abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-13 08:23:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

first commit, SM2-DSA only

Browse Source
This commit is contained in:
Zhi Guan
2014-12-01 10:40:26 +08:00
commit 57954c4567
2230 changed files with 569407 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
crypto/modes/Makefile Normal file
View File

@@ -0,0 +1,82 @@
#
# OpenSSL/crypto/modes/Makefile
#
DIR= modes
TOP= ../..
CC= cc
INCLUDES= -I.. -I$(TOP) -I../../include
CFLAG=-g
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c
LIBOBJ= cbc128.o ctr128.o cts128.o cfb128.o ofb128.o
SRC= $(LIBSRC)
#EXHEADER= store.h str_compat.h
EXHEADER= modes.h
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
tags:
ctags $(SRC)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
cbc128.o: cbc128.c modes.h
cfb128.o: cfb128.c modes.h
ctr128.o: ctr128.c modes.h
cts128.o: cts128.c modes.h
ofb128.o: modes.h ofb128.c

206
crypto/modes/cbc128.c Normal file
View File

@@ -0,0 +1,206 @@
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include "modes.h"
#include <string.h>
#ifndef MODES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
#define STRICT_ALIGNMENT 1
#if defined(__i386) || defined(__i386__) || \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
defined(__s390__) || defined(__s390x__)
# undef STRICT_ALIGNMENT
# define STRICT_ALIGNMENT 0
#endif
void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], block128_f block)
{
size_t n;
const unsigned char *iv = ivec;
assert(in && out && key && ivec);
#if !defined(OPENSSL_SMALL_FOOTPRINT)
if (STRICT_ALIGNMENT &&
((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
while (len>=16) {
for(n=0; n<16; ++n)
out[n] = in[n] ^ iv[n];
(*block)(out, out, key);
iv = out;
len -= 16;
in += 16;
out += 16;
}
} else {
while (len>=16) {
for(n=0; n<16; n+=sizeof(size_t))
*(size_t*)(out+n) =
*(size_t*)(in+n) ^ *(size_t*)(iv+n);
(*block)(out, out, key);
iv = out;
len -= 16;
in += 16;
out += 16;
}
}
#endif
while (len) {
for(n=0; n<16 && n<len; ++n)
out[n] = in[n] ^ iv[n];
for(; n<16; ++n)
out[n] = iv[n];
(*block)(out, out, key);
iv = out;
if (len<=16) break;
len -= 16;
in += 16;
out += 16;
}
memcpy(ivec,iv,16);
}
void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], block128_f block)
{
size_t n;
union { size_t align; unsigned char c[16]; } tmp;
assert(in && out && key && ivec);
#if !defined(OPENSSL_SMALL_FOOTPRINT)
if (in != out) {
const unsigned char *iv = ivec;
if (STRICT_ALIGNMENT &&
((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
while (len>=16) {
(*block)(in, out, key);
for(n=0; n<16; ++n)
out[n] ^= iv[n];
iv = in;
len -= 16;
in += 16;
out += 16;
}
}
else {
while (len>=16) {
(*block)(in, out, key);
for(n=0; n<16; n+=sizeof(size_t))
*(size_t *)(out+n) ^= *(size_t *)(iv+n);
iv = in;
len -= 16;
in += 16;
out += 16;
}
}
memcpy(ivec,iv,16);
} else {
if (STRICT_ALIGNMENT &&
((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
unsigned char c;
while (len>=16) {
(*block)(in, tmp.c, key);
for(n=0; n<16; ++n) {
c = in[n];
out[n] = tmp.c[n] ^ ivec[n];
ivec[n] = c;
}
len -= 16;
in += 16;
out += 16;
}
}
else {
size_t c;
while (len>=16) {
(*block)(in, tmp.c, key);
for(n=0; n<16; n+=sizeof(size_t)) {
c = *(size_t *)(in+n);
*(size_t *)(out+n) =
*(size_t *)(tmp.c+n) ^ *(size_t *)(ivec+n);
*(size_t *)(ivec+n) = c;
}
len -= 16;
in += 16;
out += 16;
}
}
}
#endif
while (len) {
unsigned char c;
(*block)(in, tmp.c, key);
for(n=0; n<16 && n<len; ++n) {
c = in[n];
out[n] = tmp.c[n] ^ ivec[n];
ivec[n] = c;
}
if (len<=16) {
for (; n<16; ++n)
ivec[n] = in[n];
break;
}
len -= 16;
in += 16;
out += 16;
}
}

249
crypto/modes/cfb128.c Normal file
View File

@@ -0,0 +1,249 @@
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include "modes.h"
#include <string.h>
#ifndef MODES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
#define STRICT_ALIGNMENT
#if defined(__i386) || defined(__i386__) || \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
defined(__s390__) || defined(__s390x__)
# undef STRICT_ALIGNMENT
#endif
/* The input and output encrypted as though 128bit cfb mode is being
* used. The extra state information to record how much of the
* 128bit block we have used is contained in *num;
*/
void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], int *num,
int enc, block128_f block)
{
unsigned int n;
size_t l = 0;
assert(in && out && key && ivec && num);
n = *num;
if (enc) {
#if !defined(OPENSSL_SMALL_FOOTPRINT)
if (16%sizeof(size_t) == 0) do { /* always true actually */
while (n && len) {
*(out++) = ivec[n] ^= *(in++);
--len;
n = (n+1) % 16;
}
#if defined(STRICT_ALIGNMENT)
if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
break;
#endif
while (len>=16) {
(*block)(ivec, ivec, key);
for (; n<16; n+=sizeof(size_t)) {
*(size_t*)(out+n) =
*(size_t*)(ivec+n) ^= *(size_t*)(in+n);
}
len -= 16;
out += 16;
in += 16;
n = 0;
}
if (len) {
(*block)(ivec, ivec, key);
while (len--) {
out[n] = ivec[n] ^= in[n];
++n;
}
}
*num = n;
return;
} while (0);
/* the rest would be commonly eliminated by x86* compiler */
#endif
while (l<len) {
if (n == 0) {
(*block)(ivec, ivec, key);
}
out[l] = ivec[n] ^= in[l];
++l;
n = (n+1) % 16;
}
*num = n;
} else {
#if !defined(OPENSSL_SMALL_FOOTPRINT)
if (16%sizeof(size_t) == 0) do { /* always true actually */
while (n && len) {
unsigned char c;
*(out++) = ivec[n] ^ (c = *(in++)); ivec[n] = c;
--len;
n = (n+1) % 16;
}
#if defined(STRICT_ALIGNMENT)
if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
break;
#endif
while (len>=16) {
(*block)(ivec, ivec, key);
for (; n<16; n+=sizeof(size_t)) {
size_t t = *(size_t*)(in+n);
*(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t;
*(size_t*)(ivec+n) = t;
}
len -= 16;
out += 16;
in += 16;
n = 0;
}
if (len) {
(*block)(ivec, ivec, key);
while (len--) {
unsigned char c;
out[n] = ivec[n] ^ (c = in[n]); ivec[n] = c;
++n;
}
}
*num = n;
return;
} while (0);
/* the rest would be commonly eliminated by x86* compiler */
#endif
while (l<len) {
unsigned char c;
if (n == 0) {
(*block)(ivec, ivec, key);
}
out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c;
++l;
n = (n+1) % 16;
}
*num=n;
}
}
/* This expects a single block of size nbits for both in and out. Note that
it corrupts any extra bits in the last byte of out */
static void cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
int nbits,const void *key,
unsigned char ivec[16],int enc,
block128_f block)
{
int n,rem,num;
unsigned char ovec[16*2 + 1]; /* +1 because we dererefence (but don't use) one byte off the end */
if (nbits<=0 || nbits>128) return;
/* fill in the first half of the new IV with the current IV */
memcpy(ovec,ivec,16);
/* construct the new IV */
(*block)(ivec,ivec,key);
num = (nbits+7)/8;
if (enc) /* encrypt the input */
for(n=0 ; n < num ; ++n)
out[n] = (ovec[16+n] = in[n] ^ ivec[n]);
else /* decrypt the input */
for(n=0 ; n < num ; ++n)
out[n] = (ovec[16+n] = in[n]) ^ ivec[n];
/* shift ovec left... */
rem = nbits%8;
num = nbits/8;
if(rem==0)
memcpy(ivec,ovec+num,16);
else
for(n=0 ; n < 16 ; ++n)
ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
/* it is not necessary to cleanse ovec, since the IV is not secret */
}
/* N.B. This expects the input to be packed, MS bit first */
void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
size_t bits, const void *key,
unsigned char ivec[16], int *num,
int enc, block128_f block)
{
size_t n;
unsigned char c[1],d[1];
assert(in && out && key && ivec && num);
assert(*num == 0);
for(n=0 ; n<bits ; ++n)
{
c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
cfbr_encrypt_block(c,d,1,key,ivec,enc,block);
out[n/8]=(out[n/8]&~(1 << (unsigned int)(7-n%8))) |
((d[0]&0x80) >> (unsigned int)(n%8));
}
}
void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const void *key,
unsigned char ivec[16], int *num,
int enc, block128_f block)
{
size_t n;
assert(in && out && key && ivec && num);
assert(*num == 0);
for(n=0 ; n<length ; ++n)
cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc,block);
}

184
crypto/modes/ctr128.c Normal file
View File

@@ -0,0 +1,184 @@
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include "modes.h"
#include <string.h>
#ifndef MODES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
typedef unsigned int u32;
typedef unsigned char u8;
#define STRICT_ALIGNMENT
#if defined(__i386) || defined(__i386__) || \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
defined(__s390__) || defined(__s390x__)
# undef STRICT_ALIGNMENT
#endif
/* NOTE: the IV/counter CTR mode is big-endian. The code itself
* is endian-neutral. */
/* increment counter (128-bit int) by 1 */
static void ctr128_inc(unsigned char *counter) {
u32 n=16;
u8 c;
do {
--n;
c = counter[n];
++c;
counter[n] = c;
if (c) return;
} while (n);
}
#if !defined(OPENSSL_SMALL_FOOTPRINT)
static void ctr128_inc_aligned(unsigned char *counter) {
size_t *data,c,n;
const union { long one; char little; } is_endian = {1};
if (is_endian.little) {
ctr128_inc(counter);
return;
}
data = (size_t *)counter;
n = 16/sizeof(size_t);
do {
--n;
c = data[n];
++c;
data[n] = c;
if (c) return;
} while (n);
}
#endif
/* The input encrypted as though 128bit counter mode is being
* used. The extra state information to record how much of the
* 128bit block we have used is contained in *num, and the
* encrypted counter is kept in ecount_buf. Both *num and
* ecount_buf must be initialised with zeros before the first
* call to CRYPTO_ctr128_encrypt().
*
* This algorithm assumes that the counter is in the x lower bits
* of the IV (ivec), and that the application has full control over
* overflow and the rest of the IV. This implementation takes NO
* responsability for checking that the counter doesn't overflow
* into the rest of the IV when incremented.
*/
void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], unsigned char ecount_buf[16],
unsigned int *num, block128_f block)
{
unsigned int n;
size_t l=0;
assert(in && out && key && ecount_buf && num);
assert(*num < 16);
n = *num;
#if !defined(OPENSSL_SMALL_FOOTPRINT)
if (16%sizeof(size_t) == 0) do { /* always true actually */
while (n && len) {
*(out++) = *(in++) ^ ecount_buf[n];
--len;
n = (n+1) % 16;
}
#if defined(STRICT_ALIGNMENT)
if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
break;
#endif
while (len>=16) {
(*block)(ivec, ecount_buf, key);
ctr128_inc_aligned(ivec);
for (; n<16; n+=sizeof(size_t))
*(size_t *)(out+n) =
*(size_t *)(in+n) ^ *(size_t *)(ecount_buf+n);
len -= 16;
out += 16;
in += 16;
n = 0;
}
if (len) {
(*block)(ivec, ecount_buf, key);
ctr128_inc_aligned(ivec);
while (len--) {
out[n] = in[n] ^ ecount_buf[n];
++n;
}
}
*num = n;
return;
} while(0);
/* the rest would be commonly eliminated by x86* compiler */
#endif
while (l<len) {
if (n==0) {
(*block)(ivec, ecount_buf, key);
ctr128_inc(ivec);
}
out[l] = in[l] ^ ecount_buf[n];
++l;
n = (n+1) % 16;
}
*num=n;
}

259
crypto/modes/cts128.c Normal file
View File

@@ -0,0 +1,259 @@
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
*
* Rights for redistribution and usage in source and binary
* forms are granted according to the OpenSSL license.
*/
#include "modes.h"
#include <string.h>
#ifndef MODES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
/*
* Trouble with Ciphertext Stealing, CTS, mode is that there is no
* common official specification, but couple of cipher/application
* specific ones: RFC2040 and RFC3962. Then there is 'Proposal to
* Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which
* deviates from mentioned RFCs. Most notably it allows input to be
* of block length and it doesn't flip the order of the last two
* blocks. CTS is being discussed even in ECB context, but it's not
* adopted for any known application. This implementation complies
* with mentioned RFCs and [as such] extends CBC mode.
*/
size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], block128_f block)
{ size_t residue, n;
assert (in && out && key && ivec);
if (len <= 16) return 0;
if ((residue=len%16) == 0) residue = 16;
len -= residue;
CRYPTO_cbc128_encrypt(in,out,len,key,ivec,block);
in += len;
out += len;
for (n=0; n<residue; ++n)
ivec[n] ^= in[n];
(*block)(ivec,ivec,key);
memcpy(out,out-16,residue);
memcpy(out-16,ivec,16);
return len+residue;
}
size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], cbc128_f cbc)
{ size_t residue;
union { size_t align; unsigned char c[16]; } tmp;
assert (in && out && key && ivec);
if (len <= 16) return 0;
if ((residue=len%16) == 0) residue = 16;
len -= residue;
(*cbc)(in,out,len,key,ivec,1);
in += len;
out += len;
#if defined(CBC_HANDLES_TRUNCATED_IO)
memcpy(tmp.c,out-16,16);
(*cbc)(in,out-16,residue,key,ivec,1);
memcpy(out,tmp.c,residue);
#else
{
size_t n;
for (n=0; n<16; n+=sizeof(size_t))
*(size_t *)(tmp.c+n) = 0;
memcpy(tmp.c,in,residue);
}
memcpy(out,out-16,residue);
(*cbc)(tmp.c,out-16,16,key,ivec,1);
#endif
return len+residue;
}
size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], block128_f block)
{ size_t residue, n;
union { size_t align; unsigned char c[32]; } tmp;
assert (in && out && key && ivec);
if (len<=16) return 0;
if ((residue=len%16) == 0) residue = 16;
len -= 16+residue;
if (len) {
CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block);
in += len;
out += len;
}
(*block)(in,tmp.c+16,key);
for (n=0; n<16; n+=sizeof(size_t))
*(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n);
memcpy(tmp.c,in+16,residue);
(*block)(tmp.c,tmp.c,key);
for(n=0; n<16; ++n) {
unsigned char c = in[n];
out[n] = tmp.c[n] ^ ivec[n];
ivec[n] = c;
}
for(residue+=16; n<residue; ++n)
out[n] = tmp.c[n] ^ in[n];
return len+residue-16;
}
size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], cbc128_f cbc)
{ size_t residue, n;
union { size_t align; unsigned char c[32]; } tmp;
assert (in && out && key && ivec);
if (len<=16) return 0;
if ((residue=len%16) == 0) residue = 16;
len -= 16+residue;
if (len) {
(*cbc)(in,out,len,key,ivec,0);
in += len;
out += len;
}
for (n=16; n<32; n+=sizeof(size_t))
*(size_t *)(tmp.c+n) = 0;
/* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
(*cbc)(in,tmp.c,16,key,tmp.c+16,0);
memcpy(tmp.c,in+16,residue);
#if defined(CBC_HANDLES_TRUNCATED_IO)
(*cbc)(tmp.c,out,16+residue,key,ivec,0);
#else
(*cbc)(tmp.c,tmp.c,32,key,ivec,0);
memcpy(out,tmp.c,16+residue);
#endif
return len+residue;
}
#if defined(SELFTEST)
#include <stdio.h>
#include <openssl/aes.h>
/* test vectors from RFC 3962 */
static const unsigned char test_key[16] = "chicken teriyaki";
static const unsigned char test_input[64] =
"I would like the" " General Gau's C"
"hicken, please, " "and wonton soup.";
static const unsigned char test_iv[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
static const unsigned char vector_17[17] =
{0xc6,0x35,0x35,0x68,0xf2,0xbf,0x8c,0xb4, 0xd8,0xa5,0x80,0x36,0x2d,0xa7,0xff,0x7f,
0x97};
static const unsigned char vector_31[31] =
{0xfc,0x00,0x78,0x3e,0x0e,0xfd,0xb2,0xc1, 0xd4,0x45,0xd4,0xc8,0xef,0xf7,0xed,0x22,
0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5};
static const unsigned char vector_32[32] =
{0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8,
0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84};
static const unsigned char vector_47[47] =
{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84,
0xb3,0xff,0xfd,0x94,0x0c,0x16,0xa1,0x8c, 0x1b,0x55,0x49,0xd2,0xf8,0x38,0x02,0x9e,
0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5};
static const unsigned char vector_48[48] =
{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84,
0x9d,0xad,0x8b,0xbb,0x96,0xc4,0xcd,0xc0, 0x3b,0xc1,0x03,0xe1,0xa1,0x94,0xbb,0xd8,
0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8};
static const unsigned char vector_64[64] =
{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84,
0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8,
0x48,0x07,0xef,0xe8,0x36,0xee,0x89,0xa5, 0x26,0x73,0x0d,0xbc,0x2f,0x7b,0xc8,0x40,
0x9d,0xad,0x8b,0xbb,0x96,0xc4,0xcd,0xc0, 0x3b,0xc1,0x03,0xe1,0xa1,0x94,0xbb,0xd8};
static AES_KEY encks, decks;
void test_vector(const unsigned char *vector,size_t len)
{ unsigned char cleartext[64];
unsigned char iv[sizeof(test_iv)];
unsigned char ciphertext[64];
size_t tail;
printf("vector_%d\n",len); fflush(stdout);
if ((tail=len%16) == 0) tail = 16;
tail += 16;
/* test block-based encryption */
memcpy(iv,test_iv,sizeof(test_iv));
CRYPTO_cts128_encrypt_block(test_input,ciphertext,len,&encks,iv,(block128_f)AES_encrypt);
if (memcmp(ciphertext,vector,len))
fprintf(stderr,"output_%d mismatch\n",len), exit(1);
if (memcmp(iv,vector+len-tail,sizeof(iv)))
fprintf(stderr,"iv_%d mismatch\n",len), exit(1);
/* test block-based decryption */
memcpy(iv,test_iv,sizeof(test_iv));
CRYPTO_cts128_decrypt_block(ciphertext,cleartext,len,&decks,iv,(block128_f)AES_decrypt);
if (memcmp(cleartext,test_input,len))
fprintf(stderr,"input_%d mismatch\n",len), exit(2);
if (memcmp(iv,vector+len-tail,sizeof(iv)))
fprintf(stderr,"iv_%d mismatch\n",len), exit(2);
/* test streamed encryption */
memcpy(iv,test_iv,sizeof(test_iv));
CRYPTO_cts128_encrypt(test_input,ciphertext,len,&encks,iv,(cbc128_f)AES_cbc_encrypt);
if (memcmp(ciphertext,vector,len))
fprintf(stderr,"output_%d mismatch\n",len), exit(3);
if (memcmp(iv,vector+len-tail,sizeof(iv)))
fprintf(stderr,"iv_%d mismatch\n",len), exit(3);
/* test streamed decryption */
memcpy(iv,test_iv,sizeof(test_iv));
CRYPTO_cts128_decrypt(ciphertext,cleartext,len,&decks,iv,(cbc128_f)AES_cbc_encrypt);
if (memcmp(cleartext,test_input,len))
fprintf(stderr,"input_%d mismatch\n",len), exit(4);
if (memcmp(iv,vector+len-tail,sizeof(iv)))
fprintf(stderr,"iv_%d mismatch\n",len), exit(4);
}
main()
{
AES_set_encrypt_key(test_key,128,&encks);
AES_set_decrypt_key(test_key,128,&decks);
test_vector(vector_17,sizeof(vector_17));
test_vector(vector_31,sizeof(vector_31));
test_vector(vector_32,sizeof(vector_32));
test_vector(vector_47,sizeof(vector_47));
test_vector(vector_48,sizeof(vector_48));
test_vector(vector_64,sizeof(vector_64));
exit(0);
}
#endif

59
crypto/modes/modes.h Normal file
View File

@@ -0,0 +1,59 @@
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
*
* Rights for redistribution and usage in source and binary
* forms are granted according to the OpenSSL license.
*/
#include <stddef.h>
typedef void (*block128_f)(const unsigned char in[16],
unsigned char out[16],
const void *key);
typedef void (*cbc128_f)(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], int enc);
void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], block128_f block);
void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], block128_f block);
void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], unsigned char ecount_buf[16],
unsigned int *num, block128_f block);
void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], int *num,
block128_f block);
void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], int *num,
int enc, block128_f block);
void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const void *key,
unsigned char ivec[16], int *num,
int enc, block128_f block);
void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
size_t bits, const void *key,
unsigned char ivec[16], int *num,
int enc, block128_f block);
size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], block128_f block);
size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], cbc128_f cbc);
size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], block128_f block);
size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], cbc128_f cbc);

128
crypto/modes/ofb128.c Normal file
View File

@@ -0,0 +1,128 @@
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include "modes.h"
#include <string.h>
#ifndef MODES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
#define STRICT_ALIGNMENT
#if defined(__i386) || defined(__i386__) || \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
defined(__s390__) || defined(__s390x__)
# undef STRICT_ALIGNMENT
#endif
/* The input and output encrypted as though 128bit ofb mode is being
* used. The extra state information to record how much of the
* 128bit block we have used is contained in *num;
*/
void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], int *num,
block128_f block)
{
unsigned int n;
size_t l=0;
assert(in && out && key && ivec && num);
n = *num;
#if !defined(OPENSSL_SMALL_FOOTPRINT)
if (16%sizeof(size_t) == 0) do { /* always true actually */
while (n && len) {
*(out++) = *(in++) ^ ivec[n];
--len;
n = (n+1) % 16;
}
#if defined(STRICT_ALIGNMENT)
if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
break;
#endif
while (len>=16) {
(*block)(ivec, ivec, key);
for (; n<16; n+=sizeof(size_t))
*(size_t*)(out+n) =
*(size_t*)(in+n) ^ *(size_t*)(ivec+n);
len -= 16;
out += 16;
in += 16;
n = 0;
}
if (len) {
(*block)(ivec, ivec, key);
while (len--) {
out[n] = in[n] ^ ivec[n];
++n;
}
}
*num = n;
return;
} while(0);
/* the rest would be commonly eliminated by x86* compiler */
#endif
while (l<len) {
if (n==0) {
(*block)(ivec, ivec, key);
}
out[l] = in[l] ^ ivec[n];
++l;
n = (n+1) % 16;
}
*num=n;
}