You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by GitBox <gi...@apache.org> on 2022/10/20 21:22:58 UTC
[GitHub] [incubator-nuttx] pkarashchenko commented on a diff in pull request #6920: support /dev/crypto for nuttx
pkarashchenko commented on code in PR #6920:
URL: https://github.com/apache/incubator-nuttx/pull/6920#discussion_r1001084380
##########
include/crypto/xform.h:
##########
@@ -0,0 +1,120 @@
+/****************************************************************************
+ * include/crypto/xform.h
+ * $OpenBSD: xform.h,v 1.32 2021/10/22 12:30:53 bluhm Exp $
+ *
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ ****************************************************************************/
+
+#ifndef __INCLUDE_CRYPTO_XFORM_H
+#define __INCLUDE_CRYPTO_XFORM_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+#include <crypto/md5.h>
+#include <crypto/sha1.h>
+#include <crypto/rmd160.h>
+#include <crypto/sha2.h>
+#include <crypto/gmac.h>
+
+#define AESCTR_NONCESIZE 4
+#define AESCTR_IVSIZE 8
+#define AESCTR_BLOCKSIZE 16
+
+#define AES_XTS_BLOCKSIZE 16
+#define AES_XTS_IVSIZE 8
+#define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */
+
+/* Declarations */
+
+struct auth_hash
+{
+ int type;
+ FAR char *name;
+ uint16_t keysize;
+ uint16_t hashsize;
+ uint16_t authsize;
+ uint16_t ctxsize;
+ uint16_t blocksize;
+ void (*init) (FAR void *);
+ void (*setkey) (FAR void *, FAR const uint8_t *, uint16_t);
+ void (*reinit) (FAR void *, FAR const uint8_t *, uint16_t);
+ int (*update) (FAR void *, FAR const uint8_t *, uint16_t);
+ void (*final) (FAR uint8_t *, FAR void *);
+};
+
+struct enc_xform
+{
+ int type;
+ FAR char *name;
+ uint16_t blocksize;
+ uint16_t ivsize;
+ uint16_t minkey;
+ uint16_t maxkey;
+ uint16_t ctxsize;
+ void (*encrypt) (caddr_t, FAR uint8_t *);
+ void (*decrypt) (caddr_t, FAR uint8_t *);
+ int (*setkey) (void *, FAR uint8_t *, int len);
+ void (*reinit) (caddr_t, FAR uint8_t *);
Review Comment:
```suggestion
CODE void (*encrypt) (caddr_t, FAR uint8_t *);
CODE void (*decrypt) (caddr_t, FAR uint8_t *);
CODE int (*setkey) (void *, FAR uint8_t *, int len);
CODE void (*reinit) (caddr_t, FAR uint8_t *);
```
##########
include/crypto/xform.h:
##########
@@ -0,0 +1,120 @@
+/****************************************************************************
+ * include/crypto/xform.h
+ * $OpenBSD: xform.h,v 1.32 2021/10/22 12:30:53 bluhm Exp $
+ *
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ ****************************************************************************/
+
+#ifndef __INCLUDE_CRYPTO_XFORM_H
+#define __INCLUDE_CRYPTO_XFORM_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+#include <crypto/md5.h>
+#include <crypto/sha1.h>
+#include <crypto/rmd160.h>
+#include <crypto/sha2.h>
+#include <crypto/gmac.h>
+
+#define AESCTR_NONCESIZE 4
+#define AESCTR_IVSIZE 8
+#define AESCTR_BLOCKSIZE 16
+
+#define AES_XTS_BLOCKSIZE 16
+#define AES_XTS_IVSIZE 8
+#define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */
+
+/* Declarations */
+
+struct auth_hash
+{
+ int type;
+ FAR char *name;
+ uint16_t keysize;
+ uint16_t hashsize;
+ uint16_t authsize;
+ uint16_t ctxsize;
+ uint16_t blocksize;
+ void (*init) (FAR void *);
+ void (*setkey) (FAR void *, FAR const uint8_t *, uint16_t);
+ void (*reinit) (FAR void *, FAR const uint8_t *, uint16_t);
+ int (*update) (FAR void *, FAR const uint8_t *, uint16_t);
+ void (*final) (FAR uint8_t *, FAR void *);
Review Comment:
```suggestion
CODE void (*init) (FAR void *);
CODE void (*setkey) (FAR void *, FAR const uint8_t *, uint16_t);
CODE void (*reinit) (FAR void *, FAR const uint8_t *, uint16_t);
CODE int (*update) (FAR void *, FAR const uint8_t *, uint16_t);
void (*final) (FAR uint8_t *, FAR void *);
```
##########
include/crypto/xform.h:
##########
@@ -0,0 +1,120 @@
+/****************************************************************************
+ * include/crypto/xform.h
+ * $OpenBSD: xform.h,v 1.32 2021/10/22 12:30:53 bluhm Exp $
+ *
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ ****************************************************************************/
+
+#ifndef __INCLUDE_CRYPTO_XFORM_H
+#define __INCLUDE_CRYPTO_XFORM_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+#include <crypto/md5.h>
+#include <crypto/sha1.h>
+#include <crypto/rmd160.h>
+#include <crypto/sha2.h>
+#include <crypto/gmac.h>
+
+#define AESCTR_NONCESIZE 4
+#define AESCTR_IVSIZE 8
+#define AESCTR_BLOCKSIZE 16
+
+#define AES_XTS_BLOCKSIZE 16
+#define AES_XTS_IVSIZE 8
+#define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */
+
+/* Declarations */
+
+struct auth_hash
+{
+ int type;
+ FAR char *name;
+ uint16_t keysize;
+ uint16_t hashsize;
+ uint16_t authsize;
+ uint16_t ctxsize;
+ uint16_t blocksize;
+ void (*init) (FAR void *);
+ void (*setkey) (FAR void *, FAR const uint8_t *, uint16_t);
+ void (*reinit) (FAR void *, FAR const uint8_t *, uint16_t);
+ int (*update) (FAR void *, FAR const uint8_t *, uint16_t);
+ void (*final) (FAR uint8_t *, FAR void *);
+};
+
+struct enc_xform
+{
+ int type;
+ FAR char *name;
+ uint16_t blocksize;
+ uint16_t ivsize;
+ uint16_t minkey;
+ uint16_t maxkey;
+ uint16_t ctxsize;
+ void (*encrypt) (caddr_t, FAR uint8_t *);
+ void (*decrypt) (caddr_t, FAR uint8_t *);
+ int (*setkey) (void *, FAR uint8_t *, int len);
+ void (*reinit) (caddr_t, FAR uint8_t *);
+};
+
+struct comp_algo
+{
+ int type;
+ FAR char *name;
+ size_t minlen;
+ uint32_t (*compress) (FAR uint8_t *, uint32_t, FAR uint8_t **);
+ uint32_t (*decompress) (FAR uint8_t *, uint32_t, FAR uint8_t **);
Review Comment:
```suggestion
CODE uint32_t (*compress) (FAR uint8_t *, uint32_t, FAR uint8_t **);
CODE uint32_t (*decompress) (FAR uint8_t *, uint32_t, FAR uint8_t **);
```
##########
include/crypto/cryptosoft.h:
##########
@@ -0,0 +1,94 @@
+/****************************************************************************
+ * include/crypto/cryptosoft.h
+ * $OpenBSD: cryptosoft.h,v 1.16 2021/07/09 15:29:55 bluhm Exp $
+ *
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ *
+ ****************************************************************************/
+
+#ifndef __INCLUDE_CRYPTO_CRYPTOSOFT_H
+#define __INCLUDE_CRYPTO_CRYPTOSOFT_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/queue.h>
+#include <crypto/cryptodev.h>
+
+/* Software session entry */
+
+struct swcr_data
+{
+ int sw_alg; /* Algorithm */
+ union
+ {
+ struct
+ {
+ FAR uint8_t *ictx;
+ FAR uint8_t *octx;
+ uint32_t klen;
+ FAR const struct auth_hash *axf;
+ } SWCR_AUTH;
+
+ struct
+ {
+ FAR uint8_t *kschedule;
+ FAR const struct enc_xform *exf;
+ } SWCR_ENC;
+
+ struct
+ {
+ uint32_t size;
+ FAR const struct comp_algo *cxf;
+ } SWCR_COMP;
+ } SWCR_UN;
+
+#define sw_ictx SWCR_UN.SWCR_AUTH.ictx
+#define sw_octx SWCR_UN.SWCR_AUTH.octx
+#define sw_klen SWCR_UN.SWCR_AUTH.klen
+#define sw_axf SWCR_UN.SWCR_AUTH.axf
+#define sw_kschedule SWCR_UN.SWCR_ENC.kschedule
+#define sw_exf SWCR_UN.SWCR_ENC.exf
+#define sw_size SWCR_UN.SWCR_COMP.size
+#define sw_cxf SWCR_UN.SWCR_COMP.cxf
+
+ SLIST_ENTRY(swcr_data) sw_next;
+};
+SLIST_HEAD(swcr_list, swcr_data);
+
+extern const uint8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN];
+extern const uint8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN];
+
+int swcr_encdec(FAR struct cryptop *, FAR struct cryptodesc *,
+ FAR struct swcr_data *, caddr_t,
+ int);
Review Comment:
```suggestion
int swcr_encdec(FAR struct cryptop *, FAR struct cryptodesc *,
FAR struct swcr_data *, caddr_t, int);
```
##########
include/crypto/cryptosoft.h:
##########
@@ -0,0 +1,94 @@
+/****************************************************************************
+ * include/crypto/cryptosoft.h
+ * $OpenBSD: cryptosoft.h,v 1.16 2021/07/09 15:29:55 bluhm Exp $
+ *
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ *
+ ****************************************************************************/
+
+#ifndef __INCLUDE_CRYPTO_CRYPTOSOFT_H
+#define __INCLUDE_CRYPTO_CRYPTOSOFT_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/queue.h>
+#include <crypto/cryptodev.h>
+
+/* Software session entry */
+
+struct swcr_data
+{
+ int sw_alg; /* Algorithm */
+ union
+ {
+ struct
+ {
+ FAR uint8_t *ictx;
+ FAR uint8_t *octx;
+ uint32_t klen;
+ FAR const struct auth_hash *axf;
+ } SWCR_AUTH;
+
+ struct
+ {
+ FAR uint8_t *kschedule;
+ FAR const struct enc_xform *exf;
+ } SWCR_ENC;
+
+ struct
+ {
+ uint32_t size;
+ FAR const struct comp_algo *cxf;
+ } SWCR_COMP;
+ } SWCR_UN;
+
+#define sw_ictx SWCR_UN.SWCR_AUTH.ictx
+#define sw_octx SWCR_UN.SWCR_AUTH.octx
+#define sw_klen SWCR_UN.SWCR_AUTH.klen
+#define sw_axf SWCR_UN.SWCR_AUTH.axf
+#define sw_kschedule SWCR_UN.SWCR_ENC.kschedule
+#define sw_exf SWCR_UN.SWCR_ENC.exf
+#define sw_size SWCR_UN.SWCR_COMP.size
+#define sw_cxf SWCR_UN.SWCR_COMP.cxf
+
+ SLIST_ENTRY(swcr_data) sw_next;
+};
+SLIST_HEAD(swcr_list, swcr_data);
+
+extern const uint8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN];
+extern const uint8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN];
+
+int swcr_encdec(FAR struct cryptop *, FAR struct cryptodesc *,
+ FAR struct swcr_data *, caddr_t,
+ int);
+int swcr_authcompute(FAR struct cryptop *, FAR struct cryptodesc *,
+ FAR struct swcr_data *,
+ caddr_t, int);
Review Comment:
```suggestion
int swcr_authcompute(FAR struct cryptop *, FAR struct cryptodesc *,
FAR struct swcr_data *, caddr_t, int);
```
##########
include/crypto/cryptodev.h:
##########
@@ -0,0 +1,276 @@
+/****************************************************************************
+ * include/crypto/cryptodev.h
+ * $OpenBSD: cryptodev.h,v 1.82 2022/05/03 09:18:11 claudio Exp $
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ *
+ * Copyright (c) 2001 Theo de Raadt
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Effort sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F30602-01-2-0537.
+ *
+ ****************************************************************************/
+#ifndef __INCLUDE_CRYPTO_CRYPTODEV_H
+#define __INCLUDE_CRYPTO_CRYPTODEV_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+/* Some initial values */
+
+#define CRYPTO_DRIVERS_INITIAL 4
+#define CRYPTO_DRIVERS_MAX 128
+#define CRYPTO_SW_SESSIONS 32
+
+/* HMAC values */
+#define HMAC_MD5_BLOCK_LEN 64
+#define HMAC_SHA1_BLOCK_LEN 64
+#define HMAC_RIPEMD160_BLOCK_LEN 64
+#define HMAC_SHA2_256_BLOCK_LEN 64
+#define HMAC_SHA2_384_BLOCK_LEN 128
+#define HMAC_SHA2_512_BLOCK_LEN 128
+#define HMAC_MAX_BLOCK_LEN HMAC_SHA2_512_BLOCK_LEN
+
+/* keep in sync */
+
+#define HMAC_IPAD_VAL 0x36
+#define HMAC_OPAD_VAL 0x5C
+
+/* Encryption algorithm block sizes */
+#define DES3_BLOCK_LEN 8
+#define BLOWFISH_BLOCK_LEN 8
+#define CAST128_BLOCK_LEN 8
+#define RIJNDAEL128_BLOCK_LEN 16
+#define CHACHA20_BLOCK_LEN 64
+#define EALG_MAX_BLOCK_LEN 64
+
+/* Keep this updated */
+
+#define CRYPTO_MAX_MAC_LEN 20
+
+/* Maximum hash algorithm result length */
+#define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
+
+#define CRYPTO_3DES_CBC 1
+#define CRYPTO_BLF_CBC 2
+#define CRYPTO_CAST_CBC 3
+#define CRYPTO_MD5_HMAC 4
+#define CRYPTO_SHA1_HMAC 5
+#define CRYPTO_RIPEMD160_HMAC 6
+#define CRYPTO_RIJNDAEL128_CBC 7 /* 128 bit blocksize */
+#define CRYPTO_AES_CBC 7 /* 128 bit blocksize -- the same as above */
+#define CRYPTO_DEFLATE_COMP 8 /* Deflate compression algorithm */
+#define CRYPTO_NULL 9
+#define CRYPTO_SHA2_256_HMAC 11
+#define CRYPTO_SHA2_384_HMAC 12
+#define CRYPTO_SHA2_512_HMAC 13
+#define CRYPTO_AES_CTR 14
+#define CRYPTO_AES_XTS 15
+#define CRYPTO_AES_GCM_16 16
+#define CRYPTO_AES_128_GMAC 17
+#define CRYPTO_AES_192_GMAC 18
+#define CRYPTO_AES_256_GMAC 19
+#define CRYPTO_AES_GMAC 20
+#define CRYPTO_CHACHA20_POLY1305 21
+#define CRYPTO_CHACHA20_POLY1305_MAC 22
+#define CRYPTO_ESN 23 /* Support for Extended Sequence Numbers */
+#define CRYPTO_ALGORITHM_MAX 23
+/* Keep updated */
+
+#define CIOCGSESSION 101
+#define CIOCFSESSION 102
+#define CIOCCRYPT 103
+
+/* Algorithm flags */
+#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
+
+/* Standard initialization structure beginning */
+
+struct cryptoini
+{
+ int cri_alg; /* Algorithm to use */
+ int cri_klen; /* Key length, in bits */
+ int cri_rnd; /* Algorithm rounds, where relevant */
+ caddr_t cri_key; /* key to use */
+ union
+ {
+ uint8_t iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
+ uint8_t esn[4]; /* high-order ESN */
+ } u;
+ #define cri_iv u.iv
+ #define cri_esn u.esn
+ FAR struct cryptoini *cri_next;
+};
+
+/* Describe boundaries of a single crypto operation */
+
+struct cryptodesc
+{
+ int crd_skip; /* How many bytes to ignore from start */
+ int crd_len; /* How many bytes to process */
+ int crd_inject; /* Where to inject results, if applicable */
+ int crd_flags;
+
+ #define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */
+ #define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in
+ * place, so don't copy.
+ */
+ #define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */
+ #define CRD_F_COMP 0x10 /* Set when doing compression */
+ #define CRD_F_ESN 0x20 /* Set when ESN field is provided */
+
+ struct cryptoini CRD_INI; /* Initialization/context data */
+ #define crd_esn CRD_INI.cri_esn
+ #define crd_iv CRD_INI.cri_iv
+ #define crd_key CRD_INI.cri_key
+ #define crd_rnd CRD_INI.cri_rnd
+ #define crd_alg CRD_INI.cri_alg
+ #define crd_klen CRD_INI.cri_klen
+};
+
+/* Structure describing complete operation */
+
+struct cryptop
+{
+ uint64_t crp_sid; /* Session ID */
+ int crp_ilen; /* Input data total length */
+ int crp_olen; /* Result total length */
+ int crp_alloctype; /* Type of buf to allocate if needed */
+
+ int crp_etype;
+ /* Error type (zero means no error).
+ * All error codes except EAGAIN
+ * indicate possible data corruption (as in,
+ * the data have been touched). On all
+ * errors, the crp_sid may have changed
+ * (reset to a new one), so the caller
+ * should always check and use the new
+ * value on future requests.
+ */
+
+ int crp_flags;
+
+#define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains, otherwise contig */
+#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */
+
+ FAR void *crp_buf; /* Data to be processed */
+
+ FAR struct cryptodesc *crp_desc; /* List of processing descriptors */
+ struct cryptodesc crp_sdesc[2]; /* Static array for small ops */
+ int crp_ndesc; /* Amount of descriptors to use */
+ int crp_ndescalloc; /* Amount of descriptors allocated */
+ FAR void *crp_opaque; /* Opaque pointer, passed along */
+
+ caddr_t crp_mac;
+ caddr_t crp_dst;
+};
+
+struct cryptocap
+{
+ uint64_t cc_operations; /* Counter of how many ops done */
+ uint64_t cc_bytes; /* Counter of how many bytes done */
+
+ uint32_t cc_sessions; /* How many sessions allocated */
+
+ /* Symmetric/hash algorithms supported */
+
+ int cc_alg[CRYPTO_ALGORITHM_MAX + 1];
+ int cc_queued; /* Operations queued */
+
+ uint8_t cc_flags;
+#define CRYPTOCAP_F_CLEANUP 0x01
+#define CRYPTOCAP_F_SOFTWARE 0x02
+#define CRYPTOCAP_F_ENCRYPT_MAC 0x04 /* Can do encrypt-then-MAC (IPsec) */
+#define CRYPTOCAP_F_MAC_ENCRYPT 0x08 /* Can do MAC-then-encrypt (TLS) */
+
+ CODE int (*cc_newsession) (FAR uint32_t *, FAR struct cryptoini *);
+ CODE int (*cc_process) (FAR struct cryptop *);
+ CODE int (*cc_freesession) (uint64_t);
Review Comment:
```suggestion
CODE int (*cc_newsession)(FAR uint32_t *, FAR struct cryptoini *);
CODE int (*cc_process)(FAR struct cryptop *);
CODE int (*cc_freesession)(uint64_t);
```
##########
include/crypto/cryptodev.h:
##########
@@ -0,0 +1,276 @@
+/****************************************************************************
+ * include/crypto/cryptodev.h
+ * $OpenBSD: cryptodev.h,v 1.82 2022/05/03 09:18:11 claudio Exp $
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ *
+ * Copyright (c) 2001 Theo de Raadt
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Effort sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F30602-01-2-0537.
+ *
+ ****************************************************************************/
+#ifndef __INCLUDE_CRYPTO_CRYPTODEV_H
+#define __INCLUDE_CRYPTO_CRYPTODEV_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+/* Some initial values */
+
+#define CRYPTO_DRIVERS_INITIAL 4
+#define CRYPTO_DRIVERS_MAX 128
+#define CRYPTO_SW_SESSIONS 32
+
+/* HMAC values */
+#define HMAC_MD5_BLOCK_LEN 64
+#define HMAC_SHA1_BLOCK_LEN 64
+#define HMAC_RIPEMD160_BLOCK_LEN 64
+#define HMAC_SHA2_256_BLOCK_LEN 64
+#define HMAC_SHA2_384_BLOCK_LEN 128
+#define HMAC_SHA2_512_BLOCK_LEN 128
+#define HMAC_MAX_BLOCK_LEN HMAC_SHA2_512_BLOCK_LEN
+
+/* keep in sync */
+
+#define HMAC_IPAD_VAL 0x36
+#define HMAC_OPAD_VAL 0x5C
+
+/* Encryption algorithm block sizes */
+#define DES3_BLOCK_LEN 8
+#define BLOWFISH_BLOCK_LEN 8
+#define CAST128_BLOCK_LEN 8
+#define RIJNDAEL128_BLOCK_LEN 16
+#define CHACHA20_BLOCK_LEN 64
+#define EALG_MAX_BLOCK_LEN 64
+
+/* Keep this updated */
+
+#define CRYPTO_MAX_MAC_LEN 20
+
+/* Maximum hash algorithm result length */
+#define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
+
+#define CRYPTO_3DES_CBC 1
+#define CRYPTO_BLF_CBC 2
+#define CRYPTO_CAST_CBC 3
+#define CRYPTO_MD5_HMAC 4
+#define CRYPTO_SHA1_HMAC 5
+#define CRYPTO_RIPEMD160_HMAC 6
+#define CRYPTO_RIJNDAEL128_CBC 7 /* 128 bit blocksize */
+#define CRYPTO_AES_CBC 7 /* 128 bit blocksize -- the same as above */
+#define CRYPTO_DEFLATE_COMP 8 /* Deflate compression algorithm */
+#define CRYPTO_NULL 9
+#define CRYPTO_SHA2_256_HMAC 11
+#define CRYPTO_SHA2_384_HMAC 12
+#define CRYPTO_SHA2_512_HMAC 13
+#define CRYPTO_AES_CTR 14
+#define CRYPTO_AES_XTS 15
+#define CRYPTO_AES_GCM_16 16
+#define CRYPTO_AES_128_GMAC 17
+#define CRYPTO_AES_192_GMAC 18
+#define CRYPTO_AES_256_GMAC 19
+#define CRYPTO_AES_GMAC 20
+#define CRYPTO_CHACHA20_POLY1305 21
+#define CRYPTO_CHACHA20_POLY1305_MAC 22
+#define CRYPTO_ESN 23 /* Support for Extended Sequence Numbers */
+#define CRYPTO_ALGORITHM_MAX 23
+/* Keep updated */
+
+#define CIOCGSESSION 101
+#define CIOCFSESSION 102
+#define CIOCCRYPT 103
+
+/* Algorithm flags */
+#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
+
+/* Standard initialization structure beginning */
+
+struct cryptoini
+{
+ int cri_alg; /* Algorithm to use */
+ int cri_klen; /* Key length, in bits */
+ int cri_rnd; /* Algorithm rounds, where relevant */
+ caddr_t cri_key; /* key to use */
+ union
+ {
+ uint8_t iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
+ uint8_t esn[4]; /* high-order ESN */
+ } u;
+ #define cri_iv u.iv
+ #define cri_esn u.esn
+ FAR struct cryptoini *cri_next;
+};
+
+/* Describe boundaries of a single crypto operation */
+
+struct cryptodesc
+{
+ int crd_skip; /* How many bytes to ignore from start */
+ int crd_len; /* How many bytes to process */
+ int crd_inject; /* Where to inject results, if applicable */
+ int crd_flags;
+
+ #define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */
+ #define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in
+ * place, so don't copy.
+ */
+ #define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */
+ #define CRD_F_COMP 0x10 /* Set when doing compression */
+ #define CRD_F_ESN 0x20 /* Set when ESN field is provided */
+
+ struct cryptoini CRD_INI; /* Initialization/context data */
+ #define crd_esn CRD_INI.cri_esn
+ #define crd_iv CRD_INI.cri_iv
+ #define crd_key CRD_INI.cri_key
+ #define crd_rnd CRD_INI.cri_rnd
+ #define crd_alg CRD_INI.cri_alg
+ #define crd_klen CRD_INI.cri_klen
+};
+
+/* Structure describing complete operation */
+
+struct cryptop
+{
+ uint64_t crp_sid; /* Session ID */
+ int crp_ilen; /* Input data total length */
+ int crp_olen; /* Result total length */
+ int crp_alloctype; /* Type of buf to allocate if needed */
+
+ int crp_etype;
+ /* Error type (zero means no error).
+ * All error codes except EAGAIN
+ * indicate possible data corruption (as in,
+ * the data have been touched). On all
+ * errors, the crp_sid may have changed
+ * (reset to a new one), so the caller
+ * should always check and use the new
+ * value on future requests.
+ */
+
+ int crp_flags;
+
+#define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains, otherwise contig */
+#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */
+
+ FAR void *crp_buf; /* Data to be processed */
+
+ FAR struct cryptodesc *crp_desc; /* List of processing descriptors */
+ struct cryptodesc crp_sdesc[2]; /* Static array for small ops */
+ int crp_ndesc; /* Amount of descriptors to use */
+ int crp_ndescalloc; /* Amount of descriptors allocated */
+ FAR void *crp_opaque; /* Opaque pointer, passed along */
+
+ caddr_t crp_mac;
+ caddr_t crp_dst;
+};
+
+struct cryptocap
+{
+ uint64_t cc_operations; /* Counter of how many ops done */
+ uint64_t cc_bytes; /* Counter of how many bytes done */
+
+ uint32_t cc_sessions; /* How many sessions allocated */
+
+ /* Symmetric/hash algorithms supported */
+
+ int cc_alg[CRYPTO_ALGORITHM_MAX + 1];
+ int cc_queued; /* Operations queued */
+
+ uint8_t cc_flags;
+#define CRYPTOCAP_F_CLEANUP 0x01
+#define CRYPTOCAP_F_SOFTWARE 0x02
+#define CRYPTOCAP_F_ENCRYPT_MAC 0x04 /* Can do encrypt-then-MAC (IPsec) */
+#define CRYPTOCAP_F_MAC_ENCRYPT 0x08 /* Can do MAC-then-encrypt (TLS) */
+
+ CODE int (*cc_newsession) (FAR uint32_t *, FAR struct cryptoini *);
+ CODE int (*cc_process) (FAR struct cryptop *);
+ CODE int (*cc_freesession) (uint64_t);
+};
+
+struct session_op
+{
+ uint32_t cipher; /* ie. CRYPTO_AES_EBC */
+ uint32_t mac;
+ uint32_t keylen; /* cipher key */
+ caddr_t key;
+ int mackeylen; /* mac key */
+ caddr_t mackey;
+
+ uint32_t ses; /* returns: session # */
+};
+
+struct crypt_op
+{
+ uint32_t ses;
+
+#define COP_ENCRYPT 1
+#define COP_DECRYPT 2
+
+ uint16_t op; /* i.e. COP_ENCRYPT */
+
+ uint16_t flags;
+ unsigned len;
+ caddr_t src, dst; /* become iov[] inside kernel */
+ caddr_t mac; /* must be big enough for chosen MAC */
+ caddr_t iv;
+};
+
+int crypto_newsession(FAR uint64_t *, FAR struct cryptoini *, int);
+int crypto_freesession(uint64_t);
+int crypto_register(uint32_t, FAR int *,
+ int (*)(FAR uint32_t *, FAR struct cryptoini *),
+ int (*)(uint64_t),
+ int (*)(FAR struct cryptop *));
Review Comment:
```suggestion
int crypto_register(uint32_t, FAR int *,
CODE int (*)(FAR uint32_t *, FAR struct cryptoini *),
CODE int (*)(uint64_t),
CODE int (*)(FAR struct cryptop *));
```
##########
include/crypto/blf.h:
##########
@@ -0,0 +1,97 @@
+/****************************************************************************
+ * include/crypto/blf.h
+ * $OpenBSD: blf.h,v 1.7 2021/11/29 01:04:45 djm Exp $
+ *
+ * Blowfish - a fast block cipher designed by Bruce Schneier
+ *
+ * Copyright 1997 Niels Provos <pr...@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ ****************************************************************************/
+
+#ifndef __INCLUDE_CRYPTO_BLF_H
+#define __INCLUDE_CRYPTO_BLF_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+/* Schneier states the maximum key length to be 56 bytes.
+ * The way how the subkeys are initialized by the key up
+ * to (N+2)*4 i.e. 72 bytes are utilized.
+ * Warning: For normal blowfish encryption only 56 bytes
+ * of the key affect all cipherbits.
+ */
+
+#define BLF_N 16 /* Number of Subkeys */
+#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */
+#define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */
Review Comment:
```suggestion
#define BLF_MAXKEYLEN ((BLF_N - 2) * 4) /* 448 bits */
#define BLF_MAXUTILIZED ((BLF_N + 2) * 4) /* 576 bits */
```
##########
include/crypto/aes.h:
##########
@@ -0,0 +1,65 @@
+/****************************************************************************
+ * include/crypto/aes.h
+ * $OpenBSD: aes.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $
+ *
+ * Copyright (c) 2016 Thomas Pornin <po...@bolet.org>
+ * Copyright (c) 2016 Mike Belopuhov
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ ****************************************************************************/
+
+#ifndef __INCLUDE_CRYPTO_AES_H
+#define __INCLUDE_CRYPTO_AES_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+#ifndef AES_MAXROUNDS
+#define AES_MAXROUNDS (14)
+#endif
+
+typedef struct aes_ctx
+{
+ uint32_t sk[60];
+ uint32_t sk_exp[120];
+
+ unsigned num_rounds;
+} AES_CTX;
+
+int aes_setkey(FAR AES_CTX *, FAR const uint8_t *, int);
+void aes_encrypt(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *);
+void aes_decrypt(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *);
+void aes_encrypt_ecb(FAR AES_CTX *,
+ FAR const uint8_t *,
+ FAR uint8_t *,
+ size_t);
+void aes_decrypt_ecb(FAR AES_CTX *,
+ FAR const uint8_t *,
+ FAR uint8_t *,
+ size_t);
Review Comment:
```suggestion
void aes_decrypt_ecb(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *,
size_t);
```
##########
include/crypto/blf.h:
##########
@@ -0,0 +1,97 @@
+/****************************************************************************
+ * include/crypto/blf.h
+ * $OpenBSD: blf.h,v 1.7 2021/11/29 01:04:45 djm Exp $
+ *
+ * Blowfish - a fast block cipher designed by Bruce Schneier
+ *
+ * Copyright 1997 Niels Provos <pr...@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ ****************************************************************************/
+
+#ifndef __INCLUDE_CRYPTO_BLF_H
+#define __INCLUDE_CRYPTO_BLF_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+/* Schneier states the maximum key length to be 56 bytes.
+ * The way how the subkeys are initialized by the key up
+ * to (N+2)*4 i.e. 72 bytes are utilized.
+ * Warning: For normal blowfish encryption only 56 bytes
+ * of the key affect all cipherbits.
+ */
+
+#define BLF_N 16 /* Number of Subkeys */
+#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */
+#define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */
+
+/* Blowfish context */
+
+typedef struct blowfishcontext
+{
+ uint32_t S[4][256]; /* S-Boxes */
+ uint32_t P[BLF_N + 2]; /* Subkeys */
+}
+blf_ctx;
+
+/* Raw access to customized Blowfish
+ * blf_key is just:
+ * Blowfish_initstate( state )
+ * Blowfish_expand0state( state, key, keylen )
+ */
+
+void blowfish_encipher(FAR blf_ctx *, FAR uint32_t *);
+void blowfish_decipher(FAR blf_ctx *, FAR uint32_t *);
+void blowfish_initstate(FAR blf_ctx *);
+void blowfish_expand0state(FAR blf_ctx *, FAR const uint8_t *, uint16_t);
+void blowfish_expandstate(FAR blf_ctx *, FAR const uint8_t *,
+ uint16_t, FAR const uint8_t *, uint16_t);
+
+/* Standard Blowfish */
+
+void blf_key(FAR blf_ctx *, FAR const uint8_t *, uint16_t);
+void blf_enc(FAR blf_ctx *, FAR uint32_t *, uint16_t);
+void blf_dec(FAR blf_ctx *, FAR uint32_t *, uint16_t);
+
+/* Converts uint8_t to uint32_t */
+
+uint32_t blowfish_stream2word(FAR const uint8_t *, uint16_t ,
+ FAR uint16_t *);
+
+void blf_ecb_encrypt(FAR blf_ctx *, FAR uint8_t *, uint32_t);
+void blf_ecb_decrypt(FAR blf_ctx *, FAR uint8_t *, uint32_t);
+
+void blf_cbc_encrypt(FAR blf_ctx *,
+ FAR uint8_t *,
+ FAR uint8_t *,
+ uint32_t);
Review Comment:
```suggestion
void blf_cbc_encrypt(FAR blf_ctx *, FAR uint8_t *, FAR uint8_t *,
uint32_t);
```
##########
include/crypto/aes.h:
##########
@@ -0,0 +1,65 @@
+/****************************************************************************
+ * include/crypto/aes.h
+ * $OpenBSD: aes.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $
+ *
+ * Copyright (c) 2016 Thomas Pornin <po...@bolet.org>
+ * Copyright (c) 2016 Mike Belopuhov
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ ****************************************************************************/
+
+#ifndef __INCLUDE_CRYPTO_AES_H
+#define __INCLUDE_CRYPTO_AES_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+#ifndef AES_MAXROUNDS
+#define AES_MAXROUNDS (14)
Review Comment:
```suggestion
# define AES_MAXROUNDS (14)
```
##########
crypto/sha2.c:
##########
@@ -0,0 +1,1059 @@
+/****************************************************************************
+ * crypto/sha2.c
+ * $OpenBSD: sha2.c,v 1.19 2021/03/12 10:22:46 jsg Exp $
+ * FILE: sha2.c
+ * AUTHOR: Aaron D. Gifford <me...@aarongifford.com>
+ *
+ * Copyright (c) 2000-2001, Aaron D. Gifford
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <string.h>
+#include <sys/time.h>
+#include <crypto/sha2.h>
+
+/* UNROLLED TRANSFORM LOOP NOTE:
+ * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
+ * loop version for the hash transform rounds (defined using macros
+ * later in this file). Either define on the command line, for example:
+ *
+ * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
+ *
+ * or define below:
+ *
+ * #define SHA2_UNROLL_TRANSFORM
+ *
+ */
+
+#ifndef SMALL_KERNEL
+#if defined(__amd64__) || defined(__i386__)
+#define SHA2_UNROLL_TRANSFORM
+#endif
+#endif
+
+/* SHA-256/384/512 Machine Architecture Definitions */
+
+/* BYTE_ORDER NOTE:
+ *
+ * Please make sure that your system defines BYTE_ORDER. If your
+ * architecture is little-endian, make sure it also defines
+ * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
+ * equivalent.
+ *
+ * If your system does not define the above, then you can do so by
+ * hand like this:
+ *
+ * #define LITTLE_ENDIAN 1234
+ * #define BIG_ENDIAN 4321
+ *
+ * And for little-endian machines, add:
+ *
+ * #define BYTE_ORDER LITTLE_ENDIAN
+ *
+ * Or for big-endian machines:
+ *
+ * #define BYTE_ORDER BIG_ENDIAN
+ *
+ * The FreeBSD machine this was written on defines BYTE_ORDER
+ * appropriately by including <sys/types.h> (which in turn includes
+ * <machine/endian.h> where the appropriate definitions are actually
+ * made).
+ */
+
+#if !defined(BYTE_ORDER) || \
+ (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
+#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
+#endif
+
+/* SHA-256/384/512 Various Length Definitions */
+
+/* NOTE: Most of these are in sha2.h */
+
+#define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8)
+#define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16)
+#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
+
+/* Macro for incrementally adding the unsigned 64-bit integer n to the
+ * unsigned 128-bit integer (represented using a two-element array of
+ * 64-bit words):
+ */
+
+#define ADDINC128(w,n) { \
+ (w)[0] += (uint64_t)(n); \
+ if ((w)[0] < (n)) { \
+ (w)[1]++; \
+ } \
+}
Review Comment:
```suggestion
#define ADDINC128(w,n) \
do \
{ \
(w)[0] += (uint64_t)(n); \
if ((w)[0] < (n)) \
{ \
(w)[1]++; \
} \
} \
while(0)
```
##########
crypto/sha1.c:
##########
@@ -0,0 +1,278 @@
+/****************************************************************************
+ * crypto/sha1.c
+ * $OpenBSD: sha1.c,v 1.11 2014/12/28 10:04:35 tedu Exp $
+ *
+ * SHA-1 in C
+ * By Steve Reid <st...@edmweb.com>
+ * 100% Public Domain
+ *
+ * Test Vectors (from FIPS PUB 180-1)
+ * "abc"
+ * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
+ * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
+ * A million repetitions of "a"
+ * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <string.h>
+#include <sys/param.h>
+
+#include <crypto/sha1.h>
+
+/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
+
+/* #define SHA1HANDSOFF * Copies data before messing with it. */
+
+#define SHA1HANDSOFF
+
+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+/* blk0() and blk() perform the initial expand. */
+
+/* I got the idea of expanding during the round function from SSLeay */
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define blk0(i) (block->l[i] = (rol(block->l[i] , 24) & 0xff00ff00) \
+ | (rol(block->l[i], 8) & 0x00ff00ff))
+#else
+#define blk0(i) block->l[i]
+#endif
+#define blk(i) (block->l[i & 15] = \
+ rol(block->l[(i + 13) & 15] ^ block->l[(i + 8) & 15] \
+ ^ block->l[(i + 2) & 15] ^ block->l[i & 15], 1))
+
+/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
+#define R0(v,w,x,y,z,i) z += ((w & (x ^ y)) ^ y) \
+ + blk0(i) + 0x5a827999 + rol(v, 5); \
+ w = rol(w, 30);
+#define R1(v,w,x,y,z,i) z += ((w & (x ^ y)) ^y) \
+ + blk(i) + 0x5a827999 + rol(v, 5); \
+ w = rol(w, 30);
+#define R2(v,w,x,y,z,i) z += (w ^ x ^ y) \
+ + blk(i) + 0x6ed9eba1 + rol(v, 5); \
+ w = rol(w,30);
+#define R3(v,w,x,y,z,i) z += (((w | x) & y) | (w & x)) \
+ + blk(i)+ 0x8f1bbcdc + rol(v, 5); \
+ w = rol(w, 30);
+#define R4(v,w,x,y,z,i) z += (w ^ x ^y) \
+ + blk(i) + 0xca62c1d6 + rol(v, 5); \
+ w=rol(w, 30);
Review Comment:
Maybe wrap with `do {} while(0)`?
##########
crypto/sha1.c:
##########
@@ -0,0 +1,278 @@
+/****************************************************************************
+ * crypto/sha1.c
+ * $OpenBSD: sha1.c,v 1.11 2014/12/28 10:04:35 tedu Exp $
+ *
+ * SHA-1 in C
+ * By Steve Reid <st...@edmweb.com>
+ * 100% Public Domain
+ *
+ * Test Vectors (from FIPS PUB 180-1)
+ * "abc"
+ * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
+ * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
+ * A million repetitions of "a"
+ * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <string.h>
+#include <sys/param.h>
+
+#include <crypto/sha1.h>
+
+/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
+
+/* #define SHA1HANDSOFF * Copies data before messing with it. */
+
+#define SHA1HANDSOFF
+
+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+/* blk0() and blk() perform the initial expand. */
+
+/* I got the idea of expanding during the round function from SSLeay */
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define blk0(i) (block->l[i] = (rol(block->l[i] , 24) & 0xff00ff00) \
Review Comment:
```suggestion
# define blk0(i) (block->l[i] = (rol(block->l[i] , 24) & 0xff00ff00) \
```
##########
include/crypto/rijndael.h:
##########
@@ -0,0 +1,72 @@
+/****************************************************************************
+ * include/crypto/rijndael.h
+ * $OpenBSD: rijndael.h,v 1.13 2008/06/09 07:49:45 djm Exp $
+ *
+ * rijndael-alg-fst.h
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vi...@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <an...@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <pa...@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ ****************************************************************************/
+
+#ifndef __INCLUDE_CRYPTO_RIJNDAEL_H
+#define __INCLUDE_CRYPTO_RIJNDAEL_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+#define AES_MAXKEYBITS (256)
+#define AES_MAXKEYBYTES (AES_MAXKEYBITS/8)
Review Comment:
```suggestion
#define AES_MAXKEYBYTES (AES_MAXKEYBITS / 8)
```
##########
crypto/sha1.c:
##########
@@ -0,0 +1,278 @@
+/****************************************************************************
+ * crypto/sha1.c
+ * $OpenBSD: sha1.c,v 1.11 2014/12/28 10:04:35 tedu Exp $
+ *
+ * SHA-1 in C
+ * By Steve Reid <st...@edmweb.com>
+ * 100% Public Domain
+ *
+ * Test Vectors (from FIPS PUB 180-1)
+ * "abc"
+ * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
+ * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
+ * A million repetitions of "a"
+ * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <string.h>
+#include <sys/param.h>
+
+#include <crypto/sha1.h>
+
+/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
+
+/* #define SHA1HANDSOFF * Copies data before messing with it. */
+
+#define SHA1HANDSOFF
+
+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+/* blk0() and blk() perform the initial expand. */
+
+/* I got the idea of expanding during the round function from SSLeay */
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define blk0(i) (block->l[i] = (rol(block->l[i] , 24) & 0xff00ff00) \
+ | (rol(block->l[i], 8) & 0x00ff00ff))
+#else
+#define blk0(i) block->l[i]
Review Comment:
```suggestion
# define blk0(i) block->l[i]
```
##########
include/crypto/blf.h:
##########
@@ -0,0 +1,97 @@
+/****************************************************************************
+ * include/crypto/blf.h
+ * $OpenBSD: blf.h,v 1.7 2021/11/29 01:04:45 djm Exp $
+ *
+ * Blowfish - a fast block cipher designed by Bruce Schneier
+ *
+ * Copyright 1997 Niels Provos <pr...@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ ****************************************************************************/
+
+#ifndef __INCLUDE_CRYPTO_BLF_H
+#define __INCLUDE_CRYPTO_BLF_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+/* Schneier states the maximum key length to be 56 bytes.
+ * The way how the subkeys are initialized by the key up
+ * to (N+2)*4 i.e. 72 bytes are utilized.
+ * Warning: For normal blowfish encryption only 56 bytes
+ * of the key affect all cipherbits.
+ */
+
+#define BLF_N 16 /* Number of Subkeys */
+#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */
+#define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */
+
+/* Blowfish context */
+
+typedef struct blowfishcontext
+{
+ uint32_t S[4][256]; /* S-Boxes */
+ uint32_t P[BLF_N + 2]; /* Subkeys */
+}
+blf_ctx;
+
+/* Raw access to customized Blowfish
+ * blf_key is just:
+ * Blowfish_initstate( state )
+ * Blowfish_expand0state( state, key, keylen )
+ */
+
+void blowfish_encipher(FAR blf_ctx *, FAR uint32_t *);
+void blowfish_decipher(FAR blf_ctx *, FAR uint32_t *);
+void blowfish_initstate(FAR blf_ctx *);
+void blowfish_expand0state(FAR blf_ctx *, FAR const uint8_t *, uint16_t);
+void blowfish_expandstate(FAR blf_ctx *, FAR const uint8_t *,
+ uint16_t, FAR const uint8_t *, uint16_t);
+
+/* Standard Blowfish */
+
+void blf_key(FAR blf_ctx *, FAR const uint8_t *, uint16_t);
+void blf_enc(FAR blf_ctx *, FAR uint32_t *, uint16_t);
+void blf_dec(FAR blf_ctx *, FAR uint32_t *, uint16_t);
+
+/* Converts uint8_t to uint32_t */
+
+uint32_t blowfish_stream2word(FAR const uint8_t *, uint16_t ,
+ FAR uint16_t *);
+
+void blf_ecb_encrypt(FAR blf_ctx *, FAR uint8_t *, uint32_t);
+void blf_ecb_decrypt(FAR blf_ctx *, FAR uint8_t *, uint32_t);
+
+void blf_cbc_encrypt(FAR blf_ctx *,
+ FAR uint8_t *,
+ FAR uint8_t *,
+ uint32_t);
+void blf_cbc_decrypt(FAR blf_ctx *,
+ FAR uint8_t *,
+ FAR uint8_t *,
+ uint32_t);
Review Comment:
```suggestion
void blf_cbc_decrypt(FAR blf_ctx *, FAR uint8_t *, FAR uint8_t *,
uint32_t);
```
##########
crypto/sha1.c:
##########
@@ -0,0 +1,278 @@
+/****************************************************************************
+ * crypto/sha1.c
+ * $OpenBSD: sha1.c,v 1.11 2014/12/28 10:04:35 tedu Exp $
+ *
+ * SHA-1 in C
+ * By Steve Reid <st...@edmweb.com>
+ * 100% Public Domain
+ *
+ * Test Vectors (from FIPS PUB 180-1)
+ * "abc"
+ * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
+ * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
+ * A million repetitions of "a"
+ * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <string.h>
+#include <sys/param.h>
+
+#include <crypto/sha1.h>
+
+/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
+
+/* #define SHA1HANDSOFF * Copies data before messing with it. */
+
+#define SHA1HANDSOFF
+
+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+/* blk0() and blk() perform the initial expand. */
+
+/* I got the idea of expanding during the round function from SSLeay */
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define blk0(i) (block->l[i] = (rol(block->l[i] , 24) & 0xff00ff00) \
+ | (rol(block->l[i], 8) & 0x00ff00ff))
+#else
+#define blk0(i) block->l[i]
+#endif
+#define blk(i) (block->l[i & 15] = \
+ rol(block->l[(i + 13) & 15] ^ block->l[(i + 8) & 15] \
+ ^ block->l[(i + 2) & 15] ^ block->l[i & 15], 1))
+
+/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
+#define R0(v,w,x,y,z,i) z += ((w & (x ^ y)) ^ y) \
+ + blk0(i) + 0x5a827999 + rol(v, 5); \
+ w = rol(w, 30);
+#define R1(v,w,x,y,z,i) z += ((w & (x ^ y)) ^y) \
+ + blk(i) + 0x5a827999 + rol(v, 5); \
+ w = rol(w, 30);
+#define R2(v,w,x,y,z,i) z += (w ^ x ^ y) \
+ + blk(i) + 0x6ed9eba1 + rol(v, 5); \
+ w = rol(w,30);
+#define R3(v,w,x,y,z,i) z += (((w | x) & y) | (w & x)) \
+ + blk(i)+ 0x8f1bbcdc + rol(v, 5); \
+ w = rol(w, 30);
+#define R4(v,w,x,y,z,i) z += (w ^ x ^y) \
+ + blk(i) + 0xca62c1d6 + rol(v, 5); \
+ w=rol(w, 30);
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+/* Hash a single 512-bit block. This is the core of the algorithm. */
+
+void sha1transform(FAR uint32_t *state,
+ FAR const unsigned char *buffer)
+{
+ uint32_t a;
+ uint32_t b;
+ uint32_t c;
+ uint32_t d;
+ uint32_t e;
+
+ typedef union
+ {
+ unsigned char c[64];
+ unsigned int l[16];
Review Comment:
```suggestion
unsigned char c[64];
unsigned int l[16];
```
##########
crypto/set_key.c:
##########
@@ -0,0 +1,299 @@
+/****************************************************************************
+ * crypto/set_key.c
+ * $OpenBSD: set_key.c,v 1.5 2021/03/12 10:22:46 jsg Exp $
+ * lib/des/set_key.c
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by
+ * Eric Young (eay@mincom.oz.au)
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ *
+ * set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <strings.h>
+
+#include "des_locl.h"
+#include "podd.h"
+#include "sk.h"
+
+static int check_parity(FAR des_cblock *key);
+
+int des_check_key = 0;
+
+static int check_parity(FAR des_cblock *key)
+{
+ int i;
+
+ for (i = 0; i < DES_KEY_SZ; i++)
+ {
+ if (*key[i] != odd_parity[*key[i]])
+ {
+ return(0);
+ }
+ }
+ return (1);
Review Comment:
```suggestion
return 1;
```
##########
crypto/rmd160.c:
##########
@@ -0,0 +1,426 @@
+/****************************************************************************
+ * crypto/rmd160.c
+ * $OpenBSD: rmd160.c,v 1.5 2011/01/11 15:42:05 deraadt Exp $
+ *
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Preneel, Bosselaers, Dobbertin,
+ * "The Cryptographic Hash Function RIPEMD-160",
+ * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
+ * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/param.h>
+#include <endian.h>
+#include <string.h>
+#include <crypto/rmd160.h>
+
+#define PUT_64BIT_LE(cp, value) do { \
+ (cp)[7] = (value) >> 56; \
+ (cp)[6] = (value) >> 48; \
+ (cp)[5] = (value) >> 40; \
+ (cp)[4] = (value) >> 32; \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define PUT_32BIT_LE(cp, value) do { \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define H0 0x67452301U
+#define H1 0xEFCDAB89U
+#define H2 0x98BADCFEU
+#define H3 0x10325476U
+#define H4 0xC3D2E1F0U
+
+#define K0 0x00000000U
+#define K1 0x5A827999U
+#define K2 0x6ED9EBA1U
+#define K3 0x8F1BBCDCU
+#define K4 0xA953FD4EU
+
+#define KK0 0x50A28BE6U
+#define KK1 0x5C4DD124U
+#define KK2 0x6D703EF3U
+#define KK3 0x7A6D76E9U
+#define KK4 0x00000000U
+
+/* rotate x left n bits. */
+
+#define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
+
+#define F0(x, y, z) ((x) ^ (y) ^ (z))
+#define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define F2(x, y, z) (((x) | (~y)) ^ (z))
+#define F3(x, y, z) (((x) & (z)) | ((y) & (~z)))
Review Comment:
```suggestion
#define F3(x, y, z) (((x) & (z)) | ((y) & ~(z)))
```
##########
crypto/rmd160.c:
##########
@@ -0,0 +1,426 @@
+/****************************************************************************
+ * crypto/rmd160.c
+ * $OpenBSD: rmd160.c,v 1.5 2011/01/11 15:42:05 deraadt Exp $
+ *
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Preneel, Bosselaers, Dobbertin,
+ * "The Cryptographic Hash Function RIPEMD-160",
+ * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
+ * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/param.h>
+#include <endian.h>
+#include <string.h>
+#include <crypto/rmd160.h>
+
+#define PUT_64BIT_LE(cp, value) do { \
+ (cp)[7] = (value) >> 56; \
+ (cp)[6] = (value) >> 48; \
+ (cp)[5] = (value) >> 40; \
+ (cp)[4] = (value) >> 32; \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
Review Comment:
```suggestion
#define PUT_64BIT_LE(cp, value) \
do \
{ \
(cp)[7] = (value) >> 56; \
(cp)[6] = (value) >> 48; \
(cp)[5] = (value) >> 40; \
(cp)[4] = (value) >> 32; \
(cp)[3] = (value) >> 24; \
(cp)[2] = (value) >> 16; \
(cp)[1] = (value) >> 8; \
(cp)[0] = (value); \
} \
while (0)
```
##########
crypto/set_key.c:
##########
@@ -0,0 +1,299 @@
+/****************************************************************************
+ * crypto/set_key.c
+ * $OpenBSD: set_key.c,v 1.5 2021/03/12 10:22:46 jsg Exp $
+ * lib/des/set_key.c
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by
+ * Eric Young (eay@mincom.oz.au)
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ *
+ * set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <strings.h>
+
+#include "des_locl.h"
+#include "podd.h"
+#include "sk.h"
+
+static int check_parity(FAR des_cblock *key);
+
+int des_check_key = 0;
Review Comment:
```suggestion
int des_check_key;
```
##########
crypto/rmd160.c:
##########
@@ -0,0 +1,426 @@
+/****************************************************************************
+ * crypto/rmd160.c
+ * $OpenBSD: rmd160.c,v 1.5 2011/01/11 15:42:05 deraadt Exp $
+ *
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Preneel, Bosselaers, Dobbertin,
+ * "The Cryptographic Hash Function RIPEMD-160",
+ * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
+ * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/param.h>
+#include <endian.h>
+#include <string.h>
+#include <crypto/rmd160.h>
+
+#define PUT_64BIT_LE(cp, value) do { \
+ (cp)[7] = (value) >> 56; \
+ (cp)[6] = (value) >> 48; \
+ (cp)[5] = (value) >> 40; \
+ (cp)[4] = (value) >> 32; \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define PUT_32BIT_LE(cp, value) do { \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define H0 0x67452301U
+#define H1 0xEFCDAB89U
+#define H2 0x98BADCFEU
+#define H3 0x10325476U
+#define H4 0xC3D2E1F0U
+
+#define K0 0x00000000U
+#define K1 0x5A827999U
+#define K2 0x6ED9EBA1U
+#define K3 0x8F1BBCDCU
+#define K4 0xA953FD4EU
+
+#define KK0 0x50A28BE6U
+#define KK1 0x5C4DD124U
+#define KK2 0x6D703EF3U
+#define KK3 0x7A6D76E9U
+#define KK4 0x00000000U
+
+/* rotate x left n bits. */
+
+#define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
+
+#define F0(x, y, z) ((x) ^ (y) ^ (z))
+#define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define F2(x, y, z) (((x) | (~y)) ^ (z))
Review Comment:
```suggestion
#define F2(x, y, z) (((x) | ~(y)) ^ (z))
```
##########
crypto/md5.c:
##########
@@ -0,0 +1,269 @@
+/****************************************************************************
+ * crypto/md5.c
+ * $OpenBSD: md5.c,v 1.4 2014/12/28 10:04:35 tedu Exp $
+ *
+ * This code implements the MD5 message-digest algorithm.
+ * The algorithm is due to Ron Rivest. This code was
+ * written by Colin Plumb in 1993, no copyright is claimed.
+ * This code is in the public domain; do with it what you wish.
+ *
+ * Equivalent code is available from RSA Data Security, Inc.
+ * This code has been tested against that, and is equivalent,
+ * except that you don't need to include two pages of legalese
+ * with every copy.
+ *
+ * To compute the message digest of a chunk of bytes, declare an
+ * MD5Context structure, pass it to MD5Init, call MD5Update as
+ * needed on buffers full of bytes, and then call MD5Final, which
+ * will fill a supplied 16-byte array with the digest.
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <string.h>
+#include <sys/param.h>
+#include <crypto/md5.h>
+
+#define PUT_64BIT_LE(cp, value) do { \
+ (cp)[7] = (value) >> 56; \
+ (cp)[6] = (value) >> 48; \
+ (cp)[5] = (value) >> 40; \
+ (cp)[4] = (value) >> 32; \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define PUT_32BIT_LE(cp, value) do { \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+static uint8_t PADDING[MD5_BLOCK_LENGTH] =
+{
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+/* Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
+ * initialization constants.
+ */
+
+void md5init(FAR MD5_CTX *ctx)
+{
+ ctx->count = 0;
+ ctx->state[0] = 0x67452301;
+ ctx->state[1] = 0xefcdab89;
+ ctx->state[2] = 0x98badcfe;
+ ctx->state[3] = 0x10325476;
+}
+
+/* Update context to reflect the concatenation of another buffer full
+ * of bytes.
+ */
+
+void md5update(FAR MD5_CTX *ctx, FAR const void *inputptr, size_t len)
+{
+ FAR const uint8_t *input = inputptr;
+ size_t have;
+ size_t need;
+
+ /* Check how many bytes we already have and how many more we need. */
+
+ have = (size_t)((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
+ need = MD5_BLOCK_LENGTH - have;
+
+ /* Update bitcount */
+
+ ctx->count += (uint64_t)len << 3;
+
+ if (len >= need)
+ {
+ if (have != 0)
+ {
+ memcpy(ctx->buffer + have, input, need);
+ md5transform(ctx->state, ctx->buffer);
+ input += need;
+ len -= need;
+ have = 0;
+ }
+
+ /* Process data in MD5_BLOCK_LENGTH-byte chunks. */
+
+ while (len >= MD5_BLOCK_LENGTH)
+ {
+ md5transform(ctx->state, input);
+ input += MD5_BLOCK_LENGTH;
+ len -= MD5_BLOCK_LENGTH;
+ }
+ }
+
+ /* Handle any remaining bytes of data. */
+
+ if (len != 0)
+ {
+ memcpy(ctx->buffer + have, input, len);
+ }
+}
+
+/* Final wrapup - pad to 64-byte boundary with the bit pattern
+ * 1 0* (64-bit count of bits processed, MSB-first)
+ */
+
+void md5final(FAR unsigned char *digest, FAR MD5_CTX *ctx)
+{
+ uint8_t count[8];
+ size_t padlen;
+ int i;
+
+ /* Convert count to 8 bytes in little endian order. */
+
+ PUT_64BIT_LE(count, ctx->count);
+
+ /* Pad out to 56 mod 64. */
+
+ padlen = MD5_BLOCK_LENGTH -
+ ((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
+ if (padlen < 1 + 8)
+ {
+ padlen += MD5_BLOCK_LENGTH;
+ }
+
+ md5update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
+ md5update(ctx, count, 8);
+
+ for (i = 0; i < 4; i++)
+ {
+ PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
+ }
+
+ explicit_bzero(ctx, sizeof(*ctx)); /* in case it's sensitive */
+}
+
+/* The four core functions - F1 is optimized somewhat */
+
+/* #define F1(x, y, z) (x & y | ~x & z) */
+
+#define F1(x, y, z) (z ^ (x & (y ^ z)))
+#define F2(x, y, z) F1(z, x, y)
+#define F3(x, y, z) (x ^ y ^ z)
+#define F4(x, y, z) (y ^ (x | ~z))
Review Comment:
```suggestion
#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
#define F2(x, y, z) F1(z, x, y)
#define F3(x, y, z) ((x) ^ (y) ^ (z))
#define F4(x, y, z) ((y) ^ ((x) | ~(z)))
```
##########
include/crypto/blf.h:
##########
@@ -0,0 +1,97 @@
+/****************************************************************************
+ * include/crypto/blf.h
+ * $OpenBSD: blf.h,v 1.7 2021/11/29 01:04:45 djm Exp $
+ *
+ * Blowfish - a fast block cipher designed by Bruce Schneier
+ *
+ * Copyright 1997 Niels Provos <pr...@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ ****************************************************************************/
+
+#ifndef __INCLUDE_CRYPTO_BLF_H
+#define __INCLUDE_CRYPTO_BLF_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+/* Schneier states the maximum key length to be 56 bytes.
+ * The way how the subkeys are initialized by the key up
+ * to (N+2)*4 i.e. 72 bytes are utilized.
+ * Warning: For normal blowfish encryption only 56 bytes
+ * of the key affect all cipherbits.
+ */
+
+#define BLF_N 16 /* Number of Subkeys */
+#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */
+#define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */
+
+/* Blowfish context */
+
+typedef struct blowfishcontext
+{
+ uint32_t S[4][256]; /* S-Boxes */
+ uint32_t P[BLF_N + 2]; /* Subkeys */
+}
+blf_ctx;
+
+/* Raw access to customized Blowfish
+ * blf_key is just:
+ * Blowfish_initstate( state )
+ * Blowfish_expand0state( state, key, keylen )
+ */
+
+void blowfish_encipher(FAR blf_ctx *, FAR uint32_t *);
+void blowfish_decipher(FAR blf_ctx *, FAR uint32_t *);
+void blowfish_initstate(FAR blf_ctx *);
+void blowfish_expand0state(FAR blf_ctx *, FAR const uint8_t *, uint16_t);
+void blowfish_expandstate(FAR blf_ctx *, FAR const uint8_t *,
+ uint16_t, FAR const uint8_t *, uint16_t);
+
+/* Standard Blowfish */
+
+void blf_key(FAR blf_ctx *, FAR const uint8_t *, uint16_t);
+void blf_enc(FAR blf_ctx *, FAR uint32_t *, uint16_t);
+void blf_dec(FAR blf_ctx *, FAR uint32_t *, uint16_t);
+
+/* Converts uint8_t to uint32_t */
+
+uint32_t blowfish_stream2word(FAR const uint8_t *, uint16_t ,
Review Comment:
```suggestion
uint32_t blowfish_stream2word(FAR const uint8_t *, uint16_t,
```
##########
crypto/rmd160.c:
##########
@@ -0,0 +1,426 @@
+/****************************************************************************
+ * crypto/rmd160.c
+ * $OpenBSD: rmd160.c,v 1.5 2011/01/11 15:42:05 deraadt Exp $
+ *
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Preneel, Bosselaers, Dobbertin,
+ * "The Cryptographic Hash Function RIPEMD-160",
+ * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
+ * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/param.h>
+#include <endian.h>
+#include <string.h>
+#include <crypto/rmd160.h>
+
+#define PUT_64BIT_LE(cp, value) do { \
+ (cp)[7] = (value) >> 56; \
+ (cp)[6] = (value) >> 48; \
+ (cp)[5] = (value) >> 40; \
+ (cp)[4] = (value) >> 32; \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define PUT_32BIT_LE(cp, value) do { \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
Review Comment:
```suggestion
#define PUT_32BIT_LE(cp, value) \
do \
{ \
(cp)[3] = (value) >> 24; \
(cp)[2] = (value) >> 16; \
(cp)[1] = (value) >> 8; \
(cp)[0] = (value); \
} \
while (0)
```
##########
include/crypto/aes.h:
##########
@@ -0,0 +1,65 @@
+/****************************************************************************
+ * include/crypto/aes.h
+ * $OpenBSD: aes.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $
+ *
+ * Copyright (c) 2016 Thomas Pornin <po...@bolet.org>
+ * Copyright (c) 2016 Mike Belopuhov
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ ****************************************************************************/
+
+#ifndef __INCLUDE_CRYPTO_AES_H
+#define __INCLUDE_CRYPTO_AES_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+#ifndef AES_MAXROUNDS
+#define AES_MAXROUNDS (14)
+#endif
+
+typedef struct aes_ctx
+{
+ uint32_t sk[60];
+ uint32_t sk_exp[120];
+
+ unsigned num_rounds;
+} AES_CTX;
+
+int aes_setkey(FAR AES_CTX *, FAR const uint8_t *, int);
+void aes_encrypt(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *);
+void aes_decrypt(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *);
+void aes_encrypt_ecb(FAR AES_CTX *,
+ FAR const uint8_t *,
+ FAR uint8_t *,
+ size_t);
Review Comment:
```suggestion
void aes_encrypt_ecb(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *,
size_t);
```
##########
crypto/sha2.c:
##########
@@ -0,0 +1,1059 @@
+/****************************************************************************
+ * crypto/sha2.c
+ * $OpenBSD: sha2.c,v 1.19 2021/03/12 10:22:46 jsg Exp $
+ * FILE: sha2.c
+ * AUTHOR: Aaron D. Gifford <me...@aarongifford.com>
+ *
+ * Copyright (c) 2000-2001, Aaron D. Gifford
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <string.h>
+#include <sys/time.h>
+#include <crypto/sha2.h>
+
+/* UNROLLED TRANSFORM LOOP NOTE:
+ * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
+ * loop version for the hash transform rounds (defined using macros
+ * later in this file). Either define on the command line, for example:
+ *
+ * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
+ *
+ * or define below:
+ *
+ * #define SHA2_UNROLL_TRANSFORM
+ *
+ */
+
+#ifndef SMALL_KERNEL
+#if defined(__amd64__) || defined(__i386__)
+#define SHA2_UNROLL_TRANSFORM
+#endif
+#endif
+
+/* SHA-256/384/512 Machine Architecture Definitions */
+
+/* BYTE_ORDER NOTE:
+ *
+ * Please make sure that your system defines BYTE_ORDER. If your
+ * architecture is little-endian, make sure it also defines
+ * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
+ * equivalent.
+ *
+ * If your system does not define the above, then you can do so by
+ * hand like this:
+ *
+ * #define LITTLE_ENDIAN 1234
+ * #define BIG_ENDIAN 4321
+ *
+ * And for little-endian machines, add:
+ *
+ * #define BYTE_ORDER LITTLE_ENDIAN
+ *
+ * Or for big-endian machines:
+ *
+ * #define BYTE_ORDER BIG_ENDIAN
+ *
+ * The FreeBSD machine this was written on defines BYTE_ORDER
+ * appropriately by including <sys/types.h> (which in turn includes
+ * <machine/endian.h> where the appropriate definitions are actually
+ * made).
+ */
+
+#if !defined(BYTE_ORDER) || \
+ (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
+#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
Review Comment:
```suggestion
# error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
```
##########
crypto/md5.c:
##########
@@ -0,0 +1,269 @@
+/****************************************************************************
+ * crypto/md5.c
+ * $OpenBSD: md5.c,v 1.4 2014/12/28 10:04:35 tedu Exp $
+ *
+ * This code implements the MD5 message-digest algorithm.
+ * The algorithm is due to Ron Rivest. This code was
+ * written by Colin Plumb in 1993, no copyright is claimed.
+ * This code is in the public domain; do with it what you wish.
+ *
+ * Equivalent code is available from RSA Data Security, Inc.
+ * This code has been tested against that, and is equivalent,
+ * except that you don't need to include two pages of legalese
+ * with every copy.
+ *
+ * To compute the message digest of a chunk of bytes, declare an
+ * MD5Context structure, pass it to MD5Init, call MD5Update as
+ * needed on buffers full of bytes, and then call MD5Final, which
+ * will fill a supplied 16-byte array with the digest.
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <string.h>
+#include <sys/param.h>
+#include <crypto/md5.h>
+
+#define PUT_64BIT_LE(cp, value) do { \
+ (cp)[7] = (value) >> 56; \
+ (cp)[6] = (value) >> 48; \
+ (cp)[5] = (value) >> 40; \
+ (cp)[4] = (value) >> 32; \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define PUT_32BIT_LE(cp, value) do { \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+static uint8_t PADDING[MD5_BLOCK_LENGTH] =
+{
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+/* Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
+ * initialization constants.
+ */
+
+void md5init(FAR MD5_CTX *ctx)
+{
+ ctx->count = 0;
+ ctx->state[0] = 0x67452301;
+ ctx->state[1] = 0xefcdab89;
+ ctx->state[2] = 0x98badcfe;
+ ctx->state[3] = 0x10325476;
+}
+
+/* Update context to reflect the concatenation of another buffer full
+ * of bytes.
+ */
+
+void md5update(FAR MD5_CTX *ctx, FAR const void *inputptr, size_t len)
+{
+ FAR const uint8_t *input = inputptr;
+ size_t have;
+ size_t need;
+
+ /* Check how many bytes we already have and how many more we need. */
+
+ have = (size_t)((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
+ need = MD5_BLOCK_LENGTH - have;
+
+ /* Update bitcount */
+
+ ctx->count += (uint64_t)len << 3;
+
+ if (len >= need)
+ {
+ if (have != 0)
+ {
+ memcpy(ctx->buffer + have, input, need);
+ md5transform(ctx->state, ctx->buffer);
+ input += need;
+ len -= need;
+ have = 0;
+ }
+
+ /* Process data in MD5_BLOCK_LENGTH-byte chunks. */
+
+ while (len >= MD5_BLOCK_LENGTH)
+ {
+ md5transform(ctx->state, input);
+ input += MD5_BLOCK_LENGTH;
+ len -= MD5_BLOCK_LENGTH;
+ }
+ }
+
+ /* Handle any remaining bytes of data. */
+
+ if (len != 0)
+ {
+ memcpy(ctx->buffer + have, input, len);
+ }
+}
+
+/* Final wrapup - pad to 64-byte boundary with the bit pattern
+ * 1 0* (64-bit count of bits processed, MSB-first)
+ */
+
+void md5final(FAR unsigned char *digest, FAR MD5_CTX *ctx)
+{
+ uint8_t count[8];
+ size_t padlen;
+ int i;
+
+ /* Convert count to 8 bytes in little endian order. */
+
+ PUT_64BIT_LE(count, ctx->count);
+
+ /* Pad out to 56 mod 64. */
+
+ padlen = MD5_BLOCK_LENGTH -
+ ((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
+ if (padlen < 1 + 8)
+ {
+ padlen += MD5_BLOCK_LENGTH;
+ }
+
+ md5update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
+ md5update(ctx, count, 8);
+
+ for (i = 0; i < 4; i++)
+ {
+ PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
+ }
+
+ explicit_bzero(ctx, sizeof(*ctx)); /* in case it's sensitive */
+}
+
+/* The four core functions - F1 is optimized somewhat */
+
+/* #define F1(x, y, z) (x & y | ~x & z) */
+
+#define F1(x, y, z) (z ^ (x & (y ^ z)))
+#define F2(x, y, z) F1(z, x, y)
+#define F3(x, y, z) (x ^ y ^ z)
+#define F4(x, y, z) (y ^ (x | ~z))
+
+/* This is the central step in the MD5 algorithm. */
+
+#define MD5STEP(f, w, x, y, z, data, s) \
+ ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
Review Comment:
```suggestion
#define MD5STEP(f, w, x, y, z, data, s) \
( (w) += f(x, y, z) + (data), (w) = (w) << (s) | (w) >> (32 - (s)), (w) += (x) )
```
##########
crypto/md5.c:
##########
@@ -0,0 +1,269 @@
+/****************************************************************************
+ * crypto/md5.c
+ * $OpenBSD: md5.c,v 1.4 2014/12/28 10:04:35 tedu Exp $
+ *
+ * This code implements the MD5 message-digest algorithm.
+ * The algorithm is due to Ron Rivest. This code was
+ * written by Colin Plumb in 1993, no copyright is claimed.
+ * This code is in the public domain; do with it what you wish.
+ *
+ * Equivalent code is available from RSA Data Security, Inc.
+ * This code has been tested against that, and is equivalent,
+ * except that you don't need to include two pages of legalese
+ * with every copy.
+ *
+ * To compute the message digest of a chunk of bytes, declare an
+ * MD5Context structure, pass it to MD5Init, call MD5Update as
+ * needed on buffers full of bytes, and then call MD5Final, which
+ * will fill a supplied 16-byte array with the digest.
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <string.h>
+#include <sys/param.h>
+#include <crypto/md5.h>
+
+#define PUT_64BIT_LE(cp, value) do { \
+ (cp)[7] = (value) >> 56; \
+ (cp)[6] = (value) >> 48; \
+ (cp)[5] = (value) >> 40; \
+ (cp)[4] = (value) >> 32; \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define PUT_32BIT_LE(cp, value) do { \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
Review Comment:
```suggestion
#define PUT_32BIT_LE(cp, value) \
do \
{ \
(cp)[3] = (value) >> 24; \
(cp)[2] = (value) >> 16; \
(cp)[1] = (value) >> 8; \
(cp)[0] = (value); \
} \
while (0)
```
##########
crypto/gmac.c:
##########
@@ -0,0 +1,202 @@
+/****************************************************************************
+ * crypto/gmac.c
+ * $OpenBSD: gmac.c,v 1.10 2017/05/02 11:44:32 mikeb Exp $
+ *
+ * Copyright (c) 2010 Mike Belopuhov
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ *
+ *
+ * This code implements the Message Authentication part of the
+ * Galois/Counter Mode (as being described in the RFC 4543) using
+ * the AES cipher. FIPS SP 800-38D describes the algorithm details.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <strings.h>
+#include <sys/param.h>
+#include <crypto/aes.h>
+#include <crypto/gmac.h>
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void ghash_gfmul(FAR uint32_t *, FAR uint32_t *, FAR uint32_t *);
+void ghash_update_mi(FAR GHASH_CTX *, FAR uint8_t *, size_t);
+
+/* Allow overriding with optimized MD function */
+
+void (*ghash_update)(FAR GHASH_CTX *,
Review Comment:
```suggestion
CODE void (*ghash_update)(FAR GHASH_CTX *,
```
##########
crypto/sha2.c:
##########
@@ -0,0 +1,1059 @@
+/****************************************************************************
+ * crypto/sha2.c
+ * $OpenBSD: sha2.c,v 1.19 2021/03/12 10:22:46 jsg Exp $
+ * FILE: sha2.c
+ * AUTHOR: Aaron D. Gifford <me...@aarongifford.com>
+ *
+ * Copyright (c) 2000-2001, Aaron D. Gifford
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <string.h>
+#include <sys/time.h>
+#include <crypto/sha2.h>
+
+/* UNROLLED TRANSFORM LOOP NOTE:
+ * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
+ * loop version for the hash transform rounds (defined using macros
+ * later in this file). Either define on the command line, for example:
+ *
+ * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
+ *
+ * or define below:
+ *
+ * #define SHA2_UNROLL_TRANSFORM
+ *
+ */
+
+#ifndef SMALL_KERNEL
+#if defined(__amd64__) || defined(__i386__)
+#define SHA2_UNROLL_TRANSFORM
+#endif
Review Comment:
```suggestion
# if defined(__amd64__) || defined(__i386__)
# define SHA2_UNROLL_TRANSFORM
# endif
```
##########
crypto/md5.c:
##########
@@ -0,0 +1,269 @@
+/****************************************************************************
+ * crypto/md5.c
+ * $OpenBSD: md5.c,v 1.4 2014/12/28 10:04:35 tedu Exp $
+ *
+ * This code implements the MD5 message-digest algorithm.
+ * The algorithm is due to Ron Rivest. This code was
+ * written by Colin Plumb in 1993, no copyright is claimed.
+ * This code is in the public domain; do with it what you wish.
+ *
+ * Equivalent code is available from RSA Data Security, Inc.
+ * This code has been tested against that, and is equivalent,
+ * except that you don't need to include two pages of legalese
+ * with every copy.
+ *
+ * To compute the message digest of a chunk of bytes, declare an
+ * MD5Context structure, pass it to MD5Init, call MD5Update as
+ * needed on buffers full of bytes, and then call MD5Final, which
+ * will fill a supplied 16-byte array with the digest.
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <string.h>
+#include <sys/param.h>
+#include <crypto/md5.h>
+
+#define PUT_64BIT_LE(cp, value) do { \
+ (cp)[7] = (value) >> 56; \
+ (cp)[6] = (value) >> 48; \
+ (cp)[5] = (value) >> 40; \
+ (cp)[4] = (value) >> 32; \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
Review Comment:
```suggestion
#define PUT_64BIT_LE(cp, value) \
do \
{ \
(cp)[7] = (value) >> 56; \
(cp)[6] = (value) >> 48; \
(cp)[5] = (value) >> 40; \
(cp)[4] = (value) >> 32; \
(cp)[3] = (value) >> 24; \
(cp)[2] = (value) >> 16; \
(cp)[1] = (value) >> 8; \
(cp)[0] = (value); \
} \
while (0)
```
##########
crypto/sha2.c:
##########
@@ -0,0 +1,1059 @@
+/****************************************************************************
+ * crypto/sha2.c
+ * $OpenBSD: sha2.c,v 1.19 2021/03/12 10:22:46 jsg Exp $
+ * FILE: sha2.c
+ * AUTHOR: Aaron D. Gifford <me...@aarongifford.com>
+ *
+ * Copyright (c) 2000-2001, Aaron D. Gifford
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <string.h>
+#include <sys/time.h>
+#include <crypto/sha2.h>
+
+/* UNROLLED TRANSFORM LOOP NOTE:
+ * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
+ * loop version for the hash transform rounds (defined using macros
+ * later in this file). Either define on the command line, for example:
+ *
+ * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
+ *
+ * or define below:
+ *
+ * #define SHA2_UNROLL_TRANSFORM
+ *
+ */
+
+#ifndef SMALL_KERNEL
+#if defined(__amd64__) || defined(__i386__)
+#define SHA2_UNROLL_TRANSFORM
+#endif
+#endif
+
+/* SHA-256/384/512 Machine Architecture Definitions */
+
+/* BYTE_ORDER NOTE:
+ *
+ * Please make sure that your system defines BYTE_ORDER. If your
+ * architecture is little-endian, make sure it also defines
+ * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
+ * equivalent.
+ *
+ * If your system does not define the above, then you can do so by
+ * hand like this:
+ *
+ * #define LITTLE_ENDIAN 1234
+ * #define BIG_ENDIAN 4321
+ *
+ * And for little-endian machines, add:
+ *
+ * #define BYTE_ORDER LITTLE_ENDIAN
+ *
+ * Or for big-endian machines:
+ *
+ * #define BYTE_ORDER BIG_ENDIAN
+ *
+ * The FreeBSD machine this was written on defines BYTE_ORDER
+ * appropriately by including <sys/types.h> (which in turn includes
+ * <machine/endian.h> where the appropriate definitions are actually
+ * made).
+ */
+
+#if !defined(BYTE_ORDER) || \
+ (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
+#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
+#endif
+
+/* SHA-256/384/512 Various Length Definitions */
+
+/* NOTE: Most of these are in sha2.h */
+
+#define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8)
+#define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16)
+#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
+
+/* Macro for incrementally adding the unsigned 64-bit integer n to the
+ * unsigned 128-bit integer (represented using a two-element array of
+ * 64-bit words):
+ */
+
+#define ADDINC128(w,n) { \
+ (w)[0] += (uint64_t)(n); \
+ if ((w)[0] < (n)) { \
+ (w)[1]++; \
+ } \
+}
+
+/* THE SIX LOGICAL FUNCTIONS */
+
+/* Bit shifting and rotation (used by the six SHA-XYZ logical functions:
+ *
+ * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
+ * S is a ROTATION) because the SHA-256/384/512 description document
+ * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
+ * same "backwards" definition.
+ */
+
+/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
+
+#define R(b,x) ((x) >> (b))
+
+/* 32-bit Rotate-right (used in SHA-256): */
+
+#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
+
+/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
+
+#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
+
+/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
+
+#define CH(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+
+#define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+/* Four of six logical functions used in SHA-256: */
+
+#define SIGMA0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
+#define SIGMA1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
+#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3, (x)))
+#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
+
+/* Four of six logical functions used in SHA-384 and SHA-512: */
+
+#define SIGMA0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
+#define SIGMA1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
+#define sigma0_512(x) (S64(1, (x)) ^ S64( 8, (x)) ^ R(7, (x)))
+#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R(6, (x)))
+
+/* INTERNAL FUNCTION PROTOTYPES */
+
+/* NOTE: These should not be accessed directly from outside this
+ * library -- they are intended for private internal visibility/use
+ * only.
+ */
+
+void sha512last(FAR SHA2_CTX *);
+void sha256transform(FAR uint32_t *, FAR const uint8_t *);
+void sha512transform(FAR uint64_t *, FAR const uint8_t *);
+
+/* SHA-XYZ INITIAL HASH VALUES AND CONSTANTS */
+
+/* Hash constant words K for SHA-256: */
+
+const static uint32_t K256[64] =
+{
+ 0x428a2f98ul, 0x71374491ul, 0xb5c0fbcful, 0xe9b5dba5ul,
+ 0x3956c25bul, 0x59f111f1ul, 0x923f82a4ul, 0xab1c5ed5ul,
+ 0xd807aa98ul, 0x12835b01ul, 0x243185beul, 0x550c7dc3ul,
+ 0x72be5d74ul, 0x80deb1feul, 0x9bdc06a7ul, 0xc19bf174ul,
+ 0xe49b69c1ul, 0xefbe4786ul, 0x0fc19dc6ul, 0x240ca1ccul,
+ 0x2de92c6ful, 0x4a7484aaul, 0x5cb0a9dcul, 0x76f988daul,
+ 0x983e5152ul, 0xa831c66dul, 0xb00327c8ul, 0xbf597fc7ul,
+ 0xc6e00bf3ul, 0xd5a79147ul, 0x06ca6351ul, 0x14292967ul,
+ 0x27b70a85ul, 0x2e1b2138ul, 0x4d2c6dfcul, 0x53380d13ul,
+ 0x650a7354ul, 0x766a0abbul, 0x81c2c92eul, 0x92722c85ul,
+ 0xa2bfe8a1ul, 0xa81a664bul, 0xc24b8b70ul, 0xc76c51a3ul,
+ 0xd192e819ul, 0xd6990624ul, 0xf40e3585ul, 0x106aa070ul,
+ 0x19a4c116ul, 0x1e376c08ul, 0x2748774cul, 0x34b0bcb5ul,
+ 0x391c0cb3ul, 0x4ed8aa4aul, 0x5b9cca4ful, 0x682e6ff3ul,
+ 0x748f82eeul, 0x78a5636ful, 0x84c87814ul, 0x8cc70208ul,
+ 0x90befffaul, 0xa4506cebul, 0xbef9a3f7ul, 0xc67178f2ul
+};
+
+/* Initial hash value H for SHA-256: */
+
+const static uint32_t sha256_initial_hash_value[8] =
+{
+ 0x6a09e667ul,
+ 0xbb67ae85ul,
+ 0x3c6ef372ul,
+ 0xa54ff53aul,
+ 0x510e527ful,
+ 0x9b05688cul,
+ 0x1f83d9abul,
+ 0x5be0cd19ul
+};
+
+/* Hash constant words K for SHA-384 and SHA-512: */
+
+const static uint64_t K512[80] =
+{
+ 0x428a2f98d728ae22ull, 0x7137449123ef65cdull,
+ 0xb5c0fbcfec4d3b2full, 0xe9b5dba58189dbbcull,
+ 0x3956c25bf348b538ull, 0x59f111f1b605d019ull,
+ 0x923f82a4af194f9bull, 0xab1c5ed5da6d8118ull,
+ 0xd807aa98a3030242ull, 0x12835b0145706fbeull,
+ 0x243185be4ee4b28cull, 0x550c7dc3d5ffb4e2ull,
+ 0x72be5d74f27b896full, 0x80deb1fe3b1696b1ull,
+ 0x9bdc06a725c71235ull, 0xc19bf174cf692694ull,
+ 0xe49b69c19ef14ad2ull, 0xefbe4786384f25e3ull,
+ 0x0fc19dc68b8cd5b5ull, 0x240ca1cc77ac9c65ull,
+ 0x2de92c6f592b0275ull, 0x4a7484aa6ea6e483ull,
+ 0x5cb0a9dcbd41fbd4ull, 0x76f988da831153b5ull,
+ 0x983e5152ee66dfabull, 0xa831c66d2db43210ull,
+ 0xb00327c898fb213full, 0xbf597fc7beef0ee4ull,
+ 0xc6e00bf33da88fc2ull, 0xd5a79147930aa725ull,
+ 0x06ca6351e003826full, 0x142929670a0e6e70ull,
+ 0x27b70a8546d22ffcull, 0x2e1b21385c26c926ull,
+ 0x4d2c6dfc5ac42aedull, 0x53380d139d95b3dfull,
+ 0x650a73548baf63deull, 0x766a0abb3c77b2a8ull,
+ 0x81c2c92e47edaee6ull, 0x92722c851482353bull,
+ 0xa2bfe8a14cf10364ull, 0xa81a664bbc423001ull,
+ 0xc24b8b70d0f89791ull, 0xc76c51a30654be30ull,
+ 0xd192e819d6ef5218ull, 0xd69906245565a910ull,
+ 0xf40e35855771202aull, 0x106aa07032bbd1b8ull,
+ 0x19a4c116b8d2d0c8ull, 0x1e376c085141ab53ull,
+ 0x2748774cdf8eeb99ull, 0x34b0bcb5e19b48a8ull,
+ 0x391c0cb3c5c95a63ull, 0x4ed8aa4ae3418acbull,
+ 0x5b9cca4f7763e373ull, 0x682e6ff3d6b2b8a3ull,
+ 0x748f82ee5defb2fcull, 0x78a5636f43172f60ull,
+ 0x84c87814a1f0ab72ull, 0x8cc702081a6439ecull,
+ 0x90befffa23631e28ull, 0xa4506cebde82bde9ull,
+ 0xbef9a3f7b2c67915ull, 0xc67178f2e372532bull,
+ 0xca273eceea26619cull, 0xd186b8c721c0c207ull,
+ 0xeada7dd6cde0eb1eull, 0xf57d4f7fee6ed178ull,
+ 0x06f067aa72176fbaull, 0x0a637dc5a2c898a6ull,
+ 0x113f9804bef90daeull, 0x1b710b35131c471bull,
+ 0x28db77f523047d84ull, 0x32caab7b40c72493ull,
+ 0x3c9ebe0a15c9bebcull, 0x431d67c49c100d4cull,
+ 0x4cc5d4becb3e42b6ull, 0x597f299cfc657e2aull,
+ 0x5fcb6fab3ad6faecull, 0x6c44198c4a475817ull
+};
+
+/* Initial hash value H for SHA-384 */
+
+const static uint64_t sha384_initial_hash_value[8] =
+{
+ 0xcbbb9d5dc1059ed8ull,
+ 0x629a292a367cd507ull,
+ 0x9159015a3070dd17ull,
+ 0x152fecd8f70e5939ull,
+ 0x67332667ffc00b31ull,
+ 0x8eb44a8768581511ull,
+ 0xdb0c2e0d64f98fa7ull,
+ 0x47b5481dbefa4fa4ull
+};
+
+/* Initial hash value H for SHA-512 */
+
+const static uint64_t sha512_initial_hash_value[8] =
+{
+ 0x6a09e667f3bcc908ull,
+ 0xbb67ae8584caa73bull,
+ 0x3c6ef372fe94f82bull,
+ 0xa54ff53a5f1d36f1ull,
+ 0x510e527fade682d1ull,
+ 0x9b05688c2b3e6c1full,
+ 0x1f83d9abfb41bd6bull,
+ 0x5be0cd19137e2179ull
+};
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+/* SHA-256: */
+
+void sha256init(FAR SHA2_CTX *context)
+{
+ memcpy(context->state.st32,
+ sha256_initial_hash_value,
+ SHA256_DIGEST_LENGTH);
+
+ memset(context->buffer, 0, SHA256_BLOCK_LENGTH);
+ context->bitcount[0] = 0;
+}
+
+#ifdef SHA2_UNROLL_TRANSFORM
+
+/* Unrolled SHA-256 round macros: */
+
+#define ROUND256_0_TO_15(a, b, c, d, e, f, g, h) do { \
+ W256[j] = (uint32_t)data[3] | ((uint32_t)data[2] << 8) | \
+ ((uint32_t)data[1] << 16) | ((uint32_t)data[0] << 24); \
Review Comment:
```suggestion
W256[j] = (uint32_t)data[3] | ((uint32_t)data[2] << 8) | \
((uint32_t)data[1] << 16) | ((uint32_t)data[0] << 24); \
```
##########
crypto/des_locl.h:
##########
@@ -0,0 +1,176 @@
+/****************************************************************************
+ * crypto/des_locl.h
+ * $OpenBSD: des_locl.h,v 1.7 2015/12/10 21:00:51 naddy Exp $
+ *
+ * lib/des/des_locl.h
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by
+ * Eric Young (eay@mincom.oz.au)
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ ****************************************************************************/
+
+#ifndef __CRYPTO_DES_LOCL_H
+#define __CRYPTO_DES_LOCL_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+typedef unsigned char des_cblock[8];
+typedef struct des_ks_struct
+{
+ union
+ {
+ des_cblock cblock;
+ /* make sure things are correct size on machines with
+ * 8 byte longs
+ */
+
+ int32_t pad[2];
+ } ks;
+}
+des_key_schedule[16];
+
+#define DES_KEY_SZ (sizeof(des_cblock))
+#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
+
+void des_encrypt2(FAR uint32_t *data, des_key_schedule ks, int enc);
+
+#define ITERATIONS 16
+#define HALF_ITERATIONS 8
+
+#define c2l(c, l) \
+ do { \
+ l = ((uint32_t)(*((c)++))); \
+ l |= ((uint32_t)(*((c)++))) << 8l; \
+ l |= ((uint32_t)(*((c)++))) << 16l; \
+ l |= ((uint32_t)(*((c)++))) << 24l; \
+ } while(0)
+
+#define l2c(l,c) \
+ do { \
+ *((c)++) = (unsigned char)(((l)) & 0xff); \
+ *((c)++) = (unsigned char)(((l) >> 8L) & 0xff); \
+ *((c)++) = (unsigned char)(((l) >> 16L) & 0xff); \
+ *((c)++) = (unsigned char)(((l) >> 24L) & 0xff); \
+ } while(0)
+
+#define D_ENCRYPT(Q, R, S) {\
+ u = (R ^ s[S]); \
+ t = R ^ s[S + 1]; \
+ t = ((t >> 4L) + (t << 28L)); \
+ Q ^= des_sptrans[1][(t) & 0x3f]| \
+ des_sptrans[3][(t >> 8l) & 0x3f]| \
+ des_sptrans[5][(t >>16l) & 0x3f]| \
+ des_sptrans[7][(t >>24l) & 0x3f]| \
+ des_sptrans[0][(u) & 0x3f]| \
+ des_sptrans[2][(u >> 8l) & 0x3f]| \
+ des_sptrans[4][(u >>16l) & 0x3f]| \
+ des_sptrans[6][(u >>24l) & 0x3f]; }
+
+ /* IP and FP
+ * The problem is more of a geometric problem that random bit fiddling.
+ * 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
+ * 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
+ * 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
+ * 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
+ *
+ * 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
+ * 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
+ * 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
+ * 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
+ *
+ * The output has been subject to swaps of the form
+ * 0 1 -> 3 1 but the odd and even bits have been put into
+ * 2 3 2 0
+ * different words. The main trick is to remember that
+ * t=((l>>size)^r)&(mask);
+ * r^=t;
+ * l^=(t<<size);
+ * can be used to swap and move bits between words.
+ *
+ * So l = 0 1 2 3 r = 16 17 18 19
+ * 4 5 6 7 20 21 22 23
+ * 8 9 10 11 24 25 26 27
+ * 12 13 14 15 28 29 30 31
+ * becomes (for size == 2 and mask == 0x3333)
+ * t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
+ * 6^20 7^21 -- -- 4 5 20 21 6 7 22 23
+ * 10^24 11^25 -- -- 8 9 24 25 10 11 24 25
+ * 14^28 15^29 -- -- 12 13 28 29 14 15 28 29
+ *
+ * Thanks for hints from Richard Outerbridge - he told me IP&FP
+ * could be done in 15 xor, 10 shifts and 5 ands.
+ * When I finally started to think of the problem in 2D
+ * I first got ~42 operations without xors. When I remembered
+ * how to use xors :-) I got it to its final state.
+ */
+
+#define PERM_OP(a, b, t, n, m) ((t) = ((((a) >> (n)) ^ (b)) & (m)),\
+ (b) ^= (t),\
+ (a) ^= ((t) << (n)))
+
+#define IP(l, r) \
+ { \
+ register uint32_t tt; \
+ PERM_OP(r, l, tt, 4, 0x0f0f0f0fl); \
+ PERM_OP(l, r, tt, 16, 0x0000ffffl); \
+ PERM_OP(r, l, tt, 2, 0x33333333l); \
+ PERM_OP(l, r, tt, 8, 0x00ff00ffl); \
+ PERM_OP(r, l, tt, 1, 0x55555555l); \
+ }
+
+#define FP(l, r) \
+ { \
+ register uint32_t tt; \
+ PERM_OP(l, r, tt, 1, 0x55555555L); \
+ PERM_OP(r, l, tt, 8, 0x00ff00ffL); \
+ PERM_OP(l, r, tt, 2, 0x33333333L); \
+ PERM_OP(r, l, tt, 16, 0x0000ffffL); \
+ PERM_OP(l, r, tt, 4, 0x0f0f0f0fL); \
+ }
Review Comment:
```suggestion
#define FP(l, r) \
do \
{ \
register uint32_t tt; \
PERM_OP(l, r, tt, 1, 0x55555555L); \
PERM_OP(r, l, tt, 8, 0x00ff00ffL); \
PERM_OP(l, r, tt, 2, 0x33333333L); \
PERM_OP(r, l, tt, 16, 0x0000ffffL); \
PERM_OP(l, r, tt, 4, 0x0f0f0f0fL); \
} \
while (0)
```
##########
crypto/des_locl.h:
##########
@@ -0,0 +1,176 @@
+/****************************************************************************
+ * crypto/des_locl.h
+ * $OpenBSD: des_locl.h,v 1.7 2015/12/10 21:00:51 naddy Exp $
+ *
+ * lib/des/des_locl.h
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by
+ * Eric Young (eay@mincom.oz.au)
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ ****************************************************************************/
+
+#ifndef __CRYPTO_DES_LOCL_H
+#define __CRYPTO_DES_LOCL_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+typedef unsigned char des_cblock[8];
+typedef struct des_ks_struct
+{
+ union
+ {
+ des_cblock cblock;
+ /* make sure things are correct size on machines with
+ * 8 byte longs
+ */
+
+ int32_t pad[2];
+ } ks;
+}
+des_key_schedule[16];
+
+#define DES_KEY_SZ (sizeof(des_cblock))
+#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
+
+void des_encrypt2(FAR uint32_t *data, des_key_schedule ks, int enc);
+
+#define ITERATIONS 16
+#define HALF_ITERATIONS 8
+
+#define c2l(c, l) \
+ do { \
+ l = ((uint32_t)(*((c)++))); \
+ l |= ((uint32_t)(*((c)++))) << 8l; \
+ l |= ((uint32_t)(*((c)++))) << 16l; \
+ l |= ((uint32_t)(*((c)++))) << 24l; \
+ } while(0)
+
+#define l2c(l,c) \
+ do { \
+ *((c)++) = (unsigned char)(((l)) & 0xff); \
+ *((c)++) = (unsigned char)(((l) >> 8L) & 0xff); \
+ *((c)++) = (unsigned char)(((l) >> 16L) & 0xff); \
+ *((c)++) = (unsigned char)(((l) >> 24L) & 0xff); \
+ } while(0)
+
+#define D_ENCRYPT(Q, R, S) {\
+ u = (R ^ s[S]); \
+ t = R ^ s[S + 1]; \
+ t = ((t >> 4L) + (t << 28L)); \
+ Q ^= des_sptrans[1][(t) & 0x3f]| \
+ des_sptrans[3][(t >> 8l) & 0x3f]| \
+ des_sptrans[5][(t >>16l) & 0x3f]| \
+ des_sptrans[7][(t >>24l) & 0x3f]| \
+ des_sptrans[0][(u) & 0x3f]| \
+ des_sptrans[2][(u >> 8l) & 0x3f]| \
+ des_sptrans[4][(u >>16l) & 0x3f]| \
+ des_sptrans[6][(u >>24l) & 0x3f]; }
+
+ /* IP and FP
+ * The problem is more of a geometric problem that random bit fiddling.
+ * 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
+ * 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
+ * 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
+ * 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
+ *
+ * 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
+ * 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
+ * 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
+ * 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
+ *
+ * The output has been subject to swaps of the form
+ * 0 1 -> 3 1 but the odd and even bits have been put into
+ * 2 3 2 0
+ * different words. The main trick is to remember that
+ * t=((l>>size)^r)&(mask);
+ * r^=t;
+ * l^=(t<<size);
+ * can be used to swap and move bits between words.
+ *
+ * So l = 0 1 2 3 r = 16 17 18 19
+ * 4 5 6 7 20 21 22 23
+ * 8 9 10 11 24 25 26 27
+ * 12 13 14 15 28 29 30 31
+ * becomes (for size == 2 and mask == 0x3333)
+ * t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
+ * 6^20 7^21 -- -- 4 5 20 21 6 7 22 23
+ * 10^24 11^25 -- -- 8 9 24 25 10 11 24 25
+ * 14^28 15^29 -- -- 12 13 28 29 14 15 28 29
+ *
+ * Thanks for hints from Richard Outerbridge - he told me IP&FP
+ * could be done in 15 xor, 10 shifts and 5 ands.
+ * When I finally started to think of the problem in 2D
+ * I first got ~42 operations without xors. When I remembered
+ * how to use xors :-) I got it to its final state.
+ */
+
+#define PERM_OP(a, b, t, n, m) ((t) = ((((a) >> (n)) ^ (b)) & (m)),\
+ (b) ^= (t),\
+ (a) ^= ((t) << (n)))
+
+#define IP(l, r) \
+ { \
+ register uint32_t tt; \
+ PERM_OP(r, l, tt, 4, 0x0f0f0f0fl); \
+ PERM_OP(l, r, tt, 16, 0x0000ffffl); \
+ PERM_OP(r, l, tt, 2, 0x33333333l); \
+ PERM_OP(l, r, tt, 8, 0x00ff00ffl); \
+ PERM_OP(r, l, tt, 1, 0x55555555l); \
+ }
Review Comment:
```suggestion
#define IP(l, r) \
do \
{ \
register uint32_t tt; \
PERM_OP(r, l, tt, 4, 0x0f0f0f0fl); \
PERM_OP(l, r, tt, 16, 0x0000ffffl); \
PERM_OP(r, l, tt, 2, 0x33333333l); \
PERM_OP(l, r, tt, 8, 0x00ff00ffl); \
PERM_OP(r, l, tt, 1, 0x55555555l); \
} \
while (0)
```
##########
crypto/set_key.c:
##########
@@ -0,0 +1,299 @@
+/****************************************************************************
+ * crypto/set_key.c
+ * $OpenBSD: set_key.c,v 1.5 2021/03/12 10:22:46 jsg Exp $
+ * lib/des/set_key.c
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by
+ * Eric Young (eay@mincom.oz.au)
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ *
+ * set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <strings.h>
+
+#include "des_locl.h"
+#include "podd.h"
+#include "sk.h"
+
+static int check_parity(FAR des_cblock *key);
+
+int des_check_key = 0;
+
+static int check_parity(FAR des_cblock *key)
+{
+ int i;
+
+ for (i = 0; i < DES_KEY_SZ; i++)
+ {
+ if (*key[i] != odd_parity[*key[i]])
+ {
+ return(0);
+ }
+ }
+ return (1);
+}
+
+/* Weak and semi week keys as take from
+ * %A D.W. Davies
+ * %A W.L. Price
+ * %T Security for Computer Networks
+ * %I John Wiley & Sons
+ * %D 1984
+ * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
+ * (and actual cblock values).
+ */
+
+#define NUM_WEAK_KEY 16
+static des_cblock weak_keys[NUM_WEAK_KEY] =
+{
+ /* weak keys */
+
+ {
+ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01
+ },
+ {
+ 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe
+ },
+ {
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f
+ },
+ {
+ 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0
+ },
+
+ /* semi-weak keys */
+
+ {
+ 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe
+ },
+ {
+ 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01
+ },
+ {
+ 0x1f, 0xe0, 0x1f, 0xe0, 0x0e, 0xf1, 0x0e, 0xf1
+ },
+ {
+ 0xe0, 0x1f, 0xe0, 0x1f, 0xf1, 0x0e, 0xf1, 0x0e
+ },
+ {
+ 0x01, 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1
+ },
+ {
+ 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1, 0x01
+ },
+ {
+ 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe
+ },
+ {
+ 0xfe, 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e
+ },
+ {
+ 0x01, 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e
+ },
+ {
+ 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e, 0x01
+ },
+ {
+ 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1, 0xfe
+ },
+ {
+ 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1
+ }
+};
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+int des_is_weak_key(FAR des_cblock *key)
+{
+ int i;
+
+ for (i = 0; i < NUM_WEAK_KEY; i++)
+ {
+ /* Added == 0 to comparison, I obviously don't run
+ * this section very often :-(, thanks to
+ * engineering@MorningStar.Com for the fix
+ * eay 93/06/29
+ */
+
+ if (bcmp(weak_keys[i], key, sizeof(des_cblock)) == 0)
+ {
+ return (1);
Review Comment:
```suggestion
return 1;
```
##########
crypto/set_key.c:
##########
@@ -0,0 +1,299 @@
+/****************************************************************************
+ * crypto/set_key.c
+ * $OpenBSD: set_key.c,v 1.5 2021/03/12 10:22:46 jsg Exp $
+ * lib/des/set_key.c
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by
+ * Eric Young (eay@mincom.oz.au)
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ *
+ * set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <strings.h>
+
+#include "des_locl.h"
+#include "podd.h"
+#include "sk.h"
+
+static int check_parity(FAR des_cblock *key);
+
+int des_check_key = 0;
+
+static int check_parity(FAR des_cblock *key)
+{
+ int i;
+
+ for (i = 0; i < DES_KEY_SZ; i++)
+ {
+ if (*key[i] != odd_parity[*key[i]])
+ {
+ return(0);
+ }
+ }
+ return (1);
+}
+
+/* Weak and semi week keys as take from
+ * %A D.W. Davies
+ * %A W.L. Price
+ * %T Security for Computer Networks
+ * %I John Wiley & Sons
+ * %D 1984
+ * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
+ * (and actual cblock values).
+ */
+
+#define NUM_WEAK_KEY 16
+static des_cblock weak_keys[NUM_WEAK_KEY] =
+{
+ /* weak keys */
+
+ {
+ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01
+ },
+ {
+ 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe
+ },
+ {
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f
+ },
+ {
+ 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0
+ },
+
+ /* semi-weak keys */
+
+ {
+ 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe
+ },
+ {
+ 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01
+ },
+ {
+ 0x1f, 0xe0, 0x1f, 0xe0, 0x0e, 0xf1, 0x0e, 0xf1
+ },
+ {
+ 0xe0, 0x1f, 0xe0, 0x1f, 0xf1, 0x0e, 0xf1, 0x0e
+ },
+ {
+ 0x01, 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1
+ },
+ {
+ 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1, 0x01
+ },
+ {
+ 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe
+ },
+ {
+ 0xfe, 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e
+ },
+ {
+ 0x01, 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e
+ },
+ {
+ 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e, 0x01
+ },
+ {
+ 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1, 0xfe
+ },
+ {
+ 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1
+ }
+};
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+int des_is_weak_key(FAR des_cblock *key)
+{
+ int i;
+
+ for (i = 0; i < NUM_WEAK_KEY; i++)
+ {
+ /* Added == 0 to comparison, I obviously don't run
+ * this section very often :-(, thanks to
+ * engineering@MorningStar.Com for the fix
+ * eay 93/06/29
+ */
+
+ if (bcmp(weak_keys[i], key, sizeof(des_cblock)) == 0)
+ {
+ return (1);
+ }
+ }
+
+ return (0);
Review Comment:
```suggestion
return 0;
```
##########
crypto/sha2.c:
##########
@@ -0,0 +1,1059 @@
+/****************************************************************************
+ * crypto/sha2.c
+ * $OpenBSD: sha2.c,v 1.19 2021/03/12 10:22:46 jsg Exp $
+ * FILE: sha2.c
+ * AUTHOR: Aaron D. Gifford <me...@aarongifford.com>
+ *
+ * Copyright (c) 2000-2001, Aaron D. Gifford
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <string.h>
+#include <sys/time.h>
+#include <crypto/sha2.h>
+
+/* UNROLLED TRANSFORM LOOP NOTE:
+ * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
+ * loop version for the hash transform rounds (defined using macros
+ * later in this file). Either define on the command line, for example:
+ *
+ * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
+ *
+ * or define below:
+ *
+ * #define SHA2_UNROLL_TRANSFORM
+ *
+ */
+
+#ifndef SMALL_KERNEL
+#if defined(__amd64__) || defined(__i386__)
+#define SHA2_UNROLL_TRANSFORM
+#endif
+#endif
+
+/* SHA-256/384/512 Machine Architecture Definitions */
+
+/* BYTE_ORDER NOTE:
+ *
+ * Please make sure that your system defines BYTE_ORDER. If your
+ * architecture is little-endian, make sure it also defines
+ * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
+ * equivalent.
+ *
+ * If your system does not define the above, then you can do so by
+ * hand like this:
+ *
+ * #define LITTLE_ENDIAN 1234
+ * #define BIG_ENDIAN 4321
+ *
+ * And for little-endian machines, add:
+ *
+ * #define BYTE_ORDER LITTLE_ENDIAN
+ *
+ * Or for big-endian machines:
+ *
+ * #define BYTE_ORDER BIG_ENDIAN
+ *
+ * The FreeBSD machine this was written on defines BYTE_ORDER
+ * appropriately by including <sys/types.h> (which in turn includes
+ * <machine/endian.h> where the appropriate definitions are actually
+ * made).
+ */
+
+#if !defined(BYTE_ORDER) || \
+ (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
+#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
+#endif
+
+/* SHA-256/384/512 Various Length Definitions */
+
+/* NOTE: Most of these are in sha2.h */
+
+#define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8)
+#define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16)
+#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
+
+/* Macro for incrementally adding the unsigned 64-bit integer n to the
+ * unsigned 128-bit integer (represented using a two-element array of
+ * 64-bit words):
+ */
+
+#define ADDINC128(w,n) { \
+ (w)[0] += (uint64_t)(n); \
+ if ((w)[0] < (n)) { \
+ (w)[1]++; \
+ } \
+}
+
+/* THE SIX LOGICAL FUNCTIONS */
+
+/* Bit shifting and rotation (used by the six SHA-XYZ logical functions:
+ *
+ * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
+ * S is a ROTATION) because the SHA-256/384/512 description document
+ * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
+ * same "backwards" definition.
+ */
+
+/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
+
+#define R(b,x) ((x) >> (b))
+
+/* 32-bit Rotate-right (used in SHA-256): */
+
+#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
+
+/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
+
+#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
+
+/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
+
+#define CH(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+
+#define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+/* Four of six logical functions used in SHA-256: */
+
+#define SIGMA0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
+#define SIGMA1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
+#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3, (x)))
+#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
+
+/* Four of six logical functions used in SHA-384 and SHA-512: */
+
+#define SIGMA0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
+#define SIGMA1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
+#define sigma0_512(x) (S64(1, (x)) ^ S64( 8, (x)) ^ R(7, (x)))
+#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R(6, (x)))
+
+/* INTERNAL FUNCTION PROTOTYPES */
+
+/* NOTE: These should not be accessed directly from outside this
+ * library -- they are intended for private internal visibility/use
+ * only.
+ */
+
+void sha512last(FAR SHA2_CTX *);
+void sha256transform(FAR uint32_t *, FAR const uint8_t *);
+void sha512transform(FAR uint64_t *, FAR const uint8_t *);
+
+/* SHA-XYZ INITIAL HASH VALUES AND CONSTANTS */
+
+/* Hash constant words K for SHA-256: */
+
+const static uint32_t K256[64] =
+{
+ 0x428a2f98ul, 0x71374491ul, 0xb5c0fbcful, 0xe9b5dba5ul,
+ 0x3956c25bul, 0x59f111f1ul, 0x923f82a4ul, 0xab1c5ed5ul,
+ 0xd807aa98ul, 0x12835b01ul, 0x243185beul, 0x550c7dc3ul,
+ 0x72be5d74ul, 0x80deb1feul, 0x9bdc06a7ul, 0xc19bf174ul,
+ 0xe49b69c1ul, 0xefbe4786ul, 0x0fc19dc6ul, 0x240ca1ccul,
+ 0x2de92c6ful, 0x4a7484aaul, 0x5cb0a9dcul, 0x76f988daul,
+ 0x983e5152ul, 0xa831c66dul, 0xb00327c8ul, 0xbf597fc7ul,
+ 0xc6e00bf3ul, 0xd5a79147ul, 0x06ca6351ul, 0x14292967ul,
+ 0x27b70a85ul, 0x2e1b2138ul, 0x4d2c6dfcul, 0x53380d13ul,
+ 0x650a7354ul, 0x766a0abbul, 0x81c2c92eul, 0x92722c85ul,
+ 0xa2bfe8a1ul, 0xa81a664bul, 0xc24b8b70ul, 0xc76c51a3ul,
+ 0xd192e819ul, 0xd6990624ul, 0xf40e3585ul, 0x106aa070ul,
+ 0x19a4c116ul, 0x1e376c08ul, 0x2748774cul, 0x34b0bcb5ul,
+ 0x391c0cb3ul, 0x4ed8aa4aul, 0x5b9cca4ful, 0x682e6ff3ul,
+ 0x748f82eeul, 0x78a5636ful, 0x84c87814ul, 0x8cc70208ul,
+ 0x90befffaul, 0xa4506cebul, 0xbef9a3f7ul, 0xc67178f2ul
+};
+
+/* Initial hash value H for SHA-256: */
+
+const static uint32_t sha256_initial_hash_value[8] =
+{
+ 0x6a09e667ul,
+ 0xbb67ae85ul,
+ 0x3c6ef372ul,
+ 0xa54ff53aul,
+ 0x510e527ful,
+ 0x9b05688cul,
+ 0x1f83d9abul,
+ 0x5be0cd19ul
+};
+
+/* Hash constant words K for SHA-384 and SHA-512: */
+
+const static uint64_t K512[80] =
+{
+ 0x428a2f98d728ae22ull, 0x7137449123ef65cdull,
+ 0xb5c0fbcfec4d3b2full, 0xe9b5dba58189dbbcull,
+ 0x3956c25bf348b538ull, 0x59f111f1b605d019ull,
+ 0x923f82a4af194f9bull, 0xab1c5ed5da6d8118ull,
+ 0xd807aa98a3030242ull, 0x12835b0145706fbeull,
+ 0x243185be4ee4b28cull, 0x550c7dc3d5ffb4e2ull,
+ 0x72be5d74f27b896full, 0x80deb1fe3b1696b1ull,
+ 0x9bdc06a725c71235ull, 0xc19bf174cf692694ull,
+ 0xe49b69c19ef14ad2ull, 0xefbe4786384f25e3ull,
+ 0x0fc19dc68b8cd5b5ull, 0x240ca1cc77ac9c65ull,
+ 0x2de92c6f592b0275ull, 0x4a7484aa6ea6e483ull,
+ 0x5cb0a9dcbd41fbd4ull, 0x76f988da831153b5ull,
+ 0x983e5152ee66dfabull, 0xa831c66d2db43210ull,
+ 0xb00327c898fb213full, 0xbf597fc7beef0ee4ull,
+ 0xc6e00bf33da88fc2ull, 0xd5a79147930aa725ull,
+ 0x06ca6351e003826full, 0x142929670a0e6e70ull,
+ 0x27b70a8546d22ffcull, 0x2e1b21385c26c926ull,
+ 0x4d2c6dfc5ac42aedull, 0x53380d139d95b3dfull,
+ 0x650a73548baf63deull, 0x766a0abb3c77b2a8ull,
+ 0x81c2c92e47edaee6ull, 0x92722c851482353bull,
+ 0xa2bfe8a14cf10364ull, 0xa81a664bbc423001ull,
+ 0xc24b8b70d0f89791ull, 0xc76c51a30654be30ull,
+ 0xd192e819d6ef5218ull, 0xd69906245565a910ull,
+ 0xf40e35855771202aull, 0x106aa07032bbd1b8ull,
+ 0x19a4c116b8d2d0c8ull, 0x1e376c085141ab53ull,
+ 0x2748774cdf8eeb99ull, 0x34b0bcb5e19b48a8ull,
+ 0x391c0cb3c5c95a63ull, 0x4ed8aa4ae3418acbull,
+ 0x5b9cca4f7763e373ull, 0x682e6ff3d6b2b8a3ull,
+ 0x748f82ee5defb2fcull, 0x78a5636f43172f60ull,
+ 0x84c87814a1f0ab72ull, 0x8cc702081a6439ecull,
+ 0x90befffa23631e28ull, 0xa4506cebde82bde9ull,
+ 0xbef9a3f7b2c67915ull, 0xc67178f2e372532bull,
+ 0xca273eceea26619cull, 0xd186b8c721c0c207ull,
+ 0xeada7dd6cde0eb1eull, 0xf57d4f7fee6ed178ull,
+ 0x06f067aa72176fbaull, 0x0a637dc5a2c898a6ull,
+ 0x113f9804bef90daeull, 0x1b710b35131c471bull,
+ 0x28db77f523047d84ull, 0x32caab7b40c72493ull,
+ 0x3c9ebe0a15c9bebcull, 0x431d67c49c100d4cull,
+ 0x4cc5d4becb3e42b6ull, 0x597f299cfc657e2aull,
+ 0x5fcb6fab3ad6faecull, 0x6c44198c4a475817ull
+};
+
+/* Initial hash value H for SHA-384 */
+
+const static uint64_t sha384_initial_hash_value[8] =
+{
+ 0xcbbb9d5dc1059ed8ull,
+ 0x629a292a367cd507ull,
+ 0x9159015a3070dd17ull,
+ 0x152fecd8f70e5939ull,
+ 0x67332667ffc00b31ull,
+ 0x8eb44a8768581511ull,
+ 0xdb0c2e0d64f98fa7ull,
+ 0x47b5481dbefa4fa4ull
+};
+
+/* Initial hash value H for SHA-512 */
+
+const static uint64_t sha512_initial_hash_value[8] =
+{
+ 0x6a09e667f3bcc908ull,
+ 0xbb67ae8584caa73bull,
+ 0x3c6ef372fe94f82bull,
+ 0xa54ff53a5f1d36f1ull,
+ 0x510e527fade682d1ull,
+ 0x9b05688c2b3e6c1full,
+ 0x1f83d9abfb41bd6bull,
+ 0x5be0cd19137e2179ull
+};
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+/* SHA-256: */
+
+void sha256init(FAR SHA2_CTX *context)
+{
+ memcpy(context->state.st32,
+ sha256_initial_hash_value,
+ SHA256_DIGEST_LENGTH);
+
+ memset(context->buffer, 0, SHA256_BLOCK_LENGTH);
+ context->bitcount[0] = 0;
+}
+
+#ifdef SHA2_UNROLL_TRANSFORM
+
+/* Unrolled SHA-256 round macros: */
+
+#define ROUND256_0_TO_15(a, b, c, d, e, f, g, h) do { \
+ W256[j] = (uint32_t)data[3] | ((uint32_t)data[2] << 8) | \
+ ((uint32_t)data[1] << 16) | ((uint32_t)data[0] << 24); \
+ data += 4; \
+ T1 = (h) + SIGMA1_256((e)) + \
+ CH((e), (f), (g)) + K256[j] + W256[j]; \
+ (d) += T1; \
+ (h) = T1 + SIGMA0_256((a)) + MAJ((a), (b), (c)); \
+ j++; \
+} while(0)
+
+#define ROUND256(a, b, c, d, e, f, g, h) do { \
+ s0 = W256[(j + 1) & 0x0f]; \
+ s0 = sigma0_256(s0); \
+ s1 = W256[(j+14)&0x0f]; \
+ s1 = sigma1_256(s1); \
+ T1 = (h) + SIGMA1_256((e)) + CH((e), (f), (g)) + K256[j] + \
+ (W256[j & 0x0f] += s1 + W256[(j + 9) & 0x0f] + s0); \
+ (d) += T1; \
+ (h) = T1 + SIGMA0_256((a)) + MAJ((a), (b), (c)); \
+ j++; \
+} while(0)
+
+void sha256transform(FAR uint32_t *state, FAR const uint8_t *data)
+{
+ uint32_t a;
+ uint32_t b;
+ uint32_t c;
+ uint32_t d;
+ uint32_t e;
+ uint32_t f;
+ uint32_t g;
+ uint32_t h;
+ uint32_t s0;
+ uint32_t s1;
+ uint32_t T1;
+ uint32_t W256[16];
+ int j;
+
+ /* Initialize registers with the prev. intermediate value */
+
+ a = state[0];
+ b = state[1];
+ c = state[2];
+ d = state[3];
+ e = state[4];
+ f = state[5];
+ g = state[6];
+ h = state[7];
+
+ j = 0;
+ do
+ {
+ /* Rounds 0 to 15 (unrolled): */
+
+ ROUND256_0_TO_15(a, b, c, d, e, f, g, h);
+ ROUND256_0_TO_15(h, a, b, c, d, e, f, g);
+ ROUND256_0_TO_15(g, h, a, b, c, d, e, f);
+ ROUND256_0_TO_15(f, g, h, a, b, c, d, e);
+ ROUND256_0_TO_15(e, f, g, h, a, b, c, d);
+ ROUND256_0_TO_15(d, e, f, g, h, a, b, c);
+ ROUND256_0_TO_15(c, d, e, f, g, h, a, b);
+ ROUND256_0_TO_15(b, c, d, e, f, g, h, a);
+ }
+ while (j < 16);
+
+ /* Now for the remaining rounds to 64: */
+
+ do
+ {
+ ROUND256(a, b, c, d, e, f, g, h);
+ ROUND256(h, a, b, c, d, e, f, g);
+ ROUND256(g, h, a, b, c, d, e, f);
+ ROUND256(f, g, h, a, b, c, d, e);
+ ROUND256(e, f, g, h, a, b, c, d);
+ ROUND256(d, e, f, g, h, a, b, c);
+ ROUND256(c, d, e, f, g, h, a, b);
+ ROUND256(b, c, d, e, f, g, h, a);
+ }
+ while (j < 64);
+
+ /* Compute the current intermediate hash value */
+
+ state[0] += a;
+ state[1] += b;
+ state[2] += c;
+ state[3] += d;
+ state[4] += e;
+ state[5] += f;
+ state[6] += g;
+ state[7] += h;
+
+ /* Clean up */
+
+ a = b = c = d = e = f = g = h = T1 = 0;
+}
+
+#else /* SHA2_UNROLL_TRANSFORM */
+
+void sha256transform(FAR uint32_t *state, FAR const uint8_t *data)
+{
+ uint32_t a;
+ uint32_t b;
+ uint32_t c;
+ uint32_t d;
+ uint32_t e;
+ uint32_t f;
+ uint32_t g;
+ uint32_t h;
+ uint32_t s0;
+ uint32_t s1;
+ uint32_t T1;
+ uint32_t T2;
+ uint32_t W256[16];
+ int j;
+
+ /* Initialize registers with the prev. intermediate value */
+
+ a = state[0];
+ b = state[1];
+ c = state[2];
+ d = state[3];
+ e = state[4];
+ f = state[5];
+ g = state[6];
+ h = state[7];
+
+ j = 0;
+ do
+ {
+ W256[j] = (uint32_t)data[3] | ((uint32_t)data[2] << 8) |
+ ((uint32_t)data[1] << 16) | ((uint32_t)data[0] << 24);
+ data += 4;
+
+ /* Apply the SHA-256 compression function to update a..h */
+
+ T1 = h + SIGMA1_256(e) + CH(e, f, g) + K256[j] + W256[j];
+ T2 = SIGMA0_256(a) + MAJ(a, b, c);
+ h = g;
+ g = f;
+ f = e;
+ e = d + T1;
+ d = c;
+ c = b;
+ b = a;
+ a = T1 + T2;
+
+ j++;
+ }
+ while (j < 16);
+
+ do
+ {
+ /* Part of the message block expansion: */
+
+ s0 = W256[(j + 1) & 0x0f];
+ s0 = sigma0_256(s0);
+ s1 = W256[(j + 14) & 0x0f];
+ s1 = sigma1_256(s1);
+
+ /* Apply the SHA-256 compression function to update a..h */
+
+ T1 = h + SIGMA1_256(e) + CH(e, f, g) + K256[j] +
+ (W256[j & 0x0f] += s1 + W256[(j + 9) & 0x0f] + s0);
+ T2 = SIGMA0_256(a) + MAJ(a, b, c);
+ h = g;
+ g = f;
+ f = e;
+ e = d + T1;
+ d = c;
+ c = b;
+ b = a;
+ a = T1 + T2;
+
+ j++;
+ }
+ while (j < 64);
+
+ /* Compute the current intermediate hash value */
+
+ state[0] += a;
+ state[1] += b;
+ state[2] += c;
+ state[3] += d;
+ state[4] += e;
+ state[5] += f;
+ state[6] += g;
+ state[7] += h;
+
+ /* Clean up */
+
+ a = b = c = d = e = f = g = h = T1 = T2 = 0;
+}
+
+#endif /* SHA2_UNROLL_TRANSFORM */
+
+void sha256update(FAR SHA2_CTX *context,
+ FAR const void *dataptr,
+ size_t len)
+{
+ FAR const uint8_t *data = dataptr;
+ size_t freespace;
+ size_t usedspace;
+
+ /* Calling with no data is valid (we do nothing) */
+
+ if (len == 0)
+ {
+ return;
+ }
+
+ usedspace = (context->bitcount[0] >> 3) % SHA256_BLOCK_LENGTH;
+ if (usedspace > 0)
+ {
+ /* Calculate how much free space is available in the buffer */
+
+ freespace = SHA256_BLOCK_LENGTH - usedspace;
+
+ if (len >= freespace)
+ {
+ /* Fill the buffer completely and process it */
+
+ memcpy(&context->buffer[usedspace], data, freespace);
+ context->bitcount[0] += freespace << 3;
+ len -= freespace;
+ data += freespace;
+ sha256transform(context->state.st32, context->buffer);
+ }
+ else
+ {
+ /* The buffer is not yet full */
+
+ memcpy(&context->buffer[usedspace], data, len);
+ context->bitcount[0] += len << 3;
+
+ /* Clean up: */
+
+ usedspace = freespace = 0;
+ return;
+ }
+ }
+
+ while (len >= SHA256_BLOCK_LENGTH)
+ {
+ /* Process as many complete blocks as we can */
+
+ sha256transform(context->state.st32, data);
+ context->bitcount[0] += SHA256_BLOCK_LENGTH << 3;
+ len -= SHA256_BLOCK_LENGTH;
+ data += SHA256_BLOCK_LENGTH;
+ }
+
+ if (len > 0)
+ {
+ /* There's left-overs, so save 'em */
+
+ memcpy(context->buffer, data, len);
+ context->bitcount[0] += len << 3;
+ }
+
+ /* Clean up: */
+
+ usedspace = freespace = 0;
+}
+
+void sha256final(FAR uint8_t *digest, FAR SHA2_CTX *context)
+{
+ unsigned int usedspace;
+
+ usedspace = (context->bitcount[0] >> 3) % SHA256_BLOCK_LENGTH;
+#if BYTE_ORDER == LITTLE_ENDIAN
+
+ /* Convert FROM host byte order */
+
+ context->bitcount[0] = swap64(context->bitcount[0]);
+#endif
+
+ if (usedspace > 0)
+ {
+ /* Begin padding with a 1 bit: */
+
+ context->buffer[usedspace++] = 0x80;
+
+ if (usedspace <= SHA256_SHORT_BLOCK_LENGTH)
+ {
+ /* Set-up for the last transform: */
+
+ memset(&context->buffer[usedspace], 0,
+ SHA256_SHORT_BLOCK_LENGTH - usedspace);
+ }
+ else
+ {
+ if (usedspace < SHA256_BLOCK_LENGTH)
+ {
+ memset(&context->buffer[usedspace], 0,
+ SHA256_BLOCK_LENGTH - usedspace);
+ }
+
+ /* Do second-to-last transform: */
+
+ sha256transform(context->state.st32, context->buffer);
+
+ /* And set-up for the last transform: */
+
+ memset(context->buffer, 0,
+ SHA256_SHORT_BLOCK_LENGTH);
+ }
+ }
+ else
+ {
+ /* Set-up for the last transform: */
+
+ memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH);
+
+ /* Begin padding with a 1 bit: */
+
+ *context->buffer = 0x80;
+ }
+
+ /* Set the bit count: */
+
+ *(FAR uint64_t *)&context->buffer[SHA256_SHORT_BLOCK_LENGTH] =
+ context->bitcount[0];
+
+ /* Final transform: */
+
+ sha256transform(context->state.st32, context->buffer);
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+ {
+ /* Convert TO host byte order */
+
+ int j;
+
+ for (j = 0; j < 8; j++)
+ {
+ context->state.st32[j] = swap32(context->state.st32[j]);
+ }
+ }
+#endif
+
+ memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH);
+
+ /* Clean up state data: */
+
+ explicit_bzero(context, sizeof(*context));
+ usedspace = 0;
+}
+
+/* SHA-512: */
+
+void sha512init(FAR SHA2_CTX *context)
+{
+ memcpy(context->state.st64, sha512_initial_hash_value,
+ SHA512_DIGEST_LENGTH);
+ memset(context->buffer, 0, SHA512_BLOCK_LENGTH);
+ context->bitcount[0] = context->bitcount[1] = 0;
+}
+
+#ifdef SHA2_UNROLL_TRANSFORM
+
+/* Unrolled SHA-512 round macros: */
+
+#define ROUND512_0_TO_15(a, b, c, d, e, f, g, h) do { \
+ W512[j] = (uint64_t)data[7] | ((uint64_t)data[6] << 8) | \
+ ((uint64_t)data[5] << 16) | ((uint64_t)data[4] << 24) | \
+ ((uint64_t)data[3] << 32) | ((uint64_t)data[2] << 40) | \
+ ((uint64_t)data[1] << 48) | ((uint64_t)data[0] << 56); \
Review Comment:
```suggestion
W512[j] = (uint64_t)data[7] | ((uint64_t)data[6] << 8) | \
((uint64_t)data[5] << 16) | ((uint64_t)data[4] << 24) | \
((uint64_t)data[3] << 32) | ((uint64_t)data[2] << 40) | \
((uint64_t)data[1] << 48) | ((uint64_t)data[0] << 56); \
```
##########
crypto/des_locl.h:
##########
@@ -0,0 +1,176 @@
+/****************************************************************************
+ * crypto/des_locl.h
+ * $OpenBSD: des_locl.h,v 1.7 2015/12/10 21:00:51 naddy Exp $
+ *
+ * lib/des/des_locl.h
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by
+ * Eric Young (eay@mincom.oz.au)
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ ****************************************************************************/
+
+#ifndef __CRYPTO_DES_LOCL_H
+#define __CRYPTO_DES_LOCL_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+typedef unsigned char des_cblock[8];
+typedef struct des_ks_struct
+{
+ union
+ {
+ des_cblock cblock;
+ /* make sure things are correct size on machines with
+ * 8 byte longs
+ */
+
+ int32_t pad[2];
+ } ks;
+}
+des_key_schedule[16];
+
+#define DES_KEY_SZ (sizeof(des_cblock))
+#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
+
+void des_encrypt2(FAR uint32_t *data, des_key_schedule ks, int enc);
+
+#define ITERATIONS 16
+#define HALF_ITERATIONS 8
+
+#define c2l(c, l) \
+ do { \
+ l = ((uint32_t)(*((c)++))); \
+ l |= ((uint32_t)(*((c)++))) << 8l; \
+ l |= ((uint32_t)(*((c)++))) << 16l; \
+ l |= ((uint32_t)(*((c)++))) << 24l; \
+ } while(0)
+
+#define l2c(l,c) \
+ do { \
+ *((c)++) = (unsigned char)(((l)) & 0xff); \
+ *((c)++) = (unsigned char)(((l) >> 8L) & 0xff); \
+ *((c)++) = (unsigned char)(((l) >> 16L) & 0xff); \
+ *((c)++) = (unsigned char)(((l) >> 24L) & 0xff); \
+ } while(0)
Review Comment:
```suggestion
#define l2c(l,c) \
do \
{ \
*((c)++) = (unsigned char)(((l)) & 0xff); \
*((c)++) = (unsigned char)(((l) >> 8L) & 0xff); \
*((c)++) = (unsigned char)(((l) >> 16L) & 0xff); \
*((c)++) = (unsigned char)(((l) >> 24L) & 0xff); \
} \
while (0)
```
##########
crypto/set_key.c:
##########
@@ -0,0 +1,299 @@
+/****************************************************************************
+ * crypto/set_key.c
+ * $OpenBSD: set_key.c,v 1.5 2021/03/12 10:22:46 jsg Exp $
+ * lib/des/set_key.c
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by
+ * Eric Young (eay@mincom.oz.au)
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ *
+ * set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <strings.h>
+
+#include "des_locl.h"
+#include "podd.h"
+#include "sk.h"
+
+static int check_parity(FAR des_cblock *key);
+
+int des_check_key = 0;
+
+static int check_parity(FAR des_cblock *key)
+{
+ int i;
+
+ for (i = 0; i < DES_KEY_SZ; i++)
+ {
+ if (*key[i] != odd_parity[*key[i]])
+ {
+ return(0);
+ }
+ }
+ return (1);
+}
+
+/* Weak and semi week keys as take from
+ * %A D.W. Davies
+ * %A W.L. Price
+ * %T Security for Computer Networks
+ * %I John Wiley & Sons
+ * %D 1984
+ * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
+ * (and actual cblock values).
+ */
+
+#define NUM_WEAK_KEY 16
+static des_cblock weak_keys[NUM_WEAK_KEY] =
+{
+ /* weak keys */
+
+ {
+ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01
+ },
+ {
+ 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe
+ },
+ {
+ 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f
+ },
+ {
+ 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0
+ },
+
+ /* semi-weak keys */
+
+ {
+ 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe
+ },
+ {
+ 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01
+ },
+ {
+ 0x1f, 0xe0, 0x1f, 0xe0, 0x0e, 0xf1, 0x0e, 0xf1
+ },
+ {
+ 0xe0, 0x1f, 0xe0, 0x1f, 0xf1, 0x0e, 0xf1, 0x0e
+ },
+ {
+ 0x01, 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1
+ },
+ {
+ 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1, 0x01
+ },
+ {
+ 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe
+ },
+ {
+ 0xfe, 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e
+ },
+ {
+ 0x01, 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e
+ },
+ {
+ 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e, 0x01
+ },
+ {
+ 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1, 0xfe
+ },
+ {
+ 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1
+ }
+};
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+int des_is_weak_key(FAR des_cblock *key)
+{
+ int i;
+
+ for (i = 0; i < NUM_WEAK_KEY; i++)
+ {
+ /* Added == 0 to comparison, I obviously don't run
+ * this section very often :-(, thanks to
+ * engineering@MorningStar.Com for the fix
+ * eay 93/06/29
+ */
+
+ if (bcmp(weak_keys[i], key, sizeof(des_cblock)) == 0)
+ {
+ return (1);
+ }
+ }
+
+ return (0);
+}
+
+/* NOW DEFINED IN des_local.h
+ * See ecb_encrypt.c for a pseudo description of these macros.
+ * #define PERM_OP(a, b, t, n, m) ((t) = ((((a) >> (n))^(b)) & (m)),\
+ * (b)^=(t),\
+ * (a) = ((a)^((t) << (n))))
+ */
+
+#define HPERM_OP(a, t, n, m) ((t) = ((((a) << (16 - (n)))^(a)) & (m)),\
+ (a) = (a)^(t)^(t >> (16 - (n))))
+
+static int shifts2[16] =
+{
+ 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0
+};
+
+/* return 0 if key parity is odd (correct),
+ * return -1 if key parity error,
+ * return -2 if illegal weak key.
+ */
+
+int des_set_key(FAR des_cblock *key, des_key_schedule schedule)
+{
+ register uint32_t c;
+ register uint32_t d;
+ register uint32_t t;
+ register uint32_t s;
+ FAR register unsigned char *in;
+ FAR register uint32_t *k;
+ register int i;
+
+ if (des_check_key)
+ {
+ if (!check_parity(key))
+ {
+ return(-1);
+ }
+
+ if (des_is_weak_key(key))
+ {
+ return(-2);
+ }
+ }
+
+ k = (FAR uint32_t *)schedule;
+ in = (FAR unsigned char *)key;
+
+ c2l(in, c);
+ c2l(in, d);
+
+ /* do PC1 in 60 simple operations */
+
+ /* PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
+ * HPERM_OP(c, t, -2, 0xcccc0000L);
+ * HPERM_OP(c, t, -1, 0xaaaa0000L);
+ * HPERM_OP(c, t, 8, 0x00ff0000L);
+ * HPERM_OP(c, t, -1, 0xaaaa0000L);
+ * HPERM_OP(d, t, -8, 0xff000000L);
+ * HPERM_OP(d, t, 8, 0x00ff0000L);
+ * HPERM_OP(d, t, 2, 0x33330000L);
+ * d = ((d & 0x00aa00aaL) << 7L) |
+ * ((d & 0x55005500L) >> 7L) | (d & 0xaa55aa55L);
+ * d = (d >> 8) | ((c & 0xf0000000L) >> 4);
+ * c &= 0x0fffffffL;
+ */
+
+ /* I now do it in 47 simple operations :-)
+ * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+ * for the inspiration. :-)
+ */
+
+ PERM_OP (d, c, t, 4, 0x0f0f0f0fl);
+ HPERM_OP(c, t, -2, 0xcccc0000l);
+ HPERM_OP(d, t, -2, 0xcccc0000l);
+ PERM_OP (d, c, t, 1, 0x55555555l);
+ PERM_OP (c, d, t, 8, 0x00ff00ffl);
+ PERM_OP (d, c, t, 1, 0x55555555l);
+ d = (((d & 0x000000ffl) << 16l) | (d & 0x0000ff00l) |
+ ((d & 0x00ff0000l) >> 16l) | ((c & 0xf0000000l) >> 4l));
+ c &= 0x0fffffffl;
+
+ for (i = 0; i < ITERATIONS; i++)
+ {
+ if (shifts2[i])
+ {
+ c = ((c >> 2l) | (c << 26l)); d = ((d >> 2l) | (d << 26l));
+ }
+ else
+ {
+ c = ((c >> 1l) | (c << 27l)); d = ((d >> 1l) | (d << 27l));
+ }
+
+ c &= 0x0fffffffl;
+ d &= 0x0fffffffl;
+
+ /* could be a few less shifts but I am to lazy at this
+ * point in time to investigate
+ */
+
+ s = des_skb[0][(c) & 0x3f] |
+ des_skb[1][((c >> 6) & 0x03) | ((c >> 7l) & 0x3c)] |
+ des_skb[2][((c >> 13) & 0x0f) | ((c >> 14l) & 0x30)] |
+ des_skb[3][((c >> 20) & 0x01) | ((c >> 21l) & 0x06) |
+ ((c >> 22l) & 0x38)];
+ t = des_skb[4][(d) & 0x3f] |
+ des_skb[5][((d >> 7l) & 0x03) | ((d >> 8l) & 0x3c)] |
+ des_skb[6][(d >> 15l) & 0x3f] |
+ des_skb[7][((d >> 21l) & 0x0f) | ((d >> 22l) & 0x30)];
+
+ /* table contained 0213 4657 */
+
+ *(k++) = ((t << 16l) | (s & 0x0000ffffl)) & 0xffffffffl;
+ s = ((s >> 16l) | (t & 0xffff0000l));
+
+ s = (s << 4l) | (s >> 28l);
+ *(k++) = s & 0xffffffffl;
+ }
+
+ return (0);
Review Comment:
```suggestion
return 0;
```
##########
crypto/des_locl.h:
##########
@@ -0,0 +1,176 @@
+/****************************************************************************
+ * crypto/des_locl.h
+ * $OpenBSD: des_locl.h,v 1.7 2015/12/10 21:00:51 naddy Exp $
+ *
+ * lib/des/des_locl.h
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by
+ * Eric Young (eay@mincom.oz.au)
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ ****************************************************************************/
+
+#ifndef __CRYPTO_DES_LOCL_H
+#define __CRYPTO_DES_LOCL_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+typedef unsigned char des_cblock[8];
+typedef struct des_ks_struct
+{
+ union
+ {
+ des_cblock cblock;
+ /* make sure things are correct size on machines with
+ * 8 byte longs
+ */
+
+ int32_t pad[2];
+ } ks;
+}
+des_key_schedule[16];
+
+#define DES_KEY_SZ (sizeof(des_cblock))
+#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
+
+void des_encrypt2(FAR uint32_t *data, des_key_schedule ks, int enc);
+
+#define ITERATIONS 16
+#define HALF_ITERATIONS 8
+
+#define c2l(c, l) \
+ do { \
+ l = ((uint32_t)(*((c)++))); \
+ l |= ((uint32_t)(*((c)++))) << 8l; \
+ l |= ((uint32_t)(*((c)++))) << 16l; \
+ l |= ((uint32_t)(*((c)++))) << 24l; \
+ } while(0)
Review Comment:
```suggestion
#define c2l(c, l) \
do \
{ \
l = ((uint32_t)(*((c)++))); \
l |= ((uint32_t)(*((c)++))) << 8l; \
l |= ((uint32_t)(*((c)++))) << 16l; \
l |= ((uint32_t)(*((c)++))) << 24l; \
} \
while (0)
```
##########
crypto/set_key.c:
##########
@@ -0,0 +1,299 @@
+/****************************************************************************
+ * crypto/set_key.c
+ * $OpenBSD: set_key.c,v 1.5 2021/03/12 10:22:46 jsg Exp $
+ * lib/des/set_key.c
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by
+ * Eric Young (eay@mincom.oz.au)
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ *
+ * set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <strings.h>
+
+#include "des_locl.h"
+#include "podd.h"
+#include "sk.h"
+
+static int check_parity(FAR des_cblock *key);
+
+int des_check_key = 0;
+
+static int check_parity(FAR des_cblock *key)
+{
+ int i;
+
+ for (i = 0; i < DES_KEY_SZ; i++)
+ {
+ if (*key[i] != odd_parity[*key[i]])
+ {
+ return(0);
Review Comment:
```suggestion
return0;
```
##########
crypto/des_locl.h:
##########
@@ -0,0 +1,176 @@
+/****************************************************************************
+ * crypto/des_locl.h
+ * $OpenBSD: des_locl.h,v 1.7 2015/12/10 21:00:51 naddy Exp $
+ *
+ * lib/des/des_locl.h
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by
+ * Eric Young (eay@mincom.oz.au)
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ ****************************************************************************/
+
+#ifndef __CRYPTO_DES_LOCL_H
+#define __CRYPTO_DES_LOCL_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/types.h>
+
+typedef unsigned char des_cblock[8];
+typedef struct des_ks_struct
+{
+ union
+ {
+ des_cblock cblock;
+ /* make sure things are correct size on machines with
+ * 8 byte longs
+ */
+
+ int32_t pad[2];
+ } ks;
+}
+des_key_schedule[16];
+
+#define DES_KEY_SZ (sizeof(des_cblock))
+#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
+
+void des_encrypt2(FAR uint32_t *data, des_key_schedule ks, int enc);
+
+#define ITERATIONS 16
+#define HALF_ITERATIONS 8
+
+#define c2l(c, l) \
+ do { \
+ l = ((uint32_t)(*((c)++))); \
+ l |= ((uint32_t)(*((c)++))) << 8l; \
+ l |= ((uint32_t)(*((c)++))) << 16l; \
+ l |= ((uint32_t)(*((c)++))) << 24l; \
+ } while(0)
+
+#define l2c(l,c) \
+ do { \
+ *((c)++) = (unsigned char)(((l)) & 0xff); \
+ *((c)++) = (unsigned char)(((l) >> 8L) & 0xff); \
+ *((c)++) = (unsigned char)(((l) >> 16L) & 0xff); \
+ *((c)++) = (unsigned char)(((l) >> 24L) & 0xff); \
+ } while(0)
+
+#define D_ENCRYPT(Q, R, S) {\
+ u = (R ^ s[S]); \
+ t = R ^ s[S + 1]; \
+ t = ((t >> 4L) + (t << 28L)); \
+ Q ^= des_sptrans[1][(t) & 0x3f]| \
+ des_sptrans[3][(t >> 8l) & 0x3f]| \
+ des_sptrans[5][(t >>16l) & 0x3f]| \
+ des_sptrans[7][(t >>24l) & 0x3f]| \
+ des_sptrans[0][(u) & 0x3f]| \
+ des_sptrans[2][(u >> 8l) & 0x3f]| \
+ des_sptrans[4][(u >>16l) & 0x3f]| \
+ des_sptrans[6][(u >>24l) & 0x3f]; }
Review Comment:
add `do {} while (0)`
##########
crypto/rmd160.c:
##########
@@ -0,0 +1,426 @@
+/****************************************************************************
+ * crypto/rmd160.c
+ * $OpenBSD: rmd160.c,v 1.5 2011/01/11 15:42:05 deraadt Exp $
+ *
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Preneel, Bosselaers, Dobbertin,
+ * "The Cryptographic Hash Function RIPEMD-160",
+ * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
+ * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/param.h>
+#include <endian.h>
+#include <string.h>
+#include <crypto/rmd160.h>
+
+#define PUT_64BIT_LE(cp, value) do { \
+ (cp)[7] = (value) >> 56; \
+ (cp)[6] = (value) >> 48; \
+ (cp)[5] = (value) >> 40; \
+ (cp)[4] = (value) >> 32; \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define PUT_32BIT_LE(cp, value) do { \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define H0 0x67452301U
+#define H1 0xEFCDAB89U
+#define H2 0x98BADCFEU
+#define H3 0x10325476U
+#define H4 0xC3D2E1F0U
+
+#define K0 0x00000000U
+#define K1 0x5A827999U
+#define K2 0x6ED9EBA1U
+#define K3 0x8F1BBCDCU
+#define K4 0xA953FD4EU
+
+#define KK0 0x50A28BE6U
+#define KK1 0x5C4DD124U
+#define KK2 0x6D703EF3U
+#define KK3 0x7A6D76E9U
+#define KK4 0x00000000U
+
+/* rotate x left n bits. */
+
+#define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
+
+#define F0(x, y, z) ((x) ^ (y) ^ (z))
+#define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
Review Comment:
```suggestion
#define F1(x, y, z) (((x) & (y)) | (~(x) & (z)))
```
##########
crypto/rmd160.c:
##########
@@ -0,0 +1,426 @@
+/****************************************************************************
+ * crypto/rmd160.c
+ * $OpenBSD: rmd160.c,v 1.5 2011/01/11 15:42:05 deraadt Exp $
+ *
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Preneel, Bosselaers, Dobbertin,
+ * "The Cryptographic Hash Function RIPEMD-160",
+ * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
+ * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/param.h>
+#include <endian.h>
+#include <string.h>
+#include <crypto/rmd160.h>
+
+#define PUT_64BIT_LE(cp, value) do { \
+ (cp)[7] = (value) >> 56; \
+ (cp)[6] = (value) >> 48; \
+ (cp)[5] = (value) >> 40; \
+ (cp)[4] = (value) >> 32; \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define PUT_32BIT_LE(cp, value) do { \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define H0 0x67452301U
+#define H1 0xEFCDAB89U
+#define H2 0x98BADCFEU
+#define H3 0x10325476U
+#define H4 0xC3D2E1F0U
+
+#define K0 0x00000000U
+#define K1 0x5A827999U
+#define K2 0x6ED9EBA1U
+#define K3 0x8F1BBCDCU
+#define K4 0xA953FD4EU
+
+#define KK0 0x50A28BE6U
+#define KK1 0x5C4DD124U
+#define KK2 0x6D703EF3U
+#define KK3 0x7A6D76E9U
+#define KK4 0x00000000U
+
+/* rotate x left n bits. */
+
+#define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
+
+#define F0(x, y, z) ((x) ^ (y) ^ (z))
+#define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define F2(x, y, z) (((x) | (~y)) ^ (z))
+#define F3(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define F4(x, y, z) ((x) ^ ((y) | (~z)))
+
+#define R(a, b, c, d, e, Fj, Kj, sj, rj) \
+ do { \
+ a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \
+ c = ROL(10, c); \
+ } while(0)
Review Comment:
```suggestion
do \
{ \
a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \
c = ROL(10, c); \
} \
while(0)
```
##########
crypto/cryptosoft.c:
##########
@@ -0,0 +1,920 @@
+/****************************************************************************
+ * crypto/cryptosoft.c
+ * $OpenBSD: cryptosoft.c,v 1.91 2021/10/24 10:26:22 patrick Exp $
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000, 2001 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <assert.h>
+#include <errno.h>
+#include <endian.h>
+#include <nuttx/kmalloc.h>
+#include <crypto/cryptodev.h>
+#include <crypto/xform.h>
+#include <crypto/cryptosoft.h>
+
+const uint8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN] =
+{
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
+};
+
+const uint8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN] =
+{
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
+};
+
+FAR static struct swcr_list *swcr_sessions;
+FAR static uint32_t swcr_sesnum;
+
+int swcr_encdec(FAR struct cryptop *crp, FAR struct cryptodesc *crd,
+ FAR struct swcr_data *sw, caddr_t buf,
+ int outtype)
+{
+ unsigned char blk[EALG_MAX_BLOCK_LEN];
+ unsigned char iv2[EALG_MAX_BLOCK_LEN];
+ unsigned char iv[EALG_MAX_BLOCK_LEN];
+ FAR unsigned char *nivp;
+ FAR unsigned char *ivp;
+ FAR const struct enc_xform *exf;
+ int blks;
+ int ivlen;
+ int i;
+ int j;
+
+ exf = sw->sw_exf;
+
+ blks = exf->blocksize;
+ ivlen = exf->ivsize;
+
+ if (crd->crd_len % blks)
+ {
+ return -EINVAL;
+ }
+
+ bcopy(crd->crd_iv, iv, ivlen);
+ ivp = iv;
+
+ if (exf->reinit)
+ exf->reinit((caddr_t)sw->sw_kschedule, crd->crd_iv);
+
+ for (i = 0; i < crd->crd_len / exf->blocksize; i++)
+ {
+ bcopy(buf, blk, exf->blocksize);
+ buf += exf->blocksize;
+ if (exf->reinit)
+ {
+ if (crd->crd_flags & CRD_F_ENCRYPT)
+ {
+ exf->encrypt((caddr_t)sw->sw_kschedule, blk);
+ }
+ else
+ {
+ exf->decrypt((caddr_t)sw->sw_kschedule, blk);
+ }
+ }
+ else if (crd->crd_flags & CRD_F_ENCRYPT)
+ {
+ for (j = 0; j < blks; j++)
+ blk[j] ^= ivp[j];
+
+ exf->encrypt((caddr_t)sw->sw_kschedule, blk);
+ bcopy(blk, iv, blks);
+ ivp = iv;
+ }
+ else
+ {
+ nivp = (ivp == iv) ? iv2 : iv;
+ bcopy(blk, nivp, blks);
+ exf->decrypt((caddr_t)sw->sw_kschedule, blk);
+
+ for (j = 0; j < blks; j++)
+ {
+ blk[j] ^= ivp[j];
+ }
+
+ ivp = nivp;
+ }
+
+ bcopy(blk, crp->crp_dst, exf->blocksize);
+ crp->crp_dst += exf->blocksize;
+ }
+
+ return 0;
+}
+
+int swcr_authcompute(FAR struct cryptop *crp, FAR struct cryptodesc *crd,
+ FAR struct swcr_data *sw, caddr_t buf, int outtype)
+{
+ unsigned char aalg[AALG_MAX_RESULT_LEN];
+ FAR const struct auth_hash *axf;
+ int err = 0;
+
+ if (sw->sw_ictx == 0)
+ {
+ return -EINVAL;
+ }
+
+ axf = sw->sw_axf;
+ err = axf->update(sw->sw_ictx, (uint8_t *)buf, crd->crd_len);
+ if (err)
+ {
+ return err;
+ }
+
+ if (crd->crd_flags & CRD_F_ESN)
+ {
+ axf->update(sw->sw_ictx, crd->crd_esn, 4);
+ }
+
+ switch (sw->sw_alg)
+ {
+ case CRYPTO_MD5_HMAC:
+ case CRYPTO_SHA1_HMAC:
+ case CRYPTO_RIPEMD160_HMAC:
+ case CRYPTO_SHA2_256_HMAC:
+ case CRYPTO_SHA2_384_HMAC:
+ case CRYPTO_SHA2_512_HMAC:
+ if (sw->sw_octx == NULL)
+ {
+ return -EINVAL;
+ }
+
+ axf->final(aalg, sw->sw_ictx);
+ axf->update(sw->sw_octx, aalg, axf->hashsize);
+ axf->final(aalg, sw->sw_octx);
+
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ /* Inject the authentication data */
+
+ bcopy(aalg, crp->crp_mac, axf->hashsize);
+ return 0;
+}
+
+/* Apply a combined encryption-authentication transformation */
+
+#ifndef howmany
+# define howmany(x, y) (((x) + ((y) - 1)) / (y))
+#endif
+
+#define MIN(a,b) (((a) < (b)) ? (a) : (b))
+
+int swcr_authenc(FAR struct cryptop *crp)
+{
+ uint32_t blkbuf[howmany(EALG_MAX_BLOCK_LEN, sizeof(uint32_t))];
+ FAR u_char *blk = (FAR u_char *)blkbuf;
+ u_char aalg[AALG_MAX_RESULT_LEN];
+ union authctx ctx;
+ FAR struct cryptodesc *crd;
+ FAR struct cryptodesc *crda = NULL;
+ FAR struct cryptodesc *crde = NULL;
+ FAR struct swcr_list *session;
+ FAR struct swcr_data *sw;
+ FAR struct swcr_data *swa;
+ FAR struct swcr_data *swe = NULL;
+ FAR const struct auth_hash *axf = NULL;
+ FAR const struct enc_xform *exf = NULL;
+ caddr_t buf = (caddr_t)crp->crp_buf;
+ FAR uint32_t *blkp;
+ int aadlen;
+ int blksz = 0;
+ int i;
+ int ivlen = 0;
+ int len;
+ int iskip = 0;
+ int oskip = 0;
+
+ session = &swcr_sessions[crp->crp_sid & 0xffffffff];
+
+ for (i = 0; i < crp->crp_ndescalloc; i++)
+ {
+ crd = &crp->crp_desc[i];
+ SLIST_FOREACH(sw, session, sw_next)
+ {
+ if (sw->sw_alg == crd->crd_alg)
+ {
+ break;
+ }
+ }
+
+ if (sw == NULL)
+ {
+ return -EINVAL;
+ }
+
+ switch (sw->sw_alg)
+ {
+ case CRYPTO_AES_GCM_16:
+ case CRYPTO_AES_GMAC:
+ case CRYPTO_CHACHA20_POLY1305:
+ swe = sw;
+ crde = crd;
+ exf = swe->sw_exf;
+ ivlen = exf->ivsize;
+ break;
+ case CRYPTO_AES_128_GMAC:
+ case CRYPTO_AES_192_GMAC:
+ case CRYPTO_AES_256_GMAC:
+ case CRYPTO_CHACHA20_POLY1305_MAC:
+ swa = sw;
+ crda = crd;
+ axf = swa->sw_axf;
+ if (swa->sw_ictx == 0)
+ {
+ return -EINVAL;
+ }
+
+ bcopy(swa->sw_ictx, &ctx, axf->ctxsize);
+ blksz = axf->blocksize;
+ break;
+ default:
+ {
+ return -EINVAL;
+ }
+ }
+ }
+
+ if (crde == NULL || crda == NULL)
+ {
+ return -EINVAL;
+ }
+
+ /* Supply MAC with IV */
+
+ if (axf->reinit)
+ {
+ axf->reinit(&ctx, crde->crd_iv, ivlen);
+ }
+
+ /* Supply MAC with AAD */
+
+ aadlen = crda->crd_len; /* this is a bug */
+
+ /* this is a bug
+ * add is a not stable lenth
+ * but is a stable var now
+ */
+
+ /* Section 5 of RFC 4106 specifies that AAD construction consists of
+ * {SPI, ESN, SN} whereas the real packet contains only {SPI, SN}.
+ * Unfortunately it doesn't follow a good example set in the Section
+ * 3.3.2.1 of RFC 4303 where upper part of the ESN, located in the
+ * external (to the packet) memory buffer, is processed by the hash
+ * function in the end thus allowing to retain simple programming
+ * interfaces and avoid kludges like the one below.
+ */
+
+ if (crda->crd_flags & CRD_F_ESN)
+ {
+ aadlen += 4;
+
+ /* SPI */
+
+ bcopy(buf + crda->crd_skip, blk, 4);
+ iskip = 4;
+
+ /* loop below will start with an offset of 4 */
+
+ /* ESN */
+
+ bcopy(crda->crd_esn, blk + 4, 4);
+ oskip = iskip + 4; /* offset output buffer blk by 8 */
+ }
+
+ for (i = iskip; i < crda->crd_len; i += axf->hashsize)
+ {
+ len = MIN(crda->crd_len - i, axf->hashsize - oskip);
+ bzero(blk + len + oskip, axf->hashsize - len - oskip);
+ bcopy(buf + crda->crd_skip + i, blk + oskip, len);
+ axf->update(&ctx, blk, axf->hashsize);
+ oskip = 0; /* reset initial output offset */
+ }
+
+ if (exf->reinit)
+ exf->reinit((caddr_t)swe->sw_kschedule, crde->crd_iv);
+
+ /* Do encryption/decryption with MAC */
+
+ for (i = 0; i < crde->crd_len; i += blksz)
+ {
+ len = MIN(crde->crd_len - i, blksz);
+ if (len < blksz)
+ {
+ bzero(blk, blksz);
+ }
+
+ bcopy(buf + i, blk, len);
+ if (crde->crd_flags & CRD_F_ENCRYPT)
+ {
+ exf->encrypt((caddr_t)swe->sw_kschedule, blk);
+ axf->update(&ctx, blk, len);
+ }
+ else
+ {
+ axf->update(&ctx, blk, len);
+ exf->decrypt((caddr_t)swe->sw_kschedule, blk);
+ }
+
+ bcopy(blk, crp->crp_dst + i, len);
+ }
+
+ /* Do any required special finalization */
+
+ switch (crda->crd_alg)
+ {
+ case CRYPTO_AES_128_GMAC:
+ case CRYPTO_AES_192_GMAC:
+ case CRYPTO_AES_256_GMAC:
+
+ /* length block */
+
+ bzero(blk, axf->hashsize);
+ blkp = (uint32_t *)blk + 1;
+ *blkp = htobe32(aadlen * 8);
+ blkp = (uint32_t *)blk + 3;
+ *blkp = htobe32(crde->crd_len * 8);
+ axf->update(&ctx, blk, axf->hashsize);
+ break;
+ case CRYPTO_CHACHA20_POLY1305_MAC:
+
+ /* length block */
+
+ bzero(blk, axf->hashsize);
+ blkp = (uint32_t *)blk;
+ *blkp = htole32(aadlen);
+ blkp = (uint32_t *)blk + 2;
+ *blkp = htole32(crde->crd_len);
+ axf->update(&ctx, blk, axf->hashsize);
+ break;
+ }
+
+ /* Finalize MAC */
+
+ axf->final(aalg, &ctx);
+
+ /* Inject the authentication data */
+
+ bcopy(aalg, crp->crp_mac, axf->authsize);
+
+ return (0);
Review Comment:
```suggestion
return 0;
```
##########
crypto/rmd160.c:
##########
@@ -0,0 +1,426 @@
+/****************************************************************************
+ * crypto/rmd160.c
+ * $OpenBSD: rmd160.c,v 1.5 2011/01/11 15:42:05 deraadt Exp $
+ *
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Preneel, Bosselaers, Dobbertin,
+ * "The Cryptographic Hash Function RIPEMD-160",
+ * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
+ * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/param.h>
+#include <endian.h>
+#include <string.h>
+#include <crypto/rmd160.h>
+
+#define PUT_64BIT_LE(cp, value) do { \
+ (cp)[7] = (value) >> 56; \
+ (cp)[6] = (value) >> 48; \
+ (cp)[5] = (value) >> 40; \
+ (cp)[4] = (value) >> 32; \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define PUT_32BIT_LE(cp, value) do { \
+ (cp)[3] = (value) >> 24; \
+ (cp)[2] = (value) >> 16; \
+ (cp)[1] = (value) >> 8; \
+ (cp)[0] = (value); } while (0)
+
+#define H0 0x67452301U
+#define H1 0xEFCDAB89U
+#define H2 0x98BADCFEU
+#define H3 0x10325476U
+#define H4 0xC3D2E1F0U
+
+#define K0 0x00000000U
+#define K1 0x5A827999U
+#define K2 0x6ED9EBA1U
+#define K3 0x8F1BBCDCU
+#define K4 0xA953FD4EU
+
+#define KK0 0x50A28BE6U
+#define KK1 0x5C4DD124U
+#define KK2 0x6D703EF3U
+#define KK3 0x7A6D76E9U
+#define KK4 0x00000000U
+
+/* rotate x left n bits. */
+
+#define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
+
+#define F0(x, y, z) ((x) ^ (y) ^ (z))
+#define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define F2(x, y, z) (((x) | (~y)) ^ (z))
+#define F3(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define F4(x, y, z) ((x) ^ ((y) | (~z)))
Review Comment:
```suggestion
#define F4(x, y, z) ((x) ^ ((y) | ~(z)))
```
##########
crypto/crypto.c:
##########
@@ -42,10 +47,343 @@
* Private Data
****************************************************************************/
+FAR struct cryptocap *crypto_drivers;
+static int crypto_drivers_num;
+
/****************************************************************************
* Private Functions
****************************************************************************/
+int crypto_newsession(FAR uint64_t *sid,
+ FAR struct cryptoini *cri,
+ int hard)
+{
+ uint32_t hid;
+ uint32_t lid;
+ uint32_t hid2 = -1;
+ FAR struct cryptocap *cpc;
+ FAR struct cryptoini *cr;
+ int err;
+ int turn = 0;
+
+ if (crypto_drivers == NULL)
+ {
+ return EINVAL;
+ }
+
+ /* The algorithm we use here is pretty stupid; just use the
+ * first driver that supports all the algorithms we need. Do
+ * a double-pass over all the drivers, ignoring software ones
+ * at first, to deal with cases of drivers that register after
+ * the software one(s) --- e.g., PCMCIA crypto cards.
+ *
+ * XXX We need more smarts here (in real life too, but that's
+ * XXX another story altogether).
+ */
+
+ do
+ {
+ for (hid = 0; hid < crypto_drivers_num; hid++)
+ {
+ cpc = &crypto_drivers[hid];
+
+ /* If it's not initialized or has remaining sessions
+ * referencing it, skip.
+ */
+
+ if (cpc->cc_newsession == NULL ||
+ (cpc->cc_flags & CRYPTOCAP_F_CLEANUP))
+ {
+ continue;
+ }
+
+ if (cpc->cc_flags & CRYPTOCAP_F_SOFTWARE)
+ {
+ /* First round of search, ignore
+ * software drivers.
+ */
+
+ if (turn == 0)
+ {
+ continue;
+ }
+ }
+ else
+ {
+ /* !CRYPTOCAP_F_SOFTWARE
+ * Second round of search, only software.
+ */
+
+ if (turn == 1)
+ {
+ continue;
+ }
+ }
+
+ /* See if all the algorithms are supported. */
+
+ for (cr = cri; cr; cr = cr->cri_next)
+ {
+ if (cpc->cc_alg[cr->cri_alg] == 0)
+ {
+ break;
+ }
+ }
+
+ /* If even one algorithm is not supported,
+ * keep searching.
+ */
+
+ if (cr != NULL)
+ {
+ continue;
+ }
+
+ /* If we had a previous match, see how it compares
+ * to this one. Keep "remembering" whichever is
+ * the best of the two.
+ */
+
+ if (hid2 != -1)
+ {
+ /* Compare session numbers, pick the one
+ * with the lowest.
+ * XXX Need better metrics, this will
+ * XXX just do un-weighted round-robin.
+ */
+
+ if (crypto_drivers[hid].cc_sessions <=
+ crypto_drivers[hid2].cc_sessions)
+ {
+ hid2 = hid;
+ }
+ }
+ else
+ {
+ /* Remember this one, for future
+ * comparisons.
+ */
+
+ hid2 = hid;
+ }
+ }
+
+ /* If we found something worth remembering, leave. The
+ * side-effect is that we will always prefer a hardware
+ * driver over the software one.
+ */
+
+ if (hid2 != -1)
+ {
+ break;
+ }
+
+ turn++;
+
+ /* If we only want hardware drivers, don't do second pass. */
+ }
+ while (turn <= 2 && hard == 0);
+
+ hid = hid2;
+
+ /* Can't do everything in one session.
+ * XXX Fix this. We need to inject a "virtual" session
+ * XXX layer right about here.
+ */
+
+ if (hid == -1)
+ {
+ return EINVAL;
+ }
+
+ /* Call the driver initialization routine. */
+
+ lid = hid; /* Pass the driver ID. */
+ err = crypto_drivers[hid].cc_newsession(&lid, cri);
+ if (err == 0)
+ {
+ *sid = hid;
+ *sid <<= 32;
+ *sid |= (lid & 0xffffffff);
+ crypto_drivers[hid].cc_sessions++;
+ }
+
+ return err;
+}
+
+int crypto_freesession(uint64_t sid)
+{
+ int err = 0;
+ uint32_t hid;
+
+ if (crypto_drivers == NULL)
+ {
+ return EINVAL;
+ }
+
+ /* Determine two IDs. */
+
+ hid = (sid >> 32) & 0xffffffff;
+
+ if (hid >= crypto_drivers_num)
+ {
+ return ENOENT;
+ }
+
+ if (crypto_drivers[hid].cc_sessions)
+ {
+ crypto_drivers[hid].cc_sessions--;
+ }
+
+ /* Call the driver cleanup routine, if available. */
+
+ if (crypto_drivers[hid].cc_freesession)
+ {
+ err = crypto_drivers[hid].cc_freesession(sid);
+ }
+
+ /* If this was the last session of a driver marked as invalid,
+ * make the entry available for reuse.
+ */
+
+ if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) &&
+ crypto_drivers[hid].cc_sessions == 0)
+ {
+ explicit_bzero(&crypto_drivers[hid], sizeof(struct cryptocap));
+ }
+
+ return err;
+}
+
+int32_t crypto_get_driverid(uint8_t flags)
+{
+ FAR struct cryptocap *newdrv;
+ int i;
+
+ /* called from attach routines */
+
+ if (crypto_drivers_num == 0)
+ {
+ crypto_drivers_num = CRYPTO_DRIVERS_INITIAL;
+ crypto_drivers = kmm_calloc(crypto_drivers_num,
+ sizeof(struct cryptocap));
+ if (crypto_drivers == NULL)
+ {
+ crypto_drivers_num = 0;
+ return -1;
+ }
+ }
+
+ for (i = 0; i < crypto_drivers_num; i++)
+ {
+ if (crypto_drivers[i].cc_process == NULL &&
+ !(crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) &&
+ crypto_drivers[i].cc_sessions == 0)
+ {
+ crypto_drivers[i].cc_sessions = 1; /* Mark */
+ crypto_drivers[i].cc_flags = flags;
+ return i;
+ }
+ }
+
+ /* Out of entries, allocate some more. */
+
+ if (crypto_drivers_num >= CRYPTO_DRIVERS_MAX)
+ {
+ return -1;
+ }
+
+ newdrv = kmm_calloc(crypto_drivers_num,
+ 2 * sizeof(struct cryptocap));
+ if (newdrv == NULL)
+ {
+ return -1;
+ }
+
+ memcpy(newdrv, crypto_drivers,
+ crypto_drivers_num * sizeof(struct cryptocap));
+ bzero(&newdrv[crypto_drivers_num],
+ crypto_drivers_num * sizeof(struct cryptocap));
Review Comment:
```suggestion
memcpy(newdrv, crypto_drivers,
crypto_drivers_num * sizeof(struct cryptocap));
bzero(&newdrv[crypto_drivers_num],
crypto_drivers_num * sizeof(struct cryptocap));
```
##########
crypto/chachapoly.c:
##########
@@ -0,0 +1,300 @@
+/****************************************************************************
+ * crypto/chachapoly.c
+ * $OpenBSD: chachapoly.c,v 1.6 2020/07/22 13:54:30 tobhe Exp $
+ *
+ * Copyright (c) 2015 Mike Belopuhov
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <sys/param.h>
+
+#include <crypto/poly1305.h>
+#include <crypto/chachapoly.h>
+
+#include "chacha_private.h"
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const uint8_t pad0[16] =
+{
+ 0
+};
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+int chacha20_setkey(FAR void *sched, FAR uint8_t *key, int len)
+{
+ FAR struct chacha20_ctx *ctx = (FAR struct chacha20_ctx *)sched;
+
+ if (len != CHACHA20_KEYSIZE + CHACHA20_SALT)
+ {
+ return (-1);
+ }
+
+ /* initial counter is 1 */
+
+ ctx->nonce[0] = 1;
+ memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
+ CHACHA20_SALT);
+ chacha_keysetup((FAR chacha_ctx *)&ctx->block, key, CHACHA20_KEYSIZE * 8);
+ return (0);
+}
+
+void chacha20_reinit(caddr_t key, FAR uint8_t *iv)
+{
+ FAR struct chacha20_ctx *ctx = (FAR struct chacha20_ctx *)key;
+
+ chacha_ivsetup((FAR chacha_ctx *)ctx->block, iv, ctx->nonce);
+}
+
+void chacha20_crypt(caddr_t key, FAR uint8_t *data)
+{
+ FAR struct chacha20_ctx *ctx = (FAR struct chacha20_ctx *)key;
+
+ chacha_encrypt_bytes((FAR chacha_ctx *)ctx->block, data, data,
+ CHACHA20_BLOCK_LEN);
+}
+
+void chacha20_poly1305_init(FAR void *xctx)
+{
+ FAR CHACHA20_POLY1305_CTX *ctx = xctx;
+
+ memset(ctx, 0, sizeof(*ctx));
+}
+
+void chacha20_poly1305_setkey(FAR void *xctx, FAR const uint8_t *key,
+ uint16_t klen)
+{
+ FAR CHACHA20_POLY1305_CTX *ctx = xctx;
+
+ /* salt is provided with the key material */
+
+ memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
+ CHACHA20_SALT);
+ chacha_keysetup((FAR chacha_ctx *)&ctx->chacha, key, CHACHA20_KEYSIZE * 8);
+}
+
+void chacha20_poly1305_reinit(FAR void *xctx, FAR const uint8_t *iv,
+ uint16_t ivlen)
+{
+ FAR CHACHA20_POLY1305_CTX *ctx = xctx;
+
+ /* initial counter is 0 */
+
+ chacha_ivsetup((FAR chacha_ctx *)&ctx->chacha, iv, ctx->nonce);
+ chacha_encrypt_bytes((FAR chacha_ctx *)&ctx->chacha, ctx->key, ctx->key,
+ POLY1305_KEYLEN);
+ poly1305_init((FAR poly1305_state *)&ctx->poly, ctx->key);
+}
+
+int chacha20_poly1305_update(FAR void *xctx, FAR const uint8_t *data,
+ uint16_t len)
+{
+ static const unsigned char zeroes[POLY1305_BLOCK_LEN];
+ FAR CHACHA20_POLY1305_CTX *ctx = xctx;
+ size_t rem;
+
+ poly1305_update((FAR poly1305_state *)&ctx->poly, data, len);
+
+ /* number of bytes in the last 16 byte block */
+
+ rem = (len + POLY1305_BLOCK_LEN) & (POLY1305_BLOCK_LEN - 1);
+ if (rem > 0)
+ {
+ poly1305_update((FAR poly1305_state *)&ctx->poly, zeroes,
+ POLY1305_BLOCK_LEN - rem);
+ }
+
+ return (0);
+}
+
+void chacha20_poly1305_final(FAR uint8_t *tag, FAR void *xctx)
+{
+ FAR CHACHA20_POLY1305_CTX *ctx = xctx;
+
+ poly1305_finish((FAR poly1305_state *)&ctx->poly, tag);
+ explicit_bzero(ctx, sizeof(*ctx));
+}
+
+void chacha20poly1305_encrypt(
+ FAR uint8_t *dst,
+ FAR const uint8_t *src,
+ const size_t src_len,
+ FAR const uint8_t *ad,
+ const size_t ad_len,
+ const uint64_t nonce,
+ FAR const uint8_t *key)
+{
+ poly1305_state poly1305_ctx;
+ chacha_ctx ctx;
+ union {
+ uint8_t b0[CHACHA20POLY1305_KEY_SIZE];
+ uint64_t lens[2];
+ } b =
Review Comment:
```suggestion
union
{
uint8_t b0[CHACHA20POLY1305_KEY_SIZE];
uint64_t lens[2];
} b =
```
##########
crypto/crypto.c:
##########
@@ -42,10 +47,343 @@
* Private Data
****************************************************************************/
+FAR struct cryptocap *crypto_drivers;
+static int crypto_drivers_num;
+
/****************************************************************************
* Private Functions
****************************************************************************/
+int crypto_newsession(FAR uint64_t *sid,
+ FAR struct cryptoini *cri,
+ int hard)
+{
+ uint32_t hid;
+ uint32_t lid;
+ uint32_t hid2 = -1;
+ FAR struct cryptocap *cpc;
+ FAR struct cryptoini *cr;
+ int err;
+ int turn = 0;
+
+ if (crypto_drivers == NULL)
+ {
+ return EINVAL;
+ }
+
+ /* The algorithm we use here is pretty stupid; just use the
+ * first driver that supports all the algorithms we need. Do
+ * a double-pass over all the drivers, ignoring software ones
+ * at first, to deal with cases of drivers that register after
+ * the software one(s) --- e.g., PCMCIA crypto cards.
+ *
+ * XXX We need more smarts here (in real life too, but that's
+ * XXX another story altogether).
+ */
+
+ do
+ {
+ for (hid = 0; hid < crypto_drivers_num; hid++)
+ {
+ cpc = &crypto_drivers[hid];
+
+ /* If it's not initialized or has remaining sessions
+ * referencing it, skip.
+ */
+
+ if (cpc->cc_newsession == NULL ||
+ (cpc->cc_flags & CRYPTOCAP_F_CLEANUP))
+ {
+ continue;
+ }
+
+ if (cpc->cc_flags & CRYPTOCAP_F_SOFTWARE)
+ {
+ /* First round of search, ignore
+ * software drivers.
+ */
+
+ if (turn == 0)
+ {
+ continue;
+ }
+ }
+ else
+ {
+ /* !CRYPTOCAP_F_SOFTWARE
+ * Second round of search, only software.
+ */
+
+ if (turn == 1)
+ {
+ continue;
+ }
+ }
+
+ /* See if all the algorithms are supported. */
+
+ for (cr = cri; cr; cr = cr->cri_next)
+ {
+ if (cpc->cc_alg[cr->cri_alg] == 0)
+ {
+ break;
+ }
+ }
+
+ /* If even one algorithm is not supported,
+ * keep searching.
+ */
+
+ if (cr != NULL)
+ {
+ continue;
+ }
+
+ /* If we had a previous match, see how it compares
+ * to this one. Keep "remembering" whichever is
+ * the best of the two.
+ */
+
+ if (hid2 != -1)
+ {
+ /* Compare session numbers, pick the one
+ * with the lowest.
+ * XXX Need better metrics, this will
+ * XXX just do un-weighted round-robin.
+ */
+
+ if (crypto_drivers[hid].cc_sessions <=
+ crypto_drivers[hid2].cc_sessions)
+ {
+ hid2 = hid;
+ }
+ }
+ else
+ {
+ /* Remember this one, for future
+ * comparisons.
+ */
+
+ hid2 = hid;
+ }
+ }
+
+ /* If we found something worth remembering, leave. The
+ * side-effect is that we will always prefer a hardware
+ * driver over the software one.
+ */
+
+ if (hid2 != -1)
+ {
+ break;
+ }
+
+ turn++;
+
+ /* If we only want hardware drivers, don't do second pass. */
+ }
+ while (turn <= 2 && hard == 0);
+
+ hid = hid2;
+
+ /* Can't do everything in one session.
+ * XXX Fix this. We need to inject a "virtual" session
+ * XXX layer right about here.
+ */
+
+ if (hid == -1)
+ {
+ return EINVAL;
+ }
+
+ /* Call the driver initialization routine. */
+
+ lid = hid; /* Pass the driver ID. */
+ err = crypto_drivers[hid].cc_newsession(&lid, cri);
+ if (err == 0)
+ {
+ *sid = hid;
+ *sid <<= 32;
+ *sid |= (lid & 0xffffffff);
+ crypto_drivers[hid].cc_sessions++;
+ }
+
+ return err;
+}
+
+int crypto_freesession(uint64_t sid)
+{
+ int err = 0;
+ uint32_t hid;
+
+ if (crypto_drivers == NULL)
+ {
+ return EINVAL;
+ }
+
+ /* Determine two IDs. */
+
+ hid = (sid >> 32) & 0xffffffff;
+
+ if (hid >= crypto_drivers_num)
+ {
+ return ENOENT;
+ }
+
+ if (crypto_drivers[hid].cc_sessions)
+ {
+ crypto_drivers[hid].cc_sessions--;
+ }
+
+ /* Call the driver cleanup routine, if available. */
+
+ if (crypto_drivers[hid].cc_freesession)
+ {
+ err = crypto_drivers[hid].cc_freesession(sid);
+ }
+
+ /* If this was the last session of a driver marked as invalid,
+ * make the entry available for reuse.
+ */
+
+ if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) &&
+ crypto_drivers[hid].cc_sessions == 0)
+ {
+ explicit_bzero(&crypto_drivers[hid], sizeof(struct cryptocap));
+ }
+
+ return err;
+}
+
+int32_t crypto_get_driverid(uint8_t flags)
+{
+ FAR struct cryptocap *newdrv;
+ int i;
+
+ /* called from attach routines */
+
+ if (crypto_drivers_num == 0)
+ {
+ crypto_drivers_num = CRYPTO_DRIVERS_INITIAL;
+ crypto_drivers = kmm_calloc(crypto_drivers_num,
+ sizeof(struct cryptocap));
Review Comment:
```suggestion
crypto_drivers = kmm_calloc(crypto_drivers_num,
sizeof(struct cryptocap));
```
##########
crypto/cryptodev.c:
##########
@@ -102,61 +161,427 @@ static int cryptodev_ioctl(FAR struct file *filep,
int cmd,
unsigned long arg)
{
+ struct cryptoini cria;
+ struct cryptoini crie;
+ FAR struct fcrypt *fcr = filep->f_priv;
+ FAR struct csession *cse;
+ FAR const struct enc_xform *txform = NULL;
+ FAR const struct auth_hash *thash = NULL;
+ uint64_t sid;
+ int error = 0;
+
switch (cmd)
- {
- case CIOCGSESSION:
{
- FAR struct session_op *ses = (FAR struct session_op *)arg;
- ses->ses = (uint32_t)ses;
- return OK;
+ case CIOCGSESSION:
+ {
+ FAR struct session_op *sop = (FAR struct session_op *)arg;
+ switch (sop->cipher)
+ {
+ case 0:
+ break;
+ case CRYPTO_3DES_CBC:
+ txform = &enc_xform_3des;
+ break;
+ case CRYPTO_AES_CTR:
+ txform = &enc_xform_aes_ctr;
+ break;
+ case CRYPTO_AES_XTS:
+
+ default:
+ return -EINVAL;
+ }
+
+ switch (sop->mac)
+ {
+ case 0:
+ break;
+ case CRYPTO_MD5_HMAC:
+ thash = &auth_hash_hmac_md5_96;
+ break;
+ case CRYPTO_SHA1_HMAC:
+ thash = &auth_hash_hmac_sha1_96;
+ break;
+ case CRYPTO_SHA2_256_HMAC:
+ thash = &auth_hash_hmac_sha2_256_128;
+ break;
+ case CRYPTO_SHA2_384_HMAC:
+ thash = &auth_hash_hmac_sha2_384_192;
+ break;
+ case CRYPTO_SHA2_512_HMAC:
+ thash = &auth_hash_hmac_sha2_512_256;
+ break;
+ case CRYPTO_AES_128_GMAC:
+ thash = &auth_hash_gmac_aes_128;
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ memset(&cria, 0, sizeof(struct cryptoini));
+ memset(&crie, 0, sizeof(struct cryptoini));
+
+ if (txform)
+ {
+ crie.cri_alg = txform->type;
+ crie.cri_klen = sop->keylen * 8;
+ if (sop->keylen > txform->maxkey ||
+ sop->keylen < txform->minkey)
+ {
+ error = -EINVAL;
+ goto bail;
+ }
+
+ crie.cri_key = kmm_malloc(crie.cri_klen / 8);
+ if (crie.cri_key == NULL)
+ {
+ error = -ENOMEM;
+ goto bail;
+ }
+
+ memcpy(crie.cri_key, sop->key, crie.cri_klen / 8);
+ if (thash)
+ {
+ crie.cri_next = &cria;
+ }
+ }
+
+ if (thash)
+ {
+ cria.cri_alg = thash->type;
+ cria.cri_klen = sop->mackeylen * 8;
+
+ /* don't check */
+
+ /* if (sop->mackeylen != thash->keysize)
+ * {
+ * error = EINVAL;
+ * goto bail;
+ * }
+ */
+
+ if (cria.cri_klen)
+ {
+ cria.cri_key = kmm_malloc (cria.cri_klen / 8);
+ if (cria.cri_key == NULL)
+ {
+ error = -ENOMEM;
+ goto bail;
+ }
+
+ memcpy(cria.cri_key, sop->mackey, cria.cri_klen / 8);
+ }
+ }
+
+ error = crypto_newsession(&sid, (txform)? &crie: &cria, 0);
+ if (error)
+ {
+ goto bail;
+ }
+
+ fcr = kmm_malloc(sizeof(struct fcrypt));
+ if (fcr == NULL)
+ {
+ error = -ENOMEM;
+ goto bail;
+ }
+
+ TAILQ_INIT(&fcr->csessions);
+ fcr->sesn = 0;
+ filep->f_priv = fcr;
+ cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen,
+ cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform,
+ thash);
+ if (cse == NULL)
+ {
+ crypto_freesession(sid);
+ error = -EINVAL;
+ goto bail;
+ }
+
+ sop->ses = cse->ses;
+
+ bail:
+ if (error)
+ {
+ return error;
+ }
+
+ return OK;
+ }
+
+ case CIOCFSESSION:
+ cse = csefind(fcr, *(uint32_t *)arg);
+ if (cse == NULL)
+ {
+ return -EINVAL;
+ }
+
+ TAILQ_REMOVE(&fcr->csessions, cse, next);
+ error = csefree(cse);
+ kmm_free(fcr);
+ break;
+ case CIOCCRYPT:
+ {
+ FAR struct crypt_op *op = (FAR struct crypt_op *)arg;
+
+ cse = csefind(fcr, op->ses);
+ if (cse == NULL)
+ {
+ return -EINVAL;
+ }
+
+ error = cryptodev_op(cse, op);
+ break;
+ }
+
+ default:
+ return -ENOTTY;
+ }
+
+ return (error);
Review Comment:
```suggestion
return error;
```
##########
crypto/cryptodev.c:
##########
@@ -102,61 +161,427 @@ static int cryptodev_ioctl(FAR struct file *filep,
int cmd,
unsigned long arg)
{
+ struct cryptoini cria;
+ struct cryptoini crie;
+ FAR struct fcrypt *fcr = filep->f_priv;
+ FAR struct csession *cse;
+ FAR const struct enc_xform *txform = NULL;
+ FAR const struct auth_hash *thash = NULL;
+ uint64_t sid;
+ int error = 0;
+
switch (cmd)
- {
- case CIOCGSESSION:
{
- FAR struct session_op *ses = (FAR struct session_op *)arg;
- ses->ses = (uint32_t)ses;
- return OK;
+ case CIOCGSESSION:
+ {
+ FAR struct session_op *sop = (FAR struct session_op *)arg;
+ switch (sop->cipher)
+ {
+ case 0:
+ break;
+ case CRYPTO_3DES_CBC:
+ txform = &enc_xform_3des;
+ break;
+ case CRYPTO_AES_CTR:
+ txform = &enc_xform_aes_ctr;
+ break;
+ case CRYPTO_AES_XTS:
+
+ default:
+ return -EINVAL;
+ }
+
+ switch (sop->mac)
+ {
+ case 0:
+ break;
+ case CRYPTO_MD5_HMAC:
+ thash = &auth_hash_hmac_md5_96;
+ break;
+ case CRYPTO_SHA1_HMAC:
+ thash = &auth_hash_hmac_sha1_96;
+ break;
+ case CRYPTO_SHA2_256_HMAC:
+ thash = &auth_hash_hmac_sha2_256_128;
+ break;
+ case CRYPTO_SHA2_384_HMAC:
+ thash = &auth_hash_hmac_sha2_384_192;
+ break;
+ case CRYPTO_SHA2_512_HMAC:
+ thash = &auth_hash_hmac_sha2_512_256;
+ break;
+ case CRYPTO_AES_128_GMAC:
+ thash = &auth_hash_gmac_aes_128;
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ memset(&cria, 0, sizeof(struct cryptoini));
+ memset(&crie, 0, sizeof(struct cryptoini));
+
+ if (txform)
+ {
+ crie.cri_alg = txform->type;
+ crie.cri_klen = sop->keylen * 8;
+ if (sop->keylen > txform->maxkey ||
+ sop->keylen < txform->minkey)
+ {
+ error = -EINVAL;
+ goto bail;
+ }
+
+ crie.cri_key = kmm_malloc(crie.cri_klen / 8);
+ if (crie.cri_key == NULL)
+ {
+ error = -ENOMEM;
+ goto bail;
+ }
+
+ memcpy(crie.cri_key, sop->key, crie.cri_klen / 8);
+ if (thash)
+ {
+ crie.cri_next = &cria;
+ }
+ }
+
+ if (thash)
+ {
+ cria.cri_alg = thash->type;
+ cria.cri_klen = sop->mackeylen * 8;
+
+ /* don't check */
+
+ /* if (sop->mackeylen != thash->keysize)
+ * {
+ * error = EINVAL;
+ * goto bail;
+ * }
+ */
+
+ if (cria.cri_klen)
+ {
+ cria.cri_key = kmm_malloc (cria.cri_klen / 8);
+ if (cria.cri_key == NULL)
+ {
+ error = -ENOMEM;
+ goto bail;
+ }
+
+ memcpy(cria.cri_key, sop->mackey, cria.cri_klen / 8);
+ }
+ }
+
+ error = crypto_newsession(&sid, (txform)? &crie: &cria, 0);
+ if (error)
+ {
+ goto bail;
+ }
+
+ fcr = kmm_malloc(sizeof(struct fcrypt));
+ if (fcr == NULL)
+ {
+ error = -ENOMEM;
+ goto bail;
+ }
+
+ TAILQ_INIT(&fcr->csessions);
+ fcr->sesn = 0;
+ filep->f_priv = fcr;
+ cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen,
+ cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform,
+ thash);
+ if (cse == NULL)
+ {
+ crypto_freesession(sid);
+ error = -EINVAL;
+ goto bail;
+ }
+
+ sop->ses = cse->ses;
+
+ bail:
Review Comment:
```suggestion
bail:
```
if possible
##########
crypto/crypto.c:
##########
@@ -42,10 +47,343 @@
* Private Data
****************************************************************************/
+FAR struct cryptocap *crypto_drivers;
+static int crypto_drivers_num;
+
/****************************************************************************
* Private Functions
****************************************************************************/
+int crypto_newsession(FAR uint64_t *sid,
+ FAR struct cryptoini *cri,
+ int hard)
+{
+ uint32_t hid;
+ uint32_t lid;
+ uint32_t hid2 = -1;
+ FAR struct cryptocap *cpc;
+ FAR struct cryptoini *cr;
+ int err;
+ int turn = 0;
+
+ if (crypto_drivers == NULL)
+ {
+ return EINVAL;
+ }
+
+ /* The algorithm we use here is pretty stupid; just use the
+ * first driver that supports all the algorithms we need. Do
+ * a double-pass over all the drivers, ignoring software ones
+ * at first, to deal with cases of drivers that register after
+ * the software one(s) --- e.g., PCMCIA crypto cards.
+ *
+ * XXX We need more smarts here (in real life too, but that's
+ * XXX another story altogether).
+ */
+
+ do
+ {
+ for (hid = 0; hid < crypto_drivers_num; hid++)
+ {
+ cpc = &crypto_drivers[hid];
+
+ /* If it's not initialized or has remaining sessions
+ * referencing it, skip.
+ */
+
+ if (cpc->cc_newsession == NULL ||
+ (cpc->cc_flags & CRYPTOCAP_F_CLEANUP))
+ {
+ continue;
+ }
+
+ if (cpc->cc_flags & CRYPTOCAP_F_SOFTWARE)
+ {
+ /* First round of search, ignore
+ * software drivers.
+ */
+
+ if (turn == 0)
+ {
+ continue;
+ }
+ }
+ else
+ {
+ /* !CRYPTOCAP_F_SOFTWARE
+ * Second round of search, only software.
+ */
+
+ if (turn == 1)
+ {
+ continue;
+ }
+ }
+
+ /* See if all the algorithms are supported. */
+
+ for (cr = cri; cr; cr = cr->cri_next)
+ {
+ if (cpc->cc_alg[cr->cri_alg] == 0)
+ {
+ break;
+ }
+ }
+
+ /* If even one algorithm is not supported,
+ * keep searching.
+ */
+
+ if (cr != NULL)
+ {
+ continue;
+ }
+
+ /* If we had a previous match, see how it compares
+ * to this one. Keep "remembering" whichever is
+ * the best of the two.
+ */
+
+ if (hid2 != -1)
+ {
+ /* Compare session numbers, pick the one
+ * with the lowest.
+ * XXX Need better metrics, this will
+ * XXX just do un-weighted round-robin.
+ */
+
+ if (crypto_drivers[hid].cc_sessions <=
+ crypto_drivers[hid2].cc_sessions)
+ {
+ hid2 = hid;
+ }
+ }
+ else
+ {
+ /* Remember this one, for future
+ * comparisons.
+ */
+
+ hid2 = hid;
+ }
+ }
+
+ /* If we found something worth remembering, leave. The
+ * side-effect is that we will always prefer a hardware
+ * driver over the software one.
+ */
+
+ if (hid2 != -1)
+ {
+ break;
+ }
+
+ turn++;
+
+ /* If we only want hardware drivers, don't do second pass. */
+ }
+ while (turn <= 2 && hard == 0);
+
+ hid = hid2;
+
+ /* Can't do everything in one session.
+ * XXX Fix this. We need to inject a "virtual" session
+ * XXX layer right about here.
+ */
+
+ if (hid == -1)
+ {
+ return EINVAL;
+ }
+
+ /* Call the driver initialization routine. */
+
+ lid = hid; /* Pass the driver ID. */
+ err = crypto_drivers[hid].cc_newsession(&lid, cri);
+ if (err == 0)
+ {
+ *sid = hid;
+ *sid <<= 32;
+ *sid |= (lid & 0xffffffff);
+ crypto_drivers[hid].cc_sessions++;
+ }
+
+ return err;
+}
+
+int crypto_freesession(uint64_t sid)
+{
+ int err = 0;
+ uint32_t hid;
+
+ if (crypto_drivers == NULL)
+ {
+ return EINVAL;
+ }
+
+ /* Determine two IDs. */
+
+ hid = (sid >> 32) & 0xffffffff;
+
+ if (hid >= crypto_drivers_num)
+ {
+ return ENOENT;
+ }
+
+ if (crypto_drivers[hid].cc_sessions)
+ {
+ crypto_drivers[hid].cc_sessions--;
+ }
+
+ /* Call the driver cleanup routine, if available. */
+
+ if (crypto_drivers[hid].cc_freesession)
+ {
+ err = crypto_drivers[hid].cc_freesession(sid);
+ }
+
+ /* If this was the last session of a driver marked as invalid,
+ * make the entry available for reuse.
+ */
+
+ if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) &&
+ crypto_drivers[hid].cc_sessions == 0)
+ {
+ explicit_bzero(&crypto_drivers[hid], sizeof(struct cryptocap));
+ }
+
+ return err;
+}
+
+int32_t crypto_get_driverid(uint8_t flags)
+{
+ FAR struct cryptocap *newdrv;
+ int i;
+
+ /* called from attach routines */
+
+ if (crypto_drivers_num == 0)
+ {
+ crypto_drivers_num = CRYPTO_DRIVERS_INITIAL;
+ crypto_drivers = kmm_calloc(crypto_drivers_num,
+ sizeof(struct cryptocap));
+ if (crypto_drivers == NULL)
+ {
+ crypto_drivers_num = 0;
+ return -1;
+ }
+ }
+
+ for (i = 0; i < crypto_drivers_num; i++)
+ {
+ if (crypto_drivers[i].cc_process == NULL &&
+ !(crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) &&
+ crypto_drivers[i].cc_sessions == 0)
+ {
+ crypto_drivers[i].cc_sessions = 1; /* Mark */
+ crypto_drivers[i].cc_flags = flags;
+ return i;
+ }
+ }
+
+ /* Out of entries, allocate some more. */
+
+ if (crypto_drivers_num >= CRYPTO_DRIVERS_MAX)
+ {
+ return -1;
+ }
+
+ newdrv = kmm_calloc(crypto_drivers_num,
+ 2 * sizeof(struct cryptocap));
Review Comment:
```suggestion
newdrv = kmm_calloc(crypto_drivers_num,
2 * sizeof(struct cryptocap));
```
##########
crypto/chachapoly.c:
##########
@@ -0,0 +1,300 @@
+/****************************************************************************
+ * crypto/chachapoly.c
+ * $OpenBSD: chachapoly.c,v 1.6 2020/07/22 13:54:30 tobhe Exp $
+ *
+ * Copyright (c) 2015 Mike Belopuhov
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <sys/param.h>
+
+#include <crypto/poly1305.h>
+#include <crypto/chachapoly.h>
+
+#include "chacha_private.h"
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const uint8_t pad0[16] =
+{
+ 0
+};
Review Comment:
```suggestion
static const uint8_t pad0[16];
```
##########
crypto/chachapoly.c:
##########
@@ -0,0 +1,300 @@
+/****************************************************************************
+ * crypto/chachapoly.c
+ * $OpenBSD: chachapoly.c,v 1.6 2020/07/22 13:54:30 tobhe Exp $
+ *
+ * Copyright (c) 2015 Mike Belopuhov
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <sys/param.h>
+
+#include <crypto/poly1305.h>
+#include <crypto/chachapoly.h>
+
+#include "chacha_private.h"
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const uint8_t pad0[16] =
+{
+ 0
+};
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+int chacha20_setkey(FAR void *sched, FAR uint8_t *key, int len)
+{
+ FAR struct chacha20_ctx *ctx = (FAR struct chacha20_ctx *)sched;
+
+ if (len != CHACHA20_KEYSIZE + CHACHA20_SALT)
+ {
+ return (-1);
Review Comment:
```suggestion
return -1;
```
##########
crypto/crypto.c:
##########
@@ -42,10 +47,343 @@
* Private Data
****************************************************************************/
+FAR struct cryptocap *crypto_drivers;
Review Comment:
do we need `static`?
##########
crypto/chachapoly.c:
##########
@@ -0,0 +1,300 @@
+/****************************************************************************
+ * crypto/chachapoly.c
+ * $OpenBSD: chachapoly.c,v 1.6 2020/07/22 13:54:30 tobhe Exp $
+ *
+ * Copyright (c) 2015 Mike Belopuhov
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <endian.h>
+#include <sys/param.h>
+
+#include <crypto/poly1305.h>
+#include <crypto/chachapoly.h>
+
+#include "chacha_private.h"
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const uint8_t pad0[16] =
+{
+ 0
+};
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+int chacha20_setkey(FAR void *sched, FAR uint8_t *key, int len)
+{
+ FAR struct chacha20_ctx *ctx = (FAR struct chacha20_ctx *)sched;
+
+ if (len != CHACHA20_KEYSIZE + CHACHA20_SALT)
+ {
+ return (-1);
+ }
+
+ /* initial counter is 1 */
+
+ ctx->nonce[0] = 1;
+ memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
+ CHACHA20_SALT);
+ chacha_keysetup((FAR chacha_ctx *)&ctx->block, key, CHACHA20_KEYSIZE * 8);
+ return (0);
Review Comment:
```suggestion
return 0;
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org