From 9e7dc538eabd1ad54b39cd80463a4ba1fba42646 Mon Sep 17 00:00:00 2001 From: miha-q <> Date: Fri, 11 Aug 2023 12:46:29 -0400 Subject: [PATCH] Fri Aug 11 12:46:29 PM EDT 2023 --- src/chacha20.c | 4 +-- src/dhke.c | 2 ++ src/hash.c | 16 +++++++++++ src/headers.h | 44 ++++++++++++++++++++--------- src/hmac.c | 77 ++++++++++++++++++++++++++++++++++---------------- src/poly1305.c | 2 +- src/rsa.c | 61 ++++++++++++++++++--------------------- src/sha256.c | 1 + 8 files changed, 131 insertions(+), 76 deletions(-) create mode 100644 src/hash.c diff --git a/src/chacha20.c b/src/chacha20.c index 8475524..45ffbcd 100644 --- a/src/chacha20.c +++ b/src/chacha20.c @@ -86,7 +86,7 @@ static void foleo_chacha20_block(uint8_t key[32], uint8_t nonce[12], uint32_t bl } /*Don't use block #0 if you are using this in conjunction with poly1305*/ -uint8_t* foleo_chacha20(uint8_t key[32], uint8_t nonce[12], uint32_t block, uint64_t count) +uint8_t* foleo_chacha20(uint8_t key[32], uint8_t nonce[12], uint32_t block, size_t count) { if (count > (274877906944 - block * 64)) return NULL; uint8_t* ret = malloc(0); @@ -110,7 +110,7 @@ uint8_t* foleo_chacha20(uint8_t key[32], uint8_t nonce[12], uint32_t block, uint } //Calculates poly1305 for ciphertext encrypted with chacha20 -uint8_t* foleo_chacha20_poly1305(uint8_t key[32], uint8_t nonce[12], uint8_t* cipherText, uint64_t lengthInBytes) +uint8_t* foleo_chacha20_poly1305(uint8_t key[32], uint8_t nonce[12], uint8_t* cipherText, size_t lengthInBytes) { uint8_t* keydata = foleo_chacha20(key, nonce, 0, 32); uint8_t r[16]; diff --git a/src/dhke.c b/src/dhke.c index ced6f0b..488bbba 100644 --- a/src/dhke.c +++ b/src/dhke.c @@ -195,4 +195,6 @@ uint8_t* foleo_dhke(uint8_t* private, uint8_t* public) return out; } +uint16_t foleo_dhke_modsize() { return sizeof(RFC3526ID16); } + #endif diff --git a/src/hash.c b/src/hash.c new file mode 100644 index 0000000..df6e7a0 --- /dev/null +++ b/src/hash.c @@ -0,0 +1,16 @@ +#ifndef __HASH__ +#define __HASH__ + +static uint8_t foleo_hash_blocksize(uint8_t hfunc) +{ + if (hfunc == FOLEO_SHA256) return 64; + return 0; +} + +uint8_t foleo_hash_size(uint8_t hfunc) +{ + if (hfunc == FOLEO_SHA256) return 32; + return 0; +} + +#endif \ No newline at end of file diff --git a/src/headers.h b/src/headers.h index da94f6d..0aba4e2 100644 --- a/src/headers.h +++ b/src/headers.h @@ -1,17 +1,17 @@ #include #include -uint8_t* foleo_chacha20(uint8_t[32], uint8_t[12], uint32_t, uint64_t); -uint8_t* foleo_chacha20_poly1305(uint8_t[32], uint8_t[12], uint8_t*, uint64_t); +uint8_t* foleo_chacha20(uint8_t[32], uint8_t[12], uint32_t, size_t); +uint8_t* foleo_chacha20_poly1305(uint8_t[32], uint8_t[12], uint8_t*, size_t); uint8_t* foleo_dhke(uint8_t*, uint8_t*); -uint8_t* foleo_dhke_prf(uint32_t, uint8_t*, uint32_t, uint8_t*, uint32_t, uint8_t*, uint32_t); -uint8_t* foleo_poly1305(uint8_t*, uint8_t*, uint8_t*, uint64_t); -static uint8_t* foleo_prigen(uint16_t); -#define FOLEO_RSA_NONE 99 -#define FOLEO_RSA_ENCRYPTION 1 -#define FOLEO_RSA_SIGNATURE 2 -#define FOLEO_RSA_OAEP 3 -#define FOLEO_RSA_PSS 4 +uint16_t foleo_dhke_modsize(); + +uint8_t* foleo_poly1305(uint8_t*, uint8_t*, uint8_t*, size_t); +#define FOLEO_RSA_PADDING_NONE 99 +#define FOLEO_RSA_PADDING_ENCRYPTION 1 +#define FOLEO_RSA_PADDING_SIGNATURE 2 +#define FOLEO_RSA_PADDING_OAEP 3 +#define FOLEO_RSA_PADDING_PSS 4 typedef struct { mpz_t n, k; @@ -22,9 +22,25 @@ void foleo_rsa_import(rsakey_t*, uint8_t*); uint8_t* foleo_rsa_export(rsakey_t*); void foleo_rsa_free(rsakey_t*); void foleo_rsa_keygen(uint16_t, rsakey_t*, rsakey_t*); + +//The maximum message block size that can be used +// for a particular padding scheme. +uint16_t foleo_rsa_msgsize(rsakey_t*, uint8_t); + +//Size of the rsakey struct uint16_t foleo_rsa_keysize(); -uint16_t foleo_rsa_size(rsakey_t, uint8_t); -uint8_t* foleo_rsa_encrypt(rsakey_t, uint8_t, uint8_t*, uint16_t); -uint8_t* foleo_rsa_decrypt(rsakey_t, uint8_t, uint8_t*, uint16_t*); + +//Size in bytes of RSA modulus, same thing as the number +// of bytes the encrypt() function will return +uint16_t foleo_rsa_modsize(rsakey_t*); + +uint8_t* foleo_rsa_encrypt(rsakey_t*, uint8_t, uint8_t*, uint16_t); +uint8_t* foleo_rsa_decrypt(rsakey_t*, uint8_t, uint8_t*, uint16_t*); uint8_t* foleo_sha256(uint8_t*, uint32_t); -#define FOLEO_SHA256 foleo_sha256, 32, 64 + +#define FOLEO_SHA256 1 +uint8_t* foleo_hmac(uint8_t, uint8_t*, uint32_t, uint8_t*, uint32_t); +uint8_t* foleo_hmac_hkdf(uint8_t, uint32_t, uint8_t*, uint32_t, uint8_t*, uint32_t, uint8_t*, uint32_t); +uint8_t* foleo_hmac_prf(uint8_t, uint32_t, uint8_t*, uint32_t, uint8_t*, uint32_t, uint8_t*, uint32_t); + +uint8_t foleo_hash_size(uint8_t); \ No newline at end of file diff --git a/src/hmac.c b/src/hmac.c index 477569b..60ca0c9 100644 --- a/src/hmac.c +++ b/src/hmac.c @@ -3,19 +3,26 @@ #include #include #include +#include "hash.c" +#include "sha256.c" //FOLEO_HMAC(K, m) = H((K' xor opad) || H((K' xor ipad) || m)) -static uint8_t* foleo_hmac +uint8_t* foleo_hmac ( - uint8_t* (hash_func)(uint8_t*, uint32_t), - uint32_t Hs, //hash size - uint32_t Bs, //block size + uint8_t hfunc, uint8_t* K, uint32_t Ks, //K size uint8_t* M, uint32_t Ms //M size ) { + uint8_t* (*hash_func)(uint8_t*, uint32_t); + uint32_t Hs, Bs; + if (hfunc == FOLEO_SHA256) hash_func = foleo_sha256; + else return NULL; + Hs = foleo_hash_size(hfunc); + Bs = foleo_hash_blocksize(hfunc); + uint8_t* tmp1; uint8_t* Kp; //K prime @@ -72,10 +79,8 @@ static uint8_t* foleo_hmac //A(i) = FOLEO_HMAC_hash(secret, A(i-1)) static uint8_t* foleo_hmac_A ( + uint8_t hfunc, uint8_t iter, //iteration - uint8_t* (hash_func)(uint8_t*, uint32_t), - uint32_t Hs, //hash size - uint32_t Bs, //block size uint8_t* secret, uint32_t secretS, //secret size uint8_t* seed, @@ -83,6 +88,13 @@ static uint8_t* foleo_hmac_A uint32_t* returnSize ) { + uint8_t* (*hash_func)(uint8_t*, uint32_t); + uint32_t Hs, Bs; + if (hfunc == FOLEO_SHA256) hash_func = foleo_sha256; + else return NULL; + Hs = foleo_hash_size(hfunc); + Bs = foleo_hash_blocksize(hfunc); + uint8_t* out; if (iter == 0) { @@ -95,8 +107,8 @@ static uint8_t* foleo_hmac_A return out; } uint32_t retSize; - uint8_t* tmp = foleo_hmac_A(iter - 1, hash_func, Hs, Bs, secret, secretS, seed, seedS, &retSize); - out = foleo_hmac(hash_func, Hs, Bs, secret, secretS, tmp, retSize); + uint8_t* tmp = foleo_hmac_A(hfunc, iter - 1, secret, secretS, seed, seedS, &retSize); + out = foleo_hmac(hfunc, secret, secretS, tmp, retSize); free(tmp); *returnSize = Hs; return out; @@ -109,9 +121,7 @@ static uint8_t* foleo_hmac_A // future. uint8_t* foleo_hmac_prf ( - uint8_t* (hash_func)(uint8_t*, uint32_t), - uint32_t Hs,// = 32, - uint32_t Bs,// = 64, + uint8_t hfunc, uint32_t desiredBytes, uint8_t* secret, uint32_t secretS, @@ -121,6 +131,13 @@ uint8_t* foleo_hmac_prf uint32_t seedS ) { + uint8_t* (*hash_func)(uint8_t*, uint32_t); + uint32_t Hs, Bs; + if (hfunc == FOLEO_SHA256) hash_func = foleo_sha256; + else return NULL; + Hs = foleo_hash_size(hfunc); + Bs = foleo_hash_blocksize(hfunc); + uint32_t iter = 1; uint8_t* keystream = malloc(0); uint8_t* labelSeed = malloc(labelS + seedS); @@ -131,11 +148,11 @@ uint8_t* foleo_hmac_prf while (desiredBytes != 0) { uint32_t tmp1S; - uint8_t* tmp1 = foleo_hmac_A(iter, hash_func, Hs, Bs, secret, secretS, labelSeed, labelS + seedS, &tmp1S); + uint8_t* tmp1 = foleo_hmac_A(hfunc, iter, secret, secretS, labelSeed, labelS + seedS, &tmp1S); tmp1 = realloc(tmp1, tmp1S + labelS + seedS); for (uint32_t i = 0; i < labelS + seedS; i++) tmp1[i + tmp1S] = labelSeed[i]; - uint8_t* tmp2 = foleo_hmac(hash_func, Hs, Bs, secret, secretS, tmp1, tmp1S + labelS + seedS); + uint8_t* tmp2 = foleo_hmac(hfunc, secret, secretS, tmp1, tmp1S + labelS + seedS); free(tmp1); if (desiredBytes >= Bs) { @@ -160,10 +177,8 @@ uint8_t* foleo_hmac_prf static uint8_t* foleo_hmac_T ( + uint8_t hfunc, uint8_t iter, - uint8_t* (hash_func)(uint8_t*, uint32_t), - uint32_t Hs, //hash size - uint32_t Bs, //block size uint8_t* prk, uint32_t prkS, uint8_t* info, @@ -171,6 +186,13 @@ static uint8_t* foleo_hmac_T uint32_t* returnSize ) { + uint8_t* (*hash_func)(uint8_t*, uint32_t); + uint32_t Hs, Bs; + if (hfunc == FOLEO_SHA256) hash_func = foleo_sha256; + else return NULL; + Hs = foleo_hash_size(hfunc); + Bs = foleo_hash_blocksize(hfunc); + uint8_t* out; uint8_t* tmp; if (iter == 0) @@ -180,11 +202,11 @@ static uint8_t* foleo_hmac_T return out; } uint32_t tmpS; - tmp = foleo_hmac_T(iter - 1, hash_func, Hs, Bs, prk, prkS, info, infoS, &tmpS); + tmp = foleo_hmac_T(hfunc, iter - 1, prk, prkS, info, infoS, &tmpS); tmp = realloc(tmp, tmpS + infoS + 1); for (uint32_t i = 0; i < infoS; i++) tmp[tmpS + i] = info[i]; tmp[tmpS + infoS] = iter; - out = foleo_hmac(hash_func, Hs, Bs, prk, prkS, tmp, tmpS + infoS + 1); + out = foleo_hmac(hfunc, prk, prkS, tmp, tmpS + infoS + 1); free(tmp); *returnSize = Hs; return out; @@ -192,9 +214,7 @@ static uint8_t* foleo_hmac_T uint8_t* foleo_hmac_hkdf ( - uint8_t* (hash_func)(uint8_t*, uint32_t), - uint32_t Hs, //hash size - uint32_t Bs, //block size + uint8_t hfunc, uint32_t desiredBytes, uint8_t* ikm, uint32_t ikmS, @@ -203,16 +223,23 @@ uint8_t* foleo_hmac_hkdf uint8_t* info, uint32_t infoS ) -{ +{ + uint8_t* (*hash_func)(uint8_t*, uint32_t); + uint32_t Hs, Bs; + if (hfunc == FOLEO_SHA256) hash_func = foleo_sha256; + else return NULL; + Hs = foleo_hash_size(hfunc); + Bs = foleo_hash_blocksize(hfunc); + uint8_t* tmp; uint32_t tmpS; uint8_t* out = malloc(0); uint32_t outS = 0; - uint8_t* prk = foleo_hmac(hash_func, Hs, Bs, salt, saltS, ikm, ikmS); + uint8_t* prk = foleo_hmac(hfunc, salt, saltS, ikm, ikmS); uint32_t iter = 1; while (desiredBytes != 0) { - tmp = foleo_hmac_T(iter++, hash_func, Hs, Bs, prk, Hs, info, infoS, &tmpS); + tmp = foleo_hmac_T(hfunc, iter++, prk, Hs, info, infoS, &tmpS); if (desiredBytes > Hs) { out = realloc(out, outS + tmpS); diff --git a/src/poly1305.c b/src/poly1305.c index c4a7585..d46c7aa 100644 --- a/src/poly1305.c +++ b/src/poly1305.c @@ -35,7 +35,7 @@ static void foleo_poly1305_dump(char *p, mpz_t n) //bS and bR are read little-endian and 16-bytes //return value must be freed -uint8_t* foleo_poly1305(uint8_t* bR, uint8_t* bS, uint8_t* bM, uint64_t bMs) +uint8_t* foleo_poly1305(uint8_t* bR, uint8_t* bS, uint8_t* bM, size_t bMs) { uint8_t bP[] = { diff --git a/src/rsa.c b/src/rsa.c index 11c2e1c..7774c56 100644 --- a/src/rsa.c +++ b/src/rsa.c @@ -6,12 +6,6 @@ #include #include "sha256.c" #include "prigen.c" -/*typedef struct -{ - mpz_t n, k; - uint16_t bitWidth; -} rsakey_t;*/ - static void foleo_rsa_store(mpz_t n, uint8_t* b, uint32_t s) { @@ -514,16 +508,16 @@ static uint8_t* FOLEO_RSA_PadSig(uint16_t size, uint8_t* buffer, uint16_t buffer return block; } -static uint8_t* FOLEO_RSA_Apply(rsakey_t key, uint8_t* block) +static uint8_t* FOLEO_RSA_Apply(rsakey_t* key, uint8_t* block) { - uint8_t* newblock = malloc(key.bitWidth / 8); + uint8_t* newblock = malloc(key->bitWidth / 8); mpz_t n; mpz_init(n); mpz_set_ui(n, 0); - foleo_rsa_load(n, block, key.bitWidth / 8); - mpz_powm(n, n, key.k, key.n); - foleo_rsa_store(n, newblock, key.bitWidth / 8); + foleo_rsa_load(n, block, key->bitWidth / 8); + mpz_powm(n, n, key->k, key->n); + foleo_rsa_store(n, newblock, key->bitWidth / 8); mpz_clear(n); return newblock; @@ -646,31 +640,31 @@ static uint8_t* FOLEO_RSA_DeOAEP(uint16_t size, uint8_t* block, uint16_t* buffer return out; } -uint8_t* foleo_rsa_encrypt(rsakey_t key, uint8_t padding, uint8_t* buffer, uint16_t bufferSize) +uint8_t* foleo_rsa_encrypt(rsakey_t* key, uint8_t padding, uint8_t* buffer, uint16_t bufferSize) { uint8_t* block; uint8_t* eblock; - if (padding == FOLEO_RSA_ENCRYPTION) + if (padding == FOLEO_RSA_PADDING_ENCRYPTION) { - block = FOLEO_RSA_Pad(key.bitWidth, buffer, bufferSize); + block = FOLEO_RSA_Pad(key->bitWidth, buffer, bufferSize); eblock = FOLEO_RSA_Apply(key, block); free(block); } - else if (padding == FOLEO_RSA_SIGNATURE) + else if (padding == FOLEO_RSA_PADDING_SIGNATURE) { - block = FOLEO_RSA_PadSig(key.bitWidth, buffer, bufferSize); + block = FOLEO_RSA_PadSig(key->bitWidth, buffer, bufferSize); eblock = FOLEO_RSA_Apply(key, block); free(block); } - else if (padding == FOLEO_RSA_OAEP) + else if (padding == FOLEO_RSA_PADDING_OAEP) { - block = FOLEO_RSA_PadOAEP(key.bitWidth, buffer, bufferSize); + block = FOLEO_RSA_PadOAEP(key->bitWidth, buffer, bufferSize); eblock = FOLEO_RSA_Apply(key, block); free(block); } else { - if (bufferSize >= key.bitWidth / 8) + if (bufferSize >= key->bitWidth / 8) { fprintf(stderr, "foleo_rsa_encrypt(): Message size too large for the modulus!\n"); return NULL; @@ -680,20 +674,20 @@ uint8_t* foleo_rsa_encrypt(rsakey_t key, uint8_t padding, uint8_t* buffer, uint1 return eblock; } -uint8_t* foleo_rsa_decrypt(rsakey_t key, uint8_t padding, uint8_t* eblock, uint16_t* bufferSize) +uint8_t* foleo_rsa_decrypt(rsakey_t* key, uint8_t padding, uint8_t* eblock, uint16_t* bufferSize) { uint8_t* block; uint8_t* buffer; - if (padding == FOLEO_RSA_ENCRYPTION || padding == FOLEO_RSA_SIGNATURE) + if (padding == FOLEO_RSA_PADDING_ENCRYPTION || padding == FOLEO_RSA_PADDING_SIGNATURE) { block = FOLEO_RSA_Apply(key, eblock); - buffer = FOLEO_RSA_DePad(key.bitWidth, block, bufferSize); + buffer = FOLEO_RSA_DePad(key->bitWidth, block, bufferSize); free(block); } - else if (padding == FOLEO_RSA_OAEP) + else if (padding == FOLEO_RSA_PADDING_OAEP) { block = FOLEO_RSA_Apply(key, eblock); - buffer = FOLEO_RSA_DeOAEP(key.bitWidth, block, bufferSize); + buffer = FOLEO_RSA_DeOAEP(key->bitWidth, block, bufferSize); free(block); } else @@ -704,23 +698,22 @@ uint8_t* foleo_rsa_decrypt(rsakey_t key, uint8_t padding, uint8_t* eblock, uint1 } //calculate the usable block size -uint16_t foleo_rsa_size(rsakey_t key, uint8_t padding) +uint16_t foleo_rsa_msgsize(rsakey_t* key, uint8_t padding) { - if (padding == FOLEO_RSA_ENCRYPTION || padding == FOLEO_RSA_SIGNATURE) + if (padding == FOLEO_RSA_PADDING_ENCRYPTION || padding == FOLEO_RSA_PADDING_SIGNATURE) { - return (key.bitWidth / 8) - 11; + return (key->bitWidth / 8) - 11; } - if (padding = FOLEO_RSA_OAEP) + if (padding = FOLEO_RSA_PADDING_OAEP) { - return (key.bitWidth / 8) - 2 * 32 - 2; //sha-256 + return (key->bitWidth / 8) - 2 * 32 - 2; //sha-256 } - return key.bitWidth / 8; + return key->bitWidth / 8; } //returns the size of an rsa key -uint16_t foleo_rsa_keysize() -{ - return sizeof(rsakey_t); -} +uint16_t foleo_rsa_keysize() { return sizeof(rsakey_t); } +//get the size of the RSA modulus in bytes +uint16_t foleo_rsa_modsize(rsakey_t* key) { return (key->bitWidth / 8) + (key->bitWidth % 8 != 0 ? 1 : 0); } #endif diff --git a/src/sha256.c b/src/sha256.c index 0e7cb55..cb07760 100644 --- a/src/sha256.c +++ b/src/sha256.c @@ -181,4 +181,5 @@ uint8_t* foleo_sha256(uint8_t* msg, uint32_t size) } return out; } + #endif -- 2.39.5