diff options
Diffstat (limited to 'cipher')
| -rw-r--r-- | cipher/Makefile.am | 28 | ||||
| -rw-r--r-- | cipher/Makefile.in | 264 | ||||
| -rw-r--r-- | cipher/blowfish.c | 522 | ||||
| -rw-r--r-- | cipher/blowfish.h | 51 | ||||
| -rw-r--r-- | cipher/elgamal.c | 61 | ||||
| -rw-r--r-- | cipher/elgamal.h | 45 | ||||
| -rw-r--r-- | cipher/gost.c | 309 | ||||
| -rw-r--r-- | cipher/gost.h | 46 | ||||
| -rw-r--r-- | cipher/idea.c | 352 | ||||
| -rw-r--r-- | cipher/idea.h | 51 | ||||
| -rw-r--r-- | cipher/md5.c | 420 | ||||
| -rw-r--r-- | cipher/md5.h | 44 | ||||
| -rw-r--r-- | cipher/primegen.c | 152 | ||||
| -rw-r--r-- | cipher/random.c | 67 | ||||
| -rw-r--r-- | cipher/rmd.h | 51 | ||||
| -rw-r--r-- | cipher/rmd160.c | 375 | ||||
| -rw-r--r-- | cipher/rmd160test.c | 63 | ||||
| -rw-r--r-- | cipher/rsa.c | 191 | ||||
| -rw-r--r-- | cipher/rsa.h | 53 | ||||
| -rw-r--r-- | cipher/smallprime.c | 114 |
20 files changed, 3259 insertions, 0 deletions
diff --git a/cipher/Makefile.am b/cipher/Makefile.am new file mode 100644 index 000000000..8a543e380 --- /dev/null +++ b/cipher/Makefile.am @@ -0,0 +1,28 @@ +## Process this file with automake to produce Makefile.in + +INCLUDES = -I$(top_srcdir)/include + +noinst_LIBRARIES = cipher + + +cipher_SOURCES = blowfish.c \ + blowfish.h \ + elgamal.c \ + elgamal.h \ + gost.c \ + gost.h \ + idea.c \ + idea.h \ + md5.c \ + md5.h \ + primegen.c \ + random.c \ + ripemd.h \ + rmd.h \ + rmd160.c \ + rsa.c \ + rsa.h \ + smallprime.c + + + diff --git a/cipher/Makefile.in b/cipher/Makefile.in new file mode 100644 index 000000000..faee770be --- /dev/null +++ b/cipher/Makefile.in @@ -0,0 +1,264 @@ +# Makefile.in generated automatically by automake 1.0 from Makefile.am + +# Copyright (C) 1994, 1995, 1996 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. + + +SHELL = /bin/sh + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ + +top_builddir = .. + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +transform = @program_transform_name@ + +INCLUDES = -I$(top_srcdir)/include + +noinst_LIBRARIES = cipher + +cipher_SOURCES = blowfish.c \ + blowfish.h \ + elgamal.c \ + elgamal.h \ + gost.c \ + gost.h \ + idea.c \ + idea.h \ + md5.c \ + md5.h \ + primegen.c \ + random.c \ + ripemd.h \ + rmd.h \ + rmd160.c \ + rsa.c \ + rsa.h \ + smallprime.c +mkinstalldirs = $(top_srcdir)/scripts/mkinstalldirs +CONFIG_HEADER = ../config.h +LIBRARIES = $(noinst_LIBRARIES) + +noinst_LIBFILES = libcipher.a + +CC = @CC@ +LEX = @LEX@ +YACC = @YACC@ + +DEFS = @DEFS@ -I. -I$(srcdir) -I.. +CPPFLAGS = @CPPFLAGS@ +CFLAGS = @CFLAGS@ +LDFLAGS = @LDFLAGS@ +LIBS = @LIBS@ + +COMPILE = $(CC) -c $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) +LINK = $(CC) $(LDFLAGS) -o $@ +cipher_LIBADD = +cipher_OBJECTS = blowfish.o elgamal.o gost.o idea.o md5.o primegen.o \ +random.o rmd160.o rsa.o smallprime.o +EXTRA_cipher_SOURCES = +LIBFILES = libcipher.a +AR = ar +RANLIB = @RANLIB@ +DIST_COMMON = Makefile.am Makefile.in + + +PACKAGE = @PACKAGE@ +VERSION = @VERSION@ + +DISTFILES = $(DIST_COMMON) $(SOURCES) $(BUILT_SOURCES) $(HEADERS) \ + $(TEXINFOS) $(INFOS) $(MANS) $(EXTRA_DIST) $(DATA) +DEP_DISTFILES = $(DIST_COMMON) $(SOURCES) $(BUILT_SOURCES) $(HEADERS) \ + $(TEXINFOS) $(INFO_DEPS) $(MANS) $(EXTRA_DIST) $(DATA) + +TAR = tar +DEP_FILES = $(srcdir)/.deps/blowfish.P $(srcdir)/.deps/elgamal.P \ +$(srcdir)/.deps/gost.P $(srcdir)/.deps/idea.P $(srcdir)/.deps/md5.P \ +$(srcdir)/.deps/primegen.P $(srcdir)/.deps/random.P \ +$(srcdir)/.deps/rmd160.P $(srcdir)/.deps/rsa.P \ +$(srcdir)/.deps/smallprime.P +SOURCES = $(cipher_SOURCES) +OBJECTS = $(cipher_OBJECTS) + +default: all + + +$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in + cd $(top_srcdir) && automake $(subdir)/Makefile + +Makefile: $(top_builddir)/config.status Makefile.in + cd $(top_builddir) && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= ./config.status + +mostlyclean-noinstLIBRARIES: + +clean-noinstLIBRARIES: + rm -f $(noinst_LIBFILES) + +distclean-noinstLIBRARIES: + +maintainer-clean-noinstLIBRARIES: + +.c.o: + $(COMPILE) $< + +mostlyclean-compile: + rm -f *.o core + +clean-compile: + +distclean-compile: + rm -f *.tab.c + +maintainer-clean-compile: +$(cipher_OBJECTS): ../config.h + +libcipher.a: $(cipher_OBJECTS) $(cipher_LIBADD) + rm -f libcipher.a + $(AR) cru libcipher.a $(cipher_OBJECTS) $(cipher_LIBADD) + $(RANLIB) libcipher.a + +ID: $(HEADERS) $(SOURCES) + here=`pwd` && cd $(srcdir) && mkid -f$$here/ID $(SOURCES) $(HEADERS) + +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) + here=`pwd` && cd $(srcdir) && etags $(ETAGS_ARGS) $(SOURCES) $(HEADERS) -o $$here/TAGS + +mostlyclean-tags: + +clean-tags: + +distclean-tags: + rm -f TAGS ID + +maintainer-clean-tags: + +subdir = cipher +distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) +distdir: $(DEP_DISTFILES) + @for file in `cd $(srcdir) && echo $(DISTFILES)`; do \ + test -f $(distdir)/$$file \ + || ln $(srcdir)/$$file $(distdir)/$$file 2> /dev/null \ + || cp -p $(srcdir)/$$file $(distdir)/$$file; \ + done + +# This fragment is probably only useful for maintainers. It relies on +# GNU make and gcc. It is only included in the generated Makefile.in +# if `automake' is not passed the `--include-deps' flag. + +MKDEP = gcc -MM $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) + +-include $(srcdir)/.deps/.P +$(srcdir)/.deps/.P: $(BUILT_SOURCES) + cd $(srcdir) && test -d .deps || mkdir .deps + echo > $@ + +-include $(DEP_FILES) +$(DEP_FILES): $(srcdir)/.deps/.P + +$(srcdir)/.deps/%.P: $(srcdir)/%.c + @echo "mkdeps $< > $@" + @re=`echo 's,^$(srcdir)//*,,g;s, $(srcdir)//*, ,g' | sed 's,\.,\\\\.,g'`; \ + $(MKDEP) $< | sed "$$re" > $@-tmp + @if test -n "$o"; then \ + sed 's/\.o:/$$o:/' $@-tmp > $@; \ + rm $@-tmp; \ + else \ + mv $@-tmp $@; \ + fi + +# End of maintainer-only section +info: + +dvi: + +check: all + +installcheck: + +install-exec: + +install-data: + +install: install-exec install-data all + @: + +uninstall: + +all: $(LIBFILES) Makefile + +install-strip: + $(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' install +installdirs: + + +mostlyclean-generic: + test -z "$(MOSTLYCLEANFILES)" || rm -f $(MOSTLYCLEANFILES) + +clean-generic: + test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + rm -f Makefile $(DISTCLEANFILES) + rm -f config.cache config.log $(CONFIG_HEADER) stamp-h + +maintainer-clean-generic: + test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) + test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) +mostlyclean: mostlyclean-noinstLIBRARIES mostlyclean-compile \ + mostlyclean-tags mostlyclean-generic + +clean: clean-noinstLIBRARIES clean-compile clean-tags clean-generic \ + mostlyclean + +distclean: distclean-noinstLIBRARIES distclean-compile distclean-tags \ + distclean-generic clean + rm -f config.status + +maintainer-clean: maintainer-clean-noinstLIBRARIES \ + maintainer-clean-compile maintainer-clean-tags \ + maintainer-clean-generic distclean + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + +.PHONY: default mostlyclean-noinstLIBRARIES distclean-noinstLIBRARIES \ +clean-noinstLIBRARIES maintainer-clean-noinstLIBRARIES \ +mostlyclean-compile distclean-compile clean-compile \ +maintainer-clean-compile tags mostlyclean-tags distclean-tags \ +clean-tags maintainer-clean-tags distdir info dvi check installcheck \ +install-exec install-data install uninstall all installdirs \ +mostlyclean-generic distclean-generic clean-generic \ +maintainer-clean-generic clean mostlyclean distclean maintainer-clean + +.SUFFIXES: +.SUFFIXES: .c .o + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/cipher/blowfish.c b/cipher/blowfish.c new file mode 100644 index 000000000..59f1afa8c --- /dev/null +++ b/cipher/blowfish.c @@ -0,0 +1,522 @@ +/* blowfish.c - Blowfish encryption + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * For a description of the algorithm, see: + * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. + * ISBN 0-471-11709-9. Pages 336 ff. + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include "util.h" +#include "types.h" +#include "blowfish.h" + +/* precomputed S boxes */ +static const u32 ks0[256] = { + 0xD1310BA6,0x98DFB5AC,0x2FFD72DB,0xD01ADFB7,0xB8E1AFED,0x6A267E96, + 0xBA7C9045,0xF12C7F99,0x24A19947,0xB3916CF7,0x0801F2E2,0x858EFC16, + 0x636920D8,0x71574E69,0xA458FEA3,0xF4933D7E,0x0D95748F,0x728EB658, + 0x718BCD58,0x82154AEE,0x7B54A41D,0xC25A59B5,0x9C30D539,0x2AF26013, + 0xC5D1B023,0x286085F0,0xCA417918,0xB8DB38EF,0x8E79DCB0,0x603A180E, + 0x6C9E0E8B,0xB01E8A3E,0xD71577C1,0xBD314B27,0x78AF2FDA,0x55605C60, + 0xE65525F3,0xAA55AB94,0x57489862,0x63E81440,0x55CA396A,0x2AAB10B6, + 0xB4CC5C34,0x1141E8CE,0xA15486AF,0x7C72E993,0xB3EE1411,0x636FBC2A, + 0x2BA9C55D,0x741831F6,0xCE5C3E16,0x9B87931E,0xAFD6BA33,0x6C24CF5C, + 0x7A325381,0x28958677,0x3B8F4898,0x6B4BB9AF,0xC4BFE81B,0x66282193, + 0x61D809CC,0xFB21A991,0x487CAC60,0x5DEC8032,0xEF845D5D,0xE98575B1, + 0xDC262302,0xEB651B88,0x23893E81,0xD396ACC5,0x0F6D6FF3,0x83F44239, + 0x2E0B4482,0xA4842004,0x69C8F04A,0x9E1F9B5E,0x21C66842,0xF6E96C9A, + 0x670C9C61,0xABD388F0,0x6A51A0D2,0xD8542F68,0x960FA728,0xAB5133A3, + 0x6EEF0B6C,0x137A3BE4,0xBA3BF050,0x7EFB2A98,0xA1F1651D,0x39AF0176, + 0x66CA593E,0x82430E88,0x8CEE8619,0x456F9FB4,0x7D84A5C3,0x3B8B5EBE, + 0xE06F75D8,0x85C12073,0x401A449F,0x56C16AA6,0x4ED3AA62,0x363F7706, + 0x1BFEDF72,0x429B023D,0x37D0D724,0xD00A1248,0xDB0FEAD3,0x49F1C09B, + 0x075372C9,0x80991B7B,0x25D479D8,0xF6E8DEF7,0xE3FE501A,0xB6794C3B, + 0x976CE0BD,0x04C006BA,0xC1A94FB6,0x409F60C4,0x5E5C9EC2,0x196A2463, + 0x68FB6FAF,0x3E6C53B5,0x1339B2EB,0x3B52EC6F,0x6DFC511F,0x9B30952C, + 0xCC814544,0xAF5EBD09,0xBEE3D004,0xDE334AFD,0x660F2807,0x192E4BB3, + 0xC0CBA857,0x45C8740F,0xD20B5F39,0xB9D3FBDB,0x5579C0BD,0x1A60320A, + 0xD6A100C6,0x402C7279,0x679F25FE,0xFB1FA3CC,0x8EA5E9F8,0xDB3222F8, + 0x3C7516DF,0xFD616B15,0x2F501EC8,0xAD0552AB,0x323DB5FA,0xFD238760, + 0x53317B48,0x3E00DF82,0x9E5C57BB,0xCA6F8CA0,0x1A87562E,0xDF1769DB, + 0xD542A8F6,0x287EFFC3,0xAC6732C6,0x8C4F5573,0x695B27B0,0xBBCA58C8, + 0xE1FFA35D,0xB8F011A0,0x10FA3D98,0xFD2183B8,0x4AFCB56C,0x2DD1D35B, + 0x9A53E479,0xB6F84565,0xD28E49BC,0x4BFB9790,0xE1DDF2DA,0xA4CB7E33, + 0x62FB1341,0xCEE4C6E8,0xEF20CADA,0x36774C01,0xD07E9EFE,0x2BF11FB4, + 0x95DBDA4D,0xAE909198,0xEAAD8E71,0x6B93D5A0,0xD08ED1D0,0xAFC725E0, + 0x8E3C5B2F,0x8E7594B7,0x8FF6E2FB,0xF2122B64,0x8888B812,0x900DF01C, + 0x4FAD5EA0,0x688FC31C,0xD1CFF191,0xB3A8C1AD,0x2F2F2218,0xBE0E1777, + 0xEA752DFE,0x8B021FA1,0xE5A0CC0F,0xB56F74E8,0x18ACF3D6,0xCE89E299, + 0xB4A84FE0,0xFD13E0B7,0x7CC43B81,0xD2ADA8D9,0x165FA266,0x80957705, + 0x93CC7314,0x211A1477,0xE6AD2065,0x77B5FA86,0xC75442F5,0xFB9D35CF, + 0xEBCDAF0C,0x7B3E89A0,0xD6411BD3,0xAE1E7E49,0x00250E2D,0x2071B35E, + 0x226800BB,0x57B8E0AF,0x2464369B,0xF009B91E,0x5563911D,0x59DFA6AA, + 0x78C14389,0xD95A537F,0x207D5BA2,0x02E5B9C5,0x83260376,0x6295CFA9, + 0x11C81968,0x4E734A41,0xB3472DCA,0x7B14A94A,0x1B510052,0x9A532915, + 0xD60F573F,0xBC9BC6E4,0x2B60A476,0x81E67400,0x08BA6FB5,0x571BE91F, + 0xF296EC6B,0x2A0DD915,0xB6636521,0xE7B9F9B6,0xFF34052E,0xC5855664, + 0x53B02D5D,0xA99F8FA1,0x08BA4799,0x6E85076A }; + +static const u32 ks1[256] = { + 0x4B7A70E9,0xB5B32944,0xDB75092E,0xC4192623,0xAD6EA6B0,0x49A7DF7D, + 0x9CEE60B8,0x8FEDB266,0xECAA8C71,0x699A17FF,0x5664526C,0xC2B19EE1, + 0x193602A5,0x75094C29,0xA0591340,0xE4183A3E,0x3F54989A,0x5B429D65, + 0x6B8FE4D6,0x99F73FD6,0xA1D29C07,0xEFE830F5,0x4D2D38E6,0xF0255DC1, + 0x4CDD2086,0x8470EB26,0x6382E9C6,0x021ECC5E,0x09686B3F,0x3EBAEFC9, + 0x3C971814,0x6B6A70A1,0x687F3584,0x52A0E286,0xB79C5305,0xAA500737, + 0x3E07841C,0x7FDEAE5C,0x8E7D44EC,0x5716F2B8,0xB03ADA37,0xF0500C0D, + 0xF01C1F04,0x0200B3FF,0xAE0CF51A,0x3CB574B2,0x25837A58,0xDC0921BD, + 0xD19113F9,0x7CA92FF6,0x94324773,0x22F54701,0x3AE5E581,0x37C2DADC, + 0xC8B57634,0x9AF3DDA7,0xA9446146,0x0FD0030E,0xECC8C73E,0xA4751E41, + 0xE238CD99,0x3BEA0E2F,0x3280BBA1,0x183EB331,0x4E548B38,0x4F6DB908, + 0x6F420D03,0xF60A04BF,0x2CB81290,0x24977C79,0x5679B072,0xBCAF89AF, + 0xDE9A771F,0xD9930810,0xB38BAE12,0xDCCF3F2E,0x5512721F,0x2E6B7124, + 0x501ADDE6,0x9F84CD87,0x7A584718,0x7408DA17,0xBC9F9ABC,0xE94B7D8C, + 0xEC7AEC3A,0xDB851DFA,0x63094366,0xC464C3D2,0xEF1C1847,0x3215D908, + 0xDD433B37,0x24C2BA16,0x12A14D43,0x2A65C451,0x50940002,0x133AE4DD, + 0x71DFF89E,0x10314E55,0x81AC77D6,0x5F11199B,0x043556F1,0xD7A3C76B, + 0x3C11183B,0x5924A509,0xF28FE6ED,0x97F1FBFA,0x9EBABF2C,0x1E153C6E, + 0x86E34570,0xEAE96FB1,0x860E5E0A,0x5A3E2AB3,0x771FE71C,0x4E3D06FA, + 0x2965DCB9,0x99E71D0F,0x803E89D6,0x5266C825,0x2E4CC978,0x9C10B36A, + 0xC6150EBA,0x94E2EA78,0xA5FC3C53,0x1E0A2DF4,0xF2F74EA7,0x361D2B3D, + 0x1939260F,0x19C27960,0x5223A708,0xF71312B6,0xEBADFE6E,0xEAC31F66, + 0xE3BC4595,0xA67BC883,0xB17F37D1,0x018CFF28,0xC332DDEF,0xBE6C5AA5, + 0x65582185,0x68AB9802,0xEECEA50F,0xDB2F953B,0x2AEF7DAD,0x5B6E2F84, + 0x1521B628,0x29076170,0xECDD4775,0x619F1510,0x13CCA830,0xEB61BD96, + 0x0334FE1E,0xAA0363CF,0xB5735C90,0x4C70A239,0xD59E9E0B,0xCBAADE14, + 0xEECC86BC,0x60622CA7,0x9CAB5CAB,0xB2F3846E,0x648B1EAF,0x19BDF0CA, + 0xA02369B9,0x655ABB50,0x40685A32,0x3C2AB4B3,0x319EE9D5,0xC021B8F7, + 0x9B540B19,0x875FA099,0x95F7997E,0x623D7DA8,0xF837889A,0x97E32D77, + 0x11ED935F,0x16681281,0x0E358829,0xC7E61FD6,0x96DEDFA1,0x7858BA99, + 0x57F584A5,0x1B227263,0x9B83C3FF,0x1AC24696,0xCDB30AEB,0x532E3054, + 0x8FD948E4,0x6DBC3128,0x58EBF2EF,0x34C6FFEA,0xFE28ED61,0xEE7C3C73, + 0x5D4A14D9,0xE864B7E3,0x42105D14,0x203E13E0,0x45EEE2B6,0xA3AAABEA, + 0xDB6C4F15,0xFACB4FD0,0xC742F442,0xEF6ABBB5,0x654F3B1D,0x41CD2105, + 0xD81E799E,0x86854DC7,0xE44B476A,0x3D816250,0xCF62A1F2,0x5B8D2646, + 0xFC8883A0,0xC1C7B6A3,0x7F1524C3,0x69CB7492,0x47848A0B,0x5692B285, + 0x095BBF00,0xAD19489D,0x1462B174,0x23820E00,0x58428D2A,0x0C55F5EA, + 0x1DADF43E,0x233F7061,0x3372F092,0x8D937E41,0xD65FECF1,0x6C223BDB, + 0x7CDE3759,0xCBEE7460,0x4085F2A7,0xCE77326E,0xA6078084,0x19F8509E, + 0xE8EFD855,0x61D99735,0xA969A7AA,0xC50C06C2,0x5A04ABFC,0x800BCADC, + 0x9E447A2E,0xC3453484,0xFDD56705,0x0E1E9EC9,0xDB73DBD3,0x105588CD, + 0x675FDA79,0xE3674340,0xC5C43465,0x713E38D8,0x3D28F89E,0xF16DFF20, + 0x153E21E7,0x8FB03D4A,0xE6E39F2B,0xDB83ADF7 }; + +static const u32 ks2[256] = { + 0xE93D5A68,0x948140F7,0xF64C261C,0x94692934,0x411520F7,0x7602D4F7, + 0xBCF46B2E,0xD4A20068,0xD4082471,0x3320F46A,0x43B7D4B7,0x500061AF, + 0x1E39F62E,0x97244546,0x14214F74,0xBF8B8840,0x4D95FC1D,0x96B591AF, + 0x70F4DDD3,0x66A02F45,0xBFBC09EC,0x03BD9785,0x7FAC6DD0,0x31CB8504, + 0x96EB27B3,0x55FD3941,0xDA2547E6,0xABCA0A9A,0x28507825,0x530429F4, + 0x0A2C86DA,0xE9B66DFB,0x68DC1462,0xD7486900,0x680EC0A4,0x27A18DEE, + 0x4F3FFEA2,0xE887AD8C,0xB58CE006,0x7AF4D6B6,0xAACE1E7C,0xD3375FEC, + 0xCE78A399,0x406B2A42,0x20FE9E35,0xD9F385B9,0xEE39D7AB,0x3B124E8B, + 0x1DC9FAF7,0x4B6D1856,0x26A36631,0xEAE397B2,0x3A6EFA74,0xDD5B4332, + 0x6841E7F7,0xCA7820FB,0xFB0AF54E,0xD8FEB397,0x454056AC,0xBA489527, + 0x55533A3A,0x20838D87,0xFE6BA9B7,0xD096954B,0x55A867BC,0xA1159A58, + 0xCCA92963,0x99E1DB33,0xA62A4A56,0x3F3125F9,0x5EF47E1C,0x9029317C, + 0xFDF8E802,0x04272F70,0x80BB155C,0x05282CE3,0x95C11548,0xE4C66D22, + 0x48C1133F,0xC70F86DC,0x07F9C9EE,0x41041F0F,0x404779A4,0x5D886E17, + 0x325F51EB,0xD59BC0D1,0xF2BCC18F,0x41113564,0x257B7834,0x602A9C60, + 0xDFF8E8A3,0x1F636C1B,0x0E12B4C2,0x02E1329E,0xAF664FD1,0xCAD18115, + 0x6B2395E0,0x333E92E1,0x3B240B62,0xEEBEB922,0x85B2A20E,0xE6BA0D99, + 0xDE720C8C,0x2DA2F728,0xD0127845,0x95B794FD,0x647D0862,0xE7CCF5F0, + 0x5449A36F,0x877D48FA,0xC39DFD27,0xF33E8D1E,0x0A476341,0x992EFF74, + 0x3A6F6EAB,0xF4F8FD37,0xA812DC60,0xA1EBDDF8,0x991BE14C,0xDB6E6B0D, + 0xC67B5510,0x6D672C37,0x2765D43B,0xDCD0E804,0xF1290DC7,0xCC00FFA3, + 0xB5390F92,0x690FED0B,0x667B9FFB,0xCEDB7D9C,0xA091CF0B,0xD9155EA3, + 0xBB132F88,0x515BAD24,0x7B9479BF,0x763BD6EB,0x37392EB3,0xCC115979, + 0x8026E297,0xF42E312D,0x6842ADA7,0xC66A2B3B,0x12754CCC,0x782EF11C, + 0x6A124237,0xB79251E7,0x06A1BBE6,0x4BFB6350,0x1A6B1018,0x11CAEDFA, + 0x3D25BDD8,0xE2E1C3C9,0x44421659,0x0A121386,0xD90CEC6E,0xD5ABEA2A, + 0x64AF674E,0xDA86A85F,0xBEBFE988,0x64E4C3FE,0x9DBC8057,0xF0F7C086, + 0x60787BF8,0x6003604D,0xD1FD8346,0xF6381FB0,0x7745AE04,0xD736FCCC, + 0x83426B33,0xF01EAB71,0xB0804187,0x3C005E5F,0x77A057BE,0xBDE8AE24, + 0x55464299,0xBF582E61,0x4E58F48F,0xF2DDFDA2,0xF474EF38,0x8789BDC2, + 0x5366F9C3,0xC8B38E74,0xB475F255,0x46FCD9B9,0x7AEB2661,0x8B1DDF84, + 0x846A0E79,0x915F95E2,0x466E598E,0x20B45770,0x8CD55591,0xC902DE4C, + 0xB90BACE1,0xBB8205D0,0x11A86248,0x7574A99E,0xB77F19B6,0xE0A9DC09, + 0x662D09A1,0xC4324633,0xE85A1F02,0x09F0BE8C,0x4A99A025,0x1D6EFE10, + 0x1AB93D1D,0x0BA5A4DF,0xA186F20F,0x2868F169,0xDCB7DA83,0x573906FE, + 0xA1E2CE9B,0x4FCD7F52,0x50115E01,0xA70683FA,0xA002B5C4,0x0DE6D027, + 0x9AF88C27,0x773F8641,0xC3604C06,0x61A806B5,0xF0177A28,0xC0F586E0, + 0x006058AA,0x30DC7D62,0x11E69ED7,0x2338EA63,0x53C2DD94,0xC2C21634, + 0xBBCBEE56,0x90BCB6DE,0xEBFC7DA1,0xCE591D76,0x6F05E409,0x4B7C0188, + 0x39720A3D,0x7C927C24,0x86E3725F,0x724D9DB9,0x1AC15BB4,0xD39EB8FC, + 0xED545578,0x08FCA5B5,0xD83D7CD3,0x4DAD0FC4,0x1E50EF5E,0xB161E6F8, + 0xA28514D9,0x6C51133C,0x6FD5C7E7,0x56E14EC4,0x362ABFCE,0xDDC6C837, + 0xD79A3234,0x92638212,0x670EFA8E,0x406000E0 }; + +static const u32 ks3[256] = { + 0x3A39CE37,0xD3FAF5CF,0xABC27737,0x5AC52D1B,0x5CB0679E,0x4FA33742, + 0xD3822740,0x99BC9BBE,0xD5118E9D,0xBF0F7315,0xD62D1C7E,0xC700C47B, + 0xB78C1B6B,0x21A19045,0xB26EB1BE,0x6A366EB4,0x5748AB2F,0xBC946E79, + 0xC6A376D2,0x6549C2C8,0x530FF8EE,0x468DDE7D,0xD5730A1D,0x4CD04DC6, + 0x2939BBDB,0xA9BA4650,0xAC9526E8,0xBE5EE304,0xA1FAD5F0,0x6A2D519A, + 0x63EF8CE2,0x9A86EE22,0xC089C2B8,0x43242EF6,0xA51E03AA,0x9CF2D0A4, + 0x83C061BA,0x9BE96A4D,0x8FE51550,0xBA645BD6,0x2826A2F9,0xA73A3AE1, + 0x4BA99586,0xEF5562E9,0xC72FEFD3,0xF752F7DA,0x3F046F69,0x77FA0A59, + 0x80E4A915,0x87B08601,0x9B09E6AD,0x3B3EE593,0xE990FD5A,0x9E34D797, + 0x2CF0B7D9,0x022B8B51,0x96D5AC3A,0x017DA67D,0xD1CF3ED6,0x7C7D2D28, + 0x1F9F25CF,0xADF2B89B,0x5AD6B472,0x5A88F54C,0xE029AC71,0xE019A5E6, + 0x47B0ACFD,0xED93FA9B,0xE8D3C48D,0x283B57CC,0xF8D56629,0x79132E28, + 0x785F0191,0xED756055,0xF7960E44,0xE3D35E8C,0x15056DD4,0x88F46DBA, + 0x03A16125,0x0564F0BD,0xC3EB9E15,0x3C9057A2,0x97271AEC,0xA93A072A, + 0x1B3F6D9B,0x1E6321F5,0xF59C66FB,0x26DCF319,0x7533D928,0xB155FDF5, + 0x03563482,0x8ABA3CBB,0x28517711,0xC20AD9F8,0xABCC5167,0xCCAD925F, + 0x4DE81751,0x3830DC8E,0x379D5862,0x9320F991,0xEA7A90C2,0xFB3E7BCE, + 0x5121CE64,0x774FBE32,0xA8B6E37E,0xC3293D46,0x48DE5369,0x6413E680, + 0xA2AE0810,0xDD6DB224,0x69852DFD,0x09072166,0xB39A460A,0x6445C0DD, + 0x586CDECF,0x1C20C8AE,0x5BBEF7DD,0x1B588D40,0xCCD2017F,0x6BB4E3BB, + 0xDDA26A7E,0x3A59FF45,0x3E350A44,0xBCB4CDD5,0x72EACEA8,0xFA6484BB, + 0x8D6612AE,0xBF3C6F47,0xD29BE463,0x542F5D9E,0xAEC2771B,0xF64E6370, + 0x740E0D8D,0xE75B1357,0xF8721671,0xAF537D5D,0x4040CB08,0x4EB4E2CC, + 0x34D2466A,0x0115AF84,0xE1B00428,0x95983A1D,0x06B89FB4,0xCE6EA048, + 0x6F3F3B82,0x3520AB82,0x011A1D4B,0x277227F8,0x611560B1,0xE7933FDC, + 0xBB3A792B,0x344525BD,0xA08839E1,0x51CE794B,0x2F32C9B7,0xA01FBAC9, + 0xE01CC87E,0xBCC7D1F6,0xCF0111C3,0xA1E8AAC7,0x1A908749,0xD44FBD9A, + 0xD0DADECB,0xD50ADA38,0x0339C32A,0xC6913667,0x8DF9317C,0xE0B12B4F, + 0xF79E59B7,0x43F5BB3A,0xF2D519FF,0x27D9459C,0xBF97222C,0x15E6FC2A, + 0x0F91FC71,0x9B941525,0xFAE59361,0xCEB69CEB,0xC2A86459,0x12BAA8D1, + 0xB6C1075E,0xE3056A0C,0x10D25065,0xCB03A442,0xE0EC6E0E,0x1698DB3B, + 0x4C98A0BE,0x3278E964,0x9F1F9532,0xE0D392DF,0xD3A0342B,0x8971F21E, + 0x1B0A7441,0x4BA3348C,0xC5BE7120,0xC37632D8,0xDF359F8D,0x9B992F2E, + 0xE60B6F47,0x0FE3F11D,0xE54CDA54,0x1EDAD891,0xCE6279CF,0xCD3E7E6F, + 0x1618B166,0xFD2C1D05,0x848FD2C5,0xF6FB2299,0xF523F357,0xA6327623, + 0x93A83531,0x56CCCD02,0xACF08162,0x5A75EBB5,0x6E163697,0x88D273CC, + 0xDE966292,0x81B949D0,0x4C50901B,0x71C65614,0xE6C6C7BD,0x327A140A, + 0x45E1D006,0xC3F27B9A,0xC9AA53FD,0x62A80F00,0xBB25BFE2,0x35BDD2F6, + 0x71126905,0xB2040222,0xB6CBCF7C,0xCD769C2B,0x53113EC0,0x1640E3D3, + 0x38ABBD60,0x2547ADF0,0xBA38209C,0xF746CE76,0x77AFA1C5,0x20756060, + 0x85CBFE4E,0x8AE88DD8,0x7AAAF9B0,0x4CF9AA7E,0x1948C25C,0x02FB8A8C, + 0x01C36AE4,0xD6EBE1F9,0x90D4F869,0xA65CDEA0,0x3F09252D,0xC208E69F, + 0xB74E6132,0xCE77E25B,0x578FDFE3,0x3AC372E6 }; + +static const u32 ps[BLOWFISH_ROUNDS+2] = { + 0x243F6A88,0x85A308D3,0x13198A2E,0x03707344,0xA4093822,0x299F31D0, + 0x082EFA98,0xEC4E6C89,0x452821E6,0x38D01377,0xBE5466CF,0x34E90C6C, + 0xC0AC29B7,0xC97C50DD,0x3F84D5B5,0xB5470917,0x9216D5D9,0x8979FB1B }; + + + + + +static u32 +function_F( BLOWFISH_context *bc, u32 x ) +{ + u16 a, b, c, d, y; + + d = x & 0x00ff; + x >>= 8; + c = x & 0x00ff; + x >>= 8; + b = x & 0x00ff; + x >>= 8; + a = x & 0x00ff; + y = bc->s0[a] + bc->s1[b]; + y ^= bc->s2[c]; + y += bc->s3[d]; + + return y; +} + + +static void +encipher( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr ) +{ + u32 xl, xr, temp; + int i; + + xl = *ret_xl; + xr = *ret_xr; + + for(i=0; i < BLOWFISH_ROUNDS; i++ ) { + xl ^= bc->p[i]; + xr ^= function_F(bc, xl); + temp = xl; + xl = xr; + xr = temp; + } + + temp = xl; + xl = xr; + xr = temp; + + xr ^= bc->p[BLOWFISH_ROUNDS]; + xl ^= bc->p[BLOWFISH_ROUNDS+1]; + + *ret_xl = xl; + *ret_xr = xr; +} + +static void +decipher( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr ) +{ + u32 xl, xr, temp; + int i; + + xl = *ret_xl; + xr = *ret_xr; + + for(i=BLOWFISH_ROUNDS+1; i > 1; i-- ) { + xl ^= bc->p[i]; + xr ^= function_F(bc, xl); + temp = xl; + xl = xr; + xr = temp; + } + + temp = xl; + xl = xr; + xr = temp; + + xr ^= bc->p[1]; + xl ^= bc->p[0]; + + *ret_xl = xl; + *ret_xr = xr; +} + +static void +encipher_block( BLOWFISH_context *bc, byte *outbuf, byte *inbuf ) +{ + u32 d1, d2; + + d1 = ((u32*)inbuf)[0]; + d2 = ((u32*)inbuf)[1]; + encipher( bc, &d1, &d2 ); + ((u32*)outbuf)[0] = d1; + ((u32*)outbuf)[1] = d2; +} + +static void +decipher_block( BLOWFISH_context *bc, byte *outbuf, byte *inbuf ) +{ + u32 d1, d2; + + d1 = ((u32*)inbuf)[0]; + d2 = ((u32*)inbuf)[1]; + decipher( bc, &d1, &d2 ); + ((u32*)outbuf)[0] = d1; + ((u32*)outbuf)[1] = d2; +} + + +void +blowfish_setkey( BLOWFISH_context *c, byte *key, unsigned keylen ) +{ + int i, j, k; + u32 data, datal, datar; + + for(i=0; i < BLOWFISH_ROUNDS+2; i++ ) + c->p[i] = ps[i]; + for(i=0; i < 256; i++ ) { + c->s0[i] = ks0[i]; + c->s1[i] = ks1[i]; + c->s2[i] = ks2[i]; + c->s3[i] = ks3[i]; + } + + for(i=j=0; i < BLOWFISH_ROUNDS+2; i++ ) { + data = 0; + for(k=0; k < 4; k++) { + data = (data << 8) | key[j]; + if( ++j >= keylen ) + j = 0; + } + c->p[i] ^= data; + } + + datal = datar = 0; + for(i=0; i < BLOWFISH_ROUNDS+2; i += 2 ) { + encipher( c, &datal, &datar ); + c->p[i] = datal; + c->p[i+1] = datar; + } + for(i=0; i < 256; i += 2 ) { + encipher( c, &datal, &datar ); + c->s0[i] = datal; + c->s0[i+1] = datar; + } + for(i=0; i < 256; i += 2 ) { + encipher( c, &datal, &datar ); + c->s1[i] = datal; + c->s1[i+1] = datar; + } + for(i=0; i < 256; i += 2 ) { + encipher( c, &datal, &datar ); + c->s2[i] = datal; + c->s2[i+1] = datar; + } + for(i=0; i < 256; i += 2 ) { + encipher( c, &datal, &datar ); + c->s3[i] = datal; + c->s3[i+1] = datar; + } +} + + +void +blowfish_setiv( BLOWFISH_context *c, byte *iv ) +{ + if( iv ) + memcpy( c->iv, iv, BLOWFISH_BLOCKSIZE ); + else + memset( c->iv, 0, BLOWFISH_BLOCKSIZE ); + c->count = 0; + encipher_block( c, c->eniv, c->iv ); +} + + +void +blowfish_encode( BLOWFISH_context *c, byte *outbuf, byte *inbuf, + unsigned nblocks ) +{ + unsigned n; + + for(n=0; n < nblocks; n++ ) { + encipher_block( c, outbuf, inbuf ); + inbuf += BLOWFISH_BLOCKSIZE;; + outbuf += BLOWFISH_BLOCKSIZE; + } +} + +void +blowfish_decode( BLOWFISH_context *c, byte *outbuf, byte *inbuf, + unsigned nblocks ) +{ + unsigned n; + + for(n=0; n < nblocks; n++ ) { + decipher_block( c, outbuf, inbuf ); + inbuf += BLOWFISH_BLOCKSIZE;; + outbuf += BLOWFISH_BLOCKSIZE; + } +} + + + +/**************** + * FIXME: Make use of bigger chunks + * (out may overlap with a or b) + */ +static void +xorblock( byte *out, byte *a, byte *b, unsigned count ) +{ + for( ; count ; count--, a++, b++ ) + *out++ = *a ^ *b ; +} + + + +/**************** + * Encode buffer in CFB mode. nbytes can be an arbitrary value. + */ +void +blowfish_encode_cfb( BLOWFISH_context *c, byte *outbuf, + byte *inbuf, unsigned nbytes) +{ + unsigned n; + + if( c->count ) { /* must make a full block first */ + assert( c->count < BLOWFISH_BLOCKSIZE ); + n = BLOWFISH_BLOCKSIZE - c->count; + if( n > nbytes ) + n = nbytes; + xorblock( outbuf, c->eniv+c->count, inbuf, n); + memcpy( c->iv+c->count, outbuf, n); + c->count += n; + nbytes -= n; + inbuf += n; + outbuf += n; + assert( c->count <= BLOWFISH_BLOCKSIZE); + if( c->count == BLOWFISH_BLOCKSIZE ) { + encipher_block( c, c->eniv, c->iv ); + c->count = 0; + } + else + return; + } + assert(!c->count); + while( nbytes >= BLOWFISH_BLOCKSIZE ) { + xorblock( outbuf, c->eniv, inbuf, BLOWFISH_BLOCKSIZE); + memcpy( c->iv, outbuf, BLOWFISH_BLOCKSIZE); + encipher_block( c, c->eniv, c->iv ); + nbytes -= BLOWFISH_BLOCKSIZE; + inbuf += BLOWFISH_BLOCKSIZE; + outbuf += BLOWFISH_BLOCKSIZE; + } + + if( nbytes ) { + xorblock( outbuf, c->eniv, inbuf, nbytes ); + memcpy( c->iv, outbuf, nbytes ); + c->count = nbytes; + } + +} + + +void +blowfish_decode_cfb( BLOWFISH_context *c, byte *outbuf, + byte *inbuf, unsigned nbytes) +{ + unsigned n; + + if( c->count ) { /* must make a full block first */ + assert( c->count < BLOWFISH_BLOCKSIZE ); + n = BLOWFISH_BLOCKSIZE - c->count; + if( n > nbytes ) + n = nbytes; + memcpy( c->iv+c->count, inbuf, n); + xorblock( outbuf, c->eniv+c->count, inbuf, n); + c->count += n; + nbytes -= n; + inbuf += n; + outbuf += n; + assert( c->count <= BLOWFISH_BLOCKSIZE); + if( c->count == BLOWFISH_BLOCKSIZE ) { + encipher_block( c, c->eniv, c->iv ); + c->count = 0; + } + else + return; + } + + assert(!c->count); + while( nbytes >= BLOWFISH_BLOCKSIZE ) { + memcpy( c->iv, inbuf, BLOWFISH_BLOCKSIZE); + xorblock( outbuf, c->eniv, inbuf, BLOWFISH_BLOCKSIZE); + encipher_block( c, c->eniv, c->iv ); + nbytes -= BLOWFISH_BLOCKSIZE; + inbuf += BLOWFISH_BLOCKSIZE; + outbuf += BLOWFISH_BLOCKSIZE; + } + + if( nbytes ) { + memcpy( c->iv, inbuf, nbytes ); + xorblock( outbuf, c->eniv, inbuf, nbytes ); + c->count = nbytes; + } + +} + diff --git a/cipher/blowfish.h b/cipher/blowfish.h new file mode 100644 index 000000000..3b01f5263 --- /dev/null +++ b/cipher/blowfish.h @@ -0,0 +1,51 @@ +/* blowfish.h + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ +#ifndef G10_BLOWFISH_H +#define G10_BLOWFISH_H + +#include "types.h" + +#define BLOWFISH_BLOCKSIZE 8 +#define BLOWFISH_ROUNDS 16 + +typedef struct { + u32 s0[256]; + u32 s1[256]; + u32 s2[256]; + u32 s3[256]; + u32 p[BLOWFISH_ROUNDS+2]; + byte iv[BLOWFISH_BLOCKSIZE]; + byte eniv[BLOWFISH_BLOCKSIZE]; + int count; +} BLOWFISH_context; + +void blowfish_setkey( BLOWFISH_context *c, byte *key, unsigned keylen ); +void blowfish_setiv( BLOWFISH_context *c, byte *iv ); +void blowfish_encode( BLOWFISH_context *c, byte *outbuf, byte *inbuf, + unsigned nblocks ); +void blowfish_decode( BLOWFISH_context *c, byte *outbuf, byte *inbuf, + unsigned nblocks ); +void blowfish_encode_cfb( BLOWFISH_context *c, byte *outbuf, + byte *inbuf, unsigned nbytes); +void blowfish_decode_cfb( BLOWFISH_context *c, byte *outbuf, + byte *inbuf, unsigned nbytes); + + +#endif /*G10_BLOWFISH_H*/ diff --git a/cipher/elgamal.c b/cipher/elgamal.c new file mode 100644 index 000000000..305e1db92 --- /dev/null +++ b/cipher/elgamal.c @@ -0,0 +1,61 @@ +/* elgamal.c - ElGamal Public Key encryption + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * For a description of the algorithm, see: + * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. + * ISBN 0-471-11709-9. Pages 476 ff. + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "util.h" +#include "mpi.h" +#include "elgamal.h" + + +/**************** + * Public key operation. Encrypt INPUT with PKEY and put result into OUTPUT. + * + * + * + * Where c is OUTPUT, m is INPUT and e,n are elements of PKEY. + */ +void +elg_public(MPI output, MPI input, ELG_public_key *pkey ) +{ + +} + +/**************** + * Secret key operation. Encrypt INPUT with SKEY and put result into OUTPUT. + * + * + * + * Where m is OUTPUT, c is INPUT and d,n are elements of PKEY. + */ +void +elg_secret(MPI output, MPI input, ELG_secret_key *skey ) +{ + +} + + + diff --git a/cipher/elgamal.h b/cipher/elgamal.h new file mode 100644 index 000000000..3b6317599 --- /dev/null +++ b/cipher/elgamal.h @@ -0,0 +1,45 @@ +/* elgamal.h + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ +#ifndef G10_ELGAMAL_H +#define G10_ELGAMAL_H + +#include "mpi.h" + +typedef struct { + MPI e; /* exponent */ + MPI n; /* modulus */ +} ELG_public_key; + + +typedef struct { + MPI e; /* public exponent */ + MPI n; /* public modulus */ + MPI p; /* prime p. */ + MPI q; /* prime q. */ + MPI d; /* exponent */ + MPI u; /* inverse of p mod q. */ +} ELG_secret_key; + + +void elg_public(MPI output, MPI input, ELG_public_key *skey ); +void elg_secret(MPI output, MPI input, ELG_secret_key *skey ); + + +#endif /*G10_ELGAMAL_H*/ diff --git a/cipher/gost.c b/cipher/gost.c new file mode 100644 index 000000000..21b63cbc9 --- /dev/null +++ b/cipher/gost.c @@ -0,0 +1,309 @@ +/* gost.c - GOST encryption + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * The description of GOST (and the used S-boxes) are taken from: + * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. + * ISBN 0-471-11709-9. . + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "util.h" +#include "types.h" +#include "gost.h" + + + +static u16 +mul_inv( u16 x ) +{ + u16 t0, t1; + u16 q, y; + + if( x < 2 ) + return x; + t1 = 0x10001L / x; + y = 0x10001L % x; + if( y == 1 ) + return (1-t1) & 0xffff; + + t0 = 1; + do { + q = x / y; + x = x % y; + t0 += q * t1; + if( x == 1 ) + return t0; + q = y / x; + y = y % x; + t1 += q * t0; + } while( y != 1 ); + return (1-t1) & 0xffff; +} + + + +static void +expand_key( byte *userkey, u16 *ek ) +{ + int i,j; + + for(j=0; j < 8; j++ ) { + ek[j] = (*userkey << 8) + userkey[1]; + userkey += 2; + } + for(i=0; j < GOST_KEYLEN; j++ ) { + i++; + ek[i+7] = ek[i&7] << 9 | ek[(i+1)&7] >> 7; + ek += i & 8; + i &= 7; + } +} + + +static void +invert_key( u16 *ek, u16 dk[GOST_KEYLEN] ) +{ + int i; + u16 t1, t2, t3; + u16 temp[GOST_KEYLEN]; + u16 *p = temp + GOST_KEYLEN; + + t1 = mul_inv( *ek++ ); + t2 = -*ek++; + t3 = -*ek++; + *--p = mul_inv( *ek++ ); + *--p = t3; + *--p = t2; + *--p = t1; + + for(i=0; i < GOST_ROUNDS-1; i++ ) { + t1 = *ek++; + *--p = *ek++; + *--p = t1; + + t1 = mul_inv( *ek++ ); + t2 = -*ek++; + t3 = -*ek++; + *--p = mul_inv( *ek++ ); + *--p = t3; + *--p = t2; + *--p = t1; + } + t1 = *ek++; + *--p = *ek++; + *--p = t1; + + t1 = mul_inv( *ek++ ); + t2 = -*ek++; + t3 = -*ek++; + *--p = mul_inv( *ek++ ); + *--p = t3; + *--p = t2; + *--p = t1; + memcpy(dk, temp, sizeof(temp) ); + memset(temp, 0, sizeof(temp) ); /* burn temp */ +} + + +static void +cipher( byte *inbuf, byte *outbuf, u16 *key ) +{ + u16 x1, x2, x3,x4, s2, s3; + u16 *in, *out; + int r = GOST_ROUNDS; + #define MUL(x,y) \ + do {u16 _t16; u32 _t32; \ + if( (_t16 = (y)) ) { \ + if( (x = (x)&0xffff) ) { \ + _t32 = (u32)x * _t16; \ + x = _t32 & 0xffff; \ + _t16 = _t32 >> 16; \ + x = ((x)-_t16) + (x<_t16?1:0); \ + } \ + else { \ + x = 1 - _t16; \ + } \ + } \ + else { \ + x = 1 - x; \ + } \ + } while(0) + + in = (u16*)inbuf; + x1 = *in++; + x2 = *in++; + x3 = *in++; + x4 = *in; + #ifdef HAVE_LITTLE_ENDIAN + x1 = (x1>>8) | (x1<<8); + x2 = (x2>>8) | (x2<<8); + x3 = (x3>>8) | (x3<<8); + x4 = (x4>>8) | (x4<<8); + #endif + do { + MUL(x1, *key++); + x2 += *key++; + x3 += *key++; + MUL(x4, *key++ ); + + s3 = x3; + x3 ^= x1; + MUL(x3, *key++); + s2 = x2; + x2 ^=x4; + x2 += x3; + MUL(x2, *key++); + x3 += x2; + + x1 ^= x2; + x4 ^= x3; + + x2 ^= s3; + x3 ^= s2; + } while( --r ); + MUL(x1, *key++); + x3 += *key++; + x2 += *key++; + MUL(x4, *key); + + out = (u16*)outbuf; + #ifdef HAVE_LITTLE_ENDIAN + *out++ = (x1>>8) | (x1<<8); + *out++ = (x3>>8) | (x3<<8); + *out++ = (x2>>8) | (x2<<8); + *out = (x4>>8) | (x4<<8); + #else + *out++ = x1; + *out++ = x3; + *out++ = x2; + *out = x4; + #endif + #undef MUL +} + + +void +gost_setkey( GOST_context *c, byte *key ) +{ + expand_key( key, c->ek ); + invert_key( c->ek, c->dk ); +} + +void +gost_setiv( GOST_context *c, byte *iv ) +{ + memcpy( c->iv, iv, GOST_BLOCKSIZE ); +} + + +void +gost_encode( GOST_context *c, byte *outbuf, byte *inbuf, unsigned nblocks ) +{ + unsigned n; + + for(n=0; n < nblocks; n++ ) { + cipher( inbuf, outbuf, c->ek ); + inbuf += 8; + outbuf += 8; + } +} + + +void +gost_decode( GOST_context *c, byte *outbuf, byte *inbuf, unsigned nblocks ) +{ + unsigned n; + + for(n=0; n < nblocks; n++ ) { + cipher( inbuf, outbuf, c->dk ); + inbuf += 8; + outbuf += 8; + } +} + + +static void +cfbshift( byte *iv, byte *buf, unsigned count) +{ + unsigned n; + + if( count ) { + for( n = GOST_BLOCKSIZE - count; n; n--, iv++ ) + *iv = iv[count]; + for( ; count; count-- ) + *iv++ = *buf++; + } +} + + +/**************** + * FIXME: Make use of bigger chunks + */ +static void +xorblock( byte *out, byte *a, byte *b, unsigned count ) +{ + for( ; count ; count--, a++, b++ ) + *out++ = *a ^ *b ; +} + + +void +gost_encode_cfb( GOST_context *c, byte *outbuf, byte *inbuf, unsigned nbytes) +{ + byte temp[GOST_BLOCKSIZE]; + + while( nbytes >= GOST_BLOCKSIZE ) { + cipher( c->iv, temp, c->ek ); + xorblock( outbuf, inbuf, temp, GOST_BLOCKSIZE); + cfbshift( c->iv, outbuf, GOST_BLOCKSIZE ); + nbytes -= GOST_BLOCKSIZE; + inbuf += GOST_BLOCKSIZE; + outbuf += GOST_BLOCKSIZE; + } + if( nbytes ) { + cipher( c->iv, temp, c->ek ); + xorblock( outbuf, inbuf, temp, nbytes ); + cfbshift( c->iv, outbuf, nbytes ); + } +} + + +void +gost_decode_cfb( GOST_context *c, byte *outbuf, byte *inbuf, unsigned nbytes) +{ + byte temp[GOST_BLOCKSIZE]; + + while( nbytes >= GOST_BLOCKSIZE ) { + cipher( c->iv, temp, c->ek ); + cfbshift( c->iv, inbuf, GOST_BLOCKSIZE ); + xorblock( outbuf, inbuf, temp, GOST_BLOCKSIZE); + nbytes -= GOST_BLOCKSIZE; + inbuf += GOST_BLOCKSIZE; + outbuf += GOST_BLOCKSIZE; + } + if( nbytes ) { + cipher( c->iv, temp, c->ek ); + cfbshift( c->iv, inbuf, nbytes ); + xorblock( outbuf, inbuf, temp, nbytes ); + } +} + diff --git a/cipher/gost.h b/cipher/gost.h new file mode 100644 index 000000000..d0f4186e3 --- /dev/null +++ b/cipher/gost.h @@ -0,0 +1,46 @@ +/* gost.h + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ +#ifndef G10_GOST_H +#define G10_GOST_H + +#include "types.h" + +#define GOST_KEYSIZE 16 +#define GOST_BLOCKSIZE 8 +#define GOST_ROUNDS 8 +#define GOST_KEYLEN (6*GOST_ROUNDS+4) + +typedef struct { + u16 ek[GOST_KEYLEN]; + u16 dk[GOST_KEYLEN]; + byte iv[GOST_BLOCKSIZE]; +} GOST_context; + +void gost_setkey( GOST_context *c, byte *key ); +void gost_setiv( GOST_context *c, byte *iv ); +void gost_encode( GOST_context *c, byte *out, byte *in, unsigned nblocks ); +void gost_decode( GOST_context *c, byte *out, byte *in, unsigned nblocks ); +void gost_encode_cfb( GOST_context *c, byte *outbuf, + byte *inbuf, unsigned nbytes); +void gost_decode_cfb( GOST_context *c, byte *outbuf, + byte *inbuf, unsigned nbytes); + + +#endif /*G10_GOST_H*/ diff --git a/cipher/idea.c b/cipher/idea.c new file mode 100644 index 000000000..3d1b01a98 --- /dev/null +++ b/cipher/idea.c @@ -0,0 +1,352 @@ +/* idea.c - IDEA function + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * ATTENTION: This code patented and needs a license for any commercial use. + * + * The code herin is take from: + * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. + * ISBN 0-471-11709-9. . + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "util.h" +#include "types.h" +#include "idea.h" + + + +static u16 +mul_inv( u16 x ) +{ + u16 t0, t1; + u16 q, y; + + if( x < 2 ) + return x; + t1 = 0x10001L / x; + y = 0x10001L % x; + if( y == 1 ) + return (1-t1) & 0xffff; + + t0 = 1; + do { + q = x / y; + x = x % y; + t0 += q * t1; + if( x == 1 ) + return t0; + q = y / x; + y = y % x; + t1 += q * t0; + } while( y != 1 ); + return (1-t1) & 0xffff; +} + + + +static void +expand_key( byte *userkey, u16 *ek ) +{ + int i,j; + + for(j=0; j < 8; j++ ) { + ek[j] = (*userkey << 8) + userkey[1]; + userkey += 2; + } + for(i=0; j < IDEA_KEYLEN; j++ ) { + i++; + ek[i+7] = ek[i&7] << 9 | ek[(i+1)&7] >> 7; + ek += i & 8; + i &= 7; + } +} + + +static void +invert_key( u16 *ek, u16 dk[IDEA_KEYLEN] ) +{ + int i; + u16 t1, t2, t3; + u16 temp[IDEA_KEYLEN]; + u16 *p = temp + IDEA_KEYLEN; + + t1 = mul_inv( *ek++ ); + t2 = -*ek++; + t3 = -*ek++; + *--p = mul_inv( *ek++ ); + *--p = t3; + *--p = t2; + *--p = t1; + + for(i=0; i < IDEA_ROUNDS-1; i++ ) { + t1 = *ek++; + *--p = *ek++; + *--p = t1; + + t1 = mul_inv( *ek++ ); + t2 = -*ek++; + t3 = -*ek++; + *--p = mul_inv( *ek++ ); + *--p = t3; + *--p = t2; + *--p = t1; + } + t1 = *ek++; + *--p = *ek++; + *--p = t1; + + t1 = mul_inv( *ek++ ); + t2 = -*ek++; + t3 = -*ek++; + *--p = mul_inv( *ek++ ); + *--p = t3; + *--p = t2; + *--p = t1; + memcpy(dk, temp, sizeof(temp) ); + memset(temp, 0, sizeof(temp) ); /* burn temp */ +} + + +static void +cipher( byte *outbuf, byte *inbuf, u16 *key ) +{ + u16 x1, x2, x3,x4, s2, s3; + u16 *in, *out; + int r = IDEA_ROUNDS; + #define MUL(x,y) \ + do {u16 _t16; u32 _t32; \ + if( (_t16 = (y)) ) { \ + if( (x = (x)&0xffff) ) { \ + _t32 = (u32)x * _t16; \ + x = _t32 & 0xffff; \ + _t16 = _t32 >> 16; \ + x = ((x)-_t16) + (x<_t16?1:0); \ + } \ + else { \ + x = 1 - _t16; \ + } \ + } \ + else { \ + x = 1 - x; \ + } \ + } while(0) + + in = (u16*)inbuf; + x1 = *in++; + x2 = *in++; + x3 = *in++; + x4 = *in; + #ifdef HAVE_LITTLE_ENDIAN + x1 = (x1>>8) | (x1<<8); + x2 = (x2>>8) | (x2<<8); + x3 = (x3>>8) | (x3<<8); + x4 = (x4>>8) | (x4<<8); + #endif + do { + MUL(x1, *key++); + x2 += *key++; + x3 += *key++; + MUL(x4, *key++ ); + + s3 = x3; + x3 ^= x1; + MUL(x3, *key++); + s2 = x2; + x2 ^=x4; + x2 += x3; + MUL(x2, *key++); + x3 += x2; + + x1 ^= x2; + x4 ^= x3; + + x2 ^= s3; + x3 ^= s2; + } while( --r ); + MUL(x1, *key++); + x3 += *key++; + x2 += *key++; + MUL(x4, *key); + + out = (u16*)outbuf; + #ifdef HAVE_LITTLE_ENDIAN + *out++ = (x1>>8) | (x1<<8); + *out++ = (x3>>8) | (x3<<8); + *out++ = (x2>>8) | (x2<<8); + *out = (x4>>8) | (x4<<8); + #else + *out++ = x1; + *out++ = x3; + *out++ = x2; + *out = x4; + #endif + #undef MUL +} + + +void +idea_setkey( IDEA_context *c, byte *key ) +{ + expand_key( key, c->ek ); + invert_key( c->ek, c->dk ); +} + +void +idea_setiv( IDEA_context *c, byte *iv ) +{ + if( iv ) + memcpy( c->iv, iv, IDEA_BLOCKSIZE ); + else + memset( c->iv, 0, IDEA_BLOCKSIZE ); + c->nleft = 0; +} + + +void +idea_encode( IDEA_context *c, byte *outbuf, byte *inbuf, unsigned nblocks ) +{ + unsigned n; + + for(n=0; n < nblocks; n++ ) { + cipher( outbuf, inbuf, c->ek ); + inbuf += 8; + outbuf += 8; + } +} + + +void +idea_decode( IDEA_context *c, byte *outbuf, byte *inbuf, unsigned nblocks ) +{ + unsigned n; + + for(n=0; n < nblocks; n++ ) { + cipher( outbuf, inbuf, c->dk ); + inbuf += 8; + outbuf += 8; + } +} + + +static void +cfbshift( byte *iv, byte *buf, unsigned count) +{ + unsigned n; + + if( count ) { + for( n = IDEA_BLOCKSIZE - count; n; n-- ) + *iv++ = iv[count]; + for( ; count; count-- ) + *iv++ = *buf++; + } +} + + +/**************** + * FIXME: Make use of bigger chunks + */ +static void +xorblock( byte *out, byte *a, byte *b, unsigned count ) +{ + for( ; count ; count--, a++, b++ ) + *out++ = *a ^ *b ; +} + + +void +idea_encode_cfb( IDEA_context *c, byte *outbuf, byte *inbuf, unsigned nbytes) +{ + byte temp[IDEA_BLOCKSIZE]; + + while( nbytes >= IDEA_BLOCKSIZE ) { + cipher( temp, c->iv, c->ek ); + xorblock( outbuf, inbuf, temp, IDEA_BLOCKSIZE); + cfbshift( c->iv, outbuf, IDEA_BLOCKSIZE ); + nbytes -= IDEA_BLOCKSIZE; + inbuf += IDEA_BLOCKSIZE; + outbuf += IDEA_BLOCKSIZE; + } + if( nbytes ) { + cipher( temp, c->iv, c->ek ); + xorblock( outbuf, inbuf, temp, nbytes ); + cfbshift( c->iv, outbuf, nbytes ); + } +} + + +void +idea_decode_cfb( IDEA_context *c, byte *outbuf, byte *inbuf, unsigned nbytes) +{ + byte t, *ivptr; + + ivptr = c->iv + IDEA_BLOCKSIZE - c->nleft; + if( nbytes <= c->nleft ) { + c->nleft -= nbytes; + for( ; nbytes ; nbytes--, ivptr++, inbuf++ ) { + t = *ivptr; + *outbuf++ = t ^ (*ivptr = *inbuf) ; + } + return; + } + + nbytes -= c->nleft; + for( ; c->nleft ; c->nleft--, ivptr++, inbuf++ ) { + t = *ivptr; + *outbuf++ = t ^ (*ivptr = *inbuf) ; + } + + while( nbytes >= IDEA_BLOCKSIZE ) { + memcpy(c->lastcipher, c->iv, IDEA_BLOCKSIZE); + cipher( c->iv, c->iv, c->ek ); + c->nleft = IDEA_BLOCKSIZE; + nbytes -= IDEA_BLOCKSIZE; + ivptr = c->iv; + for( ; c->nleft; c->nleft--, ivptr++, inbuf++ ) { + t = *ivptr; + *outbuf++ = t ^ (*ivptr = *inbuf) ; + } + } + memcpy(c->lastcipher, c->iv, IDEA_BLOCKSIZE); + cipher( c->iv, c->iv, c->ek ); + c->nleft = IDEA_BLOCKSIZE - nbytes; + ivptr = c->iv; + for( ; nbytes; nbytes--, ivptr++, inbuf++ ) { + t = *ivptr; + *outbuf++ = t ^ (*ivptr = *inbuf) ; + } +} + + +/**************** + * This is used for the special way IDEA CFB is used in PGP + */ +void +idea_sync_cfb( IDEA_context *c ) +{ + if( c->nleft ) { + memmove(c->iv + c->nleft, c->iv, IDEA_BLOCKSIZE - c->nleft ); + memcpy(c->iv, c->lastcipher + IDEA_BLOCKSIZE - c->nleft, c->nleft); + c->nleft = 0; + } +} + + diff --git a/cipher/idea.h b/cipher/idea.h new file mode 100644 index 000000000..efebf5a56 --- /dev/null +++ b/cipher/idea.h @@ -0,0 +1,51 @@ +/* idea.h + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * ATTENTION: This code patented and needs a license for any commercial use. + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ +#ifndef G10_IDEA_H +#define G10_IDEA_H + +#include "types.h" + +#define IDEA_KEYSIZE 16 +#define IDEA_BLOCKSIZE 8 +#define IDEA_ROUNDS 8 +#define IDEA_KEYLEN (6*IDEA_ROUNDS+4) + +typedef struct { + u16 ek[IDEA_KEYLEN]; + u16 dk[IDEA_KEYLEN]; + byte iv[IDEA_BLOCKSIZE]; + byte lastcipher[IDEA_BLOCKSIZE]; + int nleft; +} IDEA_context; + +void idea_setkey( IDEA_context *c, byte *key ); +void idea_setiv( IDEA_context *c, byte *iv ); +void idea_encode( IDEA_context *c, byte *out, byte *in, unsigned nblocks ); +void idea_decode( IDEA_context *c, byte *out, byte *in, unsigned nblocks ); +void idea_encode_cfb( IDEA_context *c, byte *outbuf, + byte *inbuf, unsigned nbytes); +void idea_decode_cfb( IDEA_context *c, byte *outbuf, + byte *inbuf, unsigned nbytes); +void idea_sync_cfb( IDEA_context *c ); + + +#endif /*G10_IDEA_H*/ diff --git a/cipher/md5.c b/cipher/md5.c new file mode 100644 index 000000000..98429ab77 --- /dev/null +++ b/cipher/md5.c @@ -0,0 +1,420 @@ +/* md5.c - MD5 Message-Digest Algorithm + * Copyright (c) 1994 by Werner Koch (dd9jn) + * + * This is a hacked version from WkLib + * + * This file is part of WkLib. + * + * WkLib is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * WkLib is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + *********************************************************************** + ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** + ** ** + ** License to copy and use this software is granted provided that ** + ** it is identified as the "RSA Data Security, Inc. MD5 Message- ** + ** Digest Algorithm" in all material mentioning or referencing this ** + ** software or this function. ** + ** ** + ** License is also granted to make and use derivative works ** + ** provided that such works are identified as "derived from the RSA ** + ** Data Security, Inc. MD5 Message-Digest Algorithm" in all ** + ** material mentioning or referencing the derived work. ** + ** ** + ** RSA Data Security, Inc. makes no representations concerning ** + ** either the merchantability of this software or the suitability ** + ** of this software for any particular purpose. It is provided "as ** + ** is" without express or implied warranty of any kind. ** + ** ** + ** These notices must be retained in any copies of any part of this ** + ** documentation and/or software. ** + *********************************************************************** + * + * History: + * 16.01.95 wk now uses generic base-64 support + * 24.01.95 wk changed back to original base-64 coding, because + * the generic base-64 support was changed to go conform + * with RFC1113 ! + */ + + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include "util.h" +#include "md5.h" +#include "memory.h" + + +#if __WATCOMC__ && defined(M_I86) + /* 16-Bit Compiler breaks Code in Function Transform() */ + /* (at least when compiling for windows) */ + #ifndef __SW_OD + #error must be compiled without optimizations + #endif +#endif + + +static void Init( MD5HANDLE mdContext); +static void Transform(u32 *buf,u32 *in); + +static byte PADDING[64] = { + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; + +/* F, G, H and I are basic MD5 functions */ +#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) +#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) +#define H(x, y, z) ((x) ^ (y) ^ (z)) +#define I(x, y, z) ((y) ^ ((x) | (~z))) + +/* ROTATE_LEFT rotates x left n bits */ +#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) + +/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */ +/* Rotation is separate from addition to prevent recomputation */ +#define FF(a, b, c, d, x, s, ac) \ + {(a) += F ((b), (c), (d)) + (x) + (u32)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define GG(a, b, c, d, x, s, ac) \ + {(a) += G ((b), (c), (d)) + (x) + (u32)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define HH(a, b, c, d, x, s, ac) \ + {(a) += H ((b), (c), (d)) + (x) + (u32)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define II(a, b, c, d, x, s, ac) \ + {(a) += I ((b), (c), (d)) + (x) + (u32)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } + +/* The routine Init initializes the message-digest context + * mdContext. All fields are set to zero. + * mode should be zero is reserved for extensions. + */ + +MD5HANDLE +md5_open(int secure) +{ + MD5HANDLE mdContext; + + mdContext = secure? m_alloc_secure( sizeof *mdContext ) + : m_alloc( sizeof *mdContext ); + Init(mdContext); + return mdContext; +} + + +MD5HANDLE +md5_copy( MD5HANDLE a ) +{ + MD5HANDLE mdContext; + + assert(a); + mdContext = m_is_secure(a)? m_alloc_secure( sizeof *mdContext ) + : m_alloc( sizeof *mdContext ); + memcpy( mdContext, a, sizeof *a ); + return mdContext; +} + +void +md5_close(MD5HANDLE hd) +{ + if( hd ) + m_free(hd); +} + + +static void +Init( MD5HANDLE mdContext) +{ + mdContext->i[0] = mdContext->i[1] = (u32)0; + /* Load magic initialization constants. + */ + mdContext->buf[0] = (u32)0x67452301L; + mdContext->buf[1] = (u32)0xefcdab89L; + mdContext->buf[2] = (u32)0x98badcfeL; + mdContext->buf[3] = (u32)0x10325476L; + mdContext->bufcount = 0; +} + +/* The routine Update updates the message-digest context to + * account for the presence of each of the characters inBuf[0..inLen-1] + * in the message whose digest is being computed. + */ +void +md5_write( MD5HANDLE mdContext, byte *inBuf, size_t inLen) +{ + register int i, ii; + int mdi; + u32 in[16]; + + if(mdContext->bufcount) { /* flush the buffer */ + i = mdContext->bufcount; + mdContext->bufcount = 0; + md5_write( mdContext, mdContext->digest, i); + } + if( !inBuf ) + return; + + /* compute number of bytes mod 64 */ + mdi = (int)((mdContext->i[0] >> 3) & 0x3F); + + /* update number of bits */ + if((mdContext->i[0] + ((u32)inLen << 3)) < mdContext->i[0]) + mdContext->i[1]++; + mdContext->i[0] += ((u32)inLen << 3); + mdContext->i[1] += ((u32)inLen >> 29); + + while(inLen--) { + /* add new character to buffer, increment mdi */ + mdContext->in[mdi++] = *inBuf++; + + /* transform if necessary */ + if( mdi == 0x40 ) { + for(i = 0, ii = 0; i < 16; i++, ii += 4) + in[i] = (((u32)mdContext->in[ii+3]) << 24) | + (((u32)mdContext->in[ii+2]) << 16) | + (((u32)mdContext->in[ii+1]) << 8) | + ((u32)mdContext->in[ii]); + Transform(mdContext->buf, in); + mdi = 0; + } + } +} + + +/**************** + * Process a single character, this character will be buffered to + * increase performance. The digest-field is used as a buffer. + */ + +void +md5_putchar( MD5HANDLE mdContext, int c ) +{ + if(mdContext->bufcount == 16) + md5_write( mdContext, NULL, 0 ); + mdContext->digest[mdContext->bufcount++] = c & 0xff; +} + + + +/* The routine final terminates the message-digest computation and + * ends with the desired message digest in mdContext->digest[0...15]. + * The handle is prepared for a new MD5 cycle. + * Returns 16 bytes representing the digest. + */ + +void +md5_final(MD5HANDLE mdContext) +{ + u32 in[16]; + int mdi; + unsigned int i, ii; + unsigned int padLen; + + if(mdContext->bufcount) /* flush buffer */ + md5_write(mdContext, NULL, 0 ); + /* save number of bits */ + in[14] = mdContext->i[0]; + in[15] = mdContext->i[1]; + + /* compute number of bytes mod 64 */ + mdi = (int)((mdContext->i[0] >> 3) & 0x3F); + + /* pad out to 56 mod 64 */ + padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi); + md5_write(mdContext, PADDING, padLen); + + /* append length in bits and transform */ + for(i = 0, ii = 0; i < 14; i++, ii += 4) + in[i] = (((u32)mdContext->in[ii+3]) << 24) | + (((u32)mdContext->in[ii+2]) << 16) | + (((u32)mdContext->in[ii+1]) << 8) | + ((u32)mdContext->in[ii]); + Transform(mdContext->buf, in); + + /* store buffer in digest */ + for(i = 0, ii = 0; i < 4; i++, ii += 4) { + mdContext->digest[ii] = (byte)(mdContext->buf[i] & 0xFF); + mdContext->digest[ii+1] = (byte)((mdContext->buf[i] >> 8) & 0xFF); + mdContext->digest[ii+2] = (byte)((mdContext->buf[i] >> 16) & 0xFF); + mdContext->digest[ii+3] = (byte)((mdContext->buf[i] >> 24) & 0xFF); + } + Init(mdContext); +} + +/********** + * Returns 16 bytes representing the digest. + */ +byte * +md5_read(MD5HANDLE mdContext) +{ + return mdContext->digest; +} + + + +/**************** + * Converts the result form Read into a printable representation. + * This should only be used direct after a md5_read(), because it uses + * In-Place conversion. + * Returns digest. + */ + +char * +md5_tostring( byte *digest ) +{ + static byte bintoasc[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ." + "abcdefghijklmnopqrstuvwxyz_" + "0123456789"; + int i; + byte *d, *s; + + memmove(digest+8,digest, 16); /* make some room */ + d = digest; + s = digest+8; + for(i=0; i < 5; i++, s += 3 ) { + *d++ = bintoasc[(*s >> 2) & 077]; + *d++ = bintoasc[(((*s << 4) & 060) | ((s[1] >> 4) & 017)) & 077]; + *d++ = bintoasc[(((s[1] << 2) & 074) | ((s[2] >> 6) & 03)) & 077]; + *d++ = bintoasc[s[2] & 077]; + } + *d++ = bintoasc[(*s >> 2) & 077]; + *d++ = bintoasc[((*s << 4) & 060) & 077]; + *d = 0; + return (char*)digest; +} + + +/* Basic MD5 step. Transforms buf based on in. Note that if the Mysterious + * Constants are arranged backwards in little-endian order and decrypted with + * the DES they produce OCCULT MESSAGES! + */ +static void +Transform(register u32 *buf,register u32 *in) +{ + register u32 a = buf[0], b = buf[1], c = buf[2], d = buf[3]; + + /* Round 1 */ +#define S11 7 +#define S12 12 +#define S13 17 +#define S14 22 + FF ( a, b, c, d, in[ 0], S11, 0xD76AA478L); /* 1 */ + FF ( d, a, b, c, in[ 1], S12, 0xE8C7B756L); /* 2 */ + FF ( c, d, a, b, in[ 2], S13, 0x242070DBL); /* 3 */ + FF ( b, c, d, a, in[ 3], S14, 0xC1BDCEEEL); /* 4 */ + FF ( a, b, c, d, in[ 4], S11, 0xF57C0FAFL); /* 5 */ + FF ( d, a, b, c, in[ 5], S12, 0x4787C62AL); /* 6 */ + FF ( c, d, a, b, in[ 6], S13, 0xA8304613L); /* 7 */ + FF ( b, c, d, a, in[ 7], S14, 0xFD469501L); /* 8 */ + FF ( a, b, c, d, in[ 8], S11, 0x698098D8L); /* 9 */ + FF ( d, a, b, c, in[ 9], S12, 0x8B44F7AFL); /* 10 */ + FF ( c, d, a, b, in[10], S13, 0xFFFF5BB1L); /* 11 */ + FF ( b, c, d, a, in[11], S14, 0x895CD7BEL); /* 12 */ + FF ( a, b, c, d, in[12], S11, 0x6B901122L); /* 13 */ + FF ( d, a, b, c, in[13], S12, 0xFD987193L); /* 14 */ + FF ( c, d, a, b, in[14], S13, 0xA679438EL); /* 15 */ + FF ( b, c, d, a, in[15], S14, 0x49B40821L); /* 16 */ + + /* Round 2 */ +#define S21 5 +#define S22 9 +#define S23 14 +#define S24 20 + GG ( a, b, c, d, in[ 1], S21, 0xF61E2562L); /* 17 */ + GG ( d, a, b, c, in[ 6], S22, 0xC040B340L); /* 18 */ + GG ( c, d, a, b, in[11], S23, 0x265E5A51L); /* 19 */ + GG ( b, c, d, a, in[ 0], S24, 0xE9B6C7AAL); /* 20 */ + GG ( a, b, c, d, in[ 5], S21, 0xD62F105DL); /* 21 */ + GG ( d, a, b, c, in[10], S22, 0x02441453L); /* 22 */ + GG ( c, d, a, b, in[15], S23, 0xD8A1E681L); /* 23 */ + GG ( b, c, d, a, in[ 4], S24, 0xE7D3FBC8L); /* 24 */ + GG ( a, b, c, d, in[ 9], S21, 0x21E1CDE6L); /* 25 */ + GG ( d, a, b, c, in[14], S22, 0xC33707D6L); /* 26 */ + GG ( c, d, a, b, in[ 3], S23, 0xF4D50D87L); /* 27 */ + GG ( b, c, d, a, in[ 8], S24, 0x455A14EDL); /* 28 */ + GG ( a, b, c, d, in[13], S21, 0xA9E3E905L); /* 29 */ + GG ( d, a, b, c, in[ 2], S22, 0xFCEFA3F8L); /* 30 */ + GG ( c, d, a, b, in[ 7], S23, 0x676F02D9L); /* 31 */ + GG ( b, c, d, a, in[12], S24, 0x8D2A4C8AL); /* 32 */ + + /* Round 3 */ +#define S31 4 +#define S32 11 +#define S33 16 +#define S34 23 + HH ( a, b, c, d, in[ 5], S31, 0xFFFA3942L); /* 33 */ + HH ( d, a, b, c, in[ 8], S32, 0x8771F681L); /* 34 */ + HH ( c, d, a, b, in[11], S33, 0x6D9D6122L); /* 35 */ + HH ( b, c, d, a, in[14], S34, 0xFDE5380CL); /* 36 */ + HH ( a, b, c, d, in[ 1], S31, 0xA4BEEA44L); /* 37 */ + HH ( d, a, b, c, in[ 4], S32, 0x4BDECFA9L); /* 38 */ + HH ( c, d, a, b, in[ 7], S33, 0xF6BB4B60L); /* 39 */ + HH ( b, c, d, a, in[10], S34, 0xBEBFBC70L); /* 40 */ + HH ( a, b, c, d, in[13], S31, 0x289B7EC6L); /* 41 */ + HH ( d, a, b, c, in[ 0], S32, 0xEAA127FAL); /* 42 */ + HH ( c, d, a, b, in[ 3], S33, 0xD4EF3085L); /* 43 */ + HH ( b, c, d, a, in[ 6], S34, 0x04881D05L); /* 44 */ + HH ( a, b, c, d, in[ 9], S31, 0xD9D4D039L); /* 45 */ + HH ( d, a, b, c, in[12], S32, 0xE6DB99E5L); /* 46 */ + HH ( c, d, a, b, in[15], S33, 0x1FA27CF8L); /* 47 */ + HH ( b, c, d, a, in[ 2], S34, 0xC4AC5665L); /* 48 */ + + /* Round 4 */ +#define S41 6 +#define S42 10 +#define S43 15 +#define S44 21 + II ( a, b, c, d, in[ 0], S41, 0xF4292244L); /* 49 */ + II ( d, a, b, c, in[ 7], S42, 0x432AFF97L); /* 50 */ + II ( c, d, a, b, in[14], S43, 0xAB9423A7L); /* 51 */ + II ( b, c, d, a, in[ 5], S44, 0xFC93A039L); /* 52 */ + II ( a, b, c, d, in[12], S41, 0x655B59C3L); /* 53 */ + II ( d, a, b, c, in[ 3], S42, 0x8F0CCC92L); /* 54 */ + II ( c, d, a, b, in[10], S43, 0xFFEFF47DL); /* 55 */ + II ( b, c, d, a, in[ 1], S44, 0x85845DD1L); /* 56 */ + II ( a, b, c, d, in[ 8], S41, 0x6FA87E4FL); /* 57 */ + II ( d, a, b, c, in[15], S42, 0xFE2CE6E0L); /* 58 */ + II ( c, d, a, b, in[ 6], S43, 0xA3014314L); /* 59 */ + II ( b, c, d, a, in[13], S44, 0x4E0811A1L); /* 60 */ + II ( a, b, c, d, in[ 4], S41, 0xF7537E82L); /* 61 */ + II ( d, a, b, c, in[11], S42, 0xBD3AF235L); /* 62 */ + II ( c, d, a, b, in[ 2], S43, 0x2AD7D2BBL); /* 63 */ + II ( b, c, d, a, in[ 9], S44, 0xEB86D391L); /* 64 */ + + buf[0] += a; + buf[1] += b; + buf[2] += c; + buf[3] += d; +} + + + +/* end of file */ diff --git a/cipher/md5.h b/cipher/md5.h new file mode 100644 index 000000000..fa401a162 --- /dev/null +++ b/cipher/md5.h @@ -0,0 +1,44 @@ +/* md5.h - message digest 5 + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ +#ifndef G10_MD5_H +#define G10_MD5_H + +#include "types.h" + +typedef struct { + u32 i[2]; /* number of _bits_ handled mod 2^64 */ + u32 buf[4]; /* scratch buffer */ + byte in[64]; /* input buffer */ + byte digest[16+8+1]; /* actual digest after Final call */ + byte bufcount; /* extra room for bintoascii */ +} *MD5HANDLE; + +/*-- md5.c --*/ +MD5HANDLE md5_open(int); +MD5HANDLE md5_copy(MD5HANDLE a); +void md5_write(MD5HANDLE hd, byte *inBuf, size_t inLen); +void md5_putchar(MD5HANDLE hd, int c ); +void md5_final(MD5HANDLE hd); +byte *md5_read(MD5HANDLE hd); +char *md5_tostring( byte *digest ); +void md5_close(MD5HANDLE hd); + + +#endif /*G10_MD5_H*/ diff --git a/cipher/primegen.c b/cipher/primegen.c new file mode 100644 index 000000000..07d83d831 --- /dev/null +++ b/cipher/primegen.c @@ -0,0 +1,152 @@ +/* primegen.c - prime number generator + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include "util.h" +#include "mpi.h" +#include "cipher.h" + +static int no_of_small_prime_numbers; +static int rabin_miller( MPI n ); + + +/**************** + * Generate a prime number (stored in secure memory) + */ +MPI +generate_random_prime( unsigned nbits ) +{ + + unsigned nlimbs; + MPI prime, val_2, val_3, result; + int i; + unsigned x, step; + unsigned count1, count2; + int *mods; + + if( DBG_CIPHER ) + log_debug("generate a prime of %u bits ", nbits ); + + if( !no_of_small_prime_numbers ) { + for(i=0; small_prime_numbers[i]; i++ ) + no_of_small_prime_numbers++; + } + mods = m_alloc( no_of_small_prime_numbers * sizeof *mods ); + /* make nbits fit into MPI implementation */ + nlimbs = (nbits + BITS_PER_MPI_LIMB - 1) / BITS_PER_MPI_LIMB; + assert( nlimbs ); + val_2 = mpi_alloc( nlimbs ); + mpi_set_ui(val_2, 2); + val_3 = mpi_alloc( nlimbs ); + mpi_set_ui(val_3, 3); + result = mpi_alloc( nlimbs ); + prime = mpi_alloc_secure( nlimbs ); + count1 = count2 = 0; + /* enter (endless) loop */ + for(;;) { + /* generate a random number */ + mpi_set_bytes( prime, nbits, get_random_byte, 2 ); + /* set high order bit to 1, set low order bit to 1 */ + mpi_set_bit( prime, nbits-1 ); + mpi_set_bit( prime, 0 ); + + /* calculate all remainders */ + for(i=0; (x = small_prime_numbers[i]); i++ ) + mods[i] = mpi_fdiv_r_ui(NULL, prime, x); + + for(step=0; step < 20000; step += 2 ) { + /* check against all the small primes we have in mods */ + count1++; + for(i=0; (x = small_prime_numbers[i]); i++ ) { + while( mods[i] + step >= x ) + mods[i] -= x; + if( !(mods[i] + step) ) + break; + } + if( x ) + continue; /* found a multiple of a already known prime */ + if( DBG_CIPHER ) + fputc('.', stderr); + + mpi_add_ui( prime, prime, step ); + + /* do a Fermat test */ + count2++; + mpi_powm( result, val_2, prime, prime ); + if( mpi_cmp_ui(result, 2) ) + continue; /* stepping (fermat test failed) */ + if( DBG_CIPHER ) + fputc('+', stderr); + /* and a second one */ + count2++; + mpi_powm( result, val_3, prime, prime ); + if( mpi_cmp_ui(result, 3) ) + continue; /* stepping (fermat test failed) */ + if( DBG_CIPHER ) + fputc('+', stderr); + + /* perform Rabin-Miller tests */ + for(i=5; i > 0; i-- ) { + if( DBG_CIPHER ) + fputc('+', stderr); + if( rabin_miller(prime) ) + break; + } + if( !i ) { + if( !mpi_test_bit( prime, nbits-1 ) ) { + if( DBG_CIPHER ) { + fputc('\n', stderr); + log_debug("overflow in prime generation\n"); + break; /* step loop, cont with a new prime */ + } + } + if( DBG_CIPHER ) { + fputc('\n', stderr); + log_debug("performed %u simple and %u Fermat/Rabin-Miller tests\n", + count1, count2 ); + log_mpidump("found prime: ", prime ); + } + + mpi_free(val_2); + mpi_free(val_3); + mpi_free(result); + m_free(mods); + return prime; + } + } + if( DBG_CIPHER ) + fputc(':', stderr); /* restart with a new random value */ + } +} + + +/**************** + * Return 1 if n is not a prime + */ +static int +rabin_miller( MPI n ) +{ + return 0; +} + diff --git a/cipher/random.c b/cipher/random.c new file mode 100644 index 000000000..73a9a3ebf --- /dev/null +++ b/cipher/random.c @@ -0,0 +1,67 @@ +/* random.c - random number generator + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> +#include "util.h" +#include "cipher.h" + +static struct { + int level; + int len; + byte buffer[100]; /* fixme: should this be allocated in secure space? */ +} cache; + +/**************** + * Fill the buffer with LENGTH bytes of cryptologic strong + * random bytes. level 0 is not very strong, 1 is strong enough + * for most usage, 2 is good for key generation stuff but may be very slow. + */ +void +randomize_buffer( byte *buffer, size_t length, int level ) +{ + FILE *fp; + + if( level == 2 ) + level = 1; /* 2 is much too slow */ + fp = fopen(level < 2? "/dev/urandom":"/dev/random", "r"); + if( !fp ) + log_fatal("can't open random device: %s\n", strerror(errno) ); + for( ; length; length-- ) + *buffer++ = getc(fp); + fclose(fp); +} + + +byte +get_random_byte( int level ) +{ + if( !cache.len || cache.level < level ) { + randomize_buffer(cache.buffer, DIM(cache.buffer), level ); + cache.level = level; + cache.len = DIM(cache.buffer); + } + + return cache.buffer[--cache.len]; +} + + diff --git a/cipher/rmd.h b/cipher/rmd.h new file mode 100644 index 000000000..3d260cdca --- /dev/null +++ b/cipher/rmd.h @@ -0,0 +1,51 @@ +/* rmd.h - RIPE-MD hash functions + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ +#ifndef G10_RMD_H +#define G10_RMD_H + +#include "types.h" + +typedef struct { + u32 h0,h1,h2,h3,h4; + u32 nblocks; + byte buffer[64]; + int bufcount; +} *RMDHANDLE; + + +/**************** + * Process a single character, this character will be buffered to + * increase performance. + */ +#define rmd160_putchar(h,c) \ + do { \ + if( (h)->bufcount == 64 ) \ + rmd160_write( (h), NULL, 0 ); \ + (h)->buffer[(h)->bufcount++] = (c) & 0xff; \ + } while(0) + +RMDHANDLE rmd160_open( int secure ); +RMDHANDLE rmd160_copy( RMDHANDLE a ); +void rmd160_close(RMDHANDLE hd); +void rmd160_write( RMDHANDLE hd, byte *inbuf, size_t inlen); +byte * rmd160_final(RMDHANDLE hd); + + +#endif /*G10_RMD_H*/ diff --git a/cipher/rmd160.c b/cipher/rmd160.c new file mode 100644 index 000000000..9a882fc5e --- /dev/null +++ b/cipher/rmd160.c @@ -0,0 +1,375 @@ +/* rmd160.c - RIPE-MD160 + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include "util.h" +#include "memory.h" +#include "rmd.h" + +/********************************* + * RIPEMD-160 is not patented, see (as of 25.10.97) + * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html + * Note that the code uses Little Endian byteorder, which is good for + * 386 etc, but we must add some conversion when used on a big endian box. + * + * + * Pseudo-code for RIPEMD-160 + * + * RIPEMD-160 is an iterative hash function that operates on 32-bit words. + * The round function takes as input a 5-word chaining variable and a 16-word + * message block and maps this to a new chaining variable. All operations are + * defined on 32-bit words. Padding is identical to that of MD4. + * + * + * RIPEMD-160: definitions + * + * + * nonlinear functions at bit level: exor, mux, -, mux, - + * + * f(j, x, y, z) = x XOR y XOR z (0 <= j <= 15) + * f(j, x, y, z) = (x AND y) OR (NOT(x) AND z) (16 <= j <= 31) + * f(j, x, y, z) = (x OR NOT(y)) XOR z (32 <= j <= 47) + * f(j, x, y, z) = (x AND z) OR (y AND NOT(z)) (48 <= j <= 63) + * f(j, x, y, z) = x XOR (y OR NOT(z)) (64 <= j <= 79) + * + * + * added constants (hexadecimal) + * + * K(j) = 0x00000000 (0 <= j <= 15) + * K(j) = 0x5A827999 (16 <= j <= 31) int(2**30 x sqrt(2)) + * K(j) = 0x6ED9EBA1 (32 <= j <= 47) int(2**30 x sqrt(3)) + * K(j) = 0x8F1BBCDC (48 <= j <= 63) int(2**30 x sqrt(5)) + * K(j) = 0xA953FD4E (64 <= j <= 79) int(2**30 x sqrt(7)) + * K'(j) = 0x50A28BE6 (0 <= j <= 15) int(2**30 x cbrt(2)) + * K'(j) = 0x5C4DD124 (16 <= j <= 31) int(2**30 x cbrt(3)) + * K'(j) = 0x6D703EF3 (32 <= j <= 47) int(2**30 x cbrt(5)) + * K'(j) = 0x7A6D76E9 (48 <= j <= 63) int(2**30 x cbrt(7)) + * K'(j) = 0x00000000 (64 <= j <= 79) + * + * + * selection of message word + * + * r(j) = j (0 <= j <= 15) + * r(16..31) = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8 + * r(32..47) = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12 + * r(48..63) = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2 + * r(64..79) = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 + * r0(0..15) = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12 + * r0(16..31)= 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2 + * r0(32..47)= 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13 + * r0(48..63)= 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14 + * r0(64..79)= 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 + * + * + * amount for rotate left (rol) + * + * s(0..15) = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8 + * s(16..31) = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12 + * s(32..47) = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5 + * s(48..63) = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12 + * s(64..79) = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 + * s'(0..15) = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6 + * s'(16..31)= 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11 + * s'(32..47)= 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5 + * s'(48..63)= 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8 + * s'(64..79)= 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 + * + * + * initial value (hexadecimal) + * + * h0 = 0x67452301; h1 = 0xEFCDAB89; h2 = 0x98BADCFE; h3 = 0x10325476; + * h4 = 0xC3D2E1F0; + * + * + * RIPEMD-160: pseudo-code + * + * It is assumed that the message after padding consists of t 16-word blocks + * that will be denoted with X[i][j], with 0 <= i <= t-1 and 0 <= j <= 15. + * The symbol [+] denotes addition modulo 2**32 and rol_s denotes cyclic left + * shift (rotate) over s positions. + * + * + * for i := 0 to t-1 { + * A := h0; B := h1; C := h2; D = h3; E = h4; + * A' := h0; B' := h1; C' := h2; D' = h3; E' = h4; + * for j := 0 to 79 { + * T := rol_s(j)(A [+] f(j, B, C, D) [+] X[i][r(j)] [+] K(j)) [+] E; + * A := E; E := D; D := rol_10(C); C := B; B := T; + * T := rol_s'(j)(A' [+] f(79-j, B', C', D') [+] X[i][r'(j)] + [+] K'(j)) [+] E'; + * A' := E'; E' := D'; D' := rol_10(C'); C' := B'; B' := T; + * } + * T := h1 [+] C [+] D'; h1 := h2 [+] D [+] E'; h2 := h3 [+] E [+] A'; + * h3 := h4 [+] A [+] B'; h4 := h0 [+] B [+] C'; h0 := T; + * } + */ + +/* Some examples: + * "" 9c1185a5c5e9fc54612808977ee8f548b2258d31 + * "a" 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe + * "abc" 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc + * "message digest" 5d0689ef49d2fae572b881b123a85ffa21595f36 + * "a...z" f71c27109c692c1b56bbdceb5b9d2865b3708dbc + * "abcdbcde...nopq" 12a053384a9c0c88e405a06c27dcf49ada62eb2b + * "A...Za...z0...9" b0e20b6e3116640286ed3a87a5713079b21f5189 + * 8 times "1234567890" 9b752e45573d4b39f4dbd3323cab82bf63326bfb + * 1 million times "a" 52783243c1697bdbe16d37f97f68f08325dc1528 + */ + + +static void +initialize( RMDHANDLE hd ) +{ + hd->h0 = 0x67452301; + hd->h1 = 0xEFCDAB89; + hd->h2 = 0x98BADCFE; + hd->h3 = 0x10325476; + hd->h4 = 0xC3D2E1F0; + hd->bufcount = 0; + hd->nblocks = 0; +} + + +/**************** + * Transform the message X which consists of 16 32-bit-words + */ +static void +transform( RMDHANDLE hd, u32 *x ) +{ + static int r[80] = { + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8, + 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12, + 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2, + 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 }; + static int rr[80] = { + 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, + 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2, + 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13, + 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14, + 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 }; + static int s[80] = { + 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8, + 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12, + 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5, + 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12, + 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 }; + static int ss[80] = { + 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6, + 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11, + 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5, + 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8, + 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 }; + u32 a,b,c,d,e,aa,bb,cc,dd,ee,t; + int rbits, j; + +#define K(a) ( (a) < 16 ? 0x00000000 : \ + (a) < 32 ? 0x5A827999 : \ + (a) < 48 ? 0x6ED9EBA1 : \ + (a) < 64 ? 0x8F1BBCDC : 0xA953FD4E ) +#define KK(a) ( (a) < 16 ? 0x50A28BE6 : \ + (a) < 32 ? 0x5C4DD124 : \ + (a) < 48 ? 0x6D703EF3 : \ + (a) < 64 ? 0x7A6D76E9 : 0x00000000 ) + +#define F0(x,y,z) ( (x) ^ (y) ^ (z) ) +#define F1(x,y,z) ( ((x) & (y)) | (~(x) & (z)) ) +#define F2(x,y,z) ( ((x) | ~(y)) ^ (z) ) +#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) ) +#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) ) +#define F(a,x,y,z) ( (a) < 16 ? F0((x),(y),(z)) : \ + (a) < 32 ? F1((x),(y),(z)) : \ + (a) < 48 ? F2((x),(y),(z)) : \ + (a) < 64 ? F3((x),(y),(z)) : \ + F4((x),(y),(z)) ) + +#define rol(n,x) ( ((x) << (n)) | ((x) >> (32-(n))) ) + + a = aa = hd->h0; + b = bb = hd->h1; + c = cc = hd->h2; + d = dd = hd->h3; + e = ee = hd->h4; + + for(j=0; j < 80; j++ ) { + t = a + F( j, b, c, d ) + x[ r[j] ] + K(j); + rbits = s[j]; + a = rol(rbits, t) + e; + c = rol(10,c); + t = a; a = e; e = d; d = c; c = b; b = t; + + t = aa + F(79-j, bb, cc, dd ) + x[ rr[j] ] + KK(j); + rbits = ss[j]; + aa = rol(rbits, t) + ee; + cc = rol(10,cc); + t = aa; aa = ee; ee = dd; dd = cc; cc = bb; bb = t; + } + + t = hd->h1 + c + dd; + hd->h1 = hd->h2 + d + ee; + hd->h2 = hd->h3 + e + aa; + hd->h3 = hd->h4 + a + bb; + hd->h4 = hd->h0 + b + cc; + hd->h0 = t; +} + + + + +RMDHANDLE +rmd160_open( int secure ) +{ + RMDHANDLE hd; + + hd = secure? m_alloc_secure( sizeof *hd ) + : m_alloc( sizeof *hd ); + initialize(hd); + return hd; +} + + +RMDHANDLE +rmd160_copy( RMDHANDLE a ) +{ + RMDHANDLE b; + + assert(a); + b = m_is_secure(a)? m_alloc_secure( sizeof *b ) + : m_alloc( sizeof *b ); + memcpy( b, a, sizeof *a ); + return b; +} + +void +rmd160_close(RMDHANDLE hd) +{ + if( hd ) + m_free(hd); +} + + + +/* Update the message digest with the contents + * of INBUF with length INLEN. + */ +void +rmd160_write( RMDHANDLE hd, byte *inbuf, size_t inlen) +{ + if( hd->bufcount == 64 ) { /* flush the buffer */ + transform( hd, (u32*)hd->buffer ); + hd->bufcount = 0; + hd->nblocks++; + } + if( !inbuf ) + return; + if( hd->bufcount ) { + for( ; inlen && hd->bufcount < 64; inlen-- ) + hd->buffer[hd->bufcount++] = *inbuf++; + rmd160_write( hd, NULL, 0 ); + if( !inlen ) + return; + } + + while( inlen >= 64 ) { + transform( hd, (u32*)inbuf ); + hd->bufcount = 0; + hd->nblocks++; + inlen -= 64; + inbuf += 64; + } + for( ; inlen && hd->bufcount < 64; inlen-- ) + hd->buffer[hd->bufcount++] = *inbuf++; +} + + +/* The routine final terminates the computation and + * returns the digest. + * The handle is prepared for a new cycle, but adding bytes to the + * handle will the destroy the returned buffer. + * Returns: 20 bytes representing the digest. + */ + +byte * +rmd160_final(RMDHANDLE hd) +{ + u32 t, msb, lsb; + byte *p; + + rmd160_write(hd, NULL, 0); /* flush */; + + msb = 0; + t = hd->nblocks; + if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */ + msb++; + msb += t >> 26; + t = lsb; + if( (lsb = t + hd->bufcount) < t ) /* add the bufcount */ + msb++; + t = lsb; + if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */ + msb++; + msb += t >> 29; + + if( hd->bufcount < 56 ) { /* enough room */ + hd->buffer[hd->bufcount++] = 0x80; /* pad */ + while( hd->bufcount < 56 ) + hd->buffer[hd->bufcount++] = 0; /* pad */ + } + else { /* need one extra block */ + hd->buffer[hd->bufcount++] = 0x80; /* pad character */ + while( hd->bufcount < 64 ) + hd->buffer[hd->bufcount++] = 0; + rmd160_write(hd, NULL, 0); /* flush */; + memset(hd->buffer, 0, 56 ); /* fill next block with zeroes */ + } + /* append the 64 bit count */ + hd->buffer[56] = lsb ; + hd->buffer[57] = lsb >> 8; + hd->buffer[58] = lsb >> 16; + hd->buffer[59] = lsb >> 24; + hd->buffer[60] = msb ; + hd->buffer[61] = msb >> 8; + hd->buffer[62] = msb >> 16; + hd->buffer[63] = msb >> 24; + transform( hd, (u32*)hd->buffer ); + + p = hd->buffer; + #ifdef HAVE_BIG_ENDIAN + #define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \ + *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0) + #else /* little endian */ + #define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0) + #endif + X(0); + X(1); + X(2); + X(3); + X(4); + #undef X + + initialize( hd ); /* prepare for next cycle */ + return hd->buffer; /* now contains the digest */ +} + + diff --git a/cipher/rmd160test.c b/cipher/rmd160test.c new file mode 100644 index 000000000..365fde02c --- /dev/null +++ b/cipher/rmd160test.c @@ -0,0 +1,63 @@ +/* rmd160test.c - ripe md 160 test program + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "util.h" +#include "rmd.h" + +static void +usage(void) +{ + fprintf(stderr, "usage: rmd160test\n"); + exit(1); +} + + +int +main(int argc, char **argv) +{ + RMDHANDLE rmdhd; + int i, n; + byte buf[100], *p; + + if( argc > 1 ) + usage(); + + rmdhd = rmd160_open(0); + #if 1 + while( (n = fread( buf, 1, 100, stdin )) > 0 ) + rmd160_write(rmdhd, buf, n); + #else + for(i=0; i < 1000000; i++ ) + rmd160_putchar(rmdhd, 'a'); + #endif + p = rmd160_final(rmdhd); + for(i=0; i < 20; i++, p++ ) + printf("%02x", *p ); + putchar('\n'); + + rmd160_close(rmdhd); + return 0; +} + diff --git a/cipher/rsa.c b/cipher/rsa.c new file mode 100644 index 000000000..ec761a953 --- /dev/null +++ b/cipher/rsa.c @@ -0,0 +1,191 @@ +/* rsa.c - RSA function + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * ATTENTION: This code should not be exported from the United States + * nor should it be used their without a license agreement with PKP. + * The RSA alorithm is protected by U.S. Patent #4,405,829 which + * expires on September 20, 2000! + * + * For a description of the algorithm, see: + * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. + * ISBN 0-471-11709-9. Pages 466 ff. + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "util.h" +#include "mpi.h" +#include "cipher.h" + + +void +rsa_free_public_key( RSA_public_key *pk ) +{ + mpi_free( pk->n ); pk->n = NULL; + mpi_free( pk->e ); pk->e = NULL; +} + +void +rsa_free_secret_key( RSA_secret_key *sk ) +{ + mpi_free( sk->e ); sk->e = NULL; + mpi_free( sk->n ); sk->n = NULL; + mpi_free( sk->p ); sk->p = NULL; + mpi_free( sk->q ); sk->q = NULL; + mpi_free( sk->d ); sk->d = NULL; + mpi_free( sk->u ); sk->u = NULL; +} + + +static void +test_keys( RSA_public_key *pk, RSA_secret_key *sk, unsigned nbits ) +{ + MPI test = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); + MPI out1 = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); + MPI out2 = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); + + mpi_set_bytes( test, nbits, get_random_byte, 0 ); + + rsa_public( out1, test, pk ); + rsa_secret( out2, out1, sk ); + if( mpi_cmp( test, out2 ) ) + log_fatal("RSA operation: public, secret failed\n"); + rsa_secret( out1, test, sk ); + rsa_public( out2, out1, pk ); + if( mpi_cmp( test, out2 ) ) + log_fatal("RSA operation: secret, public failed\n"); + mpi_free( test ); + mpi_free( out1 ); + mpi_free( out2 ); +} + +/**************** + * Generate a key pair with a key of size NBITS + * Returns: 2 structures filles with all needed values + */ +void +rsa_generate( RSA_public_key *pk, RSA_secret_key *sk, unsigned nbits ) +{ + MPI p, q; /* the two primes */ + MPI d; /* the private key */ + MPI u; + MPI t1, t2; + MPI n; /* the public key */ + MPI e; /* the exponent */ + MPI phi; /* helper: (p-a)(q-1) */ + + /* select two (very secret) primes */ + p = generate_random_prime( nbits / 2 ); + q = generate_random_prime( nbits / 2 ); + if( mpi_cmp( p, q ) > 0 ) /* p shall be smaller than q */ + mpi_swap(p,q); + /* calculate phi = (p-1)(q-1) */ + t1 = mpi_alloc_secure( mpi_get_nlimbs(p) ); + t2 = mpi_alloc_secure( mpi_get_nlimbs(p) ); + phi = mpi_alloc_secure( nbits / BITS_PER_MPI_LIMB ); + mpi_sub_ui( t1, p, 1 ); + mpi_sub_ui( t2, q, 1 ); + mpi_mul( phi, t1, t2 ); + /* multiply them to make the private key */ + n = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); + mpi_mul( n, p, q ); + /* find a public exponent */ + e = mpi_alloc(1); + mpi_set_ui( e, 17); /* start with 17 */ + while( !mpi_gcd(t1, e, phi) ) { /* (while gcd is not 1) */ + if( DBG_CIPHER ) + log_mpidump("trying e=", e); + mpi_add_ui( e, e, 2); + } + /* calculate the secret key d = e^1 mod phi */ + d = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); + mpi_inv_mod(d, e, phi ); + /* calculate the inverse of p and q (used for chinese remainder theorem)*/ + u = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); + mpi_inv_mod(u, p, q ); + + if( DBG_CIPHER ) { + log_mpidump("p=", p ); + log_mpidump("q=", q ); + log_mpidump("phi=", phi ); + log_mpidump("n=", n ); + log_mpidump("e=", e ); + log_mpidump("d=", d ); + log_mpidump("u=", u ); + } + + mpi_free(t1); + mpi_free(t2); + mpi_free(phi); + + pk->n = mpi_copy(n); + pk->e = mpi_copy(e); + sk->n = n; + sk->e = e; + sk->p = p; + sk->q = q; + sk->d = d; + sk->u = u; + + /* now we can test our keys (this should never fail!) */ + test_keys( pk, sk, nbits - 16 ); +} + + + + +/**************** + * Public key operation. Encrypt INPUT with PKEY and put result into OUTPUT. + * + * c = m^e mod n + * + * Where c is OUTPUT, m is INPUT and e,n are elements of PKEY. + */ +void +rsa_public(MPI output, MPI input, RSA_public_key *pkey ) +{ + if( output == input ) { /* powm doesn't like output and input the same */ + MPI x = mpi_alloc( mpi_get_nlimbs(input)*2 ); + mpi_powm( x, input, pkey->e, pkey->n ); + mpi_set(output, x); + mpi_free(x); + } + else + mpi_powm( output, input, pkey->e, pkey->n ); +} + +/**************** + * Secret key operation. Encrypt INPUT with SKEY and put result into OUTPUT. + * + * m = c^d mod n + * + * Where m is OUTPUT, c is INPUT and d,n are elements of PKEY. + * + * FIXME: We should better use the Chinese Remainder Theorem + */ +void +rsa_secret(MPI output, MPI input, RSA_secret_key *skey ) +{ + mpi_powm( output, input, skey->d, skey->n ); +} + + + diff --git a/cipher/rsa.h b/cipher/rsa.h new file mode 100644 index 000000000..a9980d0bc --- /dev/null +++ b/cipher/rsa.h @@ -0,0 +1,53 @@ +/* rsa.h + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * ATTENTION: This code should not be exported from the United States + * nor should it be used their without a license agreement with PKP. + * The RSA alorithm is protected by U.S. Patent #4,405,829 which + * expires on September 20, 2000! + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ +#ifndef G10_RSA_H +#define G10_RSA_H + +#include "mpi.h" + +typedef struct { + MPI e; /* exponent */ + MPI n; /* modulus */ +} RSA_public_key; + + +typedef struct { + MPI e; /* public exponent */ + MPI n; /* public modulus */ + MPI p; /* prime p. */ + MPI q; /* prime q. */ + MPI d; /* exponent */ + MPI u; /* inverse of p mod q. */ +} RSA_secret_key; + + +void rsa_free_public_key( RSA_public_key *pk ); +void rsa_free_secret_key( RSA_secret_key *sk ); +void rsa_generate( RSA_public_key *pk, RSA_secret_key *sk, unsigned nbits ); +void rsa_public(MPI output, MPI input, RSA_public_key *skey ); +void rsa_secret(MPI output, MPI input, RSA_secret_key *skey ); + + +#endif /*G10_RSA_H*/ diff --git a/cipher/smallprime.c b/cipher/smallprime.c new file mode 100644 index 000000000..74a1304a4 --- /dev/null +++ b/cipher/smallprime.c @@ -0,0 +1,114 @@ +/* smallprime.c - List of small primes + * Copyright (c) 1997 by Werner Koch (dd9jn) + * + * This file is part of G10. + * + * G10 is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * G10 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include "util.h" +#include "types.h" + +/* Note: 2 is not included because it can be testest more easily + * by looking at bit 0. The last entry in this list is marked by a zero + */ +ushort +small_prime_numbers[] = { + 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, + 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, + 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, + 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, + 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, + 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, + 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, + 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, + 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, + 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, + 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, + 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, + 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, + 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, + 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, + 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, + 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, + 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, + 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, + 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, + 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, + 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, + 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, + 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, + 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, + 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, + 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, + 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, + 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, + 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, + 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, + 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, + 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, + 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, + 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, + 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, + 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, + 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, + 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, + 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, + 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, + 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, + 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, + 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, + 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, + 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, + 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, + 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, + 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, + 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, + 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, + 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, + 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, + 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, + 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, + 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, + 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, + 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, + 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, + 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, + 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, + 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, + 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, + 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, + 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, + 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, + 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, + 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, + 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, + 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, + 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, + 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, + 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, + 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, + 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, + 4957, 4967, 4969, 4973, 4987, 4993, 4999, + 0 +}; + + |