mirrors
/
macssh
mirror of https://github.com/macssh/macssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

first import

This commit is contained in:
chombier 2001-09-18 16:25:20 +00:00
parent 88bb428794
commit 9b784c8588
73 changed files with 23503 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
lsh/src/nettle/AUTHORS Normal file
View File

340
lsh/src/nettle/COPYING Normal file
View File

@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

148
lsh/src/nettle/ChangeLog Normal file
View File

@ -0,0 +1,148 @@
2001-09-02 Niels Möller <nisse@cuckoo.hack.org>
* twofish.c (twofish_decrypt): Fixed for();-bug in the block-loop.
Spotted by Jean-Pierre.
(twofish_encrypt): Likewise.
2001-07-03 Niels Möller <nisse@ehand.com>
* testsuite/testutils.c: Include string.h.
* twofish.c: Include string.h.
2001-06-17 Niels Möller <nisse@lysator.liu.se>
* Makefile.am (des_headers): Dont use $(srcdir)/-prefixes as that
seems to break with GNU make 3.79.1.
* testsuite/testutils.c, testsuite/testutils.h: Use <inttypes.h>,
not <stdint.h>.
Include <stdlib.h>.
2001-06-17 Niels Möller <nisse@cuckoo.hack.org>
* Use <inttypes.h>, not <stdint.h>.
* blowfish.h (BLOWFISH_MAX_KEY_SIZE): Fixed, should be 56.
* Fixed copyright notices.
* Makefile.am (libnettle_a_SOURCES): Added desinfo.h and
desCode.h.
(info_TEXINFOS): Added manual.
(EXTRA_DIST): Added nettle.html.
(%.html): Added rule for building nettle.html.
* nettle.texinfo: New manual.
* configure.in: Bumped version to 0.2.
* testsuite/Makefile.am (TS_PROGS): Added cast128 test.
* Added CAST128.
* testsuite/serpent-test.m4: Added a few rudimentary tests
extracted from the serpent package.
* twofish.c: Adapted to nettle. Made constant tables const.
Deleted bytes_to_word and word_to_bytes; use LE_READ_UINT32 and
LE_WRITE_UINT32 instead.
(twofish_selftest): Deleted. Moved the tests to the external
testsuite.
(twofish_set_key): Don't silently truncate too large keys.
* sha1.c (sha1_update): Use unsigned for length.
* serpent.c (serpent_set_key): Read the key backwards. Fixed
padding (but there are no test vectors for key_size not a multiple
of 4).
(serpent_encrypt): Read and write data in the strange order used
by the reference implementation.
(serpent_decrypt): Likewise.
* macros.h (FOR_BLOCKS): New macro, taken from lsh.
* blowfish.h (struct blowfish_ctx): Use a two-dimensional array
for s.
* blowfish.c (initial_ctx): Arrange constants into a struct, to
simplify key setup.
(F): Deleted all but one definitions of the F function/macro.
Added a context argument, and use that to find the subkeys.
(R): Added context argument, and use that to find the subkeys.
(blowfish_set_key): Some simplification.
(encrypt): Deleted code for non-standard number of rounds. Deleted
a bunch of local variables. Using the context pointer for
everything should consume less registers.
(decrypt): Likewise.
* Makefile.am (libnettle_a_SOURCES): Added twofish.
2001-06-16 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/blowfish-test.m4: Fixed test.
* Added twofish implementation.
* blowfish.h (struct blowfish_ctx): Use the correct size for the p
array.
2001-06-15 Niels Möller <nisse@ehand.com>
* testsuite/blowfish-test.m4: Fixed testcase, use correct key
length.
* Makefile.am (libnettle_a_SOURCES): Added blowfish files.
($(des_headers)): Strip directory part when passing file name to
desdata.
* testsuite/blowfish-test.m4: Added one test, from GNUPG.
* Created blowfish.c and blowfish.h (from GNUPG via LSH). Needs
more work.
* aes.h: Fixed copyright notice to not mention GNU MP. XXX: Review
all nettle copyrights.
* testsuite/Makefile.am (TS_PROGS): Added tests for twofish and
blowfish.
2001-06-13 Niels Möller <nisse@ehand.com>
* Makefile.am (libnettle_a_SOURCES): Added serpent files.
2001-06-12 Niels Möller <nisse@cuckoo.hack.org>
* des.c (des_encrypt, des_decrypt): Assert that the key setup was
successful.
* testsuite/Makefile.am (TS_PROGS): Added tests for des and sha1.
* testsuite/sha1-test.m4: New file.
* testsuite/des-test.m4: New file.
* Added SHA1 files.
* Added desCore files.
* Makefile.am: Added desCore and sha1.
2001-04-17 Niels Möller <nisse@cuckoo.hack.org>
* install-sh: Copied the standard install script.
* testsuite/Makefile.am (CFLAGS): Disable optimization. Add
$(top_srcdir) to the include path.
(EXTRA_DIST): Added testutils.h, testutils.c and run-tests.
(run-tests): Fixed path to run-tests.
* Makefile.am (EXTRA_DIST): Added memxor.h.
(libnettleinclude_HEADERS): Install headers in
$(libnettleincludedir).
2001-04-13 Niels Möller <nisse@cuckoo.hack.org>
* Initial checkin.

182
lsh/src/nettle/INSTALL Normal file
View File

@ -0,0 +1,182 @@
Basic Installation
==================
These are generic installation instructions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, a file
`config.cache' that saves the results of its tests to speed up
reconfiguring, and a file `config.log' containing compiler output
(useful mainly for debugging `configure').
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If at some point `config.cache'
contains results you don't want to keep, you may remove or edit it.
The file `configure.in' is used to create `configure' by a program
called `autoconf'. You only need `configure.in' if you want to change
it or regenerate `configure' using a newer version of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system. If you're
using `csh' on an old version of System V, you might need to type
`sh ./configure' instead to prevent `csh' from trying to execute
`configure' itself.
Running `configure' takes awhile. While running, it prints some
messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package.
4. Type `make install' to install the programs and any data files and
documentation.
5. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. You can give `configure'
initial values for variables by setting them in the environment. Using
a Bourne-compatible shell, you can do that on the command line like
this:
CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
Or on systems that have the `env' program, you can do it like this:
env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you must use a version of `make' that
supports the `VPATH' variable, such as GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'.
If you have to use a `make' that does not supports the `VPATH'
variable, you have to compile the package for one architecture at a time
in the source code directory. After you have installed the package for
one architecture, use `make distclean' before reconfiguring for another
architecture.
Installation Names
==================
By default, `make install' will install the package's files in
`/usr/local/bin', `/usr/local/man', etc. You can specify an
installation prefix other than `/usr/local' by giving `configure' the
option `--prefix=PATH'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
give `configure' the option `--exec-prefix=PATH', the package will use
PATH as the prefix for installing programs and libraries.
Documentation and other data files will still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=PATH' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them.
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Optional Features
=================
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Specifying the System Type
==========================
There may be some features `configure' can not figure out
automatically, but needs to determine by the type of host the package
will run on. Usually `configure' can figure that out, but if it prints
a message saying it can not guess the host type, give it the
`--host=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name with three fields:
CPU-COMPANY-SYSTEM
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the host type.
If you are building compiler tools for cross-compiling, you can also
use the `--target=TYPE' option to select the type of system they will
produce code for and the `--build=TYPE' option to select the type of
system on which you are compiling the package.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Operation Controls
==================
`configure' recognizes the following options to control how it
operates.
`--cache-file=FILE'
Use and save the results of the tests in FILE instead of
`./config.cache'. Set FILE to `/dev/null' to disable caching, for
debugging `configure'.
`--help'
Print a summary of the options to `configure', and exit.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`--version'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`configure' also accepts some other, not widely useful, options.

43
lsh/src/nettle/Makefile.am Normal file
View File

@ -0,0 +1,43 @@
SUBDIRS = . testsuite
noinst_PROGRAMS = desdata
libnettleincludedir = $(includedir)/nettle
lib_LIBRARIES = libnettle.a
libnettleinclude_HEADERS = aes.h arcfour.h des.h md5.h sha1.h
libnettle_a_SOURCES = aes.c aes.h arcfour.c arcfour.h \
cast128.c cast128.h cast128_sboxes.h \
blowfish.h blowfish.c \
des.c des.h desinfo.h desCode.h \
md5.c md5.h sha1.c sha1.h \
serpent.c serpent.h serpent_sboxes.h \
twofish.c twofish.h
libnettle_a_LIBADD = @LIBOBJS@
info_TEXINFOS = nettle.texinfo
all-local: nettle.html
EXTRA_DIST = macros.h memxor.h $(des_headers) descore.README nettle.html
# BUILT_SOURCE = $(des_headers)
%.html : %.texinfo
(cd $(srcdir) \
&& $(MAKEINFO) --html --no-split --output $@T $(<F) \
; test -s $@T && mv -f $@T $@)
# desCore rules
# It seems using $(srcdir)/ doesn't work with GNU make 3.79.1
# des_headers = $(srcdir)/parity.h $(srcdir)/rotors.h $(srcdir)/keymap.h
des_headers = parity.h rotors.h keymap.h
# Generate DES headers.
$(des_headers): desdata
./desdata $(@F) > $@T
test -s $@T && mv -f $@T $@
des.o: des.c des.h $(des_headers)

655
lsh/src/nettle/Makefile.in Normal file
View File

@ -0,0 +1,655 @@
# Makefile.in generated automatically by automake 1.4 from Makefile.am
# Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
SHELL = @SHELL@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
DESTDIR =
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = .
ACLOCAL = @ACLOCAL@
AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS)
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
transform = @program_transform_name@
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
CC = @CC@
M4 = @M4@
MAKEINFO = @MAKEINFO@
PACKAGE = @PACKAGE@
RANLIB = @RANLIB@
VERSION = @VERSION@
SUBDIRS = . testsuite
noinst_PROGRAMS = desdata
libnettleincludedir = $(includedir)/nettle
lib_LIBRARIES = libnettle.a
libnettleinclude_HEADERS = aes.h arcfour.h des.h md5.h sha1.h
libnettle_a_SOURCES = aes.c aes.h arcfour.c arcfour.h cast128.c cast128.h cast128_sboxes.h blowfish.h blowfish.c des.c des.h desinfo.h desCode.h md5.c md5.h sha1.c sha1.h serpent.c serpent.h serpent_sboxes.h twofish.c twofish.h
libnettle_a_LIBADD = @LIBOBJS@
info_TEXINFOS = nettle.texinfo
EXTRA_DIST = macros.h memxor.h $(des_headers) descore.README nettle.html
# desCore rules
# It seems using $(srcdir)/ doesn't work with GNU make 3.79.1
# des_headers = $(srcdir)/parity.h $(srcdir)/rotors.h $(srcdir)/keymap.h
des_headers = parity.h rotors.h keymap.h
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES =
LIBRARIES = $(lib_LIBRARIES)
DEFS = @DEFS@ -I. -I$(srcdir) -I.
CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
libnettle_a_DEPENDENCIES = @LIBOBJS@
libnettle_a_OBJECTS = aes.o arcfour.o cast128.o blowfish.o des.o md5.o \
sha1.o serpent.o twofish.o
AR = ar
PROGRAMS = $(noinst_PROGRAMS)
desdata_SOURCES = desdata.c
desdata_OBJECTS = desdata.o
desdata_LDADD = $(LDADD)
desdata_DEPENDENCIES =
desdata_LDFLAGS =
CFLAGS = @CFLAGS@
COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@
TEXI2DVI = texi2dvi
INFO_DEPS = nettle.info
DVIS = nettle.dvi
TEXINFOS = nettle.texinfo
HEADERS = $(libnettleinclude_HEADERS)
DIST_COMMON = README ./stamp-h.in AUTHORS COPYING ChangeLog INSTALL \
Makefile.am Makefile.in NEWS aclocal.m4 config.h.in configure \
configure.in install-sh memxor.c missing mkinstalldirs texinfo.tex
DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
TAR = tar
GZIP_ENV = --best
SOURCES = $(libnettle_a_SOURCES) desdata.c
OBJECTS = $(libnettle_a_OBJECTS) desdata.o
all: all-redirect
.SUFFIXES:
.SUFFIXES: .S .c .dvi .info .o .ps .s .texi .texinfo .txi
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && $(AUTOMAKE) --gnu --include-deps Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) \
&& CONFIG_FILES=$@ CONFIG_HEADERS= $(SHELL) ./config.status
$(ACLOCAL_M4): configure.in
cd $(srcdir) && $(ACLOCAL)
config.status: $(srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
$(SHELL) ./config.status --recheck
$(srcdir)/configure: $(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES)
cd $(srcdir) && $(AUTOCONF)
config.h: stamp-h
@if test ! -f $@; then \
rm -f stamp-h; \
$(MAKE) stamp-h; \
else :; fi
stamp-h: $(srcdir)/config.h.in $(top_builddir)/config.status
cd $(top_builddir) \
&& CONFIG_FILES= CONFIG_HEADERS=config.h \
$(SHELL) ./config.status
@echo timestamp > stamp-h 2> /dev/null
$(srcdir)/config.h.in: $(srcdir)/stamp-h.in
@if test ! -f $@; then \
rm -f $(srcdir)/stamp-h.in; \
$(MAKE) $(srcdir)/stamp-h.in; \
else :; fi
$(srcdir)/stamp-h.in: $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && $(AUTOHEADER)
@echo timestamp > $(srcdir)/stamp-h.in 2> /dev/null
mostlyclean-hdr:
clean-hdr:
distclean-hdr:
-rm -f config.h
maintainer-clean-hdr:
mostlyclean-libLIBRARIES:
clean-libLIBRARIES:
-test -z "$(lib_LIBRARIES)" || rm -f $(lib_LIBRARIES)
distclean-libLIBRARIES:
maintainer-clean-libLIBRARIES:
install-libLIBRARIES: $(lib_LIBRARIES)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(libdir)
@list='$(lib_LIBRARIES)'; for p in $$list; do \
if test -f $$p; then \
echo " $(INSTALL_DATA) $$p $(DESTDIR)$(libdir)/$$p"; \
$(INSTALL_DATA) $$p $(DESTDIR)$(libdir)/$$p; \
else :; fi; \
done
@$(POST_INSTALL)
@list='$(lib_LIBRARIES)'; for p in $$list; do \
if test -f $$p; then \
echo " $(RANLIB) $(DESTDIR)$(libdir)/$$p"; \
$(RANLIB) $(DESTDIR)$(libdir)/$$p; \
else :; fi; \
done
uninstall-libLIBRARIES:
@$(NORMAL_UNINSTALL)
list='$(lib_LIBRARIES)'; for p in $$list; do \
rm -f $(DESTDIR)$(libdir)/$$p; \
done
.c.o:
$(COMPILE) -c $<
.s.o:
$(COMPILE) -c $<
.S.o:
$(COMPILE) -c $<
mostlyclean-compile:
-rm -f *.o core *.core
clean-compile:
distclean-compile:
-rm -f *.tab.c
maintainer-clean-compile:
libnettle.a: $(libnettle_a_OBJECTS) $(libnettle_a_DEPENDENCIES)
-rm -f libnettle.a
$(AR) cru libnettle.a $(libnettle_a_OBJECTS) $(libnettle_a_LIBADD)
$(RANLIB) libnettle.a
mostlyclean-noinstPROGRAMS:
clean-noinstPROGRAMS:
-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
distclean-noinstPROGRAMS:
maintainer-clean-noinstPROGRAMS:
desdata: $(desdata_OBJECTS) $(desdata_DEPENDENCIES)
@rm -f desdata
$(LINK) $(desdata_LDFLAGS) $(desdata_OBJECTS) $(desdata_LDADD) $(LIBS)
nettle.info: nettle.texinfo
nettle.dvi: nettle.texinfo
DVIPS = dvips
.texi.info:
@cd $(srcdir) && rm -f $@ $@-[0-9] $@-[0-9][0-9]
cd $(srcdir) \
&& $(MAKEINFO) `echo $< | sed 's,.*/,,'`
.texi.dvi:
TEXINPUTS=.:$$TEXINPUTS \
MAKEINFO='$(MAKEINFO) -I $(srcdir)' $(TEXI2DVI) $<
.texi:
@cd $(srcdir) && rm -f $@ $@-[0-9] $@-[0-9][0-9]
cd $(srcdir) \
&& $(MAKEINFO) `echo $< | sed 's,.*/,,'`
.texinfo.info:
@cd $(srcdir) && rm -f $@ $@-[0-9] $@-[0-9][0-9]
cd $(srcdir) \
&& $(MAKEINFO) `echo $< | sed 's,.*/,,'`
.texinfo:
@cd $(srcdir) && rm -f $@ $@-[0-9] $@-[0-9][0-9]
cd $(srcdir) \
&& $(MAKEINFO) `echo $< | sed 's,.*/,,'`
.texinfo.dvi:
TEXINPUTS=.:$$TEXINPUTS \
MAKEINFO='$(MAKEINFO) -I $(srcdir)' $(TEXI2DVI) $<
.txi.info:
@cd $(srcdir) && rm -f $@ $@-[0-9] $@-[0-9][0-9]
cd $(srcdir) \
&& $(MAKEINFO) `echo $< | sed 's,.*/,,'`
.txi.dvi:
TEXINPUTS=.:$$TEXINPUTS \
MAKEINFO='$(MAKEINFO) -I $(srcdir)' $(TEXI2DVI) $<
.txi:
@cd $(srcdir) && rm -f $@ $@-[0-9] $@-[0-9][0-9]
cd $(srcdir) \
&& $(MAKEINFO) `echo $< | sed 's,.*/,,'`
.dvi.ps:
$(DVIPS) $< -o $@
install-info-am: $(INFO_DEPS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(infodir)
@list='$(INFO_DEPS)'; \
for file in $$list; do \
d=$(srcdir); \
for ifile in `cd $$d && echo $$file $$file-[0-9] $$file-[0-9][0-9]`; do \
if test -f $$d/$$ifile; then \
echo " $(INSTALL_DATA) $$d/$$ifile $(DESTDIR)$(infodir)/$$ifile"; \
$(INSTALL_DATA) $$d/$$ifile $(DESTDIR)$(infodir)/$$ifile; \
else : ; fi; \
done; \
done
@$(POST_INSTALL)
@if $(SHELL) -c 'install-info --version | sed 1q | fgrep -s -v -i debian' >/dev/null 2>&1; then \
list='$(INFO_DEPS)'; \
for file in $$list; do \
echo " install-info --info-dir=$(DESTDIR)$(infodir) $(DESTDIR)$(infodir)/$$file";\
install-info --info-dir=$(DESTDIR)$(infodir) $(DESTDIR)$(infodir)/$$file || :;\
done; \
else : ; fi
uninstall-info:
$(PRE_UNINSTALL)
@if $(SHELL) -c 'install-info --version | sed 1q | fgrep -s -v -i debian' >/dev/null 2>&1; then \
ii=yes; \
else ii=; fi; \
list='$(INFO_DEPS)'; \
for file in $$list; do \
test -z "$ii" \
|| install-info --info-dir=$(DESTDIR)$(infodir) --remove $$file; \
done
@$(NORMAL_UNINSTALL)
list='$(INFO_DEPS)'; \
for file in $$list; do \
(cd $(DESTDIR)$(infodir) && rm -f $$file $$file-[0-9] $$file-[0-9][0-9]); \
done
dist-info: $(INFO_DEPS)
list='$(INFO_DEPS)'; \
for base in $$list; do \
d=$(srcdir); \
for file in `cd $$d && eval echo $$base*`; do \
test -f $(distdir)/$$file \
|| ln $$d/$$file $(distdir)/$$file 2> /dev/null \
|| cp -p $$d/$$file $(distdir)/$$file; \
done; \
done
mostlyclean-aminfo:
-rm -f nettle.aux nettle.cp nettle.cps nettle.dvi nettle.fn nettle.fns \
nettle.ky nettle.kys nettle.ps nettle.log nettle.pg \
nettle.toc nettle.tp nettle.tps nettle.vr nettle.vrs \
nettle.op nettle.tr nettle.cv nettle.cn
clean-aminfo:
distclean-aminfo:
maintainer-clean-aminfo:
cd $(srcdir) && for i in $(INFO_DEPS); do \
rm -f $$i; \
if test "`echo $$i-[0-9]*`" != "$$i-[0-9]*"; then \
rm -f $$i-[0-9]*; \
fi; \
done
install-libnettleincludeHEADERS: $(libnettleinclude_HEADERS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(libnettleincludedir)
@list='$(libnettleinclude_HEADERS)'; for p in $$list; do \
if test -f "$$p"; then d= ; else d="$(srcdir)/"; fi; \
echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(libnettleincludedir)/$$p"; \
$(INSTALL_DATA) $$d$$p $(DESTDIR)$(libnettleincludedir)/$$p; \
done
uninstall-libnettleincludeHEADERS:
@$(NORMAL_UNINSTALL)
list='$(libnettleinclude_HEADERS)'; for p in $$list; do \
rm -f $(DESTDIR)$(libnettleincludedir)/$$p; \
done
# This directory's subdirectories are mostly independent; you can cd
# into them and run `make' without going through this Makefile.
# To change the values of `make' variables: instead of editing Makefiles,
# (1) if the variable is set in `config.status', edit `config.status'
# (which will cause the Makefiles to be regenerated when you run `make');
# (2) otherwise, pass the desired values on the `make' command line.
@SET_MAKE@
all-recursive install-data-recursive install-exec-recursive \
installdirs-recursive install-recursive uninstall-recursive \
check-recursive installcheck-recursive info-recursive dvi-recursive:
@set fnord $(MAKEFLAGS); amf=$$2; \
dot_seen=no; \
target=`echo $@ | sed s/-recursive//`; \
list='$(SUBDIRS)'; for subdir in $$list; do \
echo "Making $$target in $$subdir"; \
if test "$$subdir" = "."; then \
dot_seen=yes; \
local_target="$$target-am"; \
else \
local_target="$$target"; \
fi; \
(cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
done; \
if test "$$dot_seen" = "no"; then \
$(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
fi; test -z "$$fail"
mostlyclean-recursive clean-recursive distclean-recursive \
maintainer-clean-recursive:
@set fnord $(MAKEFLAGS); amf=$$2; \
dot_seen=no; \
rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \
rev="$$subdir $$rev"; \
test "$$subdir" = "." && dot_seen=yes; \
done; \
test "$$dot_seen" = "no" && rev=". $$rev"; \
target=`echo $@ | sed s/-recursive//`; \
for subdir in $$rev; do \
echo "Making $$target in $$subdir"; \
if test "$$subdir" = "."; then \
local_target="$$target-am"; \
else \
local_target="$$target"; \
fi; \
(cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
done && test -z "$$fail"
tags-recursive:
list='$(SUBDIRS)'; for subdir in $$list; do \
test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
done
tags: TAGS
ID: $(HEADERS) $(SOURCES) $(LISP)
list='$(SOURCES) $(HEADERS)'; \
unique=`for i in $$list; do echo $$i; done | \
awk ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
here=`pwd` && cd $(srcdir) \
&& mkid -f$$here/ID $$unique $(LISP)
TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
fi; \
done; \
list='$(SOURCES) $(HEADERS)'; \
unique=`for i in $$list; do echo $$i; done | \
awk ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(ETAGS_ARGS)config.h.in$$unique$(LISP)$$tags" \
|| (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags config.h.in $$unique $(LISP) -o $$here/TAGS)
mostlyclean-tags:
clean-tags:
distclean-tags:
-rm -f TAGS ID
maintainer-clean-tags:
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
# This target untars the dist file and tries a VPATH configuration. Then
# it guarantees that the distribution is self-contained by making another
# tarfile.
distcheck: dist
-rm -rf $(distdir)
GZIP=$(GZIP_ENV) $(TAR) zxf $(distdir).tar.gz
mkdir $(distdir)/=build
mkdir $(distdir)/=inst
dc_install_base=`cd $(distdir)/=inst && pwd`; \
cd $(distdir)/=build \
&& ../configure --srcdir=.. --prefix=$$dc_install_base \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
&& $(MAKE) $(AM_MAKEFLAGS) check \
&& $(MAKE) $(AM_MAKEFLAGS) install \
&& $(MAKE) $(AM_MAKEFLAGS) installcheck \
&& $(MAKE) $(AM_MAKEFLAGS) dist
-rm -rf $(distdir)
@banner="$(distdir).tar.gz is ready for distribution"; \
dashes=`echo "$$banner" | sed s/./=/g`; \
echo "$$dashes"; \
echo "$$banner"; \
echo "$$dashes"
dist: distdir
-chmod -R a+r $(distdir)
GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir)
-rm -rf $(distdir)
dist-all: distdir
-chmod -R a+r $(distdir)
GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir)
-rm -rf $(distdir)
distdir: $(DISTFILES)
-rm -rf $(distdir)
mkdir $(distdir)
-chmod 777 $(distdir)
@for file in $(DISTFILES); do \
d=$(srcdir); \
if test -d $$d/$$file; then \
cp -pr $$d/$$file $(distdir)/$$file; \
else \
test -f $(distdir)/$$file \
|| ln $$d/$$file $(distdir)/$$file 2> /dev/null \
|| cp -p $$d/$$file $(distdir)/$$file || :; \
fi; \
done
for subdir in $(SUBDIRS); do \
if test "$$subdir" = .; then :; else \
test -d $(distdir)/$$subdir \
|| mkdir $(distdir)/$$subdir \
|| exit 1; \
chmod 777 $(distdir)/$$subdir; \
(cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir=../$(distdir) distdir=../$(distdir)/$$subdir distdir) \
|| exit 1; \
fi; \
done
$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-info
aes.o: aes.c aes.h
arcfour.o: arcfour.c arcfour.h
blowfish.o: blowfish.c blowfish.h macros.h
cast128.o: cast128.c cast128.h cast128_sboxes.h macros.h
des.o: des.c des.h desCode.h keymap.h rotors.h parity.h
desdata.o: desdata.c desinfo.h desCode.h des.h
md5.o: md5.c md5.h macros.h
memxor.o: memxor.c memxor.h
serpent.o: serpent.c serpent.h serpent_sboxes.h macros.h
sha1.o: sha1.c sha1.h macros.h
twofish.o: twofish.c twofish.h macros.h
info-am: $(INFO_DEPS)
info: info-recursive
dvi-am: $(DVIS)
dvi: dvi-recursive
check-am: all-am
check: check-recursive
installcheck-am:
installcheck: installcheck-recursive
all-recursive-am: config.h
$(MAKE) $(AM_MAKEFLAGS) all-recursive
install-exec-am: install-libLIBRARIES
install-exec: install-exec-recursive
install-data-am: install-info-am install-libnettleincludeHEADERS
install-data: install-data-recursive
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
install: install-recursive
uninstall-am: uninstall-libLIBRARIES uninstall-info \
uninstall-libnettleincludeHEADERS
uninstall: uninstall-recursive
all-am: Makefile $(INFO_DEPS) $(LIBRARIES) $(PROGRAMS) $(HEADERS) \
config.h all-local
all-redirect: all-recursive-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install
installdirs: installdirs-recursive
installdirs-am:
$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(infodir) \
$(DESTDIR)$(libnettleincludedir)
mostlyclean-generic:
clean-generic:
distclean-generic:
-rm -f Makefile $(CONFIG_CLEAN_FILES)
-rm -f config.cache config.log stamp-h stamp-h[0-9]*
maintainer-clean-generic:
mostlyclean-am: mostlyclean-hdr mostlyclean-libLIBRARIES \
mostlyclean-compile mostlyclean-noinstPROGRAMS \
mostlyclean-aminfo mostlyclean-tags mostlyclean-generic
mostlyclean: mostlyclean-recursive
clean-am: clean-hdr clean-libLIBRARIES clean-compile \
clean-noinstPROGRAMS clean-aminfo clean-tags \
clean-generic mostlyclean-am
clean: clean-recursive
distclean-am: distclean-hdr distclean-libLIBRARIES distclean-compile \
distclean-noinstPROGRAMS distclean-aminfo \
distclean-tags distclean-generic clean-am
distclean: distclean-recursive
-rm -f config.status
maintainer-clean-am: maintainer-clean-hdr maintainer-clean-libLIBRARIES \
maintainer-clean-compile \
maintainer-clean-noinstPROGRAMS maintainer-clean-aminfo \
maintainer-clean-tags maintainer-clean-generic \
distclean-am
@echo "This command is intended for maintainers to use;"
@echo "it deletes files that may require special tools to rebuild."
maintainer-clean: maintainer-clean-recursive
-rm -f config.status
.PHONY: mostlyclean-hdr distclean-hdr clean-hdr maintainer-clean-hdr \
mostlyclean-libLIBRARIES distclean-libLIBRARIES clean-libLIBRARIES \
maintainer-clean-libLIBRARIES uninstall-libLIBRARIES \
install-libLIBRARIES mostlyclean-compile distclean-compile \
clean-compile maintainer-clean-compile mostlyclean-noinstPROGRAMS \
distclean-noinstPROGRAMS clean-noinstPROGRAMS \
maintainer-clean-noinstPROGRAMS install-info-am uninstall-info \
mostlyclean-aminfo distclean-aminfo clean-aminfo \
maintainer-clean-aminfo uninstall-libnettleincludeHEADERS \
install-libnettleincludeHEADERS install-data-recursive \
uninstall-data-recursive install-exec-recursive \
uninstall-exec-recursive installdirs-recursive uninstalldirs-recursive \
all-recursive check-recursive installcheck-recursive info-recursive \
dvi-recursive mostlyclean-recursive distclean-recursive clean-recursive \
maintainer-clean-recursive tags tags-recursive mostlyclean-tags \
distclean-tags clean-tags maintainer-clean-tags distdir info-am info \
dvi-am dvi check check-am installcheck-am installcheck all-recursive-am \
install-exec-am install-exec install-data-am install-data install-am \
install uninstall-am uninstall all-local all-redirect all-am all \
installdirs-am installdirs mostlyclean-generic distclean-generic \
clean-generic maintainer-clean-generic clean mostlyclean distclean \
maintainer-clean
all-local: nettle.html
# BUILT_SOURCE = $(des_headers)
%.html : %.texinfo
(cd $(srcdir) \
&& $(MAKEINFO) --html --no-split --output $@T $(<F) \
; test -s $@T && mv -f $@T $@)
# Generate DES headers.
$(des_headers): desdata
./desdata $(@F) > $@T
test -s $@T && mv -f $@T $@
des.o: des.c des.h $(des_headers)
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

0
lsh/src/nettle/NEWS Normal file
View File

0
lsh/src/nettle/README Normal file
View File

215
lsh/src/nettle/aclocal.m4 vendored Normal file
View File

@ -0,0 +1,215 @@
dnl aclocal.m4 generated automatically by aclocal 1.4
dnl Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl This program is distributed in the hope that it will be useful,
dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without
dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A
dnl PARTICULAR PURPOSE.
# Do all the work for Automake. This macro actually does too much --
# some checks are only needed if your package does certain things.
# But this isn't really a big deal.
# serial 1
dnl Usage:
dnl AM_INIT_AUTOMAKE(package,version, [no-define])
AC_DEFUN(AM_INIT_AUTOMAKE,
[AC_REQUIRE([AC_PROG_INSTALL])
PACKAGE=[$1]
AC_SUBST(PACKAGE)
VERSION=[$2]
AC_SUBST(VERSION)
dnl test to see if srcdir already configured
if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then
AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
fi
ifelse([$3],,
AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package]))
AC_REQUIRE([AM_SANITY_CHECK])
AC_REQUIRE([AC_ARG_PROGRAM])
dnl FIXME This is truly gross.
missing_dir=`cd $ac_aux_dir && pwd`
AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir)
AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)
AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)
AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)
AC_REQUIRE([AC_PROG_MAKE_SET])])
#
# Check to make sure that the build environment is sane.
#
AC_DEFUN(AM_SANITY_CHECK,
[AC_MSG_CHECKING([whether build environment is sane])
# Just in case
sleep 1
echo timestamp > conftestfile
# Do `set' in a subshell so we don't clobber the current shell's
# arguments. Must try -L first in case configure is actually a
# symlink; some systems play weird games with the mod time of symlinks
# (eg FreeBSD returns the mod time of the symlink's containing
# directory).
if (
set X `ls -Lt $srcdir/configure conftestfile 2> /dev/null`
if test "[$]*" = "X"; then
# -L didn't work.
set X `ls -t $srcdir/configure conftestfile`
fi
if test "[$]*" != "X $srcdir/configure conftestfile" \
&& test "[$]*" != "X conftestfile $srcdir/configure"; then
# If neither matched, then we have a broken ls. This can happen
# if, for instance, CONFIG_SHELL is bash and it inherits a
# broken ls alias from the environment. This has actually
# happened. Such a system could not be considered "sane".
AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
alias in your environment])
fi
test "[$]2" = conftestfile
)
then
# Ok.
:
else
AC_MSG_ERROR([newly created file is older than distributed files!
Check your system clock])
fi
rm -f conftest*
AC_MSG_RESULT(yes)])
dnl AM_MISSING_PROG(NAME, PROGRAM, DIRECTORY)
dnl The program must properly implement --version.
AC_DEFUN(AM_MISSING_PROG,
[AC_MSG_CHECKING(for working $2)
# Run test in a subshell; some versions of sh will print an error if
# an executable is not found, even if stderr is redirected.
# Redirect stdin to placate older versions of autoconf. Sigh.
if ($2 --version) < /dev/null > /dev/null 2>&1; then
$1=$2
AC_MSG_RESULT(found)
else
$1="$3/missing $2"
AC_MSG_RESULT(missing)
fi
AC_SUBST($1)])
# Like AC_CONFIG_HEADER, but automatically create stamp file.
AC_DEFUN(AM_CONFIG_HEADER,
[AC_PREREQ([2.12])
AC_CONFIG_HEADER([$1])
dnl When config.status generates a header, we must update the stamp-h file.
dnl This file resides in the same directory as the config header
dnl that is generated. We must strip everything past the first ":",
dnl and everything past the last "/".
AC_OUTPUT_COMMANDS(changequote(<<,>>)dnl
ifelse(patsubst(<<$1>>, <<[^ ]>>, <<>>), <<>>,
<<test -z "<<$>>CONFIG_HEADERS" || echo timestamp > patsubst(<<$1>>, <<^\([^:]*/\)?.*>>, <<\1>>)stamp-h<<>>dnl>>,
<<am_indx=1
for am_file in <<$1>>; do
case " <<$>>CONFIG_HEADERS " in
*" <<$>>am_file "*<<)>>
echo timestamp > `echo <<$>>am_file | sed -e 's%:.*%%' -e 's%[^/]*$%%'`stamp-h$am_indx
;;
esac
am_indx=`expr "<<$>>am_indx" + 1`
done<<>>dnl>>)
changequote([,]))])
# serial 1
# @defmac AC_PROG_CC_STDC
# @maindex PROG_CC_STDC
# @ovindex CC
# If the C compiler in not in ANSI C mode by default, try to add an option
# to output variable @code{CC} to make it so. This macro tries various
# options that select ANSI C on some system or another. It considers the
# compiler to be in ANSI C mode if it handles function prototypes correctly.
#
# If you use this macro, you should check after calling it whether the C
# compiler has been set to accept ANSI C; if not, the shell variable
# @code{am_cv_prog_cc_stdc} is set to @samp{no}. If you wrote your source
# code in ANSI C, you can make an un-ANSIfied copy of it by using the
# program @code{ansi2knr}, which comes with Ghostscript.
# @end defmac
AC_DEFUN(AM_PROG_CC_STDC,
[AC_REQUIRE([AC_PROG_CC])
AC_BEFORE([$0], [AC_C_INLINE])
AC_BEFORE([$0], [AC_C_CONST])
dnl Force this before AC_PROG_CPP. Some cpp's, eg on HPUX, require
dnl a magic option to avoid problems with ANSI preprocessor commands
dnl like #elif.
dnl FIXME: can't do this because then AC_AIX won't work due to a
dnl circular dependency.
dnl AC_BEFORE([$0], [AC_PROG_CPP])
AC_MSG_CHECKING(for ${CC-cc} option to accept ANSI C)
AC_CACHE_VAL(am_cv_prog_cc_stdc,
[am_cv_prog_cc_stdc=no
ac_save_CC="$CC"
# Don't try gcc -ansi; that turns off useful extensions and
# breaks some systems' header files.
# AIX -qlanglvl=ansi
# Ultrix and OSF/1 -std1
# HP-UX -Aa -D_HPUX_SOURCE
# SVR4 -Xc -D__EXTENSIONS__
for ac_arg in "" -qlanglvl=ansi -std1 "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
do
CC="$ac_save_CC $ac_arg"
AC_TRY_COMPILE(
[#include <stdarg.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
struct buf { int x; };
FILE * (*rcsopen) (struct buf *, struct stat *, int);
static char *e (p, i)
char **p;
int i;
{
return p[i];
}
static char *f (char * (*g) (char **, int), char **p, ...)
{
char *s;
va_list v;
va_start (v,p);
s = g (p, va_arg (v,int));
va_end (v);
return s;
}
int test (int i, double x);
struct s1 {int (*f) (int a);};
struct s2 {int (*f) (double a);};
int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
int argc;
char **argv;
], [
return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
],
[am_cv_prog_cc_stdc="$ac_arg"; break])
done
CC="$ac_save_CC"
])
if test -z "$am_cv_prog_cc_stdc"; then
AC_MSG_RESULT([none needed])
else
AC_MSG_RESULT($am_cv_prog_cc_stdc)
fi
case "x$am_cv_prog_cc_stdc" in
x|xno) ;;
*) CC="$CC $am_cv_prog_cc_stdc" ;;
esac
])

505
lsh/src/nettle/aes.c Normal file
View File

@ -0,0 +1,505 @@
/* aes.c
*
* The aes/rijndael block cipher.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2000, 2001 Rafael R. Sevilla, Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
/* Originally written by Rafael R. Sevilla <dido@pacific.net.ph> */
#include "aes.h"
#include <assert.h>
/* These tables combine both the S-boxes and the mixcolumn
* transformation, so that we can perform a round's encryption or by
* means of four table lookups and four XOR's per column of state.
* They were generated by the makertbls.pl script. */
static const uint32_t dtbl[] = {
0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c,
};
static const uint32_t itbl[] = {
0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5,
0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5,
0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d,
0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b,
0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295,
0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e,
0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927,
0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d,
0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362,
0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9,
0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52,
0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566,
0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3,
0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed,
0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e,
0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4,
0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4,
0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd,
0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d,
0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060,
0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967,
0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879,
0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000,
0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c,
0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36,
0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624,
0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b,
0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c,
0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12,
0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14,
0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3,
0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b,
0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8,
0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684,
0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7,
0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177,
0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947,
0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322,
0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498,
0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f,
0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54,
0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382,
0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf,
0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb,
0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83,
0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef,
0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029,
0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235,
0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733,
0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117,
0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4,
0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546,
0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb,
0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d,
0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb,
0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a,
0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773,
0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478,
0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2,
0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff,
0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664,
0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0,
};
/* Needed only for the key schedule and for final rounds */
static const uint8_t sbox[256] = {
99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171,
118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164,
114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113,
216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226,
235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214,
179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203,
190, 57, 74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69,
249, 2, 127, 80, 60, 159, 168, 81, 163, 64, 143, 146, 157, 56, 245,
188, 182, 218, 33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68,
23, 196, 167, 126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42,
144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73,
6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109,
141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37,
46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62,
181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225,
248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187,
22,
};
static const uint8_t isbox[256] = {
82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215,
251, 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222,
233, 203, 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66,
250, 195, 78, 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73,
109, 139, 209, 37, 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92,
204, 93, 101, 182, 146, 108, 112, 72, 80, 253, 237, 185, 218, 94, 21,
70, 87, 167, 141, 157, 132, 144, 216, 171, 0, 140, 188, 211, 10, 247,
228, 88, 5, 184, 179, 69, 6, 208, 44, 30, 143, 202, 63, 15, 2,
193, 175, 189, 3, 1, 19, 138, 107, 58, 145, 17, 65, 79, 103, 220,
234, 151, 242, 207, 206, 240, 180, 230, 115, 150, 172, 116, 34, 231, 173,
53, 133, 226, 249, 55, 232, 28, 117, 223, 110, 71, 241, 26, 113, 29,
41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, 252, 86, 62, 75,
198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, 31, 221, 168,
51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, 96, 81,
127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, 160,
224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12,
125,
};
/* Used only by the key schedule */
static const uint8_t Logtable[256] = {
0, 0, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28,
193, 125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201,
9, 120, 101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53,
147, 218, 142, 150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241,
64, 70, 131, 56, 102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226,
152, 34, 136, 145, 16, 126, 110, 72, 195, 163, 182, 30, 66, 58, 107,
40, 84, 250, 133, 61, 186, 43, 121, 10, 21, 155, 159, 94, 202, 78,
212, 172, 229, 243, 115, 167, 87, 175, 88, 168, 80, 244, 234, 214, 116,
79, 174, 233, 213, 231, 230, 173, 232, 44, 215, 117, 122, 235, 22, 11,
245, 89, 203, 95, 176, 156, 169, 81, 160, 127, 12, 246, 111, 23, 196,
73, 236, 216, 67, 31, 45, 164, 118, 123, 183, 204, 187, 62, 90, 251,
96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157, 151, 178, 135, 144,
97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209, 83, 57, 132,
60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171, 68, 17,
146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165, 103,
74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7,
};
static const uint8_t Alogtable[256] = {
1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19,
53, 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34,
102, 170, 229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144,
171, 230, 49, 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184,
211, 110, 178, 205, 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241,
8, 24, 40, 120, 136, 131, 158, 185, 208, 107, 189, 220, 127, 129, 152,
179, 206, 73, 219, 118, 154, 181, 196, 87, 249, 16, 48, 80, 240, 11,
29, 39, 105, 187, 214, 97, 163, 254, 25, 43, 125, 135, 146, 173, 236,
47, 113, 147, 174, 233, 32, 96, 160, 251, 22, 58, 78, 210, 109, 183,
194, 93, 231, 50, 86, 250, 21, 63, 65, 195, 94, 226, 61, 71, 201,
64, 192, 91, 237, 44, 116, 156, 191, 218, 117, 159, 186, 213, 100, 172,
239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128, 155, 182, 193, 88,
232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84, 252, 31, 33,
99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202, 69, 207,
74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14, 18,
54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1,
};
#define ROTBYTE(x) (((x) >> 8) | (((x) & 0xff) << 24))
#define ROTRBYTE(x) (((x) << 8) | (((x) >> 24) & 0xff))
#define SUBBYTE(x, box) (((box)[((x) & 0xff)]) | \
((box)[(((x) >> 8) & 0xff)] << 8) | \
((box)[(((x) >> 16) & 0xff)] << 16) | \
((box)[(((x) >> 24) & 0xff)] << 24))
static uint8_t
xtime(uint8_t a)
{
uint8_t b;
b = (a & 0x80) ? 0x1b : 0;
a<<=1;
a^=b;
return(a);
}
static uint8_t
mul(uint8_t a, uint8_t b)
{
if (a && b) return Alogtable[(Logtable[a] + Logtable[b])%255];
else return 0;
}
static void
inv_mix_column(uint32_t *a, uint32_t *b)
{
uint8_t c[4][4];
unsigned i, j;
for(j = 0; j < 4; j++)
{
for(i = 0; i < 4; i++)
{
c[j][i] = mul(0xe, (a[j] >> i*8) & 0xff)
^ mul(0xb, (a[j] >> ((i+1)%4)*8) & 0xff)
^ mul(0xd, (a[j] >> ((i+2)%4)*8) & 0xff)
^ mul(0x9, (a[j] >> ((i+3)%4)*8) & 0xff);
}
}
for(i = 0; i < 4; i++)
{
b[i] = 0;
for(j = 0; j < 4; j++)
b[i] |= c[i][j] << (j*8);
}
}
/* FIXME: Perhaps we should have separate fucntion for encryption and decryption keys?
* It seems unnecessary to compute the inverse subkeys if we're not going to use them.
* Can one define an aes_inverse function? */
void
aes_set_key(struct aes_ctx *ctx, unsigned keysize, const uint8_t *key)
{
unsigned nk, nr, i, lastkey;
uint32_t temp, rcon;
assert(keysize >= AES_MIN_KEY_SIZE);
assert(keysize <= AES_MAX_KEY_SIZE);
/* Truncate keysizes to the valid key sizes provided by Rijndael */
if (keysize == 32) {
nk = 8;
nr = 14;
} else if (keysize >= 24) {
nk = 6;
nr = 12;
} else { /* must be 16 or more */
nk = 4;
nr = 10;
}
lastkey = (AES_BLOCK_SIZE/4) * (nr + 1);
ctx->nrounds = nr;
rcon = 1;
for (i=0; i<nk; i++)
{
ctx->keys[i] = key[i*4] + (key[i*4+1]<<8) + (key[i*4+2]<<16) +
(key[i*4+3]<<24);
}
for (i=nk; i<lastkey; i++)
{
temp = ctx->keys[i-1];
if (i % nk == 0)
{
temp = SUBBYTE(ROTBYTE(temp), sbox) ^ rcon;
rcon = (uint32_t)xtime((uint8_t)rcon&0xff);
}
else if (nk > 6 && (i%nk) == 4)
{
temp = SUBBYTE(temp, sbox);
}
ctx->keys[i] = ctx->keys[i-nk] ^ temp;
}
/* Generate the inverse keys */
for (i=0; i<4; i++)
{
ctx->ikeys[i] = ctx->keys[i];
ctx->ikeys[lastkey-4 + i] = ctx->keys[lastkey-4 + i];
}
for (i=4; i<lastkey-4; i+=4)
inv_mix_column(&(ctx->keys[i]), &(ctx->ikeys[i]));
}
/* Key addition that also packs every byte in the key to a word rep. */
static void
key_addition_8to32(const uint8_t *txt, const uint32_t *keys, uint32_t *out)
{
const uint8_t *ptr;
unsigned i, j;
uint32_t val;
ptr = txt;
for (i=0; i<4; i++)
{
/* FIXME: Use the READ_UINT32 or LE_READ_UINT32 macro. */
val = 0;
for (j=0; j<4; j++)
val |= (*ptr++ << 8*j);
out[i] = keys[i]^val;
}
}
static void
key_addition32(const uint32_t *txt, const uint32_t *keys, uint32_t *out)
{
unsigned i;
for (i=0; i<4; i++)
out[i] = keys[i] ^ txt[i];
}
static void
key_addition32to8(const uint32_t *txt, const uint32_t *keys, uint8_t *out)
{
uint8_t *ptr;
unsigned i, j;
uint32_t val;
ptr = out;
for (i=0; i<4; i++)
{
/* FIXME: Use WRITE_UINT32 or LE_WRITE_UINT32 */
val = txt[i] ^ keys[i];
for (j=0; j<4; j++)
*ptr++ = (val >> 8*j) & 0xff;
}
}
static const unsigned idx[4][4] = {
{ 0, 1, 2, 3 },
{ 1, 2, 3, 0 },
{ 2, 3, 0, 1 },
{ 3, 0, 1, 2 } };
void
aes_encrypt(struct aes_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src)
{
unsigned r, j;
uint32_t wtxt[4], t[4]; /* working ciphertext */
uint32_t e;
assert(!(length % AES_BLOCK_SIZE));
for (; length;
length -= AES_BLOCK_SIZE, src += AES_BLOCK_SIZE, dst += AES_BLOCK_SIZE)
{
key_addition_8to32(src, ctx->keys, wtxt);
for (r=1; r<ctx->nrounds; r++)
{
for (j=0; j<4; j++)
{
t[j] = dtbl[wtxt[j] & 0xff] ^
ROTRBYTE(dtbl[(wtxt[idx[1][j]] >> 8) & 0xff]^
ROTRBYTE(dtbl[(wtxt[idx[2][j]] >> 16) & 0xff] ^
ROTRBYTE(dtbl[(wtxt[idx[3][j]] >> 24) & 0xff])));
}
key_addition32(t, ctx->keys + r*4, wtxt);
}
/* last round is special: there is no mixcolumn, so we can't use the big
tables. */
for (j=0; j<4; j++)
{
e = wtxt[j] & 0xff;
e |= (wtxt[idx[1][j]]) & (0xff << 8);
e |= (wtxt[idx[2][j]]) & (0xff << 16);
e |= (wtxt[idx[3][j]]) & (0xff << 24);
t[j] = e;
}
for (j=0; j<4; j++)
t[j] = SUBBYTE(t[j], sbox);
key_addition32to8(t, ctx->keys + 4*ctx->nrounds, dst);
}
}
static const unsigned iidx[4][4] = {
{ 0, 1, 2, 3 },
{ 3, 0, 1, 2 },
{ 2, 3, 0, 1 },
{ 1, 2, 3, 0 } };
void
aes_decrypt(struct aes_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src)
{
unsigned r, j;
uint32_t wtxt[4], t[4]; /* working ciphertext */
uint32_t e;
assert(!(length % AES_BLOCK_SIZE));
for (; length;
length -= AES_BLOCK_SIZE, src += AES_BLOCK_SIZE, dst += AES_BLOCK_SIZE)
{
key_addition_8to32(src, ctx->ikeys + 4*ctx->nrounds, wtxt);
for (r=ctx->nrounds-1; r> 0; r--)
{
for (j=0; j<4; j++)
{
t[j] = itbl[wtxt[j] & 0xff] ^
ROTRBYTE(itbl[(wtxt[iidx[1][j]] >> 8) & 0xff]^
ROTRBYTE(itbl[(wtxt[iidx[2][j]] >> 16) & 0xff] ^
ROTRBYTE(itbl[(wtxt[iidx[3][j]] >> 24) & 0xff])));
}
key_addition32(t, ctx->ikeys + r*4, wtxt);
}
/* last round is special: there is no mixcolumn, so we can't use the big
tables. */
for (j=0; j<4; j++)
{
e = wtxt[j] & 0xff;
e |= (wtxt[iidx[1][j]]) & (0xff << 8);
e |= (wtxt[iidx[2][j]]) & (0xff << 16);
e |= (wtxt[iidx[3][j]]) & (0xff << 24);
t[j] = e;
}
for (j=0; j<4; j++)
t[j] = SUBBYTE(t[j], isbox);
key_addition32to8(t, ctx->ikeys, dst);
}
}

60
lsh/src/nettle/aes.h Normal file
View File

@ -0,0 +1,60 @@
/* aes.h
*
* The aes/rijndael block cipher.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#ifndef NETTLE_AES_H_INCLUDED
#define NETTLE_AES_H_INCLUDED
#include <inttypes.h>
#define AES_BLOCK_SIZE 16
/* Variable key size between 128 and 256 bits. But the only valid
* values are 16 (128 bits), 24 (192 bits) and 32 (256 bits). */
#define AES_MIN_KEY_SIZE 16
#define AES_MAX_KEY_SIZE 32
#define AES_KEY_SIZE 32
struct aes_ctx
{
uint32_t keys[60]; /* maximum size of key schedule */
uint32_t ikeys[60]; /* inverse key schedule */
unsigned nrounds; /* number of rounds to use for our key size */
};
void
aes_set_key(struct aes_ctx *ctx,
unsigned length, const uint8_t *key);
void
aes_encrypt(struct aes_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
void
aes_decrypt(struct aes_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
#endif /* NETTLE_AES_H_INCLUDED */

90
lsh/src/nettle/arcfour.c Normal file
View File

@ -0,0 +1,90 @@
/* arcfour.c
*
* The arcfour/rc4 stream cipher.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#include "arcfour.h"
#include <assert.h>
#define SWAP(a,b) do { int _t = a; a = b; b = _t; } while(0)
void
arcfour_set_key(struct arcfour_ctx *ctx,
unsigned length, const uint8_t *key)
{
unsigned i, j, k;
assert(length >= ARCFOUR_MIN_KEY_SIZE);
assert(length <= ARCFOUR_MAX_KEY_SIZE);
/* Initialize context */
for (i = 0; i<256; i++)
ctx->S[i] = i;
for (i = j = k = 0; i<256; i++)
{
j += ctx->S[i] + key[k]; j &= 0xff;
SWAP(ctx->S[i], ctx->S[j]);
/* Repeat key as needed */
k = (k + 1) % length;
}
ctx->i = ctx->j = 0;
}
void
arcfour_crypt(struct arcfour_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src)
{
register uint8_t i, j;
i = ctx->i; j = ctx->j;
while(length--)
{
i++; i &= 0xff;
j += ctx->S[i]; j &= 0xff;
SWAP(ctx->S[i], ctx->S[j]);
*dst++ = *src++ ^ ctx->S[ (ctx->S[i] + ctx->S[j]) & 0xff ];
}
ctx->i = i; ctx->j = j;
}
void
arcfour_stream(struct arcfour_ctx *ctx,
unsigned length, uint8_t *dst)
{
register uint8_t i, j;
i = ctx->i; j = ctx->j;
while(length--)
{
i++; i &= 0xff;
j += ctx->S[i]; j &= 0xff;
SWAP(ctx->S[i], ctx->S[j]);
*dst++ = ctx->S[ (ctx->S[i] + ctx->S[j]) & 0xff ];
}
ctx->i = i; ctx->j = j;
}

58
lsh/src/nettle/arcfour.h Normal file
View File

@ -0,0 +1,58 @@
/* arcfour.h
*
* The arcfour/rc4 stream cipher.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#ifndef NETTLE_ARCFOUR_H_INCLUDED
#define NETTLE_ARCFOUR_H_INCLUDED
#include <inttypes.h>
/* Minimum and maximum keysizes, and a reasonable default. In
* octets.*/
#define ARCFOUR_MIN_KEY_SIZE 1
#define ARCFOUR_MAX_KEY_SIZE 256
#define ARCFOUR_KEY_SIZE 16
struct arcfour_ctx
{
uint8_t S[256];
uint8_t i;
uint8_t j;
};
void
arcfour_set_key(struct arcfour_ctx *ctx,
unsigned length, const uint8_t *key);
void
arcfour_crypt(struct arcfour_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
void
arcfour_stream(struct arcfour_ctx *ctx,
unsigned length, uint8_t *dst);
#endif /* NETTLE_ARCFOUR_H_INCLUDED */

421
lsh/src/nettle/blowfish.c Normal file
View File

@ -0,0 +1,421 @@
/* blowfish.c
*
* The blowfish block cipher.
*
* For a description of the algorithm, see:
* Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
* ISBN 0-471-11709-9. Pages 336 ff.
*/
/* NOTE: This file is distributed under the GPL, not the LGPL. */
/* nettle, low-level cryptographics library
*
* Copyright (C) 1998, 2001
* Free Software Foundation, Inc, Ray Dassen, Niels Möller
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include "blowfish.h"
#include "macros.h"
#include <assert.h>
/* Initial keysetup state */
static const struct blowfish_ctx
initial_ctx =
{ /* precomputed S boxes */
{
{
0xD1310BA6,0x98DFB5AC,0x2FFD72DB,0xD01ADFB7,0xB8E1AFED,0x6A267E96,
0xBA7C9045,0xF12C7F99,0x24A19947,0xB3916CF7,0x0801F2E2,0x858EFC16,
0x636920D8,0x71574E69,0xA458FEA3,0xF4933D7E,0x0D95748F,0x728EB658,
0x718BCD58,0x82154AEE,0x7B54A41D,0xC25A59B5,0x9C30D539,0x2AF26013,
0xC5D1B023,0x286085F0,0xCA417918,0xB8DB38EF,0x8E79DCB0,0x603A180E,
0x6C9E0E8B,0xB01E8A3E,0xD71577C1,0xBD314B27,0x78AF2FDA,0x55605C60,
0xE65525F3,0xAA55AB94,0x57489862,0x63E81440,0x55CA396A,0x2AAB10B6,
0xB4CC5C34,0x1141E8CE,0xA15486AF,0x7C72E993,0xB3EE1411,0x636FBC2A,
0x2BA9C55D,0x741831F6,0xCE5C3E16,0x9B87931E,0xAFD6BA33,0x6C24CF5C,
0x7A325381,0x28958677,0x3B8F4898,0x6B4BB9AF,0xC4BFE81B,0x66282193,
0x61D809CC,0xFB21A991,0x487CAC60,0x5DEC8032,0xEF845D5D,0xE98575B1,
0xDC262302,0xEB651B88,0x23893E81,0xD396ACC5,0x0F6D6FF3,0x83F44239,
0x2E0B4482,0xA4842004,0x69C8F04A,0x9E1F9B5E,0x21C66842,0xF6E96C9A,
0x670C9C61,0xABD388F0,0x6A51A0D2,0xD8542F68,0x960FA728,0xAB5133A3,
0x6EEF0B6C,0x137A3BE4,0xBA3BF050,0x7EFB2A98,0xA1F1651D,0x39AF0176,
0x66CA593E,0x82430E88,0x8CEE8619,0x456F9FB4,0x7D84A5C3,0x3B8B5EBE,
0xE06F75D8,0x85C12073,0x401A449F,0x56C16AA6,0x4ED3AA62,0x363F7706,
0x1BFEDF72,0x429B023D,0x37D0D724,0xD00A1248,0xDB0FEAD3,0x49F1C09B,
0x075372C9,0x80991B7B,0x25D479D8,0xF6E8DEF7,0xE3FE501A,0xB6794C3B,
0x976CE0BD,0x04C006BA,0xC1A94FB6,0x409F60C4,0x5E5C9EC2,0x196A2463,
0x68FB6FAF,0x3E6C53B5,0x1339B2EB,0x3B52EC6F,0x6DFC511F,0x9B30952C,
0xCC814544,0xAF5EBD09,0xBEE3D004,0xDE334AFD,0x660F2807,0x192E4BB3,
0xC0CBA857,0x45C8740F,0xD20B5F39,0xB9D3FBDB,0x5579C0BD,0x1A60320A,
0xD6A100C6,0x402C7279,0x679F25FE,0xFB1FA3CC,0x8EA5E9F8,0xDB3222F8,
0x3C7516DF,0xFD616B15,0x2F501EC8,0xAD0552AB,0x323DB5FA,0xFD238760,
0x53317B48,0x3E00DF82,0x9E5C57BB,0xCA6F8CA0,0x1A87562E,0xDF1769DB,
0xD542A8F6,0x287EFFC3,0xAC6732C6,0x8C4F5573,0x695B27B0,0xBBCA58C8,
0xE1FFA35D,0xB8F011A0,0x10FA3D98,0xFD2183B8,0x4AFCB56C,0x2DD1D35B,
0x9A53E479,0xB6F84565,0xD28E49BC,0x4BFB9790,0xE1DDF2DA,0xA4CB7E33,
0x62FB1341,0xCEE4C6E8,0xEF20CADA,0x36774C01,0xD07E9EFE,0x2BF11FB4,
0x95DBDA4D,0xAE909198,0xEAAD8E71,0x6B93D5A0,0xD08ED1D0,0xAFC725E0,
0x8E3C5B2F,0x8E7594B7,0x8FF6E2FB,0xF2122B64,0x8888B812,0x900DF01C,
0x4FAD5EA0,0x688FC31C,0xD1CFF191,0xB3A8C1AD,0x2F2F2218,0xBE0E1777,
0xEA752DFE,0x8B021FA1,0xE5A0CC0F,0xB56F74E8,0x18ACF3D6,0xCE89E299,
0xB4A84FE0,0xFD13E0B7,0x7CC43B81,0xD2ADA8D9,0x165FA266,0x80957705,
0x93CC7314,0x211A1477,0xE6AD2065,0x77B5FA86,0xC75442F5,0xFB9D35CF,
0xEBCDAF0C,0x7B3E89A0,0xD6411BD3,0xAE1E7E49,0x00250E2D,0x2071B35E,
0x226800BB,0x57B8E0AF,0x2464369B,0xF009B91E,0x5563911D,0x59DFA6AA,
0x78C14389,0xD95A537F,0x207D5BA2,0x02E5B9C5,0x83260376,0x6295CFA9,
0x11C81968,0x4E734A41,0xB3472DCA,0x7B14A94A,0x1B510052,0x9A532915,
0xD60F573F,0xBC9BC6E4,0x2B60A476,0x81E67400,0x08BA6FB5,0x571BE91F,
0xF296EC6B,0x2A0DD915,0xB6636521,0xE7B9F9B6,0xFF34052E,0xC5855664,
0x53B02D5D,0xA99F8FA1,0x08BA4799,0x6E85076A
}, {
0x4B7A70E9,0xB5B32944,0xDB75092E,0xC4192623,0xAD6EA6B0,0x49A7DF7D,
0x9CEE60B8,0x8FEDB266,0xECAA8C71,0x699A17FF,0x5664526C,0xC2B19EE1,
0x193602A5,0x75094C29,0xA0591340,0xE4183A3E,0x3F54989A,0x5B429D65,
0x6B8FE4D6,0x99F73FD6,0xA1D29C07,0xEFE830F5,0x4D2D38E6,0xF0255DC1,
0x4CDD2086,0x8470EB26,0x6382E9C6,0x021ECC5E,0x09686B3F,0x3EBAEFC9,
0x3C971814,0x6B6A70A1,0x687F3584,0x52A0E286,0xB79C5305,0xAA500737,
0x3E07841C,0x7FDEAE5C,0x8E7D44EC,0x5716F2B8,0xB03ADA37,0xF0500C0D,
0xF01C1F04,0x0200B3FF,0xAE0CF51A,0x3CB574B2,0x25837A58,0xDC0921BD,
0xD19113F9,0x7CA92FF6,0x94324773,0x22F54701,0x3AE5E581,0x37C2DADC,
0xC8B57634,0x9AF3DDA7,0xA9446146,0x0FD0030E,0xECC8C73E,0xA4751E41,
0xE238CD99,0x3BEA0E2F,0x3280BBA1,0x183EB331,0x4E548B38,0x4F6DB908,
0x6F420D03,0xF60A04BF,0x2CB81290,0x24977C79,0x5679B072,0xBCAF89AF,
0xDE9A771F,0xD9930810,0xB38BAE12,0xDCCF3F2E,0x5512721F,0x2E6B7124,
0x501ADDE6,0x9F84CD87,0x7A584718,0x7408DA17,0xBC9F9ABC,0xE94B7D8C,
0xEC7AEC3A,0xDB851DFA,0x63094366,0xC464C3D2,0xEF1C1847,0x3215D908,
0xDD433B37,0x24C2BA16,0x12A14D43,0x2A65C451,0x50940002,0x133AE4DD,
0x71DFF89E,0x10314E55,0x81AC77D6,0x5F11199B,0x043556F1,0xD7A3C76B,
0x3C11183B,0x5924A509,0xF28FE6ED,0x97F1FBFA,0x9EBABF2C,0x1E153C6E,
0x86E34570,0xEAE96FB1,0x860E5E0A,0x5A3E2AB3,0x771FE71C,0x4E3D06FA,
0x2965DCB9,0x99E71D0F,0x803E89D6,0x5266C825,0x2E4CC978,0x9C10B36A,
0xC6150EBA,0x94E2EA78,0xA5FC3C53,0x1E0A2DF4,0xF2F74EA7,0x361D2B3D,
0x1939260F,0x19C27960,0x5223A708,0xF71312B6,0xEBADFE6E,0xEAC31F66,
0xE3BC4595,0xA67BC883,0xB17F37D1,0x018CFF28,0xC332DDEF,0xBE6C5AA5,
0x65582185,0x68AB9802,0xEECEA50F,0xDB2F953B,0x2AEF7DAD,0x5B6E2F84,
0x1521B628,0x29076170,0xECDD4775,0x619F1510,0x13CCA830,0xEB61BD96,
0x0334FE1E,0xAA0363CF,0xB5735C90,0x4C70A239,0xD59E9E0B,0xCBAADE14,
0xEECC86BC,0x60622CA7,0x9CAB5CAB,0xB2F3846E,0x648B1EAF,0x19BDF0CA,
0xA02369B9,0x655ABB50,0x40685A32,0x3C2AB4B3,0x319EE9D5,0xC021B8F7,
0x9B540B19,0x875FA099,0x95F7997E,0x623D7DA8,0xF837889A,0x97E32D77,
0x11ED935F,0x16681281,0x0E358829,0xC7E61FD6,0x96DEDFA1,0x7858BA99,
0x57F584A5,0x1B227263,0x9B83C3FF,0x1AC24696,0xCDB30AEB,0x532E3054,
0x8FD948E4,0x6DBC3128,0x58EBF2EF,0x34C6FFEA,0xFE28ED61,0xEE7C3C73,
0x5D4A14D9,0xE864B7E3,0x42105D14,0x203E13E0,0x45EEE2B6,0xA3AAABEA,
0xDB6C4F15,0xFACB4FD0,0xC742F442,0xEF6ABBB5,0x654F3B1D,0x41CD2105,
0xD81E799E,0x86854DC7,0xE44B476A,0x3D816250,0xCF62A1F2,0x5B8D2646,
0xFC8883A0,0xC1C7B6A3,0x7F1524C3,0x69CB7492,0x47848A0B,0x5692B285,
0x095BBF00,0xAD19489D,0x1462B174,0x23820E00,0x58428D2A,0x0C55F5EA,
0x1DADF43E,0x233F7061,0x3372F092,0x8D937E41,0xD65FECF1,0x6C223BDB,
0x7CDE3759,0xCBEE7460,0x4085F2A7,0xCE77326E,0xA6078084,0x19F8509E,
0xE8EFD855,0x61D99735,0xA969A7AA,0xC50C06C2,0x5A04ABFC,0x800BCADC,
0x9E447A2E,0xC3453484,0xFDD56705,0x0E1E9EC9,0xDB73DBD3,0x105588CD,
0x675FDA79,0xE3674340,0xC5C43465,0x713E38D8,0x3D28F89E,0xF16DFF20,
0x153E21E7,0x8FB03D4A,0xE6E39F2B,0xDB83ADF7
}, {
0xE93D5A68,0x948140F7,0xF64C261C,0x94692934,0x411520F7,0x7602D4F7,
0xBCF46B2E,0xD4A20068,0xD4082471,0x3320F46A,0x43B7D4B7,0x500061AF,
0x1E39F62E,0x97244546,0x14214F74,0xBF8B8840,0x4D95FC1D,0x96B591AF,
0x70F4DDD3,0x66A02F45,0xBFBC09EC,0x03BD9785,0x7FAC6DD0,0x31CB8504,
0x96EB27B3,0x55FD3941,0xDA2547E6,0xABCA0A9A,0x28507825,0x530429F4,
0x0A2C86DA,0xE9B66DFB,0x68DC1462,0xD7486900,0x680EC0A4,0x27A18DEE,
0x4F3FFEA2,0xE887AD8C,0xB58CE006,0x7AF4D6B6,0xAACE1E7C,0xD3375FEC,
0xCE78A399,0x406B2A42,0x20FE9E35,0xD9F385B9,0xEE39D7AB,0x3B124E8B,
0x1DC9FAF7,0x4B6D1856,0x26A36631,0xEAE397B2,0x3A6EFA74,0xDD5B4332,
0x6841E7F7,0xCA7820FB,0xFB0AF54E,0xD8FEB397,0x454056AC,0xBA489527,
0x55533A3A,0x20838D87,0xFE6BA9B7,0xD096954B,0x55A867BC,0xA1159A58,
0xCCA92963,0x99E1DB33,0xA62A4A56,0x3F3125F9,0x5EF47E1C,0x9029317C,
0xFDF8E802,0x04272F70,0x80BB155C,0x05282CE3,0x95C11548,0xE4C66D22,
0x48C1133F,0xC70F86DC,0x07F9C9EE,0x41041F0F,0x404779A4,0x5D886E17,
0x325F51EB,0xD59BC0D1,0xF2BCC18F,0x41113564,0x257B7834,0x602A9C60,
0xDFF8E8A3,0x1F636C1B,0x0E12B4C2,0x02E1329E,0xAF664FD1,0xCAD18115,
0x6B2395E0,0x333E92E1,0x3B240B62,0xEEBEB922,0x85B2A20E,0xE6BA0D99,
0xDE720C8C,0x2DA2F728,0xD0127845,0x95B794FD,0x647D0862,0xE7CCF5F0,
0x5449A36F,0x877D48FA,0xC39DFD27,0xF33E8D1E,0x0A476341,0x992EFF74,
0x3A6F6EAB,0xF4F8FD37,0xA812DC60,0xA1EBDDF8,0x991BE14C,0xDB6E6B0D,
0xC67B5510,0x6D672C37,0x2765D43B,0xDCD0E804,0xF1290DC7,0xCC00FFA3,
0xB5390F92,0x690FED0B,0x667B9FFB,0xCEDB7D9C,0xA091CF0B,0xD9155EA3,
0xBB132F88,0x515BAD24,0x7B9479BF,0x763BD6EB,0x37392EB3,0xCC115979,
0x8026E297,0xF42E312D,0x6842ADA7,0xC66A2B3B,0x12754CCC,0x782EF11C,
0x6A124237,0xB79251E7,0x06A1BBE6,0x4BFB6350,0x1A6B1018,0x11CAEDFA,
0x3D25BDD8,0xE2E1C3C9,0x44421659,0x0A121386,0xD90CEC6E,0xD5ABEA2A,
0x64AF674E,0xDA86A85F,0xBEBFE988,0x64E4C3FE,0x9DBC8057,0xF0F7C086,
0x60787BF8,0x6003604D,0xD1FD8346,0xF6381FB0,0x7745AE04,0xD736FCCC,
0x83426B33,0xF01EAB71,0xB0804187,0x3C005E5F,0x77A057BE,0xBDE8AE24,
0x55464299,0xBF582E61,0x4E58F48F,0xF2DDFDA2,0xF474EF38,0x8789BDC2,
0x5366F9C3,0xC8B38E74,0xB475F255,0x46FCD9B9,0x7AEB2661,0x8B1DDF84,
0x846A0E79,0x915F95E2,0x466E598E,0x20B45770,0x8CD55591,0xC902DE4C,
0xB90BACE1,0xBB8205D0,0x11A86248,0x7574A99E,0xB77F19B6,0xE0A9DC09,
0x662D09A1,0xC4324633,0xE85A1F02,0x09F0BE8C,0x4A99A025,0x1D6EFE10,
0x1AB93D1D,0x0BA5A4DF,0xA186F20F,0x2868F169,0xDCB7DA83,0x573906FE,
0xA1E2CE9B,0x4FCD7F52,0x50115E01,0xA70683FA,0xA002B5C4,0x0DE6D027,
0x9AF88C27,0x773F8641,0xC3604C06,0x61A806B5,0xF0177A28,0xC0F586E0,
0x006058AA,0x30DC7D62,0x11E69ED7,0x2338EA63,0x53C2DD94,0xC2C21634,
0xBBCBEE56,0x90BCB6DE,0xEBFC7DA1,0xCE591D76,0x6F05E409,0x4B7C0188,
0x39720A3D,0x7C927C24,0x86E3725F,0x724D9DB9,0x1AC15BB4,0xD39EB8FC,
0xED545578,0x08FCA5B5,0xD83D7CD3,0x4DAD0FC4,0x1E50EF5E,0xB161E6F8,
0xA28514D9,0x6C51133C,0x6FD5C7E7,0x56E14EC4,0x362ABFCE,0xDDC6C837,
0xD79A3234,0x92638212,0x670EFA8E,0x406000E0
}, {
0x3A39CE37,0xD3FAF5CF,0xABC27737,0x5AC52D1B,0x5CB0679E,0x4FA33742,
0xD3822740,0x99BC9BBE,0xD5118E9D,0xBF0F7315,0xD62D1C7E,0xC700C47B,
0xB78C1B6B,0x21A19045,0xB26EB1BE,0x6A366EB4,0x5748AB2F,0xBC946E79,
0xC6A376D2,0x6549C2C8,0x530FF8EE,0x468DDE7D,0xD5730A1D,0x4CD04DC6,
0x2939BBDB,0xA9BA4650,0xAC9526E8,0xBE5EE304,0xA1FAD5F0,0x6A2D519A,
0x63EF8CE2,0x9A86EE22,0xC089C2B8,0x43242EF6,0xA51E03AA,0x9CF2D0A4,
0x83C061BA,0x9BE96A4D,0x8FE51550,0xBA645BD6,0x2826A2F9,0xA73A3AE1,
0x4BA99586,0xEF5562E9,0xC72FEFD3,0xF752F7DA,0x3F046F69,0x77FA0A59,
0x80E4A915,0x87B08601,0x9B09E6AD,0x3B3EE593,0xE990FD5A,0x9E34D797,
0x2CF0B7D9,0x022B8B51,0x96D5AC3A,0x017DA67D,0xD1CF3ED6,0x7C7D2D28,
0x1F9F25CF,0xADF2B89B,0x5AD6B472,0x5A88F54C,0xE029AC71,0xE019A5E6,
0x47B0ACFD,0xED93FA9B,0xE8D3C48D,0x283B57CC,0xF8D56629,0x79132E28,
0x785F0191,0xED756055,0xF7960E44,0xE3D35E8C,0x15056DD4,0x88F46DBA,
0x03A16125,0x0564F0BD,0xC3EB9E15,0x3C9057A2,0x97271AEC,0xA93A072A,
0x1B3F6D9B,0x1E6321F5,0xF59C66FB,0x26DCF319,0x7533D928,0xB155FDF5,
0x03563482,0x8ABA3CBB,0x28517711,0xC20AD9F8,0xABCC5167,0xCCAD925F,
0x4DE81751,0x3830DC8E,0x379D5862,0x9320F991,0xEA7A90C2,0xFB3E7BCE,
0x5121CE64,0x774FBE32,0xA8B6E37E,0xC3293D46,0x48DE5369,0x6413E680,
0xA2AE0810,0xDD6DB224,0x69852DFD,0x09072166,0xB39A460A,0x6445C0DD,
0x586CDECF,0x1C20C8AE,0x5BBEF7DD,0x1B588D40,0xCCD2017F,0x6BB4E3BB,
0xDDA26A7E,0x3A59FF45,0x3E350A44,0xBCB4CDD5,0x72EACEA8,0xFA6484BB,
0x8D6612AE,0xBF3C6F47,0xD29BE463,0x542F5D9E,0xAEC2771B,0xF64E6370,
0x740E0D8D,0xE75B1357,0xF8721671,0xAF537D5D,0x4040CB08,0x4EB4E2CC,
0x34D2466A,0x0115AF84,0xE1B00428,0x95983A1D,0x06B89FB4,0xCE6EA048,
0x6F3F3B82,0x3520AB82,0x011A1D4B,0x277227F8,0x611560B1,0xE7933FDC,
0xBB3A792B,0x344525BD,0xA08839E1,0x51CE794B,0x2F32C9B7,0xA01FBAC9,
0xE01CC87E,0xBCC7D1F6,0xCF0111C3,0xA1E8AAC7,0x1A908749,0xD44FBD9A,
0xD0DADECB,0xD50ADA38,0x0339C32A,0xC6913667,0x8DF9317C,0xE0B12B4F,
0xF79E59B7,0x43F5BB3A,0xF2D519FF,0x27D9459C,0xBF97222C,0x15E6FC2A,
0x0F91FC71,0x9B941525,0xFAE59361,0xCEB69CEB,0xC2A86459,0x12BAA8D1,
0xB6C1075E,0xE3056A0C,0x10D25065,0xCB03A442,0xE0EC6E0E,0x1698DB3B,
0x4C98A0BE,0x3278E964,0x9F1F9532,0xE0D392DF,0xD3A0342B,0x8971F21E,
0x1B0A7441,0x4BA3348C,0xC5BE7120,0xC37632D8,0xDF359F8D,0x9B992F2E,
0xE60B6F47,0x0FE3F11D,0xE54CDA54,0x1EDAD891,0xCE6279CF,0xCD3E7E6F,
0x1618B166,0xFD2C1D05,0x848FD2C5,0xF6FB2299,0xF523F357,0xA6327623,
0x93A83531,0x56CCCD02,0xACF08162,0x5A75EBB5,0x6E163697,0x88D273CC,
0xDE966292,0x81B949D0,0x4C50901B,0x71C65614,0xE6C6C7BD,0x327A140A,
0x45E1D006,0xC3F27B9A,0xC9AA53FD,0x62A80F00,0xBB25BFE2,0x35BDD2F6,
0x71126905,0xB2040222,0xB6CBCF7C,0xCD769C2B,0x53113EC0,0x1640E3D3,
0x38ABBD60,0x2547ADF0,0xBA38209C,0xF746CE76,0x77AFA1C5,0x20756060,
0x85CBFE4E,0x8AE88DD8,0x7AAAF9B0,0x4CF9AA7E,0x1948C25C,0x02FB8A8C,
0x01C36AE4,0xD6EBE1F9,0x90D4F869,0xA65CDEA0,0x3F09252D,0xC208E69F,
0xB74E6132,0xCE77E25B,0x578FDFE3,0x3AC372E6
}
},
/* p constants */
{
0x243F6A88,0x85A308D3,0x13198A2E,0x03707344,0xA4093822,0x299F31D0,
0x082EFA98,0xEC4E6C89,0x452821E6,0x38D01377,0xBE5466CF,0x34E90C6C,
0xC0AC29B7,0xC97C50DD,0x3F84D5B5,0xB5470917,0x9216D5D9,0x8979FB1B
},
/* Initial value, reset after key is checked. */
BLOWFISH_WEAK_KEY
};
/* It's unfortunate to have to pick the bytes apart in the round
* function. Werner's GNUPG code stored took the address of x, and
* then read the individual bytes depending on the endianness. But xr
* and xl ought to live in registers, so I'm not sure that really is a
* good way to do it. */
#define F(c, x) \
((( (c->s[0][(x>>24) &0xff] + c->s[1][(x>>16) & 0xff]) \
^ c->s[2][(x>>8) & 0xff]) + c->s[3][x & 0xff]) & 0xffffffff)
#define R(c, l, r, i) do { l ^= c->p[i]; r ^= F(c, l); } while(0)
static void
encrypt(struct blowfish_ctx *bc, uint32_t *ret_xl, uint32_t *ret_xr)
{
uint32_t xl, xr;
xl = *ret_xl;
xr = *ret_xr;
R(bc, xl, xr, 0);
R(bc, xr, xl, 1);
R(bc, xl, xr, 2);
R(bc, xr, xl, 3);
R(bc, xl, xr, 4);
R(bc, xr, xl, 5);
R(bc, xl, xr, 6);
R(bc, xr, xl, 7);
R(bc, xl, xr, 8);
R(bc, xr, xl, 9);
R(bc, xl, xr, 10);
R(bc, xr, xl, 11);
R(bc, xl, xr, 12);
R(bc, xr, xl, 13);
R(bc, xl, xr, 14);
R(bc, xr, xl, 15);
xl ^= bc->p[_BLOWFISH_ROUNDS];
xr ^= bc->p[_BLOWFISH_ROUNDS+1];
*ret_xl = xr;
*ret_xr = xl;
}
static void
decrypt(struct blowfish_ctx *bc, uint32_t *ret_xl, uint32_t *ret_xr )
{
uint32_t xl, xr;
xl = *ret_xl;
xr = *ret_xr;
R(bc, xl, xr, 17);
R(bc, xr, xl, 16);
R(bc, xl, xr, 15);
R(bc, xr, xl, 14);
R(bc, xl, xr, 13);
R(bc, xr, xl, 12);
R(bc, xl, xr, 11);
R(bc, xr, xl, 10);
R(bc, xl, xr, 9);
R(bc, xr, xl, 8);
R(bc, xl, xr, 7);
R(bc, xr, xl, 6);
R(bc, xl, xr, 5);
R(bc, xr, xl, 4);
R(bc, xl, xr, 3);
R(bc, xr, xl, 2);
xl ^= bc->p[1];
xr ^= bc->p[0];
*ret_xl = xr;
*ret_xr = xl;
}
#undef F
#undef R
void
blowfish_encrypt(struct blowfish_ctx *bc, unsigned length,
uint8_t *outbuf, const uint8_t *inbuf)
{
uint32_t d1, d2;
assert(!bc->status);
FOR_BLOCKS(length, outbuf, inbuf, BLOWFISH_BLOCK_SIZE)
{
d1 = READ_UINT32(inbuf);
d2 = READ_UINT32(inbuf+ 4);
encrypt( bc, &d1, &d2 );
WRITE_UINT32(outbuf, d1);
WRITE_UINT32(outbuf + 4, d2);
}
}
void
blowfish_decrypt(struct blowfish_ctx *bc, unsigned length,
uint8_t *outbuf, const uint8_t *inbuf )
{
uint32_t d1, d2;
assert(!bc->status);
FOR_BLOCKS(length, outbuf, inbuf, BLOWFISH_BLOCK_SIZE)
{
d1 = READ_UINT32(inbuf);
d2 = READ_UINT32(inbuf+ 4);
decrypt( bc, &d1, &d2 );
WRITE_UINT32(outbuf, d1);
WRITE_UINT32(outbuf + 4, d2);
}
}
int
blowfish_set_key(struct blowfish_ctx *ctx,
unsigned keylen, const uint8_t *key)
{
int i, j;
uint32_t data, datal, datar;
#if 0
static int initialized = 0;
if( !initialized ) {
initialized = 1;
assert(selftest());
}
#endif
*ctx = initial_ctx;
for(i=j=0; i < _BLOWFISH_ROUNDS+2; i++ )
{
data = key[j] << 24 | key[(j+1) % keylen] <<16
| key[(j+2)%keylen] << 8 | key[(j+3)%keylen];
ctx->p[i] ^= data;
j = (j+4) % keylen;
}
datal = datar = 0;
for(i=0; i < _BLOWFISH_ROUNDS+2; i += 2 )
{
encrypt( ctx, &datal, &datar );
ctx->p[i] = datal;
ctx->p[i+1] = datar;
}
for(i=0; i < 256; i += 2 )
{
encrypt( ctx, &datal, &datar );
ctx->s[0][i] = datal;
ctx->s[0][i+1] = datar;
}
for(i=0; i < 256; i += 2 )
{
encrypt( ctx, &datal, &datar );
ctx->s[1][i] = datal;
ctx->s[1][i+1] = datar;
}
for(i=0; i < 256; i += 2 )
{
encrypt( ctx, &datal, &datar );
ctx->s[2][i] = datal;
ctx->s[2][i+1] = datar;
}
for(i=0; i < 256; i += 2 )
{
encrypt( ctx, &datal, &datar );
ctx->s[3][i] = datal;
ctx->s[3][i+1] = datar;
}
/* Check for weak key. A weak key is a key in which a value in */
/* the P-array (here c) occurs more than once per table. */
for(i=0; i < 255; i++ )
for( j=i+1; j < 256; j++)
if( (ctx->s[0][i] == ctx->s[0][j]) || (ctx->s[1][i] == ctx->s[1][j]) ||
(ctx->s[2][i] == ctx->s[2][j]) || (ctx->s[3][i] == ctx->s[3][j]) )
return 0;
ctx->status = BLOWFISH_OK;
return 1;
}

66
lsh/src/nettle/blowfish.h Normal file
View File

@ -0,0 +1,66 @@
/* blowfish.h
*
* Blowfish block cipher.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 1998, 2001 FSF, Ray Dassen, Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#ifndef NETTLE_BLOWFISH_H_INCLUDED
#define NETTLE_BLOWFISH_H_INCLUDED
#include <inttypes.h>
#define BLOWFISH_BLOCK_SIZE 8
/* Variable key size between 64 and 448 bits. */
#define BLOWFISH_MIN_KEY_SIZE 8
#define BLOWFISH_MAX_KEY_SIZE 56
/* Default to 128 bits */
#define BLOWFISH_KEY_SIZE 16
#define _BLOWFISH_ROUNDS 16
enum blowfish_error { BLOWFISH_OK, BLOWFISH_WEAK_KEY };
struct blowfish_ctx
{
uint32_t s[4][256];
uint32_t p[_BLOWFISH_ROUNDS+2];
enum blowfish_error status;
};
/* On success, returns 1 and sets ctx->status to BLOWFISH_OK (zero).
* On error, returns 0 and sets ctx->status to BLOWFISH_WEAK_KEY. */
int
blowfish_set_key(struct blowfish_ctx *ctx,
unsigned length, const uint8_t *key);
void
blowfish_encrypt(struct blowfish_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
void
blowfish_decrypt(struct blowfish_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
#endif /* NETTLE_BLOWFISH_H_INCLUDED */

270
lsh/src/nettle/cast128.c Normal file
View File

@ -0,0 +1,270 @@
/* cast128.c
*
* The CAST-128 block cipher.
*/
/* CAST-128 in C
* Written by Steve Reid <sreid@sea-to-sky.net>
* 100% Public Domain - no warranty
* Released 1997.10.11
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#include "cast128.h"
#include "cast128_sboxes.h"
#include "macros.h"
#include <assert.h>
#define CAST_SMALL_KEY 10
#define CAST_SMALL_ROUNDS 12
#define CAST_FULL_ROUNDS 16
/* Macros to access 8-bit bytes out of a 32-bit word */
#define U8a(x) ( (uint8_t) (x>>24) )
#define U8b(x) ( (uint8_t) ((x>>16)&0xff) )
#define U8c(x) ( (uint8_t) ((x>>8)&0xff) )
#define U8d(x) ( (uint8_t) ((x)&0xff) )
/* Circular left shift */
#define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) )
/* CAST-128 uses three different round functions */
#define F1(l, r, i) \
t = ROL(ctx->keys[i] + r, ctx->keys[i+16]); \
l ^= ((cast_sbox1[U8a(t)] ^ cast_sbox2[U8b(t)]) \
- cast_sbox3[U8c(t)]) + cast_sbox4[U8d(t)];
#define F2(l, r, i) \
t = ROL(ctx->keys[i] ^ r, ctx->keys[i+16]); \
l ^= ((cast_sbox1[U8a(t)] - cast_sbox2[U8b(t)]) \
+ cast_sbox3[U8c(t)]) ^ cast_sbox4[U8d(t)];
#define F3(l, r, i) \
t = ROL(ctx->keys[i] - r, ctx->keys[i+16]); \
l ^= ((cast_sbox1[U8a(t)] + cast_sbox2[U8b(t)]) \
^ cast_sbox3[U8c(t)]) - cast_sbox4[U8d(t)];
/***** Encryption Function *****/
void
cast128_encrypt(struct cast128_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src)
{
FOR_BLOCKS(length, dst, src, CAST128_BLOCK_SIZE)
{
uint32_t t, l, r;
/* Get inblock into l,r */
l = READ_UINT32(src);
r = READ_UINT32(src+4);
/* Do the work */
F1(l, r, 0);
F2(r, l, 1);
F3(l, r, 2);
F1(r, l, 3);
F2(l, r, 4);
F3(r, l, 5);
F1(l, r, 6);
F2(r, l, 7);
F3(l, r, 8);
F1(r, l, 9);
F2(l, r, 10);
F3(r, l, 11);
/* Only do full 16 rounds if key length > 80 bits */
if (ctx->rounds > 12) {
F1(l, r, 12);
F2(r, l, 13);
F3(l, r, 14);
F1(r, l, 15);
}
/* Put l,r into outblock */
WRITE_UINT32(dst, r);
WRITE_UINT32(dst + 4, l);
/* Wipe clean */
t = l = r = 0;
}
}
/***** Decryption Function *****/
void
cast128_decrypt(struct cast128_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src)
{
FOR_BLOCKS(length, dst, src, CAST128_BLOCK_SIZE)
{
uint32_t t, l, r;
/* Get inblock into l,r */
r = READ_UINT32(src);
l = READ_UINT32(src+4);
/* Do the work */
/* Only do full 16 rounds if key length > 80 bits */
if (ctx->rounds > 12) {
F1(r, l, 15);
F3(l, r, 14);
F2(r, l, 13);
F1(l, r, 12);
}
F3(r, l, 11);
F2(l, r, 10);
F1(r, l, 9);
F3(l, r, 8);
F2(r, l, 7);
F1(l, r, 6);
F3(r, l, 5);
F2(l, r, 4);
F1(r, l, 3);
F3(l, r, 2);
F2(r, l, 1);
F1(l, r, 0);
/* Put l,r into outblock */
WRITE_UINT32(dst, l);
WRITE_UINT32(dst + 4, r);
/* Wipe clean */
t = l = r = 0;
}
}
/***** Key Schedule *****/
void
cast128_set_key(struct cast128_ctx *ctx,
unsigned keybytes, const uint8_t *rawkey)
{
uint32_t t[4], z[4], x[4];
unsigned i;
/* Set number of rounds to 12 or 16, depending on key length */
ctx->rounds = (keybytes <= CAST_SMALL_KEY)
? CAST_SMALL_ROUNDS : CAST_FULL_ROUNDS;
/* Copy key to workspace x */
for (i = 0; i < 4; i++) {
x[i] = 0;
if ((i*4+0) < keybytes) x[i] = (uint32_t)rawkey[i*4+0] << 24;
if ((i*4+1) < keybytes) x[i] |= (uint32_t)rawkey[i*4+1] << 16;
if ((i*4+2) < keybytes) x[i] |= (uint32_t)rawkey[i*4+2] << 8;
if ((i*4+3) < keybytes) x[i] |= (uint32_t)rawkey[i*4+3];
}
/* Generate 32 subkeys, four at a time */
for (i = 0; i < 32; i+=4) {
switch (i & 4) {
case 0:
t[0] = z[0] = x[0] ^ cast_sbox5[U8b(x[3])]
^ cast_sbox6[U8d(x[3])] ^ cast_sbox7[U8a(x[3])]
^ cast_sbox8[U8c(x[3])] ^ cast_sbox7[U8a(x[2])];
t[1] = z[1] = x[2] ^ cast_sbox5[U8a(z[0])]
^ cast_sbox6[U8c(z[0])] ^ cast_sbox7[U8b(z[0])]
^ cast_sbox8[U8d(z[0])] ^ cast_sbox8[U8c(x[2])];
t[2] = z[2] = x[3] ^ cast_sbox5[U8d(z[1])]
^ cast_sbox6[U8c(z[1])] ^ cast_sbox7[U8b(z[1])]
^ cast_sbox8[U8a(z[1])] ^ cast_sbox5[U8b(x[2])];
t[3] = z[3] = x[1] ^ cast_sbox5[U8c(z[2])] ^
cast_sbox6[U8b(z[2])] ^ cast_sbox7[U8d(z[2])]
^ cast_sbox8[U8a(z[2])] ^ cast_sbox6[U8d(x[2])];
break;
case 4:
t[0] = x[0] = z[2] ^ cast_sbox5[U8b(z[1])]
^ cast_sbox6[U8d(z[1])] ^ cast_sbox7[U8a(z[1])]
^ cast_sbox8[U8c(z[1])] ^ cast_sbox7[U8a(z[0])];
t[1] = x[1] = z[0] ^ cast_sbox5[U8a(x[0])]
^ cast_sbox6[U8c(x[0])] ^ cast_sbox7[U8b(x[0])]
^ cast_sbox8[U8d(x[0])] ^ cast_sbox8[U8c(z[0])];
t[2] = x[2] = z[1] ^ cast_sbox5[U8d(x[1])]
^ cast_sbox6[U8c(x[1])] ^ cast_sbox7[U8b(x[1])]
^ cast_sbox8[U8a(x[1])] ^ cast_sbox5[U8b(z[0])];
t[3] = x[3] = z[3] ^ cast_sbox5[U8c(x[2])]
^ cast_sbox6[U8b(x[2])] ^ cast_sbox7[U8d(x[2])]
^ cast_sbox8[U8a(x[2])] ^ cast_sbox6[U8d(z[0])];
break;
}
switch (i & 12) {
case 0:
case 12:
ctx->keys[i+0] = cast_sbox5[U8a(t[2])] ^ cast_sbox6[U8b(t[2])]
^ cast_sbox7[U8d(t[1])] ^ cast_sbox8[U8c(t[1])];
ctx->keys[i+1] = cast_sbox5[U8c(t[2])] ^ cast_sbox6[U8d(t[2])]
^ cast_sbox7[U8b(t[1])] ^ cast_sbox8[U8a(t[1])];
ctx->keys[i+2] = cast_sbox5[U8a(t[3])] ^ cast_sbox6[U8b(t[3])]
^ cast_sbox7[U8d(t[0])] ^ cast_sbox8[U8c(t[0])];
ctx->keys[i+3] = cast_sbox5[U8c(t[3])] ^ cast_sbox6[U8d(t[3])]
^ cast_sbox7[U8b(t[0])] ^ cast_sbox8[U8a(t[0])];
break;
case 4:
case 8:
ctx->keys[i+0] = cast_sbox5[U8d(t[0])] ^ cast_sbox6[U8c(t[0])]
^ cast_sbox7[U8a(t[3])] ^ cast_sbox8[U8b(t[3])];
ctx->keys[i+1] = cast_sbox5[U8b(t[0])] ^ cast_sbox6[U8a(t[0])]
^ cast_sbox7[U8c(t[3])] ^ cast_sbox8[U8d(t[3])];
ctx->keys[i+2] = cast_sbox5[U8d(t[1])] ^ cast_sbox6[U8c(t[1])]
^ cast_sbox7[U8a(t[2])] ^ cast_sbox8[U8b(t[2])];
ctx->keys[i+3] = cast_sbox5[U8b(t[1])] ^ cast_sbox6[U8a(t[1])]
^ cast_sbox7[U8c(t[2])] ^ cast_sbox8[U8d(t[2])];
break;
}
switch (i & 12) {
case 0:
ctx->keys[i+0] ^= cast_sbox5[U8c(z[0])];
ctx->keys[i+1] ^= cast_sbox6[U8c(z[1])];
ctx->keys[i+2] ^= cast_sbox7[U8b(z[2])];
ctx->keys[i+3] ^= cast_sbox8[U8a(z[3])];
break;
case 4:
ctx->keys[i+0] ^= cast_sbox5[U8a(x[2])];
ctx->keys[i+1] ^= cast_sbox6[U8b(x[3])];
ctx->keys[i+2] ^= cast_sbox7[U8d(x[0])];
ctx->keys[i+3] ^= cast_sbox8[U8d(x[1])];
break;
case 8:
ctx->keys[i+0] ^= cast_sbox5[U8b(z[2])];
ctx->keys[i+1] ^= cast_sbox6[U8a(z[3])];
ctx->keys[i+2] ^= cast_sbox7[U8c(z[0])];
ctx->keys[i+3] ^= cast_sbox8[U8c(z[1])];
break;
case 12:
ctx->keys[i+0] ^= cast_sbox5[U8d(x[0])];
ctx->keys[i+1] ^= cast_sbox6[U8d(x[1])];
ctx->keys[i+2] ^= cast_sbox7[U8a(x[2])];
ctx->keys[i+3] ^= cast_sbox8[U8b(x[3])];
break;
}
if (i >= 16) {
ctx->keys[i+0] &= 31;
ctx->keys[i+1] &= 31;
ctx->keys[i+2] &= 31;
ctx->keys[i+3] &= 31;
}
}
/* Wipe clean */
for (i = 0; i < 4; i++) {
t[i] = x[i] = z[i] = 0;
}
}

64
lsh/src/nettle/cast128.h Normal file
View File

@ -0,0 +1,64 @@
/* cast128.h
*
* The CAST-128 block cipher.
*/
/* CAST-128 in C
* Written by Steve Reid <sreid@sea-to-sky.net>
* 100% Public Domain - no warranty
* Released 1997.10.11
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#ifndef NETTLE_CAST128_H_INCLUDED
#define NETTLE_CAST128_H_INCLUDED
#include <inttypes.h>
#define CAST128_BLOCK_SIZE 8
/* Variable key size between 40 and 128. */
#define CAST128_MIN_KEY_SIZE 5
#define CAST128_MAX_KEY_SIZE 16
#define CAST128_KEY_SIZE 16
struct cast128_ctx
{
uint32_t keys[32]; /* Key, after expansion */
unsigned rounds; /* Number of rounds to use, 12 or 16 */
};
void
cast128_set_key(struct cast128_ctx *ctx,
unsigned length, const uint8_t *key);
void
cast128_encrypt(struct cast128_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
void
cast128_decrypt(struct cast128_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
#endif /* NETTLE_CAST128_H_INCLUDED */

545
lsh/src/nettle/cast128_sboxes.h Normal file
View File

@ -0,0 +1,545 @@
/*
* $Id$
*
* CAST-128 in C
* Written by Steve Reid <sreid@sea-to-sky.net>
* 100% Public Domain - no warranty
* Released 1997.10.11
*/
static const uint32_t cast_sbox1[256] = {
0x30FB40D4, 0x9FA0FF0B, 0x6BECCD2F, 0x3F258C7A,
0x1E213F2F, 0x9C004DD3, 0x6003E540, 0xCF9FC949,
0xBFD4AF27, 0x88BBBDB5, 0xE2034090, 0x98D09675,
0x6E63A0E0, 0x15C361D2, 0xC2E7661D, 0x22D4FF8E,
0x28683B6F, 0xC07FD059, 0xFF2379C8, 0x775F50E2,
0x43C340D3, 0xDF2F8656, 0x887CA41A, 0xA2D2BD2D,
0xA1C9E0D6, 0x346C4819, 0x61B76D87, 0x22540F2F,
0x2ABE32E1, 0xAA54166B, 0x22568E3A, 0xA2D341D0,
0x66DB40C8, 0xA784392F, 0x004DFF2F, 0x2DB9D2DE,
0x97943FAC, 0x4A97C1D8, 0x527644B7, 0xB5F437A7,
0xB82CBAEF, 0xD751D159, 0x6FF7F0ED, 0x5A097A1F,
0x827B68D0, 0x90ECF52E, 0x22B0C054, 0xBC8E5935,
0x4B6D2F7F, 0x50BB64A2, 0xD2664910, 0xBEE5812D,
0xB7332290, 0xE93B159F, 0xB48EE411, 0x4BFF345D,
0xFD45C240, 0xAD31973F, 0xC4F6D02E, 0x55FC8165,
0xD5B1CAAD, 0xA1AC2DAE, 0xA2D4B76D, 0xC19B0C50,
0x882240F2, 0x0C6E4F38, 0xA4E4BFD7, 0x4F5BA272,
0x564C1D2F, 0xC59C5319, 0xB949E354, 0xB04669FE,
0xB1B6AB8A, 0xC71358DD, 0x6385C545, 0x110F935D,
0x57538AD5, 0x6A390493, 0xE63D37E0, 0x2A54F6B3,
0x3A787D5F, 0x6276A0B5, 0x19A6FCDF, 0x7A42206A,
0x29F9D4D5, 0xF61B1891, 0xBB72275E, 0xAA508167,
0x38901091, 0xC6B505EB, 0x84C7CB8C, 0x2AD75A0F,
0x874A1427, 0xA2D1936B, 0x2AD286AF, 0xAA56D291,
0xD7894360, 0x425C750D, 0x93B39E26, 0x187184C9,
0x6C00B32D, 0x73E2BB14, 0xA0BEBC3C, 0x54623779,
0x64459EAB, 0x3F328B82, 0x7718CF82, 0x59A2CEA6,
0x04EE002E, 0x89FE78E6, 0x3FAB0950, 0x325FF6C2,
0x81383F05, 0x6963C5C8, 0x76CB5AD6, 0xD49974C9,
0xCA180DCF, 0x380782D5, 0xC7FA5CF6, 0x8AC31511,
0x35E79E13, 0x47DA91D0, 0xF40F9086, 0xA7E2419E,
0x31366241, 0x051EF495, 0xAA573B04, 0x4A805D8D,
0x548300D0, 0x00322A3C, 0xBF64CDDF, 0xBA57A68E,
0x75C6372B, 0x50AFD341, 0xA7C13275, 0x915A0BF5,
0x6B54BFAB, 0x2B0B1426, 0xAB4CC9D7, 0x449CCD82,
0xF7FBF265, 0xAB85C5F3, 0x1B55DB94, 0xAAD4E324,
0xCFA4BD3F, 0x2DEAA3E2, 0x9E204D02, 0xC8BD25AC,
0xEADF55B3, 0xD5BD9E98, 0xE31231B2, 0x2AD5AD6C,
0x954329DE, 0xADBE4528, 0xD8710F69, 0xAA51C90F,
0xAA786BF6, 0x22513F1E, 0xAA51A79B, 0x2AD344CC,
0x7B5A41F0, 0xD37CFBAD, 0x1B069505, 0x41ECE491,
0xB4C332E6, 0x032268D4, 0xC9600ACC, 0xCE387E6D,
0xBF6BB16C, 0x6A70FB78, 0x0D03D9C9, 0xD4DF39DE,
0xE01063DA, 0x4736F464, 0x5AD328D8, 0xB347CC96,
0x75BB0FC3, 0x98511BFB, 0x4FFBCC35, 0xB58BCF6A,
0xE11F0ABC, 0xBFC5FE4A, 0xA70AEC10, 0xAC39570A,
0x3F04442F, 0x6188B153, 0xE0397A2E, 0x5727CB79,
0x9CEB418F, 0x1CACD68D, 0x2AD37C96, 0x0175CB9D,
0xC69DFF09, 0xC75B65F0, 0xD9DB40D8, 0xEC0E7779,
0x4744EAD4, 0xB11C3274, 0xDD24CB9E, 0x7E1C54BD,
0xF01144F9, 0xD2240EB1, 0x9675B3FD, 0xA3AC3755,
0xD47C27AF, 0x51C85F4D, 0x56907596, 0xA5BB15E6,
0x580304F0, 0xCA042CF1, 0x011A37EA, 0x8DBFAADB,
0x35BA3E4A, 0x3526FFA0, 0xC37B4D09, 0xBC306ED9,
0x98A52666, 0x5648F725, 0xFF5E569D, 0x0CED63D0,
0x7C63B2CF, 0x700B45E1, 0xD5EA50F1, 0x85A92872,
0xAF1FBDA7, 0xD4234870, 0xA7870BF3, 0x2D3B4D79,
0x42E04198, 0x0CD0EDE7, 0x26470DB8, 0xF881814C,
0x474D6AD7, 0x7C0C5E5C, 0xD1231959, 0x381B7298,
0xF5D2F4DB, 0xAB838653, 0x6E2F1E23, 0x83719C9E,
0xBD91E046, 0x9A56456E, 0xDC39200C, 0x20C8C571,
0x962BDA1C, 0xE1E696FF, 0xB141AB08, 0x7CCA89B9,
0x1A69E783, 0x02CC4843, 0xA2F7C579, 0x429EF47D,
0x427B169C, 0x5AC9F049, 0xDD8F0F00, 0x5C8165BF
};
static const uint32_t cast_sbox2[256] = {
0x1F201094, 0xEF0BA75B, 0x69E3CF7E, 0x393F4380,
0xFE61CF7A, 0xEEC5207A, 0x55889C94, 0x72FC0651,
0xADA7EF79, 0x4E1D7235, 0xD55A63CE, 0xDE0436BA,
0x99C430EF, 0x5F0C0794, 0x18DCDB7D, 0xA1D6EFF3,
0xA0B52F7B, 0x59E83605, 0xEE15B094, 0xE9FFD909,
0xDC440086, 0xEF944459, 0xBA83CCB3, 0xE0C3CDFB,
0xD1DA4181, 0x3B092AB1, 0xF997F1C1, 0xA5E6CF7B,
0x01420DDB, 0xE4E7EF5B, 0x25A1FF41, 0xE180F806,
0x1FC41080, 0x179BEE7A, 0xD37AC6A9, 0xFE5830A4,
0x98DE8B7F, 0x77E83F4E, 0x79929269, 0x24FA9F7B,
0xE113C85B, 0xACC40083, 0xD7503525, 0xF7EA615F,
0x62143154, 0x0D554B63, 0x5D681121, 0xC866C359,
0x3D63CF73, 0xCEE234C0, 0xD4D87E87, 0x5C672B21,
0x071F6181, 0x39F7627F, 0x361E3084, 0xE4EB573B,
0x602F64A4, 0xD63ACD9C, 0x1BBC4635, 0x9E81032D,
0x2701F50C, 0x99847AB4, 0xA0E3DF79, 0xBA6CF38C,
0x10843094, 0x2537A95E, 0xF46F6FFE, 0xA1FF3B1F,
0x208CFB6A, 0x8F458C74, 0xD9E0A227, 0x4EC73A34,
0xFC884F69, 0x3E4DE8DF, 0xEF0E0088, 0x3559648D,
0x8A45388C, 0x1D804366, 0x721D9BFD, 0xA58684BB,
0xE8256333, 0x844E8212, 0x128D8098, 0xFED33FB4,
0xCE280AE1, 0x27E19BA5, 0xD5A6C252, 0xE49754BD,
0xC5D655DD, 0xEB667064, 0x77840B4D, 0xA1B6A801,
0x84DB26A9, 0xE0B56714, 0x21F043B7, 0xE5D05860,
0x54F03084, 0x066FF472, 0xA31AA153, 0xDADC4755,
0xB5625DBF, 0x68561BE6, 0x83CA6B94, 0x2D6ED23B,
0xECCF01DB, 0xA6D3D0BA, 0xB6803D5C, 0xAF77A709,
0x33B4A34C, 0x397BC8D6, 0x5EE22B95, 0x5F0E5304,
0x81ED6F61, 0x20E74364, 0xB45E1378, 0xDE18639B,
0x881CA122, 0xB96726D1, 0x8049A7E8, 0x22B7DA7B,
0x5E552D25, 0x5272D237, 0x79D2951C, 0xC60D894C,
0x488CB402, 0x1BA4FE5B, 0xA4B09F6B, 0x1CA815CF,
0xA20C3005, 0x8871DF63, 0xB9DE2FCB, 0x0CC6C9E9,
0x0BEEFF53, 0xE3214517, 0xB4542835, 0x9F63293C,
0xEE41E729, 0x6E1D2D7C, 0x50045286, 0x1E6685F3,
0xF33401C6, 0x30A22C95, 0x31A70850, 0x60930F13,
0x73F98417, 0xA1269859, 0xEC645C44, 0x52C877A9,
0xCDFF33A6, 0xA02B1741, 0x7CBAD9A2, 0x2180036F,
0x50D99C08, 0xCB3F4861, 0xC26BD765, 0x64A3F6AB,
0x80342676, 0x25A75E7B, 0xE4E6D1FC, 0x20C710E6,
0xCDF0B680, 0x17844D3B, 0x31EEF84D, 0x7E0824E4,
0x2CCB49EB, 0x846A3BAE, 0x8FF77888, 0xEE5D60F6,
0x7AF75673, 0x2FDD5CDB, 0xA11631C1, 0x30F66F43,
0xB3FAEC54, 0x157FD7FA, 0xEF8579CC, 0xD152DE58,
0xDB2FFD5E, 0x8F32CE19, 0x306AF97A, 0x02F03EF8,
0x99319AD5, 0xC242FA0F, 0xA7E3EBB0, 0xC68E4906,
0xB8DA230C, 0x80823028, 0xDCDEF3C8, 0xD35FB171,
0x088A1BC8, 0xBEC0C560, 0x61A3C9E8, 0xBCA8F54D,
0xC72FEFFA, 0x22822E99, 0x82C570B4, 0xD8D94E89,
0x8B1C34BC, 0x301E16E6, 0x273BE979, 0xB0FFEAA6,
0x61D9B8C6, 0x00B24869, 0xB7FFCE3F, 0x08DC283B,
0x43DAF65A, 0xF7E19798, 0x7619B72F, 0x8F1C9BA4,
0xDC8637A0, 0x16A7D3B1, 0x9FC393B7, 0xA7136EEB,
0xC6BCC63E, 0x1A513742, 0xEF6828BC, 0x520365D6,
0x2D6A77AB, 0x3527ED4B, 0x821FD216, 0x095C6E2E,
0xDB92F2FB, 0x5EEA29CB, 0x145892F5, 0x91584F7F,
0x5483697B, 0x2667A8CC, 0x85196048, 0x8C4BACEA,
0x833860D4, 0x0D23E0F9, 0x6C387E8A, 0x0AE6D249,
0xB284600C, 0xD835731D, 0xDCB1C647, 0xAC4C56EA,
0x3EBD81B3, 0x230EABB0, 0x6438BC87, 0xF0B5B1FA,
0x8F5EA2B3, 0xFC184642, 0x0A036B7A, 0x4FB089BD,
0x649DA589, 0xA345415E, 0x5C038323, 0x3E5D3BB9,
0x43D79572, 0x7E6DD07C, 0x06DFDF1E, 0x6C6CC4EF,
0x7160A539, 0x73BFBE70, 0x83877605, 0x4523ECF1
};
static const uint32_t cast_sbox3[256] = {
0x8DEFC240, 0x25FA5D9F, 0xEB903DBF, 0xE810C907,
0x47607FFF, 0x369FE44B, 0x8C1FC644, 0xAECECA90,
0xBEB1F9BF, 0xEEFBCAEA, 0xE8CF1950, 0x51DF07AE,
0x920E8806, 0xF0AD0548, 0xE13C8D83, 0x927010D5,
0x11107D9F, 0x07647DB9, 0xB2E3E4D4, 0x3D4F285E,
0xB9AFA820, 0xFADE82E0, 0xA067268B, 0x8272792E,
0x553FB2C0, 0x489AE22B, 0xD4EF9794, 0x125E3FBC,
0x21FFFCEE, 0x825B1BFD, 0x9255C5ED, 0x1257A240,
0x4E1A8302, 0xBAE07FFF, 0x528246E7, 0x8E57140E,
0x3373F7BF, 0x8C9F8188, 0xA6FC4EE8, 0xC982B5A5,
0xA8C01DB7, 0x579FC264, 0x67094F31, 0xF2BD3F5F,
0x40FFF7C1, 0x1FB78DFC, 0x8E6BD2C1, 0x437BE59B,
0x99B03DBF, 0xB5DBC64B, 0x638DC0E6, 0x55819D99,
0xA197C81C, 0x4A012D6E, 0xC5884A28, 0xCCC36F71,
0xB843C213, 0x6C0743F1, 0x8309893C, 0x0FEDDD5F,
0x2F7FE850, 0xD7C07F7E, 0x02507FBF, 0x5AFB9A04,
0xA747D2D0, 0x1651192E, 0xAF70BF3E, 0x58C31380,
0x5F98302E, 0x727CC3C4, 0x0A0FB402, 0x0F7FEF82,
0x8C96FDAD, 0x5D2C2AAE, 0x8EE99A49, 0x50DA88B8,
0x8427F4A0, 0x1EAC5790, 0x796FB449, 0x8252DC15,
0xEFBD7D9B, 0xA672597D, 0xADA840D8, 0x45F54504,
0xFA5D7403, 0xE83EC305, 0x4F91751A, 0x925669C2,
0x23EFE941, 0xA903F12E, 0x60270DF2, 0x0276E4B6,
0x94FD6574, 0x927985B2, 0x8276DBCB, 0x02778176,
0xF8AF918D, 0x4E48F79E, 0x8F616DDF, 0xE29D840E,
0x842F7D83, 0x340CE5C8, 0x96BBB682, 0x93B4B148,
0xEF303CAB, 0x984FAF28, 0x779FAF9B, 0x92DC560D,
0x224D1E20, 0x8437AA88, 0x7D29DC96, 0x2756D3DC,
0x8B907CEE, 0xB51FD240, 0xE7C07CE3, 0xE566B4A1,
0xC3E9615E, 0x3CF8209D, 0x6094D1E3, 0xCD9CA341,
0x5C76460E, 0x00EA983B, 0xD4D67881, 0xFD47572C,
0xF76CEDD9, 0xBDA8229C, 0x127DADAA, 0x438A074E,
0x1F97C090, 0x081BDB8A, 0x93A07EBE, 0xB938CA15,
0x97B03CFF, 0x3DC2C0F8, 0x8D1AB2EC, 0x64380E51,
0x68CC7BFB, 0xD90F2788, 0x12490181, 0x5DE5FFD4,
0xDD7EF86A, 0x76A2E214, 0xB9A40368, 0x925D958F,
0x4B39FFFA, 0xBA39AEE9, 0xA4FFD30B, 0xFAF7933B,
0x6D498623, 0x193CBCFA, 0x27627545, 0x825CF47A,
0x61BD8BA0, 0xD11E42D1, 0xCEAD04F4, 0x127EA392,
0x10428DB7, 0x8272A972, 0x9270C4A8, 0x127DE50B,
0x285BA1C8, 0x3C62F44F, 0x35C0EAA5, 0xE805D231,
0x428929FB, 0xB4FCDF82, 0x4FB66A53, 0x0E7DC15B,
0x1F081FAB, 0x108618AE, 0xFCFD086D, 0xF9FF2889,
0x694BCC11, 0x236A5CAE, 0x12DECA4D, 0x2C3F8CC5,
0xD2D02DFE, 0xF8EF5896, 0xE4CF52DA, 0x95155B67,
0x494A488C, 0xB9B6A80C, 0x5C8F82BC, 0x89D36B45,
0x3A609437, 0xEC00C9A9, 0x44715253, 0x0A874B49,
0xD773BC40, 0x7C34671C, 0x02717EF6, 0x4FEB5536,
0xA2D02FFF, 0xD2BF60C4, 0xD43F03C0, 0x50B4EF6D,
0x07478CD1, 0x006E1888, 0xA2E53F55, 0xB9E6D4BC,
0xA2048016, 0x97573833, 0xD7207D67, 0xDE0F8F3D,
0x72F87B33, 0xABCC4F33, 0x7688C55D, 0x7B00A6B0,
0x947B0001, 0x570075D2, 0xF9BB88F8, 0x8942019E,
0x4264A5FF, 0x856302E0, 0x72DBD92B, 0xEE971B69,
0x6EA22FDE, 0x5F08AE2B, 0xAF7A616D, 0xE5C98767,
0xCF1FEBD2, 0x61EFC8C2, 0xF1AC2571, 0xCC8239C2,
0x67214CB8, 0xB1E583D1, 0xB7DC3E62, 0x7F10BDCE,
0xF90A5C38, 0x0FF0443D, 0x606E6DC6, 0x60543A49,
0x5727C148, 0x2BE98A1D, 0x8AB41738, 0x20E1BE24,
0xAF96DA0F, 0x68458425, 0x99833BE5, 0x600D457D,
0x282F9350, 0x8334B362, 0xD91D1120, 0x2B6D8DA0,
0x642B1E31, 0x9C305A00, 0x52BCE688, 0x1B03588A,
0xF7BAEFD5, 0x4142ED9C, 0xA4315C11, 0x83323EC5,
0xDFEF4636, 0xA133C501, 0xE9D3531C, 0xEE353783
};
static const uint32_t cast_sbox4[256] = {
0x9DB30420, 0x1FB6E9DE, 0xA7BE7BEF, 0xD273A298,
0x4A4F7BDB, 0x64AD8C57, 0x85510443, 0xFA020ED1,
0x7E287AFF, 0xE60FB663, 0x095F35A1, 0x79EBF120,
0xFD059D43, 0x6497B7B1, 0xF3641F63, 0x241E4ADF,
0x28147F5F, 0x4FA2B8CD, 0xC9430040, 0x0CC32220,
0xFDD30B30, 0xC0A5374F, 0x1D2D00D9, 0x24147B15,
0xEE4D111A, 0x0FCA5167, 0x71FF904C, 0x2D195FFE,
0x1A05645F, 0x0C13FEFE, 0x081B08CA, 0x05170121,
0x80530100, 0xE83E5EFE, 0xAC9AF4F8, 0x7FE72701,
0xD2B8EE5F, 0x06DF4261, 0xBB9E9B8A, 0x7293EA25,
0xCE84FFDF, 0xF5718801, 0x3DD64B04, 0xA26F263B,
0x7ED48400, 0x547EEBE6, 0x446D4CA0, 0x6CF3D6F5,
0x2649ABDF, 0xAEA0C7F5, 0x36338CC1, 0x503F7E93,
0xD3772061, 0x11B638E1, 0x72500E03, 0xF80EB2BB,
0xABE0502E, 0xEC8D77DE, 0x57971E81, 0xE14F6746,
0xC9335400, 0x6920318F, 0x081DBB99, 0xFFC304A5,
0x4D351805, 0x7F3D5CE3, 0xA6C866C6, 0x5D5BCCA9,
0xDAEC6FEA, 0x9F926F91, 0x9F46222F, 0x3991467D,
0xA5BF6D8E, 0x1143C44F, 0x43958302, 0xD0214EEB,
0x022083B8, 0x3FB6180C, 0x18F8931E, 0x281658E6,
0x26486E3E, 0x8BD78A70, 0x7477E4C1, 0xB506E07C,
0xF32D0A25, 0x79098B02, 0xE4EABB81, 0x28123B23,
0x69DEAD38, 0x1574CA16, 0xDF871B62, 0x211C40B7,
0xA51A9EF9, 0x0014377B, 0x041E8AC8, 0x09114003,
0xBD59E4D2, 0xE3D156D5, 0x4FE876D5, 0x2F91A340,
0x557BE8DE, 0x00EAE4A7, 0x0CE5C2EC, 0x4DB4BBA6,
0xE756BDFF, 0xDD3369AC, 0xEC17B035, 0x06572327,
0x99AFC8B0, 0x56C8C391, 0x6B65811C, 0x5E146119,
0x6E85CB75, 0xBE07C002, 0xC2325577, 0x893FF4EC,
0x5BBFC92D, 0xD0EC3B25, 0xB7801AB7, 0x8D6D3B24,
0x20C763EF, 0xC366A5FC, 0x9C382880, 0x0ACE3205,
0xAAC9548A, 0xECA1D7C7, 0x041AFA32, 0x1D16625A,
0x6701902C, 0x9B757A54, 0x31D477F7, 0x9126B031,
0x36CC6FDB, 0xC70B8B46, 0xD9E66A48, 0x56E55A79,
0x026A4CEB, 0x52437EFF, 0x2F8F76B4, 0x0DF980A5,
0x8674CDE3, 0xEDDA04EB, 0x17A9BE04, 0x2C18F4DF,
0xB7747F9D, 0xAB2AF7B4, 0xEFC34D20, 0x2E096B7C,
0x1741A254, 0xE5B6A035, 0x213D42F6, 0x2C1C7C26,
0x61C2F50F, 0x6552DAF9, 0xD2C231F8, 0x25130F69,
0xD8167FA2, 0x0418F2C8, 0x001A96A6, 0x0D1526AB,
0x63315C21, 0x5E0A72EC, 0x49BAFEFD, 0x187908D9,
0x8D0DBD86, 0x311170A7, 0x3E9B640C, 0xCC3E10D7,
0xD5CAD3B6, 0x0CAEC388, 0xF73001E1, 0x6C728AFF,
0x71EAE2A1, 0x1F9AF36E, 0xCFCBD12F, 0xC1DE8417,
0xAC07BE6B, 0xCB44A1D8, 0x8B9B0F56, 0x013988C3,
0xB1C52FCA, 0xB4BE31CD, 0xD8782806, 0x12A3A4E2,
0x6F7DE532, 0x58FD7EB6, 0xD01EE900, 0x24ADFFC2,
0xF4990FC5, 0x9711AAC5, 0x001D7B95, 0x82E5E7D2,
0x109873F6, 0x00613096, 0xC32D9521, 0xADA121FF,
0x29908415, 0x7FBB977F, 0xAF9EB3DB, 0x29C9ED2A,
0x5CE2A465, 0xA730F32C, 0xD0AA3FE8, 0x8A5CC091,
0xD49E2CE7, 0x0CE454A9, 0xD60ACD86, 0x015F1919,
0x77079103, 0xDEA03AF6, 0x78A8565E, 0xDEE356DF,
0x21F05CBE, 0x8B75E387, 0xB3C50651, 0xB8A5C3EF,
0xD8EEB6D2, 0xE523BE77, 0xC2154529, 0x2F69EFDF,
0xAFE67AFB, 0xF470C4B2, 0xF3E0EB5B, 0xD6CC9876,
0x39E4460C, 0x1FDA8538, 0x1987832F, 0xCA007367,
0xA99144F8, 0x296B299E, 0x492FC295, 0x9266BEAB,
0xB5676E69, 0x9BD3DDDA, 0xDF7E052F, 0xDB25701C,
0x1B5E51EE, 0xF65324E6, 0x6AFCE36C, 0x0316CC04,
0x8644213E, 0xB7DC59D0, 0x7965291F, 0xCCD6FD43,
0x41823979, 0x932BCDF6, 0xB657C34D, 0x4EDFD282,
0x7AE5290C, 0x3CB9536B, 0x851E20FE, 0x9833557E,
0x13ECF0B0, 0xD3FFB372, 0x3F85C5C1, 0x0AEF7ED2
};
static const uint32_t cast_sbox5[256] = {
0x7EC90C04, 0x2C6E74B9, 0x9B0E66DF, 0xA6337911,
0xB86A7FFF, 0x1DD358F5, 0x44DD9D44, 0x1731167F,
0x08FBF1FA, 0xE7F511CC, 0xD2051B00, 0x735ABA00,
0x2AB722D8, 0x386381CB, 0xACF6243A, 0x69BEFD7A,
0xE6A2E77F, 0xF0C720CD, 0xC4494816, 0xCCF5C180,
0x38851640, 0x15B0A848, 0xE68B18CB, 0x4CAADEFF,
0x5F480A01, 0x0412B2AA, 0x259814FC, 0x41D0EFE2,
0x4E40B48D, 0x248EB6FB, 0x8DBA1CFE, 0x41A99B02,
0x1A550A04, 0xBA8F65CB, 0x7251F4E7, 0x95A51725,
0xC106ECD7, 0x97A5980A, 0xC539B9AA, 0x4D79FE6A,
0xF2F3F763, 0x68AF8040, 0xED0C9E56, 0x11B4958B,
0xE1EB5A88, 0x8709E6B0, 0xD7E07156, 0x4E29FEA7,
0x6366E52D, 0x02D1C000, 0xC4AC8E05, 0x9377F571,
0x0C05372A, 0x578535F2, 0x2261BE02, 0xD642A0C9,
0xDF13A280, 0x74B55BD2, 0x682199C0, 0xD421E5EC,
0x53FB3CE8, 0xC8ADEDB3, 0x28A87FC9, 0x3D959981,
0x5C1FF900, 0xFE38D399, 0x0C4EFF0B, 0x062407EA,
0xAA2F4FB1, 0x4FB96976, 0x90C79505, 0xB0A8A774,
0xEF55A1FF, 0xE59CA2C2, 0xA6B62D27, 0xE66A4263,
0xDF65001F, 0x0EC50966, 0xDFDD55BC, 0x29DE0655,
0x911E739A, 0x17AF8975, 0x32C7911C, 0x89F89468,
0x0D01E980, 0x524755F4, 0x03B63CC9, 0x0CC844B2,
0xBCF3F0AA, 0x87AC36E9, 0xE53A7426, 0x01B3D82B,
0x1A9E7449, 0x64EE2D7E, 0xCDDBB1DA, 0x01C94910,
0xB868BF80, 0x0D26F3FD, 0x9342EDE7, 0x04A5C284,
0x636737B6, 0x50F5B616, 0xF24766E3, 0x8ECA36C1,
0x136E05DB, 0xFEF18391, 0xFB887A37, 0xD6E7F7D4,
0xC7FB7DC9, 0x3063FCDF, 0xB6F589DE, 0xEC2941DA,
0x26E46695, 0xB7566419, 0xF654EFC5, 0xD08D58B7,
0x48925401, 0xC1BACB7F, 0xE5FF550F, 0xB6083049,
0x5BB5D0E8, 0x87D72E5A, 0xAB6A6EE1, 0x223A66CE,
0xC62BF3CD, 0x9E0885F9, 0x68CB3E47, 0x086C010F,
0xA21DE820, 0xD18B69DE, 0xF3F65777, 0xFA02C3F6,
0x407EDAC3, 0xCBB3D550, 0x1793084D, 0xB0D70EBA,
0x0AB378D5, 0xD951FB0C, 0xDED7DA56, 0x4124BBE4,
0x94CA0B56, 0x0F5755D1, 0xE0E1E56E, 0x6184B5BE,
0x580A249F, 0x94F74BC0, 0xE327888E, 0x9F7B5561,
0xC3DC0280, 0x05687715, 0x646C6BD7, 0x44904DB3,
0x66B4F0A3, 0xC0F1648A, 0x697ED5AF, 0x49E92FF6,
0x309E374F, 0x2CB6356A, 0x85808573, 0x4991F840,
0x76F0AE02, 0x083BE84D, 0x28421C9A, 0x44489406,
0x736E4CB8, 0xC1092910, 0x8BC95FC6, 0x7D869CF4,
0x134F616F, 0x2E77118D, 0xB31B2BE1, 0xAA90B472,
0x3CA5D717, 0x7D161BBA, 0x9CAD9010, 0xAF462BA2,
0x9FE459D2, 0x45D34559, 0xD9F2DA13, 0xDBC65487,
0xF3E4F94E, 0x176D486F, 0x097C13EA, 0x631DA5C7,
0x445F7382, 0x175683F4, 0xCDC66A97, 0x70BE0288,
0xB3CDCF72, 0x6E5DD2F3, 0x20936079, 0x459B80A5,
0xBE60E2DB, 0xA9C23101, 0xEBA5315C, 0x224E42F2,
0x1C5C1572, 0xF6721B2C, 0x1AD2FFF3, 0x8C25404E,
0x324ED72F, 0x4067B7FD, 0x0523138E, 0x5CA3BC78,
0xDC0FD66E, 0x75922283, 0x784D6B17, 0x58EBB16E,
0x44094F85, 0x3F481D87, 0xFCFEAE7B, 0x77B5FF76,
0x8C2302BF, 0xAAF47556, 0x5F46B02A, 0x2B092801,
0x3D38F5F7, 0x0CA81F36, 0x52AF4A8A, 0x66D5E7C0,
0xDF3B0874, 0x95055110, 0x1B5AD7A8, 0xF61ED5AD,
0x6CF6E479, 0x20758184, 0xD0CEFA65, 0x88F7BE58,
0x4A046826, 0x0FF6F8F3, 0xA09C7F70, 0x5346ABA0,
0x5CE96C28, 0xE176EDA3, 0x6BAC307F, 0x376829D2,
0x85360FA9, 0x17E3FE2A, 0x24B79767, 0xF5A96B20,
0xD6CD2595, 0x68FF1EBF, 0x7555442C, 0xF19F06BE,
0xF9E0659A, 0xEEB9491D, 0x34010718, 0xBB30CAB8,
0xE822FE15, 0x88570983, 0x750E6249, 0xDA627E55,
0x5E76FFA8, 0xB1534546, 0x6D47DE08, 0xEFE9E7D4
};
static const uint32_t cast_sbox6[256] = {
0xF6FA8F9D, 0x2CAC6CE1, 0x4CA34867, 0xE2337F7C,
0x95DB08E7, 0x016843B4, 0xECED5CBC, 0x325553AC,
0xBF9F0960, 0xDFA1E2ED, 0x83F0579D, 0x63ED86B9,
0x1AB6A6B8, 0xDE5EBE39, 0xF38FF732, 0x8989B138,
0x33F14961, 0xC01937BD, 0xF506C6DA, 0xE4625E7E,
0xA308EA99, 0x4E23E33C, 0x79CBD7CC, 0x48A14367,
0xA3149619, 0xFEC94BD5, 0xA114174A, 0xEAA01866,
0xA084DB2D, 0x09A8486F, 0xA888614A, 0x2900AF98,
0x01665991, 0xE1992863, 0xC8F30C60, 0x2E78EF3C,
0xD0D51932, 0xCF0FEC14, 0xF7CA07D2, 0xD0A82072,
0xFD41197E, 0x9305A6B0, 0xE86BE3DA, 0x74BED3CD,
0x372DA53C, 0x4C7F4448, 0xDAB5D440, 0x6DBA0EC3,
0x083919A7, 0x9FBAEED9, 0x49DBCFB0, 0x4E670C53,
0x5C3D9C01, 0x64BDB941, 0x2C0E636A, 0xBA7DD9CD,
0xEA6F7388, 0xE70BC762, 0x35F29ADB, 0x5C4CDD8D,
0xF0D48D8C, 0xB88153E2, 0x08A19866, 0x1AE2EAC8,
0x284CAF89, 0xAA928223, 0x9334BE53, 0x3B3A21BF,
0x16434BE3, 0x9AEA3906, 0xEFE8C36E, 0xF890CDD9,
0x80226DAE, 0xC340A4A3, 0xDF7E9C09, 0xA694A807,
0x5B7C5ECC, 0x221DB3A6, 0x9A69A02F, 0x68818A54,
0xCEB2296F, 0x53C0843A, 0xFE893655, 0x25BFE68A,
0xB4628ABC, 0xCF222EBF, 0x25AC6F48, 0xA9A99387,
0x53BDDB65, 0xE76FFBE7, 0xE967FD78, 0x0BA93563,
0x8E342BC1, 0xE8A11BE9, 0x4980740D, 0xC8087DFC,
0x8DE4BF99, 0xA11101A0, 0x7FD37975, 0xDA5A26C0,
0xE81F994F, 0x9528CD89, 0xFD339FED, 0xB87834BF,
0x5F04456D, 0x22258698, 0xC9C4C83B, 0x2DC156BE,
0x4F628DAA, 0x57F55EC5, 0xE2220ABE, 0xD2916EBF,
0x4EC75B95, 0x24F2C3C0, 0x42D15D99, 0xCD0D7FA0,
0x7B6E27FF, 0xA8DC8AF0, 0x7345C106, 0xF41E232F,
0x35162386, 0xE6EA8926, 0x3333B094, 0x157EC6F2,
0x372B74AF, 0x692573E4, 0xE9A9D848, 0xF3160289,
0x3A62EF1D, 0xA787E238, 0xF3A5F676, 0x74364853,
0x20951063, 0x4576698D, 0xB6FAD407, 0x592AF950,
0x36F73523, 0x4CFB6E87, 0x7DA4CEC0, 0x6C152DAA,
0xCB0396A8, 0xC50DFE5D, 0xFCD707AB, 0x0921C42F,
0x89DFF0BB, 0x5FE2BE78, 0x448F4F33, 0x754613C9,
0x2B05D08D, 0x48B9D585, 0xDC049441, 0xC8098F9B,
0x7DEDE786, 0xC39A3373, 0x42410005, 0x6A091751,
0x0EF3C8A6, 0x890072D6, 0x28207682, 0xA9A9F7BE,
0xBF32679D, 0xD45B5B75, 0xB353FD00, 0xCBB0E358,
0x830F220A, 0x1F8FB214, 0xD372CF08, 0xCC3C4A13,
0x8CF63166, 0x061C87BE, 0x88C98F88, 0x6062E397,
0x47CF8E7A, 0xB6C85283, 0x3CC2ACFB, 0x3FC06976,
0x4E8F0252, 0x64D8314D, 0xDA3870E3, 0x1E665459,
0xC10908F0, 0x513021A5, 0x6C5B68B7, 0x822F8AA0,
0x3007CD3E, 0x74719EEF, 0xDC872681, 0x073340D4,
0x7E432FD9, 0x0C5EC241, 0x8809286C, 0xF592D891,
0x08A930F6, 0x957EF305, 0xB7FBFFBD, 0xC266E96F,
0x6FE4AC98, 0xB173ECC0, 0xBC60B42A, 0x953498DA,
0xFBA1AE12, 0x2D4BD736, 0x0F25FAAB, 0xA4F3FCEB,
0xE2969123, 0x257F0C3D, 0x9348AF49, 0x361400BC,
0xE8816F4A, 0x3814F200, 0xA3F94043, 0x9C7A54C2,
0xBC704F57, 0xDA41E7F9, 0xC25AD33A, 0x54F4A084,
0xB17F5505, 0x59357CBE, 0xEDBD15C8, 0x7F97C5AB,
0xBA5AC7B5, 0xB6F6DEAF, 0x3A479C3A, 0x5302DA25,
0x653D7E6A, 0x54268D49, 0x51A477EA, 0x5017D55B,
0xD7D25D88, 0x44136C76, 0x0404A8C8, 0xB8E5A121,
0xB81A928A, 0x60ED5869, 0x97C55B96, 0xEAEC991B,
0x29935913, 0x01FDB7F1, 0x088E8DFA, 0x9AB6F6F5,
0x3B4CBF9F, 0x4A5DE3AB, 0xE6051D35, 0xA0E1D855,
0xD36B4CF1, 0xF544EDEB, 0xB0E93524, 0xBEBB8FBD,
0xA2D762CF, 0x49C92F54, 0x38B5F331, 0x7128A454,
0x48392905, 0xA65B1DB8, 0x851C97BD, 0xD675CF2F
};
static const uint32_t cast_sbox7[256] = {
0x85E04019, 0x332BF567, 0x662DBFFF, 0xCFC65693,
0x2A8D7F6F, 0xAB9BC912, 0xDE6008A1, 0x2028DA1F,
0x0227BCE7, 0x4D642916, 0x18FAC300, 0x50F18B82,
0x2CB2CB11, 0xB232E75C, 0x4B3695F2, 0xB28707DE,
0xA05FBCF6, 0xCD4181E9, 0xE150210C, 0xE24EF1BD,
0xB168C381, 0xFDE4E789, 0x5C79B0D8, 0x1E8BFD43,
0x4D495001, 0x38BE4341, 0x913CEE1D, 0x92A79C3F,
0x089766BE, 0xBAEEADF4, 0x1286BECF, 0xB6EACB19,
0x2660C200, 0x7565BDE4, 0x64241F7A, 0x8248DCA9,
0xC3B3AD66, 0x28136086, 0x0BD8DFA8, 0x356D1CF2,
0x107789BE, 0xB3B2E9CE, 0x0502AA8F, 0x0BC0351E,
0x166BF52A, 0xEB12FF82, 0xE3486911, 0xD34D7516,
0x4E7B3AFF, 0x5F43671B, 0x9CF6E037, 0x4981AC83,
0x334266CE, 0x8C9341B7, 0xD0D854C0, 0xCB3A6C88,
0x47BC2829, 0x4725BA37, 0xA66AD22B, 0x7AD61F1E,
0x0C5CBAFA, 0x4437F107, 0xB6E79962, 0x42D2D816,
0x0A961288, 0xE1A5C06E, 0x13749E67, 0x72FC081A,
0xB1D139F7, 0xF9583745, 0xCF19DF58, 0xBEC3F756,
0xC06EBA30, 0x07211B24, 0x45C28829, 0xC95E317F,
0xBC8EC511, 0x38BC46E9, 0xC6E6FA14, 0xBAE8584A,
0xAD4EBC46, 0x468F508B, 0x7829435F, 0xF124183B,
0x821DBA9F, 0xAFF60FF4, 0xEA2C4E6D, 0x16E39264,
0x92544A8B, 0x009B4FC3, 0xABA68CED, 0x9AC96F78,
0x06A5B79A, 0xB2856E6E, 0x1AEC3CA9, 0xBE838688,
0x0E0804E9, 0x55F1BE56, 0xE7E5363B, 0xB3A1F25D,
0xF7DEBB85, 0x61FE033C, 0x16746233, 0x3C034C28,
0xDA6D0C74, 0x79AAC56C, 0x3CE4E1AD, 0x51F0C802,
0x98F8F35A, 0x1626A49F, 0xEED82B29, 0x1D382FE3,
0x0C4FB99A, 0xBB325778, 0x3EC6D97B, 0x6E77A6A9,
0xCB658B5C, 0xD45230C7, 0x2BD1408B, 0x60C03EB7,
0xB9068D78, 0xA33754F4, 0xF430C87D, 0xC8A71302,
0xB96D8C32, 0xEBD4E7BE, 0xBE8B9D2D, 0x7979FB06,
0xE7225308, 0x8B75CF77, 0x11EF8DA4, 0xE083C858,
0x8D6B786F, 0x5A6317A6, 0xFA5CF7A0, 0x5DDA0033,
0xF28EBFB0, 0xF5B9C310, 0xA0EAC280, 0x08B9767A,
0xA3D9D2B0, 0x79D34217, 0x021A718D, 0x9AC6336A,
0x2711FD60, 0x438050E3, 0x069908A8, 0x3D7FEDC4,
0x826D2BEF, 0x4EEB8476, 0x488DCF25, 0x36C9D566,
0x28E74E41, 0xC2610ACA, 0x3D49A9CF, 0xBAE3B9DF,
0xB65F8DE6, 0x92AEAF64, 0x3AC7D5E6, 0x9EA80509,
0xF22B017D, 0xA4173F70, 0xDD1E16C3, 0x15E0D7F9,
0x50B1B887, 0x2B9F4FD5, 0x625ABA82, 0x6A017962,
0x2EC01B9C, 0x15488AA9, 0xD716E740, 0x40055A2C,
0x93D29A22, 0xE32DBF9A, 0x058745B9, 0x3453DC1E,
0xD699296E, 0x496CFF6F, 0x1C9F4986, 0xDFE2ED07,
0xB87242D1, 0x19DE7EAE, 0x053E561A, 0x15AD6F8C,
0x66626C1C, 0x7154C24C, 0xEA082B2A, 0x93EB2939,
0x17DCB0F0, 0x58D4F2AE, 0x9EA294FB, 0x52CF564C,
0x9883FE66, 0x2EC40581, 0x763953C3, 0x01D6692E,
0xD3A0C108, 0xA1E7160E, 0xE4F2DFA6, 0x693ED285,
0x74904698, 0x4C2B0EDD, 0x4F757656, 0x5D393378,
0xA132234F, 0x3D321C5D, 0xC3F5E194, 0x4B269301,
0xC79F022F, 0x3C997E7E, 0x5E4F9504, 0x3FFAFBBD,
0x76F7AD0E, 0x296693F4, 0x3D1FCE6F, 0xC61E45BE,
0xD3B5AB34, 0xF72BF9B7, 0x1B0434C0, 0x4E72B567,
0x5592A33D, 0xB5229301, 0xCFD2A87F, 0x60AEB767,
0x1814386B, 0x30BCC33D, 0x38A0C07D, 0xFD1606F2,
0xC363519B, 0x589DD390, 0x5479F8E6, 0x1CB8D647,
0x97FD61A9, 0xEA7759F4, 0x2D57539D, 0x569A58CF,
0xE84E63AD, 0x462E1B78, 0x6580F87E, 0xF3817914,
0x91DA55F4, 0x40A230F3, 0xD1988F35, 0xB6E318D2,
0x3FFA50BC, 0x3D40F021, 0xC3C0BDAE, 0x4958C24C,
0x518F36B2, 0x84B1D370, 0x0FEDCE83, 0x878DDADA,
0xF2A279C7, 0x94E01BE8, 0x90716F4B, 0x954B8AA3
};
static const uint32_t cast_sbox8[256] = {
0xE216300D, 0xBBDDFFFC, 0xA7EBDABD, 0x35648095,
0x7789F8B7, 0xE6C1121B, 0x0E241600, 0x052CE8B5,
0x11A9CFB0, 0xE5952F11, 0xECE7990A, 0x9386D174,
0x2A42931C, 0x76E38111, 0xB12DEF3A, 0x37DDDDFC,
0xDE9ADEB1, 0x0A0CC32C, 0xBE197029, 0x84A00940,
0xBB243A0F, 0xB4D137CF, 0xB44E79F0, 0x049EEDFD,
0x0B15A15D, 0x480D3168, 0x8BBBDE5A, 0x669DED42,
0xC7ECE831, 0x3F8F95E7, 0x72DF191B, 0x7580330D,
0x94074251, 0x5C7DCDFA, 0xABBE6D63, 0xAA402164,
0xB301D40A, 0x02E7D1CA, 0x53571DAE, 0x7A3182A2,
0x12A8DDEC, 0xFDAA335D, 0x176F43E8, 0x71FB46D4,
0x38129022, 0xCE949AD4, 0xB84769AD, 0x965BD862,
0x82F3D055, 0x66FB9767, 0x15B80B4E, 0x1D5B47A0,
0x4CFDE06F, 0xC28EC4B8, 0x57E8726E, 0x647A78FC,
0x99865D44, 0x608BD593, 0x6C200E03, 0x39DC5FF6,
0x5D0B00A3, 0xAE63AFF2, 0x7E8BD632, 0x70108C0C,
0xBBD35049, 0x2998DF04, 0x980CF42A, 0x9B6DF491,
0x9E7EDD53, 0x06918548, 0x58CB7E07, 0x3B74EF2E,
0x522FFFB1, 0xD24708CC, 0x1C7E27CD, 0xA4EB215B,
0x3CF1D2E2, 0x19B47A38, 0x424F7618, 0x35856039,
0x9D17DEE7, 0x27EB35E6, 0xC9AFF67B, 0x36BAF5B8,
0x09C467CD, 0xC18910B1, 0xE11DBF7B, 0x06CD1AF8,
0x7170C608, 0x2D5E3354, 0xD4DE495A, 0x64C6D006,
0xBCC0C62C, 0x3DD00DB3, 0x708F8F34, 0x77D51B42,
0x264F620F, 0x24B8D2BF, 0x15C1B79E, 0x46A52564,
0xF8D7E54E, 0x3E378160, 0x7895CDA5, 0x859C15A5,
0xE6459788, 0xC37BC75F, 0xDB07BA0C, 0x0676A3AB,
0x7F229B1E, 0x31842E7B, 0x24259FD7, 0xF8BEF472,
0x835FFCB8, 0x6DF4C1F2, 0x96F5B195, 0xFD0AF0FC,
0xB0FE134C, 0xE2506D3D, 0x4F9B12EA, 0xF215F225,
0xA223736F, 0x9FB4C428, 0x25D04979, 0x34C713F8,
0xC4618187, 0xEA7A6E98, 0x7CD16EFC, 0x1436876C,
0xF1544107, 0xBEDEEE14, 0x56E9AF27, 0xA04AA441,
0x3CF7C899, 0x92ECBAE6, 0xDD67016D, 0x151682EB,
0xA842EEDF, 0xFDBA60B4, 0xF1907B75, 0x20E3030F,
0x24D8C29E, 0xE139673B, 0xEFA63FB8, 0x71873054,
0xB6F2CF3B, 0x9F326442, 0xCB15A4CC, 0xB01A4504,
0xF1E47D8D, 0x844A1BE5, 0xBAE7DFDC, 0x42CBDA70,
0xCD7DAE0A, 0x57E85B7A, 0xD53F5AF6, 0x20CF4D8C,
0xCEA4D428, 0x79D130A4, 0x3486EBFB, 0x33D3CDDC,
0x77853B53, 0x37EFFCB5, 0xC5068778, 0xE580B3E6,
0x4E68B8F4, 0xC5C8B37E, 0x0D809EA2, 0x398FEB7C,
0x132A4F94, 0x43B7950E, 0x2FEE7D1C, 0x223613BD,
0xDD06CAA2, 0x37DF932B, 0xC4248289, 0xACF3EBC3,
0x5715F6B7, 0xEF3478DD, 0xF267616F, 0xC148CBE4,
0x9052815E, 0x5E410FAB, 0xB48A2465, 0x2EDA7FA4,
0xE87B40E4, 0xE98EA084, 0x5889E9E1, 0xEFD390FC,
0xDD07D35B, 0xDB485694, 0x38D7E5B2, 0x57720101,
0x730EDEBC, 0x5B643113, 0x94917E4F, 0x503C2FBA,
0x646F1282, 0x7523D24A, 0xE0779695, 0xF9C17A8F,
0x7A5B2121, 0xD187B896, 0x29263A4D, 0xBA510CDF,
0x81F47C9F, 0xAD1163ED, 0xEA7B5965, 0x1A00726E,
0x11403092, 0x00DA6D77, 0x4A0CDD61, 0xAD1F4603,
0x605BDFB0, 0x9EEDC364, 0x22EBE6A8, 0xCEE7D28A,
0xA0E736A0, 0x5564A6B9, 0x10853209, 0xC7EB8F37,
0x2DE705CA, 0x8951570F, 0xDF09822B, 0xBD691A6C,
0xAA12E4F2, 0x87451C0F, 0xE0F6A27A, 0x3ADA4819,
0x4CF1764F, 0x0D771C2B, 0x67CDB156, 0x350D8384,
0x5938FA0F, 0x42399EF3, 0x36997B07, 0x0E84093D,
0x4AA93E61, 0x8360D87B, 0x1FA98B0C, 0x1149382C,
0xE97625A5, 0x0614D1B7, 0x0E25244B, 0x0C768347,
0x589E8D82, 0x0D2059D1, 0xA466BB1E, 0xF8DA0A82,
0x04F19130, 0xBA6E4EC0, 0x99265164, 0x1EE7230D,
0x50B2AD80, 0xEAEE6801, 0x8DB2A283, 0xEA8BF59E
};

63
lsh/src/nettle/config.h.in Normal file
View File

@ -0,0 +1,63 @@
/* config.h.in. Generated automatically from configure.in by autoheader. */
/* Define if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* Define if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define if you have the `memxor' function. */
#undef HAVE_MEMXOR
/* Define if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
/* Define if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
/* Define if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Name of package */
#undef PACKAGE
/* The size of a `int', as computed by sizeof. */
#undef SIZEOF_INT
/* The size of a `long', as computed by sizeof. */
#undef SIZEOF_LONG
/* The size of a `short', as computed by sizeof. */
#undef SIZEOF_SHORT
/* Define if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Define if you can safely include both <sys/time.h> and <time.h>. */
#undef TIME_WITH_SYS_TIME
/* Version number of package */
#undef VERSION
/* Define if your processor stores words with the most significant byte first
(like Motorola and SPARC, unlike Intel and VAX). */
#undef WORDS_BIGENDIAN
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
/* Define to `int' if <sys/types.h> doesn't define. */
#undef gid_t
/* Define as `__inline' if that's what the C compiler calls it, or to nothing
if it is not supported. */
#undef inline
/* Define to `unsigned' if <sys/types.h> does not define. */
#undef size_t
/* Define to `int' if <sys/types.h> doesn't define. */
#undef uid_t

4648
lsh/src/nettle/configure vendored Normal file
View File

File diff suppressed because it is too large Load Diff

53
lsh/src/nettle/configure.in Normal file
View File

@ -0,0 +1,53 @@
dnl -*- mode: shell-script; sh-indentation: 2; -*-
dnl $Id$
dnl Process this file with autoconf to produce a configure script.
AC_INIT(arcfour.c)
AM_INIT_AUTOMAKE(libnettle, 0.2)
AM_CONFIG_HEADER(config.h)
dnl Checks for programs.
AC_PROG_CC
AC_PROG_MAKE_SET
AC_PROG_RANLIB
AM_PROG_CC_STDC
if test "x$am_cv_prog_cc_stdc" = xno ; then
AC_ERROR([the C compiler doesn't handle ANSI-C])
fi
AC_PATH_PROG(M4, m4, m4)
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_C_INLINE
AC_TYPE_UID_T
AC_TYPE_SIZE_T
AC_HEADER_TIME
dnl Needed by the supplied memcmp.c
AC_C_BIGENDIAN
AC_CHECK_SIZEOF(short, 2)
AC_CHECK_SIZEOF(int, 4)
AC_CHECK_SIZEOF(long, 4)
AC_REPLACE_FUNCS(memxor)
# Set these flags *last*, or else the test programs won't compile
if test x$GCC = xyes ; then
CFLAGS="$CFLAGS -ggdb3 -Wall -W \
-Wmissing-prototypes -Wmissing-declarations -Wstrict-prototypes \
-Waggregate-return \
-Wpointer-arith -Wbad-function-cast -Wnested-externs"
# Don't enable -Wcast-align as it results in tons of warnings in the
# DES code. And when using stdio.
fi
AC_OUTPUT(Makefile testsuite/Makefile)

238
lsh/src/nettle/des.c Normal file
View File

@ -0,0 +1,238 @@
/* des.c
*
* The des block cipher.
*
* $Id$
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*/
#include "des.h"
#include "desCode.h"
#include <assert.h>
static ENCRYPT(DesSmallFipsEncrypt,TEMPSMALL, LOADFIPS,KEYMAPSMALL,SAVEFIPS)
static DECRYPT(DesSmallFipsDecrypt,TEMPSMALL, LOADFIPS,KEYMAPSMALL,SAVEFIPS)
/* various tables */
uint32_t des_keymap[] = {
#include "keymap.h"
};
static uint8_t rotors[] = {
#include "rotors.h"
};
static char parity[] = {
#include "parity.h"
};
int
des_set_key(struct des_ctx *ctx, const uint8_t *key)
{
register uint32_t n, w;
register char * b0, * b1;
char bits0[56], bits1[56];
uint32_t *method;
uint8_t *k;
/* check for bad parity and weak keys */
b0 = parity;
n = b0[key[0]]; n <<= 4;
n |= b0[key[1]]; n <<= 4;
n |= b0[key[2]]; n <<= 4;
n |= b0[key[3]]; n <<= 4;
n |= b0[key[4]]; n <<= 4;
n |= b0[key[5]]; n <<= 4;
n |= b0[key[6]]; n <<= 4;
n |= b0[key[7]];
w = 0x88888888l;
/* report bad parity in key */
if ( n & w )
{
ctx->status = DES_BAD_PARITY;
return 0;
}
ctx->status = DES_WEAK_KEY;
/* report a weak or semi-weak key */
if ( !((n - (w >> 3)) & w) ) { /* 1 in 10^10 keys passes this test */
if ( n < 0X41415151 ) {
if ( n < 0X31312121 ) {
if ( n < 0X14141515 ) {
/* 01 01 01 01 01 01 01 01 */
if ( n == 0X11111111 ) return 0;
/* 01 1F 01 1F 01 0E 01 0E */
if ( n == 0X13131212 ) return 0;
} else {
/* 01 E0 01 E0 01 F1 01 F1 */
if ( n == 0X14141515 ) return 0;
/* 01 FE 01 FE 01 FE 01 FE */
if ( n == 0X16161616 ) return 0;
}
} else {
if ( n < 0X34342525 ) {
/* 1F 01 1F 01 0E 01 0E 01 */
if ( n == 0X31312121 ) return 0;
/* 1F 1F 1F 1F 0E 0E 0E 0E */ /* ? */
if ( n == 0X33332222 ) return 0;;
} else {
/* 1F E0 1F E0 0E F1 0E F1 */
if ( n == 0X34342525 ) return 0;;
/* 1F FE 1F FE 0E FE 0E FE */
if ( n == 0X36362626 ) return 0;;
}
}
} else {
if ( n < 0X61616161 ) {
if ( n < 0X44445555 ) {
/* E0 01 E0 01 F1 01 F1 01 */
if ( n == 0X41415151 ) return 0;
/* E0 1F E0 1F F1 0E F1 0E */
if ( n == 0X43435252 ) return 0;
} else {
/* E0 E0 E0 E0 F1 F1 F1 F1 */ /* ? */
if ( n == 0X44445555 ) return 0;
/* E0 FE E0 FE F1 FE F1 FE */
if ( n == 0X46465656 ) return 0;
}
} else {
if ( n < 0X64646565 ) {
/* FE 01 FE 01 FE 01 FE 01 */
if ( n == 0X61616161 ) return 0;
/* FE 1F FE 1F FE 0E FE 0E */
if ( n == 0X63636262 ) return 0;
} else {
/* FE E0 FE E0 FE F1 FE F1 */
if ( n == 0X64646565 ) return 0;
/* FE FE FE FE FE FE FE FE */
if ( n == 0X66666666 ) return 0;
}
}
}
}
/* key is ok */
ctx->status = DES_OK;
/* explode the bits */
n = 56;
b0 = bits0;
b1 = bits1;
do {
w = (256 | *key++) << 2;
do {
--n;
b1[n] = 8 & w;
w >>= 1;
b0[n] = 4 & w;
} while ( w >= 16 );
} while ( n );
/* put the bits in the correct places */
n = 16;
k = rotors;
method = ctx->key;
do {
w = (b1[k[ 0 ]] | b0[k[ 1 ]]) << 4;
w |= (b1[k[ 2 ]] | b0[k[ 3 ]]) << 2;
w |= b1[k[ 4 ]] | b0[k[ 5 ]];
w <<= 8;
w |= (b1[k[ 6 ]] | b0[k[ 7 ]]) << 4;
w |= (b1[k[ 8 ]] | b0[k[ 9 ]]) << 2;
w |= b1[k[10 ]] | b0[k[11 ]];
w <<= 8;
w |= (b1[k[12 ]] | b0[k[13 ]]) << 4;
w |= (b1[k[14 ]] | b0[k[15 ]]) << 2;
w |= b1[k[16 ]] | b0[k[17 ]];
w <<= 8;
w |= (b1[k[18 ]] | b0[k[19 ]]) << 4;
w |= (b1[k[20 ]] | b0[k[21 ]]) << 2;
w |= b1[k[22 ]] | b0[k[23 ]];
method[0] = w;
w = (b1[k[ 0+24]] | b0[k[ 1+24]]) << 4;
w |= (b1[k[ 2+24]] | b0[k[ 3+24]]) << 2;
w |= b1[k[ 4+24]] | b0[k[ 5+24]];
w <<= 8;
w |= (b1[k[ 6+24]] | b0[k[ 7+24]]) << 4;
w |= (b1[k[ 8+24]] | b0[k[ 9+24]]) << 2;
w |= b1[k[10+24]] | b0[k[11+24]];
w <<= 8;
w |= (b1[k[12+24]] | b0[k[13+24]]) << 4;
w |= (b1[k[14+24]] | b0[k[15+24]]) << 2;
w |= b1[k[16+24]] | b0[k[17+24]];
w <<= 8;
w |= (b1[k[18+24]] | b0[k[19+24]]) << 4;
w |= (b1[k[20+24]] | b0[k[21+24]]) << 2;
w |= b1[k[22+24]] | b0[k[23+24]];
ROR(w, 4, 28); /* could be eliminated */
method[1] = w;
k += 48;
method += 2;
} while ( --n );
return 1;
}
void
des_encrypt(struct des_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src)
{
assert(!(length % DES_BLOCK_SIZE));
assert(ctx->status == DES_OK);
while (length)
{
DesSmallFipsEncrypt(dst, ctx->key, src);
length -= DES_BLOCK_SIZE;
src += DES_BLOCK_SIZE;
dst += DES_BLOCK_SIZE;
}
}
void
des_decrypt(struct des_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src)
{
assert(!(length % DES_BLOCK_SIZE));
assert(ctx->status == DES_OK);
while (length)
{
DesSmallFipsDecrypt(dst, ctx->key, src);
length -= DES_BLOCK_SIZE;
src += DES_BLOCK_SIZE;
dst += DES_BLOCK_SIZE;
}
}

68
lsh/src/nettle/des.h Normal file
View File

@ -0,0 +1,68 @@
/* des.h
*
* The des block cipher.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 1992, 2001, Dana L. How, Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
/*
* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `../lib/descore.README' for the complete copyright
* notice.
*
* Slightly edited by Niels Möller, 1997
*/
#ifndef NETTLE_DES_H
#define NETTLE_DES_H
#include <inttypes.h>
#define DES_KEY_SIZE 8
#define DES_BLOCK_SIZE 8
/* Expanded key length */
#define _DES_KEY_LENGTH 32
enum des_error { DES_OK, DES_BAD_PARITY, DES_WEAK_KEY };
struct des_ctx
{
uint32_t key[_DES_KEY_LENGTH];
enum des_error status;
};
/* On success, returns 1 and sets ctx->status to DES_OK (zero). On
* error, returns 0 and sets ctx->status accordingly. */
int
des_set_key(struct des_ctx *ctx, const uint8_t *key);
void
des_encrypt(struct des_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
void
des_decrypt(struct des_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
#endif /* NETTLE_DES_H */

415
lsh/src/nettle/desCode.h Normal file
View File

@ -0,0 +1,415 @@
/* desCode.h
*
* $Id$ */
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*/
#include "des.h"
extern uint32_t des_keymap[];
extern uint32_t des_bigmap[];
/* optional customization:
* the idea here is to alter the code so it will still run correctly
* on any machine, but the quickest on the specific machine in mind.
* note that these silly tweaks can give you a 15%-20% speed improvement
* on the sparc -- it's probably even more significant on the 68000. */
/* take care of machines with incredibly few registers */
#if defined(i386)
#define REGISTER /* only x, y, z will be declared register */
#else
#define REGISTER register
#endif /* i386 */
/* is auto inc/dec faster than 7bit unsigned indexing? */
#if defined(vax) || defined(mc68000)
#define FIXR r += 32;
#define FIXS s += 8;
#define PREV(v,o) *--v
#define NEXT(v,o) *v++
#else
#define FIXR
#define FIXS
#define PREV(v,o) v[o]
#define NEXT(v,o) v[o]
#endif
/* if no machine type, default is indexing, 6 registers and cheap literals */
#if !defined(i386) && !defined(vax) && !defined(mc68000) && !defined(sparc)
#define vax
#endif
/* handle a compiler which can't reallocate registers */
/* The BYTE type is used as parameter for the encrypt/decrypt functions.
* It's pretty bad to have the function prototypes depend on
* a macro definition that the users of the function doesn't
* know about. /Niels */
#if 0 /* didn't feel like deleting */
#define SREGFREE ; s = (uint8_t *) D
#define DEST s
#define D m0
#define BYTE uint32_t
#else
#define SREGFREE
#define DEST d
#define D d
#define BYTE uint8_t
#endif
/* handle constants in the optimal way for 386 & vax */
/* 386: we declare 3 register variables (see above) and use 3 more variables;
* vax: we use 6 variables, all declared register;
* we assume address literals are cheap & unrestricted;
* we assume immediate constants are cheap & unrestricted. */
#if defined(i386) || defined(vax)
#define MQ0 des_bigmap
#define MQ1 (des_bigmap + 64)
#define MQ2 (des_bigmap + 128)
#define MQ3 (des_bigmap + 192)
#define HQ0(z) /* z |= 0x01000000L; */
#define HQ2(z) /* z |= 0x03000200L; */
#define LQ0(z) 0xFCFC & z
#define LQ1(z) 0xFCFC & z
#define LQ2(z) 0xFCFC & z
#define LQ3(z) 0xFCFC & z
#define SQ 16
#define MS0 des_keymap
#define MS1 (des_keymap + 64)
#define MS2 (des_keymap + 128)
#define MS3 (des_keymap + 192)
#define MS4 (des_keymap + 256)
#define MS5 (des_keymap + 320)
#define MS6 (des_keymap + 384)
#define MS7 (des_keymap + 448)
#define HS(z)
#define LS0(z) 0xFC & z
#define LS1(z) 0xFC & z
#define LS2(z) 0xFC & z
#define LS3(z) 0xFC & z
#define REGQUICK
#define SETQUICK
#define REGSMALL
#define SETSMALL
#endif /* defined(i386) || defined(vax) */
/* handle constants in the optimal way for mc68000 */
/* in addition to the core 6 variables, we declare 3 registers holding constants
* and 4 registers holding address literals.
* at most 6 data values and 5 address values are actively used at once.
* we assume address literals are so expensive we never use them;
* we assume constant index offsets > 127 are expensive, so they are not used.
* we assume all constants are expensive and put them in registers,
* including shift counts greater than 8. */
#if defined(mc68000)
#define MQ0 m0
#define MQ1 m1
#define MQ2 m2
#define MQ3 m3
#define HQ0(z)
#define HQ2(z)
#define LQ0(z) k0 & z
#define LQ1(z) k0 & z
#define LQ2(z) k0 & z
#define LQ3(z) k0 & z
#define SQ k1
#define MS0 m0
#define MS1 m0
#define MS2 m1
#define MS3 m1
#define MS4 m2
#define MS5 m2
#define MS6 m3
#define MS7 m3
#define HS(z) z |= k0;
#define LS0(z) k1 & z
#define LS1(z) k2 & z
#define LS2(z) k1 & z
#define LS3(z) k2 & z
#define REGQUICK \
register uint32_t k0, k1; \
register uint32_t *m0, *m1, *m2, *m3;
#define SETQUICK \
; k0 = 0xFCFC \
; k1 = 16 \
/*k2 = 28 to speed up ROL */ \
; m0 = des_bigmap \
; m1 = m0 + 64 \
; m2 = m1 + 64 \
; m3 = m2 + 64
#define REGSMALL \
register uint32_t k0, k1, k2; \
register uint32_t *m0, *m1, *m2, *m3;
#define SETSMALL \
; k0 = 0x01000100L \
; k1 = 0x0FC \
; k2 = 0x1FC \
; m0 = des_keymap \
; m1 = m0 + 128 \
; m2 = m1 + 128 \
; m3 = m2 + 128
#endif /* defined(mc68000) */
/* handle constants in the optimal way for sparc */
/* in addition to the core 6 variables, we either declare:
* 4 registers holding address literals and 1 register holding a constant, or
* 8 registers holding address literals.
* up to 14 register variables are declared (sparc has %i0-%i5, %l0-%l7).
* we assume address literals are so expensive we never use them;
* we assume any constant with >10 bits is expensive and put it in a register,
* and any other is cheap and is coded in-line. */
#if defined(sparc)
#define MQ0 m0
#define MQ1 m1
#define MQ2 m2
#define MQ3 m3
#define HQ0(z)
#define HQ2(z)
#define LQ0(z) k0 & z
#define LQ1(z) k0 & z
#define LQ2(z) k0 & z
#define LQ3(z) k0 & z
#define SQ 16
#define MS0 m0
#define MS1 m1
#define MS2 m2
#define MS3 m3
#define MS4 m4
#define MS5 m5
#define MS6 m6
#define MS7 m7
#define HS(z)
#define LS0(z) 0xFC & z
#define LS1(z) 0xFC & z
#define LS2(z) 0xFC & z
#define LS3(z) 0xFC & z
#define REGQUICK \
register uint32_t k0; \
register uint32_t *m0, *m1, *m2, *m3;
#define SETQUICK \
; k0 = 0xFCFC \
; m0 = des_bigmap \
; m1 = m0 + 64 \
; m2 = m1 + 64 \
; m3 = m2 + 64
#define REGSMALL \
register uint32_t *m0, *m1, *m2, *m3, *m4, *m5, *m6, *m7;
#define SETSMALL \
; m0 = des_keymap \
; m1 = m0 + 64 \
; m2 = m1 + 64 \
; m3 = m2 + 64 \
; m4 = m3 + 64 \
; m5 = m4 + 64 \
; m6 = m5 + 64 \
; m7 = m6 + 64
#endif /* defined(sparc) */
/* some basic stuff */
/* generate addresses from a base and an index */
/* FIXME: This is used only as *ADD(msi,lsi(z)) or *ADD(mqi,lqi(z)).
* Why not use plain indexing instead? /Niels */
#define ADD(b,x) (uint32_t *) ((uint8_t *)b + (x))
/* low level rotate operations */
#define NOP(d,c,o)
#define ROL(d,c,o) d = d << c | d >> o
#define ROR(d,c,o) d = d >> c | d << o
#define ROL1(d) ROL(d, 1, 31)
#define ROR1(d) ROR(d, 1, 31)
/* elementary swap for doing IP/FP */
#define SWAP(x,y,m,b) \
z = ((x >> b) ^ y) & m; \
x ^= z << b; \
y ^= z
/* the following macros contain all the important code fragments */
/* load input data, then setup special registers holding constants */
#define TEMPQUICK(LOAD) \
REGQUICK \
LOAD() \
SETQUICK
#define TEMPSMALL(LOAD) \
REGSMALL \
LOAD() \
SETSMALL
/* load data */
#define LOADDATA(x,y) \
FIXS \
y = PREV(s, 7); y<<= 8; \
y |= PREV(s, 6); y<<= 8; \
y |= PREV(s, 5); y<<= 8; \
y |= PREV(s, 4); \
x = PREV(s, 3); x<<= 8; \
x |= PREV(s, 2); x<<= 8; \
x |= PREV(s, 1); x<<= 8; \
x |= PREV(s, 0) \
SREGFREE
/* load data without initial permutation and put into efficient position */
#define LOADCORE() \
LOADDATA(x, y); \
ROR1(x); \
ROR1(y)
/* load data, do the initial permutation and put into efficient position */
#define LOADFIPS() \
LOADDATA(y, x); \
SWAP(x, y, 0x0F0F0F0FL, 004); \
SWAP(y, x, 0x0000FFFFL, 020); \
SWAP(x, y, 0x33333333L, 002); \
SWAP(y, x, 0x00FF00FFL, 010); \
ROR1(x); \
z = (x ^ y) & 0x55555555L; \
y ^= z; \
x ^= z; \
ROR1(y)
/* core encryption/decryption operations */
/* S box mapping and P perm */
#define KEYMAPSMALL(x,z,mq0,mq1,hq,lq0,lq1,sq,ms0,ms1,ms2,ms3,hs,ls0,ls1,ls2,ls3)\
hs(z) \
x ^= *ADD(ms3, ls3(z)); \
z>>= 8; \
x ^= *ADD(ms2, ls2(z)); \
z>>= 8; \
x ^= *ADD(ms1, ls1(z)); \
z>>= 8; \
x ^= *ADD(ms0, ls0(z))
/* alternate version: use 64k of tables */
#define KEYMAPQUICK(x,z,mq0,mq1,hq,lq0,lq1,sq,ms0,ms1,ms2,ms3,hs,ls0,ls1,ls2,ls3)\
hq(z) \
x ^= *ADD(mq0, lq0(z)); \
z>>= sq; \
x ^= *ADD(mq1, lq1(z))
/* apply 24 key bits and do the odd s boxes */
#define S7S1(x,y,z,r,m,KEYMAP,LOAD) \
z = LOAD(r, m); \
z ^= y; \
KEYMAP(x,z,MQ0,MQ1,HQ0,LQ0,LQ1,SQ,MS0,MS1,MS2,MS3,HS,LS0,LS1,LS2,LS3)
/* apply 24 key bits and do the even s boxes */
#define S6S0(x,y,z,r,m,KEYMAP,LOAD) \
z = LOAD(r, m); \
z ^= y; \
ROL(z, 4, 28); \
KEYMAP(x,z,MQ2,MQ3,HQ2,LQ2,LQ3,SQ,MS4,MS5,MS6,MS7,HS,LS0,LS1,LS2,LS3)
/* actual iterations. equivalent except for UPDATE & swapping m and n */
#define ENCR(x,y,z,r,m,n,KEYMAP) \
S7S1(x,y,z,r,m,KEYMAP,NEXT); \
S6S0(x,y,z,r,n,KEYMAP,NEXT)
#define DECR(x,y,z,r,m,n,KEYMAP) \
S6S0(x,y,z,r,m,KEYMAP,PREV); \
S7S1(x,y,z,r,n,KEYMAP,PREV)
/* write out result in correct byte order */
#define SAVEDATA(x,y) \
NEXT(DEST, 0) = x; x>>= 8; \
NEXT(DEST, 1) = x; x>>= 8; \
NEXT(DEST, 2) = x; x>>= 8; \
NEXT(DEST, 3) = x; \
NEXT(DEST, 4) = y; y>>= 8; \
NEXT(DEST, 5) = y; y>>= 8; \
NEXT(DEST, 6) = y; y>>= 8; \
NEXT(DEST, 7) = y
/* write out result */
#define SAVECORE() \
ROL1(x); \
ROL1(y); \
SAVEDATA(y, x)
/* do final permutation and write out result */
#define SAVEFIPS() \
ROL1(x); \
z = (x ^ y) & 0x55555555L; \
y ^= z; \
x ^= z; \
ROL1(y); \
SWAP(x, y, 0x00FF00FFL, 010); \
SWAP(y, x, 0x33333333L, 002); \
SWAP(x, y, 0x0000FFFFL, 020); \
SWAP(y, x, 0x0F0F0F0FL, 004); \
SAVEDATA(x, y)
/* the following macros contain the encryption/decryption skeletons */
#define ENCRYPT(NAME, TEMP, LOAD, KEYMAP, SAVE) \
\
void \
NAME(REGISTER BYTE *D, \
REGISTER const uint32_t *r, \
REGISTER const uint8_t *s) \
{ \
register uint32_t x, y, z; \
\
/* declare temps & load data */ \
TEMP(LOAD); \
\
/* do the 16 iterations */ \
ENCR(x,y,z,r, 0, 1,KEYMAP); \
ENCR(y,x,z,r, 2, 3,KEYMAP); \
ENCR(x,y,z,r, 4, 5,KEYMAP); \
ENCR(y,x,z,r, 6, 7,KEYMAP); \
ENCR(x,y,z,r, 8, 9,KEYMAP); \
ENCR(y,x,z,r,10,11,KEYMAP); \
ENCR(x,y,z,r,12,13,KEYMAP); \
ENCR(y,x,z,r,14,15,KEYMAP); \
ENCR(x,y,z,r,16,17,KEYMAP); \
ENCR(y,x,z,r,18,19,KEYMAP); \
ENCR(x,y,z,r,20,21,KEYMAP); \
ENCR(y,x,z,r,22,23,KEYMAP); \
ENCR(x,y,z,r,24,25,KEYMAP); \
ENCR(y,x,z,r,26,27,KEYMAP); \
ENCR(x,y,z,r,28,29,KEYMAP); \
ENCR(y,x,z,r,30,31,KEYMAP); \
\
/* save result */ \
SAVE(); \
\
return; \
}
#define DECRYPT(NAME, TEMP, LOAD, KEYMAP, SAVE) \
\
void \
NAME(REGISTER BYTE *D, \
REGISTER const uint32_t *r, \
REGISTER const uint8_t *s) \
{ \
register uint32_t x, y, z; \
\
/* declare temps & load data */ \
TEMP(LOAD); \
\
/* do the 16 iterations */ \
FIXR \
DECR(x,y,z,r,31,30,KEYMAP); \
DECR(y,x,z,r,29,28,KEYMAP); \
DECR(x,y,z,r,27,26,KEYMAP); \
DECR(y,x,z,r,25,24,KEYMAP); \
DECR(x,y,z,r,23,22,KEYMAP); \
DECR(y,x,z,r,21,20,KEYMAP); \
DECR(x,y,z,r,19,18,KEYMAP); \
DECR(y,x,z,r,17,16,KEYMAP); \
DECR(x,y,z,r,15,14,KEYMAP); \
DECR(y,x,z,r,13,12,KEYMAP); \
DECR(x,y,z,r,11,10,KEYMAP); \
DECR(y,x,z,r, 9, 8,KEYMAP); \
DECR(x,y,z,r, 7, 6,KEYMAP); \
DECR(y,x,z,r, 5, 4,KEYMAP); \
DECR(x,y,z,r, 3, 2,KEYMAP); \
DECR(y,x,z,r, 1, 0,KEYMAP); \
\
/* save result */ \
SAVE(); \
\
return; \
}

313
lsh/src/nettle/descore.README Normal file
View File

@ -0,0 +1,313 @@
des - fast & portable DES encryption & decryption.
Copyright (C) 1992 Dana L. How
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU Library General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Library General Public License for more details.
You should have received a copy of the GNU Library General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Author's address: how@isl.stanford.edu
$Id$
==>> To compile after untarring/unsharring, just `make' <<==
This package was designed with the following goals:
1. Highest possible encryption/decryption PERFORMANCE.
2. PORTABILITY to any byte-addressable machine with a 32bit unsigned C type
3. Plug-compatible replacement for KERBEROS's low-level routines.
performance comparison to other available des code which i could
compile on a SPARCStation 1 (cc -O4):
this code (byte-order independent):
30us per encryption (options: 64k tables, no IP/FP)
33us per encryption (options: 64k tables, FIPS standard bit ordering)
45us per encryption (options: 2k tables, no IP/FP)
49us per encryption (options: 2k tables, FIPS standard bit ordering)
275us to set a new key (uses 1k of key tables)
this has the quickest encryption/decryption routines i've seen.
since i was interested in fast des filters rather than crypt(3)
and password cracking, i haven't really bothered yet to speed up
the key setting routine. also, i have no interest in re-implementing
all the other junk in the mit kerberos des library, so i've just
provided my routines with little stub interfaces so they can be
used as drop-in replacements with mit's code or any of the mit-
compatible packages below. (note that the first two timings above
are highly variable because of cache effects).
kerberos des replacement from australia:
68us per encryption (uses 2k of tables)
96us to set a new key (uses 2.25k of key tables)
this is a very nice package which implements the most important
of the optimizations which i did in my encryption routines.
it's a bit weak on common low-level optimizations which is why
it's 39%-106% slower. because he was interested in fast crypt(3) and
password-cracking applications, he also used the same ideas to
speed up the key-setting routines with impressive results.
(at some point i may do the same in my package). he also implements
the rest of the mit des library.
(code from eay@psych.psy.uq.oz.au via comp.sources.misc)
fast crypt(3) package from denmark:
the des routine here is buried inside a loop to do the
crypt function and i didn't feel like ripping it out and measuring
performance. his code takes 26 sparc instructions to compute one
des iteration; above, Quick (64k) takes 21 and Small (2k) takes 37.
he claims to use 280k of tables but the iteration calculation seems
to use only 128k. his tables and code are machine independent.
(code from glad@daimi.aau.dk via alt.sources or comp.sources.misc)
swedish reimplementation of Kerberos des library
108us per encryption (uses 34k worth of tables)
134us to set a new key (uses 32k of key tables to get this speed!)
the tables used seem to be machine-independent;
he seems to have included a lot of special case code
so that, e.g., `long' loads can be used instead of 4 `char' loads
when the machine's architecture allows it.
(code obtained from chalmers.se:pub/des)
crack 3.3c package from england:
as in crypt above, the des routine is buried in a loop. it's
also very modified for crypt. his iteration code uses 16k
of tables and appears to be slow.
(code obtained from aem@aber.ac.uk via alt.sources or comp.sources.misc)
``highly optimized'' and tweaked Kerberos/Athena code (byte-order dependent):
165us per encryption (uses 6k worth of tables)
478us to set a new key (uses <1k of key tables)
so despite the comments in this code, it was possible to get
faster code AND smaller tables, as well as making the tables
machine-independent.
(code obtained from prep.ai.mit.edu)
UC Berkeley code (depends on machine-endedness):
226us per encryption
10848us to set a new key
table sizes are unclear, but they don't look very small
(code obtained from wuarchive.wustl.edu)
motivation and history
a while ago i wanted some des routines and the routines documented on sun's
man pages either didn't exist or dumped core. i had heard of kerberos,
and knew that it used des, so i figured i'd use its routines. but once
i got it and looked at the code, it really set off a lot of pet peeves -
it was too convoluted, the code had been written without taking
advantage of the regular structure of operations such as IP, E, and FP
(i.e. the author didn't sit down and think before coding),
it was excessively slow, the author had attempted to clarify the code
by adding MORE statements to make the data movement more `consistent'
instead of simplifying his implementation and cutting down on all data
movement (in particular, his use of L1, R1, L2, R2), and it was full of
idiotic `tweaks' for particular machines which failed to deliver significant
speedups but which did obfuscate everything. so i took the test data
from his verification program and rewrote everything else.
a while later i ran across the great crypt(3) package mentioned above.
the fact that this guy was computing 2 sboxes per table lookup rather
than one (and using a MUCH larger table in the process) emboldened me to
do the same - it was a trivial change from which i had been scared away
by the larger table size. in his case he didn't realize you don't need to keep
the working data in TWO forms, one for easy use of half the sboxes in
indexing, the other for easy use of the other half; instead you can keep
it in the form for the first half and use a simple rotate to get the other
half. this means i have (almost) half the data manipulation and half
the table size. in fairness though he might be encoding something particular
to crypt(3) in his tables - i didn't check.
i'm glad that i implemented it the way i did, because this C version is
portable (the ifdef's are performance enhancements) and it is faster
than versions hand-written in assembly for the sparc!
porting notes
one thing i did not want to do was write an enormous mess
which depended on endedness and other machine quirks,
and which necessarily produced different code and different lookup tables
for different machines. see the kerberos code for an example
of what i didn't want to do; all their endedness-specific `optimizations'
obfuscate the code and in the end were slower than a simpler machine
independent approach. however, there are always some portability
considerations of some kind, and i have included some options
for varying numbers of register variables.
perhaps some will still regard the result as a mess!
1) i assume everything is byte addressable, although i don't actually
depend on the byte order, and that bytes are 8 bits.
i assume word pointers can be freely cast to and from char pointers.
note that 99% of C programs make these assumptions.
i always use unsigned char's if the high bit could be set.
2) the typedef `word' means a 32 bit unsigned integral type.
if `unsigned long' is not 32 bits, change the typedef in desCore.h.
i assume sizeof(word) == 4 EVERYWHERE.
the (worst-case) cost of my NOT doing endedness-specific optimizations
in the data loading and storing code surrounding the key iterations
is less than 12%. also, there is the added benefit that
the input and output work areas do not need to be word-aligned.
OPTIONAL performance optimizations
1) you should define one of `i386,' `vax,' `mc68000,' or `sparc,'
whichever one is closest to the capabilities of your machine.
see the start of desCode.h to see exactly what this selection implies.
note that if you select the wrong one, the des code will still work;
these are just performance tweaks.
2) for those with functional `asm' keywords: you should change the
ROR and ROL macros to use machine rotate instructions if you have them.
this will save 2 instructions and a temporary per use,
or about 32 to 40 instructions per en/decryption.
these optimizations are all rather persnickety, yet with them you should
be able to get performance equal to assembly-coding, except that:
1) with the lack of a bit rotate operator in C, rotates have to be synthesized
from shifts. so access to `asm' will speed things up if your machine
has rotates, as explained above in (3).
2) if your machine has less than 12 32-bit registers i doubt your compiler will
generate good code.
`i386' tries to configure the code for a 386 by only declaring 3 registers
(it appears that gcc can use ebx, esi and edi to hold register variables).
however, if you like assembly coding, the 386 does have 7 32-bit registers,
and if you use ALL of them, use `scaled by 8' address modes with displacement
and other tricks, you can get reasonable routines for DesQuickCore... with
about 250 instructions apiece. For DesSmall... it will help to rearrange
des_keymap, i.e., now the sbox # is the high part of the index and
the 6 bits of data is the low part; it helps to exchange these.
since i have no way to conveniently test it i have not provided my
shoehorned 386 version.
coding notes
the en/decryption routines each use 6 necessary register variables,
with 4 being actively used at once during the inner iterations.
if you don't have 4 register variables get a new machine.
up to 8 more registers are used to hold constants in some configurations.
i assume that the use of a constant is more expensive than using a register:
a) additionally, i have tried to put the larger constants in registers.
registering priority was by the following:
anything more than 12 bits (bad for RISC and CISC)
greater than 127 in value (can't use movq or byte immediate on CISC)
9-127 (may not be able to use CISC shift immediate or add/sub quick),
1-8 were never registered, being the cheapest constants.
b) the compiler may be too stupid to realize table and table+256 should
be assigned to different constant registers and instead repetitively
do the arithmetic, so i assign these to explicit `m' register variables
when possible and helpful.
i assume that indexing is cheaper or equivalent to auto increment/decrement,
where the index is 7 bits unsigned or smaller.
this assumption is reversed for 68k and vax.
i assume that addresses can be cheaply formed from two registers,
or from a register and a small constant. i never use the `two registers
and offset' form you see in some CISC machines.
all index scaling is done explicitly - no hidden shifts by log2(sizeof).
the code is written so that even a dumb compiler
should never need more than one hidden temporary,
increasing the chance that everything will fit in the registers.
KEEP THIS MORE SUBTLE POINT IN MIND IF YOU REWRITE ANYTHING.
special efficient data format
bits are manipulated in this arrangement most of the time (S7 S5 S3 S1):
003130292827xxxx242322212019xxxx161514131211xxxx080706050403xxxx
(the x bits are still there, i'm just emphasizing where the S boxes are).
bits are rotated left 4 when computing S6 S4 S2 S0:
282726252423xxxx201918171615xxxx121110090807xxxx040302010031xxxx
the rightmost two bits are usually cleared so the lower byte can be used
as an index into an sbox mapping table. the next two x'd bits are set
to various values to access different parts of the tables.
how to use the routines
datatypes:
pointer to 8 byte area of type DesData
used to hold keys and input/output blocks to des.
pointer to 128 byte area of type DesKeys
used to hold full 768-bit key.
must be long-aligned.
DesQuickInit()
call this before using any other routine with `Quick' in its name.
it generates the special 64k table these routines need.
DesQuickDone()
frees this table
DesMethod(m, k)
m points to a 128byte block, k points to an 8 byte des key
which must have odd parity (or -1 is returned) and which must
not be a (semi-)weak key (or -2 is returned).
normally DesMethod() returns 0.
m is filled in from k so that when one of the routines below
is called with m, the routine will act like standard des
en/decryption with the key k. if you use DesMethod,
you supply a standard 56bit key; however, if you fill in
m yourself, you will get a 768bit key - but then it won't
be standard. it's 768bits not 1024 because the least significant
two bits of each byte are not used. and yes, each byte controls
a specific sbox during a specific iteration.
NOTE: actually, every other word has been rotated right 4 bits
to reduce the number of temporaries needed when the key is used.
you really shouldn't use the 768bit format directly; i should
provide a routine that converts 128 6-bit bytes (specified in
S-box mapping order or something) into the right format for you.
this would entail some byte concatenation and rotation.
Des{Small|Quick}{Fips|Core}{Encrypt|Decrypt}(d, m, s)
performs des on the 8 bytes at s into the 8 bytes at d. (d,s: char *).
uses m as a 768bit key as explained above.
the Encrypt|Decrypt choice is obvious.
Fips|Core determines whether a completely standard FIPS initial
and final permutation is done; if not, then the data is loaded
and stored in a nonstandard bit order (FIPS w/o IP/FP).
Fips slows down Quick by 10%, Small by 9%.
Small|Quick determines whether you use the normal routine
or the crazy quick one which gobbles up 64k more of memory.
Small is 50% slower then Quick, but Quick needs 32 times as much
memory. Quick is included for programs that do nothing but DES,
e.g., encryption filters, etc.
Getting it to compile on your machine
there are no machine-dependencies in the code (see porting),
except perhaps the `now()' macro in desTest.c.
ALL generated tables are machine independent.
you should edit the Makefile with the appropriate optimization flags
for your compiler (MAX optimization).
Speeding up kerberos (and/or its des library)
note that i have included a kerberos-compatible interface in desUtil.c
through the functions des_key_sched() and des_ecb_encrypt().
to use these with kerberos or kerberos-compatible code put desCore.a
ahead of the kerberos-compatible library on your linker's command line.
you should not need to #include desCore.h; just include the header
file provided with the kerberos library.
Other uses
the macros in desCode.h would be very useful for putting inline des
functions in more complicated encryption routines.

199
lsh/src/nettle/desdata.c Normal file
View File

@ -0,0 +1,199 @@
/* desdata.c
*
* Generate tables used by des.c and desCode.h.
*
* $Id$ */
/*
* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*
*/
#include "desinfo.h"
#include "desCode.h"
#if __GNUC__
# define UNUSED __attribute__ ((__unused__))
#else
# define UNUSED
#endif
/* list of weak and semi-weak keys
+0 +1 +2 +3 +4 +5 +6 +7
0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
0x01 0x1f 0x01 0x1f 0x01 0x0e 0x01 0x0e
0x01 0xe0 0x01 0xe0 0x01 0xf1 0x01 0xf1
0x01 0xfe 0x01 0xfe 0x01 0xfe 0x01 0xfe
0x1f 0x01 0x1f 0x01 0x0e 0x01 0x0e 0x01
0x1f 0x1f 0x1f 0x1f 0x0e 0x0e 0x0e 0x0e
0x1f 0xe0 0x1f 0xe0 0x0e 0xf1 0x0e 0xf1
0x1f 0xfe 0x1f 0xfe 0x0e 0xfe 0x0e 0xfe
0xe0 0x01 0xe0 0x01 0xf1 0x01 0xf1 0x01
0xe0 0x1f 0xe0 0x1f 0xf1 0x0e 0xf1 0x0e
0xe0 0xe0 0xe0 0xe0 0xf1 0xf1 0xf1 0xf1
0xe0 0xfe 0xe0 0xfe 0xf1 0xfe 0xf1 0xfe
0xfe 0x01 0xfe 0x01 0xfe 0x01 0xfe 0x01
0xfe 0x1f 0xfe 0x1f 0xfe 0x0e 0xfe 0x0e
0xfe 0xe0 0xfe 0xe0 0xfe 0xf1 0xfe 0xf1
0xfe 0xfe 0xfe 0xfe 0xfe 0xfe 0xfe 0xfe
*/
/* key bit order in each method pair: bits 31->00 of 1st, bits 31->00 of 2nd */
/* this does not reflect the rotate of the 2nd word */
#define S(box,bit) (box*6+bit)
int korder[] = {
S(7, 5), S(7, 4), S(7, 3), S(7, 2), S(7, 1), S(7, 0),
S(5, 5), S(5, 4), S(5, 3), S(5, 2), S(5, 1), S(5, 0),
S(3, 5), S(3, 4), S(3, 3), S(3, 2), S(3, 1), S(3, 0),
S(1, 5), S(1, 4), S(1, 3), S(1, 2), S(1, 1), S(1, 0),
S(6, 5), S(6, 4), S(6, 3), S(6, 2), S(6, 1), S(6, 0),
S(4, 5), S(4, 4), S(4, 3), S(4, 2), S(4, 1), S(4, 0),
S(2, 5), S(2, 4), S(2, 3), S(2, 2), S(2, 1), S(2, 0),
S(0, 5), S(0, 4), S(0, 3), S(0, 2), S(0, 1), S(0, 0),
};
/* the order in which the algorithm accesses the s boxes */
int sorder[] = {
7, 5, 3, 1, 6, 4, 2, 0,
};
int printf(const char *, ...);
int
main(int argc UNUSED, char **argv UNUSED)
{
uint32_t d, i, j, k, l, m, n, s;
char b[256], ksr[56];
switch ( argv[1][0] ) {
/*
* <<< make the key parity table >>>
*/
case 'p':
(void)printf(
"/* automagically produced - do not fuss with this information */\n\n");
/* store parity information */
for ( i = 0; i < 256; i++ ) {
j = i;
j ^= j >> 4; /* bits 3-0 have pairs */
j ^= j << 2; /* bits 3-2 have quads */
j ^= j << 1; /* bit 3 has the entire eight (no cox) */
b[i] = 8 & ~j; /* 0 is okay and 8 is bad parity */
}
/* only these characters can appear in a weak key */
b[0x01] = 1;
b[0x0e] = 2;
b[0x1f] = 3;
b[0xe0] = 4;
b[0xf1] = 5;
b[0xfe] = 6;
/* print it out */
for ( i = 0; i < 256; i++ ) {
(void)printf("%d,", b[i]);
if ( (i & 31) == 31 )
(void)printf("\n");
}
break;
/*
* <<< make the key usage table >>>
*/
case 'r':
(void)printf("/* automagically made - do not fuss with this */\n\n");
/* KL specifies the initial key bit positions */
for (i = 0; i < 56; i++)
ksr[i] = (KL[i] - 1) ^ 7;
for (i = 0; i < 16; i++) {
/* apply the appropriate number of left shifts */
for (j = 0; j < KS[i]; j++) {
m = ksr[ 0];
n = ksr[28];
for (k = 0; k < 27; k++)
ksr[k ] = ksr[k + 1],
ksr[k + 28] = ksr[k + 29];
ksr[27] = m;
ksr[55] = n;
}
/* output the key bit numbers */
for (j = 0; j < 48; j++) {
m = ksr[KC[korder[j]] - 1];
m = (m / 8) * 7 + (m % 8) - 1;
m = 55 - m;
(void)printf(" %2ld,", (long) m);
if ((j % 12) == 11)
(void)printf("\n");
}
(void)printf("\n");
}
break;
/*
* <<< make the keymap table >>>
*/
case 'k':
(void)printf("/* automagically made - do not fuss with this */\n\n");
for ( i = 0; i <= 7 ; i++ ) {
s = sorder[i];
for ( d = 0; d <= 63; d++ ) {
/* flip bits */
k = ((d << 5) & 32) |
((d << 3) & 16) |
((d << 1) & 8) |
((d >> 1) & 4) |
((d >> 3) & 2) |
((d >> 5) & 1) ;
/* more bit twiddling */
l = ((k << 0) & 32) | /* overlap bit */
((k << 4) & 16) | /* overlap bit */
((k >> 1) & 15) ; /* unique bits */
/* look up s box value */
m = SB[s][l];
/* flip bits */
n = ((m << 3) & 8) |
((m << 1) & 4) |
((m >> 1) & 2) |
((m >> 3) & 1) ;
/* put in correct nybble */
n <<= (s << 2);
/* perform p permutation */
for ( m = j = 0; j < 32; j++ )
if ( n & (1 << (SP[j] - 1)) )
m |= (1 << j);
/* rotate right (alg keeps everything rotated by 1) */
ROR(m, 1, 31);
/* print it out */
(void)printf(" 0x%08lx,", (long) m);
if ( ( d & 3 ) == 3 )
(void)printf("\n");
}
(void)printf("\n");
}
break;
}
return 0;
}

96
lsh/src/nettle/desinfo.h Normal file
View File

@ -0,0 +1,96 @@
/* desinfo.h
*
* Tables describing DES rather than just this implementation.
* These are used in desdata but NOT in runtime code.
*
* $Id$ */
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*/
/* the initial permutation, E selection, and final permutation are hardwired */
/* Key Load: how to load the shift register from the user key */
unsigned char KL[] = {
57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4,
};
/* Key Shift: how many times to shift the key shift register */
unsigned char KS[] = {
1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1,
};
/* Key Choose: which key bits from shift reg are used in the key schedule */
unsigned char KC[] = {
14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32,
};
/* S Boxes */
unsigned char SB[8][64] = {
{
14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13,
},{
15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9,
},{
10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12,
},{
7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14,
},{
2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3,
},{
12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13,
},{
4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12,
},{
13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
}
};
/* Sbox Permutation */
char SP[] = {
16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25,
};

241
lsh/src/nettle/install-sh Normal file
View File

@ -0,0 +1,241 @@
#! /bin/sh
#
# $Id$
#
# install - install a program, script, or datafile
# This comes from X11R5.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# `make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch.
#
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit="${DOITPROG-}"
# put in absolute paths if you don't have them in your path; or use env. vars.
mvprog="${MVPROG-mv}"
cpprog="${CPPROG-cp}"
chmodprog="${CHMODPROG-chmod}"
chownprog="${CHOWNPROG-chown}"
chgrpprog="${CHGRPPROG-chgrp}"
stripprog="${STRIPPROG-strip}"
rmprog="${RMPROG-rm}"
mkdirprog="${MKDIRPROG-mkdir}"
transformbasename=""
transform_arg=""
instcmd="$mvprog"
chmodcmd="$chmodprog 0755"
chowncmd=""
chgrpcmd=""
stripcmd=""
rmcmd="$rmprog -f"
mvcmd="$mvprog"
src=""
dst=""
dir_arg=""
while [ x"$1" != x ]; do
case $1 in
-c) instcmd="$cpprog"
shift
continue;;
-d) dir_arg=true
shift
continue;;
-m) chmodcmd="$chmodprog $2"
shift
shift
continue;;
-o) chowncmd="$chownprog $2"
shift
shift
continue;;
-g) chgrpcmd="$chgrpprog $2"
shift
shift
continue;;
-s) stripcmd="$stripprog"
shift
continue;;
-t=*) transformarg=`echo $1 | sed 's/-t=//'`
shift
continue;;
-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
shift
continue;;
*) if [ x"$src" = x ]
then
src=$1
else
# this colon is to work around a 386BSD /bin/sh bug
:
dst=$1
fi
shift
continue;;
esac
done
if [ x"$src" = x ]
then
echo "install: no input file specified"
exit 1
else
true
fi
if [ x"$dir_arg" != x ]; then
dst=$src
src=""
if [ -d $dst ]; then
instcmd=:
else
instcmd=mkdir
fi
else
# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if [ -f $src -o -d $src ]
then
true
else
echo "install: $src does not exist"
exit 1
fi
if [ x"$dst" = x ]
then
echo "install: no destination specified"
exit 1
else
true
fi
# If destination is a directory, append the input filename; if your system
# does not like double slashes in filenames, you may need to add some logic
if [ -d $dst ]
then
dst="$dst"/`basename $src`
else
true
fi
fi
## this sed command emulates the dirname command
dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
# Make sure that the destination directory exists.
# this part is taken from Noah Friedman's mkinstalldirs script
# Skip lots of stat calls in the usual case.
if [ ! -d "$dstdir" ]; then
defaultIFS='
'
IFS="${IFS-${defaultIFS}}"
oIFS="${IFS}"
# Some sh's can't handle IFS=/ for some reason.
IFS='%'
set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
IFS="${oIFS}"
pathcomp=''
while [ $# -ne 0 ] ; do
pathcomp="${pathcomp}${1}"
shift
if [ ! -d "${pathcomp}" ] ;
then
$mkdirprog "${pathcomp}"
else
true
fi
pathcomp="${pathcomp}/"
done
fi
if [ x"$dir_arg" != x ]
then
$doit $instcmd $dst &&
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
else
# If we're going to rename the final executable, determine the name now.
if [ x"$transformarg" = x ]
then
dstfile=`basename $dst`
else
dstfile=`basename $dst $transformbasename |
sed $transformarg`$transformbasename
fi
# don't allow the sed command to completely eliminate the filename
if [ x"$dstfile" = x ]
then
dstfile=`basename $dst`
else
true
fi
# Make a temp file name in the proper directory.
dsttmp=$dstdir/#inst.$$#
# Move or copy the file name to the temp name
$doit $instcmd $src $dsttmp &&
trap "rm -f ${dsttmp}" 0 &&
# and set any options; do chmod last to preserve setuid bits
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $instcmd $src $dsttmp" command.
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
# Now rename the file to the real destination.
$doit $rmcmd -f $dstdir/$dstfile &&
$doit $mvcmd $dsttmp $dstdir/$dstfile
fi &&
exit 0

138
lsh/src/nettle/keymap.h Normal file
View File

@ -0,0 +1,138 @@
/* automagically made - do not fuss with this */
0x02080008, 0x02082000, 0x00002008, 0x00000000,
0x02002000, 0x00080008, 0x02080000, 0x02082008,
0x00000008, 0x02000000, 0x00082000, 0x00002008,
0x00082008, 0x02002008, 0x02000008, 0x02080000,
0x00002000, 0x00082008, 0x00080008, 0x02002000,
0x02082008, 0x02000008, 0x00000000, 0x00082000,
0x02000000, 0x00080000, 0x02002008, 0x02080008,
0x00080000, 0x00002000, 0x02082000, 0x00000008,
0x00080000, 0x00002000, 0x02000008, 0x02082008,
0x00002008, 0x02000000, 0x00000000, 0x00082000,
0x02080008, 0x02002008, 0x02002000, 0x00080008,
0x02082000, 0x00000008, 0x00080008, 0x02002000,
0x02082008, 0x00080000, 0x02080000, 0x02000008,
0x00082000, 0x00002008, 0x02002008, 0x02080000,
0x00000008, 0x02082000, 0x00082008, 0x00000000,
0x02000000, 0x02080008, 0x00002000, 0x00082008,
0x08000004, 0x00020004, 0x00000000, 0x08020200,
0x00020004, 0x00000200, 0x08000204, 0x00020000,
0x00000204, 0x08020204, 0x00020200, 0x08000000,
0x08000200, 0x08000004, 0x08020000, 0x00020204,
0x00020000, 0x08000204, 0x08020004, 0x00000000,
0x00000200, 0x00000004, 0x08020200, 0x08020004,
0x08020204, 0x08020000, 0x08000000, 0x00000204,
0x00000004, 0x00020200, 0x00020204, 0x08000200,
0x00000204, 0x08000000, 0x08000200, 0x00020204,
0x08020200, 0x00020004, 0x00000000, 0x08000200,
0x08000000, 0x00000200, 0x08020004, 0x00020000,
0x00020004, 0x08020204, 0x00020200, 0x00000004,
0x08020204, 0x00020200, 0x00020000, 0x08000204,
0x08000004, 0x08020000, 0x00020204, 0x00000000,
0x00000200, 0x08000004, 0x08000204, 0x08020200,
0x08020000, 0x00000204, 0x00000004, 0x08020004,
0x80040100, 0x01000100, 0x80000000, 0x81040100,
0x00000000, 0x01040000, 0x81000100, 0x80040000,
0x01040100, 0x81000000, 0x01000000, 0x80000100,
0x81000000, 0x80040100, 0x00040000, 0x01000000,
0x81040000, 0x00040100, 0x00000100, 0x80000000,
0x00040100, 0x81000100, 0x01040000, 0x00000100,
0x80000100, 0x00000000, 0x80040000, 0x01040100,
0x01000100, 0x81040000, 0x81040100, 0x00040000,
0x81040000, 0x80000100, 0x00040000, 0x81000000,
0x00040100, 0x01000100, 0x80000000, 0x01040000,
0x81000100, 0x00000000, 0x00000100, 0x80040000,
0x00000000, 0x81040000, 0x01040100, 0x00000100,
0x01000000, 0x81040100, 0x80040100, 0x00040000,
0x81040100, 0x80000000, 0x01000100, 0x80040100,
0x80040000, 0x00040100, 0x01040000, 0x81000100,
0x80000100, 0x01000000, 0x81000000, 0x01040100,
0x04010801, 0x00000000, 0x00010800, 0x04010000,
0x04000001, 0x00000801, 0x04000800, 0x00010800,
0x00000800, 0x04010001, 0x00000001, 0x04000800,
0x00010001, 0x04010800, 0x04010000, 0x00000001,
0x00010000, 0x04000801, 0x04010001, 0x00000800,
0x00010801, 0x04000000, 0x00000000, 0x00010001,
0x04000801, 0x00010801, 0x04010800, 0x04000001,
0x04000000, 0x00010000, 0x00000801, 0x04010801,
0x00010001, 0x04010800, 0x04000800, 0x00010801,
0x04010801, 0x00010001, 0x04000001, 0x00000000,
0x04000000, 0x00000801, 0x00010000, 0x04010001,
0x00000800, 0x04000000, 0x00010801, 0x04000801,
0x04010800, 0x00000800, 0x00000000, 0x04000001,
0x00000001, 0x04010801, 0x00010800, 0x04010000,
0x04010001, 0x00010000, 0x00000801, 0x04000800,
0x04000801, 0x00000001, 0x04010000, 0x00010800,
0x00000400, 0x00000020, 0x00100020, 0x40100000,
0x40100420, 0x40000400, 0x00000420, 0x00000000,
0x00100000, 0x40100020, 0x40000020, 0x00100400,
0x40000000, 0x00100420, 0x00100400, 0x40000020,
0x40100020, 0x00000400, 0x40000400, 0x40100420,
0x00000000, 0x00100020, 0x40100000, 0x00000420,
0x40100400, 0x40000420, 0x00100420, 0x40000000,
0x40000420, 0x40100400, 0x00000020, 0x00100000,
0x40000420, 0x00100400, 0x40100400, 0x40000020,
0x00000400, 0x00000020, 0x00100000, 0x40100400,
0x40100020, 0x40000420, 0x00000420, 0x00000000,
0x00000020, 0x40100000, 0x40000000, 0x00100020,
0x00000000, 0x40100020, 0x00100020, 0x00000420,
0x40000020, 0x00000400, 0x40100420, 0x00100000,
0x00100420, 0x40000000, 0x40000400, 0x40100420,
0x40100000, 0x00100420, 0x00100400, 0x40000400,
0x00800000, 0x00001000, 0x00000040, 0x00801042,
0x00801002, 0x00800040, 0x00001042, 0x00801000,
0x00001000, 0x00000002, 0x00800002, 0x00001040,
0x00800042, 0x00801002, 0x00801040, 0x00000000,
0x00001040, 0x00800000, 0x00001002, 0x00000042,
0x00800040, 0x00001042, 0x00000000, 0x00800002,
0x00000002, 0x00800042, 0x00801042, 0x00001002,
0x00801000, 0x00000040, 0x00000042, 0x00801040,
0x00801040, 0x00800042, 0x00001002, 0x00801000,
0x00001000, 0x00000002, 0x00800002, 0x00800040,
0x00800000, 0x00001040, 0x00801042, 0x00000000,
0x00001042, 0x00800000, 0x00000040, 0x00001002,
0x00800042, 0x00000040, 0x00000000, 0x00801042,
0x00801002, 0x00801040, 0x00000042, 0x00001000,
0x00001040, 0x00801002, 0x00800040, 0x00000042,
0x00000002, 0x00001042, 0x00801000, 0x00800002,
0x10400000, 0x00404010, 0x00000010, 0x10400010,
0x10004000, 0x00400000, 0x10400010, 0x00004010,
0x00400010, 0x00004000, 0x00404000, 0x10000000,
0x10404010, 0x10000010, 0x10000000, 0x10404000,
0x00000000, 0x10004000, 0x00404010, 0x00000010,
0x10000010, 0x10404010, 0x00004000, 0x10400000,
0x10404000, 0x00400010, 0x10004010, 0x00404000,
0x00004010, 0x00000000, 0x00400000, 0x10004010,
0x00404010, 0x00000010, 0x10000000, 0x00004000,
0x10000010, 0x10004000, 0x00404000, 0x10400010,
0x00000000, 0x00404010, 0x00004010, 0x10404000,
0x10004000, 0x00400000, 0x10404010, 0x10000000,
0x10004010, 0x10400000, 0x00400000, 0x10404010,
0x00004000, 0x00400010, 0x10400010, 0x00004010,
0x00400010, 0x00000000, 0x10404000, 0x10000010,
0x10400000, 0x10004010, 0x00000010, 0x00404000,
0x00208080, 0x00008000, 0x20200000, 0x20208080,
0x00200000, 0x20008080, 0x20008000, 0x20200000,
0x20008080, 0x00208080, 0x00208000, 0x20000080,
0x20200080, 0x00200000, 0x00000000, 0x20008000,
0x00008000, 0x20000000, 0x00200080, 0x00008080,
0x20208080, 0x00208000, 0x20000080, 0x00200080,
0x20000000, 0x00000080, 0x00008080, 0x20208000,
0x00000080, 0x20200080, 0x20208000, 0x00000000,
0x00000000, 0x20208080, 0x00200080, 0x20008000,
0x00208080, 0x00008000, 0x20000080, 0x00200080,
0x20208000, 0x00000080, 0x00008080, 0x20200000,
0x20008080, 0x20000000, 0x20200000, 0x00208000,
0x20208080, 0x00008080, 0x00208000, 0x20200080,
0x00200000, 0x20000080, 0x20008000, 0x00000000,
0x00008000, 0x00200000, 0x20200080, 0x00208080,
0x20000000, 0x20208000, 0x00000080, 0x20008080,

78
lsh/src/nettle/macros.h Normal file
View File

@ -0,0 +1,78 @@
/* macros.h
*
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#ifndef NETTLE_MACROS_H_INCLUDED
#define NETTLE_MACROS_H_INCLUDED
#if !MACOS || !defined(READ_UINT32)
/* Reads a 32-bit integer, in network, big-endian, byte order */
#define READ_UINT32(p) \
( (((uint32_t) (p)[0]) << 24) \
| (((uint32_t) (p)[1]) << 16) \
| (((uint32_t) (p)[2]) << 8) \
| ((uint32_t) (p)[3]))
#endif
#if !MACOS || !defined(WRITE_UINT32)
#define WRITE_UINT32(p, i) \
do { \
(p)[0] = ((i) >> 24) & 0xff; \
(p)[1] = ((i) >> 16) & 0xff; \
(p)[2] = ((i) >> 8) & 0xff; \
(p)[3] = (i) & 0xff; \
} while(0)
#endif
/* And the other, little-endian, byteorder */
#define LE_READ_UINT32(p) \
( (((uint32_t) (p)[3]) << 24) \
| (((uint32_t) (p)[2]) << 16) \
| (((uint32_t) (p)[1]) << 8) \
| ((uint32_t) (p)[0]))
#define LE_WRITE_UINT32(p, i) \
do { \
(p)[3] = ((i) >> 24) & 0xff; \
(p)[2] = ((i) >> 16) & 0xff; \
(p)[1] = ((i) >> 8) & 0xff; \
(p)[0] = (i) & 0xff; \
} while(0)
#if !MACOS || !defined(FOR_BLOCKS)
/* Macro to make it easier to loop over several blocks. */
#define FOR_BLOCKS(length, dst, src, blocksize) \
assert( !((length) % (blocksize))); \
for (; (length); ((length) -= (blocksize), \
(dst) += (blocksize), \
(src) += (blocksize)) )
#endif
#endif /* NETTLE_MACROS_H_INCLUDED */

282
lsh/src/nettle/md5.c Normal file
View File

@ -0,0 +1,282 @@
/* md5.c
*
* The md5 hash function.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
/* Based on public domain code hacked by Colin Plumb, Andrew Kuchling, and
* Niels Möller. */
#include "md5.h"
#include "macros.h"
#include <assert.h>
/* A block, treated as a sequence of 32-bit words. */
#define MD5_DATA_LENGTH 16
static void
md5_transform(uint32_t *digest, const uint32_t *data);
static void
md5_block(struct md5_ctx *ctx, const uint8_t *block);
void
md5_init(struct md5_ctx *ctx)
{
ctx->digest[0] = 0x67452301;
ctx->digest[1] = 0xefcdab89;
ctx->digest[2] = 0x98badcfe;
ctx->digest[3] = 0x10325476;
ctx->count_l = ctx->count_h = 0;
ctx->index = 0;
}
void
md5_update(struct md5_ctx *ctx,
unsigned length,
const uint8_t *data)
{
if (ctx->index)
{
/* Try to fill partial block */
unsigned left = MD5_DATA_SIZE - ctx->index;
if (length < left)
{
memcpy(ctx->block + ctx->index, data, length);
ctx->index += length;
return; /* Finished */
}
else
{
memcpy(ctx->block + ctx->index, data, left);
md5_block(ctx, ctx->block);
data += left;
length -= left;
}
}
while (length >= MD5_DATA_SIZE)
{
md5_block(ctx, data);
data += MD5_DATA_SIZE;
length -= MD5_DATA_SIZE;
}
if ((ctx->index = length)) /* This assignment is intended */
/* Buffer leftovers */
memcpy(ctx->block, data, length);
}
/* Final wrapup - pad to MD5_DATA_SIZE-byte boundary with the bit
* pattern 1 0* (64-bit count of bits processed, LSB-first) */
void
md5_final(struct md5_ctx *ctx)
{
uint32_t data[MD5_DATA_LENGTH];
unsigned i;
unsigned words;
i = ctx->index;
/* Set the first char of padding to 0x80. This is safe since there
* is always at least one byte free */
assert(i < MD5_DATA_SIZE);
ctx->block[i++] = 0x80;
/* Fill rest of word */
for( ; i & 3; i++)
ctx->block[i] = 0;
/* i is now a multiple of the word size 4 */
words = i >> 2;
for (i = 0; i < words; i++)
data[i] = LE_READ_UINT32(ctx->block + 4*i);
if (words > (MD5_DATA_LENGTH-2))
{ /* No room for length in this block. Process it and
* pad with another one */
for (i = words ; i < MD5_DATA_LENGTH; i++)
data[i] = 0;
md5_transform(ctx->digest, data);
for (i = 0; i < (MD5_DATA_LENGTH-2); i++)
data[i] = 0;
}
else
for (i = words ; i < MD5_DATA_LENGTH - 2; i++)
data[i] = 0;
/* There are 512 = 2^9 bits in one block
* Little-endian order => Least significant word first */
data[MD5_DATA_LENGTH-1] = (ctx->count_h << 9) | (ctx->count_l >> 23);
data[MD5_DATA_LENGTH-2] = (ctx->count_l << 9) | (ctx->index << 3);
md5_transform(ctx->digest, data);
}
void
md5_digest(const struct md5_ctx *ctx,
unsigned length,
uint8_t *digest)
{
unsigned i;
unsigned words;
unsigned leftover;
assert(length <= MD5_DIGEST_SIZE);
words = length / 4;
leftover = length % 4;
/* Little endian order */
for (i = 0; i < words; i++, digest += 4)
LE_WRITE_UINT32(digest, ctx->digest[i]);
if (leftover)
{
uint32_t word;
unsigned j;
assert(i < _MD5_DIGEST_LENGTH);
/* Still least significant byte first. */
for (word = ctx->digest[i], j = 0; j < leftover;
j++, word >>= 8)
digest[j] = word & 0xff;
}
}
/* MD5 functions */
#define F1(x, y, z) (z ^ (x & (y ^ z)))
#define F2(x, y, z) F1(z, x, y)
#define F3(x, y, z) (x ^ y ^ z)
#define F4(x, y, z) (y ^ (x | ~z))
#define ROUND(f, w, x, y, z, data, s) \
( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
/* Perform the MD5 transformation on one full block of 16 32-bit
* words.
*
* Compresses 20 (_MD5_DIGEST_LENGTH + MD5_DATA_LENGTH) words into 4
* (_MD5_DIGEST_LENGTH) words. */
static void
md5_transform(uint32_t *digest, const uint32_t *data)
{
uint32_t a, b, c, d;
a = digest[0];
b = digest[1];
c = digest[2];
d = digest[3];
ROUND(F1, a, b, c, d, data[ 0] + 0xd76aa478, 7);
ROUND(F1, d, a, b, c, data[ 1] + 0xe8c7b756, 12);
ROUND(F1, c, d, a, b, data[ 2] + 0x242070db, 17);
ROUND(F1, b, c, d, a, data[ 3] + 0xc1bdceee, 22);
ROUND(F1, a, b, c, d, data[ 4] + 0xf57c0faf, 7);
ROUND(F1, d, a, b, c, data[ 5] + 0x4787c62a, 12);
ROUND(F1, c, d, a, b, data[ 6] + 0xa8304613, 17);
ROUND(F1, b, c, d, a, data[ 7] + 0xfd469501, 22);
ROUND(F1, a, b, c, d, data[ 8] + 0x698098d8, 7);
ROUND(F1, d, a, b, c, data[ 9] + 0x8b44f7af, 12);
ROUND(F1, c, d, a, b, data[10] + 0xffff5bb1, 17);
ROUND(F1, b, c, d, a, data[11] + 0x895cd7be, 22);
ROUND(F1, a, b, c, d, data[12] + 0x6b901122, 7);
ROUND(F1, d, a, b, c, data[13] + 0xfd987193, 12);
ROUND(F1, c, d, a, b, data[14] + 0xa679438e, 17);
ROUND(F1, b, c, d, a, data[15] + 0x49b40821, 22);
ROUND(F2, a, b, c, d, data[ 1] + 0xf61e2562, 5);
ROUND(F2, d, a, b, c, data[ 6] + 0xc040b340, 9);
ROUND(F2, c, d, a, b, data[11] + 0x265e5a51, 14);
ROUND(F2, b, c, d, a, data[ 0] + 0xe9b6c7aa, 20);
ROUND(F2, a, b, c, d, data[ 5] + 0xd62f105d, 5);
ROUND(F2, d, a, b, c, data[10] + 0x02441453, 9);
ROUND(F2, c, d, a, b, data[15] + 0xd8a1e681, 14);
ROUND(F2, b, c, d, a, data[ 4] + 0xe7d3fbc8, 20);
ROUND(F2, a, b, c, d, data[ 9] + 0x21e1cde6, 5);
ROUND(F2, d, a, b, c, data[14] + 0xc33707d6, 9);
ROUND(F2, c, d, a, b, data[ 3] + 0xf4d50d87, 14);
ROUND(F2, b, c, d, a, data[ 8] + 0x455a14ed, 20);
ROUND(F2, a, b, c, d, data[13] + 0xa9e3e905, 5);
ROUND(F2, d, a, b, c, data[ 2] + 0xfcefa3f8, 9);
ROUND(F2, c, d, a, b, data[ 7] + 0x676f02d9, 14);
ROUND(F2, b, c, d, a, data[12] + 0x8d2a4c8a, 20);
ROUND(F3, a, b, c, d, data[ 5] + 0xfffa3942, 4);
ROUND(F3, d, a, b, c, data[ 8] + 0x8771f681, 11);
ROUND(F3, c, d, a, b, data[11] + 0x6d9d6122, 16);
ROUND(F3, b, c, d, a, data[14] + 0xfde5380c, 23);
ROUND(F3, a, b, c, d, data[ 1] + 0xa4beea44, 4);
ROUND(F3, d, a, b, c, data[ 4] + 0x4bdecfa9, 11);
ROUND(F3, c, d, a, b, data[ 7] + 0xf6bb4b60, 16);
ROUND(F3, b, c, d, a, data[10] + 0xbebfbc70, 23);
ROUND(F3, a, b, c, d, data[13] + 0x289b7ec6, 4);
ROUND(F3, d, a, b, c, data[ 0] + 0xeaa127fa, 11);
ROUND(F3, c, d, a, b, data[ 3] + 0xd4ef3085, 16);
ROUND(F3, b, c, d, a, data[ 6] + 0x04881d05, 23);
ROUND(F3, a, b, c, d, data[ 9] + 0xd9d4d039, 4);
ROUND(F3, d, a, b, c, data[12] + 0xe6db99e5, 11);
ROUND(F3, c, d, a, b, data[15] + 0x1fa27cf8, 16);
ROUND(F3, b, c, d, a, data[ 2] + 0xc4ac5665, 23);
ROUND(F4, a, b, c, d, data[ 0] + 0xf4292244, 6);
ROUND(F4, d, a, b, c, data[ 7] + 0x432aff97, 10);
ROUND(F4, c, d, a, b, data[14] + 0xab9423a7, 15);
ROUND(F4, b, c, d, a, data[ 5] + 0xfc93a039, 21);
ROUND(F4, a, b, c, d, data[12] + 0x655b59c3, 6);
ROUND(F4, d, a, b, c, data[ 3] + 0x8f0ccc92, 10);
ROUND(F4, c, d, a, b, data[10] + 0xffeff47d, 15);
ROUND(F4, b, c, d, a, data[ 1] + 0x85845dd1, 21);
ROUND(F4, a, b, c, d, data[ 8] + 0x6fa87e4f, 6);
ROUND(F4, d, a, b, c, data[15] + 0xfe2ce6e0, 10);
ROUND(F4, c, d, a, b, data[ 6] + 0xa3014314, 15);
ROUND(F4, b, c, d, a, data[13] + 0x4e0811a1, 21);
ROUND(F4, a, b, c, d, data[ 4] + 0xf7537e82, 6);
ROUND(F4, d, a, b, c, data[11] + 0xbd3af235, 10);
ROUND(F4, c, d, a, b, data[ 2] + 0x2ad7d2bb, 15);
ROUND(F4, b, c, d, a, data[ 9] + 0xeb86d391, 21);
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
}
static void
md5_block(struct md5_ctx *ctx, const uint8_t *block)
{
uint32_t data[MD5_DATA_LENGTH];
unsigned i;
/* Update block count */
if (!++ctx->count_l)
++ctx->count_h;
/* Endian independent conversion */
for (i = 0; i<16; i++, block += 4)
data[i] = LE_READ_UINT32(block);
md5_transform(ctx->digest, data);
}

61
lsh/src/nettle/md5.h Normal file
View File

@ -0,0 +1,61 @@
/* md5.h
*
* The md5 hash function.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#ifndef NETTLE_MD5_H_INCLUDED
#define NETTLE_MD5_H_INCLUDED
#include <inttypes.h>
#define MD5_DIGEST_SIZE 16
#define MD5_DATA_SIZE 64
/* Digest is kept internally as 4 32-bit words. */
#define _MD5_DIGEST_LENGTH 4
struct md5_ctx
{
uint32_t digest[_MD5_DIGEST_LENGTH];
uint32_t count_l, count_h; /* Block count */
uint8_t block[MD5_DATA_SIZE]; /* Block buffer */
unsigned index; /* Into buffer */
};
void
md5_init(struct md5_ctx *ctx);
void
md5_update(struct md5_ctx *ctx,
unsigned length,
const uint8_t *data);
void
md5_final(struct md5_ctx *ctx);
void
md5_digest(const struct md5_ctx *ctx,
unsigned length,
uint8_t *digest);
#endif /* NETTLE_MD5_H_INCLUDED */

19
lsh/src/nettle/memxor.c Normal file
View File

@ -0,0 +1,19 @@
/* memxor.c
*
* $Id$
*/
/* XOR LEN bytes starting at SRCADDR onto DESTADDR. Result undefined
if the source overlaps with the destination.
Return DESTADDR. */
#include "memxor.h"
uint8_t *memxor(uint8_t *dst, const uint8_t *src, size_t n)
{
size_t i;
for (i = 0; i<n; i++)
dst[i] ^= src[i];
return dst;
}

13
lsh/src/nettle/memxor.h Normal file
View File

@ -0,0 +1,13 @@
/* memxor.h
*
*/
#ifndef NETTLE_MEMXOR_H_INCLUDED
#define NETTLE_MEMXOR_H_INCLUDED
#include <inttypes.h>
#include <stdlib.h>
uint8_t *memxor(uint8_t *dst, const uint8_t *src, size_t n);
#endif /* NETTLE_MEMXOR_H_INCLUDED */

190
lsh/src/nettle/missing Normal file
View File

@ -0,0 +1,190 @@
#! /bin/sh
# Common stub for a few missing GNU programs while installing.
# Copyright (C) 1996, 1997 Free Software Foundation, Inc.
# Franc,ois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
# 02111-1307, USA.
if test $# -eq 0; then
echo 1>&2 "Try \`$0 --help' for more information"
exit 1
fi
case "$1" in
-h|--h|--he|--hel|--help)
echo "\
$0 [OPTION]... PROGRAM [ARGUMENT]...
Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
error status if there is no known handling for PROGRAM.
Options:
-h, --help display this help and exit
-v, --version output version information and exit
Supported PROGRAM values:
aclocal touch file \`aclocal.m4'
autoconf touch file \`configure'
autoheader touch file \`config.h.in'
automake touch all \`Makefile.in' files
bison create \`y.tab.[ch]', if possible, from existing .[ch]
flex create \`lex.yy.c', if possible, from existing .c
lex create \`lex.yy.c', if possible, from existing .c
makeinfo touch the output file
yacc create \`y.tab.[ch]', if possible, from existing .[ch]"
;;
-v|--v|--ve|--ver|--vers|--versi|--versio|--version)
echo "missing - GNU libit 0.0"
;;
-*)
echo 1>&2 "$0: Unknown \`$1' option"
echo 1>&2 "Try \`$0 --help' for more information"
exit 1
;;
aclocal)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified \`acinclude.m4' or \`configure.in'. You might want
to install the \`Automake' and \`Perl' packages. Grab them from
any GNU archive site."
touch aclocal.m4
;;
autoconf)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified \`configure.in'. You might want to install the
\`Autoconf' and \`GNU m4' packages. Grab them from any GNU
archive site."
touch configure
;;
autoheader)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified \`acconfig.h' or \`configure.in'. You might want
to install the \`Autoconf' and \`GNU m4' packages. Grab them
from any GNU archive site."
files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' configure.in`
test -z "$files" && files="config.h"
touch_files=
for f in $files; do
case "$f" in
*:*) touch_files="$touch_files "`echo "$f" |
sed -e 's/^[^:]*://' -e 's/:.*//'`;;
*) touch_files="$touch_files $f.in";;
esac
done
touch $touch_files
;;
automake)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified \`Makefile.am', \`acinclude.m4' or \`configure.in'.
You might want to install the \`Automake' and \`Perl' packages.
Grab them from any GNU archive site."
find . -type f -name Makefile.am -print |
sed 's/\.am$/.in/' |
while read f; do touch "$f"; done
;;
bison|yacc)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified a \`.y' file. You may need the \`Bison' package
in order for those modifications to take effect. You can get
\`Bison' from any GNU archive site."
rm -f y.tab.c y.tab.h
if [ $# -ne 1 ]; then
eval LASTARG="\${$#}"
case "$LASTARG" in
*.y)
SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
if [ -f "$SRCFILE" ]; then
cp "$SRCFILE" y.tab.c
fi
SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
if [ -f "$SRCFILE" ]; then
cp "$SRCFILE" y.tab.h
fi
;;
esac
fi
if [ ! -f y.tab.h ]; then
echo >y.tab.h
fi
if [ ! -f y.tab.c ]; then
echo 'main() { return 0; }' >y.tab.c
fi
;;
lex|flex)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified a \`.l' file. You may need the \`Flex' package
in order for those modifications to take effect. You can get
\`Flex' from any GNU archive site."
rm -f lex.yy.c
if [ $# -ne 1 ]; then
eval LASTARG="\${$#}"
case "$LASTARG" in
*.l)
SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
if [ -f "$SRCFILE" ]; then
cp "$SRCFILE" lex.yy.c
fi
;;
esac
fi
if [ ! -f lex.yy.c ]; then
echo 'main() { return 0; }' >lex.yy.c
fi
;;
makeinfo)
echo 1>&2 "\
WARNING: \`$1' is missing on your system. You should only need it if
you modified a \`.texi' or \`.texinfo' file, or any other file
indirectly affecting the aspect of the manual. The spurious
call might also be the consequence of using a buggy \`make' (AIX,
DU, IRIX). You might want to install the \`Texinfo' package or
the \`GNU make' package. Grab either from any GNU archive site."
file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
if test -z "$file"; then
file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file`
fi
touch $file
;;
*)
echo 1>&2 "\
WARNING: \`$1' is needed, and you do not seem to have it handy on your
system. You might have modified some files without having the
proper tools for further handling them. Check the \`README' file,
it often tells you about the needed prerequirements for installing
this package. You may also peek at any GNU archive site, in case
some other package would contain this missing \`$1' program."
exit 1
;;
esac
exit 0

40
lsh/src/nettle/mkinstalldirs Normal file
View File

@ -0,0 +1,40 @@
#! /bin/sh
# mkinstalldirs --- make directory hierarchy
# Author: Noah Friedman <friedman@prep.ai.mit.edu>
# Created: 1993-05-16
# Public domain
# $Id$
errstatus=0
for file
do
set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
shift
pathcomp=
for d
do
pathcomp="$pathcomp$d"
case "$pathcomp" in
-* ) pathcomp=./$pathcomp ;;
esac
if test ! -d "$pathcomp"; then
echo "mkdir $pathcomp"
mkdir "$pathcomp" || lasterr=$?
if test ! -d "$pathcomp"; then
errstatus=$lasterr
fi
fi
pathcomp="$pathcomp/"
done
done
exit $errstatus
# mkinstalldirs ends here

1518
lsh/src/nettle/nettle.html Normal file
View File

File diff suppressed because it is too large Load Diff

799
lsh/src/nettle/nettle.info Normal file
View File

@ -0,0 +1,799 @@
This is nettle.info, produced by makeinfo version 4.0 from
nettle.texinfo.
INFO-DIR-SECTION GNU Libraries
START-INFO-DIR-ENTRY
* Nettle: (nettle). A low-level cryptographics library.
END-INFO-DIR-ENTRY
Draft manual for the Nettle library. This manual corresponds to
version 0.2.
Copyright 2001 Niels Möller
Permission is granted to make and distribute verbatim copies of this
manual provided the copyright notice and this permission notice are
preserved on all copies.
Permission is granted to copy and distribute modified versions of
this manual under the conditions for verbatim copying, provided also
that the sections entitled "Copying" and "GNU General Public License"
are included exactly as in the original, and provided that the entire
resulting derived work is distributed under the terms of a permission
notice identical to this one.
Permission is granted to copy and distribute translations of this
manual into another language, under the above conditions for modified
versions, except that this permission notice may be stated in a
translation approved by the Free Software Foundation.

File: nettle.info, Node: Top, Next: Introduction, Prev: (dir), Up: (dir)
This document describes the nettle low-level cryptographic library.
You can use the library directly from your C-programs, or (recommended)
write or use an object-oriented wrapper for your favourite language or
application.
This manual coresponds to version 0.2 of the library.
* Menu:
* Introduction::
* Copyright::
* Conventions::
* Example::
* Reference::
* Installation::
* Index::

File: nettle.info, Node: Introduction, Next: Copyright, Prev: Top, Up: Top
Introduction
************
Nettle is a cryptographic library that is designed to fit easily in
more or less any context: In crypto toolkits for object-oriented
languages (C++, Python, Pike, ...), in applications like LSH or GNUPG,
or even in kernel space. In most contexts, you need more than the basic
cryptographic algorithms, you also need some way to keep track of
available algorithms, their properties and variants. You often have
some algorithm selection process, often dictated by a protocol you want
to implement.
And as the requirements of applications differ on subtle and not so
subtle ways, an API that fits one application well can be a pain to use
in a different context. And that is why there are so many different
cryptographic libraries around.
Nettle tries to avoid this problem by doing one thing, the low-level
crypto stuff, and providing a _simple_ but general interface to it. In
particular, Nettle doesn't do algorithm selection. It doesn't do memory
allocation. It doesn't do any I/O.
The idea is that one can build several application and context
specific interfaces on top of Nettle, and share the code, testcases,
banchmarks, documentation, etc. For this first version, the only
application using Nettle is LSH, and it uses an object-oriented
abstraction on top of the library.

File: nettle.info, Node: Copyright, Next: Conventions, Prev: Introduction, Up: Top
Copyright
*********
Nettle is distributed under the GNU General Public License (see the
file COPYING for details). However, many of the individual files are
dual licensed under less restrictive licenses like the GNU Lesser
General Public License, or public domain. Consult the headers in each
file for details.
It is conceivable that future versions will use the LGPL rather than
the GPL, mail me if you have questions or suggestions.
A list of the supported algorithms, their origins and licenses:
_AES_
The implementation of the AES cipher (also known as rijndael) is
written by Rafael Sevilla. Released under the LGPL.
_ARCFOUR_
The implementation of the ARCFOUR (also known as RC4) cipher is
written by Niels Möller. Released under the LGPL.
_BLOWFISH_
The implementation of the BLOWFISH cipher is written by Werner
Koch, copyright owned by the Free Software Foundation. Also hacked
by Ray Dassen and Niels Möller. Released under the GPL.
_CAST128_
The implementation of the CAST128 cipher is written by Steve Reid.
Released into the public domain.
_DES_
The implementation of the DES cipher is written by Dana L. How, and
released under the LGPL.
_MD5_
The implementation of the MD5 message digest is written by Colin
Plumb. It has been hacked some more by Andrew Kuchling and Niels
Möller. Released into the public domain.
_SERPENT_
The implementation of the SERPENT cipher is written by Ross
Anderson, Eli Biham, and Lars Knudsen, adapted to LSH by Rafael
Sevilla, and to Nettle by Niels Möller.
_SHA1_
The implementation of the SHA1 message digest is written by Peter
Gutmann, and hacked some more by Andrew Kuchling and Niels Möller.
Released into the public domain.
_TWOFISH_
The implementation of the TWOFISH cipher is written by Ruud de
Rooij. Released under the LGPL.

File: nettle.info, Node: Conventions, Next: Example, Prev: Copyright, Up: Top
Conventions
***********
For each supported algorithm, there is an include file that defines a
_context struct_, a few constants, and declares functions for operating
on the state. The context struct encapsulates all information needed by
the algorithm, and it can be copied or moved in memory with no
unexpected effects.
The functions for similar algorithms are similar, but there are some
differences, for instance reflecting if the key setup or encryption
function differ for encryption and encryption, and whether or not key
setup can fail. There are also differences that doesn't show in function
prototypes, but which the application must nevertheless be aware of.
There is no difference between stream ciphers and block ciphers,
although they should be used quite differently by the application.
If your application uses more than one algorithm, you should probably
create an interface that is tailor-made for your needs, and then write a
few lines of glue code on top of Nettle.
By convention, for an algorithm named `foo', the struct tag for the
context struct is `foo_ctx', constants and functions uses prefixes like
`FOO_BLOCK_SIZE' (a constant) and `foo_set_key' (a function).
In all functions, strings are represented with an explicit length, of
type `unsigned', and a pointer of type `uint8_t *' or a `const uint8_t
*'. For functions that transform one string to another, the argument
order is length, destination pointer and source pointer. Source and
destination areas are of the same length. Source and destination may be
the same, so that you can process strings in place, but they must not
overlap in any other way.

File: nettle.info, Node: Example, Next: Reference, Prev: Conventions, Up: Top
Example
*******
A simple example program that reads a file from standard in and
writes its SHA1 checksum on stdout should give the flavour of Nettle.
/* FIXME: This code is untested. */
#include <stdio.h>
#include <stdlib.h>
#include <nettle/sha1.h>
#define BUF_SIZE 1000
static void
display_hex(unsigned length, uint8_t *data)
{
static const char digits[16] = "0123456789abcdef";
unsigned i;
for (i = 0; i<length; i++)
{
uint8_t byte = data[i];
printf("%c%c ", digits[(byte / 16) & 0xf], digits[byte & 0xf]);
}
}
int
main(int argc, char **argv)
{
struct sha1_ctx ctx;
uint8_t buffer[BUF_SIZE];
uint8_t digest[SHA1_DIGEST_SIZE];
sha1_init(&ctx);
for (;;)
{
int done = fread(buffer, 1, sizeof(buffer), stdin);
if (done <= 0)
break;
sha1_update(&ctx, done, buf);
}
if (ferror(stdin))
return EXIT_FAILURE;
sha1_finish(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
display_hex(SHA1_DIGEST_SIZE, digest);
return EXIT_SUCCESS;
}

File: nettle.info, Node: Reference, Next: Installation, Prev: Example, Up: Top
Reference
*********
This chapter describes all the Nettle functions, grouped by family.
* Menu:
* Hash functions::
* Cipher functions::
* Miscellaneous functions::

File: nettle.info, Node: Hash functions, Next: Cipher functions, Prev: Reference, Up: Reference
Hash functions
==============
A cryptographic "hash function" is a function that takes variable
size strings, and maps them to strings of fixed, short, length. There
are naturally lots of collisions, as there are more possible 1MB files
than 20 byte strings. But the function is constructed such that is hard
to find the collisions. More precisely, a cryptographic hash function
`H' should have the following properties:
_One-way_
Given a hash value `H(x)' it is hard to find a string `x' that
hashes to that value.
_Collision-resistant_
It is hard to find two different strings, `x' and `y', such that
`H(x)' = `H(y)'.
Hash functions are useful as building blocks for digital signatures,
message authentication codes, pseudo random generators, associating
unique id:s to documents, and many other things.
MD5
---
MD5 is a message digest function constructed by Ronald Rivest, and
described in `RFC 1321'. It outputs message digests of 128 bits, or 16
octets. Nettle defines MD5 in `<nettle/md5.h>'.
- Context struct: struct md5_ctx
- Constant: MD5_DIGEST_SIZE
The size of an MD5 digest, i.e. 16.
- Constant: MD5_DATA_SIZE
The internal block size of MD5. Useful for some special
constructions, in particular HMAC-MD5.
- Function: void md5_init (struct md5_ctx *CTX)
Initialize the MD5 state.
- Function: void md5_update (struct md5_ctx *CTX, unsigned LENGTH,
const uint8_t *DATA)
Hash some more data.
- Function: void md5_final (struct md5_ctx *CTX)
Performs final processing that is needed after all input data has
been processed with `md5_update'.
- Function: void md5_digest (struct md5_ctx *CTX, unsigned LENGTH,
uint8_t *DIGEST)
Extracts the digest, writing it to DIGEST. LENGTH may be smaller
than `MD5_DIGEST_SIZE', in which case only the first LENGTH octets
of the digest are written.
This functions doesn't change the state in any way.
The normal way to use MD5 is to call the functions in order: First
`md5_init', then `md5_update' zero or more times, then `md5_final', and
at last `md5_digest' zero or more times.
To start over, you can call `md5_init' at any time.
SHA1
----
SHA1 is a hash function specified by "NIST" (The U.S. National
Institute for Standards and Technology. It outputs hash values of 160
bits, or 20 octets. Nettle defines SHA1 in `<nettle/sha1.h>'.
The functions are analogous to the MD5 ones.
- Context struct: struct sha1_ctx
- Constant: SHA1_DIGEST_SIZE
The size of an SHA1 digest, i.e. 20.
- Constant: SHA1_DATA_SIZE
The internal block size of SHA1. Useful for some special
constructions, in particular HMAC-SHA1.
- Function: void sha1_init (struct sha1_ctx *CTX)
Initialize the SHA1 state.
- Function: void sha1_update (struct sha1_ctx *CTX, unsigned LENGTH,
const uint8_t *DATA)
Hash some more data.
- Function: void sha1_final (struct sha1_ctx *CTX)
Performs final processing that is needed after all input data has
been processed with `sha1_update'.
- Function: void sha1_digest (struct sha1_ctx *CTX, unsigned LENGTH,
uint8_t *DIGEST)
Extracts the digest, writing it to DIGEST. LENGTH may be smaller
than `SHA1_DIGEST_SIZE', in which case only the first LENGTH octets
of the digest are written.
This functions doesn't change the state in any way.

File: nettle.info, Node: Cipher functions, Next: Miscellaneous functions, Prev: Hash functions, Up: Reference
Cipher functions
================
A "cipher" is a function that takes a message or "plaintext" and a
secret "key" and transforms it to a "ciphertext". Given only the
ciphertext, but not the key, it should be hard to find the cleartext.
Given matching pairs of plaintext and ciphertext, it should be hard to
find the key.
To do this, you first initialize the cipher context for encryption or
decryption with a particular key, then use it to process plaintext och
ciphertext messages. The initialization is also called "key setup".
With Nettle, it is recommended to use each context struct for only one
direction, even if some of the ciphers use a single key setup function
that can be used for both encryption and decryption.
There are two main classes of ciphers: Block ciphers and stream
ciphers.
A block cipher can process data only in fixed size chunks, called
"blocks". Typical block sizes are 8 or 16 octets. To encrypt arbitrary
messages, you usually have to pad it to an integral number of blocks,
split it into blocks, and then process each block. The simplest way is
to process one block at a time, independent of each other. That mode of
operation is called "ECB", Electronic Code Book mode. However, using
ECB is usually a bad idea. For a start, plaintext blocks that are equal
are transformed to ciphertext blocks that are equal; that leaks
information about the plaintext. Usually you should apply the cipher is
some feedback mode, "CBC" (Cipher Block Chaining) being one of the most
popular.
A stream cipher can be used for messages of arbitrary length; a
typical stream cipher is a keyed pseudorandom generator. To encrypt a
plaintext message of N octets, you key the generator, generate N octets
of pseudorandom data, and XOR it with the plaintext. To decrypt,
regenerate the same stream using the key, XOR it to the ciphertext, and
the plaintext is recovered.
*Caution:* The first rule for this kind of cipher is the same as for
a One Time Pad: _never_ ever use the same key twice.
A common misconception is that encryption, by itself, implies
authentication. Say that you and a friend share a secret key, and you
receive an encrypted message, apply the key, and get a cleartext message
that makes sense to you. Can you then be sure that it really was your
friend that wrote the message you're reading? The anser is no. For
example, if you were using a block cipher in ECB mode, an attacker may
pick up the message on its way, and reorder, delete or repeat some of
the blocks. Even if the attacker can't decrypt the message, he can
change it so that you are not reading the same message as your friend
wrote. If you are using a block cipher in CBC mode rather than ECB, or
are using a stream cipher, the possibilities for this sort of attack are
different, but the attacker can still make predictable changes to the
message.
It is recommended to _always_ use an authentication mechanism in
addition to encrypting the messages. Popular choices are Message
Authetication Codes like HMAC-SHA1, or digital signatures.
Some ciphers have so called "weak keys", keys that results in
undesirable structure after the key setup processing, and should be
avoided. In Nettle, the presence of weak keys for a cipher mean that the
key setup function can fail, so you have to check its return value. In
addition, the context struct has a field `status', that is set to a
non-zero value if key setup fails. When possible, avoid algorithm that
have weak keys. There are several good ciphers that don't have any weak
keys.
AES
---
AES is a quite new block cipher, specified by NIST as a replacement
for the older DES standard. It is the result of a competition between
cipher designers, and the winning design, constructed by Joan Daemen and
Vincent Rijnmen. Before it won the competition, it was known under the
name RIJNDAEL.
Like all the AES candidates, the winning design uses a block size of
128 bits, or 16 octets, and variable keysize, 128, 192 and 256 bits
(16, 24 and 32 octets) being the allowed key sizes. It does not have
any weak keys. Nettle defines AES in `<nettle/aes.h>'.
- Context struct: struct aes_ctx
- Constant: AES_BLOCK_SIZE
The AES blocksize, 16
- Constant: AES_MIN_KEY_SIZE
- Constant: AES_MAX_KEY_SIZE
- Constant: AES_KEY_SIZE
Default AES key size, 32
- Function: void aes_set_key (struct aes_ctx *CTX, unsigned LENGTH,
const uint8_t *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption.
- Function: void aes_encrypt (struct aes_ctx *CTX, unsigned LENGTH,
const uint8_t *DST, uint8_t *SRC)
Encryption function. LENGTH must be an integral multiple of the
block size. If it is more than one block, the data is processed in
ECB mode. `src' and `dst' may be equal, but they must not overlap
in any other way.
- Function: void aes_decrypt (struct aes_ctx *CTX, unsigned LENGTH,
const uint8_t *DST, uint8_t *SRC)
Analogous to `aes_encrypt'
ARCFOUR
-------
ARCFOUR is a stream cipher, also known under the trade marked name
RC4, and it is one of the fastest ciphers around. A problem is that the
key setup of ARCFOUR is quite weak, you should never use keys with
structure, keys that are ordinary passwords, or sequences of keys like
"secret:1", "secret:2", ..... If you have keys that don't look like
random bit strings, and you want to use ARCFOUR, always hash the key
before feeding it to ARCFOUR. For example
/* A more robust key setup function for ARCFOUR */
void
my_arcfour_set_key(struct arcfour_ctx *ctx,
unsigned length, const uint8_t *key)
{
struct sha1_ctx hash;
uint8_t digest[SHA1_DIGEST_SIZE];
sha1_init(&hash);
sha1_update(&hash, length, key);
sha1_final(&hash);
sha1_digest(&hash, SHA1_DIGEST_SIZE, digest);
arcfour_set_key(ctx, SHA1_DIGEST_SIZE, digest);
}
Nettle defines ARCFOUR in `<nettle/arcfour.h>'.
- Context struct: struct arcfour_ctx
- Constant: ARCFOUR_BLOCK_SIZE
The ARCFOUR blocksize, 16
- Constant: ARCFOUR_MIN_KEY_SIZE
Minimum key size, 1
- Constant: ARCFOUR_MAX_KEY_SIZE
Maximum key size, 256
- Constant: ARCFOUR_KEY_SIZE
Default ARCFOUR key size, 16
- Function: void arcfour_set_key (struct arcfour_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption.
- Function: void arcfour_crypt (struct arcfour_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY)
Encrypt some data. The same function is used for both encryption
and decryption. Unlike the block ciphers, this function modifies
the context, so you can split the data into arbitrary chunks and
encrypt them one after another. The result is the same as if you
had called `arcfour_crypt' only once with all the data.
CAST128
-------
CAST-128 is a block cipher, specified in `RFC 2144'. It uses a 64
bit (8 octets) block size, and a variable key size of up to 128 bits.
Nettle defines cast128 in `<nettle/cast128.h>'.
- Context struct: struct cast128_ctx
- Constant: CAST128_BLOCK_SIZE
The CAST128 blocksize, 8
- Constant: CAST128_MIN_KEY_SIZE
Minumim CAST128 key size, 5
- Constant: CAST128_MAX_KEY_SIZE
Maximum CAST128 key size, 16
- Constant: CAST128_KEY_SIZE
Default CAST128 key size, 16
- Function: void cast128_set_key (struct cast128_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption.
- Function: void cast128_encrypt (struct cast128_ctx *CTX, unsigned
LENGTH, const uint8_t *DST, uint8_t *SRC)
Encryption function. LENGTH must be an integral multiple of the
block size. If it is more than one block, the data is processed in
ECB mode. `src' and `dst' may be equal, but they must not overlap
in any other way.
- Function: void cast128_decrypt (struct cast128_ctx *CTX, unsigned
LENGTH, const uint8_t *DST, uint8_t *SRC)
Analogous to `cast128_encrypt'
BLOWFISH
--------
BLOWFISH is a block cipher designed by Bruce Schneier. It uses a
block size of 64 bits (8 octets), and a variable key size, up to 448
bits. It has some weak keys. Nettle defines BLOWFISH in
`<nettle/blowfish.h>'.
- Context struct: struct blowfish_ctx
- Constant: BLOWFISH_BLOCK_SIZE
The BLOWFISH blocksize, 8
- Constant: BLOWFISH_MIN_KEY_SIZE
Minimum BLOWFISH key size, 8
- Constant: BLOWFISH_MAX_KEY_SIZE
Maximum BLOWFISH key size, 56
- Constant: BLOWFISH_KEY_SIZE
Default BLOWFISH key size, 16
- Function: int blowfish_set_key (struct blowfish_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption. Returns 1 on success, and 0 if the key
was weak. Calling `blowfish_encrypt' or `blowfish_decrypt' with a
weak key will crash with an assert violation.
- Function: void blowfish_encrypt (struct blowfish_ctx *CTX, unsigned
LENGTH, const uint8_t *DST, uint8_t *SRC)
Encryption function. LENGTH must be an integral multiple of the
block size. If it is more than one block, the data is processed in
ECB mode. `src' and `dst' may be equal, but they must not overlap
in any other way.
- Function: void blowfish_decrypt (struct blowfish_ctx *CTX, unsigned
LENGTH, const uint8_t *DST, uint8_t *SRC)
Analogous to `blowfish_encrypt'
DES
---
DES is the old Data Encryption Standard, specified by NIST. It uses a
block size of 64 bits (8 octets), and a key size of 56 bits. However,
the key bits are distributed over 8 octets, where the least significant
bit of each octet is used for parity. A common way to use DES is to
generate 8 random octets in some way, then set the least significant bit
of each octet to get odd parity, and initialize DES with the resulting
key.
The key size of DES is so small that keys can be found by brute
force, using specialized hardware or lots of ordinary work stations in
parallell. One shouldn't be using plain DES at all today, if one uses
DES at all one should be using "triple DES", three DES ciphers piped
together, with three (or sometimes just two) independent keys.
DES also has some weak keys. Nettle defines DES in `<nettle/des.h>'.
- Context struct: struct des_ctx
- Constant: DES_BLOCK_SIZE
The DES blocksize, 8
- Constant: DES_KEY_SIZE
DES key size, 8
- Function: int des_set_key (struct des_ctx *CTX, unsigned LENGTH,
const uint8_t *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption. Returns 1 on success, and 0 if the key
was weak or had bad parity. Calling `des_encrypt' or `des_decrypt'
with a bad key will crash with an assert violation.
- Function: void des_encrypt (struct des_ctx *CTX, unsigned LENGTH,
const uint8_t *DST, uint8_t *SRC)
Encryption function. LENGTH must be an integral multiple of the
block size. If it is more than one block, the data is processed in
ECB mode. `src' and `dst' may be equal, but they must not overlap
in any other way.
- Function: void des_decrypt (struct des_ctx *CTX, unsigned LENGTH,
const uint8_t *DST, uint8_t *SRC)
Analogous to `des_encrypt'
SERPENT
-------
SERPENT is one of the AES finalists, designed by Ross Anderson, Eli
Biham and Lars Knudsen. Thus, the interface and properties are similar
to AES'. One pecularity is that it is quite pointless to use it with
anything but the maximum key size, smaller keys are just padded to
larger ones. Nettle defines SERPENT in `<nettle/serpent.h>'.
- Context struct: struct serpent_ctx
- Constant: SERPENT_BLOCK_SIZE
The SERPENT blocksize, 16
- Constant: SERPENT_MIN_KEY_SIZE
Minumim SERPENT key size, 16
- Constant: SERPENT_MAX_KEY_SIZE
Maximum SERPENT key size, 32
- Constant: SERPENT_KEY_SIZE
Default SERPENT key size, 32
- Function: void serpent_set_key (struct serpent_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption.
- Function: void serpent_encrypt (struct serpent_ctx *CTX, unsigned
LENGTH, const uint8_t *DST, uint8_t *SRC)
Encryption function. LENGTH must be an integral multiple of the
block size. If it is more than one block, the data is processed in
ECB mode. `src' and `dst' may be equal, but they must not overlap
in any other way.
- Function: void serpent_decrypt (struct serpent_ctx *CTX, unsigned
LENGTH, const uint8_t *DST, uint8_t *SRC)
Analogous to `serpent_encrypt'
TWOFISH
-------
Another AES finalist, this one designed by Bruce Schneier and others.
Nettle defines it in `<nettle/twofish.h>'.
- Context struct: struct twofish_ctx
- Constant: TWOFISH_BLOCK_SIZE
The TWOFISH blocksize, 16
- Constant: TWOFISH_MIN_KEY_SIZE
Minumim TWOFISH key size, 16
- Constant: TWOFISH_MAX_KEY_SIZE
Maximum TWOFISH key size, 32
- Constant: TWOFISH_KEY_SIZE
Default TWOFISH key size, 32
- Function: void twofish_set_key (struct twofish_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption.
- Function: void twofish_encrypt (struct twofish_ctx *CTX, unsigned
LENGTH, const uint8_t *DST, uint8_t *SRC)
Encryption function. LENGTH must be an integral multiple of the
block size. If it is more than one block, the data is processed in
ECB mode. `src' and `dst' may be equal, but they must not overlap
in any other way.
- Function: void twofish_decrypt (struct twofish_ctx *CTX, unsigned
LENGTH, const uint8_t *DST, uint8_t *SRC)
Analogous to `twofish_encrypt'

File: nettle.info, Node: Miscellaneous functions, Prev: Cipher functions, Up: Reference
Miscellaneous functions
=======================
- Function: uint8_t * memxor (uint8_t *DST, const uint8_t *SRC, size_t
N)
XOR:s the source area on top of the destination area. The interface
doesn't follow the Nettle conventions, because it is intended to be
similar to the ANSI-C `memcpy' function.

File: nettle.info, Node: Installation, Next: Index, Prev: Reference, Up: Top
Installation
************
Nettle uses `autoconf' and `automake'. To build it, unpack the
source and run
./configure
make
make check
make install
to install in the default location, `/usr/local'. The library is
installed in `/use/local/lib/libnettle.a' and the include files are
installed in `/use/local/include/nettle/'.
Only static libraries are installed.

File: nettle.info, Node: Index, Prev: Installation, Up: Top
Function and Concept Index
**************************
* Menu:
* aes_decrypt: Cipher functions.
* aes_encrypt: Cipher functions.
* aes_set_key: Cipher functions.
* arcfour_crypt: Cipher functions.
* arcfour_set_key: Cipher functions.
* blowfish_decrypt: Cipher functions.
* blowfish_encrypt: Cipher functions.
* blowfish_set_key: Cipher functions.
* cast128_decrypt: Cipher functions.
* cast128_encrypt: Cipher functions.
* cast128_set_key: Cipher functions.
* des_decrypt: Cipher functions.
* des_encrypt: Cipher functions.
* des_set_key: Cipher functions.
* md5_digest: Hash functions.
* md5_final: Hash functions.
* md5_init: Hash functions.
* md5_update: Hash functions.
* memxor: Miscellaneous functions.
* serpent_decrypt: Cipher functions.
* serpent_encrypt: Cipher functions.
* serpent_set_key: Cipher functions.
* sha1_digest: Hash functions.
* sha1_final: Hash functions.
* sha1_init: Hash functions.
* sha1_update: Hash functions.
* twofish_decrypt: Cipher functions.
* twofish_encrypt: Cipher functions.
* twofish_set_key: Cipher functions.

Tag Table:
Node: Top1130
Node: Introduction1608
Node: Copyright3013
Node: Conventions5019
Node: Example6759
Node: Reference8076
Node: Hash functions8333
Node: Cipher functions11858
Node: Miscellaneous functions26002
Node: Installation26423
Node: Index26899

End Tag Table

838
lsh/src/nettle/nettle.texinfo Normal file
View File

@ -0,0 +1,838 @@
\input texinfo @c -*-texinfo-*-
@c %**start of header
@setfilename nettle.info
@settitle The Nettle low-level cryptographic library.
@c %**end of header
@syncodeindex fn cp
@dircategory GNU Libraries
@direntry
* Nettle: (nettle). A low-level cryptographics library.
@end direntry
@set UPDATED-FOR 0.2
@c Latin-1 doesn't work with tex output.
@c Also lookout for é characters.
@set AUTHOR Niels Möller
@ifinfo
Draft manual for the Nettle library. This manual corresponds to version
@value{UPDATED-FOR}.
Copyright 2001 @value{AUTHOR}
Permission is granted to make and distribute verbatim
copies of this manual provided the copyright notice and
this permission notice are preserved on all copies.
@ignore
Permission is granted to process this file through TeX
and print the results, provided the printed document
carries a copying permission notice identical to this
one except for the removal of this paragraph (this
paragraph not being relevant to the printed manual).
@end ignore
Permission is granted to copy and distribute modified
versions of this manual under the conditions for
verbatim copying, provided also that the sections
entitled ``Copying'' and ``GNU General Public License''
are included exactly as in the original, and provided
that the entire resulting derived work is distributed
under the terms of a permission notice identical to this
one.
Permission is granted to copy and distribute
translations of this manual into another language,
under the above conditions for modified versions,
except that this permission notice may be stated in a
translation approved by the Free Software Foundation.
@end ifinfo
@titlepage
@sp 10
@c @center @titlefont{Nettle Manual}
@title Nettle Manual
@subtitle For the Nettle Library version @value{UPDATED-FOR}
@author @value{AUTHOR}
@c The following two commands start the copyright page.
@page
@vskip 0pt plus 1filll
Copyright @copyright{} 2001 @value{AUTHOR}
Permission is granted to make and distribute verbatim
copies of this manual provided the copyright notice and
this permission notice are preserved on all copies.
Permission is granted to copy and distribute modified
versions of this manual under the conditions for
verbatim copying, provided also that the sections
entitled ``Copying'' and ``GNU General Public License''
are included exactly as in the original, and provided
that the entire resulting derived work is distributed
under the terms of a permission notice identical to this
one.
Permission is granted to copy and distribute
translations of this manual into another language,
under the above conditions for modified versions,
except that this permission notice may be stated in a
translation approved by the Free Software Foundation.
@end titlepage
@ifnottex
@node Top, Introduction, (dir), (dir)
@comment node-name, next, previous, up
@top
This document describes the nettle low-level cryptographic library. You
can use the library directly from your C-programs, or (recommended)
write or use an object-oriented wrapper for your favourite language or
application.
This manual coresponds to version @value{UPDATED-FOR} of the library.
@menu
* Introduction::
* Copyright::
* Conventions::
* Example::
* Reference::
* Installation::
* Index::
@end menu
@end ifnottex
@node Introduction, Copyright, Top, Top
@comment node-name, next, previous, up
@chapter Introduction
Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
kernel space. In most contexts, you need more than the basic
cryptographic algorithms, you also need some way to keep track of available
algorithms, their properties and variants. You often have some algorithm
selection process, often dictated by a protocol you want to implement.
And as the requirements of applications differ on subtle and not so
subtle ways, an API that fits one application well can be a pain to use
in a different context. And that is why there are so many different
cryptographic libraries around.
Nettle tries to avoid this problem by doing one thing, the low-level
crypto stuff, and providing a @emph{simple} but general interface to it.
In particular, Nettle doesn't do algorithm selection. It doesn't do
memory allocation. It doesn't do any I/O.
The idea is that one can build several application and context specific
interfaces on top of Nettle, and share the code, testcases, banchmarks,
documentation, etc. For this first version, the only application using
Nettle is LSH, and it uses an object-oriented abstraction on top of the
library.
@node Copyright, Conventions, Introduction, Top
@comment node-name, next, previous, up
@chapter Copyright
Nettle is distributed under the GNU General Public License (see the file
COPYING for details). However, many of the individual files are dual
licensed under less restrictive licenses like the GNU Lesser General
Public License, or public domain. Consult the headers in each file for
details.
It is conceivable that future versions will use the LGPL rather than the
GPL, mail me if you have questions or suggestions.
A list of the supported algorithms, their origins and licenses:
@table @emph
@item AES
The implementation of the AES cipher (also known as rijndael) is written
by Rafael Sevilla. Released under the LGPL.
@item ARCFOUR
The implementation of the ARCFOUR (also known as RC4) cipher is written
by Niels Möller. Released under the LGPL.
@item BLOWFISH
The implementation of the BLOWFISH cipher is written by Werner Koch,
copyright owned by the Free Software Foundation. Also hacked by Ray
Dassen and Niels Möller. Released under the GPL.
@item CAST128
The implementation of the CAST128 cipher is written by Steve Reid.
Released into the public domain.
@item DES
The implementation of the DES cipher is written by Dana L. How, and
released under the LGPL.
@item MD5
The implementation of the MD5 message digest is written by Colin Plumb.
It has been hacked some more by Andrew Kuchling and Niels Möller.
Released into the public domain.
@item SERPENT
The implementation of the SERPENT cipher is written by Ross Anderson,
Eli Biham, and Lars Knudsen, adapted to LSH by Rafael Sevilla, and to
Nettle by Niels Möller.
@item SHA1
The implementation of the SHA1 message digest is written by Peter
Gutmann, and hacked some more by Andrew Kuchling and Niels Möller.
Released into the public domain.
@item TWOFISH
The implementation of the TWOFISH cipher is written by Ruud de Rooij.
Released under the LGPL.
@end table
@node Conventions, Example, Copyright, Top
@comment node-name, next, previous, up
@chapter Conventions
For each supported algorithm, there is an include file that defines a
@emph{context struct}, a few constants, and declares functions for
operating on the state. The context struct encapsulates all information
needed by the algorithm, and it can be copied or moved in memory with no
unexpected effects.
The functions for similar algorithms are similar, but there are some
differences, for instance reflecting if the key setup or encryption
function differ for encryption and encryption, and whether or not key
setup can fail. There are also differences that doesn't show in function
prototypes, but which the application must nevertheless be aware of.
There is no difference between stream ciphers and block ciphers,
although they should be used quite differently by the application.
If your application uses more than one algorithm, you should probably
create an interface that is tailor-made for your needs, and then write a
few lines of glue code on top of Nettle.
By convention, for an algorithm named @code{foo}, the struct tag for the
context struct is @code{foo_ctx}, constants and functions uses prefixes
like @code{FOO_BLOCK_SIZE} (a constant) and @code{foo_set_key} (a
function).
In all functions, strings are represented with an explicit length, of
type @code{unsigned}, and a pointer of type @code{uint8_t *} or a
@code{const uint8_t *}. For functions that transform one string to
another, the argument order is length, destination pointer and source
pointer. Source and destination areas are of the same length. Source and
destination may be the same, so that you can process strings in place,
but they must not overlap in any other way.
@node Example, Reference, Conventions, Top
@comment node-name, next, previous, up
@chapter Example
A simple example program that reads a file from standard in and writes
its SHA1 checksum on stdout should give the flavour of Nettle.
@example
/* FIXME: This code is untested. */
#include <stdio.h>
#include <stdlib.h>
#include <nettle/sha1.h>
#define BUF_SIZE 1000
static void
display_hex(unsigned length, uint8_t *data)
@{
static const char digits[16] = "0123456789abcdef";
unsigned i;
for (i = 0; i<length; i++)
@{
uint8_t byte = data[i];
printf("%c%c ", digits[(byte / 16) & 0xf], digits[byte & 0xf]);
@}
@}
int
main(int argc, char **argv)
@{
struct sha1_ctx ctx;
uint8_t buffer[BUF_SIZE];
uint8_t digest[SHA1_DIGEST_SIZE];
sha1_init(&ctx);
for (;;)
@{
int done = fread(buffer, 1, sizeof(buffer), stdin);
if (done <= 0)
break;
sha1_update(&ctx, done, buf);
@}
if (ferror(stdin))
return EXIT_FAILURE;
sha1_finish(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
display_hex(SHA1_DIGEST_SIZE, digest);
return EXIT_SUCCESS;
@}
@end example
@node Reference, Installation, Example, Top
@comment node-name, next, previous, up
@chapter Reference
This chapter describes all the Nettle functions, grouped by family.
@menu
* Hash functions::
* Cipher functions::
* Miscellaneous functions::
@end menu
@node Hash functions, Cipher functions, Reference, Reference
@comment node-name, next, previous, up
@section Hash functions
A cryptographic @dfn{hash function} is a function that takes variable
size strings, and maps them to strings of fixed, short, length. There
are naturally lots of collisions, as there are more possible 1MB files
than 20 byte strings. But the function is constructed such that is hard
to find the collisions. More precisely, a cryptographic hash function
@code{H} should have the following properties:
@table @emph
@item One-way
Given a hash value @code{H(x)} it is hard to find a string @code{x}
that hashes to that value.
@item Collision-resistant
It is hard to find two different strings, @code{x} and @code{y}, such
that @code{H(x)} = @code{H(y)}.
@end table
Hash functions are useful as building blocks for digital signatures,
message authentication codes, pseudo random generators, associating
unique id:s to documents, and many other things.
@subsection @acronym{MD5}
MD5 is a message digest function constructed by Ronald Rivest, and
described in @cite{RFC 1321}. It outputs message digests of 128 bits, or
16 octets. Nettle defines MD5 in @file{<nettle/md5.h>}.
@deftp {Context struct} {struct md5_ctx}
@end deftp
@defvr Constant MD5_DIGEST_SIZE
The size of an MD5 digest, i.e. 16.
@end defvr
@defvr Constant MD5_DATA_SIZE
The internal block size of MD5. Useful for some special constructions,
in particular HMAC-MD5.
@end defvr
@deftypefun void md5_init (struct md5_ctx *@var{ctx})
Initialize the MD5 state.
@end deftypefun
@deftypefun void md5_update (struct md5_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
Hash some more data.
@end deftypefun
@deftypefun void md5_final (struct md5_ctx *@var{ctx})
Performs final processing that is needed after all input data has been
processed with @code{md5_update}.
@end deftypefun
@deftypefun void md5_digest (struct md5_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
Extracts the digest, writing it to @var{digest}. @var{length} may be smaller than
@code{MD5_DIGEST_SIZE}, in which case only the first @var{length} octets
of the digest are written.
This functions doesn't change the state in any way.
@end deftypefun
The normal way to use MD5 is to call the functions in order: First
@code{md5_init}, then @code{md5_update} zero or more times, then
@code{md5_final}, and at last @code{md5_digest} zero or more times.
To start over, you can call @code{md5_init} at any time.
@subsection @acronym{SHA1}
SHA1 is a hash function specified by @dfn{NIST} (The U.S. National Institute
for Standards and Technology. It outputs hash values of 160 bits, or 20
octets. Nettle defines SHA1 in @file{<nettle/sha1.h>}.
The functions are analogous to the MD5 ones.
@deftp {Context struct} {struct sha1_ctx}
@end deftp
@defvr Constant SHA1_DIGEST_SIZE
The size of an SHA1 digest, i.e. 20.
@end defvr
@defvr Constant SHA1_DATA_SIZE
The internal block size of SHA1. Useful for some special constructions,
in particular HMAC-SHA1.
@end defvr
@deftypefun void sha1_init (struct sha1_ctx *@var{ctx})
Initialize the SHA1 state.
@end deftypefun
@deftypefun void sha1_update (struct sha1_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
Hash some more data.
@end deftypefun
@deftypefun void sha1_final (struct sha1_ctx *@var{ctx})
Performs final processing that is needed after all input data has been
processed with @code{sha1_update}.
@end deftypefun
@deftypefun void sha1_digest (struct sha1_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
Extracts the digest, writing it to @var{digest}. @var{length} may be smaller than
@code{SHA1_DIGEST_SIZE}, in which case only the first @var{length} octets
of the digest are written.
This functions doesn't change the state in any way.
@end deftypefun
@node Cipher functions, Miscellaneous functions, Hash functions, Reference
@comment node-name, next, previous, up
@section Cipher functions
A @dfn{cipher} is a function that takes a message or @dfn{plaintext}
and a secret @dfn{key} and transforms it to a @dfn{ciphertext}. Given
only the ciphertext, but not the key, it should be hard to find the
cleartext. Given matching pairs of plaintext and ciphertext, it should
be hard to find the key.
To do this, you first initialize the cipher context for encryption or
decryption with a particular key, then use it to process plaintext och
ciphertext messages. The initialization is also called @dfn{key setup}.
With Nettle, it is recommended to use each context struct for only one
direction, even if some of the ciphers use a single key setup function
that can be used for both encryption and decryption.
There are two main classes of ciphers: Block ciphers and stream ciphers.
A block cipher can process data only in fixed size chunks, called
@dfn{blocks}. Typical block sizes are 8 or 16 octets. To encrypt
arbitrary messages, you usually have to pad it to an integral number of
blocks, split it into blocks, and then process each block. The simplest
way is to process one block at a time, independent of each other. That
mode of operation is called @dfn{ECB}, Electronic Code Book mode.
However, using ECB is usually a bad idea. For a start, plaintext blocks
that are equal are transformed to ciphertext blocks that are equal; that
leaks information about the plaintext. Usually you should apply the
cipher is some feedback mode, @dfn{CBC} (Cipher Block Chaining) being one
of the most popular.
A stream cipher can be used for messages of arbitrary length; a typical
stream cipher is a keyed pseudorandom generator. To encrypt a plaintext
message of @var{n} octets, you key the generator, generate @var{n}
octets of pseudorandom data, and XOR it with the plaintext. To decrypt,
regenerate the same stream using the key, XOR it to the ciphertext, and
the plaintext is recovered.
@strong{Caution:} The first rule for this kind of cipher is the
same as for a One Time Pad: @emph{never} ever use the same key twice.
A common misconception is that encryption, by itself, implies
authentication. Say that you and a friend share a secret key, and you
receive an encrypted message, apply the key, and get a cleartext message
that makes sense to you. Can you then be sure that it really was your
friend that wrote the message you're reading? The anser is no. For
example, if you were using a block cipher in ECB mode, an attacker may
pick up the message on its way, and reorder, delete or repeat some of
the blocks. Even if the attacker can't decrypt the message, he can
change it so that you are not reading the same message as your friend
wrote. If you are using a block cipher in CBC mode rather than ECB, or
are using a stream cipher, the possibilities for this sort of attack are
different, but the attacker can still make predictable changes to the
message.
It is recommended to @emph{always} use an authentication mechanism in
addition to encrypting the messages. Popular choices are Message
Authetication Codes like HMAC-SHA1, or digital signatures.
Some ciphers have so called "weak keys", keys that results in
undesirable structure after the key setup processing, and should be
avoided. In Nettle, the presence of weak keys for a cipher mean that the
key setup function can fail, so you have to check its return value. In
addition, the context struct has a field @code{status}, that is set to a
non-zero value if key setup fails. When possible, avoid algorithm that
have weak keys. There are several good ciphers that don't have any weak
keys.
@subsection AES
AES is a quite new block cipher, specified by NIST as a replacement for
the older DES standard. It is the result of a competition between cipher
designers, and the winning design, constructed by Joan Daemen and
Vincent Rijnmen. Before it won the competition, it was known under the
name RIJNDAEL.
Like all the AES candidates, the winning design uses a block size of 128
bits, or 16 octets, and variable keysize, 128, 192 and 256 bits (16, 24
and 32 octets) being the allowed key sizes. It does not have any weak
keys. Nettle defines AES in @file{<nettle/aes.h>}.
@deftp {Context struct} {struct aes_ctx}
@end deftp
@defvr Constant AES_BLOCK_SIZE
The AES blocksize, 16
@end defvr
@defvr Constant AES_MIN_KEY_SIZE
@end defvr
@defvr Constant AES_MAX_KEY_SIZE
@end defvr
@defvr Constant AES_KEY_SIZE
Default AES key size, 32
@end defvr
@deftypefun void aes_set_key (struct aes_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
Initialize the cipher. The same function is used for both encryption and
decryption.
@end deftypefun
@deftypefun void aes_encrypt (struct aes_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
Encryption function. @var{length} must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. @code{src} and @code{dst} may be equal, but they must not overlap
in any other way.
@end deftypefun
@deftypefun void aes_decrypt (struct aes_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
Analogous to @code{aes_encrypt}
@end deftypefun
@subsection ARCFOUR
ARCFOUR is a stream cipher, also known under the trade marked name RC4,
and it is one of the fastest ciphers around. A problem is that the key
setup of ARCFOUR is quite weak, you should never use keys with
structure, keys that are ordinary passwords, or sequences of keys like
"secret:1", "secret:2", @enddots{}. If you have keys that don't look
like random bit strings, and you want to use ARCFOUR, always hash the
key before feeding it to ARCFOUR. For example
@example
/* A more robust key setup function for ARCFOUR */
void
my_arcfour_set_key(struct arcfour_ctx *ctx,
unsigned length, const uint8_t *key)
@{
struct sha1_ctx hash;
uint8_t digest[SHA1_DIGEST_SIZE];
sha1_init(&hash);
sha1_update(&hash, length, key);
sha1_final(&hash);
sha1_digest(&hash, SHA1_DIGEST_SIZE, digest);
arcfour_set_key(ctx, SHA1_DIGEST_SIZE, digest);
@}
@end example
Nettle defines ARCFOUR in @file{<nettle/arcfour.h>}.
@deftp {Context struct} {struct arcfour_ctx}
@end deftp
@defvr Constant ARCFOUR_BLOCK_SIZE
The ARCFOUR blocksize, 16
@end defvr
@defvr Constant ARCFOUR_MIN_KEY_SIZE
Minimum key size, 1
@end defvr
@defvr Constant ARCFOUR_MAX_KEY_SIZE
Maximum key size, 256
@end defvr
@defvr Constant ARCFOUR_KEY_SIZE
Default ARCFOUR key size, 16
@end defvr
@deftypefun void arcfour_set_key (struct arcfour_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
Initialize the cipher. The same function is used for both encryption and
decryption.
@end deftypefun
@deftypefun void arcfour_crypt (struct arcfour_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
Encrypt some data. The same function is used for both encryption and
decryption. Unlike the block ciphers, this function modifies the
context, so you can split the data into arbitrary chunks and encrypt
them one after another. The result is the same as if you had called
@code{arcfour_crypt} only once with all the data.
@end deftypefun
@subsection CAST128
CAST-128 is a block cipher, specified in @cite{RFC 2144}. It uses a 64
bit (8 octets) block size, and a variable key size of up to 128 bits.
Nettle defines cast128 in @file{<nettle/cast128.h>}.
@deftp {Context struct} {struct cast128_ctx}
@end deftp
@defvr Constant CAST128_BLOCK_SIZE
The CAST128 blocksize, 8
@end defvr
@defvr Constant CAST128_MIN_KEY_SIZE
Minumim CAST128 key size, 5
@end defvr
@defvr Constant CAST128_MAX_KEY_SIZE
Maximum CAST128 key size, 16
@end defvr
@defvr Constant CAST128_KEY_SIZE
Default CAST128 key size, 16
@end defvr
@deftypefun void cast128_set_key (struct cast128_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
Initialize the cipher. The same function is used for both encryption and
decryption.
@end deftypefun
@deftypefun void cast128_encrypt (struct cast128_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
Encryption function. @var{length} must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. @code{src} and @code{dst} may be equal, but they must not overlap
in any other way.
@end deftypefun
@deftypefun void cast128_decrypt (struct cast128_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
Analogous to @code{cast128_encrypt}
@end deftypefun
@subsection BLOWFISH
BLOWFISH is a block cipher designed by Bruce Schneier. It uses a block
size of 64 bits (8 octets), and a variable key size, up to 448 bits. It
has some weak keys. Nettle defines BLOWFISH in @file{<nettle/blowfish.h>}.
@deftp {Context struct} {struct blowfish_ctx}
@end deftp
@defvr Constant BLOWFISH_BLOCK_SIZE
The BLOWFISH blocksize, 8
@end defvr
@defvr Constant BLOWFISH_MIN_KEY_SIZE
Minimum BLOWFISH key size, 8
@end defvr
@defvr Constant BLOWFISH_MAX_KEY_SIZE
Maximum BLOWFISH key size, 56
@end defvr
@defvr Constant BLOWFISH_KEY_SIZE
Default BLOWFISH key size, 16
@end defvr
@deftypefun int blowfish_set_key (struct blowfish_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
Initialize the cipher. The same function is used for both encryption and
decryption. Returns 1 on success, and 0 if the key was weak. Calling
@code{blowfish_encrypt} or @code{blowfish_decrypt} with a weak key will
crash with an assert violation.
@end deftypefun
@deftypefun void blowfish_encrypt (struct blowfish_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
Encryption function. @var{length} must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. @code{src} and @code{dst} may be equal, but they must not overlap
in any other way.
@end deftypefun
@deftypefun void blowfish_decrypt (struct blowfish_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
Analogous to @code{blowfish_encrypt}
@end deftypefun
@subsection DES
DES is the old Data Encryption Standard, specified by NIST. It uses a
block size of 64 bits (8 octets), and a key size of 56 bits. However,
the key bits are distributed over 8 octets, where the least significant
bit of each octet is used for parity. A common way to use DES is to
generate 8 random octets in some way, then set the least significant bit
of each octet to get odd parity, and initialize DES with the resulting
key.
The key size of DES is so small that keys can be found by brute force,
using specialized hardware or lots of ordinary work stations in
parallell. One shouldn't be using plain DES at all today, if one uses
DES at all one should be using "triple DES", three DES ciphers piped
together, with three (or sometimes just two) independent keys.
DES also has some weak keys. Nettle defines DES in @file{<nettle/des.h>}.
@deftp {Context struct} {struct des_ctx}
@end deftp
@defvr Constant DES_BLOCK_SIZE
The DES blocksize, 8
@end defvr
@defvr Constant DES_KEY_SIZE
DES key size, 8
@end defvr
@deftypefun int des_set_key (struct des_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
Initialize the cipher. The same function is used for both encryption and
decryption. Returns 1 on success, and 0 if the key was weak or had bad
parity. Calling @code{des_encrypt} or @code{des_decrypt} with a bad key
will crash with an assert violation.
@end deftypefun
@deftypefun void des_encrypt (struct des_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
Encryption function. @var{length} must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. @code{src} and @code{dst} may be equal, but they must not overlap
in any other way.
@end deftypefun
@deftypefun void des_decrypt (struct des_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
Analogous to @code{des_encrypt}
@end deftypefun
@subsection SERPENT
SERPENT is one of the AES finalists, designed by Ross Anderson, Eli
Biham and Lars Knudsen. Thus, the interface and properties are similar
to AES'. One pecularity is that it is quite pointless to use it with
anything but the maximum key size, smaller keys are just padded to
larger ones. Nettle defines SERPENT in @file{<nettle/serpent.h>}.
@deftp {Context struct} {struct serpent_ctx}
@end deftp
@defvr Constant SERPENT_BLOCK_SIZE
The SERPENT blocksize, 16
@end defvr
@defvr Constant SERPENT_MIN_KEY_SIZE
Minumim SERPENT key size, 16
@end defvr
@defvr Constant SERPENT_MAX_KEY_SIZE
Maximum SERPENT key size, 32
@end defvr
@defvr Constant SERPENT_KEY_SIZE
Default SERPENT key size, 32
@end defvr
@deftypefun void serpent_set_key (struct serpent_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
Initialize the cipher. The same function is used for both encryption and
decryption.
@end deftypefun
@deftypefun void serpent_encrypt (struct serpent_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
Encryption function. @var{length} must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. @code{src} and @code{dst} may be equal, but they must not overlap
in any other way.
@end deftypefun
@deftypefun void serpent_decrypt (struct serpent_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
Analogous to @code{serpent_encrypt}
@end deftypefun
@subsection TWOFISH
Another AES finalist, this one designed by Bruce Schneier and others.
Nettle defines it in @file{<nettle/twofish.h>}.
@deftp {Context struct} {struct twofish_ctx}
@end deftp
@defvr Constant TWOFISH_BLOCK_SIZE
The TWOFISH blocksize, 16
@end defvr
@defvr Constant TWOFISH_MIN_KEY_SIZE
Minumim TWOFISH key size, 16
@end defvr
@defvr Constant TWOFISH_MAX_KEY_SIZE
Maximum TWOFISH key size, 32
@end defvr
@defvr Constant TWOFISH_KEY_SIZE
Default TWOFISH key size, 32
@end defvr
@deftypefun void twofish_set_key (struct twofish_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
Initialize the cipher. The same function is used for both encryption and
decryption.
@end deftypefun
@deftypefun void twofish_encrypt (struct twofish_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
Encryption function. @var{length} must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. @code{src} and @code{dst} may be equal, but they must not overlap
in any other way.
@end deftypefun
@deftypefun void twofish_decrypt (struct twofish_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
Analogous to @code{twofish_encrypt}
@end deftypefun
@node Miscellaneous functions, , Cipher functions, Reference
@comment node-name, next, previous, up
@section Miscellaneous functions
@deftypefun {uint8_t *} memxor (uint8_t *@var{dst}, const uint8_t *@var{src}, size_t @var{n})
XOR:s the source area on top of the destination area. The interface
doesn't follow the Nettle conventions, because it is intended to be
similar to the ANSI-C @code{memcpy} function.
@end deftypefun
@node Installation, Index, Reference, Top
@comment node-name, next, previous, up
@chapter Installation
Nettle uses @command{autoconf} and @command{automake}. To build it,
unpack the source and run
@example
./configure
make
make check
make install
@end example
to install in the default location, @file{/usr/local}. The library is
installed in @file{/use/local/lib/libnettle.a} and the include files are
installed in @file{/use/local/include/nettle/}.
Only static libraries are installed.
@node Index, , Installation, Top
@comment node-name, next, previous, up
@unnumbered Function and Concept Index
@printindex cp
@bye

10
lsh/src/nettle/parity.h Normal file
View File

@ -0,0 +1,10 @@
/* automagically produced - do not fuss with this information */
8,1,0,8,0,8,8,0,0,8,8,0,8,0,2,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,3,
0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
4,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,5,0,8,0,8,8,0,0,8,8,0,8,0,6,8,

82
lsh/src/nettle/rotors.h Normal file
View File

@ -0,0 +1,82 @@
/* automagically made - do not fuss with this */
34, 13, 5, 46, 47, 18, 32, 41, 11, 53, 33, 20,
14, 36, 30, 24, 49, 2, 15, 37, 42, 50, 0, 21,
38, 48, 6, 26, 39, 4, 52, 25, 12, 27, 31, 40,
1, 17, 28, 29, 23, 51, 35, 7, 3, 22, 9, 43,
41, 20, 12, 53, 54, 25, 39, 48, 18, 31, 40, 27,
21, 43, 37, 0, 1, 9, 22, 44, 49, 2, 7, 28,
45, 55, 13, 33, 46, 11, 6, 32, 19, 34, 38, 47,
8, 24, 35, 36, 30, 3, 42, 14, 10, 29, 16, 50,
55, 34, 26, 38, 11, 39, 53, 5, 32, 45, 54, 41,
35, 2, 51, 14, 15, 23, 36, 3, 8, 16, 21, 42,
6, 12, 27, 47, 31, 25, 20, 46, 33, 48, 52, 4,
22, 7, 49, 50, 44, 17, 1, 28, 24, 43, 30, 9,
12, 48, 40, 52, 25, 53, 38, 19, 46, 6, 11, 55,
49, 16, 10, 28, 29, 37, 50, 17, 22, 30, 35, 1,
20, 26, 41, 4, 45, 39, 34, 31, 47, 5, 13, 18,
36, 21, 8, 9, 3, 0, 15, 42, 7, 2, 44, 23,
26, 5, 54, 13, 39, 38, 52, 33, 31, 20, 25, 12,
8, 30, 24, 42, 43, 51, 9, 0, 36, 44, 49, 15,
34, 40, 55, 18, 6, 53, 48, 45, 4, 19, 27, 32,
50, 35, 22, 23, 17, 14, 29, 1, 21, 16, 3, 37,
40, 19, 11, 27, 53, 52, 13, 47, 45, 34, 39, 26,
22, 44, 7, 1, 2, 10, 23, 14, 50, 3, 8, 29,
48, 54, 12, 32, 20, 38, 5, 6, 18, 33, 41, 46,
9, 49, 36, 37, 0, 28, 43, 15, 35, 30, 17, 51,
54, 33, 25, 41, 38, 13, 27, 4, 6, 48, 53, 40,
36, 3, 21, 15, 16, 24, 37, 28, 9, 17, 22, 43,
5, 11, 26, 46, 34, 52, 19, 20, 32, 47, 55, 31,
23, 8, 50, 51, 14, 42, 2, 29, 49, 44, 0, 10,
11, 47, 39, 55, 52, 27, 41, 18, 20, 5, 38, 54,
50, 17, 35, 29, 30, 7, 51, 42, 23, 0, 36, 2,
19, 25, 40, 31, 48, 13, 33, 34, 46, 4, 12, 45,
37, 22, 9, 10, 28, 1, 16, 43, 8, 3, 14, 24,
18, 54, 46, 5, 6, 34, 48, 25, 27, 12, 45, 4,
2, 24, 42, 36, 37, 14, 3, 49, 30, 7, 43, 9,
26, 32, 47, 38, 55, 20, 40, 41, 53, 11, 19, 52,
44, 29, 16, 17, 35, 8, 23, 50, 15, 10, 21, 0,
32, 11, 31, 19, 20, 48, 5, 39, 41, 26, 6, 18,
16, 7, 1, 50, 51, 28, 17, 8, 44, 21, 2, 23,
40, 46, 4, 52, 12, 34, 54, 55, 38, 25, 33, 13,
3, 43, 30, 0, 49, 22, 37, 9, 29, 24, 35, 14,
46, 25, 45, 33, 34, 5, 19, 53, 55, 40, 20, 32,
30, 21, 15, 9, 10, 42, 0, 22, 3, 35, 16, 37,
54, 31, 18, 13, 26, 48, 11, 12, 52, 39, 47, 27,
17, 2, 44, 14, 8, 36, 51, 23, 43, 7, 49, 28,
31, 39, 6, 47, 48, 19, 33, 38, 12, 54, 34, 46,
44, 35, 29, 23, 24, 1, 14, 36, 17, 49, 30, 51,
11, 45, 32, 27, 40, 5, 25, 26, 13, 53, 4, 41,
0, 16, 3, 28, 22, 50, 10, 37, 2, 21, 8, 42,
45, 53, 20, 4, 5, 33, 47, 52, 26, 11, 48, 31,
3, 49, 43, 37, 7, 15, 28, 50, 0, 8, 44, 10,
25, 6, 46, 41, 54, 19, 39, 40, 27, 38, 18, 55,
14, 30, 17, 42, 36, 9, 24, 51, 16, 35, 22, 1,
6, 38, 34, 18, 19, 47, 4, 13, 40, 25, 5, 45,
17, 8, 2, 51, 21, 29, 42, 9, 14, 22, 3, 24,
39, 20, 31, 55, 11, 33, 53, 54, 41, 52, 32, 12,
28, 44, 0, 1, 50, 23, 7, 10, 30, 49, 36, 15,
20, 52, 48, 32, 33, 4, 18, 27, 54, 39, 19, 6,
0, 22, 16, 10, 35, 43, 1, 23, 28, 36, 17, 7,
53, 34, 45, 12, 25, 47, 38, 11, 55, 13, 46, 26,
42, 3, 14, 15, 9, 37, 21, 24, 44, 8, 50, 29,
27, 6, 55, 39, 40, 11, 25, 34, 4, 46, 26, 13,
7, 29, 23, 17, 42, 50, 8, 30, 35, 43, 24, 14,
31, 41, 52, 19, 32, 54, 45, 18, 5, 20, 53, 33,
49, 10, 21, 22, 16, 44, 28, 0, 51, 15, 2, 36,

373
lsh/src/nettle/serpent.c Normal file
View File

@ -0,0 +1,373 @@
/* serpent.h
*
* The serpent block cipher.
*
* For more details on this algorithm, see the Serpent website at
* http://www.cl.cam.ac.uk/~rja14/serpent.html
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 1998, 2000, 2001, Ross Anderson, Eli Biham, Lars
* Knudsen, Rafael R. Sevilla, Niels Möller
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/* I've modified this code a bit so that it interoperates with lsh
* properly. 2000-9-5, Rafael R. Sevilla <dido@pacific.net.ph>
*/
/* NOTE: The copyright notice for the original version of this code
* said "All rights reserved. This code is freely distributed for AES
* selection process. No other use is allowed." However, the authors
* later decided to GPL the code. /nisse */
/* FIXME: Use the READ_UINT32 and WRITE_UINT32 macros, where
* applicable. */
#include "serpent.h"
#include "serpent_sboxes.h"
#include "macros.h"
#include <assert.h>
void
serpent_set_key(struct serpent_ctx *ctx,
unsigned key_size, const uint8_t *key)
{
unsigned i, j;
uint32_t w[132], k[132];
assert(key_size >= SERPENT_MIN_KEY_SIZE);
assert(key_size <= SERPENT_MAX_KEY_SIZE);
for (i = key_size, j = 0;
(i >= 4);
i-=4, j++)
{
assert(j<8);
/* Read the key in the reverse direction. Why? */
w[j] = READ_UINT32(key + i - 4);
}
if (j < 8)
{
/* Pad key, "aabbccddeeff" -> 0xccddeeff, 0x01aabb" */
uint32_t partial = 0x01;
while (i)
partial = (partial << 8 ) | *key++;
w[j++] = partial;
while (j < 8)
w[j++] = 0;
}
for(i=8; i<16; i++)
w[i]=ROL(w[i-8]^w[i-5]^w[i-3]^w[i-1]^PHI^(i-8),11);
for(i=0; i<8; i++)
w[i]=w[i+8];
for(i=8; i<132; i++)
w[i]=ROL(w[i-8]^w[i-5]^w[i-3]^w[i-1]^PHI^i,11);
RND03(w[ 0], w[ 1], w[ 2], w[ 3], k[ 0], k[ 1], k[ 2], k[ 3]);
RND02(w[ 4], w[ 5], w[ 6], w[ 7], k[ 4], k[ 5], k[ 6], k[ 7]);
RND01(w[ 8], w[ 9], w[ 10], w[ 11], k[ 8], k[ 9], k[ 10], k[ 11]);
RND00(w[ 12], w[ 13], w[ 14], w[ 15], k[ 12], k[ 13], k[ 14], k[ 15]);
RND31(w[ 16], w[ 17], w[ 18], w[ 19], k[ 16], k[ 17], k[ 18], k[ 19]);
RND30(w[ 20], w[ 21], w[ 22], w[ 23], k[ 20], k[ 21], k[ 22], k[ 23]);
RND29(w[ 24], w[ 25], w[ 26], w[ 27], k[ 24], k[ 25], k[ 26], k[ 27]);
RND28(w[ 28], w[ 29], w[ 30], w[ 31], k[ 28], k[ 29], k[ 30], k[ 31]);
RND27(w[ 32], w[ 33], w[ 34], w[ 35], k[ 32], k[ 33], k[ 34], k[ 35]);
RND26(w[ 36], w[ 37], w[ 38], w[ 39], k[ 36], k[ 37], k[ 38], k[ 39]);
RND25(w[ 40], w[ 41], w[ 42], w[ 43], k[ 40], k[ 41], k[ 42], k[ 43]);
RND24(w[ 44], w[ 45], w[ 46], w[ 47], k[ 44], k[ 45], k[ 46], k[ 47]);
RND23(w[ 48], w[ 49], w[ 50], w[ 51], k[ 48], k[ 49], k[ 50], k[ 51]);
RND22(w[ 52], w[ 53], w[ 54], w[ 55], k[ 52], k[ 53], k[ 54], k[ 55]);
RND21(w[ 56], w[ 57], w[ 58], w[ 59], k[ 56], k[ 57], k[ 58], k[ 59]);
RND20(w[ 60], w[ 61], w[ 62], w[ 63], k[ 60], k[ 61], k[ 62], k[ 63]);
RND19(w[ 64], w[ 65], w[ 66], w[ 67], k[ 64], k[ 65], k[ 66], k[ 67]);
RND18(w[ 68], w[ 69], w[ 70], w[ 71], k[ 68], k[ 69], k[ 70], k[ 71]);
RND17(w[ 72], w[ 73], w[ 74], w[ 75], k[ 72], k[ 73], k[ 74], k[ 75]);
RND16(w[ 76], w[ 77], w[ 78], w[ 79], k[ 76], k[ 77], k[ 78], k[ 79]);
RND15(w[ 80], w[ 81], w[ 82], w[ 83], k[ 80], k[ 81], k[ 82], k[ 83]);
RND14(w[ 84], w[ 85], w[ 86], w[ 87], k[ 84], k[ 85], k[ 86], k[ 87]);
RND13(w[ 88], w[ 89], w[ 90], w[ 91], k[ 88], k[ 89], k[ 90], k[ 91]);
RND12(w[ 92], w[ 93], w[ 94], w[ 95], k[ 92], k[ 93], k[ 94], k[ 95]);
RND11(w[ 96], w[ 97], w[ 98], w[ 99], k[ 96], k[ 97], k[ 98], k[ 99]);
RND10(w[100], w[101], w[102], w[103], k[100], k[101], k[102], k[103]);
RND09(w[104], w[105], w[106], w[107], k[104], k[105], k[106], k[107]);
RND08(w[108], w[109], w[110], w[111], k[108], k[109], k[110], k[111]);
RND07(w[112], w[113], w[114], w[115], k[112], k[113], k[114], k[115]);
RND06(w[116], w[117], w[118], w[119], k[116], k[117], k[118], k[119]);
RND05(w[120], w[121], w[122], w[123], k[120], k[121], k[122], k[123]);
RND04(w[124], w[125], w[126], w[127], k[124], k[125], k[126], k[127]);
RND03(w[128], w[129], w[130], w[131], k[128], k[129], k[130], k[131]);
for(i=0; i<=32; i++)
for(j=0; j<4; j++)
ctx->keys[i][j] = k[4*i+j];
}
void
serpent_encrypt(struct serpent_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *plain)
{
register uint32_t x0, x1, x2, x3;
register uint32_t y0, y1, y2, y3;
FOR_BLOCKS(length, dst, plain, SERPENT_BLOCK_SIZE)
{
/* Why the reverse order? */
x0=READ_UINT32(plain + 12);
x1=READ_UINT32(plain + 8);
x2=READ_UINT32(plain + 4);
x3=READ_UINT32(plain);
/* Start to encrypt the plaintext x */
keying(x0, x1, x2, x3, ctx->keys[ 0]);
RND00(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 1]);
RND01(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 2]);
RND02(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 3]);
RND03(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 4]);
RND04(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 5]);
RND05(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 6]);
RND06(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 7]);
RND07(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 8]);
RND08(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 9]);
RND09(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[10]);
RND10(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[11]);
RND11(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[12]);
RND12(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[13]);
RND13(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[14]);
RND14(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[15]);
RND15(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[16]);
RND16(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[17]);
RND17(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[18]);
RND18(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[19]);
RND19(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[20]);
RND20(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[21]);
RND21(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[22]);
RND22(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[23]);
RND23(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[24]);
RND24(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[25]);
RND25(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[26]);
RND26(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[27]);
RND27(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[28]);
RND28(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[29]);
RND29(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[30]);
RND30(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[31]);
RND31(x0, x1, x2, x3, y0, y1, y2, y3);
x0 = y0; x1 = y1; x2 = y2; x3 = y3;
keying(x0, x1, x2, x3, ctx->keys[32]);
/* The ciphertext is now in x */
/* Why the reverse order? */
WRITE_UINT32(dst, x3);
WRITE_UINT32(dst+4, x2);
WRITE_UINT32(dst+8, x1);
WRITE_UINT32(dst+12, x0);
}
}
void
serpent_decrypt(struct serpent_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *cipher)
{
register uint32_t x0, x1, x2, x3;
register uint32_t y0, y1, y2, y3;
FOR_BLOCKS(length, dst, cipher, SERPENT_BLOCK_SIZE)
{
/* Why the reverse order? */
x0 = READ_UINT32(cipher + 12);
x1 = READ_UINT32(cipher + 8);
x2 = READ_UINT32(cipher + 4);
x3 = READ_UINT32(cipher);
/* Start to decrypt the ciphertext x */
keying(x0, x1, x2, x3, ctx->keys[32]);
InvRND31(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[31]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND30(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[30]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND29(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[29]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND28(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[28]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND27(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[27]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND26(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[26]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND25(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[25]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND24(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[24]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND23(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[23]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND22(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[22]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND21(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[21]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND20(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[20]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND19(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[19]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND18(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[18]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND17(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[17]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND16(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[16]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND15(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[15]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND14(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[14]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND13(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[13]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND12(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[12]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND11(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[11]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND10(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[10]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND09(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 9]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND08(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 8]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND07(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 7]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND06(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 6]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND05(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 5]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND04(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 4]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND03(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 3]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND02(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 2]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND01(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 1]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND00(x0, x1, x2, x3, y0, y1, y2, y3);
x0 = y0; x1 = y1; x2 = y2; x3 = y3;
keying(x0, x1, x2, x3, ctx->keys[ 0]);
/* The plaintext is now in x */
/* Why the reverse order? */
WRITE_UINT32(dst, x3);
WRITE_UINT32(dst+4, x2);
WRITE_UINT32(dst+8, x1);
WRITE_UINT32(dst+12, x0);
}
}

68
lsh/src/nettle/serpent.h Normal file
View File

@ -0,0 +1,68 @@
/* serpent.h
*
* The serpent block cipher.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
/* Serpent is a 128-bit block cipher that accepts a key size of 256
* bits, designed by Ross Anderson, Eli Biham, and Lars Knudsen. See
* http://www.cl.cam.ac.uk/~rja14/serpent.html for details.
*/
#ifndef NETTLE_SERPENT_H_INCLUDED
#define NETTLE_SERPENT_H_INCLUDED
#include <inttypes.h>
#define SERPENT_BLOCK_SIZE 16
/* Other key lengths are possible, but the design of Serpent makes
* smaller key lengths quite pointless; they cheated with the AES
* requirements, using a 256-bit key length exclusively and just
* padding it out if the desired key length was less, so there really
* is no advantage to using key lengths less than 256 bits. */
#define SERPENT_KEY_SIZE 32
/* Allow keys of size 128 <= bits <= 256 */
#define SERPENT_MIN_KEY_SIZE 16
#define SERPENT_MAX_KEY_SIZE 32
struct serpent_ctx
{
uint32_t keys[33][4]; /* key schedule */
};
void
serpent_set_key(struct serpent_ctx *ctx,
unsigned length, const uint8_t *key);
void
serpent_encrypt(struct serpent_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
void
serpent_decrypt(struct serpent_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
#endif /* NETTLE_SERPENT_H_INCLUDED */

511
lsh/src/nettle/serpent_sboxes.h Normal file
View File

@ -0,0 +1,511 @@
/* serpentsboxes.h
*
* $Id$
*
* For more details on this algorithm, see the Serpent website at
* http://www.cl.cam.ac.uk/~rja14/serpent.html
*/
/* Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/* I've modified this code a bit so that it interoperates with lsh
* properly. 2000-9-5, Rafael R. Sevilla <dido@pacific.net.ph>
*/
/* NOTE: The copyright notice for the original version of this code
* said "All rights reserved. This code is freely distributed for AES
* selection process. No other use is allowed." However, the authors
* later decided to GPL the code. /nisse */
#ifndef SERPENT_SBOXES_H_INCLUDED
#define SERPENT_SBOXES_H_INCLUDED
#include "serpent.h"
/* S0: 3 8 15 1 10 6 5 11 14 13 4 2 7 0 9 12 */
/* depth = 5,7,4,2, Total gates=18 */
#define RND00(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t05, t06, t07, t08, t09, t11, t12, t13, t14, t15, t17, t01;\
t01 = b ^ c ; \
t02 = a | d ; \
t03 = a ^ b ; \
z = t02 ^ t01; \
t05 = c | z ; \
t06 = a ^ d ; \
t07 = b | c ; \
t08 = d & t05; \
t09 = t03 & t07; \
y = t09 ^ t08; \
t11 = t09 & y ; \
t12 = c ^ d ; \
t13 = t07 ^ t11; \
t14 = b & t06; \
t15 = t06 ^ t13; \
w = ~ t15; \
t17 = w ^ t14; \
x = t12 ^ t17; }
/* InvS0: 13 3 11 0 10 6 5 12 1 14 4 7 15 9 8 2 */
/* depth = 8,4,3,6, Total gates=19 */
#define InvRND00(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t04, t05, t06, t08, t09, t10, t12, t13, t14, t15, t17, t18, t01;\
t01 = c ^ d ; \
t02 = a | b ; \
t03 = b | c ; \
t04 = c & t01; \
t05 = t02 ^ t01; \
t06 = a | t04; \
y = ~ t05; \
t08 = b ^ d ; \
t09 = t03 & t08; \
t10 = d | y ; \
x = t09 ^ t06; \
t12 = a | t05; \
t13 = x ^ t12; \
t14 = t03 ^ t10; \
t15 = a ^ c ; \
z = t14 ^ t13; \
t17 = t05 & t13; \
t18 = t14 | t17; \
w = t15 ^ t18; }
/* S1: 15 12 2 7 9 0 5 10 1 11 14 8 6 13 3 4 */
/* depth = 10,7,3,5, Total gates=18 */
#define RND01(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t04, t05, t06, t07, t08, t10, t11, t12, t13, t16, t17, t01;\
t01 = a | d ; \
t02 = c ^ d ; \
t03 = ~ b ; \
t04 = a ^ c ; \
t05 = a | t03; \
t06 = d & t04; \
t07 = t01 & t02; \
t08 = b | t06; \
y = t02 ^ t05; \
t10 = t07 ^ t08; \
t11 = t01 ^ t10; \
t12 = y ^ t11; \
t13 = b & d ; \
z = ~ t10; \
x = t13 ^ t12; \
t16 = t10 | x ; \
t17 = t05 & t16; \
w = c ^ t17; }
/* InvS1: 5 8 2 14 15 6 12 3 11 4 7 9 1 13 10 0 */
/* depth = 7,4,5,3, Total gates=18 */
#define InvRND01(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t04, t05, t06, t07, t08, t09, t10, t11, t14, t15, t17, t01;\
t01 = a ^ b ; \
t02 = b | d ; \
t03 = a & c ; \
t04 = c ^ t02; \
t05 = a | t04; \
t06 = t01 & t05; \
t07 = d | t03; \
t08 = b ^ t06; \
t09 = t07 ^ t06; \
t10 = t04 | t03; \
t11 = d & t08; \
y = ~ t09; \
x = t10 ^ t11; \
t14 = a | y ; \
t15 = t06 ^ x ; \
z = t01 ^ t04; \
t17 = c ^ t15; \
w = t14 ^ t17; }
/* S2: 8 6 7 9 3 12 10 15 13 1 14 4 0 11 5 2 */
/* depth = 3,8,11,7, Total gates=16 */
#define RND02(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t05, t06, t07, t08, t09, t10, t12, t13, t14, t01;\
t01 = a | c ; \
t02 = a ^ b ; \
t03 = d ^ t01; \
w = t02 ^ t03; \
t05 = c ^ w ; \
t06 = b ^ t05; \
t07 = b | t05; \
t08 = t01 & t06; \
t09 = t03 ^ t07; \
t10 = t02 | t09; \
x = t10 ^ t08; \
t12 = a | d ; \
t13 = t09 ^ x ; \
t14 = b ^ t13; \
z = ~ t09; \
y = t12 ^ t14; }
/* InvS2: 12 9 15 4 11 14 1 2 0 3 6 13 5 8 10 7 */
/* depth = 3,6,8,3, Total gates=18 */
#define InvRND02(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t04, t06, t07, t08, t09, t10, t11, t12, t15, t16, t17, t01;\
t01 = a ^ d ; \
t02 = c ^ d ; \
t03 = a & c ; \
t04 = b | t02; \
w = t01 ^ t04; \
t06 = a | c ; \
t07 = d | w ; \
t08 = ~ d ; \
t09 = b & t06; \
t10 = t08 | t03; \
t11 = b & t07; \
t12 = t06 & t02; \
z = t09 ^ t10; \
x = t12 ^ t11; \
t15 = c & z ; \
t16 = w ^ x ; \
t17 = t10 ^ t15; \
y = t16 ^ t17; }
/* S3: 0 15 11 8 12 9 6 3 13 1 2 4 10 7 5 14 */
/* depth = 8,3,5,5, Total gates=18 */
#define RND03(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t04, t05, t06, t07, t08, t09, t10, t11, t13, t14, t15, t01;\
t01 = a ^ c ; \
t02 = a | d ; \
t03 = a & d ; \
t04 = t01 & t02; \
t05 = b | t03; \
t06 = a & b ; \
t07 = d ^ t04; \
t08 = c | t06; \
t09 = b ^ t07; \
t10 = d & t05; \
t11 = t02 ^ t10; \
z = t08 ^ t09; \
t13 = d | z ; \
t14 = a | t07; \
t15 = b & t13; \
y = t08 ^ t11; \
w = t14 ^ t15; \
x = t05 ^ t04; }
/* InvS3: 0 9 10 7 11 14 6 13 3 5 12 2 4 8 15 1 */
/* depth = 3,6,4,4, Total gates=17 */
#define InvRND03(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t04, t05, t06, t07, t09, t11, t12, t13, t14, t16, t01;\
t01 = c | d ; \
t02 = a | d ; \
t03 = c ^ t02; \
t04 = b ^ t02; \
t05 = a ^ d ; \
t06 = t04 & t03; \
t07 = b & t01; \
y = t05 ^ t06; \
t09 = a ^ t03; \
w = t07 ^ t03; \
t11 = w | t05; \
t12 = t09 & t11; \
t13 = a & y ; \
t14 = t01 ^ t05; \
x = b ^ t12; \
t16 = b | t13; \
z = t14 ^ t16; }
/* S4: 1 15 8 3 12 0 11 6 2 5 4 10 9 14 7 13 */
/* depth = 6,7,5,3, Total gates=19 */
#define RND04(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t04, t05, t06, t08, t09, t10, t11, t12, t13, t14, t15, t16, t01;\
t01 = a | b ; \
t02 = b | c ; \
t03 = a ^ t02; \
t04 = b ^ d ; \
t05 = d | t03; \
t06 = d & t01; \
z = t03 ^ t06; \
t08 = z & t04; \
t09 = t04 & t05; \
t10 = c ^ t06; \
t11 = b & c ; \
t12 = t04 ^ t08; \
t13 = t11 | t03; \
t14 = t10 ^ t09; \
t15 = a & t05; \
t16 = t11 | t12; \
y = t13 ^ t08; \
x = t15 ^ t16; \
w = ~ t14; }
/* InvS4: 5 0 8 3 10 9 7 14 2 12 11 6 4 15 13 1 */
/* depth = 6,4,7,3, Total gates=17 */
#define InvRND04(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t04, t05, t06, t07, t09, t10, t11, t12, t13, t15, t01;\
t01 = b | d ; \
t02 = c | d ; \
t03 = a & t01; \
t04 = b ^ t02; \
t05 = c ^ d ; \
t06 = ~ t03; \
t07 = a & t04; \
x = t05 ^ t07; \
t09 = x | t06; \
t10 = a ^ t07; \
t11 = t01 ^ t09; \
t12 = d ^ t04; \
t13 = c | t10; \
z = t03 ^ t12; \
t15 = a ^ t04; \
y = t11 ^ t13; \
w = t15 ^ t09; }
/* S5: 15 5 2 11 4 10 9 12 0 3 14 8 13 6 7 1 */
/* depth = 4,6,8,6, Total gates=17 */
#define RND05(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t04, t05, t07, t08, t09, t10, t11, t12, t13, t14, t01;\
t01 = b ^ d ; \
t02 = b | d ; \
t03 = a & t01; \
t04 = c ^ t02; \
t05 = t03 ^ t04; \
w = ~ t05; \
t07 = a ^ t01; \
t08 = d | w ; \
t09 = b | t05; \
t10 = d ^ t08; \
t11 = b | t07; \
t12 = t03 | w ; \
t13 = t07 | t10; \
t14 = t01 ^ t11; \
y = t09 ^ t13; \
x = t07 ^ t08; \
z = t12 ^ t14; }
/* InvS5: 8 15 2 9 4 1 13 14 11 6 5 3 7 12 10 0 */
/* depth = 4,6,9,7, Total gates=17 */
#define InvRND05(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t04, t05, t07, t08, t09, t10, t12, t13, t15, t16, t01;\
t01 = a & d ; \
t02 = c ^ t01; \
t03 = a ^ d ; \
t04 = b & t02; \
t05 = a & c ; \
w = t03 ^ t04; \
t07 = a & w ; \
t08 = t01 ^ w ; \
t09 = b | t05; \
t10 = ~ b ; \
x = t08 ^ t09; \
t12 = t10 | t07; \
t13 = w | x ; \
z = t02 ^ t12; \
t15 = t02 ^ t13; \
t16 = b ^ d ; \
y = t16 ^ t15; }
/* S6: 7 2 12 5 8 4 6 11 14 9 1 15 13 3 10 0 */
/* depth = 8,3,6,3, Total gates=19 */
#define RND06(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t04, t05, t07, t08, t09, t10, t11, t12, t13, t15, t17, t18, t01;\
t01 = a & d ; \
t02 = b ^ c ; \
t03 = a ^ d ; \
t04 = t01 ^ t02; \
t05 = b | c ; \
x = ~ t04; \
t07 = t03 & t05; \
t08 = b & x ; \
t09 = a | c ; \
t10 = t07 ^ t08; \
t11 = b | d ; \
t12 = c ^ t11; \
t13 = t09 ^ t10; \
y = ~ t13; \
t15 = x & t03; \
z = t12 ^ t07; \
t17 = a ^ b ; \
t18 = y ^ t15; \
w = t17 ^ t18; }
/* InvS6: 15 10 1 13 5 3 6 0 4 9 14 7 2 12 8 11 */
/* depth = 5,3,8,6, Total gates=19 */
#define InvRND06(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t04, t05, t06, t07, t08, t09, t12, t13, t14, t15, t16, t17, t01;\
t01 = a ^ c ; \
t02 = ~ c ; \
t03 = b & t01; \
t04 = b | t02; \
t05 = d | t03; \
t06 = b ^ d ; \
t07 = a & t04; \
t08 = a | t02; \
t09 = t07 ^ t05; \
x = t06 ^ t08; \
w = ~ t09; \
t12 = b & w ; \
t13 = t01 & t05; \
t14 = t01 ^ t12; \
t15 = t07 ^ t13; \
t16 = d | t02; \
t17 = a ^ x ; \
z = t17 ^ t15; \
y = t16 ^ t14; }
/* S7: 1 13 15 0 14 8 2 11 7 4 12 10 9 3 5 6 */
/* depth = 10,7,10,4, Total gates=19 */
#define RND07(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t04, t05, t06, t08, t09, t10, t11, t13, t14, t15, t16, t17, t01;\
t01 = a & c ; \
t02 = ~ d ; \
t03 = a & t02; \
t04 = b | t01; \
t05 = a & b ; \
t06 = c ^ t04; \
z = t03 ^ t06; \
t08 = c | z ; \
t09 = d | t05; \
t10 = a ^ t08; \
t11 = t04 & z ; \
x = t09 ^ t10; \
t13 = b ^ x ; \
t14 = t01 ^ x ; \
t15 = c ^ t05; \
t16 = t11 | t13; \
t17 = t02 | t14; \
w = t15 ^ t17; \
y = a ^ t16; }
/* InvS7: 3 0 6 13 9 14 15 8 5 12 11 7 10 1 4 2 */
/* depth = 9,7,3,3, Total gates=18 */
#define InvRND07(a,b,c,d,w,x,y,z) \
{ register uint32_t t02, t03, t04, t06, t07, t08, t09, t10, t11, t13, t14, t15, t16, t01;\
t01 = a & b ; \
t02 = a | b ; \
t03 = c | t01; \
t04 = d & t02; \
z = t03 ^ t04; \
t06 = b ^ t04; \
t07 = d ^ z ; \
t08 = ~ t07; \
t09 = t06 | t08; \
t10 = b ^ d ; \
t11 = a | d ; \
x = a ^ t09; \
t13 = c ^ t06; \
t14 = c & t11; \
t15 = d | x ; \
t16 = t01 | t10; \
w = t13 ^ t15; \
y = t14 ^ t16; }
#define RND08(a,b,c,d,e,f,g,h) RND00(a,b,c,d,e,f,g,h)
#define RND09(a,b,c,d,e,f,g,h) RND01(a,b,c,d,e,f,g,h)
#define RND10(a,b,c,d,e,f,g,h) RND02(a,b,c,d,e,f,g,h)
#define RND11(a,b,c,d,e,f,g,h) RND03(a,b,c,d,e,f,g,h)
#define RND12(a,b,c,d,e,f,g,h) RND04(a,b,c,d,e,f,g,h)
#define RND13(a,b,c,d,e,f,g,h) RND05(a,b,c,d,e,f,g,h)
#define RND14(a,b,c,d,e,f,g,h) RND06(a,b,c,d,e,f,g,h)
#define RND15(a,b,c,d,e,f,g,h) RND07(a,b,c,d,e,f,g,h)
#define RND16(a,b,c,d,e,f,g,h) RND00(a,b,c,d,e,f,g,h)
#define RND17(a,b,c,d,e,f,g,h) RND01(a,b,c,d,e,f,g,h)
#define RND18(a,b,c,d,e,f,g,h) RND02(a,b,c,d,e,f,g,h)
#define RND19(a,b,c,d,e,f,g,h) RND03(a,b,c,d,e,f,g,h)
#define RND20(a,b,c,d,e,f,g,h) RND04(a,b,c,d,e,f,g,h)
#define RND21(a,b,c,d,e,f,g,h) RND05(a,b,c,d,e,f,g,h)
#define RND22(a,b,c,d,e,f,g,h) RND06(a,b,c,d,e,f,g,h)
#define RND23(a,b,c,d,e,f,g,h) RND07(a,b,c,d,e,f,g,h)
#define RND24(a,b,c,d,e,f,g,h) RND00(a,b,c,d,e,f,g,h)
#define RND25(a,b,c,d,e,f,g,h) RND01(a,b,c,d,e,f,g,h)
#define RND26(a,b,c,d,e,f,g,h) RND02(a,b,c,d,e,f,g,h)
#define RND27(a,b,c,d,e,f,g,h) RND03(a,b,c,d,e,f,g,h)
#define RND28(a,b,c,d,e,f,g,h) RND04(a,b,c,d,e,f,g,h)
#define RND29(a,b,c,d,e,f,g,h) RND05(a,b,c,d,e,f,g,h)
#define RND30(a,b,c,d,e,f,g,h) RND06(a,b,c,d,e,f,g,h)
#define RND31(a,b,c,d,e,f,g,h) RND07(a,b,c,d,e,f,g,h)
#define InvRND08(a,b,c,d,e,f,g,h) InvRND00(a,b,c,d,e,f,g,h)
#define InvRND09(a,b,c,d,e,f,g,h) InvRND01(a,b,c,d,e,f,g,h)
#define InvRND10(a,b,c,d,e,f,g,h) InvRND02(a,b,c,d,e,f,g,h)
#define InvRND11(a,b,c,d,e,f,g,h) InvRND03(a,b,c,d,e,f,g,h)
#define InvRND12(a,b,c,d,e,f,g,h) InvRND04(a,b,c,d,e,f,g,h)
#define InvRND13(a,b,c,d,e,f,g,h) InvRND05(a,b,c,d,e,f,g,h)
#define InvRND14(a,b,c,d,e,f,g,h) InvRND06(a,b,c,d,e,f,g,h)
#define InvRND15(a,b,c,d,e,f,g,h) InvRND07(a,b,c,d,e,f,g,h)
#define InvRND16(a,b,c,d,e,f,g,h) InvRND00(a,b,c,d,e,f,g,h)
#define InvRND17(a,b,c,d,e,f,g,h) InvRND01(a,b,c,d,e,f,g,h)
#define InvRND18(a,b,c,d,e,f,g,h) InvRND02(a,b,c,d,e,f,g,h)
#define InvRND19(a,b,c,d,e,f,g,h) InvRND03(a,b,c,d,e,f,g,h)
#define InvRND20(a,b,c,d,e,f,g,h) InvRND04(a,b,c,d,e,f,g,h)
#define InvRND21(a,b,c,d,e,f,g,h) InvRND05(a,b,c,d,e,f,g,h)
#define InvRND22(a,b,c,d,e,f,g,h) InvRND06(a,b,c,d,e,f,g,h)
#define InvRND23(a,b,c,d,e,f,g,h) InvRND07(a,b,c,d,e,f,g,h)
#define InvRND24(a,b,c,d,e,f,g,h) InvRND00(a,b,c,d,e,f,g,h)
#define InvRND25(a,b,c,d,e,f,g,h) InvRND01(a,b,c,d,e,f,g,h)
#define InvRND26(a,b,c,d,e,f,g,h) InvRND02(a,b,c,d,e,f,g,h)
#define InvRND27(a,b,c,d,e,f,g,h) InvRND03(a,b,c,d,e,f,g,h)
#define InvRND28(a,b,c,d,e,f,g,h) InvRND04(a,b,c,d,e,f,g,h)
#define InvRND29(a,b,c,d,e,f,g,h) InvRND05(a,b,c,d,e,f,g,h)
#define InvRND30(a,b,c,d,e,f,g,h) InvRND06(a,b,c,d,e,f,g,h)
#define InvRND31(a,b,c,d,e,f,g,h) InvRND07(a,b,c,d,e,f,g,h)
/* Linear transformations and key mixing: */
#define ROL(x,n) ((((uint32_t)(x))<<(n))| \
(((uint32_t)(x))>>(32-(n))))
#define ROR(x,n) ((((uint32_t)(x))<<(32-(n)))| \
(((uint32_t)(x))>>(n)))
#define transform(x0, x1, x2, x3, y0, y1, y2, y3) \
y0 = ROL(x0, 13); \
y2 = ROL(x2, 3); \
y1 = x1 ^ y0 ^ y2; \
y3 = x3 ^ y2 ^ ((uint32_t)y0)<<3; \
y1 = ROL(y1, 1); \
y3 = ROL(y3, 7); \
y0 = y0 ^ y1 ^ y3; \
y2 = y2 ^ y3 ^ ((uint32_t)y1<<7); \
y0 = ROL(y0, 5); \
y2 = ROL(y2, 22)
#define inv_transform(x0, x1, x2, x3, y0, y1, y2, y3) \
y2 = ROR(x2, 22);\
y0 = ROR(x0, 5); \
y2 = y2 ^ x3 ^ ((uint32_t)x1<<7); \
y0 = y0 ^ x1 ^ x3; \
y3 = ROR(x3, 7); \
y1 = ROR(x1, 1); \
y3 = y3 ^ y2 ^ ((uint32_t)y0)<<3; \
y1 = y1 ^ y0 ^ y2; \
y2 = ROR(y2, 3); \
y0 = ROR(y0, 13)
#define keying(x0, x1, x2, x3, subkey) \
x0^=subkey[0];x1^=subkey[1]; \
x2^=subkey[2];x3^=subkey[3]
/* PHI: Constant used in the key schedule */
#define PHI 0x9e3779b9L
#endif /* SERPENT_SBOXES_H_INCLUDED */

383
lsh/src/nettle/sha1.c Normal file
View File

@ -0,0 +1,383 @@
/* sha1.h
*
* The sha1 hash function.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Peter Gutmann, Andrew Kuchling, Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
/* Here's the first paragraph of Peter Gutmann's posting,
* <30ajo5$oe8@ccu2.auckland.ac.nz>:
*
* The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
* SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
* what's changed in the new version. The fix is a simple change which involves
* adding a single rotate in the initial expansion function. It is unknown
* whether this is an optimal solution to the problem which was discovered in the
* SHA or whether it's simply a bandaid which fixes the problem with a minimum of
* effort (for example the reengineering of a great many Capstone chips).
*/
#include "sha1.h"
#include "macros.h"
#include <assert.h>
#include <string.h>
#if MACOS
extern void abort();
#endif
/* A block, treated as a sequence of 32-bit words. */
#define SHA1_DATA_LENGTH 16
/* The SHA f()-functions. The f1 and f3 functions can be optimized to
save one boolean operation each - thanks to Rich Schroeppel,
rcs@cs.arizona.edu for discovering this */
/* #define f1(x,y,z) ( ( x & y ) | ( ~x & z ) ) Rounds 0-19 */
#define f1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) /* Rounds 0-19 */
#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */
/* #define f3(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) ) Rounds 40-59 */
#define f3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) /* Rounds 40-59 */
#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */
/* The SHA Mysterious Constants */
#define K1 0x5A827999L /* Rounds 0-19 */
#define K2 0x6ED9EBA1L /* Rounds 20-39 */
#define K3 0x8F1BBCDCL /* Rounds 40-59 */
#define K4 0xCA62C1D6L /* Rounds 60-79 */
/* SHA initial values */
#define h0init 0x67452301L
#define h1init 0xEFCDAB89L
#define h2init 0x98BADCFEL
#define h3init 0x10325476L
#define h4init 0xC3D2E1F0L
/* 32-bit rotate left - kludged with shifts */
#define ROTL(n,X) ( ( (X) << (n) ) | ( (X) >> ( 32 - (n) ) ) )
/* The initial expanding function. The hash function is defined over an
80-word expanded input array W, where the first 16 are copies of the input
data, and the remaining 64 are defined by
W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
This implementation generates these values on the fly in a circular
buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
optimization.
The updated SHA changes the expanding function by adding a rotate of 1
bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor
for this information */
#define expand(W,i) ( W[ i & 15 ] = \
ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \
W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) ) )
/* The prototype SHA sub-round. The fundamental sub-round is:
a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
b' = a;
c' = ROTL( 30, b );
d' = c;
e' = d;
but this is implemented by unrolling the loop 5 times and renaming the
variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
This code is then replicated 20 times for each of the 4 functions, using
the next 20 values from the W[] array each time */
#define subRound(a, b, c, d, e, f, k, data) \
( e += ROTL( 5, a ) + f( b, c, d ) + k + data, b = ROTL( 30, b ) )
/* Initialize the SHA values */
void
sha1_init(struct sha1_ctx *ctx)
{
/* Set the h-vars to their initial values */
ctx->digest[ 0 ] = h0init;
ctx->digest[ 1 ] = h1init;
ctx->digest[ 2 ] = h2init;
ctx->digest[ 3 ] = h3init;
ctx->digest[ 4 ] = h4init;
/* Initialize bit count */
ctx->count_low = ctx->count_high = 0;
/* Initialize buffer */
ctx->index = 0;
}
/* Perform the SHA transformation. Note that this code, like MD5, seems to
break some optimizing compilers due to the complexity of the expressions
and the size of the basic block. It may be necessary to split it into
sections, e.g. based on the four subrounds
Note that this function destroys the data area */
static void
sha1_transform(uint32_t *state, uint32_t *data)
{
uint32_t A, B, C, D, E; /* Local vars */
/* Set up first buffer and local data buffer */
A = state[0];
B = state[1];
C = state[2];
D = state[3];
E = state[4];
/* Heavy mangling, in 4 sub-rounds of 20 interations each. */
subRound( A, B, C, D, E, f1, K1, data[ 0] );
subRound( E, A, B, C, D, f1, K1, data[ 1] );
subRound( D, E, A, B, C, f1, K1, data[ 2] );
subRound( C, D, E, A, B, f1, K1, data[ 3] );
subRound( B, C, D, E, A, f1, K1, data[ 4] );
subRound( A, B, C, D, E, f1, K1, data[ 5] );
subRound( E, A, B, C, D, f1, K1, data[ 6] );
subRound( D, E, A, B, C, f1, K1, data[ 7] );
subRound( C, D, E, A, B, f1, K1, data[ 8] );
subRound( B, C, D, E, A, f1, K1, data[ 9] );
subRound( A, B, C, D, E, f1, K1, data[10] );
subRound( E, A, B, C, D, f1, K1, data[11] );
subRound( D, E, A, B, C, f1, K1, data[12] );
subRound( C, D, E, A, B, f1, K1, data[13] );
subRound( B, C, D, E, A, f1, K1, data[14] );
subRound( A, B, C, D, E, f1, K1, data[15] );
subRound( E, A, B, C, D, f1, K1, expand( data, 16 ) );
subRound( D, E, A, B, C, f1, K1, expand( data, 17 ) );
subRound( C, D, E, A, B, f1, K1, expand( data, 18 ) );
subRound( B, C, D, E, A, f1, K1, expand( data, 19 ) );
subRound( A, B, C, D, E, f2, K2, expand( data, 20 ) );
subRound( E, A, B, C, D, f2, K2, expand( data, 21 ) );
subRound( D, E, A, B, C, f2, K2, expand( data, 22 ) );
subRound( C, D, E, A, B, f2, K2, expand( data, 23 ) );
subRound( B, C, D, E, A, f2, K2, expand( data, 24 ) );
subRound( A, B, C, D, E, f2, K2, expand( data, 25 ) );
subRound( E, A, B, C, D, f2, K2, expand( data, 26 ) );
subRound( D, E, A, B, C, f2, K2, expand( data, 27 ) );
subRound( C, D, E, A, B, f2, K2, expand( data, 28 ) );
subRound( B, C, D, E, A, f2, K2, expand( data, 29 ) );
subRound( A, B, C, D, E, f2, K2, expand( data, 30 ) );
subRound( E, A, B, C, D, f2, K2, expand( data, 31 ) );
subRound( D, E, A, B, C, f2, K2, expand( data, 32 ) );
subRound( C, D, E, A, B, f2, K2, expand( data, 33 ) );
subRound( B, C, D, E, A, f2, K2, expand( data, 34 ) );
subRound( A, B, C, D, E, f2, K2, expand( data, 35 ) );
subRound( E, A, B, C, D, f2, K2, expand( data, 36 ) );
subRound( D, E, A, B, C, f2, K2, expand( data, 37 ) );
subRound( C, D, E, A, B, f2, K2, expand( data, 38 ) );
subRound( B, C, D, E, A, f2, K2, expand( data, 39 ) );
subRound( A, B, C, D, E, f3, K3, expand( data, 40 ) );
subRound( E, A, B, C, D, f3, K3, expand( data, 41 ) );
subRound( D, E, A, B, C, f3, K3, expand( data, 42 ) );
subRound( C, D, E, A, B, f3, K3, expand( data, 43 ) );
subRound( B, C, D, E, A, f3, K3, expand( data, 44 ) );
subRound( A, B, C, D, E, f3, K3, expand( data, 45 ) );
subRound( E, A, B, C, D, f3, K3, expand( data, 46 ) );
subRound( D, E, A, B, C, f3, K3, expand( data, 47 ) );
subRound( C, D, E, A, B, f3, K3, expand( data, 48 ) );
subRound( B, C, D, E, A, f3, K3, expand( data, 49 ) );
subRound( A, B, C, D, E, f3, K3, expand( data, 50 ) );
subRound( E, A, B, C, D, f3, K3, expand( data, 51 ) );
subRound( D, E, A, B, C, f3, K3, expand( data, 52 ) );
subRound( C, D, E, A, B, f3, K3, expand( data, 53 ) );
subRound( B, C, D, E, A, f3, K3, expand( data, 54 ) );
subRound( A, B, C, D, E, f3, K3, expand( data, 55 ) );
subRound( E, A, B, C, D, f3, K3, expand( data, 56 ) );
subRound( D, E, A, B, C, f3, K3, expand( data, 57 ) );
subRound( C, D, E, A, B, f3, K3, expand( data, 58 ) );
subRound( B, C, D, E, A, f3, K3, expand( data, 59 ) );
subRound( A, B, C, D, E, f4, K4, expand( data, 60 ) );
subRound( E, A, B, C, D, f4, K4, expand( data, 61 ) );
subRound( D, E, A, B, C, f4, K4, expand( data, 62 ) );
subRound( C, D, E, A, B, f4, K4, expand( data, 63 ) );
subRound( B, C, D, E, A, f4, K4, expand( data, 64 ) );
subRound( A, B, C, D, E, f4, K4, expand( data, 65 ) );
subRound( E, A, B, C, D, f4, K4, expand( data, 66 ) );
subRound( D, E, A, B, C, f4, K4, expand( data, 67 ) );
subRound( C, D, E, A, B, f4, K4, expand( data, 68 ) );
subRound( B, C, D, E, A, f4, K4, expand( data, 69 ) );
subRound( A, B, C, D, E, f4, K4, expand( data, 70 ) );
subRound( E, A, B, C, D, f4, K4, expand( data, 71 ) );
subRound( D, E, A, B, C, f4, K4, expand( data, 72 ) );
subRound( C, D, E, A, B, f4, K4, expand( data, 73 ) );
subRound( B, C, D, E, A, f4, K4, expand( data, 74 ) );
subRound( A, B, C, D, E, f4, K4, expand( data, 75 ) );
subRound( E, A, B, C, D, f4, K4, expand( data, 76 ) );
subRound( D, E, A, B, C, f4, K4, expand( data, 77 ) );
subRound( C, D, E, A, B, f4, K4, expand( data, 78 ) );
subRound( B, C, D, E, A, f4, K4, expand( data, 79 ) );
/* Build message digest */
state[0] += A;
state[1] += B;
state[2] += C;
state[3] += D;
state[4] += E;
}
static void
sha1_block(struct sha1_ctx *ctx, const uint8_t *block)
{
uint32_t data[SHA1_DATA_LENGTH];
int i;
/* Update block count */
if (!++ctx->count_low)
++ctx->count_high;
/* Endian independent conversion */
for (i = 0; i<SHA1_DATA_LENGTH; i++, block += 4)
data[i] = READ_UINT32(block);
sha1_transform(ctx->digest, data);
}
void
sha1_update(struct sha1_ctx *ctx,
unsigned length, const uint8_t *buffer)
{
if (ctx->index)
{ /* Try to fill partial block */
unsigned left = SHA1_DATA_SIZE - ctx->index;
if (length < left)
{
memcpy(ctx->block + ctx->index, buffer, length);
ctx->index += length;
return; /* Finished */
}
else
{
memcpy(ctx->block + ctx->index, buffer, left);
sha1_block(ctx, ctx->block);
buffer += left;
length -= left;
}
}
while (length >= SHA1_DATA_SIZE)
{
sha1_block(ctx, buffer);
buffer += SHA1_DATA_SIZE;
length -= SHA1_DATA_SIZE;
}
if ((ctx->index = length)) /* This assignment is intended */
/* Buffer leftovers */
memcpy(ctx->block, buffer, length);
}
/* Final wrapup - pad to SHA1_DATA_SIZE-byte boundary with the bit pattern
1 0* (64-bit count of bits processed, MSB-first) */
void
sha1_final(struct sha1_ctx *ctx)
{
uint32_t data[SHA1_DATA_LENGTH];
int i;
int words;
i = ctx->index;
/* Set the first char of padding to 0x80. This is safe since there is
always at least one byte free */
assert(i < SHA1_DATA_SIZE);
ctx->block[i++] = 0x80;
/* Fill rest of word */
for( ; i & 3; i++)
ctx->block[i] = 0;
/* i is now a multiple of the word size 4 */
words = i >> 2;
for (i = 0; i < words; i++)
data[i] = READ_UINT32(ctx->block + 4*i);
if (words > (SHA1_DATA_LENGTH-2))
{ /* No room for length in this block. Process it and
* pad with another one */
for (i = words ; i < SHA1_DATA_LENGTH; i++)
data[i] = 0;
sha1_transform(ctx->digest, data);
for (i = 0; i < (SHA1_DATA_LENGTH-2); i++)
data[i] = 0;
}
else
for (i = words ; i < SHA1_DATA_LENGTH - 2; i++)
data[i] = 0;
/* There are 512 = 2^9 bits in one block */
data[SHA1_DATA_LENGTH-2] = (ctx->count_high << 9) | (ctx->count_low >> 23);
data[SHA1_DATA_LENGTH-1] = (ctx->count_low << 9) | (ctx->index << 3);
sha1_transform(ctx->digest, data);
}
void
sha1_digest(const struct sha1_ctx *ctx,
unsigned length,
uint8_t *digest)
{
unsigned i;
unsigned words;
unsigned leftover;
assert(length <= SHA1_DIGEST_SIZE);
words = length / 4;
leftover = length % 4;
for (i = 0; i < words; i++, digest += 4)
WRITE_UINT32(digest, ctx->digest[i]);
if (leftover)
{
uint32_t word;
unsigned j = leftover;
assert(i < _SHA1_DIGEST_LENGTH);
word = ctx->digest[i];
switch (leftover)
{
default:
abort();
case 3:
digest[--j] = (word >> 8) & 0xff;
/* Fall through */
case 2:
digest[--j] = (word >> 16) & 0xff;
/* Fall through */
case 1:
digest[--j] = (word >> 24) & 0xff;
}
}
}

61
lsh/src/nettle/sha1.h Normal file
View File

@ -0,0 +1,61 @@
/* sha1.h
*
* The sha1 hash function.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#ifndef NETTLE_SHA1_H_INCLUDED
#define NETTLE_SHA1_H_INCLUDED
#include <inttypes.h>
#define SHA1_DIGEST_SIZE 20
#define SHA1_DATA_SIZE 64
/* Digest is kept internally as 4 32-bit words. */
#define _SHA1_DIGEST_LENGTH 5
struct sha1_ctx
{
uint32_t digest[_SHA1_DIGEST_LENGTH]; /* Message digest */
uint32_t count_low, count_high; /* 64-bit block count */
uint8_t block[SHA1_DATA_SIZE]; /* SHA1 data buffer */
unsigned int index; /* index into buffer */
};
void
sha1_init(struct sha1_ctx *ctx);
void
sha1_update(struct sha1_ctx *ctx,
unsigned length,
const uint8_t *data);
void
sha1_final(struct sha1_ctx *ctx);
void
sha1_digest(const struct sha1_ctx *ctx,
unsigned length,
uint8_t *digest);
#endif /* NETTLE_SHA1_H_INCLUDED */

1
lsh/src/nettle/stamp-h.in Normal file
View File

@ -0,0 +1 @@
timestamp

24
lsh/src/nettle/testsuite/Makefile.am Normal file
View File

@ -0,0 +1,24 @@
CFLAGS = -I$(top_srcdir) @CFLAGS@ -O0
CPPFLAGS = @CPPFLAGS@
TS_PROGS = aes-test arcfour-test blowfish-test cast128-test des-test \
md5-test sha1-test \
serpent-test twofish-test
noinst_PROGRAMS = $(TS_PROGS)
LDADD = testutils.o ../libnettle.a
EXTRA_DIST = $(SOURCES:.c=.m4) testutils.c testutils.h run-tests
M4FLAGS = -P -s
%.c: macros.m4 %.m4
$(M4) $(M4FLAGS) $^ > $@T
test -s $@T && mv -f $@T $@
.PNONY: check run-tests
check: run-tests
run-tests: $(TS_PROGS)
$(srcdir)/run-tests $^

358
lsh/src/nettle/testsuite/Makefile.in Normal file
View File

@ -0,0 +1,358 @@
# Makefile.in generated automatically by automake 1.4 from Makefile.am
# Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
SHELL = @SHELL@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
DESTDIR =
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = ..
ACLOCAL = @ACLOCAL@
AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS)
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
transform = @program_transform_name@
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
CC = @CC@
M4 = @M4@
MAKEINFO = @MAKEINFO@
PACKAGE = @PACKAGE@
RANLIB = @RANLIB@
VERSION = @VERSION@
CFLAGS = -I$(top_srcdir) @CFLAGS@ -O0
CPPFLAGS = @CPPFLAGS@
TS_PROGS = aes-test arcfour-test blowfish-test cast128-test des-test md5-test sha1-test serpent-test twofish-test
noinst_PROGRAMS = $(TS_PROGS)
LDADD = testutils.o ../libnettle.a
EXTRA_DIST = $(SOURCES:.c=.m4) testutils.c testutils.h run-tests
M4FLAGS = -P -s
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = ../config.h
CONFIG_CLEAN_FILES =
PROGRAMS = $(noinst_PROGRAMS)
DEFS = @DEFS@ -I. -I$(srcdir) -I..
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
aes_test_SOURCES = aes-test.c
aes_test_OBJECTS = aes-test.o
aes_test_LDADD = $(LDADD)
aes_test_DEPENDENCIES = testutils.o ../libnettle.a
aes_test_LDFLAGS =
arcfour_test_SOURCES = arcfour-test.c
arcfour_test_OBJECTS = arcfour-test.o
arcfour_test_LDADD = $(LDADD)
arcfour_test_DEPENDENCIES = testutils.o ../libnettle.a
arcfour_test_LDFLAGS =
blowfish_test_SOURCES = blowfish-test.c
blowfish_test_OBJECTS = blowfish-test.o
blowfish_test_LDADD = $(LDADD)
blowfish_test_DEPENDENCIES = testutils.o ../libnettle.a
blowfish_test_LDFLAGS =
cast128_test_SOURCES = cast128-test.c
cast128_test_OBJECTS = cast128-test.o
cast128_test_LDADD = $(LDADD)
cast128_test_DEPENDENCIES = testutils.o ../libnettle.a
cast128_test_LDFLAGS =
des_test_SOURCES = des-test.c
des_test_OBJECTS = des-test.o
des_test_LDADD = $(LDADD)
des_test_DEPENDENCIES = testutils.o ../libnettle.a
des_test_LDFLAGS =
md5_test_SOURCES = md5-test.c
md5_test_OBJECTS = md5-test.o
md5_test_LDADD = $(LDADD)
md5_test_DEPENDENCIES = testutils.o ../libnettle.a
md5_test_LDFLAGS =
sha1_test_SOURCES = sha1-test.c
sha1_test_OBJECTS = sha1-test.o
sha1_test_LDADD = $(LDADD)
sha1_test_DEPENDENCIES = testutils.o ../libnettle.a
sha1_test_LDFLAGS =
serpent_test_SOURCES = serpent-test.c
serpent_test_OBJECTS = serpent-test.o
serpent_test_LDADD = $(LDADD)
serpent_test_DEPENDENCIES = testutils.o ../libnettle.a
serpent_test_LDFLAGS =
twofish_test_SOURCES = twofish-test.c
twofish_test_OBJECTS = twofish-test.o
twofish_test_LDADD = $(LDADD)
twofish_test_DEPENDENCIES = testutils.o ../libnettle.a
twofish_test_LDFLAGS =
COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@
DIST_COMMON = Makefile.am Makefile.in
DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
TAR = tar
GZIP_ENV = --best
SOURCES = aes-test.c arcfour-test.c blowfish-test.c cast128-test.c des-test.c md5-test.c sha1-test.c serpent-test.c twofish-test.c
OBJECTS = aes-test.o arcfour-test.o blowfish-test.o cast128-test.o des-test.o md5-test.o sha1-test.o serpent-test.o twofish-test.o
all: all-redirect
.SUFFIXES:
.SUFFIXES: .S .c .o .s
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && $(AUTOMAKE) --gnu --include-deps testsuite/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) \
&& CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
mostlyclean-noinstPROGRAMS:
clean-noinstPROGRAMS:
-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
distclean-noinstPROGRAMS:
maintainer-clean-noinstPROGRAMS:
.c.o:
$(COMPILE) -c $<
.s.o:
$(COMPILE) -c $<
.S.o:
$(COMPILE) -c $<
mostlyclean-compile:
-rm -f *.o core *.core
clean-compile:
distclean-compile:
-rm -f *.tab.c
maintainer-clean-compile:
aes-test: $(aes_test_OBJECTS) $(aes_test_DEPENDENCIES)
@rm -f aes-test
$(LINK) $(aes_test_LDFLAGS) $(aes_test_OBJECTS) $(aes_test_LDADD) $(LIBS)
arcfour-test: $(arcfour_test_OBJECTS) $(arcfour_test_DEPENDENCIES)
@rm -f arcfour-test
$(LINK) $(arcfour_test_LDFLAGS) $(arcfour_test_OBJECTS) $(arcfour_test_LDADD) $(LIBS)
blowfish-test: $(blowfish_test_OBJECTS) $(blowfish_test_DEPENDENCIES)
@rm -f blowfish-test
$(LINK) $(blowfish_test_LDFLAGS) $(blowfish_test_OBJECTS) $(blowfish_test_LDADD) $(LIBS)
cast128-test: $(cast128_test_OBJECTS) $(cast128_test_DEPENDENCIES)
@rm -f cast128-test
$(LINK) $(cast128_test_LDFLAGS) $(cast128_test_OBJECTS) $(cast128_test_LDADD) $(LIBS)
des-test: $(des_test_OBJECTS) $(des_test_DEPENDENCIES)
@rm -f des-test
$(LINK) $(des_test_LDFLAGS) $(des_test_OBJECTS) $(des_test_LDADD) $(LIBS)
md5-test: $(md5_test_OBJECTS) $(md5_test_DEPENDENCIES)
@rm -f md5-test
$(LINK) $(md5_test_LDFLAGS) $(md5_test_OBJECTS) $(md5_test_LDADD) $(LIBS)
sha1-test: $(sha1_test_OBJECTS) $(sha1_test_DEPENDENCIES)
@rm -f sha1-test
$(LINK) $(sha1_test_LDFLAGS) $(sha1_test_OBJECTS) $(sha1_test_LDADD) $(LIBS)
serpent-test: $(serpent_test_OBJECTS) $(serpent_test_DEPENDENCIES)
@rm -f serpent-test
$(LINK) $(serpent_test_LDFLAGS) $(serpent_test_OBJECTS) $(serpent_test_LDADD) $(LIBS)
twofish-test: $(twofish_test_OBJECTS) $(twofish_test_DEPENDENCIES)
@rm -f twofish-test
$(LINK) $(twofish_test_LDFLAGS) $(twofish_test_OBJECTS) $(twofish_test_LDADD) $(LIBS)
tags: TAGS
ID: $(HEADERS) $(SOURCES) $(LISP)
list='$(SOURCES) $(HEADERS)'; \
unique=`for i in $$list; do echo $$i; done | \
awk ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
here=`pwd` && cd $(srcdir) \
&& mkid -f$$here/ID $$unique $(LISP)
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS)'; \
unique=`for i in $$list; do echo $$i; done | \
awk ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -o $$here/TAGS)
mostlyclean-tags:
clean-tags:
distclean-tags:
-rm -f TAGS ID
maintainer-clean-tags:
distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
subdir = testsuite
distdir: $(DISTFILES)
@for file in $(DISTFILES); do \
d=$(srcdir); \
if test -d $$d/$$file; then \
cp -pr $$d/$$file $(distdir)/$$file; \
else \
test -f $(distdir)/$$file \
|| ln $$d/$$file $(distdir)/$$file 2> /dev/null \
|| cp -p $$d/$$file $(distdir)/$$file || :; \
fi; \
done
aes-test.o: aes-test.c ../aes.h testutils.h
arcfour-test.o: arcfour-test.c ../arcfour.h testutils.h
blowfish-test.o: blowfish-test.c ../blowfish.h testutils.h
cast128-test.o: cast128-test.c ../cast128.h testutils.h
des-test.o: des-test.c ../des.h testutils.h
md5-test.o: md5-test.c ../md5.h testutils.h
serpent-test.o: serpent-test.c ../serpent.h testutils.h
sha1-test.o: sha1-test.c ../sha1.h testutils.h
testutils.o: testutils.c testutils.h
twofish-test.o: twofish-test.c ../twofish.h testutils.h
info-am:
info: info-am
dvi-am:
dvi: dvi-am
check-am: all-am
check: check-am
installcheck-am:
installcheck: installcheck-am
install-exec-am:
install-exec: install-exec-am
install-data-am:
install-data: install-data-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
install: install-am
uninstall-am:
uninstall: uninstall-am
all-am: Makefile $(PROGRAMS)
all-redirect: all-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install
installdirs:
mostlyclean-generic:
clean-generic:
distclean-generic:
-rm -f Makefile $(CONFIG_CLEAN_FILES)
-rm -f config.cache config.log stamp-h stamp-h[0-9]*
maintainer-clean-generic:
mostlyclean-am: mostlyclean-noinstPROGRAMS mostlyclean-compile \
mostlyclean-tags mostlyclean-generic
mostlyclean: mostlyclean-am
clean-am: clean-noinstPROGRAMS clean-compile clean-tags clean-generic \
mostlyclean-am
clean: clean-am
distclean-am: distclean-noinstPROGRAMS distclean-compile distclean-tags \
distclean-generic clean-am
distclean: distclean-am
maintainer-clean-am: maintainer-clean-noinstPROGRAMS \
maintainer-clean-compile maintainer-clean-tags \
maintainer-clean-generic distclean-am
@echo "This command is intended for maintainers to use;"
@echo "it deletes files that may require special tools to rebuild."
maintainer-clean: maintainer-clean-am
.PHONY: mostlyclean-noinstPROGRAMS distclean-noinstPROGRAMS \
clean-noinstPROGRAMS maintainer-clean-noinstPROGRAMS \
mostlyclean-compile distclean-compile clean-compile \
maintainer-clean-compile tags mostlyclean-tags distclean-tags \
clean-tags maintainer-clean-tags distdir info-am info dvi-am dvi check \
check-am installcheck-am installcheck install-exec-am install-exec \
install-data-am install-data install-am install uninstall-am uninstall \
all-redirect all-am all installdirs mostlyclean-generic \
distclean-generic clean-generic maintainer-clean-generic clean \
mostlyclean distclean maintainer-clean
%.c: macros.m4 %.m4
$(M4) $(M4FLAGS) $^ > $@T
test -s $@T && mv -f $@T $@
.PNONY: check run-tests
check: run-tests
run-tests: $(TS_PROGS)
$(srcdir)/run-tests $^
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

107
lsh/src/nettle/testsuite/aes-test.c Normal file
View File

@ -0,0 +1,107 @@
#line 9 "macros.m4"
#line 26
#line 1 "aes-test.m4"
#include "aes.h"
#line 3
#include "testutils.h"
#line 3
#line 3
#include <string.h>
#line 3
#include <stdlib.h>
#line 3
#line 3
int main (int argc, char **argv)
#line 3
{
#line 3
struct aes_ctx ctx;
uint8_t msg[AES_BLOCK_SIZE];
uint8_t cipher[AES_BLOCK_SIZE];
uint8_t clear[AES_BLOCK_SIZE];
/* 128 bit keys */
decode_hex(msg, "506812A45F08C889 B97F5980038B8359");
aes_set_key(&ctx, 16, decode_hex_dup("0001020305060708 0A0B0C0D0F101112"));
aes_encrypt(&ctx, AES_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("D8F532538289EF7D 06B506A4FD5BE9C9"), 16)))
abort();
aes_decrypt(&ctx, AES_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, 16)))
abort();
decode_hex(msg, "5C6D71CA30DE8B8B 00549984D2EC7D4B");
aes_set_key(&ctx, 16, decode_hex_dup("14151617191A1B1C 1E1F202123242526"));
aes_encrypt(&ctx, AES_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("59AB30F4D4EE6E4F F9907EF65B1FB68C"), 16)))
abort();
aes_decrypt(&ctx, AES_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, 16)))
abort();
decode_hex(msg, "53F3F4C64F8616E4 E7C56199F48F21F6");
aes_set_key(&ctx, 16, decode_hex_dup("28292A2B2D2E2F30 323334353738393A"));
aes_encrypt(&ctx, AES_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("BF1ED2FCB2AF3FD4 1443B56D85025CB1"), 16)))
abort();
aes_decrypt(&ctx, AES_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, 16)))
abort();
decode_hex(msg, "F5F4F7F684878689 A6A7A0A1D2CDCCCF");
aes_set_key(&ctx, 16, decode_hex_dup("A0A1A2A3A5A6A7A8 AAABACADAFB0B1B2"));
aes_encrypt(&ctx, AES_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("CE52AF650D088CA5 59425223F4D32694"), 16)))
abort();
aes_decrypt(&ctx, AES_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, 16)))
abort();
/* 192 bit keys */
decode_hex(msg, "2D33EEF2C0430A8A 9EBF45E809C40BB6");
aes_set_key(&ctx, 24, decode_hex_dup("0001020305060708 0A0B0C0D0F101112"
"14151617191A1B1C"));
aes_encrypt(&ctx, AES_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("DFF4945E0336DF4C 1C56BC700EFF837F"), 16)))
abort();
aes_decrypt(&ctx, AES_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, 16)))
abort();
/* 256 bit keys */
decode_hex(msg, "834EADFCCAC7E1B30664B1ABA44815AB");
aes_set_key(&ctx, 32, decode_hex_dup("0001020305060708 0A0B0C0D0F101112"
"14151617191A1B1C 1E1F202123242526"));
aes_encrypt(&ctx, AES_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("1946DABF6A03A2A2 C3D0B05080AED6FC"), 16)))
abort();
aes_decrypt(&ctx, AES_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, 16)))
abort();
#line 5 "macros.m4"
/* Avoid warnings for argc and argv unused */
(void) argc; (void) argv;
return 0;
}

80
lsh/src/nettle/testsuite/aes-test.m4 Normal file
View File

@ -0,0 +1,80 @@
#include "aes.h"
BEGIN_TEST
struct aes_ctx ctx;
uint8_t msg[AES_BLOCK_SIZE];
uint8_t cipher[AES_BLOCK_SIZE];
uint8_t clear[AES_BLOCK_SIZE];
/* 128 bit keys */
H(msg, "506812A45F08C889 B97F5980038B8359");
aes_set_key(&ctx, 16, H("0001020305060708 0A0B0C0D0F101112"));
aes_encrypt(&ctx, AES_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(16, cipher, H("D8F532538289EF7D 06B506A4FD5BE9C9")))
FAIL;
aes_decrypt(&ctx, AES_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(16, msg, clear))
FAIL;
H(msg, "5C6D71CA30DE8B8B 00549984D2EC7D4B");
aes_set_key(&ctx, 16, H("14151617191A1B1C 1E1F202123242526"));
aes_encrypt(&ctx, AES_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(16, cipher, H("59AB30F4D4EE6E4F F9907EF65B1FB68C")))
FAIL;
aes_decrypt(&ctx, AES_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(16, msg, clear))
FAIL;
H(msg, "53F3F4C64F8616E4 E7C56199F48F21F6");
aes_set_key(&ctx, 16, H("28292A2B2D2E2F30 323334353738393A"));
aes_encrypt(&ctx, AES_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(16, cipher, H("BF1ED2FCB2AF3FD4 1443B56D85025CB1")))
FAIL;
aes_decrypt(&ctx, AES_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(16, msg, clear))
FAIL;
H(msg, "F5F4F7F684878689 A6A7A0A1D2CDCCCF");
aes_set_key(&ctx, 16, H("A0A1A2A3A5A6A7A8 AAABACADAFB0B1B2"));
aes_encrypt(&ctx, AES_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(16, cipher, H("CE52AF650D088CA5 59425223F4D32694")))
FAIL;
aes_decrypt(&ctx, AES_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(16, msg, clear))
FAIL;
/* 192 bit keys */
H(msg, "2D33EEF2C0430A8A 9EBF45E809C40BB6");
aes_set_key(&ctx, 24, H("0001020305060708 0A0B0C0D0F101112"
"14151617191A1B1C"));
aes_encrypt(&ctx, AES_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(16, cipher, H("DFF4945E0336DF4C 1C56BC700EFF837F")))
FAIL;
aes_decrypt(&ctx, AES_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(16, msg, clear))
FAIL;
/* 256 bit keys */
H(msg, "834EADFCCAC7E1B30664B1ABA44815AB");
aes_set_key(&ctx, 32, H("0001020305060708 0A0B0C0D0F101112"
"14151617191A1B1C 1E1F202123242526"));
aes_encrypt(&ctx, AES_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(16, cipher, H("1946DABF6A03A2A2 C3D0B05080AED6FC")))
FAIL;
aes_decrypt(&ctx, AES_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(16, msg, clear))
FAIL;

38
lsh/src/nettle/testsuite/arcfour-test.c Normal file
View File

@ -0,0 +1,38 @@
#line 9 "macros.m4"
#line 26
#line 1 "arcfour-test.m4"
#include "arcfour.h"
#line 3
#include "testutils.h"
#line 3
#line 3
#include <string.h>
#line 3
#include <stdlib.h>
#line 3
#line 3
int main (int argc, char **argv)
#line 3
{
#line 3
struct arcfour_ctx ctx;
const uint8_t *clear = decode_hex_dup("01234567 89ABCDEF");
uint8_t cipher[8];
arcfour_set_key(&ctx, 16, decode_hex_dup("01234567 89ABCDEF 00000000 00000000"));
arcfour_crypt(&ctx, 8, cipher, clear);
if (!(!memcmp (cipher, decode_hex_dup("69723659 1B5242B1"), 8)))
abort();
#line 5 "macros.m4"
/* Avoid warnings for argc and argv unused */
(void) argc; (void) argv;
return 0;
}

11
lsh/src/nettle/testsuite/arcfour-test.m4 Normal file
View File

@ -0,0 +1,11 @@
#include "arcfour.h"
BEGIN_TEST
struct arcfour_ctx ctx;
const uint8_t *clear = H("01234567 89ABCDEF");
uint8_t cipher[8];
arcfour_set_key(&ctx, 16, H("01234567 89ABCDEF 00000000 00000000"));
arcfour_crypt(&ctx, 8, cipher, clear);
if (!MEMEQ(8, cipher, H("69723659 1B5242B1")))
FAIL;

121
lsh/src/nettle/testsuite/blowfish-test.c Normal file
View File

@ -0,0 +1,121 @@
#line 9 "macros.m4"
#line 26
#line 1 "blowfish-test.m4"
#include "blowfish.h"
#line 3
#include "testutils.h"
#line 3
#line 3
#include <string.h>
#line 3
#include <stdlib.h>
#line 3
#line 3
int main (int argc, char **argv)
#line 3
{
#line 3
struct blowfish_ctx ctx;
uint8_t msg[BLOWFISH_BLOCK_SIZE];
uint8_t cipher[BLOWFISH_BLOCK_SIZE];
uint8_t clear[BLOWFISH_BLOCK_SIZE];
/* 208 bit key. Test from GNUPG. */
blowfish_set_key(&ctx, 26, "abcdefghijklmnopqrstuvwxyz");
blowfish_encrypt(&ctx, BLOWFISH_BLOCK_SIZE, cipher, "BLOWFISH");
if (!(!memcmp (cipher, decode_hex_dup("32 4E D0 FE F4 13 A2 03"), BLOWFISH_BLOCK_SIZE)))
abort();
blowfish_decrypt(&ctx, BLOWFISH_BLOCK_SIZE, clear, cipher);
if (!(!memcmp ("BLOWFISH", clear, BLOWFISH_BLOCK_SIZE)))
abort();
/* FIXME: All values below are bogus. */
#if 0
/* 128 bit keys */
decode_hex(msg, "506812A45F08C889 B97F5980038B8359");
blowfish_set_key(&ctx, 16, decode_hex_dup("0001020305060708 0A0B0C0D0F101112"));
blowfish_encrypt(&ctx, BLOWFISH_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("D8F532538289EF7D 06B506A4FD5BE9C9"), 16)))
abort();
blowfish_decrypt(&ctx, BLOWFISH_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, 16)))
abort();
decode_hex(msg, "5C6D71CA30DE8B8B 00549984D2EC7D4B");
blowfish_set_key(&ctx, 16, decode_hex_dup("14151617191A1B1C 1E1F202123242526"));
blowfish_encrypt(&ctx, BLOWFISH_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("59AB30F4D4EE6E4F F9907EF65B1FB68C"), 16)))
abort();
blowfish_decrypt(&ctx, BLOWFISH_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, 16)))
abort();
decode_hex(msg, "53F3F4C64F8616E4 E7C56199F48F21F6");
blowfish_set_key(&ctx, 16, decode_hex_dup("28292A2B2D2E2F30 323334353738393A"));
blowfish_encrypt(&ctx, BLOWFISH_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("BF1ED2FCB2AF3FD4 1443B56D85025CB1"), 16)))
abort();
blowfish_decrypt(&ctx, BLOWFISH_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, 16)))
abort();
decode_hex(msg, "F5F4F7F684878689 A6A7A0A1D2CDCCCF");
blowfish_set_key(&ctx, 16, decode_hex_dup("A0A1A2A3A5A6A7A8 AAABACADAFB0B1B2"));
blowfish_encrypt(&ctx, BLOWFISH_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("CE52AF650D088CA5 59425223F4D32694"), 16)))
abort();
blowfish_decrypt(&ctx, BLOWFISH_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, 16)))
abort();
/* 192 bit keys */
decode_hex(msg, "2D33EEF2C0430A8A 9EBF45E809C40BB6");
blowfish_set_key(&ctx, 24, decode_hex_dup("0001020305060708 0A0B0C0D0F101112"
"14151617191A1B1C"));
blowfish_encrypt(&ctx, BLOWFISH_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("DFF4945E0336DF4C 1C56BC700EFF837F"), 16)))
abort();
blowfish_decrypt(&ctx, BLOWFISH_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, 16)))
abort();
/* 256 bit keys */
decode_hex(msg, "834EADFCCAC7E1B30664B1ABA44815AB");
blowfish_set_key(&ctx, 32, decode_hex_dup("0001020305060708 0A0B0C0D0F101112"
"14151617191A1B1C 1E1F202123242526"));
blowfish_encrypt(&ctx, BLOWFISH_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("1946DABF6A03A2A2 C3D0B05080AED6FC"), 16)))
abort();
blowfish_decrypt(&ctx, BLOWFISH_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, 16)))
abort();
#endif
#line 5 "macros.m4"
/* Avoid warnings for argc and argv unused */
(void) argc; (void) argv;
return 0;
}

94
lsh/src/nettle/testsuite/blowfish-test.m4 Normal file
View File

@ -0,0 +1,94 @@
#include "blowfish.h"
BEGIN_TEST
struct blowfish_ctx ctx;
uint8_t msg[BLOWFISH_BLOCK_SIZE];
uint8_t cipher[BLOWFISH_BLOCK_SIZE];
uint8_t clear[BLOWFISH_BLOCK_SIZE];
/* 208 bit key. Test from GNUPG. */
blowfish_set_key(&ctx, 26, "abcdefghijklmnopqrstuvwxyz");
blowfish_encrypt(&ctx, BLOWFISH_BLOCK_SIZE, cipher, "BLOWFISH");
if (!MEMEQ(BLOWFISH_BLOCK_SIZE, cipher, H("32 4E D0 FE F4 13 A2 03")))
FAIL;
blowfish_decrypt(&ctx, BLOWFISH_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(BLOWFISH_BLOCK_SIZE, "BLOWFISH", clear))
FAIL;
/* FIXME: All values below are bogus. */
#if 0
/* 128 bit keys */
H(msg, "506812A45F08C889 B97F5980038B8359");
blowfish_set_key(&ctx, 16, H("0001020305060708 0A0B0C0D0F101112"));
blowfish_encrypt(&ctx, BLOWFISH_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(16, cipher, H("D8F532538289EF7D 06B506A4FD5BE9C9")))
FAIL;
blowfish_decrypt(&ctx, BLOWFISH_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(16, msg, clear))
FAIL;
H(msg, "5C6D71CA30DE8B8B 00549984D2EC7D4B");
blowfish_set_key(&ctx, 16, H("14151617191A1B1C 1E1F202123242526"));
blowfish_encrypt(&ctx, BLOWFISH_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(16, cipher, H("59AB30F4D4EE6E4F F9907EF65B1FB68C")))
FAIL;
blowfish_decrypt(&ctx, BLOWFISH_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(16, msg, clear))
FAIL;
H(msg, "53F3F4C64F8616E4 E7C56199F48F21F6");
blowfish_set_key(&ctx, 16, H("28292A2B2D2E2F30 323334353738393A"));
blowfish_encrypt(&ctx, BLOWFISH_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(16, cipher, H("BF1ED2FCB2AF3FD4 1443B56D85025CB1")))
FAIL;
blowfish_decrypt(&ctx, BLOWFISH_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(16, msg, clear))
FAIL;
H(msg, "F5F4F7F684878689 A6A7A0A1D2CDCCCF");
blowfish_set_key(&ctx, 16, H("A0A1A2A3A5A6A7A8 AAABACADAFB0B1B2"));
blowfish_encrypt(&ctx, BLOWFISH_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(16, cipher, H("CE52AF650D088CA5 59425223F4D32694")))
FAIL;
blowfish_decrypt(&ctx, BLOWFISH_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(16, msg, clear))
FAIL;
/* 192 bit keys */
H(msg, "2D33EEF2C0430A8A 9EBF45E809C40BB6");
blowfish_set_key(&ctx, 24, H("0001020305060708 0A0B0C0D0F101112"
"14151617191A1B1C"));
blowfish_encrypt(&ctx, BLOWFISH_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(16, cipher, H("DFF4945E0336DF4C 1C56BC700EFF837F")))
FAIL;
blowfish_decrypt(&ctx, BLOWFISH_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(16, msg, clear))
FAIL;
/* 256 bit keys */
H(msg, "834EADFCCAC7E1B30664B1ABA44815AB");
blowfish_set_key(&ctx, 32, H("0001020305060708 0A0B0C0D0F101112"
"14151617191A1B1C 1E1F202123242526"));
blowfish_encrypt(&ctx, BLOWFISH_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(16, cipher, H("1946DABF6A03A2A2 C3D0B05080AED6FC")))
FAIL;
blowfish_decrypt(&ctx, BLOWFISH_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(16, msg, clear))
FAIL;
#endif

79
lsh/src/nettle/testsuite/cast128-test.c Normal file
View File

@ -0,0 +1,79 @@
#line 9 "macros.m4"
#line 26
#line 1 "cast128-test.m4"
#include "cast128.h"
#line 3
#include "testutils.h"
#line 3
#line 3
#include <string.h>
#line 3
#include <stdlib.h>
#line 3
#line 3
int main (int argc, char **argv)
#line 3
{
#line 3
struct cast128_ctx ctx;
uint8_t msg[CAST128_BLOCK_SIZE];
uint8_t cipher[CAST128_BLOCK_SIZE];
uint8_t clear[CAST128_BLOCK_SIZE];
#line 12
/* Test vectors from B.1. Single Plaintext-Key-Ciphertext Sets, RFC
#line 12
* 2144 */
/* 128 bit key */
decode_hex(msg, "01 23 45 67 89 AB CD EF");
cast128_set_key(&ctx, 16, decode_hex_dup("01 23 45 67 12 34 56 78"
"23 45 67 89 34 56 78 9A"));
cast128_encrypt(&ctx, CAST128_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("23 8B 4F E5 84 7E 44 B2"), CAST128_BLOCK_SIZE)))
abort();
cast128_decrypt(&ctx, CAST128_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, CAST128_BLOCK_SIZE)))
abort();
/* 80 bit key */
decode_hex(msg, "01 23 45 67 89 AB CD EF");
cast128_set_key(&ctx, 10, decode_hex_dup("01 23 45 67 12 34 56 78 23 45"));
cast128_encrypt(&ctx, CAST128_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("EB 6A 71 1A 2C 02 27 1B"), CAST128_BLOCK_SIZE)))
abort();
cast128_decrypt(&ctx, CAST128_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, CAST128_BLOCK_SIZE)))
abort();
/* 40 bit key */
decode_hex(msg, "01 23 45 67 89 AB CD EF");
cast128_set_key(&ctx, 5, decode_hex_dup("01 23 45 67 12"));
cast128_encrypt(&ctx, CAST128_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("7A C8 16 D1 6E 9B 30 2E"), CAST128_BLOCK_SIZE)))
abort();
cast128_decrypt(&ctx, CAST128_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, CAST128_BLOCK_SIZE)))
abort();
#line 5 "macros.m4"
/* Avoid warnings for argc and argv unused */
(void) argc; (void) argv;
return 0;
}

50
lsh/src/nettle/testsuite/cast128-test.m4 Normal file
View File

@ -0,0 +1,50 @@
#include "cast128.h"
BEGIN_TEST
struct cast128_ctx ctx;
uint8_t msg[CAST128_BLOCK_SIZE];
uint8_t cipher[CAST128_BLOCK_SIZE];
uint8_t clear[CAST128_BLOCK_SIZE];
/* Test vectors from B.1. Single Plaintext-Key-Ciphertext Sets, RFC
* 2144 */
/* 128 bit key */
H(msg, "01 23 45 67 89 AB CD EF");
cast128_set_key(&ctx, 16, H("01 23 45 67 12 34 56 78"
"23 45 67 89 34 56 78 9A"));
cast128_encrypt(&ctx, CAST128_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(CAST128_BLOCK_SIZE, cipher, H("23 8B 4F E5 84 7E 44 B2")))
FAIL;
cast128_decrypt(&ctx, CAST128_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(CAST128_BLOCK_SIZE, msg, clear))
FAIL;
/* 80 bit key */
H(msg, "01 23 45 67 89 AB CD EF");
cast128_set_key(&ctx, 10, H("01 23 45 67 12 34 56 78 23 45"));
cast128_encrypt(&ctx, CAST128_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(CAST128_BLOCK_SIZE, cipher, H("EB 6A 71 1A 2C 02 27 1B")))
FAIL;
cast128_decrypt(&ctx, CAST128_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(CAST128_BLOCK_SIZE, msg, clear))
FAIL;
/* 40 bit key */
H(msg, "01 23 45 67 89 AB CD EF");
cast128_set_key(&ctx, 5, H("01 23 45 67 12"));
cast128_encrypt(&ctx, CAST128_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(CAST128_BLOCK_SIZE, cipher, H("7A C8 16 D1 6E 9B 30 2E")))
FAIL;
cast128_decrypt(&ctx, CAST128_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(CAST128_BLOCK_SIZE, msg, clear))
FAIL;

113
lsh/src/nettle/testsuite/des-test.c Normal file
View File

@ -0,0 +1,113 @@
#line 9 "macros.m4"
#line 26
#line 1 "des-test.m4"
#include "des.h"
#line 3
#include "testutils.h"
#line 3
#line 3
#include <string.h>
#line 3
#include <stdlib.h>
#line 3
#line 3
int main (int argc, char **argv)
#line 3
{
#line 3
struct des_ctx ctx;
uint8_t msg[DES_BLOCK_SIZE];
uint8_t cipher[DES_BLOCK_SIZE];
uint8_t clear[DES_BLOCK_SIZE];
decode_hex(msg, "00 00 00 00 00 00 00 00");
if (!des_set_key(&ctx, decode_hex_dup("01 01 01 01 01 01 01 80")))
abort();
des_encrypt(&ctx, DES_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("9C C6 2D F4 3B 6E ED 74"), DES_BLOCK_SIZE)))
#line 20
abort();
des_decrypt(&ctx, DES_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, DES_BLOCK_SIZE)))
abort();
decode_hex(msg, "00 00 00 00 00 00 00 40");
if (!des_set_key(&ctx, decode_hex_dup("80 01 01 01 01 01 01 01")))
abort();
des_encrypt(&ctx, DES_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("A3 80 E0 2A 6B E5 46 96"), DES_BLOCK_SIZE)))
#line 35
abort();
des_decrypt(&ctx, DES_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, DES_BLOCK_SIZE)))
abort();
decode_hex(msg, "00 00 00 00 00 00 00 00");
if (!des_set_key(&ctx, decode_hex_dup("08 19 2A 3B 4C 5D 6E 7F")))
abort();
des_encrypt(&ctx, DES_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("25 DD AC 3E 96 17 64 67"), DES_BLOCK_SIZE)))
#line 50
abort();
des_decrypt(&ctx, DES_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, DES_BLOCK_SIZE)))
abort();
if (!des_set_key(&ctx, decode_hex_dup("01 23 45 67 89 AB CD EF")))
abort();
des_encrypt(&ctx, DES_BLOCK_SIZE, cipher, "Now is t");
if (!(!memcmp (cipher, decode_hex_dup("3F A4 0E 8A 98 4D 48 15"), DES_BLOCK_SIZE)))
#line 63
abort();
des_decrypt(&ctx, DES_BLOCK_SIZE, clear, cipher);
if (!(!memcmp ("Now is t", clear, DES_BLOCK_SIZE)))
abort();
/* Parity check */
if (des_set_key(&ctx, decode_hex_dup("01 01 01 01 01 01 01 00"))
|| (ctx.status != DES_BAD_PARITY))
abort();
/* Weak key check */
if (des_set_key(&ctx, decode_hex_dup("01 01 01 01 01 01 01 01"))
|| (ctx.status != DES_WEAK_KEY))
abort();
if (des_set_key(&ctx, decode_hex_dup("01 FE 01 FE 01 FE 01 FE"))
|| (ctx.status != DES_WEAK_KEY))
abort();
if (des_set_key(&ctx, decode_hex_dup("FE E0 FE E0 FE F1 FE F1"))
|| (ctx.status != DES_WEAK_KEY))
abort();
#line 5 "macros.m4"
/* Avoid warnings for argc and argv unused */
(void) argc; (void) argv;
return 0;
}

86
lsh/src/nettle/testsuite/des-test.m4 Normal file
View File

@ -0,0 +1,86 @@
#include "des.h"
BEGIN_TEST
struct des_ctx ctx;
uint8_t msg[DES_BLOCK_SIZE];
uint8_t cipher[DES_BLOCK_SIZE];
uint8_t clear[DES_BLOCK_SIZE];
H(msg, "00 00 00 00 00 00 00 00");
if (!des_set_key(&ctx, H("01 01 01 01 01 01 01 80")))
FAIL;
des_encrypt(&ctx, DES_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(DES_BLOCK_SIZE, cipher,
H("9C C6 2D F4 3B 6E ED 74")))
FAIL;
des_decrypt(&ctx, DES_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(DES_BLOCK_SIZE, msg, clear))
FAIL;
H(msg, "00 00 00 00 00 00 00 40");
if (!des_set_key(&ctx, H("80 01 01 01 01 01 01 01")))
FAIL;
des_encrypt(&ctx, DES_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(DES_BLOCK_SIZE, cipher,
H("A3 80 E0 2A 6B E5 46 96")))
FAIL;
des_decrypt(&ctx, DES_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(DES_BLOCK_SIZE, msg, clear))
FAIL;
H(msg, "00 00 00 00 00 00 00 00");
if (!des_set_key(&ctx, H("08 19 2A 3B 4C 5D 6E 7F")))
FAIL;
des_encrypt(&ctx, DES_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(DES_BLOCK_SIZE, cipher,
H("25 DD AC 3E 96 17 64 67")))
FAIL;
des_decrypt(&ctx, DES_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(DES_BLOCK_SIZE, msg, clear))
FAIL;
if (!des_set_key(&ctx, H("01 23 45 67 89 AB CD EF")))
FAIL;
des_encrypt(&ctx, DES_BLOCK_SIZE, cipher, "Now is t");
if (!MEMEQ(DES_BLOCK_SIZE, cipher,
H("3F A4 0E 8A 98 4D 48 15")))
FAIL;
des_decrypt(&ctx, DES_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(DES_BLOCK_SIZE, "Now is t", clear))
FAIL;
/* Parity check */
if (des_set_key(&ctx, H("01 01 01 01 01 01 01 00"))
|| (ctx.status != DES_BAD_PARITY))
FAIL;
/* Weak key check */
if (des_set_key(&ctx, H("01 01 01 01 01 01 01 01"))
|| (ctx.status != DES_WEAK_KEY))
FAIL;
if (des_set_key(&ctx, H("01 FE 01 FE 01 FE 01 FE"))
|| (ctx.status != DES_WEAK_KEY))
FAIL;
if (des_set_key(&ctx, H("FE E0 FE E0 FE F1 FE F1"))
|| (ctx.status != DES_WEAK_KEY))
FAIL;

96
lsh/src/nettle/testsuite/md5-test.c Normal file
View File

@ -0,0 +1,96 @@
#line 9 "macros.m4"
#line 26
#line 1 "md5-test.m4"
#include "md5.h"
#line 3
#include "testutils.h"
#line 3
#line 3
#include <string.h>
#line 3
#include <stdlib.h>
#line 3
#line 3
int main (int argc, char **argv)
#line 3
{
#line 3
struct md5_ctx ctx;
uint8_t digest[MD5_DIGEST_SIZE];
md5_init(&ctx);
md5_final(&ctx);
md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("D41D8CD98F00B204 E9800998ECF8427E"), MD5_DIGEST_SIZE)))
abort();
memset(digest, 0, MD5_DIGEST_SIZE);
md5_digest(&ctx, MD5_DIGEST_SIZE - 1, digest);
if (!(!memcmp (digest, decode_hex_dup("D41D8CD98F00B204 E9800998ECF84200"), MD5_DIGEST_SIZE)))
abort();
md5_init(&ctx);
md5_update(&ctx, 1, "a");
md5_final(&ctx);
md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("0CC175B9C0F1B6A8 31C399E269772661"), MD5_DIGEST_SIZE)))
abort();
md5_init(&ctx);
md5_update(&ctx, 3, "abc");
md5_final(&ctx);
md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("900150983cd24fb0 D6963F7D28E17F72"), MD5_DIGEST_SIZE)))
abort();
md5_init(&ctx);
md5_update(&ctx, 14, "message digest");
md5_final(&ctx);
md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("F96B697D7CB7938D 525A2F31AAF161D0"), MD5_DIGEST_SIZE)))
abort();
md5_init(&ctx);
md5_update(&ctx, 26, "abcdefghijklmnopqrstuvwxyz");
md5_final(&ctx);
md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("C3FCD3D76192E400 7DFB496CCA67E13B"), MD5_DIGEST_SIZE)))
abort();
md5_init(&ctx);
md5_update(&ctx, 62, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
md5_final(&ctx);
md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("D174AB98D277D9F5 A5611C2C9F419D9F"), MD5_DIGEST_SIZE)))
abort();
md5_init(&ctx);
md5_update(&ctx, 80, "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890");
md5_final(&ctx);
md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("57EDF4A22BE3C955 AC49DA2E2107B67A"), MD5_DIGEST_SIZE)))
abort();
#line 5 "macros.m4"
/* Avoid warnings for argc and argv unused */
(void) argc; (void) argv;
return 0;
}

69
lsh/src/nettle/testsuite/md5-test.m4 Normal file
View File

@ -0,0 +1,69 @@
#include "md5.h"
BEGIN_TEST
struct md5_ctx ctx;
uint8_t digest[MD5_DIGEST_SIZE];
md5_init(&ctx);
md5_final(&ctx);
md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("D41D8CD98F00B204 E9800998ECF8427E")))
FAIL;
memset(digest, 0, MD5_DIGEST_SIZE);
md5_digest(&ctx, MD5_DIGEST_SIZE - 1, digest);
if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("D41D8CD98F00B204 E9800998ECF84200")))
FAIL;
md5_init(&ctx);
md5_update(&ctx, 1, "a");
md5_final(&ctx);
md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("0CC175B9C0F1B6A8 31C399E269772661")))
FAIL;
md5_init(&ctx);
md5_update(&ctx, 3, "abc");
md5_final(&ctx);
md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("900150983cd24fb0 D6963F7D28E17F72")))
FAIL;
md5_init(&ctx);
md5_update(&ctx, 14, "message digest");
md5_final(&ctx);
md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("F96B697D7CB7938D 525A2F31AAF161D0")))
FAIL;
md5_init(&ctx);
md5_update(&ctx, 26, "abcdefghijklmnopqrstuvwxyz");
md5_final(&ctx);
md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("C3FCD3D76192E400 7DFB496CCA67E13B")))
FAIL;
md5_init(&ctx);
md5_update(&ctx, 62, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
md5_final(&ctx);
md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("D174AB98D277D9F5 A5611C2C9F419D9F")))
FAIL;
md5_init(&ctx);
md5_update(&ctx, 80, "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890");
md5_final(&ctx);
md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("57EDF4A22BE3C955 AC49DA2E2107B67A")))
FAIL;

46
lsh/src/nettle/testsuite/run-tests Normal file
View File

@ -0,0 +1,46 @@
#! /bin/bash
failed=0
all=0
env_program () {
if [ -x ./"$1" ] ; then
if ./"$1"; then : ; else
echo FAIL: $1
exit 1
fi
fi
}
test_program () {
if "./$1" ; then
echo PASS: ${1%-test}
else
echo FAIL: ${1%-test}
failed=`expr $failed + 1`
fi
all=`expr $all + 1`
}
env_program setup-env
if [ $# -eq 0 ] ; then
for f in *-test; do test_program "$f"; done
else
for f in "$@" ; do test_program "$f"; done
fi
if [ $failed -eq 0 ] ; then
banner="All $all tests passed"
else
banner="$failed of $all tests failed"
fi
dashes=`echo "$banner" | sed s/./=/g`
echo "$dashes"
echo "$banner"
echo "$dashes"
env_program teardown-env
[ "$failed" -eq 0 ]

136
lsh/src/nettle/testsuite/serpent-test.c Normal file
View File

@ -0,0 +1,136 @@
#line 9 "macros.m4"
#line 26
#line 1 "serpent-test.m4"
#include "serpent.h"
#line 3
#include "testutils.h"
#line 3
#line 3
#include <string.h>
#line 3
#include <stdlib.h>
#line 3
#line 3
int main (int argc, char **argv)
#line 3
{
#line 3
struct serpent_ctx ctx;
uint8_t msg[SERPENT_BLOCK_SIZE];
uint8_t cipher[SERPENT_BLOCK_SIZE];
uint8_t clear[SERPENT_BLOCK_SIZE];
#line 12
/* The first test for each key size from the ecb_vk.txt and ecb_vt.txt
#line 12
* files in the serpent package. */
/* 128 bit key */
/* vk, 1 */
decode_hex(msg, "0000000000000000 0000000000000000");
serpent_set_key(&ctx, 16, decode_hex_dup("8000000000000000 0000000000000000"));
serpent_encrypt(&ctx, SERPENT_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("49AFBFAD9D5A3405 2CD8FFA5986BD2DD"), SERPENT_BLOCK_SIZE)))
#line 24
abort();
serpent_decrypt(&ctx, SERPENT_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, SERPENT_BLOCK_SIZE)))
abort();
/* vt, 1 */
decode_hex(msg, "8000000000000000 0000000000000000");
serpent_set_key(&ctx, 16, decode_hex_dup("0000000000000000 0000000000000000"));
serpent_encrypt(&ctx, SERPENT_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("10B5FFB720B8CB90 02A1142B0BA2E94A"), SERPENT_BLOCK_SIZE)))
#line 38
abort();
serpent_decrypt(&ctx, SERPENT_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, SERPENT_BLOCK_SIZE)))
abort();
/* 192 bit key */
/* vk, 1 */
decode_hex(msg, "0000000000000000 0000000000000000");
serpent_set_key(&ctx, 24, decode_hex_dup("8000000000000000 0000000000000000"
"0000000000000000"));
serpent_encrypt(&ctx, SERPENT_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("E78E5402C7195568 AC3678F7A3F60C66"), SERPENT_BLOCK_SIZE)))
#line 55
abort();
serpent_decrypt(&ctx, SERPENT_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, SERPENT_BLOCK_SIZE)))
abort();
/* vt, 1 */
decode_hex(msg, "8000000000000000 0000000000000000");
serpent_set_key(&ctx, 24, decode_hex_dup("0000000000000000 0000000000000000"
"0000000000000000"));
serpent_encrypt(&ctx, SERPENT_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("B10B271BA25257E1 294F2B51F076D0D9"), SERPENT_BLOCK_SIZE)))
#line 70
abort();
serpent_decrypt(&ctx, SERPENT_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, SERPENT_BLOCK_SIZE)))
abort();
/* 256 bit key */
/* vk, 1 */
decode_hex(msg, "0000000000000000 0000000000000000");
serpent_set_key(&ctx, 32, decode_hex_dup("8000000000000000 0000000000000000"
"0000000000000000 0000000000000000"));
serpent_encrypt(&ctx, SERPENT_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("ABED96E766BF28CB C0EBD21A82EF0819"), SERPENT_BLOCK_SIZE)))
#line 87
abort();
serpent_decrypt(&ctx, SERPENT_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, SERPENT_BLOCK_SIZE)))
abort();
/* vt, 1 */
decode_hex(msg, "8000000000000000 0000000000000000");
serpent_set_key(&ctx, 32, decode_hex_dup("0000000000000000 0000000000000000"
"0000000000000000 0000000000000000"));
serpent_encrypt(&ctx, SERPENT_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("DA5A7992B1B4AE6F 8C004BC8A7DE5520"), SERPENT_BLOCK_SIZE)))
#line 102
abort();
serpent_decrypt(&ctx, SERPENT_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, SERPENT_BLOCK_SIZE)))
abort();
#line 5 "macros.m4"
/* Avoid warnings for argc and argv unused */
(void) argc; (void) argv;
return 0;
}

107
lsh/src/nettle/testsuite/serpent-test.m4 Normal file
View File

@ -0,0 +1,107 @@
#include "serpent.h"
BEGIN_TEST
struct serpent_ctx ctx;
uint8_t msg[SERPENT_BLOCK_SIZE];
uint8_t cipher[SERPENT_BLOCK_SIZE];
uint8_t clear[SERPENT_BLOCK_SIZE];
/* The first test for each key size from the ecb_vk.txt and ecb_vt.txt
* files in the serpent package. */
/* 128 bit key */
/* vk, 1 */
H(msg, "0000000000000000 0000000000000000");
serpent_set_key(&ctx, 16, H("8000000000000000 0000000000000000"));
serpent_encrypt(&ctx, SERPENT_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(SERPENT_BLOCK_SIZE, cipher,
H("49AFBFAD9D5A3405 2CD8FFA5986BD2DD")))
FAIL;
serpent_decrypt(&ctx, SERPENT_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(SERPENT_BLOCK_SIZE, msg, clear))
FAIL;
/* vt, 1 */
H(msg, "8000000000000000 0000000000000000");
serpent_set_key(&ctx, 16, H("0000000000000000 0000000000000000"));
serpent_encrypt(&ctx, SERPENT_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(SERPENT_BLOCK_SIZE, cipher,
H("10B5FFB720B8CB90 02A1142B0BA2E94A")))
FAIL;
serpent_decrypt(&ctx, SERPENT_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(SERPENT_BLOCK_SIZE, msg, clear))
FAIL;
/* 192 bit key */
/* vk, 1 */
H(msg, "0000000000000000 0000000000000000");
serpent_set_key(&ctx, 24, H("8000000000000000 0000000000000000"
"0000000000000000"));
serpent_encrypt(&ctx, SERPENT_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(SERPENT_BLOCK_SIZE, cipher,
H("E78E5402C7195568 AC3678F7A3F60C66")))
FAIL;
serpent_decrypt(&ctx, SERPENT_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(SERPENT_BLOCK_SIZE, msg, clear))
FAIL;
/* vt, 1 */
H(msg, "8000000000000000 0000000000000000");
serpent_set_key(&ctx, 24, H("0000000000000000 0000000000000000"
"0000000000000000"));
serpent_encrypt(&ctx, SERPENT_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(SERPENT_BLOCK_SIZE, cipher,
H("B10B271BA25257E1 294F2B51F076D0D9")))
FAIL;
serpent_decrypt(&ctx, SERPENT_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(SERPENT_BLOCK_SIZE, msg, clear))
FAIL;
/* 256 bit key */
/* vk, 1 */
H(msg, "0000000000000000 0000000000000000");
serpent_set_key(&ctx, 32, H("8000000000000000 0000000000000000"
"0000000000000000 0000000000000000"));
serpent_encrypt(&ctx, SERPENT_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(SERPENT_BLOCK_SIZE, cipher,
H("ABED96E766BF28CB C0EBD21A82EF0819")))
FAIL;
serpent_decrypt(&ctx, SERPENT_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(SERPENT_BLOCK_SIZE, msg, clear))
FAIL;
/* vt, 1 */
H(msg, "8000000000000000 0000000000000000");
serpent_set_key(&ctx, 32, H("0000000000000000 0000000000000000"
"0000000000000000 0000000000000000"));
serpent_encrypt(&ctx, SERPENT_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(SERPENT_BLOCK_SIZE, cipher,
H("DA5A7992B1B4AE6F 8C004BC8A7DE5520")))
FAIL;
serpent_decrypt(&ctx, SERPENT_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(SERPENT_BLOCK_SIZE, msg, clear))
FAIL;

112
lsh/src/nettle/testsuite/sha1-test.c Normal file
View File

@ -0,0 +1,112 @@
#line 9 "macros.m4"
#line 26
#line 1 "sha1-test.m4"
#include "sha1.h"
#line 3
#include "testutils.h"
#line 3
#line 3
#include <string.h>
#line 3
#include <stdlib.h>
#line 3
#line 3
int main (int argc, char **argv)
#line 3
{
#line 3
struct sha1_ctx ctx;
uint8_t digest[SHA1_DIGEST_SIZE];
sha1_init(&ctx);
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("DA39A3EE5E6B4B0D 3255BFEF95601890 AFD80709"), SHA1_DIGEST_SIZE)))
#line 14
abort();
sha1_init(&ctx);
sha1_update(&ctx, 1, "a");
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("86F7E437FAA5A7FC E15D1DDCB9EAEAEA 377667B8"), SHA1_DIGEST_SIZE)))
#line 23
abort();
memset(digest, 0, SHA1_DIGEST_SIZE);
sha1_digest(&ctx, SHA1_DIGEST_SIZE - 1, digest);
if (!(!memcmp (digest, decode_hex_dup("86F7E437FAA5A7FC E15D1DDCB9EAEAEA 37766700"), SHA1_DIGEST_SIZE)))
#line 30
abort();
sha1_init(&ctx);
sha1_update(&ctx, 1, "a");
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("86F7E437FAA5A7FC E15D1DDCB9EAEAEA 377667B8"), SHA1_DIGEST_SIZE)))
#line 39
abort();
sha1_init(&ctx);
sha1_update(&ctx, 3, "abc");
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("A9993E364706816A BA3E25717850C26C 9CD0D89D"), SHA1_DIGEST_SIZE)))
#line 48
abort();
sha1_init(&ctx);
sha1_update(&ctx, 26, "abcdefghijklmnopqrstuvwxyz");
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("32D10C7B8CF96570 CA04CE37F2A19D84 240D3A89"), SHA1_DIGEST_SIZE)))
#line 57
abort();
sha1_init(&ctx);
sha1_update(&ctx, 14, "message digest");
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("C12252CEDA8BE899 4D5FA0290A47231C 1D16AAE3"), SHA1_DIGEST_SIZE)))
#line 66
abort();
sha1_init(&ctx);
sha1_update(&ctx, 62, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("761C457BF73B14D2 7E9E9265C46F4B4D DA11F940"), SHA1_DIGEST_SIZE)))
#line 75
abort();
sha1_init(&ctx);
sha1_update(&ctx, 80, "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890");
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!(!memcmp (digest, decode_hex_dup("50ABF5706A150990 A08B2C5EA40FA0E5 85554732"), SHA1_DIGEST_SIZE)))
#line 85
abort();
#line 5 "macros.m4"
/* Avoid warnings for argc and argv unused */
(void) argc; (void) argv;
return 0;
}

85
lsh/src/nettle/testsuite/sha1-test.m4 Normal file
View File

@ -0,0 +1,85 @@
#include "sha1.h"
BEGIN_TEST
struct sha1_ctx ctx;
uint8_t digest[SHA1_DIGEST_SIZE];
sha1_init(&ctx);
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!MEMEQ(SHA1_DIGEST_SIZE, digest,
H("DA39A3EE5E6B4B0D 3255BFEF95601890 AFD80709")))
FAIL;
sha1_init(&ctx);
sha1_update(&ctx, 1, "a");
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!MEMEQ(SHA1_DIGEST_SIZE, digest,
H("86F7E437FAA5A7FC E15D1DDCB9EAEAEA 377667B8")))
FAIL;
memset(digest, 0, SHA1_DIGEST_SIZE);
sha1_digest(&ctx, SHA1_DIGEST_SIZE - 1, digest);
if (!MEMEQ(SHA1_DIGEST_SIZE, digest,
H("86F7E437FAA5A7FC E15D1DDCB9EAEAEA 37766700")))
FAIL;
sha1_init(&ctx);
sha1_update(&ctx, 1, "a");
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!MEMEQ(SHA1_DIGEST_SIZE, digest,
H("86F7E437FAA5A7FC E15D1DDCB9EAEAEA 377667B8")))
FAIL;
sha1_init(&ctx);
sha1_update(&ctx, 3, "abc");
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!MEMEQ(SHA1_DIGEST_SIZE, digest,
H("A9993E364706816A BA3E25717850C26C 9CD0D89D")))
FAIL;
sha1_init(&ctx);
sha1_update(&ctx, 26, "abcdefghijklmnopqrstuvwxyz");
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!MEMEQ(SHA1_DIGEST_SIZE, digest,
H("32D10C7B8CF96570 CA04CE37F2A19D84 240D3A89")))
FAIL;
sha1_init(&ctx);
sha1_update(&ctx, 14, "message digest");
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!MEMEQ(SHA1_DIGEST_SIZE, digest,
H("C12252CEDA8BE899 4D5FA0290A47231C 1D16AAE3")))
FAIL;
sha1_init(&ctx);
sha1_update(&ctx, 62, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!MEMEQ(SHA1_DIGEST_SIZE, digest,
H("761C457BF73B14D2 7E9E9265C46F4B4D DA11F940")))
FAIL;
sha1_init(&ctx);
sha1_update(&ctx, 80, "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890");
sha1_final(&ctx);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
if (!MEMEQ(SHA1_DIGEST_SIZE, digest,
H("50ABF5706A150990 A08B2C5EA40FA0E5 85554732")))
FAIL;

80
lsh/src/nettle/testsuite/testutils.c Normal file
View File

@ -0,0 +1,80 @@
/* testutils.c */
#include "testutils.h"
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
int
decode_hex(uint8_t *dst, const char *hex)
{
/* -1 means invalid */
const signed char hex_digits[0x100] =
{
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1,
-1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
};
unsigned i = 0;
for (;;)
{
int high, low;
while (*hex && isspace((unsigned)*hex))
hex++;
if (!*hex)
return 1;
high = hex_digits[(unsigned)*hex++];
if (high < 0)
return 0;
while (*hex && isspace((unsigned)*hex))
hex++;
if (!*hex)
return 0;
low = hex_digits[(unsigned)*hex++];
if (low < 0)
return 0;
dst[i++] = (high << 4) | low;
}
}
const uint8_t *
decode_hex_dup(const char *hex)
{
uint8_t *p;
unsigned length = strlen(hex);
/* Allocates a little more than necessary. */
p = malloc(length/2);
if (!p)
abort();
if (decode_hex(p, hex))
return p;
else
{
free(p);
return NULL;
}
}

15
lsh/src/nettle/testsuite/testutils.h Normal file
View File

@ -0,0 +1,15 @@
#ifndef NETTLE_TESTUTILS_H_INCLUDED
#define NETTLE_TESTUTILS_H_INCLUDED
#include <inttypes.h>
/* Decodes a NUL-terminated hex string. */
int
decode_hex(uint8_t *dst, const char *hex);
/* Allocates space */
const uint8_t *
decode_hex_dup(const char *hex);
#endif /* NETTLE_TESTUTILS_H_INCLUDED */

77
lsh/src/nettle/testsuite/twofish-test.c Normal file
View File

@ -0,0 +1,77 @@
#line 9 "macros.m4"
#line 26
#line 1 "twofish-test.m4"
#include "twofish.h"
#line 3
#include "testutils.h"
#line 3
#line 3
#include <string.h>
#line 3
#include <stdlib.h>
#line 3
#line 3
int main (int argc, char **argv)
#line 3
{
#line 3
struct twofish_ctx ctx;
uint8_t msg[TWOFISH_BLOCK_SIZE];
uint8_t cipher[TWOFISH_BLOCK_SIZE];
uint8_t clear[TWOFISH_BLOCK_SIZE];
/* 128 bit key */
decode_hex(msg, "0000000000000000 0000000000000000");
twofish_set_key(&ctx, 16, decode_hex_dup("0000000000000000 0000000000000000"));
twofish_encrypt(&ctx, TWOFISH_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("9F589F5CF6122C32 B6BFEC2F2AE8C35A"), TWOFISH_BLOCK_SIZE)))
#line 19
abort();
twofish_decrypt(&ctx, TWOFISH_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, TWOFISH_BLOCK_SIZE)))
abort();
/* 192 bit key */
twofish_set_key(&ctx, 24, decode_hex_dup("0123456789ABCDEF FEDCBA9876543210"
"0011223344556677"));
twofish_encrypt(&ctx, TWOFISH_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("CFD1D2E5A9BE9CDF 501F13B892BD2248"), TWOFISH_BLOCK_SIZE)))
#line 33
abort();
twofish_decrypt(&ctx, TWOFISH_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, TWOFISH_BLOCK_SIZE)))
abort();
/* 256 bit key */
twofish_set_key(&ctx, 32, decode_hex_dup("0123456789ABCDEF FEDCBA9876543210"
"0011223344556677 8899AABBCCDDEEFF"));
twofish_encrypt(&ctx, TWOFISH_BLOCK_SIZE, cipher, msg);
if (!(!memcmp (cipher, decode_hex_dup("37527BE0052334B8 9F0CFCCAE87CFA20"), TWOFISH_BLOCK_SIZE)))
#line 46
abort();
twofish_decrypt(&ctx, TWOFISH_BLOCK_SIZE, clear, cipher);
if (!(!memcmp (msg, clear, TWOFISH_BLOCK_SIZE)))
abort();
#line 5 "macros.m4"
/* Avoid warnings for argc and argv unused */
(void) argc; (void) argv;
return 0;
}

50
lsh/src/nettle/testsuite/twofish-test.m4 Normal file
View File

@ -0,0 +1,50 @@
#include "twofish.h"
BEGIN_TEST
struct twofish_ctx ctx;
uint8_t msg[TWOFISH_BLOCK_SIZE];
uint8_t cipher[TWOFISH_BLOCK_SIZE];
uint8_t clear[TWOFISH_BLOCK_SIZE];
/* 128 bit key */
H(msg, "0000000000000000 0000000000000000");
twofish_set_key(&ctx, 16, H("0000000000000000 0000000000000000"));
twofish_encrypt(&ctx, TWOFISH_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(TWOFISH_BLOCK_SIZE, cipher,
H("9F589F5CF6122C32 B6BFEC2F2AE8C35A")))
FAIL;
twofish_decrypt(&ctx, TWOFISH_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(TWOFISH_BLOCK_SIZE, msg, clear))
FAIL;
/* 192 bit key */
twofish_set_key(&ctx, 24, H("0123456789ABCDEF FEDCBA9876543210"
"0011223344556677"));
twofish_encrypt(&ctx, TWOFISH_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(TWOFISH_BLOCK_SIZE, cipher,
H("CFD1D2E5A9BE9CDF 501F13B892BD2248")))
FAIL;
twofish_decrypt(&ctx, TWOFISH_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(TWOFISH_BLOCK_SIZE, msg, clear))
FAIL;
/* 256 bit key */
twofish_set_key(&ctx, 32, H("0123456789ABCDEF FEDCBA9876543210"
"0011223344556677 8899AABBCCDDEEFF"));
twofish_encrypt(&ctx, TWOFISH_BLOCK_SIZE, cipher, msg);
if (!MEMEQ(TWOFISH_BLOCK_SIZE, cipher,
H("37527BE0052334B8 9F0CFCCAE87CFA20")))
FAIL;
twofish_decrypt(&ctx, TWOFISH_BLOCK_SIZE, clear, cipher);
if (!MEMEQ(TWOFISH_BLOCK_SIZE, msg, clear))
FAIL;

5484
lsh/src/nettle/texinfo.tex Normal file
View File

File diff suppressed because it is too large Load Diff

459
lsh/src/nettle/twofish.c Normal file
View File

@ -0,0 +1,459 @@
/* twofish.c
*
* The twofish block cipher.
*/
/* twofish - An implementation of the twofish cipher.
* Copyright (C) 1999 Ruud de Rooij <ruud@debian.org>
*
* Modifications for lsh, integrated testing
* Copyright (C) 1999 J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>
*
* Integrated with the nettle library,
* Copyright (C) 2001 Niels Möller
*/
/* nettle, low-level cryptographics library
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle Library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#include "twofish.h"
#include "macros.h"
#include <assert.h>
#include <string.h>
/* Bitwise rotations on 32-bit words. These are defined as macros that
* evaluate their argument twice, so do not apply to any expressions with
* side effects.
*/
#define rol1(x) (((x) << 1) | (((x) & 0x80000000) >> 31))
#define rol8(x) (((x) << 8) | (((x) & 0xFF000000) >> 24))
#define rol9(x) (((x) << 9) | (((x) & 0xFF800000) >> 23))
#define ror1(x) (((x) >> 1) | (((x) & 0x00000001) << 31))
/* ------------------------------------------------------------------------- */
/* The permutations q0 and q1. These are fixed permutations on 8-bit values.
* The permutations have been computed using the program generate_q
* which is distributed along with this file.
*/
static const uint8_t q0[] = { 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76,
0x9A, 0x92, 0x80, 0x78, 0xE4, 0xDD, 0xD1, 0x38,
0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48,
0xF2, 0xD0, 0x8B, 0x30, 0x84, 0x54, 0xDF, 0x23,
0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C,
0xA6, 0xEB, 0xA5, 0xBE, 0x16, 0x0C, 0xE3, 0x61,
0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1,
0xE1, 0xE6, 0xBD, 0x45, 0xE2, 0xF4, 0xB6, 0x66,
0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA,
0xEA, 0x77, 0x39, 0xAF, 0x33, 0xC9, 0x62, 0x71,
0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7,
0xA1, 0x1D, 0xAA, 0xED, 0x06, 0x70, 0xB2, 0xD2,
0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB,
0x9E, 0x9C, 0x52, 0x1B, 0x5F, 0x93, 0x0A, 0xEF,
0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64,
0x2A, 0xCE, 0xCB, 0x2F, 0xFC, 0x97, 0x05, 0x7A,
0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02,
0xB8, 0xDA, 0xB0, 0x17, 0x55, 0x1F, 0x8A, 0x7D,
0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34,
0x6E, 0x50, 0xDE, 0x68, 0x65, 0xBC, 0xDB, 0xF8,
0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00,
0x6F, 0x9D, 0x36, 0x42, 0x4A, 0x5E, 0xC1, 0xE0, };
static const uint8_t q1[] = { 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8,
0x4A, 0xD3, 0xE6, 0x6B, 0x45, 0x7D, 0xE8, 0x4B,
0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F,
0x5E, 0xBA, 0xAE, 0x5B, 0x8A, 0x00, 0xBC, 0x9D,
0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3,
0xB2, 0x73, 0x4C, 0x54, 0x92, 0x74, 0x36, 0x51,
0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C,
0x13, 0x95, 0x9C, 0xC7, 0x24, 0x46, 0x3B, 0x70,
0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC,
0x03, 0x6F, 0x08, 0xBF, 0x40, 0xE7, 0x2B, 0xE2,
0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17,
0x66, 0x94, 0xA1, 0x1D, 0x3D, 0xF0, 0xDE, 0xB3,
0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49,
0x81, 0x88, 0xEE, 0x21, 0xC4, 0x1A, 0xEB, 0xD9,
0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48,
0x4F, 0xF2, 0x65, 0x8E, 0x78, 0x5C, 0x58, 0x19,
0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5,
0xCE, 0xE9, 0x68, 0x44, 0xE0, 0x4D, 0x43, 0x69,
0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC,
0x22, 0xC9, 0xC0, 0x9B, 0x89, 0xD4, 0xED, 0xAB,
0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2,
0x16, 0x25, 0x86, 0x56, 0x55, 0x09, 0xBE, 0x91, };
/* ------------------------------------------------------------------------- */
/* uint8_t gf_multiply(uint8_t p, uint8_t a, uint8_t b)
*
* Multiplication in GF(2^8).
*
* This function multiplies a times b in the Galois Field GF(2^8) with
* primitive polynomial p.
* The representation of the polynomials a, b, and p uses bits with
* values 2^i to represent the terms x^i. The polynomial p contains an
* implicit term x^8.
*
* Note that addition and subtraction in GF(2^8) is simply the XOR
* operation.
*/
static uint8_t
gf_multiply(uint8_t p, uint8_t a, uint8_t b)
{
uint32_t shift = b;
uint8_t result = 0;
while (a)
{
if (a & 1) result ^= shift;
a = a >> 1;
shift = shift << 1;
if (shift & 0x100) shift ^= p;
}
return result;
}
/* ------------------------------------------------------------------------- */
/* The matrix RS as specified in section 4.3 the twofish paper. */
static const uint8_t rs_matrix[4][8] = {
{ 0x01, 0xA4, 0x55, 0x87, 0x5A, 0x58, 0xDB, 0x9E },
{ 0xA4, 0x56, 0x82, 0xF3, 0x1E, 0xC6, 0x68, 0xE5 },
{ 0x02, 0xA1, 0xFC, 0xC1, 0x47, 0xAE, 0x3D, 0x19 },
{ 0xA4, 0x55, 0x87, 0x5A, 0x58, 0xDB, 0x9E, 0x03 } };
/* uint32_t compute_s(uint32_t m1, uint32_t m2);
*
* Computes the value RS * M, where M is a byte vector composed of the
* bytes of m1 and m2. Arithmetic is done in GF(2^8) with primitive
* polynomial x^8 + x^6 + x^3 + x^2 + 1.
*
* This function is used to compute the sub-keys S which are in turn used
* to generate the S-boxes.
*/
static uint32_t
compute_s(uint32_t m1, uint32_t m2)
{
uint32_t s = 0;
int i;
for (i = 0; i < 4; i++)
s |= (( gf_multiply(0x4D, m1, rs_matrix[i][0])
^ gf_multiply(0x4D, m1 >> 8, rs_matrix[i][1])
^ gf_multiply(0x4D, m1 >> 16, rs_matrix[i][2])
^ gf_multiply(0x4D, m1 >> 24, rs_matrix[i][3])
^ gf_multiply(0x4D, m2, rs_matrix[i][4])
^ gf_multiply(0x4D, m2 >> 8, rs_matrix[i][5])
^ gf_multiply(0x4D, m2 >> 16, rs_matrix[i][6])
^ gf_multiply(0x4D, m2 >> 24, rs_matrix[i][7])) << (i*8));
return s;
}
/* ------------------------------------------------------------------------- */
/* This table describes which q S-boxes are used for each byte in each stage
* of the function h, cf. figure 2 of the twofish paper.
*/
static const uint8_t * q_table[4][5] = { { q1, q1, q0, q0, q1 },
{ q0, q1, q1, q0, q0 },
{ q0, q0, q0, q1, q1 },
{ q1, q0, q1, q1, q0 } };
/* The matrix MDS as specified in section 4.3.2 of the twofish paper. */
static const uint8_t mds_matrix[4][4] = { { 0x01, 0xEF, 0x5B, 0x5B },
{ 0x5B, 0xEF, 0xEF, 0x01 },
{ 0xEF, 0x5B, 0x01, 0xEF },
{ 0xEF, 0x01, 0xEF, 0x5B } };
/* uint32_t h_uint8_t(int k, int i, uint8_t x, uint8_t l0, uint8_t l1, uint8_t l2, uint8_t l3);
*
* Perform the h function (section 4.3.2) on one byte. It consists of
* repeated applications of the q permutation, followed by a XOR with
* part of a sub-key. Finally, the value is multiplied by one column of
* the MDS matrix. To obtain the result for a full word, the results of
* h for the individual bytes are XORed.
*
* k is the key size (/ 64 bits), i is the byte number (0 = LSB), x is the
* actual byte to apply the function to; l0, l1, l2, and l3 are the
* appropriate bytes from the subkey. Note that only l0..l(k-1) are used.
*/
static uint32_t
h_byte(int k, int i, uint8_t x, uint8_t l0, uint8_t l1, uint8_t l2, uint8_t l3)
{
uint8_t y = q_table[i][4][l0 ^
q_table[i][3][l1 ^
q_table[i][2][k == 2 ? x : l2 ^
q_table[i][1][k == 3 ? x : l3 ^ q_table[i][0][x]]]]];
return ( ((uint32_t)gf_multiply(0x69, mds_matrix[0][i], y))
| ((uint32_t)gf_multiply(0x69, mds_matrix[1][i], y) << 8)
| ((uint32_t)gf_multiply(0x69, mds_matrix[2][i], y) << 16)
| ((uint32_t)gf_multiply(0x69, mds_matrix[3][i], y) << 24) );
}
/* uint32_t h(int k, uint8_t x, uint32_t l0, uint32_t l1, uint32_t l2, uint32_t l3);
*
* Perform the function h on a word. See the description of h_byte() above.
*/
static uint32_t
h(int k, uint8_t x, uint32_t l0, uint32_t l1, uint32_t l2, uint32_t l3)
{
return ( h_byte(k, 0, x, l0, l1, l2, l3)
^ h_byte(k, 1, x, l0 >> 8, l1 >> 8, l2 >> 8, l3 >> 8)
^ h_byte(k, 2, x, l0 >> 16, l1 >> 16, l2 >> 16, l3 >> 16)
^ h_byte(k, 3, x, l0 >> 24, l1 >> 24, l2 >> 24, l3 >> 24) );
}
/* ------------------------------------------------------------------------- */
/* API */
/* Structure which contains the tables containing the subkeys and the
* key-dependent s-boxes.
*/
/* Set up internal tables required for twofish encryption and decryption.
*
* The key size is specified in bytes. Key sizes up to 32 bytes are
* supported. Larger key sizes are silently truncated.
*/
void
twofish_set_key(struct twofish_ctx *context,
unsigned keysize, const uint8_t *key)
{
uint8_t key_copy[32];
uint32_t m[8], s[4], t;
int i, j, k;
/* Extend key as necessary */
assert(keysize <= 32);
/* We do a little more copying than necessary, but that doesn't
* really matter. */
memset(key_copy, 0, 32);
memcpy(key_copy, key, keysize);
for (i = 0; i<8; i++)
m[i] = LE_READ_UINT32(key_copy + i*4);
if (keysize <= 16)
k = 2;
else if (keysize <= 24)
k = 3;
else
k = 4;
/* Compute sub-keys */
for (i = 0; i < 20; i++)
{
t = h(k, 2*i+1, m[1], m[3], m[5], m[7]);
t = rol8(t);
t += (context->keys[2*i] =
t + h(k, 2*i, m[0], m[2], m[4], m[6]));
t = rol9(t);
context->keys[2*i+1] = t;
}
/* Compute key-dependent S-boxes */
for (i = 0; i < k; i++)
s[k-1-i] = compute_s(m[2*i], m[2*i+1]);
for (i = 0; i < 4; i++)
for (j = 0; j < 256; j++)
context->s_box[i][j] = h_byte(k, i, j,
s[0] >> (i*8),
s[1] >> (i*8),
s[2] >> (i*8),
s[3] >> (i*8));
}
/* Encrypt blocks of 16 bytes of data with the twofish algorithm.
*
* Before this function can be used, twofish_set_key() must be used in order to
* set up various tables required for the encryption algorithm.
*
* This function always encrypts 16 bytes of plaintext to 16 bytes of
* ciphertext. The memory areas of the plaintext and the ciphertext can
* overlap.
*/
void
twofish_encrypt(struct twofish_ctx *context,
unsigned length,
uint8_t *ciphertext,
const uint8_t *plaintext)
{
uint32_t * keys = context->keys;
uint32_t (*s_box)[256] = context->s_box;
assert( !(length % TWOFISH_BLOCK_SIZE) );
for ( ; length; length -= TWOFISH_BLOCK_SIZE)
{
uint32_t words[4];
uint32_t r0, r1, r2, r3, t0, t1;
int i;
for (i = 0; i<4; i++, plaintext += 4)
words[i] = LE_READ_UINT32(plaintext);
r0 = words[0] ^ keys[0];
r1 = words[1] ^ keys[1];
r2 = words[2] ^ keys[2];
r3 = words[3] ^ keys[3];
for (i = 0; i < 8; i++) {
t1 = ( s_box[1][r1 & 0xFF]
^ s_box[2][(r1 >> 8) & 0xFF]
^ s_box[3][(r1 >> 16) & 0xFF]
^ s_box[0][(r1 >> 24) & 0xFF]);
t0 = ( s_box[0][r0 & 0xFF]
^ s_box[1][(r0 >> 8) & 0xFF]
^ s_box[2][(r0 >> 16) & 0xFF]
^ s_box[3][(r0 >> 24) & 0xFF]) + t1;
r3 = (t1 + t0 + keys[4*i+9]) ^ rol1(r3);
r2 = (t0 + keys[4*i+8]) ^ r2;
r2 = ror1(r2);
t1 = ( s_box[1][r3 & 0xFF]
^ s_box[2][(r3 >> 8) & 0xFF]
^ s_box[3][(r3 >> 16) & 0xFF]
^ s_box[0][(r3 >> 24) & 0xFF]);
t0 = ( s_box[0][r2 & 0xFF]
^ s_box[1][(r2 >> 8) & 0xFF]
^ s_box[2][(r2 >> 16) & 0xFF]
^ s_box[3][(r2 >> 24) & 0xFF]) + t1;
r1 = (t1 + t0 + keys[4*i+11]) ^ rol1(r1);
r0 = (t0 + keys[4*i+10]) ^ r0;
r0 = ror1(r0);
}
words[0] = r2 ^ keys[4];
words[1] = r3 ^ keys[5];
words[2] = r0 ^ keys[6];
words[3] = r1 ^ keys[7];
for (i = 0; i<4; i++, ciphertext += 4)
LE_WRITE_UINT32(ciphertext, words[i]);
}
}
/* Decrypt blocks of 16 bytes of data with the twofish algorithm.
*
* Before this function can be used, twofish_set_key() must be used in order to
* set up various tables required for the decryption algorithm.
*
* This function always decrypts 16 bytes of ciphertext to 16 bytes of
* plaintext. The memory areas of the plaintext and the ciphertext can
* overlap.
*/
void
twofish_decrypt(struct twofish_ctx *context,
unsigned length,
uint8_t *plaintext,
const uint8_t *ciphertext)
{
uint32_t *keys = context->keys;
uint32_t (*s_box)[256] = context->s_box;
assert( !(length % TWOFISH_BLOCK_SIZE) );
for ( ; length; length -= TWOFISH_BLOCK_SIZE)
{
uint32_t words[4];
uint32_t r0, r1, r2, r3, t0, t1;
int i;
for (i = 0; i<4; i++, ciphertext += 4)
words[i] = LE_READ_UINT32(ciphertext);
r0 = words[2] ^ keys[6];
r1 = words[3] ^ keys[7];
r2 = words[0] ^ keys[4];
r3 = words[1] ^ keys[5];
for (i = 0; i < 8; i++) {
t1 = ( s_box[1][r3 & 0xFF]
^ s_box[2][(r3 >> 8) & 0xFF]
^ s_box[3][(r3 >> 16) & 0xFF]
^ s_box[0][(r3 >> 24) & 0xFF]);
t0 = ( s_box[0][r2 & 0xFF]
^ s_box[1][(r2 >> 8) & 0xFF]
^ s_box[2][(r2 >> 16) & 0xFF]
^ s_box[3][(r2 >> 24) & 0xFF]) + t1;
r1 = (t1 + t0 + keys[39-4*i]) ^ r1;
r1 = ror1(r1);
r0 = (t0 + keys[38-4*i]) ^ rol1(r0);
t1 = ( s_box[1][r1 & 0xFF]
^ s_box[2][(r1 >> 8) & 0xFF]
^ s_box[3][(r1 >> 16) & 0xFF]
^ s_box[0][(r1 >> 24) & 0xFF]);
t0 = ( s_box[0][r0 & 0xFF]
^ s_box[1][(r0 >> 8) & 0xFF]
^ s_box[2][(r0 >> 16) & 0xFF]
^ s_box[3][(r0 >> 24) & 0xFF]) + t1;
r3 = (t1 + t0 + keys[37-4*i]) ^ r3;
r3 = ror1(r3);
r2 = (t0 + keys[36-4*i]) ^ rol1(r2);
}
words[0] = r0 ^ keys[0];
words[1] = r1 ^ keys[1];
words[2] = r2 ^ keys[2];
words[3] = r3 ^ keys[3];
for (i = 0; i<4; i++, plaintext += 4)
LE_WRITE_UINT32(plaintext, words[i]);
}
}

65
lsh/src/nettle/twofish.h Normal file
View File

@ -0,0 +1,65 @@
/* twofish.h
*
* The twofish block cipher.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
/*
* Twofish is a 128-bit block cipher that accepts a variable-length
* key up to 256 bits, designed by Bruce Schneier and others. See
* http://www.counterpane.com/twofish.html for details.
*/
#ifndef NETTLE_TWOFISH_H_INCLUDED
#define NETTLE_TWOFISH_H_INCLUDED
#include <inttypes.h>
#define TWOFISH_BLOCK_SIZE 16
/* Variable key size between 128 and 256 bits. But the only valid
* values are 16 (128 bits), 24 (192 bits) and 32 (256 bits). */
#define TWOFISH_MIN_KEY_SIZE 16
#define TWOFISH_MAX_KEY_SIZE 32
#define TWOFISH_KEY_SIZE 32
struct twofish_ctx
{
uint32_t keys[40];
uint32_t s_box[4][256];
};
void
twofish_set_key(struct twofish_ctx *ctx,
unsigned length, const uint8_t *key);
void
twofish_encrypt(struct twofish_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
void
twofish_decrypt(struct twofish_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
#endif /* NETTLE_TWOFISH_H_INCLUDED */