mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
280 lines
7.5 KiB
C
280 lines
7.5 KiB
C
|
/* Rijndael (AES) for GnuPG
|
|||
|
* Copyright (C) 2000, 2001 Free Software Foundation, Inc.
|
|||
|
*
|
|||
|
* This file is part of GnuPG.
|
|||
|
*
|
|||
|
* GnuPG is free software; you can redistribute it and/or modify
|
|||
|
* it under the terms of the GNU General Public License as published by
|
|||
|
* the Free Software Foundation; either version 2 of the License, or
|
|||
|
* (at your option) any later version.
|
|||
|
*
|
|||
|
* GnuPG is distributed in the hope that it will be useful,
|
|||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|||
|
* GNU General Public License for more details.
|
|||
|
*
|
|||
|
* You should have received a copy of the GNU General Public License
|
|||
|
* along with this program; if not, write to the Free Software
|
|||
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
|||
|
*******************************************************************
|
|||
|
A version of rijndael.c modified by Brian Gladman to use his AES code
|
|||
|
*/
|
|||
|
|
|||
|
#include <stdlib.h>
|
|||
|
#include <string.h> /* for memcmp() */
|
|||
|
|
|||
|
#include "util.h"
|
|||
|
|
|||
|
#include "aes.h"
|
|||
|
|
|||
|
typedef struct
|
|||
|
{ aes_encrypt_ctx ectx[1];
|
|||
|
aes_decrypt_ctx dctx[1];
|
|||
|
unsigned int klen;
|
|||
|
unsigned int dkey;
|
|||
|
} RIJNDAEL_context;
|
|||
|
|
|||
|
static const char *selftest(void);
|
|||
|
static int tested = 0;
|
|||
|
|
|||
|
static void
|
|||
|
burn_stack (int bytes)
|
|||
|
{
|
|||
|
char buf[64];
|
|||
|
|
|||
|
wipememory(buf,sizeof buf);
|
|||
|
bytes -= sizeof buf;
|
|||
|
if (bytes > 0)
|
|||
|
burn_stack (bytes);
|
|||
|
}
|
|||
|
|
|||
|
static int
|
|||
|
rijndael_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen)
|
|||
|
{ int rc;
|
|||
|
|
|||
|
if(!tested)
|
|||
|
{ const char *tr;
|
|||
|
tested = 1;
|
|||
|
tr = selftest();
|
|||
|
if(tr)
|
|||
|
{
|
|||
|
fprintf(stderr, "%s\n", tr );
|
|||
|
return G10ERR_SELFTEST_FAILED;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
ctx->klen = keylen;
|
|||
|
ctx->dkey = 0;
|
|||
|
rc = 0;
|
|||
|
if(keylen == 16 || keylen == 24 || keylen == 32)
|
|||
|
aes_encrypt_key(key, keylen, ctx->ectx);
|
|||
|
else
|
|||
|
rc = 1;
|
|||
|
burn_stack ( 100 + 16*sizeof(int));
|
|||
|
return rc;
|
|||
|
}
|
|||
|
|
|||
|
static void
|
|||
|
rijndael_encrypt (const RIJNDAEL_context *ctx, byte *b, const byte *a)
|
|||
|
{
|
|||
|
aes_encrypt(a, b, ctx->ectx);
|
|||
|
burn_stack (16 + 2*sizeof(int));
|
|||
|
}
|
|||
|
|
|||
|
static void
|
|||
|
rijndael_decrypt (RIJNDAEL_context *ctx, byte *b, const byte *a)
|
|||
|
{
|
|||
|
if(!(ctx->dkey))
|
|||
|
{
|
|||
|
aes_decrypt_key((byte*)ctx->ectx, ctx->klen, ctx->dctx);
|
|||
|
ctx->dkey = 1;
|
|||
|
}
|
|||
|
aes_decrypt(a, b, ctx->dctx);
|
|||
|
burn_stack (16+2*sizeof(int));
|
|||
|
}
|
|||
|
|
|||
|
/* Test a single encryption and decryption with each key size. */
|
|||
|
|
|||
|
static const char*
|
|||
|
selftest (void)
|
|||
|
{
|
|||
|
RIJNDAEL_context ctx;
|
|||
|
byte scratch[16];
|
|||
|
|
|||
|
/* The test vectors are from the AES supplied ones; more or less
|
|||
|
* randomly taken from ecb_tbl.txt (I=42,81,14)
|
|||
|
*/
|
|||
|
static const byte plaintext[16] = {
|
|||
|
0x01,0x4B,0xAF,0x22,0x78,0xA6,0x9D,0x33,
|
|||
|
0x1D,0x51,0x80,0x10,0x36,0x43,0xE9,0x9A
|
|||
|
};
|
|||
|
static const byte key[16] = {
|
|||
|
0xE8,0xE9,0xEA,0xEB,0xED,0xEE,0xEF,0xF0,
|
|||
|
0xF2,0xF3,0xF4,0xF5,0xF7,0xF8,0xF9,0xFA
|
|||
|
};
|
|||
|
static const byte ciphertext[16] = {
|
|||
|
0x67,0x43,0xC3,0xD1,0x51,0x9A,0xB4,0xF2,
|
|||
|
0xCD,0x9A,0x78,0xAB,0x09,0xA5,0x11,0xBD
|
|||
|
};
|
|||
|
|
|||
|
static const byte plaintext_192[16] = {
|
|||
|
0x76,0x77,0x74,0x75,0xF1,0xF2,0xF3,0xF4,
|
|||
|
0xF8,0xF9,0xE6,0xE7,0x77,0x70,0x71,0x72
|
|||
|
};
|
|||
|
static const byte key_192[24] = {
|
|||
|
0x04,0x05,0x06,0x07,0x09,0x0A,0x0B,0x0C,
|
|||
|
0x0E,0x0F,0x10,0x11,0x13,0x14,0x15,0x16,
|
|||
|
0x18,0x19,0x1A,0x1B,0x1D,0x1E,0x1F,0x20
|
|||
|
};
|
|||
|
static const byte ciphertext_192[16] = {
|
|||
|
0x5D,0x1E,0xF2,0x0D,0xCE,0xD6,0xBC,0xBC,
|
|||
|
0x12,0x13,0x1A,0xC7,0xC5,0x47,0x88,0xAA
|
|||
|
};
|
|||
|
|
|||
|
static const byte plaintext_256[16] = {
|
|||
|
0x06,0x9A,0x00,0x7F,0xC7,0x6A,0x45,0x9F,
|
|||
|
0x98,0xBA,0xF9,0x17,0xFE,0xDF,0x95,0x21
|
|||
|
};
|
|||
|
static const byte key_256[32] = {
|
|||
|
0x08,0x09,0x0A,0x0B,0x0D,0x0E,0x0F,0x10,
|
|||
|
0x12,0x13,0x14,0x15,0x17,0x18,0x19,0x1A,
|
|||
|
0x1C,0x1D,0x1E,0x1F,0x21,0x22,0x23,0x24,
|
|||
|
0x26,0x27,0x28,0x29,0x2B,0x2C,0x2D,0x2E
|
|||
|
};
|
|||
|
static const byte ciphertext_256[16] = {
|
|||
|
0x08,0x0E,0x95,0x17,0xEB,0x16,0x77,0x71,
|
|||
|
0x9A,0xCF,0x72,0x80,0x86,0x04,0x0A,0xE3
|
|||
|
};
|
|||
|
|
|||
|
rijndael_setkey (&ctx, key, sizeof(key));
|
|||
|
rijndael_encrypt (&ctx, scratch, plaintext);
|
|||
|
if (memcmp (scratch, ciphertext, sizeof (ciphertext)))
|
|||
|
return "Rijndael-128 test encryption failed.";
|
|||
|
rijndael_decrypt (&ctx, scratch, scratch);
|
|||
|
if (memcmp (scratch, plaintext, sizeof (plaintext)))
|
|||
|
return "Rijndael-128 test decryption failed.";
|
|||
|
|
|||
|
rijndael_setkey (&ctx, key_192, sizeof(key_192));
|
|||
|
rijndael_encrypt (&ctx, scratch, plaintext_192);
|
|||
|
if (memcmp (scratch, ciphertext_192, sizeof (ciphertext_192)))
|
|||
|
return "Rijndael-192 test encryption failed.";
|
|||
|
rijndael_decrypt (&ctx, scratch, scratch);
|
|||
|
if (memcmp (scratch, plaintext_192, sizeof (plaintext_192)))
|
|||
|
return "Rijndael-192 test decryption failed.";
|
|||
|
|
|||
|
rijndael_setkey (&ctx, key_256, sizeof(key_256));
|
|||
|
rijndael_encrypt (&ctx, scratch, plaintext_256);
|
|||
|
if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))
|
|||
|
return "Rijndael-256 test encryption failed.";
|
|||
|
rijndael_decrypt (&ctx, scratch, scratch);
|
|||
|
if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))
|
|||
|
return "Rijndael-256 test decryption failed.";
|
|||
|
|
|||
|
return NULL;
|
|||
|
}
|
|||
|
|
|||
|
#ifdef IS_MODULE
|
|||
|
static
|
|||
|
#endif
|
|||
|
const char *
|
|||
|
rijndael_get_info (int algo, size_t *keylen,
|
|||
|
size_t *blocksize, size_t *contextsize,
|
|||
|
int (**r_setkey) (void *c, byte *key, unsigned keylen),
|
|||
|
void (**r_encrypt) (void *c, byte *outbuf, byte *inbuf),
|
|||
|
void (**r_decrypt) (void *c, byte *outbuf, byte *inbuf)
|
|||
|
)
|
|||
|
{
|
|||
|
*keylen = algo==7? 128 : algo==8? 192 : 256;
|
|||
|
*blocksize = 16;
|
|||
|
*contextsize = sizeof (RIJNDAEL_context);
|
|||
|
|
|||
|
*(int (**)(RIJNDAEL_context*, const byte*, const unsigned))r_setkey
|
|||
|
= rijndael_setkey;
|
|||
|
*(void (**)(const RIJNDAEL_context*, byte*, const byte*))r_encrypt
|
|||
|
= rijndael_encrypt;
|
|||
|
*(void (**)(RIJNDAEL_context*, byte*, const byte*))r_decrypt
|
|||
|
= rijndael_decrypt;
|
|||
|
|
|||
|
if( algo == 7 )
|
|||
|
return "AES";
|
|||
|
if (algo == 8)
|
|||
|
return "AES192";
|
|||
|
if (algo == 9)
|
|||
|
return "AES256";
|
|||
|
return NULL;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
#ifdef IS_MODULE
|
|||
|
static
|
|||
|
const char * const gnupgext_version = "RIJNDAEL ($Revision$)";
|
|||
|
|
|||
|
static struct {
|
|||
|
int class;
|
|||
|
int version;
|
|||
|
int value;
|
|||
|
void (*func)(void);
|
|||
|
} func_table[] = {
|
|||
|
{ 20, 1, 0, (void*)rijndael_get_info },
|
|||
|
{ 21, 1, 7 },
|
|||
|
{ 21, 1, 8 },
|
|||
|
{ 21, 1, 9 },
|
|||
|
};
|
|||
|
|
|||
|
|
|||
|
|
|||
|
/****************
|
|||
|
* Enumerate the names of the functions together with information about
|
|||
|
* this function. Set sequence to an integer with a initial value of 0 and
|
|||
|
* do not change it.
|
|||
|
* If what is 0 all kind of functions are returned.
|
|||
|
* Return values: class := class of function:
|
|||
|
* 10 = message digest algorithm info function
|
|||
|
* 11 = integer with available md algorithms
|
|||
|
* 20 = cipher algorithm info function
|
|||
|
* 21 = integer with available cipher algorithms
|
|||
|
* 30 = public key algorithm info function
|
|||
|
* 31 = integer with available pubkey algorithms
|
|||
|
* version = interface version of the function/pointer
|
|||
|
* (currently this is 1 for all functions)
|
|||
|
*/
|
|||
|
static
|
|||
|
void *
|
|||
|
gnupgext_enum_func ( int what, int *sequence, int *class, int *vers )
|
|||
|
{
|
|||
|
void *ret;
|
|||
|
int i = *sequence;
|
|||
|
|
|||
|
do {
|
|||
|
if ( i >= DIM(func_table) || i < 0 ) {
|
|||
|
return NULL;
|
|||
|
}
|
|||
|
*class = func_table[i].class;
|
|||
|
*vers = func_table[i].version;
|
|||
|
switch( *class ) {
|
|||
|
case 11:
|
|||
|
case 21:
|
|||
|
case 31:
|
|||
|
ret = &func_table[i].value;
|
|||
|
break;
|
|||
|
default:
|
|||
|
ret = func_table[i].func;
|
|||
|
break;
|
|||
|
}
|
|||
|
i++;
|
|||
|
} while ( what && what != *class );
|
|||
|
|
|||
|
*sequence = i;
|
|||
|
return ret;
|
|||
|
}
|
|||
|
#endif
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|