ntru_ke.h ntru_ke.c \
ntru_test_rng.h ntru_test_rng.c \
ntru_crypto/ntru_crypto.h ntru_crypto/ntru_crypto_error.h \
- ntru_crypto/ntru_crypto_hash_basics.h \
- ntru_crypto/ntru_crypto_hash.h ntru_crypto/ntru_crypto_hash.c \
- ntru_crypto/ntru_crypto_msbyte_uint32.h \
- ntru_crypto/ntru_crypto_msbyte_uint32.c \
ntru_crypto/ntru_crypto_ntru_convert.h \
ntru_crypto/ntru_crypto_ntru_convert.c \
ntru_crypto/ntru_crypto_ntru_encrypt.c \
ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h \
ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c \
ntru_crypto/ntru_crypto_ntru_mgf1.h ntru_crypto/ntru_crypto_ntru_mgf1.c \
- ntru_crypto/ntru_crypto_ntru_poly.h ntru_crypto/ntru_crypto_ntru_poly.c \
- ntru_crypto/ntru_crypto_platform.h ntru_crypto/ntru_crypto_sha.h\
- ntru_crypto/ntru_crypto_sha1.h ntru_crypto/ntru_crypto_sha1.c\
- ntru_crypto/ntru_crypto_sha2.h ntru_crypto/ntru_crypto_sha2.c\
- ntru_crypto/ntru_crypto_sha256.h ntru_crypto/ntru_crypto_sha256.c
+ ntru_crypto/ntru_crypto_ntru_poly.h ntru_crypto/ntru_crypto_ntru_poly.c
libstrongswan_ntru_la_LDFLAGS = -module -avoid-version
+++ /dev/null
-/******************************************************************************
- * NTRU Cryptography Reference Source Code
- * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
- *
- * ntru_crypto_hash.c is a component of ntru-crypto.
- *
- * Copyright (C) 2009-2013 Security Innovation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- *****************************************************************************/
-
-/******************************************************************************
- *
- * File: ntru_crypto_hash.c
- *
- * Contents: Routines implementing the hash object abstraction.
- *
- *****************************************************************************/
-
-
-#include <stdlib.h>
-#include "ntru_crypto_hash.h"
-
-
-typedef uint32_t (*NTRU_CRYPTO_HASH_INIT_FN)(
- void *c);
-typedef uint32_t (*NTRU_CRYPTO_HASH_UPDATE_FN)(
- void *c,
- void const *data,
- uint32_t len);
-typedef uint32_t (*NTRU_CRYPTO_HASH_FINAL_FN)(
- void *c,
- void *md);
-typedef uint32_t (*NTRU_CRYPTO_HASH_DIGEST_FN)(
- void const *data,
- uint32_t len,
- void *md);
-
-typedef struct _NTRU_CRYPTO_HASH_ALG_PARAMS {
- uint8_t algid;
- uint16_t block_length;
- uint16_t digest_length;
- NTRU_CRYPTO_HASH_INIT_FN init;
- NTRU_CRYPTO_HASH_UPDATE_FN update;
- NTRU_CRYPTO_HASH_FINAL_FN final;
- NTRU_CRYPTO_HASH_FINAL_FN final_zero_pad;
- NTRU_CRYPTO_HASH_DIGEST_FN digest;
-} NTRU_CRYPTO_HASH_ALG_PARAMS;
-
-static NTRU_CRYPTO_HASH_ALG_PARAMS const algs_params[] = {
- {
- NTRU_CRYPTO_HASH_ALGID_SHA1,
- SHA_1_BLK_LEN,
- SHA_1_MD_LEN,
- (NTRU_CRYPTO_HASH_INIT_FN) SHA_1_INIT_FN,
- (NTRU_CRYPTO_HASH_UPDATE_FN) SHA_1_UPDATE_FN,
- (NTRU_CRYPTO_HASH_FINAL_FN) SHA_1_FINAL_FN,
- (NTRU_CRYPTO_HASH_FINAL_FN) SHA_1_FINAL_ZERO_PAD_FN,
- (NTRU_CRYPTO_HASH_DIGEST_FN) SHA_1_DIGEST_FN,
- },
- {
- NTRU_CRYPTO_HASH_ALGID_SHA256,
- SHA_256_BLK_LEN,
- SHA_256_MD_LEN,
- (NTRU_CRYPTO_HASH_INIT_FN) SHA_256_INIT_FN,
- (NTRU_CRYPTO_HASH_UPDATE_FN) SHA_256_UPDATE_FN,
- (NTRU_CRYPTO_HASH_FINAL_FN) SHA_256_FINAL_FN,
- (NTRU_CRYPTO_HASH_FINAL_FN) SHA_256_FINAL_ZERO_PAD_FN,
- (NTRU_CRYPTO_HASH_DIGEST_FN) SHA_256_DIGEST_FN,
- },
-};
-
-static int const numalgs = (sizeof(algs_params)/sizeof(algs_params[0]));
-
-
-/* get_alg_params
- *
- * Return a pointer to the hash algorithm parameters for the hash algorithm
- * specified, by looking for algid in the global algs_params table.
- * If not found, return NULL.
- */
-static NTRU_CRYPTO_HASH_ALG_PARAMS const *
-get_alg_params(
- NTRU_CRYPTO_HASH_ALGID algid) // in - the hash algorithm to find
-{
- int i;
-
- for (i = 0; i < numalgs; i++)
- if (algs_params[i].algid == algid)
- return &algs_params[i];
-
- return NULL;
-}
-
-
-/* ntru_crypto_hash_set_alg
- *
- * Sets the hash algorithm for the hash context. This must be called before
- * any calls to ntru_crypto_hash_block_length(),
- * ntru_crypto_hash_digest_length(), or ntru_crypto_hash_init() are made.
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the specified algorithm is not supported.
- */
-
-uint32_t
-ntru_crypto_hash_set_alg(
- NTRU_CRYPTO_HASH_ALGID algid, // in - hash algoirithm to be used
- NTRU_CRYPTO_HASH_CTX *c) // in/out - pointer to the hash context
-{
- if (!c)
- HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER);
-
- c->alg_params = get_alg_params(algid);
- if (!c->alg_params) {
- HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG);
- }
-
- HASH_RET(NTRU_CRYPTO_HASH_OK);
-}
-
-
-/* ntru_crypto_hash_block_length
- *
- * Gets the number of bytes in an input block for the hash algorithm
- * specified in the hash context. The hash algorithm must have been set
- * in the hash context with a call to ntru_crypto_hash_set_alg() prior to
- * calling this function.
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are
- * passed.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set.
- */
-
-uint32_t
-ntru_crypto_hash_block_length(
- NTRU_CRYPTO_HASH_CTX *c, // in - pointer to the hash context
- uint16_t *blk_len) // out - address for block length in bytes
-{
- if (!c || !blk_len)
- HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER);
-
- if (!c->alg_params)
- HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG);
-
- *blk_len = c->alg_params->block_length;
- HASH_RET(NTRU_CRYPTO_HASH_OK);
-}
-
-
-/* ntru_crypto_hash_digest_length
- *
- * Gets the number of bytes needed to hold the message digest for the
- * hash algorithm specified in the hash context. The algorithm must have
- * been set in the hash context with a call to ntru_crypto_hash_set_alg() prior
- * to calling this function.
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are
- * passed.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set.
- */
-
-uint32_t
-ntru_crypto_hash_digest_length(
- NTRU_CRYPTO_HASH_CTX const *c, // in - pointer to the hash context
- uint16_t *md_len) // out - addr for digest length in bytes
-{
- if (!c || !md_len)
- HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER);
-
- if (!c->alg_params)
- HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG);
-
- *md_len = c->alg_params->digest_length;
- HASH_RET(NTRU_CRYPTO_HASH_OK);
-}
-
-
-/* ntru_crypto_hash_init
- *
- * This routine performs standard initialization of the hash state.
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are
- * passed.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set.
- */
-
-uint32_t
-ntru_crypto_hash_init(
- NTRU_CRYPTO_HASH_CTX *c) // in/out - pointer to hash context
-{
- if (!c)
- HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER);
-
- if (!c->alg_params)
- HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG);
-
- return c->alg_params->init(&c->alg_ctx);
-}
-
-
-/* ntru_crypto_hash_update
- *
- * This routine processes input data and updates the hash calculation.
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are
- * passed.
- * Returns NTRU_CRYPTO_HASH_OVERFLOW if too much text has been fed to the
- * hash algorithm. The size limit is dependent on the hash algorithm,
- * and not all algorithms have this limit.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set.
- */
-
-uint32_t
-ntru_crypto_hash_update(
- NTRU_CRYPTO_HASH_CTX *c, // in/out - pointer to hash context
- uint8_t const *data, // in - pointer to input data
- uint32_t data_len) // in - number of bytes of input data
-{
- if (!c || (data_len && !data))
- HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER);
-
- if (!c->alg_params)
- HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG);
-
- return c->alg_params->update(&c->alg_ctx, data, data_len);
-}
-
-
-/* ntru_crypto_hash_final
- *
- * This routine completes the hash calculation and returns the message digest.
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are
- * passed.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set.
- */
-
-uint32_t
-ntru_crypto_hash_final(
- NTRU_CRYPTO_HASH_CTX *c, // in/out - pointer to hash context
- uint8_t *md) // out - address for message digest
-{
- if (!c || !md)
- HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER);
-
- if (!c->alg_params)
- HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG);
-
- return c->alg_params->final(&c->alg_ctx, md);
-}
-
-
-/* ntru_crypto_hash_final_zero_pad
- *
- * This routine completes the hash calculation using zero padding and
- * returns the message digest.
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are
- * passed.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set.
- */
-
-uint32_t
-ntru_crypto_hash_final_zero_pad(
- NTRU_CRYPTO_HASH_CTX *c, // in/out - pointer to hash context
- uint8_t *md) // out - address for message digest
-{
- if (!c || !md)
- HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER);
-
- if (!c->alg_params)
- HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG);
-
- return c->alg_params->final_zero_pad(&c->alg_ctx, md);
-}
-
-
-/* ntru_crypto_hash_digest
- *
- * This routine computes a message digest. It is assumed that the
- * output buffer md is large enough to hold the output (see
- * ntru_crypto_hash_digest_length)
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are
- * passed.
- * Returns NTRU_CRYPTO_HASH_OVERFLOW if too much text has been fed to the
- * hash algorithm. The size limit is dependent on the hash algorithm,
- * and not all algorithms have this limit.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the specified algorithm is not supported.
- */
-
-uint32_t
-ntru_crypto_hash_digest(
- NTRU_CRYPTO_HASH_ALGID algid, // in - the hash algorithm to use
- uint8_t const *data, // in - pointer to input data
- uint32_t data_len, // in - number of bytes of input data
- uint8_t *md) // out - address for message digest
-{
- NTRU_CRYPTO_HASH_ALG_PARAMS const *alg_params = get_alg_params(algid);
-
- if (!alg_params)
- HASH_RET(NTRU_CRYPTO_HASH_BAD_ALG);
-
- if ((data_len && !data) || !md)
- HASH_RET(NTRU_CRYPTO_HASH_BAD_PARAMETER);
-
- return alg_params->digest(data, data_len, md);
-}
-
+++ /dev/null
-/******************************************************************************
- * NTRU Cryptography Reference Source Code
- * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
- *
- * ntru_crypto_hash.h is a component of ntru-crypto.
- *
- * Copyright (C) 2009-2013 Security Innovation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- *****************************************************************************/
-
-/******************************************************************************
- *
- * File: ntru_crypto_hash.h
- *
- * Contents: Definitions and declarations for the hash object abstraction.
- *
- *****************************************************************************/
-
-#ifndef NTRU_CRYPTO_HASH_H
-#define NTRU_CRYPTO_HASH_H
-
-#include "ntru_crypto_error.h"
-#include "ntru_crypto_hash_basics.h"
-#include "ntru_crypto_sha1.h"
-#include "ntru_crypto_sha256.h"
-
-#include <library.h>
-
-/***************
- * error macro *
- ***************/
-
-#define HASH_RESULT(r) ((uint32_t)((r) ? HASH_ERROR_BASE + (r) : (r)))
-#define HASH_RET(r) return HASH_RESULT(r);
-
-
-/*************************
- * structure definitions *
- *************************/
-
-/* _NTRU_CRYPTO_HASH_ALG_PARAMS
- *
- * An opaque forward declaration for a private structure used
- * internally by the hash object interface.
- */
-
-struct _NTRU_CRYPTO_HASH_ALG_PARAMS;
-
-
-/* NTRU_CRYPTO_HASH_CTX
- *
- * Hash object context information.
- */
-
-typedef struct {
- struct _NTRU_CRYPTO_HASH_ALG_PARAMS const *alg_params;
- union {
- NTRU_CRYPTO_SHA1_CTX sha1;
- NTRU_CRYPTO_SHA2_CTX sha256;
- } alg_ctx;
-} NTRU_CRYPTO_HASH_CTX;
-
-
-/*************************
- * function declarations *
- *************************/
-
-/* ntru_crypto_hash_set_alg
- *
- * Sets the hash algorithm for the hash context. This must be called before
- * any calls to crypto_hash_block_length(), crypto_hash_digest_length(), or
- * crypto_hash_init() are made.
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are
- * passed.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the specified algorithm is not supported.
- */
-
-extern uint32_t
-ntru_crypto_hash_set_alg(
- NTRU_CRYPTO_HASH_ALGID algid, // in - hash algoirithm to be used
- NTRU_CRYPTO_HASH_CTX *c); // in/out - pointer to the hash context
-
-
-/* ntru_crypto_hash_block_length
- *
- * Gets the number of bytes in an input block for the hash algorithm
- * specified in the hash context. The hash algorithm must have been set
- * in the hash context with a call to crypto_hash_set_alg() prior to
- * calling this function.
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are
- * passed.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set.
- */
-
-extern uint32_t
-ntru_crypto_hash_block_length(
- NTRU_CRYPTO_HASH_CTX *c, // in - pointer to the hash context
- uint16_t *blk_len); // out - address for block length in bytes
-
-
-/* ntru_crypto_hash_digest_length
- *
- * Gets the number of bytes needed to hold the message digest for the
- * hash algorithm specified in the hash context. The algorithm must have
- * been set in the hash context with a call to crypto_hash_set_alg() prior
- * to calling this function.
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are
- * passed.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set.
- */
-
-extern uint32_t
-ntru_crypto_hash_digest_length(
- NTRU_CRYPTO_HASH_CTX const *c, // in - pointer to the hash context
- uint16_t *md_len); // out - addrfor digest length in bytes
-
-
-/* ntru_crypto_hash_init
- *
- * This routine initializes the hash state.
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are
- * passed.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set.
- */
-
-extern uint32_t
-ntru_crypto_hash_init(
- NTRU_CRYPTO_HASH_CTX *c); // in/out - pointer to hash context
-
-
-/* ntru_crypto_hash_update
- *
- * This routine processes input data and updates the hash calculation.
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are
- * passed.
- * Returns NTRU_CRYPTO_HASH_OVERFLOW if too much text has been fed to the
- * hash algorithm. The size limit is dependent on the hash algorithm,
- * and not all algorithms have this limit.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set.
- */
-
-extern uint32_t
-ntru_crypto_hash_update(
- NTRU_CRYPTO_HASH_CTX *c, // in/out - pointer to hash context
- uint8_t const *data, // in - pointer to input data
- uint32_t data_len); // in - number of bytes of input data
-
-
-/* ntru_crypto_hash_final
- *
- * This routine completes the hash calculation and returns the message digest.
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are
- * passed.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set.
- */
-
-extern uint32_t
-ntru_crypto_hash_final(
- NTRU_CRYPTO_HASH_CTX *c, // in/out - pointer to hash context
- uint8_t *md); // out - address for message digest
-
-
-/* ntru_crypto_hash_final_zero_pad
- *
- * This routine completes the hash calculation using zero padding and
- * returns the message digest.
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are
- * passed.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the algorithm has not been set.
- */
-
-extern uint32_t
-ntru_crypto_hash_final_zero_pad(
- NTRU_CRYPTO_HASH_CTX *c, // in/out - pointer to hash context
- uint8_t *md); // out - address for message digest
-
-
-/* ntru_crypto_hash_digest
- *
- * This routine computes a message digest. It is assumed that the
- * output buffer md is large enough to hold the output (see
- * crypto_hash_digest_length)
- *
- * Returns NTRU_CRYPTO_HASH_OK on success.
- * Returns NTRU_CRYPTO_HASH_FAIL with corrupted context.
- * Returns NTRU_CRYPTO_HASH_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns NTRU_CRYPTO_HASH_OVERFLOW if too much text has been fed to the
- * hash algorithm. The size limit is dependent on the hash algorithm,
- * and not all algorithms have this limit.
- * Returns NTRU_CRYPTO_HASH_BAD_ALG if the specified algorithm is not supported.
- */
-
-extern uint32_t
-ntru_crypto_hash_digest(
- NTRU_CRYPTO_HASH_ALGID algid, // in - the hash algorithm to use
- uint8_t const *data, // in - pointer to input data
- uint32_t data_len, // in - number of bytes of input data
- uint8_t *md); // out - address for message digest
-
-
-#endif /* NTRU_CRYPTO_HASH_H */
+++ /dev/null
-/******************************************************************************
- * NTRU Cryptography Reference Source Code
- * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
- *
- * ntru_crypto_hash_basics.c is a component of ntru-crypto.
- *
- * Copyright (C) 2009-2013 Security Innovation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- *****************************************************************************/
-
-/******************************************************************************
- *
- * File: ntru_crypto_hash_basics.h
- *
- * Contents: Common definitions for all hash algorithms.
- *
- *****************************************************************************/
-
-#ifndef NTRU_CRYPTO_HASH_BASICS_H
-#define NTRU_CRYPTO_HASH_BASICS_H
-
-#include <library.h>
-
-
-/**************
- * algorithms *
- **************/
-
-typedef enum {
- NTRU_CRYPTO_HASH_ALGID_NONE = 0,
- NTRU_CRYPTO_HASH_ALGID_SHA1,
- NTRU_CRYPTO_HASH_ALGID_SHA256,
-} NTRU_CRYPTO_HASH_ALGID;
-
-
-/***************
- * error codes *
- ***************/
-
-#define NTRU_CRYPTO_HASH_OK ((uint32_t)0x00)
-#define NTRU_CRYPTO_HASH_FAIL ((uint32_t)0x01)
-#define NTRU_CRYPTO_HASH_BAD_PARAMETER ((uint32_t)0x02)
-#define NTRU_CRYPTO_HASH_OVERFLOW ((uint32_t)0x03)
-#define NTRU_CRYPTO_HASH_BAD_ALG ((uint32_t)0x20)
-#define NTRU_CRYPTO_HASH_OUT_OF_MEMORY ((uint32_t)0x21)
-
-// For backward-compatibility
-typedef uint32_t NTRU_CRYPTO_HASH_ERROR;
-
-
-/*********
- * flags *
- *********/
-
-#define HASH_DATA_ONLY 0
-#define HASH_INIT (1 << 0)
-#define HASH_FINISH (1 << 1)
-#define HASH_ZERO_PAD (1 << 2)
-
-
-#endif /* NTRU_CRYPTO_HASH_BASICS_H */
+++ /dev/null
-/******************************************************************************
- * NTRU Cryptography Reference Source Code
- * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
- *
- * ntru_crypto_mbyte_uint32.c is a component of ntru-crypto.
- *
- * Copyright (C) 2009-2013 Security Innovation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- *****************************************************************************/
-
-/******************************************************************************
- *
- * File: ntru_crypto_msbyte_uint32.c
- *
- * Contents: Routines to convert between an array of bytes in network byte
- * order (most-significant byte first) and an array of uint32 words.
- *
- *****************************************************************************/
-
-
-#include <stdlib.h>
-#include "ntru_crypto_msbyte_uint32.h"
-
-
-/* ntru_crypto_msbyte_2_uint32()
- *
- * This routine converts an array of bytes in network byte order to an array
- * of uint32_t, placing the first byte in the most significant byte of the
- * first uint32_t word.
- *
- * The number of bytes in the input stream MUST be at least 4 times the
- * number of words expected in the output array.
- */
-
-void
-ntru_crypto_msbyte_2_uint32(
- uint32_t *words, // out - pointer to the output uint32_t array
- uint8_t const *bytes, // in - pointer to the input byte array
- uint32_t n) // in - number of words in the output array
-{
- uint32_t i;
-
- for (i = 0; i < n; i++) {
- words[i] = ((uint32_t) (*bytes++)) << 24;
- words[i] |= ((uint32_t) (*bytes++)) << 16;
- words[i] |= ((uint32_t) (*bytes++)) << 8;
- words[i] |= (uint32_t) (*bytes++);
- }
-}
-
-
-/* ntru_crypto_uint32_2_msbyte()
- *
- * This routine converts an array of uint32_t to an array of bytes in
- * network byte order, placing the most significant byte of the first uint32_t
- * word as the first byte of the output array.
- *
- * The number of bytes in the output stream will be 4 times the number of words
- * specified in the input array.
- */
-
-void
-ntru_crypto_uint32_2_msbyte(
- uint8_t *bytes, // out - pointer to the output byte array
- uint32_t const *words, // in - pointer to the input uint32_t array
- uint32_t n) // in - number of words in the input array
-{
- uint32_t i;
-
- for (i = 0; i < n; i++) {
- *bytes++ = (uint8_t) (words[i] >> 24);
- *bytes++ = (uint8_t) (words[i] >> 16);
- *bytes++ = (uint8_t) (words[i] >> 8);
- *bytes++ = (uint8_t) (words[i] );
- }
-}
-
-
+++ /dev/null
-/******************************************************************************
- * NTRU Cryptography Reference Source Code
- * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
- *
- * ntru_crypto_msbyte_uint32.h is a component of ntru-crypto.
- *
- * Copyright (C) 2009-2013 Security Innovation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- *****************************************************************************/
-
-/******************************************************************************
- *
- * File: ntru_crypto_msbyte_uint32.h
- *
- * Contents: Definitions and declarations for converting between a most-
- * significant-first byte stream and a uint32_t array.
- *
- *****************************************************************************/
-
-#ifndef NTRU_CRYPTO_MSBYTE_UINT32_H
-#define NTRU_CRYPTO_MSBYTE_UINT32_H
-
-
-#include <library.h>
-
-
-/* ntru_crypto_msbyte_2_uint32()
- *
- * This routine converts an array of bytes in network byte order to an array
- * of uint32_t, placing the first byte in the most significant byte of the
- * first uint32_t word.
- *
- * The number of bytes in the input stream MUST be at least 4 times the
- * number of words expected in the output array.
- */
-
-extern void
-ntru_crypto_msbyte_2_uint32(
- uint32_t *words, // out - pointer to the output uint32_t array
- uint8_t const *bytes, // in - pointer to the input byte array
- uint32_t n); // in - number of words in the output array
-
-
-/* ntru_crypto_uint32_2_msbyte()
- *
- * This routine converts an array of uint32_t to an array of bytes in
- * network byte order, placing the most significant byte of the first uint32_t
- * word as the first byte of the output array.
- *
- * The number of bytes in the output stream will be 4 times the number of words
- * specified in the input array.
- */
-
-extern void
-ntru_crypto_uint32_2_msbyte(
- uint8_t *bytes, // out - pointer to the output byte array
- uint32_t const *words, // in - pointer to the input uint32_t array
- uint32_t n); // in - number of words in the input array
-
-
-#endif /* NTRU_CRYPTO_MSBYTE_UINT32_H */
uint8_t *b_buf = NULL;
uint8_t *tmp_buf = NULL;
bool msg_rep_good = FALSE;
- NTRU_CRYPTO_HASH_ALGID hash_algid;
+ hash_algorithm_t hash_algid;
uint8_t md_len;
uint16_t mprime_len = 0;
uint16_t mod_q_mask;
b_buf = (uint8_t *)(r_buf + (dr << 1));
tmp_buf = (uint8_t *)scratch_buf;
- /* set hash algorithm based on security strength */
-
- if (params->sec_strength_len <= 20) {
- hash_algid = NTRU_CRYPTO_HASH_ALGID_SHA1;
- md_len = 20;
- } else {
- hash_algid = NTRU_CRYPTO_HASH_ALGID_SHA256;
- md_len = 32;
- }
+ /* set hash algorithm based on security strength */
+ if (params->sec_strength_len <= 20)
+ {
+ hash_algid = HASH_SHA1;
+ md_len = 20;
+ }
+ else
+ {
+ hash_algid = HASH_SHA256;
+ md_len = 32;
+ }
/* set constants */
uint8_t *Mtrin_buf = NULL;
uint8_t *M_buf = NULL;
uint8_t *ptr = NULL;
- NTRU_CRYPTO_HASH_ALGID hash_algid;
+ hash_algorithm_t hash_algid;
uint8_t md_len;
uint16_t cmprime_len;
uint16_t mod_q_mask;
Mtrin_buf = (uint8_t *)ringel_buf1;
M_buf = Mtrin_buf + params->N;
- /* set hash algorithm based on security strength */
-
- if (params->sec_strength_len <= 20) {
- hash_algid = NTRU_CRYPTO_HASH_ALGID_SHA1;
- md_len = 20;
- } else {
- hash_algid = NTRU_CRYPTO_HASH_ALGID_SHA256;
- md_len = 32;
+ /* set hash algorithm based on security strength */
+ if (params->sec_strength_len <= 20)
+ {
+ hash_algid = HASH_SHA1;
+ md_len = 20;
+ }
+ else
+ {
+ hash_algid = HASH_SHA256;
+ md_len = 32;
}
/* set constants */
uint16_t *F_buf = NULL;
uint8_t *tmp_buf = NULL;
uint16_t mod_q_mask;
- NTRU_CRYPTO_HASH_ALGID hash_algid;
+ hash_algorithm_t hash_algid;
uint8_t md_len;
uint16_t seed_len;
uint32_t result = NTRU_OK;
F_buf = ringel_buf2 + params->N;
tmp_buf = (uint8_t *)scratch_buf;
- /* set hash algorithm and seed length based on security strength */
-
- if (params->sec_strength_len <= 20) {
- hash_algid = NTRU_CRYPTO_HASH_ALGID_SHA1;
- md_len = 20;
- } else {
- hash_algid = NTRU_CRYPTO_HASH_ALGID_SHA256;
- md_len = 32;
- }
- seed_len = params->sec_strength_len + 8;
+ /* set hash algorithm and seed length based on security strength */
+ if (params->sec_strength_len <= 20)
+ {
+ hash_algid = HASH_SHA1;
+ md_len = 20;
+ }
+ else
+ {
+ hash_algid = HASH_SHA256;
+ md_len = 32;
+ }
+ seed_len = params->sec_strength_len + 8;
/* set constants */
#define NTRU_CRYPTO_NTRU_ENCRYPT_PARAM_SETS_H
#include "ntru_crypto.h"
-#include "ntru_crypto_hash_basics.h"
-
/* structures */
ntru_encrypt_get_params_with_OID(
uint8_t const *oid); /* in - pointer to parameter-set OID */
-
-/* ntru_encrypt_get_params_with_DER_id
- *
- * Looks up a set of NTRUEncrypt parameters based on the DER id of the
- * parameter set.
- *
- * Returns a pointer to the parameter set parameters if successful.
- * Returns NULL if the parameter set cannot be found.
- */
-
-extern NTRU_ENCRYPT_PARAM_SET *
-ntru_encrypt_get_params_with_DER_id(
- uint8_t der_id); /* in - parameter-set DER id */
-
-
#endif /* NTRU_CRYPTO_NTRU_ENCRYPT_PARAM_SETS_H */
uint32_t
ntru_mgf1(
- uint8_t *state, /* in/out - pointer to the state */
- NTRU_CRYPTO_HASH_ALGID algid, /* in - hash algorithm ID */
- uint8_t md_len, /* in - no. of octets in digest */
- uint8_t num_calls, /* in - no. of hash calls */
- uint16_t seed_len, /* in - no. of octets in seed */
- uint8_t const *seed, /* in - pointer to seed */
- uint8_t *out) /* out - address for output */
+ uint8_t *state, /* in/out - pointer to the state */
+ hash_algorithm_t hash_algid, /* in - hash algorithm ID */
+ uint8_t md_len, /* in - no. of octets in digest */
+ uint8_t num_calls, /* in - no. of hash calls */
+ uint16_t seed_len, /* in - no. of octets in seed */
+ uint8_t *seed, /* in - pointer to seed */
+ uint8_t *out) /* out - address for output */
{
- uint8_t *ctr = state + md_len;
- uint32_t retcode;
-
- assert(state);
- assert(out);
-
- /* if seed present, init state */
-
- if (seed) {
- if ((retcode = ntru_crypto_hash_digest(algid, seed, seed_len, state)) !=
- NTRU_CRYPTO_HASH_OK)
- return retcode;
- memset(ctr, 0, 4);
- }
-
- /* generate output */
-
- while (num_calls-- > 0) {
- if ((retcode = ntru_crypto_hash_digest(algid, state, md_len + 4,
- out)) !=
- NTRU_CRYPTO_HASH_OK)
- return retcode;
- out += md_len;
-
- /* increment counter */
-
- if (++ctr[3] == 0)
- if (++ctr[2] == 0)
- if (++ctr[1] == 0)
- ++ctr[0];
+ uint8_t *ctr = state + md_len;
+ hasher_t *hasher;
+
+ assert(state);
+ assert(out);
+
+ hasher = lib->crypto->create_hasher(lib->crypto, hash_algid);
+ if (!hasher)
+ {
+ NTRU_RET(NTRU_FAIL);
+ }
+
+ /* if seed present, init state */
+ if (seed)
+ {
+ if (!hasher->get_hash(hasher, chunk_create(seed, seed_len), state))
+ {
+ hasher->destroy(hasher);
+ NTRU_RET(NTRU_FAIL);
+ }
+ memset(ctr, 0, 4);
+ }
+
+ /* generate output */
+ while (num_calls-- > 0)
+ {
+ if (!hasher->get_hash(hasher, chunk_create(state, md_len + 4), out))
+ {
+ hasher->destroy(hasher);
+ NTRU_RET(NTRU_FAIL);
+ }
+ out += md_len;
+
+ /* increment counter */
+ if (++ctr[3] == 0)
+ {
+ if (++ctr[2] == 0)
+ {
+ if (++ctr[1] == 0)
+ {
+ ++ctr[0];
+ }
+ }
+ }
}
+ hasher->destroy(hasher);
NTRU_RET(NTRU_OK);
}
uint32_t
ntru_mgftp1(
- NTRU_CRYPTO_HASH_ALGID hash_algid, /* in - hash alg ID for
+ hash_algorithm_t hash_algid, /* in - hash alg ID for
MGF-TP-1 */
- uint8_t md_len, /* in - no. of octets in
+ uint8_t md_len, /* in - no. of octets in
digest */
- uint8_t min_calls, /* in - minimum no. of hash
+ uint8_t min_calls, /* in - minimum no. of hash
calls */
- uint16_t seed_len, /* in - no. of octets in seed */
- uint8_t *seed, /* in - pointer to seed */
- uint8_t *buf, /* in - pointer to working
+ uint16_t seed_len, /* in - no. of octets in seed */
+ uint8_t *seed, /* in - pointer to seed */
+ uint8_t *buf, /* in - pointer to working
buffer */
- uint16_t num_trits_needed, /* in - no. of trits in mask */
- uint8_t *mask) /* out - address for mask trits */
+ uint16_t num_trits_needed, /* in - no. of trits in mask */
+ uint8_t *mask) /* out - address for mask trits */
{
- uint8_t *mgf_out;
- uint8_t *octets;
- uint16_t octets_available;
- uint32_t retcode;
-
- assert(seed);
- assert(buf);
- assert(mask);
-
- /* generate minimum MGF1 output */
-
- mgf_out = buf + md_len + 4;
- if ((retcode = ntru_mgf1(buf, hash_algid, md_len, min_calls,
+ uint8_t *mgf_out;
+ uint8_t *octets;
+ uint16_t octets_available;
+ uint32_t retcode;
+
+ assert(seed);
+ assert(buf);
+ assert(mask);
+
+ /* generate minimum MGF1 output */
+ mgf_out = buf + md_len + 4;
+ if ((retcode = ntru_mgf1(buf, hash_algid, md_len, min_calls,
seed_len, seed, mgf_out)) != NTRU_OK)
- return retcode;
- octets = mgf_out;
- octets_available = min_calls * md_len;
-
- /* get trits for mask */
-
- while (num_trits_needed >= 5) {
-
- /* get another octet and convert it to 5 trits */
-
- if (octets_available == 0) {
- if ((retcode = ntru_mgf1(buf, hash_algid, md_len, 1,
+ {
+ return retcode;
+ }
+ octets = mgf_out;
+ octets_available = min_calls * md_len;
+
+ /* get trits for mask */
+ while (num_trits_needed >= 5)
+ {
+ /* get another octet and convert it to 5 trits */
+ if (octets_available == 0)
+ {
+ if ((retcode = ntru_mgf1(buf, hash_algid, md_len, 1,
0, NULL, mgf_out)) != NTRU_OK)
- return retcode;
- octets = mgf_out;
- octets_available = md_len;
- }
-
- if (*octets < 243) {
- ntru_octet_2_trits(*octets, mask);
- mask += 5;
- num_trits_needed -= 5;
- }
- octets++;
- --octets_available;
- }
-
- /* get any remaining trits */
-
- while (num_trits_needed) {
- uint8_t trits[5];
-
- /* get another octet and convert it to remaining trits */
-
- if (octets_available == 0) {
- if ((retcode = ntru_mgf1(buf, hash_algid, md_len, 1,
+ {
+ return retcode;
+ }
+ octets = mgf_out;
+ octets_available = md_len;
+ }
+
+ if (*octets < 243)
+ {
+ ntru_octet_2_trits(*octets, mask);
+ mask += 5;
+ num_trits_needed -= 5;
+ }
+ octets++;
+ --octets_available;
+ }
+
+ /* get any remaining trits */
+ while (num_trits_needed)
+ {
+ uint8_t trits[5];
+
+ /* get another octet and convert it to remaining trits */
+ if (octets_available == 0)
+ {
+ if ((retcode = ntru_mgf1(buf, hash_algid, md_len, 1,
0, NULL, mgf_out)) != NTRU_OK)
- return retcode;
- octets = mgf_out;
- octets_available = md_len;
- }
- if (*octets < 243) {
- ntru_octet_2_trits(*octets, trits);
- memcpy(mask, trits, num_trits_needed);
- num_trits_needed = 0;
- } else {
- octets++;
- --octets_available;
- }
- }
-
- NTRU_RET(NTRU_OK);
+ {
+ return retcode;
+ }
+ octets = mgf_out;
+ octets_available = md_len;
+ }
+ if (*octets < 243)
+ {
+ ntru_octet_2_trits(*octets, trits);
+ memcpy(mask, trits, num_trits_needed);
+ num_trits_needed = 0;
+ }
+ else
+ {
+ octets++;
+ --octets_available;
+ }
+ }
+
+ NTRU_RET(NTRU_OK);
}
#include "ntru_crypto.h"
-#include "ntru_crypto_hash.h"
+#include <crypto/hashers/hasher.h>
/* function declarations */
extern uint32_t
ntru_mgf1(
uint8_t *state, /* in/out - pointer to the state */
- NTRU_CRYPTO_HASH_ALGID algid, /* in - hash algorithm ID */
+ hash_algorithm_t hash_algid, /* in - hash algorithm ID */
uint8_t md_len, /* in - no. of octets in digest */
uint8_t num_calls, /* in - no. of hash calls */
uint16_t seed_len, /* in - no. of octets in seed */
- uint8_t const *seed, /* in - pointer to seed */
+ uint8_t *seed, /* in - pointer to seed */
uint8_t *out); /* out - address for output */
extern uint32_t
ntru_mgftp1(
- NTRU_CRYPTO_HASH_ALGID hash_algid, /* in - hash alg ID for
+ hash_algorithm_t hash_algid, /* in - hash alg ID for
MGF-TP-1 */
uint8_t md_len, /* in - no. of octets in
digest */
uint32_t
ntru_gen_poly(
- NTRU_CRYPTO_HASH_ALGID hash_algid, /* in - hash algorithm ID for
+ hash_algorithm_t hash_algid, /* in - hash algorithm ID for
IGF-2 */
uint8_t md_len, /* in - no. of octets in digest */
uint8_t min_calls, /* in - minimum no. of hash
#include "ntru_crypto.h"
-#include "ntru_crypto_hash_basics.h"
+
+#include <crypto/hashers/hasher.h>
/* function declarations */
extern uint32_t
ntru_gen_poly(
- NTRU_CRYPTO_HASH_ALGID hash_algid, /* in - hash algorithm ID for
+ hash_algorithm_t hash_algid, /* in - hash algorithm ID for
IGF-2 */
uint8_t md_len, /* in - no. of octets in digest */
uint8_t min_calls, /* in - minimum no. of hash
+++ /dev/null
-/******************************************************************************
- * NTRU Cryptography Reference Source Code
- * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
- *
- * ntru_crypto_sha.h is a component of ntru-crypto.
- *
- * Copyright (C) 2009-2013 Security Innovation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- *****************************************************************************/
-
-/******************************************************************************
- *
- * File: ntru_crypto_sha.h
- *
- * Contents: Definitions and declarations common to all SHA hash algorithms.
- *
- *****************************************************************************/
-
-#ifndef NTRU_CRYPTO_SHA_H
-#define NTRU_CRYPTO_SHA_H
-
-
-#include "ntru_crypto_error.h"
-#include "ntru_crypto_hash_basics.h"
-
-
-/***************
- * error codes *
- ***************/
-
-#define SHA_OK ((uint32_t)NTRU_CRYPTO_HASH_OK)
-#define SHA_FAIL ((uint32_t)NTRU_CRYPTO_HASH_FAIL)
-#define SHA_BAD_PARAMETER ((uint32_t)NTRU_CRYPTO_HASH_BAD_PARAMETER)
-#define SHA_OVERFLOW ((uint32_t)NTRU_CRYPTO_HASH_OVERFLOW)
-
-#define SHA_RESULT(r) ((uint32_t)((r) ? SHA_ERROR_BASE + (r) : (r)))
-#define SHA_RET(r) return SHA_RESULT(r);
-
-
-/*********
- * flags *
- *********/
-
-#define SHA_DATA_ONLY HASH_DATA_ONLY
-#define SHA_INIT HASH_INIT
-#define SHA_FINISH HASH_FINISH
-#define SHA_ZERO_PAD HASH_ZERO_PAD
-
-
-#endif /* NTRU_CRYPTO_SHA_H */
-
+++ /dev/null
-/******************************************************************************
- * NTRU Cryptography Reference Source Code
- * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
- *
- * ntru_crypto_ntru_crypto_sha1.c is a component of ntru-crypto.
- *
- * Copyright (C) 2009-2013 Security Innovation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- *****************************************************************************/
-
-/******************************************************************************
- *
- * File: ntru_crypto_sha1.c
- *
- * Contents: Routines implementing the SHA-1 hash calculation.
- *
- *****************************************************************************/
-
-
-#include <stdlib.h>
-#include <string.h>
-#include "ntru_crypto_sha1.h"
-#include "ntru_crypto_msbyte_uint32.h"
-
-
-/* chaining state elements */
-
-#define H0 state[0]
-#define H1 state[1]
-#define H2 state[2]
-#define H3 state[3]
-#define H4 state[4]
-
-
-/* standard SHA-1 initialization values */
-
-#define H0_INIT 0x67452301UL
-#define H1_INIT 0xefcdab89UL
-#define H2_INIT 0x98badcfeUL
-#define H3_INIT 0x10325476UL
-#define H4_INIT 0xc3d2e1f0UL
-
-
-/* sha1_blk()
- *
- * This routine updates the current hash output (chaining state)
- * by performing SHA-1 on a 512-bit block of data represented as sixteen
- * 32-bit words.
- */
-
-#define K00_19 0x5a827999UL
-#define K20_39 0x6ed9eba1UL
-#define K40_59 0x8f1bbcdcUL
-#define K60_79 0xca62c1d6UL
-
-#define RL(a, n) ( ((a) << (n)) | ((a) >> (32 - (n))) )
-
-
-static void
-sha1_blk(
- uint32_t const *data, // in - ptr to 16 32-bit word input block
- uint32_t *state) // in/out - ptr to 5 32-bit word chaining state
-{
- uint32_t A, B, C, D, E;
- uint32_t w[16];
-
- /* init A - E */
-
- A = H0; B = H1; C = H2; D = H3; E = H4;
-
- /* rounds 0 - 15 */
-
- E += RL(A, 5) + K00_19 + (B & (C ^ D) ^ D) + data[ 0]; B = RL(B, 30);
- D += RL(E, 5) + K00_19 + (A & (B ^ C) ^ C) + data[ 1]; A = RL(A, 30);
- C += RL(D, 5) + K00_19 + (E & (A ^ B) ^ B) + data[ 2]; E = RL(E, 30);
- B += RL(C, 5) + K00_19 + (D & (E ^ A) ^ A) + data[ 3]; D = RL(D, 30);
- A += RL(B, 5) + K00_19 + (C & (D ^ E) ^ E) + data[ 4]; C = RL(C, 30);
- E += RL(A, 5) + K00_19 + (B & (C ^ D) ^ D) + data[ 5]; B = RL(B, 30);
- D += RL(E, 5) + K00_19 + (A & (B ^ C) ^ C) + data[ 6]; A = RL(A, 30);
- C += RL(D, 5) + K00_19 + (E & (A ^ B) ^ B) + data[ 7]; E = RL(E, 30);
- B += RL(C, 5) + K00_19 + (D & (E ^ A) ^ A) + data[ 8]; D = RL(D, 30);
- A += RL(B, 5) + K00_19 + (C & (D ^ E) ^ E) + data[ 9]; C = RL(C, 30);
- E += RL(A, 5) + K00_19 + (B & (C ^ D) ^ D) + data[10]; B = RL(B, 30);
- D += RL(E, 5) + K00_19 + (A & (B ^ C) ^ C) + data[11]; A = RL(A, 30);
- C += RL(D, 5) + K00_19 + (E & (A ^ B) ^ B) + data[12]; E = RL(E, 30);
- B += RL(C, 5) + K00_19 + (D & (E ^ A) ^ A) + data[13]; D = RL(D, 30);
- A += RL(B, 5) + K00_19 + (C & (D ^ E) ^ E) + data[14]; C = RL(C, 30);
- E += RL(A, 5) + K00_19 + (B & (C ^ D) ^ D) + data[15]; B = RL(B, 30);
-
- /* rounds 16 - 19 */
-
- w[ 0] = data[ 0] ^ data[ 2] ^ data[ 8] ^ data[13]; w[ 0] = RL(w[0], 1);
- D += RL(E, 5) + K00_19 + (A & (B ^ C) ^ C) + w[ 0]; A = RL(A, 30);
- w[ 1] = data[ 1] ^ data[ 3] ^ data[ 9] ^ data[14]; w[ 1] = RL(w[1], 1);
- C += RL(D, 5) + K00_19 + (E & (A ^ B) ^ B) + w[ 1]; E = RL(E, 30);
- w[ 2] = data[ 2] ^ data[ 4] ^ data[10] ^ data[15]; w[ 2] = RL(w[ 2], 1);
- B += RL(C, 5) + K00_19 + (D & (E ^ A) ^ A) + w[ 2]; D = RL(D, 30);
- w[ 3] = data[ 3] ^ data[ 5] ^ data[11] ^ w[ 0]; w[ 3] = RL(w[ 3], 1);
- A += RL(B, 5) + K00_19 + (C & (D ^ E) ^ E) + w[ 3]; C = RL(C, 30);
-
- /* rounds 20 - 39 */
-
- w[ 4] = data[ 4] ^ data[ 6] ^ data[12] ^ w[ 1]; w[ 4] = RL(w[ 4], 1);
- E += RL(A, 5) + K20_39 + (B ^ C ^ D) + w[ 4]; B = RL(B, 30);
- w[ 5] = data[ 5] ^ data[ 7] ^ data[13] ^ w[ 2]; w[ 5] = RL(w[ 5], 1);
- D += RL(E, 5) + K20_39 + (A ^ B ^ C) + w[ 5]; A = RL(A, 30);
- w[ 6] = data[ 6] ^ data[ 8] ^ data[14] ^ w[ 3]; w[ 6] = RL(w[ 6], 1);
- C += RL(D, 5) + K20_39 + (E ^ A ^ B) + w[ 6]; E = RL(E, 30);
- w[ 7] = data[ 7] ^ data[ 9] ^ data[15] ^ w[ 4]; w[ 7] = RL(w[ 7], 1);
- B += RL(C, 5) + K20_39 + (D ^ E ^ A) + w[ 7]; D = RL(D, 30);
- w[ 8] = data[ 8] ^ data[10] ^ w[ 0] ^ w[ 5]; w[ 8] = RL(w[ 8], 1);
- A += RL(B, 5) + K20_39 + (C ^ D ^ E) + w[ 8]; C = RL(C, 30);
- w[ 9] = data[ 9] ^ data[11] ^ w[ 1] ^ w[ 6]; w[ 9] = RL(w[ 9], 1);
- E += RL(A, 5) + K20_39 + (B ^ C ^ D) + w[ 9]; B = RL(B, 30);
- w[10] = data[10] ^ data[12] ^ w[ 2] ^ w[ 7]; w[10] = RL(w[10], 1);
- D += RL(E, 5) + K20_39 + (A ^ B ^ C) + w[10]; A = RL(A, 30);
- w[11] = data[11] ^ data[13] ^ w[ 3] ^ w[ 8]; w[11] = RL(w[11], 1);
- C += RL(D, 5) + K20_39 + (E ^ A ^ B) + w[11]; E = RL(E, 30);
- w[12] = data[12] ^ data[14] ^ w[ 4] ^ w[ 9]; w[12] = RL(w[12], 1);
- B += RL(C, 5) + K20_39 + (D ^ E ^ A) + w[12]; D = RL(D, 30);
- w[13] = data[13] ^ data[15] ^ w[ 5] ^ w[10]; w[13] = RL(w[13], 1);
- A += RL(B, 5) + K20_39 + (C ^ D ^ E) + w[13]; C = RL(C, 30);
- w[14] = data[14] ^ w[ 0] ^ w[ 6] ^ w[11]; w[14] = RL(w[14], 1);
- E += RL(A, 5) + K20_39 + (B ^ C ^ D) + w[14]; B = RL(B, 30);
- w[15] = data[15] ^ w[ 1] ^ w[ 7] ^ w[12]; w[15] = RL(w[15], 1);
- D += RL(E, 5) + K20_39 + (A ^ B ^ C) + w[15]; A = RL(A, 30);
- w[ 0] = w[ 0] ^ w[ 2] ^ w[ 8] ^ w[13]; w[ 0] = RL(w[ 0], 1);
- C += RL(D, 5) + K20_39 + (E ^ A ^ B) + w[ 0]; E = RL(E, 30);
- w[ 1] = w[ 1] ^ w[ 3] ^ w[ 9] ^ w[14]; w[ 1] = RL(w[ 1], 1);
- B += RL(C, 5) + K20_39 + (D ^ E ^ A) + w[ 1]; D = RL(D, 30);
- w[ 2] = w[ 2] ^ w[ 4] ^ w[10] ^ w[15]; w[ 2] = RL(w[ 2], 1);
- A += RL(B, 5) + K20_39 + (C ^ D ^ E) + w[ 2]; C = RL(C, 30);
- w[ 3] = w[ 3] ^ w[ 5] ^ w[11] ^ w[ 0]; w[ 3] = RL(w[ 3], 1);
- E += RL(A, 5) + K20_39 + (B ^ C ^ D) + w[ 3]; B = RL(B, 30);
- w[ 4] = w[ 4] ^ w[ 6] ^ w[12] ^ w[ 1]; w[ 4] = RL(w[ 4], 1);
- D += RL(E, 5) + K20_39 + (A ^ B ^ C) + w[ 4]; A = RL(A, 30);
- w[ 5] = w[ 5] ^ w[ 7] ^ w[13] ^ w[ 2]; w[ 5] = RL(w[ 5], 1);
- C += RL(D, 5) + K20_39 + (E ^ A ^ B) + w[ 5]; E = RL(E, 30);
- w[ 6] = w[ 6] ^ w[ 8] ^ w[14] ^ w[ 3]; w[ 6] = RL(w[ 6], 1);
- B += RL(C, 5) + K20_39 + (D ^ E ^ A) + w[ 6]; D = RL(D, 30);
- w[ 7] = w[ 7] ^ w[ 9] ^ w[15] ^ w[ 4]; w[ 7] = RL(w[ 7], 1);
- A += RL(B, 5) + K20_39 + (C ^ D ^ E) + w[ 7]; C = RL(C, 30);
-
- /* rounds 40 - 59 */
-
- w[ 8] = w[ 8] ^ w[10] ^ w[ 0] ^ w[ 5]; w[ 8] = RL(w[ 8], 1);
- E += RL(A, 5) + K40_59 + ((B & C) | (D & (B | C))) + w[ 8]; B = RL(B, 30);
- w[ 9] = w[ 9] ^ w[11] ^ w[ 1] ^ w[ 6]; w[ 9] = RL(w[ 9], 1);
- D += RL(E, 5) + K40_59 + ((A & B) | (C & (A | B))) + w[ 9]; A = RL(A, 30);
- w[10] = w[10] ^ w[12] ^ w[ 2] ^ w[ 7]; w[10] = RL(w[10], 1);
- C += RL(D, 5) + K40_59 + ((E & A) | (B & (E | A))) + w[10]; E = RL(E, 30);
- w[11] = w[11] ^ w[13] ^ w[ 3] ^ w[ 8]; w[11] = RL(w[11], 1);
- B += RL(C, 5) + K40_59 + ((D & E) | (A & (D | E))) + w[11]; D = RL(D, 30);
- w[12] = w[12] ^ w[14] ^ w[ 4] ^ w[ 9]; w[12] = RL(w[12], 1);
- A += RL(B, 5) + K40_59 + ((C & D) | (E & (C | D))) + w[12]; C = RL(C, 30);
- w[13] = w[13] ^ w[15] ^ w[ 5] ^ w[10]; w[13] = RL(w[13], 1);
- E += RL(A, 5) + K40_59 + ((B & C) | (D & (B | C))) + w[13]; B = RL(B, 30);
- w[14] = w[14] ^ w[ 0] ^ w[ 6] ^ w[11]; w[14] = RL(w[14], 1);
- D += RL(E, 5) + K40_59 + ((A & B) | (C & (A | B))) + w[14]; A = RL(A, 30);
- w[15] = w[15] ^ w[ 1] ^ w[ 7] ^ w[12]; w[15] = RL(w[15], 1);
- C += RL(D, 5) + K40_59 + ((E & A) | (B & (E | A))) + w[15]; E = RL(E, 30);
- w[ 0] = w[ 0] ^ w[ 2] ^ w[ 8] ^ w[13]; w[ 0] = RL(w[ 0], 1);
- B += RL(C, 5) + K40_59 + ((D & E) | (A & (D | E))) + w[ 0]; D = RL(D, 30);
- w[ 1] = w[ 1] ^ w[ 3] ^ w[ 9] ^ w[14]; w[ 1] = RL(w[ 1], 1);
- A += RL(B, 5) + K40_59 + ((C & D) | (E & (C | D))) + w[ 1]; C = RL(C, 30);
- w[ 2] = w[ 2] ^ w[ 4] ^ w[10] ^ w[15]; w[ 2] = RL(w[ 2], 1);
- E += RL(A, 5) + K40_59 + ((B & C) | (D & (B | C))) + w[ 2]; B = RL(B, 30);
- w[ 3] = w[ 3] ^ w[ 5] ^ w[11] ^ w[ 0]; w[ 3] = RL(w[ 3], 1);
- D += RL(E, 5) + K40_59 + ((A & B) | (C & (A | B))) + w[ 3]; A = RL(A, 30);
- w[ 4] = w[ 4] ^ w[ 6] ^ w[12] ^ w[ 1]; w[ 4] = RL(w[ 4], 1);
- C += RL(D, 5) + K40_59 + ((E & A) | (B & (E | A))) + w[ 4]; E = RL(E, 30);
- w[ 5] = w[ 5] ^ w[ 7] ^ w[13] ^ w[ 2]; w[ 5] = RL(w[ 5], 1);
- B += RL(C, 5) + K40_59 + ((D & E) | (A & (D | E))) + w[ 5]; D = RL(D, 30);
- w[ 6] = w[ 6] ^ w[ 8] ^ w[14] ^ w[ 3]; w[ 6] = RL(w[ 6], 1);
- A += RL(B, 5) + K40_59 + ((C & D) | (E & (C | D))) + w[ 6]; C = RL(C, 30);
- w[ 7] = w[ 7] ^ w[ 9] ^ w[15] ^ w[ 4]; w[ 7] = RL(w[ 7], 1);
- E += RL(A, 5) + K40_59 + ((B & C) | (D & (B | C))) + w[ 7]; B = RL(B, 30);
- w[ 8] = w[ 8] ^ w[10] ^ w[ 0] ^ w[ 5]; w[ 8] = RL(w[ 8], 1);
- D += RL(E, 5) + K40_59 + ((A & B) | (C & (A | B))) + w[ 8]; A = RL(A, 30);
- w[ 9] = w[ 9] ^ w[11] ^ w[ 1] ^ w[ 6]; w[ 9] = RL(w[ 9], 1);
- C += RL(D, 5) + K40_59 + ((E & A) | (B & (E | A))) + w[ 9]; E = RL(E, 30);
- w[10] = w[10] ^ w[12] ^ w[ 2] ^ w[ 7]; w[10] = RL(w[10], 1);
- B += RL(C, 5) + K40_59 + ((D & E) | (A & (D | E))) + w[10]; D = RL(D, 30);
- w[11] = w[11] ^ w[13] ^ w[ 3] ^ w[ 8]; w[11] = RL(w[11], 1);
- A += RL(B, 5) + K40_59 + ((C & D) | (E & (C | D))) + w[11]; C = RL(C, 30);
-
- /* rounds 60 - 79 */
-
- w[12] = w[12] ^ w[14] ^ w[ 4] ^ w[ 9]; w[12] = RL(w[12], 1);
- E += RL(A, 5) + K60_79 + (B ^ C ^ D) + w[12]; B = RL(B, 30);
- w[13] = w[13] ^ w[15] ^ w[ 5] ^ w[10]; w[13] = RL(w[13], 1);
- D += RL(E, 5) + K60_79 + (A ^ B ^ C) + w[13]; A = RL(A, 30);
- w[14] = w[14] ^ w[ 0] ^ w[ 6] ^ w[11]; w[14] = RL(w[14], 1);
- C += RL(D, 5) + K60_79 + (E ^ A ^ B) + w[14]; E = RL(E, 30);
- w[15] = w[15] ^ w[ 1] ^ w[ 7] ^ w[12]; w[15] = RL(w[15], 1);
- B += RL(C, 5) + K60_79 + (D ^ E ^ A) + w[15]; D = RL(D, 30);
- w[ 0] = w[ 0] ^ w[ 2] ^ w[ 8] ^ w[13]; w[ 0] = RL(w[ 0], 1);
- A += RL(B, 5) + K60_79 + (C ^ D ^ E) + w[ 0]; C = RL(C, 30);
- w[ 1] = w[ 1] ^ w[ 3] ^ w[ 9] ^ w[14]; w[ 1] = RL(w[ 1], 1);
- E += RL(A, 5) + K60_79 + (B ^ C ^ D) + w[ 1]; B = RL(B, 30);
- w[ 2] = w[ 2] ^ w[ 4] ^ w[10] ^ w[15]; w[ 2] = RL(w[ 2], 1);
- D += RL(E, 5) + K60_79 + (A ^ B ^ C) + w[ 2]; A = RL(A, 30);
- w[ 3] = w[ 3] ^ w[ 5] ^ w[11] ^ w[ 0]; w[ 3] = RL(w[ 3], 1);
- C += RL(D, 5) + K60_79 + (E ^ A ^ B) + w[ 3]; E = RL(E, 30);
- w[ 4] = w[ 4] ^ w[ 6] ^ w[12] ^ w[ 1]; w[ 4] = RL(w[ 4], 1);
- B += RL(C, 5) + K60_79 + (D ^ E ^ A) + w[ 4]; D = RL(D, 30);
- w[ 5] = w[ 5] ^ w[ 7] ^ w[13] ^ w[ 2]; w[ 5] = RL(w[ 5], 1);
- A += RL(B, 5) + K60_79 + (C ^ D ^ E) + w[ 5]; C = RL(C, 30);
- w[ 6] = w[ 6] ^ w[ 8] ^ w[14] ^ w[ 3]; w[ 6] = RL(w[ 6], 1);
- E += RL(A, 5) + K60_79 + (B ^ C ^ D) + w[ 6]; B = RL(B, 30);
- w[ 7] = w[ 7] ^ w[ 9] ^ w[15] ^ w[ 4]; w[ 7] = RL(w[ 7], 1);
- D += RL(E, 5) + K60_79 + (A ^ B ^ C) + w[ 7]; A = RL(A, 30);
- w[ 8] = w[ 8] ^ w[10] ^ w[ 0] ^ w[ 5]; w[ 8] = RL(w[ 8], 1);
- C += RL(D, 5) + K60_79 + (E ^ A ^ B) + w[ 8]; E = RL(E, 30);
- w[ 9] = w[ 9] ^ w[11] ^ w[ 1] ^ w[ 6]; w[ 9] = RL(w[ 9], 1);
- B += RL(C, 5) + K60_79 + (D ^ E ^ A) + w[ 9]; D = RL(D, 30);
- w[10] = w[10] ^ w[12] ^ w[ 2] ^ w[ 7]; w[10] = RL(w[10], 1);
- A += RL(B, 5) + K60_79 + (C ^ D ^ E) + w[10]; C = RL(C, 30);
- w[11] = w[11] ^ w[13] ^ w[ 3] ^ w[ 8]; w[11] = RL(w[11], 1);
- E += RL(A, 5) + K60_79 + (B ^ C ^ D) + w[11]; B = RL(B, 30);
- w[12] = w[12] ^ w[14] ^ w[ 4] ^ w[ 9]; w[12] = RL(w[12], 1);
- D += RL(E, 5) + K60_79 + (A ^ B ^ C) + w[12]; A = RL(A, 30);
- w[13] = w[13] ^ w[15] ^ w[ 5] ^ w[10];
- C += RL(D, 5) + K60_79 + (E ^ A ^ B) + RL(w[13], 1); E = RL(E, 30);
- w[14] = w[14] ^ w[ 0] ^ w[ 6] ^ w[11];
- B += RL(C, 5) + K60_79 + (D ^ E ^ A) + RL(w[14], 1); D = RL(D, 30);
-
- /* update H0 - H4 */
-
- w[15] = w[15] ^ w[ 1] ^ w[ 7] ^ w[12];
- H0 += A + RL(B, 5) + K60_79 + (C ^ D ^ E) + RL(w[15], 1);
- H1 += B;
- H2 += RL(C, 30);
- H3 += D;
- H4 += E;
-
- /* clear temp variables */
-
- A = B = C = D = E = 0;
- memset(w, 0, sizeof(w));
-}
-
-
-/* ntru_crypto_sha1()
- *
- * This routine provides all operations for a SHA-1 hash, and the use
- * of SHA-1 for DSA signing and key generation.
- * It may be used to initialize, update, or complete a message digest,
- * or any combination of those actions, as determined by the SHA_INIT flag,
- * the in_len parameter, and the SHA_FINISH flag, respectively.
- *
- * When in_len == 0 (no data to hash), the parameter, in, may be NULL.
- * When the SHA_FINISH flag is not set, the parameter, md, may be NULL.
- *
- * Initialization may be standard or use a specified initialization vector,
- * and is indicated by setting the SHA_INIT flag.
- * Setting init = NULL specifies standard initialization. Otherwise, init
- * points to the array of five alternate initialization 32-bit words.
- *
- * The hash operation can be updated with any number of input bytes, including
- * zero.
- *
- * The hash operation can be completed with normal padding or with zero
- * padding as required for parts of DSA parameter generation, and is indicated
- * by setting the SHA_FINISH flag. Using zero padding, indicated by setting
- * the SHA_ZERO_PAD flag, never creates an extra input block because the
- * bit count is not included in the hashed data.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-uint32_t
-ntru_crypto_sha1(
- NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */
- uint32_t const *init, /* in - pointer to alternate */
- /* initialization - may be NULL */
- uint8_t const *in, /* in - pointer to input data -
- may be NULL if in_len == 0 */
- uint32_t in_len, /* in - number of input data bytes */
- uint32_t flags, /* in - INIT, FINISH, zero-pad flags */
- uint8_t *md) /* out - address for message digest -
- may be NULL if not FINISH */
-{
- uint32_t in_blk[16]; /* input block */
- uint32_t space;
- uint8_t *d = NULL;
-
- /* check error conditions */
-
- if (!c || (in_len && !in) || ((flags & SHA_FINISH) && !md))
- SHA_RET(SHA_BAD_PARAMETER)
-
- /* initialize context if requested */
-
- if (flags & SHA_INIT) {
-
- /* init chaining state */
-
- if (!init) {
- c->state[0] = H0_INIT; // standard initialization
- c->state[1] = H1_INIT;
- c->state[2] = H2_INIT;
- c->state[3] = H3_INIT;
- c->state[4] = H4_INIT;
- } else {
- c->state[0] = init[0]; // alternate initialization
- c->state[1] = init[1];
- c->state[2] = init[2];
- c->state[3] = init[3];
- c->state[4] = init[4];
- }
-
- /* init bit count and number of unhashed data bytes */
-
- c->num_bits_hashed[0] = 0;
- c->num_bits_hashed[1] = 0;
- c->unhashed_len = 0;
- }
-
- /* determine space left in unhashed data buffer */
-
- if (c->unhashed_len > 63)
- SHA_RET(SHA_FAIL)
-
- space = 64 - c->unhashed_len;
-
- /* process input if it exists */
-
- if (in_len) {
-
- /* update count of bits hashed */
-
- {
- uint32_t bits0, bits1;
-
- bits0 = in_len << 3;
- bits1 = in_len >> 29;
- if ((c->num_bits_hashed[0] += bits0) < bits0)
- bits1++;
- if ((c->num_bits_hashed[1] += bits1) < bits1) {
- memset((uint8_t *) c, 0, sizeof(NTRU_CRYPTO_SHA1_CTX));
- space = 0;
- memset((char *) in_blk, 0, sizeof(in_blk));
- SHA_RET(SHA_OVERFLOW)
- }
- }
-
- /* process input bytes */
-
- if (in_len < space) {
-
- /* input does not fill block buffer:
- * add input to buffer
- */
-
- memcpy(c->unhashed + c->unhashed_len, in, in_len);
- c->unhashed_len += in_len;
-
- } else {
- uint32_t blks;
-
- /* input will fill block buffer:
- * fill unhashed data buffer,
- * convert to block buffer,
- * and process block
- */
-
- in_len -= space;
- for (d = c->unhashed + c->unhashed_len; space; space--)
- *d++ = *in++;
- ntru_crypto_msbyte_2_uint32(in_blk, (uint8_t const *) c->unhashed,
- 16);
- sha1_blk((uint32_t const *) in_blk, c->state);
-
- /* process any remaining full blocks */
-
- for (blks = in_len >> 6; blks--; in += 64) {
- ntru_crypto_msbyte_2_uint32(in_blk, in, 16);
- sha1_blk((uint32_t const *) in_blk, c->state);
- }
-
- /* put any remaining input in the unhashed data buffer */
-
- in_len &= 0x3f;
- memcpy(c->unhashed, in, in_len);
- c->unhashed_len = in_len;
- }
- }
-
- /* complete message digest if requested */
-
- if (flags & SHA_FINISH) {
- space = 64 - c->unhashed_len;
-
- /* check padding type */
-
- if (!(flags & SHA_ZERO_PAD)) {
-
- /* add 0x80 padding byte to the unhashed data buffer
- * (there is always space since the buffer can't be full)
- */
-
- d = c->unhashed + c->unhashed_len;
- *d++ = 0x80;
- space--;
-
- /* check for space for bit count */
-
- if (space < 8) {
-
- /* no space for count:
- * fill remainder of unhashed data buffer with zeros,
- * convert to input block,
- * process block,
- * fill all but 8 bytes of unhashed data buffer with zeros
- */
-
- memset(d, 0, space);
- ntru_crypto_msbyte_2_uint32(in_blk,
- (uint8_t const *) c->unhashed, 16);
- sha1_blk((uint32_t const *) in_blk, c->state);
- memset(c->unhashed, 0, 56);
-
- } else {
-
- /* fill unhashed data buffer with zeros,
- * leaving space for bit count
- */
-
- for (space -= 8; space; space--)
- *d++ = 0;
- }
-
- /* convert partially filled unhashed data buffer to input block and
- * add bit count to input block
- */
-
- ntru_crypto_msbyte_2_uint32(in_blk, (uint8_t const *) c->unhashed,
- 14);
- in_blk[14] = c->num_bits_hashed[1];
- in_blk[15] = c->num_bits_hashed[0];
-
- } else {
-
- /* pad unhashed data buffer with zeros and no bit count and
- * convert to input block
- */
-
- memset(c->unhashed + c->unhashed_len, 0, space);
- ntru_crypto_msbyte_2_uint32(in_blk, (uint8_t const *) c->unhashed,
- 16);
- }
-
- /* process last block */
-
- sha1_blk((uint32_t const *) in_blk, c->state);
-
- /* copy result to message digest buffer */
-
- ntru_crypto_uint32_2_msbyte(md, c->state, 5);
-
- /* clear context and stack variables */
-
- memset((uint8_t *) c, 0, sizeof(NTRU_CRYPTO_SHA1_CTX));
- space = 0;
- memset((char *) in_blk, 0, sizeof(in_blk));
- }
-
- SHA_RET(SHA_OK)
-}
-
-
-/* ntru_crypto_sha1_init
- *
- * This routine performs standard initialization of the SHA-1 state.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- */
-
-uint32_t
-ntru_crypto_sha1_init(
- NTRU_CRYPTO_SHA1_CTX *c) /* in/out - pointer to SHA-1 context */
-{
- return ntru_crypto_sha1(c, NULL, NULL, 0, SHA_INIT, NULL);
-}
-
-
-/* ntru_crypto_sha1_update
- *
- * This routine processes input data and updates the SHA-1 hash calculation.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-uint32_t
-ntru_crypto_sha1_update(
- NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */
- uint8_t const *data, /* in - pointer to input data */
- uint32_t data_len) /* in - number of bytes of input data */
-{
- return ntru_crypto_sha1(c, NULL, data, data_len, SHA_DATA_ONLY, NULL);
-}
-
-
-/* ntru_crypto_sha1_final
- *
- * This routine completes the SHA-1 hash calculation and returns the
- * message digest.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-uint32_t
-ntru_crypto_sha1_final(
- NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */
- uint8_t *md) /* out - address for message digest */
-{
- return ntru_crypto_sha1(c, NULL, NULL, 0, SHA_FINISH, md);
-}
-
-
-/* ntru_crypto_sha1_final_zero_pad
- *
- * This routine completes the SHA-1 hash calculation using zero padding
- * and returns the message digest.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-uint32_t
-ntru_crypto_sha1_final_zero_pad(
- NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */
- uint8_t *md) /* out - address for message digest */
-{
- return ntru_crypto_sha1(c, NULL, NULL, 0, SHA_FINISH | SHA_ZERO_PAD, md);
-}
-
-
-/* ntru_crypto_sha1_digest
- *
- * This routine computes a SHA-1 message digest.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-uint32_t
-ntru_crypto_sha1_digest(
- uint8_t const *data, // in - pointer to input data
- uint32_t data_len, // in - number of bytes of input data
- uint8_t *md) // out - address for message digest
-{
- NTRU_CRYPTO_SHA1_CTX c;
-
- return ntru_crypto_sha1(&c, NULL, data, data_len, SHA_INIT | SHA_FINISH,
- md);
-}
-
+++ /dev/null
-/******************************************************************************
- * NTRU Cryptography Reference Source Code
- * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
- *
- * ntru_crypto_crypto_sha1.h is a component of ntru-crypto.
- *
- * Copyright (C) 2009-2013 Security Innovation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- *****************************************************************************/
-
-/******************************************************************************
- *
- * File: ntru_crypto_sha1.h
- *
- * Contents: Definitions and declarations for the SHA-1 implementation.
- *
- *****************************************************************************/
-
-#ifndef NTRU_CRYPTO_SHA1_H
-#define NTRU_CRYPTO_SHA1_H
-
-
-#include "ntru_crypto_sha.h"
-
-#include <library.h>
-
-/******************************************
- * macros needed for generic hash objects *
- ******************************************/
-
-#define SHA_1_CTX_LEN sizeof(SHA1_CTX) /* no. bytes in SHA-1
- ctx */
-#define SHA_1_BLK_LEN 64 /* 64 bytes in input
- block */
-#define SHA_1_MD_LEN 20 /* 20 bytes in msg
- digest */
-#define SHA_1_INIT_FN &ntru_crypto_sha1_init /* init function */
-#define SHA_1_UPDATE_FN &ntru_crypto_sha1_update /* update function */
-#define SHA_1_FINAL_FN &ntru_crypto_sha1_final /* final function */
-#define SHA_1_FINAL_ZERO_PAD_FN \
- &ntru_crypto_sha1_final_zero_pad
- /* final function using
- zero padding */
-#define SHA_1_DIGEST_FN &ntru_crypto_sha1_digest /* digest function */
-
-
-/*************************
- * structure definitions *
- *************************/
-
-/* SHA-1 context structure */
-
-typedef struct {
- uint32_t state[5]; // chaining state
- uint32_t num_bits_hashed[2]; // number of bits hashed
- uint8_t unhashed[64]; // input data not yet hashed
- uint32_t unhashed_len; // number of bytes of unhashed input data
-} NTRU_CRYPTO_SHA1_CTX;
-
-
-/*************************
- * function declarations *
- *************************/
-
-/* ntru_crypto_sha1()
- *
- * This routine provides all operations for a SHA-1 hash, and the use
- * of SHA-1 for DSA signing and key generation.
- * It may be used to initialize, update, or complete a message digest,
- * or any combination of those actions, as determined by the SHA_INIT flag,
- * the in_len parameter, and the SHA_FINISH flag, respectively.
- *
- * When in_len == 0 (no data to hash), the parameter, in, may be NULL.
- * When the SHA_FINISH flag is not set, the parameter, md, may be NULL.
- *
- * Initialization may be standard or use a specified initialization vector,
- * and is indicated by setting the SHA_INIT flag.
- * Setting init = NULL specifies standard initialization. Otherwise, init
- * points to the array of five alternate initialization 32-bit words.
- *
- * The hash operation can be updated with any number of input bytes, including
- * zero.
- *
- * The hash operation can be completed with normal padding or with zero
- * padding as required for parts of DSA parameter generation, and is indicated
- * by setting the SHA_FINISH flag. Using zero padding, indicated by setting
- * the SHA_ZERO_PAD flag, never creates an extra input block because the
- * bit count is not included in the hashed data.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-extern uint32_t
-ntru_crypto_sha1(
- NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */
- uint32_t const *init, /* in - pointer to alternate */
- /* initialization - may be NULL */
- uint8_t const *in, /* in - pointer to input data -
- may be NULL if in_len == 0 */
- uint32_t in_len, /* in - number of input data bytes */
- uint32_t flags, /* in - INIT, FINISH, zero-pad flags */
- uint8_t *md); /* out - address for message digest -
- may be NULL if not FINISH */
-
-
-/* ntru_crypto_sha1_init
- *
- * This routine performs standard initialization of the SHA-1 state.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- */
-
-extern uint32_t
-ntru_crypto_sha1_init(
- NTRU_CRYPTO_SHA1_CTX *c); /* in/out - pointer to SHA-1 context */
-
-
-/* ntru_crypto_sha1_update
- *
- * This routine processes input data and updates the SHA-1 hash calculation.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-extern uint32_t
-ntru_crypto_sha1_update(
- NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */
- uint8_t const *data, /* in - pointer to input data */
- uint32_t data_len); /* in - number of bytes of input data */
-
-
-/* ntru_crypto_sha1_final
- *
- * This routine completes the SHA-1 hash calculation and returns the
- * message digest.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-extern uint32_t
-ntru_crypto_sha1_final(
- NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */
- uint8_t *md); /* out - address for message digest */
-
-
-/* ntru_crypto_sha1_final_zero_pad
- *
- * This routine completes the SHA-1 hash calculation using zero padding
- * and returns the message digest.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-extern uint32_t
-ntru_crypto_sha1_final_zero_pad(
- NTRU_CRYPTO_SHA1_CTX *c, /* in/out - pointer to SHA-1 context */
- uint8_t *md); /* out - address for message digest */
-
-
-/* ntru_crypto_sha1_digest
- *
- * This routine computes a SHA-1 message digest.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-uint32_t
-ntru_crypto_sha1_digest(
- uint8_t const *data, /* in - pointer to input data */
- uint32_t data_len, /* in - number of bytes of input data */
- uint8_t *md); /* out - address for message digest */
-
-
-#endif /* NTRU_CRYPTO_SHA1_H */
+++ /dev/null
-/******************************************************************************
- * NTRU Cryptography Reference Source Code
- * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
- *
- * ntru_crypto_sha2.c is a component of ntru-crypto.
- *
- * Copyright (C) 2009-2013 Security Innovation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- *****************************************************************************/
-
-/******************************************************************************
- *
- * File: ntru_crypto_sha2.c
- *
- * Contents: Routines implementing the SHA-256 hash calculation.
- *
- *****************************************************************************/
-
-
-#include <stdlib.h>
-#include <string.h>
-#include "ntru_crypto_sha2.h"
-#include "ntru_crypto_msbyte_uint32.h"
-
-
-/* chaining state elements */
-
-#define H0 state[0]
-#define H1 state[1]
-#define H2 state[2]
-#define H3 state[3]
-#define H4 state[4]
-#define H5 state[5]
-#define H6 state[6]
-#define H7 state[7]
-
-
-/* standard SHA-256 initialization values */
-
-#define H0_SHA256_INIT 0x6a09e667UL
-#define H1_SHA256_INIT 0xbb67ae85UL
-#define H2_SHA256_INIT 0x3c6ef372UL
-#define H3_SHA256_INIT 0xa54ff53aUL
-#define H4_SHA256_INIT 0x510e527fUL
-#define H5_SHA256_INIT 0x9b05688cUL
-#define H6_SHA256_INIT 0x1f83d9abUL
-#define H7_SHA256_INIT 0x5be0cd19UL
-
-
-/* sha2_blk()
- *
- * This routine updates the current hash output (chaining state)
- * by performing SHA-256 on a 512-bit block of data represented
- * as sixteen 32-bit words.
- */
-
-#define RR(a, n) ( ((a) >> (n)) | ((a) << (32 - (n))) )
-#define S0(a) ( RR((a), 2) ^ RR((a), 13) ^ RR((a), 22) )
-#define S1(a) ( RR((a), 6) ^ RR((a), 11) ^ RR((a), 25) )
-#define s0(a) ( RR((a), 7) ^ RR((a), 18) ^ ((a) >> 3) )
-#define s1(a) ( RR((a), 17) ^ RR((a), 19) ^ ((a) >> 10) )
-
-
-static void
-sha2_blk(
- uint32_t const *data, // in - ptr to 16 32-bit word input block
- uint32_t *state) // in/out - ptr to 8 32-bit word chaining state
-{
- uint32_t A, B, C, D, E, F, G, H;
- uint32_t w[16];
-
- /* init A - H */
-
- A = H0; B = H1; C = H2; D = H3; E = H4; F = H5; G = H6; H = H7;
-
- /* rounds 0 - 15 */
-
- H += S1(E) + (E & (F ^ G) ^ G) + 0x428A2F98UL + data[ 0]; D += H;
- H += S0(A) + ((A & B) | (C & (A | B)));
- G += S1(D) + (D & (E ^ F) ^ F) + 0x71374491UL + data[ 1]; C += G;
- G += S0(H) + ((H & A) | (B & (H | A)));
- F += S1(C) + (C & (D ^ E) ^ E) + 0xB5C0FBCFUL + data[ 2]; B += F;
- F += S0(G) + ((G & H) | (A & (G | H)));
- E += S1(B) + (B & (C ^ D) ^ D) + 0xE9B5DBA5UL + data[ 3]; A += E;
- E += S0(F) + ((F & G) | (H & (F | G)));
- D += S1(A) + (A & (B ^ C) ^ C) + 0x3956C25BUL + data[ 4]; H += D;
- D += S0(E) + ((E & F) | (G & (E | F)));
- C += S1(H) + (H & (A ^ B) ^ B) + 0x59F111F1UL + data[ 5]; G += C;
- C += S0(D) + ((D & E) | (F & (D | E)));
- B += S1(G) + (G & (H ^ A) ^ A) + 0x923F82A4UL + data[ 6]; F += B;
- B += S0(C) + ((C & D) | (E & (C | D)));
- A += S1(F) + (F & (G ^ H) ^ H) + 0xAB1C5ED5UL + data[ 7]; E += A;
- A += S0(B) + ((B & C) | (D & (B | C)));
- H += S1(E) + (E & (F ^ G) ^ G) + 0xD807AA98UL + data[ 8]; D += H;
- H += S0(A) + ((A & B) | (C & (A | B)));
- G += S1(D) + (D & (E ^ F) ^ F) + 0x12835B01UL + data[ 9]; C += G;
- G += S0(H) + ((H & A) | (B & (H | A)));
- F += S1(C) + (C & (D ^ E) ^ E) + 0x243185BEUL + data[10]; B += F;
- F += S0(G) + ((G & H) | (A & (G | H)));
- E += S1(B) + (B & (C ^ D) ^ D) + 0x550C7DC3UL + data[11]; A += E;
- E += S0(F) + ((F & G) | (H & (F | G)));
- D += S1(A) + (A & (B ^ C) ^ C) + 0x72BE5D74UL + data[12]; H += D;
- D += S0(E) + ((E & F) | (G & (E | F)));
- C += S1(H) + (H & (A ^ B) ^ B) + 0x80DEB1FEUL + data[13]; G += C;
- C += S0(D) + ((D & E) | (F & (D | E)));
- B += S1(G) + (G & (H ^ A) ^ A) + 0x9BDC06A7UL + data[14]; F += B;
- B += S0(C) + ((C & D) | (E & (C | D)));
- A += S1(F) + (F & (G ^ H) ^ H) + 0xC19BF174UL + data[15]; E += A;
- A += S0(B) + ((B & C) | (D & (B | C)));
-
- /* rounds 16 - 63 */
-
- w[ 0] = data[ 0] + s0(data[ 1]) + data[ 9] + s1(data[14]);
- H += S1(E) + (E & (F ^ G) ^ G) + 0xE49B69C1UL + w[ 0]; D += H;
- H += S0(A) + ((A & B) | (C & (A | B)));
- w[ 1] = data[ 1] + s0(data[ 2]) + data[10] + s1(data[15]);
- G += S1(D) + (D & (E ^ F) ^ F) + 0xEFBE4786UL + w[ 1]; C += G;
- G += S0(H) + ((H & A) | (B & (H | A)));
- w[ 2] = data[ 2] + s0(data[ 3]) + data[11] + s1(w[ 0]);
- F += S1(C) + (C & (D ^ E) ^ E) + 0x0FC19DC6UL + w[ 2]; B += F;
- F += S0(G) + ((G & H) | (A & (G | H)));
- w[ 3] = data[ 3] + s0(data[ 4]) + data[12] + s1(w[ 1]);
- E += S1(B) + (B & (C ^ D) ^ D) + 0x240CA1CCUL + w[ 3]; A += E;
- E += S0(F) + ((F & G) | (H & (F | G)));
- w[ 4] = data[ 4] + s0(data[ 5]) + data[13] + s1(w[ 2]);
- D += S1(A) + (A & (B ^ C) ^ C) + 0x2DE92C6FUL + w[ 4]; H += D;
- D += S0(E) + ((E & F) | (G & (E | F)));
- w[ 5] = data[ 5] + s0(data[ 6]) + data[14] + s1(w[ 3]);
- C += S1(H) + (H & (A ^ B) ^ B) + 0x4A7484AAUL + w[ 5]; G += C;
- C += S0(D) + ((D & E) | (F & (D | E)));
- w[ 6] = data[ 6] + s0(data[ 7]) + data[15] + s1(w[ 4]);
- B += S1(G) + (G & (H ^ A) ^ A) + 0x5CB0A9DCUL + w[ 6]; F += B;
- B += S0(C) + ((C & D) | (E & (C | D)));
- w[ 7] = data[ 7] + s0(data[ 8]) + w[ 0] + s1(w[ 5]);
- A += S1(F) + (F & (G ^ H) ^ H) + 0x76F988DAUL + w[ 7]; E += A;
- A += S0(B) + ((B & C) | (D & (B | C)));
- w[ 8] = data[ 8] + s0(data[ 9]) + w[ 1] + s1(w[ 6]);
- H += S1(E) + (E & (F ^ G) ^ G) + 0x983E5152UL + w[ 8]; D += H;
- H += S0(A) + ((A & B) | (C & (A | B)));
- w[ 9] = data[ 9] + s0(data[10]) + w[ 2] + s1(w[ 7]);
- G += S1(D) + (D & (E ^ F) ^ F) + 0xA831C66DUL + w[ 9]; C += G;
- G += S0(H) + ((H & A) | (B & (H | A)));
- w[10] = data[10] + s0(data[11]) + w[ 3] + s1(w[ 8]);
- F += S1(C) + (C & (D ^ E) ^ E) + 0xB00327C8UL + w[10]; B += F;
- F += S0(G) + ((G & H) | (A & (G | H)));
- w[11] = data[11] + s0(data[12]) + w[ 4] + s1(w[ 9]);
- E += S1(B) + (B & (C ^ D) ^ D) + 0xBF597FC7UL + w[11]; A += E;
- E += S0(F) + ((F & G) | (H & (F | G)));
- w[12] = data[12] + s0(data[13]) + w[ 5] + s1(w[10]);
- D += S1(A) + (A & (B ^ C) ^ C) + 0xC6E00BF3UL + w[12]; H += D;
- D += S0(E) + ((E & F) | (G & (E | F)));
- w[13] = data[13] + s0(data[14]) + w[ 6] + s1(w[11]);
- C += S1(H) + (H & (A ^ B) ^ B) + 0xD5A79147UL + w[13]; G += C;
- C += S0(D) + ((D & E) | (F & (D | E)));
- w[14] = data[14] + s0(data[15]) + w[ 7] + s1(w[12]);
- B += S1(G) + (G & (H ^ A) ^ A) + 0x06CA6351UL + w[14]; F += B;
- B += S0(C) + ((C & D) | (E & (C | D)));
- w[15] = data[15] + s0(w[ 0]) + w[ 8] + s1(w[13]);
- A += S1(F) + (F & (G ^ H) ^ H) + 0x14292967UL + w[15]; E += A;
- A += S0(B) + ((B & C) | (D & (B | C)));
- w[ 0] = w[ 0] + s0(w[ 1]) + w[ 9] + s1(w[14]);
- H += S1(E) + (E & (F ^ G) ^ G) + 0x27B70A85UL + w[ 0]; D += H;
- H += S0(A) + ((A & B) | (C & (A | B)));
- w[ 1] = w[ 1] + s0(w[ 2]) + w[10] + s1(w[15]);
- G += S1(D) + (D & (E ^ F) ^ F) + 0x2E1B2138UL + w[ 1]; C += G;
- G += S0(H) + ((H & A) | (B & (H | A)));
- w[ 2] = w[ 2] + s0(w[ 3]) + w[11] + s1(w[ 0]);
- F += S1(C) + (C & (D ^ E) ^ E) + 0x4D2C6DFCUL + w[ 2]; B += F;
- F += S0(G) + ((G & H) | (A & (G | H)));
- w[ 3] = w[ 3] + s0(w[ 4]) + w[12] + s1(w[ 1]);
- E += S1(B) + (B & (C ^ D) ^ D) + 0x53380D13UL + w[ 3]; A += E;
- E += S0(F) + ((F & G) | (H & (F | G)));
- w[ 4] = w[ 4] + s0(w[ 5]) + w[13] + s1(w[ 2]);
- D += S1(A) + (A & (B ^ C) ^ C) + 0x650A7354UL + w[ 4]; H += D;
- D += S0(E) + ((E & F) | (G & (E | F)));
- w[ 5] = w[ 5] + s0(w[ 6]) + w[14] + s1(w[ 3]);
- C += S1(H) + (H & (A ^ B) ^ B) + 0x766A0ABBUL + w[ 5]; G += C;
- C += S0(D) + ((D & E) | (F & (D | E)));
- w[ 6] = w[ 6] + s0(w[ 7]) + w[15] + s1(w[ 4]);
- B += S1(G) + (G & (H ^ A) ^ A) + 0x81C2C92EUL + w[ 6]; F += B;
- B += S0(C) + ((C & D) | (E & (C | D)));
- w[ 7] = w[ 7] + s0(w[ 8]) + w[ 0] + s1(w[ 5]);
- A += S1(F) + (F & (G ^ H) ^ H) + 0x92722C85UL + w[ 7]; E += A;
- A += S0(B) + ((B & C) | (D & (B | C)));
- w[ 8] = w[ 8] + s0(w[ 9]) + w[ 1] + s1(w[ 6]);
- H += S1(E) + (E & (F ^ G) ^ G) + 0xA2BFE8A1UL + w[ 8]; D += H;
- H += S0(A) + ((A & B) | (C & (A | B)));
- w[ 9] = w[ 9] + s0(w[10]) + w[ 2] + s1(w[ 7]);
- G += S1(D) + (D & (E ^ F) ^ F) + 0xA81A664BUL + w[ 9]; C += G;
- G += S0(H) + ((H & A) | (B & (H | A)));
- w[10] = w[10] + s0(w[11]) + w[ 3] + s1(w[ 8]);
- F += S1(C) + (C & (D ^ E) ^ E) + 0xC24B8B70UL + w[10]; B += F;
- F += S0(G) + ((G & H) | (A & (G | H)));
- w[11] = w[11] + s0(w[12]) + w[ 4] + s1(w[ 9]);
- E += S1(B) + (B & (C ^ D) ^ D) + 0xC76C51A3UL + w[11]; A += E;
- E += S0(F) + ((F & G) | (H & (F | G)));
- w[12] = w[12] + s0(w[13]) + w[ 5] + s1(w[10]);
- D += S1(A) + (A & (B ^ C) ^ C) + 0xD192E819UL + w[12]; H += D;
- D += S0(E) + ((E & F) | (G & (E | F)));
- w[13] = w[13] + s0(w[14]) + w[ 6] + s1(w[11]);
- C += S1(H) + (H & (A ^ B) ^ B) + 0xD6990624UL + w[13]; G += C;
- C += S0(D) + ((D & E) | (F & (D | E)));
- w[14] = w[14] + s0(w[15]) + w[ 7] + s1(w[12]);
- B += S1(G) + (G & (H ^ A) ^ A) + 0xF40E3585UL + w[14]; F += B;
- B += S0(C) + ((C & D) | (E & (C | D)));
- w[15] = w[15] + s0(w[ 0]) + w[ 8] + s1(w[13]);
- A += S1(F) + (F & (G ^ H) ^ H) + 0x106AA070UL + w[15]; E += A;
- A += S0(B) + ((B & C) | (D & (B | C)));
- w[ 0] = w[ 0] + s0(w[ 1]) + w[ 9] + s1(w[14]);
- H += S1(E) + (E & (F ^ G) ^ G) + 0x19A4C116UL + w[ 0]; D += H;
- H += S0(A) + ((A & B) | (C & (A | B)));
- w[ 1] = w[ 1] + s0(w[ 2]) + w[10] + s1(w[15]);
- G += S1(D) + (D & (E ^ F) ^ F) + 0x1E376C08UL + w[ 1]; C += G;
- G += S0(H) + ((H & A) | (B & (H | A)));
- w[ 2] = w[ 2] + s0(w[ 3]) + w[11] + s1(w[ 0]);
- F += S1(C) + (C & (D ^ E) ^ E) + 0x2748774CUL + w[ 2]; B += F;
- F += S0(G) + ((G & H) | (A & (G | H)));
- w[ 3] = w[ 3] + s0(w[ 4]) + w[12] + s1(w[ 1]);
- E += S1(B) + (B & (C ^ D) ^ D) + 0x34B0BCB5UL + w[ 3]; A += E;
- E += S0(F) + ((F & G) | (H & (F | G)));
- w[ 4] = w[ 4] + s0(w[ 5]) + w[13] + s1(w[ 2]);
- D += S1(A) + (A & (B ^ C) ^ C) + 0x391C0CB3UL + w[ 4]; H += D;
- D += S0(E) + ((E & F) | (G & (E | F)));
- w[ 5] = w[ 5] + s0(w[ 6]) + w[14] + s1(w[ 3]);
- C += S1(H) + (H & (A ^ B) ^ B) + 0x4ED8AA4AUL + w[ 5]; G += C;
- C += S0(D) + ((D & E) | (F & (D | E)));
- w[ 6] = w[ 6] + s0(w[ 7]) + w[15] + s1(w[ 4]);
- B += S1(G) + (G & (H ^ A) ^ A) + 0x5B9CCA4FUL + w[ 6]; F += B;
- B += S0(C) + ((C & D) | (E & (C | D)));
- w[ 7] = w[ 7] + s0(w[ 8]) + w[ 0] + s1(w[ 5]);
- A += S1(F) + (F & (G ^ H) ^ H) + 0x682E6FF3UL + w[ 7]; E += A;
- A += S0(B) + ((B & C) | (D & (B | C)));
- w[ 8] = w[ 8] + s0(w[ 9]) + w[ 1] + s1(w[ 6]);
- H += S1(E) + (E & (F ^ G) ^ G) + 0x748F82EEUL + w[ 8]; D += H;
- H += S0(A) + ((A & B) | (C & (A | B)));
- w[ 9] = w[ 9] + s0(w[10]) + w[ 2] + s1(w[ 7]);
- G += S1(D) + (D & (E ^ F) ^ F) + 0x78A5636FUL + w[ 9]; C += G;
- G += S0(H) + ((H & A) | (B & (H | A)));
- w[10] = w[10] + s0(w[11]) + w[ 3] + s1(w[ 8]);
- F += S1(C) + (C & (D ^ E) ^ E) + 0x84C87814UL + w[10]; B += F;
- F += S0(G) + ((G & H) | (A & (G | H)));
- w[11] = w[11] + s0(w[12]) + w[ 4] + s1(w[ 9]);
- E += S1(B) + (B & (C ^ D) ^ D) + 0x8CC70208UL + w[11]; A += E;
- E += S0(F) + ((F & G) | (H & (F | G)));
- w[12] = w[12] + s0(w[13]) + w[ 5] + s1(w[10]);
- D += S1(A) + (A & (B ^ C) ^ C) + 0x90BEFFFAUL + w[12]; H += D;
- D += S0(E) + ((E & F) | (G & (E | F)));
- w[13] = w[13] + s0(w[14]) + w[ 6] + s1(w[11]);
- C += S1(H) + (H & (A ^ B) ^ B) + 0xA4506CEBUL + w[13]; G += C;
- C += S0(D) + ((D & E) | (F & (D | E)));
- w[14] = w[14] + s0(w[15]) + w[ 7] + s1(w[12]);
- B += S1(G) + (G & (H ^ A) ^ A) + 0xBEF9A3F7UL + w[14]; F += B;
- B += S0(C) + ((C & D) | (E & (C | D)));
- w[15] = w[15] + s0(w[ 0]) + w[ 8] + s1(w[13]);
- A += S1(F) + (F & (G ^ H) ^ H) + 0xC67178F2UL + w[15]; E += A;
- A += S0(B) + ((B & C) | (D & (B | C)));
-
- /* update H0 - H7 */
-
- H0 += A;
- H1 += B;
- H2 += C;
- H3 += D;
- H4 += E;
- H5 += F;
- H6 += G;
- H7 += H;
-
- /* clear temp variables */
-
- A = B = C = D = E = F = G = H = 0;
- memset(w, 0, sizeof(w));
-}
-
-
-/* ntru_crypto_sha2()
- *
- * This routine provides all operations for a SHA-256 hash,
- * and the use of SHA-256 for DSA signing and key generation.
- * It may be used to initialize, update, or complete a message digest,
- * or any combination of those actions, as determined by the SHA_INIT flag,
- * the in_len parameter, and the SHA_FINISH flag, respectively.
- *
- * When in_len == 0 (no data to hash), the parameter, in, may be NULL.
- * When the SHA_FINISH flag is not set, the parameter, md, may be NULL.
- *
- * Initialization may be standard or use a specified initialization vector,
- * and is indicated by setting the SHA_INIT flag.
- * Setting init = NULL specifies standard initialization. Otherwise, init
- * points to the array of eight alternate initialization 32-bit words.
- *
- * The hash operation can be updated with any number of input bytes, including
- * zero.
- *
- * The hash operation can be completed with normal padding or with zero
- * padding as required for parts of DSA parameter generation, and is indicated
- * by setting the SHA_FINISH flag. Using zero padding, indicated by setting
- * the SHA_ZERO_PAD flag, never creates an extra input block because the
- * bit count is not included in the hashed data.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-uint32_t
-ntru_crypto_sha2(
- NTRU_CRYPTO_HASH_ALGID algid, // in - hash algorithm ID
- NTRU_CRYPTO_SHA2_CTX *c, // in/out - pointer to SHA-2 context
- uint32_t const *init, // in - pointer to alternate
- // initialization - may be NULL
- uint8_t const *in, // in - pointer to input data -
- // may be NULL if in_len == 0
- uint32_t in_len, // in - number of input data bytes
- uint32_t flags, // in - INIT, FINISH, zero-pad flags
- uint8_t *md) // out - address for message digest -
- // may be NULL if not FINISH
-{
- uint32_t in_blk[16]; // input block
- uint32_t space;
- uint8_t *d = NULL;
-
- /* check error conditions */
-
- if (algid != NTRU_CRYPTO_HASH_ALGID_SHA256)
- SHA_RET(SHA_BAD_PARAMETER)
-
- if (!c || (in_len && !in) || ((flags & SHA_FINISH) && !md))
- SHA_RET(SHA_BAD_PARAMETER)
-
- /* initialize context if requested */
-
- if (flags & SHA_INIT) {
-
- /* init chaining state */
-
- if (!init) { // standard initialization
-
- c->state[0] = H0_SHA256_INIT; // standard SHA-256 init
- c->state[1] = H1_SHA256_INIT;
- c->state[2] = H2_SHA256_INIT;
- c->state[3] = H3_SHA256_INIT;
- c->state[4] = H4_SHA256_INIT;
- c->state[5] = H5_SHA256_INIT;
- c->state[6] = H6_SHA256_INIT;
- c->state[7] = H7_SHA256_INIT;
-
- } else {
- c->state[0] = init[0]; // alternate initialization
- c->state[1] = init[1];
- c->state[2] = init[2];
- c->state[3] = init[3];
- c->state[4] = init[4];
- c->state[5] = init[5];
- c->state[6] = init[6];
- c->state[7] = init[7];
- }
-
- /* init bit count and number of unhashed data bytes */
-
- c->num_bits_hashed[0] = 0;
- c->num_bits_hashed[1] = 0;
- c->unhashed_len = 0;
- }
-
- /* determine space left in unhashed data buffer */
-
- if (c->unhashed_len > 63)
- SHA_RET(SHA_FAIL)
-
- space = 64 - c->unhashed_len;
-
- /* process input if it exists */
-
- if (in_len) {
-
- /* update count of bits hashed */
-
- {
- uint32_t bits0, bits1;
-
- bits0 = in_len << 3;
- bits1 = in_len >> 29;
- if ((c->num_bits_hashed[0] += bits0) < bits0)
- bits1++;
- if ((c->num_bits_hashed[1] += bits1) < bits1) {
- memset((uint8_t *) c, 0, sizeof(NTRU_CRYPTO_SHA2_CTX));
- space = 0;
- memset((char *) in_blk, 0, sizeof(in_blk));
- SHA_RET(SHA_OVERFLOW)
- }
- }
-
- /* process input bytes */
-
- if (in_len < space) {
-
- /* input does not fill block buffer:
- * add input to buffer
- */
-
- memcpy(c->unhashed + c->unhashed_len, in, in_len);
- c->unhashed_len += in_len;
-
- } else {
- uint32_t blks;
-
- /* input will fill block buffer:
- * fill unhashed data buffer,
- * convert to block buffer,
- * and process block
- */
-
- in_len -= space;
- for (d = c->unhashed + c->unhashed_len; space; space--)
- *d++ = *in++;
- ntru_crypto_msbyte_2_uint32(in_blk, (uint8_t const *) c->unhashed,
- 16);
- sha2_blk((uint32_t const *) in_blk, c->state);
-
- /* process any remaining full blocks */
-
- for (blks = in_len >> 6; blks--; in += 64) {
- ntru_crypto_msbyte_2_uint32(in_blk, in, 16);
- sha2_blk((uint32_t const *) in_blk, c->state);
- }
-
- /* put any remaining input in the unhashed data buffer */
-
- in_len &= 0x3f;
- memcpy(c->unhashed, in, in_len);
- c->unhashed_len = in_len;
- }
- }
-
- /* complete message digest if requested */
-
- if (flags & SHA_FINISH) {
- space = 64 - c->unhashed_len;
-
- /* check padding type */
-
- if (!(flags & SHA_ZERO_PAD)) {
-
- /* add 0x80 padding byte to the unhashed data buffer
- * (there is always space since the buffer can't be full)
- */
-
- d = c->unhashed + c->unhashed_len;
- *d++ = 0x80;
- space--;
-
- /* check for space for bit count */
-
- if (space < 8) {
-
- /* no space for count:
- * fill remainder of unhashed data buffer with zeros,
- * convert to input block,
- * process block,
- * fill all but 8 bytes of unhashed data buffer with zeros
- */
-
- memset(d, 0, space);
- ntru_crypto_msbyte_2_uint32(in_blk,
- (uint8_t const *) c->unhashed, 16);
- sha2_blk((uint32_t const *) in_blk, c->state);
- memset(c->unhashed, 0, 56);
-
- } else {
-
- /* fill unhashed data buffer with zeros,
- * leaving space for bit count
- */
-
- for (space -= 8; space; space--)
- *d++ = 0;
- }
-
- /* convert partially filled unhashed data buffer to input block and
- * add bit count to input block
- */
-
- ntru_crypto_msbyte_2_uint32(in_blk, (uint8_t const *) c->unhashed,
- 14);
- in_blk[14] = c->num_bits_hashed[1];
- in_blk[15] = c->num_bits_hashed[0];
-
- } else {
-
- /* pad unhashed data buffer with zeros and no bit count and
- * convert to input block
- */
-
- memset(c->unhashed + c->unhashed_len, 0, space);
- ntru_crypto_msbyte_2_uint32(in_blk, (uint8_t const *) c->unhashed,
- 16);
- }
-
- /* process last block */
-
- sha2_blk((uint32_t const *) in_blk, c->state);
-
- /* copy result to message digest buffer */
-
- ntru_crypto_uint32_2_msbyte(md, c->state, 8);
-
- /* clear context and stack variables */
-
- memset((uint8_t *) c, 0, sizeof(NTRU_CRYPTO_SHA2_CTX));
- space = 0;
- memset((char *) in_blk, 0, sizeof(in_blk));
- }
-
- SHA_RET(SHA_OK)
-}
-
+++ /dev/null
-/******************************************************************************
- * NTRU Cryptography Reference Source Code
- * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
- *
- * ntru_crypto_crypto_sha2.h is a component of ntru-crypto.
- *
- * Copyright (C) 2009-2013 Security Innovation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- *****************************************************************************/
-
-/******************************************************************************
- *
- * File: ntru_crypto_sha2.h
- *
- * Contents: Definitions and declarations for the SHA-256 implementation.
- *
- *****************************************************************************/
-
-#ifndef NTRU_CRYPTO_SHA2_H
-#define NTRU_CRYPTO_SHA2_H
-
-
-#include "ntru_crypto_sha.h"
-
-#include <library.h>
-
-/*************************
- * structure definitions *
- *************************/
-
-/* SHA-256 context structure */
-
-typedef struct {
- uint32_t state[8]; /* chaining state */
- uint32_t num_bits_hashed[2]; /* number of bits hashed */
- uint8_t unhashed[64]; /* input data not yet hashed */
- uint32_t unhashed_len; /* number of bytes of unhashed input data */
-} NTRU_CRYPTO_SHA2_CTX;
-
-
-/*************************
- * function declarations *
- *************************/
-
-/* ntru_crypto_sha2()
- *
- * This routine provides all operations for a SHA-256 hash,
- * and the use of SHA-256 for DSA signing and key generation.
- * It may be used to initialize, update, or complete a message digest,
- * or any combination of those actions, as determined by the SHA_INIT flag,
- * the in_len parameter, and the SHA_FINISH flag, respectively.
- *
- * When in_len == 0 (no data to hash), the parameter, in, may be NULL.
- * When the SHA_FINISH flag is not set, the parameter, md, may be NULL.
- *
- * Initialization may be standard or use a specified initialization vector,
- * and is indicated by setting the SHA_INIT flag.
- * Setting init = NULL specifies standard initialization. Otherwise, init
- * points to the array of eight alternate initialization 32-bit words.
- *
- * The hash operation can be updated with any number of input bytes, including
- * zero.
- *
- * The hash operation can be completed with normal padding or with zero
- * padding as required for parts of DSA parameter generation, and is indicated
- * by setting the SHA_FINISH flag. Using zero padding, indicated by setting
- * the SHA_ZERO_PAD flag, never creates an extra input block because the
- * bit count is not included in the hashed data.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-extern uint32_t
-ntru_crypto_sha2(
- NTRU_CRYPTO_HASH_ALGID algid, /* in - hash algorithm ID */
- NTRU_CRYPTO_SHA2_CTX *c, /* in/out - pointer to SHA-2 context */
- uint32_t const *init, /* in - pointer to alternate */
- /* initialization - may be NULL */
- uint8_t const *in, /* in - pointer to input data -
- may be NULL if in_len == 0 */
- uint32_t in_len, /* in - number of input data bytes */
- uint32_t flags, /* in - INIT, FINISH, zero-pad flags */
- uint8_t *md); /* out - address for message digest -
- may be NULL if not FINISH */
-
-
-#endif /* NTRU_CRYPTO_SHA2_H */
+++ /dev/null
-/******************************************************************************
- * NTRU Cryptography Reference Source Code
- * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
- *
- * ntru_crypto_sha256.c is a component of ntru-crypto.
- *
- * Copyright (C) 2009-2013 Security Innovation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- *****************************************************************************/
-
-/******************************************************************************
- *
- * File: ntru_crypto_sha256.c
- *
- * Contents: Routines implementing the SHA-256 hash calculations.
- *
- *****************************************************************************/
-
-
-#include <stdlib.h>
-#include "ntru_crypto_sha256.h"
-
-
-/* ntru_crypto_sha256_init
- *
- * This routine performs standard initialization of the SHA-256 state.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- */
-
-uint32_t
-ntru_crypto_sha256_init(
- NTRU_CRYPTO_SHA2_CTX *c) /* in/out - pointer to SHA-2 context */
-{
- return ntru_crypto_sha2(NTRU_CRYPTO_HASH_ALGID_SHA256, c, NULL, NULL, 0,
- SHA_INIT, NULL);
-}
-
-
-/* ntru_crypto_sha256_update
- *
- * This routine processes input data and updates the SHA-256 hash calculation.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-uint32_t
-ntru_crypto_sha256_update(
- NTRU_CRYPTO_SHA2_CTX *c, /* in/out - pointer to SHA-2 context */
- uint8_t const *data, /* in - pointer to input data */
- uint32_t data_len) /* in - no. of bytes of input data */
-{
- return ntru_crypto_sha2(NTRU_CRYPTO_HASH_ALGID_SHA256, c, NULL, data,
- data_len, SHA_DATA_ONLY, NULL);
-}
-
-
-/* ntru_crypto_sha256_final
- *
- * This routine completes the SHA-256 hash calculation and returns the
- * message digest.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-uint32_t
-ntru_crypto_sha256_final(
- NTRU_CRYPTO_SHA2_CTX *c, /* in/out - pointer to SHA-2 context */
- uint8_t *md) /* out - address for message digest */
-{
- return ntru_crypto_sha2(NTRU_CRYPTO_HASH_ALGID_SHA256, c, NULL, NULL, 0,
- SHA_FINISH, md);
-}
-
-
-/* ntru_crypto_sha256_final_zero_pad
- *
- * This routine completes the SHA-256 hash calculation using zero padding
- * and returns the message digest.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-uint32_t
-ntru_crypto_sha256_final_zero_pad(
- NTRU_CRYPTO_SHA2_CTX *c, /* in/out - pointer to SHA-2 context */
- uint8_t *md) /* out - address for message digest */
-{
- return ntru_crypto_sha2(NTRU_CRYPTO_HASH_ALGID_SHA256, c, NULL, NULL, 0,
- SHA_FINISH | SHA_ZERO_PAD, md);
-}
-
-
-/* ntru_crypto_sha256_digest
- *
- * This routine computes a SHA-256 message digest.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-uint32_t
-ntru_crypto_sha256_digest(
- uint8_t const *data, // in - pointer to input data
- uint32_t data_len, // in - number of bytes of input data
- uint8_t *md) // out - address for message digest
-{
- NTRU_CRYPTO_SHA2_CTX c;
-
- return ntru_crypto_sha2(NTRU_CRYPTO_HASH_ALGID_SHA256, &c, NULL, data,
- data_len, SHA_INIT | SHA_FINISH, md);
-}
-
+++ /dev/null
-/******************************************************************************
- * NTRU Cryptography Reference Source Code
- * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
- *
- * ntru_crypto_sha256.h is a component of ntru-crypto.
- *
- * Copyright (C) 2009-2013 Security Innovation
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- *****************************************************************************/
-
-
-/******************************************************************************
- *
- * File: ntru_crypto_sha256.h
- *
- * Contents: Definitions and declarations for the SHA-256 implementation.
- *
- *****************************************************************************/
-
-#ifndef CRYPTO_SHA256_H
-#define CRYPTO_SHA256_H
-
-
-#include "ntru_crypto_sha2.h"
-
-#include <library.h>
-
-/******************************************
- * macros needed for generic hash objects *
- ******************************************/
-
-#define SHA_256_CTX_LEN sizeof(NTRU_CRYPTO_SHA2_CTX)
- /* no. bytes in SHA-2
- ctx */
-#define SHA_256_BLK_LEN 64 /* 64 bytes in input
- block */
-#define SHA_256_MD_LEN 32 /* 32 bytes in msg
- digest */
-#define SHA_256_INIT_FN &ntru_crypto_sha256_init /* init function */
-#define SHA_256_UPDATE_FN &ntru_crypto_sha256_update /* update function */
-#define SHA_256_FINAL_FN &ntru_crypto_sha256_final /* final function */
-#define SHA_256_FINAL_ZERO_PAD_FN \
- &ntru_crypto_sha256_final_zero_pad
- /* final function using
- zero padding */
-#define SHA_256_DIGEST_FN &ntru_crypto_sha256_digest /* digest function */
-
-
-/*************************
- * function declarations *
- *************************/
-
-/* ntru_crypto_sha256_init
- *
- * This routine performs standard initialization of the SHA-256 state.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- */
-
-extern uint32_t
-ntru_crypto_sha256_init(
- NTRU_CRYPTO_SHA2_CTX *c); /* in/out - pointer to SHA-2 context */
-
-
-/* ntru_crypto_sha256_update
- *
- * This routine processes input data and updates the SHA-256 hash calculation.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-extern uint32_t
-ntru_crypto_sha256_update(
- NTRU_CRYPTO_SHA2_CTX *c, /* in/out - pointer to SHA-2 context */
- uint8_t const *data, /* in - pointer to input data */
- uint32_t data_len); /* in - no. of bytes of input data */
-
-
-/* ntru_crypto_sha256_final
- *
- * This routine completes the SHA-256 hash calculation and returns the
- * message digest.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-extern uint32_t
-ntru_crypto_sha256_final(
- NTRU_CRYPTO_SHA2_CTX *c, /* in/out - pointer to SHA-2 context */
- uint8_t *md); /* out - address for message digest */
-
-
-/* ntru_crypto_sha256_final_zero_pad
- *
- * This routine completes the SHA-256 hash calculation using zero padding
- * and returns the message digest.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-extern uint32_t
-ntru_crypto_sha256_final_zero_pad(
- NTRU_CRYPTO_SHA2_CTX *c, /* in/out - pointer to SHA-2 context */
- uint8_t *md); /* out - address for message digest */
-
-
-/* ntru_crypto_sha256_digest
- *
- * This routine computes a SHA-256 message digest.
- *
- * Returns SHA_OK on success.
- * Returns SHA_FAIL with corrupted context.
- * Returns SHA_BAD_PARAMETER if inappropriate NULL pointers are passed.
- * Returns SHA_OVERFLOW if more than 2^64 - 1 bytes are hashed.
- */
-
-extern uint32_t
-ntru_crypto_sha256_digest(
- uint8_t const *data, // in - pointer to input data
- uint32_t data_len, // in - number of bytes of input data
- uint8_t *md); // out - address for message digest
-
-
-#endif /* CRYPTO_SHA256_H */
PLUGIN_PROVIDE(DH, NTRU_256_BIT),
PLUGIN_DEPENDS(RNG, RNG_TRUE),
PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_SDEPEND(HASHER, HASH_SHA1)
};
*features = f;