[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS gsasl/lib/gl
From: |
gsasl-commit |
Subject: |
CVS gsasl/lib/gl |
Date: |
Sun, 23 Oct 2005 14:18:21 +0200 |
Update of /home/cvs/gsasl/lib/gl
In directory dopio:/tmp/cvs-serv18728/gl
Modified Files:
Makefile.am gc-gnulib.c gc-libgcrypt.c gc.h hmac-md5.c
Log Message:
Update.
--- /home/cvs/gsasl/lib/gl/Makefile.am 2005/10/12 01:24:26 1.29
+++ /home/cvs/gsasl/lib/gl/Makefile.am 2005/10/23 12:18:21 1.30
@@ -46,7 +46,11 @@
## begin gnulib module gc
+if GL_COND_LIBTOOL
+libgl_la_LIBADD += $(LTLIBGCRYPT)
+else
libgl_la_LIBADD += $(LIBGCRYPT)
+endif
## end gnulib module gc
--- /home/cvs/gsasl/lib/gl/gc-gnulib.c 2005/10/17 11:05:06 1.7
+++ /home/cvs/gsasl/lib/gl/gc-gnulib.c 2005/10/23 12:18:21 1.8
@@ -25,7 +25,7 @@
#endif
/* Get prototype. */
-#include <gc.h>
+#include "gc.h"
#include <stdlib.h>
#include <string.h>
@@ -37,6 +37,10 @@
#include <fcntl.h>
#include <errno.h>
+/* Hashes. */
+#ifdef GC_USE_MD4
+# include "md4.h"
+#endif
#ifdef GC_USE_MD5
# include "md5.h"
#endif
@@ -47,6 +51,20 @@
# include "hmac.h"
#endif
+/* Ciphers. */
+#ifdef GC_USE_ARCFOUR
+# include "arcfour.h"
+#endif
+#ifdef GC_USE_ARCTWO
+# include "arctwo.h"
+#endif
+#ifdef GC_USE_DES
+# include "des.h"
+#endif
+#ifdef GC_USE_RIJNDAEL
+# include "rijndael-api-fst.h"
+#endif
+
Gc_rc
gc_init (void)
{
@@ -141,14 +159,584 @@
{
return;
}
+/* Ciphers. */
+
+typedef struct _gc_cipher_ctx {
+ Gc_cipher alg;
+ Gc_cipher_mode mode;
+#ifdef GC_USE_ARCTWO
+ arctwo_context arctwoContext;
+ char arctwoIV[ARCTWO_BLOCK_SIZE];
+#endif
+#ifdef GC_USE_ARCFOUR
+ arcfour_context arcfourContext;
+#endif
+#ifdef GC_USE_DES
+ des_ctx desContext;
+#endif
+#ifdef GC_USE_RIJNDAEL
+ rijndaelKeyInstance aesEncKey;
+ rijndaelKeyInstance aesDecKey;
+ rijndaelCipherInstance aesContext;
+#endif
+} _gc_cipher_ctx;
+
+Gc_rc
+gc_cipher_open (Gc_cipher alg, Gc_cipher_mode mode,
+ gc_cipher_handle * outhandle)
+{
+ _gc_cipher_ctx *ctx;
+ Gc_rc rc = GC_OK;
+
+ ctx = calloc (sizeof (*ctx), 1);
+
+ ctx->alg = alg;
+ ctx->mode = mode;
+
+ switch (alg)
+ {
+#ifdef GC_USE_ARCTWO
+ case GC_ARCTWO40:
+ switch (mode)
+ {
+ case GC_ECB:
+ case GC_CBC:
+ break;
+
+ default:
+ rc = GC_INVALID_CIPHER;
+ }
+ break;
+#endif
+
+#ifdef GC_USE_ARCFOUR
+ case GC_ARCFOUR128:
+ case GC_ARCFOUR40:
+ switch (mode)
+ {
+ case GC_STREAM:
+ break;
+
+ default:
+ rc = GC_INVALID_CIPHER;
+ }
+ break;
+#endif
+
+#ifdef GC_USE_DES
+ case GC_DES:
+ switch (mode)
+ {
+ case GC_ECB:
+ break;
+
+ default:
+ rc = GC_INVALID_CIPHER;
+ }
+ break;
+#endif
+
+#ifdef GC_USE_RIJNDAEL
+ case GC_AES128:
+ case GC_AES192:
+ case GC_AES256:
+ switch (mode)
+ {
+ case GC_ECB:
+ case GC_CBC:
+ break;
+
+ default:
+ rc = GC_INVALID_CIPHER;
+ }
+ break;
+#endif
+
+ default:
+ rc = GC_INVALID_CIPHER;
+ }
+
+ if (rc == GC_OK)
+ *outhandle = ctx;
+ else
+ free (ctx);
+
+ return rc;
+}
+
+Gc_rc
+gc_cipher_setkey (gc_cipher_handle handle, size_t keylen, const char *key)
+{
+ _gc_cipher_ctx *ctx = handle;
+
+ switch (ctx->alg)
+ {
+#ifdef GC_USE_ARCTWO
+ case GC_ARCTWO40:
+ arctwo_setkey (&ctx->arctwoContext, keylen, key);
+ break;
+#endif
+
+#ifdef GC_USE_ARCFOUR
+ case GC_ARCFOUR128:
+ case GC_ARCFOUR40:
+ arcfour_setkey (&ctx->arcfourContext, key, keylen);
+ break;
+#endif
+
+#ifdef GC_USE_DES
+ case GC_DES:
+ if (keylen != 8)
+ return GC_INVALID_CIPHER;
+ des_setkey (&ctx->desContext, key);
+ break;
+#endif
+
+#ifdef GC_USE_RIJNDAEL
+ case GC_AES128:
+ case GC_AES192:
+ case GC_AES256:
+ {
+ rijndael_rc rc;
+ size_t i;
+ char keyMaterial[RIJNDAEL_MAX_KEY_SIZE + 1];
+
+ for (i = 0; i < keylen; i++)
+ sprintf (&keyMaterial[2*i], "%02x", key[i] & 0xFF);
+
+ rc = rijndaelMakeKey (&ctx->aesEncKey, RIJNDAEL_DIR_ENCRYPT,
+ keylen * 8, keyMaterial);
+ if (rc < 0)
+ return GC_INVALID_CIPHER;
+
+ rc = rijndaelMakeKey (&ctx->aesDecKey, RIJNDAEL_DIR_DECRYPT,
+ keylen * 8, keyMaterial);
+ if (rc < 0)
+ return GC_INVALID_CIPHER;
+
+ rc = rijndaelCipherInit (&ctx->aesContext, RIJNDAEL_MODE_ECB, NULL);
+ if (rc < 0)
+ return GC_INVALID_CIPHER;
+ }
+ break;
+#endif
+
+ default:
+ return GC_INVALID_CIPHER;
+ }
+
+ return GC_OK;
+}
+
+Gc_rc
+gc_cipher_setiv (gc_cipher_handle handle, size_t ivlen, const char *iv)
+{
+ _gc_cipher_ctx *ctx = handle;
+
+ switch (ctx->alg)
+ {
+#ifdef GC_USE_ARCTWO
+ case GC_ARCTWO40:
+ if (ivlen != ARCTWO_BLOCK_SIZE)
+ return GC_INVALID_CIPHER;
+ memcpy (ctx->arctwoIV, iv, ivlen);
+ break;
+#endif
+
+#ifdef GC_USE_RIJNDAEL
+ case GC_AES128:
+ case GC_AES192:
+ case GC_AES256:
+ switch (ctx->mode)
+ {
+ case GC_ECB:
+ /* Doesn't use IV. */
+ break;
+
+ case GC_CBC:
+ {
+ rijndael_rc rc;
+ size_t i;
+ char ivMaterial[2 * RIJNDAEL_MAX_IV_SIZE + 1];
+
+ for (i = 0; i < ivlen; i++)
+ sprintf (&ivMaterial[2*i], "%02x", iv[i] & 0xFF);
+
+ rc = rijndaelCipherInit (&ctx->aesContext, RIJNDAEL_MODE_CBC,
+ ivMaterial);
+ if (rc < 0)
+ return GC_INVALID_CIPHER;
+ }
+ break;
+
+ default:
+ return GC_INVALID_CIPHER;
+ }
+ break;
+#endif
+
+ default:
+ return GC_INVALID_CIPHER;
+ }
+
+ return GC_OK;
+}
+
+Gc_rc
+gc_cipher_encrypt_inline (gc_cipher_handle handle, size_t len, char *data)
+{
+ _gc_cipher_ctx *ctx = handle;
+
+ switch (ctx->alg)
+ {
+#ifdef GC_USE_ARCTWO
+ case GC_ARCTWO40:
+ switch (ctx->mode)
+ {
+ case GC_ECB:
+ arctwo_encrypt (&ctx->arctwoContext, data, data, len);
+ break;
+
+ case GC_CBC:
+ for (; len >= ARCTWO_BLOCK_SIZE; len -= ARCTWO_BLOCK_SIZE,
+ data += ARCTWO_BLOCK_SIZE)
+ {
+ size_t i;
+ for (i = 0; i < ARCTWO_BLOCK_SIZE; i++)
+ data[i] ^= ctx->arctwoIV[i];
+ arctwo_encrypt (&ctx->arctwoContext, data, data,
+ ARCTWO_BLOCK_SIZE);
+ memcpy (ctx->arctwoIV, data, ARCTWO_BLOCK_SIZE);
+ }
+ break;
+
+ default:
+ return GC_INVALID_CIPHER;
+ }
+ break;
+#endif
+
+#ifdef GC_USE_ARCFOUR
+ case GC_ARCFOUR128:
+ case GC_ARCFOUR40:
+ arcfour_stream (&ctx->arcfourContext, data, data, len);
+ break;
+#endif
+
+#ifdef GC_USE_DES
+ case GC_DES:
+ for (; len >= 8; len -= 8, data += 8)
+ des_ecb_encrypt (&ctx->desContext, data, data);
+ break;
+#endif
+
+#ifdef GC_USE_RIJNDAEL
+ case GC_AES128:
+ case GC_AES192:
+ case GC_AES256:
+ {
+ int nblocks;
+
+ nblocks = rijndaelBlockEncrypt (&ctx->aesContext, &ctx->aesEncKey,
+ data, 8 * len, data);
+ if (nblocks < 0)
+ return GC_INVALID_CIPHER;
+ }
+ break;
+#endif
+
+ default:
+ return GC_INVALID_CIPHER;
+ }
+
+ return GC_OK;
+}
+
+Gc_rc
+gc_cipher_decrypt_inline (gc_cipher_handle handle, size_t len, char *data)
+{
+ _gc_cipher_ctx *ctx = handle;
+
+ switch (ctx->alg)
+ {
+#ifdef GC_USE_ARCTWO
+ case GC_ARCTWO40:
+ switch (ctx->mode)
+ {
+ case GC_ECB:
+ arctwo_decrypt (&ctx->arctwoContext, data, data, len);
+ break;
+
+ case GC_CBC:
+ for (; len >= ARCTWO_BLOCK_SIZE; len -= ARCTWO_BLOCK_SIZE,
+ data += ARCTWO_BLOCK_SIZE)
+ {
+ char tmpIV[ARCTWO_BLOCK_SIZE];
+ size_t i;
+ memcpy (tmpIV, data, ARCTWO_BLOCK_SIZE);
+ arctwo_decrypt (&ctx->arctwoContext, data, data,
+ ARCTWO_BLOCK_SIZE);
+ for (i = 0; i < ARCTWO_BLOCK_SIZE; i++)
+ data[i] ^= ctx->arctwoIV[i];
+ memcpy (ctx->arctwoIV, tmpIV, ARCTWO_BLOCK_SIZE);
+ }
+ break;
+
+ default:
+ return GC_INVALID_CIPHER;
+ }
+ break;
+#endif
+
+#ifdef GC_USE_ARCFOUR
+ case GC_ARCFOUR128:
+ case GC_ARCFOUR40:
+ arcfour_stream (&ctx->arcfourContext, data, data, len);
+ break;
+#endif
+
+#ifdef GC_USE_DES
+ case GC_DES:
+ for (; len >= 8; len -= 8, data += 8)
+ des_ecb_decrypt (&ctx->desContext, data, data);
+ break;
+#endif
+
+#ifdef GC_USE_RIJNDAEL
+ case GC_AES128:
+ case GC_AES192:
+ case GC_AES256:
+ {
+ int nblocks;
+
+ nblocks = rijndaelBlockDecrypt (&ctx->aesContext, &ctx->aesDecKey,
+ data, 8 * len, data);
+ if (nblocks < 0)
[244 lines skipped]
--- /home/cvs/gsasl/lib/gl/gc-libgcrypt.c 2005/10/17 10:54:05 1.5
+++ /home/cvs/gsasl/lib/gl/gc-libgcrypt.c 2005/10/23 12:18:21 1.6
@@ -105,14 +105,18 @@
switch (alg)
{
- case GC_AES256:
- gcryalg = GCRY_CIPHER_RIJNDAEL256;
+ case GC_AES128:
+ gcryalg = GCRY_CIPHER_RIJNDAEL;
break;
- case GC_AES128:
+ case GC_AES192:
gcryalg = GCRY_CIPHER_RIJNDAEL;
break;
+ case GC_AES256:
+ gcryalg = GCRY_CIPHER_RIJNDAEL256;
+ break;
+
case GC_3DES:
gcryalg = GCRY_CIPHER_3DES;
break;
@@ -136,6 +140,10 @@
switch (mode)
{
+ case GC_ECB:
+ gcrymode = GCRY_CIPHER_MODE_ECB;
+ break;
+
case GC_CBC:
gcrymode = GCRY_CIPHER_MODE_CBC;
break;
@@ -211,12 +219,138 @@
/* Hashes. */
Gc_rc
+gc_hash_open (Gc_hash hash, Gc_hash_mode mode, gc_hash_handle * outhandle)
+{
+ int gcryalg, gcrymode;
+ gcry_error_t err;
+
+ switch (hash)
+ {
+ case GC_MD4:
+ gcryalg = GCRY_MD_MD4;
+ break;
+
+ case GC_MD5:
+ gcryalg = GCRY_MD_MD5;
+ break;
+
+ case GC_SHA1:
+ gcryalg = GCRY_MD_SHA1;
+ break;
+
+ case GC_RMD160:
+ gcryalg = GCRY_MD_RMD160;
+ break;
+
+ default:
+ return GC_INVALID_HASH;
+ }
+
+ switch (mode)
+ {
+ case 0:
+ gcrymode = 0;
+ break;
+
+ case GC_HMAC:
+ gcrymode = GCRY_MD_FLAG_HMAC;
+ break;
+
+ default:
+ return GC_INVALID_HASH;
+ }
+
+ err = gcry_md_open ((gcry_md_hd_t *) outhandle, gcryalg, gcrymode);
+ if (gcry_err_code (err))
+ return GC_INVALID_HASH;
+
+ return GC_OK;
+}
+
+Gc_rc
+gc_hash_clone (gc_hash_handle handle, gc_hash_handle * outhandle)
+{
+ int err;
+
+ err = gcry_md_copy ((gcry_md_hd_t *) outhandle, (gcry_md_hd_t) handle);
+ if (err)
+ return GC_INVALID_HASH;
+
+ return GC_OK;
+}
+
+size_t
+gc_hash_digest_length (Gc_hash hash)
+{
+ int gcryalg;
+
+ switch (hash)
+ {
+ case GC_MD4:
+ gcryalg = GCRY_MD_MD4;
+ break;
+
+ case GC_MD5:
+ gcryalg = GCRY_MD_MD5;
+ break;
+
+ case GC_SHA1:
+ gcryalg = GCRY_MD_SHA1;
+ break;
+
+ case GC_RMD160:
+ gcryalg = GCRY_MD_RMD160;
+ break;
+
+ default:
+ return 0;
+ }
+
+ return gcry_md_get_algo_dlen (gcryalg);
+}
+
+void
+gc_hash_hmac_setkey (gc_hash_handle handle, size_t len, const char *key)
+{
+ gcry_md_setkey ((gcry_md_hd_t) handle, key, len);
+}
+
+void
+gc_hash_write (gc_hash_handle handle, size_t len, const char *data)
+{
+ gcry_md_write ((gcry_md_hd_t) handle, data, len);
+}
+
+const char *
+gc_hash_read (gc_hash_handle handle)
+{
+ const char *digest;
+
+ gcry_md_final ((gcry_md_hd_t) handle);
+ digest = gcry_md_read ((gcry_md_hd_t) handle, 0);
+
+ return digest;
+}
+
+void
+gc_hash_close (gc_hash_handle handle)
+{
+ gcry_md_close ((gcry_md_hd_t) handle);
+}
+
+Gc_rc
gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *resbuf)
{
int gcryalg;
switch (hash)
{
+#ifdef GC_USE_MD4
+ case GC_MD4:
+ gcryalg = GCRY_MD_MD4;
+ break;
+#endif
+
#ifdef GC_USE_MD5
case GC_MD5:
gcryalg = GCRY_MD_MD5;
@@ -229,6 +363,12 @@
break;
#endif
+#ifdef GC_USE_RMD160
+ case GC_RMD160:
+ gcryalg = GCRY_MD_RMD160;
+ break;
+#endif
+
default:
return GC_INVALID_HASH;
}
@@ -240,6 +380,38 @@
/* One-call interface. */
+#ifdef GC_USE_MD4
+Gc_rc
+gc_md4 (const void *in, size_t inlen, void *resbuf)
+{
+ size_t outlen = gcry_md_get_algo_dlen (GCRY_MD_MD4);
+ gcry_md_hd_t hd;
+ gpg_error_t err;
+ unsigned char *p;
+
+ assert (outlen == GC_MD4_DIGEST_SIZE);
+
+ err = gcry_md_open (&hd, GCRY_MD_MD4, 0);
+ if (err != GPG_ERR_NO_ERROR)
+ return GC_INVALID_HASH;
+
+ gcry_md_write (hd, in, inlen);
+
+ p = gcry_md_read (hd, GCRY_MD_MD4);
+ if (p == NULL)
+ {
+ gcry_md_close (hd);
+ return GC_INVALID_HASH;
+ }
+
+ memcpy (resbuf, p, outlen);
+
+ gcry_md_close (hd);
+
+ return GC_OK;
+}
+#endif
+
#ifdef GC_USE_MD5
Gc_rc
gc_md5 (const void *in, size_t inlen, void *resbuf)
@@ -354,7 +526,7 @@
unsigned char *hash;
gpg_error_t err;
- assert (hlen == 16);
+ assert (hlen == GC_SHA1_DIGEST_SIZE);
err = gcry_md_open (&mdh, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
if (err != GPG_ERR_NO_ERROR)
--- /home/cvs/gsasl/lib/gl/gc.h 2005/10/17 10:54:05 1.4
+++ /home/cvs/gsasl/lib/gl/gc.h 2005/10/23 12:18:21 1.5
@@ -25,49 +25,62 @@
# include <stddef.h>
enum Gc_rc
- {
- GC_OK = 0,
- GC_MALLOC_ERROR,
- GC_INIT_ERROR,
- GC_RANDOM_ERROR,
- GC_INVALID_CIPHER,
- GC_INVALID_HASH,
- GC_PKCS5_INVALID_ITERATION_COUNT,
- GC_PKCS5_INVALID_DERIVED_KEY_LENGTH,
- GC_PKCS5_DERIVED_KEY_TOO_LONG
- };
+{
+ GC_OK = 0,
+ GC_MALLOC_ERROR,
+ GC_INIT_ERROR,
+ GC_RANDOM_ERROR,
+ GC_INVALID_CIPHER,
+ GC_INVALID_HASH,
+ GC_PKCS5_INVALID_ITERATION_COUNT,
+ GC_PKCS5_INVALID_DERIVED_KEY_LENGTH,
+ GC_PKCS5_DERIVED_KEY_TOO_LONG
+};
typedef enum Gc_rc Gc_rc;
/* Hash types. */
enum Gc_hash
- {
- GC_MD5,
- GC_SHA1
- };
+{
+ GC_MD4,
+ GC_MD5,
+ GC_SHA1,
+ GC_MD2,
+ GC_RMD160
+};
typedef enum Gc_hash Gc_hash;
+enum Gc_hash_mode
+{
+ GC_HMAC = 1
+};
+typedef enum Gc_hash_mode Gc_hash_mode;
+
+typedef void *gc_hash_handle;
+
+#define GC_MD4_DIGEST_SIZE 16
#define GC_MD5_DIGEST_SIZE 16
#define GC_SHA1_DIGEST_SIZE 20
/* Cipher types. */
enum Gc_cipher
- {
- GC_AES128,
- GC_AES192,
- GC_AES256,
- GC_3DES,
- GC_DES,
- GC_ARCFOUR128,
- GC_ARCFOUR40,
- GC_ARCTWO40
- };
+{
+ GC_AES128,
+ GC_AES192,
+ GC_AES256,
+ GC_3DES,
+ GC_DES,
+ GC_ARCFOUR128,
+ GC_ARCFOUR40,
+ GC_ARCTWO40
+};
typedef enum Gc_cipher Gc_cipher;
enum Gc_cipher_mode
- {
- GC_CBC,
- GC_STREAM
- };
+{
+ GC_ECB,
+ GC_CBC,
+ GC_STREAM
+};
typedef enum Gc_cipher_mode Gc_cipher_mode;
typedef void *gc_cipher_handle;
@@ -87,9 +100,14 @@
gc_realloc_t func_realloc,
gc_free_t func_free);
+/* Randomness. */
+extern Gc_rc gc_nonce (char *data, size_t datalen);
+extern Gc_rc gc_pseudo_random (char *data, size_t datalen);
+extern Gc_rc gc_random (char *data, size_t datalen);
+
/* Ciphers. */
extern Gc_rc gc_cipher_open (Gc_cipher cipher, Gc_cipher_mode mode,
- gc_cipher_handle * outhandle);
+ gc_cipher_handle *outhandle);
extern Gc_rc gc_cipher_setkey (gc_cipher_handle handle,
size_t keylen, const char *key);
extern Gc_rc gc_cipher_setiv (gc_cipher_handle handle,
@@ -102,6 +120,17 @@
/* Hashes. */
+extern Gc_rc gc_hash_open (Gc_hash hash, Gc_hash_mode mode,
+ gc_hash_handle *outhandle);
+extern Gc_rc gc_hash_clone (gc_hash_handle handle, gc_hash_handle *outhandle);
+extern size_t gc_hash_digest_length (Gc_hash hash);
+extern void gc_hash_hmac_setkey (gc_hash_handle handle,
+ size_t len, const char *key);
+extern void gc_hash_write (gc_hash_handle handle,
+ size_t len, const char *data);
+extern const char *gc_hash_read (gc_hash_handle handle);
+extern void gc_hash_close (gc_hash_handle handle);
+
/* Compute a hash value over buffer IN of INLEN bytes size using the
algorithm HASH, placing the result in the pre-allocated buffer OUT.
The required size of OUT depends on HASH, and is generally
@@ -115,11 +144,9 @@
extern Gc_rc gc_md5 (const void *in, size_t inlen, void *resbuf);
extern Gc_rc gc_sha1 (const void *in, size_t inlen, void *resbuf);
extern Gc_rc gc_hmac_md5 (const void *key, size_t keylen,
- const void *in, size_t inlen,
- char *resbuf);
+ const void *in, size_t inlen, char *resbuf);
extern Gc_rc gc_hmac_sha1 (const void *key, size_t keylen,
- const void *in, size_t inlen,
- char *resbuf);
+ const void *in, size_t inlen, char *resbuf);
/* Derive cryptographic keys from a password P of length PLEN, with
salt S of length SLEN, placing the result in pre-allocated buffer
@@ -131,8 +158,7 @@
extern Gc_rc
gc_pbkdf2_sha1 (const char *P, size_t Plen,
const char *S, size_t Slen,
- unsigned int c,
- char *DK, size_t dkLen);
+ unsigned int c, char *DK, size_t dkLen);
/*
TODO:
@@ -148,7 +174,7 @@
> Simon Josefsson <address@hidden> writes:
>
- >> * Perhaps the /dev/*random reading should be separated into a separate
+ >> * Perhaps the /dev/?random reading should be separated into a separate
>> module? It might be useful outside of the gc layer too.
>
> Absolutely. I've been meaning to do that for months (for a "shuffle"
@@ -159,9 +185,9 @@
I'll write a separate module for that part.
I think we should even add a good PRNG that is re-seeded from
- /dev/*random frequently. GnuTLS can need a lot of random data on a
+ /dev/?random frequently. GnuTLS can need a lot of random data on a
big server, more than /dev/random can supply. And /dev/urandom might
- not be strong enough. Further, the security of /dev/*random can also
+ not be strong enough. Further, the security of /dev/?random can also
be questionable.
>> I'm also not sure about the names of those functions, they suggest
@@ -199,12 +225,12 @@
it isn't called too often. You can guess what the next value will be,
but it will always be different.
- The problem is that /dev/*random doesn't offer any kind of semantic
+ The problem is that /dev/?random doesn't offer any kind of semantic
guarantees. But applications need an API that make that promise.
I think we should do this in several steps:
- 1) Write a module that can read from /dev/*random.
+ 1) Write a module that can read from /dev/?random.
2) Add a module for a known-good PRNG suitable for random number
generation, that can be continuously re-seeded.
--- /home/cvs/gsasl/lib/gl/hmac-md5.c 2005/10/05 14:30:08 1.1
+++ /home/cvs/gsasl/lib/gl/hmac-md5.c 2005/10/23 12:18:21 1.2
@@ -23,6 +23,7 @@
#include "hmac.h"
+#include "memxor.h"
#include "md5.h"
#include <string.h>
@@ -40,6 +41,8 @@
char block[64];
char innerhash[16];
+ /* Reduce the key's size, so that it becomes <= 64 bytes large. */
+
if (keylen > 64)
{
struct md5_ctx keyhash;
@@ -52,6 +55,8 @@
keylen = 16;
}
+ /* Compute INNERHASH from KEY and IN. */
+
md5_init_ctx (&inner);
memset (block, IPAD, sizeof (block));
@@ -62,6 +67,8 @@
md5_finish_ctx (&inner, innerhash);
+ /* Compute result from KEY and INNERHASH. */
+
md5_init_ctx (&outer);
memset (block, OPAD, sizeof (block));
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/05
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/06
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/07
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/11
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/11
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/17
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/17
- CVS gsasl/lib/gl,
gsasl-commit <=
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/23
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/23