdestroy(grand *r) \
251 grctx *g = (grctx *)r; \
256 static int grmisc(grand *r, unsigned op, ...) \
258 grctx *g = (grctx *)r; \
265 switch (va_arg(ap, unsigned)) { \
267 case GRAND_SEEDINT: \
268 case GRAND_SEEDUINT32: \
269 case GRAND_SEEDBLOCK: \
270 case GRAND_SEEDRAND: \
278 case GRAND_SEEDINT: \
279 pre##_mgfsetindex(&g->k, va_arg(ap, unsigned)); \
281 case GRAND_SEEDUINT32: \
282 pre##_mgfsetindex(&g->k, va_arg(ap, uint32)); \
284 case GRAND_SEEDBLOCK: { \
285 const void *p = va_arg(ap, const void *); \
286 size_t sz = va_arg(ap, size_t); \
287 pre##_hash(&g->k.k, p, sz); \
289 case GRAND_SEEDRAND: { \
290 octet buf[PRE##_BUFSZ]; \
291 grand *rr = va_arg(ap, grand *); \
292 rr->ops->fill(rr, buf, sizeof(buf)); \
293 pre##_hash(&g->k.k, buf, sizeof(buf)); \
304 static octet grbyte(grand *r) \
306 grctx *g = (grctx *)r; \
308 pre##_mgfencrypt(&g->k, 0, &o, 1); \
312 static uint32 grword(grand *r) \
314 grctx *g = (grctx *)r; \
316 pre##_mgfencrypt(&g->k, 0, b, sizeof(b)); \
317 return (LOAD32(b)); \
320 static void grfill(grand *r, void *p, size_t sz) \
322 grctx *g = (grctx *)r; \
323 pre##_mgfencrypt(&g->k, 0, p, sz); \
326 static const grand_ops grops = { \
330 grword, grbyte, grword, grand_defaultrange, grfill \
333 /* --- @pre_mgfrand@ --- * \
335 * Arguments: @const void *k@ = pointer to key material \
336 * @size_t sz@ = size of key material \
338 * Returns: Pointer to a generic random number generator instance. \
340 * Use: Creates a random number interface wrapper around an \
341 * MGF-1-mode hash function. \
344 extern grand *pre##_mgfrand(const void *k, size_t sz) \
346 grctx *g = S_CREATE(grctx); \
348 pre##_mgfinit(&g->k, k, sz); \
354 /*----- Test rig ----------------------------------------------------------*/
360 #include "daftstory.h"
362 /* --- @MGF_TEST@ --- *
364 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
366 * Use: Standard test rig for MGF functions.
369 #define MGF_TEST(PRE, pre) \
371 /* --- Initial plaintext for the test --- */ \
373 static const octet text[] = TEXT; \
375 /* --- Key and IV to use --- */ \
377 static const octet key[] = KEY; \
379 /* --- Buffers for encryption and decryption output --- */ \
381 static octet ct[sizeof(text)]; \
382 static octet pt[sizeof(text)]; \
384 static void hexdump(const octet *p, size_t sz) \
386 const octet *q = p + sz; \
387 for (sz = 0; p < q; p++, sz++) { \
388 printf("%02x", *p); \
389 if ((sz + 1) % PRE##_HASHSZ == 0) \
396 size_t sz = 0, rest; \
401 size_t keysz = strlen((const char *)key); \
403 fputs(#pre "-mgf: ", stdout); \
405 pre##_mgfinit(&ctx, key, keysz); \
407 while (sz <= sizeof(text)) { \
408 rest = sizeof(text) - sz; \
409 memcpy(ct, text, sizeof(text)); \
410 pre##_mgfsetindex(&ctx, 0); \
411 pre##_mgfencrypt(&ctx, ct, ct, sz); \
412 pre##_mgfencrypt(&ctx, ct + sz, ct + sz, rest); \
413 memcpy(pt, ct, sizeof(text)); \
414 pre##_mgfsetindex(&ctx, 0); \
415 pre##_mgfencrypt(&ctx, pt, pt, rest); \
416 pre##_mgfencrypt(&ctx, pt + rest, pt + rest, sz); \
417 if (memcmp(pt, text, sizeof(text)) == 0) { \
419 if (sizeof(text) < 40 || done % 8 == 0) \
420 fputc('.', stdout); \
421 if (done % 480 == 0) \
422 fputs("\n\t", stdout); \
425 printf("\nError (sz = %lu)\n", (unsigned long)sz); \
427 printf("\tplaintext = "); hexdump(text, sz); \
428 printf(", "); hexdump(text + sz, rest); \
429 fputc('\n', stdout); \
430 printf("\tciphertext = "); hexdump(ct, sz); \
431 printf(", "); hexdump(ct + sz, rest); \
432 fputc('\n', stdout); \
433 printf("\trecovered text = "); hexdump(pt, sz); \
434 printf(", "); hexdump(pt + sz, rest); \
435 fputc('\n', stdout); \
436 fputc('\n', stdout); \
444 fputs(status ? " failed\n" : " ok\n", stdout); \
449 # define MGF_TEST(PRE, pre)
452 /*----- That's all, folks -------------------------------------------------*/
~mdw / catacomb / blob