From: Andreas Steffen Date: Sun, 24 Nov 2013 14:31:19 +0000 (+0100) Subject: Use strongSwan hash plugins for SHA-1 and SHA-256 X-Git-Tag: 5.1.2dr1~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5443762491890c3472bc1416fd57ad43f13a3b45;p=thirdparty%2Fstrongswan.git Use strongSwan hash plugins for SHA-1 and SHA-256 --- diff --git a/src/libstrongswan/plugins/ntru/Makefile.am b/src/libstrongswan/plugins/ntru/Makefile.am index 4f81ead4ac..8e4b87812e 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.am +++ b/src/libstrongswan/plugins/ntru/Makefile.am @@ -16,10 +16,6 @@ libstrongswan_ntru_la_SOURCES = \ ntru_ke.h ntru_ke.c \ ntru_test_rng.h ntru_test_rng.c \ ntru_crypto/ntru_crypto.h ntru_crypto/ntru_crypto_error.h \ - ntru_crypto/ntru_crypto_hash_basics.h \ - ntru_crypto/ntru_crypto_hash.h ntru_crypto/ntru_crypto_hash.c \ - ntru_crypto/ntru_crypto_msbyte_uint32.h \ - ntru_crypto/ntru_crypto_msbyte_uint32.c \ ntru_crypto/ntru_crypto_ntru_convert.h \ ntru_crypto/ntru_crypto_ntru_convert.c \ ntru_crypto/ntru_crypto_ntru_encrypt.c \ @@ -28,11 +24,7 @@ libstrongswan_ntru_la_SOURCES = \ ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h \ ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c \ ntru_crypto/ntru_crypto_ntru_mgf1.h ntru_crypto/ntru_crypto_ntru_mgf1.c \ - ntru_crypto/ntru_crypto_ntru_poly.h ntru_crypto/ntru_crypto_ntru_poly.c \ - ntru_crypto/ntru_crypto_platform.h ntru_crypto/ntru_crypto_sha.h\ - ntru_crypto/ntru_crypto_sha1.h ntru_crypto/ntru_crypto_sha1.c\ - ntru_crypto/ntru_crypto_sha2.h ntru_crypto/ntru_crypto_sha2.c\ - ntru_crypto/ntru_crypto_sha256.h ntru_crypto/ntru_crypto_sha256.c + ntru_crypto/ntru_crypto_ntru_poly.h ntru_crypto/ntru_crypto_ntru_poly.c libstrongswan_ntru_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_hash.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_hash.c deleted file mode 100644 index e67bbfef06..0000000000 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_hash.c +++ /dev/null @@ -1,335 +0,0 @@ -/****************************************************************************** - * NTRU Cryptography Reference Source Code - * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. - * - * ntru_crypto_hash.c is a component of ntru-crypto. - * - * Copyright (C) 2009-2013 Security Innovation - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - *****************************************************************************/ - -/****************************************************************************** - * - * File: ntru_crypto_hash.c - * - * Contents: Routines implementing the hash object abstraction. - * - *****************************************************************************/ - - -#include -#include "ntru_crypto_hash.h" - - -typedef uint32_t (*NTRU_CRYPTO_HASH_INIT_FN)( - void *c); -typedef uint32_t (*NTRU_CRYPTO_HASH_UPDATE_FN)( - void *c, - void const *data, - uint32_t len); -typedef uint32_t (*NTRU_CRYPTO_HASH_FINAL_FN)( - void *c, - void *md); -typedef uint32_t (*NTRU_CRYPTO_HASH_DIGEST_FN)( - void const *data, - uint32_t len, - void *md); - -typedef struct _NTRU_CRYPTO_HASH_ALG_PARAMS { - uint8_t algid; - uint16_t block_length; - uint16_t digest_length; - NTRU_CRYPTO_HASH_INIT_FN init; - NTRU_CRYPTO_HASH_UPDATE_FN update; - NTRU_CRYPTO_HASH_FINAL_FN final; - NTRU_CRYPTO_HASH_FINAL_FN final_zero_pad; - NTRU_CRYPTO_HASH_DIGEST_FN digest; -} NTRU_CRYPTO_HASH_ALG_PARAMS; - -static NTRU_CRYPTO_HASH_ALG_PARAMS const algs_params[] = { - { - NTRU_CRYPTO_HASH_ALGID_SHA1, - SHA_1_BLK_LEN, - SHA_1_MD_LEN, - (NTRU_CRYPTO_HASH_INIT_FN) SHA_1_INIT_FN, - (NTRU_CRYPTO_HASH_UPDATE_FN) SHA_1_UPDATE_FN, - (NTRU_CRYPTO_HASH_FINAL_FN) SHA_1_FINAL_FN, - (NTRU_CRYPTO_HASH_FINAL_FN) SHA_1_FINAL_ZERO_PAD_FN, - (NTRU_CRYPTO_HASH_DIGEST_FN) SHA_1_DIGEST_FN, - }, - { - NTRU_CRYPTO_HASH_ALGID_SHA256, - SHA_256_BLK_LEN, - SHA_256_MD_LEN, - (NTRU_CRYPTO_HASH_INIT_FN) SHA_256_INIT_FN, - (NTRU_CRYPTO_HASH_UPDATE_FN) SHA_256_UPDATE_FN, - (NTRU_CRYPTO_HASH_FINAL_FN) SHA_256_FINAL_FN, - (NTRU_CRYPTO_HASH_FINAL_FN) SHA_256_FINAL_ZERO_PAD_FN, - (NTRU_CRYPTO_HASH_DIGEST_FN) SHA_256_DIGEST_FN, - }, -}; - -static int const numalgs = (sizeof(algs_params)/sizeof(algs_params[0])); - - -/* get_alg_params - * - * Return a pointer to the hash algorithm parameters for the hash algorithm - * specified, by looking for algid in the global algs_params table. - * If not found, return NULL. - */ -static NTRU_CRYPTO_HASH_ALG_PARAMS const * -get_alg_params( - NTRU_CRYPTO_HASH_ALGID algid) // in - the hash algorithm to find -{ - int i; - - for (i = 0; i < numalgs; i++) - if (algs_params[i].algid == algid) - return &algs_params[i]; - - return NULL; -} - - -/* ntru_crypto_hash_set_alg - * - * Sets the hash algorithm for the hash context. This must be called before - * any calls to ntru_crypto_hash_block_length(), - * ntru_crypto_hash_digest_length(), or ntru_crypto_hash_init() are made. - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the specified algorithm is not supported. - */ - -uint32_t -ntru_crypto_hash_set_alg( - NTRU_CRYPTO_HASH_ALGID algid, // in - hash algoirithm to be used - NTRU_CRYPTO_HASH_CTX *c) // in/out - pointer to the hash context -{ - if (!c) - HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER); - - c->alg_params = get_alg_params(algid); - if (!c->alg_params) { - HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG); - } - - HASH_RET(NTRU_CRYPTO_HASH_OK); -} - - -/* ntru_crypto_hash_block_length - * - * Gets the number of bytes in an input block for the hash algorithm - * specified in the hash context. The hash algorithm must have been set - * in the hash context with a call to ntru_crypto_hash_set_alg() prior to - * calling this function. - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are - * passed. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set. - */ - -uint32_t -ntru_crypto_hash_block_length( - NTRU_CRYPTO_HASH_CTX *c, // in - pointer to the hash context - uint16_t *blk_len) // out - address for block length in bytes -{ - if (!c || !blk_len) - HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER); - - if (!c->alg_params) - HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG); - - *blk_len = c->alg_params->block_length; - HASH_RET(NTRU_CRYPTO_HASH_OK); -} - - -/* ntru_crypto_hash_digest_length - * - * Gets the number of bytes needed to hold the message digest for the - * hash algorithm specified in the hash context. The algorithm must have - * been set in the hash context with a call to ntru_crypto_hash_set_alg() prior - * to calling this function. - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are - * passed. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set. - */ - -uint32_t -ntru_crypto_hash_digest_length( - NTRU_CRYPTO_HASH_CTX const *c, // in - pointer to the hash context - uint16_t *md_len) // out - addr for digest length in bytes -{ - if (!c || !md_len) - HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER); - - if (!c->alg_params) - HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG); - - *md_len = c->alg_params->digest_length; - HASH_RET(NTRU_CRYPTO_HASH_OK); -} - - -/* ntru_crypto_hash_init - * - * This routine performs standard initialization of the hash state. - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are - * passed. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set. - */ - -uint32_t -ntru_crypto_hash_init( - NTRU_CRYPTO_HASH_CTX *c) // in/out - pointer to hash context -{ - if (!c) - HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER); - - if (!c->alg_params) - HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG); - - return c->alg_params->init(&c->alg_ctx); -} - - -/* ntru_crypto_hash_update - * - * This routine processes input data and updates the hash calculation. - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are - * passed. - * Returns NTRU_CRYPTO_HASH_OVERFLOW if too much text has been fed to the - * hash algorithm. The size limit is dependent on the hash algorithm, - * and not all algorithms have this limit. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set. - */ - -uint32_t -ntru_crypto_hash_update( - NTRU_CRYPTO_HASH_CTX *c, // in/out - pointer to hash context - uint8_t const *data, // in - pointer to input data - uint32_t data_len) // in - number of bytes of input data -{ - if (!c || (data_len && !data)) - HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER); - - if (!c->alg_params) - HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG); - - return c->alg_params->update(&c->alg_ctx, data, data_len); -} - - -/* ntru_crypto_hash_final - * - * This routine completes the hash calculation and returns the message digest. - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are - * passed. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set. - */ - -uint32_t -ntru_crypto_hash_final( - NTRU_CRYPTO_HASH_CTX *c, // in/out - pointer to hash context - uint8_t *md) // out - address for message digest -{ - if (!c || !md) - HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER); - - if (!c->alg_params) - HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG); - - return c->alg_params->final(&c->alg_ctx, md); -} - - -/* ntru_crypto_hash_final_zero_pad - * - * This routine completes the hash calculation using zero padding and - * returns the message digest. - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are - * passed. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set. - */ - -uint32_t -ntru_crypto_hash_final_zero_pad( - NTRU_CRYPTO_HASH_CTX *c, // in/out - pointer to hash context - uint8_t *md) // out - address for message digest -{ - if (!c || !md) - HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER); - - if (!c->alg_params) - HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG); - - return c->alg_params->final_zero_pad(&c->alg_ctx, md); -} - - -/* ntru_crypto_hash_digest - * - * This routine computes a message digest. It is assumed that the - * output buffer md is large enough to hold the output (see - * ntru_crypto_hash_digest_length) - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are - * passed. - * Returns NTRU_CRYPTO_HASH_OVERFLOW if too much text has been fed to the - * hash algorithm. The size limit is dependent on the hash algorithm, - * and not all algorithms have this limit. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the specified algorithm is not supported. - */ - -uint32_t -ntru_crypto_hash_digest( - NTRU_CRYPTO_HASH_ALGID algid, // in - the hash algorithm to use - uint8_t const *data, // in - pointer to input data - uint32_t data_len, // in - number of bytes of input data - uint8_t *md) // out - address for message digest -{ - NTRU_CRYPTO_HASH_ALG_PARAMS const *alg_params = get_alg_params(algid); - - if (!alg_params) - HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG); - - if ((data_len && !data) || !md) - HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER); - - return alg_params->digest(data, data_len, md); -} - diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_hash.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_hash.h deleted file mode 100644 index 6f6b4f4a7a..0000000000 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_hash.h +++ /dev/null @@ -1,233 +0,0 @@ -/****************************************************************************** - * NTRU Cryptography Reference Source Code - * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. - * - * ntru_crypto_hash.h is a component of ntru-crypto. - * - * Copyright (C) 2009-2013 Security Innovation - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - *****************************************************************************/ - -/****************************************************************************** - * - * File: ntru_crypto_hash.h - * - * Contents: Definitions and declarations for the hash object abstraction. - * - *****************************************************************************/ - -#ifndef NTRU_CRYPTO_HASH_H -#define NTRU_CRYPTO_HASH_H - -#include "ntru_crypto_error.h" -#include "ntru_crypto_hash_basics.h" -#include "ntru_crypto_sha1.h" -#include "ntru_crypto_sha256.h" - -#include - -/*************** - * error macro * - ***************/ - -#define HASH_RESULT(r) ((uint32_t)((r) ? HASH_ERROR_BASE + (r) : (r))) -#define HASH_RET(r) return HASH_RESULT(r); - - -/************************* - * structure definitions * - *************************/ - -/* _NTRU_CRYPTO_HASH_ALG_PARAMS - * - * An opaque forward declaration for a private structure used - * internally by the hash object interface. - */ - -struct _NTRU_CRYPTO_HASH_ALG_PARAMS; - - -/* NTRU_CRYPTO_HASH_CTX - * - * Hash object context information. - */ - -typedef struct { - struct _NTRU_CRYPTO_HASH_ALG_PARAMS const *alg_params; - union { - NTRU_CRYPTO_SHA1_CTX sha1; - NTRU_CRYPTO_SHA2_CTX sha256; - } alg_ctx; -} NTRU_CRYPTO_HASH_CTX; - - -/************************* - * function declarations * - *************************/ - -/* ntru_crypto_hash_set_alg - * - * Sets the hash algorithm for the hash context. This must be called before - * any calls to crypto_hash_block_length(), crypto_hash_digest_length(), or - * crypto_hash_init() are made. - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are - * passed. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the specified algorithm is not supported. - */ - -extern uint32_t -ntru_crypto_hash_set_alg( - NTRU_CRYPTO_HASH_ALGID algid, // in - hash algoirithm to be used - NTRU_CRYPTO_HASH_CTX *c); // in/out - pointer to the hash context - - -/* ntru_crypto_hash_block_length - * - * Gets the number of bytes in an input block for the hash algorithm - * specified in the hash context. The hash algorithm must have been set - * in the hash context with a call to crypto_hash_set_alg() prior to - * calling this function. - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are - * passed. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set. - */ - -extern uint32_t -ntru_crypto_hash_block_length( - NTRU_CRYPTO_HASH_CTX *c, // in - pointer to the hash context - uint16_t *blk_len); // out - address for block length in bytes - - -/* ntru_crypto_hash_digest_length - * - * Gets the number of bytes needed to hold the message digest for the - * hash algorithm specified in the hash context. The algorithm must have - * been set in the hash context with a call to crypto_hash_set_alg() prior - * to calling this function. - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are - * passed. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set. - */ - -extern uint32_t -ntru_crypto_hash_digest_length( - NTRU_CRYPTO_HASH_CTX const *c, // in - pointer to the hash context - uint16_t *md_len); // out - addrfor digest length in bytes - - -/* ntru_crypto_hash_init - * - * This routine initializes the hash state. - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are - * passed. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set. - */ - -extern uint32_t -ntru_crypto_hash_init( - NTRU_CRYPTO_HASH_CTX *c); // in/out - pointer to hash context - - -/* ntru_crypto_hash_update - * - * This routine processes input data and updates the hash calculation. - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are - * passed. - * Returns NTRU_CRYPTO_HASH_OVERFLOW if too much text has been fed to the - * hash algorithm. The size limit is dependent on the hash algorithm, - * and not all algorithms have this limit. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set. - */ - -extern uint32_t -ntru_crypto_hash_update( - NTRU_CRYPTO_HASH_CTX *c, // in/out - pointer to hash context - uint8_t const *data, // in - pointer to input data - uint32_t data_len); // in - number of bytes of input data - - -/* ntru_crypto_hash_final - * - * This routine completes the hash calculation and returns the message digest. - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are - * passed. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set. - */ - -extern uint32_t -ntru_crypto_hash_final( - NTRU_CRYPTO_HASH_CTX *c, // in/out - pointer to hash context - uint8_t *md); // out - address for message digest - - -/* ntru_crypto_hash_final_zero_pad - * - * This routine completes the hash calculation using zero padding and - * returns the message digest. - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are - * passed. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set. - */ - -extern uint32_t -ntru_crypto_hash_final_zero_pad( - NTRU_CRYPTO_HASH_CTX *c, // in/out - pointer to hash context - uint8_t *md); // out - address for message digest - - -/* ntru_crypto_hash_digest - * - * This routine computes a message digest. It is assumed that the - * output buffer md is large enough to hold the output (see - * crypto_hash_digest_length) - * - * Returns NTRU_CRYPTO_HASH_OK on success. - * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context. - * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns NTRU_CRYPTO_HASH_OVERFLOW if too much text has been fed to the - * hash algorithm. The size limit is dependent on the hash algorithm, - * and not all algorithms have this limit. - * Returns NTRU_CRYPTO_HASH_BAD_ALG if the specified algorithm is not supported. - */ - -extern uint32_t -ntru_crypto_hash_digest( - NTRU_CRYPTO_HASH_ALGID algid, // in - the hash algorithm to use - uint8_t const *data, // in - pointer to input data - uint32_t data_len, // in - number of bytes of input data - uint8_t *md); // out - address for message digest - - -#endif /* NTRU_CRYPTO_HASH_H */ diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_hash_basics.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_hash_basics.h deleted file mode 100644 index 0ad09e7f34..0000000000 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_hash_basics.h +++ /dev/null @@ -1,75 +0,0 @@ -/****************************************************************************** - * NTRU Cryptography Reference Source Code - * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. - * - * ntru_crypto_hash_basics.c is a component of ntru-crypto. - * - * Copyright (C) 2009-2013 Security Innovation - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - *****************************************************************************/ - -/****************************************************************************** - * - * File: ntru_crypto_hash_basics.h - * - * Contents: Common definitions for all hash algorithms. - * - *****************************************************************************/ - -#ifndef NTRU_CRYPTO_HASH_BASICS_H -#define NTRU_CRYPTO_HASH_BASICS_H - -#include - - -/************** - * algorithms * - **************/ - -typedef enum { - NTRU_CRYPTO_HASH_ALGID_NONE = 0, - NTRU_CRYPTO_HASH_ALGID_SHA1, - NTRU_CRYPTO_HASH_ALGID_SHA256, -} NTRU_CRYPTO_HASH_ALGID; - - -/*************** - * error codes * - ***************/ - -#define NTRU_CRYPTO_HASH_OK ((uint32_t)0x00) -#define NTRU_CRYPTO_HASH_FAIL ((uint32_t)0x01) -#define NTRU_CRYPTO_HASH_BAD_PARAMETER ((uint32_t)0x02) -#define NTRU_CRYPTO_HASH_OVERFLOW ((uint32_t)0x03) -#define NTRU_CRYPTO_HASH_BAD_ALG ((uint32_t)0x20) -#define NTRU_CRYPTO_HASH_OUT_OF_MEMORY ((uint32_t)0x21) - -// For backward-compatibility -typedef uint32_t NTRU_CRYPTO_HASH_ERROR; - - -/********* - * flags * - *********/ - -#define HASH_DATA_ONLY 0 -#define HASH_INIT (1 << 0) -#define HASH_FINISH (1 << 1) -#define HASH_ZERO_PAD (1 << 2) - - -#endif /* NTRU_CRYPTO_HASH_BASICS_H */ diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_msbyte_uint32.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_msbyte_uint32.c deleted file mode 100644 index e9492e3ba3..0000000000 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_msbyte_uint32.c +++ /dev/null @@ -1,92 +0,0 @@ -/****************************************************************************** - * NTRU Cryptography Reference Source Code - * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. - * - * ntru_crypto_mbyte_uint32.c is a component of ntru-crypto. - * - * Copyright (C) 2009-2013 Security Innovation - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - *****************************************************************************/ - -/****************************************************************************** - * - * File: ntru_crypto_msbyte_uint32.c - * - * Contents: Routines to convert between an array of bytes in network byte - * order (most-significant byte first) and an array of uint32 words. - * - *****************************************************************************/ - - -#include -#include "ntru_crypto_msbyte_uint32.h" - - -/* ntru_crypto_msbyte_2_uint32() - * - * This routine converts an array of bytes in network byte order to an array - * of uint32_t, placing the first byte in the most significant byte of the - * first uint32_t word. - * - * The number of bytes in the input stream MUST be at least 4 times the - * number of words expected in the output array. - */ - -void -ntru_crypto_msbyte_2_uint32( - uint32_t *words, // out - pointer to the output uint32_t array - uint8_t const *bytes, // in - pointer to the input byte array - uint32_t n) // in - number of words in the output array -{ - uint32_t i; - - for (i = 0; i < n; i++) { - words[i] = ((uint32_t) (*bytes++)) << 24; - words[i] |= ((uint32_t) (*bytes++)) << 16; - words[i] |= ((uint32_t) (*bytes++)) << 8; - words[i] |= (uint32_t) (*bytes++); - } -} - - -/* ntru_crypto_uint32_2_msbyte() - * - * This routine converts an array of uint32_t to an array of bytes in - * network byte order, placing the most significant byte of the first uint32_t - * word as the first byte of the output array. - * - * The number of bytes in the output stream will be 4 times the number of words - * specified in the input array. - */ - -void -ntru_crypto_uint32_2_msbyte( - uint8_t *bytes, // out - pointer to the output byte array - uint32_t const *words, // in - pointer to the input uint32_t array - uint32_t n) // in - number of words in the input array -{ - uint32_t i; - - for (i = 0; i < n; i++) { - *bytes++ = (uint8_t) (words[i] >> 24); - *bytes++ = (uint8_t) (words[i] >> 16); - *bytes++ = (uint8_t) (words[i] >> 8); - *bytes++ = (uint8_t) (words[i] ); - } -} - - diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_msbyte_uint32.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_msbyte_uint32.h deleted file mode 100644 index 180bd39b19..0000000000 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_msbyte_uint32.h +++ /dev/null @@ -1,75 +0,0 @@ -/****************************************************************************** - * NTRU Cryptography Reference Source Code - * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. - * - * ntru_crypto_msbyte_uint32.h is a component of ntru-crypto. - * - * Copyright (C) 2009-2013 Security Innovation - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - *****************************************************************************/ - -/****************************************************************************** - * - * File: ntru_crypto_msbyte_uint32.h - * - * Contents: Definitions and declarations for converting between a most- - * significant-first byte stream and a uint32_t array. - * - *****************************************************************************/ - -#ifndef NTRU_CRYPTO_MSBYTE_UINT32_H -#define NTRU_CRYPTO_MSBYTE_UINT32_H - - -#include - - -/* ntru_crypto_msbyte_2_uint32() - * - * This routine converts an array of bytes in network byte order to an array - * of uint32_t, placing the first byte in the most significant byte of the - * first uint32_t word. - * - * The number of bytes in the input stream MUST be at least 4 times the - * number of words expected in the output array. - */ - -extern void -ntru_crypto_msbyte_2_uint32( - uint32_t *words, // out - pointer to the output uint32_t array - uint8_t const *bytes, // in - pointer to the input byte array - uint32_t n); // in - number of words in the output array - - -/* ntru_crypto_uint32_2_msbyte() - * - * This routine converts an array of uint32_t to an array of bytes in - * network byte order, placing the most significant byte of the first uint32_t - * word as the first byte of the output array. - * - * The number of bytes in the output stream will be 4 times the number of words - * specified in the input array. - */ - -extern void -ntru_crypto_uint32_2_msbyte( - uint8_t *bytes, // out - pointer to the output byte array - uint32_t const *words, // in - pointer to the input uint32_t array - uint32_t n); // in - number of words in the input array - - -#endif /* NTRU_CRYPTO_MSBYTE_UINT32_H */ diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c index 2a2304cd27..ea230a0747 100644 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c @@ -106,7 +106,7 @@ ntru_crypto_ntru_encrypt( uint8_t *b_buf = NULL; uint8_t *tmp_buf = NULL; bool msg_rep_good = FALSE; - NTRU_CRYPTO_HASH_ALGID hash_algid; + hash_algorithm_t hash_algid; uint8_t md_len; uint16_t mprime_len = 0; uint16_t mod_q_mask; @@ -178,15 +178,17 @@ ntru_crypto_ntru_encrypt( b_buf = (uint8_t *)(r_buf + (dr << 1)); tmp_buf = (uint8_t *)scratch_buf; - /* set hash algorithm based on security strength */ - - if (params->sec_strength_len <= 20) { - hash_algid = NTRU_CRYPTO_HASH_ALGID_SHA1; - md_len = 20; - } else { - hash_algid = NTRU_CRYPTO_HASH_ALGID_SHA256; - md_len = 32; - } + /* set hash algorithm based on security strength */ + if (params->sec_strength_len <= 20) + { + hash_algid = HASH_SHA1; + md_len = 20; + } + else + { + hash_algid = HASH_SHA256; + md_len = 32; + } /* set constants */ @@ -424,7 +426,7 @@ ntru_crypto_ntru_decrypt( uint8_t *Mtrin_buf = NULL; uint8_t *M_buf = NULL; uint8_t *ptr = NULL; - NTRU_CRYPTO_HASH_ALGID hash_algid; + hash_algorithm_t hash_algid; uint8_t md_len; uint16_t cmprime_len; uint16_t mod_q_mask; @@ -502,14 +504,16 @@ ntru_crypto_ntru_decrypt( Mtrin_buf = (uint8_t *)ringel_buf1; M_buf = Mtrin_buf + params->N; - /* set hash algorithm based on security strength */ - - if (params->sec_strength_len <= 20) { - hash_algid = NTRU_CRYPTO_HASH_ALGID_SHA1; - md_len = 20; - } else { - hash_algid = NTRU_CRYPTO_HASH_ALGID_SHA256; - md_len = 32; + /* set hash algorithm based on security strength */ + if (params->sec_strength_len <= 20) + { + hash_algid = HASH_SHA1; + md_len = 20; + } + else + { + hash_algid = HASH_SHA256; + md_len = 32; } /* set constants */ @@ -802,7 +806,7 @@ ntru_crypto_ntru_encrypt_keygen( uint16_t *F_buf = NULL; uint8_t *tmp_buf = NULL; uint16_t mod_q_mask; - NTRU_CRYPTO_HASH_ALGID hash_algid; + hash_algorithm_t hash_algid; uint8_t md_len; uint16_t seed_len; uint32_t result = NTRU_OK; @@ -866,16 +870,18 @@ ntru_crypto_ntru_encrypt_keygen( F_buf = ringel_buf2 + params->N; tmp_buf = (uint8_t *)scratch_buf; - /* set hash algorithm and seed length based on security strength */ - - if (params->sec_strength_len <= 20) { - hash_algid = NTRU_CRYPTO_HASH_ALGID_SHA1; - md_len = 20; - } else { - hash_algid = NTRU_CRYPTO_HASH_ALGID_SHA256; - md_len = 32; - } - seed_len = params->sec_strength_len + 8; + /* set hash algorithm and seed length based on security strength */ + if (params->sec_strength_len <= 20) + { + hash_algid = HASH_SHA1; + md_len = 20; + } + else + { + hash_algid = HASH_SHA256; + md_len = 32; + } + seed_len = params->sec_strength_len + 8; /* set constants */ diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h index ad2b89b957..bdef7f9eae 100644 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h @@ -34,8 +34,6 @@ #define NTRU_CRYPTO_NTRU_ENCRYPT_PARAM_SETS_H #include "ntru_crypto.h" -#include "ntru_crypto_hash_basics.h" - /* structures */ @@ -105,20 +103,5 @@ extern NTRU_ENCRYPT_PARAM_SET * ntru_encrypt_get_params_with_OID( uint8_t const *oid); /* in - pointer to parameter-set OID */ - -/* ntru_encrypt_get_params_with_DER_id - * - * Looks up a set of NTRUEncrypt parameters based on the DER id of the - * parameter set. - * - * Returns a pointer to the parameter set parameters if successful. - * Returns NULL if the parameter set cannot be found. - */ - -extern NTRU_ENCRYPT_PARAM_SET * -ntru_encrypt_get_params_with_DER_id( - uint8_t der_id); /* in - parameter-set DER id */ - - #endif /* NTRU_CRYPTO_NTRU_ENCRYPT_PARAM_SETS_H */ diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_mgf1.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_mgf1.c index 194af4fc9e..fbbd6b63ed 100644 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_mgf1.c +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_mgf1.c @@ -53,45 +53,60 @@ uint32_t ntru_mgf1( - uint8_t *state, /* in/out - pointer to the state */ - NTRU_CRYPTO_HASH_ALGID algid, /* in - hash algorithm ID */ - uint8_t md_len, /* in - no. of octets in digest */ - uint8_t num_calls, /* in - no. of hash calls */ - uint16_t seed_len, /* in - no. of octets in seed */ - uint8_t const *seed, /* in - pointer to seed */ - uint8_t *out) /* out - address for output */ + uint8_t *state, /* in/out - pointer to the state */ + hash_algorithm_t hash_algid, /* in - hash algorithm ID */ + uint8_t md_len, /* in - no. of octets in digest */ + uint8_t num_calls, /* in - no. of hash calls */ + uint16_t seed_len, /* in - no. of octets in seed */ + uint8_t *seed, /* in - pointer to seed */ + uint8_t *out) /* out - address for output */ { - uint8_t *ctr = state + md_len; - uint32_t retcode; - - assert(state); - assert(out); - - /* if seed present, init state */ - - if (seed) { - if ((retcode = ntru_crypto_hash_digest(algid, seed, seed_len, state)) != - NTRU_CRYPTO_HASH_OK) - return retcode; - memset(ctr, 0, 4); - } - - /* generate output */ - - while (num_calls-- > 0) { - if ((retcode = ntru_crypto_hash_digest(algid, state, md_len + 4, - out)) != - NTRU_CRYPTO_HASH_OK) - return retcode; - out += md_len; - - /* increment counter */ - - if (++ctr[3] == 0) - if (++ctr[2] == 0) - if (++ctr[1] == 0) - ++ctr[0]; + uint8_t *ctr = state + md_len; + hasher_t *hasher; + + assert(state); + assert(out); + + hasher = lib->crypto->create_hasher(lib->crypto, hash_algid); + if (!hasher) + { + NTRU_RET(NTRU_FAIL); + } + + /* if seed present, init state */ + if (seed) + { + if (!hasher->get_hash(hasher, chunk_create(seed, seed_len), state)) + { + hasher->destroy(hasher); + NTRU_RET(NTRU_FAIL); + } + memset(ctr, 0, 4); + } + + /* generate output */ + while (num_calls-- > 0) + { + if (!hasher->get_hash(hasher, chunk_create(state, md_len + 4), out)) + { + hasher->destroy(hasher); + NTRU_RET(NTRU_FAIL); + } + out += md_len; + + /* increment counter */ + if (++ctr[3] == 0) + { + if (++ctr[2] == 0) + { + if (++ctr[1] == 0) + { + ++ctr[0]; + } + } + } } + hasher->destroy(hasher); NTRU_RET(NTRU_OK); } @@ -113,85 +128,93 @@ ntru_mgf1( uint32_t ntru_mgftp1( - NTRU_CRYPTO_HASH_ALGID hash_algid, /* in - hash alg ID for + hash_algorithm_t hash_algid, /* in - hash alg ID for MGF-TP-1 */ - uint8_t md_len, /* in - no. of octets in + uint8_t md_len, /* in - no. of octets in digest */ - uint8_t min_calls, /* in - minimum no. of hash + uint8_t min_calls, /* in - minimum no. of hash calls */ - uint16_t seed_len, /* in - no. of octets in seed */ - uint8_t *seed, /* in - pointer to seed */ - uint8_t *buf, /* in - pointer to working + uint16_t seed_len, /* in - no. of octets in seed */ + uint8_t *seed, /* in - pointer to seed */ + uint8_t *buf, /* in - pointer to working buffer */ - uint16_t num_trits_needed, /* in - no. of trits in mask */ - uint8_t *mask) /* out - address for mask trits */ + uint16_t num_trits_needed, /* in - no. of trits in mask */ + uint8_t *mask) /* out - address for mask trits */ { - uint8_t *mgf_out; - uint8_t *octets; - uint16_t octets_available; - uint32_t retcode; - - assert(seed); - assert(buf); - assert(mask); - - /* generate minimum MGF1 output */ - - mgf_out = buf + md_len + 4; - if ((retcode = ntru_mgf1(buf, hash_algid, md_len, min_calls, + uint8_t *mgf_out; + uint8_t *octets; + uint16_t octets_available; + uint32_t retcode; + + assert(seed); + assert(buf); + assert(mask); + + /* generate minimum MGF1 output */ + mgf_out = buf + md_len + 4; + if ((retcode = ntru_mgf1(buf, hash_algid, md_len, min_calls, seed_len, seed, mgf_out)) != NTRU_OK) - return retcode; - octets = mgf_out; - octets_available = min_calls * md_len; - - /* get trits for mask */ - - while (num_trits_needed >= 5) { - - /* get another octet and convert it to 5 trits */ - - if (octets_available == 0) { - if ((retcode = ntru_mgf1(buf, hash_algid, md_len, 1, + { + return retcode; + } + octets = mgf_out; + octets_available = min_calls * md_len; + + /* get trits for mask */ + while (num_trits_needed >= 5) + { + /* get another octet and convert it to 5 trits */ + if (octets_available == 0) + { + if ((retcode = ntru_mgf1(buf, hash_algid, md_len, 1, 0, NULL, mgf_out)) != NTRU_OK) - return retcode; - octets = mgf_out; - octets_available = md_len; - } - - if (*octets < 243) { - ntru_octet_2_trits(*octets, mask); - mask += 5; - num_trits_needed -= 5; - } - octets++; - --octets_available; - } - - /* get any remaining trits */ - - while (num_trits_needed) { - uint8_t trits[5]; - - /* get another octet and convert it to remaining trits */ - - if (octets_available == 0) { - if ((retcode = ntru_mgf1(buf, hash_algid, md_len, 1, + { + return retcode; + } + octets = mgf_out; + octets_available = md_len; + } + + if (*octets < 243) + { + ntru_octet_2_trits(*octets, mask); + mask += 5; + num_trits_needed -= 5; + } + octets++; + --octets_available; + } + + /* get any remaining trits */ + while (num_trits_needed) + { + uint8_t trits[5]; + + /* get another octet and convert it to remaining trits */ + if (octets_available == 0) + { + if ((retcode = ntru_mgf1(buf, hash_algid, md_len, 1, 0, NULL, mgf_out)) != NTRU_OK) - return retcode; - octets = mgf_out; - octets_available = md_len; - } - if (*octets < 243) { - ntru_octet_2_trits(*octets, trits); - memcpy(mask, trits, num_trits_needed); - num_trits_needed = 0; - } else { - octets++; - --octets_available; - } - } - - NTRU_RET(NTRU_OK); + { + return retcode; + } + octets = mgf_out; + octets_available = md_len; + } + if (*octets < 243) + { + ntru_octet_2_trits(*octets, trits); + memcpy(mask, trits, num_trits_needed); + num_trits_needed = 0; + } + else + { + octets++; + --octets_available; + } + } + + NTRU_RET(NTRU_OK); } diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_mgf1.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_mgf1.h index b3615fac89..43d710217c 100644 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_mgf1.h +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_mgf1.h @@ -36,8 +36,8 @@ #include "ntru_crypto.h" -#include "ntru_crypto_hash.h" +#include /* function declarations */ @@ -57,11 +57,11 @@ extern uint32_t ntru_mgf1( uint8_t *state, /* in/out - pointer to the state */ - NTRU_CRYPTO_HASH_ALGID algid, /* in - hash algorithm ID */ + hash_algorithm_t hash_algid, /* in - hash algorithm ID */ uint8_t md_len, /* in - no. of octets in digest */ uint8_t num_calls, /* in - no. of hash calls */ uint16_t seed_len, /* in - no. of octets in seed */ - uint8_t const *seed, /* in - pointer to seed */ + uint8_t *seed, /* in - pointer to seed */ uint8_t *out); /* out - address for output */ @@ -81,7 +81,7 @@ ntru_mgf1( extern uint32_t ntru_mgftp1( - NTRU_CRYPTO_HASH_ALGID hash_algid, /* in - hash alg ID for + hash_algorithm_t hash_algid, /* in - hash alg ID for MGF-TP-1 */ uint8_t md_len, /* in - no. of octets in digest */ diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c index 6fc34146dd..be45954373 100644 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c @@ -62,7 +62,7 @@ uint32_t ntru_gen_poly( - NTRU_CRYPTO_HASH_ALGID hash_algid, /* in - hash algorithm ID for + hash_algorithm_t hash_algid, /* in - hash algorithm ID for IGF-2 */ uint8_t md_len, /* in - no. of octets in digest */ uint8_t min_calls, /* in - minimum no. of hash diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.h index 242fb41097..33939fe058 100644 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.h +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.h @@ -37,7 +37,8 @@ #include "ntru_crypto.h" -#include "ntru_crypto_hash_basics.h" + +#include /* function declarations */ @@ -65,7 +66,7 @@ extern uint32_t ntru_gen_poly( - NTRU_CRYPTO_HASH_ALGID hash_algid, /* in - hash algorithm ID for + hash_algorithm_t hash_algid, /* in - hash algorithm ID for IGF-2 */ uint8_t md_len, /* in - no. of octets in digest */ uint8_t min_calls, /* in - minimum no. of hash diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha.h deleted file mode 100644 index 776d10a4ee..0000000000 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha.h +++ /dev/null @@ -1,65 +0,0 @@ -/****************************************************************************** - * NTRU Cryptography Reference Source Code - * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. - * - * ntru_crypto_sha.h is a component of ntru-crypto. - * - * Copyright (C) 2009-2013 Security Innovation - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - *****************************************************************************/ - -/****************************************************************************** - * - * File: ntru_crypto_sha.h - * - * Contents: Definitions and declarations common to all SHA hash algorithms. - * - *****************************************************************************/ - -#ifndef NTRU_CRYPTO_SHA_H -#define NTRU_CRYPTO_SHA_H - - -#include "ntru_crypto_error.h" -#include "ntru_crypto_hash_basics.h" - - -/*************** - * error codes * - ***************/ - -#define SHA_OK ((uint32_t)NTRU_CRYPTO_HASH_OK) -#define SHA_FAIL ((uint32_t)NTRU_CRYPTO_HASH_FAIL) -#define SHA_BAD_PARAMETER ((uint32_t)NTRU_CRYPTO_HASH_BAD_PARAMETER) -#define SHA_OVERFLOW ((uint32_t)NTRU_CRYPTO_HASH_OVERFLOW) - -#define SHA_RESULT(r) ((uint32_t)((r) ? SHA_ERROR_BASE + (r) : (r))) -#define SHA_RET(r) return SHA_RESULT(r); - - -/********* - * flags * - *********/ - -#define SHA_DATA_ONLY HASH_DATA_ONLY -#define SHA_INIT HASH_INIT -#define SHA_FINISH HASH_FINISH -#define SHA_ZERO_PAD HASH_ZERO_PAD - - -#endif /* NTRU_CRYPTO_SHA_H */ - diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha1.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha1.c deleted file mode 100644 index 0469ca1d77..0000000000 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha1.c +++ /dev/null @@ -1,588 +0,0 @@ -/****************************************************************************** - * NTRU Cryptography Reference Source Code - * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. - * - * ntru_crypto_ntru_crypto_sha1.c is a component of ntru-crypto. - * - * Copyright (C) 2009-2013 Security Innovation - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - *****************************************************************************/ - -/****************************************************************************** - * - * File: ntru_crypto_sha1.c - * - * Contents: Routines implementing the SHA-1 hash calculation. - * - *****************************************************************************/ - - -#include -#include -#include "ntru_crypto_sha1.h" -#include "ntru_crypto_msbyte_uint32.h" - - -/* chaining state elements */ - -#define H0 state[0] -#define H1 state[1] -#define H2 state[2] -#define H3 state[3] -#define H4 state[4] - - -/* standard SHA-1 initialization values */ - -#define H0_INIT 0x67452301UL -#define H1_INIT 0xefcdab89UL -#define H2_INIT 0x98badcfeUL -#define H3_INIT 0x10325476UL -#define H4_INIT 0xc3d2e1f0UL - - -/* sha1_blk() - * - * This routine updates the current hash output (chaining state) - * by performing SHA-1 on a 512-bit block of data represented as sixteen - * 32-bit words. - */ - -#define K00_19 0x5a827999UL -#define K20_39 0x6ed9eba1UL -#define K40_59 0x8f1bbcdcUL -#define K60_79 0xca62c1d6UL - -#define RL(a, n) ( ((a) << (n)) | ((a) >> (32 - (n))) ) - - -static void -sha1_blk( - uint32_t const *data, // in - ptr to 16 32-bit word input block - uint32_t *state) // in/out - ptr to 5 32-bit word chaining state -{ - uint32_t A, B, C, D, E; - uint32_t w[16]; - - /* init A - E */ - - A = H0; B = H1; C = H2; D = H3; E = H4; - - /* rounds 0 - 15 */ - - E += RL(A, 5) + K00_19 + (B & (C ^ D) ^ D) + data[ 0]; B = RL(B, 30); - D += RL(E, 5) + K00_19 + (A & (B ^ C) ^ C) + data[ 1]; A = RL(A, 30); - C += RL(D, 5) + K00_19 + (E & (A ^ B) ^ B) + data[ 2]; E = RL(E, 30); - B += RL(C, 5) + K00_19 + (D & (E ^ A) ^ A) + data[ 3]; D = RL(D, 30); - A += RL(B, 5) + K00_19 + (C & (D ^ E) ^ E) + data[ 4]; C = RL(C, 30); - E += RL(A, 5) + K00_19 + (B & (C ^ D) ^ D) + data[ 5]; B = RL(B, 30); - D += RL(E, 5) + K00_19 + (A & (B ^ C) ^ C) + data[ 6]; A = RL(A, 30); - C += RL(D, 5) + K00_19 + (E & (A ^ B) ^ B) + data[ 7]; E = RL(E, 30); - B += RL(C, 5) + K00_19 + (D & (E ^ A) ^ A) + data[ 8]; D = RL(D, 30); - A += RL(B, 5) + K00_19 + (C & (D ^ E) ^ E) + data[ 9]; C = RL(C, 30); - E += RL(A, 5) + K00_19 + (B & (C ^ D) ^ D) + data[10]; B = RL(B, 30); - D += RL(E, 5) + K00_19 + (A & (B ^ C) ^ C) + data[11]; A = RL(A, 30); - C += RL(D, 5) + K00_19 + (E & (A ^ B) ^ B) + data[12]; E = RL(E, 30); - B += RL(C, 5) + K00_19 + (D & (E ^ A) ^ A) + data[13]; D = RL(D, 30); - A += RL(B, 5) + K00_19 + (C & (D ^ E) ^ E) + data[14]; C = RL(C, 30); - E += RL(A, 5) + K00_19 + (B & (C ^ D) ^ D) + data[15]; B = RL(B, 30); - - /* rounds 16 - 19 */ - - w[ 0] = data[ 0] ^ data[ 2] ^ data[ 8] ^ data[13]; w[ 0] = RL(w[0], 1); - D += RL(E, 5) + K00_19 + (A & (B ^ C) ^ C) + w[ 0]; A = RL(A, 30); - w[ 1] = data[ 1] ^ data[ 3] ^ data[ 9] ^ data[14]; w[ 1] = RL(w[1], 1); - C += RL(D, 5) + K00_19 + (E & (A ^ B) ^ B) + w[ 1]; E = RL(E, 30); - w[ 2] = data[ 2] ^ data[ 4] ^ data[10] ^ data[15]; w[ 2] = RL(w[ 2], 1); - B += RL(C, 5) + K00_19 + (D & (E ^ A) ^ A) + w[ 2]; D = RL(D, 30); - w[ 3] = data[ 3] ^ data[ 5] ^ data[11] ^ w[ 0]; w[ 3] = RL(w[ 3], 1); - A += RL(B, 5) + K00_19 + (C & (D ^ E) ^ E) + w[ 3]; C = RL(C, 30); - - /* rounds 20 - 39 */ - - w[ 4] = data[ 4] ^ data[ 6] ^ data[12] ^ w[ 1]; w[ 4] = RL(w[ 4], 1); - E += RL(A, 5) + K20_39 + (B ^ C ^ D) + w[ 4]; B = RL(B, 30); - w[ 5] = data[ 5] ^ data[ 7] ^ data[13] ^ w[ 2]; w[ 5] = RL(w[ 5], 1); - D += RL(E, 5) + K20_39 + (A ^ B ^ C) + w[ 5]; A = RL(A, 30); - w[ 6] = data[ 6] ^ data[ 8] ^ data[14] ^ w[ 3]; w[ 6] = RL(w[ 6], 1); - C += RL(D, 5) + K20_39 + (E ^ A ^ B) + w[ 6]; E = RL(E, 30); - w[ 7] = data[ 7] ^ data[ 9] ^ data[15] ^ w[ 4]; w[ 7] = RL(w[ 7], 1); - B += RL(C, 5) + K20_39 + (D ^ E ^ A) + w[ 7]; D = RL(D, 30); - w[ 8] = data[ 8] ^ data[10] ^ w[ 0] ^ w[ 5]; w[ 8] = RL(w[ 8], 1); - A += RL(B, 5) + K20_39 + (C ^ D ^ E) + w[ 8]; C = RL(C, 30); - w[ 9] = data[ 9] ^ data[11] ^ w[ 1] ^ w[ 6]; w[ 9] = RL(w[ 9], 1); - E += RL(A, 5) + K20_39 + (B ^ C ^ D) + w[ 9]; B = RL(B, 30); - w[10] = data[10] ^ data[12] ^ w[ 2] ^ w[ 7]; w[10] = RL(w[10], 1); - D += RL(E, 5) + K20_39 + (A ^ B ^ C) + w[10]; A = RL(A, 30); - w[11] = data[11] ^ data[13] ^ w[ 3] ^ w[ 8]; w[11] = RL(w[11], 1); - C += RL(D, 5) + K20_39 + (E ^ A ^ B) + w[11]; E = RL(E, 30); - w[12] = data[12] ^ data[14] ^ w[ 4] ^ w[ 9]; w[12] = RL(w[12], 1); - B += RL(C, 5) + K20_39 + (D ^ E ^ A) + w[12]; D = RL(D, 30); - w[13] = data[13] ^ data[15] ^ w[ 5] ^ w[10]; w[13] = RL(w[13], 1); - A += RL(B, 5) + K20_39 + (C ^ D ^ E) + w[13]; C = RL(C, 30); - w[14] = data[14] ^ w[ 0] ^ w[ 6] ^ w[11]; w[14] = RL(w[14], 1); - E += RL(A, 5) + K20_39 + (B ^ C ^ D) + w[14]; B = RL(B, 30); - w[15] = data[15] ^ w[ 1] ^ w[ 7] ^ w[12]; w[15] = RL(w[15], 1); - D += RL(E, 5) + K20_39 + (A ^ B ^ C) + w[15]; A = RL(A, 30); - w[ 0] = w[ 0] ^ w[ 2] ^ w[ 8] ^ w[13]; w[ 0] = RL(w[ 0], 1); - C += RL(D, 5) + K20_39 + (E ^ A ^ B) + w[ 0]; E = RL(E, 30); - w[ 1] = w[ 1] ^ w[ 3] ^ w[ 9] ^ w[14]; w[ 1] = RL(w[ 1], 1); - B += RL(C, 5) + K20_39 + (D ^ E ^ A) + w[ 1]; D = RL(D, 30); - w[ 2] = w[ 2] ^ w[ 4] ^ w[10] ^ w[15]; w[ 2] = RL(w[ 2], 1); - A += RL(B, 5) + K20_39 + (C ^ D ^ E) + w[ 2]; C = RL(C, 30); - w[ 3] = w[ 3] ^ w[ 5] ^ w[11] ^ w[ 0]; w[ 3] = RL(w[ 3], 1); - E += RL(A, 5) + K20_39 + (B ^ C ^ D) + w[ 3]; B = RL(B, 30); - w[ 4] = w[ 4] ^ w[ 6] ^ w[12] ^ w[ 1]; w[ 4] = RL(w[ 4], 1); - D += RL(E, 5) + K20_39 + (A ^ B ^ C) + w[ 4]; A = RL(A, 30); - w[ 5] = w[ 5] ^ w[ 7] ^ w[13] ^ w[ 2]; w[ 5] = RL(w[ 5], 1); - C += RL(D, 5) + K20_39 + (E ^ A ^ B) + w[ 5]; E = RL(E, 30); - w[ 6] = w[ 6] ^ w[ 8] ^ w[14] ^ w[ 3]; w[ 6] = RL(w[ 6], 1); - B += RL(C, 5) + K20_39 + (D ^ E ^ A) + w[ 6]; D = RL(D, 30); - w[ 7] = w[ 7] ^ w[ 9] ^ w[15] ^ w[ 4]; w[ 7] = RL(w[ 7], 1); - A += RL(B, 5) + K20_39 + (C ^ D ^ E) + w[ 7]; C = RL(C, 30); - - /* rounds 40 - 59 */ - - w[ 8] = w[ 8] ^ w[10] ^ w[ 0] ^ w[ 5]; w[ 8] = RL(w[ 8], 1); - E += RL(A, 5) + K40_59 + ((B & C) | (D & (B | C))) + w[ 8]; B = RL(B, 30); - w[ 9] = w[ 9] ^ w[11] ^ w[ 1] ^ w[ 6]; w[ 9] = RL(w[ 9], 1); - D += RL(E, 5) + K40_59 + ((A & B) | (C & (A | B))) + w[ 9]; A = RL(A, 30); - w[10] = w[10] ^ w[12] ^ w[ 2] ^ w[ 7]; w[10] = RL(w[10], 1); - C += RL(D, 5) + K40_59 + ((E & A) | (B & (E | A))) + w[10]; E = RL(E, 30); - w[11] = w[11] ^ w[13] ^ w[ 3] ^ w[ 8]; w[11] = RL(w[11], 1); - B += RL(C, 5) + K40_59 + ((D & E) | (A & (D | E))) + w[11]; D = RL(D, 30); - w[12] = w[12] ^ w[14] ^ w[ 4] ^ w[ 9]; w[12] = RL(w[12], 1); - A += RL(B, 5) + K40_59 + ((C & D) | (E & (C | D))) + w[12]; C = RL(C, 30); - w[13] = w[13] ^ w[15] ^ w[ 5] ^ w[10]; w[13] = RL(w[13], 1); - E += RL(A, 5) + K40_59 + ((B & C) | (D & (B | C))) + w[13]; B = RL(B, 30); - w[14] = w[14] ^ w[ 0] ^ w[ 6] ^ w[11]; w[14] = RL(w[14], 1); - D += RL(E, 5) + K40_59 + ((A & B) | (C & (A | B))) + w[14]; A = RL(A, 30); - w[15] = w[15] ^ w[ 1] ^ w[ 7] ^ w[12]; w[15] = RL(w[15], 1); - C += RL(D, 5) + K40_59 + ((E & A) | (B & (E | A))) + w[15]; E = RL(E, 30); - w[ 0] = w[ 0] ^ w[ 2] ^ w[ 8] ^ w[13]; w[ 0] = RL(w[ 0], 1); - B += RL(C, 5) + K40_59 + ((D & E) | (A & (D | E))) + w[ 0]; D = RL(D, 30); - w[ 1] = w[ 1] ^ w[ 3] ^ w[ 9] ^ w[14]; w[ 1] = RL(w[ 1], 1); - A += RL(B, 5) + K40_59 + ((C & D) | (E & (C | D))) + w[ 1]; C = RL(C, 30); - w[ 2] = w[ 2] ^ w[ 4] ^ w[10] ^ w[15]; w[ 2] = RL(w[ 2], 1); - E += RL(A, 5) + K40_59 + ((B & C) | (D & (B | C))) + w[ 2]; B = RL(B, 30); - w[ 3] = w[ 3] ^ w[ 5] ^ w[11] ^ w[ 0]; w[ 3] = RL(w[ 3], 1); - D += RL(E, 5) + K40_59 + ((A & B) | (C & (A | B))) + w[ 3]; A = RL(A, 30); - w[ 4] = w[ 4] ^ w[ 6] ^ w[12] ^ w[ 1]; w[ 4] = RL(w[ 4], 1); - C += RL(D, 5) + K40_59 + ((E & A) | (B & (E | A))) + w[ 4]; E = RL(E, 30); - w[ 5] = w[ 5] ^ w[ 7] ^ w[13] ^ w[ 2]; w[ 5] = RL(w[ 5], 1); - B += RL(C, 5) + K40_59 + ((D & E) | (A & (D | E))) + w[ 5]; D = RL(D, 30); - w[ 6] = w[ 6] ^ w[ 8] ^ w[14] ^ w[ 3]; w[ 6] = RL(w[ 6], 1); - A += RL(B, 5) + K40_59 + ((C & D) | (E & (C | D))) + w[ 6]; C = RL(C, 30); - w[ 7] = w[ 7] ^ w[ 9] ^ w[15] ^ w[ 4]; w[ 7] = RL(w[ 7], 1); - E += RL(A, 5) + K40_59 + ((B & C) | (D & (B | C))) + w[ 7]; B = RL(B, 30); - w[ 8] = w[ 8] ^ w[10] ^ w[ 0] ^ w[ 5]; w[ 8] = RL(w[ 8], 1); - D += RL(E, 5) + K40_59 + ((A & B) | (C & (A | B))) + w[ 8]; A = RL(A, 30); - w[ 9] = w[ 9] ^ w[11] ^ w[ 1] ^ w[ 6]; w[ 9] = RL(w[ 9], 1); - C += RL(D, 5) + K40_59 + ((E & A) | (B & (E | A))) + w[ 9]; E = RL(E, 30); - w[10] = w[10] ^ w[12] ^ w[ 2] ^ w[ 7]; w[10] = RL(w[10], 1); - B += RL(C, 5) + K40_59 + ((D & E) | (A & (D | E))) + w[10]; D = RL(D, 30); - w[11] = w[11] ^ w[13] ^ w[ 3] ^ w[ 8]; w[11] = RL(w[11], 1); - A += RL(B, 5) + K40_59 + ((C & D) | (E & (C | D))) + w[11]; C = RL(C, 30); - - /* rounds 60 - 79 */ - - w[12] = w[12] ^ w[14] ^ w[ 4] ^ w[ 9]; w[12] = RL(w[12], 1); - E += RL(A, 5) + K60_79 + (B ^ C ^ D) + w[12]; B = RL(B, 30); - w[13] = w[13] ^ w[15] ^ w[ 5] ^ w[10]; w[13] = RL(w[13], 1); - D += RL(E, 5) + K60_79 + (A ^ B ^ C) + w[13]; A = RL(A, 30); - w[14] = w[14] ^ w[ 0] ^ w[ 6] ^ w[11]; w[14] = RL(w[14], 1); - C += RL(D, 5) + K60_79 + (E ^ A ^ B) + w[14]; E = RL(E, 30); - w[15] = w[15] ^ w[ 1] ^ w[ 7] ^ w[12]; w[15] = RL(w[15], 1); - B += RL(C, 5) + K60_79 + (D ^ E ^ A) + w[15]; D = RL(D, 30); - w[ 0] = w[ 0] ^ w[ 2] ^ w[ 8] ^ w[13]; w[ 0] = RL(w[ 0], 1); - A += RL(B, 5) + K60_79 + (C ^ D ^ E) + w[ 0]; C = RL(C, 30); - w[ 1] = w[ 1] ^ w[ 3] ^ w[ 9] ^ w[14]; w[ 1] = RL(w[ 1], 1); - E += RL(A, 5) + K60_79 + (B ^ C ^ D) + w[ 1]; B = RL(B, 30); - w[ 2] = w[ 2] ^ w[ 4] ^ w[10] ^ w[15]; w[ 2] = RL(w[ 2], 1); - D += RL(E, 5) + K60_79 + (A ^ B ^ C) + w[ 2]; A = RL(A, 30); - w[ 3] = w[ 3] ^ w[ 5] ^ w[11] ^ w[ 0]; w[ 3] = RL(w[ 3], 1); - C += RL(D, 5) + K60_79 + (E ^ A ^ B) + w[ 3]; E = RL(E, 30); - w[ 4] = w[ 4] ^ w[ 6] ^ w[12] ^ w[ 1]; w[ 4] = RL(w[ 4], 1); - B += RL(C, 5) + K60_79 + (D ^ E ^ A) + w[ 4]; D = RL(D, 30); - w[ 5] = w[ 5] ^ w[ 7] ^ w[13] ^ w[ 2]; w[ 5] = RL(w[ 5], 1); - A += RL(B, 5) + K60_79 + (C ^ D ^ E) + w[ 5]; C = RL(C, 30); - w[ 6] = w[ 6] ^ w[ 8] ^ w[14] ^ w[ 3]; w[ 6] = RL(w[ 6], 1); - E += RL(A, 5) + K60_79 + (B ^ C ^ D) + w[ 6]; B = RL(B, 30); - w[ 7] = w[ 7] ^ w[ 9] ^ w[15] ^ w[ 4]; w[ 7] = RL(w[ 7], 1); - D += RL(E, 5) + K60_79 + (A ^ B ^ C) + w[ 7]; A = RL(A, 30); - w[ 8] = w[ 8] ^ w[10] ^ w[ 0] ^ w[ 5]; w[ 8] = RL(w[ 8], 1); - C += RL(D, 5) + K60_79 + (E ^ A ^ B) + w[ 8]; E = RL(E, 30); - w[ 9] = w[ 9] ^ w[11] ^ w[ 1] ^ w[ 6]; w[ 9] = RL(w[ 9], 1); - B += RL(C, 5) + K60_79 + (D ^ E ^ A) + w[ 9]; D = RL(D, 30); - w[10] = w[10] ^ w[12] ^ w[ 2] ^ w[ 7]; w[10] = RL(w[10], 1); - A += RL(B, 5) + K60_79 + (C ^ D ^ E) + w[10]; C = RL(C, 30); - w[11] = w[11] ^ w[13] ^ w[ 3] ^ w[ 8]; w[11] = RL(w[11], 1); - E += RL(A, 5) + K60_79 + (B ^ C ^ D) + w[11]; B = RL(B, 30); - w[12] = w[12] ^ w[14] ^ w[ 4] ^ w[ 9]; w[12] = RL(w[12], 1); - D += RL(E, 5) + K60_79 + (A ^ B ^ C) + w[12]; A = RL(A, 30); - w[13] = w[13] ^ w[15] ^ w[ 5] ^ w[10]; - C += RL(D, 5) + K60_79 + (E ^ A ^ B) + RL(w[13], 1); E = RL(E, 30); - w[14] = w[14] ^ w[ 0] ^ w[ 6] ^ w[11]; - B += RL(C, 5) + K60_79 + (D ^ E ^ A) + RL(w[14], 1); D = RL(D, 30); - - /* update H0 - H4 */ - - w[15] = w[15] ^ w[ 1] ^ w[ 7] ^ w[12]; - H0 += A + RL(B, 5) + K60_79 + (C ^ D ^ E) + RL(w[15], 1); - H1 += B; - H2 += RL(C, 30); - H3 += D; - H4 += E; - - /* clear temp variables */ - - A = B = C = D = E = 0; - memset(w, 0, sizeof(w)); -} - - -/* ntru_crypto_sha1() - * - * This routine provides all operations for a SHA-1 hash, and the use - * of SHA-1 for DSA signing and key generation. - * It may be used to initialize, update, or complete a message digest, - * or any combination of those actions, as determined by the SHA_INIT flag, - * the in_len parameter, and the SHA_FINISH flag, respectively. - * - * When in_len == 0 (no data to hash), the parameter, in, may be NULL. - * When the SHA_FINISH flag is not set, the parameter, md, may be NULL. - * - * Initialization may be standard or use a specified initialization vector, - * and is indicated by setting the SHA_INIT flag. - * Setting init = NULL specifies standard initialization. Otherwise, init - * points to the array of five alternate initialization 32-bit words. - * - * The hash operation can be updated with any number of input bytes, including - * zero. - * - * The hash operation can be completed with normal padding or with zero - * padding as required for parts of DSA parameter generation, and is indicated - * by setting the SHA_FINISH flag. Using zero padding, indicated by setting - * the SHA_ZERO_PAD flag, never creates an extra input block because the - * bit count is not included in the hashed data. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -uint32_t -ntru_crypto_sha1( - NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */ - uint32_t const *init, /* in - pointer to alternate */ - /* initialization - may be NULL */ - uint8_t const *in, /* in - pointer to input data - - may be NULL if in_len == 0 */ - uint32_t in_len, /* in - number of input data bytes */ - uint32_t flags, /* in - INIT, FINISH, zero-pad flags */ - uint8_t *md) /* out - address for message digest - - may be NULL if not FINISH */ -{ - uint32_t in_blk[16]; /* input block */ - uint32_t space; - uint8_t *d = NULL; - - /* check error conditions */ - - if (!c || (in_len && !in) || ((flags & SHA_FINISH) && !md)) - SHA_RET(SHA_BAD_PARAMETER) - - /* initialize context if requested */ - - if (flags & SHA_INIT) { - - /* init chaining state */ - - if (!init) { - c->state[0] = H0_INIT; // standard initialization - c->state[1] = H1_INIT; - c->state[2] = H2_INIT; - c->state[3] = H3_INIT; - c->state[4] = H4_INIT; - } else { - c->state[0] = init[0]; // alternate initialization - c->state[1] = init[1]; - c->state[2] = init[2]; - c->state[3] = init[3]; - c->state[4] = init[4]; - } - - /* init bit count and number of unhashed data bytes */ - - c->num_bits_hashed[0] = 0; - c->num_bits_hashed[1] = 0; - c->unhashed_len = 0; - } - - /* determine space left in unhashed data buffer */ - - if (c->unhashed_len > 63) - SHA_RET(SHA_FAIL) - - space = 64 - c->unhashed_len; - - /* process input if it exists */ - - if (in_len) { - - /* update count of bits hashed */ - - { - uint32_t bits0, bits1; - - bits0 = in_len << 3; - bits1 = in_len >> 29; - if ((c->num_bits_hashed[0] += bits0) < bits0) - bits1++; - if ((c->num_bits_hashed[1] += bits1) < bits1) { - memset((uint8_t *) c, 0, sizeof(NTRU_CRYPTO_SHA1_CTX)); - space = 0; - memset((char *) in_blk, 0, sizeof(in_blk)); - SHA_RET(SHA_OVERFLOW) - } - } - - /* process input bytes */ - - if (in_len < space) { - - /* input does not fill block buffer: - * add input to buffer - */ - - memcpy(c->unhashed + c->unhashed_len, in, in_len); - c->unhashed_len += in_len; - - } else { - uint32_t blks; - - /* input will fill block buffer: - * fill unhashed data buffer, - * convert to block buffer, - * and process block - */ - - in_len -= space; - for (d = c->unhashed + c->unhashed_len; space; space--) - *d++ = *in++; - ntru_crypto_msbyte_2_uint32(in_blk, (uint8_t const *) c->unhashed, - 16); - sha1_blk((uint32_t const *) in_blk, c->state); - - /* process any remaining full blocks */ - - for (blks = in_len >> 6; blks--; in += 64) { - ntru_crypto_msbyte_2_uint32(in_blk, in, 16); - sha1_blk((uint32_t const *) in_blk, c->state); - } - - /* put any remaining input in the unhashed data buffer */ - - in_len &= 0x3f; - memcpy(c->unhashed, in, in_len); - c->unhashed_len = in_len; - } - } - - /* complete message digest if requested */ - - if (flags & SHA_FINISH) { - space = 64 - c->unhashed_len; - - /* check padding type */ - - if (!(flags & SHA_ZERO_PAD)) { - - /* add 0x80 padding byte to the unhashed data buffer - * (there is always space since the buffer can't be full) - */ - - d = c->unhashed + c->unhashed_len; - *d++ = 0x80; - space--; - - /* check for space for bit count */ - - if (space < 8) { - - /* no space for count: - * fill remainder of unhashed data buffer with zeros, - * convert to input block, - * process block, - * fill all but 8 bytes of unhashed data buffer with zeros - */ - - memset(d, 0, space); - ntru_crypto_msbyte_2_uint32(in_blk, - (uint8_t const *) c->unhashed, 16); - sha1_blk((uint32_t const *) in_blk, c->state); - memset(c->unhashed, 0, 56); - - } else { - - /* fill unhashed data buffer with zeros, - * leaving space for bit count - */ - - for (space -= 8; space; space--) - *d++ = 0; - } - - /* convert partially filled unhashed data buffer to input block and - * add bit count to input block - */ - - ntru_crypto_msbyte_2_uint32(in_blk, (uint8_t const *) c->unhashed, - 14); - in_blk[14] = c->num_bits_hashed[1]; - in_blk[15] = c->num_bits_hashed[0]; - - } else { - - /* pad unhashed data buffer with zeros and no bit count and - * convert to input block - */ - - memset(c->unhashed + c->unhashed_len, 0, space); - ntru_crypto_msbyte_2_uint32(in_blk, (uint8_t const *) c->unhashed, - 16); - } - - /* process last block */ - - sha1_blk((uint32_t const *) in_blk, c->state); - - /* copy result to message digest buffer */ - - ntru_crypto_uint32_2_msbyte(md, c->state, 5); - - /* clear context and stack variables */ - - memset((uint8_t *) c, 0, sizeof(NTRU_CRYPTO_SHA1_CTX)); - space = 0; - memset((char *) in_blk, 0, sizeof(in_blk)); - } - - SHA_RET(SHA_OK) -} - - -/* ntru_crypto_sha1_init - * - * This routine performs standard initialization of the SHA-1 state. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - */ - -uint32_t -ntru_crypto_sha1_init( - NTRU_CRYPTO_SHA1_CTX *c) /* in/out - pointer to SHA-1 context */ -{ - return ntru_crypto_sha1(c, NULL, NULL, 0, SHA_INIT, NULL); -} - - -/* ntru_crypto_sha1_update - * - * This routine processes input data and updates the SHA-1 hash calculation. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -uint32_t -ntru_crypto_sha1_update( - NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */ - uint8_t const *data, /* in - pointer to input data */ - uint32_t data_len) /* in - number of bytes of input data */ -{ - return ntru_crypto_sha1(c, NULL, data, data_len, SHA_DATA_ONLY, NULL); -} - - -/* ntru_crypto_sha1_final - * - * This routine completes the SHA-1 hash calculation and returns the - * message digest. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -uint32_t -ntru_crypto_sha1_final( - NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */ - uint8_t *md) /* out - address for message digest */ -{ - return ntru_crypto_sha1(c, NULL, NULL, 0, SHA_FINISH, md); -} - - -/* ntru_crypto_sha1_final_zero_pad - * - * This routine completes the SHA-1 hash calculation using zero padding - * and returns the message digest. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -uint32_t -ntru_crypto_sha1_final_zero_pad( - NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */ - uint8_t *md) /* out - address for message digest */ -{ - return ntru_crypto_sha1(c, NULL, NULL, 0, SHA_FINISH | SHA_ZERO_PAD, md); -} - - -/* ntru_crypto_sha1_digest - * - * This routine computes a SHA-1 message digest. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -uint32_t -ntru_crypto_sha1_digest( - uint8_t const *data, // in - pointer to input data - uint32_t data_len, // in - number of bytes of input data - uint8_t *md) // out - address for message digest -{ - NTRU_CRYPTO_SHA1_CTX c; - - return ntru_crypto_sha1(&c, NULL, data, data_len, SHA_INIT | SHA_FINISH, - md); -} - diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha1.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha1.h deleted file mode 100644 index 5555317226..0000000000 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha1.h +++ /dev/null @@ -1,205 +0,0 @@ -/****************************************************************************** - * NTRU Cryptography Reference Source Code - * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. - * - * ntru_crypto_crypto_sha1.h is a component of ntru-crypto. - * - * Copyright (C) 2009-2013 Security Innovation - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - *****************************************************************************/ - -/****************************************************************************** - * - * File: ntru_crypto_sha1.h - * - * Contents: Definitions and declarations for the SHA-1 implementation. - * - *****************************************************************************/ - -#ifndef NTRU_CRYPTO_SHA1_H -#define NTRU_CRYPTO_SHA1_H - - -#include "ntru_crypto_sha.h" - -#include - -/****************************************** - * macros needed for generic hash objects * - ******************************************/ - -#define SHA_1_CTX_LEN sizeof(SHA1_CTX) /* no. bytes in SHA-1 - ctx */ -#define SHA_1_BLK_LEN 64 /* 64 bytes in input - block */ -#define SHA_1_MD_LEN 20 /* 20 bytes in msg - digest */ -#define SHA_1_INIT_FN &ntru_crypto_sha1_init /* init function */ -#define SHA_1_UPDATE_FN &ntru_crypto_sha1_update /* update function */ -#define SHA_1_FINAL_FN &ntru_crypto_sha1_final /* final function */ -#define SHA_1_FINAL_ZERO_PAD_FN \ - &ntru_crypto_sha1_final_zero_pad - /* final function using - zero padding */ -#define SHA_1_DIGEST_FN &ntru_crypto_sha1_digest /* digest function */ - - -/************************* - * structure definitions * - *************************/ - -/* SHA-1 context structure */ - -typedef struct { - uint32_t state[5]; // chaining state - uint32_t num_bits_hashed[2]; // number of bits hashed - uint8_t unhashed[64]; // input data not yet hashed - uint32_t unhashed_len; // number of bytes of unhashed input data -} NTRU_CRYPTO_SHA1_CTX; - - -/************************* - * function declarations * - *************************/ - -/* ntru_crypto_sha1() - * - * This routine provides all operations for a SHA-1 hash, and the use - * of SHA-1 for DSA signing and key generation. - * It may be used to initialize, update, or complete a message digest, - * or any combination of those actions, as determined by the SHA_INIT flag, - * the in_len parameter, and the SHA_FINISH flag, respectively. - * - * When in_len == 0 (no data to hash), the parameter, in, may be NULL. - * When the SHA_FINISH flag is not set, the parameter, md, may be NULL. - * - * Initialization may be standard or use a specified initialization vector, - * and is indicated by setting the SHA_INIT flag. - * Setting init = NULL specifies standard initialization. Otherwise, init - * points to the array of five alternate initialization 32-bit words. - * - * The hash operation can be updated with any number of input bytes, including - * zero. - * - * The hash operation can be completed with normal padding or with zero - * padding as required for parts of DSA parameter generation, and is indicated - * by setting the SHA_FINISH flag. Using zero padding, indicated by setting - * the SHA_ZERO_PAD flag, never creates an extra input block because the - * bit count is not included in the hashed data. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -extern uint32_t -ntru_crypto_sha1( - NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */ - uint32_t const *init, /* in - pointer to alternate */ - /* initialization - may be NULL */ - uint8_t const *in, /* in - pointer to input data - - may be NULL if in_len == 0 */ - uint32_t in_len, /* in - number of input data bytes */ - uint32_t flags, /* in - INIT, FINISH, zero-pad flags */ - uint8_t *md); /* out - address for message digest - - may be NULL if not FINISH */ - - -/* ntru_crypto_sha1_init - * - * This routine performs standard initialization of the SHA-1 state. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - */ - -extern uint32_t -ntru_crypto_sha1_init( - NTRU_CRYPTO_SHA1_CTX *c); /* in/out - pointer to SHA-1 context */ - - -/* ntru_crypto_sha1_update - * - * This routine processes input data and updates the SHA-1 hash calculation. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -extern uint32_t -ntru_crypto_sha1_update( - NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */ - uint8_t const *data, /* in - pointer to input data */ - uint32_t data_len); /* in - number of bytes of input data */ - - -/* ntru_crypto_sha1_final - * - * This routine completes the SHA-1 hash calculation and returns the - * message digest. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -extern uint32_t -ntru_crypto_sha1_final( - NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */ - uint8_t *md); /* out - address for message digest */ - - -/* ntru_crypto_sha1_final_zero_pad - * - * This routine completes the SHA-1 hash calculation using zero padding - * and returns the message digest. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -extern uint32_t -ntru_crypto_sha1_final_zero_pad( - NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */ - uint8_t *md); /* out - address for message digest */ - - -/* ntru_crypto_sha1_digest - * - * This routine computes a SHA-1 message digest. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -uint32_t -ntru_crypto_sha1_digest( - uint8_t const *data, /* in - pointer to input data */ - uint32_t data_len, /* in - number of bytes of input data */ - uint8_t *md); /* out - address for message digest */ - - -#endif /* NTRU_CRYPTO_SHA1_H */ diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha2.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha2.c deleted file mode 100644 index 796cc4f2bf..0000000000 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha2.c +++ /dev/null @@ -1,532 +0,0 @@ -/****************************************************************************** - * NTRU Cryptography Reference Source Code - * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. - * - * ntru_crypto_sha2.c is a component of ntru-crypto. - * - * Copyright (C) 2009-2013 Security Innovation - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - *****************************************************************************/ - -/****************************************************************************** - * - * File: ntru_crypto_sha2.c - * - * Contents: Routines implementing the SHA-256 hash calculation. - * - *****************************************************************************/ - - -#include -#include -#include "ntru_crypto_sha2.h" -#include "ntru_crypto_msbyte_uint32.h" - - -/* chaining state elements */ - -#define H0 state[0] -#define H1 state[1] -#define H2 state[2] -#define H3 state[3] -#define H4 state[4] -#define H5 state[5] -#define H6 state[6] -#define H7 state[7] - - -/* standard SHA-256 initialization values */ - -#define H0_SHA256_INIT 0x6a09e667UL -#define H1_SHA256_INIT 0xbb67ae85UL -#define H2_SHA256_INIT 0x3c6ef372UL -#define H3_SHA256_INIT 0xa54ff53aUL -#define H4_SHA256_INIT 0x510e527fUL -#define H5_SHA256_INIT 0x9b05688cUL -#define H6_SHA256_INIT 0x1f83d9abUL -#define H7_SHA256_INIT 0x5be0cd19UL - - -/* sha2_blk() - * - * This routine updates the current hash output (chaining state) - * by performing SHA-256 on a 512-bit block of data represented - * as sixteen 32-bit words. - */ - -#define RR(a, n) ( ((a) >> (n)) | ((a) << (32 - (n))) ) -#define S0(a) ( RR((a), 2) ^ RR((a), 13) ^ RR((a), 22) ) -#define S1(a) ( RR((a), 6) ^ RR((a), 11) ^ RR((a), 25) ) -#define s0(a) ( RR((a), 7) ^ RR((a), 18) ^ ((a) >> 3) ) -#define s1(a) ( RR((a), 17) ^ RR((a), 19) ^ ((a) >> 10) ) - - -static void -sha2_blk( - uint32_t const *data, // in - ptr to 16 32-bit word input block - uint32_t *state) // in/out - ptr to 8 32-bit word chaining state -{ - uint32_t A, B, C, D, E, F, G, H; - uint32_t w[16]; - - /* init A - H */ - - A = H0; B = H1; C = H2; D = H3; E = H4; F = H5; G = H6; H = H7; - - /* rounds 0 - 15 */ - - H += S1(E) + (E & (F ^ G) ^ G) + 0x428A2F98UL + data[ 0]; D += H; - H += S0(A) + ((A & B) | (C & (A | B))); - G += S1(D) + (D & (E ^ F) ^ F) + 0x71374491UL + data[ 1]; C += G; - G += S0(H) + ((H & A) | (B & (H | A))); - F += S1(C) + (C & (D ^ E) ^ E) + 0xB5C0FBCFUL + data[ 2]; B += F; - F += S0(G) + ((G & H) | (A & (G | H))); - E += S1(B) + (B & (C ^ D) ^ D) + 0xE9B5DBA5UL + data[ 3]; A += E; - E += S0(F) + ((F & G) | (H & (F | G))); - D += S1(A) + (A & (B ^ C) ^ C) + 0x3956C25BUL + data[ 4]; H += D; - D += S0(E) + ((E & F) | (G & (E | F))); - C += S1(H) + (H & (A ^ B) ^ B) + 0x59F111F1UL + data[ 5]; G += C; - C += S0(D) + ((D & E) | (F & (D | E))); - B += S1(G) + (G & (H ^ A) ^ A) + 0x923F82A4UL + data[ 6]; F += B; - B += S0(C) + ((C & D) | (E & (C | D))); - A += S1(F) + (F & (G ^ H) ^ H) + 0xAB1C5ED5UL + data[ 7]; E += A; - A += S0(B) + ((B & C) | (D & (B | C))); - H += S1(E) + (E & (F ^ G) ^ G) + 0xD807AA98UL + data[ 8]; D += H; - H += S0(A) + ((A & B) | (C & (A | B))); - G += S1(D) + (D & (E ^ F) ^ F) + 0x12835B01UL + data[ 9]; C += G; - G += S0(H) + ((H & A) | (B & (H | A))); - F += S1(C) + (C & (D ^ E) ^ E) + 0x243185BEUL + data[10]; B += F; - F += S0(G) + ((G & H) | (A & (G | H))); - E += S1(B) + (B & (C ^ D) ^ D) + 0x550C7DC3UL + data[11]; A += E; - E += S0(F) + ((F & G) | (H & (F | G))); - D += S1(A) + (A & (B ^ C) ^ C) + 0x72BE5D74UL + data[12]; H += D; - D += S0(E) + ((E & F) | (G & (E | F))); - C += S1(H) + (H & (A ^ B) ^ B) + 0x80DEB1FEUL + data[13]; G += C; - C += S0(D) + ((D & E) | (F & (D | E))); - B += S1(G) + (G & (H ^ A) ^ A) + 0x9BDC06A7UL + data[14]; F += B; - B += S0(C) + ((C & D) | (E & (C | D))); - A += S1(F) + (F & (G ^ H) ^ H) + 0xC19BF174UL + data[15]; E += A; - A += S0(B) + ((B & C) | (D & (B | C))); - - /* rounds 16 - 63 */ - - w[ 0] = data[ 0] + s0(data[ 1]) + data[ 9] + s1(data[14]); - H += S1(E) + (E & (F ^ G) ^ G) + 0xE49B69C1UL + w[ 0]; D += H; - H += S0(A) + ((A & B) | (C & (A | B))); - w[ 1] = data[ 1] + s0(data[ 2]) + data[10] + s1(data[15]); - G += S1(D) + (D & (E ^ F) ^ F) + 0xEFBE4786UL + w[ 1]; C += G; - G += S0(H) + ((H & A) | (B & (H | A))); - w[ 2] = data[ 2] + s0(data[ 3]) + data[11] + s1(w[ 0]); - F += S1(C) + (C & (D ^ E) ^ E) + 0x0FC19DC6UL + w[ 2]; B += F; - F += S0(G) + ((G & H) | (A & (G | H))); - w[ 3] = data[ 3] + s0(data[ 4]) + data[12] + s1(w[ 1]); - E += S1(B) + (B & (C ^ D) ^ D) + 0x240CA1CCUL + w[ 3]; A += E; - E += S0(F) + ((F & G) | (H & (F | G))); - w[ 4] = data[ 4] + s0(data[ 5]) + data[13] + s1(w[ 2]); - D += S1(A) + (A & (B ^ C) ^ C) + 0x2DE92C6FUL + w[ 4]; H += D; - D += S0(E) + ((E & F) | (G & (E | F))); - w[ 5] = data[ 5] + s0(data[ 6]) + data[14] + s1(w[ 3]); - C += S1(H) + (H & (A ^ B) ^ B) + 0x4A7484AAUL + w[ 5]; G += C; - C += S0(D) + ((D & E) | (F & (D | E))); - w[ 6] = data[ 6] + s0(data[ 7]) + data[15] + s1(w[ 4]); - B += S1(G) + (G & (H ^ A) ^ A) + 0x5CB0A9DCUL + w[ 6]; F += B; - B += S0(C) + ((C & D) | (E & (C | D))); - w[ 7] = data[ 7] + s0(data[ 8]) + w[ 0] + s1(w[ 5]); - A += S1(F) + (F & (G ^ H) ^ H) + 0x76F988DAUL + w[ 7]; E += A; - A += S0(B) + ((B & C) | (D & (B | C))); - w[ 8] = data[ 8] + s0(data[ 9]) + w[ 1] + s1(w[ 6]); - H += S1(E) + (E & (F ^ G) ^ G) + 0x983E5152UL + w[ 8]; D += H; - H += S0(A) + ((A & B) | (C & (A | B))); - w[ 9] = data[ 9] + s0(data[10]) + w[ 2] + s1(w[ 7]); - G += S1(D) + (D & (E ^ F) ^ F) + 0xA831C66DUL + w[ 9]; C += G; - G += S0(H) + ((H & A) | (B & (H | A))); - w[10] = data[10] + s0(data[11]) + w[ 3] + s1(w[ 8]); - F += S1(C) + (C & (D ^ E) ^ E) + 0xB00327C8UL + w[10]; B += F; - F += S0(G) + ((G & H) | (A & (G | H))); - w[11] = data[11] + s0(data[12]) + w[ 4] + s1(w[ 9]); - E += S1(B) + (B & (C ^ D) ^ D) + 0xBF597FC7UL + w[11]; A += E; - E += S0(F) + ((F & G) | (H & (F | G))); - w[12] = data[12] + s0(data[13]) + w[ 5] + s1(w[10]); - D += S1(A) + (A & (B ^ C) ^ C) + 0xC6E00BF3UL + w[12]; H += D; - D += S0(E) + ((E & F) | (G & (E | F))); - w[13] = data[13] + s0(data[14]) + w[ 6] + s1(w[11]); - C += S1(H) + (H & (A ^ B) ^ B) + 0xD5A79147UL + w[13]; G += C; - C += S0(D) + ((D & E) | (F & (D | E))); - w[14] = data[14] + s0(data[15]) + w[ 7] + s1(w[12]); - B += S1(G) + (G & (H ^ A) ^ A) + 0x06CA6351UL + w[14]; F += B; - B += S0(C) + ((C & D) | (E & (C | D))); - w[15] = data[15] + s0(w[ 0]) + w[ 8] + s1(w[13]); - A += S1(F) + (F & (G ^ H) ^ H) + 0x14292967UL + w[15]; E += A; - A += S0(B) + ((B & C) | (D & (B | C))); - w[ 0] = w[ 0] + s0(w[ 1]) + w[ 9] + s1(w[14]); - H += S1(E) + (E & (F ^ G) ^ G) + 0x27B70A85UL + w[ 0]; D += H; - H += S0(A) + ((A & B) | (C & (A | B))); - w[ 1] = w[ 1] + s0(w[ 2]) + w[10] + s1(w[15]); - G += S1(D) + (D & (E ^ F) ^ F) + 0x2E1B2138UL + w[ 1]; C += G; - G += S0(H) + ((H & A) | (B & (H | A))); - w[ 2] = w[ 2] + s0(w[ 3]) + w[11] + s1(w[ 0]); - F += S1(C) + (C & (D ^ E) ^ E) + 0x4D2C6DFCUL + w[ 2]; B += F; - F += S0(G) + ((G & H) | (A & (G | H))); - w[ 3] = w[ 3] + s0(w[ 4]) + w[12] + s1(w[ 1]); - E += S1(B) + (B & (C ^ D) ^ D) + 0x53380D13UL + w[ 3]; A += E; - E += S0(F) + ((F & G) | (H & (F | G))); - w[ 4] = w[ 4] + s0(w[ 5]) + w[13] + s1(w[ 2]); - D += S1(A) + (A & (B ^ C) ^ C) + 0x650A7354UL + w[ 4]; H += D; - D += S0(E) + ((E & F) | (G & (E | F))); - w[ 5] = w[ 5] + s0(w[ 6]) + w[14] + s1(w[ 3]); - C += S1(H) + (H & (A ^ B) ^ B) + 0x766A0ABBUL + w[ 5]; G += C; - C += S0(D) + ((D & E) | (F & (D | E))); - w[ 6] = w[ 6] + s0(w[ 7]) + w[15] + s1(w[ 4]); - B += S1(G) + (G & (H ^ A) ^ A) + 0x81C2C92EUL + w[ 6]; F += B; - B += S0(C) + ((C & D) | (E & (C | D))); - w[ 7] = w[ 7] + s0(w[ 8]) + w[ 0] + s1(w[ 5]); - A += S1(F) + (F & (G ^ H) ^ H) + 0x92722C85UL + w[ 7]; E += A; - A += S0(B) + ((B & C) | (D & (B | C))); - w[ 8] = w[ 8] + s0(w[ 9]) + w[ 1] + s1(w[ 6]); - H += S1(E) + (E & (F ^ G) ^ G) + 0xA2BFE8A1UL + w[ 8]; D += H; - H += S0(A) + ((A & B) | (C & (A | B))); - w[ 9] = w[ 9] + s0(w[10]) + w[ 2] + s1(w[ 7]); - G += S1(D) + (D & (E ^ F) ^ F) + 0xA81A664BUL + w[ 9]; C += G; - G += S0(H) + ((H & A) | (B & (H | A))); - w[10] = w[10] + s0(w[11]) + w[ 3] + s1(w[ 8]); - F += S1(C) + (C & (D ^ E) ^ E) + 0xC24B8B70UL + w[10]; B += F; - F += S0(G) + ((G & H) | (A & (G | H))); - w[11] = w[11] + s0(w[12]) + w[ 4] + s1(w[ 9]); - E += S1(B) + (B & (C ^ D) ^ D) + 0xC76C51A3UL + w[11]; A += E; - E += S0(F) + ((F & G) | (H & (F | G))); - w[12] = w[12] + s0(w[13]) + w[ 5] + s1(w[10]); - D += S1(A) + (A & (B ^ C) ^ C) + 0xD192E819UL + w[12]; H += D; - D += S0(E) + ((E & F) | (G & (E | F))); - w[13] = w[13] + s0(w[14]) + w[ 6] + s1(w[11]); - C += S1(H) + (H & (A ^ B) ^ B) + 0xD6990624UL + w[13]; G += C; - C += S0(D) + ((D & E) | (F & (D | E))); - w[14] = w[14] + s0(w[15]) + w[ 7] + s1(w[12]); - B += S1(G) + (G & (H ^ A) ^ A) + 0xF40E3585UL + w[14]; F += B; - B += S0(C) + ((C & D) | (E & (C | D))); - w[15] = w[15] + s0(w[ 0]) + w[ 8] + s1(w[13]); - A += S1(F) + (F & (G ^ H) ^ H) + 0x106AA070UL + w[15]; E += A; - A += S0(B) + ((B & C) | (D & (B | C))); - w[ 0] = w[ 0] + s0(w[ 1]) + w[ 9] + s1(w[14]); - H += S1(E) + (E & (F ^ G) ^ G) + 0x19A4C116UL + w[ 0]; D += H; - H += S0(A) + ((A & B) | (C & (A | B))); - w[ 1] = w[ 1] + s0(w[ 2]) + w[10] + s1(w[15]); - G += S1(D) + (D & (E ^ F) ^ F) + 0x1E376C08UL + w[ 1]; C += G; - G += S0(H) + ((H & A) | (B & (H | A))); - w[ 2] = w[ 2] + s0(w[ 3]) + w[11] + s1(w[ 0]); - F += S1(C) + (C & (D ^ E) ^ E) + 0x2748774CUL + w[ 2]; B += F; - F += S0(G) + ((G & H) | (A & (G | H))); - w[ 3] = w[ 3] + s0(w[ 4]) + w[12] + s1(w[ 1]); - E += S1(B) + (B & (C ^ D) ^ D) + 0x34B0BCB5UL + w[ 3]; A += E; - E += S0(F) + ((F & G) | (H & (F | G))); - w[ 4] = w[ 4] + s0(w[ 5]) + w[13] + s1(w[ 2]); - D += S1(A) + (A & (B ^ C) ^ C) + 0x391C0CB3UL + w[ 4]; H += D; - D += S0(E) + ((E & F) | (G & (E | F))); - w[ 5] = w[ 5] + s0(w[ 6]) + w[14] + s1(w[ 3]); - C += S1(H) + (H & (A ^ B) ^ B) + 0x4ED8AA4AUL + w[ 5]; G += C; - C += S0(D) + ((D & E) | (F & (D | E))); - w[ 6] = w[ 6] + s0(w[ 7]) + w[15] + s1(w[ 4]); - B += S1(G) + (G & (H ^ A) ^ A) + 0x5B9CCA4FUL + w[ 6]; F += B; - B += S0(C) + ((C & D) | (E & (C | D))); - w[ 7] = w[ 7] + s0(w[ 8]) + w[ 0] + s1(w[ 5]); - A += S1(F) + (F & (G ^ H) ^ H) + 0x682E6FF3UL + w[ 7]; E += A; - A += S0(B) + ((B & C) | (D & (B | C))); - w[ 8] = w[ 8] + s0(w[ 9]) + w[ 1] + s1(w[ 6]); - H += S1(E) + (E & (F ^ G) ^ G) + 0x748F82EEUL + w[ 8]; D += H; - H += S0(A) + ((A & B) | (C & (A | B))); - w[ 9] = w[ 9] + s0(w[10]) + w[ 2] + s1(w[ 7]); - G += S1(D) + (D & (E ^ F) ^ F) + 0x78A5636FUL + w[ 9]; C += G; - G += S0(H) + ((H & A) | (B & (H | A))); - w[10] = w[10] + s0(w[11]) + w[ 3] + s1(w[ 8]); - F += S1(C) + (C & (D ^ E) ^ E) + 0x84C87814UL + w[10]; B += F; - F += S0(G) + ((G & H) | (A & (G | H))); - w[11] = w[11] + s0(w[12]) + w[ 4] + s1(w[ 9]); - E += S1(B) + (B & (C ^ D) ^ D) + 0x8CC70208UL + w[11]; A += E; - E += S0(F) + ((F & G) | (H & (F | G))); - w[12] = w[12] + s0(w[13]) + w[ 5] + s1(w[10]); - D += S1(A) + (A & (B ^ C) ^ C) + 0x90BEFFFAUL + w[12]; H += D; - D += S0(E) + ((E & F) | (G & (E | F))); - w[13] = w[13] + s0(w[14]) + w[ 6] + s1(w[11]); - C += S1(H) + (H & (A ^ B) ^ B) + 0xA4506CEBUL + w[13]; G += C; - C += S0(D) + ((D & E) | (F & (D | E))); - w[14] = w[14] + s0(w[15]) + w[ 7] + s1(w[12]); - B += S1(G) + (G & (H ^ A) ^ A) + 0xBEF9A3F7UL + w[14]; F += B; - B += S0(C) + ((C & D) | (E & (C | D))); - w[15] = w[15] + s0(w[ 0]) + w[ 8] + s1(w[13]); - A += S1(F) + (F & (G ^ H) ^ H) + 0xC67178F2UL + w[15]; E += A; - A += S0(B) + ((B & C) | (D & (B | C))); - - /* update H0 - H7 */ - - H0 += A; - H1 += B; - H2 += C; - H3 += D; - H4 += E; - H5 += F; - H6 += G; - H7 += H; - - /* clear temp variables */ - - A = B = C = D = E = F = G = H = 0; - memset(w, 0, sizeof(w)); -} - - -/* ntru_crypto_sha2() - * - * This routine provides all operations for a SHA-256 hash, - * and the use of SHA-256 for DSA signing and key generation. - * It may be used to initialize, update, or complete a message digest, - * or any combination of those actions, as determined by the SHA_INIT flag, - * the in_len parameter, and the SHA_FINISH flag, respectively. - * - * When in_len == 0 (no data to hash), the parameter, in, may be NULL. - * When the SHA_FINISH flag is not set, the parameter, md, may be NULL. - * - * Initialization may be standard or use a specified initialization vector, - * and is indicated by setting the SHA_INIT flag. - * Setting init = NULL specifies standard initialization. Otherwise, init - * points to the array of eight alternate initialization 32-bit words. - * - * The hash operation can be updated with any number of input bytes, including - * zero. - * - * The hash operation can be completed with normal padding or with zero - * padding as required for parts of DSA parameter generation, and is indicated - * by setting the SHA_FINISH flag. Using zero padding, indicated by setting - * the SHA_ZERO_PAD flag, never creates an extra input block because the - * bit count is not included in the hashed data. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -uint32_t -ntru_crypto_sha2( - NTRU_CRYPTO_HASH_ALGID algid, // in - hash algorithm ID - NTRU_CRYPTO_SHA2_CTX *c, // in/out - pointer to SHA-2 context - uint32_t const *init, // in - pointer to alternate - // initialization - may be NULL - uint8_t const *in, // in - pointer to input data - - // may be NULL if in_len == 0 - uint32_t in_len, // in - number of input data bytes - uint32_t flags, // in - INIT, FINISH, zero-pad flags - uint8_t *md) // out - address for message digest - - // may be NULL if not FINISH -{ - uint32_t in_blk[16]; // input block - uint32_t space; - uint8_t *d = NULL; - - /* check error conditions */ - - if (algid != NTRU_CRYPTO_HASH_ALGID_SHA256) - SHA_RET(SHA_BAD_PARAMETER) - - if (!c || (in_len && !in) || ((flags & SHA_FINISH) && !md)) - SHA_RET(SHA_BAD_PARAMETER) - - /* initialize context if requested */ - - if (flags & SHA_INIT) { - - /* init chaining state */ - - if (!init) { // standard initialization - - c->state[0] = H0_SHA256_INIT; // standard SHA-256 init - c->state[1] = H1_SHA256_INIT; - c->state[2] = H2_SHA256_INIT; - c->state[3] = H3_SHA256_INIT; - c->state[4] = H4_SHA256_INIT; - c->state[5] = H5_SHA256_INIT; - c->state[6] = H6_SHA256_INIT; - c->state[7] = H7_SHA256_INIT; - - } else { - c->state[0] = init[0]; // alternate initialization - c->state[1] = init[1]; - c->state[2] = init[2]; - c->state[3] = init[3]; - c->state[4] = init[4]; - c->state[5] = init[5]; - c->state[6] = init[6]; - c->state[7] = init[7]; - } - - /* init bit count and number of unhashed data bytes */ - - c->num_bits_hashed[0] = 0; - c->num_bits_hashed[1] = 0; - c->unhashed_len = 0; - } - - /* determine space left in unhashed data buffer */ - - if (c->unhashed_len > 63) - SHA_RET(SHA_FAIL) - - space = 64 - c->unhashed_len; - - /* process input if it exists */ - - if (in_len) { - - /* update count of bits hashed */ - - { - uint32_t bits0, bits1; - - bits0 = in_len << 3; - bits1 = in_len >> 29; - if ((c->num_bits_hashed[0] += bits0) < bits0) - bits1++; - if ((c->num_bits_hashed[1] += bits1) < bits1) { - memset((uint8_t *) c, 0, sizeof(NTRU_CRYPTO_SHA2_CTX)); - space = 0; - memset((char *) in_blk, 0, sizeof(in_blk)); - SHA_RET(SHA_OVERFLOW) - } - } - - /* process input bytes */ - - if (in_len < space) { - - /* input does not fill block buffer: - * add input to buffer - */ - - memcpy(c->unhashed + c->unhashed_len, in, in_len); - c->unhashed_len += in_len; - - } else { - uint32_t blks; - - /* input will fill block buffer: - * fill unhashed data buffer, - * convert to block buffer, - * and process block - */ - - in_len -= space; - for (d = c->unhashed + c->unhashed_len; space; space--) - *d++ = *in++; - ntru_crypto_msbyte_2_uint32(in_blk, (uint8_t const *) c->unhashed, - 16); - sha2_blk((uint32_t const *) in_blk, c->state); - - /* process any remaining full blocks */ - - for (blks = in_len >> 6; blks--; in += 64) { - ntru_crypto_msbyte_2_uint32(in_blk, in, 16); - sha2_blk((uint32_t const *) in_blk, c->state); - } - - /* put any remaining input in the unhashed data buffer */ - - in_len &= 0x3f; - memcpy(c->unhashed, in, in_len); - c->unhashed_len = in_len; - } - } - - /* complete message digest if requested */ - - if (flags & SHA_FINISH) { - space = 64 - c->unhashed_len; - - /* check padding type */ - - if (!(flags & SHA_ZERO_PAD)) { - - /* add 0x80 padding byte to the unhashed data buffer - * (there is always space since the buffer can't be full) - */ - - d = c->unhashed + c->unhashed_len; - *d++ = 0x80; - space--; - - /* check for space for bit count */ - - if (space < 8) { - - /* no space for count: - * fill remainder of unhashed data buffer with zeros, - * convert to input block, - * process block, - * fill all but 8 bytes of unhashed data buffer with zeros - */ - - memset(d, 0, space); - ntru_crypto_msbyte_2_uint32(in_blk, - (uint8_t const *) c->unhashed, 16); - sha2_blk((uint32_t const *) in_blk, c->state); - memset(c->unhashed, 0, 56); - - } else { - - /* fill unhashed data buffer with zeros, - * leaving space for bit count - */ - - for (space -= 8; space; space--) - *d++ = 0; - } - - /* convert partially filled unhashed data buffer to input block and - * add bit count to input block - */ - - ntru_crypto_msbyte_2_uint32(in_blk, (uint8_t const *) c->unhashed, - 14); - in_blk[14] = c->num_bits_hashed[1]; - in_blk[15] = c->num_bits_hashed[0]; - - } else { - - /* pad unhashed data buffer with zeros and no bit count and - * convert to input block - */ - - memset(c->unhashed + c->unhashed_len, 0, space); - ntru_crypto_msbyte_2_uint32(in_blk, (uint8_t const *) c->unhashed, - 16); - } - - /* process last block */ - - sha2_blk((uint32_t const *) in_blk, c->state); - - /* copy result to message digest buffer */ - - ntru_crypto_uint32_2_msbyte(md, c->state, 8); - - /* clear context and stack variables */ - - memset((uint8_t *) c, 0, sizeof(NTRU_CRYPTO_SHA2_CTX)); - space = 0; - memset((char *) in_blk, 0, sizeof(in_blk)); - } - - SHA_RET(SHA_OK) -} - diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha2.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha2.h deleted file mode 100644 index 24d6483a7b..0000000000 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha2.h +++ /dev/null @@ -1,104 +0,0 @@ -/****************************************************************************** - * NTRU Cryptography Reference Source Code - * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. - * - * ntru_crypto_crypto_sha2.h is a component of ntru-crypto. - * - * Copyright (C) 2009-2013 Security Innovation - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - *****************************************************************************/ - -/****************************************************************************** - * - * File: ntru_crypto_sha2.h - * - * Contents: Definitions and declarations for the SHA-256 implementation. - * - *****************************************************************************/ - -#ifndef NTRU_CRYPTO_SHA2_H -#define NTRU_CRYPTO_SHA2_H - - -#include "ntru_crypto_sha.h" - -#include - -/************************* - * structure definitions * - *************************/ - -/* SHA-256 context structure */ - -typedef struct { - uint32_t state[8]; /* chaining state */ - uint32_t num_bits_hashed[2]; /* number of bits hashed */ - uint8_t unhashed[64]; /* input data not yet hashed */ - uint32_t unhashed_len; /* number of bytes of unhashed input data */ -} NTRU_CRYPTO_SHA2_CTX; - - -/************************* - * function declarations * - *************************/ - -/* ntru_crypto_sha2() - * - * This routine provides all operations for a SHA-256 hash, - * and the use of SHA-256 for DSA signing and key generation. - * It may be used to initialize, update, or complete a message digest, - * or any combination of those actions, as determined by the SHA_INIT flag, - * the in_len parameter, and the SHA_FINISH flag, respectively. - * - * When in_len == 0 (no data to hash), the parameter, in, may be NULL. - * When the SHA_FINISH flag is not set, the parameter, md, may be NULL. - * - * Initialization may be standard or use a specified initialization vector, - * and is indicated by setting the SHA_INIT flag. - * Setting init = NULL specifies standard initialization. Otherwise, init - * points to the array of eight alternate initialization 32-bit words. - * - * The hash operation can be updated with any number of input bytes, including - * zero. - * - * The hash operation can be completed with normal padding or with zero - * padding as required for parts of DSA parameter generation, and is indicated - * by setting the SHA_FINISH flag. Using zero padding, indicated by setting - * the SHA_ZERO_PAD flag, never creates an extra input block because the - * bit count is not included in the hashed data. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -extern uint32_t -ntru_crypto_sha2( - NTRU_CRYPTO_HASH_ALGID algid, /* in - hash algorithm ID */ - NTRU_CRYPTO_SHA2_CTX *c, /* in/out - pointer to SHA-2 context */ - uint32_t const *init, /* in - pointer to alternate */ - /* initialization - may be NULL */ - uint8_t const *in, /* in - pointer to input data - - may be NULL if in_len == 0 */ - uint32_t in_len, /* in - number of input data bytes */ - uint32_t flags, /* in - INIT, FINISH, zero-pad flags */ - uint8_t *md); /* out - address for message digest - - may be NULL if not FINISH */ - - -#endif /* NTRU_CRYPTO_SHA2_H */ diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha256.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha256.c deleted file mode 100644 index 5eba064309..0000000000 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha256.c +++ /dev/null @@ -1,140 +0,0 @@ -/****************************************************************************** - * NTRU Cryptography Reference Source Code - * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. - * - * ntru_crypto_sha256.c is a component of ntru-crypto. - * - * Copyright (C) 2009-2013 Security Innovation - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - *****************************************************************************/ - -/****************************************************************************** - * - * File: ntru_crypto_sha256.c - * - * Contents: Routines implementing the SHA-256 hash calculations. - * - *****************************************************************************/ - - -#include -#include "ntru_crypto_sha256.h" - - -/* ntru_crypto_sha256_init - * - * This routine performs standard initialization of the SHA-256 state. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - */ - -uint32_t -ntru_crypto_sha256_init( - NTRU_CRYPTO_SHA2_CTX *c) /* in/out - pointer to SHA-2 context */ -{ - return ntru_crypto_sha2(NTRU_CRYPTO_HASH_ALGID_SHA256, c, NULL, NULL, 0, - SHA_INIT, NULL); -} - - -/* ntru_crypto_sha256_update - * - * This routine processes input data and updates the SHA-256 hash calculation. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -uint32_t -ntru_crypto_sha256_update( - NTRU_CRYPTO_SHA2_CTX *c, /* in/out - pointer to SHA-2 context */ - uint8_t const *data, /* in - pointer to input data */ - uint32_t data_len) /* in - no. of bytes of input data */ -{ - return ntru_crypto_sha2(NTRU_CRYPTO_HASH_ALGID_SHA256, c, NULL, data, - data_len, SHA_DATA_ONLY, NULL); -} - - -/* ntru_crypto_sha256_final - * - * This routine completes the SHA-256 hash calculation and returns the - * message digest. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -uint32_t -ntru_crypto_sha256_final( - NTRU_CRYPTO_SHA2_CTX *c, /* in/out - pointer to SHA-2 context */ - uint8_t *md) /* out - address for message digest */ -{ - return ntru_crypto_sha2(NTRU_CRYPTO_HASH_ALGID_SHA256, c, NULL, NULL, 0, - SHA_FINISH, md); -} - - -/* ntru_crypto_sha256_final_zero_pad - * - * This routine completes the SHA-256 hash calculation using zero padding - * and returns the message digest. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -uint32_t -ntru_crypto_sha256_final_zero_pad( - NTRU_CRYPTO_SHA2_CTX *c, /* in/out - pointer to SHA-2 context */ - uint8_t *md) /* out - address for message digest */ -{ - return ntru_crypto_sha2(NTRU_CRYPTO_HASH_ALGID_SHA256, c, NULL, NULL, 0, - SHA_FINISH | SHA_ZERO_PAD, md); -} - - -/* ntru_crypto_sha256_digest - * - * This routine computes a SHA-256 message digest. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -uint32_t -ntru_crypto_sha256_digest( - uint8_t const *data, // in - pointer to input data - uint32_t data_len, // in - number of bytes of input data - uint8_t *md) // out - address for message digest -{ - NTRU_CRYPTO_SHA2_CTX c; - - return ntru_crypto_sha2(NTRU_CRYPTO_HASH_ALGID_SHA256, &c, NULL, data, - data_len, SHA_INIT | SHA_FINISH, md); -} - diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha256.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha256.h deleted file mode 100644 index 05b19b5e89..0000000000 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_sha256.h +++ /dev/null @@ -1,149 +0,0 @@ -/****************************************************************************** - * NTRU Cryptography Reference Source Code - * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. - * - * ntru_crypto_sha256.h is a component of ntru-crypto. - * - * Copyright (C) 2009-2013 Security Innovation - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - *****************************************************************************/ - - -/****************************************************************************** - * - * File: ntru_crypto_sha256.h - * - * Contents: Definitions and declarations for the SHA-256 implementation. - * - *****************************************************************************/ - -#ifndef CRYPTO_SHA256_H -#define CRYPTO_SHA256_H - - -#include "ntru_crypto_sha2.h" - -#include - -/****************************************** - * macros needed for generic hash objects * - ******************************************/ - -#define SHA_256_CTX_LEN sizeof(NTRU_CRYPTO_SHA2_CTX) - /* no. bytes in SHA-2 - ctx */ -#define SHA_256_BLK_LEN 64 /* 64 bytes in input - block */ -#define SHA_256_MD_LEN 32 /* 32 bytes in msg - digest */ -#define SHA_256_INIT_FN &ntru_crypto_sha256_init /* init function */ -#define SHA_256_UPDATE_FN &ntru_crypto_sha256_update /* update function */ -#define SHA_256_FINAL_FN &ntru_crypto_sha256_final /* final function */ -#define SHA_256_FINAL_ZERO_PAD_FN \ - &ntru_crypto_sha256_final_zero_pad - /* final function using - zero padding */ -#define SHA_256_DIGEST_FN &ntru_crypto_sha256_digest /* digest function */ - - -/************************* - * function declarations * - *************************/ - -/* ntru_crypto_sha256_init - * - * This routine performs standard initialization of the SHA-256 state. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - */ - -extern uint32_t -ntru_crypto_sha256_init( - NTRU_CRYPTO_SHA2_CTX *c); /* in/out - pointer to SHA-2 context */ - - -/* ntru_crypto_sha256_update - * - * This routine processes input data and updates the SHA-256 hash calculation. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -extern uint32_t -ntru_crypto_sha256_update( - NTRU_CRYPTO_SHA2_CTX *c, /* in/out - pointer to SHA-2 context */ - uint8_t const *data, /* in - pointer to input data */ - uint32_t data_len); /* in - no. of bytes of input data */ - - -/* ntru_crypto_sha256_final - * - * This routine completes the SHA-256 hash calculation and returns the - * message digest. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -extern uint32_t -ntru_crypto_sha256_final( - NTRU_CRYPTO_SHA2_CTX *c, /* in/out - pointer to SHA-2 context */ - uint8_t *md); /* out - address for message digest */ - - -/* ntru_crypto_sha256_final_zero_pad - * - * This routine completes the SHA-256 hash calculation using zero padding - * and returns the message digest. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -extern uint32_t -ntru_crypto_sha256_final_zero_pad( - NTRU_CRYPTO_SHA2_CTX *c, /* in/out - pointer to SHA-2 context */ - uint8_t *md); /* out - address for message digest */ - - -/* ntru_crypto_sha256_digest - * - * This routine computes a SHA-256 message digest. - * - * Returns SHA_OK on success. - * Returns SHA_FAIL with corrupted context. - * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed. - * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed. - */ - -extern uint32_t -ntru_crypto_sha256_digest( - uint8_t const *data, // in - pointer to input data - uint32_t data_len, // in - number of bytes of input data - uint8_t *md); // out - address for message digest - - -#endif /* CRYPTO_SHA256_H */ diff --git a/src/libstrongswan/plugins/ntru/ntru_plugin.c b/src/libstrongswan/plugins/ntru/ntru_plugin.c index 5b720dd485..66be7c75bc 100644 --- a/src/libstrongswan/plugins/ntru/ntru_plugin.c +++ b/src/libstrongswan/plugins/ntru/ntru_plugin.c @@ -48,6 +48,8 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(DH, NTRU_256_BIT), PLUGIN_DEPENDS(RNG, RNG_TRUE), PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256), + PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_SDEPEND(HASHER, HASH_SHA1) }; *features = f;