From 5cd610a07468137066ea4daa5176c3e7045113b0 Mon Sep 17 00:00:00 2001 From: Uros Majstorovic Date: Wed, 5 Aug 2020 03:38:22 +0200 Subject: ecp moved to root; fixed utils and tests --- code/ecp/crypto/arc4random/Makefile | 14 -- code/ecp/crypto/arc4random/arc4random.c | 254 ---------------------------- code/ecp/crypto/arc4random/arc4random.h | 78 --------- code/ecp/crypto/arc4random/chacha_private.h | 223 ------------------------ 4 files changed, 569 deletions(-) delete mode 100755 code/ecp/crypto/arc4random/Makefile delete mode 100755 code/ecp/crypto/arc4random/arc4random.c delete mode 100755 code/ecp/crypto/arc4random/arc4random.h delete mode 100755 code/ecp/crypto/arc4random/chacha_private.h (limited to 'code/ecp/crypto/arc4random') diff --git a/code/ecp/crypto/arc4random/Makefile b/code/ecp/crypto/arc4random/Makefile deleted file mode 100755 index 387bca1..0000000 --- a/code/ecp/crypto/arc4random/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -include ../../Makefile.platform -CFLAGS += $(PIC) - -obj = arc4random.o - - -all: $(obj) -dep: all - -%.o: %.c - $(CC) $(CFLAGS) -c $< - -clean: - rm -f *.o *.a diff --git a/code/ecp/crypto/arc4random/arc4random.c b/code/ecp/crypto/arc4random/arc4random.c deleted file mode 100755 index 23ce9b7..0000000 --- a/code/ecp/crypto/arc4random/arc4random.c +++ /dev/null @@ -1,254 +0,0 @@ -/* - * Copyright (c) 1996, David Mazieres - * Copyright (c) 2008, Damien Miller - * Copyright (c) 2013, Markus Friedl - * Copyright (c) 2014, Theo de Raadt - * Copyright (c) 2015, Sudhi Herle - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - - -/* - * ChaCha based random number generator from OpenBSD. - * - * Made fully portable and thread-safe by Sudhi Herle. - */ - -#include -#include -#include -#include - -#define ARC4R_KEYSZ 32 -#define ARC4R_IVSZ 8 -#define ARC4R_BLOCKSZ 64 -#define ARC4R_RSBUFSZ (16*ARC4R_BLOCKSZ) - -typedef struct -{ - uint32_t input[16]; /* could be compressed */ -} chacha_ctx; - -struct rand_state -{ - size_t rs_have; /* valid bytes at end of rs_buf */ - size_t rs_count; /* bytes till reseed */ - chacha_ctx rs_chacha; /* chacha context for random keystream */ - u_char rs_buf[ARC4R_RSBUFSZ]; /* keystream blocks */ -}; -typedef struct rand_state rand_state; - - -/* kernel entropy */ -static int (*getentropy) (void* buf, size_t n); - - -#define KEYSTREAM_ONLY -#include "chacha_private.h" - -#define minimum(a, b) ((a) < (b) ? (a) : (b)) - -#include "arc4random.h" - - -static inline void -_rs_init(rand_state* st, u8 *buf, size_t n) -{ - chacha_keysetup(&st->rs_chacha, buf, ARC4R_KEYSZ * 8, 0); - chacha_ivsetup(&st->rs_chacha, buf + ARC4R_KEYSZ); -} - - - -static inline void -_rs_rekey(rand_state* st, u8 *dat, size_t datlen) -{ - /* fill rs_buf with the keystream */ - chacha_encrypt_bytes(&st->rs_chacha, st->rs_buf, st->rs_buf, sizeof st->rs_buf); - - /* mix in optional user provided data */ - if (dat) { - size_t i, m; - - m = minimum(datlen, ARC4R_KEYSZ + ARC4R_IVSZ); - for (i = 0; i < m; i++) - st->rs_buf[i] ^= dat[i]; - - memset(dat, 0, datlen); - } - - /* immediately reinit for backtracking resistance */ - _rs_init(st, st->rs_buf, ARC4R_KEYSZ + ARC4R_IVSZ); - memset(st->rs_buf, 0, ARC4R_KEYSZ + ARC4R_IVSZ); - st->rs_have = (sizeof st->rs_buf) - ARC4R_KEYSZ - ARC4R_IVSZ; -} - - -static void -_rs_stir(rand_state* st) -{ - u8 rnd[ARC4R_KEYSZ + ARC4R_IVSZ]; - - - getentropy(rnd, sizeof rnd); - _rs_rekey(st, rnd, sizeof(rnd)); - - /* invalidate rs_buf */ - st->rs_have = 0; - memset(st->rs_buf, 0, sizeof st->rs_buf); - - st->rs_count = 1600000; -} - - -static inline void -_rs_stir_if_needed(rand_state* st, size_t len) -{ - if (st->rs_count <= len) - _rs_stir(st); - - st->rs_count -= len; -} - - -static inline void -_rs_random_buf(rand_state* rs, void *_buf, size_t n) -{ - u8 *buf = (u8 *)_buf; - u8 *keystream; - size_t m; - - _rs_stir_if_needed(rs, n); - while (n > 0) { - if (rs->rs_have > 0) { - m = minimum(n, rs->rs_have); - keystream = rs->rs_buf + sizeof(rs->rs_buf) - rs->rs_have; - memcpy(buf, keystream, m); - memset(keystream, 0, m); - buf += m; - n -= m; - rs->rs_have -= m; - } else - _rs_rekey(rs, NULL, 0); - } -} - -static inline uint32_t -_rs_random_u32(rand_state* rs) -{ - u8 *keystream; - uint32_t val; - - _rs_stir_if_needed(rs, sizeof(val)); - if (rs->rs_have < sizeof(val)) - _rs_rekey(rs, NULL, 0); - keystream = rs->rs_buf + sizeof(rs->rs_buf) - rs->rs_have; - memcpy(&val, keystream, sizeof(val)); - memset(keystream, 0, sizeof(val)); - rs->rs_have -= sizeof(val); - - return val; -} - - -/* - * Use gcc extension to declare a thread-local variable. - * - * On most systems (including x86_64), thread-local access is - * essentially free for non .so use cases. - * - */ -static rand_state st = { .rs_count = 0 }; -static inline rand_state* -sget() -{ - rand_state* s = &st; - - if (s->rs_count == 0) - _rs_stir(s); - return s; -} - - - -/* - * Public API. - */ - - -void -arc4random_init(int (*f) (void*, size_t)) -{ - getentropy = f; -} - - -uint32_t -arc4random() -{ - rand_state* z = sget(); - - return _rs_random_u32(z); -} - - -void -arc4random_buf(void* b, size_t n) -{ - rand_state* z = sget(); - - _rs_random_buf(z, b, n); -} - - - - -/* - * Calculate a uniformly distributed random number less than upper_bound - * avoiding "modulo bias". - * - * Uniformity is achieved by generating new random numbers until the one - * returned is outside the range [0, 2**32 % upper_bound). This - * guarantees the selected random number will be inside - * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) - * after reduction modulo upper_bound. - */ -uint32_t -arc4random_uniform(uint32_t upper_bound) -{ - rand_state* z = sget(); - uint32_t r, min; - - if (upper_bound < 2) - return 0; - - /* 2**32 % x == (2**32 - x) % x */ - min = -upper_bound % upper_bound; - - /* - * This could theoretically loop forever but each retry has - * p > 0.5 (worst case, usually far better) of selecting a - * number inside the range we need, so it should rarely need - * to re-roll. - */ - for (;;) { - r = _rs_random_u32(z); - if (r >= min) - break; - } - - return r % upper_bound; -} - -/* EOF */ diff --git a/code/ecp/crypto/arc4random/arc4random.h b/code/ecp/crypto/arc4random/arc4random.h deleted file mode 100755 index e281a89..0000000 --- a/code/ecp/crypto/arc4random/arc4random.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (c) 1996, David Mazieres - * Copyright (c) 2008, Damien Miller - * Copyright (c) 2013, Markus Friedl - * Copyright (c) 2014, Theo de Raadt - * Copyright (c) 2015, Sudhi Herle - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef ___ARC4RANDOM_H_5000666_1462841354__ -#define ___ARC4RANDOM_H_5000666_1462841354__ 1 - - /* Provide C linkage for symbols declared here .. */ -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -#include -#include - -/* - * On OpenBSD - we should NOT use the same symbol names. OpenBSD - * libc defines these, and the rest of libc uses this - from dynamic - * loading, to malloc() to printf() etc. - * - * For some fun, don't redefine the names - and see what happens :-) - */ -#ifdef __OpenBSD__ - -#define arc4random mt_arc4random -#define arc4random_uniform mt_arc4random_uniform -#define arc4random_buf mt_arc4random_buf - -#endif /* __OpenBSD__ */ - - -/* - * Initialize generator with getentropy - */ -extern void arc4random_init(int (*) (void*, size_t)); - - -/* - * Generate and return a random 32-bit number - */ -extern uint32_t arc4random(void); - - -/* - * Generate and return a uniformly random 32-bit quantity with an - * upper bound of 'upper_bound' - */ -extern uint32_t arc4random_uniform(uint32_t upper_bound); - - -/* - * Generate 'n' random bytes and put them in 'buf'. - */ -extern void arc4random_buf(void* buf, size_t n); - -#ifdef __cplusplus -} -#endif /* __cplusplus */ - -#endif /* ! ___ARC4RANDOM_H_5000666_1462841354__ */ - -/* EOF */ diff --git a/code/ecp/crypto/arc4random/chacha_private.h b/code/ecp/crypto/arc4random/chacha_private.h deleted file mode 100755 index 05ce200..0000000 --- a/code/ecp/crypto/arc4random/chacha_private.h +++ /dev/null @@ -1,223 +0,0 @@ -/* - * chacha-merged.c version 20080118 - * D. J. Bernstein - * Public domain. - */ - -/* $OpenBSD$ */ - -#include - - -typedef unsigned char u8; -typedef uint32_t u32; - - -#define U8C(v) (v##U) -#define U32C(v) (v##U) - -#define U8V(v) ((u8)(v) & U8C(0xFF)) -#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) - -#define ROTL32(v, n) \ - (U32V((v) << (n)) | ((v) >> (32 - (n)))) - -#define U8TO32_LITTLE(p) \ - (((u32)((p)[0]) ) | \ - ((u32)((p)[1]) << 8) | \ - ((u32)((p)[2]) << 16) | \ - ((u32)((p)[3]) << 24)) - -#define U32TO8_LITTLE(p, v) \ - do { \ - (p)[0] = U8V((v) ); \ - (p)[1] = U8V((v) >> 8); \ - (p)[2] = U8V((v) >> 16); \ - (p)[3] = U8V((v) >> 24); \ - } while (0) - -#define ROTATE(v,c) (ROTL32(v,c)) -#define XOR(v,w) ((v) ^ (w)) -#define PLUS(v,w) (U32V((v) + (w))) -#define PLUSONE(v) (PLUS((v),1)) - -#define QUARTERROUND(a,b,c,d) \ - a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ - c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ - a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ - c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); - -static const char sigma[16] = "expand 32-byte k"; -static const char tau[16] = "expand 16-byte k"; - -static void -chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits) -{ - const char *constants; - - (void)ivbits; - - x->input[4] = U8TO32_LITTLE(k + 0); - x->input[5] = U8TO32_LITTLE(k + 4); - x->input[6] = U8TO32_LITTLE(k + 8); - x->input[7] = U8TO32_LITTLE(k + 12); - if (kbits == 256) { /* recommended */ - k += 16; - constants = sigma; - } else { /* kbits == 128 */ - constants = tau; - } - x->input[8] = U8TO32_LITTLE(k + 0); - x->input[9] = U8TO32_LITTLE(k + 4); - x->input[10] = U8TO32_LITTLE(k + 8); - x->input[11] = U8TO32_LITTLE(k + 12); - x->input[0] = U8TO32_LITTLE(constants + 0); - x->input[1] = U8TO32_LITTLE(constants + 4); - x->input[2] = U8TO32_LITTLE(constants + 8); - x->input[3] = U8TO32_LITTLE(constants + 12); -} - -static void -chacha_ivsetup(chacha_ctx *x,const u8 *iv) -{ - x->input[12] = 0; - x->input[13] = 0; - x->input[14] = U8TO32_LITTLE(iv + 0); - x->input[15] = U8TO32_LITTLE(iv + 4); -} - -static void -chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) -{ - u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; - u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; - u8 *ctarget = NULL; - u8 tmp[64]; - u_int i; - - if (!bytes) return; - - j0 = x->input[0]; - j1 = x->input[1]; - j2 = x->input[2]; - j3 = x->input[3]; - j4 = x->input[4]; - j5 = x->input[5]; - j6 = x->input[6]; - j7 = x->input[7]; - j8 = x->input[8]; - j9 = x->input[9]; - j10 = x->input[10]; - j11 = x->input[11]; - j12 = x->input[12]; - j13 = x->input[13]; - j14 = x->input[14]; - j15 = x->input[15]; - - for (;;) { - if (bytes < 64) { - for (i = 0;i < bytes;++i) tmp[i] = m[i]; - m = tmp; - ctarget = c; - c = tmp; - } - x0 = j0; - x1 = j1; - x2 = j2; - x3 = j3; - x4 = j4; - x5 = j5; - x6 = j6; - x7 = j7; - x8 = j8; - x9 = j9; - x10 = j10; - x11 = j11; - x12 = j12; - x13 = j13; - x14 = j14; - x15 = j15; - for (i = 20;i > 0;i -= 2) { - QUARTERROUND( x0, x4, x8,x12) - QUARTERROUND( x1, x5, x9,x13) - QUARTERROUND( x2, x6,x10,x14) - QUARTERROUND( x3, x7,x11,x15) - QUARTERROUND( x0, x5,x10,x15) - QUARTERROUND( x1, x6,x11,x12) - QUARTERROUND( x2, x7, x8,x13) - QUARTERROUND( x3, x4, x9,x14) - } - x0 = PLUS(x0,j0); - x1 = PLUS(x1,j1); - x2 = PLUS(x2,j2); - x3 = PLUS(x3,j3); - x4 = PLUS(x4,j4); - x5 = PLUS(x5,j5); - x6 = PLUS(x6,j6); - x7 = PLUS(x7,j7); - x8 = PLUS(x8,j8); - x9 = PLUS(x9,j9); - x10 = PLUS(x10,j10); - x11 = PLUS(x11,j11); - x12 = PLUS(x12,j12); - x13 = PLUS(x13,j13); - x14 = PLUS(x14,j14); - x15 = PLUS(x15,j15); - -#ifndef KEYSTREAM_ONLY - x0 = XOR(x0,U8TO32_LITTLE(m + 0)); - x1 = XOR(x1,U8TO32_LITTLE(m + 4)); - x2 = XOR(x2,U8TO32_LITTLE(m + 8)); - x3 = XOR(x3,U8TO32_LITTLE(m + 12)); - x4 = XOR(x4,U8TO32_LITTLE(m + 16)); - x5 = XOR(x5,U8TO32_LITTLE(m + 20)); - x6 = XOR(x6,U8TO32_LITTLE(m + 24)); - x7 = XOR(x7,U8TO32_LITTLE(m + 28)); - x8 = XOR(x8,U8TO32_LITTLE(m + 32)); - x9 = XOR(x9,U8TO32_LITTLE(m + 36)); - x10 = XOR(x10,U8TO32_LITTLE(m + 40)); - x11 = XOR(x11,U8TO32_LITTLE(m + 44)); - x12 = XOR(x12,U8TO32_LITTLE(m + 48)); - x13 = XOR(x13,U8TO32_LITTLE(m + 52)); - x14 = XOR(x14,U8TO32_LITTLE(m + 56)); - x15 = XOR(x15,U8TO32_LITTLE(m + 60)); -#endif - - j12 = PLUSONE(j12); - if (!j12) { - j13 = PLUSONE(j13); - /* stopping at 2^70 bytes per nonce is user's responsibility */ - } - - U32TO8_LITTLE(c + 0,x0); - U32TO8_LITTLE(c + 4,x1); - U32TO8_LITTLE(c + 8,x2); - U32TO8_LITTLE(c + 12,x3); - U32TO8_LITTLE(c + 16,x4); - U32TO8_LITTLE(c + 20,x5); - U32TO8_LITTLE(c + 24,x6); - U32TO8_LITTLE(c + 28,x7); - U32TO8_LITTLE(c + 32,x8); - U32TO8_LITTLE(c + 36,x9); - U32TO8_LITTLE(c + 40,x10); - U32TO8_LITTLE(c + 44,x11); - U32TO8_LITTLE(c + 48,x12); - U32TO8_LITTLE(c + 52,x13); - U32TO8_LITTLE(c + 56,x14); - U32TO8_LITTLE(c + 60,x15); - - if (bytes <= 64) { - if (bytes < 64) { - for (i = 0;i < bytes;++i) ctarget[i] = c[i]; - } - x->input[12] = j12; - x->input[13] = j13; - return; - } - bytes -= 64; - c += 64; -#ifndef KEYSTREAM_ONLY - m += 64; -#endif - } -} -- cgit v1.2.3