diff --git a/freestyle.c b/freestyle.c index d68f7dc..5fe8a4b 100644 --- a/freestyle.c +++ b/freestyle.c @@ -545,10 +545,13 @@ static void freestyle_init_common ( freestyle_keysetup (x, key, key_length_bits); freestyle_ivsetup (x, iv, 0); - freestyle_roundsetup (x, min_rounds, max_rounds, - num_precomputed_rounds, - pepper_bits, - num_init_hashes + freestyle_roundsetup ( + x, + min_rounds, + max_rounds, + num_precomputed_rounds, + pepper_bits, + num_init_hashes ); } diff --git a/optimized/8-32/freestyle.c b/optimized/8-32/freestyle.c index 7c7a10b..d0467bb 100644 --- a/optimized/8-32/freestyle.c +++ b/optimized/8-32/freestyle.c @@ -23,6 +23,7 @@ #include "freestyle.h" #include "freestyle-opt.h" + static u8 gcd (u8 a, u8 b) { u8 r; @@ -515,10 +516,13 @@ static void freestyle_init_common ( freestyle_keysetup (x, key, key_length_bits); freestyle_ivsetup (x, iv, 0); - freestyle_roundsetup (x, min_rounds, max_rounds, - num_precomputed_rounds, - pepper_bits, - num_init_hashes + freestyle_roundsetup ( + x, + min_rounds, + max_rounds, + num_precomputed_rounds, + pepper_bits, + num_init_hashes ); } @@ -663,7 +667,7 @@ void freestyle_encrypt ( { u32 i; - u32 block = 0; + u32 block = 0; u8 hash; @@ -799,7 +803,7 @@ void freestyle_encrypt ( bytes -= 64; - ++block; + ++block; freestyle_increment_counter(x); } @@ -814,7 +818,7 @@ void freestyle_decrypt ( { u32 i; - u32 block = 0; + u32 block = 0; u8 hash; @@ -982,7 +986,7 @@ void freestyle_hash_password ( } /* Fill the key (32 bytes) - and IV (first 11 bytes) with password */ + and IV (first 11 bytes) with password */ for (i = 0; i < 43; ) { for (j = 0; i < 43 && j < password_len; ++j) @@ -1075,7 +1079,7 @@ void freestyle_hash_password_with_pepper ( } /* Fill the key (32 bytes) - and IV (first 11 bytes) with password */ + and IV (first 11 bytes) with password */ for (i = 0; i < 43; ) { for (j = 0; i < 43 && j < password_len; ++j) @@ -1167,7 +1171,7 @@ bool freestyle_verify_password_hash ( } /* Fill the key (32 bytes) - and IV (first 11 bytes) with password */ + and IV (first 11 bytes) with password */ for (i = 0; i < 43; ) { for (j = 0; i < 43 && j < password_len; ++j) diff --git a/optimized/merged/freestyle.c b/optimized/merged/freestyle.c index ff9a0e2..11c5318 100644 --- a/optimized/merged/freestyle.c +++ b/optimized/merged/freestyle.c @@ -123,7 +123,7 @@ static void freestyle_roundsetup ( static u8 freestyle_encrypt_block ( - freestyle_ctx *x, + freestyle_ctx *x, u8 *expected_hash) { u8 hash = 0; @@ -154,7 +154,7 @@ static u8 freestyle_encrypt_block ( output_13 = x->input_IV0, output_14 = x->input_IV1, output_15 = x->input_IV2; - + memset (hash_collided, 0, sizeof(hash_collided)); /* Generate a random round */ @@ -186,7 +186,7 @@ static u8 freestyle_encrypt_block ( } static u8 freestyle_decrypt_block ( - freestyle_ctx *x, + freestyle_ctx *x, u8 *expected_hash) { u8 hash = 0; @@ -268,7 +268,7 @@ static void freestyle_randomsetup_encrypt (freestyle_ctx *x) u32 p; /* init RNG */ - freestyle_init_RNG(x); + freestyle_init_RNG(x); if (! x->is_pepper_set) { @@ -516,10 +516,13 @@ static void freestyle_init_common ( freestyle_keysetup (x, key, key_length_bits); freestyle_ivsetup (x, iv, 0); - freestyle_roundsetup (x, min_rounds, max_rounds, - num_precomputed_rounds, - pepper_bits, - num_init_hashes + freestyle_roundsetup ( + x, + min_rounds, + max_rounds, + num_precomputed_rounds, + pepper_bits, + num_init_hashes ); } @@ -664,7 +667,7 @@ void freestyle_encrypt ( { u32 i; - u32 block = 0; + u32 block = 0; u8 hash; @@ -686,9 +689,9 @@ void freestyle_encrypt ( while (bytes > 0) { hash = 0; - + memset (hash_collided, 0, sizeof(hash_collided)); - + output_00 = x->input_CONSTANT0; output_01 = x->input_CONSTANT1; output_02 = x->input_CONSTANT2; @@ -790,8 +793,8 @@ void freestyle_encrypt ( ciphertext += 64; bytes -= 64; - - ++block; + + ++block; freestyle_increment_counter(x); } @@ -806,7 +809,7 @@ void freestyle_decrypt ( { u32 i; - u32 block = 0; + u32 block = 0; u8 hash; @@ -925,7 +928,7 @@ void freestyle_decrypt ( ciphertext += 64; bytes -= 64; - + ++block; x->input_COUNTER = PLUSONE (x->input_COUNTER); diff --git a/side-channel-attack-resistance/freestyle.c b/side-channel-attack-resistance/freestyle.c index 254fe11..61412ac 100644 --- a/side-channel-attack-resistance/freestyle.c +++ b/side-channel-attack-resistance/freestyle.c @@ -96,9 +96,9 @@ void freestyle_set_counter (freestyle_ctx *x, u32 counter) } static void freestyle_keysetup ( - freestyle_ctx *x, - const u8 *key, - const u16 key_length_bits) + freestyle_ctx *x, + const u8 *key, + const u16 key_length_bits) { const char *constants; @@ -129,9 +129,9 @@ static void freestyle_keysetup ( } static void freestyle_ivsetup ( - freestyle_ctx *x, - const u8 *iv, - const u32 counter) + freestyle_ctx *x, + const u8 *iv, + const u32 counter) { x->input[COUNTER] = counter; @@ -141,29 +141,29 @@ static void freestyle_ivsetup ( } static void freestyle_roundsetup ( - freestyle_ctx *x, - const u8 min_rounds, - const u8 max_rounds, + freestyle_ctx *x, + const u8 min_rounds, + const u8 max_rounds, const u8 num_precomputed_rounds, - const u8 pepper_bits, - const u8 num_init_hashes) + const u8 pepper_bits, + const u8 num_init_hashes) { u8 i; - x->min_rounds = min_rounds; - x->max_rounds = max_rounds; - x->num_precomputed_rounds = num_precomputed_rounds; - x->pepper_bits = pepper_bits; - x->num_init_hashes = num_init_hashes; + x->min_rounds = min_rounds; + x->max_rounds = max_rounds; + x->num_precomputed_rounds = num_precomputed_rounds; + x->pepper_bits = pepper_bits; + x->num_init_hashes = num_init_hashes; - x->hash_interval = gcd(x->min_rounds,x->max_rounds); + x->hash_interval = gcd(x->min_rounds,x->max_rounds); /* 8 + 8 + 6 + 6 + 4 bits */ - u32 cipher_parameter = ((x->min_rounds & 0xFF) << 24) - | ((x->max_rounds & 0xFF) << 16) - | ((x->pepper_bits & 0x3F) << 10) - | ((x->num_init_hashes & 0x3F) << 4) - | ((x->num_precomputed_rounds & 0x0F) ); + u32 cipher_parameter = ((x->min_rounds & 0xFF) << 24) + | ((x->max_rounds & 0xFF) << 16) + | ((x->pepper_bits & 0x3F) << 10) + | ((x->num_init_hashes & 0x3F) << 4) + | ((x->num_precomputed_rounds & 0x0F) ); for (i = 0; i < 8; ++i) { x->rand[i] = 0; @@ -192,8 +192,8 @@ static u8 freestyle_random_round_number (const freestyle_ctx *x) static u8 freestyle_hash ( - const u32 cipher_state[16], - const u8 previous_hash, + const u32 cipher_state[16], + const u8 previous_hash, const u8 rounds) { u8 hash; @@ -213,18 +213,18 @@ static u8 freestyle_hash ( static u8 freestyle_xcrypt_block ( freestyle_ctx *x, - const u8 *plaintext, - u8 *ciphertext, - u8 bytes, + const u8 *plaintext, + u8 *ciphertext, + u8 bytes, u8 *expected_hash, - const bool do_encryption) + const bool do_encryption) { - u32 i; + u32 i; - u8 r; - u8 hash = 0; + u8 r; + u8 hash = 0; - u32 output[16]; + u32 output[16]; bool init = (plaintext == NULL) || (ciphertext == NULL); @@ -282,7 +282,7 @@ static u8 freestyle_xcrypt_block ( for (i = 0; i < 16; ++i) { output [i] = PLUS(output[i], x->input[i]); - U32TO8_LITTLE (keystream + 4 * i, output[i]); + U32TO8_LITTLE (keystream + 4 * i, output[i]); } for (i = 0; i < bytes; ++i) { @@ -300,18 +300,18 @@ static void freestyle_increment_counter (freestyle_ctx *x) static void freestyle_randomsetup_encrypt (freestyle_ctx *x) { - u32 i; + u32 i; - u8 R [MAX_INIT_HASHES]; /* actual random rounds */ - u8 CR[MAX_INIT_HASHES]; /* collided random rounds */ + u8 R [MAX_INIT_HASHES]; /* actual random rounds */ + u8 CR[MAX_INIT_HASHES]; /* collided random rounds */ u32 temp1; u32 temp2; const u8 saved_min_rounds = x->min_rounds; const u8 saved_max_rounds = x->max_rounds; - const u8 saved_hash_interval = x->hash_interval; - const u8 saved_num_precomputed_rounds = x->num_precomputed_rounds; + const u8 saved_hash_interval = x->hash_interval; + const u8 saved_num_precomputed_rounds = x->num_precomputed_rounds; u32 p; @@ -331,10 +331,10 @@ static void freestyle_randomsetup_encrypt (freestyle_ctx *x) } /* set sane values for initalization */ - x->min_rounds = 8; - x->max_rounds = 32; - x->hash_interval = 1; - x->num_precomputed_rounds = 4; + x->min_rounds = 8; + x->max_rounds = 32; + x->hash_interval = 1; + x->num_precomputed_rounds = 4; for (i = 0; i < MAX_INIT_HASHES; ++i) { R [i] = CR[i] = 0; @@ -389,7 +389,7 @@ static void freestyle_randomsetup_encrypt (freestyle_ctx *x) } /* found a collision. use the collided rounds */ - memcpy(R, CR, sizeof(R)); + memcpy (R, CR, sizeof(R)); break; retry: @@ -416,10 +416,10 @@ static void freestyle_randomsetup_encrypt (freestyle_ctx *x) } /* set user parameters back */ - x->min_rounds = saved_min_rounds; - x->max_rounds = saved_max_rounds; - x->hash_interval = saved_hash_interval; - x->num_precomputed_rounds = saved_num_precomputed_rounds; + x->min_rounds = saved_min_rounds; + x->max_rounds = saved_max_rounds; + x->hash_interval = saved_hash_interval; + x->num_precomputed_rounds = saved_num_precomputed_rounds; /* set counter to the value that was after pre-computed rounds */ x->input[COUNTER] = x->initial_counter; @@ -441,17 +441,17 @@ static void freestyle_randomsetup_encrypt (freestyle_ctx *x) static bool freestyle_randomsetup_decrypt (freestyle_ctx *x) { - u32 i; + u32 i; - u8 R [MAX_INIT_HASHES]; /* random rounds */ + u8 R [MAX_INIT_HASHES]; /* random rounds */ u32 temp1; u32 temp2; const u8 saved_min_rounds = x->min_rounds; const u8 saved_max_rounds = x->max_rounds; - const u8 saved_hash_interval = x->hash_interval; - const u8 saved_num_precomputed_rounds = x->num_precomputed_rounds; + const u8 saved_hash_interval = x->hash_interval; + const u8 saved_num_precomputed_rounds = x->num_precomputed_rounds; u32 pepper; u32 max_pepper = x->pepper_bits == 32 ? @@ -464,10 +464,10 @@ static bool freestyle_randomsetup_decrypt (freestyle_ctx *x) freestyle_init_random_indices (x,random_indices); /* set sane values for initalization */ - x->min_rounds = 8; - x->max_rounds = 32; - x->hash_interval = 1; - x->num_precomputed_rounds = 4; + x->min_rounds = 8; + x->max_rounds = 32; + x->hash_interval = 1; + x->num_precomputed_rounds = 4; for (i = 0; i < MAX_INIT_HASHES; ++i) { R[i] = 0; @@ -530,10 +530,10 @@ static bool freestyle_randomsetup_decrypt (freestyle_ctx *x) } /* set user parameters back */ - x->min_rounds = saved_min_rounds; - x->max_rounds = saved_max_rounds; - x->hash_interval = saved_hash_interval; - x->num_precomputed_rounds = saved_num_precomputed_rounds; + x->min_rounds = saved_min_rounds; + x->max_rounds = saved_max_rounds; + x->hash_interval = saved_hash_interval; + x->num_precomputed_rounds = saved_num_precomputed_rounds; /* set counter to the value that was after pre-computed rounds */ x->input[COUNTER] = x->initial_counter; @@ -556,15 +556,15 @@ static bool freestyle_randomsetup_decrypt (freestyle_ctx *x) } static void freestyle_init_common ( - freestyle_ctx *x, - const u8 *key, - const u16 key_length_bits, - const u8 *iv, - const u8 min_rounds, + freestyle_ctx *x, + const u8 *key, + const u16 key_length_bits, + const u8 *iv, + const u8 min_rounds, const u8 max_rounds, const u8 num_precomputed_rounds, - const u8 pepper_bits, - const u8 num_init_hashes) + const u8 pepper_bits, + const u8 num_init_hashes) { assert (min_rounds >= 1); assert (min_rounds <= max_rounds); @@ -578,25 +578,28 @@ static void freestyle_init_common ( assert (num_init_hashes >= 7); assert (num_init_hashes <= 56); - freestyle_keysetup (x, key, key_length_bits); - freestyle_ivsetup (x, iv, 0); - freestyle_roundsetup (x, min_rounds, max_rounds, - num_precomputed_rounds, - pepper_bits, - num_init_hashes + freestyle_keysetup (x, key, key_length_bits); + freestyle_ivsetup (x, iv, 0); + freestyle_roundsetup ( + x, + min_rounds, + max_rounds, + num_precomputed_rounds, + pepper_bits, + num_init_hashes ); } void freestyle_init_encrypt ( - freestyle_ctx *x, - const u8 *key, - const u16 key_length_bits, - const u8 *iv, - const u8 min_rounds, + freestyle_ctx *x, + const u8 *key, + const u16 key_length_bits, + const u8 *iv, + const u8 min_rounds, const u8 max_rounds, const u8 num_precomputed_rounds, - const u8 pepper_bits, - const u8 num_init_hashes) + const u8 pepper_bits, + const u8 num_init_hashes) { freestyle_init_common ( x, @@ -611,22 +614,22 @@ void freestyle_init_encrypt ( ); x->pepper = 0; - x->is_pepper_set = false; + x->is_pepper_set = false; freestyle_randomsetup_encrypt(x); } void freestyle_init_encrypt_with_pepper ( - freestyle_ctx *x, - const u8 *key, - const u16 key_length_bits, - const u8 *iv, - const u8 min_rounds, + freestyle_ctx *x, + const u8 *key, + const u16 key_length_bits, + const u8 *iv, + const u8 min_rounds, const u8 max_rounds, const u8 num_precomputed_rounds, - const u8 pepper_bits, - const u8 num_init_hashes, - const u32 pepper) + const u8 pepper_bits, + const u8 num_init_hashes, + const u32 pepper) { freestyle_init_common ( x, @@ -640,22 +643,22 @@ void freestyle_init_encrypt_with_pepper ( num_init_hashes ); - x->pepper = pepper; - x->is_pepper_set = true; + x->pepper = pepper; + x->is_pepper_set = true; freestyle_randomsetup_encrypt(x); } bool freestyle_init_decrypt ( - freestyle_ctx *x, - const u8 *key, - const u16 key_length_bits, - const u8 *iv, - const u8 min_rounds, + freestyle_ctx *x, + const u8 *key, + const u16 key_length_bits, + const u8 *iv, + const u8 min_rounds, const u8 max_rounds, const u8 num_precomputed_rounds, - const u8 pepper_bits, - const u8 num_init_hashes, + const u8 pepper_bits, + const u8 num_init_hashes, const u8 *init_hash) { freestyle_init_common ( @@ -671,27 +674,28 @@ bool freestyle_init_decrypt ( ); x->pepper = 0; - x->is_pepper_set = false; + x->is_pepper_set = false; - memcpy ( x->init_hash, - init_hash, - sizeof(x->init_hash) + memcpy ( + x->init_hash, + init_hash, + sizeof(x->init_hash) ); return freestyle_randomsetup_decrypt(x); } bool freestyle_init_decrypt_with_pepper ( - freestyle_ctx *x, - const u8 *key, - const u16 key_length_bits, - const u8 *iv, - const u8 min_rounds, + freestyle_ctx *x, + const u8 *key, + const u16 key_length_bits, + const u8 *iv, + const u8 min_rounds, const u8 max_rounds, const u8 num_precomputed_rounds, - const u8 pepper_bits, - const u8 num_init_hashes, - const u32 pepper, + const u8 pepper_bits, + const u8 num_init_hashes, + const u32 pepper, const u8 *init_hash) { freestyle_init_common ( @@ -706,73 +710,75 @@ bool freestyle_init_decrypt_with_pepper ( num_init_hashes ); - x->pepper = pepper; - x->is_pepper_set = true; + x->pepper = pepper; + x->is_pepper_set = true; - memcpy ( x->init_hash, - init_hash, - sizeof(x->init_hash) + memcpy ( + x->init_hash, + init_hash, + sizeof(x->init_hash) ); return freestyle_randomsetup_decrypt(x); } int freestyle_xcrypt ( - freestyle_ctx *x, - const u8 *plaintext, - u8 *ciphertext, - u32 bytes, + freestyle_ctx *x, + const u8 *plaintext, + u8 *ciphertext, + u32 bytes, u8 *hash, - const bool do_encryption) + const bool do_encryption) { - u32 i = 0; - u32 block = 0; + u32 i = 0; + u32 block = 0; while (bytes > 0) { - u8 bytes_to_process = bytes >= 64 ? 64 : bytes; + u8 bytes_to_process = bytes >= 64 ? 64 : bytes; - u8 num_rounds = freestyle_xcrypt_block ( - x, - plaintext + i, - ciphertext + i, - bytes_to_process, - &hash [block], - do_encryption - ); + u8 num_rounds = freestyle_xcrypt_block ( + x, + plaintext + i, + ciphertext + i, + bytes_to_process, + &hash [block], + do_encryption + ); - if (num_rounds < x->min_rounds) { - return -1; - } + if (num_rounds < x->min_rounds) { + return -1; + } - i += bytes_to_process; - bytes -= bytes_to_process; + i += bytes_to_process; + bytes -= bytes_to_process; - ++block; + ++block; - freestyle_increment_counter(x); + freestyle_increment_counter(x); } return 0; } void freestyle_hash_password ( - const char *password, - const u8 *salt, + const char *password, + const u8 *salt, u8 *hash, const size_t hash_len, - const u8 min_rounds, - const u8 max_rounds, + const u8 min_rounds, + const u8 max_rounds, const u8 num_precomputed_rounds, - const u8 pepper_bits, - const u8 num_init_hashes) + const u8 pepper_bits, + const u8 num_init_hashes) { int i,j; freestyle_ctx x; - const u8 *plaintext = salt; // salt is 'hash_len' bytes long - u8 *ciphertext; + /* salt is 'hash_len' bytes long */ + const u8 *plaintext = salt; + u8 *ciphertext = NULL; u8 key_and_iv [44]; @@ -780,18 +786,18 @@ void freestyle_hash_password ( int password_len = strlen (password); - assert (password_len >= 1 ); - assert (password_len <= 43); - assert (hash_len <= 64); + assert (password_len >= 1); + assert (password_len <= 43); + assert (hash_len <= 64); - ciphertext = malloc(hash_len); - if (! ciphertext) + if (! (ciphertext = malloc(hash_len))) { perror("malloc failed "); exit(-1); } - // fill the key (32 bytes) and IV (first 11 bytes) with password + /* Fill the key (32 bytes) + and IV (first 11 bytes) with password */ for (i = 0; i < 43; ) { for (j = 0; i < 43 && j < password_len; ++j) @@ -818,34 +824,54 @@ void freestyle_hash_password ( num_init_hashes ); - freestyle_encrypt (&x, plaintext, ciphertext, hash_len, &expected_hash); + freestyle_encrypt ( + &x, + plaintext, + ciphertext, + hash_len, + &expected_hash + ); - // 'hash' should be (hash_len + num_init_hashes + 1) long + // 'hash' is (num_init_hashes + 1 + hash_len) long + + memcpy ( + hash, + x.init_hash, + num_init_hashes + ); - memcpy (hash, x.init_hash, num_init_hashes ); - memcpy (hash + num_init_hashes, &expected_hash, 1 ); - memcpy (hash + num_init_hashes + 1, ciphertext, hash_len ); + memcpy ( + hash + num_init_hashes, + &expected_hash, + 1 + ); + + memcpy ( + hash + num_init_hashes + 1, + ciphertext, + hash_len + ); } void freestyle_hash_password_with_pepper ( - const char *password, - const u8 *salt, + const char *password, + const u8 *salt, u8 *hash, const size_t hash_len, - const u8 min_rounds, - const u8 max_rounds, + const u8 min_rounds, + const u8 max_rounds, const u8 num_precomputed_rounds, - const u8 pepper_bits, - const u8 num_init_hashes, - const u32 pepper) + const u8 pepper_bits, + const u8 num_init_hashes, + const u32 pepper) { int i,j; freestyle_ctx x; /* salt is 'hash_len' bytes long */ - const u8 *plaintext = salt; - u8 *ciphertext = NULL; + const u8 *plaintext = salt; + u8 *ciphertext = NULL; u8 key_and_iv [44]; @@ -853,9 +879,9 @@ void freestyle_hash_password_with_pepper ( int password_len = strlen (password); - assert (password_len >= 1); - assert (password_len <= 43); - assert (hash_len <= 64); + assert (password_len >= 1); + assert (password_len <= 43); + assert (hash_len <= 64); if (! (ciphertext = malloc(hash_len))) { @@ -864,7 +890,7 @@ void freestyle_hash_password_with_pepper ( } /* Fill the key (32 bytes) - and IV (first 11 bytes) with password */ + and IV (first 11 bytes) with password */ for (i = 0; i < 43; ) { for (j = 0; i < 43 && j < password_len; ++j) @@ -922,22 +948,22 @@ void freestyle_hash_password_with_pepper ( } bool freestyle_verify_password_hash ( - const char *password, - const u8 *salt, + const char *password, + const u8 *salt, const u8 *hash, const size_t hash_len, - const u8 min_rounds, - const u8 max_rounds, + const u8 min_rounds, + const u8 max_rounds, const u8 num_precomputed_rounds, - const u8 pepper_bits, - const u8 num_init_hashes) + const u8 pepper_bits, + const u8 num_init_hashes) { int i,j; freestyle_ctx x; - const u8 *ciphertext = hash + num_init_hashes + 1; - u8 *plaintext = NULL; + const u8 *ciphertext = hash + num_init_hashes + 1; + u8 *plaintext = NULL; u8 key_and_iv [44]; @@ -945,8 +971,9 @@ bool freestyle_verify_password_hash ( int password_len = strlen (password); - assert (password_len <= 43); - assert (hash_len <= 64); + assert (password_len >= 1); + assert (password_len <= 43); + assert (hash_len <= 64); if (! (plaintext = malloc(hash_len))) { @@ -955,7 +982,7 @@ bool freestyle_verify_password_hash ( } /* Fill the key (32 bytes) - and IV (first 11 bytes) with password */ + and IV (first 11 bytes) with password */ for (i = 0; i < 43; ) { for (j = 0; i < 43 && j < password_len; ++j)