orion pushed to libaesgm (epel7). "Init from master"
notifications at fedoraproject.org
notifications at fedoraproject.org
Fri Mar 27 16:51:13 UTC 2015
>From abe24e2e453249a16d06fe1b49bb6010dd27f410 Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion at cora.nwra.com>
Date: Fri, 27 Mar 2015 10:51:06 -0600
Subject: Init from master
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..ab53d9c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+aes-src-29-04-09.zip
diff --git a/Makefile.aes b/Makefile.aes
new file mode 100644
index 0000000..c68520a
--- /dev/null
+++ b/Makefile.aes
@@ -0,0 +1,33 @@
+# Basic makefile for libaesgm
+# http://gladman.plushost.co.uk/oldsite/AES/
+
+VERSION_MAJOR = 0
+VERSION_MINOR = 0
+VERSION_RELEASE = 0
+VERSION = $(VERSION_MAJOR).$(VERSION_MINOR).$(VERSION_RELEASE)
+
+SHARED_LIB = libaesgm.so
+
+LIBAESGM = aescrypt.o aeskey.o aes_modes.o aestab.o
+LINKOBJ = $(LIBAESGM)
+
+PREFIX = /usr
+LIBDIR = /usr/lib
+INCLUDEDIR = $(PREFIX)/include/
+DESTDIR =
+CFLAGS =
+
+all: sharedlib
+
+sharedlib: $(LINKOBJ)
+ $(CC) $(CFLAGS) -shared -Wl,-soname,$(SHARED_LIB).$(VERSION_MAJOR) -o $(SHARED_LIB).$(VERSION) $^ $(LDFLAGS)
+
+clean:
+ $(RM) $(LINKOBJ) $(SHARED_LIB).$(VERSION)
+
+install:
+ mkdir -p $(DESTDIR)$(INCLUDEDIR)/aes/
+ cp -p *.h $(DESTDIR)$(INCLUDEDIR)/aes/
+ mkdir -p $(DESTDIR)$(LIBDIR)
+ cp -p $(SHARED_LIB).$(VERSION) $(DESTDIR)$(LIBDIR)
+ cd $(DESTDIR)$(LIBDIR) && ln -s -f $(SHARED_LIB).$(VERSION) $(SHARED_LIB) && ln -s -f $(SHARED_LIB).$(VERSION) $(SHARED_LIB).$(VERSION_MAJOR)
diff --git a/libaesgm-20090429-fileencrypt.patch b/libaesgm-20090429-fileencrypt.patch
new file mode 100644
index 0000000..c0be6fb
--- /dev/null
+++ b/libaesgm-20090429-fileencrypt.patch
@@ -0,0 +1,2084 @@
+diff -up libaesgm-20090429/fileenc.c.BAD libaesgm-20090429/fileenc.c
+--- libaesgm-20090429/fileenc.c.BAD 2010-05-24 09:53:06.255534192 -0400
++++ libaesgm-20090429/fileenc.c 2010-05-24 09:52:55.570387453 -0400
+@@ -0,0 +1,145 @@
++/*
++ ---------------------------------------------------------------------------
++ Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
++ All rights reserved.
++
++ LICENSE TERMS
++
++ The free distribution and use of this software in both source and binary
++ form is allowed (with or without changes) provided that:
++
++ 1. distributions of this source code include the above copyright
++ notice, this list of conditions and the following disclaimer;
++
++ 2. distributions in binary form include the above copyright
++ notice, this list of conditions and the following disclaimer
++ in the documentation and/or other associated materials;
++
++ 3. the copyright holder's name is not used to endorse products
++ built using this software without specific written permission.
++
++ ALTERNATIVELY, provided that this notice is retained in full, this product
++ may be distributed under the terms of the GNU General Public License (GPL),
++ in which case the provisions of the GPL apply INSTEAD OF those given above.
++
++ DISCLAIMER
++
++ This software is provided 'as is' with no explicit or implied warranties
++ in respect of its properties, including, but not limited to, correctness
++ and/or fitness for purpose.
++ -------------------------------------------------------------------------
++ Issue Date: 26/08/2003
++
++ This file implements password based file encryption and authentication
++ using AES in CTR mode, HMAC-SHA1 authentication and RFC2898 password
++ based key derivation.
++
++*/
++
++#include <memory.h>
++
++#include "fileenc.h"
++
++#if defined(__cplusplus)
++extern "C"
++{
++#endif
++
++/* subroutine for data encryption/decryption */
++/* this could be speeded up a lot by aligning */
++/* buffers and using 32 bit operations */
++
++static void encr_data(unsigned char data[], unsigned long d_len, fcrypt_ctx cx[1])
++{ unsigned long i = 0, pos = cx->encr_pos;
++
++ while(i < d_len)
++ {
++ if(pos == BLOCK_SIZE)
++ { unsigned int j = 0;
++ /* increment encryption nonce */
++ while(j < 8 && !++cx->nonce[j])
++ ++j;
++ /* encrypt the nonce to form next xor buffer */
++ aes_encrypt(cx->nonce, cx->encr_bfr, cx->encr_ctx);
++ pos = 0;
++ }
++
++ data[i++] ^= cx->encr_bfr[pos++];
++ }
++
++ cx->encr_pos = pos;
++}
++
++int fcrypt_init(
++ int mode, /* the mode to be used (input) */
++ const unsigned char pwd[], /* the user specified password (input) */
++ unsigned int pwd_len, /* the length of the password (input) */
++ const unsigned char salt[], /* the salt (input) */
++#ifdef PASSWORD_VERIFIER
++ unsigned char pwd_ver[PWD_VER_LENGTH], /* 2 byte password verifier (output) */
++#endif
++ fcrypt_ctx cx[1]) /* the file encryption context (output) */
++{ unsigned char kbuf[2 * MAX_KEY_LENGTH + PWD_VER_LENGTH];
++
++ if(pwd_len > MAX_PWD_LENGTH)
++ return PASSWORD_TOO_LONG;
++
++ if(mode < 1 || mode > 3)
++ return BAD_MODE;
++
++ cx->mode = mode;
++ cx->pwd_len = pwd_len;
++ /* initialise the encryption nonce and buffer pos */
++ cx->encr_pos = BLOCK_SIZE;
++
++ /* if we need a random component in the encryption */
++ /* nonce, this is where it would have to be set */
++ memset(cx->nonce, 0, BLOCK_SIZE * sizeof(unsigned char));
++ /* initialise for authentication */
++ hmac_sha_begin(cx->auth_ctx);
++
++ /* derive the encryption and authetication keys and the password verifier */
++ derive_key(pwd, pwd_len, salt, SALT_LENGTH(mode), KEYING_ITERATIONS,
++ kbuf, 2 * KEY_LENGTH(mode) + PWD_VER_LENGTH);
++ /* set the encryption key */
++ aes_encrypt_key(kbuf, KEY_LENGTH(mode), cx->encr_ctx);
++ /* set the authentication key */
++ hmac_sha_key(kbuf + KEY_LENGTH(mode), KEY_LENGTH(mode), cx->auth_ctx);
++#ifdef PASSWORD_VERIFIER
++ memcpy(pwd_ver, kbuf + 2 * KEY_LENGTH(mode), PWD_VER_LENGTH);
++#endif
++ /* clear the buffer holding the derived key values */
++ memset(kbuf, 0, 2 * KEY_LENGTH(mode) + PWD_VER_LENGTH);
++
++ return GOOD_RETURN;
++}
++
++/* perform 'in place' encryption and authentication */
++
++void fcrypt_encrypt(unsigned char data[], unsigned int data_len, fcrypt_ctx cx[1])
++{
++ encr_data(data, data_len, cx);
++ hmac_sha_data(data, data_len, cx->auth_ctx);
++}
++
++/* perform 'in place' authentication and decryption */
++
++void fcrypt_decrypt(unsigned char data[], unsigned int data_len, fcrypt_ctx cx[1])
++{
++ hmac_sha_data(data, data_len, cx->auth_ctx);
++ encr_data(data, data_len, cx);
++}
++
++/* close encryption/decryption and return the MAC value */
++
++int fcrypt_end(unsigned char mac[], fcrypt_ctx cx[1])
++{ unsigned int res = cx->mode;
++
++ hmac_sha_end(mac, MAC_LENGTH(cx->mode), cx->auth_ctx);
++ memset(cx, 0, sizeof(fcrypt_ctx)); /* clear the encryption context */
++ return MAC_LENGTH(res); /* return MAC length in bytes */
++}
++
++#if defined(__cplusplus)
++}
++#endif
+diff -up libaesgm-20090429/fileenc.h.BAD libaesgm-20090429/fileenc.h
+--- libaesgm-20090429/fileenc.h.BAD 2010-05-24 09:53:06.255534192 -0400
++++ libaesgm-20090429/fileenc.h 2010-05-24 09:56:18.801512342 -0400
+@@ -0,0 +1,122 @@
++/*
++ ---------------------------------------------------------------------------
++ Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
++ All rights reserved.
++
++ LICENSE TERMS
++
++ The free distribution and use of this software in both source and binary
++ form is allowed (with or without changes) provided that:
++
++ 1. distributions of this source code include the above copyright
++ notice, this list of conditions and the following disclaimer;
++
++ 2. distributions in binary form include the above copyright
++ notice, this list of conditions and the following disclaimer
++ in the documentation and/or other associated materials;
++
++ 3. the copyright holder's name is not used to endorse products
++ built using this software without specific written permission.
++
++ ALTERNATIVELY, provided that this notice is retained in full, this product
++ may be distributed under the terms of the GNU General Public License (GPL),
++ in which case the provisions of the GPL apply INSTEAD OF those given above.
++
++ DISCLAIMER
++
++ This software is provided 'as is' with no explicit or implied warranties
++ in respect of its properties, including, but not limited to, correctness
++ and/or fitness for purpose.
++ ---------------------------------------------------------------------------
++ Issue Date: 24/01/2003
++
++ This file contains the header file for fileenc.c, which implements password
++ based file encryption and authentication using AES in CTR mode, HMAC-SHA1
++ authentication and RFC2898 password based key derivation.
++*/
++
++#ifndef _FENC_H
++#define _FENC_H
++
++#include "aes.h"
++#include "hmac.h"
++#include "pwd2key.h"
++
++#define BLOCK_SIZE AES_BLOCK_SIZE
++#define PASSWORD_VERIFIER
++
++#define MAX_KEY_LENGTH 32
++#define MAX_PWD_LENGTH 128
++#define MAX_SALT_LENGTH 16
++#define KEYING_ITERATIONS 1000
++
++#ifdef PASSWORD_VERIFIER
++#define PWD_VER_LENGTH 2
++#else
++#define PWD_VER_LENGTH 0
++#endif
++
++#define GOOD_RETURN 0
++#define PASSWORD_TOO_LONG -100
++#define BAD_MODE -101
++
++/*
++ Field lengths (in bytes) versus File Encryption Mode (0 < mode < 4)
++
++ Mode Key Salt MAC Overhead
++ 1 16 8 10 18
++ 2 24 12 10 22
++ 3 32 16 10 26
++
++ The following macros assume that the mode value is correct.
++*/
++
++#define KEY_LENGTH(mode) (8 * (mode & 3) + 8)
++#define SALT_LENGTH(mode) (4 * (mode & 3) + 4)
++#define MAC_LENGTH(mode) (10)
++
++/* the context for file encryption */
++
++#if defined(__cplusplus)
++extern "C"
++{
++#endif
++
++typedef struct
++{ unsigned char nonce[BLOCK_SIZE]; /* the CTR nonce */
++ unsigned char encr_bfr[BLOCK_SIZE]; /* encrypt buffer */
++ aes_encrypt_ctx encr_ctx[1]; /* encryption context */
++ hmac_ctx auth_ctx[1]; /* authentication context */
++ unsigned int encr_pos; /* block position (enc) */
++ unsigned int pwd_len; /* password length */
++ unsigned int mode; /* File encryption mode */
++} fcrypt_ctx;
++
++/* initialise file encryption or decryption */
++
++int fcrypt_init(
++ int mode, /* the mode to be used (input) */
++ const unsigned char pwd[], /* the user specified password (input) */
++ unsigned int pwd_len, /* the length of the password (input) */
++ const unsigned char salt[], /* the salt (input) */
++#ifdef PASSWORD_VERIFIER
++ unsigned char pwd_ver[PWD_VER_LENGTH], /* 2 byte password verifier (output) */
++#endif
++ fcrypt_ctx cx[1]); /* the file encryption context (output) */
++
++/* perform 'in place' encryption or decryption and authentication */
++
++void fcrypt_encrypt(unsigned char data[], unsigned int data_len, fcrypt_ctx cx[1]);
++void fcrypt_decrypt(unsigned char data[], unsigned int data_len, fcrypt_ctx cx[1]);
++
++/* close encryption/decryption and return the MAC value */
++/* the return value is the length of the MAC */
++
++int fcrypt_end(unsigned char mac[], /* the MAC value (output) */
++ fcrypt_ctx cx[1]); /* the context (input) */
++
++#if defined(__cplusplus)
++}
++#endif
++
++#endif
+diff -up libaesgm-20090429/hmac.c.BAD libaesgm-20090429/hmac.c
+--- libaesgm-20090429/hmac.c.BAD 2010-05-24 09:37:00.605385987 -0400
++++ libaesgm-20090429/hmac.c 2010-05-24 09:36:55.549386057 -0400
+@@ -0,0 +1,145 @@
++/*
++ ---------------------------------------------------------------------------
++ Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
++ All rights reserved.
++
++ LICENSE TERMS
++
++ The free distribution and use of this software in both source and binary
++ form is allowed (with or without changes) provided that:
++
++ 1. distributions of this source code include the above copyright
++ notice, this list of conditions and the following disclaimer;
++
++ 2. distributions in binary form include the above copyright
++ notice, this list of conditions and the following disclaimer
++ in the documentation and/or other associated materials;
++
++ 3. the copyright holder's name is not used to endorse products
++ built using this software without specific written permission.
++
++ ALTERNATIVELY, provided that this notice is retained in full, this product
++ may be distributed under the terms of the GNU General Public License (GPL),
++ in which case the provisions of the GPL apply INSTEAD OF those given above.
++
++ DISCLAIMER
++
++ This software is provided 'as is' with no explicit or implied warranties
++ in respect of its properties, including, but not limited to, correctness
++ and/or fitness for purpose.
++ ---------------------------------------------------------------------------
++ Issue Date: 26/08/2003
++
++ This is an implementation of HMAC, the FIPS standard keyed hash function
++*/
++
++#include "hmac.h"
++
++#if defined(__cplusplus)
++extern "C"
++{
++#endif
++
++/* initialise the HMAC context to zero */
++void hmac_sha_begin(hmac_ctx cx[1])
++{
++ memset(cx, 0, sizeof(hmac_ctx));
++}
++
++/* input the HMAC key (can be called multiple times) */
++int hmac_sha_key(const unsigned char key[], unsigned long key_len, hmac_ctx cx[1])
++{
++ if(cx->klen == HMAC_IN_DATA) /* error if further key input */
++ return HMAC_BAD_MODE; /* is attempted in data mode */
++
++ if(cx->klen + key_len > HASH_INPUT_SIZE) /* if the key has to be hashed */
++ {
++ if(cx->klen <= HASH_INPUT_SIZE) /* if the hash has not yet been */
++ { /* started, initialise it and */
++ sha_begin(cx->ctx); /* hash stored key characters */
++ sha_hash(cx->key, cx->klen, cx->ctx);
++ }
++
++ sha_hash(key, key_len, cx->ctx); /* hash long key data into hash */
++ }
++ else /* otherwise store key data */
++ memcpy(cx->key + cx->klen, key, key_len);
++
++ cx->klen += key_len; /* update the key length count */
++ return HMAC_OK;
++}
++
++/* input the HMAC data (can be called multiple times) - */
++/* note that this call terminates the key input phase */
++void hmac_sha_data(const unsigned char data[], unsigned long data_len, hmac_ctx cx[1])
++{ unsigned int i;
++
++ if(cx->klen != HMAC_IN_DATA) /* if not yet in data phase */
++ {
++ if(cx->klen > HASH_INPUT_SIZE) /* if key is being hashed */
++ { /* complete the hash and */
++ sha_end(cx->key, cx->ctx); /* store the result as the */
++ cx->klen = HASH_OUTPUT_SIZE; /* key and set new length */
++ }
++
++ /* pad the key if necessary */
++ memset(cx->key + cx->klen, 0, HASH_INPUT_SIZE - cx->klen);
++
++ /* xor ipad into key value */
++ for(i = 0; i < (HASH_INPUT_SIZE >> 2); ++i)
++ ((unsigned long*)cx->key)[i] ^= 0x36363636;
++
++ /* and start hash operation */
++ sha_begin(cx->ctx);
++ sha_hash(cx->key, HASH_INPUT_SIZE, cx->ctx);
++
++ /* mark as now in data mode */
++ cx->klen = HMAC_IN_DATA;
++ }
++
++ /* hash the data (if any) */
++ if(data_len)
++ sha_hash(data, data_len, cx->ctx);
++}
++
++/* compute and output the MAC value */
++void hmac_sha_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[1])
++{ unsigned char dig[HASH_OUTPUT_SIZE];
++ unsigned int i;
++
++ /* if no data has been entered perform a null data phase */
++ if(cx->klen != HMAC_IN_DATA)
++ hmac_sha_data((const unsigned char*)0, 0, cx);
++
++ sha_end(dig, cx->ctx); /* complete the inner hash */
++
++ /* set outer key value using opad and removing ipad */
++ for(i = 0; i < (HASH_INPUT_SIZE >> 2); ++i)
++ ((unsigned long*)cx->key)[i] ^= 0x36363636 ^ 0x5c5c5c5c;
++
++ /* perform the outer hash operation */
++ sha_begin(cx->ctx);
++ sha_hash(cx->key, HASH_INPUT_SIZE, cx->ctx);
++ sha_hash(dig, HASH_OUTPUT_SIZE, cx->ctx);
++ sha_end(dig, cx->ctx);
++
++ /* output the hash value */
++ for(i = 0; i < mac_len; ++i)
++ mac[i] = dig[i];
++}
++
++/* 'do it all in one go' subroutine */
++void hmac_sha(const unsigned char key[], unsigned long key_len,
++ const unsigned char data[], unsigned long data_len,
++ unsigned char mac[], unsigned long mac_len)
++{ hmac_ctx cx[1];
++
++ hmac_sha_begin(cx);
++ hmac_sha_key(key, key_len, cx);
++ hmac_sha_data(data, data_len, cx);
++ hmac_sha_end(mac, mac_len, cx);
++}
++
++#if defined(__cplusplus)
++}
++#endif
+diff -up libaesgm-20090429/hmac.h.BAD libaesgm-20090429/hmac.h
+--- libaesgm-20090429/hmac.h.BAD 2010-05-24 09:34:05.695387664 -0400
++++ libaesgm-20090429/hmac.h 2010-05-24 09:34:01.466510795 -0400
+@@ -0,0 +1,102 @@
++/*
++ ---------------------------------------------------------------------------
++ Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
++ All rights reserved.
++
++ LICENSE TERMS
++
++ The free distribution and use of this software in both source and binary
++ form is allowed (with or without changes) provided that:
++
++ 1. distributions of this source code include the above copyright
++ notice, this list of conditions and the following disclaimer;
++
++ 2. distributions in binary form include the above copyright
++ notice, this list of conditions and the following disclaimer
++ in the documentation and/or other associated materials;
++
++ 3. the copyright holder's name is not used to endorse products
++ built using this software without specific written permission.
++
++ ALTERNATIVELY, provided that this notice is retained in full, this product
++ may be distributed under the terms of the GNU General Public License (GPL),
++ in which case the provisions of the GPL apply INSTEAD OF those given above.
++
++ DISCLAIMER
++
++ This software is provided 'as is' with no explicit or implied warranties
++ in respect of its properties, including, but not limited to, correctness
++ and/or fitness for purpose.
++ ---------------------------------------------------------------------------
++ Issue Date: 26/08/2003
++
++ This is an implementation of HMAC, the FIPS standard keyed hash function
++*/
++
++#ifndef _HMAC_H
++#define _HMAC_H
++
++#include <memory.h>
++
++#if defined(__cplusplus)
++extern "C"
++{
++#endif
++
++#if !defined(USE_SHA1) && !defined(USE_SHA256)
++#error define USE_SHA1 or USE_SHA256 to set the HMAC hash algorithm
++#endif
++
++#ifdef USE_SHA1
++
++#include "sha1.h"
++
++#define HASH_INPUT_SIZE SHA1_BLOCK_SIZE
++#define HASH_OUTPUT_SIZE SHA1_DIGEST_SIZE
++#define sha_ctx sha1_ctx
++#define sha_begin sha1_begin
++#define sha_hash sha1_hash
++#define sha_end sha1_end
++
++#endif
++
++#ifdef USE_SHA256
++
++#include "sha2.h"
++
++#define HASH_INPUT_SIZE SHA256_BLOCK_SIZE
++#define HASH_OUTPUT_SIZE SHA256_DIGEST_SIZE
++#define sha_ctx sha256_ctx
++#define sha_begin sha256_begin
++#define sha_hash sha256_hash
++#define sha_end sha256_end
++
++#endif
++
++#define HMAC_OK 0
++#define HMAC_BAD_MODE -1
++#define HMAC_IN_DATA 0xffffffff
++
++typedef struct
++{ unsigned char key[HASH_INPUT_SIZE];
++ sha_ctx ctx[1];
++ unsigned long klen;
++} hmac_ctx;
++
++void hmac_sha_begin(hmac_ctx cx[1]);
++
++int hmac_sha_key(const unsigned char key[], unsigned long key_len, hmac_ctx cx[1]);
++
++void hmac_sha_data(const unsigned char data[], unsigned long data_len, hmac_ctx cx[1]);
++
++void hmac_sha_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[1]);
++
++void hmac_sha(const unsigned char key[], unsigned long key_len,
++ const unsigned char data[], unsigned long data_len,
++ unsigned char mac[], unsigned long mac_len);
++
++#if defined(__cplusplus)
++}
++#endif
++
++#endif
+diff -up libaesgm-20090429/Makefile.BAD libaesgm-20090429/Makefile
+--- libaesgm-20090429/Makefile.BAD 2010-05-24 09:34:28.198386197 -0400
++++ libaesgm-20090429/Makefile 2010-05-24 09:56:55.525397596 -0400
+@@ -8,7 +8,7 @@ VERSION = $(VERSION_MAJOR).$(VERSION_MIN
+
+ SHARED_LIB = libaesgm.so
+
+-LIBAESGM = aescrypt.o aeskey.o aes_modes.o aestab.o
++LIBAESGM = aescrypt.o aeskey.o aes_modes.o aestab.o fileenc.o hmac.o pwd2key.o sha1.o sha2.o
+ LINKOBJ = $(LIBAESGM)
+
+ PREFIX = /usr
+diff -up libaesgm-20090429/pwd2key.c.BAD libaesgm-20090429/pwd2key.c
+--- libaesgm-20090429/pwd2key.c.BAD 2010-05-24 09:56:41.951387734 -0400
++++ libaesgm-20090429/pwd2key.c 2010-05-24 09:56:34.042512473 -0400
+@@ -0,0 +1,194 @@
++/*
++ ---------------------------------------------------------------------------
++ Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
++ All rights reserved.
++
++ LICENSE TERMS
++
++ The free distribution and use of this software in both source and binary
++ form is allowed (with or without changes) provided that:
++
++ 1. distributions of this source code include the above copyright
++ notice, this list of conditions and the following disclaimer;
++
++ 2. distributions in binary form include the above copyright
++ notice, this list of conditions and the following disclaimer
++ in the documentation and/or other associated materials;
++
++ 3. the copyright holder's name is not used to endorse products
++ built using this software without specific written permission.
++
++ ALTERNATIVELY, provided that this notice is retained in full, this product
++ may be distributed under the terms of the GNU General Public License (GPL),
++ in which case the provisions of the GPL apply INSTEAD OF those given above.
++
++ DISCLAIMER
++
++ This software is provided 'as is' with no explicit or implied warranties
++ in respect of its properties, including, but not limited to, correctness
++ and/or fitness for purpose.
++ ---------------------------------------------------------------------------
++ Issue Date: 26/08/2003
++
++ This is an implementation of RFC2898, which specifies key derivation from
++ a password and a salt value.
++*/
++
++#include <memory.h>
++#include "hmac.h"
++
++#if defined(__cplusplus)
++extern "C"
++{
++#endif
++
++void derive_key(const unsigned char pwd[], /* the PASSWORD */
++ unsigned int pwd_len, /* and its length */
++ const unsigned char salt[], /* the SALT and its */
++ unsigned int salt_len, /* length */
++ unsigned int iter, /* the number of iterations */
++ unsigned char key[], /* space for the output key */
++ unsigned int key_len)/* and its required length */
++{
++ unsigned int i, j, k, n_blk;
++ unsigned char uu[HASH_OUTPUT_SIZE], ux[HASH_OUTPUT_SIZE];
++ hmac_ctx c1[1], c2[1], c3[1];
++
++ /* set HMAC context (c1) for password */
++ hmac_sha_begin(c1);
++ hmac_sha_key(pwd, pwd_len, c1);
++
++ /* set HMAC context (c2) for password and salt */
++ memcpy(c2, c1, sizeof(hmac_ctx));
++ hmac_sha_data(salt, salt_len, c2);
++
++ /* find the number of SHA blocks in the key */
++ n_blk = 1 + (key_len - 1) / HASH_OUTPUT_SIZE;
++
++ for(i = 0; i < n_blk; ++i) /* for each block in key */
++ {
++ /* ux[] holds the running xor value */
++ memset(ux, 0, HASH_OUTPUT_SIZE);
++
++ /* set HMAC context (c3) for password and salt */
++ memcpy(c3, c2, sizeof(hmac_ctx));
++
++ /* enter additional data for 1st block into uu */
++ uu[0] = (unsigned char)((i + 1) >> 24);
++ uu[1] = (unsigned char)((i + 1) >> 16);
++ uu[2] = (unsigned char)((i + 1) >> 8);
++ uu[3] = (unsigned char)(i + 1);
++
++ /* this is the key mixing iteration */
++ for(j = 0, k = 4; j < iter; ++j)
++ {
++ /* add previous round data to HMAC */
++ hmac_sha_data(uu, k, c3);
++
++ /* obtain HMAC for uu[] */
++ hmac_sha_end(uu, HASH_OUTPUT_SIZE, c3);
++
++ /* xor into the running xor block */
++ for(k = 0; k < HASH_OUTPUT_SIZE; ++k)
++ ux[k] ^= uu[k];
++
++ /* set HMAC context (c3) for password */
++ memcpy(c3, c1, sizeof(hmac_ctx));
++ }
++
++ /* compile key blocks into the key output */
++ j = 0; k = i * HASH_OUTPUT_SIZE;
++ while(j < HASH_OUTPUT_SIZE && k < key_len)
++ key[k++] = ux[j++];
++ }
++}
++
++#ifdef TEST
++
++#include <stdio.h>
++
++struct
++{ unsigned int pwd_len;
++ unsigned int salt_len;
++ unsigned int it_count;
++ unsigned char *pwd;
++ unsigned char salt[32];
++ unsigned char key[32];
++} tests[] =
++{
++ { 8, 4, 5, (unsigned char*)"password",
++ {
++ 0x12, 0x34, 0x56, 0x78
++ },
++ {
++ 0x5c, 0x75, 0xce, 0xf0, 0x1a, 0x96, 0x0d, 0xf7,
++ 0x4c, 0xb6, 0xb4, 0x9b, 0x9e, 0x38, 0xe6, 0xb5
++ }
++ },
++ { 8, 8, 5, (unsigned char*)"password",
++ {
++ 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
++ },
++ {
++ 0xd1, 0xda, 0xa7, 0x86, 0x15, 0xf2, 0x87, 0xe6,
++ 0xa1, 0xc8, 0xb1, 0x20, 0xd7, 0x06, 0x2a, 0x49
++ }
++ },
++ { 8, 21, 1, (unsigned char*)"password",
++ {
++ "ATHENA.MIT.EDUraeburn"
++ },
++ {
++ 0xcd, 0xed, 0xb5, 0x28, 0x1b, 0xb2, 0xf8, 0x01,
++ 0x56, 0x5a, 0x11, 0x22, 0xb2, 0x56, 0x35, 0x15
++ }
++ },
++ { 8, 21, 2, (unsigned char*)"password",
++ {
++ "ATHENA.MIT.EDUraeburn"
++ },
++ {
++ 0x01, 0xdb, 0xee, 0x7f, 0x4a, 0x9e, 0x24, 0x3e,
++ 0x98, 0x8b, 0x62, 0xc7, 0x3c, 0xda, 0x93, 0x5d
++ }
++ },
++ { 8, 21, 1200, (unsigned char*)"password",
++ {
++ "ATHENA.MIT.EDUraeburn"
++ },
++ {
++ 0x5c, 0x08, 0xeb, 0x61, 0xfd, 0xf7, 0x1e, 0x4e,
++ 0x4e, 0xc3, 0xcf, 0x6b, 0xa1, 0xf5, 0x51, 0x2b
++ }
++ }
++};
++
++int main()
++{ unsigned int i, j, key_len = 256;
++ unsigned char key[256];
++
++ printf("\nTest of RFC2898 Password Based Key Derivation");
++ for(i = 0; i < 5; ++i)
++ {
++ derive_key(tests[i].pwd, tests[i].pwd_len, tests[i].salt,
++ tests[i].salt_len, tests[i].it_count, key, key_len);
++
++ printf("\ntest %i: ", i + 1);
++ printf("key %s", memcmp(tests[i].key, key, 16) ? "is bad" : "is good");
++ for(j = 0; j < key_len && j < 64; j += 4)
++ {
++ if(j % 16 == 0)
++ printf("\n");
++ printf("0x%02x%02x%02x%02x ", key[j], key[j + 1], key[j + 2], key[j + 3]);
++ }
++ printf(j < key_len ? " ... \n" : "\n");
++ }
++ printf("\n");
++ return 0;
++}
++
++#if defined(__cplusplus)
++}
++#endif
++
++#endif
+diff -up libaesgm-20090429/pwd2key.h.BAD libaesgm-20090429/pwd2key.h
+--- libaesgm-20090429/pwd2key.h.BAD 2010-05-24 09:56:41.954478668 -0400
++++ libaesgm-20090429/pwd2key.h 2010-05-24 09:56:34.043512682 -0400
+@@ -0,0 +1,58 @@
++/*
++ ---------------------------------------------------------------------------
++ Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
++ All rights reserved.
++
++ LICENSE TERMS
++
++ The free distribution and use of this software in both source and binary
++ form is allowed (with or without changes) provided that:
++
++ 1. distributions of this source code include the above copyright
++ notice, this list of conditions and the following disclaimer;
++
++ 2. distributions in binary form include the above copyright
++ notice, this list of conditions and the following disclaimer
++ in the documentation and/or other associated materials;
++
++ 3. the copyright holder's name is not used to endorse products
++ built using this software without specific written permission.
++
++ ALTERNATIVELY, provided that this notice is retained in full, this product
++ may be distributed under the terms of the GNU General Public License (GPL),
++ in which case the provisions of the GPL apply INSTEAD OF those given above.
++
++ DISCLAIMER
++
++ This software is provided 'as is' with no explicit or implied warranties
++ in respect of its properties, including, but not limited to, correctness
++ and/or fitness for purpose.
++ ---------------------------------------------------------------------------
++ Issue Date: 26/08/2003
++
++ This is an implementation of RFC2898, which specifies key derivation from
++ a password and a salt value.
++*/
++
++#ifndef PWD2KEY_H
++#define PWD2KEY_H
++
++#if defined(__cplusplus)
++extern "C"
++{
++#endif
++
++void derive_key(
++ const unsigned char pwd[], /* the PASSWORD, and */
++ unsigned int pwd_len, /* its length */
++ const unsigned char salt[], /* the SALT and its */
++ unsigned int salt_len, /* length */
++ unsigned int iter, /* the number of iterations */
++ unsigned char key[], /* space for the output key */
++ unsigned int key_len); /* and its required length */
++
++#if defined(__cplusplus)
++}
++#endif
++
++#endif
+diff -up libaesgm-20090429/sha1.c.BAD libaesgm-20090429/sha1.c
+--- libaesgm-20090429/sha1.c.BAD 2010-05-24 09:35:26.415540411 -0400
++++ libaesgm-20090429/sha1.c 2010-05-24 09:35:05.496512680 -0400
+@@ -0,0 +1,323 @@
++/*
++ ---------------------------------------------------------------------------
++ Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
++ All rights reserved.
++
++ LICENSE TERMS
++
++ The free distribution and use of this software in both source and binary
++ form is allowed (with or without changes) provided that:
++
++ 1. distributions of this source code include the above copyright
++ notice, this list of conditions and the following disclaimer;
++
++ 2. distributions in binary form include the above copyright
++ notice, this list of conditions and the following disclaimer
++ in the documentation and/or other associated materials;
++
++ 3. the copyright holder's name is not used to endorse products
++ built using this software without specific written permission.
++
++ ALTERNATIVELY, provided that this notice is retained in full, this product
++ may be distributed under the terms of the GNU General Public License (GPL),
++ in which case the provisions of the GPL apply INSTEAD OF those given above.
++
++ DISCLAIMER
++
++ This software is provided 'as is' with no explicit or implied warranties
++ in respect of its properties, including, but not limited to, correctness
++ and/or fitness for purpose.
++ ---------------------------------------------------------------------------
++ Issue Date: 26/08/2003
++
++ This is a byte oriented version of SHA1 that operates on arrays of bytes
++ stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor
++*/
++
++#include <string.h> /* for memcpy() etc. */
++#include <stdlib.h> /* for _lrotl with VC++ */
++
++#include "sha1.h"
++
++#if defined(__cplusplus)
++extern "C"
++{
++#endif
++
++/*
++ To obtain the highest speed on processors with 32-bit words, this code
++ needs to determine the order in which bytes are packed into such words.
++ The following block of code is an attempt to capture the most obvious
++ ways in which various environemnts specify their endian definitions.
++ It may well fail, in which case the definitions will need to be set by
++ editing at the points marked **** EDIT HERE IF NECESSARY **** below.
++*/
++/* PLATFORM SPECIFIC INCLUDES */
++
++#if defined( __FreeBSD__ ) || defined( __OpenBSD__ )
++# include <sys/endian.h>
++#elif defined( BSD ) && ( BSD >= 199103 )
++# include <machine/endian.h>
++#elif defined( __GNUC__ ) || defined( __GNU_LIBRARY__ )
++# include <endian.h>
++# include <byteswap.h>
++#elif defined( linux )
++# include <endian.h>
++#endif
++
++/* BYTE ORDER IN 32-BIT WORDS
++
++ To obtain the highest speed on processors with 32-bit words, this code
++ needs to determine the byte order of the target machine. The following
++ block of code is an attempt to capture the most obvious ways in which
++ various environemnts define byte order. It may well fail, in which case
++ the definitions will need to be set by editing at the points marked
++ **** EDIT HERE IF NECESSARY **** below. My thanks to Peter Gutmann for
++ some of these defines (from cryptlib).
++*/
++
++#define BRG_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
++#define BRG_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
++
++#if defined( __alpha__ ) || defined( __alpha ) || defined( i386 ) || \
++ defined( __i386__ ) || defined( _M_I86 ) || defined( _M_IX86 ) || \
++ defined( __OS2__ ) || defined( sun386 ) || defined( __TURBOC__ ) || \
++ defined( vax ) || defined( vms ) || defined( VMS ) || \
++ defined( __VMS )
++
++#define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++
++#endif
++
++#if defined( AMIGA ) || defined( applec ) || defined( __AS400__ ) || \
++ defined( _CRAY ) || defined( __hppa ) || defined( __hp9000 ) || \
++ defined( ibm370 ) || defined( mc68000 ) || defined( m68k ) || \
++ defined( __MRC__ ) || defined( __MVS__ ) || defined( __MWERKS__ ) || \
++ defined( sparc ) || defined( __sparc) || defined( SYMANTEC_C ) || \
++ defined( __TANDEM ) || defined( THINK_C ) || defined( __VMCMS__ )
++
++#define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++
++#endif
++
++/* if the platform is still not known, try to find its byte order */
++/* from commonly used definitions in the headers included earlier */
++
++#if !defined(PLATFORM_BYTE_ORDER)
++
++#if defined(LITTLE_ENDIAN) || defined(BIG_ENDIAN)
++# if defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++# elif !defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++# elif defined(BYTE_ORDER) && (BYTE_ORDER == LITTLE_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++# elif defined(BYTE_ORDER) && (BYTE_ORDER == BIG_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++# endif
++
++#elif defined(_LITTLE_ENDIAN) || defined(_BIG_ENDIAN)
++# if defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++# elif !defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++# elif defined(_BYTE_ORDER) && (_BYTE_ORDER == _LITTLE_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++# elif defined(_BYTE_ORDER) && (_BYTE_ORDER == _BIG_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++# endif
++
++#elif defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)
++# if defined(__LITTLE_ENDIAN__) && !defined(__BIG_ENDIAN__)
++# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++# elif !defined(__LITTLE_ENDIAN__) && defined(__BIG_ENDIAN__)
++# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++# elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __LITTLE_ENDIAN__)
++# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++# elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __BIG_ENDIAN__)
++# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++# endif
++
++#elif 0 /* **** EDIT HERE IF NECESSARY **** */
++#define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++
++#elif 0 /* **** EDIT HERE IF NECESSARY **** */
++#define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++
++#else
++#error Please edit sha1.c (line 141 or 144) to set the platform byte order
++#endif
++
++#endif
++
++#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
++
++#if (PLATFORM_BYTE_ORDER == BRG_BIG_ENDIAN)
++#define swap_b32(x) (x)
++#elif defined(bswap_32)
++#define swap_b32(x) bswap_32(x)
++#else
++#define swap_b32(x) ((rotl32((x), 8) & 0x00ff00ff) | (rotl32((x), 24) & 0xff00ff00))
++#endif
++
++#define SHA1_MASK (SHA1_BLOCK_SIZE - 1)
++
++#if 1
++
++#define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
++#define parity(x,y,z) ((x) ^ (y) ^ (z))
++#define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
++
++#else /* Discovered Rich Schroeppel and Colin Plumb */
++
++#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
++#define parity(x,y,z) ((x) ^ (y) ^ (z))
++#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y))))
++
++#endif
++
++/* A normal version as set out in the FIPS */
++
++#define rnd(f,k) \
++ t = a; a = rotl32(a,5) + f(b,c,d) + e + k + w[i]; \
++ e = d; d = c; c = rotl32(b, 30); b = t
++
++void sha1_compile(sha1_ctx ctx[1])
++{ sha1_32t w[80], i, a, b, c, d, e, t;
++
++ /* note that words are compiled from the buffer into 32-bit */
++ /* words in big-endian order so an order reversal is needed */
++ /* here on little endian machines */
++ for(i = 0; i < SHA1_BLOCK_SIZE / 4; ++i)
++ w[i] = swap_b32(ctx->wbuf[i]);
++
++ for(i = SHA1_BLOCK_SIZE / 4; i < 80; ++i)
++ w[i] = rotl32(w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16], 1);
++
++ a = ctx->hash[0];
++ b = ctx->hash[1];
++ c = ctx->hash[2];
++ d = ctx->hash[3];
++ e = ctx->hash[4];
++
++ for(i = 0; i < 20; ++i)
++ {
++ rnd(ch, 0x5a827999);
++ }
++
++ for(i = 20; i < 40; ++i)
++ {
++ rnd(parity, 0x6ed9eba1);
++ }
++
++ for(i = 40; i < 60; ++i)
++ {
++ rnd(maj, 0x8f1bbcdc);
++ }
++
++ for(i = 60; i < 80; ++i)
++ {
++ rnd(parity, 0xca62c1d6);
++ }
++
++ ctx->hash[0] += a;
++ ctx->hash[1] += b;
++ ctx->hash[2] += c;
++ ctx->hash[3] += d;
++ ctx->hash[4] += e;
++}
++
++void sha1_begin(sha1_ctx ctx[1])
++{
++ ctx->count[0] = ctx->count[1] = 0;
++ ctx->hash[0] = 0x67452301;
++ ctx->hash[1] = 0xefcdab89;
++ ctx->hash[2] = 0x98badcfe;
++ ctx->hash[3] = 0x10325476;
++ ctx->hash[4] = 0xc3d2e1f0;
++}
++
++/* SHA1 hash data in an array of bytes into hash buffer and */
++/* call the hash_compile function as required. */
++
++void sha1_hash(const unsigned char data[], unsigned long len, sha1_ctx ctx[1])
++{ sha1_32t pos = (sha1_32t)(ctx->count[0] & SHA1_MASK),
++ space = SHA1_BLOCK_SIZE - pos;
++ const unsigned char *sp = data;
++
++ if((ctx->count[0] += len) < len)
++ ++(ctx->count[1]);
++
++ while(len >= space) /* tranfer whole blocks if possible */
++ {
++ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
++ sp += space; len -= space; space = SHA1_BLOCK_SIZE; pos = 0;
++ sha1_compile(ctx);
++ }
++
++ /*lint -e{803} conceivable data overrun */
++ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
++}
++
++/* SHA1 final padding and digest calculation */
++
++#if (PLATFORM_BYTE_ORDER == BRG_LITTLE_ENDIAN)
++static sha1_32t mask[4] =
++ { 0x00000000, 0x000000ff, 0x0000ffff, 0x00ffffff };
++static sha1_32t bits[4] =
++ { 0x00000080, 0x00008000, 0x00800000, 0x80000000 };
++#else
++static sha1_32t mask[4] =
++ { 0x00000000, 0xff000000, 0xffff0000, 0xffffff00 };
++static sha1_32t bits[4] =
++ { 0x80000000, 0x00800000, 0x00008000, 0x00000080 };
++#endif
++
++void sha1_end(unsigned char hval[], sha1_ctx ctx[1])
++{ sha1_32t i = (sha1_32t)(ctx->count[0] & SHA1_MASK);
++
++ /* mask out the rest of any partial 32-bit word and then set */
++ /* the next byte to 0x80. On big-endian machines any bytes in */
++ /* the buffer will be at the top end of 32 bit words, on little */
++ /* endian machines they will be at the bottom. Hence the AND */
++ /* and OR masks above are reversed for little endian systems */
++ /* Note that we can always add the first padding byte at this */
++ /* point because the buffer always has at least one empty slot */
++ ctx->wbuf[i >> 2] = (ctx->wbuf[i >> 2] & mask[i & 3]) | bits[i & 3];
++
++ /* we need 9 or more empty positions, one for the padding byte */
++ /* (above) and eight for the length count. If there is not */
++ /* enough space pad and empty the buffer */
++ if(i > SHA1_BLOCK_SIZE - 9)
++ {
++ if(i < 60) ctx->wbuf[15] = 0;
++ sha1_compile(ctx);
++ i = 0;
++ }
++ else /* compute a word index for the empty buffer positions */
++ i = (i >> 2) + 1;
++
++ while(i < 14) /* and zero pad all but last two positions */
++ ctx->wbuf[i++] = 0;
++
++ /* assemble the eight byte counter in in big-endian format */
++ ctx->wbuf[14] = swap_b32((ctx->count[1] << 3) | (ctx->count[0] >> 29));
++ ctx->wbuf[15] = swap_b32(ctx->count[0] << 3);
++
++ sha1_compile(ctx);
++
++ /* extract the hash value as bytes in case the hash buffer is */
++ /* misaligned for 32-bit words */
++ for(i = 0; i < SHA1_DIGEST_SIZE; ++i)
++ hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3)));
++}
++
++void sha1(unsigned char hval[], const unsigned char data[], unsigned long len)
++{ sha1_ctx cx[1];
++
++ sha1_begin(cx); sha1_hash(data, len, cx); sha1_end(hval, cx);
++}
++
++#if defined(__cplusplus)
++}
++#endif
+diff -up libaesgm-20090429/sha1.h.BAD libaesgm-20090429/sha1.h
+--- libaesgm-20090429/sha1.h.BAD 2010-05-24 09:35:26.415540411 -0400
++++ libaesgm-20090429/sha1.h 2010-05-24 09:35:05.496512680 -0400
+@@ -0,0 +1,76 @@
++/*
++ ---------------------------------------------------------------------------
++ Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
++ All rights reserved.
++
++ LICENSE TERMS
++
++ The free distribution and use of this software in both source and binary
++ form is allowed (with or without changes) provided that:
++
++ 1. distributions of this source code include the above copyright
++ notice, this list of conditions and the following disclaimer;
++
++ 2. distributions in binary form include the above copyright
++ notice, this list of conditions and the following disclaimer
++ in the documentation and/or other associated materials;
++
++ 3. the copyright holder's name is not used to endorse products
++ built using this software without specific written permission.
++
++ ALTERNATIVELY, provided that this notice is retained in full, this product
++ may be distributed under the terms of the GNU General Public License (GPL),
++ in which case the provisions of the GPL apply INSTEAD OF those given above.
++
++ DISCLAIMER
++
++ This software is provided 'as is' with no explicit or implied warranties
++ in respect of its properties, including, but not limited to, correctness
++ and/or fitness for purpose.
++ ---------------------------------------------------------------------------
++ Issue Date: 26/08/2003
++*/
++
++#ifndef _SHA1_H
++#define _SHA1_H
++
++#include <limits.h>
++
++#define SHA1_BLOCK_SIZE 64
++#define SHA1_DIGEST_SIZE 20
++
++#if defined(__cplusplus)
++extern "C"
++{
++#endif
++
++/* define an unsigned 32-bit type */
++
++#if UINT_MAX == 0xffffffff
++ typedef unsigned int sha1_32t;
++#elif ULONG_MAX == 0xffffffff
++ typedef unsigned long sha1_32t;
++#else
++#error Please define sha1_32t as an unsigned 32 bit type in sha2.h
++#endif
++
++/* type to hold the SHA256 context */
++
++typedef struct
++{ sha1_32t count[2];
++ sha1_32t hash[5];
++ sha1_32t wbuf[16];
++} sha1_ctx;
++
++void sha1_compile(sha1_ctx ctx[1]);
++
++void sha1_begin(sha1_ctx ctx[1]);
++void sha1_hash(const unsigned char data[], unsigned long len, sha1_ctx ctx[1]);
++void sha1_end(unsigned char hval[], sha1_ctx ctx[1]);
++void sha1(unsigned char hval[], const unsigned char data[], unsigned long len);
++
++#if defined(__cplusplus)
++}
++#endif
++
++#endif
+diff -up libaesgm-20090429/sha2.c.BAD libaesgm-20090429/sha2.c
+--- libaesgm-20090429/sha2.c.BAD 2010-05-24 09:35:26.415540411 -0400
++++ libaesgm-20090429/sha2.c 2010-05-24 09:35:05.496512680 -0400
+@@ -0,0 +1,713 @@
++/*
++ ---------------------------------------------------------------------------
++ Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
++ All rights reserved.
++
++ LICENSE TERMS
++
++ The free distribution and use of this software in both source and binary
++ form is allowed (with or without changes) provided that:
++
++ 1. distributions of this source code include the above copyright
++ notice, this list of conditions and the following disclaimer;
++
++ 2. distributions in binary form include the above copyright
++ notice, this list of conditions and the following disclaimer
++ in the documentation and/or other associated materials;
++
++ 3. the copyright holder's name is not used to endorse products
++ built using this software without specific written permission.
++
++ ALTERNATIVELY, provided that this notice is retained in full, this product
++ may be distributed under the terms of the GNU General Public License (GPL),
++ in which case the provisions of the GPL apply INSTEAD OF those given above.
++
++ DISCLAIMER
++
++ This software is provided 'as is' with no explicit or implied warranties
++ in respect of its properties, including, but not limited to, correctness
++ and/or fitness for purpose.
++ ---------------------------------------------------------------------------
++ Issue Date: 26/08/2003
++
++ This is a byte oriented version of SHA2 that operates on arrays of bytes
++ stored in memory. This code implements sha256, sha384 and sha512 but the
++ latter two functions rely on efficient 64-bit integer operations that
++ may not be very efficient on 32-bit machines
++
++ The sha256 functions use a type 'sha256_ctx' to hold details of the
++ current hash state and uses the following three calls:
++
++ void sha256_begin(sha256_ctx ctx[1])
++ void sha256_hash(const unsigned char data[],
++ unsigned long len, sha256_ctx ctx[1])
++ void sha256_end(unsigned char hval[], sha256_ctx ctx[1])
++
++ The first subroutine initialises a hash computation by setting up the
++ context in the sha256_ctx context. The second subroutine hashes 8-bit
++ bytes from array data[] into the hash state withinh sha256_ctx context,
++ the number of bytes to be hashed being given by the the unsigned long
++ integer len. The third subroutine completes the hash calculation and
++ places the resulting digest value in the array of 8-bit bytes hval[].
++
++ The sha384 and sha512 functions are similar and use the interfaces:
++
++ void sha384_begin(sha384_ctx ctx[1]);
++ void sha384_hash(const unsigned char data[],
++ unsigned long len, sha384_ctx ctx[1]);
++ void sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
++
++ void sha512_begin(sha512_ctx ctx[1]);
++ void sha512_hash(const unsigned char data[],
++ unsigned long len, sha512_ctx ctx[1]);
++ void sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
++
++ In addition there is a function sha2 that can be used to call all these
++ functions using a call with a hash length parameter as follows:
++
++ int sha2_begin(unsigned long len, sha2_ctx ctx[1]);
++ void sha2_hash(const unsigned char data[],
++ unsigned long len, sha2_ctx ctx[1]);
++ void sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
++
++ My thanks to Erik Andersen <andersen at codepoet.org> for testing this code
++ on big-endian systems and for his assistance with corrections
++*/
++
++/* define the hash functions that you need */
++
++#define SHA_2 /* for dynamic hash length */
++#define SHA_256
++#define SHA_384
++#define SHA_512
++
++#include <string.h> /* for memcpy() etc. */
++#include <stdlib.h> /* for _lrotr with VC++ */
++
++#include "sha2.h"
++
++#if defined(__cplusplus)
++extern "C"
++{
++#endif
++
++/* PLATFORM SPECIFIC INCLUDES */
++
++#if defined( __FreeBSD__ ) || defined( __OpenBSD__ )
++# include <sys/endian.h>
++#elif defined( BSD ) && ( BSD >= 199103 )
++# include <machine/endian.h>
++#elif defined( __GNUC__ ) || defined( __GNU_LIBRARY__ )
++# include <endian.h>
++# include <byteswap.h>
++#elif defined( linux )
++# include <endian.h>
++#endif
++
++/* BYTE ORDER IN 32-BIT WORDS
++
++ To obtain the highest speed on processors with 32-bit words, this code
++ needs to determine the byte order of the target machine. The following
++ block of code is an attempt to capture the most obvious ways in which
++ various environemnts define byte order. It may well fail, in which case
++ the definitions will need to be set by editing at the points marked
++ **** EDIT HERE IF NECESSARY **** below. My thanks to Peter Gutmann for
++ some of these defines (from cryptlib).
++*/
++
++#define BRG_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
++#define BRG_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
++
++#if defined( __alpha__ ) || defined( __alpha ) || defined( i386 ) || \
++ defined( __i386__ ) || defined( _M_I86 ) || defined( _M_IX86 ) || \
++ defined( __OS2__ ) || defined( sun386 ) || defined( __TURBOC__ ) || \
++ defined( vax ) || defined( vms ) || defined( VMS ) || \
++ defined( __VMS )
++
++#define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++
++#endif
++
++#if defined( AMIGA ) || defined( applec ) || defined( __AS400__ ) || \
++ defined( _CRAY ) || defined( __hppa ) || defined( __hp9000 ) || \
++ defined( ibm370 ) || defined( mc68000 ) || defined( m68k ) || \
++ defined( __MRC__ ) || defined( __MVS__ ) || defined( __MWERKS__ ) || \
++ defined( sparc ) || defined( __sparc) || defined( SYMANTEC_C ) || \
++ defined( __TANDEM ) || defined( THINK_C ) || defined( __VMCMS__ )
++
++#define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++
++#endif
++
++/* if the platform is still not known, try to find its byte order */
++/* from commonly used definitions in the headers included earlier */
++
++#if !defined(PLATFORM_BYTE_ORDER)
++
++#if defined(LITTLE_ENDIAN) || defined(BIG_ENDIAN)
++# if defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++# elif !defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++# elif defined(BYTE_ORDER) && (BYTE_ORDER == LITTLE_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++# elif defined(BYTE_ORDER) && (BYTE_ORDER == BIG_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++# endif
++
++#elif defined(_LITTLE_ENDIAN) || defined(_BIG_ENDIAN)
++# if defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++# elif !defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++# elif defined(_BYTE_ORDER) && (_BYTE_ORDER == _LITTLE_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++# elif defined(_BYTE_ORDER) && (_BYTE_ORDER == _BIG_ENDIAN)
++# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++# endif
++
++#elif defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)
++# if defined(__LITTLE_ENDIAN__) && !defined(__BIG_ENDIAN__)
++# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++# elif !defined(__LITTLE_ENDIAN__) && defined(__BIG_ENDIAN__)
++# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++# elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __LITTLE_ENDIAN__)
++# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++# elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __BIG_ENDIAN__)
++# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++# endif
++
++#elif 0 /* **** EDIT HERE IF NECESSARY **** */
++#define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
++
++#elif 0 /* **** EDIT HERE IF NECESSARY **** */
++#define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
++
++#else
++#error Please edit sha2.c (line 180 or 183) to set the platform byte order
++#endif
++
++#endif
++
++#ifdef _MSC_VER
++#pragma intrinsic(memcpy)
++#endif
++
++#define rotr32(x,n) (((x) >> n) | ((x) << (32 - n)))
++
++#if !defined(bswap_32)
++#define bswap_32(x) (rotr32((x), 24) & 0x00ff00ff | rotr32((x), 8) & 0xff00ff00)
++#endif
++
++#if (PLATFORM_BYTE_ORDER == BRG_LITTLE_ENDIAN)
++#define SWAP_BYTES
++#else
++#undef SWAP_BYTES
++#endif
++
++#if defined(SHA_2) || defined(SHA_256)
++
++#define SHA256_MASK (SHA256_BLOCK_SIZE - 1)
++
++#if defined(SWAP_BYTES)
++#define bsw_32(p,n) { int _i = (n); while(_i--) p[_i] = bswap_32(p[_i]); }
++#else
++#define bsw_32(p,n)
++#endif
++
++/* SHA256 mixing function definitions */
++
++#if 0
++
++#define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
++#define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
++
++#else /* Thanks to Rich Schroeppel and Colin Plumb for the following */
++
++#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
++#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y))))
++
++#endif
++
++#define s256_0(x) (rotr32((x), 2) ^ rotr32((x), 13) ^ rotr32((x), 22))
++#define s256_1(x) (rotr32((x), 6) ^ rotr32((x), 11) ^ rotr32((x), 25))
++#define g256_0(x) (rotr32((x), 7) ^ rotr32((x), 18) ^ ((x) >> 3))
++#define g256_1(x) (rotr32((x), 17) ^ rotr32((x), 19) ^ ((x) >> 10))
++
++/* rotated SHA256 round definition. Rather than swapping variables as in */
++/* FIPS-180, different variables are 'rotated' on each round, returning */
++/* to their starting positions every eight rounds */
++
++#define h2(i) p[i & 15] += \
++ g256_1(p[(i + 14) & 15]) + p[(i + 9) & 15] + g256_0(p[(i + 1) & 15])
++
++#define h2_cycle(i,j) \
++ v[(7 - i) & 7] += (j ? h2(i) : p[i & 15]) + k256[i + j] \
++ + s256_1(v[(4 - i) & 7]) + ch(v[(4 - i) & 7], v[(5 - i) & 7], v[(6 - i) & 7]); \
++ v[(3 - i) & 7] += v[(7 - i) & 7]; \
++ v[(7 - i) & 7] += s256_0(v[(0 - i) & 7]) + maj(v[(0 - i) & 7], v[(1 - i) & 7], v[(2 - i) & 7])
++
++/* SHA256 mixing data */
++
++const sha2_32t k256[64] =
++{ n_u32(428a2f98), n_u32(71374491), n_u32(b5c0fbcf), n_u32(e9b5dba5),
++ n_u32(3956c25b), n_u32(59f111f1), n_u32(923f82a4), n_u32(ab1c5ed5),
++ n_u32(d807aa98), n_u32(12835b01), n_u32(243185be), n_u32(550c7dc3),
++ n_u32(72be5d74), n_u32(80deb1fe), n_u32(9bdc06a7), n_u32(c19bf174),
++ n_u32(e49b69c1), n_u32(efbe4786), n_u32(0fc19dc6), n_u32(240ca1cc),
++ n_u32(2de92c6f), n_u32(4a7484aa), n_u32(5cb0a9dc), n_u32(76f988da),
++ n_u32(983e5152), n_u32(a831c66d), n_u32(b00327c8), n_u32(bf597fc7),
++ n_u32(c6e00bf3), n_u32(d5a79147), n_u32(06ca6351), n_u32(14292967),
++ n_u32(27b70a85), n_u32(2e1b2138), n_u32(4d2c6dfc), n_u32(53380d13),
++ n_u32(650a7354), n_u32(766a0abb), n_u32(81c2c92e), n_u32(92722c85),
++ n_u32(a2bfe8a1), n_u32(a81a664b), n_u32(c24b8b70), n_u32(c76c51a3),
++ n_u32(d192e819), n_u32(d6990624), n_u32(f40e3585), n_u32(106aa070),
++ n_u32(19a4c116), n_u32(1e376c08), n_u32(2748774c), n_u32(34b0bcb5),
++ n_u32(391c0cb3), n_u32(4ed8aa4a), n_u32(5b9cca4f), n_u32(682e6ff3),
++ n_u32(748f82ee), n_u32(78a5636f), n_u32(84c87814), n_u32(8cc70208),
++ n_u32(90befffa), n_u32(a4506ceb), n_u32(bef9a3f7), n_u32(c67178f2),
++};
++
++/* SHA256 initialisation data */
++
++const sha2_32t i256[8] =
++{
++ n_u32(6a09e667), n_u32(bb67ae85), n_u32(3c6ef372), n_u32(a54ff53a),
++ n_u32(510e527f), n_u32(9b05688c), n_u32(1f83d9ab), n_u32(5be0cd19)
++};
++
++sha2_void sha256_begin(sha256_ctx ctx[1])
++{
++ ctx->count[0] = ctx->count[1] = 0;
++ memcpy(ctx->hash, i256, 8 * sizeof(sha2_32t));
++}
++
++/* Compile 64 bytes of hash data into SHA256 digest value */
++/* NOTE: this routine assumes that the byte order in the */
++/* ctx->wbuf[] at this point is in such an order that low */
++/* address bytes in the ORIGINAL byte stream placed in this */
++/* buffer will now go to the high end of words on BOTH big */
++/* and little endian systems */
++
++sha2_void sha256_compile(sha256_ctx ctx[1])
++{ sha2_32t v[8], j, *p = ctx->wbuf;
++
++ memcpy(v, ctx->hash, 8 * sizeof(sha2_32t));
++
++ for(j = 0; j < 64; j += 16)
++ {
++ h2_cycle( 0, j); h2_cycle( 1, j); h2_cycle( 2, j); h2_cycle( 3, j);
++ h2_cycle( 4, j); h2_cycle( 5, j); h2_cycle( 6, j); h2_cycle( 7, j);
++ h2_cycle( 8, j); h2_cycle( 9, j); h2_cycle(10, j); h2_cycle(11, j);
++ h2_cycle(12, j); h2_cycle(13, j); h2_cycle(14, j); h2_cycle(15, j);
++ }
++
++ ctx->hash[0] += v[0]; ctx->hash[1] += v[1]; ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
++ ctx->hash[4] += v[4]; ctx->hash[5] += v[5]; ctx->hash[6] += v[6]; ctx->hash[7] += v[7];
++}
++
++/* SHA256 hash data in an array of bytes into hash buffer */
++/* and call the hash_compile function as required. */
++
++sha2_void sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1])
++{ sha2_32t pos = (sha2_32t)(ctx->count[0] & SHA256_MASK),
++ space = SHA256_BLOCK_SIZE - pos;
++ const unsigned char *sp = data;
++
++ if((ctx->count[0] += len) < len)
++ ++(ctx->count[1]);
++
++ while(len >= space) /* tranfer whole blocks while possible */
++ {
++ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
++ sp += space; len -= space; space = SHA256_BLOCK_SIZE; pos = 0;
++ bsw_32(ctx->wbuf, SHA256_BLOCK_SIZE >> 2)
++ sha256_compile(ctx);
++ }
++
++ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
++}
++
++/* SHA256 Final padding and digest calculation */
++
++static sha2_32t m1[4] =
++{
++ n_u32(00000000), n_u32(ff000000), n_u32(ffff0000), n_u32(ffffff00)
++};
++
++static sha2_32t b1[4] =
++{
++ n_u32(80000000), n_u32(00800000), n_u32(00008000), n_u32(00000080)
++};
++
++sha2_void sha256_end(unsigned char hval[], sha256_ctx ctx[1])
++{ sha2_32t i = (sha2_32t)(ctx->count[0] & SHA256_MASK);
++
++ bsw_32(ctx->wbuf, (i + 3) >> 2)
++ /* bytes in the buffer are now in an order in which references */
++ /* to 32-bit words will put bytes with lower addresses into the */
++ /* top of 32 bit words on BOTH big and little endian machines */
++
++ /* we now need to mask valid bytes and add the padding which is */
++ /* a single 1 bit and as many zero bits as necessary. */
++ ctx->wbuf[i >> 2] = (ctx->wbuf[i >> 2] & m1[i & 3]) | b1[i & 3];
++
++ /* we need 9 or more empty positions, one for the padding byte */
++ /* (above) and eight for the length count. If there is not */
++ /* enough space pad and empty the buffer */
++ if(i > SHA256_BLOCK_SIZE - 9)
++ {
++ if(i < 60) ctx->wbuf[15] = 0;
++ sha256_compile(ctx);
++ i = 0;
++ }
++ else /* compute a word index for the empty buffer positions */
++ i = (i >> 2) + 1;
++
++ while(i < 14) /* and zero pad all but last two positions */
++ ctx->wbuf[i++] = 0;
++
++ /* the following 32-bit length fields are assembled in the */
++ /* wrong byte order on little endian machines but this is */
++ /* corrected later since they are only ever used as 32-bit */
++ /* word values. */
++
++ ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 29);
++ ctx->wbuf[15] = ctx->count[0] << 3;
++
++ sha256_compile(ctx);
++
++ /* extract the hash value as bytes in case the hash buffer is */
++ /* mislaigned for 32-bit words */
++ for(i = 0; i < SHA256_DIGEST_SIZE; ++i)
++ hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3)));
++}
++
++sha2_void sha256(unsigned char hval[], const unsigned char data[], unsigned long len)
++{ sha256_ctx cx[1];
++
++ sha256_begin(cx); sha256_hash(data, len, cx); sha256_end(hval, cx);
++}
++
++#endif
++
++#if defined(SHA_2) || defined(SHA_384) || defined(SHA_512)
++
++#define SHA512_MASK (SHA512_BLOCK_SIZE - 1)
++
++#define rotr64(x,n) (((x) >> n) | ((x) << (64 - n)))
++
++#if !defined(bswap_64)
++#define bswap_64(x) (((sha2_64t)(bswap_32((sha2_32t)(x)))) << 32 | bswap_32((sha2_32t)((x) >> 32)))
++#endif
++
++#if defined(SWAP_BYTES)
++#define bsw_64(p,n) { int _i = (n); while(_i--) p[_i] = bswap_64(p[_i]); }
++#else
++#define bsw_64(p,n)
++#endif
++
++/* SHA512 mixing function definitions */
++
++#define s512_0(x) (rotr64((x), 28) ^ rotr64((x), 34) ^ rotr64((x), 39))
++#define s512_1(x) (rotr64((x), 14) ^ rotr64((x), 18) ^ rotr64((x), 41))
++#define g512_0(x) (rotr64((x), 1) ^ rotr64((x), 8) ^ ((x) >> 7))
++#define g512_1(x) (rotr64((x), 19) ^ rotr64((x), 61) ^ ((x) >> 6))
++
++/* rotated SHA512 round definition. Rather than swapping variables as in */
++/* FIPS-180, different variables are 'rotated' on each round, returning */
++/* to their starting positions every eight rounds */
++
++#define h5(i) ctx->wbuf[i & 15] += \
++ g512_1(ctx->wbuf[(i + 14) & 15]) + ctx->wbuf[(i + 9) & 15] + g512_0(ctx->wbuf[(i + 1) & 15])
++
++#define h5_cycle(i,j) \
++ v[(7 - i) & 7] += (j ? h5(i) : ctx->wbuf[i & 15]) + k512[i + j] \
++ + s512_1(v[(4 - i) & 7]) + ch(v[(4 - i) & 7], v[(5 - i) & 7], v[(6 - i) & 7]); \
++ v[(3 - i) & 7] += v[(7 - i) & 7]; \
++ v[(7 - i) & 7] += s512_0(v[(0 - i) & 7]) + maj(v[(0 - i) & 7], v[(1 - i) & 7], v[(2 - i) & 7])
++
++/* SHA384/SHA512 mixing data */
++
++const sha2_64t k512[80] =
++{
++ n_u64(428a2f98d728ae22), n_u64(7137449123ef65cd),
++ n_u64(b5c0fbcfec4d3b2f), n_u64(e9b5dba58189dbbc),
++ n_u64(3956c25bf348b538), n_u64(59f111f1b605d019),
++ n_u64(923f82a4af194f9b), n_u64(ab1c5ed5da6d8118),
++ n_u64(d807aa98a3030242), n_u64(12835b0145706fbe),
++ n_u64(243185be4ee4b28c), n_u64(550c7dc3d5ffb4e2),
++ n_u64(72be5d74f27b896f), n_u64(80deb1fe3b1696b1),
++ n_u64(9bdc06a725c71235), n_u64(c19bf174cf692694),
++ n_u64(e49b69c19ef14ad2), n_u64(efbe4786384f25e3),
++ n_u64(0fc19dc68b8cd5b5), n_u64(240ca1cc77ac9c65),
++ n_u64(2de92c6f592b0275), n_u64(4a7484aa6ea6e483),
++ n_u64(5cb0a9dcbd41fbd4), n_u64(76f988da831153b5),
++ n_u64(983e5152ee66dfab), n_u64(a831c66d2db43210),
++ n_u64(b00327c898fb213f), n_u64(bf597fc7beef0ee4),
++ n_u64(c6e00bf33da88fc2), n_u64(d5a79147930aa725),
++ n_u64(06ca6351e003826f), n_u64(142929670a0e6e70),
++ n_u64(27b70a8546d22ffc), n_u64(2e1b21385c26c926),
++ n_u64(4d2c6dfc5ac42aed), n_u64(53380d139d95b3df),
++ n_u64(650a73548baf63de), n_u64(766a0abb3c77b2a8),
++ n_u64(81c2c92e47edaee6), n_u64(92722c851482353b),
++ n_u64(a2bfe8a14cf10364), n_u64(a81a664bbc423001),
++ n_u64(c24b8b70d0f89791), n_u64(c76c51a30654be30),
++ n_u64(d192e819d6ef5218), n_u64(d69906245565a910),
++ n_u64(f40e35855771202a), n_u64(106aa07032bbd1b8),
++ n_u64(19a4c116b8d2d0c8), n_u64(1e376c085141ab53),
++ n_u64(2748774cdf8eeb99), n_u64(34b0bcb5e19b48a8),
++ n_u64(391c0cb3c5c95a63), n_u64(4ed8aa4ae3418acb),
++ n_u64(5b9cca4f7763e373), n_u64(682e6ff3d6b2b8a3),
++ n_u64(748f82ee5defb2fc), n_u64(78a5636f43172f60),
++ n_u64(84c87814a1f0ab72), n_u64(8cc702081a6439ec),
++ n_u64(90befffa23631e28), n_u64(a4506cebde82bde9),
++ n_u64(bef9a3f7b2c67915), n_u64(c67178f2e372532b),
++ n_u64(ca273eceea26619c), n_u64(d186b8c721c0c207),
++ n_u64(eada7dd6cde0eb1e), n_u64(f57d4f7fee6ed178),
++ n_u64(06f067aa72176fba), n_u64(0a637dc5a2c898a6),
++ n_u64(113f9804bef90dae), n_u64(1b710b35131c471b),
++ n_u64(28db77f523047d84), n_u64(32caab7b40c72493),
++ n_u64(3c9ebe0a15c9bebc), n_u64(431d67c49c100d4c),
++ n_u64(4cc5d4becb3e42b6), n_u64(597f299cfc657e2a),
++ n_u64(5fcb6fab3ad6faec), n_u64(6c44198c4a475817)
++};
++
++/* Compile 64 bytes of hash data into SHA384/SHA512 digest value */
++
++sha2_void sha512_compile(sha512_ctx ctx[1])
++{ sha2_64t v[8];
++ sha2_32t j;
++
++ memcpy(v, ctx->hash, 8 * sizeof(sha2_64t));
++
++ for(j = 0; j < 80; j += 16)
++ {
++ h5_cycle( 0, j); h5_cycle( 1, j); h5_cycle( 2, j); h5_cycle( 3, j);
++ h5_cycle( 4, j); h5_cycle( 5, j); h5_cycle( 6, j); h5_cycle( 7, j);
++ h5_cycle( 8, j); h5_cycle( 9, j); h5_cycle(10, j); h5_cycle(11, j);
++ h5_cycle(12, j); h5_cycle(13, j); h5_cycle(14, j); h5_cycle(15, j);
++ }
++
++ ctx->hash[0] += v[0]; ctx->hash[1] += v[1]; ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
++ ctx->hash[4] += v[4]; ctx->hash[5] += v[5]; ctx->hash[6] += v[6]; ctx->hash[7] += v[7];
++}
++
++/* Compile 128 bytes of hash data into SHA256 digest value */
++/* NOTE: this routine assumes that the byte order in the */
++/* ctx->wbuf[] at this point is in such an order that low */
++/* address bytes in the ORIGINAL byte stream placed in this */
++/* buffer will now go to the high end of words on BOTH big */
++/* and little endian systems */
++
++sha2_void sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1])
++{ sha2_32t pos = (sha2_32t)(ctx->count[0] & SHA512_MASK),
++ space = SHA512_BLOCK_SIZE - pos;
++ const unsigned char *sp = data;
++
++ if((ctx->count[0] += len) < len)
++ ++(ctx->count[1]);
++
++ while(len >= space) /* tranfer whole blocks while possible */
++ {
++ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
++ sp += space; len -= space; space = SHA512_BLOCK_SIZE; pos = 0;
++ bsw_64(ctx->wbuf, SHA512_BLOCK_SIZE >> 3);
++ sha512_compile(ctx);
++ }
++
++ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
++}
++
++/* SHA384/512 Final padding and digest calculation */
++
++static sha2_64t m2[8] =
++{
++ n_u64(0000000000000000), n_u64(ff00000000000000),
++ n_u64(ffff000000000000), n_u64(ffffff0000000000),
++ n_u64(ffffffff00000000), n_u64(ffffffffff000000),
++ n_u64(ffffffffffff0000), n_u64(ffffffffffffff00)
++};
++
++static sha2_64t b2[8] =
++{
++ n_u64(8000000000000000), n_u64(0080000000000000),
++ n_u64(0000800000000000), n_u64(0000008000000000),
++ n_u64(0000000080000000), n_u64(0000000000800000),
++ n_u64(0000000000008000), n_u64(0000000000000080)
++};
++
++static void sha_end(unsigned char hval[], sha512_ctx ctx[1], const unsigned int hlen)
++{ sha2_32t i = (sha2_32t)(ctx->count[0] & SHA512_MASK);
++
++ bsw_64(ctx->wbuf, (i + 7) >> 3);
++
++ /* bytes in the buffer are now in an order in which references */
++ /* to 64-bit words will put bytes with lower addresses into the */
++ /* top of 64 bit words on BOTH big and little endian machines */
++
++ /* we now need to mask valid bytes and add the padding which is */
++ /* a single 1 bit and as many zero bits as necessary. */
++ ctx->wbuf[i >> 3] = (ctx->wbuf[i >> 3] & m2[i & 7]) | b2[i & 7];
++
++ /* we need 17 or more empty byte positions, one for the padding */
++ /* byte (above) and sixteen for the length count. If there is */
++ /* not enough space pad and empty the buffer */
++ if(i > SHA512_BLOCK_SIZE - 17)
++ {
++ if(i < 120) ctx->wbuf[15] = 0;
++ sha512_compile(ctx);
++ i = 0;
++ }
++ else
++ i = (i >> 3) + 1;
++
++ while(i < 14)
++ ctx->wbuf[i++] = 0;
++
++ /* the following 64-bit length fields are assembled in the */
++ /* wrong byte order on little endian machines but this is */
++ /* corrected later since they are only ever used as 64-bit */
++ /* word values. */
++
++ ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 61);
++ ctx->wbuf[15] = ctx->count[0] << 3;
++
++ sha512_compile(ctx);
++
++ /* extract the hash value as bytes in case the hash buffer is */
++ /* misaligned for 32-bit words */
++ for(i = 0; i < hlen; ++i)
++ hval[i] = (unsigned char)(ctx->hash[i >> 3] >> (8 * (~i & 7)));
++}
++
++#endif
++
++#if defined(SHA_2) || defined(SHA_384)
++
++/* SHA384 initialisation data */
++
++const sha2_64t i384[80] =
++{
++ n_u64(cbbb9d5dc1059ed8), n_u64(629a292a367cd507),
++ n_u64(9159015a3070dd17), n_u64(152fecd8f70e5939),
++ n_u64(67332667ffc00b31), n_u64(8eb44a8768581511),
++ n_u64(db0c2e0d64f98fa7), n_u64(47b5481dbefa4fa4)
++};
++
++sha2_void sha384_begin(sha384_ctx ctx[1])
++{
++ ctx->count[0] = ctx->count[1] = 0;
++ memcpy(ctx->hash, i384, 8 * sizeof(sha2_64t));
++}
++
++sha2_void sha384_end(unsigned char hval[], sha384_ctx ctx[1])
++{
++ sha_end(hval, ctx, SHA384_DIGEST_SIZE);
++}
++
++sha2_void sha384(unsigned char hval[], const unsigned char data[], unsigned long len)
++{ sha384_ctx cx[1];
++
++ sha384_begin(cx); sha384_hash(data, len, cx); sha384_end(hval, cx);
++}
++
++#endif
++
++#if defined(SHA_2) || defined(SHA_512)
++
++/* SHA512 initialisation data */
++
++const sha2_64t i512[80] =
++{
++ n_u64(6a09e667f3bcc908), n_u64(bb67ae8584caa73b),
++ n_u64(3c6ef372fe94f82b), n_u64(a54ff53a5f1d36f1),
++ n_u64(510e527fade682d1), n_u64(9b05688c2b3e6c1f),
++ n_u64(1f83d9abfb41bd6b), n_u64(5be0cd19137e2179)
++};
++
++sha2_void sha512_begin(sha512_ctx ctx[1])
++{
++ ctx->count[0] = ctx->count[1] = 0;
++ memcpy(ctx->hash, i512, 8 * sizeof(sha2_64t));
++}
++
++sha2_void sha512_end(unsigned char hval[], sha512_ctx ctx[1])
++{
++ sha_end(hval, ctx, SHA512_DIGEST_SIZE);
++}
++
++sha2_void sha512(unsigned char hval[], const unsigned char data[], unsigned long len)
++{ sha512_ctx cx[1];
++
++ sha512_begin(cx); sha512_hash(data, len, cx); sha512_end(hval, cx);
++}
++
++#endif
++
++#if defined(SHA_2)
++
++#define CTX_256(x) ((x)->uu->ctx256)
++#define CTX_384(x) ((x)->uu->ctx512)
++#define CTX_512(x) ((x)->uu->ctx512)
++
++/* SHA2 initialisation */
++
++sha2_int sha2_begin(unsigned long len, sha2_ctx ctx[1])
++{ unsigned long l = len;
++ switch(len)
++ {
++ case 256: l = len >> 3;
++ case 32: CTX_256(ctx)->count[0] = CTX_256(ctx)->count[1] = 0;
++ memcpy(CTX_256(ctx)->hash, i256, 32); break;
++ case 384: l = len >> 3;
++ case 48: CTX_384(ctx)->count[0] = CTX_384(ctx)->count[1] = 0;
++ memcpy(CTX_384(ctx)->hash, i384, 64); break;
++ case 512: l = len >> 3;
++ case 64: CTX_512(ctx)->count[0] = CTX_512(ctx)->count[1] = 0;
++ memcpy(CTX_512(ctx)->hash, i512, 64); break;
++ default: return SHA2_BAD;
++ }
++
++ ctx->sha2_len = l; return SHA2_GOOD;
++}
++
++sha2_void sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1])
++{
++ switch(ctx->sha2_len)
++ {
++ case 32: sha256_hash(data, len, CTX_256(ctx)); return;
++ case 48: sha384_hash(data, len, CTX_384(ctx)); return;
++ case 64: sha512_hash(data, len, CTX_512(ctx)); return;
++ }
++}
++
++sha2_void sha2_end(unsigned char hval[], sha2_ctx ctx[1])
++{
++ switch(ctx->sha2_len)
++ {
++ case 32: sha256_end(hval, CTX_256(ctx)); return;
++ case 48: sha_end(hval, CTX_384(ctx), SHA384_DIGEST_SIZE); return;
++ case 64: sha_end(hval, CTX_512(ctx), SHA512_DIGEST_SIZE); return;
++ }
++}
++
++sha2_int sha2(unsigned char hval[], unsigned long size,
++ const unsigned char data[], unsigned long len)
++{ sha2_ctx cx[1];
++
++ if(sha2_begin(size, cx) == SHA2_GOOD)
++ {
++ sha2_hash(data, len, cx); sha2_end(hval, cx); return SHA2_GOOD;
++ }
++ else
++ return SHA2_BAD;
++}
++
++#endif
++
++#if defined(__cplusplus)
++}
++#endif
++
++
+diff -up libaesgm-20090429/sha2.h.BAD libaesgm-20090429/sha2.h
+--- libaesgm-20090429/sha2.h.BAD 2010-05-24 09:35:26.416537685 -0400
++++ libaesgm-20090429/sha2.h 2010-05-24 09:50:47.186423842 -0400
+@@ -0,0 +1,154 @@
++/*
++ ---------------------------------------------------------------------------
++ Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
++ All rights reserved.
++
++ LICENSE TERMS
++
++ The free distribution and use of this software in both source and binary
++ form is allowed (with or without changes) provided that:
++
++ 1. distributions of this source code include the above copyright
++ notice, this list of conditions and the following disclaimer;
++
++ 2. distributions in binary form include the above copyright
++ notice, this list of conditions and the following disclaimer
++ in the documentation and/or other associated materials;
++
++ 3. the copyright holder's name is not used to endorse products
++ built using this software without specific written permission.
++
++ ALTERNATIVELY, provided that this notice is retained in full, this product
++ may be distributed under the terms of the GNU General Public License (GPL),
++ in which case the provisions of the GPL apply INSTEAD OF those given above.
++
++ DISCLAIMER
++
++ This software is provided 'as is' with no explicit or implied warranties
++ in respect of its properties, including, but not limited to, correctness
++ and/or fitness for purpose.
++ ---------------------------------------------------------------------------
++ Issue Date: 26/08/2003
++*/
++
++#ifndef _SHA2_H
++#define _SHA2_H
++
++#include <limits.h>
++
++/* Defines for suffixes to 32 and 64 bit unsigned numeric values */
++
++#define sfx_lo(x,y) x##y
++#define sfx_hi(x,y) sfx_lo(x,y)
++#define n_u32(p) sfx_hi(0x##p,s_u32)
++#define n_u64(p) sfx_hi(0x##p,s_u64)
++
++/* define an unsigned 32-bit type */
++
++#if UINT_MAX == 0xffffffff
++ typedef unsigned int sha2_32t;
++ #define s_u32 u
++#elif ULONG_MAX == 0xffffffff
++ typedef unsigned long sha2_32t;
++ #define s_u32 ul
++#else
++#error Please define sha2_32t as an unsigned 32 bit type in sha2.h
++#endif
++
++/* define an unsigned 64-bit type */
++
++#if defined(_MSC_VER) && (_MSC_VER < 1300)
++ typedef unsigned __int64 sha2_64t;
++ #define s_u64 ui64
++#elif ULONG_MAX == 0xffffffffffffffff
++ typedef unsigned long sha2_64t;
++ #define s_u64 ul
++#elif ULONG_MAX == 0xffffffff
++ typedef unsigned long long sha2_64t; /* a somewhat dangerous guess */
++ #define s_u64 ull
++#else
++#error Please define sha2_64t as an unsigned 64 bit type in sha2.h
++#endif
++
++#if defined(__cplusplus)
++extern "C"
++{
++#endif
++
++#define SHA256_DIGEST_SIZE 32
++#define SHA384_DIGEST_SIZE 48
++#define SHA512_DIGEST_SIZE 64
++
++#define SHA256_BLOCK_SIZE 64
++#define SHA384_BLOCK_SIZE 128
++#define SHA512_BLOCK_SIZE 128
++
++#define SHA2_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
++
++#define SHA2_GOOD 0
++#define SHA2_BAD 1
++
++/* type to hold the SHA256 context */
++
++typedef struct
++{ sha2_32t count[2];
++ sha2_32t hash[8];
++ sha2_32t wbuf[16];
++} sha256_ctx;
++
++/* type to hold the SHA384/512 context */
++
++typedef struct
++{ sha2_64t count[2];
++ sha2_64t hash[8];
++ sha2_64t wbuf[16];
++} sha512_ctx;
++
++typedef sha512_ctx sha384_ctx;
++
++/* type to hold a SHA2 context (256/384/512) */
++
++typedef struct
++{ union
++ { sha256_ctx ctx256[1];
++ sha512_ctx ctx512[1];
++ } uu[1];
++ sha2_32t sha2_len;
++} sha2_ctx;
++
++#ifndef SHA2_DLL /* implement normal or DLL functions */
++#define sha2_void void
++#define sha2_int int
++#else
++#define sha2_void void __declspec(dllexport) _stdcall
++#define sha2_int int __declspec(dllexport) _stdcall
++#endif
++
++sha2_void sha256_compile(sha256_ctx ctx[1]);
++sha2_void sha512_compile(sha512_ctx ctx[1]);
++
++sha2_void sha256_begin(sha256_ctx ctx[1]);
++sha2_void sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1]);
++sha2_void sha256_end(unsigned char hval[], sha256_ctx ctx[1]);
++sha2_void sha256(unsigned char hval[], const unsigned char data[], unsigned long len);
++
++sha2_void sha384_begin(sha384_ctx ctx[1]);
++#define sha384_hash sha512_hash
++sha2_void sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
++sha2_void sha384(unsigned char hval[], const unsigned char data[], unsigned long len);
++
++sha2_void sha512_begin(sha512_ctx ctx[1]);
++sha2_void sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1]);
++sha2_void sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
++sha2_void sha512(unsigned char hval[], const unsigned char data[], unsigned long len);
++
++sha2_int sha2_begin(unsigned long size, sha2_ctx ctx[1]);
++sha2_void sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1]);
++sha2_void sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
++sha2_int sha2(unsigned char hval[], unsigned long size, const unsigned char data[], unsigned long len);
++
++#if defined(__cplusplus)
++}
++#endif
++
++#endif
diff --git a/libaesgm.spec b/libaesgm.spec
new file mode 100644
index 0000000..b5eb655
--- /dev/null
+++ b/libaesgm.spec
@@ -0,0 +1,86 @@
+Name: libaesgm
+Version: 20090429
+Release: 10%{?dist}
+License: BSD
+Summary: Library implementation of AES (Rijndael) cryptographic methods
+URL: http://gladman.plushost.co.uk/oldsite/AES/index.php
+Source0: http://gladman.plushost.co.uk/oldsite/AES/aes-src-29-04-09.zip
+Source1: Makefile.aes
+# Add fileencryption support
+# http://www.gladman.me.uk/cryptography_technology/fileencrypt/
+Patch0: libaesgm-20090429-fileencrypt.patch
+Group: System Environment/Libraries
+
+%description
+Library implementation of AES (Rijndael) cryptographic methods.
+
+%package devel
+Summary: Development files for libaesgm
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}
+
+%description devel
+Development headers and libraries for libaesgm.
+
+%prep
+%setup -q -c -n %{name}-%{version}
+cp %{SOURCE1} Makefile
+%patch0 -p1 -b .fileencrypt
+sed -i 's/\r//' *.txt
+
+%build
+make CFLAGS="%{optflags} -fPIC -DUSE_SHA1"
+
+%install
+make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" install
+
+%clean
+rm -rf %{buildroot}
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%files
+%defattr(-,root,root,-)
+%doc *.txt
+%{_libdir}/libaesgm.so.*
+
+%files devel
+%defattr(-,root,root,-)
+%{_includedir}/aes/
+%{_libdir}/libaesgm.so
+
+%changelog
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20090429-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20090429-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20090429-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20090429-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20090429-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20090429-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Mon Feb 07 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20090429-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Mon May 24 2010 Tom "spot" Callaway <tcallawa at redhat.com> 20090429-3
+- add fileencrypt support
+
+* Mon Feb 22 2010 Tom "spot" Callaway <tcallawa at redhat.com> 20090429-2
+- use sane versioning to ensure proper upgrade ordering without epoch
+- fix Makefile.aes to not use double-zero in soname, don't make double zero symlink
+- add default clean section
+- put headers in /aes/ namespace dir
+
+* Thu Feb 18 2010 Tom "spot" Callaway <tcallawa at redhat.com> 290409-1
+- initial Fedora package
diff --git a/sources b/sources
index e69de29..5f0c23f 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+016be360321fea28358f3aa83ab135b2 aes-src-29-04-09.zip
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/libaesgm.git/commit/?h=epel7&id=abe24e2e453249a16d06fe1b49bb6010dd27f410
More information about the scm-commits
mailing list