LCOV - code coverage report
Current view: top level - shishi/lib - crypto.c (source / functions) Hit Total Coverage
Test: GNU Shishi Lines: 325 579 56.1 %
Date: 2010-05-20 Functions: 31 48 64.6 %
Legend: Lines: hit not hit | Branches: + taken - not taken # not executed Branches: 161 300 53.7 %

           Branch data     Line data    Source code
       1                 :            : /* crypto.c --- Crypto functions.
       2                 :            :  * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010  Simon Josefsson
       3                 :            :  *
       4                 :            :  * This file is part of Shishi.
       5                 :            :  *
       6                 :            :  * Shishi is free software; you can redistribute it and/or modify it
       7                 :            :  * under the terms of the GNU General Public License as published by
       8                 :            :  * the Free Software Foundation; either version 3 of the License, or
       9                 :            :  * (at your option) any later version.
      10                 :            :  *
      11                 :            :  * Shishi is distributed in the hope that it will be useful, but
      12                 :            :  * WITHOUT ANY WARRANTY; without even the implied warranty of
      13                 :            :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      14                 :            :  * GNU General Public License for more details.
      15                 :            :  *
      16                 :            :  * You should have received a copy of the GNU General Public License
      17                 :            :  * along with Shishi; if not, see http://www.gnu.org/licenses or write
      18                 :            :  * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
      19                 :            :  * Floor, Boston, MA 02110-1301, USA
      20                 :            :  *
      21                 :            :  */
      22                 :            : 
      23                 :            : #include "internal.h"
      24                 :            : 
      25                 :            : /* Get prototypes. */
      26                 :            : #include "crypto.h"
      27                 :            : 
      28                 :            : /* Get _shishi_escapeprint, etc. */
      29                 :            : #include "utils.h"
      30                 :            : 
      31                 :            : static int
      32                 :       2770 : gcd (int a, int b)
      33                 :            : {
      34         [ +  + ]:       2770 :   if (b == 0)
      35                 :        664 :     return a;
      36                 :            :   else
      37                 :       2770 :     return gcd (b, a % b);
      38                 :            : }
      39                 :            : 
      40                 :            : static int
      41                 :        664 : lcm (int a, int b)
      42                 :            : {
      43                 :        664 :   return a * b / gcd (a, b);
      44                 :            : }
      45                 :            : 
      46                 :            : static void
      47                 :       9889 : rot13 (Shishi * handle, char *in, char *out, int len)
      48                 :            : {
      49         [ -  + ]:       9889 :   if (VERBOSECRYPTONOISE (handle))
      50                 :            :     {
      51                 :          0 :       printf ("\t ;; rot 13 in:\n");
      52                 :          0 :       _shishi_escapeprint (in, len);
      53                 :          0 :       _shishi_hexprint (in, len);
      54                 :          0 :       _shishi_binprint (in, len);
      55                 :            :     }
      56                 :            : 
      57         [ +  + ]:       9889 :   if (len == 1)
      58                 :            :     {
      59                 :         45 :       out[0] =
      60                 :         45 :         ((in[0] >> 5) & 0x01) |
      61                 :            :         ((in[0] >> 5) & 0x02) |
      62                 :            :         ((in[0] >> 5) & 0x04) |
      63                 :         45 :         ((in[0] << 3) & 0x08) |
      64                 :         45 :         ((in[0] << 3) & 0x10) |
      65                 :        135 :         ((in[0] << 3) & 0x20) | ((in[0] << 3) & 0x40) | ((in[0] << 3) & 0x80);
      66                 :            :     }
      67         [ +  - ]:       9844 :   else if (len > 1)
      68                 :            :     {
      69                 :            :       char nexttolast, last;
      70                 :            :       int i;
      71                 :            : 
      72                 :       9844 :       nexttolast = in[len - 2];
      73                 :       9844 :       last = in[len - 1];
      74                 :            : 
      75         [ +  + ]:     299664 :       for (i = len * 8 - 1; i >= 13; i--)
      76                 :            :         {
      77                 :     289820 :           int pos = i / 8;
      78                 :     289820 :           char mask = ~(1 << (7 - i % 8));
      79                 :     289820 :           int pos2 = (i - 13) / 8;
      80                 :     289820 :           char mask2 = (1 << (7 - (i - 13) % 8));
      81                 :            : 
      82         [ +  + ]:     289820 :           out[pos] = (out[pos] & mask) |
      83                 :     289820 :             (((in[pos2] & mask2) ? 0xFF : 0x00) & ~mask);
      84                 :            :         }
      85                 :       9844 :       out[0] = ((nexttolast & 0xFF) << 3) | ((last & 0xFF) >> 5);
      86                 :       9844 :       out[1] = (in[1] & ~(0xFF & (0xFF << 3))) | (0xFF & (last << 3));
      87                 :            :     }
      88                 :            : 
      89         [ -  + ]:       9889 :   if (VERBOSECRYPTONOISE (handle))
      90                 :            :     {
      91                 :          0 :       printf ("\t ;; rot13 out:\n");
      92                 :          0 :       _shishi_escapeprint (out, len);
      93                 :          0 :       _shishi_hexprint (out, len);
      94                 :          0 :       _shishi_binprint (out, len);
      95                 :            :     }
      96                 :       9889 : }
      97                 :            : 
      98                 :            : static void
      99                 :       3389 : ocadd (char *add1, char *add2, char *sum, int len)
     100                 :            : {
     101                 :            :   int i;
     102                 :       3389 :   int carry = 0;
     103                 :            : 
     104         [ +  + ]:      55658 :   for (i = len - 1; i >= 0; i--)
     105                 :            :     {
     106                 :      52269 :       int tmpsum = (unsigned char) add1[i] + (unsigned char) add2[i];
     107                 :            : 
     108                 :      52269 :       sum[i] = (tmpsum + carry) & 0xFF;
     109         [ +  + ]:      52269 :       if (tmpsum + carry > 0xFF)
     110                 :       4460 :         carry = 1;
     111                 :            :       else
     112                 :      47809 :         carry = 0;
     113                 :            :     }
     114                 :            : 
     115         [ +  + ]:       3389 :   if (carry)
     116                 :            :     {
     117                 :         89 :       int done = 0;
     118                 :            : 
     119         [ +  - ]:         89 :       for (i = len - 1; i >= 0; i--)
     120         [ +  - ]:         89 :         if ((unsigned char) sum[i] != 0xFF)
     121                 :            :           {
     122                 :         89 :             sum[i]++;
     123                 :         89 :             done = 1;
     124                 :         89 :             break;
     125                 :            :           }
     126                 :            : 
     127         [ -  + ]:         89 :       if (!done)
     128                 :          0 :         memset (sum, 0, len);
     129                 :            :     }
     130                 :       3389 : }
     131                 :            : 
     132                 :            : static int
     133                 :        300 : simplified_hmac (Shishi * handle,
     134                 :            :                  Shishi_key * key,
     135                 :            :                  const char *in, size_t inlen,
     136                 :            :                  char **outhash, size_t * outhashlen)
     137                 :            : {
     138                 :        300 :   *outhashlen = shishi_checksum_cksumlen
     139                 :            :     (shishi_cipher_defaultcksumtype (shishi_key_type (key)));
     140                 :        300 :   return shishi_hmac_sha1 (handle, shishi_key_value (key),
     141                 :            :                            shishi_key_length (key), in, inlen, outhash);
     142                 :            : }
     143                 :            : 
     144                 :            : static int
     145                 :        150 : simplified_hmac_verify (Shishi * handle, Shishi_key * key,
     146                 :            :                         const char *in, size_t inlen,
     147                 :            :                         const char *hmac, size_t hmaclen)
     148                 :            : {
     149                 :            :   char *hash;
     150                 :            :   size_t hlen;
     151                 :            :   int same;
     152                 :            :   int res;
     153                 :            : 
     154                 :        150 :   res = simplified_hmac (handle, key, in, inlen, &hash, &hlen);
     155   [ +  -  -  + ]:        150 :   if (res != SHISHI_OK || hash == NULL)
     156                 :          0 :     return res;
     157                 :            : 
     158         [ -  + ]:        150 :   if (VERBOSECRYPTO (handle))
     159                 :            :     {
     160                 :          0 :       printf ("\t ;; HMAC verify:\n");
     161                 :          0 :       _shishi_escapeprint (hash, hlen);
     162                 :          0 :       _shishi_hexprint (hash, hlen);
     163                 :          0 :       _shishi_binprint (hash, hlen);
     164                 :          0 :       _shishi_escapeprint (hmac, hmaclen);
     165                 :          0 :       _shishi_hexprint (hmac, hmaclen);
     166                 :          0 :       _shishi_binprint (hmac, hmaclen);
     167                 :            :     }
     168                 :            : 
     169 [ +  - ][ +  - ]:        150 :   same = (hlen == hmaclen) && memcmp (hash, hmac, hmaclen) == 0;
     170                 :            : 
     171                 :        150 :   free (hash);
     172                 :            : 
     173         [ -  + ]:        150 :   if (!same)
     174                 :            :     {
     175                 :          0 :       shishi_error_printf (handle, "HMAC verify failed");
     176                 :          0 :       return SHISHI_CRYPTO_ERROR;
     177                 :            :     }
     178                 :            : 
     179                 :        150 :   return SHISHI_OK;
     180                 :            : }
     181                 :            : 
     182                 :            : int
     183                 :        616 : _shishi_simplified_derivekey (Shishi * handle,
     184                 :            :                               Shishi_key * key,
     185                 :            :                               int keyusage,
     186                 :            :                               int derivekeymode, Shishi_key ** outkey)
     187                 :            : {
     188                 :            :   char prfconstant[5];
     189                 :        616 :   int res = SHISHI_OK;
     190                 :            :   Shishi_key *derivedkey;
     191                 :            : 
     192         [ -  + ]:        616 :   if (VERBOSECRYPTO (handle))
     193                 :            :     {
     194                 :          0 :       printf ("simplified_derivekey\n");
     195   [ #  #  #  # ]:          0 :       printf ("\t ;; mode %d (%s)\n", derivekeymode,
                 [ #  # ]
     196                 :            :               derivekeymode == SHISHI_DERIVEKEYMODE_CHECKSUM ? "checksum" :
     197                 :            :               derivekeymode == SHISHI_DERIVEKEYMODE_INTEGRITY ? "integrity" :
     198                 :            :               derivekeymode == SHISHI_DERIVEKEYMODE_PRIVACY ? "privacy" :
     199                 :            :               "base-key");
     200                 :          0 :       _shishi_hexprint (shishi_key_value (key), shishi_key_length (key));
     201                 :            :     }
     202                 :            : 
     203                 :            : 
     204                 :        616 :   res = shishi_key_from_value (handle, shishi_key_type (key),
     205                 :            :                                NULL, &derivedkey);
     206         [ -  + ]:        616 :   if (res != SHISHI_OK)
     207                 :          0 :     return res;
     208                 :            : 
     209                 :        616 :   *outkey = derivedkey;
     210                 :            : 
     211         [ +  - ]:        616 :   if (keyusage)
     212                 :            :     {
     213                 :        616 :       uint32_t tmp = htonl (keyusage);
     214                 :        616 :       memcpy (prfconstant, &tmp, 4);
     215         [ -  + ]:        616 :       if (derivekeymode == SHISHI_DERIVEKEYMODE_CHECKSUM)
     216                 :          0 :         prfconstant[4] = '\x99';
     217         [ +  + ]:        616 :       else if (derivekeymode == SHISHI_DERIVEKEYMODE_INTEGRITY)
     218                 :        300 :         prfconstant[4] = '\x55';
     219                 :            :       else                      /* if (derivekeymode == SHISHI_DERIVEKEYMODE_PRIVACY) */
     220                 :        316 :         prfconstant[4] = '\xAA';
     221                 :            : 
     222                 :        616 :       res = shishi_dk (handle, key, prfconstant, 5, derivedkey);
     223                 :            :     }
     224                 :            :   else
     225                 :            :     {
     226                 :          0 :       shishi_key_copy (derivedkey, key);
     227                 :            :     }
     228                 :            : 
     229         [ -  + ]:        616 :   if (VERBOSECRYPTO (handle))
     230                 :            :     {
     231                 :          0 :       printf ("\t ;; simplified_derivekey out (%d):\n",
     232                 :            :               shishi_key_length (derivedkey));
     233                 :          0 :       _shishi_hexprint (shishi_key_value (derivedkey),
     234                 :          0 :                         shishi_key_length (derivedkey));
     235                 :            :     }
     236                 :            : 
     237                 :        616 :   return res;
     238                 :            : }
     239                 :            : 
     240                 :            : int
     241                 :       1470 : _shishi_simplified_dencrypt (Shishi * handle,
     242                 :            :                              Shishi_key * key,
     243                 :            :                              const char *iv, size_t ivlen,
     244                 :            :                              char **ivout, size_t * ivoutlen,
     245                 :            :                              const char *in, size_t inlen,
     246                 :            :                              char **out, size_t * outlen, int decryptp)
     247                 :            : {
     248                 :            :   int rc;
     249                 :            :   char *pt;
     250                 :            :   size_t ptlen;
     251                 :       1470 :   size_t padzerolen = 0;
     252                 :            : 
     253         [ +  + ]:       1470 :   if ((inlen % 8) != 0)
     254         [ +  + ]:       1260 :     while (((inlen + padzerolen) % 8) != 0)
     255                 :       1008 :       padzerolen++;
     256                 :            : 
     257                 :       1470 :   ptlen = inlen + padzerolen;
     258                 :            : 
     259         [ +  + ]:       1470 :   if (padzerolen)
     260                 :            :     {
     261                 :        252 :       pt = xmalloc (ptlen);
     262                 :        252 :       memcpy (pt, in, inlen);
     263                 :        252 :       memset (pt + inlen, 0, padzerolen);
     264                 :            :     }
     265                 :            :   else
     266                 :       1218 :     pt = (char *) in;
     267                 :            : 
     268   [ +  +  +  - ]:       1470 :   switch (shishi_key_type (key))
     269                 :            :     {
     270                 :            :     case SHISHI_DES_CBC_CRC:
     271                 :            :     case SHISHI_DES_CBC_MD4:
     272                 :            :     case SHISHI_DES_CBC_MD5:
     273                 :            :     case SHISHI_DES_CBC_NONE:
     274                 :         68 :       rc = shishi_des (handle, decryptp, shishi_key_value (key),
     275                 :            :                        iv, ivout, pt, ptlen, out);
     276         [ +  - ]:         68 :       if (ivoutlen)
     277                 :         68 :         *ivoutlen = 8;
     278         [ +  - ]:         68 :       if (outlen)
     279                 :         68 :         *outlen = ptlen;
     280                 :         68 :       break;
     281                 :            : 
     282                 :            :     case SHISHI_DES3_CBC_HMAC_SHA1_KD:
     283                 :            :     case SHISHI_DES3_CBC_NONE:
     284                 :        245 :       rc = shishi_3des (handle, decryptp, shishi_key_value (key),
     285                 :            :                         iv, ivout, pt, inlen + padzerolen, out);
     286         [ +  + ]:        245 :       if (ivoutlen)
     287                 :         32 :         *ivoutlen = 8;
     288         [ +  - ]:        245 :       if (outlen)
     289                 :        245 :         *outlen = ptlen;
     290                 :        245 :       break;
     291                 :            : 
     292                 :            :     case SHISHI_AES128_CTS_HMAC_SHA1_96:
     293                 :            :     case SHISHI_AES256_CTS_HMAC_SHA1_96:
     294                 :       1157 :       rc = shishi_aes_cts (handle, decryptp,
     295                 :            :                            shishi_key_value (key), shishi_key_length (key),
     296                 :            :                            iv, ivout, in, inlen, out);
     297         [ +  + ]:       1157 :       if (ivoutlen)
     298                 :        284 :         *ivoutlen = 16;
     299         [ +  - ]:       1157 :       if (outlen)
     300                 :       1157 :         *outlen = inlen;
     301                 :       1157 :       break;
     302                 :            : 
     303                 :            :     default:
     304                 :          0 :       rc = SHISHI_CRYPTO_ERROR;
     305                 :            :     }
     306                 :            : 
     307         [ +  + ]:       1470 :   if (padzerolen)
     308                 :        252 :     free (pt);
     309                 :            : 
     310                 :       1470 :   return rc;
     311                 :            : }
     312                 :            : 
     313                 :            : int
     314                 :       1222 : _shishi_simplified_encrypt (Shishi * handle,
     315                 :            :                             Shishi_key * key,
     316                 :            :                             int keyusage,
     317                 :            :                             const char *iv, size_t ivlen,
     318                 :            :                             char **ivout, size_t * ivoutlen,
     319                 :            :                             const char *in, size_t inlen,
     320                 :            :                             char **out, size_t * outlen)
     321                 :            : {
     322                 :            :   int res;
     323                 :       1222 :   int padzerolen = 0;
     324                 :            : 
     325 [ +  +  +  +  + :       4344 :   if ((shishi_key_type (key) == SHISHI_DES3_CBC_HMAC_SHA1_KD ||
                +  +  + ]
                 [ -  + ]
     326                 :       1049 :        shishi_key_type (key) == SHISHI_DES_CBC_CRC ||
     327                 :       1041 :        shishi_key_type (key) == SHISHI_DES_CBC_MD4 ||
     328                 :       1032 :        shishi_key_type (key) == SHISHI_DES_CBC_MD5) && (inlen % 8) != 0)
     329         [ #  # ]:          0 :     while (((inlen + padzerolen) % 8) != 0)
     330                 :          0 :       padzerolen++;
     331                 :            : 
     332         [ +  + ]:       1222 :   if (keyusage != 0)
     333                 :            :     {
     334                 :        150 :       char *pt = NULL, *ct = NULL, *hmac = NULL;
     335                 :        150 :       int blen = shishi_cipher_blocksize (shishi_key_type (key));
     336                 :            :       size_t ctlen, ptlen, hmaclen;
     337                 :        150 :       Shishi_key *privacykey = NULL, *integritykey = NULL;
     338                 :            : 
     339                 :        150 :       ptlen = inlen + blen + padzerolen;
     340                 :        150 :       pt = xmalloc (ptlen);
     341                 :            : 
     342                 :        150 :       res = shishi_randomize (handle, 0, pt, blen);
     343         [ -  + ]:        150 :       if (res != SHISHI_OK)
     344                 :          0 :         goto done;
     345                 :            : 
     346                 :        150 :       memcpy (pt + blen, in, inlen);
     347                 :        150 :       memset (pt + blen + inlen, 0, padzerolen);
     348                 :            : 
     349                 :        150 :       res = _shishi_simplified_derivekey (handle, key, keyusage,
     350                 :            :                                           SHISHI_DERIVEKEYMODE_PRIVACY,
     351                 :            :                                           &privacykey);
     352         [ -  + ]:        150 :       if (res != SHISHI_OK)
     353                 :          0 :         goto done;
     354                 :            : 
     355                 :        150 :       res = _shishi_simplified_dencrypt (handle, privacykey,
     356                 :            :                                          iv, ivlen, ivout,
     357                 :            :                                          ivoutlen, pt, ptlen, &ct, &ctlen, 0);
     358         [ -  + ]:        150 :       if (res != SHISHI_OK)
     359                 :          0 :         goto done;
     360                 :            : 
     361                 :            : 
     362                 :        150 :       res = _shishi_simplified_derivekey (handle, key, keyusage,
     363                 :            :                                           SHISHI_DERIVEKEYMODE_INTEGRITY,
     364                 :            :                                           &integritykey);
     365         [ -  + ]:        150 :       if (res != SHISHI_OK)
     366                 :          0 :         goto done;
     367                 :            : 
     368                 :        150 :       res = simplified_hmac (handle, integritykey, pt, ptlen,
     369                 :            :                              &hmac, &hmaclen);
     370         [ -  + ]:        150 :       if (res != SHISHI_OK)
     371                 :          0 :         goto done;
     372                 :            : 
     373                 :        150 :       *outlen = ctlen + hmaclen;
     374                 :        150 :       *out = xmalloc (*outlen);
     375                 :        150 :       memcpy (*out, ct, ctlen);
     376                 :        150 :       memcpy (*out + ctlen, hmac, hmaclen);
     377                 :            : 
     378                 :            :     done:
     379         [ +  - ]:        150 :       if (privacykey)
     380                 :        150 :         shishi_key_done (privacykey);
     381         [ +  - ]:        150 :       if (integritykey)
     382                 :        150 :         shishi_key_done (integritykey);
     383                 :        150 :       free (hmac);
     384                 :        150 :       free (ct);
     385                 :        150 :       free (pt);
     386                 :            :     }
     387                 :            :   else
     388                 :            :     {
     389                 :       1072 :       res = _shishi_simplified_dencrypt (handle, key, iv, ivlen,
     390                 :            :                                          ivout, ivoutlen,
     391                 :            :                                          in, inlen, out, outlen, 0);
     392                 :            :     }
     393                 :            : 
     394                 :       1222 :   return res;
     395                 :            : }
     396                 :            : 
     397                 :            : int
     398                 :        184 : _shishi_simplified_decrypt (Shishi * handle,
     399                 :            :                             Shishi_key * key,
     400                 :            :                             int keyusage,
     401                 :            :                             const char *iv, size_t ivlen,
     402                 :            :                             char **ivout, size_t * ivoutlen,
     403                 :            :                             const char *in, size_t inlen,
     404                 :            :                             char **out, size_t * outlen)
     405                 :            : {
     406                 :            :   int res;
     407                 :            : 
     408         [ +  + ]:        184 :   if (keyusage)
     409                 :            :     {
     410                 :        150 :       Shishi_key *privacykey = NULL, *integritykey = NULL;
     411                 :        150 :       int blen = shishi_cipher_blocksize (shishi_key_type (key));
     412                 :        150 :       size_t hlen = shishi_checksum_cksumlen
     413                 :        150 :         (shishi_cipher_defaultcksumtype (shishi_key_type (key)));
     414                 :            : 
     415                 :        150 :       res = _shishi_simplified_derivekey (handle, key, keyusage,
     416                 :            :                                           SHISHI_DERIVEKEYMODE_PRIVACY,
     417                 :            :                                           &privacykey);
     418         [ -  + ]:        150 :       if (res != SHISHI_OK)
     419                 :          0 :         goto done;
     420                 :            : 
     421                 :        150 :       res = _shishi_simplified_dencrypt (handle, privacykey,
     422                 :            :                                          iv, ivlen, ivout, ivoutlen,
     423                 :            :                                          in, inlen - hlen, out, outlen, 1);
     424         [ -  + ]:        150 :       if (res != SHISHI_OK)
     425                 :          0 :         goto done;
     426                 :            : 
     427                 :        150 :       res = _shishi_simplified_derivekey (handle, key, keyusage,
     428                 :            :                                           SHISHI_DERIVEKEYMODE_INTEGRITY,
     429                 :            :                                           &integritykey);
     430         [ -  + ]:        150 :       if (res != SHISHI_OK)
     431                 :          0 :         goto done;
     432                 :            : 
     433                 :        150 :       res = simplified_hmac_verify (handle, integritykey, *out, *outlen,
     434                 :            :                                     in + inlen - hlen, hlen);
     435                 :            : 
     436         [ -  + ]:        150 :       if (res != SHISHI_OK)
     437                 :          0 :         goto done;
     438                 :            : 
     439                 :        150 :       memmove (*out, *out + blen, *outlen - blen);
     440                 :        150 :       *outlen = *outlen - blen;
     441                 :        150 :       *out = xrealloc (*out, *outlen);
     442                 :            : 
     443                 :            :     done:
     444         [ +  - ]:        150 :       if (privacykey)
     445                 :        150 :         shishi_key_done (privacykey);
     446         [ +  - ]:        150 :       if (integritykey)
     447                 :        150 :         shishi_key_done (integritykey);
     448                 :            :     }
     449                 :            :   else
     450                 :            :     {
     451                 :         34 :       res = _shishi_simplified_dencrypt (handle, key, iv, ivlen,
     452                 :            :                                          ivout, ivoutlen,
     453                 :            :                                          in, inlen, out, outlen, 1);
     454                 :            :     }
     455                 :            : 
     456                 :        184 :   return res;
     457                 :            : }
     458                 :            : 
     459                 :            : int
     460                 :          0 : _shishi_simplified_checksum (Shishi * handle,
     461                 :            :                              Shishi_key * key,
     462                 :            :                              int keyusage,
     463                 :            :                              int cksumtype,
     464                 :            :                              const char *in, size_t inlen,
     465                 :            :                              char **out, size_t * outlen)
     466                 :            : {
     467                 :            :   Shishi_key *checksumkey;
     468                 :          0 :   int cksumlen = shishi_checksum_cksumlen (cksumtype);
     469                 :            :   int res;
     470                 :            : 
     471                 :          0 :   res = _shishi_simplified_derivekey (handle, key, keyusage,
     472                 :            :                                       SHISHI_DERIVEKEYMODE_CHECKSUM,
     473                 :            :                                       &checksumkey);
     474         [ #  # ]:          0 :   if (res != SHISHI_OK)
     475                 :          0 :     return res;
     476                 :            : 
     477                 :          0 :   res = simplified_hmac (handle, checksumkey, in, inlen, out, outlen);
     478                 :            : 
     479                 :          0 :   shishi_key_done (checksumkey);
     480                 :            : 
     481         [ #  # ]:          0 :   if (res != SHISHI_OK)
     482                 :          0 :     return res;
     483                 :            : 
     484                 :          0 :   *outlen = cksumlen;
     485                 :            : 
     486                 :          0 :   return SHISHI_OK;
     487                 :            : }
     488                 :            : 
     489                 :            : static cipherinfo *ciphers[] = {
     490                 :            : #if WITH_NULL
     491                 :            :   &null_info,
     492                 :            : #endif
     493                 :            : #if WITH_DES
     494                 :            :   &des_cbc_crc_info,
     495                 :            :   &des_cbc_md4_info,
     496                 :            :   &des_cbc_md5_info,
     497                 :            :   &des_cbc_none_info,
     498                 :            : #endif
     499                 :            : #if WITH_3DES
     500                 :            :   &des3_cbc_none_info,
     501                 :            :   &des3_cbc_sha1_kd_info,
     502                 :            : #endif
     503                 :            : #if WITH_AES
     504                 :            :   &aes128_cts_hmac_sha1_96_info,
     505                 :            :   &aes256_cts_hmac_sha1_96_info,
     506                 :            : #endif
     507                 :            : #if WITH_ARCFOUR
     508                 :            :   &arcfour_hmac_info,
     509                 :            :   &arcfour_hmac_exp_info
     510                 :            : #endif
     511                 :            : };
     512                 :            : 
     513                 :            : /**
     514                 :            :  * shishi_cipher_supported_p:
     515                 :            :  * @type: encryption type, see Shishi_etype.
     516                 :            :  *
     517                 :            :  * Find out if cipher is supported.
     518                 :            :  *
     519                 :            :  * Return value: Return 0 iff cipher is unsupported.
     520                 :            :  **/
     521                 :            : int
     522                 :          0 : shishi_cipher_supported_p (int32_t type)
     523                 :            : {
     524                 :            :   size_t i;
     525                 :            : 
     526         [ #  # ]:          0 :   for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
     527         [ #  # ]:          0 :     if (type == ciphers[i]->type)
     528                 :          0 :       return 1;
     529                 :            : 
     530                 :          0 :   return 0;
     531                 :            : }
     532                 :            : 
     533                 :            : /**
     534                 :            :  * shishi_cipher_name:
     535                 :            :  * @type: encryption type, see Shishi_etype.
     536                 :            :  *
     537                 :            :  * Read humanly readable string for cipher.
     538                 :            :  *
     539                 :            :  * Return value: Return name of encryption type,
     540                 :            :  * e.g. "des3-cbc-sha1-kd", as defined in the standards.
     541                 :            :  **/
     542                 :            : const char *
     543                 :         32 : shishi_cipher_name (int32_t type)
     544                 :            : {
     545                 :            :   size_t i;
     546                 :            :   char *p;
     547                 :            : 
     548         [ +  - ]:        212 :   for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
     549                 :            :     {
     550         [ +  + ]:        212 :       if (type == ciphers[i]->type)
     551                 :         32 :         return ciphers[i]->name;
     552                 :            :     }
     553                 :            : 
     554                 :          0 :   asprintf (&p, "unknown cipher %d", type);
     555                 :         32 :   return p;
     556                 :            : }
     557                 :            : 
     558                 :            : /**
     559                 :            :  * shishi_cipher_blocksize:
     560                 :            :  * @type: encryption type, see Shishi_etype.
     561                 :            :  *
     562                 :            :  * Get block size for cipher.
     563                 :            :  *
     564                 :            :  * Return value: Return block size for encryption type, as defined in
     565                 :            :  * the standards.
     566                 :            :  **/
     567                 :            : int
     568                 :        963 : shishi_cipher_blocksize (int32_t type)
     569                 :            : {
     570                 :            :   size_t i;
     571                 :            : 
     572         [ +  - ]:       8019 :   for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
     573         [ +  + ]:       8019 :     if (type == ciphers[i]->type)
     574                 :        963 :       return ciphers[i]->blocksize;
     575                 :            : 
     576                 :        963 :   return -1;
     577                 :            : }
     578                 :            : 
     579                 :            : /**
     580                 :            :  * shishi_cipher_confoundersize:
     581                 :            :  * @type: encryption type, see Shishi_etype.
     582                 :            :  *
     583                 :            :  * Get length of confounder for cipher.
     584                 :            :  *
     585                 :            :  * Return value: Returns the size of the confounder (random data) for
     586                 :            :  * encryption type, as defined in the standards, or (size_t)-1 on
     587                 :            :  * error (e.g., unsupported encryption type).
     588                 :            :  **/
     589                 :            : int
     590                 :          0 : shishi_cipher_confoundersize (int32_t type)
     591                 :            : {
     592                 :            :   size_t i;
     593                 :            : 
     594         [ #  # ]:          0 :   for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
     595         [ #  # ]:          0 :     if (type == ciphers[i]->type)
     596                 :          0 :       return ciphers[i]->confoundersize;
     597                 :            : 
     598                 :          0 :   return -1;
     599                 :            : }
     600                 :            : 
     601                 :            : /**
     602                 :            :  * shishi_cipher_keylen:
     603                 :            :  * @type: encryption type, see Shishi_etype.
     604                 :            :  *
     605                 :            :  * Get key length for cipher.
     606                 :            :  *
     607                 :            :  * Return value: Return length of key used for the encryption type, as
     608                 :            :  * defined in the standards.
     609                 :            :  **/
     610                 :            : size_t
     611                 :       5882 : shishi_cipher_keylen (int32_t type)
     612                 :            : {
     613                 :            :   size_t i;
     614                 :            : 
     615         [ +  - ]:      49469 :   for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
     616         [ +  + ]:      49469 :     if (type == ciphers[i]->type)
     617                 :       5882 :       return ciphers[i]->keylen;
     618                 :            : 
     619                 :       5882 :   return -1;
     620                 :            : }
     621                 :            : 
     622                 :            : /**
     623                 :            :  * shishi_cipher_randomlen:
     624                 :            :  * @type: encryption type, see Shishi_etype.
     625                 :            :  *
     626                 :            :  * Get length of random data for cipher.
     627                 :            :  *
     628                 :            :  * Return value: Return length of random used for the encryption type,
     629                 :            :  * as defined in the standards, or (size_t)-1 on error (e.g.,
     630                 :            :  * unsupported encryption type).
     631                 :            :  **/
     632                 :            : size_t
     633                 :         10 : shishi_cipher_randomlen (int32_t type)
     634                 :            : {
     635                 :            :   size_t i;
     636                 :            : 
     637         [ +  - ]:         65 :   for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
     638         [ +  + ]:         65 :     if (type == ciphers[i]->type)
     639                 :         10 :       return ciphers[i]->randomlen;
     640                 :            : 
     641                 :         10 :   return -1;
     642                 :            : }
     643                 :            : 
     644                 :            : /**
     645                 :            :  * shishi_cipher_defaultcksumtype:
     646                 :            :  * @type: encryption type, see Shishi_etype.
     647                 :            :  *
     648                 :            :  * Get the default checksum associated with cipher.
     649                 :            :  *
     650                 :            :  * Return value: Return associated checksum mechanism for the
     651                 :            :  * encryption type, as defined in the standards.
     652                 :            :  **/
     653                 :            : int
     654                 :        450 : shishi_cipher_defaultcksumtype (int32_t type)
     655                 :            : {
     656                 :            :   size_t i;
     657                 :            : 
     658         [ +  - ]:       3789 :   for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
     659         [ +  + ]:       3789 :     if (type == ciphers[i]->type)
     660                 :        450 :       return ciphers[i]->defaultcksumtype;
     661                 :            : 
     662                 :        450 :   return -1;
     663                 :            : }
     664                 :            : 
     665                 :            : struct Cipher_aliases
     666                 :            : {
     667                 :            :   const char *name;
     668                 :            :   int type;
     669                 :            : };
     670                 :            : 
     671                 :            : static struct Cipher_aliases cipher_aliases[] = {
     672                 :            :   {"des-crc", SHISHI_DES_CBC_CRC},
     673                 :            :   {"des-md4", SHISHI_DES_CBC_MD4},
     674                 :            :   {"des-md5", SHISHI_DES_CBC_MD5},
     675                 :            :   {"des", SHISHI_DES_CBC_MD5},
     676                 :            :   {"des3", SHISHI_DES3_CBC_HMAC_SHA1_KD},
     677                 :            :   {"3des", SHISHI_DES3_CBC_HMAC_SHA1_KD},
     678                 :            :   {"aes128", SHISHI_AES128_CTS_HMAC_SHA1_96},
     679                 :            :   {"aes256", SHISHI_AES256_CTS_HMAC_SHA1_96},
     680                 :            :   {"aes", SHISHI_AES256_CTS_HMAC_SHA1_96},
     681                 :            :   {"arcfour", SHISHI_ARCFOUR_HMAC}
     682                 :            : };
     683                 :            : 
     684                 :            : /**
     685                 :            :  * shishi_cipher_parse:
     686                 :            :  * @cipher: name of encryption type, e.g. "des3-cbc-sha1-kd".
     687                 :            :  *
     688                 :            :  * Get cipher number by parsing string.
     689                 :            :  *
     690                 :            :  * Return value: Return encryption type corresponding to a string.
     691                 :            :  **/
     692                 :            : int
     693                 :          1 : shishi_cipher_parse (const char *cipher)
     694                 :            : {
     695                 :            :   size_t i;
     696                 :            :   char *endptr;
     697                 :            : 
     698                 :          1 :   i = strtol (cipher, &endptr, 0);
     699                 :            : 
     700   [ +  -  -  + ]:          1 :   if (*cipher && *endptr == '\0')
     701                 :          0 :     return i;
     702                 :            : 
     703         [ +  + ]:         12 :   for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
     704         [ -  + ]:         11 :     if (strcasecmp (cipher, ciphers[i]->name) == 0)
     705                 :          0 :       return ciphers[i]->type;
     706                 :            : 
     707         [ +  - ]:          6 :   for (i = 0; i < sizeof (cipher_aliases) / sizeof (cipher_aliases[0]); i++)
     708         [ +  + ]:          6 :     if (strcasecmp (cipher, cipher_aliases[i].name) == 0)
     709                 :          1 :       return cipher_aliases[i].type;
     710                 :            : 
     711                 :          1 :   return -1;
     712                 :            : }
     713                 :            : 
     714                 :            : static Shishi_random_to_key_function
     715                 :        654 : _shishi_cipher_random_to_key (int32_t type)
     716                 :            : {
     717                 :            :   size_t i;
     718                 :            : 
     719         [ +  - ]:       5430 :   for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
     720         [ +  + ]:       5430 :     if (type == ciphers[i]->type)
     721                 :        654 :       return ciphers[i]->random2key;
     722                 :            : 
     723                 :        654 :   return NULL;
     724                 :            : }
     725                 :            : 
     726                 :            : static Shishi_string_to_key_function
     727                 :         26 : _shishi_cipher_string_to_key (int32_t type)
     728                 :            : {
     729                 :            :   size_t i;
     730                 :            : 
     731         [ +  - ]:        188 :   for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
     732         [ +  + ]:        188 :     if (type == ciphers[i]->type)
     733                 :         26 :       return ciphers[i]->string2key;
     734                 :            : 
     735                 :         26 :   return NULL;
     736                 :            : }
     737                 :            : 
     738                 :            : static Shishi_encrypt_function
     739                 :       1422 : _shishi_cipher_encrypt (int32_t type)
     740                 :            : {
     741                 :            :   size_t i;
     742                 :            : 
     743         [ +  - ]:      11951 :   for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
     744         [ +  + ]:      11951 :     if (type == ciphers[i]->type)
     745                 :       1422 :       return ciphers[i]->encrypt;
     746                 :            : 
     747                 :       1422 :   return NULL;
     748                 :            : }
     749                 :            : 
     750                 :            : static Shishi_decrypt_function
     751                 :        336 : _shishi_cipher_decrypt (int32_t type)
     752                 :            : {
     753                 :            :   size_t i;
     754                 :            : 
     755         [ +  - ]:       2942 :   for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
     756         [ +  + ]:       2942 :     if (type == ciphers[i]->type)
     757                 :        336 :       return ciphers[i]->decrypt;
     758                 :            : 
     759                 :        336 :   return NULL;
     760                 :            : }
     761                 :            : 
     762                 :            : static checksuminfo *checksums[] = {
     763                 :            : #if WITH_DES
     764                 :            :   &crc32_info,
     765                 :            : #endif
     766                 :            : #if WITH_MD
     767                 :            :   &md4_info,
     768                 :            : #endif
     769                 :            : #if WITH_DES
     770                 :            :   &md4_des_info,
     771                 :            : #endif
     772                 :            : #if WITH_MD
     773                 :            :   &md5_info,
     774                 :            : #endif
     775                 :            : #if WITH_DES
     776                 :            :   &md5_des_info,
     777                 :            :   &md5_gss_info,
     778                 :            : #endif
     779                 :            : #if WITH_3DES
     780                 :            :   &hmac_sha1_des3_kd_info,
     781                 :            : #endif
     782                 :            : #if WITH_AES
     783                 :            :   &hmac_sha1_96_aes128_info,
     784                 :            :   &hmac_sha1_96_aes256_info,
     785                 :            : #endif
     786                 :            : #if WITH_ARCFOUR
     787                 :            :   &arcfour_hmac_md5_info
     788                 :            : #endif
     789                 :            : };
     790                 :            : 
     791                 :            : /**
     792                 :            :  * shishi_checksum_supported_p:
     793                 :            :  * @type: checksum type, see Shishi_cksumtype.
     794                 :            :  *
     795                 :            :  * Find out whether checksum is supported.
     796                 :            :  *
     797                 :            :  * Return value: Return 0 iff checksum is unsupported.
     798                 :            :  **/
     799                 :            : int
     800                 :          0 : shishi_checksum_supported_p (int32_t type)
     801                 :            : {
     802                 :            :   size_t i;
     803                 :            : 
     804         [ #  # ]:          0 :   for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
     805         [ #  # ]:          0 :     if (type == checksums[i]->type)
     806                 :          0 :       return 1;
     807                 :            : 
     808                 :          0 :   return 0;
     809                 :            : }
     810                 :            : 
     811                 :            : /**
     812                 :            :  * shishi_checksum_name:
     813                 :            :  * @type: checksum type, see Shishi_cksumtype.
     814                 :            :  *
     815                 :            :  * Get name of checksum.
     816                 :            :  *
     817                 :            :  * Return value: Return name of checksum type,
     818                 :            :  * e.g. "hmac-sha1-96-aes256", as defined in the standards.
     819                 :            :  **/
     820                 :            : const char *
     821                 :          0 : shishi_checksum_name (int32_t type)
     822                 :            : {
     823                 :            :   size_t i;
     824                 :            :   char *p;
     825                 :            : 
     826         [ #  # ]:          0 :   for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
     827                 :            :     {
     828         [ #  # ]:          0 :       if (type == checksums[i]->type)
     829                 :          0 :         return checksums[i]->name;
     830                 :            :     }
     831                 :            : 
     832                 :          0 :   asprintf (&p, "unknown checksum %d", type);
     833                 :          0 :   return p;
     834                 :            : }
     835                 :            : 
     836                 :            : /**
     837                 :            :  * shishi_checksum_cksumlen:
     838                 :            :  * @type: checksum type, see Shishi_cksumtype.
     839                 :            :  *
     840                 :            :  * Get length of checksum output.
     841                 :            :  *
     842                 :            :  * Return value: Return length of checksum used for the checksum type,
     843                 :            :  * as defined in the standards.
     844                 :            :  **/
     845                 :            : size_t
     846                 :        450 : shishi_checksum_cksumlen (int32_t type)
     847                 :            : {
     848                 :            :   size_t i;
     849                 :            : 
     850         [ +  - ]:       3789 :   for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
     851         [ +  + ]:       3789 :     if (type == checksums[i]->type)
     852                 :        450 :       return checksums[i]->cksumlen;
     853                 :            : 
     854                 :        450 :   return -1;
     855                 :            : }
     856                 :            : 
     857                 :            : /**
     858                 :            :  * shishi_checksum_parse:
     859                 :            :  * @checksum: name of checksum type, e.g. "hmac-sha1-96-aes256".
     860                 :            :  *
     861                 :            :  * Get checksum number by parsing a string.
     862                 :            :  *
     863                 :            :  * Return value: Return checksum type, see Shishi_cksumtype,
     864                 :            :  * corresponding to a string.
     865                 :            :  **/
     866                 :            : int
     867                 :          0 : shishi_checksum_parse (const char *checksum)
     868                 :            : {
     869                 :            :   size_t i;
     870                 :            :   char *endptr;
     871                 :            : 
     872                 :          0 :   i = strtol (checksum, &endptr, 0);
     873                 :            : 
     874         [ #  # ]:          0 :   if (endptr != checksum)
     875                 :          0 :     return i;
     876                 :            : 
     877         [ #  # ]:          0 :   for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
     878         [ #  # ]:          0 :     if (strcasecmp (checksum, checksums[i]->name) == 0)
     879                 :          0 :       return checksums[i]->type;
     880                 :            : 
     881                 :          0 :   return -1;
     882                 :            : }
     883                 :            : 
     884                 :            : static Shishi_checksum_function
     885                 :          0 : _shishi_checksum (int32_t type)
     886                 :            : {
     887                 :            :   size_t i;
     888                 :            : 
     889         [ #  # ]:          0 :   for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
     890         [ #  # ]:          0 :     if (type == checksums[i]->type)
     891                 :          0 :       return checksums[i]->checksum;
     892                 :            : 
     893                 :          0 :   return NULL;
     894                 :            : }
     895                 :            : 
     896                 :            : static Shishi_verify_function
     897                 :          2 : _shishi_verify (int32_t type)
     898                 :            : {
     899                 :            :   size_t i;
     900                 :            : 
     901         [ +  + ]:         16 :   for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
     902         [ +  + ]:         15 :     if (type == checksums[i]->type)
     903                 :          1 :       return checksums[i]->verify;
     904                 :            : 
     905                 :          2 :   return NULL;
     906                 :            : }
     907                 :            : 
     908                 :            : /**
     909                 :            :  * shishi_string_to_key:
     910                 :            :  * @handle: shishi handle as allocated by shishi_init().
     911                 :            :  * @keytype: cryptographic encryption type, see Shishi_etype.
     912                 :            :  * @password: input array with password.
     913                 :            :  * @passwordlen: length of input array with password.
     914                 :            :  * @salt: input array with salt.
     915                 :            :  * @saltlen: length of input array with salt.
     916                 :            :  * @parameter: input array with opaque encryption type specific information.
     917                 :            :  * @outkey: allocated key handle that will contain new key.
     918                 :            :  *
     919                 :            :  * Derive key from a string (password) and salt (commonly
     920                 :            :  * concatenation of realm and principal) for specified key type, and
     921                 :            :  * set the type and value in the given key to the computed values.
     922                 :            :  * The parameter value is specific for each keytype, and can be set if
     923                 :            :  * the parameter information is not available.
     924                 :            :  *
     925                 :            :  * Return value: Returns %SHISHI_OK iff successful.
     926                 :            :  **/
     927                 :            : int
     928                 :         26 : shishi_string_to_key (Shishi * handle,
     929                 :            :                       int32_t keytype,
     930                 :            :                       const char *password, size_t passwordlen,
     931                 :            :                       const char *salt, size_t saltlen,
     932                 :            :                       const char *parameter, Shishi_key * outkey)
     933                 :            : {
     934                 :            :   Shishi_string_to_key_function string2key;
     935                 :            :   int res;
     936                 :            : 
     937                 :         26 :   shishi_key_type_set (outkey, keytype);
     938                 :            : 
     939         [ -  + ]:         26 :   if (VERBOSECRYPTO (handle))
     940                 :            :     {
     941                 :          0 :       printf ("string_to_key (%s, password, salt)\n",
     942                 :            :               shishi_key_name (outkey));
     943                 :          0 :       printf ("\t ;; password:\n");
     944                 :          0 :       _shishi_escapeprint (password, passwordlen);
     945                 :          0 :       _shishi_hexprint (password, passwordlen);
     946                 :          0 :       printf ("\t ;; salt:\n");
     947                 :          0 :       _shishi_escapeprint (salt, saltlen);
     948                 :          0 :       _shishi_hexprint (salt, saltlen);
     949                 :            :     }
     950                 :            : 
     951                 :         26 :   string2key = _shishi_cipher_string_to_key (shishi_key_type (outkey));
     952         [ -  + ]:         26 :   if (string2key == NULL)
     953                 :            :     {
     954                 :          0 :       shishi_error_printf (handle, "Unsupported keytype %d",
     955                 :            :                            shishi_key_type (outkey));
     956                 :          0 :       return SHISHI_CRYPTO_ERROR;
     957                 :            :     }
     958                 :            : 
     959                 :         26 :   res = (*string2key) (handle, password, passwordlen,
     960                 :            :                        salt, saltlen, parameter, outkey);
     961                 :            : 
     962         [ -  + ]:         26 :   if (VERBOSECRYPTO (handle))
     963                 :            :     {
     964                 :          0 :       printf ("\t ;; string_to_key key:\n");
     965                 :          0 :       _shishi_hexprint (shishi_key_value (outkey),
     966                 :          0 :                         shishi_key_length (outkey));
     967                 :          0 :       _shishi_binprint (shishi_key_value (outkey),
     968                 :          0 :                         shishi_key_length (outkey));
     969                 :            :     }
     970                 :            : 
     971                 :         26 :   return res;
     972                 :            : }
     973                 :            : 
     974                 :            : /**
     975                 :            :  * shishi_random_to_key:
     976                 :            :  * @handle: shishi handle as allocated by shishi_init().
     977                 :            :  * @keytype: cryptographic encryption type, see Shishi_etype.
     978                 :            :  * @rnd: input array with random data.
     979                 :            :  * @rndlen: length of input array with random data.
     980                 :            :  * @outkey: allocated key handle that will contain new key.
     981                 :            :  *
     982                 :            :  * Derive key from random data for specified key type, and set the
     983                 :            :  * type and value in the given key to the computed values.
     984                 :            :  *
     985                 :            :  * Return value: Returns %SHISHI_OK iff successful.
     986                 :            :  **/
     987                 :            : int
     988                 :        654 : shishi_random_to_key (Shishi * handle,
     989                 :            :                       int32_t keytype,
     990                 :            :                       const char *rnd, size_t rndlen, Shishi_key * outkey)
     991                 :            : {
     992                 :            :   Shishi_random_to_key_function random2key;
     993                 :            :   int res;
     994                 :            : 
     995                 :        654 :   shishi_key_type_set (outkey, keytype);
     996                 :            : 
     997         [ -  + ]:        654 :   if (VERBOSECRYPTO (handle))
     998                 :            :     {
     999                 :          0 :       printf ("random_to_key (%s, random)\n", shishi_key_name (outkey));
    1000                 :          0 :       printf ("\t ;; random:\n");
    1001                 :          0 :       _shishi_hexprint (rnd, rndlen);
    1002                 :          0 :       _shishi_binprint (rnd, rndlen);
    1003                 :            :     }
    1004                 :            : 
    1005                 :        654 :   random2key = _shishi_cipher_random_to_key (keytype);
    1006         [ -  + ]:        654 :   if (random2key == NULL)
    1007                 :            :     {
    1008                 :          0 :       shishi_error_printf (handle, "Unsupported random_to_key() ekeytype %d",
    1009                 :            :                            keytype);
    1010                 :          0 :       return SHISHI_CRYPTO_ERROR;
    1011                 :            :     }
    1012                 :            : 
    1013                 :        654 :   res = (*random2key) (handle, rnd, rndlen, outkey);
    1014                 :            : 
    1015         [ -  + ]:        654 :   if (VERBOSECRYPTO (handle))
    1016                 :            :     {
    1017                 :          0 :       printf ("\t ;; random_to_key key:\n");
    1018                 :          0 :       _shishi_hexprint (shishi_key_value (outkey),
    1019                 :          0 :                         shishi_key_length (outkey));
    1020                 :          0 :       _shishi_binprint (shishi_key_value (outkey),
    1021                 :          0 :                         shishi_key_length (outkey));
    1022                 :            :     }
    1023                 :            : 
    1024                 :        654 :   return res;
    1025                 :            : }
    1026                 :            : 
    1027                 :            : /**
    1028                 :            :  * shishi_checksum:
    1029                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1030                 :            :  * @key: key to compute checksum with.
    1031                 :            :  * @keyusage: integer specifying what this key is used for.
    1032                 :            :  * @cksumtype: the checksum algorithm to use.
    1033                 :            :  * @in: input array with data to integrity protect.
    1034                 :            :  * @inlen: size of input array with data to integrity protect.
    1035                 :            :  * @out: output array with newly allocated integrity protected data.
    1036                 :            :  * @outlen: output variable with length of output array with checksum.
    1037                 :            :  *
    1038                 :            :  * Integrity protect data using key, possibly altered by supplied key
    1039                 :            :  * usage.  If key usage is 0, no key derivation is used.  The OUT
    1040                 :            :  * buffer must be deallocated by the caller.
    1041                 :            :  *
    1042                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1043                 :            :  **/
    1044                 :            : int
    1045                 :          0 : shishi_checksum (Shishi * handle,
    1046                 :            :                  Shishi_key * key,
    1047                 :            :                  int keyusage,
    1048                 :            :                  int cksumtype,
    1049                 :            :                  const char *in, size_t inlen, char **out, size_t * outlen)
    1050                 :            : {
    1051                 :            :   Shishi_checksum_function checksum;
    1052                 :            :   int res;
    1053                 :            : 
    1054         [ #  # ]:          0 :   if (VERBOSECRYPTO (handle))
    1055                 :            :     {
    1056                 :          0 :       printf ("checksum (%s, %d, in, out)\n",
    1057                 :            :               shishi_key_name (key), cksumtype);
    1058                 :          0 :       printf ("\t ;; key (%d):\n", shishi_key_length (key));
    1059                 :          0 :       _shishi_hexprint (shishi_key_value (key), shishi_key_length (key));
    1060                 :          0 :       printf ("\t ;; in:\n");
    1061                 :          0 :       _shishi_escapeprint (in, inlen);
    1062                 :          0 :       _shishi_hexprint (in, inlen);
    1063                 :            :     }
    1064                 :            : 
    1065         [ #  # ]:          0 :   if (cksumtype == 0)
    1066                 :          0 :     cksumtype = shishi_cipher_defaultcksumtype (shishi_key_type (key));
    1067                 :            : 
    1068                 :          0 :   checksum = _shishi_checksum (cksumtype);
    1069         [ #  # ]:          0 :   if (checksum == NULL)
    1070                 :            :     {
    1071                 :          0 :       shishi_error_printf (handle, "Unsupported checksum type %d", cksumtype);
    1072                 :          0 :       return SHISHI_CRYPTO_ERROR;
    1073                 :            :     }
    1074                 :            : 
    1075                 :            :   /* XXX? check if etype and cksumtype are compatible? */
    1076                 :            : 
    1077                 :          0 :   res = (*checksum) (handle, key, keyusage, cksumtype,
    1078                 :            :                      in, inlen, out, outlen);
    1079                 :            : 
    1080         [ #  # ]:          0 :   if (VERBOSECRYPTO (handle))
    1081                 :            :     {
    1082                 :          0 :       printf ("\t ;; checksum out:\n");
    1083                 :          0 :       _shishi_escapeprint (*out, *outlen);
    1084                 :          0 :       _shishi_hexprint (*out, *outlen);
    1085                 :            :     }
    1086                 :            : 
    1087                 :          0 :   return res;
    1088                 :            : }
    1089                 :            : 
    1090                 :            : /**
    1091                 :            :  * shishi_verify:
    1092                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1093                 :            :  * @key: key to verify checksum with.
    1094                 :            :  * @keyusage: integer specifying what this key is used for.
    1095                 :            :  * @cksumtype: the checksum algorithm to use.
    1096                 :            :  * @in: input array with data that was integrity protected.
    1097                 :            :  * @inlen: size of input array with data that was integrity protected.
    1098                 :            :  * @cksum: input array with alleged checksum of data.
    1099                 :            :  * @cksumlen: size of input array with alleged checksum of data.
    1100                 :            :  *
    1101                 :            :  * Verify checksum of data using key, possibly altered by supplied key
    1102                 :            :  * usage.  If key usage is 0, no key derivation is used.
    1103                 :            :  *
    1104                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1105                 :            :  **/
    1106                 :            : int
    1107                 :          2 : shishi_verify (Shishi * handle,
    1108                 :            :                Shishi_key * key,
    1109                 :            :                int keyusage,
    1110                 :            :                int cksumtype,
    1111                 :            :                const char *in, size_t inlen,
    1112                 :            :                const char *cksum, size_t cksumlen)
    1113                 :            : {
    1114                 :            :   Shishi_verify_function verify;
    1115                 :            :   int res;
    1116                 :            : 
    1117         [ -  + ]:          2 :   if (VERBOSECRYPTO (handle))
    1118                 :            :     {
    1119                 :          0 :       printf ("verify (%s, %d, in, out)\n", shishi_key_name (key), cksumtype);
    1120                 :          0 :       printf ("\t ;; key (%d):\n", shishi_key_length (key));
    1121                 :          0 :       _shishi_hexprint (shishi_key_value (key), shishi_key_length (key));
    1122                 :          0 :       printf ("\t ;; data:\n");
    1123                 :          0 :       _shishi_escapeprint (in, inlen);
    1124                 :          0 :       _shishi_hexprint (in, inlen);
    1125                 :          0 :       printf ("\t ;; mic:\n");
    1126                 :          0 :       _shishi_escapeprint (cksum, cksumlen);
    1127                 :          0 :       _shishi_hexprint (cksum, cksumlen);
    1128                 :            :     }
    1129                 :            : 
    1130         [ -  + ]:          2 :   if (cksumtype == 0)
    1131                 :          0 :     cksumtype = shishi_cipher_defaultcksumtype (shishi_key_type (key));
    1132                 :            : 
    1133                 :          2 :   verify = _shishi_verify (cksumtype);
    1134         [ +  + ]:          2 :   if (verify == NULL)
    1135                 :            :     {
    1136                 :          1 :       shishi_error_printf (handle, "Unsupported checksum type %d", cksumtype);
    1137                 :          1 :       return SHISHI_CRYPTO_ERROR;
    1138                 :            :     }
    1139                 :            : 
    1140                 :            :   /* XXX? check if etype and cksumtype are compatible? */
    1141                 :            : 
    1142                 :          1 :   res = (*verify) (handle, key, keyusage, cksumtype,
    1143                 :            :                    in, inlen, cksum, cksumlen);
    1144                 :            : 
    1145         [ -  + ]:          1 :   if (VERBOSECRYPTO (handle))
    1146                 :          0 :     printf ("\t ;; verify return: %d\n", res);
    1147                 :            : 
    1148                 :          2 :   return res;
    1149                 :            : }
    1150                 :            : 
    1151                 :            : /**
    1152                 :            :  * shishi_encrypt_ivupdate_etype:
    1153                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1154                 :            :  * @key: key to encrypt with.
    1155                 :            :  * @keyusage: integer specifying what this key is encrypting.
    1156                 :            :  * @etype: integer specifying what cipher to use.
    1157                 :            :  * @iv: input array with initialization vector
    1158                 :            :  * @ivlen: size of input array with initialization vector.
    1159                 :            :  * @ivout: output array with newly allocated updated initialization vector.
    1160                 :            :  * @ivoutlen: size of output array with updated initialization vector.
    1161                 :            :  * @in: input array with data to encrypt.
    1162                 :            :  * @inlen: size of input array with data to encrypt.
    1163                 :            :  * @out: output array with newly allocated encrypted data.
    1164                 :            :  * @outlen: output variable with size of newly allocated output array.
    1165                 :            :  *
    1166                 :            :  * Encrypts data as per encryption method using specified
    1167                 :            :  * initialization vector and key.  The key actually used is derived
    1168                 :            :  * using the key usage.  If key usage is 0, no key derivation is used.
    1169                 :            :  * The OUT buffer must be deallocated by the caller.  If IVOUT or
    1170                 :            :  * IVOUTLEN is NULL, the updated IV is not saved anywhere.
    1171                 :            :  *
    1172                 :            :  * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
    1173                 :            :  * exactly.  Some encryption types add pad to make the data fit into
    1174                 :            :  * the block size of the encryption algorithm.  Furthermore, the pad
    1175                 :            :  * is not guaranteed to look in any special way, although existing
    1176                 :            :  * implementations often pad with the zero byte.  This means that you
    1177                 :            :  * may have to "frame" data, so it is possible to infer the original
    1178                 :            :  * length after decryption.  Compare ASN.1 DER which contains such
    1179                 :            :  * information.
    1180                 :            :  *
    1181                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1182                 :            :  **/
    1183                 :            : int
    1184                 :       1422 : shishi_encrypt_ivupdate_etype (Shishi * handle,
    1185                 :            :                                Shishi_key * key,
    1186                 :            :                                int keyusage,
    1187                 :            :                                int32_t etype,
    1188                 :            :                                const char *iv, size_t ivlen,
    1189                 :            :                                char **ivout, size_t * ivoutlen,
    1190                 :            :                                const char *in, size_t inlen,
    1191                 :            :                                char **out, size_t * outlen)
    1192                 :            : {
    1193                 :            :   Shishi_encrypt_function enc;
    1194                 :            :   int res;
    1195                 :            : 
    1196         [ -  + ]:       1422 :   if (VERBOSECRYPTO (handle))
    1197                 :            :     {
    1198                 :          0 :       printf ("encrypt (type=%s, usage=%d, key, in)\n",
    1199                 :            :               shishi_key_name (key), keyusage);
    1200                 :          0 :       printf ("\t ;; key (%d):\n", shishi_key_length (key));
    1201                 :          0 :       _shishi_hexprint (shishi_key_value (key), shishi_key_length (key));
    1202                 :          0 :       printf ("\t ;; in (%d):\n", inlen);
    1203                 :          0 :       _shishi_escapeprint (in, inlen);
    1204                 :          0 :       _shishi_hexprint (in, inlen);
    1205         [ #  # ]:          0 :       if (iv)
    1206                 :            :         {
    1207                 :          0 :           printf ("\t ;; iv (%d):\n", ivlen);
    1208                 :          0 :           _shishi_escapeprint (iv, ivlen);
    1209                 :          0 :           _shishi_hexprint (iv, ivlen);
    1210                 :            :         }
    1211                 :            :     }
    1212                 :            : 
    1213                 :       1422 :   enc = _shishi_cipher_encrypt (etype);
    1214         [ -  + ]:       1422 :   if (enc == NULL)
    1215                 :            :     {
    1216                 :          0 :       shishi_error_printf (handle, "Unsupported keytype %d",
    1217                 :            :                            shishi_key_type (key));
    1218                 :          0 :       return SHISHI_CRYPTO_ERROR;
    1219                 :            :     }
    1220                 :            : 
    1221                 :       1422 :   res = (*enc) (handle, key, keyusage, iv, ivlen, ivout, ivoutlen,
    1222                 :            :                 in, inlen, out, outlen);
    1223                 :            : 
    1224         [ -  + ]:       1422 :   if (VERBOSECRYPTO (handle))
    1225                 :            :     {
    1226         [ #  # ]:          0 :       if (res == SHISHI_OK)
    1227                 :            :         {
    1228                 :          0 :           printf ("\t ;; encrypt out:\n");
    1229                 :          0 :           _shishi_escapeprint (*out, *outlen);
    1230                 :          0 :           _shishi_hexprint (*out, *outlen);
    1231   [ #  #  #  # ]:          0 :           if (ivout && ivoutlen)
    1232                 :            :             {
    1233                 :          0 :               printf ("\t ;; iv out:\n");
    1234                 :          0 :               _shishi_escapeprint (*ivout, *ivoutlen);
    1235                 :          0 :               _shishi_hexprint (*ivout, *ivoutlen);
    1236                 :            :             }
    1237                 :            :         }
    1238                 :            :       else
    1239                 :            :         {
    1240                 :          0 :           printf ("\t ;; encrypt out failed %d\n", res);
    1241                 :            :         }
    1242                 :            :     }
    1243                 :            : 
    1244                 :       1422 :   return res;
    1245                 :            : }
    1246                 :            : 
    1247                 :            : /**
    1248                 :            :  * shishi_encrypt_iv_etype:
    1249                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1250                 :            :  * @key: key to encrypt with.
    1251                 :            :  * @keyusage: integer specifying what this key is encrypting.
    1252                 :            :  * @etype: integer specifying what cipher to use.
    1253                 :            :  * @iv: input array with initialization vector
    1254                 :            :  * @ivlen: size of input array with initialization vector.
    1255                 :            :  * @in: input array with data to encrypt.
    1256                 :            :  * @inlen: size of input array with data to encrypt.
    1257                 :            :  * @out: output array with newly allocated encrypted data.
    1258                 :            :  * @outlen: output variable with size of newly allocated output array.
    1259                 :            :  *
    1260                 :            :  * Encrypts data as per encryption method using specified
    1261                 :            :  * initialization vector and key.  The key actually used is derived
    1262                 :            :  * using the key usage.  If key usage is 0, no key derivation is used.
    1263                 :            :  * The OUT buffer must be deallocated by the caller.  The next IV is
    1264                 :            :  * lost, see shishi_encrypt_ivupdate_etype if you need it.
    1265                 :            :  *
    1266                 :            :  * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
    1267                 :            :  * exactly.  Some encryption types add pad to make the data fit into
    1268                 :            :  * the block size of the encryption algorithm.  Furthermore, the pad
    1269                 :            :  * is not guaranteed to look in any special way, although existing
    1270                 :            :  * implementations often pad with the zero byte.  This means that you
    1271                 :            :  * may have to "frame" data, so it is possible to infer the original
    1272                 :            :  * length after decryption.  Compare ASN.1 DER which contains such
    1273                 :            :  * information.
    1274                 :            :  *
    1275                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1276                 :            :  **/
    1277                 :            : int
    1278                 :          0 : shishi_encrypt_iv_etype (Shishi * handle,
    1279                 :            :                          Shishi_key * key,
    1280                 :            :                          int keyusage,
    1281                 :            :                          int32_t etype,
    1282                 :            :                          const char *iv, size_t ivlen,
    1283                 :            :                          const char *in, size_t inlen,
    1284                 :            :                          char **out, size_t * outlen)
    1285                 :            : {
    1286                 :          0 :   return shishi_encrypt_ivupdate_etype (handle, key, keyusage, etype,
    1287                 :            :                                         iv, ivlen, NULL, NULL,
    1288                 :            :                                         in, inlen, out, outlen);
    1289                 :            : }
    1290                 :            : 
    1291                 :            : /**
    1292                 :            :  * shishi_encrypt_etype:
    1293                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1294                 :            :  * @key: key to encrypt with.
    1295                 :            :  * @keyusage: integer specifying what this key is encrypting.
    1296                 :            :  * @etype: integer specifying what cipher to use.
    1297                 :            :  * @in: input array with data to encrypt.
    1298                 :            :  * @inlen: size of input array with data to encrypt.
    1299                 :            :  * @out: output array with newly allocated encrypted data.
    1300                 :            :  * @outlen: output variable with size of newly allocated output array.
    1301                 :            :  *
    1302                 :            :  * Encrypts data as per encryption method using specified
    1303                 :            :  * initialization vector and key.  The key actually used is derived
    1304                 :            :  * using the key usage.  If key usage is 0, no key derivation is used.
    1305                 :            :  * The OUT buffer must be deallocated by the caller.  The default IV
    1306                 :            :  * is used, see shishi_encrypt_iv_etype if you need to alter it. The
    1307                 :            :  * next IV is lost, see shishi_encrypt_ivupdate_etype if you need it.
    1308                 :            :  *
    1309                 :            :  * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
    1310                 :            :  * exactly.  Some encryption types add pad to make the data fit into
    1311                 :            :  * the block size of the encryption algorithm.  Furthermore, the pad
    1312                 :            :  * is not guaranteed to look in any special way, although existing
    1313                 :            :  * implementations often pad with the zero byte.  This means that you
    1314                 :            :  * may have to "frame" data, so it is possible to infer the original
    1315                 :            :  * length after decryption.  Compare ASN.1 DER which contains such
    1316                 :            :  * information.
    1317                 :            :  *
    1318                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1319                 :            :  **/
    1320                 :            : int
    1321                 :          0 : shishi_encrypt_etype (Shishi * handle,
    1322                 :            :                       Shishi_key * key,
    1323                 :            :                       int keyusage,
    1324                 :            :                       int32_t etype,
    1325                 :            :                       const char *in, size_t inlen,
    1326                 :            :                       char **out, size_t * outlen)
    1327                 :            : {
    1328                 :          0 :   return shishi_encrypt_ivupdate_etype (handle, key, keyusage,
    1329                 :            :                                         shishi_key_type (key),
    1330                 :            :                                         NULL, 0, NULL, NULL,
    1331                 :            :                                         in, inlen, out, outlen);
    1332                 :            : }
    1333                 :            : 
    1334                 :            : /**
    1335                 :            :  * shishi_encrypt_ivupdate:
    1336                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1337                 :            :  * @key: key to encrypt with.
    1338                 :            :  * @keyusage: integer specifying what this key is encrypting.
    1339                 :            :  * @iv: input array with initialization vector
    1340                 :            :  * @ivlen: size of input array with initialization vector.
    1341                 :            :  * @ivout: output array with newly allocated updated initialization vector.
    1342                 :            :  * @ivoutlen: size of output array with updated initialization vector.
    1343                 :            :  * @in: input array with data to encrypt.
    1344                 :            :  * @inlen: size of input array with data to encrypt.
    1345                 :            :  * @out: output array with newly allocated encrypted data.
    1346                 :            :  * @outlen: output variable with size of newly allocated output array.
    1347                 :            :  *
    1348                 :            :  * Encrypts data using specified initialization vector and key.  The
    1349                 :            :  * key actually used is derived using the key usage.  If key usage is
    1350                 :            :  * 0, no key derivation is used.  The OUT buffer must be deallocated
    1351                 :            :  * by the caller.  If IVOUT or IVOUTLEN is NULL, the updated IV is not
    1352                 :            :  * saved anywhere.
    1353                 :            :  *
    1354                 :            :  * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
    1355                 :            :  * exactly.  Some encryption types add pad to make the data fit into
    1356                 :            :  * the block size of the encryption algorithm.  Furthermore, the pad
    1357                 :            :  * is not guaranteed to look in any special way, although existing
    1358                 :            :  * implementations often pad with the zero byte.  This means that you
    1359                 :            :  * may have to "frame" data, so it is possible to infer the original
    1360                 :            :  * length after decryption.  Compare ASN.1 DER which contains such
    1361                 :            :  * information.
    1362                 :            :  *
    1363                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1364                 :            :  **/
    1365                 :            : int
    1366                 :          0 : shishi_encrypt_ivupdate (Shishi * handle,
    1367                 :            :                          Shishi_key * key,
    1368                 :            :                          int keyusage,
    1369                 :            :                          const char *iv, size_t ivlen,
    1370                 :            :                          char **ivout, size_t * ivoutlen,
    1371                 :            :                          const char *in, size_t inlen,
    1372                 :            :                          char **out, size_t * outlen)
    1373                 :            : {
    1374                 :          0 :   return shishi_encrypt_ivupdate_etype (handle, key, keyusage,
    1375                 :            :                                         shishi_key_type (key),
    1376                 :            :                                         iv, ivlen, ivout, ivoutlen,
    1377                 :            :                                         in, inlen, out, outlen);
    1378                 :            : }
    1379                 :            : 
    1380                 :            : /**
    1381                 :            :  * shishi_encrypt_iv:
    1382                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1383                 :            :  * @key: key to encrypt with.
    1384                 :            :  * @keyusage: integer specifying what this key is encrypting.
    1385                 :            :  * @iv: input array with initialization vector
    1386                 :            :  * @ivlen: size of input array with initialization vector.
    1387                 :            :  * @in: input array with data to encrypt.
    1388                 :            :  * @inlen: size of input array with data to encrypt.
    1389                 :            :  * @out: output array with newly allocated encrypted data.
    1390                 :            :  * @outlen: output variable with size of newly allocated output array.
    1391                 :            :  *
    1392                 :            :  * Encrypts data using specified initialization vector and key.  The
    1393                 :            :  * key actually used is derived using the key usage.  If key usage is
    1394                 :            :  * 0, no key derivation is used.  The OUT buffer must be deallocated
    1395                 :            :  * by the caller.  The next IV is lost, see shishi_encrypt_ivupdate if
    1396                 :            :  * you need it.
    1397                 :            :  *
    1398                 :            :  * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
    1399                 :            :  * exactly.  Some encryption types add pad to make the data fit into
    1400                 :            :  * the block size of the encryption algorithm.  Furthermore, the pad
    1401                 :            :  * is not guaranteed to look in any special way, although existing
    1402                 :            :  * implementations often pad with the zero byte.  This means that you
    1403                 :            :  * may have to "frame" data, so it is possible to infer the original
    1404                 :            :  * length after decryption.  Compare ASN.1 DER which contains such
    1405                 :            :  * information.
    1406                 :            :  *
    1407                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1408                 :            :  **/
    1409                 :            : int
    1410                 :          0 : shishi_encrypt_iv (Shishi * handle,
    1411                 :            :                    Shishi_key * key,
    1412                 :            :                    int keyusage,
    1413                 :            :                    const char *iv, size_t ivlen,
    1414                 :            :                    const char *in, size_t inlen, char **out, size_t * outlen)
    1415                 :            : {
    1416                 :          0 :   return shishi_encrypt_ivupdate_etype (handle, key, keyusage,
    1417                 :            :                                         shishi_key_type (key),
    1418                 :            :                                         iv, ivlen, NULL, NULL,
    1419                 :            :                                         in, inlen, out, outlen);
    1420                 :            : }
    1421                 :            : 
    1422                 :            : /**
    1423                 :            :  * shishi_encrypt:
    1424                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1425                 :            :  * @key: key to encrypt with.
    1426                 :            :  * @keyusage: integer specifying what this key is encrypting.
    1427                 :            :  * @in: input array with data to encrypt.
    1428                 :            :  * @inlen: size of input array with data to encrypt.
    1429                 :            :  * @out: output array with newly allocated encrypted data.
    1430                 :            :  * @outlen: output variable with size of newly allocated output array.
    1431                 :            :  *
    1432                 :            :  * Encrypts data using specified key.  The key actually used is
    1433                 :            :  * derived using the key usage.  If key usage is 0, no key derivation
    1434                 :            :  * is used.  The OUT buffer must be deallocated by the caller.  The
    1435                 :            :  * default IV is used, see shishi_encrypt_iv if you need to alter it.
    1436                 :            :  * The next IV is lost, see shishi_encrypt_ivupdate if you need it.
    1437                 :            :  *
    1438                 :            :  * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
    1439                 :            :  * exactly.  Some encryption types add pad to make the data fit into
    1440                 :            :  * the block size of the encryption algorithm.  Furthermore, the pad
    1441                 :            :  * is not guaranteed to look in any special way, although existing
    1442                 :            :  * implementations often pad with the zero byte.  This means that you
    1443                 :            :  * may have to "frame" data, so it is possible to infer the original
    1444                 :            :  * length after decryption.  Compare ASN.1 DER which contains such
    1445                 :            :  * information.
    1446                 :            :  *
    1447                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1448                 :            :  **/
    1449                 :            : int
    1450                 :       1086 : shishi_encrypt (Shishi * handle,
    1451                 :            :                 Shishi_key * key,
    1452                 :            :                 int keyusage,
    1453                 :            :                 char *in, size_t inlen, char **out, size_t * outlen)
    1454                 :            : {
    1455                 :       1086 :   return shishi_encrypt_ivupdate_etype (handle, key, keyusage,
    1456                 :            :                                         shishi_key_type (key),
    1457                 :            :                                         NULL, 0, NULL, NULL,
    1458                 :            :                                         in, inlen, out, outlen);
    1459                 :            : }
    1460                 :            : 
    1461                 :            : /**
    1462                 :            :  * shishi_decrypt_ivupdate_etype:
    1463                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1464                 :            :  * @key: key to decrypt with.
    1465                 :            :  * @keyusage: integer specifying what this key is decrypting.
    1466                 :            :  * @etype: integer specifying what cipher to use.
    1467                 :            :  * @iv: input array with initialization vector
    1468                 :            :  * @ivlen: size of input array with initialization vector.
    1469                 :            :  * @ivout: output array with newly allocated updated initialization vector.
    1470                 :            :  * @ivoutlen: size of output array with updated initialization vector.
    1471                 :            :  * @in: input array with data to decrypt.
    1472                 :            :  * @inlen: size of input array with data to decrypt.
    1473                 :            :  * @out: output array with newly allocated decrypted data.
    1474                 :            :  * @outlen: output variable with size of newly allocated output array.
    1475                 :            :  *
    1476                 :            :  * Decrypts data as per encryption method using specified
    1477                 :            :  * initialization vector and key.  The key actually used is derived
    1478                 :            :  * using the key usage.  If key usage is 0, no key derivation is used.
    1479                 :            :  * The OUT buffer must be deallocated by the caller.  If IVOUT or
    1480                 :            :  * IVOUTLEN is NULL, the updated IV is not saved anywhere.
    1481                 :            :  *
    1482                 :            :  * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
    1483                 :            :  * exactly.  Some encryption types add pad to make the data fit into
    1484                 :            :  * the block size of the encryption algorithm.  Furthermore, the pad
    1485                 :            :  * is not guaranteed to look in any special way, although existing
    1486                 :            :  * implementations often pad with the zero byte.  This means that you
    1487                 :            :  * may have to "frame" data, so it is possible to infer the original
    1488                 :            :  * length after decryption.  Compare ASN.1 DER which contains such
    1489                 :            :  * information.
    1490                 :            :  *
    1491                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1492                 :            :  **/
    1493                 :            : int
    1494                 :        336 : shishi_decrypt_ivupdate_etype (Shishi * handle,
    1495                 :            :                                Shishi_key * key,
    1496                 :            :                                int keyusage,
    1497                 :            :                                int32_t etype,
    1498                 :            :                                const char *iv, size_t ivlen,
    1499                 :            :                                char **ivout, size_t * ivoutlen,
    1500                 :            :                                const char *in, size_t inlen,
    1501                 :            :                                char **out, size_t * outlen)
    1502                 :            : {
    1503                 :            :   Shishi_decrypt_function decrypt;
    1504                 :            :   int res;
    1505                 :            : 
    1506         [ -  + ]:        336 :   if (VERBOSECRYPTO (handle))
    1507                 :            :     {
    1508                 :          0 :       printf ("decrypt (type=%s, usage=%d, key, in, out)\n",
    1509                 :            :               shishi_key_name (key), keyusage);
    1510                 :          0 :       printf ("\t ;; key (%d):\n", shishi_key_length (key));
    1511                 :          0 :       _shishi_hexprint (shishi_key_value (key), shishi_key_length (key));
    1512                 :          0 :       printf ("\t ;; in (%d):\n", inlen);
    1513                 :          0 :       _shishi_escapeprint (in, inlen);
    1514                 :          0 :       _shishi_hexprint (in, inlen);
    1515         [ #  # ]:          0 :       if (iv)
    1516                 :            :         {
    1517                 :          0 :           printf ("\t ;; iv (%d):\n", ivlen);
    1518                 :          0 :           _shishi_escapeprint (iv, ivlen);
    1519                 :          0 :           _shishi_hexprint (iv, ivlen);
    1520                 :            :         }
    1521                 :            :     }
    1522                 :            : 
    1523                 :        336 :   decrypt = _shishi_cipher_decrypt (etype);
    1524         [ -  + ]:        336 :   if (decrypt == NULL)
    1525                 :            :     {
    1526                 :          0 :       shishi_error_printf (handle, "Unsupported keytype %d",
    1527                 :            :                            shishi_key_type (key));
    1528                 :          0 :       return SHISHI_CRYPTO_ERROR;
    1529                 :            :     }
    1530                 :            : 
    1531                 :        336 :   res = (*decrypt) (handle, key, keyusage,
    1532                 :            :                     iv, ivlen, ivout, ivoutlen, in, inlen, out, outlen);
    1533                 :            : 
    1534         [ -  + ]:        336 :   if (VERBOSECRYPTO (handle))
    1535                 :            :     {
    1536         [ #  # ]:          0 :       if (res == SHISHI_OK)
    1537                 :            :         {
    1538                 :          0 :           printf ("\t ;; decrypt out:\n");
    1539                 :          0 :           _shishi_escapeprint (*out, *outlen);
    1540                 :          0 :           _shishi_hexprint (*out, *outlen);
    1541                 :            :         }
    1542                 :            :       else
    1543                 :            :         {
    1544                 :          0 :           printf ("\t ;; decrypt out failed %d\n", res);
    1545                 :            :         }
    1546                 :            :     }
    1547                 :            : 
    1548                 :        336 :   return res;
    1549                 :            : }
    1550                 :            : 
    1551                 :            : /**
    1552                 :            :  * shishi_decrypt_iv_etype:
    1553                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1554                 :            :  * @key: key to decrypt with.
    1555                 :            :  * @keyusage: integer specifying what this key is decrypting.
    1556                 :            :  * @etype: integer specifying what cipher to use.
    1557                 :            :  * @iv: input array with initialization vector
    1558                 :            :  * @ivlen: size of input array with initialization vector.
    1559                 :            :  * @in: input array with data to decrypt.
    1560                 :            :  * @inlen: size of input array with data to decrypt.
    1561                 :            :  * @out: output array with newly allocated decrypted data.
    1562                 :            :  * @outlen: output variable with size of newly allocated output array.
    1563                 :            :  *
    1564                 :            :  * Decrypts data as per encryption method using specified
    1565                 :            :  * initialization vector and key.  The key actually used is derived
    1566                 :            :  * using the key usage.  If key usage is 0, no key derivation is used.
    1567                 :            :  * The OUT buffer must be deallocated by the caller.  The next IV is
    1568                 :            :  * lost, see shishi_decrypt_ivupdate_etype if you need it.
    1569                 :            :  *
    1570                 :            :  * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
    1571                 :            :  * exactly.  Some encryption types add pad to make the data fit into
    1572                 :            :  * the block size of the encryption algorithm.  Furthermore, the pad
    1573                 :            :  * is not guaranteed to look in any special way, although existing
    1574                 :            :  * implementations often pad with the zero byte.  This means that you
    1575                 :            :  * may have to "frame" data, so it is possible to infer the original
    1576                 :            :  * length after decryption.  Compare ASN.1 DER which contains such
    1577                 :            :  * information.
    1578                 :            :  *
    1579                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1580                 :            :  **/
    1581                 :            : int
    1582                 :          0 : shishi_decrypt_iv_etype (Shishi * handle,
    1583                 :            :                          Shishi_key * key,
    1584                 :            :                          int keyusage,
    1585                 :            :                          int32_t etype,
    1586                 :            :                          const char *iv, size_t ivlen,
    1587                 :            :                          const char *in, size_t inlen,
    1588                 :            :                          char **out, size_t * outlen)
    1589                 :            : {
    1590                 :          0 :   return shishi_decrypt_ivupdate_etype (handle, key, keyusage, etype,
    1591                 :            :                                         iv, ivlen, NULL, NULL,
    1592                 :            :                                         in, inlen, out, outlen);
    1593                 :            : }
    1594                 :            : 
    1595                 :            : /**
    1596                 :            :  * shishi_decrypt_etype:
    1597                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1598                 :            :  * @key: key to decrypt with.
    1599                 :            :  * @keyusage: integer specifying what this key is decrypting.
    1600                 :            :  * @etype: integer specifying what cipher to use.
    1601                 :            :  * @in: input array with data to decrypt.
    1602                 :            :  * @inlen: size of input array with data to decrypt.
    1603                 :            :  * @out: output array with newly allocated decrypted data.
    1604                 :            :  * @outlen: output variable with size of newly allocated output array.
    1605                 :            :  *
    1606                 :            :  * Decrypts data as per encryption method using specified key.  The
    1607                 :            :  * key actually used is derived using the key usage.  If key usage is
    1608                 :            :  * 0, no key derivation is used.  The OUT buffer must be deallocated
    1609                 :            :  * by the caller.  The default IV is used, see shishi_decrypt_iv_etype
    1610                 :            :  * if you need to alter it.  The next IV is lost, see
    1611                 :            :  * shishi_decrypt_ivupdate_etype if you need it.
    1612                 :            :  *
    1613                 :            :  * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
    1614                 :            :  * exactly.  Some encryption types add pad to make the data fit into
    1615                 :            :  * the block size of the encryption algorithm.  Furthermore, the pad
    1616                 :            :  * is not guaranteed to look in any special way, although existing
    1617                 :            :  * implementations often pad with the zero byte.  This means that you
    1618                 :            :  * may have to "frame" data, so it is possible to infer the original
    1619                 :            :  * length after decryption.  Compare ASN.1 DER which contains such
    1620                 :            :  * information.
    1621                 :            :  *
    1622                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1623                 :            :  **/
    1624                 :            : int
    1625                 :          0 : shishi_decrypt_etype (Shishi * handle,
    1626                 :            :                       Shishi_key * key,
    1627                 :            :                       int keyusage,
    1628                 :            :                       int32_t etype,
    1629                 :            :                       const char *in, size_t inlen,
    1630                 :            :                       char **out, size_t * outlen)
    1631                 :            : {
    1632                 :          0 :   return shishi_decrypt_ivupdate_etype (handle, key, keyusage, etype,
    1633                 :            :                                         NULL, 0, NULL, NULL,
    1634                 :            :                                         in, inlen, out, outlen);
    1635                 :            : }
    1636                 :            : 
    1637                 :            : /**
    1638                 :            :  * shishi_decrypt_ivupdate:
    1639                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1640                 :            :  * @key: key to decrypt with.
    1641                 :            :  * @keyusage: integer specifying what this key is decrypting.
    1642                 :            :  * @iv: input array with initialization vector
    1643                 :            :  * @ivlen: size of input array with initialization vector.
    1644                 :            :  * @ivout: output array with newly allocated updated initialization vector.
    1645                 :            :  * @ivoutlen: size of output array with updated initialization vector.
    1646                 :            :  * @in: input array with data to decrypt.
    1647                 :            :  * @inlen: size of input array with data to decrypt.
    1648                 :            :  * @out: output array with newly allocated decrypted data.
    1649                 :            :  * @outlen: output variable with size of newly allocated output array.
    1650                 :            :  *
    1651                 :            :  * Decrypts data using specified initialization vector and key.  The
    1652                 :            :  * key actually used is derived using the key usage.  If key usage is
    1653                 :            :  * 0, no key derivation is used.  The OUT buffer must be deallocated
    1654                 :            :  * by the caller.  If IVOUT or IVOUTLEN is NULL, the updated IV is not
    1655                 :            :  * saved anywhere.
    1656                 :            :  *
    1657                 :            :  * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
    1658                 :            :  * exactly.  Some encryption types add pad to make the data fit into
    1659                 :            :  * the block size of the encryption algorithm.  Furthermore, the pad
    1660                 :            :  * is not guaranteed to look in any special way, although existing
    1661                 :            :  * implementations often pad with the zero byte.  This means that you
    1662                 :            :  * may have to "frame" data, so it is possible to infer the original
    1663                 :            :  * length after decryption.  Compare ASN.1 DER which contains such
    1664                 :            :  * information.
    1665                 :            :  *
    1666                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1667                 :            :  **/
    1668                 :            : int
    1669                 :          0 : shishi_decrypt_ivupdate (Shishi * handle,
    1670                 :            :                          Shishi_key * key,
    1671                 :            :                          int keyusage,
    1672                 :            :                          const char *iv, size_t ivlen,
    1673                 :            :                          char **ivout, size_t * ivoutlen,
    1674                 :            :                          const char *in, size_t inlen,
    1675                 :            :                          char **out, size_t * outlen)
    1676                 :            : {
    1677                 :          0 :   return shishi_decrypt_ivupdate_etype (handle, key, keyusage,
    1678                 :            :                                         shishi_key_type (key),
    1679                 :            :                                         iv, ivlen, ivout, ivoutlen,
    1680                 :            :                                         in, inlen, out, outlen);
    1681                 :            : }
    1682                 :            : 
    1683                 :            : /**
    1684                 :            :  * shishi_decrypt_iv:
    1685                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1686                 :            :  * @key: key to decrypt with.
    1687                 :            :  * @keyusage: integer specifying what this key is decrypting.
    1688                 :            :  * @iv: input array with initialization vector
    1689                 :            :  * @ivlen: size of input array with initialization vector.
    1690                 :            :  * @in: input array with data to decrypt.
    1691                 :            :  * @inlen: size of input array with data to decrypt.
    1692                 :            :  * @out: output array with newly allocated decrypted data.
    1693                 :            :  * @outlen: output variable with size of newly allocated output array.
    1694                 :            :  *
    1695                 :            :  * Decrypts data using specified initialization vector and key.  The
    1696                 :            :  * key actually used is derived using the key usage.  If key usage is
    1697                 :            :  * 0, no key derivation is used.  The OUT buffer must be deallocated
    1698                 :            :  * by the caller.  The next IV is lost, see
    1699                 :            :  * shishi_decrypt_ivupdate_etype if you need it.
    1700                 :            :  *
    1701                 :            :  * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
    1702                 :            :  * exactly.  Some encryption types add pad to make the data fit into
    1703                 :            :  * the block size of the encryption algorithm.  Furthermore, the pad
    1704                 :            :  * is not guaranteed to look in any special way, although existing
    1705                 :            :  * implementations often pad with the zero byte.  This means that you
    1706                 :            :  * may have to "frame" data, so it is possible to infer the original
    1707                 :            :  * length after decryption.  Compare ASN.1 DER which contains such
    1708                 :            :  * information.
    1709                 :            :  *
    1710                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1711                 :            :  **/
    1712                 :            : int
    1713                 :          0 : shishi_decrypt_iv (Shishi * handle,
    1714                 :            :                    Shishi_key * key,
    1715                 :            :                    int keyusage,
    1716                 :            :                    const char *iv, size_t ivlen,
    1717                 :            :                    const char *in, size_t inlen, char **out, size_t * outlen)
    1718                 :            : {
    1719                 :          0 :   return shishi_decrypt_ivupdate_etype (handle, key, keyusage,
    1720                 :            :                                         shishi_key_type (key),
    1721                 :            :                                         iv, ivlen, NULL, NULL,
    1722                 :            :                                         in, inlen, out, outlen);
    1723                 :            : }
    1724                 :            : 
    1725                 :            : /**
    1726                 :            :  * shishi_decrypt:
    1727                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1728                 :            :  * @key: key to decrypt with.
    1729                 :            :  * @keyusage: integer specifying what this key is decrypting.
    1730                 :            :  * @in: input array with data to decrypt.
    1731                 :            :  * @inlen: size of input array with data to decrypt.
    1732                 :            :  * @out: output array with newly allocated decrypted data.
    1733                 :            :  * @outlen: output variable with size of newly allocated output array.
    1734                 :            :  *
    1735                 :            :  * Decrypts data specified key.  The key actually used is derived
    1736                 :            :  * using the key usage.  If key usage is 0, no key derivation is used.
    1737                 :            :  * The OUT buffer must be deallocated by the caller.  The default IV
    1738                 :            :  * is used, see shishi_decrypt_iv if you need to alter it.  The next
    1739                 :            :  * IV is lost, see shishi_decrypt_ivupdate if you need it.
    1740                 :            :  *
    1741                 :            :  * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
    1742                 :            :  * exactly.  Some encryption types add pad to make the data fit into
    1743                 :            :  * the block size of the encryption algorithm.  Furthermore, the pad
    1744                 :            :  * is not guaranteed to look in any special way, although existing
    1745                 :            :  * implementations often pad with the zero byte.  This means that you
    1746                 :            :  * may have to "frame" data, so it is possible to infer the original
    1747                 :            :  * length after decryption.  Compare ASN.1 DER which contains such
    1748                 :            :  * information.
    1749                 :            :  *
    1750                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1751                 :            :  **/
    1752                 :            : int
    1753                 :          0 : shishi_decrypt (Shishi * handle,
    1754                 :            :                 Shishi_key * key,
    1755                 :            :                 int keyusage,
    1756                 :            :                 const char *in, size_t inlen, char **out, size_t * outlen)
    1757                 :            : {
    1758                 :          0 :   return shishi_decrypt_ivupdate_etype (handle, key, keyusage,
    1759                 :            :                                         shishi_key_type (key),
    1760                 :            :                                         NULL, 0, NULL, NULL,
    1761                 :            :                                         in, inlen, out, outlen);
    1762                 :            : }
    1763                 :            : 
    1764                 :            : /**
    1765                 :            :  * shishi_n_fold:
    1766                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1767                 :            :  * @in: input array with data to decrypt.
    1768                 :            :  * @inlen: size of input array with data to decrypt ("M").
    1769                 :            :  * @out: output array with decrypted data.
    1770                 :            :  * @outlen: size of output array ("N").
    1771                 :            :  *
    1772                 :            :  * Fold data into a fixed length output array, with the intent to give
    1773                 :            :  * each input bit approximately equal weight in determining the value
    1774                 :            :  * of each output bit.
    1775                 :            :  *
    1776                 :            :  * The algorithm is from "A Better Key Schedule For DES-like Ciphers"
    1777                 :            :  * by Uri Blumenthal and Steven M. Bellovin,
    1778                 :            :  * http://www.research.att.com/~smb/papers/ides.pdf, although the
    1779                 :            :  * sample vectors provided by the paper are incorrect.
    1780                 :            :  *
    1781                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1782                 :            :  **/
    1783                 :            : int
    1784                 :        664 : shishi_n_fold (Shishi * handle,
    1785                 :            :                const char *in, size_t inlen, char *out, size_t outlen)
    1786                 :            : {
    1787                 :        664 :   int m = inlen;
    1788                 :        664 :   int n = outlen;
    1789                 :        664 :   char *buf = NULL;
    1790                 :        664 :   char *a = NULL;
    1791                 :        664 :   int lcmmn = 0;
    1792                 :        664 :   int i = 0;
    1793                 :            : 
    1794                 :            :   /*
    1795                 :            :      To n-fold a number X, replicate the input value to a length that is
    1796                 :            :      the least common multiple of n and the length of X. Before each
    1797                 :            :      repetition, the input is rotated to the right by 13 bit
    1798                 :            :      positions. The successive n-bit chunks are added together using
    1799                 :            :      1's-complement addition (that is, addition with end-around carry)
    1800                 :            :      to yield a n-bit result denoted <X>_n.
    1801                 :            :    */
    1802                 :            : 
    1803                 :        664 :   a = xmemdup (in, m);
    1804                 :            : 
    1805                 :        664 :   lcmmn = lcm (m, n);
    1806                 :            : 
    1807         [ -  + ]:        664 :   if (VERBOSECRYPTONOISE (handle))
    1808                 :            :     {
    1809                 :          0 :       printf ("%d-fold (string)\n", n * 8);
    1810                 :          0 :       printf ("\t ;; string length %d bytes %d bits\n", m, m * 8);
    1811                 :          0 :       _shishi_escapeprint (a, m);
    1812                 :          0 :       _shishi_hexprint (a, m);
    1813                 :          0 :       printf ("\t ;; lcm(%d, %d) = lcm(%d, %d) = %d\n",
    1814                 :            :               8 * m, 8 * n, m, n, lcmmn);
    1815                 :            :     }
    1816                 :            : 
    1817                 :        664 :   buf = xmalloc (lcmmn);
    1818                 :            : 
    1819                 :            :   /* Replicate the input th the LCMMN length */
    1820         [ +  + ]:      10553 :   for (i = 0; i < (lcmmn / m); i++)
    1821                 :            :     {
    1822         [ -  + ]:       9889 :       if (VERBOSECRYPTONOISE (handle))
    1823                 :            :         {
    1824                 :          0 :           printf ("\t ;; %d-th replication\n", i + 1);
    1825                 :          0 :           printf ("string = rot13(string)\n");
    1826                 :            :         }
    1827                 :            : 
    1828                 :       9889 :       memcpy ((char *) &buf[i * m], a, m);
    1829                 :       9889 :       rot13 (handle, a, a, m);
    1830                 :            :     }
    1831                 :            : 
    1832                 :        664 :   memset (out, 0, n);           /* just in case */
    1833                 :            : 
    1834         [ -  + ]:        664 :   if (VERBOSECRYPTONOISE (handle))
    1835                 :            :     {
    1836                 :          0 :       printf ("\t ;; replicated string (length %d):\n", lcmmn);
    1837                 :          0 :       _shishi_hexprint (buf, lcmmn);
    1838                 :          0 :       _shishi_binprint (buf, lcmmn);
    1839                 :          0 :       printf ("sum = 0\n");
    1840                 :            :     }
    1841                 :            : 
    1842                 :            :   /* Now we view the buf as set of n-byte strings
    1843                 :            :      Add the n-byte long chunks together, using
    1844                 :            :      one's complement addition, storing the
    1845                 :            :      result in the output string. */
    1846                 :            : 
    1847         [ +  + ]:       4053 :   for (i = 0; i < (lcmmn / n); i++)
    1848                 :            :     {
    1849         [ -  + ]:       3389 :       if (VERBOSECRYPTONOISE (handle))
    1850                 :            :         {
    1851                 :          0 :           printf ("\t ;; %d-th one's complement addition sum\n", i + 1);
    1852                 :          0 :           printf ("\t ;; sum:\n");
    1853                 :          0 :           _shishi_hexprint (out, n);
    1854                 :          0 :           _shishi_binprint (out, n);
    1855                 :          0 :           printf ("\t ;; A (offset %d):\n", i * n);
    1856                 :          0 :           _shishi_hexprint (&buf[i * n], n);
    1857                 :          0 :           _shishi_binprint (&buf[i * n], n);
    1858                 :          0 :           printf ("sum = ocadd(sum, A);\n");
    1859                 :            :         }
    1860                 :            : 
    1861                 :       3389 :       ocadd (out, (char *) &buf[i * n], out, n);
    1862                 :            : 
    1863         [ -  + ]:       3389 :       if (VERBOSECRYPTONOISE (handle))
    1864                 :            :         {
    1865                 :          0 :           printf ("\t ;; sum:\n");
    1866                 :          0 :           _shishi_hexprint (out, n);
    1867                 :          0 :           _shishi_binprint (out, n);
    1868                 :            :         }
    1869                 :            :     }
    1870                 :            : 
    1871         [ -  + ]:        664 :   if (VERBOSECRYPTONOISE (handle))
    1872                 :            :     {
    1873                 :          0 :       printf ("\t ;; nfold\n");
    1874                 :          0 :       _shishi_hexprint (out, n);
    1875                 :          0 :       _shishi_binprint (out, n);
    1876                 :            :     }
    1877                 :            : 
    1878                 :        664 :   free (buf);
    1879                 :        664 :   free (a);
    1880                 :            : 
    1881                 :        664 :   return SHISHI_OK;
    1882                 :            : }
    1883                 :            : 
    1884                 :            : #define MAX_DR_PRFCONSTANT 1024
    1885                 :            : 
    1886                 :            : /**
    1887                 :            :  * shishi_dr:
    1888                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1889                 :            :  * @key: input array with cryptographic key to use.
    1890                 :            :  * @prfconstant: input array with the constant string.
    1891                 :            :  * @prfconstantlen: size of input array with the constant string.
    1892                 :            :  * @derivedrandom: output array with derived random data.
    1893                 :            :  * @derivedrandomlen: size of output array with derived random data.
    1894                 :            :  *
    1895                 :            :  * Derive "random" data from a key and a constant thusly:
    1896                 :            :  * DR(KEY, PRFCONSTANT) = TRUNCATE(DERIVEDRANDOMLEN,
    1897                 :            :  *                                 SHISHI_ENCRYPT(KEY, PRFCONSTANT)).
    1898                 :            :  *
    1899                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1900                 :            :  **/
    1901                 :            : int
    1902                 :        653 : shishi_dr (Shishi * handle,
    1903                 :            :            Shishi_key * key,
    1904                 :            :            const char *prfconstant, size_t prfconstantlen,
    1905                 :            :            char *derivedrandom, size_t derivedrandomlen)
    1906                 :            : {
    1907                 :            :   char *cipher;
    1908                 :            :   char plaintext[MAX_DR_PRFCONSTANT];
    1909                 :            :   char nfoldprfconstant[MAX_DR_PRFCONSTANT];
    1910                 :        653 :   size_t blocksize = shishi_cipher_blocksize (shishi_key_type (key));
    1911                 :            :   size_t totlen, cipherlen;
    1912                 :            :   int res;
    1913                 :            : 
    1914         [ -  + ]:        653 :   if (VERBOSECRYPTO (handle))
    1915                 :            :     {
    1916                 :          0 :       printf ("dr (%s, key, prfconstant, %d)\n",
    1917                 :            :               shishi_cipher_name (shishi_key_type (key)), derivedrandomlen);
    1918                 :          0 :       printf ("\t ;; key (length %d):\n", shishi_key_length (key));
    1919                 :          0 :       _shishi_hexprint (shishi_key_value (key), shishi_key_length (key));
    1920                 :          0 :       _shishi_binprint (shishi_key_value (key), shishi_key_length (key));
    1921                 :          0 :       printf ("\t ;; prfconstant  %s':\n", prfconstant);
    1922                 :          0 :       _shishi_escapeprint (prfconstant, prfconstantlen);
    1923                 :          0 :       _shishi_hexprint (prfconstant, prfconstantlen);
    1924                 :          0 :       _shishi_binprint (prfconstant, prfconstantlen);
    1925                 :            :     }
    1926                 :            : 
    1927         [ -  + ]:        653 :   if (prfconstantlen > MAX_DR_PRFCONSTANT)
    1928                 :          0 :     return SHISHI_TOO_SMALL_BUFFER;
    1929                 :            : 
    1930         [ +  + ]:        653 :   if (prfconstantlen == blocksize)
    1931                 :          7 :     memcpy (nfoldprfconstant, prfconstant, prfconstantlen);
    1932                 :            :   else
    1933                 :            :     {
    1934                 :        646 :       res = shishi_n_fold (handle, prfconstant, prfconstantlen,
    1935                 :            :                            nfoldprfconstant, blocksize);
    1936         [ -  + ]:        646 :       if (res != SHISHI_OK)
    1937                 :          0 :         return res;
    1938                 :            :     }
    1939                 :            : 
    1940         [ -  + ]:        653 :   if (VERBOSECRYPTO (handle))
    1941                 :            :     {
    1942                 :          0 :       printf ("\t ;; possibly nfolded prfconstant (length %d):\n", blocksize);
    1943                 :          0 :       _shishi_escapeprint (nfoldprfconstant, blocksize);
    1944                 :          0 :       _shishi_hexprint (nfoldprfconstant, blocksize);
    1945                 :          0 :       _shishi_binprint (nfoldprfconstant, blocksize);
    1946                 :            :     }
    1947                 :            : 
    1948                 :        653 :   memcpy (plaintext, nfoldprfconstant, blocksize);
    1949                 :            : 
    1950                 :        653 :   totlen = 0;
    1951                 :            :   do
    1952                 :            :     {
    1953                 :       1086 :       res = shishi_encrypt (handle, key, 0, plaintext, blocksize,
    1954                 :            :                             &cipher, &cipherlen);
    1955         [ -  + ]:       1086 :       if (res != SHISHI_OK)
    1956                 :          0 :         return res;
    1957         [ -  + ]:       1086 :       if (cipherlen != blocksize)
    1958                 :          0 :         return SHISHI_CRYPTO_ERROR;
    1959                 :       1086 :       memcpy (derivedrandom + totlen, cipher, cipherlen);
    1960                 :       1086 :       memcpy (plaintext, cipher, cipherlen);
    1961                 :       1086 :       free (cipher);
    1962                 :       1086 :       totlen += cipherlen;
    1963                 :            :     }
    1964         [ +  + ]:       1086 :   while (totlen < derivedrandomlen);
    1965                 :            : 
    1966         [ -  + ]:        653 :   if (VERBOSECRYPTO (handle))
    1967                 :            :     {
    1968                 :          0 :       printf ("\t ;; derived random (length %d):\n", derivedrandomlen);
    1969                 :          0 :       _shishi_hexprint (derivedrandom, derivedrandomlen);
    1970                 :          0 :       _shishi_binprint (derivedrandom, derivedrandomlen);
    1971                 :            :     }
    1972                 :            : 
    1973                 :        653 :   return SHISHI_OK;
    1974                 :            : }
    1975                 :            : 
    1976                 :            : /**
    1977                 :            :  * shishi_dk:
    1978                 :            :  * @handle: shishi handle as allocated by shishi_init().
    1979                 :            :  * @key: input cryptographic key to use.
    1980                 :            :  * @prfconstant: input array with the constant string.
    1981                 :            :  * @prfconstantlen: size of input array with the constant string.
    1982                 :            :  * @derivedkey: pointer to derived key (allocated by caller).
    1983                 :            :  *
    1984                 :            :  * Derive a key from a key and a constant thusly:
    1985                 :            :  * DK(KEY, PRFCONSTANT) = SHISHI_RANDOM-TO-KEY(SHISHI_DR(KEY, PRFCONSTANT)).
    1986                 :            :  *
    1987                 :            :  * Return value: Returns %SHISHI_OK iff successful.
    1988                 :            :  **/
    1989                 :            : int
    1990                 :        644 : shishi_dk (Shishi * handle,
    1991                 :            :            Shishi_key * key,
    1992                 :            :            const char *prfconstant, size_t prfconstantlen,
    1993                 :            :            Shishi_key * derivedkey)
    1994                 :            : {
    1995                 :            :   char rnd[MAX_RANDOM_LEN];
    1996                 :            :   int res;
    1997                 :            : 
    1998         [ -  + ]:        644 :   if (VERBOSECRYPTO (handle))
    1999                 :            :     {
    2000                 :          0 :       printf ("dk (%s, key, prfconstant)\n", shishi_key_name (key));
    2001                 :          0 :       printf ("\t ;; key (length %d):\n", shishi_key_length (key));
    2002                 :          0 :       _shishi_hexprint (shishi_key_value (key), shishi_key_length (key));
    2003                 :          0 :       _shishi_binprint (shishi_key_value (key), shishi_key_length (key));
    2004                 :          0 :       printf ("\t ;; prfconstant:\n");
    2005                 :          0 :       _shishi_escapeprint (prfconstant, prfconstantlen);
    2006                 :          0 :       _shishi_hexprint (prfconstant, prfconstantlen);
    2007                 :          0 :       _shishi_binprint (prfconstant, prfconstantlen);
    2008                 :            :     }
    2009                 :            : 
    2010                 :        644 :   shishi_key_type_set (derivedkey, shishi_key_type (key));
    2011                 :            : 
    2012                 :        644 :   res = shishi_dr (handle, key, prfconstant, prfconstantlen, rnd,
    2013                 :            :                    shishi_key_length (derivedkey));
    2014         [ -  + ]:        644 :   if (res != SHISHI_OK)
    2015                 :          0 :     return res;
    2016                 :            : 
    2017                 :        644 :   res = shishi_random_to_key (handle, shishi_key_type (derivedkey),
    2018                 :            :                               rnd, shishi_key_length (derivedkey),
    2019                 :            :                               derivedkey);
    2020         [ -  + ]:        644 :   if (res != SHISHI_OK)
    2021                 :          0 :     return res;
    2022                 :            : 
    2023                 :        644 :   return SHISHI_OK;
    2024                 :            : }

Generated by: LCOV version 1.8