diff options
| author | Jason Carey <jcarey@argv.me> | 2017-07-18 16:13:32 -0400 |
|---|---|---|
| committer | Jason Carey <jcarey@argv.me> | 2017-07-25 10:48:44 -0400 |
| commit | ffe9014101f7bd53ed9674b770e9371324fcdf34 (patch) | |
| tree | 7f1051ee8d382d41cc56cf61ce39949b50ea8133 /src/mongo/crypto | |
| parent | 4e27af1e980a5f5479fc26a3d616a5b56245261a (diff) | |
| download | mongo-ffe9014101f7bd53ed9674b770e9371324fcdf34.tar.gz | |
SERVER-30218 Add SHA256 Support
The addition of a SHA256Block will give us the flexibility to handle new
workloads that aren't appropriate for SHA1.
As part of this change, let's make the current code templatized so we
can limit as strongly as possible the duplication of code between sha1
and sha256.
Diffstat (limited to 'src/mongo/crypto')
35 files changed, 846 insertions, 4519 deletions
diff --git a/src/mongo/crypto/SConscript b/src/mongo/crypto/SConscript index b7f06827201..ecf857b1217 100644 --- a/src/mongo/crypto/SConscript +++ b/src/mongo/crypto/SConscript @@ -4,15 +4,6 @@ Import("env") env = env.Clone() -env.SConscript( - dirs=[ - 'tom', - ], - exports=[ - 'env', - ], -) - env.Library('sha1_block', source=[ 'sha1_block.cpp' @@ -22,24 +13,42 @@ env.Library('sha1_block', '$BUILD_DIR/mongo/util/secure_compare_memory', ]) -env.Library( - target='sha1_block_tom', +env.Library('sha256_block', source=[ - 'sha1_block_tom.cpp' + 'sha256_block.cpp' ], LIBDEPS=[ + '$BUILD_DIR/mongo/base', + '$BUILD_DIR/mongo/util/secure_compare_memory', + ]) + +if "tom" in env["MONGO_CRYPTO"]: + tomEnv = env.Clone(); + tomEnv.InjectThirdPartyIncludePaths(libraries=['tomcrypt']) + + tomEnv.Library( + target='sha_block_tom', + source=[ + 'sha_block_tom.cpp' + ], + LIBDEPS=[ '$BUILD_DIR/mongo/base', 'sha1_block', - 'tom/tomcrypt' - ]) + 'sha256_block', + ], + LIBDEPS_PRIVATE=[ + '$BUILD_DIR/third_party/shim_tomcrypt', + ] + ) -env.Library('sha1_block_openssl', +env.Library('sha_block_openssl', source=[ - 'sha1_block_openssl.cpp' + 'sha_block_openssl.cpp' ], LIBDEPS=[ '$BUILD_DIR/mongo/base', 'sha1_block', + 'sha256_block', ]) env.Library('scramauth', @@ -48,8 +57,12 @@ env.Library('scramauth', '$BUILD_DIR/mongo/base/secure_allocator', '$BUILD_DIR/mongo/util/secure_compare_memory', '$BUILD_DIR/mongo/util/secure_zero_memory', - 'sha1_block_${MONGO_CRYPTO}']) + 'sha_block_${MONGO_CRYPTO}']) env.CppUnitTest('sha1_block_test', ['sha1_block_test.cpp'], - LIBDEPS=['sha1_block_${MONGO_CRYPTO}']) + LIBDEPS=['sha_block_${MONGO_CRYPTO}']) + +env.CppUnitTest('sha256_block_test', + ['sha256_block_test.cpp'], + LIBDEPS=['sha_block_${MONGO_CRYPTO}']) diff --git a/src/mongo/crypto/sha1_block.cpp b/src/mongo/crypto/sha1_block.cpp index f433b3ac698..2e3e0c8de84 100644 --- a/src/mongo/crypto/sha1_block.cpp +++ b/src/mongo/crypto/sha1_block.cpp @@ -1,104 +1,37 @@ /** - * Copyright (C) 2017 MongoDB, Inc. + * Copyright (C) 2017 MongoDB Inc. * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. * - * As a special exception, the copyright holders give permission to link the - * code of portions of this program with the OpenSSL library under certain - * conditions as described in each individual source file and distribute - * linked combinations including the program with the OpenSSL library. You - * must comply with the GNU Affero General Public License in all respects for - * all of the code used other than as permitted herein. If you modify file(s) - * with this exception, you may extend this exception to your version of the - * file(s), but you are not obligated to do so. If you do not wish to do so, - * delete this exception statement from your version. If you delete this - * exception statement from all source files in the program, then also delete - * it in the license file. + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. */ #include "mongo/platform/basic.h" #include "mongo/crypto/sha1_block.h" -#include "mongo/bson/bsonmisc.h" -#include "mongo/bson/bsonobjbuilder.h" -#include "mongo/util/base64.h" -#include "mongo/util/mongoutils/str.h" -#include "mongo/util/secure_compare_memory.h" - namespace mongo { -constexpr size_t SHA1Block::kHashLength; - -SHA1Block::SHA1Block(HashType hash) : _hash(std::move(hash)) {} - -StatusWith<SHA1Block> SHA1Block::fromBuffer(const uint8_t* input, size_t inputLen) { - if (inputLen != kHashLength) { - return {ErrorCodes::InvalidLength, - str::stream() << "Unsupported SHA1Hash hash length: " << inputLen}; - } - - HashType newHash; - memcpy(newHash.data(), input, inputLen); - return SHA1Block(newHash); -} - -StatusWith<SHA1Block> SHA1Block::fromBinData(const BSONBinData& binData) { - if (binData.type != BinDataGeneral) { - return {ErrorCodes::UnsupportedFormat, "SHA1Block only accepts BinDataGeneral type"}; - } - - if (binData.length != kHashLength) { - return {ErrorCodes::UnsupportedFormat, - str::stream() << "Unsupported SHA1Block hash length: " << binData.length}; - } - - HashType newHash; - memcpy(newHash.data(), binData.data, binData.length); - return SHA1Block(newHash); -} - -SHA1Block SHA1Block::fromBinData(std::vector<unsigned char> bytes) { - HashType newHash; - invariant(bytes.size() == kHashLength); - memcpy(newHash.data(), bytes.data(), bytes.size()); - return SHA1Block(newHash); -} - -std::string SHA1Block::toString() const { - return base64::encode(reinterpret_cast<const char*>(_hash.data()), _hash.size()); -} - -void SHA1Block::appendAsBinData(BSONObjBuilder& builder, StringData fieldName) const { - builder.appendBinData(fieldName, _hash.size(), BinDataGeneral, _hash.data()); -} - -void SHA1Block::xorInline(const SHA1Block& other) { - for (size_t x = 0; x < _hash.size(); x++) { - _hash[x] ^= other._hash[x]; - } -} - -bool SHA1Block::operator==(const SHA1Block& other) const { - return consttimeMemEqual(this->_hash.data(), other._hash.data(), kHashLength); -} - -bool SHA1Block::operator!=(const SHA1Block& other) const { - return !(*this == other); -} - -std::ostream& operator<<(std::ostream& os, const SHA1Block& sha1) { - return os << sha1.toString(); -} +constexpr StringData SHA1BlockTraits::name; } // namespace mongo diff --git a/src/mongo/crypto/sha1_block.h b/src/mongo/crypto/sha1_block.h index 7beaba8074d..51ed7fac155 100644 --- a/src/mongo/crypto/sha1_block.h +++ b/src/mongo/crypto/sha1_block.h @@ -1,129 +1,56 @@ /** -* Copyright (C) 2017 MongoDB Inc. -* -* This program is free software: you can redistribute it and/or modify -* it under the terms of the GNU Affero General Public License, version 3, -* as published by the Free Software Foundation. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU Affero General Public License for more details. -* -* You should have received a copy of the GNU Affero General Public License -* along with this program. If not, see <http://www.gnu.org/licenses/>. -* -* As a special exception, the copyright holders give permission to link the -* code of portions of this program with the OpenSSL library under certain -* conditions as described in each individual source file and distribute -* linked combinations including the program with the OpenSSL library. You -* must comply with the GNU Affero General Public License in all respects for -* all of the code used other than as permitted herein. If you modify file(s) -* with this exception, you may extend this exception to your version of the -* file(s), but you are not obligated to do so. If you do not wish to do so, -* delete this exception statement from your version. If you delete this -* exception statement from all source files in the program, then also delete -* it in the license file. -*/ + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ #pragma once -#include <array> -#include <cstddef> -#include <string> -#include <vector> +#include "mongo/crypto/sha_block.h" -#include "mongo/base/data_range.h" -#include "mongo/base/status_with.h" +#include "mongo/util/make_array_type.h" namespace mongo { -struct BSONBinData; -class BSONObjBuilder; - /** - * Data structure with fixed sized byte array that can be used as HMAC key or result of a SHA1 - * computation. + * A Traits type for adapting SHABlock to sha256 hashes. */ -class SHA1Block { -public: - static constexpr size_t kHashLength = 20; - using HashType = std::array<std::uint8_t, kHashLength>; +struct SHA1BlockTraits { + using HashType = MakeArrayType<std::uint8_t, 20, SHA1BlockTraits>; - SHA1Block() = default; - SHA1Block(HashType rawHash); - static StatusWith<SHA1Block> fromBuffer(const uint8_t* input, size_t inputLen); + static constexpr StringData name = "SHA1Block"_sd; - /** - * Computes a SHA-1 hash of 'input'. - */ - static SHA1Block computeHash(const uint8_t* input, size_t inputLen); + static HashType computeHash(std::initializer_list<ConstDataRange> input); - /** - * Computes a HMAC SHA-1 keyed hash of 'input' using the key 'key' - */ - static SHA1Block computeHmac(const uint8_t* key, - size_t keyLen, - const uint8_t* input, - size_t inputLen) { - SHA1Block output; - SHA1Block::computeHmac(key, keyLen, input, inputLen, &output); - return output; - } - - /** - * Computes a HMAC SHA-1 keyed hash of 'input' using the key 'key'. Writes the results into - * a pre-allocated SHA1Block. This lets us allocate SHA1Blocks with the SecureAllocator. - */ static void computeHmac(const uint8_t* key, size_t keyLen, const uint8_t* input, size_t inputLen, - SHA1Block* const output); - - const uint8_t* data() const& { - return _hash.data(); - } - - uint8_t* data() const&& = delete; - - ConstDataRange toCDR() const { - return ConstDataRange(reinterpret_cast<const char*>(_hash.data()), kHashLength); - } - - size_t size() const { - return _hash.size(); - } - - /** - * Make a new SHA1Block from a BSON BinData value. - */ - static StatusWith<SHA1Block> fromBinData(const BSONBinData& binData); - - /** - * Make a new SHA1Block from a vector of bytes representing bindata. For IDL. - */ - static SHA1Block fromBinData(std::vector<unsigned char> bytes); - - /** - * Append this to a builder using the given name as a BSON BinData type value. - */ - void appendAsBinData(BSONObjBuilder& builder, StringData fieldName) const; - - /** - * Do a bitwise xor against another SHA1Block and replace the current contents of this block - * with the result. - */ - void xorInline(const SHA1Block& other); - - std::string toString() const; - bool operator==(const SHA1Block& other) const; - bool operator!=(const SHA1Block& other) const; - -private: - HashType _hash; + HashType* const output); }; -std::ostream& operator<<(std::ostream& os, const SHA1Block& sha1); +using SHA1Block = SHABlock<SHA1BlockTraits>; } // namespace mongo diff --git a/src/mongo/crypto/sha1_block_openssl.cpp b/src/mongo/crypto/sha1_block_openssl.cpp deleted file mode 100644 index 75bb53e3960..00000000000 --- a/src/mongo/crypto/sha1_block_openssl.cpp +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (C) 2014 10gen Inc. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * - * As a special exception, the copyright holders give permission to link the - * code of portions of this program with the OpenSSL library under certain - * conditions as described in each individual source file and distribute - * linked combinations including the program with the OpenSSL library. You - * must comply with the GNU Affero General Public License in all respects for - * all of the code used other than as permitted herein. If you modify file(s) - * with this exception, you may extend this exception to your version of the - * file(s), but you are not obligated to do so. If you do not wish to do so, - * delete this exception statement from your version. If you delete this - * exception statement from all source files in the program, then also delete - * it in the license file. - */ - -#include "mongo/platform/basic.h" - -#include "mongo/crypto/sha1_block.h" - -#include "mongo/config.h" -#include "mongo/stdx/memory.h" -#include "mongo/util/assert_util.h" - -#ifndef MONGO_CONFIG_SSL -#error This file should only be included in SSL-enabled builds -#endif - -#include <cstring> -#include <openssl/evp.h> -#include <openssl/hmac.h> -#include <openssl/sha.h> -#if OPENSSL_VERSION_NUMBER < 0x10100000L -namespace { -// Copies of OpenSSL after 1.1.0 define new EVP digest routines. We must -// polyfill used definitions to interact with older OpenSSL versions. -EVP_MD_CTX* EVP_MD_CTX_new() { - void* ret = OPENSSL_malloc(sizeof(EVP_MD_CTX)); - - if (ret != NULL) { - memset(ret, 0, sizeof(EVP_MD_CTX)); - } - return static_cast<EVP_MD_CTX*>(ret); -} - -void EVP_MD_CTX_free(EVP_MD_CTX* ctx) { - EVP_MD_CTX_cleanup(ctx); - OPENSSL_free(ctx); -} -} // namespace -#endif - -namespace mongo { -/* - * Computes a SHA-1 hash of 'input'. - */ -SHA1Block SHA1Block::computeHash(const uint8_t* input, size_t inputLen) { - HashType output; - - std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_free)> digestCtx(EVP_MD_CTX_new(), - EVP_MD_CTX_free); - - fassert(40379, - EVP_DigestInit_ex(digestCtx.get(), EVP_sha1(), NULL) == 1 && - EVP_DigestUpdate(digestCtx.get(), input, inputLen) == 1 && - EVP_DigestFinal_ex(digestCtx.get(), output.data(), NULL) == 1); - return SHA1Block(output); -} - -/* - * Computes a HMAC SHA-1 keyed hash of 'input' using the key 'key', writes output into 'output'. - */ -void SHA1Block::computeHmac(const uint8_t* key, - size_t keyLen, - const uint8_t* input, - size_t inputLen, - SHA1Block* const output) { - fassert(40380, - HMAC(EVP_sha1(), key, keyLen, input, inputLen, output->_hash.data(), NULL) != NULL); -} - -} // namespace mongo diff --git a/src/mongo/crypto/sha1_block_test.cpp b/src/mongo/crypto/sha1_block_test.cpp index fa227f048a4..0315e59b173 100644 --- a/src/mongo/crypto/sha1_block_test.cpp +++ b/src/mongo/crypto/sha1_block_test.cpp @@ -1,29 +1,29 @@ /** - * Copyright (C) 2014 10gen Inc. + * Copyright (C) 2017 MongoDB Inc. * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. * - * As a special exception, the copyright holders give permission to link the - * code of portions of this program with the OpenSSL library under certain - * conditions as described in each individual source file and distribute - * linked combinations including the program with the OpenSSL library. You - * must comply with the GNU Affero General Public License in all respects - * for all of the code used other than as permitted herein. If you modify - * file(s) with this exception, you may extend this exception to your - * version of the file(s), but you are not obligated to do so. If you do not - * wish to do so, delete this exception statement from your version. If you - * delete this exception statement from all source files in the program, - * then also delete it in the license file. + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. */ #include "mongo/platform/basic.h" @@ -36,23 +36,32 @@ namespace mongo { namespace { +ConstDataRange makeTestItem(StringData sd) { + return ConstDataRange(sd.rawData(), sd.size()); +} + // SHA-1 test vectors from http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/SHA_All.pdf const struct { - const char* msg; + std::initializer_list<ConstDataRange> msg; SHA1Block hash; } sha1Tests[] = { - {"abc", SHA1Block::HashType{0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e, - 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d}}, + {{makeTestItem("abc")}, + SHA1Block::HashType{0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e, + 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d}}, + + {{makeTestItem("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")}, + SHA1Block::HashType{0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE, + 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1}}, - {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + // A variation on the above to test digesting multiple parts + {{makeTestItem("abcdbcdecdefdefgefghfghighijhijkijkljklmkl"), makeTestItem("mnlmnomnopnopq")}, SHA1Block::HashType{0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1}}}; TEST(CryptoVectors, SHA1) { size_t numTests = sizeof(sha1Tests) / sizeof(sha1Tests[0]); for (size_t i = 0; i < numTests; i++) { - SHA1Block result = SHA1Block::computeHash( - reinterpret_cast<const unsigned char*>(sha1Tests[i].msg), strlen(sha1Tests[i].msg)); + SHA1Block result = SHA1Block::computeHash(sha1Tests[i].msg); ASSERT(sha1Tests[i].hash == result) << "Failed SHA1 iteration " << i; } } diff --git a/src/mongo/crypto/sha1_block_tom.cpp b/src/mongo/crypto/sha1_block_tom.cpp deleted file mode 100644 index 7d32dbc2f53..00000000000 --- a/src/mongo/crypto/sha1_block_tom.cpp +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (C) 2014 10gen Inc. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * - * As a special exception, the copyright holders give permission to link the - * code of portions of this program with the OpenSSL library under certain - * conditions as described in each individual source file and distribute - * linked combinations including the program with the OpenSSL library. You - * must comply with the GNU Affero General Public License in all respects for - * all of the code used other than as permitted herein. If you modify file(s) - * with this exception, you may extend this exception to your version of the - * file(s), but you are not obligated to do so. If you do not wish to do so, - * delete this exception statement from your version. If you delete this - * exception statement from all source files in the program, then also delete - * it in the license file. - */ - -#include "mongo/platform/basic.h" - -#include "mongo/crypto/sha1_block.h" - -#include "mongo/config.h" -#include "mongo/util/assert_util.h" - -#ifdef MONGO_CONFIG_SSL -#error This file should not be included if compiling with SSL support -#endif - -#include "mongo/crypto/tom/tomcrypt.h" - -namespace mongo { - -/* - * Computes a SHA-1 hash of 'input'. - */ -SHA1Block SHA1Block::computeHash(const uint8_t* input, size_t inputLen) { - HashType output; - - hash_state hashState; - fassert(40381, - sha1_init(&hashState) == CRYPT_OK && - sha1_process(&hashState, input, inputLen) == CRYPT_OK && - sha1_done(&hashState, output.data()) == CRYPT_OK); - return SHA1Block(output); -} - -/* - * Computes a HMAC SHA-1 keyed hash of 'input' using the key 'key' - */ -void SHA1Block::computeHmac(const uint8_t* key, - size_t keyLen, - const uint8_t* input, - size_t inputLen, - SHA1Block* const output) { - invariant(key && input); - - static int hashId = -1; - if (hashId == -1) { - register_hash(&sha1_desc); - hashId = find_hash("sha1"); - } - - unsigned long sha1HashLen = 20; - fassert(40382, - hmac_memory(hashId, key, keyLen, input, inputLen, output->_hash.data(), &sha1HashLen) == - CRYPT_OK); -} - -} // namespace mongo diff --git a/src/mongo/crypto/sha256_block.cpp b/src/mongo/crypto/sha256_block.cpp new file mode 100644 index 00000000000..1b5600e4147 --- /dev/null +++ b/src/mongo/crypto/sha256_block.cpp @@ -0,0 +1,37 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#include "mongo/platform/basic.h" + +#include "mongo/crypto/sha256_block.h" + +namespace mongo { + +constexpr StringData SHA256BlockTraits::name; + +} // namespace mongo diff --git a/src/mongo/crypto/sha256_block.h b/src/mongo/crypto/sha256_block.h new file mode 100644 index 00000000000..2e24e551dc8 --- /dev/null +++ b/src/mongo/crypto/sha256_block.h @@ -0,0 +1,56 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#pragma once + +#include "mongo/crypto/sha_block.h" + +#include "mongo/util/make_array_type.h" + +namespace mongo { + +/** + * A Traits type for adapting SHABlock to sha256 hashes. + */ +struct SHA256BlockTraits { + using HashType = MakeArrayType<std::uint8_t, 32, SHA256BlockTraits>; + + static constexpr StringData name = "SHA256Block"_sd; + + static HashType computeHash(std::initializer_list<ConstDataRange> input); + + static void computeHmac(const uint8_t* key, + size_t keyLen, + const uint8_t* input, + size_t inputLen, + HashType* const output); +}; + +using SHA256Block = SHABlock<SHA256BlockTraits>; + +} // namespace mongo diff --git a/src/mongo/crypto/sha256_block.idl b/src/mongo/crypto/sha256_block.idl new file mode 100644 index 00000000000..25343a990db --- /dev/null +++ b/src/mongo/crypto/sha256_block.idl @@ -0,0 +1,33 @@ +# Copyright (C) 2017 MongoDB Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License, version 3, +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# SHA256Block type + +global: + cpp_namespace: "mongo" + cpp_includes: + - "mongo/crypto/sha256_block.h" + +imports: + - "mongo/idl/basic_types.idl" + +types: + sha256Block: + bson_serialization_type: bindata + bindata_subtype: generic + description: "A fixed-size byte array that holds the result of a SHA256 computation" + cpp_type: mongo::SHA256Block + serializer: "mongo::SHA256Block::toCDR" + deserializer: "mongo::SHA256Block::fromBinData" diff --git a/src/mongo/crypto/sha256_block_test.cpp b/src/mongo/crypto/sha256_block_test.cpp new file mode 100644 index 00000000000..8b3ff5db4e9 --- /dev/null +++ b/src/mongo/crypto/sha256_block_test.cpp @@ -0,0 +1,126 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#include "mongo/platform/basic.h" + +#include "mongo/bson/bsonmisc.h" +#include "mongo/bson/bsonobjbuilder.h" +#include "mongo/crypto/sha256_block.h" +#include "mongo/unittest/unittest.h" + +namespace mongo { +namespace { + +ConstDataRange makeTestItem(StringData sd) { + return ConstDataRange(sd.rawData(), sd.size()); +} + +// SHA-256 test vectors from tom crypt +const struct { + std::initializer_list<ConstDataRange> msg; + SHA256Block hash; +} sha256Tests[] = { + {{makeTestItem("abc")}, + SHA256Block::HashType{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, + 0xde, 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, + 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}}, + + {{makeTestItem("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")}, + SHA256Block::HashType{0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, + 0x93, 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, + 0x21, 0x67, 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1}}, + + // A variation on the above to test digesting multiple parts + {{makeTestItem("abcdbcdecdefdefgefghfghi"), makeTestItem("ghijhijkijkljklmklmnlmnomnopnopq")}, + SHA256Block::HashType{0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, + 0x93, 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, + 0x21, 0x67, 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1}}}; + + +TEST(CryptoVectors, SHA256) { + size_t numTests = sizeof(sha256Tests) / sizeof(sha256Tests[0]); + for (size_t i = 0; i < numTests; i++) { + SHA256Block result = SHA256Block::computeHash(sha256Tests[i].msg); + ASSERT(sha256Tests[i].hash == result) << "Failed SHA256 iteration " << i; + } +} + +TEST(SHA256Block, BinDataRoundTrip) { + SHA256Block::HashType rawHash; + rawHash.fill(0); + for (size_t i = 0; i < rawHash.size(); i++) { + rawHash[i] = i; + } + + SHA256Block testHash(rawHash); + + BSONObjBuilder builder; + testHash.appendAsBinData(builder, "hash"); + auto newObj = builder.done(); + + auto hashElem = newObj["hash"]; + ASSERT_EQ(BinData, hashElem.type()); + ASSERT_EQ(BinDataGeneral, hashElem.binDataType()); + + int binLen = 0; + auto rawBinData = hashElem.binData(binLen); + ASSERT_EQ(SHA256Block::kHashLength, static_cast<size_t>(binLen)); + + auto newHashStatus = + SHA256Block::fromBinData(BSONBinData(rawBinData, binLen, hashElem.binDataType())); + ASSERT_OK(newHashStatus.getStatus()); + ASSERT_TRUE(testHash == newHashStatus.getValue()); +} + +TEST(SHA256Block, CanOnlyConstructFromBinGeneral) { + std::string dummy(SHA256Block::kHashLength, 'x'); + + auto newHashStatus = + SHA256Block::fromBinData(BSONBinData(dummy.c_str(), dummy.size(), newUUID)); + ASSERT_EQ(ErrorCodes::UnsupportedFormat, newHashStatus.getStatus()); +} + +TEST(SHA256Block, FromBinDataShouldRegectWrongSize) { + std::string dummy(SHA256Block::kHashLength - 1, 'x'); + + auto newHashStatus = + SHA256Block::fromBinData(BSONBinData(dummy.c_str(), dummy.size(), BinDataGeneral)); + ASSERT_EQ(ErrorCodes::UnsupportedFormat, newHashStatus.getStatus()); +} + +TEST(SHA256Block, FromBufferShouldRejectWrongLength) { + std::string dummy(SHA256Block::kHashLength - 1, 'x'); + + auto newHashStatus = + SHA256Block::fromBuffer(reinterpret_cast<const uint8_t*>(dummy.c_str()), dummy.size()); + ASSERT_EQ(ErrorCodes::InvalidLength, newHashStatus.getStatus()); +} + + +} // namespace +} // namespace mongo diff --git a/src/mongo/crypto/sha_block.h b/src/mongo/crypto/sha_block.h new file mode 100644 index 00000000000..443ef36ebf4 --- /dev/null +++ b/src/mongo/crypto/sha_block.h @@ -0,0 +1,208 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#pragma once + +#include <array> +#include <cstddef> +#include <string> +#include <vector> + +#include "mongo/base/data_range.h" +#include "mongo/base/status_with.h" +#include "mongo/bson/bsonmisc.h" +#include "mongo/bson/bsonobjbuilder.h" +#include "mongo/util/base64.h" +#include "mongo/util/secure_compare_memory.h" + +namespace mongo { + +struct BSONBinData; +class BSONObjBuilder; + +/** + * Data structure with fixed sized byte array that can be used as HMAC key or result of a SHA + * computation. + */ +template <typename Traits> +class SHABlock { +public: + using HashType = typename Traits::HashType; + static constexpr size_t kHashLength = sizeof(HashType); + + SHABlock() = default; + + SHABlock(HashType rawHash) : _hash(rawHash) {} + + /** + * Constructs a SHABlock from a buffer of specified size. + */ + static StatusWith<SHABlock> fromBuffer(const uint8_t* input, size_t inputLen) { + if (inputLen != kHashLength) { + return { + ErrorCodes::InvalidLength, + str::stream() << "Unsupported " << Traits::name << " hash length: " << inputLen}; + } + + HashType newHash; + memcpy(newHash.data(), input, inputLen); + return SHABlock(newHash); + } + + /** + * Computes a hash of 'input' from multiple contigous buffers. + */ + static SHABlock computeHash(std::initializer_list<ConstDataRange> input) { + return SHABlock{Traits::computeHash(input)}; + } + + /** + * Computes a hash of 'input' from one buffer. + */ + static SHABlock computeHash(const uint8_t* input, size_t inputLen) { + return computeHash({ConstDataRange(reinterpret_cast<const char*>(input), inputLen)}); + } + + /** + * Computes a HMAC keyed hash of 'input' using the key 'key'. + */ + static SHABlock computeHmac(const uint8_t* key, + size_t keyLen, + const uint8_t* input, + size_t inputLen) { + SHABlock output; + SHABlock::computeHmac(key, keyLen, input, inputLen, &output); + return output; + } + + /** + * Computes a HMAC keyed hash of 'input' using the key 'key'. Writes the results into + * a pre-allocated SHABlock. This lets us allocate SHABlocks with the SecureAllocator. + */ + static void computeHmac(const uint8_t* key, + size_t keyLen, + const uint8_t* input, + size_t inputLen, + SHABlock* const output) { + return Traits::computeHmac(key, keyLen, input, inputLen, &(output->_hash)); + } + + const uint8_t* data() const& { + return _hash.data(); + } + + uint8_t* data() && = delete; + + ConstDataRange toCDR() && = delete; + + ConstDataRange toCDR() const& { + return ConstDataRange(reinterpret_cast<const char*>(_hash.data()), kHashLength); + } + + size_t size() const { + return _hash.size(); + } + + /** + * Make a new SHABlock from a BSON BinData value. + */ + static StatusWith<SHABlock> fromBinData(const BSONBinData& binData) { + if (binData.type != BinDataGeneral) { + return {ErrorCodes::UnsupportedFormat, + str::stream() << Traits::name << " only accepts BinDataGeneral type"}; + } + + if (binData.length != kHashLength) { + return {ErrorCodes::UnsupportedFormat, + str::stream() << "Unsupported " << Traits::name << " hash length: " + << binData.length}; + } + + HashType newHash; + memcpy(newHash.data(), binData.data, binData.length); + return SHABlock(newHash); + } + + /** + * Make a new SHABlock from a vector of bytes representing bindata. For IDL. + */ + static SHABlock fromBinData(const std::vector<unsigned char>& bytes) { + HashType newHash; + uassert(ErrorCodes::UnsupportedFormat, + str::stream() << "Unsupported " << Traits::name << " hash length: " << bytes.size(), + bytes.size() == kHashLength); + memcpy(newHash.data(), bytes.data(), bytes.size()); + return SHABlock(newHash); + } + + /** + * Append this to a builder using the given name as a BSON BinData type value. + */ + void appendAsBinData(BSONObjBuilder& builder, StringData fieldName) const { + builder.appendBinData(fieldName, _hash.size(), BinDataGeneral, _hash.data()); + } + + /** + * Do a bitwise xor against another SHABlock and replace the current contents of this block + * with the result. + */ + void xorInline(const SHABlock& other) { + for (size_t x = 0; x < _hash.size(); x++) { + _hash[x] ^= other._hash[x]; + } + } + + /** + * Base64 encoding of the sha block as a string. + */ + std::string toString() const { + return base64::encode(reinterpret_cast<const char*>(_hash.data()), _hash.size()); + } + + bool operator==(const SHABlock& other) const { + return consttimeMemEqual(this->_hash.data(), other._hash.data(), kHashLength); + } + + bool operator!=(const SHABlock& other) const { + return !(*this == other); + } + +private: + // The backing array of bytes for the sha block + HashType _hash; +}; + +template <typename T> +constexpr size_t SHABlock<T>::kHashLength; + +template <typename Traits> +std::ostream& operator<<(std::ostream& os, const SHABlock<Traits>& sha) { + return os << sha.toString(); +} + +} // namespace mongo diff --git a/src/mongo/crypto/sha_block_openssl.cpp b/src/mongo/crypto/sha_block_openssl.cpp new file mode 100644 index 00000000000..dce8ca88427 --- /dev/null +++ b/src/mongo/crypto/sha_block_openssl.cpp @@ -0,0 +1,135 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#include "mongo/platform/basic.h" + +#include "mongo/crypto/sha1_block.h" +#include "mongo/crypto/sha256_block.h" + +#include "mongo/config.h" +#include "mongo/stdx/memory.h" +#include "mongo/util/assert_util.h" + +#ifndef MONGO_CONFIG_SSL +#error This file should only be included in SSL-enabled builds +#endif + +#include <cstring> +#include <openssl/evp.h> +#include <openssl/hmac.h> +#include <openssl/sha.h> + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +namespace { +// Copies of OpenSSL after 1.1.0 define new EVP digest routines. We must +// polyfill used definitions to interact with older OpenSSL versions. +EVP_MD_CTX* EVP_MD_CTX_new() { + void* ret = OPENSSL_malloc(sizeof(EVP_MD_CTX)); + + if (ret != NULL) { + memset(ret, 0, sizeof(EVP_MD_CTX)); + } + return static_cast<EVP_MD_CTX*>(ret); +} + +void EVP_MD_CTX_free(EVP_MD_CTX* ctx) { + EVP_MD_CTX_cleanup(ctx); + OPENSSL_free(ctx); +} +} // namespace +#endif + +namespace mongo { + +namespace { + +/* + * Computes a SHA hash of 'input'. + */ +template <typename HashType> +HashType computeHashImpl(const EVP_MD* md, std::initializer_list<ConstDataRange> input) { + HashType output; + + std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_free)> digestCtx(EVP_MD_CTX_new(), + EVP_MD_CTX_free); + + fassert(40379, + EVP_DigestInit_ex(digestCtx.get(), md, NULL) == 1 && + std::all_of(begin(input), + end(input), + [&](const auto& i) { + return EVP_DigestUpdate(digestCtx.get(), i.data(), i.length()) == 1; + }) && + EVP_DigestFinal_ex(digestCtx.get(), output.data(), NULL) == 1); + return output; +} + +/* + * Computes a HMAC SHA'd keyed hash of 'input' using the key 'key', writes output into 'output'. + */ +template <typename HashType> +void computeHmacImpl(const EVP_MD* md, + const uint8_t* key, + size_t keyLen, + const uint8_t* input, + size_t inputLen, + HashType* const output) { + fassert(40380, HMAC(md, key, keyLen, input, inputLen, output->data(), NULL) != NULL); +} + +} // namespace + +SHA1BlockTraits::HashType SHA1BlockTraits::computeHash( + std::initializer_list<ConstDataRange> input) { + return computeHashImpl<SHA1BlockTraits::HashType>(EVP_sha1(), input); +} + +SHA256BlockTraits::HashType SHA256BlockTraits::computeHash( + std::initializer_list<ConstDataRange> input) { + return computeHashImpl<SHA256BlockTraits::HashType>(EVP_sha256(), input); +} + +void SHA1BlockTraits::computeHmac(const uint8_t* key, + size_t keyLen, + const uint8_t* input, + size_t inputLen, + SHA1BlockTraits::HashType* const output) { + return computeHmacImpl<SHA1BlockTraits::HashType>( + EVP_sha1(), key, keyLen, input, inputLen, output); +} + +void SHA256BlockTraits::computeHmac(const uint8_t* key, + size_t keyLen, + const uint8_t* input, + size_t inputLen, + SHA256BlockTraits::HashType* const output) { + return computeHmacImpl<SHA256BlockTraits::HashType>( + EVP_sha256(), key, keyLen, input, inputLen, output); +} + +} // namespace mongo diff --git a/src/mongo/crypto/sha_block_tom.cpp b/src/mongo/crypto/sha_block_tom.cpp new file mode 100644 index 00000000000..20e11d34ce8 --- /dev/null +++ b/src/mongo/crypto/sha_block_tom.cpp @@ -0,0 +1,127 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#include "mongo/platform/basic.h" + +#include "mongo/crypto/sha1_block.h" +#include "mongo/crypto/sha256_block.h" + +#include "mongo/config.h" +#include "mongo/util/assert_util.h" + +#ifdef MONGO_CONFIG_SSL +#error This file should not be included if compiling with SSL support +#endif + +#include "tomcrypt.h" + +namespace mongo { + +namespace { + +/** + * Computes a SHA hash of 'input'. + */ +template <typename HashType, + int (*Init)(hash_state*), + int (*Process)(hash_state*, const unsigned char*, unsigned long), + int (*Done)(hash_state*, unsigned char*)> +HashType computeHashImpl(std::initializer_list<ConstDataRange> input) { + HashType output; + + hash_state hashState; + fassert(40381, + Init(&hashState) == CRYPT_OK && + std::all_of(begin(input), + end(input), + [&](const auto& i) { + return Process(&hashState, + reinterpret_cast<const unsigned char*>(i.data()), + i.length()) == CRYPT_OK; + }) && + Done(&hashState, output.data()) == CRYPT_OK); + return output; +} + +/* + * Computes a HMAC SHA'd keyed hash of 'input' using the key 'key', writes output into 'output'. + */ +template <typename HashType> +void computeHmacImpl(const ltc_hash_descriptor* desc, + const uint8_t* key, + size_t keyLen, + const uint8_t* input, + size_t inputLen, + HashType* const output) { + invariant(key && input); + + static const struct Magic { + Magic(const ltc_hash_descriptor* desc) { + register_hash(desc); + hashId = find_hash(desc->name); + } + + int hashId; + } magic(desc); + + unsigned long shaHashLen = sizeof(HashType); + fassert(40382, + hmac_memory(magic.hashId, key, keyLen, input, inputLen, output->data(), &shaHashLen) == + CRYPT_OK); +} + +} // namespace + +SHA1BlockTraits::HashType SHA1BlockTraits::computeHash( + std::initializer_list<ConstDataRange> input) { + return computeHashImpl<SHA1BlockTraits::HashType, sha1_init, sha1_process, sha1_done>(input); +} + +SHA256BlockTraits::HashType SHA256BlockTraits::computeHash( + std::initializer_list<ConstDataRange> input) { + return computeHashImpl<SHA256BlockTraits::HashType, sha256_init, sha256_process, sha256_done>( + input); +} + +void SHA1BlockTraits::computeHmac(const uint8_t* key, + size_t keyLen, + const uint8_t* input, + size_t inputLen, + HashType* const output) { + return computeHmacImpl<HashType>(&sha1_desc, key, keyLen, input, inputLen, output); +} + +void SHA256BlockTraits::computeHmac(const uint8_t* key, + size_t keyLen, + const uint8_t* input, + size_t inputLen, + HashType* const output) { + return computeHmacImpl<HashType>(&sha256_desc, key, keyLen, input, inputLen, output); +} + +} // namespace mongo diff --git a/src/mongo/crypto/tom/SConscript b/src/mongo/crypto/tom/SConscript deleted file mode 100644 index 4a888bd282b..00000000000 --- a/src/mongo/crypto/tom/SConscript +++ /dev/null @@ -1,24 +0,0 @@ -# -*- mode: python -*- - -Import("env") - -env = env.Clone() - -env.Library('tomcrypt', - ['crypt_argchk.c', - 'crypt_find_hash.c', - 'crypt_hash_descriptor.c', - 'crypt_hash_is_valid.c', - 'crypt_register_hash.c', - 'hash_memory.c', - 'hmac_done.c', - 'hmac_init.c', - 'hmac_memory.c', - 'hmac_process.c', - 'sha1.c', - 'zeromem.c'], - LIBDEPS=[], - LIBDEPS_TAGS=[ - 'init-no-global-side-effects', - ], -) diff --git a/src/mongo/crypto/tom/crypt_argchk.c b/src/mongo/crypto/tom/crypt_argchk.c deleted file mode 100644 index b3a08d4fd1e..00000000000 --- a/src/mongo/crypto/tom/crypt_argchk.c +++ /dev/null @@ -1,30 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ -#include "tomcrypt.h" -#include <signal.h> - -/** - @file crypt_argchk.c - Perform argument checking, Tom St Denis -*/ - -#if (ARGTYPE == 0) -void crypt_argchk(const char *v, const char *s, int d) -{ - fprintf(stderr, "LTC_ARGCHK '%s' failure on line %d of file %s\n", - v, d, s); - (void)raise(SIGABRT); -} -#endif - -/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_argchk.c,v $ */ -/* $Revision: 1.5 $ */ -/* $Date: 2006/12/28 01:27:24 $ */ diff --git a/src/mongo/crypto/tom/crypt_find_hash.c b/src/mongo/crypto/tom/crypt_find_hash.c deleted file mode 100644 index d0056d103d6..00000000000 --- a/src/mongo/crypto/tom/crypt_find_hash.c +++ /dev/null @@ -1,40 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ -#include "tomcrypt.h" - -/** - @file crypt_find_hash.c - Find a hash, Tom St Denis -*/ - -/** - Find a registered hash by name - @param name The name of the hash to look for - @return >= 0 if found, -1 if not presen -*/ -int find_hash(const char *name) -{ - int x; - LTC_ARGCHK(name != NULL); - LTC_MUTEX_LOCK(<c_hash_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if (hash_descriptor[x].name != NULL && XSTRCMP(hash_descriptor[x].name, name) == 0) { - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return x; - } - } - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return -1; -} - -/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_find_hash.c,v $ */ -/* $Revision: 1.7 $ */ -/* $Date: 2006/12/28 01:27:24 $ */ diff --git a/src/mongo/crypto/tom/crypt_hash_descriptor.c b/src/mongo/crypto/tom/crypt_hash_descriptor.c deleted file mode 100644 index eef281340f1..00000000000 --- a/src/mongo/crypto/tom/crypt_hash_descriptor.c +++ /dev/null @@ -1,27 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ -#include "tomcrypt.h" - -/** - @file crypt_hash_descriptor.c - Stores the hash descriptor table, Tom St Denis -*/ - -struct ltc_hash_descriptor hash_descriptor[TAB_SIZE] = { -{ NULL, 0, 0, 0, { 0 }, 0, NULL, NULL, NULL, NULL, NULL } -}; - -LTC_MUTEX_GLOBAL(ltc_hash_mutex) - - -/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_hash_descriptor.c,v $ */ -/* $Revision: 1.10 $ */ -/* $Date: 2006/12/28 01:27:24 $ */ diff --git a/src/mongo/crypto/tom/crypt_hash_is_valid.c b/src/mongo/crypto/tom/crypt_hash_is_valid.c deleted file mode 100644 index 107f70f35cc..00000000000 --- a/src/mongo/crypto/tom/crypt_hash_is_valid.c +++ /dev/null @@ -1,36 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ -#include "tomcrypt.h" - -/** - @file crypt_hash_is_valid.c - Determine if hash is valid, Tom St Denis -*/ - -/* - Test if a hash index is valid - @param idx The index of the hash to search for - @return CRYPT_OK if valid -*/ -int hash_is_valid(int idx) -{ - LTC_MUTEX_LOCK(<c_hash_mutex); - if (idx < 0 || idx >= TAB_SIZE || hash_descriptor[idx].name == NULL) { - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return CRYPT_INVALID_HASH; - } - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return CRYPT_OK; -} - -/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_hash_is_valid.c,v $ */ -/* $Revision: 1.6 $ */ -/* $Date: 2006/12/28 01:27:24 $ */ diff --git a/src/mongo/crypto/tom/crypt_register_hash.c b/src/mongo/crypto/tom/crypt_register_hash.c deleted file mode 100644 index ffdba10f263..00000000000 --- a/src/mongo/crypto/tom/crypt_register_hash.c +++ /dev/null @@ -1,54 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ -#include "tomcrypt.h" - -/** - @file crypt_register_hash.c - Register a HASH, Tom St Denis -*/ - -/** - Register a hash with the descriptor table - @param hash The hash you wish to register - @return value >= 0 if successfully added (or already present), -1 if unsuccessful -*/ -int register_hash(const struct ltc_hash_descriptor *hash) -{ - int x; - - LTC_ARGCHK(hash != NULL); - - /* is it already registered? */ - LTC_MUTEX_LOCK(<c_hash_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if (XMEMCMP(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)) == 0) { - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return x; - } - } - - /* find a blank spot */ - for (x = 0; x < TAB_SIZE; x++) { - if (hash_descriptor[x].name == NULL) { - XMEMCPY(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)); - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return x; - } - } - - /* no spot */ - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return -1; -} - -/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_register_hash.c,v $ */ -/* $Revision: 1.7 $ */ -/* $Date: 2006/12/28 01:27:24 $ */ diff --git a/src/mongo/crypto/tom/hash_memory.c b/src/mongo/crypto/tom/hash_memory.c deleted file mode 100644 index d0c467d22c9..00000000000 --- a/src/mongo/crypto/tom/hash_memory.c +++ /dev/null @@ -1,69 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ -#include "tomcrypt.h" - -/** - @file hash_memory.c - Hash memory helper, Tom St Denis -*/ - -/** - Hash a block of memory and store the digest. - @param hash The index of the hash you wish to use - @param in The data you wish to hash - @param inlen The length of the data to hash (octets) - @param out [out] Where to store the diges - @param outlen [in/out] Max size and resulting size of the diges - @return CRYPT_OK if successful -*/ -int hash_memory(int hash, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) -{ - hash_state *md; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - if (*outlen < hash_descriptor[hash].hashsize) { - *outlen = hash_descriptor[hash].hashsize; - return CRYPT_BUFFER_OVERFLOW; - } - - md = (hash_state*)XMALLOC(sizeof(hash_state)); - if (md == NULL) { - return CRYPT_MEM; - } - - if ((err = hash_descriptor[hash].init(md)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash].process(md, in, inlen)) != CRYPT_OK) { - goto LBL_ERR; - } - err = hash_descriptor[hash].done(md, out); - *outlen = hash_descriptor[hash].hashsize; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(md, sizeof(hash_state)); -#endif - XFREE(md); - - return err; -} - -/* $Source: /cvs/libtom/libtomcrypt/src/hashes/helper/hash_memory.c,v $ */ -/* $Revision: 1.6 $ */ -/* $Date: 2006/12/28 01:27:23 $ */ diff --git a/src/mongo/crypto/tom/hmac_done.c b/src/mongo/crypto/tom/hmac_done.c deleted file mode 100644 index d50a6f7a2ce..00000000000 --- a/src/mongo/crypto/tom/hmac_done.c +++ /dev/null @@ -1,109 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ -#include "tomcrypt.h" - -/** - @file hmac_done.c - LTC_HMAC support, terminate stream, Tom St Denis/Dobes Vandermeer -*/ - -#ifdef LTC_HMAC - -#define LTC_HMAC_BLOCKSIZE hash_descriptor[hash].blocksize - -/** - Terminate an LTC_HMAC session - @param hmac The LTC_HMAC state - @param out [out] The destination of the LTC_HMAC authentication tag - @param outlen [in/out] The max size and resulting size of the LTC_HMAC authentication tag - @return CRYPT_OK if successful -*/ -int hmac_done(hmac_state *hmac, unsigned char *out, unsigned long *outlen) -{ - unsigned char *buf, *isha; - unsigned long hashsize, i; - int hash, err; - - LTC_ARGCHK(hmac != NULL); - LTC_ARGCHK(out != NULL); - - /* test hash */ - hash = hmac->hash; - if((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - /* get the hash message digest size */ - hashsize = hash_descriptor[hash].hashsize; - - /* allocate buffers */ - buf = (unsigned char*)XMALLOC(LTC_HMAC_BLOCKSIZE); - isha = (unsigned char*)XMALLOC(hashsize); - if (buf == NULL || isha == NULL) { - if (buf != NULL) { - XFREE(buf); - } - if (isha != NULL) { - XFREE(isha); - } - return CRYPT_MEM; - } - - /* Get the hash of the first LTC_HMAC vector plus the data */ - if ((err = hash_descriptor[hash].done(&hmac->md, isha)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* Create the second LTC_HMAC vector vector for step (3) */ - for(i=0; i < LTC_HMAC_BLOCKSIZE; i++) { - buf[i] = hmac->key[i] ^ 0x5C; - } - - /* Now calculate the "outer" hash for step (5), (6), and (7) */ - if ((err = hash_descriptor[hash].init(&hmac->md)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash].process(&hmac->md, buf, LTC_HMAC_BLOCKSIZE)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash].process(&hmac->md, isha, hashsize)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash].done(&hmac->md, buf)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* copy to output */ - for (i = 0; i < hashsize && i < *outlen; i++) { - out[i] = buf[i]; - } - *outlen = i; - - err = CRYPT_OK; -LBL_ERR: - XFREE(hmac->key); -#ifdef LTC_CLEAN_STACK - zeromem(isha, hashsize); - zeromem(buf, hashsize); - zeromem(hmac, sizeof(*hmac)); -#endif - - XFREE(isha); - XFREE(buf); - - return err; -} - -#endif - -/* $Source: /cvs/libtom/libtomcrypt/src/mac/hmac/hmac_done.c,v $ */ -/* $Revision: 1.7 $ */ -/* $Date: 2007/05/12 14:37:41 $ */ diff --git a/src/mongo/crypto/tom/hmac_init.c b/src/mongo/crypto/tom/hmac_init.c deleted file mode 100644 index aa211864681..00000000000 --- a/src/mongo/crypto/tom/hmac_init.c +++ /dev/null @@ -1,112 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ -#include "tomcrypt.h" - -/** - @file hmac_init.c - LTC_HMAC support, initialize state, Tom St Denis/Dobes Vandermeer -*/ - -#ifdef LTC_HMAC - -#define LTC_HMAC_BLOCKSIZE hash_descriptor[hash].blocksize - -/** - Initialize an LTC_HMAC context. - @param hmac The LTC_HMAC state - @param hash The index of the hash you want to use - @param key The secret key - @param keylen The length of the secret key (octets) - @return CRYPT_OK if successful -*/ -int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned long keylen) -{ - unsigned char *buf; - unsigned long hashsize; - unsigned long i, z; - int err; - - LTC_ARGCHK(hmac != NULL); - LTC_ARGCHK(key != NULL); - - /* valid hash? */ - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - hmac->hash = hash; - hashsize = hash_descriptor[hash].hashsize; - - /* valid key length? */ - if (keylen == 0) { - return CRYPT_INVALID_KEYSIZE; - } - - /* allocate ram for buf */ - buf = (unsigned char*)XMALLOC(LTC_HMAC_BLOCKSIZE); - if (buf == NULL) { - return CRYPT_MEM; - } - - /* allocate memory for key */ - hmac->key = (unsigned char*)XMALLOC(LTC_HMAC_BLOCKSIZE); - if (hmac->key == NULL) { - XFREE(buf); - return CRYPT_MEM; - } - - /* (1) make sure we have a large enough key */ - if(keylen > LTC_HMAC_BLOCKSIZE) { - z = LTC_HMAC_BLOCKSIZE; - if ((err = hash_memory(hash, key, keylen, hmac->key, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - if(hashsize < LTC_HMAC_BLOCKSIZE) { - zeromem((hmac->key) + hashsize, (size_t)(LTC_HMAC_BLOCKSIZE - hashsize)); - } - keylen = hashsize; - } else { - XMEMCPY(hmac->key, key, (size_t)keylen); - if(keylen < LTC_HMAC_BLOCKSIZE) { - zeromem((hmac->key) + keylen, (size_t)(LTC_HMAC_BLOCKSIZE - keylen)); - } - } - - /* Create the initial vector for step (3) */ - for(i=0; i < LTC_HMAC_BLOCKSIZE; i++) { - buf[i] = hmac->key[i] ^ 0x36; - } - - /* Pre-pend that to the hash data */ - if ((err = hash_descriptor[hash].init(&hmac->md)) != CRYPT_OK) { - goto LBL_ERR; - } - - if ((err = hash_descriptor[hash].process(&hmac->md, buf, LTC_HMAC_BLOCKSIZE)) != CRYPT_OK) { - goto LBL_ERR; - } - goto done; -LBL_ERR: - /* free the key since we failed */ - XFREE(hmac->key); -done: -#ifdef LTC_CLEAN_STACK - zeromem(buf, LTC_HMAC_BLOCKSIZE); -#endif - - XFREE(buf); - return err; -} - -#endif - -/* $Source: /cvs/libtom/libtomcrypt/src/mac/hmac/hmac_init.c,v $ */ -/* $Revision: 1.7 $ */ -/* $Date: 2007/05/12 14:37:41 $ */ diff --git a/src/mongo/crypto/tom/hmac_memory.c b/src/mongo/crypto/tom/hmac_memory.c deleted file mode 100644 index 3f7545137f4..00000000000 --- a/src/mongo/crypto/tom/hmac_memory.c +++ /dev/null @@ -1,88 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ -#include "tomcrypt.h" - -/** - @file hmac_memory.c - LTC_HMAC support, process a block of memory, Tom St Denis/Dobes Vandermeer -*/ - -#ifdef LTC_HMAC - -/** - LTC_HMAC a block of memory to produce the authentication tag - @param hash The index of the hash to use - @param key The secret key - @param keylen The length of the secret key (octets) - @param in The data to LTC_HMAC - @param inlen The length of the data to LTC_HMAC (octets) - @param out [out] Destination of the authentication tag - @param outlen [in/out] Max size and resulting size of authentication tag - @return CRYPT_OK if successful -*/ -int hmac_memory(int hash, - const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - hmac_state *hmac; - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* make sure hash descriptor is valid */ - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - /* is there a descriptor? */ - if (hash_descriptor[hash].hmac_block != NULL) { - return hash_descriptor[hash].hmac_block(key, keylen, in, inlen, out, outlen); - } - - /* nope, so call the hmac functions */ - /* allocate ram for hmac state */ - hmac = (hmac_state*)XMALLOC(sizeof(hmac_state)); - if (hmac == NULL) { - return CRYPT_MEM; - } - - if ((err = hmac_init(hmac, hash, key, keylen)) != CRYPT_OK) { - goto LBL_ERR; - } - - if ((err = hmac_process(hmac, in, inlen)) != CRYPT_OK) { - goto LBL_ERR; - } - - if ((err = hmac_done(hmac, out, outlen)) != CRYPT_OK) { - goto LBL_ERR; - } - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(hmac, sizeof(hmac_state)); -#endif - - XFREE(hmac); - return err; -} - -#endif - - -/* $Source: /cvs/libtom/libtomcrypt/src/mac/hmac/hmac_memory.c,v $ */ -/* $Revision: 1.8 $ */ -/* $Date: 2007/05/12 14:37:41 $ */ diff --git a/src/mongo/crypto/tom/hmac_process.c b/src/mongo/crypto/tom/hmac_process.c deleted file mode 100644 index 68cd98b310a..00000000000 --- a/src/mongo/crypto/tom/hmac_process.c +++ /dev/null @@ -1,43 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ -#include "tomcrypt.h" - -/** - @file hmac_process.c - LTC_HMAC support, process data, Tom St Denis/Dobes Vandermeer -*/ - -#ifdef LTC_HMAC - -/** - Process data through LTC_HMAC - @param hmac The hmac state - @param in The data to send through LTC_HMAC - @param inlen The length of the data to LTC_HMAC (octets) - @return CRYPT_OK if successful -*/ -int hmac_process(hmac_state *hmac, const unsigned char *in, unsigned long inlen) -{ - int err; - LTC_ARGCHK(hmac != NULL); - LTC_ARGCHK(in != NULL); - if ((err = hash_is_valid(hmac->hash)) != CRYPT_OK) { - return err; - } - return hash_descriptor[hmac->hash].process(&hmac->md, in, inlen); -} - -#endif - - -/* $Source: /cvs/libtom/libtomcrypt/src/mac/hmac/hmac_process.c,v $ */ -/* $Revision: 1.7 $ */ -/* $Date: 2007/05/12 14:37:41 $ */ diff --git a/src/mongo/crypto/tom/sha1.c b/src/mongo/crypto/tom/sha1.c deleted file mode 100644 index 15cac46800b..00000000000 --- a/src/mongo/crypto/tom/sha1.c +++ /dev/null @@ -1,288 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ -#include "tomcrypt.h" - -/** - @file sha1.c - LTC_SHA1 code by Tom St Denis -*/ - - -#ifdef LTC_SHA1 - -const struct ltc_hash_descriptor sha1_desc = -{ - "sha1", - 2, - 20, - 64, - - /* OID */ - { 1, 3, 14, 3, 2, 26, }, - 6, - - &sha1_init, - &sha1_process, - &sha1_done, - &sha1_test, - NULL -}; - -#define F0(x,y,z) (z ^ (x & (y ^ z))) -#define F1(x,y,z) (x ^ y ^ z) -#define F2(x,y,z) ((x & y) | (z & (x | y))) -#define F3(x,y,z) (x ^ y ^ z) - -#ifdef LTC_CLEAN_STACK -static int _sha1_compress(hash_state *md, unsigned char *buf) -#else -static int sha1_compress(hash_state *md, unsigned char *buf) -#endif -{ - ulong32 a,b,c,d,e,W[80],i; -#ifdef LTC_SMALL_CODE - ulong32 t; -#endif - - /* copy the state into 512-bits into W[0..15] */ - for (i = 0; i < 16; i++) { - LOAD32H(W[i], buf + (4*i)); - } - - /* copy state */ - a = md->sha1.state[0]; - b = md->sha1.state[1]; - c = md->sha1.state[2]; - d = md->sha1.state[3]; - e = md->sha1.state[4]; - - /* expand it */ - for (i = 16; i < 80; i++) { - W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1); - } - - /* compress */ - /* round one */ - #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); - #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); - #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); - #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); - -#ifdef LTC_SMALL_CODE - - for (i = 0; i < 20; ) { - FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } - - for (; i < 40; ) { - FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } - - for (; i < 60; ) { - FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } - - for (; i < 80; ) { - FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } - -#else - - for (i = 0; i < 20; ) { - FF0(a,b,c,d,e,i++); - FF0(e,a,b,c,d,i++); - FF0(d,e,a,b,c,i++); - FF0(c,d,e,a,b,i++); - FF0(b,c,d,e,a,i++); - } - - /* round two */ - for (; i < 40; ) { - FF1(a,b,c,d,e,i++); - FF1(e,a,b,c,d,i++); - FF1(d,e,a,b,c,i++); - FF1(c,d,e,a,b,i++); - FF1(b,c,d,e,a,i++); - } - - /* round three */ - for (; i < 60; ) { - FF2(a,b,c,d,e,i++); - FF2(e,a,b,c,d,i++); - FF2(d,e,a,b,c,i++); - FF2(c,d,e,a,b,i++); - FF2(b,c,d,e,a,i++); - } - - /* round four */ - for (; i < 80; ) { - FF3(a,b,c,d,e,i++); - FF3(e,a,b,c,d,i++); - FF3(d,e,a,b,c,i++); - FF3(c,d,e,a,b,i++); - FF3(b,c,d,e,a,i++); - } -#endif - - #undef FF0 - #undef FF1 - #undef FF2 - #undef FF3 - - /* store */ - md->sha1.state[0] = md->sha1.state[0] + a; - md->sha1.state[1] = md->sha1.state[1] + b; - md->sha1.state[2] = md->sha1.state[2] + c; - md->sha1.state[3] = md->sha1.state[3] + d; - md->sha1.state[4] = md->sha1.state[4] + e; - - return CRYPT_OK; -} - -#ifdef LTC_CLEAN_STACK -static int sha1_compress(hash_state *md, unsigned char *buf) -{ - int err; - err = _sha1_compress(md, buf); - burn_stack(sizeof(ulong32) * 87); - return err; -} -#endif - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int sha1_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - md->sha1.state[0] = 0x67452301UL; - md->sha1.state[1] = 0xefcdab89UL; - md->sha1.state[2] = 0x98badcfeUL; - md->sha1.state[3] = 0x10325476UL; - md->sha1.state[4] = 0xc3d2e1f0UL; - md->sha1.curlen = 0; - md->sha1.length = 0; - return CRYPT_OK; -} - -/** - Process a block of memory though the hash - @param md The hash state - @param in The data to hash - @param inlen The length of the data (octets) - @return CRYPT_OK if successful -*/ -HASH_PROCESS(sha1_process, sha1_compress, sha1, 64) - -/** - Terminate the hash to get the diges - @param md The hash state - @param out [out] The destination of the hash (20 bytes) - @return CRYPT_OK if successful -*/ -int sha1_done(hash_state * md, unsigned char *out) -{ - int i; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->sha1.curlen >= sizeof(md->sha1.buf)) { - return CRYPT_INVALID_ARG; - } - - /* increase the length of the message */ - md->sha1.length += md->sha1.curlen * 8; - - /* append the '1' bit */ - md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80; - - /* if the length is currently above 56 bytes we append zeros - * then compress. Then we can fall back to padding zeros and length - * encoding like normal. - */ - if (md->sha1.curlen > 56) { - while (md->sha1.curlen < 64) { - md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; - } - sha1_compress(md, md->sha1.buf); - md->sha1.curlen = 0; - } - - /* pad upto 56 bytes of zeroes */ - while (md->sha1.curlen < 56) { - md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; - } - - /* store length */ - STORE64H(md->sha1.length, md->sha1.buf+56); - sha1_compress(md, md->sha1.buf); - - /* copy output */ - for (i = 0; i < 5; i++) { - STORE32H(md->sha1.state[i], out+(4*i)); - } -#ifdef LTC_CLEAN_STACK - zeromem(md, sizeof(hash_state)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int sha1_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - static const struct { - const char *msg; - unsigned char hash[20]; - } tests[] = { - { "abc", - { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, - 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, - 0x9c, 0xd0, 0xd8, 0x9d } - }, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, - 0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, - 0xE5, 0x46, 0x70, 0xF1 } - } - }; - - int i; - unsigned char tmp[20]; - hash_state md; - - for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { - sha1_init(&md); - sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - sha1_done(&md, tmp); - if (XMEMCMP(tmp, tests[i].hash, 20) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; - #endif -} - -#endif - - - -/* $Source: /cvs/libtom/libtomcrypt/src/hashes/sha1.c,v $ */ -/* $Revision: 1.10 $ */ -/* $Date: 2007/05/12 14:25:28 $ */ diff --git a/src/mongo/crypto/tom/tomcrypt.h b/src/mongo/crypto/tom/tomcrypt.h deleted file mode 100644 index aa4d5c02df5..00000000000 --- a/src/mongo/crypto/tom/tomcrypt.h +++ /dev/null @@ -1,104 +0,0 @@ -/* Copyright 2014 MongoDB Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TOMCRYPT_H_ -#define TOMCRYPT_H_ -#include <assert.h> -#include <ctype.h> -#include <limits.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> - -/* use configuration data */ -#include "tomcrypt_custom.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* version */ -#define CRYPT 0x0117 -#define SCRYPT "1.17" - -/* max size of either a cipher/hash block or symmetric key [largest of the two] */ -#define MAXBLOCKSIZE 128 - -/* descriptor table size */ -#define TAB_SIZE 32 - -/* error codes [will be expanded in future releases] */ -enum { - CRYPT_OK = 0, /* Result OK */ - CRYPT_ERROR, /* Generic Error */ - CRYPT_NOP, /* Not a failure but no operation was performed */ - - CRYPT_INVALID_KEYSIZE, /* Invalid key size given */ - CRYPT_INVALID_ROUNDS, /* Invalid number of rounds */ - CRYPT_FAIL_TESTVECTOR, /* Algorithm failed test vectors */ - - CRYPT_BUFFER_OVERFLOW, /* Not enough space for output */ - CRYPT_INVALID_PACKET, /* Invalid input packet given */ - - CRYPT_INVALID_PRNGSIZE, /* Invalid number of bits for a PRNG */ - CRYPT_ERROR_READPRNG, /* Could not read enough from PRNG */ - - CRYPT_INVALID_CIPHER, /* Invalid cipher specified */ - CRYPT_INVALID_HASH, /* Invalid hash specified */ - CRYPT_INVALID_PRNG, /* Invalid PRNG specified */ - - CRYPT_MEM, /* Out of memory */ - - CRYPT_PK_TYPE_MISMATCH, /* Not equivalent types of PK keys */ - CRYPT_PK_NOT_PRIVATE, /* Requires a private PK key */ - - CRYPT_INVALID_ARG, /* Generic invalid argument */ - CRYPT_FILE_NOTFOUND, /* File Not Found */ - - CRYPT_PK_INVALID_TYPE, /* Invalid type of PK key */ - CRYPT_PK_INVALID_SYSTEM, /* Invalid PK system specified */ - CRYPT_PK_DUP, /* Duplicate key already in key ring */ - CRYPT_PK_NOT_FOUND, /* Key not found in keyring */ - CRYPT_PK_INVALID_SIZE, /* Invalid size input for PK parameters */ - - CRYPT_INVALID_PRIME_SIZE, /* Invalid size of prime requested */ - CRYPT_PK_INVALID_PADDING /* Invalid padding on input */ -}; - -// clang-format off -#include "tomcrypt_cfg.h" -#include "tomcrypt_macros.h" -#include "tomcrypt_cipher.h" -#include "tomcrypt_hash.h" -#include "tomcrypt_mac.h" -//#include <tomcrypt_prng.h> -//#include <tomcrypt_pk.h> -//#include <tomcrypt_math.h> -#include "tomcrypt_misc.h" -#include "tomcrypt_argchk.h" -//#include <tomcrypt_pkcs.h> -// clang-format on - -#ifdef __cplusplus -} -#endif - -#endif /* TOMCRYPT_H_ */ - - -/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt.h,v $ */ -/* $Revision: 1.21 $ */ -/* $Date: 2006/12/16 19:34:05 $ */ diff --git a/src/mongo/crypto/tom/tomcrypt_argchk.h b/src/mongo/crypto/tom/tomcrypt_argchk.h deleted file mode 100644 index 895402552f5..00000000000 --- a/src/mongo/crypto/tom/tomcrypt_argchk.h +++ /dev/null @@ -1,63 +0,0 @@ -/* Copyright 2014 MongoDB Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* Defines the LTC_ARGCHK macro used within the library */ -/* ARGTYPE is defined in mycrypt_cfg.h */ -#if ARGTYPE == 0 - -#include <signal.h> - -/* this is the default LibTomCrypt macro */ -void crypt_argchk(const char* v, const char* s, int d); -#define LTC_ARGCHK(x) \ - if (!(x)) { \ - crypt_argchk(#x, __FILE__, __LINE__); \ - } -#define LTC_ARGCHKVD(x) LTC_ARGCHK(x) - -#elif ARGTYPE == 1 - -/* fatal type of error */ -#define LTC_ARGCHK(x) assert((x)) -#define LTC_ARGCHKVD(x) LTC_ARGCHK(x) - -#elif ARGTYPE == 2 - -#define LTC_ARGCHK(x) \ - if (!(x)) { \ - fprintf(stderr, "\nwarning: ARGCHK failed at %s:%d\n", __FILE__, __LINE__); \ - } -#define LTC_ARGCHKVD(x) LTC_ARGCHK(x) - -#elif ARGTYPE == 3 - -#define LTC_ARGCHK(x) -#define LTC_ARGCHKVD(x) LTC_ARGCHK(x) - -#elif ARGTYPE == 4 - -#define LTC_ARGCHK(x) \ - if (!(x)) \ - return CRYPT_INVALID_ARG; -#define LTC_ARGCHKVD(x) \ - if (!(x)) \ - return; - -#endif - - -/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_argchk.h,v $ */ -/* $Revision: 1.5 $ */ -/* $Date: 2006/08/27 20:50:21 $ */ diff --git a/src/mongo/crypto/tom/tomcrypt_cfg.h b/src/mongo/crypto/tom/tomcrypt_cfg.h deleted file mode 100644 index 37dc04780d9..00000000000 --- a/src/mongo/crypto/tom/tomcrypt_cfg.h +++ /dev/null @@ -1,160 +0,0 @@ -/* Copyright 2014 MongoDB Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* This is the build config file. - * - * With this you can setup what to inlcude/exclude automatically during any build. Just comment - * out the line that #define's the word for the thing you want to remove. phew! - */ - -#ifndef TOMCRYPT_CFG_H -#define TOMCRYPT_CFG_H - -#if defined(_WIN32) || defined(_MSC_VER) -#define LTC_CALL __cdecl -#else -#ifndef LTC_CALL -#define LTC_CALL -#endif -#endif - -#ifndef LTC_EXPORT -#define LTC_EXPORT -#endif - -/* certain platforms use macros for these, making the prototypes broken */ -#ifndef LTC_NO_PROTOTYPES - -/* you can change how memory allocation works ... */ -LTC_EXPORT void* LTC_CALL XMALLOC(size_t n); -LTC_EXPORT void* LTC_CALL XREALLOC(void* p, size_t n); -LTC_EXPORT void* LTC_CALL XCALLOC(size_t n, size_t s); -LTC_EXPORT void LTC_CALL XFREE(void* p); - -LTC_EXPORT void LTC_CALL XQSORT(void* base, - size_t nmemb, - size_t size, - int (*compar)(const void*, const void*)); - - -/* change the clock function too */ -LTC_EXPORT clock_t LTC_CALL XCLOCK(void); - -/* various other functions */ -LTC_EXPORT void* LTC_CALL XMEMCPY(void* dest, const void* src, size_t n); -LTC_EXPORT int LTC_CALL XMEMCMP(const void* s1, const void* s2, size_t n); -LTC_EXPORT void* LTC_CALL XMEMSET(void* s, int c, size_t n); - -LTC_EXPORT int LTC_CALL XSTRCMP(const char* s1, const char* s2); - -#endif - -/* type of argument checking, 0=default, 1=fatal and 2=error+continue, 3=nothing */ -#ifndef ARGTYPE -#define ARGTYPE 0 -#endif - -/* Controls endianess and size of registers. Leave uncommented to get platform neutral [slower] - * code - * - * Note: in order to use the optimized macros your platform must support unaligned 32 and 64 bit - * read/writes. The x86 platforms allow this but some others [ARM for instance] do not. On those - * platforms you **MUST** use the portable [slower] macros. - */ - -/* detect x86-32 machines somewhat */ -#if !defined(__STRICT_ANSI__) && \ - (defined(INTEL_CC) || (defined(_MSC_VER) && defined(WIN32)) || \ - (defined(__GNUC__) && \ - (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__)))) -#define ENDIAN_LITTLE -#define ENDIAN_32BITWORD -#define LTC_FAST -#define LTC_FAST_TYPE unsigned long -#endif - -/* detects MIPS R5900 processors (PS2) */ -#if (defined(__R5900) || defined(R5900) || defined(__R5900__)) && \ - (defined(_mips) || defined(__mips__) || defined(mips)) -#define ENDIAN_LITTLE -#define ENDIAN_64BITWORD -#endif - -/* detect amd64 */ -#if !defined(__STRICT_ANSI__) && defined(__x86_64__) -#define ENDIAN_LITTLE -#define ENDIAN_64BITWORD -#define LTC_FAST -#define LTC_FAST_TYPE unsigned long -#endif - -/* detect PPC32 */ -#if !defined(__STRICT_ANSI__) && defined(LTC_PPC32) -#define ENDIAN_BIG -#define ENDIAN_32BITWORD -#define LTC_FAST -#define LTC_FAST_TYPE unsigned long -#endif - -/* detect sparc and sparc64 */ -#if defined(__sparc__) -#define ENDIAN_BIG -#if defined(__arch64__) -#define ENDIAN_64BITWORD -#else -#define ENDIAN_32BITWORD -#endif -#endif - - -#ifdef LTC_NO_FAST -#ifdef LTC_FAST -#undef LTC_FAST -#endif -#endif - -/* No asm is a quick way to disable anything "not portable" */ -#ifdef LTC_NO_ASM -#undef ENDIAN_LITTLE -#undef ENDIAN_BIG -#undef ENDIAN_32BITWORD -#undef ENDIAN_64BITWORD -#undef LTC_FAST -#undef LTC_FAST_TYPE -#define LTC_NO_ROLC -#define LTC_NO_BSWAP -#endif - -/* #define ENDIAN_LITTLE */ -/* #define ENDIAN_BIG */ - -/* #define ENDIAN_32BITWORD */ -/* #define ENDIAN_64BITWORD */ - -#if (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && \ - !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD)) -#error You must specify a word size as well as endianess in tomcrypt_cfg.h -#endif - -#if !(defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) -#define ENDIAN_NEUTRAL -#endif - -#endif - - -/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_cfg.h,v $ */ -/* $Revision: 1.19 $ */ -/* $Date: 2006/12/04 02:19:48 $ */ diff --git a/src/mongo/crypto/tom/tomcrypt_cipher.h b/src/mongo/crypto/tom/tomcrypt_cipher.h deleted file mode 100644 index 43efbacc752..00000000000 --- a/src/mongo/crypto/tom/tomcrypt_cipher.h +++ /dev/null @@ -1,970 +0,0 @@ -/* Copyright 2014 MongoDB Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* ---- SYMMETRIC KEY STUFF ----- - * - * We put each of the ciphers scheduled keys in their own structs then we put all of - * the key formats in one union. This makes the function prototypes easier to use. - */ -#ifdef LTC_BLOWFISH -struct blowfish_key { - ulong32 S[4][256]; - ulong32 K[18]; -}; -#endif - -#ifdef LTC_RC5 -struct rc5_key { - int rounds; - ulong32 K[50]; -}; -#endif - -#ifdef LTC_RC6 -struct rc6_key { - ulong32 K[44]; -}; -#endif - -#ifdef LTC_SAFERP -struct saferp_key { - unsigned char K[33][16]; - long rounds; -}; -#endif - -#ifdef LTC_RIJNDAEL -struct rijndael_key { - ulong32 eK[60], dK[60]; - int Nr; -}; -#endif - -#ifdef LTC_KSEED -struct kseed_key { - ulong32 K[32], dK[32]; -}; -#endif - -#ifdef LTC_KASUMI -struct kasumi_key { - ulong32 KLi1[8], KLi2[8], KOi1[8], KOi2[8], KOi3[8], KIi1[8], KIi2[8], KIi3[8]; -}; -#endif - -#ifdef LTC_XTEA -struct xtea_key { - unsigned long A[32], B[32]; -}; -#endif - -#ifdef LTC_TWOFISH -#ifndef LTC_TWOFISH_SMALL -struct twofish_key { - ulong32 S[4][256], K[40]; -}; -#else -struct twofish_key { - ulong32 K[40]; - unsigned char S[32], start; -}; -#endif -#endif - -#ifdef LTC_SAFER -#define LTC_SAFER_K64_DEFAULT_NOF_ROUNDS 6 -#define LTC_SAFER_K128_DEFAULT_NOF_ROUNDS 10 -#define LTC_SAFER_SK64_DEFAULT_NOF_ROUNDS 8 -#define LTC_SAFER_SK128_DEFAULT_NOF_ROUNDS 10 -#define LTC_SAFER_MAX_NOF_ROUNDS 13 -#define LTC_SAFER_BLOCK_LEN 8 -#define LTC_SAFER_KEY_LEN (1 + LTC_SAFER_BLOCK_LEN * (1 + 2 * LTC_SAFER_MAX_NOF_ROUNDS)) -typedef unsigned char safer_block_t[LTC_SAFER_BLOCK_LEN]; -typedef unsigned char safer_key_t[LTC_SAFER_KEY_LEN]; -struct safer_key { - safer_key_t key; -}; -#endif - -#ifdef LTC_RC2 -struct rc2_key { - unsigned xkey[64]; -}; -#endif - -#ifdef LTC_DES -struct des_key { - ulong32 ek[32], dk[32]; -}; - -struct des3_key { - ulong32 ek[3][32], dk[3][32]; -}; -#endif - -#ifdef LTC_CAST5 -struct cast5_key { - ulong32 K[32], keylen; -}; -#endif - -#ifdef LTC_NOEKEON -struct noekeon_key { - ulong32 K[4], dK[4]; -}; -#endif - -#ifdef LTC_SKIPJACK -struct skipjack_key { - unsigned char key[10]; -}; -#endif - -#ifdef LTC_KHAZAD -struct khazad_key { - ulong64 roundKeyEnc[8 + 1]; - ulong64 roundKeyDec[8 + 1]; -}; -#endif - -#ifdef LTC_ANUBIS -struct anubis_key { - int keyBits; - int R; - ulong32 roundKeyEnc[18 + 1][4]; - ulong32 roundKeyDec[18 + 1][4]; -}; -#endif - -#ifdef LTC_MULTI2 -struct multi2_key { - int N; - ulong32 uk[8]; -}; -#endif - -typedef union Symmetric_key { -#ifdef LTC_DES - struct des_key des; - struct des3_key des3; -#endif -#ifdef LTC_RC2 - struct rc2_key rc2; -#endif -#ifdef LTC_SAFER - struct safer_key safer; -#endif -#ifdef LTC_TWOFISH - struct twofish_key twofish; -#endif -#ifdef LTC_BLOWFISH - struct blowfish_key blowfish; -#endif -#ifdef LTC_RC5 - struct rc5_key rc5; -#endif -#ifdef LTC_RC6 - struct rc6_key rc6; -#endif -#ifdef LTC_SAFERP - struct saferp_key saferp; -#endif -#ifdef LTC_RIJNDAEL - struct rijndael_key rijndael; -#endif -#ifdef LTC_XTEA - struct xtea_key xtea; -#endif -#ifdef LTC_CAST5 - struct cast5_key cast5; -#endif -#ifdef LTC_NOEKEON - struct noekeon_key noekeon; -#endif -#ifdef LTC_SKIPJACK - struct skipjack_key skipjack; -#endif -#ifdef LTC_KHAZAD - struct khazad_key khazad; -#endif -#ifdef LTC_ANUBIS - struct anubis_key anubis; -#endif -#ifdef LTC_KSEED - struct kseed_key kseed; -#endif -#ifdef LTC_KASUMI - struct kasumi_key kasumi; -#endif -#ifdef LTC_MULTI2 - struct multi2_key multi2; -#endif - void* data; -} symmetric_key; - -#ifdef LTC_ECB_MODE -/** A block cipher ECB structure */ -typedef struct { - /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen; - /** The scheduled key */ - symmetric_key key; -} symmetric_ECB; -#endif - -#ifdef LTC_CFB_MODE -/** A block cipher CFB structure */ -typedef struct { - /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen, - /** The padding offset */ - padlen; - /** The current IV */ - unsigned char IV[MAXBLOCKSIZE], - /** The pad used to encrypt/decrypt */ - pad[MAXBLOCKSIZE]; - /** The scheduled key */ - symmetric_key key; -} symmetric_CFB; -#endif - -#ifdef LTC_OFB_MODE -/** A block cipher OFB structure */ -typedef struct { - /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen, - /** The padding offset */ - padlen; - /** The current IV */ - unsigned char IV[MAXBLOCKSIZE]; - /** The scheduled key */ - symmetric_key key; -} symmetric_OFB; -#endif - -#ifdef LTC_CBC_MODE -/** A block cipher CBC structure */ -typedef struct { - /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen; - /** The current IV */ - unsigned char IV[MAXBLOCKSIZE]; - /** The scheduled key */ - symmetric_key key; -} symmetric_CBC; -#endif - - -#ifdef LTC_CTR_MODE -/** A block cipher CTR structure */ -typedef struct { - /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen, - /** The padding offset */ - padlen, - /** The mode (endianess) of the CTR, 0==little, 1==big */ - mode, - /** counter width */ - ctrlen; - - /** The counter */ - unsigned char ctr[MAXBLOCKSIZE], - /** The pad used to encrypt/decrypt */ - pad[MAXBLOCKSIZE]; - /** The scheduled key */ - symmetric_key key; -} symmetric_CTR; -#endif - - -#ifdef LTC_LRW_MODE -/** A LRW structure */ -typedef struct { - /** The index of the cipher chosen (must be a 128-bit block cipher) */ - int cipher; - - /** The current IV */ - unsigned char IV[16], - - /** the tweak key */ - tweak[16], - - /** The current pad, it's the product of the first 15 bytes against the tweak key */ - pad[16]; - - /** The scheduled symmetric key */ - symmetric_key key; - -#ifdef LRW_TABLES - /** The pre-computed multiplication table */ - unsigned char PC[16][256][16]; -#endif -} symmetric_LRW; -#endif - -#ifdef LTC_F8_MODE -/** A block cipher F8 structure */ -typedef struct { - /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen, - /** The padding offset */ - padlen; - /** The current IV */ - unsigned char IV[MAXBLOCKSIZE], MIV[MAXBLOCKSIZE]; - /** Current block count */ - ulong32 blockcnt; - /** The scheduled key */ - symmetric_key key; -} symmetric_F8; -#endif - - -/** cipher descriptor table, last entry has "name == NULL" to mark the end of table */ -extern struct ltc_cipher_descriptor { - /** name of cipher */ - char* name; - /** internal ID */ - unsigned char ID; - /** min keysize (octets) */ - int min_key_length, - /** max keysize (octets) */ - max_key_length, - /** block size (octets) */ - block_length, - /** default number of rounds */ - default_rounds; - /** Setup the cipher - @param key The input symmetric key - @param keylen The length of the input key (octets) - @param num_rounds The requested number of rounds (0==default) - @param skey [out] The destination of the scheduled key - @return CRYPT_OK if successful - */ - int (*setup)(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); - /** Encrypt a block - @param pt The plaintex - @param ct [out] The ciphertex - @param skey The scheduled key - @return CRYPT_OK if successful - */ - int (*ecb_encrypt)(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); - /** Decrypt a block - @param ct The ciphertex - @param pt [out] The plaintex - @param skey The scheduled key - @return CRYPT_OK if successful - */ - int (*ecb_decrypt)(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); - /** Test the block cipher - @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled - */ - int (*test)(void); - - /** Terminate the contex - @param skey The scheduled key - */ - void (*done)(symmetric_key* skey); - - /** Determine a key size - @param keysize [in/out] The size of the key desired and the suggested size - @return CRYPT_OK if successful - */ - int (*keysize)(int* keysize); - - /** Accelerators **/ - /** Accelerated ECB encryption - @param pt Plaintex - @param ct Ciphertex - @param blocks The number of complete blocks to process - @param skey The scheduled key contex - @return CRYPT_OK if successful - */ - int (*accel_ecb_encrypt)(const unsigned char* pt, - unsigned char* ct, - unsigned long blocks, - symmetric_key* skey); - - /** Accelerated ECB decryption - @param pt Plaintex - @param ct Ciphertex - @param blocks The number of complete blocks to process - @param skey The scheduled key contex - @return CRYPT_OK if successful - */ - int (*accel_ecb_decrypt)(const unsigned char* ct, - unsigned char* pt, - unsigned long blocks, - symmetric_key* skey); - - /** Accelerated CBC encryption - @param pt Plaintex - @param ct Ciphertex - @param blocks The number of complete blocks to process - @param IV The initial value (input/output) - @param skey The scheduled key contex - @return CRYPT_OK if successful - */ - int (*accel_cbc_encrypt)(const unsigned char* pt, - unsigned char* ct, - unsigned long blocks, - unsigned char* IV, - symmetric_key* skey); - - /** Accelerated CBC decryption - @param pt Plaintex - @param ct Ciphertex - @param blocks The number of complete blocks to process - @param IV The initial value (input/output) - @param skey The scheduled key contex - @return CRYPT_OK if successful - */ - int (*accel_cbc_decrypt)(const unsigned char* ct, - unsigned char* pt, - unsigned long blocks, - unsigned char* IV, - symmetric_key* skey); - - /** Accelerated CTR encryption - @param pt Plaintex - @param ct Ciphertex - @param blocks The number of complete blocks to process - @param IV The initial value (input/output) - @param mode little or big endian counter (mode=0 or mode=1) - @param skey The scheduled key contex - @return CRYPT_OK if successful - */ - int (*accel_ctr_encrypt)(const unsigned char* pt, - unsigned char* ct, - unsigned long blocks, - unsigned char* IV, - int mode, - symmetric_key* skey); - - /** Accelerated LRW - @param pt Plaintex - @param ct Ciphertex - @param blocks The number of complete blocks to process - @param IV The initial value (input/output) - @param tweak The LRW tweak - @param skey The scheduled key contex - @return CRYPT_OK if successful - */ - int (*accel_lrw_encrypt)(const unsigned char* pt, - unsigned char* ct, - unsigned long blocks, - unsigned char* IV, - const unsigned char* tweak, - symmetric_key* skey); - - /** Accelerated LRW - @param ct Ciphertex - @param pt Plaintex - @param blocks The number of complete blocks to process - @param IV The initial value (input/output) - @param tweak The LRW tweak - @param skey The scheduled key contex - @return CRYPT_OK if successful - */ - int (*accel_lrw_decrypt)(const unsigned char* ct, - unsigned char* pt, - unsigned long blocks, - unsigned char* IV, - const unsigned char* tweak, - symmetric_key* skey); - - /** Accelerated CCM packet (one-shot) - @param key The secret key to use - @param keylen The length of the secret key (octets) - @param uskey A previously scheduled key [optional can be NULL] - @param nonce The session nonce [use once] - @param noncelen The length of the nonce - @param header The header for the session - @param headerlen The length of the header (octets) - @param pt [out] The plaintex - @param ptlen The length of the plaintext (octets) - @param ct [out] The ciphertex - @param tag [out] The destination tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @param direction Encrypt or Decrypt direction (0 or 1) - @return CRYPT_OK if successful - */ - int (*accel_ccm_memory)(const unsigned char* key, - unsigned long keylen, - symmetric_key* uskey, - const unsigned char* nonce, - unsigned long noncelen, - const unsigned char* header, - unsigned long headerlen, - unsigned char* pt, - unsigned long ptlen, - unsigned char* ct, - unsigned char* tag, - unsigned long* taglen, - int direction); - - /** Accelerated GCM packet (one shot) - @param key The secret key - @param keylen The length of the secret key - @param IV The initial vector - @param IVlen The length of the initial vector - @param adata The additional authentication data (header) - @param adatalen The length of the adata - @param pt The plaintex - @param ptlen The length of the plaintext (ciphertext length is the same) - @param ct The ciphertex - @param tag [out] The MAC tag - @param taglen [in/out] The MAC tag length - @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT) - @return CRYPT_OK on success - */ - int (*accel_gcm_memory)(const unsigned char* key, - unsigned long keylen, - const unsigned char* IV, - unsigned long IVlen, - const unsigned char* adata, - unsigned long adatalen, - unsigned char* pt, - unsigned long ptlen, - unsigned char* ct, - unsigned char* tag, - unsigned long* taglen, - int direction); - - /** Accelerated one shot LTC_OMAC - @param key The secret key - @param keylen The key length (octets) - @param in The message - @param inlen Length of message (octets) - @param out [out] Destination for tag - @param outlen [in/out] Initial and final size of ou - @return CRYPT_OK on success - */ - int (*omac_memory)(const unsigned char* key, - unsigned long keylen, - const unsigned char* in, - unsigned long inlen, - unsigned char* out, - unsigned long* outlen); - - /** Accelerated one shot XCBC - @param key The secret key - @param keylen The key length (octets) - @param in The message - @param inlen Length of message (octets) - @param out [out] Destination for tag - @param outlen [in/out] Initial and final size of ou - @return CRYPT_OK on success - */ - int (*xcbc_memory)(const unsigned char* key, - unsigned long keylen, - const unsigned char* in, - unsigned long inlen, - unsigned char* out, - unsigned long* outlen); - - /** Accelerated one shot F9 - @param key The secret key - @param keylen The key length (octets) - @param in The message - @param inlen Length of message (octets) - @param out [out] Destination for tag - @param outlen [in/out] Initial and final size of ou - @return CRYPT_OK on success - @remark Requires manual padding - */ - int (*f9_memory)(const unsigned char* key, - unsigned long keylen, - const unsigned char* in, - unsigned long inlen, - unsigned char* out, - unsigned long* outlen); -} cipher_descriptor[]; - -#ifdef LTC_BLOWFISH -int blowfish_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int blowfish_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int blowfish_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int blowfish_test(void); -void blowfish_done(symmetric_key* skey); -int blowfish_keysize(int* keysize); -extern const struct ltc_cipher_descriptor blowfish_desc; -#endif - -#ifdef LTC_RC5 -int rc5_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int rc5_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int rc5_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int rc5_test(void); -void rc5_done(symmetric_key* skey); -int rc5_keysize(int* keysize); -extern const struct ltc_cipher_descriptor rc5_desc; -#endif - -#ifdef LTC_RC6 -int rc6_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int rc6_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int rc6_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int rc6_test(void); -void rc6_done(symmetric_key* skey); -int rc6_keysize(int* keysize); -extern const struct ltc_cipher_descriptor rc6_desc; -#endif - -#ifdef LTC_RC2 -int rc2_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int rc2_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int rc2_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int rc2_test(void); -void rc2_done(symmetric_key* skey); -int rc2_keysize(int* keysize); -extern const struct ltc_cipher_descriptor rc2_desc; -#endif - -#ifdef LTC_SAFERP -int saferp_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int saferp_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int saferp_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int saferp_test(void); -void saferp_done(symmetric_key* skey); -int saferp_keysize(int* keysize); -extern const struct ltc_cipher_descriptor saferp_desc; -#endif - -#ifdef LTC_SAFER -int safer_k64_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int safer_sk64_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int safer_k128_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int safer_sk128_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int safer_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* key); -int safer_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* key); -int safer_k64_test(void); -int safer_sk64_test(void); -int safer_sk128_test(void); -void safer_done(symmetric_key* skey); -int safer_64_keysize(int* keysize); -int safer_128_keysize(int* keysize); -extern const struct ltc_cipher_descriptor safer_k64_desc, safer_k128_desc, safer_sk64_desc, - safer_sk128_desc; -#endif - -#ifdef LTC_RIJNDAEL - -/* make aes an alias */ -#define aes_setup rijndael_setup -#define aes_ecb_encrypt rijndael_ecb_encryp -#define aes_ecb_decrypt rijndael_ecb_decryp -#define aes_test rijndael_tes -#define aes_done rijndael_done -#define aes_keysize rijndael_keysize - -#define aes_enc_setup rijndael_enc_setup -#define aes_enc_ecb_encrypt rijndael_enc_ecb_encryp -#define aes_enc_keysize rijndael_enc_keysize - -int rijndael_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int rijndael_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int rijndael_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int rijndael_test(void); -void rijndael_done(symmetric_key* skey); -int rijndael_keysize(int* keysize); -int rijndael_enc_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int rijndael_enc_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -void rijndael_enc_done(symmetric_key* skey); -int rijndael_enc_keysize(int* keysize); -extern const struct ltc_cipher_descriptor rijndael_desc, aes_desc; -extern const struct ltc_cipher_descriptor rijndael_enc_desc, aes_enc_desc; -#endif - -#ifdef LTC_XTEA -int xtea_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int xtea_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int xtea_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int xtea_test(void); -void xtea_done(symmetric_key* skey); -int xtea_keysize(int* keysize); -extern const struct ltc_cipher_descriptor xtea_desc; -#endif - -#ifdef LTC_TWOFISH -int twofish_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int twofish_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int twofish_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int twofish_test(void); -void twofish_done(symmetric_key* skey); -int twofish_keysize(int* keysize); -extern const struct ltc_cipher_descriptor twofish_desc; -#endif - -#ifdef LTC_DES -int des_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int des_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int des_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int des_test(void); -void des_done(symmetric_key* skey); -int des_keysize(int* keysize); -int des3_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int des3_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int des3_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int des3_test(void); -void des3_done(symmetric_key* skey); -int des3_keysize(int* keysize); -extern const struct ltc_cipher_descriptor des_desc, des3_desc; -#endif - -#ifdef LTC_CAST5 -int cast5_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int cast5_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int cast5_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int cast5_test(void); -void cast5_done(symmetric_key* skey); -int cast5_keysize(int* keysize); -extern const struct ltc_cipher_descriptor cast5_desc; -#endif - -#ifdef LTC_NOEKEON -int noekeon_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int noekeon_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int noekeon_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int noekeon_test(void); -void noekeon_done(symmetric_key* skey); -int noekeon_keysize(int* keysize); -extern const struct ltc_cipher_descriptor noekeon_desc; -#endif - -#ifdef LTC_SKIPJACK -int skipjack_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int skipjack_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int skipjack_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int skipjack_test(void); -void skipjack_done(symmetric_key* skey); -int skipjack_keysize(int* keysize); -extern const struct ltc_cipher_descriptor skipjack_desc; -#endif - -#ifdef LTC_KHAZAD -int khazad_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int khazad_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int khazad_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int khazad_test(void); -void khazad_done(symmetric_key* skey); -int khazad_keysize(int* keysize); -extern const struct ltc_cipher_descriptor khazad_desc; -#endif - -#ifdef LTC_ANUBIS -int anubis_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int anubis_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int anubis_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int anubis_test(void); -void anubis_done(symmetric_key* skey); -int anubis_keysize(int* keysize); -extern const struct ltc_cipher_descriptor anubis_desc; -#endif - -#ifdef LTC_KSEED -int kseed_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int kseed_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int kseed_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int kseed_test(void); -void kseed_done(symmetric_key* skey); -int kseed_keysize(int* keysize); -extern const struct ltc_cipher_descriptor kseed_desc; -#endif - -#ifdef LTC_KASUMI -int kasumi_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int kasumi_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int kasumi_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int kasumi_test(void); -void kasumi_done(symmetric_key* skey); -int kasumi_keysize(int* keysize); -extern const struct ltc_cipher_descriptor kasumi_desc; -#endif - - -#ifdef LTC_MULTI2 -int multi2_setup(const unsigned char* key, int keylen, int num_rounds, symmetric_key* skey); -int multi2_ecb_encrypt(const unsigned char* pt, unsigned char* ct, symmetric_key* skey); -int multi2_ecb_decrypt(const unsigned char* ct, unsigned char* pt, symmetric_key* skey); -int multi2_test(void); -void multi2_done(symmetric_key* skey); -int multi2_keysize(int* keysize); -extern const struct ltc_cipher_descriptor multi2_desc; -#endif - -#ifdef LTC_ECB_MODE -int ecb_start(int cipher, const unsigned char* key, int keylen, int num_rounds, symmetric_ECB* ecb); -int ecb_encrypt(const unsigned char* pt, unsigned char* ct, unsigned long len, symmetric_ECB* ecb); -int ecb_decrypt(const unsigned char* ct, unsigned char* pt, unsigned long len, symmetric_ECB* ecb); -int ecb_done(symmetric_ECB* ecb); -#endif - -#ifdef LTC_CFB_MODE -int cfb_start(int cipher, - const unsigned char* IV, - const unsigned char* key, - int keylen, - int num_rounds, - symmetric_CFB* cfb); -int cfb_encrypt(const unsigned char* pt, unsigned char* ct, unsigned long len, symmetric_CFB* cfb); -int cfb_decrypt(const unsigned char* ct, unsigned char* pt, unsigned long len, symmetric_CFB* cfb); -int cfb_getiv(unsigned char* IV, unsigned long* len, symmetric_CFB* cfb); -int cfb_setiv(const unsigned char* IV, unsigned long len, symmetric_CFB* cfb); -int cfb_done(symmetric_CFB* cfb); -#endif - -#ifdef LTC_OFB_MODE -int ofb_start(int cipher, - const unsigned char* IV, - const unsigned char* key, - int keylen, - int num_rounds, - symmetric_OFB* ofb); -int ofb_encrypt(const unsigned char* pt, unsigned char* ct, unsigned long len, symmetric_OFB* ofb); -int ofb_decrypt(const unsigned char* ct, unsigned char* pt, unsigned long len, symmetric_OFB* ofb); -int ofb_getiv(unsigned char* IV, unsigned long* len, symmetric_OFB* ofb); -int ofb_setiv(const unsigned char* IV, unsigned long len, symmetric_OFB* ofb); -int ofb_done(symmetric_OFB* ofb); -#endif - -#ifdef LTC_CBC_MODE -int cbc_start(int cipher, - const unsigned char* IV, - const unsigned char* key, - int keylen, - int num_rounds, - symmetric_CBC* cbc); -int cbc_encrypt(const unsigned char* pt, unsigned char* ct, unsigned long len, symmetric_CBC* cbc); -int cbc_decrypt(const unsigned char* ct, unsigned char* pt, unsigned long len, symmetric_CBC* cbc); -int cbc_getiv(unsigned char* IV, unsigned long* len, symmetric_CBC* cbc); -int cbc_setiv(const unsigned char* IV, unsigned long len, symmetric_CBC* cbc); -int cbc_done(symmetric_CBC* cbc); -#endif - -#ifdef LTC_CTR_MODE - -#define CTR_COUNTER_LITTLE_ENDIAN 0x0000 -#define CTR_COUNTER_BIG_ENDIAN 0x1000 -#define LTC_CTR_RFC3686 0x2000 - -int ctr_start(int cipher, - const unsigned char* IV, - const unsigned char* key, - int keylen, - int num_rounds, - int ctr_mode, - symmetric_CTR* ctr); -int ctr_encrypt(const unsigned char* pt, unsigned char* ct, unsigned long len, symmetric_CTR* ctr); -int ctr_decrypt(const unsigned char* ct, unsigned char* pt, unsigned long len, symmetric_CTR* ctr); -int ctr_getiv(unsigned char* IV, unsigned long* len, symmetric_CTR* ctr); -int ctr_setiv(const unsigned char* IV, unsigned long len, symmetric_CTR* ctr); -int ctr_done(symmetric_CTR* ctr); -int ctr_test(void); -#endif - -#ifdef LTC_LRW_MODE - -#define LRW_ENCRYPT 0 -#define LRW_DECRYPT 1 - -int lrw_start(int cipher, - const unsigned char* IV, - const unsigned char* key, - int keylen, - const unsigned char* tweak, - int num_rounds, - symmetric_LRW* lrw); -int lrw_encrypt(const unsigned char* pt, unsigned char* ct, unsigned long len, symmetric_LRW* lrw); -int lrw_decrypt(const unsigned char* ct, unsigned char* pt, unsigned long len, symmetric_LRW* lrw); -int lrw_getiv(unsigned char* IV, unsigned long* len, symmetric_LRW* lrw); -int lrw_setiv(const unsigned char* IV, unsigned long len, symmetric_LRW* lrw); -int lrw_done(symmetric_LRW* lrw); -int lrw_test(void); - -/* don't call */ -int lrw_process( - const unsigned char* pt, unsigned char* ct, unsigned long len, int mode, symmetric_LRW* lrw); -#endif - -#ifdef LTC_F8_MODE -int f8_start(int cipher, - const unsigned char* IV, - const unsigned char* key, - int keylen, - const unsigned char* salt_key, - int skeylen, - int num_rounds, - symmetric_F8* f8); -int f8_encrypt(const unsigned char* pt, unsigned char* ct, unsigned long len, symmetric_F8* f8); -int f8_decrypt(const unsigned char* ct, unsigned char* pt, unsigned long len, symmetric_F8* f8); -int f8_getiv(unsigned char* IV, unsigned long* len, symmetric_F8* f8); -int f8_setiv(const unsigned char* IV, unsigned long len, symmetric_F8* f8); -int f8_done(symmetric_F8* f8); -int f8_test_mode(void); -#endif - -#ifdef LTC_XTS_MODE -typedef struct { - symmetric_key key1, key2; - int cipher; -} symmetric_xts; - -int xts_start(int cipher, - const unsigned char* key1, - const unsigned char* key2, - unsigned long keylen, - int num_rounds, - symmetric_xts* xts); - -int xts_encrypt(const unsigned char* pt, - unsigned long ptlen, - unsigned char* ct, - const unsigned char* tweak, - symmetric_xts* xts); -int xts_decrypt(const unsigned char* ct, - unsigned long ptlen, - unsigned char* pt, - const unsigned char* tweak, - symmetric_xts* xts); - -void xts_done(symmetric_xts* xts); -int xts_test(void); -void xts_mult_x(unsigned char* I); -#endif - -int find_cipher(const char* name); -int find_cipher_any(const char* name, int blocklen, int keylen); -int find_cipher_id(unsigned char ID); -int register_cipher(const struct ltc_cipher_descriptor* cipher); -int unregister_cipher(const struct ltc_cipher_descriptor* cipher); -int cipher_is_valid(int idx); - -LTC_MUTEX_PROTO(ltc_cipher_mutex) - -/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_cipher.h,v $ */ -/* $Revision: 1.54 $ */ -/* $Date: 2007/05/12 14:37:41 $ */ diff --git a/src/mongo/crypto/tom/tomcrypt_custom.h b/src/mongo/crypto/tom/tomcrypt_custom.h deleted file mode 100644 index 9d64e630010..00000000000 --- a/src/mongo/crypto/tom/tomcrypt_custom.h +++ /dev/null @@ -1,422 +0,0 @@ -/* Copyright 2014 MongoDB Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TOMCRYPT_CUSTOM_H_ -#define TOMCRYPT_CUSTOM_H_ - -/* macros for various libc functions you can change for embedded targets */ -#ifndef XMALLOC -#ifdef malloc -#define LTC_NO_PROTOTYPES -#endif -#define XMALLOC malloc -#endif -#ifndef XREALLOC -#ifdef realloc -#define LTC_NO_PROTOTYPES -#endif -#define XREALLOC realloc -#endif -#ifndef XCALLOC -#ifdef calloc -#define LTC_NO_PROTOTYPES -#endif -#define XCALLOC calloc -#endif -#ifndef XFREE -#ifdef free -#define LTC_NO_PROTOTYPES -#endif -#define XFREE free -#endif - -#ifndef XMEMSET -#ifdef memse -#define LTC_NO_PROTOTYPES -#endif -#define XMEMSET memse -#endif -#ifndef XMEMCPY -#ifdef memcpy -#define LTC_NO_PROTOTYPES -#endif -#define XMEMCPY memcpy -#endif -#ifndef XMEMCMP -#ifdef memcmp -#define LTC_NO_PROTOTYPES -#endif -#define XMEMCMP memcmp -#endif -#ifndef XSTRCMP -#ifdef strcmp -#define LTC_NO_PROTOTYPES -#endif -#define XSTRCMP strcmp -#endif - -#ifndef XCLOCK -#define XCLOCK clock -#endif -#ifndef XCLOCKS_PER_SEC -#define XCLOCKS_PER_SEC CLOCKS_PER_SEC -#endif - -#ifndef XQSORT -#ifdef qsor -#define LTC_NO_PROTOTYPES -#endif -#define XQSORT qsor -#endif - -/* Easy button? */ -#ifdef LTC_EASY -#define LTC_NO_CIPHERS -#define LTC_RIJNDAEL -#define LTC_BLOWFISH -#define LTC_DES -#define LTC_CAST5 - -#define LTC_NO_MODES -#define LTC_ECB_MODE -#define LTC_CBC_MODE -#define LTC_CTR_MODE - -#define LTC_NO_HASHES -#define LTC_SHA1 -#define LTC_SHA512 -#define LTC_SHA384 -#define LTC_SHA256 -#define LTC_SHA224 - -#define LTC_NO_MACS -#define LTC_HMAC -#define LTC_OMAC -#define LTC_CCM_MODE - -#define LTC_NO_PRNGS -#define LTC_SPRNG -#define LTC_YARROW -#define LTC_DEVRANDOM -#define TRY_URANDOM_FIRST - -#define LTC_NO_PK -#define LTC_MRSA -#define LTC_MECC -#endif - -/* Use small code where possible */ -/* #define LTC_SMALL_CODE */ - -/* Enable self-test test vector checking */ -#ifndef LTC_NO_TEST -#define LTC_TEST -#endif - -/* clean the stack of functions which put private information on stack */ -/* #define LTC_CLEAN_STACK */ - -/* disable all file related functions */ -/* #define LTC_NO_FILE */ - -/* disable all forms of ASM */ -#define LTC_NO_ASM - -/* disable FAST mode */ -/* #define LTC_NO_FAST */ - -/* disable BSWAP on x86 */ -/* #define LTC_NO_BSWAP */ - -/* ---> Symmetric Block Ciphers <--- */ -#ifndef LTC_NO_CIPHERS - -#define LTC_BLOWFISH -#define LTC_RC2 -#define LTC_RC5 -#define LTC_RC6 -#define LTC_SAFERP -#define LTC_RIJNDAEL -#define LTC_XTEA -/* _TABLES tells it to use tables during setup, _SMALL means to use the smaller scheduled key forma - * (saves 4KB of ram), _ALL_TABLES enables all tables during setup */ -#define LTC_TWOFISH -#ifndef LTC_NO_TABLES -#define LTC_TWOFISH_TABLES -/* #define LTC_TWOFISH_ALL_TABLES */ -#else -#define LTC_TWOFISH_SMALL -#endif -/* #define LTC_TWOFISH_SMALL */ -/* LTC_DES includes EDE triple-LTC_DES */ -#define LTC_DES -#define LTC_CAST5 -#define LTC_NOEKEON -#define LTC_SKIPJACK -#define LTC_SAFER -#define LTC_KHAZAD -#define LTC_ANUBIS -#define LTC_ANUBIS_TWEAK -#define LTC_KSEED -#define LTC_KASUMI - -#endif /* LTC_NO_CIPHERS */ - - -/* ---> Block Cipher Modes of Operation <--- */ -#ifndef LTC_NO_MODES - -#define LTC_CFB_MODE -#define LTC_OFB_MODE -#define LTC_ECB_MODE -#define LTC_CBC_MODE -#define LTC_CTR_MODE - -/* F8 chaining mode */ -#define LTC_F8_MODE - -/* LRW mode */ -#define LTC_LRW_MODE -#ifndef LTC_NO_TABLES -/* like GCM mode this will enable 16 8x128 tables [64KB] that make - * seeking very fast. - */ -#define LRW_TABLES -#endif - -/* XTS mode */ -#define LTC_XTS_MODE - -#endif /* LTC_NO_MODES */ - -/* ---> One-Way Hash Functions <--- */ -#ifndef LTC_NO_HASHES - -//#define LTC_CHC_HASH -//#define LTC_WHIRLPOOL -//#define LTC_SHA512 -//#define LTC_SHA384 -//#define LTC_SHA256 -//#define LTC_SHA224 -//#define LTC_TIGER -#define LTC_SHA1 -//#define LTC_MD5 -//#define LTC_MD4 -//#define LTC_MD2 -//#define LTC_RIPEMD128 -//#define LTC_RIPEMD160 -//#define LTC_RIPEMD256 -//#define LTC_RIPEMD320 - -#endif /* LTC_NO_HASHES */ - -/* ---> MAC functions <--- */ -#ifndef LTC_NO_MACS - -#define LTC_HMAC -#define LTC_OMAC -//#define LTC_PMAC -//#define LTC_XCBC -//#define LTC_F9_MODE -//#define LTC_PELICAN - -#if defined(LTC_PELICAN) && !defined(LTC_RIJNDAEL) -#error Pelican-MAC requires LTC_RIJNDAEL -#endif - -/* ---> Encrypt + Authenticate Modes <--- */ - -#define LTC_EAX_MODE -#if defined(LTC_EAX_MODE) && !(defined(LTC_CTR_MODE) && defined(LTC_OMAC)) -#error LTC_EAX_MODE requires CTR and LTC_OMAC mode -#endif - -#define LTC_OCB_MODE -#define LTC_CCM_MODE -#define LTC_GCM_MODE - -/* Use 64KiB tables */ -#ifndef LTC_NO_TABLES -#define LTC_GCM_TABLES -#endif - -/* USE SSE2? requires GCC works on x86_32 and x86_64*/ -#ifdef LTC_GCM_TABLES -/* #define LTC_GCM_TABLES_SSE2 */ -#endif - -#endif /* LTC_NO_MACS */ - -/* Various tidbits of modern neatoness */ -#define LTC_BASE64 - -/* --> Pseudo Random Number Generators <--- */ -#ifndef LTC_NO_PRNGS - -/* Yarrow */ -#define LTC_YARROW -/* which descriptor of AES to use? */ -/* 0 = rijndael_enc 1 = aes_enc, 2 = rijndael [full], 3 = aes [full] */ -#define LTC_YARROW_AES 0 - -#if defined(LTC_YARROW) && !defined(LTC_CTR_MODE) -#error LTC_YARROW requires LTC_CTR_MODE chaining mode to be defined! -#endif - -/* a PRNG that simply reads from an available system source */ -#define LTC_SPRNG - -/* The LTC_RC4 stream cipher */ -#define LTC_RC4 - -/* Fortuna PRNG */ -#define LTC_FORTUNA -/* reseed every N calls to the read function */ -#define LTC_FORTUNA_WD 10 -/* number of pools (4..32) can save a bit of ram by lowering the count */ -#define LTC_FORTUNA_POOLS 32 - -/* Greg's LTC_SOBER128 PRNG ;-0 */ -#define LTC_SOBER128 - -/* the *nix style /dev/random device */ -#define LTC_DEVRANDOM -/* try /dev/urandom before trying /dev/random */ -#define TRY_URANDOM_FIRST - -#endif /* LTC_NO_PRNGS */ - -/* ---> math provider? <--- */ -#ifndef LTC_NO_MATH - -/* LibTomMath */ -/* #define LTM_LTC_DESC */ - -/* TomsFastMath */ -/* #define TFM_LTC_DESC */ - -#endif /* LTC_NO_MATH */ - -/* ---> Public Key Crypto <--- */ -#ifndef LTC_NO_PK - -/* Include RSA support */ -#define LTC_MRSA - -/* Include Katja (a Rabin variant like RSA) */ -/* #define MKAT */ - -/* Digital Signature Algorithm */ -#define LTC_MDSA - -/* ECC */ -#define LTC_MECC - -/* use Shamir's trick for point mul (speeds up signature verification) */ -#define LTC_ECC_SHAMIR - -#if defined(TFM_LTC_DESC) && defined(LTC_MECC) -#define LTC_MECC_ACCEL -#endif - -/* do we want fixed point ECC */ -/* #define LTC_MECC_FP */ - -/* Timing Resistant? */ -/* #define LTC_ECC_TIMING_RESISTANT */ - -#endif /* LTC_NO_PK */ - -/* LTC_PKCS #1 (RSA) and #5 (Password Handling) stuff */ -#ifndef LTC_NO_PKCS - -#define LTC_PKCS_1 -#define LTC_PKCS_5 - -/* Include ASN.1 DER (required by DSA/RSA) */ -#define LTC_DER - -#endif /* LTC_NO_PKCS */ - -/* cleanup */ - -#ifdef LTC_MECC -/* Supported ECC Key Sizes */ -#ifndef LTC_NO_CURVES -#define ECC112 -#define ECC128 -#define ECC160 -#define ECC192 -#define ECC224 -#define ECC256 -#define ECC384 -#define ECC521 -#endif -#endif - -#if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(MKATJA) -/* Include the MPI functionality? (required by the PK algorithms) */ -#define MPI -#endif - -#ifdef LTC_MRSA -#define LTC_PKCS_1 -#endif - -#if defined(LTC_DER) && !defined(MPI) -#error ASN.1 DER requires MPI functionality -#endif - -#if (defined(LTC_MDSA) || defined(LTC_MRSA) || defined(LTC_MECC) || defined(MKATJA)) && \ - !defined(LTC_DER) -#error PK requires ASN.1 DER functionality, make sure LTC_DER is enabled -#endif - -/* THREAD management */ -#ifdef LTC_PTHREAD - -#include <pthread.h> - -#define LTC_MUTEX_GLOBAL(x) pthread_mutex_t x = PTHREAD_MUTEX_INITIALIZER; -#define LTC_MUTEX_PROTO(x) extern pthread_mutex_t x; -#define LTC_MUTEX_TYPE(x) pthread_mutex_t x; -#define LTC_MUTEX_INIT(x) pthread_mutex_init(x, NULL); -#define LTC_MUTEX_LOCK(x) pthread_mutex_lock(x); -#define LTC_MUTEX_UNLOCK(x) pthread_mutex_unlock(x); - -#else - -/* default no functions */ -#define LTC_MUTEX_GLOBAL(x) -#define LTC_MUTEX_PROTO(x) -#define LTC_MUTEX_TYPE(x) -#define LTC_MUTEX_INIT(x) -#define LTC_MUTEX_LOCK(x) -#define LTC_MUTEX_UNLOCK(x) - -#endif - -/* Debuggers */ - -/* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and LTC_RC4 work (see the - * code) */ -/* #define LTC_VALGRIND */ - -#endif - - -/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_custom.h,v $ */ -/* $Revision: 1.73 $ */ -/* $Date: 2007/05/12 14:37:41 $ */ diff --git a/src/mongo/crypto/tom/tomcrypt_hash.h b/src/mongo/crypto/tom/tomcrypt_hash.h deleted file mode 100644 index db3cd46c152..00000000000 --- a/src/mongo/crypto/tom/tomcrypt_hash.h +++ /dev/null @@ -1,403 +0,0 @@ -/* Copyright 2014 MongoDB Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* ---- HASH FUNCTIONS ---- */ -#ifdef LTC_SHA512 -struct sha512_state { - ulong64 length, state[8]; - unsigned long curlen; - unsigned char buf[128]; -}; -#endif - -#ifdef LTC_SHA256 -struct sha256_state { - ulong64 length; - ulong32 state[8], curlen; - unsigned char buf[64]; -}; -#endif - -#ifdef LTC_SHA1 -struct sha1_state { - ulong64 length; - ulong32 state[5], curlen; - unsigned char buf[64]; -}; -#endif - -#ifdef LTC_MD5 -struct md5_state { - ulong64 length; - ulong32 state[4], curlen; - unsigned char buf[64]; -}; -#endif - -#ifdef LTC_MD4 -struct md4_state { - ulong64 length; - ulong32 state[4], curlen; - unsigned char buf[64]; -}; -#endif - -#ifdef LTC_TIGER -struct tiger_state { - ulong64 state[3], length; - unsigned long curlen; - unsigned char buf[64]; -}; -#endif - -#ifdef LTC_MD2 -struct md2_state { - unsigned char chksum[16], X[48], buf[16]; - unsigned long curlen; -}; -#endif - -#ifdef LTC_RIPEMD128 -struct rmd128_state { - ulong64 length; - unsigned char buf[64]; - ulong32 curlen, state[4]; -}; -#endif - -#ifdef LTC_RIPEMD160 -struct rmd160_state { - ulong64 length; - unsigned char buf[64]; - ulong32 curlen, state[5]; -}; -#endif - -#ifdef LTC_RIPEMD256 -struct rmd256_state { - ulong64 length; - unsigned char buf[64]; - ulong32 curlen, state[8]; -}; -#endif - -#ifdef LTC_RIPEMD320 -struct rmd320_state { - ulong64 length; - unsigned char buf[64]; - ulong32 curlen, state[10]; -}; -#endif - -#ifdef LTC_WHIRLPOOL -struct whirlpool_state { - ulong64 length, state[8]; - unsigned char buf[64]; - ulong32 curlen; -}; -#endif - -#ifdef LTC_CHC_HASH -struct chc_state { - ulong64 length; - unsigned char state[MAXBLOCKSIZE], buf[MAXBLOCKSIZE]; - ulong32 curlen; -}; -#endif - -typedef union Hash_state { - char dummy[1]; -#ifdef LTC_CHC_HASH - struct chc_state chc; -#endif -#ifdef LTC_WHIRLPOOL - struct whirlpool_state whirlpool; -#endif -#ifdef LTC_SHA512 - struct sha512_state sha512; -#endif -#ifdef LTC_SHA256 - struct sha256_state sha256; -#endif -#ifdef LTC_SHA1 - struct sha1_state sha1; -#endif -#ifdef LTC_MD5 - struct md5_state md5; -#endif -#ifdef LTC_MD4 - struct md4_state md4; -#endif -#ifdef LTC_MD2 - struct md2_state md2; -#endif -#ifdef LTC_TIGER - struct tiger_state tiger; -#endif -#ifdef LTC_RIPEMD128 - struct rmd128_state rmd128; -#endif -#ifdef LTC_RIPEMD160 - struct rmd160_state rmd160; -#endif -#ifdef LTC_RIPEMD256 - struct rmd256_state rmd256; -#endif -#ifdef LTC_RIPEMD320 - struct rmd320_state rmd320; -#endif - void* data; -} hash_state; - -/** hash descriptor */ -extern struct ltc_hash_descriptor { - /** name of hash */ - char* name; - /** internal ID */ - unsigned char ID; - /** Size of digest in octets */ - unsigned long hashsize; - /** Input block size in octets */ - unsigned long blocksize; - /** ASN.1 OID */ - unsigned long OID[16]; - /** Length of DER encoding */ - unsigned long OIDlen; - - /** Init a hash state - @param hash The hash to initialize - @return CRYPT_OK if successful - */ - int (*init)(hash_state* hash); - /** Process a block of data - @param hash The hash state - @param in The data to hash - @param inlen The length of the data (octets) - @return CRYPT_OK if successful - */ - int (*process)(hash_state* hash, const unsigned char* in, unsigned long inlen); - /** Produce the digest and store it - @param hash The hash state - @param out [out] The destination of the digest - @return CRYPT_OK if successful - */ - int (*done)(hash_state* hash, unsigned char* out); - /** Self-test - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled - */ - int (*test)(void); - - /* accelerated hmac callback: if you need to-do multiple packets just use the generic - * hmac_memory and provide a hash callback */ - int (*hmac_block)(const unsigned char* key, - unsigned long keylen, - const unsigned char* in, - unsigned long inlen, - unsigned char* out, - unsigned long* outlen); - -} hash_descriptor[]; - -#ifdef LTC_CHC_HASH -int chc_register(int cipher); -int chc_init(hash_state* md); -int chc_process(hash_state* md, const unsigned char* in, unsigned long inlen); -int chc_done(hash_state* md, unsigned char* hash); -int chc_test(void); -extern const struct ltc_hash_descriptor chc_desc; -#endif - -#ifdef LTC_WHIRLPOOL -int whirlpool_init(hash_state* md); -int whirlpool_process(hash_state* md, const unsigned char* in, unsigned long inlen); -int whirlpool_done(hash_state* md, unsigned char* hash); -int whirlpool_test(void); -extern const struct ltc_hash_descriptor whirlpool_desc; -#endif - -#ifdef LTC_SHA512 -int sha512_init(hash_state* md); -int sha512_process(hash_state* md, const unsigned char* in, unsigned long inlen); -int sha512_done(hash_state* md, unsigned char* hash); -int sha512_test(void); -extern const struct ltc_hash_descriptor sha512_desc; -#endif - -#ifdef LTC_SHA384 -#ifndef LTC_SHA512 -#error LTC_SHA512 is required for LTC_SHA384 -#endif -int sha384_init(hash_state* md); -#define sha384_process sha512_process -int sha384_done(hash_state* md, unsigned char* hash); -int sha384_test(void); -extern const struct ltc_hash_descriptor sha384_desc; -#endif - -#ifdef LTC_SHA256 -int sha256_init(hash_state* md); -int sha256_process(hash_state* md, const unsigned char* in, unsigned long inlen); -int sha256_done(hash_state* md, unsigned char* hash); -int sha256_test(void); -extern const struct ltc_hash_descriptor sha256_desc; - -#ifdef LTC_SHA224 -#ifndef LTC_SHA256 -#error LTC_SHA256 is required for LTC_SHA224 -#endif -int sha224_init(hash_state* md); -#define sha224_process sha256_process -int sha224_done(hash_state* md, unsigned char* hash); -int sha224_test(void); -extern const struct ltc_hash_descriptor sha224_desc; -#endif -#endif - -#ifdef LTC_SHA1 -int sha1_init(hash_state* md); -int sha1_process(hash_state* md, const unsigned char* in, unsigned long inlen); -int sha1_done(hash_state* md, unsigned char* hash); -int sha1_test(void); -extern const struct ltc_hash_descriptor sha1_desc; -#endif - -#ifdef LTC_MD5 -int md5_init(hash_state* md); -int md5_process(hash_state* md, const unsigned char* in, unsigned long inlen); -int md5_done(hash_state* md, unsigned char* hash); -int md5_test(void); -extern const struct ltc_hash_descriptor md5_desc; -#endif - -#ifdef LTC_MD4 -int md4_init(hash_state* md); -int md4_process(hash_state* md, const unsigned char* in, unsigned long inlen); -int md4_done(hash_state* md, unsigned char* hash); -int md4_test(void); -extern const struct ltc_hash_descriptor md4_desc; -#endif - -#ifdef LTC_MD2 -int md2_init(hash_state* md); -int md2_process(hash_state* md, const unsigned char* in, unsigned long inlen); -int md2_done(hash_state* md, unsigned char* hash); -int md2_test(void); -extern const struct ltc_hash_descriptor md2_desc; -#endif - -#ifdef LTC_TIGER -int tiger_init(hash_state* md); -int tiger_process(hash_state* md, const unsigned char* in, unsigned long inlen); -int tiger_done(hash_state* md, unsigned char* hash); -int tiger_test(void); -extern const struct ltc_hash_descriptor tiger_desc; -#endif - -#ifdef LTC_RIPEMD128 -int rmd128_init(hash_state* md); -int rmd128_process(hash_state* md, const unsigned char* in, unsigned long inlen); -int rmd128_done(hash_state* md, unsigned char* hash); -int rmd128_test(void); -extern const struct ltc_hash_descriptor rmd128_desc; -#endif - -#ifdef LTC_RIPEMD160 -int rmd160_init(hash_state* md); -int rmd160_process(hash_state* md, const unsigned char* in, unsigned long inlen); -int rmd160_done(hash_state* md, unsigned char* hash); -int rmd160_test(void); -extern const struct ltc_hash_descriptor rmd160_desc; -#endif - -#ifdef LTC_RIPEMD256 -int rmd256_init(hash_state* md); -int rmd256_process(hash_state* md, const unsigned char* in, unsigned long inlen); -int rmd256_done(hash_state* md, unsigned char* hash); -int rmd256_test(void); -extern const struct ltc_hash_descriptor rmd256_desc; -#endif - -#ifdef LTC_RIPEMD320 -int rmd320_init(hash_state* md); -int rmd320_process(hash_state* md, const unsigned char* in, unsigned long inlen); -int rmd320_done(hash_state* md, unsigned char* hash); -int rmd320_test(void); -extern const struct ltc_hash_descriptor rmd320_desc; -#endif - - -int find_hash(const char* name); -int find_hash_id(unsigned char ID); -int find_hash_oid(const unsigned long* ID, unsigned long IDlen); -int find_hash_any(const char* name, int digestlen); -int register_hash(const struct ltc_hash_descriptor* hash); -int unregister_hash(const struct ltc_hash_descriptor* hash); -int hash_is_valid(int idx); - -LTC_MUTEX_PROTO(ltc_hash_mutex) - -int hash_memory(int hash, - const unsigned char* in, - unsigned long inlen, - unsigned char* out, - unsigned long* outlen); -int hash_memory_multi(int hash, - unsigned char* out, - unsigned long* outlen, - const unsigned char* in, - unsigned long inlen, - ...); -int hash_filehandle(int hash, FILE* in, unsigned char* out, unsigned long* outlen); -int hash_file(int hash, const char* fname, unsigned char* out, unsigned long* outlen); - -/* a simple macro for making hash "process" functions */ -#define HASH_PROCESS(func_name, compress_name, state_var, block_size) \ - int func_name(hash_state* md, const unsigned char* in, unsigned long inlen) { \ - unsigned long n; \ - int err; \ - LTC_ARGCHK(md != NULL); \ - LTC_ARGCHK(in != NULL); \ - if (md->state_var.curlen > sizeof(md->state_var.buf)) { \ - return CRYPT_INVALID_ARG; \ - } \ - while (inlen > 0) { \ - if (md->state_var.curlen == 0 && inlen >= block_size) { \ - if ((err = compress_name(md, (unsigned char*)in)) != CRYPT_OK) { \ - return err; \ - } \ - md->state_var.length += block_size * 8; \ - in += block_size; \ - inlen -= block_size; \ - } else { \ - n = MIN(inlen, (block_size - md->state_var.curlen)); \ - memcpy(md->state_var.buf + md->state_var.curlen, in, (size_t)n); \ - md->state_var.curlen += n; \ - in += n; \ - inlen -= n; \ - if (md->state_var.curlen == block_size) { \ - if ((err = compress_name(md, md->state_var.buf)) != CRYPT_OK) { \ - return err; \ - } \ - md->state_var.length += 8 * block_size; \ - md->state_var.curlen = 0; \ - } \ - } \ - } \ - return CRYPT_OK; \ - } - -/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_hash.h,v $ */ -/* $Revision: 1.22 $ */ -/* $Date: 2007/05/12 14:32:35 $ */ diff --git a/src/mongo/crypto/tom/tomcrypt_mac.h b/src/mongo/crypto/tom/tomcrypt_mac.h deleted file mode 100644 index e850aa88a3a..00000000000 --- a/src/mongo/crypto/tom/tomcrypt_mac.h +++ /dev/null @@ -1,473 +0,0 @@ -/* Copyright 2014 MongoDB Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifdef LTC_HMAC -typedef struct Hmac_state { - hash_state md; - int hash; - hash_state hashstate; - unsigned char* key; -} hmac_state; - -int hmac_init(hmac_state* hmac, int hash, const unsigned char* key, unsigned long keylen); -int hmac_process(hmac_state* hmac, const unsigned char* in, unsigned long inlen); -int hmac_done(hmac_state* hmac, unsigned char* out, unsigned long* outlen); -int hmac_test(void); -int hmac_memory(int hash, - const unsigned char* key, - unsigned long keylen, - const unsigned char* in, - unsigned long inlen, - unsigned char* out, - unsigned long* outlen); -int hmac_memory_multi(int hash, - const unsigned char* key, - unsigned long keylen, - unsigned char* out, - unsigned long* outlen, - const unsigned char* in, - unsigned long inlen, - ...); -int hmac_file(int hash, - const char* fname, - const unsigned char* key, - unsigned long keylen, - unsigned char* dst, - unsigned long* dstlen); -#endif - -#ifdef LTC_OMAC - -typedef struct { - int cipher_idx, buflen, blklen; - unsigned char block[MAXBLOCKSIZE], prev[MAXBLOCKSIZE], Lu[2][MAXBLOCKSIZE]; - symmetric_key key; -} omac_state; - -int omac_init(omac_state* omac, int cipher, const unsigned char* key, unsigned long keylen); -int omac_process(omac_state* omac, const unsigned char* in, unsigned long inlen); -int omac_done(omac_state* omac, unsigned char* out, unsigned long* outlen); -int omac_memory(int cipher, - const unsigned char* key, - unsigned long keylen, - const unsigned char* in, - unsigned long inlen, - unsigned char* out, - unsigned long* outlen); -int omac_memory_multi(int cipher, - const unsigned char* key, - unsigned long keylen, - unsigned char* out, - unsigned long* outlen, - const unsigned char* in, - unsigned long inlen, - ...); -int omac_file(int cipher, - const unsigned char* key, - unsigned long keylen, - const char* filename, - unsigned char* out, - unsigned long* outlen); -int omac_test(void); -#endif /* LTC_OMAC */ - -#ifdef LTC_PMAC - -typedef struct { - unsigned char Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */ - Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */ - Lr[MAXBLOCKSIZE], /* L * x^-1 */ - block[MAXBLOCKSIZE], /* currently accumulated block */ - checksum[MAXBLOCKSIZE]; /* current checksum */ - - symmetric_key key; /* scheduled key for cipher */ - unsigned long block_index; /* index # for current block */ - int cipher_idx, /* cipher idx */ - block_len, /* length of block */ - buflen; /* number of bytes in the buffer */ -} pmac_state; - -int pmac_init(pmac_state* pmac, int cipher, const unsigned char* key, unsigned long keylen); -int pmac_process(pmac_state* pmac, const unsigned char* in, unsigned long inlen); -int pmac_done(pmac_state* pmac, unsigned char* out, unsigned long* outlen); - -int pmac_memory(int cipher, - const unsigned char* key, - unsigned long keylen, - const unsigned char* msg, - unsigned long msglen, - unsigned char* out, - unsigned long* outlen); - -int pmac_memory_multi(int cipher, - const unsigned char* key, - unsigned long keylen, - unsigned char* out, - unsigned long* outlen, - const unsigned char* in, - unsigned long inlen, - ...); - -int pmac_file(int cipher, - const unsigned char* key, - unsigned long keylen, - const char* filename, - unsigned char* out, - unsigned long* outlen); - -int pmac_test(void); - -/* internal functions */ -int pmac_ntz(unsigned long x); -void pmac_shift_xor(pmac_state* pmac); - -#endif /* PMAC */ - -#ifdef LTC_EAX_MODE - -#if !(defined(LTC_OMAC) && defined(LTC_CTR_MODE)) -#error LTC_EAX_MODE requires LTC_OMAC and CTR -#endif - -typedef struct { - unsigned char N[MAXBLOCKSIZE]; - symmetric_CTR ctr; - omac_state headeromac, ctomac; -} eax_state; - -int eax_init(eax_state* eax, - int cipher, - const unsigned char* key, - unsigned long keylen, - const unsigned char* nonce, - unsigned long noncelen, - const unsigned char* header, - unsigned long headerlen); - -int eax_encrypt(eax_state* eax, const unsigned char* pt, unsigned char* ct, unsigned long length); -int eax_decrypt(eax_state* eax, const unsigned char* ct, unsigned char* pt, unsigned long length); -int eax_addheader(eax_state* eax, const unsigned char* header, unsigned long length); -int eax_done(eax_state* eax, unsigned char* tag, unsigned long* taglen); - -int eax_encrypt_authenticate_memory(int cipher, - const unsigned char* key, - unsigned long keylen, - const unsigned char* nonce, - unsigned long noncelen, - const unsigned char* header, - unsigned long headerlen, - const unsigned char* pt, - unsigned long ptlen, - unsigned char* ct, - unsigned char* tag, - unsigned long* taglen); - -int eax_decrypt_verify_memory(int cipher, - const unsigned char* key, - unsigned long keylen, - const unsigned char* nonce, - unsigned long noncelen, - const unsigned char* header, - unsigned long headerlen, - const unsigned char* ct, - unsigned long ctlen, - unsigned char* pt, - unsigned char* tag, - unsigned long taglen, - int* stat); - -int eax_test(void); -#endif /* EAX MODE */ - -#ifdef LTC_OCB_MODE -typedef struct { - unsigned char L[MAXBLOCKSIZE], /* L value */ - Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */ - Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */ - Lr[MAXBLOCKSIZE], /* L * x^-1 */ - R[MAXBLOCKSIZE], /* R value */ - checksum[MAXBLOCKSIZE]; /* current checksum */ - - symmetric_key key; /* scheduled key for cipher */ - unsigned long block_index; /* index # for current block */ - int cipher, /* cipher idx */ - block_len; /* length of block */ -} ocb_state; - -int ocb_init(ocb_state* ocb, - int cipher, - const unsigned char* key, - unsigned long keylen, - const unsigned char* nonce); - -int ocb_encrypt(ocb_state* ocb, const unsigned char* pt, unsigned char* ct); -int ocb_decrypt(ocb_state* ocb, const unsigned char* ct, unsigned char* pt); - -int ocb_done_encrypt(ocb_state* ocb, - const unsigned char* pt, - unsigned long ptlen, - unsigned char* ct, - unsigned char* tag, - unsigned long* taglen); - -int ocb_done_decrypt(ocb_state* ocb, - const unsigned char* ct, - unsigned long ctlen, - unsigned char* pt, - const unsigned char* tag, - unsigned long taglen, - int* stat); - -int ocb_encrypt_authenticate_memory(int cipher, - const unsigned char* key, - unsigned long keylen, - const unsigned char* nonce, - const unsigned char* pt, - unsigned long ptlen, - unsigned char* ct, - unsigned char* tag, - unsigned long* taglen); - -int ocb_decrypt_verify_memory(int cipher, - const unsigned char* key, - unsigned long keylen, - const unsigned char* nonce, - const unsigned char* ct, - unsigned long ctlen, - unsigned char* pt, - const unsigned char* tag, - unsigned long taglen, - int* stat); - -int ocb_test(void); - -/* internal functions */ -void ocb_shift_xor(ocb_state* ocb, unsigned char* Z); -int ocb_ntz(unsigned long x); -int s_ocb_done(ocb_state* ocb, - const unsigned char* pt, - unsigned long ptlen, - unsigned char* ct, - unsigned char* tag, - unsigned long* taglen, - int mode); - -#endif /* LTC_OCB_MODE */ - -#ifdef LTC_CCM_MODE - -#define CCM_ENCRYPT 0 -#define CCM_DECRYPT 1 - -int ccm_memory(int cipher, - const unsigned char* key, - unsigned long keylen, - symmetric_key* uskey, - const unsigned char* nonce, - unsigned long noncelen, - const unsigned char* header, - unsigned long headerlen, - unsigned char* pt, - unsigned long ptlen, - unsigned char* ct, - unsigned char* tag, - unsigned long* taglen, - int direction); - -int ccm_test(void); - -#endif /* LTC_CCM_MODE */ - -#if defined(LRW_MODE) || defined(LTC_GCM_MODE) -void gcm_gf_mult(const unsigned char* a, const unsigned char* b, unsigned char* c); -#endif - - -/* table shared between GCM and LRW */ -#if defined(LTC_GCM_TABLES) || defined(LRW_TABLES) || \ - ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST)) -extern const unsigned char gcm_shift_table[]; -#endif - -#ifdef LTC_GCM_MODE - -#define GCM_ENCRYPT 0 -#define GCM_DECRYPT 1 - -#define LTC_GCM_MODE_IV 0 -#define LTC_GCM_MODE_AAD 1 -#define LTC_GCM_MODE_TEXT 2 - -typedef struct { - symmetric_key K; - unsigned char H[16], /* multiplier */ - X[16], /* accumulator */ - Y[16], /* counter */ - Y_0[16], /* initial counter */ - buf[16]; /* buffer for stuff */ - - int cipher, /* which cipher */ - ivmode, /* Which mode is the IV in? */ - mode, /* mode the GCM code is in */ - buflen; /* length of data in buf */ - - ulong64 totlen, /* 64-bit counter used for IV and AAD */ - pttotlen; /* 64-bit counter for the PT */ - -#ifdef LTC_GCM_TABLES - unsigned char PC[16][256][16] /* 16 tables of 8x128 */ -#ifdef LTC_GCM_TABLES_SSE2 - __attribute__((aligned(16))) -#endif - ; -#endif -} gcm_state; - -void gcm_mult_h(gcm_state* gcm, unsigned char* I); - -int gcm_init(gcm_state* gcm, int cipher, const unsigned char* key, int keylen); - -int gcm_reset(gcm_state* gcm); - -int gcm_add_iv(gcm_state* gcm, const unsigned char* IV, unsigned long IVlen); - -int gcm_add_aad(gcm_state* gcm, const unsigned char* adata, unsigned long adatalen); - -int gcm_process( - gcm_state* gcm, unsigned char* pt, unsigned long ptlen, unsigned char* ct, int direction); - -int gcm_done(gcm_state* gcm, unsigned char* tag, unsigned long* taglen); - -int gcm_memory(int cipher, - const unsigned char* key, - unsigned long keylen, - const unsigned char* IV, - unsigned long IVlen, - const unsigned char* adata, - unsigned long adatalen, - unsigned char* pt, - unsigned long ptlen, - unsigned char* ct, - unsigned char* tag, - unsigned long* taglen, - int direction); -int gcm_test(void); - -#endif /* LTC_GCM_MODE */ - -#ifdef LTC_PELICAN - -typedef struct pelican_state { - symmetric_key K; - unsigned char state[16]; - int buflen; -} pelican_state; - -int pelican_init(pelican_state* pelmac, const unsigned char* key, unsigned long keylen); -int pelican_process(pelican_state* pelmac, const unsigned char* in, unsigned long inlen); -int pelican_done(pelican_state* pelmac, unsigned char* out); -int pelican_test(void); - -int pelican_memory(const unsigned char* key, - unsigned long keylen, - const unsigned char* in, - unsigned long inlen, - unsigned char* out); - -#endif - -#ifdef LTC_XCBC - -/* add this to "keylen" to xcbc_init to use a pure three-key XCBC MAC */ -#define LTC_XCBC_PURE 0x8000UL - -typedef struct { - unsigned char K[3][MAXBLOCKSIZE], IV[MAXBLOCKSIZE]; - - symmetric_key key; - - int cipher, buflen, blocksize; -} xcbc_state; - -int xcbc_init(xcbc_state* xcbc, int cipher, const unsigned char* key, unsigned long keylen); -int xcbc_process(xcbc_state* xcbc, const unsigned char* in, unsigned long inlen); -int xcbc_done(xcbc_state* xcbc, unsigned char* out, unsigned long* outlen); -int xcbc_memory(int cipher, - const unsigned char* key, - unsigned long keylen, - const unsigned char* in, - unsigned long inlen, - unsigned char* out, - unsigned long* outlen); -int xcbc_memory_multi(int cipher, - const unsigned char* key, - unsigned long keylen, - unsigned char* out, - unsigned long* outlen, - const unsigned char* in, - unsigned long inlen, - ...); -int xcbc_file(int cipher, - const unsigned char* key, - unsigned long keylen, - const char* filename, - unsigned char* out, - unsigned long* outlen); -int xcbc_test(void); - -#endif - -#ifdef LTC_F9_MODE - -typedef struct { - unsigned char akey[MAXBLOCKSIZE], ACC[MAXBLOCKSIZE], IV[MAXBLOCKSIZE]; - - symmetric_key key; - - int cipher, buflen, keylen, blocksize; -} f9_state; - -int f9_init(f9_state* f9, int cipher, const unsigned char* key, unsigned long keylen); -int f9_process(f9_state* f9, const unsigned char* in, unsigned long inlen); -int f9_done(f9_state* f9, unsigned char* out, unsigned long* outlen); -int f9_memory(int cipher, - const unsigned char* key, - unsigned long keylen, - const unsigned char* in, - unsigned long inlen, - unsigned char* out, - unsigned long* outlen); -int f9_memory_multi(int cipher, - const unsigned char* key, - unsigned long keylen, - unsigned char* out, - unsigned long* outlen, - const unsigned char* in, - unsigned long inlen, - ...); -int f9_file(int cipher, - const unsigned char* key, - unsigned long keylen, - const char* filename, - unsigned char* out, - unsigned long* outlen); -int f9_test(void); - -#endif - - -/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_mac.h,v $ */ -/* $Revision: 1.23 $ */ -/* $Date: 2007/05/12 14:37:41 $ */ diff --git a/src/mongo/crypto/tom/tomcrypt_macros.h b/src/mongo/crypto/tom/tomcrypt_macros.h deleted file mode 100644 index e043c2bb36d..00000000000 --- a/src/mongo/crypto/tom/tomcrypt_macros.h +++ /dev/null @@ -1,512 +0,0 @@ -/* Copyright 2014 MongoDB Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* fix for MSVC ...evil! */ -#ifdef _MSC_VER -#define CONST64(n) n##ui64 -typedef unsigned __int64 ulong64; -#else -#define CONST64(n) n##ULL -typedef unsigned long long ulong64; -#endif - -/* this is the "32-bit at least" data type - * Re-define it to suit your platform but it must be at least 32-bits - */ -#if defined(__x86_64__) || (defined(__sparc__) && defined(__arch64__)) -typedef unsigned ulong32; -#else -typedef unsigned long ulong32; -#endif - -/* ---- HELPER MACROS ---- */ -#ifdef ENDIAN_NEUTRAL - -#define STORE32L(x, y) \ - { \ - (y)[3] = (unsigned char)(((x) >> 24) & 255); \ - (y)[2] = (unsigned char)(((x) >> 16) & 255); \ - (y)[1] = (unsigned char)(((x) >> 8) & 255); \ - (y)[0] = (unsigned char)((x)&255); \ - } - -#define LOAD32L(x, y) \ - { \ - x = ((unsigned long)((y)[3] & 255) << 24) | ((unsigned long)((y)[2] & 255) << 16) | \ - ((unsigned long)((y)[1] & 255) << 8) | ((unsigned long)((y)[0] & 255)); \ - } - -#define STORE64L(x, y) \ - { \ - (y)[7] = (unsigned char)(((x) >> 56) & 255); \ - (y)[6] = (unsigned char)(((x) >> 48) & 255); \ - (y)[5] = (unsigned char)(((x) >> 40) & 255); \ - (y)[4] = (unsigned char)(((x) >> 32) & 255); \ - (y)[3] = (unsigned char)(((x) >> 24) & 255); \ - (y)[2] = (unsigned char)(((x) >> 16) & 255); \ - (y)[1] = (unsigned char)(((x) >> 8) & 255); \ - (y)[0] = (unsigned char)((x)&255); \ - } - -#define LOAD64L(x, y) \ - { \ - x = (((ulong64)((y)[7] & 255)) << 56) | (((ulong64)((y)[6] & 255)) << 48) | \ - (((ulong64)((y)[5] & 255)) << 40) | (((ulong64)((y)[4] & 255)) << 32) | \ - (((ulong64)((y)[3] & 255)) << 24) | (((ulong64)((y)[2] & 255)) << 16) | \ - (((ulong64)((y)[1] & 255)) << 8) | (((ulong64)((y)[0] & 255))); \ - } - -#define STORE32H(x, y) \ - { \ - (y)[0] = (unsigned char)(((x) >> 24) & 255); \ - (y)[1] = (unsigned char)(((x) >> 16) & 255); \ - (y)[2] = (unsigned char)(((x) >> 8) & 255); \ - (y)[3] = (unsigned char)((x)&255); \ - } - -#define LOAD32H(x, y) \ - { \ - x = ((unsigned long)((y)[0] & 255) << 24) | ((unsigned long)((y)[1] & 255) << 16) | \ - ((unsigned long)((y)[2] & 255) << 8) | ((unsigned long)((y)[3] & 255)); \ - } - -#define STORE64H(x, y) \ - { \ - (y)[0] = (unsigned char)(((x) >> 56) & 255); \ - (y)[1] = (unsigned char)(((x) >> 48) & 255); \ - (y)[2] = (unsigned char)(((x) >> 40) & 255); \ - (y)[3] = (unsigned char)(((x) >> 32) & 255); \ - (y)[4] = (unsigned char)(((x) >> 24) & 255); \ - (y)[5] = (unsigned char)(((x) >> 16) & 255); \ - (y)[6] = (unsigned char)(((x) >> 8) & 255); \ - (y)[7] = (unsigned char)((x)&255); \ - } - -#define LOAD64H(x, y) \ - { \ - x = (((ulong64)((y)[0] & 255)) << 56) | (((ulong64)((y)[1] & 255)) << 48) | \ - (((ulong64)((y)[2] & 255)) << 40) | (((ulong64)((y)[3] & 255)) << 32) | \ - (((ulong64)((y)[4] & 255)) << 24) | (((ulong64)((y)[5] & 255)) << 16) | \ - (((ulong64)((y)[6] & 255)) << 8) | (((ulong64)((y)[7] & 255))); \ - } - -#endif /* ENDIAN_NEUTRAL */ - -#ifdef ENDIAN_LITTLE - -#if !defined(LTC_NO_BSWAP) && \ - (defined(INTEL_CC) || \ - (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || \ - defined(__i386__) || defined(__x86_64__)))) - -#define STORE32H(x, y) \ - asm __volatile__( \ - "bswapl %0 \n\t" \ - "movl %0,(%1)\n\t" \ - "bswapl %0 \n\t" ::"r"(x), \ - "r"(y)); - -#define LOAD32H(x, y) \ - asm __volatile__( \ - "movl (%1),%0\n\t" \ - "bswapl %0\n\t" \ - : "=r"(x) \ - : "r"(y)); - -#else - -#define STORE32H(x, y) \ - { \ - (y)[0] = (unsigned char)(((x) >> 24) & 255); \ - (y)[1] = (unsigned char)(((x) >> 16) & 255); \ - (y)[2] = (unsigned char)(((x) >> 8) & 255); \ - (y)[3] = (unsigned char)((x)&255); \ - } - -#define LOAD32H(x, y) \ - { \ - x = ((unsigned long)((y)[0] & 255) << 24) | ((unsigned long)((y)[1] & 255) << 16) | \ - ((unsigned long)((y)[2] & 255) << 8) | ((unsigned long)((y)[3] & 255)); \ - } - -#endif - - -/* x86_64 processor */ -#if !defined(LTC_NO_BSWAP) && (defined(__GNUC__) && defined(__x86_64__)) - -#define STORE64H(x, y) \ - asm __volatile__( \ - "bswapq %0 \n\t" \ - "movq %0,(%1)\n\t" \ - "bswapq %0 \n\t" ::"r"(x), \ - "r"(y)); - -#define LOAD64H(x, y) \ - asm __volatile__( \ - "movq (%1),%0\n\t" \ - "bswapq %0\n\t" \ - : "=r"(x) \ - : "r"(y)); - -#else - -#define STORE64H(x, y) \ - { \ - (y)[0] = (unsigned char)(((x) >> 56) & 255); \ - (y)[1] = (unsigned char)(((x) >> 48) & 255); \ - (y)[2] = (unsigned char)(((x) >> 40) & 255); \ - (y)[3] = (unsigned char)(((x) >> 32) & 255); \ - (y)[4] = (unsigned char)(((x) >> 24) & 255); \ - (y)[5] = (unsigned char)(((x) >> 16) & 255); \ - (y)[6] = (unsigned char)(((x) >> 8) & 255); \ - (y)[7] = (unsigned char)((x)&255); \ - } - -#define LOAD64H(x, y) \ - { \ - x = (((ulong64)((y)[0] & 255)) << 56) | (((ulong64)((y)[1] & 255)) << 48) | \ - (((ulong64)((y)[2] & 255)) << 40) | (((ulong64)((y)[3] & 255)) << 32) | \ - (((ulong64)((y)[4] & 255)) << 24) | (((ulong64)((y)[5] & 255)) << 16) | \ - (((ulong64)((y)[6] & 255)) << 8) | (((ulong64)((y)[7] & 255))); \ - } - -#endif - -#ifdef ENDIAN_32BITWORD - -#define STORE32L(x, y) \ - { \ - ulong32 __t = (x); \ - XMEMCPY(y, &__t, 4); \ - } - -#define LOAD32L(x, y) XMEMCPY(&(x), y, 4); - -#define STORE64L(x, y) \ - { \ - (y)[7] = (unsigned char)(((x) >> 56) & 255); \ - (y)[6] = (unsigned char)(((x) >> 48) & 255); \ - (y)[5] = (unsigned char)(((x) >> 40) & 255); \ - (y)[4] = (unsigned char)(((x) >> 32) & 255); \ - (y)[3] = (unsigned char)(((x) >> 24) & 255); \ - (y)[2] = (unsigned char)(((x) >> 16) & 255); \ - (y)[1] = (unsigned char)(((x) >> 8) & 255); \ - (y)[0] = (unsigned char)((x)&255); \ - } - -#define LOAD64L(x, y) \ - { \ - x = (((ulong64)((y)[7] & 255)) << 56) | (((ulong64)((y)[6] & 255)) << 48) | \ - (((ulong64)((y)[5] & 255)) << 40) | (((ulong64)((y)[4] & 255)) << 32) | \ - (((ulong64)((y)[3] & 255)) << 24) | (((ulong64)((y)[2] & 255)) << 16) | \ - (((ulong64)((y)[1] & 255)) << 8) | (((ulong64)((y)[0] & 255))); \ - } - -#else /* 64-bit words then */ - -#define STORE32L(x, y) \ - { \ - ulong32 __t = (x); \ - XMEMCPY(y, &__t, 4); \ - } - -#define LOAD32L(x, y) \ - { \ - XMEMCPY(&(x), y, 4); \ - x &= 0xFFFFFFFF; \ - } - -#define STORE64L(x, y) \ - { \ - ulong64 __t = (x); \ - XMEMCPY(y, &__t, 8); \ - } - -#define LOAD64L(x, y) \ - { XMEMCPY(&(x), y, 8); } - -#endif /* ENDIAN_64BITWORD */ - -#endif /* ENDIAN_LITTLE */ - -#ifdef ENDIAN_BIG -#define STORE32L(x, y) \ - { \ - (y)[3] = (unsigned char)(((x) >> 24) & 255); \ - (y)[2] = (unsigned char)(((x) >> 16) & 255); \ - (y)[1] = (unsigned char)(((x) >> 8) & 255); \ - (y)[0] = (unsigned char)((x)&255); \ - } - -#define LOAD32L(x, y) \ - { \ - x = ((unsigned long)((y)[3] & 255) << 24) | ((unsigned long)((y)[2] & 255) << 16) | \ - ((unsigned long)((y)[1] & 255) << 8) | ((unsigned long)((y)[0] & 255)); \ - } - -#define STORE64L(x, y) \ - { \ - (y)[7] = (unsigned char)(((x) >> 56) & 255); \ - (y)[6] = (unsigned char)(((x) >> 48) & 255); \ - (y)[5] = (unsigned char)(((x) >> 40) & 255); \ - (y)[4] = (unsigned char)(((x) >> 32) & 255); \ - (y)[3] = (unsigned char)(((x) >> 24) & 255); \ - (y)[2] = (unsigned char)(((x) >> 16) & 255); \ - (y)[1] = (unsigned char)(((x) >> 8) & 255); \ - (y)[0] = (unsigned char)((x)&255); \ - } - -#define LOAD64L(x, y) \ - { \ - x = (((ulong64)((y)[7] & 255)) << 56) | (((ulong64)((y)[6] & 255)) << 48) | \ - (((ulong64)((y)[5] & 255)) << 40) | (((ulong64)((y)[4] & 255)) << 32) | \ - (((ulong64)((y)[3] & 255)) << 24) | (((ulong64)((y)[2] & 255)) << 16) | \ - (((ulong64)((y)[1] & 255)) << 8) | (((ulong64)((y)[0] & 255))); \ - } - -#ifdef ENDIAN_32BITWORD - -#define STORE32H(x, y) \ - { \ - ulong32 __t = (x); \ - XMEMCPY(y, &__t, 4); \ - } - -#define LOAD32H(x, y) XMEMCPY(&(x), y, 4); - -#define STORE64H(x, y) \ - { \ - (y)[0] = (unsigned char)(((x) >> 56) & 255); \ - (y)[1] = (unsigned char)(((x) >> 48) & 255); \ - (y)[2] = (unsigned char)(((x) >> 40) & 255); \ - (y)[3] = (unsigned char)(((x) >> 32) & 255); \ - (y)[4] = (unsigned char)(((x) >> 24) & 255); \ - (y)[5] = (unsigned char)(((x) >> 16) & 255); \ - (y)[6] = (unsigned char)(((x) >> 8) & 255); \ - (y)[7] = (unsigned char)((x)&255); \ - } - -#define LOAD64H(x, y) \ - { \ - x = (((ulong64)((y)[0] & 255)) << 56) | (((ulong64)((y)[1] & 255)) << 48) | \ - (((ulong64)((y)[2] & 255)) << 40) | (((ulong64)((y)[3] & 255)) << 32) | \ - (((ulong64)((y)[4] & 255)) << 24) | (((ulong64)((y)[5] & 255)) << 16) | \ - (((ulong64)((y)[6] & 255)) << 8) | (((ulong64)((y)[7] & 255))); \ - } - -#else /* 64-bit words then */ - -#define STORE32H(x, y) \ - { \ - ulong32 __t = (x); \ - XMEMCPY(y, &__t, 4); \ - } - -#define LOAD32H(x, y) \ - { \ - XMEMCPY(&(x), y, 4); \ - x &= 0xFFFFFFFF; \ - } - -#define STORE64H(x, y) \ - { \ - ulong64 __t = (x); \ - XMEMCPY(y, &__t, 8); \ - } - -#define LOAD64H(x, y) \ - { XMEMCPY(&(x), y, 8); } - -#endif /* ENDIAN_64BITWORD */ -#endif /* ENDIAN_BIG */ - -#define BSWAP(x) \ - (((x >> 24) & 0x000000FFUL) | ((x << 24) & 0xFF000000UL) | ((x >> 8) & 0x0000FF00UL) | \ - ((x << 8) & 0x00FF0000UL)) - - -/* 32-bit Rotates */ -#if defined(_MSC_VER) - -/* instrinsic rotate */ -#include <stdlib.h> -#pragma intrinsic(_lrotr, _lrotl) -#define ROR(x, n) _lrotr(x, n) -#define ROL(x, n) _lrotl(x, n) -#define RORc(x, n) _lrotr(x, n) -#define ROLc(x, n) _lrotl(x, n) - -#elif !defined(__STRICT_ANSI__) && defined(__GNUC__) && \ - (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(LTC_NO_ASM) - -static inline unsigned ROL(unsigned word, int i) { - asm("roll %%cl,%0" : "=r"(word) : "0"(word), "c"(i)); - return word; -} - -static inline unsigned ROR(unsigned word, int i) { - asm("rorl %%cl,%0" : "=r"(word) : "0"(word), "c"(i)); - return word; -} - -#ifndef LTC_NO_ROLC - -static inline unsigned ROLc(unsigned word, const int i) { - asm("roll %2,%0" : "=r"(word) : "0"(word), "I"(i)); - return word; -} - -static inline unsigned RORc(unsigned word, const int i) { - asm("rorl %2,%0" : "=r"(word) : "0"(word), "I"(i)); - return word; -} - -#else - -#define ROLc ROL -#define RORc ROR - -#endif - -#elif !defined(__STRICT_ANSI__) && defined(LTC_PPC32) - -static inline unsigned ROL(unsigned word, int i) { - asm("rotlw %0,%0,%2" : "=r"(word) : "0"(word), "r"(i)); - return word; -} - -static inline unsigned ROR(unsigned word, int i) { - asm("rotlw %0,%0,%2" : "=r"(word) : "0"(word), "r"(32 - i)); - return word; -} - -#ifndef LTC_NO_ROLC - -static inline unsigned ROLc(unsigned word, const int i) { - asm("rotlwi %0,%0,%2" : "=r"(word) : "0"(word), "I"(i)); - return word; -} - -static inline unsigned RORc(unsigned word, const int i) { - asm("rotrwi %0,%0,%2" : "=r"(word) : "0"(word), "I"(i)); - return word; -} - -#else - -#define ROLc ROL -#define RORc ROR - -#endif - - -#else - -/* rotates the hard way */ -#define ROL(x, y) \ - ((((unsigned long)(x) << (unsigned long)((y)&31)) | \ - (((unsigned long)(x)&0xFFFFFFFFUL) >> (unsigned long)(32 - ((y)&31)))) & \ - 0xFFFFFFFFUL) -#define ROR(x, y) \ - (((((unsigned long)(x)&0xFFFFFFFFUL) >> (unsigned long)((y)&31)) | \ - ((unsigned long)(x) << (unsigned long)(32 - ((y)&31)))) & \ - 0xFFFFFFFFUL) -#define ROLc(x, y) \ - ((((unsigned long)(x) << (unsigned long)((y)&31)) | \ - (((unsigned long)(x)&0xFFFFFFFFUL) >> (unsigned long)(32 - ((y)&31)))) & \ - 0xFFFFFFFFUL) -#define RORc(x, y) \ - (((((unsigned long)(x)&0xFFFFFFFFUL) >> (unsigned long)((y)&31)) | \ - ((unsigned long)(x) << (unsigned long)(32 - ((y)&31)))) & \ - 0xFFFFFFFFUL) - -#endif - - -/* 64-bit Rotates */ -#if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(LTC_NO_ASM) - -static inline unsigned long ROL64(unsigned long word, int i) { - asm("rolq %%cl,%0" : "=r"(word) : "0"(word), "c"(i)); - return word; -} - -static inline unsigned long ROR64(unsigned long word, int i) { - asm("rorq %%cl,%0" : "=r"(word) : "0"(word), "c"(i)); - return word; -} - -#ifndef LTC_NO_ROLC - -static inline unsigned long ROL64c(unsigned long word, const int i) { - asm("rolq %2,%0" : "=r"(word) : "0"(word), "J"(i)); - return word; -} - -static inline unsigned long ROR64c(unsigned long word, const int i) { - asm("rorq %2,%0" : "=r"(word) : "0"(word), "J"(i)); - return word; -} - -#else /* LTC_NO_ROLC */ - -#define ROL64c ROL64 -#define ROR64c ROR64 - -#endif - -#else /* Not x86_64 */ - -#define ROL64(x, y) \ - ((((x) << ((ulong64)(y)&63)) | \ - (((x)&CONST64(0xFFFFFFFFFFFFFFFF)) >> ((ulong64)64 - ((y)&63)))) & \ - CONST64(0xFFFFFFFFFFFFFFFF)) - -#define ROR64(x, y) \ - (((((x)&CONST64(0xFFFFFFFFFFFFFFFF)) >> ((ulong64)(y)&CONST64(63))) | \ - ((x) << ((ulong64)(64 - ((y)&CONST64(63)))))) & \ - CONST64(0xFFFFFFFFFFFFFFFF)) - -#define ROL64c(x, y) \ - ((((x) << ((ulong64)(y)&63)) | \ - (((x)&CONST64(0xFFFFFFFFFFFFFFFF)) >> ((ulong64)64 - ((y)&63)))) & \ - CONST64(0xFFFFFFFFFFFFFFFF)) - -#define ROR64c(x, y) \ - (((((x)&CONST64(0xFFFFFFFFFFFFFFFF)) >> ((ulong64)(y)&CONST64(63))) | \ - ((x) << ((ulong64)(64 - ((y)&CONST64(63)))))) & \ - CONST64(0xFFFFFFFFFFFFFFFF)) - -#endif - -#ifndef MAX -#define MAX(x, y) (((x) > (y)) ? (x) : (y)) -#endif - -#ifndef MIN -#define MIN(x, y) (((x) < (y)) ? (x) : (y)) -#endif - -/* extract a byte portably */ -#ifdef _MSC_VER -#define byte(x, n) ((unsigned char)((x) >> (8 * (n)))) -#else -#define byte(x, n) (((x) >> (8 * (n))) & 255) -#endif - -/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_macros.h,v $ */ -/* $Revision: 1.15 $ */ -/* $Date: 2006/11/29 23:43:57 $ */ diff --git a/src/mongo/crypto/tom/tomcrypt_misc.h b/src/mongo/crypto/tom/tomcrypt_misc.h deleted file mode 100644 index 86559cf9852..00000000000 --- a/src/mongo/crypto/tom/tomcrypt_misc.h +++ /dev/null @@ -1,42 +0,0 @@ -/* Copyright 2014 MongoDB Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* ---- LTC_BASE64 Routines ---- */ -#ifdef LTC_BASE64 -int base64_encode(const unsigned char* in, - unsigned long len, - unsigned char* out, - unsigned long* outlen); - -int base64_decode(const unsigned char* in, - unsigned long len, - unsigned char* out, - unsigned long* outlen); -#endif - -/* ---- MEM routines ---- */ -void zeromem(void* dst, size_t len); -void burn_stack(unsigned long len); - -const char* error_to_string(int err); - -extern const char* crypt_build_settings; - -/* ---- HMM ---- */ -int crypt_fsa(void* mp, ...); - -/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_misc.h,v $ */ -/* $Revision: 1.5 $ */ -/* $Date: 2007/05/12 14:32:35 $ */ diff --git a/src/mongo/crypto/tom/zeromem.c b/src/mongo/crypto/tom/zeromem.c deleted file mode 100644 index 46e499e66ce..00000000000 --- a/src/mongo/crypto/tom/zeromem.c +++ /dev/null @@ -1,34 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ -#include "tomcrypt.h" - -/** - @file zeromem.c - Zero a block of memory, Tom St Denis -*/ - -/** - Zero a block of memory - @param out The destination of the area to zero - @param outlen The length of the area to zero (octets) -*/ -void zeromem(void *out, size_t outlen) -{ - unsigned char *mem = (unsigned char*)out; - LTC_ARGCHKVD(out != NULL); - while (outlen-- > 0) { - *mem++ = 0; - } -} - -/* $Source: /cvs/libtom/libtomcrypt/src/misc/zeromem.c,v $ */ -/* $Revision: 1.7 $ */ -/* $Date: 2006/12/28 01:27:24 $ */ |