libslunkcrypt/src/slunkcrypt.c

   1 /******************************************************************************/
   2 /* SlunkCrypt, by LoRd_MuldeR <MuldeR2@GMX.de>                                */
   3 /* This work has been released under the CC0 1.0 Universal license!           */
   4 /******************************************************************************/
   5
   6 /* Internal */
   7 #include "slunkcrypt.h"
   8 #include "compiler.h"
   9 #include "keygen.h"
  10 #include "thread.h"
  11 #include "version.h"
  12
  13 /* CRT */
  14 #include <string.h>
  15 #include <limits.h>
  16
  17 /* Version */
  18 const uint16_t SLUNKCRYPT_VERSION_MAJOR = LIB_VERSION_MAJOR;
  19 const uint16_t SLUNKCRYPT_VERSION_MINOR = LIB_VERSION_MINOR;
  20 const uint16_t SLUNKCRYPT_VERSION_PATCH = LIB_VERSION_PATCH;
  21 const char *const SLUNKCRYPT_BUILD = __DATE__ ", " __TIME__;
  22
  23 /* Utilities */
  24 #define BOOLIFY(X) (!!(X))
  25 #define THREAD_COUNT(X) (((X)->thread_pool) ? slunkcrypt_thrdpl_count((X)->thread_pool) : 1U)
  26
  27 /* Configuration */
  28 const int SLUNKCRYPT_HAVE_THREADS = BOOLIFY(MAX_THREADS > 1U);
  29
  30 // ==========================================================================
  31 // Data structures
  32 // ==========================================================================
  33
  34 typedef struct
  35 {
  36         uint32_t x, y, z, w, v, d;
  37 }
  38 rand_state_t;
  39
  40 typedef struct
  41 {
  42         int reverse_mode;
  43         const uint8_t (*wheel)[256U];
  44         uint32_t counter;
  45         size_t index_off;
  46         rand_state_t random;
  47 }
  48 thread_state_t;
  49
  50 typedef struct
  51 {
  52         uint8_t wheel[256U][256U];
  53         thread_state_t thread_data[MAX_THREADS];
  54 }
  55 crypt_data_t;
  56
  57 typedef struct
  58 {
  59         thrdpl_t *thread_pool;
  60         crypt_data_t data;
  61 }
  62 crypt_state_t;
  63
  64 // ==========================================================================
  65 // Abort flag
  66 // ==========================================================================
  67
  68 volatile int g_slunkcrypt_abort_flag = 0;
  69
  70 #define CHECK_ABORTED() do \
  71 { \
  72         if (g_slunkcrypt_abort_flag) \
  73         { \
  74                 goto aborted; \
  75         } \
  76 } \
  77 while (0)
  78
  79 // ==========================================================================
  80 // Byte access (endianness agnostic)
  81 // ==========================================================================
  82
  83 static INLINE uint32_t lower_u64(const uint64_t value)
  84 {
  85         return (uint32_t)(value & 0xFFFFFFFF);
  86 }
  87
  88 static INLINE uint32_t upper_u64(const uint64_t value)
  89 {
  90         return (uint32_t)(value >> 32U);
  91 }
  92
  93 // ==========================================================================
  94 // Deterministic random bit generator
  95 // ==========================================================================
  96
  97 static INLINE void random_init(rand_state_t *const state, const keydata_t *const key)
  98 {
  99         slunkcrypt_bzero(state, sizeof(rand_state_t));
 100         state->x = lower_u64(key->a);
 101         state->y = upper_u64(key->a);
 102         state->z = lower_u64(key->b);
 103         state->w = upper_u64(key->b);
 104         state->v = lower_u64(key->c);
 105         state->d = upper_u64(key->c);
 106 }
 107
 108 static INLINE uint32_t random_next(rand_state_t *const state)
 109 {
 110         const uint32_t t = state->x ^ (state->x >> 2);
 111         state->x = state->y;
 112         state->y = state->z;
 113         state->z = state->w;
 114         state->w = state->v;
 115         state->v ^= (state->v << 4) ^ t ^ (t << 1);
 116         return (state->d += 0x000587C5) + state->v;
 117 }
 118
 119 static INLINE void random_skip(rand_state_t *const state, const size_t skip_count)
 120 {
 121         size_t i;
 122         for (i = 0U; i < skip_count; ++i)
 123         {
 124                 UNUSED /*volatile*/ uint32_t q = random_next(state);
 125         }
 126 }
 127
 128 static INLINE void random_seed(rand_state_t *const state, uint64_t salt, const uint16_t pepper, const uint8_t *const passwd, const size_t passwd_len)
 129 {
 130         keydata_t key;
 131         do
 132         {
 133                 slunkcrypt_keygen(&key, salt++, pepper, passwd, passwd_len);
 134                 random_init(state, &key);
 135                 slunkcrypt_bzero(&key, sizeof(keydata_t));
 136         }
 137         while (!(state->x || state->y || state->z || state->w || state->v));
 138         random_skip(state, 97U);
 139 }
 140
 141 // ==========================================================================
 142 // Initialization
 143 // ==========================================================================
 144
 145 static int initialize_state(crypt_data_t *const data, const size_t thread_count, const uint64_t nonce, const uint8_t *const passwd, const size_t passwd_len, const int mode)
 146 {
 147         uint8_t temp[256U][256U];
 148         size_t r, i;
 149         const int reverse_mode = BOOLIFY(mode);
 150
 151         /* initialize state */
 152         slunkcrypt_bzero(data, sizeof(crypt_data_t));
 153
 154         /* initialize counter */
 155         random_seed(&data->thread_data[0].random, nonce, (uint16_t)(-1), passwd, passwd_len);
 156         data->thread_data[0].counter = random_next(&data->thread_data[0].random);
 157
 158         /* set up the wheel permutations */
 159         for (r = 0U; r < 256U; ++r)
 160         {
 161                 random_seed(&data->thread_data[0].random, nonce, (uint16_t)r, passwd, passwd_len);
 162                 for (i = 0U; i < 256U; ++i)
 163                 {
 164                         const size_t j = random_next(&data->thread_data[0].random) % (i + 1U);
 165                         if (j != i)
 166                         {
 167                                 data->wheel[r][i] = data->wheel[r][j];
 168                         }
 169                         data->wheel[r][j] = (uint8_t)i;
 170                 }
 171                 CHECK_ABORTED();
 172         }
 173
 174         /* reverse the wheels, if requested */
 175         if (reverse_mode)
 176         {
 177                 for (r = 0U; r < 256U; ++r)
 178                 {
 179                         for (i = 0U; i < 256U; ++i)
 180                         {
 181                                 temp[r][data->wheel[r][i]] = (uint8_t)i;
 182                         }
 183                 }
 184                 for (r = 0U; r < 256U; ++r)
 185                 {
 186                         memcpy(data->wheel[255U - r], temp[r], 256U);
 187                 }
 188                 slunkcrypt_bzero(temp, sizeof(temp));
 189                 CHECK_ABORTED();
 190         }
 191
 192         /* initialize thread state */
 193         data->thread_data[0].reverse_mode = reverse_mode;
 194         data->thread_data[0].wheel = (const uint8_t(*)[256]) data->wheel;
 195         data->thread_data[0].index_off = 0U;
 196         random_seed(&data->thread_data[0].random, nonce, 256U, passwd, passwd_len);
 197         for (i = 1U; i < thread_count; ++i)
 198         {
 199                 data->thread_data[i].reverse_mode = data->thread_data[0].reverse_mode;
 200                 data->thread_data[i].wheel = data->thread_data[0].wheel;
 201                 data->thread_data[i].counter = data->thread_data[0].counter + ((uint32_t)i);
 202                 data->thread_data[i].index_off = data->thread_data[i - 1U].index_off + 1U;
 203                 memcpy(&data->thread_data[i].random, &data->thread_data[0].random, sizeof(rand_state_t));
 204                 random_skip(&data->thread_data[i].random, i * 63U);
 205                 CHECK_ABORTED();
 206         }
 207
 208         return SLUNKCRYPT_SUCCESS;
 209
 210         /* aborted */
 211 aborted:
 212         slunkcrypt_bzero(data, sizeof(crypt_data_t));
 213         return SLUNKCRYPT_ABORTED;
 214 }
 215
 216 // ==========================================================================
 217 // Encrypt / Decrypt
 218 // ==========================================================================
 219
 220 static INLINE void update_offset(uint8_t *const offset, uint32_t seed, rand_state_t *const state, const int reverse)
 221 {
 222         size_t i;
 223         for (i = 0U; i < 256U; ++i, seed >>= CHAR_BIT)
 224         {
 225                 if (i && (!(i & 3U)))
 226                 {
 227                         seed = random_next(state);
 228                 }
 229                 offset[reverse ? (255U - i) : i] = (uint8_t)seed;
 230         }
 231 }
 232
 233 static INLINE uint8_t process_next_symbol(thread_state_t *const state, uint8_t value)
 234 {
 235         uint8_t offset[256U];
 236         size_t i;
 237         update_offset(offset, state->counter, &state->random, state->reverse_mode);
 238         for (i = 0U; i < 256U; ++i)
 239         {
 240                 value = (state->wheel[i][(value + offset[i]) & 0xFF] - offset[i]) & 0xFF;
 241         }
 242         return value;
 243 }
 244
 245 // ==========================================================================
 246 // Thread entry point
 247 // ==========================================================================
 248
 249 static INLINE void update_index(thread_state_t *const state, const size_t thread_count, const size_t length)
 250 {
 251         const size_t remaining = thread_count - (length % thread_count);
 252         if (remaining != thread_count)
 253         {
 254                 state->index_off = (state->index_off + remaining) % thread_count;
 255         }
 256 }
 257
 258 static void thread_worker(const size_t thread_count, void *const context, uint8_t *const buffer, const size_t length)
 259 {
 260         thread_state_t *const state = (thread_state_t*) context;
 261         size_t i;
 262
 263         for (i = state->index_off; i < length; i += thread_count)
 264         {
 265                 buffer[i] = process_next_symbol(state, buffer[i]);
 266                 state->counter += (uint32_t)thread_count;
 267                 random_skip(&state->random, 63U * (thread_count - 1U));
 268         }
 269
 270         update_index(state, thread_count, length);
 271 }
 272
 273 // ==========================================================================
 274 // Public API
 275 // ==========================================================================
 276
 277 int slunkcrypt_generate_nonce(uint64_t *const nonce)
 278 {
 279         if (!nonce)
 280         {
 281                 return SLUNKCRYPT_FAILURE;
 282         }
 283         do
 284         {
 285                 if (slunkcrypt_random_bytes((uint8_t*)nonce, sizeof(uint64_t)) != sizeof(uint64_t))
 286                 {
 287                         return SLUNKCRYPT_FAILURE;
 288                 }
 289         }
 290         while (!(*nonce));
 291         return SLUNKCRYPT_SUCCESS;
 292 }
 293
 294 slunkcrypt_t slunkcrypt_alloc(const uint64_t nonce, const uint8_t *const passwd, const size_t passwd_len, const int mode)
 295 {
 296         slunkparam_t param = { SLUNKCRYPT_PARAM_VERSION, 0U };
 297         return slunkcrypt_alloc_ext(nonce, passwd, passwd_len, mode, &param);
 298 }
 299
 300 slunkcrypt_t slunkcrypt_alloc_ext(const uint64_t nonce, const uint8_t *const passwd, const size_t passwd_len, const int mode, const slunkparam_t *const param)
 301 {
 302         crypt_state_t* state = NULL;
 303
 304         if ((!passwd) || (passwd_len < SLUNKCRYPT_PWDLEN_MIN) || (passwd_len > SLUNKCRYPT_PWDLEN_MAX) ||
 305                 (mode < SLUNKCRYPT_ENCRYPT) || (mode > SLUNKCRYPT_DECRYPT) || (!param) || (param->version == 0U) || (param->version > SLUNKCRYPT_PARAM_VERSION))
 306         {
 307                 return SLUNKCRYPT_NULL;
 308         }
 309
 310         if (!(state = (crypt_state_t*)malloc(sizeof(crypt_state_t))))
 311         {
 312                 return SLUNKCRYPT_NULL;
 313         }
 314
 315         if ((state->thread_pool = slunkcrypt_thrdpl_create(param->thread_count, thread_worker)))
 316         {
 317                 const size_t thread_count = slunkcrypt_thrdpl_count(state->thread_pool);
 318                 size_t i;
 319                 for (i = 0U; i < thread_count; ++i)
 320                 {
 321                         slunkcrypt_thrdpl_init(state->thread_pool, i, &state->data.thread_data[i]);
 322                 }
 323         }
 324
 325         if (initialize_state(&state->data, THREAD_COUNT(state), nonce, passwd, passwd_len, mode) == SLUNKCRYPT_SUCCESS)
 326         {
 327                 return (slunkcrypt_t)state;
 328         }
 329
 330         slunkcrypt_free((slunkcrypt_t)state);
 331         return SLUNKCRYPT_NULL;
 332 }
 333
 334 int slunkcrypt_reset(const slunkcrypt_t context, const uint64_t nonce, const uint8_t *const passwd, const size_t passwd_len, const int mode)
 335 {
 336         crypt_state_t *const state = (crypt_state_t*) context;
 337         int result = SLUNKCRYPT_FAILURE;
 338
 339         if ((!state) || (!passwd) || (passwd_len < SLUNKCRYPT_PWDLEN_MIN) || (passwd_len > SLUNKCRYPT_PWDLEN_MAX) || (mode < SLUNKCRYPT_ENCRYPT) || (mode > SLUNKCRYPT_DECRYPT))
 340         {
 341                 return SLUNKCRYPT_FAILURE;
 342         }
 343         if ((result = initialize_state(&state->data, THREAD_COUNT(state), nonce, passwd, passwd_len, mode)) != SLUNKCRYPT_SUCCESS)
 344         {
 345                 slunkcrypt_bzero(&state->data, sizeof(crypt_data_t));
 346         }
 347         return result;
 348 }
 349
 350 int slunkcrypt_process(const slunkcrypt_t context, const uint8_t *const input, uint8_t *const output, size_t length)
 351 {
 352         crypt_state_t *const state = (crypt_state_t*)context;
 353         if (!state)
 354         {
 355                 return SLUNKCRYPT_FAILURE;
 356         }
 357
 358         if (length > 0U)
 359         {
 360                 memcpy(output, input, length);
 361                 return slunkcrypt_inplace(context, output, length);
 362         }
 363
 364         return SLUNKCRYPT_SUCCESS;
 365 }
 366
 367 int slunkcrypt_inplace(const slunkcrypt_t context, uint8_t *const buffer, size_t length)
 368 {
 369         crypt_state_t *const state = (crypt_state_t*)context;
 370         if (!state)
 371         {
 372                 return SLUNKCRYPT_FAILURE;
 373         }
 374
 375         if (length > 0U)
 376         {
 377                 if (THREAD_COUNT(state) > 1U)
 378                 {
 379                         slunkcrypt_thrdpl_exec(state->thread_pool, buffer, length);
 380                 }
 381                 else
 382                 {
 383                         thread_worker(1U, &state->data.thread_data[0U], buffer, length);
 384                 }
 385         }
 386
 387         CHECK_ABORTED();
 388         return SLUNKCRYPT_SUCCESS;
 389
 390 aborted:
 391         slunkcrypt_bzero(buffer, length);
 392         slunkcrypt_bzero(&state->data, sizeof(crypt_data_t));
 393         return SLUNKCRYPT_ABORTED;
 394 }
 395
 396 void slunkcrypt_free(const slunkcrypt_t context)
 397 {
 398         crypt_state_t *const state = (crypt_state_t*) context;
 399         if (state)
 400         {
 401                 if (state->thread_pool)
 402                 {
 403                         slunkcrypt_thrdpl_destroy(state->thread_pool);
 404                 }
 405                 slunkcrypt_bzero(state, sizeof(crypt_state_t));
 406                 free(state);
 407         }
 408 }