3 * $Id: mgf-def.h,v 1.1 2000/06/17 11:33:11 mdw Exp $
5 * Definitions for the MGF-1 mask generator
7 * (c) 2000 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.1 2000/06/17 11:33:11 mdw
34 * MGF-1 support, as defined in PKCS#1.
38 #ifndef CATACOMB_MGF_DEF_H
39 #define CATACOMB_MGF_DEF_H
45 /*----- Header files ------------------------------------------------------*/
51 #include <mLib/bits.h>
54 #ifndef CATACOMB_ARENA_H
58 #ifndef CATACOMB_GCIPHER_H
62 #ifndef CATACOMB_GRAND_H
66 #ifndef CATACOMB_PARANOIA_H
67 # include "paranoia.h"
70 /*----- Macros ------------------------------------------------------------*/
72 #define MGF_DEF(PRE, pre) \
74 /* --- Useful constants --- */ \
76 const octet pre##_mgfkeysz[] = { KSZ_ANY, PRE##_HASHSZ }; \
78 /* --- @pre_mgfkeybegin@, @pre_mgfkeyadd@ --- * \
80 * Arguments: @pre_mgfctx *k@ = pointer to context to initialize \
81 * @const void *p@ = pointer to data to contribute \
85 * Use: A multi-step keying procedure for initializing an MGF \
86 * context. The data is contributed to a hashing context \
87 * which is then used for mask generation. If you only \
88 * have a fixed buffer, you can save a lot of effort by \
89 * simply calling @pre_mgfinit@. \
92 void pre##_mgfkeybegin(pre##_mgfctx *k) \
99 void pre##_mgfkeyadd(pre##_mgfctx *k, const void *p, size_t sz) \
101 pre##_hash(&k->k, p, sz); \
104 /* ---- @pre_mgfinit@ --- * \
106 * Arguments: @pre_mgfctx *k@ = pointer to context to initialize \
107 * @const void *p@ = pointer to data to contribute \
108 * @size_t sz@ = size of data to contribute \
112 * Use: A simpler interface to initialization if all of your \
113 * keying material is in one place. \
116 void pre##_mgfinit(pre##_mgfctx *k, const void *p, size_t sz) \
121 pre##_hash(&k->k, p, sz); \
124 /* --- @pre_mgfencrypt@ --- * \
126 * Arguments: @pre_mgfctx *k@ = pointer to masking context \
127 * @const void *s@ = pointer to source buffer \
128 * @void *d@ = pointer to destination buffer \
129 * @size_t sz@ = size of buffers \
133 * Use: Outputs pseudorandom data, or masks an input buffer. \
135 * If @s@ is nonzero, the source material is exclusive- \
136 * orred with the generated mask. If @d@ is zero, the \
137 * generator is simply spun around for a while, which \
138 * isn't very useful. \
141 void pre##_mgfencrypt(pre##_mgfctx *k, const void *s, \
142 void *d, size_t sz) \
144 const octet *ss = s; \
147 /* --- Empty the buffer if there's anything there --- */ \
150 const octet *p = k->buf + PRE##_HASHSZ - k->bsz; \
151 size_t n = sz > k->bsz ? k->bsz : sz; \
160 *dd++ = *ss++ ^ *p++; \
167 /* --- While necessary, generate some more mask --- */ \
170 pre##_ctx c = k->k; /* Not quick! */ \
173 STORE32(k->buf, k->c); \
175 pre##_hash(&c, k->buf, 4); \
176 pre##_done(&c, k->buf); \
177 n = sz > PRE##_HASHSZ ? PRE##_HASHSZ : sz; \
178 k->bsz = PRE##_HASHSZ - n; \
181 const octet *p = k->buf; \
187 *dd++ = *ss++ ^ *p++; \
195 /* --- @pre_mgfsetindex@ --- * \
197 * Arguments: @pre_mgfctx *k@ = pointer to masking context \
198 * @uint32 *c@ = new index to set \
202 * Use: Sets a new index. This may be used to step around the \
203 * output stream in a rather crude way. \
206 void pre##_mgfsetindex(pre##_mgfctx *k, uint32 c) \
212 /* --- Generic cipher interface --- */ \
214 static const gcipher_ops gops; \
216 typedef struct gctx { \
221 static gcipher *ginit(const void *k, size_t sz) \
223 gctx *g = S_CREATE(gctx); \
225 pre##_mgfinit(&g->k, k, sz); \
229 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
231 gctx *g = (gctx *)c; \
232 pre##_mgfencrypt(&g->k, s, t, sz); \
235 static void gdestroy(gcipher *c) \
237 gctx *g = (gctx *)c; \
242 static const gcipher_ops gops = { \
244 gencrypt, gencrypt, gdestroy, 0, 0 \
247 const gccipher pre##_mgf = { \
248 #pre "-mgf", pre##_mgfkeysz, 0, \
252 /* --- Generic random number generator interface --- */ \
254 typedef struct grctx { \
259 static void grdestroy(grand *r) \
261 grctx *g = (grctx *)r; \
266 static int grmisc(grand *r, unsigned op, ...) \
268 grctx *g = (grctx *)r; \
275 switch (va_arg(ap, unsigned)) { \
277 case GRAND_SEEDINT: \
278 case GRAND_SEEDUINT32: \
279 case GRAND_SEEDBLOCK: \
280 case GRAND_SEEDRAND: \
288 case GRAND_SEEDINT: \
289 pre##_mgfsetindex(&g->k, va_arg(ap, unsigned)); \
291 case GRAND_SEEDUINT32: \
292 pre##_mgfsetindex(&g->k, va_arg(ap, uint32)); \
294 case GRAND_SEEDBLOCK: { \
295 const void *p = va_arg(ap, const void *); \
296 size_t sz = va_arg(ap, size_t); \
297 pre##_hash(&g->k.k, p, sz); \
299 case GRAND_SEEDRAND: { \
300 octet buf[PRE##_BUFSZ]; \
301 grand *rr = va_arg(ap, grand *); \
302 rr->ops->fill(rr, buf, sizeof(buf)); \
303 pre##_hash(&g->k.k, buf, sizeof(buf)); \
314 static octet grbyte(grand *r) \
316 grctx *g = (grctx *)r; \
318 pre##_mgfencrypt(&g->k, 0, &o, 1); \
322 static uint32 grword(grand *r) \
324 grctx *g = (grctx *)r; \
326 pre##_mgfencrypt(&g->k, 0, b, sizeof(b)); \
327 return (LOAD32(b)); \
330 static void grfill(grand *r, void *p, size_t sz) \
332 grctx *g = (grctx *)r; \
333 pre##_mgfencrypt(&g->k, 0, p, sz); \
336 static const grand_ops grops = { \
340 grword, grbyte, grword, grand_range, grfill \
343 /* --- @pre_mgfrand@ --- * \
345 * Arguments: @const void *k@ = pointer to key material \
346 * @size_t sz@ = size of key material \
348 * Returns: Pointer to a generic random number generator instance. \
350 * Use: Creates a random number interface wrapper around an \
351 * MGF-1-mode hash function. \
354 extern grand *pre##_mgfrand(const void *k, size_t sz) \
356 grctx *g = S_CREATE(grctx); \
358 pre##_mgfinit(&g->k, k, sz); \
364 /*----- Test rig ----------------------------------------------------------*/
370 #include "daftstory.h"
372 /* --- @MGF_TEST@ --- *
374 * Arguments: @PRE@, @pre@ = prefixes for block cipher definitions
376 * Use: Standard test rig for MGF functions.
379 #define MGF_TEST(PRE, pre) \
381 /* --- Initial plaintext for the test --- */ \
383 static const octet text[] = TEXT; \
385 /* --- Key and IV to use --- */ \
387 static const octet key[] = KEY; \
389 /* --- Buffers for encryption and decryption output --- */ \
391 static octet ct[sizeof(text)]; \
392 static octet pt[sizeof(text)]; \
394 static void hexdump(const octet *p, size_t sz) \
396 const octet *q = p + sz; \
397 for (sz = 0; p < q; p++, sz++) { \
398 printf("%02x", *p); \
399 if ((sz + 1) % PRE##_HASHSZ == 0) \
406 size_t sz = 0, rest; \
411 size_t keysz = strlen((const char *)key); \
413 fputs(#pre "-mgf: ", stdout); \
415 pre##_mgfinit(&ctx, key, keysz); \
417 while (sz <= sizeof(text)) { \
418 rest = sizeof(text) - sz; \
419 memcpy(ct, text, sizeof(text)); \
420 pre##_mgfsetindex(&ctx, 0); \
421 pre##_mgfencrypt(&ctx, ct, ct, sz); \
422 pre##_mgfencrypt(&ctx, ct + sz, ct + sz, rest); \
423 memcpy(pt, ct, sizeof(text)); \
424 pre##_mgfsetindex(&ctx, 0); \
425 pre##_mgfencrypt(&ctx, pt, pt, rest); \
426 pre##_mgfencrypt(&ctx, pt + rest, pt + rest, sz); \
427 if (memcmp(pt, text, sizeof(text)) == 0) { \
429 if (sizeof(text) < 40 || done % 8 == 0) \
430 fputc('.', stdout); \
431 if (done % 480 == 0) \
432 fputs("\n\t", stdout); \
435 printf("\nError (sz = %lu)\n", (unsigned long)sz); \
437 printf("\tplaintext = "); hexdump(text, sz); \
438 printf(", "); hexdump(text + sz, rest); \
439 fputc('\n', stdout); \
440 printf("\tciphertext = "); hexdump(ct, sz); \
441 printf(", "); hexdump(ct + sz, rest); \
442 fputc('\n', stdout); \
443 printf("\trecovered text = "); hexdump(pt, sz); \
444 printf(", "); hexdump(pt + sz, rest); \
445 fputc('\n', stdout); \
446 fputc('\n', stdout); \
454 fputs(status ? " failed\n" : " ok\n", stdout); \
459 # define MGF_TEST(PRE, pre)
462 /*----- That's all, folks -------------------------------------------------*/
~mdw / catacomb / blob