vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Import libgcrypt 1.5.3.

Browse source
This commit is contained in:
Vladimir Serbinenko 2013-11-07 06:35:50 +01:00
parent c12936c5d1
commit d1307d873a
72 changed files with 11732 additions and 2916 deletions
Download patch file Download diff file Expand all files Collapse all files

4247
grub-core/lib/libgcrypt/cipher/ChangeLog-2011 Normal file
View file

File diff suppressed because it is too large Load diff

7
grub-core/lib/libgcrypt/cipher/Makefile.am
View file

@ -23,7 +23,7 @@ EXTRA_DIST = Manifest
# Need to include ../src in addition to top_srcdir because gcrypt.h is
# a built header.
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
AM_CFLAGS = $(GPG_ERROR_CFLAGS)
@ -35,7 +35,7 @@ libcipher_la_DEPENDENCIES = $(GCRYPT_MODULES)
libcipher_la_LIBADD = $(GCRYPT_MODULES)
libcipher_la_SOURCES = \
cipher.c pubkey.c ac.c md.c \
cipher.c pubkey.c ac.c md.c kdf.c \
hmac-tests.c \
bithelp.h \
primegen.c \
@ -51,6 +51,7 @@ des.c \
dsa.c \
elgamal.c \
ecc.c \
idea.c \
md4.c \
md5.c \
rijndael.c rijndael-tables.h \
@ -68,7 +69,7 @@ rfc2268.c \
camellia.c camellia.h camellia-glue.c
if ENABLE_O_FLAG_MUNGING
o_flag_munging = sed -e 's/-O[2-9s]*/-O1/g'
o_flag_munging = sed -e 's/-O\([2-9s][2-9s]*\)/-O1/' -e 's/-Ofast/-O1/g'
else
o_flag_munging = cat
endif

62
grub-core/lib/libgcrypt/cipher/ac.c
View file

@ -1,19 +1,19 @@
/* ac.c - Alternative interface for asymmetric cryptography.
Copyright (C) 2003, 2004, 2005, 2006
2007, 2008 Free Software Foundation, Inc.
This file is part of Libgcrypt.
Libgcrypt is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser general Public License as
published by the Free Software Foundation; either version 2.1 of
the License, or (at your option) any later version.
Libgcrypt is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
@ -115,7 +115,7 @@ struct gcry_ac_key_pair
/*
/*
* Functions for working with data sets.
*/
@ -151,7 +151,7 @@ static void
ac_data_values_destroy (gcry_ac_data_t data)
{
unsigned int i;
for (i = 0; i < data->data_n; i++)
if (data->data[i].flags & GCRY_AC_FLAG_DEALLOC)
{
@ -256,7 +256,7 @@ _gcry_ac_data_copy (gcry_ac_data_t *data_cp, gcry_ac_data_t data)
err = ac_data_mpi_copy (data->data, data->data_n, &data_mpis);
if (err)
goto out;
data_new->data_n = data->data_n;
data_new->data = data_mpis;
*data_cp = data_new;
@ -524,13 +524,13 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp,
i++;
}
identifiers_n = i;
if (! identifiers_n)
/* If there are NO identifiers, we still add surrounding braces so
that we have a list of named MPI value lists. Otherwise it
wouldn't be too much fun to process these lists. */
sexp_buffer_n += 2;
data_n = _gcry_ac_data_length (data);
for (i = 0; i < data_n; i++)
{
@ -666,7 +666,7 @@ _gcry_ac_data_from_sexp (gcry_ac_data_t *data_set, gcry_sexp_t sexp,
/* Identifier matches. Now we have to distinguish two
cases:
(i) we are at the last identifier:
leave loop
@ -725,7 +725,7 @@ _gcry_ac_data_from_sexp (gcry_ac_data_t *data_set, gcry_sexp_t sexp,
skip_name = 0;
/* Create data set from S-expression data. */
err = gcry_ac_data_new (&data_set_new);
if (err)
goto out;
@ -793,7 +793,7 @@ _gcry_ac_data_from_sexp (gcry_ac_data_t *data_set, gcry_sexp_t sexp,
gcry_sexp_release (sexp_tmp);
gcry_mpi_release (mpi);
gcry_free (string);
if (err)
gcry_ac_data_destroy (data_set_new);
@ -1005,7 +1005,7 @@ _gcry_ac_io_read (gcry_ac_io_t *ac_io,
unsigned int nread, unsigned char *buffer, size_t *buffer_n)
{
gcry_error_t err;
gcry_assert (ac_io->mode == GCRY_AC_IO_READABLE);
err = 0;
@ -1072,7 +1072,7 @@ _gcry_ac_io_read_all (gcry_ac_io_t *ac_io, unsigned char **buffer, size_t *buffe
err = gcry_error_from_errno (errno);
break;
}
if (buffer_new != p)
buffer_new = p;
@ -1132,7 +1132,7 @@ _gcry_ac_io_process (gcry_ac_io_t *ac_io,
/*
/*
* Functions for converting data between the native ac and the
* S-expression structure used by the pk interface.
*/
@ -1403,7 +1403,7 @@ _gcry_ac_open (gcry_ac_handle_t *handle,
err = _gcry_pk_module_lookup (algorithm, &module);
if (err)
goto out;
/* Allocate. */
handle_new = gcry_malloc (sizeof (*handle_new));
if (! handle_new)
@ -1420,7 +1420,7 @@ _gcry_ac_open (gcry_ac_handle_t *handle,
*handle = handle_new;
out:
/* Deallocate resources. */
if (err)
_gcry_pk_module_release (module);
@ -1443,7 +1443,7 @@ _gcry_ac_close (gcry_ac_handle_t handle)
/*
/*
* Key management.
*/
@ -1662,7 +1662,7 @@ _gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits,
out:
/* Deallocate resources. */
gcry_free (genkey_format);
gcry_free (arg_list);
gcry_sexp_release (genkey_sexp_request);
@ -1682,7 +1682,7 @@ _gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits,
/* Returns the key of type WHICH out of the key pair KEY_PAIR. */
gcry_ac_key_t
_gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair,
_gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair,
gcry_ac_key_type_t which)
{
gcry_ac_key_t key;
@ -1851,7 +1851,7 @@ _gcry_ac_key_get_grip (gcry_ac_handle_t handle,
/*
/*
* Functions performing cryptographic operations.
*/
@ -2176,7 +2176,7 @@ em_randomize_nonzero (unsigned char *buffer, size_t buffer_n,
for (i = 0; i < buffer_n; i++)
buffer[i] = 0;
do
{
/* Count zeros. */
@ -2384,7 +2384,7 @@ emsa_pkcs_v1_5_encode (unsigned int flags, void *opts,
unsigned int i;
(void)flags;
options = opts;
buffer = NULL;
md = NULL;
@ -2656,7 +2656,7 @@ _gcry_ac_mpi_to_os_alloc (gcry_mpi_t mpi, unsigned char **os, size_t *os_n)
err = gcry_error_from_errno (errno);
goto out;
}
_gcry_ac_mpi_to_os (mpi, buffer, buffer_n);
*os = buffer;
*os_n = buffer_n;
@ -2676,7 +2676,7 @@ _gcry_ac_os_to_mpi (gcry_mpi_t mpi, unsigned char *os, size_t os_n)
gcry_mpi_t xi;
gcry_mpi_t x;
gcry_mpi_t a;
if (fips_mode ())
return;
@ -2692,7 +2692,7 @@ _gcry_ac_os_to_mpi (gcry_mpi_t mpi, unsigned char *os, size_t os_n)
gcry_mpi_add (x, x, xi);
gcry_mpi_mul_ui (a, a, 256);
}
gcry_mpi_release (xi);
gcry_mpi_release (a);
@ -2702,7 +2702,7 @@ _gcry_ac_os_to_mpi (gcry_mpi_t mpi, unsigned char *os, size_t os_n)
/*
/*
* Implementation of Encryption Schemes (ES) and Signature Schemes
* with Appendix (SSA).
*/
@ -2824,7 +2824,7 @@ ac_dencode_prepare (gcry_ac_handle_t handle, gcry_ac_key_t key, void *opts,
err = gcry_error_from_errno (errno);
goto out;
}
err = (*scheme.dencode_prepare) (handle, key, opts, options_em);
if (err)
goto out;
@ -3065,7 +3065,7 @@ _gcry_ac_data_decrypt_scheme (gcry_ac_handle_t handle,
goto out;
out:
_gcry_ac_data_destroy (data_encrypted);
gcry_mpi_release (mpi_encrypted);
gcry_mpi_release (mpi_decrypted);
@ -3270,7 +3270,7 @@ _gcry_ac_data_verify_scheme (gcry_ac_handle_t handle,
gcry_mpi_release (mpi_signature);
mpi_signature = NULL;
err = _gcry_ac_data_verify (handle, key, mpi_data, data_signed);
out:
@ -3287,7 +3287,7 @@ _gcry_ac_data_verify_scheme (gcry_ac_handle_t handle,
}
/*
/*
* General functions.
*/

15
grub-core/lib/libgcrypt/cipher/arcfour.c
View file

@ -45,7 +45,7 @@ do_encrypt_stream( ARCFOUR_context *ctx,
register int i = ctx->idx_i;
register int j = ctx->idx_j;
register byte *sbox = ctx->sbox;
register int t;
register int t;
while ( length-- )
{
@ -56,7 +56,7 @@ do_encrypt_stream( ARCFOUR_context *ctx,
t = sbox[i]; sbox[i] = sbox[j]; sbox[j] = t;
*outbuf++ = *inbuf++ ^ sbox[(sbox[i] + sbox[j]) & 255];
}
ctx->idx_i = i;
ctx->idx_j = j;
}
@ -80,7 +80,7 @@ do_arcfour_setkey (void *context, const byte *key, unsigned int keylen)
byte karr[256];
ARCFOUR_context *ctx = (ARCFOUR_context *) context;
if (!initialized )
if (!initialized )
{
initialized = 1;
selftest_failed = selftest();
@ -98,14 +98,14 @@ do_arcfour_setkey (void *context, const byte *key, unsigned int keylen)
ctx->sbox[i] = i;
for (i=0; i < 256; i++ )
karr[i] = key[i%keylen];
for (i=j=0; i < 256; i++ )
for (i=j=0; i < 256; i++ )
{
int t;
j = (j + ctx->sbox[i] + karr[i]) % 256;
t = ctx->sbox[i];
ctx->sbox[i] = ctx->sbox[j];
ctx->sbox[j] = t;
}
}
memset( karr, 0, 256 );
return GPG_ERR_NO_ERROR;
@ -125,8 +125,8 @@ static const char*
selftest(void)
{
ARCFOUR_context ctx;
byte scratch[16];
byte scratch[16];
/* Test vector from Cryptlib labeled there: "from the
State/Commerce Department". */
static byte key_1[] =
@ -153,4 +153,3 @@ gcry_cipher_spec_t _gcry_cipher_spec_arcfour =
"ARCFOUR", NULL, NULL, 1, 128, sizeof (ARCFOUR_context),
arcfour_setkey, NULL, NULL, encrypt_stream, encrypt_stream,
};

8
grub-core/lib/libgcrypt/cipher/blowfish.c
View file

@ -501,7 +501,7 @@ do_bf_setkey (BLOWFISH_context *c, const byte *key, unsigned keylen)
static int initialized;
static const char *selftest_failed;
if( !initialized )
if( !initialized )
{
initialized = 1;
selftest_failed = selftest();
@ -513,7 +513,7 @@ do_bf_setkey (BLOWFISH_context *c, const byte *key, unsigned keylen)
for(i=0; i < BLOWFISH_ROUNDS+2; i++ )
c->p[i] = ps[i];
for(i=0; i < 256; i++ )
for(i=0; i < 256; i++ )
{
c->s0[i] = ks0[i];
c->s1[i] = ks1[i];
@ -521,7 +521,7 @@ do_bf_setkey (BLOWFISH_context *c, const byte *key, unsigned keylen)
c->s3[i] = ks3[i];
}
for(i=j=0; i < BLOWFISH_ROUNDS+2; i++ )
for(i=j=0; i < BLOWFISH_ROUNDS+2; i++ )
{
#ifdef WORDS_BIGENDIAN
((byte*)&data)[0] = key[j];
@ -545,7 +545,7 @@ do_bf_setkey (BLOWFISH_context *c, const byte *key, unsigned keylen)
c->p[i] = datal;
c->p[i+1] = datar;
}
for(i=0; i < 256; i += 2 )
for(i=0; i < 256; i += 2 )
{
do_encrypt( c, &datal, &datar );
c->s0[i] = datal;

8
grub-core/lib/libgcrypt/cipher/camellia-glue.c
View file

@ -32,7 +32,7 @@
* space of the library clean. The following macro is thus useful:
*
* #define CAMELLIA_EXT_SYM_PREFIX foo_
*
*
* This prefixes all external symbols with "foo_".
*/
#ifdef HAVE_CONFIG_H
@ -50,7 +50,7 @@
#define camellia_encrypt128 CAMELLIA_PREFIX(camellia_encrypt128)
#define camellia_encrypt256 CAMELLIA_PREFIX(camellia_encrypt256)
#define camellia_setup128 CAMELLIA_PREFIX(camellia_setup128)
#define camellia_setup192 CAMELLIA_PREFIX(camellia_setup192)
#define camellia_setup192 CAMELLIA_PREFIX(camellia_setup192)
#define camellia_setup256 CAMELLIA_PREFIX(camellia_setup256)
#endif /*CAMELLIA_EXT_SYM_PREFIX*/
@ -99,7 +99,7 @@ camellia_setkey(void *c, const byte *key, unsigned keylen)
+(4+32)*sizeof(u32)+2*sizeof(void*) /* camellia_setup192 */
+0+sizeof(int)+2*sizeof(void*) /* Camellia_Ekeygen */
+3*2*sizeof(void*) /* Function calls. */
);
);
return 0;
}
@ -137,7 +137,7 @@ selftest(void)
{
CAMELLIA_context ctx;
byte scratch[16];
/* These test vectors are from RFC-3713 */
const byte plaintext[]=
{

26
grub-core/lib/libgcrypt/cipher/camellia.c
View file

@ -19,7 +19,7 @@
*/
/*
* Algorithm Specification
* Algorithm Specification
* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
*/
@ -937,7 +937,7 @@ void camellia_setup256(const unsigned char *key, u32 *subkey)
CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
return;
}
@ -1049,14 +1049,14 @@ void camellia_encrypt128(const u32 *subkey, u32 *io)
io[1] = io[3];
io[2] = t0;
io[3] = t1;
return;
}
void camellia_decrypt128(const u32 *subkey, u32 *io)
{
u32 il,ir,t0,t1; /* temporary valiables */
/* pre whitening but absorb kw2*/
io[0] ^= CamelliaSubkeyL(24);
io[1] ^= CamelliaSubkeyR(24);
@ -1267,7 +1267,7 @@ void camellia_decrypt256(const u32 *subkey, u32 *io)
/* pre whitening but absorb kw2*/
io[0] ^= CamelliaSubkeyL(32);
io[1] ^= CamelliaSubkeyR(32);
/* main iteration */
CAMELLIA_ROUNDSM(io[0],io[1],
CamelliaSubkeyL(31),CamelliaSubkeyR(31),
@ -1379,8 +1379,8 @@ void camellia_decrypt256(const u32 *subkey, u32 *io)
* API for compatibility
*/
void Camellia_Ekeygen(const int keyBitLength,
const unsigned char *rawKey,
void Camellia_Ekeygen(const int keyBitLength,
const unsigned char *rawKey,
KEY_TABLE_TYPE keyTable)
{
switch(keyBitLength) {
@ -1399,9 +1399,9 @@ void Camellia_Ekeygen(const int keyBitLength,
}
void Camellia_EncryptBlock(const int keyBitLength,
const unsigned char *plaintext,
const KEY_TABLE_TYPE keyTable,
void Camellia_EncryptBlock(const int keyBitLength,
const unsigned char *plaintext,
const KEY_TABLE_TYPE keyTable,
unsigned char *ciphertext)
{
u32 tmp[4];
@ -1430,9 +1430,9 @@ void Camellia_EncryptBlock(const int keyBitLength,
PUTU32(ciphertext + 12, tmp[3]);
}
void Camellia_DecryptBlock(const int keyBitLength,
const unsigned char *ciphertext,
const KEY_TABLE_TYPE keyTable,
void Camellia_DecryptBlock(const int keyBitLength,
const unsigned char *ciphertext,
const KEY_TABLE_TYPE keyTable,
unsigned char *plaintext)
{
u32 tmp[4];

16
grub-core/lib/libgcrypt/cipher/camellia.h
View file

@ -25,7 +25,7 @@
* space of the library clean. The following macro is thus useful:
*
* #define CAMELLIA_EXT_SYM_PREFIX foo_
*
*
* This prefixes all external symbols with "foo_".
*/
#ifdef HAVE_CONFIG_H
@ -43,7 +43,7 @@
#define camellia_encrypt128 CAMELLIA_PREFIX(camellia_encrypt128)
#define camellia_encrypt256 CAMELLIA_PREFIX(camellia_encrypt256)
#define camellia_setup128 CAMELLIA_PREFIX(camellia_setup128)
#define camellia_setup192 CAMELLIA_PREFIX(camellia_setup192)
#define camellia_setup192 CAMELLIA_PREFIX(camellia_setup192)
#define camellia_setup256 CAMELLIA_PREFIX(camellia_setup256)
#endif /*CAMELLIA_EXT_SYM_PREFIX*/
@ -60,17 +60,17 @@ typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
void Camellia_Ekeygen(const int keyBitLength,
const unsigned char *rawKey,
const unsigned char *rawKey,
KEY_TABLE_TYPE keyTable);
void Camellia_EncryptBlock(const int keyBitLength,
const unsigned char *plaintext,
const KEY_TABLE_TYPE keyTable,
const unsigned char *plaintext,
const KEY_TABLE_TYPE keyTable,
unsigned char *cipherText);
void Camellia_DecryptBlock(const int keyBitLength,
const unsigned char *cipherText,
const KEY_TABLE_TYPE keyTable,
void Camellia_DecryptBlock(const int keyBitLength,
const unsigned char *cipherText,
const KEY_TABLE_TYPE keyTable,
unsigned char *plaintext);

2
grub-core/lib/libgcrypt/cipher/cast5.c
View file

@ -569,7 +569,7 @@ do_cast_setkey( CAST5_context *c, const byte *key, unsigned keylen )
u32 z[4];
u32 k[16];
if( !initialized )
if( !initialized )
{
initialized = 1;
selftest_failed = selftest();

322
grub-core/lib/libgcrypt/cipher/cipher.c
View file

@ -1,6 +1,6 @@
/* cipher.c - cipher dispatcher
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
* 2005, 2007, 2008, 2009 Free Software Foundation, Inc.
* 2005, 2007, 2008, 2009, 2011 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
@ -33,9 +33,12 @@
#define CTX_MAGIC_NORMAL 0x24091964
#define CTX_MAGIC_SECURE 0x46919042
/* Try to use 16 byte aligned cipher context for better performance.
We use the aligned attribute, thus it is only possible to implement
this with gcc. */
#undef NEED_16BYTE_ALIGNED_CONTEXT
#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__)
#define NEED_16BYTE_ALIGNED_CONTEXT 1
#if defined (__GNUC__)
# define NEED_16BYTE_ALIGNED_CONTEXT 1
#endif
/* A dummy extraspec so that we do not need to tests the extraspec
@ -58,39 +61,39 @@ static struct cipher_table_entry
&dummy_extra_spec, GCRY_CIPHER_BLOWFISH },
#endif
#if USE_DES
{ &_gcry_cipher_spec_des,
{ &_gcry_cipher_spec_des,
&dummy_extra_spec, GCRY_CIPHER_DES },
{ &_gcry_cipher_spec_tripledes,
&_gcry_cipher_extraspec_tripledes, GCRY_CIPHER_3DES, 1 },
#endif
#if USE_ARCFOUR
{ &_gcry_cipher_spec_arcfour,
{ &_gcry_cipher_spec_arcfour,
&dummy_extra_spec, GCRY_CIPHER_ARCFOUR },
#endif
#if USE_CAST5
{ &_gcry_cipher_spec_cast5,
{ &_gcry_cipher_spec_cast5,
&dummy_extra_spec, GCRY_CIPHER_CAST5 },
#endif
#if USE_AES
{ &_gcry_cipher_spec_aes,
{ &_gcry_cipher_spec_aes,
&_gcry_cipher_extraspec_aes, GCRY_CIPHER_AES, 1 },
{ &_gcry_cipher_spec_aes192,
{ &_gcry_cipher_spec_aes192,
&_gcry_cipher_extraspec_aes192, GCRY_CIPHER_AES192, 1 },
{ &_gcry_cipher_spec_aes256,
{ &_gcry_cipher_spec_aes256,
&_gcry_cipher_extraspec_aes256, GCRY_CIPHER_AES256, 1 },
#endif
#if USE_TWOFISH
{ &_gcry_cipher_spec_twofish,
&dummy_extra_spec, GCRY_CIPHER_TWOFISH },
{ &_gcry_cipher_spec_twofish128,
{ &_gcry_cipher_spec_twofish128,
&dummy_extra_spec, GCRY_CIPHER_TWOFISH128 },
#endif
#if USE_SERPENT
{ &_gcry_cipher_spec_serpent128,
{ &_gcry_cipher_spec_serpent128,
&dummy_extra_spec, GCRY_CIPHER_SERPENT128 },
{ &_gcry_cipher_spec_serpent192,
&dummy_extra_spec, GCRY_CIPHER_SERPENT192 },
{ &_gcry_cipher_spec_serpent256,
{ &_gcry_cipher_spec_serpent256,
&dummy_extra_spec, GCRY_CIPHER_SERPENT256 },
#endif
#if USE_RFC2268
@ -98,16 +101,20 @@ static struct cipher_table_entry
&dummy_extra_spec, GCRY_CIPHER_RFC2268_40 },
#endif
#if USE_SEED
{ &_gcry_cipher_spec_seed,
{ &_gcry_cipher_spec_seed,
&dummy_extra_spec, GCRY_CIPHER_SEED },
#endif
#if USE_CAMELLIA
{ &_gcry_cipher_spec_camellia128,
&dummy_extra_spec, GCRY_CIPHER_CAMELLIA128 },
{ &_gcry_cipher_spec_camellia192,
{ &_gcry_cipher_spec_camellia192,
&dummy_extra_spec, GCRY_CIPHER_CAMELLIA192 },
{ &_gcry_cipher_spec_camellia256,
&dummy_extra_spec, GCRY_CIPHER_CAMELLIA256 },
#endif
#ifdef USE_IDEA
{ &_gcry_cipher_spec_idea,
&dummy_extra_spec, GCRY_CIPHER_IDEA },
#endif
{ NULL }
};
@ -137,19 +144,20 @@ static int default_ciphers_registered;
while (0)
/* A VIA processor with the Padlock engine requires an alignment of
most data on a 16 byte boundary. Because we trick out the compiler
while allocating the context, the align attribute as used in
rijndael.c does not work on its own. Thus we need to make sure
that the entire context structure is a aligned on that boundary.
We achieve this by defining a new type and use that instead of our
usual alignment type. */
typedef union
/* A VIA processor with the Padlock engine as well as the Intel AES_NI
instructions require an alignment of most data on a 16 byte
boundary. Because we trick out the compiler while allocating the
context, the align attribute as used in rijndael.c does not work on
its own. Thus we need to make sure that the entire context
structure is a aligned on that boundary. We achieve this by
defining a new type and use that instead of our usual alignment
type. */
typedef union
{
PROPERLY_ALIGNED_TYPE foo;
#ifdef NEED_16BYTE_ALIGNED_CONTEXT
char bar[16] __attribute__ ((aligned (16)));
#endif
#endif
char c[1];
} cipher_context_alignment_t;
@ -166,7 +174,7 @@ struct gcry_cipher_handle
/* The algorithm id. This is a hack required because the module
interface does not easily allow to retrieve this value. */
int algo;
int algo;
/* A structure with function pointers for bulk operations. Due to
limitations of the module system (we don't want to change the
@ -174,16 +182,19 @@ struct gcry_cipher_handle
open function intializes them and the actual encryption routines
use them if they are not NULL. */
struct {
void (*cfb_enc)(void *context, unsigned char *iv,
void (*cfb_enc)(void *context, unsigned char *iv,
void *outbuf_arg, const void *inbuf_arg,
unsigned int nblocks);
void (*cfb_dec)(void *context, unsigned char *iv,
void (*cfb_dec)(void *context, unsigned char *iv,
void *outbuf_arg, const void *inbuf_arg,
unsigned int nblocks);
void (*cbc_enc)(void *context, unsigned char *iv,
void (*cbc_enc)(void *context, unsigned char *iv,
void *outbuf_arg, const void *inbuf_arg,
unsigned int nblocks, int cbc_mac);
void (*cbc_dec)(void *context, unsigned char *iv,
void (*cbc_dec)(void *context, unsigned char *iv,
void *outbuf_arg, const void *inbuf_arg,
unsigned int nblocks);
void (*ctr_enc)(void *context, unsigned char *iv,
void *outbuf_arg, const void *inbuf_arg,
unsigned int nblocks);
} bulk;
@ -197,19 +208,24 @@ struct gcry_cipher_handle
unsigned int iv:1; /* Set to 1 if a IV has been set. */
} marks;
/* The initialization vector. To help code optimization we make
sure that it is aligned on an unsigned long and u32 boundary. */
/* The initialization vector. For best performance we make sure
that it is properly aligned. In particular some implementations
of bulk operations expect an 16 byte aligned IV. */
union {
unsigned long dummy_iv;
u32 dummy_u32_iv;
unsigned char iv[MAX_BLOCKSIZE];
cipher_context_alignment_t iv_align;
unsigned char iv[MAX_BLOCKSIZE];
} u_iv;
/* The counter for CTR mode. This field is also used by AESWRAP and
thus we can't use the U_IV union. */
union {
cipher_context_alignment_t iv_align;
unsigned char ctr[MAX_BLOCKSIZE];
} u_ctr;
/* Space to save an IV or CTR for chaining operations. */
unsigned char lastiv[MAX_BLOCKSIZE];
int unused; /* Number of unused bytes in the IV. */
unsigned char ctr[MAX_BLOCKSIZE]; /* For Counter (CTR) mode. */
int unused; /* Number of unused bytes in LASTIV. */
/* What follows are two contexts of the cipher in use. The first
one needs to be aligned well enough for the cipher operation
@ -227,7 +243,7 @@ struct gcry_cipher_handle
static gcry_err_code_t
dummy_setkey (void *c, const unsigned char *key, unsigned int keylen)
{
(void)c;
(void)c;
(void)key;
(void)keylen;
return GPG_ERR_NO_ERROR;
@ -286,7 +302,7 @@ cipher_register_default (void)
{
gcry_err_code_t err = GPG_ERR_NO_ERROR;
int i;
for (i = 0; !err && cipher_table[i].cipher; i++)
{
if (! cipher_table[i].cipher->setkey)
@ -389,8 +405,8 @@ _gcry_cipher_register (gcry_cipher_spec_t *cipher,
ath_mutex_lock (&ciphers_registered_lock);
err = _gcry_module_add (&ciphers_registered, 0,
(void *)cipher,
(void *)(extraspec? extraspec : &dummy_extra_spec),
(void *)cipher,
(void *)(extraspec? extraspec : &dummy_extra_spec),
&mod);
ath_mutex_unlock (&ciphers_registered_lock);
@ -420,7 +436,7 @@ gcry_cipher_unregister (gcry_module_t module)
ispassed as NULL. A pointer to the specification of the module
implementing this algorithm is return in OID_SPEC unless passed as
NULL.*/
static int
static int
search_oid (const char *oid, int *algorithm, gcry_cipher_oid_spec_t *oid_spec)
{
gcry_module_t module;
@ -484,7 +500,7 @@ gcry_cipher_map_name (const char *string)
}
ath_mutex_unlock (&ciphers_registered_lock);
return algorithm;
}
@ -593,15 +609,13 @@ check_cipher_algo (int algorithm)
else
err = GPG_ERR_CIPHER_ALGO;
ath_mutex_unlock (&ciphers_registered_lock);
return err;
}
/* Return the standard length of the key for the cipher algorithm with
the identifier ALGORITHM. This function expects a valid algorithm
and will abort if the algorithm is not available or the length of
the key is not known. */
/* Return the standard length in bits of the key for the cipher
algorithm with the identifier ALGORITHM. */
static unsigned int
cipher_get_keylen (int algorithm)
{
@ -619,17 +633,13 @@ cipher_get_keylen (int algorithm)
log_bug ("cipher %d w/o key length\n", algorithm);
_gcry_module_release (cipher);
}
else
log_bug ("cipher %d not found\n", algorithm);
ath_mutex_unlock (&ciphers_registered_lock);
return len;
}
/* Return the block length of the cipher algorithm with the identifier
ALGORITHM. This function expects a valid algorithm and will abort
if the algorithm is not available or the length of the key is not
known. */
ALGORITHM. This function return 0 for an invalid algorithm. */
static unsigned int
cipher_get_blocksize (int algorithm)
{
@ -647,8 +657,6 @@ cipher_get_blocksize (int algorithm)
log_bug ("cipher %d w/o blocksize\n", algorithm);
_gcry_module_release (cipher);
}
else
log_bug ("cipher %d not found\n", algorithm);
ath_mutex_unlock (&ciphers_registered_lock);
return len;
@ -683,7 +691,7 @@ gcry_cipher_open (gcry_cipher_hd_t *handle,
/* If the application missed to call the random poll function, we do
it here to ensure that it is used once in a while. */
_gcry_fast_random_poll ();
REGISTER_DEFAULT_CIPHERS;
/* Fetch the according module and check whether the cipher is marked
@ -711,7 +719,7 @@ gcry_cipher_open (gcry_cipher_hd_t *handle,
/* check flags */
if ((! err)
&& ((flags & ~(0
&& ((flags & ~(0
| GCRY_CIPHER_SECURE
| GCRY_CIPHER_ENABLE_SYNC
| GCRY_CIPHER_CBC_CTS
@ -774,7 +782,7 @@ gcry_cipher_open (gcry_cipher_hd_t *handle,
h = gcry_calloc (1, size);
if (! h)
err = gpg_err_code_from_errno (errno);
err = gpg_err_code_from_syserror ();
else
{
size_t off = 0;
@ -810,9 +818,10 @@ gcry_cipher_open (gcry_cipher_hd_t *handle,
h->bulk.cfb_dec = _gcry_aes_cfb_dec;
h->bulk.cbc_enc = _gcry_aes_cbc_enc;
h->bulk.cbc_dec = _gcry_aes_cbc_dec;
h->bulk.ctr_enc = _gcry_aes_ctr_enc;
break;
#endif /*USE_AES*/
default:
break;
}
@ -902,7 +911,7 @@ static void
cipher_setiv( gcry_cipher_hd_t c, const byte *iv, unsigned ivlen )
{
memset (c->u_iv.iv, 0, c->cipher->blocksize);
if (iv)
if (iv)
{
if (ivlen != c->cipher->blocksize)
{
@ -932,7 +941,7 @@ cipher_reset (gcry_cipher_hd_t c)
memset (&c->marks, 0, sizeof c->marks);
memset (c->u_iv.iv, 0, c->cipher->blocksize);
memset (c->lastiv, 0, c->cipher->blocksize);
memset (c->ctr, 0, c->cipher->blocksize);
memset (c->u_ctr.ctr, 0, c->cipher->blocksize);
}
@ -944,7 +953,7 @@ do_ecb_encrypt (gcry_cipher_hd_t c,
{
unsigned int blocksize = c->cipher->blocksize;
unsigned int n, nblocks;
if (outbuflen < inbuflen)
return GPG_ERR_BUFFER_TOO_SHORT;
if ((inbuflen % blocksize))
@ -975,7 +984,7 @@ do_ecb_decrypt (gcry_cipher_hd_t c,
return GPG_ERR_INV_LENGTH;
nblocks = inbuflen / c->cipher->blocksize;
for (n=0; n < nblocks; n++ )
for (n=0; n < nblocks; n++ )
{
c->cipher->decrypt (&c->context.c, outbuf, (byte*)/*arggg*/inbuf );
inbuf += blocksize;
@ -1005,7 +1014,7 @@ do_cbc_encrypt (gcry_cipher_hd_t c,
&& (c->flags & GCRY_CIPHER_CBC_CTS)))
return GPG_ERR_INV_LENGTH;
if ((c->flags & GCRY_CIPHER_CBC_CTS) && inbuflen > blocksize)
if ((c->flags & GCRY_CIPHER_CBC_CTS) && inbuflen > blocksize)
{
if ((inbuflen % blocksize) == 0)
nblocks--;
@ -1014,7 +1023,7 @@ do_cbc_encrypt (gcry_cipher_hd_t c,
if (c->bulk.cbc_enc)
{
c->bulk.cbc_enc (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks,
(c->flags & GCRY_CIPHER_CBC_MAC));
(c->flags & GCRY_CIPHER_CBC_MAC));
inbuf += nblocks * blocksize;
if (!(c->flags & GCRY_CIPHER_CBC_MAC))
outbuf += nblocks * blocksize;
@ -1054,7 +1063,7 @@ do_cbc_encrypt (gcry_cipher_hd_t c,
}
for (; i < blocksize; i++)
outbuf[i] = 0 ^ *ivp++;
c->cipher->encrypt (&c->context.c, outbuf, outbuf);
memcpy (c->u_iv.iv, outbuf, blocksize);
}
@ -1092,13 +1101,13 @@ do_cbc_decrypt (gcry_cipher_hd_t c,
if (c->bulk.cbc_dec)
{
c->bulk.cbc_dec (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
c->bulk.cbc_dec (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
inbuf += nblocks * blocksize;
outbuf += nblocks * blocksize;
}
else
{
for (n=0; n < nblocks; n++ )
for (n=0; n < nblocks; n++ )
{
/* Because outbuf and inbuf might be the same, we have to
* save the original ciphertext block. We use LASTIV for
@ -1113,22 +1122,22 @@ do_cbc_decrypt (gcry_cipher_hd_t c,
}
}
if ((c->flags & GCRY_CIPHER_CBC_CTS) && inbuflen > blocksize)
if ((c->flags & GCRY_CIPHER_CBC_CTS) && inbuflen > blocksize)
{
int restbytes;
if ((inbuflen % blocksize) == 0)
restbytes = blocksize;
else
restbytes = inbuflen % blocksize;
memcpy (c->lastiv, c->u_iv.iv, blocksize ); /* Save Cn-2. */
memcpy (c->u_iv.iv, inbuf + blocksize, restbytes ); /* Save Cn. */
c->cipher->decrypt ( &c->context.c, outbuf, inbuf );
for (ivp=c->u_iv.iv,i=0; i < restbytes; i++ )
outbuf[i] ^= *ivp++;
memcpy(outbuf + blocksize, outbuf, restbytes);
for(i=restbytes; i < blocksize; i++)
c->u_iv.iv[i] = outbuf[i];
@ -1150,7 +1159,7 @@ do_cfb_encrypt (gcry_cipher_hd_t c,
unsigned char *ivp;
size_t blocksize = c->cipher->blocksize;
size_t blocksize_x_2 = blocksize + blocksize;
if (outbuflen < inbuflen)
return GPG_ERR_BUFFER_TOO_SHORT;
@ -1179,7 +1188,7 @@ do_cfb_encrypt (gcry_cipher_hd_t c,
if (inbuflen >= blocksize_x_2 && c->bulk.cfb_enc)
{
unsigned int nblocks = inbuflen / blocksize;
c->bulk.cfb_enc (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
c->bulk.cfb_enc (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
outbuf += nblocks * blocksize;
inbuf += nblocks * blocksize;
inbuflen -= nblocks * blocksize;
@ -1209,7 +1218,7 @@ do_cfb_encrypt (gcry_cipher_hd_t c,
*outbuf++ = (*ivp++ ^= *inbuf++);
inbuflen -= blocksize;
}
if ( inbuflen )
if ( inbuflen )
{
/* Save the current IV and then encrypt the IV. */
memcpy( c->lastiv, c->u_iv.iv, blocksize );
@ -1234,7 +1243,7 @@ do_cfb_decrypt (gcry_cipher_hd_t c,
int i;
size_t blocksize = c->cipher->blocksize;
size_t blocksize_x_2 = blocksize + blocksize;
if (outbuflen < inbuflen)
return GPG_ERR_BUFFER_TOO_SHORT;
@ -1243,7 +1252,7 @@ do_cfb_decrypt (gcry_cipher_hd_t c,
/* Short enough to be encoded by the remaining XOR mask. */
/* XOR the input with the IV and store input into IV. */
for (ivp=c->u_iv.iv+blocksize - c->unused;
inbuflen;
inbuflen;
inbuflen--, c->unused--)
{
temp = *inbuf++;
@ -1252,7 +1261,7 @@ do_cfb_decrypt (gcry_cipher_hd_t c,
}
return 0;
}
if (c->unused)
{
/* XOR the input with the IV and store input into IV. */
@ -1264,14 +1273,14 @@ do_cfb_decrypt (gcry_cipher_hd_t c,
*ivp++ = temp;
}
}
/* Now we can process complete blocks. We use a loop as long as we
have at least 2 blocks and use conditions for the rest. This
also allows to use a bulk encryption function if available. */
if (inbuflen >= blocksize_x_2 && c->bulk.cfb_dec)
{
unsigned int nblocks = inbuflen / blocksize;
c->bulk.cfb_dec (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
c->bulk.cfb_dec (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
outbuf += nblocks * blocksize;
inbuf += nblocks * blocksize;
inbuflen -= nblocks * blocksize;
@ -1309,7 +1318,7 @@ do_cfb_decrypt (gcry_cipher_hd_t c,
}
if (inbuflen)
{
{
/* Save the current IV and then encrypt the IV. */
memcpy ( c->lastiv, c->u_iv.iv, blocksize );
c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
@ -1363,7 +1372,7 @@ do_ofb_encrypt (gcry_cipher_hd_t c,
/* Encrypt the IV (and save the current one). */
memcpy( c->lastiv, c->u_iv.iv, blocksize );
c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
for (ivp=c->u_iv.iv,i=0; i < blocksize; i++ )
*outbuf++ = (*ivp++ ^ *inbuf++);
inbuflen -= blocksize;
@ -1387,7 +1396,7 @@ do_ofb_decrypt (gcry_cipher_hd_t c,
{
unsigned char *ivp;
size_t blocksize = c->cipher->blocksize;
if (outbuflen < inbuflen)
return GPG_ERR_BUFFER_TOO_SHORT;
@ -1417,7 +1426,7 @@ do_ofb_decrypt (gcry_cipher_hd_t c,
*outbuf++ = *ivp++ ^ *inbuf++;
inbuflen -= blocksize;
}
if ( inbuflen )
if ( inbuflen )
{ /* Process the remaining bytes. */
/* Encrypt the IV (and save the current one). */
memcpy( c->lastiv, c->u_iv.iv, blocksize );
@ -1437,35 +1446,72 @@ do_ctr_encrypt (gcry_cipher_hd_t c,
const unsigned char *inbuf, unsigned int inbuflen)
{
unsigned int n;
unsigned char tmp[MAX_BLOCKSIZE];
int i;
unsigned int blocksize = c->cipher->blocksize;
unsigned int nblocks;
if (outbuflen < inbuflen)
return GPG_ERR_BUFFER_TOO_SHORT;
if ((inbuflen % blocksize))
return GPG_ERR_INV_LENGTH;
for (n=0; n < inbuflen; n++)
/* First process a left over encrypted counter. */
if (c->unused)
{
if ((n % blocksize) == 0)
{
c->cipher->encrypt (&c->context.c, tmp, c->ctr);
for (i = blocksize; i > 0; i--)
{
c->ctr[i-1]++;
if (c->ctr[i-1] != 0)
break;
}
}
/* XOR input with encrypted counter and store in output. */
outbuf[n] = inbuf[n] ^ tmp[n % blocksize];
gcry_assert (c->unused < blocksize);
i = blocksize - c->unused;
for (n=0; c->unused && n < inbuflen; c->unused--, n++, i++)
{
/* XOR input with encrypted counter and store in output. */
outbuf[n] = inbuf[n] ^ c->lastiv[i];
}
inbuf += n;
outbuf += n;
inbuflen -= n;
}
/* Use a bulk method if available. */
nblocks = inbuflen / blocksize;
if (nblocks && c->bulk.ctr_enc)
{
c->bulk.ctr_enc (&c->context.c, c->u_ctr.ctr, outbuf, inbuf, nblocks);
inbuf += nblocks * blocksize;
outbuf += nblocks * blocksize;
inbuflen -= nblocks * blocksize;
}
/* If we don't have a bulk method use the standard method. We also
use this method for the a remaining partial block. */
if (inbuflen)
{
unsigned char tmp[MAX_BLOCKSIZE];
for (n=0; n < inbuflen; n++)
{
if ((n % blocksize) == 0)
{
c->cipher->encrypt (&c->context.c, tmp, c->u_ctr.ctr);
for (i = blocksize; i > 0; i--)
{
c->u_ctr.ctr[i-1]++;
if (c->u_ctr.ctr[i-1] != 0)
break;
}
}
/* XOR input with encrypted counter and store in output. */
outbuf[n] = inbuf[n] ^ tmp[n % blocksize];
}
/* Save the unused bytes of the counter. */
n %= blocksize;
c->unused = (blocksize - n) % blocksize;
if (c->unused)
memcpy (c->lastiv+n, tmp+n, c->unused);
wipememory (tmp, sizeof tmp);
}
wipememory (tmp, sizeof tmp);
return 0;
}
@ -1495,15 +1541,15 @@ do_aeswrap_encrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen,
#endif
/* We require a cipher with a 128 bit block length. */
if (c->cipher->blocksize != 16)
return GPG_ERR_INV_LENGTH;
return GPG_ERR_INV_LENGTH;
/* The output buffer must be able to hold the input data plus one
additional block. */
if (outbuflen < inbuflen + 8)
return GPG_ERR_BUFFER_TOO_SHORT;
/* Input data must be multiple of 64 bits. */
if (inbuflen % 8)
return GPG_ERR_INV_ARG;
return GPG_ERR_INV_ARG;
n = inbuflen / 8;
@ -1511,9 +1557,9 @@ do_aeswrap_encrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen,
if (n < 2)
return GPG_ERR_INV_ARG;
r = outbuf;
r = outbuf;
a = outbuf; /* We store A directly in OUTBUF. */
b = c->ctr; /* B is also used to concatenate stuff. */
b = c->u_ctr.ctr; /* B is also used to concatenate stuff. */
/* If an IV has been set we use that IV as the Alternative Initial
Value; if it has not been set we use the standard value. */
@ -1549,7 +1595,7 @@ do_aeswrap_encrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen,
memcpy (r+i*8, b+8, 8);
}
}
return 0;
}
@ -1570,8 +1616,8 @@ do_aeswrap_decrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen,
#endif
/* We require a cipher with a 128 bit block length. */
if (c->cipher->blocksize != 16)
return GPG_ERR_INV_LENGTH;
return GPG_ERR_INV_LENGTH;
/* The output buffer must be able to hold the input data minus one
additional block. Fixme: The caller has more restrictive checks
- we may want to fix them for this mode. */
@ -1579,7 +1625,7 @@ do_aeswrap_decrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen,
return GPG_ERR_BUFFER_TOO_SHORT;
/* Input data must be multiple of 64 bits. */
if (inbuflen % 8)
return GPG_ERR_INV_ARG;
return GPG_ERR_INV_ARG;
n = inbuflen / 8;
@ -1587,9 +1633,9 @@ do_aeswrap_decrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen,
if (n < 3)
return GPG_ERR_INV_ARG;
r = outbuf;
r = outbuf;
a = c->lastiv; /* We use c->LASTIV as buffer for A. */
b = c->ctr; /* B is also used to concatenate stuff. */
b = c->u_ctr.ctr; /* B is also used to concatenate stuff. */
/* Copy the inbuf to the outbuf and save A. */
memcpy (a, inbuf, 8);
@ -1663,7 +1709,7 @@ cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen,
case GCRY_CIPHER_MODE_CBC:
rc = do_cbc_encrypt (c, outbuf, outbuflen, inbuf, inbuflen);
break;
case GCRY_CIPHER_MODE_CFB:
rc = do_cfb_encrypt (c, outbuf, outbuflen, inbuf, inbuflen);
break;
@ -1699,7 +1745,7 @@ cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen,
rc = 0;
}
break;
default:
log_fatal ("cipher_encrypt: invalid mode %d\n", c->mode );
rc = GPG_ERR_INV_CIPHER_MODE;
@ -1728,7 +1774,7 @@ gcry_cipher_encrypt (gcry_cipher_hd_t h, void *out, size_t outsize,
/* Failsafe: Make sure that the plaintext will never make it into
OUT if the encryption returned an error. */
if (err && out)
memset (out, 0x42, outsize);
memset (out, 0x42, outsize);
return gcry_error (err);
}
@ -1791,7 +1837,7 @@ cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen,
rc = 0;
}
break;
default:
log_fatal ("cipher_decrypt: invalid mode %d\n", c->mode );
rc = GPG_ERR_INV_CIPHER_MODE;
@ -1857,9 +1903,15 @@ gpg_error_t
_gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen)
{
if (ctr && ctrlen == hd->cipher->blocksize)
memcpy (hd->ctr, ctr, hd->cipher->blocksize);
{
memcpy (hd->u_ctr.ctr, ctr, hd->cipher->blocksize);
hd->unused = 0;
}
else if (!ctr || !ctrlen)
memset (hd->ctr, 0, hd->cipher->blocksize);
{
memset (hd->u_ctr.ctr, 0, hd->cipher->blocksize);
hd->unused = 0;
}
else
return gpg_error (GPG_ERR_INV_ARG);
return 0;
@ -1918,17 +1970,12 @@ gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
break;
case GCRYCTL_SET_CTR: /* Deprecated; use gcry_cipher_setctr. */
if (buffer && buflen == h->cipher->blocksize)
memcpy (h->ctr, buffer, h->cipher->blocksize);
else if (buffer == NULL || buflen == 0)
memset (h->ctr, 0, h->cipher->blocksize);
else
rc = GPG_ERR_INV_ARG;
rc = gpg_err_code (_gcry_cipher_setctr (h, buffer, buflen));
break;
case 61: /* Disable weak key detection (private). */
if (h->extraspec->set_extra_info)
rc = h->extraspec->set_extra_info
rc = h->extraspec->set_extra_info
(&h->context.c, CIPHER_INFO_NO_WEAK_KEY, NULL, 0);
else
rc = GPG_ERR_NOT_SUPPORTED;
@ -1936,7 +1983,7 @@ gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
case 62: /* Return current input vector (private). */
/* This is the input block as used in CFB and OFB mode which has
initially been set as IV. The returned format is:
initially been set as IV. The returned format is:
1 byte Actual length of the block in bytes.
n byte The block.
If the provided buffer is too short, an error is returned. */
@ -1947,7 +1994,7 @@ gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
unsigned char *ivp;
unsigned char *dst = buffer;
int n = h->unused;
if (!n)
n = h->cipher->blocksize;
gcry_assert (n <= h->cipher->blocksize);
@ -1969,10 +2016,10 @@ gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
/* Return information about the cipher handle H. CMD is the kind of
information requested. BUFFER and NBYTES are reserved for now.
There are no values for CMD yet defined.
There are no values for CMD yet defined.
The function always returns GPG_ERR_INV_OP.
*/
gcry_error_t
gcry_cipher_info (gcry_cipher_hd_t h, int cmd, void *buffer, size_t *nbytes)
@ -2009,7 +2056,7 @@ gcry_cipher_info (gcry_cipher_hd_t h, int cmd, void *buffer, size_t *nbytes)
GCRYCTL_TEST_ALGO:
Returns 0 if the specified algorithm ALGO is available for use.
BUFFER and NBYTES must be zero.
Note: Because this function is in most cases used to return an
integer value, we can make it easier for the caller to just look at
the return value. The caller will in all cases consult the value
@ -2033,8 +2080,7 @@ gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes)
if ((ui > 0) && (ui <= 512))
*nbytes = (size_t) ui / 8;
else
/* The only reason is an invalid algo or a strange
blocksize. */
/* The only reason for an error is an invalid algo. */
err = GPG_ERR_CIPHER_ALGO;
}
break;
@ -2078,7 +2124,7 @@ gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes)
gcry_cipher_algo_info because it allows for proper type
checking. */
size_t
gcry_cipher_get_algo_keylen (int algo)
gcry_cipher_get_algo_keylen (int algo)
{
size_t n;
@ -2094,7 +2140,7 @@ gcry_cipher_get_algo_keylen (int algo)
gcry_cipher_algo_info because it allows for proper type
checking. */
size_t
gcry_cipher_get_algo_blklen (int algo)
gcry_cipher_get_algo_blklen (int algo)
{
size_t n;
@ -2155,7 +2201,7 @@ _gcry_cipher_selftest (int algo, int extended, selftest_report_func_t report)
{
ec = GPG_ERR_CIPHER_ALGO;
if (report)
report ("cipher", algo, "module",
report ("cipher", algo, "module",
module && !(module->flags & FLAG_MODULE_DISABLED)?
"no selftest available" :
module? "algorithm disabled" : "algorithm not found");

22
grub-core/lib/libgcrypt/cipher/des.c
View file

@ -22,7 +22,7 @@
* Bruce Schneier: Applied Cryptography. Second Edition.
* John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
* This implementation is according to the definition of DES in FIPS
* PUB 46-2 from December 1993.
* PUB 46-2 from December 1993.
*/
@ -388,7 +388,7 @@ static byte weak_keys[64][8] =
};
static unsigned char weak_keys_chksum[20] = {
0xD0, 0xCF, 0x07, 0x38, 0x93, 0x70, 0x8A, 0x83, 0x7D, 0xD7,
0x8A, 0x36, 0x65, 0x29, 0x6C, 0x1F, 0x7C, 0x3F, 0xD3, 0x41
0x8A, 0x36, 0x65, 0x29, 0x6C, 0x1F, 0x7C, 0x3F, 0xD3, 0x41
};
@ -888,12 +888,12 @@ selftest (void)
if (memcmp (input, result, 8))
return "Triple-DES test failed.";
}
/*
* More Triple-DES test. These are testvectors as used by SSLeay,
* thanks to Jeroen C. van Gelderen.
*/
{
{
struct { byte key[24]; byte plain[8]; byte cipher[8]; } testdata[] = {
{ { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
@ -901,7 +901,7 @@ selftest (void)
{ 0x95,0xF8,0xA5,0xE5,0xDD,0x31,0xD9,0x00 },
{ 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }
},
{ { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 },
@ -966,7 +966,7 @@ selftest (void)
{
tripledes_set3keys (des3, testdata[i].key,
testdata[i].key + 8, testdata[i].key + 16);
tripledes_ecb_encrypt (des3, testdata[i].plain, result);
if (memcmp (testdata[i].cipher, result, 8))
return "Triple-DES SSLeay test failed on encryption.";
@ -1047,7 +1047,7 @@ do_tripledes_set_extra_info (void *context, int what,
break;
default:
ec = GPG_ERR_INV_OP;
ec = GPG_ERR_INV_OP;
break;
}
return ec;
@ -1112,7 +1112,7 @@ do_des_decrypt( void *context, byte *outbuf, const byte *inbuf )
/*
/*
Self-test section.
*/
@ -1123,7 +1123,7 @@ selftest_fips (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
(void)extended; /* No extended tests available. */
what = "low-level";
@ -1160,7 +1160,7 @@ run_selftests (int algo, int extended, selftest_report_func_t report)
default:
ec = GPG_ERR_CIPHER_ALGO;
break;
}
return ec;
}
@ -1189,7 +1189,7 @@ gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt
};
cipher_extra_spec_t _gcry_cipher_extraspec_tripledes =
cipher_extra_spec_t _gcry_cipher_extraspec_tripledes =
{
run_selftests,
do_tripledes_set_extra_info

101
grub-core/lib/libgcrypt/cipher/dsa.c
View file

@ -74,7 +74,7 @@ static const char sample_secret_key[] =
" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)"
" (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))";
/* A sample 1024 bit DSA key used for the selftests (public only). */
static const char sample_public_key[] =
static const char sample_public_key[] =
"(public-key"
" (dsa"
" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
@ -141,14 +141,19 @@ gen_k( gcry_mpi_t q )
unsigned int nbytes = (nbits+7)/8;
char *rndbuf = NULL;
/* To learn why we don't use mpi_mod to get the requested bit size,
read the paper: "The Insecurity of the Digital Signature
Algorithm with Partially Known Nonces" by Nguyen and Shparlinski.
Journal of Cryptology, New York. Vol 15, nr 3 (2003) */
if ( DBG_CIPHER )
log_debug("choosing a random k ");
for (;;)
for (;;)
{
if( DBG_CIPHER )
progress('.');
if ( !rndbuf || nbits < 32 )
if ( !rndbuf || nbits < 32 )
{
gcry_free(rndbuf);
rndbuf = gcry_random_bytes_secure( (nbits+7)/8, GCRY_STRONG_RANDOM );
@ -156,13 +161,20 @@ gen_k( gcry_mpi_t q )
else
{ /* Change only some of the higher bits. We could improve
this by directly requesting more memory at the first call
to get_random_bytes() and use this the here maybe it is
easier to do this directly in random.c. */
to get_random_bytes() and use these extra bytes here.
However the required management code is more complex and
thus we better use this simple method. */
char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM );
memcpy( rndbuf,pp, 4 );
gcry_free(pp);
}
_gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 );
/* Make sure we have the requested number of bits. This code
looks a bit funny but it is easy to understand if you
consider that mpi_set_highbit clears all higher bits. We
don't have a clear_highbit, thus we first set the high bit
and then clear it again. */
if ( mpi_test_bit( k, nbits-1 ) )
mpi_set_highbit( k, nbits-1 );
else
@ -172,7 +184,7 @@ gen_k( gcry_mpi_t q )
}
if( !(mpi_cmp( k, q ) < 0) ) /* check: k < q */
{
{
if( DBG_CIPHER )
progress('+');
continue; /* no */
@ -188,7 +200,7 @@ gen_k( gcry_mpi_t q )
gcry_free(rndbuf);
if( DBG_CIPHER )
progress('\n');
return k;
}
@ -315,7 +327,7 @@ generate (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits,
mpi_add_ui (h, h, 1);
/* g = h^e mod p */
gcry_mpi_powm (g, h, e, p);
}
}
while (!mpi_cmp_ui (g, 1)); /* Continue until g != 1. */
}
@ -330,13 +342,13 @@ generate (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits,
x = mpi_alloc_secure( mpi_get_nlimbs(q) );
mpi_sub_ui( h, q, 1 ); /* put q-1 into h */
rndbuf = NULL;
do
do
{
if( DBG_CIPHER )
progress('.');
if( !rndbuf )
rndbuf = gcry_random_bytes_secure ((qbits+7)/8, random_level);
else
else
{ /* Change only some of the higher bits (= 2 bytes)*/
char *r = gcry_random_bytes_secure (2, random_level);
memcpy(rndbuf, r, 2 );
@ -345,7 +357,7 @@ generate (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits,
_gcry_mpi_set_buffer( x, rndbuf, (qbits+7)/8, 0 );
mpi_clear_highbit( x, qbits+1 );
}
}
while ( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, h )<0 ) );
gcry_free(rndbuf);
mpi_free( e );
@ -355,7 +367,7 @@ generate (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits,
y = mpi_alloc( mpi_get_nlimbs(p) );
gcry_mpi_powm( y, g, x, p );
if( DBG_CIPHER )
if( DBG_CIPHER )
{
progress('\n');
log_mpidump("dsa p", p );
@ -406,8 +418,8 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits,
const void *seed;
size_t seedlen;
} initial_seed = { NULL, NULL, 0 };
gcry_mpi_t prime_q = NULL;
gcry_mpi_t prime_p = NULL;
gcry_mpi_t prime_q = NULL;
gcry_mpi_t prime_p = NULL;
gcry_mpi_t value_g = NULL; /* The generator. */
gcry_mpi_t value_y = NULL; /* g^x mod p */
gcry_mpi_t value_x = NULL; /* The secret exponent. */
@ -467,15 +479,15 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits,
initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1,
&initial_seed.seedlen);
}
/* Fixme: Enable 186-3 after it has been approved and after fixing
the generation function. */
/* if (use_fips186_2) */
(void)use_fips186_2;
ec = _gcry_generate_fips186_2_prime (nbits, qbits,
initial_seed.seed,
ec = _gcry_generate_fips186_2_prime (nbits, qbits,
initial_seed.seed,
initial_seed.seedlen,
&prime_q, &prime_p,
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen);
/* else */
@ -493,33 +505,33 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits,
mpi_sub_ui (value_e, prime_p, 1);
mpi_fdiv_q (value_e, value_e, prime_q );
value_g = mpi_alloc_like (prime_p);
value_h = mpi_alloc_set_ui (1);
value_h = mpi_alloc_set_ui (1);
do
{
mpi_add_ui (value_h, value_h, 1);
/* g = h^e mod p */
mpi_powm (value_g, value_h, value_e, prime_p);
}
}
while (!mpi_cmp_ui (value_g, 1)); /* Continue until g != 1. */
}
/* Select a random number x with: 0 < x < q */
value_x = gcry_mpi_snew (qbits);
do
do
{
if( DBG_CIPHER )
progress('.');
gcry_mpi_randomize (value_x, qbits, GCRY_VERY_STRONG_RANDOM);
mpi_clear_highbit (value_x, qbits+1);
}
}
while (!(mpi_cmp_ui (value_x, 0) > 0 && mpi_cmp (value_x, prime_q) < 0));
/* y = g^x mod p */
value_y = mpi_alloc_like (prime_p);
gcry_mpi_powm (value_y, value_g, value_x, prime_p);
if (DBG_CIPHER)
if (DBG_CIPHER)
{
progress('\n');
log_mpidump("dsa p", prime_p );
@ -691,7 +703,7 @@ dsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
int use_fips186_2 = 0;
int use_fips186 = 0;
dsa_domain_t domain;
(void)algo; /* No need to check it. */
(void)evalue; /* Not required for DSA. */
@ -700,7 +712,7 @@ dsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
if (genparms)
{
gcry_sexp_t domainsexp;
/* Parse the optional qbits element. */
l1 = gcry_sexp_find_token (genparms, "qbits", 0);
if (l1)
@ -708,7 +720,7 @@ dsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
char buf[50];
const char *s;
size_t n;
s = gcry_sexp_nth_data (l1, 1, &n);
if (!s || n >= DIM (buf) - 1 )
{
@ -760,7 +772,7 @@ dsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
gcry_sexp_release (deriveparms);
return GPG_ERR_INV_VALUE;
}
/* Put all domain parameters into the domain object. */
l1 = gcry_sexp_find_token (domainsexp, "p", 0);
domain.p = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
@ -804,7 +816,7 @@ dsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
{
/* Format the seed-values unless domain parameters are used
for which a H_VALUE of NULL is an indication. */
ec = gpg_err_code (gcry_sexp_build
ec = gpg_err_code (gcry_sexp_build
(&seedinfo, NULL,
"(seed-values(counter %d)(seed %b)(h %m))",
counter, (int)seedlen, seed, h_value));
@ -879,7 +891,7 @@ dsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
p = stpcpy (p, ")");
}
p = stpcpy (p, ")");
/* Allocate space for the list of factors plus one for
an S-expression plus an extra NULL entry for safety
and fill it with the factors. */
@ -894,8 +906,8 @@ dsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
for (j=0; j < nfactors; j++)
arg_list[i++] = (*retfactors) + j;
arg_list[i] = NULL;
ec = gpg_err_code (gcry_sexp_build_array
ec = gpg_err_code (gcry_sexp_build_array
(r_extrainfo, NULL, format, arg_list));
}
}
@ -1023,19 +1035,19 @@ dsa_get_nbits (int algo, gcry_mpi_t *pkey)
/*
/*
Self-test section.
*/
static const char *
selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
{
static const char sample_data[] =
"(data (flags pkcs1)"
" (hash sha1 #a0b1c2d3e4f500102030405060708090a1b2c3d4#))";
static const char sample_data_bad[] =
"(data (flags pkcs1)"
" (hash sha1 #a0b1c2d3e4f510102030405060708090a1b2c3d4#))";
static const char sample_data[] =
"(data (flags raw)"
" (value #a0b1c2d3e4f500102030405060708090a1b2c3d4#))";
static const char sample_data_bad[] =
"(data (flags raw)"
" (value #a0b1c2d3e4f510102030405060708090a1b2c3d4#))";
const char *errtxt = NULL;
gcry_error_t err;
@ -1046,7 +1058,7 @@ selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
err = gcry_sexp_sscan (&data, NULL,
sample_data, strlen (sample_data));
if (!err)
err = gcry_sexp_sscan (&data_bad, NULL,
err = gcry_sexp_sscan (&data_bad, NULL,
sample_data_bad, strlen (sample_data_bad));
if (err)
{
@ -1093,10 +1105,10 @@ selftests_dsa (selftest_report_func_t report)
/* Convert the S-expressions into the internal representation. */
what = "convert";
err = gcry_sexp_sscan (&skey, NULL,
err = gcry_sexp_sscan (&skey, NULL,
sample_secret_key, strlen (sample_secret_key));
if (!err)
err = gcry_sexp_sscan (&pkey, NULL,
err = gcry_sexp_sscan (&pkey, NULL,
sample_public_key, strlen (sample_public_key));
if (err)
{
@ -1146,7 +1158,7 @@ run_selftests (int algo, int extended, selftest_report_func_t report)
default:
ec = GPG_ERR_PUBKEY_ALGO;
break;
}
return ec;
}
@ -1163,7 +1175,7 @@ static const char *dsa_names[] =
gcry_pk_spec_t _gcry_pubkey_spec_dsa =
{
"DSA", dsa_names,
"DSA", dsa_names,
"pqgy", "pqgyx", "", "rs", "pqgy",
GCRY_PK_USAGE_SIGN,
dsa_generate,
@ -1174,9 +1186,8 @@ gcry_pk_spec_t _gcry_pubkey_spec_dsa =
dsa_verify,
dsa_get_nbits
};
pk_extra_spec_t _gcry_pubkey_extraspec_dsa =
pk_extra_spec_t _gcry_pubkey_extraspec_dsa =
{
run_selftests,
dsa_generate_ext
};

630
grub-core/lib/libgcrypt/cipher/ecc.c
View file

File diff suppressed because it is too large Load diff

39
grub-core/lib/libgcrypt/cipher/elgamal.c
View file

@ -115,7 +115,7 @@ wiener_map( unsigned int n )
};
int i;
for(i=0; t[i].p_n; i++ )
for(i=0; t[i].p_n; i++ )
{
if( n <= t[i].p_n )
return t[i].q_n;
@ -158,7 +158,7 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
log_fatal ("Elgamal test key for %s %s failed\n",
(failed & 1)? "encrypt+decrypt":"",
(failed & 2)? "sign+verify":"");
if (failed && DBG_CIPHER)
if (failed && DBG_CIPHER)
log_debug ("Elgamal test key for %s %s failed\n",
(failed & 1)? "encrypt+decrypt":"",
(failed & 2)? "sign+verify":"");
@ -199,15 +199,15 @@ gen_k( gcry_mpi_t p, int small_k )
if( DBG_CIPHER )
log_debug("choosing a random k ");
mpi_sub_ui( p_1, p, 1);
for(;;)
for(;;)
{
if( !rndbuf || nbits < 32 )
if( !rndbuf || nbits < 32 )
{
gcry_free(rndbuf);
rndbuf = gcry_random_bytes_secure( nbytes, GCRY_STRONG_RANDOM );
}
else
{
{
/* Change only some of the higher bits. We could improve
this by directly requesting more memory at the first call
to get_random_bytes() and use this the here maybe it is
@ -218,7 +218,7 @@ gen_k( gcry_mpi_t p, int small_k )
gcry_free(pp);
}
_gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 );
for(;;)
{
if( !(mpi_cmp( k, p_1 ) < 0) ) /* check: k < (p-1) */
@ -294,7 +294,7 @@ generate ( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors )
if( DBG_CIPHER )
log_debug("choosing a random x of size %u", xbits );
rndbuf = NULL;
do
do
{
if( DBG_CIPHER )
progress('.');
@ -314,21 +314,21 @@ generate ( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors )
gcry_free(r);
}
}
else
else
{
rndbuf = gcry_random_bytes_secure( (xbits+7)/8,
GCRY_VERY_STRONG_RANDOM );
}
_gcry_mpi_set_buffer( x, rndbuf, (xbits+7)/8, 0 );
mpi_clear_highbit( x, xbits+1 );
}
}
while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) );
gcry_free(rndbuf);
y = gcry_mpi_new (nbits);
gcry_mpi_powm( y, g, x, p );
if( DBG_CIPHER )
if( DBG_CIPHER )
{
progress('\n');
log_mpidump("elg p= ", p );
@ -354,7 +354,7 @@ generate ( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors )
value for the secret key but the one given as X. This is useful to
implement a passphrase based decryption for a public key based
encryption. It has appliactions in backup systems.
Returns: A structure filled with all needed values and an array
with n-1 factors of (p-1). */
static gcry_err_code_t
@ -399,7 +399,7 @@ generate_using_x (ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t x,
y = gcry_mpi_new (nbits);
gcry_mpi_powm ( y, g, x, p );
if ( DBG_CIPHER )
if ( DBG_CIPHER )
{
progress ('\n');
log_mpidump ("elg p= ", p );
@ -493,7 +493,7 @@ decrypt(gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
mpi_invm( t1, t1, skey->p );
mpi_mulm( output, b, t1, skey->p );
#if 0
if( DBG_CIPHER )
if( DBG_CIPHER )
{
log_mpidump("elg decrypted x= ", skey->x);
log_mpidump("elg decrypted p= ", skey->p);
@ -533,7 +533,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
mpi_mulm(b, t, inv, p_1 );
#if 0
if( DBG_CIPHER )
if( DBG_CIPHER )
{
log_mpidump("elg sign p= ", skey->p);
log_mpidump("elg sign g= ", skey->g);
@ -652,7 +652,7 @@ elg_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
skey[1] = sk.g;
skey[2] = sk.y;
skey[3] = sk.x;
return ec;
}
@ -671,7 +671,7 @@ elg_generate (int algo, unsigned int nbits, unsigned long evalue,
skey[1] = sk.g;
skey[2] = sk.y;
skey[3] = sk.x;
return GPG_ERR_NO_ERROR;
}
@ -692,7 +692,7 @@ elg_check_secret_key (int algo, gcry_mpi_t *skey)
sk.g = skey[1];
sk.y = skey[2];
sk.x = skey[3];
if (! check_secret_key (&sk))
err = GPG_ERR_BAD_SECKEY;
}
@ -773,7 +773,7 @@ elg_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p));
sign (resarr[0], resarr[1], data, &sk);
}
return err;
}
@ -837,10 +837,9 @@ gcry_pk_spec_t _gcry_pubkey_spec_elg =
elg_get_nbits
};
pk_extra_spec_t _gcry_pubkey_extraspec_elg =
pk_extra_spec_t _gcry_pubkey_extraspec_elg =
{
NULL,
elg_generate_ext,
NULL
};

17
grub-core/lib/libgcrypt/cipher/hash-common.c
View file

@ -21,7 +21,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef HAVE_STDINT_H
#ifdef HAVE_STDINT_H
# include <stdint.h>
#endif
@ -35,10 +35,10 @@
describing the error.
DATAMODE controls what will be hashed according to this table:
0 - Hash the supplied DATA of DATALEN.
1 - Hash one million times a 'a'. DATA and DATALEN are ignored.
*/
const char *
_gcry_hash_selftest_check_one (int algo,
@ -49,14 +49,14 @@ _gcry_hash_selftest_check_one (int algo,
gcry_error_t err = 0;
gcry_md_hd_t hd;
unsigned char *digest;
if (_gcry_md_get_algo_dlen (algo) != expectlen)
return "digest size does not match expected size";
err = _gcry_md_open (&hd, algo, 0);
if (err)
return "gcry_md_open failed";
switch (datamode)
{
case 0:
@ -64,7 +64,7 @@ _gcry_hash_selftest_check_one (int algo,
break;
case 1: /* Hash one million times an "a". */
{
{
char aaa[1000];
int i;
@ -82,7 +82,7 @@ _gcry_hash_selftest_check_one (int algo,
if (!result)
{
digest = _gcry_md_read (hd, algo);
if ( memcmp (digest, expect, expectlen) )
result = "digest mismatch";
}
@ -91,4 +91,3 @@ _gcry_hash_selftest_check_one (int algo,
return result;
}

6
grub-core/lib/libgcrypt/cipher/hash-common.h
View file

@ -21,11 +21,11 @@
#define GCRY_HASH_COMMON_H
const char * _gcry_hash_selftest_check_one
/**/ (int algo,
const char * _gcry_hash_selftest_check_one
/**/ (int algo,
int datamode, const void *data, size_t datalen,
const void *expect, size_t expectlen);

36
grub-core/lib/libgcrypt/cipher/hmac-tests.c
View file

@ -17,7 +17,7 @@
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
/*
/*
Although algorithm self-tests are usually implemented in the module
implementing the algorithm, the case for HMAC is different because
HMAC is implemnetd on a higher level using a special feature of the
@ -33,7 +33,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef HAVE_STDINT_H
#ifdef HAVE_STDINT_H
# include <stdint.h>
#endif
@ -47,7 +47,7 @@
succdess or a string describing the failure. */
static const char *
check_one (int algo,
const void *data, size_t datalen,
const void *data, size_t datalen,
const void *key, size_t keylen,
const void *expect, size_t expectlen)
{
@ -88,7 +88,7 @@ check_one (int algo,
return "does not match";
}
_gcry_md_close (hd);
return NULL;
return NULL;
}
@ -123,7 +123,7 @@ selftests_sha1 (int extended, selftest_report_func_t report)
"\xa4\x58\x30\x73\x7d\x5c\xc6\xc7\x5d\x24", 20);
if (errtxt)
goto failed;
what = "FIPS-198a, A.3";
for (i=0, j=0x50; i < 100; i++)
key[i] = j++;
@ -134,7 +134,7 @@ selftests_sha1 (int extended, selftest_report_func_t report)
"\x5c\xaf\x7c\xb0\x92\xec\xf8\xd1\xa3\xaa", 20 );
if (errtxt)
goto failed;
what = "FIPS-198a, A.4";
for (i=0, j=0x70; i < 49; i++)
key[i] = j++;
@ -160,7 +160,7 @@ selftests_sha1 (int extended, selftest_report_func_t report)
static gpg_err_code_t
selftests_sha224 (int extended, selftest_report_func_t report)
{
static struct
static struct
{
const char * const desc;
const char * const data;
@ -169,7 +169,7 @@ selftests_sha224 (int extended, selftest_report_func_t report)
} tv[] =
{
{ "data-28 key-4",
"what do ya want for nothing?",
"what do ya want for nothing?",
"Jefe",
{ 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf,
0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e, 0x6d, 0x0f,
@ -248,7 +248,7 @@ selftests_sha224 (int extended, selftest_report_func_t report)
const char *what;
const char *errtxt;
int tvidx;
for (tvidx=0; tv[tvidx].desc; tvidx++)
{
what = tv[tvidx].desc;
@ -274,7 +274,7 @@ selftests_sha224 (int extended, selftest_report_func_t report)
static gpg_err_code_t
selftests_sha256 (int extended, selftest_report_func_t report)
{
static struct
static struct
{
const char * const desc;
const char * const data;
@ -283,7 +283,7 @@ selftests_sha256 (int extended, selftest_report_func_t report)
} tv[] =
{
{ "data-28 key-4",
"what do ya want for nothing?",
"what do ya want for nothing?",
"Jefe",
{ 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
@ -362,7 +362,7 @@ selftests_sha256 (int extended, selftest_report_func_t report)
const char *what;
const char *errtxt;
int tvidx;
for (tvidx=0; tv[tvidx].desc; tvidx++)
{
hmac256_context_t hmachd;
@ -416,7 +416,7 @@ selftests_sha256 (int extended, selftest_report_func_t report)
static gpg_err_code_t
selftests_sha384 (int extended, selftest_report_func_t report)
{
static struct
static struct
{
const char * const desc;
const char * const data;
@ -425,7 +425,7 @@ selftests_sha384 (int extended, selftest_report_func_t report)
} tv[] =
{
{ "data-28 key-4",
"what do ya want for nothing?",
"what do ya want for nothing?",
"Jefe",
{ 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31,
0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b,
@ -516,7 +516,7 @@ selftests_sha384 (int extended, selftest_report_func_t report)
const char *what;
const char *errtxt;
int tvidx;
for (tvidx=0; tv[tvidx].desc; tvidx++)
{
what = tv[tvidx].desc;
@ -542,7 +542,7 @@ selftests_sha384 (int extended, selftest_report_func_t report)
static gpg_err_code_t
selftests_sha512 (int extended, selftest_report_func_t report)
{
static struct
static struct
{
const char * const desc;
const char * const data;
@ -551,7 +551,7 @@ selftests_sha512 (int extended, selftest_report_func_t report)
} tv[] =
{
{ "data-28 key-4",
"what do ya want for nothing?",
"what do ya want for nothing?",
"Jefe",
{ 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2,
0xe3, 0x95, 0xfb, 0xe7, 0x3b, 0x56, 0xe0, 0xa3,
@ -654,7 +654,7 @@ selftests_sha512 (int extended, selftest_report_func_t report)
const char *what;
const char *errtxt;
int tvidx;
for (tvidx=0; tv[tvidx].desc; tvidx++)
{
what = tv[tvidx].desc;

378
grub-core/lib/libgcrypt/cipher/idea.c Normal file
View file

@ -0,0 +1,378 @@
/* idea.c - IDEA function
* Copyright 1997, 1998, 1999, 2001 Werner Koch (dd9jn)
* Copyright 2013 g10 Code GmbH
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* WERNER KOCH BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* Except as contained in this notice, the name of Werner Koch shall not be
* used in advertising or otherwise to promote the sale, use or other dealings
* in this Software without prior written authorization from Werner Koch.
*
* Patents on IDEA have expired:
* Europe: EP0482154 on 2011-05-16,
* Japan: JP3225440 on 2011-05-16,
* U.S.: 5,214,703 on 2012-01-07.
*/
/*
* Please see http://www.noepatents.org/ to learn why software patents
* are bad for society and what you can do to fight them.
*
* The code herein is based on the one from:
* Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
* ISBN 0-471-11709-9.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include "types.h" /* for byte and u32 typedefs */
#include "g10lib.h"
#include "cipher.h"
#define IDEA_KEYSIZE 16
#define IDEA_BLOCKSIZE 8
#define IDEA_ROUNDS 8
#define IDEA_KEYLEN (6*IDEA_ROUNDS+4)
typedef struct {
u16 ek[IDEA_KEYLEN];
u16 dk[IDEA_KEYLEN];
int have_dk;
} IDEA_context;
static const char *selftest(void);
static u16
mul_inv( u16 x )
{
u16 t0, t1;
u16 q, y;
if( x < 2 )
return x;
t1 = 0x10001L / x;
y = 0x10001L % x;
if( y == 1 )
return (1-t1) & 0xffff;
t0 = 1;
do {
q = x / y;
x = x % y;
t0 += q * t1;
if( x == 1 )
return t0;
q = y / x;
y = y % x;
t1 += q * t0;
} while( y != 1 );
return (1-t1) & 0xffff;
}
static void
expand_key( const byte *userkey, u16 *ek )
{
int i,j;
for(j=0; j < 8; j++ ) {
ek[j] = (*userkey << 8) + userkey[1];
userkey += 2;
}
for(i=0; j < IDEA_KEYLEN; j++ ) {
i++;
ek[i+7] = ek[i&7] << 9 | ek[(i+1)&7] >> 7;
ek += i & 8;
i &= 7;
}
}
static void
invert_key( u16 *ek, u16 dk[IDEA_KEYLEN] )
{
int i;
u16 t1, t2, t3;
u16 temp[IDEA_KEYLEN];
u16 *p = temp + IDEA_KEYLEN;
t1 = mul_inv( *ek++ );
t2 = -*ek++;
t3 = -*ek++;
*--p = mul_inv( *ek++ );
*--p = t3;
*--p = t2;
*--p = t1;
for(i=0; i < IDEA_ROUNDS-1; i++ ) {
t1 = *ek++;
*--p = *ek++;
*--p = t1;
t1 = mul_inv( *ek++ );
t2 = -*ek++;
t3 = -*ek++;
*--p = mul_inv( *ek++ );
*--p = t2;
*--p = t3;
*--p = t1;
}
t1 = *ek++;
*--p = *ek++;
*--p = t1;
t1 = mul_inv( *ek++ );
t2 = -*ek++;
t3 = -*ek++;
*--p = mul_inv( *ek++ );
*--p = t3;
*--p = t2;
*--p = t1;
memcpy(dk, temp, sizeof(temp) );
memset(temp, 0, sizeof(temp) ); /* burn temp */
}
static void
cipher( byte *outbuf, const byte *inbuf, u16 *key )
{
u16 s2, s3;
u16 in[4];
int r = IDEA_ROUNDS;
#define x1 (in[0])
#define x2 (in[1])
#define x3 (in[2])
#define x4 (in[3])
#define MUL(x,y) \
do {u16 _t16; u32 _t32; \
if( (_t16 = (y)) ) { \
if( (x = (x)&0xffff) ) { \
_t32 = (u32)x * _t16; \
x = _t32 & 0xffff; \
_t16 = _t32 >> 16; \
x = ((x)-_t16) + (x<_t16?1:0); \
} \
else { \
x = 1 - _t16; \
} \
} \
else { \
x = 1 - x; \
} \
} while(0)
memcpy (in, inbuf, sizeof in);
#ifndef WORDS_BIGENDIAN
x1 = (x1>>8) | (x1<<8);
x2 = (x2>>8) | (x2<<8);
x3 = (x3>>8) | (x3<<8);
x4 = (x4>>8) | (x4<<8);
#endif
do {
MUL(x1, *key++);
x2 += *key++;
x3 += *key++;
MUL(x4, *key++ );
s3 = x3;
x3 ^= x1;
MUL(x3, *key++);
s2 = x2;
x2 ^=x4;
x2 += x3;
MUL(x2, *key++);
x3 += x2;
x1 ^= x2;
x4 ^= x3;
x2 ^= s3;
x3 ^= s2;
} while( --r );
MUL(x1, *key++);
x3 += *key++;
x2 += *key++;
MUL(x4, *key);
#ifndef WORDS_BIGENDIAN
x1 = (x1>>8) | (x1<<8);
x2 = (x2>>8) | (x2<<8);
x3 = (x3>>8) | (x3<<8);
x4 = (x4>>8) | (x4<<8);
#endif
memcpy (outbuf+0, &x1, 2);
memcpy (outbuf+2, &x3, 2);
memcpy (outbuf+4, &x2, 2);
memcpy (outbuf+6, &x4, 2);
#undef MUL
#undef x1
#undef x2
#undef x3
#undef x4
}
static int
do_setkey( IDEA_context *c, const byte *key, unsigned int keylen )
{
static int initialized = 0;
static const char *selftest_failed = 0;
if( !initialized ) {
initialized = 1;
selftest_failed = selftest();
if( selftest_failed )
log_error( "%s\n", selftest_failed );
}
if( selftest_failed )
return GPG_ERR_SELFTEST_FAILED;
assert(keylen == 16);
c->have_dk = 0;
expand_key( key, c->ek );
invert_key( c->ek, c->dk );
return 0;
}
static gcry_err_code_t
idea_setkey (void *context, const byte *key, unsigned int keylen)
{
IDEA_context *ctx = context;
int rc = do_setkey (ctx, key, keylen);
_gcry_burn_stack (23+6*sizeof(void*));
return rc;
}
static void
encrypt_block( IDEA_context *c, byte *outbuf, const byte *inbuf )
{
cipher( outbuf, inbuf, c->ek );
}
static void
idea_encrypt (void *context, byte *out, const byte *in)
{
IDEA_context *ctx = context;
encrypt_block (ctx, out, in);
_gcry_burn_stack (24+3*sizeof (void*));
}
static void
decrypt_block( IDEA_context *c, byte *outbuf, const byte *inbuf )
{
if( !c->have_dk ) {
c->have_dk = 1;
invert_key( c->ek, c->dk );
}
cipher( outbuf, inbuf, c->dk );
}
static void
idea_decrypt (void *context, byte *out, const byte *in)
{
IDEA_context *ctx = context;
decrypt_block (ctx, out, in);
_gcry_burn_stack (24+3*sizeof (void*));
}
static const char *
selftest( void )
{
static struct {
byte key[16];
byte plain[8];
byte cipher[8];
} test_vectors[] = {
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
{ 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 },
{ 0x11, 0xFB, 0xED, 0x2B, 0x01, 0x98, 0x6D, 0xE5 } },
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 },
{ 0x54, 0x0E, 0x5F, 0xEA, 0x18, 0xC2, 0xF8, 0xB1 } },
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
{ 0x00, 0x19, 0x32, 0x4B, 0x64, 0x7D, 0x96, 0xAF },
{ 0x9F, 0x0A, 0x0A, 0xB6, 0xE1, 0x0C, 0xED, 0x78 } },
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
{ 0xF5, 0x20, 0x2D, 0x5B, 0x9C, 0x67, 0x1B, 0x08 },
{ 0xCF, 0x18, 0xFD, 0x73, 0x55, 0xE2, 0xC5, 0xC5 } },
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
{ 0xFA, 0xE6, 0xD2, 0xBE, 0xAA, 0x96, 0x82, 0x6E },
{ 0x85, 0xDF, 0x52, 0x00, 0x56, 0x08, 0x19, 0x3D } },
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
{ 0x0A, 0x14, 0x1E, 0x28, 0x32, 0x3C, 0x46, 0x50 },
{ 0x2F, 0x7D, 0xE7, 0x50, 0x21, 0x2F, 0xB7, 0x34 } },
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
{ 0x05, 0x0A, 0x0F, 0x14, 0x19, 0x1E, 0x23, 0x28 },
{ 0x7B, 0x73, 0x14, 0x92, 0x5D, 0xE5, 0x9C, 0x09 } },
{ { 0x00, 0x05, 0x00, 0x0A, 0x00, 0x0F, 0x00, 0x14,
0x00, 0x19, 0x00, 0x1E, 0x00, 0x23, 0x00, 0x28 },
{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 },
{ 0x3E, 0xC0, 0x47, 0x80, 0xBE, 0xFF, 0x6E, 0x20 } },
{ { 0x3A, 0x98, 0x4E, 0x20, 0x00, 0x19, 0x5D, 0xB3,
0x2E, 0xE5, 0x01, 0xC8, 0xC4, 0x7C, 0xEA, 0x60 },
{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 },
{ 0x97, 0xBC, 0xD8, 0x20, 0x07, 0x80, 0xDA, 0x86 } },
{ { 0x00, 0x64, 0x00, 0xC8, 0x01, 0x2C, 0x01, 0x90,
0x01, 0xF4, 0x02, 0x58, 0x02, 0xBC, 0x03, 0x20 },
{ 0x05, 0x32, 0x0A, 0x64, 0x14, 0xC8, 0x19, 0xFA },
{ 0x65, 0xBE, 0x87, 0xE7, 0xA2, 0x53, 0x8A, 0xED } },
{ { 0x9D, 0x40, 0x75, 0xC1, 0x03, 0xBC, 0x32, 0x2A,
0xFB, 0x03, 0xE7, 0xBE, 0x6A, 0xB3, 0x00, 0x06 },
{ 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08 },
{ 0xF5, 0xDB, 0x1A, 0xC4, 0x5E, 0x5E, 0xF9, 0xF9 } }
};
IDEA_context c;
byte buffer[8];
int i;
for(i=0; i < DIM(test_vectors); i++ ) {
do_setkey( &c, test_vectors[i].key, 16 );
encrypt_block( &c, buffer, test_vectors[i].plain );
if( memcmp( buffer, test_vectors[i].cipher, 8 ) )
return "IDEA test encryption failed.";
decrypt_block( &c, buffer, test_vectors[i].cipher );
if( memcmp( buffer, test_vectors[i].plain, 8 ) )
return "IDEA test decryption failed.";
}
return NULL;
}
gcry_cipher_spec_t _gcry_cipher_spec_idea =
{
"IDEA", NULL, NULL, IDEA_BLOCKSIZE, 128,
sizeof (IDEA_context),
idea_setkey, idea_encrypt, idea_decrypt
};

278
grub-core/lib/libgcrypt/cipher/kdf.c Normal file
View file

@ -0,0 +1,278 @@
/* kdf.c - Key Derivation Functions
* Copyright (C) 1998, 2011 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser general Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include "g10lib.h"
#include "cipher.h"
#include "ath.h"
/* Transform a passphrase into a suitable key of length KEYSIZE and
store this key in the caller provided buffer KEYBUFFER. The caller
must provide an HASHALGO, a valid ALGO and depending on that algo a
SALT of 8 bytes and the number of ITERATIONS. Code taken from
gnupg/agent/protect.c:hash_passphrase. */
gpg_err_code_t
openpgp_s2k (const void *passphrase, size_t passphraselen,
int algo, int hashalgo,
const void *salt, size_t saltlen,
unsigned long iterations,
size_t keysize, void *keybuffer)
{
gpg_err_code_t ec;
gcry_md_hd_t md;
char *key = keybuffer;
int pass, i;
int used = 0;
int secmode;
if ((algo == GCRY_KDF_SALTED_S2K || algo == GCRY_KDF_ITERSALTED_S2K)
&& (!salt || saltlen != 8))
return GPG_ERR_INV_VALUE;
secmode = gcry_is_secure (passphrase) || gcry_is_secure (keybuffer);
ec = gpg_err_code (gcry_md_open (&md, hashalgo,
secmode? GCRY_MD_FLAG_SECURE : 0));
if (ec)
return ec;
for (pass=0; used < keysize; pass++)
{
if (pass)
{
gcry_md_reset (md);
for (i=0; i < pass; i++) /* Preset the hash context. */
gcry_md_putc (md, 0);
}
if (algo == GCRY_KDF_SALTED_S2K || algo == GCRY_KDF_ITERSALTED_S2K)
{
int len2 = passphraselen + 8;
unsigned long count = len2;
if (algo == GCRY_KDF_ITERSALTED_S2K)
{
count = iterations;
if (count < len2)
count = len2;
}
while (count > len2)
{
gcry_md_write (md, salt, saltlen);
gcry_md_write (md, passphrase, passphraselen);
count -= len2;
}
if (count < saltlen)
gcry_md_write (md, salt, count);
else
{
gcry_md_write (md, salt, saltlen);
count -= saltlen;
gcry_md_write (md, passphrase, count);
}
}
else
gcry_md_write (md, passphrase, passphraselen);
gcry_md_final (md);
i = gcry_md_get_algo_dlen (hashalgo);
if (i > keysize - used)
i = keysize - used;
memcpy (key+used, gcry_md_read (md, hashalgo), i);
used += i;
}
gcry_md_close (md);
return 0;
}
/* Transform a passphrase into a suitable key of length KEYSIZE and
store this key in the caller provided buffer KEYBUFFER. The caller
must provide PRFALGO which indicates the pseudorandom function to
use: This shall be the algorithms id of a hash algorithm; it is
used in HMAC mode. SALT is a salt of length SALTLEN and ITERATIONS
gives the number of iterations. */
gpg_err_code_t
pkdf2 (const void *passphrase, size_t passphraselen,
int hashalgo,
const void *salt, size_t saltlen,
unsigned long iterations,
size_t keysize, void *keybuffer)
{
gpg_err_code_t ec;
gcry_md_hd_t md;
int secmode;
unsigned int dklen = keysize;
char *dk = keybuffer;
unsigned int hlen; /* Output length of the digest function. */
unsigned int l; /* Rounded up number of blocks. */
unsigned int r; /* Number of octets in the last block. */
char *sbuf; /* Malloced buffer to concatenate salt and iter
as well as space to hold TBUF and UBUF. */
char *tbuf; /* Buffer for T; ptr into SBUF, size is HLEN. */
char *ubuf; /* Buffer for U; ptr into SBUF, size is HLEN. */
unsigned int lidx; /* Current block number. */
unsigned long iter; /* Current iteration number. */
unsigned int i;
if (!salt || !saltlen || !iterations || !dklen)
return GPG_ERR_INV_VALUE;
hlen = gcry_md_get_algo_dlen (hashalgo);
if (!hlen)
return GPG_ERR_DIGEST_ALGO;
secmode = gcry_is_secure (passphrase) || gcry_is_secure (keybuffer);
/* We ignore step 1 from pksc5v2.1 which demands a check that dklen
is not larger that 0xffffffff * hlen. */
/* Step 2 */
l = ((dklen - 1)/ hlen) + 1;
r = dklen - (l - 1) * hlen;
/* Setup buffers and prepare a hash context. */
sbuf = (secmode
? gcry_malloc_secure (saltlen + 4 + hlen + hlen)
: gcry_malloc (saltlen + 4 + hlen + hlen));
if (!sbuf)
return gpg_err_code_from_syserror ();
tbuf = sbuf + saltlen + 4;
ubuf = tbuf + hlen;
ec = gpg_err_code (gcry_md_open (&md, hashalgo,
(GCRY_MD_FLAG_HMAC
| (secmode?GCRY_MD_FLAG_SECURE:0))));
if (ec)
{
gcry_free (sbuf);
return ec;
}
/* Step 3 and 4. */
memcpy (sbuf, salt, saltlen);
for (lidx = 1; lidx <= l; lidx++)
{
for (iter = 0; iter < iterations; iter++)
{
ec = gpg_err_code (gcry_md_setkey (md, passphrase, passphraselen));
if (ec)
{
gcry_md_close (md);
gcry_free (sbuf);
return ec;
}
if (!iter) /* Compute U_1: */
{
sbuf[saltlen] = (lidx >> 24);
sbuf[saltlen + 1] = (lidx >> 16);
sbuf[saltlen + 2] = (lidx >> 8);
sbuf[saltlen + 3] = lidx;
gcry_md_write (md, sbuf, saltlen + 4);
memcpy (ubuf, gcry_md_read (md, 0), hlen);
memcpy (tbuf, ubuf, hlen);
}
else /* Compute U_(2..c): */
{
gcry_md_write (md, ubuf, hlen);
memcpy (ubuf, gcry_md_read (md, 0), hlen);
for (i=0; i < hlen; i++)
tbuf[i] ^= ubuf[i];
}
}
if (lidx == l) /* Last block. */
memcpy (dk, tbuf, r);
else
{
memcpy (dk, tbuf, hlen);
dk += hlen;
}
}
gcry_md_close (md);
gcry_free (sbuf);
return 0;
}
/* Derive a key from a passphrase. KEYSIZE gives the requested size
of the keys in octets. KEYBUFFER is a caller provided buffer
filled on success with the derived key. The input passphrase is
taken from (PASSPHRASE,PASSPHRASELEN) which is an arbitrary memory
buffer. ALGO specifies the KDF algorithm to use; these are the
constants GCRY_KDF_*. SUBALGO specifies an algorithm used
internally by the KDF algorithms; this is usually a hash algorithm
but certain KDF algorithm may use it differently. {SALT,SALTLEN}
is a salt as needed by most KDF algorithms. ITERATIONS is a
positive integer parameter to most KDFs. 0 is returned on success,
or an error code on failure. */
gpg_error_t
gcry_kdf_derive (const void *passphrase, size_t passphraselen,
int algo, int subalgo,
const void *salt, size_t saltlen,
unsigned long iterations,
size_t keysize, void *keybuffer)
{
gpg_err_code_t ec;
if (!passphrase || (!passphraselen && algo != GCRY_KDF_PBKDF2))
{
ec = GPG_ERR_INV_DATA;
goto leave;
}
if (!keybuffer || !keysize)
{
ec = GPG_ERR_INV_VALUE;
goto leave;
}
switch (algo)
{
case GCRY_KDF_SIMPLE_S2K:
case GCRY_KDF_SALTED_S2K:
case GCRY_KDF_ITERSALTED_S2K:
ec = openpgp_s2k (passphrase, passphraselen, algo, subalgo,
salt, saltlen, iterations, keysize, keybuffer);
break;
case GCRY_KDF_PBKDF1:
ec = GPG_ERR_UNSUPPORTED_ALGORITHM;
break;
case GCRY_KDF_PBKDF2:
ec = pkdf2 (passphrase, passphraselen, subalgo,
salt, saltlen, iterations, keysize, keybuffer);
break;
default:
ec = GPG_ERR_UNKNOWN_ALGORITHM;
break;
}
leave:
return gpg_error (ec);
}

55
grub-core/lib/libgcrypt/cipher/md.c
View file

@ -43,15 +43,15 @@ static struct digest_table_entry
gcry_md_spec_t *digest;
md_extra_spec_t *extraspec;
unsigned int algorithm;
int fips_allowed;
int fips_allowed;
} digest_table[] =
{
#if USE_CRC
#if USE_CRC
/* We allow the CRC algorithms even in FIPS mode because they are
actually no cryptographic primitives. */
{ &_gcry_digest_spec_crc32,
{ &_gcry_digest_spec_crc32,
&dummy_extra_spec, GCRY_MD_CRC32, 1 },
{ &_gcry_digest_spec_crc32_rfc1510,
{ &_gcry_digest_spec_crc32_rfc1510,
&dummy_extra_spec, GCRY_MD_CRC32_RFC1510, 1 },
{ &_gcry_digest_spec_crc24_rfc2440,
&dummy_extra_spec, GCRY_MD_CRC24_RFC2440, 1 },
@ -69,7 +69,7 @@ static struct digest_table_entry
&dummy_extra_spec, GCRY_MD_RMD160 },
#endif
#if USE_SHA1
{ &_gcry_digest_spec_sha1,
{ &_gcry_digest_spec_sha1,
&_gcry_digest_extraspec_sha1, GCRY_MD_SHA1, 1 },
#endif
#if USE_SHA256
@ -177,7 +177,7 @@ md_register_default (void)
{
gcry_err_code_t err = 0;
int i;
for (i = 0; !err && digest_table[i].digest; i++)
{
if ( fips_mode ())
@ -230,7 +230,7 @@ gcry_md_lookup_func_oid (void *spec, void *data)
}
/* Internal function. Lookup a digest entry by it's name. */
static gcry_module_t
static gcry_module_t
gcry_md_lookup_name (const char *name)
{
gcry_module_t digest;
@ -271,11 +271,11 @@ _gcry_md_register (gcry_md_spec_t *digest,
ath_mutex_lock (&digests_registered_lock);
err = _gcry_module_add (&digests_registered, 0,
(void *) digest,
(void *)(extraspec? extraspec : &dummy_extra_spec),
(void *) digest,
(void *)(extraspec? extraspec : &dummy_extra_spec),
&mod);
ath_mutex_unlock (&digests_registered_lock);
if (! err)
{
*module = mod;
@ -296,7 +296,7 @@ gcry_md_unregister (gcry_module_t module)
}
static int
static int
search_oid (const char *oid, int *algorithm, gcry_md_oid_spec_t *oid_spec)
{
gcry_module_t module;
@ -567,7 +567,7 @@ md_enable (gcry_md_hd_t hd, int algorithm)
else
digest = (gcry_md_spec_t *) module->spec;
if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
{
_gcry_inactivate_fips_mode ("MD5 used");
@ -578,7 +578,7 @@ md_enable (gcry_md_hd_t hd, int algorithm)
err = GPG_ERR_DIGEST_ALGO;
}
}
if (!err)
{
size_t size = (sizeof (*entry)
@ -635,7 +635,7 @@ md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd)
GcryDigestEntry *ar, *br;
gcry_md_hd_t bhd;
size_t n;
if (ahd->bufpos)
md_write (ahd, NULL, 0);
@ -697,7 +697,7 @@ md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd)
- sizeof (ar->context)));
br->next = b->list;
b->list = br;
/* Add a reference to the module. */
ath_mutex_lock (&digests_registered_lock);
_gcry_module_use (br->module);
@ -787,7 +787,7 @@ static void
md_write (gcry_md_hd_t a, const void *inbuf, size_t inlen)
{
GcryDigestEntry *r;
if (a->ctx->debug)
{
if (a->bufpos && fwrite (a->buf, a->bufpos, 1, a->ctx->debug) != 1)
@ -838,8 +838,8 @@ md_final (gcry_md_hd_t a)
if (err)
_gcry_fatal_error (err, NULL);
md_write (om,
(a->ctx->macpads)+(a->ctx->macpads_Bsize),
md_write (om,
(a->ctx->macpads)+(a->ctx->macpads_Bsize),
a->ctx->macpads_Bsize);
md_write (om, p, dlen);
md_final (om);
@ -860,7 +860,7 @@ prepare_macpads (gcry_md_hd_t hd, const unsigned char *key, size_t keylen)
if (!algo)
return GPG_ERR_DIGEST_ALGO; /* Might happen if no algo is enabled. */
if ( keylen > hd->ctx->macpads_Bsize )
if ( keylen > hd->ctx->macpads_Bsize )
{
helpkey = gcry_malloc_secure (md_digest_length (algo));
if (!helpkey)
@ -876,7 +876,7 @@ prepare_macpads (gcry_md_hd_t hd, const unsigned char *key, size_t keylen)
opad = (hd->ctx->macpads)+(hd->ctx->macpads_Bsize);
memcpy ( ipad, key, keylen );
memcpy ( opad, key, keylen );
for (i=0; i < hd->ctx->macpads_Bsize; i++ )
for (i=0; i < hd->ctx->macpads_Bsize; i++ )
{
ipad[i] ^= 0x36;
opad[i] ^= 0x5c;
@ -890,7 +890,7 @@ gcry_error_t
gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen)
{
gcry_err_code_t rc = 0;
switch (cmd)
{
case GCRYCTL_FINALIZE:
@ -1167,7 +1167,7 @@ gcry_md_algo_info (int algo, int what, void *buffer, size_t *nbytes)
{
const char unsigned *asn;
size_t asnlen;
asn = md_asn_oid (algo, &asnlen, NULL);
if (buffer && (*nbytes >= asnlen))
{
@ -1202,7 +1202,7 @@ md_start_debug ( gcry_md_hd_t md, const char *suffix )
if (fips_mode ())
return;
if ( md->ctx->debug )
{
log_debug("Oops: md debug already started\n");
@ -1232,6 +1232,7 @@ md_stop_debug( gcry_md_hd_t md )
volatile u64 b = 42;
volatile u64 c;
c = a * b;
(void)c;
}
#endif
}
@ -1268,7 +1269,7 @@ gcry_md_info (gcry_md_hd_t h, int cmd, void *buffer, size_t *nbytes)
else
{
algo = *(int*)buffer;
*nbytes = 0;
for(r=h->ctx->list; r; r = r->next ) {
if (r->module->mod_id == algo)
@ -1302,7 +1303,7 @@ _gcry_md_init (void)
int
gcry_md_is_secure (gcry_md_hd_t a)
gcry_md_is_secure (gcry_md_hd_t a)
{
size_t value;
@ -1314,7 +1315,7 @@ gcry_md_is_secure (gcry_md_hd_t a)
int
gcry_md_is_enabled (gcry_md_hd_t a, int algo)
gcry_md_is_enabled (gcry_md_hd_t a, int algo)
{
size_t value;
@ -1366,7 +1367,7 @@ _gcry_md_selftest (int algo, int extended, selftest_report_func_t report)
{
ec = GPG_ERR_DIGEST_ALGO;
if (report)
report ("digest", algo, "module",
report ("digest", algo, "module",
module && !(module->flags & FLAG_MODULE_DISABLED)?
"no selftest available" :
module? "algorithm disabled" : "algorithm not found");

9
grub-core/lib/libgcrypt/cipher/md4.c
View file

@ -198,7 +198,7 @@ md4_write ( void *context, const void *inbuf_arg, size_t inlen)
MD4_CONTEXT *hd = context;
if( hd->count == 64 ) /* flush the buffer */
{
{
transform( hd, hd->buf );
_gcry_burn_stack (80+6*sizeof(void*));
hd->count = 0;
@ -259,15 +259,15 @@ md4_final( void *context )
lsb <<= 3;
msb <<= 3;
msb |= t >> 29;
if( hd->count < 56 ) /* enough room */
{
hd->buf[hd->count++] = 0x80; /* pad */
while( hd->count < 56 )
hd->buf[hd->count++] = 0; /* pad */
}
else /* need one extra block */
{
else /* need one extra block */
{
hd->buf[hd->count++] = 0x80; /* pad character */
while( hd->count < 64 )
hd->buf[hd->count++] = 0;
@ -325,4 +325,3 @@ gcry_md_spec_t _gcry_digest_spec_md4 =
md4_init, md4_write, md4_final, md4_read,
sizeof (MD4_CONTEXT)
};

14
grub-core/lib/libgcrypt/cipher/md5.c
View file

@ -20,8 +20,8 @@
*
* According to the definition of MD5 in RFC 1321 from April 1992.
* NOTE: This is *not* the same file as the one from glibc.
* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995.
* heavily modified for GnuPG by Werner Koch <wk@gnupg.org>
* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995.
* heavily modified for GnuPG by Werner Koch <wk@gnupg.org>
*/
/* Test values:
@ -87,9 +87,9 @@ transform ( MD5_CONTEXT *ctx, const unsigned char *data )
register u32 C = ctx->C;
register u32 D = ctx->D;
u32 *cwp = correct_words;
#ifdef WORDS_BIGENDIAN
{
{
int i;
byte *p2;
const byte *p1;
@ -221,7 +221,7 @@ md5_write( void *context, const void *inbuf_arg , size_t inlen)
{
const unsigned char *inbuf = inbuf_arg;
MD5_CONTEXT *hd = context;
if( hd->count == 64 ) /* flush the buffer */
{
transform( hd, hd->buf );
@ -242,7 +242,7 @@ md5_write( void *context, const void *inbuf_arg , size_t inlen)
}
_gcry_burn_stack (80+6*sizeof(void*));
while( inlen >= 64 )
while( inlen >= 64 )
{
transform( hd, inbuf );
hd->count = 0;
@ -269,7 +269,7 @@ md5_final( void *context)
MD5_CONTEXT *hd = context;
u32 t, msb, lsb;
byte *p;
md5_write(hd, NULL, 0); /* flush */;
t = hd->nblocks;

197
grub-core/lib/libgcrypt/cipher/primegen.c
View file

@ -31,7 +31,7 @@
#include "cipher.h"
#include "ath.h"
static gcry_mpi_t gen_prime (unsigned int nbits, int secret, int randomlevel,
static gcry_mpi_t gen_prime (unsigned int nbits, int secret, int randomlevel,
int (*extra_check)(void *, gcry_mpi_t),
void *extra_check_arg);
static int check_prime( gcry_mpi_t prime, gcry_mpi_t val_2, int rm_rounds,
@ -132,7 +132,7 @@ static int no_of_small_prime_numbers = DIM (small_prime_numbers) - 1;
/* An object and a list to build up a global pool of primes. See
save_pool_prime and get_pool_prime. */
struct primepool_s
struct primepool_s
{
struct primepool_s *next;
gcry_mpi_t prime; /* If this is NULL the entry is not used. */
@ -163,7 +163,7 @@ save_pool_prime (gcry_mpi_t prime, gcry_random_level_t randomlevel)
/* Remove some of the entries. Our strategy is removing
the last third from the list. */
int i;
for (i=0, item2 = primepool; item2; item2 = item2->next)
{
if (i >= n/3*2)
@ -182,7 +182,7 @@ save_pool_prime (gcry_mpi_t prime, gcry_random_level_t randomlevel)
{
/* Out of memory. Silently giving up. */
gcry_mpi_release (prime);
return;
return;
}
item->next = primepool;
primepool = item;
@ -359,7 +359,7 @@ prime_generate_internal (int need_q_factor,
fbits = (pbits - req_qbits -1) / n;
qbits = pbits - n * fbits;
}
if (DBG_CIPHER)
log_debug ("gen prime: pbits=%u qbits=%u fbits=%u/%u n=%d\n",
pbits, req_qbits, qbits, fbits, n);
@ -373,7 +373,7 @@ prime_generate_internal (int need_q_factor,
/* Generate a specific Q-Factor if requested. */
if (need_q_factor)
q_factor = gen_prime (req_qbits, is_secret, randomlevel, NULL, NULL);
/* Allocate an array to hold all factors + 2 for later usage. */
factors = gcry_calloc (n + 2, sizeof (*factors));
if (!factors)
@ -391,10 +391,10 @@ prime_generate_internal (int need_q_factor,
}
for (i=0; i < n; i++)
pool_in_use[i] = -1;
/* Make a pool of 3n+5 primes (this is an arbitrary value). We
require at least 30 primes for are useful selection process.
require at least 30 primes for are useful selection process.
Fixme: We need to research the best formula for sizing the pool.
*/
m = n * 3 + 5;
@ -443,7 +443,7 @@ prime_generate_internal (int need_q_factor,
is_locked = 1;
for (i = 0; i < n; i++)
{
perms[i] = 1;
perms[i] = 1;
/* At a maximum we use strong random for the factors.
This saves us a lot of entropy. Given that Q and
possible Q-factor are also used in the final prime
@ -523,12 +523,12 @@ prime_generate_internal (int need_q_factor,
gcry_free (perms);
perms = NULL;
progress ('!');
goto next_try;
goto next_try;
}
}
/* Generate next prime candidate:
p = 2 * q [ * q_factor] * factor_0 * factor_1 * ... * factor_n + 1.
p = 2 * q [ * q_factor] * factor_0 * factor_1 * ... * factor_n + 1.
*/
mpi_set (prime, q);
mpi_mul_ui (prime, prime, 2);
@ -553,7 +553,7 @@ prime_generate_internal (int need_q_factor,
}
else
count1 = 0;
if (nprime > pbits)
{
if (++count2 > 20)
@ -624,14 +624,14 @@ prime_generate_internal (int need_q_factor,
factors_new[i] = mpi_copy (factors[i]);
}
}
if (g)
{
/* Create a generator (start with 3). */
gcry_mpi_t tmp = mpi_alloc (mpi_get_nlimbs (prime));
gcry_mpi_t b = mpi_alloc (mpi_get_nlimbs (prime));
gcry_mpi_t pmin1 = mpi_alloc (mpi_get_nlimbs (prime));
if (need_q_factor)
err = GPG_ERR_NOT_IMPLEMENTED;
else
@ -662,7 +662,7 @@ prime_generate_internal (int need_q_factor,
}
if (DBG_CIPHER)
progress('\n');
}
}
while (i < n + 2);
mpi_free (factors[n+1]);
@ -671,7 +671,7 @@ prime_generate_internal (int need_q_factor,
mpi_free (pmin1);
}
}
if (! DBG_CIPHER)
progress ('\n');
@ -738,19 +738,19 @@ gcry_mpi_t
_gcry_generate_elg_prime (int mode, unsigned pbits, unsigned qbits,
gcry_mpi_t g, gcry_mpi_t **ret_factors)
{
gcry_err_code_t err = GPG_ERR_NO_ERROR;
gcry_mpi_t prime = NULL;
err = prime_generate_internal ((mode == 1), &prime, pbits, qbits, g,
ret_factors, GCRY_WEAK_RANDOM, 0, 0,
NULL, NULL);
if (prime_generate_internal ((mode == 1), &prime, pbits, qbits, g,
ret_factors, GCRY_WEAK_RANDOM, 0, 0,
NULL, NULL))
prime = NULL; /* (Should be NULL in the error case anyway.) */
return prime;
}
static gcry_mpi_t
gen_prime (unsigned int nbits, int secret, int randomlevel,
gen_prime (unsigned int nbits, int secret, int randomlevel,
int (*extra_check)(void *, gcry_mpi_t), void *extra_check_arg)
{
gcry_mpi_t prime, ptest, pminus1, val_2, val_3, result;
@ -758,7 +758,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel,
unsigned int x, step;
unsigned int count1, count2;
int *mods;
/* if ( DBG_CIPHER ) */
/* log_debug ("generate a prime of %u bits ", nbits ); */
@ -777,10 +777,10 @@ gen_prime (unsigned int nbits, int secret, int randomlevel,
for (;;)
{ /* try forvever */
int dotcount=0;
/* generate a random number */
gcry_mpi_randomize( prime, nbits, randomlevel );
/* Set high order bit to 1, set low order bit to 1. If we are
generating a secret prime we are most probably doing that
for RSA, to make sure that the modulus does have the
@ -789,17 +789,17 @@ gen_prime (unsigned int nbits, int secret, int randomlevel,
if (secret)
mpi_set_bit (prime, nbits-2);
mpi_set_bit(prime, 0);
/* Calculate all remainders. */
for (i=0; (x = small_prime_numbers[i]); i++ )
mods[i] = mpi_fdiv_r_ui(NULL, prime, x);
/* Now try some primes starting with prime. */
for(step=0; step < 20000; step += 2 )
for(step=0; step < 20000; step += 2 )
{
/* Check against all the small primes we have in mods. */
count1++;
for (i=0; (x = small_prime_numbers[i]); i++ )
for (i=0; (x = small_prime_numbers[i]); i++ )
{
while ( mods[i] + step >= x )
mods[i] -= x;
@ -808,7 +808,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel,
}
if ( x )
continue; /* Found a multiple of an already known prime. */
mpi_add_ui( ptest, prime, step );
/* Do a fast Fermat test now. */
@ -816,7 +816,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel,
mpi_sub_ui( pminus1, ptest, 1);
gcry_mpi_powm( result, val_2, pminus1, ptest );
if ( !mpi_cmp_ui( result, 1 ) )
{
{
/* Not composite, perform stronger tests */
if (is_prime(ptest, 5, &count2 ))
{
@ -828,13 +828,13 @@ gen_prime (unsigned int nbits, int secret, int randomlevel,
}
if (extra_check && extra_check (extra_check_arg, ptest))
{
{
/* The extra check told us that this prime is
not of the caller's taste. */
progress ('/');
}
else
{
{
/* Got it. */
mpi_free(val_2);
mpi_free(val_3);
@ -842,7 +842,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel,
mpi_free(pminus1);
mpi_free(prime);
gcry_free(mods);
return ptest;
return ptest;
}
}
}
@ -883,7 +883,7 @@ check_prime( gcry_mpi_t prime, gcry_mpi_t val_2, int rm_rounds,
gcry_mpi_powm( result, val_2, pminus1, prime );
mpi_free( pminus1 );
if ( mpi_cmp_ui( result, 1 ) )
{
{
/* Is composite. */
mpi_free( result );
progress('.');
@ -924,7 +924,7 @@ is_prime (gcry_mpi_t n, int steps, unsigned int *count)
unsigned nbits = mpi_get_nbits( n );
if (steps < 5) /* Make sure that we do at least 5 rounds. */
steps = 5;
steps = 5;
mpi_sub_ui( nminus1, n, 1 );
@ -996,7 +996,7 @@ is_prime (gcry_mpi_t n, int steps, unsigned int *count)
j++;
if (j == m)
goto ready;
This code is based on the algorithm 452 from the "Collected
Algorithms From ACM, Volume II" by C. N. Liu and D. T. Tang.
*/
@ -1010,7 +1010,7 @@ m_out_of_n ( char *array, int m, int n )
/* Need to handle this simple case separately. */
if( m == 1 )
{
{
for (i=0; i < n; i++ )
{
if ( array[i] )
@ -1060,7 +1060,7 @@ m_out_of_n ( char *array, int m, int n )
else
k1 = k2 + 1;
}
else
else
{
/* M is even. */
if( !array[n-1] )
@ -1069,7 +1069,7 @@ m_out_of_n ( char *array, int m, int n )
k2 = k1 + 1;
goto leave;
}
if( !(j1 & 1) )
{
k1 = n - j1;
@ -1080,7 +1080,7 @@ m_out_of_n ( char *array, int m, int n )
}
scan:
jp = n - j1 - 1;
for (i=1; i <= jp; i++ )
for (i=1; i <= jp; i++ )
{
i1 = jp + 2 - i;
if( array[i1-1] )
@ -1128,7 +1128,7 @@ gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits,
if (!prime)
return gpg_error (GPG_ERR_INV_ARG);
*prime = NULL;
*prime = NULL;
if (flags & GCRY_PRIME_FLAG_SPECIAL_FACTOR)
mode = 1;
@ -1156,7 +1156,7 @@ gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits,
mpi_free (factors_generated[i]);
gcry_free (factors_generated);
}
err = GPG_ERR_GENERAL;
err = GPG_ERR_GENERAL;
}
}
@ -1207,29 +1207,29 @@ gcry_prime_group_generator (gcry_mpi_t *r_g,
if (!factors || !r_g || !prime)
return gpg_error (GPG_ERR_INV_ARG);
*r_g = NULL;
*r_g = NULL;
for (n=0; factors[n]; n++)
;
if (n < 2)
return gpg_error (GPG_ERR_INV_ARG);
/* Extra sanity check - usually disabled. */
/* Extra sanity check - usually disabled. */
/* mpi_set (tmp, factors[0]); */
/* for(i = 1; i < n; i++) */
/* mpi_mul (tmp, tmp, factors[i]); */
/* mpi_add_ui (tmp, tmp, 1); */
/* if (mpi_cmp (prime, tmp)) */
/* return gpg_error (GPG_ERR_INV_ARG); */
gcry_mpi_sub_ui (pmin1, prime, 1);
do
gcry_mpi_sub_ui (pmin1, prime, 1);
do
{
if (first)
first = 0;
else
gcry_mpi_add_ui (g, g, 1);
if (DBG_CIPHER)
{
log_debug ("checking g:");
@ -1238,7 +1238,7 @@ gcry_prime_group_generator (gcry_mpi_t *r_g,
}
else
progress('^');
for (i = 0; i < n; i++)
{
mpi_fdiv_q (tmp, pmin1, factors[i]);
@ -1250,13 +1250,13 @@ gcry_prime_group_generator (gcry_mpi_t *r_g,
progress('\n');
}
while (i < n);
gcry_mpi_release (tmp);
gcry_mpi_release (b);
gcry_mpi_release (pmin1);
*r_g = g;
return 0;
gcry_mpi_release (tmp);
gcry_mpi_release (b);
gcry_mpi_release (pmin1);
*r_g = g;
return 0;
}
/* Convenience function to release the factors array. */
@ -1266,7 +1266,7 @@ gcry_prime_release_factors (gcry_mpi_t *factors)
if (factors)
{
int i;
for (i=0; factors[i]; i++)
mpi_free (factors[i]);
gcry_free (factors);
@ -1279,11 +1279,11 @@ gcry_prime_release_factors (gcry_mpi_t *factors)
static gcry_mpi_t
find_x931_prime (const gcry_mpi_t pfirst)
{
gcry_mpi_t val_2 = mpi_alloc_set_ui (2);
gcry_mpi_t val_2 = mpi_alloc_set_ui (2);
gcry_mpi_t prime;
prime = gcry_mpi_copy (pfirst);
/* If P is even add 1. */
/* If P is even add 1. */
mpi_set_bit (prime, 0);
/* We use 64 Rabin-Miller rounds which is better and thus
@ -1299,7 +1299,7 @@ find_x931_prime (const gcry_mpi_t pfirst)
}
/* Generate a prime using the algorithm from X9.31 appendix B.4.
/* Generate a prime using the algorithm from X9.31 appendix B.4.
This function requires that the provided public exponent E is odd.
XP, XP1 and XP2 are the seed values. All values are mandatory.
@ -1308,7 +1308,7 @@ find_x931_prime (const gcry_mpi_t pfirst)
internal values P1 and P2 are saved at these addresses. On error
NULL is returned. */
gcry_mpi_t
_gcry_derive_x931_prime (const gcry_mpi_t xp,
_gcry_derive_x931_prime (const gcry_mpi_t xp,
const gcry_mpi_t xp1, const gcry_mpi_t xp2,
const gcry_mpi_t e,
gcry_mpi_t *r_p1, gcry_mpi_t *r_p2)
@ -1327,20 +1327,20 @@ _gcry_derive_x931_prime (const gcry_mpi_t xp,
{
gcry_mpi_t r1, tmp;
/* r1 = (p2^{-1} mod p1)p2 - (p1^{-1} mod p2) */
tmp = mpi_alloc_like (p1);
mpi_invm (tmp, p2, p1);
mpi_mul (tmp, tmp, p2);
r1 = tmp;
tmp = mpi_alloc_like (p2);
mpi_invm (tmp, p1, p2);
mpi_mul (tmp, tmp, p1);
mpi_sub (r1, r1, tmp);
/* Fixup a negative value. */
if (mpi_is_neg (r1))
if (mpi_is_neg (r1))
mpi_add (r1, r1, p1p2);
/* yp0 = xp + (r1 - xp mod p1*p2) */
@ -1350,7 +1350,7 @@ _gcry_derive_x931_prime (const gcry_mpi_t xp,
mpi_free (r1);
/* Fixup a negative value. */
if (mpi_cmp (yp0, xp) < 0 )
if (mpi_cmp (yp0, xp) < 0 )
mpi_add (yp0, yp0, p1p2);
}
@ -1378,10 +1378,10 @@ _gcry_derive_x931_prime (const gcry_mpi_t xp,
*/
{
gcry_mpi_t val_2 = mpi_alloc_set_ui (2);
gcry_mpi_t val_2 = mpi_alloc_set_ui (2);
gcry_mpi_t gcdtmp = mpi_alloc_like (yp0);
int gcdres;
mpi_sub_ui (p1p2, p1p2, 1); /* Adjust for loop body. */
mpi_sub_ui (yp0, yp0, 1); /* Ditto. */
for (;;)
@ -1453,7 +1453,7 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits,
; /* No seed value given: We are asked to generate it. */
else if (!seed || seedlen < qbits/8)
return GPG_ERR_INV_ARG;
/* Allocate a buffer to later compute SEED+some_increment. */
seed_plus = gcry_malloc (seedlen < 20? 20:seedlen);
if (!seed_plus)
@ -1468,7 +1468,7 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits,
value_w = gcry_mpi_new (pbits);
value_x = gcry_mpi_new (pbits);
restart:
restart:
/* Generate Q. */
for (;;)
{
@ -1479,7 +1479,7 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits,
gcry_create_nonce (seed_help_buffer, seedlen);
seed = seed_help_buffer;
}
/* Step 2: U = sha1(seed) ^ sha1((seed+1) mod 2^{qbits}) */
memcpy (seed_plus, seed, seedlen);
for (i=seedlen-1; i >= 0; i--)
@ -1492,16 +1492,16 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits,
gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
for (i=0; i < sizeof value_u; i++)
value_u[i] ^= digest[i];
/* Step 3: Form q from U */
gcry_mpi_release (prime_q); prime_q = NULL;
ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
value_u, sizeof value_u, NULL));
if (ec)
goto leave;
mpi_set_highbit (prime_q, qbits-1 );
mpi_set_bit (prime_q, 0);
/* Step 4: Test whether Q is prime using 64 round of Rabin-Miller. */
if (check_prime (prime_q, val_2, 64, NULL, NULL))
break; /* Yes, Q is prime. */
@ -1509,7 +1509,7 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits,
/* Step 5. */
seed = NULL; /* Force a new seed at Step 1. */
}
/* Step 6. Note that we do no use an explicit offset but increment
SEED_PLUS accordingly. SEED_PLUS is currently SEED+1. */
counter = 0;
@ -1518,12 +1518,12 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits,
prime_p = gcry_mpi_new (pbits);
for (;;)
{
/* Step 7: For k = 0,...n let
V_k = sha1(seed+offset+k) mod 2^{qbits}
Step 8: W = V_0 + V_1*2^160 +
...
/* Step 7: For k = 0,...n let
V_k = sha1(seed+offset+k) mod 2^{qbits}
Step 8: W = V_0 + V_1*2^160 +
...
+ V_{n-1}*2^{(n-1)*160}
+ (V_{n} mod 2^b)*2^{n*160}
+ (V_{n} mod 2^b)*2^{n*160}
*/
mpi_set_ui (value_w, 0);
for (value_k=0; value_k <= value_n; value_k++)
@ -1542,7 +1542,7 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits,
break;
}
gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
gcry_mpi_release (tmpval); tmpval = NULL;
ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
digest, sizeof digest, NULL));
@ -1631,7 +1631,7 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits,
value is stored at R_COUNTER and the seed actually used for
generation is stored at R_SEED and R_SEEDVALUE. The hash algorithm
used is stored at R_HASHALGO.
Note that this function is very similar to the fips186_2 code. Due
to the minor differences, other buffer sizes and for documentarion,
we use a separate function.
@ -1652,7 +1652,7 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits,
gcry_mpi_t tmpval = NULL; /* Helper variable. */
int hashalgo; /* The id of the Approved Hash Function. */
int i;
unsigned char value_u[256/8];
int value_n, value_b, value_j;
int counter;
@ -1690,10 +1690,10 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits,
; /* No seed value given: We are asked to generate it. */
else if (!seed || seedlen < qbits/8)
return GPG_ERR_INV_ARG;
/* Allocate a buffer to later compute SEED+some_increment and a few
helper variables. */
seed_plus = gcry_malloc (seedlen < sizeof seed_help_buffer?
seed_plus = gcry_malloc (seedlen < sizeof seed_help_buffer?
sizeof seed_help_buffer : seedlen);
if (!seed_plus)
{
@ -1709,7 +1709,7 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits,
/* Step 4: b = L - 1 - (n * outlen) */
value_b = pbits - 1 - (value_n * qbits);
restart:
restart:
/* Generate Q. */
for (;;)
{
@ -1721,7 +1721,7 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits,
gcry_create_nonce (seed_help_buffer, seedlen);
seed = seed_help_buffer;
}
/* Step 6: U = hash(seed) */
gcry_md_hash_buffer (hashalgo, value_u, seed, seedlen);
@ -1736,12 +1736,12 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits,
}
}
gcry_mpi_release (prime_q); prime_q = NULL;
ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
value_u, sizeof value_u, NULL));
if (ec)
goto leave;
mpi_set_highbit (prime_q, qbits-1 );
/* Step 8: Test whether Q is prime using 64 round of Rabin-Miller.
According to table C.1 this is sufficient for all
supported prime sizes (i.e. up 3072/256). */
@ -1751,7 +1751,7 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits,
/* Step 8. */
seed = NULL; /* Force a new seed at Step 5. */
}
/* Step 11. Note that we do no use an explicit offset but increment
SEED_PLUS accordingly. */
memcpy (seed_plus, seed, seedlen);
@ -1761,12 +1761,12 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits,
prime_p = gcry_mpi_new (pbits);
for (;;)
{
/* Step 11.1: For j = 0,...n let
V_j = hash(seed+offset+j)
Step 11.2: W = V_0 + V_1*2^outlen +
...
/* Step 11.1: For j = 0,...n let
V_j = hash(seed+offset+j)
Step 11.2: W = V_0 + V_1*2^outlen +
...
+ V_{n-1}*2^{(n-1)*outlen}
+ (V_{n} mod 2^b)*2^{n*outlen}
+ (V_{n} mod 2^b)*2^{n*outlen}
*/
mpi_set_ui (value_w, 0);
for (value_j=0; value_j <= value_n; value_j++)
@ -1783,7 +1783,7 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits,
break;
}
gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
gcry_mpi_release (tmpval); tmpval = NULL;
ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
digest, sizeof digest, NULL));
@ -1813,7 +1813,7 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits,
if (mpi_get_nbits (prime_p) >= pbits-1
&& check_prime (prime_p, val_2, 64, NULL, NULL) )
break; /* Yes, P is prime, continue with Step 15. */
/* Step 11.9: counter = counter + 1, offset = offset + n + 1.
If counter >= 4L goto Step 5. */
counter++;
@ -1859,4 +1859,3 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits,
gcry_mpi_release (val_2);
return ec;
}

2239
grub-core/lib/libgcrypt/cipher/pubkey.c
View file

File diff suppressed because it is too large Load diff

31
grub-core/lib/libgcrypt/cipher/rfc2268.c
View file

@ -38,15 +38,15 @@
#define RFC2268_BLOCKSIZE 8
typedef struct
typedef struct
{
u16 S[64];
} RFC2268_context;
static const unsigned char rfc2268_sbox[] = {
217, 120, 249, 196, 25, 221, 181, 237,
static const unsigned char rfc2268_sbox[] = {
217, 120, 249, 196, 25, 221, 181, 237,
40, 233, 253, 121, 74, 160, 216, 157,
198, 126, 55, 131, 43, 118, 83, 142,
198, 126, 55, 131, 43, 118, 83, 142,
98, 76, 100, 136, 68, 139, 251, 162,
23, 154, 89, 245, 135, 179, 79, 19,
97, 69, 109, 141, 9, 129, 125, 50,
@ -106,10 +106,10 @@ do_encrypt (void *context, unsigned char *outbuf, const unsigned char *inbuf)
/* For some reason I cannot combine those steps. */
word0 += (word1 & ~word3) + (word2 & word3) + ctx->S[j];
word0 = rotl16(word0, 1);
word1 += (word2 & ~word0) + (word3 & word0) + ctx->S[j + 1];
word1 = rotl16(word1, 2);
word2 += (word3 & ~word1) + (word0 & word1) + ctx->S[j + 2];
word2 = rotl16(word2, 3);
@ -152,7 +152,7 @@ do_decrypt (void *context, unsigned char *outbuf, const unsigned char *inbuf)
word3 = (word3 << 8) | inbuf[7];
word3 = (word3 << 8) | inbuf[6];
for (i = 15; i >= 0; i--)
for (i = 15; i >= 0; i--)
{
j = i * 4;
@ -168,7 +168,7 @@ do_decrypt (void *context, unsigned char *outbuf, const unsigned char *inbuf)
word0 = rotr16(word0, 1);
word0 -= (word1 & ~word3) + (word2 & word3) + ctx->S[j];
if (i == 5 || i == 11)
if (i == 5 || i == 11)
{
word3 = word3 - ctx->S[word2 & 63];
word2 = word2 - ctx->S[word1 & 63];
@ -214,7 +214,7 @@ setkey_core (void *context, const unsigned char *key, unsigned int keylen, int w
return GPG_ERR_INV_KEYLEN;
S = (unsigned char *) ctx->S;
for (i = 0; i < keylen; i++)
S[i] = key[i];
@ -232,8 +232,8 @@ setkey_core (void *context, const unsigned char *key, unsigned int keylen, int w
i = 128 - len;
x = rfc2268_sbox[S[i] & (255 >> (7 & -bits))];
S[i] = x;
while (i--)
while (i--)
{
x = rfc2268_sbox[x ^ S[i + len]];
S[i] = x;
@ -241,7 +241,7 @@ setkey_core (void *context, const unsigned char *key, unsigned int keylen, int w
}
/* Make the expanded key, endian independent. */
for (i = 0; i < 64; i++)
for (i = 0; i < 64; i++)
ctx->S[i] = ( (u16) S[i * 2] | (((u16) S[i * 2 + 1]) << 8));
return 0;
@ -297,7 +297,7 @@ selftest (void)
return "RFC2268 encryption test 1 failed.";
setkey_core (&ctx, key_1, sizeof(key_1), 0);
do_decrypt (&ctx, scratch, scratch);
do_decrypt (&ctx, scratch, scratch);
if (memcmp (scratch, plaintext_1, sizeof(plaintext_1)))
return "RFC2268 decryption test 1 failed.";
@ -308,7 +308,7 @@ selftest (void)
return "RFC2268 encryption test 2 failed.";
setkey_core (&ctx, key_2, sizeof(key_2), 0);
do_decrypt (&ctx, scratch, scratch);
do_decrypt (&ctx, scratch, scratch);
if (memcmp (scratch, plaintext_2, sizeof(plaintext_2)))
return "RFC2268 decryption test 2 failed.";
@ -320,7 +320,7 @@ selftest (void)
return "RFC2268 encryption test 3 failed.";
setkey_core (&ctx, key_3, sizeof(key_3), 0);
do_decrypt (&ctx, scratch, scratch);
do_decrypt (&ctx, scratch, scratch);
if (memcmp(scratch, plaintext_3, sizeof(plaintext_3)))
return "RFC2268 decryption test 3 failed.";
@ -342,4 +342,3 @@ gcry_cipher_spec_t _gcry_cipher_spec_rfc2268_40 = {
RFC2268_BLOCKSIZE, 40, sizeof(RFC2268_context),
do_setkey, do_encrypt, do_decrypt
};

1817
grub-core/lib/libgcrypt/cipher/rijndael-tables.h
View file

File diff suppressed because it is too large Load diff

1385
grub-core/lib/libgcrypt/cipher/rijndael.c
View file

File diff suppressed because it is too large Load diff

3
grub-core/lib/libgcrypt/cipher/rmd.h
View file

@ -22,7 +22,7 @@
/* We need this here because random.c must have direct access. */
typedef struct
typedef struct
{
u32 h0,h1,h2,h3,h4;
u32 nblocks;
@ -34,4 +34,3 @@ void _gcry_rmd160_init ( void *context );
void _gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte );
#endif /*G10_RMD_H*/

4
grub-core/lib/libgcrypt/cipher/rmd160.c
View file

@ -415,7 +415,7 @@ rmd160_write ( void *context, const void *inbuf_arg, size_t inlen)
}
if( !inbuf )
return;
if( hd->count )
if( hd->count )
{
for( ; inlen && hd->count < 64; inlen-- )
hd->buf[hd->count++] = *inbuf++;
@ -468,7 +468,7 @@ rmd160_final( void *context )
RMD160_CONTEXT *hd = context;
u32 t, msb, lsb;
byte *p;
rmd160_write(hd, NULL, 0); /* flush */;
t = hd->nblocks;

125
grub-core/lib/libgcrypt/cipher/rsa.c
View file

@ -72,7 +72,7 @@ static const char sample_secret_key[] =
" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e"
" ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)))";
/* A sample 1024 bit RSA key used for the selftests (public only). */
static const char sample_public_key[] =
static const char sample_public_key[] =
"(public-key"
" (rsa"
" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
@ -127,7 +127,7 @@ test_keys (RSA_secret_key *sk, unsigned int nbits)
/* Use the RSA secret function to create a signature of the plaintext. */
secret (signature, plaintext, sk);
/* Use the RSA public function to verify this signature. */
public (decr_plaintext, signature, &pk);
if (gcry_mpi_cmp (decr_plaintext, plaintext))
@ -158,7 +158,7 @@ check_exponent (void *arg, gcry_mpi_t a)
gcry_mpi_t e = arg;
gcry_mpi_t tmp;
int result;
mpi_sub_ui (a, a, 1);
tmp = _gcry_mpi_alloc_like (a);
result = !gcry_mpi_gcd(tmp, e, a); /* GCD is not 1. */
@ -168,12 +168,12 @@ check_exponent (void *arg, gcry_mpi_t a)
}
/****************
* Generate a key pair with a key of size NBITS.
* Generate a key pair with a key of size NBITS.
* USE_E = 0 let Libcgrypt decide what exponent to use.
* = 1 request the use of a "secure" exponent; this is required by some
* = 1 request the use of a "secure" exponent; this is required by some
* specification to be 65537.
* > 2 Use this public exponent. If the given exponent
* is not odd one is internally added to it.
* is not odd one is internally added to it.
* TRANSIENT_KEY: If true, generate the primes using the standard RNG.
* Returns: 2 structures filled with all needed values
*/
@ -205,7 +205,7 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
/* Make sure that nbits is even so that we generate p, q of equal size. */
if ( (nbits&1) )
nbits++;
nbits++;
if (use_e == 1) /* Alias for a secure value */
use_e = 65537; /* as demanded by Sphinx. */
@ -213,7 +213,7 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
/* Public exponent:
In general we use 41 as this is quite fast and more secure than the
commonly used 17. Benchmarking the RSA verify function
with a 1024 bit key yields (2001-11-08):
with a 1024 bit key yields (2001-11-08):
e=17 0.54 ms
e=41 0.75 ms
e=257 0.95 ms
@ -222,12 +222,12 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
e = mpi_alloc( (32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
if (!use_e)
mpi_set_ui (e, 41); /* This is a reasonable secure and fast value */
else
else
{
use_e |= 1; /* make sure this is odd */
mpi_set_ui (e, use_e);
mpi_set_ui (e, use_e);
}
n = gcry_mpi_new (nbits);
p = q = NULL;
@ -329,14 +329,14 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
/* Helper for generate_x931. */
static gcry_mpi_t
static gcry_mpi_t
gen_x931_parm_xp (unsigned int nbits)
{
gcry_mpi_t xp;
xp = gcry_mpi_snew (nbits);
gcry_mpi_randomize (xp, nbits, GCRY_VERY_STRONG_RANDOM);
/* The requirement for Xp is:
sqrt{2}*2^{nbits-1} <= xp <= 2^{nbits} - 1
@ -347,13 +347,13 @@ gen_x931_parm_xp (unsigned int nbits)
mpi_set_highbit (xp, nbits-1);
mpi_set_bit (xp, nbits-2);
gcry_assert ( mpi_get_nbits (xp) == nbits );
return xp;
}
}
/* Helper for generate_x931. */
static gcry_mpi_t
static gcry_mpi_t
gen_x931_parm_xi (void)
{
gcry_mpi_t xi;
@ -362,9 +362,9 @@ gen_x931_parm_xi (void)
gcry_mpi_randomize (xi, 101, GCRY_VERY_STRONG_RANDOM);
mpi_set_highbit (xi, 100);
gcry_assert ( mpi_get_nbits (xi) == 101 );
return xi;
}
}
@ -389,19 +389,19 @@ generate_x931 (RSA_secret_key *sk, unsigned int nbits, unsigned long e_value,
*swapped = 0;
if (e_value == 1) /* Alias for a secure value. */
e_value = 65537;
e_value = 65537;
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
if (nbits < 1024 || (nbits % 256))
return GPG_ERR_INV_VALUE;
/* Point 2: 2 <= bitlength(e) < 2^{k-2}
Note that we do not need to check the upper bound because we use
an unsigned long for E and thus there is no way for E to reach
that limit. */
if (e_value < 3)
return GPG_ERR_INV_VALUE;
/* Our implementaion requires E to be odd. */
if (!(e_value & 1))
return GPG_ERR_INV_VALUE;
@ -458,7 +458,7 @@ generate_x931 (RSA_secret_key *sk, unsigned int nbits, unsigned long e_value,
};
int idx;
gcry_sexp_t oneparm;
tbl[0].value = &xp1;
tbl[1].value = &xp2;
tbl[2].value = &xp;
@ -487,8 +487,8 @@ generate_x931 (RSA_secret_key *sk, unsigned int nbits, unsigned long e_value,
return GPG_ERR_MISSING_VALUE;
}
}
e = mpi_alloc_set_ui (e_value);
e = mpi_alloc_set_ui (e_value);
/* Find two prime numbers. */
p = _gcry_derive_x931_prime (xp, xp1, xp2, e, NULL, NULL);
@ -496,7 +496,7 @@ generate_x931 (RSA_secret_key *sk, unsigned int nbits, unsigned long e_value,
gcry_mpi_release (xp); xp = NULL;
gcry_mpi_release (xp1); xp1 = NULL;
gcry_mpi_release (xp2); xp2 = NULL;
gcry_mpi_release (xq); xq = NULL;
gcry_mpi_release (xq); xq = NULL;
gcry_mpi_release (xq1); xq1 = NULL;
gcry_mpi_release (xq2); xq2 = NULL;
if (!p || !q)
@ -590,7 +590,7 @@ check_secret_key( RSA_secret_key *sk )
{
int rc;
gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(sk->p)*2 );
mpi_mul(temp, sk->p, sk->q );
rc = mpi_cmp( temp, sk->n );
mpi_free(temp);
@ -692,9 +692,9 @@ stronger_key_check ( RSA_secret_key *skey )
*
* Or faster:
*
* m1 = c ^ (d mod (p-1)) mod p
* m2 = c ^ (d mod (q-1)) mod q
* h = u * (m2 - m1) mod q
* m1 = c ^ (d mod (p-1)) mod p
* m2 = c ^ (d mod (q-1)) mod q
* h = u * (m2 - m1) mod q
* m = m1 + h * p
*
* Where m is OUTPUT, c is INPUT and d,n,p,q,u are elements of SKEY.
@ -711,10 +711,10 @@ secret(gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )
gcry_mpi_t m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
gcry_mpi_t m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
gcry_mpi_t h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
/* m1 = c ^ (d mod (p-1)) mod p */
mpi_sub_ui( h, skey->p, 1 );
mpi_fdiv_r( h, skey->d, h );
mpi_fdiv_r( h, skey->d, h );
mpi_powm( m1, input, h, skey->p );
/* m2 = c ^ (d mod (q-1)) mod q */
mpi_sub_ui( h, skey->q, 1 );
@ -722,13 +722,13 @@ secret(gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )
mpi_powm( m2, input, h, skey->q );
/* h = u * ( m2 - m1 ) mod q */
mpi_sub( h, m2, m1 );
if ( mpi_is_neg( h ) )
if ( mpi_is_neg( h ) )
mpi_add ( h, h, skey->q );
mpi_mulm( h, skey->u, h, skey->q );
mpi_mulm( h, skey->u, h, skey->q );
/* m = m2 + h * p */
mpi_mul ( h, h, skey->p );
mpi_add ( output, m1, h );
mpi_free ( h );
mpi_free ( m1 );
mpi_free ( m2 );
@ -749,7 +749,7 @@ rsa_blind (gcry_mpi_t x, gcry_mpi_t r, gcry_mpi_t e, gcry_mpi_t n)
a = gcry_mpi_snew (gcry_mpi_get_nbits (n));
y = gcry_mpi_snew (gcry_mpi_get_nbits (n));
/* Now we calculate: y = (x * r^e) mod n, where r is the random
number, e is the public exponent, x is the non-blinded data and n
is the RSA modulus. */
@ -796,7 +796,7 @@ rsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
gcry_sexp_t l1;
(void)algo;
*retfactors = NULL; /* We don't return them. */
deriveparms = (genparms?
@ -819,7 +819,7 @@ rsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
gcry_sexp_release (deriveparms);
if (!ec && r_extrainfo && swapped)
{
ec = gcry_sexp_new (r_extrainfo,
ec = gcry_sexp_new (r_extrainfo,
"(misc-key-info(p-q-swapped))", 0, 1);
if (ec)
{
@ -854,7 +854,7 @@ rsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
skey[4] = sk.q;
skey[5] = sk.u;
}
return ec;
}
@ -900,12 +900,12 @@ rsa_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
(void)algo;
(void)flags;
pk.n = pkey[0];
pk.e = pkey[1];
resarr[0] = mpi_alloc (mpi_get_nlimbs (pk.n));
public (resarr[0], data, &pk);
return GPG_ERR_NO_ERROR;
}
@ -935,11 +935,11 @@ rsa_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
/* We use blinding by default to mitigate timing attacks which can
be practically mounted over the network as shown by Brumley and
Boney in 2003. */
Boney in 2003. */
if (! (flags & PUBKEY_FLAG_NO_BLINDING))
{
/* Initialize blinding. */
/* First, we need a random number r between 0 and n - 1, which
is relatively prime to n (i.e. it is neither p nor q). The
random number needs to be only unpredictable, thus we employ
@ -947,7 +947,7 @@ rsa_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
gcry_mpi_randomize. */
r = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
ri = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
gcry_mpi_randomize (r, gcry_mpi_get_nbits (sk.n), GCRY_WEAK_RANDOM);
gcry_mpi_mod (r, r, sk.n);
@ -970,7 +970,7 @@ rsa_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
{
/* Undo blinding. */
gcry_mpi_t a = gcry_mpi_copy (y);
gcry_mpi_release (y);
y = rsa_unblind (a, ri, sk.n);
@ -987,7 +987,7 @@ rsa_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
/* Copy out result. */
*result = y;
return GPG_ERR_NO_ERROR;
}
@ -998,7 +998,7 @@ rsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
RSA_secret_key sk;
(void)algo;
sk.n = skey[0];
sk.e = skey[1];
sk.d = skey[2];
@ -1036,10 +1036,12 @@ rsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
log_mpidump (" hash:", hash );
}
#endif /*IS_DEVELOPMENT_VERSION*/
/*rc = (*cmp)( opaquev, result );*/
rc = mpi_cmp (result, hash) ? GPG_ERR_BAD_SIGNATURE : GPG_ERR_NO_ERROR;
if (cmp)
rc = (*cmp) (opaquev, result);
else
rc = mpi_cmp (result, hash) ? GPG_ERR_BAD_SIGNATURE : GPG_ERR_NO_ERROR;
gcry_mpi_release (result);
return rc;
}
@ -1061,7 +1063,7 @@ rsa_get_nbits (int algo, gcry_mpi_t *pkey)
(rsa
(n #00B...#)
(e #010001#))
PKCS-15 says that for RSA only the modulus should be hashed -
however, it is not clear whether this is meant to use the raw bytes
(assuming this is an unsigned integer) or whether the DER required
@ -1093,17 +1095,17 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam)
/*
/*
Self-test section.
*/
static const char *
selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
{
static const char sample_data[] =
static const char sample_data[] =
"(data (flags pkcs1)"
" (hash sha1 #11223344556677889900aabbccddeeff10203040#))";
static const char sample_data_bad[] =
static const char sample_data_bad[] =
"(data (flags pkcs1)"
" (hash sha1 #11223344556677889900aabbccddeeff80203040#))";
@ -1116,7 +1118,7 @@ selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
err = gcry_sexp_sscan (&data, NULL,
sample_data, strlen (sample_data));
if (!err)
err = gcry_sexp_sscan (&data_bad, NULL,
err = gcry_sexp_sscan (&data_bad, NULL,
sample_data_bad, strlen (sample_data_bad));
if (err)
{
@ -1202,7 +1204,7 @@ selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
/* Create plaintext. The plaintext is actually a big integer number. */
plaintext = gcry_mpi_new (nbits);
gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM);
/* Put the plaintext into an S-expression. */
err = gcry_sexp_build (&plain, NULL,
"(data (flags raw) (value %m))", plaintext);
@ -1262,7 +1264,7 @@ selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
errtxt = "decrypt returned no plaintext";
goto leave;
}
/* Check that the decrypted plaintext matches the original plaintext. */
if (gcry_mpi_cmp (plaintext, decr_plaintext))
{
@ -1290,13 +1292,13 @@ selftests_rsa (selftest_report_func_t report)
gcry_error_t err;
gcry_sexp_t skey = NULL;
gcry_sexp_t pkey = NULL;
/* Convert the S-expressions into the internal representation. */
what = "convert";
err = gcry_sexp_sscan (&skey, NULL,
err = gcry_sexp_sscan (&skey, NULL,
sample_secret_key, strlen (sample_secret_key));
if (!err)
err = gcry_sexp_sscan (&pkey, NULL,
err = gcry_sexp_sscan (&pkey, NULL,
sample_public_key, strlen (sample_public_key));
if (err)
{
@ -1351,7 +1353,7 @@ run_selftests (int algo, int extended, selftest_report_func_t report)
default:
ec = GPG_ERR_PUBKEY_ALGO;
break;
}
return ec;
}
@ -1380,10 +1382,9 @@ gcry_pk_spec_t _gcry_pubkey_spec_rsa =
rsa_verify,
rsa_get_nbits,
};
pk_extra_spec_t _gcry_pubkey_extraspec_rsa =
pk_extra_spec_t _gcry_pubkey_extraspec_rsa =
{
run_selftests,
rsa_generate_ext,
compute_keygrip
};

6
grub-core/lib/libgcrypt/cipher/seed.c
View file

@ -59,7 +59,7 @@ union wordbuf
static const char *selftest(void);
typedef struct
typedef struct
{
u32 keyschedule[32];
} SEED_context;
@ -258,7 +258,7 @@ static const u32 KC[NUMKC] = {
/* Perform the key setup.
*/
*/
static gcry_err_code_t
do_setkey (SEED_context *ctx, const byte *key, const unsigned keylen)
{
@ -432,7 +432,7 @@ static const char*
selftest (void)
{
SEED_context ctx;
byte scratch[16];
byte scratch[16];
/* The test vector is taken from the appendix section B.3 of RFC4269.
*/

34
grub-core/lib/libgcrypt/cipher/serpent.c
View file

@ -54,7 +54,7 @@ typedef struct serpent_context
/* A prototype. */
static const char *serpent_test (void);
#define byte_swap_32(x) \
(0 \
@ -586,18 +586,20 @@ serpent_key_prepare (const byte *key, unsigned int key_length,
/* Copy key. */
memcpy (key_prepared, key, key_length);
key_length /= 4;
#ifdef WORDS_BIGENDIAN
for (i = 0; i < key_length / 4; i++)
for (i = 0; i < key_length; i++)
key_prepared[i] = byte_swap_32 (key_prepared[i]);
#else
i = key_length;
#endif
if (key_length < 32)
if (i < 8)
{
/* Key must be padded according to the Serpent
specification. */
key_prepared[key_length / 4] = 0x00000001;
key_prepared[i] = 0x00000001;
for (i = key_length / 4 + 1; i < 8; i++)
for (i++; i < 8; i++)
key_prepared[i] = 0;
}
}
@ -681,7 +683,7 @@ serpent_setkey (void *ctx,
static const char *serpent_test_ret;
static int serpent_init_done;
gcry_err_code_t ret = GPG_ERR_NO_ERROR;
if (! serpent_init_done)
{
/* Execute a self-test the first time, Serpent is used. */
@ -767,12 +769,12 @@ serpent_decrypt_internal (serpent_context_t *context,
serpent_block_t b, b_next;
int round = ROUNDS;
memcpy (b, input, sizeof (b));
memcpy (b_next, input, sizeof (b));
#ifdef WORDS_BIGENDIAN
b[0] = byte_swap_32 (b[0]);
b[1] = byte_swap_32 (b[1]);
b[2] = byte_swap_32 (b[2]);
b[3] = byte_swap_32 (b[3]);
b_next[0] = byte_swap_32 (b_next[0]);
b_next[1] = byte_swap_32 (b_next[1]);
b_next[2] = byte_swap_32 (b_next[2]);
b_next[3] = byte_swap_32 (b_next[3]);
#endif
ROUND_FIRST_INVERSE (7, context->keys, b_next, b);
@ -891,9 +893,7 @@ serpent_test (void)
{
serpent_setkey_internal (&context, test_data[i].key,
test_data[i].key_length);
serpent_encrypt_internal (&context,
test_data[i].text_plain,
scratch);
serpent_encrypt_internal (&context, test_data[i].text_plain, scratch);
if (memcmp (scratch, test_data[i].text_cipher, sizeof (serpent_block_t)))
switch (test_data[i].key_length)
@ -906,9 +906,7 @@ serpent_test (void)
return "Serpent-256 test encryption failed.";
}
serpent_decrypt_internal (&context,
test_data[i].text_cipher,
scratch);
serpent_decrypt_internal (&context, test_data[i].text_cipher, scratch);
if (memcmp (scratch, test_data[i].text_plain, sizeof (serpent_block_t)))
switch (test_data[i].key_length)
{

23
grub-core/lib/libgcrypt/cipher/sha1.c
View file

@ -32,7 +32,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef HAVE_STDINT_H
#ifdef HAVE_STDINT_H
# include <stdint.h>
#endif
@ -54,7 +54,7 @@
#define TRANSFORM(x,d,n) transform ((x), (d), (n))
typedef struct
typedef struct
{
u32 h0,h1,h2,h3,h4;
u32 nblocks;
@ -110,7 +110,7 @@ transform (SHA1_CONTEXT *hd, const unsigned char *data, size_t nblocks)
register u32 a, b, c, d, e; /* Local copies of the chaining variables. */
register u32 tm; /* Helper. */
u32 x[16]; /* The array we work on. */
/* Loop over all blocks. */
for ( ;nblocks; nblocks--)
{
@ -287,7 +287,7 @@ static void
sha1_final(void *context)
{
SHA1_CONTEXT *hd = context;
u32 t, msb, lsb;
unsigned char *p;
@ -374,7 +374,7 @@ _gcry_sha1_hash_buffer (void *outbuf, const void *buffer, size_t length)
/*
/*
Self-test section.
*/
@ -384,10 +384,10 @@ selftests_sha1 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
what = "short string";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA1, 0,
(GCRY_MD_SHA1, 0,
"abc", 3,
"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
"\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D", 20);
@ -398,13 +398,13 @@ selftests_sha1 (int extended, selftest_report_func_t report)
{
what = "long string";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA1, 0,
(GCRY_MD_SHA1, 0,
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
"\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE"
"\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1", 20);
if (errtxt)
goto failed;
what = "one million \"a\"";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA1, 1,
@ -438,7 +438,7 @@ run_selftests (int algo, int extended, selftest_report_func_t report)
default:
ec = GPG_ERR_DIGEST_ALGO;
break;
}
return ec;
}
@ -471,8 +471,7 @@ gcry_md_spec_t _gcry_digest_spec_sha1 =
sha1_init, sha1_write, sha1_final, sha1_read,
sizeof (SHA1_CONTEXT)
};
md_extra_spec_t _gcry_digest_extraspec_sha1 =
md_extra_spec_t _gcry_digest_extraspec_sha1 =
{
run_selftests
};

52
grub-core/lib/libgcrypt/cipher/sha256.c
View file

@ -19,7 +19,7 @@
/* Test vectors:
"abc"
SHA224: 23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7
SHA256: ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad
@ -27,7 +27,7 @@
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
SHA224: 75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525
SHA256: 248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
"a" one million times
SHA224: 20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67
SHA256: cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0
@ -123,7 +123,7 @@ Maj (u32 x, u32 y, u32 z)
{
return ((x & y) | (z & (x|y)));
}
/* (4.4) */
static inline u32
Sum0 (u32 x)
@ -138,7 +138,7 @@ Sum1 (u32 x)
return (ror (x, 6) ^ ror (x, 11) ^ ror (x, 25));
}
static void
transform (SHA256_CONTEXT *hd, const unsigned char *data)
{
@ -146,7 +146,7 @@ transform (SHA256_CONTEXT *hd, const unsigned char *data)
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
@ -165,7 +165,7 @@ transform (SHA256_CONTEXT *hd, const unsigned char *data)
u32 x[16];
u32 w[64];
int i;
a = hd->h0;
b = hd->h1;
c = hd->h2;
@ -174,14 +174,14 @@ transform (SHA256_CONTEXT *hd, const unsigned char *data)
f = hd->h5;
g = hd->h6;
h = hd->h7;
#ifdef WORDS_BIGENDIAN
memcpy (x, data, 64);
#else
{
{
byte *p2;
for (i=0, p2=(byte*)x; i < 16; i++, p2 += 4 )
for (i=0, p2=(byte*)x; i < 16; i++, p2 += 4 )
{
p2[3] = *data++;
p2[2] = *data++;
@ -202,7 +202,7 @@ transform (SHA256_CONTEXT *hd, const unsigned char *data)
R(a,b,c,d,e,f,g,h,K[i],w[i]);
i++;
#else
t1 = h + Sum1 (e) + Cho (e, f, g) + K[i] + w[i];
t1 = h + Sum1 (e) + Cho (e, f, g) + K[i] + w[i];
t2 = Sum0 (a) + Maj (a, b, c);
d += t1;
h = t1 + t2;
@ -311,7 +311,7 @@ sha256_final(void *context)
SHA256_CONTEXT *hd = context;
u32 t, msb, lsb;
byte *p;
sha256_write (hd, NULL, 0); /* flush */;
t = hd->nblocks;
@ -382,7 +382,7 @@ sha256_read (void *context)
/*
/*
Self-test section.
*/
@ -392,10 +392,10 @@ selftests_sha224 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
what = "short string";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA224, 0,
(GCRY_MD_SHA224, 0,
"abc", 3,
"\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55\xb3"
"\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7", 28);
@ -406,13 +406,13 @@ selftests_sha224 (int extended, selftest_report_func_t report)
{
what = "long string";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA224, 0,
(GCRY_MD_SHA224, 0,
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
"\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01\x50"
"\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25", 28);
if (errtxt)
goto failed;
what = "one million \"a\"";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA224, 1,
@ -436,10 +436,10 @@ selftests_sha256 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
what = "short string";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA256, 0,
(GCRY_MD_SHA256, 0,
"abc", 3,
"\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23"
"\xb0\x03\x61\xa3\x96\x17\x7a\x9c\xb4\x10\xff\x61\xf2\x00\x15\xad", 32);
@ -450,14 +450,14 @@ selftests_sha256 (int extended, selftest_report_func_t report)
{
what = "long string";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA256, 0,
(GCRY_MD_SHA256, 0,
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
"\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39"
"\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1",
32);
if (errtxt)
goto failed;
what = "one million \"a\"";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA256, 1,
@ -495,7 +495,7 @@ run_selftests (int algo, int extended, selftest_report_func_t report)
default:
ec = GPG_ERR_DIGEST_ALGO;
break;
}
return ec;
}
@ -512,7 +512,7 @@ static byte asn224[19] = /* Object ID is 2.16.840.1.101.3.4.2.4 */
static gcry_md_oid_spec_t oid_spec_sha224[] =
{
/* From RFC3874, Section 4 */
{ "2.16.840.1.101.3.4.2.4" },
{ "2.16.840.1.101.3.4.2.4" },
{ NULL },
};
@ -524,7 +524,7 @@ static byte asn256[19] = /* Object ID is 2.16.840.1.101.3.4.2.1 */
static gcry_md_oid_spec_t oid_spec_sha256[] =
{
/* According to the OpenPGP draft rfc2440-bis06 */
{ "2.16.840.1.101.3.4.2.1" },
{ "2.16.840.1.101.3.4.2.1" },
/* PKCS#1 sha256WithRSAEncryption */
{ "1.2.840.113549.1.1.11" },
@ -537,7 +537,7 @@ gcry_md_spec_t _gcry_digest_spec_sha224 =
sha224_init, sha256_write, sha256_final, sha256_read,
sizeof (SHA256_CONTEXT)
};
md_extra_spec_t _gcry_digest_extraspec_sha224 =
md_extra_spec_t _gcry_digest_extraspec_sha224 =
{
run_selftests
};
@ -548,7 +548,7 @@ gcry_md_spec_t _gcry_digest_spec_sha256 =
sha256_init, sha256_write, sha256_final, sha256_read,
sizeof (SHA256_CONTEXT)
};
md_extra_spec_t _gcry_digest_extraspec_sha256 =
md_extra_spec_t _gcry_digest_extraspec_sha256 =
{
run_selftests
};

34
grub-core/lib/libgcrypt/cipher/sha512.c
View file

@ -283,7 +283,7 @@ transform (SHA512_CONTEXT *hd, const unsigned char *data)
t2 = Sum0 (b) + Maj (b, c, d);
e += t1;
a = t1 + t2;
t += 8;
#endif
}
@ -438,7 +438,7 @@ sha512_read (void *context)
/*
/*
Self-test section.
*/
@ -448,10 +448,10 @@ selftests_sha384 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
what = "short string";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA384, 0,
(GCRY_MD_SHA384, 0,
"abc", 3,
"\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50\x07"
"\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff\x5b\xed"
@ -463,9 +463,9 @@ selftests_sha384 (int extended, selftest_report_func_t report)
{
what = "long string";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA384, 0,
(GCRY_MD_SHA384, 0,
"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 112,
"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 112,
"\x09\x33\x0C\x33\xF7\x11\x47\xE8\x3D\x19\x2F\xC7\x82\xCD\x1B\x47"
"\x53\x11\x1B\x17\x3B\x3B\x05\xD2\x2F\xA0\x80\x86\xE3\xB0\xF7\x12"
"\xFC\xC7\xC7\x1A\x55\x7E\x2D\xB9\x66\xC3\xE9\xFA\x91\x74\x60\x39",
@ -498,10 +498,10 @@ selftests_sha512 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
what = "short string";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA512, 0,
(GCRY_MD_SHA512, 0,
"abc", 3,
"\xDD\xAF\x35\xA1\x93\x61\x7A\xBA\xCC\x41\x73\x49\xAE\x20\x41\x31"
"\x12\xE6\xFA\x4E\x89\xA9\x7E\xA2\x0A\x9E\xEE\xE6\x4B\x55\xD3\x9A"
@ -514,9 +514,9 @@ selftests_sha512 (int extended, selftest_report_func_t report)
{
what = "long string";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA512, 0,
(GCRY_MD_SHA512, 0,
"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 112,
"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 112,
"\x8E\x95\x9B\x75\xDA\xE3\x13\xDA\x8C\xF4\xF7\x28\x14\xFC\x14\x3F"
"\x8F\x77\x79\xC6\xEB\x9F\x7F\xA1\x72\x99\xAE\xAD\xB6\x88\x90\x18"
"\x50\x1D\x28\x9E\x49\x00\xF7\xE4\x33\x1B\x99\xDE\xC4\xB5\x43\x3A"
@ -524,7 +524,7 @@ selftests_sha512 (int extended, selftest_report_func_t report)
64);
if (errtxt)
goto failed;
what = "one million \"a\"";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA512, 1,
@ -564,7 +564,7 @@ run_selftests (int algo, int extended, selftest_report_func_t report)
default:
ec = GPG_ERR_DIGEST_ALGO;
break;
}
return ec;
}
@ -589,13 +589,13 @@ static gcry_md_oid_spec_t oid_spec_sha512[] =
{ NULL }
};
gcry_md_spec_t _gcry_digest_spec_sha512 =
gcry_md_spec_t _gcry_digest_spec_sha512 =
{
"SHA512", sha512_asn, DIM (sha512_asn), oid_spec_sha512, 64,
sha512_init, sha512_write, sha512_final, sha512_read,
sizeof (SHA512_CONTEXT),
};
md_extra_spec_t _gcry_digest_extraspec_sha512 =
md_extra_spec_t _gcry_digest_extraspec_sha512 =
{
run_selftests
};
@ -609,7 +609,7 @@ static byte sha384_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.2 */
static gcry_md_oid_spec_t oid_spec_sha384[] =
{
{ "2.16.840.1.101.3.4.2.2" },
{ "2.16.840.1.101.3.4.2.2" },
/* PKCS#1 sha384WithRSAEncryption */
{ "1.2.840.113549.1.1.12" },
@ -617,13 +617,13 @@ static gcry_md_oid_spec_t oid_spec_sha384[] =
{ NULL },
};
gcry_md_spec_t _gcry_digest_spec_sha384 =
gcry_md_spec_t _gcry_digest_spec_sha384 =
{
"SHA384", sha384_asn, DIM (sha384_asn), oid_spec_sha384, 48,
sha384_init, sha512_write, sha512_final, sha512_read,
sizeof (SHA512_CONTEXT),
};
md_extra_spec_t _gcry_digest_extraspec_sha384 =
md_extra_spec_t _gcry_digest_extraspec_sha384 =
{
run_selftests
};

6
grub-core/lib/libgcrypt/cipher/tiger.c
View file

@ -625,14 +625,14 @@ tiger_round( u64 *ra, u64 *rb, u64 *rc, u64 x, int mul )
u64 a = *ra;
u64 b = *rb;
u64 c = *rc;
c ^= x;
a -= ( sbox1[ c & 0xff ] ^ sbox2[ (c >> 16) & 0xff ]
^ sbox3[ (c >> 32) & 0xff ] ^ sbox4[ (c >> 48) & 0xff ]);
b += ( sbox4[ (c >> 8) & 0xff ] ^ sbox3[ (c >> 24) & 0xff ]
^ sbox2[ (c >> 40) & 0xff ] ^ sbox1[ (c >> 56) & 0xff ]);
b *= mul;
*ra = a;
*rb = b;
*rc = c;
@ -751,7 +751,7 @@ tiger_write ( void *context, const void *inbuf_arg, size_t inlen)
}
if( !inbuf )
return;
if( hd->count )
if( hd->count )
{
for( ; inlen && hd->count < 64; inlen-- )
hd->buf[hd->count++] = *inbuf++;

10
grub-core/lib/libgcrypt/cipher/twofish.c
View file

@ -575,10 +575,10 @@ do_twofish_setkey (TWOFISH_context *ctx, const byte *key, const unsigned keylen)
* 128-bit keys use only sa through sh; 256-bit use all of them. */
byte sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0;
byte si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0;
/* Temporary for CALC_S. */
byte tmp;
/* Flags for self-test. */
static int initialized = 0;
static const char *selftest_failed=0;
@ -668,7 +668,7 @@ do_twofish_setkey (TWOFISH_context *ctx, const byte *key, const unsigned keylen)
CALC_K256 (k, 28, 0x84, 0x8A, 0x54, 0x00);
CALC_K256 (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
}
else
else
{
/* Compute the S-boxes. */
for(i=j=0,k=1; i < 256; i++, j += 2, k += 2 )
@ -980,7 +980,7 @@ main()
timer = clock ();
/* Encryption test. */
for (i = 0; i < 125; i++)
for (i = 0; i < 125; i++)
{
twofish_setkey (&ctx, buffer[0], sizeof (buffer[0]));
for (j = 0; j < 1000; j++)
@ -998,7 +998,7 @@ main()
"encryption failure!\n" : "encryption OK!\n";
/* Decryption test. */
for (i = 0; i < 125; i++)
for (i = 0; i < 125; i++)
{
twofish_setkey (&ctx, buffer[2], sizeof (buffer[2])*2);
for (j = 0; j < 1000; j++) {

4
grub-core/lib/libgcrypt/cipher/whirlpool.c
View file

@ -117,7 +117,7 @@ static const u64 rc[R] =
U64_C (0xfbee7c66dd17479e),
U64_C (0xca2dbf07ad5a8333),
};
/* Main lookup boxes. */
@ -1322,7 +1322,7 @@ whirlpool_add (whirlpool_context_t *context,
}
/*_gcry_burn_stack (80+6*sizeof(void*));*/ /* FIXME */
while (buffer_n >= BLOCK_SIZE)
while (buffer_n >= BLOCK_SIZE)
{
whirlpool_transform (context, buffer);
context->count = 0;