aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher
diff options
context:
space:
mode:
Diffstat (limited to 'linden/indra/libgcrypt/libgcrypt-1.2.2/cipher')
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ChangeLog2890
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.am73
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.in554
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Manifest73
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ac.c1396
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/arcfour.c156
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/bithelp.h54
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/blowfish.c606
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cast5.c620
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cipher.c1397
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/crc.c295
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/des.c1111
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/dsa.c486
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/elgamal.c682
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md.c1254
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md4.c327
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md5.c354
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/primegen.c1028
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/pubkey.c2360
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rand-internal.h41
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.c1186
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.h42
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rfc2268.c345
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rijndael.c2275
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd.h36
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd160.c569
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndegd.c256
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndlinux.c141
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndunix.c848
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndw32.c690
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rsa.c632
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/serpent.c978
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha1.c368
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha256.c310
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha512.c400
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/tiger.c850
-rwxr-xr-xlinden/indra/libgcrypt/libgcrypt-1.2.2/cipher/twofish.c1040
37 files changed, 26723 insertions, 0 deletions
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ChangeLog b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ChangeLog
new file mode 100755
index 0000000..c93f0f7
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ChangeLog
@@ -0,0 +1,2890 @@
12005-09-13 Werner Koch <wk@g10code.com>
2
3 * random.c (gcry_create_nonce): Detect a fork and re-seed.
4 (read_pool): Fixed the fork detection; it used to work only for
5 multi-threaded processes.
6
72005-06-16 Werner Koch <wk@g10code.com>
8
9 * cipher.c (gcry_cipher_register): Changed arg ALGORITHM_ID
10 from unsigned int * to int*.
11 * rmd160.c (_gcry_rmd160_mixblock): Applied cast.
12 * tiger.c (round): Renamed to R to avoid conflict with builtin.
13 * crc.c (crc32_write): Applied cast.
14 * dsa.c (gen_k): Made RNDBUF unsigned.
15 * elgamal.c (gen_k): Ditto.
16 * blowfish.c (selftest): Added cast to constants.
17 * random.c (rndpool, keypool): Made unsigned.
18 (mix_pool): Changed char* to unsigned char*.
19 * md.c (gcry_md_ctl): Use cast to fix signed/unsigned mismatch.
20 * primegen.c (prime_generate_internal): Ditto.
21 (is_prime): Made COUNT unsigned.
22
232005-06-15 Werner Koch <wk@g10code.com>
24
25 * cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt): Changed OUT
26 and IN to void*.
27
28 * md.c (gcry_md_ctl): Changed arg BUFFER to void*.
29 * random.c (gcry_randomize): Ditto.
30 (gcry_create_nonce): Ditto.
31
322005-04-16 Moritz Schulte <moritz@g10code.com>
33
34 * ac.c (_gcry_ac_init): New function.
35 Replace strdup calls with calls to gcry_strdup.
36
372005-03-23 Werner Koch <wk@g10code.com>
38
39 * rndw32.c (_gcry_rndw32_gather_random_fast): While adding data
40 use the size of the object and not the one of its address. Bug
41 reported by Sascha Kiefer.
42
432005-03-19 Moritz Schulte <moritz@g10code.com>
44
45 * cipher.c (do_cbc_encrypt): Be careful to not overwrite data,
46 which is to be used later on. This happend, in case CTS is
47 enabled and OUTBUF is equal to INBUF.
48
492005-03-19 Moritz Schulte <moritz@g10code.com>
50
51 * ac.c (gcry_ac_data_copy_internal): Use gcry_strdup instead of
52 strdup.
53 (gcry_ac_data_set): Likewise.
54 (gcry_ac_data_get_index): Likewise.
55
562005-02-25 Werner Koch <wk@g10code.com>
57
58 * pubkey.c (gcry_pk_get_keygrip): Allow for shadowed-private-key.
59
602005-01-05 Werner Koch <wk@g10code.com>
61
62 * serpent.c: s/u32_t/u32/ and s/byte_t/byte/. Too match what we
63 have always used and are using in all other files too.
64
652004-12-09 Werner Koch <wk@g10code.com>
66
67 * serpent.c (serpent_test): Moved prototype out of a fucntion.
68
692004-09-17 Moritz Schulte <moritz@g10code.com>
70
71 * serpent.c: Use "u32_t" instead of "unsigned long", do not
72 declare S-Box variables as "register". Fixes failure on
73 OpenBSD/sparc64, reported by Nikolay Sturm.
74
752004-09-16 Moritz Schulte <moritz@g10code.com>
76
77 * pubkey.c (pubkey_table): Added an alias entry for GCRY_PK_ELG_E;
78 merged from HEAD.
79
802004-09-15 Werner Koch <wk@g10code.de>
81
82 * random.c (read_pool): Fixed dropping of the volatile warning when
83 passing MY_PID to add_random.
84
85 * pubkey.c (sexp_data_to_mpi): Fixed syntax error. Aiih committing
86 changes without compiling is a real brown paper bag bug.
87
882004-08-19 Werner Koch <wk@g10code.de>
89
90 * pubkey.c (sexp_data_to_mpi): Changed the zero random byte
91 substituting code to actually do clever things. Thanks to
92 Matthias Urlichs for noting the implementation problem.
93
942004-08-09 Moritz Schulte <moritz@g10code.com>
95
96 * pubkey.c (gcry_pk_sign): Fixed memory leak; fix provided by
97 Modestas Vainius.
98
992004-07-16 Werner Koch <wk@gnupg.org>
100
101 * rijndael.c (do_encrypt): Fix alignment problem. Bugs found by
102 Matthias Urlichs.
103 (do_decrypt): Ditto.
104 (keySched, keySched2): Use 2 macros along with unions in the key
105 schedule context.
106
1072004-07-14 Moritz Schulte <moritz@g10code.com>
108
109 * rsa.c (_gcry_rsa_decrypt): Don't forget to free "a". Thanks to
110 Nikos Mavroyanopoulos.
111
1122004-05-09 Werner Koch <wk@gnupg.org>
113
114 * random.c (read_pool): Mix the PID in to better protect after a
115 fork.
116
1172004-07-04 Moritz Schulte <moritz@g10code.com>
118
119 * serpent.c: Use "u32_t" instead of "unsigned long", do not
120 declare S-Box variables as "register". Fixes failure on
121 OpenBSD/sparc64, reported by Nikolay Sturm.
122
1232004-05-07 Werner Koch <wk@gnupg.org>
124
125 * random.c (initialize): Factored out some code to ..
126 (initialize_basics): .. new function.
127 (_gcry_random_initialize): Just call initialize_basics unless the
128 new arg FULL is set to TRUE.
129 (_gcry_fast_random_poll): Don't do anything unless the random
130 system has been really initialized.
131
1322004-05-07 Moritz Schulte <moritz@g10code.de>
133
134 * ac.c (gcry_ac_open): Do not dereference NULL pointer. Reported
135 by Umberto Salsi.
136
1372004-02-20 Werner Koch <wk@gnupg.org>
138
139 * primegen.c (check_prime): New args CB_FUNC and CB_ARG; call them
140 at different stages. Pass these arguments through all callers.
141
1422004-02-06 Werner Koch <wk@gnupg.org>
143
144 * des.c: Add a new OID as used by pkcs#12.
145
146 * rfc2268.c: New. Taken from libgcrypt.
147 * cipher.c: Setup the rfc2268 algorithm.
148
1492004-01-25 Moritz Schulte <mo@g10code.com>
150
151 * primegen.c (prime_generate_internal): Do not forget to free
152 `q_factor'; fixed by Brieuc Jeunhomme.
153 (prime_generate_internal): Do not forget to free `prime'.
154
1552004-01-14 Moritz Schulte <mo@g10code.com>
156
157 * ac.c (gcry_ac_data_set): New argument: flags; slightly
158 rewritten.
159 (gcry_ac_data_get_name, gcry_ac_data_get_index): Likewise.
160 (gcry_ac_key_pair_generate): New argument: misc_data; modified
161 order of arguments.
162 (gcry_ac_key_test): New argument: handle.
163 (gcry_ac_key_get_nbits, gcry_ac_key_get_grip): Likewise.
164 Use GCRY_AC_FLAG_NO_BLINDING instead of
165 GCRY_AC_DATA_FLAG_NO_BLINDING.
166 (gcry_ac_mpi): New member: flags.
167 (gcry_ac_data_search, gcry_ac_data_add): Removed functions.
168
1692003-12-22 Werner Koch <wk@gnupg.org>
170
171 * primegen.c (is_prime): Release A2.
172
1732003-12-19 Werner Koch <wk@gnupg.org>
174
175 * md.c: Moved a couple of functions down below the data structure
176 definitions.
177 (struct gcry_md_context): New field ACTUAL_HANDLE_SIZE.
178 (md_open): Set it here.
179 (strcut gcry_md_list): New field ACTUAL_STRUCT_SIZE.
180 (md_enable): Set it here.
181 (md_close): Wipe the context memory.
182 secure memory.
183 * cipher.c (struct gcry_cipher_handle): New field ACTUAL_HANDLE_SIZE.
184 (gcry_cipher_open): Set it here.
185 (gcry_cipher_close): Use it to always wipe out the handle data.
186
187 * ac.c (gcry_ac_open): Make sure HANDLE gets initialized even when
188 the function is not successful.
189 (gcry_ac_close): Allow a NULL handle.
190 (gcry_ac_key_destroy, gcry_ac_key_pair_destroy): Ditto.
191 (gcry_ac_key_get_grip): Return INV_OBJ on error.
192
193 * primegen.c (prime_generate_internal): Fixed error code for
194 failed malloc. Replaced the !err if chain by gotos.
195 (gcry_prime_group_generator): Remove the extra sanity check.
196
197 * md.c: Minor code and comment cleanups.
198
1992003-12-16 Werner Koch <wk@gnupg.org>
200
201 * primegen.c (gen_prime): Doc fix. Thanks to Newton Hammet.
202
2032003-12-11 Werner Koch <wk@gnupg.org>
204
205 * rndunix.c (slow_poll): Don't use #warning but #error.
206
207 * rndegd.c: Changed indentation.
208 (my_make_filename): Removd the var_arg cruft becuase we
209 don't need it here. Changed caller.
210
211 * rndlinux.c: Changed indentation.
212 (open_device): Remove the superfluous stat call and clarify
213 comment.
214
215 * rsa.c: Changed indentation.
216 (secret): Use the standard algorithm if p, q and u are not
217 available.
218 (rsa_blind, rsa_unblind): Renamed from _gcry_rsa_blind,
219 _gcry_rsa_unblind and moved more to the top.
220
221 * md4.c: Changed indentation. Removed unnecessary casts.
222 * md5.c, rmd160.c, sha1.c, tiger.c: Ditto.
223 * rijndael.c, twofish.c: Ditto.
224 * serpent.c: Removed unnecessary casts.
225 * sha256.c, sha512.c: Ditto.
226
2272003-12-09 Werner Koch <wk@gnupg.org>
228
229 * dsa.c: Unified indentation style.
230 * elgamal.c: Ditto.
231 * des.c (des_key_schedule): Code beautifications.
232 * blowfish.c: Changed indentation style.
233 * cast5.c (do_cast_setkey): Ditto.
234
235 * pubkey.c (gcry_pk_encrypt): Replaced the chain of if(!err) tests
236 by straightforward gotos. Other cleanups.
237 (gcry_pk_decrypt): Ditto.
238 (gcry_pk_sign): Ditto.
239 (gcry_pk_verify): Ditto.
240 (gcry_pk_genkey): Ditto. Use strtoul instead of strtol.
241 (gcry_pk_ctl): Use GPG_ERR_INV_ARG to indicate bad arguments.
242
2432003-12-07 Werner Koch <wk@gnupg.org>
244
245 * pubkey.c (gcry_pk_register_default): Undef the helper macro.
246 (gcry_pk_map_name): Allow NULL for string.
247 (sexp_to_key): Use memcpy and not strncpy. Use gcry_free and not
248 free.
249 (sexp_to_sig): Ditto.
250 (sexp_to_enc): Ditto. Replaced the chain of if(!err) tests by
251 straightforward gotos.
252
2532003-12-05 Werner Koch <wk@gnupg.org>
254
255 * cipher.c: Documentation cleanups.
256 (gcry_cipher_mode_from_oid): Allow NULL for STRING.
257
2582003-12-03 Werner Koch <wk@gnupg.org>
259
260 * elgamal.c (sign, do_encrypt, gen_k): Make sure that a small K is
261 only used for encryption.
262
2632003-11-18 Werner Koch <wk@gnupg.org>
264
265 * random.h (rndw32_set_dll_name): Removed unused prototype.
266
267 * Makefile.am (EXTRA_DIST): Added Manifest.
268
2692003-11-11 Werner Koch <wk@gnupg.org>
270
271 * Manifest: New.
272
2732003-11-04 Werner Koch <wk@gnupg.org>
274
275 * md.c (gcry_md_hash_buffer): Use shortcut for SHA1
276 * sha1.c (_gcry_sha1_hash_buffer): New.
277
278 * random.c: Reformatted most functions.
279 (mix_pool): Moved the failsafe_digest from global
280 scope to here.
281 (do_fast_random_poll): Use the generic fucntions even if a fast
282 gathering function has been used.
283 (read_pool): Detect a fork and retry.
284 (gcry_randomize, get_random_bytes): Don't distinguish anymore
285 between weak and strong random.
286 (gcry_create_nonce): New.
287
2882003-10-31 Werner Koch <wk@gnupg.org>
289
290 * rndw32.c (slow_gatherer_windowsNT): Use a plain buffer for the
291 disk performance values and not the W32 API structure.
292
293 * dsa.c (verify): s/exp/ex/ due to shadowing of a builtin.
294 * elgamal.c (verify): Ditto.
295
296 * ac.c (gcry_ac_data_get_index): s/index/idx/
297 (gcry_ac_data_copy_internal): Remove the cast in _gcry_malloc.
298 (gcry_ac_data_add): Must use gcry_realloc instead of realloc.
299 * pubkey.c (sexp_elements_extract): s/index/idx/ as tribute to the
300 forehackers.
301 (gcry_pk_encrypt): Removed shadowed definition of I. Reordered
302 arguments to malloc for clarity.
303 (gcry_pk_sign, gcry_pk_genkey): Ditto.
304 * primegen.c (prime_generate_internal): s/random/randomlevel/.
305
3062003-10-27 Moritz Schulte <mo@g10code.com>
307
308 * pubkey.c (gcry_pk_encrypt): Don't forget to deallocate pkey.
309
3102003-10-27 Werner Koch <wk@gnupg.org>
311
312 * random.c (gcry_random_add_bytes): Return if buflen is zero to
313 avoid gcc warning about unsed parameter.
314 (MASK_LEVEL): Simplified; does now work for signed and unsigned
315 w/o warnings.
316
317 * md.c (md_start_debug): Removed the const from SUFFIX, because
318 this function is called from the control fucntion which does not
319 require const.
320
321 Prefixed all (pubkey,digest,cipher}_spec_* globale variables with
322 _gcry_.
323
324 * ac.c (ac_key_identifiers): Made static.
325
326 * random.c (getfnc_gather_random,getfnc_fast_random_poll): Move
327 prototypes to ..
328 * rand-internal.h: .. here
329 * random.c (getfnc_gather_random): Include rndw32 gatherer.
330 * rndunix.c, rndw32.c, rndegd.c: Include them here.
331 * rndlinux.c (_gcry_rndlinux_gather_random): Prepend the _gcry_
332 prefix. Changed all callers.
333 * rndegd.c (_gcry_rndegd_gather_random): Likewise.
334 (_gcry_rndegd_connect_socket): Likewise.
335 * rndunix.c (_gcry_rndunix_gather_random): Likewise.
336 (waitpid): Made static.
337 * rndw32.c: Removed the old and unused winseed.dll cruft.
338 (_gcry_rndw32_gather_random_fast): Renamed from
339 gather_random_fast.
340 (_gcry_rndw32_gather_random): Renamed from gather_random. Note,
341 that the changes 2003-04-08 somehow got lost.
342
343 * sha512.c (sha512_init, sha384_init): Made static.
344
345 * cipher.c (do_ctr_decrypt): Removed "return" from this void
346 function.
347
3482003-10-24 Moritz Schulte <mo@g10code.com>
349
350 * serpent.c: Fix an issue on big-endian systems.
351
352 * rndw32.c: Removed IS_MODULE -cruft.
353 * rndlinux.c (rndlinux_gather_random): Likewise.
354
3552003-10-10 Werner Koch <wk@gnupg.org>
356
357 * primegen.c (gen_prime): Bail out if NBITS is less than 16.
358 (prime_generate_internal): Initialize prime variable to suppress
359 compiler warning. Check pbits, initialize qbits when passed as
360 zero.
361
362 * primegen.c (prime_generate_internal): New arg
363 ALL_FACTORS. Changed all callers.
364 (gcry_prime_generate): Make the factors arg optional. Request
365 all_factors. Make sure PRIME is set to NULL even on error.
366 (gcry_prime_group_generator): New.
367 (gcry_prime_release_factors): New.
368
3692003-10-06 Werner Koch <wk@gnupg.org>
370
371 * primegen.c (gen_prime): Assert that NBITS is never zero, it
372 would cause a segv.
373
3742003-09-28 Moritz Schulte <mo@g10code.com>
375
376 * ac.c: Include "cipher.h".
377
3782003-09-27 Moritz Schulte <mo@g10code.com>
379
380 * rndegd.c (do_read): Return nread instead of nbytes; thanks to
381 Michael Caerwyn.
382
3832003-09-04 Werner Koch <wk@gnupg.org>
384
385 * pubkey.c (_gcry_pk_aliased_algo_name): New.
386 * ac.c (gcry_ac_open): Use it here.
387
388 * Makefile.am (EXTRA_libcipher_la_SOURCES): Add serpent.c
389
3902003-09-02 Moritz Schulte <mo@g10code.com>
391
392 * primegen.c (gcry_prime_check, gcry_prime_generate): New
393 functions.
394 (prime_generate_internal): New function, based on
395 _gcry_generate_elg_prime.
396 (_gcry_generate_elg_prime): Rewritten as a wrapper for
397 prime_generate_internal.
398
3992003-08-28 Werner Koch <wk@gnupg.org>
400
401 * pubkey.c (gcry_pk_encrypt): Don't include the flags list in the
402 return value. This does not make sense and breaks any programs
403 parsing the output strictly (e.g. current gpgsm).
404 (gcry_pk_encrypt): If aliases for the algorithm name exists, take
405 the first one instead of the regular name to adhere to SPKI
406 conventions.
407 (gcry_pk_genkey): Ditto.
408 (gcry_pk_sign): Ditto. Removed unused KEY_ALGO_NAME.
409
4102003-08-19 Moritz Schulte <mo@g10code.com>
411
412 * cipher.c: Add support for Serpent
413 * serpent.c: New file.
414
4152003-08-10 Moritz Schulte <moritz@g10code.com>
416
417 * rsa.c (_gcry_rsa_blind, _gcry_rsa_unblind): Declare static.
418
4192003-08-09 Timo Schulz <twoaday@freakmail.de>
420
421 * random.c (getfnc_gather_random): Don't check NAME_OF_DEV_RANDOM
422 two times, but also the NAME_OF_DEV_URANDOM device.
423
4242003-08-08 Moritz Schulte <moritz@g10code.com>
425
426 * pubkey.c (sexp_to_enc): Fixed extraction of S-Expression: do not
427 fail if no `flags' sub S-Expression is found.
428
4292003-07-27 Werner Koch <wk@gnupg.org>
430
431 * md.c (gcry_md_lookup_func_oid): Allow for empty OID lists.
432
4332003-07-23 Moritz Schulte <moritz@g10code.com>
434
435 * ac.c (gcry_ac_data_construct): New argument: include_flags, only
436 include `flags' S-expression, if include_flags is true. Adjust
437 callers. Thanks for triggering a bug caused by `flags'
438 sub-S-expression where they are not expected to Ralf Schneider.
439
4402003-07-21 Moritz Schulte <moritz@g10code.com>
441
442 * pubkey.c (gcry_pk_lookup_func_name): Use new member name
443 `aliases' instead of `sexp_names'.
444
445 * ac.c (gcry_ac_key_data_get): New function.
446
447 * cipher.c (gcry_cipher_lookup_func_name): Fix return value.
448
4492003-07-20 Moritz Schulte <moritz@g10code.com>
450
451 * blowfish.c: Adjusted for new gcry_cipher_spec_t structure.
452 * cast5.c: Likewise.
453 * twofish.c: Likewise.
454 * arcfour.c: Likewise.
455 * rijndael.c (rijndael_oids, rijndael192_oids, rijndael256_oids):
456 New variables, adjust for new gcry_cipher_spec_t structure.
457 * des.c (oids_tripledes): New variable, adjust for new
458 gcry_cipher_spec_t structure.
459
460 * md.c (oid_table): Removed.
461
462 * tiger.c (oid_spec_tiger): New variable.
463 (digest_spec_tiger): Adjusted for new gry_md_spec_t structure.
464
465 * sha512.c (oid_spec_sha512): New variable.
466 (digest_spec_sha512): Adjusted for new gry_md_spec_t structure.
467
468 * sha512.c (oid_spec_sha384): New variable.
469 (digest_spec_sha384): Adjusted for new gry_md_spec_t structure.
470
471 * sha256.c (oid_spec_sha256): New variable.
472 (digest_spec_sha256): Adjusted for new gry_md_spec_t structure.
473
474 * sha1.c (oid_spec_sha1): New variable.
475 (digest_spec_sha1): Adjusted for new gry_md_spec_t structure.
476
477 * rmd160.c (oid_spec_rmd160): New variable.
478 (digest_spec_rnd160): Adjusted for new gry_md_spec_t structure.
479
480 * md5.c (oid_spec_md5): New variable.
481 (digest_spec_md5): Adjusted for new gry_md_spec_t structure.
482
483 * md4.c (oid_spec_md4): New variable.
484 (digest_spec_md4): Adjusted for new gry_md_spec_t structure.
485
486 * crc.c (digest_spec_crc32, digest_spec_crc32_rfc1510,
487 digest_spec_crc32_rfc2440): Adjusted for new gry_md_spec_t
488 structure.
489
4902003-07-19 Moritz Schulte <moritz@g10code.com>
491
492 * md.c (gcry_md_lookup_func_oid): New function.
493 (search_oid): New function, copied from cipher.c.
494 (gcry_md_map_name): Adjust for new search_oid_interface.
495
496 * cipher.c (oid_table): Removed table.
497 (gcry_cipher_lookup_func_oid): New function.
498 (search_oid): Rewritten to use the module functions.
499 (gcry_cipher_map_name): Adjust for new search_oid interface.
500 (gcry_cipher_mode_from_oid): Likewise.
501
5022003-07-18 Werner Koch <wk@gnupg.org>
503
504 * md.c (gcry_md_hash_buffer): Convert ERR to gpg_error_t in
505 gpg_strerror.
506
5072003-07-14 Moritz Schulte <moritz@g10code.com>
508
509 * cipher.c (gcry_cipher_lookup_func_name): Also check the cipher
510 name aliases, not just the primary name.
511 (gcry_cipher_map_name): Remove kludge for aliasing Rijndael to
512 AES.
513
514 * arcfour.c, blowfish.c, cast5.c, des.c, twofish.c: Adjust cipher
515 specification structures.
516
517 * rijndael.c (rijndael_names, rijndael192_names,
518 rijndael256_names): New variables, use them in the cipher
519 specifications.
520
521 * rmd160test.c: Removed file.
522
523 * ac.c, arcfour.c, blowfish.c, cast5.c, cipher.c, des.c, dsa.c,
524 elgamal.c, md.c, pubkey.c, random.c, rijndael.c, rsa.c, twofish.c:
525 Used gcry_err* wrappers for libgpg symbols.
526
527 * primegen.c (gen_prime): Correct the order arguments to
528 extra_check.
529
5302003-07-12 Moritz Schulte <moritz@g10code.com>
531
532 * ac.c: Replaced all public occurences of gpg_error_t with
533 gcry_error_t.
534 * cipher.c: Likewise.
535 * md.c: Likewise.
536 * pubkey.c: Likewise.
537 * random.c: Likewise.
538
539 * cipher.c: Added support for TWOFISH128.
540
5412003-07-08 Moritz Schulte <moritz@g10code.com>
542
543 * ac.c (gcry_ac_data_copy_internal): New function, based on
544 gcry_ac_data_copy.
545 (gcry_ac_data_copy): Made public, use gcry_ac_data_copy_internal.
546 (gcry_ac_key_init): Use gcry_ac_data_copy_internal.
547
5482003-07-07 Moritz Schulte <moritz@g10code.com>
549
550 * ac.c (gcry_ac_data_set): Only release old MPI value if it is
551 different from the new value. Bug reported by Simon Josefsson
552 <jas@extundo.com>.
553
554 * pubkey.c (gcry_pk_list): New function.
555 * md.c (gcry_md_list): New function.
556
557 * ac.c (gcry_ac_key_pair_generate): Fix calculation of format
558 string size.
559
5602003-07-05 Moritz Schulte <moritz@g10code.com>
561
562 * md.c: Named struct of digest_table `digest_table_entry'.
563 (digest_table_entry): New member: algorithm; filled in.
564 (digest_table_entry): Removed unused member: flags.
565 (gcry_md_register): New argument: algorithm_id, filled in.
566 (gcry_md_register_default): Used algorithm ID from module
567 structure.
568 (gcry_md_map_name): Likewise.
569 (md_enable): Likewise.
570 (md_read): Likewise.
571 (gcry_md_info): Likewise.
572
573 * pubkey.c: Named truct for pubkey_table `pubkey_table_entry'.
574 (pubkey_table_entry): New member: algorithm; filled in.
575 (gcry_pk_register_default): Used algorithm ID from pubkey_table.
576 (gcry_pk_register): New argument: algorithm_id, filled in.
577 (gcry_pk_map_name): Used algorithm ID from module structure.
578 (gcry_pk_decrypt): Likewise.
579 (gcry_pk_encrypt): Likewise.
580 (gcry_pk_verify): Likewise.
581 (gcry_pk_sign): Likewise.
582 (gcry_pk_testkey): Likewise.
583 (gcry_pk_genkey): Likewise.
584 (gcry_pk_get_nbits): Likewise.
585 (sexp_to_key): Removed unused variable: algo.
586 (sexp_to_sig): Likewise.
587
588 * cipher.c: Named struct for cipher_table `cipher_table_entry'.
589 (cipher_table_entry): New member: algorithm; filled in.
590 (gcry_cipher_register_default): Used algorithm ID from
591 cipher_table.
592 (gcry_cipher_register): New argument: algorithm_id, filled in.
593 (gcry_cipher_map_name): Used algorithm ID from module structure.
594
595 * arcfour.c (cipher_spec_arcfour): Removed algorithm ID.
596 * blowfish.c (cipher_spec_blowfish): Likewise.
597 * cast5.c (cipher_spec_cast5): Likewise.
598 * crc.c (digest_spec_crc32): Likewise.
599 * crc.c (digest_spec_crc32_rfc1510): Likewise.
600 * crc.c (digest_spec_crc32_rfc2440): Likewise.
601 * des.c (cipher_spec_des): Likewise.
602 * des.c (cipher_spec_tripledes): Likewise.
603 * dsa.c (pubkey_spec_dsa): Likewise.
604 * elgamal.c (pubkey_spec_elg): Likewise.
605 * md4.c (digest_spec_md4): Likewise.
606 * md5.c (digest_spec_md5): Likewise.
607 * aes.c (cipher_spec_aes): Likewise.
608 * aes.c (cipher_spec_aes192): Likewise.
609 * aes.c (cipher_spec_aes256): Likewise.
610 * rsa.c (pubkey_spec_rsa): Likewise.
611 * sha1.c (digest_spec_sha1): Likewise.
612 * sha256.c (digest_spec_sha256): Likewise.
613 * sha512.c (digest_spec_sha512): Likewise.
614 * tiger.c (digest_spec_tiger): Likewise.
615 * twofish.c (cipher_spec_twofish): Likewise.
616 * twofish.c (cipher_spec_twofish128): Likewise.
617
618 * Makefile.am (EXTRA_libcipher_la_SOURCES): Fix list of source
619 files; reported by Simon Josefsson <jas@extundo.com>.
620
621 * pubkey.c: Replaced all occurences of `id' with `algorithm',
622 since `id' is a keyword in obj-c.
623 * md.c: Likewise.
624 * cipher.c: Likewise.
625
626 * crc.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, tiger.c:
627 Replaced all occurences of gcry_digest_spec_t with gcry_md_spec_t.
628
629 * dsa.c, rsa.c, elgamal.c: Replaced all occurencens of
630 gcry_pubkey_spec_t with gcry_pk_spec_t.
631
632 * md.c: Replaced all occurences of gcry_digest_spec_t with
633 gcry_md_spec_t.
634 (gcry_digest_register_default): Renamed to ...
635 (gcry_md_register_default): ... this; adjusted callers.
636 (gcry_digest_lookup_func_name): Renamed to ...
637 (gcry_md_lookup_func_name): ... this; adjusted callers.
638 (gcry_digest_lookup_name): Renamed to ...
639 (gcry_md_lookup_name): ... this; adjusted callers.
640 (gcry_digest_register): Renamed to ...
641 (gcry_md_register): ... this.
642 (gcry_digest_unregister): Renamed to ...
643 (gcry_md_unregister): ... this.
644
645 * pubkey.c (gcry_pubkey_register): Renamed to ...
646 (gcry_pk_register): ... this.
647 (gcry_pubkey_unregister): Renamed to ...
648 (gcry_pk_unregister): ... this.
649 Replaced all occurences of gcry_pubkey_spec_t with gcry_pk_spec_t.
650 (gcry_pubkey_register_default): Renamed to ...
651 (gcry_pk_register_default): ... this; adjusted callers.
652 (gcry_pubkey_lookup_func_name): Renamed to ...
653 (gcry_pk_lookup_func_name): ... this; adjusted callers.
654 (gcry_pubkey_lookup_name): Renamed to ...
655 (gcry_pk_lookup_name): ... this; adjusted callers.
656
657 * md.c (gcry_md_hash_buffer): Fix error checking. Thanks to Simon
658 Josefsson <jas@extunde.com>.
659
6602003-07-04 Moritz Schulte <moritz@g10code.com>
661
662 * cipher.c (gcry_cipher_list): New function.
663
6642003-07-01 Moritz Schulte <moritz@g10code.com>
665
666 * pubkey.c (sexp_to_sig): Accept a `flags' S-expression to be more
667 consistent with sexp_to_enc.
668
6692003-06-30 Moritz Schulte <moritz@g10code.com>
670
671 * Makefile.am (libcipher_la_SOURCES): Added: ac.c.
672
673 * pubkey.c (_gcry_pk_module_lookup): New function.
674 (_gcry_pk_module_release): New function.
675
6762003-06-29 Moritz Schulte <moritz@g10code.com>
677
678 * ac.c: New file.
679
6802003-06-26 Werner Koch <wk@gnupg.org>
681
682 * md.c (gcry_md_hash_buffer): Trigger BUG correcly with new API.
683
6842003-06-19 Werner Koch <wk@gnupg.org>
685
686 * md.c (gcry_md_is_enabled): Fixed.
687
6882003-06-18 Werner Koch <wk@gnupg.org>
689
690 * cipher.c (gcry_cipher_get_algo_keylen): New.
691 (gcry_cipher_get_algo_blklen): New.
692
6932003-06-18 Moritz Schulte <moritz@g10code.com>
694
695 * arcfour.c, cipher.c, blowfish.c, md.c, cast5.c, pubkey.c, crc.c,
696 des.c, dsa.c, elgamal.c, md4.c, md5.c, random.c, rijndael.c,
697 rmd160.c, rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c:
698 Replaced older types GcryDigestSpec, GcryCipherSpec and
699 GcryPubkeySpec with newer types: gcry_digest_spec_t,
700 gcry_cipher_spec_t and gcry_pubkey_spec_t.
701
702 * md.c (gcry_digest_id_new): Removed function.
703 (gcry_digest_register): Removed code for generating a new module
704 ID.
705
706 * pubkey.c (gcry_pubkey_id_new): Removed function.
707 (gcry_pubkey_register): Removed code for generating a new module
708 ID.
709
710 * cipher.c, md.c, pubkey.c: Replace old type GcryModule with newer
711 one: gcry_module_t.
712 (gcry_cipher_id_new): Removed function.
713 (gcry_cipher_register): Removed code for generating a new module
714 ID.
715
716 * cipher.c (gcry_cipher_register): Adjust call to
717 _gcry_module_add.
718 (gcry_cipher_register_default): Likewise.
719 * pubkey.c (gcry_pubkey_register_default): Likewise.
720 (gcry_pubkey_register): Likewise.
721 * md.c (gcry_digest_register_default): Likewise.
722 (gcry_digest_register): Likewise.
723
724 * md.c (gcry_digest_lookup_func_id): Removed function.
725 (gcry_digest_lookup_id): Likewise.
726 (gcry_digest_id_new): Use _gcry_module_lookup_id instead of
727 gcry_digest_lookup_id.
728 (digest_algo_to_string): Likewise.
729 (check_digest_algo): Likewise.
730 (md_enable): Likewise.
731 (md_digest_length): Likewise.
732 (md_asn_oid): Likewise.
733
734 * pubkey.c (gcry_pubkey_lookup_id): Removed function.
735 (gcry_pubkey_lookup_func_id): Likewise.
736 (gcry_pubkey_id_new): Use _gcry_module_lookup_id instead of
737 gcry_pubkey_id_new.
738 (gcry_pk_algo_name): Likewise.
739 (disable_pubkey_algo): Likewise.
740 (check_pubkey_algo): Likewise.
741 (pubkey_get_npkey): Likewise.
742 (pubkey_get_nskey): Likewise.
743 (pubkey_get_nsig): Likewise.
744 (pubkey_get_nenc): Likewise.
745 (pubkey_generate): Likewise.
746 (pubkey_check_secret_key): Likewise.
747 (pubkey_encrypt): Likewise.
748 (pubkey_decrypt): Likewise.
749 (pubkey_sign): Likewise.
750 (pubkey_verify): Likewise.
751 (gcry_pk_algo_info): Likewise.
752
753 * cipher.c (gcry_cipher_lookup_func_id): Removed function.
754 (gcry_cipher_lookup_id): Likewise.
755 (cipher_algo_to_string): use _gcry_module_lookup_id instead of
756 gcry_cipher_lookup_id.
757 (disable_cipher_algo): Likewise.
758 (check_cipher_algo): Likewise.
759 (cipher_get_blocksize): Likewise.
760 (gcry_cipher_open): Likewise.
761 (gcry_cipher_id_new): Likewise.
762
7632003-06-17 Moritz Schulte <moritz@g10code.com>
764
765 * Makefile.am (GCRYPT_MODULES): Set to @GCRYPT_CIPHERS@,
766 @GCRYPT_PUBKEY_CIPHERS@, @GCRYPT_DIGESTS@ and @GCRYPT_RANDOM@.
767 (libcipher_la_DEPENDENCIES): Set to $(GCRYPT_MODULES).
768 (libcipher_la_LIBADD): Likewise.
769 (AM_CFLAGS): Added: @GPG_ERROR_CFLAGS@.
770 (EXTRA_libcipher_la_SOURCES): Added all conditional sources.
771
772 * md.c (md_open): Use _gcry_fast_random_poll instead of
773 fast_random_poll.
774 * cipher.c (gcry_cipher_open): Likewise.
775
776 * random.h (fast_random_poll): Removed macro.
777
778 * blowfish.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c,
779 tiger.c: Use Autoconf's WORDS_BIGENDIAN instead of our own
780 BIG_ENDIAN_HOST.
781
7822003-06-16 Moritz Schulte <moritz@g10code.com>
783
784 * random.c (getfnc_gather_random): Do not special-case
785 USE_ALL_RANDOM_MODULES, make it the default.
786
787 * dsa.c: Replace last occurences of old type names with newer
788 names (i.e. replace MPI with gcry_mpi_t).
789 * elgamal.c: Likewise.
790 * primegen.c: Likewise.
791 * pubkey.c: Likewise.
792 * rsa.c: Likewise.
793
7942003-06-14 Moritz Schulte <moritz@g10code.com>
795
796 * des.c (des_setkey): Add selftest check.
797 (tripledes_set3keys): Likewise.
798 (do_tripledes_setkey): Remove selftest check.
799 (do_des_setkey): Likewise.
800
8012003-06-11 Moritz Schulte <moritz@g10code.com>
802
803 * md.c (_gcry_md_init): New function.
804 * cipher.c (_gcry_cipher_init): New function.
805 * pubkey.c (_gcry_pk_init): New function.
806
8072003-06-13 Werner Koch <wk@gnupg.org>
808
809 * md.c (gcry_md_get_algo): Reverted to old API. This is a
810 convenience function anyway and error checking is not approriate.
811 (gcry_md_is_secure): New.
812 (gcry_md_is_enabled): New.
813
8142003-06-12 Werner Koch <wk@gnupg.org>
815
816 * cipher.c (gcry_cipher_open): Make sure HANDLE is set to NULL on
817 error.
818
8192003-06-11 Werner Koch <wk@gnupg.org>
820
821 * md.c (gcry_md_open): Make sure H receives either NULL or an
822 valid handle.
823 (gcry_md_copy): Swapped arguments so that it is more in lione with
824 md_open and most other API fucntions like memcpy (destination
825 comes first). Make sure HANDLE is set to NULL on error.
826
827 * rijndael.c (do_encrypt): Hack to force correct alignment. It
828 seems not to be not sufficient, though. We should rework this
829 fucntions and remove all these ugly casts. Let the compiler
830 optimize or have an assembler implementation.
831
8322003-06-09 Moritz Schulte <moritz@g10code.com>
833
834 * Makefile.am: Removed rules serpent, since that is not commited
835 yet.
836
8372003-06-08 Moritz Schulte <moritz@g10code.com>
838
839 * pubkey.c (gcry_pk_encrypt): Improve calculation for size of the
840 format string.
841
8422003-06-07 Moritz Schulte <moritz@g10code.com>
843
844 * arcfour.c, bithelp.h, blowfish.c, cast5.c, cipher.c, crc.c,
845 des.c, dsa.c, elgamal.c, md4.c, md5.c, md.c, primegen.c, pubkey.c,
846 rand-internal.h, random.c, random.h, rijndael.c, rmd160.c,
847 rmd160test.c, rmd.h, rndeged.c, rndlinux.c, rndunix.c, rndw32.c,
848 rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c: Edited all
849 preprocessor instructions to remove whitespace before the '#'.
850 This is not required by C89, but there are some compilers out
851 there that don't like it. Replaced any occurence of the now
852 deprecated type names with the new ones.
853
8542003-06-04 Moritz Schulte <moritz@g10code.com>
855
856 * pubkey.c (gcry_pk_encrypt): Construct an arg_list and use
857 gcry_sexp_build_array instead of gcry_sexp_build.
858 (gcry_pk_sign): Likewise.
859 (gcry_pk_genkey): Likewise.
860
8612003-06-01 Moritz Schulte <moritz@g10code.com>
862
863 * dsa.c (_gcry_dsa_generate): Do not check wether the algorithm ID
864 does indeed belong to DSA.
865 (_gcry_dsa_sign): Likewise.
866 (_gcry_dsa_verify): Likewise.
867 (_gcry_dsa_get_nbits): Likewise.
868
869 * elgamal.c (_gcry_elg_check_secret_key): Do not check wether the
870 algorithm ID does indeed belong to ElGamal.
871 (_gcry_elg_encrypt): Likewise.
872 (_gcry_elg_decrypt): Likewise.
873 (_gcry_elg_sign): Likewise.
874 (_gcry_elg_verify): Likewise.
875 (_gcry_elg_get_nbits): Likewise.
876 (_gcry_elg_generate): Likewise.
877
878 * rsa.c (_gcry_rsa_generate): Do not check wether the algorithm ID
879 does indeed belong to RSA.
880 (_gcry_rsa_encrypt): Likewise.
881 (_gcry_rsa_decrypt): Likewise.
882 (_gcry_rsa_sign): Likewise.
883 (_gcry_rsa_verify): Likewise.
884 (_gcry_rsa_get_nbits): Likewise.
885
8862003-05-30 Moritz Schulte <moritz@g10code.com>
887
888 * md.c (md_get_algo): Return zero in case to algorithm is enabled.
889
890 * md.c (gcry_md_info): Adjusted for new no-errno-API.
891 (md_final): Likewise.
892 (gcry_md_get_algo): Likewise.
893 * pubkey.c (gcry_pk_get_keygrip): Likewise.
894 (gcry_pk_ctl): Likewise.
895 (gcry_pk_algo_info): Likewise.
896 * des.c (selftest): Likewise.
897
8982003-05-29 Moritz Schulte <moritz@g10code.com>
899
900 * md.c (md_enable): Do not forget to release module on error.
901 (gcry_md_open): Adjusted for new no-errno-API.
902 (md_open): Likewise.
903 (md_copy): Likewise.
904 (gcry_md_copy): Likewise.
905 (gcry_md_setkey): Likewise.
906 (gcry_md_algo_info): Likewise.
907
908 * cipher.c (gcry_cipher_open): Adjusted for new no-errno-API and
909 also fixed a locking bug.
910 (gcry_cipher_encrypt): Adjusted for new no-errno-API.
911 (gcry_cipher_decrypt): Likewise.
912 (gcry_cipher_ctl): Likewise.
913 (gcry_cipher_info): Likewise.
914 (gcry_cipher_algo_info): Likewise.
915
9162003-05-28 Moritz Schulte <moritz@g10code.com>
917
918 * md.c (md_enable): Adjusted for libgpg-error.
919 (gcry_md_enable): Likewise.
920 (gcry_digest_register_default): Likewise.
921 (gcry_digest_register): Likewise.
922 (check_digest_algo): Likewise.
923 (prepare_macpads): Likewise.
924 (gcry_md_setkey): Likewise.
925 (gcry_md_ctl): Likewise.
926 (gcry_md_get): Likewise.
927 (gcry_md_algo_info): Likewise.
928 (gcry_md_info): Likewise.
929 * dsa.c (_gcry_dsa_generate): Likewise.
930 (_gcry_dsa_check_secret_key): Likewise.
931 (_gcry_dsa_sign): Likewie.
932 (_gcry_dsa_verify): Likewise.
933 * twofish.c (do_twofish_setkey): Likewise.
934 (twofish_setkey): Likewise.
935 * cipher.c (gcry_cipher_register): Likewise.
936
9372003-05-25 Moritz Schulte <moritz@g10code.com>
938
939 * rijndael.c (do_setkey): Adjusted for libgpg-error.
940 (rijndael_setkey): Likewise.
941 * random.c (gcry_random_add_bytes): Likewise.
942 * elgamal.c (_gcry_elg_generate): Likewise.
943 (_gcry_elg_check_secret_key): Likewise.
944 (_gcry_elg_encrypt): Likewise.
945 (_gcry_elg_decrypt): Likewise.
946 (_gcry_elg_sign): Likewise.
947 (_gcry_elg_verify): Likewise.
948 * rsa.c (_gcry_rsa_generate): Likewise.
949 (_gcry_rsa_check_secret_key): Likewise.
950 (_gcry_rsa_encrypt): Likewise.
951 (_gcry_rsa_decrypt): Likewise.
952 (_gcry_rsa_sign): Likewise.
953 (_gcry_rsa_verify): Likewise.
954 * pubkey.c (dummy_generate, dummy_check_secret_key, dummy_encrypt,
955 dummy_decrypt, dummy_sign, dummy_verify): Likewise.
956 (gcry_pubkey_register): Likewise.
957 (check_pubkey_algo): Likewise.
958 (pubkey_generate): Likewise.
959 (pubkey_check_secret_key): Likewise.
960 (pubkey_encrypt): Likewise.
961 (pubkey_decrypt): Likewise.
962 (pubkey_sign): Likewise.
963 (pubkey_verify): Likewise.
964 (sexp_elements_extract): Likewise.
965 (sexp_to_key): Likewise.
966 (sexp_to_sig): Likewise.
967 (sexp_to_enc): Likewise.
968 (sexp_data_to_mpi): Likewise.
969 (gcry_pk_encrypt): Likewise.
970 (gcry_pk_decrypt): Likewise.
971 (gcry_pk_sign): Likewise.
972 (gcry_pk_verify): Likewise.
973 (gcry_pk_testkey): Likewise.
974 (gcry_pk_genkey): Likewise.
975 (gcry_pk_ctl): Likewise.
976 * cipher.c (dummy_setkey): Likewise.
977 (check_cipher_algo): Likewise.
978 (gcry_cipher_open): Likewise.
979 (cipher_setkey): Likewise.
980 (gcry_cipher_ctl): Likewise.
981 (cipher_encrypt): Likewise.
982 (gcry_cipher_encrypt): Likewise.
983 (cipher_decrypt): Likewise.
984 (gcry_cipher_decrypt): Likewise.
985 (gcry_cipher_info): Likewise.
986 (gcry_cipher_algo_info): Likewise.
987 * cast5.c (cast_setkey): Likewise.
988 (do_cast_setkey): Likewise.
989 * arcfour.c (arcfour_setkey): Likewise.
990 (do_arcfour_setkey): Likewise.
991 * blowfish.c (do_bf_setkey): Likewise.
992 (bf_setkey): Likewise.
993 * des.c (do_des_setkey): Likewise.
994 (do_tripledes_setkey): Likewise.
995
9962003-05-22 Moritz Schulte <moritz@g10code.com>
997
998 * tiger.c: Merged code ussing the U64_C macro from GnuPG.
999
1000 * sha512.c: Likewise.
1001
10022003-05-17 Moritz Schulte <moritz@g10code.com>
1003
1004 * pubkey.c (gcry_pk_genkey): Fix type: acquire a lock, instead of
1005 releasing it.
1006
10072003-05-11 Moritz Schulte <moritz@g10code.com>
1008
1009 * pubkey.c (gcry_pk_testkey): Call REGISTER_DEFAULT_CIPHERS.
1010 (gcry_pk_ctl): Likewise.
1011
10122003-04-27 Moritz Schulte <moritz@g10code.com>
1013
1014 * pubkey.c (gcry_pk_genkey): Release sexp after extracted data has
1015 been used.
1016
1017 * md.c (gcry_md_get_algo_dlen): Simplified, simply call
1018 md_digest_length to do the job.
1019
1020 * des.c (do_des_setkey): Check for selftest failure not only
1021 during initialization.
1022 (do_tripledes_setkey): Include check for selftest failure.
1023
1024 * pubkey.c (gcry_pubkey_register_default): New macro
1025 `pubkey_use_dummy', use it.
1026
1027 * elgamal.c (elg_names): New variable.
1028 (pubkey_spec_elg): Include elg_names.
1029
1030 * dsa.c (dsa_names): New variable.
1031 (pubkey_spec_dsa): Include dsa_names.
1032
1033 * rsa.c (rsa_names): New variable.
1034 (pubkey_spec_rsa): Include rsa_names.
1035
1036 * pubkey.c (gcry_pubkey_lookup_func_name): Compare name also with
1037 the names listed in `sexp_names'.
1038
10392003-04-24 Moritz Schulte <moritz@g10code.com>
1040
1041 * pubkey.c (sexp_to_key): New variables: module, pubkey. Adjusted
1042 to new module interface.
1043 (sexp_to_key): Changend type of argument `retalgo' from `int *' to
1044 `GcryModule **'. Adjusted all callers. Removed argument:
1045 r_algotblidx.
1046 (sexp_to_sig): Changend type of argument `retalgo' from `int *' to
1047 `GcryModule **'. Adjusted all callers.
1048 (sexp_to_enc): Likewise.
1049
1050 (pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig,
1051 pubkey_get_nenc): Use strlen to find out the number.
1052
1053 * rsa.c: Adjust pubkey_spec_rsa to new internal interface.
1054 * dsa.c: Likewise.
1055 * elgamal.c: Likewise.
1056
10572003-04-17 Moritz Schulte <moritz@g10code.com>
1058
1059 * pubkey.c (sexp_elements_extract): New function.
1060 * pubkey.c (sexp_to_key): Removed variable `idx', added `err', use
1061 sexp_elements_extract.
1062 (sexp_to_sig): Likewise.
1063 (sexp_to_enc): Likewise.
1064
1065 * pubkey.c: Terminate list correctly.
1066 * md.c: Include sha512/sha384 in digest_table.
1067
10682003-04-16 Moritz Schulte <moritz@g10code.com>
1069
1070 * Makefile.am: Include support for sha512.c.
1071
1072 * sha512.c: New file, merged from GnuPG, with few modifications
1073 for libgcrypt.
1074
1075 * rand-internal.h: Removed declarations for constructor functions.
1076
1077 * md.c (md_copy): Call _gcry_module_use for incrementing the usage
1078 counter of the digest modules.
1079
1080 * rsa.c: Do not include "rsa.h".
1081 * dsa.c: Do not include "dsa.h".
1082 * elgamal.c: Do not include "elgamal.h".
1083 * des.c: Do not include "des.h".
1084 * cast5.c: Do not include "cast5.h".
1085 * blowfish.c: Do not include "blowfish.h".
1086 * arcfour.c: Do not include "arcfour.h".
1087
1088 * Makefile.am (libcipher_la_DEPENDENCIES): Removed.
1089 (libcipher_la_LIBADD): Removed.
1090 Use Automake conditionals for conditional compilation.
1091
10922003-04-13 Moritz Schulte <moritz@g10code.com>
1093
1094 * cipher.c (gcry_cipher_open): Call REGISTER_DEFAULT_CIPHERS.
1095
1096 * md.c (gcry_md_list): New member: module.
1097 (md_enable): New variable: module, changed use of module and
1098 digest.
1099 (md_enable): Initialize member: module.
1100 (md_close): Call _gcry_module_release.
1101
1102 * cipher.c (gcry_cipher_open): New variable: module, changed use of
1103 module and cipher.
1104 (struct gcry_cipher_handle): New member: module.
1105 (gcry_cipher_open): Initialize member: module.
1106 (gcry_cipher_close): Call _gcry_module_release.
1107
11082003-04-09 Moritz Schulte <moritz@g10code.com>
1109
1110 * cipher.c: Include "ath.h".
1111 * md.c: Likewise.
1112 * pubkey.c: Likewise.
1113
1114 * cipher.c (ciphers_registered_lock): New variable.
1115 * md.c (digests_registered_lock): New variable.
1116 * pubkey.c (pubkeys_registered_lock): New variable.
1117
1118 * rndlinux.c (gnupgext_version, func_table): Removed definitions.
1119 (gnupgext_enum_func): Removed function.
1120 (_gcry_rndlinux_constructor): Removed function.
1121
1122 * rndegd.c (gnupgext_version, func_table): Removed definitions.
1123 (gnupgext_enum_func): Removed function.
1124 (_gcry_rndegd_constructor): Removed function.
1125
1126 * rndunix.c (gnupgext_version, func_table): Removed definitions.
1127 (gnupgext_enum_func): Removed function.
1128 (_gcry_rndunix_constructor): Removed function.
1129
1130 * rndw32.c (gnupgext_version, func_table): Removed definitions.
1131 (gnupgext_enum_func): Removed function.
1132 (_gcry_rndw32_constructor): Removed function.
1133
1134 * rndegd.c (rndegd_connect_socket): Simplify code for creating the
1135 egd socket address.
1136 (rndegd_connect_socket): Call log_fatal use instead of
1137 g10_log_fatal.
1138 (egd_gather_random): Renamed to ...
1139 (rndegd_gather_random): ... here.
1140
11412003-04-08 Moritz Schulte <moritz@g10code.com>
1142
1143 * rndlinux.c: Do not include "dynload.h".
1144 * rndunix.c: Likewise.
1145 * rndw32.c: Likewise.
1146
1147 * rndegd.c (rndegd_connect_socket): Factored out from ...
1148 (egd_gather_random): here; call it.
1149 (egd_socket): New variable.
1150 (egd_gather_random): Initialize fd with egd_socket, do not declare
1151 fd static.
1152 (do_read): Merged few changes from GnuPG. FIXME - not finished?
1153 Do not include "dynload.h".
1154
1155 * rndw32.c (gather_random): Renamed to rndw32_gather_random, do
1156 not declare static.
1157 (gather_random_fast): Renamed to rndw32_gather_random_fast, do not
1158 declare static.
1159
1160 * rndunix.c (gather_random): Renamed to rndunix_gather_random, do
1161 not declare static.
1162 * rndegd.c (gather_random): Renamed to rndegd_gather_random, do
1163 not declare static.
1164 * rndlinux.c (gather_random): Renamed to rndlinux_gather_random,
1165 do not declare static.
1166
11672003-04-07 Moritz Schulte <moritz@g10code.com>
1168
1169 * Makefile.am (libcipher_la_SOURCES): Removed construct.c.
1170 (libcipher_la_SOURCES): Added sha1.c, sha256.c, rmd160.c, md4.c,
1171 md5.c, tiger.c and crc.c
1172 (EXTRA_PROGRAMS): Removed sha1, sha256, rmd160, md4, md5, tiger
1173 and crc. Removed definitions: EXTRA_md4_SOURCES,
1174 EXTRA_md5_SOURCES, EXTRA_rmd160_SOURCES, EXTRA_sha1_SOURCES,
1175 EXTRA_sha256_SOURCES, EXTRA_tiger_SOURCES and EXTRA_crc_SOURCES,
1176 BUILT_SOURCES, DISTCLEANFILES.
1177
1178 * pubkey.c: Do not include "elgamal.h", "dsa.h" and "rsa.h".
1179
1180 * Makefile.am (libcipher_la_SOURCES): Removed rsa.h, elgamal.h,
1181 dsa.h, des.h, cast5.h, arcfour.h and blowfish.h.
1182
1183 * rsa.h: Removed file.
1184 * elgamal.h: Removed file.
1185 * dsa.h: Removed file.
1186 * des.h: Removed file.
1187 * cast5.h: Removed file.
1188 * arcfour.h: Removed file.
1189 * blowfish.h: Removed file.
1190
1191 * Makefile.am (libcipher_la_SOURCES): Removed dynload.c and
1192 dynload.h.
1193
1194 * rsa.c (pubkey_spec_rsa): New variable.
1195 * dsa.c (pubkey_spec_rsa): New variable.
1196 * elgamal.c (pubkey_spec_elg): New variable.
1197
1198 * rsa.c (_gcry_rsa_get_info): Removed function.
1199 * elgamal.c (_gcry_elg_get_info): Removed function.
1200 * dsa.c (_gcry_dsa_get_info): Removed function.
1201
1202 * tiger.c (tiger_get_info): Removed function.
1203 (gnupgext_version, func_table): Removed definitions.
1204 (gnupgext_enum_func): Removed function.
1205 (_gcry_tiger_constructor): Removed function.
1206
1207 * sha1.c (sha1_get_info): Removed function.
1208 (gnupgext_version, func_table): Removed definitions.
1209 (gnupgext_enum_func): Removed function.
1210 (_gcry_sha1_constructor): Removed function.
1211
1212 * sha256.c (sha256_get_info): Removed function.
1213 (gnupgext_version, func_table): Removed definitions.
1214 (gnupgext_enum_func): Removed function.
1215 (_gcry_sha256_constructor): Removed function.
1216
1217 * rmd160.c (rmd160_get_info): Removed function.
1218 (gnupgext_version, func_table): Removed definitions.
1219 (gnupgext_enum_func): Removed function.
1220 (_gcry_rmd160_constructor): Removed function.
1221
1222 * md5.c (md5_get_info): Removed function.
1223 (gnupgext_version, func_table): Removed definitions.
1224 (gnupgext_enum_func): Removed function.
1225 (_gcry_md5_constructor): Removed function.
1226
1227 * md4.c (md4_get_info): Removed function.
1228 (gnupgext_version, func_table): Removed definitions.
1229 (gnupgext_enum_func): Removed function.
1230 (_gcry_md4_constructor): Removed function.
1231
1232 * crc.c (crc_get_info): Removed function.
1233
1234 * arcfour.c (do_arcfour_setkey): Changed type of context argument
1235 to `void *', added local variable for cast, adjusted callers.
1236 (arcfour_setkey): Likewise.
1237 (encrypt_stream): Likewise.
1238 * cast5.c (cast_setkey): Likewise.
1239 (encrypt_block): Likewise.
1240 * rijndael.c (rijndael_setkey): Likewise.
1241 (rijndael_encrypt): Likewise.
1242 (rijndael_decrypt): Likewise.
1243 * twofish.c (twofish_setkey): Likewise.
1244 (twofish_encrypt): Likewise.
1245 (twofish_decrypt): Likewise.
1246 * des.c (do_des_setkey): Likewise.
1247 (do_des_encrypt): Likewise.
1248 (do_des_encrypt): Likewise.
1249 (do_tripledes_encrypt): Likewise.
1250 (do_tripledes_encrypt): Likewise.
1251 * blowfish.c (bf_setkey: Likewise.
1252 (encrypt_block): Likewise.
1253 (decrypt_block): Likewise.
1254
1255 * arcfour.c (encrypt_stream): Likewise.
1256
1257 * rijndael.c (gnupgext_version, func_table): Removed definitions.
1258 (gnupgext_enum_func) Removed function.
1259
1260 * twofish.c (gnupgext_version, func_table): Removed definitions.
1261 (gnupgext_enum_func) Removed function.
1262
1263 * cast5.c (CIPHER_ALGO_CAST5): Removed.
1264
1265 * blowfish.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros.
1266 (CIPHER_ALGO_BLOWFISH): Removed symbol.
1267 * cast5.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Likewise.
1268 * des.c (selftest_failed): Removed.
1269 (initialized): New variable.
1270 (do_des_setkey): Run selftest, if not yet done.
1271 (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros.
1272
1273 * arcfour.c (_gcry_arcfour_get_info): Removed function.
1274 * blowfish.c (_gcry_blowfish_get_info): Removed function.
1275 * cast5.c (_gcry_cast5_get_info): Removed function.
1276 * des.c (_gcry_des_get_info): Removed function.
1277 * rijndael.c (_gcry_rijndael_get_info): Removed function.
1278 * twofish.c (_gcry_twofish_get_info): Removed function.
1279
1280 * arcfour.c (cipher_spec_arcfour): New variable.
1281 * twofish.c (cipher_spec_twofish, cipher_spec_twofish128): New
1282 variables.
1283 * rijndael.c (cipher_spec_aes, cipher_spec_aes192,
1284 cipher_spec256): New variables.
1285 * des.c (cipher_spec_des, cipher_spec_tripledes): New variables.
1286 * cast5.c (cipher_spec_cast5): New variable.
1287 * blowfish.c (cipher_spec_blowfish): Likewise.
1288
1289 * twofish.c: Do not include "dynload.h".
1290 * rijndael.c: Likewise.
1291 * des.c: Likewise.
1292 * cast5.c: Likewise.
1293 * blowfish.c: Likewise.
1294 * cipher.c: Likewise.
1295 * crc.c: Likewise.
1296 * md4.c: Likewise.
1297 * md5.c: Likewise.
1298 * md.c: Likewise.
1299 * pubkey.c: Likewise.
1300 * rijndael.c: Likewise.
1301 * sha1.c: Likewise.
1302 * sha256.c: Likewise.
1303
1304 * arcfour.c: Include "cipher.h".
1305 * twofish.c: Likewise.
1306 * rijndael.c: Likewise.
1307 * des.c: Likewise.
1308 * cast5.c: Likewise.
1309 * blowfish.c: Likewise.
1310
1311 * twofish.c (twofish_setkey): Declared argument `key' const.
1312 (twofish_encrypt): Declared argument `inbuf' const.
1313 (twofish_decrypt): Likewise.
1314
1315 * rijndael.c (rijndael_setkey): Declared argument `key' const.
1316 (rijndael_encrypt): Declared argument `inbuf' const.
1317 (rijndael_decrypt): Likewise.
1318
1319 * des.c (do_des_setkey): Declared argument `key' const.
1320 (do_tripledes_setkey): Likewise.
1321 (do_des_encrypt): Declared argument `inbuf' const.
1322 (do_des_decrypt): Likewise.
1323 (do_tripledes_encrypt): Likewise.
1324 (do_tripledes_decrypt): Likewise.
1325
1326 * cast5.c (encrypt_block): Declared argument `inbuf' const.
1327 (decrypt_block): Likewise.
1328 (cast_setkey): Declared argument `key' const.
1329
1330 * blowfish.c (do_bf_setkey): Declared argument `key' const.
1331 (encrypt_block): Declared argument `inbuf' const.
1332 (encrypt_block): Likewise.
1333
1334
1335
1336 * cipher.c: Remove CIPHER_ALGO_DUMMY related code.
1337 Removed struct cipher_table_s.
1338 Changed definition of cipher_table.
1339 Removed definition of disabled_algos.
1340 (ciphers_registered, default_ciphers_registered): New variables.
1341 (REGISTER_DEFAULT_CIPHERS): New macro.
1342 (dummy_setkey): Declared argument `key' const.
1343 (dummy_encrypt_block): Declared argument `inbuf' const.
1344 (dummy_encrypt_block): Likewise.
1345 (dummy_encrypt_stream): Likewise.
1346 (dummy_encrypt_stream): Likewise.
1347 (dummy_setkey): Use `unsigned char' instead of `byte'.
1348 (dummy_encrypt_block): Likewise.
1349 (dummy_decrypt_block): Likewise.
1350 (dummy_encrypt_stream): Likewise.
1351 (dummy_decrypt_stream): Likewise.
1352 (gcry_cipher_register_default): New function.
1353 (gcry_cipher_lookup_func_id): New function.
1354 (gcry_cipher_lookup_func_name): New function.
1355 (gcry_cipher_lookup_id): New function.
1356 (gcry_cipher_lookup_name): New function.
1357 (gcry_cipher_id_new): New function.
1358 (gcry_cipher_register): New function.
1359 (gcry_cipher_unregister): New function.
1360 (setup_cipher_table): Removed function.
1361 (load_cipher_modules): Removed function.
1362 (gcry_cipher_map_name): Adjusted to use new module management.
1363 (cipher_algo_to_string): Likewise.
1364 (disable_cipher_algo): Likewise.
1365 (check_cipher_algo): Likewise.
1366 (cipher_get_keylen): Likewise.
1367 (cipher_get_blocksize): Likewise.
1368 (gcry_cipher_open): Likewise.
1369 (struct gcry_cipher_handle): Replaced members algo, algo_index,
1370 blocksize, setkey, encrypt, decrypt, stencrypt, stdecrypt with one
1371 member: cipher.
1372 (gcry_cipher_open): Adjusted code for new handle structure.
1373 (cipher_setkey): Likewise.
1374 (cipher_setiv): Likewise.
1375 (cipher_reset): Likewise.
1376 (do_ecb_encrypt): Likewise.
1377 (do_ecb_decrypt): Likewise.
1378 (do_cbc_encrypt): Likewise.
1379 (do_cbc_decrypt): Likewise.
1380 (do_cfb_encrypt): Likewise.
1381 (do_cfb_decrypt): Likewise.
1382 (do_ctr_encrypt): Likewise.
1383 (cipher_encrypt): Likewise.
1384 (gcry_cipher_encrypt): Likewise.
1385 (cipher_decrypt): Likewise.
1386 (gcry_cipher_decrypt): Likewise.
1387 (cipher_sync): Likewise.
1388 (gcry_cipher_ctl): Likewise.
1389
1390 * pubkey.c: Removed struct pubkey_table_s.
1391 Changed definition of pubkey_table.
1392 Removed definition of disabled_algos.
1393 (pubkeys_registered, default_pubkeys_registered): New variables.
1394 (REGISTER_DEFAULT_PUBKEYS): New macro.
1395 (setup_pubkey_table): Removed function.
1396 (load_pubkey_modules): Removed function.
1397 (gcry_pubkey_register_default): New function.
1398 (gcry_pubkey_lookup_func_id): New function.
1399 (gcry_pubkey_lookup_func_name): New function.
1400 (gcry_pubkey_lookup_id): New function.
1401 (gcry_pubkey_lookup_name): New function.
1402 (gcry_pubkey_id_new): New function.
1403 (gcry_pubkey_register): New function.
1404 (gcry_pubkey_unregister): New function.
1405 (gcry_pk_map_name): Adjusted to use new module management.
1406 (gcry_pk_algo_name): Likewise.
1407 (disable_pubkey_algo): Likewise.
1408 (check_pubkey_algo): Likewise.
1409 (pubkey_get_npkey): Likewise.
1410 (pubkey_get_nskey): Likewise.
1411 (pubkey_get_nsig): Likewise.
1412 (pubkey_get_nenc): Likewise.
1413 (pubkey_generate): Likewise.
1414 (pubkey_check_secret_key): Likewise.
1415 (pubkey_encrypt): Likewise.
1416 (pubkey_decrypt): Likewise.
1417 (pubkey_sign): Likewise.
1418 (pubkey_verify): Likewise.
1419 (gcry_pk_get_nbits): Likewise.
1420 (gcry_pk_algo_info): Likewise.
1421
1422 * md.c: Removed struct md_digest_list_s.
1423 (digest_list): Changed definition.
1424 (digests_registered, default_digests_registered): New variables.
1425 (REGISTER_DEFAULT_DIGESTS): New macro.
1426 (new_list_item): Removed function.
1427 (setup_md_table): Removed function.
1428 (load_digest_module): Removed function.
1429 (gcry_digest_register_default): New function.
1430 (gcry_digest_lookup_func_id): New function.
1431 (gcry_digest_lookup_func_name): New function.
1432 (gcry_digest_lookup_id): New function.
1433 (gcry_digest_lookup_name): New function.
1434 (gcry_digest_id_new): New function.
1435 (gcry_digest_register): New function.
1436 (gcry_digest_unregister): New function.
1437 (GcryDigestEntry): New type.
1438 (struct gcry_md_context): Adjusted type of `list'.
1439 (gcry_md_map_name): Adjusted to use new module management.
1440 (digest_algo_to_string): Likewise.
1441 (check_digest_algo): Likewise.
1442 (md_enable): Likewise.
1443 (md_digest_length): Likewise.
1444 (md_asn_oid): Likewise.
1445
14462003-04-07 Moritz Schulte <moritz@g10code.com>
1447
1448 * pubkey.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA,
1449 PUBKEY_ALGO_RSA with GCRY_PK_RSA and PUBKEY_ALGO_ELGAMAL with
1450 GCRY_PK_ELG.
1451
1452 * dsa.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA.
1453
14542003-04-01 Moritz Schulte <moritz@g10code.com>
1455
1456 * des.c: Removed checks for GCRY_CIPHER_3DES and GCRY_CIPHER_DES.
1457
14582003-03-31 Moritz Schulte <moritz@g10code.com>
1459
1460 * tiger.c (tiger_get_info): Do not declare static.
1461 * sha256.c (sha256_get_info): Likewise.
1462 * sha1.c (sha1_get_info): Likewise.
1463 * rmd160.c (rmd160_get_info): Likewise.
1464 * md5.c (md5_get_info): Likewise.
1465 * md4.c (md4_get_info): Likewise.
1466 * crc.c (crc_get_info): Likewise.
1467
1468 * md.c (load_digest_module): Call setup_md_table during
1469 initialization.
1470 (new_list_item): Link new element into digest_list.
1471
1472 * cipher.c (do_ctr_decrypt): Made do_ctr_encrypt act as a wrapper
1473 for do_ctr_encrypt, since these functions are identical.
1474
14752003-03-30 Simon Josefsson <jas@extundo.com>
1476
1477 * cipher.c (struct gcry_cipher_handle): Add counter field.
1478 (gcry_cipher_open): Add CTR.
1479 (cipher_reset): Clear counter field.
1480 (do_ctr_encrypt, do_ctr_decrypt): New functions.
1481 (cipher_encrypt, cipher_decrypt): Call CTR functions.
1482 (gcry_cipher_ctl): Add SET_CTR to set counter.
1483
14842003-03-30 Moritz Schulte <moritz@g10code.com>
1485
1486 * rsa.c (_gcry_rsa_blind): New function.
1487 (_gcry_rsa_unblind): New function.
1488 (_gcry_rsa_decrypt): Use _gcry_rsa_blind and _gcry_rsa_decrypt.
1489
14902003-03-26 Moritz Schulte <moritz@g10code.com>
1491
1492 * dynload.c (_gcry_enum_gnupgext_pubkeys): Adjust `encrypt' and
1493 `decrypt' function arguments.
1494 (_gcry_enum_gnupgext_pubkeys): Likewise.
1495 * dynload.h: Likewise.
1496
1497 * pubkey.c (dummy_decrypt): Add argument: int flags.
1498 (dummy_encrypt): Likewise.
1499
1500 * elgamal.c (_gcry_elg_encrypt): Add argument: int flags.
1501 (_gcry_elg_decrypt): Likewise.
1502
1503 * rsa.c (_gcry_rsa_encrypt): Add argument: int flags.
1504 (_gcry_rsa_decrypt): Likewise.
1505
1506 * pubkey.c: Add `flags' argument to members `encrypt' and
1507 `decrypt' of struct `pubkey_table_s'.
1508
1509 * rsa.h: Add `flags' argument to function declarations.
1510 * elgamal.h: Likewise.
1511
1512 * pubkey.c (sexp_data_to_mpi): New variable: int parsed_flags.
1513 (sexp_data_to_mpi): Set `parsed_flags'.
1514 (sexp_data_to_mpi): New argument: int *flags.
1515 (gcry_pk_encrypt): New variable: int flags.
1516 (gcry_pk_encrypt): Pass `flags' to pubkey_encrypt.
1517 (pubkey_encrypt): New variable: int flags.
1518 (pubkey_encrypt): Pass `flags' to pubkey encrypt function.
1519 (pubkey_decrypt): Likewise.
1520 (pubkey_decrypt): Pass `flags' to pubkey encrypt function.
1521 (gcry_pk_encrypt): Include `flags' s-exp in return list.
1522 (sexp_to_enc): New argument: int *flags.
1523 (gcry_pk_decrypt): New variable: int flags.
1524 (gcry_pk_decrypt): Pass `flags' to pubkey_decrypt.
1525 (sexp_to_enc): New variable: int parsed_flags.
1526 (sexp_to_enc): Set `parsed_flags'.
1527
15282003-03-22 Simon Josefsson <jas@extundo.com>
1529
1530 * cipher.c (gcry_cipher_open, do_cbc_encrypt)
1531 (gcry_cipher_encrypt): Support GCRY_CIPHER_CBC_MAC.
1532 (gcry_cipher_ctl): Support GCRYCTL_SET_CBC_MAC.
1533
15342003-03-19 Werner Koch <wk@gnupg.org>
1535
1536 * primegen.c (gen_prime): New args EXTRA_CHECK and EXTRA_CHECK_ARG
1537 to allow for a user callback. Changed all callers.
1538 (_gcry_generate_secret_prime)
1539 (_gcry_generate_public_prime): Ditto, pass them to gen_prime.
1540 * rsa.c (check_exponent): New.
1541 (generate): Use a callback to ensure that a given exponent is
1542 actually generated.
1543
15442003-03-12 Moritz Schulte <moritz@g10code.com>
1545
1546 * primegen.c: Initialize `no_of_small_prime_numbers' statically.
1547 (gen_prime): Remove calculation of `no_of_small_prime_numbers'.
1548
15492003-03-03 Moritz Schulte <moritz@g10code.com>
1550
1551 * md.c (gcry_md_ctl): Rewritten to use same style like the other
1552 functions dispatchers.
1553
15542003-03-02 Moritz Schulte <moritz@g10code.com>
1555
1556 * cipher.c (struct gcry_cipher_handle): New member: algo_index.
1557 (gcry_cipher_open): Allocate memory for two cipher contexts.
1558 Initialize algo_index.
1559 (cipher_setkey): Duplicate context into reserved memory.
1560 (cipher_reset): New function, which resets the context and clear
1561 the IV.
1562 (gcry_cipher_ctl): Call cipher_reset.
1563
15642003-02-23 Moritz Schulte <moritz@g10code.com>
1565
1566 * cipher.c: Remove (bogus) `digitp' macro definition.
1567 * md.c: Likewise.
1568
1569 * blowfish.c (burn_stack): Removed.
1570 * arcfour.c (burn_stack): Likewise.
1571 * cast5.c (burn_stack): Likewise.
1572 * des.c (burn_stack): Likewise.
1573 * md4.c (burn_stack): Likewise.
1574 * md5.c (burn_stack): Likewise.
1575 * random.c (burn_stack): Likewise.
1576 * rijndael.c (burn_stack): Likewise.
1577 * rmd160.c (burn_stack): Likewise.
1578 * sha1.c (burn_stack): Likewise.
1579 * sha256.c (burn_stack): Likewise.
1580 * tiger.c (burn_stack): Likewise.
1581 * twofish.c (burn_stack): Likewise.
1582
1583 * blowfish.c: Changed all occurences of burn_stack to
1584 _gcry_burn_stack.
1585 * arcfour.c: Likewise.
1586 * cast5.c: Likewise.
1587 * des.c: Likewise.
1588 * md4.c: Likewise.
1589 * md5.c: Likewise.
1590 * random.c: Likewise.
1591 * rijndael.c: Likewise.
1592 * rmd160.c: Likewise.
1593 * sha1.c: Likewise.
1594 * sha256.c: Likewise.
1595 * tiger.c: Likewise.
1596 * twofish.c: Likewise.
1597
1598 * arcfour.c (_gcry_arcfour_get_info): Use GCRY_CIPHER_ARCFOUR
1599 instead of hard-coded value `301'.
1600
16012003-01-24 Werner Koch <wk@gnupg.org>
1602
1603 * random.c (_gcry_register_random_progress): New.
1604 (_gcry_random_progress): New.
1605
1606 * rndlinux.c (gather_random): Call the random progress function.
1607
16082003-01-23 Werner Koch <wk@gnupg.org>
1609
1610 * rsa.c (generate): New arg USE_E to request a specific public
1611 exponent.
1612 (_gcry_rsa_generate): Ditto.
1613 * elgamal.c (_gcry_elg_generate): Must add an dummy argument
1614 instead of USE_E.
1615 * dsa.c (_gcry_dsa_generate): Ditto.
1616 * pubkey.c (dummy_generate): Ditto.
1617 (pubkey_generate): Add USE_E arg and pass it down.
1618 (gcry_pk_genkey): Detect "rsa-use-e" parameter and pass it to generate.
1619
1620 * pubkey.c (sexp_to_enc): New arg RET_MODERN.
1621 (gcry_pk_decrypt): Make use of it to return a real S-expression.
1622 Return better error codes.
1623 (gcry_pk_verify): Return better error codes.
1624
16252003-01-21 Werner Koch <wk@gnupg.org>
1626
1627 * random.c (gcry_random_add_bytes): Add QUALITY argument, let
1628 function return an error code and disable its core for now.
1629
16302003-01-21 Timo Schulz <twoaday@freakmail.de>
1631
1632 * random.c (gcry_random_add_bytes): New. Function to add external
1633 random to the pool.
1634
16352003-01-20 Simon Josefsson <jas@extundo.com>
1636
1637 * crc.c: New.
1638 * Makefile.am (EXTRA_PROGRAMS, EXTRA_crc_SOURCES): Add crc.c.
1639 * md.c (gcry_md_get_algo_dlen): Add values for CRC.
1640
16412003-01-20 Werner Koch <wk@gnupg.org>
1642
1643 * sha256.c: New.
1644 * bithelp.h (ror): New.
1645 * Makfile.am: Add sha256.c.
1646 * md.c (oid_table): Add values for SHA256 et al.
1647 (gcry_md_get_algo_dlen): Likewise
1648
16492003-01-20 Werner Koch <wk@gnupg.org>
1650
1651 * pubkey.c (gcry_pk_get_keygrip): Implemented keygrips for DSA
1652 and ElGamal.
1653
16542003-01-17 Werner Koch <wk@gnupg.org>
1655
1656 * cipher.c (gcry_cipher_encrypt): Reworked so that the output will
1657 never contain the plaintext even if the caller did not checked the
1658 return value.
1659
1660 * md.c (gcry_md_get_algo): Changed error code to GCRYERR_GENERAL
1661 because we don't have an invalid md algo but no algorithm enabled.
1662
1663 * pubkey.c (gcry_pk_genkey): Changed error code for bounds check
1664 of table parameters to GCRYERR_INTERNAL.
1665
1666 * md.c (gcry_md_open): Partly reverted Timo's change from
1667 2002-10-10 by removing the check for the algorithm. An algorithm
1668 of 0 is allowed and anyway we should not double check it or check
1669 it using a different function. Also fixed the flags check.
1670
1671 * pubkey.c (gcry_pk_encrypt): Make sure that R_CIPH points to NULL
1672 on error.
1673 (gcry_pk_decrypt): Ditto for R_PLAIN.
1674 (gcry_pk_sign): Ditto for R_SIG.
1675 (gcry_pk_genkey): Ditto for R_KEY.
1676
16772003-01-16 Werner Koch <wk@gnupg.org>
1678
1679 * md.c (gcry_md_write): Changed 2nd argument type to void*.
1680 (gcry_md_hash_buffer): Changed type of boths buffers to void*.
1681 (gcry_md_setkey): Changed 2nd argument type to void*.
1682
16832003-01-15 Werner Koch <wk@gnupg.org>
1684
1685 * pubkey.c (sexp_data_to_mpi): New. This handles pkcs1 padding.
1686 (gcry_pk_sign, gcry_pk_verify): Use it here.
1687 (gcry_pk_encrypt): And here.
1688 (pubkey_verify): Add debug code.
1689 (sexp_to_enc): Handle flags in the input and return the pkcs1 flag
1690 in a new parameter.
1691 (gcry_pk_decrypt): Prepare for future pkcs1 handling.
1692
16932002-12-19 Werner Koch <wk@gnupg.org>
1694
1695 * random.c (_gcry_random_initialize): New.
1696
16972002-12-16 Werner Koch <wk@gnupg.org>
1698
1699 * cipher.c: Added a Teletrust specific OID for 3DES.
1700
17012002-12-12 Werner Koch <wk@gnupg.org>
1702
1703 * md.c: Added another oddball OIW OID (sha-1WithRSAEncryption).
1704
17052002-11-23 Werner Koch <wk@gnupg.org>
1706
1707 * md.c (load_digest_module): Enlarged checked_algos bitmap.
1708 * md4.c (func_table): Fixed entry for md4.
1709 Both by Simon Josephson.
1710 (transform): Copy data to get the alignment straight. Tested only
1711 on i386.
1712
17132002-11-10 Simon Josefsson <jas@extundo.com>
1714
1715 * cipher.c (gcry_cipher_open): Don't reject CTS flag.
1716 (do_cbc_encrypt, do_cbc_decrypt, cipher_encrypt)
1717 (gcry_cipher_encrypt, cipher_decrypt)
1718 (gcry_cipher_decrypt): Support CTS flag.
1719 (gcry_cipher_ctl): Toggle CTS flag.
1720
17212002-11-10 Werner Koch <wk@gnupg.org>
1722
1723 * md4.c: New. By Simon Josefsson.
1724 * Makefile.am (EXTRA_PROGRAMS): Add md4.c.
1725 * md.c (oid_table,gcry_md_get_algo_dlen): MD4 support.
1726
17272002-10-14 Werner Koch <wk@gnupg.org>
1728
1729 * arcfour.c (do_encrypt_stream): Don't use increment op when
1730 assigning to the same variable.
1731
17322002-10-10 Timo Schulz <ts@winpt.org>
1733
1734 * pubkey.c (gcry_pk_genkey): Check boundaries.
1735
1736 * md.c (gcry_md_open): Check that algo is available and only
1737 valid flag values are used.
1738 (gcry_md_get_algo): Add error handling.
1739
17402002-09-26 Werner Koch <wk@gnupg.org>
1741
1742 * md.c: Include an OID for TIGER.
1743 * tiger.c (tiger_get_info): Use a regular OID.
1744
17452002-09-17 Werner Koch <wk@gnupg.org>
1746
1747 * random.c: Replaced mutex.h by the new ath.h. Changed all calls.
1748
17492002-09-16 Werner Koch <wk@gnupg.org>
1750
1751 * arcfour.c (do_encrypt_stream): Use register modifier and modulo.
1752 According to Nikos Mavroyanopoulos this increases perfromace on
1753 i386 system noticable. And I always tought gcc is clever enough.
1754 * md5.c (transform): Use register modifier.
1755 * rmd160.c (transform): Ditto.
1756 * sha1.c (transform): Ditto. We hope that there are 6 free registers.
1757 * random.c (gcry_randomize): Rewrote to avoid malloc calls.
1758
1759 * rndlinux.c (gather_random): Replaced remaining fprintfs by log_*.
1760 * arcfour.c (do_arcfour_setkey): Ditto.
1761 * twofish.c (do_twofish_setkey): Ditto.
1762 * rndegd.c (gather_random): Ditto.
1763 * rijndael.c (do_setkey): Ditto.
1764 * random.c (_gcry_random_dump_stats): Ditto.
1765 * primegen.c (_gcry_generate_elg_prime): Ditto.
1766 * des.c (_gcry_des_get_info): Ditto.
1767 * cast5.c (do_cast_setkey): Ditto.
1768 * blowfish.c (do_bf_setkey): Ditto.
1769
17702002-08-26 Werner Koch <wk@gnupg.org>
1771
1772 * des.c (weak_keys): Fixed one entry in the table and compared
1773 all entries against the literature.
1774 (selftest): Checksum the weak key table.
1775
17762002-08-21 Werner Koch <wk@gnupg.org>
1777
1778 * pubkey.c: Enable keygrip calculation for "openpgp-rsa".
1779
17802002-08-17 Werner Koch <wk@gnupg.org>
1781
1782 * cipher.c (setup_cipher_table): Don't overwrite the DES entry
1783 with the entry for DUMMY.
1784
17852002-08-14 Werner Koch <wk@gnupg.org>
1786
1787 * des.c (do_des_setkey,do_des_encrypt, do_des_decrypt): New.
1788 (_gcry_des_get_info): Support plain old DES.
1789 * cipher.c (setup_cipher_table): Put DES into the table.
1790
17912002-07-25 Werner Koch <wk@gnupg.org>
1792
1793 * rndunix.c (_gcry_rndunix_constructor): Prefixed with _gcry_.
1794 Noted by Stephan Austermuehle.
1795
17962002-07-08 Timo Schulz <ts@winpt.org>
1797
1798 * rndw32.c: Replaced the m_ memory functions with the real
1799 gcry_ functions. Renamed all g10_ prefixed functions to log_.
1800
18012002-06-12 Werner Koch <wk@gnupg.org>
1802
1803 * rsa.c (generate): Use e = 65537 for now.
1804
18052002-06-11 Werner Koch <wk@gnupg.org>
1806
1807 * pubkey.c (gcry_pk_get_keygrip): Allow a "protected-private-key".
1808
18092002-06-05 Timo Schulz <ts@winpt.org>
1810
1811 * cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt):
1812 Check that the input size is a multiple of the blocksize.
1813
18142002-05-23 Werner Koch <wk@gnupg.org>
1815
1816 * md.c (oid_table): Add an rsadsi OID for MD5.
1817
18182002-05-21 Werner Koch <wk@gnupg.org>
1819
1820 * primegen.c, elgamal.c, dsa.c (progress): Do not print anything
1821 by default. Pass an extra identifying string to the callback and
1822 reserved 2 argumenst for current and total counters. Changed the
1823 register function prototype.
1824
18252002-05-17 Werner Koch <wk@gnupg.org>
1826
1827 * rndegd.c (rndegd_constructor): Fixed name of register function
1828 and prefixed the function name with _gcry_.
1829 * rndw32.c (rndw32_constructor): Ditto.
1830 * tiger.c (tiger_constructor): Ditto.
1831
1832 * Makefile.am: Removed all dynamic loading stuff.
1833 * dynload.c: Ditto. Now only used for the constructor system.
1834
18352002-05-15 Werner Koch <wk@gnupg.org>
1836
1837 * random.c (gcry_random_bytes,gcry_random_bytes_secure)
1838 (gcry_randomize): Make sure we are initialized.
1839
18402002-05-14 Werner Koch <wk@gnupg.org>
1841
1842 Changed license of most files to the LGPL.
1843
18442002-05-02 Werner Koch <wk@gnupg.org>
1845
1846 * random.c (_gcry_fast_random_poll): Initialize the module so the
1847 mutex can be used.
1848
1849 * primegen.c (small_prime_numbers): Moved table from smallprime.c
1850 * smallprime.c: File removed.
1851
1852 * des.c (leftkey_swap, rightkey_swap, working_memcmp): Made static.
1853
1854 * cipher.c (gcry_cipher_map_name): Map "RIJNDAEL" to "AES".
1855 * rijndael.c (rijndael_get_info): We do only support a 128 bit
1856 blocksize so it makes sense to change the algorithm strings to
1857 AES.
1858
1859 * tiger.c (tiger_final): Removed superfluous token pasting operators.
1860 * md5.c (md5_final): Ditto.
1861
18622002-04-30 Werner Koch <wk@gnupg.org>
1863
1864 * cipher.c: Fixed list of copyright years.
1865
18662002-03-18 Werner Koch <wk@gnupg.org>
1867
1868 * random.c (initialize): Initialize the new pool lock mutex.
1869 (_gcry_fast_random_poll): Add locking and moved main
1870 code out to...
1871 (do_fast_random_poll): new function.
1872 (read_pool): Use the new function here.
1873 (get_random_bytes): Add locking.
1874 (_gcry_update_random_seed_file): Ditto.
1875
18762002-03-11 Werner Koch <wk@gnupg.org>
1877
1878 * md.c: Add rsaSignatureWithripemd160 to OID table.
1879
18802002-02-20 Werner Koch <wk@gnupg.org>
1881
1882 * sha1.c: Removed a left over comment note. The code has been
1883 rewritten from scratch in 1998. Thanks to Niels Möller for
1884 reporting this misleading comment.
1885
18862002-02-18 Werner Koch <wk@gnupg.org>
1887
1888 * rndunix.c (rndunix_constructor): Use the the new prefixed
1889 function name. Reported by Jordi Mallach.
1890
18912002-02-10 Werner Koch <wk@gnupg.org>
1892
1893 * random.c (mix_pool): Carry an extra failsafe_digest buffer
1894 around to make the function more robust.
1895
18962002-02-08 Werner Koch <wk@gnupg.org>
1897
1898 * random.c (add_randomness): Xor new data into the pool and not
1899 just copy it. This avoids any choosen input attacks which are not
1900 serious in our setting because an outsider won't be able to mix
1901 data in and even then we keep going with a PRNG. Thanks to Stefan
1902 Keller for pointing this out.
1903
19042002-01-04 Werner Koch <wk@gnupg.org>
1905
1906 * pubkey.c (gcry_pk_genkey): Do not release skey - it is static.
1907
1908 * primegen.c (gen_prime): Of course we should use set_bit
1909 and not set_highbit to set the second high bit.
1910
19112001-12-18 Werner Koch <wk@gnupg.org>
1912
1913 * rsa.c (generate): Loop until we find the exact modulus size.
1914 Changed the exponent to 41.
1915 (rsa_get_info): s/usage/r_usage/ to avoid shadow warnings.
1916 * primegen.c (gen_prime): Set 2 high order bits for secret primes.
1917
1918 * Makefile.am (DISTCLEANFILES): Include construct.c.
1919
19202001-12-17 Werner Koch <wk@gnupg.org>
1921
1922 * pubkey.c (gcry_pk_get_keygrip): New - experimental.
1923
19242001-12-11 Werner Koch <wk@gnupg.org>
1925
1926 * cipher.c: Added OIDs for AES.
1927 (gcry_cipher_mode_from_oid): New.
1928 (gcry_cipher_map_name): Moved OID search code to ..
1929 (search_oid): .. new function.
1930
19312001-12-10 Werner Koch <wk@gnupg.org>
1932
1933 * pubkey.c (gcry_pk_encrypt): Find the signature algorithm by name
1934 and not by number.
1935
1936 * pubkey.c (gcry_pk_encrypt,gcry_pk_decrypt,gcry_pk_sign)
1937 (gcry_pk_verify,gcry_pk_testkey, gcry_pk_genkey)
1938 (gcry_pk_get_nbits): Release the arrays. Noted by Nikos
1939 Mavroyanopoulos.
1940
19412001-12-06 Werner Koch <wk@gnupg.org>
1942
1943 * cipher.c (gcry_cipher_map_name): Look also for OIDs prefixed
1944 with "oid." or "OID.".
1945
19462001-12-05 Werner Koch <wk@gnupg.org>
1947
1948 * pubkey.c (algo_info_table): Fixed entry for openpgp-rsa.
1949
19502001-11-24 Werner Koch <wk@gnupg.org>
1951
1952 * pubkey.c: Added the rsaEncryption OID to the tables.
1953 (sexp_to_key): Add an arg to return the index of the algorithm,
1954 changed all callers.
1955 (gcry_pk_sign): Find the signature algorithm by name and not by
1956 number.
1957 (gcry_pk_get_nbits): Fixed so that we can now really pass a secret
1958 key to get the result.
1959
1960 * md.c (gcry_md_map_name): Look also for OIDs prefixed with "oid."
1961 or "OID." so that an OID string can be used as an S-Exp token.
1962
19632001-11-20 Werner Koch <wk@gnupg.org>
1964
1965 * md.c (gcry_md_map_name): Lookup by OID if the the name begins
1966 with a digit.
1967 (oid_table): New.
1968
19692001-11-16 Werner Koch <wk@gnupg.org>
1970
1971 * md.c (gcry_md_info): New operator GCRYCTL_IS_ALGO_ENABLED.
1972
19732001-11-07 Werner Koch <wk@gnupg.org>
1974
1975 * md.c (gcry_md_hash_buffer): Close the handle which was left open
1976 for algorithms other than rmd160.
1977
19782001-08-08 Werner Koch <wk@gnupg.org>
1979
1980 * rndw32.c (gather_random): Use toolhelp in addition to the NT
1981 gatherer for Windows2000. Suggested by Sami Tolvanen.
1982
1983 * random.c (read_pool): Fixed length check, this used to be one
1984 byte to strict. Made an assert out of it because the caller has
1985 already made sure that only poolsize bytes are requested.
1986 Reported by Marcus Brinkmann.
1987
19882001-08-03 Werner Koch <wk@gnupg.org>
1989
1990 * cipher.c (cipher_encrypt, cipher_decrypt): Prepare to return
1991 errors. We have to change the interface to all ciphers to make
1992 this really work but we should do so to prepare for hardware
1993 encryption modules.
1994 (gcry_cipher_encrypt, gcry_cipher_decrypt): Return the error and
1995 set lasterr.
1996 (gcry_cipher_ctl): Make sure that errors from setkey are returned.
1997
19982001-08-02 Werner Koch <wk@gnupg.org>
1999
2000 * rndlinux.c (gather_random): casted a size_t arg to int so that
2001 the format string is correct. Casting is okay here and avoids
2002 translation changes.
2003
2004 * random.c (fast_random_poll): Do not check the return code of
2005 getrusage.
2006
2007 * rndunix.c: Add a signal.h header to avoid warnings on Solaris 7
2008 and 8.
2009
2010 * tiger.c (print_abc,print_data): Removed.
2011
2012 * rijndael.c, des.c, blowfish.c, twofish.c, cast5.c, arcfour.c
2013 (burn_stack): New. Add wrappers for most functions to be able to
2014 call burn_stack after the function invocation. This methods seems
2015 to be the most portable way to zeroise the stack used. It does
2016 only work on stack frame based machines but it is highly portable
2017 and has no side effects. Just setting the automatic variables at
2018 the end of a function to zero does not work well because the
2019 compiler will optimize them away - marking them as volatile would
2020 be bad for performance.
2021 * md5.c, sha1.c, rmd160.c, tiger.c (burn_stack): Likewise.
2022 * random.c (burn_stack): New.
2023 (mix_pool): Use it here to burn the stack of the mixblock function.
2024
2025 * primegen.c (_gcry_generate_elg_prime): Freed q at 3 places.
2026 Thanks to Tommi Komulainen.
2027
2028 * arcfour.c (arcfour_setkey): Check the minimim keylength against
2029 bytes and not bits.
2030 (selftest): Must reset the key before decryption.
2031
20322001-05-31 Werner Koch <wk@gnupg.org>
2033
2034 * sha1.c (sha1_init): Made static.
2035
2036 Changed all g10_ prefixed function names as well as some mpi_
2037 function names to cope with the introduced naming changes.
2038
2039 * md.c (prepare_macpads): Made key const.
2040
20412001-05-28 Werner Koch <wk@gnupg.org>
2042
2043 * rndegd.c (gather_random): Removed the use of tty_printf.
2044
20452001-03-29 Werner Koch <wk@gnupg.org>
2046
2047 * md5.c (md5_final): Fixed calculation of hashed length. Thanks
2048 to disastry@saiknes.lv for pointing out that it was horrible wrong
2049 for more than 512MB of input.
2050 * sha1.c (sha1_final): Ditto.
2051 * rmd160.c (rmd160_final): Ditto.
2052 * tiger.c (tiger_final): Ditto.
2053
2054 * blowfish.c (encrypt,do_encrypt): Changed name to do_encrypt to
2055 avoid name clashes with an encrypt function in stdlib.h of
2056 Dynix/PIX. Thanks to Gene Carter.
2057 * elgamal.c (encrypt,do_encrypt): Ditto.
2058
2059 * twofish.c (gnupgext_enum_func): Use only when when compiled as a
2060 module.
2061 * rijndael.c (gnupgext_enum_func): Ditto.
2062
2063 * tiger.c (tiger_get_info): Return "TIGER192" and not just
2064 "TIGER". By Edwin Woudt.
2065
2066 * random.c: Always include time.h - standard requirement. Thanks
2067 to James Troup.
2068
2069 * rndw32.c: Fixes to the macros.
2070
20712001-01-11 Werner Koch <wk@gnupg.org>
2072
2073 * cipher.c (cipher_encrypt,gcry_cipher_encrypt): Use blocksize and
2074 not 8.
2075
20762000-12-19 Werner Koch <wk@gnupg.org>
2077
2078 Major change:
2079 Removed all GnuPG stuff and renamed this piece of software
2080 to gcrypt.
2081
20822000-11-14 Werner Koch <wk@gnupg.org>
2083
2084 * dsa.c (test_keys): Replaced mpi_alloc by gcry_mpi_new and
2085 mpi_free by gcry_mpi_release.
2086 * elgamal.c (test_keys,generate): Ditto, also for mpi_alloc_secure.
2087 * rsa.c (test_keys,generate,rsa_verify): Ditto.
2088 * primegen.c (generate_elg_prime): Ditto.
2089 (gen_prime): Ditto and removed nlimbs.
2090
2091 * rsa.c (generate): Allocate 2 more vars in secure memory.
2092
2093 * Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency
2094 problems.
2095
20962000-10-09 Werner Koch <wk@gnupg.org>
2097
2098 * arcfour.c, arcfour.h: New.
2099 * cipher.c (cipher_encrypt, cipher_decrypt): Add stream mode.
2100 (setup_cipher_table): Add Arcfour.
2101 (gcry_cipher_open): Kludge to allow stream mode.
2102
2103Wed Oct 4 13:16:18 CEST 2000 Werner Koch <wk@openit.de>
2104
2105 * sha1.c (transform): Use rol() macro. Actually this is not needed
2106 for a newer gcc but there are still aoter compilers.
2107
2108 * rsa.c (test_keys): Use new random function.
2109
2110 * md.c (gcry_md_setkey): New function to overcome problems with
2111 const conflics.
2112 (gcry_md_ctl): Pass set key to the new functions.
2113
2114 * rijndael.c: New.
2115 * cipher.c: Add Rijndael support.
2116
2117Mon Sep 18 16:35:45 CEST 2000 Werner Koch <wk@openit.de>
2118
2119 * rndlinux.c (open_device): Loose random device checking.
2120 By Nils Ellmenreich.
2121
2122 * random.c (fast_random_poll): Check ENOSYS for getrusage.
2123 * rndunix.c: Add 2 sources for QNX. By Sam Roberts.
2124
2125 * pubkey.c (gcry_pk_algo_info): Add GCRYCTL_GET_ALGO_USAGE.
2126
2127 * rsa.c: Changed the comment about the patent.
2128 (secret): Speed up by using the CRT. For a 2k keys this
2129 is about 3 times faster.
2130 (stronger_key_check): New but unused code to check the secret key.
2131 * Makefile.am: Included rsa.[ch].
2132 * pubkey.c: Enabled RSA support.
2133 (pubkey_get_npkey): Removed RSA workaround.
2134
2135Mon Jul 31 10:04:47 CEST 2000 Werner Koch <wk@openit.de>
2136
2137 * pubkey.c: Replaced all gcry_sexp_{car,cdr}_{data,mpi} by the new
2138 gcry_sexp_nth_{data,mpi} functions.
2139
2140Tue Jul 25 17:44:15 CEST 2000 Werner Koch <wk@openit.de>
2141
2142 * pubkey.c (exp_to_key,sexp_to_sig,sexp_to_enc,gcry_pk_encrypt,
2143 gcry_pk_decrypt,gcry_pk_sign,gcry_pk_genkey): Changed to work with
2144 the new S-Exp interface.
2145
2146Mon Jul 17 16:35:47 CEST 2000 Werner Koch <wk@>
2147
2148 * random.c (gather_faked): Replaced make_timestamp by time(2) again.
2149
2150Fri Jul 14 19:38:23 CEST 2000 Werner Koch <wk@>
2151
2152 * md.c (gcry_md_ctl): Support GCRYCTL_{START,STOP}_DUMP.
2153
2154 * Makefile.am: Never compile mingw32 as module.
2155
2156 * Makefile.am: Tweaked module build and removed libtool
2157
2158 * Makefile.am: Replaced -O1 by -O. Suggested by Alec Habig.
2159
2160 * elgamal.c (sign): Removed inactive code.
2161
2162 * rsa.c, rsa.h: New based on the old module version (only in CVS for now).
2163 * pubkey.c (setup_pubkey_table): Added commented support for RSA.
2164
2165 * rndunix.c (waitpid): New. For UTS 2.1. All by Dave Dykstra.
2166 (my_popen): Do the FD_CLOEXEC only if it is available
2167 (start_gatherer): Cope with missing _SC_OPEN_MAX
2168
2169 * rndunix.c: Add some more headers for QNX. By Sam Roberts.
2170
2171 * rndegd.c (gather_random): Shortcut level 0.
2172 * rndunix.c (gather_random): Ditto.
2173 * rndw32.c (gather_random): Ditto.
2174
2175 * rndw32.c: Replaced with code from Cryptlib and commented the old stuff.
2176 * rndw32.c: Add some debuging code enabled by an environment variable.
2177
2178 * random.c (read_seed_file): Binary open for DOSish system
2179 (update_random_seed_file): Ditto.
2180 * random.c [MINGW32]: Include process.h for getpid.
2181 * random.c (fast_random_poll): Add clock_gettime() as fallback for
2182 system which support this POSIX.4 fucntion. By Sam Roberts.
2183
2184 * random.c (read_seed_file): Removed the S_ISLNK test becuase it
2185 is already covered by !S_ISREG and is not defined in Unixware.
2186 Reported by Dave Dykstra.
2187 (update_random_seed_file): Silently ignore update request when pool
2188 is not filled.
2189
2190 * random.c (read_seed_file): New.
2191 (set_random_seed_file): New.
2192 (read_pool): Try to read the seeding file.
2193 (update_random_seed_file): New.
2194
2195 (read_pool): Do an initial extra seeding when level 2 quality random
2196 is requested the first time. This requestes at least POOLSIZE/2 bytes
2197 of entropy. Compined with the seeding file this should make normal
2198 random bytes cheaper and increase the quality of the random bytes
2199 used for key generation.
2200
2201 * random.c (read_pool): Print a more friendly error message in
2202 cases when too much random is requested in one call.
2203
2204 * random.c (fast_random_poll): Check whether RUSAGE_SELF is defined;
2205 this is not the case for some ESIX and Unixware, although they have
2206 getrusage().
2207
2208 * primegen.c (generate_elg_prime): All primes are now generated with
2209 the lowest random quality level. Because they are public anyway we
2210 don't need stronger random and by this we do not drain the systems
2211 entropy so much.
2212
2213 * primegen.c (register_primegen_progress): New.
2214 * dsa.c (register_pk_dsa_progress): New.
2215 * elgamal.c (register_pk_elg_progress): New.
2216
2217 * elgamal.c (wiener_map): New.
2218 (gen_k): Use a much smaller k.
2219 (generate): Calculate the qbits using the wiener map and
2220 choose an x at a size comparable to the one choosen in gen_k
2221
2222 * rmd160.c (rmd160_get_info): Moved casting to the left side due to a
2223 problem with UTS4.3. Suggested by Dave Dykstra.
2224 * sha1.c (sha1_get_info): Ditto.
2225 * tiger.c (tiger_get_info): Ditto.
2226 * md5.c (md5_get_info): Ditto
2227 * des.c (des_get_info): Ditto.
2228 * blowfish.c (blowfish_get_info): Ditto.
2229 * cast5.c (cast5_get_info): Ditto.
2230 * twofish.c (twofish_get_info): Ditto.
2231
2232Fri Mar 24 11:25:45 CET 2000 Werner Koch <wk@openit.de>
2233
2234 * md.c (md_open): Add hmac arg and allocate space for the pads.
2235 (md_finalize): Add HMAC support.
2236 (md_copy): Ditto.
2237 (md_close): Ditto.
2238 (gcry_md_reset): Ditto.
2239 (gcry_md_ctl): Ditto.
2240 (prepare_macpdas): New.
2241
2242Mon Mar 13 19:22:46 CET 2000 Werner Koch <wk@openit.de>
2243
2244 * md.c (gcry_md_hash_buffer): Add support for the other algorithms.
2245
2246Mon Jan 31 16:37:34 CET 2000 Werner Koch <wk@gnupg.de>
2247
2248 * genprime.c (generate_elg_prime): Fixed returned factors which never
2249 worked for non-DSA keys.
2250
2251Thu Jan 27 18:00:44 CET 2000 Werner Koch <wk@gnupg.de>
2252
2253 * pubkey.c (sexp_to_key): Fixed mem leaks in case of errors.
2254
2255Mon Jan 24 22:24:38 CET 2000 Werner Koch <wk@gnupg.de>
2256
2257 * pubkey.c (gcry_pk_decrypt): Implemented.
2258 (gcry_pk_encrypt): Implemented.
2259 (gcry_pk_testkey): New.
2260 (gcry_pk_genkey): New.
2261 (pubkey_decrypt): Made static.
2262 (pubkey_encrypt): Ditto.
2263 (pubkey_check_secret_key): Ditto.
2264 (pubkey_generate): Ditto.
2265
2266Mon Jan 24 13:04:28 CET 2000 Werner Koch <wk@gnupg.de>
2267
2268 * pubkey.c (pubkey_nbits): Removed and replaced by ...
2269 (gcry_pk_get_nbits): this new one.
2270
2271Wed Dec 8 21:58:32 CET 1999 Werner Koch <wk@gnupg.de>
2272
2273 * dsa.c: s/mpi_powm/gcry_mpi_powm/g
2274 * elgamal.c: Ditto.
2275 * primegen.c: Ditto.
2276
2277 * : Replaced g10_opt_verbose by g10_log_verbosity().
2278
2279 * Makefile.am (INCLUDES): removed intl, add ../gcrypt
2280
2281Fri Nov 19 17:15:20 CET 1999 Werner Koch <wk@gnupg.de>
2282
2283 * dynload.c (cmp_filenames): New to replaced compare_filename() in
2284 module.
2285 (register_cipher_extension): Removed the tilde expansion stuff.
2286 * rndeg.c (my_make_filename): New.
2287
2288 * : Replaced header util.h by g10lib.h
2289
2290 * random.c (gather_faked): Replaced make_timestamp by time(2).
2291 Disabled wrning printed with tty_printf.
2292 * rndlinux.c (gather_random): Always use fprintf instead of tty_xxx;
2293 this should be replaced by a callback function.
2294
2295 * primegen.c (gen_prime): Use gcry_mpi_randomize.
2296 (is_prime): Ditto.
2297 * elgamal.c (test_keys): Ditto.
2298 * dsa.c (test_keys): Ditto.
2299
2300 * cipher.c (gcry_cipher_close): Die on invalid handle.
2301
2302Mon Nov 15 21:36:02 CET 1999 Werner Koch <wk@gnupg.de>
2303
2304 * elgamal.c (gen_k): Use the new random API.
2305 (generate): Ditto.
2306 * dsa.c (gen_k): Ditto.
2307 (generate): Ditto.
2308
2309Sat Nov 13 17:44:23 CET 1999 Werner Koch <wk@gnupg.de>
2310
2311 * pubkey.c (disable_pubkey_algo): Made static.
2312 (gcry_pk_ctl): New.
2313
2314 * random.c (get_random_bits): Renamed to ...
2315 (get_random_bytes): ... this and made static.
2316 (gcry_random_bytes): New.
2317 (gcry_random_bytes_secure): New.
2318 (randomize_buffer): Renamed to ...
2319 (gcry_randomize): ...this.
2320
2321 * md.c (gcry_md_hash_buffer): New.
2322
2323 * pubkey.c (gcry_pk_algo_info): 4 new commands.
2324 (pubkey_get_npkey): Made static.
2325 (pubkey_get_nskey): Made static.
2326 (pubkey_get_nsig): Made static.
2327 (pubkey_get_nenc): Made static.
2328
2329 * pubkey.c: Removed all G10ERR_xxx.
2330 * cipher.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_CIPHER_ALGO.
2331 * md.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_MD_ALGO.
2332 * cast5.c (cast_setkey): Changed errocodes to GCRYERR_xxx.
2333 * blowfish.c: Ditto.
2334 * des.c: Ditto.
2335 * twofish.c: Ditto.
2336 * dsa.c: Ditto.
2337 * elgamal.c: Ditto.
2338
2339 * g10c.c: Removed
2340
2341 * cipher.c (gcry_cipher_open): Replaced alloc functions and return NULL
2342 if we are out of core.
2343 * dynload.c: Replaced all memory allocation functions.
2344 * md.c: Ditto.
2345 * primegen.c: Ditto.
2346 * pubkey.c: Ditto.
2347 * random.c: Ditto.
2348 * rndw32.c: Ditto.
2349 * elgamal.c: Ditto.
2350 * dsa.c: Ditto.
2351
2352Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de>
2353
2354 * elgamal.c (sign): Hugh found strange code here. Replaced by BUG().
2355
2356 * cipher.c: Merged with gcrypt/symapi.c.
2357
2358 * pubkey.c (string_to_pubkey_algo): Renamed function to ...
2359 (gcry_pk_map_name): ... this.
2360 (pubkey_algo_to_string): Renamed function to ...
2361 (gcry_pk_algo_name): ... this.
2362 (gcry_pk_algo_info): New.
2363 * pubkey.c: Merged with gcrypt/pkapi.c.
2364
2365 * md.c (md_reset): Clear finalized; thanks to Ulf Moeller for
2366 fixing this bug.
2367
2368 * md.c: Merged with gcrypt/mdapi.c
2369
2370Wed Sep 15 14:39:59 CEST 1999 Michael Roth <mroth@nessie.de>
2371
2372 * des.c: Various speed improvements: One bit pre rotation
2373 trick after initial permutation (Richard Outerbridge).
2374 Finished test of SSLeay Tripple-DES patterns.
2375
2376Wed Sep 15 16:22:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2377
2378 * rndw32.c: New.
2379
2380Mon Sep 13 10:51:29 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2381
2382 * bithelp.h: New.
2383 * rmd160.h, sha1.h, md5.h: Use the rol macro from bithelp.h
2384
2385Tue Sep 7 16:23:36 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2386
2387 * Makefile.am: Fixed seds for latest egcc. By Ollivier Robert.
2388
2389Mon Sep 6 19:59:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2390
2391 * des.c (selftest): Add some testpattern
2392
2393Mon Aug 30 20:38:33 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2394
2395 * cipher.c (do_cbc_encrypt): Fixed serious bug occuring when not using
2396 in place encryption. Pointed out by Frank Stajano.
2397
2398Mon Jul 26 09:34:46 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2399
2400 * md5.c (md5_final): Fix for a SCO cpp bug.
2401
2402Thu Jul 15 10:15:35 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2403
2404 * elgamal.c (elg_check_secret_key,elg_encrypt
2405 elg_decrypt,elg_sign,elg_verify): Sanity check on the args.
2406 * dsa.c (dsa_check_secret_key,dsa_sign,dsa_verify): Ditto.
2407
2408 * pubkey.c (disable_pubkey_algo): New.
2409 (check_pubkey_algo2): Look at disabled algo table.
2410 * cipher.c (disable_cipher_algo): New.
2411 (check_cipher_algo): Look at disabled algo table.
2412
2413Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2414
2415 * Makefile.am: Support for libtool.
2416
2417Fri Jul 2 11:45:54 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2418
2419 * dsa.c (gen_k): Changed algorithm to consume less random bytes
2420 * elgamal.c (gen_k): Ditto.
2421
2422 * random.c (random_dump_stats): New.
2423
2424Thu Jul 1 12:47:31 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2425
2426 * primegen.c, elgamal.c, dsa.c (progess): New and replaced all
2427 fputc with a call to this function.
2428
2429Sat Jun 26 12:15:59 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2430
2431 * rndegd.c (do_write): s/ssize_t/int/ due to SunOS 4.1 probs.
2432
2433 * cipher.c (do_cbc_encrypt, do_cbc_decrypt): New.
2434
2435 * dynload.c (HAVE_DL_SHL_LOAD): Map hpux API to dlopen (Dave Dykstra).
2436 * Makefile.am (install-exec-hook): Removed.
2437
2438Sun May 23 14:20:22 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2439
2440 * cipher.c (setup_cipher_table): Enable Twofish
2441
2442 * random.c (fast_random_poll): Disable use of times() for mingw32.
2443
2444Mon May 17 21:54:43 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2445
2446 * dynload.c (register_internal_cipher_extension): Minor init fix.
2447
2448Tue May 4 15:47:53 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2449
2450 * primegen.c (gen_prime): Readded the Fermat test. Fixed the bug
2451 that we didn't correct for step when passing the prime to the
2452 Rabin-Miller test which led to bad performance (Stefan Keller).
2453 (check_prime): Add a first Fermat test.
2454
2455Sun Apr 18 10:11:28 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2456
2457 * cipher.c (cipher_setiv): Add ivlen arg, changed all callers.
2458
2459 * random.c (randomize_buffer): alway use secure memory because
2460 we can't use m_is_secure() on a statically allocated buffer.
2461
2462 * twofish.c: Replaced some macros by a loop to reduce text size.
2463 * Makefile.am (twofish): No more need for sed editing.
2464
2465Fri Apr 9 12:26:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2466
2467 * cipher.c (cipher_open): Reversed the changes for AUTO_CFB.
2468
2469 * blowfish.c: Dropped the Blowfish 160 mode.
2470 * cipher.c (cipher_open): Ditto.
2471 (setup_cipher_table): Ditto. And removed support of twofish128
2472
2473Wed Apr 7 20:51:39 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2474
2475 * random.c (get_random_bits): Can now handle requests > POOLSIZE
2476
2477 * cipher.c (cipher_open): Now uses standard CFB for automode if
2478 the blocksize is gt 8 (according to rfc2440).
2479
2480 * twofish.c: Applied Matthew Skala's patches for 256 bit key.
2481
2482Tue Apr 6 19:58:12 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
2483
2484 * random.c (get_random_bits): Can now handle requests > POOLSIZE
2485
2486 * cipher.c (cipher_open): Now uses standard CFB for automode if
2487 the blocksize is gt 8 (according to rfc2440).
2488
2489Sat Mar 20 11:44:21 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
2490
2491 * rndlinux.c (tty_printf) [IS_MODULE]: Removed.
2492
2493 * rndegd.c (gather_random): Some fixes.
2494
2495Wed Mar 17 13:09:03 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
2496
2497 * rndegd.c (do_read): New.
2498 (gather_random): Changed the implementation.
2499
2500Mon Mar 8 20:47:17 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
2501
2502 * dynload.c (DLSYM_NEEDS_UNDERSCORE): Renamed.
2503
2504Fri Feb 26 17:55:41 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
2505
2506 * md.c: Nearly a total rewrote.
2507
2508Wed Feb 24 11:07:27 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
2509
2510 * cipher.c (context): Fixed alignment
2511 * md.c: Ditto.
2512
2513 * rndegd.c: New
2514
2515Mon Feb 22 20:04:00 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
2516
2517 * rndegd.c: New.
2518
2519Wed Feb 10 17:15:39 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
2520
2521 * Makefile.am: Modules are now figured out by configure
2522 * construct.c: New. Generated by configure. Changed all modules
2523 to work with that.
2524 * sha1.h: Removed.
2525 * md5.h: Removed.
2526
2527 * twofish.c: Changed interface to allow Twofish/256
2528
2529 * rndunix.c (start_gatherer): Die on SIGPIPE.
2530
2531Wed Jan 20 18:59:49 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
2532
2533 * rndunix.c (gather_random): Fix to avoid infinite loop.
2534
2535Sun Jan 17 11:04:33 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
2536
2537 * des.c (is_weak_key): Replace system memcmp due to bugs
2538 in SunOS's memcmp.
2539 (des_get_info): Return error on failed selftest.
2540 * twofish.c (twofish_setkey): Return error on failed selftest or
2541 invalid keylength.
2542 * cast5.c (cast_setkey): Ditto.
2543 * blowfish.c (bf_setkey): Return error on failed selftest.
2544
2545Tue Jan 12 11:17:18 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
2546
2547 * random.c (random_is_faked): New.
2548
2549 * tiger.c: Only compile if we have the u64 type
2550
2551Sat Jan 9 16:02:23 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
2552
2553 * rndunix.c (gather_random): check for setuid.
2554
2555 * Makefile.am: Add a way to staically link random modules
2556
2557Thu Jan 7 18:00:58 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
2558
2559 * md.c (md_stop_debug): Do a flush first.
2560 (md_open): size of buffer now depends on the secure parameter
2561
2562Sun Jan 3 15:28:44 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
2563
2564 * rndunix.c (start_gatherer): Fixed stupid ==/= bug
2565
25661998-12-31 Geoff Keating <geoffk@ozemail.com.au>
2567
2568 * des.c (is_weak_key): Rewrite loop end condition.
2569
2570Tue Dec 29 14:41:47 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
2571
2572 * random.c: add unistd.h for getpid().
2573 (RAND_MAX): Fallback value for Sun.
2574
2575Wed Dec 23 17:12:24 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
2576
2577 * md.c (md_copy): Reset debug.
2578
2579Mon Dec 14 21:18:49 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
2580
2581 * random.c (read_random_source): Changed the interface to the
2582 random gathering function.
2583 (gather_faked): Use new interface.
2584 * dynload.c (dynload_getfnc_fast_random_poll): Ditto.
2585 (dynload_getfnc_gather_random): Ditto.
2586 * rndlinux.c (gather_random): Ditto.
2587 * rndunix.c (gather_random): Ditto.
2588
2589Sat Dec 12 18:40:32 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
2590
2591 * dynload.c (SYMBOL_VERSION): New to cope with system which needs
2592 underscores.
2593
2594 * rndunix.c: Rewrote large parts
2595
2596Thu Dec 10 20:15:36 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
2597
2598 * dynload.c (load_extension): increased needed verbosity level.
2599
2600 * random.c (fast_random_poll): Fallback to a default fast random
2601 poll function.
2602 (read_random_source): Always use the faked entroy gatherer if no
2603 gather module is available.
2604 * rndlinux.c (fast_poll): Removed.
2605 * rndunix.c (fast_poll): Removed.
2606
2607
2608Wed Nov 25 12:33:41 1998 Werner Koch (wk@isil.d.shuttle.de)
2609
2610 * rand-*.c: Removed.
2611 * rndlinux.c : New.
2612 * rndunix.c : New.
2613 * random.c : Restructured the interface to the gather modules.
2614 (intialize): Call constructor functions
2615 (read_radnom_source): Moved to here.
2616 * dynload.c (dynload_getfnc_gather_random): New.
2617 (dynload_getfnc_fast_random_poll): New.
2618 (register_internal_cipher_extension): New.
2619 (register_cipher_extension): Support of internal modules.
2620
2621Sun Nov 8 17:44:36 1998 Werner Koch (wk@isil.d.shuttle.de)
2622
2623 * rand-unix.c (read_random_source): Removed the assert.
2624
2625Mon Oct 19 18:34:30 1998 me,,, (wk@tobold)
2626
2627 * pubkey.c: Hack to allow us to give some info about RSA keys back.
2628
2629Thu Oct 15 11:47:57 1998 Werner Koch (wk@isil.d.shuttle.de)
2630
2631 * dynload.c: Support for DLD
2632
2633Wed Oct 14 12:13:07 1998 Werner Koch (wk@isil.d.shuttle.de)
2634
2635 * rand-unix.c: Now uses names from configure for /dev/random.
2636
26371998-10-10 SL Baur <steve@altair.xemacs.org>
2638
2639 * Makefile.am: fix sed -O substitutions to catch -O6, etc.
2640
2641Tue Oct 6 10:06:32 1998 Werner Koch (wk@isil.d.shuttle.de)
2642
2643 * rand-unix.c (HAVE_GETTIMEOFDAY): Fixed (was ..GETTIMEOFTIME :-)
2644 * rand-dummy.c (HAVE_GETTIMEOFDAY): Ditto.
2645
2646Mon Sep 28 13:23:09 1998 Werner Koch (wk@isil.d.shuttle.de)
2647
2648 * md.c (md_digest): New.
2649 (md_reset): New.
2650
2651Wed Sep 23 12:27:02 1998 Werner Koch (wk@isil.d.shuttle.de)
2652
2653 * tiger.c (TIGER_CONTEXT): moved "buf", so that it is 64 bit aligned.
2654
2655Mon Sep 21 06:22:53 1998 Werner Koch (wk@(none))
2656
2657 * des.c: Some patches from Michael.
2658
2659Thu Sep 17 19:00:06 1998 Werner Koch (wk@(none))
2660
2661 * des.c : New file from Michael Roth <mroth@nessie.de>
2662
2663Mon Sep 14 11:10:55 1998 Werner Koch (wk@(none))
2664
2665 * blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys.
2666
2667Mon Sep 14 09:19:25 1998 Werner Koch (wk@(none))
2668
2669 * dynload.c (RTLD_NOW): Now defined to 1 if it is undefined.
2670
2671Mon Sep 7 17:04:33 1998 Werner Koch (wk@(none))
2672
2673 * Makefile.am: Fixes to allow a different build directory
2674
2675Thu Aug 6 17:25:38 1998 Werner Koch,mobil,,, (wk@tobold)
2676
2677 * random.c (get_random_byte): Removed and changed all callers
2678 to use get_random_bits()
2679
2680Mon Jul 27 10:30:22 1998 Werner Koch (wk@(none))
2681
2682 * cipher.c : Support for other blocksizes
2683 (cipher_get_blocksize): New.
2684 * twofish.c: New.
2685 * Makefile.am: Add twofish module.
2686
2687Mon Jul 13 21:30:52 1998 Werner Koch (wk@isil.d.shuttle.de)
2688
2689 * random.c (read_pool): Simple alloc if secure_alloc is not set.
2690 (get_random_bits): Ditto.
2691
2692Thu Jul 9 13:01:14 1998 Werner Koch (wk@isil.d.shuttle.de)
2693
2694 * dynload.c (load_extension): Function now nbails out if
2695 the program is run setuid.
2696
2697Wed Jul 8 18:58:23 1998 Werner Koch (wk@isil.d.shuttle.de)
2698
2699 * rmd160.c (rmd160_hash_buffer): New.
2700
2701Thu Jul 2 10:50:30 1998 Werner Koch (wk@isil.d.shuttle.de)
2702
2703 * cipher.c (cipher_open): algos >=100 use standard CFB
2704
2705Thu Jun 25 11:18:25 1998 Werner Koch (wk@isil.d.shuttle.de)
2706
2707 * Makefile.am: Support for extensions
2708
2709Thu Jun 18 12:09:38 1998 Werner Koch (wk@isil.d.shuttle.de)
2710
2711 * random.c (mix_pool): simpler handling for level 0
2712
2713Mon Jun 15 14:40:48 1998 Werner Koch (wk@isil.d.shuttle.de)
2714
2715 * tiger.c: Removed from dist, will reappear as dynload module
2716
2717Sat Jun 13 14:16:57 1998 Werner Koch (wk@isil.d.shuttle.de)
2718
2719 * pubkey.c: Major changes to allow extensions. Changed the inteface
2720 of all public key ciphers and added the ability to load extensions
2721 on demand.
2722
2723 * misc.c: Removed.
2724
2725Wed Jun 10 07:52:08 1998 Werner Koch,mobil,,, (wk@tobold)
2726
2727 * dynload.c: New.
2728 * cipher.c: Major changes to allow extensions.
2729
2730Mon Jun 8 22:43:00 1998 Werner Koch (wk@isil.d.shuttle.de)
2731
2732 * cipher.c: Major internal chnages to support extensions.
2733 * blowfish.c (blowfish_get_info): New and made all internal
2734 functions static, changed heder.
2735 * cast5.c (cast5_get_info): Likewise.
2736
2737Mon Jun 8 12:27:52 1998 Werner Koch (wk@isil.d.shuttle.de)
2738
2739 * tiger.c (transform): Fix for big endian
2740
2741 * cipher.c (do_cfb_decrypt): Big endian fix.
2742
2743Fri May 22 07:30:39 1998 Werner Koch (wk@isil.d.shuttle.de)
2744
2745 * md.c (md_get_oid): Add a new one for TIGER.
2746
2747Thu May 21 13:24:52 1998 Werner Koch (wk@isil.d.shuttle.de)
2748
2749 * cipher.c: Add support for a dummy cipher
2750
2751Thu May 14 15:40:36 1998 Werner Koch (wk@isil.d.shuttle.de)
2752
2753 * rmd160.c (transform): fixed sigbus - I should better
2754 add Christian von Roques's new implemenation of rmd160_write.
2755
2756Fri May 8 18:07:44 1998 Werner Koch (wk@isil.d.shuttle.de)
2757
2758 * rand-internal.h, rand-unix.c, rand-w32.c, rand_dummy.c: New
2759 * random.c: Moved system specific functions to rand-****.c
2760
2761Fri May 8 14:01:17 1998 Werner Koch (wk@isil.d.shuttle.de)
2762
2763 * random.c (fast_random_poll): add call to gethrtime.
2764
2765Tue May 5 21:28:55 1998 Werner Koch (wk@isil.d.shuttle.de)
2766
2767 * elgamal.c (elg_generate): choosing x was not correct, could
2768 yield 6 bytes which are not from the random pool, tsss, tsss..
2769
2770Tue May 5 14:09:06 1998 Werner Koch (wk@isil.d.shuttle.de)
2771
2772 * primegen.c (generate_elg_prime): Add arg mode, changed all
2773 callers and implemented mode 1.
2774
2775Mon Apr 27 14:41:58 1998 Werner Koch (wk@isil.d.shuttle.de)
2776
2777 * cipher.c (cipher_get_keylen): New.
2778
2779Sun Apr 26 14:44:52 1998 Werner Koch (wk@isil.d.shuttle.de)
2780
2781 * tiger.c, tiger.h: New.
2782
2783Wed Apr 8 14:57:11 1998 Werner Koch (wk@isil.d.shuttle.de)
2784
2785 * misc.c (check_pubkey_algo2): New.
2786
2787Tue Apr 7 18:46:49 1998 Werner Koch (wk@isil.d.shuttle.de)
2788
2789 * cipher.c: New
2790 * misc.c (check_cipher_algo): Moved to cipher.c
2791 * cast5.c: Moved many functions to cipher.c
2792 * blowfish.c: Likewise.
2793
2794Sat Apr 4 19:52:08 1998 Werner Koch (wk@isil.d.shuttle.de)
2795
2796 * cast5.c: Implemented and tested.
2797
2798Wed Apr 1 16:38:27 1998 Werner Koch (wk@isil.d.shuttle.de)
2799
2800 * elgamal.c (elg_generate): Faster generation of x in some cases.
2801
2802Thu Mar 19 13:54:48 1998 Werner Koch (wk@isil.d.shuttle.de)
2803
2804 * blowfish.c (blowfish_decode_cfb): changed XOR operation
2805 (blowfish_encode_cfb): Ditto.
2806
2807Thu Mar 12 14:04:05 1998 Werner Koch (wk@isil.d.shuttle.de)
2808
2809 * sha1.c (transform): Rewrote
2810
2811 * blowfish.c (encrypt): Unrolled for rounds == 16
2812 (decrypt): Ditto.
2813
2814Tue Mar 10 16:32:08 1998 Werner Koch (wk@isil.d.shuttle.de)
2815
2816 * rmd160.c (transform): Unrolled the loop.
2817
2818Tue Mar 10 13:05:14 1998 Werner Koch (wk@isil.d.shuttle.de)
2819
2820 * random.c (read_pool): Add pool_balance stuff.
2821 (get_random_bits): New.
2822
2823 * elgamal.c (elg_generate): Now uses get_random_bits to generate x.
2824
2825
2826Tue Mar 10 11:33:51 1998 Werner Koch (wk@isil.d.shuttle.de)
2827
2828 * md.c (md_digest_length): New.
2829
2830Tue Mar 10 11:27:41 1998 Werner Koch (wk@isil.d.shuttle.de)
2831
2832 * dsa.c (dsa_verify): Works.
2833
2834Mon Mar 9 12:59:08 1998 Werner Koch (wk@isil.d.shuttle.de)
2835
2836 * dsa.c, dsa.h: Removed some unused code.
2837
2838Wed Mar 4 10:39:22 1998 Werner Koch (wk@isil.d.shuttle.de)
2839
2840 * md.c (md_open): Add call to fast_random_poll.
2841 blowfish.c (blowfish_setkey): Ditto.
2842
2843Tue Mar 3 13:32:54 1998 Werner Koch (wk@isil.d.shuttle.de)
2844
2845 * rmd160.c (rmd160_mixblock): New.
2846 * random.c: Restructured to start with a new RNG implementation.
2847 * random.h: New.
2848
2849Mon Mar 2 19:21:46 1998 Werner Koch (wk@isil.d.shuttle.de)
2850
2851 * gost.c, gost.h: Removed because they did only conatin trash.
2852
2853Sun Mar 1 16:42:29 1998 Werner Koch (wk@isil.d.shuttle.de)
2854
2855 * random.c (fill_buffer): removed error message if n == -1.
2856
2857Fri Feb 27 16:39:34 1998 Werner Koch (wk@isil.d.shuttle.de)
2858
2859 * md.c (md_enable): No init if called twice.
2860
2861Thu Feb 26 07:57:02 1998 Werner Koch (wk@isil.d.shuttle.de)
2862
2863 * primegen.c (generate_elg_prime): Changed the progress printing.
2864 (gen_prime): Ditto.
2865
2866Tue Feb 24 12:28:42 1998 Werner Koch (wk@isil.d.shuttle.de)
2867
2868 * md5.c, md.5 : Replaced by a modified version of md5.c from
2869 GNU textutils 1.22.
2870
2871Wed Feb 18 14:08:30 1998 Werner Koch (wk@isil.d.shuttle.de)
2872
2873 * md.c, md.h : New debugging support
2874
2875Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de)
2876
2877 * misc.c (cipher_algo_to_string): New
2878 (pubkey_algo_to_string): New.
2879 (digest_algo_to_string): New.
2880
2881
2882 Copyright 1998,1999,2000,2001,2002,2003,2005 Free Software Foundation, Inc.
2883
2884 This file is free software; as a special exception the author gives
2885 unlimited permission to copy and/or distribute it, with or without
2886 modifications, as long as this notice is preserved.
2887
2888 This file is distributed in the hope that it will be useful, but
2889 WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
2890 implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.am b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.am
new file mode 100755
index 0000000..6938d6e
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.am
@@ -0,0 +1,73 @@
1# Makefile for cipher modules
2# Copyright (C) 1998, 1999, 2000, 2001, 2002,
3# 2003 Free Software Foundation, Inc.
4#
5# This file is part of Libgcrypt.
6#
7# Libgcrypt is free software; you can redistribute it and/or modify
8# it under the terms of the GNU Lesser General Public License as
9# published by the Free Software Foundation; either version 2.1 of
10# the License, or (at your option) any later version.
11#
12# Libgcrypt is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15# GNU Lesser General Public License for more details.
16#
17# You should have received a copy of the GNU Lesser General Public
18# License along with this program; if not, write to the Free Software
19# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
20
21# Process this file with automake to produce Makefile.in
22
23EXTRA_DIST = Manifest
24INCLUDES = -I$(top_srcdir)/src
25
26noinst_LTLIBRARIES = libcipher.la
27
28GCRYPT_MODULES = @GCRYPT_CIPHERS@ @GCRYPT_PUBKEY_CIPHERS@ @GCRYPT_DIGESTS@ \
29 @GCRYPT_RANDOM@
30
31libcipher_la_DEPENDENCIES = $(GCRYPT_MODULES)
32libcipher_la_LIBADD = $(GCRYPT_MODULES)
33AM_CFLAGS = @GPG_ERROR_CFLAGS@
34
35libcipher_la_SOURCES = \
36cipher.c pubkey.c ac.c md.c \
37bithelp.h \
38primegen.c \
39random.c random.h \
40rand-internal.h \
41rmd.h
42
43EXTRA_libcipher_la_SOURCES = \
44arcfour.c \
45blowfish.c \
46cast5.c \
47crc.c \
48des.c \
49dsa.c \
50elgamal.c \
51md4.c \
52md5.c \
53rijndael.c \
54rmd160.c \
55rndlinux.c \
56rndegd.c \
57rndunix.c \
58rndw32.c \
59rsa.c \
60serpent.c \
61sha1.c \
62sha256.c \
63sha512.c \
64tiger.c \
65twofish.c \
66rfc2268.c
67
68# We need to lower the optimization for this module.
69tiger.o: $(srcdir)/tiger.c
70 `echo $(COMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' `
71
72tiger.lo: $(srcdir)/tiger.c
73 `echo $(LTCOMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' `
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.in b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.in
new file mode 100755
index 0000000..1832741
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.in
@@ -0,0 +1,554 @@
1# Makefile.in generated by automake 1.9.4 from Makefile.am.
2# @configure_input@
3
4# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
5# 2003, 2004 Free Software Foundation, Inc.
6# This Makefile.in is free software; the Free Software Foundation
7# gives unlimited permission to copy and/or distribute it,
8# with or without modifications, as long as this notice is preserved.
9
10# This program is distributed in the hope that it will be useful,
11# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
12# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13# PARTICULAR PURPOSE.
14
15@SET_MAKE@
16
17# Makefile for cipher modules
18# Copyright (C) 1998, 1999, 2000, 2001, 2002,
19# 2003 Free Software Foundation, Inc.
20#
21# This file is part of Libgcrypt.
22#
23# Libgcrypt is free software; you can redistribute it and/or modify
24# it under the terms of the GNU Lesser General Public License as
25# published by the Free Software Foundation; either version 2.1 of
26# the License, or (at your option) any later version.
27#
28# Libgcrypt is distributed in the hope that it will be useful,
29# but WITHOUT ANY WARRANTY; without even the implied warranty of
30# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
31# GNU Lesser General Public License for more details.
32#
33# You should have received a copy of the GNU Lesser General Public
34# License along with this program; if not, write to the Free Software
35# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
36
37# Process this file with automake to produce Makefile.in
38
39SOURCES = $(libcipher_la_SOURCES) $(EXTRA_libcipher_la_SOURCES)
40
41srcdir = @srcdir@
42top_srcdir = @top_srcdir@
43VPATH = @srcdir@
44pkgdatadir = $(datadir)/@PACKAGE@
45pkglibdir = $(libdir)/@PACKAGE@
46pkgincludedir = $(includedir)/@PACKAGE@
47top_builddir = ..
48am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
49INSTALL = @INSTALL@
50install_sh_DATA = $(install_sh) -c -m 644
51install_sh_PROGRAM = $(install_sh) -c
52install_sh_SCRIPT = $(install_sh) -c
53INSTALL_HEADER = $(INSTALL_DATA)
54transform = $(program_transform_name)
55NORMAL_INSTALL = :
56PRE_INSTALL = :
57POST_INSTALL = :
58NORMAL_UNINSTALL = :
59PRE_UNINSTALL = :
60POST_UNINSTALL = :
61build_triplet = @build@
62host_triplet = @host@
63target_triplet = @target@
64subdir = cipher
65DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ChangeLog
66ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
67am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
68 $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
69am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
70 $(ACLOCAL_M4)
71mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
72CONFIG_HEADER = $(top_builddir)/config.h
73CONFIG_CLEAN_FILES =
74LTLIBRARIES = $(noinst_LTLIBRARIES)
75am__DEPENDENCIES_1 =
76am_libcipher_la_OBJECTS = cipher.lo pubkey.lo ac.lo md.lo primegen.lo \
77 random.lo
78libcipher_la_OBJECTS = $(am_libcipher_la_OBJECTS)
79DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
80depcomp = $(SHELL) $(top_srcdir)/depcomp
81am__depfiles_maybe = depfiles
82COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
83 $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
84LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
85 $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
86 $(AM_CFLAGS) $(CFLAGS)
87CCLD = $(CC)
88LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
89 $(AM_LDFLAGS) $(LDFLAGS) -o $@
90SOURCES = $(libcipher_la_SOURCES) $(EXTRA_libcipher_la_SOURCES)
91DIST_SOURCES = $(libcipher_la_SOURCES) $(EXTRA_libcipher_la_SOURCES)
92ETAGS = etags
93CTAGS = ctags
94DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
95ACLOCAL = @ACLOCAL@
96AMDEP_FALSE = @AMDEP_FALSE@
97AMDEP_TRUE = @AMDEP_TRUE@
98AMTAR = @AMTAR@
99AR = @AR@
100AUTOCONF = @AUTOCONF@
101AUTOHEADER = @AUTOHEADER@
102AUTOMAKE = @AUTOMAKE@
103AWK = @AWK@
104CC = @CC@
105CCAS = @CCAS@
106CCASFLAGS = @CCASFLAGS@
107CCDEPMODE = @CCDEPMODE@
108CFLAGS = @CFLAGS@
109CPP = @CPP@
110CPPFLAGS = @CPPFLAGS@
111CROSS_COMPILING_FALSE = @CROSS_COMPILING_FALSE@
112CROSS_COMPILING_TRUE = @CROSS_COMPILING_TRUE@
113CXX = @CXX@
114CXXCPP = @CXXCPP@
115CXXDEPMODE = @CXXDEPMODE@
116CXXFLAGS = @CXXFLAGS@
117CYGPATH_W = @CYGPATH_W@
118DEFS = @DEFS@
119DEPDIR = @DEPDIR@
120ECHO = @ECHO@
121ECHO_C = @ECHO_C@
122ECHO_N = @ECHO_N@
123ECHO_T = @ECHO_T@
124EGREP = @EGREP@
125EXEEXT = @EXEEXT@
126F77 = @F77@
127FFLAGS = @FFLAGS@
128GCRYPT_CIPHERS = @GCRYPT_CIPHERS@
129GCRYPT_DIGESTS = @GCRYPT_DIGESTS@
130GCRYPT_PUBKEY_CIPHERS = @GCRYPT_PUBKEY_CIPHERS@
131GCRYPT_RANDOM = @GCRYPT_RANDOM@
132GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
133GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
134GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
135HAVE_LD_VERSION_SCRIPT_FALSE = @HAVE_LD_VERSION_SCRIPT_FALSE@
136HAVE_LD_VERSION_SCRIPT_TRUE = @HAVE_LD_VERSION_SCRIPT_TRUE@
137INSTALL_DATA = @INSTALL_DATA@
138INSTALL_PROGRAM = @INSTALL_PROGRAM@
139INSTALL_SCRIPT = @INSTALL_SCRIPT@
140INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
141LDFLAGS = @LDFLAGS@
142LIBGCRYPT_CIPHERS = @LIBGCRYPT_CIPHERS@
143LIBGCRYPT_CONFIG_API_VERSION = @LIBGCRYPT_CONFIG_API_VERSION@
144LIBGCRYPT_CONFIG_CFLAGS = @LIBGCRYPT_CONFIG_CFLAGS@
145LIBGCRYPT_CONFIG_LIBS = @LIBGCRYPT_CONFIG_LIBS@
146LIBGCRYPT_DIGESTS = @LIBGCRYPT_DIGESTS@
147LIBGCRYPT_LT_AGE = @LIBGCRYPT_LT_AGE@
148LIBGCRYPT_LT_CURRENT = @LIBGCRYPT_LT_CURRENT@
149LIBGCRYPT_LT_REVISION = @LIBGCRYPT_LT_REVISION@
150LIBGCRYPT_PUBKEY_CIPHERS = @LIBGCRYPT_PUBKEY_CIPHERS@
151LIBGCRYPT_THREAD_MODULES = @LIBGCRYPT_THREAD_MODULES@
152LIBOBJS = @LIBOBJS@
153LIBS = @LIBS@
154LIBTOOL = @LIBTOOL@
155LN_S = @LN_S@
156LTLIBOBJS = @LTLIBOBJS@
157MAINT = @MAINT@
158MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
159MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
160MAKEINFO = @MAKEINFO@
161MPI_MOD_LIST_LO = @MPI_MOD_LIST_LO@
162MPI_MOD_LIST_O = @MPI_MOD_LIST_O@
163MPI_SFLAGS = @MPI_SFLAGS@
164NOEXECSTACK_FLAGS = @NOEXECSTACK_FLAGS@
165OBJEXT = @OBJEXT@
166PACKAGE = @PACKAGE@
167PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
168PACKAGE_NAME = @PACKAGE_NAME@
169PACKAGE_STRING = @PACKAGE_STRING@
170PACKAGE_TARNAME = @PACKAGE_TARNAME@
171PACKAGE_VERSION = @PACKAGE_VERSION@
172PATH_SEPARATOR = @PATH_SEPARATOR@
173RANLIB = @RANLIB@
174SET_MAKE = @SET_MAKE@
175SHELL = @SHELL@
176STRIP = @STRIP@
177VERSION = @VERSION@
178ac_ct_AR = @ac_ct_AR@
179ac_ct_CC = @ac_ct_CC@
180ac_ct_CXX = @ac_ct_CXX@
181ac_ct_F77 = @ac_ct_F77@
182ac_ct_RANLIB = @ac_ct_RANLIB@
183ac_ct_STRIP = @ac_ct_STRIP@
184am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
185am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
186am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
187am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
188am__include = @am__include@
189am__leading_dot = @am__leading_dot@
190am__quote = @am__quote@
191am__tar = @am__tar@
192am__untar = @am__untar@
193bindir = @bindir@
194build = @build@
195build_alias = @build_alias@
196build_cpu = @build_cpu@
197build_os = @build_os@
198build_vendor = @build_vendor@
199datadir = @datadir@
200exec_prefix = @exec_prefix@
201host = @host@
202host_alias = @host_alias@
203host_cpu = @host_cpu@
204host_os = @host_os@
205host_vendor = @host_vendor@
206includedir = @includedir@
207infodir = @infodir@
208install_sh = @install_sh@
209libdir = @libdir@
210libexecdir = @libexecdir@
211localstatedir = @localstatedir@
212mandir = @mandir@
213mkdir_p = @mkdir_p@
214oldincludedir = @oldincludedir@
215prefix = @prefix@
216program_transform_name = @program_transform_name@
217sbindir = @sbindir@
218sharedstatedir = @sharedstatedir@
219sysconfdir = @sysconfdir@
220target = @target@
221target_alias = @target_alias@
222target_cpu = @target_cpu@
223target_os = @target_os@
224target_vendor = @target_vendor@
225EXTRA_DIST = Manifest
226INCLUDES = -I$(top_srcdir)/src
227noinst_LTLIBRARIES = libcipher.la
228GCRYPT_MODULES = @GCRYPT_CIPHERS@ @GCRYPT_PUBKEY_CIPHERS@ @GCRYPT_DIGESTS@ \
229 @GCRYPT_RANDOM@
230
231libcipher_la_DEPENDENCIES = $(GCRYPT_MODULES)
232libcipher_la_LIBADD = $(GCRYPT_MODULES)
233AM_CFLAGS = @GPG_ERROR_CFLAGS@
234libcipher_la_SOURCES = \
235cipher.c pubkey.c ac.c md.c \
236bithelp.h \
237primegen.c \
238random.c random.h \
239rand-internal.h \
240rmd.h
241
242EXTRA_libcipher_la_SOURCES = \
243arcfour.c \
244blowfish.c \
245cast5.c \
246crc.c \
247des.c \
248dsa.c \
249elgamal.c \
250md4.c \
251md5.c \
252rijndael.c \
253rmd160.c \
254rndlinux.c \
255rndegd.c \
256rndunix.c \
257rndw32.c \
258rsa.c \
259serpent.c \
260sha1.c \
261sha256.c \
262sha512.c \
263tiger.c \
264twofish.c \
265rfc2268.c
266
267all: all-am
268
269.SUFFIXES:
270.SUFFIXES: .c .lo .o .obj
271$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
272 @for dep in $?; do \
273 case '$(am__configure_deps)' in \
274 *$$dep*) \
275 cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
276 && exit 0; \
277 exit 1;; \
278 esac; \
279 done; \
280 echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu cipher/Makefile'; \
281 cd $(top_srcdir) && \
282 $(AUTOMAKE) --gnu cipher/Makefile
283.PRECIOUS: Makefile
284Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
285 @case '$?' in \
286 *config.status*) \
287 cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
288 *) \
289 echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
290 cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
291 esac;
292
293$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
294 cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
295
296$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
297 cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
298$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
299 cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
300
301clean-noinstLTLIBRARIES:
302 -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
303 @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
304 dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
305 test "$$dir" != "$$p" || dir=.; \
306 echo "rm -f \"$${dir}/so_locations\""; \
307 rm -f "$${dir}/so_locations"; \
308 done
309libcipher.la: $(libcipher_la_OBJECTS) $(libcipher_la_DEPENDENCIES)
310 $(LINK) $(libcipher_la_LDFLAGS) $(libcipher_la_OBJECTS) $(libcipher_la_LIBADD) $(LIBS)
311
312mostlyclean-compile:
313 -rm -f *.$(OBJEXT)
314
315distclean-compile:
316 -rm -f *.tab.c
317
318@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ac.Plo@am__quote@
319@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arcfour.Plo@am__quote@
320@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/blowfish.Plo@am__quote@
321@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cast5.Plo@am__quote@
322@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher.Plo@am__quote@
323@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crc.Plo@am__quote@
324@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/des.Plo@am__quote@
325@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsa.Plo@am__quote@
326@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/elgamal.Plo@am__quote@
327@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md.Plo@am__quote@
328@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md4.Plo@am__quote@
329@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Plo@am__quote@
330@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/primegen.Plo@am__quote@
331@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey.Plo@am__quote@
332@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random.Plo@am__quote@
333@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc2268.Plo@am__quote@
334@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rijndael.Plo@am__quote@
335@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rmd160.Plo@am__quote@
336@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndegd.Plo@am__quote@
337@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndlinux.Plo@am__quote@
338@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndunix.Plo@am__quote@
339@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndw32.Plo@am__quote@
340@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa.Plo@am__quote@
341@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/serpent.Plo@am__quote@
342@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1.Plo@am__quote@
343@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha256.Plo@am__quote@
344@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha512.Plo@am__quote@
345@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tiger.Plo@am__quote@
346@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/twofish.Plo@am__quote@
347
348.c.o:
349@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
350@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
351@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
352@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
353@am__fastdepCC_FALSE@ $(COMPILE) -c $<
354
355.c.obj:
356@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
357@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
358@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
359@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
360@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
361
362.c.lo:
363@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
364@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
365@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
366@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
367@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
368
369mostlyclean-libtool:
370 -rm -f *.lo
371
372clean-libtool:
373 -rm -rf .libs _libs
374
375distclean-libtool:
376 -rm -f libtool
377uninstall-info-am:
378
379ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
380 list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
381 unique=`for i in $$list; do \
382 if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
383 done | \
384 $(AWK) ' { files[$$0] = 1; } \
385 END { for (i in files) print i; }'`; \
386 mkid -fID $$unique
387tags: TAGS
388
389TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
390 $(TAGS_FILES) $(LISP)
391 tags=; \
392 here=`pwd`; \
393 list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
394 unique=`for i in $$list; do \
395 if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
396 done | \
397 $(AWK) ' { files[$$0] = 1; } \
398 END { for (i in files) print i; }'`; \
399 if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
400 test -n "$$unique" || unique=$$empty_fix; \
401 $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
402 $$tags $$unique; \
403 fi
404ctags: CTAGS
405CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
406 $(TAGS_FILES) $(LISP)
407 tags=; \
408 here=`pwd`; \
409 list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
410 unique=`for i in $$list; do \
411 if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
412 done | \
413 $(AWK) ' { files[$$0] = 1; } \
414 END { for (i in files) print i; }'`; \
415 test -z "$(CTAGS_ARGS)$$tags$$unique" \
416 || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
417 $$tags $$unique
418
419GTAGS:
420 here=`$(am__cd) $(top_builddir) && pwd` \
421 && cd $(top_srcdir) \
422 && gtags -i $(GTAGS_ARGS) $$here
423
424distclean-tags:
425 -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
426
427distdir: $(DISTFILES)
428 @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
429 topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
430 list='$(DISTFILES)'; for file in $$list; do \
431 case $$file in \
432 $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
433 $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
434 esac; \
435 if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
436 dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
437 if test "$$dir" != "$$file" && test "$$dir" != "."; then \
438 dir="/$$dir"; \
439 $(mkdir_p) "$(distdir)$$dir"; \
440 else \
441 dir=''; \
442 fi; \
443 if test -d $$d/$$file; then \
444 if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
445 cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
446 fi; \
447 cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
448 else \
449 test -f $(distdir)/$$file \
450 || cp -p $$d/$$file $(distdir)/$$file \
451 || exit 1; \
452 fi; \
453 done
454check-am: all-am
455check: check-am
456all-am: Makefile $(LTLIBRARIES)
457installdirs:
458install: install-am
459install-exec: install-exec-am
460install-data: install-data-am
461uninstall: uninstall-am
462
463install-am: all-am
464 @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
465
466installcheck: installcheck-am
467install-strip:
468 $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
469 install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
470 `test -z '$(STRIP)' || \
471 echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
472mostlyclean-generic:
473
474clean-generic:
475
476distclean-generic:
477 -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
478
479maintainer-clean-generic:
480 @echo "This command is intended for maintainers to use"
481 @echo "it deletes files that may require special tools to rebuild."
482clean: clean-am
483
484clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
485 mostlyclean-am
486
487distclean: distclean-am
488 -rm -rf ./$(DEPDIR)
489 -rm -f Makefile
490distclean-am: clean-am distclean-compile distclean-generic \
491 distclean-libtool distclean-tags
492
493dvi: dvi-am
494
495dvi-am:
496
497html: html-am
498
499info: info-am
500
501info-am:
502
503install-data-am:
504
505install-exec-am:
506
507install-info: install-info-am
508
509install-man:
510
511installcheck-am:
512
513maintainer-clean: maintainer-clean-am
514 -rm -rf ./$(DEPDIR)
515 -rm -f Makefile
516maintainer-clean-am: distclean-am maintainer-clean-generic
517
518mostlyclean: mostlyclean-am
519
520mostlyclean-am: mostlyclean-compile mostlyclean-generic \
521 mostlyclean-libtool
522
523pdf: pdf-am
524
525pdf-am:
526
527ps: ps-am
528
529ps-am:
530
531uninstall-am: uninstall-info-am
532
533.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
534 clean-libtool clean-noinstLTLIBRARIES ctags distclean \
535 distclean-compile distclean-generic distclean-libtool \
536 distclean-tags distdir dvi dvi-am html html-am info info-am \
537 install install-am install-data install-data-am install-exec \
538 install-exec-am install-info install-info-am install-man \
539 install-strip installcheck installcheck-am installdirs \
540 maintainer-clean maintainer-clean-generic mostlyclean \
541 mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
542 pdf pdf-am ps ps-am tags uninstall uninstall-am \
543 uninstall-info-am
544
545
546# We need to lower the optimization for this module.
547tiger.o: $(srcdir)/tiger.c
548 `echo $(COMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' `
549
550tiger.lo: $(srcdir)/tiger.c
551 `echo $(LTCOMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' `
552# Tell versions [3.59,3.63) of GNU make to not export all variables.
553# Otherwise a system limit (for SysV at least) may be exceeded.
554.NOEXPORT:
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Manifest b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Manifest
new file mode 100755
index 0000000..d827a52
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Manifest
@@ -0,0 +1,73 @@
1# Manifest - checksums of the cipher directory
2# Copyright 2003 Free Software Foundation, Inc.
3#
4# This file is part of Libgcrypt.
5#
6# Libgcrypt is free software; you can redistribute it and/or modify
7# it under the terms of the GNU Lesser general Public License as
8# published by the Free Software Foundation; either version 2.1 of
9# the License, or (at your option) any later version.
10#
11# Libgcrypt is distributed in the hope that it will be useful,
12# but WITHOUT ANY WARRANTY; without even the implied warranty of
13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14# GNU Lesser General Public License for more details.
15#
16# You should have received a copy of the GNU Lesser General Public
17# License along with this program; if not, write to the Free Software
18# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19
20# Checksums for all source files in this directory. Format is
21# filename, blanks, base-64 part of an OpenPGP detached signature
22# without the header lines. Blank lines and lines beginning with a
23# hash mark are ignored. A tool to process this file is available by
24# cvs -d :pserver:anoncvs@cvs.gnupg.org:/cvs/wk co misc-scripts/manifest-tool
25#
26# The special entry "$names$" holds a signature over all sorted
27# filenames excluding itself.
28
29
30# Algorithm API
31cipher.c iQCVAwUAQDzrVjEAnp832S/7AQIPDgP+OVJ/YNWY5m7c09EBbPAzL/WsGoj6wrBNMmkRlMOqTHeh+OOtjuFHt1f9uhfM2Nzl7sJ5+h4ryZKLEZmQPRMTZTnAqkvGdsrJWJnigUA9QwYdV0ONqC9C63gpuG465gO9TZVOqlQu/FTxSRuTQYUulkaBNG71n8nZEOusBVwV2YA==58xH
32pubkey.c iQCVAwUAP9XQ3jEAnp832S/7AQJ5UgQAyHfEBvPVJ8wTRg8c7ixS2GiVmIgwIo5tvQaiQJTPWASevvYrB+2Z2qa9cATyu50ACjLzbaquGBgPzjJV3dU/qttT1gCqRuN/LCNvXFe5qnIZezejc3RAadFNTw/pOTHq0wxD1Keg66ruei9R36Nba59pEQIWIBXTfubRft2hMYk==E09t
33ac.c iQCVAwUAQDzsOzEAnp832S/7AQJCBQP/WI6EV/dsR4rmha6RVhvkjZo17kQ8z6pIl5J3cXOvqEkIFeD2HYu3HHrWST5l7yXlffhpDkVHkfMih4ruK76q6Fm0dxZ98pO4C/dVtgimlvvcy/wOQjpzsE0fYAe1BYdg81LJ09X33vW5x6C29lunfKROO2tPlV5i8ffeoFvmMF8==j26g
34md.c iQCVAwUAP+NFGjEAnp832S/7AQJs8wP/Qdk0EAKsyr3O1/pmOSN8AG4rPKbd6KDTzvoBPAN4upFwKYY4hWwvy12Q3YU9DmECrzZkRCXHR7mljVQKs6B7CRZJKjFKmOELpcJDtKvu40vTs1bOH4k9iJYZpGgRA83nkQ+ELAcphAbCA+KIpVr2K4mCJAB0FhpC2uOQ50JHAko==BeF6
35primegen.c iQCVAwUAQDzsoDEAnp832S/7AQKYRwP/TqAQBm1rHTnF0HYE05PqXfWlOqa6EosqVpaOcs/OIW6PaqX0xH1UlrukK7jNOjK3xC4o1qNQ1UKzz2dvQaq1bMvNNizeavxAh10SJZc0hIc/ofc83IbjLh8SZVWQ67JxjsUd3DOXmSmhPZ+Pqd7cUIiw8fDoF+I9EZqy3COu1wY==1ebT
36
37# Algorithm implementations
38arcfour.c iQCVAwUAP9XR/TEAnp832S/7AQJcRwP6AlvYEx++fpT4mIYo0xRDqKEQeqMQvbaRhIg2eV74JxItpHa3q5YsYIl+n1yUz5g35JRWWXSWmAZBwO5wLKsHii4kRUhgrKWnSoQZoPpl49L5+N3R58ON3S0ru5lsBiEJEze3xplf2vqwrH9v1QHVD+gU7UTlfNqrIJoOUXN+1O4==Tq+x
39blowfish.c iQCVAwUAP9XTETEAnp832S/7AQJaEgQAgiqqfuO+zQtscgTB0rvOzVymIKjRKjYhFuLjVuc79G4z1RCAffvIn/YM2d7kt+Z/QF7zjcTAOgETCQL1XokpX2zz9HPAMi2tlDY5zsDufTNqj0n4WBL9nM7w6XAvsiwP1B3bqCTv9SjJV4KbxJ58vw1yQE+sqW74R/QIHFvC7mU==wZnX
40cast5.c iQCVAwUAP9XT6DEAnp832S/7AQJ3xgP/ehLjEN3GELGudbqeo91Xd+PqitHrkuBbtRIYX7Udd/fyXLN+h8rMJVyIQX2m+mpxbBxudVU3x8/DNT8B0ZHAwK6qqJmEBLLhEYPgIuF76i9LMrP1KqUPhAwRZ2OppjIIugBQ+rP74aD4eLyd/aKQHNuXML8QGWR6KwQShohXM5I==/BRh
41crc.c iQCVAwUAP7ouejEAnp832S/7AQIgwQQApg5Nm63tH5DQkbN+zPzMO9Ygoj3ukxfFTyTBPYSXYKMiTjEbESegaU40uN8jnz2vprcIQWcgZfzO4+opEJMcI35aPwzEk0vKOp0S/PrBLUY2rJfnDVkX5XgJFZa2Q7LLe826UEBzTVYW924utiCCe8oOaOEWVNpg1mqdknu3M9o==kz5D
42des.c iQCVAwUAQCN2oDEAnp832S/7AQL/jwP6Auoq6nZCDBjpgc9tDzuIRwa9DqyuM3gX94uvgEpUwdHszb2bG43dz03kVmcYxtj1MzXbyCeCZOwox0b2SKmLgxIbrNP6yGbzVdTj6592gDYuf/ZXmc1ZNJ1DDldcPQ0n9fXUipUPwyPaNWo3mSZaNcMKSWWzdK0J6ciG6nk7SWI==9k/t
43dsa.c iQCVAwUAP9XZHDEAnp832S/7AQLBRgP/XrBzTEYx5ccMj1MMb6sg37liEHdIyyy49zjvt6jUqxj4RuwVEN8S6v3u4q/QyJkHAi1E0EkREgENlyHW6PKWhYbcrd0vPIAN15yjnl2yqtrCrJImexUCoqJJewK0E4JOicGbabTil8MZjk+mbhEPnjJBqOkyP1w0i31pEDgE/8M==pC8s
44elgamal.c iQCVAwUAP9XbYzEAnp832S/7AQLXagQA3HrvspZfbTGgmUH0IqLQTJ0exUPxJv5DET2TvoIy62trDmMN6lTAj5P+a7jQ8udcu0w+mR2vXUHcxUpNA2PxLaMwGzNSY4zRDNe9r3SFTDrFm6m4y9Ko2e8XtEA+WF6P/XLpck4Jn7vMEDmVGPwkNd22kXFFE8dBGwG6i5Hk1Mk==oBUs
45md4.c iQCVAwUAP9h50DEAnp832S/7AQJhHgQAzNA/B6MWFDlCtPkIVaW8RpP1Eg0ZNMsy0s7SJkopOCBlu6CwXUOKe+8ppcSxhjYKh4i4uQr/QtfipYlBjzKJGnrafoF/NugXNCOHSTGT11TvK7mCiBuUMVgvZGAlOJImk6eTTfUjRrMfaXM/SWl8bdJ4ZpzdjEyVh89r7I5JrGk==x2UD
46md5.c iQCVAwUAP9h7LzEAnp832S/7AQJUGQP/c0cbf6WZXCzmjufHxiE9FAQBzTsA0WtaNqdFcHl7fhmikGtknlaED8n5a7eYd/C481UQW6Wgq/oZdsvgoPWPhG3fOCy2CFP9cZVXITuMSf0ucyZTFUJNO15fnZ+nDfsUv+JPdv1aSeRinAUtfAcSKfkSyR9BCPZvkx+tgU6cphU==Zv+h
47rijndael.c iQCVAwUAP9h9cTEAnp832S/7AQKF1AP+P2L/tPqDJRDg+/fwbOk8Ts0MNxnvvYEm3gE73TKuLt1S+B2+jkrZcKNvM5VGPnVMJbnS0lmIK04nmedHCOftGTOwhGulZAHHIaKGystT3Jql4iPws/JMgAjE7Fyxh5WZMtB9yEljKBpJ5XNqhrMvvxcHpnyP3+YzIXNwzk34V+c==dJ5k
48rmd160.c iQCVAwUAP9h+bTEAnp832S/7AQK1OgP+PNKF6Nzi6X93easVlksdLqKEsArCAw2QjGWDGyxTnbiJM55qAl9JxR1mn3V+oOL7izLLwTt6EYK9evhzfcxY5N5Mni85RAcsLPsuAfQDEzjI6GUWHtQUKPbM+BaorzfhQjYFSZyvum/dZYJ/WfiwwwhqqIKyVU2ZFSqA38YGC/c==9jdA
49rsa.c iQCVAwUAP9iHIzEAnp832S/7AQKAYwQAuWtnMte54QHN+Hij9t4sGuypXogajOb1vQQwGgS0fKsaBZsuSP2amze4o5diIvsQTsFQ4CzjvqoCVuBDoHM3xkSD8wGDizgvtCamAxkdbF7wmzldKFn8SpJqlVwWQMP6kk1IjXHEuYb4IDWGTbVMhfEu+eOlU8+PSK4IhZqNvt4==/3hp
50serpent.c iQCVAwUAP9h/VzEAnp832S/7AQLyCwP/d1zbmb7l/PriZNa9/Z7mo01XFe5MnAqCfIwhl9GjeaMszcoS37jECNq5nLvrTTFIIJpm3rvBePwiCG4Wwx1I18HCxaP198pcSaR+BLOJ3Aj52EZPrxtqlDKuFr38ZOP5giyUqUYVYGVdrz4kRMNWAZQK53GeJnGhXCnhxojLEgA==ck46
51sha1.c iQCVAwUAP9iATTEAnp832S/7AQKcSwQAwAs/HnNqho3lU1ZUgCPNt5P2/Brm6W21+wWWGKJkSrra/c4NYVKJGDDwlsFE0b9ln1uZt7bHReFkKXK3JnrKTmNVcx/Cy64iCMRNMhaM72Mqy7wWx5yHBAmMBxzFGnNQKbmeY52zeGih5HsNLSibc2pPuOViWo2JPJ5Ci/wIwl8==/wtO
52sha256.c iQCVAwUAP9iAtzEAnp832S/7AQJD2QP/UqvL0hhjG1wEFbGrdkV9tba1sMDXdnnK6X7HdLuRpVAgNiQiFf8JDmntd/dZ2Q71p4Uae2ctqve4WoEijPUZPjACnpuZfx0SEQL0lQBkwxzJp7lz9ujVtwQ2cM/aYexJkXcWgGcloJNLM3JbWPGIJnuYbr/IwJ6RQF9vgj0357o==UWO1
53sha512.c iQCVAwUAP9iBTDEAnp832S/7AQIPBAQA28CJSUQLiW0s2x9u8/OH2eKnxPjA4sZmb50WP7920Lem66P31C3BrOqwfBot4RLhjL+zh/+Uc4s3HPwApZuj9E4BxNMlqLv+Tqk++DAbdaOeYT4jeUt+mlhQQ6mH/RDsy32rZsNsGQ2bUGxazZmfG++PL3JyhawqCy00SUDr/o0==H+0X
54tiger.c iQCVAwUAP9iCfjEAnp832S/7AQKufwP/fryv3MqSOYY+90325DH7X3/CtekxeooN0scGsHX0fxBakWSMecTNrj33KPddLS46gU/S89zIc2N/Bw/7EVIAXVFA3/3Ip+OrFOuIMO4Py1sCdB8o2Y+5ygv8iXLcsXIq1O0av79i9g774V3uaXa2qN9ZnXe0AEhcy8FHJ2i/wro==5XVB
55twofish.c iQCVAwUAP9iD6TEAnp832S/7AQKUnQP/Rq8FaYeHTG7HbZuqAs9pbPitzjDbkdZddmInWR7NmevBkKvhsJALjVooc0KGQfo2lAAmy3Xi/4QQN8VPn51DVjDIgf7x+DQh/9TFJHMccxI9asUgi4+TNnmMqLU1k3N8S2PjyZ1sjeC8B79fKPpwCzj72WkqPkzZw3l2jArr+dU==NdJT
56rfc2268.c iQCVAwUAQCN+3jEAnp832S/7AQLv1gQA1hJh29hAjKi4uLSGxXvJ6cyYmPdmevdKrbLnuHZWtHe4xvCgy/nTdEojEpxgLp/hL/ogasuWRC1W16Wiz9ryxf7YR0uhZWayO/bQNagpfU5MIkJTLuKqqgpwYumCSQfOugXVAqcgEzj+13eeyJaFVrzwrNa67sh84nmbjOjNjvE==0zBq
57
58# Random number related
59random.c iQCVAwUAP7nsITEAnp832S/7AQK4SAQAtvfUgrtGOQ2PlxGMla0qJLPHjJacMwgq0ecusiI79elPdDsFfCCk6dK1Ug2kFbNm22nCGHNcUquqbX7noi7ZVQnmPBQXzyLNZd7GmrawRZfdlRerTUDBpSnR8V8ui/5+YYp627E7kKGC0hPSgqXFql6oBMIfno0LZwFJTjIevRY==L419
60random.h iQCVAwUAP7ovKDEAnp832S/7AQJ3bQQAjnPebnyTC7sphAv2I7uIz+yPgw1ZfbVhLv+OiWDlO9ish+fRyyMpy+HELBOgZjJdgRegqhlZC6qyns5arM/VglYi+PzvdLO3hIqHE/YFfpIFPz8wBrcmlqrYyd3CsGqcYsfjocXNttCBLeSWmoJ09ltKQH8yzJf3oAgN6X1yuc4==eNoU
61rand-internal.h iQCVAwUAP7ouvDEAnp832S/7AQLYnAQAhdI7ERoJVCkV8GiV7MjaUxv1WIL7iZ+jIOvVhv4fNyhCGCGoEtTjkyput/lj7Nsh3FXEqRhypGGrCLf47x/gua5n+BwffogxVyUDqiOyyGhNTPpe3fQcNBvbPCtco8yMK4GJO5G3BqzlPyN+BMeogLymyV6Sm1mvh5LZDyAFbfQ==tZSE
62rndlinux.c iQCVAwUAP9iPYTEAnp832S/7AQL6/AP/ZDrbOkVuB9qJ7sKeX1MImZEsz3mi0xPovJzaBtBU7a0idcUKrWYOvQFWRlLUeq0iCT6+h2l5bniP7q7hepzlKa+VPY9VWaQthqeJm2l5LN6QQ5PyMfBq04QuBncw9BJnCGmEyTLt3RxIXBAPdxmiVxtcRIFUqCBtQvoUXGLvemw==t37k
63rndegd.c iQCVAwUAP9iPRDEAnp832S/7AQImBQP/WHKg+hKXcm1pQvilzML0jZpwK5PAMM4uBnnPJNIXWOYBO6I/Xg9d/tPLg8NlmmtyQCo2Eu0ybDSt+8mu+dWveAys+0LTi0MIqeP9BMzCKz8dnWH6+S8huLXwTF3m0IrqM0JLb6b71GK9SOq6sWQ22yW5vf61hXP8kH9dhIaoMZs==FaHV
64rndunix.c iQCVAwUAP9iQlzEAnp832S/7AQL/KgQA29GnvcD4Xb5qjDMBgW9THEE4+4lfex/6k+Fh0IT61OLJsWVLJ7bJpRntburw4uQm4Tf7CO8vaiDFDYhKKrzXeOF1fmdpcL8hA+fNp9I/MUOc4e9kN9+YJ9wikVa0SZj1OBfhzgcFLd1xOtulkr3ii52HLF9vhrxzkgVwvD10Bi8==2cML
65rndw32.c iQCVAwUAP9iRKDEAnp832S/7AQIuaAQA3AJr3WqnxNDsWCIdvehf8Suotthj+laX8nJsvDfFhXPKcXDpsg0wTTXSnnKgyED53+uYiMDnVRsxeWAyhKwvx1MjjlaSMMjzbH6isWTH8FaWpLgrxEkXoPeNqYf5FXpdUkcUxGX2RkQeuX/cIfiHLNE9CV0usaF2jysjBX2iERY==EEnO
66
67# Helper
68bithelp.h iQCVAwUAP7ouPTEAnp832S/7AQKXggQAqjcgvihIF3WclOgw1JV2rbARw4ISIDRMFqdaNCqBRx6BwEz3UGsEIlz6+iR1sS/reqN61WvtjLb+D0+tujAkGrgQJhFLG85WtG2tB5UVoI3am1fpkwiRm+bR4rv0rGk0BYk81bC7+l4KrK9o5lVp4lCsrorlUKsd48lNmBHyAXM==mDDN
69rmd.h iQCVAwUAP7oumjEAnp832S/7AQJiJQP/V4bJwjZaYndJzV+KRnIDbl1koHuw+ZK5heMYVu8Qk4ylqv//BGyeRa3jZCcfPHI35q6HilCs2VBm8hiBMjHSqY/VPn2ZQ0yg/lt6qEvl7YjsLmyMICvjG+ncszHoq9pRvnF3vTnM18sPIioXLk8fskuM0XOCNBs0ARBAQjY9UGI==olUN
70
71# Configuration
72Makefile.am iQCVAwUAQCN33TEAnp832S/7AQKFJAQAz7BDkC814q+QiuE/jnutJHR5qlgbrm3ikGbQwdRzYUscst4bCCWy3uKL/sIPGLg+JQXtF5FnsQy3s4D9BOYhp72cA9ktYK65hhi4pNm/JQ0lXkZMNfk8Go5lNzKezlWwHvkMwRXR0Fep0wPdyeaKW5BfaW2ABvgep6Bp+hHEbyg==zSyi
73$names$ iQCVAwUAQCN3EDEAnp832S/7AQJXLAP8DvHTpm5DkTF35EmzeKpi9ie59AZcZanD19ir/e/7+PaQxr2riuLHDGwFKTju+dcvvBsqrygXOC378GXVWzIF2OZwS4EdDcJ+pgojo9UpsqpKsJHouY4Ugx5cQialxba462kUn8hcihSBnMyc4LzbJ5WQ4puQuqy544d2x94+2ms==G4Ls
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ac.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ac.c
new file mode 100755
index 0000000..4df98d8
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ac.c
@@ -0,0 +1,1396 @@
1/* ac.c - Alternative interface for asymmetric cryptography.
2 Copyright (C) 2003, 2004 Free Software Foundation, Inc.
3
4 This file is part of Libgcrypt.
5
6 Libgcrypt is free software; you can redistribute it and/or modify
7 it under the terms of the GNU Lesser general Public License as
8 published by the Free Software Foundation; either version 2.1 of
9 the License, or (at your option) any later version.
10
11 Libgcrypt is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public
17 License along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21#include <config.h>
22#include <assert.h>
23#include <errno.h>
24#include <stdlib.h>
25#include <string.h>
26#include <stdio.h>
27#include <stddef.h>
28
29#include "g10lib.h"
30#include "cipher.h"
31
32
33
34/* At the moment the ac interface is a wrapper around the pk
35 interface, but this might change somewhen in the future, depending
36 on how much people prefer the ac interface. */
37
38/* Mapping of flag numbers to the according strings as it is expected
39 for S-expressions. */
40struct number_string
41{
42 int number;
43 const char *string;
44} gcry_ac_flags[] =
45 {
46 { GCRY_AC_FLAG_NO_BLINDING, "no-blinding" },
47 { 0, NULL },
48 };
49
50/* The positions in this list correspond to the values contained in
51 the gcry_ac_key_type_t enumeration list. */
52static const char *ac_key_identifiers[] =
53 {
54 "private-key",
55 "public-key",
56 };
57
58/* These specifications are needed for key-pair generation; the caller
59 is allowed to pass additional, algorithm-specific `specs' to
60 gcry_ac_key_pair_generate. This list is used for decoding the
61 provided values according to the selected algorithm. */
62struct gcry_ac_key_generate_spec
63{
64 int algorithm; /* Algorithm for which this flag is
65 relevant. */
66 const char *name; /* Name of this flag. */
67 size_t offset; /* Offset in the cipher-specific spec
68 structure at which the MPI value
69 associated with this flag is to be
70 found. */
71} gcry_ac_key_generate_specs[] =
72 {
73 { GCRY_AC_RSA, "rsa-use-e", offsetof (gcry_ac_key_spec_rsa_t, e) },
74 { 0 },
75 };
76
77/* Handle structure. */
78struct gcry_ac_handle
79{
80 int algorithm; /* Algorithm ID associated with this
81 handle. */
82 const char *algorithm_name; /* Name of the algorithm. */
83 unsigned int flags; /* Flags, not used yet. */
84 gcry_module_t module; /* Reference to the algorithm
85 module. */
86};
87
88/* A named MPI value. */
89typedef struct gcry_ac_mpi
90{
91 const char *name; /* Name of MPI value. */
92 gcry_mpi_t mpi; /* MPI value. */
93 unsigned int flags; /* Flags. */
94} gcry_ac_mpi_t;
95
96/* A data set, that is simply a list of named MPI values. */
97struct gcry_ac_data
98{
99 gcry_ac_mpi_t *data; /* List of named values. */
100 unsigned int data_n; /* Number of values in DATA. */
101};
102
103/* The key in `native' ac form and as an S-expression. */
104struct gcry_ac_key
105{
106 gcry_ac_data_t data; /* Data in native ac structure. */
107 gcry_sexp_t data_sexp; /* Data as an S-expression. */
108 gcry_ac_key_type_t type; /* Type of the key. */
109};
110
111/* Two keys. */
112struct gcry_ac_key_pair
113{
114 gcry_ac_key_t public;
115 gcry_ac_key_t secret;
116};
117
118
119
120/*
121 * Primitive functions for the manipulation of `data sets'.
122 */
123
124/* Create a copy of the data set DATA and store it in DATA_CP. */
125static gcry_err_code_t
126gcry_ac_data_copy_internal (gcry_ac_data_t *data_cp, gcry_ac_data_t data)
127{
128 gcry_err_code_t err = GPG_ERR_NO_ERROR;
129 gcry_ac_data_t data_new;
130 void *p = NULL;
131 int i = 0;
132
133 /* Allocate data set. */
134 err = _gcry_malloc (sizeof (struct gcry_ac_data), 0, &p);
135 data_new = p;
136 if (! err)
137 data_new->data_n = data->data_n;
138
139 if (! err)
140 /* Allocate space for named MPIs. */
141 err = _gcry_malloc (sizeof (gcry_ac_mpi_t) * data->data_n, 0,
142 (void **) &data_new->data);
143
144 if (! err)
145 {
146 /* Copy named MPIs. */
147
148 for (i = 0; i < data_new->data_n && (! err); i++)
149 {
150 data_new->data[i].name = NULL;
151 data_new->data[i].mpi = NULL;
152
153 /* Name. */
154 data_new->data[i].name = gcry_strdup (data->data[i].name);
155 if (! data_new->data[i].name)
156 err = gpg_err_code_from_errno (errno);
157
158 if (! err)
159 {
160 /* MPI. */
161 data_new->data[i].mpi = gcry_mpi_copy (data->data[i].mpi);
162 if (! data_new->data[i].mpi)
163 err = gpg_err_code_from_errno (errno);
164 }
165 }
166 }
167
168 if (! err)
169 {
170 /* Copy out. */
171 *data_cp = data_new;
172 }
173 else
174 {
175 /* Deallocate resources. */
176 if (data_new)
177 {
178 if (data_new->data)
179 {
180 for (; i >= 0; i--)
181 {
182 if (data_new->data[i].name)
183 free ((void *) data_new->data[i].name);
184 if (data_new->data[i].mpi)
185 gcry_mpi_release (data_new->data[i].mpi);
186 }
187 gcry_free (data_new->data);
188 }
189 gcry_free (data_new);
190 }
191 }
192
193 return err;
194}
195
196
197
198/*
199 * Functions for converting data between the native ac and the
200 * S-expression structure.
201 */
202
203/* Extract the S-Expression DATA_SEXP into DATA under the control of
204 TYPE and NAME. This function assumes that S-Expressions are of the
205 following structure:
206
207 (IDENTIFIER <data to be ignored>
208 (ALGORITHM <list of named MPI values>))
209
210 IDENTIFIER is one of `private-key', `public-key', `enc-val',
211 `sig-val'; ALGORITHM is the name of the algorithm used. */
212static gcry_err_code_t
213gcry_ac_data_extract (const char *identifier, const char *algorithm,
214 gcry_sexp_t data_sexp, gcry_ac_data_t *data)
215{
216 gcry_err_code_t err = GPG_ERR_NO_ERROR;
217 gcry_sexp_t data_element_sexp = NULL;
218 gcry_sexp_t inner_data_sexp = NULL;
219 size_t inner_data_n;
220
221 const char *name;
222 size_t name_n;
223
224 gcry_mpi_t data_elem_mpi = NULL;
225 char *data_elem_name = NULL;
226
227 gcry_ac_data_t data_new = NULL;
228
229 int i = 0;
230
231 /* Verify that the S-expression contains the correct identifier. */
232 name = gcry_sexp_nth_data (data_sexp, 0, &name_n);
233 if (! name)
234 err = GPG_ERR_INTERNAL;
235 else if (strncmp (identifier, name, name_n))
236 err = GPG_ERR_INTERNAL;
237
238 if (! err)
239 {
240 /* Extract inner S-expression. */
241 inner_data_sexp = gcry_sexp_find_token (data_sexp, algorithm, 0);
242 if (! inner_data_sexp)
243 err = GPG_ERR_INTERNAL;
244 else
245 /* Count data elements, this includes the name of the
246 algorithm. */
247 inner_data_n = gcry_sexp_length (inner_data_sexp);
248 }
249
250 if (! err)
251 {
252 /* Allocate new data set. */
253 data_new = gcry_malloc (sizeof (struct gcry_ac_data));
254 if (! data_new)
255 err = gpg_err_code_from_errno (errno);
256 else
257 {
258 data_new->data = gcry_malloc (sizeof (gcry_ac_mpi_t)
259 * (inner_data_n - 1));
260 if (! data_new->data)
261 err = gpg_err_code_from_errno (errno);
262 }
263 }
264
265 if (! err)
266 {
267 /* Iterate through list of data elements and add them to the
268 data set. */
269
270 for (i = 1; i < inner_data_n; i++)
271 {
272 data_new->data[i - 1].name = NULL;
273 data_new->data[i - 1].mpi = NULL;
274
275 /* Get the S-expression of the named MPI, that contains the
276 name and the MPI value. */
277 data_element_sexp = gcry_sexp_nth (inner_data_sexp, i);
278 if (! data_element_sexp)
279 err = GPG_ERR_INTERNAL;
280
281 if (! err)
282 {
283 /* Extract the name. */
284 name = gcry_sexp_nth_data (data_element_sexp, 0, &name_n);
285 if (! name)
286 err = GPG_ERR_INTERNAL;
287 }
288
289 if (! err)
290 {
291 /* Extract the MPI value. */
292 data_elem_mpi = gcry_sexp_nth_mpi (data_element_sexp, 1,
293 GCRYMPI_FMT_USG);
294 if (! data_elem_mpi)
295 err = GPG_ERR_INTERNAL;
296 }
297
298 if (! err)
299 {
300 /* Duplicate the name. */
301 data_elem_name = gcry_malloc (name_n + 1);
302 if (! data_elem_name)
303
304 err = gpg_err_code_from_errno (errno);
305 else
306 {
307 strncpy (data_elem_name, name, name_n);
308 data_elem_name[name_n] = 0;
309 }
310 }
311
312 /* Done. */
313
314 if (data_element_sexp)
315 gcry_sexp_release (data_element_sexp);
316
317 if (! err)
318 {
319 data_new->data[i - 1].name = data_elem_name;
320 data_new->data[i - 1].mpi = data_elem_mpi;
321 }
322 else
323 break;
324 }
325 }
326
327 if (! err)
328 {
329 /* Copy out. */
330 data_new->data_n = inner_data_n - 1;
331 *data = data_new;
332 }
333 else
334 {
335 /* Deallocate resources. */
336
337 if (data_new)
338 {
339 if (data_new->data)
340 {
341 int j;
342
343 for (j = 0; j < i - 1; j++)
344 {
345 if (data_new->data[j].name)
346 gcry_free ((void *) data_new->data[j].name);
347 if (data_new->data[j].mpi)
348 gcry_mpi_release (data_new->data[j].mpi);
349 }
350
351 gcry_free (data_new->data);
352 }
353 gcry_free (data_new);
354 }
355 }
356
357 return err;
358}
359
360/* Construct an S-expression from the DATA and store it in
361 DATA_SEXP. The S-expression will be of the following structure:
362
363 (IDENTIFIER [(flags [...])]
364 (ALGORITHM <list of named MPI values>)) */
365static gcry_err_code_t
366gcry_ac_data_construct (const char *identifier, int include_flags,
367 unsigned int flags, const char *algorithm,
368 gcry_ac_data_t data, gcry_sexp_t *data_sexp)
369{
370 gcry_err_code_t err = GPG_ERR_NO_ERROR;
371 void **arg_list = NULL;
372
373 gcry_sexp_t data_sexp_new = NULL;
374
375 size_t data_format_n = 0;
376 char *data_format = NULL;
377
378 int i;
379
380 /* We build a list of arguments to pass to
381 gcry_sexp_build_array(). */
382 arg_list = gcry_malloc (sizeof (void *) * data->data_n);
383 if (! arg_list)
384 err = gpg_err_code_from_errno (errno);
385 else
386 /* Fill list with MPIs. */
387 for (i = 0; i < data->data_n; i++)
388 arg_list[i] = (void *) &data->data[i].mpi;
389
390 if (! err)
391 {
392 /* Calculate size of format string. */
393
394 data_format_n = (5 + (include_flags ? 7 : 0)
395 + strlen (identifier) + strlen (algorithm));
396
397 for (i = 0; i < data->data_n; i++)
398 {
399 /* Per-element sizes. */
400 data_format_n += 4 + strlen (data->data[i].name);
401 }
402
403 if (include_flags)
404 {
405 /* Add flags. */
406 for (i = 0; gcry_ac_flags[i].number; i++)
407 if (flags & gcry_ac_flags[i].number)
408 data_format_n += strlen (gcry_ac_flags[i].string) + 1;
409 }
410
411 /* Done. */
412 data_format = gcry_malloc (data_format_n);
413 if (! data_format)
414 err = gpg_err_code_from_errno (errno);
415 }
416
417 if (! err)
418 {
419 /* Construct the format string. */
420
421 *data_format = 0;
422 strcat (data_format, "(");
423 strcat (data_format, identifier);
424 if (include_flags)
425 {
426 strcat (data_format, "(flags");
427 for (i = 0; gcry_ac_flags[i].number; i++)
428 if (flags & gcry_ac_flags[i].number)
429 {
430 strcat (data_format, " ");
431 strcat (data_format, gcry_ac_flags[i].string);
432 }
433 strcat (data_format, ")");
434 }
435 strcat (data_format, "(");
436 strcat (data_format, algorithm);
437 for (i = 0; i < data->data_n; i++)
438 {
439 strcat (data_format, "(");
440 strcat (data_format, data->data[i].name);
441 strcat (data_format, "%m)");
442 }
443 strcat (data_format, "))");
444
445 /* Create final S-expression. */
446 err = gcry_sexp_build_array (&data_sexp_new, NULL,
447 data_format, arg_list);
448 }
449
450 if (err)
451 {
452 /* Deallocate resources. */
453
454 if (arg_list)
455 gcry_free (arg_list);
456 if (data_format)
457 gcry_free (data_format);
458 if (data_sexp_new)
459 gcry_sexp_release (data_sexp_new);
460 }
461
462 else
463 /* Copy-out. */
464 *data_sexp = data_sexp_new;
465
466 return err;
467}
468
469
470
471/*
472 * Functions for working with data sets.
473 */
474
475/* Creates a new, empty data set and stores it in DATA. */
476gcry_error_t
477gcry_ac_data_new (gcry_ac_data_t *data)
478{
479 gcry_err_code_t err = GPG_ERR_NO_ERROR;
480 gcry_ac_data_t data_new = NULL;
481
482 data_new = gcry_malloc (sizeof (struct gcry_ac_data));
483 if (! data_new)
484 err = gpg_err_code_from_errno (errno);
485
486 if (! err)
487 {
488 data_new->data = NULL;
489 data_new->data_n = 0;
490 *data = data_new;
491 }
492
493 return gcry_error (err);
494}
495
496/* Destroys the data set DATA. */
497void
498gcry_ac_data_destroy (gcry_ac_data_t data)
499{
500 int i;
501
502 for (i = 0; i < data->data_n; i++)
503 {
504 gcry_free ((void *) data->data[i].name);
505 gcry_mpi_release (data->data[i].mpi);
506 }
507 gcry_free (data->data);
508 gcry_free (data);
509}
510
511/* Add the value MPI to DATA with the label NAME. If FLAGS contains
512 GCRY_AC_FLAG_DATA_COPY, the data set will contain copies of NAME
513 and MPI. If FLAGS contains GCRY_AC_FLAG_DATA_DEALLOC or
514 GCRY_AC_FLAG_DATA_COPY, the values contained in the data set will
515 be deallocated when they are to be removed from the data set. */
516gcry_error_t
517gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags,
518 const char *name, gcry_mpi_t mpi)
519{
520 gcry_err_code_t err = GPG_ERR_NO_ERROR;
521 gcry_ac_mpi_t *ac_mpi = NULL;
522 gcry_mpi_t mpi_add = NULL;
523 char *name_add = NULL;
524 unsigned int i = 0;
525
526 if (flags & ~(GCRY_AC_FLAG_DEALLOC | GCRY_AC_FLAG_COPY))
527 err = GPG_ERR_INV_ARG;
528 else
529 {
530 if (flags & GCRY_AC_FLAG_COPY)
531 {
532 /* Create copies. */
533
534 name_add = gcry_strdup (name);
535 if (! name_add)
536 err = GPG_ERR_ENOMEM;
537 if (! err)
538 {
539 mpi_add = gcry_mpi_copy (mpi);
540 if (! mpi_add)
541 err = GPG_ERR_ENOMEM;
542 }
543 }
544 else
545 {
546 name_add = (char *) name;
547 mpi_add = mpi;
548 }
549
550 /* Search for existing entry. */
551 for (i = 0; (i < data->data_n) && (! ac_mpi); i++)
552 if (! strcmp (name, data->data[i].name))
553 ac_mpi = data->data + i;
554
555 if (ac_mpi)
556 {
557 /* An entry for NAME does already exist. */
558 if (ac_mpi->flags & GCRY_AC_FLAG_DEALLOC)
559 {
560 /* Deallocate old values. */
561 gcry_free ((char *) ac_mpi->name);
562 gcry_mpi_release (ac_mpi->mpi);
563 }
564 }
565 else
566 {
567 /* Create a new entry. */
568
569 gcry_ac_mpi_t *ac_mpis = NULL;
570
571 ac_mpis = realloc (data->data, sizeof (*data->data) * (data->data_n + 1));
572 if (! ac_mpis)
573 err = gpg_err_code_from_errno (errno);
574
575 if (data->data != ac_mpis)
576 data->data = ac_mpis;
577 ac_mpi = data->data + data->data_n;
578 data->data_n++;
579 }
580
581 ac_mpi->flags = flags;
582 ac_mpi->name = name_add;
583 ac_mpi->mpi = mpi_add;
584 }
585
586 return gcry_error (err);
587}
588
589/* Create a copy of the data set DATA and store it in DATA_CP. */
590gcry_error_t
591gcry_ac_data_copy (gcry_ac_data_t *data_cp, gcry_ac_data_t data)
592{
593 gcry_err_code_t err = GPG_ERR_NO_ERROR;
594
595 err = gcry_ac_data_copy_internal (data_cp, data);
596
597 return gcry_error (err);
598}
599
600/* Returns the number of named MPI values inside of the data set
601 DATA. */
602unsigned int
603gcry_ac_data_length (gcry_ac_data_t data)
604{
605 return data->data_n;
606}
607
608/* Store the value labelled with NAME found in DATA in MPI. If FLAGS
609 contains GCRY_AC_FLAG_COPY, store a copy of the MPI value contained
610 in the data set. MPI may be NULL. */
611gcry_error_t
612gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags,
613 const char *name, gcry_mpi_t *mpi)
614{
615 gcry_err_code_t err = GPG_ERR_NO_DATA;
616 gcry_mpi_t mpi_found = NULL;
617 unsigned int i = 0;
618
619 if (flags & ~(GCRY_AC_FLAG_COPY))
620 err = GPG_ERR_INV_ARG;
621 else
622 {
623 for (i = 0; i < data->data_n && (! mpi_found); i++)
624 if (! strcmp (data->data[i].name, name))
625 {
626 if (flags & GCRY_AC_FLAG_COPY)
627 {
628 mpi_found = gcry_mpi_copy (data->data[i].mpi);
629 if (! mpi_found)
630 err = GPG_ERR_ENOMEM;
631 }
632 else
633 mpi_found = data->data[i].mpi;
634
635 if (mpi_found)
636 err = GPG_ERR_NO_ERROR;
637 }
638 }
639
640 if (! err)
641 if (mpi)
642 *mpi = mpi_found;
643
644 return gcry_error (err);
645}
646
647/* Stores in NAME and MPI the named MPI value contained in the data
648 set DATA with the index IDX. If FLAGS contains GCRY_AC_FLAG_COPY,
649 store copies of the values contained in the data set. NAME or MPI
650 may be NULL. */
651gcry_error_t
652gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags, unsigned int idx,
653 const char **name, gcry_mpi_t *mpi)
654{
655 gcry_err_code_t err = GPG_ERR_NO_ERROR;
656 gcry_mpi_t mpi_return = NULL;
657 char *name_return = NULL;
658
659 if (flags & ~(GCRY_AC_FLAG_COPY))
660 err = GPG_ERR_INV_ARG;
661 else
662 {
663 if (idx < data->data_n)
664 {
665 if (flags & GCRY_AC_FLAG_COPY)
666 {
667 /* Return copies to the user. */
668 if (name)
669 name_return = gcry_strdup (data->data[idx].name);
670 if (mpi)
671 mpi_return = gcry_mpi_copy (data->data[idx].mpi);
672
673 if (! (name_return && mpi_return))
674 {
675 if (name_return)
676 free (name_return);
677 if (mpi_return)
678 gcry_mpi_release (mpi_return);
679 err = GPG_ERR_ENOMEM;
680 }
681 }
682 else
683 {
684 name_return = (char *) data->data[idx].name;
685 mpi_return = data->data[idx].mpi;
686 }
687 }
688 else
689 err = GPG_ERR_NO_DATA;
690 }
691
692 if (! err)
693 {
694 if (name)
695 *name = name_return;
696 if (mpi)
697 *mpi = mpi_return;
698 }
699
700 return gcry_error (err);
701}
702
703/* Destroys any values contained in the data set DATA. */
704void
705gcry_ac_data_clear (gcry_ac_data_t data)
706{
707 gcry_free (data->data);
708 data->data = NULL;
709 data->data_n = 0;
710}
711
712
713
714/*
715 * Handle management.
716 */
717
718/* Creates a new handle for the algorithm ALGORITHM and store it in
719 HANDLE. FLAGS is not used yet. */
720gcry_error_t
721gcry_ac_open (gcry_ac_handle_t *handle,
722 gcry_ac_id_t algorithm, unsigned int flags)
723{
724 gcry_err_code_t err = GPG_ERR_NO_ERROR;
725 gcry_module_t module = NULL;
726 gcry_ac_handle_t handle_new;
727 const char *algorithm_name;
728
729 *handle = NULL;
730
731 /* Get name. */
732 algorithm_name = _gcry_pk_aliased_algo_name (algorithm);
733 if (! algorithm_name)
734 err = GPG_ERR_PUBKEY_ALGO;
735
736 if (! err) /* Acquire reference to the pubkey module. */
737 err = _gcry_pk_module_lookup (algorithm, &module);
738
739 if (! err)
740 {
741 /* Allocate. */
742 handle_new = gcry_malloc (sizeof (struct gcry_ac_handle));
743 if (! handle_new)
744 err = gpg_err_code_from_errno (errno);
745 }
746
747 if (! err)
748 {
749 /* Done. */
750 handle_new->algorithm = algorithm;
751 handle_new->algorithm_name = algorithm_name;
752 handle_new->flags = flags;
753 handle_new->module = module;
754 *handle = handle_new;
755 }
756 else
757 {
758 /* Deallocate resources. */
759 if (module)
760 _gcry_pk_module_release (module);
761 }
762
763 return gcry_error (err);
764}
765
766/* Destroys the handle HANDLE. */
767void
768gcry_ac_close (gcry_ac_handle_t handle)
769{
770 /* Release reference to pubkey module. */
771 if (handle)
772 {
773 _gcry_pk_module_release (handle->module);
774 gcry_free (handle);
775 }
776}
777
778
779
780/*
781 * Key management.
782 */
783
784/* Creates a new key of type TYPE, consisting of the MPI values
785 contained in the data set DATA and stores it in KEY. */
786gcry_error_t
787gcry_ac_key_init (gcry_ac_key_t *key,
788 gcry_ac_handle_t handle,
789 gcry_ac_key_type_t type,
790 gcry_ac_data_t data)
791{
792 gcry_err_code_t err = GPG_ERR_NO_ERROR;
793 gcry_ac_data_t data_new = NULL;
794 gcry_sexp_t data_sexp = NULL;
795 gcry_ac_key_t key_new = NULL;
796
797 /* Allocate. */
798 key_new = gcry_malloc (sizeof (struct gcry_ac_key));
799 if (! key_new)
800 err = gpg_err_code_from_errno (errno);
801
802 if (! err)
803 {
804 /* Create S-expression from data set. */
805 err = gcry_ac_data_construct (ac_key_identifiers[type], 0, 0,
806 handle->algorithm_name, data, &data_sexp);
807 }
808
809 if (! err)
810 {
811 /* Copy data set. */
812 err = gcry_ac_data_copy_internal (&data_new, data);
813 }
814
815 if (! err)
816 {
817 /* Done. */
818 key_new->data_sexp = data_sexp;
819 key_new->data = data_new;
820 key_new->type = type;
821 *key = key_new;
822 }
823 else
824 {
825 /* Deallocate resources. */
826 if (key_new)
827 gcry_free (key_new);
828 if (data_sexp)
829 gcry_sexp_release (data_sexp);
830 }
831
832 return gcry_error (err);
833}
834
835/* Generates a new key pair via the handle HANDLE of NBITS bits and
836 stores it in KEY_PAIR. In case non-standard settings are wanted, a
837 pointer to a structure of type gcry_ac_key_spec_<algorithm>_t,
838 matching the selected algorithm, can be given as KEY_SPEC.
839 MISC_DATA is not used yet. */
840gcry_error_t
841gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits, void *key_spec,
842 gcry_ac_key_pair_t *key_pair, gcry_mpi_t **misc_data)
843{
844 gcry_err_code_t err = GPG_ERR_NO_ERROR;
845
846 gcry_ac_key_pair_t key_pair_new = NULL;
847
848 gcry_sexp_t genkey_sexp_request = NULL;
849 gcry_sexp_t genkey_sexp_reply = NULL;
850
851 char *genkey_format = NULL;
852 size_t genkey_format_n = 0;
853
854 void **arg_list = NULL;
855 size_t arg_list_n = 0;
856
857 unsigned int i = 0;
858
859 /* Allocate key pair. */
860 key_pair_new = gcry_malloc (sizeof (struct gcry_ac_key_pair));
861 if (! key_pair_new)
862 err = gpg_err_code_from_errno (errno);
863
864 if (! err)
865 {
866 /* Allocate keys. */
867 key_pair_new->secret = gcry_malloc (sizeof (struct gcry_ac_key));
868 key_pair_new->public = gcry_malloc (sizeof (struct gcry_ac_key));
869
870 if (! (key_pair_new->secret || key_pair_new->public))
871 err = gpg_err_code_from_errno (errno);
872 else
873 {
874 key_pair_new->secret->type = GCRY_AC_KEY_SECRET;
875 key_pair_new->public->type = GCRY_AC_KEY_PUBLIC;
876 key_pair_new->secret->data_sexp = NULL;
877 key_pair_new->public->data_sexp = NULL;
878 key_pair_new->secret->data = NULL;
879 key_pair_new->public->data = NULL;
880 }
881 }
882
883 if (! err)
884 {
885 /* Calculate size of the format string, that is used for
886 creating the request S-expression. */
887 genkey_format_n = 23;
888
889 /* Respect any relevant algorithm specific commands. */
890 if (key_spec)
891 for (i = 0; gcry_ac_key_generate_specs[i].algorithm; i++)
892 if (handle->algorithm == gcry_ac_key_generate_specs[i].algorithm)
893 genkey_format_n += 6;
894
895 /* Create format string. */
896 genkey_format = gcry_malloc (genkey_format_n);
897 if (! genkey_format)
898 err = gpg_err_code_from_errno (errno);
899 else
900 {
901 /* Fill format string. */
902 *genkey_format = 0;
903 strcat (genkey_format, "(genkey(%s(nbits%d)");
904 if (key_spec)
905 for (i = 0; gcry_ac_key_generate_specs[i].algorithm; i++)
906 if (handle->algorithm == gcry_ac_key_generate_specs[i].algorithm)
907 strcat (genkey_format, "(%s%m)");
908 strcat (genkey_format, "))");
909 }
910 }
911
912 if (! err)
913 {
914 /* Build list of argument pointers, the algorithm name and the
915 nbits are needed always. */
916 arg_list_n = 2;
917
918 /* Now the algorithm specific arguments. */
919 if (key_spec)
920 for (i = 0; gcry_ac_key_generate_specs[i].algorithm; i++)
921 if (handle->algorithm == gcry_ac_key_generate_specs[i].algorithm)
922 arg_list_n += 2;
923
924 /* Allocate list. */
925 arg_list = gcry_malloc (sizeof (void *) * arg_list_n);
926 if (! arg_list)
927 err = gpg_err_code_from_errno (errno);
928 else
929 {
930 /* Fill argument list. */
931
932 int j;
933
934 arg_list[0] = (void *) &handle->algorithm_name;
935 arg_list[1] = (void *) &nbits;
936
937 if (key_spec)
938 for (j = 2, i = 0; gcry_ac_key_generate_specs[i].algorithm; i++)
939 if (handle->algorithm == gcry_ac_key_generate_specs[i].algorithm)
940 {
941 /* Add name of this specification flag and the
942 according member of the spec strucuture. */
943 arg_list[j++] = (void *)(&gcry_ac_key_generate_specs[i].name);
944 arg_list[j++] = (void *)
945 (((char *) key_spec)
946 + gcry_ac_key_generate_specs[i].offset);
947 }
948 }
949 }
950
951 if (! err)
952 /* Construct final request S-expression. */
953 err = gcry_err_code (gcry_sexp_build_array (&genkey_sexp_request, NULL,
954 genkey_format, arg_list));
955
956 if (! err)
957 /* Perform genkey operation. */
958 err = gcry_err_code (gcry_pk_genkey (&genkey_sexp_reply,
959 genkey_sexp_request));
960
961 /* Split keys. */
962 if (! err)
963 {
964 key_pair_new->secret->data_sexp = gcry_sexp_find_token (genkey_sexp_reply,
965 "private-key", 0);
966 if (! key_pair_new->secret->data_sexp)
967 err = GPG_ERR_INTERNAL;
968 }
969 if (! err)
970 {
971 key_pair_new->public->data_sexp = gcry_sexp_find_token (genkey_sexp_reply,
972 "public-key", 0);
973 if (! key_pair_new->public->data_sexp)
974 err = GPG_ERR_INTERNAL;
975 }
976
977 /* Extract key material. */
978 if (! err)
979 err = gcry_ac_data_extract ("private-key", handle->algorithm_name,
980 key_pair_new->secret->data_sexp,
981 &key_pair_new->secret->data);
982 if (! err)
983 err = gcry_ac_data_extract ("public-key", handle->algorithm_name,
984 key_pair_new->public->data_sexp,
985 &key_pair_new->public->data);
986
987 /* Done. */
988
989 if (! err)
990 *key_pair = key_pair_new;
991 else
992 {
993 /* Deallocate resources. */
994
995 if (key_pair_new)
996 {
997 if (key_pair_new->secret)
998 gcry_ac_key_destroy (key_pair_new->secret);
999 if (key_pair_new->public)
1000 gcry_ac_key_destroy (key_pair_new->public);
1001
1002 gcry_free (key_pair_new);
1003 }
1004
1005 if (arg_list)
1006 gcry_free (arg_list);
1007
1008 if (genkey_format)
1009 gcry_free (genkey_format);
1010
1011 if (genkey_sexp_request)
1012 gcry_sexp_release (genkey_sexp_request);
1013 if (genkey_sexp_reply)
1014 gcry_sexp_release (genkey_sexp_reply);
1015 }
1016
1017 return gcry_error (err);
1018}
1019
1020/* Returns the key of type WHICH out of the key pair KEY_PAIR. */
1021gcry_ac_key_t
1022gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair,
1023 gcry_ac_key_type_t witch)
1024{
1025 gcry_ac_key_t key = NULL;
1026
1027 switch (witch)
1028 {
1029 case GCRY_AC_KEY_SECRET:
1030 key = key_pair->secret;
1031 break;
1032
1033 case GCRY_AC_KEY_PUBLIC:
1034 key = key_pair->public;
1035 break;
1036 }
1037
1038 return key;
1039}
1040
1041/* Destroys the key KEY. */
1042void
1043gcry_ac_key_destroy (gcry_ac_key_t key)
1044{
1045 int i;
1046
1047 if (key)
1048 {
1049 if (key->data)
1050 {
1051 for (i = 0; i < key->data->data_n; i++)
1052 if (key->data->data[i].mpi != NULL)
1053 gcry_mpi_release (key->data->data[i].mpi);
1054 gcry_free (key->data);
1055 }
1056 if (key->data_sexp)
1057 gcry_sexp_release (key->data_sexp);
1058 gcry_free (key);
1059 }
1060}
1061
1062/* Destroys the key pair KEY_PAIR. */
1063void
1064gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair)
1065{
1066 if (key_pair)
1067 {
1068 gcry_ac_key_destroy (key_pair->secret);
1069 gcry_ac_key_destroy (key_pair->public);
1070 gcry_free (key_pair);
1071 }
1072}
1073
1074/* Returns the data set contained in the key KEY. */
1075gcry_ac_data_t
1076gcry_ac_key_data_get (gcry_ac_key_t key)
1077{
1078 return key->data;
1079}
1080
1081/* Verifies that the key KEY is sane via HANDLE. */
1082gcry_error_t
1083gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key)
1084{
1085 gcry_err_code_t err;
1086
1087 err = gcry_err_code (gcry_pk_testkey (key->data_sexp));
1088
1089 return gcry_error (err);
1090}
1091
1092/* Stores the number of bits of the key KEY in NBITS via HANDLE. */
1093gcry_error_t
1094gcry_ac_key_get_nbits (gcry_ac_handle_t handle, gcry_ac_key_t key, unsigned int *nbits)
1095{
1096 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1097 unsigned int n;
1098
1099 n = gcry_pk_get_nbits (key->data_sexp);
1100 if (n)
1101 *nbits = n;
1102 else
1103 err = GPG_ERR_PUBKEY_ALGO;
1104
1105 return gcry_error (err);
1106}
1107
1108/* Writes the 20 byte long key grip of the key KEY to KEY_GRIP via
1109 HANDLE. */
1110gcry_error_t
1111gcry_ac_key_get_grip (gcry_ac_handle_t handle, gcry_ac_key_t key, unsigned char *key_grip)
1112{
1113 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1114 unsigned char *ret;
1115
1116 ret = gcry_pk_get_keygrip (key->data_sexp, key_grip);
1117 if (! ret)
1118 err = GPG_ERR_INV_OBJ;
1119
1120 return gcry_error (err);
1121}
1122
1123
1124
1125/*
1126 * Functions performing cryptographic operations.
1127 */
1128
1129/* Encrypts the plain text MPI value DATA_PLAIN with the key public
1130 KEY under the control of the flags FLAGS and stores the resulting
1131 data set into DATA_ENCRYPTED. */
1132gcry_error_t
1133gcry_ac_data_encrypt (gcry_ac_handle_t handle,
1134 unsigned int flags,
1135 gcry_ac_key_t key,
1136 gcry_mpi_t data_plain,
1137 gcry_ac_data_t *data_encrypted)
1138{
1139 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1140 gcry_sexp_t sexp_request = NULL;
1141 gcry_sexp_t sexp_reply = NULL;
1142 char *request_format = NULL;
1143 size_t request_format_n = 0;
1144 gcry_ac_data_t data;
1145
1146 int i;
1147
1148 if (key->type != GCRY_AC_KEY_PUBLIC)
1149 err = GPG_ERR_WRONG_KEY_USAGE;
1150
1151 if (! err)
1152 {
1153 /* Calculate request format string. */
1154
1155 request_format_n += 23;
1156 for (i = 0; gcry_ac_flags[i].number; i++)
1157 if (flags & gcry_ac_flags[i].number)
1158 request_format_n += strlen (gcry_ac_flags[i].string) + 1;
1159
1160 /* Allocate request format string. */
1161 request_format = gcry_malloc (request_format_n);
1162 if (! request_format)
1163 err = gpg_err_code_from_errno (errno);
1164 }
1165
1166 if (! err)
1167 {
1168 /* Fill format string. */
1169 *request_format = 0;
1170 strcat (request_format, "(data(flags");
1171 for (i = 0; gcry_ac_flags[i].number; i++)
1172 if (flags & gcry_ac_flags[i].number)
1173 {
1174 strcat (request_format, " ");
1175 strcat (request_format, gcry_ac_flags[i].string);
1176 }
1177 strcat (request_format, ")(value%m))");
1178
1179 /* Create S-expression. */
1180 err = gcry_sexp_build (&sexp_request, NULL,
1181 request_format, data_plain);
1182 }
1183
1184 if (! err)
1185 /* Encrypt. */
1186 err = gcry_pk_encrypt (&sexp_reply, sexp_request, key->data_sexp);
1187
1188 if (! err)
1189 /* Extract data. */
1190 err = gcry_ac_data_extract ("enc-val", handle->algorithm_name,
1191 sexp_reply, &data);
1192
1193 /* Deallocate resources. */
1194
1195 if (sexp_request)
1196 gcry_sexp_release (sexp_request);
1197 if (sexp_reply)
1198 gcry_sexp_release (sexp_reply);
1199
1200 if (! err)
1201 /* Copy out. */
1202 *data_encrypted = data;
1203
1204 return gcry_error (err);
1205}
1206
1207/* Decrypts the encrypted data contained in the data set
1208 DATA_ENCRYPTED with the secret key KEY under the control of the
1209 flags FLAGS and stores the resulting plain text MPI value in
1210 DATA_PLAIN. */
1211gcry_error_t
1212gcry_ac_data_decrypt (gcry_ac_handle_t handle,
1213 unsigned int flags,
1214 gcry_ac_key_t key,
1215 gcry_mpi_t *data_plain,
1216 gcry_ac_data_t data_encrypted)
1217{
1218 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1219 gcry_mpi_t data_decrypted = NULL;
1220 gcry_sexp_t sexp_request = NULL;
1221 gcry_sexp_t sexp_reply = NULL;
1222
1223 if (key->type != GCRY_AC_KEY_SECRET)
1224 err = GPG_ERR_WRONG_KEY_USAGE;
1225
1226 if (! err)
1227 /* Create S-expression from data. */
1228 err = gcry_ac_data_construct ("enc-val", 1, flags, handle->algorithm_name,
1229 data_encrypted, &sexp_request);
1230
1231 if (! err)
1232 /* Decrypt. */
1233 err = gcry_pk_decrypt (&sexp_reply, sexp_request, key->data_sexp);
1234
1235 if (! err)
1236 {
1237 /* Extract plain text. */
1238
1239 gcry_sexp_t l;
1240
1241 l = gcry_sexp_find_token (sexp_reply, "value", 0);
1242 if (! l)
1243 err = GPG_ERR_GENERAL;
1244 else
1245 {
1246 data_decrypted = gcry_sexp_nth_mpi (l, 1, GCRYMPI_FMT_USG);
1247 if (! data_decrypted)
1248 err = GPG_ERR_GENERAL;
1249 gcry_sexp_release (l);
1250 }
1251 }
1252
1253 /* Done. */
1254
1255 if (err)
1256 {
1257 /* Deallocate resources. */
1258 if (sexp_request)
1259 gcry_sexp_release (sexp_request);
1260 if (sexp_reply)
1261 gcry_sexp_release (sexp_reply);
1262 }
1263 else
1264 *data_plain = data_decrypted;
1265
1266 return gcry_error (err);
1267
1268}
1269
1270/* Signs the data contained in DATA with the secret key KEY and stores
1271 the resulting signature data set in DATA_SIGNATURE. */
1272gcry_error_t
1273gcry_ac_data_sign (gcry_ac_handle_t handle,
1274 gcry_ac_key_t key,
1275 gcry_mpi_t data,
1276 gcry_ac_data_t *data_signature)
1277{
1278 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1279 gcry_sexp_t sexp_request = NULL;
1280 gcry_sexp_t sexp_reply = NULL;
1281 gcry_ac_data_t ac_data;
1282
1283 if (key->type != GCRY_AC_KEY_SECRET)
1284 err = GPG_ERR_WRONG_KEY_USAGE;
1285
1286 if (! err)
1287 /* Create S-expression holding the data. */
1288 err = gcry_sexp_build (&sexp_request, NULL,
1289 "(data(flags)(value%m))", data);
1290 if (! err)
1291 /* Sign. */
1292 err = gcry_pk_sign (&sexp_reply, sexp_request, key->data_sexp);
1293
1294 if (! err)
1295 /* Extract data. */
1296 err = gcry_ac_data_extract ("sig-val", handle->algorithm_name,
1297 sexp_reply, &ac_data);
1298
1299 /* Done. */
1300
1301 if (sexp_request)
1302 gcry_sexp_release (sexp_request);
1303 if (sexp_reply)
1304 gcry_sexp_release (sexp_reply);
1305
1306 if (! err)
1307 *data_signature = ac_data;
1308
1309 return gcry_error (err);
1310}
1311
1312/* Verifies that the signature contained in the data set
1313 DATA_SIGNATURE is indeed the result of signing the data contained
1314 in DATA with the secret key belonging to the public key KEY. */
1315gcry_error_t
1316gcry_ac_data_verify (gcry_ac_handle_t handle,
1317 gcry_ac_key_t key,
1318 gcry_mpi_t data,
1319 gcry_ac_data_t data_signature)
1320{
1321 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1322 gcry_sexp_t sexp_request = NULL;
1323 gcry_sexp_t sexp_data = NULL;
1324
1325 if (key->type != GCRY_AC_KEY_PUBLIC)
1326 err = GPG_ERR_WRONG_KEY_USAGE;
1327
1328 if (! err)
1329 /* Construct S-expression holding the signature data. */
1330 err = gcry_ac_data_construct ("sig-val", 1, 0, handle->algorithm_name,
1331 data_signature, &sexp_request);
1332
1333 if (! err)
1334 /* Construct S-expression holding the data. */
1335 err = gcry_sexp_build (&sexp_data, NULL,
1336 "(data(flags)(value%m))", data);
1337
1338 if (! err)
1339 /* Verify signature. */
1340 err = gcry_pk_verify (sexp_request, sexp_data, key->data_sexp);
1341
1342 /* Done. */
1343
1344 if (sexp_request)
1345 gcry_sexp_release (sexp_request);
1346 if (sexp_data)
1347 gcry_sexp_release (sexp_data);
1348
1349 return gcry_error (err);
1350}
1351
1352
1353
1354/*
1355 * General functions.
1356 */
1357
1358/* Stores the textual representation of the algorithm whose id is
1359 given in ALGORITHM in NAME. */
1360gcry_error_t
1361gcry_ac_id_to_name (gcry_ac_id_t algorithm, const char **name)
1362{
1363 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1364 const char *n;
1365
1366 n = gcry_pk_algo_name (algorithm);
1367 if (*n)
1368 *name = n;
1369 else
1370 err = GPG_ERR_PUBKEY_ALGO;
1371
1372 return gcry_error (err);
1373}
1374
1375/* Stores the numeric ID of the algorithm whose textual representation
1376 is contained in NAME in ALGORITHM. */
1377gcry_error_t
1378gcry_ac_name_to_id (const char *name, gcry_ac_id_t *algorithm)
1379{
1380 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1381 int algo;
1382
1383 algo = gcry_pk_map_name (name);
1384 if (algo)
1385 *algorithm = algo;
1386 else
1387 err = GPG_ERR_PUBKEY_ALGO;
1388
1389 return gcry_error (err);
1390}
1391
1392gcry_err_code_t
1393_gcry_ac_init (void)
1394{
1395 return 0;
1396}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/arcfour.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/arcfour.c
new file mode 100755
index 0000000..59da169
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/arcfour.c
@@ -0,0 +1,156 @@
1/* arcfour.c - The arcfour stream cipher
2 * Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 *
20 * For a description of the algorithm, see:
21 * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
22 * ISBN 0-471-11709-9. Pages 397 ff.
23 */
24
25
26#include <config.h>
27#include <stdio.h>
28#include <stdlib.h>
29#include <string.h>
30#include "types.h"
31#include "g10lib.h"
32#include "cipher.h"
33
34static const char *selftest(void);
35
36typedef struct {
37 int idx_i, idx_j;
38 byte sbox[256];
39} ARCFOUR_context;
40
41static void
42do_encrypt_stream( ARCFOUR_context *ctx,
43 byte *outbuf, const byte *inbuf, unsigned int length )
44{
45 register int i = ctx->idx_i;
46 register int j = ctx->idx_j;
47 register byte *sbox = ctx->sbox;
48 register int t;
49
50 while ( length-- )
51 {
52 i++;
53 i = i & 255; /* The and-op seems to be faster than the mod-op. */
54 j += sbox[i];
55 j &= 255;
56 t = sbox[i]; sbox[i] = sbox[j]; sbox[j] = t;
57 *outbuf++ = *inbuf++ ^ sbox[(sbox[i] + sbox[j]) & 255];
58 }
59
60 ctx->idx_i = i;
61 ctx->idx_j = j;
62}
63
64static void
65encrypt_stream (void *context,
66 byte *outbuf, const byte *inbuf, unsigned int length)
67{
68 ARCFOUR_context *ctx = (ARCFOUR_context *) context;
69 do_encrypt_stream (ctx, outbuf, inbuf, length );
70 _gcry_burn_stack (64);
71}
72
73
74static gcry_err_code_t
75do_arcfour_setkey (void *context, const byte *key, unsigned int keylen)
76{
77 static int initialized;
78 static const char* selftest_failed;
79 int i, j;
80 byte karr[256];
81 ARCFOUR_context *ctx = (ARCFOUR_context *) context;
82
83 if (!initialized )
84 {
85 initialized = 1;
86 selftest_failed = selftest();
87 if( selftest_failed )
88 log_error ("ARCFOUR selftest failed (%s)\n", selftest_failed );
89 }
90 if( selftest_failed )
91 return GPG_ERR_SELFTEST_FAILED;
92
93 if( keylen < 40/8 ) /* we want at least 40 bits */
94 return GPG_ERR_INV_KEYLEN;
95
96 ctx->idx_i = ctx->idx_j = 0;
97 for (i=0; i < 256; i++ )
98 ctx->sbox[i] = i;
99 for (i=0; i < 256; i++ )
100 karr[i] = key[i%keylen];
101 for (i=j=0; i < 256; i++ )
102 {
103 int t;
104 j = (j + ctx->sbox[i] + karr[i]) % 256;
105 t = ctx->sbox[i];
106 ctx->sbox[i] = ctx->sbox[j];
107 ctx->sbox[j] = t;
108 }
109 memset( karr, 0, 256 );
110
111 return GPG_ERR_NO_ERROR;
112}
113
114static gcry_err_code_t
115arcfour_setkey ( void *context, const byte *key, unsigned int keylen )
116{
117 ARCFOUR_context *ctx = (ARCFOUR_context *) context;
118 gcry_err_code_t rc = do_arcfour_setkey (ctx, key, keylen );
119 _gcry_burn_stack (300);
120 return rc;
121}
122
123
124static const char*
125selftest(void)
126{
127 ARCFOUR_context ctx;
128 byte scratch[16];
129
130 /* Test vector from Cryptlib labeled there: "from the
131 State/Commerce Department". */
132 static byte key_1[] =
133 { 0x61, 0x8A, 0x63, 0xD2, 0xFB };
134 static byte plaintext_1[] =
135 { 0xDC, 0xEE, 0x4C, 0xF9, 0x2C };
136 static const byte ciphertext_1[] =
137 { 0xF1, 0x38, 0x29, 0xC9, 0xDE };
138
139 arcfour_setkey( &ctx, key_1, sizeof(key_1));
140 encrypt_stream( &ctx, scratch, plaintext_1, sizeof(plaintext_1));
141 if ( memcmp (scratch, ciphertext_1, sizeof (ciphertext_1)))
142 return "Arcfour encryption test 1 failed.";
143 arcfour_setkey( &ctx, key_1, sizeof(key_1));
144 encrypt_stream(&ctx, scratch, scratch, sizeof(plaintext_1)); /* decrypt */
145 if ( memcmp (scratch, plaintext_1, sizeof (plaintext_1)))
146 return "Arcfour decryption test 1 failed.";
147 return NULL;
148}
149
150
151gcry_cipher_spec_t _gcry_cipher_spec_arcfour =
152 {
153 "ARCFOUR", NULL, NULL, 1, 128, sizeof (ARCFOUR_context),
154 arcfour_setkey, NULL, NULL, encrypt_stream, encrypt_stream,
155 };
156
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/bithelp.h b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/bithelp.h
new file mode 100755
index 0000000..8062b45
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/bithelp.h
@@ -0,0 +1,54 @@
1/* bithelp.h - Some bit manipulation helpers
2 * Copyright (C) 1999, 2002 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20#ifndef G10_BITHELP_H
21#define G10_BITHELP_H
22
23
24/****************
25 * Rotate the 32 bit unsigned integer X by N bits left/right
26 */
27#if defined(__GNUC__) && defined(__i386__)
28static inline u32
29rol( u32 x, int n)
30{
31 __asm__("roll %%cl,%0"
32 :"=r" (x)
33 :"0" (x),"c" (n));
34 return x;
35}
36#else
37#define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
38#endif
39
40#if defined(__GNUC__) && defined(__i386__)
41static inline u32
42ror(u32 x, int n)
43{
44 __asm__("rorl %%cl,%0"
45 :"=r" (x)
46 :"0" (x),"c" (n));
47 return x;
48}
49#else
50#define ror(x,n) ( ((x) >> (n)) | ((x) << (32-(n))) )
51#endif
52
53
54#endif /*G10_BITHELP_H*/
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/blowfish.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/blowfish.c
new file mode 100755
index 0000000..32bc070
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/blowfish.c
@@ -0,0 +1,606 @@
1/* blowfish.c - Blowfish encryption
2 * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 *
20 * For a description of the algorithm, see:
21 * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
22 * ISBN 0-471-11709-9. Pages 336 ff.
23 */
24
25/* Test values:
26 * key "abcdefghijklmnopqrstuvwxyz";
27 * plain "BLOWFISH"
28 * cipher 32 4E D0 FE F4 13 A2 03
29 *
30 */
31
32#include <config.h>
33#include <stdio.h>
34#include <stdlib.h>
35#include <string.h>
36#include <assert.h>
37#include "types.h"
38#include "g10lib.h"
39#include "cipher.h"
40
41#define BLOWFISH_BLOCKSIZE 8
42#define BLOWFISH_ROUNDS 16
43
44typedef struct {
45 u32 s0[256];
46 u32 s1[256];
47 u32 s2[256];
48 u32 s3[256];
49 u32 p[BLOWFISH_ROUNDS+2];
50} BLOWFISH_context;
51
52static gcry_err_code_t bf_setkey (void *c, const byte *key, unsigned keylen);
53static void encrypt_block (void *bc, byte *outbuf, const byte *inbuf);
54static void decrypt_block (void *bc, byte *outbuf, const byte *inbuf);
55
56
57/* precomputed S boxes */
58static const u32 ks0[256] = {
59 0xD1310BA6,0x98DFB5AC,0x2FFD72DB,0xD01ADFB7,0xB8E1AFED,0x6A267E96,
60 0xBA7C9045,0xF12C7F99,0x24A19947,0xB3916CF7,0x0801F2E2,0x858EFC16,
61 0x636920D8,0x71574E69,0xA458FEA3,0xF4933D7E,0x0D95748F,0x728EB658,
62 0x718BCD58,0x82154AEE,0x7B54A41D,0xC25A59B5,0x9C30D539,0x2AF26013,
63 0xC5D1B023,0x286085F0,0xCA417918,0xB8DB38EF,0x8E79DCB0,0x603A180E,
64 0x6C9E0E8B,0xB01E8A3E,0xD71577C1,0xBD314B27,0x78AF2FDA,0x55605C60,
65 0xE65525F3,0xAA55AB94,0x57489862,0x63E81440,0x55CA396A,0x2AAB10B6,
66 0xB4CC5C34,0x1141E8CE,0xA15486AF,0x7C72E993,0xB3EE1411,0x636FBC2A,
67 0x2BA9C55D,0x741831F6,0xCE5C3E16,0x9B87931E,0xAFD6BA33,0x6C24CF5C,
68 0x7A325381,0x28958677,0x3B8F4898,0x6B4BB9AF,0xC4BFE81B,0x66282193,
69 0x61D809CC,0xFB21A991,0x487CAC60,0x5DEC8032,0xEF845D5D,0xE98575B1,
70 0xDC262302,0xEB651B88,0x23893E81,0xD396ACC5,0x0F6D6FF3,0x83F44239,
71 0x2E0B4482,0xA4842004,0x69C8F04A,0x9E1F9B5E,0x21C66842,0xF6E96C9A,
72 0x670C9C61,0xABD388F0,0x6A51A0D2,0xD8542F68,0x960FA728,0xAB5133A3,
73 0x6EEF0B6C,0x137A3BE4,0xBA3BF050,0x7EFB2A98,0xA1F1651D,0x39AF0176,
74 0x66CA593E,0x82430E88,0x8CEE8619,0x456F9FB4,0x7D84A5C3,0x3B8B5EBE,
75 0xE06F75D8,0x85C12073,0x401A449F,0x56C16AA6,0x4ED3AA62,0x363F7706,
76 0x1BFEDF72,0x429B023D,0x37D0D724,0xD00A1248,0xDB0FEAD3,0x49F1C09B,
77 0x075372C9,0x80991B7B,0x25D479D8,0xF6E8DEF7,0xE3FE501A,0xB6794C3B,
78 0x976CE0BD,0x04C006BA,0xC1A94FB6,0x409F60C4,0x5E5C9EC2,0x196A2463,
79 0x68FB6FAF,0x3E6C53B5,0x1339B2EB,0x3B52EC6F,0x6DFC511F,0x9B30952C,
80 0xCC814544,0xAF5EBD09,0xBEE3D004,0xDE334AFD,0x660F2807,0x192E4BB3,
81 0xC0CBA857,0x45C8740F,0xD20B5F39,0xB9D3FBDB,0x5579C0BD,0x1A60320A,
82 0xD6A100C6,0x402C7279,0x679F25FE,0xFB1FA3CC,0x8EA5E9F8,0xDB3222F8,
83 0x3C7516DF,0xFD616B15,0x2F501EC8,0xAD0552AB,0x323DB5FA,0xFD238760,
84 0x53317B48,0x3E00DF82,0x9E5C57BB,0xCA6F8CA0,0x1A87562E,0xDF1769DB,
85 0xD542A8F6,0x287EFFC3,0xAC6732C6,0x8C4F5573,0x695B27B0,0xBBCA58C8,
86 0xE1FFA35D,0xB8F011A0,0x10FA3D98,0xFD2183B8,0x4AFCB56C,0x2DD1D35B,
87 0x9A53E479,0xB6F84565,0xD28E49BC,0x4BFB9790,0xE1DDF2DA,0xA4CB7E33,
88 0x62FB1341,0xCEE4C6E8,0xEF20CADA,0x36774C01,0xD07E9EFE,0x2BF11FB4,
89 0x95DBDA4D,0xAE909198,0xEAAD8E71,0x6B93D5A0,0xD08ED1D0,0xAFC725E0,
90 0x8E3C5B2F,0x8E7594B7,0x8FF6E2FB,0xF2122B64,0x8888B812,0x900DF01C,
91 0x4FAD5EA0,0x688FC31C,0xD1CFF191,0xB3A8C1AD,0x2F2F2218,0xBE0E1777,
92 0xEA752DFE,0x8B021FA1,0xE5A0CC0F,0xB56F74E8,0x18ACF3D6,0xCE89E299,
93 0xB4A84FE0,0xFD13E0B7,0x7CC43B81,0xD2ADA8D9,0x165FA266,0x80957705,
94 0x93CC7314,0x211A1477,0xE6AD2065,0x77B5FA86,0xC75442F5,0xFB9D35CF,
95 0xEBCDAF0C,0x7B3E89A0,0xD6411BD3,0xAE1E7E49,0x00250E2D,0x2071B35E,
96 0x226800BB,0x57B8E0AF,0x2464369B,0xF009B91E,0x5563911D,0x59DFA6AA,
97 0x78C14389,0xD95A537F,0x207D5BA2,0x02E5B9C5,0x83260376,0x6295CFA9,
98 0x11C81968,0x4E734A41,0xB3472DCA,0x7B14A94A,0x1B510052,0x9A532915,
99 0xD60F573F,0xBC9BC6E4,0x2B60A476,0x81E67400,0x08BA6FB5,0x571BE91F,
100 0xF296EC6B,0x2A0DD915,0xB6636521,0xE7B9F9B6,0xFF34052E,0xC5855664,
101 0x53B02D5D,0xA99F8FA1,0x08BA4799,0x6E85076A };
102
103static const u32 ks1[256] = {
104 0x4B7A70E9,0xB5B32944,0xDB75092E,0xC4192623,0xAD6EA6B0,0x49A7DF7D,
105 0x9CEE60B8,0x8FEDB266,0xECAA8C71,0x699A17FF,0x5664526C,0xC2B19EE1,
106 0x193602A5,0x75094C29,0xA0591340,0xE4183A3E,0x3F54989A,0x5B429D65,
107 0x6B8FE4D6,0x99F73FD6,0xA1D29C07,0xEFE830F5,0x4D2D38E6,0xF0255DC1,
108 0x4CDD2086,0x8470EB26,0x6382E9C6,0x021ECC5E,0x09686B3F,0x3EBAEFC9,
109 0x3C971814,0x6B6A70A1,0x687F3584,0x52A0E286,0xB79C5305,0xAA500737,
110 0x3E07841C,0x7FDEAE5C,0x8E7D44EC,0x5716F2B8,0xB03ADA37,0xF0500C0D,
111 0xF01C1F04,0x0200B3FF,0xAE0CF51A,0x3CB574B2,0x25837A58,0xDC0921BD,
112 0xD19113F9,0x7CA92FF6,0x94324773,0x22F54701,0x3AE5E581,0x37C2DADC,
113 0xC8B57634,0x9AF3DDA7,0xA9446146,0x0FD0030E,0xECC8C73E,0xA4751E41,
114 0xE238CD99,0x3BEA0E2F,0x3280BBA1,0x183EB331,0x4E548B38,0x4F6DB908,
115 0x6F420D03,0xF60A04BF,0x2CB81290,0x24977C79,0x5679B072,0xBCAF89AF,
116 0xDE9A771F,0xD9930810,0xB38BAE12,0xDCCF3F2E,0x5512721F,0x2E6B7124,
117 0x501ADDE6,0x9F84CD87,0x7A584718,0x7408DA17,0xBC9F9ABC,0xE94B7D8C,
118 0xEC7AEC3A,0xDB851DFA,0x63094366,0xC464C3D2,0xEF1C1847,0x3215D908,
119 0xDD433B37,0x24C2BA16,0x12A14D43,0x2A65C451,0x50940002,0x133AE4DD,
120 0x71DFF89E,0x10314E55,0x81AC77D6,0x5F11199B,0x043556F1,0xD7A3C76B,
121 0x3C11183B,0x5924A509,0xF28FE6ED,0x97F1FBFA,0x9EBABF2C,0x1E153C6E,
122 0x86E34570,0xEAE96FB1,0x860E5E0A,0x5A3E2AB3,0x771FE71C,0x4E3D06FA,
123 0x2965DCB9,0x99E71D0F,0x803E89D6,0x5266C825,0x2E4CC978,0x9C10B36A,
124 0xC6150EBA,0x94E2EA78,0xA5FC3C53,0x1E0A2DF4,0xF2F74EA7,0x361D2B3D,
125 0x1939260F,0x19C27960,0x5223A708,0xF71312B6,0xEBADFE6E,0xEAC31F66,
126 0xE3BC4595,0xA67BC883,0xB17F37D1,0x018CFF28,0xC332DDEF,0xBE6C5AA5,
127 0x65582185,0x68AB9802,0xEECEA50F,0xDB2F953B,0x2AEF7DAD,0x5B6E2F84,
128 0x1521B628,0x29076170,0xECDD4775,0x619F1510,0x13CCA830,0xEB61BD96,
129 0x0334FE1E,0xAA0363CF,0xB5735C90,0x4C70A239,0xD59E9E0B,0xCBAADE14,
130 0xEECC86BC,0x60622CA7,0x9CAB5CAB,0xB2F3846E,0x648B1EAF,0x19BDF0CA,
131 0xA02369B9,0x655ABB50,0x40685A32,0x3C2AB4B3,0x319EE9D5,0xC021B8F7,
132 0x9B540B19,0x875FA099,0x95F7997E,0x623D7DA8,0xF837889A,0x97E32D77,
133 0x11ED935F,0x16681281,0x0E358829,0xC7E61FD6,0x96DEDFA1,0x7858BA99,
134 0x57F584A5,0x1B227263,0x9B83C3FF,0x1AC24696,0xCDB30AEB,0x532E3054,
135 0x8FD948E4,0x6DBC3128,0x58EBF2EF,0x34C6FFEA,0xFE28ED61,0xEE7C3C73,
136 0x5D4A14D9,0xE864B7E3,0x42105D14,0x203E13E0,0x45EEE2B6,0xA3AAABEA,
137 0xDB6C4F15,0xFACB4FD0,0xC742F442,0xEF6ABBB5,0x654F3B1D,0x41CD2105,
138 0xD81E799E,0x86854DC7,0xE44B476A,0x3D816250,0xCF62A1F2,0x5B8D2646,
139 0xFC8883A0,0xC1C7B6A3,0x7F1524C3,0x69CB7492,0x47848A0B,0x5692B285,
140 0x095BBF00,0xAD19489D,0x1462B174,0x23820E00,0x58428D2A,0x0C55F5EA,
141 0x1DADF43E,0x233F7061,0x3372F092,0x8D937E41,0xD65FECF1,0x6C223BDB,
142 0x7CDE3759,0xCBEE7460,0x4085F2A7,0xCE77326E,0xA6078084,0x19F8509E,
143 0xE8EFD855,0x61D99735,0xA969A7AA,0xC50C06C2,0x5A04ABFC,0x800BCADC,
144 0x9E447A2E,0xC3453484,0xFDD56705,0x0E1E9EC9,0xDB73DBD3,0x105588CD,
145 0x675FDA79,0xE3674340,0xC5C43465,0x713E38D8,0x3D28F89E,0xF16DFF20,
146 0x153E21E7,0x8FB03D4A,0xE6E39F2B,0xDB83ADF7 };
147
148static const u32 ks2[256] = {
149 0xE93D5A68,0x948140F7,0xF64C261C,0x94692934,0x411520F7,0x7602D4F7,
150 0xBCF46B2E,0xD4A20068,0xD4082471,0x3320F46A,0x43B7D4B7,0x500061AF,
151 0x1E39F62E,0x97244546,0x14214F74,0xBF8B8840,0x4D95FC1D,0x96B591AF,
152 0x70F4DDD3,0x66A02F45,0xBFBC09EC,0x03BD9785,0x7FAC6DD0,0x31CB8504,
153 0x96EB27B3,0x55FD3941,0xDA2547E6,0xABCA0A9A,0x28507825,0x530429F4,
154 0x0A2C86DA,0xE9B66DFB,0x68DC1462,0xD7486900,0x680EC0A4,0x27A18DEE,
155 0x4F3FFEA2,0xE887AD8C,0xB58CE006,0x7AF4D6B6,0xAACE1E7C,0xD3375FEC,
156 0xCE78A399,0x406B2A42,0x20FE9E35,0xD9F385B9,0xEE39D7AB,0x3B124E8B,
157 0x1DC9FAF7,0x4B6D1856,0x26A36631,0xEAE397B2,0x3A6EFA74,0xDD5B4332,
158 0x6841E7F7,0xCA7820FB,0xFB0AF54E,0xD8FEB397,0x454056AC,0xBA489527,
159 0x55533A3A,0x20838D87,0xFE6BA9B7,0xD096954B,0x55A867BC,0xA1159A58,
160 0xCCA92963,0x99E1DB33,0xA62A4A56,0x3F3125F9,0x5EF47E1C,0x9029317C,
161 0xFDF8E802,0x04272F70,0x80BB155C,0x05282CE3,0x95C11548,0xE4C66D22,
162 0x48C1133F,0xC70F86DC,0x07F9C9EE,0x41041F0F,0x404779A4,0x5D886E17,
163 0x325F51EB,0xD59BC0D1,0xF2BCC18F,0x41113564,0x257B7834,0x602A9C60,
164 0xDFF8E8A3,0x1F636C1B,0x0E12B4C2,0x02E1329E,0xAF664FD1,0xCAD18115,
165 0x6B2395E0,0x333E92E1,0x3B240B62,0xEEBEB922,0x85B2A20E,0xE6BA0D99,
166 0xDE720C8C,0x2DA2F728,0xD0127845,0x95B794FD,0x647D0862,0xE7CCF5F0,
167 0x5449A36F,0x877D48FA,0xC39DFD27,0xF33E8D1E,0x0A476341,0x992EFF74,
168 0x3A6F6EAB,0xF4F8FD37,0xA812DC60,0xA1EBDDF8,0x991BE14C,0xDB6E6B0D,
169 0xC67B5510,0x6D672C37,0x2765D43B,0xDCD0E804,0xF1290DC7,0xCC00FFA3,
170 0xB5390F92,0x690FED0B,0x667B9FFB,0xCEDB7D9C,0xA091CF0B,0xD9155EA3,
171 0xBB132F88,0x515BAD24,0x7B9479BF,0x763BD6EB,0x37392EB3,0xCC115979,
172 0x8026E297,0xF42E312D,0x6842ADA7,0xC66A2B3B,0x12754CCC,0x782EF11C,
173 0x6A124237,0xB79251E7,0x06A1BBE6,0x4BFB6350,0x1A6B1018,0x11CAEDFA,
174 0x3D25BDD8,0xE2E1C3C9,0x44421659,0x0A121386,0xD90CEC6E,0xD5ABEA2A,
175 0x64AF674E,0xDA86A85F,0xBEBFE988,0x64E4C3FE,0x9DBC8057,0xF0F7C086,
176 0x60787BF8,0x6003604D,0xD1FD8346,0xF6381FB0,0x7745AE04,0xD736FCCC,
177 0x83426B33,0xF01EAB71,0xB0804187,0x3C005E5F,0x77A057BE,0xBDE8AE24,
178 0x55464299,0xBF582E61,0x4E58F48F,0xF2DDFDA2,0xF474EF38,0x8789BDC2,
179 0x5366F9C3,0xC8B38E74,0xB475F255,0x46FCD9B9,0x7AEB2661,0x8B1DDF84,
180 0x846A0E79,0x915F95E2,0x466E598E,0x20B45770,0x8CD55591,0xC902DE4C,
181 0xB90BACE1,0xBB8205D0,0x11A86248,0x7574A99E,0xB77F19B6,0xE0A9DC09,
182 0x662D09A1,0xC4324633,0xE85A1F02,0x09F0BE8C,0x4A99A025,0x1D6EFE10,
183 0x1AB93D1D,0x0BA5A4DF,0xA186F20F,0x2868F169,0xDCB7DA83,0x573906FE,
184 0xA1E2CE9B,0x4FCD7F52,0x50115E01,0xA70683FA,0xA002B5C4,0x0DE6D027,
185 0x9AF88C27,0x773F8641,0xC3604C06,0x61A806B5,0xF0177A28,0xC0F586E0,
186 0x006058AA,0x30DC7D62,0x11E69ED7,0x2338EA63,0x53C2DD94,0xC2C21634,
187 0xBBCBEE56,0x90BCB6DE,0xEBFC7DA1,0xCE591D76,0x6F05E409,0x4B7C0188,
188 0x39720A3D,0x7C927C24,0x86E3725F,0x724D9DB9,0x1AC15BB4,0xD39EB8FC,
189 0xED545578,0x08FCA5B5,0xD83D7CD3,0x4DAD0FC4,0x1E50EF5E,0xB161E6F8,
190 0xA28514D9,0x6C51133C,0x6FD5C7E7,0x56E14EC4,0x362ABFCE,0xDDC6C837,
191 0xD79A3234,0x92638212,0x670EFA8E,0x406000E0 };
192
193static const u32 ks3[256] = {
194 0x3A39CE37,0xD3FAF5CF,0xABC27737,0x5AC52D1B,0x5CB0679E,0x4FA33742,
195 0xD3822740,0x99BC9BBE,0xD5118E9D,0xBF0F7315,0xD62D1C7E,0xC700C47B,
196 0xB78C1B6B,0x21A19045,0xB26EB1BE,0x6A366EB4,0x5748AB2F,0xBC946E79,
197 0xC6A376D2,0x6549C2C8,0x530FF8EE,0x468DDE7D,0xD5730A1D,0x4CD04DC6,
198 0x2939BBDB,0xA9BA4650,0xAC9526E8,0xBE5EE304,0xA1FAD5F0,0x6A2D519A,
199 0x63EF8CE2,0x9A86EE22,0xC089C2B8,0x43242EF6,0xA51E03AA,0x9CF2D0A4,
200 0x83C061BA,0x9BE96A4D,0x8FE51550,0xBA645BD6,0x2826A2F9,0xA73A3AE1,
201 0x4BA99586,0xEF5562E9,0xC72FEFD3,0xF752F7DA,0x3F046F69,0x77FA0A59,
202 0x80E4A915,0x87B08601,0x9B09E6AD,0x3B3EE593,0xE990FD5A,0x9E34D797,
203 0x2CF0B7D9,0x022B8B51,0x96D5AC3A,0x017DA67D,0xD1CF3ED6,0x7C7D2D28,
204 0x1F9F25CF,0xADF2B89B,0x5AD6B472,0x5A88F54C,0xE029AC71,0xE019A5E6,
205 0x47B0ACFD,0xED93FA9B,0xE8D3C48D,0x283B57CC,0xF8D56629,0x79132E28,
206 0x785F0191,0xED756055,0xF7960E44,0xE3D35E8C,0x15056DD4,0x88F46DBA,
207 0x03A16125,0x0564F0BD,0xC3EB9E15,0x3C9057A2,0x97271AEC,0xA93A072A,
208 0x1B3F6D9B,0x1E6321F5,0xF59C66FB,0x26DCF319,0x7533D928,0xB155FDF5,
209 0x03563482,0x8ABA3CBB,0x28517711,0xC20AD9F8,0xABCC5167,0xCCAD925F,
210 0x4DE81751,0x3830DC8E,0x379D5862,0x9320F991,0xEA7A90C2,0xFB3E7BCE,
211 0x5121CE64,0x774FBE32,0xA8B6E37E,0xC3293D46,0x48DE5369,0x6413E680,
212 0xA2AE0810,0xDD6DB224,0x69852DFD,0x09072166,0xB39A460A,0x6445C0DD,
213 0x586CDECF,0x1C20C8AE,0x5BBEF7DD,0x1B588D40,0xCCD2017F,0x6BB4E3BB,
214 0xDDA26A7E,0x3A59FF45,0x3E350A44,0xBCB4CDD5,0x72EACEA8,0xFA6484BB,
215 0x8D6612AE,0xBF3C6F47,0xD29BE463,0x542F5D9E,0xAEC2771B,0xF64E6370,
216 0x740E0D8D,0xE75B1357,0xF8721671,0xAF537D5D,0x4040CB08,0x4EB4E2CC,
217 0x34D2466A,0x0115AF84,0xE1B00428,0x95983A1D,0x06B89FB4,0xCE6EA048,
218 0x6F3F3B82,0x3520AB82,0x011A1D4B,0x277227F8,0x611560B1,0xE7933FDC,
219 0xBB3A792B,0x344525BD,0xA08839E1,0x51CE794B,0x2F32C9B7,0xA01FBAC9,
220 0xE01CC87E,0xBCC7D1F6,0xCF0111C3,0xA1E8AAC7,0x1A908749,0xD44FBD9A,
221 0xD0DADECB,0xD50ADA38,0x0339C32A,0xC6913667,0x8DF9317C,0xE0B12B4F,
222 0xF79E59B7,0x43F5BB3A,0xF2D519FF,0x27D9459C,0xBF97222C,0x15E6FC2A,
223 0x0F91FC71,0x9B941525,0xFAE59361,0xCEB69CEB,0xC2A86459,0x12BAA8D1,
224 0xB6C1075E,0xE3056A0C,0x10D25065,0xCB03A442,0xE0EC6E0E,0x1698DB3B,
225 0x4C98A0BE,0x3278E964,0x9F1F9532,0xE0D392DF,0xD3A0342B,0x8971F21E,
226 0x1B0A7441,0x4BA3348C,0xC5BE7120,0xC37632D8,0xDF359F8D,0x9B992F2E,
227 0xE60B6F47,0x0FE3F11D,0xE54CDA54,0x1EDAD891,0xCE6279CF,0xCD3E7E6F,
228 0x1618B166,0xFD2C1D05,0x848FD2C5,0xF6FB2299,0xF523F357,0xA6327623,
229 0x93A83531,0x56CCCD02,0xACF08162,0x5A75EBB5,0x6E163697,0x88D273CC,
230 0xDE966292,0x81B949D0,0x4C50901B,0x71C65614,0xE6C6C7BD,0x327A140A,
231 0x45E1D006,0xC3F27B9A,0xC9AA53FD,0x62A80F00,0xBB25BFE2,0x35BDD2F6,
232 0x71126905,0xB2040222,0xB6CBCF7C,0xCD769C2B,0x53113EC0,0x1640E3D3,
233 0x38ABBD60,0x2547ADF0,0xBA38209C,0xF746CE76,0x77AFA1C5,0x20756060,
234 0x85CBFE4E,0x8AE88DD8,0x7AAAF9B0,0x4CF9AA7E,0x1948C25C,0x02FB8A8C,
235 0x01C36AE4,0xD6EBE1F9,0x90D4F869,0xA65CDEA0,0x3F09252D,0xC208E69F,
236 0xB74E6132,0xCE77E25B,0x578FDFE3,0x3AC372E6 };
237
238static const u32 ps[BLOWFISH_ROUNDS+2] = {
239 0x243F6A88,0x85A308D3,0x13198A2E,0x03707344,0xA4093822,0x299F31D0,
240 0x082EFA98,0xEC4E6C89,0x452821E6,0x38D01377,0xBE5466CF,0x34E90C6C,
241 0xC0AC29B7,0xC97C50DD,0x3F84D5B5,0xB5470917,0x9216D5D9,0x8979FB1B };
242
243
244
245#if BLOWFISH_ROUNDS != 16
246static inline u32
247function_F( BLOWFISH_context *bc, u32 x )
248{
249 u16 a, b, c, d;
250
251#ifdef WORDS_BIGENDIAN
252 a = ((byte*)&x)[0];
253 b = ((byte*)&x)[1];
254 c = ((byte*)&x)[2];
255 d = ((byte*)&x)[3];
256#else
257 a = ((byte*)&x)[3];
258 b = ((byte*)&x)[2];
259 c = ((byte*)&x)[1];
260 d = ((byte*)&x)[0];
261#endif
262
263 return ((bc->s0[a] + bc->s1[b]) ^ bc->s2[c] ) + bc->s3[d];
264}
265#endif
266
267#ifdef WORDS_BIGENDIAN
268#define F(x) ((( s0[((byte*)&x)[0]] + s1[((byte*)&x)[1]]) \
269 ^ s2[((byte*)&x)[2]]) + s3[((byte*)&x)[3]] )
270#else
271#define F(x) ((( s0[((byte*)&x)[3]] + s1[((byte*)&x)[2]]) \
272 ^ s2[((byte*)&x)[1]]) + s3[((byte*)&x)[0]] )
273#endif
274#define R(l,r,i) do { l ^= p[i]; r ^= F(l); } while(0)
275
276
277static void
278do_encrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
279{
280#if BLOWFISH_ROUNDS == 16
281 u32 xl, xr, *s0, *s1, *s2, *s3, *p;
282
283 xl = *ret_xl;
284 xr = *ret_xr;
285 p = bc->p;
286 s0 = bc->s0;
287 s1 = bc->s1;
288 s2 = bc->s2;
289 s3 = bc->s3;
290
291 R( xl, xr, 0);
292 R( xr, xl, 1);
293 R( xl, xr, 2);
294 R( xr, xl, 3);
295 R( xl, xr, 4);
296 R( xr, xl, 5);
297 R( xl, xr, 6);
298 R( xr, xl, 7);
299 R( xl, xr, 8);
300 R( xr, xl, 9);
301 R( xl, xr, 10);
302 R( xr, xl, 11);
303 R( xl, xr, 12);
304 R( xr, xl, 13);
305 R( xl, xr, 14);
306 R( xr, xl, 15);
307
308 xl ^= p[BLOWFISH_ROUNDS];
309 xr ^= p[BLOWFISH_ROUNDS+1];
310
311 *ret_xl = xr;
312 *ret_xr = xl;
313
314#else
315 u32 xl, xr, temp, *p;
316 int i;
317
318 xl = *ret_xl;
319 xr = *ret_xr;
320 p = bc->p;
321
322 for(i=0; i < BLOWFISH_ROUNDS; i++ )
323 {
324 xl ^= p[i];
325 xr ^= function_F(bc, xl);
326 temp = xl;
327 xl = xr;
328 xr = temp;
329 }
330 temp = xl;
331 xl = xr;
332 xr = temp;
333
334 xr ^= p[BLOWFISH_ROUNDS];
335 xl ^= p[BLOWFISH_ROUNDS+1];
336
337 *ret_xl = xl;
338 *ret_xr = xr;
339#endif
340}
341
342
343static void
344decrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
345{
346#if BLOWFISH_ROUNDS == 16
347 u32 xl, xr, *s0, *s1, *s2, *s3, *p;
348
349 xl = *ret_xl;
350 xr = *ret_xr;
351 p = bc->p;
352 s0 = bc->s0;
353 s1 = bc->s1;
354 s2 = bc->s2;
355 s3 = bc->s3;
356
357 R( xl, xr, 17);
358 R( xr, xl, 16);
359 R( xl, xr, 15);
360 R( xr, xl, 14);
361 R( xl, xr, 13);
362 R( xr, xl, 12);
363 R( xl, xr, 11);
364 R( xr, xl, 10);
365 R( xl, xr, 9);
366 R( xr, xl, 8);
367 R( xl, xr, 7);
368 R( xr, xl, 6);
369 R( xl, xr, 5);
370 R( xr, xl, 4);
371 R( xl, xr, 3);
372 R( xr, xl, 2);
373
374 xl ^= p[1];
375 xr ^= p[0];
376
377 *ret_xl = xr;
378 *ret_xr = xl;
379
380#else
381 u32 xl, xr, temp, *p;
382 int i;
383
384 xl = *ret_xl;
385 xr = *ret_xr;
386 p = bc->p;
387
388 for (i=BLOWFISH_ROUNDS+1; i > 1; i-- )
389 {
390 xl ^= p[i];
391 xr ^= function_F(bc, xl);
392 temp = xl;
393 xl = xr;
394 xr = temp;
395 }
396
397 temp = xl;
398 xl = xr;
399 xr = temp;
400
401 xr ^= p[1];
402 xl ^= p[0];
403
404 *ret_xl = xl;
405 *ret_xr = xr;
406#endif
407}
408
409#undef F
410#undef R
411
412static void
413do_encrypt_block ( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf )
414{
415 u32 d1, d2;
416
417 d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
418 d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
419 do_encrypt( bc, &d1, &d2 );
420 outbuf[0] = (d1 >> 24) & 0xff;
421 outbuf[1] = (d1 >> 16) & 0xff;
422 outbuf[2] = (d1 >> 8) & 0xff;
423 outbuf[3] = d1 & 0xff;
424 outbuf[4] = (d2 >> 24) & 0xff;
425 outbuf[5] = (d2 >> 16) & 0xff;
426 outbuf[6] = (d2 >> 8) & 0xff;
427 outbuf[7] = d2 & 0xff;
428}
429
430static void
431encrypt_block (void *context, byte *outbuf, const byte *inbuf)
432{
433 BLOWFISH_context *bc = (BLOWFISH_context *) context;
434 do_encrypt_block (bc, outbuf, inbuf);
435 _gcry_burn_stack (64);
436}
437
438
439static void
440do_decrypt_block (BLOWFISH_context *bc, byte *outbuf, const byte *inbuf)
441{
442 u32 d1, d2;
443
444 d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
445 d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
446 decrypt( bc, &d1, &d2 );
447 outbuf[0] = (d1 >> 24) & 0xff;
448 outbuf[1] = (d1 >> 16) & 0xff;
449 outbuf[2] = (d1 >> 8) & 0xff;
450 outbuf[3] = d1 & 0xff;
451 outbuf[4] = (d2 >> 24) & 0xff;
452 outbuf[5] = (d2 >> 16) & 0xff;
453 outbuf[6] = (d2 >> 8) & 0xff;
454 outbuf[7] = d2 & 0xff;
455}
456
457static void
458decrypt_block (void *context, byte *outbuf, const byte *inbuf)
459{
460 BLOWFISH_context *bc = (BLOWFISH_context *) context;
461 do_decrypt_block (bc, outbuf, inbuf);
462 _gcry_burn_stack (64);
463}
464
465
466static const char*
467selftest(void)
468{
469 BLOWFISH_context c;
470 byte plain[] = "BLOWFISH";
471 byte buffer[8];
472 byte plain3[] = { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 };
473 byte key3[] = { 0x41, 0x79, 0x6E, 0xA0, 0x52, 0x61, 0x6E, 0xE4 };
474 byte cipher3[] = { 0xE1, 0x13, 0xF4, 0x10, 0x2C, 0xFC, 0xCE, 0x43 };
475
476 bf_setkey( (void *) &c,
477 (const unsigned char*)"abcdefghijklmnopqrstuvwxyz", 26 );
478 encrypt_block( (void *) &c, buffer, plain );
479 if( memcmp( buffer, "\x32\x4E\xD0\xFE\xF4\x13\xA2\x03", 8 ) )
480 return "Blowfish selftest failed (1).";
481 decrypt_block( (void *) &c, buffer, buffer );
482 if( memcmp( buffer, plain, 8 ) )
483 return "Blowfish selftest failed (2).";
484
485 bf_setkey( (void *) &c, key3, 8 );
486 encrypt_block( (void *) &c, buffer, plain3 );
487 if( memcmp( buffer, cipher3, 8 ) )
488 return "Blowfish selftest failed (3).";
489 decrypt_block( (void *) &c, buffer, buffer );
490 if( memcmp( buffer, plain3, 8 ) )
491 return "Blowfish selftest failed (4).";
492 return NULL;
493}
494
495
496
497static gcry_err_code_t
498do_bf_setkey (BLOWFISH_context *c, const byte *key, unsigned keylen)
499{
500 int i, j;
501 u32 data, datal, datar;
502 static int initialized;
503 static const char *selftest_failed;
504
505 if( !initialized )
506 {
507 initialized = 1;
508 selftest_failed = selftest();
509 if( selftest_failed )
510 log_error ("%s\n", selftest_failed );
511 }
512 if( selftest_failed )
513 return GPG_ERR_SELFTEST_FAILED;
514
515 for(i=0; i < BLOWFISH_ROUNDS+2; i++ )
516 c->p[i] = ps[i];
517 for(i=0; i < 256; i++ )
518 {
519 c->s0[i] = ks0[i];
520 c->s1[i] = ks1[i];
521 c->s2[i] = ks2[i];
522 c->s3[i] = ks3[i];
523 }
524
525 for(i=j=0; i < BLOWFISH_ROUNDS+2; i++ )
526 {
527#ifdef WORDS_BIGENDIAN
528 ((byte*)&data)[0] = key[j];
529 ((byte*)&data)[1] = key[(j+1)%keylen];
530 ((byte*)&data)[2] = key[(j+2)%keylen];
531 ((byte*)&data)[3] = key[(j+3)%keylen];
532#else
533 ((byte*)&data)[3] = key[j];
534 ((byte*)&data)[2] = key[(j+1)%keylen];
535 ((byte*)&data)[1] = key[(j+2)%keylen];
536 ((byte*)&data)[0] = key[(j+3)%keylen];
537#endif
538 c->p[i] ^= data;
539 j = (j+4) % keylen;
540 }
541
542 datal = datar = 0;
543 for(i=0; i < BLOWFISH_ROUNDS+2; i += 2 )
544 {
545 do_encrypt( c, &datal, &datar );
546 c->p[i] = datal;
547 c->p[i+1] = datar;
548 }
549 for(i=0; i < 256; i += 2 )
550 {
551 do_encrypt( c, &datal, &datar );
552 c->s0[i] = datal;
553 c->s0[i+1] = datar;
554 }
555 for(i=0; i < 256; i += 2 )
556 {
557 do_encrypt( c, &datal, &datar );
558 c->s1[i] = datal;
559 c->s1[i+1] = datar;
560 }
561 for(i=0; i < 256; i += 2 )
562 {
563 do_encrypt( c, &datal, &datar );
564 c->s2[i] = datal;
565 c->s2[i+1] = datar;
566 }
567 for(i=0; i < 256; i += 2 )
568 {
569 do_encrypt( c, &datal, &datar );
570 c->s3[i] = datal;
571 c->s3[i+1] = datar;
572 }
573
574
575 /* Check for weak key. A weak key is a key in which a value in
576 the P-array (here c) occurs more than once per table. */
577 for(i=0; i < 255; i++ )
578 {
579 for( j=i+1; j < 256; j++)
580 {
581 if( (c->s0[i] == c->s0[j]) || (c->s1[i] == c->s1[j]) ||
582 (c->s2[i] == c->s2[j]) || (c->s3[i] == c->s3[j]) )
583 return GPG_ERR_WEAK_KEY;
584 }
585 }
586
587 return GPG_ERR_NO_ERROR;
588}
589
590
591static gcry_err_code_t
592bf_setkey (void *context, const byte *key, unsigned keylen)
593{
594 BLOWFISH_context *c = (BLOWFISH_context *) context;
595 gcry_err_code_t rc = do_bf_setkey (c, key, keylen);
596 _gcry_burn_stack (64);
597 return rc;
598}
599
600
601gcry_cipher_spec_t _gcry_cipher_spec_blowfish =
602 {
603 "BLOWFISH", NULL, NULL, BLOWFISH_BLOCKSIZE, 128,
604 sizeof (BLOWFISH_context),
605 bf_setkey, encrypt_block, decrypt_block,
606 };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cast5.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cast5.c
new file mode 100755
index 0000000..dd08696
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cast5.c
@@ -0,0 +1,620 @@
1/* cast5.c - CAST5 cipher (RFC2144)
2 * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21/* Test vectors:
22 *
23 * 128-bit key = 01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A
24 * plaintext = 01 23 45 67 89 AB CD EF
25 * ciphertext = 23 8B 4F E5 84 7E 44 B2
26 *
27 * 80-bit key = 01 23 45 67 12 34 56 78 23 45
28 * = 01 23 45 67 12 34 56 78 23 45 00 00 00 00 00 00
29 * plaintext = 01 23 45 67 89 AB CD EF
30 * ciphertext = EB 6A 71 1A 2C 02 27 1B
31 *
32 * 40-bit key = 01 23 45 67 12
33 * = 01 23 45 67 12 00 00 00 00 00 00 00 00 00 00 00
34 * plaintext = 01 23 45 67 89 AB CD EF
35 * ciphertext = 7A C8 16 D1 6E 9B 30 2E
36 */
37
38#include <config.h>
39#include <stdio.h>
40#include <stdlib.h>
41#include <string.h>
42#include "g10lib.h"
43#include "types.h"
44#include "cipher.h"
45
46#define CAST5_BLOCKSIZE 8
47
48typedef struct {
49 u32 Km[16];
50 byte Kr[16];
51} CAST5_context;
52
53static gcry_err_code_t cast_setkey (void *c, const byte *key, unsigned keylen);
54static void encrypt_block (void *c, byte *outbuf, const byte *inbuf);
55static void decrypt_block (void *c, byte *outbuf, const byte *inbuf);
56
57
58
59
60static const u32 s1[256] = {
610x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
620xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
630x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
640xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
650x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
660xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
670x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
680xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
690x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
700xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
710x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
720x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
730xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
740x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
750x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
760x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
770x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
780x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
790xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
800x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
810x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
820xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
830x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
840x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
850xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
860xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
870x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
880x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
890xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
900x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
910xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
920x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf
93};
94static const u32 s2[256] = {
950x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
960xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
970xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
980xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
990x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
1000xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
1010x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
1020x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
1030x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
1040xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
1050xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
1060xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
1070x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
1080xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
1090x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
1100x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
1110xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
1120xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
1130x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
1140x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
1150xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
1160x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
1170xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
1180xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
1190xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
1200x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
1210xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
1220x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
1230x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
1240xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
1250x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
1260x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1
127};
128static const u32 s3[256] = {
1290x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
1300xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
1310x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
1320x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
1330x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
1340xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
1350x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
1360xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
1370xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
1380x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
1390xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
1400x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
1410xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
1420xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
1430x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
1440x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
1450x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
1460x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
1470x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
1480x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
1490x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
1500x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
1510xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
1520x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
1530xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
1540xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
1550x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
1560x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
1570x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
1580x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
1590x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
1600xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783
161};
162static const u32 s4[256] = {
1630x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
1640x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
1650x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
1660xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
1670x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
1680xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
1690x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
1700xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
1710x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
1720xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
1730x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
1740x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
1750xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
1760xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
1770x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
1780x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
1790x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
1800x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
1810xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
1820x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
1830x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
1840xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
1850xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
1860x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
1870x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
1880x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
1890x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
1900xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
1910x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
1920xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
1930x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
1940x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2
195};
196static const u32 s5[256] = {
1970x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
1980x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
1990xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
2000x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
2010x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
2020xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
2030x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
2040xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
2050x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
2060xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
2070x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
2080xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
2090xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
2100x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
2110x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
2120x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
2130xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
2140x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
2150x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
2160x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
2170x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
2180x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
2190x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
2200x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
2210xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
2220x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
2230x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
2240x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
2250x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
2260x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
2270xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
2280xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4
229};
230static const u32 s6[256] = {
2310xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
2320xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
2330x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
2340xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
2350x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
2360xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
2370x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
2380xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
2390x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
2400x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
2410xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
2420x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
2430x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
2440x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
2450x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
2460x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
2470x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
2480x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
2490x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
2500x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
2510xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
2520x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
2530x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
2540x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
2550x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
2560xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
2570xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
2580xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
2590x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
2600xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
2610x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
2620xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f
263};
264static const u32 s7[256] = {
2650x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
2660x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
2670xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
2680x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
2690x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
2700x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
2710x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
2720x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
2730x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
2740xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
2750xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
2760x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
2770x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
2780xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
2790x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
2800xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
2810xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
2820xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
2830x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
2840x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
2850xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
2860x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
2870xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
2880x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
2890x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
2900x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
2910xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
2920xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
2930x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
2940x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
2950x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
2960x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3
297};
298static const u32 s8[256] = {
2990xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
3000x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
3010xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
3020x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
3030x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
3040x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
3050x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
3060x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
3070xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
3080x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
3090x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
3100x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
3110x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
3120xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
3130x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
3140xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
3150xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
3160xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
3170xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
3180xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
3190x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
3200x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
3210x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
3220xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
3230x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
3240x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
3250x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
3260xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
3270xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
3280x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
3290xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
3300x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e
331};
332
333
334#if defined(__GNUC__) && defined(__i386__)
335static inline u32
336rol(int n, u32 x)
337{
338 __asm__("roll %%cl,%0"
339 :"=r" (x)
340 :"0" (x),"c" (n));
341 return x;
342}
343#else
344#define rol(n,x) ( ((x) << (n)) | ((x) >> (32-(n))) )
345#endif
346
347#define F1(D,m,r) ( (I = ((m) + (D))), (I=rol((r),I)), \
348 (((s1[I >> 24] ^ s2[(I>>16)&0xff]) - s3[(I>>8)&0xff]) + s4[I&0xff]) )
349#define F2(D,m,r) ( (I = ((m) ^ (D))), (I=rol((r),I)), \
350 (((s1[I >> 24] - s2[(I>>16)&0xff]) + s3[(I>>8)&0xff]) ^ s4[I&0xff]) )
351#define F3(D,m,r) ( (I = ((m) - (D))), (I=rol((r),I)), \
352 (((s1[I >> 24] + s2[(I>>16)&0xff]) ^ s3[(I>>8)&0xff]) - s4[I&0xff]) )
353
354static void
355do_encrypt_block( CAST5_context *c, byte *outbuf, const byte *inbuf )
356{
357 u32 l, r, t;
358 u32 I; /* used by the Fx macros */
359 u32 *Km;
360 byte *Kr;
361
362 Km = c->Km;
363 Kr = c->Kr;
364
365 /* (L0,R0) <-- (m1...m64). (Split the plaintext into left and
366 * right 32-bit halves L0 = m1...m32 and R0 = m33...m64.)
367 */
368 l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
369 r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
370
371 /* (16 rounds) for i from 1 to 16, compute Li and Ri as follows:
372 * Li = Ri-1;
373 * Ri = Li-1 ^ f(Ri-1,Kmi,Kri), where f is defined in Section 2.2
374 * Rounds 1, 4, 7, 10, 13, and 16 use f function Type 1.
375 * Rounds 2, 5, 8, 11, and 14 use f function Type 2.
376 * Rounds 3, 6, 9, 12, and 15 use f function Type 3.
377 */
378
379 t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]);
380 t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]);
381 t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]);
382 t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]);
383 t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]);
384 t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]);
385 t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]);
386 t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]);
387 t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]);
388 t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]);
389 t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
390 t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
391 t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
392 t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
393 t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
394 t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
395
396 /* c1...c64 <-- (R16,L16). (Exchange final blocks L16, R16 and
397 * concatenate to form the ciphertext.) */
398 outbuf[0] = (r >> 24) & 0xff;
399 outbuf[1] = (r >> 16) & 0xff;
400 outbuf[2] = (r >> 8) & 0xff;
401 outbuf[3] = r & 0xff;
402 outbuf[4] = (l >> 24) & 0xff;
403 outbuf[5] = (l >> 16) & 0xff;
404 outbuf[6] = (l >> 8) & 0xff;
405 outbuf[7] = l & 0xff;
406}
407
408static void
409encrypt_block (void *context , byte *outbuf, const byte *inbuf)
410{
411 CAST5_context *c = (CAST5_context *) context;
412 do_encrypt_block (c, outbuf, inbuf);
413 _gcry_burn_stack (20+4*sizeof(void*));
414}
415
416
417static void
418do_decrypt_block (CAST5_context *c, byte *outbuf, const byte *inbuf )
419{
420 u32 l, r, t;
421 u32 I;
422 u32 *Km;
423 byte *Kr;
424
425 Km = c->Km;
426 Kr = c->Kr;
427
428 l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
429 r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
430
431 t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
432 t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
433 t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
434 t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
435 t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
436 t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
437 t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]);
438 t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]);
439 t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]);
440 t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]);
441 t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]);
442 t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]);
443 t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]);
444 t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]);
445 t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]);
446 t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]);
447
448 outbuf[0] = (r >> 24) & 0xff;
449 outbuf[1] = (r >> 16) & 0xff;
450 outbuf[2] = (r >> 8) & 0xff;
451 outbuf[3] = r & 0xff;
452 outbuf[4] = (l >> 24) & 0xff;
453 outbuf[5] = (l >> 16) & 0xff;
454 outbuf[6] = (l >> 8) & 0xff;
455 outbuf[7] = l & 0xff;
456}
457
458static void
459decrypt_block (void *context, byte *outbuf, const byte *inbuf)
460{
461 CAST5_context *c = (CAST5_context *) context;
462 do_decrypt_block (c, outbuf, inbuf);
463 _gcry_burn_stack (20+4*sizeof(void*));
464}
465
466
467static const char*
468selftest(void)
469{
470 CAST5_context c;
471 byte key[16] = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
472 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A };
473 byte plain[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
474 byte cipher[8]= { 0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2 };
475 byte buffer[8];
476
477 cast_setkey( &c, key, 16 );
478 encrypt_block( &c, buffer, plain );
479 if( memcmp( buffer, cipher, 8 ) )
480 return "1";
481 decrypt_block( &c, buffer, buffer );
482 if( memcmp( buffer, plain, 8 ) )
483 return "2";
484
485#if 0 /* full maintenance test */
486 {
487 int i;
488 byte a0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
489 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A };
490 byte b0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
491 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A };
492 byte a1[16] = { 0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
493 0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92 };
494 byte b1[16] = { 0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
495 0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E };
496
497 for(i=0; i < 1000000; i++ ) {
498 cast_setkey( &c, b0, 16 );
499 encrypt_block( &c, a0, a0 );
500 encrypt_block( &c, a0+8, a0+8 );
501 cast_setkey( &c, a0, 16 );
502 encrypt_block( &c, b0, b0 );
503 encrypt_block( &c, b0+8, b0+8 );
504 }
505 if( memcmp( a0, a1, 16 ) || memcmp( b0, b1, 16 ) )
506 return "3";
507
508 }
509#endif
510 return NULL;
511}
512
513
514static void
515key_schedule( u32 *x, u32 *z, u32 *k )
516{
517
518#define xi(i) ((x[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
519#define zi(i) ((z[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
520
521 z[0] = x[0] ^ s5[xi(13)]^s6[xi(15)]^s7[xi(12)]^s8[xi(14)]^s7[xi( 8)];
522 z[1] = x[2] ^ s5[zi( 0)]^s6[zi( 2)]^s7[zi( 1)]^s8[zi( 3)]^s8[xi(10)];
523 z[2] = x[3] ^ s5[zi( 7)]^s6[zi( 6)]^s7[zi( 5)]^s8[zi( 4)]^s5[xi( 9)];
524 z[3] = x[1] ^ s5[zi(10)]^s6[zi( 9)]^s7[zi(11)]^s8[zi( 8)]^s6[xi(11)];
525 k[0] = s5[zi( 8)]^s6[zi( 9)]^s7[zi( 7)]^s8[zi( 6)]^s5[zi( 2)];
526 k[1] = s5[zi(10)]^s6[zi(11)]^s7[zi( 5)]^s8[zi( 4)]^s6[zi( 6)];
527 k[2] = s5[zi(12)]^s6[zi(13)]^s7[zi( 3)]^s8[zi( 2)]^s7[zi( 9)];
528 k[3] = s5[zi(14)]^s6[zi(15)]^s7[zi( 1)]^s8[zi( 0)]^s8[zi(12)];
529
530 x[0] = z[2] ^ s5[zi( 5)]^s6[zi( 7)]^s7[zi( 4)]^s8[zi( 6)]^s7[zi( 0)];
531 x[1] = z[0] ^ s5[xi( 0)]^s6[xi( 2)]^s7[xi( 1)]^s8[xi( 3)]^s8[zi( 2)];
532 x[2] = z[1] ^ s5[xi( 7)]^s6[xi( 6)]^s7[xi( 5)]^s8[xi( 4)]^s5[zi( 1)];
533 x[3] = z[3] ^ s5[xi(10)]^s6[xi( 9)]^s7[xi(11)]^s8[xi( 8)]^s6[zi( 3)];
534 k[4] = s5[xi( 3)]^s6[xi( 2)]^s7[xi(12)]^s8[xi(13)]^s5[xi( 8)];
535 k[5] = s5[xi( 1)]^s6[xi( 0)]^s7[xi(14)]^s8[xi(15)]^s6[xi(13)];
536 k[6] = s5[xi( 7)]^s6[xi( 6)]^s7[xi( 8)]^s8[xi( 9)]^s7[xi( 3)];
537 k[7] = s5[xi( 5)]^s6[xi( 4)]^s7[xi(10)]^s8[xi(11)]^s8[xi( 7)];
538
539 z[0] = x[0] ^ s5[xi(13)]^s6[xi(15)]^s7[xi(12)]^s8[xi(14)]^s7[xi( 8)];
540 z[1] = x[2] ^ s5[zi( 0)]^s6[zi( 2)]^s7[zi( 1)]^s8[zi( 3)]^s8[xi(10)];
541 z[2] = x[3] ^ s5[zi( 7)]^s6[zi( 6)]^s7[zi( 5)]^s8[zi( 4)]^s5[xi( 9)];
542 z[3] = x[1] ^ s5[zi(10)]^s6[zi( 9)]^s7[zi(11)]^s8[zi( 8)]^s6[xi(11)];
543 k[8] = s5[zi( 3)]^s6[zi( 2)]^s7[zi(12)]^s8[zi(13)]^s5[zi( 9)];
544 k[9] = s5[zi( 1)]^s6[zi( 0)]^s7[zi(14)]^s8[zi(15)]^s6[zi(12)];
545 k[10]= s5[zi( 7)]^s6[zi( 6)]^s7[zi( 8)]^s8[zi( 9)]^s7[zi( 2)];
546 k[11]= s5[zi( 5)]^s6[zi( 4)]^s7[zi(10)]^s8[zi(11)]^s8[zi( 6)];
547
548 x[0] = z[2] ^ s5[zi( 5)]^s6[zi( 7)]^s7[zi( 4)]^s8[zi( 6)]^s7[zi( 0)];
549 x[1] = z[0] ^ s5[xi( 0)]^s6[xi( 2)]^s7[xi( 1)]^s8[xi( 3)]^s8[zi( 2)];
550 x[2] = z[1] ^ s5[xi( 7)]^s6[xi( 6)]^s7[xi( 5)]^s8[xi( 4)]^s5[zi( 1)];
551 x[3] = z[3] ^ s5[xi(10)]^s6[xi( 9)]^s7[xi(11)]^s8[xi( 8)]^s6[zi( 3)];
552 k[12]= s5[xi( 8)]^s6[xi( 9)]^s7[xi( 7)]^s8[xi( 6)]^s5[xi( 3)];
553 k[13]= s5[xi(10)]^s6[xi(11)]^s7[xi( 5)]^s8[xi( 4)]^s6[xi( 7)];
554 k[14]= s5[xi(12)]^s6[xi(13)]^s7[xi( 3)]^s8[xi( 2)]^s7[xi( 8)];
555 k[15]= s5[xi(14)]^s6[xi(15)]^s7[xi( 1)]^s8[xi( 0)]^s8[xi(13)];
556
557#undef xi
558#undef zi
559}
560
561
562static gcry_err_code_t
563do_cast_setkey( CAST5_context *c, const byte *key, unsigned keylen )
564{
565 static int initialized;
566 static const char* selftest_failed;
567 int i;
568 u32 x[4];
569 u32 z[4];
570 u32 k[16];
571
572 if( !initialized )
573 {
574 initialized = 1;
575 selftest_failed = selftest();
576 if( selftest_failed )
577 log_error ("CAST5 selftest failed (%s).\n", selftest_failed );
578 }
579 if( selftest_failed )
580 return GPG_ERR_SELFTEST_FAILED;
581
582 if( keylen != 16 )
583 return GPG_ERR_INV_KEYLEN;
584
585 x[0] = key[0] << 24 | key[1] << 16 | key[2] << 8 | key[3];
586 x[1] = key[4] << 24 | key[5] << 16 | key[6] << 8 | key[7];
587 x[2] = key[8] << 24 | key[9] << 16 | key[10] << 8 | key[11];
588 x[3] = key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15];
589
590 key_schedule( x, z, k );
591 for(i=0; i < 16; i++ )
592 c->Km[i] = k[i];
593 key_schedule( x, z, k );
594 for(i=0; i < 16; i++ )
595 c->Kr[i] = k[i] & 0x1f;
596
597 memset(&x,0, sizeof x);
598 memset(&z,0, sizeof z);
599 memset(&k,0, sizeof k);
600
601#undef xi
602#undef zi
603 return GPG_ERR_NO_ERROR;
604}
605
606static gcry_err_code_t
607cast_setkey (void *context, const byte *key, unsigned keylen )
608{
609 CAST5_context *c = (CAST5_context *) context;
610 gcry_err_code_t rc = do_cast_setkey (c, key, keylen);
611 _gcry_burn_stack (96+7*sizeof(void*));
612 return rc;
613}
614
615
616gcry_cipher_spec_t _gcry_cipher_spec_cast5 =
617 {
618 "CAST5", NULL, NULL, CAST5_BLOCKSIZE, 128, sizeof (CAST5_context),
619 cast_setkey, encrypt_block, decrypt_block,
620 };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cipher.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cipher.c
new file mode 100755
index 0000000..2b8491c
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cipher.c
@@ -0,0 +1,1397 @@
1/* cipher.c - cipher dispatcher
2 * Copyright (C) 1998,1999,2000,2001,2002,2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21#include <config.h>
22#include <stdio.h>
23#include <stdlib.h>
24#include <string.h>
25#include <errno.h>
26#include <assert.h>
27
28#include "g10lib.h"
29#include "cipher.h"
30#include "ath.h"
31
32#define MAX_BLOCKSIZE 16
33#define TABLE_SIZE 14
34#define CTX_MAGIC_NORMAL 0x24091964
35#define CTX_MAGIC_SECURE 0x46919042
36
37/* This is the list of the default ciphers, which are included in
38 libgcrypt. */
39static struct cipher_table_entry
40{
41 gcry_cipher_spec_t *cipher;
42 unsigned int algorithm;
43} cipher_table[] =
44 {
45#if USE_BLOWFISH
46 { &_gcry_cipher_spec_blowfish, GCRY_CIPHER_BLOWFISH },
47#endif
48#if USE_DES
49 { &_gcry_cipher_spec_des, GCRY_CIPHER_DES },
50 { &_gcry_cipher_spec_tripledes, GCRY_CIPHER_3DES },
51#endif
52#if USE_ARCFOUR
53 { &_gcry_cipher_spec_arcfour, GCRY_CIPHER_ARCFOUR },
54#endif
55#if USE_CAST5
56 { &_gcry_cipher_spec_cast5, GCRY_CIPHER_CAST5 },
57#endif
58#if USE_AES
59 { &_gcry_cipher_spec_aes, GCRY_CIPHER_AES },
60 { &_gcry_cipher_spec_aes192, GCRY_CIPHER_AES192 },
61 { &_gcry_cipher_spec_aes256, GCRY_CIPHER_AES256 },
62#endif
63#if USE_TWOFISH
64 { &_gcry_cipher_spec_twofish, GCRY_CIPHER_TWOFISH },
65 { &_gcry_cipher_spec_twofish128, GCRY_CIPHER_TWOFISH128 },
66#endif
67#if USE_SERPENT
68 { &_gcry_cipher_spec_serpent128, GCRY_CIPHER_SERPENT128 },
69 { &_gcry_cipher_spec_serpent192, GCRY_CIPHER_SERPENT192 },
70 { &_gcry_cipher_spec_serpent256, GCRY_CIPHER_SERPENT256 },
71#endif
72#ifdef USE_RFC2268
73 { &_gcry_cipher_spec_rfc2268_40, GCRY_CIPHER_RFC2268_40 },
74#endif
75 { NULL },
76 };
77
78/* List of registered ciphers. */
79static gcry_module_t ciphers_registered;
80
81/* This is the lock protecting CIPHERS_REGISTERED. */
82static ath_mutex_t ciphers_registered_lock = ATH_MUTEX_INITIALIZER;
83
84/* Flag to check wether the default ciphers have already been
85 registered. */
86static int default_ciphers_registered;
87
88/* Convenient macro for registering the default ciphers. */
89#define REGISTER_DEFAULT_CIPHERS \
90 do \
91 { \
92 ath_mutex_lock (&ciphers_registered_lock); \
93 if (! default_ciphers_registered) \
94 { \
95 gcry_cipher_register_default (); \
96 default_ciphers_registered = 1; \
97 } \
98 ath_mutex_unlock (&ciphers_registered_lock); \
99 } \
100 while (0)
101
102/* The handle structure. */
103struct gcry_cipher_handle
104{
105 int magic;
106 size_t actual_handle_size; /* Allocated size of this handle. */
107 gcry_cipher_spec_t *cipher;
108 gcry_module_t module;
109 int mode;
110 unsigned int flags;
111 unsigned char iv[MAX_BLOCKSIZE]; /* (this should be ulong aligned) */
112 unsigned char lastiv[MAX_BLOCKSIZE];
113 int unused; /* in IV */
114 unsigned char ctr[MAX_BLOCKSIZE]; /* For Counter (CTR) mode. */
115 PROPERLY_ALIGNED_TYPE context;
116};
117
118
119/* These dummy functions are used in case a cipher implementation
120 refuses to provide it's own functions. */
121
122static gcry_err_code_t
123dummy_setkey (void *c, const unsigned char *key, unsigned keylen)
124{
125 return GPG_ERR_NO_ERROR;
126}
127
128static void
129dummy_encrypt_block (void *c,
130 unsigned char *outbuf, const unsigned char *inbuf)
131{
132 BUG();
133}
134
135static void
136dummy_decrypt_block (void *c,
137 unsigned char *outbuf, const unsigned char *inbuf)
138{
139 BUG();
140}
141
142static void
143dummy_encrypt_stream (void *c,
144 unsigned char *outbuf, const unsigned char *inbuf,
145 unsigned int n)
146{
147 BUG();
148}
149
150static void
151dummy_decrypt_stream (void *c,
152 unsigned char *outbuf, const unsigned char *inbuf,
153 unsigned int n)
154{
155 BUG();
156}
157
158
159/* Internal function. Register all the ciphers included in
160 CIPHER_TABLE. Note, that this function gets only used by the macro
161 REGISTER_DEFAULT_CIPHERS which protects it using a mutex. */
162static void
163gcry_cipher_register_default (void)
164{
165 gcry_err_code_t err = GPG_ERR_NO_ERROR;
166 int i;
167
168 for (i = 0; !err && cipher_table[i].cipher; i++)
169 {
170 if (! cipher_table[i].cipher->setkey)
171 cipher_table[i].cipher->setkey = dummy_setkey;
172 if (! cipher_table[i].cipher->encrypt)
173 cipher_table[i].cipher->encrypt = dummy_encrypt_block;
174 if (! cipher_table[i].cipher->decrypt)
175 cipher_table[i].cipher->decrypt = dummy_decrypt_block;
176 if (! cipher_table[i].cipher->stencrypt)
177 cipher_table[i].cipher->stencrypt = dummy_encrypt_stream;
178 if (! cipher_table[i].cipher->stdecrypt)
179 cipher_table[i].cipher->stdecrypt = dummy_decrypt_stream;
180
181 err = _gcry_module_add (&ciphers_registered,
182 cipher_table[i].algorithm,
183 (void *) cipher_table[i].cipher,
184 NULL);
185 }
186
187 if (err)
188 BUG ();
189}
190
191/* Internal callback function. Used via _gcry_module_lookup. */
192static int
193gcry_cipher_lookup_func_name (void *spec, void *data)
194{
195 gcry_cipher_spec_t *cipher = (gcry_cipher_spec_t *) spec;
196 char *name = (char *) data;
197 const char **aliases = cipher->aliases;
198 int i, ret = ! stricmp (name, cipher->name);
199
200 if (aliases)
201 for (i = 0; aliases[i] && (! ret); i++)
202 ret = ! stricmp (name, aliases[i]);
203
204 return ret;
205}
206
207/* Internal callback function. Used via _gcry_module_lookup. */
208static int
209gcry_cipher_lookup_func_oid (void *spec, void *data)
210{
211 gcry_cipher_spec_t *cipher = (gcry_cipher_spec_t *) spec;
212 char *oid = (char *) data;
213 gcry_cipher_oid_spec_t *oid_specs = cipher->oids;
214 int ret = 0, i;
215
216 if (oid_specs)
217 for (i = 0; oid_specs[i].oid && (! ret); i++)
218 if (! stricmp (oid, oid_specs[i].oid))
219 ret = 1;
220
221 return ret;
222}
223
224/* Internal function. Lookup a cipher entry by it's name. */
225static gcry_module_t
226gcry_cipher_lookup_name (const char *name)
227{
228 gcry_module_t cipher;
229
230 cipher = _gcry_module_lookup (ciphers_registered, (void *) name,
231 gcry_cipher_lookup_func_name);
232
233 return cipher;
234}
235
236/* Internal function. Lookup a cipher entry by it's oid. */
237static gcry_module_t
238gcry_cipher_lookup_oid (const char *oid)
239{
240 gcry_module_t cipher;
241
242 cipher = _gcry_module_lookup (ciphers_registered, (void *) oid,
243 gcry_cipher_lookup_func_oid);
244
245 return cipher;
246}
247
248/* Register a new cipher module whose specification can be found in
249 CIPHER. On success, a new algorithm ID is stored in ALGORITHM_ID
250 and a pointer representhing this module is stored in MODULE. */
251gcry_error_t
252gcry_cipher_register (gcry_cipher_spec_t *cipher,
253 int *algorithm_id,
254 gcry_module_t *module)
255{
256 gcry_err_code_t err = 0;
257 gcry_module_t mod;
258
259 ath_mutex_lock (&ciphers_registered_lock);
260 err = _gcry_module_add (&ciphers_registered, 0,
261 (void *) cipher, &mod);
262 ath_mutex_unlock (&ciphers_registered_lock);
263
264 if (! err)
265 {
266 *module = mod;
267 *algorithm_id = mod->mod_id;
268 }
269
270 return gcry_error (err);
271}
272
273/* Unregister the cipher identified by MODULE, which must have been
274 registered with gcry_cipher_register. */
275void
276gcry_cipher_unregister (gcry_module_t module)
277{
278 ath_mutex_lock (&ciphers_registered_lock);
279 _gcry_module_release (module);
280 ath_mutex_unlock (&ciphers_registered_lock);
281}
282
283/* Locate the OID in the oid table and return the index or -1 when not
284 found. An opitonal "oid." or "OID." prefix in OID is ignored, the
285 OID is expected to be in standard IETF dotted notation. The
286 internal algorithm number is returned in ALGORITHM unless it
287 ispassed as NULL. A pointer to the specification of the module
288 implementing this algorithm is return in OID_SPEC unless passed as
289 NULL.*/
290static int
291search_oid (const char *oid, int *algorithm, gcry_cipher_oid_spec_t *oid_spec)
292{
293 gcry_module_t module;
294 int ret = 0;
295
296 if (oid && ((! strncmp (oid, "oid.", 4))
297 || (! strncmp (oid, "OID.", 4))))
298 oid += 4;
299
300 module = gcry_cipher_lookup_oid (oid);
301 if (module)
302 {
303 gcry_cipher_spec_t *cipher = module->spec;
304 int i;
305
306 for (i = 0; cipher->oids[i].oid && !ret; i++)
307 if (! stricmp (oid, cipher->oids[i].oid))
308 {
309 if (algorithm)
310 *algorithm = module->mod_id;
311 if (oid_spec)
312 *oid_spec = cipher->oids[i];
313 ret = 1;
314 }
315 _gcry_module_release (module);
316 }
317
318 return ret;
319}
320
321/* Map STRING to the cipher algorithm identifier. Returns the
322 algorithm ID of the cipher for the given name or 0 if the name is
323 not known. It is valid to pass NULL for STRING which results in a
324 return value of 0. */
325int
326gcry_cipher_map_name (const char *string)
327{
328 gcry_module_t cipher;
329 int ret, algorithm = 0;
330
331 if (! string)
332 return 0;
333
334 REGISTER_DEFAULT_CIPHERS;
335
336 /* If the string starts with a digit (optionally prefixed with
337 either "OID." or "oid."), we first look into our table of ASN.1
338 object identifiers to figure out the algorithm */
339
340 ath_mutex_lock (&ciphers_registered_lock);
341
342 ret = search_oid (string, &algorithm, NULL);
343 if (! ret)
344 {
345 cipher = gcry_cipher_lookup_name (string);
346 if (cipher)
347 {
348 algorithm = cipher->mod_id;
349 _gcry_module_release (cipher);
350 }
351 }
352
353 ath_mutex_unlock (&ciphers_registered_lock);
354
355 return algorithm;
356}
357
358
359/* Given a STRING with an OID in dotted decimal notation, this
360 function returns the cipher mode (GCRY_CIPHER_MODE_*) associated
361 with that OID or 0 if no mode is known. Passing NULL for string
362 yields a return value of 0. */
363int
364gcry_cipher_mode_from_oid (const char *string)
365{
366 gcry_cipher_oid_spec_t oid_spec;
367 int ret = 0, mode = 0;
368
369 if (!string)
370 return 0;
371
372 ath_mutex_lock (&ciphers_registered_lock);
373 ret = search_oid (string, NULL, &oid_spec);
374 if (ret)
375 mode = oid_spec.mode;
376 ath_mutex_unlock (&ciphers_registered_lock);
377
378 return mode;
379}
380
381
382/* Map the cipher algorithm identifier ALGORITHM to a string
383 representing this algorithm. This string is the default name as
384 used by Libgcrypt. NULL is returned for an unknown algorithm. */
385static const char *
386cipher_algo_to_string (int algorithm)
387{
388 gcry_module_t cipher;
389 const char *name = NULL;
390
391 REGISTER_DEFAULT_CIPHERS;
392
393 ath_mutex_lock (&ciphers_registered_lock);
394 cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
395 if (cipher)
396 {
397 name = ((gcry_cipher_spec_t *) cipher->spec)->name;
398 _gcry_module_release (cipher);
399 }
400 ath_mutex_unlock (&ciphers_registered_lock);
401
402 return name;
403}
404
405/* Map the cipher algorithm identifier ALGORITHM to a string
406 representing this algorithm. This string is the default name as
407 used by Libgcrypt. An pointer to an empty string is returned for
408 an unknown algorithm. NULL is never returned. */
409const char *
410gcry_cipher_algo_name (int algorithm)
411{
412 const char *s = cipher_algo_to_string (algorithm);
413 return s ? s : "";
414}
415
416
417/* Flag the cipher algorithm with the identifier ALGORITHM as
418 disabled. There is no error return, the function does nothing for
419 unknown algorithms. Disabled algorithms are vitually not available
420 in Libgcrypt. */
421static void
422disable_cipher_algo (int algorithm)
423{
424 gcry_module_t cipher;
425
426 REGISTER_DEFAULT_CIPHERS;
427
428 ath_mutex_lock (&ciphers_registered_lock);
429 cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
430 if (cipher)
431 {
432 if (! (cipher->flags & FLAG_MODULE_DISABLED))
433 cipher->flags |= FLAG_MODULE_DISABLED;
434 _gcry_module_release (cipher);
435 }
436 ath_mutex_unlock (&ciphers_registered_lock);
437}
438
439
440/* Return 0 if the cipher algorithm with indentifier ALGORITHM is
441 available. Returns a basic error code value if it is not available. */
442static gcry_err_code_t
443check_cipher_algo (int algorithm)
444{
445 gcry_err_code_t err = GPG_ERR_NO_ERROR;
446 gcry_module_t cipher;
447
448 REGISTER_DEFAULT_CIPHERS;
449
450 ath_mutex_lock (&ciphers_registered_lock);
451 cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
452 if (cipher)
453 {
454 if (cipher->flags & FLAG_MODULE_DISABLED)
455 err = GPG_ERR_CIPHER_ALGO;
456 _gcry_module_release (cipher);
457 }
458 else
459 err = GPG_ERR_CIPHER_ALGO;
460 ath_mutex_unlock (&ciphers_registered_lock);
461
462 return err;
463}
464
465
466/* Return the standard length of the key for the cipher algorithm with
467 the identifier ALGORITHM. This function expects a valid algorithm
468 and will abort if the algorithm is not available or the length of
469 the key is not known. */
470static unsigned int
471cipher_get_keylen (int algorithm)
472{
473 gcry_module_t cipher;
474 unsigned len = 0;
475
476 REGISTER_DEFAULT_CIPHERS;
477
478 ath_mutex_lock (&ciphers_registered_lock);
479 cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
480 if (cipher)
481 {
482 len = ((gcry_cipher_spec_t *) cipher->spec)->keylen;
483 if (! len)
484 log_bug ("cipher %d w/o key length\n", algorithm);
485 _gcry_module_release (cipher);
486 }
487 else
488 log_bug ("cipher %d not found\n", algorithm);
489 ath_mutex_unlock (&ciphers_registered_lock);
490
491 return len;
492}
493
494/* Return the block length of the cipher algorithm with the identifier
495 ALGORITHM. This function expects a valid algorithm and will abort
496 if the algorithm is not available or the length of the key is not
497 known. */
498static unsigned int
499cipher_get_blocksize (int algorithm)
500{
501 gcry_module_t cipher;
502 unsigned len = 0;
503
504 REGISTER_DEFAULT_CIPHERS;
505
506 ath_mutex_lock (&ciphers_registered_lock);
507 cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
508 if (cipher)
509 {
510 len = ((gcry_cipher_spec_t *) cipher->spec)->blocksize;
511 if (! len)
512 log_bug ("cipher %d w/o blocksize\n", algorithm);
513 _gcry_module_release (cipher);
514 }
515 else
516 log_bug ("cipher %d not found\n", algorithm);
517 ath_mutex_unlock (&ciphers_registered_lock);
518
519 return len;
520}
521
522
523/*
524 Open a cipher handle for use with cipher algorithm ALGORITHM, using
525 the cipher mode MODE (one of the GCRY_CIPHER_MODE_*) and return a
526 handle in HANDLE. Put NULL into HANDLE and return an error code if
527 something goes wrong. FLAGS may be used to modify the
528 operation. The defined flags are:
529
530 GCRY_CIPHER_SECURE: allocate all internal buffers in secure memory.
531 GCRY_CIPHER_ENABLE_SYNC: Enable the sync operation as used in OpenPGP.
532 GCRY_CIPHER_CBC_CTS: Enable CTS mode.
533 GCRY_CIPHER_CBC_MAC: Enable MAC mode.
534
535 Values for these flags may be combined using OR.
536 */
537gcry_error_t
538gcry_cipher_open (gcry_cipher_hd_t *handle,
539 int algo, int mode, unsigned int flags)
540{
541 int secure = (flags & GCRY_CIPHER_SECURE);
542 gcry_cipher_spec_t *cipher = NULL;
543 gcry_module_t module = NULL;
544 gcry_cipher_hd_t h = NULL;
545 gcry_err_code_t err = 0;
546
547 /* If the application missed to call the random poll function, we do
548 it here to ensure that it is used once in a while. */
549 _gcry_fast_random_poll ();
550
551 REGISTER_DEFAULT_CIPHERS;
552
553 /* Fetch the according module and check wether the cipher is marked
554 available for use. */
555 ath_mutex_lock (&ciphers_registered_lock);
556 module = _gcry_module_lookup_id (ciphers_registered, algo);
557 if (module)
558 {
559 /* Found module. */
560
561 if (module->flags & FLAG_MODULE_DISABLED)
562 {
563 /* Not available for use. */
564 err = GPG_ERR_CIPHER_ALGO;
565 _gcry_module_release (module);
566 }
567 else
568 cipher = (gcry_cipher_spec_t *) module->spec;
569 }
570 else
571 err = GPG_ERR_CIPHER_ALGO;
572 ath_mutex_unlock (&ciphers_registered_lock);
573
574 /* check flags */
575 if ((! err)
576 && ((flags & ~(0
577 | GCRY_CIPHER_SECURE
578 | GCRY_CIPHER_ENABLE_SYNC
579 | GCRY_CIPHER_CBC_CTS
580 | GCRY_CIPHER_CBC_MAC))
581 || (flags & GCRY_CIPHER_CBC_CTS & GCRY_CIPHER_CBC_MAC)))
582 err = GPG_ERR_CIPHER_ALGO;
583
584 /* check that a valid mode has been requested */
585 if (! err)
586 switch (mode)
587 {
588 case GCRY_CIPHER_MODE_ECB:
589 case GCRY_CIPHER_MODE_CBC:
590 case GCRY_CIPHER_MODE_CFB:
591 case GCRY_CIPHER_MODE_CTR:
592 if ((cipher->encrypt == dummy_encrypt_block)
593 || (cipher->decrypt == dummy_decrypt_block))
594 err = GPG_ERR_INV_CIPHER_MODE;
595 break;
596
597 case GCRY_CIPHER_MODE_STREAM:
598 if ((cipher->stencrypt == dummy_encrypt_stream)
599 || (cipher->stdecrypt == dummy_decrypt_stream))
600 err = GPG_ERR_INV_CIPHER_MODE;
601 break;
602
603 case GCRY_CIPHER_MODE_NONE:
604 /* FIXME: issue a warning when this mode is used */
605 break;
606
607 default:
608 err = GPG_ERR_INV_CIPHER_MODE;
609 }
610
611 /* ? FIXME: perform selftest here and mark this with a flag in
612 cipher_table ? */
613
614 if (! err)
615 {
616 size_t size = (sizeof (*h)
617 + 2 * cipher->contextsize
618 - sizeof (PROPERLY_ALIGNED_TYPE));
619
620 if (secure)
621 h = gcry_calloc_secure (1, size);
622 else
623 h = gcry_calloc (1, size);
624
625 if (! h)
626 err = gpg_err_code_from_errno (errno);
627 else
628 {
629 h->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
630 h->actual_handle_size = size;
631 h->cipher = cipher;
632 h->module = module;
633 h->mode = mode;
634 h->flags = flags;
635 }
636 }
637
638 /* Done. */
639
640 if (err)
641 {
642 if (module)
643 {
644 /* Release module. */
645 ath_mutex_lock (&ciphers_registered_lock);
646 _gcry_module_release (module);
647 ath_mutex_unlock (&ciphers_registered_lock);
648 }
649 }
650
651 *handle = err ? NULL : h;
652
653 return gcry_error (err);
654}
655
656
657/* Release all resources associated with the cipher handle H. H may be
658 NULL in which case this is a no-operation. */
659void
660gcry_cipher_close (gcry_cipher_hd_t h)
661{
662 if (! h)
663 return;
664
665 if ((h->magic != CTX_MAGIC_SECURE)
666 && (h->magic != CTX_MAGIC_NORMAL))
667 _gcry_fatal_error(GPG_ERR_INTERNAL,
668 "gcry_cipher_close: already closed/invalid handle");
669 else
670 h->magic = 0;
671
672 /* Release module. */
673 ath_mutex_lock (&ciphers_registered_lock);
674 _gcry_module_release (h->module);
675 ath_mutex_unlock (&ciphers_registered_lock);
676
677 /* We always want to wipe out the memory even when the context has
678 been allocated in secure memory. The user might have disabled
679 secure memory or is using his own implementation which does not
680 do the wiping. To accomplish this we need to keep track of the
681 actual size of this structure because we have no way to known
682 how large the allocated area was when using a standard malloc. */
683 wipememory (h, h->actual_handle_size);
684
685 gcry_free (h);
686}
687
688
689/* Set the key to be used for the encryption context C to KEY with
690 length KEYLEN. The length should match the required length. */
691static gcry_error_t
692cipher_setkey (gcry_cipher_hd_t c, byte *key, unsigned keylen)
693{
694 gcry_err_code_t ret;
695
696 ret = (*c->cipher->setkey) (&c->context.c, key, keylen);
697 if (! ret)
698 /* Duplicate initial context. */
699 memcpy ((void *) ((char *) &c->context.c + c->cipher->contextsize),
700 (void *) &c->context.c,
701 c->cipher->contextsize);
702
703 return gcry_error (ret);
704}
705
706
707/* Set the IV to be used for the encryption context C to IV with
708 length IVLEN. The length should match the required length. */
709static void
710cipher_setiv( gcry_cipher_hd_t c, const byte *iv, unsigned ivlen )
711{
712 memset( c->iv, 0, c->cipher->blocksize );
713 if( iv ) {
714 if( ivlen != c->cipher->blocksize )
715 log_info("WARNING: cipher_setiv: ivlen=%u blklen=%u\n",
716 ivlen, (unsigned) c->cipher->blocksize );
717 if (ivlen > c->cipher->blocksize)
718 ivlen = c->cipher->blocksize;
719 memcpy( c->iv, iv, ivlen );
720 }
721 c->unused = 0;
722}
723
724
725/* Reset the cipher context to the initial contex. This is basically
726 the same as an release followed by a new. */
727static void
728cipher_reset (gcry_cipher_hd_t c)
729{
730 memcpy (&c->context.c,
731 (char *) &c->context.c + c->cipher->contextsize,
732 c->cipher->contextsize);
733 memset (c->iv, 0, c->cipher->blocksize);
734 memset (c->lastiv, 0, c->cipher->blocksize);
735 memset (c->ctr, 0, c->cipher->blocksize);
736}
737
738
739static void
740do_ecb_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
741 unsigned int nblocks )
742{
743 unsigned int n;
744
745 for(n=0; n < nblocks; n++ ) {
746 c->cipher->encrypt ( &c->context.c, outbuf, (byte*)/*arggg*/inbuf );
747 inbuf += c->cipher->blocksize;
748 outbuf += c->cipher->blocksize;
749 }
750}
751
752static void
753do_ecb_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
754 unsigned int nblocks )
755{
756 unsigned n;
757
758 for(n=0; n < nblocks; n++ ) {
759 c->cipher->decrypt ( &c->context.c, outbuf, (byte*)/*arggg*/inbuf );
760 inbuf += c->cipher->blocksize;
761 outbuf += c->cipher->blocksize;
762 }
763}
764
765static void
766do_cbc_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
767 unsigned int nbytes )
768{
769 unsigned int n;
770 byte *ivp;
771 int i;
772 size_t blocksize = c->cipher->blocksize;
773 unsigned nblocks = nbytes / blocksize;
774
775 if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {
776 if ((nbytes % blocksize) == 0)
777 nblocks--;
778 }
779
780 for(n=0; n < nblocks; n++ ) {
781 /* fixme: the xor should work on words and not on
782 * bytes. Maybe it is a good idea to enhance the cipher backend
783 * API to allow for CBC handling direct in the backend */
784 for(ivp=c->iv,i=0; i < blocksize; i++ )
785 outbuf[i] = inbuf[i] ^ *ivp++;
786 c->cipher->encrypt ( &c->context.c, outbuf, outbuf );
787 memcpy(c->iv, outbuf, blocksize );
788 inbuf += c->cipher->blocksize;
789 if (!(c->flags & GCRY_CIPHER_CBC_MAC))
790 outbuf += c->cipher->blocksize;
791 }
792
793 if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize)
794 {
795 /* We have to be careful here, since outbuf might be equal to
796 inbuf. */
797
798 int restbytes;
799 byte b;
800
801 if ((nbytes % blocksize) == 0)
802 restbytes = blocksize;
803 else
804 restbytes = nbytes % blocksize;
805
806 outbuf -= blocksize;
807 for (ivp = c->iv, i = 0; i < restbytes; i++)
808 {
809 b = inbuf[i];
810 outbuf[blocksize + i] = outbuf[i];
811 outbuf[i] = b ^ *ivp++;
812 }
813 for (; i < blocksize; i++)
814 outbuf[i] = 0 ^ *ivp++;
815
816 c->cipher->encrypt (&c->context.c, outbuf, outbuf);
817 memcpy (c->iv, outbuf, blocksize);
818 }
819}
820
821static void
822do_cbc_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
823 unsigned int nbytes )
824{
825 unsigned int n;
826 byte *ivp;
827 int i;
828 size_t blocksize = c->cipher->blocksize;
829 unsigned int nblocks = nbytes / blocksize;
830
831 if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {
832 nblocks--;
833 if ((nbytes % blocksize) == 0)
834 nblocks--;
835 memcpy(c->lastiv, c->iv, blocksize );
836 }
837
838 for(n=0; n < nblocks; n++ ) {
839 /* Because outbuf and inbuf might be the same, we have
840 * to save the original ciphertext block. We use lastiv
841 * for this here because it is not used otherwise. */
842 memcpy(c->lastiv, inbuf, blocksize );
843 c->cipher->decrypt ( &c->context.c, outbuf, inbuf );
844 for(ivp=c->iv,i=0; i < blocksize; i++ )
845 outbuf[i] ^= *ivp++;
846 memcpy(c->iv, c->lastiv, blocksize );
847 inbuf += c->cipher->blocksize;
848 outbuf += c->cipher->blocksize;
849 }
850
851 if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {
852 int restbytes;
853
854 if ((nbytes % blocksize) == 0)
855 restbytes = blocksize;
856 else
857 restbytes = nbytes % blocksize;
858
859 memcpy(c->lastiv, c->iv, blocksize ); /* save Cn-2 */
860 memcpy(c->iv, inbuf + blocksize, restbytes ); /* save Cn */
861
862 c->cipher->decrypt ( &c->context.c, outbuf, inbuf );
863 for(ivp=c->iv,i=0; i < restbytes; i++ )
864 outbuf[i] ^= *ivp++;
865
866 memcpy(outbuf + blocksize, outbuf, restbytes);
867 for(i=restbytes; i < blocksize; i++)
868 c->iv[i] = outbuf[i];
869 c->cipher->decrypt ( &c->context.c, outbuf, c->iv );
870 for(ivp=c->lastiv,i=0; i < blocksize; i++ )
871 outbuf[i] ^= *ivp++;
872 /* c->lastiv is now really lastlastiv, does this matter? */
873 }
874}
875
876
877static void
878do_cfb_encrypt( gcry_cipher_hd_t c,
879 byte *outbuf, const byte *inbuf, unsigned nbytes )
880{
881 byte *ivp;
882 size_t blocksize = c->cipher->blocksize;
883
884 if( nbytes <= c->unused ) {
885 /* Short enough to be encoded by the remaining XOR mask. */
886 /* XOR the input with the IV and store input into IV. */
887 for (ivp=c->iv+c->cipher->blocksize - c->unused;
888 nbytes;
889 nbytes--, c->unused-- )
890 *outbuf++ = (*ivp++ ^= *inbuf++);
891 return;
892 }
893
894 if( c->unused ) {
895 /* XOR the input with the IV and store input into IV */
896 nbytes -= c->unused;
897 for(ivp=c->iv+blocksize - c->unused; c->unused; c->unused-- )
898 *outbuf++ = (*ivp++ ^= *inbuf++);
899 }
900
901 /* Now we can process complete blocks. */
902 while( nbytes >= blocksize ) {
903 int i;
904 /* Encrypt the IV (and save the current one). */
905 memcpy( c->lastiv, c->iv, blocksize );
906 c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
907 /* XOR the input with the IV and store input into IV */
908 for(ivp=c->iv,i=0; i < blocksize; i++ )
909 *outbuf++ = (*ivp++ ^= *inbuf++);
910 nbytes -= blocksize;
911 }
912 if( nbytes ) { /* process the remaining bytes */
913 /* encrypt the IV (and save the current one) */
914 memcpy( c->lastiv, c->iv, blocksize );
915 c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
916 c->unused = blocksize;
917 /* and apply the xor */
918 c->unused -= nbytes;
919 for(ivp=c->iv; nbytes; nbytes-- )
920 *outbuf++ = (*ivp++ ^= *inbuf++);
921 }
922}
923
924static void
925do_cfb_decrypt( gcry_cipher_hd_t c,
926 byte *outbuf, const byte *inbuf, unsigned int nbytes )
927{
928 byte *ivp;
929 ulong temp;
930 size_t blocksize = c->cipher->blocksize;
931
932 if( nbytes <= c->unused ) {
933 /* Short enough to be encoded by the remaining XOR mask. */
934 /* XOR the input with the IV and store input into IV. */
935 for(ivp=c->iv+blocksize - c->unused; nbytes; nbytes--,c->unused--) {
936 temp = *inbuf++;
937 *outbuf++ = *ivp ^ temp;
938 *ivp++ = temp;
939 }
940 return;
941 }
942
943 if( c->unused ) {
944 /* XOR the input with the IV and store input into IV. */
945 nbytes -= c->unused;
946 for(ivp=c->iv+blocksize - c->unused; c->unused; c->unused-- ) {
947 temp = *inbuf++;
948 *outbuf++ = *ivp ^ temp;
949 *ivp++ = temp;
950 }
951 }
952
953 /* now we can process complete blocks */
954 while( nbytes >= blocksize ) {
955 int i;
956 /* encrypt the IV (and save the current one) */
957 memcpy( c->lastiv, c->iv, blocksize );
958 c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
959 /* XOR the input with the IV and store input into IV */
960 for(ivp=c->iv,i=0; i < blocksize; i++ ) {
961 temp = *inbuf++;
962 *outbuf++ = *ivp ^ temp;
963 *ivp++ = temp;
964 }
965 nbytes -= blocksize;
966 }
967 if( nbytes ) { /* process the remaining bytes */
968 /* encrypt the IV (and save the current one) */
969 memcpy( c->lastiv, c->iv, blocksize );
970 c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
971 c->unused = blocksize;
972 /* and apply the xor */
973 c->unused -= nbytes;
974 for(ivp=c->iv; nbytes; nbytes-- ) {
975 temp = *inbuf++;
976 *outbuf++ = *ivp ^ temp;
977 *ivp++ = temp;
978 }
979 }
980}
981
982
983static void
984do_ctr_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
985 unsigned int nbytes )
986{
987 unsigned int n;
988 byte tmp[MAX_BLOCKSIZE];
989 int i;
990
991 for(n=0; n < nbytes; n++)
992 {
993 if ((n % c->cipher->blocksize) == 0)
994 {
995 c->cipher->encrypt (&c->context.c, tmp, c->ctr);
996
997 for (i = c->cipher->blocksize; i > 0; i--)
998 {
999 c->ctr[i-1]++;
1000 if (c->ctr[i-1] != 0)
1001 break;
1002 }
1003 }
1004
1005 /* XOR input with encrypted counter and store in output. */
1006 outbuf[n] = inbuf[n] ^ tmp[n % c->cipher->blocksize];
1007 }
1008}
1009
1010static void
1011do_ctr_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
1012 unsigned int nbytes )
1013{
1014 do_ctr_encrypt (c, outbuf, inbuf, nbytes);
1015}
1016
1017
1018/****************
1019 * Encrypt INBUF to OUTBUF with the mode selected at open.
1020 * inbuf and outbuf may overlap or be the same.
1021 * Depending on the mode some contraints apply to NBYTES.
1022 */
1023static gcry_err_code_t
1024cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf,
1025 const byte *inbuf, unsigned int nbytes)
1026{
1027 gcry_err_code_t rc = GPG_ERR_NO_ERROR;
1028
1029 switch( c->mode ) {
1030 case GCRY_CIPHER_MODE_ECB:
1031 if (!(nbytes%c->cipher->blocksize))
1032 do_ecb_encrypt(c, outbuf, inbuf, nbytes/c->cipher->blocksize );
1033 else
1034 rc = GPG_ERR_INV_ARG;
1035 break;
1036 case GCRY_CIPHER_MODE_CBC:
1037 if (!(nbytes%c->cipher->blocksize)
1038 || (nbytes > c->cipher->blocksize
1039 && (c->flags & GCRY_CIPHER_CBC_CTS)))
1040 do_cbc_encrypt(c, outbuf, inbuf, nbytes );
1041 else
1042 rc = GPG_ERR_INV_ARG;
1043 break;
1044 case GCRY_CIPHER_MODE_CFB:
1045 do_cfb_encrypt(c, outbuf, inbuf, nbytes );
1046 break;
1047 case GCRY_CIPHER_MODE_CTR:
1048 do_ctr_encrypt(c, outbuf, inbuf, nbytes );
1049 break;
1050 case GCRY_CIPHER_MODE_STREAM:
1051 c->cipher->stencrypt ( &c->context.c,
1052 outbuf, (byte*)/*arggg*/inbuf, nbytes );
1053 break;
1054 case GCRY_CIPHER_MODE_NONE:
1055 if( inbuf != outbuf )
1056 memmove( outbuf, inbuf, nbytes );
1057 break;
1058 default:
1059 log_fatal("cipher_encrypt: invalid mode %d\n", c->mode );
1060 rc = GPG_ERR_INV_CIPHER_MODE;
1061 break;
1062 }
1063 return rc;
1064}
1065
1066
1067/****************
1068 * Encrypt IN and write it to OUT. If IN is NULL, in-place encryption has
1069 * been requested.
1070 */
1071gcry_error_t
1072gcry_cipher_encrypt (gcry_cipher_hd_t h, void *out, size_t outsize,
1073 const void *in, size_t inlen)
1074{
1075 gcry_err_code_t err;
1076
1077 if (!in)
1078 /* Caller requested in-place encryption. */
1079 /* Actullay cipher_encrypt() does not need to know about it, but
1080 * we may change this to get better performance. */
1081 err = cipher_encrypt (h, out, out, outsize);
1082 else if (outsize < ((h->flags & GCRY_CIPHER_CBC_MAC) ?
1083 h->cipher->blocksize : inlen))
1084 err = GPG_ERR_TOO_SHORT;
1085 else if ((h->mode == GCRY_CIPHER_MODE_ECB
1086 || (h->mode == GCRY_CIPHER_MODE_CBC
1087 && (! ((h->flags & GCRY_CIPHER_CBC_CTS)
1088 && (inlen > h->cipher->blocksize)))))
1089 && (inlen % h->cipher->blocksize))
1090 err = GPG_ERR_INV_ARG;
1091 else
1092 err = cipher_encrypt (h, out, in, inlen);
1093
1094 if (err && out)
1095 memset (out, 0x42, outsize); /* Failsafe: Make sure that the
1096 plaintext will never make it into
1097 OUT. */
1098
1099 return gcry_error (err);
1100}
1101
1102
1103
1104/****************
1105 * Decrypt INBUF to OUTBUF with the mode selected at open.
1106 * inbuf and outbuf may overlap or be the same.
1107 * Depending on the mode some some contraints apply to NBYTES.
1108 */
1109static gcry_err_code_t
1110cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
1111 unsigned int nbytes)
1112{
1113 gcry_err_code_t rc = GPG_ERR_NO_ERROR;
1114
1115 switch( c->mode ) {
1116 case GCRY_CIPHER_MODE_ECB:
1117 if (!(nbytes%c->cipher->blocksize))
1118 do_ecb_decrypt(c, outbuf, inbuf, nbytes/c->cipher->blocksize );
1119 else
1120 rc = GPG_ERR_INV_ARG;
1121 break;
1122 case GCRY_CIPHER_MODE_CBC:
1123 if (!(nbytes%c->cipher->blocksize)
1124 || (nbytes > c->cipher->blocksize
1125 && (c->flags & GCRY_CIPHER_CBC_CTS)))
1126 do_cbc_decrypt(c, outbuf, inbuf, nbytes );
1127 else
1128 rc = GPG_ERR_INV_ARG;
1129 break;
1130 case GCRY_CIPHER_MODE_CFB:
1131 do_cfb_decrypt(c, outbuf, inbuf, nbytes );
1132 break;
1133 case GCRY_CIPHER_MODE_CTR:
1134 do_ctr_decrypt(c, outbuf, inbuf, nbytes );
1135 break;
1136 case GCRY_CIPHER_MODE_STREAM:
1137 c->cipher->stdecrypt ( &c->context.c,
1138 outbuf, (byte*)/*arggg*/inbuf, nbytes );
1139 break;
1140 case GCRY_CIPHER_MODE_NONE:
1141 if( inbuf != outbuf )
1142 memmove( outbuf, inbuf, nbytes );
1143 break;
1144 default:
1145 log_fatal ("cipher_decrypt: invalid mode %d\n", c->mode );
1146 rc = GPG_ERR_INV_CIPHER_MODE;
1147 break;
1148 }
1149 return rc;
1150}
1151
1152
1153gcry_error_t
1154gcry_cipher_decrypt (gcry_cipher_hd_t h, void *out, size_t outsize,
1155 const void *in, size_t inlen)
1156{
1157 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1158
1159 if (! in)
1160 /* Caller requested in-place encryption. */
1161 /* Actullay cipher_encrypt() does not need to know about it, but
1162 * we may chnage this to get better performance. */
1163 err = cipher_decrypt (h, out, out, outsize);
1164 else if (outsize < inlen)
1165 err = GPG_ERR_TOO_SHORT;
1166 else if (((h->mode == GCRY_CIPHER_MODE_ECB)
1167 || ((h->mode == GCRY_CIPHER_MODE_CBC)
1168 && (! ((h->flags & GCRY_CIPHER_CBC_CTS)
1169 && (inlen > h->cipher->blocksize)))))
1170 && (inlen % h->cipher->blocksize) != 0)
1171 err = GPG_ERR_INV_ARG;
1172 else
1173 err = cipher_decrypt (h, out, in, inlen);
1174
1175 return gcry_error (err);
1176}
1177
1178
1179
1180/****************
1181 * Used for PGP's somewhat strange CFB mode. Only works if
1182 * the corresponding flag is set.
1183 */
1184static void
1185cipher_sync( gcry_cipher_hd_t c )
1186{
1187 if( (c->flags & GCRY_CIPHER_ENABLE_SYNC) && c->unused ) {
1188 memmove(c->iv + c->unused, c->iv, c->cipher->blocksize - c->unused );
1189 memcpy(c->iv, c->lastiv + c->cipher->blocksize - c->unused, c->unused);
1190 c->unused = 0;
1191 }
1192}
1193
1194
1195gcry_error_t
1196gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
1197{
1198 gcry_err_code_t rc = GPG_ERR_NO_ERROR;
1199
1200 switch (cmd)
1201 {
1202 case GCRYCTL_SET_KEY:
1203 rc = cipher_setkey( h, buffer, buflen );
1204 break;
1205 case GCRYCTL_SET_IV:
1206 cipher_setiv( h, buffer, buflen );
1207 break;
1208 case GCRYCTL_RESET:
1209 cipher_reset (h);
1210 break;
1211 case GCRYCTL_CFB_SYNC:
1212 cipher_sync( h );
1213 break;
1214 case GCRYCTL_SET_CBC_CTS:
1215 if (buflen)
1216 if (h->flags & GCRY_CIPHER_CBC_MAC)
1217 rc = GPG_ERR_INV_FLAG;
1218 else
1219 h->flags |= GCRY_CIPHER_CBC_CTS;
1220 else
1221 h->flags &= ~GCRY_CIPHER_CBC_CTS;
1222 break;
1223 case GCRYCTL_SET_CBC_MAC:
1224 if (buflen)
1225 if (h->flags & GCRY_CIPHER_CBC_CTS)
1226 rc = GPG_ERR_INV_FLAG;
1227 else
1228 h->flags |= GCRY_CIPHER_CBC_MAC;
1229 else
1230 h->flags &= ~GCRY_CIPHER_CBC_MAC;
1231 break;
1232 case GCRYCTL_DISABLE_ALGO:
1233 /* this one expects a NULL handle and buffer pointing to an
1234 * integer with the algo number.
1235 */
1236 if( h || !buffer || buflen != sizeof(int) )
1237 return gcry_error (GPG_ERR_CIPHER_ALGO);
1238 disable_cipher_algo( *(int*)buffer );
1239 break;
1240 case GCRYCTL_SET_CTR:
1241 if (buffer && buflen == h->cipher->blocksize)
1242 memcpy (h->ctr, buffer, h->cipher->blocksize);
1243 else if (buffer == NULL || buflen == 0)
1244 memset (h->ctr, 0, h->cipher->blocksize);
1245 else
1246 rc = GPG_ERR_INV_ARG;
1247 break;
1248
1249 default:
1250 rc = GPG_ERR_INV_OP;
1251 }
1252
1253 return gcry_error (rc);
1254}
1255
1256
1257/****************
1258 * Return information about the cipher handle.
1259 */
1260gcry_error_t
1261gcry_cipher_info( gcry_cipher_hd_t h, int cmd, void *buffer, size_t *nbytes)
1262{
1263 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1264
1265 switch (cmd)
1266 {
1267 default:
1268 err = GPG_ERR_INV_OP;
1269 }
1270
1271 return gcry_error (err);
1272}
1273
1274/****************
1275 * Return information about the given cipher algorithm
1276 * WHAT select the kind of information returned:
1277 * GCRYCTL_GET_KEYLEN:
1278 * Return the length of the key, if the algorithm
1279 * supports multiple key length, the maximum supported value
1280 * is returnd. The length is return as number of octets.
1281 * buffer and nbytes must be zero.
1282 * The keylength is returned in _bytes_.
1283 * GCRYCTL_GET_BLKLEN:
1284 * Return the blocklength of the algorithm counted in octets.
1285 * buffer and nbytes must be zero.
1286 * GCRYCTL_TEST_ALGO:
1287 * Returns 0 when the specified algorithm is available for use.
1288 * buffer and nbytes must be zero.
1289 *
1290 * Note: Because this function is in most cases used to return an
1291 * integer value, we can make it easier for the caller to just look at
1292 * the return value. The caller will in all cases consult the value
1293 * and thereby detecting whether a error occured or not (i.e. while checking
1294 * the block size)
1295 */
1296gcry_error_t
1297gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes)
1298{
1299 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1300 unsigned int ui;
1301
1302 switch (what)
1303 {
1304 case GCRYCTL_GET_KEYLEN:
1305 if (buffer || (! nbytes))
1306 err = GPG_ERR_CIPHER_ALGO;
1307 else
1308 {
1309 ui = cipher_get_keylen (algo);
1310 if ((ui > 0) && (ui <= 512))
1311 *nbytes = (size_t) ui / 8;
1312 else
1313 /* The only reason is an invalid algo or a strange
1314 blocksize. */
1315 err = GPG_ERR_CIPHER_ALGO;
1316 }
1317 break;
1318
1319 case GCRYCTL_GET_BLKLEN:
1320 if (buffer || (! nbytes))
1321 err = GPG_ERR_CIPHER_ALGO;
1322 else
1323 {
1324 ui = cipher_get_blocksize (algo);
1325 if ((ui > 0) && (ui < 10000))
1326 *nbytes = ui;
1327 else
1328 /* The only reason is an invalid algo or a strange
1329 blocksize. */
1330 err = GPG_ERR_CIPHER_ALGO;
1331 }
1332 break;
1333
1334 case GCRYCTL_TEST_ALGO:
1335 if (buffer || nbytes)
1336 err = GPG_ERR_INV_ARG;
1337 else
1338 err = check_cipher_algo (algo);
1339 break;
1340
1341 default:
1342 err = GPG_ERR_INV_OP;
1343 }
1344
1345 return gcry_error (err);
1346}
1347
1348
1349size_t
1350gcry_cipher_get_algo_keylen (int algo)
1351{
1352 size_t n;
1353
1354 if (gcry_cipher_algo_info( algo, GCRYCTL_GET_KEYLEN, NULL, &n))
1355 n = 0;
1356 return n;
1357}
1358
1359
1360size_t
1361gcry_cipher_get_algo_blklen (int algo)
1362{
1363 size_t n;
1364
1365 if (gcry_cipher_algo_info( algo, GCRYCTL_GET_BLKLEN, NULL, &n))
1366 n = 0;
1367 return n;
1368}
1369
1370
1371gcry_err_code_t
1372_gcry_cipher_init (void)
1373{
1374 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1375
1376 REGISTER_DEFAULT_CIPHERS;
1377
1378 return err;
1379}
1380
1381/* Get a list consisting of the IDs of the loaded cipher modules. If
1382 LIST is zero, write the number of loaded cipher modules to
1383 LIST_LENGTH and return. If LIST is non-zero, the first
1384 *LIST_LENGTH algorithm IDs are stored in LIST, which must be of
1385 according size. In case there are less cipher modules than
1386 *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */
1387gcry_error_t
1388gcry_cipher_list (int *list, int *list_length)
1389{
1390 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1391
1392 ath_mutex_lock (&ciphers_registered_lock);
1393 err = _gcry_module_list (ciphers_registered, list, list_length);
1394 ath_mutex_unlock (&ciphers_registered_lock);
1395
1396 return err;
1397}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/crc.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/crc.c
new file mode 100755
index 0000000..a851040
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/crc.c
@@ -0,0 +1,295 @@
1/* crc.c - Cyclic redundancy checks.
2 * Copyright (C) 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 *
20 */
21
22#include <config.h>
23#include <stdio.h>
24#include <stdlib.h>
25#include <string.h>
26#include <assert.h>
27#include "g10lib.h"
28#include "memory.h"
29#include "cipher.h"
30
31#include "bithelp.h"
32
33/* Table of CRCs of all 8-bit messages. Generated by running code
34 from RFC 1952 modified to print out the table. */
35static u32 crc32_table[256] = {
36 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
37 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
38 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
39 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
40 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
41 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
42 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
43 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
44 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
45 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
46 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
47 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
48 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
49 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
50 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
51 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
52 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
53 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
54 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
55 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
56 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
57 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
58 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
59 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
60 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
61 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
62 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
63 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
64 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
65 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
66 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
67 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
68 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
69 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
70 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
71 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
72 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
73 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
74 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
75 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
76 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
77 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
78 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
79};
80
81/*
82 * The following function was extracted from RFC 1952 by Simon
83 * Josefsson, for the Shishi project, and modified to be compatible
84 * with the modified CRC-32 used by RFC 1510, and subsequently
85 * modified for GNU Libgcrypt to allow it to be used for calculating
86 * both unmodified CRC-32 and modified CRC-32 values. Original
87 * copyright and notice from the document follows:
88 *
89 * Copyright (c) 1996 L. Peter Deutsch
90 *
91 * Permission is granted to copy and distribute this document for
92 * any purpose and without charge, including translations into
93 * other languages and incorporation into compilations, provided
94 * that the copyright notice and this notice are preserved, and
95 * that any substantive changes or deletions from the original are
96 * clearly marked.
97 *
98 * The copyright on RFCs, and consequently the function below, are
99 * supposedly also retroactively claimed by the Internet Society
100 * (according to rfc-editor@rfc-editor.org), with the following
101 * copyright notice:
102 *
103 * Copyright (C) The Internet Society. All Rights Reserved.
104 *
105 * This document and translations of it may be copied and furnished
106 * to others, and derivative works that comment on or otherwise
107 * explain it or assist in its implementation may be prepared,
108 * copied, published and distributed, in whole or in part, without
109 * restriction of any kind, provided that the above copyright
110 * notice and this paragraph are included on all such copies and
111 * derivative works. However, this document itself may not be
112 * modified in any way, such as by removing the copyright notice or
113 * references to the Internet Society or other Internet
114 * organizations, except as needed for the purpose of developing
115 * Internet standards in which case the procedures for copyrights
116 * defined in the Internet Standards process must be followed, or
117 * as required to translate it into languages other than English.
118 *
119 * The limited permissions granted above are perpetual and will not be
120 * revoked by the Internet Society or its successors or assigns.
121 *
122 * This document and the information contained herein is provided
123 * on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
124 * ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
125 * IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
126 * OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
127 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
128 * PARTICULAR PURPOSE.
129 *
130 */
131static u32
132update_crc32 (u32 crc, char *buf, size_t len)
133{
134 size_t n;
135
136 for (n = 0; n < len; n++)
137 crc = crc32_table[(crc ^ buf[n]) & 0xff] ^ (crc >> 8);
138
139 return crc;
140}
141
142typedef struct
143{
144 u32 CRC;
145 byte buf[4];
146}
147CRC_CONTEXT;
148
149/* CRC32 */
150
151static void
152crc32_init (void *context)
153{
154 CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
155 ctx->CRC = 0 ^ 0xffffffffL;
156}
157
158static void
159crc32_write (void *context, byte * inbuf, size_t inlen)
160{
161 CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
162 if (!inbuf)
163 return;
164 ctx->CRC = update_crc32 (ctx->CRC, (char*)inbuf, inlen);
165}
166
167static byte *
168crc32_read (void *context)
169{
170 CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
171 return ctx->buf;
172}
173
174static void
175crc32_final (void *context)
176{
177 CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
178 ctx->CRC ^= 0xffffffffL;
179 ctx->buf[0] = (ctx->CRC >> 24) & 0xFF;
180 ctx->buf[1] = (ctx->CRC >> 16) & 0xFF;
181 ctx->buf[2] = (ctx->CRC >> 8) & 0xFF;
182 ctx->buf[3] = (ctx->CRC ) & 0xFF;
183}
184
185/* CRC32 a'la RFC 1510 */
186static void
187crc32rfc1510_init (void *context)
188{
189 CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
190 ctx->CRC = 0;
191}
192
193static void
194crc32rfc1510_final (void *context)
195{
196 CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
197 ctx->buf[0] = (ctx->CRC >> 24) & 0xFF;
198 ctx->buf[1] = (ctx->CRC >> 16) & 0xFF;
199 ctx->buf[2] = (ctx->CRC >> 8) & 0xFF;
200 ctx->buf[3] = (ctx->CRC ) & 0xFF;
201}
202
203/* CRC24 a'la RFC 2440 */
204/*
205 * The following CRC 24 routines are adapted from RFC 2440, which has
206 * the following copyright notice:
207 *
208 * Copyright (C) The Internet Society (1998). All Rights Reserved.
209 *
210 * This document and translations of it may be copied and furnished
211 * to others, and derivative works that comment on or otherwise
212 * explain it or assist in its implementation may be prepared,
213 * copied, published and distributed, in whole or in part, without
214 * restriction of any kind, provided that the above copyright notice
215 * and this paragraph are included on all such copies and derivative
216 * works. However, this document itself may not be modified in any
217 * way, such as by removing the copyright notice or references to
218 * the Internet Society or other Internet organizations, except as
219 * needed for the purpose of developing Internet standards in which
220 * case the procedures for copyrights defined in the Internet
221 * Standards process must be followed, or as required to translate
222 * it into languages other than English.
223 *
224 * The limited permissions granted above are perpetual and will not be
225 * revoked by the Internet Society or its successors or assigns.
226 *
227 * This document and the information contained herein is provided on
228 * an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
229 * ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
230 * IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
231 * OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
232 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
233 * PURPOSE.
234 */
235
236#define CRC24_INIT 0xb704ceL
237#define CRC24_POLY 0x1864cfbL
238
239static void
240crc24rfc2440_init (void *context)
241{
242 CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
243 ctx->CRC = CRC24_INIT;
244}
245
246static void
247crc24rfc2440_write (void *context, byte * inbuf, size_t inlen)
248{
249 int i;
250 CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
251
252 if (!inbuf)
253 return;
254
255 while (inlen--) {
256 ctx->CRC ^= (*inbuf++) << 16;
257 for (i = 0; i < 8; i++) {
258 ctx->CRC <<= 1;
259 if (ctx->CRC & 0x1000000)
260 ctx->CRC ^= CRC24_POLY;
261 }
262 }
263}
264
265static void
266crc24rfc2440_final (void *context)
267{
268 CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
269 ctx->buf[0] = (ctx->CRC >> 16) & 0xFF;
270 ctx->buf[1] = (ctx->CRC >> 8) & 0xFF;
271 ctx->buf[2] = (ctx->CRC ) & 0xFF;
272}
273
274gcry_md_spec_t _gcry_digest_spec_crc32 =
275 {
276 "CRC32", NULL, 0, NULL, 4,
277 crc32_init, crc32_write, crc32_final, crc32_read,
278 sizeof (CRC_CONTEXT)
279 };
280
281gcry_md_spec_t _gcry_digest_spec_crc32_rfc1510 =
282 {
283 "CRC32RFC1510", NULL, 0, NULL, 4,
284 crc32rfc1510_init, crc32_write,
285 crc32rfc1510_final, crc32_read,
286 sizeof (CRC_CONTEXT)
287 };
288
289gcry_md_spec_t _gcry_digest_spec_crc24_rfc2440 =
290 {
291 "CRC24RFC2440", NULL, 0, NULL, 3,
292 crc24rfc2440_init, crc24rfc2440_write,
293 crc24rfc2440_final, crc32_read,
294 sizeof (CRC_CONTEXT)
295 };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/des.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/des.c
new file mode 100755
index 0000000..5fbd213
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/des.c
@@ -0,0 +1,1111 @@
1/* des.c - DES and Triple-DES encryption/decryption Algorithm
2 * Copyright (C) 1998, 1999, 2001, 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 *
20 * For a description of triple encryption, see:
21 * Bruce Schneier: Applied Cryptography. Second Edition.
22 * John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
23 * This implementation is according to the definition of DES in FIPS
24 * PUB 46-2 from December 1993.
25 */
26
27
28/*
29 * Written by Michael Roth <mroth@nessie.de>, September 1998
30 */
31
32
33/*
34 * U S A G E
35 * ===========
36 *
37 * For DES or Triple-DES encryption/decryption you must initialize a proper
38 * encryption context with a key.
39 *
40 * A DES key is 64bit wide but only 56bits of the key are used. The remaining
41 * bits are parity bits and they will _not_ checked in this implementation, but
42 * simply ignored.
43 *
44 * For Triple-DES you could use either two 64bit keys or three 64bit keys.
45 * The parity bits will _not_ checked, too.
46 *
47 * After initializing a context with a key you could use this context to
48 * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
49 *
50 * (In the examples below the slashes at the beginning and ending of comments
51 * are omited.)
52 *
53 * DES Example
54 * -----------
55 * unsigned char key[8];
56 * unsigned char plaintext[8];
57 * unsigned char ciphertext[8];
58 * unsigned char recoverd[8];
59 * des_ctx context;
60 *
61 * * Fill 'key' and 'plaintext' with some data *
62 * ....
63 *
64 * * Set up the DES encryption context *
65 * des_setkey(context, key);
66 *
67 * * Encrypt the plaintext *
68 * des_ecb_encrypt(context, plaintext, ciphertext);
69 *
70 * * To recover the orginal plaintext from ciphertext use: *
71 * des_ecb_decrypt(context, ciphertext, recoverd);
72 *
73 *
74 * Triple-DES Example
75 * ------------------
76 * unsigned char key1[8];
77 * unsigned char key2[8];
78 * unsigned char key3[8];
79 * unsigned char plaintext[8];
80 * unsigned char ciphertext[8];
81 * unsigned char recoverd[8];
82 * tripledes_ctx context;
83 *
84 * * If you would like to use two 64bit keys, fill 'key1' and'key2'
85 * then setup the encryption context: *
86 * tripledes_set2keys(context, key1, key2);
87 *
88 * * To use three 64bit keys with Triple-DES use: *
89 * tripledes_set3keys(context, key1, key2, key3);
90 *
91 * * Encrypting plaintext with Triple-DES *
92 * tripledes_ecb_encrypt(context, plaintext, ciphertext);
93 *
94 * * Decrypting ciphertext to recover the plaintext with Triple-DES *
95 * tripledes_ecb_decrypt(context, ciphertext, recoverd);
96 *
97 *
98 * Selftest
99 * --------
100 * char *error_msg;
101 *
102 * * To perform a selftest of this DES/Triple-DES implementation use the
103 * function selftest(). It will return an error string if their are
104 * some problems with this library. *
105 *
106 * if ( (error_msg = selftest()) )
107 * {
108 * fprintf(stderr, "An error in the DES/Tripple-DES implementation occured: %s\n", error_msg);
109 * abort();
110 * }
111 */
112
113
114#include <config.h>
115#include <stdio.h>
116#include <string.h> /* memcpy, memcmp */
117#include "types.h" /* for byte and u32 typedefs */
118#include "g10lib.h"
119#include "cipher.h"
120
121#if defined(__GNUC__) && defined(__GNU_LIBRARY__)
122#define working_memcmp memcmp
123#else
124/*
125 * According to the SunOS man page, memcmp returns indeterminate sign
126 * depending on whether characters are signed or not.
127 */
128static int
129working_memcmp( const char *a, const char *b, size_t n )
130{
131 for( ; n; n--, a++, b++ )
132 if( *a != *b )
133 return (int)(*(byte*)a) - (int)(*(byte*)b);
134 return 0;
135}
136#endif
137
138/*
139 * Encryption/Decryption context of DES
140 */
141typedef struct _des_ctx
142 {
143 u32 encrypt_subkeys[32];
144 u32 decrypt_subkeys[32];
145 }
146des_ctx[1];
147
148/*
149 * Encryption/Decryption context of Triple-DES
150 */
151typedef struct _tripledes_ctx
152 {
153 u32 encrypt_subkeys[96];
154 u32 decrypt_subkeys[96];
155 }
156tripledes_ctx[1];
157
158static void des_key_schedule (const byte *, u32 *);
159static int des_setkey (struct _des_ctx *, const byte *);
160static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);
161static int tripledes_set2keys (struct _tripledes_ctx *,
162 const byte *, const byte *);
163static int tripledes_set3keys (struct _tripledes_ctx *,
164 const byte *, const byte *, const byte *);
165static int tripledes_ecb_crypt (struct _tripledes_ctx *,
166 const byte *, byte *, int);
167static int is_weak_key ( const byte *key );
168static const char *selftest (void);
169
170static int initialized;
171
172
173
174
175/*
176 * The s-box values are permuted according to the 'primitive function P'
177 * and are rotated one bit to the left.
178 */
179static u32 sbox1[64] =
180{
181 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,
182 0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
183 0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
184 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,
185 0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,
186 0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
187 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,
188 0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004
189};
190
191static u32 sbox2[64] =
192{
193 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,
194 0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
195 0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
196 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,
197 0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,
198 0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
199 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,
200 0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000
201};
202
203static u32 sbox3[64] =
204{
205 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,
206 0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
207 0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
208 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,
209 0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,
210 0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
211 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,
212 0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200
213};
214
215static u32 sbox4[64] =
216{
217 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,
218 0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
219 0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
220 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,
221 0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,
222 0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
223 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,
224 0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080
225};
226
227static u32 sbox5[64] =
228{
229 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,
230 0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
231 0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
232 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,
233 0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,
234 0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
235 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,
236 0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100
237};
238
239static u32 sbox6[64] =
240{
241 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,
242 0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
243 0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
244 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,
245 0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,
246 0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
247 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,
248 0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010
249};
250
251static u32 sbox7[64] =
252{
253 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,
254 0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
255 0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
256 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,
257 0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,
258 0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
259 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,
260 0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002
261};
262
263static u32 sbox8[64] =
264{
265 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,
266 0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
267 0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
268 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,
269 0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,
270 0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
271 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,
272 0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000
273};
274
275
276/*
277 * These two tables are part of the 'permuted choice 1' function.
278 * In this implementation several speed improvements are done.
279 */
280static u32 leftkey_swap[16] =
281{
282 0x00000000, 0x00000001, 0x00000100, 0x00000101,
283 0x00010000, 0x00010001, 0x00010100, 0x00010101,
284 0x01000000, 0x01000001, 0x01000100, 0x01000101,
285 0x01010000, 0x01010001, 0x01010100, 0x01010101
286};
287
288static u32 rightkey_swap[16] =
289{
290 0x00000000, 0x01000000, 0x00010000, 0x01010000,
291 0x00000100, 0x01000100, 0x00010100, 0x01010100,
292 0x00000001, 0x01000001, 0x00010001, 0x01010001,
293 0x00000101, 0x01000101, 0x00010101, 0x01010101,
294};
295
296
297
298/*
299 * Numbers of left shifts per round for encryption subkeys.
300 * To calculate the decryption subkeys we just reverse the
301 * ordering of the calculated encryption subkeys. So their
302 * is no need for a decryption rotate tab.
303 */
304static byte encrypt_rotate_tab[16] =
305{
306 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
307};
308
309
310
311/*
312 * Table with weak DES keys sorted in ascending order.
313 * In DES their are 64 known keys wich are weak. They are weak
314 * because they produce only one, two or four different
315 * subkeys in the subkey scheduling process.
316 * The keys in this table have all their parity bits cleared.
317 */
318static byte weak_keys[64][8] =
319{
320 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /*w*/
321 { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
322 { 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 },
323 { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
324 { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, /*sw*/
325 { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
326 { 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe },
327 { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
328 { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, /*sw*/
329 { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
330 { 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 },
331 { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
332 { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, /*sw*/
333 { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
334 { 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e },
335 { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
336 { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
337 { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, /*sw*/
338 { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
339 { 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 },
340 { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
341 { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, /*w*/
342 { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
343 { 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe },
344 { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
345 { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, /*sw*/
346 { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
347 { 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 },
348 { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
349 { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, /*sw*/
350 { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
351 { 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e },
352 { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
353 { 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe },
354 { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 }, /*sw*/
355 { 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e },
356 { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
357 { 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 },
358 { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e }, /*sw*/
359 { 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 },
360 { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
361 { 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e },
362 { 0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0 }, /*w*/
363 { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
364 { 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e },
365 { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
366 { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, /*sw*/
367 { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
368 { 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe },
369 { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
370 { 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e },
371 { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 }, /*sw*/
372 { 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 },
373 { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
374 { 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 },
375 { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e }, /*sw*/
376 { 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e },
377 { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
378 { 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe },
379 { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 }, /*sw*/
380 { 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 },
381 { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
382 { 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 },
383 { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe } /*w*/
384};
385static unsigned char weak_keys_chksum[20] = {
386 0xD0, 0xCF, 0x07, 0x38, 0x93, 0x70, 0x8A, 0x83, 0x7D, 0xD7,
387 0x8A, 0x36, 0x65, 0x29, 0x6C, 0x1F, 0x7C, 0x3F, 0xD3, 0x41
388};
389
390
391
392/*
393 * Macro to swap bits across two words.
394 */
395#define DO_PERMUTATION(a, temp, b, offset, mask) \
396 temp = ((a>>offset) ^ b) & mask; \
397 b ^= temp; \
398 a ^= temp<<offset;
399
400
401/*
402 * This performs the 'initial permutation' of the data to be encrypted
403 * or decrypted. Additionally the resulting two words are rotated one bit
404 * to the left.
405 */
406#define INITIAL_PERMUTATION(left, temp, right) \
407 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \
408 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
409 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
410 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
411 right = (right << 1) | (right >> 31); \
412 temp = (left ^ right) & 0xaaaaaaaa; \
413 right ^= temp; \
414 left ^= temp; \
415 left = (left << 1) | (left >> 31);
416
417/*
418 * The 'inverse initial permutation'.
419 */
420#define FINAL_PERMUTATION(left, temp, right) \
421 left = (left << 31) | (left >> 1); \
422 temp = (left ^ right) & 0xaaaaaaaa; \
423 left ^= temp; \
424 right ^= temp; \
425 right = (right << 31) | (right >> 1); \
426 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
427 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
428 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
429 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
430
431
432/*
433 * A full DES round including 'expansion function', 'sbox substitution'
434 * and 'primitive function P' but without swapping the left and right word.
435 * Please note: The data in 'from' and 'to' is already rotated one bit to
436 * the left, done in the initial permutation.
437 */
438#define DES_ROUND(from, to, work, subkey) \
439 work = from ^ *subkey++; \
440 to ^= sbox8[ work & 0x3f ]; \
441 to ^= sbox6[ (work>>8) & 0x3f ]; \
442 to ^= sbox4[ (work>>16) & 0x3f ]; \
443 to ^= sbox2[ (work>>24) & 0x3f ]; \
444 work = ((from << 28) | (from >> 4)) ^ *subkey++; \
445 to ^= sbox7[ work & 0x3f ]; \
446 to ^= sbox5[ (work>>8) & 0x3f ]; \
447 to ^= sbox3[ (work>>16) & 0x3f ]; \
448 to ^= sbox1[ (work>>24) & 0x3f ];
449
450/*
451 * Macros to convert 8 bytes from/to 32bit words.
452 */
453#define READ_64BIT_DATA(data, left, right) \
454 left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \
455 right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
456
457#define WRITE_64BIT_DATA(data, left, right) \
458 data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \
459 data[2] = (left >> 8) &0xff; data[3] = left &0xff; \
460 data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \
461 data[6] = (right >> 8) &0xff; data[7] = right &0xff;
462
463/*
464 * Handy macros for encryption and decryption of data
465 */
466#define des_ecb_encrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 0)
467#define des_ecb_decrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 1)
468#define tripledes_ecb_encrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,0)
469#define tripledes_ecb_decrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,1)
470
471
472
473
474
475
476/*
477 * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
478 * 16 encryption rounds.
479 * To calculate subkeys for decryption the caller
480 * have to reorder the generated subkeys.
481 *
482 * rawkey: 8 Bytes of key data
483 * subkey: Array of at least 32 u32s. Will be filled
484 * with calculated subkeys.
485 *
486 */
487static void
488des_key_schedule (const byte * rawkey, u32 * subkey)
489{
490 u32 left, right, work;
491 int round;
492
493 READ_64BIT_DATA (rawkey, left, right)
494
495 DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
496 DO_PERMUTATION (right, work, left, 0, 0x10101010)
497
498 left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
499 | (leftkey_swap[(left >> 8) & 0xf] << 2)
500 | (leftkey_swap[(left >> 16) & 0xf] << 1)
501 | (leftkey_swap[(left >> 24) & 0xf])
502 | (leftkey_swap[(left >> 5) & 0xf] << 7)
503 | (leftkey_swap[(left >> 13) & 0xf] << 6)
504 | (leftkey_swap[(left >> 21) & 0xf] << 5)
505 | (leftkey_swap[(left >> 29) & 0xf] << 4));
506
507 left &= 0x0fffffff;
508
509 right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
510 | (rightkey_swap[(right >> 9) & 0xf] << 2)
511 | (rightkey_swap[(right >> 17) & 0xf] << 1)
512 | (rightkey_swap[(right >> 25) & 0xf])
513 | (rightkey_swap[(right >> 4) & 0xf] << 7)
514 | (rightkey_swap[(right >> 12) & 0xf] << 6)
515 | (rightkey_swap[(right >> 20) & 0xf] << 5)
516 | (rightkey_swap[(right >> 28) & 0xf] << 4));
517
518 right &= 0x0fffffff;
519
520 for (round = 0; round < 16; ++round)
521 {
522 left = ((left << encrypt_rotate_tab[round])
523 | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
524 right = ((right << encrypt_rotate_tab[round])
525 | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
526
527 *subkey++ = (((left << 4) & 0x24000000)
528 | ((left << 28) & 0x10000000)
529 | ((left << 14) & 0x08000000)
530 | ((left << 18) & 0x02080000)
531 | ((left << 6) & 0x01000000)
532 | ((left << 9) & 0x00200000)
533 | ((left >> 1) & 0x00100000)
534 | ((left << 10) & 0x00040000)
535 | ((left << 2) & 0x00020000)
536 | ((left >> 10) & 0x00010000)
537 | ((right >> 13) & 0x00002000)
538 | ((right >> 4) & 0x00001000)
539 | ((right << 6) & 0x00000800)
540 | ((right >> 1) & 0x00000400)
541 | ((right >> 14) & 0x00000200)
542 | (right & 0x00000100)
543 | ((right >> 5) & 0x00000020)
544 | ((right >> 10) & 0x00000010)
545 | ((right >> 3) & 0x00000008)
546 | ((right >> 18) & 0x00000004)
547 | ((right >> 26) & 0x00000002)
548 | ((right >> 24) & 0x00000001));
549
550 *subkey++ = (((left << 15) & 0x20000000)
551 | ((left << 17) & 0x10000000)
552 | ((left << 10) & 0x08000000)
553 | ((left << 22) & 0x04000000)
554 | ((left >> 2) & 0x02000000)
555 | ((left << 1) & 0x01000000)
556 | ((left << 16) & 0x00200000)
557 | ((left << 11) & 0x00100000)
558 | ((left << 3) & 0x00080000)
559 | ((left >> 6) & 0x00040000)
560 | ((left << 15) & 0x00020000)
561 | ((left >> 4) & 0x00010000)
562 | ((right >> 2) & 0x00002000)
563 | ((right << 8) & 0x00001000)
564 | ((right >> 14) & 0x00000808)
565 | ((right >> 9) & 0x00000400)
566 | ((right) & 0x00000200)
567 | ((right << 7) & 0x00000100)
568 | ((right >> 7) & 0x00000020)
569 | ((right >> 3) & 0x00000011)
570 | ((right << 2) & 0x00000004)
571 | ((right >> 21) & 0x00000002));
572 }
573}
574
575
576/*
577 * Fill a DES context with subkeys calculated from a 64bit key.
578 * Does not check parity bits, but simply ignore them.
579 * Does not check for weak keys.
580 */
581static int
582des_setkey (struct _des_ctx *ctx, const byte * key)
583{
584 static const char *selftest_failed;
585 int i;
586
587 if (! initialized)
588 {
589 initialized = 1;
590 selftest_failed = selftest ();
591
592 if (selftest_failed)
593 log_error ("%s\n", selftest_failed);
594 }
595 if (selftest_failed)
596 return GPG_ERR_SELFTEST_FAILED;
597
598 des_key_schedule (key, ctx->encrypt_subkeys);
599 _gcry_burn_stack (32);
600
601 for(i=0; i<32; i+=2)
602 {
603 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
604 ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
605 }
606
607 return 0;
608}
609
610
611
612/*
613 * Electronic Codebook Mode DES encryption/decryption of data according
614 * to 'mode'.
615 */
616static int
617des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
618{
619 u32 left, right, work;
620 u32 *keys;
621
622 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
623
624 READ_64BIT_DATA (from, left, right)
625 INITIAL_PERMUTATION (left, work, right)
626
627 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
628 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
629 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
630 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
631 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
632 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
633 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
634 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
635
636 FINAL_PERMUTATION (right, work, left)
637 WRITE_64BIT_DATA (to, right, left)
638
639 return 0;
640}
641
642
643
644/*
645 * Fill a Triple-DES context with subkeys calculated from two 64bit keys.
646 * Does not check the parity bits of the keys, but simply ignore them.
647 * Does not check for weak keys.
648 */
649static int
650tripledes_set2keys (struct _tripledes_ctx *ctx,
651 const byte * key1,
652 const byte * key2)
653{
654 int i;
655
656 des_key_schedule (key1, ctx->encrypt_subkeys);
657 des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
658 _gcry_burn_stack (32);
659
660 for(i=0; i<32; i+=2)
661 {
662 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
663 ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
664
665 ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
666 ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
667
668 ctx->encrypt_subkeys[i+64] = ctx->encrypt_subkeys[i];
669 ctx->encrypt_subkeys[i+65] = ctx->encrypt_subkeys[i+1];
670
671 ctx->decrypt_subkeys[i+64] = ctx->decrypt_subkeys[i];
672 ctx->decrypt_subkeys[i+65] = ctx->decrypt_subkeys[i+1];
673 }
674
675 return 0;
676}
677
678
679
680/*
681 * Fill a Triple-DES context with subkeys calculated from three 64bit keys.
682 * Does not check the parity bits of the keys, but simply ignore them.
683 * Does not check for weak keys.
684 */
685static int
686tripledes_set3keys (struct _tripledes_ctx *ctx,
687 const byte * key1,
688 const byte * key2,
689 const byte * key3)
690{
691 static const char *selftest_failed;
692 int i;
693
694 if (! initialized)
695 {
696 initialized = 1;
697 selftest_failed = selftest ();
698
699 if (selftest_failed)
700 log_error ("%s\n", selftest_failed);
701 }
702 if (selftest_failed)
703 return GPG_ERR_SELFTEST_FAILED;
704
705 des_key_schedule (key1, ctx->encrypt_subkeys);
706 des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
707 des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
708 _gcry_burn_stack (32);
709
710 for(i=0; i<32; i+=2)
711 {
712 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94-i];
713 ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[95-i];
714
715 ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
716 ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
717
718 ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
719 ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
720 }
721
722 return 0;
723}
724
725
726
727/*
728 * Electronic Codebook Mode Triple-DES encryption/decryption of data
729 * according to 'mode'. Sometimes this mode is named 'EDE' mode
730 * (Encryption-Decryption-Encryption).
731 */
732static int
733tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from,
734 byte * to, int mode)
735{
736 u32 left, right, work;
737 u32 *keys;
738
739 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
740
741 READ_64BIT_DATA (from, left, right)
742 INITIAL_PERMUTATION (left, work, right)
743
744 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
745 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
746 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
747 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
748 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
749 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
750 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
751 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
752
753 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
754 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
755 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
756 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
757 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
758 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
759 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
760 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
761
762 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
763 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
764 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
765 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
766 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
767 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
768 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
769 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
770
771 FINAL_PERMUTATION (right, work, left)
772 WRITE_64BIT_DATA (to, right, left)
773
774 return 0;
775}
776
777
778
779
780
781/*
782 * Check whether the 8 byte key is weak.
783 * Does not check the parity bits of the key but simple ignore them.
784 */
785static int
786is_weak_key ( const byte *key )
787{
788 byte work[8];
789 int i, left, right, middle, cmp_result;
790
791 /* clear parity bits */
792 for(i=0; i<8; ++i)
793 work[i] = key[i] & 0xfe;
794
795 /* binary search in the weak key table */
796 left = 0;
797 right = 63;
798 while(left <= right)
799 {
800 middle = (left + right) / 2;
801
802 if ( !(cmp_result=working_memcmp(work, weak_keys[middle], 8)) )
803 return -1;
804
805 if ( cmp_result > 0 )
806 left = middle + 1;
807 else
808 right = middle - 1;
809 }
810
811 return 0;
812}
813
814
815
816/*
817 * Performs a selftest of this DES/Triple-DES implementation.
818 * Returns an string with the error text on failure.
819 * Returns NULL if all is ok.
820 */
821static const char *
822selftest (void)
823{
824 /*
825 * Check if 'u32' is really 32 bits wide. This DES / 3DES implementation
826 * need this.
827 */
828 if (sizeof (u32) != 4)
829 return "Wrong word size for DES configured.";
830
831 /*
832 * DES Maintenance Test
833 */
834 {
835 int i;
836 byte key[8] =
837 {0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55};
838 byte input[8] =
839 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
840 byte result[8] =
841 {0x24, 0x6e, 0x9d, 0xb9, 0xc5, 0x50, 0x38, 0x1a};
842 byte temp1[8], temp2[8], temp3[8];
843 des_ctx des;
844
845 for (i = 0; i < 64; ++i)
846 {
847 des_setkey (des, key);
848 des_ecb_encrypt (des, input, temp1);
849 des_ecb_encrypt (des, temp1, temp2);
850 des_setkey (des, temp2);
851 des_ecb_decrypt (des, temp1, temp3);
852 memcpy (key, temp3, 8);
853 memcpy (input, temp1, 8);
854 }
855 if (memcmp (temp3, result, 8))
856 return "DES maintenance test failed.";
857 }
858
859
860 /*
861 * Self made Triple-DES test (Does somebody know an official test?)
862 */
863 {
864 int i;
865 byte input[8] =
866 {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
867 byte key1[8] =
868 {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0};
869 byte key2[8] =
870 {0x11, 0x22, 0x33, 0x44, 0xff, 0xaa, 0xcc, 0xdd};
871 byte result[8] =
872 {0x7b, 0x38, 0x3b, 0x23, 0xa2, 0x7d, 0x26, 0xd3};
873
874 tripledes_ctx des3;
875
876 for (i = 0; i < 16; ++i)
877 {
878 tripledes_set2keys (des3, key1, key2);
879 tripledes_ecb_encrypt (des3, input, key1);
880 tripledes_ecb_decrypt (des3, input, key2);
881 tripledes_set3keys (des3, key1, input, key2);
882 tripledes_ecb_encrypt (des3, input, input);
883 }
884 if (memcmp (input, result, 8))
885 return "Triple-DES test failed.";
886 }
887
888 /*
889 * More Triple-DES test. These are testvectors as used by SSLeay,
890 * thanks to Jeroen C. van Gelderen.
891 */
892 {
893 struct { byte key[24]; byte plain[8]; byte cipher[8]; } testdata[] = {
894 { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
895 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
896 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 },
897 { 0x95,0xF8,0xA5,0xE5,0xDD,0x31,0xD9,0x00 },
898 { 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }
899 },
900
901 { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
902 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
903 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 },
904 { 0x9D,0x64,0x55,0x5A,0x9A,0x10,0xB8,0x52, },
905 { 0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x00 }
906 },
907 { { 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
908 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
909 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E },
910 { 0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A },
911 { 0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A }
912 },
913 { { 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
914 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
915 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6 },
916 { 0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2 },
917 { 0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95 }
918 },
919 { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
920 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
921 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
922 { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
923 { 0x3D,0x12,0x4F,0xE2,0x19,0x8B,0xA3,0x18 }
924 },
925 { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
926 0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
927 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
928 { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
929 { 0xFB,0xAB,0xA1,0xFF,0x9D,0x05,0xE9,0xB1 }
930 },
931 { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
932 0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
933 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10 },
934 { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
935 { 0x18,0xd7,0x48,0xe5,0x63,0x62,0x05,0x72 }
936 },
937 { { 0x03,0x52,0x02,0x07,0x67,0x20,0x82,0x17,
938 0x86,0x02,0x87,0x66,0x59,0x08,0x21,0x98,
939 0x64,0x05,0x6A,0xBD,0xFE,0xA9,0x34,0x57 },
940 { 0x73,0x71,0x75,0x69,0x67,0x67,0x6C,0x65 },
941 { 0xc0,0x7d,0x2a,0x0f,0xa5,0x66,0xfa,0x30 }
942 },
943 { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
944 0x80,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
945 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x02 },
946 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
947 { 0xe6,0xe6,0xdd,0x5b,0x7e,0x72,0x29,0x74 }
948 },
949 { { 0x10,0x46,0x10,0x34,0x89,0x98,0x80,0x20,
950 0x91,0x07,0xD0,0x15,0x89,0x19,0x01,0x01,
951 0x19,0x07,0x92,0x10,0x98,0x1A,0x01,0x01 },
952 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
953 { 0xe1,0xef,0x62,0xc3,0x32,0xfe,0x82,0x5b }
954 }
955 };
956
957 byte result[8];
958 int i;
959 static char error[80];
960 tripledes_ctx des3;
961
962 for (i=0; i<sizeof(testdata)/sizeof(*testdata); ++i)
963 {
964 tripledes_set3keys (des3, testdata[i].key,
965 testdata[i].key + 8, testdata[i].key + 16);
966
967 tripledes_ecb_encrypt (des3, testdata[i].plain, result);
968 if (memcmp (testdata[i].cipher, result, 8))
969 {
970 sprintf (error, "Triple-DES SSLeay test pattern no. %d "
971 "failed on encryption.", i+1);
972 return error;
973 }
974
975 tripledes_ecb_decrypt (des3, testdata[i].cipher, result);
976 if (memcmp (testdata[i].plain, result, 8))
977 {
978 sprintf (error, "Triple-DES SSLeay test pattern no. %d "
979 "failed on decryption.", i+1);
980 return error;
981 }
982 }
983 }
984
985 /*
986 * Check the weak key detection. We simply assume that the table
987 * with weak keys is ok and check every key in the table if it is
988 * detected... (This test is a little bit stupid).
989 */
990 {
991 int i;
992 unsigned char *p;
993 gcry_md_hd_t h;
994
995 if (gcry_md_open (&h, GCRY_MD_SHA1, 0))
996 return "SHA1 not available";
997
998 for (i = 0; i < 64; ++i)
999 gcry_md_write (h, weak_keys[i], 8);
1000 p = gcry_md_read (h, GCRY_MD_SHA1);
1001 i = memcmp (p, weak_keys_chksum, 20);
1002 gcry_md_close (h);
1003 if (i)
1004 return "weak key table defect";
1005
1006 for (i = 0; i < 64; ++i)
1007 if (!is_weak_key(weak_keys[i]))
1008 return "DES weak key detection failed";
1009 }
1010
1011 return 0;
1012}
1013
1014
1015static gcry_err_code_t
1016do_tripledes_setkey ( void *context, const byte *key, unsigned keylen )
1017{
1018 struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
1019
1020 if( keylen != 24 )
1021 return GPG_ERR_INV_KEYLEN;
1022
1023 tripledes_set3keys ( ctx, key, key+8, key+16);
1024
1025 if( is_weak_key( key ) || is_weak_key( key+8 ) || is_weak_key( key+16 ) )
1026 {
1027 _gcry_burn_stack (64);
1028 return GPG_ERR_WEAK_KEY;
1029 }
1030 _gcry_burn_stack (64);
1031
1032 return GPG_ERR_NO_ERROR;
1033}
1034
1035
1036static void
1037do_tripledes_encrypt( void *context, byte *outbuf, const byte *inbuf )
1038{
1039 struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
1040
1041 tripledes_ecb_encrypt ( ctx, inbuf, outbuf );
1042 _gcry_burn_stack (32);
1043}
1044
1045static void
1046do_tripledes_decrypt( void *context, byte *outbuf, const byte *inbuf )
1047{
1048 struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
1049 tripledes_ecb_decrypt ( ctx, inbuf, outbuf );
1050 _gcry_burn_stack (32);
1051}
1052
1053static gcry_err_code_t
1054do_des_setkey (void *context, const byte *key, unsigned keylen)
1055{
1056 struct _des_ctx *ctx = (struct _des_ctx *) context;
1057
1058 if (keylen != 8)
1059 return GPG_ERR_INV_KEYLEN;
1060
1061 des_setkey (ctx, key);
1062
1063 if (is_weak_key (key)) {
1064 _gcry_burn_stack (64);
1065 return GPG_ERR_WEAK_KEY;
1066 }
1067 _gcry_burn_stack (64);
1068
1069 return GPG_ERR_NO_ERROR;
1070}
1071
1072
1073static void
1074do_des_encrypt( void *context, byte *outbuf, const byte *inbuf )
1075{
1076 struct _des_ctx *ctx = (struct _des_ctx *) context;
1077
1078 des_ecb_encrypt ( ctx, inbuf, outbuf );
1079 _gcry_burn_stack (32);
1080}
1081
1082static void
1083do_des_decrypt( void *context, byte *outbuf, const byte *inbuf )
1084{
1085 struct _des_ctx *ctx = (struct _des_ctx *) context;
1086
1087 des_ecb_decrypt ( ctx, inbuf, outbuf );
1088 _gcry_burn_stack (32);
1089}
1090
1091gcry_cipher_spec_t _gcry_cipher_spec_des =
1092 {
1093 "DES", NULL, NULL, 8, 64, sizeof (struct _des_ctx),
1094 do_des_setkey, do_des_encrypt, do_des_decrypt
1095 };
1096
1097static gcry_cipher_oid_spec_t oids_tripledes[] =
1098 {
1099 { "1.2.840.113549.3.7", GCRY_CIPHER_MODE_CBC },
1100 /* Teletrust specific OID for 3DES. */
1101 { "1.3.36.3.1.3.2.1", GCRY_CIPHER_MODE_CBC },
1102 /* pbeWithSHAAnd3_KeyTripleDES_CBC */
1103 { "1.2.840.113549.1.12.1.3", GCRY_CIPHER_MODE_CBC },
1104 { NULL }
1105 };
1106
1107gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
1108 {
1109 "3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),
1110 do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt
1111 };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/dsa.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/dsa.c
new file mode 100755
index 0000000..9ae06fd
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/dsa.c
@@ -0,0 +1,486 @@
1/* dsa.c - DSA signature scheme
2 * Copyright (C) 1998, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21#include <config.h>
22#include <stdio.h>
23#include <stdlib.h>
24#include <string.h>
25#include <assert.h>
26
27#include "g10lib.h"
28#include "mpi.h"
29#include "cipher.h"
30
31typedef struct
32{
33 gcry_mpi_t p; /* prime */
34 gcry_mpi_t q; /* group order */
35 gcry_mpi_t g; /* group generator */
36 gcry_mpi_t y; /* g^x mod p */
37} DSA_public_key;
38
39
40typedef struct
41{
42 gcry_mpi_t p; /* prime */
43 gcry_mpi_t q; /* group order */
44 gcry_mpi_t g; /* group generator */
45 gcry_mpi_t y; /* g^x mod p */
46 gcry_mpi_t x; /* secret exponent */
47} DSA_secret_key;
48
49
50static gcry_mpi_t gen_k (gcry_mpi_t q);
51static void test_keys (DSA_secret_key *sk, unsigned qbits);
52static int check_secret_key (DSA_secret_key *sk);
53static void generate (DSA_secret_key *sk, unsigned nbits,
54 gcry_mpi_t **ret_factors);
55static void sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,
56 DSA_secret_key *skey);
57static int verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,
58 DSA_public_key *pkey);
59
60static void (*progress_cb) (void *,const char *, int, int, int );
61static void *progress_cb_data;
62
63
64void
65_gcry_register_pk_dsa_progress (void (*cb) (void *, const char *,
66 int, int, int),
67 void *cb_data)
68{
69 progress_cb = cb;
70 progress_cb_data = cb_data;
71}
72
73
74static void
75progress (int c)
76{
77 if (progress_cb)
78 progress_cb (progress_cb_data, "pk_dsa", c, 0, 0);
79}
80
81
82/*
83 * Generate a random secret exponent k less than q.
84 */
85static gcry_mpi_t
86gen_k( gcry_mpi_t q )
87{
88 gcry_mpi_t k = mpi_alloc_secure( mpi_get_nlimbs(q) );
89 unsigned int nbits = mpi_get_nbits(q);
90 unsigned int nbytes = (nbits+7)/8;
91 unsigned char *rndbuf = NULL;
92
93 if ( DBG_CIPHER )
94 log_debug("choosing a random k ");
95 for (;;)
96 {
97 if( DBG_CIPHER )
98 progress('.');
99
100 if ( !rndbuf || nbits < 32 )
101 {
102 gcry_free(rndbuf);
103 rndbuf = gcry_random_bytes_secure( (nbits+7)/8, GCRY_STRONG_RANDOM );
104 }
105 else
106 { /* Change only some of the higher bits. We could improve
107 this by directly requesting more memory at the first call
108 to get_random_bytes() and use this the here maybe it is
109 easier to do this directly in random.c. */
110 char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM );
111 memcpy( rndbuf,pp, 4 );
112 gcry_free(pp);
113 }
114 _gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 );
115 if ( mpi_test_bit( k, nbits-1 ) )
116 mpi_set_highbit( k, nbits-1 );
117 else
118 {
119 mpi_set_highbit( k, nbits-1 );
120 mpi_clear_bit( k, nbits-1 );
121 }
122
123 if( !(mpi_cmp( k, q ) < 0) ) /* check: k < q */
124 {
125 if( DBG_CIPHER )
126 progress('+');
127 continue; /* no */
128 }
129 if( !(mpi_cmp_ui( k, 0 ) > 0) ) /* check: k > 0 */
130 {
131 if( DBG_CIPHER )
132 progress('-');
133 continue; /* no */
134 }
135 break; /* okay */
136 }
137 gcry_free(rndbuf);
138 if( DBG_CIPHER )
139 progress('\n');
140
141 return k;
142}
143
144
145static void
146test_keys( DSA_secret_key *sk, unsigned qbits )
147{
148 DSA_public_key pk;
149 gcry_mpi_t test = gcry_mpi_new ( qbits );
150 gcry_mpi_t out1_a = gcry_mpi_new ( qbits );
151 gcry_mpi_t out1_b = gcry_mpi_new ( qbits );
152
153 pk.p = sk->p;
154 pk.q = sk->q;
155 pk.g = sk->g;
156 pk.y = sk->y;
157 gcry_mpi_randomize( test, qbits, GCRY_WEAK_RANDOM );
158
159 sign( out1_a, out1_b, test, sk );
160 if( !verify( out1_a, out1_b, test, &pk ) )
161 log_fatal("DSA:: sign, verify failed\n");
162
163 gcry_mpi_release ( test );
164 gcry_mpi_release ( out1_a );
165 gcry_mpi_release ( out1_b );
166}
167
168
169
170/*
171 Generate a DSA key pair with a key of size NBITS.
172 Returns: 2 structures filled with all needed values
173 and an array with the n-1 factors of (p-1)
174 */
175static void
176generate( DSA_secret_key *sk, unsigned nbits, gcry_mpi_t **ret_factors )
177{
178 gcry_mpi_t p; /* the prime */
179 gcry_mpi_t q; /* the 160 bit prime factor */
180 gcry_mpi_t g; /* the generator */
181 gcry_mpi_t y; /* g^x mod p */
182 gcry_mpi_t x; /* the secret exponent */
183 gcry_mpi_t h, e; /* helper */
184 unsigned qbits;
185 byte *rndbuf;
186
187 assert( nbits >= 512 && nbits <= 1024 );
188
189 qbits = 160;
190 p = _gcry_generate_elg_prime( 1, nbits, qbits, NULL, ret_factors );
191 /* get q out of factors */
192 q = mpi_copy((*ret_factors)[0]);
193 if( mpi_get_nbits(q) != qbits )
194 BUG();
195
196 /* Find a generator g (h and e are helpers).
197 e = (p-1)/q */
198 e = mpi_alloc( mpi_get_nlimbs(p) );
199 mpi_sub_ui( e, p, 1 );
200 mpi_fdiv_q( e, e, q );
201 g = mpi_alloc( mpi_get_nlimbs(p) );
202 h = mpi_alloc_set_ui( 1 ); /* we start with 2 */
203 do
204 {
205 mpi_add_ui( h, h, 1 );
206 /* g = h^e mod p */
207 gcry_mpi_powm( g, h, e, p );
208 }
209 while( !mpi_cmp_ui( g, 1 ) ); /* continue until g != 1 */
210
211 /* Select a random number which has these properties:
212 * 0 < x < q-1
213 * This must be a very good random number because this
214 * is the secret part. */
215 if( DBG_CIPHER )
216 log_debug("choosing a random x ");
217 assert( qbits >= 160 );
218 x = mpi_alloc_secure( mpi_get_nlimbs(q) );
219 mpi_sub_ui( h, q, 1 ); /* put q-1 into h */
220 rndbuf = NULL;
221 do
222 {
223 if( DBG_CIPHER )
224 progress('.');
225 if( !rndbuf )
226 rndbuf = gcry_random_bytes_secure( (qbits+7)/8,
227 GCRY_VERY_STRONG_RANDOM );
228 else
229 { /* Change only some of the higher bits (= 2 bytes)*/
230 char *r = gcry_random_bytes_secure (2, GCRY_VERY_STRONG_RANDOM);
231 memcpy(rndbuf, r, 2 );
232 gcry_free(r);
233 }
234
235 _gcry_mpi_set_buffer( x, rndbuf, (qbits+7)/8, 0 );
236 mpi_clear_highbit( x, qbits+1 );
237 }
238 while ( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, h )<0 ) );
239 gcry_free(rndbuf);
240 mpi_free( e );
241 mpi_free( h );
242
243 /* y = g^x mod p */
244 y = mpi_alloc( mpi_get_nlimbs(p) );
245 gcry_mpi_powm( y, g, x, p );
246
247 if( DBG_CIPHER )
248 {
249 progress('\n');
250 log_mpidump("dsa p= ", p );
251 log_mpidump("dsa q= ", q );
252 log_mpidump("dsa g= ", g );
253 log_mpidump("dsa y= ", y );
254 log_mpidump("dsa x= ", x );
255 }
256
257 /* Copy the stuff to the key structures. */
258 sk->p = p;
259 sk->q = q;
260 sk->g = g;
261 sk->y = y;
262 sk->x = x;
263
264 /* Now we can test our keys (this should never fail!). */
265 test_keys( sk, qbits );
266}
267
268
269
270/*
271 Test whether the secret key is valid.
272 Returns: if this is a valid key.
273 */
274static int
275check_secret_key( DSA_secret_key *sk )
276{
277 int rc;
278 gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs(sk->y) );
279
280 gcry_mpi_powm( y, sk->g, sk->x, sk->p );
281 rc = !mpi_cmp( y, sk->y );
282 mpi_free( y );
283 return rc;
284}
285
286
287
288/*
289 Make a DSA signature from HASH and put it into r and s.
290 */
291static void
292sign(gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_secret_key *skey )
293{
294 gcry_mpi_t k;
295 gcry_mpi_t kinv;
296 gcry_mpi_t tmp;
297
298 /* Select a random k with 0 < k < q */
299 k = gen_k( skey->q );
300
301 /* r = (a^k mod p) mod q */
302 gcry_mpi_powm( r, skey->g, k, skey->p );
303 mpi_fdiv_r( r, r, skey->q );
304
305 /* kinv = k^(-1) mod q */
306 kinv = mpi_alloc( mpi_get_nlimbs(k) );
307 mpi_invm(kinv, k, skey->q );
308
309 /* s = (kinv * ( hash + x * r)) mod q */
310 tmp = mpi_alloc( mpi_get_nlimbs(skey->p) );
311 mpi_mul( tmp, skey->x, r );
312 mpi_add( tmp, tmp, hash );
313 mpi_mulm( s , kinv, tmp, skey->q );
314
315 mpi_free(k);
316 mpi_free(kinv);
317 mpi_free(tmp);
318}
319
320
321/*
322 Returns true if the signature composed from R and S is valid.
323 */
324static int
325verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_public_key *pkey )
326{
327 int rc;
328 gcry_mpi_t w, u1, u2, v;
329 gcry_mpi_t base[3];
330 gcry_mpi_t ex[3];
331
332 if( !(mpi_cmp_ui( r, 0 ) > 0 && mpi_cmp( r, pkey->q ) < 0) )
333 return 0; /* assertion 0 < r < q failed */
334 if( !(mpi_cmp_ui( s, 0 ) > 0 && mpi_cmp( s, pkey->q ) < 0) )
335 return 0; /* assertion 0 < s < q failed */
336
337 w = mpi_alloc( mpi_get_nlimbs(pkey->q) );
338 u1 = mpi_alloc( mpi_get_nlimbs(pkey->q) );
339 u2 = mpi_alloc( mpi_get_nlimbs(pkey->q) );
340 v = mpi_alloc( mpi_get_nlimbs(pkey->p) );
341
342 /* w = s^(-1) mod q */
343 mpi_invm( w, s, pkey->q );
344
345 /* u1 = (hash * w) mod q */
346 mpi_mulm( u1, hash, w, pkey->q );
347
348 /* u2 = r * w mod q */
349 mpi_mulm( u2, r, w, pkey->q );
350
351 /* v = g^u1 * y^u2 mod p mod q */
352 base[0] = pkey->g; ex[0] = u1;
353 base[1] = pkey->y; ex[1] = u2;
354 base[2] = NULL; ex[2] = NULL;
355 mpi_mulpowm( v, base, ex, pkey->p );
356 mpi_fdiv_r( v, v, pkey->q );
357
358 rc = !mpi_cmp( v, r );
359
360 mpi_free(w);
361 mpi_free(u1);
362 mpi_free(u2);
363 mpi_free(v);
364
365 return rc;
366}
367
368
369/*********************************************
370 ************** interface ******************
371 *********************************************/
372
373gcry_err_code_t
374_gcry_dsa_generate (int algo, unsigned nbits, unsigned long dummy,
375 gcry_mpi_t *skey, gcry_mpi_t **retfactors)
376{
377 DSA_secret_key sk;
378
379 generate (&sk, nbits, retfactors);
380 skey[0] = sk.p;
381 skey[1] = sk.q;
382 skey[2] = sk.g;
383 skey[3] = sk.y;
384 skey[4] = sk.x;
385
386 return GPG_ERR_NO_ERROR;
387}
388
389
390gcry_err_code_t
391_gcry_dsa_check_secret_key (int algo, gcry_mpi_t *skey)
392{
393 gcry_err_code_t err = GPG_ERR_NO_ERROR;
394 DSA_secret_key sk;
395
396 if ((! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]) || (! skey[4]))
397 err = GPG_ERR_BAD_MPI;
398 else
399 {
400 sk.p = skey[0];
401 sk.q = skey[1];
402 sk.g = skey[2];
403 sk.y = skey[3];
404 sk.x = skey[4];
405 if (! check_secret_key (&sk))
406 err = GPG_ERR_BAD_SECKEY;
407 }
408
409 return err;
410}
411
412
413gcry_err_code_t
414_gcry_dsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
415{
416 gcry_err_code_t err = GPG_ERR_NO_ERROR;
417 DSA_secret_key sk;
418
419 if ((! data)
420 || (! skey[0]) || (! skey[1]) || (! skey[2])
421 || (! skey[3]) || (! skey[4]))
422 err = GPG_ERR_BAD_MPI;
423 else
424 {
425 sk.p = skey[0];
426 sk.q = skey[1];
427 sk.g = skey[2];
428 sk.y = skey[3];
429 sk.x = skey[4];
430 resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.p));
431 resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p));
432 sign (resarr[0], resarr[1], data, &sk);
433 }
434 return err;
435}
436
437gcry_err_code_t
438_gcry_dsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
439 int (*cmp) (void *, gcry_mpi_t), void *opaquev)
440{
441 gcry_err_code_t err = GPG_ERR_NO_ERROR;
442 DSA_public_key pk;
443
444 if ((! data[0]) || (! data[1]) || (! hash)
445 || (! pkey[0]) || (! pkey[1]) || (! pkey[2]) || (! pkey[3]))
446 err = GPG_ERR_BAD_MPI;
447 else
448 {
449 pk.p = pkey[0];
450 pk.q = pkey[1];
451 pk.g = pkey[2];
452 pk.y = pkey[3];
453 if (! verify (data[0], data[1], hash, &pk))
454 err = GPG_ERR_BAD_SIGNATURE;
455 }
456 return err;
457}
458
459
460unsigned int
461_gcry_dsa_get_nbits (int algo, gcry_mpi_t *pkey)
462{
463 return mpi_get_nbits (pkey[0]);
464}
465
466static char *dsa_names[] =
467 {
468 "dsa",
469 "openpgp-dsa",
470 NULL,
471 };
472
473gcry_pk_spec_t _gcry_pubkey_spec_dsa =
474 {
475 "DSA", dsa_names,
476 "pqgy", "pqgyx", "", "rs", "pqgy",
477 GCRY_PK_USAGE_SIGN,
478 _gcry_dsa_generate,
479 _gcry_dsa_check_secret_key,
480 NULL,
481 NULL,
482 _gcry_dsa_sign,
483 _gcry_dsa_verify,
484 _gcry_dsa_get_nbits,
485 };
486
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/elgamal.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/elgamal.c
new file mode 100755
index 0000000..7481250
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/elgamal.c
@@ -0,0 +1,682 @@
1/* Elgamal.c - ElGamal Public Key encryption
2 * Copyright (C) 1998, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 *
20 * For a description of the algorithm, see:
21 * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
22 * ISBN 0-471-11709-9. Pages 476 ff.
23 */
24
25#include <config.h>
26#include <stdio.h>
27#include <stdlib.h>
28#include <string.h>
29#include "g10lib.h"
30#include "mpi.h"
31#include "cipher.h"
32
33typedef struct
34{
35 gcry_mpi_t p; /* prime */
36 gcry_mpi_t g; /* group generator */
37 gcry_mpi_t y; /* g^x mod p */
38} ELG_public_key;
39
40
41typedef struct
42{
43 gcry_mpi_t p; /* prime */
44 gcry_mpi_t g; /* group generator */
45 gcry_mpi_t y; /* g^x mod p */
46 gcry_mpi_t x; /* secret exponent */
47} ELG_secret_key;
48
49
50static void test_keys (ELG_secret_key *sk, unsigned nbits);
51static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
52static void generate (ELG_secret_key *sk, unsigned nbits, gcry_mpi_t **factors);
53static int check_secret_key (ELG_secret_key *sk);
54static void do_encrypt (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,
55 ELG_public_key *pkey);
56static void decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b,
57 ELG_secret_key *skey);
58static void sign (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,
59 ELG_secret_key *skey);
60static int verify (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,
61 ELG_public_key *pkey);
62
63
64static void (*progress_cb) (void *, const char *, int, int, int);
65static void *progress_cb_data;
66
67void
68_gcry_register_pk_elg_progress (void (*cb) (void *, const char *,
69 int, int, int),
70 void *cb_data)
71{
72 progress_cb = cb;
73 progress_cb_data = cb_data;
74}
75
76
77static void
78progress (int c)
79{
80 if (progress_cb)
81 progress_cb (progress_cb_data, "pk_elg", c, 0, 0);
82}
83
84
85/****************
86 * Michael Wiener's table on subgroup sizes to match field sizes
87 * (floating around somewhere - Fixme: need a reference)
88 */
89static unsigned int
90wiener_map( unsigned int n )
91{
92 static struct { unsigned int p_n, q_n; } t[] =
93 { /* p q attack cost */
94 { 512, 119 }, /* 9 x 10^17 */
95 { 768, 145 }, /* 6 x 10^21 */
96 { 1024, 165 }, /* 7 x 10^24 */
97 { 1280, 183 }, /* 3 x 10^27 */
98 { 1536, 198 }, /* 7 x 10^29 */
99 { 1792, 212 }, /* 9 x 10^31 */
100 { 2048, 225 }, /* 8 x 10^33 */
101 { 2304, 237 }, /* 5 x 10^35 */
102 { 2560, 249 }, /* 3 x 10^37 */
103 { 2816, 259 }, /* 1 x 10^39 */
104 { 3072, 269 }, /* 3 x 10^40 */
105 { 3328, 279 }, /* 8 x 10^41 */
106 { 3584, 288 }, /* 2 x 10^43 */
107 { 3840, 296 }, /* 4 x 10^44 */
108 { 4096, 305 }, /* 7 x 10^45 */
109 { 4352, 313 }, /* 1 x 10^47 */
110 { 4608, 320 }, /* 2 x 10^48 */
111 { 4864, 328 }, /* 2 x 10^49 */
112 { 5120, 335 }, /* 3 x 10^50 */
113 { 0, 0 }
114 };
115 int i;
116
117 for(i=0; t[i].p_n; i++ )
118 {
119 if( n <= t[i].p_n )
120 return t[i].q_n;
121 }
122 /* Not in table - use an arbitrary high number. */
123 return n / 8 + 200;
124}
125
126static void
127test_keys( ELG_secret_key *sk, unsigned nbits )
128{
129 ELG_public_key pk;
130 gcry_mpi_t test = gcry_mpi_new ( 0 );
131 gcry_mpi_t out1_a = gcry_mpi_new ( nbits );
132 gcry_mpi_t out1_b = gcry_mpi_new ( nbits );
133 gcry_mpi_t out2 = gcry_mpi_new ( nbits );
134
135 pk.p = sk->p;
136 pk.g = sk->g;
137 pk.y = sk->y;
138
139 gcry_mpi_randomize( test, nbits, GCRY_WEAK_RANDOM );
140
141 do_encrypt( out1_a, out1_b, test, &pk );
142 decrypt( out2, out1_a, out1_b, sk );
143 if( mpi_cmp( test, out2 ) )
144 log_fatal("ElGamal operation: encrypt, decrypt failed\n");
145
146 sign( out1_a, out1_b, test, sk );
147 if( !verify( out1_a, out1_b, test, &pk ) )
148 log_fatal("ElGamal operation: sign, verify failed\n");
149
150 gcry_mpi_release ( test );
151 gcry_mpi_release ( out1_a );
152 gcry_mpi_release ( out1_b );
153 gcry_mpi_release ( out2 );
154}
155
156
157/****************
158 * Generate a random secret exponent k from prime p, so that k is
159 * relatively prime to p-1. With SMALL_K set, k will be selected for
160 * better encryption performance - this must never be used signing!
161 */
162static gcry_mpi_t
163gen_k( gcry_mpi_t p, int small_k )
164{
165 gcry_mpi_t k = mpi_alloc_secure( 0 );
166 gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
167 gcry_mpi_t p_1 = mpi_copy(p);
168 unsigned int orig_nbits = mpi_get_nbits(p);
169 unsigned int nbits, nbytes;
170 unsigned char *rndbuf = NULL;
171
172 if (small_k)
173 {
174 /* Using a k much lesser than p is sufficient for encryption and
175 * it greatly improves the encryption performance. We use
176 * Wiener's table and add a large safety margin. */
177 nbits = wiener_map( orig_nbits ) * 3 / 2;
178 if( nbits >= orig_nbits )
179 BUG();
180 }
181 else
182 nbits = orig_nbits;
183
184
185 nbytes = (nbits+7)/8;
186 if( DBG_CIPHER )
187 log_debug("choosing a random k ");
188 mpi_sub_ui( p_1, p, 1);
189 for(;;)
190 {
191 if( !rndbuf || nbits < 32 )
192 {
193 gcry_free(rndbuf);
194 rndbuf = gcry_random_bytes_secure( nbytes, GCRY_STRONG_RANDOM );
195 }
196 else
197 {
198 /* Change only some of the higher bits. We could improve
199 this by directly requesting more memory at the first call
200 to get_random_bytes() and use this the here maybe it is
201 easier to do this directly in random.c Anyway, it is
202 highly inlikely that we will ever reach this code. */
203 char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM );
204 memcpy( rndbuf, pp, 4 );
205 gcry_free(pp);
206 }
207 _gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 );
208
209 for(;;)
210 {
211 if( !(mpi_cmp( k, p_1 ) < 0) ) /* check: k < (p-1) */
212 {
213 if( DBG_CIPHER )
214 progress('+');
215 break; /* no */
216 }
217 if( !(mpi_cmp_ui( k, 0 ) > 0) ) /* check: k > 0 */
218 {
219 if( DBG_CIPHER )
220 progress('-');
221 break; /* no */
222 }
223 if (gcry_mpi_gcd( temp, k, p_1 ))
224 goto found; /* okay, k is relative prime to (p-1) */
225 mpi_add_ui( k, k, 1 );
226 if( DBG_CIPHER )
227 progress('.');
228 }
229 }
230 found:
231 gcry_free(rndbuf);
232 if( DBG_CIPHER )
233 progress('\n');
234 mpi_free(p_1);
235 mpi_free(temp);
236
237 return k;
238}
239
240/****************
241 * Generate a key pair with a key of size NBITS
242 * Returns: 2 structures filles with all needed values
243 * and an array with n-1 factors of (p-1)
244 */
245static void
246generate ( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors )
247{
248 gcry_mpi_t p; /* the prime */
249 gcry_mpi_t p_min1;
250 gcry_mpi_t g;
251 gcry_mpi_t x; /* the secret exponent */
252 gcry_mpi_t y;
253 gcry_mpi_t temp;
254 unsigned int qbits;
255 unsigned int xbits;
256 byte *rndbuf;
257
258 p_min1 = gcry_mpi_new ( nbits );
259 temp = gcry_mpi_new( nbits );
260 qbits = wiener_map( nbits );
261 if( qbits & 1 ) /* better have a even one */
262 qbits++;
263 g = mpi_alloc(1);
264 p = _gcry_generate_elg_prime( 0, nbits, qbits, g, ret_factors );
265 mpi_sub_ui(p_min1, p, 1);
266
267
268 /* Select a random number which has these properties:
269 * 0 < x < p-1
270 * This must be a very good random number because this is the
271 * secret part. The prime is public and may be shared anyway,
272 * so a random generator level of 1 is used for the prime.
273 *
274 * I don't see a reason to have a x of about the same size
275 * as the p. It should be sufficient to have one about the size
276 * of q or the later used k plus a large safety margin. Decryption
277 * will be much faster with such an x.
278 */
279 xbits = qbits * 3 / 2;
280 if( xbits >= nbits )
281 BUG();
282 x = gcry_mpi_snew ( xbits );
283 if( DBG_CIPHER )
284 log_debug("choosing a random x of size %u", xbits );
285 rndbuf = NULL;
286 do
287 {
288 if( DBG_CIPHER )
289 progress('.');
290 if( rndbuf )
291 { /* Change only some of the higher bits */
292 if( xbits < 16 ) /* should never happen ... */
293 {
294 gcry_free(rndbuf);
295 rndbuf = gcry_random_bytes_secure( (xbits+7)/8,
296 GCRY_VERY_STRONG_RANDOM );
297 }
298 else
299 {
300 char *r = gcry_random_bytes_secure( 2,
301 GCRY_VERY_STRONG_RANDOM );
302 memcpy(rndbuf, r, 2 );
303 gcry_free(r);
304 }
305 }
306 else
307 {
308 rndbuf = gcry_random_bytes_secure( (xbits+7)/8,
309 GCRY_VERY_STRONG_RANDOM );
310 }
311 _gcry_mpi_set_buffer( x, rndbuf, (xbits+7)/8, 0 );
312 mpi_clear_highbit( x, xbits+1 );
313 }
314 while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) );
315 gcry_free(rndbuf);
316
317 y = gcry_mpi_new (nbits);
318 gcry_mpi_powm( y, g, x, p );
319
320 if( DBG_CIPHER )
321 {
322 progress('\n');
323 log_mpidump("elg p= ", p );
324 log_mpidump("elg g= ", g );
325 log_mpidump("elg y= ", y );
326 log_mpidump("elg x= ", x );
327 }
328
329 /* Copy the stuff to the key structures */
330 sk->p = p;
331 sk->g = g;
332 sk->y = y;
333 sk->x = x;
334
335 /* Now we can test our keys (this should never fail!) */
336 test_keys( sk, nbits - 64 );
337
338 gcry_mpi_release ( p_min1 );
339 gcry_mpi_release ( temp );
340}
341
342
343/****************
344 * Test whether the secret key is valid.
345 * Returns: if this is a valid key.
346 */
347static int
348check_secret_key( ELG_secret_key *sk )
349{
350 int rc;
351 gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs(sk->y) );
352
353 gcry_mpi_powm( y, sk->g, sk->x, sk->p );
354 rc = !mpi_cmp( y, sk->y );
355 mpi_free( y );
356 return rc;
357}
358
359
360static void
361do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
362{
363 gcry_mpi_t k;
364
365 /* Note: maybe we should change the interface, so that it
366 * is possible to check that input is < p and return an
367 * error code.
368 */
369
370 k = gen_k( pkey->p, 1 );
371 gcry_mpi_powm( a, pkey->g, k, pkey->p );
372 /* b = (y^k * input) mod p
373 * = ((y^k mod p) * (input mod p)) mod p
374 * and because input is < p
375 * = ((y^k mod p) * input) mod p
376 */
377 gcry_mpi_powm( b, pkey->y, k, pkey->p );
378 gcry_mpi_mulm( b, b, input, pkey->p );
379#if 0
380 if( DBG_CIPHER )
381 {
382 log_mpidump("elg encrypted y= ", pkey->y);
383 log_mpidump("elg encrypted p= ", pkey->p);
384 log_mpidump("elg encrypted k= ", k);
385 log_mpidump("elg encrypted M= ", input);
386 log_mpidump("elg encrypted a= ", a);
387 log_mpidump("elg encrypted b= ", b);
388 }
389#endif
390 mpi_free(k);
391}
392
393
394
395
396static void
397decrypt(gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
398{
399 gcry_mpi_t t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
400
401 /* output = b/(a^x) mod p */
402 gcry_mpi_powm( t1, a, skey->x, skey->p );
403 mpi_invm( t1, t1, skey->p );
404 mpi_mulm( output, b, t1, skey->p );
405#if 0
406 if( DBG_CIPHER )
407 {
408 log_mpidump("elg decrypted x= ", skey->x);
409 log_mpidump("elg decrypted p= ", skey->p);
410 log_mpidump("elg decrypted a= ", a);
411 log_mpidump("elg decrypted b= ", b);
412 log_mpidump("elg decrypted M= ", output);
413 }
414#endif
415 mpi_free(t1);
416}
417
418
419/****************
420 * Make an Elgamal signature out of INPUT
421 */
422
423static void
424sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
425{
426 gcry_mpi_t k;
427 gcry_mpi_t t = mpi_alloc( mpi_get_nlimbs(a) );
428 gcry_mpi_t inv = mpi_alloc( mpi_get_nlimbs(a) );
429 gcry_mpi_t p_1 = mpi_copy(skey->p);
430
431 /*
432 * b = (t * inv) mod (p-1)
433 * b = (t * inv(k,(p-1),(p-1)) mod (p-1)
434 * b = (((M-x*a) mod (p-1)) * inv(k,(p-1),(p-1))) mod (p-1)
435 *
436 */
437 mpi_sub_ui(p_1, p_1, 1);
438 k = gen_k( skey->p, 0 /* no small K ! */ );
439 gcry_mpi_powm( a, skey->g, k, skey->p );
440 mpi_mul(t, skey->x, a );
441 mpi_subm(t, input, t, p_1 );
442 mpi_invm(inv, k, p_1 );
443 mpi_mulm(b, t, inv, p_1 );
444
445#if 0
446 if( DBG_CIPHER )
447 {
448 log_mpidump("elg sign p= ", skey->p);
449 log_mpidump("elg sign g= ", skey->g);
450 log_mpidump("elg sign y= ", skey->y);
451 log_mpidump("elg sign x= ", skey->x);
452 log_mpidump("elg sign k= ", k);
453 log_mpidump("elg sign M= ", input);
454 log_mpidump("elg sign a= ", a);
455 log_mpidump("elg sign b= ", b);
456 }
457#endif
458 mpi_free(k);
459 mpi_free(t);
460 mpi_free(inv);
461 mpi_free(p_1);
462}
463
464
465/****************
466 * Returns true if the signature composed of A and B is valid.
467 */
468static int
469verify(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
470{
471 int rc;
472 gcry_mpi_t t1;
473 gcry_mpi_t t2;
474 gcry_mpi_t base[4];
475 gcry_mpi_t ex[4];
476
477 if( !(mpi_cmp_ui( a, 0 ) > 0 && mpi_cmp( a, pkey->p ) < 0) )
478 return 0; /* assertion 0 < a < p failed */
479
480 t1 = mpi_alloc( mpi_get_nlimbs(a) );
481 t2 = mpi_alloc( mpi_get_nlimbs(a) );
482
483#if 0
484 /* t1 = (y^a mod p) * (a^b mod p) mod p */
485 gcry_mpi_powm( t1, pkey->y, a, pkey->p );
486 gcry_mpi_powm( t2, a, b, pkey->p );
487 mpi_mulm( t1, t1, t2, pkey->p );
488
489 /* t2 = g ^ input mod p */
490 gcry_mpi_powm( t2, pkey->g, input, pkey->p );
491
492 rc = !mpi_cmp( t1, t2 );
493#elif 0
494 /* t1 = (y^a mod p) * (a^b mod p) mod p */
495 base[0] = pkey->y; ex[0] = a;
496 base[1] = a; ex[1] = b;
497 base[2] = NULL; ex[2] = NULL;
498 mpi_mulpowm( t1, base, ex, pkey->p );
499
500 /* t2 = g ^ input mod p */
501 gcry_mpi_powm( t2, pkey->g, input, pkey->p );
502
503 rc = !mpi_cmp( t1, t2 );
504#else
505 /* t1 = g ^ - input * y ^ a * a ^ b mod p */
506 mpi_invm(t2, pkey->g, pkey->p );
507 base[0] = t2 ; ex[0] = input;
508 base[1] = pkey->y; ex[1] = a;
509 base[2] = a; ex[2] = b;
510 base[3] = NULL; ex[3] = NULL;
511 mpi_mulpowm( t1, base, ex, pkey->p );
512 rc = !mpi_cmp_ui( t1, 1 );
513
514#endif
515
516 mpi_free(t1);
517 mpi_free(t2);
518 return rc;
519}
520
521/*********************************************
522 ************** interface ******************
523 *********************************************/
524
525gcry_err_code_t
526_gcry_elg_generate (int algo, unsigned nbits, unsigned long dummy,
527 gcry_mpi_t *skey, gcry_mpi_t **retfactors)
528{
529 ELG_secret_key sk;
530
531 generate (&sk, nbits, retfactors);
532 skey[0] = sk.p;
533 skey[1] = sk.g;
534 skey[2] = sk.y;
535 skey[3] = sk.x;
536
537 return GPG_ERR_NO_ERROR;
538}
539
540
541gcry_err_code_t
542_gcry_elg_check_secret_key (int algo, gcry_mpi_t *skey)
543{
544 gcry_err_code_t err = GPG_ERR_NO_ERROR;
545 ELG_secret_key sk;
546
547 if ((! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))
548 err = GPG_ERR_BAD_MPI;
549 else
550 {
551 sk.p = skey[0];
552 sk.g = skey[1];
553 sk.y = skey[2];
554 sk.x = skey[3];
555
556 if (! check_secret_key (&sk))
557 err = GPG_ERR_BAD_SECKEY;
558 }
559
560 return err;
561}
562
563
564gcry_err_code_t
565_gcry_elg_encrypt (int algo, gcry_mpi_t *resarr,
566 gcry_mpi_t data, gcry_mpi_t *pkey, int flags)
567{
568 gcry_err_code_t err = GPG_ERR_NO_ERROR;
569 ELG_public_key pk;
570
571 if ((! data) || (! pkey[0]) || (! pkey[1]) || (! pkey[2]))
572 err = GPG_ERR_BAD_MPI;
573 else
574 {
575 pk.p = pkey[0];
576 pk.g = pkey[1];
577 pk.y = pkey[2];
578 resarr[0] = mpi_alloc (mpi_get_nlimbs (pk.p));
579 resarr[1] = mpi_alloc (mpi_get_nlimbs (pk.p));
580 do_encrypt (resarr[0], resarr[1], data, &pk);
581 }
582 return err;
583}
584
585
586gcry_err_code_t
587_gcry_elg_decrypt (int algo, gcry_mpi_t *result,
588 gcry_mpi_t *data, gcry_mpi_t *skey, int flags)
589{
590 gcry_err_code_t err = GPG_ERR_NO_ERROR;
591 ELG_secret_key sk;
592
593 if ((! data[0]) || (! data[1])
594 || (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))
595 err = GPG_ERR_BAD_MPI;
596 else
597 {
598 sk.p = skey[0];
599 sk.g = skey[1];
600 sk.y = skey[2];
601 sk.x = skey[3];
602 *result = mpi_alloc_secure (mpi_get_nlimbs (sk.p));
603 decrypt (*result, data[0], data[1], &sk);
604 }
605 return err;
606}
607
608
609gcry_err_code_t
610_gcry_elg_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
611{
612 gcry_err_code_t err = GPG_ERR_NO_ERROR;
613 ELG_secret_key sk;
614
615 if ((! data)
616 || (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))
617 err = GPG_ERR_BAD_MPI;
618 else
619 {
620 sk.p = skey[0];
621 sk.g = skey[1];
622 sk.y = skey[2];
623 sk.x = skey[3];
624 resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.p));
625 resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p));
626 sign (resarr[0], resarr[1], data, &sk);
627 }
628
629 return err;
630}
631
632gcry_err_code_t
633_gcry_elg_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
634 int (*cmp) (void *, gcry_mpi_t), void *opaquev)
635{
636 gcry_err_code_t err = GPG_ERR_NO_ERROR;
637 ELG_public_key pk;
638
639 if ((! data[0]) || (! data[1]) || (! hash)
640 || (! pkey[0]) || (! pkey[1]) || (! pkey[2]))
641 err = GPG_ERR_BAD_MPI;
642 else
643 {
644 pk.p = pkey[0];
645 pk.g = pkey[1];
646 pk.y = pkey[2];
647 if (! verify (data[0], data[1], hash, &pk))
648 err = GPG_ERR_BAD_SIGNATURE;
649 }
650
651 return err;
652}
653
654
655unsigned int
656_gcry_elg_get_nbits (int algo, gcry_mpi_t *pkey)
657{
658 return mpi_get_nbits (pkey[0]);
659}
660
661static char *elg_names[] =
662 {
663 "elg",
664 "openpgp-elg",
665 "openpgp-elg-sig",
666 NULL,
667 };
668
669
670gcry_pk_spec_t _gcry_pubkey_spec_elg =
671 {
672 "ELG", elg_names,
673 "pgy", "pgyx", "ab", "rs", "pgy",
674 GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR,
675 _gcry_elg_generate,
676 _gcry_elg_check_secret_key,
677 _gcry_elg_encrypt,
678 _gcry_elg_decrypt,
679 _gcry_elg_sign,
680 _gcry_elg_verify,
681 _gcry_elg_get_nbits,
682 };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md.c
new file mode 100755
index 0000000..a2878cc
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md.c
@@ -0,0 +1,1254 @@
1/* md.c - message digest dispatcher
2 * Copyright (C) 1998, 1999, 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21#include <config.h>
22#include <stdio.h>
23#include <stdlib.h>
24#include <string.h>
25#include <errno.h>
26#include <assert.h>
27
28#include "g10lib.h"
29#include "cipher.h"
30#include "ath.h"
31
32#include "rmd.h"
33
34static struct digest_table_entry
35{
36 gcry_md_spec_t *digest;
37 unsigned int algorithm;
38} digest_table[] =
39 {
40#if USE_CRC
41 { &_gcry_digest_spec_crc32, GCRY_MD_CRC32 },
42 { &_gcry_digest_spec_crc32_rfc1510, GCRY_MD_CRC32_RFC1510 },
43 { &_gcry_digest_spec_crc24_rfc2440, GCRY_MD_CRC24_RFC2440 },
44#endif
45#if USE_MD4
46 { &_gcry_digest_spec_md4, GCRY_MD_MD4 },
47#endif
48#if USE_MD5
49 { &_gcry_digest_spec_md5, GCRY_MD_MD5 },
50#endif
51#if USE_RMD160
52 { &_gcry_digest_spec_rmd160, GCRY_MD_RMD160 },
53#endif
54#if USE_SHA1
55 { &_gcry_digest_spec_sha1, GCRY_MD_SHA1 },
56#endif
57#if USE_SHA256
58 { &_gcry_digest_spec_sha256, GCRY_MD_SHA256 },
59#endif
60#if USE_SHA512
61 { &_gcry_digest_spec_sha512, GCRY_MD_SHA512 },
62 { &_gcry_digest_spec_sha384, GCRY_MD_SHA384 },
63#endif
64#if USE_TIGER
65 { &_gcry_digest_spec_tiger, GCRY_MD_TIGER },
66#endif
67 { NULL },
68 };
69
70/* List of registered digests. */
71static gcry_module_t digests_registered;
72
73/* This is the lock protecting DIGESTS_REGISTERED. */
74static ath_mutex_t digests_registered_lock = ATH_MUTEX_INITIALIZER;
75
76/* Flag to check wether the default ciphers have already been
77 registered. */
78static int default_digests_registered;
79
80typedef struct gcry_md_list
81{
82 gcry_md_spec_t *digest;
83 gcry_module_t module;
84 struct gcry_md_list *next;
85 size_t actual_struct_size; /* Allocated size of this structure. */
86 PROPERLY_ALIGNED_TYPE context;
87} GcryDigestEntry;
88
89/* this structure is put right after the gcry_md_hd_t buffer, so that
90 * only one memory block is needed. */
91struct gcry_md_context
92{
93 int magic;
94 size_t actual_handle_size; /* Allocated size of this handle. */
95 int secure;
96 FILE *debug;
97 int finalized;
98 GcryDigestEntry *list;
99 byte *macpads;
100};
101
102
103#define CTX_MAGIC_NORMAL 0x11071961
104#define CTX_MAGIC_SECURE 0x16917011
105
106/* Convenient macro for registering the default digests. */
107#define REGISTER_DEFAULT_DIGESTS \
108 do \
109 { \
110 ath_mutex_lock (&digests_registered_lock); \
111 if (! default_digests_registered) \
112 { \
113 gcry_md_register_default (); \
114 default_digests_registered = 1; \
115 } \
116 ath_mutex_unlock (&digests_registered_lock); \
117 } \
118 while (0)
119
120
121static const char * digest_algo_to_string( int algo );
122static gcry_err_code_t check_digest_algo (int algo);
123static gcry_err_code_t md_open (gcry_md_hd_t *h, int algo,
124 int secure, int hmac);
125static gcry_err_code_t md_enable (gcry_md_hd_t hd, int algo);
126static gcry_err_code_t md_copy (gcry_md_hd_t a, gcry_md_hd_t *b);
127static void md_close (gcry_md_hd_t a);
128static void md_write (gcry_md_hd_t a, byte *inbuf, size_t inlen);
129static void md_final(gcry_md_hd_t a);
130static byte *md_read( gcry_md_hd_t a, int algo );
131static int md_get_algo( gcry_md_hd_t a );
132static int md_digest_length( int algo );
133static const byte *md_asn_oid( int algo, size_t *asnlen, size_t *mdlen );
134static void md_start_debug( gcry_md_hd_t a, char *suffix );
135static void md_stop_debug( gcry_md_hd_t a );
136
137
138
139
140/* Internal function. Register all the ciphers included in
141 CIPHER_TABLE. Returns zero on success or an error code. */
142static void
143gcry_md_register_default (void)
144{
145 gcry_err_code_t err = 0;
146 int i;
147
148 for (i = 0; (! err) && digest_table[i].digest; i++)
149 err = _gcry_module_add (&digests_registered,
150 digest_table[i].algorithm,
151 (void *) digest_table[i].digest,
152 NULL);
153
154 if (err)
155 BUG ();
156}
157
158/* Internal callback function. */
159static int
160gcry_md_lookup_func_name (void *spec, void *data)
161{
162 gcry_md_spec_t *digest = (gcry_md_spec_t *) spec;
163 char *name = (char *) data;
164
165 return (! stricmp (digest->name, name));
166}
167
168/* Internal callback function. Used via _gcry_module_lookup. */
169static int
170gcry_md_lookup_func_oid (void *spec, void *data)
171{
172 gcry_md_spec_t *digest = (gcry_md_spec_t *) spec;
173 char *oid = (char *) data;
174 gcry_md_oid_spec_t *oid_specs = digest->oids;
175 int ret = 0, i;
176
177 if (oid_specs)
178 {
179 for (i = 0; oid_specs[i].oidstring && (! ret); i++)
180 if (! stricmp (oid, oid_specs[i].oidstring))
181 ret = 1;
182 }
183
184 return ret;
185}
186
187/* Internal function. Lookup a digest entry by it's name. */
188static gcry_module_t
189gcry_md_lookup_name (const char *name)
190{
191 gcry_module_t digest;
192
193 digest = _gcry_module_lookup (digests_registered, (void *) name,
194 gcry_md_lookup_func_name);
195
196 return digest;
197}
198
199/* Internal function. Lookup a cipher entry by it's oid. */
200static gcry_module_t
201gcry_md_lookup_oid (const char *oid)
202{
203 gcry_module_t digest;
204
205 digest = _gcry_module_lookup (digests_registered, (void *) oid,
206 gcry_md_lookup_func_oid);
207
208 return digest;
209}
210
211/* Register a new digest module whose specification can be found in
212 DIGEST. On success, a new algorithm ID is stored in ALGORITHM_ID
213 and a pointer representhing this module is stored in MODULE. */
214gcry_error_t
215gcry_md_register (gcry_md_spec_t *digest,
216 unsigned int *algorithm_id,
217 gcry_module_t *module)
218{
219 gcry_err_code_t err = 0;
220 gcry_module_t mod;
221
222 ath_mutex_lock (&digests_registered_lock);
223 err = _gcry_module_add (&digests_registered, 0,
224 (void *) digest, &mod);
225 ath_mutex_unlock (&digests_registered_lock);
226
227 if (! err)
228 {
229 *module = mod;
230 *algorithm_id = mod->mod_id;
231 }
232
233 return gcry_error (err);
234}
235
236/* Unregister the digest identified by ID, which must have been
237 registered with gcry_digest_register. */
238void
239gcry_md_unregister (gcry_module_t module)
240{
241 ath_mutex_lock (&digests_registered_lock);
242 _gcry_module_release (module);
243 ath_mutex_unlock (&digests_registered_lock);
244}
245
246
247static int
248search_oid (const char *oid, int *algorithm, gcry_md_oid_spec_t *oid_spec)
249{
250 gcry_module_t module;
251 int ret = 0;
252
253 if (oid && ((! strncmp (oid, "oid.", 4))
254 || (! strncmp (oid, "OID.", 4))))
255 oid += 4;
256
257 module = gcry_md_lookup_oid (oid);
258 if (module)
259 {
260 gcry_md_spec_t *digest = module->spec;
261 int i;
262
263 for (i = 0; digest->oids[i].oidstring && !ret; i++)
264 if (! stricmp (oid, digest->oids[i].oidstring))
265 {
266 if (algorithm)
267 *algorithm = module->mod_id;
268 if (oid_spec)
269 *oid_spec = digest->oids[i];
270 ret = 1;
271 }
272 _gcry_module_release (module);
273 }
274
275 return ret;
276}
277
278/****************
279 * Map a string to the digest algo
280 */
281int
282gcry_md_map_name (const char *string)
283{
284 gcry_module_t digest;
285 int ret, algorithm = 0;
286
287 if (! string)
288 return 0;
289
290 REGISTER_DEFAULT_DIGESTS;
291
292 /* If the string starts with a digit (optionally prefixed with
293 either "OID." or "oid."), we first look into our table of ASN.1
294 object identifiers to figure out the algorithm */
295
296 ath_mutex_lock (&digests_registered_lock);
297
298 ret = search_oid (string, &algorithm, NULL);
299 if (! ret)
300 {
301 /* Not found, search for an acording diget name. */
302 digest = gcry_md_lookup_name (string);
303 if (digest)
304 {
305 algorithm = digest->mod_id;
306 _gcry_module_release (digest);
307 }
308 }
309 ath_mutex_unlock (&digests_registered_lock);
310
311 return algorithm;
312}
313
314
315/****************
316 * Map a digest algo to a string
317 */
318static const char *
319digest_algo_to_string (int algorithm)
320{
321 const char *name = NULL;
322 gcry_module_t digest;
323
324 REGISTER_DEFAULT_DIGESTS;
325
326 ath_mutex_lock (&digests_registered_lock);
327 digest = _gcry_module_lookup_id (digests_registered, algorithm);
328 if (digest)
329 {
330 name = ((gcry_md_spec_t *) digest->spec)->name;
331 _gcry_module_release (digest);
332 }
333 ath_mutex_unlock (&digests_registered_lock);
334
335 return name;
336}
337
338/****************
339 * This function simply returns the name of the algorithm or some constant
340 * string when there is no algo. It will never return NULL.
341 * Use the macro gcry_md_test_algo() to check whether the algorithm
342 * is valid.
343 */
344const char *
345gcry_md_algo_name (int algorithm)
346{
347 const char *s = digest_algo_to_string (algorithm);
348 return s ? s : "?";
349}
350
351
352static gcry_err_code_t
353check_digest_algo (int algorithm)
354{
355 gcry_err_code_t rc = 0;
356 gcry_module_t digest;
357
358 REGISTER_DEFAULT_DIGESTS;
359
360 ath_mutex_lock (&digests_registered_lock);
361 digest = _gcry_module_lookup_id (digests_registered, algorithm);
362 if (digest)
363 _gcry_module_release (digest);
364 else
365 rc = GPG_ERR_DIGEST_ALGO;
366 ath_mutex_unlock (&digests_registered_lock);
367
368 return rc;
369}
370
371
372
373/****************
374 * Open a message digest handle for use with algorithm ALGO.
375 * More algorithms may be added by md_enable(). The initial algorithm
376 * may be 0.
377 */
378static gcry_err_code_t
379md_open (gcry_md_hd_t *h, int algo, int secure, int hmac)
380{
381 gcry_err_code_t err = GPG_ERR_NO_ERROR;
382 int bufsize = secure ? 512 : 1024;
383 struct gcry_md_context *ctx;
384 gcry_md_hd_t hd;
385 size_t n;
386
387 /* Allocate a memory area to hold the caller visible buffer with it's
388 * control information and the data required by this module. Set the
389 * context pointer at the beginning to this area.
390 * We have to use this strange scheme because we want to hide the
391 * internal data but have a variable sized buffer.
392 *
393 * +---+------+---........------+-------------+
394 * !ctx! bctl ! buffer ! private !
395 * +---+------+---........------+-------------+
396 * ! ^
397 * !---------------------------!
398 *
399 * We have to make sure that private is well aligned.
400 */
401 n = sizeof (struct gcry_md_handle) + bufsize;
402 n = ((n + sizeof (PROPERLY_ALIGNED_TYPE) - 1)
403 / sizeof (PROPERLY_ALIGNED_TYPE)) * sizeof (PROPERLY_ALIGNED_TYPE);
404
405 /* Allocate and set the Context pointer to the private data */
406 if (secure)
407 hd = gcry_malloc_secure (n + sizeof (struct gcry_md_context));
408 else
409 hd = gcry_malloc (n + sizeof (struct gcry_md_context));
410
411 if (! hd)
412 err = gpg_err_code_from_errno (errno);
413
414 if (! err)
415 {
416 hd->ctx = ctx = (struct gcry_md_context *) ((char *) hd + n);
417 /* Setup the globally visible data (bctl in the diagram).*/
418 hd->bufsize = n - sizeof (struct gcry_md_handle) + 1;
419 hd->bufpos = 0;
420
421 /* Initialize the private data. */
422 memset (hd->ctx, 0, sizeof *hd->ctx);
423 ctx->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
424 ctx->actual_handle_size = n + sizeof (struct gcry_md_context);
425 ctx->secure = secure;
426
427 if (hmac)
428 {
429 ctx->macpads = gcry_malloc_secure (128);
430 if (! ctx->macpads)
431 {
432 md_close (hd);
433 err = gpg_err_code_from_errno (errno);
434 }
435 }
436 }
437
438 if (! err)
439 {
440 /* FIXME: should we really do that? - yes [-wk] */
441 _gcry_fast_random_poll ();
442
443 if (algo)
444 {
445 err = md_enable (hd, algo);
446 if (err)
447 md_close (hd);
448 }
449 }
450
451 if (! err)
452 *h = hd;
453
454 return err;
455}
456
457/* Create a message digest object for algorithm ALGO. FLAGS may be
458 given as an bitwise OR of the gcry_md_flags values. ALGO may be
459 given as 0 if the algorithms to be used are later set using
460 gcry_md_enable. H is guaranteed to be a valid handle or NULL on
461 error. */
462gcry_error_t
463gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags)
464{
465 gcry_err_code_t err = GPG_ERR_NO_ERROR;
466 gcry_md_hd_t hd;
467
468 if ((flags & ~(GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC)))
469 err = GPG_ERR_INV_ARG;
470 else
471 {
472 err = md_open (&hd, algo, (flags & GCRY_MD_FLAG_SECURE),
473 (flags & GCRY_MD_FLAG_HMAC));
474 }
475
476 *h = err? NULL : hd;
477 return gcry_error (err);
478}
479
480
481
482static gcry_err_code_t
483md_enable (gcry_md_hd_t hd, int algorithm)
484{
485 struct gcry_md_context *h = hd->ctx;
486 gcry_md_spec_t *digest = NULL;
487 GcryDigestEntry *entry;
488 gcry_module_t module;
489 gcry_err_code_t err = 0;
490
491 for (entry = h->list; entry; entry = entry->next)
492 if (entry->module->mod_id == algorithm)
493 return err; /* already enabled */
494
495 REGISTER_DEFAULT_DIGESTS;
496
497 ath_mutex_lock (&digests_registered_lock);
498 module = _gcry_module_lookup_id (digests_registered, algorithm);
499 ath_mutex_unlock (&digests_registered_lock);
500 if (! module)
501 {
502 log_debug ("md_enable: algorithm %d not available\n", algorithm);
503 err = GPG_ERR_DIGEST_ALGO;
504 }
505 else
506 digest = (gcry_md_spec_t *) module->spec;
507
508 if (! err)
509 {
510 size_t size = (sizeof (*entry)
511 + digest->contextsize
512 - sizeof (entry->context));
513
514 /* And allocate a new list entry. */
515 if (h->secure)
516 entry = gcry_malloc_secure (size);
517 else
518 entry = gcry_malloc (size);
519
520 if (! entry)
521 err = gpg_err_code_from_errno (errno);
522 else
523 {
524 entry->digest = digest;
525 entry->module = module;
526 entry->next = h->list;
527 entry->actual_struct_size = size;
528 h->list = entry;
529
530 /* And init this instance. */
531 entry->digest->init (&entry->context.c);
532 }
533 }
534
535 if (err)
536 {
537 if (module)
538 {
539 ath_mutex_lock (&digests_registered_lock);
540 _gcry_module_release (module);
541 ath_mutex_unlock (&digests_registered_lock);
542 }
543 }
544
545 return err;
546}
547
548
549gcry_error_t
550gcry_md_enable (gcry_md_hd_t hd, int algorithm)
551{
552 gcry_err_code_t err = md_enable (hd, algorithm);
553 return gcry_error (err);
554}
555
556static gcry_err_code_t
557md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd)
558{
559 gcry_err_code_t err = GPG_ERR_NO_ERROR;
560 struct gcry_md_context *a = ahd->ctx;
561 struct gcry_md_context *b;
562 GcryDigestEntry *ar, *br;
563 gcry_md_hd_t bhd;
564 size_t n;
565
566 if (ahd->bufpos)
567 md_write (ahd, NULL, 0);
568
569 n = (char *) ahd->ctx - (char *) ahd;
570 if (a->secure)
571 bhd = gcry_malloc_secure (n + sizeof (struct gcry_md_context));
572 else
573 bhd = gcry_malloc (n + sizeof (struct gcry_md_context));
574
575 if (! bhd)
576 err = gpg_err_code_from_errno (errno);
577
578 if (! err)
579 {
580 bhd->ctx = b = (struct gcry_md_context *) ((char *) bhd + n);
581 /* No need to copy the buffer due to the write above. */
582 assert (ahd->bufsize == (n - sizeof (struct gcry_md_handle) + 1));
583 bhd->bufsize = ahd->bufsize;
584 bhd->bufpos = 0;
585 assert (! ahd->bufpos);
586 memcpy (b, a, sizeof *a);
587 b->list = NULL;
588 b->debug = NULL;
589 if (a->macpads)
590 {
591 b->macpads = gcry_malloc_secure (128);
592 if (! b->macpads)
593 {
594 md_close (bhd);
595 err = gpg_err_code_from_errno (errno);
596 }
597 else
598 memcpy (b->macpads, a->macpads, 128);
599 }
600 }
601
602 /* Copy the complete list of algorithms. The copied list is
603 reversed, but that doesn't matter. */
604 if (! err)
605 for (ar = a->list; ar; ar = ar->next)
606 {
607 if (a->secure)
608 br = gcry_xmalloc_secure (sizeof *br
609 + ar->digest->contextsize
610 - sizeof(ar->context));
611 else
612 br = gcry_xmalloc (sizeof *br
613 + ar->digest->contextsize
614 - sizeof (ar->context));
615 memcpy (br, ar,
616 sizeof (*br) + ar->digest->contextsize - sizeof (ar->context));
617 br->next = b->list;
618 b->list = br;
619
620 /* Add a reference to the module. */
621 ath_mutex_lock (&digests_registered_lock);
622 _gcry_module_use (br->module);
623 ath_mutex_unlock (&digests_registered_lock);
624 }
625
626 if (a->debug)
627 md_start_debug (bhd, "unknown");
628
629 if (! err)
630 *b_hd = bhd;
631
632 return err;
633}
634
635gcry_error_t
636gcry_md_copy (gcry_md_hd_t *handle, gcry_md_hd_t hd)
637{
638 gcry_err_code_t err = md_copy (hd, handle);
639 if (err)
640 *handle = NULL;
641 return gcry_error (err);
642}
643
644/*
645 * Reset all contexts and discard any buffered stuff. This may be used
646 * instead of a md_close(); md_open().
647 */
648void
649gcry_md_reset (gcry_md_hd_t a)
650{
651 GcryDigestEntry *r;
652
653 a->bufpos = a->ctx->finalized = 0;
654
655 for (r = a->ctx->list; r; r = r->next)
656 {
657 memset (r->context.c, 0, r->digest->contextsize);
658 (*r->digest->init) (&r->context.c);
659 }
660 if (a->ctx->macpads)
661 md_write (a, a->ctx->macpads, 64); /* inner pad */
662}
663
664static void
665md_close (gcry_md_hd_t a)
666{
667 GcryDigestEntry *r, *r2;
668
669 if (! a)
670 return;
671 if (a->ctx->debug)
672 md_stop_debug (a);
673 for (r = a->ctx->list; r; r = r2)
674 {
675 r2 = r->next;
676 ath_mutex_lock (&digests_registered_lock);
677 _gcry_module_release (r->module);
678 ath_mutex_unlock (&digests_registered_lock);
679 wipememory (r, r->actual_struct_size);
680 gcry_free (r);
681 }
682
683 if (a->ctx->macpads)
684 {
685 wipememory (a->ctx->macpads, 128);
686 gcry_free(a->ctx->macpads);
687 }
688
689 wipememory (a, a->ctx->actual_handle_size);
690 gcry_free(a);
691}
692
693void
694gcry_md_close (gcry_md_hd_t hd)
695{
696 md_close (hd);
697}
698
699static void
700md_write (gcry_md_hd_t a, byte *inbuf, size_t inlen)
701{
702 GcryDigestEntry *r;
703
704 if (a->ctx->debug)
705 {
706 if (a->bufpos && fwrite (a->buf, a->bufpos, 1, a->ctx->debug) != 1)
707 BUG();
708 if (inlen && fwrite (inbuf, inlen, 1, a->ctx->debug) != 1)
709 BUG();
710 }
711
712 for (r = a->ctx->list; r; r = r->next)
713 {
714 if (a->bufpos)
715 (*r->digest->write) (&r->context.c, a->buf, a->bufpos);
716 (*r->digest->write) (&r->context.c, inbuf, inlen);
717 }
718 a->bufpos = 0;
719}
720
721void
722gcry_md_write (gcry_md_hd_t hd, const void *inbuf, size_t inlen)
723{
724 md_write (hd, (unsigned char *) inbuf, inlen);
725}
726
727static void
728md_final (gcry_md_hd_t a)
729{
730 GcryDigestEntry *r;
731
732 if (a->ctx->finalized)
733 return;
734
735 if (a->bufpos)
736 md_write (a, NULL, 0);
737
738 for (r = a->ctx->list; r; r = r->next)
739 (*r->digest->final) (&r->context.c);
740
741 a->ctx->finalized = 1;
742
743 if (a->ctx->macpads)
744 {
745 /* Finish the hmac. */
746 int algo = md_get_algo (a);
747 byte *p = md_read (a, algo);
748 size_t dlen = md_digest_length (algo);
749 gcry_md_hd_t om;
750 gcry_err_code_t err = md_open (&om, algo, a->ctx->secure, 0);
751
752 if (err)
753 _gcry_fatal_error (err, NULL);
754 md_write (om, a->ctx->macpads+64, 64);
755 md_write (om, p, dlen);
756 md_final (om);
757 /* Replace our digest with the mac (they have the same size). */
758 memcpy (p, md_read (om, algo), dlen);
759 md_close (om);
760 }
761}
762
763static gcry_err_code_t
764prepare_macpads( gcry_md_hd_t hd, const byte *key, size_t keylen)
765{
766 int i;
767 int algo = md_get_algo( hd );
768 byte *helpkey = NULL;
769 byte *ipad, *opad;
770
771 if ( !algo )
772 return GPG_ERR_DIGEST_ALGO; /* i.e. no algo enabled */
773
774 if ( keylen > 64 )
775 {
776 helpkey = gcry_malloc_secure ( md_digest_length( algo ) );
777 if ( !helpkey )
778 return gpg_err_code_from_errno (errno);
779 gcry_md_hash_buffer ( algo, helpkey, key, keylen );
780 key = helpkey;
781 keylen = md_digest_length( algo );
782 assert ( keylen <= 64 );
783 }
784
785 memset ( hd->ctx->macpads, 0, 128 );
786 ipad = hd->ctx->macpads;
787 opad = hd->ctx->macpads+64;
788 memcpy ( ipad, key, keylen );
789 memcpy ( opad, key, keylen );
790 for (i=0; i < 64; i++ )
791 {
792 ipad[i] ^= 0x36;
793 opad[i] ^= 0x5c;
794 }
795 gcry_free( helpkey );
796
797 return GPG_ERR_NO_ERROR;
798}
799
800gcry_error_t
801gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen)
802{
803 unsigned char *buf = (unsigned char *)buffer;
804 gcry_err_code_t rc = 0;
805
806 switch (cmd)
807 {
808 case GCRYCTL_FINALIZE:
809 md_final (hd);
810 break;
811 case GCRYCTL_SET_KEY:
812 rc = gcry_err_code (gcry_md_setkey (hd, buf, buflen));
813 break;
814 case GCRYCTL_START_DUMP:
815 md_start_debug (hd, (char*)buf);
816 break;
817 case GCRYCTL_STOP_DUMP:
818 md_stop_debug( hd );
819 break;
820 default:
821 rc = GPG_ERR_INV_OP;
822 }
823 return gcry_error (rc);
824}
825
826gcry_error_t
827gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen)
828{
829 gcry_err_code_t rc = GPG_ERR_NO_ERROR;
830
831 if (! hd->ctx->macpads)
832 rc = GPG_ERR_CONFLICT;
833 else
834 {
835 rc = prepare_macpads (hd, key, keylen);
836 if (! rc)
837 gcry_md_reset (hd);
838 }
839
840 return gcry_error (rc);
841}
842
843
844/****************
845 * if ALGO is null get the digest for the used algo (which should be only one)
846 */
847static byte *
848md_read( gcry_md_hd_t a, int algo )
849{
850 GcryDigestEntry *r = a->ctx->list;
851
852 if (! algo)
853 {
854 /* return the first algorithm */
855 if (r && r->next)
856 log_debug("more than algorithm in md_read(0)\n");
857 return r->digest->read( &r->context.c );
858 }
859 else
860 {
861 for (r = a->ctx->list; r; r = r->next)
862 if (r->module->mod_id == algo)
863 return r->digest->read (&r->context.c);
864 }
865 BUG();
866 return NULL;
867}
868
869/*
870 * Read out the complete digest, this function implictly finalizes
871 * the hash.
872 */
873byte *
874gcry_md_read (gcry_md_hd_t hd, int algo)
875{
876 gcry_md_ctl (hd, GCRYCTL_FINALIZE, NULL, 0);
877 return md_read (hd, algo);
878}
879
880/****************
881 * This function combines md_final and md_read but keeps the context
882 * intact. This function can be used to calculate intermediate
883 * digests. The digest is copied into buffer and the digestlength is
884 * returned. If buffer is NULL only the needed size for buffer is returned.
885 * buflen gives the max size of buffer. If the buffer is too shourt to
886 * hold the complete digest, the buffer is filled with as many bytes are
887 * possible and this value is returned.
888 */
889#if 0
890static int
891md_digest( gcry_md_hd_t a, int algo, byte *buffer, int buflen )
892{
893 struct md_digest_list_s *r = NULL;
894 char *context;
895 char *digest;
896
897 if( a->bufpos )
898 md_write( a, NULL, 0 );
899
900 if( !algo ) { /* return digest for the first algorithm */
901 if( (r=a->ctx->list) && r->next )
902 log_debug("more than algorithm in md_digest(0)\n");
903 }
904 else {
905 for(r=a->ctx->list; r; r = r->next )
906 if( r->algo == algo )
907 break;
908 }
909 if( !r )
910 BUG();
911
912 if( !buffer )
913 return r->mdlen;
914
915 /* I don't want to change the interface, so I simply work on a copy
916 * of the context (extra overhead - should be fixed)*/
917 context = a->ctx->secure ? gcry_xmalloc_secure( r->contextsize )
918 : gcry_xmalloc( r->contextsize );
919 memcpy( context, r->context.c, r->contextsize );
920 (*r->digest->final)( context );
921 digest = (*r->digest->read)( context );
922
923 if( buflen > r->mdlen )
924 buflen = r->mdlen;
925 memcpy( buffer, digest, buflen );
926
927 gcry_free(context);
928 return buflen;
929}
930#endif
931
932/*
933 * Read out an intermediate digest. Not yet fucntional.
934 */
935gcry_err_code_t
936gcry_md_get (gcry_md_hd_t hd, int algo, byte *buffer, int buflen)
937{
938 /*md_digest ... */
939 return GPG_ERR_INTERNAL;
940}
941
942
943/*
944 * Shortcut function to hash a buffer with a given algo. The only
945 * guaranteed supported algorithms are RIPE-MD160 and SHA-1. The
946 * supplied digest buffer must be large enough to store the resulting
947 * hash. No error is returned, the function will abort on an invalid
948 * algo. DISABLED_ALGOS are ignored here. */
949void
950gcry_md_hash_buffer (int algo, void *digest,
951 const void *buffer, size_t length)
952{
953 if (algo == GCRY_MD_SHA1)
954 _gcry_sha1_hash_buffer (digest, buffer, length);
955 else if (algo == GCRY_MD_RMD160)
956 _gcry_rmd160_hash_buffer (digest, buffer, length);
957 else
958 {
959 /* For the others we do not have a fast function, so we use the
960 normal functions. */
961 gcry_md_hd_t h;
962 gpg_err_code_t err = md_open (&h, algo, 0, 0);
963 if (err)
964 log_bug ("gcry_md_open failed for algo %d: %s",
965 algo, gpg_strerror (gcry_error(err)));
966 md_write (h, (byte *) buffer, length);
967 md_final (h);
968 memcpy (digest, md_read (h, algo), md_digest_length (algo));
969 md_close (h);
970 }
971}
972
973static int
974md_get_algo (gcry_md_hd_t a)
975{
976 GcryDigestEntry *r = a->ctx->list;
977
978 if (r && r->next)
979 log_error("WARNING: more than algorithm in md_get_algo()\n");
980 return r ? r->module->mod_id : 0;
981}
982
983int
984gcry_md_get_algo (gcry_md_hd_t hd)
985{
986 return md_get_algo (hd);
987}
988
989
990/****************
991 * Return the length of the digest
992 */
993static int
994md_digest_length (int algorithm)
995{
996 gcry_module_t digest;
997 int mdlen = 0;
998
999 REGISTER_DEFAULT_DIGESTS;
1000
1001 ath_mutex_lock (&digests_registered_lock);
1002 digest = _gcry_module_lookup_id (digests_registered, algorithm);
1003 if (digest)
1004 {
1005 mdlen = ((gcry_md_spec_t *) digest->spec)->mdlen;
1006 _gcry_module_release (digest);
1007 }
1008 ath_mutex_unlock (&digests_registered_lock);
1009
1010 return mdlen;
1011}
1012
1013/****************
1014 * Return the length of the digest in bytes.
1015 * This function will return 0 in case of errors.
1016 */
1017unsigned int
1018gcry_md_get_algo_dlen (int algorithm)
1019{
1020 return md_digest_length (algorithm);
1021}
1022
1023
1024/* Hmmm: add a mode to enumerate the OIDs
1025 * to make g10/sig-check.c more portable */
1026static const byte *
1027md_asn_oid (int algorithm, size_t *asnlen, size_t *mdlen)
1028{
1029 const byte *asnoid = NULL;
1030 gcry_module_t digest;
1031
1032 REGISTER_DEFAULT_DIGESTS;
1033
1034 ath_mutex_lock (&digests_registered_lock);
1035 digest = _gcry_module_lookup_id (digests_registered, algorithm);
1036 if (digest)
1037 {
1038 if (asnlen)
1039 *asnlen = ((gcry_md_spec_t *) digest->spec)->asnlen;
1040 if (mdlen)
1041 *mdlen = ((gcry_md_spec_t *) digest->spec)->mdlen;
1042 asnoid = ((gcry_md_spec_t *) digest->spec)->asnoid;
1043 _gcry_module_release (digest);
1044 }
1045 else
1046 log_bug ("no ASN.1 OID for md algo %d\n", algorithm);
1047 ath_mutex_unlock (&digests_registered_lock);
1048
1049 return asnoid;
1050}
1051
1052
1053
1054/****************
1055 * Return information about the given cipher algorithm
1056 * WHAT select the kind of information returned:
1057 * GCRYCTL_TEST_ALGO:
1058 * Returns 0 when the specified algorithm is available for use.
1059 * buffer and nbytes must be zero.
1060 * GCRYCTL_GET_ASNOID:
1061 * Return the ASNOID of the algorithm in buffer. if buffer is NULL, only
1062 * the required length is returned.
1063 *
1064 * Note: Because this function is in most cases used to return an
1065 * integer value, we can make it easier for the caller to just look at
1066 * the return value. The caller will in all cases consult the value
1067 * and thereby detecting whether a error occured or not (i.e. while checking
1068 * the block size)
1069 */
1070gcry_error_t
1071gcry_md_algo_info (int algo, int what, void *buffer, size_t *nbytes)
1072{
1073 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1074
1075 switch (what)
1076 {
1077 case GCRYCTL_TEST_ALGO:
1078 if (buffer || nbytes)
1079 err = GPG_ERR_INV_ARG;
1080 else
1081 err = check_digest_algo (algo);
1082 break;
1083
1084 case GCRYCTL_GET_ASNOID:
1085 {
1086 const char unsigned *asn;
1087 size_t asnlen;
1088
1089 asn = md_asn_oid (algo, &asnlen, NULL);
1090 if (buffer && (*nbytes >= asnlen))
1091 {
1092 memcpy (buffer, asn, asnlen);
1093 *nbytes = asnlen;
1094 }
1095 else if ((! buffer) && nbytes)
1096 *nbytes = asnlen;
1097 else
1098 {
1099 if (buffer)
1100 err = GPG_ERR_TOO_SHORT;
1101 else
1102 err = GPG_ERR_INV_ARG;
1103 }
1104 break;
1105 }
1106
1107 default:
1108 err = GPG_ERR_INV_OP;
1109 }
1110
1111 return gcry_error (err);
1112}
1113
1114
1115static void
1116md_start_debug( gcry_md_hd_t md, char *suffix )
1117{
1118 static int idx=0;
1119 char buf[50];
1120
1121 if( md->ctx->debug ) {
1122 log_debug("Oops: md debug already started\n");
1123 return;
1124 }
1125 idx++;
1126 sprintf(buf, "dbgmd-%05d.%.10s", idx, suffix );
1127 md->ctx->debug = fopen(buf, "w");
1128 if( !md->ctx->debug )
1129 log_debug("md debug: can't open %s\n", buf );
1130}
1131
1132static void
1133md_stop_debug( gcry_md_hd_t md )
1134{
1135 if( md->ctx->debug ) {
1136 if( md->bufpos )
1137 md_write( md, NULL, 0 );
1138 fclose(md->ctx->debug);
1139 md->ctx->debug = NULL;
1140 }
1141#ifdef HAVE_U64_TYPEDEF
1142 { /* a kludge to pull in the __muldi3 for Solaris */
1143 volatile u32 a = (u32)(ulong)md;
1144 volatile u64 b = 42;
1145 volatile u64 c;
1146 c = a * b;
1147 }
1148#endif
1149}
1150
1151
1152
1153/*
1154 * Return information about the digest handle.
1155 * GCRYCTL_IS_SECURE:
1156 * Returns 1 when the handle works on secured memory
1157 * otherwise 0 is returned. There is no error return.
1158 * GCRYCTL_IS_ALGO_ENABLED:
1159 * Returns 1 if the algo is enanled for that handle.
1160 * The algo must be passed as the address of an int.
1161 */
1162gcry_error_t
1163gcry_md_info (gcry_md_hd_t h, int cmd, void *buffer, size_t *nbytes)
1164{
1165 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1166
1167 switch (cmd)
1168 {
1169 case GCRYCTL_IS_SECURE:
1170 *nbytes = h->ctx->secure;
1171 break;
1172
1173 case GCRYCTL_IS_ALGO_ENABLED:
1174 {
1175 GcryDigestEntry *r;
1176 int algo;
1177
1178 if ( !buffer || (nbytes && (*nbytes != sizeof (int))))
1179 err = GPG_ERR_INV_ARG;
1180 else
1181 {
1182 algo = *(int*)buffer;
1183
1184 *nbytes = 0;
1185 for(r=h->ctx->list; r; r = r->next ) {
1186 if (r->module->mod_id == algo)
1187 {
1188 *nbytes = 1;
1189 break;
1190 }
1191 }
1192 }
1193 break;
1194 }
1195
1196 default:
1197 err = GPG_ERR_INV_OP;
1198 }
1199
1200 return gcry_error (err);
1201}
1202
1203gcry_err_code_t
1204_gcry_md_init (void)
1205{
1206 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1207
1208 REGISTER_DEFAULT_DIGESTS;
1209
1210 return err;
1211}
1212
1213
1214int
1215gcry_md_is_secure (gcry_md_hd_t a)
1216{
1217 size_t value;
1218
1219 if (gcry_md_info (a, GCRYCTL_IS_SECURE, NULL, &value))
1220 value = 1; /* It seems to be better to assume secure memory on
1221 error. */
1222 return value;
1223}
1224
1225
1226int
1227gcry_md_is_enabled (gcry_md_hd_t a, int algo)
1228{
1229 size_t value;
1230
1231 value = sizeof algo;
1232 if (gcry_md_info (a, GCRYCTL_IS_ALGO_ENABLED, &algo, &value))
1233 value = 0;
1234 return value;
1235}
1236
1237/* Get a list consisting of the IDs of the loaded message digest
1238 modules. If LIST is zero, write the number of loaded message
1239 digest modules to LIST_LENGTH and return. If LIST is non-zero, the
1240 first *LIST_LENGTH algorithm IDs are stored in LIST, which must be
1241 of according size. In case there are less message digest modules
1242 than *LIST_LENGTH, *LIST_LENGTH is updated to the correct
1243 number. */
1244gcry_error_t
1245gcry_md_list (int *list, int *list_length)
1246{
1247 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1248
1249 ath_mutex_lock (&digests_registered_lock);
1250 err = _gcry_module_list (digests_registered, list, list_length);
1251 ath_mutex_unlock (&digests_registered_lock);
1252
1253 return err;
1254}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md4.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md4.c
new file mode 100755
index 0000000..8c4504e
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md4.c
@@ -0,0 +1,327 @@
1/* md4.c - MD4 Message-Digest Algorithm
2 * Copyright (C) 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 *
20 * Based on md5.c in libgcrypt, but rewritten to compute md4 checksums
21 * using a public domain md4 implementation with the following comments:
22 *
23 * Modified by Wei Dai from Andrew M. Kuchling's md4.c
24 * The original code and all modifications are in the public domain.
25 *
26 * This is the original introductory comment:
27 *
28 * md4.c : MD4 hash algorithm.
29 *
30 * Part of the Python Cryptography Toolkit, version 1.1
31 *
32 * Distribute and use freely; there are no restrictions on further
33 * dissemination and usage except those imposed by the laws of your
34 * country of residence.
35 *
36 */
37
38/* MD4 test suite:
39 * MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0
40 * MD4 ("a") = bde52cb31de33e46245e05fbdbd6fb24
41 * MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d
42 * MD4 ("message digest") = d9130a8164549fe818874806e1c7014b
43 * MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9
44 * MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =
45 * 043f8582f241db351ce627e153e7f0e4
46 * MD4 ("123456789012345678901234567890123456789012345678901234567890123456
47 * 78901234567890") = e33b4ddc9c38f2199c3e7b164fcc0536
48 */
49
50#include <config.h>
51#include <stdio.h>
52#include <stdlib.h>
53#include <string.h>
54#include <assert.h>
55#include "g10lib.h"
56#include "memory.h"
57#include "cipher.h"
58
59#include "bithelp.h"
60
61
62typedef struct {
63 u32 A,B,C,D; /* chaining variables */
64 u32 nblocks;
65 byte buf[64];
66 int count;
67} MD4_CONTEXT;
68
69
70static void
71md4_init( void *context )
72{
73 MD4_CONTEXT *ctx = context;
74
75 ctx->A = 0x67452301;
76 ctx->B = 0xefcdab89;
77 ctx->C = 0x98badcfe;
78 ctx->D = 0x10325476;
79
80 ctx->nblocks = 0;
81 ctx->count = 0;
82}
83
84#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
85#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
86#define H(x, y, z) ((x) ^ (y) ^ (z))
87
88
89/****************
90 * transform 64 bytes
91 */
92static void
93transform( MD4_CONTEXT *ctx, byte *data )
94{
95 u32 in[16];
96 register u32 A = ctx->A;
97 register u32 B = ctx->B;
98 register u32 C = ctx->C;
99 register u32 D = ctx->D;
100
101#ifdef WORDS_BIGENDIAN
102 {
103 int i;
104 byte *p2, *p1;
105 for(i=0, p1=data, p2=(byte*)in; i < 16; i++, p2 += 4 )
106 {
107 p2[3] = *p1++;
108 p2[2] = *p1++;
109 p2[1] = *p1++;
110 p2[0] = *p1++;
111 }
112 }
113#else
114 memcpy (in, data, 64);
115#endif
116
117 /* Round 1. */
118#define function(a,b,c,d,k,s) a=rol(a+F(b,c,d)+in[k],s);
119 function(A,B,C,D, 0, 3);
120 function(D,A,B,C, 1, 7);
121 function(C,D,A,B, 2,11);
122 function(B,C,D,A, 3,19);
123 function(A,B,C,D, 4, 3);
124 function(D,A,B,C, 5, 7);
125 function(C,D,A,B, 6,11);
126 function(B,C,D,A, 7,19);
127 function(A,B,C,D, 8, 3);
128 function(D,A,B,C, 9, 7);
129 function(C,D,A,B,10,11);
130 function(B,C,D,A,11,19);
131 function(A,B,C,D,12, 3);
132 function(D,A,B,C,13, 7);
133 function(C,D,A,B,14,11);
134 function(B,C,D,A,15,19);
135
136#undef function
137
138 /* Round 2. */
139#define function(a,b,c,d,k,s) a=rol(a+G(b,c,d)+in[k]+0x5a827999,s);
140
141 function(A,B,C,D, 0, 3);
142 function(D,A,B,C, 4, 5);
143 function(C,D,A,B, 8, 9);
144 function(B,C,D,A,12,13);
145 function(A,B,C,D, 1, 3);
146 function(D,A,B,C, 5, 5);
147 function(C,D,A,B, 9, 9);
148 function(B,C,D,A,13,13);
149 function(A,B,C,D, 2, 3);
150 function(D,A,B,C, 6, 5);
151 function(C,D,A,B,10, 9);
152 function(B,C,D,A,14,13);
153 function(A,B,C,D, 3, 3);
154 function(D,A,B,C, 7, 5);
155 function(C,D,A,B,11, 9);
156 function(B,C,D,A,15,13);
157
158#undef function
159
160 /* Round 3. */
161#define function(a,b,c,d,k,s) a=rol(a+H(b,c,d)+in[k]+0x6ed9eba1,s);
162
163 function(A,B,C,D, 0, 3);
164 function(D,A,B,C, 8, 9);
165 function(C,D,A,B, 4,11);
166 function(B,C,D,A,12,15);
167 function(A,B,C,D, 2, 3);
168 function(D,A,B,C,10, 9);
169 function(C,D,A,B, 6,11);
170 function(B,C,D,A,14,15);
171 function(A,B,C,D, 1, 3);
172 function(D,A,B,C, 9, 9);
173 function(C,D,A,B, 5,11);
174 function(B,C,D,A,13,15);
175 function(A,B,C,D, 3, 3);
176 function(D,A,B,C,11, 9);
177 function(C,D,A,B, 7,11);
178 function(B,C,D,A,15,15);
179
180
181 /* Put checksum in context given as argument. */
182 ctx->A += A;
183 ctx->B += B;
184 ctx->C += C;
185 ctx->D += D;
186}
187
188
189
190/* The routine updates the message-digest context to
191 * account for the presence of each of the characters inBuf[0..inLen-1]
192 * in the message whose digest is being computed.
193 */
194static void
195md4_write( void *context, byte *inbuf, size_t inlen)
196{
197 MD4_CONTEXT *hd = context;
198
199 if( hd->count == 64 ) /* flush the buffer */
200 {
201 transform( hd, hd->buf );
202 _gcry_burn_stack (80+6*sizeof(void*));
203 hd->count = 0;
204 hd->nblocks++;
205 }
206 if( !inbuf )
207 return;
208
209 if( hd->count )
210 {
211 for( ; inlen && hd->count < 64; inlen-- )
212 hd->buf[hd->count++] = *inbuf++;
213 md4_write( hd, NULL, 0 );
214 if( !inlen )
215 return;
216 }
217 _gcry_burn_stack (80+6*sizeof(void*));
218
219 while( inlen >= 64 )
220 {
221 transform( hd, inbuf );
222 hd->count = 0;
223 hd->nblocks++;
224 inlen -= 64;
225 inbuf += 64;
226 }
227 for( ; inlen && hd->count < 64; inlen-- )
228 hd->buf[hd->count++] = *inbuf++;
229}
230
231
232
233/* The routine final terminates the message-digest computation and
234 * ends with the desired message digest in mdContext->digest[0...15].
235 * The handle is prepared for a new MD4 cycle.
236 * Returns 16 bytes representing the digest.
237 */
238
239static void
240md4_final( void *context )
241{
242 MD4_CONTEXT *hd = context;
243 u32 t, msb, lsb;
244 byte *p;
245
246 md4_write(hd, NULL, 0); /* flush */;
247
248 t = hd->nblocks;
249 /* multiply by 64 to make a byte count */
250 lsb = t << 6;
251 msb = t >> 26;
252 /* add the count */
253 t = lsb;
254 if( (lsb += hd->count) < t )
255 msb++;
256 /* multiply by 8 to make a bit count */
257 t = lsb;
258 lsb <<= 3;
259 msb <<= 3;
260 msb |= t >> 29;
261
262 if( hd->count < 56 ) /* enough room */
263 {
264 hd->buf[hd->count++] = 0x80; /* pad */
265 while( hd->count < 56 )
266 hd->buf[hd->count++] = 0; /* pad */
267 }
268 else /* need one extra block */
269 {
270 hd->buf[hd->count++] = 0x80; /* pad character */
271 while( hd->count < 64 )
272 hd->buf[hd->count++] = 0;
273 md4_write(hd, NULL, 0); /* flush */;
274 memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
275 }
276 /* append the 64 bit count */
277 hd->buf[56] = lsb ;
278 hd->buf[57] = lsb >> 8;
279 hd->buf[58] = lsb >> 16;
280 hd->buf[59] = lsb >> 24;
281 hd->buf[60] = msb ;
282 hd->buf[61] = msb >> 8;
283 hd->buf[62] = msb >> 16;
284 hd->buf[63] = msb >> 24;
285 transform( hd, hd->buf );
286 _gcry_burn_stack (80+6*sizeof(void*));
287
288 p = hd->buf;
289#ifdef WORDS_BIGENDIAN
290#define X(a) do { *p++ = hd->a ; *p++ = hd->a >> 8; \
291 *p++ = hd->a >> 16; *p++ = hd->a >> 24; } while(0)
292#else /* little endian */
293#define X(a) do { *(u32*)p = (*hd).a ; p += 4; } while(0)
294#endif
295 X(A);
296 X(B);
297 X(C);
298 X(D);
299#undef X
300
301}
302
303static byte *
304md4_read (void *context)
305{
306 MD4_CONTEXT *hd = context;
307 return hd->buf;
308}
309
310static byte asn[18] = /* Object ID is 1.2.840.113549.2.4 */
311 { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,
312 0x86, 0xf7, 0x0d, 0x02, 0x04, 0x05, 0x00, 0x04, 0x10 };
313
314static gcry_md_oid_spec_t oid_spec_md4[] =
315 {
316 /* iso.member-body.us.rsadsi.digestAlgorithm.md4 */
317 { "1.2.840.113549.2.4" },
318 { NULL },
319 };
320
321gcry_md_spec_t _gcry_digest_spec_md4 =
322 {
323 "MD4", asn, DIM (asn), oid_spec_md4,16,
324 md4_init, md4_write, md4_final, md4_read,
325 sizeof (MD4_CONTEXT)
326 };
327
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md5.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md5.c
new file mode 100755
index 0000000..3edc883
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md5.c
@@ -0,0 +1,354 @@
1/* md5.c - MD5 Message-Digest Algorithm
2 * Copyright (C) 1995,1996,1998,1999,2001,2002,
3 * 2003 Free Software Foundation, Inc.
4 *
5 * This file is part of Libgcrypt.
6 *
7 * Libgcrypt is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * Libgcrypt is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
20 *
21 * According to the definition of MD5 in RFC 1321 from April 1992.
22 * NOTE: This is *not* the same file as the one from glibc.
23 * Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995.
24 * heavily modified for GnuPG by Werner Koch <wk@gnupg.org>
25 */
26
27/* Test values:
28 * "" D4 1D 8C D9 8F 00 B2 04 E9 80 09 98 EC F8 42 7E
29 * "a" 0C C1 75 B9 C0 F1 B6 A8 31 C3 99 E2 69 77 26 61
30 * "abc 90 01 50 98 3C D2 4F B0 D6 96 3F 7D 28 E1 7F 72
31 * "message digest" F9 6B 69 7D 7C B7 93 8D 52 5A 2F 31 AA F1 61 D0
32 */
33
34#include <config.h>
35#include <stdio.h>
36#include <stdlib.h>
37#include <string.h>
38#include <assert.h>
39#include "g10lib.h"
40#include "memory.h"
41#include "cipher.h"
42
43#include "bithelp.h"
44
45
46typedef struct {
47 u32 A,B,C,D; /* chaining variables */
48 u32 nblocks;
49 byte buf[64];
50 int count;
51} MD5_CONTEXT;
52
53
54static void
55md5_init( void *context )
56{
57 MD5_CONTEXT *ctx = context;
58
59 ctx->A = 0x67452301;
60 ctx->B = 0xefcdab89;
61 ctx->C = 0x98badcfe;
62 ctx->D = 0x10325476;
63
64 ctx->nblocks = 0;
65 ctx->count = 0;
66}
67
68
69/* These are the four functions used in the four steps of the MD5 algorithm
70 and defined in the RFC 1321. The first function is a little bit optimized
71 (as found in Colin Plumbs public domain implementation). */
72/* #define FF(b, c, d) ((b & c) | (~b & d)) */
73#define FF(b, c, d) (d ^ (b & (c ^ d)))
74#define FG(b, c, d) FF (d, b, c)
75#define FH(b, c, d) (b ^ c ^ d)
76#define FI(b, c, d) (c ^ (b | ~d))
77
78
79/****************
80 * transform n*64 bytes
81 */
82static void
83transform( MD5_CONTEXT *ctx, byte *data )
84{
85 u32 correct_words[16];
86 register u32 A = ctx->A;
87 register u32 B = ctx->B;
88 register u32 C = ctx->C;
89 register u32 D = ctx->D;
90 u32 *cwp = correct_words;
91
92#ifdef WORDS_BIGENDIAN
93 {
94 int i;
95 byte *p2, *p1;
96 for(i=0, p1=data, p2=(byte*)correct_words; i < 16; i++, p2 += 4 )
97 {
98 p2[3] = *p1++;
99 p2[2] = *p1++;
100 p2[1] = *p1++;
101 p2[0] = *p1++;
102 }
103 }
104#else
105 memcpy( correct_words, data, 64 );
106#endif
107
108
109#define OP(a, b, c, d, s, T) \
110 do \
111 { \
112 a += FF (b, c, d) + (*cwp++) + T; \
113 a = rol(a, s); \
114 a += b; \
115 } \
116 while (0)
117
118 /* Before we start, one word about the strange constants.
119 They are defined in RFC 1321 as
120
121 T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
122 */
123
124 /* Round 1. */
125 OP (A, B, C, D, 7, 0xd76aa478);
126 OP (D, A, B, C, 12, 0xe8c7b756);
127 OP (C, D, A, B, 17, 0x242070db);
128 OP (B, C, D, A, 22, 0xc1bdceee);
129 OP (A, B, C, D, 7, 0xf57c0faf);
130 OP (D, A, B, C, 12, 0x4787c62a);
131 OP (C, D, A, B, 17, 0xa8304613);
132 OP (B, C, D, A, 22, 0xfd469501);
133 OP (A, B, C, D, 7, 0x698098d8);
134 OP (D, A, B, C, 12, 0x8b44f7af);
135 OP (C, D, A, B, 17, 0xffff5bb1);
136 OP (B, C, D, A, 22, 0x895cd7be);
137 OP (A, B, C, D, 7, 0x6b901122);
138 OP (D, A, B, C, 12, 0xfd987193);
139 OP (C, D, A, B, 17, 0xa679438e);
140 OP (B, C, D, A, 22, 0x49b40821);
141
142#undef OP
143#define OP(f, a, b, c, d, k, s, T) \
144 do \
145 { \
146 a += f (b, c, d) + correct_words[k] + T; \
147 a = rol(a, s); \
148 a += b; \
149 } \
150 while (0)
151
152 /* Round 2. */
153 OP (FG, A, B, C, D, 1, 5, 0xf61e2562);
154 OP (FG, D, A, B, C, 6, 9, 0xc040b340);
155 OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
156 OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
157 OP (FG, A, B, C, D, 5, 5, 0xd62f105d);
158 OP (FG, D, A, B, C, 10, 9, 0x02441453);
159 OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
160 OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
161 OP (FG, A, B, C, D, 9, 5, 0x21e1cde6);
162 OP (FG, D, A, B, C, 14, 9, 0xc33707d6);
163 OP (FG, C, D, A, B, 3, 14, 0xf4d50d87);
164 OP (FG, B, C, D, A, 8, 20, 0x455a14ed);
165 OP (FG, A, B, C, D, 13, 5, 0xa9e3e905);
166 OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8);
167 OP (FG, C, D, A, B, 7, 14, 0x676f02d9);
168 OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
169
170 /* Round 3. */
171 OP (FH, A, B, C, D, 5, 4, 0xfffa3942);
172 OP (FH, D, A, B, C, 8, 11, 0x8771f681);
173 OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
174 OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
175 OP (FH, A, B, C, D, 1, 4, 0xa4beea44);
176 OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9);
177 OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60);
178 OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
179 OP (FH, A, B, C, D, 13, 4, 0x289b7ec6);
180 OP (FH, D, A, B, C, 0, 11, 0xeaa127fa);
181 OP (FH, C, D, A, B, 3, 16, 0xd4ef3085);
182 OP (FH, B, C, D, A, 6, 23, 0x04881d05);
183 OP (FH, A, B, C, D, 9, 4, 0xd9d4d039);
184 OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
185 OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
186 OP (FH, B, C, D, A, 2, 23, 0xc4ac5665);
187
188 /* Round 4. */
189 OP (FI, A, B, C, D, 0, 6, 0xf4292244);
190 OP (FI, D, A, B, C, 7, 10, 0x432aff97);
191 OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
192 OP (FI, B, C, D, A, 5, 21, 0xfc93a039);
193 OP (FI, A, B, C, D, 12, 6, 0x655b59c3);
194 OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92);
195 OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
196 OP (FI, B, C, D, A, 1, 21, 0x85845dd1);
197 OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f);
198 OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
199 OP (FI, C, D, A, B, 6, 15, 0xa3014314);
200 OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
201 OP (FI, A, B, C, D, 4, 6, 0xf7537e82);
202 OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
203 OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
204 OP (FI, B, C, D, A, 9, 21, 0xeb86d391);
205
206 /* Put checksum in context given as argument. */
207 ctx->A += A;
208 ctx->B += B;
209 ctx->C += C;
210 ctx->D += D;
211}
212
213
214
215/* The routine updates the message-digest context to
216 * account for the presence of each of the characters inBuf[0..inLen-1]
217 * in the message whose digest is being computed.
218 */
219static void
220md5_write( void *context, byte *inbuf, size_t inlen)
221{
222 MD5_CONTEXT *hd = context;
223
224 if( hd->count == 64 ) /* flush the buffer */
225 {
226 transform( hd, hd->buf );
227 _gcry_burn_stack (80+6*sizeof(void*));
228 hd->count = 0;
229 hd->nblocks++;
230 }
231 if( !inbuf )
232 return;
233
234 if( hd->count )
235 {
236 for( ; inlen && hd->count < 64; inlen-- )
237 hd->buf[hd->count++] = *inbuf++;
238 md5_write( hd, NULL, 0 );
239 if( !inlen )
240 return;
241 }
242 _gcry_burn_stack (80+6*sizeof(void*));
243
244 while( inlen >= 64 )
245 {
246 transform( hd, inbuf );
247 hd->count = 0;
248 hd->nblocks++;
249 inlen -= 64;
250 inbuf += 64;
251 }
252 for( ; inlen && hd->count < 64; inlen-- )
253 hd->buf[hd->count++] = *inbuf++;
254
255}
256
257
258
259/* The routine final terminates the message-digest computation and
260 * ends with the desired message digest in mdContext->digest[0...15].
261 * The handle is prepared for a new MD5 cycle.
262 * Returns 16 bytes representing the digest.
263 */
264
265static void
266md5_final( void *context)
267{
268 MD5_CONTEXT *hd = context;
269 u32 t, msb, lsb;
270 byte *p;
271
272 md5_write(hd, NULL, 0); /* flush */;
273
274 t = hd->nblocks;
275 /* multiply by 64 to make a byte count */
276 lsb = t << 6;
277 msb = t >> 26;
278 /* add the count */
279 t = lsb;
280 if( (lsb += hd->count) < t )
281 msb++;
282 /* multiply by 8 to make a bit count */
283 t = lsb;
284 lsb <<= 3;
285 msb <<= 3;
286 msb |= t >> 29;
287
288 if( hd->count < 56 ) /* enough room */
289 {
290 hd->buf[hd->count++] = 0x80; /* pad */
291 while( hd->count < 56 )
292 hd->buf[hd->count++] = 0; /* pad */
293 }
294 else /* need one extra block */
295 {
296 hd->buf[hd->count++] = 0x80; /* pad character */
297 while( hd->count < 64 )
298 hd->buf[hd->count++] = 0;
299 md5_write(hd, NULL, 0); /* flush */;
300 memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
301 }
302 /* append the 64 bit count */
303 hd->buf[56] = lsb ;
304 hd->buf[57] = lsb >> 8;
305 hd->buf[58] = lsb >> 16;
306 hd->buf[59] = lsb >> 24;
307 hd->buf[60] = msb ;
308 hd->buf[61] = msb >> 8;
309 hd->buf[62] = msb >> 16;
310 hd->buf[63] = msb >> 24;
311 transform( hd, hd->buf );
312 _gcry_burn_stack (80+6*sizeof(void*));
313
314 p = hd->buf;
315#ifdef WORDS_BIGENDIAN
316#define X(a) do { *p++ = hd->a ; *p++ = hd->a >> 8; \
317 *p++ = hd->a >> 16; *p++ = hd->a >> 24; } while(0)
318#else /* little endian */
319#define X(a) do { *(u32*)p = (*hd).a ; p += 4; } while(0)
320#endif
321 X(A);
322 X(B);
323 X(C);
324 X(D);
325#undef X
326
327}
328
329static byte *
330md5_read( void *context )
331{
332 MD5_CONTEXT *hd = (MD5_CONTEXT *) context;
333 return hd->buf;
334}
335
336static byte asn[18] = /* Object ID is 1.2.840.113549.2.5 */
337 { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,
338 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 };
339
340static gcry_md_oid_spec_t oid_spec_md5[] =
341 {
342 /* iso.member-body.us.rsadsi.pkcs.pkcs-1.4 (md5WithRSAEncryption) */
343 { "1.2.840.113549.1.1.4" },
344 /* RSADSI digestAlgorithm MD5 */
345 { "1.2.840.113549.2.5" },
346 { NULL },
347 };
348
349gcry_md_spec_t _gcry_digest_spec_md5 =
350 {
351 "MD5", asn, DIM (asn), oid_spec_md5, 16,
352 md5_init, md5_write, md5_final, md5_read,
353 sizeof (MD5_CONTEXT)
354 };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/primegen.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/primegen.c
new file mode 100755
index 0000000..430a8a7
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/primegen.c
@@ -0,0 +1,1028 @@
1/* primegen.c - prime number generator
2 * Copyright (C) 1998, 2000, 2001, 2002, 2003
3 * 2004 Free Software Foundation, Inc.
4 *
5 * This file is part of Libgcrypt.
6 *
7 * Libgcrypt is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser general Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * Libgcrypt is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
20 *
21 * ***********************************************************************
22 * The algorithm used to generate practically save primes is due to
23 * Lim and Lee as described in the CRYPTO '97 proceedings (ISBN3540633847)
24 * page 260.
25 */
26
27#include <config.h>
28
29#include <stdio.h>
30#include <stdlib.h>
31#include <string.h>
32#include <assert.h>
33#include <errno.h>
34
35#include "g10lib.h"
36#include "mpi.h"
37#include "cipher.h"
38
39static gcry_mpi_t gen_prime (unsigned int nbits, int secret, int randomlevel,
40 int (*extra_check)(void *, gcry_mpi_t),
41 void *extra_check_arg);
42static int check_prime( gcry_mpi_t prime, gcry_mpi_t val_2,
43 gcry_prime_check_func_t cb_func, void *cb_arg );
44static int is_prime( gcry_mpi_t n, int steps, unsigned int *count );
45static void m_out_of_n( char *array, int m, int n );
46
47static void (*progress_cb) (void *,const char*,int,int, int );
48static void *progress_cb_data;
49
50/* Note: 2 is not included because it can be tested more easily by
51 looking at bit 0. The last entry in this list is marked by a zero */
52static ushort small_prime_numbers[] = {
53 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,
54 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,
55 103, 107, 109, 113, 127, 131, 137, 139, 149, 151,
56 157, 163, 167, 173, 179, 181, 191, 193, 197, 199,
57 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,
58 269, 271, 277, 281, 283, 293, 307, 311, 313, 317,
59 331, 337, 347, 349, 353, 359, 367, 373, 379, 383,
60 389, 397, 401, 409, 419, 421, 431, 433, 439, 443,
61 449, 457, 461, 463, 467, 479, 487, 491, 499, 503,
62 509, 521, 523, 541, 547, 557, 563, 569, 571, 577,
63 587, 593, 599, 601, 607, 613, 617, 619, 631, 641,
64 643, 647, 653, 659, 661, 673, 677, 683, 691, 701,
65 709, 719, 727, 733, 739, 743, 751, 757, 761, 769,
66 773, 787, 797, 809, 811, 821, 823, 827, 829, 839,
67 853, 857, 859, 863, 877, 881, 883, 887, 907, 911,
68 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,
69 991, 997, 1009, 1013, 1019, 1021, 1031, 1033,
70 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,
71 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,
72 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,
73 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,
74 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,
75 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,
76 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,
77 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,
78 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,
79 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,
80 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,
81 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,
82 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,
83 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,
84 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,
85 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,
86 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,
87 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,
88 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,
89 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,
90 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,
91 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,
92 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,
93 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,
94 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,
95 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,
96 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,
97 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,
98 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,
99 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,
100 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,
101 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,
102 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,
103 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,
104 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,
105 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,
106 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,
107 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,
108 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,
109 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,
110 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,
111 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,
112 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,
113 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,
114 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,
115 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,
116 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,
117 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,
118 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,
119 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,
120 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,
121 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,
122 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,
123 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,
124 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,
125 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,
126 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,
127 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,
128 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,
129 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,
130 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,
131 4957, 4967, 4969, 4973, 4987, 4993, 4999,
132 0
133};
134static int no_of_small_prime_numbers = DIM (small_prime_numbers) - 1;
135
136void
137_gcry_register_primegen_progress ( void (*cb)(void *,const char*,int,int,int),
138 void *cb_data )
139{
140 progress_cb = cb;
141 progress_cb_data = cb_data;
142}
143
144
145static void
146progress( int c )
147{
148 if ( progress_cb )
149 progress_cb ( progress_cb_data, "primegen", c, 0, 0 );
150}
151
152
153/****************
154 * Generate a prime number (stored in secure memory)
155 */
156gcry_mpi_t
157_gcry_generate_secret_prime (unsigned int nbits,
158 int (*extra_check)(void*, gcry_mpi_t),
159 void *extra_check_arg)
160{
161 gcry_mpi_t prime;
162
163 prime = gen_prime( nbits, 1, 2, extra_check, extra_check_arg);
164 progress('\n');
165 return prime;
166}
167
168gcry_mpi_t
169_gcry_generate_public_prime( unsigned int nbits,
170 int (*extra_check)(void*, gcry_mpi_t),
171 void *extra_check_arg)
172{
173 gcry_mpi_t prime;
174
175 prime = gen_prime( nbits, 0, 2, extra_check, extra_check_arg );
176 progress('\n');
177 return prime;
178}
179
180
181/****************
182 * We do not need to use the strongest RNG because we gain no extra
183 * security from it - The prime number is public and we could also
184 * offer the factors for those who are willing to check that it is
185 * indeed a strong prime. With ALL_FACTORS set to true all afcors of
186 * prime-1 are returned in FACTORS.
187 *
188 * mode 0: Standard
189 * 1: Make sure that at least one factor is of size qbits.
190 */
191static gcry_err_code_t
192prime_generate_internal (int mode,
193 gcry_mpi_t *prime_generated, unsigned int pbits,
194 unsigned int qbits, gcry_mpi_t g,
195 gcry_mpi_t **ret_factors,
196 gcry_random_level_t randomlevel, unsigned int flags,
197 int all_factors,
198 gcry_prime_check_func_t cb_func, void *cb_arg)
199{
200 gcry_err_code_t err = 0;
201 gcry_mpi_t *factors_new = NULL; /* Factors to return to the
202 caller. */
203 gcry_mpi_t *factors = NULL; /* Current factors. */
204 gcry_mpi_t *pool = NULL; /* Pool of primes. */
205 unsigned char *perms = NULL; /* Permutations of POOL. */
206 gcry_mpi_t q_factor = NULL; /* Used if QBITS is non-zero. */
207 unsigned int fbits = 0; /* Length of prime factors. */
208 unsigned int n = 0; /* Number of factors. */
209 unsigned int m = 0; /* Number of primes in pool. */
210 gcry_mpi_t q = NULL; /* First prime factor. */
211 gcry_mpi_t prime = NULL; /* Prime candidate. */
212 unsigned int nprime = 0; /* Bits of PRIME. */
213 unsigned int req_qbits; /* The original QBITS value. */
214 gcry_mpi_t val_2; /* For check_prime(). */
215 unsigned int is_secret = (flags & GCRY_PRIME_FLAG_SECRET);
216 unsigned int count1 = 0, count2 = 0;
217 unsigned int i = 0, j = 0;
218
219 if (pbits < 48)
220 return GPG_ERR_INV_ARG;
221
222 /* If QBITS is not given, assume a reasonable value. */
223 if (!qbits)
224 qbits = pbits / 3;
225
226 req_qbits = qbits;
227
228 /* Find number of needed prime factors. */
229 for (n = 1; (pbits - qbits - 1) / n >= qbits; n++)
230 ;
231 n--;
232
233 val_2 = mpi_alloc_set_ui (2);
234
235 if ((! n) || ((mode == 1) && (n < 2)))
236 {
237 err = GPG_ERR_INV_ARG;
238 goto leave;
239 }
240
241 if (mode == 1)
242 {
243 n--;
244 fbits = (pbits - 2 * req_qbits -1) / n;
245 qbits = pbits - req_qbits - n * fbits;
246 }
247 else
248 {
249 fbits = (pbits - req_qbits -1) / n;
250 qbits = pbits - n * fbits;
251 }
252
253 if (DBG_CIPHER)
254 log_debug ("gen prime: pbits=%u qbits=%u fbits=%u/%u n=%d\n",
255 pbits, req_qbits, qbits, fbits, n);
256
257 prime = gcry_mpi_new (pbits);
258
259 /* Generate first prime factor. */
260 q = gen_prime (qbits, is_secret, randomlevel, NULL, NULL);
261
262 if (mode == 1)
263 q_factor = gen_prime (req_qbits, is_secret, randomlevel, NULL, NULL);
264
265 /* Allocate an array to hold the factors + 2 for later usage. */
266 factors = gcry_calloc (n + 2, sizeof (*factors));
267 if (!factors)
268 {
269 err = gpg_err_code_from_errno (errno);
270 goto leave;
271 }
272
273 /* Make a pool of 3n+5 primes (this is an arbitrary value). */
274 m = n * 3 + 5;
275 if (mode == 1) /* Need some more (for e.g. DSA). */
276 m += 5;
277 if (m < 25)
278 m = 25;
279 pool = gcry_calloc (m , sizeof (*pool));
280 if (! pool)
281 {
282 err = gpg_err_code_from_errno (errno);
283 goto leave;
284 }
285
286 /* Permutate over the pool of primes. */
287 do
288 {
289 next_try:
290 if (! perms)
291 {
292 /* Allocate new primes. */
293 for(i = 0; i < m; i++)
294 {
295 mpi_free (pool[i]);
296 pool[i] = NULL;
297 }
298
299 /* Init m_out_of_n(). */
300 perms = gcry_calloc (1, m);
301 if (! perms)
302 {
303 err = gpg_err_code_from_errno (errno);
304 goto leave;
305 }
306 for(i = 0; i < n; i++)
307 {
308 perms[i] = 1;
309 pool[i] = gen_prime (fbits, is_secret,
310 randomlevel, NULL, NULL);
311 factors[i] = pool[i];
312 }
313 }
314 else
315 {
316 m_out_of_n ((char*)perms, n, m);
317 for (i = j = 0; (i < m) && (j < n); i++)
318 if (perms[i])
319 {
320 if(! pool[i])
321 pool[i] = gen_prime (fbits, 0, 1, NULL, NULL);
322 factors[j++] = pool[i];
323 }
324 if (i == n)
325 {
326 gcry_free (perms);
327 perms = NULL;
328 progress ('!');
329 goto next_try; /* Allocate new primes. */
330 }
331 }
332
333 /* Generate next prime candidate:
334 p = 2 * q [ * q_factor] * factor_0 * factor_1 * ... * factor_n + 1.
335 */
336 mpi_set (prime, q);
337 mpi_mul_ui (prime, prime, 2);
338 if (mode == 1)
339 mpi_mul (prime, prime, q_factor);
340 for(i = 0; i < n; i++)
341 mpi_mul (prime, prime, factors[i]);
342 mpi_add_ui (prime, prime, 1);
343 nprime = mpi_get_nbits (prime);
344
345 if (nprime < pbits)
346 {
347 if (++count1 > 20)
348 {
349 count1 = 0;
350 qbits++;
351 progress('>');
352 mpi_free (q);
353 q = gen_prime (qbits, 0, 0, NULL, NULL);
354 goto next_try;
355 }
356 }
357 else
358 count1 = 0;
359
360 if (nprime > pbits)
361 {
362 if (++count2 > 20)
363 {
364 count2 = 0;
365 qbits--;
366 progress('<');
367 mpi_free (q);
368 q = gen_prime (qbits, 0, 0, NULL, NULL);
369 goto next_try;
370 }
371 }
372 else
373 count2 = 0;
374 }
375 while (! ((nprime == pbits) && check_prime (prime, val_2, cb_func, cb_arg)));
376
377 if (DBG_CIPHER)
378 {
379 progress ('\n');
380 log_mpidump ("prime : ", prime);
381 log_mpidump ("factor q: ", q);
382 if (mode == 1)
383 log_mpidump ("factor q0: ", q_factor);
384 for (i = 0; i < n; i++)
385 log_mpidump ("factor pi: ", factors[i]);
386 log_debug ("bit sizes: prime=%u, q=%u",
387 mpi_get_nbits (prime), mpi_get_nbits (q));
388 if (mode == 1)
389 log_debug (", q0=%u", mpi_get_nbits (q_factor));
390 for (i = 0; i < n; i++)
391 log_debug (", p%d=%u", i, mpi_get_nbits (factors[i]));
392 progress('\n');
393 }
394
395 if (ret_factors)
396 {
397 /* Caller wants the factors. */
398 factors_new = gcry_calloc (n + 4, sizeof (*factors_new));
399 if (! factors_new)
400 {
401 err = gpg_err_code_from_errno (errno);
402 goto leave;
403 }
404
405 if (all_factors)
406 {
407 i = 0;
408 factors_new[i++] = gcry_mpi_set_ui (NULL, 2);
409 factors_new[i++] = mpi_copy (q);
410 if (mode == 1)
411 factors_new[i++] = mpi_copy (q_factor);
412 for(j=0; j < n; j++)
413 factors_new[i++] = mpi_copy (factors[j]);
414 }
415 else
416 {
417 i = 0;
418 if (mode == 1)
419 {
420 factors_new[i++] = mpi_copy (q_factor);
421 for (; i <= n; i++)
422 factors_new[i] = mpi_copy (factors[i]);
423 }
424 else
425 for (; i < n; i++ )
426 factors_new[i] = mpi_copy (factors[i]);
427 }
428 }
429
430 if (g)
431 {
432 /* Create a generator (start with 3). */
433 gcry_mpi_t tmp = mpi_alloc (mpi_get_nlimbs (prime));
434 gcry_mpi_t b = mpi_alloc (mpi_get_nlimbs (prime));
435 gcry_mpi_t pmin1 = mpi_alloc (mpi_get_nlimbs (prime));
436
437 if (mode == 1)
438 err = GPG_ERR_NOT_IMPLEMENTED;
439 else
440 {
441 factors[n] = q;
442 factors[n + 1] = mpi_alloc_set_ui (2);
443 mpi_sub_ui (pmin1, prime, 1);
444 mpi_set_ui (g, 2);
445 do
446 {
447 mpi_add_ui (g, g, 1);
448 if (DBG_CIPHER)
449 {
450 log_debug ("checking g:");
451 gcry_mpi_dump (g);
452 log_printf ("\n");
453 }
454 else
455 progress('^');
456 for (i = 0; i < n + 2; i++)
457 {
458 mpi_fdiv_q (tmp, pmin1, factors[i]);
459 /* No mpi_pow(), but it is okay to use this with mod
460 prime. */
461 gcry_mpi_powm (b, g, tmp, prime);
462 if (! mpi_cmp_ui (b, 1))
463 break;
464 }
465 if (DBG_CIPHER)
466 progress('\n');
467 }
468 while (i < n + 2);
469
470 mpi_free (factors[n+1]);
471 mpi_free (tmp);
472 mpi_free (b);
473 mpi_free (pmin1);
474 }
475 }
476
477 if (! DBG_CIPHER)
478 progress ('\n');
479
480
481 leave:
482 if (pool)
483 {
484 for(i = 0; i < m; i++)
485 mpi_free (pool[i]);
486 gcry_free (pool);
487 }
488 if (factors)
489 gcry_free (factors); /* Factors are shallow copies. */
490 if (perms)
491 gcry_free (perms);
492
493 mpi_free (val_2);
494 mpi_free (q);
495 mpi_free (q_factor);
496
497 if (! err)
498 {
499 *prime_generated = prime;
500 if (ret_factors)
501 *ret_factors = factors_new;
502 }
503 else
504 {
505 if (factors_new)
506 {
507 for (i = 0; factors_new[i]; i++)
508 mpi_free (factors_new[i]);
509 gcry_free (factors_new);
510 }
511 mpi_free (prime);
512 }
513
514 return err;
515}
516
517gcry_mpi_t
518_gcry_generate_elg_prime (int mode, unsigned pbits, unsigned qbits,
519 gcry_mpi_t g, gcry_mpi_t **ret_factors)
520{
521 gcry_err_code_t err = GPG_ERR_NO_ERROR;
522 gcry_mpi_t prime = NULL;
523
524 err = prime_generate_internal (mode, &prime, pbits, qbits, g,
525 ret_factors, GCRY_WEAK_RANDOM, 0, 0,
526 NULL, NULL);
527
528 return prime;
529}
530
531static gcry_mpi_t
532gen_prime (unsigned int nbits, int secret, int randomlevel,
533 int (*extra_check)(void *, gcry_mpi_t), void *extra_check_arg)
534{
535 gcry_mpi_t prime, ptest, pminus1, val_2, val_3, result;
536 int i;
537 unsigned int x, step;
538 unsigned int count1, count2;
539 int *mods;
540
541/* if ( DBG_CIPHER ) */
542/* log_debug ("generate a prime of %u bits ", nbits ); */
543
544 if (nbits < 16)
545 log_fatal ("can't generate a prime with less than %d bits\n", 16);
546
547 mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods );
548 /* Make nbits fit into gcry_mpi_t implementation. */
549 val_2 = mpi_alloc_set_ui( 2 );
550 val_3 = mpi_alloc_set_ui( 3);
551 prime = secret? gcry_mpi_snew ( nbits ): gcry_mpi_new ( nbits );
552 result = mpi_alloc_like( prime );
553 pminus1= mpi_alloc_like( prime );
554 ptest = mpi_alloc_like( prime );
555 count1 = count2 = 0;
556 for (;;)
557 { /* try forvever */
558 int dotcount=0;
559
560 /* generate a random number */
561 gcry_mpi_randomize( prime, nbits, randomlevel );
562
563 /* Set high order bit to 1, set low order bit to 1. If we are
564 generating a secret prime we are most probably doing that
565 for RSA, to make sure that the modulus does have the
566 requested key size we set the 2 high order bits. */
567 mpi_set_highbit (prime, nbits-1);
568 if (secret)
569 mpi_set_bit (prime, nbits-2);
570 mpi_set_bit(prime, 0);
571
572 /* Calculate all remainders. */
573 for (i=0; (x = small_prime_numbers[i]); i++ )
574 mods[i] = mpi_fdiv_r_ui(NULL, prime, x);
575
576 /* Now try some primes starting with prime. */
577 for(step=0; step < 20000; step += 2 )
578 {
579 /* Check against all the small primes we have in mods. */
580 count1++;
581 for (i=0; (x = small_prime_numbers[i]); i++ )
582 {
583 while ( mods[i] + step >= x )
584 mods[i] -= x;
585 if ( !(mods[i] + step) )
586 break;
587 }
588 if ( x )
589 continue; /* Found a multiple of an already known prime. */
590
591 mpi_add_ui( ptest, prime, step );
592
593 /* Do a fast Fermat test now. */
594 count2++;
595 mpi_sub_ui( pminus1, ptest, 1);
596 gcry_mpi_powm( result, val_2, pminus1, ptest );
597 if ( !mpi_cmp_ui( result, 1 ) )
598 {
599 /* Not composite, perform stronger tests */
600 if (is_prime(ptest, 5, &count2 ))
601 {
602 if (!mpi_test_bit( ptest, nbits-1-secret ))
603 {
604 progress('\n');
605 log_debug ("overflow in prime generation\n");
606 break; /* Stop loop, continue with a new prime. */
607 }
608
609 if (extra_check && extra_check (extra_check_arg, ptest))
610 {
611 /* The extra check told us that this prime is
612 not of the caller's taste. */
613 progress ('/');
614 }
615 else
616 {
617 /* Got it. */
618 mpi_free(val_2);
619 mpi_free(val_3);
620 mpi_free(result);
621 mpi_free(pminus1);
622 mpi_free(prime);
623 gcry_free(mods);
624 return ptest;
625 }
626 }
627 }
628 if (++dotcount == 10 )
629 {
630 progress('.');
631 dotcount = 0;
632 }
633 }
634 progress(':'); /* restart with a new random value */
635 }
636}
637
638/****************
639 * Returns: true if this may be a prime
640 */
641static int
642check_prime( gcry_mpi_t prime, gcry_mpi_t val_2,
643 gcry_prime_check_func_t cb_func, void *cb_arg)
644{
645 int i;
646 unsigned int x;
647 unsigned int count=0;
648
649 /* Check against small primes. */
650 for (i=0; (x = small_prime_numbers[i]); i++ )
651 {
652 if ( mpi_divisible_ui( prime, x ) )
653 return 0;
654 }
655
656 /* A quick Fermat test. */
657 {
658 gcry_mpi_t result = mpi_alloc_like( prime );
659 gcry_mpi_t pminus1 = mpi_alloc_like( prime );
660 mpi_sub_ui( pminus1, prime, 1);
661 gcry_mpi_powm( result, val_2, pminus1, prime );
662 mpi_free( pminus1 );
663 if ( mpi_cmp_ui( result, 1 ) )
664 {
665 /* Is composite. */
666 mpi_free( result );
667 progress('.');
668 return 0;
669 }
670 mpi_free( result );
671 }
672
673 if (!cb_func || cb_func (cb_arg, GCRY_PRIME_CHECK_AT_MAYBE_PRIME, prime))
674 {
675 /* Perform stronger tests. */
676 if ( is_prime( prime, 5, &count ) )
677 {
678 if (!cb_func
679 || cb_func (cb_arg, GCRY_PRIME_CHECK_AT_GOT_PRIME, prime))
680 return 1; /* Probably a prime. */
681 }
682 }
683 progress('.');
684 return 0;
685}
686
687
688/*
689 * Return true if n is probably a prime
690 */
691static int
692is_prime (gcry_mpi_t n, int steps, unsigned int *count)
693{
694 gcry_mpi_t x = mpi_alloc( mpi_get_nlimbs( n ) );
695 gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs( n ) );
696 gcry_mpi_t z = mpi_alloc( mpi_get_nlimbs( n ) );
697 gcry_mpi_t nminus1 = mpi_alloc( mpi_get_nlimbs( n ) );
698 gcry_mpi_t a2 = mpi_alloc_set_ui( 2 );
699 gcry_mpi_t q;
700 unsigned i, j, k;
701 int rc = 0;
702 unsigned nbits = mpi_get_nbits( n );
703
704 mpi_sub_ui( nminus1, n, 1 );
705
706 /* Find q and k, so that n = 1 + 2^k * q . */
707 q = mpi_copy ( nminus1 );
708 k = mpi_trailing_zeros ( q );
709 mpi_tdiv_q_2exp (q, q, k);
710
711 for (i=0 ; i < steps; i++ )
712 {
713 ++*count;
714 if( !i )
715 {
716 mpi_set_ui( x, 2 );
717 }
718 else
719 {
720 gcry_mpi_randomize( x, nbits, GCRY_WEAK_RANDOM );
721
722 /* Make sure that the number is smaller than the prime and
723 keep the randomness of the high bit. */
724 if ( mpi_test_bit ( x, nbits-2) )
725 {
726 mpi_set_highbit ( x, nbits-2); /* Clear all higher bits. */
727 }
728 else
729 {
730 mpi_set_highbit( x, nbits-2 );
731 mpi_clear_bit( x, nbits-2 );
732 }
733 assert ( mpi_cmp( x, nminus1 ) < 0 && mpi_cmp_ui( x, 1 ) > 0 );
734 }
735 gcry_mpi_powm ( y, x, q, n);
736 if ( mpi_cmp_ui(y, 1) && mpi_cmp( y, nminus1 ) )
737 {
738 for ( j=1; j < k && mpi_cmp( y, nminus1 ); j++ )
739 {
740 gcry_mpi_powm(y, y, a2, n);
741 if( !mpi_cmp_ui( y, 1 ) )
742 goto leave; /* Not a prime. */
743 }
744 if (mpi_cmp( y, nminus1 ) )
745 goto leave; /* Not a prime. */
746 }
747 progress('+');
748 }
749 rc = 1; /* May be a prime. */
750
751 leave:
752 mpi_free( x );
753 mpi_free( y );
754 mpi_free( z );
755 mpi_free( nminus1 );
756 mpi_free( q );
757 mpi_free( a2 );
758
759 return rc;
760}
761
762
763static void
764m_out_of_n ( char *array, int m, int n )
765{
766 int i=0, i1=0, j=0, jp=0, j1=0, k1=0, k2=0;
767
768 if( !m || m >= n )
769 return;
770
771 if( m == 1 )
772 {
773 /* Special case. */
774 for (i=0; i < n; i++ )
775 {
776 if( array[i] )
777 {
778 array[i++] = 0;
779 if( i >= n )
780 i = 0;
781 array[i] = 1;
782 return;
783 }
784 }
785 BUG();
786 }
787
788 for (j=1; j < n; j++ )
789 {
790 if ( array[n-1] == array[n-j-1])
791 continue;
792 j1 = j;
793 break;
794 }
795
796 if ( (m & 1) )
797 {
798 /* M is odd. */
799 if( array[n-1] )
800 {
801 if( j1 & 1 )
802 {
803 k1 = n - j1;
804 k2 = k1+2;
805 if( k2 > n )
806 k2 = n;
807 goto leave;
808 }
809 goto scan;
810 }
811 k2 = n - j1 - 1;
812 if( k2 == 0 )
813 {
814 k1 = i;
815 k2 = n - j1;
816 }
817 else if( array[k2] && array[k2-1] )
818 k1 = n;
819 else
820 k1 = k2 + 1;
821 }
822 else
823 {
824 /* M is even. */
825 if( !array[n-1] )
826 {
827 k1 = n - j1;
828 k2 = k1 + 1;
829 goto leave;
830 }
831
832 if( !(j1 & 1) )
833 {
834 k1 = n - j1;
835 k2 = k1+2;
836 if( k2 > n )
837 k2 = n;
838 goto leave;
839 }
840 scan:
841 jp = n - j1 - 1;
842 for (i=1; i <= jp; i++ )
843 {
844 i1 = jp + 2 - i;
845 if( array[i1-1] )
846 {
847 if( array[i1-2] )
848 {
849 k1 = i1 - 1;
850 k2 = n - j1;
851 }
852 else
853 {
854 k1 = i1 - 1;
855 k2 = n + 1 - j1;
856 }
857 goto leave;
858 }
859 }
860 k1 = 1;
861 k2 = n + 1 - m;
862 }
863 leave:
864 array[k1-1] = !array[k1-1];
865 array[k2-1] = !array[k2-1];
866}
867
868
869/* Generate a new prime number of PRIME_BITS bits and store it in
870 PRIME. If FACTOR_BITS is non-zero, one of the prime factors of
871 (prime - 1) / 2 must be FACTOR_BITS bits long. If FACTORS is
872 non-zero, allocate a new, NULL-terminated array holding the prime
873 factors and store it in FACTORS. FLAGS might be used to influence
874 the prime number generation process. */
875gcry_error_t
876gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits,
877 unsigned int factor_bits, gcry_mpi_t **factors,
878 gcry_prime_check_func_t cb_func, void *cb_arg,
879 gcry_random_level_t random_level,
880 unsigned int flags)
881{
882 gcry_err_code_t err = GPG_ERR_NO_ERROR;
883 gcry_mpi_t *factors_generated = NULL;
884 gcry_mpi_t prime_generated = NULL;
885 unsigned int mode = 0;
886
887 if (!prime)
888 return gpg_error (GPG_ERR_INV_ARG);
889 *prime = NULL;
890
891 if (flags & GCRY_PRIME_FLAG_SPECIAL_FACTOR)
892 mode = 1;
893
894 /* Generate. */
895 err = prime_generate_internal (mode, &prime_generated, prime_bits,
896 factor_bits, NULL,
897 factors? &factors_generated : NULL,
898 random_level, flags, 1,
899 cb_func, cb_arg);
900
901 if (! err)
902 if (cb_func)
903 {
904 /* Additional check. */
905 if ( !cb_func (cb_arg, GCRY_PRIME_CHECK_AT_FINISH, prime_generated))
906 {
907 /* Failed, deallocate resources. */
908 unsigned int i;
909
910 mpi_free (prime_generated);
911 if (factors)
912 {
913 for (i = 0; factors_generated[i]; i++)
914 mpi_free (factors_generated[i]);
915 gcry_free (factors_generated);
916 }
917 err = GPG_ERR_GENERAL;
918 }
919 }
920
921 if (! err)
922 {
923 if (factors)
924 *factors = factors_generated;
925 *prime = prime_generated;
926 }
927
928 return gcry_error (err);
929}
930
931/* Check wether the number X is prime. */
932gcry_error_t
933gcry_prime_check (gcry_mpi_t x, unsigned int flags)
934{
935 gcry_err_code_t err = GPG_ERR_NO_ERROR;
936 gcry_mpi_t val_2 = mpi_alloc_set_ui (2); /* Used by the Fermat test. */
937
938 if (! check_prime (x, val_2, NULL, NULL))
939 err = GPG_ERR_NO_PRIME;
940
941 mpi_free (val_2);
942
943 return gcry_error (err);
944}
945
946/* Find a generator for PRIME where the factorization of (prime-1) is
947 in the NULL terminated array FACTORS. Return the generator as a
948 newly allocated MPI in R_G. If START_G is not NULL, use this as s
949 atart for the search. Returns 0 on success.*/
950gcry_error_t
951gcry_prime_group_generator (gcry_mpi_t *r_g,
952 gcry_mpi_t prime, gcry_mpi_t *factors,
953 gcry_mpi_t start_g)
954{
955 gcry_mpi_t tmp = gcry_mpi_new (0);
956 gcry_mpi_t b = gcry_mpi_new (0);
957 gcry_mpi_t pmin1 = gcry_mpi_new (0);
958 gcry_mpi_t g = start_g? gcry_mpi_copy (start_g) : gcry_mpi_set_ui (NULL, 3);
959 int first = 1;
960 int i, n;
961
962 if (!factors || !r_g || !prime)
963 return gpg_error (GPG_ERR_INV_ARG);
964 *r_g = NULL;
965
966 for (n=0; factors[n]; n++)
967 ;
968 if (n < 2)
969 return gpg_error (GPG_ERR_INV_ARG);
970
971 /* Extra sanity check - usually disabled. */
972/* mpi_set (tmp, factors[0]); */
973/* for(i = 1; i < n; i++) */
974/* mpi_mul (tmp, tmp, factors[i]); */
975/* mpi_add_ui (tmp, tmp, 1); */
976/* if (mpi_cmp (prime, tmp)) */
977/* return gpg_error (GPG_ERR_INV_ARG); */
978
979 gcry_mpi_sub_ui (pmin1, prime, 1);
980 do
981 {
982 if (first)
983 first = 0;
984 else
985 gcry_mpi_add_ui (g, g, 1);
986
987 if (DBG_CIPHER)
988 {
989 log_debug ("checking g:");
990 gcry_mpi_dump (g);
991 log_debug ("\n");
992 }
993 else
994 progress('^');
995
996 for (i = 0; i < n; i++)
997 {
998 mpi_fdiv_q (tmp, pmin1, factors[i]);
999 gcry_mpi_powm (b, g, tmp, prime);
1000 if (! mpi_cmp_ui (b, 1))
1001 break;
1002 }
1003 if (DBG_CIPHER)
1004 progress('\n');
1005 }
1006 while (i < n);
1007
1008 gcry_mpi_release (tmp);
1009 gcry_mpi_release (b);
1010 gcry_mpi_release (pmin1);
1011 *r_g = g;
1012
1013 return 0;
1014}
1015
1016/* Convenience function to release the factors array. */
1017void
1018gcry_prime_release_factors (gcry_mpi_t *factors)
1019{
1020 if (factors)
1021 {
1022 int i;
1023
1024 for (i=0; factors[i]; i++)
1025 mpi_free (factors[i]);
1026 gcry_free (factors);
1027 }
1028}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/pubkey.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/pubkey.c
new file mode 100755
index 0000000..4bed8a5
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/pubkey.c
@@ -0,0 +1,2360 @@
1/* pubkey.c - pubkey dispatcher
2 * Copyright (C) 1998,1999,2000,2002,2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21#include <config.h>
22#include <stdio.h>
23#include <stdlib.h>
24#include <string.h>
25#include <errno.h>
26#include <assert.h>
27
28#include "g10lib.h"
29#include "mpi.h"
30#include "cipher.h"
31#include "ath.h"
32
33static gcry_err_code_t pubkey_decrypt (int algo, gcry_mpi_t *result,
34 gcry_mpi_t *data, gcry_mpi_t *skey,
35 int flags);
36static gcry_err_code_t pubkey_sign (int algo, gcry_mpi_t *resarr,
37 gcry_mpi_t hash, gcry_mpi_t *skey);
38static gcry_err_code_t pubkey_verify (int algo, gcry_mpi_t hash,
39 gcry_mpi_t *data, gcry_mpi_t *pkey,
40 int (*cmp) (void *, gcry_mpi_t),
41 void *opaque);
42
43/* This is the list of the default public-key ciphers included in
44 libgcrypt. */
45static struct pubkey_table_entry
46{
47 gcry_pk_spec_t *pubkey;
48 unsigned int algorithm;
49} pubkey_table[] =
50 {
51#if USE_RSA
52 { &_gcry_pubkey_spec_rsa, GCRY_PK_RSA },
53#endif
54#if USE_ELGAMAL
55 { &_gcry_pubkey_spec_elg, GCRY_PK_ELG },
56 { &_gcry_pubkey_spec_elg, GCRY_PK_ELG_E },
57#endif
58#if USE_DSA
59 { &_gcry_pubkey_spec_dsa, GCRY_PK_DSA },
60#endif
61 { NULL, 0 },
62 };
63
64/* List of registered ciphers. */
65static gcry_module_t pubkeys_registered;
66
67/* This is the lock protecting PUBKEYS_REGISTERED. */
68static ath_mutex_t pubkeys_registered_lock;
69
70/* Flag to check wether the default pubkeys have already been
71 registered. */
72static int default_pubkeys_registered;
73
74/* Convenient macro for registering the default digests. */
75#define REGISTER_DEFAULT_PUBKEYS \
76 do \
77 { \
78 ath_mutex_lock (&pubkeys_registered_lock); \
79 if (! default_pubkeys_registered) \
80 { \
81 gcry_pk_register_default (); \
82 default_pubkeys_registered = 1; \
83 } \
84 ath_mutex_unlock (&pubkeys_registered_lock); \
85 } \
86 while (0)
87
88/* These dummy functions are used in case a cipher implementation
89 refuses to provide it's own functions. */
90
91static gcry_err_code_t
92dummy_generate (int algorithm, unsigned int nbits, unsigned long dummy,
93 gcry_mpi_t *skey, gcry_mpi_t **retfactors)
94{
95 log_bug ("no generate() for %d\n", algorithm);
96 return GPG_ERR_PUBKEY_ALGO;
97}
98
99static gcry_err_code_t
100dummy_check_secret_key (int algorithm, gcry_mpi_t *skey)
101{
102 log_bug ("no check_secret_key() for %d\n", algorithm);
103 return GPG_ERR_PUBKEY_ALGO;
104}
105
106static gcry_err_code_t
107dummy_encrypt (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
108 gcry_mpi_t *pkey, int flags)
109{
110 log_bug ("no encrypt() for %d\n", algorithm);
111 return GPG_ERR_PUBKEY_ALGO;
112}
113
114static gcry_err_code_t
115dummy_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data,
116 gcry_mpi_t *skey, int flags)
117{
118 log_bug ("no decrypt() for %d\n", algorithm);
119 return GPG_ERR_PUBKEY_ALGO;
120}
121
122static gcry_err_code_t
123dummy_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
124 gcry_mpi_t *skey)
125{
126 log_bug ("no sign() for %d\n", algorithm);
127 return GPG_ERR_PUBKEY_ALGO;
128}
129
130static gcry_err_code_t
131dummy_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data,
132 gcry_mpi_t *pkey,
133 int (*cmp) (void *, gcry_mpi_t), void *opaquev)
134{
135 log_bug ("no verify() for %d\n", algorithm);
136 return GPG_ERR_PUBKEY_ALGO;
137}
138
139static unsigned
140dummy_get_nbits (int algorithm, gcry_mpi_t *pkey)
141{
142 log_bug ("no get_nbits() for %d\n", algorithm);
143 return 0;
144}
145
146/* Internal function. Register all the pubkeys included in
147 PUBKEY_TABLE. Returns zero on success or an error code. */
148static void
149gcry_pk_register_default (void)
150{
151 gcry_err_code_t err = 0;
152 int i;
153
154 for (i = 0; (! err) && pubkey_table[i].pubkey; i++)
155 {
156#define pubkey_use_dummy(func) \
157 if (! pubkey_table[i].pubkey->func) \
158 pubkey_table[i].pubkey->func = dummy_##func;
159
160 pubkey_use_dummy (generate);
161 pubkey_use_dummy (check_secret_key);
162 pubkey_use_dummy (encrypt);
163 pubkey_use_dummy (decrypt);
164 pubkey_use_dummy (sign);
165 pubkey_use_dummy (verify);
166 pubkey_use_dummy (get_nbits);
167#undef pubkey_use_dummy
168 err = _gcry_module_add (&pubkeys_registered,
169 pubkey_table[i].algorithm,
170 (void *) pubkey_table[i].pubkey, NULL);
171 }
172
173 if (err)
174 BUG ();
175}
176
177/* Internal callback function. Used via _gcry_module_lookup. */
178static int
179gcry_pk_lookup_func_name (void *spec, void *data)
180{
181 gcry_pk_spec_t *pubkey = (gcry_pk_spec_t *) spec;
182 char *name = (char *) data;
183 char **aliases = pubkey->aliases;
184 int ret = stricmp (name, pubkey->name);
185
186 while (ret && *aliases)
187 ret = stricmp (name, *aliases++);
188
189 return ! ret;
190}
191
192/* Internal function. Lookup a pubkey entry by it's name. */
193static gcry_module_t
194gcry_pk_lookup_name (const char *name)
195{
196 gcry_module_t pubkey;
197
198 pubkey = _gcry_module_lookup (pubkeys_registered, (void *) name,
199 gcry_pk_lookup_func_name);
200
201 return pubkey;
202}
203
204/* Register a new pubkey module whose specification can be found in
205 PUBKEY. On success, a new algorithm ID is stored in ALGORITHM_ID
206 and a pointer representhing this module is stored in MODULE. */
207gcry_error_t
208gcry_pk_register (gcry_pk_spec_t *pubkey,
209 unsigned int *algorithm_id,
210 gcry_module_t *module)
211{
212 gcry_err_code_t err = GPG_ERR_NO_ERROR;
213 gcry_module_t mod;
214
215 ath_mutex_lock (&pubkeys_registered_lock);
216 err = _gcry_module_add (&pubkeys_registered, 0,
217 (void *) pubkey, &mod);
218 ath_mutex_unlock (&pubkeys_registered_lock);
219
220 if (! err)
221 {
222 *module = mod;
223 *algorithm_id = mod->mod_id;
224 }
225
226 return err;
227}
228
229/* Unregister the pubkey identified by ID, which must have been
230 registered with gcry_pk_register. */
231void
232gcry_pk_unregister (gcry_module_t module)
233{
234 ath_mutex_lock (&pubkeys_registered_lock);
235 _gcry_module_release (module);
236 ath_mutex_unlock (&pubkeys_registered_lock);
237}
238
239static void
240release_mpi_array (gcry_mpi_t *array)
241{
242 for (; *array; array++)
243 {
244 mpi_free(*array);
245 *array = NULL;
246 }
247}
248
249/****************
250 * Map a string to the pubkey algo
251 */
252int
253gcry_pk_map_name (const char *string)
254{
255 gcry_module_t pubkey;
256 int algorithm = 0;
257
258 if (!string)
259 return 0;
260
261 REGISTER_DEFAULT_PUBKEYS;
262
263 ath_mutex_lock (&pubkeys_registered_lock);
264 pubkey = gcry_pk_lookup_name (string);
265 if (pubkey)
266 {
267 algorithm = pubkey->mod_id;
268 _gcry_module_release (pubkey);
269 }
270 ath_mutex_unlock (&pubkeys_registered_lock);
271
272 return algorithm;
273}
274
275
276/****************
277 * Map a pubkey algo to a string
278 */
279const char *
280gcry_pk_algo_name (int algorithm)
281{
282 const char *name = NULL;
283 gcry_module_t pubkey;
284
285 REGISTER_DEFAULT_PUBKEYS;
286
287 ath_mutex_lock (&pubkeys_registered_lock);
288 pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
289 if (pubkey)
290 {
291 name = ((gcry_pk_spec_t *) pubkey->spec)->name;
292 _gcry_module_release (pubkey);
293 }
294 ath_mutex_unlock (&pubkeys_registered_lock);
295
296 return name;
297}
298
299
300/* A special version of gcry_pk_algo name to return the first aliased
301 name of the algorithm. This is required to adhere to the spki
302 specs where the algorithm names are lowercase. */
303const char *
304_gcry_pk_aliased_algo_name (int algorithm)
305{
306 const char *name = NULL;
307 gcry_module_t module;
308
309 REGISTER_DEFAULT_PUBKEYS;
310
311 ath_mutex_lock (&pubkeys_registered_lock);
312 module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
313 if (module)
314 {
315 gcry_pk_spec_t *pubkey = (gcry_pk_spec_t *) module->spec;
316
317 name = pubkey->aliases? *pubkey->aliases : NULL;
318 if (!name || !*name)
319 name = pubkey->name;
320 _gcry_module_release (module);
321 }
322 ath_mutex_unlock (&pubkeys_registered_lock);
323
324 return name;
325}
326
327
328static void
329disable_pubkey_algo (int algorithm)
330{
331 gcry_module_t pubkey;
332
333 ath_mutex_lock (&pubkeys_registered_lock);
334 pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
335 if (pubkey)
336 {
337 if (! (pubkey-> flags & FLAG_MODULE_DISABLED))
338 pubkey->flags |= FLAG_MODULE_DISABLED;
339 _gcry_module_release (pubkey);
340 }
341 ath_mutex_unlock (&pubkeys_registered_lock);
342}
343
344
345/****************
346 * A USE of 0 means: don't care.
347 */
348static gcry_err_code_t
349check_pubkey_algo (int algorithm, unsigned use)
350{
351 gcry_err_code_t err = GPG_ERR_NO_ERROR;
352 gcry_pk_spec_t *pubkey;
353 gcry_module_t module;
354
355 REGISTER_DEFAULT_PUBKEYS;
356
357 ath_mutex_lock (&pubkeys_registered_lock);
358 module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
359 if (module)
360 {
361 pubkey = (gcry_pk_spec_t *) module->spec;
362
363 if (((use & GCRY_PK_USAGE_SIGN)
364 && (! (pubkey->use & GCRY_PK_USAGE_SIGN)))
365 || ((use & GCRY_PK_USAGE_ENCR)
366 && (! (pubkey->use & GCRY_PK_USAGE_ENCR))))
367 err = GPG_ERR_WRONG_PUBKEY_ALGO;
368 else if (module->flags & FLAG_MODULE_DISABLED)
369 err = GPG_ERR_PUBKEY_ALGO;
370 _gcry_module_release (module);
371 }
372 else
373 err = GPG_ERR_PUBKEY_ALGO;
374 ath_mutex_unlock (&pubkeys_registered_lock);
375
376 return err;
377}
378
379
380/****************
381 * Return the number of public key material numbers
382 */
383static int
384pubkey_get_npkey (int algorithm)
385{
386 gcry_module_t pubkey;
387 int npkey = 0;
388
389 REGISTER_DEFAULT_PUBKEYS;
390
391 ath_mutex_lock (&pubkeys_registered_lock);
392 pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
393 if (pubkey)
394 {
395 npkey = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_pkey);
396 _gcry_module_release (pubkey);
397 }
398 ath_mutex_unlock (&pubkeys_registered_lock);
399
400 return npkey;
401}
402
403/****************
404 * Return the number of secret key material numbers
405 */
406static int
407pubkey_get_nskey (int algorithm)
408{
409 gcry_module_t pubkey;
410 int nskey = 0;
411
412 REGISTER_DEFAULT_PUBKEYS;
413
414 ath_mutex_lock (&pubkeys_registered_lock);
415 pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
416 if (pubkey)
417 {
418 nskey = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_skey);
419 _gcry_module_release (pubkey);
420 }
421 ath_mutex_unlock (&pubkeys_registered_lock);
422
423 return nskey;
424}
425
426/****************
427 * Return the number of signature material numbers
428 */
429static int
430pubkey_get_nsig (int algorithm)
431{
432 gcry_module_t pubkey;
433 int nsig = 0;
434
435 REGISTER_DEFAULT_PUBKEYS;
436
437 ath_mutex_lock (&pubkeys_registered_lock);
438 pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
439 if (pubkey)
440 {
441 nsig = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_sig);
442 _gcry_module_release (pubkey);
443 }
444 ath_mutex_unlock (&pubkeys_registered_lock);
445
446 return nsig;
447}
448
449/****************
450 * Return the number of encryption material numbers
451 */
452static int
453pubkey_get_nenc (int algorithm)
454{
455 gcry_module_t pubkey;
456 int nenc = 0;
457
458 REGISTER_DEFAULT_PUBKEYS;
459
460 ath_mutex_lock (&pubkeys_registered_lock);
461 pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
462 if (pubkey)
463 {
464 nenc = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_enc);
465 _gcry_module_release (pubkey);
466 }
467 ath_mutex_unlock (&pubkeys_registered_lock);
468
469 return nenc;
470}
471
472
473static gcry_err_code_t
474pubkey_generate (int algorithm, unsigned int nbits, unsigned long use_e,
475 gcry_mpi_t *skey, gcry_mpi_t **retfactors)
476{
477 gcry_err_code_t err = GPG_ERR_PUBKEY_ALGO;
478 gcry_module_t pubkey;
479
480 REGISTER_DEFAULT_PUBKEYS;
481
482 ath_mutex_lock (&pubkeys_registered_lock);
483 pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
484 if (pubkey)
485 {
486 err = ((gcry_pk_spec_t *) pubkey->spec)->generate
487 (algorithm, nbits, use_e, skey, retfactors);
488 _gcry_module_release (pubkey);
489 }
490 ath_mutex_unlock (&pubkeys_registered_lock);
491
492 return err;
493}
494
495static gcry_err_code_t
496pubkey_check_secret_key (int algorithm, gcry_mpi_t *skey)
497{
498 gcry_err_code_t err = GPG_ERR_PUBKEY_ALGO;
499 gcry_module_t pubkey;
500
501 REGISTER_DEFAULT_PUBKEYS;
502
503 ath_mutex_lock (&pubkeys_registered_lock);
504 pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
505 if (pubkey)
506 {
507 err = ((gcry_pk_spec_t *) pubkey->spec)->check_secret_key
508 (algorithm, skey);
509 _gcry_module_release (pubkey);
510 }
511 ath_mutex_unlock (&pubkeys_registered_lock);
512
513 return err;
514}
515
516
517/****************
518 * This is the interface to the public key encryption. Encrypt DATA
519 * with PKEY and put it into RESARR which should be an array of MPIs
520 * of size PUBKEY_MAX_NENC (or less if the algorithm allows this -
521 * check with pubkey_get_nenc() )
522 */
523static gcry_err_code_t
524pubkey_encrypt (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
525 gcry_mpi_t *pkey, int flags)
526{
527 gcry_pk_spec_t *pubkey;
528 gcry_module_t module;
529 gcry_err_code_t rc;
530 int i;
531
532 if (DBG_CIPHER)
533 {
534 log_debug ("pubkey_encrypt: algo=%d\n", algorithm);
535 for(i = 0; i < pubkey_get_npkey (algorithm); i++)
536 log_mpidump (" pkey:", pkey[i]);
537 log_mpidump (" data:", data);
538 }
539
540 ath_mutex_lock (&pubkeys_registered_lock);
541 module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
542 if (module)
543 {
544 pubkey = (gcry_pk_spec_t *) module->spec;
545 rc = pubkey->encrypt (algorithm, resarr, data, pkey, flags);
546 _gcry_module_release (module);
547 goto ready;
548 }
549 rc = GPG_ERR_PUBKEY_ALGO;
550
551 ready:
552 ath_mutex_unlock (&pubkeys_registered_lock);
553
554 if (!rc && DBG_CIPHER)
555 {
556 for(i = 0; i < pubkey_get_nenc (algorithm); i++)
557 log_mpidump(" encr:", resarr[i] );
558 }
559 return rc;
560}
561
562
563/****************
564 * This is the interface to the public key decryption.
565 * ALGO gives the algorithm to use and this implicitly determines
566 * the size of the arrays.
567 * result is a pointer to a mpi variable which will receive a
568 * newly allocated mpi or NULL in case of an error.
569 */
570static gcry_err_code_t
571pubkey_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data,
572 gcry_mpi_t *skey, int flags)
573{
574 gcry_pk_spec_t *pubkey;
575 gcry_module_t module;
576 gcry_err_code_t rc;
577 int i;
578
579 *result = NULL; /* so the caller can always do a mpi_free */
580 if (DBG_CIPHER)
581 {
582 log_debug ("pubkey_decrypt: algo=%d\n", algorithm);
583 for(i = 0; i < pubkey_get_nskey (algorithm); i++)
584 log_mpidump (" skey:", skey[i]);
585 for(i = 0; i < pubkey_get_nenc (algorithm); i++)
586 log_mpidump (" data:", data[i]);
587 }
588
589 ath_mutex_lock (&pubkeys_registered_lock);
590 module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
591 if (module)
592 {
593 pubkey = (gcry_pk_spec_t *) module->spec;
594 rc = pubkey->decrypt (algorithm, result, data, skey, flags);
595 _gcry_module_release (module);
596 goto ready;
597 }
598
599 rc = GPG_ERR_PUBKEY_ALGO;
600
601 ready:
602 ath_mutex_unlock (&pubkeys_registered_lock);
603
604 if (! rc && DBG_CIPHER)
605 log_mpidump (" plain:", *result);
606
607 return rc;
608}
609
610
611/****************
612 * This is the interface to the public key signing.
613 * Sign data with skey and put the result into resarr which
614 * should be an array of MPIs of size PUBKEY_MAX_NSIG (or less if the
615 * algorithm allows this - check with pubkey_get_nsig() )
616 */
617static gcry_err_code_t
618pubkey_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
619 gcry_mpi_t *skey)
620{
621 gcry_pk_spec_t *pubkey;
622 gcry_module_t module;
623 gcry_err_code_t rc;
624 int i;
625
626 if (DBG_CIPHER)
627 {
628 log_debug ("pubkey_sign: algo=%d\n", algorithm);
629 for(i = 0; i < pubkey_get_nskey (algorithm); i++)
630 log_mpidump (" skey:", skey[i]);
631 log_mpidump(" data:", data );
632 }
633
634 ath_mutex_lock (&pubkeys_registered_lock);
635 module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
636 if (module)
637 {
638 pubkey = (gcry_pk_spec_t *) module->spec;
639 rc = pubkey->sign (algorithm, resarr, data, skey);
640 _gcry_module_release (module);
641 goto ready;
642 }
643
644 rc = GPG_ERR_PUBKEY_ALGO;
645
646 ready:
647 ath_mutex_unlock (&pubkeys_registered_lock);
648
649 if (! rc && DBG_CIPHER)
650 for (i = 0; i < pubkey_get_nsig (algorithm); i++)
651 log_mpidump (" sig:", resarr[i]);
652
653 return rc;
654}
655
656/****************
657 * Verify a public key signature.
658 * Return 0 if the signature is good
659 */
660static gcry_err_code_t
661pubkey_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data,
662 gcry_mpi_t *pkey,
663 int (*cmp)(void *, gcry_mpi_t), void *opaquev)
664{
665 gcry_pk_spec_t *pubkey;
666 gcry_module_t module;
667 gcry_err_code_t rc;
668 int i;
669
670 if (DBG_CIPHER)
671 {
672 log_debug ("pubkey_verify: algo=%d\n", algorithm);
673 for (i = 0; i < pubkey_get_npkey (algorithm); i++)
674 log_mpidump (" pkey:", pkey[i]);
675 for (i = 0; i < pubkey_get_nsig (algorithm); i++)
676 log_mpidump (" sig:", data[i]);
677 log_mpidump (" hash:", hash);
678 }
679
680 ath_mutex_lock (&pubkeys_registered_lock);
681 module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
682 if (module)
683 {
684 pubkey = (gcry_pk_spec_t *) module->spec;
685 rc = pubkey->verify (algorithm, hash, data, pkey, cmp, opaquev);
686 _gcry_module_release (module);
687 goto ready;
688 }
689
690 rc = GPG_ERR_PUBKEY_ALGO;
691
692 ready:
693 ath_mutex_unlock (&pubkeys_registered_lock);
694 return rc;
695}
696
697
698/* Internal function. */
699static gcry_err_code_t
700sexp_elements_extract (gcry_sexp_t key_sexp, const char *element_names,
701 gcry_mpi_t *elements)
702{
703 gcry_err_code_t err = GPG_ERR_NO_ERROR;
704 int i, idx;
705 const char *name;
706 gcry_sexp_t list;
707
708 for (name = element_names, idx = 0; *name && !err; name++, idx++)
709 {
710 list = gcry_sexp_find_token (key_sexp, name, 1);
711 if (! list)
712 err = GPG_ERR_NO_OBJ;
713 else
714 {
715 elements[idx] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
716 gcry_sexp_release (list);
717 if (! elements[idx])
718 err = GPG_ERR_INV_OBJ;
719 }
720 }
721
722 if (err)
723 {
724 for (i = 0; i < idx; i++)
725 if (elements[i])
726 gcry_free (elements[i]);
727 }
728 return err;
729}
730
731/****************
732 * Convert a S-Exp with either a private or a public key to our
733 * internal format. Currently we do only support the following
734 * algorithms:
735 * dsa
736 * rsa
737 * openpgp-dsa
738 * openpgp-rsa
739 * openpgp-elg
740 * openpgp-elg-sig
741 * Provide a SE with the first element be either "private-key" or
742 * or "public-key". It is followed by a list with its first element
743 * be one of the above algorithm identifiers and the remaning
744 * elements are pairs with parameter-id and value.
745 * NOTE: we look through the list to find a list beginning with
746 * "private-key" or "public-key" - the first one found is used.
747 *
748 * FIXME: Allow for encrypted secret keys here.
749 *
750 * Returns: A pointer to an allocated array of MPIs if the return value is
751 * zero; the caller has to release this array.
752 *
753 * Example of a DSA public key:
754 * (private-key
755 * (dsa
756 * (p <mpi>)
757 * (g <mpi>)
758 * (y <mpi>)
759 * (x <mpi>)
760 * )
761 * )
762 * The <mpi> are expected to be in GCRYMPI_FMT_USG
763 */
764static gcry_err_code_t
765sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray,
766 gcry_module_t *retalgo)
767{
768 gcry_sexp_t list, l2;
769 const char *name;
770 size_t n;
771 const char *elems;
772 gcry_mpi_t *array;
773 gcry_err_code_t err = GPG_ERR_NO_ERROR;
774 gcry_module_t module;
775 gcry_pk_spec_t *pubkey;
776
777 /* check that the first element is valid */
778 list = gcry_sexp_find_token( sexp, want_private? "private-key"
779 :"public-key", 0 );
780 if( !list )
781 return GPG_ERR_INV_OBJ; /* Does not contain a public-
782 or private-key object */
783 l2 = gcry_sexp_cadr( list );
784 gcry_sexp_release ( list );
785 list = l2;
786 name = gcry_sexp_nth_data( list, 0, &n );
787 if( !name ) {
788 gcry_sexp_release ( list );
789 return GPG_ERR_INV_OBJ; /* invalid structure of object */
790 }
791
792 {
793 char *name_terminated = gcry_xmalloc (n + 1);
794 memcpy (name_terminated, name, n);
795 name_terminated[n] = 0;
796
797 ath_mutex_lock (&pubkeys_registered_lock);
798 module = gcry_pk_lookup_name (name_terminated);
799 ath_mutex_unlock (&pubkeys_registered_lock);
800
801 gcry_free (name_terminated);
802 }
803
804 if (! module)
805 {
806 gcry_sexp_release (list);
807 return GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */
808 }
809 else
810 pubkey = (gcry_pk_spec_t *) module->spec;
811
812 elems = want_private ? pubkey->elements_skey : pubkey->elements_pkey;
813 array = gcry_calloc (strlen (elems) + 1, sizeof (*array));
814 if (! array)
815 err = gpg_err_code_from_errno (errno);
816 if (! err)
817 err = sexp_elements_extract (list, elems, array);
818
819 if (list)
820 gcry_sexp_release (list);
821
822 if (err)
823 {
824 if (array)
825 gcry_free (array);
826
827 ath_mutex_lock (&pubkeys_registered_lock);
828 _gcry_module_release (module);
829 ath_mutex_unlock (&pubkeys_registered_lock);
830 }
831 else
832 {
833 *retarray = array;
834 *retalgo = module;
835 }
836
837 return err;
838}
839
840static gcry_err_code_t
841sexp_to_sig (gcry_sexp_t sexp, gcry_mpi_t **retarray,
842 gcry_module_t *retalgo)
843{
844 gcry_sexp_t list, l2;
845 const char *name;
846 size_t n;
847 const char *elems;
848 gcry_mpi_t *array;
849 gcry_err_code_t err = GPG_ERR_NO_ERROR;
850 gcry_module_t module;
851 gcry_pk_spec_t *pubkey;
852
853 /* check that the first element is valid */
854 list = gcry_sexp_find_token( sexp, "sig-val" , 0 );
855 if( !list )
856 return GPG_ERR_INV_OBJ; /* Does not contain a signature value object */
857 l2 = gcry_sexp_nth (list, 1);
858 if(! l2)
859 {
860 gcry_sexp_release (list);
861 return GPG_ERR_NO_OBJ; /* no cadr for the sig object */
862 }
863 name = gcry_sexp_nth_data( l2, 0, &n );
864 if( !name ) {
865 gcry_sexp_release ( list );
866 gcry_sexp_release ( l2 );
867 return GPG_ERR_INV_OBJ; /* invalid structure of object */
868 }
869 else if (n == 5 && (! memcmp (name, "flags", 5))) {
870 /* Skip flags, since they are not used but just here for the
871 sake of consistent S-expressions. */
872 gcry_sexp_release (l2);
873 l2 = gcry_sexp_nth (list, 2);
874 if (! l2)
875 {
876 gcry_sexp_release (list);
877 return GPG_ERR_INV_OBJ;
878 }
879 name = gcry_sexp_nth_data (l2, 0, &n);
880 }
881
882 {
883 char *name_terminated = gcry_xmalloc (n + 1);
884 memcpy (name_terminated, name, n);
885 name_terminated[n] = 0;
886
887 ath_mutex_lock (&pubkeys_registered_lock);
888 module = gcry_pk_lookup_name (name_terminated);
889 ath_mutex_unlock (&pubkeys_registered_lock);
890
891 gcry_free (name_terminated);
892 }
893
894 if (! module)
895 {
896 gcry_sexp_release (l2);
897 gcry_sexp_release (list);
898 return GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */
899 }
900 else
901 pubkey = (gcry_pk_spec_t *) module->spec;
902
903 elems = pubkey->elements_sig;
904 array = gcry_calloc (strlen (elems) + 1 , sizeof (*array));
905 if (! array)
906 err = gpg_err_code_from_errno (errno);
907
908 if (! err)
909 err = sexp_elements_extract (list, elems, array);
910
911 gcry_sexp_release (l2);
912 gcry_sexp_release (list);
913
914 if (err)
915 {
916 ath_mutex_lock (&pubkeys_registered_lock);
917 _gcry_module_release (module);
918 ath_mutex_unlock (&pubkeys_registered_lock);
919
920 if (array)
921 gcry_free (array);
922 }
923 else
924 {
925 *retarray = array;
926 *retalgo = module;
927 }
928
929 return err;
930}
931
932
933/****************
934 * Take sexp and return an array of MPI as used for our internal decrypt
935 * function.
936 * s_data = (enc-val
937 * [(flags [pkcs1])
938 * (<algo>
939 * (<param_name1> <mpi>)
940 * ...
941 * (<param_namen> <mpi>)
942 * ))
943 * RET_MODERN is set to true when at least an empty flags list has been found.
944 */
945static gcry_err_code_t
946sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo,
947 int *ret_modern, int *ret_want_pkcs1, int *flags)
948{
949 gcry_sexp_t list = NULL, l2 = NULL;
950 gcry_pk_spec_t *pubkey = NULL;
951 gcry_module_t module = NULL;
952 const char *name;
953 size_t n;
954 int parsed_flags = 0;
955 const char *elems;
956 gcry_mpi_t *array = NULL;
957 gcry_err_code_t err = GPG_ERR_NO_ERROR;
958
959 *ret_want_pkcs1 = 0;
960 *ret_modern = 0;
961
962 /* check that the first element is valid */
963 list = gcry_sexp_find_token (sexp, "enc-val" , 0);
964 if (! list)
965 {
966 err = GPG_ERR_INV_OBJ; /* Does not contain an encrypted value object */
967 goto leave;
968 }
969
970 l2 = gcry_sexp_nth (list, 1);
971 if (! l2)
972 {
973 err = GPG_ERR_NO_OBJ; /* no cdr for the data object */
974 goto leave;
975 }
976
977 /* Extract identifier of sublist. */
978 name = gcry_sexp_nth_data (l2, 0, &n);
979 if (! name)
980 {
981 err = GPG_ERR_INV_OBJ; /* invalid structure of object */
982 goto leave;
983 }
984
985 if ((n == 5) && (! memcmp (name, "flags", 5)))
986 {
987 /* There is a flags element - process it */
988 const char *s;
989 int i;
990
991 *ret_modern = 1;
992 for (i = gcry_sexp_length (l2) - 1; i > 0; i--)
993 {
994 s = gcry_sexp_nth_data (l2, i, &n);
995 if (! s)
996 ; /* not a data element - ignore */
997 else if (n == 3 && ! memcmp (s, "raw", 3))
998 ; /* just a dummy because it is the default */
999 else if (n == 5 && ! memcmp (s, "pkcs1", 5))
1000 *ret_want_pkcs1 = 1;
1001 else if (n == 11 && ! memcmp (s, "no-blinding", 11))
1002 parsed_flags |= PUBKEY_FLAG_NO_BLINDING;
1003 else
1004 {
1005 err = GPG_ERR_INV_FLAG;
1006 goto leave;
1007 }
1008 }
1009
1010 /* Get the next which has the actual data */
1011 gcry_sexp_release (l2);
1012 l2 = gcry_sexp_nth (list, 2);
1013 if (! l2)
1014 {
1015 err = GPG_ERR_NO_OBJ; /* no cdr for the data object */
1016 goto leave;
1017 }
1018
1019 /* Extract sublist identifier. */
1020 name = gcry_sexp_nth_data (l2, 0, &n);
1021 if (! name)
1022 {
1023 err = GPG_ERR_INV_OBJ; /* invalid structure of object */
1024 goto leave;
1025 }
1026
1027 gcry_sexp_release (list);
1028 list = l2;
1029 l2 = NULL;
1030 }
1031
1032 {
1033 char *name_terminated = gcry_xmalloc (n + 1);
1034 memcpy (name_terminated, name, n);
1035 name_terminated[n] = 0;
1036
1037 ath_mutex_lock (&pubkeys_registered_lock);
1038 module = gcry_pk_lookup_name (name_terminated);
1039 ath_mutex_unlock (&pubkeys_registered_lock);
1040
1041 gcry_free (name_terminated);
1042
1043 if (! module)
1044 {
1045 err = GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */
1046 goto leave;
1047 }
1048 pubkey = (gcry_pk_spec_t *) module->spec;
1049 }
1050
1051 elems = pubkey->elements_enc;
1052 array = gcry_calloc (strlen (elems) + 1, sizeof (*array));
1053 if (! array)
1054 {
1055 err = gpg_err_code_from_errno (errno);
1056 goto leave;
1057 }
1058
1059 err = sexp_elements_extract (list, elems, array);
1060
1061 leave:
1062 if (list)
1063 gcry_sexp_release (list);
1064 if (l2)
1065 gcry_sexp_release (l2);
1066
1067 if (err)
1068 {
1069 ath_mutex_lock (&pubkeys_registered_lock);
1070 _gcry_module_release (module);
1071 ath_mutex_unlock (&pubkeys_registered_lock);
1072 if (array)
1073 gcry_free (array);
1074 }
1075 else
1076 {
1077 *retarray = array;
1078 *retalgo = module;
1079 *flags = parsed_flags;
1080 }
1081
1082 return err;
1083}
1084
1085/* Take the hash value and convert into an MPI, suitable for for
1086 passing to the low level functions. We currently support the
1087 old style way of passing just a MPI and the modern interface which
1088 allows to pass flags so that we can choose between raw and pkcs1
1089 padding - may be more padding options later.
1090
1091 (<mpi>)
1092 or
1093 (data
1094 [(flags [pkcs1])]
1095 [(hash <algo> <value>)]
1096 [(value <text>)]
1097 )
1098
1099 Either the VALUE or the HASH element must be present for use
1100 with signatures. VALUE is used for encryption.
1101
1102 NBITS is the length of the key in bits.
1103
1104*/
1105static gcry_err_code_t
1106sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi,
1107 int for_encryption, int *flags)
1108{
1109 gcry_err_code_t rc = 0;
1110 gcry_sexp_t ldata, lhash, lvalue;
1111 int i;
1112 size_t n;
1113 const char *s;
1114 int is_raw = 0, is_pkcs1 = 0, unknown_flag=0;
1115 int parsed_flags = 0, dummy_flags;
1116
1117 if (! flags)
1118 flags = &dummy_flags;
1119
1120 *ret_mpi = NULL;
1121 ldata = gcry_sexp_find_token (input, "data", 0);
1122 if (!ldata)
1123 { /* assume old style */
1124 *ret_mpi = gcry_sexp_nth_mpi (input, 0, 0);
1125 return *ret_mpi ? GPG_ERR_NO_ERROR : GPG_ERR_INV_OBJ;
1126 }
1127
1128 /* see whether there is a flags object */
1129 {
1130 gcry_sexp_t lflags = gcry_sexp_find_token (ldata, "flags", 0);
1131 if (lflags)
1132 { /* parse the flags list. */
1133 for (i=gcry_sexp_length (lflags)-1; i > 0; i--)
1134 {
1135 s = gcry_sexp_nth_data (lflags, i, &n);
1136 if (!s)
1137 ; /* not a data element*/
1138 else if ( n == 3 && !memcmp (s, "raw", 3))
1139 is_raw = 1;
1140 else if ( n == 5 && !memcmp (s, "pkcs1", 5))
1141 is_pkcs1 = 1;
1142 else if (n == 11 && ! memcmp (s, "no-blinding", 11))
1143 parsed_flags |= PUBKEY_FLAG_NO_BLINDING;
1144 else
1145 unknown_flag = 1;
1146 }
1147 gcry_sexp_release (lflags);
1148 }
1149 }
1150
1151 if (!is_pkcs1 && !is_raw)
1152 is_raw = 1; /* default to raw */
1153
1154 /* Get HASH or MPI */
1155 lhash = gcry_sexp_find_token (ldata, "hash", 0);
1156 lvalue = lhash? NULL : gcry_sexp_find_token (ldata, "value", 0);
1157
1158 if (!(!lhash ^ !lvalue))
1159 rc = GPG_ERR_INV_OBJ; /* none or both given */
1160 else if (unknown_flag)
1161 rc = GPG_ERR_INV_FLAG;
1162 else if (is_raw && is_pkcs1 && !for_encryption)
1163 rc = GPG_ERR_CONFLICT;
1164 else if (is_raw && lvalue)
1165 {
1166 *ret_mpi = gcry_sexp_nth_mpi (lvalue, 1, 0);
1167 if (!*ret_mpi)
1168 rc = GPG_ERR_INV_OBJ;
1169 }
1170 else if (is_pkcs1 && lvalue && for_encryption)
1171 { /* Create pkcs#1 block type 2 padding. */
1172 unsigned char *frame = NULL;
1173 size_t nframe = (nbits+7) / 8;
1174 const void * value;
1175 size_t valuelen;
1176 unsigned char *p;
1177
1178 if ( !(value=gcry_sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
1179 rc = GPG_ERR_INV_OBJ;
1180 else if (valuelen + 7 > nframe || !nframe)
1181 {
1182 /* Can't encode a VALUELEN value in a NFRAME bytes frame. */
1183 rc = GPG_ERR_TOO_SHORT; /* the key is too short */
1184 }
1185 else if ( !(frame = gcry_malloc_secure (nframe)))
1186 rc = gpg_err_code_from_errno (errno);
1187 else
1188 {
1189 n = 0;
1190 frame[n++] = 0;
1191 frame[n++] = 2; /* block type */
1192 i = nframe - 3 - valuelen;
1193 assert (i > 0);
1194 p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);
1195 /* Replace zero bytes by new values. */
1196 for (;;)
1197 {
1198 int j, k;
1199 unsigned char *pp;
1200
1201 /* Count the zero bytes. */
1202 for (j=k=0; j < i; j++)
1203 {
1204 if (!p[j])
1205 k++;
1206 }
1207 if (!k)
1208 break; /* Okay: no (more) zero bytes. */
1209
1210 k += k/128 + 3; /* Better get some more. */
1211 pp = gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM);
1212 for (j=0; j < i && k;)
1213 {
1214 if (!p[j])
1215 p[j] = pp[--k];
1216 if (p[j])
1217 j++;
1218 }
1219 gcry_free (pp);
1220 }
1221 memcpy (frame+n, p, i);
1222 n += i;
1223 gcry_free (p);
1224
1225 frame[n++] = 0;
1226 memcpy (frame+n, value, valuelen);
1227 n += valuelen;
1228 assert (n == nframe);
1229
1230 /* FIXME, error checking? */
1231 gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, frame, n, &nframe);
1232 }
1233
1234 gcry_free(frame);
1235 }
1236 else if (is_pkcs1 && lhash && !for_encryption)
1237 { /* Create pkcs#1 block type 1 padding. */
1238 if (gcry_sexp_length (lhash) != 3)
1239 rc = GPG_ERR_INV_OBJ;
1240 else if ( !(s=gcry_sexp_nth_data (lhash, 1, &n)) || !n )
1241 rc = GPG_ERR_INV_OBJ;
1242 else
1243 {
1244 static struct { const char *name; int algo; } hashnames[] =
1245 { { "sha1", GCRY_MD_SHA1 },
1246 { "md5", GCRY_MD_MD5 },
1247 { "rmd160", GCRY_MD_RMD160 },
1248 { "sha256", GCRY_MD_SHA256 },
1249 { "sha384", GCRY_MD_SHA384 },
1250 { "sha512", GCRY_MD_SHA512 },
1251 { "md2", GCRY_MD_MD2 },
1252 { "md4", GCRY_MD_MD4 },
1253 { "tiger", GCRY_MD_TIGER },
1254 { "haval", GCRY_MD_HAVAL },
1255 { NULL }
1256 };
1257 int algo;
1258 byte asn[100];
1259 byte *frame = NULL;
1260 size_t nframe = (nbits+7) / 8;
1261 const void * value;
1262 size_t valuelen;
1263 size_t asnlen, dlen;
1264
1265 for (i=0; hashnames[i].name; i++)
1266 {
1267 if ( strlen (hashnames[i].name) == n
1268 && !memcmp (hashnames[i].name, s, n))
1269 break;
1270 }
1271
1272 algo = hashnames[i].algo;
1273 asnlen = DIM(asn);
1274 dlen = gcry_md_get_algo_dlen (algo);
1275
1276 if (!hashnames[i].name)
1277 rc = GPG_ERR_DIGEST_ALGO;
1278 else if ( !(value=gcry_sexp_nth_data (lhash, 2, &valuelen))
1279 || !valuelen )
1280 rc = GPG_ERR_INV_OBJ;
1281 else if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
1282 {
1283 /* We don't have yet all of the above algorithms. */
1284 rc = GPG_ERR_NOT_IMPLEMENTED;
1285 }
1286 else if ( valuelen != dlen )
1287 {
1288 /* Hash value does not match the length of digest for
1289 the given algorithm. */
1290 rc = GPG_ERR_CONFLICT;
1291 }
1292 else if( !dlen || dlen + asnlen + 4 > nframe)
1293 {
1294 /* Can't encode an DLEN byte digest MD into a NFRAME
1295 byte frame. */
1296 rc = GPG_ERR_TOO_SHORT;
1297 }
1298 else if ( !(frame = gcry_malloc (nframe)) )
1299 rc = gpg_err_code_from_errno (errno);
1300 else
1301 { /* Assemble the pkcs#1 block type 1. */
1302 n = 0;
1303 frame[n++] = 0;
1304 frame[n++] = 1; /* block type */
1305 i = nframe - valuelen - asnlen - 3 ;
1306 assert (i > 1);
1307 memset (frame+n, 0xff, i );
1308 n += i;
1309 frame[n++] = 0;
1310 memcpy (frame+n, asn, asnlen);
1311 n += asnlen;
1312 memcpy (frame+n, value, valuelen );
1313 n += valuelen;
1314 assert (n == nframe);
1315
1316 /* convert it into an MPI, FIXME: error checking? */
1317 gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, frame, n, &nframe);
1318 }
1319
1320 gcry_free (frame);
1321 }
1322 }
1323 else
1324 rc = GPG_ERR_CONFLICT;
1325
1326 gcry_sexp_release (ldata);
1327 gcry_sexp_release (lhash);
1328 gcry_sexp_release (lvalue);
1329
1330 if (!rc)
1331 *flags = parsed_flags;
1332
1333 return rc;
1334}
1335
1336
1337/*
1338 Do a PK encrypt operation
1339
1340 Caller has to provide a public key as the SEXP pkey and data as a
1341 SEXP with just one MPI in it. Alternativly S_DATA might be a
1342 complex S-Expression, similar to the one used for signature
1343 verification. This provides a flag which allows to handle PKCS#1
1344 block type 2 padding. The function returns a a sexp which may be
1345 passed to to pk_decrypt.
1346
1347 Returns: 0 or an errorcode.
1348
1349 s_data = See comment for sexp_data_to_mpi
1350 s_pkey = <key-as-defined-in-sexp_to_key>
1351 r_ciph = (enc-val
1352 (<algo>
1353 (<param_name1> <mpi>)
1354 ...
1355 (<param_namen> <mpi>)
1356 ))
1357
1358*/
1359gcry_error_t
1360gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey)
1361{
1362 gcry_mpi_t *pkey = NULL, data = NULL, *ciph = NULL;
1363 const char *algo_name, *algo_elems;
1364 int flags;
1365 gcry_err_code_t rc;
1366 gcry_pk_spec_t *pubkey = NULL;
1367 gcry_module_t module = NULL;
1368
1369 REGISTER_DEFAULT_PUBKEYS;
1370
1371 *r_ciph = NULL;
1372 /* get the key */
1373 rc = sexp_to_key (s_pkey, 0, &pkey, &module);
1374 if (rc)
1375 goto leave;
1376
1377 assert (module);
1378 pubkey = (gcry_pk_spec_t *) module->spec;
1379
1380 /* If aliases for the algorithm name exists, take the first one
1381 instead of the regular name to adhere to SPKI conventions. We
1382 assume that the first alias name is the lowercase version of the
1383 regular one. This change is required for compatibility with
1384 1.1.12 generated S-expressions. */
1385 algo_name = pubkey->aliases? *pubkey->aliases : NULL;
1386 if (!algo_name || !*algo_name)
1387 algo_name = pubkey->name;
1388
1389 algo_elems = pubkey->elements_enc;
1390
1391 /* Get the stuff we want to encrypt. */
1392 rc = sexp_data_to_mpi (s_data, gcry_pk_get_nbits (s_pkey), &data, 1,
1393 &flags);
1394 if (rc)
1395 goto leave;
1396
1397 /* Now we can encrypt DATA to CIPH. */
1398 ciph = gcry_xcalloc (strlen (algo_elems) + 1, sizeof (*ciph));
1399 rc = pubkey_encrypt (module->mod_id, ciph, data, pkey, flags);
1400 mpi_free (data);
1401 data = NULL;
1402 if (rc)
1403 goto leave;
1404
1405 /* We did it. Now build the return list */
1406 {
1407 char *string, *p;
1408 int i;
1409 size_t nelem = strlen (algo_elems);
1410 size_t needed = 19 + strlen (algo_name) + (nelem * 5);
1411 void **arg_list;
1412
1413 /* Build the string. */
1414 string = p = gcry_xmalloc (needed);
1415 p = stpcpy ( p, "(enc-val(" );
1416 p = stpcpy ( p, algo_name );
1417 for (i=0; algo_elems[i]; i++ )
1418 {
1419 *p++ = '(';
1420 *p++ = algo_elems[i];
1421 p = stpcpy ( p, "%m)" );
1422 }
1423 strcpy ( p, "))" );
1424
1425 /* And now the ugly part: We don't have a function to pass an
1426 * array to a format string, so we have to do it this way :-(. */
1427 /* FIXME: There is now such a format spefier, so we can could
1428 change the code to be more clear. */
1429 arg_list = malloc (nelem * sizeof *arg_list);
1430 if (!arg_list)
1431 {
1432 rc = gpg_err_code_from_errno (errno);
1433 goto leave;
1434 }
1435
1436 for (i = 0; i < nelem; i++)
1437 arg_list[i] = ciph + i;
1438
1439 rc = gcry_sexp_build_array (r_ciph, NULL, string, arg_list);
1440 free (arg_list);
1441 if (rc)
1442 BUG ();
1443 gcry_free (string);
1444 }
1445
1446 leave:
1447 if (pkey)
1448 {
1449 release_mpi_array (pkey);
1450 gcry_free (pkey);
1451 }
1452
1453 if (ciph)
1454 {
1455 release_mpi_array (ciph);
1456 gcry_free (ciph);
1457 }
1458
1459 if (module)
1460 {
1461 ath_mutex_lock (&pubkeys_registered_lock);
1462 _gcry_module_release (module);
1463 ath_mutex_unlock (&pubkeys_registered_lock);
1464 }
1465
1466 return gcry_error (rc);
1467}
1468
1469/*
1470 Do a PK decrypt operation
1471
1472 Caller has to provide a secret key as the SEXP skey and data in a
1473 format as created by gcry_pk_encrypt. For historic reasons the
1474 function returns simply an MPI as an S-expression part; this is
1475 deprecated and the new method should be used which returns a real
1476 S-expressionl this is selected by adding at least an empty flags
1477 list to S_DATA.
1478
1479 Returns: 0 or an errorcode.
1480
1481 s_data = (enc-val
1482 [(flags)]
1483 (<algo>
1484 (<param_name1> <mpi>)
1485 ...
1486 (<param_namen> <mpi>)
1487 ))
1488 s_skey = <key-as-defined-in-sexp_to_key>
1489 r_plain= Either an incomplete S-expression without the parentheses
1490 or if the flags list is used (even if empty) a real S-expression:
1491 (value PLAIN).
1492 */
1493gcry_error_t
1494gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey)
1495{
1496 gcry_mpi_t *skey = NULL, *data = NULL, plain = NULL;
1497 int modern, want_pkcs1, flags;
1498 gcry_err_code_t rc;
1499 gcry_module_t module_enc = NULL, module_key = NULL;
1500 gcry_pk_spec_t *pubkey = NULL;
1501
1502 REGISTER_DEFAULT_PUBKEYS;
1503
1504 *r_plain = NULL;
1505 rc = sexp_to_key (s_skey, 1, &skey, &module_key);
1506 if (rc)
1507 goto leave;
1508
1509 rc = sexp_to_enc (s_data, &data, &module_enc, &modern, &want_pkcs1, &flags);
1510 if (rc)
1511 goto leave;
1512
1513 if (module_key->mod_id != module_enc->mod_id)
1514 {
1515 rc = GPG_ERR_CONFLICT; /* Key algo does not match data algo. */
1516 goto leave;
1517 }
1518
1519 pubkey = (gcry_pk_spec_t *) module_key->spec;
1520
1521 rc = pubkey_decrypt (module_key->mod_id, &plain, data, skey, flags);
1522 if (rc)
1523 goto leave;
1524
1525 if (gcry_sexp_build (r_plain, NULL, modern? "(value %m)" : "%m", plain))
1526 BUG ();
1527
1528 leave:
1529 if (skey)
1530 {
1531 release_mpi_array (skey);
1532 gcry_free (skey);
1533 }
1534
1535 if (plain)
1536 mpi_free (plain);
1537
1538 if (data)
1539 {
1540 release_mpi_array (data);
1541 gcry_free (data);
1542 }
1543
1544 if (module_key || module_enc)
1545 {
1546 ath_mutex_lock (&pubkeys_registered_lock);
1547 if (module_key)
1548 _gcry_module_release (module_key);
1549 if (module_enc)
1550 _gcry_module_release (module_enc);
1551 ath_mutex_unlock (&pubkeys_registered_lock);
1552 }
1553
1554 return gcry_error (rc);
1555}
1556
1557
1558
1559/*
1560 Create a signature.
1561
1562 Caller has to provide a secret key as the SEXP skey and data
1563 expressed as a SEXP list hash with only one element which should
1564 instantly be available as a MPI. Alternatively the structure given
1565 below may be used for S_HASH, it provides the abiliy to pass flags
1566 to the operation; the only flag defined by now is "pkcs1" which
1567 does PKCS#1 block type 1 style padding.
1568
1569 Returns: 0 or an errorcode.
1570 In case of 0 the function returns a new SEXP with the
1571 signature value; the structure of this signature depends on the
1572 other arguments but is always suitable to be passed to
1573 gcry_pk_verify
1574
1575 s_hash = See comment for sexp_data_to_mpi
1576
1577 s_skey = <key-as-defined-in-sexp_to_key>
1578 r_sig = (sig-val
1579 (<algo>
1580 (<param_name1> <mpi>)
1581 ...
1582 (<param_namen> <mpi>)))
1583*/
1584gcry_error_t
1585gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey)
1586{
1587 gcry_mpi_t *skey = NULL, hash = NULL, *result = NULL;
1588 gcry_pk_spec_t *pubkey = NULL;
1589 gcry_module_t module = NULL;
1590 const char *algo_name, *algo_elems;
1591 int i;
1592 gcry_err_code_t rc;
1593
1594 REGISTER_DEFAULT_PUBKEYS;
1595
1596 *r_sig = NULL;
1597 rc = sexp_to_key (s_skey, 1, &skey, &module);
1598 if (rc)
1599 goto leave;
1600
1601 assert (module);
1602 pubkey = (gcry_pk_spec_t *) module->spec;
1603 algo_name = pubkey->aliases? *pubkey->aliases : NULL;
1604 if (!algo_name || !*algo_name)
1605 algo_name = pubkey->name;
1606
1607 algo_elems = pubkey->elements_sig;
1608
1609 /* Get the stuff we want to sign. Note that pk_get_nbits does also
1610 work on a private key. */
1611 rc = sexp_data_to_mpi (s_hash, gcry_pk_get_nbits (s_skey),
1612 &hash, 0, NULL);
1613 if (rc)
1614 goto leave;
1615
1616 result = gcry_xcalloc (strlen (algo_elems) + 1, sizeof (*result));
1617 rc = pubkey_sign (module->mod_id, result, hash, skey);
1618 if (rc)
1619 goto leave;
1620
1621 {
1622 char *string, *p;
1623 size_t nelem, needed = strlen (algo_name) + 20;
1624 void **arg_list;
1625
1626 nelem = strlen (algo_elems);
1627
1628 /* Count elements, so that we can allocate enough space. */
1629 needed += 10 * nelem;
1630
1631 /* Build the string. */
1632 string = p = gcry_xmalloc (needed);
1633 p = stpcpy (p, "(sig-val(");
1634 p = stpcpy (p, algo_name);
1635 for (i = 0; algo_elems[i]; i++)
1636 {
1637 *p++ = '(';
1638 *p++ = algo_elems[i];
1639 p = stpcpy (p, "%m)");
1640 }
1641 strcpy (p, "))");
1642
1643 arg_list = malloc (nelem * sizeof *arg_list);
1644 if (!arg_list)
1645 {
1646 rc = gpg_err_code_from_errno (errno);
1647 goto leave;
1648 }
1649
1650 for (i = 0; i < nelem; i++)
1651 arg_list[i] = result + i;
1652
1653 rc = gcry_sexp_build_array (r_sig, NULL, string, arg_list);
1654 free (arg_list);
1655 if (rc)
1656 BUG ();
1657 gcry_free (string);
1658 }
1659
1660 leave:
1661 if (skey)
1662 {
1663 release_mpi_array (skey);
1664 gcry_free (skey);
1665 }
1666
1667 if (hash)
1668 mpi_free (hash);
1669
1670 if (result)
1671 {
1672 release_mpi_array (result);
1673 gcry_free (result);
1674 }
1675
1676 return gcry_error (rc);
1677}
1678
1679
1680/*
1681 Verify a signature.
1682
1683 Caller has to supply the public key pkey, the signature sig and his
1684 hashvalue data. Public key has to be a standard public key given
1685 as an S-Exp, sig is a S-Exp as returned from gcry_pk_sign and data
1686 must be an S-Exp like the one in sign too. */
1687gcry_error_t
1688gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey)
1689{
1690 gcry_module_t module_key = NULL, module_sig = NULL;
1691 gcry_mpi_t *pkey = NULL, hash = NULL, *sig = NULL;
1692 gcry_err_code_t rc;
1693
1694 REGISTER_DEFAULT_PUBKEYS;
1695
1696 rc = sexp_to_key (s_pkey, 0, &pkey, &module_key);
1697 if (rc)
1698 goto leave;
1699
1700 rc = sexp_to_sig (s_sig, &sig, &module_sig);
1701 if (rc)
1702 goto leave;
1703
1704 if (module_key->mod_id != module_sig->mod_id)
1705 {
1706 rc = GPG_ERR_CONFLICT;
1707 goto leave;
1708 }
1709
1710 rc = sexp_data_to_mpi (s_hash, gcry_pk_get_nbits (s_pkey), &hash, 0, 0);
1711 if (rc)
1712 goto leave;
1713
1714 rc = pubkey_verify (module_key->mod_id, hash, sig, pkey, NULL, NULL);
1715
1716 leave:
1717 if (pkey)
1718 {
1719 release_mpi_array (pkey);
1720 gcry_free (pkey);
1721 }
1722 if (sig)
1723 {
1724 release_mpi_array (sig);
1725 gcry_free (sig);
1726 }
1727 if (hash)
1728 mpi_free (hash);
1729
1730 if (module_key || module_sig)
1731 {
1732 ath_mutex_lock (&pubkeys_registered_lock);
1733 if (module_key)
1734 _gcry_module_release (module_key);
1735 if (module_sig)
1736 _gcry_module_release (module_sig);
1737 ath_mutex_unlock (&pubkeys_registered_lock);
1738 }
1739
1740 return gcry_error (rc);
1741}
1742
1743
1744/*
1745 Test a key.
1746
1747 This may be used either for a public or a secret key to see whether
1748 internal structre is valid.
1749
1750 Returns: 0 or an errorcode.
1751
1752 s_key = <key-as-defined-in-sexp_to_key> */
1753gcry_error_t
1754gcry_pk_testkey (gcry_sexp_t s_key)
1755{
1756 gcry_module_t module = NULL;
1757 gcry_mpi_t *key = NULL;
1758 gcry_err_code_t rc;
1759
1760 REGISTER_DEFAULT_PUBKEYS;
1761
1762 /* Note we currently support only secret key checking. */
1763 rc = sexp_to_key (s_key, 1, &key, &module);
1764 if (! rc)
1765 {
1766 rc = pubkey_check_secret_key (module->mod_id, key);
1767 release_mpi_array (key);
1768 gcry_free (key);
1769 }
1770 return gcry_error (rc);
1771}
1772
1773
1774/*
1775 Create a public key pair and return it in r_key.
1776 How the key is created depends on s_parms:
1777 (genkey
1778 (algo
1779 (parameter_name_1 ....)
1780 ....
1781 (parameter_name_n ....)
1782 ))
1783 The key is returned in a format depending on the
1784 algorithm. Both, private and secret keys are returned
1785 and optionally some additional informatin.
1786 For elgamal we return this structure:
1787 (key-data
1788 (public-key
1789 (elg
1790 (p <mpi>)
1791 (g <mpi>)
1792 (y <mpi>)
1793 )
1794 )
1795 (private-key
1796 (elg
1797 (p <mpi>)
1798 (g <mpi>)
1799 (y <mpi>)
1800 (x <mpi>)
1801 )
1802 )
1803 (misc-key-info
1804 (pm1-factors n1 n2 ... nn)
1805 ))
1806 */
1807gcry_error_t
1808gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms)
1809{
1810 gcry_pk_spec_t *pubkey = NULL;
1811 gcry_module_t module = NULL;
1812 gcry_sexp_t list = NULL, l2 = NULL;
1813 const char *name;
1814 size_t n;
1815 gcry_err_code_t rc = GPG_ERR_NO_ERROR;
1816 int i;
1817 const char *algo_name = NULL;
1818 int algo;
1819 const char *sec_elems = NULL, *pub_elems = NULL;
1820 gcry_mpi_t skey[10], *factors = NULL;
1821 unsigned int nbits = 0;
1822 unsigned long use_e = 0;
1823 char *name_terminated;
1824
1825 REGISTER_DEFAULT_PUBKEYS;
1826
1827 skey[0] = NULL;
1828 *r_key = NULL;
1829
1830 list = gcry_sexp_find_token (s_parms, "genkey", 0);
1831 if (!list)
1832 {
1833 rc = GPG_ERR_INV_OBJ; /* Does not contain genkey data. */
1834 goto leave;
1835 }
1836
1837 l2 = gcry_sexp_cadr (list);
1838 gcry_sexp_release (list);
1839 list = l2;
1840 l2 = NULL;
1841 if (! list)
1842 {
1843 rc = GPG_ERR_NO_OBJ; /* No cdr for the genkey. */
1844 goto leave;
1845 }
1846
1847 name = gcry_sexp_nth_data (list, 0, &n);
1848 if (! name)
1849 {
1850 rc = GPG_ERR_INV_OBJ; /* Algo string missing. */
1851 goto leave;
1852 }
1853
1854 name_terminated = gcry_xmalloc (n + 1);
1855 memcpy (name_terminated, name, n);
1856 name_terminated[n] = 0;
1857 ath_mutex_lock (&pubkeys_registered_lock);
1858 module = gcry_pk_lookup_name (name_terminated);
1859 ath_mutex_unlock (&pubkeys_registered_lock);
1860 gcry_free (name_terminated);
1861
1862 if (! module)
1863 {
1864 rc = GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */
1865 goto leave;
1866 }
1867
1868 pubkey = (gcry_pk_spec_t *) module->spec;
1869 algo = module->mod_id;
1870 algo_name = pubkey->aliases? *pubkey->aliases : NULL;
1871 if (!algo_name || !*algo_name)
1872 algo_name = pubkey->name;
1873 pub_elems = pubkey->elements_pkey;
1874 sec_elems = pubkey->elements_skey;
1875
1876 /* Handle the optional rsa-use-e element. */
1877 l2 = gcry_sexp_find_token (list, "rsa-use-e", 0);
1878 if (l2)
1879 {
1880 char buf[50];
1881
1882 name = gcry_sexp_nth_data (l2, 1, &n);
1883 if ((! name) || (n >= DIM (buf) - 1))
1884 {
1885 rc = GPG_ERR_INV_OBJ; /* No value or value too large. */
1886 goto leave;
1887 }
1888 memcpy (buf, name, n);
1889 buf[n] = 0;
1890 use_e = strtoul (buf, NULL, 0);
1891 gcry_sexp_release (l2);
1892 l2 = NULL;
1893 }
1894 else
1895 use_e = 65537; /* Not given, use the value generated by old versions. */
1896
1897 l2 = gcry_sexp_find_token (list, "nbits", 0);
1898 gcry_sexp_release (list);
1899 list = l2;
1900 l2 = NULL;
1901
1902 if (! list)
1903 {
1904 rc = GPG_ERR_NO_OBJ; /* No nbits parameter. */
1905 goto leave;
1906 }
1907
1908 name = gcry_sexp_nth_data (list, 1, &n);
1909 if (! name)
1910 {
1911 rc = GPG_ERR_INV_OBJ; /* nbits without a cdr. */
1912 goto leave;
1913 }
1914
1915 name_terminated = gcry_xmalloc (n + 1);
1916 memcpy (name_terminated, name, n);
1917 name_terminated[n] = 0;
1918 nbits = (unsigned int) strtoul (name_terminated, NULL, 0);
1919 gcry_free (name_terminated);
1920
1921 rc = pubkey_generate (module->mod_id, nbits, use_e, skey, &factors);
1922 if (rc)
1923 goto leave;
1924
1925 {
1926 char *string, *p;
1927 size_t nelem=0, nelem_cp = 0, needed=0;
1928 gcry_mpi_t mpis[30];
1929
1930 nelem = strlen (pub_elems) + strlen (sec_elems);
1931 for (i = 0; factors[i]; i++)
1932 nelem++;
1933 nelem_cp = nelem;
1934
1935 needed += nelem * 10;
1936 needed += 2 * strlen (algo_name) + 300;
1937 if (nelem > DIM (mpis))
1938 BUG ();
1939
1940 /* Build the string. */
1941 nelem = 0;
1942 string = p = gcry_xmalloc (needed);
1943 p = stpcpy (p, "(key-data");
1944 p = stpcpy (p, "(public-key(");
1945 p = stpcpy (p, algo_name);
1946 for(i = 0; pub_elems[i]; i++)
1947 {
1948 *p++ = '(';
1949 *p++ = pub_elems[i];
1950 p = stpcpy (p, "%m)");
1951 mpis[nelem++] = skey[i];
1952 }
1953 p = stpcpy (p, "))");
1954 p = stpcpy (p, "(private-key(");
1955 p = stpcpy (p, algo_name);
1956 for (i = 0; sec_elems[i]; i++)
1957 {
1958 *p++ = '(';
1959 *p++ = sec_elems[i];
1960 p = stpcpy (p, "%m)");
1961 mpis[nelem++] = skey[i];
1962 }
1963 p = stpcpy (p, "))");
1964
1965 /* Very ugly hack to make release_mpi_array() work FIXME */
1966 skey[i] = NULL;
1967
1968 p = stpcpy (p, "(misc-key-info(pm1-factors");
1969 for(i = 0; factors[i]; i++)
1970 {
1971 p = stpcpy (p, "%m");
1972 mpis[nelem++] = factors[i];
1973 }
1974 strcpy (p, ")))");
1975
1976 while (nelem < DIM (mpis))
1977 mpis[nelem++] = NULL;
1978
1979 {
1980 int elem_n = strlen (pub_elems) + strlen (sec_elems);
1981 void **arg_list;
1982
1983 arg_list = malloc (nelem_cp * sizeof *arg_list);
1984 if (!arg_list)
1985 {
1986 rc = gpg_err_code_from_errno (errno);
1987 goto leave;
1988 }
1989 for (i = 0; i < elem_n; i++)
1990 arg_list[i] = mpis + i;
1991 for (; i < nelem_cp; i++)
1992 arg_list[i] = factors + i - elem_n;
1993
1994 rc = gcry_sexp_build_array (r_key, NULL, string, arg_list);
1995 free (arg_list);
1996 if (rc)
1997 BUG ();
1998 assert (DIM (mpis) == 30); /* Reminder to make sure that the
1999 array gets increased if new
2000 parameters are added. */
2001 }
2002 gcry_free (string);
2003 }
2004
2005 leave:
2006 release_mpi_array (skey);
2007 /* Don't free SKEY itself, it is a static array. */
2008
2009 if (factors)
2010 {
2011 release_mpi_array ( factors );
2012 gcry_free (factors);
2013 }
2014
2015 if (l2)
2016 gcry_sexp_release (l2);
2017 if (list)
2018 gcry_sexp_release (list);
2019
2020 if (module)
2021 {
2022 ath_mutex_lock (&pubkeys_registered_lock);
2023 _gcry_module_release (module);
2024 ath_mutex_unlock (&pubkeys_registered_lock);
2025 }
2026
2027 return gcry_error (rc);
2028}
2029
2030
2031/*
2032 Get the number of nbits from the public key.
2033
2034 Hmmm: Should we have really this function or is it better to have a
2035 more general function to retrieve different propoerties of the key? */
2036unsigned int
2037gcry_pk_get_nbits (gcry_sexp_t key)
2038{
2039 gcry_module_t module = NULL;
2040 gcry_pk_spec_t *pubkey;
2041 gcry_mpi_t *keyarr = NULL;
2042 unsigned int nbits = 0;
2043 gcry_err_code_t rc;
2044
2045 REGISTER_DEFAULT_PUBKEYS;
2046
2047 rc = sexp_to_key (key, 0, &keyarr, &module);
2048 if (rc == GPG_ERR_INV_OBJ)
2049 rc = sexp_to_key (key, 1, &keyarr, &module);
2050 if (rc)
2051 return 0; /* Error - 0 is a suitable indication for that. */
2052
2053 pubkey = (gcry_pk_spec_t *) module->spec;
2054 nbits = (*pubkey->get_nbits) (module->mod_id, keyarr);
2055
2056 ath_mutex_lock (&pubkeys_registered_lock);
2057 _gcry_module_release (module);
2058 ath_mutex_unlock (&pubkeys_registered_lock);
2059
2060 release_mpi_array (keyarr);
2061 gcry_free (keyarr);
2062
2063 return nbits;
2064}
2065
2066
2067/* Return the so called KEYGRIP which is the SHA-1 hash of the public
2068 key parameters expressed in a way depended on the algorithm.
2069
2070 ARRAY must either be 20 bytes long or NULL; in the latter case a
2071 newly allocated array of that size is returned, otherwise ARRAY or
2072 NULL is returned to indicate an error which is most likely an
2073 unknown algorithm. The function accepts public or secret keys. */
2074unsigned char *
2075gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array)
2076{
2077 gcry_sexp_t list = NULL, l2 = NULL;
2078 gcry_pk_spec_t *pubkey = NULL;
2079 gcry_module_t module = NULL;
2080 const char *s, *name;
2081 size_t n;
2082 int idx;
2083 int is_rsa;
2084 const char *elems;
2085 gcry_md_hd_t md = NULL;
2086
2087 REGISTER_DEFAULT_PUBKEYS;
2088
2089 /* Check that the first element is valid. */
2090 list = gcry_sexp_find_token (key, "public-key", 0);
2091 if (!list)
2092 list = gcry_sexp_find_token (key, "private-key", 0);
2093 if (!list)
2094 list = gcry_sexp_find_token (key, "protected-private-key", 0);
2095 if (!list)
2096 list = gcry_sexp_find_token (key, "shadowed-private-key", 0);
2097 if (!list)
2098 return NULL; /* No public- or private-key object. */
2099
2100 l2 = gcry_sexp_cadr (list);
2101 gcry_sexp_release (list);
2102 list = l2;
2103 l2 = NULL;
2104
2105 name = gcry_sexp_nth_data (list, 0, &n);
2106 if (! name)
2107 goto fail; /* Invalid structure of object. */
2108
2109 {
2110 char *name_terminated = gcry_xmalloc (n + 1);
2111 memcpy (name_terminated, name, n);
2112 name_terminated[n] = 0;
2113 ath_mutex_lock (&pubkeys_registered_lock);
2114 module = gcry_pk_lookup_name (name_terminated);
2115 ath_mutex_unlock (&pubkeys_registered_lock);
2116 gcry_free (name_terminated);
2117 }
2118
2119 if (! module)
2120 goto fail; /* unknown algorithm */
2121
2122 pubkey = (gcry_pk_spec_t *) module->spec;
2123
2124 /* FIXME, special handling should be implemented by the algorithms,
2125 not by the libgcrypt core. */
2126 is_rsa = module->mod_id == GCRY_PK_RSA;
2127 elems = pubkey->elements_grip;
2128 if (! elems)
2129 goto fail; /* no grip parameter */
2130
2131 if (gcry_md_open (&md, GCRY_MD_SHA1, 0))
2132 goto fail;
2133
2134 for (idx = 0, s = elems; *s; s++, idx++)
2135 {
2136 const char *data;
2137 size_t datalen;
2138
2139 l2 = gcry_sexp_find_token (list, s, 1);
2140 if (! l2)
2141 goto fail;
2142 data = gcry_sexp_nth_data (l2, 1, &datalen);
2143 if (! data)
2144 goto fail;
2145 if (!is_rsa)
2146 {
2147 char buf[30];
2148
2149 sprintf (buf, "(1:%c%u:", *s, (unsigned int)datalen);
2150 gcry_md_write (md, buf, strlen (buf));
2151 }
2152
2153 /* PKCS-15 says that for RSA only the modulus should be hashed -
2154 however, it is not clear wether this is meant to has the raw
2155 bytes assuming this is an unsigned integer or whether the DER
2156 required 0 should be prefixed. We hash the raw bytes. For
2157 non-RSA we hash S-expressions. */
2158 gcry_md_write (md, data, datalen);
2159 gcry_sexp_release (l2);
2160 if (!is_rsa)
2161 gcry_md_write (md, ")", 1);
2162 }
2163
2164 if (!array)
2165 {
2166 array = gcry_malloc (20);
2167 if (! array)
2168 goto fail;
2169 }
2170
2171 memcpy (array, gcry_md_read (md, GCRY_MD_SHA1), 20);
2172 gcry_md_close (md);
2173 gcry_sexp_release (list);
2174 return array;
2175
2176 fail:
2177 if (l2)
2178 gcry_sexp_release (l2);
2179 if (md)
2180 gcry_md_close (md);
2181 gcry_sexp_release (list);
2182 return NULL;
2183}
2184
2185
2186gcry_error_t
2187gcry_pk_ctl (int cmd, void *buffer, size_t buflen)
2188{
2189 gcry_err_code_t err = GPG_ERR_NO_ERROR;
2190
2191 REGISTER_DEFAULT_PUBKEYS;
2192
2193 switch (cmd)
2194 {
2195 case GCRYCTL_DISABLE_ALGO:
2196 /* This one expects a buffer pointing to an integer with the
2197 algo number. */
2198 if ((! buffer) || (buflen != sizeof (int)))
2199 err = GPG_ERR_INV_ARG;
2200 else
2201 disable_pubkey_algo (*((int *) buffer));
2202 break;
2203
2204 default:
2205 err = GPG_ERR_INV_OP;
2206 }
2207
2208 return gcry_error (err);
2209}
2210
2211
2212/*
2213 Return information about the given algorithm
2214 WHAT select the kind of information returned:
2215 GCRYCTL_TEST_ALGO:
2216 Returns 0 when the specified algorithm is available for use.
2217 Buffer must be NULL, nbytes may have the address of a variable
2218 with the required usage of the algorithm. It may be 0 for don't
2219 care or a combination of the GCRY_PK_USAGE_xxx flags;
2220 GCRYCTL_GET_ALGO_USAGE:
2221 Return the usage glafs for the give algo. An invalid alog
2222 does return 0. Disabled algos are ignored here becuase we
2223 only want to know whether the algo is at all capable of
2224 the usage.
2225
2226 Note: Because this function is in most cases used to return an
2227 integer value, we can make it easier for the caller to just look at
2228 the return value. The caller will in all cases consult the value
2229 and thereby detecting whether a error occured or not (i.e. while
2230 checking the block size) */
2231gcry_error_t
2232gcry_pk_algo_info (int algorithm, int what, void *buffer, size_t *nbytes)
2233{
2234 gcry_err_code_t err = GPG_ERR_NO_ERROR;
2235
2236 switch (what)
2237 {
2238 case GCRYCTL_TEST_ALGO:
2239 {
2240 int use = nbytes ? *nbytes : 0;
2241 if (buffer)
2242 err = GPG_ERR_INV_ARG;
2243 else if (check_pubkey_algo (algorithm, use))
2244 err = GPG_ERR_PUBKEY_ALGO;
2245 break;
2246 }
2247
2248 case GCRYCTL_GET_ALGO_USAGE:
2249 {
2250 gcry_module_t pubkey;
2251 int use = 0;
2252
2253 REGISTER_DEFAULT_PUBKEYS;
2254
2255 ath_mutex_lock (&pubkeys_registered_lock);
2256 pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
2257 if (pubkey)
2258 {
2259 use = ((gcry_pk_spec_t *) pubkey->spec)->use;
2260 _gcry_module_release (pubkey);
2261 }
2262 ath_mutex_unlock (&pubkeys_registered_lock);
2263
2264 /* FIXME? */
2265 *nbytes = use;
2266 }
2267
2268 case GCRYCTL_GET_ALGO_NPKEY:
2269 {
2270 /* FIXME? */
2271 int npkey = pubkey_get_npkey (algorithm);
2272 *nbytes = npkey;
2273 break;
2274 }
2275 case GCRYCTL_GET_ALGO_NSKEY:
2276 {
2277 /* FIXME? */
2278 int nskey = pubkey_get_nskey (algorithm);
2279 *nbytes = nskey;
2280 break;
2281 }
2282 case GCRYCTL_GET_ALGO_NSIGN:
2283 {
2284 /* FIXME? */
2285 int nsign = pubkey_get_nsig (algorithm);
2286 *nbytes = nsign;
2287 break;
2288 }
2289 case GCRYCTL_GET_ALGO_NENCR:
2290 {
2291 /* FIXME? */
2292 int nencr = pubkey_get_nenc (algorithm);
2293 *nbytes = nencr;
2294 break;
2295 }
2296
2297 default:
2298 err = GPG_ERR_INV_OP;
2299 }
2300
2301 return gcry_error (err);
2302}
2303
2304
2305gcry_err_code_t
2306_gcry_pk_init (void)
2307{
2308 gcry_err_code_t err = GPG_ERR_NO_ERROR;
2309
2310 REGISTER_DEFAULT_PUBKEYS;
2311
2312 return err;
2313}
2314
2315
2316gcry_err_code_t
2317_gcry_pk_module_lookup (int algorithm, gcry_module_t *module)
2318{
2319 gcry_err_code_t err = GPG_ERR_NO_ERROR;
2320 gcry_module_t pubkey;
2321
2322 REGISTER_DEFAULT_PUBKEYS;
2323
2324 ath_mutex_lock (&pubkeys_registered_lock);
2325 pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
2326 if (pubkey)
2327 *module = pubkey;
2328 else
2329 err = GPG_ERR_PUBKEY_ALGO;
2330 ath_mutex_unlock (&pubkeys_registered_lock);
2331
2332 return err;
2333}
2334
2335
2336void
2337_gcry_pk_module_release (gcry_module_t module)
2338{
2339 ath_mutex_lock (&pubkeys_registered_lock);
2340 _gcry_module_release (module);
2341 ath_mutex_unlock (&pubkeys_registered_lock);
2342}
2343
2344/* Get a list consisting of the IDs of the loaded pubkey modules. If
2345 LIST is zero, write the number of loaded pubkey modules to
2346 LIST_LENGTH and return. If LIST is non-zero, the first
2347 *LIST_LENGTH algorithm IDs are stored in LIST, which must be of
2348 according size. In case there are less pubkey modules than
2349 *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */
2350gcry_error_t
2351gcry_pk_list (int *list, int *list_length)
2352{
2353 gcry_err_code_t err = GPG_ERR_NO_ERROR;
2354
2355 ath_mutex_lock (&pubkeys_registered_lock);
2356 err = _gcry_module_list (pubkeys_registered, list, list_length);
2357 ath_mutex_unlock (&pubkeys_registered_lock);
2358
2359 return err;
2360}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rand-internal.h b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rand-internal.h
new file mode 100755
index 0000000..802a242
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rand-internal.h
@@ -0,0 +1,41 @@
1/* rand-internal.h - header to glue the random functions
2 * Copyright (C) 1998, 2002 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20#ifndef G10_RAND_INTERNAL_H
21#define G10_RAND_INTERNAL_H
22
23void _gcry_random_progress (const char *what, int printchar,
24 int current, int total);
25
26
27int _gcry_rndlinux_gather_random (void (*add) (const void *, size_t, int),
28 int requester, size_t length, int level);
29int _gcry_rndunix_gather_random (void (*add) (const void *, size_t, int),
30 int requester, size_t length, int level);
31int _gcry_rndegd_gather_random (void (*add) (const void *, size_t, int),
32 int requester, size_t length, int level);
33int _gcry_rndegd_connect_socket (int nofail);
34int _gcry_rndw32_gather_random (void (*add) (const void *, size_t, int),
35 int requester, size_t length, int level);
36int _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, int),
37 int requester );
38
39
40
41#endif /*G10_RAND_INTERNAL_H*/
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.c
new file mode 100755
index 0000000..f31d8b0
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.c
@@ -0,0 +1,1186 @@
1/* random.c - random number generator
2 * Copyright (C) 1998, 2000, 2001, 2002, 2003,
3 * 2004, 2005 Free Software Foundation, Inc.
4 *
5 * This file is part of Libgcrypt.
6 *
7 * Libgcrypt is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * Libgcrypt is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
20 */
21
22/****************
23 * This random number generator is modelled after the one described in
24 * Peter Gutmann's paper: "Software Generation of Practically Strong
25 * Random Numbers". See also chapter 6 in his book "Cryptographic
26 * Security Architecture", New York, 2004, ISBN 0-387-95387-6.
27 */
28
29
30#include <config.h>
31#include <stdio.h>
32#include <stdlib.h>
33#include <assert.h>
34#include <errno.h>
35#include <string.h>
36#include <sys/time.h>
37#include <sys/types.h>
38#include <sys/stat.h>
39#include <unistd.h>
40#include <fcntl.h>
41#include <time.h>
42#ifdef HAVE_GETHRTIME
43#include <sys/times.h>
44#endif
45#ifdef HAVE_GETTIMEOFDAY
46#include <sys/times.h>
47#endif
48#ifdef HAVE_GETRUSAGE
49#include <sys/resource.h>
50#endif
51#ifdef __MINGW32__
52#include <process.h>
53#endif
54#include "g10lib.h"
55#include "rmd.h"
56#include "random.h"
57#include "rand-internal.h"
58#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */
59#include "ath.h"
60
61#ifndef RAND_MAX /* for SunOS */
62#define RAND_MAX 32767
63#endif
64
65
66#if SIZEOF_UNSIGNED_LONG == 8
67#define ADD_VALUE 0xa5a5a5a5a5a5a5a5
68#elif SIZEOF_UNSIGNED_LONG == 4
69#define ADD_VALUE 0xa5a5a5a5
70#else
71#error weird size for an unsigned long
72#endif
73
74#define BLOCKLEN 64 /* hash this amount of bytes */
75#define DIGESTLEN 20 /* into a digest of this length (rmd160) */
76/* poolblocks is the number of digests which make up the pool
77 * and poolsize must be a multiple of the digest length
78 * to make the AND operations faster, the size should also be
79 * a multiple of ulong
80 */
81#define POOLBLOCKS 30
82#define POOLSIZE (POOLBLOCKS*DIGESTLEN)
83#if (POOLSIZE % SIZEOF_UNSIGNED_LONG)
84#error Please make sure that poolsize is a multiple of ulong
85#endif
86#define POOLWORDS (POOLSIZE / SIZEOF_UNSIGNED_LONG)
87
88
89static int is_initialized;
90#define MASK_LEVEL(a) do { (a) &= 3; } while(0)
91static unsigned char *rndpool; /* allocated size is POOLSIZE+BLOCKLEN */
92static unsigned char *keypool; /* allocated size is POOLSIZE+BLOCKLEN */
93static size_t pool_readpos;
94static size_t pool_writepos;
95static int pool_filled;
96static int pool_balance;
97static int just_mixed;
98static int did_initial_extra_seeding;
99static char *seed_file_name;
100static int allow_seed_file_update;
101
102static int secure_alloc;
103static int quick_test;
104static int faked_rng;
105
106static ath_mutex_t pool_lock = ATH_MUTEX_INITIALIZER;
107static int pool_is_locked; /* only used for assertion */
108
109static ath_mutex_t nonce_buffer_lock = ATH_MUTEX_INITIALIZER;
110
111static byte *get_random_bytes( size_t nbytes, int level, int secure );
112static void read_pool( byte *buffer, size_t length, int level );
113static void add_randomness( const void *buffer, size_t length, int source );
114static void random_poll(void);
115static void do_fast_random_poll (void);
116static void read_random_source( int requester, size_t length, int level);
117static int gather_faked( void (*add)(const void*, size_t, int), int requester,
118 size_t length, int level );
119
120static struct {
121 ulong mixrnd;
122 ulong mixkey;
123 ulong slowpolls;
124 ulong fastpolls;
125 ulong getbytes1;
126 ulong ngetbytes1;
127 ulong getbytes2;
128 ulong ngetbytes2;
129 ulong addbytes;
130 ulong naddbytes;
131} rndstats;
132
133static void (*progress_cb) (void *,const char*,int,int, int );
134static void *progress_cb_data;
135
136/* Note, we assume that this function is used before any concurrent
137 access happens. */
138static void
139initialize_basics(void)
140{
141 static int initialized;
142 int err;
143
144 if (!initialized)
145 {
146 initialized = 1;
147 err = ath_mutex_init (&pool_lock);
148 if (err)
149 log_fatal ("failed to create the pool lock: %s\n", strerror (err) );
150
151 err = ath_mutex_init (&nonce_buffer_lock);
152 if (err)
153 log_fatal ("failed to create the nonce buffer lock: %s\n",
154 strerror (err) );
155 }
156}
157
158
159static void
160initialize(void)
161{
162 initialize_basics ();
163 /* The data buffer is allocated somewhat larger, so that we can use
164 this extra space (which is allocated in secure memory) as a
165 temporary hash buffer */
166 rndpool = secure_alloc ? gcry_xcalloc_secure(1,POOLSIZE+BLOCKLEN)
167 : gcry_xcalloc(1,POOLSIZE+BLOCKLEN);
168 keypool = secure_alloc ? gcry_xcalloc_secure(1,POOLSIZE+BLOCKLEN)
169 : gcry_xcalloc(1,POOLSIZE+BLOCKLEN);
170 is_initialized = 1;
171
172}
173
174
175/* Used to register a progress callback. */
176void
177_gcry_register_random_progress (void (*cb)(void *,const char*,int,int,int),
178 void *cb_data )
179{
180 progress_cb = cb;
181 progress_cb_data = cb_data;
182}
183
184
185/* This progress function is currently used by the random modules to give hint
186 on how much more entropy is required. */
187void
188_gcry_random_progress (const char *what, int printchar, int current, int total)
189{
190 if (progress_cb)
191 progress_cb (progress_cb_data, what, printchar, current, total);
192}
193
194
195/* Initialize this random subsystem. If FULL is false, this function
196 merely calls the initialize and does not do anything more. Doing
197 this is not really required but when running in a threaded
198 environment we might get a race condition otherwise. */
199void
200_gcry_random_initialize (int full)
201{
202 if (!full)
203 initialize_basics ();
204 else if (!is_initialized)
205 initialize ();
206}
207
208void
209_gcry_random_dump_stats()
210{
211 log_info (
212 "random usage: poolsize=%d mixed=%lu polls=%lu/%lu added=%lu/%lu\n"
213 " outmix=%lu getlvl1=%lu/%lu getlvl2=%lu/%lu\n",
214 POOLSIZE, rndstats.mixrnd, rndstats.slowpolls, rndstats.fastpolls,
215 rndstats.naddbytes, rndstats.addbytes,
216 rndstats.mixkey, rndstats.ngetbytes1, rndstats.getbytes1,
217 rndstats.ngetbytes2, rndstats.getbytes2 );
218}
219
220void
221_gcry_secure_random_alloc()
222{
223 secure_alloc = 1;
224}
225
226
227int
228_gcry_quick_random_gen( int onoff )
229{
230 int last;
231
232 /* No need to lock it here because we are only initializing. A
233 prerequisite of the entire code is that it has already been
234 initialized before any possible concurrent access */
235 read_random_source(0,0,0); /* init */
236 last = quick_test;
237 if( onoff != -1 )
238 quick_test = onoff;
239 return faked_rng? 1 : last;
240}
241
242int
243_gcry_random_is_faked()
244{
245 if( !is_initialized )
246 initialize();
247 return (faked_rng || quick_test);
248}
249
250/*
251 * Return a pointer to a randomized buffer of LEVEL and NBYTES length.
252 * Caller must free the buffer.
253 */
254static byte *
255get_random_bytes ( size_t nbytes, int level, int secure)
256{
257 byte *buf, *p;
258 int err;
259
260 /* First a hack toavoid the strong random using our regression test suite. */
261 if (quick_test && level > 1)
262 level = 1;
263
264 /* Make sure the requested level is in range. */
265 MASK_LEVEL(level);
266
267 /* Lock the pool. */
268 err = ath_mutex_lock (&pool_lock);
269 if (err)
270 log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));
271 pool_is_locked = 1;
272
273 /* Keep some statistics. */
274 if (level >= 2)
275 {
276 rndstats.getbytes2 += nbytes;
277 rndstats.ngetbytes2++;
278 }
279 else
280 {
281 rndstats.getbytes1 += nbytes;
282 rndstats.ngetbytes1++;
283 }
284
285 /* Allocate the return buffer. */
286 buf = secure && secure_alloc ? gcry_xmalloc_secure( nbytes )
287 : gcry_xmalloc( nbytes );
288
289 /* Fill that buffer with random. */
290 for (p = buf; nbytes > 0; )
291 {
292 size_t n;
293
294 n = nbytes > POOLSIZE? POOLSIZE : nbytes;
295 read_pool( p, n, level );
296 nbytes -= n;
297 p += n;
298 }
299
300 /* Release the pool lock. */
301 pool_is_locked = 0;
302 err = ath_mutex_unlock (&pool_lock);
303 if (err)
304 log_fatal ("failed to release the pool lock: %s\n", strerror (err));
305
306 /* Return the buffer. */
307 return buf;
308}
309
310
311/* Add BUFLEN bytes from BUF to the internal random pool. QUALITY
312 should be in the range of 0..100 to indicate the goodness of the
313 entropy added, or -1 for goodness not known.
314
315 Note, that this function currently does nothing.
316*/
317gcry_error_t
318gcry_random_add_bytes (const void * buf, size_t buflen, int quality)
319{
320 gcry_err_code_t err = GPG_ERR_NO_ERROR;
321
322 if (!buf || quality < -1 || quality > 100)
323 err = GPG_ERR_INV_ARG;
324 if (!buflen)
325 return 0; /* Shortcut this dummy case. */
326#if 0
327 /* Before we actuall enable this code, we need to lock the pool,
328 have a look at the quality and find a way to add them without
329 disturbing the real entropy (we have estimated). */
330 /*add_randomness( buf, buflen, 1 );*/
331#endif
332 return err;
333}
334
335/* The public function to return random data of the quality LEVEL. */
336void *
337gcry_random_bytes( size_t nbytes, enum gcry_random_level level )
338{
339 if (!is_initialized)
340 initialize();
341 return get_random_bytes( nbytes, level, 0 );
342}
343
344/* The public function to return random data of the quality LEVEL;
345 this version of the function retrun the random a buffer allocated
346 in secure memory. */
347void *
348gcry_random_bytes_secure( size_t nbytes, enum gcry_random_level level )
349{
350 if (!is_initialized)
351 initialize();
352 return get_random_bytes( nbytes, level, 1 );
353}
354
355
356/* Public function to fill the buffer with LENGTH bytes of
357 cryptographically strong random bytes. level 0 is not very strong,
358 1 is strong enough for most usage, 2 is good for key generation
359 stuff but may be very slow. */
360void
361gcry_randomize (void *buffer, size_t length, enum gcry_random_level level)
362{
363 byte *p;
364 int err;
365
366 /* Make sure we are initialized. */
367 if (!is_initialized)
368 initialize ();
369
370 /* Handle our hack used for regression tests of Libgcrypt. */
371 if( quick_test && level > 1 )
372 level = 1;
373
374 /* Make sure the level is okay. */
375 MASK_LEVEL(level);
376
377 /* Acquire the pool lock. */
378 err = ath_mutex_lock (&pool_lock);
379 if (err)
380 log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));
381 pool_is_locked = 1;
382
383 /* Update the statistics. */
384 if (level >= 2)
385 {
386 rndstats.getbytes2 += length;
387 rndstats.ngetbytes2++;
388 }
389 else
390 {
391 rndstats.getbytes1 += length;
392 rndstats.ngetbytes1++;
393 }
394
395 /* Read the random into the provided buffer. */
396 for (p = buffer; length > 0;)
397 {
398 size_t n;
399
400 n = length > POOLSIZE? POOLSIZE : length;
401 read_pool (p, n, level);
402 length -= n;
403 p += n;
404 }
405
406 /* Release the pool lock. */
407 pool_is_locked = 0;
408 err = ath_mutex_unlock (&pool_lock);
409 if (err)
410 log_fatal ("failed to release the pool lock: %s\n", strerror (err));
411
412}
413
414
415
416
417/*
418 Mix the pool:
419
420 |........blocks*20byte........|20byte|..44byte..|
421 <..44byte..> <20byte>
422 | |
423 | +------+
424 +---------------------------|----------+
425 v v
426 |........blocks*20byte........|20byte|..44byte..|
427 <.....64bytes.....>
428 |
429 +----------------------------------+
430 Hash
431 v
432 |.............................|20byte|..44byte..|
433 <20byte><20byte><..44byte..>
434 | |
435 | +---------------------+
436 +-----------------------------+ |
437 v v
438 |.............................|20byte|..44byte..|
439 <.....64byte......>
440 |
441 +-------------------------+
442 Hash
443 v
444 |.............................|20byte|..44byte..|
445 <20byte><20byte><..44byte..>
446
447 and so on until we did this for all blocks.
448
449 To better protect against implementation errors in this code, we
450 xor a digest of the entire pool into the pool before mixing.
451
452 Note, that this function muts only be called with a locked pool.
453 */
454static void
455mix_pool (unsigned char *pool)
456{
457 static unsigned char failsafe_digest[DIGESTLEN];
458 static int failsafe_digest_valid;
459
460 unsigned char *hashbuf = pool + POOLSIZE;
461 unsigned char *p, *pend;
462 int i, n;
463 RMD160_CONTEXT md;
464
465#if DIGESTLEN != 20
466#error must have a digest length of 20 for ripe-md-160
467#endif
468
469 assert (pool_is_locked);
470 _gcry_rmd160_init( &md );
471
472 /* loop over the pool */
473 pend = pool + POOLSIZE;
474 memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN );
475 memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN);
476 _gcry_rmd160_mixblock( &md, (char*)hashbuf);
477 memcpy(pool, hashbuf, 20 );
478
479 if (failsafe_digest_valid && pool == rndpool)
480 {
481 for (i=0; i < 20; i++)
482 pool[i] ^= failsafe_digest[i];
483 }
484
485 p = pool;
486 for (n=1; n < POOLBLOCKS; n++)
487 {
488 memcpy (hashbuf, p, DIGESTLEN);
489
490 p += DIGESTLEN;
491 if (p+DIGESTLEN+BLOCKLEN < pend)
492 memcpy (hashbuf+DIGESTLEN, p+DIGESTLEN, BLOCKLEN-DIGESTLEN);
493 else
494 {
495 unsigned char *pp = p + DIGESTLEN;
496
497 for (i=DIGESTLEN; i < BLOCKLEN; i++ )
498 {
499 if ( pp >= pend )
500 pp = pool;
501 hashbuf[i] = *pp++;
502 }
503 }
504
505 _gcry_rmd160_mixblock( &md, (char*)hashbuf);
506 memcpy(p, hashbuf, 20 );
507 }
508
509 /* Our hash implementation does only leave small parts (64 bytes)
510 of the pool on the stack, so it is okay not to require secure
511 memory here. Before we use this pool, it will be copied to the
512 help buffer anyway. */
513 if ( pool == rndpool)
514 {
515 _gcry_rmd160_hash_buffer ((char*)failsafe_digest,
516 (char*)pool, POOLSIZE);
517 failsafe_digest_valid = 1;
518 }
519
520 _gcry_burn_stack (384); /* for the rmd160_mixblock(), rmd160_hash_buffer */
521}
522
523
524void
525_gcry_set_random_seed_file( const char *name )
526{
527 if (seed_file_name)
528 BUG ();
529 seed_file_name = gcry_xstrdup (name);
530}
531
532
533/*
534 Read in a seed form the random_seed file
535 and return true if this was successful.
536 */
537static int
538read_seed_file (void)
539{
540 int fd;
541 struct stat sb;
542 unsigned char buffer[POOLSIZE];
543 int n;
544
545 assert (pool_is_locked);
546
547 if (!seed_file_name)
548 return 0;
549
550#ifdef HAVE_DOSISH_SYSTEM
551 fd = open( seed_file_name, O_RDONLY | O_BINARY );
552#else
553 fd = open( seed_file_name, O_RDONLY );
554#endif
555 if( fd == -1 && errno == ENOENT)
556 {
557 allow_seed_file_update = 1;
558 return 0;
559 }
560
561 if (fd == -1 )
562 {
563 log_info(_("can't open `%s': %s\n"), seed_file_name, strerror(errno) );
564 return 0;
565 }
566 if (fstat( fd, &sb ) )
567 {
568 log_info(_("can't stat `%s': %s\n"), seed_file_name, strerror(errno) );
569 close(fd);
570 return 0;
571 }
572 if (!S_ISREG(sb.st_mode) )
573 {
574 log_info(_("`%s' is not a regular file - ignored\n"), seed_file_name );
575 close(fd);
576 return 0;
577 }
578 if (!sb.st_size )
579 {
580 log_info(_("note: random_seed file is empty\n") );
581 close(fd);
582 allow_seed_file_update = 1;
583 return 0;
584 }
585 if (sb.st_size != POOLSIZE )
586 {
587 log_info(_("warning: invalid size of random_seed file - not used\n") );
588 close(fd);
589 return 0;
590 }
591
592 do
593 {
594 n = read( fd, buffer, POOLSIZE );
595 }
596 while (n == -1 && errno == EINTR );
597
598 if (n != POOLSIZE)
599 {
600 log_fatal(_("can't read `%s': %s\n"), seed_file_name,strerror(errno) );
601 close(fd);/*NOTREACHED*/
602 return 0;
603 }
604
605 close(fd);
606
607 add_randomness( buffer, POOLSIZE, 0 );
608 /* add some minor entropy to the pool now (this will also force a mixing) */
609 {
610 pid_t x = getpid();
611 add_randomness( &x, sizeof(x), 0 );
612 }
613 {
614 time_t x = time(NULL);
615 add_randomness( &x, sizeof(x), 0 );
616 }
617 {
618 clock_t x = clock();
619 add_randomness( &x, sizeof(x), 0 );
620 }
621
622 /* And read a few bytes from our entropy source. By using a level
623 * of 0 this will not block and might not return anything with some
624 * entropy drivers, however the rndlinux driver will use
625 * /dev/urandom and return some stuff - Do not read to much as we
626 * want to be friendly to the scare system entropy resource. */
627 read_random_source( 0, 16, 0 );
628
629 allow_seed_file_update = 1;
630 return 1;
631}
632
633
634void
635_gcry_update_random_seed_file()
636{
637 unsigned long *sp, *dp;
638 int fd, i;
639 int err;
640
641 if ( !seed_file_name || !is_initialized || !pool_filled )
642 return;
643 if ( !allow_seed_file_update )
644 {
645 log_info(_("note: random_seed file not updated\n"));
646 return;
647 }
648
649 err = ath_mutex_lock (&pool_lock);
650 if (err)
651 log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));
652 pool_is_locked = 1;
653
654 /* copy the entropy pool to a scratch pool and mix both of them */
655 for (i=0,dp=(ulong*)keypool, sp=(ulong*)rndpool;
656 i < POOLWORDS; i++, dp++, sp++ )
657 {
658 *dp = *sp + ADD_VALUE;
659 }
660 mix_pool(rndpool); rndstats.mixrnd++;
661 mix_pool(keypool); rndstats.mixkey++;
662
663#ifdef HAVE_DOSISH_SYSTEM
664 fd = open (seed_file_name, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY,
665 S_IRUSR|S_IWUSR );
666#else
667 fd = open (seed_file_name, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR );
668#endif
669
670 if (fd == -1 )
671 log_info (_("can't create `%s': %s\n"), seed_file_name, strerror(errno) );
672 else
673 {
674 do
675 {
676 i = write (fd, keypool, POOLSIZE );
677 }
678 while( i == -1 && errno == EINTR );
679 if (i != POOLSIZE)
680 log_info (_("can't write `%s': %s\n"),
681 seed_file_name, strerror(errno) );
682 if (close(fd))
683 log_info(_("can't close `%s': %s\n"),
684 seed_file_name, strerror(errno) );
685 }
686
687 pool_is_locked = 0;
688 err = ath_mutex_unlock (&pool_lock);
689 if (err)
690 log_fatal ("failed to release the pool lock: %s\n", strerror (err));
691
692}
693
694
695/* Read random out of the pool. This function is the core of the
696 public random functions. Note that Level 0 is special and in fact
697 an alias for level 1. */
698static void
699read_pool (byte *buffer, size_t length, int level)
700{
701 int i;
702 unsigned long *sp, *dp;
703 size_t n;
704 /* The volatile is there to make sure the compiler does not optimize
705 the code away in case the getpid function is badly attributed.
706 Note that we keep a pid in a static variable as well as in a
707 stack based one; the latter is to detect ill behaving thread
708 libraries, ignoring the pool mutexes. */
709 static volatile pid_t my_pid = (pid_t)(-1);
710 volatile pid_t my_pid2;
711
712 retry:
713 /* Get our own pid, so that we can detect a fork. */
714 my_pid2 = getpid ();
715 if (my_pid == (pid_t)(-1))
716 my_pid = my_pid2;
717 if ( my_pid != my_pid2 )
718 {
719 /* We detected a plain fork; i.e. we are now the child. Update
720 the static pid and add some randomness. */
721 pid_t x;
722
723 my_pid = my_pid2;
724 x = my_pid;
725 add_randomness (&x, sizeof(x), 0);
726 just_mixed = 0; /* Make sure it will get mixed. */
727 }
728
729 assert (pool_is_locked);
730
731 /* Our code does not allow to extract more than POOLSIZE. Better
732 check it here. */
733 if (length > POOLSIZE)
734 {
735 log_bug("too many random bits requested (%lu)\n", (unsigned long)length);
736 }
737
738 if (!pool_filled)
739 {
740 if (read_seed_file() )
741 pool_filled = 1;
742 }
743
744 /* For level 2 quality (key generation) we always make sure that the
745 pool has been seeded enough initially. */
746 if (level == 2 && !did_initial_extra_seeding)
747 {
748 size_t needed;
749
750 pool_balance = 0;
751 needed = length - pool_balance;
752 if (needed < POOLSIZE/2)
753 needed = POOLSIZE/2;
754 else if( needed > POOLSIZE )
755 BUG ();
756 read_random_source (3, needed, 2);
757 pool_balance += needed;
758 did_initial_extra_seeding = 1;
759 }
760
761 /* For level 2 make sure that there is enough random in the pool. */
762 if (level == 2 && pool_balance < length)
763 {
764 size_t needed;
765
766 if (pool_balance < 0)
767 pool_balance = 0;
768 needed = length - pool_balance;
769 if (needed > POOLSIZE)
770 BUG ();
771 read_random_source( 3, needed, 2 );
772 pool_balance += needed;
773 }
774
775 /* make sure the pool is filled */
776 while (!pool_filled)
777 random_poll();
778
779 /* Always do a fast random poll (we have to use the unlocked version). */
780 do_fast_random_poll();
781
782 /* Mix the pid in so that we for sure won't deliver the same random
783 after a fork. */
784 {
785 pid_t apid = my_pid;
786 add_randomness (&apid, sizeof (apid), 0);
787 }
788
789 /* Mix the pool (if add_randomness() didn't it). */
790 if (!just_mixed)
791 {
792 mix_pool(rndpool);
793 rndstats.mixrnd++;
794 }
795
796 /* Create a new pool. */
797 for(i=0,dp=(ulong*)keypool, sp=(ulong*)rndpool;
798 i < POOLWORDS; i++, dp++, sp++ )
799 *dp = *sp + ADD_VALUE;
800
801 /* Mix both pools. */
802 mix_pool(rndpool); rndstats.mixrnd++;
803 mix_pool(keypool); rndstats.mixkey++;
804
805 /* Read the required data. We use a readpointer to read from a
806 different position each time */
807 for (n=0; n < length; n++)
808 {
809 *buffer++ = keypool[pool_readpos++];
810 if (pool_readpos >= POOLSIZE)
811 pool_readpos = 0;
812 pool_balance--;
813 }
814
815 if (pool_balance < 0)
816 pool_balance = 0;
817
818 /* Clear the keypool. */
819 memset (keypool, 0, POOLSIZE);
820
821 /* We need to detect whether a fork has happened. A fork might have
822 an identical pool and thus the child and the parent could emit
823 the very same random number. This test here is to detect forks
824 in a multi-threaded process. */
825 if ( getpid () != my_pid2 )
826 {
827 pid_t x = getpid();
828 add_randomness (&x, sizeof(x), 0);
829 just_mixed = 0; /* Make sure it will get mixed. */
830 my_pid = x; /* Also update the static pid. */
831 goto retry;
832 }
833}
834
835
836/*
837 * Add LENGTH bytes of randomness from buffer to the pool.
838 * source may be used to specify the randomness source.
839 * Source is:
840 * 0 - used ony for initialization
841 * 1 - fast random poll function
842 * 2 - normal poll function
843 * 3 - used when level 2 random quality has been requested
844 * to do an extra pool seed.
845 */
846static void
847add_randomness( const void *buffer, size_t length, int source )
848{
849 const byte *p = buffer;
850
851 assert (pool_is_locked);
852 if (!is_initialized)
853 initialize ();
854 rndstats.addbytes += length;
855 rndstats.naddbytes++;
856 while (length-- )
857 {
858 rndpool[pool_writepos++] ^= *p++;
859 if (pool_writepos >= POOLSIZE )
860 {
861 if (source > 1)
862 pool_filled = 1;
863 pool_writepos = 0;
864 mix_pool(rndpool); rndstats.mixrnd++;
865 just_mixed = !length;
866 }
867 }
868}
869
870
871
872static void
873random_poll()
874{
875 rndstats.slowpolls++;
876 read_random_source (2, POOLSIZE/5, 1);
877}
878
879
880static int (*
881getfnc_gather_random (void))(void (*)(const void*, size_t, int), int,
882 size_t, int)
883{
884 static int (*fnc)(void (*)(const void*, size_t, int), int, size_t, int);
885
886 if (fnc)
887 return fnc;
888
889#if USE_RNDLINUX
890 if ( !access (NAME_OF_DEV_RANDOM, R_OK)
891 && !access (NAME_OF_DEV_URANDOM, R_OK))
892 {
893 fnc = _gcry_rndlinux_gather_random;
894 return fnc;
895 }
896#endif
897
898#if USE_RNDEGD
899 if ( _gcry_rndegd_connect_socket (1) != -1 )
900 {
901 fnc = _gcry_rndegd_gather_random;
902 return fnc;
903 }
904#endif
905
906#if USE_RNDUNIX
907 fnc = _gcry_rndunix_gather_random;
908 return fnc;
909#endif
910
911#if USE_RNDW32
912 fnc = _gcry_rndw32_gather_random;
913 return fnc;
914#endif
915
916 log_fatal (_("no entropy gathering module detected\n"));
917
918 return NULL; /*NOTREACHED*/
919}
920
921static void (*
922getfnc_fast_random_poll (void))( void (*)(const void*, size_t, int), int)
923{
924#if USE_RNDW32
925 return _gcry_rndw32_gather_random_fast;
926#endif
927 return NULL;
928}
929
930
931static void
932do_fast_random_poll (void)
933{
934 static void (*fnc)( void (*)(const void*, size_t, int), int) = NULL;
935 static int initialized = 0;
936
937 assert (pool_is_locked);
938
939 rndstats.fastpolls++;
940
941 if (!initialized )
942 {
943 if (!is_initialized )
944 initialize();
945 initialized = 1;
946 fnc = getfnc_fast_random_poll ();
947 }
948
949 if (fnc)
950 (*fnc)( add_randomness, 1 );
951
952 /* Continue with the generic functions. */
953#if HAVE_GETHRTIME
954 {
955 hrtime_t tv;
956 tv = gethrtime();
957 add_randomness( &tv, sizeof(tv), 1 );
958 }
959#elif HAVE_GETTIMEOFDAY
960 {
961 struct timeval tv;
962 if( gettimeofday( &tv, NULL ) )
963 BUG();
964 add_randomness( &tv.tv_sec, sizeof(tv.tv_sec), 1 );
965 add_randomness( &tv.tv_usec, sizeof(tv.tv_usec), 1 );
966 }
967#elif HAVE_CLOCK_GETTIME
968 { struct timespec tv;
969 if( clock_gettime( CLOCK_REALTIME, &tv ) == -1 )
970 BUG();
971 add_randomness( &tv.tv_sec, sizeof(tv.tv_sec), 1 );
972 add_randomness( &tv.tv_nsec, sizeof(tv.tv_nsec), 1 );
973 }
974#else /* use times */
975# ifndef HAVE_DOSISH_SYSTEM
976 { struct tms buf;
977 times( &buf );
978 add_randomness( &buf, sizeof buf, 1 );
979 }
980# endif
981#endif
982
983#ifdef HAVE_GETRUSAGE
984# ifdef RUSAGE_SELF
985 {
986 struct rusage buf;
987 /* QNX/Neutrino does return ENOSYS - so we just ignore it and
988 * add whatever is in buf. In a chroot environment it might not
989 * work at all (i.e. because /proc/ is not accessible), so we better
990 * ugnore all error codes and hope for the best
991 */
992 getrusage (RUSAGE_SELF, &buf );
993 add_randomness( &buf, sizeof buf, 1 );
994 memset( &buf, 0, sizeof buf );
995 }
996# else /*!RUSAGE_SELF*/
997# ifdef __GCC__
998# warning There is no RUSAGE_SELF on this system
999# endif
1000# endif /*!RUSAGE_SELF*/
1001#endif /*HAVE_GETRUSAGE*/
1002
1003 /* time and clock are availabe on all systems - so we better do it
1004 just in case one of the above functions didn't work */
1005 {
1006 time_t x = time(NULL);
1007 add_randomness( &x, sizeof(x), 1 );
1008 }
1009 {
1010 clock_t x = clock();
1011 add_randomness( &x, sizeof(x), 1 );
1012 }
1013}
1014
1015
1016/* The fast random pool function as called at some places in
1017 libgcrypt. This is merely a wrapper to make sure that this module
1018 is initalized and to look the pool. Note, that this function is a
1019 NOP unless a random function has been used or _gcry_initialize (1)
1020 has been used. We use this hack so that the internal use of this
1021 function in cipher_open and md_open won't start filling up the
1022 radnom pool, even if no random will be required by the process. */
1023void
1024_gcry_fast_random_poll (void)
1025{
1026 int err;
1027
1028 if (!is_initialized)
1029 return;
1030
1031 err = ath_mutex_lock (&pool_lock);
1032 if (err)
1033 log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));
1034 pool_is_locked = 1;
1035
1036 do_fast_random_poll ();
1037
1038 pool_is_locked = 0;
1039 err = ath_mutex_unlock (&pool_lock);
1040 if (err)
1041 log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));
1042
1043}
1044
1045
1046
1047static void
1048read_random_source( int requester, size_t length, int level )
1049{
1050 static int (*fnc)(void (*)(const void*, size_t, int), int,
1051 size_t, int) = NULL;
1052 if (!fnc )
1053 {
1054 if (!is_initialized )
1055 initialize();
1056
1057 fnc = getfnc_gather_random ();
1058
1059 if (!fnc)
1060 {
1061 faked_rng = 1;
1062 fnc = gather_faked;
1063 }
1064 if (!requester && !length && !level)
1065 return; /* Just the init was requested. */
1066 }
1067
1068 if ((*fnc)( add_randomness, requester, length, level ) < 0)
1069 log_fatal ("No way to gather entropy for the RNG\n");
1070}
1071
1072
1073static int
1074gather_faked( void (*add)(const void*, size_t, int), int requester,
1075 size_t length, int level )
1076{
1077 static int initialized=0;
1078 size_t n;
1079 char *buffer, *p;
1080
1081 if( !initialized ) {
1082 log_info(_("WARNING: using insecure random number generator!!\n"));
1083 /* we can't use tty_printf here - do we need this function at
1084 all - does it really make sense or canit be viewed as a potential
1085 security problem ? wk 17.11.99 */
1086#if 0
1087 tty_printf(_("The random number generator is only a kludge to let\n"
1088 "it run - it is in no way a strong RNG!\n\n"
1089 "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n\n"));
1090#endif
1091 initialized=1;
1092#ifdef HAVE_RAND
1093 srand( time(NULL)*getpid());
1094#else
1095 srandom( time(NULL)*getpid());
1096#endif
1097 }
1098
1099 p = buffer = gcry_xmalloc( length );
1100 n = length;
1101#ifdef HAVE_RAND
1102 while( n-- )
1103 *p++ = ((unsigned)(1 + (int) (256.0*rand()/(RAND_MAX+1.0)))-1);
1104#else
1105 while( n-- )
1106 *p++ = ((unsigned)(1 + (int) (256.0*random()/(RAND_MAX+1.0)))-1);
1107#endif
1108 add_randomness( buffer, length, requester );
1109 gcry_free(buffer);
1110 return 0; /* okay */
1111}
1112
1113
1114/* Create an unpredicable nonce of LENGTH bytes in BUFFER. */
1115void
1116gcry_create_nonce (void *buffer, size_t length)
1117{
1118 static unsigned char nonce_buffer[20+8];
1119 static int nonce_buffer_initialized = 0;
1120 static volatile pid_t my_pid; /* The volatile is there to make sure the
1121 compiler does not optimize the code away
1122 in case the getpid function is badly
1123 attributed. */
1124 unsigned char *p;
1125 size_t n;
1126 int err;
1127
1128 /* Make sure we are initialized. */
1129 if (!is_initialized)
1130 initialize ();
1131
1132 /* Acquire the nonce buffer lock. */
1133 err = ath_mutex_lock (&nonce_buffer_lock);
1134 if (err)
1135 log_fatal ("failed to acquire the nonce buffer lock: %s\n",
1136 strerror (err));
1137
1138 /* The first time intialize our buffer. */
1139 if (!nonce_buffer_initialized)
1140 {
1141 pid_t apid = getpid ();
1142 time_t atime = time (NULL);
1143
1144 my_pid = apid;
1145
1146 if ((sizeof apid + sizeof atime) > sizeof nonce_buffer)
1147 BUG ();
1148
1149 /* Initialize the first 20 bytes with a reasonable value so that
1150 a failure of gcry_randomize won't affect us too much. Don't
1151 care about the uninitialized remaining bytes. */
1152 p = nonce_buffer;
1153 memcpy (p, &apid, sizeof apid);
1154 p += sizeof apid;
1155 memcpy (p, &atime, sizeof atime);
1156
1157 /* Initialize the never changing private part of 64 bits. */
1158 gcry_randomize (nonce_buffer+20, 8, GCRY_WEAK_RANDOM);
1159
1160 nonce_buffer_initialized = 1;
1161 }
1162 else if ( my_pid != getpid () )
1163 {
1164 /* We forked. Need to reseed the buffer - doing this for the
1165 private part should be sufficient. */
1166 gcry_randomize (nonce_buffer+20, 8, GCRY_WEAK_RANDOM);
1167 }
1168
1169 /* Create the nonce by hashing the entire buffer, returning the hash
1170 and updating the first 20 bytes of the buffer with this hash. */
1171 for (p = buffer; length > 0; length -= n, p += n)
1172 {
1173 _gcry_sha1_hash_buffer ((char*)nonce_buffer,
1174 (char*)nonce_buffer, sizeof nonce_buffer);
1175 n = length > 20? 20 : length;
1176 memcpy (p, nonce_buffer, n);
1177 }
1178
1179
1180 /* Release the nonce buffer lock. */
1181 err = ath_mutex_unlock (&nonce_buffer_lock);
1182 if (err)
1183 log_fatal ("failed to release the nonce buffer lock: %s\n",
1184 strerror (err));
1185
1186}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.h b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.h
new file mode 100755
index 0000000..26ba20e
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.h
@@ -0,0 +1,42 @@
1/* random.h - random functions
2 * Copyright (C) 1998, 2002 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20#ifndef G10_RANDOM_H
21#define G10_RANDOM_H
22
23#include "types.h"
24
25void _gcry_random_initialize (int);
26void _gcry_register_random_progress (void (*cb)(void *,const char*,int,int,int),
27 void *cb_data );
28void _gcry_random_dump_stats(void);
29void _gcry_secure_random_alloc(void);
30int _gcry_quick_random_gen( int onoff );
31int _gcry_random_is_faked(void);
32void _gcry_set_random_seed_file (const char *name);
33void _gcry_update_random_seed_file (void);
34
35byte *_gcry_get_random_bits( size_t nbits, int level, int secure );
36void _gcry_fast_random_poll( void );
37
38#endif /*G10_RANDOM_H*/
39
40
41
42
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rfc2268.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rfc2268.c
new file mode 100755
index 0000000..960d1e2
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rfc2268.c
@@ -0,0 +1,345 @@
1/* rfc2268.c - The cipher described in rfc2268; aka Ron's Cipher 2.
2 * Copyright (C) 2003 Nikos Mavroyanopoulos
3 * Copyright (C) 2004 Free Software Foundation, Inc.
4 *
5 * This file is part of Libgcrypt
6 *
7 * Libgcrypt is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser general Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * Libgcrypt is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
20 */
21
22/* This implementation was written by Nikos Mavroyanopoulos for GNUTLS
23 * as a Libgcrypt module (gnutls/lib/x509/rc2.c) and later adapted for
24 * direct use by Libgcrypt by Werner Koch. This implementation is
25 * only useful for pkcs#12 descryption.
26 *
27 * The implementation here is based on Peter Gutmann's RRC.2 paper.
28 */
29
30
31#include <config.h>
32#include <stdio.h>
33#include <stdlib.h>
34#include <string.h>
35#include "g10lib.h"
36#include "types.h"
37#include "cipher.h"
38
39#define RFC2268_BLOCKSIZE 8
40
41typedef struct
42{
43 u16 S[64];
44} RFC2268_context;
45
46static const unsigned char rfc2268_sbox[] = {
47 217, 120, 249, 196, 25, 221, 181, 237,
48 40, 233, 253, 121, 74, 160, 216, 157,
49 198, 126, 55, 131, 43, 118, 83, 142,
50 98, 76, 100, 136, 68, 139, 251, 162,
51 23, 154, 89, 245, 135, 179, 79, 19,
52 97, 69, 109, 141, 9, 129, 125, 50,
53 189, 143, 64, 235, 134, 183, 123, 11,
54 240, 149, 33, 34, 92, 107, 78, 130,
55 84, 214, 101, 147, 206, 96, 178, 28,
56 115, 86, 192, 20, 167, 140, 241, 220,
57 18, 117, 202, 31, 59, 190, 228, 209,
58 66, 61, 212, 48, 163, 60, 182, 38,
59 111, 191, 14, 218, 70, 105, 7, 87,
60 39, 242, 29, 155, 188, 148, 67, 3,
61 248, 17, 199, 246, 144, 239, 62, 231,
62 6, 195, 213, 47, 200, 102, 30, 215,
63 8, 232, 234, 222, 128, 82, 238, 247,
64 132, 170, 114, 172, 53, 77, 106, 42,
65 150, 26, 210, 113, 90, 21, 73, 116,
66 75, 159, 208, 94, 4, 24, 164, 236,
67 194, 224, 65, 110, 15, 81, 203, 204,
68 36, 145, 175, 80, 161, 244, 112, 57,
69 153, 124, 58, 133, 35, 184, 180, 122,
70 252, 2, 54, 91, 37, 85, 151, 49,
71 45, 93, 250, 152, 227, 138, 146, 174,
72 5, 223, 41, 16, 103, 108, 186, 201,
73 211, 0, 230, 207, 225, 158, 168, 44,
74 99, 22, 1, 63, 88, 226, 137, 169,
75 13, 56, 52, 27, 171, 51, 255, 176,
76 187, 72, 12, 95, 185, 177, 205, 46,
77 197, 243, 219, 71, 229, 165, 156, 119,
78 10, 166, 32, 104, 254, 127, 193, 173
79};
80
81#define rotl16(x,n) (((x) << ((u16)(n))) | ((x) >> (16 - (u16)(n))))
82#define rotr16(x,n) (((x) >> ((u16)(n))) | ((x) << (16 - (u16)(n))))
83
84static const char *selftest (void);
85
86
87static void
88do_encrypt (void *context, unsigned char *outbuf, const unsigned char *inbuf)
89{
90 RFC2268_context *ctx = context;
91 register int i, j;
92 u16 word0 = 0, word1 = 0, word2 = 0, word3 = 0;
93
94 word0 = (word0 << 8) | inbuf[1];
95 word0 = (word0 << 8) | inbuf[0];
96 word1 = (word1 << 8) | inbuf[3];
97 word1 = (word1 << 8) | inbuf[2];
98 word2 = (word2 << 8) | inbuf[5];
99 word2 = (word2 << 8) | inbuf[4];
100 word3 = (word3 << 8) | inbuf[7];
101 word3 = (word3 << 8) | inbuf[6];
102
103 for (i = 0; i < 16; i++)
104 {
105 j = i * 4;
106 /* For some reason I cannot combine those steps. */
107 word0 += (word1 & ~word3) + (word2 & word3) + ctx->S[j];
108 word0 = rotl16(word0, 1);
109
110 word1 += (word2 & ~word0) + (word3 & word0) + ctx->S[j + 1];
111 word1 = rotl16(word1, 2);
112
113 word2 += (word3 & ~word1) + (word0 & word1) + ctx->S[j + 2];
114 word2 = rotl16(word2, 3);
115
116 word3 += (word0 & ~word2) + (word1 & word2) + ctx->S[j + 3];
117 word3 = rotl16(word3, 5);
118
119 if (i == 4 || i == 10)
120 {
121 word0 += ctx->S[word3 & 63];
122 word1 += ctx->S[word0 & 63];
123 word2 += ctx->S[word1 & 63];
124 word3 += ctx->S[word2 & 63];
125 }
126
127 }
128
129 outbuf[0] = word0 & 255;
130 outbuf[1] = word0 >> 8;
131 outbuf[2] = word1 & 255;
132 outbuf[3] = word1 >> 8;
133 outbuf[4] = word2 & 255;
134 outbuf[5] = word2 >> 8;
135 outbuf[6] = word3 & 255;
136 outbuf[7] = word3 >> 8;
137}
138
139static void
140do_decrypt (void *context, unsigned char *outbuf, const unsigned char *inbuf)
141{
142 RFC2268_context *ctx = context;
143 register int i, j;
144 u16 word0 = 0, word1 = 0, word2 = 0, word3 = 0;
145
146 word0 = (word0 << 8) | inbuf[1];
147 word0 = (word0 << 8) | inbuf[0];
148 word1 = (word1 << 8) | inbuf[3];
149 word1 = (word1 << 8) | inbuf[2];
150 word2 = (word2 << 8) | inbuf[5];
151 word2 = (word2 << 8) | inbuf[4];
152 word3 = (word3 << 8) | inbuf[7];
153 word3 = (word3 << 8) | inbuf[6];
154
155 for (i = 15; i >= 0; i--)
156 {
157 j = i * 4;
158
159 word3 = rotr16(word3, 5);
160 word3 -= (word0 & ~word2) + (word1 & word2) + ctx->S[j + 3];
161
162 word2 = rotr16(word2, 3);
163 word2 -= (word3 & ~word1) + (word0 & word1) + ctx->S[j + 2];
164
165 word1 = rotr16(word1, 2);
166 word1 -= (word2 & ~word0) + (word3 & word0) + ctx->S[j + 1];
167
168 word0 = rotr16(word0, 1);
169 word0 -= (word1 & ~word3) + (word2 & word3) + ctx->S[j];
170
171 if (i == 5 || i == 11)
172 {
173 word3 = word3 - ctx->S[word2 & 63];
174 word2 = word2 - ctx->S[word1 & 63];
175 word1 = word1 - ctx->S[word0 & 63];
176 word0 = word0 - ctx->S[word3 & 63];
177 }
178
179 }
180
181 outbuf[0] = word0 & 255;
182 outbuf[1] = word0 >> 8;
183 outbuf[2] = word1 & 255;
184 outbuf[3] = word1 >> 8;
185 outbuf[4] = word2 & 255;
186 outbuf[5] = word2 >> 8;
187 outbuf[6] = word3 & 255;
188 outbuf[7] = word3 >> 8;
189}
190
191
192static gpg_err_code_t
193setkey_core (void *context, const unsigned char *key, unsigned int keylen, int with_phase2)
194{
195 static int initialized;
196 static const char *selftest_failed;
197 RFC2268_context *ctx = context;
198 unsigned int i;
199 unsigned char *S, x;
200 int len;
201 int bits = keylen * 8;
202
203 if (!initialized)
204 {
205 initialized = 1;
206 selftest_failed = selftest ();
207 if (selftest_failed)
208 log_error ("RFC2268 selftest failed (%s).\n", selftest_failed);
209 }
210 if (selftest_failed)
211 return GPG_ERR_SELFTEST_FAILED;
212
213 if (keylen < 40 / 8) /* We want at least 40 bits. */
214 return GPG_ERR_INV_KEYLEN;
215
216 S = (unsigned char *) ctx->S;
217
218 for (i = 0; i < keylen; i++)
219 S[i] = key[i];
220
221 for (i = keylen; i < 128; i++)
222 S[i] = rfc2268_sbox[(S[i - keylen] + S[i - 1]) & 255];
223
224 S[0] = rfc2268_sbox[S[0]];
225
226 /* Phase 2 - reduce effective key size to "bits". This was not
227 * discussed in Gutmann's paper. I've copied that from the public
228 * domain code posted in sci.crypt. */
229 if (with_phase2)
230 {
231 len = (bits + 7) >> 3;
232 i = 128 - len;
233 x = rfc2268_sbox[S[i] & (255 >> (7 & -bits))];
234 S[i] = x;
235
236 while (i--)
237 {
238 x = rfc2268_sbox[x ^ S[i + len]];
239 S[i] = x;
240 }
241 }
242
243 /* Make the expanded key, endian independent. */
244 for (i = 0; i < 64; i++)
245 ctx->S[i] = ( (u16) S[i * 2] | (((u16) S[i * 2 + 1]) << 8));
246
247 return 0;
248}
249
250static gpg_err_code_t
251do_setkey (void *context, const unsigned char *key, unsigned int keylen)
252{
253 return setkey_core (context, key, keylen, 1);
254}
255
256static const char *
257selftest (void)
258{
259 RFC2268_context ctx;
260 unsigned char scratch[16];
261
262 /* Test vectors from Peter Gutmann's paper. */
263 static unsigned char key_1[] =
264 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
265 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
266 };
267 static unsigned char plaintext_1[] =
268 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
269 static const unsigned char ciphertext_1[] =
270 { 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7 };
271
272 static unsigned char key_2[] =
273 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
274 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
275 };
276 static unsigned char plaintext_2[] =
277 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
278 static unsigned char ciphertext_2[] =
279 { 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31 };
280
281 /* This one was checked against libmcrypt's RFC2268. */
282 static unsigned char key_3[] =
283 { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
284 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
285 };
286 static unsigned char plaintext_3[] =
287 { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
288 static unsigned char ciphertext_3[] =
289 { 0x8f, 0xd1, 0x03, 0x89, 0x33, 0x6b, 0xf9, 0x5e };
290
291
292 /* First test. */
293 setkey_core (&ctx, key_1, sizeof(key_1), 0);
294 do_encrypt (&ctx, scratch, plaintext_1);
295
296 if (memcmp (scratch, ciphertext_1, sizeof(ciphertext_1)))
297 return "RFC2268 encryption test 1 failed.";
298
299 setkey_core (&ctx, key_1, sizeof(key_1), 0);
300 do_decrypt (&ctx, scratch, scratch);
301 if (memcmp (scratch, plaintext_1, sizeof(plaintext_1)))
302 return "RFC2268 decryption test 1 failed.";
303
304 /* Second test. */
305 setkey_core (&ctx, key_2, sizeof(key_2), 0);
306 do_encrypt (&ctx, scratch, plaintext_2);
307 if (memcmp (scratch, ciphertext_2, sizeof(ciphertext_2)))
308 return "RFC2268 encryption test 2 failed.";
309
310 setkey_core (&ctx, key_2, sizeof(key_2), 0);
311 do_decrypt (&ctx, scratch, scratch);
312 if (memcmp (scratch, plaintext_2, sizeof(plaintext_2)))
313 return "RFC2268 decryption test 2 failed.";
314
315 /* Third test. */
316 setkey_core(&ctx, key_3, sizeof(key_3), 0);
317 do_encrypt(&ctx, scratch, plaintext_3);
318
319 if (memcmp(scratch, ciphertext_3, sizeof(ciphertext_3)))
320 return "RFC2268 encryption test 3 failed.";
321
322 setkey_core (&ctx, key_3, sizeof(key_3), 0);
323 do_decrypt (&ctx, scratch, scratch);
324 if (memcmp(scratch, plaintext_3, sizeof(plaintext_3)))
325 return "RFC2268 decryption test 3 failed.";
326
327 return NULL;
328}
329
330
331
332static gcry_cipher_oid_spec_t oids_rfc2268_40[] =
333 {
334 /*{ "1.2.840.113549.3.2", GCRY_CIPHER_MODE_CBC },*/
335 /* pbeWithSHAAnd40BitRC2_CBC */
336 { "1.2.840.113549.1.12.1.6", GCRY_CIPHER_MODE_CBC },
337 { NULL }
338 };
339
340gcry_cipher_spec_t _gcry_cipher_spec_rfc2268_40 = {
341 "RFC2268_40", NULL, oids_rfc2268_40,
342 RFC2268_BLOCKSIZE, 40, sizeof(RFC2268_context),
343 do_setkey, do_encrypt, do_decrypt
344};
345
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rijndael.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rijndael.c
new file mode 100755
index 0000000..c4d9da0
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rijndael.c
@@ -0,0 +1,2275 @@
1/* Rijndael (AES) for GnuPG
2 * Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 *******************************************************************
20 * The code here is based on the optimized implementation taken from
21 * http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ on Oct 2, 2000,
22 * which carries this notice:
23 *------------------------------------------
24 * rijndael-alg-fst.c v2.3 April '2000
25 *
26 * Optimised ANSI C code
27 *
28 * authors: v1.0: Antoon Bosselaers
29 * v2.0: Vincent Rijmen
30 * v2.3: Paulo Barreto
31 *
32 * This code is placed in the public domain.
33 *------------------------------------------
34 */
35
36#include <config.h>
37#include <stdio.h>
38#include <stdlib.h>
39#include <string.h> /* for memcmp() */
40
41#include "types.h" /* for byte and u32 typedefs */
42#include "g10lib.h"
43#include "cipher.h"
44
45#define MAXKC (256/32)
46#define MAXROUNDS 14
47
48
49static const char *selftest(void);
50
51typedef struct
52{
53 int ROUNDS; /* key-length-dependent number of rounds */
54 int decryption_prepared;
55 union
56 {
57 PROPERLY_ALIGNED_TYPE dummy;
58 byte keyschedule[MAXROUNDS+1][4][4];
59 } u1;
60 union
61 {
62 PROPERLY_ALIGNED_TYPE dummy;
63 byte keyschedule[MAXROUNDS+1][4][4];
64 } u2;
65} RIJNDAEL_context;
66
67#define keySched u1.keyschedule
68#define keySched2 u2.keyschedule
69
70
71static const byte S[256] = {
72 99, 124, 119, 123, 242, 107, 111, 197,
73 48, 1, 103, 43, 254, 215, 171, 118,
74 202, 130, 201, 125, 250, 89, 71, 240,
75 173, 212, 162, 175, 156, 164, 114, 192,
76 183, 253, 147, 38, 54, 63, 247, 204,
77 52, 165, 229, 241, 113, 216, 49, 21,
78 4, 199, 35, 195, 24, 150, 5, 154,
79 7, 18, 128, 226, 235, 39, 178, 117,
80 9, 131, 44, 26, 27, 110, 90, 160,
81 82, 59, 214, 179, 41, 227, 47, 132,
82 83, 209, 0, 237, 32, 252, 177, 91,
83 106, 203, 190, 57, 74, 76, 88, 207,
84 208, 239, 170, 251, 67, 77, 51, 133,
85 69, 249, 2, 127, 80, 60, 159, 168,
86 81, 163, 64, 143, 146, 157, 56, 245,
87 188, 182, 218, 33, 16, 255, 243, 210,
88 205, 12, 19, 236, 95, 151, 68, 23,
89 196, 167, 126, 61, 100, 93, 25, 115,
90 96, 129, 79, 220, 34, 42, 144, 136,
91 70, 238, 184, 20, 222, 94, 11, 219,
92 224, 50, 58, 10, 73, 6, 36, 92,
93 194, 211, 172, 98, 145, 149, 228, 121,
94 231, 200, 55, 109, 141, 213, 78, 169,
95 108, 86, 244, 234, 101, 122, 174, 8,
96 186, 120, 37, 46, 28, 166, 180, 198,
97 232, 221, 116, 31, 75, 189, 139, 138,
98 112, 62, 181, 102, 72, 3, 246, 14,
99 97, 53, 87, 185, 134, 193, 29, 158,
100 225, 248, 152, 17, 105, 217, 142, 148,
101 155, 30, 135, 233, 206, 85, 40, 223,
102 140, 161, 137, 13, 191, 230, 66, 104,
103 65, 153, 45, 15, 176, 84, 187, 22
104};
105
106
107static const byte T1[256][4] = {
108 { 0xc6,0x63,0x63,0xa5 }, { 0xf8,0x7c,0x7c,0x84 },
109 { 0xee,0x77,0x77,0x99 }, { 0xf6,0x7b,0x7b,0x8d },
110 { 0xff,0xf2,0xf2,0x0d }, { 0xd6,0x6b,0x6b,0xbd },
111 { 0xde,0x6f,0x6f,0xb1 }, { 0x91,0xc5,0xc5,0x54 },
112 { 0x60,0x30,0x30,0x50 }, { 0x02,0x01,0x01,0x03 },
113 { 0xce,0x67,0x67,0xa9 }, { 0x56,0x2b,0x2b,0x7d },
114 { 0xe7,0xfe,0xfe,0x19 }, { 0xb5,0xd7,0xd7,0x62 },
115 { 0x4d,0xab,0xab,0xe6 }, { 0xec,0x76,0x76,0x9a },
116 { 0x8f,0xca,0xca,0x45 }, { 0x1f,0x82,0x82,0x9d },
117 { 0x89,0xc9,0xc9,0x40 }, { 0xfa,0x7d,0x7d,0x87 },
118 { 0xef,0xfa,0xfa,0x15 }, { 0xb2,0x59,0x59,0xeb },
119 { 0x8e,0x47,0x47,0xc9 }, { 0xfb,0xf0,0xf0,0x0b },
120 { 0x41,0xad,0xad,0xec }, { 0xb3,0xd4,0xd4,0x67 },
121 { 0x5f,0xa2,0xa2,0xfd }, { 0x45,0xaf,0xaf,0xea },
122 { 0x23,0x9c,0x9c,0xbf }, { 0x53,0xa4,0xa4,0xf7 },
123 { 0xe4,0x72,0x72,0x96 }, { 0x9b,0xc0,0xc0,0x5b },
124 { 0x75,0xb7,0xb7,0xc2 }, { 0xe1,0xfd,0xfd,0x1c },
125 { 0x3d,0x93,0x93,0xae }, { 0x4c,0x26,0x26,0x6a },
126 { 0x6c,0x36,0x36,0x5a }, { 0x7e,0x3f,0x3f,0x41 },
127 { 0xf5,0xf7,0xf7,0x02 }, { 0x83,0xcc,0xcc,0x4f },
128 { 0x68,0x34,0x34,0x5c }, { 0x51,0xa5,0xa5,0xf4 },
129 { 0xd1,0xe5,0xe5,0x34 }, { 0xf9,0xf1,0xf1,0x08 },
130 { 0xe2,0x71,0x71,0x93 }, { 0xab,0xd8,0xd8,0x73 },
131 { 0x62,0x31,0x31,0x53 }, { 0x2a,0x15,0x15,0x3f },
132 { 0x08,0x04,0x04,0x0c }, { 0x95,0xc7,0xc7,0x52 },
133 { 0x46,0x23,0x23,0x65 }, { 0x9d,0xc3,0xc3,0x5e },
134 { 0x30,0x18,0x18,0x28 }, { 0x37,0x96,0x96,0xa1 },
135 { 0x0a,0x05,0x05,0x0f }, { 0x2f,0x9a,0x9a,0xb5 },
136 { 0x0e,0x07,0x07,0x09 }, { 0x24,0x12,0x12,0x36 },
137 { 0x1b,0x80,0x80,0x9b }, { 0xdf,0xe2,0xe2,0x3d },
138 { 0xcd,0xeb,0xeb,0x26 }, { 0x4e,0x27,0x27,0x69 },
139 { 0x7f,0xb2,0xb2,0xcd }, { 0xea,0x75,0x75,0x9f },
140 { 0x12,0x09,0x09,0x1b }, { 0x1d,0x83,0x83,0x9e },
141 { 0x58,0x2c,0x2c,0x74 }, { 0x34,0x1a,0x1a,0x2e },
142 { 0x36,0x1b,0x1b,0x2d }, { 0xdc,0x6e,0x6e,0xb2 },
143 { 0xb4,0x5a,0x5a,0xee }, { 0x5b,0xa0,0xa0,0xfb },
144 { 0xa4,0x52,0x52,0xf6 }, { 0x76,0x3b,0x3b,0x4d },
145 { 0xb7,0xd6,0xd6,0x61 }, { 0x7d,0xb3,0xb3,0xce },
146 { 0x52,0x29,0x29,0x7b }, { 0xdd,0xe3,0xe3,0x3e },
147 { 0x5e,0x2f,0x2f,0x71 }, { 0x13,0x84,0x84,0x97 },
148 { 0xa6,0x53,0x53,0xf5 }, { 0xb9,0xd1,0xd1,0x68 },
149 { 0x00,0x00,0x00,0x00 }, { 0xc1,0xed,0xed,0x2c },
150 { 0x40,0x20,0x20,0x60 }, { 0xe3,0xfc,0xfc,0x1f },
151 { 0x79,0xb1,0xb1,0xc8 }, { 0xb6,0x5b,0x5b,0xed },
152 { 0xd4,0x6a,0x6a,0xbe }, { 0x8d,0xcb,0xcb,0x46 },
153 { 0x67,0xbe,0xbe,0xd9 }, { 0x72,0x39,0x39,0x4b },
154 { 0x94,0x4a,0x4a,0xde }, { 0x98,0x4c,0x4c,0xd4 },
155 { 0xb0,0x58,0x58,0xe8 }, { 0x85,0xcf,0xcf,0x4a },
156 { 0xbb,0xd0,0xd0,0x6b }, { 0xc5,0xef,0xef,0x2a },
157 { 0x4f,0xaa,0xaa,0xe5 }, { 0xed,0xfb,0xfb,0x16 },
158 { 0x86,0x43,0x43,0xc5 }, { 0x9a,0x4d,0x4d,0xd7 },
159 { 0x66,0x33,0x33,0x55 }, { 0x11,0x85,0x85,0x94 },
160 { 0x8a,0x45,0x45,0xcf }, { 0xe9,0xf9,0xf9,0x10 },
161 { 0x04,0x02,0x02,0x06 }, { 0xfe,0x7f,0x7f,0x81 },
162 { 0xa0,0x50,0x50,0xf0 }, { 0x78,0x3c,0x3c,0x44 },
163 { 0x25,0x9f,0x9f,0xba }, { 0x4b,0xa8,0xa8,0xe3 },
164 { 0xa2,0x51,0x51,0xf3 }, { 0x5d,0xa3,0xa3,0xfe },
165 { 0x80,0x40,0x40,0xc0 }, { 0x05,0x8f,0x8f,0x8a },
166 { 0x3f,0x92,0x92,0xad }, { 0x21,0x9d,0x9d,0xbc },
167 { 0x70,0x38,0x38,0x48 }, { 0xf1,0xf5,0xf5,0x04 },
168 { 0x63,0xbc,0xbc,0xdf }, { 0x77,0xb6,0xb6,0xc1 },
169 { 0xaf,0xda,0xda,0x75 }, { 0x42,0x21,0x21,0x63 },
170 { 0x20,0x10,0x10,0x30 }, { 0xe5,0xff,0xff,0x1a },
171 { 0xfd,0xf3,0xf3,0x0e }, { 0xbf,0xd2,0xd2,0x6d },
172 { 0x81,0xcd,0xcd,0x4c }, { 0x18,0x0c,0x0c,0x14 },
173 { 0x26,0x13,0x13,0x35 }, { 0xc3,0xec,0xec,0x2f },
174 { 0xbe,0x5f,0x5f,0xe1 }, { 0x35,0x97,0x97,0xa2 },
175 { 0x88,0x44,0x44,0xcc }, { 0x2e,0x17,0x17,0x39 },
176 { 0x93,0xc4,0xc4,0x57 }, { 0x55,0xa7,0xa7,0xf2 },
177 { 0xfc,0x7e,0x7e,0x82 }, { 0x7a,0x3d,0x3d,0x47 },
178 { 0xc8,0x64,0x64,0xac }, { 0xba,0x5d,0x5d,0xe7 },
179 { 0x32,0x19,0x19,0x2b }, { 0xe6,0x73,0x73,0x95 },
180 { 0xc0,0x60,0x60,0xa0 }, { 0x19,0x81,0x81,0x98 },
181 { 0x9e,0x4f,0x4f,0xd1 }, { 0xa3,0xdc,0xdc,0x7f },
182 { 0x44,0x22,0x22,0x66 }, { 0x54,0x2a,0x2a,0x7e },
183 { 0x3b,0x90,0x90,0xab }, { 0x0b,0x88,0x88,0x83 },
184 { 0x8c,0x46,0x46,0xca }, { 0xc7,0xee,0xee,0x29 },
185 { 0x6b,0xb8,0xb8,0xd3 }, { 0x28,0x14,0x14,0x3c },
186 { 0xa7,0xde,0xde,0x79 }, { 0xbc,0x5e,0x5e,0xe2 },
187 { 0x16,0x0b,0x0b,0x1d }, { 0xad,0xdb,0xdb,0x76 },
188 { 0xdb,0xe0,0xe0,0x3b }, { 0x64,0x32,0x32,0x56 },
189 { 0x74,0x3a,0x3a,0x4e }, { 0x14,0x0a,0x0a,0x1e },
190 { 0x92,0x49,0x49,0xdb }, { 0x0c,0x06,0x06,0x0a },
191 { 0x48,0x24,0x24,0x6c }, { 0xb8,0x5c,0x5c,0xe4 },
192 { 0x9f,0xc2,0xc2,0x5d }, { 0xbd,0xd3,0xd3,0x6e },
193 { 0x43,0xac,0xac,0xef }, { 0xc4,0x62,0x62,0xa6 },
194 { 0x39,0x91,0x91,0xa8 }, { 0x31,0x95,0x95,0xa4 },
195 { 0xd3,0xe4,0xe4,0x37 }, { 0xf2,0x79,0x79,0x8b },
196 { 0xd5,0xe7,0xe7,0x32 }, { 0x8b,0xc8,0xc8,0x43 },
197 { 0x6e,0x37,0x37,0x59 }, { 0xda,0x6d,0x6d,0xb7 },
198 { 0x01,0x8d,0x8d,0x8c }, { 0xb1,0xd5,0xd5,0x64 },
199 { 0x9c,0x4e,0x4e,0xd2 }, { 0x49,0xa9,0xa9,0xe0 },
200 { 0xd8,0x6c,0x6c,0xb4 }, { 0xac,0x56,0x56,0xfa },
201 { 0xf3,0xf4,0xf4,0x07 }, { 0xcf,0xea,0xea,0x25 },
202 { 0xca,0x65,0x65,0xaf }, { 0xf4,0x7a,0x7a,0x8e },
203 { 0x47,0xae,0xae,0xe9 }, { 0x10,0x08,0x08,0x18 },
204 { 0x6f,0xba,0xba,0xd5 }, { 0xf0,0x78,0x78,0x88 },
205 { 0x4a,0x25,0x25,0x6f }, { 0x5c,0x2e,0x2e,0x72 },
206 { 0x38,0x1c,0x1c,0x24 }, { 0x57,0xa6,0xa6,0xf1 },
207 { 0x73,0xb4,0xb4,0xc7 }, { 0x97,0xc6,0xc6,0x51 },
208 { 0xcb,0xe8,0xe8,0x23 }, { 0xa1,0xdd,0xdd,0x7c },
209 { 0xe8,0x74,0x74,0x9c }, { 0x3e,0x1f,0x1f,0x21 },
210 { 0x96,0x4b,0x4b,0xdd }, { 0x61,0xbd,0xbd,0xdc },
211 { 0x0d,0x8b,0x8b,0x86 }, { 0x0f,0x8a,0x8a,0x85 },
212 { 0xe0,0x70,0x70,0x90 }, { 0x7c,0x3e,0x3e,0x42 },
213 { 0x71,0xb5,0xb5,0xc4 }, { 0xcc,0x66,0x66,0xaa },
214 { 0x90,0x48,0x48,0xd8 }, { 0x06,0x03,0x03,0x05 },
215 { 0xf7,0xf6,0xf6,0x01 }, { 0x1c,0x0e,0x0e,0x12 },
216 { 0xc2,0x61,0x61,0xa3 }, { 0x6a,0x35,0x35,0x5f },
217 { 0xae,0x57,0x57,0xf9 }, { 0x69,0xb9,0xb9,0xd0 },
218 { 0x17,0x86,0x86,0x91 }, { 0x99,0xc1,0xc1,0x58 },
219 { 0x3a,0x1d,0x1d,0x27 }, { 0x27,0x9e,0x9e,0xb9 },
220 { 0xd9,0xe1,0xe1,0x38 }, { 0xeb,0xf8,0xf8,0x13 },
221 { 0x2b,0x98,0x98,0xb3 }, { 0x22,0x11,0x11,0x33 },
222 { 0xd2,0x69,0x69,0xbb }, { 0xa9,0xd9,0xd9,0x70 },
223 { 0x07,0x8e,0x8e,0x89 }, { 0x33,0x94,0x94,0xa7 },
224 { 0x2d,0x9b,0x9b,0xb6 }, { 0x3c,0x1e,0x1e,0x22 },
225 { 0x15,0x87,0x87,0x92 }, { 0xc9,0xe9,0xe9,0x20 },
226 { 0x87,0xce,0xce,0x49 }, { 0xaa,0x55,0x55,0xff },
227 { 0x50,0x28,0x28,0x78 }, { 0xa5,0xdf,0xdf,0x7a },
228 { 0x03,0x8c,0x8c,0x8f }, { 0x59,0xa1,0xa1,0xf8 },
229 { 0x09,0x89,0x89,0x80 }, { 0x1a,0x0d,0x0d,0x17 },
230 { 0x65,0xbf,0xbf,0xda }, { 0xd7,0xe6,0xe6,0x31 },
231 { 0x84,0x42,0x42,0xc6 }, { 0xd0,0x68,0x68,0xb8 },
232 { 0x82,0x41,0x41,0xc3 }, { 0x29,0x99,0x99,0xb0 },
233 { 0x5a,0x2d,0x2d,0x77 }, { 0x1e,0x0f,0x0f,0x11 },
234 { 0x7b,0xb0,0xb0,0xcb }, { 0xa8,0x54,0x54,0xfc },
235 { 0x6d,0xbb,0xbb,0xd6 }, { 0x2c,0x16,0x16,0x3a }
236};
237
238static const byte T2[256][4] = {
239 { 0xa5,0xc6,0x63,0x63 }, { 0x84,0xf8,0x7c,0x7c },
240 { 0x99,0xee,0x77,0x77 }, { 0x8d,0xf6,0x7b,0x7b },
241 { 0x0d,0xff,0xf2,0xf2 }, { 0xbd,0xd6,0x6b,0x6b },
242 { 0xb1,0xde,0x6f,0x6f }, { 0x54,0x91,0xc5,0xc5 },
243 { 0x50,0x60,0x30,0x30 }, { 0x03,0x02,0x01,0x01 },
244 { 0xa9,0xce,0x67,0x67 }, { 0x7d,0x56,0x2b,0x2b },
245 { 0x19,0xe7,0xfe,0xfe }, { 0x62,0xb5,0xd7,0xd7 },
246 { 0xe6,0x4d,0xab,0xab }, { 0x9a,0xec,0x76,0x76 },
247 { 0x45,0x8f,0xca,0xca }, { 0x9d,0x1f,0x82,0x82 },
248 { 0x40,0x89,0xc9,0xc9 }, { 0x87,0xfa,0x7d,0x7d },
249 { 0x15,0xef,0xfa,0xfa }, { 0xeb,0xb2,0x59,0x59 },
250 { 0xc9,0x8e,0x47,0x47 }, { 0x0b,0xfb,0xf0,0xf0 },
251 { 0xec,0x41,0xad,0xad }, { 0x67,0xb3,0xd4,0xd4 },
252 { 0xfd,0x5f,0xa2,0xa2 }, { 0xea,0x45,0xaf,0xaf },
253 { 0xbf,0x23,0x9c,0x9c }, { 0xf7,0x53,0xa4,0xa4 },
254 { 0x96,0xe4,0x72,0x72 }, { 0x5b,0x9b,0xc0,0xc0 },
255 { 0xc2,0x75,0xb7,0xb7 }, { 0x1c,0xe1,0xfd,0xfd },
256 { 0xae,0x3d,0x93,0x93 }, { 0x6a,0x4c,0x26,0x26 },
257 { 0x5a,0x6c,0x36,0x36 }, { 0x41,0x7e,0x3f,0x3f },
258 { 0x02,0xf5,0xf7,0xf7 }, { 0x4f,0x83,0xcc,0xcc },
259 { 0x5c,0x68,0x34,0x34 }, { 0xf4,0x51,0xa5,0xa5 },
260 { 0x34,0xd1,0xe5,0xe5 }, { 0x08,0xf9,0xf1,0xf1 },
261 { 0x93,0xe2,0x71,0x71 }, { 0x73,0xab,0xd8,0xd8 },
262 { 0x53,0x62,0x31,0x31 }, { 0x3f,0x2a,0x15,0x15 },
263 { 0x0c,0x08,0x04,0x04 }, { 0x52,0x95,0xc7,0xc7 },
264 { 0x65,0x46,0x23,0x23 }, { 0x5e,0x9d,0xc3,0xc3 },
265 { 0x28,0x30,0x18,0x18 }, { 0xa1,0x37,0x96,0x96 },
266 { 0x0f,0x0a,0x05,0x05 }, { 0xb5,0x2f,0x9a,0x9a },
267 { 0x09,0x0e,0x07,0x07 }, { 0x36,0x24,0x12,0x12 },
268 { 0x9b,0x1b,0x80,0x80 }, { 0x3d,0xdf,0xe2,0xe2 },
269 { 0x26,0xcd,0xeb,0xeb }, { 0x69,0x4e,0x27,0x27 },
270 { 0xcd,0x7f,0xb2,0xb2 }, { 0x9f,0xea,0x75,0x75 },
271 { 0x1b,0x12,0x09,0x09 }, { 0x9e,0x1d,0x83,0x83 },
272 { 0x74,0x58,0x2c,0x2c }, { 0x2e,0x34,0x1a,0x1a },
273 { 0x2d,0x36,0x1b,0x1b }, { 0xb2,0xdc,0x6e,0x6e },
274 { 0xee,0xb4,0x5a,0x5a }, { 0xfb,0x5b,0xa0,0xa0 },
275 { 0xf6,0xa4,0x52,0x52 }, { 0x4d,0x76,0x3b,0x3b },
276 { 0x61,0xb7,0xd6,0xd6 }, { 0xce,0x7d,0xb3,0xb3 },
277 { 0x7b,0x52,0x29,0x29 }, { 0x3e,0xdd,0xe3,0xe3 },
278 { 0x71,0x5e,0x2f,0x2f }, { 0x97,0x13,0x84,0x84 },
279 { 0xf5,0xa6,0x53,0x53 }, { 0x68,0xb9,0xd1,0xd1 },
280 { 0x00,0x00,0x00,0x00 }, { 0x2c,0xc1,0xed,0xed },
281 { 0x60,0x40,0x20,0x20 }, { 0x1f,0xe3,0xfc,0xfc },
282 { 0xc8,0x79,0xb1,0xb1 }, { 0xed,0xb6,0x5b,0x5b },
283 { 0xbe,0xd4,0x6a,0x6a }, { 0x46,0x8d,0xcb,0xcb },
284 { 0xd9,0x67,0xbe,0xbe }, { 0x4b,0x72,0x39,0x39 },
285 { 0xde,0x94,0x4a,0x4a }, { 0xd4,0x98,0x4c,0x4c },
286 { 0xe8,0xb0,0x58,0x58 }, { 0x4a,0x85,0xcf,0xcf },
287 { 0x6b,0xbb,0xd0,0xd0 }, { 0x2a,0xc5,0xef,0xef },
288 { 0xe5,0x4f,0xaa,0xaa }, { 0x16,0xed,0xfb,0xfb },
289 { 0xc5,0x86,0x43,0x43 }, { 0xd7,0x9a,0x4d,0x4d },
290 { 0x55,0x66,0x33,0x33 }, { 0x94,0x11,0x85,0x85 },
291 { 0xcf,0x8a,0x45,0x45 }, { 0x10,0xe9,0xf9,0xf9 },
292 { 0x06,0x04,0x02,0x02 }, { 0x81,0xfe,0x7f,0x7f },
293 { 0xf0,0xa0,0x50,0x50 }, { 0x44,0x78,0x3c,0x3c },
294 { 0xba,0x25,0x9f,0x9f }, { 0xe3,0x4b,0xa8,0xa8 },
295 { 0xf3,0xa2,0x51,0x51 }, { 0xfe,0x5d,0xa3,0xa3 },
296 { 0xc0,0x80,0x40,0x40 }, { 0x8a,0x05,0x8f,0x8f },
297 { 0xad,0x3f,0x92,0x92 }, { 0xbc,0x21,0x9d,0x9d },
298 { 0x48,0x70,0x38,0x38 }, { 0x04,0xf1,0xf5,0xf5 },
299 { 0xdf,0x63,0xbc,0xbc }, { 0xc1,0x77,0xb6,0xb6 },
300 { 0x75,0xaf,0xda,0xda }, { 0x63,0x42,0x21,0x21 },
301 { 0x30,0x20,0x10,0x10 }, { 0x1a,0xe5,0xff,0xff },
302 { 0x0e,0xfd,0xf3,0xf3 }, { 0x6d,0xbf,0xd2,0xd2 },
303 { 0x4c,0x81,0xcd,0xcd }, { 0x14,0x18,0x0c,0x0c },
304 { 0x35,0x26,0x13,0x13 }, { 0x2f,0xc3,0xec,0xec },
305 { 0xe1,0xbe,0x5f,0x5f }, { 0xa2,0x35,0x97,0x97 },
306 { 0xcc,0x88,0x44,0x44 }, { 0x39,0x2e,0x17,0x17 },
307 { 0x57,0x93,0xc4,0xc4 }, { 0xf2,0x55,0xa7,0xa7 },
308 { 0x82,0xfc,0x7e,0x7e }, { 0x47,0x7a,0x3d,0x3d },
309 { 0xac,0xc8,0x64,0x64 }, { 0xe7,0xba,0x5d,0x5d },
310 { 0x2b,0x32,0x19,0x19 }, { 0x95,0xe6,0x73,0x73 },
311 { 0xa0,0xc0,0x60,0x60 }, { 0x98,0x19,0x81,0x81 },
312 { 0xd1,0x9e,0x4f,0x4f }, { 0x7f,0xa3,0xdc,0xdc },
313 { 0x66,0x44,0x22,0x22 }, { 0x7e,0x54,0x2a,0x2a },
314 { 0xab,0x3b,0x90,0x90 }, { 0x83,0x0b,0x88,0x88 },
315 { 0xca,0x8c,0x46,0x46 }, { 0x29,0xc7,0xee,0xee },
316 { 0xd3,0x6b,0xb8,0xb8 }, { 0x3c,0x28,0x14,0x14 },
317 { 0x79,0xa7,0xde,0xde }, { 0xe2,0xbc,0x5e,0x5e },
318 { 0x1d,0x16,0x0b,0x0b }, { 0x76,0xad,0xdb,0xdb },
319 { 0x3b,0xdb,0xe0,0xe0 }, { 0x56,0x64,0x32,0x32 },
320 { 0x4e,0x74,0x3a,0x3a }, { 0x1e,0x14,0x0a,0x0a },
321 { 0xdb,0x92,0x49,0x49 }, { 0x0a,0x0c,0x06,0x06 },
322 { 0x6c,0x48,0x24,0x24 }, { 0xe4,0xb8,0x5c,0x5c },
323 { 0x5d,0x9f,0xc2,0xc2 }, { 0x6e,0xbd,0xd3,0xd3 },
324 { 0xef,0x43,0xac,0xac }, { 0xa6,0xc4,0x62,0x62 },
325 { 0xa8,0x39,0x91,0x91 }, { 0xa4,0x31,0x95,0x95 },
326 { 0x37,0xd3,0xe4,0xe4 }, { 0x8b,0xf2,0x79,0x79 },
327 { 0x32,0xd5,0xe7,0xe7 }, { 0x43,0x8b,0xc8,0xc8 },
328 { 0x59,0x6e,0x37,0x37 }, { 0xb7,0xda,0x6d,0x6d },
329 { 0x8c,0x01,0x8d,0x8d }, { 0x64,0xb1,0xd5,0xd5 },
330 { 0xd2,0x9c,0x4e,0x4e }, { 0xe0,0x49,0xa9,0xa9 },
331 { 0xb4,0xd8,0x6c,0x6c }, { 0xfa,0xac,0x56,0x56 },
332 { 0x07,0xf3,0xf4,0xf4 }, { 0x25,0xcf,0xea,0xea },
333 { 0xaf,0xca,0x65,0x65 }, { 0x8e,0xf4,0x7a,0x7a },
334 { 0xe9,0x47,0xae,0xae }, { 0x18,0x10,0x08,0x08 },
335 { 0xd5,0x6f,0xba,0xba }, { 0x88,0xf0,0x78,0x78 },
336 { 0x6f,0x4a,0x25,0x25 }, { 0x72,0x5c,0x2e,0x2e },
337 { 0x24,0x38,0x1c,0x1c }, { 0xf1,0x57,0xa6,0xa6 },
338 { 0xc7,0x73,0xb4,0xb4 }, { 0x51,0x97,0xc6,0xc6 },
339 { 0x23,0xcb,0xe8,0xe8 }, { 0x7c,0xa1,0xdd,0xdd },
340 { 0x9c,0xe8,0x74,0x74 }, { 0x21,0x3e,0x1f,0x1f },
341 { 0xdd,0x96,0x4b,0x4b }, { 0xdc,0x61,0xbd,0xbd },
342 { 0x86,0x0d,0x8b,0x8b }, { 0x85,0x0f,0x8a,0x8a },
343 { 0x90,0xe0,0x70,0x70 }, { 0x42,0x7c,0x3e,0x3e },
344 { 0xc4,0x71,0xb5,0xb5 }, { 0xaa,0xcc,0x66,0x66 },
345 { 0xd8,0x90,0x48,0x48 }, { 0x05,0x06,0x03,0x03 },
346 { 0x01,0xf7,0xf6,0xf6 }, { 0x12,0x1c,0x0e,0x0e },
347 { 0xa3,0xc2,0x61,0x61 }, { 0x5f,0x6a,0x35,0x35 },
348 { 0xf9,0xae,0x57,0x57 }, { 0xd0,0x69,0xb9,0xb9 },
349 { 0x91,0x17,0x86,0x86 }, { 0x58,0x99,0xc1,0xc1 },
350 { 0x27,0x3a,0x1d,0x1d }, { 0xb9,0x27,0x9e,0x9e },
351 { 0x38,0xd9,0xe1,0xe1 }, { 0x13,0xeb,0xf8,0xf8 },
352 { 0xb3,0x2b,0x98,0x98 }, { 0x33,0x22,0x11,0x11 },
353 { 0xbb,0xd2,0x69,0x69 }, { 0x70,0xa9,0xd9,0xd9 },
354 { 0x89,0x07,0x8e,0x8e }, { 0xa7,0x33,0x94,0x94 },
355 { 0xb6,0x2d,0x9b,0x9b }, { 0x22,0x3c,0x1e,0x1e },
356 { 0x92,0x15,0x87,0x87 }, { 0x20,0xc9,0xe9,0xe9 },
357 { 0x49,0x87,0xce,0xce }, { 0xff,0xaa,0x55,0x55 },
358 { 0x78,0x50,0x28,0x28 }, { 0x7a,0xa5,0xdf,0xdf },
359 { 0x8f,0x03,0x8c,0x8c }, { 0xf8,0x59,0xa1,0xa1 },
360 { 0x80,0x09,0x89,0x89 }, { 0x17,0x1a,0x0d,0x0d },
361 { 0xda,0x65,0xbf,0xbf }, { 0x31,0xd7,0xe6,0xe6 },
362 { 0xc6,0x84,0x42,0x42 }, { 0xb8,0xd0,0x68,0x68 },
363 { 0xc3,0x82,0x41,0x41 }, { 0xb0,0x29,0x99,0x99 },
364 { 0x77,0x5a,0x2d,0x2d }, { 0x11,0x1e,0x0f,0x0f },
365 { 0xcb,0x7b,0xb0,0xb0 }, { 0xfc,0xa8,0x54,0x54 },
366 { 0xd6,0x6d,0xbb,0xbb }, { 0x3a,0x2c,0x16,0x16 }
367};
368
369static const byte T3[256][4] = {
370 { 0x63,0xa5,0xc6,0x63 }, { 0x7c,0x84,0xf8,0x7c },
371 { 0x77,0x99,0xee,0x77 }, { 0x7b,0x8d,0xf6,0x7b },
372 { 0xf2,0x0d,0xff,0xf2 }, { 0x6b,0xbd,0xd6,0x6b },
373 { 0x6f,0xb1,0xde,0x6f }, { 0xc5,0x54,0x91,0xc5 },
374 { 0x30,0x50,0x60,0x30 }, { 0x01,0x03,0x02,0x01 },
375 { 0x67,0xa9,0xce,0x67 }, { 0x2b,0x7d,0x56,0x2b },
376 { 0xfe,0x19,0xe7,0xfe }, { 0xd7,0x62,0xb5,0xd7 },
377 { 0xab,0xe6,0x4d,0xab }, { 0x76,0x9a,0xec,0x76 },
378 { 0xca,0x45,0x8f,0xca }, { 0x82,0x9d,0x1f,0x82 },
379 { 0xc9,0x40,0x89,0xc9 }, { 0x7d,0x87,0xfa,0x7d },
380 { 0xfa,0x15,0xef,0xfa }, { 0x59,0xeb,0xb2,0x59 },
381 { 0x47,0xc9,0x8e,0x47 }, { 0xf0,0x0b,0xfb,0xf0 },
382 { 0xad,0xec,0x41,0xad }, { 0xd4,0x67,0xb3,0xd4 },
383 { 0xa2,0xfd,0x5f,0xa2 }, { 0xaf,0xea,0x45,0xaf },
384 { 0x9c,0xbf,0x23,0x9c }, { 0xa4,0xf7,0x53,0xa4 },
385 { 0x72,0x96,0xe4,0x72 }, { 0xc0,0x5b,0x9b,0xc0 },
386 { 0xb7,0xc2,0x75,0xb7 }, { 0xfd,0x1c,0xe1,0xfd },
387 { 0x93,0xae,0x3d,0x93 }, { 0x26,0x6a,0x4c,0x26 },
388 { 0x36,0x5a,0x6c,0x36 }, { 0x3f,0x41,0x7e,0x3f },
389 { 0xf7,0x02,0xf5,0xf7 }, { 0xcc,0x4f,0x83,0xcc },
390 { 0x34,0x5c,0x68,0x34 }, { 0xa5,0xf4,0x51,0xa5 },
391 { 0xe5,0x34,0xd1,0xe5 }, { 0xf1,0x08,0xf9,0xf1 },
392 { 0x71,0x93,0xe2,0x71 }, { 0xd8,0x73,0xab,0xd8 },
393 { 0x31,0x53,0x62,0x31 }, { 0x15,0x3f,0x2a,0x15 },
394 { 0x04,0x0c,0x08,0x04 }, { 0xc7,0x52,0x95,0xc7 },
395 { 0x23,0x65,0x46,0x23 }, { 0xc3,0x5e,0x9d,0xc3 },
396 { 0x18,0x28,0x30,0x18 }, { 0x96,0xa1,0x37,0x96 },
397 { 0x05,0x0f,0x0a,0x05 }, { 0x9a,0xb5,0x2f,0x9a },
398 { 0x07,0x09,0x0e,0x07 }, { 0x12,0x36,0x24,0x12 },
399 { 0x80,0x9b,0x1b,0x80 }, { 0xe2,0x3d,0xdf,0xe2 },
400 { 0xeb,0x26,0xcd,0xeb }, { 0x27,0x69,0x4e,0x27 },
401 { 0xb2,0xcd,0x7f,0xb2 }, { 0x75,0x9f,0xea,0x75 },
402 { 0x09,0x1b,0x12,0x09 }, { 0x83,0x9e,0x1d,0x83 },
403 { 0x2c,0x74,0x58,0x2c }, { 0x1a,0x2e,0x34,0x1a },
404 { 0x1b,0x2d,0x36,0x1b }, { 0x6e,0xb2,0xdc,0x6e },
405 { 0x5a,0xee,0xb4,0x5a }, { 0xa0,0xfb,0x5b,0xa0 },
406 { 0x52,0xf6,0xa4,0x52 }, { 0x3b,0x4d,0x76,0x3b },
407 { 0xd6,0x61,0xb7,0xd6 }, { 0xb3,0xce,0x7d,0xb3 },
408 { 0x29,0x7b,0x52,0x29 }, { 0xe3,0x3e,0xdd,0xe3 },
409 { 0x2f,0x71,0x5e,0x2f }, { 0x84,0x97,0x13,0x84 },
410 { 0x53,0xf5,0xa6,0x53 }, { 0xd1,0x68,0xb9,0xd1 },
411 { 0x00,0x00,0x00,0x00 }, { 0xed,0x2c,0xc1,0xed },
412 { 0x20,0x60,0x40,0x20 }, { 0xfc,0x1f,0xe3,0xfc },
413 { 0xb1,0xc8,0x79,0xb1 }, { 0x5b,0xed,0xb6,0x5b },
414 { 0x6a,0xbe,0xd4,0x6a }, { 0xcb,0x46,0x8d,0xcb },
415 { 0xbe,0xd9,0x67,0xbe }, { 0x39,0x4b,0x72,0x39 },
416 { 0x4a,0xde,0x94,0x4a }, { 0x4c,0xd4,0x98,0x4c },
417 { 0x58,0xe8,0xb0,0x58 }, { 0xcf,0x4a,0x85,0xcf },
418 { 0xd0,0x6b,0xbb,0xd0 }, { 0xef,0x2a,0xc5,0xef },
419 { 0xaa,0xe5,0x4f,0xaa }, { 0xfb,0x16,0xed,0xfb },
420 { 0x43,0xc5,0x86,0x43 }, { 0x4d,0xd7,0x9a,0x4d },
421 { 0x33,0x55,0x66,0x33 }, { 0x85,0x94,0x11,0x85 },
422 { 0x45,0xcf,0x8a,0x45 }, { 0xf9,0x10,0xe9,0xf9 },
423 { 0x02,0x06,0x04,0x02 }, { 0x7f,0x81,0xfe,0x7f },
424 { 0x50,0xf0,0xa0,0x50 }, { 0x3c,0x44,0x78,0x3c },
425 { 0x9f,0xba,0x25,0x9f }, { 0xa8,0xe3,0x4b,0xa8 },
426 { 0x51,0xf3,0xa2,0x51 }, { 0xa3,0xfe,0x5d,0xa3 },
427 { 0x40,0xc0,0x80,0x40 }, { 0x8f,0x8a,0x05,0x8f },
428 { 0x92,0xad,0x3f,0x92 }, { 0x9d,0xbc,0x21,0x9d },
429 { 0x38,0x48,0x70,0x38 }, { 0xf5,0x04,0xf1,0xf5 },
430 { 0xbc,0xdf,0x63,0xbc }, { 0xb6,0xc1,0x77,0xb6 },
431 { 0xda,0x75,0xaf,0xda }, { 0x21,0x63,0x42,0x21 },
432 { 0x10,0x30,0x20,0x10 }, { 0xff,0x1a,0xe5,0xff },
433 { 0xf3,0x0e,0xfd,0xf3 }, { 0xd2,0x6d,0xbf,0xd2 },
434 { 0xcd,0x4c,0x81,0xcd }, { 0x0c,0x14,0x18,0x0c },
435 { 0x13,0x35,0x26,0x13 }, { 0xec,0x2f,0xc3,0xec },
436 { 0x5f,0xe1,0xbe,0x5f }, { 0x97,0xa2,0x35,0x97 },
437 { 0x44,0xcc,0x88,0x44 }, { 0x17,0x39,0x2e,0x17 },
438 { 0xc4,0x57,0x93,0xc4 }, { 0xa7,0xf2,0x55,0xa7 },
439 { 0x7e,0x82,0xfc,0x7e }, { 0x3d,0x47,0x7a,0x3d },
440 { 0x64,0xac,0xc8,0x64 }, { 0x5d,0xe7,0xba,0x5d },
441 { 0x19,0x2b,0x32,0x19 }, { 0x73,0x95,0xe6,0x73 },
442 { 0x60,0xa0,0xc0,0x60 }, { 0x81,0x98,0x19,0x81 },
443 { 0x4f,0xd1,0x9e,0x4f }, { 0xdc,0x7f,0xa3,0xdc },
444 { 0x22,0x66,0x44,0x22 }, { 0x2a,0x7e,0x54,0x2a },
445 { 0x90,0xab,0x3b,0x90 }, { 0x88,0x83,0x0b,0x88 },
446 { 0x46,0xca,0x8c,0x46 }, { 0xee,0x29,0xc7,0xee },
447 { 0xb8,0xd3,0x6b,0xb8 }, { 0x14,0x3c,0x28,0x14 },
448 { 0xde,0x79,0xa7,0xde }, { 0x5e,0xe2,0xbc,0x5e },
449 { 0x0b,0x1d,0x16,0x0b }, { 0xdb,0x76,0xad,0xdb },
450 { 0xe0,0x3b,0xdb,0xe0 }, { 0x32,0x56,0x64,0x32 },
451 { 0x3a,0x4e,0x74,0x3a }, { 0x0a,0x1e,0x14,0x0a },
452 { 0x49,0xdb,0x92,0x49 }, { 0x06,0x0a,0x0c,0x06 },
453 { 0x24,0x6c,0x48,0x24 }, { 0x5c,0xe4,0xb8,0x5c },
454 { 0xc2,0x5d,0x9f,0xc2 }, { 0xd3,0x6e,0xbd,0xd3 },
455 { 0xac,0xef,0x43,0xac }, { 0x62,0xa6,0xc4,0x62 },
456 { 0x91,0xa8,0x39,0x91 }, { 0x95,0xa4,0x31,0x95 },
457 { 0xe4,0x37,0xd3,0xe4 }, { 0x79,0x8b,0xf2,0x79 },
458 { 0xe7,0x32,0xd5,0xe7 }, { 0xc8,0x43,0x8b,0xc8 },
459 { 0x37,0x59,0x6e,0x37 }, { 0x6d,0xb7,0xda,0x6d },
460 { 0x8d,0x8c,0x01,0x8d }, { 0xd5,0x64,0xb1,0xd5 },
461 { 0x4e,0xd2,0x9c,0x4e }, { 0xa9,0xe0,0x49,0xa9 },
462 { 0x6c,0xb4,0xd8,0x6c }, { 0x56,0xfa,0xac,0x56 },
463 { 0xf4,0x07,0xf3,0xf4 }, { 0xea,0x25,0xcf,0xea },
464 { 0x65,0xaf,0xca,0x65 }, { 0x7a,0x8e,0xf4,0x7a },
465 { 0xae,0xe9,0x47,0xae }, { 0x08,0x18,0x10,0x08 },
466 { 0xba,0xd5,0x6f,0xba }, { 0x78,0x88,0xf0,0x78 },
467 { 0x25,0x6f,0x4a,0x25 }, { 0x2e,0x72,0x5c,0x2e },
468 { 0x1c,0x24,0x38,0x1c }, { 0xa6,0xf1,0x57,0xa6 },
469 { 0xb4,0xc7,0x73,0xb4 }, { 0xc6,0x51,0x97,0xc6 },
470 { 0xe8,0x23,0xcb,0xe8 }, { 0xdd,0x7c,0xa1,0xdd },
471 { 0x74,0x9c,0xe8,0x74 }, { 0x1f,0x21,0x3e,0x1f },
472 { 0x4b,0xdd,0x96,0x4b }, { 0xbd,0xdc,0x61,0xbd },
473 { 0x8b,0x86,0x0d,0x8b }, { 0x8a,0x85,0x0f,0x8a },
474 { 0x70,0x90,0xe0,0x70 }, { 0x3e,0x42,0x7c,0x3e },
475 { 0xb5,0xc4,0x71,0xb5 }, { 0x66,0xaa,0xcc,0x66 },
476 { 0x48,0xd8,0x90,0x48 }, { 0x03,0x05,0x06,0x03 },
477 { 0xf6,0x01,0xf7,0xf6 }, { 0x0e,0x12,0x1c,0x0e },
478 { 0x61,0xa3,0xc2,0x61 }, { 0x35,0x5f,0x6a,0x35 },
479 { 0x57,0xf9,0xae,0x57 }, { 0xb9,0xd0,0x69,0xb9 },
480 { 0x86,0x91,0x17,0x86 }, { 0xc1,0x58,0x99,0xc1 },
481 { 0x1d,0x27,0x3a,0x1d }, { 0x9e,0xb9,0x27,0x9e },
482 { 0xe1,0x38,0xd9,0xe1 }, { 0xf8,0x13,0xeb,0xf8 },
483 { 0x98,0xb3,0x2b,0x98 }, { 0x11,0x33,0x22,0x11 },
484 { 0x69,0xbb,0xd2,0x69 }, { 0xd9,0x70,0xa9,0xd9 },
485 { 0x8e,0x89,0x07,0x8e }, { 0x94,0xa7,0x33,0x94 },
486 { 0x9b,0xb6,0x2d,0x9b }, { 0x1e,0x22,0x3c,0x1e },
487 { 0x87,0x92,0x15,0x87 }, { 0xe9,0x20,0xc9,0xe9 },
488 { 0xce,0x49,0x87,0xce }, { 0x55,0xff,0xaa,0x55 },
489 { 0x28,0x78,0x50,0x28 }, { 0xdf,0x7a,0xa5,0xdf },
490 { 0x8c,0x8f,0x03,0x8c }, { 0xa1,0xf8,0x59,0xa1 },
491 { 0x89,0x80,0x09,0x89 }, { 0x0d,0x17,0x1a,0x0d },
492 { 0xbf,0xda,0x65,0xbf }, { 0xe6,0x31,0xd7,0xe6 },
493 { 0x42,0xc6,0x84,0x42 }, { 0x68,0xb8,0xd0,0x68 },
494 { 0x41,0xc3,0x82,0x41 }, { 0x99,0xb0,0x29,0x99 },
495 { 0x2d,0x77,0x5a,0x2d }, { 0x0f,0x11,0x1e,0x0f },
496 { 0xb0,0xcb,0x7b,0xb0 }, { 0x54,0xfc,0xa8,0x54 },
497 { 0xbb,0xd6,0x6d,0xbb }, { 0x16,0x3a,0x2c,0x16 }
498};
499
500static const byte T4[256][4] = {
501 { 0x63,0x63,0xa5,0xc6 }, { 0x7c,0x7c,0x84,0xf8 },
502 { 0x77,0x77,0x99,0xee }, { 0x7b,0x7b,0x8d,0xf6 },
503 { 0xf2,0xf2,0x0d,0xff }, { 0x6b,0x6b,0xbd,0xd6 },
504 { 0x6f,0x6f,0xb1,0xde }, { 0xc5,0xc5,0x54,0x91 },
505 { 0x30,0x30,0x50,0x60 }, { 0x01,0x01,0x03,0x02 },
506 { 0x67,0x67,0xa9,0xce }, { 0x2b,0x2b,0x7d,0x56 },
507 { 0xfe,0xfe,0x19,0xe7 }, { 0xd7,0xd7,0x62,0xb5 },
508 { 0xab,0xab,0xe6,0x4d }, { 0x76,0x76,0x9a,0xec },
509 { 0xca,0xca,0x45,0x8f }, { 0x82,0x82,0x9d,0x1f },
510 { 0xc9,0xc9,0x40,0x89 }, { 0x7d,0x7d,0x87,0xfa },
511 { 0xfa,0xfa,0x15,0xef }, { 0x59,0x59,0xeb,0xb2 },
512 { 0x47,0x47,0xc9,0x8e }, { 0xf0,0xf0,0x0b,0xfb },
513 { 0xad,0xad,0xec,0x41 }, { 0xd4,0xd4,0x67,0xb3 },
514 { 0xa2,0xa2,0xfd,0x5f }, { 0xaf,0xaf,0xea,0x45 },
515 { 0x9c,0x9c,0xbf,0x23 }, { 0xa4,0xa4,0xf7,0x53 },
516 { 0x72,0x72,0x96,0xe4 }, { 0xc0,0xc0,0x5b,0x9b },
517 { 0xb7,0xb7,0xc2,0x75 }, { 0xfd,0xfd,0x1c,0xe1 },
518 { 0x93,0x93,0xae,0x3d }, { 0x26,0x26,0x6a,0x4c },
519 { 0x36,0x36,0x5a,0x6c }, { 0x3f,0x3f,0x41,0x7e },
520 { 0xf7,0xf7,0x02,0xf5 }, { 0xcc,0xcc,0x4f,0x83 },
521 { 0x34,0x34,0x5c,0x68 }, { 0xa5,0xa5,0xf4,0x51 },
522 { 0xe5,0xe5,0x34,0xd1 }, { 0xf1,0xf1,0x08,0xf9 },
523 { 0x71,0x71,0x93,0xe2 }, { 0xd8,0xd8,0x73,0xab },
524 { 0x31,0x31,0x53,0x62 }, { 0x15,0x15,0x3f,0x2a },
525 { 0x04,0x04,0x0c,0x08 }, { 0xc7,0xc7,0x52,0x95 },
526 { 0x23,0x23,0x65,0x46 }, { 0xc3,0xc3,0x5e,0x9d },
527 { 0x18,0x18,0x28,0x30 }, { 0x96,0x96,0xa1,0x37 },
528 { 0x05,0x05,0x0f,0x0a }, { 0x9a,0x9a,0xb5,0x2f },
529 { 0x07,0x07,0x09,0x0e }, { 0x12,0x12,0x36,0x24 },
530 { 0x80,0x80,0x9b,0x1b }, { 0xe2,0xe2,0x3d,0xdf },
531 { 0xeb,0xeb,0x26,0xcd }, { 0x27,0x27,0x69,0x4e },
532 { 0xb2,0xb2,0xcd,0x7f }, { 0x75,0x75,0x9f,0xea },
533 { 0x09,0x09,0x1b,0x12 }, { 0x83,0x83,0x9e,0x1d },
534 { 0x2c,0x2c,0x74,0x58 }, { 0x1a,0x1a,0x2e,0x34 },
535 { 0x1b,0x1b,0x2d,0x36 }, { 0x6e,0x6e,0xb2,0xdc },
536 { 0x5a,0x5a,0xee,0xb4 }, { 0xa0,0xa0,0xfb,0x5b },
537 { 0x52,0x52,0xf6,0xa4 }, { 0x3b,0x3b,0x4d,0x76 },
538 { 0xd6,0xd6,0x61,0xb7 }, { 0xb3,0xb3,0xce,0x7d },
539 { 0x29,0x29,0x7b,0x52 }, { 0xe3,0xe3,0x3e,0xdd },
540 { 0x2f,0x2f,0x71,0x5e }, { 0x84,0x84,0x97,0x13 },
541 { 0x53,0x53,0xf5,0xa6 }, { 0xd1,0xd1,0x68,0xb9 },
542 { 0x00,0x00,0x00,0x00 }, { 0xed,0xed,0x2c,0xc1 },
543 { 0x20,0x20,0x60,0x40 }, { 0xfc,0xfc,0x1f,0xe3 },
544 { 0xb1,0xb1,0xc8,0x79 }, { 0x5b,0x5b,0xed,0xb6 },
545 { 0x6a,0x6a,0xbe,0xd4 }, { 0xcb,0xcb,0x46,0x8d },
546 { 0xbe,0xbe,0xd9,0x67 }, { 0x39,0x39,0x4b,0x72 },
547 { 0x4a,0x4a,0xde,0x94 }, { 0x4c,0x4c,0xd4,0x98 },
548 { 0x58,0x58,0xe8,0xb0 }, { 0xcf,0xcf,0x4a,0x85 },
549 { 0xd0,0xd0,0x6b,0xbb }, { 0xef,0xef,0x2a,0xc5 },
550 { 0xaa,0xaa,0xe5,0x4f }, { 0xfb,0xfb,0x16,0xed },
551 { 0x43,0x43,0xc5,0x86 }, { 0x4d,0x4d,0xd7,0x9a },
552 { 0x33,0x33,0x55,0x66 }, { 0x85,0x85,0x94,0x11 },
553 { 0x45,0x45,0xcf,0x8a }, { 0xf9,0xf9,0x10,0xe9 },
554 { 0x02,0x02,0x06,0x04 }, { 0x7f,0x7f,0x81,0xfe },
555 { 0x50,0x50,0xf0,0xa0 }, { 0x3c,0x3c,0x44,0x78 },
556 { 0x9f,0x9f,0xba,0x25 }, { 0xa8,0xa8,0xe3,0x4b },
557 { 0x51,0x51,0xf3,0xa2 }, { 0xa3,0xa3,0xfe,0x5d },
558 { 0x40,0x40,0xc0,0x80 }, { 0x8f,0x8f,0x8a,0x05 },
559 { 0x92,0x92,0xad,0x3f }, { 0x9d,0x9d,0xbc,0x21 },
560 { 0x38,0x38,0x48,0x70 }, { 0xf5,0xf5,0x04,0xf1 },
561 { 0xbc,0xbc,0xdf,0x63 }, { 0xb6,0xb6,0xc1,0x77 },
562 { 0xda,0xda,0x75,0xaf }, { 0x21,0x21,0x63,0x42 },
563 { 0x10,0x10,0x30,0x20 }, { 0xff,0xff,0x1a,0xe5 },
564 { 0xf3,0xf3,0x0e,0xfd }, { 0xd2,0xd2,0x6d,0xbf },
565 { 0xcd,0xcd,0x4c,0x81 }, { 0x0c,0x0c,0x14,0x18 },
566 { 0x13,0x13,0x35,0x26 }, { 0xec,0xec,0x2f,0xc3 },
567 { 0x5f,0x5f,0xe1,0xbe }, { 0x97,0x97,0xa2,0x35 },
568 { 0x44,0x44,0xcc,0x88 }, { 0x17,0x17,0x39,0x2e },
569 { 0xc4,0xc4,0x57,0x93 }, { 0xa7,0xa7,0xf2,0x55 },
570 { 0x7e,0x7e,0x82,0xfc }, { 0x3d,0x3d,0x47,0x7a },
571 { 0x64,0x64,0xac,0xc8 }, { 0x5d,0x5d,0xe7,0xba },
572 { 0x19,0x19,0x2b,0x32 }, { 0x73,0x73,0x95,0xe6 },
573 { 0x60,0x60,0xa0,0xc0 }, { 0x81,0x81,0x98,0x19 },
574 { 0x4f,0x4f,0xd1,0x9e }, { 0xdc,0xdc,0x7f,0xa3 },
575 { 0x22,0x22,0x66,0x44 }, { 0x2a,0x2a,0x7e,0x54 },
576 { 0x90,0x90,0xab,0x3b }, { 0x88,0x88,0x83,0x0b },
577 { 0x46,0x46,0xca,0x8c }, { 0xee,0xee,0x29,0xc7 },
578 { 0xb8,0xb8,0xd3,0x6b }, { 0x14,0x14,0x3c,0x28 },
579 { 0xde,0xde,0x79,0xa7 }, { 0x5e,0x5e,0xe2,0xbc },
580 { 0x0b,0x0b,0x1d,0x16 }, { 0xdb,0xdb,0x76,0xad },
581 { 0xe0,0xe0,0x3b,0xdb }, { 0x32,0x32,0x56,0x64 },
582 { 0x3a,0x3a,0x4e,0x74 }, { 0x0a,0x0a,0x1e,0x14 },
583 { 0x49,0x49,0xdb,0x92 }, { 0x06,0x06,0x0a,0x0c },
584 { 0x24,0x24,0x6c,0x48 }, { 0x5c,0x5c,0xe4,0xb8 },
585 { 0xc2,0xc2,0x5d,0x9f }, { 0xd3,0xd3,0x6e,0xbd },
586 { 0xac,0xac,0xef,0x43 }, { 0x62,0x62,0xa6,0xc4 },
587 { 0x91,0x91,0xa8,0x39 }, { 0x95,0x95,0xa4,0x31 },
588 { 0xe4,0xe4,0x37,0xd3 }, { 0x79,0x79,0x8b,0xf2 },
589 { 0xe7,0xe7,0x32,0xd5 }, { 0xc8,0xc8,0x43,0x8b },
590 { 0x37,0x37,0x59,0x6e }, { 0x6d,0x6d,0xb7,0xda },
591 { 0x8d,0x8d,0x8c,0x01 }, { 0xd5,0xd5,0x64,0xb1 },
592 { 0x4e,0x4e,0xd2,0x9c }, { 0xa9,0xa9,0xe0,0x49 },
593 { 0x6c,0x6c,0xb4,0xd8 }, { 0x56,0x56,0xfa,0xac },
594 { 0xf4,0xf4,0x07,0xf3 }, { 0xea,0xea,0x25,0xcf },
595 { 0x65,0x65,0xaf,0xca }, { 0x7a,0x7a,0x8e,0xf4 },
596 { 0xae,0xae,0xe9,0x47 }, { 0x08,0x08,0x18,0x10 },
597 { 0xba,0xba,0xd5,0x6f }, { 0x78,0x78,0x88,0xf0 },
598 { 0x25,0x25,0x6f,0x4a }, { 0x2e,0x2e,0x72,0x5c },
599 { 0x1c,0x1c,0x24,0x38 }, { 0xa6,0xa6,0xf1,0x57 },
600 { 0xb4,0xb4,0xc7,0x73 }, { 0xc6,0xc6,0x51,0x97 },
601 { 0xe8,0xe8,0x23,0xcb }, { 0xdd,0xdd,0x7c,0xa1 },
602 { 0x74,0x74,0x9c,0xe8 }, { 0x1f,0x1f,0x21,0x3e },
603 { 0x4b,0x4b,0xdd,0x96 }, { 0xbd,0xbd,0xdc,0x61 },
604 { 0x8b,0x8b,0x86,0x0d }, { 0x8a,0x8a,0x85,0x0f },
605 { 0x70,0x70,0x90,0xe0 }, { 0x3e,0x3e,0x42,0x7c },
606 { 0xb5,0xb5,0xc4,0x71 }, { 0x66,0x66,0xaa,0xcc },
607 { 0x48,0x48,0xd8,0x90 }, { 0x03,0x03,0x05,0x06 },
608 { 0xf6,0xf6,0x01,0xf7 }, { 0x0e,0x0e,0x12,0x1c },
609 { 0x61,0x61,0xa3,0xc2 }, { 0x35,0x35,0x5f,0x6a },
610 { 0x57,0x57,0xf9,0xae }, { 0xb9,0xb9,0xd0,0x69 },
611 { 0x86,0x86,0x91,0x17 }, { 0xc1,0xc1,0x58,0x99 },
612 { 0x1d,0x1d,0x27,0x3a }, { 0x9e,0x9e,0xb9,0x27 },
613 { 0xe1,0xe1,0x38,0xd9 }, { 0xf8,0xf8,0x13,0xeb },
614 { 0x98,0x98,0xb3,0x2b }, { 0x11,0x11,0x33,0x22 },
615 { 0x69,0x69,0xbb,0xd2 }, { 0xd9,0xd9,0x70,0xa9 },
616 { 0x8e,0x8e,0x89,0x07 }, { 0x94,0x94,0xa7,0x33 },
617 { 0x9b,0x9b,0xb6,0x2d }, { 0x1e,0x1e,0x22,0x3c },
618 { 0x87,0x87,0x92,0x15 }, { 0xe9,0xe9,0x20,0xc9 },
619 { 0xce,0xce,0x49,0x87 }, { 0x55,0x55,0xff,0xaa },
620 { 0x28,0x28,0x78,0x50 }, { 0xdf,0xdf,0x7a,0xa5 },
621 { 0x8c,0x8c,0x8f,0x03 }, { 0xa1,0xa1,0xf8,0x59 },
622 { 0x89,0x89,0x80,0x09 }, { 0x0d,0x0d,0x17,0x1a },
623 { 0xbf,0xbf,0xda,0x65 }, { 0xe6,0xe6,0x31,0xd7 },
624 { 0x42,0x42,0xc6,0x84 }, { 0x68,0x68,0xb8,0xd0 },
625 { 0x41,0x41,0xc3,0x82 }, { 0x99,0x99,0xb0,0x29 },
626 { 0x2d,0x2d,0x77,0x5a }, { 0x0f,0x0f,0x11,0x1e },
627 { 0xb0,0xb0,0xcb,0x7b }, { 0x54,0x54,0xfc,0xa8 },
628 { 0xbb,0xbb,0xd6,0x6d }, { 0x16,0x16,0x3a,0x2c }
629};
630
631static const byte T5[256][4] = {
632 { 0x51,0xf4,0xa7,0x50 }, { 0x7e,0x41,0x65,0x53 },
633 { 0x1a,0x17,0xa4,0xc3 }, { 0x3a,0x27,0x5e,0x96 },
634 { 0x3b,0xab,0x6b,0xcb }, { 0x1f,0x9d,0x45,0xf1 },
635 { 0xac,0xfa,0x58,0xab }, { 0x4b,0xe3,0x03,0x93 },
636 { 0x20,0x30,0xfa,0x55 }, { 0xad,0x76,0x6d,0xf6 },
637 { 0x88,0xcc,0x76,0x91 }, { 0xf5,0x02,0x4c,0x25 },
638 { 0x4f,0xe5,0xd7,0xfc }, { 0xc5,0x2a,0xcb,0xd7 },
639 { 0x26,0x35,0x44,0x80 }, { 0xb5,0x62,0xa3,0x8f },
640 { 0xde,0xb1,0x5a,0x49 }, { 0x25,0xba,0x1b,0x67 },
641 { 0x45,0xea,0x0e,0x98 }, { 0x5d,0xfe,0xc0,0xe1 },
642 { 0xc3,0x2f,0x75,0x02 }, { 0x81,0x4c,0xf0,0x12 },
643 { 0x8d,0x46,0x97,0xa3 }, { 0x6b,0xd3,0xf9,0xc6 },
644 { 0x03,0x8f,0x5f,0xe7 }, { 0x15,0x92,0x9c,0x95 },
645 { 0xbf,0x6d,0x7a,0xeb }, { 0x95,0x52,0x59,0xda },
646 { 0xd4,0xbe,0x83,0x2d }, { 0x58,0x74,0x21,0xd3 },
647 { 0x49,0xe0,0x69,0x29 }, { 0x8e,0xc9,0xc8,0x44 },
648 { 0x75,0xc2,0x89,0x6a }, { 0xf4,0x8e,0x79,0x78 },
649 { 0x99,0x58,0x3e,0x6b }, { 0x27,0xb9,0x71,0xdd },
650 { 0xbe,0xe1,0x4f,0xb6 }, { 0xf0,0x88,0xad,0x17 },
651 { 0xc9,0x20,0xac,0x66 }, { 0x7d,0xce,0x3a,0xb4 },
652 { 0x63,0xdf,0x4a,0x18 }, { 0xe5,0x1a,0x31,0x82 },
653 { 0x97,0x51,0x33,0x60 }, { 0x62,0x53,0x7f,0x45 },
654 { 0xb1,0x64,0x77,0xe0 }, { 0xbb,0x6b,0xae,0x84 },
655 { 0xfe,0x81,0xa0,0x1c }, { 0xf9,0x08,0x2b,0x94 },
656 { 0x70,0x48,0x68,0x58 }, { 0x8f,0x45,0xfd,0x19 },
657 { 0x94,0xde,0x6c,0x87 }, { 0x52,0x7b,0xf8,0xb7 },
658 { 0xab,0x73,0xd3,0x23 }, { 0x72,0x4b,0x02,0xe2 },
659 { 0xe3,0x1f,0x8f,0x57 }, { 0x66,0x55,0xab,0x2a },
660 { 0xb2,0xeb,0x28,0x07 }, { 0x2f,0xb5,0xc2,0x03 },
661 { 0x86,0xc5,0x7b,0x9a }, { 0xd3,0x37,0x08,0xa5 },
662 { 0x30,0x28,0x87,0xf2 }, { 0x23,0xbf,0xa5,0xb2 },
663 { 0x02,0x03,0x6a,0xba }, { 0xed,0x16,0x82,0x5c },
664 { 0x8a,0xcf,0x1c,0x2b }, { 0xa7,0x79,0xb4,0x92 },
665 { 0xf3,0x07,0xf2,0xf0 }, { 0x4e,0x69,0xe2,0xa1 },
666 { 0x65,0xda,0xf4,0xcd }, { 0x06,0x05,0xbe,0xd5 },
667 { 0xd1,0x34,0x62,0x1f }, { 0xc4,0xa6,0xfe,0x8a },
668 { 0x34,0x2e,0x53,0x9d }, { 0xa2,0xf3,0x55,0xa0 },
669 { 0x05,0x8a,0xe1,0x32 }, { 0xa4,0xf6,0xeb,0x75 },
670 { 0x0b,0x83,0xec,0x39 }, { 0x40,0x60,0xef,0xaa },
671 { 0x5e,0x71,0x9f,0x06 }, { 0xbd,0x6e,0x10,0x51 },
672 { 0x3e,0x21,0x8a,0xf9 }, { 0x96,0xdd,0x06,0x3d },
673 { 0xdd,0x3e,0x05,0xae }, { 0x4d,0xe6,0xbd,0x46 },
674 { 0x91,0x54,0x8d,0xb5 }, { 0x71,0xc4,0x5d,0x05 },
675 { 0x04,0x06,0xd4,0x6f }, { 0x60,0x50,0x15,0xff },
676 { 0x19,0x98,0xfb,0x24 }, { 0xd6,0xbd,0xe9,0x97 },
677 { 0x89,0x40,0x43,0xcc }, { 0x67,0xd9,0x9e,0x77 },
678 { 0xb0,0xe8,0x42,0xbd }, { 0x07,0x89,0x8b,0x88 },
679 { 0xe7,0x19,0x5b,0x38 }, { 0x79,0xc8,0xee,0xdb },
680 { 0xa1,0x7c,0x0a,0x47 }, { 0x7c,0x42,0x0f,0xe9 },
681 { 0xf8,0x84,0x1e,0xc9 }, { 0x00,0x00,0x00,0x00 },
682 { 0x09,0x80,0x86,0x83 }, { 0x32,0x2b,0xed,0x48 },
683 { 0x1e,0x11,0x70,0xac }, { 0x6c,0x5a,0x72,0x4e },
684 { 0xfd,0x0e,0xff,0xfb }, { 0x0f,0x85,0x38,0x56 },
685 { 0x3d,0xae,0xd5,0x1e }, { 0x36,0x2d,0x39,0x27 },
686 { 0x0a,0x0f,0xd9,0x64 }, { 0x68,0x5c,0xa6,0x21 },
687 { 0x9b,0x5b,0x54,0xd1 }, { 0x24,0x36,0x2e,0x3a },
688 { 0x0c,0x0a,0x67,0xb1 }, { 0x93,0x57,0xe7,0x0f },
689 { 0xb4,0xee,0x96,0xd2 }, { 0x1b,0x9b,0x91,0x9e },
690 { 0x80,0xc0,0xc5,0x4f }, { 0x61,0xdc,0x20,0xa2 },
691 { 0x5a,0x77,0x4b,0x69 }, { 0x1c,0x12,0x1a,0x16 },
692 { 0xe2,0x93,0xba,0x0a }, { 0xc0,0xa0,0x2a,0xe5 },
693 { 0x3c,0x22,0xe0,0x43 }, { 0x12,0x1b,0x17,0x1d },
694 { 0x0e,0x09,0x0d,0x0b }, { 0xf2,0x8b,0xc7,0xad },
695 { 0x2d,0xb6,0xa8,0xb9 }, { 0x14,0x1e,0xa9,0xc8 },
696 { 0x57,0xf1,0x19,0x85 }, { 0xaf,0x75,0x07,0x4c },
697 { 0xee,0x99,0xdd,0xbb }, { 0xa3,0x7f,0x60,0xfd },
698 { 0xf7,0x01,0x26,0x9f }, { 0x5c,0x72,0xf5,0xbc },
699 { 0x44,0x66,0x3b,0xc5 }, { 0x5b,0xfb,0x7e,0x34 },
700 { 0x8b,0x43,0x29,0x76 }, { 0xcb,0x23,0xc6,0xdc },
701 { 0xb6,0xed,0xfc,0x68 }, { 0xb8,0xe4,0xf1,0x63 },
702 { 0xd7,0x31,0xdc,0xca }, { 0x42,0x63,0x85,0x10 },
703 { 0x13,0x97,0x22,0x40 }, { 0x84,0xc6,0x11,0x20 },
704 { 0x85,0x4a,0x24,0x7d }, { 0xd2,0xbb,0x3d,0xf8 },
705 { 0xae,0xf9,0x32,0x11 }, { 0xc7,0x29,0xa1,0x6d },
706 { 0x1d,0x9e,0x2f,0x4b }, { 0xdc,0xb2,0x30,0xf3 },
707 { 0x0d,0x86,0x52,0xec }, { 0x77,0xc1,0xe3,0xd0 },
708 { 0x2b,0xb3,0x16,0x6c }, { 0xa9,0x70,0xb9,0x99 },
709 { 0x11,0x94,0x48,0xfa }, { 0x47,0xe9,0x64,0x22 },
710 { 0xa8,0xfc,0x8c,0xc4 }, { 0xa0,0xf0,0x3f,0x1a },
711 { 0x56,0x7d,0x2c,0xd8 }, { 0x22,0x33,0x90,0xef },
712 { 0x87,0x49,0x4e,0xc7 }, { 0xd9,0x38,0xd1,0xc1 },
713 { 0x8c,0xca,0xa2,0xfe }, { 0x98,0xd4,0x0b,0x36 },
714 { 0xa6,0xf5,0x81,0xcf }, { 0xa5,0x7a,0xde,0x28 },
715 { 0xda,0xb7,0x8e,0x26 }, { 0x3f,0xad,0xbf,0xa4 },
716 { 0x2c,0x3a,0x9d,0xe4 }, { 0x50,0x78,0x92,0x0d },
717 { 0x6a,0x5f,0xcc,0x9b }, { 0x54,0x7e,0x46,0x62 },
718 { 0xf6,0x8d,0x13,0xc2 }, { 0x90,0xd8,0xb8,0xe8 },
719 { 0x2e,0x39,0xf7,0x5e }, { 0x82,0xc3,0xaf,0xf5 },
720 { 0x9f,0x5d,0x80,0xbe }, { 0x69,0xd0,0x93,0x7c },
721 { 0x6f,0xd5,0x2d,0xa9 }, { 0xcf,0x25,0x12,0xb3 },
722 { 0xc8,0xac,0x99,0x3b }, { 0x10,0x18,0x7d,0xa7 },
723 { 0xe8,0x9c,0x63,0x6e }, { 0xdb,0x3b,0xbb,0x7b },
724 { 0xcd,0x26,0x78,0x09 }, { 0x6e,0x59,0x18,0xf4 },
725 { 0xec,0x9a,0xb7,0x01 }, { 0x83,0x4f,0x9a,0xa8 },
726 { 0xe6,0x95,0x6e,0x65 }, { 0xaa,0xff,0xe6,0x7e },
727 { 0x21,0xbc,0xcf,0x08 }, { 0xef,0x15,0xe8,0xe6 },
728 { 0xba,0xe7,0x9b,0xd9 }, { 0x4a,0x6f,0x36,0xce },
729 { 0xea,0x9f,0x09,0xd4 }, { 0x29,0xb0,0x7c,0xd6 },
730 { 0x31,0xa4,0xb2,0xaf }, { 0x2a,0x3f,0x23,0x31 },
731 { 0xc6,0xa5,0x94,0x30 }, { 0x35,0xa2,0x66,0xc0 },
732 { 0x74,0x4e,0xbc,0x37 }, { 0xfc,0x82,0xca,0xa6 },
733 { 0xe0,0x90,0xd0,0xb0 }, { 0x33,0xa7,0xd8,0x15 },
734 { 0xf1,0x04,0x98,0x4a }, { 0x41,0xec,0xda,0xf7 },
735 { 0x7f,0xcd,0x50,0x0e }, { 0x17,0x91,0xf6,0x2f },
736 { 0x76,0x4d,0xd6,0x8d }, { 0x43,0xef,0xb0,0x4d },
737 { 0xcc,0xaa,0x4d,0x54 }, { 0xe4,0x96,0x04,0xdf },
738 { 0x9e,0xd1,0xb5,0xe3 }, { 0x4c,0x6a,0x88,0x1b },
739 { 0xc1,0x2c,0x1f,0xb8 }, { 0x46,0x65,0x51,0x7f },
740 { 0x9d,0x5e,0xea,0x04 }, { 0x01,0x8c,0x35,0x5d },
741 { 0xfa,0x87,0x74,0x73 }, { 0xfb,0x0b,0x41,0x2e },
742 { 0xb3,0x67,0x1d,0x5a }, { 0x92,0xdb,0xd2,0x52 },
743 { 0xe9,0x10,0x56,0x33 }, { 0x6d,0xd6,0x47,0x13 },
744 { 0x9a,0xd7,0x61,0x8c }, { 0x37,0xa1,0x0c,0x7a },
745 { 0x59,0xf8,0x14,0x8e }, { 0xeb,0x13,0x3c,0x89 },
746 { 0xce,0xa9,0x27,0xee }, { 0xb7,0x61,0xc9,0x35 },
747 { 0xe1,0x1c,0xe5,0xed }, { 0x7a,0x47,0xb1,0x3c },
748 { 0x9c,0xd2,0xdf,0x59 }, { 0x55,0xf2,0x73,0x3f },
749 { 0x18,0x14,0xce,0x79 }, { 0x73,0xc7,0x37,0xbf },
750 { 0x53,0xf7,0xcd,0xea }, { 0x5f,0xfd,0xaa,0x5b },
751 { 0xdf,0x3d,0x6f,0x14 }, { 0x78,0x44,0xdb,0x86 },
752 { 0xca,0xaf,0xf3,0x81 }, { 0xb9,0x68,0xc4,0x3e },
753 { 0x38,0x24,0x34,0x2c }, { 0xc2,0xa3,0x40,0x5f },
754 { 0x16,0x1d,0xc3,0x72 }, { 0xbc,0xe2,0x25,0x0c },
755 { 0x28,0x3c,0x49,0x8b }, { 0xff,0x0d,0x95,0x41 },
756 { 0x39,0xa8,0x01,0x71 }, { 0x08,0x0c,0xb3,0xde },
757 { 0xd8,0xb4,0xe4,0x9c }, { 0x64,0x56,0xc1,0x90 },
758 { 0x7b,0xcb,0x84,0x61 }, { 0xd5,0x32,0xb6,0x70 },
759 { 0x48,0x6c,0x5c,0x74 }, { 0xd0,0xb8,0x57,0x42 }
760};
761
762static const byte T6[256][4] = {
763 { 0x50,0x51,0xf4,0xa7 }, { 0x53,0x7e,0x41,0x65 },
764 { 0xc3,0x1a,0x17,0xa4 }, { 0x96,0x3a,0x27,0x5e },
765 { 0xcb,0x3b,0xab,0x6b }, { 0xf1,0x1f,0x9d,0x45 },
766 { 0xab,0xac,0xfa,0x58 }, { 0x93,0x4b,0xe3,0x03 },
767 { 0x55,0x20,0x30,0xfa }, { 0xf6,0xad,0x76,0x6d },
768 { 0x91,0x88,0xcc,0x76 }, { 0x25,0xf5,0x02,0x4c },
769 { 0xfc,0x4f,0xe5,0xd7 }, { 0xd7,0xc5,0x2a,0xcb },
770 { 0x80,0x26,0x35,0x44 }, { 0x8f,0xb5,0x62,0xa3 },
771 { 0x49,0xde,0xb1,0x5a }, { 0x67,0x25,0xba,0x1b },
772 { 0x98,0x45,0xea,0x0e }, { 0xe1,0x5d,0xfe,0xc0 },
773 { 0x02,0xc3,0x2f,0x75 }, { 0x12,0x81,0x4c,0xf0 },
774 { 0xa3,0x8d,0x46,0x97 }, { 0xc6,0x6b,0xd3,0xf9 },
775 { 0xe7,0x03,0x8f,0x5f }, { 0x95,0x15,0x92,0x9c },
776 { 0xeb,0xbf,0x6d,0x7a }, { 0xda,0x95,0x52,0x59 },
777 { 0x2d,0xd4,0xbe,0x83 }, { 0xd3,0x58,0x74,0x21 },
778 { 0x29,0x49,0xe0,0x69 }, { 0x44,0x8e,0xc9,0xc8 },
779 { 0x6a,0x75,0xc2,0x89 }, { 0x78,0xf4,0x8e,0x79 },
780 { 0x6b,0x99,0x58,0x3e }, { 0xdd,0x27,0xb9,0x71 },
781 { 0xb6,0xbe,0xe1,0x4f }, { 0x17,0xf0,0x88,0xad },
782 { 0x66,0xc9,0x20,0xac }, { 0xb4,0x7d,0xce,0x3a },
783 { 0x18,0x63,0xdf,0x4a }, { 0x82,0xe5,0x1a,0x31 },
784 { 0x60,0x97,0x51,0x33 }, { 0x45,0x62,0x53,0x7f },
785 { 0xe0,0xb1,0x64,0x77 }, { 0x84,0xbb,0x6b,0xae },
786 { 0x1c,0xfe,0x81,0xa0 }, { 0x94,0xf9,0x08,0x2b },
787 { 0x58,0x70,0x48,0x68 }, { 0x19,0x8f,0x45,0xfd },
788 { 0x87,0x94,0xde,0x6c }, { 0xb7,0x52,0x7b,0xf8 },
789 { 0x23,0xab,0x73,0xd3 }, { 0xe2,0x72,0x4b,0x02 },
790 { 0x57,0xe3,0x1f,0x8f }, { 0x2a,0x66,0x55,0xab },
791 { 0x07,0xb2,0xeb,0x28 }, { 0x03,0x2f,0xb5,0xc2 },
792 { 0x9a,0x86,0xc5,0x7b }, { 0xa5,0xd3,0x37,0x08 },
793 { 0xf2,0x30,0x28,0x87 }, { 0xb2,0x23,0xbf,0xa5 },
794 { 0xba,0x02,0x03,0x6a }, { 0x5c,0xed,0x16,0x82 },
795 { 0x2b,0x8a,0xcf,0x1c }, { 0x92,0xa7,0x79,0xb4 },
796 { 0xf0,0xf3,0x07,0xf2 }, { 0xa1,0x4e,0x69,0xe2 },
797 { 0xcd,0x65,0xda,0xf4 }, { 0xd5,0x06,0x05,0xbe },
798 { 0x1f,0xd1,0x34,0x62 }, { 0x8a,0xc4,0xa6,0xfe },
799 { 0x9d,0x34,0x2e,0x53 }, { 0xa0,0xa2,0xf3,0x55 },
800 { 0x32,0x05,0x8a,0xe1 }, { 0x75,0xa4,0xf6,0xeb },
801 { 0x39,0x0b,0x83,0xec }, { 0xaa,0x40,0x60,0xef },
802 { 0x06,0x5e,0x71,0x9f }, { 0x51,0xbd,0x6e,0x10 },
803 { 0xf9,0x3e,0x21,0x8a }, { 0x3d,0x96,0xdd,0x06 },
804 { 0xae,0xdd,0x3e,0x05 }, { 0x46,0x4d,0xe6,0xbd },
805 { 0xb5,0x91,0x54,0x8d }, { 0x05,0x71,0xc4,0x5d },
806 { 0x6f,0x04,0x06,0xd4 }, { 0xff,0x60,0x50,0x15 },
807 { 0x24,0x19,0x98,0xfb }, { 0x97,0xd6,0xbd,0xe9 },
808 { 0xcc,0x89,0x40,0x43 }, { 0x77,0x67,0xd9,0x9e },
809 { 0xbd,0xb0,0xe8,0x42 }, { 0x88,0x07,0x89,0x8b },
810 { 0x38,0xe7,0x19,0x5b }, { 0xdb,0x79,0xc8,0xee },
811 { 0x47,0xa1,0x7c,0x0a }, { 0xe9,0x7c,0x42,0x0f },
812 { 0xc9,0xf8,0x84,0x1e }, { 0x00,0x00,0x00,0x00 },
813 { 0x83,0x09,0x80,0x86 }, { 0x48,0x32,0x2b,0xed },
814 { 0xac,0x1e,0x11,0x70 }, { 0x4e,0x6c,0x5a,0x72 },
815 { 0xfb,0xfd,0x0e,0xff }, { 0x56,0x0f,0x85,0x38 },
816 { 0x1e,0x3d,0xae,0xd5 }, { 0x27,0x36,0x2d,0x39 },
817 { 0x64,0x0a,0x0f,0xd9 }, { 0x21,0x68,0x5c,0xa6 },
818 { 0xd1,0x9b,0x5b,0x54 }, { 0x3a,0x24,0x36,0x2e },
819 { 0xb1,0x0c,0x0a,0x67 }, { 0x0f,0x93,0x57,0xe7 },
820 { 0xd2,0xb4,0xee,0x96 }, { 0x9e,0x1b,0x9b,0x91 },
821 { 0x4f,0x80,0xc0,0xc5 }, { 0xa2,0x61,0xdc,0x20 },
822 { 0x69,0x5a,0x77,0x4b }, { 0x16,0x1c,0x12,0x1a },
823 { 0x0a,0xe2,0x93,0xba }, { 0xe5,0xc0,0xa0,0x2a },
824 { 0x43,0x3c,0x22,0xe0 }, { 0x1d,0x12,0x1b,0x17 },
825 { 0x0b,0x0e,0x09,0x0d }, { 0xad,0xf2,0x8b,0xc7 },
826 { 0xb9,0x2d,0xb6,0xa8 }, { 0xc8,0x14,0x1e,0xa9 },
827 { 0x85,0x57,0xf1,0x19 }, { 0x4c,0xaf,0x75,0x07 },
828 { 0xbb,0xee,0x99,0xdd }, { 0xfd,0xa3,0x7f,0x60 },
829 { 0x9f,0xf7,0x01,0x26 }, { 0xbc,0x5c,0x72,0xf5 },
830 { 0xc5,0x44,0x66,0x3b }, { 0x34,0x5b,0xfb,0x7e },
831 { 0x76,0x8b,0x43,0x29 }, { 0xdc,0xcb,0x23,0xc6 },
832 { 0x68,0xb6,0xed,0xfc }, { 0x63,0xb8,0xe4,0xf1 },
833 { 0xca,0xd7,0x31,0xdc }, { 0x10,0x42,0x63,0x85 },
834 { 0x40,0x13,0x97,0x22 }, { 0x20,0x84,0xc6,0x11 },
835 { 0x7d,0x85,0x4a,0x24 }, { 0xf8,0xd2,0xbb,0x3d },
836 { 0x11,0xae,0xf9,0x32 }, { 0x6d,0xc7,0x29,0xa1 },
837 { 0x4b,0x1d,0x9e,0x2f }, { 0xf3,0xdc,0xb2,0x30 },
838 { 0xec,0x0d,0x86,0x52 }, { 0xd0,0x77,0xc1,0xe3 },
839 { 0x6c,0x2b,0xb3,0x16 }, { 0x99,0xa9,0x70,0xb9 },
840 { 0xfa,0x11,0x94,0x48 }, { 0x22,0x47,0xe9,0x64 },
841 { 0xc4,0xa8,0xfc,0x8c }, { 0x1a,0xa0,0xf0,0x3f },
842 { 0xd8,0x56,0x7d,0x2c }, { 0xef,0x22,0x33,0x90 },
843 { 0xc7,0x87,0x49,0x4e }, { 0xc1,0xd9,0x38,0xd1 },
844 { 0xfe,0x8c,0xca,0xa2 }, { 0x36,0x98,0xd4,0x0b },
845 { 0xcf,0xa6,0xf5,0x81 }, { 0x28,0xa5,0x7a,0xde },
846 { 0x26,0xda,0xb7,0x8e }, { 0xa4,0x3f,0xad,0xbf },
847 { 0xe4,0x2c,0x3a,0x9d }, { 0x0d,0x50,0x78,0x92 },
848 { 0x9b,0x6a,0x5f,0xcc }, { 0x62,0x54,0x7e,0x46 },
849 { 0xc2,0xf6,0x8d,0x13 }, { 0xe8,0x90,0xd8,0xb8 },
850 { 0x5e,0x2e,0x39,0xf7 }, { 0xf5,0x82,0xc3,0xaf },
851 { 0xbe,0x9f,0x5d,0x80 }, { 0x7c,0x69,0xd0,0x93 },
852 { 0xa9,0x6f,0xd5,0x2d }, { 0xb3,0xcf,0x25,0x12 },
853 { 0x3b,0xc8,0xac,0x99 }, { 0xa7,0x10,0x18,0x7d },
854 { 0x6e,0xe8,0x9c,0x63 }, { 0x7b,0xdb,0x3b,0xbb },
855 { 0x09,0xcd,0x26,0x78 }, { 0xf4,0x6e,0x59,0x18 },
856 { 0x01,0xec,0x9a,0xb7 }, { 0xa8,0x83,0x4f,0x9a },
857 { 0x65,0xe6,0x95,0x6e }, { 0x7e,0xaa,0xff,0xe6 },
858 { 0x08,0x21,0xbc,0xcf }, { 0xe6,0xef,0x15,0xe8 },
859 { 0xd9,0xba,0xe7,0x9b }, { 0xce,0x4a,0x6f,0x36 },
860 { 0xd4,0xea,0x9f,0x09 }, { 0xd6,0x29,0xb0,0x7c },
861 { 0xaf,0x31,0xa4,0xb2 }, { 0x31,0x2a,0x3f,0x23 },
862 { 0x30,0xc6,0xa5,0x94 }, { 0xc0,0x35,0xa2,0x66 },
863 { 0x37,0x74,0x4e,0xbc }, { 0xa6,0xfc,0x82,0xca },
864 { 0xb0,0xe0,0x90,0xd0 }, { 0x15,0x33,0xa7,0xd8 },
865 { 0x4a,0xf1,0x04,0x98 }, { 0xf7,0x41,0xec,0xda },
866 { 0x0e,0x7f,0xcd,0x50 }, { 0x2f,0x17,0x91,0xf6 },
867 { 0x8d,0x76,0x4d,0xd6 }, { 0x4d,0x43,0xef,0xb0 },
868 { 0x54,0xcc,0xaa,0x4d }, { 0xdf,0xe4,0x96,0x04 },
869 { 0xe3,0x9e,0xd1,0xb5 }, { 0x1b,0x4c,0x6a,0x88 },
870 { 0xb8,0xc1,0x2c,0x1f }, { 0x7f,0x46,0x65,0x51 },
871 { 0x04,0x9d,0x5e,0xea }, { 0x5d,0x01,0x8c,0x35 },
872 { 0x73,0xfa,0x87,0x74 }, { 0x2e,0xfb,0x0b,0x41 },
873 { 0x5a,0xb3,0x67,0x1d }, { 0x52,0x92,0xdb,0xd2 },
874 { 0x33,0xe9,0x10,0x56 }, { 0x13,0x6d,0xd6,0x47 },
875 { 0x8c,0x9a,0xd7,0x61 }, { 0x7a,0x37,0xa1,0x0c },
876 { 0x8e,0x59,0xf8,0x14 }, { 0x89,0xeb,0x13,0x3c },
877 { 0xee,0xce,0xa9,0x27 }, { 0x35,0xb7,0x61,0xc9 },
878 { 0xed,0xe1,0x1c,0xe5 }, { 0x3c,0x7a,0x47,0xb1 },
879 { 0x59,0x9c,0xd2,0xdf }, { 0x3f,0x55,0xf2,0x73 },
880 { 0x79,0x18,0x14,0xce }, { 0xbf,0x73,0xc7,0x37 },
881 { 0xea,0x53,0xf7,0xcd }, { 0x5b,0x5f,0xfd,0xaa },
882 { 0x14,0xdf,0x3d,0x6f }, { 0x86,0x78,0x44,0xdb },
883 { 0x81,0xca,0xaf,0xf3 }, { 0x3e,0xb9,0x68,0xc4 },
884 { 0x2c,0x38,0x24,0x34 }, { 0x5f,0xc2,0xa3,0x40 },
885 { 0x72,0x16,0x1d,0xc3 }, { 0x0c,0xbc,0xe2,0x25 },
886 { 0x8b,0x28,0x3c,0x49 }, { 0x41,0xff,0x0d,0x95 },
887 { 0x71,0x39,0xa8,0x01 }, { 0xde,0x08,0x0c,0xb3 },
888 { 0x9c,0xd8,0xb4,0xe4 }, { 0x90,0x64,0x56,0xc1 },
889 { 0x61,0x7b,0xcb,0x84 }, { 0x70,0xd5,0x32,0xb6 },
890 { 0x74,0x48,0x6c,0x5c }, { 0x42,0xd0,0xb8,0x57 }
891};
892
893static const byte T7[256][4] = {
894 { 0xa7,0x50,0x51,0xf4 }, { 0x65,0x53,0x7e,0x41 },
895 { 0xa4,0xc3,0x1a,0x17 }, { 0x5e,0x96,0x3a,0x27 },
896 { 0x6b,0xcb,0x3b,0xab }, { 0x45,0xf1,0x1f,0x9d },
897 { 0x58,0xab,0xac,0xfa }, { 0x03,0x93,0x4b,0xe3 },
898 { 0xfa,0x55,0x20,0x30 }, { 0x6d,0xf6,0xad,0x76 },
899 { 0x76,0x91,0x88,0xcc }, { 0x4c,0x25,0xf5,0x02 },
900 { 0xd7,0xfc,0x4f,0xe5 }, { 0xcb,0xd7,0xc5,0x2a },
901 { 0x44,0x80,0x26,0x35 }, { 0xa3,0x8f,0xb5,0x62 },
902 { 0x5a,0x49,0xde,0xb1 }, { 0x1b,0x67,0x25,0xba },
903 { 0x0e,0x98,0x45,0xea }, { 0xc0,0xe1,0x5d,0xfe },
904 { 0x75,0x02,0xc3,0x2f }, { 0xf0,0x12,0x81,0x4c },
905 { 0x97,0xa3,0x8d,0x46 }, { 0xf9,0xc6,0x6b,0xd3 },
906 { 0x5f,0xe7,0x03,0x8f }, { 0x9c,0x95,0x15,0x92 },
907 { 0x7a,0xeb,0xbf,0x6d }, { 0x59,0xda,0x95,0x52 },
908 { 0x83,0x2d,0xd4,0xbe }, { 0x21,0xd3,0x58,0x74 },
909 { 0x69,0x29,0x49,0xe0 }, { 0xc8,0x44,0x8e,0xc9 },
910 { 0x89,0x6a,0x75,0xc2 }, { 0x79,0x78,0xf4,0x8e },
911 { 0x3e,0x6b,0x99,0x58 }, { 0x71,0xdd,0x27,0xb9 },
912 { 0x4f,0xb6,0xbe,0xe1 }, { 0xad,0x17,0xf0,0x88 },
913 { 0xac,0x66,0xc9,0x20 }, { 0x3a,0xb4,0x7d,0xce },
914 { 0x4a,0x18,0x63,0xdf }, { 0x31,0x82,0xe5,0x1a },
915 { 0x33,0x60,0x97,0x51 }, { 0x7f,0x45,0x62,0x53 },
916 { 0x77,0xe0,0xb1,0x64 }, { 0xae,0x84,0xbb,0x6b },
917 { 0xa0,0x1c,0xfe,0x81 }, { 0x2b,0x94,0xf9,0x08 },
918 { 0x68,0x58,0x70,0x48 }, { 0xfd,0x19,0x8f,0x45 },
919 { 0x6c,0x87,0x94,0xde }, { 0xf8,0xb7,0x52,0x7b },
920 { 0xd3,0x23,0xab,0x73 }, { 0x02,0xe2,0x72,0x4b },
921 { 0x8f,0x57,0xe3,0x1f }, { 0xab,0x2a,0x66,0x55 },
922 { 0x28,0x07,0xb2,0xeb }, { 0xc2,0x03,0x2f,0xb5 },
923 { 0x7b,0x9a,0x86,0xc5 }, { 0x08,0xa5,0xd3,0x37 },
924 { 0x87,0xf2,0x30,0x28 }, { 0xa5,0xb2,0x23,0xbf },
925 { 0x6a,0xba,0x02,0x03 }, { 0x82,0x5c,0xed,0x16 },
926 { 0x1c,0x2b,0x8a,0xcf }, { 0xb4,0x92,0xa7,0x79 },
927 { 0xf2,0xf0,0xf3,0x07 }, { 0xe2,0xa1,0x4e,0x69 },
928 { 0xf4,0xcd,0x65,0xda }, { 0xbe,0xd5,0x06,0x05 },
929 { 0x62,0x1f,0xd1,0x34 }, { 0xfe,0x8a,0xc4,0xa6 },
930 { 0x53,0x9d,0x34,0x2e }, { 0x55,0xa0,0xa2,0xf3 },
931 { 0xe1,0x32,0x05,0x8a }, { 0xeb,0x75,0xa4,0xf6 },
932 { 0xec,0x39,0x0b,0x83 }, { 0xef,0xaa,0x40,0x60 },
933 { 0x9f,0x06,0x5e,0x71 }, { 0x10,0x51,0xbd,0x6e },
934 { 0x8a,0xf9,0x3e,0x21 }, { 0x06,0x3d,0x96,0xdd },
935 { 0x05,0xae,0xdd,0x3e }, { 0xbd,0x46,0x4d,0xe6 },
936 { 0x8d,0xb5,0x91,0x54 }, { 0x5d,0x05,0x71,0xc4 },
937 { 0xd4,0x6f,0x04,0x06 }, { 0x15,0xff,0x60,0x50 },
938 { 0xfb,0x24,0x19,0x98 }, { 0xe9,0x97,0xd6,0xbd },
939 { 0x43,0xcc,0x89,0x40 }, { 0x9e,0x77,0x67,0xd9 },
940 { 0x42,0xbd,0xb0,0xe8 }, { 0x8b,0x88,0x07,0x89 },
941 { 0x5b,0x38,0xe7,0x19 }, { 0xee,0xdb,0x79,0xc8 },
942 { 0x0a,0x47,0xa1,0x7c }, { 0x0f,0xe9,0x7c,0x42 },
943 { 0x1e,0xc9,0xf8,0x84 }, { 0x00,0x00,0x00,0x00 },
944 { 0x86,0x83,0x09,0x80 }, { 0xed,0x48,0x32,0x2b },
945 { 0x70,0xac,0x1e,0x11 }, { 0x72,0x4e,0x6c,0x5a },
946 { 0xff,0xfb,0xfd,0x0e }, { 0x38,0x56,0x0f,0x85 },
947 { 0xd5,0x1e,0x3d,0xae }, { 0x39,0x27,0x36,0x2d },
948 { 0xd9,0x64,0x0a,0x0f }, { 0xa6,0x21,0x68,0x5c },
949 { 0x54,0xd1,0x9b,0x5b }, { 0x2e,0x3a,0x24,0x36 },
950 { 0x67,0xb1,0x0c,0x0a }, { 0xe7,0x0f,0x93,0x57 },
951 { 0x96,0xd2,0xb4,0xee }, { 0x91,0x9e,0x1b,0x9b },
952 { 0xc5,0x4f,0x80,0xc0 }, { 0x20,0xa2,0x61,0xdc },
953 { 0x4b,0x69,0x5a,0x77 }, { 0x1a,0x16,0x1c,0x12 },
954 { 0xba,0x0a,0xe2,0x93 }, { 0x2a,0xe5,0xc0,0xa0 },
955 { 0xe0,0x43,0x3c,0x22 }, { 0x17,0x1d,0x12,0x1b },
956 { 0x0d,0x0b,0x0e,0x09 }, { 0xc7,0xad,0xf2,0x8b },
957 { 0xa8,0xb9,0x2d,0xb6 }, { 0xa9,0xc8,0x14,0x1e },
958 { 0x19,0x85,0x57,0xf1 }, { 0x07,0x4c,0xaf,0x75 },
959 { 0xdd,0xbb,0xee,0x99 }, { 0x60,0xfd,0xa3,0x7f },
960 { 0x26,0x9f,0xf7,0x01 }, { 0xf5,0xbc,0x5c,0x72 },
961 { 0x3b,0xc5,0x44,0x66 }, { 0x7e,0x34,0x5b,0xfb },
962 { 0x29,0x76,0x8b,0x43 }, { 0xc6,0xdc,0xcb,0x23 },
963 { 0xfc,0x68,0xb6,0xed }, { 0xf1,0x63,0xb8,0xe4 },
964 { 0xdc,0xca,0xd7,0x31 }, { 0x85,0x10,0x42,0x63 },
965 { 0x22,0x40,0x13,0x97 }, { 0x11,0x20,0x84,0xc6 },
966 { 0x24,0x7d,0x85,0x4a }, { 0x3d,0xf8,0xd2,0xbb },
967 { 0x32,0x11,0xae,0xf9 }, { 0xa1,0x6d,0xc7,0x29 },
968 { 0x2f,0x4b,0x1d,0x9e }, { 0x30,0xf3,0xdc,0xb2 },
969 { 0x52,0xec,0x0d,0x86 }, { 0xe3,0xd0,0x77,0xc1 },
970 { 0x16,0x6c,0x2b,0xb3 }, { 0xb9,0x99,0xa9,0x70 },
971 { 0x48,0xfa,0x11,0x94 }, { 0x64,0x22,0x47,0xe9 },
972 { 0x8c,0xc4,0xa8,0xfc }, { 0x3f,0x1a,0xa0,0xf0 },
973 { 0x2c,0xd8,0x56,0x7d }, { 0x90,0xef,0x22,0x33 },
974 { 0x4e,0xc7,0x87,0x49 }, { 0xd1,0xc1,0xd9,0x38 },
975 { 0xa2,0xfe,0x8c,0xca }, { 0x0b,0x36,0x98,0xd4 },
976 { 0x81,0xcf,0xa6,0xf5 }, { 0xde,0x28,0xa5,0x7a },
977 { 0x8e,0x26,0xda,0xb7 }, { 0xbf,0xa4,0x3f,0xad },
978 { 0x9d,0xe4,0x2c,0x3a }, { 0x92,0x0d,0x50,0x78 },
979 { 0xcc,0x9b,0x6a,0x5f }, { 0x46,0x62,0x54,0x7e },
980 { 0x13,0xc2,0xf6,0x8d }, { 0xb8,0xe8,0x90,0xd8 },
981 { 0xf7,0x5e,0x2e,0x39 }, { 0xaf,0xf5,0x82,0xc3 },
982 { 0x80,0xbe,0x9f,0x5d }, { 0x93,0x7c,0x69,0xd0 },
983 { 0x2d,0xa9,0x6f,0xd5 }, { 0x12,0xb3,0xcf,0x25 },
984 { 0x99,0x3b,0xc8,0xac }, { 0x7d,0xa7,0x10,0x18 },
985 { 0x63,0x6e,0xe8,0x9c }, { 0xbb,0x7b,0xdb,0x3b },
986 { 0x78,0x09,0xcd,0x26 }, { 0x18,0xf4,0x6e,0x59 },
987 { 0xb7,0x01,0xec,0x9a }, { 0x9a,0xa8,0x83,0x4f },
988 { 0x6e,0x65,0xe6,0x95 }, { 0xe6,0x7e,0xaa,0xff },
989 { 0xcf,0x08,0x21,0xbc }, { 0xe8,0xe6,0xef,0x15 },
990 { 0x9b,0xd9,0xba,0xe7 }, { 0x36,0xce,0x4a,0x6f },
991 { 0x09,0xd4,0xea,0x9f }, { 0x7c,0xd6,0x29,0xb0 },
992 { 0xb2,0xaf,0x31,0xa4 }, { 0x23,0x31,0x2a,0x3f },
993 { 0x94,0x30,0xc6,0xa5 }, { 0x66,0xc0,0x35,0xa2 },
994 { 0xbc,0x37,0x74,0x4e }, { 0xca,0xa6,0xfc,0x82 },
995 { 0xd0,0xb0,0xe0,0x90 }, { 0xd8,0x15,0x33,0xa7 },
996 { 0x98,0x4a,0xf1,0x04 }, { 0xda,0xf7,0x41,0xec },
997 { 0x50,0x0e,0x7f,0xcd }, { 0xf6,0x2f,0x17,0x91 },
998 { 0xd6,0x8d,0x76,0x4d }, { 0xb0,0x4d,0x43,0xef },
999 { 0x4d,0x54,0xcc,0xaa }, { 0x04,0xdf,0xe4,0x96 },
1000 { 0xb5,0xe3,0x9e,0xd1 }, { 0x88,0x1b,0x4c,0x6a },
1001 { 0x1f,0xb8,0xc1,0x2c }, { 0x51,0x7f,0x46,0x65 },
1002 { 0xea,0x04,0x9d,0x5e }, { 0x35,0x5d,0x01,0x8c },
1003 { 0x74,0x73,0xfa,0x87 }, { 0x41,0x2e,0xfb,0x0b },
1004 { 0x1d,0x5a,0xb3,0x67 }, { 0xd2,0x52,0x92,0xdb },
1005 { 0x56,0x33,0xe9,0x10 }, { 0x47,0x13,0x6d,0xd6 },
1006 { 0x61,0x8c,0x9a,0xd7 }, { 0x0c,0x7a,0x37,0xa1 },
1007 { 0x14,0x8e,0x59,0xf8 }, { 0x3c,0x89,0xeb,0x13 },
1008 { 0x27,0xee,0xce,0xa9 }, { 0xc9,0x35,0xb7,0x61 },
1009 { 0xe5,0xed,0xe1,0x1c }, { 0xb1,0x3c,0x7a,0x47 },
1010 { 0xdf,0x59,0x9c,0xd2 }, { 0x73,0x3f,0x55,0xf2 },
1011 { 0xce,0x79,0x18,0x14 }, { 0x37,0xbf,0x73,0xc7 },
1012 { 0xcd,0xea,0x53,0xf7 }, { 0xaa,0x5b,0x5f,0xfd },
1013 { 0x6f,0x14,0xdf,0x3d }, { 0xdb,0x86,0x78,0x44 },
1014 { 0xf3,0x81,0xca,0xaf }, { 0xc4,0x3e,0xb9,0x68 },
1015 { 0x34,0x2c,0x38,0x24 }, { 0x40,0x5f,0xc2,0xa3 },
1016 { 0xc3,0x72,0x16,0x1d }, { 0x25,0x0c,0xbc,0xe2 },
1017 { 0x49,0x8b,0x28,0x3c }, { 0x95,0x41,0xff,0x0d },
1018 { 0x01,0x71,0x39,0xa8 }, { 0xb3,0xde,0x08,0x0c },
1019 { 0xe4,0x9c,0xd8,0xb4 }, { 0xc1,0x90,0x64,0x56 },
1020 { 0x84,0x61,0x7b,0xcb }, { 0xb6,0x70,0xd5,0x32 },
1021 { 0x5c,0x74,0x48,0x6c }, { 0x57,0x42,0xd0,0xb8 }
1022};
1023
1024static const byte T8[256][4] = {
1025 { 0xf4,0xa7,0x50,0x51 }, { 0x41,0x65,0x53,0x7e },
1026 { 0x17,0xa4,0xc3,0x1a }, { 0x27,0x5e,0x96,0x3a },
1027 { 0xab,0x6b,0xcb,0x3b }, { 0x9d,0x45,0xf1,0x1f },
1028 { 0xfa,0x58,0xab,0xac }, { 0xe3,0x03,0x93,0x4b },
1029 { 0x30,0xfa,0x55,0x20 }, { 0x76,0x6d,0xf6,0xad },
1030 { 0xcc,0x76,0x91,0x88 }, { 0x02,0x4c,0x25,0xf5 },
1031 { 0xe5,0xd7,0xfc,0x4f }, { 0x2a,0xcb,0xd7,0xc5 },
1032 { 0x35,0x44,0x80,0x26 }, { 0x62,0xa3,0x8f,0xb5 },
1033 { 0xb1,0x5a,0x49,0xde }, { 0xba,0x1b,0x67,0x25 },
1034 { 0xea,0x0e,0x98,0x45 }, { 0xfe,0xc0,0xe1,0x5d },
1035 { 0x2f,0x75,0x02,0xc3 }, { 0x4c,0xf0,0x12,0x81 },
1036 { 0x46,0x97,0xa3,0x8d }, { 0xd3,0xf9,0xc6,0x6b },
1037 { 0x8f,0x5f,0xe7,0x03 }, { 0x92,0x9c,0x95,0x15 },
1038 { 0x6d,0x7a,0xeb,0xbf }, { 0x52,0x59,0xda,0x95 },
1039 { 0xbe,0x83,0x2d,0xd4 }, { 0x74,0x21,0xd3,0x58 },
1040 { 0xe0,0x69,0x29,0x49 }, { 0xc9,0xc8,0x44,0x8e },
1041 { 0xc2,0x89,0x6a,0x75 }, { 0x8e,0x79,0x78,0xf4 },
1042 { 0x58,0x3e,0x6b,0x99 }, { 0xb9,0x71,0xdd,0x27 },
1043 { 0xe1,0x4f,0xb6,0xbe }, { 0x88,0xad,0x17,0xf0 },
1044 { 0x20,0xac,0x66,0xc9 }, { 0xce,0x3a,0xb4,0x7d },
1045 { 0xdf,0x4a,0x18,0x63 }, { 0x1a,0x31,0x82,0xe5 },
1046 { 0x51,0x33,0x60,0x97 }, { 0x53,0x7f,0x45,0x62 },
1047 { 0x64,0x77,0xe0,0xb1 }, { 0x6b,0xae,0x84,0xbb },
1048 { 0x81,0xa0,0x1c,0xfe }, { 0x08,0x2b,0x94,0xf9 },
1049 { 0x48,0x68,0x58,0x70 }, { 0x45,0xfd,0x19,0x8f },
1050 { 0xde,0x6c,0x87,0x94 }, { 0x7b,0xf8,0xb7,0x52 },
1051 { 0x73,0xd3,0x23,0xab }, { 0x4b,0x02,0xe2,0x72 },
1052 { 0x1f,0x8f,0x57,0xe3 }, { 0x55,0xab,0x2a,0x66 },
1053 { 0xeb,0x28,0x07,0xb2 }, { 0xb5,0xc2,0x03,0x2f },
1054 { 0xc5,0x7b,0x9a,0x86 }, { 0x37,0x08,0xa5,0xd3 },
1055 { 0x28,0x87,0xf2,0x30 }, { 0xbf,0xa5,0xb2,0x23 },
1056 { 0x03,0x6a,0xba,0x02 }, { 0x16,0x82,0x5c,0xed },
1057 { 0xcf,0x1c,0x2b,0x8a }, { 0x79,0xb4,0x92,0xa7 },
1058 { 0x07,0xf2,0xf0,0xf3 }, { 0x69,0xe2,0xa1,0x4e },
1059 { 0xda,0xf4,0xcd,0x65 }, { 0x05,0xbe,0xd5,0x06 },
1060 { 0x34,0x62,0x1f,0xd1 }, { 0xa6,0xfe,0x8a,0xc4 },
1061 { 0x2e,0x53,0x9d,0x34 }, { 0xf3,0x55,0xa0,0xa2 },
1062 { 0x8a,0xe1,0x32,0x05 }, { 0xf6,0xeb,0x75,0xa4 },
1063 { 0x83,0xec,0x39,0x0b }, { 0x60,0xef,0xaa,0x40 },
1064 { 0x71,0x9f,0x06,0x5e }, { 0x6e,0x10,0x51,0xbd },
1065 { 0x21,0x8a,0xf9,0x3e }, { 0xdd,0x06,0x3d,0x96 },
1066 { 0x3e,0x05,0xae,0xdd }, { 0xe6,0xbd,0x46,0x4d },
1067 { 0x54,0x8d,0xb5,0x91 }, { 0xc4,0x5d,0x05,0x71 },
1068 { 0x06,0xd4,0x6f,0x04 }, { 0x50,0x15,0xff,0x60 },
1069 { 0x98,0xfb,0x24,0x19 }, { 0xbd,0xe9,0x97,0xd6 },
1070 { 0x40,0x43,0xcc,0x89 }, { 0xd9,0x9e,0x77,0x67 },
1071 { 0xe8,0x42,0xbd,0xb0 }, { 0x89,0x8b,0x88,0x07 },
1072 { 0x19,0x5b,0x38,0xe7 }, { 0xc8,0xee,0xdb,0x79 },
1073 { 0x7c,0x0a,0x47,0xa1 }, { 0x42,0x0f,0xe9,0x7c },
1074 { 0x84,0x1e,0xc9,0xf8 }, { 0x00,0x00,0x00,0x00 },
1075 { 0x80,0x86,0x83,0x09 }, { 0x2b,0xed,0x48,0x32 },
1076 { 0x11,0x70,0xac,0x1e }, { 0x5a,0x72,0x4e,0x6c },
1077 { 0x0e,0xff,0xfb,0xfd }, { 0x85,0x38,0x56,0x0f },
1078 { 0xae,0xd5,0x1e,0x3d }, { 0x2d,0x39,0x27,0x36 },
1079 { 0x0f,0xd9,0x64,0x0a }, { 0x5c,0xa6,0x21,0x68 },
1080 { 0x5b,0x54,0xd1,0x9b }, { 0x36,0x2e,0x3a,0x24 },
1081 { 0x0a,0x67,0xb1,0x0c }, { 0x57,0xe7,0x0f,0x93 },
1082 { 0xee,0x96,0xd2,0xb4 }, { 0x9b,0x91,0x9e,0x1b },
1083 { 0xc0,0xc5,0x4f,0x80 }, { 0xdc,0x20,0xa2,0x61 },
1084 { 0x77,0x4b,0x69,0x5a }, { 0x12,0x1a,0x16,0x1c },
1085 { 0x93,0xba,0x0a,0xe2 }, { 0xa0,0x2a,0xe5,0xc0 },
1086 { 0x22,0xe0,0x43,0x3c }, { 0x1b,0x17,0x1d,0x12 },
1087 { 0x09,0x0d,0x0b,0x0e }, { 0x8b,0xc7,0xad,0xf2 },
1088 { 0xb6,0xa8,0xb9,0x2d }, { 0x1e,0xa9,0xc8,0x14 },
1089 { 0xf1,0x19,0x85,0x57 }, { 0x75,0x07,0x4c,0xaf },
1090 { 0x99,0xdd,0xbb,0xee }, { 0x7f,0x60,0xfd,0xa3 },
1091 { 0x01,0x26,0x9f,0xf7 }, { 0x72,0xf5,0xbc,0x5c },
1092 { 0x66,0x3b,0xc5,0x44 }, { 0xfb,0x7e,0x34,0x5b },
1093 { 0x43,0x29,0x76,0x8b }, { 0x23,0xc6,0xdc,0xcb },
1094 { 0xed,0xfc,0x68,0xb6 }, { 0xe4,0xf1,0x63,0xb8 },
1095 { 0x31,0xdc,0xca,0xd7 }, { 0x63,0x85,0x10,0x42 },
1096 { 0x97,0x22,0x40,0x13 }, { 0xc6,0x11,0x20,0x84 },
1097 { 0x4a,0x24,0x7d,0x85 }, { 0xbb,0x3d,0xf8,0xd2 },
1098 { 0xf9,0x32,0x11,0xae }, { 0x29,0xa1,0x6d,0xc7 },
1099 { 0x9e,0x2f,0x4b,0x1d }, { 0xb2,0x30,0xf3,0xdc },
1100 { 0x86,0x52,0xec,0x0d }, { 0xc1,0xe3,0xd0,0x77 },
1101 { 0xb3,0x16,0x6c,0x2b }, { 0x70,0xb9,0x99,0xa9 },
1102 { 0x94,0x48,0xfa,0x11 }, { 0xe9,0x64,0x22,0x47 },
1103 { 0xfc,0x8c,0xc4,0xa8 }, { 0xf0,0x3f,0x1a,0xa0 },
1104 { 0x7d,0x2c,0xd8,0x56 }, { 0x33,0x90,0xef,0x22 },
1105 { 0x49,0x4e,0xc7,0x87 }, { 0x38,0xd1,0xc1,0xd9 },
1106 { 0xca,0xa2,0xfe,0x8c }, { 0xd4,0x0b,0x36,0x98 },
1107 { 0xf5,0x81,0xcf,0xa6 }, { 0x7a,0xde,0x28,0xa5 },
1108 { 0xb7,0x8e,0x26,0xda }, { 0xad,0xbf,0xa4,0x3f },
1109 { 0x3a,0x9d,0xe4,0x2c }, { 0x78,0x92,0x0d,0x50 },
1110 { 0x5f,0xcc,0x9b,0x6a }, { 0x7e,0x46,0x62,0x54 },
1111 { 0x8d,0x13,0xc2,0xf6 }, { 0xd8,0xb8,0xe8,0x90 },
1112 { 0x39,0xf7,0x5e,0x2e }, { 0xc3,0xaf,0xf5,0x82 },
1113 { 0x5d,0x80,0xbe,0x9f }, { 0xd0,0x93,0x7c,0x69 },
1114 { 0xd5,0x2d,0xa9,0x6f }, { 0x25,0x12,0xb3,0xcf },
1115 { 0xac,0x99,0x3b,0xc8 }, { 0x18,0x7d,0xa7,0x10 },
1116 { 0x9c,0x63,0x6e,0xe8 }, { 0x3b,0xbb,0x7b,0xdb },
1117 { 0x26,0x78,0x09,0xcd }, { 0x59,0x18,0xf4,0x6e },
1118 { 0x9a,0xb7,0x01,0xec }, { 0x4f,0x9a,0xa8,0x83 },
1119 { 0x95,0x6e,0x65,0xe6 }, { 0xff,0xe6,0x7e,0xaa },
1120 { 0xbc,0xcf,0x08,0x21 }, { 0x15,0xe8,0xe6,0xef },
1121 { 0xe7,0x9b,0xd9,0xba }, { 0x6f,0x36,0xce,0x4a },
1122 { 0x9f,0x09,0xd4,0xea }, { 0xb0,0x7c,0xd6,0x29 },
1123 { 0xa4,0xb2,0xaf,0x31 }, { 0x3f,0x23,0x31,0x2a },
1124 { 0xa5,0x94,0x30,0xc6 }, { 0xa2,0x66,0xc0,0x35 },
1125 { 0x4e,0xbc,0x37,0x74 }, { 0x82,0xca,0xa6,0xfc },
1126 { 0x90,0xd0,0xb0,0xe0 }, { 0xa7,0xd8,0x15,0x33 },
1127 { 0x04,0x98,0x4a,0xf1 }, { 0xec,0xda,0xf7,0x41 },
1128 { 0xcd,0x50,0x0e,0x7f }, { 0x91,0xf6,0x2f,0x17 },
1129 { 0x4d,0xd6,0x8d,0x76 }, { 0xef,0xb0,0x4d,0x43 },
1130 { 0xaa,0x4d,0x54,0xcc }, { 0x96,0x04,0xdf,0xe4 },
1131 { 0xd1,0xb5,0xe3,0x9e }, { 0x6a,0x88,0x1b,0x4c },
1132 { 0x2c,0x1f,0xb8,0xc1 }, { 0x65,0x51,0x7f,0x46 },
1133 { 0x5e,0xea,0x04,0x9d }, { 0x8c,0x35,0x5d,0x01 },
1134 { 0x87,0x74,0x73,0xfa }, { 0x0b,0x41,0x2e,0xfb },
1135 { 0x67,0x1d,0x5a,0xb3 }, { 0xdb,0xd2,0x52,0x92 },
1136 { 0x10,0x56,0x33,0xe9 }, { 0xd6,0x47,0x13,0x6d },
1137 { 0xd7,0x61,0x8c,0x9a }, { 0xa1,0x0c,0x7a,0x37 },
1138 { 0xf8,0x14,0x8e,0x59 }, { 0x13,0x3c,0x89,0xeb },
1139 { 0xa9,0x27,0xee,0xce }, { 0x61,0xc9,0x35,0xb7 },
1140 { 0x1c,0xe5,0xed,0xe1 }, { 0x47,0xb1,0x3c,0x7a },
1141 { 0xd2,0xdf,0x59,0x9c }, { 0xf2,0x73,0x3f,0x55 },
1142 { 0x14,0xce,0x79,0x18 }, { 0xc7,0x37,0xbf,0x73 },
1143 { 0xf7,0xcd,0xea,0x53 }, { 0xfd,0xaa,0x5b,0x5f },
1144 { 0x3d,0x6f,0x14,0xdf }, { 0x44,0xdb,0x86,0x78 },
1145 { 0xaf,0xf3,0x81,0xca }, { 0x68,0xc4,0x3e,0xb9 },
1146 { 0x24,0x34,0x2c,0x38 }, { 0xa3,0x40,0x5f,0xc2 },
1147 { 0x1d,0xc3,0x72,0x16 }, { 0xe2,0x25,0x0c,0xbc },
1148 { 0x3c,0x49,0x8b,0x28 }, { 0x0d,0x95,0x41,0xff },
1149 { 0xa8,0x01,0x71,0x39 }, { 0x0c,0xb3,0xde,0x08 },
1150 { 0xb4,0xe4,0x9c,0xd8 }, { 0x56,0xc1,0x90,0x64 },
1151 { 0xcb,0x84,0x61,0x7b }, { 0x32,0xb6,0x70,0xd5 },
1152 { 0x6c,0x5c,0x74,0x48 }, { 0xb8,0x57,0x42,0xd0 }
1153};
1154
1155static const byte S5[256] = {
1156 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
1157 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
1158 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
1159 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
1160 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
1161 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
1162 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
1163 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
1164 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
1165 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
1166 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
1167 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
1168 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
1169 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
1170 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
1171 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
1172 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
1173 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
1174 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
1175 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
1176 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
1177 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
1178 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
1179 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
1180 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
1181 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
1182 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
1183 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
1184 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
1185 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
1186 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
1187 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
1188};
1189
1190static const byte U1[256][4] = {
1191 { 0x00,0x00,0x00,0x00 }, { 0x0e,0x09,0x0d,0x0b },
1192 { 0x1c,0x12,0x1a,0x16 }, { 0x12,0x1b,0x17,0x1d },
1193 { 0x38,0x24,0x34,0x2c }, { 0x36,0x2d,0x39,0x27 },
1194 { 0x24,0x36,0x2e,0x3a }, { 0x2a,0x3f,0x23,0x31 },
1195 { 0x70,0x48,0x68,0x58 }, { 0x7e,0x41,0x65,0x53 },
1196 { 0x6c,0x5a,0x72,0x4e }, { 0x62,0x53,0x7f,0x45 },
1197 { 0x48,0x6c,0x5c,0x74 }, { 0x46,0x65,0x51,0x7f },
1198 { 0x54,0x7e,0x46,0x62 }, { 0x5a,0x77,0x4b,0x69 },
1199 { 0xe0,0x90,0xd0,0xb0 }, { 0xee,0x99,0xdd,0xbb },
1200 { 0xfc,0x82,0xca,0xa6 }, { 0xf2,0x8b,0xc7,0xad },
1201 { 0xd8,0xb4,0xe4,0x9c }, { 0xd6,0xbd,0xe9,0x97 },
1202 { 0xc4,0xa6,0xfe,0x8a }, { 0xca,0xaf,0xf3,0x81 },
1203 { 0x90,0xd8,0xb8,0xe8 }, { 0x9e,0xd1,0xb5,0xe3 },
1204 { 0x8c,0xca,0xa2,0xfe }, { 0x82,0xc3,0xaf,0xf5 },
1205 { 0xa8,0xfc,0x8c,0xc4 }, { 0xa6,0xf5,0x81,0xcf },
1206 { 0xb4,0xee,0x96,0xd2 }, { 0xba,0xe7,0x9b,0xd9 },
1207 { 0xdb,0x3b,0xbb,0x7b }, { 0xd5,0x32,0xb6,0x70 },
1208 { 0xc7,0x29,0xa1,0x6d }, { 0xc9,0x20,0xac,0x66 },
1209 { 0xe3,0x1f,0x8f,0x57 }, { 0xed,0x16,0x82,0x5c },
1210 { 0xff,0x0d,0x95,0x41 }, { 0xf1,0x04,0x98,0x4a },
1211 { 0xab,0x73,0xd3,0x23 }, { 0xa5,0x7a,0xde,0x28 },
1212 { 0xb7,0x61,0xc9,0x35 }, { 0xb9,0x68,0xc4,0x3e },
1213 { 0x93,0x57,0xe7,0x0f }, { 0x9d,0x5e,0xea,0x04 },
1214 { 0x8f,0x45,0xfd,0x19 }, { 0x81,0x4c,0xf0,0x12 },
1215 { 0x3b,0xab,0x6b,0xcb }, { 0x35,0xa2,0x66,0xc0 },
1216 { 0x27,0xb9,0x71,0xdd }, { 0x29,0xb0,0x7c,0xd6 },
1217 { 0x03,0x8f,0x5f,0xe7 }, { 0x0d,0x86,0x52,0xec },
1218 { 0x1f,0x9d,0x45,0xf1 }, { 0x11,0x94,0x48,0xfa },
1219 { 0x4b,0xe3,0x03,0x93 }, { 0x45,0xea,0x0e,0x98 },
1220 { 0x57,0xf1,0x19,0x85 }, { 0x59,0xf8,0x14,0x8e },
1221 { 0x73,0xc7,0x37,0xbf }, { 0x7d,0xce,0x3a,0xb4 },
1222 { 0x6f,0xd5,0x2d,0xa9 }, { 0x61,0xdc,0x20,0xa2 },
1223 { 0xad,0x76,0x6d,0xf6 }, { 0xa3,0x7f,0x60,0xfd },
1224 { 0xb1,0x64,0x77,0xe0 }, { 0xbf,0x6d,0x7a,0xeb },
1225 { 0x95,0x52,0x59,0xda }, { 0x9b,0x5b,0x54,0xd1 },
1226 { 0x89,0x40,0x43,0xcc }, { 0x87,0x49,0x4e,0xc7 },
1227 { 0xdd,0x3e,0x05,0xae }, { 0xd3,0x37,0x08,0xa5 },
1228 { 0xc1,0x2c,0x1f,0xb8 }, { 0xcf,0x25,0x12,0xb3 },
1229 { 0xe5,0x1a,0x31,0x82 }, { 0xeb,0x13,0x3c,0x89 },
1230 { 0xf9,0x08,0x2b,0x94 }, { 0xf7,0x01,0x26,0x9f },
1231 { 0x4d,0xe6,0xbd,0x46 }, { 0x43,0xef,0xb0,0x4d },
1232 { 0x51,0xf4,0xa7,0x50 }, { 0x5f,0xfd,0xaa,0x5b },
1233 { 0x75,0xc2,0x89,0x6a }, { 0x7b,0xcb,0x84,0x61 },
1234 { 0x69,0xd0,0x93,0x7c }, { 0x67,0xd9,0x9e,0x77 },
1235 { 0x3d,0xae,0xd5,0x1e }, { 0x33,0xa7,0xd8,0x15 },
1236 { 0x21,0xbc,0xcf,0x08 }, { 0x2f,0xb5,0xc2,0x03 },
1237 { 0x05,0x8a,0xe1,0x32 }, { 0x0b,0x83,0xec,0x39 },
1238 { 0x19,0x98,0xfb,0x24 }, { 0x17,0x91,0xf6,0x2f },
1239 { 0x76,0x4d,0xd6,0x8d }, { 0x78,0x44,0xdb,0x86 },
1240 { 0x6a,0x5f,0xcc,0x9b }, { 0x64,0x56,0xc1,0x90 },
1241 { 0x4e,0x69,0xe2,0xa1 }, { 0x40,0x60,0xef,0xaa },
1242 { 0x52,0x7b,0xf8,0xb7 }, { 0x5c,0x72,0xf5,0xbc },
1243 { 0x06,0x05,0xbe,0xd5 }, { 0x08,0x0c,0xb3,0xde },
1244 { 0x1a,0x17,0xa4,0xc3 }, { 0x14,0x1e,0xa9,0xc8 },
1245 { 0x3e,0x21,0x8a,0xf9 }, { 0x30,0x28,0x87,0xf2 },
1246 { 0x22,0x33,0x90,0xef }, { 0x2c,0x3a,0x9d,0xe4 },
1247 { 0x96,0xdd,0x06,0x3d }, { 0x98,0xd4,0x0b,0x36 },
1248 { 0x8a,0xcf,0x1c,0x2b }, { 0x84,0xc6,0x11,0x20 },
1249 { 0xae,0xf9,0x32,0x11 }, { 0xa0,0xf0,0x3f,0x1a },
1250 { 0xb2,0xeb,0x28,0x07 }, { 0xbc,0xe2,0x25,0x0c },
1251 { 0xe6,0x95,0x6e,0x65 }, { 0xe8,0x9c,0x63,0x6e },
1252 { 0xfa,0x87,0x74,0x73 }, { 0xf4,0x8e,0x79,0x78 },
1253 { 0xde,0xb1,0x5a,0x49 }, { 0xd0,0xb8,0x57,0x42 },
1254 { 0xc2,0xa3,0x40,0x5f }, { 0xcc,0xaa,0x4d,0x54 },
1255 { 0x41,0xec,0xda,0xf7 }, { 0x4f,0xe5,0xd7,0xfc },
1256 { 0x5d,0xfe,0xc0,0xe1 }, { 0x53,0xf7,0xcd,0xea },
1257 { 0x79,0xc8,0xee,0xdb }, { 0x77,0xc1,0xe3,0xd0 },
1258 { 0x65,0xda,0xf4,0xcd }, { 0x6b,0xd3,0xf9,0xc6 },
1259 { 0x31,0xa4,0xb2,0xaf }, { 0x3f,0xad,0xbf,0xa4 },
1260 { 0x2d,0xb6,0xa8,0xb9 }, { 0x23,0xbf,0xa5,0xb2 },
1261 { 0x09,0x80,0x86,0x83 }, { 0x07,0x89,0x8b,0x88 },
1262 { 0x15,0x92,0x9c,0x95 }, { 0x1b,0x9b,0x91,0x9e },
1263 { 0xa1,0x7c,0x0a,0x47 }, { 0xaf,0x75,0x07,0x4c },
1264 { 0xbd,0x6e,0x10,0x51 }, { 0xb3,0x67,0x1d,0x5a },
1265 { 0x99,0x58,0x3e,0x6b }, { 0x97,0x51,0x33,0x60 },
1266 { 0x85,0x4a,0x24,0x7d }, { 0x8b,0x43,0x29,0x76 },
1267 { 0xd1,0x34,0x62,0x1f }, { 0xdf,0x3d,0x6f,0x14 },
1268 { 0xcd,0x26,0x78,0x09 }, { 0xc3,0x2f,0x75,0x02 },
1269 { 0xe9,0x10,0x56,0x33 }, { 0xe7,0x19,0x5b,0x38 },
1270 { 0xf5,0x02,0x4c,0x25 }, { 0xfb,0x0b,0x41,0x2e },
1271 { 0x9a,0xd7,0x61,0x8c }, { 0x94,0xde,0x6c,0x87 },
1272 { 0x86,0xc5,0x7b,0x9a }, { 0x88,0xcc,0x76,0x91 },
1273 { 0xa2,0xf3,0x55,0xa0 }, { 0xac,0xfa,0x58,0xab },
1274 { 0xbe,0xe1,0x4f,0xb6 }, { 0xb0,0xe8,0x42,0xbd },
1275 { 0xea,0x9f,0x09,0xd4 }, { 0xe4,0x96,0x04,0xdf },
1276 { 0xf6,0x8d,0x13,0xc2 }, { 0xf8,0x84,0x1e,0xc9 },
1277 { 0xd2,0xbb,0x3d,0xf8 }, { 0xdc,0xb2,0x30,0xf3 },
1278 { 0xce,0xa9,0x27,0xee }, { 0xc0,0xa0,0x2a,0xe5 },
1279 { 0x7a,0x47,0xb1,0x3c }, { 0x74,0x4e,0xbc,0x37 },
1280 { 0x66,0x55,0xab,0x2a }, { 0x68,0x5c,0xa6,0x21 },
1281 { 0x42,0x63,0x85,0x10 }, { 0x4c,0x6a,0x88,0x1b },
1282 { 0x5e,0x71,0x9f,0x06 }, { 0x50,0x78,0x92,0x0d },
1283 { 0x0a,0x0f,0xd9,0x64 }, { 0x04,0x06,0xd4,0x6f },
1284 { 0x16,0x1d,0xc3,0x72 }, { 0x18,0x14,0xce,0x79 },
1285 { 0x32,0x2b,0xed,0x48 }, { 0x3c,0x22,0xe0,0x43 },
1286 { 0x2e,0x39,0xf7,0x5e }, { 0x20,0x30,0xfa,0x55 },
1287 { 0xec,0x9a,0xb7,0x01 }, { 0xe2,0x93,0xba,0x0a },
1288 { 0xf0,0x88,0xad,0x17 }, { 0xfe,0x81,0xa0,0x1c },
1289 { 0xd4,0xbe,0x83,0x2d }, { 0xda,0xb7,0x8e,0x26 },
1290 { 0xc8,0xac,0x99,0x3b }, { 0xc6,0xa5,0x94,0x30 },
1291 { 0x9c,0xd2,0xdf,0x59 }, { 0x92,0xdb,0xd2,0x52 },
1292 { 0x80,0xc0,0xc5,0x4f }, { 0x8e,0xc9,0xc8,0x44 },
1293 { 0xa4,0xf6,0xeb,0x75 }, { 0xaa,0xff,0xe6,0x7e },
1294 { 0xb8,0xe4,0xf1,0x63 }, { 0xb6,0xed,0xfc,0x68 },
1295 { 0x0c,0x0a,0x67,0xb1 }, { 0x02,0x03,0x6a,0xba },
1296 { 0x10,0x18,0x7d,0xa7 }, { 0x1e,0x11,0x70,0xac },
1297 { 0x34,0x2e,0x53,0x9d }, { 0x3a,0x27,0x5e,0x96 },
1298 { 0x28,0x3c,0x49,0x8b }, { 0x26,0x35,0x44,0x80 },
1299 { 0x7c,0x42,0x0f,0xe9 }, { 0x72,0x4b,0x02,0xe2 },
1300 { 0x60,0x50,0x15,0xff }, { 0x6e,0x59,0x18,0xf4 },
1301 { 0x44,0x66,0x3b,0xc5 }, { 0x4a,0x6f,0x36,0xce },
1302 { 0x58,0x74,0x21,0xd3 }, { 0x56,0x7d,0x2c,0xd8 },
1303 { 0x37,0xa1,0x0c,0x7a }, { 0x39,0xa8,0x01,0x71 },
1304 { 0x2b,0xb3,0x16,0x6c }, { 0x25,0xba,0x1b,0x67 },
1305 { 0x0f,0x85,0x38,0x56 }, { 0x01,0x8c,0x35,0x5d },
1306 { 0x13,0x97,0x22,0x40 }, { 0x1d,0x9e,0x2f,0x4b },
1307 { 0x47,0xe9,0x64,0x22 }, { 0x49,0xe0,0x69,0x29 },
1308 { 0x5b,0xfb,0x7e,0x34 }, { 0x55,0xf2,0x73,0x3f },
1309 { 0x7f,0xcd,0x50,0x0e }, { 0x71,0xc4,0x5d,0x05 },
1310 { 0x63,0xdf,0x4a,0x18 }, { 0x6d,0xd6,0x47,0x13 },
1311 { 0xd7,0x31,0xdc,0xca }, { 0xd9,0x38,0xd1,0xc1 },
1312 { 0xcb,0x23,0xc6,0xdc }, { 0xc5,0x2a,0xcb,0xd7 },
1313 { 0xef,0x15,0xe8,0xe6 }, { 0xe1,0x1c,0xe5,0xed },
1314 { 0xf3,0x07,0xf2,0xf0 }, { 0xfd,0x0e,0xff,0xfb },
1315 { 0xa7,0x79,0xb4,0x92 }, { 0xa9,0x70,0xb9,0x99 },
1316 { 0xbb,0x6b,0xae,0x84 }, { 0xb5,0x62,0xa3,0x8f },
1317 { 0x9f,0x5d,0x80,0xbe }, { 0x91,0x54,0x8d,0xb5 },
1318 { 0x83,0x4f,0x9a,0xa8 }, { 0x8d,0x46,0x97,0xa3 }
1319};
1320
1321static const byte U2[256][4] = {
1322 { 0x00,0x00,0x00,0x00 }, { 0x0b,0x0e,0x09,0x0d },
1323 { 0x16,0x1c,0x12,0x1a }, { 0x1d,0x12,0x1b,0x17 },
1324 { 0x2c,0x38,0x24,0x34 }, { 0x27,0x36,0x2d,0x39 },
1325 { 0x3a,0x24,0x36,0x2e }, { 0x31,0x2a,0x3f,0x23 },
1326 { 0x58,0x70,0x48,0x68 }, { 0x53,0x7e,0x41,0x65 },
1327 { 0x4e,0x6c,0x5a,0x72 }, { 0x45,0x62,0x53,0x7f },
1328 { 0x74,0x48,0x6c,0x5c }, { 0x7f,0x46,0x65,0x51 },
1329 { 0x62,0x54,0x7e,0x46 }, { 0x69,0x5a,0x77,0x4b },
1330 { 0xb0,0xe0,0x90,0xd0 }, { 0xbb,0xee,0x99,0xdd },
1331 { 0xa6,0xfc,0x82,0xca }, { 0xad,0xf2,0x8b,0xc7 },
1332 { 0x9c,0xd8,0xb4,0xe4 }, { 0x97,0xd6,0xbd,0xe9 },
1333 { 0x8a,0xc4,0xa6,0xfe }, { 0x81,0xca,0xaf,0xf3 },
1334 { 0xe8,0x90,0xd8,0xb8 }, { 0xe3,0x9e,0xd1,0xb5 },
1335 { 0xfe,0x8c,0xca,0xa2 }, { 0xf5,0x82,0xc3,0xaf },
1336 { 0xc4,0xa8,0xfc,0x8c }, { 0xcf,0xa6,0xf5,0x81 },
1337 { 0xd2,0xb4,0xee,0x96 }, { 0xd9,0xba,0xe7,0x9b },
1338 { 0x7b,0xdb,0x3b,0xbb }, { 0x70,0xd5,0x32,0xb6 },
1339 { 0x6d,0xc7,0x29,0xa1 }, { 0x66,0xc9,0x20,0xac },
1340 { 0x57,0xe3,0x1f,0x8f }, { 0x5c,0xed,0x16,0x82 },
1341 { 0x41,0xff,0x0d,0x95 }, { 0x4a,0xf1,0x04,0x98 },
1342 { 0x23,0xab,0x73,0xd3 }, { 0x28,0xa5,0x7a,0xde },
1343 { 0x35,0xb7,0x61,0xc9 }, { 0x3e,0xb9,0x68,0xc4 },
1344 { 0x0f,0x93,0x57,0xe7 }, { 0x04,0x9d,0x5e,0xea },
1345 { 0x19,0x8f,0x45,0xfd }, { 0x12,0x81,0x4c,0xf0 },
1346 { 0xcb,0x3b,0xab,0x6b }, { 0xc0,0x35,0xa2,0x66 },
1347 { 0xdd,0x27,0xb9,0x71 }, { 0xd6,0x29,0xb0,0x7c },
1348 { 0xe7,0x03,0x8f,0x5f }, { 0xec,0x0d,0x86,0x52 },
1349 { 0xf1,0x1f,0x9d,0x45 }, { 0xfa,0x11,0x94,0x48 },
1350 { 0x93,0x4b,0xe3,0x03 }, { 0x98,0x45,0xea,0x0e },
1351 { 0x85,0x57,0xf1,0x19 }, { 0x8e,0x59,0xf8,0x14 },
1352 { 0xbf,0x73,0xc7,0x37 }, { 0xb4,0x7d,0xce,0x3a },
1353 { 0xa9,0x6f,0xd5,0x2d }, { 0xa2,0x61,0xdc,0x20 },
1354 { 0xf6,0xad,0x76,0x6d }, { 0xfd,0xa3,0x7f,0x60 },
1355 { 0xe0,0xb1,0x64,0x77 }, { 0xeb,0xbf,0x6d,0x7a },
1356 { 0xda,0x95,0x52,0x59 }, { 0xd1,0x9b,0x5b,0x54 },
1357 { 0xcc,0x89,0x40,0x43 }, { 0xc7,0x87,0x49,0x4e },
1358 { 0xae,0xdd,0x3e,0x05 }, { 0xa5,0xd3,0x37,0x08 },
1359 { 0xb8,0xc1,0x2c,0x1f }, { 0xb3,0xcf,0x25,0x12 },
1360 { 0x82,0xe5,0x1a,0x31 }, { 0x89,0xeb,0x13,0x3c },
1361 { 0x94,0xf9,0x08,0x2b }, { 0x9f,0xf7,0x01,0x26 },
1362 { 0x46,0x4d,0xe6,0xbd }, { 0x4d,0x43,0xef,0xb0 },
1363 { 0x50,0x51,0xf4,0xa7 }, { 0x5b,0x5f,0xfd,0xaa },
1364 { 0x6a,0x75,0xc2,0x89 }, { 0x61,0x7b,0xcb,0x84 },
1365 { 0x7c,0x69,0xd0,0x93 }, { 0x77,0x67,0xd9,0x9e },
1366 { 0x1e,0x3d,0xae,0xd5 }, { 0x15,0x33,0xa7,0xd8 },
1367 { 0x08,0x21,0xbc,0xcf }, { 0x03,0x2f,0xb5,0xc2 },
1368 { 0x32,0x05,0x8a,0xe1 }, { 0x39,0x0b,0x83,0xec },
1369 { 0x24,0x19,0x98,0xfb }, { 0x2f,0x17,0x91,0xf6 },
1370 { 0x8d,0x76,0x4d,0xd6 }, { 0x86,0x78,0x44,0xdb },
1371 { 0x9b,0x6a,0x5f,0xcc }, { 0x90,0x64,0x56,0xc1 },
1372 { 0xa1,0x4e,0x69,0xe2 }, { 0xaa,0x40,0x60,0xef },
1373 { 0xb7,0x52,0x7b,0xf8 }, { 0xbc,0x5c,0x72,0xf5 },
1374 { 0xd5,0x06,0x05,0xbe }, { 0xde,0x08,0x0c,0xb3 },
1375 { 0xc3,0x1a,0x17,0xa4 }, { 0xc8,0x14,0x1e,0xa9 },
1376 { 0xf9,0x3e,0x21,0x8a }, { 0xf2,0x30,0x28,0x87 },
1377 { 0xef,0x22,0x33,0x90 }, { 0xe4,0x2c,0x3a,0x9d },
1378 { 0x3d,0x96,0xdd,0x06 }, { 0x36,0x98,0xd4,0x0b },
1379 { 0x2b,0x8a,0xcf,0x1c }, { 0x20,0x84,0xc6,0x11 },
1380 { 0x11,0xae,0xf9,0x32 }, { 0x1a,0xa0,0xf0,0x3f },
1381 { 0x07,0xb2,0xeb,0x28 }, { 0x0c,0xbc,0xe2,0x25 },
1382 { 0x65,0xe6,0x95,0x6e }, { 0x6e,0xe8,0x9c,0x63 },
1383 { 0x73,0xfa,0x87,0x74 }, { 0x78,0xf4,0x8e,0x79 },
1384 { 0x49,0xde,0xb1,0x5a }, { 0x42,0xd0,0xb8,0x57 },
1385 { 0x5f,0xc2,0xa3,0x40 }, { 0x54,0xcc,0xaa,0x4d },
1386 { 0xf7,0x41,0xec,0xda }, { 0xfc,0x4f,0xe5,0xd7 },
1387 { 0xe1,0x5d,0xfe,0xc0 }, { 0xea,0x53,0xf7,0xcd },
1388 { 0xdb,0x79,0xc8,0xee }, { 0xd0,0x77,0xc1,0xe3 },
1389 { 0xcd,0x65,0xda,0xf4 }, { 0xc6,0x6b,0xd3,0xf9 },
1390 { 0xaf,0x31,0xa4,0xb2 }, { 0xa4,0x3f,0xad,0xbf },
1391 { 0xb9,0x2d,0xb6,0xa8 }, { 0xb2,0x23,0xbf,0xa5 },
1392 { 0x83,0x09,0x80,0x86 }, { 0x88,0x07,0x89,0x8b },
1393 { 0x95,0x15,0x92,0x9c }, { 0x9e,0x1b,0x9b,0x91 },
1394 { 0x47,0xa1,0x7c,0x0a }, { 0x4c,0xaf,0x75,0x07 },
1395 { 0x51,0xbd,0x6e,0x10 }, { 0x5a,0xb3,0x67,0x1d },
1396 { 0x6b,0x99,0x58,0x3e }, { 0x60,0x97,0x51,0x33 },
1397 { 0x7d,0x85,0x4a,0x24 }, { 0x76,0x8b,0x43,0x29 },
1398 { 0x1f,0xd1,0x34,0x62 }, { 0x14,0xdf,0x3d,0x6f },
1399 { 0x09,0xcd,0x26,0x78 }, { 0x02,0xc3,0x2f,0x75 },
1400 { 0x33,0xe9,0x10,0x56 }, { 0x38,0xe7,0x19,0x5b },
1401 { 0x25,0xf5,0x02,0x4c }, { 0x2e,0xfb,0x0b,0x41 },
1402 { 0x8c,0x9a,0xd7,0x61 }, { 0x87,0x94,0xde,0x6c },
1403 { 0x9a,0x86,0xc5,0x7b }, { 0x91,0x88,0xcc,0x76 },
1404 { 0xa0,0xa2,0xf3,0x55 }, { 0xab,0xac,0xfa,0x58 },
1405 { 0xb6,0xbe,0xe1,0x4f }, { 0xbd,0xb0,0xe8,0x42 },
1406 { 0xd4,0xea,0x9f,0x09 }, { 0xdf,0xe4,0x96,0x04 },
1407 { 0xc2,0xf6,0x8d,0x13 }, { 0xc9,0xf8,0x84,0x1e },
1408 { 0xf8,0xd2,0xbb,0x3d }, { 0xf3,0xdc,0xb2,0x30 },
1409 { 0xee,0xce,0xa9,0x27 }, { 0xe5,0xc0,0xa0,0x2a },
1410 { 0x3c,0x7a,0x47,0xb1 }, { 0x37,0x74,0x4e,0xbc },
1411 { 0x2a,0x66,0x55,0xab }, { 0x21,0x68,0x5c,0xa6 },
1412 { 0x10,0x42,0x63,0x85 }, { 0x1b,0x4c,0x6a,0x88 },
1413 { 0x06,0x5e,0x71,0x9f }, { 0x0d,0x50,0x78,0x92 },
1414 { 0x64,0x0a,0x0f,0xd9 }, { 0x6f,0x04,0x06,0xd4 },
1415 { 0x72,0x16,0x1d,0xc3 }, { 0x79,0x18,0x14,0xce },
1416 { 0x48,0x32,0x2b,0xed }, { 0x43,0x3c,0x22,0xe0 },
1417 { 0x5e,0x2e,0x39,0xf7 }, { 0x55,0x20,0x30,0xfa },
1418 { 0x01,0xec,0x9a,0xb7 }, { 0x0a,0xe2,0x93,0xba },
1419 { 0x17,0xf0,0x88,0xad }, { 0x1c,0xfe,0x81,0xa0 },
1420 { 0x2d,0xd4,0xbe,0x83 }, { 0x26,0xda,0xb7,0x8e },
1421 { 0x3b,0xc8,0xac,0x99 }, { 0x30,0xc6,0xa5,0x94 },
1422 { 0x59,0x9c,0xd2,0xdf }, { 0x52,0x92,0xdb,0xd2 },
1423 { 0x4f,0x80,0xc0,0xc5 }, { 0x44,0x8e,0xc9,0xc8 },
1424 { 0x75,0xa4,0xf6,0xeb }, { 0x7e,0xaa,0xff,0xe6 },
1425 { 0x63,0xb8,0xe4,0xf1 }, { 0x68,0xb6,0xed,0xfc },
1426 { 0xb1,0x0c,0x0a,0x67 }, { 0xba,0x02,0x03,0x6a },
1427 { 0xa7,0x10,0x18,0x7d }, { 0xac,0x1e,0x11,0x70 },
1428 { 0x9d,0x34,0x2e,0x53 }, { 0x96,0x3a,0x27,0x5e },
1429 { 0x8b,0x28,0x3c,0x49 }, { 0x80,0x26,0x35,0x44 },
1430 { 0xe9,0x7c,0x42,0x0f }, { 0xe2,0x72,0x4b,0x02 },
1431 { 0xff,0x60,0x50,0x15 }, { 0xf4,0x6e,0x59,0x18 },
1432 { 0xc5,0x44,0x66,0x3b }, { 0xce,0x4a,0x6f,0x36 },
1433 { 0xd3,0x58,0x74,0x21 }, { 0xd8,0x56,0x7d,0x2c },
1434 { 0x7a,0x37,0xa1,0x0c }, { 0x71,0x39,0xa8,0x01 },
1435 { 0x6c,0x2b,0xb3,0x16 }, { 0x67,0x25,0xba,0x1b },
1436 { 0x56,0x0f,0x85,0x38 }, { 0x5d,0x01,0x8c,0x35 },
1437 { 0x40,0x13,0x97,0x22 }, { 0x4b,0x1d,0x9e,0x2f },
1438 { 0x22,0x47,0xe9,0x64 }, { 0x29,0x49,0xe0,0x69 },
1439 { 0x34,0x5b,0xfb,0x7e }, { 0x3f,0x55,0xf2,0x73 },
1440 { 0x0e,0x7f,0xcd,0x50 }, { 0x05,0x71,0xc4,0x5d },
1441 { 0x18,0x63,0xdf,0x4a }, { 0x13,0x6d,0xd6,0x47 },
1442 { 0xca,0xd7,0x31,0xdc }, { 0xc1,0xd9,0x38,0xd1 },
1443 { 0xdc,0xcb,0x23,0xc6 }, { 0xd7,0xc5,0x2a,0xcb },
1444 { 0xe6,0xef,0x15,0xe8 }, { 0xed,0xe1,0x1c,0xe5 },
1445 { 0xf0,0xf3,0x07,0xf2 }, { 0xfb,0xfd,0x0e,0xff },
1446 { 0x92,0xa7,0x79,0xb4 }, { 0x99,0xa9,0x70,0xb9 },
1447 { 0x84,0xbb,0x6b,0xae }, { 0x8f,0xb5,0x62,0xa3 },
1448 { 0xbe,0x9f,0x5d,0x80 }, { 0xb5,0x91,0x54,0x8d },
1449 { 0xa8,0x83,0x4f,0x9a }, { 0xa3,0x8d,0x46,0x97 }
1450};
1451
1452static const byte U3[256][4] = {
1453 { 0x00,0x00,0x00,0x00 }, { 0x0d,0x0b,0x0e,0x09 },
1454 { 0x1a,0x16,0x1c,0x12 }, { 0x17,0x1d,0x12,0x1b },
1455 { 0x34,0x2c,0x38,0x24 }, { 0x39,0x27,0x36,0x2d },
1456 { 0x2e,0x3a,0x24,0x36 }, { 0x23,0x31,0x2a,0x3f },
1457 { 0x68,0x58,0x70,0x48 }, { 0x65,0x53,0x7e,0x41 },
1458 { 0x72,0x4e,0x6c,0x5a }, { 0x7f,0x45,0x62,0x53 },
1459 { 0x5c,0x74,0x48,0x6c }, { 0x51,0x7f,0x46,0x65 },
1460 { 0x46,0x62,0x54,0x7e }, { 0x4b,0x69,0x5a,0x77 },
1461 { 0xd0,0xb0,0xe0,0x90 }, { 0xdd,0xbb,0xee,0x99 },
1462 { 0xca,0xa6,0xfc,0x82 }, { 0xc7,0xad,0xf2,0x8b },
1463 { 0xe4,0x9c,0xd8,0xb4 }, { 0xe9,0x97,0xd6,0xbd },
1464 { 0xfe,0x8a,0xc4,0xa6 }, { 0xf3,0x81,0xca,0xaf },
1465 { 0xb8,0xe8,0x90,0xd8 }, { 0xb5,0xe3,0x9e,0xd1 },
1466 { 0xa2,0xfe,0x8c,0xca }, { 0xaf,0xf5,0x82,0xc3 },
1467 { 0x8c,0xc4,0xa8,0xfc }, { 0x81,0xcf,0xa6,0xf5 },
1468 { 0x96,0xd2,0xb4,0xee }, { 0x9b,0xd9,0xba,0xe7 },
1469 { 0xbb,0x7b,0xdb,0x3b }, { 0xb6,0x70,0xd5,0x32 },
1470 { 0xa1,0x6d,0xc7,0x29 }, { 0xac,0x66,0xc9,0x20 },
1471 { 0x8f,0x57,0xe3,0x1f }, { 0x82,0x5c,0xed,0x16 },
1472 { 0x95,0x41,0xff,0x0d }, { 0x98,0x4a,0xf1,0x04 },
1473 { 0xd3,0x23,0xab,0x73 }, { 0xde,0x28,0xa5,0x7a },
1474 { 0xc9,0x35,0xb7,0x61 }, { 0xc4,0x3e,0xb9,0x68 },
1475 { 0xe7,0x0f,0x93,0x57 }, { 0xea,0x04,0x9d,0x5e },
1476 { 0xfd,0x19,0x8f,0x45 }, { 0xf0,0x12,0x81,0x4c },
1477 { 0x6b,0xcb,0x3b,0xab }, { 0x66,0xc0,0x35,0xa2 },
1478 { 0x71,0xdd,0x27,0xb9 }, { 0x7c,0xd6,0x29,0xb0 },
1479 { 0x5f,0xe7,0x03,0x8f }, { 0x52,0xec,0x0d,0x86 },
1480 { 0x45,0xf1,0x1f,0x9d }, { 0x48,0xfa,0x11,0x94 },
1481 { 0x03,0x93,0x4b,0xe3 }, { 0x0e,0x98,0x45,0xea },
1482 { 0x19,0x85,0x57,0xf1 }, { 0x14,0x8e,0x59,0xf8 },
1483 { 0x37,0xbf,0x73,0xc7 }, { 0x3a,0xb4,0x7d,0xce },
1484 { 0x2d,0xa9,0x6f,0xd5 }, { 0x20,0xa2,0x61,0xdc },
1485 { 0x6d,0xf6,0xad,0x76 }, { 0x60,0xfd,0xa3,0x7f },
1486 { 0x77,0xe0,0xb1,0x64 }, { 0x7a,0xeb,0xbf,0x6d },
1487 { 0x59,0xda,0x95,0x52 }, { 0x54,0xd1,0x9b,0x5b },
1488 { 0x43,0xcc,0x89,0x40 }, { 0x4e,0xc7,0x87,0x49 },
1489 { 0x05,0xae,0xdd,0x3e }, { 0x08,0xa5,0xd3,0x37 },
1490 { 0x1f,0xb8,0xc1,0x2c }, { 0x12,0xb3,0xcf,0x25 },
1491 { 0x31,0x82,0xe5,0x1a }, { 0x3c,0x89,0xeb,0x13 },
1492 { 0x2b,0x94,0xf9,0x08 }, { 0x26,0x9f,0xf7,0x01 },
1493 { 0xbd,0x46,0x4d,0xe6 }, { 0xb0,0x4d,0x43,0xef },
1494 { 0xa7,0x50,0x51,0xf4 }, { 0xaa,0x5b,0x5f,0xfd },
1495 { 0x89,0x6a,0x75,0xc2 }, { 0x84,0x61,0x7b,0xcb },
1496 { 0x93,0x7c,0x69,0xd0 }, { 0x9e,0x77,0x67,0xd9 },
1497 { 0xd5,0x1e,0x3d,0xae }, { 0xd8,0x15,0x33,0xa7 },
1498 { 0xcf,0x08,0x21,0xbc }, { 0xc2,0x03,0x2f,0xb5 },
1499 { 0xe1,0x32,0x05,0x8a }, { 0xec,0x39,0x0b,0x83 },
1500 { 0xfb,0x24,0x19,0x98 }, { 0xf6,0x2f,0x17,0x91 },
1501 { 0xd6,0x8d,0x76,0x4d }, { 0xdb,0x86,0x78,0x44 },
1502 { 0xcc,0x9b,0x6a,0x5f }, { 0xc1,0x90,0x64,0x56 },
1503 { 0xe2,0xa1,0x4e,0x69 }, { 0xef,0xaa,0x40,0x60 },
1504 { 0xf8,0xb7,0x52,0x7b }, { 0xf5,0xbc,0x5c,0x72 },
1505 { 0xbe,0xd5,0x06,0x05 }, { 0xb3,0xde,0x08,0x0c },
1506 { 0xa4,0xc3,0x1a,0x17 }, { 0xa9,0xc8,0x14,0x1e },
1507 { 0x8a,0xf9,0x3e,0x21 }, { 0x87,0xf2,0x30,0x28 },
1508 { 0x90,0xef,0x22,0x33 }, { 0x9d,0xe4,0x2c,0x3a },
1509 { 0x06,0x3d,0x96,0xdd }, { 0x0b,0x36,0x98,0xd4 },
1510 { 0x1c,0x2b,0x8a,0xcf }, { 0x11,0x20,0x84,0xc6 },
1511 { 0x32,0x11,0xae,0xf9 }, { 0x3f,0x1a,0xa0,0xf0 },
1512 { 0x28,0x07,0xb2,0xeb }, { 0x25,0x0c,0xbc,0xe2 },
1513 { 0x6e,0x65,0xe6,0x95 }, { 0x63,0x6e,0xe8,0x9c },
1514 { 0x74,0x73,0xfa,0x87 }, { 0x79,0x78,0xf4,0x8e },
1515 { 0x5a,0x49,0xde,0xb1 }, { 0x57,0x42,0xd0,0xb8 },
1516 { 0x40,0x5f,0xc2,0xa3 }, { 0x4d,0x54,0xcc,0xaa },
1517 { 0xda,0xf7,0x41,0xec }, { 0xd7,0xfc,0x4f,0xe5 },
1518 { 0xc0,0xe1,0x5d,0xfe }, { 0xcd,0xea,0x53,0xf7 },
1519 { 0xee,0xdb,0x79,0xc8 }, { 0xe3,0xd0,0x77,0xc1 },
1520 { 0xf4,0xcd,0x65,0xda }, { 0xf9,0xc6,0x6b,0xd3 },
1521 { 0xb2,0xaf,0x31,0xa4 }, { 0xbf,0xa4,0x3f,0xad },
1522 { 0xa8,0xb9,0x2d,0xb6 }, { 0xa5,0xb2,0x23,0xbf },
1523 { 0x86,0x83,0x09,0x80 }, { 0x8b,0x88,0x07,0x89 },
1524 { 0x9c,0x95,0x15,0x92 }, { 0x91,0x9e,0x1b,0x9b },
1525 { 0x0a,0x47,0xa1,0x7c }, { 0x07,0x4c,0xaf,0x75 },
1526 { 0x10,0x51,0xbd,0x6e }, { 0x1d,0x5a,0xb3,0x67 },
1527 { 0x3e,0x6b,0x99,0x58 }, { 0x33,0x60,0x97,0x51 },
1528 { 0x24,0x7d,0x85,0x4a }, { 0x29,0x76,0x8b,0x43 },
1529 { 0x62,0x1f,0xd1,0x34 }, { 0x6f,0x14,0xdf,0x3d },
1530 { 0x78,0x09,0xcd,0x26 }, { 0x75,0x02,0xc3,0x2f },
1531 { 0x56,0x33,0xe9,0x10 }, { 0x5b,0x38,0xe7,0x19 },
1532 { 0x4c,0x25,0xf5,0x02 }, { 0x41,0x2e,0xfb,0x0b },
1533 { 0x61,0x8c,0x9a,0xd7 }, { 0x6c,0x87,0x94,0xde },
1534 { 0x7b,0x9a,0x86,0xc5 }, { 0x76,0x91,0x88,0xcc },
1535 { 0x55,0xa0,0xa2,0xf3 }, { 0x58,0xab,0xac,0xfa },
1536 { 0x4f,0xb6,0xbe,0xe1 }, { 0x42,0xbd,0xb0,0xe8 },
1537 { 0x09,0xd4,0xea,0x9f }, { 0x04,0xdf,0xe4,0x96 },
1538 { 0x13,0xc2,0xf6,0x8d }, { 0x1e,0xc9,0xf8,0x84 },
1539 { 0x3d,0xf8,0xd2,0xbb }, { 0x30,0xf3,0xdc,0xb2 },
1540 { 0x27,0xee,0xce,0xa9 }, { 0x2a,0xe5,0xc0,0xa0 },
1541 { 0xb1,0x3c,0x7a,0x47 }, { 0xbc,0x37,0x74,0x4e },
1542 { 0xab,0x2a,0x66,0x55 }, { 0xa6,0x21,0x68,0x5c },
1543 { 0x85,0x10,0x42,0x63 }, { 0x88,0x1b,0x4c,0x6a },
1544 { 0x9f,0x06,0x5e,0x71 }, { 0x92,0x0d,0x50,0x78 },
1545 { 0xd9,0x64,0x0a,0x0f }, { 0xd4,0x6f,0x04,0x06 },
1546 { 0xc3,0x72,0x16,0x1d }, { 0xce,0x79,0x18,0x14 },
1547 { 0xed,0x48,0x32,0x2b }, { 0xe0,0x43,0x3c,0x22 },
1548 { 0xf7,0x5e,0x2e,0x39 }, { 0xfa,0x55,0x20,0x30 },
1549 { 0xb7,0x01,0xec,0x9a }, { 0xba,0x0a,0xe2,0x93 },
1550 { 0xad,0x17,0xf0,0x88 }, { 0xa0,0x1c,0xfe,0x81 },
1551 { 0x83,0x2d,0xd4,0xbe }, { 0x8e,0x26,0xda,0xb7 },
1552 { 0x99,0x3b,0xc8,0xac }, { 0x94,0x30,0xc6,0xa5 },
1553 { 0xdf,0x59,0x9c,0xd2 }, { 0xd2,0x52,0x92,0xdb },
1554 { 0xc5,0x4f,0x80,0xc0 }, { 0xc8,0x44,0x8e,0xc9 },
1555 { 0xeb,0x75,0xa4,0xf6 }, { 0xe6,0x7e,0xaa,0xff },
1556 { 0xf1,0x63,0xb8,0xe4 }, { 0xfc,0x68,0xb6,0xed },
1557 { 0x67,0xb1,0x0c,0x0a }, { 0x6a,0xba,0x02,0x03 },
1558 { 0x7d,0xa7,0x10,0x18 }, { 0x70,0xac,0x1e,0x11 },
1559 { 0x53,0x9d,0x34,0x2e }, { 0x5e,0x96,0x3a,0x27 },
1560 { 0x49,0x8b,0x28,0x3c }, { 0x44,0x80,0x26,0x35 },
1561 { 0x0f,0xe9,0x7c,0x42 }, { 0x02,0xe2,0x72,0x4b },
1562 { 0x15,0xff,0x60,0x50 }, { 0x18,0xf4,0x6e,0x59 },
1563 { 0x3b,0xc5,0x44,0x66 }, { 0x36,0xce,0x4a,0x6f },
1564 { 0x21,0xd3,0x58,0x74 }, { 0x2c,0xd8,0x56,0x7d },
1565 { 0x0c,0x7a,0x37,0xa1 }, { 0x01,0x71,0x39,0xa8 },
1566 { 0x16,0x6c,0x2b,0xb3 }, { 0x1b,0x67,0x25,0xba },
1567 { 0x38,0x56,0x0f,0x85 }, { 0x35,0x5d,0x01,0x8c },
1568 { 0x22,0x40,0x13,0x97 }, { 0x2f,0x4b,0x1d,0x9e },
1569 { 0x64,0x22,0x47,0xe9 }, { 0x69,0x29,0x49,0xe0 },
1570 { 0x7e,0x34,0x5b,0xfb }, { 0x73,0x3f,0x55,0xf2 },
1571 { 0x50,0x0e,0x7f,0xcd }, { 0x5d,0x05,0x71,0xc4 },
1572 { 0x4a,0x18,0x63,0xdf }, { 0x47,0x13,0x6d,0xd6 },
1573 { 0xdc,0xca,0xd7,0x31 }, { 0xd1,0xc1,0xd9,0x38 },
1574 { 0xc6,0xdc,0xcb,0x23 }, { 0xcb,0xd7,0xc5,0x2a },
1575 { 0xe8,0xe6,0xef,0x15 }, { 0xe5,0xed,0xe1,0x1c },
1576 { 0xf2,0xf0,0xf3,0x07 }, { 0xff,0xfb,0xfd,0x0e },
1577 { 0xb4,0x92,0xa7,0x79 }, { 0xb9,0x99,0xa9,0x70 },
1578 { 0xae,0x84,0xbb,0x6b }, { 0xa3,0x8f,0xb5,0x62 },
1579 { 0x80,0xbe,0x9f,0x5d }, { 0x8d,0xb5,0x91,0x54 },
1580 { 0x9a,0xa8,0x83,0x4f }, { 0x97,0xa3,0x8d,0x46 }
1581};
1582
1583static const byte U4[256][4] = {
1584 { 0x00,0x00,0x00,0x00 }, { 0x09,0x0d,0x0b,0x0e },
1585 { 0x12,0x1a,0x16,0x1c }, { 0x1b,0x17,0x1d,0x12 },
1586 { 0x24,0x34,0x2c,0x38 }, { 0x2d,0x39,0x27,0x36 },
1587 { 0x36,0x2e,0x3a,0x24 }, { 0x3f,0x23,0x31,0x2a },
1588 { 0x48,0x68,0x58,0x70 }, { 0x41,0x65,0x53,0x7e },
1589 { 0x5a,0x72,0x4e,0x6c }, { 0x53,0x7f,0x45,0x62 },
1590 { 0x6c,0x5c,0x74,0x48 }, { 0x65,0x51,0x7f,0x46 },
1591 { 0x7e,0x46,0x62,0x54 }, { 0x77,0x4b,0x69,0x5a },
1592 { 0x90,0xd0,0xb0,0xe0 }, { 0x99,0xdd,0xbb,0xee },
1593 { 0x82,0xca,0xa6,0xfc }, { 0x8b,0xc7,0xad,0xf2 },
1594 { 0xb4,0xe4,0x9c,0xd8 }, { 0xbd,0xe9,0x97,0xd6 },
1595 { 0xa6,0xfe,0x8a,0xc4 }, { 0xaf,0xf3,0x81,0xca },
1596 { 0xd8,0xb8,0xe8,0x90 }, { 0xd1,0xb5,0xe3,0x9e },
1597 { 0xca,0xa2,0xfe,0x8c }, { 0xc3,0xaf,0xf5,0x82 },
1598 { 0xfc,0x8c,0xc4,0xa8 }, { 0xf5,0x81,0xcf,0xa6 },
1599 { 0xee,0x96,0xd2,0xb4 }, { 0xe7,0x9b,0xd9,0xba },
1600 { 0x3b,0xbb,0x7b,0xdb }, { 0x32,0xb6,0x70,0xd5 },
1601 { 0x29,0xa1,0x6d,0xc7 }, { 0x20,0xac,0x66,0xc9 },
1602 { 0x1f,0x8f,0x57,0xe3 }, { 0x16,0x82,0x5c,0xed },
1603 { 0x0d,0x95,0x41,0xff }, { 0x04,0x98,0x4a,0xf1 },
1604 { 0x73,0xd3,0x23,0xab }, { 0x7a,0xde,0x28,0xa5 },
1605 { 0x61,0xc9,0x35,0xb7 }, { 0x68,0xc4,0x3e,0xb9 },
1606 { 0x57,0xe7,0x0f,0x93 }, { 0x5e,0xea,0x04,0x9d },
1607 { 0x45,0xfd,0x19,0x8f }, { 0x4c,0xf0,0x12,0x81 },
1608 { 0xab,0x6b,0xcb,0x3b }, { 0xa2,0x66,0xc0,0x35 },
1609 { 0xb9,0x71,0xdd,0x27 }, { 0xb0,0x7c,0xd6,0x29 },
1610 { 0x8f,0x5f,0xe7,0x03 }, { 0x86,0x52,0xec,0x0d },
1611 { 0x9d,0x45,0xf1,0x1f }, { 0x94,0x48,0xfa,0x11 },
1612 { 0xe3,0x03,0x93,0x4b }, { 0xea,0x0e,0x98,0x45 },
1613 { 0xf1,0x19,0x85,0x57 }, { 0xf8,0x14,0x8e,0x59 },
1614 { 0xc7,0x37,0xbf,0x73 }, { 0xce,0x3a,0xb4,0x7d },
1615 { 0xd5,0x2d,0xa9,0x6f }, { 0xdc,0x20,0xa2,0x61 },
1616 { 0x76,0x6d,0xf6,0xad }, { 0x7f,0x60,0xfd,0xa3 },
1617 { 0x64,0x77,0xe0,0xb1 }, { 0x6d,0x7a,0xeb,0xbf },
1618 { 0x52,0x59,0xda,0x95 }, { 0x5b,0x54,0xd1,0x9b },
1619 { 0x40,0x43,0xcc,0x89 }, { 0x49,0x4e,0xc7,0x87 },
1620 { 0x3e,0x05,0xae,0xdd }, { 0x37,0x08,0xa5,0xd3 },
1621 { 0x2c,0x1f,0xb8,0xc1 }, { 0x25,0x12,0xb3,0xcf },
1622 { 0x1a,0x31,0x82,0xe5 }, { 0x13,0x3c,0x89,0xeb },
1623 { 0x08,0x2b,0x94,0xf9 }, { 0x01,0x26,0x9f,0xf7 },
1624 { 0xe6,0xbd,0x46,0x4d }, { 0xef,0xb0,0x4d,0x43 },
1625 { 0xf4,0xa7,0x50,0x51 }, { 0xfd,0xaa,0x5b,0x5f },
1626 { 0xc2,0x89,0x6a,0x75 }, { 0xcb,0x84,0x61,0x7b },
1627 { 0xd0,0x93,0x7c,0x69 }, { 0xd9,0x9e,0x77,0x67 },
1628 { 0xae,0xd5,0x1e,0x3d }, { 0xa7,0xd8,0x15,0x33 },
1629 { 0xbc,0xcf,0x08,0x21 }, { 0xb5,0xc2,0x03,0x2f },
1630 { 0x8a,0xe1,0x32,0x05 }, { 0x83,0xec,0x39,0x0b },
1631 { 0x98,0xfb,0x24,0x19 }, { 0x91,0xf6,0x2f,0x17 },
1632 { 0x4d,0xd6,0x8d,0x76 }, { 0x44,0xdb,0x86,0x78 },
1633 { 0x5f,0xcc,0x9b,0x6a }, { 0x56,0xc1,0x90,0x64 },
1634 { 0x69,0xe2,0xa1,0x4e }, { 0x60,0xef,0xaa,0x40 },
1635 { 0x7b,0xf8,0xb7,0x52 }, { 0x72,0xf5,0xbc,0x5c },
1636 { 0x05,0xbe,0xd5,0x06 }, { 0x0c,0xb3,0xde,0x08 },
1637 { 0x17,0xa4,0xc3,0x1a }, { 0x1e,0xa9,0xc8,0x14 },
1638 { 0x21,0x8a,0xf9,0x3e }, { 0x28,0x87,0xf2,0x30 },
1639 { 0x33,0x90,0xef,0x22 }, { 0x3a,0x9d,0xe4,0x2c },
1640 { 0xdd,0x06,0x3d,0x96 }, { 0xd4,0x0b,0x36,0x98 },
1641 { 0xcf,0x1c,0x2b,0x8a }, { 0xc6,0x11,0x20,0x84 },
1642 { 0xf9,0x32,0x11,0xae }, { 0xf0,0x3f,0x1a,0xa0 },
1643 { 0xeb,0x28,0x07,0xb2 }, { 0xe2,0x25,0x0c,0xbc },
1644 { 0x95,0x6e,0x65,0xe6 }, { 0x9c,0x63,0x6e,0xe8 },
1645 { 0x87,0x74,0x73,0xfa }, { 0x8e,0x79,0x78,0xf4 },
1646 { 0xb1,0x5a,0x49,0xde }, { 0xb8,0x57,0x42,0xd0 },
1647 { 0xa3,0x40,0x5f,0xc2 }, { 0xaa,0x4d,0x54,0xcc },
1648 { 0xec,0xda,0xf7,0x41 }, { 0xe5,0xd7,0xfc,0x4f },
1649 { 0xfe,0xc0,0xe1,0x5d }, { 0xf7,0xcd,0xea,0x53 },
1650 { 0xc8,0xee,0xdb,0x79 }, { 0xc1,0xe3,0xd0,0x77 },
1651 { 0xda,0xf4,0xcd,0x65 }, { 0xd3,0xf9,0xc6,0x6b },
1652 { 0xa4,0xb2,0xaf,0x31 }, { 0xad,0xbf,0xa4,0x3f },
1653 { 0xb6,0xa8,0xb9,0x2d }, { 0xbf,0xa5,0xb2,0x23 },
1654 { 0x80,0x86,0x83,0x09 }, { 0x89,0x8b,0x88,0x07 },
1655 { 0x92,0x9c,0x95,0x15 }, { 0x9b,0x91,0x9e,0x1b },
1656 { 0x7c,0x0a,0x47,0xa1 }, { 0x75,0x07,0x4c,0xaf },
1657 { 0x6e,0x10,0x51,0xbd }, { 0x67,0x1d,0x5a,0xb3 },
1658 { 0x58,0x3e,0x6b,0x99 }, { 0x51,0x33,0x60,0x97 },
1659 { 0x4a,0x24,0x7d,0x85 }, { 0x43,0x29,0x76,0x8b },
1660 { 0x34,0x62,0x1f,0xd1 }, { 0x3d,0x6f,0x14,0xdf },
1661 { 0x26,0x78,0x09,0xcd }, { 0x2f,0x75,0x02,0xc3 },
1662 { 0x10,0x56,0x33,0xe9 }, { 0x19,0x5b,0x38,0xe7 },
1663 { 0x02,0x4c,0x25,0xf5 }, { 0x0b,0x41,0x2e,0xfb },
1664 { 0xd7,0x61,0x8c,0x9a }, { 0xde,0x6c,0x87,0x94 },
1665 { 0xc5,0x7b,0x9a,0x86 }, { 0xcc,0x76,0x91,0x88 },
1666 { 0xf3,0x55,0xa0,0xa2 }, { 0xfa,0x58,0xab,0xac },
1667 { 0xe1,0x4f,0xb6,0xbe }, { 0xe8,0x42,0xbd,0xb0 },
1668 { 0x9f,0x09,0xd4,0xea }, { 0x96,0x04,0xdf,0xe4 },
1669 { 0x8d,0x13,0xc2,0xf6 }, { 0x84,0x1e,0xc9,0xf8 },
1670 { 0xbb,0x3d,0xf8,0xd2 }, { 0xb2,0x30,0xf3,0xdc },
1671 { 0xa9,0x27,0xee,0xce }, { 0xa0,0x2a,0xe5,0xc0 },
1672 { 0x47,0xb1,0x3c,0x7a }, { 0x4e,0xbc,0x37,0x74 },
1673 { 0x55,0xab,0x2a,0x66 }, { 0x5c,0xa6,0x21,0x68 },
1674 { 0x63,0x85,0x10,0x42 }, { 0x6a,0x88,0x1b,0x4c },
1675 { 0x71,0x9f,0x06,0x5e }, { 0x78,0x92,0x0d,0x50 },
1676 { 0x0f,0xd9,0x64,0x0a }, { 0x06,0xd4,0x6f,0x04 },
1677 { 0x1d,0xc3,0x72,0x16 }, { 0x14,0xce,0x79,0x18 },
1678 { 0x2b,0xed,0x48,0x32 }, { 0x22,0xe0,0x43,0x3c },
1679 { 0x39,0xf7,0x5e,0x2e }, { 0x30,0xfa,0x55,0x20 },
1680 { 0x9a,0xb7,0x01,0xec }, { 0x93,0xba,0x0a,0xe2 },
1681 { 0x88,0xad,0x17,0xf0 }, { 0x81,0xa0,0x1c,0xfe },
1682 { 0xbe,0x83,0x2d,0xd4 }, { 0xb7,0x8e,0x26,0xda },
1683 { 0xac,0x99,0x3b,0xc8 }, { 0xa5,0x94,0x30,0xc6 },
1684 { 0xd2,0xdf,0x59,0x9c }, { 0xdb,0xd2,0x52,0x92 },
1685 { 0xc0,0xc5,0x4f,0x80 }, { 0xc9,0xc8,0x44,0x8e },
1686 { 0xf6,0xeb,0x75,0xa4 }, { 0xff,0xe6,0x7e,0xaa },
1687 { 0xe4,0xf1,0x63,0xb8 }, { 0xed,0xfc,0x68,0xb6 },
1688 { 0x0a,0x67,0xb1,0x0c }, { 0x03,0x6a,0xba,0x02 },
1689 { 0x18,0x7d,0xa7,0x10 }, { 0x11,0x70,0xac,0x1e },
1690 { 0x2e,0x53,0x9d,0x34 }, { 0x27,0x5e,0x96,0x3a },
1691 { 0x3c,0x49,0x8b,0x28 }, { 0x35,0x44,0x80,0x26 },
1692 { 0x42,0x0f,0xe9,0x7c }, { 0x4b,0x02,0xe2,0x72 },
1693 { 0x50,0x15,0xff,0x60 }, { 0x59,0x18,0xf4,0x6e },
1694 { 0x66,0x3b,0xc5,0x44 }, { 0x6f,0x36,0xce,0x4a },
1695 { 0x74,0x21,0xd3,0x58 }, { 0x7d,0x2c,0xd8,0x56 },
1696 { 0xa1,0x0c,0x7a,0x37 }, { 0xa8,0x01,0x71,0x39 },
1697 { 0xb3,0x16,0x6c,0x2b }, { 0xba,0x1b,0x67,0x25 },
1698 { 0x85,0x38,0x56,0x0f }, { 0x8c,0x35,0x5d,0x01 },
1699 { 0x97,0x22,0x40,0x13 }, { 0x9e,0x2f,0x4b,0x1d },
1700 { 0xe9,0x64,0x22,0x47 }, { 0xe0,0x69,0x29,0x49 },
1701 { 0xfb,0x7e,0x34,0x5b }, { 0xf2,0x73,0x3f,0x55 },
1702 { 0xcd,0x50,0x0e,0x7f }, { 0xc4,0x5d,0x05,0x71 },
1703 { 0xdf,0x4a,0x18,0x63 }, { 0xd6,0x47,0x13,0x6d },
1704 { 0x31,0xdc,0xca,0xd7 }, { 0x38,0xd1,0xc1,0xd9 },
1705 { 0x23,0xc6,0xdc,0xcb }, { 0x2a,0xcb,0xd7,0xc5 },
1706 { 0x15,0xe8,0xe6,0xef }, { 0x1c,0xe5,0xed,0xe1 },
1707 { 0x07,0xf2,0xf0,0xf3 }, { 0x0e,0xff,0xfb,0xfd },
1708 { 0x79,0xb4,0x92,0xa7 }, { 0x70,0xb9,0x99,0xa9 },
1709 { 0x6b,0xae,0x84,0xbb }, { 0x62,0xa3,0x8f,0xb5 },
1710 { 0x5d,0x80,0xbe,0x9f }, { 0x54,0x8d,0xb5,0x91 },
1711 { 0x4f,0x9a,0xa8,0x83 }, { 0x46,0x97,0xa3,0x8d }
1712};
1713
1714static const u32 rcon[30] = {
1715 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c,
1716 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35,
1717 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91
1718};
1719
1720
1721
1722
1723/* Perform the key setup.
1724 */
1725static gcry_err_code_t
1726do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen)
1727{
1728 static int initialized = 0;
1729 static const char *selftest_failed=0;
1730 int ROUNDS;
1731 byte k[MAXKC][4];
1732 int i,j, r, t, rconpointer = 0;
1733 byte tk[MAXKC][4];
1734 int KC;
1735
1736 if (!initialized)
1737 {
1738 initialized = 1;
1739 selftest_failed = selftest ();
1740 if( selftest_failed )
1741 log_error ("%s\n", selftest_failed );
1742 }
1743 if( selftest_failed )
1744 return GPG_ERR_SELFTEST_FAILED;
1745
1746 if( keylen == 128/8 )
1747 {
1748 ROUNDS = 10;
1749 KC = 4;
1750 }
1751 else if ( keylen == 192/8 )
1752 {
1753 ROUNDS = 12;
1754 KC = 6;
1755 }
1756 else if ( keylen == 256/8 )
1757 {
1758 ROUNDS = 14;
1759 KC = 8;
1760 }
1761 else
1762 return GPG_ERR_INV_KEYLEN;
1763
1764 ctx->ROUNDS = ROUNDS;
1765 ctx->decryption_prepared = 0;
1766
1767 for (i = 0; i < keylen; i++)
1768 {
1769 k[i >> 2][i & 3] = key[i];
1770 }
1771#define W (ctx->keySched)
1772
1773 for (j = KC-1; j >= 0; j--)
1774 {
1775 *((u32*)tk[j]) = *((u32*)k[j]);
1776 }
1777 r = 0;
1778 t = 0;
1779 /* copy values into round key array */
1780 for (j = 0; (j < KC) && (r < ROUNDS + 1); )
1781 {
1782 for (; (j < KC) && (t < 4); j++, t++)
1783 {
1784 *((u32*)W[r][t]) = *((u32*)tk[j]);
1785 }
1786 if (t == 4)
1787 {
1788 r++;
1789 t = 0;
1790 }
1791 }
1792
1793 while (r < ROUNDS + 1)
1794 {
1795 /* While not enough round key material calculated */
1796 /* calculate new values. */
1797 tk[0][0] ^= S[tk[KC-1][1]];
1798 tk[0][1] ^= S[tk[KC-1][2]];
1799 tk[0][2] ^= S[tk[KC-1][3]];
1800 tk[0][3] ^= S[tk[KC-1][0]];
1801 tk[0][0] ^= rcon[rconpointer++];
1802
1803 if (KC != 8)
1804 {
1805 for (j = 1; j < KC; j++)
1806 {
1807 *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
1808 }
1809 }
1810 else
1811 {
1812 for (j = 1; j < KC/2; j++)
1813 {
1814 *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
1815 }
1816 tk[KC/2][0] ^= S[tk[KC/2 - 1][0]];
1817 tk[KC/2][1] ^= S[tk[KC/2 - 1][1]];
1818 tk[KC/2][2] ^= S[tk[KC/2 - 1][2]];
1819 tk[KC/2][3] ^= S[tk[KC/2 - 1][3]];
1820 for (j = KC/2 + 1; j < KC; j++)
1821 {
1822 *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
1823 }
1824 }
1825
1826 /* Copy values into round key array. */
1827 for (j = 0; (j < KC) && (r < ROUNDS + 1); )
1828 {
1829 for (; (j < KC) && (t < 4); j++, t++)
1830 {
1831 *((u32*)W[r][t]) = *((u32*)tk[j]);
1832 }
1833 if (t == 4)
1834 {
1835 r++;
1836 t = 0;
1837 }
1838 }
1839 }
1840
1841#undef W
1842 return 0;
1843}
1844
1845static gcry_err_code_t
1846rijndael_setkey (void *context, const byte *key, const unsigned keylen)
1847{
1848 RIJNDAEL_context *ctx = context;
1849
1850 int rc = do_setkey (ctx, key, keylen);
1851 _gcry_burn_stack ( 100 + 16*sizeof(int));
1852 return rc;
1853}
1854
1855
1856/* Make a decryption key from an encryption key. */
1857static void
1858prepare_decryption( RIJNDAEL_context *ctx )
1859{
1860 int r;
1861 byte *w;
1862
1863 for (r=0; r < MAXROUNDS+1; r++ )
1864 {
1865 *((u32*)ctx->keySched2[r][0]) = *((u32*)ctx->keySched[r][0]);
1866 *((u32*)ctx->keySched2[r][1]) = *((u32*)ctx->keySched[r][1]);
1867 *((u32*)ctx->keySched2[r][2]) = *((u32*)ctx->keySched[r][2]);
1868 *((u32*)ctx->keySched2[r][3]) = *((u32*)ctx->keySched[r][3]);
1869 }
1870#define W (ctx->keySched2)
1871 for (r = 1; r < ctx->ROUNDS; r++)
1872 {
1873 w = W[r][0];
1874 *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
1875 ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
1876
1877 w = W[r][1];
1878 *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
1879 ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
1880
1881 w = W[r][2];
1882 *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
1883 ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
1884
1885 w = W[r][3];
1886 *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
1887 ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
1888 }
1889#undef W
1890}
1891
1892
1893
1894/* Encrypt one block. A and B may be the same. */
1895static void
1896do_encrypt (const RIJNDAEL_context *ctx, byte *bx, const byte *ax)
1897{
1898 /* FIXME: Ugly code, replace by straighter implementaion and use
1899 optimized assembler for common CPUs. */
1900
1901 int r;
1902 union
1903 {
1904 u32 tempu32[4]; /* Force correct alignment. */
1905 byte temp[4][4];
1906 } u;
1907 int ROUNDS = ctx->ROUNDS;
1908#define rk (ctx->keySched)
1909
1910 /* BX and AX are not necessary correctly aligned. Thus we need to
1911 copy them here. */
1912 union
1913 {
1914 u32 dummy[4];
1915 byte a[16];
1916 } a;
1917 union
1918 {
1919 u32 dummy[4];
1920 byte b[16];
1921 } b;
1922
1923 memcpy (a.a, ax, 16);
1924
1925 *((u32*)u.temp[0]) = *((u32*)(a.a )) ^ *((u32*)rk[0][0]);
1926 *((u32*)u.temp[1]) = *((u32*)(a.a+ 4)) ^ *((u32*)rk[0][1]);
1927 *((u32*)u.temp[2]) = *((u32*)(a.a+ 8)) ^ *((u32*)rk[0][2]);
1928 *((u32*)u.temp[3]) = *((u32*)(a.a+12)) ^ *((u32*)rk[0][3]);
1929 *((u32*)(b.b )) = (*((u32*)T1[u.temp[0][0]])
1930 ^ *((u32*)T2[u.temp[1][1]])
1931 ^ *((u32*)T3[u.temp[2][2]])
1932 ^ *((u32*)T4[u.temp[3][3]]));
1933 *((u32*)(b.b + 4)) = (*((u32*)T1[u.temp[1][0]])
1934 ^ *((u32*)T2[u.temp[2][1]])
1935 ^ *((u32*)T3[u.temp[3][2]])
1936 ^ *((u32*)T4[u.temp[0][3]]));
1937 *((u32*)(b.b + 8)) = (*((u32*)T1[u.temp[2][0]])
1938 ^ *((u32*)T2[u.temp[3][1]])
1939 ^ *((u32*)T3[u.temp[0][2]])
1940 ^ *((u32*)T4[u.temp[1][3]]));
1941 *((u32*)(b.b +12)) = (*((u32*)T1[u.temp[3][0]])
1942 ^ *((u32*)T2[u.temp[0][1]])
1943 ^ *((u32*)T3[u.temp[1][2]])
1944 ^ *((u32*)T4[u.temp[2][3]]));
1945
1946 for (r = 1; r < ROUNDS-1; r++)
1947 {
1948 *((u32*)u.temp[0]) = *((u32*)(b.b )) ^ *((u32*)rk[r][0]);
1949 *((u32*)u.temp[1]) = *((u32*)(b.b+ 4)) ^ *((u32*)rk[r][1]);
1950 *((u32*)u.temp[2]) = *((u32*)(b.b+ 8)) ^ *((u32*)rk[r][2]);
1951 *((u32*)u.temp[3]) = *((u32*)(b.b+12)) ^ *((u32*)rk[r][3]);
1952
1953 *((u32*)(b.b )) = (*((u32*)T1[u.temp[0][0]])
1954 ^ *((u32*)T2[u.temp[1][1]])
1955 ^ *((u32*)T3[u.temp[2][2]])
1956 ^ *((u32*)T4[u.temp[3][3]]));
1957 *((u32*)(b.b + 4)) = (*((u32*)T1[u.temp[1][0]])
1958 ^ *((u32*)T2[u.temp[2][1]])
1959 ^ *((u32*)T3[u.temp[3][2]])
1960 ^ *((u32*)T4[u.temp[0][3]]));
1961 *((u32*)(b.b + 8)) = (*((u32*)T1[u.temp[2][0]])
1962 ^ *((u32*)T2[u.temp[3][1]])
1963 ^ *((u32*)T3[u.temp[0][2]])
1964 ^ *((u32*)T4[u.temp[1][3]]));
1965 *((u32*)(b.b +12)) = (*((u32*)T1[u.temp[3][0]])
1966 ^ *((u32*)T2[u.temp[0][1]])
1967 ^ *((u32*)T3[u.temp[1][2]])
1968 ^ *((u32*)T4[u.temp[2][3]]));
1969 }
1970
1971 /* Last round is special. */
1972 *((u32*)u.temp[0]) = *((u32*)(b.b )) ^ *((u32*)rk[ROUNDS-1][0]);
1973 *((u32*)u.temp[1]) = *((u32*)(b.b+ 4)) ^ *((u32*)rk[ROUNDS-1][1]);
1974 *((u32*)u.temp[2]) = *((u32*)(b.b+ 8)) ^ *((u32*)rk[ROUNDS-1][2]);
1975 *((u32*)u.temp[3]) = *((u32*)(b.b+12)) ^ *((u32*)rk[ROUNDS-1][3]);
1976 b.b[ 0] = T1[u.temp[0][0]][1];
1977 b.b[ 1] = T1[u.temp[1][1]][1];
1978 b.b[ 2] = T1[u.temp[2][2]][1];
1979 b.b[ 3] = T1[u.temp[3][3]][1];
1980 b.b[ 4] = T1[u.temp[1][0]][1];
1981 b.b[ 5] = T1[u.temp[2][1]][1];
1982 b.b[ 6] = T1[u.temp[3][2]][1];
1983 b.b[ 7] = T1[u.temp[0][3]][1];
1984 b.b[ 8] = T1[u.temp[2][0]][1];
1985 b.b[ 9] = T1[u.temp[3][1]][1];
1986 b.b[10] = T1[u.temp[0][2]][1];
1987 b.b[11] = T1[u.temp[1][3]][1];
1988 b.b[12] = T1[u.temp[3][0]][1];
1989 b.b[13] = T1[u.temp[0][1]][1];
1990 b.b[14] = T1[u.temp[1][2]][1];
1991 b.b[15] = T1[u.temp[2][3]][1];
1992 *((u32*)(b.b )) ^= *((u32*)rk[ROUNDS][0]);
1993 *((u32*)(b.b+ 4)) ^= *((u32*)rk[ROUNDS][1]);
1994 *((u32*)(b.b+ 8)) ^= *((u32*)rk[ROUNDS][2]);
1995 *((u32*)(b.b+12)) ^= *((u32*)rk[ROUNDS][3]);
1996
1997 memcpy (bx, b.b, 16);
1998#undef rk
1999}
2000
2001static void
2002rijndael_encrypt (void *context, byte *b, const byte *a)
2003{
2004 RIJNDAEL_context *ctx = context;
2005
2006 do_encrypt (ctx, b, a);
2007 _gcry_burn_stack (48 + 2*sizeof(int));
2008}
2009
2010
2011
2012/* Decrypt one block. a and b may be the same. */
2013static void
2014do_decrypt (RIJNDAEL_context *ctx, byte *bx, const byte *ax)
2015{
2016#define rk (ctx->keySched2)
2017 int ROUNDS = ctx->ROUNDS;
2018 int r;
2019 union {
2020 u32 tempu32[4]; /* Force correct alignment. */
2021 byte temp[4][4];
2022 } u;
2023
2024 /* BX and AX are not necessary correctly aligned. Thus we need to
2025 copy them here. */
2026 union
2027 {
2028 u32 dummy[4];
2029 byte a[16];
2030 } a;
2031 union
2032 {
2033 u32 dummy[4];
2034 byte b[16];
2035 } b;
2036
2037 memcpy (a.a, ax, 16);
2038
2039 if ( !ctx->decryption_prepared )
2040 {
2041 prepare_decryption ( ctx );
2042 _gcry_burn_stack (64);
2043 ctx->decryption_prepared = 1;
2044 }
2045
2046 *((u32*)u.temp[0]) = *((u32*)(a.a )) ^ *((u32*)rk[ROUNDS][0]);
2047 *((u32*)u.temp[1]) = *((u32*)(a.a+ 4)) ^ *((u32*)rk[ROUNDS][1]);
2048 *((u32*)u.temp[2]) = *((u32*)(a.a+ 8)) ^ *((u32*)rk[ROUNDS][2]);
2049 *((u32*)u.temp[3]) = *((u32*)(a.a+12)) ^ *((u32*)rk[ROUNDS][3]);
2050
2051 *((u32*)(b.b )) = (*((u32*)T5[u.temp[0][0]])
2052 ^ *((u32*)T6[u.temp[3][1]])
2053 ^ *((u32*)T7[u.temp[2][2]])
2054 ^ *((u32*)T8[u.temp[1][3]]));
2055 *((u32*)(b.b+ 4)) = (*((u32*)T5[u.temp[1][0]])
2056 ^ *((u32*)T6[u.temp[0][1]])
2057 ^ *((u32*)T7[u.temp[3][2]])
2058 ^ *((u32*)T8[u.temp[2][3]]));
2059 *((u32*)(b.b+ 8)) = (*((u32*)T5[u.temp[2][0]])
2060 ^ *((u32*)T6[u.temp[1][1]])
2061 ^ *((u32*)T7[u.temp[0][2]])
2062 ^ *((u32*)T8[u.temp[3][3]]));
2063 *((u32*)(b.b+12)) = (*((u32*)T5[u.temp[3][0]])
2064 ^ *((u32*)T6[u.temp[2][1]])
2065 ^ *((u32*)T7[u.temp[1][2]])
2066 ^ *((u32*)T8[u.temp[0][3]]));
2067
2068 for (r = ROUNDS-1; r > 1; r--)
2069 {
2070 *((u32*)u.temp[0]) = *((u32*)(b.b )) ^ *((u32*)rk[r][0]);
2071 *((u32*)u.temp[1]) = *((u32*)(b.b+ 4)) ^ *((u32*)rk[r][1]);
2072 *((u32*)u.temp[2]) = *((u32*)(b.b+ 8)) ^ *((u32*)rk[r][2]);
2073 *((u32*)u.temp[3]) = *((u32*)(b.b+12)) ^ *((u32*)rk[r][3]);
2074 *((u32*)(b.b )) = (*((u32*)T5[u.temp[0][0]])
2075 ^ *((u32*)T6[u.temp[3][1]])
2076 ^ *((u32*)T7[u.temp[2][2]])
2077 ^ *((u32*)T8[u.temp[1][3]]));
2078 *((u32*)(b.b+ 4)) = (*((u32*)T5[u.temp[1][0]])
2079 ^ *((u32*)T6[u.temp[0][1]])
2080 ^ *((u32*)T7[u.temp[3][2]])
2081 ^ *((u32*)T8[u.temp[2][3]]));
2082 *((u32*)(b.b+ 8)) = (*((u32*)T5[u.temp[2][0]])
2083 ^ *((u32*)T6[u.temp[1][1]])
2084 ^ *((u32*)T7[u.temp[0][2]])
2085 ^ *((u32*)T8[u.temp[3][3]]));
2086 *((u32*)(b.b+12)) = (*((u32*)T5[u.temp[3][0]])
2087 ^ *((u32*)T6[u.temp[2][1]])
2088 ^ *((u32*)T7[u.temp[1][2]])
2089 ^ *((u32*)T8[u.temp[0][3]]));
2090 }
2091
2092 /* Last round is special. */
2093 *((u32*)u.temp[0]) = *((u32*)(b.b )) ^ *((u32*)rk[1][0]);
2094 *((u32*)u.temp[1]) = *((u32*)(b.b+ 4)) ^ *((u32*)rk[1][1]);
2095 *((u32*)u.temp[2]) = *((u32*)(b.b+ 8)) ^ *((u32*)rk[1][2]);
2096 *((u32*)u.temp[3]) = *((u32*)(b.b+12)) ^ *((u32*)rk[1][3]);
2097 b.b[ 0] = S5[u.temp[0][0]];
2098 b.b[ 1] = S5[u.temp[3][1]];
2099 b.b[ 2] = S5[u.temp[2][2]];
2100 b.b[ 3] = S5[u.temp[1][3]];
2101 b.b[ 4] = S5[u.temp[1][0]];
2102 b.b[ 5] = S5[u.temp[0][1]];
2103 b.b[ 6] = S5[u.temp[3][2]];
2104 b.b[ 7] = S5[u.temp[2][3]];
2105 b.b[ 8] = S5[u.temp[2][0]];
2106 b.b[ 9] = S5[u.temp[1][1]];
2107 b.b[10] = S5[u.temp[0][2]];
2108 b.b[11] = S5[u.temp[3][3]];
2109 b.b[12] = S5[u.temp[3][0]];
2110 b.b[13] = S5[u.temp[2][1]];
2111 b.b[14] = S5[u.temp[1][2]];
2112 b.b[15] = S5[u.temp[0][3]];
2113 *((u32*)(b.b )) ^= *((u32*)rk[0][0]);
2114 *((u32*)(b.b+ 4)) ^= *((u32*)rk[0][1]);
2115 *((u32*)(b.b+ 8)) ^= *((u32*)rk[0][2]);
2116 *((u32*)(b.b+12)) ^= *((u32*)rk[0][3]);
2117
2118 memcpy (bx, b.b, 16);
2119#undef rk
2120}
2121
2122static void
2123rijndael_decrypt (void *context, byte *b, const byte *a)
2124{
2125 RIJNDAEL_context *ctx = context;
2126
2127 do_decrypt (ctx, b, a);
2128 _gcry_burn_stack (48+2*sizeof(int));
2129}
2130
2131
2132/* Test a single encryption and decryption with each key size. */
2133static const char*
2134selftest (void)
2135{
2136 RIJNDAEL_context ctx;
2137 byte scratch[16];
2138
2139 /* The test vectors are from the AES supplied ones; more or less
2140 * randomly taken from ecb_tbl.txt (I=42,81,14)
2141 */
2142 static byte plaintext[16] = {
2143 0x01,0x4B,0xAF,0x22,0x78,0xA6,0x9D,0x33,
2144 0x1D,0x51,0x80,0x10,0x36,0x43,0xE9,0x9A
2145 };
2146 static byte key[16] = {
2147 0xE8,0xE9,0xEA,0xEB,0xED,0xEE,0xEF,0xF0,
2148 0xF2,0xF3,0xF4,0xF5,0xF7,0xF8,0xF9,0xFA
2149 };
2150 static const byte ciphertext[16] = {
2151 0x67,0x43,0xC3,0xD1,0x51,0x9A,0xB4,0xF2,
2152 0xCD,0x9A,0x78,0xAB,0x09,0xA5,0x11,0xBD
2153 };
2154
2155 static byte plaintext_192[16] = {
2156 0x76,0x77,0x74,0x75,0xF1,0xF2,0xF3,0xF4,
2157 0xF8,0xF9,0xE6,0xE7,0x77,0x70,0x71,0x72
2158 };
2159 static byte key_192[24] = {
2160 0x04,0x05,0x06,0x07,0x09,0x0A,0x0B,0x0C,
2161 0x0E,0x0F,0x10,0x11,0x13,0x14,0x15,0x16,
2162 0x18,0x19,0x1A,0x1B,0x1D,0x1E,0x1F,0x20
2163 };
2164 static const byte ciphertext_192[16] = {
2165 0x5D,0x1E,0xF2,0x0D,0xCE,0xD6,0xBC,0xBC,
2166 0x12,0x13,0x1A,0xC7,0xC5,0x47,0x88,0xAA
2167 };
2168
2169 static byte plaintext_256[16] = {
2170 0x06,0x9A,0x00,0x7F,0xC7,0x6A,0x45,0x9F,
2171 0x98,0xBA,0xF9,0x17,0xFE,0xDF,0x95,0x21
2172 };
2173 static byte key_256[32] = {
2174 0x08,0x09,0x0A,0x0B,0x0D,0x0E,0x0F,0x10,
2175 0x12,0x13,0x14,0x15,0x17,0x18,0x19,0x1A,
2176 0x1C,0x1D,0x1E,0x1F,0x21,0x22,0x23,0x24,
2177 0x26,0x27,0x28,0x29,0x2B,0x2C,0x2D,0x2E
2178 };
2179 static const byte ciphertext_256[16] = {
2180 0x08,0x0E,0x95,0x17,0xEB,0x16,0x77,0x71,
2181 0x9A,0xCF,0x72,0x80,0x86,0x04,0x0A,0xE3
2182 };
2183
2184 rijndael_setkey (&ctx, key, sizeof(key));
2185 rijndael_encrypt (&ctx, scratch, plaintext);
2186 if (memcmp (scratch, ciphertext, sizeof (ciphertext)))
2187 return "Rijndael-128 test encryption failed.";
2188 rijndael_decrypt (&ctx, scratch, scratch);
2189 if (memcmp (scratch, plaintext, sizeof (plaintext)))
2190 return "Rijndael-128 test decryption failed.";
2191
2192 rijndael_setkey (&ctx, key_192, sizeof(key_192));
2193 rijndael_encrypt (&ctx, scratch, plaintext_192);
2194 if (memcmp (scratch, ciphertext_192, sizeof (ciphertext_192)))
2195 return "Rijndael-192 test encryption failed.";
2196 rijndael_decrypt (&ctx, scratch, scratch);
2197 if (memcmp (scratch, plaintext_192, sizeof (plaintext_192)))
2198 return "Rijndael-192 test decryption failed.";
2199
2200 rijndael_setkey (&ctx, key_256, sizeof(key_256));
2201 rijndael_encrypt (&ctx, scratch, plaintext_256);
2202 if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))
2203 return "Rijndael-256 test encryption failed.";
2204 rijndael_decrypt (&ctx, scratch, scratch);
2205 if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))
2206 return "Rijndael-256 test decryption failed.";
2207
2208 return NULL;
2209}
2210
2211
2212
2213static const char *rijndael_names[] =
2214 {
2215 "RIJNDAEL",
2216 NULL,
2217 };
2218
2219static gcry_cipher_oid_spec_t rijndael_oids[] =
2220 {
2221 { "2.16.840.1.101.3.4.1.1", GCRY_CIPHER_MODE_ECB },
2222 { "2.16.840.1.101.3.4.1.2", GCRY_CIPHER_MODE_CBC },
2223 { "2.16.840.1.101.3.4.1.3", GCRY_CIPHER_MODE_OFB },
2224 { "2.16.840.1.101.3.4.1.4", GCRY_CIPHER_MODE_CFB },
2225 { NULL }
2226 };
2227
2228gcry_cipher_spec_t _gcry_cipher_spec_aes =
2229 {
2230 "AES", rijndael_names, rijndael_oids, 16, 128, sizeof (RIJNDAEL_context),
2231 rijndael_setkey, rijndael_encrypt, rijndael_decrypt,
2232 };
2233
2234static const char *rijndael192_names[] =
2235 {
2236 "RIJNDAEL192",
2237 NULL,
2238 };
2239
2240static gcry_cipher_oid_spec_t rijndael192_oids[] =
2241 {
2242 { "2.16.840.1.101.3.4.1.21", GCRY_CIPHER_MODE_ECB },
2243 { "2.16.840.1.101.3.4.1.22", GCRY_CIPHER_MODE_CBC },
2244 { "2.16.840.1.101.3.4.1.23", GCRY_CIPHER_MODE_OFB },
2245 { "2.16.840.1.101.3.4.1.24", GCRY_CIPHER_MODE_CFB },
2246 { NULL }
2247 };
2248
2249gcry_cipher_spec_t _gcry_cipher_spec_aes192 =
2250 {
2251 "AES192", rijndael192_names, rijndael192_oids, 16, 192, sizeof (RIJNDAEL_context),
2252 rijndael_setkey, rijndael_encrypt, rijndael_decrypt,
2253 };
2254
2255static const char *rijndael256_names[] =
2256 {
2257 "RIJNDAEL256",
2258 NULL,
2259 };
2260
2261static gcry_cipher_oid_spec_t rijndael256_oids[] =
2262 {
2263 { "2.16.840.1.101.3.4.1.41", GCRY_CIPHER_MODE_ECB },
2264 { "2.16.840.1.101.3.4.1.42", GCRY_CIPHER_MODE_CBC },
2265 { "2.16.840.1.101.3.4.1.43", GCRY_CIPHER_MODE_OFB },
2266 { "2.16.840.1.101.3.4.1.44", GCRY_CIPHER_MODE_CFB },
2267 { NULL }
2268 };
2269
2270gcry_cipher_spec_t _gcry_cipher_spec_aes256 =
2271 {
2272 "AES256", rijndael256_names, rijndael256_oids, 16, 256,
2273 sizeof (RIJNDAEL_context),
2274 rijndael_setkey, rijndael_encrypt, rijndael_decrypt,
2275 };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd.h b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd.h
new file mode 100755
index 0000000..375fee3
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd.h
@@ -0,0 +1,36 @@
1/* rmd.h - RIPE-MD hash functions
2 * Copyright (C) 1998, 2001, 2002 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20#ifndef G10_RMD_H
21#define G10_RMD_H
22
23
24/* we need this here because random.c must have direct access */
25typedef struct {
26 u32 h0,h1,h2,h3,h4;
27 u32 nblocks;
28 byte buf[64];
29 int count;
30} RMD160_CONTEXT;
31
32void _gcry_rmd160_init( void *context );
33void _gcry_rmd160_mixblock( RMD160_CONTEXT *hd, char *buffer );
34
35#endif /*G10_RMD_H*/
36
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd160.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd160.c
new file mode 100755
index 0000000..f963d3d
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd160.c
@@ -0,0 +1,569 @@
1/* rmd160.c - RIPE-MD160
2 * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21#include <config.h>
22#include <stdio.h>
23#include <stdlib.h>
24#include <string.h>
25#include <assert.h>
26#include "g10lib.h"
27#include "memory.h"
28#include "rmd.h"
29#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */
30
31#include "bithelp.h"
32
33/*********************************
34 * RIPEMD-160 is not patented, see (as of 25.10.97)
35 * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
36 * Note that the code uses Little Endian byteorder, which is good for
37 * 386 etc, but we must add some conversion when used on a big endian box.
38 *
39 *
40 * Pseudo-code for RIPEMD-160
41 *
42 * RIPEMD-160 is an iterative hash function that operates on 32-bit words.
43 * The round function takes as input a 5-word chaining variable and a 16-word
44 * message block and maps this to a new chaining variable. All operations are
45 * defined on 32-bit words. Padding is identical to that of MD4.
46 *
47 *
48 * RIPEMD-160: definitions
49 *
50 *
51 * nonlinear functions at bit level: exor, mux, -, mux, -
52 *
53 * f(j, x, y, z) = x XOR y XOR z (0 <= j <= 15)
54 * f(j, x, y, z) = (x AND y) OR (NOT(x) AND z) (16 <= j <= 31)
55 * f(j, x, y, z) = (x OR NOT(y)) XOR z (32 <= j <= 47)
56 * f(j, x, y, z) = (x AND z) OR (y AND NOT(z)) (48 <= j <= 63)
57 * f(j, x, y, z) = x XOR (y OR NOT(z)) (64 <= j <= 79)
58 *
59 *
60 * added constants (hexadecimal)
61 *
62 * K(j) = 0x00000000 (0 <= j <= 15)
63 * K(j) = 0x5A827999 (16 <= j <= 31) int(2**30 x sqrt(2))
64 * K(j) = 0x6ED9EBA1 (32 <= j <= 47) int(2**30 x sqrt(3))
65 * K(j) = 0x8F1BBCDC (48 <= j <= 63) int(2**30 x sqrt(5))
66 * K(j) = 0xA953FD4E (64 <= j <= 79) int(2**30 x sqrt(7))
67 * K'(j) = 0x50A28BE6 (0 <= j <= 15) int(2**30 x cbrt(2))
68 * K'(j) = 0x5C4DD124 (16 <= j <= 31) int(2**30 x cbrt(3))
69 * K'(j) = 0x6D703EF3 (32 <= j <= 47) int(2**30 x cbrt(5))
70 * K'(j) = 0x7A6D76E9 (48 <= j <= 63) int(2**30 x cbrt(7))
71 * K'(j) = 0x00000000 (64 <= j <= 79)
72 *
73 *
74 * selection of message word
75 *
76 * r(j) = j (0 <= j <= 15)
77 * r(16..31) = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8
78 * r(32..47) = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12
79 * r(48..63) = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2
80 * r(64..79) = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13
81 * r0(0..15) = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12
82 * r0(16..31)= 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2
83 * r0(32..47)= 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13
84 * r0(48..63)= 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14
85 * r0(64..79)= 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
86 *
87 *
88 * amount for rotate left (rol)
89 *
90 * s(0..15) = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8
91 * s(16..31) = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12
92 * s(32..47) = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5
93 * s(48..63) = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12
94 * s(64..79) = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6
95 * s'(0..15) = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6
96 * s'(16..31)= 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11
97 * s'(32..47)= 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5
98 * s'(48..63)= 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8
99 * s'(64..79)= 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
100 *
101 *
102 * initial value (hexadecimal)
103 *
104 * h0 = 0x67452301; h1 = 0xEFCDAB89; h2 = 0x98BADCFE; h3 = 0x10325476;
105 * h4 = 0xC3D2E1F0;
106 *
107 *
108 * RIPEMD-160: pseudo-code
109 *
110 * It is assumed that the message after padding consists of t 16-word blocks
111 * that will be denoted with X[i][j], with 0 <= i <= t-1 and 0 <= j <= 15.
112 * The symbol [+] denotes addition modulo 2**32 and rol_s denotes cyclic left
113 * shift (rotate) over s positions.
114 *
115 *
116 * for i := 0 to t-1 {
117 * A := h0; B := h1; C := h2; D = h3; E = h4;
118 * A' := h0; B' := h1; C' := h2; D' = h3; E' = h4;
119 * for j := 0 to 79 {
120 * T := rol_s(j)(A [+] f(j, B, C, D) [+] X[i][r(j)] [+] K(j)) [+] E;
121 * A := E; E := D; D := rol_10(C); C := B; B := T;
122 * T := rol_s'(j)(A' [+] f(79-j, B', C', D') [+] X[i][r'(j)]
123 [+] K'(j)) [+] E';
124 * A' := E'; E' := D'; D' := rol_10(C'); C' := B'; B' := T;
125 * }
126 * T := h1 [+] C [+] D'; h1 := h2 [+] D [+] E'; h2 := h3 [+] E [+] A';
127 * h3 := h4 [+] A [+] B'; h4 := h0 [+] B [+] C'; h0 := T;
128 * }
129 */
130
131/* Some examples:
132 * "" 9c1185a5c5e9fc54612808977ee8f548b2258d31
133 * "a" 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe
134 * "abc" 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc
135 * "message digest" 5d0689ef49d2fae572b881b123a85ffa21595f36
136 * "a...z" f71c27109c692c1b56bbdceb5b9d2865b3708dbc
137 * "abcdbcde...nopq" 12a053384a9c0c88e405a06c27dcf49ada62eb2b
138 * "A...Za...z0...9" b0e20b6e3116640286ed3a87a5713079b21f5189
139 * 8 times "1234567890" 9b752e45573d4b39f4dbd3323cab82bf63326bfb
140 * 1 million times "a" 52783243c1697bdbe16d37f97f68f08325dc1528
141 */
142
143
144void
145_gcry_rmd160_init (void *context)
146{
147 RMD160_CONTEXT *hd = context;
148
149 hd->h0 = 0x67452301;
150 hd->h1 = 0xEFCDAB89;
151 hd->h2 = 0x98BADCFE;
152 hd->h3 = 0x10325476;
153 hd->h4 = 0xC3D2E1F0;
154 hd->nblocks = 0;
155 hd->count = 0;
156}
157
158
159
160/****************
161 * Transform the message X which consists of 16 32-bit-words
162 */
163static void
164transform( RMD160_CONTEXT *hd, byte *data )
165{
166 register u32 a,b,c,d,e;
167 u32 aa,bb,cc,dd,ee,t;
168#ifdef WORDS_BIGENDIAN
169 u32 x[16];
170 {
171 int i;
172 byte *p2, *p1;
173 for (i=0, p1=data, p2=(byte*)x; i < 16; i++, p2 += 4 )
174 {
175 p2[3] = *p1++;
176 p2[2] = *p1++;
177 p2[1] = *p1++;
178 p2[0] = *p1++;
179 }
180 }
181#else
182 /* This version is better because it is always aligned;
183 * The performance penalty on a 586-100 is about 6% which
184 * is acceptable - because the data is more local it might
185 * also be possible that this is faster on some machines.
186 * This function (when compiled with -02 on gcc 2.7.2)
187 * executes on a 586-100 (39.73 bogomips) at about 1900kb/sec;
188 * [measured with a 4MB data and "gpgm --print-md rmd160"] */
189 u32 x[16];
190 memcpy( x, data, 64 );
191#endif
192
193
194#define K0 0x00000000
195#define K1 0x5A827999
196#define K2 0x6ED9EBA1
197#define K3 0x8F1BBCDC
198#define K4 0xA953FD4E
199#define KK0 0x50A28BE6
200#define KK1 0x5C4DD124
201#define KK2 0x6D703EF3
202#define KK3 0x7A6D76E9
203#define KK4 0x00000000
204#define F0(x,y,z) ( (x) ^ (y) ^ (z) )
205#define F1(x,y,z) ( ((x) & (y)) | (~(x) & (z)) )
206#define F2(x,y,z) ( ((x) | ~(y)) ^ (z) )
207#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) )
208#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) )
209#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \
210 a = rol(t,s) + e; \
211 c = rol(c,10); \
212 } while(0)
213
214 /* left lane */
215 a = hd->h0;
216 b = hd->h1;
217 c = hd->h2;
218 d = hd->h3;
219 e = hd->h4;
220 R( a, b, c, d, e, F0, K0, 0, 11 );
221 R( e, a, b, c, d, F0, K0, 1, 14 );
222 R( d, e, a, b, c, F0, K0, 2, 15 );
223 R( c, d, e, a, b, F0, K0, 3, 12 );
224 R( b, c, d, e, a, F0, K0, 4, 5 );
225 R( a, b, c, d, e, F0, K0, 5, 8 );
226 R( e, a, b, c, d, F0, K0, 6, 7 );
227 R( d, e, a, b, c, F0, K0, 7, 9 );
228 R( c, d, e, a, b, F0, K0, 8, 11 );
229 R( b, c, d, e, a, F0, K0, 9, 13 );
230 R( a, b, c, d, e, F0, K0, 10, 14 );
231 R( e, a, b, c, d, F0, K0, 11, 15 );
232 R( d, e, a, b, c, F0, K0, 12, 6 );
233 R( c, d, e, a, b, F0, K0, 13, 7 );
234 R( b, c, d, e, a, F0, K0, 14, 9 );
235 R( a, b, c, d, e, F0, K0, 15, 8 );
236 R( e, a, b, c, d, F1, K1, 7, 7 );
237 R( d, e, a, b, c, F1, K1, 4, 6 );
238 R( c, d, e, a, b, F1, K1, 13, 8 );
239 R( b, c, d, e, a, F1, K1, 1, 13 );
240 R( a, b, c, d, e, F1, K1, 10, 11 );
241 R( e, a, b, c, d, F1, K1, 6, 9 );
242 R( d, e, a, b, c, F1, K1, 15, 7 );
243 R( c, d, e, a, b, F1, K1, 3, 15 );
244 R( b, c, d, e, a, F1, K1, 12, 7 );
245 R( a, b, c, d, e, F1, K1, 0, 12 );
246 R( e, a, b, c, d, F1, K1, 9, 15 );
247 R( d, e, a, b, c, F1, K1, 5, 9 );
248 R( c, d, e, a, b, F1, K1, 2, 11 );
249 R( b, c, d, e, a, F1, K1, 14, 7 );
250 R( a, b, c, d, e, F1, K1, 11, 13 );
251 R( e, a, b, c, d, F1, K1, 8, 12 );
252 R( d, e, a, b, c, F2, K2, 3, 11 );
253 R( c, d, e, a, b, F2, K2, 10, 13 );
254 R( b, c, d, e, a, F2, K2, 14, 6 );
255 R( a, b, c, d, e, F2, K2, 4, 7 );
256 R( e, a, b, c, d, F2, K2, 9, 14 );
257 R( d, e, a, b, c, F2, K2, 15, 9 );
258 R( c, d, e, a, b, F2, K2, 8, 13 );
259 R( b, c, d, e, a, F2, K2, 1, 15 );
260 R( a, b, c, d, e, F2, K2, 2, 14 );
261 R( e, a, b, c, d, F2, K2, 7, 8 );
262 R( d, e, a, b, c, F2, K2, 0, 13 );
263 R( c, d, e, a, b, F2, K2, 6, 6 );
264 R( b, c, d, e, a, F2, K2, 13, 5 );
265 R( a, b, c, d, e, F2, K2, 11, 12 );
266 R( e, a, b, c, d, F2, K2, 5, 7 );
267 R( d, e, a, b, c, F2, K2, 12, 5 );
268 R( c, d, e, a, b, F3, K3, 1, 11 );
269 R( b, c, d, e, a, F3, K3, 9, 12 );
270 R( a, b, c, d, e, F3, K3, 11, 14 );
271 R( e, a, b, c, d, F3, K3, 10, 15 );
272 R( d, e, a, b, c, F3, K3, 0, 14 );
273 R( c, d, e, a, b, F3, K3, 8, 15 );
274 R( b, c, d, e, a, F3, K3, 12, 9 );
275 R( a, b, c, d, e, F3, K3, 4, 8 );
276 R( e, a, b, c, d, F3, K3, 13, 9 );
277 R( d, e, a, b, c, F3, K3, 3, 14 );
278 R( c, d, e, a, b, F3, K3, 7, 5 );
279 R( b, c, d, e, a, F3, K3, 15, 6 );
280 R( a, b, c, d, e, F3, K3, 14, 8 );
281 R( e, a, b, c, d, F3, K3, 5, 6 );
282 R( d, e, a, b, c, F3, K3, 6, 5 );
283 R( c, d, e, a, b, F3, K3, 2, 12 );
284 R( b, c, d, e, a, F4, K4, 4, 9 );
285 R( a, b, c, d, e, F4, K4, 0, 15 );
286 R( e, a, b, c, d, F4, K4, 5, 5 );
287 R( d, e, a, b, c, F4, K4, 9, 11 );
288 R( c, d, e, a, b, F4, K4, 7, 6 );
289 R( b, c, d, e, a, F4, K4, 12, 8 );
290 R( a, b, c, d, e, F4, K4, 2, 13 );
291 R( e, a, b, c, d, F4, K4, 10, 12 );
292 R( d, e, a, b, c, F4, K4, 14, 5 );
293 R( c, d, e, a, b, F4, K4, 1, 12 );
294 R( b, c, d, e, a, F4, K4, 3, 13 );
295 R( a, b, c, d, e, F4, K4, 8, 14 );
296 R( e, a, b, c, d, F4, K4, 11, 11 );
297 R( d, e, a, b, c, F4, K4, 6, 8 );
298 R( c, d, e, a, b, F4, K4, 15, 5 );
299 R( b, c, d, e, a, F4, K4, 13, 6 );
300
301 aa = a; bb = b; cc = c; dd = d; ee = e;
302
303 /* right lane */
304 a = hd->h0;
305 b = hd->h1;
306 c = hd->h2;
307 d = hd->h3;
308 e = hd->h4;
309 R( a, b, c, d, e, F4, KK0, 5, 8);
310 R( e, a, b, c, d, F4, KK0, 14, 9);
311 R( d, e, a, b, c, F4, KK0, 7, 9);
312 R( c, d, e, a, b, F4, KK0, 0, 11);
313 R( b, c, d, e, a, F4, KK0, 9, 13);
314 R( a, b, c, d, e, F4, KK0, 2, 15);
315 R( e, a, b, c, d, F4, KK0, 11, 15);
316 R( d, e, a, b, c, F4, KK0, 4, 5);
317 R( c, d, e, a, b, F4, KK0, 13, 7);
318 R( b, c, d, e, a, F4, KK0, 6, 7);
319 R( a, b, c, d, e, F4, KK0, 15, 8);
320 R( e, a, b, c, d, F4, KK0, 8, 11);
321 R( d, e, a, b, c, F4, KK0, 1, 14);
322 R( c, d, e, a, b, F4, KK0, 10, 14);
323 R( b, c, d, e, a, F4, KK0, 3, 12);
324 R( a, b, c, d, e, F4, KK0, 12, 6);
325 R( e, a, b, c, d, F3, KK1, 6, 9);
326 R( d, e, a, b, c, F3, KK1, 11, 13);
327 R( c, d, e, a, b, F3, KK1, 3, 15);
328 R( b, c, d, e, a, F3, KK1, 7, 7);
329 R( a, b, c, d, e, F3, KK1, 0, 12);
330 R( e, a, b, c, d, F3, KK1, 13, 8);
331 R( d, e, a, b, c, F3, KK1, 5, 9);
332 R( c, d, e, a, b, F3, KK1, 10, 11);
333 R( b, c, d, e, a, F3, KK1, 14, 7);
334 R( a, b, c, d, e, F3, KK1, 15, 7);
335 R( e, a, b, c, d, F3, KK1, 8, 12);
336 R( d, e, a, b, c, F3, KK1, 12, 7);
337 R( c, d, e, a, b, F3, KK1, 4, 6);
338 R( b, c, d, e, a, F3, KK1, 9, 15);
339 R( a, b, c, d, e, F3, KK1, 1, 13);
340 R( e, a, b, c, d, F3, KK1, 2, 11);
341 R( d, e, a, b, c, F2, KK2, 15, 9);
342 R( c, d, e, a, b, F2, KK2, 5, 7);
343 R( b, c, d, e, a, F2, KK2, 1, 15);
344 R( a, b, c, d, e, F2, KK2, 3, 11);
345 R( e, a, b, c, d, F2, KK2, 7, 8);
346 R( d, e, a, b, c, F2, KK2, 14, 6);
347 R( c, d, e, a, b, F2, KK2, 6, 6);
348 R( b, c, d, e, a, F2, KK2, 9, 14);
349 R( a, b, c, d, e, F2, KK2, 11, 12);
350 R( e, a, b, c, d, F2, KK2, 8, 13);
351 R( d, e, a, b, c, F2, KK2, 12, 5);
352 R( c, d, e, a, b, F2, KK2, 2, 14);
353 R( b, c, d, e, a, F2, KK2, 10, 13);
354 R( a, b, c, d, e, F2, KK2, 0, 13);
355 R( e, a, b, c, d, F2, KK2, 4, 7);
356 R( d, e, a, b, c, F2, KK2, 13, 5);
357 R( c, d, e, a, b, F1, KK3, 8, 15);
358 R( b, c, d, e, a, F1, KK3, 6, 5);
359 R( a, b, c, d, e, F1, KK3, 4, 8);
360 R( e, a, b, c, d, F1, KK3, 1, 11);
361 R( d, e, a, b, c, F1, KK3, 3, 14);
362 R( c, d, e, a, b, F1, KK3, 11, 14);
363 R( b, c, d, e, a, F1, KK3, 15, 6);
364 R( a, b, c, d, e, F1, KK3, 0, 14);
365 R( e, a, b, c, d, F1, KK3, 5, 6);
366 R( d, e, a, b, c, F1, KK3, 12, 9);
367 R( c, d, e, a, b, F1, KK3, 2, 12);
368 R( b, c, d, e, a, F1, KK3, 13, 9);
369 R( a, b, c, d, e, F1, KK3, 9, 12);
370 R( e, a, b, c, d, F1, KK3, 7, 5);
371 R( d, e, a, b, c, F1, KK3, 10, 15);
372 R( c, d, e, a, b, F1, KK3, 14, 8);
373 R( b, c, d, e, a, F0, KK4, 12, 8);
374 R( a, b, c, d, e, F0, KK4, 15, 5);
375 R( e, a, b, c, d, F0, KK4, 10, 12);
376 R( d, e, a, b, c, F0, KK4, 4, 9);
377 R( c, d, e, a, b, F0, KK4, 1, 12);
378 R( b, c, d, e, a, F0, KK4, 5, 5);
379 R( a, b, c, d, e, F0, KK4, 8, 14);
380 R( e, a, b, c, d, F0, KK4, 7, 6);
381 R( d, e, a, b, c, F0, KK4, 6, 8);
382 R( c, d, e, a, b, F0, KK4, 2, 13);
383 R( b, c, d, e, a, F0, KK4, 13, 6);
384 R( a, b, c, d, e, F0, KK4, 14, 5);
385 R( e, a, b, c, d, F0, KK4, 0, 15);
386 R( d, e, a, b, c, F0, KK4, 3, 13);
387 R( c, d, e, a, b, F0, KK4, 9, 11);
388 R( b, c, d, e, a, F0, KK4, 11, 11);
389
390
391 t = hd->h1 + d + cc;
392 hd->h1 = hd->h2 + e + dd;
393 hd->h2 = hd->h3 + a + ee;
394 hd->h3 = hd->h4 + b + aa;
395 hd->h4 = hd->h0 + c + bb;
396 hd->h0 = t;
397}
398
399
400/* Update the message digest with the contents
401 * of INBUF with length INLEN.
402 */
403static void
404rmd160_write( void *context, byte *inbuf, size_t inlen)
405{
406 RMD160_CONTEXT *hd = context;
407
408 if( hd->count == 64 ) /* flush the buffer */
409 {
410 transform( hd, hd->buf );
411 _gcry_burn_stack (108+5*sizeof(void*));
412 hd->count = 0;
413 hd->nblocks++;
414 }
415 if( !inbuf )
416 return;
417 if( hd->count )
418 {
419 for( ; inlen && hd->count < 64; inlen-- )
420 hd->buf[hd->count++] = *inbuf++;
421 rmd160_write( hd, NULL, 0 );
422 if( !inlen )
423 return;
424 }
425
426 while( inlen >= 64 )
427 {
428 transform( hd, inbuf );
429 hd->count = 0;
430 hd->nblocks++;
431 inlen -= 64;
432 inbuf += 64;
433 }
434 _gcry_burn_stack (108+5*sizeof(void*));
435 for( ; inlen && hd->count < 64; inlen-- )
436 hd->buf[hd->count++] = *inbuf++;
437}
438
439/****************
440 * Apply the rmd160 transform function on the buffer which must have
441 * a length 64 bytes. Do not use this function together with the
442 * other functions, use rmd160_init to initialize internal variables.
443 * Returns: 16 bytes in buffer with the mixed contentes of buffer.
444 */
445void
446_gcry_rmd160_mixblock( RMD160_CONTEXT *hd, char *buffer )
447{
448 char *p = buffer;
449
450 transform( hd, (unsigned char *)buffer );
451#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
452 X(0);
453 X(1);
454 X(2);
455 X(3);
456 X(4);
457#undef X
458}
459
460
461/* The routine terminates the computation
462 */
463
464static void
465rmd160_final( void *context )
466{
467 RMD160_CONTEXT *hd = context;
468 u32 t, msb, lsb;
469 byte *p;
470
471 rmd160_write(hd, NULL, 0); /* flush */;
472
473 t = hd->nblocks;
474 /* multiply by 64 to make a byte count */
475 lsb = t << 6;
476 msb = t >> 26;
477 /* add the count */
478 t = lsb;
479 if( (lsb += hd->count) < t )
480 msb++;
481 /* multiply by 8 to make a bit count */
482 t = lsb;
483 lsb <<= 3;
484 msb <<= 3;
485 msb |= t >> 29;
486
487 if( hd->count < 56 ) /* enough room */
488 {
489 hd->buf[hd->count++] = 0x80; /* pad */
490 while( hd->count < 56 )
491 hd->buf[hd->count++] = 0; /* pad */
492 }
493 else /* need one extra block */
494 {
495 hd->buf[hd->count++] = 0x80; /* pad character */
496 while( hd->count < 64 )
497 hd->buf[hd->count++] = 0;
498 rmd160_write(hd, NULL, 0); /* flush */;
499 memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
500 }
501 /* append the 64 bit count */
502 hd->buf[56] = lsb ;
503 hd->buf[57] = lsb >> 8;
504 hd->buf[58] = lsb >> 16;
505 hd->buf[59] = lsb >> 24;
506 hd->buf[60] = msb ;
507 hd->buf[61] = msb >> 8;
508 hd->buf[62] = msb >> 16;
509 hd->buf[63] = msb >> 24;
510 transform( hd, hd->buf );
511 _gcry_burn_stack (108+5*sizeof(void*));
512
513 p = hd->buf;
514#ifdef WORDS_BIGENDIAN
515#define X(a) do { *p++ = hd->h##a ; *p++ = hd->h##a >> 8; \
516 *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0)
517#else /* little endian */
518#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
519#endif
520 X(0);
521 X(1);
522 X(2);
523 X(3);
524 X(4);
525#undef X
526}
527
528static byte *
529rmd160_read( void *context )
530{
531 RMD160_CONTEXT *hd = context;
532
533 return hd->buf;
534}
535
536
537
538/****************
539 * Shortcut functions which puts the hash value of the supplied buffer
540 * into outbuf which must have a size of 20 bytes.
541 */
542void
543_gcry_rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length )
544{
545 RMD160_CONTEXT hd;
546
547 _gcry_rmd160_init( &hd );
548 rmd160_write( &hd, (byte*)buffer, length );
549 rmd160_final( &hd );
550 memcpy( outbuf, hd.buf, 20 );
551}
552
553static byte asn[15] = /* Object ID is 1.3.36.3.2.1 */
554 { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
555 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
556
557static gcry_md_oid_spec_t oid_spec_rmd160[] =
558 {
559 /* rsaSignatureWithripemd160 */
560 { "1.3.36.3.3.1.2" },
561 { NULL },
562 };
563
564gcry_md_spec_t _gcry_digest_spec_rmd160 =
565 {
566 "RIPEMD160", asn, DIM (asn), oid_spec_rmd160, 20,
567 _gcry_rmd160_init, rmd160_write, rmd160_final, rmd160_read,
568 sizeof (RMD160_CONTEXT)
569 };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndegd.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndegd.c
new file mode 100755
index 0000000..2b7c6be
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndegd.c
@@ -0,0 +1,256 @@
1/* rndegd.c - interface to the EGD
2 * Copyright (C) 1999, 2000, 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21#include <config.h>
22#include <stdio.h>
23#include <stdlib.h>
24#include <assert.h>
25#include <errno.h>
26#include <sys/time.h>
27#include <sys/stat.h>
28#include <string.h>
29#include <unistd.h>
30#include <sys/types.h>
31#include <sys/socket.h>
32#include <sys/un.h>
33#include "types.h"
34#include "g10lib.h"
35#include "cipher.h"
36#include "rand-internal.h"
37
38#ifndef offsetof
39#define offsetof(type, member) ((size_t) &((type *)0)->member)
40#endif
41
42static int egd_socket = -1;
43
44/* Allocate a new filename from FIRST_PART and SECOND_PART and to
45 tilde expansion for first_part. SECOND_PART might be NULL.
46 */
47static char *
48my_make_filename (const char *first_part, const char *second_part)
49{
50 size_t n;
51 char *name, *home, *p;
52
53 n = strlen(first_part)+1;
54 if (second_part)
55 n += strlen (second_part) + 1;
56
57 home = NULL;
58 if( *first_part == '~' && first_part[1] == '/'
59 && (home = getenv("HOME")) && *home )
60 n += strlen(home);
61
62 name = gcry_xmalloc(n);
63 p = (home
64 ? stpcpy (stpcpy (name, home), first_part+1 )
65 : stpcpy (name, first_part) );
66
67 if (second_part)
68 strcpy (stpcpy(p,"/"), second_part);
69
70 return name;
71}
72
73
74static int
75do_write( int fd, void *buf, size_t nbytes )
76{
77 size_t nleft = nbytes;
78 int nwritten;
79
80 while( nleft > 0 )
81 {
82 nwritten = write( fd, buf, nleft);
83 if( nwritten < 0 )
84 {
85 if( errno == EINTR )
86 continue;
87 return -1;
88 }
89 nleft -= nwritten;
90 buf = (char*)buf + nwritten;
91 }
92 return 0;
93}
94
95static int
96do_read( int fd, void *buf, size_t nbytes )
97{
98 int n, nread = 0;
99
100 do
101 {
102 do
103 {
104 n = read(fd, (char*)buf + nread, nbytes );
105 }
106 while( n == -1 && errno == EINTR );
107 if( n == -1)
108 return nread? nread:-1;
109 if( n == 0)
110 return -1;
111 nread += n;
112 nbytes -= n;
113 }
114 while( nread < nbytes );
115 return nread;
116}
117
118
119/* Connect to the EGD and return the file descriptor. Return -1 on
120 error. With NOFAIL set to true, silently fail and return the
121 error, otherwise print an error message and die. */
122int
123_gcry_rndegd_connect_socket (int nofail)
124{
125 int fd;
126 const char *bname = NULL;
127 char *name;
128 struct sockaddr_un addr;
129 int addr_len;
130
131 if (egd_socket != -1)
132 {
133 close (egd_socket);
134 egd_socket = -1;
135 }
136
137#ifdef EGD_SOCKET_NAME
138 bname = EGD_SOCKET_NAME;
139#endif
140 if ( !bname || !*bname )
141 name = my_make_filename ("~/.gnupg", "entropy");
142 else
143 name = my_make_filename (bname, NULL);
144
145 if (strlen(name)+1 >= sizeof addr.sun_path)
146 log_fatal ("EGD socketname is too long\n");
147
148 memset( &addr, 0, sizeof addr );
149 addr.sun_family = AF_UNIX;
150 strcpy( addr.sun_path, name );
151 addr_len = (offsetof( struct sockaddr_un, sun_path )
152 + strlen( addr.sun_path ));
153
154 fd = socket(AF_UNIX, SOCK_STREAM, 0);
155 if (fd == -1 && !nofail)
156 log_fatal("can't create unix domain socket: %s\n", strerror(errno) );
157 else if (connect (fd, (struct sockaddr*)&addr, addr_len) == -1)
158 {
159 if (!nofail)
160 log_fatal("can't connect to EGD socket `%s': %s\n",
161 name, strerror(errno) );
162 close (fd);
163 fd = -1;
164 }
165 gcry_free(name);
166 if (fd != -1)
167 egd_socket = fd;
168 return fd;
169}
170
171/****************
172 * Note: We always use the highest level.
173 * To boost the performance we may want to add some
174 * additional code for level 1
175 *
176 * Using a level of 0 should never block and better add nothing
177 * to the pool. So this is just a dummy for EGD.
178 */
179int
180_gcry_rndegd_gather_random (void (*add)(const void*, size_t, int),
181 int requester,
182 size_t length, int level )
183{
184 int fd = egd_socket;
185 int n;
186 byte buffer[256+2];
187 int nbytes;
188 int do_restart = 0;
189
190 if( !length )
191 return 0;
192 if( !level )
193 return 0;
194
195 restart:
196 if (fd == -1 || do_restart)
197 fd = _gcry_rndegd_connect_socket (0);
198
199 do_restart = 0;
200
201 nbytes = length < 255? length : 255;
202 /* First time we do it with a non blocking request */
203 buffer[0] = 1; /* non blocking */
204 buffer[1] = nbytes;
205 if( do_write( fd, buffer, 2 ) == -1 )
206 log_fatal("can't write to the EGD: %s\n", strerror(errno) );
207 n = do_read( fd, buffer, 1 );
208 if( n == -1 )
209 {
210 log_error("read error on EGD: %s\n", strerror(errno));
211 do_restart = 1;
212 goto restart;
213 }
214 n = buffer[0];
215 if( n )
216 {
217 n = do_read( fd, buffer, n );
218 if( n == -1 )
219 {
220 log_error("read error on EGD: %s\n", strerror(errno));
221 do_restart = 1;
222 goto restart;
223 }
224 (*add)( buffer, n, requester );
225 length -= n;
226 }
227
228 if( length )
229 {
230 log_info (
231 _("Please wait, entropy is being gathered. Do some work if it would\n"
232 "keep you from getting bored, because it will improve the quality\n"
233 "of the entropy.\n") );
234 }
235 while( length )
236 {
237 nbytes = length < 255? length : 255;
238
239 buffer[0] = 2; /* blocking */
240 buffer[1] = nbytes;
241 if( do_write( fd, buffer, 2 ) == -1 )
242 log_fatal("can't write to the EGD: %s\n", strerror(errno) );
243 n = do_read( fd, buffer, nbytes );
244 if( n == -1 )
245 {
246 log_error("read error on EGD: %s\n", strerror(errno));
247 do_restart = 1;
248 goto restart;
249 }
250 (*add)( buffer, n, requester );
251 length -= n;
252 }
253 memset(buffer, 0, sizeof(buffer) );
254
255 return 0; /* success */
256}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndlinux.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndlinux.c
new file mode 100755
index 0000000..957261f
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndlinux.c
@@ -0,0 +1,141 @@
1/* rndlinux.c - raw random number for OSes with /dev/random
2 * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21
22#include <config.h>
23#include <stdio.h>
24#include <stdlib.h>
25#include <assert.h>
26#include <errno.h>
27#include <sys/time.h>
28#include <sys/types.h>
29#include <sys/stat.h>
30#ifdef HAVE_GETTIMEOFDAY
31# include <sys/times.h>
32#endif
33#include <string.h>
34#include <unistd.h>
35#include <fcntl.h>
36#include "types.h"
37#include "g10lib.h"
38#include "rand-internal.h"
39
40static int open_device( const char *name, int minor );
41int _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, int),
42 int requester,
43 size_t length, int level );
44
45/*
46 * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).
47 */
48static int
49open_device( const char *name, int minor )
50{
51 int fd;
52
53 fd = open( name, O_RDONLY );
54 if( fd == -1 )
55 log_fatal ("can't open %s: %s\n", name, strerror(errno) );
56
57 /* We used to do the follwing check, however it turned out that this
58 is not portable since more OSes provide a random device which is
59 sometimes implemented as anoteher device type.
60
61 struct stat sb;
62
63 if( fstat( fd, &sb ) )
64 log_fatal("stat() off %s failed: %s\n", name, strerror(errno) );
65 if( (!S_ISCHR(sb.st_mode)) && (!S_ISFIFO(sb.st_mode)) )
66 log_fatal("invalid random device!\n" );
67 */
68 return fd;
69}
70
71
72int
73_gcry_rndlinux_gather_random (void (*add)(const void*, size_t, int),
74 int requester,
75 size_t length, int level )
76{
77 static int fd_urandom = -1;
78 static int fd_random = -1;
79 int fd;
80 int n;
81 int warn=0;
82 byte buffer[768];
83
84 if( level >= 2 )
85 {
86 if( fd_random == -1 )
87 fd_random = open_device( NAME_OF_DEV_RANDOM, 8 );
88 fd = fd_random;
89 }
90 else
91 {
92 if( fd_urandom == -1 )
93 fd_urandom = open_device( NAME_OF_DEV_URANDOM, 9 );
94 fd = fd_urandom;
95 }
96
97 while (length)
98 {
99 fd_set rfds;
100 struct timeval tv;
101 int rc;
102
103 FD_ZERO(&rfds);
104 FD_SET(fd, &rfds);
105 tv.tv_sec = 3;
106 tv.tv_usec = 0;
107 if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) )
108 {
109 if( !warn )
110 {
111 _gcry_random_progress ("need_entropy", 'X', 0, (int)length);
112 warn = 1;
113 }
114 continue;
115 }
116 else if( rc == -1 )
117 {
118 log_error ("select() error: %s\n", strerror(errno));
119 continue;
120 }
121
122 do
123 {
124 int nbytes = length < sizeof(buffer)? length : sizeof(buffer);
125 n = read(fd, buffer, nbytes );
126 if( n >= 0 && n > nbytes )
127 {
128 log_error("bogus read from random device (n=%d)\n", n );
129 n = nbytes;
130 }
131 }
132 while( n == -1 && errno == EINTR );
133 if( n == -1 )
134 log_fatal("read error on random device: %s\n", strerror(errno));
135 (*add)( buffer, n, requester );
136 length -= n;
137 }
138 memset(buffer, 0, sizeof(buffer) );
139
140 return 0; /* success */
141}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndunix.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndunix.c
new file mode 100755
index 0000000..db5be70
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndunix.c
@@ -0,0 +1,848 @@
1/****************************************************************************
2 * *
3 * *
4 * Unix Randomness-Gathering Code *
5 * *
6 * Copyright Peter Gutmann, Paul Kendall, and Chris Wedgwood 1996-1999. *
7 * Heavily modified for GnuPG by Werner Koch *
8 * *
9 * *
10 ****************************************************************************/
11
12/* This module is part of the cryptlib continuously seeded pseudorandom
13 number generator. For usage conditions, see lib_rand.c
14
15 [Here is the notice from lib_rand.c:]
16
17 This module and the misc/rnd*.c modules represent the cryptlib
18 continuously seeded pseudorandom number generator (CSPRNG) as described in
19 my 1998 Usenix Security Symposium paper "The generation of random numbers
20 for cryptographic purposes".
21
22 The CSPRNG code is copyright Peter Gutmann (and various others) 1996,
23 1997, 1998, 1999, all rights reserved. Redistribution of the CSPRNG
24 modules and use in source and binary forms, with or without modification,
25 are permitted provided that the following conditions are met:
26
27 1. Redistributions of source code must retain the above copyright notice
28 and this permission notice in its entirety.
29
30 2. Redistributions in binary form must reproduce the copyright notice in
31 the documentation and/or other materials provided with the distribution.
32
33 3. A copy of any bugfixes or enhancements made must be provided to the
34 author, <pgut001@cs.auckland.ac.nz> to allow them to be added to the
35 baseline version of the code.
36
37 ALTERNATIVELY, the code may be distributed under the terms of the GNU
38 General Public License, version 2 or any later version published by the
39 Free Software Foundation, in which case the provisions of the GNU GPL are
40 required INSTEAD OF the above restrictions.
41
42 Although not required under the terms of the GPL, it would still be nice if
43 you could make any changes available to the author to allow a consistent
44 code base to be maintained */
45
46
47/* Fixme: We use plain mallocs here beucase it may be used as a module
48 * should be changed. */
49
50/* General includes */
51
52#include <config.h>
53#include <stdlib.h>
54#include <stdio.h>
55#include <string.h>
56#include <assert.h>
57
58/* OS-specific includes */
59
60#ifdef __osf__
61 /* Somewhere in the morass of system-specific cruft which OSF/1 pulls in
62 * via the following includes are various endianness defines, so we
63 * undefine the cryptlib ones, which aren't really needed for this module
64 * anyway */
65#undef BIG_ENDIAN
66#undef LITTLE_ENDIAN
67#endif /* __osf__ */
68
69#include <unistd.h>
70#include <fcntl.h>
71#include <pwd.h>
72#ifndef __QNX__
73#include <sys/errno.h>
74#include <sys/ipc.h>
75#endif /* __QNX__ */
76#include <sys/time.h> /* SCO and SunOS need this before resource.h */
77#ifndef __QNX__
78#include <sys/resource.h>
79#endif /* __QNX__ */
80#if defined( _AIX ) || defined( __QNX__ )
81#include <sys/select.h>
82#endif /* _AIX */
83#ifndef __QNX__
84#include <sys/shm.h>
85#include <signal.h>
86#include <sys/signal.h>
87#endif /* __QNX__ */
88#include <sys/stat.h>
89#include <sys/types.h> /* Verschiedene komische Typen */
90#if defined( __hpux ) && ( OS_VERSION == 9 )
91#include <vfork.h>
92#endif /* __hpux 9.x, after that it's in unistd.h */
93#include <sys/wait.h>
94/* #include <kitchensink.h> */
95#ifdef __QNX__
96#include <signal.h>
97#include <process.h>
98#endif /* __QNX__ */
99#include <errno.h>
100
101#include "types.h" /* for byte and u32 typedefs */
102#include "g10lib.h"
103#include "rand-internal.h"
104
105#ifndef EAGAIN
106#define EAGAIN EWOULDBLOCK
107#endif
108#ifndef STDIN_FILENO
109#define STDIN_FILENO 0
110#endif
111#ifndef STDOUT_FILENO
112#define STDOUT_FILENO 1
113#endif
114
115#define GATHER_BUFSIZE 49152 /* Usually about 25K are filled */
116
117/* The structure containing information on random-data sources. Each
118 * record contains the source and a relative estimate of its usefulness
119 * (weighting) which is used to scale the number of kB of output from the
120 * source (total = data_bytes / usefulness). Usually the weighting is in the
121 * range 1-3 (or 0 for especially useless sources), resulting in a usefulness
122 * rating of 1...3 for each kB of source output (or 0 for the useless
123 * sources).
124 *
125 * If the source is constantly changing (certain types of network statistics
126 * have this characteristic) but the amount of output is small, the weighting
127 * is given as a negative value to indicate that the output should be treated
128 * as if a minimum of 1K of output had been obtained. If the source produces
129 * a lot of output then the scale factor is fractional, resulting in a
130 * usefulness rating of < 1 for each kB of source output.
131 *
132 * In order to provide enough randomness to satisfy the requirements for a
133 * slow poll, we need to accumulate at least 20 points of usefulness (a
134 * typical system should get about 30 points).
135 *
136 * Some potential options are missed out because of special considerations.
137 * pstat -i and pstat -f can produce amazing amounts of output (the record
138 * is 600K on an Oracle server) which floods the buffer and doesn't yield
139 * anything useful (apart from perhaps increasing the entropy of the vmstat
140 * output a bit), so we don't bother with this. pstat in general produces
141 * quite a bit of output, but it doesn't change much over time, so it gets
142 * very low weightings. netstat -s produces constantly-changing output but
143 * also produces quite a bit of it, so it only gets a weighting of 2 rather
144 * than 3. The same holds for netstat -in, which gets 1 rather than 2.
145 *
146 * Some binaries are stored in different locations on different systems so
147 * alternative paths are given for them. The code sorts out which one to
148 * run by itself, once it finds an exectable somewhere it moves on to the
149 * next source. The sources are arranged roughly in their order of
150 * usefulness, occasionally sources which provide a tiny amount of
151 * relatively useless data are placed ahead of ones which provide a large
152 * amount of possibly useful data because another 100 bytes can't hurt, and
153 * it means the buffer won't be swamped by one or two high-output sources.
154 * All the high-output sources are clustered towards the end of the list
155 * for this reason. Some binaries are checked for in a certain order, for
156 * example under Slowaris /usr/ucb/ps understands aux as an arg, but the
157 * others don't. Some systems have conditional defines enabling alternatives
158 * to commands which don't understand the usual options but will provide
159 * enough output (in the form of error messages) to look like they're the
160 * real thing, causing alternative options to be skipped (we can't check the
161 * return either because some commands return peculiar, non-zero status even
162 * when they're working correctly).
163 *
164 * In order to maximise use of the buffer, the code performs a form of run-
165 * length compression on its input where a repeated sequence of bytes is
166 * replaced by the occurrence count mod 256. Some commands output an awful
167 * lot of whitespace, this measure greatly increases the amount of data we
168 * can fit in the buffer.
169 *
170 * When we scale the weighting using the SC() macro, some preprocessors may
171 * give a division by zero warning for the most obvious expression
172 * 'weight ? 1024 / weight : 0' (and gcc 2.7.2.2 dies with a division by zero
173 * trap), so we define a value SC_0 which evaluates to zero when fed to
174 * '1024 / SC_0' */
175
176#define SC( weight ) ( 1024 / weight ) /* Scale factor */
177#define SC_0 16384 /* SC( SC_0 ) evalutes to 0 */
178
179static struct RI {
180 const char *path; /* Path to check for existence of source */
181 const char *arg; /* Args for source */
182 const int usefulness; /* Usefulness of source */
183 FILE *pipe; /* Pipe to source as FILE * */
184 int pipeFD; /* Pipe to source as FD */
185 pid_t pid; /* pid of child for waitpid() */
186 int length; /* Quantity of output produced */
187 const int hasAlternative; /* Whether source has alt.location */
188} dataSources[] = {
189
190 { "/bin/vmstat", "-s", SC(-3), NULL, 0, 0, 0, 1 },
191 { "/usr/bin/vmstat", "-s", SC(-3), NULL, 0, 0, 0, 0},
192 { "/bin/vmstat", "-c", SC(-3), NULL, 0, 0, 0, 1 },
193 { "/usr/bin/vmstat", "-c", SC(-3), NULL, 0, 0, 0, 0},
194 { "/usr/bin/pfstat", NULL, SC(-2), NULL, 0, 0, 0, 0},
195 { "/bin/vmstat", "-i", SC(-2), NULL, 0, 0, 0, 1 },
196 { "/usr/bin/vmstat", "-i", SC(-2), NULL, 0, 0, 0, 0},
197 { "/usr/ucb/netstat", "-s", SC(2), NULL, 0, 0, 0, 1 },
198 { "/usr/bin/netstat", "-s", SC(2), NULL, 0, 0, 0, 1 },
199 { "/usr/sbin/netstat", "-s", SC(2), NULL, 0, 0, 0, 1},
200 { "/usr/etc/netstat", "-s", SC(2), NULL, 0, 0, 0, 0},
201 { "/usr/bin/nfsstat", NULL, SC(2), NULL, 0, 0, 0, 0},
202 { "/usr/ucb/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1 },
203 { "/usr/bin/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1 },
204 { "/usr/sbin/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1 },
205 { "/usr/etc/netstat", "-m", SC(-1), NULL, 0, 0, 0, 0 },
206 { "/bin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 },
207 { "/usr/ucb/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 },
208 { "/usr/bin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 },
209 { "/usr/sbin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1},
210 { "/usr/etc/netstat", "-in", SC(-1), NULL, 0, 0, 0, 0},
211 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.7.1.0",
212 SC(-1), NULL, 0, 0, 0, 0 }, /* UDP in */
213 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.7.4.0",
214 SC(-1), NULL, 0, 0, 0, 0 }, /* UDP out */
215 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.4.3.0",
216 SC(-1), NULL, 0, 0, 0, 0 }, /* IP ? */
217 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.10.0",
218 SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */
219 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.11.0",
220 SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */
221 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.13.0",
222 SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */
223 { "/usr/bin/mpstat", NULL, SC(1), NULL, 0, 0, 0, 0 },
224 { "/usr/bin/w", NULL, SC(1), NULL, 0, 0, 0, 1 },
225 { "/usr/bsd/w", NULL, SC(1), NULL, 0, 0, 0, 0 },
226 { "/usr/bin/df", NULL, SC(1), NULL, 0, 0, 0, 1 },
227 { "/bin/df", NULL, SC(1), NULL, 0, 0, 0, 0 },
228 { "/usr/sbin/portstat", NULL, SC(1), NULL, 0, 0, 0, 0 },
229 { "/usr/bin/iostat", NULL, SC(SC_0), NULL, 0, 0, 0, 0 },
230 { "/usr/bin/uptime", NULL, SC(SC_0), NULL, 0, 0, 0, 1 },
231 { "/usr/bsd/uptime", NULL, SC(SC_0), NULL, 0, 0, 0, 0 },
232 { "/bin/vmstat", "-f", SC(SC_0), NULL, 0, 0, 0, 1 },
233 { "/usr/bin/vmstat", "-f", SC(SC_0), NULL, 0, 0, 0, 0 },
234 { "/bin/vmstat", NULL, SC(SC_0), NULL, 0, 0, 0, 1 },
235 { "/usr/bin/vmstat", NULL, SC(SC_0), NULL, 0, 0, 0, 0 },
236 { "/usr/ucb/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1 },
237 { "/usr/bin/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1 },
238 { "/usr/sbin/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1 },
239 { "/usr/etc/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 0 },
240#if defined( __sgi ) || defined( __hpux )
241 { "/bin/ps", "-el", SC(0.3), NULL, 0, 0, 0, 1 },
242#endif /* __sgi || __hpux */
243 { "/usr/ucb/ps", "aux", SC(0.3), NULL, 0, 0, 0, 1 },
244 { "/usr/bin/ps", "aux", SC(0.3), NULL, 0, 0, 0, 1 },
245 { "/bin/ps", "aux", SC(0.3), NULL, 0, 0, 0, 0 },
246 { "/bin/ps", "-A", SC(0.3), NULL, 0, 0, 0, 0 }, /*QNX*/
247 { "/usr/bin/ipcs", "-a", SC(0.5), NULL, 0, 0, 0, 1 },
248 { "/bin/ipcs", "-a", SC(0.5), NULL, 0, 0, 0, 0 },
249 /* Unreliable source, depends on system usage */
250 { "/etc/pstat", "-p", SC(0.5), NULL, 0, 0, 0, 1 },
251 { "/bin/pstat", "-p", SC(0.5), NULL, 0, 0, 0, 0 },
252 { "/etc/pstat", "-S", SC(0.2), NULL, 0, 0, 0, 1 },
253 { "/bin/pstat", "-S", SC(0.2), NULL, 0, 0, 0, 0 },
254 { "/etc/pstat", "-v", SC(0.2), NULL, 0, 0, 0, 1 },
255 { "/bin/pstat", "-v", SC(0.2), NULL, 0, 0, 0, 0 },
256 { "/etc/pstat", "-x", SC(0.2), NULL, 0, 0, 0, 1 },
257 { "/bin/pstat", "-x", SC(0.2), NULL, 0, 0, 0, 0 },
258 { "/etc/pstat", "-t", SC(0.1), NULL, 0, 0, 0, 1 },
259 { "/bin/pstat", "-t", SC(0.1), NULL, 0, 0, 0, 0 },
260 /* pstat is your friend */
261 { "/usr/bin/last", "-n 50", SC(0.3), NULL, 0, 0, 0, 1 },
262#ifdef __sgi
263 { "/usr/bsd/last", "-50", SC(0.3), NULL, 0, 0, 0, 0 },
264#endif /* __sgi */
265#ifdef __hpux
266 { "/etc/last", "-50", SC(0.3), NULL, 0, 0, 0, 0 },
267#endif /* __hpux */
268 { "/usr/bsd/last", "-n 50", SC(0.3), NULL, 0, 0, 0, 0 },
269 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.5.1.0",
270 SC(0.1), NULL, 0, 0, 0, 0 }, /* ICMP ? */
271 { "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.5.3.0",
272 SC(0.1), NULL, 0, 0, 0, 0 }, /* ICMP ? */
273 { "/etc/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1 },
274 { "/usr/etc/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1 },
275 { "/usr/bin/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1 },
276 { "/usr/sbin/arp", "-a", SC(0.1), NULL, 0, 0, 0, 0 },
277 { "/usr/sbin/ripquery", "-nw 1 127.0.0.1",
278 SC(0.1), NULL, 0, 0, 0, 0 },
279 { "/bin/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 1 },
280 { "/usr/bin/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 1 },
281 { "/usr/ucb/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 0 },
282 { "/usr/bin/tcpdump", "-c 5 -efvvx", SC(1), NULL, 0, 0, 0, 0 },
283 /* This is very environment-dependant. If network traffic is low, it'll
284 * probably time out before delivering 5 packets, which is OK because
285 * it'll probably be fixed stuff like ARP anyway */
286 { "/usr/sbin/advfsstat", "-b usr_domain",
287 SC(SC_0), NULL, 0, 0, 0, 0},
288 { "/usr/sbin/advfsstat", "-l 2 usr_domain",
289 SC(0.5), NULL, 0, 0, 0, 0},
290 { "/usr/sbin/advfsstat", "-p usr_domain",
291 SC(SC_0), NULL, 0, 0, 0, 0},
292 /* This is a complex and screwball program. Some systems have things
293 * like rX_dmn, x = integer, for RAID systems, but the statistics are
294 * pretty dodgy */
295#ifdef __QNXNTO__
296 { "/bin/pidin", "-F%A%B%c%d%E%I%J%K%m%M%n%N%p%P%S%s%T", SC(0.3),
297 NULL, 0, 0, 0, 0 },
298#endif
299#if 0
300 /* The following aren't enabled since they're somewhat slow and not very
301 * unpredictable, however they give an indication of the sort of sources
302 * you can use (for example the finger might be more useful on a
303 * firewalled internal network) */
304 { "/usr/bin/finger", "@ml.media.mit.edu", SC(0.9), NULL, 0, 0, 0, 0 },
305 { "/usr/local/bin/wget", "-O - http://lavarand.sgi.com/block.html",
306 SC(0.9), NULL, 0, 0, 0, 0 },
307 { "/bin/cat", "/usr/spool/mqueue/syslog", SC(0.9), NULL, 0, 0, 0, 0 },
308#endif /* 0 */
309 { NULL, NULL, 0, NULL, 0, 0, 0, 0 }
310};
311
312static byte *gather_buffer; /* buffer for gathering random noise */
313static int gather_buffer_size; /* size of the memory buffer */
314static uid_t gatherer_uid;
315
316/* The message structure used to communicate with the parent */
317typedef struct {
318 int usefulness; /* usefulness of data */
319 int ndata; /* valid bytes in data */
320 char data[500]; /* gathered data */
321} GATHER_MSG;
322
323#ifndef HAVE_WAITPID
324static pid_t
325waitpid(pid_t pid, int *statptr, int options)
326{
327#ifdef HAVE_WAIT4
328 return wait4(pid, statptr, options, NULL);
329#else
330 /* If wait4 is also not available, try wait3 for SVR3 variants */
331 /* Less ideal because can't actually request a specific pid */
332 /* For that reason, first check to see if pid is for an */
333 /* existing process. */
334 int tmp_pid, dummystat;;
335 if (kill(pid, 0) == -1) {
336 errno = ECHILD;
337 return -1;
338 }
339 if (statptr == NULL)
340 statptr = &dummystat;
341 while (((tmp_pid = wait3(statptr, options, 0)) != pid) &&
342 (tmp_pid != -1) && (tmp_pid != 0) && (pid != -1))
343 ;
344 return tmp_pid;
345#endif
346}
347#endif
348
349/* Under SunOS popen() doesn't record the pid of the child process. When
350 * pclose() is called, instead of calling waitpid() for the correct child, it
351 * calls wait() repeatedly until the right child is reaped. The problem is
352 * that this reaps any other children that happen to have died at that
353 * moment, and when their pclose() comes along, the process hangs forever.
354 * The fix is to use a wrapper for popen()/pclose() which saves the pid in
355 * the dataSources structure (code adapted from GNU-libc's popen() call).
356 *
357 * Aut viam inveniam aut faciam */
358
359static FILE *
360my_popen(struct RI *entry)
361{
362 int pipedes[2];
363 FILE *stream;
364
365 /* Create the pipe */
366 if (pipe(pipedes) < 0)
367 return (NULL);
368
369 /* Fork off the child ("vfork() is like an OS orgasm. All OS's want to
370 * do it, but most just end up faking it" - Chris Wedgwood). If your OS
371 * supports it, you should try to use vfork() here because it's somewhat
372 * more efficient */
373#if defined( sun ) || defined( __ultrix__ ) || defined( __osf__ ) || \
374 defined(__hpux)
375 entry->pid = vfork();
376#else /* */
377 entry->pid = fork();
378#endif /* Unixen which have vfork() */
379 if (entry->pid == (pid_t) - 1) {
380 /* The fork failed */
381 close(pipedes[0]);
382 close(pipedes[1]);
383 return (NULL);
384 }
385
386 if (entry->pid == (pid_t) 0) {
387 struct passwd *passwd;
388
389 /* We are the child. Make the read side of the pipe be stdout */
390 if (dup2(pipedes[STDOUT_FILENO], STDOUT_FILENO) < 0)
391 exit(127);
392
393 /* Now that everything is set up, give up our permissions to make
394 * sure we don't read anything sensitive. If the getpwnam() fails,
395 * we default to -1, which is usually nobody */
396 if (gatherer_uid == (uid_t)-1 && \
397 (passwd = getpwnam("nobody")) != NULL)
398 gatherer_uid = passwd->pw_uid;
399
400 setuid(gatherer_uid);
401
402 /* Close the pipe descriptors */
403 close(pipedes[STDIN_FILENO]);
404 close(pipedes[STDOUT_FILENO]);
405
406 /* Try and exec the program */
407 execl(entry->path, entry->path, entry->arg, NULL);
408
409 /* Die if the exec failed */
410 exit(127);
411 }
412
413 /* We are the parent. Close the irrelevant side of the pipe and open
414 * the relevant side as a new stream. Mark our side of the pipe to
415 * close on exec, so new children won't see it */
416 close(pipedes[STDOUT_FILENO]);
417
418#ifdef FD_CLOEXEC
419 fcntl(pipedes[STDIN_FILENO], F_SETFD, FD_CLOEXEC);
420#endif
421
422 stream = fdopen(pipedes[STDIN_FILENO], "r");
423
424 if (stream == NULL) {
425 int savedErrno = errno;
426
427 /* The stream couldn't be opened or the child structure couldn't be
428 * allocated. Kill the child and close the other side of the pipe */
429 kill(entry->pid, SIGKILL);
430 if (stream == NULL)
431 close(pipedes[STDOUT_FILENO]);
432 else
433 fclose(stream);
434
435 waitpid(entry->pid, NULL, 0);
436
437 entry->pid = 0;
438 errno = savedErrno;
439 return (NULL);
440 }
441
442 return (stream);
443}
444
445static int
446my_pclose(struct RI *entry)
447{
448 int status = 0;
449
450 if (fclose(entry->pipe))
451 return (-1);
452
453 /* We ignore the return value from the process because some programs
454 * return funny values which would result in the input being discarded
455 * even if they executed successfully. This isn't a problem because the
456 * result data size threshold will filter out any programs which exit
457 * with a usage message without producing useful output */
458 if (waitpid(entry->pid, NULL, 0) != entry->pid)
459 status = -1;
460
461 entry->pipe = NULL;
462 entry->pid = 0;
463 return (status);
464}
465
466
467/* Unix slow poll (without special support for Linux)
468 *
469 * If a few of the randomness sources create a large amount of output then
470 * the slowPoll() stops once the buffer has been filled (but before all the
471 * randomness sources have been sucked dry) so that the 'usefulness' factor
472 * remains below the threshold. For this reason the gatherer buffer has to
473 * be fairly sizeable on moderately loaded systems. This is something of a
474 * bug since the usefulness should be influenced by the amount of output as
475 * well as the source type */
476
477
478static int
479slow_poll(FILE *dbgfp, int dbgall, size_t *nbytes )
480{
481 int moreSources;
482 struct timeval tv;
483 fd_set fds;
484#if defined( __hpux )
485 size_t maxFD = 0;
486#else
487 int maxFD = 0;
488#endif /* OS-specific brokenness */
489 int bufPos, i, usefulness = 0;
490
491
492 /* Fire up each randomness source */
493 FD_ZERO(&fds);
494 for (i = 0; dataSources[i].path != NULL; i++) {
495 /* Since popen() is a fairly heavy function, we check to see whether
496 * the executable exists before we try to run it */
497 if (access(dataSources[i].path, X_OK)) {
498 if( dbgfp && dbgall )
499 fprintf(dbgfp, "%s not present%s\n", dataSources[i].path,
500 dataSources[i].hasAlternative ?
501 ", has alternatives" : "");
502 dataSources[i].pipe = NULL;
503 }
504 else
505 dataSources[i].pipe = my_popen(&dataSources[i]);
506
507 if (dataSources[i].pipe != NULL) {
508 dataSources[i].pipeFD = fileno(dataSources[i].pipe);
509 if (dataSources[i].pipeFD > maxFD)
510 maxFD = dataSources[i].pipeFD;
511
512#ifdef O_NONBLOCK /* Ohhh what a hack (used for Atari) */
513 fcntl(dataSources[i].pipeFD, F_SETFL, O_NONBLOCK);
514#else
515#error O_NONBLOCK is missing
516#endif
517
518 FD_SET(dataSources[i].pipeFD, &fds);
519 dataSources[i].length = 0;
520
521 /* If there are alternatives for this command, don't try and
522 * execute them */
523 while (dataSources[i].hasAlternative) {
524 if( dbgfp && dbgall )
525 fprintf(dbgfp, "Skipping %s\n", dataSources[i + 1].path);
526 i++;
527 }
528 }
529 }
530
531
532 /* Suck all the data we can get from each of the sources */
533 bufPos = 0;
534 moreSources = 1;
535 while (moreSources && bufPos <= gather_buffer_size) {
536 /* Wait for data to become available from any of the sources, with a
537 * timeout of 10 seconds. This adds even more randomness since data
538 * becomes available in a nondeterministic fashion. Kudos to HP's QA
539 * department for managing to ship a select() which breaks its own
540 * prototype */
541 tv.tv_sec = 10;
542 tv.tv_usec = 0;
543
544#if defined( __hpux ) && ( OS_VERSION == 9 )
545 if (select(maxFD + 1, (int *)&fds, NULL, NULL, &tv) == -1)
546#else /* */
547 if (select(maxFD + 1, &fds, NULL, NULL, &tv) == -1)
548#endif /* __hpux */
549 break;
550
551 /* One of the sources has data available, read it into the buffer */
552 for (i = 0; dataSources[i].path != NULL; i++) {
553 if( dataSources[i].pipe && FD_ISSET(dataSources[i].pipeFD, &fds)) {
554 size_t noBytes;
555
556 if ((noBytes = fread(gather_buffer + bufPos, 1,
557 gather_buffer_size - bufPos,
558 dataSources[i].pipe)) == 0) {
559 if (my_pclose(&dataSources[i]) == 0) {
560 int total = 0;
561
562 /* Try and estimate how much entropy we're getting
563 * from a data source */
564 if (dataSources[i].usefulness) {
565 if (dataSources[i].usefulness < 0)
566 total = (dataSources[i].length + 999)
567 / -dataSources[i].usefulness;
568 else
569 total = dataSources[i].length
570 / dataSources[i].usefulness;
571 }
572 if( dbgfp )
573 fprintf(dbgfp,
574 "%s %s contributed %d bytes, "
575 "usefulness = %d\n", dataSources[i].path,
576 (dataSources[i].arg != NULL) ?
577 dataSources[i].arg : "",
578 dataSources[i].length, total);
579 if( dataSources[i].length )
580 usefulness += total;
581 }
582 dataSources[i].pipe = NULL;
583 }
584 else {
585 int currPos = bufPos;
586 int endPos = bufPos + noBytes;
587
588 /* Run-length compress the input byte sequence */
589 while (currPos < endPos) {
590 int ch = gather_buffer[currPos];
591
592 /* If it's a single byte, just copy it over */
593 if (ch != gather_buffer[currPos + 1]) {
594 gather_buffer[bufPos++] = ch;
595 currPos++;
596 }
597 else {
598 int count = 0;
599
600 /* It's a run of repeated bytes, replace them
601 * with the byte count mod 256 */
602 while ((ch == gather_buffer[currPos])
603 && currPos < endPos) {
604 count++;
605 currPos++;
606 }
607 gather_buffer[bufPos++] = count;
608 noBytes -= count - 1;
609 }
610 }
611
612 /* Remember the number of (compressed) bytes of input we
613 * obtained */
614 dataSources[i].length += noBytes;
615 }
616 }
617 }
618
619 /* Check if there is more input available on any of the sources */
620 moreSources = 0;
621 FD_ZERO(&fds);
622 for (i = 0; dataSources[i].path != NULL; i++) {
623 if (dataSources[i].pipe != NULL) {
624 FD_SET(dataSources[i].pipeFD, &fds);
625 moreSources = 1;
626 }
627 }
628 }
629
630 if( dbgfp ) {
631 fprintf(dbgfp, "Got %d bytes, usefulness = %d\n", bufPos, usefulness);
632 fflush(dbgfp);
633 }
634 *nbytes = bufPos;
635 return usefulness;
636}
637
638/****************
639 * Start the gatherer process which writes messages of
640 * type GATHERER_MSG to pipedes
641 */
642static void
643start_gatherer( int pipefd )
644{
645 FILE *dbgfp = NULL;
646 int dbgall;
647
648 {
649 const char *s = getenv("GNUPG_RNDUNIX_DBG");
650 if( s ) {
651 dbgfp = (*s=='-' && !s[1])? stdout : fopen(s, "a");
652 if( !dbgfp )
653 log_info("can't open debug file `%s': %s\n",
654 s, strerror(errno) );
655 else
656 fprintf(dbgfp,"\nSTART RNDUNIX DEBUG pid=%d\n", (int)getpid());
657 }
658 dbgall = !!getenv("GNUPG_RNDUNIX_DBGALL");
659 }
660 /* close all files but the ones we need */
661 { int nmax, n1, n2, i;
662#ifdef _SC_OPEN_MAX
663 if( (nmax=sysconf( _SC_OPEN_MAX )) < 0 ) {
664#ifdef _POSIX_OPEN_MAX
665 nmax = _POSIX_OPEN_MAX;
666#else
667 nmax = 20; /* assume a reasonable value */
668#endif
669 }
670#else /*!_SC_OPEN_MAX*/
671 nmax = 20; /* assume a reasonable value */
672#endif /*!_SC_OPEN_MAX*/
673 n1 = fileno( stderr );
674 n2 = dbgfp? fileno( dbgfp ) : -1;
675 for(i=0; i < nmax; i++ ) {
676 if( i != n1 && i != n2 && i != pipefd )
677 close(i);
678 }
679 errno = 0;
680 }
681
682
683 /* Set up the buffer */
684 gather_buffer_size = GATHER_BUFSIZE;
685 gather_buffer = malloc( gather_buffer_size );
686 if( !gather_buffer ) {
687 log_error("out of core while allocating the gatherer buffer\n");
688 exit(2);
689 }
690
691 /* Reset the SIGC(H)LD handler to the system default. This is necessary
692 * because if the program which cryptlib is a part of installs its own
693 * SIGC(H)LD handler, it will end up reaping the cryptlib children before
694 * cryptlib can. As a result, my_pclose() will call waitpid() on a
695 * process which has already been reaped by the installed handler and
696 * return an error, so the read data won't be added to the randomness
697 * pool. There are two types of SIGC(H)LD naming, the SysV SIGCLD and
698 * the BSD/Posix SIGCHLD, so we need to handle either possibility */
699#ifdef SIGCLD
700 signal(SIGCLD, SIG_DFL);
701#else
702 signal(SIGCHLD, SIG_DFL);
703#endif
704
705 fclose(stderr); /* Arrghh!! It's Stuart code!! */
706
707 for(;;) {
708 GATHER_MSG msg;
709 size_t nbytes;
710 const char *p;
711
712 msg.usefulness = slow_poll( dbgfp, dbgall, &nbytes );
713 p = gather_buffer;
714 while( nbytes ) {
715 msg.ndata = nbytes > sizeof(msg.data)? sizeof(msg.data) : nbytes;
716 memcpy( msg.data, p, msg.ndata );
717 nbytes -= msg.ndata;
718 p += msg.ndata;
719
720 while( write( pipefd, &msg, sizeof(msg) ) != sizeof(msg) ) {
721 if( errno == EINTR )
722 continue;
723 if( errno == EAGAIN ) {
724 struct timeval tv;
725 tv.tv_sec = 0;
726 tv.tv_usec = 50000;
727 select(0, NULL, NULL, NULL, &tv);
728 continue;
729 }
730 if( errno == EPIPE ) /* parent has exited, so give up */
731 exit(0);
732
733 /* we can't do very much here because stderr is closed */
734 if( dbgfp )
735 fprintf(dbgfp, "gatherer can't write to pipe: %s\n",
736 strerror(errno) );
737 /* we start a new poll to give the system some time */
738 nbytes = 0;
739 break;
740 }
741 }
742 }
743 /* we are killed when the parent dies */
744}
745
746
747static int
748read_a_msg( int fd, GATHER_MSG *msg )
749{
750 char *buffer = (char*)msg;
751 size_t length = sizeof( *msg );
752 int n;
753
754 do {
755 do {
756 n = read(fd, buffer, length );
757 } while( n == -1 && errno == EINTR );
758 if( n == -1 )
759 return -1;
760 buffer += n;
761 length -= n;
762 } while( length );
763 return 0;
764}
765
766
767/****************
768 * Using a level of 0 should never block and better add nothing
769 * to the pool. So this is just a dummy for this gatherer.
770 */
771int
772_gcry_rndunix_gather_random (void (*add)(const void*, size_t, int),
773 int requester,
774 size_t length, int level )
775{
776 static pid_t gatherer_pid = 0;
777 static int pipedes[2];
778 GATHER_MSG msg;
779 size_t n;
780
781 if( !level )
782 return 0;
783
784 if( !gatherer_pid ) {
785 /* make sure we are not setuid */
786 if( getuid() != geteuid() )
787 BUG();
788 /* time to start the gatherer process */
789 if( pipe( pipedes ) ) {
790 log_error("pipe() failed: %s\n", strerror(errno));
791 return -1;
792 }
793 gatherer_pid = fork();
794 if( gatherer_pid == -1 ) {
795 log_error("can't for gatherer process: %s\n", strerror(errno));
796 return -1;
797 }
798 if( !gatherer_pid ) {
799 start_gatherer( pipedes[1] );
800 /* oops, can't happen */
801 return -1;
802 }
803 }
804
805 /* now read from the gatherer */
806 while( length ) {
807 int goodness;
808 ulong subtract;
809
810 if( read_a_msg( pipedes[0], &msg ) ) {
811 log_error("reading from gatherer pipe failed: %s\n",
812 strerror(errno));
813 return -1;
814 }
815
816
817 if( level > 1 ) {
818 if( msg.usefulness > 30 )
819 goodness = 100;
820 else if ( msg.usefulness )
821 goodness = msg.usefulness * 100 / 30;
822 else
823 goodness = 0;
824 }
825 else if( level ) {
826 if( msg.usefulness > 15 )
827 goodness = 100;
828 else if ( msg.usefulness )
829 goodness = msg.usefulness * 100 / 15;
830 else
831 goodness = 0;
832 }
833 else
834 goodness = 100; /* goodness of level 0 is always 100 % */
835
836 n = msg.ndata;
837 if( n > length )
838 n = length;
839 (*add)( msg.data, n, requester );
840
841 /* this is the trick how we cope with the goodness */
842 subtract = (ulong)n * goodness / 100;
843 /* subtract at least 1 byte to avoid infinite loops */
844 length -= subtract ? subtract : 1;
845 }
846
847 return 0;
848}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndw32.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndw32.c
new file mode 100755
index 0000000..cbd44e6
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndw32.c
@@ -0,0 +1,690 @@
1/* rndw32.c - W32 entropy gatherer
2 * Copyright (C) 1999, 2000, 2002, 2003 Free Software Foundation, Inc.
3 * Copyright Peter Gutmann, Matt Thomlinson and Blake Coverett 1996-1999
4 *
5 * This file is part of Libgcrypt.
6 *
7 *************************************************************************
8 * The code here is based on code from Cryptlib 3.0 beta by Peter Gutmann.
9 * Source file misc/rndwin32.c "Win32 Randomness-Gathering Code" with this
10 * copyright notice:
11 *
12 * This module is part of the cryptlib continuously seeded pseudorandom
13 * number generator. For usage conditions, see lib_rand.c
14 *
15 * [Here is the notice from lib_rand.c, which is now called dev_sys.c]
16 *
17 * This module and the misc/rnd*.c modules represent the cryptlib
18 * continuously seeded pseudorandom number generator (CSPRNG) as described in
19 * my 1998 Usenix Security Symposium paper "The generation of random numbers
20 * for cryptographic purposes".
21 *
22 * The CSPRNG code is copyright Peter Gutmann (and various others) 1996,
23 * 1997, 1998, 1999, all rights reserved. Redistribution of the CSPRNG
24 * modules and use in source and binary forms, with or without modification,
25 * are permitted provided that the following conditions are met:
26 *
27 * 1. Redistributions of source code must retain the above copyright notice
28 * and this permission notice in its entirety.
29 *
30 * 2. Redistributions in binary form must reproduce the copyright notice in
31 * the documentation and/or other materials provided with the distribution.
32 *
33 * 3. A copy of any bugfixes or enhancements made must be provided to the
34 * author, <pgut001@cs.auckland.ac.nz> to allow them to be added to the
35 * baseline version of the code.
36 *
37 * ALTERNATIVELY, the code may be distributed under the terms of the GNU
38 * General Public License, version 2 or any later version published by the
39 * Free Software Foundation, in which case the provisions of the GNU GPL are
40 * required INSTEAD OF the above restrictions.
41 *
42 * Although not required under the terms of the GPL, it would still be nice if
43 * you could make any changes available to the author to allow a consistent
44 * code base to be maintained
45 *************************************************************************
46 */
47
48#include <config.h>
49#include <stdio.h>
50#include <stdlib.h>
51#include <assert.h>
52#include <errno.h>
53#include <string.h>
54
55#include <windows.h>
56
57
58#include "types.h"
59#include "g10lib.h"
60#include "rand-internal.h"
61
62
63static int debug_me;
64
65/*
66 * Definitions which are missing from the current GNU Windows32Api
67 */
68
69#ifndef TH32CS_SNAPHEAPLIST
70#define TH32CS_SNAPHEAPLIST 1
71#define TH32CS_SNAPPROCESS 2
72#define TH32CS_SNAPTHREAD 4
73#define TH32CS_SNAPMODULE 8
74#define TH32CS_SNAPALL (1|2|4|8)
75#define TH32CS_INHERIT 0x80000000
76#endif /*TH32CS_SNAPHEAPLIST*/
77
78#ifndef IOCTL_DISK_PERFORMANCE
79#define IOCTL_DISK_PERFORMANCE 0x00070020
80#endif
81#ifndef VER_PLATFORM_WIN32_WINDOWS
82#define VER_PLATFORM_WIN32_WINDOWS 1
83#endif
84
85/* This used to be (6*8+5*4+8*2), but Peter Gutmann figured a larger
86 value in a newer release. So we use a far larger value. */
87#define SIZEOF_DISK_PERFORMANCE_STRUCT 256
88
89
90typedef struct {
91 DWORD dwSize;
92 DWORD th32ProcessID;
93 DWORD th32HeapID;
94 DWORD dwFlags;
95} HEAPLIST32;
96
97typedef struct {
98 DWORD dwSize;
99 HANDLE hHandle;
100 DWORD dwAddress;
101 DWORD dwBlockSize;
102 DWORD dwFlags;
103 DWORD dwLockCount;
104 DWORD dwResvd;
105 DWORD th32ProcessID;
106 DWORD th32HeapID;
107} HEAPENTRY32;
108
109typedef struct {
110 DWORD dwSize;
111 DWORD cntUsage;
112 DWORD th32ProcessID;
113 DWORD th32DefaultHeapID;
114 DWORD th32ModuleID;
115 DWORD cntThreads;
116 DWORD th32ParentProcessID;
117 LONG pcPriClassBase;
118 DWORD dwFlags;
119 char szExeFile[260];
120} PROCESSENTRY32;
121
122typedef struct {
123 DWORD dwSize;
124 DWORD cntUsage;
125 DWORD th32ThreadID;
126 DWORD th32OwnerProcessID;
127 LONG tpBasePri;
128 LONG tpDeltaPri;
129 DWORD dwFlags;
130} THREADENTRY32;
131
132typedef struct {
133 DWORD dwSize;
134 DWORD th32ModuleID;
135 DWORD th32ProcessID;
136 DWORD GlblcntUsage;
137 DWORD ProccntUsage;
138 BYTE *modBaseAddr;
139 DWORD modBaseSize;
140 HMODULE hModule;
141 char szModule[256];
142 char szExePath[260];
143} MODULEENTRY32;
144
145
146
147/* Type definitions for function pointers to call Toolhelp32 functions
148 * used with the windows95 gatherer */
149typedef BOOL (WINAPI * MODULEWALK) (HANDLE hSnapshot, MODULEENTRY32 *lpme);
150typedef BOOL (WINAPI * THREADWALK) (HANDLE hSnapshot, THREADENTRY32 *lpte);
151typedef BOOL (WINAPI * PROCESSWALK) (HANDLE hSnapshot, PROCESSENTRY32 *lppe);
152typedef BOOL (WINAPI * HEAPLISTWALK) (HANDLE hSnapshot, HEAPLIST32 *lphl);
153typedef BOOL (WINAPI * HEAPFIRST) (HEAPENTRY32 *lphe, DWORD th32ProcessID,
154 DWORD th32HeapID);
155typedef BOOL (WINAPI * HEAPNEXT) (HEAPENTRY32 *lphe);
156typedef HANDLE (WINAPI * CREATESNAPSHOT) (DWORD dwFlags, DWORD th32ProcessID);
157
158/* Type definitions for function pointers to call NetAPI32 functions */
159typedef DWORD (WINAPI * NETSTATISTICSGET) (LPWSTR szServer, LPWSTR szService,
160 DWORD dwLevel, DWORD dwOptions,
161 LPBYTE * lpBuffer);
162typedef DWORD (WINAPI * NETAPIBUFFERSIZE) (LPVOID lpBuffer, LPDWORD cbBuffer);
163typedef DWORD (WINAPI * NETAPIBUFFERFREE) (LPVOID lpBuffer);
164
165
166/* When we query the performance counters, we allocate an initial buffer and
167 * then reallocate it as required until RegQueryValueEx() stops returning
168 * ERROR_MORE_DATA. The following values define the initial buffer size and
169 * step size by which the buffer is increased
170 */
171#define PERFORMANCE_BUFFER_SIZE 65536 /* Start at 64K */
172#define PERFORMANCE_BUFFER_STEP 16384 /* Step by 16K */
173
174
175static void
176slow_gatherer_windows95( void (*add)(const void*, size_t, int), int requester )
177{
178 static CREATESNAPSHOT pCreateToolhelp32Snapshot = NULL;
179 static MODULEWALK pModule32First = NULL;
180 static MODULEWALK pModule32Next = NULL;
181 static PROCESSWALK pProcess32First = NULL;
182 static PROCESSWALK pProcess32Next = NULL;
183 static THREADWALK pThread32First = NULL;
184 static THREADWALK pThread32Next = NULL;
185 static HEAPLISTWALK pHeap32ListFirst = NULL;
186 static HEAPLISTWALK pHeap32ListNext = NULL;
187 static HEAPFIRST pHeap32First = NULL;
188 static HEAPNEXT pHeap32Next = NULL;
189 HANDLE hSnapshot;
190
191
192 /* initialize the Toolhelp32 function pointers */
193 if ( !pCreateToolhelp32Snapshot ) {
194 HANDLE hKernel;
195
196 if ( debug_me )
197 log_debug ("rndw32#slow_gatherer_95: init toolkit\n" );
198
199 /* Obtain the module handle of the kernel to retrieve the addresses
200 * of the Toolhelp32 functions */
201 if ( ( !(hKernel = GetModuleHandle ("KERNEL32.DLL"))) ) {
202 log_fatal ( "rndw32: can't get module handle\n" );
203 }
204
205 /* Now get pointers to the functions */
206 pCreateToolhelp32Snapshot = (CREATESNAPSHOT) GetProcAddress (hKernel,
207 "CreateToolhelp32Snapshot");
208 pModule32First = (MODULEWALK) GetProcAddress (hKernel, "Module32First");
209 pModule32Next = (MODULEWALK) GetProcAddress (hKernel, "Module32Next");
210 pProcess32First = (PROCESSWALK) GetProcAddress (hKernel,
211 "Process32First");
212 pProcess32Next = (PROCESSWALK) GetProcAddress (hKernel,
213 "Process32Next");
214 pThread32First = (THREADWALK) GetProcAddress (hKernel, "Thread32First");
215 pThread32Next = (THREADWALK) GetProcAddress (hKernel, "Thread32Next");
216 pHeap32ListFirst = (HEAPLISTWALK) GetProcAddress (hKernel,
217 "Heap32ListFirst");
218 pHeap32ListNext = (HEAPLISTWALK) GetProcAddress (hKernel,
219 "Heap32ListNext");
220 pHeap32First = (HEAPFIRST) GetProcAddress (hKernel, "Heap32First");
221 pHeap32Next = (HEAPNEXT) GetProcAddress (hKernel, "Heap32Next");
222
223 if ( !pCreateToolhelp32Snapshot
224 || !pModule32First || !pModule32Next
225 || !pProcess32First || !pProcess32Next
226 || !pThread32First || !pThread32Next
227 || !pHeap32ListFirst || !pHeap32ListNext
228 || !pHeap32First || !pHeap32Next ) {
229 log_fatal ( "rndw32: failed to get a toolhelp function\n" );
230 }
231 }
232
233 /* Take a snapshot of everything we can get to which is currently
234 * in the system */
235 if ( !(hSnapshot = pCreateToolhelp32Snapshot (TH32CS_SNAPALL, 0)) ) {
236 log_fatal ( "rndw32: failed to take a toolhelp snapshot\n" );
237 }
238
239 /* Walk through the local heap */
240 { HEAPLIST32 hl32;
241 DWORD dwHeapsAdded = 0;
242 const DWORD maxHeapsToAdd = 500;
243 hl32.dwSize = sizeof (HEAPLIST32);
244 if (pHeap32ListFirst (hSnapshot, &hl32)) {
245 if ( debug_me )
246 log_debug ("rndw32#slow_gatherer_95: walk heap\n" );
247 do {
248 HEAPENTRY32 he32;
249
250 /* First add the information from the basic Heaplist32 struct */
251 (*add) ( &hl32, sizeof (hl32), requester );
252
253 /* Now walk through the heap blocks getting information
254 * on each of them */
255 he32.dwSize = sizeof (HEAPENTRY32);
256 if (pHeap32First (&he32, hl32.th32ProcessID, hl32.th32HeapID)){
257 do {
258 (*add) ( &he32, sizeof (he32), requester );
259 if (++dwHeapsAdded == maxHeapsToAdd) {
260 goto doneheap;
261 }
262 } while (pHeap32Next (&he32));
263 }
264 } while (pHeap32ListNext (hSnapshot, &hl32));
265 }
266 }
267
268doneheap:
269
270 /* Walk through all processes */
271 { PROCESSENTRY32 pe32;
272 pe32.dwSize = sizeof (PROCESSENTRY32);
273 if (pProcess32First (hSnapshot, &pe32)) {
274 if ( debug_me )
275 log_debug ("rndw32#slow_gatherer_95: walk processes\n" );
276 do {
277 (*add) ( &pe32, sizeof (pe32), requester );
278 } while (pProcess32Next (hSnapshot, &pe32));
279 }
280 }
281
282 /* Walk through all threads */
283 { THREADENTRY32 te32;
284 te32.dwSize = sizeof (THREADENTRY32);
285 if (pThread32First (hSnapshot, &te32)) {
286 if ( debug_me )
287 log_debug ("rndw32#slow_gatherer_95: walk threads\n" );
288 do {
289 (*add) ( &te32, sizeof (te32), requester );
290 } while (pThread32Next (hSnapshot, &te32));
291 }
292 }
293
294 /* Walk through all modules associated with the process */
295 { MODULEENTRY32 me32;
296 me32.dwSize = sizeof (MODULEENTRY32);
297 if (pModule32First (hSnapshot, &me32)) {
298 if ( debug_me )
299 log_debug ("rndw32#slow_gatherer_95: walk modules\n" );
300 do {
301 (*add) ( &me32, sizeof (me32), requester );
302 } while (pModule32Next (hSnapshot, &me32));
303 }
304 }
305
306 CloseHandle (hSnapshot);
307}
308
309
310
311static void
312slow_gatherer_windowsNT( void (*add)(const void*, size_t, int), int requester )
313{
314 static int is_initialized = 0;
315 static NETSTATISTICSGET pNetStatisticsGet = NULL;
316 static NETAPIBUFFERSIZE pNetApiBufferSize = NULL;
317 static NETAPIBUFFERFREE pNetApiBufferFree = NULL;
318 static int is_workstation = 1;
319
320 static int cbPerfData = PERFORMANCE_BUFFER_SIZE;
321 PERF_DATA_BLOCK *pPerfData;
322 HANDLE hDevice, hNetAPI32 = NULL;
323 DWORD dwSize, status;
324 int nDrive;
325
326 if ( !is_initialized ) {
327 HKEY hKey;
328
329 if ( debug_me )
330 log_debug ("rndw32#slow_gatherer_nt: init toolkit\n" );
331 /* Find out whether this is an NT server or workstation if necessary */
332 if (RegOpenKeyEx (HKEY_LOCAL_MACHINE,
333 "SYSTEM\\CurrentControlSet\\Control\\ProductOptions",
334 0, KEY_READ, &hKey) == ERROR_SUCCESS) {
335 BYTE szValue[32];
336 dwSize = sizeof (szValue);
337
338 if ( debug_me )
339 log_debug ("rndw32#slow_gatherer_nt: check product options\n" );
340 status = RegQueryValueEx (hKey, "ProductType", 0, NULL,
341 szValue, &dwSize);
342 if (status == ERROR_SUCCESS && stricmp (szValue, "WinNT")) {
343 /* Note: There are (at least) three cases for ProductType:
344 * WinNT = NT Workstation, ServerNT = NT Server, LanmanNT =
345 * NT Server acting as a Domain Controller */
346 is_workstation = 0;
347 if ( debug_me )
348 log_debug ("rndw32: this is a NT server\n");
349 }
350 RegCloseKey (hKey);
351 }
352
353 /* Initialize the NetAPI32 function pointers if necessary */
354 if ( (hNetAPI32 = LoadLibrary ("NETAPI32.DLL")) ) {
355 if ( debug_me )
356 log_debug ("rndw32#slow_gatherer_nt: netapi32 loaded\n" );
357 pNetStatisticsGet = (NETSTATISTICSGET) GetProcAddress (hNetAPI32,
358 "NetStatisticsGet");
359 pNetApiBufferSize = (NETAPIBUFFERSIZE) GetProcAddress (hNetAPI32,
360 "NetApiBufferSize");
361 pNetApiBufferFree = (NETAPIBUFFERFREE) GetProcAddress (hNetAPI32,
362 "NetApiBufferFree");
363
364 if ( !pNetStatisticsGet
365 || !pNetApiBufferSize || !pNetApiBufferFree ) {
366 FreeLibrary (hNetAPI32);
367 hNetAPI32 = NULL;
368 log_debug ("rndw32: No NETAPI found\n" );
369 }
370 }
371
372 is_initialized = 1;
373 }
374
375 /* Get network statistics. Note: Both NT Workstation and NT Server by
376 * default will be running both the workstation and server services. The
377 * heuristic below is probably useful though on the assumption that the
378 * majority of the network traffic will be via the appropriate service.
379 * In any case the network statistics return almost no randomness */
380 { LPBYTE lpBuffer;
381 if (hNetAPI32 && !pNetStatisticsGet (NULL,
382 is_workstation ? L"LanmanWorkstation" :
383 L"LanmanServer", 0, 0, &lpBuffer) ) {
384 if ( debug_me )
385 log_debug ("rndw32#slow_gatherer_nt: get netstats\n" );
386 pNetApiBufferSize (lpBuffer, &dwSize);
387 (*add) ( lpBuffer, dwSize,requester );
388 pNetApiBufferFree (lpBuffer);
389 }
390 }
391
392 /* Get disk I/O statistics for all the hard drives */
393 for (nDrive = 0;; nDrive++) {
394 char diskPerformance[SIZEOF_DISK_PERFORMANCE_STRUCT];
395 char szDevice[50];
396
397 /* Check whether we can access this device */
398 sprintf (szDevice, "\\\\.\\PhysicalDrive%d", nDrive);
399 hDevice = CreateFile (szDevice, 0, FILE_SHARE_READ | FILE_SHARE_WRITE,
400 NULL, OPEN_EXISTING, 0, NULL);
401 if (hDevice == INVALID_HANDLE_VALUE)
402 break;
403
404 /* Note: This only works if you have turned on the disk performance
405 * counters with 'diskperf -y'. These counters are off by default */
406 if (DeviceIoControl (hDevice, IOCTL_DISK_PERFORMANCE, NULL, 0,
407 &diskPerformance, SIZEOF_DISK_PERFORMANCE_STRUCT,
408 &dwSize, NULL))
409 {
410 if ( debug_me )
411 log_debug ("rndw32#slow_gatherer_nt: iostats drive %d\n",
412 nDrive );
413 (*add) (diskPerformance, dwSize, requester );
414 }
415 else {
416 log_info ("NOTE: you should run 'diskperf -y' "
417 "to enable the disk statistics\n");
418 }
419 CloseHandle (hDevice);
420 }
421
422#if 0 /* we don't need this in GnuPG */
423 /* Wait for any async keyset driver binding to complete. You may be
424 * wondering what this call is doing here... the reason it's necessary is
425 * because RegQueryValueEx() will hang indefinitely if the async driver
426 * bind is in progress. The problem occurs in the dynamic loading and
427 * linking of driver DLL's, which work as follows:
428 *
429 * hDriver = LoadLibrary( DRIVERNAME );
430 * pFunction1 = ( TYPE_FUNC1 ) GetProcAddress( hDriver, NAME_FUNC1 );
431 * pFunction2 = ( TYPE_FUNC1 ) GetProcAddress( hDriver, NAME_FUNC2 );
432 *
433 * If RegQueryValueEx() is called while the GetProcAddress()'s are in
434 * progress, it will hang indefinitely. This is probably due to some
435 * synchronisation problem in the NT kernel where the GetProcAddress()
436 * calls affect something like a module reference count or function
437 * reference count while RegQueryValueEx() is trying to take a snapshot
438 * of the statistics, which include the reference counts. Because of
439 * this, we have to wait until any async driver bind has completed
440 * before we can call RegQueryValueEx() */
441 waitSemaphore (SEMAPHORE_DRIVERBIND);
442#endif
443
444 /* Get information from the system performance counters. This can take
445 * a few seconds to do. In some environments the call to
446 * RegQueryValueEx() can produce an access violation at some random time
447 * in the future, adding a short delay after the following code block
448 * makes the problem go away. This problem is extremely difficult to
449 * reproduce, I haven't been able to get it to occur despite running it
450 * on a number of machines. The best explanation for the problem is that
451 * on the machine where it did occur, it was caused by an external driver
452 * or other program which adds its own values under the
453 * HKEY_PERFORMANCE_DATA key. The NT kernel calls the required external
454 * modules to map in the data, if there's a synchronisation problem the
455 * external module would write its data at an inappropriate moment,
456 * causing the access violation. A low-level memory checker indicated
457 * that ExpandEnvironmentStrings() in KERNEL32.DLL, called an
458 * interminable number of calls down inside RegQueryValueEx(), was
459 * overwriting memory (it wrote twice the allocated size of a buffer to a
460 * buffer allocated by the NT kernel). This may be what's causing the
461 * problem, but since it's in the kernel there isn't much which can be
462 * done.
463 *
464 * In addition to these problems the code in RegQueryValueEx() which
465 * estimates the amount of memory required to return the performance
466 * counter information isn't very accurate, since it always returns a
467 * worst-case estimate which is usually nowhere near the actual amount
468 * required. For example it may report that 128K of memory is required,
469 * but only return 64K of data */
470 { pPerfData = gcry_xmalloc (cbPerfData);
471 for (;;) {
472 dwSize = cbPerfData;
473 if ( debug_me )
474 log_debug ("rndw32#slow_gatherer_nt: get perf data\n" );
475 status = RegQueryValueEx (HKEY_PERFORMANCE_DATA, "Global", NULL,
476 NULL, (LPBYTE) pPerfData, &dwSize);
477 if (status == ERROR_SUCCESS) {
478 if (!memcmp (pPerfData->Signature, L"PERF", 8)) {
479 (*add) ( pPerfData, dwSize, requester );
480 }
481 else
482 log_debug ( "rndw32: no PERF signature\n");
483 break;
484 }
485 else if (status == ERROR_MORE_DATA) {
486 cbPerfData += PERFORMANCE_BUFFER_STEP;
487 pPerfData = gcry_realloc (pPerfData, cbPerfData);
488 }
489 else {
490 log_debug ( "rndw32: get performance data problem\n");
491 break;
492 }
493 }
494 gcry_free (pPerfData);
495 }
496 /* Although this isn't documented in the Win32 API docs, it's necessary
497 to explicitly close the HKEY_PERFORMANCE_DATA key after use (it's
498 implicitly opened on the first call to RegQueryValueEx()). If this
499 isn't done then any system components which provide performance data
500 can't be removed or changed while the handle remains active */
501 RegCloseKey (HKEY_PERFORMANCE_DATA);
502}
503
504
505int
506_gcry_rndw32_gather_random( void (*add)(const void*, size_t, int),
507 int requester,
508 size_t length, int level )
509{
510 static int is_initialized;
511 static int is_windowsNT, has_toolhelp;
512
513
514 if( !level )
515 return 0;
516 /* We don't differentiate between level 1 and 2 here because
517 * there is no internal entropy pool as a scary resource. It may
518 * all work slower, but because our entropy source will never
519 * block but deliver some not easy to measure entropy, we assume level 2
520 */
521
522
523 if ( !is_initialized ) {
524 OSVERSIONINFO osvi = { sizeof( osvi ) };
525 DWORD platform;
526
527 GetVersionEx( &osvi );
528 platform = osvi.dwPlatformId;
529 is_windowsNT = platform == VER_PLATFORM_WIN32_NT;
530 has_toolhelp = (platform == VER_PLATFORM_WIN32_WINDOWS
531 || (is_windowsNT && osvi.dwMajorVersion >= 5));
532
533 if ( platform == VER_PLATFORM_WIN32s ) {
534 log_fatal("can't run on a W32s platform\n" );
535 }
536 is_initialized = 1;
537 if ( debug_me )
538 log_debug ("rndw32#gather_random: platform=%d\n", (int)platform );
539 }
540
541
542 if ( debug_me )
543 log_debug ("rndw32#gather_random: req=%d len=%u lvl=%d\n",
544 requester, (unsigned int)length, level );
545
546 if ( is_windowsNT ) {
547 slow_gatherer_windowsNT ( add, requester );
548 }
549 else if ( has_toolhelp ) {
550 slow_gatherer_windows95 ( add, requester );
551 }
552
553
554 return 0;
555}
556
557
558int
559_gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, int),
560 int requester )
561{
562 static int addedFixedItems = 0;
563
564 if ( debug_me )
565 log_debug ("rndw32#gather_random_fast: req=%d\n", requester );
566
567 /* Get various basic pieces of system information: Handle of active
568 * window, handle of window with mouse capture, handle of clipboard owner
569 * handle of start of clpboard viewer list, pseudohandle of current
570 * process, current process ID, pseudohandle of current thread, current
571 * thread ID, handle of desktop window, handle of window with keyboard
572 * focus, whether system queue has any events, cursor position for last
573 * message, 1 ms time for last message, handle of window with clipboard
574 * open, handle of process heap, handle of procs window station, types of
575 * events in input queue, and milliseconds since Windows was started */
576 { byte buffer[20*sizeof(ulong)], *bufptr;
577 bufptr = buffer;
578#define ADD(f) do { ulong along = (ulong)(f); \
579 memcpy (bufptr, &along, sizeof (along) ); \
580 bufptr += sizeof (along); } while (0)
581 ADD ( GetActiveWindow ());
582 ADD ( GetCapture ());
583 ADD ( GetClipboardOwner ());
584 ADD ( GetClipboardViewer ());
585 ADD ( GetCurrentProcess ());
586 ADD ( GetCurrentProcessId ());
587 ADD ( GetCurrentThread ());
588 ADD ( GetCurrentThreadId ());
589 ADD ( GetDesktopWindow ());
590 ADD ( GetFocus ());
591 ADD ( GetInputState ());
592 ADD ( GetMessagePos ());
593 ADD ( GetMessageTime ());
594 ADD ( GetOpenClipboardWindow ());
595 ADD ( GetProcessHeap ());
596 ADD ( GetProcessWindowStation ());
597 ADD ( GetQueueStatus (QS_ALLEVENTS));
598 ADD ( GetTickCount ());
599
600 assert ( bufptr-buffer < sizeof (buffer) );
601 (*add) ( buffer, bufptr-buffer, requester );
602#undef ADD
603 }
604
605 /* Get multiword system information: Current caret position, current
606 * mouse cursor position */
607 { POINT point;
608 GetCaretPos (&point);
609 (*add) ( &point, sizeof (point), requester );
610 GetCursorPos (&point);
611 (*add) ( &point, sizeof (point), requester );
612 }
613
614 /* Get percent of memory in use, bytes of physical memory, bytes of free
615 * physical memory, bytes in paging file, free bytes in paging file, user
616 * bytes of address space, and free user bytes */
617 { MEMORYSTATUS memoryStatus;
618 memoryStatus.dwLength = sizeof (MEMORYSTATUS);
619 GlobalMemoryStatus (&memoryStatus);
620 (*add) ( &memoryStatus, sizeof (memoryStatus), requester );
621 }
622
623 /* Get thread and process creation time, exit time, time in kernel mode,
624 and time in user mode in 100ns intervals */
625 { HANDLE handle;
626 FILETIME creationTime, exitTime, kernelTime, userTime;
627 DWORD minimumWorkingSetSize, maximumWorkingSetSize;
628
629 handle = GetCurrentThread ();
630 GetThreadTimes (handle, &creationTime, &exitTime,
631 &kernelTime, &userTime);
632 (*add) ( &creationTime, sizeof (creationTime), requester );
633 (*add) ( &exitTime, sizeof (exitTime), requester );
634 (*add) ( &kernelTime, sizeof (kernelTime), requester );
635 (*add) ( &userTime, sizeof (userTime), requester );
636
637 handle = GetCurrentProcess ();
638 GetProcessTimes (handle, &creationTime, &exitTime,
639 &kernelTime, &userTime);
640 (*add) ( &creationTime, sizeof (creationTime), requester );
641 (*add) ( &exitTime, sizeof (exitTime), requester );
642 (*add) ( &kernelTime, sizeof (kernelTime), requester );
643 (*add) ( &userTime, sizeof (userTime), requester );
644
645 /* Get the minimum and maximum working set size for the
646 current process */
647 GetProcessWorkingSetSize (handle, &minimumWorkingSetSize,
648 &maximumWorkingSetSize);
649 (*add) ( &minimumWorkingSetSize,
650 sizeof (minimumWorkingSetSize), requester );
651 (*add) ( &maximumWorkingSetSize,
652 sizeof (maximumWorkingSetSize), requester );
653 }
654
655
656 /* The following are fixed for the lifetime of the process so we only
657 * add them once */
658 if (!addedFixedItems) {
659 STARTUPINFO startupInfo;
660
661 /* Get name of desktop, console window title, new window position and
662 * size, window flags, and handles for stdin, stdout, and stderr */
663 startupInfo.cb = sizeof (STARTUPINFO);
664 GetStartupInfo (&startupInfo);
665 (*add) ( &startupInfo, sizeof (STARTUPINFO), requester );
666 addedFixedItems = 1;
667 }
668
669 /* The performance of QPC varies depending on the architecture it's
670 * running on and on the OS. Under NT it reads the CPU's 64-bit timestamp
671 * counter (at least on a Pentium and newer '486's, it hasn't been tested
672 * on anything without a TSC), under Win95 it reads the 1.193180 MHz PIC
673 * timer. There are vague mumblings in the docs that it may fail if the
674 * appropriate hardware isn't available (possibly '386's or MIPS machines
675 * running NT), but who's going to run NT on a '386? */
676 { LARGE_INTEGER performanceCount;
677 if (QueryPerformanceCounter (&performanceCount)) {
678 if ( debug_me )
679 log_debug ("rndw32#gather_random_fast: perf data\n");
680 (*add) (&performanceCount, sizeof (performanceCount), requester);
681 }
682 else { /* Millisecond accuracy at best... */
683 DWORD aword = GetTickCount ();
684 (*add) (&aword, sizeof (aword), requester );
685 }
686 }
687
688 return 0;
689}
690
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rsa.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rsa.c
new file mode 100755
index 0000000..4738f43
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rsa.c
@@ -0,0 +1,632 @@
1/* rsa.c - RSA function
2 * Copyright (C) 1997, 1998, 1999 by Werner Koch (dd9jn)
3 * Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
4 *
5 * This file is part of Libgcrypt.
6 *
7 * Libgcrypt is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * Libgcrypt is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
20 */
21
22/* This code uses an algorithm protected by U.S. Patent #4,405,829
23 which expired on September 20, 2000. The patent holder placed that
24 patent into the public domain on Sep 6th, 2000.
25*/
26
27#include <config.h>
28#include <stdio.h>
29#include <stdlib.h>
30#include <string.h>
31#include "g10lib.h"
32#include "mpi.h"
33#include "cipher.h"
34
35
36typedef struct
37{
38 gcry_mpi_t n; /* modulus */
39 gcry_mpi_t e; /* exponent */
40} RSA_public_key;
41
42
43typedef struct
44{
45 gcry_mpi_t n; /* public modulus */
46 gcry_mpi_t e; /* public exponent */
47 gcry_mpi_t d; /* exponent */
48 gcry_mpi_t p; /* prime p. */
49 gcry_mpi_t q; /* prime q. */
50 gcry_mpi_t u; /* inverse of p mod q. */
51} RSA_secret_key;
52
53
54static void test_keys (RSA_secret_key *sk, unsigned nbits);
55static void generate (RSA_secret_key *sk,
56 unsigned int nbits, unsigned long use_e);
57static int check_secret_key (RSA_secret_key *sk);
58static void public (gcry_mpi_t output, gcry_mpi_t input, RSA_public_key *skey);
59static void secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey);
60
61
62static void
63test_keys( RSA_secret_key *sk, unsigned nbits )
64{
65 RSA_public_key pk;
66 gcry_mpi_t test = gcry_mpi_new ( nbits );
67 gcry_mpi_t out1 = gcry_mpi_new ( nbits );
68 gcry_mpi_t out2 = gcry_mpi_new ( nbits );
69
70 pk.n = sk->n;
71 pk.e = sk->e;
72 gcry_mpi_randomize( test, nbits, GCRY_WEAK_RANDOM );
73
74 public( out1, test, &pk );
75 secret( out2, out1, sk );
76 if( mpi_cmp( test, out2 ) )
77 log_fatal("RSA operation: public, secret failed\n");
78 secret( out1, test, sk );
79 public( out2, out1, &pk );
80 if( mpi_cmp( test, out2 ) )
81 log_fatal("RSA operation: secret, public failed\n");
82 gcry_mpi_release ( test );
83 gcry_mpi_release ( out1 );
84 gcry_mpi_release ( out2 );
85}
86
87
88/* Callback used by the prime generation to test whether the exponent
89 is suitable. Returns 0 if the test has been passed. */
90static int
91check_exponent (void *arg, gcry_mpi_t a)
92{
93 gcry_mpi_t e = arg;
94 gcry_mpi_t tmp;
95 int result;
96
97 mpi_sub_ui (a, a, 1);
98 tmp = _gcry_mpi_alloc_like (a);
99 result = !gcry_mpi_gcd(tmp, e, a); /* GCD is not 1. */
100 gcry_mpi_release (tmp);
101 mpi_add_ui (a, a, 1);
102 return result;
103}
104
105/****************
106 * Generate a key pair with a key of size NBITS.
107 * USE_E = 0 let Libcgrypt decide what exponent to use.
108 * = 1 request the use of a "secure" exponent; this is required by some
109 * specification to be 65537.
110 * > 2 Try starting at this value until a working exponent is found.
111 * Returns: 2 structures filled with all needed values
112 */
113static void
114generate (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e)
115{
116 gcry_mpi_t p, q; /* the two primes */
117 gcry_mpi_t d; /* the private key */
118 gcry_mpi_t u;
119 gcry_mpi_t t1, t2;
120 gcry_mpi_t n; /* the public key */
121 gcry_mpi_t e; /* the exponent */
122 gcry_mpi_t phi; /* helper: (p-1)(q-1) */
123 gcry_mpi_t g;
124 gcry_mpi_t f;
125
126 /* make sure that nbits is even so that we generate p, q of equal size */
127 if ( (nbits&1) )
128 nbits++;
129
130 if (use_e == 1) /* Alias for a secure value. */
131 use_e = 65537; /* as demanded by Spinx. */
132
133 /* Public exponent:
134 In general we use 41 as this is quite fast and more secure than the
135 commonly used 17. Benchmarking the RSA verify function
136 with a 1024 bit key yields (2001-11-08):
137 e=17 0.54 ms
138 e=41 0.75 ms
139 e=257 0.95 ms
140 e=65537 1.80 ms
141 */
142 e = mpi_alloc( (32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
143 if (!use_e)
144 mpi_set_ui (e, 41); /* This is a reasonable secure and fast value */
145 else
146 {
147 use_e |= 1; /* make sure this is odd */
148 mpi_set_ui (e, use_e);
149 }
150
151 n = gcry_mpi_new (nbits);
152
153 p = q = NULL;
154 do
155 {
156 /* select two (very secret) primes */
157 if (p)
158 gcry_mpi_release (p);
159 if (q)
160 gcry_mpi_release (q);
161 if (use_e)
162 { /* Do an extra test to ensure that the given exponent is
163 suitable. */
164 p = _gcry_generate_secret_prime (nbits/2, check_exponent, e);
165 q = _gcry_generate_secret_prime (nbits/2, check_exponent, e);
166 }
167 else
168 { /* We check the exponent later. */
169 p = _gcry_generate_secret_prime (nbits/2, NULL, NULL);
170 q = _gcry_generate_secret_prime (nbits/2, NULL, NULL);
171 }
172 if (mpi_cmp (p, q) > 0 ) /* p shall be smaller than q (for calc of u)*/
173 mpi_swap(p,q);
174 /* calculate the modulus */
175 mpi_mul( n, p, q );
176 }
177 while ( mpi_get_nbits(n) != nbits );
178
179 /* calculate Euler totient: phi = (p-1)(q-1) */
180 t1 = mpi_alloc_secure( mpi_get_nlimbs(p) );
181 t2 = mpi_alloc_secure( mpi_get_nlimbs(p) );
182 phi = gcry_mpi_snew ( nbits );
183 g = gcry_mpi_snew ( nbits );
184 f = gcry_mpi_snew ( nbits );
185 mpi_sub_ui( t1, p, 1 );
186 mpi_sub_ui( t2, q, 1 );
187 mpi_mul( phi, t1, t2 );
188 gcry_mpi_gcd(g, t1, t2);
189 mpi_fdiv_q(f, phi, g);
190
191 while (!gcry_mpi_gcd(t1, e, phi)) /* (while gcd is not 1) */
192 {
193 if (use_e)
194 BUG (); /* The prime generator already made sure that we
195 never can get to here. */
196 mpi_add_ui (e, e, 2);
197 }
198
199 /* calculate the secret key d = e^1 mod phi */
200 d = gcry_mpi_snew ( nbits );
201 mpi_invm(d, e, f );
202 /* calculate the inverse of p and q (used for chinese remainder theorem)*/
203 u = gcry_mpi_snew ( nbits );
204 mpi_invm(u, p, q );
205
206 if( DBG_CIPHER )
207 {
208 log_mpidump(" p= ", p );
209 log_mpidump(" q= ", q );
210 log_mpidump("phi= ", phi );
211 log_mpidump(" g= ", g );
212 log_mpidump(" f= ", f );
213 log_mpidump(" n= ", n );
214 log_mpidump(" e= ", e );
215 log_mpidump(" d= ", d );
216 log_mpidump(" u= ", u );
217 }
218
219 gcry_mpi_release (t1);
220 gcry_mpi_release (t2);
221 gcry_mpi_release (phi);
222 gcry_mpi_release (f);
223 gcry_mpi_release (g);
224
225 sk->n = n;
226 sk->e = e;
227 sk->p = p;
228 sk->q = q;
229 sk->d = d;
230 sk->u = u;
231
232 /* now we can test our keys (this should never fail!) */
233 test_keys( sk, nbits - 64 );
234}
235
236
237/****************
238 * Test wether the secret key is valid.
239 * Returns: true if this is a valid key.
240 */
241static int
242check_secret_key( RSA_secret_key *sk )
243{
244 int rc;
245 gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(sk->p)*2 );
246
247 mpi_mul(temp, sk->p, sk->q );
248 rc = mpi_cmp( temp, sk->n );
249 mpi_free(temp);
250 return !rc;
251}
252
253
254
255/****************
256 * Public key operation. Encrypt INPUT with PKEY and put result into OUTPUT.
257 *
258 * c = m^e mod n
259 *
260 * Where c is OUTPUT, m is INPUT and e,n are elements of PKEY.
261 */
262static void
263public(gcry_mpi_t output, gcry_mpi_t input, RSA_public_key *pkey )
264{
265 if( output == input ) /* powm doesn't like output and input the same */
266 {
267 gcry_mpi_t x = mpi_alloc( mpi_get_nlimbs(input)*2 );
268 mpi_powm( x, input, pkey->e, pkey->n );
269 mpi_set(output, x);
270 mpi_free(x);
271 }
272 else
273 mpi_powm( output, input, pkey->e, pkey->n );
274}
275
276#if 0
277static void
278stronger_key_check ( RSA_secret_key *skey )
279{
280 gcry_mpi_t t = mpi_alloc_secure ( 0 );
281 gcry_mpi_t t1 = mpi_alloc_secure ( 0 );
282 gcry_mpi_t t2 = mpi_alloc_secure ( 0 );
283 gcry_mpi_t phi = mpi_alloc_secure ( 0 );
284
285 /* check that n == p * q */
286 mpi_mul( t, skey->p, skey->q);
287 if (mpi_cmp( t, skey->n) )
288 log_info ( "RSA Oops: n != p * q\n" );
289
290 /* check that p is less than q */
291 if( mpi_cmp( skey->p, skey->q ) > 0 )
292 {
293 log_info ("RSA Oops: p >= q - fixed\n");
294 _gcry_mpi_swap ( skey->p, skey->q);
295 }
296
297 /* check that e divides neither p-1 nor q-1 */
298 mpi_sub_ui(t, skey->p, 1 );
299 mpi_fdiv_r(t, t, skey->e );
300 if ( !mpi_cmp_ui( t, 0) )
301 log_info ( "RSA Oops: e divides p-1\n" );
302 mpi_sub_ui(t, skey->q, 1 );
303 mpi_fdiv_r(t, t, skey->e );
304 if ( !mpi_cmp_ui( t, 0) )
305 log_info ( "RSA Oops: e divides q-1\n" );
306
307 /* check that d is correct */
308 mpi_sub_ui( t1, skey->p, 1 );
309 mpi_sub_ui( t2, skey->q, 1 );
310 mpi_mul( phi, t1, t2 );
311 gcry_mpi_gcd(t, t1, t2);
312 mpi_fdiv_q(t, phi, t);
313 mpi_invm(t, skey->e, t );
314 if ( mpi_cmp(t, skey->d ) )
315 {
316 log_info ( "RSA Oops: d is wrong - fixed\n");
317 mpi_set (skey->d, t);
318 _gcry_log_mpidump (" fixed d", skey->d);
319 }
320
321 /* check for correctness of u */
322 mpi_invm(t, skey->p, skey->q );
323 if ( mpi_cmp(t, skey->u ) )
324 {
325 log_info ( "RSA Oops: u is wrong - fixed\n");
326 mpi_set (skey->u, t);
327 _gcry_log_mpidump (" fixed u", skey->u);
328 }
329
330 log_info ( "RSA secret key check finished\n");
331
332 mpi_free (t);
333 mpi_free (t1);
334 mpi_free (t2);
335 mpi_free (phi);
336}
337#endif
338
339
340
341/****************
342 * Secret key operation. Encrypt INPUT with SKEY and put result into OUTPUT.
343 *
344 * m = c^d mod n
345 *
346 * Or faster:
347 *
348 * m1 = c ^ (d mod (p-1)) mod p
349 * m2 = c ^ (d mod (q-1)) mod q
350 * h = u * (m2 - m1) mod q
351 * m = m1 + h * p
352 *
353 * Where m is OUTPUT, c is INPUT and d,n,p,q,u are elements of SKEY.
354 */
355static void
356secret(gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )
357{
358 if (!skey->p && !skey->q && !skey->u)
359 {
360 mpi_powm (output, input, skey->d, skey->n);
361 }
362 else
363 {
364 gcry_mpi_t m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
365 gcry_mpi_t m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
366 gcry_mpi_t h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
367
368 /* m1 = c ^ (d mod (p-1)) mod p */
369 mpi_sub_ui( h, skey->p, 1 );
370 mpi_fdiv_r( h, skey->d, h );
371 mpi_powm( m1, input, h, skey->p );
372 /* m2 = c ^ (d mod (q-1)) mod q */
373 mpi_sub_ui( h, skey->q, 1 );
374 mpi_fdiv_r( h, skey->d, h );
375 mpi_powm( m2, input, h, skey->q );
376 /* h = u * ( m2 - m1 ) mod q */
377 mpi_sub( h, m2, m1 );
378 if ( mpi_is_neg( h ) )
379 mpi_add ( h, h, skey->q );
380 mpi_mulm( h, skey->u, h, skey->q );
381 /* m = m2 + h * p */
382 mpi_mul ( h, h, skey->p );
383 mpi_add ( output, m1, h );
384
385 mpi_free ( h );
386 mpi_free ( m1 );
387 mpi_free ( m2 );
388 }
389}
390
391
392
393/* Perform RSA blinding. */
394static gcry_mpi_t
395rsa_blind (gcry_mpi_t x, gcry_mpi_t r, gcry_mpi_t e, gcry_mpi_t n)
396{
397 /* A helper. */
398 gcry_mpi_t a;
399
400 /* Result. */
401 gcry_mpi_t y;
402
403 a = gcry_mpi_snew (gcry_mpi_get_nbits (n));
404 y = gcry_mpi_snew (gcry_mpi_get_nbits (n));
405
406 /* Now we calculate: y = (x * r^e) mod n, where r is the random
407 number, e is the public exponent, x is the non-blinded data and n
408 is the RSA modulus. */
409 gcry_mpi_powm (a, r, e, n);
410 gcry_mpi_mulm (y, a, x, n);
411
412 gcry_mpi_release (a);
413
414 return y;
415}
416
417/* Undo RSA blinding. */
418static gcry_mpi_t
419rsa_unblind (gcry_mpi_t x, gcry_mpi_t ri, gcry_mpi_t n)
420{
421 gcry_mpi_t y;
422
423 y = gcry_mpi_snew (gcry_mpi_get_nbits (n));
424
425 /* Here we calculate: y = (x * r^-1) mod n, where x is the blinded
426 decrypted data, ri is the modular multiplicative inverse of r and
427 n is the RSA modulus. */
428
429 gcry_mpi_mulm (y, ri, x, n);
430
431 return y;
432}
433
434/*********************************************
435 ************** interface ******************
436 *********************************************/
437
438gcry_err_code_t
439_gcry_rsa_generate (int algo, unsigned int nbits, unsigned long use_e,
440 gcry_mpi_t *skey, gcry_mpi_t **retfactors)
441{
442 RSA_secret_key sk;
443
444 generate (&sk, nbits, use_e);
445 skey[0] = sk.n;
446 skey[1] = sk.e;
447 skey[2] = sk.d;
448 skey[3] = sk.p;
449 skey[4] = sk.q;
450 skey[5] = sk.u;
451
452 /* make an empty list of factors */
453 *retfactors = gcry_xcalloc( 1, sizeof **retfactors );
454
455 return GPG_ERR_NO_ERROR;
456}
457
458
459gcry_err_code_t
460_gcry_rsa_check_secret_key( int algo, gcry_mpi_t *skey )
461{
462 gcry_err_code_t err = GPG_ERR_NO_ERROR;
463 RSA_secret_key sk;
464
465 sk.n = skey[0];
466 sk.e = skey[1];
467 sk.d = skey[2];
468 sk.p = skey[3];
469 sk.q = skey[4];
470 sk.u = skey[5];
471
472 if (! check_secret_key (&sk))
473 err = GPG_ERR_PUBKEY_ALGO;
474
475 return err;
476}
477
478
479gcry_err_code_t
480_gcry_rsa_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
481 gcry_mpi_t *pkey, int flags)
482{
483 RSA_public_key pk;
484
485 pk.n = pkey[0];
486 pk.e = pkey[1];
487 resarr[0] = mpi_alloc (mpi_get_nlimbs (pk.n));
488 public (resarr[0], data, &pk);
489
490 return GPG_ERR_NO_ERROR;
491}
492
493gcry_err_code_t
494_gcry_rsa_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
495 gcry_mpi_t *skey, int flags)
496{
497 RSA_secret_key sk;
498 gcry_mpi_t r = MPI_NULL; /* Random number needed for blinding. */
499 gcry_mpi_t ri = MPI_NULL; /* Modular multiplicative inverse of
500 r. */
501 gcry_mpi_t x = MPI_NULL; /* Data to decrypt. */
502 gcry_mpi_t y; /* Result. */
503
504 /* Extract private key. */
505 sk.n = skey[0];
506 sk.e = skey[1];
507 sk.d = skey[2];
508 sk.p = skey[3];
509 sk.q = skey[4];
510 sk.u = skey[5];
511
512 y = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
513
514 if (! (flags & PUBKEY_FLAG_NO_BLINDING))
515 {
516 /* Initialize blinding. */
517
518 /* First, we need a random number r between 0 and n - 1, which
519 is relatively prime to n (i.e. it is neither p nor q). */
520 r = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
521 ri = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
522
523 gcry_mpi_randomize (r, gcry_mpi_get_nbits (sk.n),
524 GCRY_STRONG_RANDOM);
525 gcry_mpi_mod (r, r, sk.n);
526
527 /* Actually it should be okay to skip the check for equality
528 with either p or q here. */
529
530 /* Calculate inverse of r. */
531 if (! gcry_mpi_invm (ri, r, sk.n))
532 BUG ();
533 }
534
535 if (! (flags & PUBKEY_FLAG_NO_BLINDING))
536 x = rsa_blind (data[0], r, sk.e, sk.n);
537 else
538 x = data[0];
539
540 /* Do the encryption. */
541 secret (y, x, &sk);
542
543 if (! (flags & PUBKEY_FLAG_NO_BLINDING))
544 {
545 /* Undo blinding. */
546 gcry_mpi_t a = gcry_mpi_copy (y);
547
548 gcry_mpi_release (y);
549 y = rsa_unblind (a, ri, sk.n);
550
551 gcry_mpi_release (a);
552 }
553
554 if (! (flags & PUBKEY_FLAG_NO_BLINDING))
555 {
556 /* Deallocate resources needed for blinding. */
557 gcry_mpi_release (x);
558 gcry_mpi_release (r);
559 gcry_mpi_release (ri);
560 }
561
562 /* Copy out result. */
563 *result = y;
564
565 return GPG_ERR_NO_ERROR;
566}
567
568gcry_err_code_t
569_gcry_rsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
570{
571 RSA_secret_key sk;
572
573 sk.n = skey[0];
574 sk.e = skey[1];
575 sk.d = skey[2];
576 sk.p = skey[3];
577 sk.q = skey[4];
578 sk.u = skey[5];
579 resarr[0] = mpi_alloc( mpi_get_nlimbs (sk.n));
580 secret (resarr[0], data, &sk);
581
582 return GPG_ERR_NO_ERROR;
583}
584
585gcry_err_code_t
586_gcry_rsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
587 int (*cmp) (void *opaque, gcry_mpi_t tmp),
588 void *opaquev)
589{
590 RSA_public_key pk;
591 gcry_mpi_t result;
592 gcry_err_code_t rc;
593
594 pk.n = pkey[0];
595 pk.e = pkey[1];
596 result = gcry_mpi_new ( 160 );
597 public( result, data[0], &pk );
598 /*rc = (*cmp)( opaquev, result );*/
599 rc = mpi_cmp (result, hash) ? GPG_ERR_BAD_SIGNATURE : GPG_ERR_NO_ERROR;
600 gcry_mpi_release (result);
601
602 return rc;
603}
604
605
606unsigned int
607_gcry_rsa_get_nbits (int algo, gcry_mpi_t *pkey)
608{
609 return mpi_get_nbits (pkey[0]);
610}
611
612static char *rsa_names[] =
613 {
614 "rsa",
615 "openpgp-rsa",
616 "oid.1.2.840.113549.1.1.1",
617 NULL,
618 };
619
620gcry_pk_spec_t _gcry_pubkey_spec_rsa =
621 {
622 "RSA", rsa_names,
623 "ne", "nedpqu", "a", "s", "n",
624 GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR,
625 _gcry_rsa_generate,
626 _gcry_rsa_check_secret_key,
627 _gcry_rsa_encrypt,
628 _gcry_rsa_decrypt,
629 _gcry_rsa_sign,
630 _gcry_rsa_verify,
631 _gcry_rsa_get_nbits,
632 };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/serpent.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/serpent.c
new file mode 100755
index 0000000..7a9d3c1
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/serpent.c
@@ -0,0 +1,978 @@
1/* serpent.c - Implementation of the Serpent encryption algorithm.
2 * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
19 * 02111-1307, USA.
20 */
21
22#include <config.h>
23
24#include <string.h>
25#include <stdio.h>
26
27#include "types.h"
28#include "g10lib.h"
29#include "cipher.h"
30#include "bithelp.h"
31
32/* Number of rounds per Serpent encrypt/decrypt operation. */
33#define ROUNDS 32
34
35/* Magic number, used during generating of the subkeys. */
36#define PHI 0x9E3779B9
37
38/* Serpent works on 128 bit blocks. */
39typedef u32 serpent_block_t[4];
40
41/* Serpent key, provided by the user. If the original key is shorter
42 than 256 bits, it is padded. */
43typedef u32 serpent_key_t[8];
44
45/* The key schedule consists of 33 128 bit subkeys. */
46typedef u32 serpent_subkeys_t[ROUNDS + 1][4];
47
48/* A Serpent context. */
49typedef struct serpent_context
50{
51 serpent_subkeys_t keys; /* Generated subkeys. */
52} serpent_context_t;
53
54
55/* A prototype. */
56static const char *serpent_test (void);
57
58
59#define byte_swap_32(x) \
60 (0 \
61 | (((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) \
62 | (((x) & 0x0000ff00) << 8) | (((x) & 0x000000ff) << 24));
63
64/* These are the S-Boxes of Serpent. They are copied from Serpents
65 reference implementation (the optimized one, contained in
66 `floppy2') and are therefore:
67
68 Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen.
69
70 To quote the Serpent homepage
71 (http://www.cl.cam.ac.uk/~rja14/serpent.html):
72
73 "Serpent is now completely in the public domain, and we impose no
74 restrictions on its use. This was announced on the 21st August at
75 the First AES Candidate Conference. The optimised implementations
76 in the submission package are now under the GNU PUBLIC LICENSE
77 (GPL), although some comments in the code still say otherwise. You
78 are welcome to use Serpent for any application." */
79
80#define SBOX0(a, b, c, d, w, x, y, z) \
81 { \
82 u32 t02, t03, t05, t06, t07, t08, t09; \
83 u32 t11, t12, t13, t14, t15, t17, t01; \
84 t01 = b ^ c ; \
85 t02 = a | d ; \
86 t03 = a ^ b ; \
87 z = t02 ^ t01; \
88 t05 = c | z ; \
89 t06 = a ^ d ; \
90 t07 = b | c ; \
91 t08 = d & t05; \
92 t09 = t03 & t07; \
93 y = t09 ^ t08; \
94 t11 = t09 & y ; \
95 t12 = c ^ d ; \
96 t13 = t07 ^ t11; \
97 t14 = b & t06; \
98 t15 = t06 ^ t13; \
99 w = ~ t15; \
100 t17 = w ^ t14; \
101 x = t12 ^ t17; \
102 }
103
104#define SBOX0_INVERSE(a, b, c, d, w, x, y, z) \
105 { \
106 u32 t02, t03, t04, t05, t06, t08, t09, t10; \
107 u32 t12, t13, t14, t15, t17, t18, t01; \
108 t01 = c ^ d ; \
109 t02 = a | b ; \
110 t03 = b | c ; \
111 t04 = c & t01; \
112 t05 = t02 ^ t01; \
113 t06 = a | t04; \
114 y = ~ t05; \
115 t08 = b ^ d ; \
116 t09 = t03 & t08; \
117 t10 = d | y ; \
118 x = t09 ^ t06; \
119 t12 = a | t05; \
120 t13 = x ^ t12; \
121 t14 = t03 ^ t10; \
122 t15 = a ^ c ; \
123 z = t14 ^ t13; \
124 t17 = t05 & t13; \
125 t18 = t14 | t17; \
126 w = t15 ^ t18; \
127 }
128
129#define SBOX1(a, b, c, d, w, x, y, z) \
130 { \
131 u32 t02, t03, t04, t05, t06, t07, t08; \
132 u32 t10, t11, t12, t13, t16, t17, t01; \
133 t01 = a | d ; \
134 t02 = c ^ d ; \
135 t03 = ~ b ; \
136 t04 = a ^ c ; \
137 t05 = a | t03; \
138 t06 = d & t04; \
139 t07 = t01 & t02; \
140 t08 = b | t06; \
141 y = t02 ^ t05; \
142 t10 = t07 ^ t08; \
143 t11 = t01 ^ t10; \
144 t12 = y ^ t11; \
145 t13 = b & d ; \
146 z = ~ t10; \
147 x = t13 ^ t12; \
148 t16 = t10 | x ; \
149 t17 = t05 & t16; \
150 w = c ^ t17; \
151 }
152
153#define SBOX1_INVERSE(a, b, c, d, w, x, y, z) \
154 { \
155 u32 t02, t03, t04, t05, t06, t07, t08; \
156 u32 t09, t10, t11, t14, t15, t17, t01; \
157 t01 = a ^ b ; \
158 t02 = b | d ; \
159 t03 = a & c ; \
160 t04 = c ^ t02; \
161 t05 = a | t04; \
162 t06 = t01 & t05; \
163 t07 = d | t03; \
164 t08 = b ^ t06; \
165 t09 = t07 ^ t06; \
166 t10 = t04 | t03; \
167 t11 = d & t08; \
168 y = ~ t09; \
169 x = t10 ^ t11; \
170 t14 = a | y ; \
171 t15 = t06 ^ x ; \
172 z = t01 ^ t04; \
173 t17 = c ^ t15; \
174 w = t14 ^ t17; \
175 }
176
177#define SBOX2(a, b, c, d, w, x, y, z) \
178 { \
179 u32 t02, t03, t05, t06, t07, t08; \
180 u32 t09, t10, t12, t13, t14, t01; \
181 t01 = a | c ; \
182 t02 = a ^ b ; \
183 t03 = d ^ t01; \
184 w = t02 ^ t03; \
185 t05 = c ^ w ; \
186 t06 = b ^ t05; \
187 t07 = b | t05; \
188 t08 = t01 & t06; \
189 t09 = t03 ^ t07; \
190 t10 = t02 | t09; \
191 x = t10 ^ t08; \
192 t12 = a | d ; \
193 t13 = t09 ^ x ; \
194 t14 = b ^ t13; \
195 z = ~ t09; \
196 y = t12 ^ t14; \
197 }
198
199#define SBOX2_INVERSE(a, b, c, d, w, x, y, z) \
200 { \
201 u32 t02, t03, t04, t06, t07, t08, t09; \
202 u32 t10, t11, t12, t15, t16, t17, t01; \
203 t01 = a ^ d ; \
204 t02 = c ^ d ; \
205 t03 = a & c ; \
206 t04 = b | t02; \
207 w = t01 ^ t04; \
208 t06 = a | c ; \
209 t07 = d | w ; \
210 t08 = ~ d ; \
211 t09 = b & t06; \
212 t10 = t08 | t03; \
213 t11 = b & t07; \
214 t12 = t06 & t02; \
215 z = t09 ^ t10; \
216 x = t12 ^ t11; \
217 t15 = c & z ; \
218 t16 = w ^ x ; \
219 t17 = t10 ^ t15; \
220 y = t16 ^ t17; \
221 }
222
223#define SBOX3(a, b, c, d, w, x, y, z) \
224 { \
225 u32 t02, t03, t04, t05, t06, t07, t08; \
226 u32 t09, t10, t11, t13, t14, t15, t01; \
227 t01 = a ^ c ; \
228 t02 = a | d ; \
229 t03 = a & d ; \
230 t04 = t01 & t02; \
231 t05 = b | t03; \
232 t06 = a & b ; \
233 t07 = d ^ t04; \
234 t08 = c | t06; \
235 t09 = b ^ t07; \
236 t10 = d & t05; \
237 t11 = t02 ^ t10; \
238 z = t08 ^ t09; \
239 t13 = d | z ; \
240 t14 = a | t07; \
241 t15 = b & t13; \
242 y = t08 ^ t11; \
243 w = t14 ^ t15; \
244 x = t05 ^ t04; \
245 }
246
247#define SBOX3_INVERSE(a, b, c, d, w, x, y, z) \
248 { \
249 u32 t02, t03, t04, t05, t06, t07, t09; \
250 u32 t11, t12, t13, t14, t16, t01; \
251 t01 = c | d ; \
252 t02 = a | d ; \
253 t03 = c ^ t02; \
254 t04 = b ^ t02; \
255 t05 = a ^ d ; \
256 t06 = t04 & t03; \
257 t07 = b & t01; \
258 y = t05 ^ t06; \
259 t09 = a ^ t03; \
260 w = t07 ^ t03; \
261 t11 = w | t05; \
262 t12 = t09 & t11; \
263 t13 = a & y ; \
264 t14 = t01 ^ t05; \
265 x = b ^ t12; \
266 t16 = b | t13; \
267 z = t14 ^ t16; \
268 }
269
270#define SBOX4(a, b, c, d, w, x, y, z) \
271 { \
272 u32 t02, t03, t04, t05, t06, t08, t09; \
273 u32 t10, t11, t12, t13, t14, t15, t16, t01; \
274 t01 = a | b ; \
275 t02 = b | c ; \
276 t03 = a ^ t02; \
277 t04 = b ^ d ; \
278 t05 = d | t03; \
279 t06 = d & t01; \
280 z = t03 ^ t06; \
281 t08 = z & t04; \
282 t09 = t04 & t05; \
283 t10 = c ^ t06; \
284 t11 = b & c ; \
285 t12 = t04 ^ t08; \
286 t13 = t11 | t03; \
287 t14 = t10 ^ t09; \
288 t15 = a & t05; \
289 t16 = t11 | t12; \
290 y = t13 ^ t08; \
291 x = t15 ^ t16; \
292 w = ~ t14; \
293 }
294
295#define SBOX4_INVERSE(a, b, c, d, w, x, y, z) \
296 { \
297 u32 t02, t03, t04, t05, t06, t07, t09; \
298 u32 t10, t11, t12, t13, t15, t01; \
299 t01 = b | d ; \
300 t02 = c | d ; \
301 t03 = a & t01; \
302 t04 = b ^ t02; \
303 t05 = c ^ d ; \
304 t06 = ~ t03; \
305 t07 = a & t04; \
306 x = t05 ^ t07; \
307 t09 = x | t06; \
308 t10 = a ^ t07; \
309 t11 = t01 ^ t09; \
310 t12 = d ^ t04; \
311 t13 = c | t10; \
312 z = t03 ^ t12; \
313 t15 = a ^ t04; \
314 y = t11 ^ t13; \
315 w = t15 ^ t09; \
316 }
317
318#define SBOX5(a, b, c, d, w, x, y, z) \
319 { \
320 u32 t02, t03, t04, t05, t07, t08, t09; \
321 u32 t10, t11, t12, t13, t14, t01; \
322 t01 = b ^ d ; \
323 t02 = b | d ; \
324 t03 = a & t01; \
325 t04 = c ^ t02; \
326 t05 = t03 ^ t04; \
327 w = ~ t05; \
328 t07 = a ^ t01; \
329 t08 = d | w ; \
330 t09 = b | t05; \
331 t10 = d ^ t08; \
332 t11 = b | t07; \
333 t12 = t03 | w ; \
334 t13 = t07 | t10; \
335 t14 = t01 ^ t11; \
336 y = t09 ^ t13; \
337 x = t07 ^ t08; \
338 z = t12 ^ t14; \
339 }
340
341#define SBOX5_INVERSE(a, b, c, d, w, x, y, z) \
342 { \
343 u32 t02, t03, t04, t05, t07, t08, t09; \
344 u32 t10, t12, t13, t15, t16, t01; \
345 t01 = a & d ; \
346 t02 = c ^ t01; \
347 t03 = a ^ d ; \
348 t04 = b & t02; \
349 t05 = a & c ; \
350 w = t03 ^ t04; \
351 t07 = a & w ; \
352 t08 = t01 ^ w ; \
353 t09 = b | t05; \
354 t10 = ~ b ; \
355 x = t08 ^ t09; \
356 t12 = t10 | t07; \
357 t13 = w | x ; \
358 z = t02 ^ t12; \
359 t15 = t02 ^ t13; \
360 t16 = b ^ d ; \
361 y = t16 ^ t15; \
362 }
363
364#define SBOX6(a, b, c, d, w, x, y, z) \
365 { \
366 u32 t02, t03, t04, t05, t07, t08, t09, t10; \
367 u32 t11, t12, t13, t15, t17, t18, t01; \
368 t01 = a & d ; \
369 t02 = b ^ c ; \
370 t03 = a ^ d ; \
371 t04 = t01 ^ t02; \
372 t05 = b | c ; \
373 x = ~ t04; \
374 t07 = t03 & t05; \
375 t08 = b & x ; \
376 t09 = a | c ; \
377 t10 = t07 ^ t08; \
378 t11 = b | d ; \
379 t12 = c ^ t11; \
380 t13 = t09 ^ t10; \
381 y = ~ t13; \
382 t15 = x & t03; \
383 z = t12 ^ t07; \
384 t17 = a ^ b ; \
385 t18 = y ^ t15; \
386 w = t17 ^ t18; \
387 }
388
389#define SBOX6_INVERSE(a, b, c, d, w, x, y, z) \
390 { \
391 u32 t02, t03, t04, t05, t06, t07, t08, t09; \
392 u32 t12, t13, t14, t15, t16, t17, t01; \
393 t01 = a ^ c ; \
394 t02 = ~ c ; \
395 t03 = b & t01; \
396 t04 = b | t02; \
397 t05 = d | t03; \
398 t06 = b ^ d ; \
399 t07 = a & t04; \
400 t08 = a | t02; \
401 t09 = t07 ^ t05; \
402 x = t06 ^ t08; \
403 w = ~ t09; \
404 t12 = b & w ; \
405 t13 = t01 & t05; \
406 t14 = t01 ^ t12; \
407 t15 = t07 ^ t13; \
408 t16 = d | t02; \
409 t17 = a ^ x ; \
410 z = t17 ^ t15; \
411 y = t16 ^ t14; \
412 }
413
414#define SBOX7(a, b, c, d, w, x, y, z) \
415 { \
416 u32 t02, t03, t04, t05, t06, t08, t09, t10; \
417 u32 t11, t13, t14, t15, t16, t17, t01; \
418 t01 = a & c ; \
419 t02 = ~ d ; \
420 t03 = a & t02; \
421 t04 = b | t01; \
422 t05 = a & b ; \
423 t06 = c ^ t04; \
424 z = t03 ^ t06; \
425 t08 = c | z ; \
426 t09 = d | t05; \
427 t10 = a ^ t08; \
428 t11 = t04 & z ; \
429 x = t09 ^ t10; \
430 t13 = b ^ x ; \
431 t14 = t01 ^ x ; \
432 t15 = c ^ t05; \
433 t16 = t11 | t13; \
434 t17 = t02 | t14; \
435 w = t15 ^ t17; \
436 y = a ^ t16; \
437 }
438
439#define SBOX7_INVERSE(a, b, c, d, w, x, y, z) \
440 { \
441 u32 t02, t03, t04, t06, t07, t08, t09; \
442 u32 t10, t11, t13, t14, t15, t16, t01; \
443 t01 = a & b ; \
444 t02 = a | b ; \
445 t03 = c | t01; \
446 t04 = d & t02; \
447 z = t03 ^ t04; \
448 t06 = b ^ t04; \
449 t07 = d ^ z ; \
450 t08 = ~ t07; \
451 t09 = t06 | t08; \
452 t10 = b ^ d ; \
453 t11 = a | d ; \
454 x = a ^ t09; \
455 t13 = c ^ t06; \
456 t14 = c & t11; \
457 t15 = d | x ; \
458 t16 = t01 | t10; \
459 w = t13 ^ t15; \
460 y = t14 ^ t16; \
461 }
462
463/* XOR BLOCK1 into BLOCK0. */
464#define BLOCK_XOR(block0, block1) \
465 { \
466 block0[0] ^= block1[0]; \
467 block0[1] ^= block1[1]; \
468 block0[2] ^= block1[2]; \
469 block0[3] ^= block1[3]; \
470 }
471
472/* Copy BLOCK_SRC to BLOCK_DST. */
473#define BLOCK_COPY(block_dst, block_src) \
474 { \
475 block_dst[0] = block_src[0]; \
476 block_dst[1] = block_src[1]; \
477 block_dst[2] = block_src[2]; \
478 block_dst[3] = block_src[3]; \
479 }
480
481/* Apply SBOX number WHICH to to the block found in ARRAY0 at index
482 INDEX, writing the output to the block found in ARRAY1 at index
483 INDEX. */
484#define SBOX(which, array0, array1, index) \
485 SBOX##which (array0[index + 0], array0[index + 1], \
486 array0[index + 2], array0[index + 3], \
487 array1[index + 0], array1[index + 1], \
488 array1[index + 2], array1[index + 3]);
489
490/* Apply inverse SBOX number WHICH to to the block found in ARRAY0 at
491 index INDEX, writing the output to the block found in ARRAY1 at
492 index INDEX. */
493#define SBOX_INVERSE(which, array0, array1, index) \
494 SBOX##which##_INVERSE (array0[index + 0], array0[index + 1], \
495 array0[index + 2], array0[index + 3], \
496 array1[index + 0], array1[index + 1], \
497 array1[index + 2], array1[index + 3]);
498
499/* Apply the linear transformation to BLOCK. */
500#define LINEAR_TRANSFORMATION(block) \
501 { \
502 block[0] = rol (block[0], 13); \
503 block[2] = rol (block[2], 3); \
504 block[1] = block[1] ^ block[0] ^ block[2]; \
505 block[3] = block[3] ^ block[2] ^ (block[0] << 3); \
506 block[1] = rol (block[1], 1); \
507 block[3] = rol (block[3], 7); \
508 block[0] = block[0] ^ block[1] ^ block[3]; \
509 block[2] = block[2] ^ block[3] ^ (block[1] << 7); \
510 block[0] = rol (block[0], 5); \
511 block[2] = rol (block[2], 22); \
512 }
513
514/* Apply the inverse linear transformation to BLOCK. */
515#define LINEAR_TRANSFORMATION_INVERSE(block) \
516 { \
517 block[2] = ror (block[2], 22); \
518 block[0] = ror (block[0] , 5); \
519 block[2] = block[2] ^ block[3] ^ (block[1] << 7); \
520 block[0] = block[0] ^ block[1] ^ block[3]; \
521 block[3] = ror (block[3], 7); \
522 block[1] = ror (block[1], 1); \
523 block[3] = block[3] ^ block[2] ^ (block[0] << 3); \
524 block[1] = block[1] ^ block[0] ^ block[2]; \
525 block[2] = ror (block[2], 3); \
526 block[0] = ror (block[0], 13); \
527 }
528
529/* Apply a Serpent round to BLOCK, using the SBOX number WHICH and the
530 subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary storage.
531 This macro increments `round'. */
532#define ROUND(which, subkeys, block, block_tmp) \
533 { \
534 BLOCK_XOR (block, subkeys[round]); \
535 round++; \
536 SBOX (which, block, block_tmp, 0); \
537 LINEAR_TRANSFORMATION (block_tmp); \
538 BLOCK_COPY (block, block_tmp); \
539 }
540
541/* Apply the last Serpent round to BLOCK, using the SBOX number WHICH
542 and the subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary
543 storage. The result will be stored in BLOCK_TMP. This macro
544 increments `round'. */
545#define ROUND_LAST(which, subkeys, block, block_tmp) \
546 { \
547 BLOCK_XOR (block, subkeys[round]); \
548 round++; \
549 SBOX (which, block, block_tmp, 0); \
550 BLOCK_XOR (block_tmp, subkeys[round]); \
551 round++; \
552 }
553
554/* Apply an inverse Serpent round to BLOCK, using the SBOX number
555 WHICH and the subkeys contained in SUBKEYS. Use BLOCK_TMP as
556 temporary storage. This macro increments `round'. */
557#define ROUND_INVERSE(which, subkey, block, block_tmp) \
558 { \
559 LINEAR_TRANSFORMATION_INVERSE (block); \
560 SBOX_INVERSE (which, block, block_tmp, 0); \
561 BLOCK_XOR (block_tmp, subkey[round]); \
562 round--; \
563 BLOCK_COPY (block, block_tmp); \
564 }
565
566/* Apply the first Serpent round to BLOCK, using the SBOX number WHICH
567 and the subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary
568 storage. The result will be stored in BLOCK_TMP. This macro
569 increments `round'. */
570#define ROUND_FIRST_INVERSE(which, subkeys, block, block_tmp) \
571 { \
572 BLOCK_XOR (block, subkeys[round]); \
573 round--; \
574 SBOX_INVERSE (which, block, block_tmp, 0); \
575 BLOCK_XOR (block_tmp, subkeys[round]); \
576 round--; \
577 }
578
579/* Convert the user provided key KEY of KEY_LENGTH bytes into the
580 internally used format. */
581static void
582serpent_key_prepare (const byte *key, unsigned int key_length,
583 serpent_key_t key_prepared)
584{
585 int i;
586
587 /* Copy key. */
588 for (i = 0; i < key_length / 4; i++)
589 {
590#ifdef WORDS_BIGENDIAN
591 key_prepared[i] = byte_swap_32 (((u32 *) key)[i]);
592#else
593 key_prepared[i] = ((u32 *) key)[i];
594#endif
595 }
596
597 if (i < 8)
598 {
599 /* Key must be padded according to the Serpent
600 specification. */
601 key_prepared[i] = 0x00000001;
602
603 for (i++; i < 8; i++)
604 key_prepared[i] = 0;
605 }
606}
607
608/* Derive the 33 subkeys from KEY and store them in SUBKEYS. */
609static void
610serpent_subkeys_generate (serpent_key_t key, serpent_subkeys_t subkeys)
611{
612 u32 w_real[140]; /* The `prekey'. */
613 u32 k[132];
614 u32 *w = &w_real[8];
615 int i, j;
616
617 /* Initialize with key values. */
618 for (i = 0; i < 8; i++)
619 w[i - 8] = key[i];
620
621 /* Expand to intermediate key using the affine recurrence. */
622 for (i = 0; i < 132; i++)
623 w[i] = rol (w[i - 8] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ i, 11);
624
625 /* Calculate subkeys via S-Boxes, in bitslice mode. */
626 SBOX (3, w, k, 0);
627 SBOX (2, w, k, 4);
628 SBOX (1, w, k, 8);
629 SBOX (0, w, k, 12);
630 SBOX (7, w, k, 16);
631 SBOX (6, w, k, 20);
632 SBOX (5, w, k, 24);
633 SBOX (4, w, k, 28);
634 SBOX (3, w, k, 32);
635 SBOX (2, w, k, 36);
636 SBOX (1, w, k, 40);
637 SBOX (0, w, k, 44);
638 SBOX (7, w, k, 48);
639 SBOX (6, w, k, 52);
640 SBOX (5, w, k, 56);
641 SBOX (4, w, k, 60);
642 SBOX (3, w, k, 64);
643 SBOX (2, w, k, 68);
644 SBOX (1, w, k, 72);
645 SBOX (0, w, k, 76);
646 SBOX (7, w, k, 80);
647 SBOX (6, w, k, 84);
648 SBOX (5, w, k, 88);
649 SBOX (4, w, k, 92);
650 SBOX (3, w, k, 96);
651 SBOX (2, w, k, 100);
652 SBOX (1, w, k, 104);
653 SBOX (0, w, k, 108);
654 SBOX (7, w, k, 112);
655 SBOX (6, w, k, 116);
656 SBOX (5, w, k, 120);
657 SBOX (4, w, k, 124);
658 SBOX (3, w, k, 128);
659
660 /* Renumber subkeys. */
661 for (i = 0; i < ROUNDS + 1; i++)
662 for (j = 0; j < 4; j++)
663 subkeys[i][j] = k[4 * i + j];
664}
665
666/* Initialize CONTEXT with the key KEY of KEY_LENGTH bits. */
667static void
668serpent_setkey_internal (serpent_context_t *context,
669 const byte *key, unsigned int key_length)
670{
671 serpent_key_t key_prepared;
672
673 serpent_key_prepare (key, key_length, key_prepared);
674 serpent_subkeys_generate (key_prepared, context->keys);
675 _gcry_burn_stack (272 * sizeof (u32));
676}
677
678/* Initialize CTX with the key KEY of KEY_LENGTH bytes. */
679static gcry_err_code_t
680serpent_setkey (void *ctx,
681 const byte *key, unsigned int key_length)
682{
683 serpent_context_t *context = ctx;
684 static const char *serpent_test_ret;
685 static int serpent_init_done;
686 gcry_err_code_t ret = GPG_ERR_NO_ERROR;
687
688 if (! serpent_init_done)
689 {
690 /* Execute a self-test the first time, Serpent is used. */
691 serpent_test_ret = serpent_test ();
692 if (serpent_test_ret)
693 log_error ("Serpent test failure: %s\n", serpent_test_ret);
694 serpent_init_done = 1;
695 }
696
697 if (serpent_test_ret)
698 ret = GPG_ERR_SELFTEST_FAILED;
699 else
700 {
701 serpent_setkey_internal (context, key, key_length);
702 _gcry_burn_stack (sizeof (serpent_key_t));
703 }
704
705 return ret;
706}
707
708static void
709serpent_encrypt_internal (serpent_context_t *context,
710 const serpent_block_t input, serpent_block_t output)
711{
712 serpent_block_t b, b_next;
713 int round = 0;
714
715#ifdef WORDS_BIGENDIAN
716 b[0] = byte_swap_32 (input[0]);
717 b[1] = byte_swap_32 (input[1]);
718 b[2] = byte_swap_32 (input[2]);
719 b[3] = byte_swap_32 (input[3]);
720#else
721 b[0] = input[0];
722 b[1] = input[1];
723 b[2] = input[2];
724 b[3] = input[3];
725#endif
726
727 ROUND (0, context->keys, b, b_next);
728 ROUND (1, context->keys, b, b_next);
729 ROUND (2, context->keys, b, b_next);
730 ROUND (3, context->keys, b, b_next);
731 ROUND (4, context->keys, b, b_next);
732 ROUND (5, context->keys, b, b_next);
733 ROUND (6, context->keys, b, b_next);
734 ROUND (7, context->keys, b, b_next);
735 ROUND (0, context->keys, b, b_next);
736 ROUND (1, context->keys, b, b_next);
737 ROUND (2, context->keys, b, b_next);
738 ROUND (3, context->keys, b, b_next);
739 ROUND (4, context->keys, b, b_next);
740 ROUND (5, context->keys, b, b_next);
741 ROUND (6, context->keys, b, b_next);
742 ROUND (7, context->keys, b, b_next);
743 ROUND (0, context->keys, b, b_next);
744 ROUND (1, context->keys, b, b_next);
745 ROUND (2, context->keys, b, b_next);
746 ROUND (3, context->keys, b, b_next);
747 ROUND (4, context->keys, b, b_next);
748 ROUND (5, context->keys, b, b_next);
749 ROUND (6, context->keys, b, b_next);
750 ROUND (7, context->keys, b, b_next);
751 ROUND (0, context->keys, b, b_next);
752 ROUND (1, context->keys, b, b_next);
753 ROUND (2, context->keys, b, b_next);
754 ROUND (3, context->keys, b, b_next);
755 ROUND (4, context->keys, b, b_next);
756 ROUND (5, context->keys, b, b_next);
757 ROUND (6, context->keys, b, b_next);
758
759 ROUND_LAST (7, context->keys, b, b_next);
760
761#ifdef WORDS_BIGENDIAN
762 output[0] = byte_swap_32 (b_next[0]);
763 output[1] = byte_swap_32 (b_next[1]);
764 output[2] = byte_swap_32 (b_next[2]);
765 output[3] = byte_swap_32 (b_next[3]);
766#else
767 output[0] = b_next[0];
768 output[1] = b_next[1];
769 output[2] = b_next[2];
770 output[3] = b_next[3];
771#endif
772}
773
774static void
775serpent_decrypt_internal (serpent_context_t *context,
776 const serpent_block_t input, serpent_block_t output)
777{
778 serpent_block_t b, b_next;
779 int round = ROUNDS;
780
781#ifdef WORDS_BIGENDIAN
782 b_next[0] = byte_swap_32 (input[0]);
783 b_next[1] = byte_swap_32 (input[1]);
784 b_next[2] = byte_swap_32 (input[2]);
785 b_next[3] = byte_swap_32 (input[3]);
786#else
787 b_next[0] = input[0];
788 b_next[1] = input[1];
789 b_next[2] = input[2];
790 b_next[3] = input[3];
791#endif
792
793 ROUND_FIRST_INVERSE (7, context->keys, b_next, b);
794
795 ROUND_INVERSE (6, context->keys, b, b_next);
796 ROUND_INVERSE (5, context->keys, b, b_next);
797 ROUND_INVERSE (4, context->keys, b, b_next);
798 ROUND_INVERSE (3, context->keys, b, b_next);
799 ROUND_INVERSE (2, context->keys, b, b_next);
800 ROUND_INVERSE (1, context->keys, b, b_next);
801 ROUND_INVERSE (0, context->keys, b, b_next);
802 ROUND_INVERSE (7, context->keys, b, b_next);
803 ROUND_INVERSE (6, context->keys, b, b_next);
804 ROUND_INVERSE (5, context->keys, b, b_next);
805 ROUND_INVERSE (4, context->keys, b, b_next);
806 ROUND_INVERSE (3, context->keys, b, b_next);
807 ROUND_INVERSE (2, context->keys, b, b_next);
808 ROUND_INVERSE (1, context->keys, b, b_next);
809 ROUND_INVERSE (0, context->keys, b, b_next);
810 ROUND_INVERSE (7, context->keys, b, b_next);
811 ROUND_INVERSE (6, context->keys, b, b_next);
812 ROUND_INVERSE (5, context->keys, b, b_next);
813 ROUND_INVERSE (4, context->keys, b, b_next);
814 ROUND_INVERSE (3, context->keys, b, b_next);
815 ROUND_INVERSE (2, context->keys, b, b_next);
816 ROUND_INVERSE (1, context->keys, b, b_next);
817 ROUND_INVERSE (0, context->keys, b, b_next);
818 ROUND_INVERSE (7, context->keys, b, b_next);
819 ROUND_INVERSE (6, context->keys, b, b_next);
820 ROUND_INVERSE (5, context->keys, b, b_next);
821 ROUND_INVERSE (4, context->keys, b, b_next);
822 ROUND_INVERSE (3, context->keys, b, b_next);
823 ROUND_INVERSE (2, context->keys, b, b_next);
824 ROUND_INVERSE (1, context->keys, b, b_next);
825 ROUND_INVERSE (0, context->keys, b, b_next);
826
827
828#ifdef WORDS_BIGENDIAN
829 output[0] = byte_swap_32 (b_next[0]);
830 output[1] = byte_swap_32 (b_next[1]);
831 output[2] = byte_swap_32 (b_next[2]);
832 output[3] = byte_swap_32 (b_next[3]);
833#else
834 output[0] = b_next[0];
835 output[1] = b_next[1];
836 output[2] = b_next[2];
837 output[3] = b_next[3];
838#endif
839}
840
841static void
842serpent_encrypt (void *ctx, byte *buffer_out, const byte *buffer_in)
843{
844 serpent_context_t *context = ctx;
845
846 serpent_encrypt_internal (context,
847 (const u32 *) buffer_in, (u32 *) buffer_out);
848 _gcry_burn_stack (2 * sizeof (serpent_block_t));
849}
850
851static void
852serpent_decrypt (void *ctx, byte *buffer_out, const byte *buffer_in)
853{
854 serpent_context_t *context = ctx;
855
856 serpent_decrypt_internal (context,
857 (const u32 *) buffer_in,
858 (u32 *) buffer_out);
859 _gcry_burn_stack (2 * sizeof (serpent_block_t));
860}
861
862
863
864/* Serpent test. */
865
866static const char *
867serpent_test (void)
868{
869 serpent_context_t context;
870 unsigned char scratch[16];
871 unsigned int i;
872
873 static struct test
874 {
875 int key_length;
876 unsigned char key[32];
877 unsigned char text_plain[16];
878 unsigned char text_cipher[16];
879 } test_data[] =
880 {
881 {
882 16,
883 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
884 "\xD2\x9D\x57\x6F\xCE\xA3\xA3\xA7\xED\x90\x99\xF2\x92\x73\xD7\x8E",
885 "\xB2\x28\x8B\x96\x8A\xE8\xB0\x86\x48\xD1\xCE\x96\x06\xFD\x99\x2D"
886 },
887 {
888 24,
889 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
890 "\x00\x00\x00\x00\x00\x00\x00\x00",
891 "\xD2\x9D\x57\x6F\xCE\xAB\xA3\xA7\xED\x98\x99\xF2\x92\x7B\xD7\x8E",
892 "\x13\x0E\x35\x3E\x10\x37\xC2\x24\x05\xE8\xFA\xEF\xB2\xC3\xC3\xE9"
893 },
894 {
895 32,
896 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
897 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
898 "\xD0\x95\x57\x6F\xCE\xA3\xE3\xA7\xED\x98\xD9\xF2\x90\x73\xD7\x8E",
899 "\xB9\x0E\xE5\x86\x2D\xE6\x91\x68\xF2\xBD\xD5\x12\x5B\x45\x47\x2B"
900 },
901 {
902 32,
903 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
904 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
905 "\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00",
906 "\x20\x61\xA4\x27\x82\xBD\x52\xEC\x69\x1E\xC3\x83\xB0\x3B\xA7\x7C"
907 },
908 {
909 0
910 },
911 };
912
913 for (i = 0; test_data[i].key_length; i++)
914 {
915 serpent_setkey_internal (&context, test_data[i].key,
916 test_data[i].key_length);
917 serpent_encrypt_internal (&context,
918 (const u32 *) test_data[i].text_plain,
919 (u32 *) scratch);
920
921 if (memcmp (scratch, test_data[i].text_cipher, sizeof (serpent_block_t)))
922 switch (test_data[i].key_length)
923 {
924 case 16:
925 return "Serpent-128 test encryption failed.";
926 case 24:
927 return "Serpent-192 test encryption failed.";
928 case 32:
929 return "Serpent-256 test encryption failed.";
930 }
931
932 serpent_decrypt_internal (&context,
933 (const u32 *) test_data[i].text_cipher,
934 (u32 *) scratch);
935 if (memcmp (scratch, test_data[i].text_plain, sizeof (serpent_block_t)))
936 switch (test_data[i].key_length)
937 {
938 case 16:
939 return "Serpent-128 test decryption failed.";
940 case 24:
941 return "Serpent-192 test decryption failed.";
942 case 32:
943 return "Serpent-256 test decryption failed.";
944 }
945 }
946
947 return NULL;
948}
949
950
951
952/* "SERPENT" is an alias for "SERPENT128". */
953static const char *cipher_spec_serpent128_aliases[] =
954 {
955 "SERPENT",
956 NULL,
957 };
958
959gcry_cipher_spec_t _gcry_cipher_spec_serpent128 =
960 {
961 "SERPENT128", cipher_spec_serpent128_aliases, NULL, 16, 128,
962 sizeof (serpent_context_t),
963 serpent_setkey, serpent_encrypt, serpent_decrypt,
964 };
965
966gcry_cipher_spec_t _gcry_cipher_spec_serpent192 =
967 {
968 "SERPENT192", NULL, NULL, 16, 192,
969 sizeof (serpent_context_t),
970 serpent_setkey, serpent_encrypt, serpent_decrypt,
971 };
972
973gcry_cipher_spec_t _gcry_cipher_spec_serpent256 =
974 {
975 "SERPENT256", NULL, NULL, 16, 256,
976 sizeof (serpent_context_t),
977 serpent_setkey, serpent_encrypt, serpent_decrypt,
978 };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha1.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha1.c
new file mode 100755
index 0000000..4fa8a56
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha1.c
@@ -0,0 +1,368 @@
1/* sha1.c - SHA1 hash function
2 * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21
22/* Test vectors:
23 *
24 * "abc"
25 * A999 3E36 4706 816A BA3E 2571 7850 C26C 9CD0 D89D
26 *
27 * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
28 * 8498 3E44 1C3B D26E BAAE 4AA1 F951 29E5 E546 70F1
29 */
30
31
32#include <config.h>
33#include <stdio.h>
34#include <stdlib.h>
35#include <string.h>
36#include <assert.h>
37#include "g10lib.h"
38#include "memory.h"
39#include "bithelp.h"
40#include "cipher.h"
41
42typedef struct {
43 u32 h0,h1,h2,h3,h4;
44 u32 nblocks;
45 byte buf[64];
46 int count;
47} SHA1_CONTEXT;
48
49
50static void
51sha1_init (void *context)
52{
53 SHA1_CONTEXT *hd = context;
54
55 hd->h0 = 0x67452301;
56 hd->h1 = 0xefcdab89;
57 hd->h2 = 0x98badcfe;
58 hd->h3 = 0x10325476;
59 hd->h4 = 0xc3d2e1f0;
60 hd->nblocks = 0;
61 hd->count = 0;
62}
63
64
65/****************
66 * Transform the message X which consists of 16 32-bit-words
67 */
68static void
69transform( SHA1_CONTEXT *hd, byte *data )
70{
71 register u32 a,b,c,d,e,tm;
72 u32 x[16];
73
74 /* Get values from the chaining vars. */
75 a = hd->h0;
76 b = hd->h1;
77 c = hd->h2;
78 d = hd->h3;
79 e = hd->h4;
80
81#ifdef WORDS_BIGENDIAN
82 memcpy( x, data, 64 );
83#else
84 {
85 int i;
86 byte *p2;
87 for(i=0, p2=(byte*)x; i < 16; i++, p2 += 4 )
88 {
89 p2[3] = *data++;
90 p2[2] = *data++;
91 p2[1] = *data++;
92 p2[0] = *data++;
93 }
94 }
95#endif
96
97
98#define K1 0x5A827999L
99#define K2 0x6ED9EBA1L
100#define K3 0x8F1BBCDCL
101#define K4 0xCA62C1D6L
102#define F1(x,y,z) ( z ^ ( x & ( y ^ z ) ) )
103#define F2(x,y,z) ( x ^ y ^ z )
104#define F3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) )
105#define F4(x,y,z) ( x ^ y ^ z )
106
107
108#define M(i) ( tm = x[i&0x0f] ^ x[(i-14)&0x0f] \
109 ^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f] \
110 , (x[i&0x0f] = rol(tm, 1)) )
111
112#define R(a,b,c,d,e,f,k,m) do { e += rol( a, 5 ) \
113 + f( b, c, d ) \
114 + k \
115 + m; \
116 b = rol( b, 30 ); \
117 } while(0)
118 R( a, b, c, d, e, F1, K1, x[ 0] );
119 R( e, a, b, c, d, F1, K1, x[ 1] );
120 R( d, e, a, b, c, F1, K1, x[ 2] );
121 R( c, d, e, a, b, F1, K1, x[ 3] );
122 R( b, c, d, e, a, F1, K1, x[ 4] );
123 R( a, b, c, d, e, F1, K1, x[ 5] );
124 R( e, a, b, c, d, F1, K1, x[ 6] );
125 R( d, e, a, b, c, F1, K1, x[ 7] );
126 R( c, d, e, a, b, F1, K1, x[ 8] );
127 R( b, c, d, e, a, F1, K1, x[ 9] );
128 R( a, b, c, d, e, F1, K1, x[10] );
129 R( e, a, b, c, d, F1, K1, x[11] );
130 R( d, e, a, b, c, F1, K1, x[12] );
131 R( c, d, e, a, b, F1, K1, x[13] );
132 R( b, c, d, e, a, F1, K1, x[14] );
133 R( a, b, c, d, e, F1, K1, x[15] );
134 R( e, a, b, c, d, F1, K1, M(16) );
135 R( d, e, a, b, c, F1, K1, M(17) );
136 R( c, d, e, a, b, F1, K1, M(18) );
137 R( b, c, d, e, a, F1, K1, M(19) );
138 R( a, b, c, d, e, F2, K2, M(20) );
139 R( e, a, b, c, d, F2, K2, M(21) );
140 R( d, e, a, b, c, F2, K2, M(22) );
141 R( c, d, e, a, b, F2, K2, M(23) );
142 R( b, c, d, e, a, F2, K2, M(24) );
143 R( a, b, c, d, e, F2, K2, M(25) );
144 R( e, a, b, c, d, F2, K2, M(26) );
145 R( d, e, a, b, c, F2, K2, M(27) );
146 R( c, d, e, a, b, F2, K2, M(28) );
147 R( b, c, d, e, a, F2, K2, M(29) );
148 R( a, b, c, d, e, F2, K2, M(30) );
149 R( e, a, b, c, d, F2, K2, M(31) );
150 R( d, e, a, b, c, F2, K2, M(32) );
151 R( c, d, e, a, b, F2, K2, M(33) );
152 R( b, c, d, e, a, F2, K2, M(34) );
153 R( a, b, c, d, e, F2, K2, M(35) );
154 R( e, a, b, c, d, F2, K2, M(36) );
155 R( d, e, a, b, c, F2, K2, M(37) );
156 R( c, d, e, a, b, F2, K2, M(38) );
157 R( b, c, d, e, a, F2, K2, M(39) );
158 R( a, b, c, d, e, F3, K3, M(40) );
159 R( e, a, b, c, d, F3, K3, M(41) );
160 R( d, e, a, b, c, F3, K3, M(42) );
161 R( c, d, e, a, b, F3, K3, M(43) );
162 R( b, c, d, e, a, F3, K3, M(44) );
163 R( a, b, c, d, e, F3, K3, M(45) );
164 R( e, a, b, c, d, F3, K3, M(46) );
165 R( d, e, a, b, c, F3, K3, M(47) );
166 R( c, d, e, a, b, F3, K3, M(48) );
167 R( b, c, d, e, a, F3, K3, M(49) );
168 R( a, b, c, d, e, F3, K3, M(50) );
169 R( e, a, b, c, d, F3, K3, M(51) );
170 R( d, e, a, b, c, F3, K3, M(52) );
171 R( c, d, e, a, b, F3, K3, M(53) );
172 R( b, c, d, e, a, F3, K3, M(54) );
173 R( a, b, c, d, e, F3, K3, M(55) );
174 R( e, a, b, c, d, F3, K3, M(56) );
175 R( d, e, a, b, c, F3, K3, M(57) );
176 R( c, d, e, a, b, F3, K3, M(58) );
177 R( b, c, d, e, a, F3, K3, M(59) );
178 R( a, b, c, d, e, F4, K4, M(60) );
179 R( e, a, b, c, d, F4, K4, M(61) );
180 R( d, e, a, b, c, F4, K4, M(62) );
181 R( c, d, e, a, b, F4, K4, M(63) );
182 R( b, c, d, e, a, F4, K4, M(64) );
183 R( a, b, c, d, e, F4, K4, M(65) );
184 R( e, a, b, c, d, F4, K4, M(66) );
185 R( d, e, a, b, c, F4, K4, M(67) );
186 R( c, d, e, a, b, F4, K4, M(68) );
187 R( b, c, d, e, a, F4, K4, M(69) );
188 R( a, b, c, d, e, F4, K4, M(70) );
189 R( e, a, b, c, d, F4, K4, M(71) );
190 R( d, e, a, b, c, F4, K4, M(72) );
191 R( c, d, e, a, b, F4, K4, M(73) );
192 R( b, c, d, e, a, F4, K4, M(74) );
193 R( a, b, c, d, e, F4, K4, M(75) );
194 R( e, a, b, c, d, F4, K4, M(76) );
195 R( d, e, a, b, c, F4, K4, M(77) );
196 R( c, d, e, a, b, F4, K4, M(78) );
197 R( b, c, d, e, a, F4, K4, M(79) );
198
199 /* Update chaining vars. */
200 hd->h0 += a;
201 hd->h1 += b;
202 hd->h2 += c;
203 hd->h3 += d;
204 hd->h4 += e;
205}
206
207
208/* Update the message digest with the contents
209 * of INBUF with length INLEN.
210 */
211static void
212sha1_write( void *context, byte *inbuf, size_t inlen)
213{
214 SHA1_CONTEXT *hd = context;
215
216 if( hd->count == 64 ) /* flush the buffer */
217 {
218 transform( hd, hd->buf );
219 _gcry_burn_stack (88+4*sizeof(void*));
220 hd->count = 0;
221 hd->nblocks++;
222 }
223 if( !inbuf )
224 return;
225
226 if( hd->count )
227 {
228 for( ; inlen && hd->count < 64; inlen-- )
229 hd->buf[hd->count++] = *inbuf++;
230 sha1_write( hd, NULL, 0 );
231 if( !inlen )
232 return;
233 }
234
235 while( inlen >= 64 )
236 {
237 transform( hd, inbuf );
238 hd->count = 0;
239 hd->nblocks++;
240 inlen -= 64;
241 inbuf += 64;
242 }
243 _gcry_burn_stack (88+4*sizeof(void*));
244 for( ; inlen && hd->count < 64; inlen-- )
245 hd->buf[hd->count++] = *inbuf++;
246}
247
248
249/* The routine final terminates the computation and
250 * returns the digest.
251 * The handle is prepared for a new cycle, but adding bytes to the
252 * handle will the destroy the returned buffer.
253 * Returns: 20 bytes representing the digest.
254 */
255
256static void
257sha1_final(void *context)
258{
259 SHA1_CONTEXT *hd = context;
260
261 u32 t, msb, lsb;
262 byte *p;
263
264 sha1_write(hd, NULL, 0); /* flush */;
265
266 t = hd->nblocks;
267 /* multiply by 64 to make a byte count */
268 lsb = t << 6;
269 msb = t >> 26;
270 /* add the count */
271 t = lsb;
272 if( (lsb += hd->count) < t )
273 msb++;
274 /* multiply by 8 to make a bit count */
275 t = lsb;
276 lsb <<= 3;
277 msb <<= 3;
278 msb |= t >> 29;
279
280 if( hd->count < 56 ) /* enough room */
281 {
282 hd->buf[hd->count++] = 0x80; /* pad */
283 while( hd->count < 56 )
284 hd->buf[hd->count++] = 0; /* pad */
285 }
286 else /* need one extra block */
287 {
288 hd->buf[hd->count++] = 0x80; /* pad character */
289 while( hd->count < 64 )
290 hd->buf[hd->count++] = 0;
291 sha1_write(hd, NULL, 0); /* flush */;
292 memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
293 }
294 /* append the 64 bit count */
295 hd->buf[56] = msb >> 24;
296 hd->buf[57] = msb >> 16;
297 hd->buf[58] = msb >> 8;
298 hd->buf[59] = msb ;
299 hd->buf[60] = lsb >> 24;
300 hd->buf[61] = lsb >> 16;
301 hd->buf[62] = lsb >> 8;
302 hd->buf[63] = lsb ;
303 transform( hd, hd->buf );
304 _gcry_burn_stack (88+4*sizeof(void*));
305
306 p = hd->buf;
307#ifdef WORDS_BIGENDIAN
308#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
309#else /* little endian */
310#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
311 *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
312#endif
313 X(0);
314 X(1);
315 X(2);
316 X(3);
317 X(4);
318#undef X
319
320}
321
322static byte *
323sha1_read( void *context )
324{
325 SHA1_CONTEXT *hd = context;
326
327 return hd->buf;
328}
329
330/****************
331 * Shortcut functions which puts the hash value of the supplied buffer
332 * into outbuf which must have a size of 20 bytes.
333 */
334void
335_gcry_sha1_hash_buffer (char *outbuf, const char *buffer, size_t length)
336{
337 SHA1_CONTEXT hd;
338
339 sha1_init (&hd);
340 sha1_write (&hd, (byte*)buffer, length);
341 sha1_final (&hd);
342 memcpy (outbuf, hd.buf, 20);
343}
344
345
346static byte asn[15] = /* Object ID is 1.3.14.3.2.26 */
347 { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
348 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
349
350static gcry_md_oid_spec_t oid_spec_sha1[] =
351 {
352 /* iso.member-body.us.rsadsi.pkcs.pkcs-1.5 (sha1WithRSAEncryption) */
353 { "1.2.840.113549.1.1.5" },
354 /* iso.member-body.us.x9-57.x9cm.3 (dsaWithSha1)*/
355 { "1.2.840.10040.4.3" },
356 /* from NIST's OIW (sha1) */
357 { "1.3.14.3.2.26" },
358 /* from NIST OIW (sha-1WithRSAEncryption) */
359 { "1.3.14.3.2.29" },
360 { NULL },
361 };
362
363gcry_md_spec_t _gcry_digest_spec_sha1 =
364 {
365 "SHA1", asn, DIM (asn), oid_spec_sha1, 20,
366 sha1_init, sha1_write, sha1_final, sha1_read,
367 sizeof (SHA1_CONTEXT)
368 };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha256.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha256.c
new file mode 100755
index 0000000..3b88ec3
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha256.c
@@ -0,0 +1,310 @@
1/* sha256.c - SHA256 hash function
2 * Copyright (C) 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21
22/* Test vectors:
23
24 "abc"
25 ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad
26
27 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
28 248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
29
30 "a" one million times
31 cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0
32
33 */
34
35
36#include <config.h>
37#include <stdio.h>
38#include <stdlib.h>
39#include <string.h>
40#include <assert.h>
41#include "g10lib.h"
42#include "memory.h"
43#include "bithelp.h"
44#include "cipher.h"
45
46typedef struct {
47 u32 h0,h1,h2,h3,h4,h5,h6,h7;
48 u32 nblocks;
49 byte buf[64];
50 int count;
51} SHA256_CONTEXT;
52
53
54static void
55sha256_init (void *context)
56{
57 SHA256_CONTEXT *hd = context;
58
59 hd->h0 = 0x6a09e667;
60 hd->h1 = 0xbb67ae85;
61 hd->h2 = 0x3c6ef372;
62 hd->h3 = 0xa54ff53a;
63 hd->h4 = 0x510e527f;
64 hd->h5 = 0x9b05688c;
65 hd->h6 = 0x1f83d9ab;
66 hd->h7 = 0x5be0cd19;
67
68 hd->nblocks = 0;
69 hd->count = 0;
70}
71
72
73/*
74 Transform the message X which consists of 16 32-bit-words. See FIPS
75 180-2 for details. */
76#define Cho(x,y,z) (z ^ (x & (y ^ z))) /* (4.2) same as SHA-1's F1 */
77#define Maj(x,y,z) ((x & y) | (z & (x|y))) /* (4.3) same as SHA-1's F3 */
78#define Sum0(x) (ror ((x), 2) ^ ror ((x), 13) ^ ror ((x), 22)) /* (4.4) */
79#define Sum1(x) (ror ((x), 6) ^ ror ((x), 11) ^ ror ((x), 25)) /* (4.5) */
80#define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3)) /* (4.6) */
81#define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10)) /* (4.7) */
82#define R(a,b,c,d,e,f,g,h,k,w) do \
83 { \
84 t1 = (h) + Sum1((e)) + Cho((e),(f),(g)) + (k) + (w); \
85 t2 = Sum0((a)) + Maj((a),(b),(c)); \
86 h = g; \
87 g = f; \
88 f = e; \
89 e = d + t1; \
90 d = c; \
91 c = b; \
92 b = a; \
93 a = t1 + t2; \
94 } while (0)
95
96static void
97transform (SHA256_CONTEXT *hd, byte *data)
98{
99 static const u32 K[64] = {
100 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
101 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
102 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
103 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
104 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
105 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
106 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
107 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
108 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
109 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
110 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
111 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
112 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
113 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
114 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
115 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
116 };
117
118 u32 a,b,c,d,e,f,g,h,t1,t2;
119 u32 x[16];
120 u32 w[64];
121 int i;
122
123 a = hd->h0;
124 b = hd->h1;
125 c = hd->h2;
126 d = hd->h3;
127 e = hd->h4;
128 f = hd->h5;
129 g = hd->h6;
130 h = hd->h7;
131
132#ifdef WORDS_BIGENDIAN
133 memcpy (x, data, 64);
134#else
135 {
136 byte *p2;
137
138 for (i=0, p2=(byte*)x; i < 16; i++, p2 += 4 )
139 {
140 p2[3] = *data++;
141 p2[2] = *data++;
142 p2[1] = *data++;
143 p2[0] = *data++;
144 }
145 }
146#endif
147
148 for (i=0; i < 16; i++)
149 w[i] = x[i];
150 for (; i < 64; i++)
151 w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16];
152
153 for (i=0; i < 64; i++)
154 R(a,b,c,d,e,f,g,h,K[i],w[i]);
155
156 hd->h0 += a;
157 hd->h1 += b;
158 hd->h2 += c;
159 hd->h3 += d;
160 hd->h4 += e;
161 hd->h5 += f;
162 hd->h6 += g;
163 hd->h7 += h;
164}
165#undef Cho
166#undef Maj
167#undef Sum0
168#undef Sum1
169#undef S0
170#undef S1
171#undef R
172
173
174/* Update the message digest with the contents of INBUF with length
175 INLEN. */
176static void
177sha256_write (void *context, byte *inbuf, size_t inlen)
178{
179 SHA256_CONTEXT *hd = context;
180
181 if (hd->count == 64)
182 { /* flush the buffer */
183 transform (hd, hd->buf);
184 _gcry_burn_stack (74*4+32);
185 hd->count = 0;
186 hd->nblocks++;
187 }
188 if (!inbuf)
189 return;
190 if (hd->count)
191 {
192 for (; inlen && hd->count < 64; inlen--)
193 hd->buf[hd->count++] = *inbuf++;
194 sha256_write (hd, NULL, 0);
195 if (!inlen)
196 return;
197 }
198
199 while (inlen >= 64)
200 {
201 transform (hd, inbuf);
202 hd->count = 0;
203 hd->nblocks++;
204 inlen -= 64;
205 inbuf += 64;
206 }
207 _gcry_burn_stack (74*4+32);
208 for (; inlen && hd->count < 64; inlen--)
209 hd->buf[hd->count++] = *inbuf++;
210}
211
212
213/*
214 The routine finally terminates the computation and returns the
215 digest. The handle is prepared for a new cycle, but adding bytes
216 to the handle will the destroy the returned buffer. Returns: 32
217 bytes with the message the digest. */
218static void
219sha256_final(void *context)
220{
221 SHA256_CONTEXT *hd = context;
222 u32 t, msb, lsb;
223 byte *p;
224
225 sha256_write (hd, NULL, 0); /* flush */;
226
227 t = hd->nblocks;
228 /* multiply by 64 to make a byte count */
229 lsb = t << 6;
230 msb = t >> 26;
231 /* add the count */
232 t = lsb;
233 if ((lsb += hd->count) < t)
234 msb++;
235 /* multiply by 8 to make a bit count */
236 t = lsb;
237 lsb <<= 3;
238 msb <<= 3;
239 msb |= t >> 29;
240
241 if (hd->count < 56)
242 { /* enough room */
243 hd->buf[hd->count++] = 0x80; /* pad */
244 while (hd->count < 56)
245 hd->buf[hd->count++] = 0; /* pad */
246 }
247 else
248 { /* need one extra block */
249 hd->buf[hd->count++] = 0x80; /* pad character */
250 while (hd->count < 64)
251 hd->buf[hd->count++] = 0;
252 sha256_write (hd, NULL, 0); /* flush */;
253 memset (hd->buf, 0, 56 ); /* fill next block with zeroes */
254 }
255 /* append the 64 bit count */
256 hd->buf[56] = msb >> 24;
257 hd->buf[57] = msb >> 16;
258 hd->buf[58] = msb >> 8;
259 hd->buf[59] = msb;
260 hd->buf[60] = lsb >> 24;
261 hd->buf[61] = lsb >> 16;
262 hd->buf[62] = lsb >> 8;
263 hd->buf[63] = lsb;
264 transform (hd, hd->buf);
265 _gcry_burn_stack (74*4+32);
266
267 p = hd->buf;
268#ifdef WORDS_BIGENDIAN
269#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
270#else /* little endian */
271#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
272 *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
273#endif
274 X(0);
275 X(1);
276 X(2);
277 X(3);
278 X(4);
279 X(5);
280 X(6);
281 X(7);
282#undef X
283}
284
285static byte *
286sha256_read (void *context)
287{
288 SHA256_CONTEXT *hd = context;
289
290 return hd->buf;
291}
292
293static byte asn[19] = /* Object ID is 2.16.840.1.101.3.4.2.1 */
294 { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
295 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
296 0x00, 0x04, 0x20 };
297
298static gcry_md_oid_spec_t oid_spec_sha256[] =
299 {
300 /* According to the OpenPGG draft rfc2440-bis06 */
301 { "2.16.840.1.101.3.4.2.1" },
302 { NULL },
303 };
304
305gcry_md_spec_t _gcry_digest_spec_sha256 =
306 {
307 "SHA256", asn, DIM (asn), oid_spec_sha256, 32,
308 sha256_init, sha256_write, sha256_final, sha256_read,
309 sizeof (SHA256_CONTEXT)
310 };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha512.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha512.c
new file mode 100755
index 0000000..e62165b
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha512.c
@@ -0,0 +1,400 @@
1/* sha512.c - SHA384 and SHA512 hash functions
2 * Copyright (C) 2003 Free Software Foundation, Inc.
3 *
4 * Please see below for more legal information!
5 *
6 * This file is part of Libgcrypt.
7 *
8 * Libgcrypt is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU Lesser general Public License as
10 * published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * Libgcrypt is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
21 */
22
23
24/* Test vectors from FIPS-180-2:
25 *
26 * "abc"
27 * 384:
28 * CB00753F 45A35E8B B5A03D69 9AC65007 272C32AB 0EDED163
29 * 1A8B605A 43FF5BED 8086072B A1E7CC23 58BAECA1 34C825A7
30 * 512:
31 * DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A
32 * 2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F
33 *
34 * "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
35 * 384:
36 * 09330C33 F71147E8 3D192FC7 82CD1B47 53111B17 3B3B05D2
37 * 2FA08086 E3B0F712 FCC7C71A 557E2DB9 66C3E9FA 91746039
38 * 512:
39 * 8E959B75 DAE313DA 8CF4F728 14FC143F 8F7779C6 EB9F7FA1 7299AEAD B6889018
40 * 501D289E 4900F7E4 331B99DE C4B5433A C7D329EE B6DD2654 5E96E55B 874BE909
41 *
42 * "a" x 1000000
43 * 384:
44 * 9D0E1809 716474CB 086E834E 310A4A1C ED149E9C 00F24852
45 * 7972CEC5 704C2A5B 07B8B3DC 38ECC4EB AE97DDD8 7F3D8985
46 * 512:
47 * E718483D 0CE76964 4E2E42C7 BC15B463 8E1F98B1 3B204428 5632A803 AFA973EB
48 * DE0FF244 877EA60A 4CB0432C E577C31B EB009C5C 2C49AA2E 4EADB217 AD8CC09B
49 */
50
51
52#include <config.h>
53#include <string.h>
54#include "g10lib.h"
55#include "bithelp.h"
56#include "cipher.h"
57
58typedef struct
59{
60 u64 h0, h1, h2, h3, h4, h5, h6, h7;
61 u64 nblocks;
62 byte buf[128];
63 int count;
64} SHA512_CONTEXT;
65
66static void
67sha512_init (void *context)
68{
69 SHA512_CONTEXT *hd = context;
70
71 hd->h0 = U64_C(0x6a09e667f3bcc908);
72 hd->h1 = U64_C(0xbb67ae8584caa73b);
73 hd->h2 = U64_C(0x3c6ef372fe94f82b);
74 hd->h3 = U64_C(0xa54ff53a5f1d36f1);
75 hd->h4 = U64_C(0x510e527fade682d1);
76 hd->h5 = U64_C(0x9b05688c2b3e6c1f);
77 hd->h6 = U64_C(0x1f83d9abfb41bd6b);
78 hd->h7 = U64_C(0x5be0cd19137e2179);
79
80 hd->nblocks = 0;
81 hd->count = 0;
82}
83
84static void
85sha384_init (void *context)
86{
87 SHA512_CONTEXT *hd = context;
88
89 hd->h0 = U64_C(0xcbbb9d5dc1059ed8);
90 hd->h1 = U64_C(0x629a292a367cd507);
91 hd->h2 = U64_C(0x9159015a3070dd17);
92 hd->h3 = U64_C(0x152fecd8f70e5939);
93 hd->h4 = U64_C(0x67332667ffc00b31);
94 hd->h5 = U64_C(0x8eb44a8768581511);
95 hd->h6 = U64_C(0xdb0c2e0d64f98fa7);
96 hd->h7 = U64_C(0x47b5481dbefa4fa4);
97
98 hd->nblocks = 0;
99 hd->count = 0;
100}
101
102
103/****************
104 * Transform the message W which consists of 16 64-bit-words
105 */
106static void
107transform (SHA512_CONTEXT *hd, byte *data)
108{
109 u64 a, b, c, d, e, f, g, h;
110 u64 w[80];
111 int t;
112 static const u64 k[] =
113 {
114 U64_C(0x428a2f98d728ae22), U64_C(0x7137449123ef65cd),
115 U64_C(0xb5c0fbcfec4d3b2f), U64_C(0xe9b5dba58189dbbc),
116 U64_C(0x3956c25bf348b538), U64_C(0x59f111f1b605d019),
117 U64_C(0x923f82a4af194f9b), U64_C(0xab1c5ed5da6d8118),
118 U64_C(0xd807aa98a3030242), U64_C(0x12835b0145706fbe),
119 U64_C(0x243185be4ee4b28c), U64_C(0x550c7dc3d5ffb4e2),
120 U64_C(0x72be5d74f27b896f), U64_C(0x80deb1fe3b1696b1),
121 U64_C(0x9bdc06a725c71235), U64_C(0xc19bf174cf692694),
122 U64_C(0xe49b69c19ef14ad2), U64_C(0xefbe4786384f25e3),
123 U64_C(0x0fc19dc68b8cd5b5), U64_C(0x240ca1cc77ac9c65),
124 U64_C(0x2de92c6f592b0275), U64_C(0x4a7484aa6ea6e483),
125 U64_C(0x5cb0a9dcbd41fbd4), U64_C(0x76f988da831153b5),
126 U64_C(0x983e5152ee66dfab), U64_C(0xa831c66d2db43210),
127 U64_C(0xb00327c898fb213f), U64_C(0xbf597fc7beef0ee4),
128 U64_C(0xc6e00bf33da88fc2), U64_C(0xd5a79147930aa725),
129 U64_C(0x06ca6351e003826f), U64_C(0x142929670a0e6e70),
130 U64_C(0x27b70a8546d22ffc), U64_C(0x2e1b21385c26c926),
131 U64_C(0x4d2c6dfc5ac42aed), U64_C(0x53380d139d95b3df),
132 U64_C(0x650a73548baf63de), U64_C(0x766a0abb3c77b2a8),
133 U64_C(0x81c2c92e47edaee6), U64_C(0x92722c851482353b),
134 U64_C(0xa2bfe8a14cf10364), U64_C(0xa81a664bbc423001),
135 U64_C(0xc24b8b70d0f89791), U64_C(0xc76c51a30654be30),
136 U64_C(0xd192e819d6ef5218), U64_C(0xd69906245565a910),
137 U64_C(0xf40e35855771202a), U64_C(0x106aa07032bbd1b8),
138 U64_C(0x19a4c116b8d2d0c8), U64_C(0x1e376c085141ab53),
139 U64_C(0x2748774cdf8eeb99), U64_C(0x34b0bcb5e19b48a8),
140 U64_C(0x391c0cb3c5c95a63), U64_C(0x4ed8aa4ae3418acb),
141 U64_C(0x5b9cca4f7763e373), U64_C(0x682e6ff3d6b2b8a3),
142 U64_C(0x748f82ee5defb2fc), U64_C(0x78a5636f43172f60),
143 U64_C(0x84c87814a1f0ab72), U64_C(0x8cc702081a6439ec),
144 U64_C(0x90befffa23631e28), U64_C(0xa4506cebde82bde9),
145 U64_C(0xbef9a3f7b2c67915), U64_C(0xc67178f2e372532b),
146 U64_C(0xca273eceea26619c), U64_C(0xd186b8c721c0c207),
147 U64_C(0xeada7dd6cde0eb1e), U64_C(0xf57d4f7fee6ed178),
148 U64_C(0x06f067aa72176fba), U64_C(0x0a637dc5a2c898a6),
149 U64_C(0x113f9804bef90dae), U64_C(0x1b710b35131c471b),
150 U64_C(0x28db77f523047d84), U64_C(0x32caab7b40c72493),
151 U64_C(0x3c9ebe0a15c9bebc), U64_C(0x431d67c49c100d4c),
152 U64_C(0x4cc5d4becb3e42b6), U64_C(0x597f299cfc657e2a),
153 U64_C(0x5fcb6fab3ad6faec), U64_C(0x6c44198c4a475817)
154 };
155
156 /* get values from the chaining vars */
157 a = hd->h0;
158 b = hd->h1;
159 c = hd->h2;
160 d = hd->h3;
161 e = hd->h4;
162 f = hd->h5;
163 g = hd->h6;
164 h = hd->h7;
165
166#ifdef WORDS_BIGENDIAN
167 memcpy (w, data, 128);
168#else
169 {
170 int i;
171 byte *p2;
172
173 for (i = 0, p2 = (byte *) w; i < 16; i++, p2 += 8)
174 {
175 p2[7] = *data++;
176 p2[6] = *data++;
177 p2[5] = *data++;
178 p2[4] = *data++;
179 p2[3] = *data++;
180 p2[2] = *data++;
181 p2[1] = *data++;
182 p2[0] = *data++;
183 }
184 }
185#endif
186
187#define ROTR(x,n) (((x)>>(n)) | ((x)<<(64-(n))))
188#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
189#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
190#define Sum0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
191#define Sum1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
192#define S0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
193#define S1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
194
195 for (t = 16; t < 80; t++)
196 w[t] = S1 (w[t - 2]) + w[t - 7] + S0 (w[t - 15]) + w[t - 16];
197
198 for (t = 0; t < 80; t++)
199 {
200 u64 t1, t2;
201
202 t1 = h + Sum1 (e) + Ch (e, f, g) + k[t] + w[t];
203 t2 = Sum0 (a) + Maj (a, b, c);
204 h = g;
205 g = f;
206 f = e;
207 e = d + t1;
208 d = c;
209 c = b;
210 b = a;
211 a = t1 + t2;
212
213 /* printf("t=%d a=%016llX b=%016llX c=%016llX d=%016llX "
214 "e=%016llX f=%016llX g=%016llX h=%016llX\n",t,a,b,c,d,e,f,g,h); */
215 }
216
217 /* update chaining vars */
218 hd->h0 += a;
219 hd->h1 += b;
220 hd->h2 += c;
221 hd->h3 += d;
222 hd->h4 += e;
223 hd->h5 += f;
224 hd->h6 += g;
225 hd->h7 += h;
226}
227
228
229/* Update the message digest with the contents
230 * of INBUF with length INLEN.
231 */
232static void
233sha512_write (void *context, byte *inbuf, size_t inlen)
234{
235 SHA512_CONTEXT *hd = context;
236
237 if (hd->count == 128)
238 { /* flush the buffer */
239 transform (hd, hd->buf);
240 _gcry_burn_stack (768);
241 hd->count = 0;
242 hd->nblocks++;
243 }
244 if (!inbuf)
245 return;
246 if (hd->count)
247 {
248 for (; inlen && hd->count < 128; inlen--)
249 hd->buf[hd->count++] = *inbuf++;
250 sha512_write (context, NULL, 0);
251 if (!inlen)
252 return;
253 }
254
255 while (inlen >= 128)
256 {
257 transform (hd, inbuf);
258 hd->count = 0;
259 hd->nblocks++;
260 inlen -= 128;
261 inbuf += 128;
262 }
263 _gcry_burn_stack (768);
264 for (; inlen && hd->count < 128; inlen--)
265 hd->buf[hd->count++] = *inbuf++;
266}
267
268
269/* The routine final terminates the computation and
270 * returns the digest.
271 * The handle is prepared for a new cycle, but adding bytes to the
272 * handle will the destroy the returned buffer.
273 * Returns: 64 bytes representing the digest. When used for sha384,
274 * we take the leftmost 48 of those bytes.
275 */
276
277static void
278sha512_final (void *context)
279{
280 SHA512_CONTEXT *hd = context;
281 u64 t, msb, lsb;
282 byte *p;
283
284 sha512_write (context, NULL, 0); /* flush */ ;
285
286 t = hd->nblocks;
287 /* multiply by 128 to make a byte count */
288 lsb = t << 7;
289 msb = t >> 57;
290 /* add the count */
291 t = lsb;
292 if ((lsb += hd->count) < t)
293 msb++;
294 /* multiply by 8 to make a bit count */
295 t = lsb;
296 lsb <<= 3;
297 msb <<= 3;
298 msb |= t >> 61;
299
300 if (hd->count < 112)
301 { /* enough room */
302 hd->buf[hd->count++] = 0x80; /* pad */
303 while (hd->count < 112)
304 hd->buf[hd->count++] = 0; /* pad */
305 }
306 else
307 { /* need one extra block */
308 hd->buf[hd->count++] = 0x80; /* pad character */
309 while (hd->count < 128)
310 hd->buf[hd->count++] = 0;
311 sha512_write (context, NULL, 0); /* flush */ ;
312 memset (hd->buf, 0, 112); /* fill next block with zeroes */
313 }
314 /* append the 128 bit count */
315 hd->buf[112] = msb >> 56;
316 hd->buf[113] = msb >> 48;
317 hd->buf[114] = msb >> 40;
318 hd->buf[115] = msb >> 32;
319 hd->buf[116] = msb >> 24;
320 hd->buf[117] = msb >> 16;
321 hd->buf[118] = msb >> 8;
322 hd->buf[119] = msb;
323
324 hd->buf[120] = lsb >> 56;
325 hd->buf[121] = lsb >> 48;
326 hd->buf[122] = lsb >> 40;
327 hd->buf[123] = lsb >> 32;
328 hd->buf[124] = lsb >> 24;
329 hd->buf[125] = lsb >> 16;
330 hd->buf[126] = lsb >> 8;
331 hd->buf[127] = lsb;
332 transform (hd, hd->buf);
333 _gcry_burn_stack (768);
334
335 p = hd->buf;
336#ifdef WORDS_BIGENDIAN
337#define X(a) do { *(u64*)p = hd->h##a ; p += 8; } while (0)
338#else /* little endian */
339#define X(a) do { *p++ = hd->h##a >> 56; *p++ = hd->h##a >> 48; \
340 *p++ = hd->h##a >> 40; *p++ = hd->h##a >> 32; \
341 *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
342 *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while (0)
343#endif
344 X (0);
345 X (1);
346 X (2);
347 X (3);
348 X (4);
349 X (5);
350 /* Note that these last two chunks are included even for SHA384.
351 We just ignore them. */
352 X (6);
353 X (7);
354#undef X
355}
356
357static byte *
358sha512_read (void *context)
359{
360 SHA512_CONTEXT *hd = (SHA512_CONTEXT *) context;
361 return hd->buf;
362}
363
364static byte sha512_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.3 */
365{
366 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
367 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
368 0x00, 0x04, 0x40
369};
370
371static gcry_md_oid_spec_t oid_spec_sha512[] =
372 {
373 { "2.16.840.1.101.3.4.2.3" },
374 { NULL }
375 };
376
377gcry_md_spec_t _gcry_digest_spec_sha512 = {
378 "SHA512", sha512_asn, DIM (sha512_asn), oid_spec_sha512, 64,
379 sha512_init, sha512_write, sha512_final, sha512_read,
380 sizeof (SHA512_CONTEXT),
381};
382
383static byte sha384_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.2 */
384{
385 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
386 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
387 0x00, 0x04, 0x30
388};
389
390static gcry_md_oid_spec_t oid_spec_sha384[] =
391 {
392 { "2.16.840.1.101.3.4.2.2" },
393 { NULL },
394 };
395
396gcry_md_spec_t _gcry_digest_spec_sha384 = {
397 "SHA384", sha384_asn, DIM (sha384_asn), oid_spec_sha384, 48,
398 sha384_init, sha512_write, sha512_final, sha512_read,
399 sizeof (SHA512_CONTEXT),
400};
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/tiger.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/tiger.c
new file mode 100755
index 0000000..3b5bfda
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/tiger.c
@@ -0,0 +1,850 @@
1/* tiger.c - The TIGER hash function
2 * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21#include <config.h>
22#include <stdio.h>
23#include <stdlib.h>
24#include <string.h>
25#include <assert.h>
26#include "g10lib.h"
27#include "memory.h"
28#include "cipher.h"
29
30#ifdef HAVE_U64_TYPEDEF
31
32/* we really need it here, but as this is only experiment we
33 * can live without Tiger */
34
35typedef struct {
36 u64 a, b, c;
37 byte buf[64];
38 int count;
39 u32 nblocks;
40} TIGER_CONTEXT;
41
42
43/*********************************
44 * Okay, okay, this is not the fastest code - improvements are welcome.
45 *
46 */
47
48/* Some test vectors:
49 * "" 24F0130C63AC9332 16166E76B1BB925F F373DE2D49584E7A
50 * "abc" F258C1E88414AB2A 527AB541FFC5B8BF 935F7B951C132951
51 * "Tiger" 9F00F599072300DD 276ABB38C8EB6DEC 37790C116F9D2BDF
52 * "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"
53 * 87FB2A9083851CF7 470D2CF810E6DF9E B586445034A5A386
54 * "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789"
55 * 467DB80863EBCE48 8DF1CD1261655DE9 57896565975F9197
56 * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham"
57 * 0C410A042968868A 1671DA5A3FD29A72 5EC1E457D3CDB303
58 * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proc"
59 * "eedings of Fast Software Encryption 3, Cambridge."
60 * EBF591D5AFA655CE 7F22894FF87F54AC 89C811B6B0DA3193
61 * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proc"
62 * "eedings of Fast Software Encryption 3, Cambridge, 1996."
63 * 3D9AEB03D1BD1A63 57B2774DFD6D5B24 DD68151D503974FC
64 * "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEF"
65 * "GHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"
66 * 00B83EB4E53440C5 76AC6AAEE0A74858 25FD15E70A59FFE4
67 */
68
69static u64 sbox1[256] = {
70 U64_C(0x02aab17cf7e90c5e) /* 0 */, U64_C(0xac424b03e243a8ec) /* 1 */,
71 U64_C(0x72cd5be30dd5fcd3) /* 2 */, U64_C(0x6d019b93f6f97f3a) /* 3 */,
72 U64_C(0xcd9978ffd21f9193) /* 4 */, U64_C(0x7573a1c9708029e2) /* 5 */,
73 U64_C(0xb164326b922a83c3) /* 6 */, U64_C(0x46883eee04915870) /* 7 */,
74 U64_C(0xeaace3057103ece6) /* 8 */, U64_C(0xc54169b808a3535c) /* 9 */,
75 U64_C(0x4ce754918ddec47c) /* 10 */, U64_C(0x0aa2f4dfdc0df40c) /* 11 */,
76 U64_C(0x10b76f18a74dbefa) /* 12 */, U64_C(0xc6ccb6235ad1ab6a) /* 13 */,
77 U64_C(0x13726121572fe2ff) /* 14 */, U64_C(0x1a488c6f199d921e) /* 15 */,
78 U64_C(0x4bc9f9f4da0007ca) /* 16 */, U64_C(0x26f5e6f6e85241c7) /* 17 */,
79 U64_C(0x859079dbea5947b6) /* 18 */, U64_C(0x4f1885c5c99e8c92) /* 19 */,
80 U64_C(0xd78e761ea96f864b) /* 20 */, U64_C(0x8e36428c52b5c17d) /* 21 */,
81 U64_C(0x69cf6827373063c1) /* 22 */, U64_C(0xb607c93d9bb4c56e) /* 23 */,
82 U64_C(0x7d820e760e76b5ea) /* 24 */, U64_C(0x645c9cc6f07fdc42) /* 25 */,
83 U64_C(0xbf38a078243342e0) /* 26 */, U64_C(0x5f6b343c9d2e7d04) /* 27 */,
84 U64_C(0xf2c28aeb600b0ec6) /* 28 */, U64_C(0x6c0ed85f7254bcac) /* 29 */,
85 U64_C(0x71592281a4db4fe5) /* 30 */, U64_C(0x1967fa69ce0fed9f) /* 31 */,
86 U64_C(0xfd5293f8b96545db) /* 32 */, U64_C(0xc879e9d7f2a7600b) /* 33 */,
87 U64_C(0x860248920193194e) /* 34 */, U64_C(0xa4f9533b2d9cc0b3) /* 35 */,
88 U64_C(0x9053836c15957613) /* 36 */, U64_C(0xdb6dcf8afc357bf1) /* 37 */,
89 U64_C(0x18beea7a7a370f57) /* 38 */, U64_C(0x037117ca50b99066) /* 39 */,
90 U64_C(0x6ab30a9774424a35) /* 40 */, U64_C(0xf4e92f02e325249b) /* 41 */,
91 U64_C(0x7739db07061ccae1) /* 42 */, U64_C(0xd8f3b49ceca42a05) /* 43 */,
92 U64_C(0xbd56be3f51382f73) /* 44 */, U64_C(0x45faed5843b0bb28) /* 45 */,
93 U64_C(0x1c813d5c11bf1f83) /* 46 */, U64_C(0x8af0e4b6d75fa169) /* 47 */,
94 U64_C(0x33ee18a487ad9999) /* 48 */, U64_C(0x3c26e8eab1c94410) /* 49 */,
95 U64_C(0xb510102bc0a822f9) /* 50 */, U64_C(0x141eef310ce6123b) /* 51 */,
96 U64_C(0xfc65b90059ddb154) /* 52 */, U64_C(0xe0158640c5e0e607) /* 53 */,
97 U64_C(0x884e079826c3a3cf) /* 54 */, U64_C(0x930d0d9523c535fd) /* 55 */,
98 U64_C(0x35638d754e9a2b00) /* 56 */, U64_C(0x4085fccf40469dd5) /* 57 */,
99 U64_C(0xc4b17ad28be23a4c) /* 58 */, U64_C(0xcab2f0fc6a3e6a2e) /* 59 */,
100 U64_C(0x2860971a6b943fcd) /* 60 */, U64_C(0x3dde6ee212e30446) /* 61 */,
101 U64_C(0x6222f32ae01765ae) /* 62 */, U64_C(0x5d550bb5478308fe) /* 63 */,
102 U64_C(0xa9efa98da0eda22a) /* 64 */, U64_C(0xc351a71686c40da7) /* 65 */,
103 U64_C(0x1105586d9c867c84) /* 66 */, U64_C(0xdcffee85fda22853) /* 67 */,
104 U64_C(0xccfbd0262c5eef76) /* 68 */, U64_C(0xbaf294cb8990d201) /* 69 */,
105 U64_C(0xe69464f52afad975) /* 70 */, U64_C(0x94b013afdf133e14) /* 71 */,
106 U64_C(0x06a7d1a32823c958) /* 72 */, U64_C(0x6f95fe5130f61119) /* 73 */,
107 U64_C(0xd92ab34e462c06c0) /* 74 */, U64_C(0xed7bde33887c71d2) /* 75 */,
108 U64_C(0x79746d6e6518393e) /* 76 */, U64_C(0x5ba419385d713329) /* 77 */,
109 U64_C(0x7c1ba6b948a97564) /* 78 */, U64_C(0x31987c197bfdac67) /* 79 */,
110 U64_C(0xde6c23c44b053d02) /* 80 */, U64_C(0x581c49fed002d64d) /* 81 */,
111 U64_C(0xdd474d6338261571) /* 82 */, U64_C(0xaa4546c3e473d062) /* 83 */,
112 U64_C(0x928fce349455f860) /* 84 */, U64_C(0x48161bbacaab94d9) /* 85 */,
113 U64_C(0x63912430770e6f68) /* 86 */, U64_C(0x6ec8a5e602c6641c) /* 87 */,
114 U64_C(0x87282515337ddd2b) /* 88 */, U64_C(0x2cda6b42034b701b) /* 89 */,
115 U64_C(0xb03d37c181cb096d) /* 90 */, U64_C(0xe108438266c71c6f) /* 91 */,
116 U64_C(0x2b3180c7eb51b255) /* 92 */, U64_C(0xdf92b82f96c08bbc) /* 93 */,
117 U64_C(0x5c68c8c0a632f3ba) /* 94 */, U64_C(0x5504cc861c3d0556) /* 95 */,
118 U64_C(0xabbfa4e55fb26b8f) /* 96 */, U64_C(0x41848b0ab3baceb4) /* 97 */,
119 U64_C(0xb334a273aa445d32) /* 98 */, U64_C(0xbca696f0a85ad881) /* 99 */,
120 U64_C(0x24f6ec65b528d56c) /* 100 */, U64_C(0x0ce1512e90f4524a) /* 101 */,
121 U64_C(0x4e9dd79d5506d35a) /* 102 */, U64_C(0x258905fac6ce9779) /* 103 */,
122 U64_C(0x2019295b3e109b33) /* 104 */, U64_C(0xf8a9478b73a054cc) /* 105 */,
123 U64_C(0x2924f2f934417eb0) /* 106 */, U64_C(0x3993357d536d1bc4) /* 107 */,
124 U64_C(0x38a81ac21db6ff8b) /* 108 */, U64_C(0x47c4fbf17d6016bf) /* 109 */,
125 U64_C(0x1e0faadd7667e3f5) /* 110 */, U64_C(0x7abcff62938beb96) /* 111 */,
126 U64_C(0xa78dad948fc179c9) /* 112 */, U64_C(0x8f1f98b72911e50d) /* 113 */,
127 U64_C(0x61e48eae27121a91) /* 114 */, U64_C(0x4d62f7ad31859808) /* 115 */,
128 U64_C(0xeceba345ef5ceaeb) /* 116 */, U64_C(0xf5ceb25ebc9684ce) /* 117 */,
129 U64_C(0xf633e20cb7f76221) /* 118 */, U64_C(0xa32cdf06ab8293e4) /* 119 */,
130 U64_C(0x985a202ca5ee2ca4) /* 120 */, U64_C(0xcf0b8447cc8a8fb1) /* 121 */,
131 U64_C(0x9f765244979859a3) /* 122 */, U64_C(0xa8d516b1a1240017) /* 123 */,
132 U64_C(0x0bd7ba3ebb5dc726) /* 124 */, U64_C(0xe54bca55b86adb39) /* 125 */,
133 U64_C(0x1d7a3afd6c478063) /* 126 */, U64_C(0x519ec608e7669edd) /* 127 */,
134 U64_C(0x0e5715a2d149aa23) /* 128 */, U64_C(0x177d4571848ff194) /* 129 */,
135 U64_C(0xeeb55f3241014c22) /* 130 */, U64_C(0x0f5e5ca13a6e2ec2) /* 131 */,
136 U64_C(0x8029927b75f5c361) /* 132 */, U64_C(0xad139fabc3d6e436) /* 133 */,
137 U64_C(0x0d5df1a94ccf402f) /* 134 */, U64_C(0x3e8bd948bea5dfc8) /* 135 */,
138 U64_C(0xa5a0d357bd3ff77e) /* 136 */, U64_C(0xa2d12e251f74f645) /* 137 */,
139 U64_C(0x66fd9e525e81a082) /* 138 */, U64_C(0x2e0c90ce7f687a49) /* 139 */,
140 U64_C(0xc2e8bcbeba973bc5) /* 140 */, U64_C(0x000001bce509745f) /* 141 */,
141 U64_C(0x423777bbe6dab3d6) /* 142 */, U64_C(0xd1661c7eaef06eb5) /* 143 */,
142 U64_C(0xa1781f354daacfd8) /* 144 */, U64_C(0x2d11284a2b16affc) /* 145 */,
143 U64_C(0xf1fc4f67fa891d1f) /* 146 */, U64_C(0x73ecc25dcb920ada) /* 147 */,
144 U64_C(0xae610c22c2a12651) /* 148 */, U64_C(0x96e0a810d356b78a) /* 149 */,
145 U64_C(0x5a9a381f2fe7870f) /* 150 */, U64_C(0xd5ad62ede94e5530) /* 151 */,
146 U64_C(0xd225e5e8368d1427) /* 152 */, U64_C(0x65977b70c7af4631) /* 153 */,
147 U64_C(0x99f889b2de39d74f) /* 154 */, U64_C(0x233f30bf54e1d143) /* 155 */,
148 U64_C(0x9a9675d3d9a63c97) /* 156 */, U64_C(0x5470554ff334f9a8) /* 157 */,
149 U64_C(0x166acb744a4f5688) /* 158 */, U64_C(0x70c74caab2e4aead) /* 159 */,
150 U64_C(0xf0d091646f294d12) /* 160 */, U64_C(0x57b82a89684031d1) /* 161 */,
151 U64_C(0xefd95a5a61be0b6b) /* 162 */, U64_C(0x2fbd12e969f2f29a) /* 163 */,
152 U64_C(0x9bd37013feff9fe8) /* 164 */, U64_C(0x3f9b0404d6085a06) /* 165 */,
153 U64_C(0x4940c1f3166cfe15) /* 166 */, U64_C(0x09542c4dcdf3defb) /* 167 */,
154 U64_C(0xb4c5218385cd5ce3) /* 168 */, U64_C(0xc935b7dc4462a641) /* 169 */,
155 U64_C(0x3417f8a68ed3b63f) /* 170 */, U64_C(0xb80959295b215b40) /* 171 */,
156 U64_C(0xf99cdaef3b8c8572) /* 172 */, U64_C(0x018c0614f8fcb95d) /* 173 */,
157 U64_C(0x1b14accd1a3acdf3) /* 174 */, U64_C(0x84d471f200bb732d) /* 175 */,
158 U64_C(0xc1a3110e95e8da16) /* 176 */, U64_C(0x430a7220bf1a82b8) /* 177 */,
159 U64_C(0xb77e090d39df210e) /* 178 */, U64_C(0x5ef4bd9f3cd05e9d) /* 179 */,
160 U64_C(0x9d4ff6da7e57a444) /* 180 */, U64_C(0xda1d60e183d4a5f8) /* 181 */,
161 U64_C(0xb287c38417998e47) /* 182 */, U64_C(0xfe3edc121bb31886) /* 183 */,
162 U64_C(0xc7fe3ccc980ccbef) /* 184 */, U64_C(0xe46fb590189bfd03) /* 185 */,
163 U64_C(0x3732fd469a4c57dc) /* 186 */, U64_C(0x7ef700a07cf1ad65) /* 187 */,
164 U64_C(0x59c64468a31d8859) /* 188 */, U64_C(0x762fb0b4d45b61f6) /* 189 */,
165 U64_C(0x155baed099047718) /* 190 */, U64_C(0x68755e4c3d50baa6) /* 191 */,
166 U64_C(0xe9214e7f22d8b4df) /* 192 */, U64_C(0x2addbf532eac95f4) /* 193 */,
167 U64_C(0x32ae3909b4bd0109) /* 194 */, U64_C(0x834df537b08e3450) /* 195 */,
168 U64_C(0xfa209da84220728d) /* 196 */, U64_C(0x9e691d9b9efe23f7) /* 197 */,
169 U64_C(0x0446d288c4ae8d7f) /* 198 */, U64_C(0x7b4cc524e169785b) /* 199 */,
170 U64_C(0x21d87f0135ca1385) /* 200 */, U64_C(0xcebb400f137b8aa5) /* 201 */,
171 U64_C(0x272e2b66580796be) /* 202 */, U64_C(0x3612264125c2b0de) /* 203 */,
172 U64_C(0x057702bdad1efbb2) /* 204 */, U64_C(0xd4babb8eacf84be9) /* 205 */,
173 U64_C(0x91583139641bc67b) /* 206 */, U64_C(0x8bdc2de08036e024) /* 207 */,
174 U64_C(0x603c8156f49f68ed) /* 208 */, U64_C(0xf7d236f7dbef5111) /* 209 */,
175 U64_C(0x9727c4598ad21e80) /* 210 */, U64_C(0xa08a0896670a5fd7) /* 211 */,
176 U64_C(0xcb4a8f4309eba9cb) /* 212 */, U64_C(0x81af564b0f7036a1) /* 213 */,
177 U64_C(0xc0b99aa778199abd) /* 214 */, U64_C(0x959f1ec83fc8e952) /* 215 */,
178 U64_C(0x8c505077794a81b9) /* 216 */, U64_C(0x3acaaf8f056338f0) /* 217 */,
179 U64_C(0x07b43f50627a6778) /* 218 */, U64_C(0x4a44ab49f5eccc77) /* 219 */,
180 U64_C(0x3bc3d6e4b679ee98) /* 220 */, U64_C(0x9cc0d4d1cf14108c) /* 221 */,
181 U64_C(0x4406c00b206bc8a0) /* 222 */, U64_C(0x82a18854c8d72d89) /* 223 */,
182 U64_C(0x67e366b35c3c432c) /* 224 */, U64_C(0xb923dd61102b37f2) /* 225 */,
183 U64_C(0x56ab2779d884271d) /* 226 */, U64_C(0xbe83e1b0ff1525af) /* 227 */,
184 U64_C(0xfb7c65d4217e49a9) /* 228 */, U64_C(0x6bdbe0e76d48e7d4) /* 229 */,
185 U64_C(0x08df828745d9179e) /* 230 */, U64_C(0x22ea6a9add53bd34) /* 231 */,
186 U64_C(0xe36e141c5622200a) /* 232 */, U64_C(0x7f805d1b8cb750ee) /* 233 */,
187 U64_C(0xafe5c7a59f58e837) /* 234 */, U64_C(0xe27f996a4fb1c23c) /* 235 */,
188 U64_C(0xd3867dfb0775f0d0) /* 236 */, U64_C(0xd0e673de6e88891a) /* 237 */,
189 U64_C(0x123aeb9eafb86c25) /* 238 */, U64_C(0x30f1d5d5c145b895) /* 239 */,
190 U64_C(0xbb434a2dee7269e7) /* 240 */, U64_C(0x78cb67ecf931fa38) /* 241 */,
191 U64_C(0xf33b0372323bbf9c) /* 242 */, U64_C(0x52d66336fb279c74) /* 243 */,
192 U64_C(0x505f33ac0afb4eaa) /* 244 */, U64_C(0xe8a5cd99a2cce187) /* 245 */,
193 U64_C(0x534974801e2d30bb) /* 246 */, U64_C(0x8d2d5711d5876d90) /* 247 */,
194 U64_C(0x1f1a412891bc038e) /* 248 */, U64_C(0xd6e2e71d82e56648) /* 249 */,
195 U64_C(0x74036c3a497732b7) /* 250 */, U64_C(0x89b67ed96361f5ab) /* 251 */,
196 U64_C(0xffed95d8f1ea02a2) /* 252 */, U64_C(0xe72b3bd61464d43d) /* 253 */,
197 U64_C(0xa6300f170bdc4820) /* 254 */, U64_C(0xebc18760ed78a77a) /* 255 */
198};
199static u64 sbox2[256] = {
200 U64_C(0xe6a6be5a05a12138) /* 256 */, U64_C(0xb5a122a5b4f87c98) /* 257 */,
201 U64_C(0x563c6089140b6990) /* 258 */, U64_C(0x4c46cb2e391f5dd5) /* 259 */,
202 U64_C(0xd932addbc9b79434) /* 260 */, U64_C(0x08ea70e42015aff5) /* 261 */,
203 U64_C(0xd765a6673e478cf1) /* 262 */, U64_C(0xc4fb757eab278d99) /* 263 */,
204 U64_C(0xdf11c6862d6e0692) /* 264 */, U64_C(0xddeb84f10d7f3b16) /* 265 */,
205 U64_C(0x6f2ef604a665ea04) /* 266 */, U64_C(0x4a8e0f0ff0e0dfb3) /* 267 */,
206 U64_C(0xa5edeef83dbcba51) /* 268 */, U64_C(0xfc4f0a2a0ea4371e) /* 269 */,
207 U64_C(0xe83e1da85cb38429) /* 270 */, U64_C(0xdc8ff882ba1b1ce2) /* 271 */,
208 U64_C(0xcd45505e8353e80d) /* 272 */, U64_C(0x18d19a00d4db0717) /* 273 */,
209 U64_C(0x34a0cfeda5f38101) /* 274 */, U64_C(0x0be77e518887caf2) /* 275 */,
210 U64_C(0x1e341438b3c45136) /* 276 */, U64_C(0xe05797f49089ccf9) /* 277 */,
211 U64_C(0xffd23f9df2591d14) /* 278 */, U64_C(0x543dda228595c5cd) /* 279 */,
212 U64_C(0x661f81fd99052a33) /* 280 */, U64_C(0x8736e641db0f7b76) /* 281 */,
213 U64_C(0x15227725418e5307) /* 282 */, U64_C(0xe25f7f46162eb2fa) /* 283 */,
214 U64_C(0x48a8b2126c13d9fe) /* 284 */, U64_C(0xafdc541792e76eea) /* 285 */,
215 U64_C(0x03d912bfc6d1898f) /* 286 */, U64_C(0x31b1aafa1b83f51b) /* 287 */,
216 U64_C(0xf1ac2796e42ab7d9) /* 288 */, U64_C(0x40a3a7d7fcd2ebac) /* 289 */,
217 U64_C(0x1056136d0afbbcc5) /* 290 */, U64_C(0x7889e1dd9a6d0c85) /* 291 */,
218 U64_C(0xd33525782a7974aa) /* 292 */, U64_C(0xa7e25d09078ac09b) /* 293 */,
219 U64_C(0xbd4138b3eac6edd0) /* 294 */, U64_C(0x920abfbe71eb9e70) /* 295 */,
220 U64_C(0xa2a5d0f54fc2625c) /* 296 */, U64_C(0xc054e36b0b1290a3) /* 297 */,
221 U64_C(0xf6dd59ff62fe932b) /* 298 */, U64_C(0x3537354511a8ac7d) /* 299 */,
222 U64_C(0xca845e9172fadcd4) /* 300 */, U64_C(0x84f82b60329d20dc) /* 301 */,
223 U64_C(0x79c62ce1cd672f18) /* 302 */, U64_C(0x8b09a2add124642c) /* 303 */,
224 U64_C(0xd0c1e96a19d9e726) /* 304 */, U64_C(0x5a786a9b4ba9500c) /* 305 */,
225 U64_C(0x0e020336634c43f3) /* 306 */, U64_C(0xc17b474aeb66d822) /* 307 */,
226 U64_C(0x6a731ae3ec9baac2) /* 308 */, U64_C(0x8226667ae0840258) /* 309 */,
227 U64_C(0x67d4567691caeca5) /* 310 */, U64_C(0x1d94155c4875adb5) /* 311 */,
228 U64_C(0x6d00fd985b813fdf) /* 312 */, U64_C(0x51286efcb774cd06) /* 313 */,
229 U64_C(0x5e8834471fa744af) /* 314 */, U64_C(0xf72ca0aee761ae2e) /* 315 */,
230 U64_C(0xbe40e4cdaee8e09a) /* 316 */, U64_C(0xe9970bbb5118f665) /* 317 */,
231 U64_C(0x726e4beb33df1964) /* 318 */, U64_C(0x703b000729199762) /* 319 */,
232 U64_C(0x4631d816f5ef30a7) /* 320 */, U64_C(0xb880b5b51504a6be) /* 321 */,
233 U64_C(0x641793c37ed84b6c) /* 322 */, U64_C(0x7b21ed77f6e97d96) /* 323 */,
234 U64_C(0x776306312ef96b73) /* 324 */, U64_C(0xae528948e86ff3f4) /* 325 */,
235 U64_C(0x53dbd7f286a3f8f8) /* 326 */, U64_C(0x16cadce74cfc1063) /* 327 */,
236 U64_C(0x005c19bdfa52c6dd) /* 328 */, U64_C(0x68868f5d64d46ad3) /* 329 */,
237 U64_C(0x3a9d512ccf1e186a) /* 330 */, U64_C(0x367e62c2385660ae) /* 331 */,
238 U64_C(0xe359e7ea77dcb1d7) /* 332 */, U64_C(0x526c0773749abe6e) /* 333 */,
239 U64_C(0x735ae5f9d09f734b) /* 334 */, U64_C(0x493fc7cc8a558ba8) /* 335 */,
240 U64_C(0xb0b9c1533041ab45) /* 336 */, U64_C(0x321958ba470a59bd) /* 337 */,
241 U64_C(0x852db00b5f46c393) /* 338 */, U64_C(0x91209b2bd336b0e5) /* 339 */,
242 U64_C(0x6e604f7d659ef19f) /* 340 */, U64_C(0xb99a8ae2782ccb24) /* 341 */,
243 U64_C(0xccf52ab6c814c4c7) /* 342 */, U64_C(0x4727d9afbe11727b) /* 343 */,
244 U64_C(0x7e950d0c0121b34d) /* 344 */, U64_C(0x756f435670ad471f) /* 345 */,
245 U64_C(0xf5add442615a6849) /* 346 */, U64_C(0x4e87e09980b9957a) /* 347 */,
246 U64_C(0x2acfa1df50aee355) /* 348 */, U64_C(0xd898263afd2fd556) /* 349 */,
247 U64_C(0xc8f4924dd80c8fd6) /* 350 */, U64_C(0xcf99ca3d754a173a) /* 351 */,
248 U64_C(0xfe477bacaf91bf3c) /* 352 */, U64_C(0xed5371f6d690c12d) /* 353 */,
249 U64_C(0x831a5c285e687094) /* 354 */, U64_C(0xc5d3c90a3708a0a4) /* 355 */,
250 U64_C(0x0f7f903717d06580) /* 356 */, U64_C(0x19f9bb13b8fdf27f) /* 357 */,
251 U64_C(0xb1bd6f1b4d502843) /* 358 */, U64_C(0x1c761ba38fff4012) /* 359 */,
252 U64_C(0x0d1530c4e2e21f3b) /* 360 */, U64_C(0x8943ce69a7372c8a) /* 361 */,
253 U64_C(0xe5184e11feb5ce66) /* 362 */, U64_C(0x618bdb80bd736621) /* 363 */,
254 U64_C(0x7d29bad68b574d0b) /* 364 */, U64_C(0x81bb613e25e6fe5b) /* 365 */,
255 U64_C(0x071c9c10bc07913f) /* 366 */, U64_C(0xc7beeb7909ac2d97) /* 367 */,
256 U64_C(0xc3e58d353bc5d757) /* 368 */, U64_C(0xeb017892f38f61e8) /* 369 */,
257 U64_C(0xd4effb9c9b1cc21a) /* 370 */, U64_C(0x99727d26f494f7ab) /* 371 */,
258 U64_C(0xa3e063a2956b3e03) /* 372 */, U64_C(0x9d4a8b9a4aa09c30) /* 373 */,
259 U64_C(0x3f6ab7d500090fb4) /* 374 */, U64_C(0x9cc0f2a057268ac0) /* 375 */,
260 U64_C(0x3dee9d2dedbf42d1) /* 376 */, U64_C(0x330f49c87960a972) /* 377 */,
261 U64_C(0xc6b2720287421b41) /* 378 */, U64_C(0x0ac59ec07c00369c) /* 379 */,
262 U64_C(0xef4eac49cb353425) /* 380 */, U64_C(0xf450244eef0129d8) /* 381 */,
263 U64_C(0x8acc46e5caf4deb6) /* 382 */, U64_C(0x2ffeab63989263f7) /* 383 */,
264 U64_C(0x8f7cb9fe5d7a4578) /* 384 */, U64_C(0x5bd8f7644e634635) /* 385 */,
265 U64_C(0x427a7315bf2dc900) /* 386 */, U64_C(0x17d0c4aa2125261c) /* 387 */,
266 U64_C(0x3992486c93518e50) /* 388 */, U64_C(0xb4cbfee0a2d7d4c3) /* 389 */,
267 U64_C(0x7c75d6202c5ddd8d) /* 390 */, U64_C(0xdbc295d8e35b6c61) /* 391 */,
268 U64_C(0x60b369d302032b19) /* 392 */, U64_C(0xce42685fdce44132) /* 393 */,
269 U64_C(0x06f3ddb9ddf65610) /* 394 */, U64_C(0x8ea4d21db5e148f0) /* 395 */,
270 U64_C(0x20b0fce62fcd496f) /* 396 */, U64_C(0x2c1b912358b0ee31) /* 397 */,
271 U64_C(0xb28317b818f5a308) /* 398 */, U64_C(0xa89c1e189ca6d2cf) /* 399 */,
272 U64_C(0x0c6b18576aaadbc8) /* 400 */, U64_C(0xb65deaa91299fae3) /* 401 */,
273 U64_C(0xfb2b794b7f1027e7) /* 402 */, U64_C(0x04e4317f443b5beb) /* 403 */,
274 U64_C(0x4b852d325939d0a6) /* 404 */, U64_C(0xd5ae6beefb207ffc) /* 405 */,
275 U64_C(0x309682b281c7d374) /* 406 */, U64_C(0xbae309a194c3b475) /* 407 */,
276 U64_C(0x8cc3f97b13b49f05) /* 408 */, U64_C(0x98a9422ff8293967) /* 409 */,
277 U64_C(0x244b16b01076ff7c) /* 410 */, U64_C(0xf8bf571c663d67ee) /* 411 */,
278 U64_C(0x1f0d6758eee30da1) /* 412 */, U64_C(0xc9b611d97adeb9b7) /* 413 */,
279 U64_C(0xb7afd5887b6c57a2) /* 414 */, U64_C(0x6290ae846b984fe1) /* 415 */,
280 U64_C(0x94df4cdeacc1a5fd) /* 416 */, U64_C(0x058a5bd1c5483aff) /* 417 */,
281 U64_C(0x63166cc142ba3c37) /* 418 */, U64_C(0x8db8526eb2f76f40) /* 419 */,
282 U64_C(0xe10880036f0d6d4e) /* 420 */, U64_C(0x9e0523c9971d311d) /* 421 */,
283 U64_C(0x45ec2824cc7cd691) /* 422 */, U64_C(0x575b8359e62382c9) /* 423 */,
284 U64_C(0xfa9e400dc4889995) /* 424 */, U64_C(0xd1823ecb45721568) /* 425 */,
285 U64_C(0xdafd983b8206082f) /* 426 */, U64_C(0xaa7d29082386a8cb) /* 427 */,
286 U64_C(0x269fcd4403b87588) /* 428 */, U64_C(0x1b91f5f728bdd1e0) /* 429 */,
287 U64_C(0xe4669f39040201f6) /* 430 */, U64_C(0x7a1d7c218cf04ade) /* 431 */,
288 U64_C(0x65623c29d79ce5ce) /* 432 */, U64_C(0x2368449096c00bb1) /* 433 */,
289 U64_C(0xab9bf1879da503ba) /* 434 */, U64_C(0xbc23ecb1a458058e) /* 435 */,
290 U64_C(0x9a58df01bb401ecc) /* 436 */, U64_C(0xa070e868a85f143d) /* 437 */,
291 U64_C(0x4ff188307df2239e) /* 438 */, U64_C(0x14d565b41a641183) /* 439 */,
292 U64_C(0xee13337452701602) /* 440 */, U64_C(0x950e3dcf3f285e09) /* 441 */,
293 U64_C(0x59930254b9c80953) /* 442 */, U64_C(0x3bf299408930da6d) /* 443 */,
294 U64_C(0xa955943f53691387) /* 444 */, U64_C(0xa15edecaa9cb8784) /* 445 */,
295 U64_C(0x29142127352be9a0) /* 446 */, U64_C(0x76f0371fff4e7afb) /* 447 */,
296 U64_C(0x0239f450274f2228) /* 448 */, U64_C(0xbb073af01d5e868b) /* 449 */,
297 U64_C(0xbfc80571c10e96c1) /* 450 */, U64_C(0xd267088568222e23) /* 451 */,
298 U64_C(0x9671a3d48e80b5b0) /* 452 */, U64_C(0x55b5d38ae193bb81) /* 453 */,
299 U64_C(0x693ae2d0a18b04b8) /* 454 */, U64_C(0x5c48b4ecadd5335f) /* 455 */,
300 U64_C(0xfd743b194916a1ca) /* 456 */, U64_C(0x2577018134be98c4) /* 457 */,
301 U64_C(0xe77987e83c54a4ad) /* 458 */, U64_C(0x28e11014da33e1b9) /* 459 */,
302 U64_C(0x270cc59e226aa213) /* 460 */, U64_C(0x71495f756d1a5f60) /* 461 */,
303 U64_C(0x9be853fb60afef77) /* 462 */, U64_C(0xadc786a7f7443dbf) /* 463 */,
304 U64_C(0x0904456173b29a82) /* 464 */, U64_C(0x58bc7a66c232bd5e) /* 465 */,
305 U64_C(0xf306558c673ac8b2) /* 466 */, U64_C(0x41f639c6b6c9772a) /* 467 */,
306 U64_C(0x216defe99fda35da) /* 468 */, U64_C(0x11640cc71c7be615) /* 469 */,
307 U64_C(0x93c43694565c5527) /* 470 */, U64_C(0xea038e6246777839) /* 471 */,
308 U64_C(0xf9abf3ce5a3e2469) /* 472 */, U64_C(0x741e768d0fd312d2) /* 473 */,
309 U64_C(0x0144b883ced652c6) /* 474 */, U64_C(0xc20b5a5ba33f8552) /* 475 */,
310 U64_C(0x1ae69633c3435a9d) /* 476 */, U64_C(0x97a28ca4088cfdec) /* 477 */,
311 U64_C(0x8824a43c1e96f420) /* 478 */, U64_C(0x37612fa66eeea746) /* 479 */,
312 U64_C(0x6b4cb165f9cf0e5a) /* 480 */, U64_C(0x43aa1c06a0abfb4a) /* 481 */,
313 U64_C(0x7f4dc26ff162796b) /* 482 */, U64_C(0x6cbacc8e54ed9b0f) /* 483 */,
314 U64_C(0xa6b7ffefd2bb253e) /* 484 */, U64_C(0x2e25bc95b0a29d4f) /* 485 */,
315 U64_C(0x86d6a58bdef1388c) /* 486 */, U64_C(0xded74ac576b6f054) /* 487 */,
316 U64_C(0x8030bdbc2b45805d) /* 488 */, U64_C(0x3c81af70e94d9289) /* 489 */,
317 U64_C(0x3eff6dda9e3100db) /* 490 */, U64_C(0xb38dc39fdfcc8847) /* 491 */,
318 U64_C(0x123885528d17b87e) /* 492 */, U64_C(0xf2da0ed240b1b642) /* 493 */,
319 U64_C(0x44cefadcd54bf9a9) /* 494 */, U64_C(0x1312200e433c7ee6) /* 495 */,
320 U64_C(0x9ffcc84f3a78c748) /* 496 */, U64_C(0xf0cd1f72248576bb) /* 497 */,
321 U64_C(0xec6974053638cfe4) /* 498 */, U64_C(0x2ba7b67c0cec4e4c) /* 499 */,
322 U64_C(0xac2f4df3e5ce32ed) /* 500 */, U64_C(0xcb33d14326ea4c11) /* 501 */,
323 U64_C(0xa4e9044cc77e58bc) /* 502 */, U64_C(0x5f513293d934fcef) /* 503 */,
324 U64_C(0x5dc9645506e55444) /* 504 */, U64_C(0x50de418f317de40a) /* 505 */,
325 U64_C(0x388cb31a69dde259) /* 506 */, U64_C(0x2db4a83455820a86) /* 507 */,
326 U64_C(0x9010a91e84711ae9) /* 508 */, U64_C(0x4df7f0b7b1498371) /* 509 */,
327 U64_C(0xd62a2eabc0977179) /* 510 */, U64_C(0x22fac097aa8d5c0e) /* 511 */
328};
329static u64 sbox3[256] = {
330 U64_C(0xf49fcc2ff1daf39b) /* 512 */, U64_C(0x487fd5c66ff29281) /* 513 */,
331 U64_C(0xe8a30667fcdca83f) /* 514 */, U64_C(0x2c9b4be3d2fcce63) /* 515 */,
332 U64_C(0xda3ff74b93fbbbc2) /* 516 */, U64_C(0x2fa165d2fe70ba66) /* 517 */,
333 U64_C(0xa103e279970e93d4) /* 518 */, U64_C(0xbecdec77b0e45e71) /* 519 */,
334 U64_C(0xcfb41e723985e497) /* 520 */, U64_C(0xb70aaa025ef75017) /* 521 */,
335 U64_C(0xd42309f03840b8e0) /* 522 */, U64_C(0x8efc1ad035898579) /* 523 */,
336 U64_C(0x96c6920be2b2abc5) /* 524 */, U64_C(0x66af4163375a9172) /* 525 */,
337 U64_C(0x2174abdcca7127fb) /* 526 */, U64_C(0xb33ccea64a72ff41) /* 527 */,
338 U64_C(0xf04a4933083066a5) /* 528 */, U64_C(0x8d970acdd7289af5) /* 529 */,
339 U64_C(0x8f96e8e031c8c25e) /* 530 */, U64_C(0xf3fec02276875d47) /* 531 */,
340 U64_C(0xec7bf310056190dd) /* 532 */, U64_C(0xf5adb0aebb0f1491) /* 533 */,
341 U64_C(0x9b50f8850fd58892) /* 534 */, U64_C(0x4975488358b74de8) /* 535 */,
342 U64_C(0xa3354ff691531c61) /* 536 */, U64_C(0x0702bbe481d2c6ee) /* 537 */,
343 U64_C(0x89fb24057deded98) /* 538 */, U64_C(0xac3075138596e902) /* 539 */,
344 U64_C(0x1d2d3580172772ed) /* 540 */, U64_C(0xeb738fc28e6bc30d) /* 541 */,
345 U64_C(0x5854ef8f63044326) /* 542 */, U64_C(0x9e5c52325add3bbe) /* 543 */,
346 U64_C(0x90aa53cf325c4623) /* 544 */, U64_C(0xc1d24d51349dd067) /* 545 */,
347 U64_C(0x2051cfeea69ea624) /* 546 */, U64_C(0x13220f0a862e7e4f) /* 547 */,
348 U64_C(0xce39399404e04864) /* 548 */, U64_C(0xd9c42ca47086fcb7) /* 549 */,
349 U64_C(0x685ad2238a03e7cc) /* 550 */, U64_C(0x066484b2ab2ff1db) /* 551 */,
350 U64_C(0xfe9d5d70efbf79ec) /* 552 */, U64_C(0x5b13b9dd9c481854) /* 553 */,
351 U64_C(0x15f0d475ed1509ad) /* 554 */, U64_C(0x0bebcd060ec79851) /* 555 */,
352 U64_C(0xd58c6791183ab7f8) /* 556 */, U64_C(0xd1187c5052f3eee4) /* 557 */,
353 U64_C(0xc95d1192e54e82ff) /* 558 */, U64_C(0x86eea14cb9ac6ca2) /* 559 */,
354 U64_C(0x3485beb153677d5d) /* 560 */, U64_C(0xdd191d781f8c492a) /* 561 */,
355 U64_C(0xf60866baa784ebf9) /* 562 */, U64_C(0x518f643ba2d08c74) /* 563 */,
356 U64_C(0x8852e956e1087c22) /* 564 */, U64_C(0xa768cb8dc410ae8d) /* 565 */,
357 U64_C(0x38047726bfec8e1a) /* 566 */, U64_C(0xa67738b4cd3b45aa) /* 567 */,
358 U64_C(0xad16691cec0dde19) /* 568 */, U64_C(0xc6d4319380462e07) /* 569 */,
359 U64_C(0xc5a5876d0ba61938) /* 570 */, U64_C(0x16b9fa1fa58fd840) /* 571 */,
360 U64_C(0x188ab1173ca74f18) /* 572 */, U64_C(0xabda2f98c99c021f) /* 573 */,
361 U64_C(0x3e0580ab134ae816) /* 574 */, U64_C(0x5f3b05b773645abb) /* 575 */,
362 U64_C(0x2501a2be5575f2f6) /* 576 */, U64_C(0x1b2f74004e7e8ba9) /* 577 */,
363 U64_C(0x1cd7580371e8d953) /* 578 */, U64_C(0x7f6ed89562764e30) /* 579 */,
364 U64_C(0xb15926ff596f003d) /* 580 */, U64_C(0x9f65293da8c5d6b9) /* 581 */,
365 U64_C(0x6ecef04dd690f84c) /* 582 */, U64_C(0x4782275fff33af88) /* 583 */,
366 U64_C(0xe41433083f820801) /* 584 */, U64_C(0xfd0dfe409a1af9b5) /* 585 */,
367 U64_C(0x4325a3342cdb396b) /* 586 */, U64_C(0x8ae77e62b301b252) /* 587 */,
368 U64_C(0xc36f9e9f6655615a) /* 588 */, U64_C(0x85455a2d92d32c09) /* 589 */,
369 U64_C(0xf2c7dea949477485) /* 590 */, U64_C(0x63cfb4c133a39eba) /* 591 */,
370 U64_C(0x83b040cc6ebc5462) /* 592 */, U64_C(0x3b9454c8fdb326b0) /* 593 */,
371 U64_C(0x56f56a9e87ffd78c) /* 594 */, U64_C(0x2dc2940d99f42bc6) /* 595 */,
372 U64_C(0x98f7df096b096e2d) /* 596 */, U64_C(0x19a6e01e3ad852bf) /* 597 */,
373 U64_C(0x42a99ccbdbd4b40b) /* 598 */, U64_C(0xa59998af45e9c559) /* 599 */,
374 U64_C(0x366295e807d93186) /* 600 */, U64_C(0x6b48181bfaa1f773) /* 601 */,
375 U64_C(0x1fec57e2157a0a1d) /* 602 */, U64_C(0x4667446af6201ad5) /* 603 */,
376 U64_C(0xe615ebcacfb0f075) /* 604 */, U64_C(0xb8f31f4f68290778) /* 605 */,
377 U64_C(0x22713ed6ce22d11e) /* 606 */, U64_C(0x3057c1a72ec3c93b) /* 607 */,
378 U64_C(0xcb46acc37c3f1f2f) /* 608 */, U64_C(0xdbb893fd02aaf50e) /* 609 */,
379 U64_C(0x331fd92e600b9fcf) /* 610 */, U64_C(0xa498f96148ea3ad6) /* 611 */,
380 U64_C(0xa8d8426e8b6a83ea) /* 612 */, U64_C(0xa089b274b7735cdc) /* 613 */,
381 U64_C(0x87f6b3731e524a11) /* 614 */, U64_C(0x118808e5cbc96749) /* 615 */,
382 U64_C(0x9906e4c7b19bd394) /* 616 */, U64_C(0xafed7f7e9b24a20c) /* 617 */,
383 U64_C(0x6509eadeeb3644a7) /* 618 */, U64_C(0x6c1ef1d3e8ef0ede) /* 619 */,
384 U64_C(0xb9c97d43e9798fb4) /* 620 */, U64_C(0xa2f2d784740c28a3) /* 621 */,
385 U64_C(0x7b8496476197566f) /* 622 */, U64_C(0x7a5be3e6b65f069d) /* 623 */,
386 U64_C(0xf96330ed78be6f10) /* 624 */, U64_C(0xeee60de77a076a15) /* 625 */,
387 U64_C(0x2b4bee4aa08b9bd0) /* 626 */, U64_C(0x6a56a63ec7b8894e) /* 627 */,
388 U64_C(0x02121359ba34fef4) /* 628 */, U64_C(0x4cbf99f8283703fc) /* 629 */,
389 U64_C(0x398071350caf30c8) /* 630 */, U64_C(0xd0a77a89f017687a) /* 631 */,
390 U64_C(0xf1c1a9eb9e423569) /* 632 */, U64_C(0x8c7976282dee8199) /* 633 */,
391 U64_C(0x5d1737a5dd1f7abd) /* 634 */, U64_C(0x4f53433c09a9fa80) /* 635 */,
392 U64_C(0xfa8b0c53df7ca1d9) /* 636 */, U64_C(0x3fd9dcbc886ccb77) /* 637 */,
393 U64_C(0xc040917ca91b4720) /* 638 */, U64_C(0x7dd00142f9d1dcdf) /* 639 */,
394 U64_C(0x8476fc1d4f387b58) /* 640 */, U64_C(0x23f8e7c5f3316503) /* 641 */,
395 U64_C(0x032a2244e7e37339) /* 642 */, U64_C(0x5c87a5d750f5a74b) /* 643 */,
396 U64_C(0x082b4cc43698992e) /* 644 */, U64_C(0xdf917becb858f63c) /* 645 */,
397 U64_C(0x3270b8fc5bf86dda) /* 646 */, U64_C(0x10ae72bb29b5dd76) /* 647 */,
398 U64_C(0x576ac94e7700362b) /* 648 */, U64_C(0x1ad112dac61efb8f) /* 649 */,
399 U64_C(0x691bc30ec5faa427) /* 650 */, U64_C(0xff246311cc327143) /* 651 */,
400 U64_C(0x3142368e30e53206) /* 652 */, U64_C(0x71380e31e02ca396) /* 653 */,
401 U64_C(0x958d5c960aad76f1) /* 654 */, U64_C(0xf8d6f430c16da536) /* 655 */,
402 U64_C(0xc8ffd13f1be7e1d2) /* 656 */, U64_C(0x7578ae66004ddbe1) /* 657 */,
403 U64_C(0x05833f01067be646) /* 658 */, U64_C(0xbb34b5ad3bfe586d) /* 659 */,
404 U64_C(0x095f34c9a12b97f0) /* 660 */, U64_C(0x247ab64525d60ca8) /* 661 */,
405 U64_C(0xdcdbc6f3017477d1) /* 662 */, U64_C(0x4a2e14d4decad24d) /* 663 */,
406 U64_C(0xbdb5e6d9be0a1eeb) /* 664 */, U64_C(0x2a7e70f7794301ab) /* 665 */,
407 U64_C(0xdef42d8a270540fd) /* 666 */, U64_C(0x01078ec0a34c22c1) /* 667 */,
408 U64_C(0xe5de511af4c16387) /* 668 */, U64_C(0x7ebb3a52bd9a330a) /* 669 */,
409 U64_C(0x77697857aa7d6435) /* 670 */, U64_C(0x004e831603ae4c32) /* 671 */,
410 U64_C(0xe7a21020ad78e312) /* 672 */, U64_C(0x9d41a70c6ab420f2) /* 673 */,
411 U64_C(0x28e06c18ea1141e6) /* 674 */, U64_C(0xd2b28cbd984f6b28) /* 675 */,
412 U64_C(0x26b75f6c446e9d83) /* 676 */, U64_C(0xba47568c4d418d7f) /* 677 */,
413 U64_C(0xd80badbfe6183d8e) /* 678 */, U64_C(0x0e206d7f5f166044) /* 679 */,
414 U64_C(0xe258a43911cbca3e) /* 680 */, U64_C(0x723a1746b21dc0bc) /* 681 */,
415 U64_C(0xc7caa854f5d7cdd3) /* 682 */, U64_C(0x7cac32883d261d9c) /* 683 */,
416 U64_C(0x7690c26423ba942c) /* 684 */, U64_C(0x17e55524478042b8) /* 685 */,
417 U64_C(0xe0be477656a2389f) /* 686 */, U64_C(0x4d289b5e67ab2da0) /* 687 */,
418 U64_C(0x44862b9c8fbbfd31) /* 688 */, U64_C(0xb47cc8049d141365) /* 689 */,
419 U64_C(0x822c1b362b91c793) /* 690 */, U64_C(0x4eb14655fb13dfd8) /* 691 */,
420 U64_C(0x1ecbba0714e2a97b) /* 692 */, U64_C(0x6143459d5cde5f14) /* 693 */,
421 U64_C(0x53a8fbf1d5f0ac89) /* 694 */, U64_C(0x97ea04d81c5e5b00) /* 695 */,
422 U64_C(0x622181a8d4fdb3f3) /* 696 */, U64_C(0xe9bcd341572a1208) /* 697 */,
423 U64_C(0x1411258643cce58a) /* 698 */, U64_C(0x9144c5fea4c6e0a4) /* 699 */,
424 U64_C(0x0d33d06565cf620f) /* 700 */, U64_C(0x54a48d489f219ca1) /* 701 */,
425 U64_C(0xc43e5eac6d63c821) /* 702 */, U64_C(0xa9728b3a72770daf) /* 703 */,
426 U64_C(0xd7934e7b20df87ef) /* 704 */, U64_C(0xe35503b61a3e86e5) /* 705 */,
427 U64_C(0xcae321fbc819d504) /* 706 */, U64_C(0x129a50b3ac60bfa6) /* 707 */,
428 U64_C(0xcd5e68ea7e9fb6c3) /* 708 */, U64_C(0xb01c90199483b1c7) /* 709 */,
429 U64_C(0x3de93cd5c295376c) /* 710 */, U64_C(0xaed52edf2ab9ad13) /* 711 */,
430 U64_C(0x2e60f512c0a07884) /* 712 */, U64_C(0xbc3d86a3e36210c9) /* 713 */,
431 U64_C(0x35269d9b163951ce) /* 714 */, U64_C(0x0c7d6e2ad0cdb5fa) /* 715 */,
432 U64_C(0x59e86297d87f5733) /* 716 */, U64_C(0x298ef221898db0e7) /* 717 */,
433 U64_C(0x55000029d1a5aa7e) /* 718 */, U64_C(0x8bc08ae1b5061b45) /* 719 */,
434 U64_C(0xc2c31c2b6c92703a) /* 720 */, U64_C(0x94cc596baf25ef42) /* 721 */,
435 U64_C(0x0a1d73db22540456) /* 722 */, U64_C(0x04b6a0f9d9c4179a) /* 723 */,
436 U64_C(0xeffdafa2ae3d3c60) /* 724 */, U64_C(0xf7c8075bb49496c4) /* 725 */,
437 U64_C(0x9cc5c7141d1cd4e3) /* 726 */, U64_C(0x78bd1638218e5534) /* 727 */,
438 U64_C(0xb2f11568f850246a) /* 728 */, U64_C(0xedfabcfa9502bc29) /* 729 */,
439 U64_C(0x796ce5f2da23051b) /* 730 */, U64_C(0xaae128b0dc93537c) /* 731 */,
440 U64_C(0x3a493da0ee4b29ae) /* 732 */, U64_C(0xb5df6b2c416895d7) /* 733 */,
441 U64_C(0xfcabbd25122d7f37) /* 734 */, U64_C(0x70810b58105dc4b1) /* 735 */,
442 U64_C(0xe10fdd37f7882a90) /* 736 */, U64_C(0x524dcab5518a3f5c) /* 737 */,
443 U64_C(0x3c9e85878451255b) /* 738 */, U64_C(0x4029828119bd34e2) /* 739 */,
444 U64_C(0x74a05b6f5d3ceccb) /* 740 */, U64_C(0xb610021542e13eca) /* 741 */,
445 U64_C(0x0ff979d12f59e2ac) /* 742 */, U64_C(0x6037da27e4f9cc50) /* 743 */,
446 U64_C(0x5e92975a0df1847d) /* 744 */, U64_C(0xd66de190d3e623fe) /* 745 */,
447 U64_C(0x5032d6b87b568048) /* 746 */, U64_C(0x9a36b7ce8235216e) /* 747 */,
448 U64_C(0x80272a7a24f64b4a) /* 748 */, U64_C(0x93efed8b8c6916f7) /* 749 */,
449 U64_C(0x37ddbff44cce1555) /* 750 */, U64_C(0x4b95db5d4b99bd25) /* 751 */,
450 U64_C(0x92d3fda169812fc0) /* 752 */, U64_C(0xfb1a4a9a90660bb6) /* 753 */,
451 U64_C(0x730c196946a4b9b2) /* 754 */, U64_C(0x81e289aa7f49da68) /* 755 */,
452 U64_C(0x64669a0f83b1a05f) /* 756 */, U64_C(0x27b3ff7d9644f48b) /* 757 */,
453 U64_C(0xcc6b615c8db675b3) /* 758 */, U64_C(0x674f20b9bcebbe95) /* 759 */,
454 U64_C(0x6f31238275655982) /* 760 */, U64_C(0x5ae488713e45cf05) /* 761 */,
455 U64_C(0xbf619f9954c21157) /* 762 */, U64_C(0xeabac46040a8eae9) /* 763 */,
456 U64_C(0x454c6fe9f2c0c1cd) /* 764 */, U64_C(0x419cf6496412691c) /* 765 */,
457 U64_C(0xd3dc3bef265b0f70) /* 766 */, U64_C(0x6d0e60f5c3578a9e) /* 767 */
458};
459static u64 sbox4[256] = {
460 U64_C(0x5b0e608526323c55) /* 768 */, U64_C(0x1a46c1a9fa1b59f5) /* 769 */,
461 U64_C(0xa9e245a17c4c8ffa) /* 770 */, U64_C(0x65ca5159db2955d7) /* 771 */,
462 U64_C(0x05db0a76ce35afc2) /* 772 */, U64_C(0x81eac77ea9113d45) /* 773 */,
463 U64_C(0x528ef88ab6ac0a0d) /* 774 */, U64_C(0xa09ea253597be3ff) /* 775 */,
464 U64_C(0x430ddfb3ac48cd56) /* 776 */, U64_C(0xc4b3a67af45ce46f) /* 777 */,
465 U64_C(0x4ececfd8fbe2d05e) /* 778 */, U64_C(0x3ef56f10b39935f0) /* 779 */,
466 U64_C(0x0b22d6829cd619c6) /* 780 */, U64_C(0x17fd460a74df2069) /* 781 */,
467 U64_C(0x6cf8cc8e8510ed40) /* 782 */, U64_C(0xd6c824bf3a6ecaa7) /* 783 */,
468 U64_C(0x61243d581a817049) /* 784 */, U64_C(0x048bacb6bbc163a2) /* 785 */,
469 U64_C(0xd9a38ac27d44cc32) /* 786 */, U64_C(0x7fddff5baaf410ab) /* 787 */,
470 U64_C(0xad6d495aa804824b) /* 788 */, U64_C(0xe1a6a74f2d8c9f94) /* 789 */,
471 U64_C(0xd4f7851235dee8e3) /* 790 */, U64_C(0xfd4b7f886540d893) /* 791 */,
472 U64_C(0x247c20042aa4bfda) /* 792 */, U64_C(0x096ea1c517d1327c) /* 793 */,
473 U64_C(0xd56966b4361a6685) /* 794 */, U64_C(0x277da5c31221057d) /* 795 */,
474 U64_C(0x94d59893a43acff7) /* 796 */, U64_C(0x64f0c51ccdc02281) /* 797 */,
475 U64_C(0x3d33bcc4ff6189db) /* 798 */, U64_C(0xe005cb184ce66af1) /* 799 */,
476 U64_C(0xff5ccd1d1db99bea) /* 800 */, U64_C(0xb0b854a7fe42980f) /* 801 */,
477 U64_C(0x7bd46a6a718d4b9f) /* 802 */, U64_C(0xd10fa8cc22a5fd8c) /* 803 */,
478 U64_C(0xd31484952be4bd31) /* 804 */, U64_C(0xc7fa975fcb243847) /* 805 */,
479 U64_C(0x4886ed1e5846c407) /* 806 */, U64_C(0x28cddb791eb70b04) /* 807 */,
480 U64_C(0xc2b00be2f573417f) /* 808 */, U64_C(0x5c9590452180f877) /* 809 */,
481 U64_C(0x7a6bddfff370eb00) /* 810 */, U64_C(0xce509e38d6d9d6a4) /* 811 */,
482 U64_C(0xebeb0f00647fa702) /* 812 */, U64_C(0x1dcc06cf76606f06) /* 813 */,
483 U64_C(0xe4d9f28ba286ff0a) /* 814 */, U64_C(0xd85a305dc918c262) /* 815 */,
484 U64_C(0x475b1d8732225f54) /* 816 */, U64_C(0x2d4fb51668ccb5fe) /* 817 */,
485 U64_C(0xa679b9d9d72bba20) /* 818 */, U64_C(0x53841c0d912d43a5) /* 819 */,
486 U64_C(0x3b7eaa48bf12a4e8) /* 820 */, U64_C(0x781e0e47f22f1ddf) /* 821 */,
487 U64_C(0xeff20ce60ab50973) /* 822 */, U64_C(0x20d261d19dffb742) /* 823 */,
488 U64_C(0x16a12b03062a2e39) /* 824 */, U64_C(0x1960eb2239650495) /* 825 */,
489 U64_C(0x251c16fed50eb8b8) /* 826 */, U64_C(0x9ac0c330f826016e) /* 827 */,
490 U64_C(0xed152665953e7671) /* 828 */, U64_C(0x02d63194a6369570) /* 829 */,
491 U64_C(0x5074f08394b1c987) /* 830 */, U64_C(0x70ba598c90b25ce1) /* 831 */,
492 U64_C(0x794a15810b9742f6) /* 832 */, U64_C(0x0d5925e9fcaf8c6c) /* 833 */,
493 U64_C(0x3067716cd868744e) /* 834 */, U64_C(0x910ab077e8d7731b) /* 835 */,
494 U64_C(0x6a61bbdb5ac42f61) /* 836 */, U64_C(0x93513efbf0851567) /* 837 */,
495 U64_C(0xf494724b9e83e9d5) /* 838 */, U64_C(0xe887e1985c09648d) /* 839 */,
496 U64_C(0x34b1d3c675370cfd) /* 840 */, U64_C(0xdc35e433bc0d255d) /* 841 */,
497 U64_C(0xd0aab84234131be0) /* 842 */, U64_C(0x08042a50b48b7eaf) /* 843 */,
498 U64_C(0x9997c4ee44a3ab35) /* 844 */, U64_C(0x829a7b49201799d0) /* 845 */,
499 U64_C(0x263b8307b7c54441) /* 846 */, U64_C(0x752f95f4fd6a6ca6) /* 847 */,
500 U64_C(0x927217402c08c6e5) /* 848 */, U64_C(0x2a8ab754a795d9ee) /* 849 */,
501 U64_C(0xa442f7552f72943d) /* 850 */, U64_C(0x2c31334e19781208) /* 851 */,
502 U64_C(0x4fa98d7ceaee6291) /* 852 */, U64_C(0x55c3862f665db309) /* 853 */,
503 U64_C(0xbd0610175d53b1f3) /* 854 */, U64_C(0x46fe6cb840413f27) /* 855 */,
504 U64_C(0x3fe03792df0cfa59) /* 856 */, U64_C(0xcfe700372eb85e8f) /* 857 */,
505 U64_C(0xa7be29e7adbce118) /* 858 */, U64_C(0xe544ee5cde8431dd) /* 859 */,
506 U64_C(0x8a781b1b41f1873e) /* 860 */, U64_C(0xa5c94c78a0d2f0e7) /* 861 */,
507 U64_C(0x39412e2877b60728) /* 862 */, U64_C(0xa1265ef3afc9a62c) /* 863 */,
508 U64_C(0xbcc2770c6a2506c5) /* 864 */, U64_C(0x3ab66dd5dce1ce12) /* 865 */,
509 U64_C(0xe65499d04a675b37) /* 866 */, U64_C(0x7d8f523481bfd216) /* 867 */,
510 U64_C(0x0f6f64fcec15f389) /* 868 */, U64_C(0x74efbe618b5b13c8) /* 869 */,
511 U64_C(0xacdc82b714273e1d) /* 870 */, U64_C(0xdd40bfe003199d17) /* 871 */,
512 U64_C(0x37e99257e7e061f8) /* 872 */, U64_C(0xfa52626904775aaa) /* 873 */,
513 U64_C(0x8bbbf63a463d56f9) /* 874 */, U64_C(0xf0013f1543a26e64) /* 875 */,
514 U64_C(0xa8307e9f879ec898) /* 876 */, U64_C(0xcc4c27a4150177cc) /* 877 */,
515 U64_C(0x1b432f2cca1d3348) /* 878 */, U64_C(0xde1d1f8f9f6fa013) /* 879 */,
516 U64_C(0x606602a047a7ddd6) /* 880 */, U64_C(0xd237ab64cc1cb2c7) /* 881 */,
517 U64_C(0x9b938e7225fcd1d3) /* 882 */, U64_C(0xec4e03708e0ff476) /* 883 */,
518 U64_C(0xfeb2fbda3d03c12d) /* 884 */, U64_C(0xae0bced2ee43889a) /* 885 */,
519 U64_C(0x22cb8923ebfb4f43) /* 886 */, U64_C(0x69360d013cf7396d) /* 887 */,
520 U64_C(0x855e3602d2d4e022) /* 888 */, U64_C(0x073805bad01f784c) /* 889 */,
521 U64_C(0x33e17a133852f546) /* 890 */, U64_C(0xdf4874058ac7b638) /* 891 */,
522 U64_C(0xba92b29c678aa14a) /* 892 */, U64_C(0x0ce89fc76cfaadcd) /* 893 */,
523 U64_C(0x5f9d4e0908339e34) /* 894 */, U64_C(0xf1afe9291f5923b9) /* 895 */,
524 U64_C(0x6e3480f60f4a265f) /* 896 */, U64_C(0xeebf3a2ab29b841c) /* 897 */,
525 U64_C(0xe21938a88f91b4ad) /* 898 */, U64_C(0x57dfeff845c6d3c3) /* 899 */,
526 U64_C(0x2f006b0bf62caaf2) /* 900 */, U64_C(0x62f479ef6f75ee78) /* 901 */,
527 U64_C(0x11a55ad41c8916a9) /* 902 */, U64_C(0xf229d29084fed453) /* 903 */,
528 U64_C(0x42f1c27b16b000e6) /* 904 */, U64_C(0x2b1f76749823c074) /* 905 */,
529 U64_C(0x4b76eca3c2745360) /* 906 */, U64_C(0x8c98f463b91691bd) /* 907 */,
530 U64_C(0x14bcc93cf1ade66a) /* 908 */, U64_C(0x8885213e6d458397) /* 909 */,
531 U64_C(0x8e177df0274d4711) /* 910 */, U64_C(0xb49b73b5503f2951) /* 911 */,
532 U64_C(0x10168168c3f96b6b) /* 912 */, U64_C(0x0e3d963b63cab0ae) /* 913 */,
533 U64_C(0x8dfc4b5655a1db14) /* 914 */, U64_C(0xf789f1356e14de5c) /* 915 */,
534 U64_C(0x683e68af4e51dac1) /* 916 */, U64_C(0xc9a84f9d8d4b0fd9) /* 917 */,
535 U64_C(0x3691e03f52a0f9d1) /* 918 */, U64_C(0x5ed86e46e1878e80) /* 919 */,
536 U64_C(0x3c711a0e99d07150) /* 920 */, U64_C(0x5a0865b20c4e9310) /* 921 */,
537 U64_C(0x56fbfc1fe4f0682e) /* 922 */, U64_C(0xea8d5de3105edf9b) /* 923 */,
538 U64_C(0x71abfdb12379187a) /* 924 */, U64_C(0x2eb99de1bee77b9c) /* 925 */,
539 U64_C(0x21ecc0ea33cf4523) /* 926 */, U64_C(0x59a4d7521805c7a1) /* 927 */,
540 U64_C(0x3896f5eb56ae7c72) /* 928 */, U64_C(0xaa638f3db18f75dc) /* 929 */,
541 U64_C(0x9f39358dabe9808e) /* 930 */, U64_C(0xb7defa91c00b72ac) /* 931 */,
542 U64_C(0x6b5541fd62492d92) /* 932 */, U64_C(0x6dc6dee8f92e4d5b) /* 933 */,
543 U64_C(0x353f57abc4beea7e) /* 934 */, U64_C(0x735769d6da5690ce) /* 935 */,
544 U64_C(0x0a234aa642391484) /* 936 */, U64_C(0xf6f9508028f80d9d) /* 937 */,
545 U64_C(0xb8e319a27ab3f215) /* 938 */, U64_C(0x31ad9c1151341a4d) /* 939 */,
546 U64_C(0x773c22a57bef5805) /* 940 */, U64_C(0x45c7561a07968633) /* 941 */,
547 U64_C(0xf913da9e249dbe36) /* 942 */, U64_C(0xda652d9b78a64c68) /* 943 */,
548 U64_C(0x4c27a97f3bc334ef) /* 944 */, U64_C(0x76621220e66b17f4) /* 945 */,
549 U64_C(0x967743899acd7d0b) /* 946 */, U64_C(0xf3ee5bcae0ed6782) /* 947 */,
550 U64_C(0x409f753600c879fc) /* 948 */, U64_C(0x06d09a39b5926db6) /* 949 */,
551 U64_C(0x6f83aeb0317ac588) /* 950 */, U64_C(0x01e6ca4a86381f21) /* 951 */,
552 U64_C(0x66ff3462d19f3025) /* 952 */, U64_C(0x72207c24ddfd3bfb) /* 953 */,
553 U64_C(0x4af6b6d3e2ece2eb) /* 954 */, U64_C(0x9c994dbec7ea08de) /* 955 */,
554 U64_C(0x49ace597b09a8bc4) /* 956 */, U64_C(0xb38c4766cf0797ba) /* 957 */,
555 U64_C(0x131b9373c57c2a75) /* 958 */, U64_C(0xb1822cce61931e58) /* 959 */,
556 U64_C(0x9d7555b909ba1c0c) /* 960 */, U64_C(0x127fafdd937d11d2) /* 961 */,
557 U64_C(0x29da3badc66d92e4) /* 962 */, U64_C(0xa2c1d57154c2ecbc) /* 963 */,
558 U64_C(0x58c5134d82f6fe24) /* 964 */, U64_C(0x1c3ae3515b62274f) /* 965 */,
559 U64_C(0xe907c82e01cb8126) /* 966 */, U64_C(0xf8ed091913e37fcb) /* 967 */,
560 U64_C(0x3249d8f9c80046c9) /* 968 */, U64_C(0x80cf9bede388fb63) /* 969 */,
561 U64_C(0x1881539a116cf19e) /* 970 */, U64_C(0x5103f3f76bd52457) /* 971 */,
562 U64_C(0x15b7e6f5ae47f7a8) /* 972 */, U64_C(0xdbd7c6ded47e9ccf) /* 973 */,
563 U64_C(0x44e55c410228bb1a) /* 974 */, U64_C(0xb647d4255edb4e99) /* 975 */,
564 U64_C(0x5d11882bb8aafc30) /* 976 */, U64_C(0xf5098bbb29d3212a) /* 977 */,
565 U64_C(0x8fb5ea14e90296b3) /* 978 */, U64_C(0x677b942157dd025a) /* 979 */,
566 U64_C(0xfb58e7c0a390acb5) /* 980 */, U64_C(0x89d3674c83bd4a01) /* 981 */,
567 U64_C(0x9e2da4df4bf3b93b) /* 982 */, U64_C(0xfcc41e328cab4829) /* 983 */,
568 U64_C(0x03f38c96ba582c52) /* 984 */, U64_C(0xcad1bdbd7fd85db2) /* 985 */,
569 U64_C(0xbbb442c16082ae83) /* 986 */, U64_C(0xb95fe86ba5da9ab0) /* 987 */,
570 U64_C(0xb22e04673771a93f) /* 988 */, U64_C(0x845358c9493152d8) /* 989 */,
571 U64_C(0xbe2a488697b4541e) /* 990 */, U64_C(0x95a2dc2dd38e6966) /* 991 */,
572 U64_C(0xc02c11ac923c852b) /* 992 */, U64_C(0x2388b1990df2a87b) /* 993 */,
573 U64_C(0x7c8008fa1b4f37be) /* 994 */, U64_C(0x1f70d0c84d54e503) /* 995 */,
574 U64_C(0x5490adec7ece57d4) /* 996 */, U64_C(0x002b3c27d9063a3a) /* 997 */,
575 U64_C(0x7eaea3848030a2bf) /* 998 */, U64_C(0xc602326ded2003c0) /* 999 */,
576 U64_C(0x83a7287d69a94086) /* 1000 */, U64_C(0xc57a5fcb30f57a8a) /* 1001 */,
577 U64_C(0xb56844e479ebe779) /* 1002 */, U64_C(0xa373b40f05dcbce9) /* 1003 */,
578 U64_C(0xd71a786e88570ee2) /* 1004 */, U64_C(0x879cbacdbde8f6a0) /* 1005 */,
579 U64_C(0x976ad1bcc164a32f) /* 1006 */, U64_C(0xab21e25e9666d78b) /* 1007 */,
580 U64_C(0x901063aae5e5c33c) /* 1008 */, U64_C(0x9818b34448698d90) /* 1009 */,
581 U64_C(0xe36487ae3e1e8abb) /* 1010 */, U64_C(0xafbdf931893bdcb4) /* 1011 */,
582 U64_C(0x6345a0dc5fbbd519) /* 1012 */, U64_C(0x8628fe269b9465ca) /* 1013 */,
583 U64_C(0x1e5d01603f9c51ec) /* 1014 */, U64_C(0x4de44006a15049b7) /* 1015 */,
584 U64_C(0xbf6c70e5f776cbb1) /* 1016 */, U64_C(0x411218f2ef552bed) /* 1017 */,
585 U64_C(0xcb0c0708705a36a3) /* 1018 */, U64_C(0xe74d14754f986044) /* 1019 */,
586 U64_C(0xcd56d9430ea8280e) /* 1020 */, U64_C(0xc12591d7535f5065) /* 1021 */,
587 U64_C(0xc83223f1720aef96) /* 1022 */, U64_C(0xc3a0396f7363a51f) /* 1023 */
588};
589
590static void
591tiger_init( void *context )
592{
593 TIGER_CONTEXT *hd = context;
594
595 hd->a = 0x0123456789abcdefLL;
596 hd->b = 0xfedcba9876543210LL;
597 hd->c = 0xf096a5b4c3b2e187LL;
598 hd->nblocks = 0;
599 hd->count = 0;
600}
601
602static void
603R( u64 *ra, u64 *rb, u64 *rc, u64 x, int mul )
604{
605 u64 a = *ra;
606 u64 b = *rb;
607 u64 c = *rc;
608
609 c ^= x;
610 a -= ( sbox1[ c & 0xff ] ^ sbox2[ (c >> 16) & 0xff ]
611 ^ sbox3[ (c >> 32) & 0xff ] ^ sbox4[ (c >> 48) & 0xff ]);
612 b += ( sbox4[ (c >> 8) & 0xff ] ^ sbox3[ (c >> 24) & 0xff ]
613 ^ sbox2[ (c >> 40) & 0xff ] ^ sbox1[ (c >> 56) & 0xff ]);
614 b *= mul;
615
616 *ra = a;
617 *rb = b;
618 *rc = c;
619}
620
621
622static void
623pass( u64 *ra, u64 *rb, u64 *rc, u64 *x, int mul )
624{
625 u64 a = *ra;
626 u64 b = *rb;
627 u64 c = *rc;
628
629 R( &a, &b, &c, x[0], mul );
630 R( &b, &c, &a, x[1], mul );
631 R( &c, &a, &b, x[2], mul );
632 R( &a, &b, &c, x[3], mul );
633 R( &b, &c, &a, x[4], mul );
634 R( &c, &a, &b, x[5], mul );
635 R( &a, &b, &c, x[6], mul );
636 R( &b, &c, &a, x[7], mul );
637
638 *ra = a;
639 *rb = b;
640 *rc = c;
641}
642
643
644static void
645key_schedule( u64 *x )
646{
647 x[0] -= x[7] ^ 0xa5a5a5a5a5a5a5a5LL;
648 x[1] ^= x[0];
649 x[2] += x[1];
650 x[3] -= x[2] ^ ((~x[1]) << 19 );
651 x[4] ^= x[3];
652 x[5] += x[4];
653 x[6] -= x[5] ^ ((~x[4]) >> 23 );
654 x[7] ^= x[6];
655 x[0] += x[7];
656 x[1] -= x[0] ^ ((~x[7]) << 19 );
657 x[2] ^= x[1];
658 x[3] += x[2];
659 x[4] -= x[3] ^ ((~x[2]) >> 23 );
660 x[5] ^= x[4];
661 x[6] += x[5];
662 x[7] -= x[6] ^ 0x0123456789abcdefLL;
663}
664
665
666/****************
667 * Transform the message DATA which consists of 512 bytes (8 words)
668 */
669static void
670transform( TIGER_CONTEXT *hd, byte *data )
671{
672 u64 a,b,c,aa,bb,cc;
673 u64 x[8];
674#ifdef WORDS_BIGENDIAN
675#define MKWORD(d,n) \
676 ( ((u64)(d)[8*(n)+7]) << 56 | ((u64)(d)[8*(n)+6]) << 48 \
677 | ((u64)(d)[8*(n)+5]) << 40 | ((u64)(d)[8*(n)+4]) << 32 \
678 | ((u64)(d)[8*(n)+3]) << 24 | ((u64)(d)[8*(n)+2]) << 16 \
679 | ((u64)(d)[8*(n)+1]) << 8 | ((u64)(d)[8*(n) ]) )
680 x[0] = MKWORD(data, 0);
681 x[1] = MKWORD(data, 1);
682 x[2] = MKWORD(data, 2);
683 x[3] = MKWORD(data, 3);
684 x[4] = MKWORD(data, 4);
685 x[5] = MKWORD(data, 5);
686 x[6] = MKWORD(data, 6);
687 x[7] = MKWORD(data, 7);
688#undef MKWORD
689#else
690 memcpy( &x[0], data, 64 );
691#endif
692
693 /* save */
694 a = aa = hd->a;
695 b = bb = hd->b;
696 c = cc = hd->c;
697
698 pass( &a, &b, &c, x, 5);
699 key_schedule( x );
700 pass( &c, &a, &b, x, 7);
701 key_schedule( x );
702 pass( &b, &c, &a, x, 9);
703
704 /* feedforward */
705 a ^= aa;
706 b -= bb;
707 c += cc;
708 /* store */
709 hd->a = a;
710 hd->b = b;
711 hd->c = c;
712}
713
714
715
716/* Update the message digest with the contents
717 * of INBUF with length INLEN.
718 */
719static void
720tiger_write( void *context, byte *inbuf, size_t inlen)
721{
722 TIGER_CONTEXT *hd = context;
723
724 if( hd->count == 64 ) /* flush the buffer */
725 {
726 transform( hd, hd->buf );
727 _gcry_burn_stack (21*8+11*sizeof(void*));
728 hd->count = 0;
729 hd->nblocks++;
730 }
731 if( !inbuf )
732 return;
733 if( hd->count )
734 {
735 for( ; inlen && hd->count < 64; inlen-- )
736 hd->buf[hd->count++] = *inbuf++;
737 tiger_write( hd, NULL, 0 );
738 if( !inlen )
739 return;
740 }
741
742 while( inlen >= 64 )
743 {
744 transform( hd, inbuf );
745 hd->count = 0;
746 hd->nblocks++;
747 inlen -= 64;
748 inbuf += 64;
749 }
750 _gcry_burn_stack (21*8+11*sizeof(void*));
751 for( ; inlen && hd->count < 64; inlen-- )
752 hd->buf[hd->count++] = *inbuf++;
753}
754
755
756
757/* The routine terminates the computation
758 */
759static void
760tiger_final( void *context )
761{
762 TIGER_CONTEXT *hd = context;
763 u32 t, msb, lsb;
764 byte *p;
765
766 tiger_write(hd, NULL, 0); /* flush */;
767
768 t = hd->nblocks;
769 /* multiply by 64 to make a byte count */
770 lsb = t << 6;
771 msb = t >> 26;
772 /* add the count */
773 t = lsb;
774 if( (lsb += hd->count) < t )
775 msb++;
776 /* multiply by 8 to make a bit count */
777 t = lsb;
778 lsb <<= 3;
779 msb <<= 3;
780 msb |= t >> 29;
781
782 if( hd->count < 56 ) /* enough room */
783 {
784 hd->buf[hd->count++] = 0x01; /* pad */
785 while( hd->count < 56 )
786 hd->buf[hd->count++] = 0; /* pad */
787 }
788 else /* need one extra block */
789 {
790 hd->buf[hd->count++] = 0x01; /* pad character */
791 while( hd->count < 64 )
792 hd->buf[hd->count++] = 0;
793 tiger_write(hd, NULL, 0); /* flush */;
794 memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
795 }
796 /* append the 64 bit count */
797 hd->buf[56] = lsb ;
798 hd->buf[57] = lsb >> 8;
799 hd->buf[58] = lsb >> 16;
800 hd->buf[59] = lsb >> 24;
801 hd->buf[60] = msb ;
802 hd->buf[61] = msb >> 8;
803 hd->buf[62] = msb >> 16;
804 hd->buf[63] = msb >> 24;
805 transform( hd, hd->buf );
806 _gcry_burn_stack (21*8+11*sizeof(void*));
807
808 p = hd->buf;
809#ifdef WORDS_BIGENDIAN
810#define X(a) do { *(u64*)p = hd->a ; p += 8; } while(0)
811#else /* little endian */
812#define X(a) do { *p++ = hd->a >> 56; *p++ = hd->a >> 48; \
813 *p++ = hd->a >> 40; *p++ = hd->a >> 32; \
814 *p++ = hd->a >> 24; *p++ = hd->a >> 16; \
815 *p++ = hd->a >> 8; *p++ = hd->a; } while(0)
816#endif
817 X(a);
818 X(b);
819 X(c);
820#undef X
821}
822
823static byte *
824tiger_read( void *context )
825{
826 TIGER_CONTEXT *hd = context;
827
828 return hd->buf;
829}
830
831static byte asn[19] = /* Object ID is 1.3.6.1.4.1.11591.12.2 */
832 { 0x30, 0x29, 0x30, 0x0d, 0x06, 0x09, 0x2b, 0x06,
833 0x01, 0x04, 0x01, 0xda, 0x47, 0x0c, 0x02,
834 0x05, 0x00, 0x04, 0x18 };
835
836static gcry_md_oid_spec_t oid_spec_tiger[] =
837 {
838 /* GNU.digestAlgorithm TIGER */
839 { "1.3.6.1.4.1.11591.12.2" },
840 { NULL }
841 };
842
843gcry_md_spec_t _gcry_digest_spec_tiger =
844 {
845 "TIGER192", asn, DIM (asn), oid_spec_tiger, 24,
846 tiger_init, tiger_write, tiger_final, tiger_read,
847 sizeof (TIGER_CONTEXT)
848 };
849
850#endif /* HAVE_U64_TYPEDEF */
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/twofish.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/twofish.c
new file mode 100755
index 0000000..4695d71
--- /dev/null
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/twofish.c
@@ -0,0 +1,1040 @@
1/* Twofish for GPG
2 * Copyright (C) 1998, 2002, 2003 Free Software Foundation, Inc.
3 * Written by Matthew Skala <mskala@ansuz.sooke.bc.ca>, July 26, 1998
4 * 256-bit key length added March 20, 1999
5 * Some modifications to reduce the text size by Werner Koch, April, 1998
6 *
7 * This file is part of Libgcrypt.
8 *
9 * Libgcrypt is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Lesser General Public License as
11 * published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
13 *
14 * Libgcrypt is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
22 ********************************************************************
23 *
24 * This code is a "clean room" implementation, written from the paper
25 * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey,
26 * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available
27 * through http://www.counterpane.com/twofish.html
28 *
29 * For background information on multiplication in finite fields, used for
30 * the matrix operations in the key schedule, see the book _Contemporary
31 * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the
32 * Third Edition.
33 *
34 * Only the 128- and 256-bit key sizes are supported. This code is intended
35 * for GNU C on a 32-bit system, but it should work almost anywhere. Loops
36 * are unrolled, precomputation tables are used, etc., for maximum speed at
37 * some cost in memory consumption. */
38
39#include <config.h>
40#include <stdio.h>
41#include <stdlib.h>
42#include <string.h> /* for memcmp() */
43
44#include "types.h" /* for byte and u32 typedefs */
45#include "g10lib.h"
46#include "cipher.h"
47
48/* Prototype for the self-test function. */
49static const char *selftest(void);
50
51/* Structure for an expanded Twofish key. s contains the key-dependent
52 * S-boxes composed with the MDS matrix; w contains the eight "whitening"
53 * subkeys, K[0] through K[7]. k holds the remaining, "round" subkeys. Note
54 * that k[i] corresponds to what the Twofish paper calls K[i+8]. */
55typedef struct {
56 u32 s[4][256], w[8], k[32];
57} TWOFISH_context;
58
59/* These two tables are the q0 and q1 permutations, exactly as described in
60 * the Twofish paper. */
61
62static const byte q0[256] = {
63 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78,
64 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
65 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30,
66 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
67 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE,
68 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
69 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45,
70 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
71 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF,
72 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
73 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED,
74 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
75 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B,
76 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
77 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F,
78 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
79 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17,
80 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
81 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68,
82 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
83 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42,
84 0x4A, 0x5E, 0xC1, 0xE0
85};
86
87static const byte q1[256] = {
88 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B,
89 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
90 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B,
91 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
92 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54,
93 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
94 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7,
95 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
96 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF,
97 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
98 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D,
99 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
100 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21,
101 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
102 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E,
103 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
104 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44,
105 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
106 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B,
107 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
108 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56,
109 0x55, 0x09, 0xBE, 0x91
110};
111
112/* These MDS tables are actually tables of MDS composed with q0 and q1,
113 * because it is only ever used that way and we can save some time by
114 * precomputing. Of course the main saving comes from precomputing the
115 * GF(2^8) multiplication involved in the MDS matrix multiply; by looking
116 * things up in these tables we reduce the matrix multiply to four lookups
117 * and three XORs. Semi-formally, the definition of these tables is:
118 * mds[0][i] = MDS (q1[i] 0 0 0)^T mds[1][i] = MDS (0 q0[i] 0 0)^T
119 * mds[2][i] = MDS (0 0 q1[i] 0)^T mds[3][i] = MDS (0 0 0 q0[i])^T
120 * where ^T means "transpose", the matrix multiply is performed in GF(2^8)
121 * represented as GF(2)[x]/v(x) where v(x)=x^8+x^6+x^5+x^3+1 as described
122 * by Schneier et al, and I'm casually glossing over the byte/word
123 * conversion issues. */
124
125static const u32 mds[4][256] = {
126 {0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B,
127 0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B,
128 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32,
129 0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1,
130 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA,
131 0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B,
132 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1,
133 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5,
134 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490,
135 0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154,
136 0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0,
137 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796,
138 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228,
139 0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7,
140 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3,
141 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8,
142 0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477,
143 0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF,
144 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C,
145 0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9,
146 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA,
147 0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D,
148 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72,
149 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E,
150 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76,
151 0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321,
152 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39,
153 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01,
154 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D,
155 0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E,
156 0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5,
157 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64,
158 0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7,
159 0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544,
160 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E,
161 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E,
162 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A,
163 0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B,
164 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2,
165 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9,
166 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504,
167 0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756,
168 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91},
169
170 {0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252,
171 0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A,
172 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020,
173 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141,
174 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444,
175 0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424,
176 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A,
177 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757,
178 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383,
179 0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A,
180 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9,
181 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656,
182 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1,
183 0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898,
184 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414,
185 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3,
186 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1,
187 0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989,
188 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5,
189 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282,
190 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E,
191 0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E,
192 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202,
193 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC,
194 0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565,
195 0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A,
196 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808,
197 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272,
198 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A,
199 0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969,
200 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505,
201 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5,
202 0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D,
203 0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343,
204 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF,
205 0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3,
206 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F,
207 0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646,
208 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6,
209 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF,
210 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A,
211 0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7,
212 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8},
213
214 {0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B,
215 0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F,
216 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A,
217 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783,
218 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70,
219 0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3,
220 0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB,
221 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA,
222 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4,
223 0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41,
224 0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C,
225 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07,
226 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622,
227 0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18,
228 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035,
229 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96,
230 0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84,
231 0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E,
232 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F,
233 0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD,
234 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558,
235 0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40,
236 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA,
237 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85,
238 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF,
239 0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773,
240 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D,
241 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B,
242 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C,
243 0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19,
244 0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086,
245 0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D,
246 0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74,
247 0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755,
248 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691,
249 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D,
250 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4,
251 0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53,
252 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E,
253 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9,
254 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705,
255 0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7,
256 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF},
257
258 {0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98,
259 0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866,
260 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643,
261 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77,
262 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9,
263 0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C,
264 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3,
265 0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216,
266 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F,
267 0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25,
268 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF,
269 0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7,
270 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4,
271 0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E,
272 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA,
273 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C,
274 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12,
275 0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A,
276 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D,
277 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE,
278 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A,
279 0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C,
280 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B,
281 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4,
282 0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B,
283 0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3,
284 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE,
285 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB,
286 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85,
287 0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA,
288 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E,
289 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8,
290 0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33,
291 0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC,
292 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718,
293 0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA,
294 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8,
295 0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872,
296 0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882,
297 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D,
298 0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10,
299 0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6,
300 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8}
301};
302
303/* The exp_to_poly and poly_to_exp tables are used to perform efficient
304 * operations in GF(2^8) represented as GF(2)[x]/w(x) where
305 * w(x)=x^8+x^6+x^3+x^2+1. We care about doing that because it's part of the
306 * definition of the RS matrix in the key schedule. Elements of that field
307 * are polynomials of degree not greater than 7 and all coefficients 0 or 1,
308 * which can be represented naturally by bytes (just substitute x=2). In that
309 * form, GF(2^8) addition is the same as bitwise XOR, but GF(2^8)
310 * multiplication is inefficient without hardware support. To multiply
311 * faster, I make use of the fact x is a generator for the nonzero elements,
312 * so that every element p of GF(2)[x]/w(x) is either 0 or equal to (x)^n for
313 * some n in 0..254. Note that that caret is exponentiation in GF(2^8),
314 * *not* polynomial notation. So if I want to compute pq where p and q are
315 * in GF(2^8), I can just say:
316 * 1. if p=0 or q=0 then pq=0
317 * 2. otherwise, find m and n such that p=x^m and q=x^n
318 * 3. pq=(x^m)(x^n)=x^(m+n), so add m and n and find pq
319 * The translations in steps 2 and 3 are looked up in the tables
320 * poly_to_exp (for step 2) and exp_to_poly (for step 3). To see this
321 * in action, look at the CALC_S macro. As additional wrinkles, note that
322 * one of my operands is always a constant, so the poly_to_exp lookup on it
323 * is done in advance; I included the original values in the comments so
324 * readers can have some chance of recognizing that this *is* the RS matrix
325 * from the Twofish paper. I've only included the table entries I actually
326 * need; I never do a lookup on a variable input of zero and the biggest
327 * exponents I'll ever see are 254 (variable) and 237 (constant), so they'll
328 * never sum to more than 491. I'm repeating part of the exp_to_poly table
329 * so that I don't have to do mod-255 reduction in the exponent arithmetic.
330 * Since I know my constant operands are never zero, I only have to worry
331 * about zero values in the variable operand, and I do it with a simple
332 * conditional branch. I know conditionals are expensive, but I couldn't
333 * see a non-horrible way of avoiding them, and I did manage to group the
334 * statements so that each if covers four group multiplications. */
335
336static const byte poly_to_exp[255] = {
337 0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19,
338 0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A,
339 0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C,
340 0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B,
341 0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47,
342 0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D,
343 0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8,
344 0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C,
345 0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83,
346 0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48,
347 0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26,
348 0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E,
349 0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3,
350 0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9,
351 0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A,
352 0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D,
353 0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75,
354 0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84,
355 0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64,
356 0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49,
357 0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF,
358 0x85, 0xC8, 0xA1
359};
360
361static const byte exp_to_poly[492] = {
362 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2,
363 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03,
364 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6,
365 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A,
366 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63,
367 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C,
368 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07,
369 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88,
370 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12,
371 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7,
372 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C,
373 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8,
374 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25,
375 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A,
376 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE,
377 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC,
378 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E,
379 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92,
380 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89,
381 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB,
382 0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1,
383 0x8F, 0x53, 0xA6, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D,
384 0x9A, 0x79, 0xF2, 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC,
385 0xF5, 0xA7, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3,
386 0x8B, 0x5B, 0xB6, 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52,
387 0xA4, 0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0,
388 0xED, 0x97, 0x63, 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1,
389 0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A,
390 0xF4, 0xA5, 0x07, 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11,
391 0x22, 0x44, 0x88, 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51,
392 0xA2, 0x09, 0x12, 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66,
393 0xCC, 0xD5, 0xE7, 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB,
394 0x1B, 0x36, 0x6C, 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19,
395 0x32, 0x64, 0xC8, 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D,
396 0x5A, 0xB4, 0x25, 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56,
397 0xAC, 0x15, 0x2A, 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE,
398 0x91, 0x6F, 0xDE, 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9,
399 0x3F, 0x7E, 0xFC, 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE,
400 0xB1, 0x2F, 0x5E, 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41,
401 0x82, 0x49, 0x92, 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E,
402 0x71, 0xE2, 0x89, 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB
403};
404
405
406/* The table constants are indices of
407 * S-box entries, preprocessed through q0 and q1. */
408static byte calc_sb_tbl[512] = {
409 0xA9, 0x75, 0x67, 0xF3, 0xB3, 0xC6, 0xE8, 0xF4,
410 0x04, 0xDB, 0xFD, 0x7B, 0xA3, 0xFB, 0x76, 0xC8,
411 0x9A, 0x4A, 0x92, 0xD3, 0x80, 0xE6, 0x78, 0x6B,
412 0xE4, 0x45, 0xDD, 0x7D, 0xD1, 0xE8, 0x38, 0x4B,
413 0x0D, 0xD6, 0xC6, 0x32, 0x35, 0xD8, 0x98, 0xFD,
414 0x18, 0x37, 0xF7, 0x71, 0xEC, 0xF1, 0x6C, 0xE1,
415 0x43, 0x30, 0x75, 0x0F, 0x37, 0xF8, 0x26, 0x1B,
416 0xFA, 0x87, 0x13, 0xFA, 0x94, 0x06, 0x48, 0x3F,
417 0xF2, 0x5E, 0xD0, 0xBA, 0x8B, 0xAE, 0x30, 0x5B,
418 0x84, 0x8A, 0x54, 0x00, 0xDF, 0xBC, 0x23, 0x9D,
419 0x19, 0x6D, 0x5B, 0xC1, 0x3D, 0xB1, 0x59, 0x0E,
420 0xF3, 0x80, 0xAE, 0x5D, 0xA2, 0xD2, 0x82, 0xD5,
421 0x63, 0xA0, 0x01, 0x84, 0x83, 0x07, 0x2E, 0x14,
422 0xD9, 0xB5, 0x51, 0x90, 0x9B, 0x2C, 0x7C, 0xA3,
423 0xA6, 0xB2, 0xEB, 0x73, 0xA5, 0x4C, 0xBE, 0x54,
424 0x16, 0x92, 0x0C, 0x74, 0xE3, 0x36, 0x61, 0x51,
425 0xC0, 0x38, 0x8C, 0xB0, 0x3A, 0xBD, 0xF5, 0x5A,
426 0x73, 0xFC, 0x2C, 0x60, 0x25, 0x62, 0x0B, 0x96,
427 0xBB, 0x6C, 0x4E, 0x42, 0x89, 0xF7, 0x6B, 0x10,
428 0x53, 0x7C, 0x6A, 0x28, 0xB4, 0x27, 0xF1, 0x8C,
429 0xE1, 0x13, 0xE6, 0x95, 0xBD, 0x9C, 0x45, 0xC7,
430 0xE2, 0x24, 0xF4, 0x46, 0xB6, 0x3B, 0x66, 0x70,
431 0xCC, 0xCA, 0x95, 0xE3, 0x03, 0x85, 0x56, 0xCB,
432 0xD4, 0x11, 0x1C, 0xD0, 0x1E, 0x93, 0xD7, 0xB8,
433 0xFB, 0xA6, 0xC3, 0x83, 0x8E, 0x20, 0xB5, 0xFF,
434 0xE9, 0x9F, 0xCF, 0x77, 0xBF, 0xC3, 0xBA, 0xCC,
435 0xEA, 0x03, 0x77, 0x6F, 0x39, 0x08, 0xAF, 0xBF,
436 0x33, 0x40, 0xC9, 0xE7, 0x62, 0x2B, 0x71, 0xE2,
437 0x81, 0x79, 0x79, 0x0C, 0x09, 0xAA, 0xAD, 0x82,
438 0x24, 0x41, 0xCD, 0x3A, 0xF9, 0xEA, 0xD8, 0xB9,
439 0xE5, 0xE4, 0xC5, 0x9A, 0xB9, 0xA4, 0x4D, 0x97,
440 0x44, 0x7E, 0x08, 0xDA, 0x86, 0x7A, 0xE7, 0x17,
441 0xA1, 0x66, 0x1D, 0x94, 0xAA, 0xA1, 0xED, 0x1D,
442 0x06, 0x3D, 0x70, 0xF0, 0xB2, 0xDE, 0xD2, 0xB3,
443 0x41, 0x0B, 0x7B, 0x72, 0xA0, 0xA7, 0x11, 0x1C,
444 0x31, 0xEF, 0xC2, 0xD1, 0x27, 0x53, 0x90, 0x3E,
445 0x20, 0x8F, 0xF6, 0x33, 0x60, 0x26, 0xFF, 0x5F,
446 0x96, 0xEC, 0x5C, 0x76, 0xB1, 0x2A, 0xAB, 0x49,
447 0x9E, 0x81, 0x9C, 0x88, 0x52, 0xEE, 0x1B, 0x21,
448 0x5F, 0xC4, 0x93, 0x1A, 0x0A, 0xEB, 0xEF, 0xD9,
449 0x91, 0xC5, 0x85, 0x39, 0x49, 0x99, 0xEE, 0xCD,
450 0x2D, 0xAD, 0x4F, 0x31, 0x8F, 0x8B, 0x3B, 0x01,
451 0x47, 0x18, 0x87, 0x23, 0x6D, 0xDD, 0x46, 0x1F,
452 0xD6, 0x4E, 0x3E, 0x2D, 0x69, 0xF9, 0x64, 0x48,
453 0x2A, 0x4F, 0xCE, 0xF2, 0xCB, 0x65, 0x2F, 0x8E,
454 0xFC, 0x78, 0x97, 0x5C, 0x05, 0x58, 0x7A, 0x19,
455 0xAC, 0x8D, 0x7F, 0xE5, 0xD5, 0x98, 0x1A, 0x57,
456 0x4B, 0x67, 0x0E, 0x7F, 0xA7, 0x05, 0x5A, 0x64,
457 0x28, 0xAF, 0x14, 0x63, 0x3F, 0xB6, 0x29, 0xFE,
458 0x88, 0xF5, 0x3C, 0xB7, 0x4C, 0x3C, 0x02, 0xA5,
459 0xB8, 0xCE, 0xDA, 0xE9, 0xB0, 0x68, 0x17, 0x44,
460 0x55, 0xE0, 0x1F, 0x4D, 0x8A, 0x43, 0x7D, 0x69,
461 0x57, 0x29, 0xC7, 0x2E, 0x8D, 0xAC, 0x74, 0x15,
462 0xB7, 0x59, 0xC4, 0xA8, 0x9F, 0x0A, 0x72, 0x9E,
463 0x7E, 0x6E, 0x15, 0x47, 0x22, 0xDF, 0x12, 0x34,
464 0x58, 0x35, 0x07, 0x6A, 0x99, 0xCF, 0x34, 0xDC,
465 0x6E, 0x22, 0x50, 0xC9, 0xDE, 0xC0, 0x68, 0x9B,
466 0x65, 0x89, 0xBC, 0xD4, 0xDB, 0xED, 0xF8, 0xAB,
467 0xC8, 0x12, 0xA8, 0xA2, 0x2B, 0x0D, 0x40, 0x52,
468 0xDC, 0xBB, 0xFE, 0x02, 0x32, 0x2F, 0xA4, 0xA9,
469 0xCA, 0xD7, 0x10, 0x61, 0x21, 0x1E, 0xF0, 0xB4,
470 0xD3, 0x50, 0x5D, 0x04, 0x0F, 0xF6, 0x00, 0xC2,
471 0x6F, 0x16, 0x9D, 0x25, 0x36, 0x86, 0x42, 0x56,
472 0x4A, 0x55, 0x5E, 0x09, 0xC1, 0xBE, 0xE0, 0x91
473};
474/* Macro to perform one column of the RS matrix multiplication. The
475 * parameters a, b, c, and d are the four bytes of output; i is the index
476 * of the key bytes, and w, x, y, and z, are the column of constants from
477 * the RS matrix, preprocessed through the poly_to_exp table. */
478
479#define CALC_S(a, b, c, d, i, w, x, y, z) \
480 if (key[i]) { \
481 tmp = poly_to_exp[key[i] - 1]; \
482 (a) ^= exp_to_poly[tmp + (w)]; \
483 (b) ^= exp_to_poly[tmp + (x)]; \
484 (c) ^= exp_to_poly[tmp + (y)]; \
485 (d) ^= exp_to_poly[tmp + (z)]; \
486 }
487
488/* Macros to calculate the key-dependent S-boxes for a 128-bit key using
489 * the S vector from CALC_S. CALC_SB_2 computes a single entry in all
490 * four S-boxes, where i is the index of the entry to compute, and a and b
491 * are the index numbers preprocessed through the q0 and q1 tables
492 * respectively. CALC_SB is simply a convenience to make the code shorter;
493 * it calls CALC_SB_2 four times with consecutive indices from i to i+3,
494 * using the remaining parameters two by two. */
495
496#define CALC_SB_2(i, a, b) \
497 ctx->s[0][i] = mds[0][q0[(a) ^ sa] ^ se]; \
498 ctx->s[1][i] = mds[1][q0[(b) ^ sb] ^ sf]; \
499 ctx->s[2][i] = mds[2][q1[(a) ^ sc] ^ sg]; \
500 ctx->s[3][i] = mds[3][q1[(b) ^ sd] ^ sh]
501
502#define CALC_SB(i, a, b, c, d, e, f, g, h) \
503 CALC_SB_2 (i, a, b); CALC_SB_2 ((i)+1, c, d); \
504 CALC_SB_2 ((i)+2, e, f); CALC_SB_2 ((i)+3, g, h)
505
506/* Macros exactly like CALC_SB and CALC_SB_2, but for 256-bit keys. */
507
508#define CALC_SB256_2(i, a, b) \
509 ctx->s[0][i] = mds[0][q0[q0[q1[(b) ^ sa] ^ se] ^ si] ^ sm]; \
510 ctx->s[1][i] = mds[1][q0[q1[q1[(a) ^ sb] ^ sf] ^ sj] ^ sn]; \
511 ctx->s[2][i] = mds[2][q1[q0[q0[(a) ^ sc] ^ sg] ^ sk] ^ so]; \
512 ctx->s[3][i] = mds[3][q1[q1[q0[(b) ^ sd] ^ sh] ^ sl] ^ sp];
513
514#define CALC_SB256(i, a, b, c, d, e, f, g, h) \
515 CALC_SB256_2 (i, a, b); CALC_SB256_2 ((i)+1, c, d); \
516 CALC_SB256_2 ((i)+2, e, f); CALC_SB256_2 ((i)+3, g, h)
517
518/* Macros to calculate the whitening and round subkeys. CALC_K_2 computes the
519 * last two stages of the h() function for a given index (either 2i or 2i+1).
520 * a, b, c, and d are the four bytes going into the last two stages. For
521 * 128-bit keys, this is the entire h() function and a and c are the index
522 * preprocessed through q0 and q1 respectively; for longer keys they are the
523 * output of previous stages. j is the index of the first key byte to use.
524 * CALC_K computes a pair of subkeys for 128-bit Twofish, by calling CALC_K_2
525 * twice, doing the Psuedo-Hadamard Transform, and doing the necessary
526 * rotations. Its parameters are: a, the array to write the results into,
527 * j, the index of the first output entry, k and l, the preprocessed indices
528 * for index 2i, and m and n, the preprocessed indices for index 2i+1.
529 * CALC_K256_2 expands CALC_K_2 to handle 256-bit keys, by doing two
530 * additional lookup-and-XOR stages. The parameters a and b are the index
531 * preprocessed through q0 and q1 respectively; j is the index of the first
532 * key byte to use. CALC_K256 is identical to CALC_K but for using the
533 * CALC_K256_2 macro instead of CALC_K_2. */
534
535#define CALC_K_2(a, b, c, d, j) \
536 mds[0][q0[a ^ key[(j) + 8]] ^ key[j]] \
537 ^ mds[1][q0[b ^ key[(j) + 9]] ^ key[(j) + 1]] \
538 ^ mds[2][q1[c ^ key[(j) + 10]] ^ key[(j) + 2]] \
539 ^ mds[3][q1[d ^ key[(j) + 11]] ^ key[(j) + 3]]
540
541#define CALC_K(a, j, k, l, m, n) \
542 x = CALC_K_2 (k, l, k, l, 0); \
543 y = CALC_K_2 (m, n, m, n, 4); \
544 y = (y << 8) + (y >> 24); \
545 x += y; y += x; ctx->a[j] = x; \
546 ctx->a[(j) + 1] = (y << 9) + (y >> 23)
547
548#define CALC_K256_2(a, b, j) \
549 CALC_K_2 (q0[q1[b ^ key[(j) + 24]] ^ key[(j) + 16]], \
550 q1[q1[a ^ key[(j) + 25]] ^ key[(j) + 17]], \
551 q0[q0[a ^ key[(j) + 26]] ^ key[(j) + 18]], \
552 q1[q0[b ^ key[(j) + 27]] ^ key[(j) + 19]], j)
553
554#define CALC_K256(a, j, k, l, m, n) \
555 x = CALC_K256_2 (k, l, 0); \
556 y = CALC_K256_2 (m, n, 4); \
557 y = (y << 8) + (y >> 24); \
558 x += y; y += x; ctx->a[j] = x; \
559 ctx->a[(j) + 1] = (y << 9) + (y >> 23)
560
561
562
563/* Perform the key setup. Note that this works only with 128- and 256-bit
564 * keys, despite the API that looks like it might support other sizes. */
565
566static gcry_err_code_t
567do_twofish_setkey (TWOFISH_context *ctx, const byte *key, const unsigned keylen)
568{
569 int i, j, k;
570
571 /* Temporaries for CALC_K. */
572 u32 x, y;
573
574 /* The S vector used to key the S-boxes, split up into individual bytes.
575 * 128-bit keys use only sa through sh; 256-bit use all of them. */
576 byte sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0;
577 byte si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0;
578
579 /* Temporary for CALC_S. */
580 byte tmp;
581
582 /* Flags for self-test. */
583 static int initialized = 0;
584 static const char *selftest_failed=0;
585
586 /* Check key length. */
587 if( ( ( keylen - 16 ) | 16 ) != 16 )
588 return GPG_ERR_INV_KEYLEN;
589
590 /* Do self-test if necessary. */
591 if (!initialized)
592 {
593 initialized = 1;
594 selftest_failed = selftest ();
595 if( selftest_failed )
596 log_error("%s\n", selftest_failed );
597 }
598 if( selftest_failed )
599 return GPG_ERR_SELFTEST_FAILED;
600
601 /* Compute the first two words of the S vector. The magic numbers are
602 * the entries of the RS matrix, preprocessed through poly_to_exp. The
603 * numbers in the comments are the original (polynomial form) matrix
604 * entries. */
605 CALC_S (sa, sb, sc, sd, 0, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
606 CALC_S (sa, sb, sc, sd, 1, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
607 CALC_S (sa, sb, sc, sd, 2, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
608 CALC_S (sa, sb, sc, sd, 3, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
609 CALC_S (sa, sb, sc, sd, 4, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
610 CALC_S (sa, sb, sc, sd, 5, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
611 CALC_S (sa, sb, sc, sd, 6, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
612 CALC_S (sa, sb, sc, sd, 7, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
613 CALC_S (se, sf, sg, sh, 8, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
614 CALC_S (se, sf, sg, sh, 9, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
615 CALC_S (se, sf, sg, sh, 10, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
616 CALC_S (se, sf, sg, sh, 11, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
617 CALC_S (se, sf, sg, sh, 12, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
618 CALC_S (se, sf, sg, sh, 13, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
619 CALC_S (se, sf, sg, sh, 14, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
620 CALC_S (se, sf, sg, sh, 15, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
621
622 if (keylen == 32) /* 256-bit key */
623 {
624 /* Calculate the remaining two words of the S vector */
625 CALC_S (si, sj, sk, sl, 16, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
626 CALC_S (si, sj, sk, sl, 17, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
627 CALC_S (si, sj, sk, sl, 18, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
628 CALC_S (si, sj, sk, sl, 19, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
629 CALC_S (si, sj, sk, sl, 20, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
630 CALC_S (si, sj, sk, sl, 21, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
631 CALC_S (si, sj, sk, sl, 22, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
632 CALC_S (si, sj, sk, sl, 23, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
633 CALC_S (sm, sn, so, sp, 24, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
634 CALC_S (sm, sn, so, sp, 25, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
635 CALC_S (sm, sn, so, sp, 26, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
636 CALC_S (sm, sn, so, sp, 27, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
637 CALC_S (sm, sn, so, sp, 28, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
638 CALC_S (sm, sn, so, sp, 29, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
639 CALC_S (sm, sn, so, sp, 30, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
640 CALC_S (sm, sn, so, sp, 31, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
641
642 /* Compute the S-boxes. */
643 for(i=j=0,k=1; i < 256; i++, j += 2, k += 2 )
644 {
645 CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
646 }
647
648 /* Calculate whitening and round subkeys. The constants are
649 * indices of subkeys, preprocessed through q0 and q1. */
650 CALC_K256 (w, 0, 0xA9, 0x75, 0x67, 0xF3);
651 CALC_K256 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
652 CALC_K256 (w, 4, 0x04, 0xDB, 0xFD, 0x7B);
653 CALC_K256 (w, 6, 0xA3, 0xFB, 0x76, 0xC8);
654 CALC_K256 (k, 0, 0x9A, 0x4A, 0x92, 0xD3);
655 CALC_K256 (k, 2, 0x80, 0xE6, 0x78, 0x6B);
656 CALC_K256 (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
657 CALC_K256 (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
658 CALC_K256 (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
659 CALC_K256 (k, 10, 0x35, 0xD8, 0x98, 0xFD);
660 CALC_K256 (k, 12, 0x18, 0x37, 0xF7, 0x71);
661 CALC_K256 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
662 CALC_K256 (k, 16, 0x43, 0x30, 0x75, 0x0F);
663 CALC_K256 (k, 18, 0x37, 0xF8, 0x26, 0x1B);
664 CALC_K256 (k, 20, 0xFA, 0x87, 0x13, 0xFA);
665 CALC_K256 (k, 22, 0x94, 0x06, 0x48, 0x3F);
666 CALC_K256 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
667 CALC_K256 (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
668 CALC_K256 (k, 28, 0x84, 0x8A, 0x54, 0x00);
669 CALC_K256 (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
670 }
671 else
672 {
673 /* Compute the S-boxes. */
674 for(i=j=0,k=1; i < 256; i++, j += 2, k += 2 )
675 {
676 CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
677 }
678
679 /* Calculate whitening and round subkeys. The constants are
680 * indices of subkeys, preprocessed through q0 and q1. */
681 CALC_K (w, 0, 0xA9, 0x75, 0x67, 0xF3);
682 CALC_K (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
683 CALC_K (w, 4, 0x04, 0xDB, 0xFD, 0x7B);
684 CALC_K (w, 6, 0xA3, 0xFB, 0x76, 0xC8);
685 CALC_K (k, 0, 0x9A, 0x4A, 0x92, 0xD3);
686 CALC_K (k, 2, 0x80, 0xE6, 0x78, 0x6B);
687 CALC_K (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
688 CALC_K (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
689 CALC_K (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
690 CALC_K (k, 10, 0x35, 0xD8, 0x98, 0xFD);
691 CALC_K (k, 12, 0x18, 0x37, 0xF7, 0x71);
692 CALC_K (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
693 CALC_K (k, 16, 0x43, 0x30, 0x75, 0x0F);
694 CALC_K (k, 18, 0x37, 0xF8, 0x26, 0x1B);
695 CALC_K (k, 20, 0xFA, 0x87, 0x13, 0xFA);
696 CALC_K (k, 22, 0x94, 0x06, 0x48, 0x3F);
697 CALC_K (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
698 CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
699 CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00);
700 CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
701 }
702
703 return 0;
704}
705
706static gcry_err_code_t
707twofish_setkey (void *context, const byte *key, unsigned int keylen)
708{
709 TWOFISH_context *ctx = context;
710 int rc = do_twofish_setkey (ctx, key, keylen);
711 _gcry_burn_stack (23+6*sizeof(void*));
712 return rc;
713}
714
715
716
717/* Macros to compute the g() function in the encryption and decryption
718 * rounds. G1 is the straight g() function; G2 includes the 8-bit
719 * rotation for the high 32-bit word. */
720
721#define G1(a) \
722 (ctx->s[0][(a) & 0xFF]) ^ (ctx->s[1][((a) >> 8) & 0xFF]) \
723 ^ (ctx->s[2][((a) >> 16) & 0xFF]) ^ (ctx->s[3][(a) >> 24])
724
725#define G2(b) \
726 (ctx->s[1][(b) & 0xFF]) ^ (ctx->s[2][((b) >> 8) & 0xFF]) \
727 ^ (ctx->s[3][((b) >> 16) & 0xFF]) ^ (ctx->s[0][(b) >> 24])
728
729/* Encryption and decryption Feistel rounds. Each one calls the two g()
730 * macros, does the PHT, and performs the XOR and the appropriate bit
731 * rotations. The parameters are the round number (used to select subkeys),
732 * and the four 32-bit chunks of the text. */
733
734#define ENCROUND(n, a, b, c, d) \
735 x = G1 (a); y = G2 (b); \
736 x += y; y += x + ctx->k[2 * (n) + 1]; \
737 (c) ^= x + ctx->k[2 * (n)]; \
738 (c) = ((c) >> 1) + ((c) << 31); \
739 (d) = (((d) << 1)+((d) >> 31)) ^ y
740
741#define DECROUND(n, a, b, c, d) \
742 x = G1 (a); y = G2 (b); \
743 x += y; y += x; \
744 (d) ^= y + ctx->k[2 * (n) + 1]; \
745 (d) = ((d) >> 1) + ((d) << 31); \
746 (c) = (((c) << 1)+((c) >> 31)); \
747 (c) ^= (x + ctx->k[2 * (n)])
748
749/* Encryption and decryption cycles; each one is simply two Feistel rounds
750 * with the 32-bit chunks re-ordered to simulate the "swap" */
751
752#define ENCCYCLE(n) \
753 ENCROUND (2 * (n), a, b, c, d); \
754 ENCROUND (2 * (n) + 1, c, d, a, b)
755
756#define DECCYCLE(n) \
757 DECROUND (2 * (n) + 1, c, d, a, b); \
758 DECROUND (2 * (n), a, b, c, d)
759
760/* Macros to convert the input and output bytes into 32-bit words,
761 * and simultaneously perform the whitening step. INPACK packs word
762 * number n into the variable named by x, using whitening subkey number m.
763 * OUTUNPACK unpacks word number n from the variable named by x, using
764 * whitening subkey number m. */
765
766#define INPACK(n, x, m) \
767 x = in[4 * (n)] ^ (in[4 * (n) + 1] << 8) \
768 ^ (in[4 * (n) + 2] << 16) ^ (in[4 * (n) + 3] << 24) ^ ctx->w[m]
769
770#define OUTUNPACK(n, x, m) \
771 x ^= ctx->w[m]; \
772 out[4 * (n)] = x; out[4 * (n) + 1] = x >> 8; \
773 out[4 * (n) + 2] = x >> 16; out[4 * (n) + 3] = x >> 24
774
775/* Encrypt one block. in and out may be the same. */
776
777static void
778do_twofish_encrypt (const TWOFISH_context *ctx, byte *out, const byte *in)
779{
780 /* The four 32-bit chunks of the text. */
781 u32 a, b, c, d;
782
783 /* Temporaries used by the round function. */
784 u32 x, y;
785
786 /* Input whitening and packing. */
787 INPACK (0, a, 0);
788 INPACK (1, b, 1);
789 INPACK (2, c, 2);
790 INPACK (3, d, 3);
791
792 /* Encryption Feistel cycles. */
793 ENCCYCLE (0);
794 ENCCYCLE (1);
795 ENCCYCLE (2);
796 ENCCYCLE (3);
797 ENCCYCLE (4);
798 ENCCYCLE (5);
799 ENCCYCLE (6);
800 ENCCYCLE (7);
801
802 /* Output whitening and unpacking. */
803 OUTUNPACK (0, c, 4);
804 OUTUNPACK (1, d, 5);
805 OUTUNPACK (2, a, 6);
806 OUTUNPACK (3, b, 7);
807}
808
809static void
810twofish_encrypt (void *context, byte *out, const byte *in)
811{
812 TWOFISH_context *ctx = context;
813 do_twofish_encrypt (ctx, out, in);
814 _gcry_burn_stack (24+3*sizeof (void*));
815}
816
817
818/* Decrypt one block. in and out may be the same. */
819
820static void
821do_twofish_decrypt (const TWOFISH_context *ctx, byte *out, const byte *in)
822{
823 /* The four 32-bit chunks of the text. */
824 u32 a, b, c, d;
825
826 /* Temporaries used by the round function. */
827 u32 x, y;
828
829 /* Input whitening and packing. */
830 INPACK (0, c, 4);
831 INPACK (1, d, 5);
832 INPACK (2, a, 6);
833 INPACK (3, b, 7);
834
835 /* Encryption Feistel cycles. */
836 DECCYCLE (7);
837 DECCYCLE (6);
838 DECCYCLE (5);
839 DECCYCLE (4);
840 DECCYCLE (3);
841 DECCYCLE (2);
842 DECCYCLE (1);
843 DECCYCLE (0);
844
845 /* Output whitening and unpacking. */
846 OUTUNPACK (0, a, 0);
847 OUTUNPACK (1, b, 1);
848 OUTUNPACK (2, c, 2);
849 OUTUNPACK (3, d, 3);
850}
851
852static void
853twofish_decrypt (void *context, byte *out, const byte *in)
854{
855 TWOFISH_context *ctx = context;
856
857 do_twofish_decrypt (ctx, out, in);
858 _gcry_burn_stack (24+3*sizeof (void*));
859}
860
861
862/* Test a single encryption and decryption with each key size. */
863
864static const char*
865selftest (void)
866{
867 TWOFISH_context ctx; /* Expanded key. */
868 byte scratch[16]; /* Encryption/decryption result buffer. */
869
870 /* Test vectors for single encryption/decryption. Note that I am using
871 * the vectors from the Twofish paper's "known answer test", I=3 for
872 * 128-bit and I=4 for 256-bit, instead of the all-0 vectors from the
873 * "intermediate value test", because an all-0 key would trigger all the
874 * special cases in the RS matrix multiply, leaving the math untested. */
875 static byte plaintext[16] = {
876 0xD4, 0x91, 0xDB, 0x16, 0xE7, 0xB1, 0xC3, 0x9E,
877 0x86, 0xCB, 0x08, 0x6B, 0x78, 0x9F, 0x54, 0x19
878 };
879 static byte key[16] = {
880 0x9F, 0x58, 0x9F, 0x5C, 0xF6, 0x12, 0x2C, 0x32,
881 0xB6, 0xBF, 0xEC, 0x2F, 0x2A, 0xE8, 0xC3, 0x5A
882 };
883 static const byte ciphertext[16] = {
884 0x01, 0x9F, 0x98, 0x09, 0xDE, 0x17, 0x11, 0x85,
885 0x8F, 0xAA, 0xC3, 0xA3, 0xBA, 0x20, 0xFB, 0xC3
886 };
887 static byte plaintext_256[16] = {
888 0x90, 0xAF, 0xE9, 0x1B, 0xB2, 0x88, 0x54, 0x4F,
889 0x2C, 0x32, 0xDC, 0x23, 0x9B, 0x26, 0x35, 0xE6
890 };
891 static byte key_256[32] = {
892 0xD4, 0x3B, 0xB7, 0x55, 0x6E, 0xA3, 0x2E, 0x46,
893 0xF2, 0xA2, 0x82, 0xB7, 0xD4, 0x5B, 0x4E, 0x0D,
894 0x57, 0xFF, 0x73, 0x9D, 0x4D, 0xC9, 0x2C, 0x1B,
895 0xD7, 0xFC, 0x01, 0x70, 0x0C, 0xC8, 0x21, 0x6F
896 };
897 static const byte ciphertext_256[16] = {
898 0x6C, 0xB4, 0x56, 0x1C, 0x40, 0xBF, 0x0A, 0x97,
899 0x05, 0x93, 0x1C, 0xB6, 0xD4, 0x08, 0xE7, 0xFA
900 };
901
902 twofish_setkey (&ctx, key, sizeof(key));
903 twofish_encrypt (&ctx, scratch, plaintext);
904 if (memcmp (scratch, ciphertext, sizeof (ciphertext)))
905 return "Twofish-128 test encryption failed.";
906 twofish_decrypt (&ctx, scratch, scratch);
907 if (memcmp (scratch, plaintext, sizeof (plaintext)))
908 return "Twofish-128 test decryption failed.";
909
910 twofish_setkey (&ctx, key_256, sizeof(key_256));
911 twofish_encrypt (&ctx, scratch, plaintext_256);
912 if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))
913 return "Twofish-256 test encryption failed.";
914 twofish_decrypt (&ctx, scratch, scratch);
915 if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))
916 return "Twofish-256 test decryption failed.";
917
918 return NULL;
919}
920
921/* More complete test program. This does 1000 encryptions and decryptions
922 * with each of 250 128-bit keys and 2000 encryptions and decryptions with
923 * each of 125 256-bit keys, using a feedback scheme similar to a Feistel
924 * cipher, so as to be sure of testing all the table entries pretty
925 * thoroughly. We keep changing the keys so as to get a more meaningful
926 * performance number, since the key setup is non-trivial for Twofish. */
927
928#ifdef TEST
929
930#include <stdio.h>
931#include <string.h>
932#include <time.h>
933
934int
935main()
936{
937 TWOFISH_context ctx; /* Expanded key. */
938 int i, j; /* Loop counters. */
939
940 const char *encrypt_msg; /* Message to print regarding encryption test;
941 * the printf is done outside the loop to avoid
942 * stuffing up the timing. */
943 clock_t timer; /* For computing elapsed time. */
944
945 /* Test buffer. */
946 byte buffer[4][16] = {
947 {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
948 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF},
949 {0x0F, 0x1E, 0x2D, 0x3C, 0x4B, 0x5A, 0x69, 0x78,
950 0x87, 0x96, 0xA5, 0xB4, 0xC3, 0xD2 ,0xE1, 0xF0},
951 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
952 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54 ,0x32, 0x10},
953 {0x01, 0x23, 0x45, 0x67, 0x76, 0x54 ,0x32, 0x10,
954 0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98}
955 };
956
957 /* Expected outputs for the million-operation test */
958 static const byte test_encrypt[4][16] = {
959 {0xC8, 0x23, 0xB8, 0xB7, 0x6B, 0xFE, 0x91, 0x13,
960 0x2F, 0xA7, 0x5E, 0xE6, 0x94, 0x77, 0x6F, 0x6B},
961 {0x90, 0x36, 0xD8, 0x29, 0xD5, 0x96, 0xC2, 0x8E,
962 0xE4, 0xFF, 0x76, 0xBC, 0xE5, 0x77, 0x88, 0x27},
963 {0xB8, 0x78, 0x69, 0xAF, 0x42, 0x8B, 0x48, 0x64,
964 0xF7, 0xE9, 0xF3, 0x9C, 0x42, 0x18, 0x7B, 0x73},
965 {0x7A, 0x88, 0xFB, 0xEB, 0x90, 0xA4, 0xB4, 0xA8,
966 0x43, 0xA3, 0x1D, 0xF1, 0x26, 0xC4, 0x53, 0x57}
967 };
968 static const byte test_decrypt[4][16] = {
969 {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
970 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF},
971 {0x0F, 0x1E, 0x2D, 0x3C, 0x4B, 0x5A, 0x69, 0x78,
972 0x87, 0x96, 0xA5, 0xB4, 0xC3, 0xD2 ,0xE1, 0xF0},
973 {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
974 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54 ,0x32, 0x10},
975 {0x01, 0x23, 0x45, 0x67, 0x76, 0x54 ,0x32, 0x10,
976 0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98}
977 };
978
979 /* Start the timer ticking. */
980 timer = clock ();
981
982 /* Encryption test. */
983 for (i = 0; i < 125; i++)
984 {
985 twofish_setkey (&ctx, buffer[0], sizeof (buffer[0]));
986 for (j = 0; j < 1000; j++)
987 twofish_encrypt (&ctx, buffer[2], buffer[2]);
988 twofish_setkey (&ctx, buffer[1], sizeof (buffer[1]));
989 for (j = 0; j < 1000; j++)
990 twofish_encrypt (&ctx, buffer[3], buffer[3]);
991 twofish_setkey (&ctx, buffer[2], sizeof (buffer[2])*2);
992 for (j = 0; j < 1000; j++) {
993 twofish_encrypt (&ctx, buffer[0], buffer[0]);
994 twofish_encrypt (&ctx, buffer[1], buffer[1]);
995 }
996 }
997 encrypt_msg = memcmp (buffer, test_encrypt, sizeof (test_encrypt)) ?
998 "encryption failure!\n" : "encryption OK!\n";
999
1000 /* Decryption test. */
1001 for (i = 0; i < 125; i++)
1002 {
1003 twofish_setkey (&ctx, buffer[2], sizeof (buffer[2])*2);
1004 for (j = 0; j < 1000; j++) {
1005 twofish_decrypt (&ctx, buffer[0], buffer[0]);
1006 twofish_decrypt (&ctx, buffer[1], buffer[1]);
1007 }
1008 twofish_setkey (&ctx, buffer[1], sizeof (buffer[1]));
1009 for (j = 0; j < 1000; j++)
1010 twofish_decrypt (&ctx, buffer[3], buffer[3]);
1011 twofish_setkey (&ctx, buffer[0], sizeof (buffer[0]));
1012 for (j = 0; j < 1000; j++)
1013 twofish_decrypt (&ctx, buffer[2], buffer[2]);
1014 }
1015
1016 /* Stop the timer, and print results. */
1017 timer = clock () - timer;
1018 printf (encrypt_msg);
1019 printf (memcmp (buffer, test_decrypt, sizeof (test_decrypt)) ?
1020 "decryption failure!\n" : "decryption OK!\n");
1021 printf ("elapsed time: %.1f s.\n", (float) timer / CLOCKS_PER_SEC);
1022
1023 return 0;
1024}
1025
1026#endif /* TEST */
1027
1028
1029
1030gcry_cipher_spec_t _gcry_cipher_spec_twofish =
1031 {
1032 "TWOFISH", NULL, NULL, 16, 256, sizeof (TWOFISH_context),
1033 twofish_setkey, twofish_encrypt, twofish_decrypt,
1034 };
1035
1036gcry_cipher_spec_t _gcry_cipher_spec_twofish128 =
1037 {
1038 "TWOFISH128", NULL, NULL, 16, 128, sizeof (TWOFISH_context),
1039 twofish_setkey, twofish_encrypt, twofish_decrypt,
1040 };
generated by cgit v1.1 at 2025-02-22 02:41:11 +0000