| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: aliver at xexil.com (aliver@...il.com)
Subject: xxt encryption util
/* xxt encryptor by aliver */
/* just to prove I dont just talk */
/* about coding. I do it quite a bit */
/* as well... */
/* */
/* Preamble: */
/* Just tighten your fists, squint your */
/* eyes, press your lips together, turn */
/* beet red, quiver, pound the table, */
/* adjust your white cap and scream: */
/* "It can't be! Blackhats can't code!" */
/* */
/* An implementation of xxtea encryption */
/* A very small (code wise) secure block */
/* cipher. Supposedly faster than btea */
/* and for files of any non-trival size */
/* it's gonna be way faster than TEA or */
/* IDEA. At worst it's something like 4x */
/* the speed of DES, and more secure by */
/* a factor of 2^72 ~ 4.7 x 10^21 */
/* My tests seemed to indicate that xxt */
/* is about 3x the speed of mcrypt with */
/* the same options. Not that mcrypt is */
/* not a great piece of work. It is. */
/* */
/* The xxtea algorithm was designed by: */
/* David Wheeler and Roger Needham. Some */
/* code from their publications was used */
/* for some of the encryption portions. */
/* However it was altered to be 64 bit */
/* architecture friendly. */
/* */
/* MD5 Hashing was invented by: */
/* Professor Ronald Rivest */
/* I use MD5 to hash the key. The MD5 */
/* implementation here is uses a public */
/* domain RFC1321 ripoff implementation */
/* from: */
/* L. Peter Deutsch */
/* so the RSA folks can't claim I owe */
/* them anything. */
/*****************************************/
/* Compile with cc -O3 -o xxt xxt.c */
/* "xxt -h" for help, after that */
/* tested on IRIX, Solaris, Linux */
/* NetBSD, and AIX */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <inttypes.h>
#include <string.h>
#include <errno.h>
#include <netinet/in.h>
long btea( int32_t * v, int32_t n , int32_t * k );
char * memncat(char *binstr_a,int size_a,char *binstr_b,int size_b);
char * cnp(char *bytestream, int block, int size);
void showhelp(void);
#define MX (z>>5^y<<2)+(y>>3^z<<4)^(sum^y)+(k[p&3^e]^z) ;
/* most of the MD5 hashing stuff is from L. Peter Deutsch */
/* see his notice at the bottom along with the algorithm */
#ifndef md5_INCLUDED
#define md5_INCLUDED
typedef unsigned char md5_byte_t; /* 8-bit byte */
typedef unsigned int md5_word_t; /* 32-bit word */
typedef struct md5_state_s {
md5_word_t count[2];
md5_word_t abcd[4];
md5_byte_t buf[64];
} md5_state_t;
void md5_init(md5_state_t *pms);
void md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes);
void md5_finish(md5_state_t *pms, md5_byte_t digest[16]);
#endif
/* you can get some trival speedups with MSB if you define this right */
#undef BYTE_ORDER /* 1 = big-endian, -1 = little-endian, 0 = unknown */
#ifdef ARCH_IS_BIG_ENDIAN
# define BYTE_ORDER (ARCH_IS_BIG_ENDIAN ? 1 : -1)
#else
# define BYTE_ORDER 0
#endif
#define T_MASK ((md5_word_t)~0)
#define T1 /* 0xd76aa478 */ (T_MASK ^ 0x28955b87)
#define T2 /* 0xe8c7b756 */ (T_MASK ^ 0x173848a9)
#define T3 0x242070db
#define T4 /* 0xc1bdceee */ (T_MASK ^ 0x3e423111)
#define T5 /* 0xf57c0faf */ (T_MASK ^ 0x0a83f050)
#define T6 0x4787c62a
#define T7 /* 0xa8304613 */ (T_MASK ^ 0x57cfb9ec)
#define T8 /* 0xfd469501 */ (T_MASK ^ 0x02b96afe)
#define T9 0x698098d8
#define T10 /* 0x8b44f7af */ (T_MASK ^ 0x74bb0850)
#define T11 /* 0xffff5bb1 */ (T_MASK ^ 0x0000a44e)
#define T12 /* 0x895cd7be */ (T_MASK ^ 0x76a32841)
#define T13 0x6b901122
#define T14 /* 0xfd987193 */ (T_MASK ^ 0x02678e6c)
#define T15 /* 0xa679438e */ (T_MASK ^ 0x5986bc71)
#define T16 0x49b40821
#define T17 /* 0xf61e2562 */ (T_MASK ^ 0x09e1da9d)
#define T18 /* 0xc040b340 */ (T_MASK ^ 0x3fbf4cbf)
#define T19 0x265e5a51
#define T20 /* 0xe9b6c7aa */ (T_MASK ^ 0x16493855)
#define T21 /* 0xd62f105d */ (T_MASK ^ 0x29d0efa2)
#define T22 0x02441453
#define T23 /* 0xd8a1e681 */ (T_MASK ^ 0x275e197e)
#define T24 /* 0xe7d3fbc8 */ (T_MASK ^ 0x182c0437)
#define T25 0x21e1cde6
#define T26 /* 0xc33707d6 */ (T_MASK ^ 0x3cc8f829)
#define T27 /* 0xf4d50d87 */ (T_MASK ^ 0x0b2af278)
#define T28 0x455a14ed
#define T29 /* 0xa9e3e905 */ (T_MASK ^ 0x561c16fa)
#define T30 /* 0xfcefa3f8 */ (T_MASK ^ 0x03105c07)
#define T31 0x676f02d9
#define T32 /* 0x8d2a4c8a */ (T_MASK ^ 0x72d5b375)
#define T33 /* 0xfffa3942 */ (T_MASK ^ 0x0005c6bd)
#define T34 /* 0x8771f681 */ (T_MASK ^ 0x788e097e)
#define T35 0x6d9d6122
#define T36 /* 0xfde5380c */ (T_MASK ^ 0x021ac7f3)
#define T37 /* 0xa4beea44 */ (T_MASK ^ 0x5b4115bb)
#define T38 0x4bdecfa9
#define T39 /* 0xf6bb4b60 */ (T_MASK ^ 0x0944b49f)
#define T40 /* 0xbebfbc70 */ (T_MASK ^ 0x4140438f)
#define T41 0x289b7ec6
#define T42 /* 0xeaa127fa */ (T_MASK ^ 0x155ed805)
#define T43 /* 0xd4ef3085 */ (T_MASK ^ 0x2b10cf7a)
#define T44 0x04881d05
#define T45 /* 0xd9d4d039 */ (T_MASK ^ 0x262b2fc6)
#define T46 /* 0xe6db99e5 */ (T_MASK ^ 0x1924661a)
#define T47 0x1fa27cf8
#define T48 /* 0xc4ac5665 */ (T_MASK ^ 0x3b53a99a)
#define T49 /* 0xf4292244 */ (T_MASK ^ 0x0bd6ddbb)
#define T50 0x432aff97
#define T51 /* 0xab9423a7 */ (T_MASK ^ 0x546bdc58)
#define T52 /* 0xfc93a039 */ (T_MASK ^ 0x036c5fc6)
#define T53 0x655b59c3
#define T54 /* 0x8f0ccc92 */ (T_MASK ^ 0x70f3336d)
#define T55 /* 0xffeff47d */ (T_MASK ^ 0x00100b82)
#define T56 /* 0x85845dd1 */ (T_MASK ^ 0x7a7ba22e)
#define T57 0x6fa87e4f
#define T58 /* 0xfe2ce6e0 */ (T_MASK ^ 0x01d3191f)
#define T59 /* 0xa3014314 */ (T_MASK ^ 0x5cfebceb)
#define T60 0x4e0811a1
#define T61 /* 0xf7537e82 */ (T_MASK ^ 0x08ac817d)
#define T62 /* 0xbd3af235 */ (T_MASK ^ 0x42c50dca)
#define T63 0x2ad7d2bb
#define T64 /* 0xeb86d391 */ (T_MASK ^ 0x14792c6e)
int main (int argc, char *argv[]){
extern char *optarg;
extern int optind;
extern int errno;
int c;
int i;
int j;
int sl;
int debug = 0;
int unlinkit = 0;
int use_out = 0;
int use_kp = 0;
int first_block = 1;
int fd_in;
int fd_out;
int encrypt = 0;
int decrypt = 0;
int bl = 0;
int bytes_read;
int pad;
int noumask = 0;
uint32_t filesize = 0;
uint32_t filesize_msb = 0;
uint32_t read_filesize_msb = 0;
uint32_t read_filesize = 0;
uint32_t bsf = 0;
char *in_file = NULL;
char *out_file = NULL;
char *keyphrase = NULL;
char *keyenv = NULL;
char hash[16];
char thash[17];
char hbuf[3];
char fb_buffer[64];
/* u_char *plaintext = NULL; */
u_char plaintext[64];
struct stat statbuf;
md5_state_t state;
md5_byte_t digest[32];
while( (c = getopt(argc,argv,"i:o:k:g:hxdeuv")) != -1 ){
switch(c){
case 'h':
showhelp();
break;
case 'v':
debug = 1;
break;
case 'i':
if(NULL == (in_file = (char *) malloc(strlen(optarg) + 2))){
fprintf(stderr,"FATAL: cannot allocate memory.\n");
exit(1);
}
strncpy(in_file,optarg,strlen(optarg) + 1);
break;
case 'o':
use_out = 1;
if(NULL == (out_file = (char *) malloc(strlen(optarg) + 2))){
fprintf(stderr,"FATAL: cannot allocate memory.\n");
exit(1);
}
strncpy(out_file,optarg,strlen(optarg) + 1);
break;
case 'k':
fprintf(stderr,"WARNING: using a keyphrase from the command line can be insecure.\n");
use_kp = 1;
if(NULL == (keyphrase = (char *) malloc(strlen(optarg) + 2))){
fprintf(stderr,"FATAL: cannot allocate memory.\n");
exit(1);
}
strncpy(keyphrase,optarg,strlen(optarg) + 1);
break;
case 'g':
use_kp = 1;
keyenv = getenv(optarg);
if(NULL == (keyphrase = (char *) malloc(strlen(keyenv) + 2))){
fprintf(stderr,"FATAL: cannot allocate memory.\n");
exit(1);
}
strncpy(keyphrase,keyenv,strlen(keyenv) + 1);
break;
case 'd':
decrypt = 1;
break;
case 'e':
encrypt = 1;
break;
case 'u':
unlinkit = 1;
break;
case 'x':
noumask = 1;
break;
} /* end of switch() */
} /* end of while getopt() */
/* you must use a key file or a key phrase */
if(!use_kp){
fprintf(stderr,"FATAL: I wont encrypt without a key!\n\n");
showhelp();
exit(1);
}
/* one mode, and only one mode. */
if((decrypt && encrypt) || (!encrypt && !decrypt)){
fprintf(stderr,"FATAL: Your encrypt/decrypt options are missing or do not make sense.\n");
exit(1);
}
/* They must give us an input file, and it must */
/* be statable and readable by us or we fail */
if(in_file != NULL){
if(-1 == (stat(in_file,&statbuf))){
fprintf(stderr,"FATAL: cannot stat the input file!\n");
exit(1);
}
if(statbuf.st_size == (off_t) 0){
fprintf(stderr,"FATAL: WTF are you encrypting an empty file for?\n");
exit(1);
} else {
(off_t) filesize = statbuf.st_size;
filesize_msb = htonl(filesize);
}
if(!noumask) umask(077);
if(-1 == (fd_in = open(in_file,O_RDONLY))){
fprintf(stderr,"FATAL: Cannot open() the file.\n\t%s\n",strerror(errno));
exit(1);
}
} else {
fprintf(stderr,"FATAL: no input file!\n");
exit(1);
}
/* if they didn't provide an out file, let's use */
/* in_file.xxt as the out_file name */
if(out_file == NULL){
use_out = 1;
if(NULL == (out_file = (char *) malloc(strlen(in_file) + 6))){
fprintf(stderr,"FATAL: cannot allocate memory.\n");
exit(1);
}
snprintf(out_file,strlen(in_file) + 6,"%s.xxt",in_file);
if(!noumask) umask(077);
if(-1 == (fd_out = open(out_file,O_WRONLY|O_CREAT,00600))){
fprintf(stderr,"FATAL: cannot open the output file %s for writing.\n\t%s\n"
,out_file
,strerror(errno));
exit(1);
}
} else {
if(!noumask) umask(077);
if(-1 == (fd_out = open(out_file,O_WRONLY|O_CREAT,00600))){
fprintf(stderr,"FATAL: cannot open the output file %s for writing.\n\t%s\n"
,out_file
,strerror(errno));
exit(1);
}
}
/* try to pull a fast one and wipe the arguments */
/* a person could still try and race to get them */
/* but it'd be pretty tough (NOT impossible) I'm */
/* just making it harder, but I'm not going to */
/* say that this makes it a totally secure way */
/* to make passing the key on the command line a */
/* sane or good idea. It's there because while */
/* you are in a hurry (we blackhats are never in */
/* a hurry, har har) it can be useful. */
for (i = 1; i < argc; ++i) {
sl = strlen(argv[i]);
for (j = 0; j < sl; ++j)
argv[i][j] = 0;
}
memset(hash,0,16);
/* lets hash the keys. We get a 256 bit hash */
/* from md5, but xxtea takes a 128 bit key so */
/* the hash is truncated to the first 128 bits */
md5_init(&state);
md5_append(&state, (const md5_byte_t *) keyphrase, strlen(keyphrase));
md5_finish(&state, digest);
for (i = 0; i < 8; i++) {
snprintf(hbuf,3,"%02x",digest[i]);
memcpy(hash+(i*2),hbuf,2);
}
/* show a summary of args if we are in verbose mode */
if(debug){
printf("---=[ Your option summary ]=--- \n");
printf("INFILE == %s\n",in_file);
printf("OUTFILE == %s\n",out_file);
printf("UNLINK == %d\n",unlinkit);
memcpy(thash,hash,16);
thash[16] = '\0';
/* printf("HASH == %s\n",thash); */
}
if(encrypt){
while(first_block){
bytes_read = read(fd_in,plaintext,60);
if(bytes_read == -1){
printf("FATAL: Problem reading input file.\n\t%s\n",strerror(errno));
exit(1);
}
/* if the initial input isn't at least 60 bytes */
/* we are going to have to pad it. */
if(bytes_read != 60){
pad = 60 - bytes_read ;
memcpy(plaintext+bytes_read,hash,pad);
}
memcpy(fb_buffer, &filesize_msb, 4);
memcpy(fb_buffer+4, plaintext, 60);
btea((int32_t *) fb_buffer, 16, (int32_t *) hash);
write(fd_out,(char *) fb_buffer,64);
first_block = 0;
}
while( (bytes_read = read(fd_in,plaintext,64)) ){
if(bytes_read == 64){
btea((int32_t *) plaintext, 16, (int32_t *) hash);
write(fd_out,(char *) plaintext,64);
} else {
pad = 64 - bytes_read;
memcpy(plaintext+bytes_read,hash,pad);
btea((int32_t *) plaintext, 16, (int32_t *) hash);
write(fd_out,(char *) plaintext,64);
}
}
} else if(decrypt) {
while(first_block){
read(fd_in,plaintext,64);
btea((int32_t *) plaintext, -16, (int32_t *) hash);
memcpy(&read_filesize_msb,plaintext,4);
read_filesize = ntohl(read_filesize_msb);
if(read_filesize >= 60){
write(fd_out,(char *) plaintext+4,60);
} else {
write(fd_out,(char *) plaintext+4,read_filesize);
}
bsf += 64;
first_block = 0;
}
while(0 != (bytes_read = read(fd_in,plaintext,64)) ){
btea((int32_t *) plaintext, -16, (int32_t *) hash);
bsf += 64;
if(bsf < (read_filesize + 4) && read_filesize > 64){
write(fd_out,(char *) plaintext,64);
} else {
bl = 64 - (bsf - (read_filesize + 4)); /* calc how much is really left */
write(fd_out,(char *) plaintext,bl);
}
}
}
/* if they want to delete the infile */
if(unlinkit) unlink(in_file);
/* free dynamically allocated memory and zero out the contents to */
/* try to make recovery of information about what we did harder */
memset(in_file,0,strlen(in_file));
free(in_file);
if(use_kp){
memset(keyphrase,0,strlen(keyphrase));
free(keyphrase);
}
if(use_out){
memset(out_file,0,strlen(out_file));
free(out_file);
}
close(fd_out);
close(fd_in);
return(0);
}
void showhelp(void){
printf("\nxxt - an xxtea based variable block-mode file encryptor.\n");
printf("by aliver\n\n");
printf("+---=[ Options ]=--------------------------+\n");
printf("| |\n");
printf("| -h print help -v be verbose |\n");
printf("| -i input_file -o output_file |\n");
printf("| -k keyphrase -g key env_variable |\n");
printf("| -u unlink input_file after encryption |\n");
printf("| -x dont set umask to a safe value |\n");
printf("| Example: |\n");
printf("| \"xxt -k secretpass -i test -d\" |\n");
printf("| You get \"test.xxt\" and deletes \"test\" |\n");
printf("| |\n");
printf("+------------------------------------------+\n");
}
/* nearly all the following xxtea crypto */
/* code from the post script */
/* by David Wheeler and Roger Needham */
/* I've altered it to be more portable */
/* on 64 bit platforms by making use of */
/* definitions in stdint.h */
long btea( int32_t * v, int32_t n , int32_t * k ) {
uint32_t z=v[n-1], y=v[0], sum=0,e,
DELTA=0x9e3779b9 ;
int32_t p, q ;
if ( n>1) {
/* Coding Part */
q = 6+52/n ;
while ( q-- > 0 ) {
sum += DELTA ;
e = sum >> 2&3 ;
for ( p = 0 ; p < n-1 ; p++ )
y = v[p+1],
z = v[p] += MX
y = v[0] ;
z = v[n-1] += MX
}
return 0 ;
}
/* Decoding Part */
else if ( n <-1 ) {
n = -n ;
q = 6+52/n ;
sum = q*DELTA ;
while (sum != 0) {
e = sum>>2 & 3 ;
for (p = n-1 ; p > 0 ; p-- )
z = v[p-1],
y = v[p] -= MX
z = v[n-1] ;
y = v[0] -= MX
sum -= DELTA ;
}
return 0 ;
}
return 1 ;
} /* Signal n=0,1,-1 */
/* MD5 algorithm used to hash the keys given to xxt */
/* This source code has been altered to better suit */
/* my purposes (speed, and formatting) and I am now */
/* declaring it so nobody has a fit about it. Now */
/* you can read Peter's notice below. It only */
/* applies to the MD5 hashing part of xxt ! */
/*
Copyright (C) 1999, 2000, 2002 Aladdin Enterprises. All rights reserved.
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software
in a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
L. Peter Deutsch
ghost@...ddin.com
*/
static void md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/){
md5_word_t
a = pms->abcd[0], b = pms->abcd[1],
c = pms->abcd[2], d = pms->abcd[3];
md5_word_t t;
#if BYTE_ORDER > 0
/* Define storage only for big-endian CPUs. */
md5_word_t X[16];
#else
/* Define storage for little-endian or both types of CPUs. */
md5_word_t xbuf[16];
const md5_word_t *X;
#endif
{
#if BYTE_ORDER == 0
/*
* Determine dynamically whether this is a big-endian or
* little-endian machine, since we can use a more efficient
* algorithm on the latter.
*/
static const int w = 1;
if (*((const md5_byte_t *)&w)) /* dynamic little-endian */
#endif
#if BYTE_ORDER <= 0 /* little-endian */
{
/*
* On little-endian machines, we can process properly aligned
* data without copying it.
*/
if (!((data - (const md5_byte_t *)0) & 3)) {
/* data are properly aligned */
X = (const md5_word_t *)data;
} else {
/* not aligned */
memcpy(xbuf, data, 64);
X = xbuf;
}
}
#endif
#if BYTE_ORDER == 0
else /* dynamic big-endian */
#endif
#if BYTE_ORDER >= 0 /* big-endian */
{
/*
* On big-endian machines, we must arrange the bytes in the
* right order.
*/
const md5_byte_t *xp = data;
int i;
# if BYTE_ORDER == 0
X = xbuf; /* (dynamic only) */
# else
# define xbuf X /* (static only) */
# endif
for (i = 0; i < 16; ++i, xp += 4)
xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24);
}
#endif
}
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
/* Round 1. */
/* Let [abcd k s i] denote the operation
a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). */
#define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
#define SET(a, b, c, d, k, s, Ti)\
t = a + F(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d, 0, 7, T1);
SET(d, a, b, c, 1, 12, T2);
SET(c, d, a, b, 2, 17, T3);
SET(b, c, d, a, 3, 22, T4);
SET(a, b, c, d, 4, 7, T5);
SET(d, a, b, c, 5, 12, T6);
SET(c, d, a, b, 6, 17, T7);
SET(b, c, d, a, 7, 22, T8);
SET(a, b, c, d, 8, 7, T9);
SET(d, a, b, c, 9, 12, T10);
SET(c, d, a, b, 10, 17, T11);
SET(b, c, d, a, 11, 22, T12);
SET(a, b, c, d, 12, 7, T13);
SET(d, a, b, c, 13, 12, T14);
SET(c, d, a, b, 14, 17, T15);
SET(b, c, d, a, 15, 22, T16);
#undef SET
/* Round 2. */
/* Let [abcd k s i] denote the operation
a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s). */
#define G(x, y, z) (((x) & (z)) | ((y) & ~(z)))
#define SET(a, b, c, d, k, s, Ti)\
t = a + G(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d, 1, 5, T17);
SET(d, a, b, c, 6, 9, T18);
SET(c, d, a, b, 11, 14, T19);
SET(b, c, d, a, 0, 20, T20);
SET(a, b, c, d, 5, 5, T21);
SET(d, a, b, c, 10, 9, T22);
SET(c, d, a, b, 15, 14, T23);
SET(b, c, d, a, 4, 20, T24);
SET(a, b, c, d, 9, 5, T25);
SET(d, a, b, c, 14, 9, T26);
SET(c, d, a, b, 3, 14, T27);
SET(b, c, d, a, 8, 20, T28);
SET(a, b, c, d, 13, 5, T29);
SET(d, a, b, c, 2, 9, T30);
SET(c, d, a, b, 7, 14, T31);
SET(b, c, d, a, 12, 20, T32);
#undef SET
/* Round 3. */
/* Let [abcd k s t] denote the operation
a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s). */
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define SET(a, b, c, d, k, s, Ti)\
t = a + H(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d, 5, 4, T33);
SET(d, a, b, c, 8, 11, T34);
SET(c, d, a, b, 11, 16, T35);
SET(b, c, d, a, 14, 23, T36);
SET(a, b, c, d, 1, 4, T37);
SET(d, a, b, c, 4, 11, T38);
SET(c, d, a, b, 7, 16, T39);
SET(b, c, d, a, 10, 23, T40);
SET(a, b, c, d, 13, 4, T41);
SET(d, a, b, c, 0, 11, T42);
SET(c, d, a, b, 3, 16, T43);
SET(b, c, d, a, 6, 23, T44);
SET(a, b, c, d, 9, 4, T45);
SET(d, a, b, c, 12, 11, T46);
SET(c, d, a, b, 15, 16, T47);
SET(b, c, d, a, 2, 23, T48);
#undef SET
/* Round 4. */
/* Let [abcd k s t] denote the operation
a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s). */
#define I(x, y, z) ((y) ^ ((x) | ~(z)))
#define SET(a, b, c, d, k, s, Ti)\
t = a + I(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d, 0, 6, T49);
SET(d, a, b, c, 7, 10, T50);
SET(c, d, a, b, 14, 15, T51);
SET(b, c, d, a, 5, 21, T52);
SET(a, b, c, d, 12, 6, T53);
SET(d, a, b, c, 3, 10, T54);
SET(c, d, a, b, 10, 15, T55);
SET(b, c, d, a, 1, 21, T56);
SET(a, b, c, d, 8, 6, T57);
SET(d, a, b, c, 15, 10, T58);
SET(c, d, a, b, 6, 15, T59);
SET(b, c, d, a, 13, 21, T60);
SET(a, b, c, d, 4, 6, T61);
SET(d, a, b, c, 11, 10, T62);
SET(c, d, a, b, 2, 15, T63);
SET(b, c, d, a, 9, 21, T64);
#undef SET
/* Then perform the following additions. (That is increment each
of the four registers by the value it had before this block
was started.) */
pms->abcd[0] += a;
pms->abcd[1] += b;
pms->abcd[2] += c;
pms->abcd[3] += d;
}
void md5_init(md5_state_t *pms){
pms->count[0] = pms->count[1] = 0;
pms->abcd[0] = 0x67452301;
pms->abcd[1] = /*0xefcdab89*/ T_MASK ^ 0x10325476;
pms->abcd[2] = /*0x98badcfe*/ T_MASK ^ 0x67452301;
pms->abcd[3] = 0x10325476;
}
void md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes){
const md5_byte_t *p = data;
int left = nbytes;
int offset = (pms->count[0] >> 3) & 63;
md5_word_t nbits = (md5_word_t)(nbytes << 3);
if (nbytes <= 0)
return;
/* Update the message length. */
pms->count[1] += nbytes >> 29;
pms->count[0] += nbits;
if (pms->count[0] < nbits)
pms->count[1]++;
/* Process an initial partial block. */
if (offset) {
int copy = (offset + nbytes > 64 ? 64 - offset : nbytes);
memcpy(pms->buf + offset, p, copy);
if (offset + copy < 64)
return;
p += copy;
left -= copy;
md5_process(pms, pms->buf);
}
/* Process full blocks. */
for (; left >= 64; p += 64, left -= 64)
md5_process(pms, p);
/* Process a final partial block. */
if (left)
memcpy(pms->buf, p, left);
}
void md5_finish(md5_state_t *pms, md5_byte_t digest[16]) {
static const md5_byte_t pad[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
md5_byte_t data[8];
int i;
/* Save the length before padding. */
for (i = 0; i < 8; ++i)
data[i] = (md5_byte_t)(pms->count[i >> 2] >> ((i & 3) << 3));
/* Pad to 56 bytes mod 64. */
md5_append(pms, pad, ((55 - (pms->count[0] >> 3)) & 63) + 1);
/* Append the length. */
md5_append(pms, data, 8);
for (i = 0; i < 16; ++i)
digest[i] = (md5_byte_t)(pms->abcd[i >> 2] >> ((i & 3) << 3));
}
-------------- next part --------------
/* xxt encryptor by aliver */
/* just to prove I dont just talk */
/* about coding. I do it quite a bit */
/* as well... */
/* */
/* Preamble: */
/* Just tighten your fists, squint your */
/* eyes, press your lips together, turn */
/* beet red, quiver, pound the table, */
/* adjust your white cap and scream: */
/* "It can't be! Blackhats can't code!" */
/* */
/* An implementation of xxtea encryption */
/* A very small (code wise) secure block */
/* cipher. Supposedly faster than btea */
/* and for files of any non-trival size */
/* it's gonna be way faster than TEA or */
/* IDEA. At worst it's something like 4x */
/* the speed of DES, and more secure by */
/* a factor of 2^72 ~ 4.7 x 10^21 */
/* My tests seemed to indicate that xxt */
/* is about 3x the speed of mcrypt with */
/* the same options. Not that mcrypt is */
/* not a great piece of work. It is. */
/* */
/* The xxtea algorithm was designed by: */
/* David Wheeler and Roger Needham. Some */
/* code from their publications was used */
/* for some of the encryption portions. */
/* However it was altered to be 64 bit */
/* architecture friendly. */
/* */
/* MD5 Hashing was invented by: */
/* Professor Ronald Rivest */
/* I use MD5 to hash the key. The MD5 */
/* implementation here is uses a public */
/* domain RFC1321 ripoff implementation */
/* from: */
/* L. Peter Deutsch */
/* so the RSA folks can't claim I owe */
/* them anything. */
/*****************************************/
/* Compile with cc -O3 -o xxt xxt.c */
/* "xxt -h" for help, after that */
/* tested on IRIX, Solaris, Linux */
/* NetBSD, and AIX */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <inttypes.h>
#include <string.h>
#include <errno.h>
#include <netinet/in.h>
long btea( int32_t * v, int32_t n , int32_t * k );
char * memncat(char *binstr_a,int size_a,char *binstr_b,int size_b);
char * cnp(char *bytestream, int block, int size);
void showhelp(void);
#define MX (z>>5^y<<2)+(y>>3^z<<4)^(sum^y)+(k[p&3^e]^z) ;
/* most of the MD5 hashing stuff is from L. Peter Deutsch */
/* see his notice at the bottom along with the algorithm */
#ifndef md5_INCLUDED
#define md5_INCLUDED
typedef unsigned char md5_byte_t; /* 8-bit byte */
typedef unsigned int md5_word_t; /* 32-bit word */
typedef struct md5_state_s {
md5_word_t count[2];
md5_word_t abcd[4];
md5_byte_t buf[64];
} md5_state_t;
void md5_init(md5_state_t *pms);
void md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes);
void md5_finish(md5_state_t *pms, md5_byte_t digest[16]);
#endif
/* you can get some trival speedups with MSB if you define this right */
#undef BYTE_ORDER /* 1 = big-endian, -1 = little-endian, 0 = unknown */
#ifdef ARCH_IS_BIG_ENDIAN
# define BYTE_ORDER (ARCH_IS_BIG_ENDIAN ? 1 : -1)
#else
# define BYTE_ORDER 0
#endif
#define T_MASK ((md5_word_t)~0)
#define T1 /* 0xd76aa478 */ (T_MASK ^ 0x28955b87)
#define T2 /* 0xe8c7b756 */ (T_MASK ^ 0x173848a9)
#define T3 0x242070db
#define T4 /* 0xc1bdceee */ (T_MASK ^ 0x3e423111)
#define T5 /* 0xf57c0faf */ (T_MASK ^ 0x0a83f050)
#define T6 0x4787c62a
#define T7 /* 0xa8304613 */ (T_MASK ^ 0x57cfb9ec)
#define T8 /* 0xfd469501 */ (T_MASK ^ 0x02b96afe)
#define T9 0x698098d8
#define T10 /* 0x8b44f7af */ (T_MASK ^ 0x74bb0850)
#define T11 /* 0xffff5bb1 */ (T_MASK ^ 0x0000a44e)
#define T12 /* 0x895cd7be */ (T_MASK ^ 0x76a32841)
#define T13 0x6b901122
#define T14 /* 0xfd987193 */ (T_MASK ^ 0x02678e6c)
#define T15 /* 0xa679438e */ (T_MASK ^ 0x5986bc71)
#define T16 0x49b40821
#define T17 /* 0xf61e2562 */ (T_MASK ^ 0x09e1da9d)
#define T18 /* 0xc040b340 */ (T_MASK ^ 0x3fbf4cbf)
#define T19 0x265e5a51
#define T20 /* 0xe9b6c7aa */ (T_MASK ^ 0x16493855)
#define T21 /* 0xd62f105d */ (T_MASK ^ 0x29d0efa2)
#define T22 0x02441453
#define T23 /* 0xd8a1e681 */ (T_MASK ^ 0x275e197e)
#define T24 /* 0xe7d3fbc8 */ (T_MASK ^ 0x182c0437)
#define T25 0x21e1cde6
#define T26 /* 0xc33707d6 */ (T_MASK ^ 0x3cc8f829)
#define T27 /* 0xf4d50d87 */ (T_MASK ^ 0x0b2af278)
#define T28 0x455a14ed
#define T29 /* 0xa9e3e905 */ (T_MASK ^ 0x561c16fa)
#define T30 /* 0xfcefa3f8 */ (T_MASK ^ 0x03105c07)
#define T31 0x676f02d9
#define T32 /* 0x8d2a4c8a */ (T_MASK ^ 0x72d5b375)
#define T33 /* 0xfffa3942 */ (T_MASK ^ 0x0005c6bd)
#define T34 /* 0x8771f681 */ (T_MASK ^ 0x788e097e)
#define T35 0x6d9d6122
#define T36 /* 0xfde5380c */ (T_MASK ^ 0x021ac7f3)
#define T37 /* 0xa4beea44 */ (T_MASK ^ 0x5b4115bb)
#define T38 0x4bdecfa9
#define T39 /* 0xf6bb4b60 */ (T_MASK ^ 0x0944b49f)
#define T40 /* 0xbebfbc70 */ (T_MASK ^ 0x4140438f)
#define T41 0x289b7ec6
#define T42 /* 0xeaa127fa */ (T_MASK ^ 0x155ed805)
#define T43 /* 0xd4ef3085 */ (T_MASK ^ 0x2b10cf7a)
#define T44 0x04881d05
#define T45 /* 0xd9d4d039 */ (T_MASK ^ 0x262b2fc6)
#define T46 /* 0xe6db99e5 */ (T_MASK ^ 0x1924661a)
#define T47 0x1fa27cf8
#define T48 /* 0xc4ac5665 */ (T_MASK ^ 0x3b53a99a)
#define T49 /* 0xf4292244 */ (T_MASK ^ 0x0bd6ddbb)
#define T50 0x432aff97
#define T51 /* 0xab9423a7 */ (T_MASK ^ 0x546bdc58)
#define T52 /* 0xfc93a039 */ (T_MASK ^ 0x036c5fc6)
#define T53 0x655b59c3
#define T54 /* 0x8f0ccc92 */ (T_MASK ^ 0x70f3336d)
#define T55 /* 0xffeff47d */ (T_MASK ^ 0x00100b82)
#define T56 /* 0x85845dd1 */ (T_MASK ^ 0x7a7ba22e)
#define T57 0x6fa87e4f
#define T58 /* 0xfe2ce6e0 */ (T_MASK ^ 0x01d3191f)
#define T59 /* 0xa3014314 */ (T_MASK ^ 0x5cfebceb)
#define T60 0x4e0811a1
#define T61 /* 0xf7537e82 */ (T_MASK ^ 0x08ac817d)
#define T62 /* 0xbd3af235 */ (T_MASK ^ 0x42c50dca)
#define T63 0x2ad7d2bb
#define T64 /* 0xeb86d391 */ (T_MASK ^ 0x14792c6e)
int main (int argc, char *argv[]){
extern char *optarg;
extern int optind;
extern int errno;
int c;
int i;
int j;
int sl;
int debug = 0;
int unlinkit = 0;
int use_out = 0;
int use_kp = 0;
int first_block = 1;
int fd_in;
int fd_out;
int encrypt = 0;
int decrypt = 0;
int bl = 0;
int bytes_read;
int pad;
int noumask = 0;
uint32_t filesize = 0;
uint32_t filesize_msb = 0;
uint32_t read_filesize_msb = 0;
uint32_t read_filesize = 0;
uint32_t bsf = 0;
char *in_file = NULL;
char *out_file = NULL;
char *keyphrase = NULL;
char *keyenv = NULL;
char hash[16];
char thash[17];
char hbuf[3];
char fb_buffer[64];
/* u_char *plaintext = NULL; */
u_char plaintext[64];
struct stat statbuf;
md5_state_t state;
md5_byte_t digest[32];
while( (c = getopt(argc,argv,"i:o:k:g:hxdeuv")) != -1 ){
switch(c){
case 'h':
showhelp();
break;
case 'v':
debug = 1;
break;
case 'i':
if(NULL == (in_file = (char *) malloc(strlen(optarg) + 2))){
fprintf(stderr,"FATAL: cannot allocate memory.\n");
exit(1);
}
strncpy(in_file,optarg,strlen(optarg) + 1);
break;
case 'o':
use_out = 1;
if(NULL == (out_file = (char *) malloc(strlen(optarg) + 2))){
fprintf(stderr,"FATAL: cannot allocate memory.\n");
exit(1);
}
strncpy(out_file,optarg,strlen(optarg) + 1);
break;
case 'k':
fprintf(stderr,"WARNING: using a keyphrase from the command line can be insecure.\n");
use_kp = 1;
if(NULL == (keyphrase = (char *) malloc(strlen(optarg) + 2))){
fprintf(stderr,"FATAL: cannot allocate memory.\n");
exit(1);
}
strncpy(keyphrase,optarg,strlen(optarg) + 1);
break;
case 'g':
use_kp = 1;
keyenv = getenv(optarg);
if(NULL == (keyphrase = (char *) malloc(strlen(keyenv) + 2))){
fprintf(stderr,"FATAL: cannot allocate memory.\n");
exit(1);
}
strncpy(keyphrase,keyenv,strlen(keyenv) + 1);
break;
case 'd':
decrypt = 1;
break;
case 'e':
encrypt = 1;
break;
case 'u':
unlinkit = 1;
break;
case 'x':
noumask = 1;
break;
} /* end of switch() */
} /* end of while getopt() */
/* you must use a key file or a key phrase */
if(!use_kp){
fprintf(stderr,"FATAL: I wont encrypt without a key!\n\n");
showhelp();
exit(1);
}
/* one mode, and only one mode. */
if((decrypt && encrypt) || (!encrypt && !decrypt)){
fprintf(stderr,"FATAL: Your encrypt/decrypt options are missing or do not make sense.\n");
exit(1);
}
/* They must give us an input file, and it must */
/* be statable and readable by us or we fail */
if(in_file != NULL){
if(-1 == (stat(in_file,&statbuf))){
fprintf(stderr,"FATAL: cannot stat the input file!\n");
exit(1);
}
if(statbuf.st_size == (off_t) 0){
fprintf(stderr,"FATAL: WTF are you encrypting an empty file for?\n");
exit(1);
} else {
(off_t) filesize = statbuf.st_size;
filesize_msb = htonl(filesize);
}
if(!noumask) umask(077);
if(-1 == (fd_in = open(in_file,O_RDONLY))){
fprintf(stderr,"FATAL: Cannot open() the file.\n\t%s\n",strerror(errno));
exit(1);
}
} else {
fprintf(stderr,"FATAL: no input file!\n");
exit(1);
}
/* if they didn't provide an out file, let's use */
/* in_file.xxt as the out_file name */
if(out_file == NULL){
use_out = 1;
if(NULL == (out_file = (char *) malloc(strlen(in_file) + 6))){
fprintf(stderr,"FATAL: cannot allocate memory.\n");
exit(1);
}
snprintf(out_file,strlen(in_file) + 6,"%s.xxt",in_file);
if(!noumask) umask(077);
if(-1 == (fd_out = open(out_file,O_WRONLY|O_CREAT,00600))){
fprintf(stderr,"FATAL: cannot open the output file %s for writing.\n\t%s\n"
,out_file
,strerror(errno));
exit(1);
}
} else {
if(!noumask) umask(077);
if(-1 == (fd_out = open(out_file,O_WRONLY|O_CREAT,00600))){
fprintf(stderr,"FATAL: cannot open the output file %s for writing.\n\t%s\n"
,out_file
,strerror(errno));
exit(1);
}
}
/* try to pull a fast one and wipe the arguments */
/* a person could still try and race to get them */
/* but it'd be pretty tough (NOT impossible) I'm */
/* just making it harder, but I'm not going to */
/* say that this makes it a totally secure way */
/* to make passing the key on the command line a */
/* sane or good idea. It's there because while */
/* you are in a hurry (we blackhats are never in */
/* a hurry, har har) it can be useful. */
for (i = 1; i < argc; ++i) {
sl = strlen(argv[i]);
for (j = 0; j < sl; ++j)
argv[i][j] = 0;
}
memset(hash,0,16);
/* lets hash the keys. We get a 256 bit hash */
/* from md5, but xxtea takes a 128 bit key so */
/* the hash is truncated to the first 128 bits */
md5_init(&state);
md5_append(&state, (const md5_byte_t *) keyphrase, strlen(keyphrase));
md5_finish(&state, digest);
for (i = 0; i < 8; i++) {
snprintf(hbuf,3,"%02x",digest[i]);
memcpy(hash+(i*2),hbuf,2);
}
/* show a summary of args if we are in verbose mode */
if(debug){
printf("---=[ Your option summary ]=--- \n");
printf("INFILE == %s\n",in_file);
printf("OUTFILE == %s\n",out_file);
printf("UNLINK == %d\n",unlinkit);
memcpy(thash,hash,16);
thash[16] = '\0';
/* printf("HASH == %s\n",thash); */
}
if(encrypt){
while(first_block){
bytes_read = read(fd_in,plaintext,60);
if(bytes_read == -1){
printf("FATAL: Problem reading input file.\n\t%s\n",strerror(errno));
exit(1);
}
/* if the initial input isn't at least 60 bytes */
/* we are going to have to pad it. */
if(bytes_read != 60){
pad = 60 - bytes_read ;
memcpy(plaintext+bytes_read,hash,pad);
}
memcpy(fb_buffer, &filesize_msb, 4);
memcpy(fb_buffer+4, plaintext, 60);
btea((int32_t *) fb_buffer, 16, (int32_t *) hash);
write(fd_out,(char *) fb_buffer,64);
first_block = 0;
}
while( (bytes_read = read(fd_in,plaintext,64)) ){
if(bytes_read == 64){
btea((int32_t *) plaintext, 16, (int32_t *) hash);
write(fd_out,(char *) plaintext,64);
} else {
pad = 64 - bytes_read;
memcpy(plaintext+bytes_read,hash,pad);
btea((int32_t *) plaintext, 16, (int32_t *) hash);
write(fd_out,(char *) plaintext,64);
}
}
} else if(decrypt) {
while(first_block){
read(fd_in,plaintext,64);
btea((int32_t *) plaintext, -16, (int32_t *) hash);
memcpy(&read_filesize_msb,plaintext,4);
read_filesize = ntohl(read_filesize_msb);
if(read_filesize >= 60){
write(fd_out,(char *) plaintext+4,60);
} else {
write(fd_out,(char *) plaintext+4,read_filesize);
}
bsf += 64;
first_block = 0;
}
while(0 != (bytes_read = read(fd_in,plaintext,64)) ){
btea((int32_t *) plaintext, -16, (int32_t *) hash);
bsf += 64;
if(bsf < (read_filesize + 4) && read_filesize > 64){
write(fd_out,(char *) plaintext,64);
} else {
bl = 64 - (bsf - (read_filesize + 4)); /* calc how much is really left */
write(fd_out,(char *) plaintext,bl);
}
}
}
/* if they want to delete the infile */
if(unlinkit) unlink(in_file);
/* free dynamically allocated memory and zero out the contents to */
/* try to make recovery of information about what we did harder */
memset(in_file,0,strlen(in_file));
free(in_file);
if(use_kp){
memset(keyphrase,0,strlen(keyphrase));
free(keyphrase);
}
if(use_out){
memset(out_file,0,strlen(out_file));
free(out_file);
}
close(fd_out);
close(fd_in);
return(0);
}
void showhelp(void){
printf("\nxxt - an xxtea based variable block-mode file encryptor.\n");
printf("by aliver\n\n");
printf("+---=[ Options ]=--------------------------+\n");
printf("| |\n");
printf("| -h print help -v be verbose |\n");
printf("| -i input_file -o output_file |\n");
printf("| -k keyphrase -g key env_variable |\n");
printf("| -u unlink input_file after encryption |\n");
printf("| -x dont set umask to a safe value |\n");
printf("| Example: |\n");
printf("| \"xxt -k secretpass -i test -d\" |\n");
printf("| You get \"test.xxt\" and deletes \"test\" |\n");
printf("| |\n");
printf("+------------------------------------------+\n");
}
/* nearly all the following xxtea crypto */
/* code from the post script */
/* by David Wheeler and Roger Needham */
/* I've altered it to be more portable */
/* on 64 bit platforms by making use of */
/* definitions in stdint.h */
long btea( int32_t * v, int32_t n , int32_t * k ) {
uint32_t z=v[n-1], y=v[0], sum=0,e,
DELTA=0x9e3779b9 ;
int32_t p, q ;
if ( n>1) {
/* Coding Part */
q = 6+52/n ;
while ( q-- > 0 ) {
sum += DELTA ;
e = sum >> 2&3 ;
for ( p = 0 ; p < n-1 ; p++ )
y = v[p+1],
z = v[p] += MX
y = v[0] ;
z = v[n-1] += MX
}
return 0 ;
}
/* Decoding Part */
else if ( n <-1 ) {
n = -n ;
q = 6+52/n ;
sum = q*DELTA ;
while (sum != 0) {
e = sum>>2 & 3 ;
for (p = n-1 ; p > 0 ; p-- )
z = v[p-1],
y = v[p] -= MX
z = v[n-1] ;
y = v[0] -= MX
sum -= DELTA ;
}
return 0 ;
}
return 1 ;
} /* Signal n=0,1,-1 */
/* MD5 algorithm used to hash the keys given to xxt */
/* This source code has been altered to better suit */
/* my purposes (speed, and formatting) and I am now */
/* declaring it so nobody has a fit about it. Now */
/* you can read Peter's notice below. It only */
/* applies to the MD5 hashing part of xxt ! */
/*
Copyright (C) 1999, 2000, 2002 Aladdin Enterprises. All rights reserved.
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software
in a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
L. Peter Deutsch
ghost@...ddin.com
*/
static void md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/){
md5_word_t
a = pms->abcd[0], b = pms->abcd[1],
c = pms->abcd[2], d = pms->abcd[3];
md5_word_t t;
#if BYTE_ORDER > 0
/* Define storage only for big-endian CPUs. */
md5_word_t X[16];
#else
/* Define storage for little-endian or both types of CPUs. */
md5_word_t xbuf[16];
const md5_word_t *X;
#endif
{
#if BYTE_ORDER == 0
/*
* Determine dynamically whether this is a big-endian or
* little-endian machine, since we can use a more efficient
* algorithm on the latter.
*/
static const int w = 1;
if (*((const md5_byte_t *)&w)) /* dynamic little-endian */
#endif
#if BYTE_ORDER <= 0 /* little-endian */
{
/*
* On little-endian machines, we can process properly aligned
* data without copying it.
*/
if (!((data - (const md5_byte_t *)0) & 3)) {
/* data are properly aligned */
X = (const md5_word_t *)data;
} else {
/* not aligned */
memcpy(xbuf, data, 64);
X = xbuf;
}
}
#endif
#if BYTE_ORDER == 0
else /* dynamic big-endian */
#endif
#if BYTE_ORDER >= 0 /* big-endian */
{
/*
* On big-endian machines, we must arrange the bytes in the
* right order.
*/
const md5_byte_t *xp = data;
int i;
# if BYTE_ORDER == 0
X = xbuf; /* (dynamic only) */
# else
# define xbuf X /* (static only) */
# endif
for (i = 0; i < 16; ++i, xp += 4)
xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24);
}
#endif
}
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
/* Round 1. */
/* Let [abcd k s i] denote the operation
a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). */
#define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
#define SET(a, b, c, d, k, s, Ti)\
t = a + F(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d, 0, 7, T1);
SET(d, a, b, c, 1, 12, T2);
SET(c, d, a, b, 2, 17, T3);
SET(b, c, d, a, 3, 22, T4);
SET(a, b, c, d, 4, 7, T5);
SET(d, a, b, c, 5, 12, T6);
SET(c, d, a, b, 6, 17, T7);
SET(b, c, d, a, 7, 22, T8);
SET(a, b, c, d, 8, 7, T9);
SET(d, a, b, c, 9, 12, T10);
SET(c, d, a, b, 10, 17, T11);
SET(b, c, d, a, 11, 22, T12);
SET(a, b, c, d, 12, 7, T13);
SET(d, a, b, c, 13, 12, T14);
SET(c, d, a, b, 14, 17, T15);
SET(b, c, d, a, 15, 22, T16);
#undef SET
/* Round 2. */
/* Let [abcd k s i] denote the operation
a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s). */
#define G(x, y, z) (((x) & (z)) | ((y) & ~(z)))
#define SET(a, b, c, d, k, s, Ti)\
t = a + G(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d, 1, 5, T17);
SET(d, a, b, c, 6, 9, T18);
SET(c, d, a, b, 11, 14, T19);
SET(b, c, d, a, 0, 20, T20);
SET(a, b, c, d, 5, 5, T21);
SET(d, a, b, c, 10, 9, T22);
SET(c, d, a, b, 15, 14, T23);
SET(b, c, d, a, 4, 20, T24);
SET(a, b, c, d, 9, 5, T25);
SET(d, a, b, c, 14, 9, T26);
SET(c, d, a, b, 3, 14, T27);
SET(b, c, d, a, 8, 20, T28);
SET(a, b, c, d, 13, 5, T29);
SET(d, a, b, c, 2, 9, T30);
SET(c, d, a, b, 7, 14, T31);
SET(b, c, d, a, 12, 20, T32);
#undef SET
/* Round 3. */
/* Let [abcd k s t] denote the operation
a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s). */
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define SET(a, b, c, d, k, s, Ti)\
t = a + H(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d, 5, 4, T33);
SET(d, a, b, c, 8, 11, T34);
SET(c, d, a, b, 11, 16, T35);
SET(b, c, d, a, 14, 23, T36);
SET(a, b, c, d, 1, 4, T37);
SET(d, a, b, c, 4, 11, T38);
SET(c, d, a, b, 7, 16, T39);
SET(b, c, d, a, 10, 23, T40);
SET(a, b, c, d, 13, 4, T41);
SET(d, a, b, c, 0, 11, T42);
SET(c, d, a, b, 3, 16, T43);
SET(b, c, d, a, 6, 23, T44);
SET(a, b, c, d, 9, 4, T45);
SET(d, a, b, c, 12, 11, T46);
SET(c, d, a, b, 15, 16, T47);
SET(b, c, d, a, 2, 23, T48);
#undef SET
/* Round 4. */
/* Let [abcd k s t] denote the operation
a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s). */
#define I(x, y, z) ((y) ^ ((x) | ~(z)))
#define SET(a, b, c, d, k, s, Ti)\
t = a + I(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d, 0, 6, T49);
SET(d, a, b, c, 7, 10, T50);
SET(c, d, a, b, 14, 15, T51);
SET(b, c, d, a, 5, 21, T52);
SET(a, b, c, d, 12, 6, T53);
SET(d, a, b, c, 3, 10, T54);
SET(c, d, a, b, 10, 15, T55);
SET(b, c, d, a, 1, 21, T56);
SET(a, b, c, d, 8, 6, T57);
SET(d, a, b, c, 15, 10, T58);
SET(c, d, a, b, 6, 15, T59);
SET(b, c, d, a, 13, 21, T60);
SET(a, b, c, d, 4, 6, T61);
SET(d, a, b, c, 11, 10, T62);
SET(c, d, a, b, 2, 15, T63);
SET(b, c, d, a, 9, 21, T64);
#undef SET
/* Then perform the following additions. (That is increment each
of the four registers by the value it had before this block
was started.) */
pms->abcd[0] += a;
pms->abcd[1] += b;
pms->abcd[2] += c;
pms->abcd[3] += d;
}
void md5_init(md5_state_t *pms){
pms->count[0] = pms->count[1] = 0;
pms->abcd[0] = 0x67452301;
pms->abcd[1] = /*0xefcdab89*/ T_MASK ^ 0x10325476;
pms->abcd[2] = /*0x98badcfe*/ T_MASK ^ 0x67452301;
pms->abcd[3] = 0x10325476;
}
void md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes){
const md5_byte_t *p = data;
int left = nbytes;
int offset = (pms->count[0] >> 3) & 63;
md5_word_t nbits = (md5_word_t)(nbytes << 3);
if (nbytes <= 0)
return;
/* Update the message length. */
pms->count[1] += nbytes >> 29;
pms->count[0] += nbits;
if (pms->count[0] < nbits)
pms->count[1]++;
/* Process an initial partial block. */
if (offset) {
int copy = (offset + nbytes > 64 ? 64 - offset : nbytes);
memcpy(pms->buf + offset, p, copy);
if (offset + copy < 64)
return;
p += copy;
left -= copy;
md5_process(pms, pms->buf);
}
/* Process full blocks. */
for (; left >= 64; p += 64, left -= 64)
md5_process(pms, p);
/* Process a final partial block. */
if (left)
memcpy(pms->buf, p, left);
}
void md5_finish(md5_state_t *pms, md5_byte_t digest[16]) {
static const md5_byte_t pad[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
md5_byte_t data[8];
int i;
/* Save the length before padding. */
for (i = 0; i < 8; ++i)
data[i] = (md5_byte_t)(pms->count[i >> 2] >> ((i & 3) << 3));
/* Pad to 56 bytes mod 64. */
md5_append(pms, pad, ((55 - (pms->count[0] >> 3)) & 63) + 1);
/* Append the length. */
md5_append(pms, data, 8);
for (i = 0; i < 16; ++i)
digest[i] = (md5_byte_t)(pms->abcd[i >> 2] >> ((i & 3) << 3));
}
Powered by blists - more mailing lists