Shuffle things around. Add NIST X.509 test to build.

3 files changed, 172 insertions, 0 deletions

diff --git a/lib/constructs/aont/info.txt b/lib/constructs/aont/info.txt
new file mode 100644
index 000000000..fb66d4129
--- /dev/null
+++ b/lib/constructs/aont/info.txt
@@ -0,0 +1,8 @@
+define PACKAGE_TRANSFORM 20131128
+
+<requires>
+block
+ctr
+rng
+filters
+</requires>
diff --git a/lib/constructs/aont/package.cpp b/lib/constructs/aont/package.cpp
new file mode 100644
index 000000000..1adee90e8
--- /dev/null
+++ b/lib/constructs/aont/package.cpp
@@ -0,0 +1,120 @@
+/*
+* Rivest's Package Tranform
+*
+* (C) 2009 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/package.h>
+#include <botan/filters.h>
+#include <botan/ctr.h>
+#include <botan/get_byte.h>
+#include <botan/internal/xor_buf.h>
+
+namespace Botan {
+
+void aont_package(RandomNumberGenerator& rng,
+                  BlockCipher* cipher,
+                  const byte input[], size_t input_len,
+                  byte output[])
+   {
+   const size_t BLOCK_SIZE = cipher->block_size();
+
+   if(!cipher->valid_keylength(BLOCK_SIZE))
+      throw Invalid_Argument("AONT::package: Invalid cipher");
+
+   // The all-zero string which is used both as the CTR IV and as K0
+   const std::string all_zeros(BLOCK_SIZE*2, '0');
+
+   SymmetricKey package_key(rng, BLOCK_SIZE);
+
+   Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
+
+   pipe.process_msg(input, input_len);
+   pipe.read(output, pipe.remaining());
+
+   // Set K0 (the all zero key)
+   cipher->set_key(SymmetricKey(all_zeros));
+
+   secure_vector<byte> buf(BLOCK_SIZE);
+
+   const size_t blocks =
+      (input_len + BLOCK_SIZE - 1) / BLOCK_SIZE;
+
+   byte* final_block = output + input_len;
+   clear_mem(final_block, BLOCK_SIZE);
+
+   // XOR the hash blocks into the final block
+   for(size_t i = 0; i != blocks; ++i)
+      {
+      const size_t left = std::min<size_t>(BLOCK_SIZE,
+                                           input_len - BLOCK_SIZE * i);
+
+      zeroise(buf);
+      copy_mem(&buf[0], output + (BLOCK_SIZE * i), left);
+
+      for(size_t j = 0; j != sizeof(i); ++j)
+         buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
+
+      cipher->encrypt(&buf[0]);
+
+      xor_buf(&final_block[0], &buf[0], BLOCK_SIZE);
+      }
+
+   // XOR the random package key into the final block
+   xor_buf(&final_block[0], package_key.begin(), BLOCK_SIZE);
+   }
+
+void aont_unpackage(BlockCipher* cipher,
+                    const byte input[], size_t input_len,
+                    byte output[])
+   {
+   const size_t BLOCK_SIZE = cipher->block_size();
+
+   if(!cipher->valid_keylength(BLOCK_SIZE))
+      throw Invalid_Argument("AONT::unpackage: Invalid cipher");
+
+   if(input_len < BLOCK_SIZE)
+      throw Invalid_Argument("AONT::unpackage: Input too short");
+
+   // The all-zero string which is used both as the CTR IV and as K0
+   const std::string all_zeros(BLOCK_SIZE*2, '0');
+
+   cipher->set_key(SymmetricKey(all_zeros));
+
+   secure_vector<byte> package_key(BLOCK_SIZE);
+   secure_vector<byte> buf(BLOCK_SIZE);
+
+   // Copy the package key (masked with the block hashes)
+   copy_mem(&package_key[0],
+            input + (input_len - BLOCK_SIZE),
+            BLOCK_SIZE);
+
+   const size_t blocks = ((input_len - 1) / BLOCK_SIZE);
+
+   // XOR the blocks into the package key bits
+   for(size_t i = 0; i != blocks; ++i)
+      {
+      const size_t left = std::min<size_t>(BLOCK_SIZE,
+                                           input_len - BLOCK_SIZE * (i+1));
+
+      zeroise(buf);
+      copy_mem(&buf[0], input + (BLOCK_SIZE * i), left);
+
+      for(size_t j = 0; j != sizeof(i); ++j)
+         buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
+
+      cipher->encrypt(&buf[0]);
+
+      xor_buf(&package_key[0], &buf[0], BLOCK_SIZE);
+      }
+
+   Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
+
+   pipe.process_msg(input, input_len - BLOCK_SIZE);
+
+   pipe.read(output, pipe.remaining());
+   }
+
+}
diff --git a/lib/constructs/aont/package.h b/lib/constructs/aont/package.h
new file mode 100644
index 000000000..52d1c2190
--- /dev/null
+++ b/lib/constructs/aont/package.h
@@ -0,0 +1,44 @@
+/*
+* Rivest's Package Tranform
+* (C) 2009 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#ifndef BOTAN_AONT_PACKAGE_TRANSFORM_H__
+#define BOTAN_AONT_PACKAGE_TRANSFORM_H__
+
+#include <botan/block_cipher.h>
+#include <botan/rng.h>
+
+namespace Botan {
+
+/**
+* Rivest's Package Tranform
+* @param rng the random number generator to use
+* @param cipher the block cipher to use
+* @param input the input data buffer
+* @param input_len the length of the input data in bytes
+* @param output the output data buffer (must be at least
+*        input_len + cipher->BLOCK_SIZE bytes long)
+*/
+void BOTAN_DLL aont_package(RandomNumberGenerator& rng,
+                            BlockCipher* cipher,
+                            const byte input[], size_t input_len,
+                            byte output[]);
+
+/**
+* Rivest's Package Tranform (Inversion)
+* @param cipher the block cipher to use
+* @param input the input data buffer
+* @param input_len the length of the input data in bytes
+* @param output the output data buffer (must be at least
+*        input_len - cipher->BLOCK_SIZE bytes long)
+*/
+void BOTAN_DLL aont_unpackage(BlockCipher* cipher,
+                              const byte input[], size_t input_len,
+                              byte output[]);
+
+}
+
+#endif