/* LibTomCrypt, modular cryptographic library -- Tom St Denis * * LibTomCrypt is a library that provides various cryptographic * algorithms in a highly modular and flexible manner. * * The library is free for all purposes without any express * guarantee it works. * * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */#include "tomcrypt.h"/**  @file chc.c  CHC support. (Tom St Denis)*/#ifdef CHC_HASH#define UNDEFED_HASH  -17/* chc settings */static int            cipher_idx=UNDEFED_HASH,        /* which cipher */                      cipher_blocksize;               /* blocksize of cipher */const struct ltc_hash_descriptor chc_desc = {   "chc_hash", 12, 0, 0, { 0 }, 0,   &chc_init,   &chc_process,   &chc_done,   &chc_test};/**  Initialize the CHC state with a given cipher   @param cipher  The index of the cipher you wish to bind   @return CRYPT_OK if successful*/int chc_register(int cipher){   int err, kl, idx;   if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {      return err;   }   /* will it be valid? */   kl = cipher_descriptor[cipher].block_length;   /* must be >64 bit block */   if (kl <= 8) {      return CRYPT_INVALID_CIPHER;   }   /* can we use the ideal keysize? */   if ((err = cipher_descriptor[cipher].keysize(&kl)) != CRYPT_OK) {      return err;   }   /* we require that key size == block size be a valid choice */   if (kl != cipher_descriptor[cipher].block_length) {      return CRYPT_INVALID_CIPHER;   }   /* determine if chc_hash has been register_hash'ed already */   if ((err = hash_is_valid(idx = find_hash("chc_hash"))) != CRYPT_OK) {      return err;   }   /* store into descriptor */   hash_descriptor[idx].hashsize  =    hash_descriptor[idx].blocksize = cipher_descriptor[cipher].block_length;   /* store the idx and block size */   cipher_idx       = cipher;   cipher_blocksize = cipher_descriptor[cipher].block_length;   return CRYPT_OK;}/**   Initialize the hash state   @param md   The hash state you wish to initialize   @return CRYPT_OK if successful*/int chc_init(hash_state *md){   symmetric_key *key;   unsigned char  buf[MAXBLOCKSIZE];   int            err;    LTC_ARGCHK(md != NULL);   /* is the cipher valid? */   if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {      return err;   }   if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) {      return CRYPT_INVALID_CIPHER;   }   if ((key = XMALLOC(sizeof(*key))) == NULL) {      return CRYPT_MEM;   }   /* zero key and what not */      zeromem(buf, cipher_blocksize);   if ((err = cipher_descriptor[cipher_idx].setup(buf, cipher_blocksize, 0, key)) != CRYPT_OK) {      XFREE(key);      return err;   }   /* encrypt zero block */   cipher_descriptor[cipher_idx].ecb_encrypt(buf, md->chc.state, key);   /* zero other members */   md->chc.length = 0;   md->chc.curlen = 0;   zeromem(md->chc.buf, sizeof(md->chc.buf));   XFREE(key);   return CRYPT_OK;}/*    key    <= state   T0,T1  <= block   T0     <= encrypt T0   state  <= state xor T0 xor T1*/static int chc_compress(hash_state *md, unsigned char *buf){   unsigned char  T[2][MAXBLOCKSIZE];   symmetric_key *key;   int            err, x;   if ((key = XMALLOC(sizeof(*key))) == NULL) {      return CRYPT_MEM;   }   if ((err = cipher_descriptor[cipher_idx].setup(md->chc.state, cipher_blocksize, 0, key)) != CRYPT_OK) {      XFREE(key);      return err;   }   memcpy(T[1], buf, cipher_blocksize);   cipher_descriptor[cipher_idx].ecb_encrypt(buf, T[0], key);   for (x = 0; x < cipher_blocksize; x++) {       md->chc.state[x] ^= T[0][x] ^ T[1][x];   }   XFREE(key);#ifdef LTC_CLEAN_STACK   zeromem(T, sizeof(T));   zeromem(&key, sizeof(key));#endif   return CRYPT_OK;}/* function for processing blocks */int _chc_process(hash_state * md, const unsigned char *buf, unsigned long len);HASH_PROCESS(_chc_process, chc_compress, chc, (unsigned long)cipher_blocksize)/**   Process a block of memory though the hash   @param md   The hash state   @param in   The data to hash   @param inlen  The length of the data (octets)   @return CRYPT_OK if successful*/int chc_process(hash_state * md, const unsigned char *in, unsigned long inlen){   int err;   LTC_ARGCHK(md   != NULL);   LTC_ARGCHK(in  != NULL);   /* is the cipher valid? */   if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {      return err;   }   if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) {      return CRYPT_INVALID_CIPHER;   }   return _chc_process(md, in, inlen);}/**   Terminate the hash to get the digest   @param md   The hash state   @param out [out] The destination of the hash (length of the block size of the block cipher)   @return CRYPT_OK if successful*/int chc_done(hash_state *md, unsigned char *out){    int err;    LTC_ARGCHK(md   != NULL);    LTC_ARGCHK(out  != NULL);    /* is the cipher valid? */    if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {       return err;    }    if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) {       return CRYPT_INVALID_CIPHER;    }    if (md->chc.curlen >= sizeof(md->chc.buf)) {       return CRYPT_INVALID_ARG;    }    /* increase the length of the message */    md->chc.length += md->chc.curlen * 8;    /* append the '1' bit */    md->chc.buf[md->chc.curlen++] = (unsigned char)0x80;    /* if the length is currently above l-8 bytes we append zeros     * then compress.  Then we can fall back to padding zeros and length     * encoding like normal.     */    if (md->chc.curlen > (unsigned long)(cipher_blocksize - 8)) {        while (md->chc.curlen < (unsigned long)cipher_blocksize) {            md->chc.buf[md->chc.curlen++] = (unsigned char)0;        }        chc_compress(md, md->chc.buf);        md->chc.curlen = 0;    }    /* pad upto l-8 bytes of zeroes */    while (md->chc.curlen < (unsigned long)(cipher_blocksize - 8)) {        md->chc.buf[md->chc.curlen++] = (unsigned char)0;    }    /* store length */    STORE64L(md->chc.length, md->chc.buf+(cipher_blocksize-8));    chc_compress(md, md->chc.buf);    /* copy output */    XMEMCPY(out, md->chc.state, cipher_blocksize);#ifdef LTC_CLEAN_STACK    zeromem(md, sizeof(hash_state));#endif    return CRYPT_OK;}/**  Self-test the hash  @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled*/  int chc_test(void){   static const struct {      unsigned char *msg,                     md[MAXBLOCKSIZE];      int            len;   } tests[] = {{   (unsigned char *)"hello world",   { 0xcf, 0x57, 0x9d, 0xc3, 0x0a, 0x0e, 0xea, 0x61,      0x0d, 0x54, 0x47, 0xc4, 0x3c, 0x06, 0xf5, 0x4e },   16}};   int x, oldhashidx, idx;   unsigned char out[MAXBLOCKSIZE];   hash_state md;   /* AES can be under rijndael or aes... try to find it */   if ((idx = find_cipher("aes")) == -1) {      if ((idx = find_cipher("rijndael")) == -1) {         return CRYPT_NOP;      }   }   oldhashidx = cipher_idx;   chc_register(idx);   for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {       chc_init(&md);       chc_process(&md, tests[x].msg, strlen((char *)tests[x].msg));       chc_done(&md, out);       if (memcmp(out, tests[x].md, tests[x].len)) {          return CRYPT_FAIL_TESTVECTOR;       }   }   if (oldhashidx != UNDEFED_HASH) {      chc_register(oldhashidx);   }   return CRYPT_OK;}#endif/* $Source: /cvs/libtom/libtomcrypt/src/hashes/chc/chc.c,v $ *//* $Revision: 1.3 $ *//* $Date: 2005/05/05 14:35:58 $ */