├── .gitignore ├── CMakeLists.txt ├── CONTRIBUTING.md ├── COPYING ├── COPYING.LESSER ├── ChangeLog ├── Makefile.am ├── README ├── README.md ├── autogen.sh ├── configure.ac ├── doc ├── nums │ ├── README.md │ └── hexsqrt.c └── papers │ ├── 132.pdf │ ├── 179.pdf │ ├── 187.pdf │ ├── 2011_progress_report.pdf │ ├── 372.pdf │ ├── 409-1.pdf │ ├── 44N.pdf │ ├── Algebraic_Geometric_Coding_Theory.pdf │ ├── Gerhard_Hoffmann.bachelor.pdf │ ├── Goppa codes.pdf │ ├── Goppa.pdf │ ├── PQC-4.pdf │ ├── PQC-S2.pdf │ ├── SCC2010a.pdf │ ├── Sarwate77Complexity.pdf │ ├── Srivastava.pdf │ ├── article-267.pdf │ ├── berlekamp_trace.pdf │ ├── binarygoppatutorial.pdf │ ├── biswas_phd.pdf │ ├── cfs_Landais.pdf │ ├── cfs_implementation.pdf │ ├── cfs_qd.pdf │ ├── cfs_signature.pdf │ ├── cgg_signature.pdf │ ├── circfin.pdf │ ├── coding_theory.pdf │ ├── conway_gf2m.pdf │ ├── courtois-finiasz-sendrier-isit02.pdf │ ├── examples.pdf │ ├── fsb_hash.pdf │ ├── fujisaki-okamoto.pdf │ ├── gg_double_circulant.pdf │ ├── goppalist-20080706.pdf │ ├── goppalist-20081107.pdf │ ├── hamdi_attack.pdf │ ├── hamdi_signature.pdf │ ├── hash_signatures_2Mss.pdf │ ├── hash_signatures_fmtseq.pdf │ ├── hashbasedcrypto.pdf │ ├── irreducible_polys.pdf │ ├── kobara-imai.pdf │ ├── kobara_enc_sig.pdf │ ├── lengthhiding-corrected.pdf │ ├── linearized_polys.pdf │ ├── mcbits-20130616.pdf │ ├── mceliece-semantic.pdf │ ├── mceliece_qd_presentation.pdf │ ├── mdpc-impl.pdf │ ├── mdpc.pdf │ ├── merkle1.pdf │ ├── nsa-anti.pdf │ ├── nsa-nse-06.pdf │ ├── overview.pdf │ ├── ppi1748.pdf │ ├── presentation-baretto.pdf │ ├── qcmdpc_impl_slides.pdf │ ├── rootfinding.pdf │ ├── shoup_factoring.pdf │ ├── sphincs-20150202.pdf │ ├── strenghtening_parallel_cfs.pdf │ ├── synd_cipher.pdf │ ├── thesis_pkcc.pdf │ └── xsynd.pdf ├── man └── ccr.1 └── src ├── actions.cpp ├── actions.h ├── algo_suite.cpp ├── algo_suite.h ├── algorithm.h ├── algos_enc.cpp ├── algos_enc.h ├── algos_sig.cpp ├── algos_sig.h ├── arcfour.h ├── base64.cpp ├── base64.h ├── bvector.cpp ├── bvector.h ├── chacha.cpp ├── chacha.h ├── cube_hash.h ├── cubehash_impl.h ├── decoding.h ├── envelope.cpp ├── envelope.h ├── factoryof.h ├── fft.cpp ├── fft.h ├── fmtseq.cpp ├── fmtseq.h ├── generator.cpp ├── generator.h ├── gf2m.cpp ├── gf2m.h ├── hash.cpp ├── hash.h ├── hashfile.cpp ├── hashfile.h ├── iohelpers.cpp ├── iohelpers.h ├── ios.cpp ├── ios.h ├── keyring.cpp ├── keyring.h ├── main.cpp ├── matrix.cpp ├── matrix.h ├── mce_qcmdpc.cpp ├── mce_qcmdpc.h ├── message.cpp ├── message.h ├── permutation.cpp ├── permutation.h ├── polynomial.cpp ├── polynomial.h ├── privfile.cpp ├── privfile.h ├── prng.h ├── pwrng.cpp ├── pwrng.h ├── rmd_hash.h ├── sc.cpp ├── sc.h ├── seclock.cpp ├── seclock.h ├── sencode.cpp ├── sencode.h ├── serialization.cpp ├── sha_hash.h ├── str_match.cpp ├── str_match.h ├── symkey.cpp ├── symkey.h ├── tiger_hash.h ├── types.h ├── vector_item.h ├── xsynd.cpp └── xsynd.h /.gitignore: -------------------------------------------------------------------------------- 1 | aclocal.m4 2 | AUTHORS 3 | autom4te.cache/ 4 | ccr 5 | cmake-build-debug 6 | CMakeCache.txt 7 | CMakeFiles 8 | cmake_install.cmake 9 | codecrypt-*.tar.gz 10 | compile 11 | config.guess 12 | config.log 13 | config.status 14 | config.sub 15 | configure 16 | depcomp 17 | .idea 18 | INSTALL 19 | install-sh 20 | libtool 21 | ltmain.sh 22 | m4/ 23 | Makefile 24 | Makefile.in 25 | missing 26 | NEWS 27 | src/.deps/ 28 | src/.dirstamp 29 | src/*.o 30 | -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Alternative way for building the project from git, viable for less-unixy 2 | # platforms. Do _NOT_ use this for packaging; _DO_ use autotools instead. 3 | # 4 | # (c) 2018- tearsofphoenix 5 | 6 | cmake_minimum_required(VERSION 3.8) 7 | project(ccr) 8 | 9 | set(CMAKE_CXX_STANDARD 11) 10 | 11 | if (APPLE) 12 | include_directories(/usr/local/opt/gmp/include /usr/local/opt/fftw/include) 13 | link_directories(/usr/local/opt/gmp/lib /usr/local/opt/fftw/lib) 14 | add_definitions(-DHAVE_READPASSPHRASE=1) 15 | 16 | find_library(HAVE_CRYPTOPP cryptopp) 17 | if(HAVE_CRYPTOPP) 18 | add_definitions(-DHAVE_CRYPTOPP=1) 19 | include_directories(/usr/local/opt/cryptopp/include) 20 | link_directories(/usr/local/opt/cryptopp/lib) 21 | else() 22 | message(WARNING "install cryptopp by homebrew is better") 23 | endif() 24 | 25 | elseif(UNIX) 26 | include_directories(/usr/include) 27 | link_directories(/usr/lib) 28 | 29 | find_library(HAVE_BSDREADPASSPHRASE bsd) 30 | if (HAVE_BSDREADPASSPHRASE) 31 | add_definitions(-DHAVE_BSDREADPASSPHRASE=1) 32 | else() 33 | message(FATAL_ERROR "libbsd missing, you can install libbsd-dev package!") 34 | endif() 35 | 36 | find_library(HAVE_CRYPTOPP crypto++) 37 | if(HAVE_CRYPTOPP) 38 | add_definitions(-DHAVE_CRYPTOPP=1 -DCRYPTOPP_DIR_PLUS=1) 39 | else() 40 | message(WARNING "use crypto++ is better") 41 | endif() 42 | 43 | endif (APPLE) 44 | 45 | add_definitions(-DPACKAGE_VERSION="1.8") 46 | 47 | add_executable(ccr 48 | src/actions.cpp 49 | src/algo_suite.cpp 50 | src/algos_enc.cpp 51 | src/algos_sig.cpp 52 | src/base64.cpp 53 | src/bvector.cpp 54 | src/chacha.cpp 55 | src/envelope.cpp 56 | src/fft.cpp 57 | src/fmtseq.cpp 58 | src/generator.cpp 59 | src/gf2m.cpp 60 | src/hash.cpp 61 | src/hashfile.cpp 62 | src/iohelpers.cpp 63 | src/ios.cpp 64 | src/keyring.cpp 65 | src/main.cpp 66 | src/matrix.cpp 67 | src/mce_qcmdpc.cpp 68 | src/message.cpp 69 | src/permutation.cpp 70 | src/privfile.cpp 71 | src/polynomial.cpp 72 | src/sc.cpp 73 | src/seclock.cpp 74 | src/sencode.cpp 75 | src/serialization.cpp 76 | src/str_match.cpp 77 | src/symkey.cpp 78 | src/pwrng.cpp 79 | src/xsynd.cpp) 80 | 81 | target_link_libraries(ccr fftw3 gmp) 82 | 83 | if (APPLE) 84 | elseif(UNIX) 85 | if (HAVE_BSDREADPASSPHRASE) 86 | target_link_libraries(ccr bsd) 87 | endif() 88 | endif (APPLE) 89 | 90 | if (HAVE_CRYPTOPP) 91 | if(CRYPTOPP_DIR_PLUS) 92 | target_link_libraries(ccr crypto++) 93 | else() 94 | target_link_libraries(ccr cryptopp) 95 | endif() 96 | endif () 97 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | 2 | # How to contribute to Codecrypt? 3 | 4 | 1. Fork and add a feature or a correction 5 | 2. Check that the feature/correction is applicable (see below) 6 | 3. Check that the code is in a good shape (also below) 7 | 4. Send pull request 8 | 5. Profit 9 | 10 | ### Applicable features 11 | 12 | - All cryptography should be post-quantum (this mainly removes group-based 13 | asymmetric primitives) 14 | - The program is strictly off-line, almost-non-interactive, commandline only 15 | - Algorithms that are not mainstream are better 16 | - Less code is always better 17 | - Less magic is always better 18 | 19 | ### Good shape of the code 20 | 21 | - Compile with `-Wall` 22 | - Format the code using `astyle --style=linux -xl -xk -pdtLnU -M80` 23 | - Try to follow similar naming conventions as the rest of the project 24 | - Automated memory management is always better 25 | - Use a modern C++ (unlike what codecrypt started with) 26 | -------------------------------------------------------------------------------- /COPYING.LESSER: -------------------------------------------------------------------------------- 1 | GNU LESSER GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | 9 | This version of the GNU Lesser General Public License incorporates 10 | the terms and conditions of version 3 of the GNU General Public 11 | License, supplemented by the additional permissions listed below. 12 | 13 | 0. Additional Definitions. 14 | 15 | As used herein, "this License" refers to version 3 of the GNU Lesser 16 | General Public License, and the "GNU GPL" refers to version 3 of the GNU 17 | General Public License. 18 | 19 | "The Library" refers to a covered work governed by this License, 20 | other than an Application or a Combined Work as defined below. 21 | 22 | An "Application" is any work that makes use of an interface provided 23 | by the Library, but which is not otherwise based on the Library. 24 | Defining a subclass of a class defined by the Library is deemed a mode 25 | of using an interface provided by the Library. 26 | 27 | A "Combined Work" is a work produced by combining or linking an 28 | Application with the Library. The particular version of the Library 29 | with which the Combined Work was made is also called the "Linked 30 | Version". 31 | 32 | The "Minimal Corresponding Source" for a Combined Work means the 33 | Corresponding Source for the Combined Work, excluding any source code 34 | for portions of the Combined Work that, considered in isolation, are 35 | based on the Application, and not on the Linked Version. 36 | 37 | The "Corresponding Application Code" for a Combined Work means the 38 | object code and/or source code for the Application, including any data 39 | and utility programs needed for reproducing the Combined Work from the 40 | Application, but excluding the System Libraries of the Combined Work. 41 | 42 | 1. Exception to Section 3 of the GNU GPL. 43 | 44 | You may convey a covered work under sections 3 and 4 of this License 45 | without being bound by section 3 of the GNU GPL. 46 | 47 | 2. Conveying Modified Versions. 48 | 49 | If you modify a copy of the Library, and, in your modifications, a 50 | facility refers to a function or data to be supplied by an Application 51 | that uses the facility (other than as an argument passed when the 52 | facility is invoked), then you may convey a copy of the modified 53 | version: 54 | 55 | a) under this License, provided that you make a good faith effort to 56 | ensure that, in the event an Application does not supply the 57 | function or data, the facility still operates, and performs 58 | whatever part of its purpose remains meaningful, or 59 | 60 | b) under the GNU GPL, with none of the additional permissions of 61 | this License applicable to that copy. 62 | 63 | 3. Object Code Incorporating Material from Library Header Files. 64 | 65 | The object code form of an Application may incorporate material from 66 | a header file that is part of the Library. You may convey such object 67 | code under terms of your choice, provided that, if the incorporated 68 | material is not limited to numerical parameters, data structure 69 | layouts and accessors, or small macros, inline functions and templates 70 | (ten or fewer lines in length), you do both of the following: 71 | 72 | a) Give prominent notice with each copy of the object code that the 73 | Library is used in it and that the Library and its use are 74 | covered by this License. 75 | 76 | b) Accompany the object code with a copy of the GNU GPL and this license 77 | document. 78 | 79 | 4. Combined Works. 80 | 81 | You may convey a Combined Work under terms of your choice that, 82 | taken together, effectively do not restrict modification of the 83 | portions of the Library contained in the Combined Work and reverse 84 | engineering for debugging such modifications, if you also do each of 85 | the following: 86 | 87 | a) Give prominent notice with each copy of the Combined Work that 88 | the Library is used in it and that the Library and its use are 89 | covered by this License. 90 | 91 | b) Accompany the Combined Work with a copy of the GNU GPL and this license 92 | document. 93 | 94 | c) For a Combined Work that displays copyright notices during 95 | execution, include the copyright notice for the Library among 96 | these notices, as well as a reference directing the user to the 97 | copies of the GNU GPL and this license document. 98 | 99 | d) Do one of the following: 100 | 101 | 0) Convey the Minimal Corresponding Source under the terms of this 102 | License, and the Corresponding Application Code in a form 103 | suitable for, and under terms that permit, the user to 104 | recombine or relink the Application with a modified version of 105 | the Linked Version to produce a modified Combined Work, in the 106 | manner specified by section 6 of the GNU GPL for conveying 107 | Corresponding Source. 108 | 109 | 1) Use a suitable shared library mechanism for linking with the 110 | Library. A suitable mechanism is one that (a) uses at run time 111 | a copy of the Library already present on the user's computer 112 | system, and (b) will operate properly with a modified version 113 | of the Library that is interface-compatible with the Linked 114 | Version. 115 | 116 | e) Provide Installation Information, but only if you would otherwise 117 | be required to provide such information under section 6 of the 118 | GNU GPL, and only to the extent that such information is 119 | necessary to install and execute a modified version of the 120 | Combined Work produced by recombining or relinking the 121 | Application with a modified version of the Linked Version. (If 122 | you use option 4d0, the Installation Information must accompany 123 | the Minimal Corresponding Source and Corresponding Application 124 | Code. If you use option 4d1, you must provide the Installation 125 | Information in the manner specified by section 6 of the GNU GPL 126 | for conveying Corresponding Source.) 127 | 128 | 5. Combined Libraries. 129 | 130 | You may place library facilities that are a work based on the 131 | Library side by side in a single library together with other library 132 | facilities that are not Applications and are not covered by this 133 | License, and convey such a combined library under terms of your 134 | choice, if you do both of the following: 135 | 136 | a) Accompany the combined library with a copy of the same work based 137 | on the Library, uncombined with any other library facilities, 138 | conveyed under the terms of this License. 139 | 140 | b) Give prominent notice with the combined library that part of it 141 | is a work based on the Library, and explaining where to find the 142 | accompanying uncombined form of the same work. 143 | 144 | 6. Revised Versions of the GNU Lesser General Public License. 145 | 146 | The Free Software Foundation may publish revised and/or new versions 147 | of the GNU Lesser General Public License from time to time. Such new 148 | versions will be similar in spirit to the present version, but may 149 | differ in detail to address new problems or concerns. 150 | 151 | Each version is given a distinguishing version number. If the 152 | Library as you received it specifies that a certain numbered version 153 | of the GNU Lesser General Public License "or any later version" 154 | applies to it, you have the option of following the terms and 155 | conditions either of that published version or of any later version 156 | published by the Free Software Foundation. If the Library as you 157 | received it does not specify a version number of the GNU Lesser 158 | General Public License, you may choose any version of the GNU Lesser 159 | General Public License ever published by the Free Software Foundation. 160 | 161 | If the Library as you received it specifies that a proxy can decide 162 | whether future versions of the GNU Lesser General Public License shall 163 | apply, that proxy's public statement of acceptance of any version is 164 | permanent authorization for you to choose that version for the 165 | Library. 166 | -------------------------------------------------------------------------------- /ChangeLog: -------------------------------------------------------------------------------- 1 | 2 | Codecrypt ChangeLog 3 | 4 | 1.7.6 5 | 6 | - small improvements in keyring, hash verification and documentation 7 | - allow user-supplied random seed source 8 | - fix warnings on clang 9 | 10 | 1.7.5 11 | 12 | - standardize Cubehash implementation 13 | (all implications for FMTSeq keys and KeyIDs are documented in FAQ) 14 | 15 | - remove obsolete MCE-QD 16 | - support big-endian architectures 17 | 18 | 1.7.4 19 | 20 | - maintenance release that fixes some cosmetic issues for debianization 21 | 22 | 1.7.3 23 | 24 | - tiny fixes in mce_qcmdpc to improve decoding 25 | 26 | 1.7.2 27 | 28 | - better autoconfiguration of crypto++ include path 29 | - support redirection to `-' 30 | - add -E option 31 | - update docs a bit 32 | - correctly escape outputs 33 | 34 | 1.7.1 35 | 36 | - rewrite QC-MDPC decoding for speed (still around O(wi^2)) 37 | - fix the padding broken on non-byte-aligned numbers 38 | 39 | 1.7 40 | 41 | - add QC-MDPC McEliece variant 42 | - mark QD McEliece as broken 43 | - reimplement bit vectors (for speed) 44 | - some code quality updates 45 | - prevent mangling of command line output by crafted keyring 46 | 47 | 1.6.1 48 | 49 | - simplify padding for symmetric encryption 50 | - fix possible known-plaintext attack against symmetric encryption padding 51 | 52 | 1.6 53 | 54 | - fix fmtseq short message padding bug (fixed by previous) 55 | - virtualize the stream ciphers 56 | - add ChaCha20 57 | - add XSYND 58 | - remove RC4 from standard PRNG 59 | - fix possible side-channel attack on F-O decryption timing 60 | - remove RC4 usage from FMTSEQ, replace with ChaCha20, rename algos 61 | - add support for symmetric encryption (long files!) 62 | - add several new encryption ciphers (use xsynd and chacha) 63 | - add convenience aliases for --gen-key 64 | 65 | 1.5 66 | 67 | - add hashfile support with -S 68 | - gf2m log/antilog saving, and several other speedups 69 | - switched to icase matching for key names 70 | 71 | 1.4.1 72 | 73 | - compile on windows 74 | - cleanup some code, clarify&be helpful on the `-a' option 75 | - prevent possible memory corruption on FMTSeq mangled privkeys 76 | - prevent keyring corruption by interrupted write 77 | - make keyring backups and don't do unnecessary writes 78 | 79 | 1.4 80 | 81 | - add Cubehash, spawn all algorithms using only Cubehash 82 | - make crypto++ dependency optional 83 | - cubehash256 is now used for KeyIDs instead of SHA256 84 | - bump message and keyring version strings 85 | 86 | 1.3.1 87 | 88 | - get rid of bundled hash sources and licensing problems 89 | 90 | 1.3 91 | 92 | - fix too aggressive locking of keyring that caused deadlocks on piping 93 | - fix many warnings and code inconsistencies 94 | - correct licensing information from ccr --version 95 | - prevent possible problems with forged sencode 96 | - add this helpful changelog :) 97 | 98 | 1.2 99 | 100 | - improve arcfour usage (much stuff is thus incompatible with older versions) 101 | - added a manual page 102 | - added H20 variants of FMTSeq (they provide more than 1M signatures) 103 | 104 | 1.1 105 | 106 | - several speed improvements (colex ranking and MceQD decoding) 107 | - cleanup of some unneeded parts 108 | 109 | 1.0 110 | 111 | - key naming fixes 112 | - add 2^192-secure algorithm variants 113 | - improve message padding for encryption (incompatible with previous format) 114 | 115 | 0.9 116 | 117 | - first released version 118 | 119 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS = subdir-objects 2 | ACLOCAL_AMFLAGS = -I m4 3 | 4 | dist_man_MANS = man/ccr.1 5 | dist_noinst_SCRIPTS = autogen.sh 6 | bin_PROGRAMS = ccr 7 | 8 | ccr_SOURCES = src/hash.cpp src/sencode.cpp src/gf2m.cpp src/chacha.cpp src/algo_suite.cpp src/fft.cpp src/hashfile.cpp src/symkey.cpp src/bvector.cpp src/str_match.cpp src/keyring.cpp src/ios.cpp src/algos_enc.cpp src/message.cpp src/sc.cpp src/envelope.cpp src/permutation.cpp src/mce_qcmdpc.cpp src/pwrng.cpp src/xsynd.cpp src/serialization.cpp src/generator.cpp src/iohelpers.cpp src/main.cpp src/actions.cpp src/polynomial.cpp src/algos_sig.cpp src/matrix.cpp src/seclock.cpp src/base64.cpp src/privfile.cpp src/fmtseq.cpp 9 | noinst_HEADERS = src/str_match.h src/permutation.h src/rmd_hash.h src/fft.h src/mce_qcmdpc.h src/hash.h src/algo_suite.h src/message.h src/symkey.h src/polynomial.h src/gf2m.h src/factoryof.h src/keyring.h src/sc.h src/fmtseq.h src/cube_hash.h src/xsynd.h src/arcfour.h src/sencode.h src/sha_hash.h src/prng.h src/tiger_hash.h src/generator.h src/decoding.h src/iohelpers.h src/cubehash_impl.h src/algorithm.h src/ios.h src/bvector.h src/hashfile.h src/actions.h src/types.h src/pwrng.h src/algos_sig.h src/matrix.h src/chacha.h src/algos_enc.h src/privfile.h src/vector_item.h src/base64.h src/envelope.h src/seclock.h 10 | 11 | AM_CPPFLAGS = -I$(top_srcdir) 12 | AM_CFLAGS = -Wall 13 | 14 | ccr_CPPFLAGS = $(FFTW3_CFLAGS) $(CRYPTOPP_CFLAGS) 15 | ccr_LDADD = $(FFTW3_LIBS) $(CRYPTOPP_LIBS) 16 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | README.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | # Codecrypt 3 | 4 | The post-quantum cryptography tool. 5 | 6 | Codecrypt is currently unmaintained, although I still successfully use it. If 7 | you are interested in developing/maintaining it, ping me. 8 | 9 | #### About 10 | 11 | This is a GnuPG-like unix program for encryption and signing that uses only 12 | quantum-computer-resistant algorithms: 13 | 14 | - McEliece cryptosystem (compact QC-MDPC variant) for encryption 15 | - Hash-based Merkle tree algorithm (FMTSeq variant) for digital signatures 16 | 17 | Codecrypt is free software. The code is licensed under terms of LGPL3 in a good 18 | hope that it will make combinations with other tools easier. 19 | 20 | #### Why this? 21 | 22 | Go read http://pqcrypto.org/ 23 | 24 | #### Links 25 | 26 | - infopage: http://e-x-a.org/codecrypt/ 27 | - *package downloads*: http://e-x-a.org/codecrypt/files/ 28 | 29 | #### Distro packages 30 | 31 | - Gentoo packages: https://packages.gentoo.org/packages/app-crypt/codecrypt 32 | with current ebuild usually available at http://e-x-a.org/codecrypt/files 33 | - Debian packages: `apt-get install codecrypt` 34 | - Arch linux: see https://aur.archlinux.org/packages/codecrypt/ 35 | - *Windows port* is maintained separately here: https://github.com/mike805/codecrypt-win32 36 | 37 | Language wrappers: 38 | 39 | - Python bindings: https://github.com/mike805/codecrypt-python/ 40 | 41 | #### Documentation 42 | 43 | There is a complete, UNIXy manual page supplied with the package. You can view 44 | it online here: http://e-x-a.org/codecrypt/ccr.1.html 45 | 46 | ##### Used cryptography overview 47 | 48 | To achieve the stated goal, codecrypt uses a lot of (traditional, but 49 | "quantum-secure") cryptographic primitives. Choices of primitives were based on 50 | easy auditability of design, simplicity and provided security. 51 | 52 | The git repo of codecrypt contains `doc/papers` with an unsorted heap of 53 | academic papers and slides about relevant topics. 54 | 55 | Stream ciphers used: 56 | 57 | - ChaCha20, the recommended choice from djb 58 | - XSynd stream cipher as an interesting and nontraditional candidate also based 59 | on assumptions from coding theory; used NUMS (it requires lot of NUMS) are 60 | explained in `doc/nums` directory in the repo. 61 | - Arcfour for initial simplicity of implementation. After recent statistical 62 | attacks I cannot recommend using any RC4 variant anymore, but provided 63 | padding and the "offline-only" usage of codecrypt keeps the usage mostly 64 | secure. 65 | 66 | CRHFs used: 67 | 68 | - Cubehash variants were selected for implementation ease, really clean design, 69 | quite good speed and flexibility of parameter choices. This is also the only 70 | hash possibility when Crypto++ library is not linked to codecrypt. KeyIDs 71 | are CUBE256 hashes of corresponding serialized public keys. 72 | - ripemd128 for small hashes 73 | - tiger192 is used as an alternative for Cubehash for 192bit hashes 74 | - There's always a variant with SHA-256, SHA-384 or SHA-512. 75 | 76 | Signature algorithms: 77 | 78 | - FMTSeq with many possibilities and combinations of aforementioned CRHFs 79 | - SPHINCS256 support is scheduled for next release 80 | 81 | Encryption algorithms: 82 | 83 | - MDPC McEliece on quasi-cyclic matrices. The implementation uses some tricks 84 | to speedup the (pretty slow) cyclic matrix multiplication (most notably 85 | libfftm3 in this version). For padding using the Fujisaki-Okamoto scheme, the 86 | cipher requires a stream cipher and a CRHF, used ciphers and CRHFs are 87 | specified in the algorithm name -- e.g. MCEQCMDPC128FO-CUBE256-CHACHA20 means 88 | that the parameters are tuned to provide 128bit security, uses CUBE256 hash, 89 | and ChaCha20 stream cipher. 90 | - Quasi-dyadic McEliece was included in codecrypt as an original algorithm, but 91 | is now broken and prints a warning message on any usage. 92 | 93 | Caveats: 94 | 95 | Cryptography is **not intended for "online" use**, because some algorithms 96 | (especially the MDPC decoding) are (slightly) vulnerable to timing attacks. 97 | 98 | ## Quick How-To 99 | 100 | Everything is meant to work mostly like GnuPG, but with some good simplicity 101 | margin. Let's play with random data! 102 | 103 | 104 | ccr -g help 105 | ccr -g sig --name "John Doe" # your signature key 106 | ccr -g enc --name "John Doe" # your encryption key 107 | 108 | ccr -K #watch the generated keys 109 | ccr -k 110 | 111 | ccr -p -a -o my_pubkeys.asc -F Doe # export your pubkeys for friends 112 | 113 | #(now you should exchange the pubkeys with friends) 114 | 115 | #see what people sent us, possibly check the fingerprints 116 | ccr -inaf < friends_pubkeys.asc 117 | 118 | #import Frank's key and rename it 119 | ccr -ia -R friends_pubkeys.asc --name "Friendly Frank" 120 | 121 | #send a nice message to Frank (you can also specify him by @12345 keyid) 122 | ccr -se -r Frank < Document.doc > Message_to_frank.ccr 123 | 124 | #receive a reply 125 | ccr -dv -o Decrypted_verified_reply.doc big_data.iso 145 | 146 | #password-protect all your private keys 147 | ccr -L 148 | 149 | #protect a symmetric key using another symmetric key 150 | ccr -L -S symkey1 -w symkey2 151 | 152 | #password-protect symkey2 with a custom cipher 153 | ccr -L -S symkey2 -w @xsynd,cube512 154 | 155 | ## Option reference 156 | 157 | For completeness I add listing of all options here (also available from 158 | `ccr --help`) 159 | 160 | Usage: ./ccr [options] 161 | 162 | Common options: 163 | -h, --help display this help 164 | -V, --version display version information 165 | -T, --test perform (probably nonexistent) testing/debugging stuff 166 | 167 | Global options: 168 | -R, --in set input file, default is stdin 169 | -o, --out set output file, default is stdout 170 | -E, --err the same for stderr 171 | -a, --armor use ascii-armored I/O 172 | -y, --yes assume that answer is `yes' everytime 173 | 174 | Actions: 175 | -s, --sign sign a message 176 | -v, --verify verify a signed message 177 | -e, --encrypt encrypt a message 178 | -d, --decrypt decrypt an encrypted message 179 | 180 | Action options: 181 | -r, --recipient encrypt for given user 182 | -u, --user use specified secret key 183 | -C, --clearsign work with cleartext signatures 184 | -b, --detach-sign specify file with detached signature 185 | -S, --symmetric enable symmetric mode of operation where encryption 186 | is done using symmetric cipher and signatures are 187 | hashes, and specify a filename of symmetric key or hashes 188 | 189 | Key management: 190 | -g, --gen-key generate keys for specified algorithm 191 | -g help list available cryptographic algorithms 192 | -k, --list list the contents of keyring 193 | -K, --list-secret 194 | -i, --import import keys 195 | -I, --import-secret 196 | -p, --export export keys 197 | -P, --export-secret 198 | -x, --delete delete matching keys 199 | -X, --delete-secret 200 | -m, --rename rename matching keys 201 | -M, --rename-secret 202 | -L, --lock lock secrets 203 | -U, --unlock unlock secrets 204 | 205 | Key management options: 206 | -F, --filter only work with keys with matching names 207 | -f, --fingerprint format full key IDs nicely for human eyes 208 | -N, --name specify a new name for renaming or importing 209 | -n, --no-action on import, only show what would be imported 210 | -w, --with-lock specify the symmetric key for (un)locking the secrets 211 | -w @SPEC ask for password and expand it to a symmetric key 212 | of type SPEC for (un)locking the secret 213 | 214 | 215 | ## Disclaimer 216 | 217 | Codecrypt eats data. Use it with caution. Read the F manual. 218 | 219 | Author is a self-taught cryptographer. 220 | 221 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # simple autogen script that generates basic layout for autotools. 4 | 5 | NAME="ccr" 6 | 7 | OUT=Makefile.am 8 | touch NEWS AUTHORS ChangeLog 9 | echo > $OUT 10 | 11 | DISTDIRS="" 12 | 13 | echo "AUTOMAKE_OPTIONS = subdir-objects" >>$OUT 14 | echo "ACLOCAL_AMFLAGS = -I m4" >>$OUT 15 | echo "dist_man_MANS = man/${NAME}.1" >>$OUT 16 | echo "dist_noinst_SCRIPTS = autogen.sh" `for i in $DISTDIRS ; do find \$i -type f ; done | tr "\n" " " ` >>$OUT 17 | 18 | echo "bin_PROGRAMS = ${NAME}" >>$OUT 19 | echo "${NAME}_SOURCES = `( find src/ -type f -name \*.c ; find src/ -type f -name \*.cpp ) |tr \"\n\" \" \" ` " >>$OUT 20 | echo "noinst_HEADERS = `find src/ -type f -name \*.h |tr \"\n\" \" \" `" >>$OUT 21 | echo "AM_CPPFLAGS = -I\$(top_srcdir)" >>$OUT 22 | echo "AM_CFLAGS = -Wall" >>$OUT 23 | echo "${NAME}_CPPFLAGS = \$(FFTW3_CFLAGS) \$(CRYPTOPP_CFLAGS)" >>$OUT 24 | echo "${NAME}_LDADD = \$(FFTW3_LIBS) \$(CRYPTOPP_LIBS)" >>$OUT 25 | 26 | if [[ "$OSTYPE" == "darwin"* ]]; then 27 | glibtoolize --force && aclocal && autoconf && automake --add-missing 28 | else 29 | libtoolize --force && aclocal && autoconf && automake --add-missing 30 | fi 31 | -------------------------------------------------------------------------------- /configure.ac: -------------------------------------------------------------------------------- 1 | AC_PREREQ([2.69]) 2 | AC_INIT([codecrypt], [1.8]) 3 | AC_CONFIG_AUX_DIR([build-aux]) dnl because of libtoolize 4 | AC_CONFIG_MACRO_DIR([m4]) 5 | 6 | AM_INIT_AUTOMAKE() 7 | m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) 8 | 9 | LT_INIT 10 | AC_PROG_CXX 11 | 12 | dnl check for compilable GMP presence 13 | AC_CHECK_HEADERS([gmp.h], [], [AC_MSG_ERROR([Codecrypt requires gmp.h])]) 14 | AC_SEARCH_LIBS([__gmpz_init], [gmp], [], [AC_MSG_ERROR([Codecrypt requires libgmp])]) 15 | 16 | dnl check for FFTW library presence 17 | PKG_CHECK_MODULES([FFTW3], [fftw3]) 18 | 19 | dnl check whether to build with crypto++ 20 | AC_ARG_WITH([cryptopp], 21 | [AS_HELP_STRING([--with-cryptopp], [Build algorithms that need Crypto++ support])]) 22 | 23 | dnl and check crypto++ 24 | AS_IF([test "x$with_cryptopp" != "xno"], [ 25 | PKG_PROG_PKG_CONFIG([0.25]) 26 | 27 | PKG_CHECK_MODULES([CRYPTOPP], [libcrypto++], [], [ 28 | AC_MSG_CHECKING([for libcrypto++ using known flags]) 29 | AC_LANG_PUSH([C++]) 30 | saved_LIBS="$LIBS" 31 | LIBS+=" -lcrypto++" 32 | AC_LINK_IFELSE([ 33 | AC_LANG_PROGRAM([#include ], [CryptoPP::NullRNG])], [ 34 | CRYPTOPP_LIBS="-lcrypto++" 35 | AC_MSG_RESULT([${CRYPTOPP_LIBS}]) 36 | ], [ 37 | AC_MSG_ERROR([Cannot find crypto++]) 38 | ]) 39 | LIBS="$saved_LIBS" 40 | AC_LANG_POP([C++]) 41 | ]) 42 | 43 | AC_DEFINE([HAVE_CRYPTOPP], [1], [Enable support for crypto++ routines]) 44 | ], [ 45 | AC_DEFINE([HAVE_CRYPTOPP], [0], [Enable support for crypto++ routines]) 46 | ]) 47 | 48 | dnl check for readpassphrase. If none is found, we use getpass (with a warning) 49 | AC_CHECK_HEADER([readpassphrase.h], 50 | [READPASSPHRASE=native], 51 | AC_CHECK_HEADER([bsd/readpassphrase.h], 52 | [READPASSPHRASE=bsd], 53 | [AC_MSG_WARN([falling back to obsoleted getpass(3)])])) 54 | 55 | AS_IF([test "x$READPASSPHRASE" = "xnative"],[ 56 | AC_DEFINE([HAVE_READPASSPHRASE], [1], [Enable readpassphrase])]) 57 | 58 | AS_IF([test "x$READPASSPHRASE" = "xbsd"],[ 59 | AC_DEFINE([HAVE_BSDREADPASSPHRASE], [1], [Enable bsdreadpassphrase]) 60 | AC_SEARCH_LIBS([readpassphrase], [bsd], [], [AC_MSG_ERROR([library for bsd/readpassphrase.h not found])])]) 61 | 62 | dnl check for standard functions 63 | AC_CHECK_FUNCS([memset mkdir], [], [AC_MSG_ERROR([Required function missing])]) 64 | 65 | dnl POSIX headers 66 | AC_CHECK_HEADERS([fcntl.h inttypes.h stddef.h stdlib.h string.h sys/file.h unistd.h], [], [AC_MSG_ERROR([Required header file missing])]) 67 | 68 | dnl other used stuff 69 | AC_TYPE_SIZE_T 70 | AC_TYPE_SSIZE_T 71 | AC_TYPE_UINT32_T 72 | AC_TYPE_UINT64_T 73 | AC_TYPE_UINT8_T 74 | 75 | AC_CONFIG_FILES([Makefile]) 76 | AC_OUTPUT 77 | -------------------------------------------------------------------------------- /doc/nums/README.md: -------------------------------------------------------------------------------- 1 | 2 | # Nothing Up My Sleeve 3 | 4 | For running of XSYND a great deal of random initialization material is needed; 5 | it's exactly around 32kbits of bitstream for parity-check matrices that needs 6 | to look uniformly random. Great candidate for hiding errors. 7 | 8 | This directory contains C programs that were used to generate the initial 9 | constants. Matrix A1 is filled with (binary) digits of `sqrt(2)-1`, A2 is made 10 | the same way from `sqrt(3)-1`. 11 | 12 | Compile with `-lgmp`. 13 | -------------------------------------------------------------------------------- /doc/nums/hexsqrt.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | 6 | int main (int argc, char**argv) 7 | { 8 | int param; 9 | char *output; 10 | mp_exp_t exp; 11 | mpf_t sqrt; 12 | 13 | if (argc < 2 || 14 | 1 != sscanf (argv[1], "%d", ¶m) || 15 | param < 2) return 1; 16 | 17 | mpf_set_default_prec (100000); 18 | mpf_init (sqrt); 19 | mpf_sqrt_ui (sqrt, param); 20 | 21 | output = mpf_get_str (NULL, &exp, 16, 0, sqrt); 22 | printf ("%.*s.%s\n", (int) exp, output, output + exp); 23 | 24 | free (output); 25 | mpf_clear (sqrt); 26 | 27 | return 0; 28 | } 29 | -------------------------------------------------------------------------------- /doc/papers/132.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/132.pdf -------------------------------------------------------------------------------- /doc/papers/179.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/179.pdf -------------------------------------------------------------------------------- /doc/papers/187.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/187.pdf -------------------------------------------------------------------------------- /doc/papers/2011_progress_report.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/2011_progress_report.pdf -------------------------------------------------------------------------------- /doc/papers/372.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/372.pdf -------------------------------------------------------------------------------- /doc/papers/409-1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/409-1.pdf -------------------------------------------------------------------------------- /doc/papers/44N.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/44N.pdf -------------------------------------------------------------------------------- /doc/papers/Algebraic_Geometric_Coding_Theory.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/Algebraic_Geometric_Coding_Theory.pdf -------------------------------------------------------------------------------- /doc/papers/Gerhard_Hoffmann.bachelor.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/Gerhard_Hoffmann.bachelor.pdf -------------------------------------------------------------------------------- /doc/papers/Goppa codes.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/Goppa codes.pdf -------------------------------------------------------------------------------- /doc/papers/Goppa.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/Goppa.pdf -------------------------------------------------------------------------------- /doc/papers/PQC-4.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/PQC-4.pdf -------------------------------------------------------------------------------- /doc/papers/PQC-S2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/PQC-S2.pdf -------------------------------------------------------------------------------- /doc/papers/SCC2010a.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/SCC2010a.pdf -------------------------------------------------------------------------------- /doc/papers/Sarwate77Complexity.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/Sarwate77Complexity.pdf -------------------------------------------------------------------------------- /doc/papers/Srivastava.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/Srivastava.pdf -------------------------------------------------------------------------------- /doc/papers/article-267.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/article-267.pdf -------------------------------------------------------------------------------- /doc/papers/berlekamp_trace.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/berlekamp_trace.pdf -------------------------------------------------------------------------------- /doc/papers/binarygoppatutorial.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/binarygoppatutorial.pdf -------------------------------------------------------------------------------- /doc/papers/biswas_phd.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/biswas_phd.pdf -------------------------------------------------------------------------------- /doc/papers/cfs_Landais.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/cfs_Landais.pdf -------------------------------------------------------------------------------- /doc/papers/cfs_implementation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/cfs_implementation.pdf -------------------------------------------------------------------------------- /doc/papers/cfs_qd.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/cfs_qd.pdf -------------------------------------------------------------------------------- /doc/papers/cfs_signature.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/cfs_signature.pdf -------------------------------------------------------------------------------- /doc/papers/cgg_signature.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/cgg_signature.pdf -------------------------------------------------------------------------------- /doc/papers/circfin.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/circfin.pdf -------------------------------------------------------------------------------- /doc/papers/coding_theory.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/coding_theory.pdf -------------------------------------------------------------------------------- /doc/papers/conway_gf2m.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/conway_gf2m.pdf -------------------------------------------------------------------------------- /doc/papers/courtois-finiasz-sendrier-isit02.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/courtois-finiasz-sendrier-isit02.pdf -------------------------------------------------------------------------------- /doc/papers/examples.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/examples.pdf -------------------------------------------------------------------------------- /doc/papers/fsb_hash.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/fsb_hash.pdf -------------------------------------------------------------------------------- /doc/papers/fujisaki-okamoto.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/fujisaki-okamoto.pdf -------------------------------------------------------------------------------- /doc/papers/gg_double_circulant.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/gg_double_circulant.pdf -------------------------------------------------------------------------------- /doc/papers/goppalist-20080706.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/goppalist-20080706.pdf -------------------------------------------------------------------------------- /doc/papers/goppalist-20081107.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/goppalist-20081107.pdf -------------------------------------------------------------------------------- /doc/papers/hamdi_attack.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/hamdi_attack.pdf -------------------------------------------------------------------------------- /doc/papers/hamdi_signature.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/hamdi_signature.pdf -------------------------------------------------------------------------------- /doc/papers/hash_signatures_2Mss.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/hash_signatures_2Mss.pdf -------------------------------------------------------------------------------- /doc/papers/hash_signatures_fmtseq.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/hash_signatures_fmtseq.pdf -------------------------------------------------------------------------------- /doc/papers/hashbasedcrypto.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/hashbasedcrypto.pdf -------------------------------------------------------------------------------- /doc/papers/irreducible_polys.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/irreducible_polys.pdf -------------------------------------------------------------------------------- /doc/papers/kobara-imai.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/kobara-imai.pdf -------------------------------------------------------------------------------- /doc/papers/kobara_enc_sig.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/kobara_enc_sig.pdf -------------------------------------------------------------------------------- /doc/papers/lengthhiding-corrected.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/lengthhiding-corrected.pdf -------------------------------------------------------------------------------- /doc/papers/linearized_polys.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/linearized_polys.pdf -------------------------------------------------------------------------------- /doc/papers/mcbits-20130616.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/mcbits-20130616.pdf -------------------------------------------------------------------------------- /doc/papers/mceliece-semantic.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/mceliece-semantic.pdf -------------------------------------------------------------------------------- /doc/papers/mceliece_qd_presentation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/mceliece_qd_presentation.pdf -------------------------------------------------------------------------------- /doc/papers/mdpc-impl.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/mdpc-impl.pdf -------------------------------------------------------------------------------- /doc/papers/mdpc.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/mdpc.pdf -------------------------------------------------------------------------------- /doc/papers/merkle1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/merkle1.pdf -------------------------------------------------------------------------------- /doc/papers/nsa-anti.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/nsa-anti.pdf -------------------------------------------------------------------------------- /doc/papers/nsa-nse-06.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/nsa-nse-06.pdf -------------------------------------------------------------------------------- /doc/papers/overview.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/overview.pdf -------------------------------------------------------------------------------- /doc/papers/ppi1748.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/ppi1748.pdf -------------------------------------------------------------------------------- /doc/papers/presentation-baretto.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/presentation-baretto.pdf -------------------------------------------------------------------------------- /doc/papers/qcmdpc_impl_slides.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/qcmdpc_impl_slides.pdf -------------------------------------------------------------------------------- /doc/papers/rootfinding.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/rootfinding.pdf -------------------------------------------------------------------------------- /doc/papers/shoup_factoring.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/shoup_factoring.pdf -------------------------------------------------------------------------------- /doc/papers/sphincs-20150202.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/sphincs-20150202.pdf -------------------------------------------------------------------------------- /doc/papers/strenghtening_parallel_cfs.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/strenghtening_parallel_cfs.pdf -------------------------------------------------------------------------------- /doc/papers/synd_cipher.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/synd_cipher.pdf -------------------------------------------------------------------------------- /doc/papers/thesis_pkcc.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/thesis_pkcc.pdf -------------------------------------------------------------------------------- /doc/papers/xsynd.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exaexa/codecrypt/08e8bd6f164565f5926ffbb0a4516f766c74773e/doc/papers/xsynd.pdf -------------------------------------------------------------------------------- /src/actions.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_actions_h_ 22 | #define _ccr_actions_h_ 23 | 24 | /* 25 | * actions = stuff the user can do. main() calls this accordingly to options 26 | */ 27 | #include 28 | #include "keyring.h" 29 | #include "algorithm.h" 30 | 31 | int action_gen_key (const std::string& algspec, const std::string&name, 32 | const std::string&symmetric, const std::string&withlock, 33 | bool armor, bool force_lock, 34 | keyring&, algorithm_suite&); 35 | 36 | /* 37 | * signatures/encryptions 38 | */ 39 | 40 | int action_encrypt (const std::string&recipient, bool armor, 41 | const std::string&symmetric, const std::string&withlock, 42 | keyring&, algorithm_suite&); 43 | 44 | int action_decrypt (bool armor, const std::string&symmetric, 45 | const std::string&withlock, keyring&, algorithm_suite&); 46 | 47 | int action_sign (const std::string&user, bool armor, const std::string&detach, 48 | bool clearsign, const std::string&symmetric, 49 | const std::string&withlock, keyring&, algorithm_suite&); 50 | 51 | int action_verify (bool armor, const std::string&detach, 52 | bool clearsign, bool yes, const std::string&symmetric, 53 | const std::string&withlock, keyring&, algorithm_suite&); 54 | 55 | int action_sign_encrypt (const std::string&user, const std::string&recipient, 56 | const std::string&withlock, bool armor, 57 | keyring&, algorithm_suite&); 58 | 59 | int action_decrypt_verify (bool armor, bool yes, const std::string&withlock, 60 | keyring&, algorithm_suite&); 61 | 62 | /* 63 | * keyring stuff 64 | */ 65 | 66 | int action_list (bool nice_fingerprint, const std::string&filter, 67 | keyring&); 68 | 69 | int action_import (bool armor, bool no_action, bool yes, bool fp, 70 | const std::string&filter, const std::string&name, 71 | keyring&); 72 | 73 | int action_export (bool armor, 74 | const std::string&filter, const std::string&name, 75 | keyring&); 76 | 77 | int action_delete (bool yes, const std::string&filter, keyring&); 78 | 79 | int action_rename (bool yes, 80 | const std::string&filter, const std::string&name, 81 | keyring&); 82 | 83 | 84 | int action_list_sec (bool nice_fingerprint, const std::string&filter, 85 | keyring&); 86 | 87 | int action_import_sec (bool armor, bool no_action, bool yes, bool fp, 88 | const std::string&filter, const std::string&name, 89 | keyring&); 90 | 91 | int action_export_sec (bool armor, bool yes, 92 | const std::string&filter, const std::string&name, 93 | keyring&); 94 | 95 | int action_delete_sec (bool yes, const std::string&filter, keyring&); 96 | 97 | int action_rename_sec (bool yes, 98 | const std::string&filter, const std::string&name, 99 | keyring&); 100 | 101 | int action_lock_sec (bool yes, 102 | const std::string&filter, 103 | const std::string&symmetric, 104 | const std::string&withlock, 105 | bool armor, 106 | keyring&); 107 | 108 | int action_unlock_sec (bool yes, 109 | const std::string&filter, 110 | const std::string&symmetric, 111 | const std::string&withlock, 112 | bool armor, 113 | keyring&); 114 | 115 | #endif 116 | -------------------------------------------------------------------------------- /src/algo_suite.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "algo_suite.h" 22 | 23 | #include "algos_enc.h" 24 | #include "algos_sig.h" 25 | 26 | void fill_algorithm_suite (algorithm_suite&s) 27 | { 28 | #define do_alg(x) static x var_##x ; var_##x.register_into_suite(s); 29 | 30 | #if HAVE_CRYPTOPP==1 31 | do_alg (algo_mceqcmdpc128); 32 | do_alg (algo_mceqcmdpc256); 33 | do_alg (algo_mceqcmdpc128cha); 34 | do_alg (algo_mceqcmdpc256cha); 35 | do_alg (algo_mceqcmdpc128xs); 36 | do_alg (algo_mceqcmdpc256xs); 37 | 38 | do_alg (algo_fmtseq128); 39 | do_alg (algo_fmtseq192); 40 | do_alg (algo_fmtseq256); 41 | do_alg (algo_fmtseq128h20); 42 | do_alg (algo_fmtseq192h20); 43 | do_alg (algo_fmtseq256h20); 44 | #endif //HAVE_CRYPTOPP==1 45 | do_alg (algo_mceqcmdpc128cube); 46 | do_alg (algo_mceqcmdpc256cube); 47 | do_alg (algo_mceqcmdpc128cubecha); 48 | do_alg (algo_mceqcmdpc256cubecha); 49 | do_alg (algo_mceqcmdpc128cubexs); 50 | do_alg (algo_mceqcmdpc256cubexs); 51 | 52 | do_alg (algo_fmtseq128cube); 53 | do_alg (algo_fmtseq192cube); 54 | do_alg (algo_fmtseq256cube); 55 | do_alg (algo_fmtseq128h20cube); 56 | do_alg (algo_fmtseq192h20cube); 57 | do_alg (algo_fmtseq256h20cube); 58 | #undef do_alg 59 | } 60 | -------------------------------------------------------------------------------- /src/algo_suite.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_algo_suite_h_ 22 | #define _ccr_algo_suite_h_ 23 | 24 | #include 25 | #include 26 | 27 | class algorithm; 28 | 29 | typedef std::map algorithm_suite; 30 | 31 | void fill_algorithm_suite (algorithm_suite&); 32 | #endif 33 | -------------------------------------------------------------------------------- /src/algorithm.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_algorithm_h_ 22 | #define _ccr_algorithm_h_ 23 | 24 | #include "algo_suite.h" 25 | #include "bvector.h" 26 | #include "prng.h" 27 | #include "sencode.h" 28 | 29 | /* 30 | * virtual interface definition for all cryptographic algorithm instances. 31 | * 32 | * Note that the whole class could be defined static, but we really enjoy 33 | * having the tiny virtual pointers stored in some cool structure along with 34 | * the handy algorithm name. 35 | */ 36 | 37 | class algorithm 38 | { 39 | public: 40 | virtual bool provides_signatures() = 0; 41 | virtual bool provides_encryption() = 0; 42 | 43 | virtual std::string get_alg_id() = 0; 44 | 45 | void register_into_suite (algorithm_suite&s) { 46 | s[this->get_alg_id()] = this; 47 | } 48 | 49 | /* 50 | * note that these functions should be ready for different 51 | * plaintext/ciphertext/message lengths, usually padding them somehow. 52 | */ 53 | virtual int encrypt (const bvector&plain, bvector&cipher, 54 | sencode* pubkey, prng&rng) { 55 | return -1; 56 | } 57 | 58 | virtual int decrypt (const bvector&cipher, bvector&plain, 59 | sencode* privkey) { 60 | return -1; 61 | } 62 | 63 | virtual int sign (const bvector&msg, bvector&sig, 64 | sencode** privkey, bool&dirty, prng&rng) { 65 | return -1; 66 | } 67 | 68 | virtual int verify (const bvector&sig, const bvector&msg, 69 | sencode* pubkey) { 70 | return -1; 71 | } 72 | 73 | virtual int create_keypair (sencode**pub, sencode**priv, prng&rng) { 74 | return -1; 75 | } 76 | }; 77 | 78 | #endif 79 | 80 | -------------------------------------------------------------------------------- /src/algos_enc.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_enc_algs_h_ 22 | #define _ccr_enc_algs_h_ 23 | 24 | #include "algorithm.h" 25 | 26 | #define mce_alg_class(name,alg_id) \ 27 | class algo_mce##name : public algorithm \ 28 | { \ 29 | public: \ 30 | bool provides_signatures() { \ 31 | return false; \ 32 | } \ 33 | bool provides_encryption() { \ 34 | return true; \ 35 | } \ 36 | std::string get_alg_id() { \ 37 | return (alg_id); \ 38 | } \ 39 | int encrypt (const bvector&plain, bvector&cipher, \ 40 | sencode* pubkey, prng&rng); \ 41 | int decrypt (const bvector&cipher, bvector&plain, \ 42 | sencode* privkey); \ 43 | int create_keypair (sencode**pub, sencode**priv, prng&rng); \ 44 | } 45 | 46 | #if HAVE_CRYPTOPP==1 47 | 48 | /* 49 | * SHA-based variants 50 | */ 51 | 52 | mce_alg_class (qcmdpc128, "MCEQCMDPC128FO-SHA256-ARCFOUR"); 53 | mce_alg_class (qcmdpc256, "MCEQCMDPC256FO-SHA512-ARCFOUR"); 54 | mce_alg_class (qcmdpc128cha, "MCEQCMDPC128FO-SHA256-CHACHA20"); 55 | mce_alg_class (qcmdpc256cha, "MCEQCMDPC256FO-SHA512-CHACHA20"); 56 | mce_alg_class (qcmdpc128xs, "MCEQCMDPC128FO-SHA256-XSYND"); 57 | mce_alg_class (qcmdpc256xs, "MCEQCMDPC256FO-SHA512-XSYND"); 58 | 59 | #endif //HAVE_CRYPTOPP==1 60 | 61 | /* 62 | * Cubehash-based variants 63 | */ 64 | 65 | mce_alg_class (qcmdpc128cube, "MCEQCMDPC128FO-CUBE256-ARCFOUR"); 66 | mce_alg_class (qcmdpc256cube, "MCEQCMDPC256FO-CUBE512-ARCFOUR"); 67 | mce_alg_class (qcmdpc128cubecha, "MCEQCMDPC128FO-CUBE256-CHACHA20"); 68 | mce_alg_class (qcmdpc256cubecha, "MCEQCMDPC256FO-CUBE512-CHACHA20"); 69 | mce_alg_class (qcmdpc128cubexs, "MCEQCMDPC128FO-CUBE256-XSYND"); 70 | mce_alg_class (qcmdpc256cubexs, "MCEQCMDPC256FO-CUBE512-XSYND"); 71 | #endif 72 | 73 | -------------------------------------------------------------------------------- /src/algos_sig.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "algos_sig.h" 22 | 23 | #include "fmtseq.h" 24 | #include "hash.h" 25 | #include "chacha.h" 26 | 27 | /* 28 | * DISCUSSION. 29 | * 30 | * Because the Merkle signatures "trapdoor" function isn't really trapdoor but 31 | * plain uninvertible, every message in the scheme MUST have exactly one 32 | * possible signature -- well there's no possibility to verify stuff 33 | * nondeterministically. That completely sucks, because we can't get any 34 | * coolness of "Probabilistic signature scheme" as known from RSA and others 35 | * with inversion possibilities. 36 | * 37 | * That basically means that plaintexts MUST be prepared in the way that the 38 | * signer knows they will never collide with anything he could want to sign (or 39 | * especially NOT want to sign). Hopefully this is a common practice for 40 | * digital signatures now. 41 | * 42 | * This scheme, apart from actual signature, protects against finding a 43 | * low-length hash collision (which isn't very hard, assuming general 44 | * availability of amounts of storage suitable for rainbow tables) by expanding 45 | * the message to a reasonable minimum length prior to hashing. Algorithm is 46 | * simple: 47 | * 48 | * 1. convert message from bvector to byte representation 49 | * 50 | * 2. if message is longer than the minimum length, forget padding :) 51 | * 52 | * 3. if it's shorter, use it as a seed for PRNG and pad it with PRNG output to 53 | * minimum length. 54 | * 55 | * Then hash it as usual, FMTSeq it, publish the signature, enjoy. 56 | */ 57 | 58 | #define MIN(a,b) ((a)<(b)?(a):(b)) 59 | 60 | typedef chacha20 padding_generator; 61 | 62 | static void msg_pad (const bvector&in, std::vector&out, size_t tgt_size) 63 | { 64 | uint i; 65 | 66 | in.to_bytes (out); 67 | if (out.size() >= tgt_size) return; 68 | 69 | padding_generator g; 70 | g.init (); 71 | //stuff in as much seed material as possible 72 | g.load_key_vector (out); 73 | 74 | i = out.size(); 75 | out.resize (tgt_size); 76 | for (; i < tgt_size; ++i) out[i] = g.gen(); 77 | } 78 | 79 | /* 80 | * actual signature stuff. 81 | */ 82 | 83 | template < int h, int l, int hs, 84 | class message_hash, class tree_hash, class generator > 85 | static int fmtseq_generic_sign (const bvector&msg, 86 | bvector&sig, 87 | sencode**privkey, 88 | bool&dirty, 89 | prng&rng) 90 | { 91 | //load the key 92 | fmtseq::privkey Priv; 93 | if (!Priv.unserialize (*privkey)) return 1; 94 | 95 | //check parameters 96 | if ( (Priv.h != h) || (Priv.l != l) 97 | || (Priv.hs != hs)) return 2; 98 | 99 | //prepare the message and hash it 100 | std::vector M, H; 101 | msg_pad (msg, M, hs); 102 | message_hash msghf; 103 | H = msghf (M); 104 | 105 | //convert to bvector 106 | bvector hash; 107 | hash.from_bytes (H); 108 | 109 | //make a signature 110 | tree_hash hf; 111 | generator g; 112 | if (Priv.sign (hash, sig, hf, g)) return 3; 113 | 114 | //if it went okay, refresh the privkey 115 | sencode* new_pk = Priv.serialize(); 116 | if (!new_pk) return 4; 117 | sencode_destroy (*privkey); 118 | *privkey = new_pk; 119 | dirty = true; 120 | 121 | //all OK. 122 | return 0; 123 | } 124 | 125 | template 126 | static int fmtseq_generic_verify (const bvector&sig, 127 | const bvector&msg, 128 | sencode*pubkey) 129 | { 130 | //load the key 131 | fmtseq::pubkey Pub; 132 | if (!Pub.unserialize (pubkey)) return 1; 133 | 134 | //check parameters 135 | if ( (Pub.H != h * l) || (Pub.hs != hs)) return 2; 136 | 137 | //prepare the message and hash it 138 | std::vector M, H; 139 | msg_pad (msg, M, hs); 140 | message_hash msghf; 141 | H = msghf (M); 142 | 143 | //convert to bvector 144 | bvector hash; 145 | hash.from_bytes (H); 146 | 147 | //check the signature 148 | tree_hash hf; 149 | if (Pub.verify (sig, hash, hf)) return 3; 150 | 151 | //otherwise the sig is okay! 152 | return 0; 153 | } 154 | 155 | template 156 | static int fmtseq_create_keypair (sencode**pub, sencode**priv, prng&rng) 157 | { 158 | fmtseq::pubkey Pub; 159 | fmtseq::privkey Priv; 160 | 161 | treehash hf; 162 | generator g; 163 | 164 | if (fmtseq::generate (Pub, Priv, rng, hf, g, hs, h, l)) 165 | return 1; 166 | 167 | *pub = Pub.serialize(); 168 | *priv = Priv.serialize(); 169 | return 0; 170 | } 171 | 172 | 173 | /* 174 | * actual instantiations 175 | */ 176 | 177 | #define fmtseq_create_funcs(name, h, l, hs, message_hash, tree_hash, generator) \ 178 | int algo_fmtseq##name::sign (const bvector&msg, \ 179 | bvector&sig, \ 180 | sencode**privkey, \ 181 | bool&dirty, \ 182 | prng&rng) \ 183 | { \ 184 | return fmtseq_generic_sign \ 185 | \ 186 | (msg, sig, privkey, dirty, rng); \ 187 | } \ 188 | int algo_fmtseq##name::verify (const bvector&sig, \ 189 | const bvector&msg, \ 190 | sencode*pubkey) \ 191 | { \ 192 | return fmtseq_generic_verify \ 193 | \ 194 | (sig, msg, pubkey); \ 195 | } \ 196 | int algo_fmtseq##name::create_keypair (sencode**pub, sencode**priv, prng&rng) \ 197 | { \ 198 | return fmtseq_create_keypair \ 199 | (pub, priv, rng); \ 200 | } 201 | 202 | 203 | #include "chacha.h" 204 | 205 | #if HAVE_CRYPTOPP==1 206 | 207 | #include "sha_hash.h" 208 | #include "rmd_hash.h" 209 | #include "tiger_hash.h" 210 | 211 | 212 | fmtseq_create_funcs (128, 4, 4, 256, sha256hash, rmd128hash, chacha20) 213 | fmtseq_create_funcs (192, 4, 4, 384, sha384hash, tiger192hash, chacha20) 214 | fmtseq_create_funcs (256, 4, 4, 512, sha512hash, sha256hash, chacha20) 215 | 216 | /* 217 | * h=20 variants for signature count 1048576. 218 | * 219 | * Chosen were parameters h=4,l=5 over the h=5,l=4 variant for smaller runtime 220 | * space needed, as signature time is not really a concern here. 221 | */ 222 | 223 | fmtseq_create_funcs (128h20, 4, 5, 256, sha256hash, rmd128hash, chacha20) 224 | fmtseq_create_funcs (192h20, 4, 5, 384, sha384hash, tiger192hash, chacha20) 225 | fmtseq_create_funcs (256h20, 4, 5, 512, sha512hash, sha256hash, chacha20) 226 | 227 | #endif //HAVE_CRYPTOPP==1 228 | 229 | /* 230 | * CubeHash variants of everything above. 231 | */ 232 | 233 | #include "cube_hash.h" 234 | 235 | fmtseq_create_funcs (128cube, 4, 4, 256, cube256hash, cube128hash, chacha20) 236 | fmtseq_create_funcs (192cube, 4, 4, 384, cube384hash, cube192hash, chacha20) 237 | fmtseq_create_funcs (256cube, 4, 4, 512, cube512hash, cube256hash, chacha20) 238 | 239 | /* 240 | * h=20 variants with cubehash. 241 | */ 242 | 243 | fmtseq_create_funcs (128h20cube, 4, 5, 256, cube256hash, cube128hash, chacha20) 244 | fmtseq_create_funcs (192h20cube, 4, 5, 384, cube384hash, cube192hash, chacha20) 245 | fmtseq_create_funcs (256h20cube, 4, 5, 512, cube512hash, cube256hash, chacha20) 246 | 247 | -------------------------------------------------------------------------------- /src/algos_sig.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_sig_algs_h_ 22 | #define _ccr_sig_algs_h_ 23 | 24 | #include "algorithm.h" 25 | 26 | #define fmtseq_alg_class(name,alg_id) \ 27 | class algo_fmtseq##name : public algorithm \ 28 | { \ 29 | public: \ 30 | bool provides_signatures() { \ 31 | return true; \ 32 | } \ 33 | bool provides_encryption() { \ 34 | return false; \ 35 | } \ 36 | std::string get_alg_id() { \ 37 | return (alg_id); \ 38 | } \ 39 | virtual int sign (const bvector&msg, bvector&sig, \ 40 | sencode** privkey, bool&dirty, prng&rng); \ 41 | virtual int verify (const bvector&sig, const bvector&msg, \ 42 | sencode* pubkey); \ 43 | int create_keypair (sencode**pub, sencode**priv, prng&rng); \ 44 | } 45 | 46 | #if HAVE_CRYPTOPP==1 47 | 48 | /* 49 | * SHA-2 and similar-based variants 50 | */ 51 | 52 | fmtseq_alg_class (128, "FMTSEQ128C-SHA256-RIPEMD128"); 53 | fmtseq_alg_class (192, "FMTSEQ192C-SHA384-TIGER192"); 54 | fmtseq_alg_class (256, "FMTSEQ256C-SHA512-SHA256"); 55 | fmtseq_alg_class (128h20, "FMTSEQ128H20C-SHA256-RIPEMD128"); 56 | fmtseq_alg_class (192h20, "FMTSEQ192H20C-SHA384-TIGER192"); 57 | fmtseq_alg_class (256h20, "FMTSEQ256H20C-SHA512-SHA256"); 58 | 59 | #endif //HAVE_CRYPTOPP==1 60 | 61 | 62 | /* 63 | * Cubehash variants 64 | */ 65 | 66 | fmtseq_alg_class (128cube, "FMTSEQ128C-CUBE256-CUBE128"); 67 | fmtseq_alg_class (192cube, "FMTSEQ192C-CUBE384-CUBE192"); 68 | fmtseq_alg_class (256cube, "FMTSEQ256C-CUBE512-CUBE256"); 69 | fmtseq_alg_class (128h20cube, "FMTSEQ128H20C-CUBE256-CUBE128"); 70 | fmtseq_alg_class (192h20cube, "FMTSEQ192H20C-CUBE384-CUBE192"); 71 | fmtseq_alg_class (256h20cube, "FMTSEQ256H20C-CUBE512-CUBE256"); 72 | 73 | #endif 74 | 75 | -------------------------------------------------------------------------------- /src/arcfour.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_rc4_h_ 22 | #define _ccr_rc4_h_ 23 | 24 | #include "sc.h" 25 | 26 | #include 27 | 28 | template 29 | class arcfour : public streamcipher 30 | { 31 | std::vector S; 32 | inttype I, J; 33 | inttype mask; 34 | public: 35 | void init () { 36 | size_t Ssize = 1 << bits; 37 | I = J = 0; 38 | S.resize (Ssize); 39 | mask = ~ (inttype) 0; 40 | if ( (inttype) (1 << bits) != 0) mask %= 1 << bits; 41 | for (size_t i = 0; i < Ssize; ++i) S[i] = i; 42 | } 43 | 44 | void clear() { 45 | init(); 46 | } 47 | 48 | //ugly byte padding with zeroes for streamcipher compatibility 49 | void load_key (const byte*begin, const byte*end) { 50 | inttype j, t; 51 | size_t i; 52 | const byte *keypos; 53 | 54 | //eat whole key iteratively, even if longer than permutation 55 | for (; begin < end; begin += mask + 1) { 56 | j = 0; 57 | for (i = 0, keypos = begin; 58 | i <= mask; 59 | ++i, ++keypos) { 60 | if (keypos >= end) keypos = begin; //rotate 61 | j = (j + S[i] + (*keypos)) & mask; 62 | t = S[j]; 63 | S[j] = S[i]; 64 | S[i] = t; 65 | } 66 | } 67 | 68 | discard (disc_bytes); 69 | } 70 | 71 | //this works on wide keys 72 | void load_wkey (const inttype*begin, const inttype*end) { 73 | inttype j, t; 74 | size_t i; 75 | const inttype *keypos; 76 | 77 | //eat whole key iteratively, even if longer than permutation 78 | for (; begin < end; begin += mask + 1) { 79 | j = 0; 80 | for (i = 0, keypos = begin; 81 | i <= mask; 82 | ++i, ++keypos) { 83 | if (keypos >= end) keypos = begin; //rotate 84 | j = (j + S[i] + (*keypos)) & mask; 85 | t = S[j]; 86 | S[j] = S[i]; 87 | S[i] = t; 88 | } 89 | } 90 | 91 | discard (disc_bytes); 92 | } 93 | 94 | inline byte gen() { 95 | return genw(); 96 | } 97 | 98 | inttype genw() { 99 | I = (I + 1) & mask; 100 | J = (J + S[I]) & mask; 101 | 102 | inttype t; 103 | t = S[J]; 104 | S[J] = S[I]; 105 | S[I] = t; 106 | 107 | return S[ (S[I] + S[J]) & mask]; 108 | } 109 | 110 | void gen (size_t n, byte*out) { 111 | if (out) 112 | for (size_t i = 0; i < n; ++i) out[i] = gen(); 113 | else 114 | for (size_t i = 0; i < n; ++i) gen(); 115 | } 116 | 117 | void genw (size_t n, inttype*out) { 118 | if (out) 119 | for (size_t i = 0; i < n; ++i) out[i] = genw(); 120 | else 121 | for (size_t i = 0; i < n; ++i) genw(); 122 | } 123 | 124 | void gen (size_t n, std::vector&out) { 125 | out.resize (n); 126 | gen (n, & (out[0])); 127 | } 128 | 129 | size_t key_size() { 130 | return 256; 131 | } 132 | 133 | size_t block_size() { 134 | return 1; 135 | } 136 | }; 137 | 138 | #endif 139 | 140 | -------------------------------------------------------------------------------- /src/base64.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "base64.h" 22 | 23 | static const unsigned char b64str[65] = 24 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 25 | static int b64d[256]; 26 | static bool b64d_init = false; 27 | 28 | void base64_encode (const std::string& in, std::string&out, int cols) 29 | { 30 | //note: it could be b64str[64], but we'd need -fpermissive 31 | unsigned int acc = 0; 32 | int accbits = 0, idx = 0, idxmax = in.length(), col = 0; 33 | out.clear(); 34 | out.reserve (idxmax + (2 * idxmax / 5)); //reserve around 140% 35 | while (idx < idxmax) { 36 | if (accbits < 6) { 37 | acc = (acc << 8) | (unsigned char) in[idx++]; 38 | accbits += 8; 39 | } 40 | while (accbits >= 6) { 41 | accbits -= 6; 42 | out.push_back (b64str[ (acc >> accbits) & 0x3f]); 43 | 44 | if (cols && ( (++col) >= cols)) { 45 | out.push_back ('\n'); 46 | col = 0; 47 | } 48 | } 49 | } 50 | if (accbits) { 51 | out.push_back (b64str[ (acc << (6 - accbits)) & 0x3f]); 52 | if (accbits == 2) out.push_back ('='); 53 | if (accbits <= 4) out.push_back ('='); 54 | } 55 | } 56 | 57 | static void init_b64d () 58 | { 59 | if (b64d_init) return; 60 | for (int i = 0; i < 256; ++i) b64d[i] = -1; 61 | for (int i = 0; i < 64; ++i) b64d[b64str[i]] = i; 62 | b64d_init = true; 63 | } 64 | 65 | static inline bool is_white (unsigned char c) 66 | { 67 | return (c == '\n') || (c == '\r') || (c == ' ') || (c == '\t'); 68 | } 69 | 70 | static inline bool is_b64 (unsigned char c) 71 | { 72 | return (c >= 'a' && c <= 'z') 73 | || (c >= 'A' && c <= 'Z') 74 | || (c >= '0' && c <= '9') 75 | || c == '+' || c == '/' 76 | || c == '='; 77 | } 78 | 79 | static void eat_white (const std::string&in, int&idx, int idxmax) 80 | { 81 | for (; (idx < idxmax) && is_white (in[idx]); ++idx); 82 | } 83 | 84 | static bool eat_4 (const std::string&in, int&idx, int idxmax, int a[4]) 85 | { 86 | for (int i = 0; i < 4; ++i) { 87 | eat_white (in, idx, idxmax); 88 | if ( (idx < idxmax) && is_b64 (in[idx])) 89 | a[i] = in[idx]; 90 | else return false; 91 | ++idx; 92 | } 93 | return true; 94 | } 95 | 96 | bool base64_decode (const std::string& in, std::string&out) 97 | { 98 | init_b64d(); 99 | 100 | int idx = 0, idxmax = in.length(); 101 | 102 | out.clear(); 103 | out.reserve (3 * in.length() / 4); 104 | 105 | //start parsing 106 | int c[4]; 107 | while (eat_4 (in, idx, idxmax, c)) { 108 | for (int i = 0; i < 4; ++i) { 109 | if (c[i] < 0 || c[i] >= 256) return false; 110 | c[i] = b64d[c[i]]; // '=' gets converted to -1 111 | } 112 | 113 | //consistency checks 114 | if ( (c[0] == -1) || (c[1] == -1)) return false; 115 | if ( (c[2] == -1) && (c[3] != -1)) return false; 116 | 117 | int tmp = (c[0] << 18) | (c[1] << 12); 118 | if (c[2] != -1) tmp |= c[2] << 6; 119 | if (c[3] != -1) tmp |= c[3]; 120 | 121 | out.push_back ( (tmp >> 16) & 0xff); 122 | 123 | if (c[2] != -1) // middle byte is valid 124 | out.push_back ( (tmp >> 8) & 0xff); 125 | 126 | if (c[3] != -1) // last byte is valid 127 | out.push_back (tmp & 0xff); 128 | else 129 | break; //there were ='s, terminate. 130 | } 131 | 132 | //there shouldn't be anything more than whitespace now 133 | eat_white (in, idx, idxmax); 134 | return idx == idxmax; 135 | } 136 | 137 | -------------------------------------------------------------------------------- /src/base64.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_base64_h_ 22 | #define _ccr_base64_h_ 23 | 24 | #include 25 | 26 | void base64_encode (const std::string& in, std::string&out, int cols = 76); 27 | bool base64_decode (const std::string& in, std::string&out); 28 | 29 | #endif 30 | 31 | -------------------------------------------------------------------------------- /src/bvector.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_bvector_h_ 22 | #define _ccr_bvector_h_ 23 | 24 | #include 25 | #include 26 | 27 | #include 28 | 29 | #include "types.h" 30 | #include "sencode.h" 31 | #include "vector_item.h" 32 | 33 | /* 34 | * vector over GF(2), in some cases usuable also as a polynomial over GF(2). 35 | * 36 | * Blocks of 64bit integers for kinda-efficiency. 37 | */ 38 | 39 | class polynomial; 40 | class gf2m; 41 | class bvector 42 | { 43 | public: 44 | /* 45 | * types 46 | */ 47 | 48 | struct const_reference { 49 | const bvector&bv; 50 | size_t offset; 51 | 52 | const_reference (const bvector&BV, size_t O) : bv (BV), offset (O) {} 53 | 54 | inline operator bool() const { 55 | return bv.get (offset); 56 | } 57 | }; 58 | 59 | struct reference { 60 | bvector&bv; 61 | size_t offset; 62 | 63 | reference (bvector&BV, size_t O) : bv (BV), offset (O) {} 64 | 65 | inline operator bool() const { 66 | return bv.get (offset); 67 | } 68 | 69 | inline reference& operator= (const reference&a) { 70 | bv.set (offset, (bool) a); 71 | return *this; 72 | } 73 | 74 | inline reference& operator= (bool val) { 75 | bv.set (offset, val); 76 | return *this; 77 | } 78 | }; 79 | 80 | typedef size_t size_type; 81 | 82 | private: 83 | /* 84 | * invariants: 85 | * unused data are filled with zeros 86 | * _data.size() == datasize(_size) 87 | */ 88 | 89 | std::vector _data; 90 | size_t _size; 91 | 92 | static inline size_t blockof (size_t s) { 93 | return s >> 6; 94 | } 95 | 96 | static inline size_t blockpos (size_t s) { 97 | return s & 0x3f; 98 | } 99 | 100 | static inline size_t datasize (size_t s) { 101 | if (s & 0x3f) return 1 + (s >> 6); 102 | return s >> 6; 103 | } 104 | 105 | 106 | protected: 107 | _ccr_declare_vector_item 108 | public: 109 | void fix_padding(); 110 | bvector() { 111 | _size = 0; 112 | } 113 | 114 | bvector (const bvector&a) : _data (a._data) { 115 | _size = a._size; 116 | } 117 | 118 | inline size_t size() const { 119 | return _size; 120 | } 121 | 122 | inline void clear() { 123 | _size = 0; 124 | _data.clear(); 125 | } 126 | 127 | inline void swap (bvector&a) { 128 | size_t s = _size; 129 | _size = a._size; 130 | a._size = s; 131 | 132 | _data.swap (a._data); 133 | } 134 | 135 | void resize (size_t size, bool def = false); 136 | 137 | inline void reserve (size_t size) { 138 | _data.reserve (datasize (size)); 139 | } 140 | 141 | inline void fill_ones (size_t from = 0) { 142 | fill_ones (from, _size); 143 | } 144 | 145 | void fill_ones (size_t from, size_t to); 146 | 147 | inline void fill_zeros (size_t from = 0) { 148 | fill_zeros (from, _size); 149 | } 150 | 151 | void fill_zeros (size_t from, size_t to); 152 | 153 | inline bool get (size_t i) const { 154 | return (_data[blockof (i)] >> blockpos (i)) & 1; 155 | } 156 | 157 | inline void set (size_t i, bool val) { 158 | if (val) set (i); 159 | else unset (i); 160 | } 161 | 162 | inline void set (size_t i) { 163 | _data[blockof (i)] |= ( (uint64_t) 1) << blockpos (i); 164 | } 165 | 166 | inline void unset (size_t i) { 167 | _data[blockof (i)] &= ~ ( ( (uint64_t) 1) << blockpos (i)); 168 | } 169 | 170 | inline void flip (size_t i) { 171 | _data[blockof (i)] = _data[blockof (i)] ^ ( ( (uint64_t) 1) << blockpos (i)); 172 | } 173 | 174 | inline const_reference operator[] (size_t pos) const { 175 | return const_reference (*this, pos); 176 | } 177 | 178 | inline reference operator[] (size_t pos) { 179 | return reference (*this, pos); 180 | } 181 | 182 | uint hamming_weight(); 183 | void append (const bvector&); 184 | void add (const bvector&); 185 | void add_offset (const bvector&, 186 | size_t offset_from, size_t offset_to, 187 | size_t cnt = 0); 188 | 189 | void add_offset (const bvector&, size_t offset_to); 190 | void add_range (const bvector&, size_t, size_t); 191 | void rot_add (const bvector&, size_t); 192 | void set_block (const bvector&, size_t); 193 | void get_block (size_t start, size_t cnt, bvector&) const; 194 | uint and_hamming_weight (const bvector&) const; 195 | 196 | inline bool operator* (const bvector&a) const { 197 | //dot product 198 | return and_hamming_weight (a) & 1; 199 | } 200 | 201 | bool zero() const; 202 | bool one() const; 203 | 204 | int degree(); 205 | void poly_strip(); 206 | bvector ext_gcd (const bvector&b, bvector&s, bvector&t); 207 | 208 | void from_poly_cotrace (const polynomial&, gf2m&); 209 | 210 | void colex_rank (bvector&) const; 211 | bool colex_unrank (bvector&, uint n, uint k) const; 212 | 213 | void to_string (std::string&) const; 214 | void to_bytes (std::vector&) const; 215 | 216 | bool to_string_check (std::string&s) const { 217 | if (size() & 7) return false; 218 | to_string (s); 219 | return true; 220 | } 221 | 222 | void from_string (const std::string&, size_t bits = 0); 223 | void from_bytes (const std::vector&, size_t bits = 0); 224 | 225 | sencode* serialize(); 226 | bool unserialize (sencode*); 227 | }; 228 | 229 | #endif 230 | -------------------------------------------------------------------------------- /src/chacha.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "chacha.h" 22 | 23 | void chacha_gen (const uint32_t*key, const uint32_t*counter, uint32_t*out) 24 | { 25 | uint32_t j[16], x[16]; 26 | int i; 27 | static const char sigma[] = "expand 32-byte k"; 28 | 29 | //key setup 30 | for (i = 0; i < 4; ++i) 31 | j[i] = ( (uint32_t*) sigma) [i]; //constants 32 | 33 | for (i = 0; i < 8; ++i) 34 | j[4 + i] = key[i]; //key material 35 | 36 | for (i = 0; i < 2; ++i) 37 | j[14 + i] = key[8 + i]; //part of key also counts as nonce 38 | 39 | for (i = 0; i < 2; ++i) 40 | j[12 + i] = counter[i]; //counter 41 | 42 | //rounds&mixing 43 | for (i = 0; i < 16; ++i) x[i] = j[i]; 44 | 45 | #define rotl32(val,n) \ 46 | (((uint32_t)((val)<<(n)))|((val)>>(32-(n)))) 47 | 48 | #define qtrround(a,b,c,d) \ 49 | x[a]=x[a]+x[b]; x[d]=rotl32(x[d]^x[a], 16); \ 50 | x[c]=x[c]+x[d]; x[b]=rotl32(x[b]^x[c], 12); \ 51 | x[a]=x[a]+x[b]; x[d]=rotl32(x[d]^x[a], 8); \ 52 | x[c]=x[c]+x[d]; x[b]=rotl32(x[b]^x[c], 7); 53 | 54 | for (i = 0; i < 10 /* lol quarterjoke */; ++i) { 55 | qtrround (0, 4, 8, 12); 56 | qtrround (1, 5, 9, 13); 57 | qtrround (2, 6, 10, 14); 58 | qtrround (3, 7, 11, 15); 59 | qtrround (0, 5, 10, 15); 60 | qtrround (1, 6, 11, 12); 61 | qtrround (2, 7, 8, 13); 62 | qtrround (3, 4, 9, 14); 63 | } 64 | 65 | //output the round 66 | for (i = 0; i < 16; ++i) out[i] = x[i] + j[i]; 67 | } 68 | 69 | void chacha_incr_counter (uint32_t*counter) 70 | { 71 | counter[0]++; 72 | if (!counter[0]) counter[1]++; 73 | } 74 | 75 | void chacha20::init() 76 | { 77 | for (int i = 0; i < 10; ++i) key[i] = 0; 78 | for (int i = 0; i < 2; ++i) counter[i] = 0; 79 | 80 | blockpos = 64; 81 | } 82 | 83 | void chacha20::load_key (const byte*begin, const byte*end) 84 | { 85 | if (begin >= end) return; //invalid usage 86 | 87 | byte *ckey = (byte*) key; 88 | byte *kp = ckey; 89 | const byte *b = begin; 90 | 91 | for (; b < end; ++b) { //stuff in whole key 92 | *kp = *b ^ *kp; 93 | if (++kp > ckey + 40) kp = ckey; 94 | } 95 | 96 | b = begin; 97 | for (; kp < ckey + 40; ++kp) { //fill up the rest 98 | *kp = *b ^*kp; 99 | if (++b == end) b = begin; 100 | } 101 | } 102 | 103 | byte chacha20::gen() 104 | { 105 | byte r; 106 | gen (1, &r); 107 | return r; 108 | } 109 | 110 | void chacha20::gen (size_t n, byte*out) 111 | { 112 | //empty the block buffer first 113 | while (n && blockpos < 64) { 114 | if (out) * (out++) = block[blockpos++]; 115 | else blockpos++; 116 | --n; 117 | } 118 | 119 | //fill in whole blocks 120 | while (n >= 64) { 121 | if (out) chacha_gen (key, counter, (uint32_t*) out); 122 | 123 | chacha_incr_counter (counter); 124 | out += 64; 125 | n -= 64; 126 | } 127 | 128 | if (!n) return; 129 | 130 | //generate the last truncated block 131 | blockpos = 0; 132 | chacha_gen (key, counter, (uint32_t*) block); 133 | chacha_incr_counter (counter); 134 | 135 | while (n) { 136 | if (out) * (out++) = block[blockpos++]; 137 | else blockpos++; 138 | --n; 139 | } 140 | } 141 | -------------------------------------------------------------------------------- /src/chacha.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_chacha_h_ 22 | #define _ccr_chacha_h_ 23 | 24 | #include "types.h" 25 | #include "sc.h" 26 | 27 | #include 28 | #include 29 | 30 | class chacha20 : public streamcipher 31 | { 32 | /* 33 | * This implementation uses Nonce as actual part of the key, as we do 34 | * not have any actual use for nonce-ing here. From that reason, keys 35 | * are 40byte (320bit). We always use the "32byte" expansion. 36 | */ 37 | 38 | public: 39 | uint32_t key[10]; 40 | uint32_t counter[2]; 41 | 42 | byte block[64]; 43 | int blockpos; //64 = no block data allocated 44 | 45 | void init(); 46 | 47 | void clear() { 48 | init(); 49 | } 50 | 51 | void load_key (const byte*begin, const byte*end); 52 | byte gen(); 53 | void gen (size_t n, byte*out); 54 | 55 | size_t key_size() { 56 | return 32 + 8; 57 | } 58 | 59 | size_t block_size() { 60 | return 64; 61 | } 62 | }; 63 | 64 | #endif 65 | -------------------------------------------------------------------------------- /src/cube_hash.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "cubehash_impl.h" 22 | 23 | #include "hash.h" 24 | 25 | template 26 | class cubehash : public hash_func 27 | { 28 | public: 29 | uint size() { 30 | return H; 31 | } 32 | 33 | std::vector operator() (const std::vector&a) { 34 | cubehash_state state; 35 | size_t i; 36 | 37 | state.init(); 38 | 39 | for (i = 0; i + B <= a.size(); i += B) 40 | state.process_block (a.data() + i); 41 | 42 | state.process_final_incomplete_block (a.data() + i, 43 | a.size() - i); 44 | 45 | std::vector result; 46 | result.resize (H, 0); 47 | state.get_hash (result.data()); 48 | return result; 49 | } 50 | }; 51 | 52 | template 53 | class cubehashproc : public hash_proc 54 | { 55 | cubehash_state state; 56 | byte buf[B]; 57 | int bpos; 58 | public: 59 | uint size() { 60 | return H; 61 | } 62 | 63 | void init() { 64 | state.init(); 65 | bpos = 0; 66 | } 67 | 68 | void eat (const byte*a, const byte*aend) { 69 | int apos = 0; 70 | int asize = aend - a; 71 | if (bpos) { 72 | for (; bpos < B && apos < asize; ++bpos, ++apos) 73 | buf[bpos] = a[apos]; 74 | if (bpos == B) { 75 | state.process_block (buf); 76 | bpos = 0; 77 | } 78 | } 79 | while (apos + B <= asize) { 80 | state.process_block (a + apos); 81 | apos += B; 82 | } 83 | for (; apos < asize; ++apos, ++bpos) 84 | buf[bpos] = a[apos]; 85 | } 86 | 87 | std::vector finish() { 88 | state.process_final_incomplete_block (buf, bpos); 89 | std::vector result; 90 | result.resize (H, 0); 91 | state.get_hash (result.data()); 92 | return result; 93 | } 94 | }; 95 | 96 | 97 | 98 | class cube128hash : public cubehash<16, 16, 32, 32, 16> {}; 99 | class cube192hash : public cubehash<16, 16, 32, 32, 24> {}; 100 | class cube256hash : public cubehash<16, 16, 32, 32, 32> {}; 101 | class cube384hash : public cubehash<16, 16, 32, 32, 48> {}; 102 | class cube512hash : public cubehash<16, 16, 32, 32, 64> {}; 103 | 104 | class cube128proc : public cubehashproc<16, 16, 32, 32, 16> {}; 105 | class cube192proc : public cubehashproc<16, 16, 32, 32, 24> {}; 106 | class cube256proc : public cubehashproc<16, 16, 32, 32, 32> {}; 107 | class cube384proc : public cubehashproc<16, 16, 32, 32, 48> {}; 108 | class cube512proc : public cubehashproc<16, 16, 32, 32, 64> {}; 109 | -------------------------------------------------------------------------------- /src/cubehash_impl.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_cubehash_impl_h_ 22 | #define _ccr_cubehash_impl_h_ 23 | 24 | #include "types.h" 25 | 26 | #include 27 | 28 | #define ROT(a,b,n) (((a) << (b)) | ((a) >> (n - b))) 29 | #define i16(cmd) for(i=0;i<16;++i) cmd; 30 | 31 | template < int I, //initialization rounds 32 | int R, //rounds 33 | int B, //input block size, less or equal 128 34 | int F, //finalization rounds 35 | int H > //output hash size in *bytes*, not bits! less or equal 128. 36 | class cubehash_state 37 | { 38 | uint32_t X[32]; //the state 39 | 40 | inline void rounds (uint n) { 41 | int i; 42 | uint32_t T[16]; 43 | for (; n; --n) { 44 | i16 (X[i + 16] += X[i]); 45 | i16 (T[i ^ 8] = X[i]); 46 | i16 (X[i] = ROT (T[i], 7, 32)); 47 | i16 (X[i] ^= X[i + 16]); 48 | i16 (T[i ^ 2] = X[i + 16]); 49 | i16 (X[i + 16] = T[i]); 50 | i16 (X[i + 16] += X[i]); 51 | i16 (T[i ^ 4] = X[i]); 52 | i16 (X[i] = ROT (T[i], 11, 32)); 53 | i16 (X[i] ^= X[i + 16]); 54 | i16 (T[i ^ 1] = X[i + 16]); 55 | i16 (X[i + 16] = T[i]); 56 | } 57 | } 58 | 59 | public: 60 | inline void init() { 61 | static bool iv_init = false; 62 | static uint32_t IV[32]; 63 | int i; 64 | 65 | if (iv_init) { 66 | for (i = 0; i < 32; ++i) X[i] = IV[i]; 67 | return; 68 | } 69 | 70 | X[0] = H; 71 | X[1] = B; 72 | X[2] = R; 73 | for (i = 3; i < 32; ++i) X[i] = 0; 74 | rounds (I); 75 | 76 | for (i = 0; i < 32; ++i) IV[i] = X[i]; 77 | iv_init = true; 78 | } 79 | 80 | void process_block (const byte*data) { 81 | 82 | int i; 83 | 84 | for (i = 0; i + 4 <= B; i += 4) 85 | #if __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ //allow a small speedup for LE architectures 86 | X[i / 4] ^= * (uint32_t*) &data[i]; 87 | #else 88 | X[i / 4] ^= (uint32_t) data[i] 89 | | ( (uint32_t) data[i + 1]) << 8 90 | | ( (uint32_t) data[i + 2]) << 16 91 | | ( (uint32_t) data[i + 3]) << 24; 92 | #endif 93 | 94 | for (; i < B; ++i) 95 | X[i / 4] ^= ( (uint32_t) (data[i])) << ( (i % 4) * 8); 96 | rounds (R); 97 | } 98 | 99 | void process_final_incomplete_block (const byte*data, int n) { 100 | 101 | int i; 102 | 103 | for (i = 0; i + 4 <= n; i += 4) 104 | #if __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ 105 | X[i / 4] ^= * (uint32_t*) &data[i]; 106 | #else 107 | X[i / 4] ^= (uint32_t) data[i] 108 | | ( (uint32_t) data[i + 1]) << 8 109 | | ( (uint32_t) data[i + 2]) << 16 110 | | ( (uint32_t) data[i + 3]) << 24; 111 | #endif 112 | 113 | for (; i < n; ++i) 114 | X[i / 4] ^= ( (uint32_t) (data[i])) << ( (i % 4) * 8); 115 | 116 | //i==n, n<128 (!) 117 | X[i / 4] ^= ( (uint32_t) 0x80) << ( (i % 4) * 8); 118 | 119 | rounds (R); 120 | 121 | //finalize 122 | X[31] ^= 1; 123 | rounds (F); 124 | } 125 | 126 | void get_hash (byte*out) { 127 | for (int i = 0; i < H; ++i) 128 | out[i] = (X[i / 4] >> ( (i % 4) * 8)) & 0xff; 129 | } 130 | }; 131 | 132 | #endif 133 | -------------------------------------------------------------------------------- /src/decoding.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_decoding_h_ 22 | #define _ccr_decoding_h_ 23 | 24 | #include 25 | #include "polynomial.h" 26 | #include "gf2m.h" 27 | #include "bvector.h" 28 | 29 | void compute_alternant_error_locator (polynomial&syndrome, 30 | gf2m&fld, 31 | uint tt, 32 | polynomial&loc); 33 | 34 | bool evaluate_error_locator_trace (polynomial&el, bvector&ev, gf2m&fld); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /src/envelope.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "envelope.h" 22 | 23 | /* 24 | * helpers 25 | */ 26 | 27 | inline static bool acceptable_char (char c) 28 | { 29 | return 30 | (c >= 'a' && c <= 'z') || 31 | (c >= 'A' && c <= 'Z') || 32 | (c >= '0' && c <= '9') || 33 | c == '_' || c == '.'; 34 | } 35 | 36 | static bool acceptable_id (const std::string&a) 37 | { 38 | if (!a.length()) return false; 39 | for (size_t i = 0; i < a.length(); ++i) 40 | if (!acceptable_char (a[i])) return false; 41 | return true; 42 | } 43 | 44 | /* 45 | * how do the ascii envelopes look like? 46 | * 47 | * similarly to PGP: 48 | * 49 | * ------ccr begin typeident termident------ 50 | * data 51 | * ------ccr cut typeident termident------ 52 | * next part data 53 | * ------ccr cut typeident termident------ 54 | * other next part data 55 | * ------ccr end typeident termident------ 56 | * 57 | * To distinguish ourselves from PGP, we use six dashes and prefixed CCR name. 58 | * No version information is supplied - versioning should be contained 59 | * preferably in typeident, e.g. like "message" "better_message" and 60 | * "bettermessage_version3.5". 61 | * 62 | * Cleartext two-part messages and similar evil sorceries are generalized to 63 | * multipart messages using the "part cut". 64 | * 65 | * Also, to prevent cleartext embedding conflicts, we add termident, which is 66 | * basically a random string of letters and numbers that serves as a mark that 67 | * must be the same on the begin and end. 68 | * 69 | * Also also, there's always newline before cut/end, even if there already is a 70 | * newline from previous cut. Therefore, size 0 section looks like it has an 71 | * empty line inside. 72 | */ 73 | 74 | size_t envelope_read (const std::string&data, size_t offset, 75 | std::string&out_type, 76 | std::vector&out_parts) 77 | { 78 | for (;;) { 79 | //try to find begin mark. 80 | std::string 81 | begin_prefix = "------ccr begin ", 82 | begin_suffix = "------\n"; 83 | size_t begin = data.find (begin_prefix, offset); 84 | 85 | //nothing possible found, die. 86 | if (begin == data.npos) return 0; 87 | 88 | //verify it's on the beginning of the line 89 | if (begin > 0) if (data[begin - 1] != '\n') { 90 | offset += begin_prefix.length(); 91 | continue; 92 | } 93 | 94 | //try to parse the typeident and termident 95 | std::string type, term; 96 | offset = begin + begin_prefix.length(); 97 | 98 | //find and verify possible positions of type and term strings 99 | size_t eoterm, eotype; 100 | 101 | eotype = data.find (' ', offset); 102 | if (eotype == data.npos) continue; 103 | 104 | eoterm = data.find (begin_suffix, eotype + 1); 105 | 106 | if (eoterm == data.npos) continue; 107 | 108 | type = data.substr (offset, eotype - offset); 109 | term = data.substr (eotype + 1, eoterm - eotype - 1); 110 | 111 | //verify that type&term are only of acceptable characters 112 | if (!acceptable_id (type) || !acceptable_id (term)) 113 | continue; 114 | 115 | offset = eoterm + begin_suffix.length(); 116 | 117 | //read all sections 118 | std::string 119 | cut_sep = "\n------ccr cut " + type + " " + term + "------\n", 120 | end_sep = "\n------ccr end " + type + " " + term + "------\n"; 121 | 122 | out_parts.clear(); 123 | 124 | bool retry = false; 125 | for (;;) { 126 | //find closest cut or sep 127 | size_t cut_pos = data.find (cut_sep, offset), 128 | end_pos = data.find (end_sep, offset); 129 | 130 | if (end_pos == data.npos) { 131 | //can't even find end, don't care about cut_pos 132 | retry = true; 133 | break; 134 | } 135 | 136 | if (cut_pos != data.npos && cut_pos < end_pos) { 137 | //there is cut 138 | out_parts.push_back 139 | (data.substr (offset, cut_pos - offset)); 140 | } else { 141 | //no cut, it's till the end 142 | out_parts.push_back 143 | (data.substr (offset, end_pos - offset)); 144 | } 145 | 146 | if (cut_pos == data.npos) { 147 | //it was end_pos, finished! 148 | offset = end_pos + end_sep.length(); 149 | break; 150 | } else { 151 | //move offset for next search 152 | offset = cut_pos + cut_sep.length(); 153 | } 154 | } 155 | 156 | if (retry) continue; 157 | 158 | //return type and modified offset 159 | out_type = type; 160 | return offset; 161 | } 162 | } 163 | 164 | /* 165 | * The Much Simpler Envelope Formatter! 166 | */ 167 | 168 | static void gen_random_term (std::string&out, prng&rng, size_t length) 169 | { 170 | //this could be longer, but don't generate absolute mess. 171 | static const char letters[] = "abcdefghijklmnopqrstuvwxyz0123456789"; 172 | 173 | out.resize (length); 174 | for (size_t i = 0; i < length; ++i) { 175 | out[i] = letters[rng.random (36)]; 176 | } 177 | } 178 | 179 | std::string envelope_format (const std::string&type, 180 | const std::vector& parts, 181 | prng&rng) 182 | { 183 | 184 | for (;;) { 185 | std::string term; 186 | gen_random_term (term, rng, 16); 187 | 188 | std::string 189 | cut_sep = "\n------ccr cut " + type + " " + term + "------\n", 190 | end_sep = "\n------ccr end " + type + " " + term + "------\n"; 191 | 192 | //check whether there's no collision with boundary 193 | bool good = true; 194 | std::vector::const_iterator i, e; 195 | for (i = parts.begin(), e = parts.end(); i != e; ++i) { 196 | if (i->find (cut_sep) != i->npos || 197 | i->find (end_sep) != i->npos) { 198 | good = false; 199 | break; 200 | } 201 | } 202 | if (!good) continue; //retry generating the termident mark 203 | 204 | //now construct the result 205 | std::string 206 | res = "------ccr begin " + type + " " + term + "------\n"; 207 | 208 | if (parts.size() > 0) { 209 | res += parts[0]; 210 | for (i = parts.begin() + 1, e = parts.end(); 211 | i != e; ++i) { 212 | res += cut_sep; 213 | res += *i; 214 | } 215 | } 216 | res += end_sep; 217 | 218 | return res; 219 | } 220 | } 221 | 222 | bool envelope_lookalike (const std::string&data) 223 | { 224 | return data.find ("------ccr begin ") != data.npos; 225 | } 226 | -------------------------------------------------------------------------------- /src/envelope.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_envelope_h_ 22 | #define _ccr_envelope_h_ 23 | 24 | #include 25 | #include 26 | 27 | #include "prng.h" 28 | 29 | /* 30 | * Tool for finding envelopes in ascii/utf-8 text. 31 | * 32 | * We simply don't care about wide chars in text, UTF-16+, nor conflicting 33 | * encodings, nor any similar abominations. 34 | * 35 | * envelope_get tries to find an envelope in text data, starting from offset, 36 | * returning the offset of first possible following envelope or 0 if nothing 37 | * usuable was found. 38 | * 39 | * Finally, no one wants to see CRLF line endings here. Ever. ffs. 40 | */ 41 | 42 | size_t envelope_read (const std::string& data, size_t offset, 43 | std::string&out_type, 44 | std::vector&out_parts); 45 | 46 | /* 47 | * this simply formats a compatible envelope 48 | */ 49 | std::string envelope_format (const std::string&type, 50 | const std::vector& parts, 51 | prng&rng); 52 | 53 | /* 54 | * guesses whether input looks like an envelope 55 | */ 56 | bool envelope_lookalike (const std::string&); 57 | 58 | 59 | #endif 60 | -------------------------------------------------------------------------------- /src/factoryof.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_factoryof_h_ 22 | #define _ccr_factoryof_h_ 23 | 24 | /* 25 | * This is a generic tool for safe spawning of instances of various derived 26 | * ciphers on the fly. 27 | */ 28 | 29 | template 30 | class instanceof 31 | { 32 | base_type*ptr; 33 | bool deletable; 34 | public: 35 | base_type& operator*() { 36 | return *ptr; 37 | } 38 | const base_type& operator*() const { 39 | return *ptr; 40 | } 41 | 42 | base_type* operator->() { 43 | return ptr; 44 | } 45 | const base_type* operator->() const { 46 | return ptr; 47 | } 48 | 49 | instanceof (base_type*p) : ptr (p), deletable (false) {} 50 | instanceof (const instanceof&x) : ptr (x.ptr), deletable (false) {} 51 | instanceof () { 52 | deletable = false; 53 | ptr = 0; 54 | } 55 | 56 | void collect() { 57 | deletable = true; 58 | } 59 | void forget() { 60 | deletable = false; 61 | } 62 | 63 | ~instanceof() { 64 | if (deletable) delete ptr; 65 | } 66 | }; 67 | 68 | template class factoryof; 69 | 70 | template 71 | class factoryof : public factoryof 72 | { 73 | public: 74 | base_type* get() { 75 | return new derived_type; 76 | } 77 | }; 78 | 79 | template 80 | class factoryof 81 | { 82 | public: 83 | virtual base_type* get() = 0; 84 | }; 85 | 86 | #endif 87 | -------------------------------------------------------------------------------- /src/fft.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "fft.h" 22 | 23 | #include 24 | #include 25 | #include 26 | 27 | /* 28 | * FFTW wraparound for performing fast multiplication of cyclic matrices. 29 | * 30 | * It would probably be cool to save wisdom manually or generate better plans, 31 | * but since we're usually doing less than 10 FFTs for each run of codecrypt, 32 | * the thing doesn't pay off. Feel free to implement it. 33 | */ 34 | 35 | #include "iohelpers.h" 36 | 37 | void fft (bool forward, std::vector&in, std::vector&out) 38 | { 39 | fftw_plan p; 40 | out.resize (in.size(), dcx (0, 0)); 41 | 42 | p = fftw_plan_dft_1d (in.size(), 43 | //Cin, Cout, 44 | reinterpret_cast (in.data()), 45 | reinterpret_cast (out.data()), 46 | forward ? FFTW_FORWARD : FFTW_BACKWARD, 47 | FFTW_ESTIMATE); 48 | 49 | if (!forward) 50 | for (size_t i = 0; i < out.size(); ++i) 51 | out[i] /= (double) out.size(); 52 | 53 | fftw_execute (p); 54 | fftw_destroy_plan (p); 55 | } 56 | 57 | void fft (bvector&inb, std::vector&out) 58 | { 59 | std::vector in; 60 | in.resize (inb.size(), dcx (0, 0)); 61 | for (size_t i = 0; i < inb.size(); ++i) if (inb[i]) in[i] = dcx (1, 0); 62 | fft (true, in, out); 63 | } 64 | 65 | void fft (std::vector&in, bvector&outb) 66 | { 67 | std::vector out; 68 | fft (false, in, out); 69 | outb.resize (out.size()); 70 | outb.fill_zeros(); 71 | for (size_t i = 0; i < out.size(); ++i) 72 | if (1 & (int) round (out[i].real())) outb[i] = 1; 73 | } 74 | -------------------------------------------------------------------------------- /src/fft.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_fft_h_ 22 | #define _ccr_fft_h_ 23 | 24 | #include "bvector.h" 25 | #include 26 | 27 | typedef std::complex dcx; 28 | void fft (bool forward, std::vector&in, std::vector&out); 29 | 30 | //direct conversion from/to GF(2) 31 | void fft (bvector&in, std::vector&out); 32 | void fft (std::vector&in, bvector&out); 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /src/fmtseq.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_fmtseq_h_ 22 | #define _ccr_fmtseq_h_ 23 | 24 | #include 25 | #include 26 | #include "types.h" 27 | #include "bvector.h" 28 | #include "sencode.h" 29 | #include "hash.h" 30 | #include "prng.h" 31 | #include "sc.h" 32 | 33 | /* 34 | * FMTseq - Merkle signatures with fractal tree traversal, using original 35 | * Lamport signatures for speed. 36 | */ 37 | namespace fmtseq 38 | { 39 | 40 | //helper function used to calculate hash sizes percisely 41 | inline uint fmtseq_commitments (uint l) 42 | { 43 | uint x = l; 44 | while (x) { 45 | ++l; 46 | x >>= 1; 47 | } 48 | return l; 49 | } 50 | 51 | class privkey 52 | { 53 | public: 54 | std::vector SK; //secret key 55 | uint h, l; //l=level count, h=level height (root-leaf path length) 56 | //therefore, H = h*l 57 | uint sigs_used; 58 | uint hs; 59 | 60 | //FMT caches 61 | std::vector > > exist, desired; 62 | 63 | struct tree_stk_item { 64 | uint level, pos; 65 | std::vector item; 66 | tree_stk_item() {} 67 | tree_stk_item (uint L, uint P, std::vector i) 68 | : level (L), pos (P), item (i) {} 69 | 70 | sencode* serialize(); 71 | bool unserialize (sencode*); 72 | }; 73 | std::vector > desired_stack; 74 | std::vector desired_progress; 75 | 76 | int sign (const bvector&, bvector&, hash_func&, streamcipher&); 77 | 78 | uint sigs_remaining() { 79 | return (1 << (h * l)) - sigs_used; 80 | } 81 | 82 | uint hash_size () { 83 | return hs; 84 | } 85 | 86 | uint signature_size (hash_func&hf) { 87 | return ( (h * l + fmtseq_commitments (hs)) * hf.size() * 8) 88 | + (h * l); 89 | } 90 | 91 | sencode* serialize(); 92 | bool unserialize (sencode*); 93 | }; 94 | 95 | class pubkey 96 | { 97 | public: 98 | std::vector check; //tree top verification hash 99 | uint H, hs; 100 | 101 | int verify (const bvector&, const bvector&, hash_func&); 102 | 103 | uint hash_size () { 104 | return hs; 105 | } 106 | 107 | uint signature_size (hash_func&hf) { 108 | return ( (H + fmtseq_commitments (hs)) * hf.size() * 8) + H; 109 | } 110 | 111 | sencode* serialize(); 112 | bool unserialize (sencode*); 113 | }; 114 | 115 | int generate (pubkey&, privkey&, prng&, hash_func&, streamcipher&, 116 | uint hs, uint h, uint l); 117 | } 118 | 119 | #endif 120 | -------------------------------------------------------------------------------- /src/generator.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2017 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "generator.h" 22 | #include "iohelpers.h" 23 | 24 | #include 25 | #include 26 | 27 | #include //for strerror 28 | #include //for getenv 29 | 30 | static inline uint bytes (uint bits) 31 | { 32 | return (bits >> 3) + ( (bits & 7) ? 1 : 0); 33 | } 34 | 35 | bool ccr_rng::seed (uint bits, bool quick) 36 | { 37 | std::vector s; 38 | std::ifstream f; 39 | 40 | uint b = bytes (bits); 41 | if (b > 256) b = 256; 42 | 43 | char*user_source = getenv ("CCR_RANDOM_SEED"); 44 | std::string seed_source = user_source ? user_source : 45 | quick ? "/dev/urandom" : 46 | "/dev/random"; 47 | 48 | f.open (seed_source, std::ios::in | std::ios::binary); 49 | if (!f.good()) { 50 | err ("opening " << seed_source << " failed: " 51 | << strerror (errno)); 52 | return false; 53 | } 54 | s.resize (b); 55 | for (uint i = 0; i < b; ++i) f >> s[i]; 56 | f.close(); 57 | 58 | r.load_key_vector (s); 59 | return true; 60 | } 61 | 62 | -------------------------------------------------------------------------------- /src/generator.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2017 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_generator_h_ 22 | #define _ccr_generator_h_ 23 | 24 | #include "chacha.h" 25 | #include "prng.h" 26 | 27 | #include 28 | 29 | class ccr_rng : public prng 30 | { 31 | public: 32 | typedef uint64_t randmax_t; 33 | 34 | chacha20 r; 35 | 36 | ccr_rng() { 37 | r.init (); 38 | } 39 | 40 | ~ccr_rng() { 41 | r.clear(); 42 | } 43 | 44 | bool seed (uint bits, bool quick = true); 45 | 46 | uint random (uint n) { 47 | randmax_t i; 48 | r.gen (sizeof (randmax_t), (byte*) &i); 49 | return i % n; 50 | } 51 | }; 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /src/gf2m.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "gf2m.h" 22 | 23 | /* 24 | * helpful stuff for arithmetic in GF(2^m) - polynomials over GF(2). 25 | */ 26 | 27 | int gf2p_degree (uint p) 28 | { 29 | int r = 0; 30 | while (p) { 31 | ++r; 32 | p >>= 1; 33 | } 34 | return r - 1; 35 | } 36 | 37 | uint gf2p_mod (uint a, uint p) 38 | { 39 | if (!p) return 0; 40 | int t, degp = gf2p_degree (p); 41 | while ( (t = gf2p_degree (a)) >= degp) { 42 | a ^= (p << (t - degp)); 43 | } 44 | return a; 45 | } 46 | 47 | uint gf2p_gcd (uint a, uint b) 48 | { 49 | if (!a) return b; 50 | while (b) { 51 | uint c = gf2p_mod (a, b); 52 | a = b; 53 | b = c; 54 | } 55 | return a; 56 | } 57 | 58 | uint gf2p_modmult (uint a, uint b, uint p) 59 | { 60 | a = gf2p_mod (a, p); 61 | b = gf2p_mod (b, p); 62 | uint r = 0; 63 | uint d = 1 << gf2p_degree (p); 64 | if (b) while (a) { 65 | if (a & 1) r ^= b; 66 | a >>= 1; 67 | b <<= 1; 68 | if (b >= d) b ^= p; 69 | } 70 | return r; 71 | } 72 | 73 | bool is_irreducible_gf2_poly (uint p) 74 | { 75 | if (!p) return false; 76 | int d = gf2p_degree (p) / 2; 77 | uint test = 2; //x^1+0 78 | for (int i = 1; i <= d; ++i) { 79 | test = gf2p_modmult (test, test, p); 80 | 81 | if (gf2p_gcd (test ^ 2 /* test - x^1 */, p) != 1) 82 | return false; 83 | } 84 | return true; 85 | } 86 | 87 | bool gf2m::create (uint M) 88 | { 89 | if (M < 1) return false; //too small. 90 | m = M; 91 | n = 1 << m; 92 | if (!n) return false; //too big. 93 | poly = 0; 94 | 95 | /* 96 | * find a conway polynomial for given degree. First we "filter out" the 97 | * possibilities that cannot be conway (reducible ones), then we check 98 | * that Z2[x]/poly is a field. 99 | */ 100 | for (uint t = (1 << m) + 1, e = 1 << (m + 1); t < e; t += 2) { 101 | 102 | if (!is_irreducible_gf2_poly (t)) continue; 103 | 104 | //try to prepare log and antilog tables 105 | log.resize (n, 0); 106 | antilog.resize (n, 0); 107 | log[0] = n - 1; 108 | antilog[n - 1] = 0; 109 | 110 | uint i, xi = 1; //x^0 111 | for (i = 0; i < n - 1; ++i) { 112 | if (log[xi] != 0) { //not a cyclic group 113 | log.clear(); 114 | antilog.clear(); 115 | break; 116 | } 117 | log[xi] = i; 118 | antilog[i] = xi; 119 | 120 | xi <<= 1; //multiply by x 121 | xi = gf2p_mod (xi, t); 122 | } 123 | 124 | //if it broke... 125 | if (i < n - 1) continue; 126 | poly = t; 127 | break; 128 | } 129 | 130 | if (!poly) return false; 131 | 132 | return true; 133 | } 134 | -------------------------------------------------------------------------------- /src/gf2m.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_gf2m_h_ 22 | #define _ccr_gf2m_h_ 23 | 24 | #include 25 | #include "types.h" 26 | #include "sencode.h" 27 | 28 | /* 29 | * galois field of 2^m elements. Stored in an integer, for convenience. 30 | */ 31 | 32 | class gf2m 33 | { 34 | public: 35 | uint poly; 36 | uint n, m; 37 | 38 | bool create (uint m); 39 | 40 | std::vector log, antilog; 41 | 42 | inline uint add (uint a, uint b) { 43 | return a ^ b; 44 | } 45 | 46 | inline uint mult (uint a, uint b) { 47 | if (! (a && b)) return 0; 48 | return antilog[ (log[a] + log[b]) % (n - 1)]; 49 | } 50 | 51 | inline uint exp (uint a, int k) { 52 | if (!a) return 0; 53 | return antilog[ (log[a] * k) % (n - 1)]; 54 | } 55 | 56 | inline uint exp (int k) { 57 | //return x^k 58 | return exp (1 << 1, k); 59 | } 60 | 61 | inline uint inv (uint a) { 62 | if (!a) return 0; 63 | return antilog[ (n - 1 - log[a]) % (n - 1)]; 64 | } 65 | 66 | inline uint inv_square (uint a) { 67 | if (!a) return 0; 68 | return antilog[ (2 * (n - 1 - log[a])) 69 | % (n - 1)]; 70 | } 71 | 72 | inline uint div (uint a, uint b) { 73 | if (! (a && b)) return 0; 74 | return antilog[ (n - 1 - log[b] + log[a]) 75 | % (n - 1)]; 76 | } 77 | 78 | inline uint sq_root (uint a) { 79 | if (!a) return 0; 80 | uint t = log[a]; 81 | if (t % 2) return antilog[ (t + n - 1) >> 1]; 82 | else return antilog[t >> 1]; 83 | } 84 | 85 | sencode* serialize(); 86 | bool unserialize (sencode*); 87 | 88 | //optimized part of creating alternant check matrix 89 | template 90 | inline void add_mults (uint base, uint step, iter begin, iter end) { 91 | if (begin == end || base == 0) return; 92 | 93 | *begin = add (*begin, base); 94 | ++begin; 95 | 96 | if (begin == end || step == 0) return; 97 | 98 | uint lb = log[base], ls = log[step]; 99 | 100 | for (; begin != end; ++begin) { 101 | lb = (lb + ls) % (n - 1); 102 | *begin = add (*begin, antilog[lb]); 103 | } 104 | } 105 | }; 106 | 107 | #endif 108 | -------------------------------------------------------------------------------- /src/hash.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "hash.h" 22 | 23 | #include "str_match.h" 24 | 25 | #include "sha_hash.h" 26 | #include "rmd_hash.h" 27 | #include "tiger_hash.h" 28 | #include "cube_hash.h" 29 | 30 | hash_proc::suite_t& hash_proc::suite() 31 | { 32 | static suite_t s; 33 | 34 | #define do_hash(name,type) \ 35 | static factoryof type##_var; \ 36 | s[to_unicase(name)]=&type##_var; 37 | 38 | if (s.empty()) { 39 | do_hash ("CUBE512", cube512proc); 40 | #if HAVE_CRYPTOPP==1 41 | do_hash ("RIPEMD128", rmd128proc); 42 | do_hash ("TIGER192", tiger192proc); 43 | do_hash ("SHA256", sha256proc); 44 | do_hash ("SHA512", sha512proc); 45 | #endif 46 | } 47 | 48 | return s; 49 | } 50 | -------------------------------------------------------------------------------- /src/hash.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_hash_h_ 22 | #define _ccr_hash_h_ 23 | 24 | #include 25 | #include 26 | #include 27 | #include "types.h" 28 | #include "factoryof.h" 29 | 30 | /* 31 | * hash-providing functor class, meant to be instantiated by user. 32 | */ 33 | class hash_func 34 | { 35 | public: 36 | virtual std::vector operator() (const std::vector&) = 0; 37 | virtual uint size() = 0; //in bytes 38 | }; 39 | 40 | class hash_proc 41 | { 42 | public: 43 | virtual uint size() = 0; 44 | virtual void init() = 0; 45 | 46 | virtual void eat (const byte*begin, const byte*end) = 0; 47 | virtual std::vector finish() = 0; 48 | virtual ~hash_proc() {} 49 | 50 | void eat (const std::vector&a) { 51 | return eat (a.data(), a.data() + a.size()); 52 | } 53 | 54 | typedef std::map*> suite_t; 55 | static suite_t& suite(); 56 | 57 | virtual bool cryptographically_significant() { 58 | return true; 59 | } 60 | }; 61 | 62 | #endif 63 | 64 | -------------------------------------------------------------------------------- /src/hashfile.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "hashfile.h" 22 | 23 | #include 24 | #include 25 | 26 | #include "hash.h" 27 | #include "iohelpers.h" 28 | 29 | /* 30 | * helper -- size measurement is a kindof-hash as well 31 | */ 32 | 33 | class size64proc : public hash_proc 34 | { 35 | uint64_t s; 36 | 37 | public: 38 | size64proc() { 39 | init(); 40 | } 41 | 42 | uint size() { 43 | return 8; 44 | } 45 | 46 | void init() { 47 | s = 0; 48 | } 49 | 50 | void eat (const byte*a, const byte*aend) { 51 | s += aend - a; 52 | } 53 | 54 | std::vector finish() { 55 | std::vector r; 56 | r.resize (8, 0); 57 | for (int i = 0; i < 8; ++i) { 58 | r[i] = s & 0xff; 59 | s >>= 8; 60 | } 61 | return r; 62 | } 63 | 64 | bool cryptographically_significant() { 65 | return false; 66 | } 67 | }; 68 | 69 | /* 70 | * list of hash functions available 71 | */ 72 | 73 | typedef std::map > hashmap; 74 | 75 | void fill_hashmap (hashmap&t) 76 | { 77 | //copy contents of the hash suite 78 | for (hash_proc::suite_t::iterator 79 | i = hash_proc::suite().begin(), 80 | e = hash_proc::suite().end(); 81 | i != e; ++i) { 82 | t[i->first] = i->second->get(); 83 | t[i->first].collect(); 84 | } 85 | 86 | //add size64 check 87 | t["SIZE64"] = new size64proc; 88 | } 89 | 90 | bool hashfile::create (std::istream&in) 91 | { 92 | hashes.clear(); 93 | 94 | hashmap hm; 95 | fill_hashmap (hm); 96 | 97 | for (hashmap::iterator i = hm.begin(), e = hm.end(); i != e; ++i) 98 | i->second->init(); 99 | 100 | std::vector buf; 101 | buf.resize (8192); 102 | 103 | for (;;) { 104 | in.read ( (char*) & (buf[0]), 8192); 105 | if (in) 106 | for (hashmap::iterator i = hm.begin(), e = hm.end(); 107 | i != e; ++i) 108 | i->second->eat (buf); 109 | else if (in.eof()) { 110 | buf.resize (in.gcount()); 111 | for (hashmap::iterator i = hm.begin(), e = hm.end(); 112 | i != e; ++i) { 113 | i->second->eat (buf); 114 | hashes[i->first] = i->second->finish(); 115 | } 116 | return true; 117 | } else return false; 118 | } 119 | } 120 | 121 | int hashfile::verify (std::istream&in) 122 | { 123 | hashmap hm_all, hm; 124 | fill_hashmap (hm_all); 125 | 126 | for (hashes_t::iterator i = hashes.begin(), e = hashes.end(); i != e; ++i) 127 | if (hm_all.count (i->first)) { 128 | hm[i->first] = hm_all[i->first]; 129 | hm_all[i->first].forget(); 130 | } 131 | 132 | 133 | if (hm.empty()) { 134 | err ("notice: no verifiable hash found in hashfile"); 135 | return 2; 136 | } 137 | 138 | for (hashmap::iterator i = hm.begin(), e = hm.end(); i != e; ++i) 139 | i->second->init(); 140 | 141 | std::vector buf; 142 | buf.resize (8192); 143 | 144 | for (;;) { 145 | in.read ( (char*) & (buf[0]), 8192); 146 | if (in) 147 | for (hashmap::iterator i = hm.begin(), e = hm.end(); 148 | i != e; ++i) 149 | i->second->eat (buf); 150 | else if (in.eof()) { 151 | buf.resize (in.gcount()); 152 | for (hashmap::iterator i = hm.begin(), e = hm.end(); 153 | i != e; ++i) { 154 | i->second->eat (buf); 155 | } 156 | break; 157 | } else return 1; 158 | } 159 | 160 | int ok = 0, failed = 0; 161 | for (hashes_t::iterator i = hashes.begin(), e = hashes.end(); 162 | i != e; ++i) { 163 | if (!hm.count (i->first)) { 164 | err ("hash verification: :-/ " 165 | << escape_output (i->first) << " not supported"); 166 | continue; 167 | } 168 | if (i->second == hm[i->first]->finish()) { 169 | //avoid doing a positive decision on informative-grade-only hashes 170 | if (hm[i->first]->cryptographically_significant()) ++ok; 171 | err ("hash verification: ;-) " 172 | << i->first << " is GOOD"); 173 | } else { 174 | ++failed; 175 | err ("hash verification: :-( " 176 | << i->first << " is BAD"); 177 | } 178 | } 179 | 180 | if (failed) return 3; 181 | if (ok) return 0; 182 | return 2; 183 | } 184 | -------------------------------------------------------------------------------- /src/hashfile.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_hashfile_h_ 22 | #define _ccr_hashfile_h_ 23 | 24 | #include "types.h" 25 | #include "sencode.h" 26 | 27 | #include 28 | #include 29 | #include 30 | #include 31 | 32 | class hashfile 33 | { 34 | public: 35 | typedef std::map > hashes_t; 36 | hashes_t hashes; 37 | 38 | bool create (std::istream&); 39 | int verify (std::istream&); 40 | 41 | sencode* serialize(); 42 | bool unserialize (sencode*); 43 | }; 44 | 45 | #endif 46 | -------------------------------------------------------------------------------- /src/iohelpers.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "iohelpers.h" 22 | 23 | bool redirect_cin (const std::string& fn) 24 | { 25 | static std::ifstream alt_cin; 26 | alt_cin.open (fn.c_str(), std::ios::in | std::ios::binary); 27 | if (alt_cin.fail()) return false; 28 | std::cin.rdbuf (alt_cin.rdbuf()); 29 | return true; 30 | } 31 | 32 | bool redirect_cout (const std::string& fn) 33 | { 34 | static std::ofstream alt_cout; 35 | alt_cout.open (fn.c_str(), std::ios::out | std::ios::binary); 36 | if (alt_cout.fail()) return false; 37 | std::cout.rdbuf (alt_cout.rdbuf()); 38 | return true; 39 | } 40 | 41 | bool redirect_cerr (const std::string& fn) 42 | { 43 | static std::ofstream alt_cerr; 44 | alt_cerr.open (fn.c_str(), std::ios::out | std::ios::binary); 45 | if (alt_cerr.fail()) return false; 46 | std::cerr.rdbuf (alt_cerr.rdbuf()); 47 | return true; 48 | } 49 | 50 | std::string escape_output (const std::string&s) 51 | { 52 | std::string r; 53 | const char hex[] = "0123456789abcdef"; 54 | for (size_t i = 0; i < s.length(); ++i) 55 | if (s[i] == '\\') r += "\\\\"; 56 | else if (s[i] >= 0 && s[i] < 0x20) //utf-8 is "negative" here 57 | switch (s[i]) { 58 | case '\a': 59 | r += "\\a"; 60 | break; 61 | case '\b': 62 | r += "\\b"; 63 | break; 64 | case '\x1b': 65 | r += "\\e"; 66 | break; 67 | case '\f': 68 | r += "\\f"; 69 | break; 70 | case '\n': 71 | r += "\\n"; 72 | break; 73 | case '\r': 74 | r += "\\r"; 75 | break; 76 | case '\t': 77 | r += "\\t"; 78 | break; 79 | case '\v': 80 | r += "\\v"; 81 | break; 82 | default: 83 | r += "\\x"; 84 | r += hex[0xf & (s[i] >> 4)]; 85 | r += hex[0xf & s[i]]; 86 | } else r += s[i]; 87 | return r; 88 | } 89 | -------------------------------------------------------------------------------- /src/iohelpers.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_iohelpers_h_ 22 | #define _ccr_iohelpers_h_ 23 | 24 | /* 25 | * output helpers 26 | */ 27 | 28 | #include 29 | #include 30 | #include 31 | 32 | #include "types.h" 33 | 34 | #define out(x) std::cout << x << std::endl 35 | #define out_bin(x) std::cout << x 36 | #define outeol std::cout << std::endl 37 | #define err(x) std::cerr << x << std::endl 38 | #define err_bin(x) std::cerr << x 39 | #define erreol std::cerr << std::endl 40 | #define progerr(x) std::cerr << argv[0] << ": " << x << std::endl 41 | 42 | #define ask_for_yes(ok,x) do {std::cerr << x << " (y/n): "; \ 43 | std::string answer; std::cin >> answer; \ 44 | ok=(answer=="y");} while(0) 45 | 46 | bool redirect_cin (const std::string& fn); 47 | bool redirect_cout (const std::string& fn); 48 | bool redirect_cerr (const std::string& fn); 49 | 50 | #define readall_bufsize 8192 51 | template 52 | bool read_all_input (output_seq&data, std::istream&input = std::cin) 53 | { 54 | data.clear(); 55 | char buf[readall_bufsize]; 56 | for (;;) { 57 | input.read (buf, readall_bufsize); 58 | if (input) data.insert (data.end(), buf, 59 | buf + readall_bufsize); 60 | else if (input.eof()) { 61 | data.insert (data.end(), buf, 62 | buf + input.gcount()); 63 | return true; 64 | } else return false; 65 | } 66 | } 67 | 68 | std::string escape_output (const std::string&); 69 | 70 | #endif 71 | -------------------------------------------------------------------------------- /src/ios.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "ios.h" 22 | 23 | std::ostream& operator<< (std::ostream&o, const polynomial& p) 24 | { 25 | o << "polynomial degree " << p.degree() << ": "; 26 | for (int i = 0, e = p.degree(); i <= e; ++i) o << p[i] << ' '; 27 | o << std::endl; 28 | return o; 29 | } 30 | 31 | std::ostream& operator<< (std::ostream&o, const permutation& p) 32 | { 33 | o << "permutation over " << p.size() << " elements: "; 34 | for (uint i = 0; i < p.size(); ++i) o << p[i] << ' '; 35 | o << std::endl; 36 | return o; 37 | } 38 | 39 | std::ostream& operator<< (std::ostream&o, const gf2m& f) 40 | { 41 | o << "GF(2^" << f.m << ") of " << f.n << " elements, modulus " << f.poly << std::endl; 42 | return o; 43 | } 44 | 45 | std::ostream& operator<< (std::ostream&o, const matrix& m) 46 | { 47 | uint i, j, h, w; 48 | h = m.height(); 49 | w = m.width(); 50 | o << "binary " << h << "x" << w << " matrix:" << std::endl; 51 | for (i = 0; i < h; ++i) { 52 | for (j = 0; j < w; ++j) o << m[j][i]; 53 | o << std::endl; 54 | } 55 | return o; 56 | } 57 | 58 | std::ostream& operator<< (std::ostream&o, const bvector& v) 59 | { 60 | o << "vector of " << v.size() << " elements: "; 61 | for (uint i = 0, e = v.size(); i < e; ++i) o << v[i]; 62 | o << std::endl; 63 | return o; 64 | } 65 | 66 | -------------------------------------------------------------------------------- /src/ios.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_ios_h_ 22 | #define _ccr_ios_h_ 23 | 24 | //operator overloads very useful for debugging/hacking 25 | #include 26 | #include "polynomial.h" 27 | #include "permutation.h" 28 | #include "gf2m.h" 29 | #include "matrix.h" 30 | #include "bvector.h" 31 | 32 | std::ostream& operator<< (std::ostream&o, const polynomial&); 33 | std::ostream& operator<< (std::ostream&o, const permutation&); 34 | std::ostream& operator<< (std::ostream&o, const gf2m&); 35 | std::ostream& operator<< (std::ostream&o, const matrix&); 36 | std::ostream& operator<< (std::ostream&o, const bvector&); 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /src/keyring.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_keys_h_ 22 | #define _ccr_keys_h_ 23 | 24 | #include 25 | #include 26 | 27 | #include "sencode.h" 28 | #include "symkey.h" 29 | 30 | class keyring 31 | { 32 | int lockfd; 33 | public: 34 | struct pubkey_entry { 35 | std::string keyid, name, alg; 36 | sencode *key; 37 | 38 | pubkey_entry() { 39 | key = NULL; 40 | } 41 | 42 | pubkey_entry (const std::string& KID, 43 | const std::string& N, 44 | const std::string& A, 45 | sencode*K) : 46 | keyid (KID), 47 | name (N), 48 | alg (A), 49 | key (K) {} 50 | }; 51 | 52 | struct keypair_entry { 53 | pubkey_entry pub; 54 | 55 | sencode *privkey; 56 | bool locked; //store encrypted 57 | symkey sk; 58 | bool dirty; //privkey_raw needs to be updated 59 | 60 | std::string privkey_raw; 61 | 62 | bool decode_privkey (const std::string&withlock); 63 | bool lock (const std::string&withlock); 64 | bool unlock (const std::string&withlock); 65 | bool fix_dirty (prng&rng); 66 | 67 | keypair_entry() { 68 | privkey = NULL; 69 | dirty = false; 70 | } 71 | 72 | keypair_entry (const std::string&KID, 73 | const std::string& N, 74 | const std::string& A, 75 | sencode*PubK, 76 | sencode*PrivK) 77 | : pub (KID, N, A, PubK), 78 | privkey (PrivK), 79 | locked (false), 80 | dirty (true) 81 | {} 82 | 83 | keypair_entry (const std::string&KID, 84 | const std::string& N, 85 | const std::string& A, 86 | sencode*PubK, 87 | const std::string&PrivK_raw) 88 | : pub (KID, N, A, PubK), 89 | privkey (NULL), 90 | dirty (false), 91 | privkey_raw (PrivK_raw) 92 | {} 93 | }; 94 | 95 | typedef std::map pubkey_storage; 96 | typedef std::map keypair_storage; 97 | 98 | pubkey_storage pubs; 99 | keypair_storage pairs; 100 | 101 | std::string backup_pubs, backup_pairs; 102 | 103 | keyring() { 104 | lockfd = -1; 105 | } 106 | 107 | ~keyring() { 108 | clear(); 109 | } 110 | 111 | void clear(); 112 | 113 | bool open(); 114 | bool close(); 115 | bool save (prng&rng); 116 | 117 | static std::string get_keyid (const std::string& pubkey); 118 | 119 | static std::string get_keyid (sencode* pubkey) { 120 | return get_keyid (pubkey->encode()); 121 | } 122 | 123 | static void clear_keypairs (keypair_storage&); 124 | static void clear_pubkeys (pubkey_storage&); 125 | 126 | static bool parse_keypairs (sencode*, keypair_storage&); 127 | static sencode* serialize_keypairs (keypair_storage&, prng&rng); 128 | static bool parse_pubkeys (sencode*, pubkey_storage&); 129 | static sencode* serialize_pubkeys (const pubkey_storage&); 130 | 131 | pubkey_entry* get_pubkey (const std::string&keyid) { 132 | // "own first", but there should not be collisions. 133 | if (pairs.count (keyid)) return & (pairs[keyid].pub); 134 | if (pubs.count (keyid)) return & (pubs[keyid]); 135 | return NULL; 136 | } 137 | 138 | pubkey_entry* store_pubkey (const std::string&keyid, 139 | const std::string&name, 140 | const std::string&alg, 141 | sencode*key) { 142 | 143 | if (pairs.count (keyid)) return NULL; 144 | if (pubs.count (keyid)) return NULL; 145 | return & (pubs[keyid] = pubkey_entry (keyid, name, alg, key)); 146 | } 147 | 148 | void remove_pubkey (const std::string&keyid) { 149 | if (pubs.count (keyid)) { 150 | sencode_destroy (pubs[keyid].key); 151 | pubs.erase (keyid); 152 | } 153 | } 154 | 155 | keypair_entry* get_keypair (const std::string&keyid) { 156 | if (pairs.count (keyid)) return & (pairs[keyid]); 157 | return NULL; 158 | } 159 | 160 | keypair_entry* store_keypair (const std::string&keyid, 161 | const std::string&name, 162 | const std::string&alg, 163 | sencode*pubkey, sencode*privkey) { 164 | 165 | if (pairs.count (keyid)) return NULL; 166 | if (pubs.count (keyid)) return NULL; 167 | return & (pairs[keyid] = keypair_entry (keyid, name, alg, 168 | pubkey, privkey)); 169 | } 170 | 171 | keypair_entry* store_keypair (const std::string&keyid, 172 | const std::string&name, 173 | const std::string&alg, 174 | sencode*pubkey, 175 | const std::string&privkey_raw) { 176 | 177 | if (pairs.count (keyid)) return NULL; 178 | if (pubs.count (keyid)) return NULL; 179 | return & (pairs[keyid] = keypair_entry (keyid, name, alg, 180 | pubkey, privkey_raw)); 181 | } 182 | 183 | void remove_keypair (const std::string&keyid) { 184 | if (pairs.count (keyid)) { 185 | sencode_destroy (pairs[keyid].pub.key); 186 | if (pairs[keyid].privkey) 187 | sencode_destroy (pairs[keyid].privkey); 188 | pairs.erase (keyid); 189 | } 190 | } 191 | }; 192 | 193 | #endif 194 | 195 | -------------------------------------------------------------------------------- /src/matrix.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "matrix.h" 22 | #include "prng.h" 23 | #include "permutation.h" 24 | 25 | void matrix::resize2 (uint w, uint h, bool def) 26 | { 27 | resize (w); 28 | for (uint i = 0; i < w; ++i) item (i).resize (h, def); 29 | } 30 | 31 | void matrix::zero () 32 | { 33 | uint w = width(), h = height(); 34 | for (uint i = 0; i < w; ++i) 35 | for (uint j = 0; j < h; ++j) 36 | item (i, j) = 0; 37 | } 38 | 39 | void matrix::unit (uint size) 40 | { 41 | clear(); 42 | resize (size); 43 | for (uint i = 0; i < size; ++i) { 44 | item (i).resize (size, 0); 45 | item (i) [i] = 1; 46 | } 47 | } 48 | 49 | matrix matrix::operator* (const matrix&a) 50 | { 51 | matrix r = *this; 52 | r.mult (a); 53 | return r; 54 | } 55 | 56 | void matrix::compute_transpose (matrix&r) 57 | { 58 | uint h = height(), w = width(), i, j; 59 | r.resize (h); 60 | for (i = 0; i < h; ++i) { 61 | r[i].resize (w); 62 | for (j = 0; j < w; ++j) r[i][j] = item (j) [i]; 63 | } 64 | } 65 | 66 | void matrix::mult (const matrix&right) 67 | { 68 | //trivial multiply 69 | matrix leftT; 70 | compute_transpose (leftT); 71 | uint w = right.width(), h = leftT.width(), i, j; 72 | resize (w); 73 | for (i = 0; i < w; ++i) { 74 | item (i).resize (h); 75 | for (j = 0; j < h; ++j) item (i) [j] = leftT[j] * right[i]; 76 | } 77 | } 78 | 79 | bool matrix::compute_inversion (matrix&res, bool upper_tri, bool lower_tri) 80 | { 81 | //gauss-jordan elimination with inversion of the second matrix. 82 | //we are computing with transposed matrices for simpler row ops 83 | 84 | uint s = width(); 85 | if (s != height()) return false; 86 | matrix m, r; 87 | r.unit (s); 88 | this->compute_transpose (m); 89 | 90 | uint i, j; 91 | 92 | //gauss step, create a lower triangular out of m, mirror to r 93 | if (!upper_tri) for (i = 0; i < s; ++i) { 94 | //we need pivoting 1 at [i][i]. If there's none, get it below. 95 | if (m[i][i] != 1) { 96 | for (j = i + 1; j < s; ++j) if (m[j][i] == 1) break; 97 | if (j == s) return false; //noninvertible 98 | m[i].swap (m[j]); 99 | r[i].swap (r[j]); 100 | } 101 | //remove 1's below 102 | if (lower_tri) { 103 | for (j = i + 1; j < s; ++j) if (m[j][i]) { 104 | m[j].add_range (m[i], 0, j + 1); 105 | r[j].add_range (r[i], 0, j + 1); 106 | } 107 | } else { 108 | for (j = i + 1; j < s; ++j) if (m[j][i]) { 109 | m[j].add (m[i]); 110 | r[j].add (r[i]); 111 | } 112 | } 113 | } 114 | 115 | //jordan step 116 | if (!lower_tri) { 117 | if (upper_tri) { 118 | for (i = s; i > 0; --i) 119 | for (j = i - 1; j > 0; --j) 120 | if (m[j - 1][i - 1]) 121 | r[j - 1].add_range (r[i - 1], i - 1, s); 122 | } else { 123 | for (i = s; i > 0; --i) 124 | for (j = i - 1; j > 0; --j) 125 | if (m[j - 1][i - 1]) 126 | r[j - 1].add (r[i - 1]); 127 | } 128 | } 129 | 130 | r.compute_transpose (res); 131 | return true; 132 | } 133 | 134 | bool matrix::get_right_square (matrix&r) 135 | { 136 | uint h = height(), w = width(); 137 | if (w < h) return false; 138 | r.clear(); 139 | r.resize (h); 140 | for (uint i = 0; i < h; ++i) r[i] = item (w - h + i); 141 | return true; 142 | } 143 | 144 | bool matrix::strip_right_square (matrix&r) 145 | { 146 | uint h = height(), w = width(); 147 | if (w < h) return false; 148 | r.clear(); 149 | r.resize (w - h); 150 | for (uint i = 0; i < w - h; ++i) r[i] = item (i); 151 | return true; 152 | } 153 | 154 | void matrix::extend_left_compact (matrix&r) 155 | { 156 | uint i; 157 | uint h = height(), w = width(); 158 | r.clear(); 159 | r.resize (h + w); 160 | for (i = 0; i < h; ++i) { 161 | r[i].resize (h, 0); 162 | r[i][i] = 1; 163 | } 164 | for (i = 0; i < w; ++i) { 165 | r[h + i] = item (i); 166 | } 167 | } 168 | 169 | bool matrix::create_goppa_generator (matrix&g, permutation&p, prng&rng) 170 | { 171 | p.generate_random (width(), rng); 172 | return create_goppa_generator (g, p); 173 | } 174 | 175 | bool matrix::create_goppa_generator (matrix&g, const permutation&p) 176 | { 177 | matrix t, sinv, s; 178 | 179 | //generator construction from Barreto's PQC-4 slides p.21 180 | p.permute (*this, t); 181 | t.get_right_square (sinv); 182 | if (!sinv.compute_inversion (s)) return false; //meant to be retried. 183 | 184 | //TODO why multiply and THEN strip? 185 | s.mult (t); 186 | s.strip_right_square (t); //matrix pingpong for the result 187 | t.compute_transpose (s); 188 | s.extend_left_compact (g); 189 | return true; 190 | } 191 | 192 | bool matrix::set_block (uint x, uint y, const matrix&b) 193 | { 194 | uint h = b.height(), w = b.width(); 195 | if (width() < x + w) return false; 196 | if (height() < y + h) return false; 197 | for (uint i = 0; i < w; ++i) 198 | for (uint j = 0; j < h; ++j) item (x + i, y + j) = b.item (i, j); 199 | return true; 200 | } 201 | -------------------------------------------------------------------------------- /src/matrix.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_matrix_h_ 22 | #define _ccr_matrix_h_ 23 | 24 | #include 25 | #include "types.h" 26 | #include "bvector.h" 27 | #include "vector_item.h" 28 | 29 | /* 30 | * matrix over GF(2) is a vector of columns 31 | */ 32 | class permutation; 33 | class prng; 34 | class matrix : public std::vector 35 | { 36 | protected: 37 | _ccr_declare_vector_item 38 | _ccr_declare_matrix_item 39 | 40 | public: 41 | uint width() const { 42 | return size(); 43 | } 44 | 45 | uint height() const { 46 | if (size()) return item (0).size(); 47 | return 0; 48 | } 49 | 50 | void resize2 (uint w, uint h, bool def = 0); 51 | 52 | matrix operator* (const matrix&); 53 | void mult (const matrix&); //right multiply - this*param 54 | 55 | void zero (); 56 | void unit (uint); 57 | 58 | void compute_transpose (matrix&); 59 | bool compute_inversion (matrix&, 60 | bool upper_tri = false, 61 | bool lower_tri = false); 62 | 63 | bool set_block (uint, uint, const matrix&); 64 | 65 | bool get_right_square (matrix&); 66 | bool strip_right_square (matrix&); 67 | void extend_left_compact (matrix&); 68 | 69 | bool create_goppa_generator (matrix&, permutation&, prng&); 70 | bool create_goppa_generator (matrix&, const permutation&); 71 | 72 | sencode* serialize(); 73 | bool unserialize (sencode*); 74 | }; 75 | 76 | #endif 77 | -------------------------------------------------------------------------------- /src/mce_qcmdpc.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_mce_qcmdpc_h_ 22 | #define _ccr_mce_qcmdpc_h_ 23 | 24 | #include 25 | #include 26 | 27 | #include "bvector.h" 28 | #include "matrix.h" 29 | #include "prng.h" 30 | #include "sencode.h" 31 | #include "types.h" 32 | 33 | /* 34 | * quasi-cyclic MDPC McEliece 35 | * Implemented accordingly to the paper by Misoczki, Tillich, Sendrier and Barreto. 36 | */ 37 | namespace mce_qcmdpc 38 | { 39 | class privkey 40 | { 41 | public: 42 | matrix H; //elems = _cols_ of H blocks (at least 2) 43 | uint t; 44 | uint rounds; 45 | uint delta; 46 | 47 | int decrypt (const bvector&, bvector&); 48 | int decrypt (const bvector&, bvector&, bvector&); 49 | int prepare(); 50 | 51 | uint cipher_size() { 52 | return H[0].size() * H.size(); 53 | } 54 | uint plain_size() { 55 | return H[0].size() * (H.size() - 1); 56 | } 57 | uint error_count() { 58 | return t; 59 | } 60 | 61 | sencode* serialize(); 62 | bool unserialize (sencode*); 63 | }; 64 | 65 | class pubkey 66 | { 67 | public: 68 | matrix G; //elems = top lines of right-side G blocks 69 | uint t; //error count 70 | 71 | int encrypt (const bvector&, bvector&, prng&); 72 | int encrypt (const bvector&, bvector&, const bvector&); 73 | 74 | uint cipher_size() { 75 | return G[0].size() * (G.size() + 1); 76 | } 77 | uint plain_size() { 78 | return G[0].size() * G.size(); 79 | } 80 | uint error_count() { 81 | return t; 82 | } 83 | 84 | sencode* serialize(); 85 | bool unserialize (sencode*); 86 | }; 87 | 88 | int generate (pubkey&, privkey&, prng&, uint blocksize, uint blocks, uint wi, 89 | uint t, uint rounds, uint delta); 90 | } 91 | 92 | #endif 93 | -------------------------------------------------------------------------------- /src/message.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "message.h" 22 | 23 | int encrypted_msg::encrypt (const bvector&msg, 24 | const std::string& Alg_id, 25 | const std::string& Key_id, 26 | algorithm_suite&algs, keyring&kr, prng&rng) 27 | { 28 | key_id = Key_id; 29 | alg_id = Alg_id; 30 | 31 | algorithm*alg = NULL; 32 | if (algs.count (alg_id)) { 33 | alg = algs[alg_id]; 34 | if (!alg->provides_encryption()) 35 | alg = NULL; 36 | } 37 | 38 | if (!alg) return 1; 39 | 40 | keyring::pubkey_entry*pk = kr.get_pubkey (key_id); 41 | if (!pk) return 2; //PK not found 42 | 43 | if (pk->alg != alg_id) return 3; //algorithm mismatch 44 | 45 | return alg->encrypt (msg, ciphertext, pk->key, rng); 46 | } 47 | 48 | int encrypted_msg::decrypt (bvector& msg, algorithm_suite&algs, keyring& kr) 49 | { 50 | algorithm*alg = NULL; 51 | if (algs.count (alg_id)) { 52 | alg = algs[alg_id]; 53 | if (!alg->provides_encryption()) 54 | alg = NULL; 55 | } 56 | 57 | if (!alg) return 1; 58 | 59 | keyring::keypair_entry*k = kr.get_keypair (key_id); 60 | if (!k) return 2; 61 | 62 | if (k->pub.alg != alg_id) return 3; 63 | 64 | return alg->decrypt (ciphertext, msg, k->privkey); 65 | } 66 | 67 | int signed_msg::sign (const bvector&msg, 68 | const std::string& Alg_id, 69 | const std::string& Key_id, 70 | algorithm_suite&algs, keyring&kr, prng&rng) 71 | { 72 | key_id = Key_id; 73 | alg_id = Alg_id; 74 | message = msg; 75 | 76 | algorithm*alg = NULL; 77 | if (algs.count (alg_id)) { 78 | alg = algs[alg_id]; 79 | if (!alg->provides_signatures()) 80 | alg = NULL; 81 | } 82 | 83 | if (!alg) return 1; 84 | 85 | keyring::keypair_entry *k = kr.get_keypair (key_id); 86 | if (!k) return 2; 87 | //note that someone has to prepare the k->privkey in advance! 88 | 89 | if (k->pub.alg != alg_id) return 3; 90 | 91 | int r; 92 | r = alg->sign (message, signature, & (k->privkey), k->dirty, rng); 93 | 94 | if (r) return r; 95 | 96 | if (k->dirty) { 97 | //we can't output a signature without storing privkey changes! 98 | if (!kr.save (rng)) return 4; 99 | } 100 | 101 | return 0; 102 | } 103 | 104 | int signed_msg::verify (algorithm_suite&algs, keyring&kr) 105 | { 106 | algorithm*alg = NULL; 107 | if (algs.count (alg_id)) { 108 | alg = algs[alg_id]; 109 | if (!alg->provides_signatures()) 110 | alg = NULL; 111 | } 112 | 113 | if (!alg) return 1; 114 | 115 | keyring::pubkey_entry*pk = kr.get_pubkey (key_id); 116 | if (!pk) return 2; 117 | 118 | if (pk->alg != alg_id) return 3; 119 | 120 | return alg->verify (signature, message, pk->key); 121 | } 122 | 123 | -------------------------------------------------------------------------------- /src/message.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_msg_h_ 22 | #define _ccr_msg_h_ 23 | 24 | #include 25 | #include "bvector.h" 26 | #include "sencode.h" 27 | #include "algorithm.h" 28 | #include "keyring.h" 29 | #include "prng.h" 30 | 31 | class encrypted_msg 32 | { 33 | public: 34 | bvector ciphertext; 35 | std::string alg_id, key_id; 36 | 37 | int decrypt (bvector&, algorithm_suite&, keyring&); 38 | int encrypt (const bvector& msg, 39 | const std::string& alg_id, 40 | const std::string& key_id, 41 | algorithm_suite&, keyring&, prng&); 42 | 43 | sencode* serialize(); 44 | bool unserialize (sencode*); 45 | }; 46 | 47 | class signed_msg 48 | { 49 | public: 50 | bvector message, signature; 51 | std::string alg_id, key_id; 52 | 53 | int verify (algorithm_suite&, keyring&); 54 | int sign (const bvector&msg, 55 | const std::string&alg_id, 56 | const std::string&key_id, 57 | algorithm_suite&, keyring&, prng&); 58 | 59 | sencode* serialize(); 60 | bool unserialize (sencode*); 61 | }; 62 | 63 | #endif 64 | 65 | -------------------------------------------------------------------------------- /src/permutation.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "permutation.h" 22 | #include "prng.h" 23 | #include "matrix.h" 24 | 25 | void permutation::compute_inversion (permutation&r) const 26 | { 27 | r.resize (size(), 0); 28 | for (uint i = 0; i < size(); ++i) 29 | r[item (i) ] = i; 30 | } 31 | 32 | void permutation::generate_random (uint size, prng&rng) 33 | { 34 | resize (size, 0); 35 | uint i; 36 | for (i = 0; i < size; ++i) item (i) = i; 37 | 38 | //knuth shuffle 39 | for (i = size - 1; i > 0; --i) { 40 | uint j = rng.random (i + 1); 41 | if (i != j) { 42 | uint t = item (i); 43 | item (i) = item (j); 44 | item (j) = t; 45 | } 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /src/permutation.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_permutation_h_ 22 | #define _ccr_permutation_h_ 23 | 24 | #include 25 | #include "types.h" 26 | #include "vector_item.h" 27 | #include "sencode.h" 28 | 29 | /* 30 | * permutation is stored as transposition table ordered from zero 31 | * e.g. (13)(2) is [2,1,0] 32 | */ 33 | class prng; 34 | class matrix; 35 | class permutation : public std::vector 36 | { 37 | protected: 38 | _ccr_declare_vector_item 39 | public: 40 | void compute_inversion (permutation&) const; 41 | 42 | void generate_random (uint n, prng&); 43 | void generate_identity (uint n) { 44 | resize (n); 45 | for (uint i = 0; i < n; ++i) 46 | item (i) = i; 47 | } 48 | 49 | template void permute (const A&a, R&r) const { 50 | r.resize (a.size()); 51 | for (uint i = 0; i < size(); ++i) r[item (i) ] = a[i]; 52 | } 53 | 54 | template void permute_inv (const A&a, R&r) const { 55 | r.resize (a.size()); 56 | for (uint i = 0; i < size(); ++i) r[i] = a[item (i)]; 57 | } 58 | 59 | //work-alike for dyadic permutations. 60 | template static bool permute_dyadic 61 | (uint sig, const A&a, R&r) { 62 | 63 | //check if the thing has size 2^n 64 | uint s = a.size(); 65 | while (s > 1) { 66 | if (s & 1) return false; 67 | s >>= 1; 68 | } 69 | 70 | if (sig >= a.size()) return false; 71 | 72 | r.resize (a.size()); 73 | 74 | uint i; 75 | for (i = 0; i < a.size(); ++i) { 76 | r[sig] = a[i]; 77 | 78 | //flip the correct bit in signature 79 | uint t = i + 1; 80 | uint x = 1; 81 | while (! (t & 1)) { 82 | t >>= 1; 83 | x <<= 1; 84 | } 85 | sig ^= x; 86 | } 87 | 88 | return true; 89 | } 90 | 91 | sencode* serialize(); 92 | bool unserialize (sencode*); 93 | }; 94 | 95 | #endif 96 | -------------------------------------------------------------------------------- /src/polynomial.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "polynomial.h" 22 | #include "gf2m.h" 23 | #include "prng.h" 24 | #include "matrix.h" 25 | 26 | int polynomial::degree() const 27 | { 28 | int r; 29 | for (r = ( (int) size()) - 1; r >= 0; --r) if (item (r)) break; 30 | return r; 31 | } 32 | 33 | void polynomial::strip() 34 | { 35 | resize (degree() + 1); 36 | } 37 | 38 | bool polynomial::zero() const 39 | { 40 | for (uint i = 0; i < size(); ++i) if (item (i)) return false; 41 | return true; 42 | } 43 | 44 | bool polynomial::one() const 45 | { 46 | if (degree() != 0) return false; 47 | return (item (0) == 1) ? true : false; 48 | } 49 | 50 | void polynomial::add (const polynomial&f, gf2m&fld) 51 | { 52 | int df = f.degree(); 53 | if (df > degree()) resize (df + 1); 54 | for (int i = 0; i <= df; ++i) item (i) = fld.add (item (i), f[i]); 55 | } 56 | 57 | void polynomial::add_mult (const polynomial&f, uint mult, gf2m&fld) 58 | { 59 | int df = f.degree(); 60 | if (df > degree()) resize (df + 1); 61 | for (int i = 0; i <= df; ++i) 62 | item (i) = fld.add (item (i), fld.mult (mult, f[i])); 63 | } 64 | 65 | void polynomial::mod (const polynomial&f, gf2m&fld) 66 | { 67 | int df = f.degree(); 68 | if (df < 0) { //mod 0 -> 0 69 | clear(); 70 | return; 71 | } 72 | int d; 73 | uint hi = fld.inv (f[df]); 74 | // while there's place to substract, reduce by x^(d-df)-multiply of f 75 | for (d = degree(); d >= df; --d) 76 | if (item (d)) { 77 | uint t = fld.mult (item (d), hi); 78 | 79 | for (int i = 0; i <= df; ++i) 80 | item (i + d - df) 81 | = fld.add (item (i + d - df), 82 | fld.mult (t, f[i])); 83 | } 84 | strip(); 85 | } 86 | 87 | void polynomial::mult (const polynomial&b, gf2m&fld) 88 | { 89 | polynomial a = *this; 90 | int da, db, i, j; 91 | da = a.degree(); 92 | db = b.degree(); 93 | 94 | clear(); 95 | if ( (da < 0) || (db < 0)) //multiply by zero, not much to do. 96 | return; 97 | 98 | resize (da + db + 1, 0); 99 | for (i = 0; i <= da; ++i) 100 | if (a[i]) for (j = 0; j <= db; ++j) 101 | item (i + j) = fld.add (item (i + j), 102 | fld.mult (a[i], b[j])); 103 | } 104 | 105 | polynomial polynomial::gcd (polynomial b, gf2m&fld) 106 | { 107 | polynomial a = *this; 108 | 109 | //eukleides 110 | if (a.degree() < 0) return b; 111 | for (;;) { 112 | if (b.zero()) return a; 113 | a.mod (b, fld); 114 | if (a.zero()) return b; 115 | b.mod (a, fld); 116 | } 117 | //unreachable 118 | return polynomial(); 119 | } 120 | 121 | uint polynomial::eval (uint x, gf2m&fld) const 122 | { 123 | uint r = 0; 124 | //horner 125 | for (int i = degree(); i >= 0; --i) 126 | r = fld.add (item (i), fld.mult (r, x)); 127 | return r; 128 | } 129 | 130 | void polynomial::shift (uint n) 131 | { 132 | if (degree() < 0) return; 133 | insert (begin(), n, 0); 134 | } 135 | 136 | void polynomial::square (gf2m&fld) 137 | { 138 | polynomial a = *this; 139 | mult (a, fld); 140 | } 141 | 142 | void polynomial::sqrt (std::vector& sqInv, gf2m&fld) 143 | { 144 | polynomial a = *this; 145 | clear(); 146 | uint s = sqInv.size(); 147 | resize (s, 0); 148 | 149 | for (uint i = 0; i < s; ++i) { 150 | for (uint j = 0; j < s; ++j) { 151 | if (j >= a.size()) break; 152 | if (i >= sqInv[j].size()) continue; 153 | item (i) = fld.add (item (i), fld.mult (sqInv[j][i], a[j])); 154 | } 155 | } 156 | strip(); 157 | for (uint i = 0; i < size(); ++i) 158 | item (i) = fld.sq_root (item (i)); 159 | } 160 | 161 | void polynomial::div (polynomial&p, polynomial&m, gf2m&fld) 162 | { 163 | polynomial r0, r1, s0, s1, s2, q0, q1; 164 | 165 | r0 = m; 166 | r1 = p; 167 | r1.mod (m, fld); 168 | 169 | s0.clear(); 170 | 171 | s1.swap (*this); 172 | s1.mod (m, fld); 173 | 174 | while (r1.degree() >= 0) { 175 | r0.divmod (r1, q0, q1, fld); 176 | r0.swap (r1); 177 | r1.swap (q1); 178 | 179 | s2 = s0; 180 | q0.mult (s1, fld); 181 | q0.mod (m, fld); 182 | s2.add (q0, fld); 183 | 184 | s0.swap (s1); 185 | s1.swap (s2); 186 | } 187 | 188 | this->swap (s0); 189 | 190 | //scalar divide by r0 head 191 | if (r0.degree() < 0) return; 192 | uint c = r0[r0.degree() ]; 193 | c = fld.inv (c); 194 | for (uint i = 0; i < size(); ++i) item (i) = fld.mult (item (i), c); 195 | } 196 | 197 | void polynomial::divmod (polynomial&d, polynomial&res, polynomial&rem, gf2m&fld) 198 | { 199 | int degd = d.degree(); 200 | if (degd < 0) return; 201 | 202 | uint headInv = fld.inv (d[degd]); 203 | rem = *this; 204 | res.clear(); 205 | int t; 206 | while ( (t = rem.degree()) >= degd) { 207 | int rp = t - degd; 208 | if ( (int) res.size() < rp + 1) res.resize (rp + 1, 0); 209 | res[rp] = fld.mult (headInv, rem[t]); 210 | for (int i = 0; i <= degd; ++i) 211 | rem[i + rp] = fld.add (rem[i + rp], fld.mult (res[rp], d[i])); 212 | } 213 | rem.strip(); 214 | } 215 | 216 | void polynomial::inv (polynomial&m, gf2m&fld) 217 | { 218 | polynomial a = *this; 219 | resize (1); 220 | item (0) = 1; 221 | div (a, m, fld); 222 | } 223 | 224 | void polynomial::ext_euclid (polynomial&a_out, polynomial&b_out, 225 | polynomial&m, gf2m&fld, int deg) 226 | { 227 | //TODO: speed this up (spare degree calculations) 228 | polynomial A, B, a, b, tmp; 229 | uint h; 230 | 231 | A = *this; 232 | a = m; 233 | B.clear(); 234 | B.resize (1, 1); 235 | b.clear(); 236 | 237 | while (a.degree() > deg) { 238 | if (A.degree() < 0) 239 | break; 240 | 241 | A.swap (a); 242 | B.swap (b); 243 | int j; 244 | while ( (j = A.degree() - a.degree()) >= 0) { 245 | h = fld.div (A.head(), a.head()); 246 | tmp = a; 247 | tmp.shift (j); 248 | A.add_mult (tmp, h, fld); 249 | tmp = b; 250 | tmp.shift (j); 251 | B.add_mult (tmp, h, fld); 252 | } 253 | } 254 | 255 | a.swap (a_out); 256 | b.swap (b_out); 257 | } 258 | 259 | -------------------------------------------------------------------------------- /src/polynomial.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_polynomial_h_ 22 | #define _ccr_polynomial_h_ 23 | 24 | #include 25 | #include "types.h" 26 | #include "sencode.h" 27 | #include "vector_item.h" 28 | 29 | /* 30 | * polynomial over GF(2^m) is effectively a vector with a_n binary values 31 | * with some added operations. 32 | */ 33 | class matrix; 34 | class gf2m; 35 | class prng; 36 | class polynomial : public std::vector 37 | { 38 | protected: 39 | _ccr_declare_vector_item 40 | public: 41 | void strip(); 42 | int degree() const; 43 | bool zero() const; 44 | bool one() const; 45 | void shift (uint); 46 | 47 | uint eval (uint, gf2m&) const; 48 | uint head() { 49 | int t; 50 | if ( (t = degree()) >= 0) return item (t); 51 | else return 0; 52 | } 53 | void add (const polynomial&, gf2m&); 54 | void mult (const polynomial&, gf2m&); 55 | void add_mult (const polynomial&, uint mult, gf2m&); 56 | void mod (const polynomial&, gf2m&); 57 | void div (polynomial&, polynomial&, gf2m&); 58 | void divmod (polynomial&, polynomial&, polynomial&, gf2m&); 59 | void square (gf2m&); 60 | void inv (polynomial&, gf2m&); 61 | 62 | void sqrt (std::vector&, gf2m&); 63 | polynomial gcd (polynomial, gf2m&); 64 | void ext_euclid (polynomial&, polynomial&, polynomial&, gf2m&, int); 65 | 66 | sencode* serialize(); 67 | bool unserialize (sencode*); 68 | }; 69 | 70 | #endif 71 | -------------------------------------------------------------------------------- /src/privfile.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "privfile.h" 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | 30 | bool put_private_file (const std::string&fn, 31 | const std::string&contents, bool force_perms) 32 | { 33 | struct stat st; 34 | if (stat (fn.c_str(), &st)) { 35 | if (errno != ENOENT) 36 | return false; 37 | 38 | //if it simply doesn't exist, create it 39 | int fd; 40 | fd = creat (fn.c_str(), S_IRUSR | S_IWUSR); 41 | if (fd < 0) return false; 42 | ssize_t res = write (fd, contents.c_str(), 43 | contents.length()); 44 | if (close (fd)) return false; 45 | if ( (size_t) res != contents.length()) return false; 46 | 47 | } else { 48 | if (!S_ISREG (st.st_mode)) 49 | return false; 50 | 51 | //remove others' read/write. group r/w is untouched. 52 | if (force_perms && (st.st_mode & 07)) { 53 | if (chmod (fn.c_str(), st.st_mode & ~07)) 54 | return false; 55 | } 56 | } 57 | 58 | if (access (fn.c_str(), R_OK | W_OK)) return false; 59 | 60 | return true; 61 | } 62 | -------------------------------------------------------------------------------- /src/privfile.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_privfile_h_ 22 | #define _ccr_privfile_h_ 23 | 24 | #include 25 | 26 | bool put_private_file (const std::string&fn, 27 | const std::string&contents, 28 | bool force_permissions); 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /src/prng.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_prng_h_ 22 | #define _ccr_prng_h_ 23 | 24 | #include "types.h" 25 | 26 | /* 27 | * pseudorandom number generator. Meant to be inherited and 28 | * instantiated by the library user 29 | */ 30 | class prng 31 | { 32 | public: 33 | virtual uint random (uint) = 0; 34 | }; 35 | 36 | #endif 37 | 38 | -------------------------------------------------------------------------------- /src/pwrng.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2017 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "pwrng.h" 22 | 23 | #include "iohelpers.h" 24 | #include 25 | 26 | #if (HAVE_READPASSPHRASE == 1) 27 | #include 28 | #elif (HAVE_BSDREADPASSPHRASE == 1) 29 | #include 30 | #else 31 | #warning "Falling back to getpass(3), which is marked obsolete!" 32 | /* If you see this, you might as well want to take the readpassphrase() 33 | * implementation from e.g. openssh's openbsd-compat and put it here. */ 34 | #include 35 | #endif 36 | 37 | #define MAX_PW_LEN 1024 //like if someone enjoyed typing that. 38 | 39 | static bool read_password (const std::string&prompt, std::string&pw) 40 | { 41 | #if (HAVE_READPASSPHRASE == 1 || HAVE_BSDREADPASSPHRASE==1) 42 | /* readpassphrase reads at most bufsiz-1 bytes and gets the terminating 43 | * zero just right */ 44 | std::vector pwbuf; 45 | pwbuf.resize (MAX_PW_LEN, 0); 46 | if (!readpassphrase (prompt.c_str(), pwbuf.data(), MAX_PW_LEN, 47 | RPP_REQUIRE_TTY)) 48 | return false; 49 | 50 | pw = pwbuf.data(); 51 | return true; 52 | #else 53 | char* pass = getpass (prompt.c_str()); 54 | if (!pass) return false; 55 | pw = pass; 56 | return true; 57 | #endif 58 | } 59 | 60 | bool pw_rng::seed_from_user_password (const std::string&reason, 61 | const std::string&env_var, 62 | bool verify) 63 | { 64 | 65 | std::string pw; 66 | 67 | const char*env = getenv (env_var.c_str()); 68 | if (env) { 69 | pw = env; 70 | err ("Password for " 71 | << reason 72 | << " successfully read from environment " 73 | << env_var); 74 | } else { 75 | if (!read_password 76 | ("Enter password for " + reason + ": ", pw)) { 77 | err ("pwrng: interactive password reading failed"); 78 | return false; 79 | } 80 | 81 | if (verify) { 82 | std::string pw2; 83 | if (!read_password 84 | ("Same password again for verification: ", 85 | pw2)) { 86 | err ("pwrng: password verification failed"); 87 | return false; 88 | } 89 | if (pw != pw2) { 90 | err ("Passwords do not match!"); 91 | return false; 92 | } 93 | } 94 | } 95 | 96 | r.load_key ( (byte*) pw.data(), 97 | (byte*) (pw.data() + pw.length())); 98 | return true; 99 | } 100 | -------------------------------------------------------------------------------- /src/pwrng.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_pwrng_h_ 22 | #define _ccr_pwrng_h_ 23 | 24 | #include "arcfour.h" 25 | #include "prng.h" 26 | 27 | #include 28 | 29 | class pw_rng : public prng 30 | { 31 | public: 32 | /* 33 | * Using wide arcfour for this purpose might seem weird, but: 34 | * 35 | * - it has large memory requirements 36 | * (1Mbit, with possible ~0.95Mbit of entropy) 37 | * 38 | * - it takes some (very easily parametrizable) amount of time to seed, 39 | * touching the above memory more or less randomly in the process 40 | * 41 | * - "retry rate" is constrained by how many passwords the human user 42 | * can enter per time unit, which (together with the fact that the 43 | * output of this thing is not supposed to get broadcasted directly) 44 | * mostly disables all the known statistical attacks on arcfour 45 | * 46 | * - it's a highly nonstandard variant of a well-understood concept 47 | * (therefore a good candidate for codecrypt right?) 48 | * 49 | * - arcfour is fast, but notably immune to vectorization and similar 50 | * speedups. 51 | * 52 | * The other variant would be scrypt, which we don't implement for two 53 | * reasons: 54 | * 55 | * - there's currently an scrypt-based cryptocoin, which provides 56 | * insane amount of available inversion power against scrypt, which, if 57 | * slightly abused, would invert any password-based key in seconds 58 | * 59 | * - admit it, arcfour is nicer 60 | * 61 | * Discarding 1M of output is very probably good for most uses (it 62 | * permutes well and takes just around 50ms to run on current 63 | * mainstream hardware) but YMMV. 64 | * 65 | * Please report any reasonable cases against this parameter choice. 66 | */ 67 | 68 | arcfour r; 69 | 70 | void init () { 71 | r.init(); 72 | } 73 | 74 | void clear() { 75 | r.clear(); 76 | } 77 | 78 | bool seed_from_user_password (const std::string& reason, 79 | const std::string& env_var, 80 | bool verify); 81 | 82 | typedef uint64_t randmax_t; 83 | uint random (uint n) { 84 | randmax_t i; 85 | r.gen (sizeof (randmax_t), (byte*) &i); 86 | return i % n; 87 | } 88 | }; 89 | 90 | #endif 91 | -------------------------------------------------------------------------------- /src/rmd_hash.h: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* 4 | * This file is part of Codecrypt. 5 | * 6 | * Copyright (C) 2013-2016 Mirek Kratochvil 7 | * 8 | * Codecrypt is free software: you can redistribute it and/or modify it 9 | * under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or (at 11 | * your option) any later version. 12 | * 13 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 14 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 15 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 16 | * License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with Codecrypt. If not, see . 20 | */ 21 | 22 | #ifndef _ccr_rmd_hash_h_ 23 | #define _ccr_rmd_hash_h_ 24 | 25 | #if HAVE_CRYPTOPP==1 26 | 27 | #include "hash.h" 28 | #if CRYPTOPP_DIR_PLUS 29 | # include 30 | #else 31 | # include 32 | #endif 33 | 34 | 35 | //it's used just like SHA, so create it from SHA 36 | class rmd128hash : public shahash {}; 37 | class rmd128proc : public shaproc {}; 38 | 39 | #endif //HAVE_CRYPTOPP==1 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /src/sc.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "sc.h" 22 | 23 | #include "str_match.h" 24 | 25 | #include "arcfour.h" 26 | #include "xsynd.h" 27 | #include "chacha.h" 28 | 29 | typedef arcfour<> arcfour_t; //template god demands sacrifice 30 | 31 | streamcipher::suite_t& streamcipher::suite() 32 | { 33 | static suite_t s; 34 | #define do_cipher(name,type) \ 35 | static factoryof type##_var; \ 36 | s[to_unicase(name)]=&type##_var; 37 | 38 | if (s.empty()) { 39 | do_cipher ("ARCFOUR", arcfour_t); 40 | do_cipher ("CHACHA20", chacha20); 41 | do_cipher ("XSYND", xsynd); 42 | } 43 | 44 | return s; 45 | } 46 | -------------------------------------------------------------------------------- /src/sc.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_sc_h_ 22 | #define _ccr_sc_h_ 23 | 24 | #include "types.h" 25 | #include "factoryof.h" 26 | 27 | #include 28 | 29 | #include 30 | #include 31 | #include 32 | 33 | class streamcipher 34 | { 35 | public: 36 | virtual void init() = 0; 37 | virtual void clear() = 0; 38 | virtual void load_key (const byte*begin, const byte*end) = 0; 39 | virtual byte gen() = 0; 40 | virtual void gen (size_t n, byte*out) = 0; 41 | 42 | //advisory values for effective usage 43 | virtual size_t key_size() = 0; 44 | virtual size_t block_size() = 0; 45 | 46 | virtual ~streamcipher() {} 47 | 48 | void discard (size_t n) { 49 | gen (n, 0); 50 | } 51 | 52 | void load_key_vector (const std::vector&K) { 53 | load_key (K.data(), K.data() + K.size()); 54 | } 55 | 56 | typedef std::map*> suite_t; 57 | static suite_t& suite(); 58 | }; 59 | 60 | #endif 61 | -------------------------------------------------------------------------------- /src/seclock.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2017 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "seclock.h" 22 | 23 | #include "pwrng.h" 24 | #include "iohelpers.h" 25 | 26 | #include 27 | #include 28 | 29 | #include 30 | 31 | #define LOCKED_PREFIX "ccr_lock" 32 | #define LOCKED_PREFIX_LEN 8 33 | 34 | bool looks_like_locked_secret (const std::string&s) 35 | { 36 | std::string prefix = LOCKED_PREFIX; 37 | /* 38 | * unlocked version of this thing is always some kind of sencode, which 39 | * will never start with 'ccr_lock'. Abusing it right here. 40 | */ 41 | return s.length() > LOCKED_PREFIX_LEN 42 | && s.substr (0, LOCKED_PREFIX_LEN) == LOCKED_PREFIX; 43 | } 44 | 45 | bool load_lock_secret (symkey&sk, 46 | std::string withlock, 47 | const std::string &reason, 48 | const std::string &secret_type, 49 | bool for_locking) 50 | { 51 | if (withlock == "") withlock = "@"; //default for password 52 | if (withlock[0] == '@') { 53 | //ask the user and generate a symmetric key 54 | pw_rng r; 55 | r.init(); 56 | if (!r.seed_from_user_password 57 | ( (for_locking ? "locking " : "unlocking ") + reason, 58 | "CCR_" + secret_type + "_PASSWORD", 59 | for_locking)) 60 | return false; 61 | 62 | withlock.erase (0, 1); //delete the @ 63 | if (withlock.empty()) { 64 | std::string alg = "CCR_" + secret_type + "_ALGORITHM"; 65 | const char* algorithm = getenv (alg.c_str()); 66 | if (algorithm) withlock = algorithm; 67 | else withlock = "CHACHA20,CUBE512,SHORTBLOCK"; 68 | //TODO make sure this is synced with synonyms 69 | } 70 | return sk.create (withlock, r); 71 | } else { 72 | return sk.load (withlock, "", false, false); 73 | } 74 | } 75 | 76 | bool lock_secret (const std::string &secret, std::string &locked, 77 | const std::string &withlock, 78 | const std::string &reason, 79 | const std::string &secret_type, 80 | prng&rng) 81 | { 82 | 83 | symkey sk; 84 | if (!load_lock_secret (sk, withlock, reason, secret_type, true)) 85 | return false; 86 | 87 | return lock_secret_sk (secret, locked, sk, rng); 88 | } 89 | 90 | bool lock_secret_sk (const std::string &secret, std::string &locked, 91 | symkey&sk, prng&rng) 92 | { 93 | std::istringstream i (secret); 94 | std::ostringstream o; 95 | o << LOCKED_PREFIX; 96 | bool ret = sk.encrypt (i, o, rng); 97 | locked = o.str(); 98 | return ret; 99 | } 100 | 101 | 102 | bool unlock_secret_sk (const std::string &locked, std::string &secret, 103 | const std::string &withlock, 104 | const std::string &reason, 105 | const std::string &secret_type, 106 | symkey&sk) 107 | { 108 | if (!looks_like_locked_secret (locked)) { 109 | err ("seclock: malformed locked secret"); 110 | return false; 111 | } 112 | 113 | if (!load_lock_secret (sk, withlock, reason, secret_type, false)) 114 | return false; 115 | 116 | 117 | std::istringstream i (locked); 118 | i.ignore (LOCKED_PREFIX_LEN); 119 | std::ostringstream o; 120 | bool ret = !sk.decrypt (i, o); //returns int! 121 | secret = o.str(); 122 | if (!ret) err ("error: unlocking a secret failed," 123 | " double check you password/symkey"); 124 | return ret; 125 | } 126 | 127 | bool unlock_secret (const std::string &locked, std::string &secret, 128 | const std::string &withlock, 129 | const std::string &reason, 130 | const std::string &secret_type) 131 | { 132 | symkey sk; 133 | return unlock_secret_sk (locked, secret, withlock, 134 | reason, secret_type, sk); 135 | } 136 | -------------------------------------------------------------------------------- /src/seclock.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_seclock_h_ 22 | #define _ccr_seclock_h_ 23 | 24 | #include 25 | 26 | #include "prng.h" 27 | #include "symkey.h" 28 | 29 | bool looks_like_locked_secret (const std::string&); 30 | bool load_lock_secret (symkey&sk, 31 | std::string withlock, 32 | const std::string &reason, 33 | const std::string &secret_type, 34 | bool for_locking); 35 | bool lock_secret (const std::string&secret, std::string&locked, 36 | const std::string&withlock, 37 | const std::string&reason, 38 | const std::string&secret_type, 39 | prng&rng); 40 | bool lock_secret_sk (const std::string&secret, std::string&locked, 41 | symkey&sk, prng&rng); 42 | bool unlock_secret (const std::string&locked, std::string&secret, 43 | const std::string&withlock, 44 | const std::string&reason, 45 | const std::string&secret_type); 46 | bool unlock_secret_sk (const std::string&locked, std::string&secret, 47 | const std::string&withlock, 48 | const std::string&reason, 49 | const std::string&secret_type, 50 | symkey&sk); 51 | 52 | #endif 53 | -------------------------------------------------------------------------------- /src/sencode.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "sencode.h" 22 | 23 | #include 24 | #include 25 | 26 | #define sencode_max_int_len 9 27 | #define sencode_max_int 999999999 28 | 29 | static void parse_int (const std::string&str, int&pos, int len, 30 | unsigned int&res) 31 | { 32 | int length; 33 | 34 | res = 0; 35 | ++pos; //skip 'i' 36 | if (pos >= len) goto fail; 37 | 38 | /* 39 | * Strip special cases: Don't support the "empty zero" in form of 'ie'. 40 | * Also, only purpose for having a leading zero in integers is to have 41 | * actual 'i0e' zero. Other cases are disallowed because serialization 42 | * would not be bijective otherwise. 43 | */ 44 | if (str[pos] == 'e') goto fail; 45 | if (str[pos] == '0') { 46 | ++pos; 47 | if (pos < len && str[pos] == 'e') { 48 | res = 0; 49 | return; 50 | } else goto fail; 51 | } 52 | 53 | //parse the number, keep eye on maximum length 54 | length = 0; 55 | for (;;) { 56 | if (pos >= len) goto fail; //not terminated 57 | else if (str[pos] == 'e') break; //done good 58 | else if ( (str[pos] >= '0') and (str[pos] <= '9')) //integer 59 | res = (10 * res) + (unsigned int) (str[pos] - '0'); 60 | else goto fail; //something weird! 61 | ++pos; 62 | if (++length > sencode_max_int_len) goto fail; 63 | } 64 | 65 | return; 66 | fail: 67 | pos = -1; 68 | } 69 | 70 | static void parse_string (const std::string&str, int&pos, int len, 71 | std::string&res) 72 | { 73 | int bytes, length; 74 | 75 | /* 76 | * First, read the amount of bytes. 77 | * We need to keep this bijective, therefore avoid parsing of any 78 | * incorrect cases with leading zeroes except for a single zero. Such 79 | * cases can be distinguished very simply by having zero at first 80 | * position and not having colon right after. 81 | */ 82 | 83 | bytes = 0; 84 | if (pos >= len) goto fail; 85 | if (str[pos] == '0') { 86 | ++pos; 87 | if (pos < len && str[pos] == ':') { 88 | bytes = 0; 89 | return; 90 | } else goto bytes_done; 91 | } 92 | 93 | //parse the number. 94 | length = 0; 95 | for (;;) { 96 | if (pos >= len) goto fail; 97 | else if (str[pos] == ':') break; //got it 98 | else if ( (str[pos] >= '0') and (str[pos] <= '9')) //integer 99 | bytes = (10 * bytes) + (int) (str[pos] - '0'); 100 | else goto fail; //weird! 101 | ++pos; 102 | if (++length > sencode_max_int_len) goto fail; 103 | } 104 | 105 | bytes_done: 106 | 107 | ++pos; 108 | if (pos + bytes >= len) goto fail; 109 | res = str.substr (pos, bytes); 110 | pos += bytes; 111 | --pos; //set position to last char of the bytestring (not behind it) 112 | return; 113 | fail: 114 | pos = -1; 115 | } 116 | 117 | sencode* sencode_decode (const std::string& str) 118 | { 119 | std::list stk; 120 | int pos = 0; 121 | int len = str.length(); 122 | 123 | for (; pos < len; ++pos) { 124 | 125 | /* try to get a token */ 126 | if (str[pos] == 's') { 127 | //push a new s-exp and don't allow closing it yet. 128 | stk.push_back (new sencode_list); 129 | continue; 130 | } else if (str[pos] == 'e') { 131 | //push nothing (so the TOS s-exp gets terminated) 132 | } else if (str[pos] == 'i') { 133 | //parse an integer (it's unsigned!) 134 | unsigned int res; 135 | parse_int (str, pos, len, res); 136 | if (pos < 0) break; 137 | stk.push_back (new sencode_int (res)); 138 | 139 | } else if ( (str[pos] >= '0') && (str[pos] <= '9')) { 140 | //parse a bytestring 141 | std::string res; 142 | parse_string (str, pos, len, res); 143 | if (pos < 0) break; 144 | stk.push_back (new sencode_bytes (res)); 145 | } 146 | 147 | /* if there's nothing on the stack now, it's an error. */ 148 | if (stk.empty()) break; 149 | 150 | /* reduce stack. (return positively if it would 151 | * get empty and there's nothing more to parse.) */ 152 | if (stk.size() > 1) { 153 | std::list::iterator i = stk.end(); 154 | --i; 155 | sencode*tos = *i; 156 | --i; 157 | sencode_list*se = dynamic_cast (*i); 158 | if (!se) break; //shouldn't happen, but keep eyes open! 159 | se->items.push_back (tos); 160 | stk.pop_back(); 161 | } else if (pos + 1 == len) { 162 | return stk.front(); 163 | } 164 | } 165 | 166 | /* error handling. Destroy the stack, return false. */ 167 | 168 | for (std::list::iterator i = stk.begin(), e = stk.end(); 169 | i != e; ++i) 170 | sencode_destroy (*i); 171 | 172 | return NULL; 173 | } 174 | 175 | void sencode_destroy (sencode*x) 176 | { 177 | x->destroy(); 178 | delete x; 179 | } 180 | 181 | void sencode_list::destroy() 182 | { 183 | for (std::vector::iterator 184 | i = items.begin(), 185 | e = items.end(); 186 | i != e; ++i) 187 | sencode_destroy (*i); 188 | 189 | items.clear(); 190 | } 191 | 192 | std::string sencode_list::encode() 193 | { 194 | std::string r = "s"; 195 | for (std::vector::iterator 196 | i = items.begin(), 197 | e = items.end(); 198 | i != e; ++i) 199 | r += (*i)->encode(); 200 | 201 | r += "e"; 202 | return r; 203 | } 204 | 205 | std::string sencode_int::encode() 206 | { 207 | if (i > sencode_max_int) return "i0e"; //failure fallback 208 | std::stringstream ss; 209 | ss << 'i' << i << 'e'; 210 | return ss.str(); 211 | } 212 | 213 | std::string sencode_bytes::encode() 214 | { 215 | if (b.length() > sencode_max_int) return "0:"; //failure fallback 216 | std::stringstream ss; 217 | ss << b.length() << ':' << b; 218 | return ss.str(); 219 | } 220 | 221 | -------------------------------------------------------------------------------- /src/sencode.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_sencode_h_ 22 | #define _ccr_sencode_h_ 23 | 24 | #include 25 | #include 26 | 27 | #include "types.h" 28 | 29 | /* 30 | * data serialization format 31 | */ 32 | 33 | class sencode 34 | { 35 | public: 36 | virtual std::string encode() = 0; 37 | virtual void destroy() {} 38 | 39 | virtual ~sencode() {} 40 | }; 41 | 42 | sencode* sencode_decode (const std::string&); 43 | void sencode_destroy (sencode*); 44 | 45 | class sencode_list: public sencode 46 | { 47 | public: 48 | std::vector items; 49 | 50 | virtual std::string encode(); 51 | virtual void destroy(); 52 | }; 53 | 54 | class sencode_int: public sencode 55 | { 56 | public: 57 | uint i; 58 | sencode_int (uint I) { 59 | i = I; 60 | } 61 | 62 | virtual std::string encode(); 63 | }; 64 | 65 | class sencode_bytes: public sencode 66 | { 67 | public: 68 | std::string b; 69 | sencode_bytes (const std::string&s) : b (s) {} 70 | sencode_bytes (const std::vector&a) : b (a.begin(), a.end()) {} 71 | 72 | virtual std::string encode(); 73 | }; 74 | 75 | #endif 76 | 77 | -------------------------------------------------------------------------------- /src/sha_hash.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_sha_hash_h_ 22 | #define _ccr_sha_hash_h_ 23 | 24 | #if HAVE_CRYPTOPP==1 25 | 26 | #include "hash.h" 27 | #if CRYPTOPP_DIR_PLUS 28 | # include 29 | #else 30 | # include 31 | #endif 32 | 33 | template 34 | class shahash : public hash_func 35 | { 36 | public: 37 | uint size() { 38 | return shatype::DIGESTSIZE; 39 | } 40 | 41 | std::vector operator() (const std::vector&a) { 42 | std::vector r; 43 | r.resize (size()); 44 | shatype().CalculateDigest (& (r[0]), 45 | & (a[0]), 46 | a.size()); 47 | return r; 48 | } 49 | }; 50 | 51 | class sha256hash : public shahash {}; 52 | class sha384hash : public shahash {}; 53 | class sha512hash : public shahash {}; 54 | 55 | template 56 | class shaproc : public hash_proc 57 | { 58 | shatype state; 59 | public: 60 | uint size() { 61 | return shatype::DIGESTSIZE; 62 | } 63 | 64 | void init() { 65 | state.Restart(); 66 | } 67 | 68 | void eat (const byte*a, const byte*aend) { 69 | state.Update (a, aend - a); 70 | } 71 | 72 | std::vector finish() { 73 | std::vector r; 74 | r.resize (size()); 75 | state.Final (& (r[0])); 76 | return r; 77 | } 78 | }; 79 | 80 | class sha256proc : public shaproc {}; 81 | class sha384proc : public shaproc {}; 82 | class sha512proc : public shaproc {}; 83 | 84 | #endif //HAVE_CRYPTOPP==1 85 | 86 | #endif 87 | -------------------------------------------------------------------------------- /src/str_match.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #include "str_match.h" 22 | 23 | #include 24 | #include //for tolower() 25 | 26 | bool algorithm_name_matches (const std::string& search, 27 | const std::string&name) 28 | { 29 | 30 | if (search.length() > name.length()) return false; 31 | for (size_t i = 0; i < search.length(); ++i) 32 | if (tolower (search[i]) != tolower (name[i])) return false; 33 | return true; 34 | } 35 | 36 | bool matches_icase (std::string name, std::string s) 37 | { 38 | transform (name.begin(), name.end(), name.begin(), ::tolower); 39 | transform (s.begin(), s.end(), s.begin(), ::tolower); 40 | return name.find (s) != name.npos; 41 | } 42 | 43 | bool keyspec_matches (const std::string&search, 44 | const std::string&name, 45 | const std::string&keyid) 46 | { 47 | if (!search.length()) return true; 48 | if (search[0] == '@') { //match for keyID 49 | if (search.length() > keyid.length() + 1) return false; 50 | for (size_t i = 1; i < search.length(); ++i) 51 | if (tolower (search[i] != tolower (keyid[i - 1]))) 52 | return false; 53 | return true; 54 | } 55 | 56 | return matches_icase (name, search); 57 | } 58 | 59 | std::string to_unicase (std::string str) 60 | { 61 | transform (str.begin(), str.end(), str.begin(), ::toupper); 62 | return str; 63 | } 64 | -------------------------------------------------------------------------------- /src/str_match.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_str_match_h_ 22 | #define _ccr_str_match_h_ 23 | 24 | #include 25 | 26 | bool algorithm_name_matches (const std::string& search, 27 | const std::string&name); 28 | 29 | bool keyspec_matches (const std::string&search, 30 | const std::string&name, 31 | const std::string&keyid); 32 | 33 | std::string to_unicase (std::string); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /src/symkey.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_symkey_h_ 22 | #define _ccr_symkey_h_ 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | 30 | #include "types.h" 31 | #include "prng.h" 32 | #include "sencode.h" 33 | 34 | class symkey 35 | { 36 | public: 37 | std::set ciphers, hashes; 38 | 39 | uint blocksize; 40 | 41 | std::vector key; 42 | 43 | sencode* serialize(); 44 | bool unserialize (sencode*); 45 | 46 | bool encrypt (std::istream&, std::ostream&, prng&); 47 | int decrypt (std::istream&, std::ostream&); 48 | 49 | bool is_valid(); 50 | bool create (const std::string&, prng&); 51 | 52 | bool load (const std::string&fn, const std::string&withlock, 53 | bool for_encryption, bool armor); 54 | bool save (const std::string&fn, const std::string&withlock, 55 | bool armor, bool force_lock, prng&r); 56 | }; 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /src/tiger_hash.h: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* 4 | * This file is part of Codecrypt. 5 | * 6 | * Copyright (C) 2013-2016 Mirek Kratochvil 7 | * 8 | * Codecrypt is free software: you can redistribute it and/or modify it 9 | * under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or (at 11 | * your option) any later version. 12 | * 13 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 14 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 15 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 16 | * License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with Codecrypt. If not, see . 20 | */ 21 | 22 | #ifndef _ccr_tiger_hash_h_ 23 | #define _ccr_tiger_hash_h_ 24 | 25 | #if HAVE_CRYPTOPP==1 26 | 27 | #include "hash.h" 28 | 29 | #if CRYPTOPP_DIR_PLUS 30 | # include 31 | #else 32 | # include 33 | #endif 34 | 35 | //it's used just like SHA, so create it from SHA 36 | class tiger192hash : public shahash {}; 37 | class tiger192proc : public shaproc {}; 38 | 39 | #endif //HAVE_CRYPTOPP==1 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /src/types.h: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* 4 | * This file is part of Codecrypt. 5 | * 6 | * Copyright (C) 2013-2016 Mirek Kratochvil 7 | * 8 | * Codecrypt is free software: you can redistribute it and/or modify it 9 | * under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or (at 11 | * your option) any later version. 12 | * 13 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 14 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 15 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 16 | * License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with Codecrypt. If not, see . 20 | */ 21 | 22 | #ifndef _ccr_types_h_ 23 | #define _ccr_types_h_ 24 | 25 | /* 26 | * typedefs. uint should be able to comfortably hold the GF(2^m) elements of 27 | * underlying calculations (esp. with polynomials. Switching to 64bits is 28 | * adviseable when computing with m=16 and larger. 29 | */ 30 | typedef unsigned int uint; 31 | typedef unsigned char byte; 32 | 33 | //TODO add separate type for GF(2^m) elements! 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /src/vector_item.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_vector_item_h_ 22 | #define _ccr_vector_item_h_ 23 | 24 | //little STL helper, because writing (*this)[i] everywhere is clumsy 25 | #define _ccr_declare_vector_item \ 26 | inline reference item(size_type n) \ 27 | { return (*this)[n]; }; \ 28 | inline const_reference item(size_type n) const \ 29 | { return (*this)[n]; }; 30 | #define _ccr_declare_matrix_item \ 31 | inline value_type::reference \ 32 | item(size_type n, size_type m) \ 33 | { return (*this)[n][m]; }; \ 34 | inline value_type::const_reference \ 35 | item(size_type n, size_type m) const \ 36 | { return (*this)[n][m]; }; 37 | 38 | #endif 39 | 40 | -------------------------------------------------------------------------------- /src/xsynd.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This file is part of Codecrypt. 4 | * 5 | * Copyright (C) 2013-2016 Mirek Kratochvil 6 | * 7 | * Codecrypt is free software: you can redistribute it and/or modify it 8 | * under the terms of the GNU Lesser General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or (at 10 | * your option) any later version. 11 | * 12 | * Codecrypt is distributed in the hope that it will be useful, but WITHOUT 13 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 15 | * License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public License 18 | * along with Codecrypt. If not, see . 19 | */ 20 | 21 | #ifndef _ccr_xsynd_h_ 22 | #define _ccr_xsynd_h_ 23 | 24 | #include "sc.h" 25 | 26 | #include 27 | 28 | /* 29 | * This is a stream cipher based on XSYND, the stream cipher with 30 | * mathematicaly provable (AND also proven) security. 31 | * 32 | * Parameters chosen for this implementation were chosen to have better attack 33 | * security than "standard" 2^256 and cool round numbers. Fuck speed. 34 | * 35 | * n=32768, r=1024, omega=128, b=8 36 | * 37 | * To be cool, everything is written with 64-bit integers. 38 | */ 39 | 40 | class xsynd : public streamcipher 41 | { 42 | public: 43 | uint64_t R1[16]; 44 | 45 | byte block[128]; 46 | int blockpos; 47 | 48 | void init(); 49 | 50 | void clear() { 51 | init(); 52 | } 53 | 54 | void load_key (const byte*begin, const byte*end); 55 | byte gen(); 56 | void gen (size_t n, byte*out); 57 | 58 | //advisory values for effective usage 59 | size_t key_size() { 60 | return 128; 61 | } 62 | 63 | size_t block_size() { 64 | return 128; 65 | } 66 | }; 67 | 68 | #endif 69 | --------------------------------------------------------------------------------