Just import the Dropbear 0.47 libtomcrypt changes

--HG--
branch : libtomcrypt-dropbear
extra : convert_revision : 20dccfc09627970a312d77fb41dc2970b62689c3

makefile → Makefile.in

@@ -6,6 +6,9 @@
 # The version
 VERSION=1.05
 
+VPATH=@[email protected]
+srcdir=@[email protected]
+
 # Compiler and Linker Names
 #CC=gcc
 #LD=ld
@@ -15,25 +18,22 @@ VERSION=1.05
 #ARFLAGS=r
 
 # Compilation flags. Note the += does not write over the user's CFLAGS!
-CFLAGS += -c -I./testprof/ -I./src/headers/ -Wall -Wsign-compare -W -Wshadow -Wno-unused-parameter
+# The rest of the flags come from the parent Dropbear makefile
+CFLAGS += -c -I$(srcdir)/src/headers/ -I$(srcdir)/../
 
 # additional warnings (newer GCC 3.4 and higher)
 #CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wmissing-prototypes \
 #		  -Wmissing-declarations -Wpointer-arith 
 
-ifndef IGNORE_SPEED
-
 # optimize for SPEED
-CFLAGS += -O3 -funroll-loops
+#CFLAGS += -O3 -funroll-loops
 
 # add -fomit-frame-pointer.  hinders debugging!
-CFLAGS += -fomit-frame-pointer
+#CFLAGS += -fomit-frame-pointer
 
 # optimize for SIZE
 #CFLAGS += -Os -DLTC_SMALL_CODE
 
-endif
-
 # older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros
 # define this to help
 #CFLAGS += -DLTC_NO_ROLC
@@ -77,9 +77,9 @@ endif
 #List of objects to compile.
 
 #Leave MPI built-in or force developer to link against libtommath?
-ifndef IGNORE_MPI
-MPIOBJECT=src/misc/mpi/mpi.o
-endif
+#MPIOBJECT=src/misc/mpi/mpi.o
+#Dropbear uses libtommath
+MPIOBJECT=
 
 OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o src/ciphers/anubis.o \
 src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/khazad.o src/ciphers/noekeon.o \
@@ -130,37 +130,7 @@ src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
 src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
 src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
 src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
-src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \
-src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
-src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \
-src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \
-src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \
-src/pk/asn1/der/integer/der_length_integer.o \
-src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
-src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
-src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
-src/pk/asn1/der/octet/der_decode_octet_string.o src/pk/asn1/der/octet/der_encode_octet_string.o \
-src/pk/asn1/der/octet/der_length_octet_string.o \
-src/pk/asn1/der/printable_string/der_decode_printable_string.o \
-src/pk/asn1/der/printable_string/der_encode_printable_string.o \
-src/pk/asn1/der/printable_string/der_length_printable_string.o \
-src/pk/asn1/der/sequence/der_decode_sequence.o src/pk/asn1/der/sequence/der_decode_sequence_multi.o \
-src/pk/asn1/der/sequence/der_encode_sequence.o src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
-src/pk/asn1/der/sequence/der_length_sequence.o \
-src/pk/asn1/der/short_integer/der_decode_short_integer.o \
-src/pk/asn1/der/short_integer/der_encode_short_integer.o \
-src/pk/asn1/der/short_integer/der_length_short_integer.o src/pk/asn1/der/utctime/der_decode_utctime.o \
-src/pk/asn1/der/utctime/der_encode_utctime.o src/pk/asn1/der/utctime/der_length_utctime.o \
-src/pk/dh/dh.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o \
-src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
-src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o src/pk/packet_valid_header.o \
-src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
-src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o src/pk/pkcs1/pkcs_1_pss_decode.o \
-src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
-src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
-src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o \
-src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
-src/prngs/sprng.o src/prngs/yarrow.o 
+src/modes/ofb/ofb_start.o 
 
 HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h \
 src/headers/tomcrypt_macros.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \
@@ -207,7 +177,7 @@ $(LIBTEST):
 
 $(LIBNAME): $(OBJECTS)
 	$(AR) $(ARFLAGS) [email protected] $(OBJECTS) 
-	ranlib $(LIBNAME)
+	$(RANLIB) $(LIBNAME)
 
 #This rule makes the hash program included with libtomcrypt
 hashsum: library $(HASHOBJECTS)
@@ -260,24 +230,8 @@ profile:
 #This rule cleans the source tree of all compiled code, not including the pdf
 #documentation.
 clean:
-	rm -f `find . -type f | grep "[.]o" | xargs`
-	rm -f `find . -type f | grep "[.]lo"  | xargs`
-	rm -f `find . -type f | grep "[.]a" | xargs`
-	rm -f `find . -type f | grep "[.]la"  | xargs`
-	rm -f `find . -type f | grep "[.]obj" | xargs`
-	rm -f `find . -type f | grep "[.]lib" | xargs`
-	rm -f `find . -type f | grep "[.]exe" | xargs`
-	rm -f `find . -type f | grep "[.]gcda" | xargs`
-	rm -f `find . -type f | grep "[.]gcno" | xargs`
-	rm -f `find . -type f | grep "[.]il" | xargs`
-	rm -f `find . -type f | grep "[.]dyn" | xargs`
-	rm -f `find . -type f | grep "[.]dpi" | xargs`
-	rm -rf `find . -type d | grep "[.]libs" | xargs`
-	rm -f crypt.aux  crypt.dvi  crypt.idx  crypt.ilg  crypt.ind  crypt.log crypt.toc
-	rm -f $(TV) $(PROF) $(SMALL) $(CRYPT) $(HASHSUM) $(MULTI) $(TIMING) $(TEST)
-	rm -rf doc/doxygen
-	rm -f doc/*.pdf
-	rm -f *.txt
+	-rm -f $(OBJECTS)
+	-rm -f libtomcrypt.a
 
 #build the doxy files (requires Doxygen, tetex and patience)
 doxy:

src/ciphers/aes/aes.c

@@ -43,6 +43,7 @@
 #define ECB_TEST rijndael_test
 #define ECB_KS   rijndael_keysize
 
+#if 0
 const struct ltc_cipher_descriptor rijndael_desc =
 {
     "rijndael",
@@ -51,6 +52,7 @@ const struct ltc_cipher_descriptor rijndael_desc =
     SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
     NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
+#endif
 
 const struct ltc_cipher_descriptor aes_desc =
 {

src/ciphers/des.c

@@ -20,6 +20,7 @@
 #define EN0 0 
 #define DE1 1
 
+#if 0
 const struct ltc_cipher_descriptor des_desc =
 {
     "des",
@@ -33,6 +34,7 @@ const struct ltc_cipher_descriptor des_desc =
     &des_keysize,
     NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
+#endif
 
 const struct ltc_cipher_descriptor des3_desc =
 {
@@ -1518,6 +1520,7 @@ static void desfunc(ulong32 *block, const ulong32 *keys)
 }
 #endif
 
+#if 0
  /**
     Initialize the DES block cipher
     @param key The symmetric key you wish to pass
@@ -1544,6 +1547,7 @@ int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
 
     return CRYPT_OK;
 }
+#endif
 
  /**
     Initialize the 3DES-EDE block cipher
@@ -1577,6 +1581,7 @@ int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k
     return CRYPT_OK;
 }
 
+#if 0
 /**
   Encrypts a block of text with DES
   @param pt The input plaintext (8 bytes)
@@ -1614,6 +1619,7 @@ void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *
     STORE32H(work[0],pt+0);
     STORE32H(work[1],pt+4);
 }
+#endif
 
 /**
   Encrypts a block of text with 3DES-EDE
@@ -1658,6 +1664,7 @@ void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key
     STORE32H(work[1],pt+4);
 }
 
+#if 0
 /**
   Performs a self-test of the DES block cipher
   @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
@@ -1804,6 +1811,7 @@ int des_test(void)
     return CRYPT_OK;
   #endif
 }
+#endif
 
 int des3_test(void)
 {
@@ -1841,12 +1849,14 @@ int des3_test(void)
  #endif
 }
 
+#if 0
 /** Terminate the context 
    @param skey    The scheduled key
 */
 void des_done(symmetric_key *skey)
 {
 }
+#endif
 
 /** Terminate the context 
    @param skey    The scheduled key
@@ -1856,6 +1866,7 @@ void des3_done(symmetric_key *skey)
 }
 
 
+#if 0
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
@@ -1870,6 +1881,7 @@ int des_keysize(int *keysize)
     *keysize = 8;
     return CRYPT_OK;
 }
+#endif
 
 /**
   Gets suitable key size

src/ciphers/twofish/twofish.c

@@ -43,12 +43,14 @@ const struct ltc_cipher_descriptor twofish_desc =
 #define RS_POLY           0x14D
 
 /* The 4x4 MDS Linear Transform */
+#if 0
 static const unsigned char MDS[4][4] = {
     { 0x01, 0xEF, 0x5B, 0x5B },
     { 0x5B, 0xEF, 0xEF, 0x01 },
     { 0xEF, 0x5B, 0x01, 0xEF },
     { 0xEF, 0x01, 0xEF, 0x5B }
 };
+#endif
 
 /* The 4x8 RS Linear Transform */
 static const unsigned char RS[4][8] = {

src/headers/tomcrypt.h

@@ -23,7 +23,8 @@ extern "C" {
 #define MAXBLOCKSIZE  128
 
 /* descriptor table size */
-#define TAB_SIZE      32
+/* Dropbear change - this should be smaller, saves some size */
+#define TAB_SIZE    4
 
 /* error codes [will be expanded in future releases] */
 enum {

src/headers/tomcrypt_custom.h

 #ifndef TOMCRYPT_CUSTOM_H_
 #define TOMCRYPT_CUSTOM_H_
 
+/* this will sort out which stuff based on the user-config in options.h */
+#include "options.h"
+
 /* macros for various libc functions you can change for embedded targets */
 #define XMALLOC  malloc
 #define XREALLOC realloc
@@ -13,13 +16,16 @@
 #define XCLOCK   clock
 #define XCLOCKS_PER_SEC CLOCKS_PER_SEC
 
-/* Use small code where possible */
-/* #define LTC_SMALL_CODE */
+#ifdef DROPBEAR_SMALL_CODE
+#define LTC_SMALL_CODE
+#endif
+
+/* These spit out warnings etc */
+#define LTC_NO_ROLC
 
 /* Enable self-test test vector checking */
-#ifndef LTC_NO_TEST
-   #define LTC_TEST
-#endif
+/* Not for dropbear */
+//#define LTC_TEST
 
 /* clean the stack of functions which put private information on stack */
 /* #define LTC_CLEAN_STACK */
@@ -36,217 +42,51 @@
 /* disable BSWAP on x86 */
 /* #define LTC_NO_BSWAP */
 
-/* ---> Symmetric Block Ciphers <--- */
-#ifndef LTC_NO_CIPHERS
 
+#ifdef DROPBEAR_BLOWFISH_CBC
 #define BLOWFISH
-#define RC2
-#define RC5
-#define RC6
-#define SAFERP
-#define RIJNDAEL
-#define XTEA
-/* _TABLES tells it to use tables during setup, _SMALL means to use the smaller scheduled key format
- * (saves 4KB of ram), _ALL_TABLES enables all tables during setup */
-#define TWOFISH
-#ifndef LTC_NO_TABLES
-   #define TWOFISH_TABLES
-   /* #define TWOFISH_ALL_TABLES */
-#else
-   #define TWOFISH_SMALL
 #endif
-/* #define TWOFISH_SMALL */
-/* DES includes EDE triple-DES */
-#define DES
-#define CAST5
-#define NOEKEON
-#define SKIPJACK
-#define SAFER
-#define KHAZAD
-#define ANUBIS
-#define ANUBIS_TWEAK
 
-#endif /* LTC_NO_CIPHERS */
+#ifdef DROPBEAR_AES_CBC
+#define RIJNDAEL
+#endif
 
+#ifdef DROPBEAR_TWOFISH_CBC
+#define TWOFISH
 
-/* ---> Block Cipher Modes of Operation <--- */
-#ifndef LTC_NO_MODES
+/* enabling just TWOFISH_SMALL will make the binary ~1kB smaller, turning on
+ * TWOFISH_TABLES will make it a few kB bigger, but perhaps reduces runtime
+ * memory usage? */
+#define TWOFISH_SMALL
+/*#define TWOFISH_TABLES*/
+#endif
 
-#define CFB
-#define OFB
-#define ECB
+#ifdef DROPBEAR_3DES_CBC
+#define DES
+#endif
 #define CBC
-#define CTR
-
-#endif /* LTC_NO_MODES */
 
-/* ---> One-Way Hash Functions <--- */
-#ifndef LTC_NO_HASHES 
-
-#define CHC_HASH
-#define WHIRLPOOL
+#if defined(DROPBEAR_DSS) && defined(DSS_PROTOK)
 #define SHA512
-#define SHA384
-#define SHA256
-#define SHA224
-#define TIGER
-#define SHA1
-#define MD5
-#define MD4
-#define MD2
-#define RIPEMD128
-#define RIPEMD160
-
-#endif /* LTC_NO_HASHES */
-
-/* ---> MAC functions <--- */
-#ifndef LTC_NO_MACS
-
-#define HMAC
-#define OMAC
-#define PMAC
-#define PELICAN
-
-#if defined(PELICAN) && !defined(RIJNDAEL)
-   #error Pelican-MAC requires RIJNDAEL
 #endif
 
-/* ---> Encrypt + Authenticate Modes <--- */
-
-#define EAX_MODE
-#if defined(EAX_MODE) && !(defined(CTR) && defined(OMAC))
-   #error EAX_MODE requires CTR and OMAC mode
-#endif
-
-#define OCB_MODE
-#define CCM_MODE
-
-#define GCM_MODE
+#define SHA1
 
-/* Use 64KiB tables */
-#ifndef LTC_NO_TABLES
-   #define GCM_TABLES 
+#ifdef DROPBEAR_MD5_HMAC
+#define MD5
 #endif
 
-#endif /* LTC_NO_MACS */
+#define HMAC
 
 /* Various tidbits of modern neatoness */
 #define BASE64
 
-/* --> Pseudo Random Number Generators <--- */
-#ifndef LTC_NO_PRNGS
-
-/* Yarrow */
-#define YARROW
-/* which descriptor of AES to use?  */
-/* 0 = rijndael_enc 1 = aes_enc, 2 = rijndael [full], 3 = aes [full] */
-#define YARROW_AES 0
-
-#if defined(YARROW) && !defined(CTR)
-   #error YARROW requires CTR chaining mode to be defined!
-#endif
-
-/* a PRNG that simply reads from an available system source */
-#define SPRNG
-
-/* The RC4 stream cipher */
-#define RC4
-
-/* Fortuna PRNG */
-#define FORTUNA
-/* reseed every N calls to the read function */
-#define FORTUNA_WD    10
-/* number of pools (4..32) can save a bit of ram by lowering the count */
-#define FORTUNA_POOLS 32
-
-/* Greg's SOBER128 PRNG ;-0 */
-#define SOBER128
-
-/* the *nix style /dev/random device */
-#define DEVRANDOM
-/* try /dev/urandom before trying /dev/random */
-#define TRY_URANDOM_FIRST
-
-#endif /* LTC_NO_PRNGS */
-
-/* ---> Public Key Crypto <--- */
-#ifndef LTC_NO_PK
-
-#define MRSA
-
-/* Digital Signature Algorithm */
-#define MDSA
-/* Max diff between group and modulus size in bytes */
-#define MDSA_DELTA     512
-/* Max DSA group size in bytes (default allows 4k-bit groups) */
-#define MDSA_MAX_GROUP 512
-
-/* Diffie-Hellman */
-#define MDH
-/* Supported Key Sizes */
-#define DH768
-#define DH1024
-#define DH1280
-#define DH1536
-#define DH1792
-#define DH2048
-#define DH2560
-#define DH3072
-#define DH4096
-
-/* ECC */
-#define MECC
-/* Supported Key Sizes */
-#define ECC192
-#define ECC224
-#define ECC256
-#define ECC384
-#define ECC521
-
-/* Include the MPI functionality?  (required by the PK algorithms) */
-#define MPI
-
-#endif /* LTC_NO_PK */
-
-/* PKCS #1 (RSA) and #5 (Password Handling) stuff */
-#ifndef LTC_NO_PKCS
-
-#define PKCS_1
-#define PKCS_5
-
-/* Include ASN.1 DER (required by DSA/RSA) */
-#define LTC_DER
-#if defined(LTC_DER) && !defined(MPI) 
-   #error ASN.1 DER requires MPI functionality
-#endif
-
-#if (defined(MDSA) || defined(MRSA)) && !defined(LTC_DER)
-   #error RSA/DSA requires ASN.1 DER functionality, make sure LTC_DER is enabled
-#endif
-
-#endif /* LTC_NO_PKCS */
-
-#endif
-
-
-/* THREAD management */
-
-#ifdef LTC_PTHREAD
-
-#include <pthread.h>
-
-#define LTC_MUTEX_GLOBAL(x)   pthread_mutex_t x = PTHREAD_MUTEX_INITIALIZER;
-#define LTC_MUTEX_PROTO(x)    extern pthread_mutex_t x;
-#define LTC_MUTEX_LOCK(x)     pthread_mutex_lock(x);
-#define LTC_MUTEX_UNLOCK(x)   pthread_mutex_unlock(x);
-
-#else 
-
 /* default no functions */
 #define LTC_MUTEX_GLOBAL(x)
 #define LTC_MUTEX_PROTO(x)
 #define LTC_MUTEX_LOCK(x)
 #define LTC_MUTEX_UNLOCK(x)
+#define FORTUNA_POOLS 0
 
 #endif
 

src/misc/crypt/crypt.c

@@ -15,6 +15,7 @@
   Build strings, Tom St Denis
 */  
 
+/*
 const char *crypt_build_settings =
    "LibTomCrypt " SCRYPT " (Tom St Denis, [email protected])\n"
    "LibTomCrypt is public domain software.\n"
@@ -308,6 +309,7 @@ const char *crypt_build_settings =
     "\n"
     "\n\n\n"
     ;
+	*/
 
 
 /* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt.c,v $ */