From 5ec36e6f84f80cc24a17dcbd468bd11d6a3e16cd Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 21 Aug 2010 10:11:16 +0200 Subject: Prevent usage of wrapping keys for anything else except wrapping. --- ncr-sessions.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ncr-sessions.c b/ncr-sessions.c index c65db2f751e..f7e577757a9 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -537,6 +537,14 @@ static struct session_item_st *_ncr_session_init(struct ncr_lists *lists, goto fail; } + /* wrapping keys cannot be used for anything except wrapping. + */ + if (ns->key->flags & NCR_KEY_FLAG_WRAPPING) { + err(); + ret = -EINVAL; + goto fail; + } + if (ns->algorithm->is_hmac && ns->key->type == NCR_KEY_TYPE_SECRET) { if (ns->algorithm->is_pk) { err(); -- cgit From e592413c53d1a2b27323c6014b4d471be26ad54c Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 21 Aug 2010 10:11:38 +0200 Subject: export ncr_key_clear(). And disallow key derivation from wrapping keys. --- ncr-int.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ncr-int.h b/ncr-int.h index 87964b08065..274a314c30f 100644 --- a/ncr-int.h +++ b/ncr-int.h @@ -115,6 +115,8 @@ int ncr_key_derive(struct ncr_lists *lst, const struct ncr_key_derive *data, void ncr_key_clear(struct key_item_st* item); int ncr_key_update_flags(struct key_item_st *item, const struct nlattr *nla); +void ncr_key_clear(struct key_item_st* item); + /* key handling */ int ncr_key_init(struct ncr_lists *lst); int ncr_key_deinit(struct ncr_lists *lst, ncr_key_t desc); -- cgit From 18b0ee5a1cbbbdf8813c8ebdebae27684d75b1cd Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 1 Sep 2010 18:41:34 +0200 Subject: Added an emulation of a userspace application that provides encryption service. --- examples/Makefile | 3 + examples/shm/aes.h | 40 ++ examples/shm/aes_cbc.c | 1402 ++++++++++++++++++++++++++++++++++++++++++++++++ examples/shm/shm.c | 178 ++++++ 4 files changed, 1623 insertions(+) create mode 100644 examples/shm/aes.h create mode 100644 examples/shm/aes_cbc.c create mode 100644 examples/shm/shm.c diff --git a/examples/Makefile b/examples/Makefile index 9911100263e..883529ea955 100644 --- a/examples/Makefile +++ b/examples/Makefile @@ -14,6 +14,9 @@ ncr: ncr.c pk: pk.c $(CC) $(CFLAGS) $< -o $@ -L/usr/local/lib -lgnutls +uspeed: shm/aes_cbc.c shm/shm.c shm/aes.h + $(CC) $(CFLAGS) shm/aes_cbc.c shm/shm.c -o $@ -Ishm -lpthread + check: $(progs) ./ncr ./pk diff --git a/examples/shm/aes.h b/examples/shm/aes.h new file mode 100644 index 00000000000..ee13dcb7c3d --- /dev/null +++ b/examples/shm/aes.h @@ -0,0 +1,40 @@ +/* + * Common values for AES algorithms + */ + +#ifndef _CRYPTO_AES_H +#define _CRYPTO_AES_H +# include +# include + +#define AES_MIN_KEY_SIZE 16 +#define AES_MAX_KEY_SIZE 32 +#define AES_KEYSIZE_128 16 +#define AES_KEYSIZE_192 24 +#define AES_KEYSIZE_256 32 +#define AES_BLOCK_SIZE 16 +#define AES_MAX_KEYLENGTH (15 * 16) +#define AES_MAX_KEYLENGTH_U32 (AES_MAX_KEYLENGTH / sizeof(uint32_t)) + +/* + * Please ensure that the first two fields are 16-byte aligned + * relative to the start of the structure, i.e., don't move them! + */ +struct crypto_aes_ctx { + uint32_t key_enc[AES_MAX_KEYLENGTH_U32]; + uint32_t key_dec[AES_MAX_KEYLENGTH_U32]; + uint32_t key_length; +}; + +extern const uint32_t crypto_ft_tab[4][256]; +extern const uint32_t crypto_fl_tab[4][256]; +extern const uint32_t crypto_it_tab[4][256]; +extern const uint32_t crypto_il_tab[4][256]; + +int crypto_aes_expand_key(struct crypto_aes_ctx *ctx, const uint8_t *in_key, + unsigned int key_len); + +int crypto_cbc_encrypt(const struct crypto_aes_ctx *ctx, + void* src, int nbytes, void* dst, void* iv); + +#endif diff --git a/examples/shm/aes_cbc.c b/examples/shm/aes_cbc.c new file mode 100644 index 00000000000..a8d4bfc5ddf --- /dev/null +++ b/examples/shm/aes_cbc.c @@ -0,0 +1,1402 @@ +/* + * Cryptographic API. + * + * AES Cipher Algorithm. + * + * Based on Brian Gladman's code. + * + * Linux developers: + * Alexander Kjeldaas + * Herbert Valerio Riedel + * Kyle McMartin + * Adam J. Richter (conversion to 2.5 API). + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * --------------------------------------------------------------------------- + * Copyright (c) 2002, Dr Brian Gladman , Worcester, UK. + * All rights reserved. + * + * LICENSE TERMS + * + * The free distribution and use of this software in both source and binary + * form is allowed (with or without changes) provided that: + * + * 1. distributions of this source code include the above copyright + * notice, this list of conditions and the following disclaimer; + * + * 2. distributions in binary form include the above copyright + * notice, this list of conditions and the following disclaimer + * in the documentation and/or other associated materials; + * + * 3. the copyright holder's name is not used to endorse products + * built using this software without specific written permission. + * + * ALTERNATIVELY, provided that this notice is retained in full, this product + * may be distributed under the terms of the GNU General Public License (GPL), + * in which case the provisions of the GPL apply INSTEAD OF those given above. + * + * DISCLAIMER + * + * This software is provided 'as is' with no explicit or implied warranties + * in respect of its properties, including, but not limited to, correctness + * and/or fitness for purpose. + * --------------------------------------------------------------------------- + */ + +#include +#include +#include +#include +#define cpu_to_le16(v16) (v16) +#define cpu_to_le32(v32) (v32) +#define cpu_to_le64(v64) (v64) +#define le16_to_cpu(v16) (v16) +#define le32_to_cpu(v32) (v32) +#define le64_to_cpu(v64) (v64) + +static inline __u32 ror32(__u32 word, unsigned int shift) +{ + return (word >> shift) | (word << (32 - shift)); +} + +static inline uint8_t byte(const uint32_t x, const unsigned n) +{ + return x >> (n << 3); +} + +static const uint32_t rco_tab[10] = { 1, 2, 4, 8, 16, 32, 64, 128, 27, 54 }; + +const uint32_t crypto_ft_tab[4][256] = { + { + 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, + 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, + 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, + 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, + 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, + 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, + 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, + 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, + 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, + 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, + 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, + 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, + 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, + 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f, + 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, + 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, + 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, + 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, + 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, + 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, + 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, + 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, + 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, + 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, + 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, + 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, + 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe, + 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, + 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, + 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, + 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, + 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, + 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, + 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, + 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, + 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, + 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, + 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, + 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, + 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, + 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, + 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, + 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, + 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, + 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, + 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, + 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, + 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, + 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, + 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, + 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, + 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, + 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, + 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c, + 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, + 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, + 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, + 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, + 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, + 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, + 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, + 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, + 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, + 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c, + }, { + 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, + 0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154, + 0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d, + 0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a, + 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87, + 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b, + 0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea, + 0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b, + 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a, + 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f, + 0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908, + 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f, + 0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e, + 0x18183028, 0x969637a1, 0x05050a0f, 0x9a9a2fb5, + 0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d, + 0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f, + 0x0909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e, + 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb, + 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce, + 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397, + 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c, + 0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed, + 0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b, + 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a, + 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16, + 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194, + 0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81, + 0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3, + 0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a, + 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104, + 0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263, + 0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d, + 0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f, + 0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39, + 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47, + 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695, + 0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f, + 0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83, + 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c, + 0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76, + 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e, + 0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4, + 0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6, + 0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b, + 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7, + 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0, + 0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25, + 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018, + 0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72, + 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751, + 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21, + 0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85, + 0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa, + 0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12, + 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0, + 0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9, + 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233, + 0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7, + 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920, + 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a, + 0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17, + 0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8, + 0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11, + 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a, + }, { + 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, + 0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5, + 0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b, + 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76, + 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d, + 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0, + 0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf, + 0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0, + 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26, + 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc, + 0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1, + 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15, + 0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3, + 0x18302818, 0x9637a196, 0x050a0f05, 0x9a2fb59a, + 0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2, + 0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75, + 0x09121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a, + 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0, + 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3, + 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784, + 0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced, + 0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b, + 0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39, + 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf, + 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb, + 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485, + 0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f, + 0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8, + 0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f, + 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5, + 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321, + 0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2, + 0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec, + 0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917, + 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d, + 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573, + 0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc, + 0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388, + 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14, + 0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db, + 0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a, + 0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c, + 0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662, + 0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79, + 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d, + 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9, + 0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea, + 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808, + 0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e, + 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6, + 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f, + 0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a, + 0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66, + 0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e, + 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9, + 0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e, + 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311, + 0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794, + 0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9, + 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf, + 0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d, + 0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868, + 0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f, + 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16, + }, { + 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, + 0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5, + 0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b, + 0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676, + 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d, + 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0, + 0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf, + 0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0, + 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626, + 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc, + 0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1, + 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515, + 0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3, + 0x30281818, 0x37a19696, 0x0a0f0505, 0x2fb59a9a, + 0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2, + 0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575, + 0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a, + 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0, + 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3, + 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484, + 0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded, + 0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b, + 0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939, + 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf, + 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb, + 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585, + 0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f, + 0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8, + 0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x058a8f8f, + 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5, + 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121, + 0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2, + 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec, + 0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717, + 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d, + 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373, + 0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc, + 0x44662222, 0x547e2a2a, 0x3bab9090, 0x0b838888, + 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414, + 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb, + 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a, + 0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c, + 0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262, + 0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979, + 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d, + 0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9, + 0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea, + 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808, + 0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e, + 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6, + 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f, + 0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a, + 0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666, + 0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e, + 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9, + 0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e, + 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111, + 0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494, + 0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9, + 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf, + 0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d, + 0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868, + 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f, + 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616, + } +}; + +const uint32_t crypto_fl_tab[4][256] = { + { + 0x00000063, 0x0000007c, 0x00000077, 0x0000007b, + 0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5, + 0x00000030, 0x00000001, 0x00000067, 0x0000002b, + 0x000000fe, 0x000000d7, 0x000000ab, 0x00000076, + 0x000000ca, 0x00000082, 0x000000c9, 0x0000007d, + 0x000000fa, 0x00000059, 0x00000047, 0x000000f0, + 0x000000ad, 0x000000d4, 0x000000a2, 0x000000af, + 0x0000009c, 0x000000a4, 0x00000072, 0x000000c0, + 0x000000b7, 0x000000fd, 0x00000093, 0x00000026, + 0x00000036, 0x0000003f, 0x000000f7, 0x000000cc, + 0x00000034, 0x000000a5, 0x000000e5, 0x000000f1, + 0x00000071, 0x000000d8, 0x00000031, 0x00000015, + 0x00000004, 0x000000c7, 0x00000023, 0x000000c3, + 0x00000018, 0x00000096, 0x00000005, 0x0000009a, + 0x00000007, 0x00000012, 0x00000080, 0x000000e2, + 0x000000eb, 0x00000027, 0x000000b2, 0x00000075, + 0x00000009, 0x00000083, 0x0000002c, 0x0000001a, + 0x0000001b, 0x0000006e, 0x0000005a, 0x000000a0, + 0x00000052, 0x0000003b, 0x000000d6, 0x000000b3, + 0x00000029, 0x000000e3, 0x0000002f, 0x00000084, + 0x00000053, 0x000000d1, 0x00000000, 0x000000ed, + 0x00000020, 0x000000fc, 0x000000b1, 0x0000005b, + 0x0000006a, 0x000000cb, 0x000000be, 0x00000039, + 0x0000004a, 0x0000004c, 0x00000058, 0x000000cf, + 0x000000d0, 0x000000ef, 0x000000aa, 0x000000fb, + 0x00000043, 0x0000004d, 0x00000033, 0x00000085, + 0x00000045, 0x000000f9, 0x00000002, 0x0000007f, + 0x00000050, 0x0000003c, 0x0000009f, 0x000000a8, + 0x00000051, 0x000000a3, 0x00000040, 0x0000008f, + 0x00000092, 0x0000009d, 0x00000038, 0x000000f5, + 0x000000bc, 0x000000b6, 0x000000da, 0x00000021, + 0x00000010, 0x000000ff, 0x000000f3, 0x000000d2, + 0x000000cd, 0x0000000c, 0x00000013, 0x000000ec, + 0x0000005f, 0x00000097, 0x00000044, 0x00000017, + 0x000000c4, 0x000000a7, 0x0000007e, 0x0000003d, + 0x00000064, 0x0000005d, 0x00000019, 0x00000073, + 0x00000060, 0x00000081, 0x0000004f, 0x000000dc, + 0x00000022, 0x0000002a, 0x00000090, 0x00000088, + 0x00000046, 0x000000ee, 0x000000b8, 0x00000014, + 0x000000de, 0x0000005e, 0x0000000b, 0x000000db, + 0x000000e0, 0x00000032, 0x0000003a, 0x0000000a, + 0x00000049, 0x00000006, 0x00000024, 0x0000005c, + 0x000000c2, 0x000000d3, 0x000000ac, 0x00000062, + 0x00000091, 0x00000095, 0x000000e4, 0x00000079, + 0x000000e7, 0x000000c8, 0x00000037, 0x0000006d, + 0x0000008d, 0x000000d5, 0x0000004e, 0x000000a9, + 0x0000006c, 0x00000056, 0x000000f4, 0x000000ea, + 0x00000065, 0x0000007a, 0x000000ae, 0x00000008, + 0x000000ba, 0x00000078, 0x00000025, 0x0000002e, + 0x0000001c, 0x000000a6, 0x000000b4, 0x000000c6, + 0x000000e8, 0x000000dd, 0x00000074, 0x0000001f, + 0x0000004b, 0x000000bd, 0x0000008b, 0x0000008a, + 0x00000070, 0x0000003e, 0x000000b5, 0x00000066, + 0x00000048, 0x00000003, 0x000000f6, 0x0000000e, + 0x00000061, 0x00000035, 0x00000057, 0x000000b9, + 0x00000086, 0x000000c1, 0x0000001d, 0x0000009e, + 0x000000e1, 0x000000f8, 0x00000098, 0x00000011, + 0x00000069, 0x000000d9, 0x0000008e, 0x00000094, + 0x0000009b, 0x0000001e, 0x00000087, 0x000000e9, + 0x000000ce, 0x00000055, 0x00000028, 0x000000df, + 0x0000008c, 0x000000a1, 0x00000089, 0x0000000d, + 0x000000bf, 0x000000e6, 0x00000042, 0x00000068, + 0x00000041, 0x00000099, 0x0000002d, 0x0000000f, + 0x000000b0, 0x00000054, 0x000000bb, 0x00000016, + }, { + 0x00006300, 0x00007c00, 0x00007700, 0x00007b00, + 0x0000f200, 0x00006b00, 0x00006f00, 0x0000c500, + 0x00003000, 0x00000100, 0x00006700, 0x00002b00, + 0x0000fe00, 0x0000d700, 0x0000ab00, 0x00007600, + 0x0000ca00, 0x00008200, 0x0000c900, 0x00007d00, + 0x0000fa00, 0x00005900, 0x00004700, 0x0000f000, + 0x0000ad00, 0x0000d400, 0x0000a200, 0x0000af00, + 0x00009c00, 0x0000a400, 0x00007200, 0x0000c000, + 0x0000b700, 0x0000fd00, 0x00009300, 0x00002600, + 0x00003600, 0x00003f00, 0x0000f700, 0x0000cc00, + 0x00003400, 0x0000a500, 0x0000e500, 0x0000f100, + 0x00007100, 0x0000d800, 0x00003100, 0x00001500, + 0x00000400, 0x0000c700, 0x00002300, 0x0000c300, + 0x00001800, 0x00009600, 0x00000500, 0x00009a00, + 0x00000700, 0x00001200, 0x00008000, 0x0000e200, + 0x0000eb00, 0x00002700, 0x0000b200, 0x00007500, + 0x00000900, 0x00008300, 0x00002c00, 0x00001a00, + 0x00001b00, 0x00006e00, 0x00005a00, 0x0000a000, + 0x00005200, 0x00003b00, 0x0000d600, 0x0000b300, + 0x00002900, 0x0000e300, 0x00002f00, 0x00008400, + 0x00005300, 0x0000d100, 0x00000000, 0x0000ed00, + 0x00002000, 0x0000fc00, 0x0000b100, 0x00005b00, + 0x00006a00, 0x0000cb00, 0x0000be00, 0x00003900, + 0x00004a00, 0x00004c00, 0x00005800, 0x0000cf00, + 0x0000d000, 0x0000ef00, 0x0000aa00, 0x0000fb00, + 0x00004300, 0x00004d00, 0x00003300, 0x00008500, + 0x00004500, 0x0000f900, 0x00000200, 0x00007f00, + 0x00005000, 0x00003c00, 0x00009f00, 0x0000a800, + 0x00005100, 0x0000a300, 0x00004000, 0x00008f00, + 0x00009200, 0x00009d00, 0x00003800, 0x0000f500, + 0x0000bc00, 0x0000b600, 0x0000da00, 0x00002100, + 0x00001000, 0x0000ff00, 0x0000f300, 0x0000d200, + 0x0000cd00, 0x00000c00, 0x00001300, 0x0000ec00, + 0x00005f00, 0x00009700, 0x00004400, 0x00001700, + 0x0000c400, 0x0000a700, 0x00007e00, 0x00003d00, + 0x00006400, 0x00005d00, 0x00001900, 0x00007300, + 0x00006000, 0x00008100, 0x00004f00, 0x0000dc00, + 0x00002200, 0x00002a00, 0x00009000, 0x00008800, + 0x00004600, 0x0000ee00, 0x0000b800, 0x00001400, + 0x0000de00, 0x00005e00, 0x00000b00, 0x0000db00, + 0x0000e000, 0x00003200, 0x00003a00, 0x00000a00, + 0x00004900, 0x00000600, 0x00002400, 0x00005c00, + 0x0000c200, 0x0000d300, 0x0000ac00, 0x00006200, + 0x00009100, 0x00009500, 0x0000e400, 0x00007900, + 0x0000e700, 0x0000c800, 0x00003700, 0x00006d00, + 0x00008d00, 0x0000d500, 0x00004e00, 0x0000a900, + 0x00006c00, 0x00005600, 0x0000f400, 0x0000ea00, + 0x00006500, 0x00007a00, 0x0000ae00, 0x00000800, + 0x0000ba00, 0x00007800, 0x00002500, 0x00002e00, + 0x00001c00, 0x0000a600, 0x0000b400, 0x0000c600, + 0x0000e800, 0x0000dd00, 0x00007400, 0x00001f00, + 0x00004b00, 0x0000bd00, 0x00008b00, 0x00008a00, + 0x00007000, 0x00003e00, 0x0000b500, 0x00006600, + 0x00004800, 0x00000300, 0x0000f600, 0x00000e00, + 0x00006100, 0x00003500, 0x00005700, 0x0000b900, + 0x00008600, 0x0000c100, 0x00001d00, 0x00009e00, + 0x0000e100, 0x0000f800, 0x00009800, 0x00001100, + 0x00006900, 0x0000d900, 0x00008e00, 0x00009400, + 0x00009b00, 0x00001e00, 0x00008700, 0x0000e900, + 0x0000ce00, 0x00005500, 0x00002800, 0x0000df00, + 0x00008c00, 0x0000a100, 0x00008900, 0x00000d00, + 0x0000bf00, 0x0000e600, 0x00004200, 0x00006800, + 0x00004100, 0x00009900, 0x00002d00, 0x00000f00, + 0x0000b000, 0x00005400, 0x0000bb00, 0x00001600, + }, { + 0x00630000, 0x007c0000, 0x00770000, 0x007b0000, + 0x00f20000, 0x006b0000, 0x006f0000, 0x00c50000, + 0x00300000, 0x00010000, 0x00670000, 0x002b0000, + 0x00fe0000, 0x00d70000, 0x00ab0000, 0x00760000, + 0x00ca0000, 0x00820000, 0x00c90000, 0x007d0000, + 0x00fa0000, 0x00590000, 0x00470000, 0x00f00000, + 0x00ad0000, 0x00d40000, 0x00a20000, 0x00af0000, + 0x009c0000, 0x00a40000, 0x00720000, 0x00c00000, + 0x00b70000, 0x00fd0000, 0x00930000, 0x00260000, + 0x00360000, 0x003f0000, 0x00f70000, 0x00cc0000, + 0x00340000, 0x00a50000, 0x00e50000, 0x00f10000, + 0x00710000, 0x00d80000, 0x00310000, 0x00150000, + 0x00040000, 0x00c70000, 0x00230000, 0x00c30000, + 0x00180000, 0x00960000, 0x00050000, 0x009a0000, + 0x00070000, 0x00120000, 0x00800000, 0x00e20000, + 0x00eb0000, 0x00270000, 0x00b20000, 0x00750000, + 0x00090000, 0x00830000, 0x002c0000, 0x001a0000, + 0x001b0000, 0x006e0000, 0x005a0000, 0x00a00000, + 0x00520000, 0x003b0000, 0x00d60000, 0x00b30000, + 0x00290000, 0x00e30000, 0x002f0000, 0x00840000, + 0x00530000, 0x00d10000, 0x00000000, 0x00ed0000, + 0x00200000, 0x00fc0000, 0x00b10000, 0x005b0000, + 0x006a0000, 0x00cb0000, 0x00be0000, 0x00390000, + 0x004a0000, 0x004c0000, 0x00580000, 0x00cf0000, + 0x00d00000, 0x00ef0000, 0x00aa0000, 0x00fb0000, + 0x00430000, 0x004d0000, 0x00330000, 0x00850000, + 0x00450000, 0x00f90000, 0x00020000, 0x007f0000, + 0x00500000, 0x003c0000, 0x009f0000, 0x00a80000, + 0x00510000, 0x00a30000, 0x00400000, 0x008f0000, + 0x00920000, 0x009d0000, 0x00380000, 0x00f50000, + 0x00bc0000, 0x00b60000, 0x00da0000, 0x00210000, + 0x00100000, 0x00ff0000, 0x00f30000, 0x00d20000, + 0x00cd0000, 0x000c0000, 0x00130000, 0x00ec0000, + 0x005f0000, 0x00970000, 0x00440000, 0x00170000, + 0x00c40000, 0x00a70000, 0x007e0000, 0x003d0000, + 0x00640000, 0x005d0000, 0x00190000, 0x00730000, + 0x00600000, 0x00810000, 0x004f0000, 0x00dc0000, + 0x00220000, 0x002a0000, 0x00900000, 0x00880000, + 0x00460000, 0x00ee0000, 0x00b80000, 0x00140000, + 0x00de0000, 0x005e0000, 0x000b0000, 0x00db0000, + 0x00e00000, 0x00320000, 0x003a0000, 0x000a0000, + 0x00490000, 0x00060000, 0x00240000, 0x005c0000, + 0x00c20000, 0x00d30000, 0x00ac0000, 0x00620000, + 0x00910000, 0x00950000, 0x00e40000, 0x00790000, + 0x00e70000, 0x00c80000, 0x00370000, 0x006d0000, + 0x008d0000, 0x00d50000, 0x004e0000, 0x00a90000, + 0x006c0000, 0x00560000, 0x00f40000, 0x00ea0000, + 0x00650000, 0x007a0000, 0x00ae0000, 0x00080000, + 0x00ba0000, 0x00780000, 0x00250000, 0x002e0000, + 0x001c0000, 0x00a60000, 0x00b40000, 0x00c60000, + 0x00e80000, 0x00dd0000, 0x00740000, 0x001f0000, + 0x004b0000, 0x00bd0000, 0x008b0000, 0x008a0000, + 0x00700000, 0x003e0000, 0x00b50000, 0x00660000, + 0x00480000, 0x00030000, 0x00f60000, 0x000e0000, + 0x00610000, 0x00350000, 0x00570000, 0x00b90000, + 0x00860000, 0x00c10000, 0x001d0000, 0x009e0000, + 0x00e10000, 0x00f80000, 0x00980000, 0x00110000, + 0x00690000, 0x00d90000, 0x008e0000, 0x00940000, + 0x009b0000, 0x001e0000, 0x00870000, 0x00e90000, + 0x00ce0000, 0x00550000, 0x00280000, 0x00df0000, + 0x008c0000, 0x00a10000, 0x00890000, 0x000d0000, + 0x00bf0000, 0x00e60000, 0x00420000, 0x00680000, + 0x00410000, 0x00990000, 0x002d0000, 0x000f0000, + 0x00b00000, 0x00540000, 0x00bb0000, 0x00160000, + }, { + 0x63000000, 0x7c000000, 0x77000000, 0x7b000000, + 0xf2000000, 0x6b000000, 0x6f000000, 0xc5000000, + 0x30000000, 0x01000000, 0x67000000, 0x2b000000, + 0xfe000000, 0xd7000000, 0xab000000, 0x76000000, + 0xca000000, 0x82000000, 0xc9000000, 0x7d000000, + 0xfa000000, 0x59000000, 0x47000000, 0xf0000000, + 0xad000000, 0xd4000000, 0xa2000000, 0xaf000000, + 0x9c000000, 0xa4000000, 0x72000000, 0xc0000000, + 0xb7000000, 0xfd000000, 0x93000000, 0x26000000, + 0x36000000, 0x3f000000, 0xf7000000, 0xcc000000, + 0x34000000, 0xa5000000, 0xe5000000, 0xf1000000, + 0x71000000, 0xd8000000, 0x31000000, 0x15000000, + 0x04000000, 0xc7000000, 0x23000000, 0xc3000000, + 0x18000000, 0x96000000, 0x05000000, 0x9a000000, + 0x07000000, 0x12000000, 0x80000000, 0xe2000000, + 0xeb000000, 0x27000000, 0xb2000000, 0x75000000, + 0x09000000, 0x83000000, 0x2c000000, 0x1a000000, + 0x1b000000, 0x6e000000, 0x5a000000, 0xa0000000, + 0x52000000, 0x3b000000, 0xd6000000, 0xb3000000, + 0x29000000, 0xe3000000, 0x2f000000, 0x84000000, + 0x53000000, 0xd1000000, 0x00000000, 0xed000000, + 0x20000000, 0xfc000000, 0xb1000000, 0x5b000000, + 0x6a000000, 0xcb000000, 0xbe000000, 0x39000000, + 0x4a000000, 0x4c000000, 0x58000000, 0xcf000000, + 0xd0000000, 0xef000000, 0xaa000000, 0xfb000000, + 0x43000000, 0x4d000000, 0x33000000, 0x85000000, + 0x45000000, 0xf9000000, 0x02000000, 0x7f000000, + 0x50000000, 0x3c000000, 0x9f000000, 0xa8000000, + 0x51000000, 0xa3000000, 0x40000000, 0x8f000000, + 0x92000000, 0x9d000000, 0x38000000, 0xf5000000, + 0xbc000000, 0xb6000000, 0xda000000, 0x21000000, + 0x10000000, 0xff000000, 0xf3000000, 0xd2000000, + 0xcd000000, 0x0c000000, 0x13000000, 0xec000000, + 0x5f000000, 0x97000000, 0x44000000, 0x17000000, + 0xc4000000, 0xa7000000, 0x7e000000, 0x3d000000, + 0x64000000, 0x5d000000, 0x19000000, 0x73000000, + 0x60000000, 0x81000000, 0x4f000000, 0xdc000000, + 0x22000000, 0x2a000000, 0x90000000, 0x88000000, + 0x46000000, 0xee000000, 0xb8000000, 0x14000000, + 0xde000000, 0x5e000000, 0x0b000000, 0xdb000000, + 0xe0000000, 0x32000000, 0x3a000000, 0x0a000000, + 0x49000000, 0x06000000, 0x24000000, 0x5c000000, + 0xc2000000, 0xd3000000, 0xac000000, 0x62000000, + 0x91000000, 0x95000000, 0xe4000000, 0x79000000, + 0xe7000000, 0xc8000000, 0x37000000, 0x6d000000, + 0x8d000000, 0xd5000000, 0x4e000000, 0xa9000000, + 0x6c000000, 0x56000000, 0xf4000000, 0xea000000, + 0x65000000, 0x7a000000, 0xae000000, 0x08000000, + 0xba000000, 0x78000000, 0x25000000, 0x2e000000, + 0x1c000000, 0xa6000000, 0xb4000000, 0xc6000000, + 0xe8000000, 0xdd000000, 0x74000000, 0x1f000000, + 0x4b000000, 0xbd000000, 0x8b000000, 0x8a000000, + 0x70000000, 0x3e000000, 0xb5000000, 0x66000000, + 0x48000000, 0x03000000, 0xf6000000, 0x0e000000, + 0x61000000, 0x35000000, 0x57000000, 0xb9000000, + 0x86000000, 0xc1000000, 0x1d000000, 0x9e000000, + 0xe1000000, 0xf8000000, 0x98000000, 0x11000000, + 0x69000000, 0xd9000000, 0x8e000000, 0x94000000, + 0x9b000000, 0x1e000000, 0x87000000, 0xe9000000, + 0xce000000, 0x55000000, 0x28000000, 0xdf000000, + 0x8c000000, 0xa1000000, 0x89000000, 0x0d000000, + 0xbf000000, 0xe6000000, 0x42000000, 0x68000000, + 0x41000000, 0x99000000, 0x2d000000, 0x0f000000, + 0xb0000000, 0x54000000, 0xbb000000, 0x16000000, + } +}; + +const uint32_t crypto_it_tab[4][256] = { + { + 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, + 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b, + 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5, + 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5, + 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d, + 0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b, + 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, + 0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e, + 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927, + 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, + 0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362, + 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9, + 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52, + 0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566, + 0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3, + 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, + 0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e, + 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4, + 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, + 0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd, + 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, + 0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060, + 0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967, + 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879, + 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000, + 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c, + 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36, + 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, + 0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b, + 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, + 0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, + 0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14, + 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3, + 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, + 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8, + 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684, + 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, + 0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177, + 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947, + 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, + 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498, + 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f, + 0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54, + 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382, + 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf, + 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, + 0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83, + 0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef, + 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029, + 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235, + 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733, + 0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117, + 0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4, + 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546, + 0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, + 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d, + 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb, + 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a, + 0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773, + 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478, + 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, + 0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff, + 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664, + 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0, + }, { + 0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96, + 0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x03e34b93, + 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525, + 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f, + 0x5ab1de49, 0x1bba2567, 0x0eea4598, 0xc0fe5de1, + 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6, + 0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da, + 0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44, + 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd, + 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4, + 0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245, + 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994, + 0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7, + 0xd373ab23, 0x024b72e2, 0x8f1fe357, 0xab55662a, + 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5, + 0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c, + 0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1, + 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a, + 0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475, + 0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51, + 0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46, + 0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff, + 0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777, + 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db, + 0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000, + 0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e, + 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627, + 0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a, + 0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e, + 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16, + 0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d, + 0x0d090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8, + 0x19f15785, 0x0775af4c, 0xdd99eebb, 0x607fa3fd, + 0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34, + 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863, + 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420, + 0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d, + 0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0, + 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722, + 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef, + 0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0x0bd49836, + 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4, + 0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462, + 0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5, + 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3, + 0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b, + 0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8, + 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6, + 0x9be7bad9, 0x366f4ace, 0x099fead4, 0x7cb029d6, + 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0, + 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315, + 0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f, + 0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x0496e4df, + 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f, + 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e, + 0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13, + 0x61d79a8c, 0x0ca1377a, 0x14f8598e, 0x3c13eb89, + 0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c, + 0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf, + 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886, + 0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f, + 0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41, + 0x01a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490, + 0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042, + }, { + 0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e, + 0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303, + 0x302055fa, 0x76adf66d, 0xcc889176, 0x02f5254c, + 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3, + 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0, + 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9, + 0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59, + 0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8, + 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71, + 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a, + 0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f, + 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b, + 0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8, + 0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab, + 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508, + 0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82, + 0xcf8a2b1c, 0x79a792b4, 0x07f3f0f2, 0x694ea1e2, + 0xda65cdf4, 0x0506d5be, 0x34d11f62, 0xa6c48afe, + 0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb, + 0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110, + 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd, + 0x5491b58d, 0xc471055d, 0x06046fd4, 0x5060ff15, + 0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e, + 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee, + 0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000, + 0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72, + 0x0efdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739, + 0x0f0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e, + 0x0a0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91, + 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a, + 0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17, + 0x090e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9, + 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60, + 0x01f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e, + 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1, + 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011, + 0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1, + 0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3, + 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264, + 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90, + 0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b, + 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf, + 0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246, + 0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af, + 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312, + 0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb, + 0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a, + 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8, + 0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c, + 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066, + 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8, + 0x04f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6, + 0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04, + 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51, + 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41, + 0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347, + 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c, + 0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1, + 0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37, + 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db, + 0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40, + 0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0x0dff4195, + 0xa8397101, 0x0c08deb3, 0xb4d89ce4, 0x566490c1, + 0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257, + }, { + 0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27, + 0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3, + 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02, + 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362, + 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe, + 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3, + 0x03e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952, + 0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9, + 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9, + 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace, + 0x63184adf, 0xe582311a, 0x97603351, 0x62457f53, + 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08, + 0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b, + 0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55, + 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837, + 0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216, + 0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269, + 0x65cdf4da, 0x06d5be05, 0xd11f6234, 0xc48afea6, + 0x349d532e, 0xa2a055f3, 0x0532e18a, 0xa475ebf6, + 0x0b39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e, + 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6, + 0x91b58d54, 0x71055dc4, 0x046fd406, 0x60ff1550, + 0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9, + 0xb0bd42e8, 0x07888b89, 0xe7385b19, 0x79dbeec8, + 0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000, + 0x09838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a, + 0xfdfbff0e, 0x0f563885, 0x3d1ed5ae, 0x3627392d, + 0x0a64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36, + 0x0cb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b, + 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12, + 0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b, + 0x0e0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e, + 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f, + 0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb, + 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4, + 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6, + 0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129, + 0x1d4b2f9e, 0xdcf330b2, 0x0dec5286, 0x77d0e3c1, + 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9, + 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033, + 0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4, + 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad, + 0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e, + 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3, + 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225, + 0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b, + 0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f, + 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815, + 0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0, + 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2, + 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7, + 0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691, + 0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496, + 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165, + 0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b, + 0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6, + 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13, + 0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147, + 0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7, + 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44, + 0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3, + 0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d, + 0x397101a8, 0x08deb30c, 0xd89ce4b4, 0x6490c156, + 0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8, + } +}; + +const uint32_t crypto_il_tab[4][256] = { + { + 0x00000052, 0x00000009, 0x0000006a, 0x000000d5, + 0x00000030, 0x00000036, 0x000000a5, 0x00000038, + 0x000000bf, 0x00000040, 0x000000a3, 0x0000009e, + 0x00000081, 0x000000f3, 0x000000d7, 0x000000fb, + 0x0000007c, 0x000000e3, 0x00000039, 0x00000082, + 0x0000009b, 0x0000002f, 0x000000ff, 0x00000087, + 0x00000034, 0x0000008e, 0x00000043, 0x00000044, + 0x000000c4, 0x000000de, 0x000000e9, 0x000000cb, + 0x00000054, 0x0000007b, 0x00000094, 0x00000032, + 0x000000a6, 0x000000c2, 0x00000023, 0x0000003d, + 0x000000ee, 0x0000004c, 0x00000095, 0x0000000b, + 0x00000042, 0x000000fa, 0x000000c3, 0x0000004e, + 0x00000008, 0x0000002e, 0x000000a1, 0x00000066, + 0x00000028, 0x000000d9, 0x00000024, 0x000000b2, + 0x00000076, 0x0000005b, 0x000000a2, 0x00000049, + 0x0000006d, 0x0000008b, 0x000000d1, 0x00000025, + 0x00000072, 0x000000f8, 0x000000f6, 0x00000064, + 0x00000086, 0x00000068, 0x00000098, 0x00000016, + 0x000000d4, 0x000000a4, 0x0000005c, 0x000000cc, + 0x0000005d, 0x00000065, 0x000000b6, 0x00000092, + 0x0000006c, 0x00000070, 0x00000048, 0x00000050, + 0x000000fd, 0x000000ed, 0x000000b9, 0x000000da, + 0x0000005e, 0x00000015, 0x00000046, 0x00000057, + 0x000000a7, 0x0000008d, 0x0000009d, 0x00000084, + 0x00000090, 0x000000d8, 0x000000ab, 0x00000000, + 0x0000008c, 0x000000bc, 0x000000d3, 0x0000000a, + 0x000000f7, 0x000000e4, 0x00000058, 0x00000005, + 0x000000b8, 0x000000b3, 0x00000045, 0x00000006, + 0x000000d0, 0x0000002c, 0x0000001e, 0x0000008f, + 0x000000ca, 0x0000003f, 0x0000000f, 0x00000002, + 0x000000c1, 0x000000af, 0x000000bd, 0x00000003, + 0x00000001, 0x00000013, 0x0000008a, 0x0000006b, + 0x0000003a, 0x00000091, 0x00000011, 0x00000041, + 0x0000004f, 0x00000067, 0x000000dc, 0x000000ea, + 0x00000097, 0x000000f2, 0x000000cf, 0x000000ce, + 0x000000f0, 0x000000b4, 0x000000e6, 0x00000073, + 0x00000096, 0x000000ac, 0x00000074, 0x00000022, + 0x000000e7, 0x000000ad, 0x00000035, 0x00000085, + 0x000000e2, 0x000000f9, 0x00000037, 0x000000e8, + 0x0000001c, 0x00000075, 0x000000df, 0x0000006e, + 0x00000047, 0x000000f1, 0x0000001a, 0x00000071, + 0x0000001d, 0x00000029, 0x000000c5, 0x00000089, + 0x0000006f, 0x000000b7, 0x00000062, 0x0000000e, + 0x000000aa, 0x00000018, 0x000000be, 0x0000001b, + 0x000000fc, 0x00000056, 0x0000003e, 0x0000004b, + 0x000000c6, 0x000000d2, 0x00000079, 0x00000020, + 0x0000009a, 0x000000db, 0x000000c0, 0x000000fe, + 0x00000078, 0x000000cd, 0x0000005a, 0x000000f4, + 0x0000001f, 0x000000dd, 0x000000a8, 0x00000033, + 0x00000088, 0x00000007, 0x000000c7, 0x00000031, + 0x000000b1, 0x00000012, 0x00000010, 0x00000059, + 0x00000027, 0x00000080, 0x000000ec, 0x0000005f, + 0x00000060, 0x00000051, 0x0000007f, 0x000000a9, + 0x00000019, 0x000000b5, 0x0000004a, 0x0000000d, + 0x0000002d, 0x000000e5, 0x0000007a, 0x0000009f, + 0x00000093, 0x000000c9, 0x0000009c, 0x000000ef, + 0x000000a0, 0x000000e0, 0x0000003b, 0x0000004d, + 0x000000ae, 0x0000002a, 0x000000f5, 0x000000b0, + 0x000000c8, 0x000000eb, 0x000000bb, 0x0000003c, + 0x00000083, 0x00000053, 0x00000099, 0x00000061, + 0x00000017, 0x0000002b, 0x00000004, 0x0000007e, + 0x000000ba, 0x00000077, 0x000000d6, 0x00000026, + 0x000000e1, 0x00000069, 0x00000014, 0x00000063, + 0x00000055, 0x00000021, 0x0000000c, 0x0000007d, + }, { + 0x00005200, 0x00000900, 0x00006a00, 0x0000d500, + 0x00003000, 0x00003600, 0x0000a500, 0x00003800, + 0x0000bf00, 0x00004000, 0x0000a300, 0x00009e00, + 0x00008100, 0x0000f300, 0x0000d700, 0x0000fb00, + 0x00007c00, 0x0000e300, 0x00003900, 0x00008200, + 0x00009b00, 0x00002f00, 0x0000ff00, 0x00008700, + 0x00003400, 0x00008e00, 0x00004300, 0x00004400, + 0x0000c400, 0x0000de00, 0x0000e900, 0x0000cb00, + 0x00005400, 0x00007b00, 0x00009400, 0x00003200, + 0x0000a600, 0x0000c200, 0x00002300, 0x00003d00, + 0x0000ee00, 0x00004c00, 0x00009500, 0x00000b00, + 0x00004200, 0x0000fa00, 0x0000c300, 0x00004e00, + 0x00000800, 0x00002e00, 0x0000a100, 0x00006600, + 0x00002800, 0x0000d900, 0x00002400, 0x0000b200, + 0x00007600, 0x00005b00, 0x0000a200, 0x00004900, + 0x00006d00, 0x00008b00, 0x0000d100, 0x00002500, + 0x00007200, 0x0000f800, 0x0000f600, 0x00006400, + 0x00008600, 0x00006800, 0x00009800, 0x00001600, + 0x0000d400, 0x0000a400, 0x00005c00, 0x0000cc00, + 0x00005d00, 0x00006500, 0x0000b600, 0x00009200, + 0x00006c00, 0x00007000, 0x00004800, 0x00005000, + 0x0000fd00, 0x0000ed00, 0x0000b900, 0x0000da00, + 0x00005e00, 0x00001500, 0x00004600, 0x00005700, + 0x0000a700, 0x00008d00, 0x00009d00, 0x00008400, + 0x00009000, 0x0000d800, 0x0000ab00, 0x00000000, + 0x00008c00, 0x0000bc00, 0x0000d300, 0x00000a00, + 0x0000f700, 0x0000e400, 0x00005800, 0x00000500, + 0x0000b800, 0x0000b300, 0x00004500, 0x00000600, + 0x0000d000, 0x00002c00, 0x00001e00, 0x00008f00, + 0x0000ca00, 0x00003f00, 0x00000f00, 0x00000200, + 0x0000c100, 0x0000af00, 0x0000bd00, 0x00000300, + 0x00000100, 0x00001300, 0x00008a00, 0x00006b00, + 0x00003a00, 0x00009100, 0x00001100, 0x00004100, + 0x00004f00, 0x00006700, 0x0000dc00, 0x0000ea00, + 0x00009700, 0x0000f200, 0x0000cf00, 0x0000ce00, + 0x0000f000, 0x0000b400, 0x0000e600, 0x00007300, + 0x00009600, 0x0000ac00, 0x00007400, 0x00002200, + 0x0000e700, 0x0000ad00, 0x00003500, 0x00008500, + 0x0000e200, 0x0000f900, 0x00003700, 0x0000e800, + 0x00001c00, 0x00007500, 0x0000df00, 0x00006e00, + 0x00004700, 0x0000f100, 0x00001a00, 0x00007100, + 0x00001d00, 0x00002900, 0x0000c500, 0x00008900, + 0x00006f00, 0x0000b700, 0x00006200, 0x00000e00, + 0x0000aa00, 0x00001800, 0x0000be00, 0x00001b00, + 0x0000fc00, 0x00005600, 0x00003e00, 0x00004b00, + 0x0000c600, 0x0000d200, 0x00007900, 0x00002000, + 0x00009a00, 0x0000db00, 0x0000c000, 0x0000fe00, + 0x00007800, 0x0000cd00, 0x00005a00, 0x0000f400, + 0x00001f00, 0x0000dd00, 0x0000a800, 0x00003300, + 0x00008800, 0x00000700, 0x0000c700, 0x00003100, + 0x0000b100, 0x00001200, 0x00001000, 0x00005900, + 0x00002700, 0x00008000, 0x0000ec00, 0x00005f00, + 0x00006000, 0x00005100, 0x00007f00, 0x0000a900, + 0x00001900, 0x0000b500, 0x00004a00, 0x00000d00, + 0x00002d00, 0x0000e500, 0x00007a00, 0x00009f00, + 0x00009300, 0x0000c900, 0x00009c00, 0x0000ef00, + 0x0000a000, 0x0000e000, 0x00003b00, 0x00004d00, + 0x0000ae00, 0x00002a00, 0x0000f500, 0x0000b000, + 0x0000c800, 0x0000eb00, 0x0000bb00, 0x00003c00, + 0x00008300, 0x00005300, 0x00009900, 0x00006100, + 0x00001700, 0x00002b00, 0x00000400, 0x00007e00, + 0x0000ba00, 0x00007700, 0x0000d600, 0x00002600, + 0x0000e100, 0x00006900, 0x00001400, 0x00006300, + 0x00005500, 0x00002100, 0x00000c00, 0x00007d00, + }, { + 0x00520000, 0x00090000, 0x006a0000, 0x00d50000, + 0x00300000, 0x00360000, 0x00a50000, 0x00380000, + 0x00bf0000, 0x00400000, 0x00a30000, 0x009e0000, + 0x00810000, 0x00f30000, 0x00d70000, 0x00fb0000, + 0x007c0000, 0x00e30000, 0x00390000, 0x00820000, + 0x009b0000, 0x002f0000, 0x00ff0000, 0x00870000, + 0x00340000, 0x008e0000, 0x00430000, 0x00440000, + 0x00c40000, 0x00de0000, 0x00e90000, 0x00cb0000, + 0x00540000, 0x007b0000, 0x00940000, 0x00320000, + 0x00a60000, 0x00c20000, 0x00230000, 0x003d0000, + 0x00ee0000, 0x004c0000, 0x00950000, 0x000b0000, + 0x00420000, 0x00fa0000, 0x00c30000, 0x004e0000, + 0x00080000, 0x002e0000, 0x00a10000, 0x00660000, + 0x00280000, 0x00d90000, 0x00240000, 0x00b20000, + 0x00760000, 0x005b0000, 0x00a20000, 0x00490000, + 0x006d0000, 0x008b0000, 0x00d10000, 0x00250000, + 0x00720000, 0x00f80000, 0x00f60000, 0x00640000, + 0x00860000, 0x00680000, 0x00980000, 0x00160000, + 0x00d40000, 0x00a40000, 0x005c0000, 0x00cc0000, + 0x005d0000, 0x00650000, 0x00b60000, 0x00920000, + 0x006c0000, 0x00700000, 0x00480000, 0x00500000, + 0x00fd0000, 0x00ed0000, 0x00b90000, 0x00da0000, + 0x005e0000, 0x00150000, 0x00460000, 0x00570000, + 0x00a70000, 0x008d0000, 0x009d0000, 0x00840000, + 0x00900000, 0x00d80000, 0x00ab0000, 0x00000000, + 0x008c0000, 0x00bc0000, 0x00d30000, 0x000a0000, + 0x00f70000, 0x00e40000, 0x00580000, 0x00050000, + 0x00b80000, 0x00b30000, 0x00450000, 0x00060000, + 0x00d00000, 0x002c0000, 0x001e0000, 0x008f0000, + 0x00ca0000, 0x003f0000, 0x000f0000, 0x00020000, + 0x00c10000, 0x00af0000, 0x00bd0000, 0x00030000, + 0x00010000, 0x00130000, 0x008a0000, 0x006b0000, + 0x003a0000, 0x00910000, 0x00110000, 0x00410000, + 0x004f0000, 0x00670000, 0x00dc0000, 0x00ea0000, + 0x00970000, 0x00f20000, 0x00cf0000, 0x00ce0000, + 0x00f00000, 0x00b40000, 0x00e60000, 0x00730000, + 0x00960000, 0x00ac0000, 0x00740000, 0x00220000, + 0x00e70000, 0x00ad0000, 0x00350000, 0x00850000, + 0x00e20000, 0x00f90000, 0x00370000, 0x00e80000, + 0x001c0000, 0x00750000, 0x00df0000, 0x006e0000, + 0x00470000, 0x00f10000, 0x001a0000, 0x00710000, + 0x001d0000, 0x00290000, 0x00c50000, 0x00890000, + 0x006f0000, 0x00b70000, 0x00620000, 0x000e0000, + 0x00aa0000, 0x00180000, 0x00be0000, 0x001b0000, + 0x00fc0000, 0x00560000, 0x003e0000, 0x004b0000, + 0x00c60000, 0x00d20000, 0x00790000, 0x00200000, + 0x009a0000, 0x00db0000, 0x00c00000, 0x00fe0000, + 0x00780000, 0x00cd0000, 0x005a0000, 0x00f40000, + 0x001f0000, 0x00dd0000, 0x00a80000, 0x00330000, + 0x00880000, 0x00070000, 0x00c70000, 0x00310000, + 0x00b10000, 0x00120000, 0x00100000, 0x00590000, + 0x00270000, 0x00800000, 0x00ec0000, 0x005f0000, + 0x00600000, 0x00510000, 0x007f0000, 0x00a90000, + 0x00190000, 0x00b50000, 0x004a0000, 0x000d0000, + 0x002d0000, 0x00e50000, 0x007a0000, 0x009f0000, + 0x00930000, 0x00c90000, 0x009c0000, 0x00ef0000, + 0x00a00000, 0x00e00000, 0x003b0000, 0x004d0000, + 0x00ae0000, 0x002a0000, 0x00f50000, 0x00b00000, + 0x00c80000, 0x00eb0000, 0x00bb0000, 0x003c0000, + 0x00830000, 0x00530000, 0x00990000, 0x00610000, + 0x00170000, 0x002b0000, 0x00040000, 0x007e0000, + 0x00ba0000, 0x00770000, 0x00d60000, 0x00260000, + 0x00e10000, 0x00690000, 0x00140000, 0x00630000, + 0x00550000, 0x00210000, 0x000c0000, 0x007d0000, + }, { + 0x52000000, 0x09000000, 0x6a000000, 0xd5000000, + 0x30000000, 0x36000000, 0xa5000000, 0x38000000, + 0xbf000000, 0x40000000, 0xa3000000, 0x9e000000, + 0x81000000, 0xf3000000, 0xd7000000, 0xfb000000, + 0x7c000000, 0xe3000000, 0x39000000, 0x82000000, + 0x9b000000, 0x2f000000, 0xff000000, 0x87000000, + 0x34000000, 0x8e000000, 0x43000000, 0x44000000, + 0xc4000000, 0xde000000, 0xe9000000, 0xcb000000, + 0x54000000, 0x7b000000, 0x94000000, 0x32000000, + 0xa6000000, 0xc2000000, 0x23000000, 0x3d000000, + 0xee000000, 0x4c000000, 0x95000000, 0x0b000000, + 0x42000000, 0xfa000000, 0xc3000000, 0x4e000000, + 0x08000000, 0x2e000000, 0xa1000000, 0x66000000, + 0x28000000, 0xd9000000, 0x24000000, 0xb2000000, + 0x76000000, 0x5b000000, 0xa2000000, 0x49000000, + 0x6d000000, 0x8b000000, 0xd1000000, 0x25000000, + 0x72000000, 0xf8000000, 0xf6000000, 0x64000000, + 0x86000000, 0x68000000, 0x98000000, 0x16000000, + 0xd4000000, 0xa4000000, 0x5c000000, 0xcc000000, + 0x5d000000, 0x65000000, 0xb6000000, 0x92000000, + 0x6c000000, 0x70000000, 0x48000000, 0x50000000, + 0xfd000000, 0xed000000, 0xb9000000, 0xda000000, + 0x5e000000, 0x15000000, 0x46000000, 0x57000000, + 0xa7000000, 0x8d000000, 0x9d000000, 0x84000000, + 0x90000000, 0xd8000000, 0xab000000, 0x00000000, + 0x8c000000, 0xbc000000, 0xd3000000, 0x0a000000, + 0xf7000000, 0xe4000000, 0x58000000, 0x05000000, + 0xb8000000, 0xb3000000, 0x45000000, 0x06000000, + 0xd0000000, 0x2c000000, 0x1e000000, 0x8f000000, + 0xca000000, 0x3f000000, 0x0f000000, 0x02000000, + 0xc1000000, 0xaf000000, 0xbd000000, 0x03000000, + 0x01000000, 0x13000000, 0x8a000000, 0x6b000000, + 0x3a000000, 0x91000000, 0x11000000, 0x41000000, + 0x4f000000, 0x67000000, 0xdc000000, 0xea000000, + 0x97000000, 0xf2000000, 0xcf000000, 0xce000000, + 0xf0000000, 0xb4000000, 0xe6000000, 0x73000000, + 0x96000000, 0xac000000, 0x74000000, 0x22000000, + 0xe7000000, 0xad000000, 0x35000000, 0x85000000, + 0xe2000000, 0xf9000000, 0x37000000, 0xe8000000, + 0x1c000000, 0x75000000, 0xdf000000, 0x6e000000, + 0x47000000, 0xf1000000, 0x1a000000, 0x71000000, + 0x1d000000, 0x29000000, 0xc5000000, 0x89000000, + 0x6f000000, 0xb7000000, 0x62000000, 0x0e000000, + 0xaa000000, 0x18000000, 0xbe000000, 0x1b000000, + 0xfc000000, 0x56000000, 0x3e000000, 0x4b000000, + 0xc6000000, 0xd2000000, 0x79000000, 0x20000000, + 0x9a000000, 0xdb000000, 0xc0000000, 0xfe000000, + 0x78000000, 0xcd000000, 0x5a000000, 0xf4000000, + 0x1f000000, 0xdd000000, 0xa8000000, 0x33000000, + 0x88000000, 0x07000000, 0xc7000000, 0x31000000, + 0xb1000000, 0x12000000, 0x10000000, 0x59000000, + 0x27000000, 0x80000000, 0xec000000, 0x5f000000, + 0x60000000, 0x51000000, 0x7f000000, 0xa9000000, + 0x19000000, 0xb5000000, 0x4a000000, 0x0d000000, + 0x2d000000, 0xe5000000, 0x7a000000, 0x9f000000, + 0x93000000, 0xc9000000, 0x9c000000, 0xef000000, + 0xa0000000, 0xe0000000, 0x3b000000, 0x4d000000, + 0xae000000, 0x2a000000, 0xf5000000, 0xb0000000, + 0xc8000000, 0xeb000000, 0xbb000000, 0x3c000000, + 0x83000000, 0x53000000, 0x99000000, 0x61000000, + 0x17000000, 0x2b000000, 0x04000000, 0x7e000000, + 0xba000000, 0x77000000, 0xd6000000, 0x26000000, + 0xe1000000, 0x69000000, 0x14000000, 0x63000000, + 0x55000000, 0x21000000, 0x0c000000, 0x7d000000, + } +}; + +/* initialise the key schedule from the user supplied key */ + +#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b) + +#define imix_col(y,x) do { \ + u = star_x(x); \ + v = star_x(u); \ + w = star_x(v); \ + t = w ^ (x); \ + (y) = u ^ v ^ w; \ + (y) ^= ror32(u ^ t, 8) ^ \ + ror32(v ^ t, 16) ^ \ + ror32(t, 24); \ +} while (0) + +#define ls_box(x) \ + crypto_fl_tab[0][byte(x, 0)] ^ \ + crypto_fl_tab[1][byte(x, 1)] ^ \ + crypto_fl_tab[2][byte(x, 2)] ^ \ + crypto_fl_tab[3][byte(x, 3)] + +#define loop4(i) do { \ + t = ror32(t, 8); \ + t = ls_box(t) ^ rco_tab[i]; \ + t ^= ctx->key_enc[4 * i]; \ + ctx->key_enc[4 * i + 4] = t; \ + t ^= ctx->key_enc[4 * i + 1]; \ + ctx->key_enc[4 * i + 5] = t; \ + t ^= ctx->key_enc[4 * i + 2]; \ + ctx->key_enc[4 * i + 6] = t; \ + t ^= ctx->key_enc[4 * i + 3]; \ + ctx->key_enc[4 * i + 7] = t; \ +} while (0) + +#define loop6(i) do { \ + t = ror32(t, 8); \ + t = ls_box(t) ^ rco_tab[i]; \ + t ^= ctx->key_enc[6 * i]; \ + ctx->key_enc[6 * i + 6] = t; \ + t ^= ctx->key_enc[6 * i + 1]; \ + ctx->key_enc[6 * i + 7] = t; \ + t ^= ctx->key_enc[6 * i + 2]; \ + ctx->key_enc[6 * i + 8] = t; \ + t ^= ctx->key_enc[6 * i + 3]; \ + ctx->key_enc[6 * i + 9] = t; \ + t ^= ctx->key_enc[6 * i + 4]; \ + ctx->key_enc[6 * i + 10] = t; \ + t ^= ctx->key_enc[6 * i + 5]; \ + ctx->key_enc[6 * i + 11] = t; \ +} while (0) + +#define loop8(i) do { \ + t = ror32(t, 8); \ + t = ls_box(t) ^ rco_tab[i]; \ + t ^= ctx->key_enc[8 * i]; \ + ctx->key_enc[8 * i + 8] = t; \ + t ^= ctx->key_enc[8 * i + 1]; \ + ctx->key_enc[8 * i + 9] = t; \ + t ^= ctx->key_enc[8 * i + 2]; \ + ctx->key_enc[8 * i + 10] = t; \ + t ^= ctx->key_enc[8 * i + 3]; \ + ctx->key_enc[8 * i + 11] = t; \ + t = ctx->key_enc[8 * i + 4] ^ ls_box(t); \ + ctx->key_enc[8 * i + 12] = t; \ + t ^= ctx->key_enc[8 * i + 5]; \ + ctx->key_enc[8 * i + 13] = t; \ + t ^= ctx->key_enc[8 * i + 6]; \ + ctx->key_enc[8 * i + 14] = t; \ + t ^= ctx->key_enc[8 * i + 7]; \ + ctx->key_enc[8 * i + 15] = t; \ +} while (0) + +/** + * crypto_aes_expand_key - Expands the AES key as described in FIPS-197 + * @ctx: The location where the computed key will be stored. + * @in_key: The supplied key. + * @key_len: The length of the supplied key. + * + * Returns 0 on success. The function fails only if an invalid key size (or + * pointer) is supplied. + * The expanded key size is 240 bytes (max of 14 rounds with a unique 16 bytes + * key schedule plus a 16 bytes key which is used before the first round). + * The decryption key is prepared for the "Equivalent Inverse Cipher" as + * described in FIPS-197. The first slot (16 bytes) of each key (enc or dec) is + * for the initial combination, the second slot for the first round and so on. + */ +int crypto_aes_expand_key(struct crypto_aes_ctx *ctx, const uint8_t *in_key, + unsigned int key_len) +{ + const uint32_t *key = (const uint32_t *)in_key; + uint32_t i, t, u, v, w, j; + + if (key_len != AES_KEYSIZE_128 && key_len != AES_KEYSIZE_192 && + key_len != AES_KEYSIZE_256) + return -1; + + ctx->key_length = key_len; + + ctx->key_dec[key_len + 24] = ctx->key_enc[0] = le32_to_cpu(key[0]); + ctx->key_dec[key_len + 25] = ctx->key_enc[1] = le32_to_cpu(key[1]); + ctx->key_dec[key_len + 26] = ctx->key_enc[2] = le32_to_cpu(key[2]); + ctx->key_dec[key_len + 27] = ctx->key_enc[3] = le32_to_cpu(key[3]); + + switch (key_len) { + case AES_KEYSIZE_128: + t = ctx->key_enc[3]; + for (i = 0; i < 10; ++i) + loop4(i); + break; + + case AES_KEYSIZE_192: + ctx->key_enc[4] = le32_to_cpu(key[4]); + t = ctx->key_enc[5] = le32_to_cpu(key[5]); + for (i = 0; i < 8; ++i) + loop6(i); + break; + + case AES_KEYSIZE_256: + ctx->key_enc[4] = le32_to_cpu(key[4]); + ctx->key_enc[5] = le32_to_cpu(key[5]); + ctx->key_enc[6] = le32_to_cpu(key[6]); + t = ctx->key_enc[7] = le32_to_cpu(key[7]); + for (i = 0; i < 7; ++i) + loop8(i); + break; + } + + ctx->key_dec[0] = ctx->key_enc[key_len + 24]; + ctx->key_dec[1] = ctx->key_enc[key_len + 25]; + ctx->key_dec[2] = ctx->key_enc[key_len + 26]; + ctx->key_dec[3] = ctx->key_enc[key_len + 27]; + + for (i = 4; i < key_len + 24; ++i) { + j = key_len + 24 - (i & ~3) + (i & 3); + imix_col(ctx->key_dec[j], ctx->key_enc[i]); + } + return 0; +} + +/* encrypt a block of text */ + +#define f_rn(bo, bi, n, k) do { \ + bo[n] = crypto_ft_tab[0][byte(bi[n], 0)] ^ \ + crypto_ft_tab[1][byte(bi[(n + 1) & 3], 1)] ^ \ + crypto_ft_tab[2][byte(bi[(n + 2) & 3], 2)] ^ \ + crypto_ft_tab[3][byte(bi[(n + 3) & 3], 3)] ^ *(k + n); \ +} while (0) + +#define f_nround(bo, bi, k) do {\ + f_rn(bo, bi, 0, k); \ + f_rn(bo, bi, 1, k); \ + f_rn(bo, bi, 2, k); \ + f_rn(bo, bi, 3, k); \ + k += 4; \ +} while (0) + +#define f_rl(bo, bi, n, k) do { \ + bo[n] = crypto_fl_tab[0][byte(bi[n], 0)] ^ \ + crypto_fl_tab[1][byte(bi[(n + 1) & 3], 1)] ^ \ + crypto_fl_tab[2][byte(bi[(n + 2) & 3], 2)] ^ \ + crypto_fl_tab[3][byte(bi[(n + 3) & 3], 3)] ^ *(k + n); \ +} while (0) + +#define f_lround(bo, bi, k) do {\ + f_rl(bo, bi, 0, k); \ + f_rl(bo, bi, 1, k); \ + f_rl(bo, bi, 2, k); \ + f_rl(bo, bi, 3, k); \ +} while (0) + +static void aes_encrypt(const struct crypto_aes_ctx *ctx, uint8_t *out, const uint8_t *in) +{ + const uint32_t *src = (const uint32_t *)in; + uint32_t *dst = (uint32_t *)out; + uint32_t b0[4], b1[4]; + const uint32_t *kp = ctx->key_enc + 4; + const int key_len = ctx->key_length; + + b0[0] = le32_to_cpu(src[0]) ^ ctx->key_enc[0]; + b0[1] = le32_to_cpu(src[1]) ^ ctx->key_enc[1]; + b0[2] = le32_to_cpu(src[2]) ^ ctx->key_enc[2]; + b0[3] = le32_to_cpu(src[3]) ^ ctx->key_enc[3]; + + if (key_len > 24) { + f_nround(b1, b0, kp); + f_nround(b0, b1, kp); + } + + if (key_len > 16) { + f_nround(b1, b0, kp); + f_nround(b0, b1, kp); + } + + f_nround(b1, b0, kp); + f_nround(b0, b1, kp); + f_nround(b1, b0, kp); + f_nround(b0, b1, kp); + f_nround(b1, b0, kp); + f_nround(b0, b1, kp); + f_nround(b1, b0, kp); + f_nround(b0, b1, kp); + f_nround(b1, b0, kp); + f_lround(b0, b1, kp); + + dst[0] = cpu_to_le32(b0[0]); + dst[1] = cpu_to_le32(b0[1]); + dst[2] = cpu_to_le32(b0[2]); + dst[3] = cpu_to_le32(b0[3]); +} + +/* decrypt a block of text */ + +#define i_rn(bo, bi, n, k) do { \ + bo[n] = crypto_it_tab[0][byte(bi[n], 0)] ^ \ + crypto_it_tab[1][byte(bi[(n + 3) & 3], 1)] ^ \ + crypto_it_tab[2][byte(bi[(n + 2) & 3], 2)] ^ \ + crypto_it_tab[3][byte(bi[(n + 1) & 3], 3)] ^ *(k + n); \ +} while (0) + +#define i_nround(bo, bi, k) do {\ + i_rn(bo, bi, 0, k); \ + i_rn(bo, bi, 1, k); \ + i_rn(bo, bi, 2, k); \ + i_rn(bo, bi, 3, k); \ + k += 4; \ +} while (0) + +#define i_rl(bo, bi, n, k) do { \ + bo[n] = crypto_il_tab[0][byte(bi[n], 0)] ^ \ + crypto_il_tab[1][byte(bi[(n + 3) & 3], 1)] ^ \ + crypto_il_tab[2][byte(bi[(n + 2) & 3], 2)] ^ \ + crypto_il_tab[3][byte(bi[(n + 1) & 3], 3)] ^ *(k + n); \ +} while (0) + +#define i_lround(bo, bi, k) do {\ + i_rl(bo, bi, 0, k); \ + i_rl(bo, bi, 1, k); \ + i_rl(bo, bi, 2, k); \ + i_rl(bo, bi, 3, k); \ +} while (0) + +static inline void crypto_xor_byte(uint8_t *a, const uint8_t *b, unsigned int size) +{ + for (; size; size--) + *a++ ^= *b++; +} + +void crypto_xor(uint8_t *dst, const uint8_t *src, unsigned int size) +{ + uint32_t *a = (uint32_t *)dst; + uint32_t *b = (uint32_t *)src; + + for (; size >= 4; size -= 4) + *a++ ^= *b++; + + crypto_xor_byte((uint8_t *)a, (uint8_t *)b, size); +} + +int crypto_cbc_encrypt(const struct crypto_aes_ctx *ctx, + void* src, int nbytes, void* dst, void* iv) +{ + int bsize = 16; + + do { + crypto_xor(iv, src, bsize); + aes_encrypt(ctx, dst, iv); + memcpy(iv, dst, bsize); + + src += bsize; + dst += bsize; + } while ((nbytes -= bsize) >= bsize); + + return nbytes; +} diff --git a/examples/shm/shm.c b/examples/shm/shm.c new file mode 100644 index 00000000000..24691152a09 --- /dev/null +++ b/examples/shm/shm.c @@ -0,0 +1,178 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +sem_t *enc_sem, *get_sem; + +#define SHM_SIZE 64*1024 + +void child(pid_t parent, void* mem) +{ + char key[16]; + char iv[16]; + struct crypto_aes_ctx ctx; + uint32_t mem_size; + + for (;;) { + memset(key, 0xa3, sizeof(key)); + memset(iv, 0x3, sizeof(iv)); + + sem_wait(enc_sem); + + crypto_aes_expand_key(&ctx, (void*)key, sizeof(key)); + + memcpy(&mem_size, mem, sizeof(mem_size)); + + crypto_cbc_encrypt(&ctx, mem, mem_size, mem, iv); + + sem_post(get_sem); + } +} + +static int must_finish = 0; + +static void alarm_handler(int signo) +{ + must_finish = 1; +} + +static double udifftimeval(struct timeval start, struct timeval end) +{ + return (double)(end.tv_usec - start.tv_usec) + + (double)(end.tv_sec - start.tv_sec) * 1000 * 1000; +} + +static void value2human(double bytes, double time, double* data, double* speed,char* metric) +{ + if (bytes > 1000 && bytes < 1000*1000) { + *data = ((double)bytes)/1000; + *speed = *data/time; + strcpy(metric, "Kb"); + return; + } else if (bytes >= 1000*1000 && bytes < 1000*1000*1000) { + *data = ((double)bytes)/(1000*1000); + *speed = *data/time; + strcpy(metric, "Mb"); + return; + } else if (bytes >= 1000*1000*1000) { + *data = ((double)bytes)/(1000*1000*1000); + *speed = *data/time; + strcpy(metric, "Gb"); + return; + } else { + *data = (double)bytes; + *speed = *data/time; + strcpy(metric, "bytes"); + return; + } +} + +void parent(pid_t child, void* mem) +{ +struct timeval start, end; +uint32_t chunksize; +double total = 0; +double secs, ddata, dspeed; +char metric[16]; + + signal(SIGALRM, alarm_handler); + + /* set a default value in shared memory */ + + for (chunksize = 256; chunksize <= (64 * 1024); chunksize *= 2) { + memset(mem, 0x33, chunksize); + + printf("\tEncrypting in chunks of %d bytes: ", chunksize); + fflush(stdout); + + total = 0; + must_finish = 0; + alarm(5); + gettimeofday(&start, NULL); + + do { + memcpy(mem, &chunksize, sizeof(chunksize)); + + sem_post(enc_sem); + + sem_wait(get_sem); + total+=chunksize; + } while(must_finish == 0); + + gettimeofday(&end, NULL); + + secs = udifftimeval(start, end)/ 1000000.0; + value2human(total, secs, &ddata, &dspeed, metric); + printf ("done. %.2f %s in %.2f secs: ", ddata, metric, secs); + printf ("%.2f %s/sec\n", dspeed, metric); + } + +} + +int main() +{ + int shmid, shmid2; + char c, *shm, *s, *semmem; + pid_t pid; + + signal(SIGUSR1, SIG_IGN); + signal(SIGUSR2, SIG_IGN); + + if ((shmid = shmget(IPC_PRIVATE, SHM_SIZE, IPC_CREAT | 0660)) < 0) { + perror("shmget fail"); + return 1; + } + + if ((shm = (char *) shmat(shmid, 0, 0)) == (char *) -1) { + perror("shmat : parent"); + return 2; + } + + if ((shmid2 = shmget(IPC_PRIVATE, 2*sizeof(sem_t), IPC_CREAT | 0660)) < 0) { + perror("shmget fail"); + return 1; + } + + if ((semmem = (char *) shmat(shmid2, 0, 0)) == (char *) -1) { + perror("shmat : parent"); + return 2; + } + + enc_sem = (void*)semmem; + get_sem = (void*)semmem + sizeof(sem_t); + + sem_init(enc_sem, 1, 0); + sem_init(get_sem, 1, 0); + + printf("Addresses in parent\n"); + printf("shared mem: %p\n", shm); + + s = shm; // s now references shared mem + for (c = 'A'; c <= 'Z'; ++c) // put some info there + *s++ = c; + *s = '\0'; // terminate the sequence + + switch (pid=fork()) { + case -1: + perror("fork"); + return 3; + default: + parent(pid, shm); + kill(pid, SIGTERM); + wait(0); // let the child finish + shmdt(shm); + shmctl(shmid, IPC_RMID, (struct shmid_ds *) 0); + break; + case 0: + child(getppid(), shm); + shmdt(shm); + break; + } + return 0; +} -- cgit From a3217541700e7280ab6a2a6ee7ca313f37827113 Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Wed, 1 Sep 2010 19:10:12 +0200 Subject: Drop a redundant prototype. --- ncr-int.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/ncr-int.h b/ncr-int.h index 274a314c30f..87964b08065 100644 --- a/ncr-int.h +++ b/ncr-int.h @@ -115,8 +115,6 @@ int ncr_key_derive(struct ncr_lists *lst, const struct ncr_key_derive *data, void ncr_key_clear(struct key_item_st* item); int ncr_key_update_flags(struct key_item_st *item, const struct nlattr *nla); -void ncr_key_clear(struct key_item_st* item); - /* key handling */ int ncr_key_init(struct ncr_lists *lst); int ncr_key_deinit(struct ncr_lists *lst, ncr_key_t desc); -- cgit From 72316eded1cc13dd8a339be92f43eeb79f252193 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 2 Sep 2010 21:14:37 +0200 Subject: Removed unneeded code. --- Makefile | 12 ++--- libtommath/bn_mp_and.c | 57 ---------------------- libtommath/bn_mp_exteuclid.c | 82 ------------------------------- libtommath/bn_mp_jacobi.c | 105 ---------------------------------------- libtommath/bn_mp_or.c | 50 ------------------- libtommath/bn_mp_prime_fermat.c | 62 ------------------------ libtommath/bn_mp_radix_size.c | 78 ----------------------------- libtommath/bn_mp_radix_smap.c | 24 --------- libtommath/bn_mp_read_radix.c | 85 -------------------------------- libtommath/bn_mp_sqrt.c | 81 ------------------------------- libtommath/bn_mp_toradix.c | 75 ---------------------------- libtommath/bn_mp_toradix_n.c | 88 --------------------------------- libtommath/bn_mp_xor.c | 51 ------------------- 13 files changed, 5 insertions(+), 845 deletions(-) delete mode 100644 libtommath/bn_mp_and.c delete mode 100644 libtommath/bn_mp_exteuclid.c delete mode 100644 libtommath/bn_mp_jacobi.c delete mode 100644 libtommath/bn_mp_or.c delete mode 100644 libtommath/bn_mp_prime_fermat.c delete mode 100644 libtommath/bn_mp_radix_size.c delete mode 100644 libtommath/bn_mp_radix_smap.c delete mode 100644 libtommath/bn_mp_read_radix.c delete mode 100644 libtommath/bn_mp_sqrt.c delete mode 100644 libtommath/bn_mp_toradix.c delete mode 100644 libtommath/bn_mp_toradix_n.c delete mode 100644 libtommath/bn_mp_xor.c diff --git a/Makefile b/Makefile index cdaab9339e3..a2db75be383 100644 --- a/Makefile +++ b/Makefile @@ -14,20 +14,18 @@ TOMMATH_OBJECTS = libtommath/bncore.o libtommath/bn_mp_init.o libtommath/bn_mp_c libtommath/bn_mp_div_d.o libtommath/bn_mp_mod_d.o libtommath/bn_mp_expt_d.o libtommath/bn_mp_addmod.o libtommath/bn_mp_submod.o \ libtommath/bn_mp_mulmod.o libtommath/bn_mp_sqrmod.o libtommath/bn_mp_gcd.o libtommath/bn_mp_lcm.o libtommath/bn_fast_mp_invmod.o libtommath/bn_mp_invmod.o \ libtommath/bn_mp_reduce.o libtommath/bn_mp_montgomery_setup.o libtommath/bn_fast_mp_montgomery_reduce.o libtommath/bn_mp_montgomery_reduce.o \ - libtommath/bn_mp_exptmod_fast.o libtommath/bn_mp_exptmod.o libtommath/bn_mp_2expt.o libtommath/bn_mp_n_root.o libtommath/bn_mp_jacobi.o libtommath/bn_reverse.o \ + libtommath/bn_mp_exptmod_fast.o libtommath/bn_mp_exptmod.o libtommath/bn_mp_2expt.o libtommath/bn_reverse.o \ libtommath/bn_mp_count_bits.o libtommath/bn_mp_read_unsigned_bin.o libtommath/bn_mp_read_signed_bin.o libtommath/bn_mp_to_unsigned_bin.o \ libtommath/bn_mp_to_signed_bin.o libtommath/bn_mp_unsigned_bin_size.o libtommath/bn_mp_signed_bin_size.o \ - libtommath/bn_mp_xor.o libtommath/bn_mp_and.o libtommath/bn_mp_or.o libtommath/bn_mp_rand.o libtommath/bn_mp_montgomery_calc_normalization.o \ - libtommath/bn_mp_prime_is_divisible.o libtommath/bn_prime_tab.o libtommath/bn_mp_prime_fermat.o libtommath/bn_mp_prime_miller_rabin.o \ + libtommath/bn_mp_rand.o libtommath/bn_mp_montgomery_calc_normalization.o \ + libtommath/bn_mp_prime_is_divisible.o libtommath/bn_prime_tab.o libtommath/bn_mp_prime_miller_rabin.o \ libtommath/bn_mp_prime_is_prime.o libtommath/bn_mp_prime_next_prime.o libtommath/bn_mp_dr_reduce.o \ libtommath/bn_mp_dr_is_modulus.o libtommath/bn_mp_dr_setup.o libtommath/bn_mp_reduce_setup.o \ libtommath/bn_mp_toom_mul.o libtommath/bn_mp_toom_sqr.o libtommath/bn_mp_div_3.o libtommath/bn_s_mp_exptmod.o \ libtommath/bn_mp_reduce_2k.o libtommath/bn_mp_reduce_is_2k.o libtommath/bn_mp_reduce_2k_setup.o \ libtommath/bn_mp_reduce_2k_l.o libtommath/bn_mp_reduce_is_2k_l.o libtommath/bn_mp_reduce_2k_setup_l.o \ - libtommath/bn_mp_radix_smap.o libtommath/bn_mp_read_radix.o libtommath/bn_mp_toradix.o libtommath/bn_mp_radix_size.o \ - libtommath/bn_mp_cnt_lsb.o libtommath/bn_error.o \ - libtommath/bn_mp_init_multi.o libtommath/bn_mp_clear_multi.o libtommath/bn_mp_exteuclid.o libtommath/bn_mp_toradix_n.o \ - libtommath/bn_mp_prime_random_ex.o libtommath/bn_mp_get_int.o libtommath/bn_mp_sqrt.o libtommath/bn_mp_is_square.o libtommath/bn_mp_init_set.o \ + libtommath/bn_mp_cnt_lsb.o libtommath/bn_error.o libtommath/bn_mp_init_multi.o libtommath/bn_mp_clear_multi.o \ + libtommath/bn_mp_prime_random_ex.o libtommath/bn_mp_get_int.o libtommath/bn_mp_init_set.o \ libtommath/bn_mp_init_set_int.o libtommath/bn_mp_invmod_slow.o libtommath/bn_mp_prime_rabin_miller_trials.o \ libtommath/bn_mp_to_signed_bin_n.o libtommath/bn_mp_to_unsigned_bin_n.o diff --git a/libtommath/bn_mp_and.c b/libtommath/bn_mp_and.c deleted file mode 100644 index 8ea22878f91..00000000000 --- a/libtommath/bn_mp_and.c +++ /dev/null @@ -1,57 +0,0 @@ -#include -#ifdef BN_MP_AND_C -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ - -/* AND two ints together */ -int -mp_and (mp_int * a, mp_int * b, mp_int * c) -{ - int res, ix, px; - mp_int t, *x; - - if (a->used > b->used) { - if ((res = mp_init_copy (&t, a)) != MP_OKAY) { - return res; - } - px = b->used; - x = b; - } else { - if ((res = mp_init_copy (&t, b)) != MP_OKAY) { - return res; - } - px = a->used; - x = a; - } - - for (ix = 0; ix < px; ix++) { - t.dp[ix] &= x->dp[ix]; - } - - /* zero digits above the last from the smallest mp_int */ - for (; ix < t.used; ix++) { - t.dp[ix] = 0; - } - - mp_clamp (&t); - mp_exch (c, &t); - mp_clear (&t); - return MP_OKAY; -} -#endif - -/* $Source: /cvs/libtom/libtommath/bn_mp_and.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2006/12/28 01:25:13 $ */ diff --git a/libtommath/bn_mp_exteuclid.c b/libtommath/bn_mp_exteuclid.c deleted file mode 100644 index e6c4ce2b853..00000000000 --- a/libtommath/bn_mp_exteuclid.c +++ /dev/null @@ -1,82 +0,0 @@ -#include -#ifdef BN_MP_EXTEUCLID_C -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ - -/* Extended euclidean algorithm of (a, b) produces - a*u1 + b*u2 = u3 - */ -int mp_exteuclid(mp_int *a, mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3) -{ - mp_int u1,u2,u3,v1,v2,v3,t1,t2,t3,q,tmp; - int err; - - if ((err = mp_init_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL)) != MP_OKAY) { - return err; - } - - /* initialize, (u1,u2,u3) = (1,0,a) */ - mp_set(&u1, 1); - if ((err = mp_copy(a, &u3)) != MP_OKAY) { goto _ERR; } - - /* initialize, (v1,v2,v3) = (0,1,b) */ - mp_set(&v2, 1); - if ((err = mp_copy(b, &v3)) != MP_OKAY) { goto _ERR; } - - /* loop while v3 != 0 */ - while (mp_iszero(&v3) == MP_NO) { - /* q = u3/v3 */ - if ((err = mp_div(&u3, &v3, &q, NULL)) != MP_OKAY) { goto _ERR; } - - /* (t1,t2,t3) = (u1,u2,u3) - (v1,v2,v3)q */ - if ((err = mp_mul(&v1, &q, &tmp)) != MP_OKAY) { goto _ERR; } - if ((err = mp_sub(&u1, &tmp, &t1)) != MP_OKAY) { goto _ERR; } - if ((err = mp_mul(&v2, &q, &tmp)) != MP_OKAY) { goto _ERR; } - if ((err = mp_sub(&u2, &tmp, &t2)) != MP_OKAY) { goto _ERR; } - if ((err = mp_mul(&v3, &q, &tmp)) != MP_OKAY) { goto _ERR; } - if ((err = mp_sub(&u3, &tmp, &t3)) != MP_OKAY) { goto _ERR; } - - /* (u1,u2,u3) = (v1,v2,v3) */ - if ((err = mp_copy(&v1, &u1)) != MP_OKAY) { goto _ERR; } - if ((err = mp_copy(&v2, &u2)) != MP_OKAY) { goto _ERR; } - if ((err = mp_copy(&v3, &u3)) != MP_OKAY) { goto _ERR; } - - /* (v1,v2,v3) = (t1,t2,t3) */ - if ((err = mp_copy(&t1, &v1)) != MP_OKAY) { goto _ERR; } - if ((err = mp_copy(&t2, &v2)) != MP_OKAY) { goto _ERR; } - if ((err = mp_copy(&t3, &v3)) != MP_OKAY) { goto _ERR; } - } - - /* make sure U3 >= 0 */ - if (u3.sign == MP_NEG) { - mp_neg(&u1, &u1); - mp_neg(&u2, &u2); - mp_neg(&u3, &u3); - } - - /* copy result out */ - if (U1 != NULL) { mp_exch(U1, &u1); } - if (U2 != NULL) { mp_exch(U2, &u2); } - if (U3 != NULL) { mp_exch(U3, &u3); } - - err = MP_OKAY; -_ERR: mp_clear_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL); - return err; -} -#endif - -/* $Source: /cvs/libtom/libtommath/bn_mp_exteuclid.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2006/12/28 01:25:13 $ */ diff --git a/libtommath/bn_mp_jacobi.c b/libtommath/bn_mp_jacobi.c deleted file mode 100644 index 91cfeeade4c..00000000000 --- a/libtommath/bn_mp_jacobi.c +++ /dev/null @@ -1,105 +0,0 @@ -#include -#ifdef BN_MP_JACOBI_C -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ - -/* computes the jacobi c = (a | n) (or Legendre if n is prime) - * HAC pp. 73 Algorithm 2.149 - */ -int mp_jacobi (mp_int * a, mp_int * p, int *c) -{ - mp_int a1, p1; - int k, s, r, res; - mp_digit residue; - - /* if p <= 0 return MP_VAL */ - if (mp_cmp_d(p, 0) != MP_GT) { - return MP_VAL; - } - - /* step 1. if a == 0, return 0 */ - if (mp_iszero (a) == 1) { - *c = 0; - return MP_OKAY; - } - - /* step 2. if a == 1, return 1 */ - if (mp_cmp_d (a, 1) == MP_EQ) { - *c = 1; - return MP_OKAY; - } - - /* default */ - s = 0; - - /* step 3. write a = a1 * 2**k */ - if ((res = mp_init_copy (&a1, a)) != MP_OKAY) { - return res; - } - - if ((res = mp_init (&p1)) != MP_OKAY) { - goto LBL_A1; - } - - /* divide out larger power of two */ - k = mp_cnt_lsb(&a1); - if ((res = mp_div_2d(&a1, k, &a1, NULL)) != MP_OKAY) { - goto LBL_P1; - } - - /* step 4. if e is even set s=1 */ - if ((k & 1) == 0) { - s = 1; - } else { - /* else set s=1 if p = 1/7 (mod 8) or s=-1 if p = 3/5 (mod 8) */ - residue = p->dp[0] & 7; - - if (residue == 1 || residue == 7) { - s = 1; - } else if (residue == 3 || residue == 5) { - s = -1; - } - } - - /* step 5. if p == 3 (mod 4) *and* a1 == 3 (mod 4) then s = -s */ - if ( ((p->dp[0] & 3) == 3) && ((a1.dp[0] & 3) == 3)) { - s = -s; - } - - /* if a1 == 1 we're done */ - if (mp_cmp_d (&a1, 1) == MP_EQ) { - *c = s; - } else { - /* n1 = n mod a1 */ - if ((res = mp_mod (p, &a1, &p1)) != MP_OKAY) { - goto LBL_P1; - } - if ((res = mp_jacobi (&p1, &a1, &r)) != MP_OKAY) { - goto LBL_P1; - } - *c = s * r; - } - - /* done */ - res = MP_OKAY; -LBL_P1:mp_clear (&p1); -LBL_A1:mp_clear (&a1); - return res; -} -#endif - -/* $Source: /cvs/libtom/libtommath/bn_mp_jacobi.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2006/12/28 01:25:13 $ */ diff --git a/libtommath/bn_mp_or.c b/libtommath/bn_mp_or.c deleted file mode 100644 index bff49954896..00000000000 --- a/libtommath/bn_mp_or.c +++ /dev/null @@ -1,50 +0,0 @@ -#include -#ifdef BN_MP_OR_C -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ - -/* OR two ints together */ -int mp_or (mp_int * a, mp_int * b, mp_int * c) -{ - int res, ix, px; - mp_int t, *x; - - if (a->used > b->used) { - if ((res = mp_init_copy (&t, a)) != MP_OKAY) { - return res; - } - px = b->used; - x = b; - } else { - if ((res = mp_init_copy (&t, b)) != MP_OKAY) { - return res; - } - px = a->used; - x = a; - } - - for (ix = 0; ix < px; ix++) { - t.dp[ix] |= x->dp[ix]; - } - mp_clamp (&t); - mp_exch (c, &t); - mp_clear (&t); - return MP_OKAY; -} -#endif - -/* $Source: /cvs/libtom/libtommath/bn_mp_or.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2006/12/28 01:25:13 $ */ diff --git a/libtommath/bn_mp_prime_fermat.c b/libtommath/bn_mp_prime_fermat.c deleted file mode 100644 index c23d77f6de7..00000000000 --- a/libtommath/bn_mp_prime_fermat.c +++ /dev/null @@ -1,62 +0,0 @@ -#include -#ifdef BN_MP_PRIME_FERMAT_C -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ - -/* performs one Fermat test. - * - * If "a" were prime then b**a == b (mod a) since the order of - * the multiplicative sub-group would be phi(a) = a-1. That means - * it would be the same as b**(a mod (a-1)) == b**1 == b (mod a). - * - * Sets result to 1 if the congruence holds, or zero otherwise. - */ -int mp_prime_fermat (mp_int * a, mp_int * b, int *result) -{ - mp_int t; - int err; - - /* default to composite */ - *result = MP_NO; - - /* ensure b > 1 */ - if (mp_cmp_d(b, 1) != MP_GT) { - return MP_VAL; - } - - /* init t */ - if ((err = mp_init (&t)) != MP_OKAY) { - return err; - } - - /* compute t = b**a mod a */ - if ((err = mp_exptmod (b, a, a, &t)) != MP_OKAY) { - goto LBL_T; - } - - /* is it equal to b? */ - if (mp_cmp (&t, b) == MP_EQ) { - *result = MP_YES; - } - - err = MP_OKAY; -LBL_T:mp_clear (&t); - return err; -} -#endif - -/* $Source: /cvs/libtom/libtommath/bn_mp_prime_fermat.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2006/12/28 01:25:13 $ */ diff --git a/libtommath/bn_mp_radix_size.c b/libtommath/bn_mp_radix_size.c deleted file mode 100644 index 1b61e3a1be9..00000000000 --- a/libtommath/bn_mp_radix_size.c +++ /dev/null @@ -1,78 +0,0 @@ -#include -#ifdef BN_MP_RADIX_SIZE_C -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ - -/* returns size of ASCII reprensentation */ -int mp_radix_size (mp_int * a, int radix, int *size) -{ - int res, digs; - mp_int t; - mp_digit d; - - *size = 0; - - /* special case for binary */ - if (radix == 2) { - *size = mp_count_bits (a) + (a->sign == MP_NEG ? 1 : 0) + 1; - return MP_OKAY; - } - - /* make sure the radix is in range */ - if (radix < 2 || radix > 64) { - return MP_VAL; - } - - if (mp_iszero(a) == MP_YES) { - *size = 2; - return MP_OKAY; - } - - /* digs is the digit count */ - digs = 0; - - /* if it's negative add one for the sign */ - if (a->sign == MP_NEG) { - ++digs; - } - - /* init a copy of the input */ - if ((res = mp_init_copy (&t, a)) != MP_OKAY) { - return res; - } - - /* force temp to positive */ - t.sign = MP_ZPOS; - - /* fetch out all of the digits */ - while (mp_iszero (&t) == MP_NO) { - if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) { - mp_clear (&t); - return res; - } - ++digs; - } - mp_clear (&t); - - /* return digs + 1, the 1 is for the NULL byte that would be required. */ - *size = digs + 1; - return MP_OKAY; -} - -#endif - -/* $Source: /cvs/libtom/libtommath/bn_mp_radix_size.c,v $ */ -/* $Revision: 1.5 $ */ -/* $Date: 2006/12/28 01:25:13 $ */ diff --git a/libtommath/bn_mp_radix_smap.c b/libtommath/bn_mp_radix_smap.c deleted file mode 100644 index 7d72feb84e6..00000000000 --- a/libtommath/bn_mp_radix_smap.c +++ /dev/null @@ -1,24 +0,0 @@ -#include -#ifdef BN_MP_RADIX_SMAP_C -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ - -/* chars used in radix conversions */ -const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"; -#endif - -/* $Source: /cvs/libtom/libtommath/bn_mp_radix_smap.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2006/12/28 01:25:13 $ */ diff --git a/libtommath/bn_mp_read_radix.c b/libtommath/bn_mp_read_radix.c deleted file mode 100644 index 91c46c22f74..00000000000 --- a/libtommath/bn_mp_read_radix.c +++ /dev/null @@ -1,85 +0,0 @@ -#include -#ifdef BN_MP_READ_RADIX_C -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ - -/* read a string [ASCII] in a given radix */ -int mp_read_radix (mp_int * a, const char *str, int radix) -{ - int y, res, neg; - char ch; - - /* zero the digit bignum */ - mp_zero(a); - - /* make sure the radix is ok */ - if (radix < 2 || radix > 64) { - return MP_VAL; - } - - /* if the leading digit is a - * minus set the sign to negative. - */ - if (*str == '-') { - ++str; - neg = MP_NEG; - } else { - neg = MP_ZPOS; - } - - /* set the integer to the default of zero */ - mp_zero (a); - - /* process each digit of the string */ - while (*str) { - /* if the radix < 36 the conversion is case insensitive - * this allows numbers like 1AB and 1ab to represent the same value - * [e.g. in hex] - */ - ch = (char) ((radix < 36) ? toupper (*str) : *str); - for (y = 0; y < 64; y++) { - if (ch == mp_s_rmap[y]) { - break; - } - } - - /* if the char was found in the map - * and is less than the given radix add it - * to the number, otherwise exit the loop. - */ - if (y < radix) { - if ((res = mp_mul_d (a, (mp_digit) radix, a)) != MP_OKAY) { - return res; - } - if ((res = mp_add_d (a, (mp_digit) y, a)) != MP_OKAY) { - return res; - } - } else { - break; - } - ++str; - } - - /* set the sign only if a != 0 */ - if (mp_iszero(a) != 1) { - a->sign = neg; - } - return MP_OKAY; -} -#endif - -/* $Source: /cvs/libtom/libtommath/bn_mp_read_radix.c,v $ */ -/* $Revision: 1.5 $ */ -/* $Date: 2006/12/28 01:25:13 $ */ diff --git a/libtommath/bn_mp_sqrt.c b/libtommath/bn_mp_sqrt.c deleted file mode 100644 index 8fd057ceedb..00000000000 --- a/libtommath/bn_mp_sqrt.c +++ /dev/null @@ -1,81 +0,0 @@ -#include -#ifdef BN_MP_SQRT_C -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ - -/* this function is less generic than mp_n_root, simpler and faster */ -int mp_sqrt(mp_int *arg, mp_int *ret) -{ - int res; - mp_int t1,t2; - - /* must be positive */ - if (arg->sign == MP_NEG) { - return MP_VAL; - } - - /* easy out */ - if (mp_iszero(arg) == MP_YES) { - mp_zero(ret); - return MP_OKAY; - } - - if ((res = mp_init_copy(&t1, arg)) != MP_OKAY) { - return res; - } - - if ((res = mp_init(&t2)) != MP_OKAY) { - goto E2; - } - - /* First approx. (not very bad for large arg) */ - mp_rshd (&t1,t1.used/2); - - /* t1 > 0 */ - if ((res = mp_div(arg,&t1,&t2,NULL)) != MP_OKAY) { - goto E1; - } - if ((res = mp_add(&t1,&t2,&t1)) != MP_OKAY) { - goto E1; - } - if ((res = mp_div_2(&t1,&t1)) != MP_OKAY) { - goto E1; - } - /* And now t1 > sqrt(arg) */ - do { - if ((res = mp_div(arg,&t1,&t2,NULL)) != MP_OKAY) { - goto E1; - } - if ((res = mp_add(&t1,&t2,&t1)) != MP_OKAY) { - goto E1; - } - if ((res = mp_div_2(&t1,&t1)) != MP_OKAY) { - goto E1; - } - /* t1 >= sqrt(arg) >= t2 at this point */ - } while (mp_cmp_mag(&t1,&t2) == MP_GT); - - mp_exch(&t1,ret); - -E1: mp_clear(&t2); -E2: mp_clear(&t1); - return res; -} - -#endif - -/* $Source: /cvs/libtom/libtommath/bn_mp_sqrt.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2006/12/28 01:25:13 $ */ diff --git a/libtommath/bn_mp_toradix.c b/libtommath/bn_mp_toradix.c deleted file mode 100644 index 0adc28d2fdb..00000000000 --- a/libtommath/bn_mp_toradix.c +++ /dev/null @@ -1,75 +0,0 @@ -#include -#ifdef BN_MP_TORADIX_C -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ - -/* stores a bignum as a ASCII string in a given radix (2..64) */ -int mp_toradix (mp_int * a, char *str, int radix) -{ - int res, digs; - mp_int t; - mp_digit d; - char *_s = str; - - /* check range of the radix */ - if (radix < 2 || radix > 64) { - return MP_VAL; - } - - /* quick out if its zero */ - if (mp_iszero(a) == 1) { - *str++ = '0'; - *str = '\0'; - return MP_OKAY; - } - - if ((res = mp_init_copy (&t, a)) != MP_OKAY) { - return res; - } - - /* if it is negative output a - */ - if (t.sign == MP_NEG) { - ++_s; - *str++ = '-'; - t.sign = MP_ZPOS; - } - - digs = 0; - while (mp_iszero (&t) == 0) { - if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) { - mp_clear (&t); - return res; - } - *str++ = mp_s_rmap[d]; - ++digs; - } - - /* reverse the digits of the string. In this case _s points - * to the first digit [exluding the sign] of the number] - */ - bn_reverse ((unsigned char *)_s, digs); - - /* append a NULL so the string is properly terminated */ - *str = '\0'; - - mp_clear (&t); - return MP_OKAY; -} - -#endif - -/* $Source: /cvs/libtom/libtommath/bn_mp_toradix.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2006/12/28 01:25:13 $ */ diff --git a/libtommath/bn_mp_toradix_n.c b/libtommath/bn_mp_toradix_n.c deleted file mode 100644 index 796ed55c65e..00000000000 --- a/libtommath/bn_mp_toradix_n.c +++ /dev/null @@ -1,88 +0,0 @@ -#include -#ifdef BN_MP_TORADIX_N_C -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ - -/* stores a bignum as a ASCII string in a given radix (2..64) - * - * Stores upto maxlen-1 chars and always a NULL byte - */ -int mp_toradix_n(mp_int * a, char *str, int radix, int maxlen) -{ - int res, digs; - mp_int t; - mp_digit d; - char *_s = str; - - /* check range of the maxlen, radix */ - if (maxlen < 2 || radix < 2 || radix > 64) { - return MP_VAL; - } - - /* quick out if its zero */ - if (mp_iszero(a) == MP_YES) { - *str++ = '0'; - *str = '\0'; - return MP_OKAY; - } - - if ((res = mp_init_copy (&t, a)) != MP_OKAY) { - return res; - } - - /* if it is negative output a - */ - if (t.sign == MP_NEG) { - /* we have to reverse our digits later... but not the - sign!! */ - ++_s; - - /* store the flag and mark the number as positive */ - *str++ = '-'; - t.sign = MP_ZPOS; - - /* subtract a char */ - --maxlen; - } - - digs = 0; - while (mp_iszero (&t) == 0) { - if (--maxlen < 1) { - /* no more room */ - break; - } - if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) { - mp_clear (&t); - return res; - } - *str++ = mp_s_rmap[d]; - ++digs; - } - - /* reverse the digits of the string. In this case _s points - * to the first digit [exluding the sign] of the number - */ - bn_reverse ((unsigned char *)_s, digs); - - /* append a NULL so the string is properly terminated */ - *str = '\0'; - - mp_clear (&t); - return MP_OKAY; -} - -#endif - -/* $Source: /cvs/libtom/libtommath/bn_mp_toradix_n.c,v $ */ -/* $Revision: 1.5 $ */ -/* $Date: 2006/12/28 01:25:13 $ */ diff --git a/libtommath/bn_mp_xor.c b/libtommath/bn_mp_xor.c deleted file mode 100644 index 59ff2e18320..00000000000 --- a/libtommath/bn_mp_xor.c +++ /dev/null @@ -1,51 +0,0 @@ -#include -#ifdef BN_MP_XOR_C -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ - -/* XOR two ints together */ -int -mp_xor (mp_int * a, mp_int * b, mp_int * c) -{ - int res, ix, px; - mp_int t, *x; - - if (a->used > b->used) { - if ((res = mp_init_copy (&t, a)) != MP_OKAY) { - return res; - } - px = b->used; - x = b; - } else { - if ((res = mp_init_copy (&t, b)) != MP_OKAY) { - return res; - } - px = a->used; - x = a; - } - - for (ix = 0; ix < px; ix++) { - t.dp[ix] ^= x->dp[ix]; - } - mp_clamp (&t); - mp_exch (c, &t); - mp_clear (&t); - return MP_OKAY; -} -#endif - -/* $Source: /cvs/libtom/libtommath/bn_mp_xor.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2006/12/28 01:25:13 $ */ -- cgit From 5000469e203ada7c65073f32770491057c8233bd Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 2 Sep 2010 23:10:17 +0200 Subject: Use the linux kernel heapsort instead of including qsort. --- Makefile | 2 +- libtomcrypt/headers/tomcrypt.h | 1 + libtomcrypt/headers/tomcrypt_cfg.h | 4 +- libtomcrypt/headers/tomcrypt_custom.h | 2 +- libtomcrypt/misc/qsort.c | 247 ---------------------------------- libtommath/tommath.h | 2 +- 6 files changed, 6 insertions(+), 252 deletions(-) delete mode 100644 libtomcrypt/misc/qsort.c diff --git a/Makefile b/Makefile index a2db75be383..73e9ebbf385 100644 --- a/Makefile +++ b/Makefile @@ -30,7 +30,7 @@ TOMMATH_OBJECTS = libtommath/bncore.o libtommath/bn_mp_init.o libtommath/bn_mp_c libtommath/bn_mp_to_signed_bin_n.o libtommath/bn_mp_to_unsigned_bin_n.o TOMCRYPT_OBJECTS = libtomcrypt/misc/zeromem.o libtomcrypt/misc/crypt/crypt_argchk.o \ - libtomcrypt/math/rand_prime.o libtomcrypt/misc/qsort.o libtomcrypt/hashes/hash_get_oid.o \ + libtomcrypt/math/rand_prime.o libtomcrypt/hashes/hash_get_oid.o \ libtomcrypt/hashes/crypt_hash_is_valid.o libtomcrypt/hashes/hash_memory.o libtomcrypt/hashes/hash_memory_multi.o \ libtomcrypt/pk/dsa/dsa_make_key.o libtomcrypt/pk/dsa/dsa_export.o libtomcrypt/pk/dsa/dsa_import.o \ libtomcrypt/pk/dsa/dsa_free.o libtomcrypt/pk/dsa/dsa_sign_hash.o libtomcrypt/pk/dsa/dsa_verify_hash.o \ diff --git a/libtomcrypt/headers/tomcrypt.h b/libtomcrypt/headers/tomcrypt.h index fdb6c8d1f16..a9c675d0944 100644 --- a/libtomcrypt/headers/tomcrypt.h +++ b/libtomcrypt/headers/tomcrypt.h @@ -6,6 +6,7 @@ #include #include #include +#include /* use configuration data */ #include diff --git a/libtomcrypt/headers/tomcrypt_cfg.h b/libtomcrypt/headers/tomcrypt_cfg.h index 8ad90bce4b0..93db10e6729 100644 --- a/libtomcrypt/headers/tomcrypt_cfg.h +++ b/libtomcrypt/headers/tomcrypt_cfg.h @@ -19,11 +19,11 @@ #define LTC_EXPORT #endif -LTC_EXPORT void LTC_CALL XQSORT(void *base, size_t nmemb, size_t size, int(*compar)(const void *, const void *)); - /* certain platforms use macros for these, making the prototypes broken */ #ifndef LTC_NO_PROTOTYPES +LTC_EXPORT void LTC_CALL XQSORT(void *base, size_t nmemb, size_t size, int(*compar)(const void *, const void *)); + /* you can change how memory allocation works ... */ LTC_EXPORT void * LTC_CALL XMALLOC(size_t n); LTC_EXPORT void * LTC_CALL XREALLOC(void *p, size_t n); diff --git a/libtomcrypt/headers/tomcrypt_custom.h b/libtomcrypt/headers/tomcrypt_custom.h index c537dc7605a..76b574487bc 100644 --- a/libtomcrypt/headers/tomcrypt_custom.h +++ b/libtomcrypt/headers/tomcrypt_custom.h @@ -65,7 +65,7 @@ #ifdef qsort #define LTC_NO_PROTOTYPES #endif -#define XQSORT qsort +#define XQSORT(x,y,z,w) sort(x,y,z,w,NULL) #endif /* Easy button? */ diff --git a/libtomcrypt/misc/qsort.c b/libtomcrypt/misc/qsort.c deleted file mode 100644 index 72f51088e35..00000000000 --- a/libtomcrypt/misc/qsort.c +++ /dev/null @@ -1,247 +0,0 @@ -/* Copyright (C) 1991,1992,1996,1997,1999,2004 Free Software Foundation, Inc. - This file is part of the GNU C Library. - Written by Douglas C. Schmidt (schmidt@ics.uci.edu). - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* If you consider tuning this algorithm, you should consult first: - Engineering a sort function; Jon Bentley and M. Douglas McIlroy; - Software - Practice and Experience; Vol. 23 (11), 1249-1265, 1993. */ - -#include - -/* Byte-wise swap two items of size SIZE. */ -#define SWAP(a, b, size) \ - do \ - { \ - register size_t __size = (size); \ - register char *__a = (a), *__b = (b); \ - do \ - { \ - char __tmp = *__a; \ - *__a++ = *__b; \ - *__b++ = __tmp; \ - } while (--__size > 0); \ - } while (0) - -/* Discontinue quicksort algorithm when partition gets below this size. - This particular magic number was chosen to work best on a Sun 4/260. */ -#define MAX_THRESH 4 - -/* Stack node declarations used to store unfulfilled partition obligations. */ -typedef struct - { - char *lo; - char *hi; - } stack_node; - -/* The next 4 #defines implement a very fast in-line stack abstraction. */ -/* The stack needs log (total_elements) entries (we could even subtract - log(MAX_THRESH)). Since total_elements has type size_t, we get as - upper bound for log (total_elements): - bits per byte (CHAR_BIT) * sizeof(size_t). */ -#define STACK_SIZE (CHAR_BIT * sizeof(size_t)) -#define PUSH(low, high) ((void) ((top->lo = (low)), (top->hi = (high)), ++top)) -#define POP(low, high) ((void) (--top, (low = top->lo), (high = top->hi))) -#define STACK_NOT_EMPTY (stack < top) - - -/* Order size using quicksort. This implementation incorporates - four optimizations discussed in Sedgewick: - - 1. Non-recursive, using an explicit stack of pointer that store the - next array partition to sort. To save time, this maximum amount - of space required to store an array of SIZE_MAX is allocated on the - stack. Assuming a 32-bit (64 bit) integer for size_t, this needs - only 32 * sizeof(stack_node) == 256 bytes (for 64 bit: 1024 bytes). - Pretty cheap, actually. - - 2. Chose the pivot element using a median-of-three decision tree. - This reduces the probability of selecting a bad pivot value and - eliminates certain extraneous comparisons. - - 3. Only quicksorts TOTAL_ELEMS / MAX_THRESH partitions, leaving - insertion sort to order the MAX_THRESH items within each partition. - This is a big win, since insertion sort is faster for small, mostly - sorted array segments. - - 4. The larger of the two sub-partitions is always pushed onto the - stack first, with the algorithm then concentrating on the - smaller partition. This *guarantees* no more than log (total_elems) - stack size is needed (actually O(1) in this case)! */ - -typedef int(*__compar_fn_t)(const void *, const void *); - -void -qsort (void *const pbase, size_t total_elems, size_t size, - __compar_fn_t cmp) -{ - register char *base_ptr = (char *) pbase; - - const size_t max_thresh = MAX_THRESH * size; - - if (total_elems == 0) - /* Avoid lossage with unsigned arithmetic below. */ - return; - - if (total_elems > MAX_THRESH) - { - char *lo = base_ptr; - char *hi = &lo[size * (total_elems - 1)]; - stack_node stack[STACK_SIZE]; - stack_node *top = stack; - - PUSH (NULL, NULL); - - while (STACK_NOT_EMPTY) - { - char *left_ptr; - char *right_ptr; - - /* Select median value from among LO, MID, and HI. Rearrange - LO and HI so the three values are sorted. This lowers the - probability of picking a pathological pivot value and - skips a comparison for both the LEFT_PTR and RIGHT_PTR in - the while loops. */ - - char *mid = lo + size * ((hi - lo) / size >> 1); - - if ((*cmp) ((void *) mid, (void *) lo) < 0) - SWAP (mid, lo, size); - if ((*cmp) ((void *) hi, (void *) mid) < 0) - SWAP (mid, hi, size); - else - goto jump_over; - if ((*cmp) ((void *) mid, (void *) lo) < 0) - SWAP (mid, lo, size); - jump_over:; - - left_ptr = lo + size; - right_ptr = hi - size; - - /* Here's the famous ``collapse the walls'' section of quicksort. - Gotta like those tight inner loops! They are the main reason - that this algorithm runs much faster than others. */ - do - { - while ((*cmp) ((void *) left_ptr, (void *) mid) < 0) - left_ptr += size; - - while ((*cmp) ((void *) mid, (void *) right_ptr) < 0) - right_ptr -= size; - - if (left_ptr < right_ptr) - { - SWAP (left_ptr, right_ptr, size); - if (mid == left_ptr) - mid = right_ptr; - else if (mid == right_ptr) - mid = left_ptr; - left_ptr += size; - right_ptr -= size; - } - else if (left_ptr == right_ptr) - { - left_ptr += size; - right_ptr -= size; - break; - } - } - while (left_ptr <= right_ptr); - - /* Set up pointers for next iteration. First determine whether - left and right partitions are below the threshold size. If so, - ignore one or both. Otherwise, push the larger partition's - bounds on the stack and continue sorting the smaller one. */ - - if ((size_t) (right_ptr - lo) <= max_thresh) - { - if ((size_t) (hi - left_ptr) <= max_thresh) - /* Ignore both small partitions. */ - POP (lo, hi); - else - /* Ignore small left partition. */ - lo = left_ptr; - } - else if ((size_t) (hi - left_ptr) <= max_thresh) - /* Ignore small right partition. */ - hi = right_ptr; - else if ((right_ptr - lo) > (hi - left_ptr)) - { - /* Push larger left partition indices. */ - PUSH (lo, right_ptr); - lo = left_ptr; - } - else - { - /* Push larger right partition indices. */ - PUSH (left_ptr, hi); - hi = right_ptr; - } - } - } - - /* Once the BASE_PTR array is partially sorted by quicksort the rest - is completely sorted using insertion sort, since this is efficient - for partitions below MAX_THRESH size. BASE_PTR points to the beginning - of the array to sort, and END_PTR points at the very last element in - the array (*not* one beyond it!). */ - - { - char *const end_ptr = &base_ptr[size * (total_elems - 1)]; - char *tmp_ptr = base_ptr; - char *thresh = min(end_ptr, base_ptr + max_thresh); - register char *run_ptr; - - /* Find smallest element in first threshold and place it at the - array's beginning. This is the smallest array element, - and the operation speeds up insertion sort's inner loop. */ - - for (run_ptr = tmp_ptr + size; run_ptr <= thresh; run_ptr += size) - if ((*cmp) ((void *) run_ptr, (void *) tmp_ptr) < 0) - tmp_ptr = run_ptr; - - if (tmp_ptr != base_ptr) - SWAP (tmp_ptr, base_ptr, size); - - /* Insertion sort, running from left-hand-side up to right-hand-side. */ - - run_ptr = base_ptr + size; - while ((run_ptr += size) <= end_ptr) - { - tmp_ptr = run_ptr - size; - while ((*cmp) ((void *) run_ptr, (void *) tmp_ptr) < 0) - tmp_ptr -= size; - - tmp_ptr += size; - if (tmp_ptr != run_ptr) - { - char *trav; - - trav = run_ptr + size; - while (--trav >= run_ptr) - { - char c = *trav; - char *hi, *lo; - - for (hi = lo = trav; (lo -= size) >= tmp_ptr; hi = lo) - *hi = *lo; - *hi = c; - } - } - } - } -} diff --git a/libtommath/tommath.h b/libtommath/tommath.h index 31ded829977..491bcc2221a 100644 --- a/libtommath/tommath.h +++ b/libtommath/tommath.h @@ -71,7 +71,7 @@ extern "C" { # define DIGIT_BIT 15 #elif BITS_PER_LONG == 64 - + typedef uint32_t mp_digit; typedef uint64_t mp_word; # define DIGIT_BIT 31 -- cgit From 9ecba820b90c85bd927fbb18fabe0f6fc8f97141 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 2 Sep 2010 23:20:09 +0200 Subject: Added a FIXME on the used types. --- libtommath/tommath.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libtommath/tommath.h b/libtommath/tommath.h index 491bcc2221a..6653f5550f5 100644 --- a/libtommath/tommath.h +++ b/libtommath/tommath.h @@ -64,6 +64,10 @@ extern "C" { * At the very least a mp_digit must be able to hold 7 bits * [any size beyond that is ok provided it doesn't overflow the data type] */ + +/* FIXME: This can be improved, but might require to use a 64bit division + * on 32bit machines and an 128bit on 64. + */ #if BITS_PER_LONG <= 32 typedef uint16_t mp_digit; -- cgit From 7f4d9adf958f00805e60a353d2779434aca36fe2 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 3 Sep 2010 08:33:33 +0200 Subject: Optimizations for 32bit machines by using a 64bit word type and 32bit digit. Unfortunately we cannot do the same for 64bit since we don't have an 128bit type in kernel. --- libtommath/bn_mp_div.c | 2 +- libtommath/bn_mp_div_3.c | 2 +- libtommath/bn_mp_div_d.c | 2 +- libtommath/tommath.h | 17 +++++++++++++---- 4 files changed, 16 insertions(+), 7 deletions(-) diff --git a/libtommath/bn_mp_div.c b/libtommath/bn_mp_div.c index aee9c94324d..723c8b503dd 100644 --- a/libtommath/bn_mp_div.c +++ b/libtommath/bn_mp_div.c @@ -195,7 +195,7 @@ int mp_div (mp_int * a, mp_int * b, mp_int * c, mp_int * d) mp_word tmp; tmp = ((mp_word) x.dp[i]) << ((mp_word) DIGIT_BIT); tmp |= ((mp_word) x.dp[i - 1]); - tmp /= ((mp_word) y.dp[t]); + tmp = word_div_int(tmp, (int)y.dp[t]); if (tmp > (mp_word) MP_MASK) tmp = MP_MASK; q.dp[i - t - 1] = (mp_digit) (tmp & (mp_word) (MP_MASK)); diff --git a/libtommath/bn_mp_div_3.c b/libtommath/bn_mp_div_3.c index 3c60269ecea..608e759e366 100644 --- a/libtommath/bn_mp_div_3.c +++ b/libtommath/bn_mp_div_3.c @@ -25,7 +25,7 @@ mp_div_3 (mp_int * a, mp_int *c, mp_digit * d) int res, ix; /* b = 2**DIGIT_BIT / 3 */ - b = (((mp_word)1) << ((mp_word)DIGIT_BIT)) / ((mp_word)3); + b = word_div_int (((mp_word)1) << DIGIT_BIT, 3); if ((res = mp_init_size(&q, a->used)) != MP_OKAY) { return res; diff --git a/libtommath/bn_mp_div_d.c b/libtommath/bn_mp_div_d.c index 6a26d4f0cf6..63efc2cfa69 100644 --- a/libtommath/bn_mp_div_d.c +++ b/libtommath/bn_mp_div_d.c @@ -87,7 +87,7 @@ int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d) w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]); if (w >= b) { - t = (mp_digit)(w / b); + t = (mp_digit)(word_div_int(w, b)); w -= ((mp_word)t) * ((mp_word)b); } else { t = 0; diff --git a/libtommath/tommath.h b/libtommath/tommath.h index 6653f5550f5..3fa7ae89853 100644 --- a/libtommath/tommath.h +++ b/libtommath/tommath.h @@ -20,6 +20,7 @@ #include #include #include +#include #define CHAR_BIT sizeof(uint8_t)*8 @@ -65,19 +66,22 @@ extern "C" { * [any size beyond that is ok provided it doesn't overflow the data type] */ -/* FIXME: This can be improved, but might require to use a 64bit division - * on 32bit machines and an 128bit on 64. +/* FIXME: This can be improved, but requires to use 128bit division + * on 64bit machines, which is not available in kernel now. */ -#if BITS_PER_LONG <= 32 +#if BITS_PER_LONG < 32 typedef uint16_t mp_digit; typedef uint32_t mp_word; # define DIGIT_BIT 15 -#elif BITS_PER_LONG == 64 +#elif BITS_PER_LONG <= 64 typedef uint32_t mp_digit; typedef uint64_t mp_word; + +# define word_div_int(x,y) div_u64((x),(y)) + # define DIGIT_BIT 31 #endif @@ -92,6 +96,11 @@ extern "C" { #endif +#ifndef word_div_int +# define word_div_int(x,y) ((x)/(y)) +#endif + + /* define heap macros */ #ifndef XMALLOC # define XMALLOC(x) kmalloc(x, GFP_KERNEL) -- cgit From a0e8e636aad06ad1d3d4f2460ee5a7cdf30c393b Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 5 Sep 2010 11:32:30 +0200 Subject: Rationalized the key wrapping format. It currently is: PackedData ::= SEQUENCE { version INTEGER { v1(0) } algorithm OBJECT IDENTIFIER, type INTEGER { secret_key(0), public(1), private(2) }, data OCTET STRING } Unfortunately there are not assigned OIDs for all algorithms we support. --- ncr-int.h | 23 ++++++-- ncr-key-wrap.c | 89 ++++++++++++------------------- ncr-sessions.c | 162 ++++++++++++++++++++++++++++++++++++++++++++++++++------- 3 files changed, 198 insertions(+), 76 deletions(-) diff --git a/ncr-int.h b/ncr-int.h index 87964b08065..c413f846bb6 100644 --- a/ncr-int.h +++ b/ncr-int.h @@ -25,19 +25,33 @@ enum ncr_algorithm { NCR_ALG_NULL, NCR_ALG_3DES_CBC, - - NCR_ALG_MD5, + NCR_ALG_3DES_ECB, + + NCR_ALG_AES_ECB, + NCR_ALG_AES_CBC, + NCR_ALG_AES_CTR, + + NCR_ALG_CAMELIA_ECB, + NCR_ALG_CAMELIA_CBC, + NCR_ALG_CAMELIA_CTR, + + NCR_ALG_MD5=60, NCR_ALG_SHA1, NCR_ALG_SHA2_224, NCR_ALG_SHA2_256, NCR_ALG_SHA2_384, NCR_ALG_SHA2_512, - NCR_ALG_RSA, + NCR_ALG_RSA=120, NCR_ALG_DSA, NCR_ALG_DH, }; +struct algo_oid_st { + oid_st oid; + int key_size; +}; + struct algo_properties_st { enum ncr_algorithm algo; const char *kstr; @@ -56,6 +70,7 @@ struct algo_properties_st { * NCR_KEY_TYPE_PUBLIC for a public key algorithm. */ ncr_key_type_t key_type; + const struct algo_oid_st *oids; }; struct key_item_st { @@ -192,6 +207,8 @@ int key_to_storage_data( uint8_t** data, size_t * data_size, const struct key_it const struct algo_properties_st *_ncr_algo_to_properties(const char *algo); const struct algo_properties_st *_ncr_nla_to_properties(const struct nlattr *nla); int _ncr_key_get_sec_level(struct key_item_st* item); +const struct algo_properties_st *_ncr_oid_to_properties(oid_st* oid); +const oid_st* _ncr_properties_to_oid(const struct algo_properties_st * prop, int key_size); /* CONFIG_COMPAT handling */ diff --git a/ncr-key-wrap.c b/ncr-key-wrap.c index 7ea70cfc847..52dca51510c 100644 --- a/ncr-key-wrap.c +++ b/ncr-key-wrap.c @@ -831,8 +831,8 @@ fail: /* Packed data are DER encoded: * PackedData ::= SEQUENCE { * version INTEGER { v1(0) } - * type INTEGER { secret_key(0), rsa_privkey(1), rsa_pubkey(2), dsa_privkey(3), dsa_pubkey(4), - * dh_privkey(5), dh_pubkey(6) }, + * algorithm OBJECT IDENTIFIER, + * type INTEGER { secret_key(0), public(1), private(2) }, * data OCTET STRING * } * @@ -847,6 +847,7 @@ static int key_to_packed_data( uint8_t** sdata, size_t * sdata_size, const struc unsigned long version = KEY_WRAP_VERSION; unsigned long type; unsigned long derlen; + const oid_st* oid; *sdata_size = KEY_DATA_MAX_SIZE; pkey = kmalloc(*sdata_size, GFP_KERNEL); @@ -875,37 +876,25 @@ static int key_to_packed_data( uint8_t** sdata, size_t * sdata_size, const struc goto fail; } - switch (key->algorithm->algo) { - case NCR_ALG_RSA: - if (key->type == NCR_KEY_TYPE_PUBLIC) - type = 2; - else type = 1; - break; - case NCR_ALG_DSA: - if (key->type == NCR_KEY_TYPE_PUBLIC) - type = 4; - else type = 3; - break; - case NCR_ALG_DH: - if (key->type == NCR_KEY_TYPE_PUBLIC) - type = 6; - else type = 5; - break; - default: - /* unsupported yet */ - ret = -EINVAL; - err(); - goto fail; - } - + if (key->type == NCR_KEY_TYPE_PUBLIC) + type = 1; + else type = 2; } else { err(); ret = -EINVAL; goto fail; } + + oid = _ncr_properties_to_oid(key->algorithm, pkey_size); + if (oid == NULL) { + err(); + ret = -EOPNOTSUPP; + goto fail; + } err = der_encode_sequence_multi(derkey, &derlen, LTC_ASN1_SHORT_INTEGER, 1UL, &version, + LTC_ASN1_OBJECT_IDENTIFIER, oid->OIDlen, oid->OID, LTC_ASN1_SHORT_INTEGER, 1UL, &type, LTC_ASN1_OCTET_STRING, (unsigned long)pkey_size, pkey, LTC_ASN1_EOL, 0UL, NULL); @@ -934,42 +923,17 @@ inline static int packed_type_to_key_type(unsigned long type, struct key_item_st switch(type) { case 0: key->type = NCR_KEY_TYPE_SECRET; - key->algorithm = _ncr_algo_to_properties("cbc(aes)"); break; case 1: - key->type = NCR_KEY_TYPE_PRIVATE; - key->algorithm = _ncr_algo_to_properties("rsa"); - break; - case 2: key->type = NCR_KEY_TYPE_PUBLIC; - key->algorithm = _ncr_algo_to_properties("rsa"); break; - case 3: - key->type = NCR_KEY_TYPE_PRIVATE; - key->algorithm = _ncr_algo_to_properties("dsa"); - break; - case 4: - key->type = NCR_KEY_TYPE_PUBLIC; - key->algorithm = _ncr_algo_to_properties("dsa"); - break; - case 5: + case 2: key->type = NCR_KEY_TYPE_PRIVATE; - key->algorithm = _ncr_algo_to_properties("dh"); - break; - case 6: - key->type = NCR_KEY_TYPE_PUBLIC; - key->algorithm = _ncr_algo_to_properties("dh"); break; default: err(); return -EINVAL; } - - if (key->algorithm == NULL) { - err(); - return -EINVAL; - } - return 0; } @@ -981,9 +945,10 @@ static int key_from_packed_data(struct nlattr *tb[], struct key_item_st *key, const void *data, size_t data_size) { ltc_asn1_list list[6]; - int ret, i = 0, pkey_size, err; + int ret, i, pkey_size, err; unsigned long version, type; uint8_t * pkey = NULL; + oid_st oid; if (data_size > DER_KEY_MAX_SIZE) { err(); @@ -997,10 +962,16 @@ static int key_from_packed_data(struct nlattr *tb[], struct key_item_st *key, return -ENOMEM; } + i = 0; + list[i].type = LTC_ASN1_SHORT_INTEGER; list[i].size = 1; list[i++].data = &version; + list[i].type = LTC_ASN1_OBJECT_IDENTIFIER; + list[i].size = sizeof(oid.OID)/sizeof(oid.OID[0]); + list[i++].data = oid.OID; + list[i].type = LTC_ASN1_SHORT_INTEGER; list[i].size = 1; list[i++].data = &type; @@ -1015,14 +986,15 @@ static int key_from_packed_data(struct nlattr *tb[], struct key_item_st *key, ret = _ncr_tomerr(err); goto fail; } - + if (version != KEY_WRAP_VERSION) { err(); ret = -EINVAL; goto fail; } - - pkey_size = list[2].size; + + oid.OIDlen = list[1].size; + pkey_size = list[3].size; ret = packed_type_to_key_type(type, key); if (ret < 0) { @@ -1030,6 +1002,13 @@ static int key_from_packed_data(struct nlattr *tb[], struct key_item_st *key, goto fail; } + key->algorithm = _ncr_oid_to_properties(&oid); + if (key->algorithm == NULL) { + err(); + ret = -EINVAL; + goto fail; + } + ret = ncr_key_update_flags(key, tb[NCR_ATTR_KEY_FLAGS]); if (ret != 0) { err(); diff --git a/ncr-sessions.c b/ncr-sessions.c index f7e577757a9..a7504b37f21 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -212,6 +212,89 @@ err_sess: return NULL; } +const oid_st* _ncr_properties_to_oid(const struct algo_properties_st * prop, int key_size) +{ +int i = 0; + + if (prop->oids == NULL) + return NULL; + + do { + if (key_size == prop->oids[i].key_size || + prop->oids[i].key_size == -1 /* catch all */) { + + return &prop->oids[i].oid; + } + } while(prop->oids[++i].key_size != 0); + + return NULL; +} + +const static struct algo_oid_st aes_cbc_oids[] = { + {.key_size=16, + .oid = {{2,16,840,1,101,3,4,1,2}, 9}}, + {.key_size=24, + .oid = {{2,16,840,1,101,3,4,1,22}, 9}}, + {.key_size=32, + .oid = {{2,16,840,1,101,3,4,1,42}, 9}}, + {.key_size=0 } +}; + +const static struct algo_oid_st aes_ecb_oids[] = { + {.key_size=16, + .oid = {{2,16,840,1,101,3,4,1,1}, 9}}, + {.key_size=24, + .oid = {{2,16,840,1,101,3,4,1,21}, 9}}, + {.key_size=32, + .oid = {{2,16,840,1,101,3,4,1,41}, 9}}, + {.key_size=0 } +}; + +const static struct algo_oid_st des3_cbc_oids[] = { + {.key_size=-1, + .oid = {{1,2,840,113549,3,7}, 6}}, + {.key_size=0 } +}; + +/* http://www.oid-info.com/get/1.3.6.1.4.1.4929.1.7 + */ +const static struct algo_oid_st des3_ecb_oids[] = { + {.key_size=-1, + .oid = {{1,3,6,1,4,1,4929,1,7}, 9}}, + {.key_size=0 } +}; + +const static struct algo_oid_st camelia_cbc_oids[] = { + {.key_size=16, + .oid = {{1,2,392,200011,61,1,1,1,2}, 9}}, + {.key_size=24, + .oid = {{1,2,392,200011,61,1,1,1,3}, 9}}, + {.key_size=32, + .oid = {{1,2,392,200011,61,1,1,1,4}, 9}}, + {.key_size=0 } +}; + +const static struct algo_oid_st rsa_oid[] = { + {.key_size=-1, + .oid = {{1,2,840,113549,1,1,1}, 7}}, + {.key_size=0 } +}; + +const static struct algo_oid_st dsa_oid[] = { + {.key_size=-1, + .oid = {{1,2,840,10040,4,1}, 6}}, + {.key_size=0 } +}; + +const static struct algo_oid_st dh_oid[] = { + {.key_size=-1, + .oid = {{1,2,840,10046,2,1}, 6}}, + {.key_size=0 } +}; + +/* OIDs are used in cipher algorithms to distinguish keys on key wrapping. + */ + static const struct algo_properties_st algo_properties[] = { #define KSTR(x) .kstr = x, .kstr_len = sizeof(x) - 1 { .algo = NCR_ALG_NULL, KSTR("ecb(cipher_null)"), @@ -219,25 +302,28 @@ static const struct algo_properties_st algo_properties[] = { .key_type = NCR_KEY_TYPE_INVALID }, { .algo = NCR_ALG_3DES_CBC, KSTR("cbc(des3_ede)"), .needs_iv = 1, .is_symmetric=1, .can_encrypt=1, - .key_type = NCR_KEY_TYPE_SECRET }, - { KSTR("cbc(aes)"), + .key_type = NCR_KEY_TYPE_SECRET, .oids = des3_cbc_oids }, + { .algo = NCR_ALG_3DES_ECB, KSTR("ecb(des3_ede)"), + .needs_iv = 0, .is_symmetric=1, .can_encrypt=1, + .key_type = NCR_KEY_TYPE_SECRET, .oids = des3_ecb_oids }, + { .algo = NCR_ALG_AES_CBC, KSTR("cbc(aes)"), .needs_iv = 1, .is_symmetric=1, .can_encrypt=1, - .key_type = NCR_KEY_TYPE_SECRET }, - { KSTR("cbc(camelia)"), + .key_type = NCR_KEY_TYPE_SECRET, .oids = aes_cbc_oids }, + { .algo = NCR_ALG_CAMELIA_CBC, KSTR("cbc(camelia)"), .needs_iv = 1, .is_symmetric=1, .can_encrypt=1, - .key_type = NCR_KEY_TYPE_SECRET }, - { KSTR("ctr(aes)"), + .key_type = NCR_KEY_TYPE_SECRET, .oids = camelia_cbc_oids }, + { .algo = NCR_ALG_AES_CTR, KSTR("ctr(aes)"), .needs_iv = 1, .is_symmetric=1, .can_encrypt=1, - .key_type = NCR_KEY_TYPE_SECRET }, - { KSTR("ctr(camelia)"), + .key_type = NCR_KEY_TYPE_SECRET, /* FIXME: no OIDs */ }, + { .algo = NCR_ALG_CAMELIA_CTR, KSTR("ctr(camelia)"), .needs_iv = 1, .is_symmetric=1, .can_encrypt=1, - .key_type = NCR_KEY_TYPE_SECRET }, - { KSTR("ecb(aes)"), + .key_type = NCR_KEY_TYPE_SECRET, /* FIXME: no OIDs */ }, + { .algo = NCR_ALG_AES_ECB, KSTR("ecb(aes)"), .needs_iv = 0, .is_symmetric=1, .can_encrypt=1, - .key_type = NCR_KEY_TYPE_SECRET }, - { KSTR("ecb(camelia)"), + .key_type = NCR_KEY_TYPE_SECRET, .oids = aes_ecb_oids }, + { .algo = NCR_ALG_CAMELIA_ECB, KSTR("ecb(camelia)"), .needs_iv = 0, .is_symmetric=1, .can_encrypt=1, - .key_type = NCR_KEY_TYPE_SECRET }, + .key_type = NCR_KEY_TYPE_SECRET, /* FIXME: no OIDs */ }, { .algo = NCR_ALG_SHA1, KSTR("sha1"), .digest_size = 20, .can_digest=1, .key_type = NCR_KEY_TYPE_INVALID }, @@ -277,17 +363,20 @@ static const struct algo_properties_st algo_properties[] = { /* NOTE: These algorithm names are not available through the kernel API (yet). */ { .algo = NCR_ALG_RSA, KSTR("rsa"), .is_pk = 1, - .can_encrypt=1, .can_sign=1, .key_type = NCR_KEY_TYPE_PUBLIC }, + .can_encrypt=1, .can_sign=1, .key_type = NCR_KEY_TYPE_PUBLIC, + .oids = rsa_oid }, { .algo = NCR_ALG_RSA, KSTR(NCR_ALG_RSA_TRANSPARENT_HASH), .is_pk = 1, .can_encrypt=1, .can_sign=1, .has_transparent_hash = 1, - .key_type = NCR_KEY_TYPE_PUBLIC }, + .key_type = NCR_KEY_TYPE_PUBLIC, /* FIXME: no OIDs */ }, { .algo = NCR_ALG_DSA, KSTR("dsa"), .is_pk = 1, - .can_sign=1, .key_type = NCR_KEY_TYPE_PUBLIC }, + .can_sign=1, .key_type = NCR_KEY_TYPE_PUBLIC, + .oids = dsa_oid }, { .algo = NCR_ALG_DSA, KSTR(NCR_ALG_DSA_TRANSPARENT_HASH), .is_pk = 1, .can_sign=1, .has_transparent_hash = 1, - .key_type = NCR_KEY_TYPE_PUBLIC }, + .key_type = NCR_KEY_TYPE_PUBLIC, /* FIXME: no OIDs */ }, { .algo = NCR_ALG_DH, KSTR("dh"), .is_pk = 1, - .can_kx=1, .key_type = NCR_KEY_TYPE_PUBLIC }, + .can_kx=1, .key_type = NCR_KEY_TYPE_PUBLIC, + .oids = dh_oid }, #undef KSTR }; @@ -309,6 +398,43 @@ const struct algo_properties_st *_ncr_algo_to_properties(const char *algo) return NULL; } +static void print_oid(oid_st* oid) +{ +char txt[128]=""; +char tmp[64]; +int i; + + for (i=0;iOIDlen;i++) { + sprintf(tmp, "%d.", (int)oid->OID[i]); + strcat(txt, tmp); + } + + dprintk(1, KERN_DEBUG, "unknown oid: %s\n", txt); +} + +const struct algo_properties_st *_ncr_oid_to_properties(oid_st* oid) +{ + const struct algo_properties_st *a; + int i; + + for (a = algo_properties; + a < algo_properties + ARRAY_SIZE(algo_properties); a++) { + + i=0; + + if (a->oids == NULL) continue; + + do { + if (a->oids[i].oid.OIDlen == oid->OIDlen && + memcmp(oid->OID, a->oids[i].oid.OID, oid->OIDlen*sizeof(oid->OID[0]))==0) + return a; + } while(a->oids[++i].key_size != 0); + } + + print_oid(oid); + return NULL; +} + const struct algo_properties_st *_ncr_nla_to_properties(const struct nlattr *nla) { const struct algo_properties_st *a; -- cgit From 4834f6feca73429b093c98cdfa376f6d4c24a18d Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 5 Sep 2010 11:41:58 +0200 Subject: Added flag NCR_KEY_FLAG_HASHABLE and enforced it when reading a key for hashing. --- examples/ncr.c | 2 +- ncr-sessions.c | 6 ++++++ ncr.h | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/examples/ncr.c b/examples/ncr.c index 9691fea5dc1..468ffc08d28 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -1507,7 +1507,7 @@ test_ncr_hash_key(int cfd) kimport.type = NCR_KEY_TYPE_SECRET; kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; - kimport.flags = NCR_KEY_FLAG_EXPORTABLE; + kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_HASHABLE; kimport.algo_head.nla_len = NLA_HDRLEN + algo_size; kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; memcpy(kimport.algo, hash_vectors[0].algorithm, algo_size); diff --git a/ncr-sessions.c b/ncr-sessions.c index a7504b37f21..46266f26496 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -1301,6 +1301,12 @@ static int _ncr_session_update_key(struct ncr_lists *lists, ret = -EINVAL; goto fail; } + + if (!(key->flags & NCR_KEY_FLAG_HASHABLE)) { + err(); + ret = -EPERM; + goto fail; + } switch(sess->op) { case NCR_OP_ENCRYPT: diff --git a/ncr.h b/ncr.h index ce84f7a7f85..734382b43cf 100644 --- a/ncr.h +++ b/ncr.h @@ -106,6 +106,7 @@ typedef __s32 ncr_key_t; */ #define NCR_KEY_FLAG_WRAPPING (1<<6) #define NCR_KEY_FLAG_UNWRAPPING (1<<7) +#define NCR_KEY_FLAG_HASHABLE (1<<8) struct ncr_key_generate { __u32 input_size, output_size; -- cgit From 06074f69d4662868ab7fa381a59e5d8567f318eb Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 5 Sep 2010 11:56:54 +0200 Subject: Key wrapping is privileged. --- ncr-key-wrap.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/ncr-key-wrap.c b/ncr-key-wrap.c index 52dca51510c..a15d3710653 100644 --- a/ncr-key-wrap.c +++ b/ncr-key-wrap.c @@ -36,6 +36,12 @@ #define KEY_WRAP_VERSION 0 +/* To be further checked. If the current implemented key wrapping mechanism + * has no issues, it might be possible to relax the requirement for + * privileged key wrapping. + */ +#define KEY_WRAP_IS_PRIVILEGED + typedef uint8_t val64_t[8]; static const val64_t initA = "\xA6\xA6\xA6\xA6\xA6\xA6\xA6\xA6"; @@ -537,6 +543,13 @@ const void *iv; size_t data_size, iv_size; int ret; +#ifdef KEY_WRAP_IS_PRIVILEGED + if (current_euid() != 0) { + err(); + return -EPERM; + } +#endif + if (wrap->buffer_size < 0) { err(); return -EINVAL; @@ -640,6 +653,13 @@ void* data = NULL; size_t data_size; int ret; +#ifdef KEY_WRAP_IS_PRIVILEGED + if (current_euid() != 0) { + err(); + return -EPERM; + } +#endif + ret = ncr_key_item_get_write(&wkey, lst, wrap->dest_key); if (ret < 0) { err(); @@ -1014,6 +1034,14 @@ static int key_from_packed_data(struct nlattr *tb[], struct key_item_st *key, err(); return ret; } + + +#ifndef KEY_WRAP_IS_PRIVILEGED + /* Do not allow key unwrapping to result to exportable keys + */ + if (current_euid() != 0) + key->flags &= (~NCR_KEY_FLAG_EXPORTABLE); +#endif if (key->type == NCR_KEY_TYPE_SECRET) { if (data_size > NCR_CIPHER_MAX_KEY_LEN) { -- cgit From d1e7a8d480ccc2d0b2313cef22ccf80b4797d129 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 5 Sep 2010 12:21:11 +0200 Subject: DH key generation moved to a while loop... Just in case. --- ncr-dh.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/ncr-dh.c b/ncr-dh.c index bc45723fe3e..501eaa399cb 100644 --- a/ncr-dh.c +++ b/ncr-dh.c @@ -92,20 +92,22 @@ int dh_generate_key(dh_key * key) return -ENOMEM; } - get_random_bytes(buf, size); + do { + get_random_bytes(buf, size); - if ((err = mp_read_unsigned_bin(&key->x, buf, size)) != CRYPT_OK) { - err(); - ret = _ncr_tomerr(err); - goto fail; - } + if ((err = mp_read_unsigned_bin(&key->x, buf, size)) != CRYPT_OK) { + err(); + ret = _ncr_tomerr(err); + goto fail; + } - err = mp_mod(&key->x, &key->p, &key->x); - if (err != CRYPT_OK) { - err(); - ret = _ncr_tomerr(err); - goto fail; - } + err = mp_mod(&key->x, &key->p, &key->x); + if (err != CRYPT_OK) { + err(); + ret = _ncr_tomerr(err); + goto fail; + } + } while(mp_cmp_d(&key->x, 0) == MP_EQ || mp_cmp_d(&key->x, 1) == MP_EQ); key->type = PK_PRIVATE; -- cgit From 92e8d0fde0c62a55ff78275ce74883b61f5a3df2 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 5 Sep 2010 12:21:15 +0200 Subject: Run DH key exchange for 100 times for testing. --- examples/pk.c | 426 +++++++++++++++++++++++++++++++--------------------------- 1 file changed, 226 insertions(+), 200 deletions(-) diff --git a/examples/pk.c b/examples/pk.c index 5ccb73e5205..f307c6c7edb 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -331,7 +331,7 @@ struct __attribute__((packed)) { struct nlattr *nla; ncr_key_t private1, public1, public2, private2; ncr_key_t z1, z2; -int ret; +int ret, j; gnutls_datum g, p, params; gnutls_dh_params_t dhp; unsigned char y1[1024], y2[1024]; @@ -374,223 +374,249 @@ struct __attribute__((packed)) { return 1; } - /* generate a DH key */ - private1 = ioctl(cfd, NCRIO_KEY_INIT); - if (private1 == -1) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_INIT)"); - return 1; - } + for (j=0;j<100;j++) { + /* generate a DH key */ + private1 = ioctl(cfd, NCRIO_KEY_INIT); + if (private1 == -1) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_INIT)"); + return 1; + } - public1 = ioctl(cfd, NCRIO_KEY_INIT); - if (public1 == -1) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_INIT)"); - return 1; - } - - memset(&kgen.f, 0, sizeof(kgen.f)); - kgen.f.private_key = private1; - kgen.f.public_key = public1; - kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); - kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; - strcpy(kgen.algo, ALG_DH); - kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); - kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; - kgen.flags = NCR_KEY_FLAG_EXPORTABLE; - nla = (struct nlattr *)kgen.buffer; - nla->nla_len = NLA_HDRLEN + p.size; - nla->nla_type = NCR_ATTR_DH_PRIME; - memcpy((char *)nla + NLA_HDRLEN, p.data, p.size); - nla = (struct nlattr *)((char *)nla + NLA_ALIGN(nla->nla_len)); - nla->nla_len = NLA_HDRLEN + g.size; - nla->nla_type = NCR_ATTR_DH_BASE; - memcpy((char *)nla + NLA_HDRLEN, g.data, g.size); - nla = (struct nlattr *)((char *)nla + NLA_ALIGN(nla->nla_len)); - kgen.f.input_size = (char *)nla - (char *)&kgen; - assert(kgen.f.input_size <= sizeof(kgen)); + public1 = ioctl(cfd, NCRIO_KEY_INIT); + if (public1 == -1) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_INIT)"); + return 1; + } - if (ioctl(cfd, NCRIO_KEY_GENERATE_PAIR, &kgen)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_GENERATE_PAIR)"); - return 1; - } - - /* generate another DH key */ - private2 = ioctl(cfd, NCRIO_KEY_INIT); - if (private2 == -1) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_INIT)"); - return 1; - } + memset(&kgen.f, 0, sizeof(kgen.f)); + kgen.f.private_key = private1; + kgen.f.public_key = public1; + kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); + kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; + strcpy(kgen.algo, ALG_DH); + kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); + kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kgen.flags = NCR_KEY_FLAG_EXPORTABLE; + nla = (struct nlattr *)kgen.buffer; + nla->nla_len = NLA_HDRLEN + p.size; + nla->nla_type = NCR_ATTR_DH_PRIME; + memcpy((char *)nla + NLA_HDRLEN, p.data, p.size); + nla = (struct nlattr *)((char *)nla + NLA_ALIGN(nla->nla_len)); + nla->nla_len = NLA_HDRLEN + g.size; + nla->nla_type = NCR_ATTR_DH_BASE; + memcpy((char *)nla + NLA_HDRLEN, g.data, g.size); + nla = (struct nlattr *)((char *)nla + NLA_ALIGN(nla->nla_len)); + kgen.f.input_size = (char *)nla - (char *)&kgen; + assert(kgen.f.input_size <= sizeof(kgen)); - public2 = ioctl(cfd, NCRIO_KEY_INIT); - if (public2 == -1) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_INIT)"); - return 1; - } - - memset(&kgen.f, 0, sizeof(kgen.f)); - kgen.f.private_key = private2; - kgen.f.public_key = public2; - kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); - kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; - strcpy(kgen.algo, ALG_DH); - kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); - kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; - kgen.flags = NCR_KEY_FLAG_EXPORTABLE; - nla = (struct nlattr *)kgen.buffer; - nla->nla_len = NLA_HDRLEN + p.size; - nla->nla_type = NCR_ATTR_DH_PRIME; - memcpy((char *)nla + NLA_HDRLEN, p.data, p.size); - nla = (struct nlattr *)((char *)nla + NLA_ALIGN(nla->nla_len)); - nla->nla_len = NLA_HDRLEN + g.size; - nla->nla_type = NCR_ATTR_DH_BASE; - memcpy((char *)nla + NLA_HDRLEN, g.data, g.size); - nla = (struct nlattr *)((char *)nla + NLA_ALIGN(nla->nla_len)); - kgen.f.input_size = (char *)nla - (char *)&kgen; - assert(kgen.f.input_size <= sizeof(kgen)); + if (ioctl(cfd, NCRIO_KEY_GENERATE_PAIR, &kgen)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_GENERATE_PAIR)"); + return 1; + } + + /* generate another DH key */ + private2 = ioctl(cfd, NCRIO_KEY_INIT); + if (private2 == -1) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_INIT)"); + return 1; + } - if (ioctl(cfd, NCRIO_KEY_GENERATE_PAIR, &kgen)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_GENERATE_PAIR)"); - return 1; - } + public2 = ioctl(cfd, NCRIO_KEY_INIT); + if (public2 == -1) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_INIT)"); + return 1; + } + + memset(&kgen.f, 0, sizeof(kgen.f)); + kgen.f.private_key = private2; + kgen.f.public_key = public2; + kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); + kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; + strcpy(kgen.algo, ALG_DH); + kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); + kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kgen.flags = NCR_KEY_FLAG_EXPORTABLE; + nla = (struct nlattr *)kgen.buffer; + nla->nla_len = NLA_HDRLEN + p.size; + nla->nla_type = NCR_ATTR_DH_PRIME; + memcpy((char *)nla + NLA_HDRLEN, p.data, p.size); + nla = (struct nlattr *)((char *)nla + NLA_ALIGN(nla->nla_len)); + nla->nla_len = NLA_HDRLEN + g.size; + nla->nla_type = NCR_ATTR_DH_BASE; + memcpy((char *)nla + NLA_HDRLEN, g.data, g.size); + nla = (struct nlattr *)((char *)nla + NLA_ALIGN(nla->nla_len)); + kgen.f.input_size = (char *)nla - (char *)&kgen; + assert(kgen.f.input_size <= sizeof(kgen)); - /* export y1=g^x1 */ - memset(&kexport, 0, sizeof(kexport)); - kexport.key = public1; - kexport.buffer = y1; - kexport.buffer_size = sizeof(y1); + if (ioctl(cfd, NCRIO_KEY_GENERATE_PAIR, &kgen)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_GENERATE_PAIR)"); + return 1; + } - y1_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); - if (y1_size < 0) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_EXPORT)"); - return 1; - } + /* export y1=g^x1 */ + memset(&kexport, 0, sizeof(kexport)); + kexport.key = public1; + kexport.buffer = y1; + kexport.buffer_size = sizeof(y1); - /* export y2=g^x2 */ - memset(&kexport, 0, sizeof(kexport)); - kexport.key = public2; - kexport.buffer = y2; - kexport.buffer_size = sizeof(y2); + y1_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); + if (y1_size < 0) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_EXPORT)"); + return 1; + } - y2_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); - if (y2_size < 0) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_EXPORT)"); - return 1; - } - - /* z1=y1^x2 */ - z1 = ioctl(cfd, NCRIO_KEY_INIT); - if (z1 == -1) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_INIT)"); - return 1; - } + /* export y2=g^x2 */ + memset(&kexport, 0, sizeof(kexport)); + kexport.key = public2; + kexport.buffer = y2; + kexport.buffer_size = sizeof(y2); - memset(&kderive.f, 0, sizeof(kderive.f)); - kderive.f.input_key = private1; - kderive.f.new_key = z1; - kderive.algo_head.nla_len = NLA_HDRLEN + sizeof(kderive.algo); - kderive.algo_head.nla_type = NCR_ATTR_DERIVATION_ALGORITHM; - strcpy(kderive.algo, NCR_DERIVE_DH); - kderive.flags_head.nla_len = NLA_HDRLEN + sizeof(kderive.flags); - kderive.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; - kderive.flags = NCR_KEY_FLAG_EXPORTABLE; - kderive.public_head.nla_len = NLA_HDRLEN + y2_size; - kderive.public_head.nla_type = NCR_ATTR_DH_PUBLIC; - memcpy(kderive.public, y2, y2_size); - nla = (struct nlattr *)((char *)&kderive.public_head - + NLA_ALIGN(kderive.public_head.nla_len)); - kderive.f.input_size = (char *)nla - (char *)&kderive; - assert(kderive.f.input_size <= sizeof(kderive)); - - if (ioctl(cfd, NCRIO_KEY_DERIVE, &kderive)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_DERIVE)"); - return 1; - } - - /* z2=y2^x1 */ - z2 = ioctl(cfd, NCRIO_KEY_INIT); - if (z2 == -1) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_INIT)"); - return 1; - } + y2_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); + if (y2_size < 0) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_EXPORT)"); + return 1; + } + + /* z1=y1^x2 */ + z1 = ioctl(cfd, NCRIO_KEY_INIT); + if (z1 == -1) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_INIT)"); + return 1; + } - memset(&kderive.f, 0, sizeof(kderive.f)); - kderive.f.input_key = private2; - kderive.f.new_key = z2; - kderive.algo_head.nla_len = NLA_HDRLEN + sizeof(kderive.algo); - kderive.algo_head.nla_type = NCR_ATTR_DERIVATION_ALGORITHM; - strcpy(kderive.algo, NCR_DERIVE_DH); - kderive.flags_head.nla_len = NLA_HDRLEN + sizeof(kderive.flags); - kderive.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; - kderive.flags = NCR_KEY_FLAG_EXPORTABLE; - kderive.public_head.nla_len = NLA_HDRLEN + y2_size; - kderive.public_head.nla_type = NCR_ATTR_DH_PUBLIC; - memcpy(kderive.public, y1, y1_size); - nla = (struct nlattr *)((char *)&kderive.public_head - + NLA_ALIGN(kderive.public_head.nla_len)); - kderive.f.input_size = (char *)nla - (char *)&kderive; - assert(kderive.f.input_size <= sizeof(kderive)); - - if (ioctl(cfd, NCRIO_KEY_DERIVE, &kderive)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_DERIVE)"); - return 1; - } - - /* z1==z2 */ - memset(&kexport, 0, sizeof(kexport)); - kexport.key = z1; - kexport.buffer = y1; - kexport.buffer_size = sizeof(y1); + memset(&kderive.f, 0, sizeof(kderive.f)); + kderive.f.input_key = private1; + kderive.f.new_key = z1; + kderive.algo_head.nla_len = NLA_HDRLEN + sizeof(kderive.algo); + kderive.algo_head.nla_type = NCR_ATTR_DERIVATION_ALGORITHM; + strcpy(kderive.algo, NCR_DERIVE_DH); + kderive.flags_head.nla_len = NLA_HDRLEN + sizeof(kderive.flags); + kderive.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kderive.flags = NCR_KEY_FLAG_EXPORTABLE; + kderive.public_head.nla_len = NLA_HDRLEN + y2_size; + kderive.public_head.nla_type = NCR_ATTR_DH_PUBLIC; + memcpy(kderive.public, y2, y2_size); + nla = (struct nlattr *)((char *)&kderive.public_head + + NLA_ALIGN(kderive.public_head.nla_len)); + kderive.f.input_size = (char *)nla - (char *)&kderive; + assert(kderive.f.input_size <= sizeof(kderive)); + + if (ioctl(cfd, NCRIO_KEY_DERIVE, &kderive)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_DERIVE)"); + return 1; + } + + /* z2=y2^x1 */ + z2 = ioctl(cfd, NCRIO_KEY_INIT); + if (z2 == -1) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_INIT)"); + return 1; + } - y1_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); - if (y1_size < 0) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_EXPORT)"); - return 1; - } + memset(&kderive.f, 0, sizeof(kderive.f)); + kderive.f.input_key = private2; + kderive.f.new_key = z2; + kderive.algo_head.nla_len = NLA_HDRLEN + sizeof(kderive.algo); + kderive.algo_head.nla_type = NCR_ATTR_DERIVATION_ALGORITHM; + strcpy(kderive.algo, NCR_DERIVE_DH); + kderive.flags_head.nla_len = NLA_HDRLEN + sizeof(kderive.flags); + kderive.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kderive.flags = NCR_KEY_FLAG_EXPORTABLE; + kderive.public_head.nla_len = NLA_HDRLEN + y2_size; + kderive.public_head.nla_type = NCR_ATTR_DH_PUBLIC; + memcpy(kderive.public, y1, y1_size); + nla = (struct nlattr *)((char *)&kderive.public_head + + NLA_ALIGN(kderive.public_head.nla_len)); + kderive.f.input_size = (char *)nla - (char *)&kderive; + assert(kderive.f.input_size <= sizeof(kderive)); + + if (ioctl(cfd, NCRIO_KEY_DERIVE, &kderive)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_DERIVE)"); + return 1; + } + + /* z1==z2 */ + memset(&kexport, 0, sizeof(kexport)); + kexport.key = z1; + kexport.buffer = y1; + kexport.buffer_size = sizeof(y1); + + y1_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); + if (y1_size < 0) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_EXPORT)"); + return 1; + } - memset(&kexport, 0, sizeof(kexport)); - kexport.key = z2; - kexport.buffer = y2; - kexport.buffer_size = sizeof(y2); + memset(&kexport, 0, sizeof(kexport)); + kexport.key = z2; + kexport.buffer = y2; + kexport.buffer_size = sizeof(y2); - y2_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); - if (y2_size < 0) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_EXPORT)"); - return 1; - } - - if (y1_size == 0 || y1_size != y2_size || memcmp(y1, y2, y1_size) != 0) { - int i; + y2_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); + if (y2_size < 0) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_EXPORT)"); + return 1; + } + + if (y1_size == 0 || y1_size != y2_size || memcmp(y1, y2, y1_size) != 0) { + int i; - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - fprintf(stderr, "Output in DH does not match (%d, %d)!\n", - (int)y1_size, (int)y2_size); + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + fprintf(stderr, "Output in DH does not match (%d, %d)!\n", + (int)y1_size, (int)y2_size); - fprintf(stderr, "Key1[%d]: ", (int) y1_size); - for(i=0;i Date: Sun, 5 Sep 2010 13:29:00 +0200 Subject: 3DES-ECB has also effective key length of 112. --- ncr-key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ncr-key.c b/ncr-key.c index 406e03299c3..8e082d169a2 100644 --- a/ncr-key.c +++ b/ncr-key.c @@ -558,7 +558,7 @@ int bits; /* FIXME: should we move everything here into algorithm properties? */ if (item->type == NCR_KEY_TYPE_SECRET) { - if (item->algorithm->algo == NCR_ALG_3DES_CBC) + if (item->algorithm->algo == NCR_ALG_3DES_CBC || item->algorithm->algo == NCR_ALG_3DES_ECB) return 112; return item->key.secret.size*8; -- cgit From a33f87422c42e0d44ab080f0305c7ccf430ec4d0 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 5 Sep 2010 17:34:36 +0200 Subject: Added flag: NCR_KEY_FLAG_ALLOW_TRANSPARENT_HASH --- examples/pk.c | 4 ++-- ncr-int.h | 2 +- ncr-sessions.c | 22 ++++++++++++++++------ ncr.h | 1 + 4 files changed, 20 insertions(+), 9 deletions(-) diff --git a/examples/pk.c b/examples/pk.c index f307c6c7edb..c27ab2539c9 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -1440,7 +1440,7 @@ static int test_ncr_rsa(int cfd) strcpy(kgen.algo, ALG_RSA); kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; - kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; + kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE|NCR_KEY_FLAG_ALLOW_TRANSPARENT_HASH; kgen.bits_head.nla_len = NLA_HDRLEN + sizeof(kgen.bits); kgen.bits_head.nla_type = NCR_ATTR_RSA_MODULUS_BITS; kgen.bits = 1024; @@ -1580,7 +1580,7 @@ static int test_ncr_dsa(int cfd) strcpy(kgen.algo, ALG_DSA); kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; - kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; + kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE|NCR_KEY_FLAG_ALLOW_TRANSPARENT_HASH; kgen.q_bits_head.nla_len = NLA_HDRLEN + sizeof(kgen.q_bits); kgen.q_bits_head.nla_type = NCR_ATTR_DSA_Q_BITS; kgen.q_bits = 160; diff --git a/ncr-int.h b/ncr-int.h index c413f846bb6..5f4dced284f 100644 --- a/ncr-int.h +++ b/ncr-int.h @@ -21,7 +21,7 @@ struct ncr_out; // Not all known algorithms - only for quick internal identification. Note // that more than one struct algo_properties_st may share the same enum value! enum ncr_algorithm { - NCR_ALG_NONE__, + NCR_ALG_NONE, NCR_ALG_NULL, NCR_ALG_3DES_CBC, diff --git a/ncr-sessions.c b/ncr-sessions.c index 46266f26496..bf7c5fa4e45 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -365,18 +365,20 @@ static const struct algo_properties_st algo_properties[] = { { .algo = NCR_ALG_RSA, KSTR("rsa"), .is_pk = 1, .can_encrypt=1, .can_sign=1, .key_type = NCR_KEY_TYPE_PUBLIC, .oids = rsa_oid }, - { .algo = NCR_ALG_RSA, KSTR(NCR_ALG_RSA_TRANSPARENT_HASH), .is_pk = 1, - .can_encrypt=1, .can_sign=1, .has_transparent_hash = 1, - .key_type = NCR_KEY_TYPE_PUBLIC, /* FIXME: no OIDs */ }, { .algo = NCR_ALG_DSA, KSTR("dsa"), .is_pk = 1, .can_sign=1, .key_type = NCR_KEY_TYPE_PUBLIC, .oids = dsa_oid }, - { .algo = NCR_ALG_DSA, KSTR(NCR_ALG_DSA_TRANSPARENT_HASH), .is_pk = 1, - .can_sign=1, .has_transparent_hash = 1, - .key_type = NCR_KEY_TYPE_PUBLIC, /* FIXME: no OIDs */ }, { .algo = NCR_ALG_DH, KSTR("dh"), .is_pk = 1, .can_kx=1, .key_type = NCR_KEY_TYPE_PUBLIC, .oids = dh_oid }, + + { .algo = NCR_ALG_DSA, KSTR(NCR_ALG_DSA_TRANSPARENT_HASH), .is_pk = 1, + .can_sign=1, .has_transparent_hash = 1, + .key_type = NCR_KEY_TYPE_PUBLIC, .oids = rsa_oid }, + { .algo = NCR_ALG_RSA, KSTR(NCR_ALG_RSA_TRANSPARENT_HASH), .is_pk = 1, + .can_encrypt=1, .can_sign=1, .has_transparent_hash = 1, + .key_type = NCR_KEY_TYPE_PUBLIC, .oids = dsa_oid }, + #undef KSTR }; @@ -726,6 +728,14 @@ static struct session_item_st *_ncr_session_init(struct ncr_lists *lists, } if (ns->algorithm->has_transparent_hash) { + /* transparent hash has to be allowed by the key + */ + if (!(ns->key->flags & NCR_KEY_FLAG_ALLOW_TRANSPARENT_HASH)) { + err(); + ret = -EPERM; + goto fail; + } + ns->transparent_hash = kzalloc(ns->hash.digestsize, GFP_KERNEL); if (ns->transparent_hash == NULL) { err(); diff --git a/ncr.h b/ncr.h index 734382b43cf..e4500b9c0d7 100644 --- a/ncr.h +++ b/ncr.h @@ -107,6 +107,7 @@ typedef __s32 ncr_key_t; #define NCR_KEY_FLAG_WRAPPING (1<<6) #define NCR_KEY_FLAG_UNWRAPPING (1<<7) #define NCR_KEY_FLAG_HASHABLE (1<<8) +#define NCR_KEY_FLAG_ALLOW_TRANSPARENT_HASH (1<<9) struct ncr_key_generate { __u32 input_size, output_size; -- cgit From c5fb18ff697aefb156dfebe87ded77a9e1371c45 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 5 Sep 2010 17:49:48 +0200 Subject: Use the ncr_algorithm_t as an identifier for storage data. This will allow keys tied to RSA-transparent, to be used for RSA operations as well (once keys are made tied to an algorithm). --- ncr-int.h | 12 ++++++------ ncr-key-storage.c | 10 +++++----- ncr-pk.c | 2 +- ncr-sessions.c | 7 ++----- 4 files changed, 14 insertions(+), 17 deletions(-) diff --git a/ncr-int.h b/ncr-int.h index 5f4dced284f..400cf7e5218 100644 --- a/ncr-int.h +++ b/ncr-int.h @@ -20,7 +20,7 @@ struct ncr_out; // Not all known algorithms - only for quick internal identification. Note // that more than one struct algo_properties_st may share the same enum value! -enum ncr_algorithm { +typedef enum { NCR_ALG_NONE, NCR_ALG_NULL, @@ -35,17 +35,17 @@ enum ncr_algorithm { NCR_ALG_CAMELIA_CBC, NCR_ALG_CAMELIA_CTR, - NCR_ALG_MD5=60, + NCR_ALG_MD5=200, NCR_ALG_SHA1, NCR_ALG_SHA2_224, NCR_ALG_SHA2_256, NCR_ALG_SHA2_384, NCR_ALG_SHA2_512, - NCR_ALG_RSA=120, + NCR_ALG_RSA=600, NCR_ALG_DSA, NCR_ALG_DH, -}; +} ncr_algorithm_t; struct algo_oid_st { oid_st oid; @@ -53,7 +53,7 @@ struct algo_oid_st { }; struct algo_properties_st { - enum ncr_algorithm algo; + ncr_algorithm_t algo; const char *kstr; size_t kstr_len; unsigned needs_iv:1; @@ -204,7 +204,7 @@ int key_to_storage_data( uint8_t** data, size_t * data_size, const struct key_it /* misc helper macros */ -const struct algo_properties_st *_ncr_algo_to_properties(const char *algo); +const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo); const struct algo_properties_st *_ncr_nla_to_properties(const struct nlattr *nla); int _ncr_key_get_sec_level(struct key_item_st* item); const struct algo_properties_st *_ncr_oid_to_properties(oid_st* oid); diff --git a/ncr-key-storage.c b/ncr-key-storage.c index 9afa2dc0411..bc64131ea82 100644 --- a/ncr-key-storage.c +++ b/ncr-key-storage.c @@ -35,7 +35,7 @@ struct packed_key { uint32_t version; uint8_t type; uint32_t flags; - uint8_t algorithm[32]; /* NUL-terminated */ + uint32_t algorithm; uint8_t key_id[MAX_KEY_ID_SIZE]; uint8_t key_id_size; @@ -43,7 +43,7 @@ struct packed_key { uint32_t raw_size; } __attribute__((__packed__)); -#define THIS_VERSION 1 +#define THIS_VERSION 2 int key_to_storage_data( uint8_t** sdata, size_t * sdata_size, const struct key_item_st *key) { @@ -59,8 +59,9 @@ int key_to_storage_data( uint8_t** sdata, size_t * sdata_size, const struct key_ pkey->version = THIS_VERSION; pkey->type = key->type; pkey->flags = key->flags; - BUG_ON(strlen(key->algorithm->kstr) > sizeof(pkey->algorithm) - 1); - strcpy(pkey->algorithm, key->algorithm->kstr); + + pkey->algorithm = key->algorithm->algo; + pkey->key_id_size = key->key_id_size; memcpy(pkey->key_id, key->key_id, key->key_id_size); @@ -96,7 +97,6 @@ int key_from_storage_data(struct key_item_st* key, const void* data, size_t data int ret; if (data_size != sizeof(*pkey) || pkey->version != THIS_VERSION - || memchr(pkey->algorithm, '\0', sizeof(pkey->algorithm)) == NULL || pkey->key_id_size > MAX_KEY_ID_SIZE) { err(); return -EINVAL; diff --git a/ncr-pk.c b/ncr-pk.c index 9b9078efe38..904e8d65ace 100644 --- a/ncr-pk.c +++ b/ncr-pk.c @@ -123,7 +123,7 @@ static int ncr_pk_make_public_and_id( struct key_item_st * private, struct key_i } key_id_size = MAX_KEY_ID_SIZE; - cret = hash_memory(_ncr_algo_to_properties("sha1"), tmp, max_size, + cret = hash_memory(_ncr_algo_to_properties(NCR_ALG_SHA1), tmp, max_size, private->key_id, &key_id_size); if (cret != CRYPT_OK) { err(); diff --git a/ncr-sessions.c b/ncr-sessions.c index bf7c5fa4e45..cb18853d974 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -384,16 +384,13 @@ static const struct algo_properties_st algo_properties[] = { /* The lookups by string are inefficient - can we look up all we need from crypto API? */ -const struct algo_properties_st *_ncr_algo_to_properties(const char *algo) +const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo) { const struct algo_properties_st *a; - size_t name_len; - name_len = strlen(algo); for (a = algo_properties; a < algo_properties + ARRAY_SIZE(algo_properties); a++) { - if (a->kstr_len == name_len - && memcmp(a->kstr, algo, name_len) == 0) + if (a->algo == algo) return a; } -- cgit