1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10 #include "tomcrypt.h"
11
12 /**
13 @file chc.c
14 CHC support. (Tom St Denis)
15 */
16
17 #ifdef LTC_CHC_HASH
18
19 #define UNDEFED_HASH -17
20
21 /* chc settings */
22 static int cipher_idx=UNDEFED_HASH, /* which cipher */
23 cipher_blocksize; /* blocksize of cipher */
24
25
26 const struct ltc_hash_descriptor chc_desc = {
27 "chc_hash", 12, 0, 0, { 0 }, 0,
28 &chc_init,
29 &chc_process,
30 &chc_done,
31 &chc_test,
32 NULL
33 };
34
35 /**
36 Initialize the CHC state with a given cipher
37 @param cipher The index of the cipher you wish to bind
38 @return CRYPT_OK if successful
39 */
chc_register(int cipher)40 int chc_register(int cipher)
41 {
42 int err, kl, idx;
43
44 if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
45 return err;
46 }
47
48 /* will it be valid? */
49 kl = cipher_descriptor[cipher].block_length;
50
51 /* must be >64 bit block */
52 if (kl <= 8) {
53 return CRYPT_INVALID_CIPHER;
54 }
55
56 /* can we use the ideal keysize? */
57 if ((err = cipher_descriptor[cipher].keysize(&kl)) != CRYPT_OK) {
58 return err;
59 }
60 /* we require that key size == block size be a valid choice */
61 if (kl != cipher_descriptor[cipher].block_length) {
62 return CRYPT_INVALID_CIPHER;
63 }
64
65 /* determine if chc_hash has been register_hash'ed already */
66 if ((err = hash_is_valid(idx = find_hash("chc_hash"))) != CRYPT_OK) {
67 return err;
68 }
69
70 /* store into descriptor */
71 hash_descriptor[idx].hashsize =
72 hash_descriptor[idx].blocksize = cipher_descriptor[cipher].block_length;
73
74 /* store the idx and block size */
75 cipher_idx = cipher;
76 cipher_blocksize = cipher_descriptor[cipher].block_length;
77 return CRYPT_OK;
78 }
79
80 /**
81 Initialize the hash state
82 @param md The hash state you wish to initialize
83 @return CRYPT_OK if successful
84 */
chc_init(hash_state * md)85 int chc_init(hash_state *md)
86 {
87 symmetric_key *key;
88 unsigned char buf[MAXBLOCKSIZE];
89 int err;
90
91 LTC_ARGCHK(md != NULL);
92
93 /* is the cipher valid? */
94 if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {
95 return err;
96 }
97
98 if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) {
99 return CRYPT_INVALID_CIPHER;
100 }
101
102 if ((key = XMALLOC(sizeof(*key))) == NULL) {
103 return CRYPT_MEM;
104 }
105
106 /* zero key and what not */
107 zeromem(buf, cipher_blocksize);
108 if ((err = cipher_descriptor[cipher_idx].setup(buf, cipher_blocksize, 0, key)) != CRYPT_OK) {
109 XFREE(key);
110 return err;
111 }
112
113 /* encrypt zero block */
114 cipher_descriptor[cipher_idx].ecb_encrypt(buf, md->chc.state, key);
115
116 /* zero other members */
117 md->chc.length = 0;
118 md->chc.curlen = 0;
119 zeromem(md->chc.buf, sizeof(md->chc.buf));
120 XFREE(key);
121 return CRYPT_OK;
122 }
123
124 /*
125 key <= state
126 T0,T1 <= block
127 T0 <= encrypt T0
128 state <= state xor T0 xor T1
129 */
chc_compress(hash_state * md,unsigned char * buf)130 static int chc_compress(hash_state *md, unsigned char *buf)
131 {
132 unsigned char T[2][MAXBLOCKSIZE];
133 symmetric_key *key;
134 int err, x;
135
136 if ((key = XMALLOC(sizeof(*key))) == NULL) {
137 return CRYPT_MEM;
138 }
139 if ((err = cipher_descriptor[cipher_idx].setup(md->chc.state, cipher_blocksize, 0, key)) != CRYPT_OK) {
140 XFREE(key);
141 return err;
142 }
143 XMEMCPY(T[1], buf, cipher_blocksize);
144 cipher_descriptor[cipher_idx].ecb_encrypt(buf, T[0], key);
145 for (x = 0; x < cipher_blocksize; x++) {
146 md->chc.state[x] ^= T[0][x] ^ T[1][x];
147 }
148 #ifdef LTC_CLEAN_STACK
149 zeromem(T, sizeof(T));
150 zeromem(key, sizeof(*key));
151 #endif
152 XFREE(key);
153 return CRYPT_OK;
154 }
155
156 /**
157 Function for processing blocks
158 @param md The hash state
159 @param buf The data to hash
160 @param len The length of the data (octets)
161 @return CRYPT_OK if successful
162 */
163 static int _chc_process(hash_state * md, const unsigned char *buf, unsigned long len);
164 static HASH_PROCESS(_chc_process, chc_compress, chc, (unsigned long)cipher_blocksize)
165
166 /**
167 Process a block of memory though the hash
168 @param md The hash state
169 @param in The data to hash
170 @param inlen The length of the data (octets)
171 @return CRYPT_OK if successful
172 */
chc_process(hash_state * md,const unsigned char * in,unsigned long inlen)173 int chc_process(hash_state * md, const unsigned char *in, unsigned long inlen)
174 {
175 int err;
176
177 LTC_ARGCHK(md != NULL);
178 LTC_ARGCHK(in != NULL);
179
180 /* is the cipher valid? */
181 if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {
182 return err;
183 }
184 if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) {
185 return CRYPT_INVALID_CIPHER;
186 }
187
188 return _chc_process(md, in, inlen);
189 }
190
191 /**
192 Terminate the hash to get the digest
193 @param md The hash state
194 @param out [out] The destination of the hash (length of the block size of the block cipher)
195 @return CRYPT_OK if successful
196 */
chc_done(hash_state * md,unsigned char * out)197 int chc_done(hash_state *md, unsigned char *out)
198 {
199 int err;
200
201 LTC_ARGCHK(md != NULL);
202 LTC_ARGCHK(out != NULL);
203
204 /* is the cipher valid? */
205 if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {
206 return err;
207 }
208 if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) {
209 return CRYPT_INVALID_CIPHER;
210 }
211
212 if (md->chc.curlen >= sizeof(md->chc.buf)) {
213 return CRYPT_INVALID_ARG;
214 }
215
216 /* increase the length of the message */
217 md->chc.length += md->chc.curlen * 8;
218
219 /* append the '1' bit */
220 md->chc.buf[md->chc.curlen++] = (unsigned char)0x80;
221
222 /* if the length is currently above l-8 bytes we append zeros
223 * then compress. Then we can fall back to padding zeros and length
224 * encoding like normal.
225 */
226 if (md->chc.curlen > (unsigned long)(cipher_blocksize - 8)) {
227 while (md->chc.curlen < (unsigned long)cipher_blocksize) {
228 md->chc.buf[md->chc.curlen++] = (unsigned char)0;
229 }
230 chc_compress(md, md->chc.buf);
231 md->chc.curlen = 0;
232 }
233
234 /* pad upto l-8 bytes of zeroes */
235 while (md->chc.curlen < (unsigned long)(cipher_blocksize - 8)) {
236 md->chc.buf[md->chc.curlen++] = (unsigned char)0;
237 }
238
239 /* store length */
240 STORE64L(md->chc.length, md->chc.buf+(cipher_blocksize-8));
241 chc_compress(md, md->chc.buf);
242
243 /* copy output */
244 XMEMCPY(out, md->chc.state, cipher_blocksize);
245
246 #ifdef LTC_CLEAN_STACK
247 zeromem(md, sizeof(hash_state));
248 #endif
249 return CRYPT_OK;
250 }
251
252 /**
253 Self-test the hash
254 @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
255 */
chc_test(void)256 int chc_test(void)
257 {
258 #ifndef LTC_TEST
259 return CRYPT_NOP;
260 #else
261 static const struct {
262 unsigned char *msg,
263 hash[MAXBLOCKSIZE];
264 int len;
265 } tests[] = {
266 {
267 (unsigned char *)"hello world",
268 { 0xcf, 0x57, 0x9d, 0xc3, 0x0a, 0x0e, 0xea, 0x61,
269 0x0d, 0x54, 0x47, 0xc4, 0x3c, 0x06, 0xf5, 0x4e },
270 16
271 }
272 };
273 int i, oldhashidx, idx;
274 unsigned char tmp[MAXBLOCKSIZE];
275 hash_state md;
276
277 /* AES can be under rijndael or aes... try to find it */
278 if ((idx = find_cipher("aes")) == -1) {
279 if ((idx = find_cipher("rijndael")) == -1) {
280 return CRYPT_NOP;
281 }
282 }
283 oldhashidx = cipher_idx;
284 chc_register(idx);
285
286 for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) {
287 chc_init(&md);
288 chc_process(&md, tests[i].msg, strlen((char *)tests[i].msg));
289 chc_done(&md, tmp);
290 if (compare_testvector(tmp, tests[i].len, tests[i].hash, tests[i].len, "CHC", i)) {
291 return CRYPT_FAIL_TESTVECTOR;
292 }
293 }
294 if (oldhashidx != UNDEFED_HASH) {
295 chc_register(oldhashidx);
296 }
297
298 return CRYPT_OK;
299 #endif
300 }
301
302 #endif
303
304 /* ref: HEAD -> master, tag: v1.18.2 */
305 /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
306 /* commit time: 2018-07-01 22:49:01 +0200 */
307