[sm130futures] Mac end got 403'ed on commit.

This commit is contained in:
Jason Felds
2011-05-04 23:52:25 -04:00
15 changed files with 0 additions and 4896 deletions
File diff suppressed because it is too large Load Diff
-93
View File
@@ -1,93 +0,0 @@
#ifndef SSHBN_H
#define SSHBN_H
#if defined __GNUC__ && defined __i386__
typedef unsigned long BignumInt;
typedef unsigned long long BignumDblInt;
#define BIGNUM_INT_MASK 0xFFFFFFFFUL
#define BIGNUM_TOP_BIT 0x80000000UL
#define BIGNUM_INT_BITS 32
#define MUL_WORD(w1, w2) ((BignumDblInt)w1 * w2)
#define DIVMOD_WORD(q, r, hi, lo, w) \
__asm__("div %2" : \
"=d" (r), "=a" (q) : \
"r" (w), "d" (hi), "a" (lo))
#else
typedef unsigned short BignumInt;
typedef unsigned long BignumDblInt;
#define BIGNUM_INT_MASK 0xFFFFU
#define BIGNUM_TOP_BIT 0x8000U
#define BIGNUM_INT_BITS 16
#define MUL_WORD(w1, w2) ((BignumDblInt)w1 * w2)
#define DIVMOD_WORD(q, r, hi, lo, w) do { \
BignumDblInt n = (((BignumDblInt)hi) << BIGNUM_INT_BITS) | lo; \
q = n / w; \
r = n % w; \
} while (0)
#endif
#define BIGNUM_INT_BYTES (BIGNUM_INT_BITS / 8)
typedef BignumInt *Bignum;
Bignum copybn(Bignum b);
Bignum bn_power_2(int n);
void bn_restore_invariant(Bignum b);
Bignum bignum_from_long(unsigned long n);
void freebn(Bignum b);
Bignum modpow(Bignum base, Bignum exp, Bignum mod);
Bignum modmul(Bignum a, Bignum b, Bignum mod);
void decbn(Bignum n);
extern Bignum Zero, One;
unsigned char *bignum_to_buffer( const Bignum bn, int *nbytes );
Bignum bignum_from_buffer(const unsigned char *data, int nbytes);
Bignum bignum_from_bytes(const unsigned char *data, int nbytes);
unsigned char *bignum_to_bytes( const Bignum bn, int *nbytes );
int ssh1_read_bignum(const unsigned char *data, Bignum * result);
int bignum_bitcount(Bignum bn);
int ssh1_bignum_length(Bignum bn);
int ssh2_bignum_length(Bignum bn);
unsigned char bignum_byte( const Bignum bn, int i );
int bignum_bit( const Bignum bn, int i );
void bignum_set_bit(Bignum bn, int i, int value);
int ssh1_write_bignum(void *data, Bignum bn);
Bignum biggcd(Bignum a, Bignum b);
unsigned short bignum_mod_short(Bignum number, unsigned short modulus);
Bignum bignum_add_long(Bignum number, unsigned long addend);
Bignum bigmul(Bignum a, Bignum b);
Bignum bigmuladd(Bignum a, Bignum b, Bignum addend);
Bignum bigdiv(Bignum a, Bignum b);
Bignum bigmod(Bignum a, Bignum b);
Bignum modinv(Bignum number, Bignum modulus);
Bignum bignum_bitmask(Bignum number);
Bignum bignum_rshift(Bignum number, int shift);
int bignum_cmp(Bignum a, Bignum b);
char *bignum_decimal(Bignum x);
#endif
/*
* PuTTY is copyright 1997-2001 Simon Tatham.
*
* Portions copyright Robert de Bath, Joris van Rantwijk, Delian
* Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
* Justin Bradford, and CORE SDI S.A.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-232
View File
@@ -1,232 +0,0 @@
#include "global.h"
#include "CryptMD5.h"
/*
* MD5 implementation for PuTTY. Written directly from the spec by
* Simon Tatham.
*/
/* ----------------------------------------------------------------------
* Core MD5 algorithm: processes 16-word blocks into a message digest.
*/
#define F(x,y,z) ( ((x) & (y)) | ((~(x)) & (z)) )
#define G(x,y,z) ( ((x) & (z)) | ((~(z)) & (y)) )
#define H(x,y,z) ( (x) ^ (y) ^ (z) )
#define I(x,y,z) ( (y) ^ ( (x) | ~(z) ) )
#define rol(x,y) ( ((x) << (y)) | (((uint32_t)x) >> (32-y)) )
#define subround(f,w,x,y,z,k,s,ti) \
w = x + rol(w + f(x,y,z) + block[k] + ti, s)
static void MD5_Core_Init(MD5_Core_State * s)
{
s->h[0] = 0x67452301;
s->h[1] = 0xefcdab89;
s->h[2] = 0x98badcfe;
s->h[3] = 0x10325476;
}
static void MD5_Block(MD5_Core_State * s, uint32_t * block)
{
uint32_t a, b, c, d;
a = s->h[0];
b = s->h[1];
c = s->h[2];
d = s->h[3];
subround(F, a, b, c, d, 0, 7, 0xd76aa478);
subround(F, d, a, b, c, 1, 12, 0xe8c7b756);
subround(F, c, d, a, b, 2, 17, 0x242070db);
subround(F, b, c, d, a, 3, 22, 0xc1bdceee);
subround(F, a, b, c, d, 4, 7, 0xf57c0faf);
subround(F, d, a, b, c, 5, 12, 0x4787c62a);
subround(F, c, d, a, b, 6, 17, 0xa8304613);
subround(F, b, c, d, a, 7, 22, 0xfd469501);
subround(F, a, b, c, d, 8, 7, 0x698098d8);
subround(F, d, a, b, c, 9, 12, 0x8b44f7af);
subround(F, c, d, a, b, 10, 17, 0xffff5bb1);
subround(F, b, c, d, a, 11, 22, 0x895cd7be);
subround(F, a, b, c, d, 12, 7, 0x6b901122);
subround(F, d, a, b, c, 13, 12, 0xfd987193);
subround(F, c, d, a, b, 14, 17, 0xa679438e);
subround(F, b, c, d, a, 15, 22, 0x49b40821);
subround(G, a, b, c, d, 1, 5, 0xf61e2562);
subround(G, d, a, b, c, 6, 9, 0xc040b340);
subround(G, c, d, a, b, 11, 14, 0x265e5a51);
subround(G, b, c, d, a, 0, 20, 0xe9b6c7aa);
subround(G, a, b, c, d, 5, 5, 0xd62f105d);
subround(G, d, a, b, c, 10, 9, 0x02441453);
subround(G, c, d, a, b, 15, 14, 0xd8a1e681);
subround(G, b, c, d, a, 4, 20, 0xe7d3fbc8);
subround(G, a, b, c, d, 9, 5, 0x21e1cde6);
subround(G, d, a, b, c, 14, 9, 0xc33707d6);
subround(G, c, d, a, b, 3, 14, 0xf4d50d87);
subround(G, b, c, d, a, 8, 20, 0x455a14ed);
subround(G, a, b, c, d, 13, 5, 0xa9e3e905);
subround(G, d, a, b, c, 2, 9, 0xfcefa3f8);
subround(G, c, d, a, b, 7, 14, 0x676f02d9);
subround(G, b, c, d, a, 12, 20, 0x8d2a4c8a);
subround(H, a, b, c, d, 5, 4, 0xfffa3942);
subround(H, d, a, b, c, 8, 11, 0x8771f681);
subround(H, c, d, a, b, 11, 16, 0x6d9d6122);
subround(H, b, c, d, a, 14, 23, 0xfde5380c);
subround(H, a, b, c, d, 1, 4, 0xa4beea44);
subround(H, d, a, b, c, 4, 11, 0x4bdecfa9);
subround(H, c, d, a, b, 7, 16, 0xf6bb4b60);
subround(H, b, c, d, a, 10, 23, 0xbebfbc70);
subround(H, a, b, c, d, 13, 4, 0x289b7ec6);
subround(H, d, a, b, c, 0, 11, 0xeaa127fa);
subround(H, c, d, a, b, 3, 16, 0xd4ef3085);
subround(H, b, c, d, a, 6, 23, 0x04881d05);
subround(H, a, b, c, d, 9, 4, 0xd9d4d039);
subround(H, d, a, b, c, 12, 11, 0xe6db99e5);
subround(H, c, d, a, b, 15, 16, 0x1fa27cf8);
subround(H, b, c, d, a, 2, 23, 0xc4ac5665);
subround(I, a, b, c, d, 0, 6, 0xf4292244);
subround(I, d, a, b, c, 7, 10, 0x432aff97);
subround(I, c, d, a, b, 14, 15, 0xab9423a7);
subround(I, b, c, d, a, 5, 21, 0xfc93a039);
subround(I, a, b, c, d, 12, 6, 0x655b59c3);
subround(I, d, a, b, c, 3, 10, 0x8f0ccc92);
subround(I, c, d, a, b, 10, 15, 0xffeff47d);
subround(I, b, c, d, a, 1, 21, 0x85845dd1);
subround(I, a, b, c, d, 8, 6, 0x6fa87e4f);
subround(I, d, a, b, c, 15, 10, 0xfe2ce6e0);
subround(I, c, d, a, b, 6, 15, 0xa3014314);
subround(I, b, c, d, a, 13, 21, 0x4e0811a1);
subround(I, a, b, c, d, 4, 6, 0xf7537e82);
subround(I, d, a, b, c, 11, 10, 0xbd3af235);
subround(I, c, d, a, b, 2, 15, 0x2ad7d2bb);
subround(I, b, c, d, a, 9, 21, 0xeb86d391);
s->h[0] += a;
s->h[1] += b;
s->h[2] += c;
s->h[3] += d;
}
/* ----------------------------------------------------------------------
* Outer MD5 algorithm: take an arbitrary length byte string,
* convert it into 16-word blocks with the prescribed padding at
* the end, and pass those blocks to the core MD5 algorithm.
*/
#define BLKSIZE 64
void MD5Init(struct MD5Context *s)
{
MD5_Core_Init(&s->core);
s->blkused = 0;
s->lenhi = s->lenlo = 0;
}
void MD5Update(struct MD5Context *s, unsigned char const *p, unsigned len)
{
unsigned char *q = (unsigned char *) p;
uint32_t wordblock[16];
uint32_t lenw = len;
int i;
/*
* Update the length field.
*/
s->lenlo += lenw;
s->lenhi += (s->lenlo < lenw);
if (s->blkused + len < BLKSIZE) {
/*
* Trivial case: just add to the block.
*/
memcpy(s->block + s->blkused, q, len);
s->blkused += len;
} else {
/*
* We must complete and process at least one block.
*/
while (s->blkused + len >= BLKSIZE) {
memcpy(s->block + s->blkused, q, BLKSIZE - s->blkused);
q += BLKSIZE - s->blkused;
len -= BLKSIZE - s->blkused;
/* Now process the block. Gather bytes little-endian into words */
for (i = 0; i < 16; i++) {
wordblock[i] =
(((uint32_t) s->block[i * 4 + 3]) << 24) |
(((uint32_t) s->block[i * 4 + 2]) << 16) |
(((uint32_t) s->block[i * 4 + 1]) << 8) |
(((uint32_t) s->block[i * 4 + 0]) << 0);
}
MD5_Block(&s->core, wordblock);
s->blkused = 0;
}
memcpy(s->block, q, len);
s->blkused = len;
}
}
void MD5Final(unsigned char output[16], struct MD5Context *s)
{
int i;
unsigned pad;
unsigned char c[64];
uint32_t lenhi, lenlo;
if (s->blkused >= 56)
pad = 56 + 64 - s->blkused;
else
pad = 56 - s->blkused;
lenhi = (s->lenhi << 3) | (s->lenlo >> (32 - 3));
lenlo = (s->lenlo << 3);
memset(c, 0, pad);
c[0] = 0x80;
MD5Update(s, c, pad);
c[7] = char((lenhi >> 24) & 0xFF);
c[6] = char((lenhi >> 16) & 0xFF);
c[5] = char((lenhi >> 8) & 0xFF);
c[4] = char((lenhi >> 0) & 0xFF);
c[3] = char((lenlo >> 24) & 0xFF);
c[2] = char((lenlo >> 16) & 0xFF);
c[1] = char((lenlo >> 8) & 0xFF);
c[0] = char((lenlo >> 0) & 0xFF);
MD5Update(s, c, 8);
for (i = 0; i < 4; i++) {
output[4 * i + 3] = char((s->core.h[i] >> 24) & 0xFF);
output[4 * i + 2] = char((s->core.h[i] >> 16) & 0xFF);
output[4 * i + 1] = char((s->core.h[i] >> 8) & 0xFF);
output[4 * i + 0] = char((s->core.h[i] >> 0) & 0xFF);
}
}
/*
* PuTTY is copyright 1997-2001 Simon Tatham.
*
* Portions copyright Robert de Bath, Joris van Rantwijk, Delian
* Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
* Justin Bradford, and CORE SDI S.A.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-46
View File
@@ -1,46 +0,0 @@
#ifndef SSHMD5_H
#define SSHMD5_H
typedef struct {
uint32_t h[4];
} MD5_Core_State;
struct MD5Context {
MD5_Core_State core;
unsigned char block[64];
int blkused;
uint32_t lenhi, lenlo;
};
void MD5Init(struct MD5Context *context);
void MD5Update(struct MD5Context *context, unsigned char const *buf, unsigned len);
void MD5Final(unsigned char digest[16], struct MD5Context *context);
#endif
/*
* PuTTY is copyright 1997-2001 Simon Tatham.
*
* Portions copyright Robert de Bath, Joris van Rantwijk, Delian
* Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
* Justin Bradford, and CORE SDI S.A.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-154
View File
@@ -1,154 +0,0 @@
/*
* Noise generation for PuTTY's cryptographic random number
* generator.
*/
#include "global.h"
#if defined(_WINDOWS)
#define _WIN32_WINNT 0x0400 // VC6 header needs this defined.
#include <windows.h>
#include <wincrypt.h>
/*
* This function is called once, at PuTTY startup, and will do some
* seriously silly things like listing directories and getting disk
* free space and a process snapshot.
*/
void noise_get_heavy(void (*func) (void *, int))
{
static HCRYPTPROV hProv = NULL;
if( hProv == NULL )
{
if( !CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) )
{
char buf[1024] = "";
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM,
0, GetLastError(), 0, buf, sizeof(buf), NULL);
RageException::Throw( "CryptAcquireContext: %s", buf );
}
}
char buf[2048];
if ( !CryptGenRandom(hProv, sizeof(buf), (BYTE*) buf) )
RageException::Throw( "CryptGenRandom" );
func( buf, sizeof(buf) );
}
/*
* This function is called every time the random pool needs
* stirring, and will acquire the system time in all available
* forms and the battery status.
*/
void noise_get_light(void (*func) (void *, int))
{
SYSTEMTIME systime;
DWORD adjust[2];
BOOL rubbish;
GetSystemTime(&systime);
func(&systime, sizeof(systime));
GetSystemTimeAdjustment(&adjust[0], &adjust[1], &rubbish);
func(&adjust, sizeof(adjust));
}
#else
#include <fcntl.h>
#include <unistd.h>
#include <sys/time.h>
#include <sys/resource.h>
static int read_dev_urandom(char *buf, int len)
{
int fd;
int ngot, ret;
fd = open("/dev/urandom", O_RDONLY);
if (fd < 0)
return 0;
ngot = 0;
while (ngot < len)
{
ret = read(fd, buf+ngot, len-ngot);
if (ret < 0) {
close(fd);
return 0;
}
ngot += ret;
}
return 1;
}
/*
* This function is called once, at PuTTY startup. It will do some
* slightly silly things such as fetching an entire process listing
* and scanning /tmp, load the saved random seed from disk, and
* also read 32 bytes out of /dev/urandom.
*/
void noise_get_heavy(void (*func) (void *, int))
{
char buf[512];
if (read_dev_urandom(buf, 32))
func(buf, 32);
#if defined(UNIX)
FILE *fp;
int ret;
fp = popen("ps -axu 2>/dev/null", "r");
while ( (ret = fread(buf, 1, sizeof(buf), fp)) > 0)
func(buf, ret);
pclose(fp);
fp = popen("ls -al /tmp 2>/dev/null", "r");
while ( (ret = fread(buf, 1, sizeof(buf), fp)) > 0)
func(buf, ret);
pclose(fp);
#endif
}
/*
* This function is called every time the random pool needs
* stirring, and will acquire the system time.
*/
void noise_get_light(void (*func) (void *, int))
{
struct timeval tv;
gettimeofday(&tv, NULL);
func(&tv, sizeof(tv));
}
#endif
/*
* PuTTY is copyright 1997-2001 Simon Tatham.
*
* Portions copyright Robert de Bath, Joris van Rantwijk, Delian
* Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
* Justin Bradford, and CORE SDI S.A.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
File diff suppressed because it is too large Load Diff
-34
View File
@@ -1,34 +0,0 @@
#ifndef SSH_PRIME_H
#define SSH_PRIME_H
#include "CryptBn.h"
Bignum primegen(int bits, int modulus, int residue, Bignum factor, int phase);
#endif
/*
* PuTTY is copyright 1997-2001 Simon Tatham.
*
* Portions copyright Robert de Bath, Joris van Rantwijk, Delian
* Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
* Justin Bradford, and CORE SDI S.A.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-799
View File
@@ -1,799 +0,0 @@
/*
* RSA implementation for PuTTY.
*/
#include "global.h"
#include "RageUtil.h"
#include "CryptRSA.h"
#include "CryptSHA.h"
#include "CryptSH512.h"
#include "CryptMD5.h"
#include "CryptRand.h"
#include "CryptPrime.h"
#define GET_32BIT(cp) \
(((unsigned long)(unsigned char)(cp)[0] << 24) | \
((unsigned long)(unsigned char)(cp)[1] << 16) | \
((unsigned long)(unsigned char)(cp)[2] << 8) | \
((unsigned long)(unsigned char)(cp)[3]))
#define PUT_32BIT(cp, value) { \
(cp)[0] = (unsigned char)((value) >> 24); \
(cp)[1] = (unsigned char)((value) >> 16); \
(cp)[2] = (unsigned char)((value) >> 8); \
(cp)[3] = (unsigned char)(value); }
RSAKey::RSAKey()
{
bits = bytes = 0;
modulus = exponent = private_exponent = p = q = iqmp = NULL;
}
RSAKey::~RSAKey()
{
if(p)
freebn(p);
if(q)
freebn(q);
if(modulus)
freebn(modulus);
if(exponent)
freebn(exponent);
if(private_exponent)
freebn(private_exponent);
if(iqmp)
freebn(iqmp);
}
int makekey(unsigned char *data, struct RSAKey *result,
unsigned char **keystr, int order)
{
unsigned char *p = data;
int i;
if (result) {
result->bits = 0;
for (i = 0; i < 4; i++)
result->bits = (result->bits << 8) + *p++;
} else
p += 4;
/*
* order=0 means exponent then modulus (the keys sent by the
* server). order=1 means modulus then exponent (the keys
* stored in a keyfile).
*/
if (order == 0)
p += ssh1_read_bignum(p, result ? &result->exponent : NULL);
if (result)
result->bytes = (((p[0] << 8) + p[1]) + 7) / 8;
if (keystr)
*keystr = p + 2;
p += ssh1_read_bignum(p, result ? &result->modulus : NULL);
if (order == 1)
p += ssh1_read_bignum(p, result ? &result->exponent : NULL);
return p - data;
}
int makeprivate( const unsigned char *data, struct RSAKey *result )
{
return ssh1_read_bignum(data, &result->private_exponent);
}
unsigned char *GetBytes( Bignum bn, int *buflen )
{
int len = bn[0]*BIGNUM_INT_BYTES;
unsigned char *ret = new unsigned char[len];
unsigned char *p = ret;
for( int i = len-1; i >= 0; --i )
*p++ = bignum_byte( bn, i );
return ret;
}
static void sha512_mpint(SHA512_State * s, Bignum b)
{
unsigned char lenbuf[4];
int len;
len = (bignum_bitcount(b) + 8) / 8;
PUT_32BIT(lenbuf, len);
SHA512_Bytes(s, lenbuf, 4);
while (len-- > 0) {
lenbuf[0] = bignum_byte(b, len);
SHA512_Bytes(s, lenbuf, 1);
}
memset(lenbuf, 0, sizeof(lenbuf));
}
/*
* This function is a wrapper on modpow(). It has the same effect
* as modpow(), but employs RSA blinding to protect against timing
* attacks.
*/
static Bignum rsa_privkey_op(Bignum input, const RSAKey *key)
{
Bignum random, random_encrypted, random_inverse;
Bignum input_blinded, ret_blinded;
Bignum ret;
SHA512_State ss;
unsigned char digest512[64];
unsigned digestused = ARRAYLEN(digest512);
int hashseq = 0;
/*
* Start by inventing a random number chosen uniformly from the
* range 2..modulus-1. (We do this by preparing a random number
* of the right length and retrying if it's greater than the
* modulus, to prevent any potential Bleichenbacher-like
* attacks making use of the uneven distribution within the
* range that would arise from just reducing our number mod n.
* There are timing implications to the potential retries, of
* course, but all they tell you is the modulus, which you
* already knew.)
*
* To preserve determinism and avoid Pageant needing to share
* the random number pool, we actually generate this `random'
* number by hashing stuff with the private key.
*/
while (1) {
int bits, byte, bitsleft, v;
random = copybn(key->modulus);
/*
* Find the topmost set bit. (This function will return its
* index plus one.) Then we'll set all bits from that one
* downwards randomly.
*/
bits = bignum_bitcount(random);
byte = 0;
bitsleft = 0;
while (bits--) {
if (bitsleft <= 0) {
bitsleft = 8;
/*
* Conceptually the following few lines are equivalent to
* byte = random_byte();
*/
if (digestused >= ARRAYLEN(digest512)) {
unsigned char seqbuf[4];
PUT_32BIT(seqbuf, hashseq);
SHA512_Init(&ss);
SHA512_Bytes(&ss, "RSA deterministic blinding", 26);
SHA512_Bytes(&ss, seqbuf, sizeof(seqbuf));
sha512_mpint(&ss, key->private_exponent);
SHA512_Final(&ss, digest512);
hashseq++;
/*
* Now hash that digest plus the signature
* input.
*/
SHA512_Init(&ss);
SHA512_Bytes(&ss, digest512, sizeof(digest512));
sha512_mpint(&ss, input);
SHA512_Final(&ss, digest512);
digestused = 0;
}
byte = digest512[digestused++];
}
v = byte & 1;
byte >>= 1;
bitsleft--;
bignum_set_bit(random, bits, v);
}
/*
* Now check that this number is strictly greater than
* zero, and strictly less than modulus.
*/
if (bignum_cmp(random, Zero) <= 0 ||
bignum_cmp(random, key->modulus) >= 0) {
freebn(random);
continue;
} else {
break;
}
}
/*
* RSA blinding relies on the fact that (xy)^d mod n is equal
* to (x^d mod n) * (y^d mod n) mod n. We invent a random pair
* y and y^d; then we multiply x by y, raise to the power d mod
* n as usual, and divide by y^d to recover x^d. Thus an
* attacker can't correlate the timing of the modpow with the
* input, because they don't know anything about the number
* that was input to the actual modpow.
*
* The clever bit is that we don't have to do a huge modpow to
* get y and y^d; we will use the number we just invented as
* _y^d_, and use the _public_ exponent to compute (y^d)^e = y
* from it, which is much faster to do.
*/
random_encrypted = modpow(random, key->exponent, key->modulus);
random_inverse = modinv(random, key->modulus);
input_blinded = modmul(input, random_encrypted, key->modulus);
ret_blinded = modpow(input_blinded, key->private_exponent, key->modulus);
ret = modmul(ret_blinded, random_inverse, key->modulus);
freebn(ret_blinded);
freebn(input_blinded);
freebn(random_inverse);
freebn(random_encrypted);
freebn(random);
return ret;
}
bool RSAKey::Encrypt( RString &buf ) const
{
Bignum bn = bignum_from_bytes( (unsigned char *) buf.data(), buf.size() );
Bignum encrypted_bn = Encrypt( bn );
delete [] bn;
int len;
unsigned char *bytes = bignum_to_buffer( encrypted_bn, &len );
buf = RString( (const char *) bytes, len );
delete [] encrypted_bn;
return true;
}
bool RSAKey::Decrypt( RString &buf ) const
{
Bignum bn = bignum_from_buffer( (unsigned char *) buf.data(), buf.size() );
if( bn == NULL )
return false;
Bignum decrypted_bn = Decrypt( bn );
delete [] bn;
int len;
unsigned char *bytes = bignum_to_bytes( decrypted_bn, &len );
buf = RString( (const char *) bytes, len );
delete [] decrypted_bn;
return true;
}
Bignum RSAKey::Encrypt(const Bignum input) const
{
return modpow( input, this->exponent, this->modulus );
}
Bignum RSAKey::Decrypt(const Bignum input) const
{
return rsa_privkey_op(input, this);
}
int RSAKey::StrLen() const
{
Bignum md, ex;
int mdlen, exlen;
md = this->modulus;
ex = this->exponent;
mdlen = (bignum_bitcount(md) + 15) / 16;
exlen = (bignum_bitcount(ex) + 15) / 16;
return 4 * (mdlen + exlen) + 20;
}
void RSAKey::StrFmt( char *str ) const
{
int len = 0, i, nibbles;
static const char hex[] = "0123456789abcdef";
len += sprintf(str + len, "0x");
nibbles = (3 + bignum_bitcount(this->exponent)) / 4;
if (nibbles < 1)
nibbles = 1;
for (i = nibbles; i--;)
str[len++] = hex[(bignum_byte(this->exponent, i / 2) >> (4 * (i % 2))) & 0xF];
len += sprintf(str + len, ",0x");
nibbles = (3 + bignum_bitcount(this->modulus)) / 4;
if (nibbles < 1)
nibbles = 1;
for (i = nibbles; i--;)
str[len++] = hex[(bignum_byte(this->modulus, i / 2) >> (4 * (i % 2))) & 0xF];
str[len] = '\0';
}
/*
* Generate a fingerprint string for the key. Compatible with the
* OpenSSH fingerprint code.
*/
void RSAKey::Fingerprint( char *str, int len ) const
{
struct MD5Context md5c;
unsigned char digest[16];
char buffer[16 * 3 + 40];
int numlen, slen, i;
MD5Init(&md5c);
numlen = ssh1_bignum_length(this->modulus) - 2;
for (i = numlen; i--;) {
unsigned char c = bignum_byte(this->modulus, i);
MD5Update(&md5c, &c, 1);
}
numlen = ssh1_bignum_length(this->exponent) - 2;
for (i = numlen; i--;) {
unsigned char c = bignum_byte(this->exponent, i);
MD5Update(&md5c, &c, 1);
}
MD5Final(digest, &md5c);
sprintf(buffer, "%d ", bignum_bitcount(this->modulus));
for (i = 0; i < 16; i++)
sprintf(buffer + strlen(buffer), "%s%02x", i ? ":" : "",
digest[i]);
strncpy(str, buffer, len);
str[len - 1] = '\0';
slen = strlen(str);
if (!this->comment.empty() && slen < len - 1)
{
str[slen] = ' ';
strncpy(str + slen + 1, this->comment, len - slen - 1);
str[len - 1] = '\0';
}
}
/*
* Verify that the public data in an RSA key matches the private
* data. We also check the private data itself: we ensure that p >
* q and that iqmp really is the inverse of q mod p.
*/
bool RSAKey::Check() const
{
Bignum n, ed, pm1, qm1;
int cmp;
/* n must equal pq. */
n = bigmul(this->p, this->q);
cmp = bignum_cmp(n, this->modulus);
freebn(n);
if (cmp != 0)
return 0;
/* e * d must be congruent to 1, modulo (p-1) and modulo (q-1). */
pm1 = copybn(this->p);
decbn(pm1);
ed = modmul(this->exponent, this->private_exponent, pm1);
cmp = bignum_cmp(ed, One);
delete [] ed;
if (cmp != 0)
return 0;
qm1 = copybn(this->q);
decbn(qm1);
ed = modmul(this->exponent, this->private_exponent, qm1);
cmp = bignum_cmp(ed, One);
delete [] ed;
if (cmp != 0)
return 0;
/*
* Ensure p > q.
*/
if (bignum_cmp(this->p, this->q) <= 0)
return 0;
/*
* Ensure iqmp * q is congruent to 1, modulo p.
*/
n = modmul(this->iqmp, this->q, this->p);
cmp = bignum_cmp(n, One);
delete [] n;
if (cmp != 0)
return 0;
return 1;
}
/* ----------------------------------------------------------------------
* Implementation of the ssh-rsa signing key type.
*/
static void getstring(const char **data, int *datalen, const char **p, int *length)
{
*p = NULL;
if (*datalen < 4)
return;
*length = GET_32BIT(*data);
*datalen -= 4;
*data += 4;
if (*datalen < *length)
return;
*p = *data;
*data += *length;
*datalen -= *length;
}
static Bignum getmp(const char **data, int *datalen)
{
const char *p;
int length;
Bignum b;
getstring(data, datalen, &p, &length);
if (!p)
return NULL;
b = bignum_from_bytes((unsigned char *)p, length);
return b;
}
bool RSAKey::LoadFromPublicBlob( const RString &str )
{
int len = str.size();
const char *data = str.data();
const char *p;
int slen;
getstring(&data, &len, &p, &slen);
if (!p || slen != 7 || memcmp(p, "ssh-rsa", 7)) {
return false;
}
struct RSAKey *rsa = new RSAKey;
rsa->exponent = getmp(&data, &len);
rsa->modulus = getmp(&data, &len);
rsa->private_exponent = NULL;
return true;
}
char *RSAKey::FmtKey() const
{
int len = this->StrLen();
char *p = new char[len];
StrFmt( p );
return p;
}
void RSAKey::PublicBlob( RString &out ) const
{
int elen, mlen, bloblen;
int i;
unsigned char *blob, *p;
elen = (bignum_bitcount(this->exponent) + 8) / 8;
mlen = (bignum_bitcount(this->modulus) + 8) / 8;
/*
* string "ssh-rsa", mpint exp, mpint mod. Total 19+elen+mlen.
* (three length fields, 12+7=19).
*/
bloblen = 19 + elen + mlen;
blob = new unsigned char[bloblen];
p = blob;
PUT_32BIT(p, 7);
p += 4;
memcpy(p, "ssh-rsa", 7);
p += 7;
PUT_32BIT(p, elen);
p += 4;
for (i = elen; i--;)
*p++ = bignum_byte(this->exponent, i);
PUT_32BIT(p, mlen);
p += 4;
for (i = mlen; i--;)
*p++ = bignum_byte(this->modulus, i);
ASSERT(p == blob + bloblen);
out = RString( (const char *) blob, bloblen );
}
void RSAKey::PrivateBlob( RString &out ) const
{
int i;
unsigned char *blob, *p;
int elen = (bignum_bitcount(this->exponent) + 8) / 8;
int mlen = (bignum_bitcount(this->modulus) + 8) / 8;
int dlen = (bignum_bitcount(this->private_exponent) + 8) / 8;
int plen = (bignum_bitcount(this->p) + 8) / 8;
int qlen = (bignum_bitcount(this->q) + 8) / 8;
int ulen = (bignum_bitcount(this->iqmp) + 8) / 8;
/*
* mpint exp, mpint mod, mpint private_exp, mpint p, mpint q, mpint iqmp. Total 24 +
* sum of lengths.
*/
int bloblen = 24 + elen + mlen + dlen + plen + qlen + ulen;
blob = new unsigned char[bloblen];
p = blob;
PUT_32BIT(p, elen);
p += 4;
for (i = elen; i--;)
*p++ = bignum_byte(this->exponent, i);
PUT_32BIT(p, mlen);
p += 4;
for (i = mlen; i--;)
*p++ = bignum_byte(this->modulus, i);
PUT_32BIT(p, dlen);
p += 4;
for (i = dlen; i--;)
*p++ = bignum_byte(this->private_exponent, i);
PUT_32BIT(p, plen);
p += 4;
for (i = plen; i--;)
*p++ = bignum_byte(this->p, i);
PUT_32BIT(p, qlen);
p += 4;
for (i = qlen; i--;)
*p++ = bignum_byte(this->q, i);
PUT_32BIT(p, ulen);
p += 4;
for (i = ulen; i--;)
*p++ = bignum_byte(this->iqmp, i);
ASSERT(p == blob + bloblen);
out = RString( (const char *) blob, bloblen );
}
bool RSAKey::LoadFromPrivateBlob( const RString &str )
{
int len = str.size();
const char *data = str.data();
this->exponent = getmp(&data, &len);
this->modulus = getmp(&data, &len);
this->private_exponent = getmp(&data, &len);
this->p = getmp(&data, &len);
this->q = getmp(&data, &len);
this->iqmp = getmp(&data, &len);
if (!this->Check())
return false;
return true;
}
/* static struct RSAKey *rsa2_openssh_createkey(unsigned char **blob, int *len)
{
const char **b = (const char **) blob;
struct RSAKey *rsa = new RSAKey;
rsa->comment = NULL;
rsa->modulus = getmp(b, len);
rsa->exponent = getmp(b, len);
rsa->private_exponent = getmp(b, len);
rsa->iqmp = getmp(b, len);
rsa->p = getmp(b, len);
rsa->q = getmp(b, len);
if (!rsa->modulus || !rsa->exponent || !rsa->private_exponent ||
!rsa->iqmp || !rsa->p || !rsa->q)
{
delete rsa;
return NULL;
}
return rsa;
}
static int rsa2_openssh_fmtkey( struct RSAKey *rsa, unsigned char *blob, int len )
{
int bloblen =
ssh2_bignum_length(rsa->modulus) +
ssh2_bignum_length(rsa->exponent) +
ssh2_bignum_length(rsa->private_exponent) +
ssh2_bignum_length(rsa->iqmp) +
ssh2_bignum_length(rsa->p) + ssh2_bignum_length(rsa->q);
if (bloblen > len)
return bloblen;
bloblen = 0;
#define ENC(x) \
PUT_32BIT(blob+bloblen, ssh2_bignum_length((x))-4); bloblen += 4; \
for (i = ssh2_bignum_length((x))-4; i-- ;) blob[bloblen++]=bignum_byte((x),i);
int i;
ENC(rsa->modulus);
ENC(rsa->exponent);
ENC(rsa->private_exponent);
ENC(rsa->iqmp);
ENC(rsa->p);
ENC(rsa->q);
return bloblen;
}
*/
int rsa2_pubkey_bits( const RString &blob )
{
RSAKey rsa;
if( !rsa.LoadFromPublicBlob( blob ) )
return 0;
return bignum_bitcount(rsa.modulus);
}
char *rsa2_fingerprint( struct RSAKey *rsa )
{
struct MD5Context md5c;
unsigned char digest[16], lenbuf[4];
char buffer[16 * 3 + 40];
char *ret;
int numlen, i;
MD5Init(&md5c);
MD5Update(&md5c, (unsigned char *)"\0\0\0\7ssh-rsa", 11);
#define ADD_BIGNUM(bignum) \
numlen = (bignum_bitcount(bignum)+8)/8; \
PUT_32BIT(lenbuf, numlen); MD5Update(&md5c, lenbuf, 4); \
for (i = numlen; i-- ;) { \
unsigned char c = bignum_byte(bignum, i); \
MD5Update(&md5c, &c, 1); \
}
ADD_BIGNUM(rsa->exponent);
ADD_BIGNUM(rsa->modulus);
#undef ADD_BIGNUM
MD5Final(digest, &md5c);
sprintf(buffer, "ssh-rsa %d ", bignum_bitcount(rsa->modulus));
for (i = 0; i < 16; i++)
sprintf(buffer + strlen(buffer), "%s%02x", i ? ":" : "",
digest[i]);
ret = new char[strlen(buffer) + 1];
if (ret)
strcpy(ret, buffer);
return ret;
}
bool RSAKey::Verify( const RString &data, const RString &sig ) const
{
Bignum in, out;
int bytes, i, j;
unsigned char hash[20];
in = bignum_from_bytes( (const unsigned char *) sig.data(), sig.size() );
/* Base (in) must be smaller than the modulus. */
if( bignum_cmp(in, this->modulus) >= 0 )
{
freebn(in);
return false;
}
out = modpow(in, this->exponent, this->modulus);
freebn(in);
bool ret = true;
bytes = (bignum_bitcount(this->modulus)+7) / 8;
/* Top (partial) byte should be zero. */
if (bignum_byte(out, bytes - 1) != 0)
ret = 0;
/* First whole byte should be 1. */
if (bignum_byte(out, bytes - 2) != 1)
ret = 0;
/* Most of the rest should be FF. */
for (i = bytes - 3; i >= 20; i--) {
if (bignum_byte(out, i) != 0xFF)
ret = 0;
}
/* Finally, we expect to see the SHA-1 hash of the signed data. */
SHA_Simple( data.data(), data.size(), hash );
for (i = 19, j = 0; i >= 0; i--, j++) {
if (bignum_byte(out, i) != hash[j])
ret = false;
}
freebn(out);
return ret;
}
void RSAKey::Sign( const RString &data, RString &out ) const
{
Bignum in;
{
unsigned char hash[20];
SHA_Simple(data.data(), data.size(), hash);
int nbytes = (bignum_bitcount(this->modulus) - 1) / 8;
unsigned char *bytes = new unsigned char[nbytes];
memset( bytes, 0xFF, nbytes );
bytes[0] = 1;
memcpy( bytes + nbytes - 20, hash, 20 );
in = bignum_from_bytes(bytes, nbytes);
delete [] bytes;
}
Bignum outnum = rsa_privkey_op(in, this);
delete [] in;
int siglen;
unsigned char *bytes = bignum_to_bytes( outnum, &siglen );
delete [] outnum;
out = RString( (const char *) bytes, siglen );
delete [] bytes;
}
#define RSA_EXPONENT 37 /* we like this prime */
int RSAKey::Generate( int bits )
{
Bignum pm1, qm1, phi_n;
/*
* We don't generate e; we just use a standard one always.
*/
this->exponent = bignum_from_long(RSA_EXPONENT);
/*
* Generate p and q: primes with combined length `bits', not
* congruent to 1 modulo e. (Strictly speaking, we wanted (p-1)
* and e to be coprime, and (q-1) and e to be coprime, but in
* general that's slightly more fiddly to arrange. By choosing
* a prime e, we can simplify the criterion.)
*/
this->p = primegen(bits / 2, RSA_EXPONENT, 1, NULL, 1);
this->q = primegen(bits - bits / 2, RSA_EXPONENT, 1, NULL, 2);
/*
* Ensure p > q, by swapping them if not.
*/
if (bignum_cmp(this->p, this->q) < 0)
swap( p, q );
/*
* Now we have p, q and e. All we need to do now is work out
* the other helpful quantities: n=pq, d=e^-1 mod (p-1)(q-1),
* and (q^-1 mod p).
*/
this->modulus = bigmul(this->p, this->q);
pm1 = copybn(this->p);
decbn(pm1);
qm1 = copybn(this->q);
decbn(qm1);
phi_n = bigmul(pm1, qm1);
freebn(pm1);
freebn(qm1);
this->private_exponent = modinv(this->exponent, phi_n);
this->iqmp = modinv(this->q, this->p);
/*
* Clean up temporary numbers.
*/
freebn(phi_n);
return 1;
}
/*
* PuTTY is copyright 1997-2001 Simon Tatham.
*
* Portions copyright Robert de Bath, Joris van Rantwijk, Delian
* Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
* Justin Bradford, and CORE SDI S.A.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-68
View File
@@ -1,68 +0,0 @@
#ifndef RSAKEY_H
#define RSAKEY_H
#include "CryptBn.h"
struct RSAKey
{
RSAKey();
~RSAKey();
int bits;
int bytes;
Bignum modulus;
Bignum exponent;
Bignum private_exponent;
Bignum p;
Bignum q;
Bignum iqmp;
RString comment;
int Generate( int bits );
void Fingerprint( char *str, int len ) const;
void Sign( const RString &data, RString &out ) const;
bool Verify( const RString &data, const RString &sig ) const;
bool Encrypt( RString &buf ) const;
bool Decrypt( RString &buf ) const;
Bignum Encrypt( const Bignum input ) const;
Bignum Decrypt( const Bignum input ) const;
bool Check() const;
int StrLen() const;
void StrFmt( char *str ) const;
char *FmtKey() const;
void PublicBlob( RString &out ) const;
void PrivateBlob( RString &out ) const;
bool LoadFromPublicBlob( const RString &PublicBlob );
bool LoadFromPrivateBlob( const RString &PrivateBlob );
};
#endif
/*
* PuTTY is copyright 1997-2001 Simon Tatham.
*
* Portions copyright Robert de Bath, Joris van Rantwijk, Delian
* Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
* Justin Bradford, and CORE SDI S.A.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-241
View File
@@ -1,241 +0,0 @@
/*
* cryptographic random number generator for PuTTY's ssh client
*/
#include "global.h"
#include "CryptSHA.h"
#include "CryptRand.h"
void noise_get_heavy(void (*func) (void *, int));
void noise_get_light(void (*func) (void *, int));
/*
* `pool' itself is a pool of random data which we actually use: we
* return bytes from `pool', at position `poolpos', until `poolpos'
* reaches the end of the pool. At this point we generate more
* random data, by adding noise, stirring well, and resetting
* `poolpos' to point to just past the beginning of the pool (not
* _the_ beginning, since otherwise we'd give away the whole
* contents of our pool, and attackers would just have to guess the
* next lot of noise).
*
* `incomingb' buffers acquired noise data, until it gets full, at
* which point the acquired noise is SHA'ed into `incoming' and
* `incomingb' is cleared. The noise in `incoming' is used as part
* of the noise for each stirring of the pool, in addition to local
* time, process listings, and other such stuff.
*/
#define HASHINPUT 64 /* 64 bytes SHA input */
#define HASHSIZE 20 /* 160 bits SHA output */
#define POOLSIZE 1200 /* size of random pool */
struct RandPool
{
unsigned char pool[POOLSIZE];
int poolpos;
unsigned char incoming[HASHSIZE];
unsigned char incomingb[HASHINPUT];
int incomingpos;
};
static struct RandPool pool;
bool random_active = false;
static void random_stir(void)
{
unsigned block[HASHINPUT / sizeof(unsigned)];
unsigned digest[HASHSIZE / sizeof(unsigned)];
int i, j;
SHATransform((unsigned *) pool.incoming, (unsigned *) pool.incomingb);
pool.incomingpos = 0;
/*
* Chunks of this code are blatantly endianness-dependent, but
* as it's all random bits anyway, WHO CARES?
*/
memcpy(digest, pool.incoming, sizeof(digest));
/*
* Make two passes over the pool.
*/
for (i = 0; i < 2; i++) {
/*
* We operate SHA in CFB mode, repeatedly adding the same
* block of data to the digest. But we're also fiddling
* with the digest-so-far, so this shouldn't be Bad or
* anything.
*/
memcpy(block, pool.pool, sizeof(block));
/*
* Each pass processes the pool backwards in blocks of
* HASHSIZE, just so that in general we get the output of
* SHA before the corresponding input, in the hope that
* things will be that much less predictable that way
* round, when we subsequently return bytes ...
*/
for (j = POOLSIZE; (j -= HASHSIZE) >= 0;) {
/*
* XOR the bit of the pool we're processing into the
* digest.
*/
unsigned k;
for (k = 0; k < sizeof(digest) / sizeof(*digest); k++)
digest[k] ^= ((unsigned *) (pool.pool + j))[k];
/*
* Munge our unrevealed first block of the pool into
* it.
*/
SHATransform(digest, block);
/*
* Stick the result back into the pool.
*/
for( k = 0; k < sizeof(digest) / sizeof(*digest); k++ )
((unsigned *) (pool.pool + j))[k] = digest[k];
}
}
/*
* Might as well save this value back into `incoming', just so
* there'll be some extra bizarreness there.
*/
SHATransform(digest, block);
memcpy(pool.incoming, digest, sizeof(digest));
pool.poolpos = sizeof(pool.incoming);
}
void random_add_noise( const RString &noise )
{
unsigned char *p = (unsigned char *) noise.data();
int i;
if (!random_active)
return;
/*
* This function processes HASHINPUT bytes into only HASHSIZE
* bytes, so _if_ we were getting incredibly high entropy
* sources then we would be throwing away valuable stuff.
*/
int length = noise.size();
while (length >= (HASHINPUT - pool.incomingpos)) {
memcpy(pool.incomingb + pool.incomingpos, p,
HASHINPUT - pool.incomingpos);
p += HASHINPUT - pool.incomingpos;
length -= HASHINPUT - pool.incomingpos;
SHATransform((unsigned *) pool.incoming, (unsigned *) pool.incomingb);
for (i = 0; i < HASHSIZE; i++) {
pool.pool[pool.poolpos++] ^= pool.incomingb[i];
if (pool.poolpos >= POOLSIZE)
pool.poolpos = 0;
}
if (pool.poolpos < HASHSIZE)
random_stir();
pool.incomingpos = 0;
}
memcpy(pool.incomingb + pool.incomingpos, p, length);
pool.incomingpos += length;
}
void random_add_heavynoise(void *noise, int length)
{
unsigned char *p = (unsigned char *) noise;
int i;
while (length >= POOLSIZE) {
for (i = 0; i < POOLSIZE; i++)
pool.pool[i] ^= *p++;
random_stir();
length -= POOLSIZE;
}
for (i = 0; i < length; i++)
pool.pool[i] ^= *p++;
random_stir();
}
static void random_add_heavynoise_bitbybit(void *noise, int length)
{
unsigned char *p = (unsigned char *) noise;
int i;
while (length >= POOLSIZE - pool.poolpos) {
for (i = 0; i < POOLSIZE - pool.poolpos; i++)
pool.pool[pool.poolpos + i] ^= *p++;
random_stir();
length -= POOLSIZE - pool.poolpos;
pool.poolpos = 0;
}
for (i = 0; i < length; i++)
pool.pool[i] ^= *p++;
pool.poolpos = i;
}
void random_init(void)
{
if( random_active )
return;
random_active = true;
memset(&pool, 0, sizeof(pool)); /* just to start with */
noise_get_heavy(random_add_heavynoise_bitbybit);
random_stir();
}
unsigned char random_byte(void)
{
if (pool.poolpos >= POOLSIZE)
random_stir();
return pool.pool[pool.poolpos++];
}
void random_get_savedata(char **data, int *len)
{
char *buf = new char[POOLSIZE / 2];
random_stir();
memcpy(buf, pool.pool + pool.poolpos, POOLSIZE / 2);
*len = POOLSIZE / 2;
*data = buf;
random_stir();
}
/*
* PuTTY is copyright 1997-2001 Simon Tatham.
*
* Portions copyright Robert de Bath, Joris van Rantwijk, Delian
* Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
* Justin Bradford, and CORE SDI S.A.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-36
View File
@@ -1,36 +0,0 @@
#ifndef SSH_RAND_H
#define SSH_RAND_H
void random_init();
void random_add_noise( const RString &noise );
unsigned char random_byte();
void random_get_savedata( char **data, int *len );
#endif
/*
* PuTTY is copyright 1997-2001 Simon Tatham.
*
* Portions copyright Robert de Bath, Joris van Rantwijk, Delian
* Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
* Justin Bradford, and CORE SDI S.A.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-390
View File
@@ -1,390 +0,0 @@
/*
* SHA-512 algorithm as described at
*
* http://csrc.nist.gov/cryptval/shs.html
*/
#include "global.h"
#include "CryptSH512.h"
#define BLKSIZE 128
/*
* Arithmetic implementations. Note that AND, XOR and NOT can
* overlap destination with one source, but the others can't.
*/
#define add(r,x,y) ( r.lo = y.lo + x.lo, \
r.hi = y.hi + x.hi + (r.lo < y.lo) )
#define rorB(r,x,y) ( r.lo = (x.hi >> ((y)-32)) | (x.lo << (64-(y))), \
r.hi = (x.lo >> ((y)-32)) | (x.hi << (64-(y))) )
#define rorL(r,x,y) ( r.lo = (x.lo >> (y)) | (x.hi << (32-(y))), \
r.hi = (x.hi >> (y)) | (x.lo << (32-(y))) )
#define shrB(r,x,y) ( r.lo = x.hi >> ((y)-32), r.hi = 0 )
#define shrL(r,x,y) ( r.lo = (x.lo >> (y)) | (x.hi << (32-(y))), \
r.hi = x.hi >> (y) )
#define band(r,x,y) ( r.lo = x.lo & y.lo, r.hi = x.hi & y.hi )
#define bxor(r,x,y) ( r.lo = x.lo ^ y.lo, r.hi = x.hi ^ y.hi )
#define bnot(r,x) ( r.lo = ~x.lo, r.hi = ~x.hi )
#define INIT(h,l) { h, l }
#define BUILD(r,h,l) ( r.hi = h, r.lo = l )
#define EXTRACT(h,l,r) ( h = r.hi, l = r.lo )
/* ----------------------------------------------------------------------
* Core SHA512 algorithm: processes 16-doubleword blocks into a
* message digest.
*/
#define Ch(r,t,x,y,z) ( bnot(t,x), band(r,t,z), band(t,x,y), bxor(r,r,t) )
#define Maj(r,t,x,y,z) ( band(r,x,y), band(t,x,z), bxor(r,r,t), \
band(t,y,z), bxor(r,r,t) )
#define bigsigma0(r,t,x) ( rorL(r,x,28), rorB(t,x,34), bxor(r,r,t), \
rorB(t,x,39), bxor(r,r,t) )
#define bigsigma1(r,t,x) ( rorL(r,x,14), rorL(t,x,18), bxor(r,r,t), \
rorB(t,x,41), bxor(r,r,t) )
#define smallsigma0(r,t,x) ( rorL(r,x,1), rorL(t,x,8), bxor(r,r,t), \
shrL(t,x,7), bxor(r,r,t) )
#define smallsigma1(r,t,x) ( rorL(r,x,19), rorB(t,x,61), bxor(r,r,t), \
shrL(t,x,6), bxor(r,r,t) )
static void SHA512_Core_Init(SHA512_State *s)
{
static const uint64 iv[] = {
INIT(0x6a09e667, 0xf3bcc908),
INIT(0xbb67ae85, 0x84caa73b),
INIT(0x3c6ef372, 0xfe94f82b),
INIT(0xa54ff53a, 0x5f1d36f1),
INIT(0x510e527f, 0xade682d1),
INIT(0x9b05688c, 0x2b3e6c1f),
INIT(0x1f83d9ab, 0xfb41bd6b),
INIT(0x5be0cd19, 0x137e2179),
};
int i;
for (i = 0; i < 8; i++)
s->h[i] = iv[i];
}
static void SHA512_Block(SHA512_State *s, uint64 *block)
{
uint64 w[80];
uint64 a,b,c,d,e,f,g,h;
static const uint64 k[] = {
INIT(0x428a2f98, 0xd728ae22), INIT(0x71374491, 0x23ef65cd),
INIT(0xb5c0fbcf, 0xec4d3b2f), INIT(0xe9b5dba5, 0x8189dbbc),
INIT(0x3956c25b, 0xf348b538), INIT(0x59f111f1, 0xb605d019),
INIT(0x923f82a4, 0xaf194f9b), INIT(0xab1c5ed5, 0xda6d8118),
INIT(0xd807aa98, 0xa3030242), INIT(0x12835b01, 0x45706fbe),
INIT(0x243185be, 0x4ee4b28c), INIT(0x550c7dc3, 0xd5ffb4e2),
INIT(0x72be5d74, 0xf27b896f), INIT(0x80deb1fe, 0x3b1696b1),
INIT(0x9bdc06a7, 0x25c71235), INIT(0xc19bf174, 0xcf692694),
INIT(0xe49b69c1, 0x9ef14ad2), INIT(0xefbe4786, 0x384f25e3),
INIT(0x0fc19dc6, 0x8b8cd5b5), INIT(0x240ca1cc, 0x77ac9c65),
INIT(0x2de92c6f, 0x592b0275), INIT(0x4a7484aa, 0x6ea6e483),
INIT(0x5cb0a9dc, 0xbd41fbd4), INIT(0x76f988da, 0x831153b5),
INIT(0x983e5152, 0xee66dfab), INIT(0xa831c66d, 0x2db43210),
INIT(0xb00327c8, 0x98fb213f), INIT(0xbf597fc7, 0xbeef0ee4),
INIT(0xc6e00bf3, 0x3da88fc2), INIT(0xd5a79147, 0x930aa725),
INIT(0x06ca6351, 0xe003826f), INIT(0x14292967, 0x0a0e6e70),
INIT(0x27b70a85, 0x46d22ffc), INIT(0x2e1b2138, 0x5c26c926),
INIT(0x4d2c6dfc, 0x5ac42aed), INIT(0x53380d13, 0x9d95b3df),
INIT(0x650a7354, 0x8baf63de), INIT(0x766a0abb, 0x3c77b2a8),
INIT(0x81c2c92e, 0x47edaee6), INIT(0x92722c85, 0x1482353b),
INIT(0xa2bfe8a1, 0x4cf10364), INIT(0xa81a664b, 0xbc423001),
INIT(0xc24b8b70, 0xd0f89791), INIT(0xc76c51a3, 0x0654be30),
INIT(0xd192e819, 0xd6ef5218), INIT(0xd6990624, 0x5565a910),
INIT(0xf40e3585, 0x5771202a), INIT(0x106aa070, 0x32bbd1b8),
INIT(0x19a4c116, 0xb8d2d0c8), INIT(0x1e376c08, 0x5141ab53),
INIT(0x2748774c, 0xdf8eeb99), INIT(0x34b0bcb5, 0xe19b48a8),
INIT(0x391c0cb3, 0xc5c95a63), INIT(0x4ed8aa4a, 0xe3418acb),
INIT(0x5b9cca4f, 0x7763e373), INIT(0x682e6ff3, 0xd6b2b8a3),
INIT(0x748f82ee, 0x5defb2fc), INIT(0x78a5636f, 0x43172f60),
INIT(0x84c87814, 0xa1f0ab72), INIT(0x8cc70208, 0x1a6439ec),
INIT(0x90befffa, 0x23631e28), INIT(0xa4506ceb, 0xde82bde9),
INIT(0xbef9a3f7, 0xb2c67915), INIT(0xc67178f2, 0xe372532b),
INIT(0xca273ece, 0xea26619c), INIT(0xd186b8c7, 0x21c0c207),
INIT(0xeada7dd6, 0xcde0eb1e), INIT(0xf57d4f7f, 0xee6ed178),
INIT(0x06f067aa, 0x72176fba), INIT(0x0a637dc5, 0xa2c898a6),
INIT(0x113f9804, 0xbef90dae), INIT(0x1b710b35, 0x131c471b),
INIT(0x28db77f5, 0x23047d84), INIT(0x32caab7b, 0x40c72493),
INIT(0x3c9ebe0a, 0x15c9bebc), INIT(0x431d67c4, 0x9c100d4c),
INIT(0x4cc5d4be, 0xcb3e42b6), INIT(0x597f299c, 0xfc657e2a),
INIT(0x5fcb6fab, 0x3ad6faec), INIT(0x6c44198c, 0x4a475817),
};
int t;
for (t = 0; t < 16; t++)
w[t] = block[t];
for (t = 16; t < 80; t++) {
uint64 p, q, r, tmp;
smallsigma1(p, tmp, w[t-2]);
smallsigma0(q, tmp, w[t-15]);
add(r, p, q);
add(p, r, w[t-7]);
add(w[t], p, w[t-16]);
}
a = s->h[0]; b = s->h[1]; c = s->h[2]; d = s->h[3];
e = s->h[4]; f = s->h[5]; g = s->h[6]; h = s->h[7];
for (t = 0; t < 80; t+=8) {
uint64 tmp, p, q, r;
#define ROUND(j,a,b,c,d,e,f,g,h) \
bigsigma1(p, tmp, e); \
Ch(q, tmp, e, f, g); \
add(r, p, q); \
add(p, r, k[j]) ; \
add(q, p, w[j]); \
add(r, q, h); \
bigsigma0(p, tmp, a); \
Maj(tmp, q, a, b, c); \
add(q, tmp, p); \
add(p, r, d); \
d = p; \
add(h, q, r);
ROUND(t+0, a,b,c,d,e,f,g,h);
ROUND(t+1, h,a,b,c,d,e,f,g);
ROUND(t+2, g,h,a,b,c,d,e,f);
ROUND(t+3, f,g,h,a,b,c,d,e);
ROUND(t+4, e,f,g,h,a,b,c,d);
ROUND(t+5, d,e,f,g,h,a,b,c);
ROUND(t+6, c,d,e,f,g,h,a,b);
ROUND(t+7, b,c,d,e,f,g,h,a);
}
{
uint64 tmp;
#define UPDATE(state, local) ( tmp = state, add(state, tmp, local) )
UPDATE(s->h[0], a); UPDATE(s->h[1], b);
UPDATE(s->h[2], c); UPDATE(s->h[3], d);
UPDATE(s->h[4], e); UPDATE(s->h[5], f);
UPDATE(s->h[6], g); UPDATE(s->h[7], h);
}
}
/* ----------------------------------------------------------------------
* Outer SHA512 algorithm: take an arbitrary length byte string,
* convert it into 16-doubleword blocks with the prescribed padding
* at the end, and pass those blocks to the core SHA512 algorithm.
*/
void SHA512_Init(SHA512_State *s)
{
int i;
SHA512_Core_Init(s);
s->blkused = 0;
for (i = 0; i < 4; i++)
s->len[i] = 0;
}
void SHA512_Bytes(SHA512_State *s, const void *p, int len)
{
unsigned char *q = (unsigned char *)p;
uint64 wordblock[16];
uint32_t lenw = len;
int i;
/*
* Update the length field.
*/
for (i = 0; i < 4; i++) {
s->len[i] += lenw;
lenw = (s->len[i] < lenw);
}
if (s->blkused && s->blkused+len < BLKSIZE) {
/*
* Trivial case: just add to the block.
*/
memcpy(s->block + s->blkused, q, len);
s->blkused += len;
} else {
/*
* We must complete and process at least one block.
*/
while (s->blkused + len >= BLKSIZE) {
memcpy(s->block + s->blkused, q, BLKSIZE - s->blkused);
q += BLKSIZE - s->blkused;
len -= BLKSIZE - s->blkused;
/* Now process the block. Gather bytes big-endian into words */
for (i = 0; i < 16; i++) {
uint32_t h, l;
h = ( ((uint32_t)s->block[i*8+0]) << 24 ) |
( ((uint32_t)s->block[i*8+1]) << 16 ) |
( ((uint32_t)s->block[i*8+2]) << 8 ) |
( ((uint32_t)s->block[i*8+3]) << 0 );
l = ( ((uint32_t)s->block[i*8+4]) << 24 ) |
( ((uint32_t)s->block[i*8+5]) << 16 ) |
( ((uint32_t)s->block[i*8+6]) << 8 ) |
( ((uint32_t)s->block[i*8+7]) << 0 );
BUILD(wordblock[i], h, l);
}
SHA512_Block(s, wordblock);
s->blkused = 0;
}
memcpy(s->block, q, len);
s->blkused = len;
}
}
void SHA512_Final(SHA512_State *s, unsigned char *digest)
{
int i;
int pad;
unsigned char c[BLKSIZE];
uint32_t len[4];
if (s->blkused >= BLKSIZE-16)
pad = (BLKSIZE-16) + BLKSIZE - s->blkused;
else
pad = (BLKSIZE-16) - s->blkused;
for (i = 4; i-- ;) {
uint32_t lenhi = s->len[i];
uint32_t lenlo = i > 0 ? s->len[i-1] : 0;
len[i] = (lenhi << 3) | (lenlo >> (32-3));
}
memset(c, 0, pad);
c[0] = 0x80;
SHA512_Bytes(s, &c, pad);
for (i = 0; i < 4; i++) {
c[i*4+0] = char((len[3-i] >> 24) & 0xFF);
c[i*4+1] = char((len[3-i] >> 16) & 0xFF);
c[i*4+2] = char((len[3-i] >> 8) & 0xFF);
c[i*4+3] = char((len[3-i] >> 0) & 0xFF);
}
SHA512_Bytes(s, &c, 16);
for (i = 0; i < 8; i++) {
uint32_t h, l;
EXTRACT(h, l, s->h[i]);
digest[i*8+0] = char((h >> 24) & 0xFF);
digest[i*8+1] = char((h >> 16) & 0xFF);
digest[i*8+2] = char((h >> 8) & 0xFF);
digest[i*8+3] = char((h >> 0) & 0xFF);
digest[i*8+4] = char((l >> 24) & 0xFF);
digest[i*8+5] = char((l >> 16) & 0xFF);
digest[i*8+6] = char((l >> 8) & 0xFF);
digest[i*8+7] = char((l >> 0) & 0xFF);
}
}
void SHA512_Simple(const void *p, int len, unsigned char *output) {
SHA512_State s;
SHA512_Init(&s);
SHA512_Bytes(&s, p, len);
SHA512_Final(&s, output);
}
#ifdef TEST
#include <cstdio>
#include <cstdlib>
int main(void) {
unsigned char digest[64];
int i, j, errors;
struct {
const char *teststring;
unsigned char digest512[64];
} tests[] = {
{ "abc", {
0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2,
0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e,
0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f,
} },
{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", {
0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda,
0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f,
0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1,
0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18,
0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4,
0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a,
0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54,
0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09,
} },
{ NULL, {
0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64,
0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63,
0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28,
0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb,
0xde, 0x0f, 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a,
0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b,
0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e,
0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b,
} },
};
errors = 0;
for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
if (tests[i].teststring) {
SHA512_Simple(tests[i].teststring,
strlen(tests[i].teststring), digest);
} else {
SHA512_State s;
int n;
SHA512_Init(&s);
for (n = 0; n < 1000000 / 40; n++)
SHA512_Bytes(&s, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
40);
SHA512_Final(&s, digest);
}
for (j = 0; j < 64; j++) {
if (digest[j] != tests[i].digest512[j]) {
fprintf(stderr,
"\"%s\" digest512 byte %d should be 0x%02x, is 0x%02x\n",
tests[i].teststring, j, tests[i].digest512[j],
digest[j]);
errors++;
}
}
}
printf("%d errors\n", errors);
return 0;
}
#endif
/*
* PuTTY is copyright 1997-2001 Simon Tatham.
*
* Portions copyright Robert de Bath, Joris van Rantwijk, Delian
* Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
* Justin Bradford, and CORE SDI S.A.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-49
View File
@@ -1,49 +0,0 @@
#ifndef SSH_SHA512_H
#define SSH_SHA512_H
typedef struct
{
unsigned long hi, lo;
} uint64, int64;
typedef struct
{
uint64 h[8];
unsigned char block[128];
int blkused;
uint32_t len[4];
} SHA512_State;
void SHA512_Init(SHA512_State * s);
void SHA512_Bytes(SHA512_State * s, const void *p, int len);
void SHA512_Final(SHA512_State * s, unsigned char *output);
void SHA512_Simple(const void *p, int len, unsigned char *output);
#endif
/*
* PuTTY is copyright 1997-2001 Simon Tatham.
*
* Portions copyright Robert de Bath, Joris van Rantwijk, Delian
* Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
* Justin Bradford, and CORE SDI S.A.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-218
View File
@@ -1,218 +0,0 @@
/*
* SHA1 hash algorithm. Used in SSH2 as a MAC, and the transform is
* also used as a `stirring' function for the PuTTY random number
* pool. Implemented directly from the specification by Simon
* Tatham.
*/
#include "global.h"
#include "CryptSHA.h"
/* ----------------------------------------------------------------------
* Core SHA algorithm: processes 16-word blocks into a message digest.
*/
#define rol(x,y) ( ((x) << (y)) | (((uint32_t)x) >> (32-y)) )
static void SHA_Core_Init(uint32_t h[5])
{
h[0] = 0x67452301;
h[1] = 0xefcdab89;
h[2] = 0x98badcfe;
h[3] = 0x10325476;
h[4] = 0xc3d2e1f0;
}
void SHATransform(unsigned int *digest, unsigned int *block)
{
unsigned int w[80];
unsigned int a, b, c, d, e;
int t;
for (t = 0; t < 16; t++)
w[t] = block[t];
for (t = 16; t < 80; t++) {
unsigned int tmp = w[t - 3] ^ w[t - 8] ^ w[t - 14] ^ w[t - 16];
w[t] = rol(tmp, 1);
}
a = digest[0];
b = digest[1];
c = digest[2];
d = digest[3];
e = digest[4];
for (t = 0; t < 20; t++) {
unsigned int tmp =
rol(a, 5) + ((b & c) | (d & ~b)) + e + w[t] + 0x5a827999;
e = d;
d = c;
c = rol(b, 30);
b = a;
a = tmp;
}
for (t = 20; t < 40; t++) {
unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0x6ed9eba1;
e = d;
d = c;
c = rol(b, 30);
b = a;
a = tmp;
}
for (t = 40; t < 60; t++) {
unsigned int tmp = rol(a,
5) + ((b & c) | (b & d) | (c & d)) + e + w[t] +
0x8f1bbcdc;
e = d;
d = c;
c = rol(b, 30);
b = a;
a = tmp;
}
for (t = 60; t < 80; t++) {
unsigned int tmp = rol(a, 5) + (b ^ c ^ d) + e + w[t] + 0xca62c1d6;
e = d;
d = c;
c = rol(b, 30);
b = a;
a = tmp;
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
}
/* ----------------------------------------------------------------------
* Outer SHA algorithm: take an arbitrary length byte string,
* convert it into 16-word blocks with the prescribed padding at
* the end, and pass those blocks to the core SHA algorithm.
*/
void SHA_Init(SHA_State * s)
{
SHA_Core_Init(s->h);
s->blkused = 0;
s->lenhi = s->lenlo = 0;
}
void SHA_Bytes(SHA_State * s, const void *p, int len)
{
unsigned char *q = (unsigned char *) p;
uint32_t wordblock[16];
uint32_t lenw = len;
int i;
/*
* Update the length field.
*/
s->lenlo += lenw;
s->lenhi += (s->lenlo < lenw);
if (s->blkused && s->blkused + len < 64) {
/*
* Trivial case: just add to the block.
*/
memcpy(s->block + s->blkused, q, len);
s->blkused += len;
} else {
/*
* We must complete and process at least one block.
*/
while (s->blkused + len >= 64) {
memcpy(s->block + s->blkused, q, 64 - s->blkused);
q += 64 - s->blkused;
len -= 64 - s->blkused;
/* Now process the block. Gather bytes big-endian into words */
for (i = 0; i < 16; i++) {
wordblock[i] =
(((uint32_t) s->block[i * 4 + 0]) << 24) |
(((uint32_t) s->block[i * 4 + 1]) << 16) |
(((uint32_t) s->block[i * 4 + 2]) << 8) |
(((uint32_t) s->block[i * 4 + 3]) << 0);
}
SHATransform((unsigned int *)s->h, (unsigned int *)wordblock);
s->blkused = 0;
}
memcpy(s->block, q, len);
s->blkused = len;
}
}
void SHA_Final(SHA_State * s, unsigned char *output)
{
int i;
int pad;
unsigned char c[64];
uint32_t lenhi, lenlo;
if (s->blkused >= 56)
pad = 56 + 64 - s->blkused;
else
pad = 56 - s->blkused;
lenhi = (s->lenhi << 3) | (s->lenlo >> (32 - 3));
lenlo = (s->lenlo << 3);
memset(c, 0, pad);
c[0] = 0x80;
SHA_Bytes(s, &c, pad);
c[0] = char((lenhi >> 24) & 0xFF);
c[1] = char((lenhi >> 16) & 0xFF);
c[2] = char((lenhi >> 8) & 0xFF);
c[3] = char((lenhi >> 0) & 0xFF);
c[4] = char((lenlo >> 24) & 0xFF);
c[5] = char((lenlo >> 16) & 0xFF);
c[6] = char((lenlo >> 8) & 0xFF);
c[7] = char((lenlo >> 0) & 0xFF);
SHA_Bytes(s, &c, 8);
for (i = 0; i < 5; i++)
{
output[i * 4] = char((s->h[i] >> 24) & 0xFF);
output[i * 4 + 1] = char((s->h[i] >> 16) & 0xFF);
output[i * 4 + 2] = char((s->h[i] >> 8) & 0xFF);
output[i * 4 + 3] = char((s->h[i]) & 0xFF);
}
}
void SHA_Simple(const void *p, int len, unsigned char *output)
{
SHA_State s;
SHA_Init(&s);
SHA_Bytes(&s, p, len);
SHA_Final(&s, output);
}
/*
* PuTTY is copyright 1997-2001 Simon Tatham.
*
* Portions copyright Robert de Bath, Joris van Rantwijk, Delian
* Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
* Justin Bradford, and CORE SDI S.A.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-44
View File
@@ -1,44 +0,0 @@
#ifndef SSHSHA_H
#define SSHSHA_H
typedef struct {
uint32_t h[5];
unsigned char block[64];
int blkused;
uint32_t lenhi, lenlo;
} SHA_State;
void SHA_Init(SHA_State * s);
void SHA_Bytes(SHA_State * s, const void *p, int len);
void SHA_Final(SHA_State * s, unsigned char *output);
void SHA_Simple(const void *p, int len, unsigned char *output);
void SHATransform(unsigned int *digest, unsigned int *block);
#endif
/*
* PuTTY is copyright 1997-2001 Simon Tatham.
*
* Portions copyright Robert de Bath, Joris van Rantwijk, Delian
* Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
* Justin Bradford, and CORE SDI S.A.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/