diff options
| author | Tristan Seligmann <mithrandi@mithrandi.net> | 2014-12-14 02:38:36 +0200 |
|---|---|---|
| committer | Tristan Seligmann <mithrandi@mithrandi.net> | 2014-12-14 02:38:36 +0200 |
| commit | 1c9bb4abe32f01584d62f3b5b35713b42c984eb9 (patch) | |
| tree | 37ae90cb0411eeb8a27b3520ead69b75e193233a | |
| parent | 01a1602f34e1df099b1d5a2e426d17951ad45666 (diff) | |
| parent | c107c413ea127c652fe798d6b50441f34e6ffe9c (diff) | |
Merge tag 'v1.20' into dgit/experimental
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | Makefile | 55 | ||||
| -rw-r--r-- | README.md | 64 | ||||
| -rw-r--r-- | b64.c | 313 | ||||
| -rw-r--r-- | b64.h | 10 | ||||
| -rw-r--r-- | crypto-mcf.c | 61 | ||||
| -rw-r--r-- | crypto-scrypt-saltgen.c | 49 | ||||
| -rw-r--r-- | crypto_scrypt-check.c | 73 | ||||
| -rw-r--r-- | crypto_scrypt-hash.c | 26 | ||||
| -rw-r--r-- | crypto_scrypt-hexconvert.c | 5 | ||||
| -rw-r--r-- | crypto_scrypt-hexconvert.h | 9 | ||||
| -rw-r--r-- | crypto_scrypt-nosse.c | 17 | ||||
| -rw-r--r-- | libscrypt.h | 40 | ||||
| -rw-r--r-- | libscrypt.version | 2 | ||||
| -rw-r--r-- | main.c | 33 | ||||
| -rw-r--r-- | modp_b64.c | 264 | ||||
| -rw-r--r-- | modp_b64.h | 235 | ||||
| -rw-r--r-- | modp_b64_data.h | 480 | ||||
| -rw-r--r-- | sha256.c | 54 | ||||
| -rw-r--r-- | sha256.h | 18 | ||||
| -rw-r--r-- | slowequals.c | 26 | ||||
| -rw-r--r-- | slowequals.h | 5 | ||||
| -rw-r--r-- | sysendian.h | 21 |
23 files changed, 697 insertions, 1165 deletions
@@ -3,3 +3,5 @@ *.so.0 *.a reference +endian.h +byteorder @@ -1,39 +1,50 @@ -PREFIX = /usr/local -LIBDIR = $(PREFIX)/lib -INCLUDEDIR = $(PREFIX)/include -MAKE_DIR = install -d -INSTALL_DATA = install -m 0644 - -CC=gcc -CFLAGS=-O2 -Wall -g -D_FORTIFY_SOURCE=2 -fstack-protector -fPIC -all: reference +PREFIX ?= /usr/local +LIBDIR ?= $(PREFIX)/lib +INCLUDEDIR ?= $(PREFIX)/include +MAKE_DIR ?= install -d +INSTALL_DATA ?= install + +CC?=gcc +CFLAGS?=-O2 -Wall -g -D_FORTIFY_SOURCE=2 -fstack-protector -fPIC +LDFLAGS?=-Wl,-z,now -Wl,-z,relro -Wl,-soname,libscrypt.so.0 -Wl,--version-script=libscrypt.version +CFLAGS_EXTRA?=-Wl,-rpath=. -OBJS= crypto_scrypt-nosse.o sha256.o crypto_scrypt-hexconvert.o crypto-mcf.o modp_b64.o crypto-scrypt-saltgen.o crypto_scrypt-check.o crypto_scrypt-hash.o +all: reference +OBJS= crypto_scrypt-nosse.o sha256.o crypto-mcf.o b64.o crypto-scrypt-saltgen.o crypto_scrypt-check.o crypto_scrypt-hash.o slowequals.o -library: $(OBJS) - $(CC) -shared -Wl,-soname,libscrypt.so.0 -Wl,--version-script=libscrypt.version -o libscrypt.so.0 -lc $(OBJS) +libscrypt.so.0: $(OBJS) + $(CC) $(LDFLAGS) -shared -o libscrypt.so.0 $(OBJS) -lm -lc ar rcs libscrypt.a $(OBJS) -reference: library main.o +reference: libscrypt.so.0 main.o b64.o crypto_scrypt-hexconvert.o ln -s -f libscrypt.so.0 libscrypt.so - $(CC) -Wall -o reference main.o -Wl,-rpath=. -L. -lm -lscrypt + $(CC) -Wall -o reference main.o b64.o crypto_scrypt-hexconvert.o $(CFLAGS_EXTRA) -L. -lscrypt clean: - rm -f *.o reference libscrypt.so* libscrypt.a + rm -f *.o reference libscrypt.so* libscrypt.a endian.h check: all ./reference devtest: splint crypto_scrypt-hexconvert.c - splint crypto-mcf.c crypto_scrypt-check.c crypto_scrypt-hash.c - splint crypto-scrypt-saltgen.c +posixlib + splint crypto-mcf.c crypto_scrypt-check.c crypto_scrypt-hash.c -unrecog + splint crypto-scrypt-saltgen.c +posixlib -compdef valgrind ./reference -install: library +install: libscrypt.so.0 $(MAKE_DIR) $(DESTDIR) $(DESTDIR)$(PREFIX) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(INCLUDEDIR) - $(INSTALL_DATA) libscrypt.a $(DESTDIR)$(LIBDIR) - $(INSTALL_DATA) libscrypt.so.0 $(DESTDIR)$(LIBDIR) - ln -s -f $(DESTDIR)$(LIBDIR)/libscrypt.so.0 $(DESTDIR)$(LIBDIR)/libscrypt.so - $(INSTALL_DATA) libscrypt.h $(DESTDIR)$(INCLUDEDIR) + $(INSTALL_DATA) -pm 0755 libscrypt.so.0 $(DESTDIR)$(LIBDIR) + cd $(DESTDIR)$(LIBDIR) && ln -s -f libscrypt.so.0 $(DESTDIR)$(LIBDIR)/libscrypt.so + $(INSTALL_DATA) -pm 0644 libscrypt.h $(DESTDIR)$(INCLUDEDIR) + +install-osx: libscrypt.so.0 + $(MAKE_DIR) $(DESTDIR) $(DESTDIR)$(PREFIX) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(INCLUDEDIR) + $(INSTALL_DATA) -pm 0755 libscrypt.so.0 $(DESTDIR)$(LIBDIR)/libscrypt.0.dylib + cd $(DESTDIR)$(LIBDIR) && install_name_tool -id $(DESTDIR)$(LIBDIR)/libscrypt.0.dylib $(DESTDIR)$(LIBDIR)/libscrypt.0.dylib + cd $(DESTDIR)$(LIBDIR) && ln -s -f libscrypt.0.dylib $(DESTDIR)$(LIBDIR)/libscrypt.dylib + $(INSTALL_DATA) -pm 0644 libscrypt.h $(DESTDIR)$(INCLUDEDIR) + +install-static: libscrypt.a + $(INSTALL_DATA) -pm 0644 libscrypt.a $(DESTDIR)$(LIBDIR) @@ -5,31 +5,39 @@ Linux scrypt shared library. Full credit to algorithm designer and example code from Colin Percival here: http://www.tarsnap.com/scrypt.html -Utilises BSD licensed BASE64 encoder here: -http://code.google.com/p/stringencoders/ +Utilises BASE64 encoding library from ISC. Official project page, including stable tarballs found here: http://www.lolware.net/libscrypt.html Simple hashing interface -A hash can be generated using the following function: +The (reference) internal hashing function can be directly called as follows: - int libscrypt_scrypt(char *dst, char *passphrase, uint32_t N, uint8_t r, uint8_t p) + int libscrypt_scrypt(const uint8_t *passwd, size_t passwdlen, + const uint8_t *salt, size_t saltlen, uint64_t N, uint32_t r, + uint32_t p, /*@out@*/ uint8_t *buf, size_t buflen); -Sane constants have been created for N, r and p so you can create a has like this: +Libscrypt's easier to use interface wraps this up to deal with the salt and produce BASE64 output as so: - libscrypt_scrypt(outbuf, "My cats's breath smells like cat food", SCRYPT_N, SCRYPT_r, SCRYPT_p); + int libscrypt_hash(char *dst, char *passphrase, uint32_t N, uint8_t r, uint8_t p); + +Sane constants have been created for N, r and p so you can create a hash like this: + + libscrypt_hash(outbuf, "My cats's breath smells like cat food", SCRYPT_N, SCRYPT_r, SCRYPT_p); Output stored in "outbuf" is stored in a standardised MCF form, which means includes the randomly created, 128 bit salt, all N, r and p values, and a BASE64 encoded version of the hash. The entire MCF can be stored in a database, and compared for use as below: - retval = scrypt_check(mcf, "pleasefailme"); + retval = libscrypt_check(mcf, "pleasefailme"); retval < 0 error retval = 0 password incorrect retval > 0 pass mcf should be defined as at least SCRYPT_MCF_LEN in size. +Note that libscrypt_check needs to modify the mcf string and will not return it +to the original state. Pass it a copy if you need to keep the original mcf. + A number of internal functions are exposed, and users wishing to create more complex use cases should consult the header file, which is aimed at documenting the API fully. The test reference is also aimed at providing a well documented use case. @@ -39,15 +47,53 @@ Building make check Check the Makefile for advice on linking against your application. +OSX +----- +Please compile and install with: + + make LDFLAGS= CFLAGS_EXTRA= + make install-osx + + BUGS ---- SCRYPT_* constants are probably a little high for something like a Raspberry pi. Using '1' as SCRYPT_p is acceptable from a security and performance standpoint if needed. +Experiments were performed with using memset() to zero out passwords as they were checked. This often caused issues with calling applications where the password based have been passed as a const*. We highly recommend implementing your own zeroing function the moment this library is called. Notes on Code Development ------------------------ Code is now declared "stable", the master branch will always be "stable" and development will be done on branches. -The reference machines are CentOS, FreeBSD and Raspbian, and the code is expected to compile and run on all of these before being moved to stable branch. -Testing has also confirmed that libscrypt does compile and run on MacOS with minor Makefile edits. +The reference machines are Fedora, CentOS, FreeBSD and Raspbian, and the code is expected to compile and run on all of these before being moved to stable branch. Full transparancy on the regular application of thorough testing can be found by reviewing recent test harness results here: http://www.lolware.net/libscrypttesting.txt + +Contact +------- +I can be contacted at: technion@lolware.net + +If required, my GPG key can be found at: https://lolware.net/technion-GPG-KEY + +Future releases will have the Git tag signed. + + +Changenotes +----------- +v1.1a: Single Makefile line change. I wouldn't ordinarily tag this as a new "release", but the purpose here is to assist with packaging in distributions. + +v1.12: The static library is built, but no longer installed by default. You can install it with "make install-static". This is because static libraries are not typically bundled in packages. + +v1.13: Minor packaging related update + +v1.15: Replaced the b64 libraries with more portable one from ISC. Now tested and verified on a wider variety of architectures. Note, libscrypt_b64_encrypt was originally an exported function. This is no longer the case as it is considered an internal function only. + +v1.18: God damnit Apple + +v1.19: Code safety cleanups. Now running Coverity. + +v1.20: Bigfixes involving large N values, return values on error + +<a href="https://scan.coverity.com/projects/2173"> + <img alt="Coverity Scan Build Status" + src="https://scan.coverity.com/projects/2173/badge.svg"/> + </a> @@ -0,0 +1,313 @@ +/* + * Copyright (c) 1996 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ + +/* + * Base64 encode/decode functions from OpenBSD (src/lib/libc/net/base64.c). + */ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <ctype.h> +#include <sys/types.h> + +#include "b64.h" + + +static const char Base64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +static const char Pad64 = '='; + +/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) + The following encoding technique is taken from RFC 1521 by Borenstein + and Freed. It is reproduced here in a slightly edited form for + convenience. + + A 65-character subset of US-ASCII is used, enabling 6 bits to be + represented per printable character. (The extra 65th character, "=", + is used to signify a special processing function.) + + The encoding process represents 24-bit groups of input bits as output + strings of 4 encoded characters. Proceeding from left to right, a + 24-bit input group is formed by concatenating 3 8-bit input groups. + These 24 bits are then treated as 4 concatenated 6-bit groups, each + of which is translated into a single digit in the base64 alphabet. + + Each 6-bit group is used as an index into an array of 64 printable + characters. The character referenced by the index is placed in the + output string. + + Table 1: The Base64 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 A 17 R 34 i 51 z + 1 B 18 S 35 j 52 0 + 2 C 19 T 36 k 53 1 + 3 D 20 U 37 l 54 2 + 4 E 21 V 38 m 55 3 + 5 F 22 W 39 n 56 4 + 6 G 23 X 40 o 57 5 + 7 H 24 Y 41 p 58 6 + 8 I 25 Z 42 q 59 7 + 9 J 26 a 43 r 60 8 + 10 K 27 b 44 s 61 9 + 11 L 28 c 45 t 62 + + 12 M 29 d 46 u 63 / + 13 N 30 e 47 v + 14 O 31 f 48 w (pad) = + 15 P 32 g 49 x + 16 Q 33 h 50 y + + Special processing is performed if fewer than 24 bits are available + at the end of the data being encoded. A full encoding quantum is + always completed at the end of a quantity. When fewer than 24 input + bits are available in an input group, zero bits are added (on the + right) to form an integral number of 6-bit groups. Padding at the + end of the data is performed using the '=' character. + + Since all base64 input is an integral number of octets, only the + ------------------------------------------------- + following cases can arise: + + (1) the final quantum of encoding input is an integral + multiple of 24 bits; here, the final unit of encoded + output will be an integral multiple of 4 characters + with no "=" padding, + (2) the final quantum of encoding input is exactly 8 bits; + here, the final unit of encoded output will be two + characters followed by two "=" padding characters, or + (3) the final quantum of encoding input is exactly 16 bits; + here, the final unit of encoded output will be three + characters followed by one "=" padding character. +*/ + +int +libscrypt_b64_encode(src, srclength, target, targsize) + unsigned char const *src; + size_t srclength; + char *target; + size_t targsize; +{ + size_t datalength = 0; + unsigned char input[3]; + unsigned char output[4]; + unsigned int i; + + while (2 < srclength) { + input[0] = *src++; + input[1] = *src++; + input[2] = *src++; + srclength -= 3; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + output[3] = input[2] & 0x3f; + + if (datalength + 4 > targsize) + return (-1); + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + target[datalength++] = Base64[output[2]]; + target[datalength++] = Base64[output[3]]; + } + + /* Now we worry about padding. */ + if (0 != srclength) { + /* Get what's left. */ + input[0] = input[1] = input[2] = '\0'; + for (i = 0; i < srclength; i++) + input[i] = *src++; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + + if (datalength + 4 > targsize) + return (-1); + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + if (srclength == 1) + target[datalength++] = Pad64; + else + target[datalength++] = Base64[output[2]]; + target[datalength++] = Pad64; + } + if (datalength >= targsize) + return (-1); + target[datalength] = '\0'; /* Returned value doesn't count \0. */ + return (int)(datalength); +} + +/* skips all whitespace anywhere. + converts characters, four at a time, starting at (or after) + src from base - 64 numbers into three 8 bit bytes in the target area. + it returns the number of data bytes stored at the target, or -1 on error. + */ + +int +libscrypt_b64_decode(src, target, targsize) + char const *src; + unsigned char *target; + size_t targsize; +{ + int state, ch; + unsigned int tarindex; + unsigned char nextbyte; + char *pos; + + state = 0; + tarindex = 0; + + while ((ch = (unsigned char)*src++) != '\0') { + if (isspace(ch)) /* Skip whitespace anywhere. */ + continue; + + if (ch == Pad64) + break; + + pos = strchr(Base64, ch); + if (pos == 0) /* A non-base64 character. */ + return (-1); + + switch (state) { + case 0: + if (target) { + if (tarindex >= targsize) + return (-1); + target[tarindex] = (pos - Base64) << 2; + } + state = 1; + break; + case 1: + if (target) { + if (tarindex >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 4; + nextbyte = ((pos - Base64) & 0x0f) << 4; + if (tarindex + 1 < targsize) + target[tarindex+1] = nextbyte; + else if (nextbyte) + return (-1); + } + tarindex++; + state = 2; + break; + case 2: + if (target) { + if (tarindex >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 2; + nextbyte = ((pos - Base64) & 0x03) << 6; + if (tarindex + 1 < targsize) + target[tarindex+1] = nextbyte; + else if (nextbyte) + return (-1); + } + tarindex++; + state = 3; + break; + case 3: + if (target) { + if (tarindex >= targsize) + return (-1); + target[tarindex] |= (pos - Base64); + } + tarindex++; + state = 0; + break; + } + } + + /* + * We are done decoding Base-64 chars. Let's see if we ended + * on a byte boundary, and/or with erroneous trailing characters. + */ + + if (ch == Pad64) { /* We got a pad char. */ + ch = (unsigned char)*src++; /* Skip it, get next. */ + switch (state) { + case 0: /* Invalid = in first position */ + case 1: /* Invalid = in second position */ + return (-1); + + case 2: /* Valid, means one byte of info */ + /* Skip any number of spaces. */ + for (; ch != '\0'; ch = (unsigned char)*src++) + if (!isspace(ch)) + break; + /* Make sure there is another trailing = sign. */ + if (ch != Pad64) + return (-1); + ch = (unsigned char)*src++; /* Skip the = */ + /* Fall through to "single trailing =" case. */ + /* FALLTHROUGH */ + + case 3: /* Valid, means two bytes of info */ + /* + * We know this char is an =. Is there anything but + * whitespace after it? + */ + for (; ch != '\0'; ch = (unsigned char)*src++) + if (!isspace(ch)) + return (-1); + + /* + * Now make sure for cases 2 and 3 that the "extra" + * bits that slopped past the last full byte were + * zeros. If we don't check them, they become a + * subliminal channel. + */ + if (target && tarindex < targsize && + target[tarindex] != 0) + return (-1); + } + } else { + /* + * We ended by seeing the end of the string. Make sure we + * have no partial bytes lying around. + */ + if (state != 0) + return (-1); + } + + return (tarindex); +} @@ -0,0 +1,10 @@ + +/* BASE64 libraries used internally - should not need to be packaged */ + +#define b64_encode_len(A) ((A+2)/3 * 4 + 1) +#define b64_decode_len(A) (A / 4 * 3 + 2) + +int libscrypt_b64_encode(unsigned char const *src, size_t srclength, + /*@out@*/ char *target, size_t targetsize); +int libscrypt_b64_decode(char const *src, /*@out@*/ unsigned char *target, + size_t targetsize); diff --git a/crypto-mcf.c b/crypto-mcf.c index 66e92f0..8ad3eb8 100644 --- a/crypto-mcf.c +++ b/crypto-mcf.c @@ -3,31 +3,47 @@ #include <stdio.h> #include <stdint.h> #include <float.h> - +#include <stdint.h> #include <math.h> +#ifndef S_SPLINT_S /* Including this here triggers a known bug in splint */ +#include <unistd.h> +#endif + #include "libscrypt.h" -/* Although log2 exists in GNU99 C, more portable code shouldn't use it -* Note that this function returns a float and hence is not compatible with the -* GNU prototype -*/ -static double scrypt_log2( uint32_t n ) -{ - // log(n)/log(2) is log2. - double temp; - /* Using the temp variable keeps splint happy */ - temp = log(2); - return (log((double)n) / temp); +/* ilog2 for powers of two */ +static uint32_t scrypt_ilog2(uint32_t n) +{ +#ifndef S_SPLINT_S + + /* Check for a valid power of two */ + if (n < 2 || (n & (n - 1))) + return -1; +#endif + uint32_t t = 1; + while (((uint32_t)1 << t) < n) + { + if(t > SCRYPT_SAFE_N) + return (uint32_t) -1; /* Check for insanity */ + t++; + } + + return t; } -int libscrypt_mcf(uint32_t N, uint32_t r, uint32_t p, char *salt, char *hash, char *mcf) -{ +#ifdef _MSC_VER + #define SNPRINTF _snprintf +#else + #define SNPRINTF snprintf +#endif +int libscrypt_mcf(uint32_t N, uint32_t r, uint32_t p, const char *salt, + const char *hash, char *mcf) +{ - uint32_t params; + uint32_t t, params; int s; - double t, t2, fracpart; if(!mcf || !hash) return 0; @@ -38,15 +54,8 @@ int libscrypt_mcf(uint32_t N, uint32_t r, uint32_t p, char *salt, char *hash, ch if(r > (uint8_t)(-1) || p > (uint8_t)(-1)) return 0; - - t = scrypt_log2(N); - - /* The "whole numebr" check below is non-trivial due to precision - * issues, where you could printf("%d", (int)t) and find yourself - * looking at (expected value) -1 - */ - fracpart = modf(t, &t2); - if(fracpart > DBL_EPSILON) + t = scrypt_ilog2(N); + if (t < 1) return 0; params = (r << 8) + p; @@ -56,7 +65,7 @@ int libscrypt_mcf(uint32_t N, uint32_t r, uint32_t p, char *salt, char *hash, ch * determined that mcf should be defined as at least SCRYPT_MCF_LEN * in length */ - s = snprintf(mcf, SCRYPT_MCF_LEN, SCRYPT_MCF_ID "$%06x$%s$%s", (unsigned int)params, salt, hash); + s = SNPRINTF(mcf, SCRYPT_MCF_LEN, SCRYPT_MCF_ID "$%06x$%s$%s", (unsigned int)params, salt, hash); if (s > SCRYPT_MCF_LEN) return 0; diff --git a/crypto-scrypt-saltgen.c b/crypto-scrypt-saltgen.c index 82af842..a0e2998 100644 --- a/crypto-scrypt-saltgen.c +++ b/crypto-scrypt-saltgen.c @@ -1,25 +1,48 @@ #include <stdlib.h> #include <string.h> -#include <time.h> +#include <stdint.h> +#include <errno.h> +#include <fcntl.h> -#include "sha256.h" +#ifndef S_SPLINT_S /* Including this here triggers a known bug in splint */ +#include <unistd.h> +#endif +#define RNGDEV "/dev/urandom" -void libscrypt_salt_gen(char *rand, size_t len) +int libscrypt_salt_gen(uint8_t *salt, size_t len) { + unsigned char buf[len]; + size_t data_read = 0; + int urandom = open(RNGDEV, O_RDONLY); - unsigned char buf[32]; - time_t current_time; - char *c_time_string; + if (urandom < 0) + { + return -1; + } - SHA256_CTX ctx; + while (data_read < len) { + ssize_t result = read(urandom, buf + data_read, len - data_read); - SHA256_Init(&ctx ); - current_time = time(NULL); - c_time_string = ctime(¤t_time); - SHA256_Update(&ctx, c_time_string, strlen(c_time_string)); - SHA256_Final(buf, &ctx); + if (result < 0) + { + if (errno == EINTR || errno == EAGAIN) { + continue; + } - memcpy(rand, buf, len); + else { + (void)close(urandom); + return -1; + } + } + data_read += result; + } + + /* Failures on close() shouldn't occur with O_RDONLY */ + (void)close(urandom); + + memcpy(salt, buf, len); + + return 0; } diff --git a/crypto_scrypt-check.c b/crypto_scrypt-check.c index 1aaa88a..7ac0e0c 100644 --- a/crypto_scrypt-check.c +++ b/crypto_scrypt-check.c @@ -3,35 +3,34 @@ #include <stdio.h> #include <math.h> +#include "b64.h" +#include "slowequals.h" #include "libscrypt.h" -/* pow() works with doubles. Sounds like it should cast to int correctly, -* but doesn't always. This is faster anyway -*/ -static uint16_t ipow(uint16_t base, uint32_t exp) -{ - uint16_t result = 1; - while (exp != 0) - { - if ((exp & 1) != 0) - result *= base; - exp >>= 1; - base *= base; - } - - return result; -} +#ifdef _WIN32 +/* On windows, strtok uses a thread-local static variable in strtok to + * make strtok thread-safe. It also neglects to provide a strtok_r. */ +#define strtok_r(str, val, saveptr) strtok((str), (val)) +#endif -int libscrypt_check(char *mcf, char *password) +int libscrypt_check(char *mcf, const char *password) { + /* Return values: + * <0 error + * == 0 password incorrect + * >0 correct password + */ +#ifndef _WIN32 + char *saveptr = NULL; +#endif uint32_t params; - uint16_t N; + uint64_t N; uint8_t r, p; int retval; uint8_t hashbuf[64]; char outbuf[128]; - char salt[32]; + uint8_t salt[32]; char *tok; if(memcmp(mcf, SCRYPT_MCF_ID, 3) != 0) @@ -40,8 +39,11 @@ int libscrypt_check(char *mcf, char *password) return -1; } - tok = strtok(mcf, "$"); - tok = strtok(NULL, "$"); + tok = strtok_r(mcf, "$", &saveptr); + if ( !tok ) + return -1; + + tok = strtok_r(NULL, "$", &saveptr); if ( !tok ) return -1; @@ -50,7 +52,7 @@ int libscrypt_check(char *mcf, char *password) if ( params == 0 ) return -1; - tok = strtok(NULL, "$"); + tok = strtok_r(NULL, "$", &saveptr); if ( !tok ) return -1; @@ -58,34 +60,43 @@ int libscrypt_check(char *mcf, char *password) p = params & 0xff; r = (params >> 8) & 0xff; N = params >> 16; - N = ipow(2, N); + + if (N > SCRYPT_SAFE_N) + return -1; + + N = (uint64_t)1 << N; /* Useful debugging: printf("We've obtained salt 'N' r p of '%s' %d %d %d\n", tok, N,r,p); */ - retval = libscrypt_b64_decode(salt, tok, strlen(tok)); + memset(salt, 0, sizeof(salt)); /* Keeps splint happy */ + retval = libscrypt_b64_decode(tok, (unsigned char*)salt, sizeof(salt)); if (retval < 1) return -1; - retval = libscrypt_scrypt((uint8_t*)password,strlen(password), (uint8_t*)salt, (uint32_t)retval, N, r, p, hashbuf, sizeof(hashbuf)); + + retval = libscrypt_scrypt((uint8_t*)password, strlen(password), salt, + (uint32_t)retval, N, r, p, hashbuf, sizeof(hashbuf)); if (retval != 0) - return retval; + return -1; + + retval = libscrypt_b64_encode((unsigned char*)hashbuf, sizeof(hashbuf), + outbuf, sizeof(outbuf)); - retval = libscrypt_b64_encode(outbuf, (char*)hashbuf, sizeof(hashbuf)); if (retval == 0) return -1; - tok = strtok(NULL, "$"); + tok = strtok_r(NULL, "$", &saveptr); if ( !tok ) return -1; - if(strcmp(tok, outbuf) == 0) + if(slow_equals(tok, outbuf) == 0) { - return 1; + return 0; } - return 0; + return 1; /* This is the "else" condition */ } diff --git a/crypto_scrypt-hash.c b/crypto_scrypt-hash.c index 4d4e7aa..4b41007 100644 --- a/crypto_scrypt-hash.c +++ b/crypto_scrypt-hash.c @@ -3,33 +3,41 @@ #include <stdio.h> #include <stdint.h> +#include "b64.h" #include "libscrypt.h" -int libscrypt_hash(char *dst, char *passphrase, uint32_t N, uint8_t r, uint8_t p) +int libscrypt_hash(char *dst, const char *passphrase, uint32_t N, uint8_t r, + uint8_t p) { int retval; - char salt[16]; - uint8_t hashbuf[64]; + uint8_t salt[SCRYPT_SALT_LEN]; + uint8_t hashbuf[SCRYPT_HASH_LEN]; char outbuf[256]; char saltbuf[256]; - libscrypt_salt_gen(salt, 16); + if(libscrypt_salt_gen(salt, SCRYPT_SALT_LEN) == -1) + { + return 0; + } - retval = libscrypt_scrypt((uint8_t*)passphrase,strlen(passphrase), (uint8_t*)salt, sizeof(salt), N, r, p, hashbuf, sizeof(hashbuf)); + retval = libscrypt_scrypt((const uint8_t*)passphrase, strlen(passphrase), + (uint8_t*)salt, SCRYPT_SALT_LEN, N, r, p, hashbuf, sizeof(hashbuf)); if(retval == -1) return 0; - retval = libscrypt_b64_encode(outbuf, (char*)hashbuf, sizeof(hashbuf)); + retval = libscrypt_b64_encode((unsigned char*)hashbuf, sizeof(hashbuf), + outbuf, sizeof(outbuf)); if(retval == -1) return 0; - retval = libscrypt_b64_encode(saltbuf, salt, sizeof(salt)); + retval = libscrypt_b64_encode((unsigned char *)salt, sizeof(salt), + saltbuf, sizeof(saltbuf)); if(retval == -1) return 0; - retval = libscrypt_mcf(N, r, p, saltbuf, outbuf, dst); - if(retval == -1) + retval = libscrypt_mcf(N, r, p, saltbuf, outbuf, dst); + if(retval != 1) return 0; return 1; diff --git a/crypto_scrypt-hexconvert.c b/crypto_scrypt-hexconvert.c index ececbd9..3df12a0 100644 --- a/crypto_scrypt-hexconvert.c +++ b/crypto_scrypt-hexconvert.c @@ -3,6 +3,11 @@ #include <stdio.h> #include <stdint.h> +/* The hexconvert function is only used to test reference vectors against + * known answers. The contents of this file are therefore a component + * to assist with test harnesses only + */ + int libscrypt_hexconvert(uint8_t *buf, size_t s, char *outbuf, size_t obs) { diff --git a/crypto_scrypt-hexconvert.h b/crypto_scrypt-hexconvert.h new file mode 100644 index 0000000..8175b24 --- /dev/null +++ b/crypto_scrypt-hexconvert.h @@ -0,0 +1,9 @@ + +#include <stdint.h> + +/** + * Converts a binary string to a hex representation of that string + * outbuf must have size of at least buf * 2 + 1. + */ +int libscrypt_hexconvert(const uint8_t *buf, size_t s, char *outbuf, + size_t obs); diff --git a/crypto_scrypt-nosse.c b/crypto_scrypt-nosse.c index 845f014..311e84a 100644 --- a/crypto_scrypt-nosse.c +++ b/crypto_scrypt-nosse.c @@ -28,8 +28,9 @@ */ #include <sys/types.h> +#ifndef _WIN32 #include <sys/mman.h> - +#endif #include <errno.h> #include <stdint.h> #include <stdlib.h> @@ -227,7 +228,7 @@ smix(uint8_t * B, size_t r, uint64_t N, uint32_t * V, uint32_t * XY) * must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32. The parameter N * must be a power of 2 greater than 1. * - * Return 0 on success; or -1 on error. + * Return 0 on success; or error code defined by errno.h. */ int libscrypt_scrypt(const uint8_t * passwd, size_t passwdlen, @@ -251,7 +252,11 @@ libscrypt_scrypt(const uint8_t * passwd, size_t passwdlen, errno = EFBIG; goto err0; } - if (((N & (N - 1)) != 0) || (N == 0)) { + if (r == 0 || p == 0) { + errno = EINVAL; + goto err0; + } + if (((N & (N - 1)) != 0) || (N < 2)) { errno = EINVAL; goto err0; } @@ -303,7 +308,7 @@ libscrypt_scrypt(const uint8_t * passwd, size_t passwdlen, #endif /* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */ - PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, p * 128 * r); + libscrypt_PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, p * 128 * r); /* 2: for i = 0 to p - 1 do */ for (i = 0; i < p; i++) { @@ -312,7 +317,7 @@ libscrypt_scrypt(const uint8_t * passwd, size_t passwdlen, } /* 5: DK <-- PBKDF2(P, B, 1, dkLen) */ - PBKDF2_SHA256(passwd, passwdlen, B, p * 128 * r, 1, buf, buflen); + libscrypt_PBKDF2_SHA256(passwd, passwdlen, B, p * 128 * r, 1, buf, buflen); /* Free memory. */ #ifdef MAP_ANON @@ -333,5 +338,5 @@ err1: free(B0); err0: /* Failure! */ - return (-1); + return (errno); } diff --git a/libscrypt.h b/libscrypt.h index b244d8d..b7141f5 100644 --- a/libscrypt.h +++ b/libscrypt.h @@ -6,6 +6,10 @@ #include <stdint.h> +#ifdef __cplusplus +extern "C"{ +#endif + /** * crypto_scrypt(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen): * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r, @@ -25,35 +29,37 @@ int libscrypt_scrypt(const uint8_t *, size_t, const uint8_t *, size_t, uint64_t, uint32_t, uint32_t, /*@out@*/ uint8_t *, size_t); -/** - * Converts a binary string to a hex representation of that string - * outbuf must have size of at least buf * 2 + 1. - */ -int libscrypt_hexconvert(uint8_t *buf, size_t s, char *outbuf, size_t obs); - /* Converts a series of input parameters to a MCF form for storage */ -int libscrypt_mcf(uint32_t N, uint32_t r, uint32_t p, char *salt, char *hash, char *mcf); +int libscrypt_mcf(uint32_t N, uint32_t r, uint32_t p, const char *salt, + const char *hash, char *mcf); -/* Generates a salt. This is not a cryptographically unpredictable function, - * but should produce appropriately randomised output for this purpose +#ifndef _MSC_VER +/* Generates a salt. Uses /dev/urandom/ */ -void libscrypt_salt_gen(/*@out@*/ char *rand, size_t len); - -/* Checks a given MCF against a password */ -int libscrypt_check(char *mcf, char *password); +int libscrypt_salt_gen(/*@out@*/ uint8_t *rand, size_t len); /* Creates a hash of a passphrase using a randomly generated salt */ -int libscrypt_hash(char *dst, char* passphrase, uint32_t N, uint8_t r, uint8_t p); +/* Returns >0 on success, or 0 for fail */ +int libscrypt_hash(char *dst, const char* passphrase, uint32_t N, uint8_t r, + uint8_t p); +#endif -int libscrypt_b64_encode(/*@out@*/ char* dest, const char* str, size_t len); -int libscrypt_b64_decode(/*@out@*/ char* dest, const char* src, size_t len); +/* Checks a given MCF against a password */ +int libscrypt_check(char *mcf, const char *password); +#ifdef __cplusplus +} +#endif /* Sane default values */ #define SCRYPT_HASH_LEN 64 /* This can be user defined - *but 64 is the reference size */ -#define SCRYPT_MCF_LEN 124 /* mcf is 120 byte + nul */ +#define SCRYPT_SAFE_N 30 /* This is much higher than you want. It's just + * a blocker for insane defines + */ +#define SCRYPT_SALT_LEN 16 /* This is just a recommended size */ +#define SCRYPT_MCF_LEN 125 /* mcf is 120 byte + nul */ #define SCRYPT_MCF_ID "$s1" #define SCRYPT_N 16384 #define SCRYPT_r 8 diff --git a/libscrypt.version b/libscrypt.version index 7f4cbc0..9cc574d 100644 --- a/libscrypt.version +++ b/libscrypt.version @@ -1,10 +1,8 @@ libscrypt { global: libscrypt_check; libscrypt_hash; -libscrypt_hexconvert; libscrypt_mcf; libscrypt_salt_gen; libscrypt_scrypt; -libscrypt_b64_encode; local: *; }; @@ -2,6 +2,8 @@ #include <string.h> #include <stdio.h> +#include "b64.h" +#include "crypto_scrypt-hexconvert.h" #include "libscrypt.h" #define REF1 "fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640" @@ -111,17 +113,18 @@ int main() * Correct buffer length can be determined using the below function if retuired. * char* dest = (char*) malloc(modp_b64_encode_len); + * Note that this is not an exported function */ printf("TEST SEVEN: BASE64 encoding the salt and hash output\n"); - retval = libscrypt_b64_encode(outbuf, (char*)hashbuf, sizeof(hashbuf)); + retval = libscrypt_b64_encode(hashbuf, sizeof(hashbuf), outbuf, sizeof(outbuf)); if(retval == -1) { printf("TEST SEVEN FAILED\n"); exit(EXIT_FAILURE); } - retval = libscrypt_b64_encode(saltbuf, "SodiumChloride", strlen("SodiumChloride")); + retval = libscrypt_b64_encode((unsigned char*)"SodiumChloride", strlen("SodiumChloride"), saltbuf, sizeof(saltbuf)); if(retval == -1) { printf("TEST SEVEN FAILED\n"); @@ -187,13 +190,18 @@ int main() printf("TEST TEN: SUCCESSFUL, refused incorrect password\n"); printf("TEST ELEVEN: Testing salt generator\n"); - /* TODO: I'm not presently sure how this function could fail */ - libscrypt_salt_gen(saltbuf, 16); - retval = libscrypt_b64_encode(saltbuf, (char*)saltbuf, 16); + retval = libscrypt_salt_gen((uint8_t*)saltbuf, SCRYPT_SALT_LEN); if(retval == -1) { - printf("TEST ELEVEN FAILED\n"); + printf("TEST ELEVEN (salt generate) FAILED\n"); + exit(EXIT_FAILURE); + } + + retval = libscrypt_b64_encode((uint8_t*)saltbuf, SCRYPT_SALT_LEN, outbuf, sizeof(outbuf)); + if(retval == -1) + { + printf("TEST ELEVEN (b64 encode) FAILED\n"); exit(EXIT_FAILURE); } printf("TEST ELEVEN: SUCCESSFUL, Generated %s\n", outbuf); @@ -206,7 +214,18 @@ int main() printf("TEST TWELVE: FAILED, Failed to create simple hash\n"); exit(EXIT_FAILURE); } - printf("TEST TWELVE: SUCCESSSFUL. Received the following from simple hash:\n%s\n", outbuf); + printf("TEST TWELVE: SUCCESSFUL. Received the following from simple hash:\n%s\n", outbuf); + + printf("TEST THIRTEEN: Verify test twelve's hash\n"); + + retval = libscrypt_check(outbuf, "My cats's breath smells like cat food"); + + if (retval != 1) { + printf("TEST THIRTEEN: FAILED, hash not verified\n"); + exit(EXIT_FAILURE); + } + + printf("TEST THIRTEEN: SUCCESSFUL\n"); return 0; } diff --git a/modp_b64.c b/modp_b64.c deleted file mode 100644 index 9215b45..0000000 --- a/modp_b64.c +++ /dev/null @@ -1,264 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 4 -*- */ -/* vi: set expandtab shiftwidth=4 tabstop=4: */ -/** - * \file modp_b64.c - * <PRE> - * MODP_B64 - High performance base64 encoder/decoder - * http://code.google.com/p/stringencoders/ - * - * Copyright © 2005, 2006, 2007 Nick Galbreath -- nickg [at] modp [dot] com - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are - * met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * Neither the name of the modp.com nor the names of its - * contributors may be used to endorse or promote products derived from - * this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * This is the standard "new" BSD license: - * http://www.opensource.org/licenses/bsd-license.php - * </PRE> - */ - -/* public header */ -#include "modp_b64.h" - - -/* if on motoral, sun, ibm; uncomment this */ -/* #define WORDS_BIGENDIAN 1 */ -/* else for Intel, Amd; uncomment this */ -/* #undef WORDS_BIGENDIAN */ - -#include "modp_b64_data.h" - -#define BADCHAR 0x01FFFFFF - -/** - * you can control if we use padding by commenting out this - * next line. However, I highly recommend you use padding and not - * using it should only be for compatability with a 3rd party. - * Also, 'no padding' is not tested! - */ -#define DOPAD 1 - -/* - * if we aren't doing padding - * set the pad character to NULL - */ -#ifndef DOPAD -#undef CHARPAD -#define CHARPAD '\0' -#endif - -int libscrypt_b64_encode(char* dest, const char* str, size_t len) -{ - int i; - const uint8_t* s = (const uint8_t*) str; - uint8_t* p = (uint8_t*) dest; - - /* unsigned here is important! */ - /* uint8_t is fastest on G4, amd */ - /* uint32_t is fastest on Intel */ - uint32_t t1, t2, t3; - - for (i = 0; i < len - 2; i += 3) { - t1 = s[i]; t2 = s[i+1]; t3 = s[i+2]; - *p++ = e0[t1]; - *p++ = e1[((t1 & 0x03) << 4) | ((t2 >> 4) & 0x0F)]; - *p++ = e1[((t2 & 0x0F) << 2) | ((t3 >> 6) & 0x03)]; - *p++ = e2[t3]; - } - - switch (len - i) { - case 0: - break; - case 1: - t1 = s[i]; - *p++ = e0[t1]; - *p++ = e1[(t1 & 0x03) << 4]; - *p++ = CHARPAD; - *p++ = CHARPAD; - break; - default: /* case 2 */ - t1 = s[i]; t2 = s[i+1]; - *p++ = e0[t1]; - *p++ = e1[((t1 & 0x03) << 4) | ((t2 >> 4) & 0x0F)]; - *p++ = e2[(t2 & 0x0F) << 2]; - *p++ = CHARPAD; - } - - *p = '\0'; - return (int)(p - (uint8_t*)dest); -} - -#ifdef WORDS_BIGENDIAN /* BIG ENDIAN -- SUN / IBM / MOTOROLA */ -int libscrypt_b64_decode(char* dest, const char* src, size_t len) -{ - int i; - if (len == 0) return 0; - -#ifdef DOPAD - /* if padding is used, then the message must be at least - 4 chars and be a multiple of 4. - there can be at most 2 pad chars at the end */ - if (len < 4 || (len % 4 != 0)) return -1; - if (src[len-1] == CHARPAD) { - len--; - if (src[len -1] == CHARPAD) { - len--; - } - } -#endif /* DOPAD */ - - int leftover = len % 4; - int chunks = (leftover == 0) ? len / 4 - 1 : len /4; - - uint8_t* p = (uint8_t*) dest; - uint32_t x = 0; - uint32_t* destInt = (uint32_t*) p; - uint32_t* srcInt = (uint32_t*) src; - uint32_t y = *srcInt++; - for (i = 0; i < chunks; ++i) { - x = d0[y >> 24 & 0xff] | d1[y >> 16 & 0xff] | - d2[y >> 8 & 0xff] | d3[y & 0xff]; - - if (x >= BADCHAR) return -1; - *destInt = x << 8; - p += 3; - destInt = (uint32_t*)p; - y = *srcInt++; - } - - switch (leftover) { - case 0: - x = d0[y >> 24 & 0xff] | d1[y >> 16 & 0xff] | - d2[y >> 8 & 0xff] | d3[y & 0xff]; - if (x >= BADCHAR) return -1; - *p++ = ((uint8_t*)&x)[1]; - *p++ = ((uint8_t*)&x)[2]; - *p = ((uint8_t*)&x)[3]; - return (chunks+1)*3; -#ifndef DOPAD - case 1: /* with padding this is an impossible case */ - x = d3[y >> 24]; - *p = (uint8_t)x; - break; -#endif - case 2: - x = d3[y >> 24] *64 + d3[(y >> 16) & 0xff]; - *p = (uint8_t)(x >> 4); - break; - default: /* case 3 */ - x = (d3[y >> 24] *64 + d3[(y >> 16) & 0xff])*64 + - d3[(y >> 8) & 0xff]; - *p++ = (uint8_t) (x >> 10); - *p = (uint8_t) (x >> 2); - break; - } - - if (x >= BADCHAR) return -1; - return 3*chunks + (6*leftover)/8; -} - -#else /* LITTLE ENDIAN -- INTEL AND FRIENDS */ - -int libscrypt_b64_decode(char* dest, const char* src, size_t len) -{ - int i; - if (len == 0) return 0; - -#ifdef DOPAD - /* - * if padding is used, then the message must be at least - * 4 chars and be a multiple of 4 - */ - if (len < 4 || (len % 4 != 0)) return -1; /* error */ - /* there can be at most 2 pad chars at the end */ - if (src[len-1] == CHARPAD) { - len--; - if (src[len -1] == CHARPAD) { - len--; - } - } -#endif - - int leftover = len % 4; - int chunks = (leftover == 0) ? len / 4 - 1 : len /4; - - uint8_t* p = (uint8_t*) dest; - uint32_t x = 0; - uint32_t* destInt = (uint32_t*) p; - uint32_t* srcInt = (uint32_t*) src; - uint32_t y = *srcInt++; - for (i = 0; i < chunks; ++i) { - x = d0[y & 0xff] | - d1[(y >> 8) & 0xff] | - d2[(y >> 16) & 0xff] | - d3[(y >> 24) & 0xff]; - - if (x >= BADCHAR) return -1; - *destInt = x ; - p += 3; - destInt = (uint32_t*)p; - y = *srcInt++;} - - - switch (leftover) { - case 0: - x = d0[y & 0xff] | - d1[(y >> 8) & 0xff] | - d2[(y >> 16) & 0xff] | - d3[(y >> 24) & 0xff]; - - if (x >= BADCHAR) return -1; - *p++ = ((uint8_t*)(&x))[0]; - *p++ = ((uint8_t*)(&x))[1]; - *p = ((uint8_t*)(&x))[2]; - return (chunks+1)*3; - break; -#ifndef DOPAD - case 1: /* with padding this is an impossible case */ - x = d0[y & 0xff]; - *p = *((uint8_t*)(&x)); // i.e. first char/byte in int - break; -#endif - case 2: // * case 2, 1 output byte */ - x = d0[y & 0xff] | d1[y >> 8 & 0xff]; - *p = *((uint8_t*)(&x)); // i.e. first char - break; - default: /* case 3, 2 output bytes */ - x = d0[y & 0xff] | - d1[y >> 8 & 0xff ] | - d2[y >> 16 & 0xff]; /* 0x3c */ - *p++ = ((uint8_t*)(&x))[0]; - *p = ((uint8_t*)(&x))[1]; - break; - } - - if (x >= BADCHAR) return -1; - - return 3*chunks + (6*leftover)/8; -} - -#endif /* if bigendian / else / endif */ diff --git a/modp_b64.h b/modp_b64.h deleted file mode 100644 index 720049e..0000000 --- a/modp_b64.h +++ /dev/null @@ -1,235 +0,0 @@ -/* -*- mode: c++; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 4 -*- */ -/* vi: set expandtab shiftwidth=4 tabstop=4: */ - -/** - * \file - * <PRE> - * High performance base64 encoder / decoder - * - * Copyright © 2005, 2006, 2007 Nick Galbreath -- nickg [at] modp [dot] com - * All rights reserved. - * - * http://code.google.com/p/stringencoders/ - * - * Released under bsd license. See modp_b64.c for details. - * </pre> - * - * This uses the standard base 64 alphabet. If you are planning - * to embed a base 64 encoding inside a URL use modp_b64w instead. - * - */ - -#ifndef COM_MODP_STRINGENCODERS_B64 -#define COM_MODP_STRINGENCODERS_B64 - -#ifdef __cplusplus -#define BEGIN_C extern "C" { -#define END_C } -#else -#define BEGIN_C -#define END_C -#endif - -BEGIN_C - -/** - * Encode a raw binary string into base 64. - * \param[out] dest should be allocated by the caller to contain - * at least modp_b64_encode_len(len) bytes (see below) - * This will contain the null-terminated b64 encoded result - * \param[in] src contains the bytes - * \param[in] len contains the number of bytes in the src - * \return length of the destination string plus the ending null byte - * i.e. the result will be equal to strlen(dest) + 1 - * - * Example - * - * \code - * char* src = ...; - * int srclen = ...; //the length of number of bytes in src - * char* dest = (char*) malloc(modp_b64_encode_len); - * int len = modp_b64_encode(dest, src, sourcelen); - * if (len == -1) { - * printf("Error\n"); - * } else { - * printf("b64 = %s\n", dest); - * } - * \endcode - * - */ -#include <string.h> -int libscrypt_b64_encode(char* dest, const char* str, size_t len); - -/** - * Decode a base64 encoded string - * - * \param[out] dest should be allocated by the caller to contain at least - * len * 3 / 4 bytes. The destination cannot be the same as the source - * They must be different buffers. - * \param[in] src should contain exactly len bytes of b64 characters. - * if src contains -any- non-base characters (such as white - * space, -1 is returned. - * \param[in] len is the length of src - * - * \return the length (strlen) of the output, or -1 if unable to - * decode - * - * \code - * char* src = ...; - * int srclen = ...; // or if you don't know use strlen(src) - * char* dest = (char*) malloc(modp_b64_decode_len(srclen)); - * int len = modp_b64_decode(dest, src, sourcelen); - * if (len == -1) { error } - * \endcode - */ -int libscrypt_b64_decode(char* dest, const char* src, size_t len); - -/** - * Given a source string of length len, this returns the amount of - * memory the destination string should have. - * - * remember, this is integer math - * 3 bytes turn into 4 chars - * ceiling[len / 3] * 4 + 1 - * - * +1 is for any extra null. - */ -#define modp_b64_encode_len(A) ((A+2)/3 * 4 + 1) - -/** - * Given a base64 string of length len, - * this returns the amount of memory required for output string - * It maybe be more than the actual number of bytes written. - * NOTE: remember this is integer math - * this allocates a bit more memory than traditional versions of b64 - * decode 4 chars turn into 3 bytes - * floor[len * 3/4] + 2 - */ -#define modp_b64_decode_len(A) (A / 4 * 3 + 2) - -/** - * Will return the strlen of the output from encoding. - * This may be less than the required number of bytes allocated. - * - * This allows you to 'deserialized' a struct - * \code - * char* b64encoded = "..."; - * int len = strlen(b64encoded); - * - * struct datastuff foo; - * if (modp_b64_encode_strlen(sizeof(struct datastuff)) != len) { - * // wrong size - * return false; - * } else { - * // safe to do; - * if (modp_b64_decode((char*) &foo, b64encoded, len) == -1) { - * // bad characters - * return false; - * } - * } - * // foo is filled out now - * \endcode - */ -#define modp_b64_encode_strlen(A) ((A + 2)/ 3 * 4) - -END_C - -#ifdef __cplusplus -#include <cstring> -#include <string> - -namespace modp { - /** \brief b64 encode a cstr with len - * - * \param[in] s the input string to encode - * \param[in] len the length of the input string - * \return a newly allocated b64 string. Empty if failed. - */ - inline std::string b64_encode(const char* s, size_t len) - { - std::string x(modp_b64_encode_len(len), '\0'); - int d = modp_b64_encode(const_cast<char*>(x.data()), s, - static_cast<int>(len)); - x.erase(d, std::string::npos); - return x; - } - - /** \brief b64 encode a cstr - * - * \param[in] s the input string to encode - * \return a newly allocated b64 string. Empty if failed. - */ - inline std::string b64_encode(const char* s) - { - return b64_encode(s, static_cast<int>(strlen(s))); - } - - /** \brief b64 encode a const std::string - * - * \param[in] s the input string to encode - * \return a newly allocated b64 string. Empty if failed. - */ - inline std::string b64_encode(const std::string& s) - { - return b64_encode(s.data(), s.size()); - } - - /** - * base 64 encode a string (self-modifing) - * - * This function is for C++ only (duh) - * - * \param[in,out] s the string to be decoded - * \return a reference to the input string - */ - inline std::string& b64_encode(std::string& s) - { - std::string x(b64_encode(s.data(), s.size())); - s.swap(x); - return s; - } - - inline std::string b64_decode(const char* src, size_t len) - { - std::string x(modp_b64_decode_len(len)+1, '\0'); - int d = modp_b64_decode(const_cast<char*>(x.data()), src, - static_cast<int>(len)); - if (d < 0) { - x.clear(); - } else { - x.erase(d, std::string::npos); - } - return x; - } - - inline std::string b64_decode(const char* src) - { - return b64_decode(src, strlen(src)); - } - - /** - * base 64 decode a string (self-modifing) - * On failure, the string is empty. - * - * This function is for C++ only (duh) - * - * \param[in,out] s the string to be decoded - * \return a reference to the input string - */ - inline std::string& b64_decode(std::string& s) - { - std::string x(b64_decode(s.data(), s.size())); - s.swap(x); - return s; - } - - inline std::string b64_decode(const std::string& s) - { - return b64_decode(s.data(), s.size()); - } - -} - -#endif /* __cplusplus */ - -#endif /* MODP_B64 */ diff --git a/modp_b64_data.h b/modp_b64_data.h deleted file mode 100644 index 4fb321c..0000000 --- a/modp_b64_data.h +++ /dev/null @@ -1,480 +0,0 @@ -#include <stdint.h> -#define CHAR62 '+' -#define CHAR63 '/' -#define CHARPAD '=' -static const unsigned char e0[256] = { - 'A', 'A', 'A', 'A', 'B', 'B', 'B', 'B', 'C', 'C', - 'C', 'C', 'D', 'D', 'D', 'D', 'E', 'E', 'E', 'E', - 'F', 'F', 'F', 'F', 'G', 'G', 'G', 'G', 'H', 'H', - 'H', 'H', 'I', 'I', 'I', 'I', 'J', 'J', 'J', 'J', - 'K', 'K', 'K', 'K', 'L', 'L', 'L', 'L', 'M', 'M', - 'M', 'M', 'N', 'N', 'N', 'N', 'O', 'O', 'O', 'O', - 'P', 'P', 'P', 'P', 'Q', 'Q', 'Q', 'Q', 'R', 'R', - 'R', 'R', 'S', 'S', 'S', 'S', 'T', 'T', 'T', 'T', - 'U', 'U', 'U', 'U', 'V', 'V', 'V', 'V', 'W', 'W', - 'W', 'W', 'X', 'X', 'X', 'X', 'Y', 'Y', 'Y', 'Y', - 'Z', 'Z', 'Z', 'Z', 'a', 'a', 'a', 'a', 'b', 'b', - 'b', 'b', 'c', 'c', 'c', 'c', 'd', 'd', 'd', 'd', - 'e', 'e', 'e', 'e', 'f', 'f', 'f', 'f', 'g', 'g', - 'g', 'g', 'h', 'h', 'h', 'h', 'i', 'i', 'i', 'i', - 'j', 'j', 'j', 'j', 'k', 'k', 'k', 'k', 'l', 'l', - 'l', 'l', 'm', 'm', 'm', 'm', 'n', 'n', 'n', 'n', - 'o', 'o', 'o', 'o', 'p', 'p', 'p', 'p', 'q', 'q', - 'q', 'q', 'r', 'r', 'r', 'r', 's', 's', 's', 's', - 't', 't', 't', 't', 'u', 'u', 'u', 'u', 'v', 'v', - 'v', 'v', 'w', 'w', 'w', 'w', 'x', 'x', 'x', 'x', - 'y', 'y', 'y', 'y', 'z', 'z', 'z', 'z', '0', '0', - '0', '0', '1', '1', '1', '1', '2', '2', '2', '2', - '3', '3', '3', '3', '4', '4', '4', '4', '5', '5', - '5', '5', '6', '6', '6', '6', '7', '7', '7', '7', - '8', '8', '8', '8', '9', '9', '9', '9', '+', '+', - '+', '+', '/', '/', '/', '/' -}; - -static const unsigned char e1[256] = { - 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', - 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', - 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', - 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', - 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', - 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', - '8', '9', '+', '/', 'A', 'B', 'C', 'D', 'E', 'F', - 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', - 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', - 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', - 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', - 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', - '4', '5', '6', '7', '8', '9', '+', '/', 'A', 'B', - 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', - 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', - 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', - 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', - 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', - '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', - '+', '/', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', - 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', - 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', - 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', - 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', - 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', - '6', '7', '8', '9', '+', '/' -}; - -static const unsigned char e2[256] = { - 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', - 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', - 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', - 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', - 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', - 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', - '8', '9', '+', '/', 'A', 'B', 'C', 'D', 'E', 'F', - 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', - 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', - 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', - 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', - 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', - '4', '5', '6', '7', '8', '9', '+', '/', 'A', 'B', - 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', - 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', - 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', - 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', - 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', - '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', - '+', '/', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', - 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', - 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', - 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', - 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', - 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', - '6', '7', '8', '9', '+', '/' -}; - - - -#ifdef WORDS_BIGENDIAN - - -/* SPECIAL DECODE TABLES FOR BIG ENDIAN (IBM/MOTOROLA/SUN) CPUS */ - -static const uint32_t d0[256] = { -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x00f80000, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x00fc0000, -0x00d00000, 0x00d40000, 0x00d80000, 0x00dc0000, 0x00e00000, 0x00e40000, -0x00e80000, 0x00ec0000, 0x00f00000, 0x00f40000, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x00000000, -0x00040000, 0x00080000, 0x000c0000, 0x00100000, 0x00140000, 0x00180000, -0x001c0000, 0x00200000, 0x00240000, 0x00280000, 0x002c0000, 0x00300000, -0x00340000, 0x00380000, 0x003c0000, 0x00400000, 0x00440000, 0x00480000, -0x004c0000, 0x00500000, 0x00540000, 0x00580000, 0x005c0000, 0x00600000, -0x00640000, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x00680000, 0x006c0000, 0x00700000, 0x00740000, 0x00780000, -0x007c0000, 0x00800000, 0x00840000, 0x00880000, 0x008c0000, 0x00900000, -0x00940000, 0x00980000, 0x009c0000, 0x00a00000, 0x00a40000, 0x00a80000, -0x00ac0000, 0x00b00000, 0x00b40000, 0x00b80000, 0x00bc0000, 0x00c00000, -0x00c40000, 0x00c80000, 0x00cc0000, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff -}; - - -static const uint32_t d1[256] = { -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x0003e000, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x0003f000, -0x00034000, 0x00035000, 0x00036000, 0x00037000, 0x00038000, 0x00039000, -0x0003a000, 0x0003b000, 0x0003c000, 0x0003d000, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x00000000, -0x00001000, 0x00002000, 0x00003000, 0x00004000, 0x00005000, 0x00006000, -0x00007000, 0x00008000, 0x00009000, 0x0000a000, 0x0000b000, 0x0000c000, -0x0000d000, 0x0000e000, 0x0000f000, 0x00010000, 0x00011000, 0x00012000, -0x00013000, 0x00014000, 0x00015000, 0x00016000, 0x00017000, 0x00018000, -0x00019000, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x0001a000, 0x0001b000, 0x0001c000, 0x0001d000, 0x0001e000, -0x0001f000, 0x00020000, 0x00021000, 0x00022000, 0x00023000, 0x00024000, -0x00025000, 0x00026000, 0x00027000, 0x00028000, 0x00029000, 0x0002a000, -0x0002b000, 0x0002c000, 0x0002d000, 0x0002e000, 0x0002f000, 0x00030000, -0x00031000, 0x00032000, 0x00033000, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff -}; - - -static const uint32_t d2[256] = { -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x00000f80, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x00000fc0, -0x00000d00, 0x00000d40, 0x00000d80, 0x00000dc0, 0x00000e00, 0x00000e40, -0x00000e80, 0x00000ec0, 0x00000f00, 0x00000f40, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x00000000, -0x00000040, 0x00000080, 0x000000c0, 0x00000100, 0x00000140, 0x00000180, -0x000001c0, 0x00000200, 0x00000240, 0x00000280, 0x000002c0, 0x00000300, -0x00000340, 0x00000380, 0x000003c0, 0x00000400, 0x00000440, 0x00000480, -0x000004c0, 0x00000500, 0x00000540, 0x00000580, 0x000005c0, 0x00000600, -0x00000640, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x00000680, 0x000006c0, 0x00000700, 0x00000740, 0x00000780, -0x000007c0, 0x00000800, 0x00000840, 0x00000880, 0x000008c0, 0x00000900, -0x00000940, 0x00000980, 0x000009c0, 0x00000a00, 0x00000a40, 0x00000a80, -0x00000ac0, 0x00000b00, 0x00000b40, 0x00000b80, 0x00000bc0, 0x00000c00, -0x00000c40, 0x00000c80, 0x00000cc0, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff -}; - - -static const uint32_t d3[256] = { -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x0000003e, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x0000003f, -0x00000034, 0x00000035, 0x00000036, 0x00000037, 0x00000038, 0x00000039, -0x0000003a, 0x0000003b, 0x0000003c, 0x0000003d, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x00000000, -0x00000001, 0x00000002, 0x00000003, 0x00000004, 0x00000005, 0x00000006, -0x00000007, 0x00000008, 0x00000009, 0x0000000a, 0x0000000b, 0x0000000c, -0x0000000d, 0x0000000e, 0x0000000f, 0x00000010, 0x00000011, 0x00000012, -0x00000013, 0x00000014, 0x00000015, 0x00000016, 0x00000017, 0x00000018, -0x00000019, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x0000001a, 0x0000001b, 0x0000001c, 0x0000001d, 0x0000001e, -0x0000001f, 0x00000020, 0x00000021, 0x00000022, 0x00000023, 0x00000024, -0x00000025, 0x00000026, 0x00000027, 0x00000028, 0x00000029, 0x0000002a, -0x0000002b, 0x0000002c, 0x0000002d, 0x0000002e, 0x0000002f, 0x00000030, -0x00000031, 0x00000032, 0x00000033, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff -}; - - -#else - - -/* SPECIAL DECODE TABLES FOR LITTLE ENDIAN (INTEL) CPUS */ - -static const uint32_t d0[256] = { -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x000000f8, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x000000fc, -0x000000d0, 0x000000d4, 0x000000d8, 0x000000dc, 0x000000e0, 0x000000e4, -0x000000e8, 0x000000ec, 0x000000f0, 0x000000f4, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x00000000, -0x00000004, 0x00000008, 0x0000000c, 0x00000010, 0x00000014, 0x00000018, -0x0000001c, 0x00000020, 0x00000024, 0x00000028, 0x0000002c, 0x00000030, -0x00000034, 0x00000038, 0x0000003c, 0x00000040, 0x00000044, 0x00000048, -0x0000004c, 0x00000050, 0x00000054, 0x00000058, 0x0000005c, 0x00000060, -0x00000064, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x00000068, 0x0000006c, 0x00000070, 0x00000074, 0x00000078, -0x0000007c, 0x00000080, 0x00000084, 0x00000088, 0x0000008c, 0x00000090, -0x00000094, 0x00000098, 0x0000009c, 0x000000a0, 0x000000a4, 0x000000a8, -0x000000ac, 0x000000b0, 0x000000b4, 0x000000b8, 0x000000bc, 0x000000c0, -0x000000c4, 0x000000c8, 0x000000cc, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff -}; - - -static const uint32_t d1[256] = { -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x0000e003, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x0000f003, -0x00004003, 0x00005003, 0x00006003, 0x00007003, 0x00008003, 0x00009003, -0x0000a003, 0x0000b003, 0x0000c003, 0x0000d003, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x00000000, -0x00001000, 0x00002000, 0x00003000, 0x00004000, 0x00005000, 0x00006000, -0x00007000, 0x00008000, 0x00009000, 0x0000a000, 0x0000b000, 0x0000c000, -0x0000d000, 0x0000e000, 0x0000f000, 0x00000001, 0x00001001, 0x00002001, -0x00003001, 0x00004001, 0x00005001, 0x00006001, 0x00007001, 0x00008001, -0x00009001, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x0000a001, 0x0000b001, 0x0000c001, 0x0000d001, 0x0000e001, -0x0000f001, 0x00000002, 0x00001002, 0x00002002, 0x00003002, 0x00004002, -0x00005002, 0x00006002, 0x00007002, 0x00008002, 0x00009002, 0x0000a002, -0x0000b002, 0x0000c002, 0x0000d002, 0x0000e002, 0x0000f002, 0x00000003, -0x00001003, 0x00002003, 0x00003003, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff -}; - - -static const uint32_t d2[256] = { -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x00800f00, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x00c00f00, -0x00000d00, 0x00400d00, 0x00800d00, 0x00c00d00, 0x00000e00, 0x00400e00, -0x00800e00, 0x00c00e00, 0x00000f00, 0x00400f00, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x00000000, -0x00400000, 0x00800000, 0x00c00000, 0x00000100, 0x00400100, 0x00800100, -0x00c00100, 0x00000200, 0x00400200, 0x00800200, 0x00c00200, 0x00000300, -0x00400300, 0x00800300, 0x00c00300, 0x00000400, 0x00400400, 0x00800400, -0x00c00400, 0x00000500, 0x00400500, 0x00800500, 0x00c00500, 0x00000600, -0x00400600, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x00800600, 0x00c00600, 0x00000700, 0x00400700, 0x00800700, -0x00c00700, 0x00000800, 0x00400800, 0x00800800, 0x00c00800, 0x00000900, -0x00400900, 0x00800900, 0x00c00900, 0x00000a00, 0x00400a00, 0x00800a00, -0x00c00a00, 0x00000b00, 0x00400b00, 0x00800b00, 0x00c00b00, 0x00000c00, -0x00400c00, 0x00800c00, 0x00c00c00, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff -}; - - -static const uint32_t d3[256] = { -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x003e0000, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x003f0000, -0x00340000, 0x00350000, 0x00360000, 0x00370000, 0x00380000, 0x00390000, -0x003a0000, 0x003b0000, 0x003c0000, 0x003d0000, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x00000000, -0x00010000, 0x00020000, 0x00030000, 0x00040000, 0x00050000, 0x00060000, -0x00070000, 0x00080000, 0x00090000, 0x000a0000, 0x000b0000, 0x000c0000, -0x000d0000, 0x000e0000, 0x000f0000, 0x00100000, 0x00110000, 0x00120000, -0x00130000, 0x00140000, 0x00150000, 0x00160000, 0x00170000, 0x00180000, -0x00190000, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x001a0000, 0x001b0000, 0x001c0000, 0x001d0000, 0x001e0000, -0x001f0000, 0x00200000, 0x00210000, 0x00220000, 0x00230000, 0x00240000, -0x00250000, 0x00260000, 0x00270000, 0x00280000, 0x00290000, 0x002a0000, -0x002b0000, 0x002c0000, 0x002d0000, 0x002e0000, 0x002f0000, 0x00300000, -0x00310000, 0x00320000, 0x00330000, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff, -0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff -}; - - -#endif @@ -203,15 +203,15 @@ SHA256_Pad(SHA256_CTX * ctx) /* Add 1--64 bytes so that the resulting length is 56 mod 64 */ r = (ctx->count[1] >> 3) & 0x3f; plen = (r < 56) ? (56 - r) : (120 - r); - SHA256_Update(ctx, PAD, (size_t)plen); + libscrypt_SHA256_Update(ctx, PAD, (size_t)plen); /* Add the terminating bit-count */ - SHA256_Update(ctx, len, 8); + libscrypt_SHA256_Update(ctx, len, 8); } /* SHA-256 initialization. Begins a SHA-256 operation. */ void -SHA256_Init(SHA256_CTX * ctx) +libscrypt_SHA256_Init(SHA256_CTX * ctx) { /* Zero bits processed so far */ @@ -230,7 +230,7 @@ SHA256_Init(SHA256_CTX * ctx) /* Add bytes into the hash */ void -SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len) +libscrypt_SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len) { uint32_t bitlen[2]; uint32_t r; @@ -276,7 +276,7 @@ SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len) * and clears the context state. */ void -SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx) +libscrypt_SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx) { /* Add padding */ @@ -291,7 +291,7 @@ SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx) /* Initialize an HMAC-SHA256 operation with the given key. */ void -HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen) +libscrypt_HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen) { unsigned char pad[64]; unsigned char khash[32]; @@ -300,26 +300,26 @@ HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen) /* If Klen > 64, the key is really SHA256(K). */ if (Klen > 64) { - SHA256_Init(&ctx->ictx); - SHA256_Update(&ctx->ictx, K, Klen); - SHA256_Final(khash, &ctx->ictx); + libscrypt_SHA256_Init(&ctx->ictx); + libscrypt_SHA256_Update(&ctx->ictx, K, Klen); + libscrypt_SHA256_Final(khash, &ctx->ictx); K = khash; Klen = 32; } /* Inner SHA256 operation is SHA256(K xor [block of 0x36] || data). */ - SHA256_Init(&ctx->ictx); + libscrypt_SHA256_Init(&ctx->ictx); memset(pad, 0x36, 64); for (i = 0; i < Klen; i++) pad[i] ^= K[i]; - SHA256_Update(&ctx->ictx, pad, 64); + libscrypt_SHA256_Update(&ctx->ictx, pad, 64); /* Outer SHA256 operation is SHA256(K xor [block of 0x5c] || hash). */ - SHA256_Init(&ctx->octx); + libscrypt_SHA256_Init(&ctx->octx); memset(pad, 0x5c, 64); for (i = 0; i < Klen; i++) pad[i] ^= K[i]; - SHA256_Update(&ctx->octx, pad, 64); + libscrypt_SHA256_Update(&ctx->octx, pad, 64); /* Clean the stack. */ memset(khash, 0, 32); @@ -327,27 +327,27 @@ HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen) /* Add bytes to the HMAC-SHA256 operation. */ void -HMAC_SHA256_Update(HMAC_SHA256_CTX * ctx, const void *in, size_t len) +libscrypt_HMAC_SHA256_Update(HMAC_SHA256_CTX * ctx, const void *in, size_t len) { /* Feed data to the inner SHA256 operation. */ - SHA256_Update(&ctx->ictx, in, len); + libscrypt_SHA256_Update(&ctx->ictx, in, len); } /* Finish an HMAC-SHA256 operation. */ void -HMAC_SHA256_Final(unsigned char digest[32], HMAC_SHA256_CTX * ctx) +libscrypt_HMAC_SHA256_Final(unsigned char digest[32], HMAC_SHA256_CTX * ctx) { unsigned char ihash[32]; /* Finish the inner SHA256 operation. */ - SHA256_Final(ihash, &ctx->ictx); + libscrypt_SHA256_Final(ihash, &ctx->ictx); /* Feed the inner hash to the outer SHA256 operation. */ - SHA256_Update(&ctx->octx, ihash, 32); + libscrypt_SHA256_Update(&ctx->octx, ihash, 32); /* Finish the outer SHA256 operation. */ - SHA256_Final(digest, &ctx->octx); + libscrypt_SHA256_Final(digest, &ctx->octx); /* Clean the stack. */ memset(ihash, 0, 32); @@ -359,7 +359,7 @@ HMAC_SHA256_Final(unsigned char digest[32], HMAC_SHA256_CTX * ctx) * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). */ void -PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt, +libscrypt_PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt, size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen) { HMAC_SHA256_CTX PShctx, hctx; @@ -372,8 +372,8 @@ PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt, size_t clen; /* Compute HMAC state after processing P and S. */ - HMAC_SHA256_Init(&PShctx, passwd, passwdlen); - HMAC_SHA256_Update(&PShctx, salt, saltlen); + libscrypt_HMAC_SHA256_Init(&PShctx, passwd, passwdlen); + libscrypt_HMAC_SHA256_Update(&PShctx, salt, saltlen); /* Iterate through the blocks. */ for (i = 0; i * 32 < dkLen; i++) { @@ -382,17 +382,17 @@ PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt, /* Compute U_1 = PRF(P, S || INT(i)). */ memcpy(&hctx, &PShctx, sizeof(HMAC_SHA256_CTX)); - HMAC_SHA256_Update(&hctx, ivec, 4); - HMAC_SHA256_Final(U, &hctx); + libscrypt_HMAC_SHA256_Update(&hctx, ivec, 4); + libscrypt_HMAC_SHA256_Final(U, &hctx); /* T_i = U_1 ... */ memcpy(T, U, 32); for (j = 2; j <= c; j++) { /* Compute U_j. */ - HMAC_SHA256_Init(&hctx, passwd, passwdlen); - HMAC_SHA256_Update(&hctx, U, 32); - HMAC_SHA256_Final(U, &hctx); + libscrypt_HMAC_SHA256_Init(&hctx, passwd, passwdlen); + libscrypt_HMAC_SHA256_Update(&hctx, U, 32); + libscrypt_HMAC_SHA256_Final(U, &hctx); /* ... xor U_j ... */ for (k = 0; k < 32; k++) @@ -33,38 +33,38 @@ #include <stdint.h> -typedef struct SHA256Context { +typedef struct libscrypt_SHA256Context { uint32_t state[8]; uint32_t count[2]; unsigned char buf[64]; } SHA256_CTX; -typedef struct HMAC_SHA256Context { +typedef struct libscrypt_HMAC_SHA256Context { SHA256_CTX ictx; SHA256_CTX octx; } HMAC_SHA256_CTX; -void SHA256_Init(/*@out@*/ SHA256_CTX *); -void SHA256_Update(SHA256_CTX *, const void *, size_t); +void libscrypt_SHA256_Init(/*@out@*/ SHA256_CTX *); +void libscrypt_SHA256_Update(SHA256_CTX *, const void *, size_t); /* Original declaration: * void SHA256_Final(unsigned char [32], SHA256_CTX *); */ -void SHA256_Final(/*@out@*/ unsigned char [], SHA256_CTX *); -void HMAC_SHA256_Init(HMAC_SHA256_CTX *, const void *, size_t); -void HMAC_SHA256_Update(HMAC_SHA256_CTX *, const void *, size_t); +void libscrypt_SHA256_Final(/*@out@*/ unsigned char [], SHA256_CTX *); +void libscrypt_HMAC_SHA256_Init(HMAC_SHA256_CTX *, const void *, size_t); +void libscrypt_HMAC_SHA256_Update(HMAC_SHA256_CTX *, const void *, size_t); /* Original declaration: * void HMAC_SHA256_Final(unsigned char [32], HMAC_SHA256_CTX *); */ -void HMAC_SHA256_Final(unsigned char [], HMAC_SHA256_CTX *); +void libscrypt_HMAC_SHA256_Final(unsigned char [], HMAC_SHA256_CTX *); /** * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). */ -void PBKDF2_SHA256(const uint8_t *, size_t, const uint8_t *, size_t, +void libscrypt_PBKDF2_SHA256(const uint8_t *, size_t, const uint8_t *, size_t, uint64_t, uint8_t *, size_t); #endif /* !_SHA256_H_ */ diff --git a/slowequals.c b/slowequals.c new file mode 100644 index 0000000..48e488e --- /dev/null +++ b/slowequals.c @@ -0,0 +1,26 @@ +#include <string.h> + +/* Implements a constant time version of strcmp() + * Will return 1 if a and b are equal, 0 if they are not */ +int slow_equals(const char* a, const char* b) +{ + size_t lena, lenb, diff, i; + lena = strlen(a); + lenb = strlen(b); + diff = strlen(a) ^ strlen(b); + + for(i=0; i<lena && i<lenb; i++) + { + diff |= a[i] ^ b[i]; + } + if (diff == 0) + { + return 1; + } + else + { + return 0; + } +} + + diff --git a/slowequals.h b/slowequals.h new file mode 100644 index 0000000..9e8e321 --- /dev/null +++ b/slowequals.h @@ -0,0 +1,5 @@ + +/* Implements a constant time version of strcmp() + * Will return 1 if a and b are equal, 0 if they are not */ +int slow_equals(const char* a, const char* b); + diff --git a/sysendian.h b/sysendian.h index 5ecb505..af1ecdc 100644 --- a/sysendian.h +++ b/sysendian.h @@ -42,8 +42,13 @@ #else #include <stdint.h> +#ifdef _MSC_VER + #define INLINE __inline +#else + #define INLINE inline +#endif -static inline uint32_t +static INLINE uint32_t be32dec(const void *pp) { const uint8_t *p = (uint8_t const *)pp; @@ -52,7 +57,7 @@ be32dec(const void *pp) ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24)); } -static inline void +static INLINE void be32enc(void *pp, uint32_t x) { uint8_t * p = (uint8_t *)pp; @@ -63,7 +68,7 @@ be32enc(void *pp, uint32_t x) p[0] = (x >> 24) & 0xff; } -static inline uint64_t +static INLINE uint64_t be64dec(const void *pp) { const uint8_t *p = (uint8_t const *)pp; @@ -74,7 +79,7 @@ be64dec(const void *pp) ((uint64_t)(p[1]) << 48) + ((uint64_t)(p[0]) << 56)); } -static inline void +static INLINE void be64enc(void *pp, uint64_t x) { uint8_t * p = (uint8_t *)pp; @@ -89,7 +94,7 @@ be64enc(void *pp, uint64_t x) p[0] = (x >> 56) & 0xff; } -static inline uint32_t +static INLINE uint32_t le32dec(const void *pp) { const uint8_t *p = (uint8_t const *)pp; @@ -98,7 +103,7 @@ le32dec(const void *pp) ((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24)); } -static inline void +static INLINE void le32enc(void *pp, uint32_t x) { uint8_t * p = (uint8_t *)pp; @@ -109,7 +114,7 @@ le32enc(void *pp, uint32_t x) p[3] = (x >> 24) & 0xff; } -static inline uint64_t +static INLINE uint64_t le64dec(const void *pp) { const uint8_t *p = (uint8_t const *)pp; @@ -120,7 +125,7 @@ le64dec(const void *pp) ((uint64_t)(p[6]) << 48) + ((uint64_t)(p[7]) << 56)); } -static inline void +static INLINE void le64enc(void *pp, uint64_t x) { uint8_t * p = (uint8_t *)pp; |