remove all external crypto libraries

Makefile

@@ -1,7 +1,7 @@
 CC = gcc
 CFLAGS = -Wall -Wextra -std=c99
-LIBS = -lssl -lcrypto
+LIBS = 
-LIBS_STATIC = -static -lssl -lcrypto -ldl -lpthread
+LIBS_STATIC = -static
 TARGET = otp
 SOURCE = otp.c
 VERSION_SOURCE = src/version.c

README.md

@@ -25,10 +25,11 @@ Current version can be viewed with: `./otp --help` or by running the interactive
 ### Prerequisites
 
 - GCC compiler
-- OpenSSL development libraries (`libssl-dev` on Ubuntu/Debian)
 - Git (for version tracking)
 - Make
 
+**Note: OpenSSL is no longer required! This implementation is now completely self-contained.**
+
 ### Build Commands
 
 Use the included build script for automatic versioning:
@@ -125,10 +126,11 @@ These files are excluded from git (.gitignore) and regenerated on each build.
 ## Security Features
 
 - Uses `/dev/urandom` for cryptographically secure random number generation
-- Optional keyboard entropy mixing using HKDF (Hash-based Key Derivation Function)
+- Optional keyboard entropy mixing using simple XOR operations
-- SHA-256 pad integrity verification
+- Custom 256-bit XOR checksum for pad identification (encrypted with pad data)
 - Read-only pad files to prevent accidental modification
 - State tracking to prevent pad reuse
+- **Zero external crypto dependencies** - completely self-contained implementation
 
 ## File Structure
 

otp.c

@@ -12,14 +12,29 @@
 #include <ctype.h>
 #include <termios.h>
 #include <fcntl.h>
-#include <openssl/sha.h>
-#include <openssl/evp.h>
-#include <openssl/bio.h>
-#include <openssl/buffer.h>
-#include <openssl/kdf.h>
-#include <openssl/hmac.h>
 #include "src/version.h"
 
+// Custom base64 character set
+static const char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+static const int base64_decode_table[256] = {
+    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
+    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
+    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,62,-1,-1,-1,63,
+    52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,
+    -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,
+    15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,
+    -1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,
+    41,42,43,44,45,46,47,48,49,50,51,-1,-1,-1,-1,-1,
+    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
+    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
+    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
+    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
+    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
+    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
+    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
+    -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
+};
+
 #define MAX_INPUT_SIZE 4096
 #define MAX_LINE_LENGTH 1024
 #define MAX_HASH_LENGTH 65
@@ -42,9 +57,8 @@ int decrypt_text(const char* pad_identifier);
 int setup_raw_terminal(struct termios* original_termios);
 void restore_terminal(struct termios* original_termios);
 int collect_keyboard_entropy(unsigned char* entropy_buffer, size_t max_size, size_t* collected);
-int hkdf_expand(const unsigned char* prk, size_t prk_len, 
+void simple_entropy_mix(unsigned char* urandom_buffer, size_t buffer_size, 
-                const unsigned char* info, size_t info_len,
+                         const unsigned char* entropy_data, size_t entropy_size);
-                unsigned char* okm, size_t okm_len);
 
 // Directory management
 int ensure_pads_directory(void);
@@ -62,8 +76,9 @@ void show_progress(uint64_t current, uint64_t total, time_t start_time);
 int read_state_offset(const char* pad_hash, uint64_t* offset);
 int write_state_offset(const char* pad_hash, uint64_t offset);
 int calculate_sha256(const char* filename, char* hash_hex);
-char* base64_encode(const unsigned char* input, int length);
+void xor_checksum_256(const unsigned char* data, size_t len, unsigned char checksum[32]);
-unsigned char* base64_decode(const char* input, int* output_length);
+char* custom_base64_encode(const unsigned char* input, int length);
+unsigned char* custom_base64_decode(const char* input, int* output_length);
 
 // Menu functions
 void show_main_menu(void);
@@ -671,35 +686,12 @@ int generate_pad_with_entropy(uint64_t size_bytes, int display_progress, int use
                                    MAX_ENTROPY_BUFFER - entropy_collected, &chunk_entropy);
             entropy_collected += chunk_entropy;
             
-            if (entropy_collected > 1024) { // Have enough entropy to mix
+            if (entropy_collected > 512) { // Have enough entropy to mix
-                // Create HKDF PRK (extract phase)
+                // Copy urandom data to output buffer
-                unsigned char prk[32];
-                EVP_MD_CTX* hmac_ctx = EVP_MD_CTX_new();
-                EVP_PKEY* hmac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, 
-                                                                  entropy_buffer, entropy_collected);
-                
-                if (hmac_ctx && hmac_key) {
-                    EVP_DigestSignInit(hmac_ctx, NULL, EVP_sha256(), NULL, hmac_key);
-                    EVP_DigestSignUpdate(hmac_ctx, urandom_buffer, chunk_size);
-                    size_t prk_len = sizeof(prk);
-                    EVP_DigestSignFinal(hmac_ctx, prk, &prk_len);
-                    
-                    // HKDF Expand phase
-                    const char* info = "OTP-PAD-CHUNK";
-                    if (hkdf_expand(prk, prk_len, (const unsigned char*)info, strlen(info),
-                                   output_buffer, chunk_size) == 0) {
-                        // Successfully mixed entropy
-                    } else {
-                        // Fallback to urandom only
                 memcpy(output_buffer, urandom_buffer, chunk_size);
-                    }
                 
-                    EVP_PKEY_free(hmac_key);
+                // Simple XOR mixing with keyboard entropy
-                    EVP_MD_CTX_free(hmac_ctx);
+                simple_entropy_mix(output_buffer, chunk_size, entropy_buffer, entropy_collected);
-                } else {
-                    // Fallback to urandom only
-                    memcpy(output_buffer, urandom_buffer, chunk_size);
-                }
                 
                 // Reset entropy buffer for next chunk
                 entropy_collected = 0;
@@ -902,7 +894,7 @@ int encrypt_text(const char* pad_identifier) {
     }
     
     // Encode as base64
-    char* base64_cipher = base64_encode(ciphertext, input_len);
+    char* base64_cipher = custom_base64_encode(ciphertext, input_len);
     
     // Update state offset
     if (write_state_offset(pad_hash, current_offset + input_len) != 0) {
@@ -1020,7 +1012,7 @@ int decrypt_text(const char* pad_identifier) {
     
     // Decode base64
     int ciphertext_len;
-    unsigned char* ciphertext = base64_decode(base64_data, &ciphertext_len);
+    unsigned char* ciphertext = custom_base64_decode(base64_data, &ciphertext_len);
     if (!ciphertext) {
         printf("Error: Invalid base64 data\n");
         return 1;
@@ -1112,46 +1104,47 @@ int calculate_sha256(const char* filename, char* hash_hex) {
         return 1;
     }
     
-    EVP_MD_CTX* mdctx = EVP_MD_CTX_new();
+    unsigned char checksum[32];
-    if (!mdctx) {
-        fclose(file);
-        return 1;
-    }
-    
-    if (EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL) != 1) {
-        EVP_MD_CTX_free(mdctx);
-        fclose(file);
-        return 1;
-    }
-    
     unsigned char buffer[64 * 1024];  // 64KB buffer for large files
     size_t bytes_read;
     
+    // Initialize checksum
+    memset(checksum, 0, 32);
+    size_t total_bytes = 0;
+    
+    // Calculate XOR checksum of entire file
     while ((bytes_read = fread(buffer, 1, sizeof(buffer), file)) > 0) {
-        if (EVP_DigestUpdate(mdctx, buffer, bytes_read) != 1) {
+        // Process this chunk with XOR checksum
-            EVP_MD_CTX_free(mdctx);
+        for (size_t i = 0; i < bytes_read; i++) {
+            unsigned char bucket = (total_bytes + i) % 32;
+            checksum[bucket] ^= buffer[i] ^ (((total_bytes + i) >> 8) & 0xFF) ^ 
+                               (((total_bytes + i) >> 16) & 0xFF) ^ (((total_bytes + i) >> 24) & 0xFF);
+        }
+        total_bytes += bytes_read;
+    }
+    
+    fclose(file);
+    
+    // Now encrypt the checksum with the first 32 bytes of the pad
+    fseek(file = fopen(filename, "rb"), 0, SEEK_SET);
+    unsigned char pad_key[32];
+    if (fread(pad_key, 1, 32, file) != 32) {
         fclose(file);
         return 1;
     }
-    }
-    
-    unsigned char hash[EVP_MAX_MD_SIZE];
-    unsigned int hash_len;
-    
-    if (EVP_DigestFinal_ex(mdctx, hash, &hash_len) != 1) {
-        EVP_MD_CTX_free(mdctx);
-        fclose(file);
-        return 1;
-    }
-    
-    EVP_MD_CTX_free(mdctx);
     fclose(file);
     
-    // Convert to hex string
+    // XOR encrypt the checksum with pad data to create unique identifier
-    for (unsigned int i = 0; i < hash_len; i++) {
+    unsigned char encrypted_checksum[32];
-        sprintf(hash_hex + (i * 2), "%02x", hash[i]);
+    for (int i = 0; i < 32; i++) {
+        encrypted_checksum[i] = checksum[i] ^ pad_key[i];
     }
-    hash_hex[hash_len * 2] = '\0';
+    
+    // Convert to hex string (64 characters)
+    for (int i = 0; i < 32; i++) {
+        sprintf(hash_hex + (i * 2), "%02x", encrypted_checksum[i]);
+    }
+    hash_hex[64] = '\0';
     
     return 0;
 }
@@ -1226,49 +1219,6 @@ int collect_keyboard_entropy(unsigned char* entropy_buffer, size_t max_size, siz
     return 0;
 }
 
-int hkdf_expand(const unsigned char* prk, size_t prk_len, 
-                const unsigned char* info, size_t info_len,
-                unsigned char* okm, size_t okm_len) {
-    EVP_MD_CTX* ctx = EVP_MD_CTX_new();
-    if (!ctx) return 1;
-    
-    unsigned char t[32]; // SHA-256 output size
-    unsigned char counter = 1;
-    size_t t_len = 32;
-    size_t pos = 0;
-    
-    while (pos < okm_len) {
-        if (EVP_DigestInit_ex(ctx, EVP_sha256(), NULL) != 1) {
-            EVP_MD_CTX_free(ctx);
-            return 1;
-        }
-        
-        if (pos > 0) {
-            EVP_DigestUpdate(ctx, t, t_len);
-        }
-        
-        EVP_DigestUpdate(ctx, prk, prk_len);
-        if (info && info_len > 0) {
-            EVP_DigestUpdate(ctx, info, info_len);
-        }
-        EVP_DigestUpdate(ctx, &counter, 1);
-        
-        unsigned int hash_len;
-        if (EVP_DigestFinal_ex(ctx, t, &hash_len) != 1) {
-            EVP_MD_CTX_free(ctx);
-            return 1;
-        }
-        
-        size_t copy_len = (okm_len - pos < hash_len) ? okm_len - pos : hash_len;
-        memcpy(okm + pos, t, copy_len);
-        
-        pos += copy_len;
-        counter++;
-    }
-    
-    EVP_MD_CTX_free(ctx);
-    return 0;
-}
 
 // Directory management functions
 int ensure_pads_directory(void) {
@@ -1286,49 +1236,91 @@ void get_pad_path(const char* hash, char* pad_path, char* state_path) {
     snprintf(state_path, MAX_HASH_LENGTH + 20, "%s/%s.state", PADS_DIR, hash);
 }
 
-char* base64_encode(const unsigned char* input, int length) {
-    BIO *bio, *b64;
-    BUF_MEM *buffer_ptr;
 
-    b64 = BIO_new(BIO_f_base64());
+// Custom XOR checksum function
-    bio = BIO_new(BIO_s_mem());
+void xor_checksum_256(const unsigned char* data, size_t len, unsigned char checksum[32]) {
-    bio = BIO_push(b64, bio);
+    memset(checksum, 0, 32);
-    
+    for (size_t i = 0; i < len; i++) {
-    BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
+        unsigned char bucket = i % 32;
-    BIO_write(bio, input, length);
+        checksum[bucket] ^= data[i] ^ ((i >> 8) & 0xFF) ^ ((i >> 16) & 0xFF) ^ ((i >> 24) & 0xFF);
-    BIO_flush(bio);
+    }
-    
-    BIO_get_mem_ptr(bio, &buffer_ptr);
-    
-    char* result = malloc(buffer_ptr->length + 1);
-    memcpy(result, buffer_ptr->data, buffer_ptr->length);
-    result[buffer_ptr->length] = '\0';
-    
-    BIO_free_all(bio);
-    return result;
 }
 
-unsigned char* base64_decode(const char* input, int* output_length) {
+// Custom base64 encode function
-    BIO *bio, *b64;
+char* custom_base64_encode(const unsigned char* input, int length) {
-    int decode_len = strlen(input);
+    int output_length = 4 * ((length + 2) / 3);
+    char* encoded = malloc(output_length + 1);
+    if (!encoded) return NULL;
     
-    unsigned char* buffer = malloc(decode_len);
+    int i, j;
+    for (i = 0, j = 0; i < length;) {
+        uint32_t octet_a = i < length ? input[i++] : 0;
+        uint32_t octet_b = i < length ? input[i++] : 0;
+        uint32_t octet_c = i < length ? input[i++] : 0;
         
-    bio = BIO_new_mem_buf(input, -1);
+        uint32_t triple = (octet_a << 16) + (octet_b << 8) + octet_c;
-    b64 = BIO_new(BIO_f_base64());
-    bio = BIO_push(b64, bio);
         
-    BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
+        encoded[j++] = base64_chars[(triple >> 18) & 63];
-    *output_length = BIO_read(bio, buffer, decode_len);
+        encoded[j++] = base64_chars[(triple >> 12) & 63];
+        encoded[j++] = base64_chars[(triple >> 6) & 63];
+        encoded[j++] = base64_chars[triple & 63];
+    }
     
-    BIO_free_all(bio);
+    // Add padding
+    for (int pad = 0; pad < (3 - length % 3) % 3; pad++) {
+        encoded[output_length - 1 - pad] = '=';
+    }
     
-    if (*output_length <= 0) {
+    encoded[output_length] = '\0';
-        free(buffer);
+    return encoded;
+}
+
+// Custom base64 decode function
+unsigned char* custom_base64_decode(const char* input, int* output_length) {
+    int input_length = strlen(input);
+    if (input_length % 4 != 0) return NULL;
+    
+    *output_length = input_length / 4 * 3;
+    if (input[input_length - 1] == '=') (*output_length)--;
+    if (input[input_length - 2] == '=') (*output_length)--;
+    
+    unsigned char* decoded = malloc(*output_length);
+    if (!decoded) return NULL;
+    
+    int i, j;
+    for (i = 0, j = 0; i < input_length;) {
+        int sextet_a = input[i] == '=' ? 0 & i++ : base64_decode_table[(unsigned char)input[i++]];
+        int sextet_b = input[i] == '=' ? 0 & i++ : base64_decode_table[(unsigned char)input[i++]];
+        int sextet_c = input[i] == '=' ? 0 & i++ : base64_decode_table[(unsigned char)input[i++]];
+        int sextet_d = input[i] == '=' ? 0 & i++ : base64_decode_table[(unsigned char)input[i++]];
+        
+        if (sextet_a == -1 || sextet_b == -1 || sextet_c == -1 || sextet_d == -1) {
+            free(decoded);
             return NULL;
         }
         
-    return buffer;
+        uint32_t triple = (sextet_a << 18) + (sextet_b << 12) + (sextet_c << 6) + sextet_d;
+        
+        if (j < *output_length) decoded[j++] = (triple >> 16) & 255;
+        if (j < *output_length) decoded[j++] = (triple >> 8) & 255;
+        if (j < *output_length) decoded[j++] = triple & 255;
+    }
+    
+    return decoded;
+}
+
+// Simple keyboard entropy mixing function
+void simple_entropy_mix(unsigned char* urandom_buffer, size_t buffer_size, 
+                        const unsigned char* entropy_data, size_t entropy_size) {
+    if (!entropy_data || entropy_size == 0) return;
+    
+    for (size_t i = 0; i < buffer_size; i++) {
+        // XOR with entropy data in a rotating pattern
+        unsigned char entropy_byte = entropy_data[i % entropy_size];
+        // Mix position information
+        entropy_byte ^= (i & 0xFF) ^ ((i >> 8) & 0xFF);
+        urandom_buffer[i] ^= entropy_byte;
+    }
 }
 
 void print_usage(const char* program_name) {