rpms/libaesgm/F-13 libaesgm-20090429-fileencrypt.patch, NONE, 1.1 libaesgm.spec, 1.1, 1.2
Tom Callaway
spot at fedoraproject.org
Mon May 24 16:05:30 UTC 2010
Author: spot
Update of /cvs/pkgs/rpms/libaesgm/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv7083/F-13
Modified Files:
libaesgm.spec
Added Files:
libaesgm-20090429-fileencrypt.patch
Log Message:
add fileencrypt support
libaesgm-20090429-fileencrypt.patch:
Makefile | 2
fileenc.c | 145 ++++++++++++
fileenc.h | 122 ++++++++++
hmac.c | 145 ++++++++++++
hmac.h | 102 ++++++++
pwd2key.c | 194 ++++++++++++++++
pwd2key.h | 58 +++++
sha1.c | 323 ++++++++++++++++++++++++++++
sha1.h | 76 ++++++
sha2.c | 713 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
sha2.h | 154 +++++++++++++
11 files changed, 2033 insertions(+), 1 deletion(-)
--- NEW FILE libaesgm-20090429-fileencrypt.patch ---
diff -up libaesgm-20090429/fileenc.c.BAD libaesgm-20090429/fileenc.c
--- libaesgm-20090429/fileenc.c.BAD 2010-05-24 09:53:06.255534192 -0400
+++ libaesgm-20090429/fileenc.c 2010-05-24 09:52:55.570387453 -0400
@@ -0,0 +1,145 @@
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
+ All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ -------------------------------------------------------------------------
+ Issue Date: 26/08/2003
+
+ This file implements password based file encryption and authentication
+ using AES in CTR mode, HMAC-SHA1 authentication and RFC2898 password
+ based key derivation.
+
+*/
+
+#include <memory.h>
+
+#include "fileenc.h"
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+/* subroutine for data encryption/decryption */
+/* this could be speeded up a lot by aligning */
+/* buffers and using 32 bit operations */
+
+static void encr_data(unsigned char data[], unsigned long d_len, fcrypt_ctx cx[1])
+{ unsigned long i = 0, pos = cx->encr_pos;
+
+ while(i < d_len)
+ {
+ if(pos == BLOCK_SIZE)
+ { unsigned int j = 0;
+ /* increment encryption nonce */
+ while(j < 8 && !++cx->nonce[j])
+ ++j;
+ /* encrypt the nonce to form next xor buffer */
+ aes_encrypt(cx->nonce, cx->encr_bfr, cx->encr_ctx);
+ pos = 0;
+ }
+
+ data[i++] ^= cx->encr_bfr[pos++];
+ }
+
+ cx->encr_pos = pos;
+}
+
+int fcrypt_init(
+ int mode, /* the mode to be used (input) */
+ const unsigned char pwd[], /* the user specified password (input) */
+ unsigned int pwd_len, /* the length of the password (input) */
+ const unsigned char salt[], /* the salt (input) */
+#ifdef PASSWORD_VERIFIER
+ unsigned char pwd_ver[PWD_VER_LENGTH], /* 2 byte password verifier (output) */
+#endif
+ fcrypt_ctx cx[1]) /* the file encryption context (output) */
+{ unsigned char kbuf[2 * MAX_KEY_LENGTH + PWD_VER_LENGTH];
+
+ if(pwd_len > MAX_PWD_LENGTH)
+ return PASSWORD_TOO_LONG;
+
+ if(mode < 1 || mode > 3)
+ return BAD_MODE;
+
+ cx->mode = mode;
+ cx->pwd_len = pwd_len;
+ /* initialise the encryption nonce and buffer pos */
+ cx->encr_pos = BLOCK_SIZE;
+
+ /* if we need a random component in the encryption */
+ /* nonce, this is where it would have to be set */
+ memset(cx->nonce, 0, BLOCK_SIZE * sizeof(unsigned char));
+ /* initialise for authentication */
+ hmac_sha_begin(cx->auth_ctx);
+
+ /* derive the encryption and authetication keys and the password verifier */
+ derive_key(pwd, pwd_len, salt, SALT_LENGTH(mode), KEYING_ITERATIONS,
+ kbuf, 2 * KEY_LENGTH(mode) + PWD_VER_LENGTH);
+ /* set the encryption key */
+ aes_encrypt_key(kbuf, KEY_LENGTH(mode), cx->encr_ctx);
+ /* set the authentication key */
+ hmac_sha_key(kbuf + KEY_LENGTH(mode), KEY_LENGTH(mode), cx->auth_ctx);
+#ifdef PASSWORD_VERIFIER
+ memcpy(pwd_ver, kbuf + 2 * KEY_LENGTH(mode), PWD_VER_LENGTH);
+#endif
+ /* clear the buffer holding the derived key values */
+ memset(kbuf, 0, 2 * KEY_LENGTH(mode) + PWD_VER_LENGTH);
+
+ return GOOD_RETURN;
+}
+
+/* perform 'in place' encryption and authentication */
+
+void fcrypt_encrypt(unsigned char data[], unsigned int data_len, fcrypt_ctx cx[1])
+{
+ encr_data(data, data_len, cx);
+ hmac_sha_data(data, data_len, cx->auth_ctx);
+}
+
+/* perform 'in place' authentication and decryption */
+
+void fcrypt_decrypt(unsigned char data[], unsigned int data_len, fcrypt_ctx cx[1])
+{
+ hmac_sha_data(data, data_len, cx->auth_ctx);
+ encr_data(data, data_len, cx);
+}
+
+/* close encryption/decryption and return the MAC value */
+
+int fcrypt_end(unsigned char mac[], fcrypt_ctx cx[1])
+{ unsigned int res = cx->mode;
+
+ hmac_sha_end(mac, MAC_LENGTH(cx->mode), cx->auth_ctx);
+ memset(cx, 0, sizeof(fcrypt_ctx)); /* clear the encryption context */
+ return MAC_LENGTH(res); /* return MAC length in bytes */
+}
+
+#if defined(__cplusplus)
+}
+#endif
diff -up libaesgm-20090429/fileenc.h.BAD libaesgm-20090429/fileenc.h
--- libaesgm-20090429/fileenc.h.BAD 2010-05-24 09:53:06.255534192 -0400
+++ libaesgm-20090429/fileenc.h 2010-05-24 09:56:18.801512342 -0400
@@ -0,0 +1,122 @@
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
+ All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 24/01/2003
+
+ This file contains the header file for fileenc.c, which implements password
+ based file encryption and authentication using AES in CTR mode, HMAC-SHA1
+ authentication and RFC2898 password based key derivation.
+*/
+
+#ifndef _FENC_H
+#define _FENC_H
+
+#include "aes.h"
+#include "hmac.h"
+#include "pwd2key.h"
+
+#define BLOCK_SIZE AES_BLOCK_SIZE
+#define PASSWORD_VERIFIER
[...1685 lines suppressed...]
+ ctx->sha2_len = l; return SHA2_GOOD;
+}
+
+sha2_void sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1])
+{
+ switch(ctx->sha2_len)
+ {
+ case 32: sha256_hash(data, len, CTX_256(ctx)); return;
+ case 48: sha384_hash(data, len, CTX_384(ctx)); return;
+ case 64: sha512_hash(data, len, CTX_512(ctx)); return;
+ }
+}
+
+sha2_void sha2_end(unsigned char hval[], sha2_ctx ctx[1])
+{
+ switch(ctx->sha2_len)
+ {
+ case 32: sha256_end(hval, CTX_256(ctx)); return;
+ case 48: sha_end(hval, CTX_384(ctx), SHA384_DIGEST_SIZE); return;
+ case 64: sha_end(hval, CTX_512(ctx), SHA512_DIGEST_SIZE); return;
+ }
+}
+
+sha2_int sha2(unsigned char hval[], unsigned long size,
+ const unsigned char data[], unsigned long len)
+{ sha2_ctx cx[1];
+
+ if(sha2_begin(size, cx) == SHA2_GOOD)
+ {
+ sha2_hash(data, len, cx); sha2_end(hval, cx); return SHA2_GOOD;
+ }
+ else
+ return SHA2_BAD;
+}
+
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+
diff -up libaesgm-20090429/sha2.h.BAD libaesgm-20090429/sha2.h
--- libaesgm-20090429/sha2.h.BAD 2010-05-24 09:35:26.416537685 -0400
+++ libaesgm-20090429/sha2.h 2010-05-24 09:50:47.186423842 -0400
@@ -0,0 +1,154 @@
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
+ All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 26/08/2003
+*/
+
+#ifndef _SHA2_H
+#define _SHA2_H
+
+#include <limits.h>
+
+/* Defines for suffixes to 32 and 64 bit unsigned numeric values */
+
+#define sfx_lo(x,y) x##y
+#define sfx_hi(x,y) sfx_lo(x,y)
+#define n_u32(p) sfx_hi(0x##p,s_u32)
+#define n_u64(p) sfx_hi(0x##p,s_u64)
+
+/* define an unsigned 32-bit type */
+
+#if UINT_MAX == 0xffffffff
+ typedef unsigned int sha2_32t;
+ #define s_u32 u
+#elif ULONG_MAX == 0xffffffff
+ typedef unsigned long sha2_32t;
+ #define s_u32 ul
+#else
+#error Please define sha2_32t as an unsigned 32 bit type in sha2.h
+#endif
+
+/* define an unsigned 64-bit type */
+
+#if defined(_MSC_VER) && (_MSC_VER < 1300)
+ typedef unsigned __int64 sha2_64t;
+ #define s_u64 ui64
+#elif ULONG_MAX == 0xffffffffffffffff
+ typedef unsigned long sha2_64t;
+ #define s_u64 ul
+#elif ULONG_MAX == 0xffffffff
+ typedef unsigned long long sha2_64t; /* a somewhat dangerous guess */
+ #define s_u64 ull
+#else
+#error Please define sha2_64t as an unsigned 64 bit type in sha2.h
+#endif
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+#define SHA256_DIGEST_SIZE 32
+#define SHA384_DIGEST_SIZE 48
+#define SHA512_DIGEST_SIZE 64
+
+#define SHA256_BLOCK_SIZE 64
+#define SHA384_BLOCK_SIZE 128
+#define SHA512_BLOCK_SIZE 128
+
+#define SHA2_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
+
+#define SHA2_GOOD 0
+#define SHA2_BAD 1
+
+/* type to hold the SHA256 context */
+
+typedef struct
+{ sha2_32t count[2];
+ sha2_32t hash[8];
+ sha2_32t wbuf[16];
+} sha256_ctx;
+
+/* type to hold the SHA384/512 context */
+
+typedef struct
+{ sha2_64t count[2];
+ sha2_64t hash[8];
+ sha2_64t wbuf[16];
+} sha512_ctx;
+
+typedef sha512_ctx sha384_ctx;
+
+/* type to hold a SHA2 context (256/384/512) */
+
+typedef struct
+{ union
+ { sha256_ctx ctx256[1];
+ sha512_ctx ctx512[1];
+ } uu[1];
+ sha2_32t sha2_len;
+} sha2_ctx;
+
+#ifndef SHA2_DLL /* implement normal or DLL functions */
+#define sha2_void void
+#define sha2_int int
+#else
+#define sha2_void void __declspec(dllexport) _stdcall
+#define sha2_int int __declspec(dllexport) _stdcall
+#endif
+
+sha2_void sha256_compile(sha256_ctx ctx[1]);
+sha2_void sha512_compile(sha512_ctx ctx[1]);
+
+sha2_void sha256_begin(sha256_ctx ctx[1]);
+sha2_void sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1]);
+sha2_void sha256_end(unsigned char hval[], sha256_ctx ctx[1]);
+sha2_void sha256(unsigned char hval[], const unsigned char data[], unsigned long len);
+
+sha2_void sha384_begin(sha384_ctx ctx[1]);
+#define sha384_hash sha512_hash
+sha2_void sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
+sha2_void sha384(unsigned char hval[], const unsigned char data[], unsigned long len);
+
+sha2_void sha512_begin(sha512_ctx ctx[1]);
+sha2_void sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1]);
+sha2_void sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
+sha2_void sha512(unsigned char hval[], const unsigned char data[], unsigned long len);
+
+sha2_int sha2_begin(unsigned long size, sha2_ctx ctx[1]);
+sha2_void sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1]);
+sha2_void sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
+sha2_int sha2(unsigned char hval[], unsigned long size, const unsigned char data[], unsigned long len);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
Index: libaesgm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libaesgm/F-13/libaesgm.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- libaesgm.spec 21 May 2010 15:29:56 -0000 1.1
+++ libaesgm.spec 24 May 2010 16:05:30 -0000 1.2
@@ -1,11 +1,14 @@
Name: libaesgm
Version: 20090429
-Release: 2%{?dist}
+Release: 3%{?dist}
License: BSD
Summary: Library implementation of AES (Rijndael) cryptographic methods
URL: http://gladman.plushost.co.uk/oldsite/AES/index.php
Source0: http://gladman.plushost.co.uk/oldsite/AES/aes-src-29-04-09.zip
Source1: Makefile.aes
+# Add fileencryption support
+# http://www.gladman.me.uk/cryptography_technology/fileencrypt/
+Patch0: libaesgm-20090429-fileencrypt.patch
Group: System Environment/Libraries
%description
@@ -22,10 +25,11 @@ Development headers and libraries for li
%prep
%setup -q -c -n %{name}-%{version}
cp %{SOURCE1} Makefile
+%patch0 -p1 -b .fileencrypt
sed -i 's/\r//' *.txt
%build
-make CFLAGS="%{optflags} -fPIC"
+make CFLAGS="%{optflags} -fPIC -DUSE_SHA1"
%install
make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" install
@@ -48,6 +52,9 @@ rm -rf %{buildroot}
%{_libdir}/libaesgm.so
%changelog
+* Mon May 24 2010 Tom "spot" Callaway <tcallawa at redhat.com> 20090429-3
+- add fileencrypt support
+
* Mon Feb 22 2010 Tom "spot" Callaway <tcallawa at redhat.com> 20090429-2
- use sane versioning to ensure proper upgrade ordering without epoch
- fix Makefile.aes to not use double-zero in soname, don't make double zero symlink
More information about the scm-commits
mailing list