3 * Definitions for the MGF-1 mask generator
5 * (c) 2000 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Library General Public License as
14 * published by the Free Software Foundation; either version 2 of the
15 * License, or (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb; if not, write to the Free
24 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
28 #ifndef CATACOMB_MGF_DEF_H
29 #define CATACOMB_MGF_DEF_H
35 /*----- Header files ------------------------------------------------------*/
41 #include <mLib/bits.h>
44 #ifndef CATACOMB_ARENA_H
48 #ifndef CATACOMB_GCIPHER_H
52 #ifndef CATACOMB_GRAND_H
56 #ifndef CATACOMB_PARANOIA_H
57 # include "paranoia.h"
60 /*----- Macros ------------------------------------------------------------*/
62 #define MGF_DEF(PRE, pre) MGF_DEFX(PRE, pre, #pre, #pre)
64 #define MGF_DEFX(PRE, pre, name, fname) \
66 /* --- Useful constants --- */ \
68 const octet pre##_mgfkeysz[] = { KSZ_ANY, PRE##_HASHSZ }; \
70 /* --- @pre_mgfkeybegin@, @pre_mgfkeyadd@ --- * \
72 * Arguments: @pre_mgfctx *k@ = pointer to context to initialize \
73 * @const void *p@ = pointer to data to contribute \
77 * Use: A multi-step keying procedure for initializing an MGF \
78 * context. The data is contributed to a hashing context \
79 * which is then used for mask generation. If you only \
80 * have a fixed buffer, you can save a lot of effort by \
81 * simply calling @pre_mgfinit@. \
84 void pre##_mgfkeybegin(pre##_mgfctx *k) \
91 void pre##_mgfkeyadd(pre##_mgfctx *k, const void *p, size_t sz) \
93 pre##_hash(&k->k, p, sz); \
96 /* ---- @pre_mgfinit@ --- * \
98 * Arguments: @pre_mgfctx *k@ = pointer to context to initialize \
99 * @const void *p@ = pointer to data to contribute \
100 * @size_t sz@ = size of data to contribute \
104 * Use: A simpler interface to initialization if all of your \
105 * keying material is in one place. \
108 void pre##_mgfinit(pre##_mgfctx *k, const void *p, size_t sz) \
113 pre##_hash(&k->k, p, sz); \
116 /* --- @pre_mgfencrypt@ --- * \
118 * Arguments: @pre_mgfctx *k@ = pointer to masking context \
119 * @const void *s@ = pointer to source buffer \
120 * @void *d@ = pointer to destination buffer \
121 * @size_t sz@ = size of buffers \
125 * Use: Outputs pseudorandom data, or masks an input buffer. \
127 * If @s@ is nonzero, the source material is exclusive- \
128 * orred with the generated mask. If @d@ is zero, the \
129 * generator is simply spun around for a while, which \
130 * isn't very useful. \
133 void pre##_mgfencrypt(pre##_mgfctx *k, const void *s, \
134 void *d, size_t sz) \
136 const octet *ss = s; \
139 /* --- Empty the buffer if there's anything there --- */ \
142 const octet *p = k->buf + PRE##_HASHSZ - k->bsz; \
143 size_t n = sz > k->bsz ? k->bsz : sz; \
152 *dd++ = *ss++ ^ *p++; \
159 /* --- While necessary, generate some more mask --- */ \
162 pre##_ctx c = k->k; /* Not quick! */ \
165 STORE32(k->buf, k->c); \
167 pre##_hash(&c, k->buf, 4); \
168 pre##_done(&c, k->buf); \
169 n = sz > PRE##_HASHSZ ? PRE##_HASHSZ : sz; \
170 k->bsz = PRE##_HASHSZ - n; \
173 const octet *p = k->buf; \
179 *dd++ = *ss++ ^ *p++; \
187 /* --- @pre_mgfsetindex@ --- * \
189 * Arguments: @pre_mgfctx *k@ = pointer to masking context \
190 * @uint32 *c@ = new index to set \
194 * Use: Sets a new index. This may be used to step around the \
195 * output stream in a rather crude way. \
198 void pre##_mgfsetindex(pre##_mgfctx *k, uint32 c) \
204 /* --- Generic cipher interface --- */ \
206 static const gcipher_ops gops; \
208 typedef struct gctx { \
213 static gcipher *ginit(const void *k, size_t sz) \
215 gctx *g = S_CREATE(gctx); \
217 pre##_mgfinit(&g->k, k, sz); \
221 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
223 gctx *g = (gctx *)c; \
224 pre##_mgfencrypt(&g->k, s, t, sz); \
227 static void gdestroy(gcipher *c) \
229 gctx *g = (gctx *)c; \
234 static const gcipher_ops gops = { \
236 gencrypt, gencrypt, gdestroy, 0, 0 \
239 const gccipher pre##_mgf = { \
240 name "-mgf", pre##_mgfkeysz, 0, \
244 /* --- Generic random number generator interface --- */ \
246 typedef struct grctx { \
251 static void grdestroy(grand *r) \
253 grctx *g = (grctx *)r; \
258 static int grmisc(grand *r, unsigned op, ...) \
260 grctx *g = (grctx *)r; \
267 switch (va_arg(ap, unsigned)) { \
269 case GRAND_SEEDINT: \
270 case GRAND_SEEDUINT32: \
271 case GRAND_SEEDBLOCK: \
272 case GRAND_SEEDRAND: \
280 case GRAND_SEEDINT: \
281 pre##_mgfsetindex(&g->k, va_arg(ap, unsigned)); \
283 case GRAND_SEEDUINT32: \
284 pre##_mgfsetindex(&g->k, va_arg(ap, uint32)); \
286 case GRAND_SEEDBLOCK: { \
287 const void *p = va_arg(ap, const void *); \
288 size_t sz = va_arg(ap, size_t); \
289 pre##_hash(&g->k.k, p, sz); \
291 case GRAND_SEEDRAND: { \
292 octet buf[PRE##_BUFSZ]; \
293 grand *rr = va_arg(ap, grand *); \
294 rr->ops->fill(rr, buf, sizeof(buf)); \
295 pre##_hash(&g->k.k, buf, sizeof(buf)); \
306 static octet grbyte(grand *r) \
308 grctx *g = (grctx *)r; \
310 pre##_mgfencrypt(&g->k, 0, &o, 1); \
314 static uint32 grword(grand *r) \
316 grctx *g = (grctx *)r; \
318 pre##_mgfencrypt(&g->k, 0, b, sizeof(b)); \
319 return (LOAD32(b)); \
322 static void grfill(grand *r, void *p, size_t sz) \
324 grctx *g = (grctx *)r; \
325 pre##_mgfencrypt(&g->k, 0, p, sz); \
328 static const grand_ops grops = { \
332 grword, grbyte, grword, grand_defaultrange, grfill \
335 /* --- @pre_mgfrand@ --- * \
337 * Arguments: @const void *k@ = pointer to key material \
338 * @size_t sz@ = size of key material \
340 * Returns: Pointer to a generic random number generator instance. \
342 * Use: Creates a random number interface wrapper around an \
343 * MGF-1-mode hash function. \
346 extern grand *pre##_mgfrand(const void *k, size_t sz) \
348 grctx *g = S_CREATE(grctx); \
350 pre##_mgfinit(&g->k, k, sz); \
354 MGF_TESTX(PRE, pre, name, fname)
356 /*----- Test rig ----------------------------------------------------------*/
358 #define MGF_TEST(PRE, pre) MGF_TESTX(PRE, pre, #pre, #pre)
364 #include "daftstory.h"
366 /* --- @MGF_TEST@ --- *
368 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
370 * Use: Standard test rig for MGF functions.
373 #define MGF_TESTX(PRE, pre, name, fname) \
375 /* --- Initial plaintext for the test --- */ \
377 static const octet text[] = TEXT; \
379 /* --- Key and IV to use --- */ \
381 static const octet key[] = KEY; \
383 /* --- Buffers for encryption and decryption output --- */ \
385 static octet ct[sizeof(text)]; \
386 static octet pt[sizeof(text)]; \
388 static void hexdump(const octet *p, size_t sz) \
390 const octet *q = p + sz; \
391 for (sz = 0; p < q; p++, sz++) { \
392 printf("%02x", *p); \
393 if ((sz + 1) % PRE##_HASHSZ == 0) \
400 size_t sz = 0, rest; \
405 size_t keysz = strlen((const char *)key); \
407 fputs(name "-mgf: ", stdout); \
409 pre##_mgfinit(&ctx, key, keysz); \
411 while (sz <= sizeof(text)) { \
412 rest = sizeof(text) - sz; \
413 memcpy(ct, text, sizeof(text)); \
414 pre##_mgfsetindex(&ctx, 0); \
415 pre##_mgfencrypt(&ctx, ct, ct, sz); \
416 pre##_mgfencrypt(&ctx, ct + sz, ct + sz, rest); \
417 memcpy(pt, ct, sizeof(text)); \
418 pre##_mgfsetindex(&ctx, 0); \
419 pre##_mgfencrypt(&ctx, pt, pt, rest); \
420 pre##_mgfencrypt(&ctx, pt + rest, pt + rest, sz); \
421 if (memcmp(pt, text, sizeof(text)) == 0) { \
423 if (sizeof(text) < 40 || done % 8 == 0) \
424 fputc('.', stdout); \
425 if (done % 480 == 0) \
426 fputs("\n\t", stdout); \
429 printf("\nError (sz = %lu)\n", (unsigned long)sz); \
431 printf("\tplaintext = "); hexdump(text, sz); \
432 printf(", "); hexdump(text + sz, rest); \
433 fputc('\n', stdout); \
434 printf("\tciphertext = "); hexdump(ct, sz); \
435 printf(", "); hexdump(ct + sz, rest); \
436 fputc('\n', stdout); \
437 printf("\trecovered text = "); hexdump(pt, sz); \
438 printf(", "); hexdump(pt + sz, rest); \
439 fputc('\n', stdout); \
440 fputc('\n', stdout); \
448 fputs(status ? " failed\n" : " ok\n", stdout); \
453 # define MGF_TESTX(PRE, pre, name, fname)
456 /*----- That's all, folks -------------------------------------------------*/
~mdw / catacomb / blob