pspp-convert: Add support for decrypting encrypted system files.

[pspp] / src / libpspp / cmac-aes256.c

diff --git a/src/libpspp/cmac-aes256.c b/src/libpspp/cmac-aes256.c
new file mode 100644 (file)
index 0000000..fb8ea16
--- /dev/null
+++ b/src/libpspp/cmac-aes256.c
@@ -0,0 +1,87 @@
+/* PSPP - a program for statistical analysis.
+   Copyright (C) 2013 Free Software Foundation, Inc.
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>. */
+
+#include <config.h>
+
+#include <string.h>
+
+#include "libpspp/cmac-aes256.h"
+#include "libpspp/cast.h"
+
+#include "gl/rijndael-alg-fst.h"
+
+static void
+gen_subkey (const uint8_t in[16], uint8_t out[16])
+{
+  size_t i;
+
+  for (i = 0; i < 15; i++)
+    out[i] = (in[i] << 1) | (in[i + 1] >> 7);
+  out[15] = in[15] << 1;
+
+  if (in[0] & 0x80)
+    out[15] ^= 0x87;
+}
+
+/* Computes CMAC-AES-256 of the SIZE bytes in DATA, using the 256-bit AES key
+   KEY.  Stores the result in the 128-bit CMAC. */
+void
+cmac_aes256(const uint8_t key[32],
+            const void *data_, size_t size,
+            uint8_t cmac[16])
+{
+  const char zeros[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+  uint32_t rk[4 * RIJNDAEL_MAXNR + 1];
+  uint8_t k1[16], k2[16], L[16];
+  const uint8_t *data = data_;
+  uint8_t c[16], tmp[16];
+  int Nr;
+  int i;
+
+  Nr = rijndaelKeySetupEnc (rk, CHAR_CAST (const char *, key), 256);
+
+  rijndaelEncrypt (rk, Nr, zeros, CHAR_CAST (char *, L));
+  gen_subkey (L, k1);
+  gen_subkey (k1, k2);
+
+  memset (c, 0, 16);
+  while (size > 16)
+    {
+      for (i = 0; i < 16; i++)
+        tmp[i] = c[i] ^ data[i];
+      rijndaelEncrypt (rk, Nr, CHAR_CAST (const char *, tmp),
+                       CHAR_CAST (char *, c));
+
+      size -= 16;
+      data += 16;
+    }
+
+  if (size == 16)
+    {
+      for (i = 0; i < 16; i++)
+        tmp[i] = c[i] ^ data[i] ^ k1[i];
+    }
+  else
+    {
+      for (i = 0; i < 16; i++)
+        tmp[i] = c[i] ^ k2[i];
+      for (i = 0; i < size; i++)
+        tmp[i] ^= data[i];
+      tmp[size] ^= 0x80;
+    }
+  rijndaelEncrypt (rk, Nr, CHAR_CAST (const char *, tmp),
+                   CHAR_CAST (char *, cmac));
+}