TeaSpeak/tomcrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added libtomcrypt-0.95

Browse Source
This commit is contained in:
Tom St Denis 2004-05-12 20:42:16 +00:00 committed by Steffen Jaeckel
parent 1f8b8bda6f
commit 40c5578ac3
180 changed files with 10226 additions and 5085 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
LICENSE
View File

@ -1,7 +1,9 @@
LibTomCrypt is public domain. As should all quality software be. LibTomCrypt is public domain. As should all quality software be.
All of the software was either written by or donated to Tom St Denis for the purposes All of the software was either written by or donated to Tom St Denis for the purposes
of this project. The only exception is the SAFER.C source which has no known of this project. The only exception is the SAFER.C source which has no known
license status (assumed copyrighted) which is why SAFER,C is shipped as disabled. license status (assumed copyrighted) which is why SAFER,C is shipped as disabled.
Tom St Denis Tom St Denis

38
PLAN Normal file
View File

@ -0,0 +1,38 @@
The following functions are marked for removal and/or behavioural change by v1.00 of LibTomCrypt
1. RSA Support
rsa_pad, rsa_signpad, rsa_depad, rsa_signdepad, rsa_import, rsa_export
They will be replaced with PKCS #1 compliant OAEP/PSS padding function as early as v0.96
2. DSA Support
dsa_import, dsa_export
Will be replaced with suitable DSS [what is the standard?] compliant formats. Planned for v0.96
3. Key Ring Support
(all)
The entire API will be dropped as early as v0.96. It was just an experiment and nobody uses it anyways.
4. Test Harness
demos/test.c
The test harness is well overdue for a makeover. Planned for as early as v0.97
Put things in order...
v0.96 -- removed keyring.c and gf.c
-- removed LTC RSA padding
-- DSS support [whatever this entails]
-- Bug fixes/updates to the PKCS/DSS support, should be stable in this release
v0.97 -- Re-written test harness
-- More demos in the manual and demos/ directory
... future???

162
aes.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
@ -183,28 +183,28 @@ int rijndael_setup(const unsigned char *key, int keylen, int rounds, symmetric_k
#ifdef SMALL_CODE #ifdef SMALL_CODE
temp = rrk[0]; temp = rrk[0];
rk[0] = rk[0] =
Td0[255 & Te4[byte(temp, 3)]] ^ Td0(255 & Te4[byte(temp, 3)]) ^
Td1[255 & Te4[byte(temp, 2)]] ^ Td1(255 & Te4[byte(temp, 2)]) ^
Td2[255 & Te4[byte(temp, 1)]] ^ Td2(255 & Te4[byte(temp, 1)]) ^
Td3[255 & Te4[byte(temp, 0)]]; Td3(255 & Te4[byte(temp, 0)]);
temp = rrk[1]; temp = rrk[1];
rk[1] = rk[1] =
Td0[255 & Te4[byte(temp, 3)]] ^ Td0(255 & Te4[byte(temp, 3)]) ^
Td1[255 & Te4[byte(temp, 2)]] ^ Td1(255 & Te4[byte(temp, 2)]) ^
Td2[255 & Te4[byte(temp, 1)]] ^ Td2(255 & Te4[byte(temp, 1)]) ^
Td3[255 & Te4[byte(temp, 0)]]; Td3(255 & Te4[byte(temp, 0)]);
temp = rrk[2]; temp = rrk[2];
rk[2] = rk[2] =
Td0[255 & Te4[byte(temp, 3)]] ^ Td0(255 & Te4[byte(temp, 3)]) ^
Td1[255 & Te4[byte(temp, 2)]] ^ Td1(255 & Te4[byte(temp, 2)]) ^
Td2[255 & Te4[byte(temp, 1)]] ^ Td2(255 & Te4[byte(temp, 1)]) ^
Td3[255 & Te4[byte(temp, 0)]]; Td3(255 & Te4[byte(temp, 0)]);
temp = rrk[3]; temp = rrk[3];
rk[3] = rk[3] =
Td0[255 & Te4[byte(temp, 3)]] ^ Td0(255 & Te4[byte(temp, 3)]) ^
Td1[255 & Te4[byte(temp, 2)]] ^ Td1(255 & Te4[byte(temp, 2)]) ^
Td2[255 & Te4[byte(temp, 1)]] ^ Td2(255 & Te4[byte(temp, 1)]) ^
Td3[255 & Te4[byte(temp, 0)]]; Td3(255 & Te4[byte(temp, 0)]);
#else #else
temp = rrk[0]; temp = rrk[0];
rk[0] = rk[0] =
@ -276,28 +276,28 @@ void rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
r = Nr >> 1; r = Nr >> 1;
for (;;) { for (;;) {
t0 = t0 =
Te0[byte(s0, 3)] ^ Te0(byte(s0, 3)) ^
Te1[byte(s1, 2)] ^ Te1(byte(s1, 2)) ^
Te2[byte(s2, 1)] ^ Te2(byte(s2, 1)) ^
Te3[byte(s3, 0)] ^ Te3(byte(s3, 0)) ^
rk[4]; rk[4];
t1 = t1 =
Te0[byte(s1, 3)] ^ Te0(byte(s1, 3)) ^
Te1[byte(s2, 2)] ^ Te1(byte(s2, 2)) ^
Te2[byte(s3, 1)] ^ Te2(byte(s3, 1)) ^
Te3[byte(s0, 0)] ^ Te3(byte(s0, 0)) ^
rk[5]; rk[5];
t2 = t2 =
Te0[byte(s2, 3)] ^ Te0(byte(s2, 3)) ^
Te1[byte(s3, 2)] ^ Te1(byte(s3, 2)) ^
Te2[byte(s0, 1)] ^ Te2(byte(s0, 1)) ^
Te3[byte(s1, 0)] ^ Te3(byte(s1, 0)) ^
rk[6]; rk[6];
t3 = t3 =
Te0[byte(s3, 3)] ^ Te0(byte(s3, 3)) ^
Te1[byte(s0, 2)] ^ Te1(byte(s0, 2)) ^
Te2[byte(s1, 1)] ^ Te2(byte(s1, 1)) ^
Te3[byte(s2, 0)] ^ Te3(byte(s2, 0)) ^
rk[7]; rk[7];
rk += 8; rk += 8;
@ -306,28 +306,28 @@ void rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
} }
s0 = s0 =
Te0[byte(t0, 3)] ^ Te0(byte(t0, 3)) ^
Te1[byte(t1, 2)] ^ Te1(byte(t1, 2)) ^
Te2[byte(t2, 1)] ^ Te2(byte(t2, 1)) ^
Te3[byte(t3, 0)] ^ Te3(byte(t3, 0)) ^
rk[0]; rk[0];
s1 = s1 =
Te0[byte(t1, 3)] ^ Te0(byte(t1, 3)) ^
Te1[byte(t2, 2)] ^ Te1(byte(t2, 2)) ^
Te2[byte(t3, 1)] ^ Te2(byte(t3, 1)) ^
Te3[byte(t0, 0)] ^ Te3(byte(t0, 0)) ^
rk[1]; rk[1];
s2 = s2 =
Te0[byte(t2, 3)] ^ Te0(byte(t2, 3)) ^
Te1[byte(t3, 2)] ^ Te1(byte(t3, 2)) ^
Te2[byte(t0, 1)] ^ Te2(byte(t0, 1)) ^
Te3[byte(t1, 0)] ^ Te3(byte(t1, 0)) ^
rk[2]; rk[2];
s3 = s3 =
Te0[byte(t3, 3)] ^ Te0(byte(t3, 3)) ^
Te1[byte(t0, 2)] ^ Te1(byte(t0, 2)) ^
Te2[byte(t1, 1)] ^ Te2(byte(t1, 1)) ^
Te3[byte(t2, 0)] ^ Te3(byte(t2, 0)) ^
rk[3]; rk[3];
} }
/* /*
@ -404,28 +404,28 @@ void rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
for (;;) { for (;;) {
t0 = t0 =
Td0[byte(s0, 3)] ^ Td0(byte(s0, 3)) ^
Td1[byte(s3, 2)] ^ Td1(byte(s3, 2)) ^
Td2[byte(s2, 1)] ^ Td2(byte(s2, 1)) ^
Td3[byte(s1, 0)] ^ Td3(byte(s1, 0)) ^
rk[4]; rk[4];
t1 = t1 =
Td0[byte(s1, 3)] ^ Td0(byte(s1, 3)) ^
Td1[byte(s0, 2)] ^ Td1(byte(s0, 2)) ^
Td2[byte(s3, 1)] ^ Td2(byte(s3, 1)) ^
Td3[byte(s2, 0)] ^ Td3(byte(s2, 0)) ^
rk[5]; rk[5];
t2 = t2 =
Td0[byte(s2, 3)] ^ Td0(byte(s2, 3)) ^
Td1[byte(s1, 2)] ^ Td1(byte(s1, 2)) ^
Td2[byte(s0, 1)] ^ Td2(byte(s0, 1)) ^
Td3[byte(s3, 0)] ^ Td3(byte(s3, 0)) ^
rk[6]; rk[6];
t3 = t3 =
Td0[byte(s3, 3)] ^ Td0(byte(s3, 3)) ^
Td1[byte(s2, 2)] ^ Td1(byte(s2, 2)) ^
Td2[byte(s1, 1)] ^ Td2(byte(s1, 1)) ^
Td3[byte(s0, 0)] ^ Td3(byte(s0, 0)) ^
rk[7]; rk[7];
rk += 8; rk += 8;
@ -435,28 +435,28 @@ void rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
s0 = s0 =
Td0[byte(t0, 3)] ^ Td0(byte(t0, 3)) ^
Td1[byte(t3, 2)] ^ Td1(byte(t3, 2)) ^
Td2[byte(t2, 1)] ^ Td2(byte(t2, 1)) ^
Td3[byte(t1, 0)] ^ Td3(byte(t1, 0)) ^
rk[0]; rk[0];
s1 = s1 =
Td0[byte(t1, 3)] ^ Td0(byte(t1, 3)) ^
Td1[byte(t0, 2)] ^ Td1(byte(t0, 2)) ^
Td2[byte(t3, 1)] ^ Td2(byte(t3, 1)) ^
Td3[byte(t2, 0)] ^ Td3(byte(t2, 0)) ^
rk[1]; rk[1];
s2 = s2 =
Td0[byte(t2, 3)] ^ Td0(byte(t2, 3)) ^
Td1[byte(t1, 2)] ^ Td1(byte(t1, 2)) ^
Td2[byte(t0, 1)] ^ Td2(byte(t0, 1)) ^
Td3[byte(t3, 0)] ^ Td3(byte(t3, 0)) ^
rk[2]; rk[2];
s3 = s3 =
Td0[byte(t3, 3)] ^ Td0(byte(t3, 3)) ^
Td1[byte(t2, 2)] ^ Td1(byte(t2, 2)) ^
Td2[byte(t1, 1)] ^ Td2(byte(t1, 1)) ^
Td3[byte(t0, 0)] ^ Td3(byte(t0, 0)) ^
rk[3]; rk[3];
} }

711
aes_tab.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
@ -23,7 +23,7 @@ Td3[x] = Si[x].[09, 0d, 0b, 0e];
Td4[x] = Si[x].[01, 01, 01, 01]; Td4[x] = Si[x].[01, 01, 01, 01];
*/ */
static const ulong32 Te0[256] = { static const ulong32 TE0[256] = {
0xc66363a5UL, 0xf87c7c84UL, 0xee777799UL, 0xf67b7b8dUL, 0xc66363a5UL, 0xf87c7c84UL, 0xee777799UL, 0xf67b7b8dUL,
0xfff2f20dUL, 0xd66b6bbdUL, 0xde6f6fb1UL, 0x91c5c554UL, 0xfff2f20dUL, 0xd66b6bbdUL, 0xde6f6fb1UL, 0x91c5c554UL,
0x60303050UL, 0x02010103UL, 0xce6767a9UL, 0x562b2b7dUL, 0x60303050UL, 0x02010103UL, 0xce6767a9UL, 0x562b2b7dUL,
@ -89,205 +89,7 @@ static const ulong32 Te0[256] = {
0x824141c3UL, 0x299999b0UL, 0x5a2d2d77UL, 0x1e0f0f11UL, 0x824141c3UL, 0x299999b0UL, 0x5a2d2d77UL, 0x1e0f0f11UL,
0x7bb0b0cbUL, 0xa85454fcUL, 0x6dbbbbd6UL, 0x2c16163aUL, 0x7bb0b0cbUL, 0xa85454fcUL, 0x6dbbbbd6UL, 0x2c16163aUL,
}; };
static const ulong32 Te1[256] = {
0xa5c66363UL, 0x84f87c7cUL, 0x99ee7777UL, 0x8df67b7bUL,
0x0dfff2f2UL, 0xbdd66b6bUL, 0xb1de6f6fUL, 0x5491c5c5UL,
0x50603030UL, 0x03020101UL, 0xa9ce6767UL, 0x7d562b2bUL,
0x19e7fefeUL, 0x62b5d7d7UL, 0xe64dababUL, 0x9aec7676UL,
0x458fcacaUL, 0x9d1f8282UL, 0x4089c9c9UL, 0x87fa7d7dUL,
0x15effafaUL, 0xebb25959UL, 0xc98e4747UL, 0x0bfbf0f0UL,
0xec41adadUL, 0x67b3d4d4UL, 0xfd5fa2a2UL, 0xea45afafUL,
0xbf239c9cUL, 0xf753a4a4UL, 0x96e47272UL, 0x5b9bc0c0UL,
0xc275b7b7UL, 0x1ce1fdfdUL, 0xae3d9393UL, 0x6a4c2626UL,
0x5a6c3636UL, 0x417e3f3fUL, 0x02f5f7f7UL, 0x4f83ccccUL,
0x5c683434UL, 0xf451a5a5UL, 0x34d1e5e5UL, 0x08f9f1f1UL,
0x93e27171UL, 0x73abd8d8UL, 0x53623131UL, 0x3f2a1515UL,
0x0c080404UL, 0x5295c7c7UL, 0x65462323UL, 0x5e9dc3c3UL,
0x28301818UL, 0xa1379696UL, 0x0f0a0505UL, 0xb52f9a9aUL,
0x090e0707UL, 0x36241212UL, 0x9b1b8080UL, 0x3ddfe2e2UL,
0x26cdebebUL, 0x694e2727UL, 0xcd7fb2b2UL, 0x9fea7575UL,
0x1b120909UL, 0x9e1d8383UL, 0x74582c2cUL, 0x2e341a1aUL,
0x2d361b1bUL, 0xb2dc6e6eUL, 0xeeb45a5aUL, 0xfb5ba0a0UL,
0xf6a45252UL, 0x4d763b3bUL, 0x61b7d6d6UL, 0xce7db3b3UL,
0x7b522929UL, 0x3edde3e3UL, 0x715e2f2fUL, 0x97138484UL,
0xf5a65353UL, 0x68b9d1d1UL, 0x00000000UL, 0x2cc1ededUL,
0x60402020UL, 0x1fe3fcfcUL, 0xc879b1b1UL, 0xedb65b5bUL,
0xbed46a6aUL, 0x468dcbcbUL, 0xd967bebeUL, 0x4b723939UL,
0xde944a4aUL, 0xd4984c4cUL, 0xe8b05858UL, 0x4a85cfcfUL,
0x6bbbd0d0UL, 0x2ac5efefUL, 0xe54faaaaUL, 0x16edfbfbUL,
0xc5864343UL, 0xd79a4d4dUL, 0x55663333UL, 0x94118585UL,
0xcf8a4545UL, 0x10e9f9f9UL, 0x06040202UL, 0x81fe7f7fUL,
0xf0a05050UL, 0x44783c3cUL, 0xba259f9fUL, 0xe34ba8a8UL,
0xf3a25151UL, 0xfe5da3a3UL, 0xc0804040UL, 0x8a058f8fUL,
0xad3f9292UL, 0xbc219d9dUL, 0x48703838UL, 0x04f1f5f5UL,
0xdf63bcbcUL, 0xc177b6b6UL, 0x75afdadaUL, 0x63422121UL,
0x30201010UL, 0x1ae5ffffUL, 0x0efdf3f3UL, 0x6dbfd2d2UL,
0x4c81cdcdUL, 0x14180c0cUL, 0x35261313UL, 0x2fc3ececUL,
0xe1be5f5fUL, 0xa2359797UL, 0xcc884444UL, 0x392e1717UL,
0x5793c4c4UL, 0xf255a7a7UL, 0x82fc7e7eUL, 0x477a3d3dUL,
0xacc86464UL, 0xe7ba5d5dUL, 0x2b321919UL, 0x95e67373UL,
0xa0c06060UL, 0x98198181UL, 0xd19e4f4fUL, 0x7fa3dcdcUL,
0x66442222UL, 0x7e542a2aUL, 0xab3b9090UL, 0x830b8888UL,
0xca8c4646UL, 0x29c7eeeeUL, 0xd36bb8b8UL, 0x3c281414UL,
0x79a7dedeUL, 0xe2bc5e5eUL, 0x1d160b0bUL, 0x76addbdbUL,
0x3bdbe0e0UL, 0x56643232UL, 0x4e743a3aUL, 0x1e140a0aUL,
0xdb924949UL, 0x0a0c0606UL, 0x6c482424UL, 0xe4b85c5cUL,
0x5d9fc2c2UL, 0x6ebdd3d3UL, 0xef43acacUL, 0xa6c46262UL,
0xa8399191UL, 0xa4319595UL, 0x37d3e4e4UL, 0x8bf27979UL,
0x32d5e7e7UL, 0x438bc8c8UL, 0x596e3737UL, 0xb7da6d6dUL,
0x8c018d8dUL, 0x64b1d5d5UL, 0xd29c4e4eUL, 0xe049a9a9UL,
0xb4d86c6cUL, 0xfaac5656UL, 0x07f3f4f4UL, 0x25cfeaeaUL,
0xafca6565UL, 0x8ef47a7aUL, 0xe947aeaeUL, 0x18100808UL,
0xd56fbabaUL, 0x88f07878UL, 0x6f4a2525UL, 0x725c2e2eUL,
0x24381c1cUL, 0xf157a6a6UL, 0xc773b4b4UL, 0x5197c6c6UL,
0x23cbe8e8UL, 0x7ca1ddddUL, 0x9ce87474UL, 0x213e1f1fUL,
0xdd964b4bUL, 0xdc61bdbdUL, 0x860d8b8bUL, 0x850f8a8aUL,
0x90e07070UL, 0x427c3e3eUL, 0xc471b5b5UL, 0xaacc6666UL,
0xd8904848UL, 0x05060303UL, 0x01f7f6f6UL, 0x121c0e0eUL,
0xa3c26161UL, 0x5f6a3535UL, 0xf9ae5757UL, 0xd069b9b9UL,
0x91178686UL, 0x5899c1c1UL, 0x273a1d1dUL, 0xb9279e9eUL,
0x38d9e1e1UL, 0x13ebf8f8UL, 0xb32b9898UL, 0x33221111UL,
0xbbd26969UL, 0x70a9d9d9UL, 0x89078e8eUL, 0xa7339494UL,
0xb62d9b9bUL, 0x223c1e1eUL, 0x92158787UL, 0x20c9e9e9UL,
0x4987ceceUL, 0xffaa5555UL, 0x78502828UL, 0x7aa5dfdfUL,
0x8f038c8cUL, 0xf859a1a1UL, 0x80098989UL, 0x171a0d0dUL,
0xda65bfbfUL, 0x31d7e6e6UL, 0xc6844242UL, 0xb8d06868UL,
0xc3824141UL, 0xb0299999UL, 0x775a2d2dUL, 0x111e0f0fUL,
0xcb7bb0b0UL, 0xfca85454UL, 0xd66dbbbbUL, 0x3a2c1616UL,
};
static const ulong32 Te2[256] = {
0x63a5c663UL, 0x7c84f87cUL, 0x7799ee77UL, 0x7b8df67bUL,
0xf20dfff2UL, 0x6bbdd66bUL, 0x6fb1de6fUL, 0xc55491c5UL,
0x30506030UL, 0x01030201UL, 0x67a9ce67UL, 0x2b7d562bUL,
0xfe19e7feUL, 0xd762b5d7UL, 0xabe64dabUL, 0x769aec76UL,
0xca458fcaUL, 0x829d1f82UL, 0xc94089c9UL, 0x7d87fa7dUL,
0xfa15effaUL, 0x59ebb259UL, 0x47c98e47UL, 0xf00bfbf0UL,
0xadec41adUL, 0xd467b3d4UL, 0xa2fd5fa2UL, 0xafea45afUL,
0x9cbf239cUL, 0xa4f753a4UL, 0x7296e472UL, 0xc05b9bc0UL,
0xb7c275b7UL, 0xfd1ce1fdUL, 0x93ae3d93UL, 0x266a4c26UL,
0x365a6c36UL, 0x3f417e3fUL, 0xf702f5f7UL, 0xcc4f83ccUL,
0x345c6834UL, 0xa5f451a5UL, 0xe534d1e5UL, 0xf108f9f1UL,
0x7193e271UL, 0xd873abd8UL, 0x31536231UL, 0x153f2a15UL,
0x040c0804UL, 0xc75295c7UL, 0x23654623UL, 0xc35e9dc3UL,
0x18283018UL, 0x96a13796UL, 0x050f0a05UL, 0x9ab52f9aUL,
0x07090e07UL, 0x12362412UL, 0x809b1b80UL, 0xe23ddfe2UL,
0xeb26cdebUL, 0x27694e27UL, 0xb2cd7fb2UL, 0x759fea75UL,
0x091b1209UL, 0x839e1d83UL, 0x2c74582cUL, 0x1a2e341aUL,
0x1b2d361bUL, 0x6eb2dc6eUL, 0x5aeeb45aUL, 0xa0fb5ba0UL,
0x52f6a452UL, 0x3b4d763bUL, 0xd661b7d6UL, 0xb3ce7db3UL,
0x297b5229UL, 0xe33edde3UL, 0x2f715e2fUL, 0x84971384UL,
0x53f5a653UL, 0xd168b9d1UL, 0x00000000UL, 0xed2cc1edUL,
0x20604020UL, 0xfc1fe3fcUL, 0xb1c879b1UL, 0x5bedb65bUL,
0x6abed46aUL, 0xcb468dcbUL, 0xbed967beUL, 0x394b7239UL,
0x4ade944aUL, 0x4cd4984cUL, 0x58e8b058UL, 0xcf4a85cfUL,
0xd06bbbd0UL, 0xef2ac5efUL, 0xaae54faaUL, 0xfb16edfbUL,
0x43c58643UL, 0x4dd79a4dUL, 0x33556633UL, 0x85941185UL,
0x45cf8a45UL, 0xf910e9f9UL, 0x02060402UL, 0x7f81fe7fUL,
0x50f0a050UL, 0x3c44783cUL, 0x9fba259fUL, 0xa8e34ba8UL,
0x51f3a251UL, 0xa3fe5da3UL, 0x40c08040UL, 0x8f8a058fUL,
0x92ad3f92UL, 0x9dbc219dUL, 0x38487038UL, 0xf504f1f5UL,
0xbcdf63bcUL, 0xb6c177b6UL, 0xda75afdaUL, 0x21634221UL,
0x10302010UL, 0xff1ae5ffUL, 0xf30efdf3UL, 0xd26dbfd2UL,
0xcd4c81cdUL, 0x0c14180cUL, 0x13352613UL, 0xec2fc3ecUL,
0x5fe1be5fUL, 0x97a23597UL, 0x44cc8844UL, 0x17392e17UL,
0xc45793c4UL, 0xa7f255a7UL, 0x7e82fc7eUL, 0x3d477a3dUL,
0x64acc864UL, 0x5de7ba5dUL, 0x192b3219UL, 0x7395e673UL,
0x60a0c060UL, 0x81981981UL, 0x4fd19e4fUL, 0xdc7fa3dcUL,
0x22664422UL, 0x2a7e542aUL, 0x90ab3b90UL, 0x88830b88UL,
0x46ca8c46UL, 0xee29c7eeUL, 0xb8d36bb8UL, 0x143c2814UL,
0xde79a7deUL, 0x5ee2bc5eUL, 0x0b1d160bUL, 0xdb76addbUL,
0xe03bdbe0UL, 0x32566432UL, 0x3a4e743aUL, 0x0a1e140aUL,
0x49db9249UL, 0x060a0c06UL, 0x246c4824UL, 0x5ce4b85cUL,
0xc25d9fc2UL, 0xd36ebdd3UL, 0xacef43acUL, 0x62a6c462UL,
0x91a83991UL, 0x95a43195UL, 0xe437d3e4UL, 0x798bf279UL,
0xe732d5e7UL, 0xc8438bc8UL, 0x37596e37UL, 0x6db7da6dUL,
0x8d8c018dUL, 0xd564b1d5UL, 0x4ed29c4eUL, 0xa9e049a9UL,
0x6cb4d86cUL, 0x56faac56UL, 0xf407f3f4UL, 0xea25cfeaUL,
0x65afca65UL, 0x7a8ef47aUL, 0xaee947aeUL, 0x08181008UL,
0xbad56fbaUL, 0x7888f078UL, 0x256f4a25UL, 0x2e725c2eUL,
0x1c24381cUL, 0xa6f157a6UL, 0xb4c773b4UL, 0xc65197c6UL,
0xe823cbe8UL, 0xdd7ca1ddUL, 0x749ce874UL, 0x1f213e1fUL,
0x4bdd964bUL, 0xbddc61bdUL, 0x8b860d8bUL, 0x8a850f8aUL,
0x7090e070UL, 0x3e427c3eUL, 0xb5c471b5UL, 0x66aacc66UL,
0x48d89048UL, 0x03050603UL, 0xf601f7f6UL, 0x0e121c0eUL,
0x61a3c261UL, 0x355f6a35UL, 0x57f9ae57UL, 0xb9d069b9UL,
0x86911786UL, 0xc15899c1UL, 0x1d273a1dUL, 0x9eb9279eUL,
0xe138d9e1UL, 0xf813ebf8UL, 0x98b32b98UL, 0x11332211UL,
0x69bbd269UL, 0xd970a9d9UL, 0x8e89078eUL, 0x94a73394UL,
0x9bb62d9bUL, 0x1e223c1eUL, 0x87921587UL, 0xe920c9e9UL,
0xce4987ceUL, 0x55ffaa55UL, 0x28785028UL, 0xdf7aa5dfUL,
0x8c8f038cUL, 0xa1f859a1UL, 0x89800989UL, 0x0d171a0dUL,
0xbfda65bfUL, 0xe631d7e6UL, 0x42c68442UL, 0x68b8d068UL,
0x41c38241UL, 0x99b02999UL, 0x2d775a2dUL, 0x0f111e0fUL,
0xb0cb7bb0UL, 0x54fca854UL, 0xbbd66dbbUL, 0x163a2c16UL,
};
static const ulong32 Te3[256] = {
0x6363a5c6UL, 0x7c7c84f8UL, 0x777799eeUL, 0x7b7b8df6UL,
0xf2f20dffUL, 0x6b6bbdd6UL, 0x6f6fb1deUL, 0xc5c55491UL,
0x30305060UL, 0x01010302UL, 0x6767a9ceUL, 0x2b2b7d56UL,
0xfefe19e7UL, 0xd7d762b5UL, 0xababe64dUL, 0x76769aecUL,
0xcaca458fUL, 0x82829d1fUL, 0xc9c94089UL, 0x7d7d87faUL,
0xfafa15efUL, 0x5959ebb2UL, 0x4747c98eUL, 0xf0f00bfbUL,
0xadadec41UL, 0xd4d467b3UL, 0xa2a2fd5fUL, 0xafafea45UL,
0x9c9cbf23UL, 0xa4a4f753UL, 0x727296e4UL, 0xc0c05b9bUL,
0xb7b7c275UL, 0xfdfd1ce1UL, 0x9393ae3dUL, 0x26266a4cUL,
0x36365a6cUL, 0x3f3f417eUL, 0xf7f702f5UL, 0xcccc4f83UL,
0x34345c68UL, 0xa5a5f451UL, 0xe5e534d1UL, 0xf1f108f9UL,
0x717193e2UL, 0xd8d873abUL, 0x31315362UL, 0x15153f2aUL,
0x04040c08UL, 0xc7c75295UL, 0x23236546UL, 0xc3c35e9dUL,
0x18182830UL, 0x9696a137UL, 0x05050f0aUL, 0x9a9ab52fUL,
0x0707090eUL, 0x12123624UL, 0x80809b1bUL, 0xe2e23ddfUL,
0xebeb26cdUL, 0x2727694eUL, 0xb2b2cd7fUL, 0x75759feaUL,
0x09091b12UL, 0x83839e1dUL, 0x2c2c7458UL, 0x1a1a2e34UL,
0x1b1b2d36UL, 0x6e6eb2dcUL, 0x5a5aeeb4UL, 0xa0a0fb5bUL,
0x5252f6a4UL, 0x3b3b4d76UL, 0xd6d661b7UL, 0xb3b3ce7dUL,
0x29297b52UL, 0xe3e33eddUL, 0x2f2f715eUL, 0x84849713UL,
0x5353f5a6UL, 0xd1d168b9UL, 0x00000000UL, 0xeded2cc1UL,
0x20206040UL, 0xfcfc1fe3UL, 0xb1b1c879UL, 0x5b5bedb6UL,
0x6a6abed4UL, 0xcbcb468dUL, 0xbebed967UL, 0x39394b72UL,
0x4a4ade94UL, 0x4c4cd498UL, 0x5858e8b0UL, 0xcfcf4a85UL,
0xd0d06bbbUL, 0xefef2ac5UL, 0xaaaae54fUL, 0xfbfb16edUL,
0x4343c586UL, 0x4d4dd79aUL, 0x33335566UL, 0x85859411UL,
0x4545cf8aUL, 0xf9f910e9UL, 0x02020604UL, 0x7f7f81feUL,
0x5050f0a0UL, 0x3c3c4478UL, 0x9f9fba25UL, 0xa8a8e34bUL,
0x5151f3a2UL, 0xa3a3fe5dUL, 0x4040c080UL, 0x8f8f8a05UL,
0x9292ad3fUL, 0x9d9dbc21UL, 0x38384870UL, 0xf5f504f1UL,
0xbcbcdf63UL, 0xb6b6c177UL, 0xdada75afUL, 0x21216342UL,
0x10103020UL, 0xffff1ae5UL, 0xf3f30efdUL, 0xd2d26dbfUL,
0xcdcd4c81UL, 0x0c0c1418UL, 0x13133526UL, 0xecec2fc3UL,
0x5f5fe1beUL, 0x9797a235UL, 0x4444cc88UL, 0x1717392eUL,
0xc4c45793UL, 0xa7a7f255UL, 0x7e7e82fcUL, 0x3d3d477aUL,
0x6464acc8UL, 0x5d5de7baUL, 0x19192b32UL, 0x737395e6UL,
0x6060a0c0UL, 0x81819819UL, 0x4f4fd19eUL, 0xdcdc7fa3UL,
0x22226644UL, 0x2a2a7e54UL, 0x9090ab3bUL, 0x8888830bUL,
0x4646ca8cUL, 0xeeee29c7UL, 0xb8b8d36bUL, 0x14143c28UL,
0xdede79a7UL, 0x5e5ee2bcUL, 0x0b0b1d16UL, 0xdbdb76adUL,
0xe0e03bdbUL, 0x32325664UL, 0x3a3a4e74UL, 0x0a0a1e14UL,
0x4949db92UL, 0x06060a0cUL, 0x24246c48UL, 0x5c5ce4b8UL,
0xc2c25d9fUL, 0xd3d36ebdUL, 0xacacef43UL, 0x6262a6c4UL,
0x9191a839UL, 0x9595a431UL, 0xe4e437d3UL, 0x79798bf2UL,
0xe7e732d5UL, 0xc8c8438bUL, 0x3737596eUL, 0x6d6db7daUL,
0x8d8d8c01UL, 0xd5d564b1UL, 0x4e4ed29cUL, 0xa9a9e049UL,
0x6c6cb4d8UL, 0x5656faacUL, 0xf4f407f3UL, 0xeaea25cfUL,
0x6565afcaUL, 0x7a7a8ef4UL, 0xaeaee947UL, 0x08081810UL,
0xbabad56fUL, 0x787888f0UL, 0x25256f4aUL, 0x2e2e725cUL,
0x1c1c2438UL, 0xa6a6f157UL, 0xb4b4c773UL, 0xc6c65197UL,
0xe8e823cbUL, 0xdddd7ca1UL, 0x74749ce8UL, 0x1f1f213eUL,
0x4b4bdd96UL, 0xbdbddc61UL, 0x8b8b860dUL, 0x8a8a850fUL,
0x707090e0UL, 0x3e3e427cUL, 0xb5b5c471UL, 0x6666aaccUL,
0x4848d890UL, 0x03030506UL, 0xf6f601f7UL, 0x0e0e121cUL,
0x6161a3c2UL, 0x35355f6aUL, 0x5757f9aeUL, 0xb9b9d069UL,
0x86869117UL, 0xc1c15899UL, 0x1d1d273aUL, 0x9e9eb927UL,
0xe1e138d9UL, 0xf8f813ebUL, 0x9898b32bUL, 0x11113322UL,
0x6969bbd2UL, 0xd9d970a9UL, 0x8e8e8907UL, 0x9494a733UL,
0x9b9bb62dUL, 0x1e1e223cUL, 0x87879215UL, 0xe9e920c9UL,
0xcece4987UL, 0x5555ffaaUL, 0x28287850UL, 0xdfdf7aa5UL,
0x8c8c8f03UL, 0xa1a1f859UL, 0x89898009UL, 0x0d0d171aUL,
0xbfbfda65UL, 0xe6e631d7UL, 0x4242c684UL, 0x6868b8d0UL,
0x4141c382UL, 0x9999b029UL, 0x2d2d775aUL, 0x0f0f111eUL,
0xb0b0cb7bUL, 0x5454fca8UL, 0xbbbbd66dUL, 0x16163a2cUL,
};
static const ulong32 Te4[256] = { static const ulong32 Te4[256] = {
0x63636363UL, 0x7c7c7c7cUL, 0x77777777UL, 0x7b7b7b7bUL, 0x63636363UL, 0x7c7c7c7cUL, 0x77777777UL, 0x7b7b7b7bUL,
0xf2f2f2f2UL, 0x6b6b6b6bUL, 0x6f6f6f6fUL, 0xc5c5c5c5UL, 0xf2f2f2f2UL, 0x6b6b6b6bUL, 0x6f6f6f6fUL, 0xc5c5c5c5UL,
@ -355,8 +157,152 @@ static const ulong32 Te4[256] = {
0xb0b0b0b0UL, 0x54545454UL, 0xbbbbbbbbUL, 0x16161616UL, 0xb0b0b0b0UL, 0x54545454UL, 0xbbbbbbbbUL, 0x16161616UL,
}; };
static const ulong32 TD0[256] = {
0x51f4a750UL, 0x7e416553UL, 0x1a17a4c3UL, 0x3a275e96UL,
0x3bab6bcbUL, 0x1f9d45f1UL, 0xacfa58abUL, 0x4be30393UL,
0x2030fa55UL, 0xad766df6UL, 0x88cc7691UL, 0xf5024c25UL,
0x4fe5d7fcUL, 0xc52acbd7UL, 0x26354480UL, 0xb562a38fUL,
0xdeb15a49UL, 0x25ba1b67UL, 0x45ea0e98UL, 0x5dfec0e1UL,
0xc32f7502UL, 0x814cf012UL, 0x8d4697a3UL, 0x6bd3f9c6UL,
0x038f5fe7UL, 0x15929c95UL, 0xbf6d7aebUL, 0x955259daUL,
0xd4be832dUL, 0x587421d3UL, 0x49e06929UL, 0x8ec9c844UL,
0x75c2896aUL, 0xf48e7978UL, 0x99583e6bUL, 0x27b971ddUL,
0xbee14fb6UL, 0xf088ad17UL, 0xc920ac66UL, 0x7dce3ab4UL,
0x63df4a18UL, 0xe51a3182UL, 0x97513360UL, 0x62537f45UL,
0xb16477e0UL, 0xbb6bae84UL, 0xfe81a01cUL, 0xf9082b94UL,
0x70486858UL, 0x8f45fd19UL, 0x94de6c87UL, 0x527bf8b7UL,
0xab73d323UL, 0x724b02e2UL, 0xe31f8f57UL, 0x6655ab2aUL,
0xb2eb2807UL, 0x2fb5c203UL, 0x86c57b9aUL, 0xd33708a5UL,
0x302887f2UL, 0x23bfa5b2UL, 0x02036abaUL, 0xed16825cUL,
0x8acf1c2bUL, 0xa779b492UL, 0xf307f2f0UL, 0x4e69e2a1UL,
0x65daf4cdUL, 0x0605bed5UL, 0xd134621fUL, 0xc4a6fe8aUL,
0x342e539dUL, 0xa2f355a0UL, 0x058ae132UL, 0xa4f6eb75UL,
0x0b83ec39UL, 0x4060efaaUL, 0x5e719f06UL, 0xbd6e1051UL,
0x3e218af9UL, 0x96dd063dUL, 0xdd3e05aeUL, 0x4de6bd46UL,
0x91548db5UL, 0x71c45d05UL, 0x0406d46fUL, 0x605015ffUL,
0x1998fb24UL, 0xd6bde997UL, 0x894043ccUL, 0x67d99e77UL,
0xb0e842bdUL, 0x07898b88UL, 0xe7195b38UL, 0x79c8eedbUL,
0xa17c0a47UL, 0x7c420fe9UL, 0xf8841ec9UL, 0x00000000UL,
0x09808683UL, 0x322bed48UL, 0x1e1170acUL, 0x6c5a724eUL,
0xfd0efffbUL, 0x0f853856UL, 0x3daed51eUL, 0x362d3927UL,
0x0a0fd964UL, 0x685ca621UL, 0x9b5b54d1UL, 0x24362e3aUL,
0x0c0a67b1UL, 0x9357e70fUL, 0xb4ee96d2UL, 0x1b9b919eUL,
0x80c0c54fUL, 0x61dc20a2UL, 0x5a774b69UL, 0x1c121a16UL,
0xe293ba0aUL, 0xc0a02ae5UL, 0x3c22e043UL, 0x121b171dUL,
0x0e090d0bUL, 0xf28bc7adUL, 0x2db6a8b9UL, 0x141ea9c8UL,
0x57f11985UL, 0xaf75074cUL, 0xee99ddbbUL, 0xa37f60fdUL,
0xf701269fUL, 0x5c72f5bcUL, 0x44663bc5UL, 0x5bfb7e34UL,
0x8b432976UL, 0xcb23c6dcUL, 0xb6edfc68UL, 0xb8e4f163UL,
0xd731dccaUL, 0x42638510UL, 0x13972240UL, 0x84c61120UL,
0x854a247dUL, 0xd2bb3df8UL, 0xaef93211UL, 0xc729a16dUL,
0x1d9e2f4bUL, 0xdcb230f3UL, 0x0d8652ecUL, 0x77c1e3d0UL,
0x2bb3166cUL, 0xa970b999UL, 0x119448faUL, 0x47e96422UL,
0xa8fc8cc4UL, 0xa0f03f1aUL, 0x567d2cd8UL, 0x223390efUL,
0x87494ec7UL, 0xd938d1c1UL, 0x8ccaa2feUL, 0x98d40b36UL,
0xa6f581cfUL, 0xa57ade28UL, 0xdab78e26UL, 0x3fadbfa4UL,
0x2c3a9de4UL, 0x5078920dUL, 0x6a5fcc9bUL, 0x547e4662UL,
0xf68d13c2UL, 0x90d8b8e8UL, 0x2e39f75eUL, 0x82c3aff5UL,
0x9f5d80beUL, 0x69d0937cUL, 0x6fd52da9UL, 0xcf2512b3UL,
0xc8ac993bUL, 0x10187da7UL, 0xe89c636eUL, 0xdb3bbb7bUL,
0xcd267809UL, 0x6e5918f4UL, 0xec9ab701UL, 0x834f9aa8UL,
0xe6956e65UL, 0xaaffe67eUL, 0x21bccf08UL, 0xef15e8e6UL,
0xbae79bd9UL, 0x4a6f36ceUL, 0xea9f09d4UL, 0x29b07cd6UL,
0x31a4b2afUL, 0x2a3f2331UL, 0xc6a59430UL, 0x35a266c0UL,
0x744ebc37UL, 0xfc82caa6UL, 0xe090d0b0UL, 0x33a7d815UL,
0xf104984aUL, 0x41ecdaf7UL, 0x7fcd500eUL, 0x1791f62fUL,
0x764dd68dUL, 0x43efb04dUL, 0xccaa4d54UL, 0xe49604dfUL,
0x9ed1b5e3UL, 0x4c6a881bUL, 0xc12c1fb8UL, 0x4665517fUL,
0x9d5eea04UL, 0x018c355dUL, 0xfa877473UL, 0xfb0b412eUL,
0xb3671d5aUL, 0x92dbd252UL, 0xe9105633UL, 0x6dd64713UL,
0x9ad7618cUL, 0x37a10c7aUL, 0x59f8148eUL, 0xeb133c89UL,
0xcea927eeUL, 0xb761c935UL, 0xe11ce5edUL, 0x7a47b13cUL,
0x9cd2df59UL, 0x55f2733fUL, 0x1814ce79UL, 0x73c737bfUL,
0x53f7cdeaUL, 0x5ffdaa5bUL, 0xdf3d6f14UL, 0x7844db86UL,
0xcaaff381UL, 0xb968c43eUL, 0x3824342cUL, 0xc2a3405fUL,
0x161dc372UL, 0xbce2250cUL, 0x283c498bUL, 0xff0d9541UL,
0x39a80171UL, 0x080cb3deUL, 0xd8b4e49cUL, 0x6456c190UL,
0x7bcb8461UL, 0xd532b670UL, 0x486c5c74UL, 0xd0b85742UL,
};
static const ulong32 Td4[256] = {
0x52525252UL, 0x09090909UL, 0x6a6a6a6aUL, 0xd5d5d5d5UL,
0x30303030UL, 0x36363636UL, 0xa5a5a5a5UL, 0x38383838UL,
0xbfbfbfbfUL, 0x40404040UL, 0xa3a3a3a3UL, 0x9e9e9e9eUL,
0x81818181UL, 0xf3f3f3f3UL, 0xd7d7d7d7UL, 0xfbfbfbfbUL,
0x7c7c7c7cUL, 0xe3e3e3e3UL, 0x39393939UL, 0x82828282UL,
0x9b9b9b9bUL, 0x2f2f2f2fUL, 0xffffffffUL, 0x87878787UL,
0x34343434UL, 0x8e8e8e8eUL, 0x43434343UL, 0x44444444UL,
0xc4c4c4c4UL, 0xdedededeUL, 0xe9e9e9e9UL, 0xcbcbcbcbUL,
0x54545454UL, 0x7b7b7b7bUL, 0x94949494UL, 0x32323232UL,
0xa6a6a6a6UL, 0xc2c2c2c2UL, 0x23232323UL, 0x3d3d3d3dUL,
0xeeeeeeeeUL, 0x4c4c4c4cUL, 0x95959595UL, 0x0b0b0b0bUL,
0x42424242UL, 0xfafafafaUL, 0xc3c3c3c3UL, 0x4e4e4e4eUL,
0x08080808UL, 0x2e2e2e2eUL, 0xa1a1a1a1UL, 0x66666666UL,
0x28282828UL, 0xd9d9d9d9UL, 0x24242424UL, 0xb2b2b2b2UL,
0x76767676UL, 0x5b5b5b5bUL, 0xa2a2a2a2UL, 0x49494949UL,
0x6d6d6d6dUL, 0x8b8b8b8bUL, 0xd1d1d1d1UL, 0x25252525UL,
0x72727272UL, 0xf8f8f8f8UL, 0xf6f6f6f6UL, 0x64646464UL,
0x86868686UL, 0x68686868UL, 0x98989898UL, 0x16161616UL,
0xd4d4d4d4UL, 0xa4a4a4a4UL, 0x5c5c5c5cUL, 0xccccccccUL,
0x5d5d5d5dUL, 0x65656565UL, 0xb6b6b6b6UL, 0x92929292UL,
0x6c6c6c6cUL, 0x70707070UL, 0x48484848UL, 0x50505050UL,
0xfdfdfdfdUL, 0xededededUL, 0xb9b9b9b9UL, 0xdadadadaUL,
0x5e5e5e5eUL, 0x15151515UL, 0x46464646UL, 0x57575757UL,
0xa7a7a7a7UL, 0x8d8d8d8dUL, 0x9d9d9d9dUL, 0x84848484UL,
0x90909090UL, 0xd8d8d8d8UL, 0xababababUL, 0x00000000UL,
0x8c8c8c8cUL, 0xbcbcbcbcUL, 0xd3d3d3d3UL, 0x0a0a0a0aUL,
0xf7f7f7f7UL, 0xe4e4e4e4UL, 0x58585858UL, 0x05050505UL,
0xb8b8b8b8UL, 0xb3b3b3b3UL, 0x45454545UL, 0x06060606UL,
0xd0d0d0d0UL, 0x2c2c2c2cUL, 0x1e1e1e1eUL, 0x8f8f8f8fUL,
0xcacacacaUL, 0x3f3f3f3fUL, 0x0f0f0f0fUL, 0x02020202UL,
0xc1c1c1c1UL, 0xafafafafUL, 0xbdbdbdbdUL, 0x03030303UL,
0x01010101UL, 0x13131313UL, 0x8a8a8a8aUL, 0x6b6b6b6bUL,
0x3a3a3a3aUL, 0x91919191UL, 0x11111111UL, 0x41414141UL,
0x4f4f4f4fUL, 0x67676767UL, 0xdcdcdcdcUL, 0xeaeaeaeaUL,
0x97979797UL, 0xf2f2f2f2UL, 0xcfcfcfcfUL, 0xcecececeUL,
0xf0f0f0f0UL, 0xb4b4b4b4UL, 0xe6e6e6e6UL, 0x73737373UL,
0x96969696UL, 0xacacacacUL, 0x74747474UL, 0x22222222UL,
0xe7e7e7e7UL, 0xadadadadUL, 0x35353535UL, 0x85858585UL,
0xe2e2e2e2UL, 0xf9f9f9f9UL, 0x37373737UL, 0xe8e8e8e8UL,
0x1c1c1c1cUL, 0x75757575UL, 0xdfdfdfdfUL, 0x6e6e6e6eUL,
0x47474747UL, 0xf1f1f1f1UL, 0x1a1a1a1aUL, 0x71717171UL,
0x1d1d1d1dUL, 0x29292929UL, 0xc5c5c5c5UL, 0x89898989UL,
0x6f6f6f6fUL, 0xb7b7b7b7UL, 0x62626262UL, 0x0e0e0e0eUL,
0xaaaaaaaaUL, 0x18181818UL, 0xbebebebeUL, 0x1b1b1b1bUL,
0xfcfcfcfcUL, 0x56565656UL, 0x3e3e3e3eUL, 0x4b4b4b4bUL,
0xc6c6c6c6UL, 0xd2d2d2d2UL, 0x79797979UL, 0x20202020UL,
0x9a9a9a9aUL, 0xdbdbdbdbUL, 0xc0c0c0c0UL, 0xfefefefeUL,
0x78787878UL, 0xcdcdcdcdUL, 0x5a5a5a5aUL, 0xf4f4f4f4UL,
0x1f1f1f1fUL, 0xddddddddUL, 0xa8a8a8a8UL, 0x33333333UL,
0x88888888UL, 0x07070707UL, 0xc7c7c7c7UL, 0x31313131UL,
0xb1b1b1b1UL, 0x12121212UL, 0x10101010UL, 0x59595959UL,
0x27272727UL, 0x80808080UL, 0xececececUL, 0x5f5f5f5fUL,
0x60606060UL, 0x51515151UL, 0x7f7f7f7fUL, 0xa9a9a9a9UL,
0x19191919UL, 0xb5b5b5b5UL, 0x4a4a4a4aUL, 0x0d0d0d0dUL,
0x2d2d2d2dUL, 0xe5e5e5e5UL, 0x7a7a7a7aUL, 0x9f9f9f9fUL,
0x93939393UL, 0xc9c9c9c9UL, 0x9c9c9c9cUL, 0xefefefefUL,
0xa0a0a0a0UL, 0xe0e0e0e0UL, 0x3b3b3b3bUL, 0x4d4d4d4dUL,
0xaeaeaeaeUL, 0x2a2a2a2aUL, 0xf5f5f5f5UL, 0xb0b0b0b0UL,
0xc8c8c8c8UL, 0xebebebebUL, 0xbbbbbbbbUL, 0x3c3c3c3cUL,
0x83838383UL, 0x53535353UL, 0x99999999UL, 0x61616161UL,
0x17171717UL, 0x2b2b2b2bUL, 0x04040404UL, 0x7e7e7e7eUL,
0xbabababaUL, 0x77777777UL, 0xd6d6d6d6UL, 0x26262626UL,
0xe1e1e1e1UL, 0x69696969UL, 0x14141414UL, 0x63636363UL,
0x55555555UL, 0x21212121UL, 0x0c0c0c0cUL, 0x7d7d7d7dUL,
};
#ifdef SMALL_CODE #ifdef SMALL_CODE
#define Te0(x) TE0[x]
#define Te1(x) ROR(TE0[x], 8)
#define Te2(x) ROR(TE0[x], 16)
#define Te3(x) ROR(TE0[x], 24)
#define Td0(x) TD0[x]
#define Td1(x) ROR(TD0[x], 8)
#define Td2(x) ROR(TD0[x], 16)
#define Td3(x) ROR(TD0[x], 24)
#define Te4_0 0x000000FF & Te4 #define Te4_0 0x000000FF & Te4
#define Te4_1 0x0000FF00 & Te4 #define Te4_1 0x0000FF00 & Te4
#define Te4_2 0x00FF0000 & Te4 #define Te4_2 0x00FF0000 & Te4
@ -364,6 +310,216 @@ static const ulong32 Te4[256] = {
#else #else
#define Te0(x) TE0[x]
#define Te1(x) TE1[x]
#define Te2(x) TE2[x]
#define Te3(x) TE3[x]
#define Td0(x) TD0[x]
#define Td1(x) TD1[x]
#define Td2(x) TD2[x]
#define Td3(x) TD3[x]
static const ulong32 TE1[256] = {
0xa5c66363UL, 0x84f87c7cUL, 0x99ee7777UL, 0x8df67b7bUL,
0x0dfff2f2UL, 0xbdd66b6bUL, 0xb1de6f6fUL, 0x5491c5c5UL,
0x50603030UL, 0x03020101UL, 0xa9ce6767UL, 0x7d562b2bUL,
0x19e7fefeUL, 0x62b5d7d7UL, 0xe64dababUL, 0x9aec7676UL,
0x458fcacaUL, 0x9d1f8282UL, 0x4089c9c9UL, 0x87fa7d7dUL,
0x15effafaUL, 0xebb25959UL, 0xc98e4747UL, 0x0bfbf0f0UL,
0xec41adadUL, 0x67b3d4d4UL, 0xfd5fa2a2UL, 0xea45afafUL,
0xbf239c9cUL, 0xf753a4a4UL, 0x96e47272UL, 0x5b9bc0c0UL,
0xc275b7b7UL, 0x1ce1fdfdUL, 0xae3d9393UL, 0x6a4c2626UL,
0x5a6c3636UL, 0x417e3f3fUL, 0x02f5f7f7UL, 0x4f83ccccUL,
0x5c683434UL, 0xf451a5a5UL, 0x34d1e5e5UL, 0x08f9f1f1UL,
0x93e27171UL, 0x73abd8d8UL, 0x53623131UL, 0x3f2a1515UL,
0x0c080404UL, 0x5295c7c7UL, 0x65462323UL, 0x5e9dc3c3UL,
0x28301818UL, 0xa1379696UL, 0x0f0a0505UL, 0xb52f9a9aUL,
0x090e0707UL, 0x36241212UL, 0x9b1b8080UL, 0x3ddfe2e2UL,
0x26cdebebUL, 0x694e2727UL, 0xcd7fb2b2UL, 0x9fea7575UL,
0x1b120909UL, 0x9e1d8383UL, 0x74582c2cUL, 0x2e341a1aUL,
0x2d361b1bUL, 0xb2dc6e6eUL, 0xeeb45a5aUL, 0xfb5ba0a0UL,
0xf6a45252UL, 0x4d763b3bUL, 0x61b7d6d6UL, 0xce7db3b3UL,
0x7b522929UL, 0x3edde3e3UL, 0x715e2f2fUL, 0x97138484UL,
0xf5a65353UL, 0x68b9d1d1UL, 0x00000000UL, 0x2cc1ededUL,
0x60402020UL, 0x1fe3fcfcUL, 0xc879b1b1UL, 0xedb65b5bUL,
0xbed46a6aUL, 0x468dcbcbUL, 0xd967bebeUL, 0x4b723939UL,
0xde944a4aUL, 0xd4984c4cUL, 0xe8b05858UL, 0x4a85cfcfUL,
0x6bbbd0d0UL, 0x2ac5efefUL, 0xe54faaaaUL, 0x16edfbfbUL,
0xc5864343UL, 0xd79a4d4dUL, 0x55663333UL, 0x94118585UL,
0xcf8a4545UL, 0x10e9f9f9UL, 0x06040202UL, 0x81fe7f7fUL,
0xf0a05050UL, 0x44783c3cUL, 0xba259f9fUL, 0xe34ba8a8UL,
0xf3a25151UL, 0xfe5da3a3UL, 0xc0804040UL, 0x8a058f8fUL,
0xad3f9292UL, 0xbc219d9dUL, 0x48703838UL, 0x04f1f5f5UL,
0xdf63bcbcUL, 0xc177b6b6UL, 0x75afdadaUL, 0x63422121UL,
0x30201010UL, 0x1ae5ffffUL, 0x0efdf3f3UL, 0x6dbfd2d2UL,
0x4c81cdcdUL, 0x14180c0cUL, 0x35261313UL, 0x2fc3ececUL,
0xe1be5f5fUL, 0xa2359797UL, 0xcc884444UL, 0x392e1717UL,
0x5793c4c4UL, 0xf255a7a7UL, 0x82fc7e7eUL, 0x477a3d3dUL,
0xacc86464UL, 0xe7ba5d5dUL, 0x2b321919UL, 0x95e67373UL,
0xa0c06060UL, 0x98198181UL, 0xd19e4f4fUL, 0x7fa3dcdcUL,
0x66442222UL, 0x7e542a2aUL, 0xab3b9090UL, 0x830b8888UL,
0xca8c4646UL, 0x29c7eeeeUL, 0xd36bb8b8UL, 0x3c281414UL,
0x79a7dedeUL, 0xe2bc5e5eUL, 0x1d160b0bUL, 0x76addbdbUL,
0x3bdbe0e0UL, 0x56643232UL, 0x4e743a3aUL, 0x1e140a0aUL,
0xdb924949UL, 0x0a0c0606UL, 0x6c482424UL, 0xe4b85c5cUL,
0x5d9fc2c2UL, 0x6ebdd3d3UL, 0xef43acacUL, 0xa6c46262UL,
0xa8399191UL, 0xa4319595UL, 0x37d3e4e4UL, 0x8bf27979UL,
0x32d5e7e7UL, 0x438bc8c8UL, 0x596e3737UL, 0xb7da6d6dUL,
0x8c018d8dUL, 0x64b1d5d5UL, 0xd29c4e4eUL, 0xe049a9a9UL,
0xb4d86c6cUL, 0xfaac5656UL, 0x07f3f4f4UL, 0x25cfeaeaUL,
0xafca6565UL, 0x8ef47a7aUL, 0xe947aeaeUL, 0x18100808UL,
0xd56fbabaUL, 0x88f07878UL, 0x6f4a2525UL, 0x725c2e2eUL,
0x24381c1cUL, 0xf157a6a6UL, 0xc773b4b4UL, 0x5197c6c6UL,
0x23cbe8e8UL, 0x7ca1ddddUL, 0x9ce87474UL, 0x213e1f1fUL,
0xdd964b4bUL, 0xdc61bdbdUL, 0x860d8b8bUL, 0x850f8a8aUL,
0x90e07070UL, 0x427c3e3eUL, 0xc471b5b5UL, 0xaacc6666UL,
0xd8904848UL, 0x05060303UL, 0x01f7f6f6UL, 0x121c0e0eUL,
0xa3c26161UL, 0x5f6a3535UL, 0xf9ae5757UL, 0xd069b9b9UL,
0x91178686UL, 0x5899c1c1UL, 0x273a1d1dUL, 0xb9279e9eUL,
0x38d9e1e1UL, 0x13ebf8f8UL, 0xb32b9898UL, 0x33221111UL,
0xbbd26969UL, 0x70a9d9d9UL, 0x89078e8eUL, 0xa7339494UL,
0xb62d9b9bUL, 0x223c1e1eUL, 0x92158787UL, 0x20c9e9e9UL,
0x4987ceceUL, 0xffaa5555UL, 0x78502828UL, 0x7aa5dfdfUL,
0x8f038c8cUL, 0xf859a1a1UL, 0x80098989UL, 0x171a0d0dUL,
0xda65bfbfUL, 0x31d7e6e6UL, 0xc6844242UL, 0xb8d06868UL,
0xc3824141UL, 0xb0299999UL, 0x775a2d2dUL, 0x111e0f0fUL,
0xcb7bb0b0UL, 0xfca85454UL, 0xd66dbbbbUL, 0x3a2c1616UL,
};
static const ulong32 TE2[256] = {
0x63a5c663UL, 0x7c84f87cUL, 0x7799ee77UL, 0x7b8df67bUL,
0xf20dfff2UL, 0x6bbdd66bUL, 0x6fb1de6fUL, 0xc55491c5UL,
0x30506030UL, 0x01030201UL, 0x67a9ce67UL, 0x2b7d562bUL,
0xfe19e7feUL, 0xd762b5d7UL, 0xabe64dabUL, 0x769aec76UL,
0xca458fcaUL, 0x829d1f82UL, 0xc94089c9UL, 0x7d87fa7dUL,
0xfa15effaUL, 0x59ebb259UL, 0x47c98e47UL, 0xf00bfbf0UL,
0xadec41adUL, 0xd467b3d4UL, 0xa2fd5fa2UL, 0xafea45afUL,
0x9cbf239cUL, 0xa4f753a4UL, 0x7296e472UL, 0xc05b9bc0UL,
0xb7c275b7UL, 0xfd1ce1fdUL, 0x93ae3d93UL, 0x266a4c26UL,
0x365a6c36UL, 0x3f417e3fUL, 0xf702f5f7UL, 0xcc4f83ccUL,
0x345c6834UL, 0xa5f451a5UL, 0xe534d1e5UL, 0xf108f9f1UL,
0x7193e271UL, 0xd873abd8UL, 0x31536231UL, 0x153f2a15UL,
0x040c0804UL, 0xc75295c7UL, 0x23654623UL, 0xc35e9dc3UL,
0x18283018UL, 0x96a13796UL, 0x050f0a05UL, 0x9ab52f9aUL,
0x07090e07UL, 0x12362412UL, 0x809b1b80UL, 0xe23ddfe2UL,
0xeb26cdebUL, 0x27694e27UL, 0xb2cd7fb2UL, 0x759fea75UL,
0x091b1209UL, 0x839e1d83UL, 0x2c74582cUL, 0x1a2e341aUL,
0x1b2d361bUL, 0x6eb2dc6eUL, 0x5aeeb45aUL, 0xa0fb5ba0UL,
0x52f6a452UL, 0x3b4d763bUL, 0xd661b7d6UL, 0xb3ce7db3UL,
0x297b5229UL, 0xe33edde3UL, 0x2f715e2fUL, 0x84971384UL,
0x53f5a653UL, 0xd168b9d1UL, 0x00000000UL, 0xed2cc1edUL,
0x20604020UL, 0xfc1fe3fcUL, 0xb1c879b1UL, 0x5bedb65bUL,
0x6abed46aUL, 0xcb468dcbUL, 0xbed967beUL, 0x394b7239UL,
0x4ade944aUL, 0x4cd4984cUL, 0x58e8b058UL, 0xcf4a85cfUL,
0xd06bbbd0UL, 0xef2ac5efUL, 0xaae54faaUL, 0xfb16edfbUL,
0x43c58643UL, 0x4dd79a4dUL, 0x33556633UL, 0x85941185UL,
0x45cf8a45UL, 0xf910e9f9UL, 0x02060402UL, 0x7f81fe7fUL,
0x50f0a050UL, 0x3c44783cUL, 0x9fba259fUL, 0xa8e34ba8UL,
0x51f3a251UL, 0xa3fe5da3UL, 0x40c08040UL, 0x8f8a058fUL,
0x92ad3f92UL, 0x9dbc219dUL, 0x38487038UL, 0xf504f1f5UL,
0xbcdf63bcUL, 0xb6c177b6UL, 0xda75afdaUL, 0x21634221UL,
0x10302010UL, 0xff1ae5ffUL, 0xf30efdf3UL, 0xd26dbfd2UL,
0xcd4c81cdUL, 0x0c14180cUL, 0x13352613UL, 0xec2fc3ecUL,
0x5fe1be5fUL, 0x97a23597UL, 0x44cc8844UL, 0x17392e17UL,
0xc45793c4UL, 0xa7f255a7UL, 0x7e82fc7eUL, 0x3d477a3dUL,
0x64acc864UL, 0x5de7ba5dUL, 0x192b3219UL, 0x7395e673UL,
0x60a0c060UL, 0x81981981UL, 0x4fd19e4fUL, 0xdc7fa3dcUL,
0x22664422UL, 0x2a7e542aUL, 0x90ab3b90UL, 0x88830b88UL,
0x46ca8c46UL, 0xee29c7eeUL, 0xb8d36bb8UL, 0x143c2814UL,
0xde79a7deUL, 0x5ee2bc5eUL, 0x0b1d160bUL, 0xdb76addbUL,
0xe03bdbe0UL, 0x32566432UL, 0x3a4e743aUL, 0x0a1e140aUL,
0x49db9249UL, 0x060a0c06UL, 0x246c4824UL, 0x5ce4b85cUL,
0xc25d9fc2UL, 0xd36ebdd3UL, 0xacef43acUL, 0x62a6c462UL,
0x91a83991UL, 0x95a43195UL, 0xe437d3e4UL, 0x798bf279UL,
0xe732d5e7UL, 0xc8438bc8UL, 0x37596e37UL, 0x6db7da6dUL,
0x8d8c018dUL, 0xd564b1d5UL, 0x4ed29c4eUL, 0xa9e049a9UL,
0x6cb4d86cUL, 0x56faac56UL, 0xf407f3f4UL, 0xea25cfeaUL,
0x65afca65UL, 0x7a8ef47aUL, 0xaee947aeUL, 0x08181008UL,
0xbad56fbaUL, 0x7888f078UL, 0x256f4a25UL, 0x2e725c2eUL,
0x1c24381cUL, 0xa6f157a6UL, 0xb4c773b4UL, 0xc65197c6UL,
0xe823cbe8UL, 0xdd7ca1ddUL, 0x749ce874UL, 0x1f213e1fUL,
0x4bdd964bUL, 0xbddc61bdUL, 0x8b860d8bUL, 0x8a850f8aUL,
0x7090e070UL, 0x3e427c3eUL, 0xb5c471b5UL, 0x66aacc66UL,
0x48d89048UL, 0x03050603UL, 0xf601f7f6UL, 0x0e121c0eUL,
0x61a3c261UL, 0x355f6a35UL, 0x57f9ae57UL, 0xb9d069b9UL,
0x86911786UL, 0xc15899c1UL, 0x1d273a1dUL, 0x9eb9279eUL,
0xe138d9e1UL, 0xf813ebf8UL, 0x98b32b98UL, 0x11332211UL,
0x69bbd269UL, 0xd970a9d9UL, 0x8e89078eUL, 0x94a73394UL,
0x9bb62d9bUL, 0x1e223c1eUL, 0x87921587UL, 0xe920c9e9UL,
0xce4987ceUL, 0x55ffaa55UL, 0x28785028UL, 0xdf7aa5dfUL,
0x8c8f038cUL, 0xa1f859a1UL, 0x89800989UL, 0x0d171a0dUL,
0xbfda65bfUL, 0xe631d7e6UL, 0x42c68442UL, 0x68b8d068UL,
0x41c38241UL, 0x99b02999UL, 0x2d775a2dUL, 0x0f111e0fUL,
0xb0cb7bb0UL, 0x54fca854UL, 0xbbd66dbbUL, 0x163a2c16UL,
};
static const ulong32 TE3[256] = {
0x6363a5c6UL, 0x7c7c84f8UL, 0x777799eeUL, 0x7b7b8df6UL,
0xf2f20dffUL, 0x6b6bbdd6UL, 0x6f6fb1deUL, 0xc5c55491UL,
0x30305060UL, 0x01010302UL, 0x6767a9ceUL, 0x2b2b7d56UL,
0xfefe19e7UL, 0xd7d762b5UL, 0xababe64dUL, 0x76769aecUL,
0xcaca458fUL, 0x82829d1fUL, 0xc9c94089UL, 0x7d7d87faUL,
0xfafa15efUL, 0x5959ebb2UL, 0x4747c98eUL, 0xf0f00bfbUL,
0xadadec41UL, 0xd4d467b3UL, 0xa2a2fd5fUL, 0xafafea45UL,
0x9c9cbf23UL, 0xa4a4f753UL, 0x727296e4UL, 0xc0c05b9bUL,
0xb7b7c275UL, 0xfdfd1ce1UL, 0x9393ae3dUL, 0x26266a4cUL,
0x36365a6cUL, 0x3f3f417eUL, 0xf7f702f5UL, 0xcccc4f83UL,
0x34345c68UL, 0xa5a5f451UL, 0xe5e534d1UL, 0xf1f108f9UL,
0x717193e2UL, 0xd8d873abUL, 0x31315362UL, 0x15153f2aUL,
0x04040c08UL, 0xc7c75295UL, 0x23236546UL, 0xc3c35e9dUL,
0x18182830UL, 0x9696a137UL, 0x05050f0aUL, 0x9a9ab52fUL,
0x0707090eUL, 0x12123624UL, 0x80809b1bUL, 0xe2e23ddfUL,
0xebeb26cdUL, 0x2727694eUL, 0xb2b2cd7fUL, 0x75759feaUL,
0x09091b12UL, 0x83839e1dUL, 0x2c2c7458UL, 0x1a1a2e34UL,
0x1b1b2d36UL, 0x6e6eb2dcUL, 0x5a5aeeb4UL, 0xa0a0fb5bUL,
0x5252f6a4UL, 0x3b3b4d76UL, 0xd6d661b7UL, 0xb3b3ce7dUL,
0x29297b52UL, 0xe3e33eddUL, 0x2f2f715eUL, 0x84849713UL,
0x5353f5a6UL, 0xd1d168b9UL, 0x00000000UL, 0xeded2cc1UL,
0x20206040UL, 0xfcfc1fe3UL, 0xb1b1c879UL, 0x5b5bedb6UL,
0x6a6abed4UL, 0xcbcb468dUL, 0xbebed967UL, 0x39394b72UL,
0x4a4ade94UL, 0x4c4cd498UL, 0x5858e8b0UL, 0xcfcf4a85UL,
0xd0d06bbbUL, 0xefef2ac5UL, 0xaaaae54fUL, 0xfbfb16edUL,
0x4343c586UL, 0x4d4dd79aUL, 0x33335566UL, 0x85859411UL,
0x4545cf8aUL, 0xf9f910e9UL, 0x02020604UL, 0x7f7f81feUL,
0x5050f0a0UL, 0x3c3c4478UL, 0x9f9fba25UL, 0xa8a8e34bUL,
0x5151f3a2UL, 0xa3a3fe5dUL, 0x4040c080UL, 0x8f8f8a05UL,
0x9292ad3fUL, 0x9d9dbc21UL, 0x38384870UL, 0xf5f504f1UL,
0xbcbcdf63UL, 0xb6b6c177UL, 0xdada75afUL, 0x21216342UL,
0x10103020UL, 0xffff1ae5UL, 0xf3f30efdUL, 0xd2d26dbfUL,
0xcdcd4c81UL, 0x0c0c1418UL, 0x13133526UL, 0xecec2fc3UL,
0x5f5fe1beUL, 0x9797a235UL, 0x4444cc88UL, 0x1717392eUL,
0xc4c45793UL, 0xa7a7f255UL, 0x7e7e82fcUL, 0x3d3d477aUL,
0x6464acc8UL, 0x5d5de7baUL, 0x19192b32UL, 0x737395e6UL,
0x6060a0c0UL, 0x81819819UL, 0x4f4fd19eUL, 0xdcdc7fa3UL,
0x22226644UL, 0x2a2a7e54UL, 0x9090ab3bUL, 0x8888830bUL,
0x4646ca8cUL, 0xeeee29c7UL, 0xb8b8d36bUL, 0x14143c28UL,
0xdede79a7UL, 0x5e5ee2bcUL, 0x0b0b1d16UL, 0xdbdb76adUL,
0xe0e03bdbUL, 0x32325664UL, 0x3a3a4e74UL, 0x0a0a1e14UL,
0x4949db92UL, 0x06060a0cUL, 0x24246c48UL, 0x5c5ce4b8UL,
0xc2c25d9fUL, 0xd3d36ebdUL, 0xacacef43UL, 0x6262a6c4UL,
0x9191a839UL, 0x9595a431UL, 0xe4e437d3UL, 0x79798bf2UL,
0xe7e732d5UL, 0xc8c8438bUL, 0x3737596eUL, 0x6d6db7daUL,
0x8d8d8c01UL, 0xd5d564b1UL, 0x4e4ed29cUL, 0xa9a9e049UL,
0x6c6cb4d8UL, 0x5656faacUL, 0xf4f407f3UL, 0xeaea25cfUL,
0x6565afcaUL, 0x7a7a8ef4UL, 0xaeaee947UL, 0x08081810UL,
0xbabad56fUL, 0x787888f0UL, 0x25256f4aUL, 0x2e2e725cUL,
0x1c1c2438UL, 0xa6a6f157UL, 0xb4b4c773UL, 0xc6c65197UL,
0xe8e823cbUL, 0xdddd7ca1UL, 0x74749ce8UL, 0x1f1f213eUL,
0x4b4bdd96UL, 0xbdbddc61UL, 0x8b8b860dUL, 0x8a8a850fUL,
0x707090e0UL, 0x3e3e427cUL, 0xb5b5c471UL, 0x6666aaccUL,
0x4848d890UL, 0x03030506UL, 0xf6f601f7UL, 0x0e0e121cUL,
0x6161a3c2UL, 0x35355f6aUL, 0x5757f9aeUL, 0xb9b9d069UL,
0x86869117UL, 0xc1c15899UL, 0x1d1d273aUL, 0x9e9eb927UL,
0xe1e138d9UL, 0xf8f813ebUL, 0x9898b32bUL, 0x11113322UL,
0x6969bbd2UL, 0xd9d970a9UL, 0x8e8e8907UL, 0x9494a733UL,
0x9b9bb62dUL, 0x1e1e223cUL, 0x87879215UL, 0xe9e920c9UL,
0xcece4987UL, 0x5555ffaaUL, 0x28287850UL, 0xdfdf7aa5UL,
0x8c8c8f03UL, 0xa1a1f859UL, 0x89898009UL, 0x0d0d171aUL,
0xbfbfda65UL, 0xe6e631d7UL, 0x4242c684UL, 0x6868b8d0UL,
0x4141c382UL, 0x9999b029UL, 0x2d2d775aUL, 0x0f0f111eUL,
0xb0b0cb7bUL, 0x5454fca8UL, 0xbbbbd66dUL, 0x16163a2cUL,
};
static const ulong32 Te4_0[] = { static const ulong32 Te4_0[] = {
0x00000063UL, 0x0000007cUL, 0x00000077UL, 0x0000007bUL, 0x000000f2UL, 0x0000006bUL, 0x0000006fUL, 0x000000c5UL, 0x00000063UL, 0x0000007cUL, 0x00000077UL, 0x0000007bUL, 0x000000f2UL, 0x0000006bUL, 0x0000006fUL, 0x000000c5UL,
0x00000030UL, 0x00000001UL, 0x00000067UL, 0x0000002bUL, 0x000000feUL, 0x000000d7UL, 0x000000abUL, 0x00000076UL, 0x00000030UL, 0x00000001UL, 0x00000067UL, 0x0000002bUL, 0x000000feUL, 0x000000d7UL, 0x000000abUL, 0x00000076UL,
@ -504,75 +660,7 @@ static const ulong32 Te4_3[] = {
0x41000000UL, 0x99000000UL, 0x2d000000UL, 0x0f000000UL, 0xb0000000UL, 0x54000000UL, 0xbb000000UL, 0x16000000UL 0x41000000UL, 0x99000000UL, 0x2d000000UL, 0x0f000000UL, 0xb0000000UL, 0x54000000UL, 0xbb000000UL, 0x16000000UL
}; };
#endif static const ulong32 TD1[256] = {
static const ulong32 Td0[256] = {
0x51f4a750UL, 0x7e416553UL, 0x1a17a4c3UL, 0x3a275e96UL,
0x3bab6bcbUL, 0x1f9d45f1UL, 0xacfa58abUL, 0x4be30393UL,
0x2030fa55UL, 0xad766df6UL, 0x88cc7691UL, 0xf5024c25UL,
0x4fe5d7fcUL, 0xc52acbd7UL, 0x26354480UL, 0xb562a38fUL,
0xdeb15a49UL, 0x25ba1b67UL, 0x45ea0e98UL, 0x5dfec0e1UL,
0xc32f7502UL, 0x814cf012UL, 0x8d4697a3UL, 0x6bd3f9c6UL,
0x038f5fe7UL, 0x15929c95UL, 0xbf6d7aebUL, 0x955259daUL,
0xd4be832dUL, 0x587421d3UL, 0x49e06929UL, 0x8ec9c844UL,
0x75c2896aUL, 0xf48e7978UL, 0x99583e6bUL, 0x27b971ddUL,
0xbee14fb6UL, 0xf088ad17UL, 0xc920ac66UL, 0x7dce3ab4UL,
0x63df4a18UL, 0xe51a3182UL, 0x97513360UL, 0x62537f45UL,
0xb16477e0UL, 0xbb6bae84UL, 0xfe81a01cUL, 0xf9082b94UL,
0x70486858UL, 0x8f45fd19UL, 0x94de6c87UL, 0x527bf8b7UL,
0xab73d323UL, 0x724b02e2UL, 0xe31f8f57UL, 0x6655ab2aUL,
0xb2eb2807UL, 0x2fb5c203UL, 0x86c57b9aUL, 0xd33708a5UL,
0x302887f2UL, 0x23bfa5b2UL, 0x02036abaUL, 0xed16825cUL,
0x8acf1c2bUL, 0xa779b492UL, 0xf307f2f0UL, 0x4e69e2a1UL,
0x65daf4cdUL, 0x0605bed5UL, 0xd134621fUL, 0xc4a6fe8aUL,
0x342e539dUL, 0xa2f355a0UL, 0x058ae132UL, 0xa4f6eb75UL,
0x0b83ec39UL, 0x4060efaaUL, 0x5e719f06UL, 0xbd6e1051UL,
0x3e218af9UL, 0x96dd063dUL, 0xdd3e05aeUL, 0x4de6bd46UL,
0x91548db5UL, 0x71c45d05UL, 0x0406d46fUL, 0x605015ffUL,
0x1998fb24UL, 0xd6bde997UL, 0x894043ccUL, 0x67d99e77UL,
0xb0e842bdUL, 0x07898b88UL, 0xe7195b38UL, 0x79c8eedbUL,
0xa17c0a47UL, 0x7c420fe9UL, 0xf8841ec9UL, 0x00000000UL,
0x09808683UL, 0x322bed48UL, 0x1e1170acUL, 0x6c5a724eUL,
0xfd0efffbUL, 0x0f853856UL, 0x3daed51eUL, 0x362d3927UL,
0x0a0fd964UL, 0x685ca621UL, 0x9b5b54d1UL, 0x24362e3aUL,
0x0c0a67b1UL, 0x9357e70fUL, 0xb4ee96d2UL, 0x1b9b919eUL,
0x80c0c54fUL, 0x61dc20a2UL, 0x5a774b69UL, 0x1c121a16UL,
0xe293ba0aUL, 0xc0a02ae5UL, 0x3c22e043UL, 0x121b171dUL,
0x0e090d0bUL, 0xf28bc7adUL, 0x2db6a8b9UL, 0x141ea9c8UL,
0x57f11985UL, 0xaf75074cUL, 0xee99ddbbUL, 0xa37f60fdUL,
0xf701269fUL, 0x5c72f5bcUL, 0x44663bc5UL, 0x5bfb7e34UL,
0x8b432976UL, 0xcb23c6dcUL, 0xb6edfc68UL, 0xb8e4f163UL,
0xd731dccaUL, 0x42638510UL, 0x13972240UL, 0x84c61120UL,
0x854a247dUL, 0xd2bb3df8UL, 0xaef93211UL, 0xc729a16dUL,
0x1d9e2f4bUL, 0xdcb230f3UL, 0x0d8652ecUL, 0x77c1e3d0UL,
0x2bb3166cUL, 0xa970b999UL, 0x119448faUL, 0x47e96422UL,
0xa8fc8cc4UL, 0xa0f03f1aUL, 0x567d2cd8UL, 0x223390efUL,
0x87494ec7UL, 0xd938d1c1UL, 0x8ccaa2feUL, 0x98d40b36UL,
0xa6f581cfUL, 0xa57ade28UL, 0xdab78e26UL, 0x3fadbfa4UL,
0x2c3a9de4UL, 0x5078920dUL, 0x6a5fcc9bUL, 0x547e4662UL,
0xf68d13c2UL, 0x90d8b8e8UL, 0x2e39f75eUL, 0x82c3aff5UL,
0x9f5d80beUL, 0x69d0937cUL, 0x6fd52da9UL, 0xcf2512b3UL,
0xc8ac993bUL, 0x10187da7UL, 0xe89c636eUL, 0xdb3bbb7bUL,
0xcd267809UL, 0x6e5918f4UL, 0xec9ab701UL, 0x834f9aa8UL,
0xe6956e65UL, 0xaaffe67eUL, 0x21bccf08UL, 0xef15e8e6UL,
0xbae79bd9UL, 0x4a6f36ceUL, 0xea9f09d4UL, 0x29b07cd6UL,
0x31a4b2afUL, 0x2a3f2331UL, 0xc6a59430UL, 0x35a266c0UL,
0x744ebc37UL, 0xfc82caa6UL, 0xe090d0b0UL, 0x33a7d815UL,
0xf104984aUL, 0x41ecdaf7UL, 0x7fcd500eUL, 0x1791f62fUL,
0x764dd68dUL, 0x43efb04dUL, 0xccaa4d54UL, 0xe49604dfUL,
0x9ed1b5e3UL, 0x4c6a881bUL, 0xc12c1fb8UL, 0x4665517fUL,
0x9d5eea04UL, 0x018c355dUL, 0xfa877473UL, 0xfb0b412eUL,
0xb3671d5aUL, 0x92dbd252UL, 0xe9105633UL, 0x6dd64713UL,
0x9ad7618cUL, 0x37a10c7aUL, 0x59f8148eUL, 0xeb133c89UL,
0xcea927eeUL, 0xb761c935UL, 0xe11ce5edUL, 0x7a47b13cUL,
0x9cd2df59UL, 0x55f2733fUL, 0x1814ce79UL, 0x73c737bfUL,
0x53f7cdeaUL, 0x5ffdaa5bUL, 0xdf3d6f14UL, 0x7844db86UL,
0xcaaff381UL, 0xb968c43eUL, 0x3824342cUL, 0xc2a3405fUL,
0x161dc372UL, 0xbce2250cUL, 0x283c498bUL, 0xff0d9541UL,
0x39a80171UL, 0x080cb3deUL, 0xd8b4e49cUL, 0x6456c190UL,
0x7bcb8461UL, 0xd532b670UL, 0x486c5c74UL, 0xd0b85742UL,
};
static const ulong32 Td1[256] = {
0x5051f4a7UL, 0x537e4165UL, 0xc31a17a4UL, 0x963a275eUL, 0x5051f4a7UL, 0x537e4165UL, 0xc31a17a4UL, 0x963a275eUL,
0xcb3bab6bUL, 0xf11f9d45UL, 0xabacfa58UL, 0x934be303UL, 0xcb3bab6bUL, 0xf11f9d45UL, 0xabacfa58UL, 0x934be303UL,
0x552030faUL, 0xf6ad766dUL, 0x9188cc76UL, 0x25f5024cUL, 0x552030faUL, 0xf6ad766dUL, 0x9188cc76UL, 0x25f5024cUL,
@ -638,7 +726,7 @@ static const ulong32 Td1[256] = {
0x7139a801UL, 0xde080cb3UL, 0x9cd8b4e4UL, 0x906456c1UL, 0x7139a801UL, 0xde080cb3UL, 0x9cd8b4e4UL, 0x906456c1UL,
0x617bcb84UL, 0x70d532b6UL, 0x74486c5cUL, 0x42d0b857UL, 0x617bcb84UL, 0x70d532b6UL, 0x74486c5cUL, 0x42d0b857UL,
}; };
static const ulong32 Td2[256] = { static const ulong32 TD2[256] = {
0xa75051f4UL, 0x65537e41UL, 0xa4c31a17UL, 0x5e963a27UL, 0xa75051f4UL, 0x65537e41UL, 0xa4c31a17UL, 0x5e963a27UL,
0x6bcb3babUL, 0x45f11f9dUL, 0x58abacfaUL, 0x03934be3UL, 0x6bcb3babUL, 0x45f11f9dUL, 0x58abacfaUL, 0x03934be3UL,
0xfa552030UL, 0x6df6ad76UL, 0x769188ccUL, 0x4c25f502UL, 0xfa552030UL, 0x6df6ad76UL, 0x769188ccUL, 0x4c25f502UL,
@ -659,7 +747,6 @@ static const ulong32 Td2[256] = {
0xf4cd65daUL, 0xbed50605UL, 0x621fd134UL, 0xfe8ac4a6UL, 0xf4cd65daUL, 0xbed50605UL, 0x621fd134UL, 0xfe8ac4a6UL,
0x539d342eUL, 0x55a0a2f3UL, 0xe132058aUL, 0xeb75a4f6UL, 0x539d342eUL, 0x55a0a2f3UL, 0xe132058aUL, 0xeb75a4f6UL,
0xec390b83UL, 0xefaa4060UL, 0x9f065e71UL, 0x1051bd6eUL, 0xec390b83UL, 0xefaa4060UL, 0x9f065e71UL, 0x1051bd6eUL,
0x8af93e21UL, 0x063d96ddUL, 0x05aedd3eUL, 0xbd464de6UL, 0x8af93e21UL, 0x063d96ddUL, 0x05aedd3eUL, 0xbd464de6UL,
0x8db59154UL, 0x5d0571c4UL, 0xd46f0406UL, 0x15ff6050UL, 0x8db59154UL, 0x5d0571c4UL, 0xd46f0406UL, 0x15ff6050UL,
0xfb241998UL, 0xe997d6bdUL, 0x43cc8940UL, 0x9e7767d9UL, 0xfb241998UL, 0xe997d6bdUL, 0x43cc8940UL, 0x9e7767d9UL,
@ -705,7 +792,7 @@ static const ulong32 Td2[256] = {
0x017139a8UL, 0xb3de080cUL, 0xe49cd8b4UL, 0xc1906456UL, 0x017139a8UL, 0xb3de080cUL, 0xe49cd8b4UL, 0xc1906456UL,
0x84617bcbUL, 0xb670d532UL, 0x5c74486cUL, 0x5742d0b8UL, 0x84617bcbUL, 0xb670d532UL, 0x5c74486cUL, 0x5742d0b8UL,
}; };
static const ulong32 Td3[256] = { static const ulong32 TD3[256] = {
0xf4a75051UL, 0x4165537eUL, 0x17a4c31aUL, 0x275e963aUL, 0xf4a75051UL, 0x4165537eUL, 0x17a4c31aUL, 0x275e963aUL,
0xab6bcb3bUL, 0x9d45f11fUL, 0xfa58abacUL, 0xe303934bUL, 0xab6bcb3bUL, 0x9d45f11fUL, 0xfa58abacUL, 0xe303934bUL,
0x30fa5520UL, 0x766df6adUL, 0xcc769188UL, 0x024c25f5UL, 0x30fa5520UL, 0x766df6adUL, 0xcc769188UL, 0x024c25f5UL,
@ -771,79 +858,7 @@ static const ulong32 Td3[256] = {
0xa8017139UL, 0x0cb3de08UL, 0xb4e49cd8UL, 0x56c19064UL, 0xa8017139UL, 0x0cb3de08UL, 0xb4e49cd8UL, 0x56c19064UL,
0xcb84617bUL, 0x32b670d5UL, 0x6c5c7448UL, 0xb85742d0UL, 0xcb84617bUL, 0x32b670d5UL, 0x6c5c7448UL, 0xb85742d0UL,
}; };
static const ulong32 Td4[256] = {
0x52525252UL, 0x09090909UL, 0x6a6a6a6aUL, 0xd5d5d5d5UL,
0x30303030UL, 0x36363636UL, 0xa5a5a5a5UL, 0x38383838UL,
0xbfbfbfbfUL, 0x40404040UL, 0xa3a3a3a3UL, 0x9e9e9e9eUL,
0x81818181UL, 0xf3f3f3f3UL, 0xd7d7d7d7UL, 0xfbfbfbfbUL,
0x7c7c7c7cUL, 0xe3e3e3e3UL, 0x39393939UL, 0x82828282UL,
0x9b9b9b9bUL, 0x2f2f2f2fUL, 0xffffffffUL, 0x87878787UL,
0x34343434UL, 0x8e8e8e8eUL, 0x43434343UL, 0x44444444UL,
0xc4c4c4c4UL, 0xdedededeUL, 0xe9e9e9e9UL, 0xcbcbcbcbUL,
0x54545454UL, 0x7b7b7b7bUL, 0x94949494UL, 0x32323232UL,
0xa6a6a6a6UL, 0xc2c2c2c2UL, 0x23232323UL, 0x3d3d3d3dUL,
0xeeeeeeeeUL, 0x4c4c4c4cUL, 0x95959595UL, 0x0b0b0b0bUL,
0x42424242UL, 0xfafafafaUL, 0xc3c3c3c3UL, 0x4e4e4e4eUL,
0x08080808UL, 0x2e2e2e2eUL, 0xa1a1a1a1UL, 0x66666666UL,
0x28282828UL, 0xd9d9d9d9UL, 0x24242424UL, 0xb2b2b2b2UL,
0x76767676UL, 0x5b5b5b5bUL, 0xa2a2a2a2UL, 0x49494949UL,
0x6d6d6d6dUL, 0x8b8b8b8bUL, 0xd1d1d1d1UL, 0x25252525UL,
0x72727272UL, 0xf8f8f8f8UL, 0xf6f6f6f6UL, 0x64646464UL,
0x86868686UL, 0x68686868UL, 0x98989898UL, 0x16161616UL,
0xd4d4d4d4UL, 0xa4a4a4a4UL, 0x5c5c5c5cUL, 0xccccccccUL,
0x5d5d5d5dUL, 0x65656565UL, 0xb6b6b6b6UL, 0x92929292UL,
0x6c6c6c6cUL, 0x70707070UL, 0x48484848UL, 0x50505050UL,
0xfdfdfdfdUL, 0xededededUL, 0xb9b9b9b9UL, 0xdadadadaUL,
0x5e5e5e5eUL, 0x15151515UL, 0x46464646UL, 0x57575757UL,
0xa7a7a7a7UL, 0x8d8d8d8dUL, 0x9d9d9d9dUL, 0x84848484UL,
0x90909090UL, 0xd8d8d8d8UL, 0xababababUL, 0x00000000UL,
0x8c8c8c8cUL, 0xbcbcbcbcUL, 0xd3d3d3d3UL, 0x0a0a0a0aUL,
0xf7f7f7f7UL, 0xe4e4e4e4UL, 0x58585858UL, 0x05050505UL,
0xb8b8b8b8UL, 0xb3b3b3b3UL, 0x45454545UL, 0x06060606UL,
0xd0d0d0d0UL, 0x2c2c2c2cUL, 0x1e1e1e1eUL, 0x8f8f8f8fUL,
0xcacacacaUL, 0x3f3f3f3fUL, 0x0f0f0f0fUL, 0x02020202UL,
0xc1c1c1c1UL, 0xafafafafUL, 0xbdbdbdbdUL, 0x03030303UL,
0x01010101UL, 0x13131313UL, 0x8a8a8a8aUL, 0x6b6b6b6bUL,
0x3a3a3a3aUL, 0x91919191UL, 0x11111111UL, 0x41414141UL,
0x4f4f4f4fUL, 0x67676767UL, 0xdcdcdcdcUL, 0xeaeaeaeaUL,
0x97979797UL, 0xf2f2f2f2UL, 0xcfcfcfcfUL, 0xcecececeUL,
0xf0f0f0f0UL, 0xb4b4b4b4UL, 0xe6e6e6e6UL, 0x73737373UL,
0x96969696UL, 0xacacacacUL, 0x74747474UL, 0x22222222UL,
0xe7e7e7e7UL, 0xadadadadUL, 0x35353535UL, 0x85858585UL,
0xe2e2e2e2UL, 0xf9f9f9f9UL, 0x37373737UL, 0xe8e8e8e8UL,
0x1c1c1c1cUL, 0x75757575UL, 0xdfdfdfdfUL, 0x6e6e6e6eUL,
0x47474747UL, 0xf1f1f1f1UL, 0x1a1a1a1aUL, 0x71717171UL,
0x1d1d1d1dUL, 0x29292929UL, 0xc5c5c5c5UL, 0x89898989UL,
0x6f6f6f6fUL, 0xb7b7b7b7UL, 0x62626262UL, 0x0e0e0e0eUL,
0xaaaaaaaaUL, 0x18181818UL, 0xbebebebeUL, 0x1b1b1b1bUL,
0xfcfcfcfcUL, 0x56565656UL, 0x3e3e3e3eUL, 0x4b4b4b4bUL,
0xc6c6c6c6UL, 0xd2d2d2d2UL, 0x79797979UL, 0x20202020UL,
0x9a9a9a9aUL, 0xdbdbdbdbUL, 0xc0c0c0c0UL, 0xfefefefeUL,
0x78787878UL, 0xcdcdcdcdUL, 0x5a5a5a5aUL, 0xf4f4f4f4UL,
0x1f1f1f1fUL, 0xddddddddUL, 0xa8a8a8a8UL, 0x33333333UL,
0x88888888UL, 0x07070707UL, 0xc7c7c7c7UL, 0x31313131UL,
0xb1b1b1b1UL, 0x12121212UL, 0x10101010UL, 0x59595959UL,
0x27272727UL, 0x80808080UL, 0xececececUL, 0x5f5f5f5fUL,
0x60606060UL, 0x51515151UL, 0x7f7f7f7fUL, 0xa9a9a9a9UL,
0x19191919UL, 0xb5b5b5b5UL, 0x4a4a4a4aUL, 0x0d0d0d0dUL,
0x2d2d2d2dUL, 0xe5e5e5e5UL, 0x7a7a7a7aUL, 0x9f9f9f9fUL,
0x93939393UL, 0xc9c9c9c9UL, 0x9c9c9c9cUL, 0xefefefefUL,
0xa0a0a0a0UL, 0xe0e0e0e0UL, 0x3b3b3b3bUL, 0x4d4d4d4dUL,
0xaeaeaeaeUL, 0x2a2a2a2aUL, 0xf5f5f5f5UL, 0xb0b0b0b0UL,
0xc8c8c8c8UL, 0xebebebebUL, 0xbbbbbbbbUL, 0x3c3c3c3cUL,
0x83838383UL, 0x53535353UL, 0x99999999UL, 0x61616161UL,
0x17171717UL, 0x2b2b2b2bUL, 0x04040404UL, 0x7e7e7e7eUL,
0xbabababaUL, 0x77777777UL, 0xd6d6d6d6UL, 0x26262626UL,
0xe1e1e1e1UL, 0x69696969UL, 0x14141414UL, 0x63636363UL,
0x55555555UL, 0x21212121UL, 0x0c0c0c0cUL, 0x7d7d7d7dUL,
};
static const ulong32 rcon[] = {
0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL,
0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL,
0x1B000000UL, 0x36000000UL, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
};
#ifndef SMALL_CODE
static const ulong32 Tks0[] = { static const ulong32 Tks0[] = {
0x00000000UL, 0x0e090d0bUL, 0x1c121a16UL, 0x121b171dUL, 0x3824342cUL, 0x362d3927UL, 0x24362e3aUL, 0x2a3f2331UL, 0x00000000UL, 0x0e090d0bUL, 0x1c121a16UL, 0x121b171dUL, 0x3824342cUL, 0x362d3927UL, 0x24362e3aUL, 0x2a3f2331UL,
0x70486858UL, 0x7e416553UL, 0x6c5a724eUL, 0x62537f45UL, 0x486c5c74UL, 0x4665517fUL, 0x547e4662UL, 0x5a774b69UL, 0x70486858UL, 0x7e416553UL, 0x6c5a724eUL, 0x62537f45UL, 0x486c5c74UL, 0x4665517fUL, 0x547e4662UL, 0x5a774b69UL,
@ -983,5 +998,11 @@ static const ulong32 Tks3[] = {
0x31dccad7UL, 0x38d1c1d9UL, 0x23c6dccbUL, 0x2acbd7c5UL, 0x15e8e6efUL, 0x1ce5ede1UL, 0x07f2f0f3UL, 0x0efffbfdUL, 0x31dccad7UL, 0x38d1c1d9UL, 0x23c6dccbUL, 0x2acbd7c5UL, 0x15e8e6efUL, 0x1ce5ede1UL, 0x07f2f0f3UL, 0x0efffbfdUL,
0x79b492a7UL, 0x70b999a9UL, 0x6bae84bbUL, 0x62a38fb5UL, 0x5d80be9fUL, 0x548db591UL, 0x4f9aa883UL, 0x4697a38dUL 0x79b492a7UL, 0x70b999a9UL, 0x6bae84bbUL, 0x62a38fb5UL, 0x5d80be9fUL, 0x548db591UL, 0x4f9aa883UL, 0x4697a38dUL
}; };
#endif
#endif /* SMALL CODE */
static const ulong32 rcon[] = {
0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL,
0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL,
0x1B000000UL, 0x36000000UL, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
};

2
base64.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */

2
blowfish.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */

10
mem.c → burn_stack.c
View File

@ -4,20 +4,12 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
#include "mycrypt.h" #include "mycrypt.h"
void zeromem(void *dst, size_t len)
{
unsigned char *mem = (unsigned char *)dst;
_ARGCHK(dst != NULL);
while (len-- > 0)
*mem++ = 0;
}
void burn_stack(unsigned long len) void burn_stack(unsigned long len)
{ {
unsigned char buf[32]; unsigned char buf[32];

2
cast5.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */

121
cbc.c
View File

@ -1,121 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* gurantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef CBC
int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_CBC *cbc)
{
int x, err;
_ARGCHK(IV != NULL);
_ARGCHK(key != NULL);
_ARGCHK(cbc != NULL);
/* bad param? */
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
/* setup cipher */
if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &cbc->key)) != CRYPT_OK) {
return err;
}
/* copy IV */
cbc->blocklen = cipher_descriptor[cipher].block_length;
cbc->cipher = cipher;
for (x = 0; x < cbc->blocklen; x++) {
cbc->IV[x] = IV[x];
}
return CRYPT_OK;
}
int cbc_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_CBC *cbc)
{
int x, err;
unsigned char tmp[MAXBLOCKSIZE];
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(cbc != NULL);
if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) {
return err;
}
/* is blocklen valid? */
if (cbc->blocklen < 0 || cbc->blocklen > (int)sizeof(cbc->IV)) {
return CRYPT_INVALID_ARG;
}
/* xor IV against plaintext */
for (x = 0; x < cbc->blocklen; x++) {
tmp[x] = pt[x] ^ cbc->IV[x];
}
/* encrypt */
cipher_descriptor[cbc->cipher].ecb_encrypt(tmp, ct, &cbc->key);
/* store IV [ciphertext] for a future block */
for (x = 0; x < cbc->blocklen; x++) {
cbc->IV[x] = ct[x];
}
#ifdef CLEAN_STACK
zeromem(tmp, sizeof(tmp));
#endif
return CRYPT_OK;
}
int cbc_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_CBC *cbc)
{
int x, err;
unsigned char tmp[MAXBLOCKSIZE], tmp2[MAXBLOCKSIZE];
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(cbc != NULL);
/* decrypt the block from ct into tmp */
if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) {
return err;
}
cipher_descriptor[cbc->cipher].ecb_decrypt(ct, tmp, &cbc->key);
/* is blocklen valid? */
if (cbc->blocklen < 0 || cbc->blocklen > (int)sizeof(cbc->IV)) {
return CRYPT_INVALID_ARG;
}
/* xor IV against the plaintext of the previous step */
for (x = 0; x < cbc->blocklen; x++) {
/* copy CT in case ct == pt */
tmp2[x] = ct[x];
/* actually decrypt the byte */
pt[x] = tmp[x] ^ cbc->IV[x];
}
/* replace IV with this current ciphertext */
for (x = 0; x < cbc->blocklen; x++) {
cbc->IV[x] = tmp2[x];
}
#ifdef CLEAN_STACK
zeromem(tmp, sizeof(tmp));
zeromem(tmp2, sizeof(tmp2));
#endif
return CRYPT_OK;
}
#endif

56
cbc_decrypt.c Normal file
View File

@ -0,0 +1,56 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef CBC
int cbc_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_CBC *cbc)
{
int x, err;
unsigned char tmp[MAXBLOCKSIZE], tmp2[MAXBLOCKSIZE];
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(cbc != NULL);
/* decrypt the block from ct into tmp */
if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) {
return err;
}
cipher_descriptor[cbc->cipher].ecb_decrypt(ct, tmp, &cbc->key);
/* is blocklen valid? */
if (cbc->blocklen < 0 || cbc->blocklen > (int)sizeof(cbc->IV)) {
return CRYPT_INVALID_ARG;
}
/* xor IV against the plaintext of the previous step */
for (x = 0; x < cbc->blocklen; x++) {
/* copy CT in case ct == pt */
tmp2[x] = ct[x];
/* actually decrypt the byte */
pt[x] = tmp[x] ^ cbc->IV[x];
}
/* replace IV with this current ciphertext */
for (x = 0; x < cbc->blocklen; x++) {
cbc->IV[x] = tmp2[x];
}
#ifdef CLEAN_STACK
zeromem(tmp, sizeof(tmp));
zeromem(tmp2, sizeof(tmp2));
#endif
return CRYPT_OK;
}
#endif

52
cbc_encrypt.c Normal file
View File

@ -0,0 +1,52 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef CBC
int cbc_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_CBC *cbc)
{
int x, err;
unsigned char tmp[MAXBLOCKSIZE];
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(cbc != NULL);
if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) {
return err;
}
/* is blocklen valid? */
if (cbc->blocklen < 0 || cbc->blocklen > (int)sizeof(cbc->IV)) {
return CRYPT_INVALID_ARG;
}
/* xor IV against plaintext */
for (x = 0; x < cbc->blocklen; x++) {
tmp[x] = pt[x] ^ cbc->IV[x];
}
/* encrypt */
cipher_descriptor[cbc->cipher].ecb_encrypt(tmp, ct, &cbc->key);
/* store IV [ciphertext] for a future block */
for (x = 0; x < cbc->blocklen; x++) {
cbc->IV[x] = ct[x];
}
#ifdef CLEAN_STACK
zeromem(tmp, sizeof(tmp));
#endif
return CRYPT_OK;
}
#endif

43
cbc_start.c Normal file
View File

@ -0,0 +1,43 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef CBC
int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_CBC *cbc)
{
int x, err;
_ARGCHK(IV != NULL);
_ARGCHK(key != NULL);
_ARGCHK(cbc != NULL);
/* bad param? */
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
/* setup cipher */
if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &cbc->key)) != CRYPT_OK) {
return err;
}
/* copy IV */
cbc->blocklen = cipher_descriptor[cipher].block_length;
cbc->cipher = cipher;
for (x = 0; x < cbc->blocklen; x++) {
cbc->IV[x] = IV[x];
}
return CRYPT_OK;
}
#endif

111
cfb.c
View File

@ -1,111 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* gurantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef CFB
int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_CFB *cfb)
{
int x, err;
_ARGCHK(IV != NULL);
_ARGCHK(key != NULL);
_ARGCHK(cfb != NULL);
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
/* copy data */
cfb->cipher = cipher;
cfb->blocklen = cipher_descriptor[cipher].block_length;
for (x = 0; x < cfb->blocklen; x++)
cfb->IV[x] = IV[x];
/* init the cipher */
if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &cfb->key)) != CRYPT_OK) {
return err;
}
/* encrypt the IV */
cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->IV, cfb->IV, &cfb->key);
cfb->padlen = 0;
return CRYPT_OK;
}
int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb)
{
int err;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(cfb != NULL);
if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) {
return err;
}
/* is blocklen/padlen valid? */
if (cfb->blocklen < 0 || cfb->blocklen > (int)sizeof(cfb->IV) ||
cfb->padlen < 0 || cfb->padlen > (int)sizeof(cfb->pad)) {
return CRYPT_INVALID_ARG;
}
while (len-- > 0) {
if (cfb->padlen == cfb->blocklen) {
cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key);
cfb->padlen = 0;
}
cfb->pad[cfb->padlen] = (*ct = *pt ^ cfb->IV[cfb->padlen]);
++pt;
++ct;
++cfb->padlen;
}
return CRYPT_OK;
}
int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb)
{
int err;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(cfb != NULL);
if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) {
return err;
}
/* is blocklen/padlen valid? */
if (cfb->blocklen < 0 || cfb->blocklen > (int)sizeof(cfb->IV) ||
cfb->padlen < 0 || cfb->padlen > (int)sizeof(cfb->pad)) {
return CRYPT_INVALID_ARG;
}
while (len-- > 0) {
if (cfb->padlen == cfb->blocklen) {
cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key);
cfb->padlen = 0;
}
cfb->pad[cfb->padlen] = *ct;
*pt = *ct ^ cfb->IV[cfb->padlen];
++pt;
++ct;
++cfb->padlen;
}
return CRYPT_OK;
}
#endif

48
cfb_decrypt.c Normal file
View File

@ -0,0 +1,48 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef CFB
int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb)
{
int err;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(cfb != NULL);
if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) {
return err;
}
/* is blocklen/padlen valid? */
if (cfb->blocklen < 0 || cfb->blocklen > (int)sizeof(cfb->IV) ||
cfb->padlen < 0 || cfb->padlen > (int)sizeof(cfb->pad)) {
return CRYPT_INVALID_ARG;
}
while (len-- > 0) {
if (cfb->padlen == cfb->blocklen) {
cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key);
cfb->padlen = 0;
}
cfb->pad[cfb->padlen] = *ct;
*pt = *ct ^ cfb->IV[cfb->padlen];
++pt;
++ct;
++cfb->padlen;
}
return CRYPT_OK;
}
#endif

46
cfb_encrypt.c Normal file
View File

@ -0,0 +1,46 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef CFB
int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb)
{
int err;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(cfb != NULL);
if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) {
return err;
}
/* is blocklen/padlen valid? */
if (cfb->blocklen < 0 || cfb->blocklen > (int)sizeof(cfb->IV) ||
cfb->padlen < 0 || cfb->padlen > (int)sizeof(cfb->pad)) {
return CRYPT_INVALID_ARG;
}
while (len-- > 0) {
if (cfb->padlen == cfb->blocklen) {
cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key);
cfb->padlen = 0;
}
cfb->pad[cfb->padlen] = (*ct = *pt ^ cfb->IV[cfb->padlen]);
++pt;
++ct;
++cfb->padlen;
}
return CRYPT_OK;
}
#endif

47
cfb_start.c Normal file
View File

@ -0,0 +1,47 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef CFB
int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_CFB *cfb)
{
int x, err;
_ARGCHK(IV != NULL);
_ARGCHK(key != NULL);
_ARGCHK(cfb != NULL);
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
/* copy data */
cfb->cipher = cipher;
cfb->blocklen = cipher_descriptor[cipher].block_length;
for (x = 0; x < cfb->blocklen; x++)
cfb->IV[x] = IV[x];
/* init the cipher */
if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &cfb->key)) != CRYPT_OK) {
return err;
}
/* encrypt the IV */
cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->IV, cfb->IV, &cfb->key);
cfb->padlen = 0;
return CRYPT_OK;
}
#endif

19
changes
View File

@ -1,3 +1,22 @@
May 12th, 2004
v0.95 -- Optimized AES and WHIRLPOOL for SMALL_CODE by taking advantage of the fact
the transforms are circulant. AES dropped 5KB and WHIRLPOOL dropped 13KB
using the default build options on the x86.
-- Updated eax so the eax_done() would clear the state [like hmac,pmac,ocb] when
CLEAN_STACK has been defined.
-- added LTC_TEST support to rmd160
-- updates to mycrypt_pk.h
-- updated rand_prime() to faciliate making RSA composites
-- DSA/RSA now makes composites of the exact size desired.
-- Refactored quite a bit of the code, fewer functions per C file
-- cleaned up the makefiles to organize the objects logically
-- added ICC makefile along with "profiled" targets for both GNU and ICC compilers
-- Marked functions for removal before v1.00 see PLAN for more information
-- GCC 3.4.0 tested and seems to work
-- Added PKCS #5 support
-- Fixed typo in comment header of .C files ;-)
-- Added PKCS #1 OAEP and PSS support.
Feb 20th, 2004 Feb 20th, 2004
v0.94 -- removed unused variables from ocb.c and fixed it to match known test vectors. v0.94 -- removed unused variables from ocb.c and fixed it to match known test vectors.
-- Added PMAC support, minor changes to OMAC/EAX code [I think....] -- Added PMAC support, minor changes to OMAC/EAX code [I think....]

173
config.pl
View File

@ -1,173 +0,0 @@
#!/usr/bin/perl
#
# Generates a makefile based on user input
#
# Tom St Denis, tomstdenis@yahoo.com, http://tom.iahu.ca
@settings = (
"CC,Compiler,gcc",
"AR,Archiver,ar",
"LD,Linker,ld",
"CFLAGS,Optimizations,-Os",
"CFLAGS,Warnings,-Wall -Wsign-compare -W -Wno-unused -Werror",
"CFLAGS,Include Paths,-I./",
"CFLAGS,Other compiler options,",
"CFLAGS,XMALLOC,-DXMALLOC=malloc",
"CFLAGS,XREALLOC,-DXREALLOC=realloc",
"CFLAGS,XCALLOC,-DXCALLOC=calloc",
"CFLAGS,XFREE,-DXFREE=free",
"CFLAGS,XCLOCK,-DXCLOCK=clock",
"CFLAGS,XCLOCKS_PER_SEC,-DXCLOCKS_PER_SEC=CLOCKS_PER_SEC",
);
@opts = (
"SMALL_CODE,Use small code where possible (slower code),y",
"NO_FILE,Avoid file I/O calls,n",
"CLEAN_STACK,Clean the stack within functions,n",
"LTC_TEST,Include Test Vector Routines,y",
"BLOWFISH,Include Blowfish block cipher,y",
"RC2,Include RC2 block cipher,y",
"RC5,Include RC5 block cipher,y",
"RC6,Include RC6 block cipher,y",
"SAFERP,Include Safer+ block cipher,y",
"SAFER,Include Safer-64 block ciphers,n",
"RIJNDAEL,Include Rijndael (AES) block cipher,y",
"XTEA,Include XTEA block cipher,y",
"TWOFISH,Include Twofish block cipher (default: fast),y",
"TWOFISH_SMALL,Use a low ram variant of Twofish (slow cipher+keyschedule!),n",
"TWOFISH_TABLES,Use precomputed tables (fast cipher and faster keychedule but adds ~3.3KB to the size),y",
"TWOFISH_ALL_TABLES,Speed up the key schedule a little (adds ~8KB ontop of TWOFISH_TABLES to the size),n",
"DES,Include DES and 3DES block ciphers,y",
"CAST5,Include CAST5 (aka CAST-128) block cipher,y",
"NOEKEON,Include Noekeon block cipher,y",
"SKIPJACK,Include Skipjack block cipher,y",
"CFB,Include CFB block mode of operation,y",
"OFB,Include OFB block mode of operation,y",
"ECB,Include ECB block mode of operation,y",
"CBC,Include CBC block mode of operation,y",
"CTR,Include CTR block mode of operation,y",
"WHIRLPOOL,Include WHIRLPOOL 512-bit one-way hash,y",
"SHA512,Include SHA512 one-way hash,y",
"SHA384,Include SHA384 one-way hash (requires SHA512),y",
"SHA256,Include SHA256 one-way hash,y",
"SHA224,Include SHA224 one-way hash (requires SHA256),y",
"TIGER,Include TIGER one-way hash,y",
"SHA1,Include SHA1 one-way hash,y",
"MD5,Include MD5 one-way hash,y",
"MD4,Include MD4 one-way hash,y",
"MD2,Include MD2 one-way hash,y",
"RIPEMD128,Include RIPEMD-128 one-way hash,y",
"RIPEMD160,Include RIPEMD-160 one-way hash,y",
"HMAC,Include Hash based Message Authentication Support,y",
"OMAC,Include OMAC1 Message Authentication Support,y",
"PMAC,Include PMAC Message Authentication Support,y",
"EAX_MODE,Include EAX Encrypt-and-Authenticate Support,y",
"OCB_MODE,Include OCB Encrypt-and-Authenticate Support,y",
"BASE64,Include Base64 encoding support,y",
"YARROW,Include Yarrow PRNG,y",
"SPRNG,Include Secure PRNG base on RNG code,y",
"RC4,Include RC4 PRNG,y",
"DEVRANDOM,Use /dev/random or /dev/urandom if available?,y",
"TRY_URANDOM_FIRST,Try /dev/urandom before /dev/random?,n",
"MRSA,Include RSA public key support,y",
"MDSA,Include DSA public key support,y",
"MDH,Include Diffie-Hellman (over Z/pZ) public key support,y",
"MECC,Include Eliptic Curve public key crypto support,y",
"KR,Include Keyring support (groups all three PK systems),n",
"DH768,768-bit DH key support,y",
"DH1024,1024-bit DH key support,y",
"DH1280,1280-bit DH key support,y",
"DH1536,1536-bit DH key support,y",
"DH1792,1792-bit DH key support,y",
"DH2048,2048-bit DH key support,y",
"DH2560,2560-bit DH key support,y",
"DH3072,3072-bit DH key support,y",
"DH4096,4096-bit DH key support,y",
"ECC160,160-bit ECC key support,y",
"ECC192,192-bit ECC key support,y",
"ECC224,224-bit ECC key support,y",
"ECC256,256-bit ECC key support,y",
"ECC384,384-bit ECC key support,y",
"ECC521,521-bit ECC key support,y",
"GF,Include GF(2^w) math support (not used internally),n",
"MPI,Include MPI big integer math support (required by the public key code),y",
);
# scan for switches and make variables
for (@settings) {
@m = split(",", $_);
print "@m[1]: [@m[2]] ";
$r = <>; $r = @m[2] if ($r eq "\n");
chomp($r);
@vars{@m[0]} = @vars{@m[0]} . $r . " ";
}
# scan for build flags
for (@opts) {
@m = split(",", $_);
print "@m[1]: [@m[2]]";
$r = <>; @vars{'CFLAGS'} = @vars{'CFLAGS'} . "-D" . $m[0] . " " if (($r eq "y\n") || ($r eq "\n" && @m[2] eq "y"));
}
# write header
open(OUT,">mycrypt_custom.h");
print OUT "/* This header is meant to be included before mycrypt.h in projects where\n";
print OUT " * you don't want to throw all the defines in a makefile. \n";
print OUT " */\n\n#ifndef MYCRYPT_CUSTOM_H_\n#define MYCRYPT_CUSTOM_H_\n\n#ifdef CRYPT\n\t#error mycrypt_custom.h should be included before mycrypt.h\n#endif\n\n";
@m = split(" ", @vars{'CFLAGS'});
for (@m) {
if ($_ =~ /^-D/) {
$_ =~ s/-D//;
$_ =~ s/=/" "/ge;
print OUT "#define $_\n";
}
}
print OUT "\n\n#include <mycrypt.h>\n\n#endif\n\n";
close OUT;
print "\n\nmycrypt_custom.h generated.\n";
open(OUT,">makefile.out");
print OUT "#makefile generated with config.pl\n#\n#Tom St Denis (tomstdenis\@yahoo.com, http://tom.iahu.ca) \n\n";
# output unique vars first
@vars{'CFLAGS'} =~ s/-D.+ /""/ge;
for (@settings) {
@m = split(",", $_);
print OUT "@m[0] = @vars{@m[0]}\n" if (@vars{@m[0]} ne "" && @m[0] ne "CFLAGS");
print OUT "CFLAGS += @vars{@m[0]}\n" if (@vars{@m[0]} ne "" && @m[0] eq "CFLAGS");
@vars{@m[0]} = "";
}
# output objects
print OUT "\ndefault: library\n\n";
print OUT "OBJECTS = keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o des.o safer_tab.o safer.o saferp.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o mpi.o prime.o twofish.o packet.o hmac.o strings.o rmd128.o rmd160.o skipjack.o omac.o dsa.o eax.o ocb.o pmac.o whirl.o\n\n";
# some depends
print OUT "rsa.o: rsa_sys.c\ndh.o: dh_sys.c\necc.o: ecc_sys.c\naes.o: aes.c aes_tab.c\ntwofish.o: twofish.c twofish_tab.c\nsha512.o: sha384.c sha512.c\nsha256.o: sha256.c sha224.c\n\n";
# targets
print OUT "library: \$(OBJECTS)\n\t \$(AR) r libtomcrypt.a \$(OBJECTS)\n\t ranlib libtomcrypt.a\n\n";
print OUT "clean:\n\trm -f \$(OBJECTS) libtomcrypt.a \n\n";
close OUT;
print "makefile.out generated.\n";
print "\nNow use makefile.out to build the library, e.g. `make -f makefile.out'\n";
print "In your project just include mycrypt_custom.h (you don't have to include mycrypt.h \n";
print "but if you do make sure mycrypt_custom.h appears first) your settings should be intact.\n";

379
crypt.c
View File

@ -4,378 +4,11 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
#include "mycrypt.h" #include "mycrypt.h"
#include <signal.h>
#define TAB_SIZE 32
struct _cipher_descriptor cipher_descriptor[TAB_SIZE] = {
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL } };
struct _hash_descriptor hash_descriptor[TAB_SIZE] = {
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL } };
struct _prng_descriptor prng_descriptor[TAB_SIZE] = {
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL } };
/* ch1-01-1 */
#if (ARGTYPE == 0)
void crypt_argchk(char *v, char *s, int d)
{
fprintf(stderr, "_ARGCHK '%s' failure on line %d of file %s\n",
v, d, s);
(void)raise(SIGABRT);
}
#endif
/* ch1-01-1 */
int find_cipher(const char *name)
{
int x;
_ARGCHK(name != NULL);
for (x = 0; x < TAB_SIZE; x++) {
if (cipher_descriptor[x].name != NULL && !strcmp(cipher_descriptor[x].name, name)) {
return x;
}
}
return -1;
}
int find_hash(const char *name)
{
int x;
_ARGCHK(name != NULL);
for (x = 0; x < TAB_SIZE; x++) {
if (hash_descriptor[x].name != NULL && strcmp(hash_descriptor[x].name, name) == 0) {
return x;
}
}
return -1;
}
int find_prng(const char *name)
{
int x;
_ARGCHK(name != NULL);
for (x = 0; x < TAB_SIZE; x++) {
if ((prng_descriptor[x].name != NULL) && strcmp(prng_descriptor[x].name, name) == 0) {
return x;
}
}
return -1;
}
int find_cipher_id(unsigned char ID)
{
int x;
for (x = 0; x < TAB_SIZE; x++) {
if (cipher_descriptor[x].ID == ID) {
return (cipher_descriptor[x].name == NULL) ? -1 : x;
}
}
return -1;
}
int find_hash_id(unsigned char ID)
{
int x;
for (x = 0; x < TAB_SIZE; x++) {
if (hash_descriptor[x].ID == ID) {
return (hash_descriptor[x].name == NULL) ? -1 : x;
}
}
return -1;
}
/* idea from Wayne Scott */
int find_cipher_any(const char *name, int blocklen, int keylen)
{
int x;
_ARGCHK(name != NULL);
x = find_cipher(name);
if (x != -1) return x;
for (x = 0; x < TAB_SIZE; x++) {
if (cipher_descriptor[x].name == NULL) {
continue;
}
if (blocklen <= (int)cipher_descriptor[x].block_length && keylen <= (int)cipher_descriptor[x].max_key_length) {
return x;
}
}
return -1;
}
/* return first hash with at least [amount over] digestlen bytes of output */
int find_hash_any(const char *name, int digestlen)
{
int x, y, z;
_ARGCHK(name != NULL);
x = find_hash(name);
if (x != -1) return x;
y = MAXBLOCKSIZE+1;
z = -1;
for (x = 0; x < TAB_SIZE; x++) {
if (hash_descriptor[x].name == NULL) {
continue;
}
if ((int)hash_descriptor[x].hashsize >= digestlen && (int)hash_descriptor[x].hashsize < y) {
z = x;
y = hash_descriptor[x].hashsize;
}
}
return z;
}
int register_cipher(const struct _cipher_descriptor *cipher)
{
int x;
_ARGCHK(cipher != NULL);
/* is it already registered? */
for (x = 0; x < TAB_SIZE; x++) {
if (cipher_descriptor[x].name != NULL && cipher_descriptor[x].ID == cipher->ID) {
return x;
}
}
/* find a blank spot */
for (x = 0; x < TAB_SIZE; x++) {
if (cipher_descriptor[x].name == NULL) {
memcpy(&cipher_descriptor[x], cipher, sizeof(struct _cipher_descriptor));
return x;
}
}
/* no spot */
return -1;
}
int unregister_cipher(const struct _cipher_descriptor *cipher)
{
int x;
_ARGCHK(cipher != NULL);
/* is it already registered? */
for (x = 0; x < TAB_SIZE; x++) {
if (memcmp(&cipher_descriptor[x], cipher, sizeof(struct _cipher_descriptor)) == 0) {
cipher_descriptor[x].name = NULL;
cipher_descriptor[x].ID = 255;
return CRYPT_OK;
}
}
return CRYPT_ERROR;
}
int register_hash(const struct _hash_descriptor *hash)
{
int x;
_ARGCHK(hash != NULL);
/* is it already registered? */
for (x = 0; x < TAB_SIZE; x++) {
if (memcmp(&hash_descriptor[x], hash, sizeof(struct _hash_descriptor)) == 0) {
return x;
}
}
/* find a blank spot */
for (x = 0; x < TAB_SIZE; x++) {
if (hash_descriptor[x].name == NULL) {
memcpy(&hash_descriptor[x], hash, sizeof(struct _hash_descriptor));
return x;
}
}
/* no spot */
return -1;
}
int unregister_hash(const struct _hash_descriptor *hash)
{
int x;
_ARGCHK(hash != NULL);
/* is it already registered? */
for (x = 0; x < TAB_SIZE; x++) {
if (memcmp(&hash_descriptor[x], hash, sizeof(struct _hash_descriptor)) == 0) {
hash_descriptor[x].name = NULL;
return CRYPT_OK;
}
}
return CRYPT_ERROR;
}
int register_prng(const struct _prng_descriptor *prng)
{
int x;
_ARGCHK(prng != NULL);
/* is it already registered? */
for (x = 0; x < TAB_SIZE; x++) {
if (memcmp(&prng_descriptor[x], prng, sizeof(struct _prng_descriptor)) == 0) {
return x;
}
}
/* find a blank spot */
for (x = 0; x < TAB_SIZE; x++) {
if (prng_descriptor[x].name == NULL) {
memcpy(&prng_descriptor[x], prng, sizeof(struct _prng_descriptor));
return x;
}
}
/* no spot */
return -1;
}
int unregister_prng(const struct _prng_descriptor *prng)
{
int x;
_ARGCHK(prng != NULL);
/* is it already registered? */
for (x = 0; x < TAB_SIZE; x++) {
if (memcmp(&prng_descriptor[x], prng, sizeof(struct _prng_descriptor)) != 0) {
prng_descriptor[x].name = NULL;
return CRYPT_OK;
}
}
return CRYPT_ERROR;
}
int cipher_is_valid(int idx)
{
if (idx < 0 || idx >= TAB_SIZE || cipher_descriptor[idx].name == NULL) {
return CRYPT_INVALID_CIPHER;
}
return CRYPT_OK;
}
int hash_is_valid(int idx)
{
if (idx < 0 || idx >= TAB_SIZE || hash_descriptor[idx].name == NULL) {
return CRYPT_INVALID_HASH;
}
return CRYPT_OK;
}
int prng_is_valid(int idx)
{
if (idx < 0 || idx >= TAB_SIZE || prng_descriptor[idx].name == NULL) {
return CRYPT_INVALID_PRNG;
}
return CRYPT_OK;
}
const char *crypt_build_settings = const char *crypt_build_settings =
"LibTomCrypt " SCRYPT "\n\n" "LibTomCrypt " SCRYPT "\n\n"
@ -549,6 +182,9 @@ const char *crypt_build_settings =
#if defined(__GNUC__) #if defined(__GNUC__)
" GCC compiler detected.\n" " GCC compiler detected.\n"
#endif #endif
#if defined(INTEL_CC)
" Intel C Compiler detected.\n"
#endif
"\nVarious others: " "\nVarious others: "
#if defined(GF) #if defined(GF)
@ -580,9 +216,14 @@ const char *crypt_build_settings =
#endif #endif
#if defined(LTC_TEST) #if defined(LTC_TEST)
" LTC_TEST " " LTC_TEST "
#endif
#if defined(PKCS_1)
" PKCS#1 "
#endif
#if defined(PKCS_5)
" PKCS#5 "
#endif #endif
"\n" "\n"
"\n\n\n" "\n\n\n"
; ;

BIN
crypt.pdf
View File

Binary file not shown.

194
crypt.tex
View File

@ -47,7 +47,7 @@
\def\gap{\vspace{0.5ex}} \def\gap{\vspace{0.5ex}}
\makeindex \makeindex
\begin{document} \begin{document}
\title{A Tiny Crypto Library, \\ LibTomCrypt \\ Version 0.94} \title{A Tiny Crypto Library, \\ LibTomCrypt \\ Version 0.95}
\author{Tom St Denis \\ \author{Tom St Denis \\
\\ \\
tomstdenis@iahu.ca \\ tomstdenis@iahu.ca \\
@ -108,7 +108,7 @@ number theory and cryptography.
\subsection{What the library IS NOT for?} \subsection{What the library IS NOT for?}
The library is not designed to be in anyway an implementation of the SSL, PKCS, P1363 or OpenPGP standards. The library The library is not designed to be in anyway an implementation of the SSL or OpenPGP standards. The library
is not designed to be compliant with any known form of API or programming hierarchy. It is not a port of any other is not designed to be compliant with any known form of API or programming hierarchy. It is not a port of any other
library and it is not platform specific (like the MS CSP). So if you're looking to drop in some buzzword library and it is not platform specific (like the MS CSP). So if you're looking to drop in some buzzword
compliant crypto library this is not for you. The library has been written from scratch to provide basic functions as compliant crypto library this is not for you. The library has been written from scratch to provide basic functions as
@ -505,21 +505,21 @@ As of this release the current cipher\_descriptors elements are
\begin{center} \begin{center}
\begin{tabular}{|c|c|c|c|c|c|} \begin{tabular}{|c|c|c|c|c|c|}
\hline Name & Descriptor Name & Block Size & Key Range & Rounds \\ \hline Name & Descriptor Name & Block Size & Key Range & Rounds \\
\hline Blowfish & blowfish\_desc & 8 & 8 ... 56 & 16 \\ \hline Blowfish & blowfish\_desc & 8 & 8 $\ldots$ 56 & 16 \\
\hline X-Tea & xtea\_desc & 8 & 16 & 32 \\ \hline X-Tea & xtea\_desc & 8 & 16 & 32 \\
\hline RC2 & rc2\_desc & 8 & 8 .. 128 & 16 \\ \hline RC2 & rc2\_desc & 8 & 8 $\ldots$ 128 & 16 \\
\hline RC5-32/12/b & rc5\_desc & 8 & 8 ... 128 & 12 ... 24 \\ \hline RC5-32/12/b & rc5\_desc & 8 & 8 $\ldots$ 128 & 12 $\ldots$ 24 \\
\hline RC6-32/20/b & rc6\_desc & 16 & 8 ... 128 & 20 \\ \hline RC6-32/20/b & rc6\_desc & 16 & 8 $\ldots$ 128 & 20 \\
\hline SAFER+ & saferp\_desc &16 & 16, 24, 32 & 8, 12, 16 \\ \hline SAFER+ & saferp\_desc &16 & 16, 24, 32 & 8, 12, 16 \\
\hline Safer K64 & safer\_k64\_desc & 8 & 8 & 6 .. 13 \\ \hline Safer K64 & safer\_k64\_desc & 8 & 8 & 6 $\ldots$ 13 \\
\hline Safer SK64 & safer\_sk64\_desc & 8 & 8 & 6 .. 13 \\ \hline Safer SK64 & safer\_sk64\_desc & 8 & 8 & 6 $\ldots$ 13 \\
\hline Safer K128 & safer\_k128\_desc & 8 & 16 & 6 .. 13 \\ \hline Safer K128 & safer\_k128\_desc & 8 & 16 & 6 $\ldots$ 13 \\
\hline Safer SK128 & safer\_sk128\_desc & 8 & 16 & 6 .. 13 \\ \hline Safer SK128 & safer\_sk128\_desc & 8 & 16 & 6 $\ldots$ 13 \\
\hline AES & aes\_desc & 16 & 16, 24, 32 & 10, 12, 14 \\ \hline AES & aes\_desc & 16 & 16, 24, 32 & 10, 12, 14 \\
\hline Twofish & twofish\_desc & 16 & 16, 24, 32 & 16 \\ \hline Twofish & twofish\_desc & 16 & 16, 24, 32 & 16 \\
\hline DES & des\_desc & 8 & 7 & 16 \\ \hline DES & des\_desc & 8 & 7 & 16 \\
\hline 3DES (EDE mode) & des3\_desc & 8 & 21 & 16 \\ \hline 3DES (EDE mode) & des3\_desc & 8 & 21 & 16 \\
\hline CAST5 (CAST-128) & cast5\_desc & 8 & 5 .. 16 & 12, 16 \\ \hline CAST5 (CAST-128) & cast5\_desc & 8 & 5 $\ldots$ 16 & 12, 16 \\
\hline Noekeon & noekeon\_desc & 16 & 16 & 16 \\ \hline Noekeon & noekeon\_desc & 16 & 16 & 16 \\
\hline Skipjack & skipjack\_desc & 8 & 10 & 32 \\ \hline Skipjack & skipjack\_desc & 8 & 10 & 32 \\
\hline \hline
@ -627,8 +627,7 @@ int main(void)
} }
\end{verbatim} \end{verbatim}
\end{small} \end{small}
This snippet is a small program that registers only Rijndael only. Note you must register ciphers before This snippet is a small program that registers only Rijndael only.
using the PK code since all of the PK code (RSA, DH and ECC) rely heavily on the descriptor tables.
\section{Symmetric Modes of Operations} \section{Symmetric Modes of Operations}
\subsection{Background} \subsection{Background}
@ -890,7 +889,7 @@ int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt);
This will encrypt (or decrypt for the latter) a fixed length of data from ``pt'' to ``ct'' (vice versa for the latter). This will encrypt (or decrypt for the latter) a fixed length of data from ``pt'' to ``ct'' (vice versa for the latter).
They assume that ``pt'' and ``ct'' are the same size as the block cipher's block size. Note that you cannot call They assume that ``pt'' and ``ct'' are the same size as the block cipher's block size. Note that you cannot call
both functions given a single ``ocb'' state. For bi-directional communication you will have to initialize two ``ocb'' both functions given a single ``ocb'' state. For bi-directional communication you will have to initialize two ``ocb''
states (with difference nonces). Also ``pt'' and ``ct'' may point to the same location in memory. states (with different nonces). Also ``pt'' and ``ct'' may point to the same location in memory.
When you are finished encrypting the message you call the following function to compute the tag. When you are finished encrypting the message you call the following function to compute the tag.
@ -1716,8 +1715,175 @@ int main(void)
\end{verbatim} \end{verbatim}
\end{small} \end{small}
\chapter{RSA Public Key Cryptography}
\textbf{Note: } \textit{This chapter on PKCS \#1 RSA will replace the older chapter on RSA (The current chapter nine) in subsequent
releases of the library. Users are encouraged to stop using the LibTomCrypt style padding functions.}
\section{PKCS \#1 Encryption}
PKCS \#1 RSA Encryption amounts to OAEP padding of the input message followed by the modular exponentiation. As far as this portion of
the library is concerned we are only dealing with th OAEP padding of the message.
\subsection{OAEP Encoding}
\begin{alltt}
int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen,
const unsigned char *lparam, unsigned long lparamlen,
unsigned long modulus_bitlen, int hash_idx,
int prng_idx, prng_state *prng,
unsigned char *out, unsigned long *outlen);
\end{alltt}
This accepts ``msg'' as input of length ``msglen'' which will be OAEP padded. The ``lparam'' variable is an additional system specific
tag that can be applied to the encoding. This is useful to identify which system encoded the message. If no variance is desired then
``lparam'' can be set to \textbf{NULL}.
OAEP encoding requires the length of the modulus in bits in order to calculate the size of the output. This is passed as the parameter
``modulus\_bitlen''. ``hash\_idx'' is the index into the hash descriptor table of the hash desired. PKCS \#1 allows any hash to be
used but both the encoder and decoder must use the same hash in order for this to succeed. The size of hash output affects the maximum
sized input message. ``prng\_idx'' and ``prng'' are the random number generator arguments required to randomize the padding process.
The padded message is stored in ``out'' along with the length in ``outlen''.
If $h$ is the length of the hash and $m$ the length of the modulus (both in octets) then the maximum payload for ``msg'' is
$m - 2h - 2$. For example, with a $1024$--bit RSA key and SHA--1 as the hash the maximum payload is $86$ bytes.
Note that when the message is padded it still has not been RSA encrypted. You must pass the output of this function to
rsa\_exptmod() to encrypt it.
\subsection{OAEP Decoding}
\begin{alltt}
int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen,
const unsigned char *lparam, unsigned long lparamlen,
unsigned long modulus_bitlen, int hash_idx,
unsigned char *out, unsigned long *outlen);
\end{alltt}
This function decodes an OAEP encoded message and outputs the original message that was passed to the OAEP encoder. ``msg'' is the
output of pkcs\_1\_oaep\_encode() of length ``msglen''. ``lparam'' is the same system variable passed to the OAEP encoder. If it does not
match what was used during encoding this function will not decode the packet. ``modulus\_bitlen'' is the size of the RSA modulus in bits
and must match what was used during encoding. Similarly the ``hash\_idx'' index into the hash descriptor table must match what was used
during encoding.
If the function succeeds it decodes the OAEP encoded message into ``out'' of length ``outlen''.
\section{PKCS \#1 Digital Signatures}
\subsection{PSS Encoding}
PSS encoding is the second half of the PKCS \#1 standard which is padding to be applied to messages that are signed.
\begin{alltt}
int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen,
unsigned long saltlen, int hash_idx,
int prng_idx, prng_state *prng,
unsigned long modulus_bitlen,
unsigned char *out, unsigned long *outlen);
\end{alltt}
This function assumes the message to be PSS encoded has previously been hashed. The input hash ``msghash'' is of length
``msghashlen''. PSS allows a variable length random salt (it can be zero length) to be introduced in the signature process.
``hash\_idx'' is the index into the hash descriptor table of the hash to use. ``prng\_idx'' and ``prng'' are the random
number generator information required for the salt.
Similar to OAEP encoding ``modulus\_bitlen'' is the size of the RSA modulus. It limits the size of the salt. If $m$ is the length
of the modulus $h$ the length of the hash output (in octets) then there can be $m - h - 2$ bytes of salt.
This function does not actually sign the data it merely pads the hash of a message so that it can be processed by rsa\_exptmod().
\subsection{PSS Decoding}
To decode a PSS encoded signature block you have to use the following.
\begin{alltt}
int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
const unsigned char *sig, unsigned long siglen,
unsigned long saltlen, int hash_idx,
unsigned long modulus_bitlen, int *res);
\end{alltt}
This will decode the PSS encoded message in ``sig'' of length ``siglen'' and compare it to values in ``msghash'' of length
``msghashlen''. If the block is a valid PSS block and the decoded hash equals the hash supplied ``res'' is set to non--zero. Otherwise,
it is set to zero. The rest of the parameters are as in the PSS encode call.
It's important to use the same ``saltlen'' and hash for both encoding and decoding as otherwise the procedure will not work.
\chapter{Password Based Cryptography}
\section{PKCS \#5}
In order to securely handle user passwords for the purposes of creating session keys and chaining IVs the PKCS \#5 was drafted. PKCS \#5
is made up of two algorithms, Algorithm One and Algorithm Two. Algorithm One is the older fairly limited algorithm which has been implemented
for completeness. Algorithm Two is a bit more modern and more flexible to work with.
\section{Algorithm One}
Algorithm One accepts as input a password, an 8--byte salt and an iteration counter. The iteration counter is meant to act as delay for
people trying to brute force guess the password. The higher the iteration counter the longer the delay. This algorithm also requires a hash
algorithm and produces an output no longer than the output of the hash.
\begin{alltt}
int pkcs_5_alg1(const unsigned char *password, unsigned long password_len,
const unsigned char *salt,
int iteration_count, int hash_idx,
unsigned char *out, unsigned long *outlen)
\end{alltt}
Where ``password'' is the users password. Since the algorithm allows binary passwords you must also specify the length in ``password\_len''.
The ``salt'' is a fixed size 8--byte array which should be random for each user and session. The ``iteration\_count'' is the delay desired
on the password. The ``hash\_idx'' is the index of the hash you wish to use in the descriptor table.
The output of length upto ``outlen'' is stored in ``out''. If ``outlen'' is initially larger than the size of the hash functions output
it is set to the number of bytes stored. If it is smaller than not all of the hash output is stored in ``out''.
\section{Algorithm Two}
Algorithm Two is the recommended algorithm for this task. It allows variable length salts and can produce outputs larger than the
hash functions output. As such it can easily be used to derive session keys for ciphers and MACs as well initial vectors as required
from a single password and invokation of this algorithm.
\begin{alltt}
int pkcs_5_alg2(const unsigned char *password, unsigned long password_len,
const unsigned char *salt, unsigned long salt_len,
int iteration_count, int hash_idx,
unsigned char *out, unsigned long *outlen)
\end{alltt}
Where ``password'' is the users password. Since the algorithm allows binary passwords you must also specify the length in ``password\_len''.
The ``salt'' is an array of size ``salt\_len''. It should be random for each user and session. The ``iteration\_count'' is the delay desired
on the password. The ``hash\_idx'' is the index of the hash you wish to use in the descriptor table. The output of length upto
``outlen'' is stored in ``out''.
\begin{alltt}
/* demo to show how to make session state material from a password */
#include <mycrypt.h>
int main(void)
\{
unsigned char password[100], salt[100],
cipher_key[16], cipher_iv[16],
mac_key[16], outbuf[48];
int err, hash_idx;
unsigned long outlen, password_len, salt_len;
/* register hash and get it's idx .... */
/* get users password and make up a salt ... */
/* create the material (100 iterations in algorithm) */
outlen = sizeof(outbuf);
if ((err = pkcs_5_alg2(password, password_len, salt, salt_len,
100, hash_idx, outbuf, &outlen)) != CRYPT_OK) \{
/* error handle */
\}
/* now extract it */
memcpy(cipher_key, outbuf, 16);
memcpy(cipher_iv, outbuf+16, 16);
memcpy(mac_key, outbuf+32, 16);
/* use material (recall to store the salt in the output) */
\}
\end{alltt}
\chapter{RSA Routines} \chapter{RSA Routines}
\textbf{Note: } \textit{This chapter has been marked for removal. In particular any function that uses the LibTomCrypt style
RSA padding (e.g. rsa\_pad() rsa\_signpad()) will be removed in the v0.96 release cycle. The functions like rsa\_make\_key() and
rsa\_exptmod() will stay but may be slightly modified. }
\section{Background} \section{Background}
RSA is a public key algorithm that is based on the inability to find the ``e-th'' root modulo a composite of unknown RSA is a public key algorithm that is based on the inability to find the ``e-th'' root modulo a composite of unknown

21
crypt_argchk.c Normal file
View File

@ -0,0 +1,21 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#include <signal.h>
#if (ARGTYPE == 0)
void crypt_argchk(char *v, char *s, int d)
{
fprintf(stderr, "_ARGCHK '%s' failure on line %d of file %s\n",
v, d, s);
(void)raise(SIGABRT);
}
#endif

46
crypt_cipher_descriptor.c Normal file
View File

@ -0,0 +1,46 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
struct _cipher_descriptor cipher_descriptor[TAB_SIZE] = {
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL } };

19
crypt_cipher_is_valid.c Normal file
View File

@ -0,0 +1,19 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int cipher_is_valid(int idx)
{
if (idx < 0 || idx >= TAB_SIZE || cipher_descriptor[idx].name == NULL) {
return CRYPT_INVALID_CIPHER;
}
return CRYPT_OK;
}

24
crypt_find_cipher.c Normal file
View File

@ -0,0 +1,24 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int find_cipher(const char *name)
{
int x;
_ARGCHK(name != NULL);
for (x = 0; x < TAB_SIZE; x++) {
if (cipher_descriptor[x].name != NULL && !strcmp(cipher_descriptor[x].name, name)) {
return x;
}
}
return -1;
}

32
crypt_find_cipher_any.c Normal file
View File

@ -0,0 +1,32 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
/* idea from Wayne Scott */
int find_cipher_any(const char *name, int blocklen, int keylen)
{
int x;
_ARGCHK(name != NULL);
x = find_cipher(name);
if (x != -1) return x;
for (x = 0; x < TAB_SIZE; x++) {
if (cipher_descriptor[x].name == NULL) {
continue;
}
if (blocklen <= (int)cipher_descriptor[x].block_length && keylen <= (int)cipher_descriptor[x].max_key_length) {
return x;
}
}
return -1;
}

22
crypt_find_cipher_id.c Normal file
View File

@ -0,0 +1,22 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int find_cipher_id(unsigned char ID)
{
int x;
for (x = 0; x < TAB_SIZE; x++) {
if (cipher_descriptor[x].ID == ID) {
return (cipher_descriptor[x].name == NULL) ? -1 : x;
}
}
return -1;
}

23
crypt_find_hash.c Normal file
View File

@ -0,0 +1,23 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int find_hash(const char *name)
{
int x;
_ARGCHK(name != NULL);
for (x = 0; x < TAB_SIZE; x++) {
if (hash_descriptor[x].name != NULL && strcmp(hash_descriptor[x].name, name) == 0) {
return x;
}
}
return -1;
}

34
crypt_find_hash_any.c Normal file
View File

@ -0,0 +1,34 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
/* return first hash with at least [amount over] digestlen bytes of output */
int find_hash_any(const char *name, int digestlen)
{
int x, y, z;
_ARGCHK(name != NULL);
x = find_hash(name);
if (x != -1) return x;
y = MAXBLOCKSIZE+1;
z = -1;
for (x = 0; x < TAB_SIZE; x++) {
if (hash_descriptor[x].name == NULL) {
continue;
}
if ((int)hash_descriptor[x].hashsize >= digestlen && (int)hash_descriptor[x].hashsize < y) {
z = x;
y = hash_descriptor[x].hashsize;
}
}
return z;
}

22
crypt_find_hash_id.c Normal file
View File

@ -0,0 +1,22 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int find_hash_id(unsigned char ID)
{
int x;
for (x = 0; x < TAB_SIZE; x++) {
if (hash_descriptor[x].ID == ID) {
return (hash_descriptor[x].name == NULL) ? -1 : x;
}
}
return -1;
}

24
crypt_find_prng.c Normal file
View File

@ -0,0 +1,24 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int find_prng(const char *name)
{
int x;
_ARGCHK(name != NULL);
for (x = 0; x < TAB_SIZE; x++) {
if ((prng_descriptor[x].name != NULL) && strcmp(prng_descriptor[x].name, name) == 0) {
return x;
}
}
return -1;
}

45
crypt_hash_descriptor.c Normal file
View File

@ -0,0 +1,45 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
struct _hash_descriptor hash_descriptor[TAB_SIZE] = {
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL, NULL } };

19
crypt_hash_is_valid.c Normal file
View File

@ -0,0 +1,19 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int hash_is_valid(int idx)
{
if (idx < 0 || idx >= TAB_SIZE || hash_descriptor[idx].name == NULL) {
return CRYPT_INVALID_HASH;
}
return CRYPT_OK;
}

46
crypt_prng_descriptor.c Normal file
View File

@ -0,0 +1,46 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
struct _prng_descriptor prng_descriptor[TAB_SIZE] = {
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL },
{ NULL, NULL, NULL, NULL, NULL } };

19
crypt_prng_is_valid.c Normal file
View File

@ -0,0 +1,19 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int prng_is_valid(int idx)
{
if (idx < 0 || idx >= TAB_SIZE || prng_descriptor[idx].name == NULL) {
return CRYPT_INVALID_PRNG;
}
return CRYPT_OK;
}

36
crypt_register_cipher.c Normal file
View File

@ -0,0 +1,36 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int register_cipher(const struct _cipher_descriptor *cipher)
{
int x;
_ARGCHK(cipher != NULL);
/* is it already registered? */
for (x = 0; x < TAB_SIZE; x++) {
if (cipher_descriptor[x].name != NULL && cipher_descriptor[x].ID == cipher->ID) {
return x;
}
}
/* find a blank spot */
for (x = 0; x < TAB_SIZE; x++) {
if (cipher_descriptor[x].name == NULL) {
memcpy(&cipher_descriptor[x], cipher, sizeof(struct _cipher_descriptor));
return x;
}
}
/* no spot */
return -1;
}

36
crypt_register_hash.c Normal file
View File

@ -0,0 +1,36 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int register_hash(const struct _hash_descriptor *hash)
{
int x;
_ARGCHK(hash != NULL);
/* is it already registered? */
for (x = 0; x < TAB_SIZE; x++) {
if (memcmp(&hash_descriptor[x], hash, sizeof(struct _hash_descriptor)) == 0) {
return x;
}
}
/* find a blank spot */
for (x = 0; x < TAB_SIZE; x++) {
if (hash_descriptor[x].name == NULL) {
memcpy(&hash_descriptor[x], hash, sizeof(struct _hash_descriptor));
return x;
}
}
/* no spot */
return -1;
}

36
crypt_register_prng.c Normal file
View File

@ -0,0 +1,36 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int register_prng(const struct _prng_descriptor *prng)
{
int x;
_ARGCHK(prng != NULL);
/* is it already registered? */
for (x = 0; x < TAB_SIZE; x++) {
if (memcmp(&prng_descriptor[x], prng, sizeof(struct _prng_descriptor)) == 0) {
return x;
}
}
/* find a blank spot */
for (x = 0; x < TAB_SIZE; x++) {
if (prng_descriptor[x].name == NULL) {
memcpy(&prng_descriptor[x], prng, sizeof(struct _prng_descriptor));
return x;
}
}
/* no spot */
return -1;
}

28
crypt_unregister_cipher.c Normal file
View File

@ -0,0 +1,28 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int unregister_cipher(const struct _cipher_descriptor *cipher)
{
int x;
_ARGCHK(cipher != NULL);
/* is it already registered? */
for (x = 0; x < TAB_SIZE; x++) {
if (memcmp(&cipher_descriptor[x], cipher, sizeof(struct _cipher_descriptor)) == 0) {
cipher_descriptor[x].name = NULL;
cipher_descriptor[x].ID = 255;
return CRYPT_OK;
}
}
return CRYPT_ERROR;
}

27
crypt_unregister_hash.c Normal file
View File

@ -0,0 +1,27 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int unregister_hash(const struct _hash_descriptor *hash)
{
int x;
_ARGCHK(hash != NULL);
/* is it already registered? */
for (x = 0; x < TAB_SIZE; x++) {
if (memcmp(&hash_descriptor[x], hash, sizeof(struct _hash_descriptor)) == 0) {
hash_descriptor[x].name = NULL;
return CRYPT_OK;
}
}
return CRYPT_ERROR;
}

27
crypt_unregister_prng.c Normal file
View File

@ -0,0 +1,27 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int unregister_prng(const struct _prng_descriptor *prng)
{
int x;
_ARGCHK(prng != NULL);
/* is it already registered? */
for (x = 0; x < TAB_SIZE; x++) {
if (memcmp(&prng_descriptor[x], prng, sizeof(struct _prng_descriptor)) != 0) {
prng_descriptor[x].name = NULL;
return CRYPT_OK;
}
}
return CRYPT_ERROR;
}

25
ctr_decrypt.c Normal file
View File

@ -0,0 +1,25 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef CTR
int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CTR *ctr)
{
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(ctr != NULL);
return ctr_encrypt(ct, pt, len, ctr);
}
#endif

43
ctr.c → ctr_encrypt.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
@ -12,37 +12,6 @@
#ifdef CTR #ifdef CTR
int ctr_start(int cipher, const unsigned char *count, const unsigned char *key, int keylen,
int num_rounds, symmetric_CTR *ctr)
{
int x, err;
_ARGCHK(count != NULL);
_ARGCHK(key != NULL);
_ARGCHK(ctr != NULL);
/* bad param? */
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
/* setup cipher */
if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &ctr->key)) != CRYPT_OK) {
return err;
}
/* copy ctr */
ctr->blocklen = cipher_descriptor[cipher].block_length;
ctr->cipher = cipher;
ctr->padlen = 0;
ctr->mode = 0;
for (x = 0; x < ctr->blocklen; x++) {
ctr->ctr[x] = count[x];
}
cipher_descriptor[ctr->cipher].ecb_encrypt(ctr->ctr, ctr->pad, &ctr->key);
return CRYPT_OK;
}
int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr) int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr)
{ {
int x, err; int x, err;
@ -92,14 +61,4 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
return CRYPT_OK; return CRYPT_OK;
} }
int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CTR *ctr)
{
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(ctr != NULL);
return ctr_encrypt(ct, pt, len, ctr);
}
#endif #endif

46
ctr_start.c Normal file
View File

@ -0,0 +1,46 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef CTR
int ctr_start(int cipher, const unsigned char *count, const unsigned char *key, int keylen,
int num_rounds, symmetric_CTR *ctr)
{
int x, err;
_ARGCHK(count != NULL);
_ARGCHK(key != NULL);
_ARGCHK(ctr != NULL);
/* bad param? */
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
/* setup cipher */
if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &ctr->key)) != CRYPT_OK) {
return err;
}
/* copy ctr */
ctr->blocklen = cipher_descriptor[cipher].block_length;
ctr->cipher = cipher;
ctr->padlen = 0;
ctr->mode = 0;
for (x = 0; x < ctr->blocklen; x++) {
ctr->ctr[x] = count[x];
}
cipher_descriptor[ctr->cipher].ecb_encrypt(ctr->ctr, ctr->pad, &ctr->key);
return CRYPT_OK;
}
#endif

63
demos/encrypt.c
View File

@ -11,19 +11,11 @@
int errno; int errno;
static const struct _cipher_descriptor *ciphers[] = {
&blowfish_desc, &xtea_desc, &rc5_desc, &rc6_desc,
&saferp_desc, &rijndael_desc,
&twofish_desc, &safer_k64_desc, &safer_sk64_desc,
&safer_k128_desc, &safer_sk128_desc, &rc2_desc,
&des_desc, &des3_desc, &cast5_desc, &skipjack_desc, NULL
};
int usage(char *name) int usage(char *name)
{ {
int x; int x;
printf("Usage: ./%s [-d](ecrypt) cipher infile outfile\nCiphers:\n", name); printf("Usage: %s [-d](ecrypt) cipher infile outfile\nCiphers:\n", name);
for (x = 0; cipher_descriptor[x].name != NULL; x++) { for (x = 0; cipher_descriptor[x].name != NULL; x++) {
printf("%s\n",cipher_descriptor[x].name); printf("%s\n",cipher_descriptor[x].name);
} }
@ -34,12 +26,49 @@ void register_algs(void)
{ {
int x; int x;
for (x = 0; ciphers[x] != NULL; x++) { #ifdef RIJNDAEL
if (register_cipher(ciphers[x]) == -1) { register_cipher (&aes_desc);
printf("Error registering cipher\n"); #endif
exit(-1); #ifdef BLOWFISH
} register_cipher (&blowfish_desc);
} #endif
#ifdef XTEA
register_cipher (&xtea_desc);
#endif
#ifdef RC5
register_cipher (&rc5_desc);
#endif
#ifdef RC6
register_cipher (&rc6_desc);
#endif
#ifdef SAFERP
register_cipher (&saferp_desc);
#endif
#ifdef TWOFISH
register_cipher (&twofish_desc);
#endif
#ifdef SAFER
register_cipher (&safer_k64_desc);
register_cipher (&safer_sk64_desc);
register_cipher (&safer_k128_desc);
register_cipher (&safer_sk128_desc);
#endif
#ifdef RC2
register_cipher (&rc2_desc);
#endif
#ifdef DES
register_cipher (&des_desc);
register_cipher (&des3_desc);
#endif
#ifdef CAST5
register_cipher (&cast5_desc);
#endif
#ifdef NOEKEON
register_cipher (&noekeon_desc);
#endif
#ifdef SKIPJACK
register_cipher (&skipjack_desc);
#endif
if (register_hash(&sha256_desc) == -1) { if (register_hash(&sha256_desc) == -1) {
printf("Error registering SHA256\n"); printf("Error registering SHA256\n");
@ -121,9 +150,9 @@ int main(int argc, char *argv[])
} }
printf("\nEnter key: "); printf("\nEnter key: ");
fgets(tmpkey,sizeof(tmpkey), stdin); fgets((char *)tmpkey,sizeof(tmpkey), stdin);
outlen = sizeof(key); outlen = sizeof(key);
if ((errno = hash_memory(hash_idx,tmpkey,strlen(tmpkey),key,&outlen)) != CRYPT_OK) { if ((errno = hash_memory(hash_idx,tmpkey,strlen((char *)tmpkey),key,&outlen)) != CRYPT_OK) {
printf("Error hashing key: %s\n", error_to_string(errno)); printf("Error hashing key: %s\n", error_to_string(errno));
exit(-1); exit(-1);
} }

143
demos/test.c
View File

@ -613,47 +613,50 @@ rsa_test (void)
for (z = 1024; z <= limit; z += 512) { for (z = 1024; z <= limit; z += 512) {
t = XCLOCK (); t = XCLOCK ();
for (tt = 0; tt < 3; tt++) { for (tt = 0; tt < 3; tt++) {
if ((errnum = if ((errnum = rsa_make_key (&prng, find_prng ("yarrow"), z / 8, 65537, &key)) != CRYPT_OK) {
rsa_make_key (&prng, find_prng ("yarrow"), z / 8, 65537, printf ("Error: %s\n", error_to_string (errnum));
&key)) != CRYPT_OK) { exit (-1);
printf ("Error: %s\n", error_to_string (errnum)); }
exit (-1);
} /* check modulus size */
if (tt < 2) if (mp_unsigned_bin_size(&key.N) != (int)(z/8)) {
rsa_free (&key); printf("\nRSA key supposed to be %lu bits but was %d bits\n", z, mp_count_bits(&key.N));
exit(EXIT_FAILURE);
}
if (tt < 2) {
rsa_free (&key);
}
} }
t = XCLOCK () - t; t = XCLOCK () - t;
printf ("Took %.0f ms to make a %ld-bit RSA key.\n", printf ("Took %.0f ms to make a %ld-bit RSA key.\n", 1000.0 * (((double) t / 3.0) / (double) XCLOCKS_PER_SEC), z);
1000.0 * (((double) t / 3.0) / (double) XCLOCKS_PER_SEC), z);
/* time encryption */ /* time encryption */
t = XCLOCK (); t = XCLOCK ();
for (tt = 0; tt < 20; tt++) { for (tt = 0; tt < 20; tt++) {
y = sizeof (in); y = sizeof (in);
if ((errnum = if ((errnum = rsa_exptmod (in, 8, out, &y, PK_PUBLIC, &key)) != CRYPT_OK) {
rsa_exptmod (in, 8, out, &y, PK_PUBLIC, &key)) != CRYPT_OK) { printf ("Error: %s\n", error_to_string (errnum));
printf ("Error: %s\n", error_to_string (errnum)); exit (-1);
exit (-1); }
}
} }
t = XCLOCK () - t; t = XCLOCK () - t;
printf ("Took %.0f ms to encrypt with a %ld-bit RSA key.\n", printf ("Took %.0f ms to encrypt with a %ld-bit RSA key.\n",
1000.0 * (((double) t / 20.0) / (double) XCLOCKS_PER_SEC), z); 1000.0 * (((double) t / 20.0) / (double) XCLOCKS_PER_SEC), z);
/* time decryption */ /* time decryption */
t = XCLOCK (); t = XCLOCK ();
for (tt = 0; tt < 20; tt++) { for (tt = 0; tt < 20; tt++) {
x = sizeof (out); x = sizeof (out);
if ((errnum = if ((errnum = rsa_exptmod (out, y, in, &x, PK_PRIVATE, &key)) != CRYPT_OK) {
rsa_exptmod (out, y, in, &x, PK_PRIVATE, &key)) != CRYPT_OK) { printf ("Error: %s\n", error_to_string (errnum));
printf ("Error: %s\n", error_to_string (errnum)); exit (-1);
exit (-1); }
}
} }
t = XCLOCK () - t; t = XCLOCK () - t;
printf ("Took %.0f ms to decrypt with a %ld-bit RSA key.\n", printf ("Took %.0f ms to decrypt with a %ld-bit RSA key.\n",
1000.0 * (((double) t / 20.0) / (double) XCLOCKS_PER_SEC), z); 1000.0 * (((double) t / 20.0) / (double) XCLOCKS_PER_SEC), z);
rsa_free (&key); rsa_free (&key);
} }
} }
@ -970,12 +973,12 @@ dh_tests (void)
printf ("Error: %s\n", error_to_string (errnum)); printf ("Error: %s\n", error_to_string (errnum));
exit (-1); exit (-1);
} }
if (dh_verify_hash (buf[1], x, buf[0], 16, &stat, &usera)) { if ((errnum = dh_verify_hash (buf[1], x, buf[0], 16, &stat, &usera)) != CRYPT_OK) {
printf ("Error: %s\n", error_to_string (errnum)); printf ("Error: %s\n", error_to_string (errnum));
exit (-1); exit (-1);
} }
buf[0][0] ^= 1; buf[0][0] ^= 1;
if (dh_verify_hash (buf[1], x, buf[0], 16, &stat2, &usera)) { if ((errnum = dh_verify_hash (buf[1], x, buf[0], 16, &stat2, &usera)) != CRYPT_OK) {
printf ("Error: %s\n", error_to_string (errnum)); printf ("Error: %s\n", error_to_string (errnum));
exit (-1); exit (-1);
} }
@ -1272,7 +1275,7 @@ test_prime (void)
/* make a 1024 bit prime */ /* make a 1024 bit prime */
mp_init (&a); mp_init (&a);
rand_prime (&a, 128, &prng, find_prng ("yarrow")); rand_prime (&a, 128*8, &prng, find_prng ("yarrow"));
/* dump it */ /* dump it */
mp_todecimal (&a, buf); mp_todecimal (&a, buf);
@ -1809,8 +1812,87 @@ void dsa_tests(void)
dsa_free(&key); dsa_free(&key);
} }
#ifdef PKCS_1
void pkcs1_test(void)
{
unsigned char buf[3][128];
int err, res1, res2, res3, prng_idx, hash_idx;
unsigned long x, y, l1, l2, l3, i1, i2;
/* get hash/prng */
hash_idx = find_hash("sha1");
prng_idx = find_prng("yarrow");
/* do many tests */
for (x = 0; x < 10000; x++) {
zeromem(buf, sizeof(buf));
/* make a dummy message (of random length) */
l3 = (rand() & 31) + 8;
for (y = 0; y < l3; y++) buf[0][y] = rand() & 255;
/* encode it */
l1 = sizeof(buf[1]);
if ((err = pkcs_1_oaep_encode(buf[0], l3, NULL, 0, 1024, hash_idx, prng_idx, &prng, buf[1], &l1)) != CRYPT_OK) {
printf("OAEP encode: %s\n", error_to_string(err));
exit(-1);
}
/* decode it */
l2 = sizeof(buf[2]);
if ((err = pkcs_1_oaep_decode(buf[1], l1, NULL, 0, 1024, hash_idx, buf[2], &l2)) != CRYPT_OK) {
printf("OAEP decode: %s\n", error_to_string(err));
exit(-1);
}
if (l2 != l3 || memcmp(buf[2], buf[0], l3) != 0) {
printf("Outsize == %lu, should have been %lu, msg contents follow.\n", l2, l3);
printf("ORIGINAL:\n");
for (x = 0; x < l3; x++) {
printf("%02x ", buf[0][x]);
}
printf("\nRESULT:\n");
for (x = 0; x < l2; x++) {
printf("%02x ", buf[2][x]);
}
printf("\n\n");
exit(-1);
}
/* test PSS */
l1 = sizeof(buf[1]);
if ((err = pkcs_1_pss_encode(buf[0], l3, l3>>2, hash_idx, prng_idx, &prng, 1024, buf[1], &l1)) != CRYPT_OK) {
printf("PSS encode: %s\n", error_to_string(err));
exit(-1);
}
if ((err = pkcs_1_pss_decode(buf[0], l3, buf[1], l1, l3>>2, hash_idx, 1024, &res1)) != CRYPT_OK) {
printf("PSS decode1: %s\n", error_to_string(err));
exit(-1);
}
buf[0][i1 = abs(rand()) % l3] ^= 1;
if ((err = pkcs_1_pss_decode(buf[0], l3, buf[1], l1, l3>>2, hash_idx, 1024, &res2)) != CRYPT_OK) {
printf("PSS decode2: %s\n", error_to_string(err));
exit(-1);
}
buf[0][i1] ^= 1;
buf[1][i2 = abs(rand()) % l1] ^= 1;
if ((err = pkcs_1_pss_decode(buf[0], l3, buf[1], l1, l3>>2, hash_idx, 1024, &res3)) != CRYPT_OK) {
printf("PSS decode3: %s\n", error_to_string(err));
exit(-1);
}
if (!(res1 == 1 && res2 == 0 && res3 == 0)) {
printf("PSS failed: %d, %d, %d, %lu\n", res1, res2, res3, l3);
exit(-1);
}
}
printf("PKCS #1: Passed\n");
}
#endif /* PKCS_1 */
int int
main (void) main (void)
@ -1818,6 +1900,7 @@ main (void)
#ifdef SONY_PS2 #ifdef SONY_PS2
TIMER_Init (); TIMER_Init ();
#endif #endif
srand(time(NULL));
register_all_algs (); register_all_algs ();
@ -1834,7 +1917,6 @@ main (void)
printf (crypt_build_settings); printf (crypt_build_settings);
test_errs (); test_errs ();
#ifdef HMAC #ifdef HMAC
printf ("HMAC: %s\n", hmac_test () == CRYPT_OK ? "passed" : "failed"); printf ("HMAC: %s\n", hmac_test () == CRYPT_OK ? "passed" : "failed");
if (hmac_test() != CRYPT_OK) exit(EXIT_FAILURE); if (hmac_test() != CRYPT_OK) exit(EXIT_FAILURE);
@ -1864,6 +1946,10 @@ main (void)
cipher_tests (); cipher_tests ();
hash_tests (); hash_tests ();
#ifdef PKCS_1
pkcs1_test();
#endif
ecb_tests (); ecb_tests ();
cbc_tests (); cbc_tests ();
ctr_tests (); ctr_tests ();
@ -1882,7 +1968,6 @@ main (void)
ecc_tests (); ecc_tests ();
dh_tests (); dh_tests ();
gf_tests (); gf_tests ();
base64_test (); base64_test ();

1985
demos/test.c~ Normal file
View File

File diff suppressed because it is too large Load Diff

4
des.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
@ -1747,7 +1747,7 @@ int des_test(void)
for (y = 0; y < 1000; y++) des_ecb_encrypt(tmp, tmp, &des); for (y = 0; y < 1000; y++) des_ecb_encrypt(tmp, tmp, &des);
for (y = 0; y < 1000; y++) des_ecb_decrypt(tmp, tmp, &des); for (y = 0; y < 1000; y++) des_ecb_decrypt(tmp, tmp, &des);
for (y = 0; y < 8; y++) if (tmp[y] != 0) return CRYPT_FAIL_TESTVECTOR; for (y = 0; y < 8; y++) if (tmp[y] != 0) return CRYPT_FAIL_TESTVECTOR;
} }
return CRYPT_OK; return CRYPT_OK;
#endif #endif

12
dh.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
@ -294,9 +294,9 @@ int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key)
unsigned long y, z; unsigned long y, z;
int err; int err;
_ARGCHK(out != NULL); _ARGCHK(out != NULL);
_ARGCHK(outlen != NULL); _ARGCHK(outlen != NULL);
_ARGCHK(key != NULL); _ARGCHK(key != NULL);
/* can we store the static header? */ /* can we store the static header? */
if (*outlen < (PACKET_SIZE + 2)) { if (*outlen < (PACKET_SIZE + 2)) {
@ -335,7 +335,7 @@ int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key)
unsigned long x, y, s; unsigned long x, y, s;
int err; int err;
_ARGCHK(in != NULL); _ARGCHK(in != NULL);
_ARGCHK(key != NULL); _ARGCHK(key != NULL);
/* make sure valid length */ /* make sure valid length */
@ -382,10 +382,10 @@ int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key)
} }
/* load public value g^x mod p*/ /* load public value g^x mod p*/
INPUT_BIGNUM(&key->y, in, x, y); INPUT_BIGNUM(&key->y, in, x, y, inlen);
if (key->type == PK_PRIVATE) { if (key->type == PK_PRIVATE) {
INPUT_BIGNUM(&key->x, in, x, y); INPUT_BIGNUM(&key->x, in, x, y, inlen);
} }
/* eliminate private key if public */ /* eliminate private key if public */

49
dh_sys.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
@ -48,7 +48,7 @@ int dh_encrypt_key(const unsigned char *inkey, unsigned long keylen,
} }
/* now check if the out buffer is big enough */ /* now check if the out buffer is big enough */
if (*len < (9 + PACKET_SIZE + pubkeysize + keylen)) { if (*len < (1 + 4 + 4 + PACKET_SIZE + pubkeysize + keylen)) {
dh_free(&pubkey); dh_free(&pubkey);
return CRYPT_BUFFER_OVERFLOW; return CRYPT_BUFFER_OVERFLOW;
} }
@ -326,6 +326,8 @@ done:
return err; return err;
} }
/* verify the signature in sig of the given hash */
int dh_verify_hash(const unsigned char *sig, unsigned long siglen, int dh_verify_hash(const unsigned char *sig, unsigned long siglen,
const unsigned char *hash, unsigned long hashlen, const unsigned char *hash, unsigned long hashlen,
int *stat, dh_key *key) int *stat, dh_key *key)
@ -345,9 +347,7 @@ int dh_verify_hash(const unsigned char *sig, unsigned long siglen,
/* check initial input length */ /* check initial input length */
if (siglen < PACKET_SIZE+4+4) { if (siglen < PACKET_SIZE+4+4) {
return CRYPT_INVALID_PACKET; return CRYPT_INVALID_PACKET;
} else { }
siglen -= PACKET_SIZE + 4 + 4;
}
/* header ok? */ /* header ok? */
if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_DH, PACKET_SUB_SIGNED)) != CRYPT_OK) { if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_DH, PACKET_SUB_SIGNED)) != CRYPT_OK) {
@ -363,41 +363,23 @@ int dh_verify_hash(const unsigned char *sig, unsigned long siglen,
} }
/* load a and b */ /* load a and b */
LOAD32L(x, sig+y); INPUT_BIGNUM(&a, sig, x, y, siglen);
if (siglen < x) { INPUT_BIGNUM(&b, sig, x, y, siglen);
return CRYPT_INVALID_PACKET;
} else {
siglen -= x;
}
y += 4;
if ((err = mp_read_unsigned_bin(&a, (unsigned char *)sig+y, x)) != MP_OKAY) { goto error; }
y += x;
LOAD32L(x, sig+y);
if (siglen < x) {
return CRYPT_INVALID_PACKET;
} else {
siglen -= x;
}
y += 4;
if ((err = mp_read_unsigned_bin(&b, (unsigned char *)sig+y, x)) != MP_OKAY) { goto error; }
y += x;
/* load p and g */ /* load p and g */
if ((err = mp_read_radix(&p, sets[key->idx].prime, 64)) != MP_OKAY) { goto error; } if ((err = mp_read_radix(&p, sets[key->idx].prime, 64)) != MP_OKAY) { goto error1; }
if ((err = mp_read_radix(&g, sets[key->idx].base, 64)) != MP_OKAY) { goto error; } if ((err = mp_read_radix(&g, sets[key->idx].base, 64)) != MP_OKAY) { goto error1; }
/* load m */ /* load m */
if ((err = mp_read_unsigned_bin(&m, (unsigned char *)hash, hashlen)) != MP_OKAY) { goto error; } if ((err = mp_read_unsigned_bin(&m, (unsigned char *)hash, hashlen)) != MP_OKAY) { goto error1; }
/* find g^m mod p */ /* find g^m mod p */
if ((err = mp_exptmod(&g, &m, &p, &m)) != MP_OKAY) { goto error; } /* m = g^m mod p */ if ((err = mp_exptmod(&g, &m, &p, &m)) != MP_OKAY) { goto error1; } /* m = g^m mod p */
/* find y^a * a^b */ /* find y^a * a^b */
if ((err = mp_exptmod(&key->y, &a, &p, &tmp)) != MP_OKAY) { goto error; } /* tmp = y^a mod p */ if ((err = mp_exptmod(&key->y, &a, &p, &tmp)) != MP_OKAY) { goto error1; } /* tmp = y^a mod p */
if ((err = mp_exptmod(&a, &b, &p, &a)) != MP_OKAY) { goto error; } /* a = a^b mod p */ if ((err = mp_exptmod(&a, &b, &p, &a)) != MP_OKAY) { goto error1; } /* a = a^b mod p */
if ((err = mp_mulmod(&a, &tmp, &p, &a)) != MP_OKAY) { goto error; } /* a = y^a * a^b mod p */ if ((err = mp_mulmod(&a, &tmp, &p, &a)) != MP_OKAY) { goto error1; } /* a = y^a * a^b mod p */
/* y^a * a^b == g^m ??? */ /* y^a * a^b == g^m ??? */
if (mp_cmp(&a, &m) == 0) { if (mp_cmp(&a, &m) == 0) {
@ -407,8 +389,9 @@ int dh_verify_hash(const unsigned char *sig, unsigned long siglen,
/* clean up */ /* clean up */
err = CRYPT_OK; err = CRYPT_OK;
goto done; goto done;
error: error1:
err = mpi_to_ltc_error(err); err = mpi_to_ltc_error(err);
error:
done: done:
mp_clear_multi(&tmp, &m, &g, &p, &b, &a, NULL); mp_clear_multi(&tmp, &m, &g, &p, &b, &a, NULL);
return err; return err;

477
dsa.c
View File

@ -1,477 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* gurantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MDSA
int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key)
{
mp_int tmp, tmp2;
int err, res;
unsigned char buf[512];
_ARGCHK(key != NULL);
/* check prng */
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
return err;
}
/* check size */
if (group_size >= 1024 || group_size <= 15 ||
group_size >= modulus_size || (modulus_size - group_size) >= (int)sizeof(buf)) {
return CRYPT_INVALID_ARG;
}
/* init mp_ints */
if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != MP_OKAY) {
return mpi_to_ltc_error(err);
}
/* make our prime q */
if ((err = rand_prime(&key->q, group_size, prng, wprng)) != CRYPT_OK) { goto error2; }
/* double q */
if ((err = mp_mul_2(&key->q, &tmp)) != MP_OKAY) { goto error; }
/* now make a random string and multply it against q */
if (prng_descriptor[wprng].read(buf, modulus_size - group_size, prng) != (unsigned long)(modulus_size - group_size)) {
err = CRYPT_ERROR_READPRNG;
goto error2;
}
/* force magnitude */
buf[0] |= 0x80;
/* force even */
buf[modulus_size - group_size - 1] &= ~1;
if ((err = mp_read_unsigned_bin(&tmp2, buf, modulus_size - group_size)) != MP_OKAY) { goto error; }
if ((err = mp_mul(&key->q, &tmp2, &key->p)) != MP_OKAY) { goto error; }
if ((err = mp_add_d(&key->p, 1, &key->p)) != MP_OKAY) { goto error; }
/* now loop until p is prime */
for (;;) {
if ((err = is_prime(&key->p, &res)) != CRYPT_OK) { goto error2; }
if (res == MP_YES) break;
/* add 2q to p and 2 to tmp2 */
if ((err = mp_add(&tmp, &key->p, &key->p)) != MP_OKAY) { goto error; }
if ((err = mp_add_d(&tmp2, 2, &tmp2)) != MP_OKAY) { goto error; }
}
/* now p = (q * tmp2) + 1 is prime, find a value g for which g^tmp2 != 1 */
mp_set(&key->g, 1);
do {
if ((err = mp_add_d(&key->g, 1, &key->g)) != MP_OKAY) { goto error; }
if ((err = mp_exptmod(&key->g, &tmp2, &key->p, &tmp)) != MP_OKAY) { goto error; }
} while (mp_cmp_d(&tmp, 1) == MP_EQ);
/* at this point tmp generates a group of order q mod p */
mp_exch(&tmp, &key->g);
/* so now we have our DH structure, generator g, order q, modulus p
Now we need a random exponent [mod q] and it's power g^x mod p
*/
do {
if (prng_descriptor[wprng].read(buf, group_size, prng) != (unsigned long)group_size) {
err = CRYPT_ERROR_READPRNG;
goto error2;
}
if ((err = mp_read_unsigned_bin(&key->x, buf, group_size)) != MP_OKAY) { goto error; }
} while (mp_cmp_d(&key->x, 1) != MP_GT);
if ((err = mp_exptmod(&key->g, &key->x, &key->p, &key->y)) != MP_OKAY) { goto error; }
key->type = PK_PRIVATE;
key->qord = group_size;
/* shrink the ram required */
if ((err = mp_shrink(&key->g)) != MP_OKAY) { goto error; }
if ((err = mp_shrink(&key->p)) != MP_OKAY) { goto error; }
if ((err = mp_shrink(&key->q)) != MP_OKAY) { goto error; }
if ((err = mp_shrink(&key->x)) != MP_OKAY) { goto error; }
if ((err = mp_shrink(&key->y)) != MP_OKAY) { goto error; }
err = CRYPT_OK;
#ifdef CLEAN_STACK
zeromem(buf, sizeof(buf));
#endif
goto done;
error : err = mpi_to_ltc_error(err);
error2: mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL);
done : mp_clear_multi(&tmp, &tmp2, NULL);
return err;
}
void dsa_free(dsa_key *key)
{
_ARGCHK(key != NULL);
mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL);
}
int dsa_sign_hash(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
prng_state *prng, int wprng, dsa_key *key)
{
mp_int k, kinv, tmp, r, s;
unsigned char buf[512];
int err, y;
unsigned long len;
_ARGCHK(in != NULL);
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
_ARGCHK(key != NULL);
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
return err;
}
if (key->type != PK_PRIVATE) {
return CRYPT_PK_NOT_PRIVATE;
}
/* check group order size */
if (key->qord >= (int)sizeof(buf)) {
return CRYPT_INVALID_ARG;
}
/* Init our temps */
if ((err = mp_init_multi(&k, &kinv, &r, &s, &tmp, NULL)) != MP_OKAY) { goto error; }
retry:
do {
/* gen random k */
if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) {
err = CRYPT_ERROR_READPRNG;
goto done;
}
/* read k */
if ((err = mp_read_unsigned_bin(&k, buf, key->qord)) != MP_OKAY) { goto error; }
/* k > 1 ? */
if (mp_cmp_d(&k, 1) != MP_GT) { goto retry; }
/* test gcd */
if ((err = mp_gcd(&k, &key->q, &tmp)) != MP_OKAY) { goto error; }
} while (mp_cmp_d(&tmp, 1) != MP_EQ);
/* now find 1/k mod q */
if ((err = mp_invmod(&k, &key->q, &kinv)) != MP_OKAY) { goto error; }
/* now find r = g^k mod p mod q */
if ((err = mp_exptmod(&key->g, &k, &key->p, &r)) != MP_OKAY) { goto error; }
if ((err = mp_mod(&r, &key->q, &r)) != MP_OKAY) { goto error; }
if (mp_iszero(&r) == MP_YES) { goto retry; }
/* now find s = (in + xr)/k mod q */
if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, inlen)) != MP_OKAY) { goto error; }
if ((err = mp_mul(&key->x, &r, &s)) != MP_OKAY) { goto error; }
if ((err = mp_add(&s, &tmp, &s)) != MP_OKAY) { goto error; }
if ((err = mp_mulmod(&s, &kinv, &key->q, &s)) != MP_OKAY) { goto error; }
if (mp_iszero(&s) == MP_YES) { goto retry; }
/* now store em both */
/* first check that we have enough room */
if (*outlen < (unsigned long)(PACKET_SIZE + 4 + mp_unsigned_bin_size(&s) + mp_unsigned_bin_size(&r))) {
err = CRYPT_BUFFER_OVERFLOW;
goto done;
}
/* packet header */
packet_store_header(out, PACKET_SECT_DSA, PACKET_SUB_SIGNED);
y = PACKET_SIZE;
/* store length of r */
len = mp_unsigned_bin_size(&r);
out[y++] = (len>>8)&255;
out[y++] = len&255;
/* store r */
if ((err = mp_to_unsigned_bin(&r, out+y)) != MP_OKAY) { goto error; }
y += len;
/* store length of s */
len = mp_unsigned_bin_size(&s);
out[y++] = (len>>8)&255;
out[y++] = len&255;
/* store s */
if ((err = mp_to_unsigned_bin(&s, out+y)) != MP_OKAY) { goto error; }
y += len;
/* reset size */
*outlen = y;
err = CRYPT_OK;
goto done;
error : err = mpi_to_ltc_error(err);
done : mp_clear_multi(&k, &kinv, &r, &s, &tmp, NULL);
#ifdef CLEAN_STACK
zeromem(buf, sizeof(buf));
#endif
return err;
}
int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
const unsigned char *hash, unsigned long inlen,
int *stat, dsa_key *key)
{
mp_int r, s, w, v, u1, u2;
unsigned long x, y;
int err;
_ARGCHK(sig != NULL);
_ARGCHK(hash != NULL);
_ARGCHK(stat != NULL);
_ARGCHK(key != NULL);
/* default to invalid signature */
*stat = 0;
if (siglen < PACKET_SIZE+2+2) {
return CRYPT_INVALID_PACKET;
}
/* is the message format correct? */
if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_DSA, PACKET_SUB_SIGNED)) != CRYPT_OK) {
return err;
}
/* skip over header */
y = PACKET_SIZE;
/* init our variables */
if ((err = mp_init_multi(&r, &s, &w, &v, &u1, &u2, NULL)) != MP_OKAY) {
return mpi_to_ltc_error(err);
}
/* read in r followed by s */
x = ((unsigned)sig[y]<<8)|((unsigned)sig[y+1]);
y += 2;
if (y + x > siglen) {
err = CRYPT_INVALID_PACKET;
goto done;
}
if ((err = mp_read_unsigned_bin(&r, (unsigned char *)sig+y, x)) != MP_OKAY) { goto error; }
y += x;
/* load s */
x = ((unsigned)sig[y]<<8)|((unsigned)sig[y+1]);
y += 2;
if (y + x > siglen) {
err = CRYPT_INVALID_PACKET;
goto done;
}
if ((err = mp_read_unsigned_bin(&s, (unsigned char *)sig+y, x)) != MP_OKAY) { goto error; }
/* w = 1/s mod q */
if ((err = mp_invmod(&s, &key->q, &w)) != MP_OKAY) { goto error; }
/* u1 = m * w mod q */
if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, inlen)) != MP_OKAY) { goto error; }
if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != MP_OKAY) { goto error; }
/* u2 = r*w mod q */
if ((err = mp_mulmod(&r, &w, &key->q, &u2)) != MP_OKAY) { goto error; }
/* v = g^u1 * y^u2 mod p mod q */
if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != MP_OKAY) { goto error; }
if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != MP_OKAY) { goto error; }
if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != MP_OKAY) { goto error; }
if ((err = mp_mod(&v, &key->q, &v)) != MP_OKAY) { goto error; }
/* if r = v then we're set */
if (mp_cmp(&r, &v) == MP_EQ) {
*stat = 1;
}
err = CRYPT_OK;
goto done;
error : err = mpi_to_ltc_error(err);
done : mp_clear_multi(&r, &s, &w, &v, &u1, &u2, NULL);
return err;
}
int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key)
{
unsigned long y, z;
int err;
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
_ARGCHK(key != NULL);
/* can we store the static header? */
if (*outlen < (PACKET_SIZE + 1 + 2)) {
return CRYPT_BUFFER_OVERFLOW;
}
if (type == PK_PRIVATE && key->type != PK_PRIVATE) {
return CRYPT_PK_TYPE_MISMATCH;
}
if (type != PK_PUBLIC && type != PK_PRIVATE) {
return CRYPT_INVALID_ARG;
}
/* store header */
packet_store_header(out, PACKET_SECT_DSA, PACKET_SUB_KEY);
y = PACKET_SIZE;
/* store g, p, q, qord */
out[y++] = type;
out[y++] = (key->qord>>8)&255;
out[y++] = key->qord & 255;
OUTPUT_BIGNUM(&key->g,out,y,z);
OUTPUT_BIGNUM(&key->p,out,y,z);
OUTPUT_BIGNUM(&key->q,out,y,z);
/* public exponent */
OUTPUT_BIGNUM(&key->y,out,y,z);
if (type == PK_PRIVATE) {
OUTPUT_BIGNUM(&key->x,out,y,z);
}
*outlen = y;
return CRYPT_OK;
}
int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key)
{
unsigned long x, y;
int err;
_ARGCHK(in != NULL);
_ARGCHK(key != NULL);
/* check length */
if ((1+2+PACKET_SIZE) > inlen) {
return CRYPT_INVALID_PACKET;
}
/* check type */
if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_DSA, PACKET_SUB_KEY)) != CRYPT_OK) {
return err;
}
y = PACKET_SIZE;
/* init key */
if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL) != MP_OKAY) {
return CRYPT_MEM;
}
/* read type/qord */
key->type = in[y++];
key->qord = ((unsigned)in[y]<<8)|((unsigned)in[y+1]);
y += 2;
/* input publics */
INPUT_BIGNUM(&key->g,in,x,y);
INPUT_BIGNUM(&key->p,in,x,y);
INPUT_BIGNUM(&key->q,in,x,y);
INPUT_BIGNUM(&key->y,in,x,y);
if (key->type == PK_PRIVATE) {
INPUT_BIGNUM(&key->x,in,x,y);
}
return CRYPT_OK;
error:
mp_clear_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL);
return err;
}
int dsa_verify_key(dsa_key *key, int *stat)
{
mp_int tmp, tmp2;
int res, err;
_ARGCHK(key != NULL);
_ARGCHK(stat != NULL);
*stat = 0;
/* first make sure key->q and key->p are prime */
if ((err = is_prime(&key->q, &res)) != CRYPT_OK) {
return err;
}
if (res == 0) {
return CRYPT_OK;
}
if ((err = is_prime(&key->p, &res)) != CRYPT_OK) {
return err;
}
if (res == 0) {
return CRYPT_OK;
}
/* now make sure that g is not -1, 0 or 1 and <p */
if (mp_cmp_d(&key->g, 0) == MP_EQ || mp_cmp_d(&key->g, 1) == MP_EQ) {
return CRYPT_OK;
}
if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != MP_OKAY) { goto error; }
if ((err = mp_sub_d(&key->p, 1, &tmp)) != MP_OKAY) { goto error; }
if (mp_cmp(&tmp, &key->g) == MP_EQ || mp_cmp(&key->g, &key->p) != MP_LT) {
err = CRYPT_OK;
goto done;
}
/* 1 < y < p-1 */
if (!(mp_cmp_d(&key->y, 1) == MP_GT && mp_cmp(&key->y, &tmp) == MP_LT)) {
err = CRYPT_OK;
goto done;
}
/* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */
if ((err = mp_div(&tmp, &key->q, &tmp, &tmp2)) != MP_OKAY) { goto error; }
if (mp_iszero(&tmp2) != MP_YES) {
err = CRYPT_OK;
goto done;
}
if ((err = mp_exptmod(&key->g, &key->q, &key->p, &tmp)) != MP_OKAY) { goto error; }
if (mp_cmp_d(&tmp, 1) != MP_EQ) {
err = CRYPT_OK;
goto done;
}
/* now we have to make sure that y^q = 1, this makes sure y \in g^x mod p */
if ((err = mp_exptmod(&key->y, &key->q, &key->p, &tmp)) != MP_OKAY) { goto error; }
if (mp_cmp_d(&tmp, 1) != MP_EQ) {
err = CRYPT_OK;
goto done;
}
/* at this point we are out of tests ;-( */
err = CRYPT_OK;
*stat = 1;
goto done;
error: err = mpi_to_ltc_error(err);
done : mp_clear_multi(&tmp, &tmp2, NULL);
return err;
}
#endif

62
dsa_export.c Normal file
View File

@ -0,0 +1,62 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MDSA
int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key)
{
unsigned long y, z;
int err;
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
_ARGCHK(key != NULL);
/* can we store the static header? */
if (*outlen < (PACKET_SIZE + 1 + 2)) {
return CRYPT_BUFFER_OVERFLOW;
}
if (type == PK_PRIVATE && key->type != PK_PRIVATE) {
return CRYPT_PK_TYPE_MISMATCH;
}
if (type != PK_PUBLIC && type != PK_PRIVATE) {
return CRYPT_INVALID_ARG;
}
/* store header */
packet_store_header(out, PACKET_SECT_DSA, PACKET_SUB_KEY);
y = PACKET_SIZE;
/* store g, p, q, qord */
out[y++] = type;
out[y++] = (key->qord>>8)&255;
out[y++] = key->qord & 255;
OUTPUT_BIGNUM(&key->g,out,y,z);
OUTPUT_BIGNUM(&key->p,out,y,z);
OUTPUT_BIGNUM(&key->q,out,y,z);
/* public exponent */
OUTPUT_BIGNUM(&key->y,out,y,z);
if (type == PK_PRIVATE) {
OUTPUT_BIGNUM(&key->x,out,y,z);
}
*outlen = y;
return CRYPT_OK;
}
#endif

21
dsa_free.c Normal file
View File

@ -0,0 +1,21 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MDSA
void dsa_free(dsa_key *key)
{
_ARGCHK(key != NULL);
mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL);
}
#endif

59
dsa_import.c Normal file
View File

@ -0,0 +1,59 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MDSA
int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key)
{
unsigned long x, y;
int err;
_ARGCHK(in != NULL);
_ARGCHK(key != NULL);
/* check length */
if ((1+2+PACKET_SIZE) > inlen) {
return CRYPT_INVALID_PACKET;
}
/* check type */
if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_DSA, PACKET_SUB_KEY)) != CRYPT_OK) {
return err;
}
y = PACKET_SIZE;
/* init key */
if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL) != MP_OKAY) {
return CRYPT_MEM;
}
/* read type/qord */
key->type = in[y++];
key->qord = ((unsigned)in[y]<<8)|((unsigned)in[y+1]);
y += 2;
/* input publics */
INPUT_BIGNUM(&key->g,in,x,y, inlen);
INPUT_BIGNUM(&key->p,in,x,y, inlen);
INPUT_BIGNUM(&key->q,in,x,y, inlen);
INPUT_BIGNUM(&key->y,in,x,y, inlen);
if (key->type == PK_PRIVATE) {
INPUT_BIGNUM(&key->x,in,x,y, inlen);
}
return CRYPT_OK;
error:
mp_clear_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL);
return err;
}
#endif

117
dsa_make_key.c Normal file
View File

@ -0,0 +1,117 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MDSA
int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key)
{
mp_int tmp, tmp2;
int err, res;
unsigned char buf[512];
_ARGCHK(key != NULL);
/* check prng */
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
return err;
}
/* check size */
if (group_size >= 1024 || group_size <= 15 ||
group_size >= modulus_size || (modulus_size - group_size) >= (int)sizeof(buf)) {
return CRYPT_INVALID_ARG;
}
/* init mp_ints */
if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != MP_OKAY) {
return mpi_to_ltc_error(err);
}
/* make our prime q */
if ((err = rand_prime(&key->q, group_size*8, prng, wprng)) != CRYPT_OK) { goto error2; }
/* double q */
if ((err = mp_mul_2(&key->q, &tmp)) != MP_OKAY) { goto error; }
/* now make a random string and multply it against q */
if (prng_descriptor[wprng].read(buf+1, modulus_size - group_size, prng) != (unsigned long)(modulus_size - group_size)) {
err = CRYPT_ERROR_READPRNG;
goto error2;
}
/* force magnitude */
buf[0] = 1;
/* force even */
buf[modulus_size - group_size] &= ~1;
if ((err = mp_read_unsigned_bin(&tmp2, buf, modulus_size - group_size+1)) != MP_OKAY) { goto error; }
if ((err = mp_mul(&key->q, &tmp2, &key->p)) != MP_OKAY) { goto error; }
if ((err = mp_add_d(&key->p, 1, &key->p)) != MP_OKAY) { goto error; }
/* now loop until p is prime */
for (;;) {
if ((err = is_prime(&key->p, &res)) != CRYPT_OK) { goto error2; }
if (res == MP_YES) break;
/* add 2q to p and 2 to tmp2 */
if ((err = mp_add(&tmp, &key->p, &key->p)) != MP_OKAY) { goto error; }
if ((err = mp_add_d(&tmp2, 2, &tmp2)) != MP_OKAY) { goto error; }
}
/* now p = (q * tmp2) + 1 is prime, find a value g for which g^tmp2 != 1 */
mp_set(&key->g, 1);
do {
if ((err = mp_add_d(&key->g, 1, &key->g)) != MP_OKAY) { goto error; }
if ((err = mp_exptmod(&key->g, &tmp2, &key->p, &tmp)) != MP_OKAY) { goto error; }
} while (mp_cmp_d(&tmp, 1) == MP_EQ);
/* at this point tmp generates a group of order q mod p */
mp_exch(&tmp, &key->g);
/* so now we have our DH structure, generator g, order q, modulus p
Now we need a random exponent [mod q] and it's power g^x mod p
*/
do {
if (prng_descriptor[wprng].read(buf, group_size, prng) != (unsigned long)group_size) {
err = CRYPT_ERROR_READPRNG;
goto error2;
}
if ((err = mp_read_unsigned_bin(&key->x, buf, group_size)) != MP_OKAY) { goto error; }
} while (mp_cmp_d(&key->x, 1) != MP_GT);
if ((err = mp_exptmod(&key->g, &key->x, &key->p, &key->y)) != MP_OKAY) { goto error; }
key->type = PK_PRIVATE;
key->qord = group_size;
/* shrink the ram required */
if ((err = mp_shrink(&key->g)) != MP_OKAY) { goto error; }
if ((err = mp_shrink(&key->p)) != MP_OKAY) { goto error; }
if ((err = mp_shrink(&key->q)) != MP_OKAY) { goto error; }
if ((err = mp_shrink(&key->x)) != MP_OKAY) { goto error; }
if ((err = mp_shrink(&key->y)) != MP_OKAY) { goto error; }
err = CRYPT_OK;
#ifdef CLEAN_STACK
zeromem(buf, sizeof(buf));
#endif
goto done;
error : err = mpi_to_ltc_error(err);
error2: mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL);
done : mp_clear_multi(&tmp, &tmp2, NULL);
return err;
}
#endif

125
dsa_sign_hash.c Normal file
View File

@ -0,0 +1,125 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MDSA
int dsa_sign_hash(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
prng_state *prng, int wprng, dsa_key *key)
{
mp_int k, kinv, tmp, r, s;
unsigned char buf[512];
int err, y;
unsigned long len;
_ARGCHK(in != NULL);
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
_ARGCHK(key != NULL);
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
return err;
}
if (key->type != PK_PRIVATE) {
return CRYPT_PK_NOT_PRIVATE;
}
/* check group order size */
if (key->qord >= (int)sizeof(buf)) {
return CRYPT_INVALID_ARG;
}
/* Init our temps */
if ((err = mp_init_multi(&k, &kinv, &r, &s, &tmp, NULL)) != MP_OKAY) { goto error; }
retry:
do {
/* gen random k */
if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) {
err = CRYPT_ERROR_READPRNG;
goto done;
}
/* read k */
if ((err = mp_read_unsigned_bin(&k, buf, key->qord)) != MP_OKAY) { goto error; }
/* k > 1 ? */
if (mp_cmp_d(&k, 1) != MP_GT) { goto retry; }
/* test gcd */
if ((err = mp_gcd(&k, &key->q, &tmp)) != MP_OKAY) { goto error; }
} while (mp_cmp_d(&tmp, 1) != MP_EQ);
/* now find 1/k mod q */
if ((err = mp_invmod(&k, &key->q, &kinv)) != MP_OKAY) { goto error; }
/* now find r = g^k mod p mod q */
if ((err = mp_exptmod(&key->g, &k, &key->p, &r)) != MP_OKAY) { goto error; }
if ((err = mp_mod(&r, &key->q, &r)) != MP_OKAY) { goto error; }
if (mp_iszero(&r) == MP_YES) { goto retry; }
/* now find s = (in + xr)/k mod q */
if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, inlen)) != MP_OKAY) { goto error; }
if ((err = mp_mul(&key->x, &r, &s)) != MP_OKAY) { goto error; }
if ((err = mp_add(&s, &tmp, &s)) != MP_OKAY) { goto error; }
if ((err = mp_mulmod(&s, &kinv, &key->q, &s)) != MP_OKAY) { goto error; }
if (mp_iszero(&s) == MP_YES) { goto retry; }
/* now store em both */
/* first check that we have enough room */
if (*outlen < (unsigned long)(PACKET_SIZE + 4 + mp_unsigned_bin_size(&s) + mp_unsigned_bin_size(&r))) {
err = CRYPT_BUFFER_OVERFLOW;
goto done;
}
/* packet header */
packet_store_header(out, PACKET_SECT_DSA, PACKET_SUB_SIGNED);
y = PACKET_SIZE;
/* store length of r */
len = mp_unsigned_bin_size(&r);
out[y++] = (len>>8)&255;
out[y++] = len&255;
/* store r */
if ((err = mp_to_unsigned_bin(&r, out+y)) != MP_OKAY) { goto error; }
y += len;
/* store length of s */
len = mp_unsigned_bin_size(&s);
out[y++] = (len>>8)&255;
out[y++] = len&255;
/* store s */
if ((err = mp_to_unsigned_bin(&s, out+y)) != MP_OKAY) { goto error; }
y += len;
/* reset size */
*outlen = y;
err = CRYPT_OK;
goto done;
error : err = mpi_to_ltc_error(err);
done : mp_clear_multi(&k, &kinv, &r, &s, &tmp, NULL);
#ifdef CLEAN_STACK
zeromem(buf, sizeof(buf));
#endif
return err;
}
#endif

97
dsa_verify_hash.c Normal file
View File

@ -0,0 +1,97 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MDSA
int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
const unsigned char *hash, unsigned long inlen,
int *stat, dsa_key *key)
{
mp_int r, s, w, v, u1, u2;
unsigned long x, y;
int err;
_ARGCHK(sig != NULL);
_ARGCHK(hash != NULL);
_ARGCHK(stat != NULL);
_ARGCHK(key != NULL);
/* default to invalid signature */
*stat = 0;
if (siglen < PACKET_SIZE+2+2) {
return CRYPT_INVALID_PACKET;
}
/* is the message format correct? */
if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_DSA, PACKET_SUB_SIGNED)) != CRYPT_OK) {
return err;
}
/* skip over header */
y = PACKET_SIZE;
/* init our variables */
if ((err = mp_init_multi(&r, &s, &w, &v, &u1, &u2, NULL)) != MP_OKAY) {
return mpi_to_ltc_error(err);
}
/* read in r followed by s */
x = ((unsigned)sig[y]<<8)|((unsigned)sig[y+1]);
y += 2;
if (y + x > siglen) {
err = CRYPT_INVALID_PACKET;
goto done;
}
if ((err = mp_read_unsigned_bin(&r, (unsigned char *)sig+y, x)) != MP_OKAY) { goto error; }
y += x;
/* load s */
x = ((unsigned)sig[y]<<8)|((unsigned)sig[y+1]);
y += 2;
if (y + x > siglen) {
err = CRYPT_INVALID_PACKET;
goto done;
}
if ((err = mp_read_unsigned_bin(&s, (unsigned char *)sig+y, x)) != MP_OKAY) { goto error; }
/* w = 1/s mod q */
if ((err = mp_invmod(&s, &key->q, &w)) != MP_OKAY) { goto error; }
/* u1 = m * w mod q */
if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, inlen)) != MP_OKAY) { goto error; }
if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != MP_OKAY) { goto error; }
/* u2 = r*w mod q */
if ((err = mp_mulmod(&r, &w, &key->q, &u2)) != MP_OKAY) { goto error; }
/* v = g^u1 * y^u2 mod p mod q */
if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != MP_OKAY) { goto error; }
if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != MP_OKAY) { goto error; }
if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != MP_OKAY) { goto error; }
if ((err = mp_mod(&v, &key->q, &v)) != MP_OKAY) { goto error; }
/* if r = v then we're set */
if (mp_cmp(&r, &v) == MP_EQ) {
*stat = 1;
}
err = CRYPT_OK;
goto done;
error : err = mpi_to_ltc_error(err);
done : mp_clear_multi(&r, &s, &w, &v, &u1, &u2, NULL);
return err;
}
#endif

86
dsa_verify_key.c Normal file
View File

@ -0,0 +1,86 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MDSA
int dsa_verify_key(dsa_key *key, int *stat)
{
mp_int tmp, tmp2;
int res, err;
_ARGCHK(key != NULL);
_ARGCHK(stat != NULL);
*stat = 0;
/* first make sure key->q and key->p are prime */
if ((err = is_prime(&key->q, &res)) != CRYPT_OK) {
return err;
}
if (res == 0) {
return CRYPT_OK;
}
if ((err = is_prime(&key->p, &res)) != CRYPT_OK) {
return err;
}
if (res == 0) {
return CRYPT_OK;
}
/* now make sure that g is not -1, 0 or 1 and <p */
if (mp_cmp_d(&key->g, 0) == MP_EQ || mp_cmp_d(&key->g, 1) == MP_EQ) {
return CRYPT_OK;
}
if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != MP_OKAY) { goto error; }
if ((err = mp_sub_d(&key->p, 1, &tmp)) != MP_OKAY) { goto error; }
if (mp_cmp(&tmp, &key->g) == MP_EQ || mp_cmp(&key->g, &key->p) != MP_LT) {
err = CRYPT_OK;
goto done;
}
/* 1 < y < p-1 */
if (!(mp_cmp_d(&key->y, 1) == MP_GT && mp_cmp(&key->y, &tmp) == MP_LT)) {
err = CRYPT_OK;
goto done;
}
/* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */
if ((err = mp_div(&tmp, &key->q, &tmp, &tmp2)) != MP_OKAY) { goto error; }
if (mp_iszero(&tmp2) != MP_YES) {
err = CRYPT_OK;
goto done;
}
if ((err = mp_exptmod(&key->g, &key->q, &key->p, &tmp)) != MP_OKAY) { goto error; }
if (mp_cmp_d(&tmp, 1) != MP_EQ) {
err = CRYPT_OK;
goto done;
}
/* now we have to make sure that y^q = 1, this makes sure y \in g^x mod p */
if ((err = mp_exptmod(&key->y, &key->q, &key->p, &tmp)) != MP_OKAY) { goto error; }
if (mp_cmp_d(&tmp, 1) != MP_EQ) {
err = CRYPT_OK;
goto done;
}
/* at this point we are out of tests ;-( */
err = CRYPT_OK;
*stat = 1;
goto done;
error: err = mpi_to_ltc_error(err);
done : mp_clear_multi(&tmp, &tmp2, NULL);
return err;
}
#endif

25
eax_addheader.c Normal file
View File

@ -0,0 +1,25 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef EAX_MODE
/* add header (metadata) to the stream */
int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length)
{
_ARGCHK(eax != NULL);
_ARGCHK(header != NULL);
return omac_process(&eax->headeromac, header, length);
}
#endif

34
eax_decrypt.c Normal file
View File

@ -0,0 +1,34 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef EAX_MODE
int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length)
{
int err;
_ARGCHK(eax != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
/* omac ciphertext */
if ((err = omac_process(&eax->ctomac, ct, length)) != CRYPT_OK) {
return err;
}
/* decrypt */
return ctr_decrypt(ct, pt, length, &eax->ctr);
}
#endif

60
eax_decrypt_verify_memory.c Normal file
View File

@ -0,0 +1,60 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef EAX_MODE
int eax_decrypt_verify_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
unsigned char *tag, unsigned long taglen,
int *res)
{
int err;
eax_state eax;
unsigned char buf[MAXBLOCKSIZE];
unsigned long buflen;
_ARGCHK(res != NULL);
/* default to zero */
*res = 0;
if ((err = eax_init(&eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
return err;
}
if ((err = eax_decrypt(&eax, ct, pt, ctlen)) != CRYPT_OK) {
return err;
}
buflen = MIN(sizeof(buf), taglen);
if ((err = eax_done(&eax, buf, &buflen)) != CRYPT_OK) {
return err;
}
/* compare tags */
if (buflen >= taglen && memcmp(buf, tag, taglen) == 0) {
*res = 1;
}
#ifdef CLEAN_STACK
zeromem(buf, sizeof(buf));
#endif
return CRYPT_OK;
}
#endif

56
eax_done.c Normal file
View File

@ -0,0 +1,56 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef EAX_MODE
int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
{
int err;
unsigned char headermac[MAXBLOCKSIZE], ctmac[MAXBLOCKSIZE];
unsigned long x, len;
_ARGCHK(eax != NULL);
_ARGCHK(tag != NULL);
_ARGCHK(taglen != NULL);
/* finish ctomac */
len = sizeof(ctmac);
if ((err = omac_done(&eax->ctomac, ctmac, &len)) != CRYPT_OK) {
return err;
}
/* finish headeromac */
/* note we specifically don't reset len so the two lens are minimal */
if ((err = omac_done(&eax->headeromac, headermac, &len)) != CRYPT_OK) {
return err;
}
/* compute N xor H xor C */
for (x = 0; x < len && x < *taglen; x++) {
tag[x] = eax->N[x] ^ headermac[x] ^ ctmac[x];
}
*taglen = x;
#ifdef CLEAN_STACK
zeromem(ctmac, sizeof(ctmac));
zeromem(headermac, sizeof(headermac));
zeromem(eax, sizeof(*eax));
#endif
return CRYPT_OK;
}
#endif

35
eax_encrypt.c Normal file
View File

@ -0,0 +1,35 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef EAX_MODE
int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length)
{
int err;
_ARGCHK(eax != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
/* encrypt */
if ((err = ctr_encrypt(pt, ct, length, &eax->ctr)) != CRYPT_OK) {
return err;
}
/* omac ciphertext */
return omac_process(&eax->ctomac, ct, length);
}
#endif

43
eax_encrypt_authenticate_memory.c Normal file
View File

@ -0,0 +1,43 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef EAX_MODE
int eax_encrypt_authenticate_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
const unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen)
{
int err;
eax_state eax;
if ((err = eax_init(&eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
return err;
}
if ((err = eax_encrypt(&eax, pt, ct, ptlen)) != CRYPT_OK) {
return err;
}
if ((err = eax_done(&eax, tag, taglen)) != CRYPT_OK) {
return err;
}
return CRYPT_OK;
}
#endif

106
eax_init.c Normal file
View File

@ -0,0 +1,106 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef EAX_MODE
int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen)
{
unsigned char buf[MAXBLOCKSIZE];
int err, blklen;
omac_state omac;
unsigned long len;
_ARGCHK(eax != NULL);
_ARGCHK(key != NULL);
_ARGCHK(nonce != NULL);
if (headerlen > 0) {
_ARGCHK(header != NULL);
}
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
blklen = cipher_descriptor[cipher].block_length;
/* N = OMAC_0K(nonce) */
zeromem(buf, sizeof(buf));
if ((err = omac_init(&omac, cipher, key, keylen)) != CRYPT_OK) {
return err;
}
/* omac the [0]_n */
if ((err = omac_process(&omac, buf, blklen)) != CRYPT_OK) {
return err;
}
/* omac the nonce */
if ((err = omac_process(&omac, nonce, noncelen)) != CRYPT_OK) {
return err;
}
/* store result */
len = sizeof(eax->N);
if ((err = omac_done(&omac, eax->N, &len)) != CRYPT_OK) {
return err;
}
/* H = OMAC_1K(header) */
zeromem(buf, sizeof(buf));
buf[blklen - 1] = 1;
if ((err = omac_init(&eax->headeromac, cipher, key, keylen)) != CRYPT_OK) {
return err;
}
/* omac the [1]_n */
if ((err = omac_process(&eax->headeromac, buf, blklen)) != CRYPT_OK) {
return err;
}
/* omac the header */
if (headerlen != 0) {
if ((err = omac_process(&eax->headeromac, header, headerlen)) != CRYPT_OK) {
return err;
}
}
/* note we don't finish the headeromac, this allows us to add more header later */
/* setup the CTR mode */
if ((err = ctr_start(cipher, eax->N, key, keylen, 0, &eax->ctr)) != CRYPT_OK) {
return err;
}
/* use big-endian counter */
eax->ctr.mode = 1;
/* setup the OMAC for the ciphertext */
if ((err = omac_init(&eax->ctomac, cipher, key, keylen)) != CRYPT_OK) {
return err;
}
/* omac [2]_n */
zeromem(buf, sizeof(buf));
buf[blklen-1] = 2;
if ((err = omac_process(&eax->ctomac, buf, blklen)) != CRYPT_OK) {
return err;
}
#ifdef CLEAN_STACK
zeromem(buf, sizeof(buf));
zeromem(&omac, sizeof(omac));
#endif
return CRYPT_OK;
}
#endif

782
eax.c → eax_test.c
View File

@ -1,513 +1,271 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis /* LibTomCrypt, modular cryptographic library -- Tom St Denis
* *
* LibTomCrypt is a library that provides various cryptographic * LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
/* EAX Implementation by Tom St Denis */ /* EAX Implementation by Tom St Denis */
#include "mycrypt.h" #include "mycrypt.h"
#ifdef EAX_MODE #ifdef EAX_MODE
int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen, int eax_test(void)
const unsigned char *nonce, unsigned long noncelen, {
const unsigned char *header, unsigned long headerlen) #ifndef LTC_TEST
{ return CRYPT_NOP;
unsigned char buf[MAXBLOCKSIZE]; #else
int err, blklen; static const struct {
omac_state omac; int keylen,
unsigned long len; noncelen,
headerlen,
msglen;
_ARGCHK(eax != NULL);
_ARGCHK(key != NULL); unsigned char key[MAXBLOCKSIZE],
_ARGCHK(nonce != NULL); nonce[MAXBLOCKSIZE],
if (headerlen > 0) { header[MAXBLOCKSIZE],
_ARGCHK(header != NULL); plaintext[MAXBLOCKSIZE],
} ciphertext[MAXBLOCKSIZE],
tag[MAXBLOCKSIZE];
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { } tests[] = {
return err;
} /* NULL message */
blklen = cipher_descriptor[cipher].block_length; {
16, 0, 0, 0,
/* N = OMAC_0K(nonce) */ /* key */
zeromem(buf, sizeof(buf)); { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
if ((err = omac_init(&omac, cipher, key, keylen)) != CRYPT_OK) { 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
return err;
}
/* omac the [0]_n */
if ((err = omac_process(&omac, buf, blklen)) != CRYPT_OK) {
return err;
}
/* omac the nonce */
if ((err = omac_process(&omac, nonce, noncelen)) != CRYPT_OK) {
return err;
}
/* store result */
len = sizeof(eax->N);
if ((err = omac_done(&omac, eax->N, &len)) != CRYPT_OK) {
return err;
}
/* H = OMAC_1K(header) */
zeromem(buf, sizeof(buf));
buf[blklen - 1] = 1;
if ((err = omac_init(&eax->headeromac, cipher, key, keylen)) != CRYPT_OK) {
return err;
}
/* omac the [1]_n */
if ((err = omac_process(&eax->headeromac, buf, blklen)) != CRYPT_OK) {
return err;
}
/* omac the header */
if (headerlen != 0) {
if ((err = omac_process(&eax->headeromac, header, headerlen)) != CRYPT_OK) {
return err;
}
}
/* note we don't finish the headeromac, this allows us to add more header later */
/* setup the CTR mode */
if ((err = ctr_start(cipher, eax->N, key, keylen, 0, &eax->ctr)) != CRYPT_OK) {
return err;
}
/* use big-endian counter */
eax->ctr.mode = 1;
/* setup the OMAC for the ciphertext */
if ((err = omac_init(&eax->ctomac, cipher, key, keylen)) != CRYPT_OK) {
return err;
}
/* omac [2]_n */
zeromem(buf, sizeof(buf));
buf[blklen-1] = 2;
if ((err = omac_process(&eax->ctomac, buf, blklen)) != CRYPT_OK) {
return err;
}
#ifdef CLEAN_STACK
zeromem(buf, sizeof(buf));
zeromem(&omac, sizeof(omac));
#endif
return CRYPT_OK;
}
int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length)
{
int err;
_ARGCHK(eax != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
/* encrypt */
if ((err = ctr_encrypt(pt, ct, length, &eax->ctr)) != CRYPT_OK) {
return err;
}
/* omac ciphertext */
return omac_process(&eax->ctomac, ct, length);
}
int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length)
{
int err;
_ARGCHK(eax != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
/* omac ciphertext */
if ((err = omac_process(&eax->ctomac, ct, length)) != CRYPT_OK) {
return err;
}
/* decrypt */
return ctr_decrypt(ct, pt, length, &eax->ctr);
}
/* add header (metadata) to the stream */
int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length)
{
_ARGCHK(eax != NULL);
_ARGCHK(header != NULL);
return omac_process(&eax->headeromac, header, length);
}
int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
{
int err;
unsigned char headermac[MAXBLOCKSIZE], ctmac[MAXBLOCKSIZE];
unsigned long x, len;
_ARGCHK(eax != NULL);
_ARGCHK(tag != NULL);
_ARGCHK(taglen != NULL);
/* finish ctomac */
len = sizeof(ctmac);
if ((err = omac_done(&eax->ctomac, ctmac, &len)) != CRYPT_OK) {
return err;
}
/* finish headeromac */
/* note we specifically don't reset len so the two lens are minimal */
if ((err = omac_done(&eax->headeromac, headermac, &len)) != CRYPT_OK) {
return err;
}
/* compute N xor H xor C */
for (x = 0; x < len && x < *taglen; x++) {
tag[x] = eax->N[x] ^ headermac[x] ^ ctmac[x];
}
*taglen = x;
#ifdef CLEAN_STACK
zeromem(ctmac, sizeof(ctmac));
zeromem(headermac, sizeof(headermac));
#endif
return CRYPT_OK;
}
int eax_encrypt_authenticate_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
const unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen)
{
int err;
eax_state eax;
if ((err = eax_init(&eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
return err;
}
if ((err = eax_encrypt(&eax, pt, ct, ptlen)) != CRYPT_OK) {
return err;
}
if ((err = eax_done(&eax, tag, taglen)) != CRYPT_OK) {
return err;
}
#ifdef CLEAN_STACK
zeromem(&eax, sizeof(eax));
#endif
return CRYPT_OK;
}
int eax_decrypt_verify_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
unsigned char *tag, unsigned long taglen,
int *res)
{
int err;
eax_state eax;
unsigned char buf[MAXBLOCKSIZE];
unsigned long buflen;
_ARGCHK(res != NULL);
/* default to zero */
*res = 0;
if ((err = eax_init(&eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
return err;
}
if ((err = eax_decrypt(&eax, ct, pt, ctlen)) != CRYPT_OK) {
return err;
}
buflen = MIN(sizeof(buf), taglen);
if ((err = eax_done(&eax, buf, &buflen)) != CRYPT_OK) {
return err;
}
/* compare tags */
if (buflen >= taglen && memcmp(buf, tag, taglen) == 0) {
*res = 1;
}
#ifdef CLEAN_STACK
zeromem(&eax, sizeof(eax));
zeromem(buf, sizeof(buf));
#endif
return CRYPT_OK;
}
int eax_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
static const struct {
int keylen,
noncelen,
headerlen,
msglen;
unsigned char key[MAXBLOCKSIZE],
nonce[MAXBLOCKSIZE],
header[MAXBLOCKSIZE],
plaintext[MAXBLOCKSIZE],
ciphertext[MAXBLOCKSIZE],
tag[MAXBLOCKSIZE];
} tests[] = {
/* NULL message */
{
16, 0, 0, 0,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0 },
/* header */
{ 0 },
/* plaintext */
{ 0 },
/* ciphertext */
{ 0 },
/* tag */
{ 0x9a, 0xd0, 0x7e, 0x7d, 0xbf, 0xf3, 0x01, 0xf5,
0x05, 0xde, 0x59, 0x6b, 0x96, 0x15, 0xdf, 0xff }
},
/* test with nonce */
{
16, 16, 0, 0,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* header */
{ 0 },
/* plaintext */
{ 0 },
/* ciphertext */
{ 0 },
/* tag */
{ 0x1c, 0xe1, 0x0d, 0x3e, 0xff, 0xd4, 0xca, 0xdb,
0xe2, 0xe4, 0x4b, 0x58, 0xd6, 0x0a, 0xb9, 0xec }
},
/* test with header [no nonce] */
{
16, 0, 16, 0,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0 },
/* header */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* plaintext */
{ 0 },
/* ciphertext */
{ 0 },
/* tag */
{ 0x3a, 0x69, 0x8f, 0x7a, 0x27, 0x0e, 0x51, 0xb0,
0xf6, 0x5b, 0x3d, 0x3e, 0x47, 0x19, 0x3c, 0xff }
},
/* test with header + nonce + plaintext */
{
16, 16, 16, 32,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* header */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* plaintext */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
/* ciphertext */
{ 0x29, 0xd8, 0x78, 0xd1, 0xa3, 0xbe, 0x85, 0x7b,
0x6f, 0xb8, 0xc8, 0xea, 0x59, 0x50, 0xa7, 0x78,
0x33, 0x1f, 0xbf, 0x2c, 0xcf, 0x33, 0x98, 0x6f,
0x35, 0xe8, 0xcf, 0x12, 0x1d, 0xcb, 0x30, 0xbc },
/* tag */
{ 0x4f, 0xbe, 0x03, 0x38, 0xbe, 0x1c, 0x8c, 0x7e,
0x1d, 0x7a, 0xe7, 0xe4, 0x5b, 0x92, 0xc5, 0x87 }
},
/* test with header + nonce + plaintext [not even sizes!] */
{
16, 15, 14, 29,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e },
/* header */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d },
/* plaintext */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c },
/* ciphertext */
{ 0xdd, 0x25, 0xc7, 0x54, 0xc5, 0xb1, 0x7c, 0x59,
0x28, 0xb6, 0x9b, 0x73, 0x15, 0x5f, 0x7b, 0xb8,
0x88, 0x8f, 0xaf, 0x37, 0x09, 0x1a, 0xd9, 0x2c,
0x8a, 0x24, 0xdb, 0x86, 0x8b },
/* tag */
{ 0x0d, 0x1a, 0x14, 0xe5, 0x22, 0x24, 0xff, 0xd2,
0x3a, 0x05, 0xfa, 0x02, 0xcd, 0xef, 0x52, 0xda }
},
/* Vectors from Brian Gladman */
{
16, 16, 8, 0,
/* key */
{ 0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f,
0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78 },
/* nonce */
{ 0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07,
0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3 },
/* header */
{ 0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b },
/* PT */
{ 0x00 },
/* CT */
{ 0x00 },
/* tag */
{ 0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, 0x7b,
0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01 }
},
{
16, 16, 8, 2,
/* key */
{ 0x91, 0x94, 0x5d, 0x3f, 0x4d, 0xcb, 0xee, 0x0b,
0xf4, 0x5e, 0xf5, 0x22, 0x55, 0xf0, 0x95, 0xa4 },
/* nonce */ /* nonce */
{ 0xbe, 0xca, 0xf0, 0x43, 0xb0, 0xa2, 0x3d, 0x84, { 0 },
0x31, 0x94, 0xba, 0x97, 0x2c, 0x66, 0xde, 0xbd }, /* header */
/* header */ { 0 },
{ 0xfa, 0x3b, 0xfd, 0x48, 0x06, 0xeb, 0x53, 0xfa }, /* plaintext */
/* PT */ { 0 },
{ 0xf7, 0xfb }, /* ciphertext */
/* CT */ { 0 },
{ 0x19, 0xdd }, /* tag */
/* tag */ { 0x9a, 0xd0, 0x7e, 0x7d, 0xbf, 0xf3, 0x01, 0xf5,
{ 0x5c, 0x4c, 0x93, 0x31, 0x04, 0x9d, 0x0b, 0xda, 0x05, 0xde, 0x59, 0x6b, 0x96, 0x15, 0xdf, 0xff }
0xb0, 0x27, 0x74, 0x08, 0xf6, 0x79, 0x67, 0xe5 } },
},
/* test with nonce */
{ {
16, 16, 8, 5, 16, 16, 0, 0,
/* key */ /* key */
{ 0x01, 0xf7, 0x4a, 0xd6, 0x40, 0x77, 0xf2, 0xe7, { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x04, 0xc0, 0xf6, 0x0a, 0xda, 0x3d, 0xd5, 0x23 }, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */ /* nonce */
{ 0x70, 0xc3, 0xdb, 0x4f, 0x0d, 0x26, 0x36, 0x84, { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0xa1, 0x0e, 0xd0, 0x5d, 0x2b, 0xff, 0x5e }, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* header */ /* header */
{ 0x23, 0x4a, 0x34, 0x63, 0xc1, 0x26, 0x4a, 0xc6 }, { 0 },
/* PT */ /* plaintext */
{ 0x1a, 0x47, 0xcb, 0x49, 0x33 }, { 0 },
/* CT */ /* ciphertext */
{ 0xd8, 0x51, 0xd5, 0xba, 0xe0 }, { 0 },
/* Tag */ /* tag */
{ 0x3a, 0x59, 0xf2, 0x38, 0xa2, 0x3e, 0x39, 0x19, { 0x1c, 0xe1, 0x0d, 0x3e, 0xff, 0xd4, 0xca, 0xdb,
0x9d, 0xc9, 0x26, 0x66, 0x26, 0xc4, 0x0f, 0x80 } 0xe2, 0xe4, 0x4b, 0x58, 0xd6, 0x0a, 0xb9, 0xec }
} },
}; /* test with header [no nonce] */
int err, x, idx, res; {
unsigned long len; 16, 0, 16, 0,
unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE]; /* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
/* AES can be under rijndael or aes... try to find it */ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
if ((idx = find_cipher("aes")) == -1) { /* nonce */
if ((idx = find_cipher("rijndael")) == -1) { { 0 },
return CRYPT_NOP; /* header */
} { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
} 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* plaintext */
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { { 0 },
len = sizeof(outtag); /* ciphertext */
if ((err = eax_encrypt_authenticate_memory(idx, tests[x].key, tests[x].keylen, { 0 },
tests[x].nonce, tests[x].noncelen, tests[x].header, tests[x].headerlen, /* tag */
tests[x].plaintext, tests[x].msglen, outct, outtag, &len)) != CRYPT_OK) { { 0x3a, 0x69, 0x8f, 0x7a, 0x27, 0x0e, 0x51, 0xb0,
return err; 0xf6, 0x5b, 0x3d, 0x3e, 0x47, 0x19, 0x3c, 0xff }
} },
if (memcmp(outct, tests[x].ciphertext, tests[x].msglen) || memcmp(outtag, tests[x].tag, len)) {
#if 0 /* test with header + nonce + plaintext */
unsigned long y; {
printf("\n\nFailure: \nCT:\n"); 16, 16, 16, 32,
for (y = 0; y < (unsigned long)tests[x].msglen; ) { /* key */
printf("0x%02x", outct[y]); { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
if (y < (unsigned long)(tests[x].msglen-1)) printf(", "); 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
if (!(++y % 8)) printf("\n"); /* nonce */
} { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
printf("\nTAG:\n"); 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
for (y = 0; y < len; ) { /* header */
printf("0x%02x", outtag[y]); { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
if (y < len-1) printf(", "); 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
if (!(++y % 8)) printf("\n"); /* plaintext */
} { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
#endif 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
return CRYPT_FAIL_TESTVECTOR; 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
} 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
/* ciphertext */
/* test decrypt */ { 0x29, 0xd8, 0x78, 0xd1, 0xa3, 0xbe, 0x85, 0x7b,
if ((err = eax_decrypt_verify_memory(idx, tests[x].key, tests[x].keylen, 0x6f, 0xb8, 0xc8, 0xea, 0x59, 0x50, 0xa7, 0x78,
tests[x].nonce, tests[x].noncelen, tests[x].header, tests[x].headerlen, 0x33, 0x1f, 0xbf, 0x2c, 0xcf, 0x33, 0x98, 0x6f,
outct, tests[x].msglen, outct, outtag, len, &res)) != CRYPT_OK) { 0x35, 0xe8, 0xcf, 0x12, 0x1d, 0xcb, 0x30, 0xbc },
return err; /* tag */
} { 0x4f, 0xbe, 0x03, 0x38, 0xbe, 0x1c, 0x8c, 0x7e,
if (res != 1 || memcmp(outct, tests[x].plaintext, tests[x].msglen)) { 0x1d, 0x7a, 0xe7, 0xe4, 0x5b, 0x92, 0xc5, 0x87 }
#if 0 },
unsigned long y;
printf("\n\nFailure (res == %d): \nPT:\n", res); /* test with header + nonce + plaintext [not even sizes!] */
for (y = 0; y < (unsigned long)tests[x].msglen; ) { {
printf("0x%02x", outct[y]); 16, 15, 14, 29,
if (y < (unsigned long)(tests[x].msglen-1)) printf(", "); /* key */
if (!(++y % 8)) printf("\n"); { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
} 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
printf("\n\n"); /* nonce */
#endif { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
return CRYPT_FAIL_TESTVECTOR; 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e },
} /* header */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
} 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d },
return CRYPT_OK; /* plaintext */
#endif /* LTC_TEST */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
} 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
#endif /* EAX_MODE */ 0x18, 0x19, 0x1a, 0x1b, 0x1c },
/* ciphertext */
{ 0xdd, 0x25, 0xc7, 0x54, 0xc5, 0xb1, 0x7c, 0x59,
0x28, 0xb6, 0x9b, 0x73, 0x15, 0x5f, 0x7b, 0xb8,
0x88, 0x8f, 0xaf, 0x37, 0x09, 0x1a, 0xd9, 0x2c,
0x8a, 0x24, 0xdb, 0x86, 0x8b },
/* tag */
{ 0x0d, 0x1a, 0x14, 0xe5, 0x22, 0x24, 0xff, 0xd2,
0x3a, 0x05, 0xfa, 0x02, 0xcd, 0xef, 0x52, 0xda }
},
/* Vectors from Brian Gladman */
{
16, 16, 8, 0,
/* key */
{ 0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f,
0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78 },
/* nonce */
{ 0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07,
0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3 },
/* header */
{ 0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b },
/* PT */
{ 0x00 },
/* CT */
{ 0x00 },
/* tag */
{ 0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, 0x7b,
0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01 }
},
{
16, 16, 8, 2,
/* key */
{ 0x91, 0x94, 0x5d, 0x3f, 0x4d, 0xcb, 0xee, 0x0b,
0xf4, 0x5e, 0xf5, 0x22, 0x55, 0xf0, 0x95, 0xa4 },
/* nonce */
{ 0xbe, 0xca, 0xf0, 0x43, 0xb0, 0xa2, 0x3d, 0x84,
0x31, 0x94, 0xba, 0x97, 0x2c, 0x66, 0xde, 0xbd },
/* header */
{ 0xfa, 0x3b, 0xfd, 0x48, 0x06, 0xeb, 0x53, 0xfa },
/* PT */
{ 0xf7, 0xfb },
/* CT */
{ 0x19, 0xdd },
/* tag */
{ 0x5c, 0x4c, 0x93, 0x31, 0x04, 0x9d, 0x0b, 0xda,
0xb0, 0x27, 0x74, 0x08, 0xf6, 0x79, 0x67, 0xe5 }
},
{
16, 16, 8, 5,
/* key */
{ 0x01, 0xf7, 0x4a, 0xd6, 0x40, 0x77, 0xf2, 0xe7,
0x04, 0xc0, 0xf6, 0x0a, 0xda, 0x3d, 0xd5, 0x23 },
/* nonce */
{ 0x70, 0xc3, 0xdb, 0x4f, 0x0d, 0x26, 0x36, 0x84,
0x00, 0xa1, 0x0e, 0xd0, 0x5d, 0x2b, 0xff, 0x5e },
/* header */
{ 0x23, 0x4a, 0x34, 0x63, 0xc1, 0x26, 0x4a, 0xc6 },
/* PT */
{ 0x1a, 0x47, 0xcb, 0x49, 0x33 },
/* CT */
{ 0xd8, 0x51, 0xd5, 0xba, 0xe0 },
/* Tag */
{ 0x3a, 0x59, 0xf2, 0x38, 0xa2, 0x3e, 0x39, 0x19,
0x9d, 0xc9, 0x26, 0x66, 0x26, 0xc4, 0x0f, 0x80 }
}
};
int err, x, idx, res;
unsigned long len;
unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE];
/* AES can be under rijndael or aes... try to find it */
if ((idx = find_cipher("aes")) == -1) {
if ((idx = find_cipher("rijndael")) == -1) {
return CRYPT_NOP;
}
}
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
len = sizeof(outtag);
if ((err = eax_encrypt_authenticate_memory(idx, tests[x].key, tests[x].keylen,
tests[x].nonce, tests[x].noncelen, tests[x].header, tests[x].headerlen,
tests[x].plaintext, tests[x].msglen, outct, outtag, &len)) != CRYPT_OK) {
return err;
}
if (memcmp(outct, tests[x].ciphertext, tests[x].msglen) || memcmp(outtag, tests[x].tag, len)) {
#if 0
unsigned long y;
printf("\n\nFailure: \nCT:\n");
for (y = 0; y < (unsigned long)tests[x].msglen; ) {
printf("0x%02x", outct[y]);
if (y < (unsigned long)(tests[x].msglen-1)) printf(", ");
if (!(++y % 8)) printf("\n");
}
printf("\nTAG:\n");
for (y = 0; y < len; ) {
printf("0x%02x", outtag[y]);
if (y < len-1) printf(", ");
if (!(++y % 8)) printf("\n");
}
#endif
return CRYPT_FAIL_TESTVECTOR;
}
/* test decrypt */
if ((err = eax_decrypt_verify_memory(idx, tests[x].key, tests[x].keylen,
tests[x].nonce, tests[x].noncelen, tests[x].header, tests[x].headerlen,
outct, tests[x].msglen, outct, outtag, len, &res)) != CRYPT_OK) {
return err;
}
if ((res != 1) || memcmp(outct, tests[x].plaintext, tests[x].msglen)) {
#if 0
unsigned long y;
printf("\n\nFailure (res == %d): \nPT:\n", res);
for (y = 0; y < (unsigned long)tests[x].msglen; ) {
printf("0x%02x", outct[y]);
if (y < (unsigned long)(tests[x].msglen-1)) printf(", ");
if (!(++y % 8)) printf("\n");
}
printf("\n\n");
#endif
return CRYPT_FAIL_TESTVECTOR;
}
}
return CRYPT_OK;
#endif /* LTC_TEST */
}
#endif /* EAX_MODE */

31
ecb_decrypt.c Normal file
View File

@ -0,0 +1,31 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef ECB
int ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ECB *ecb)
{
int err;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(ecb != NULL);
if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) {
return err;
}
cipher_descriptor[ecb->cipher].ecb_decrypt(ct, pt, &ecb->key);
return CRYPT_OK;
}
#endif

29
ecb_encrypt.c Normal file
View File

@ -0,0 +1,29 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef ECB
int ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ECB *ecb)
{
int err;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(ecb != NULL);
if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) {
return err;
}
cipher_descriptor[ecb->cipher].ecb_encrypt(pt, ct, &ecb->key);
return CRYPT_OK;
}
#endif

32
ecb.c → ecb_start.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
@ -26,34 +26,4 @@ int ecb_start(int cipher, const unsigned char *key, int keylen, int num_rounds,
return cipher_descriptor[cipher].setup(key, keylen, num_rounds, &ecb->key); return cipher_descriptor[cipher].setup(key, keylen, num_rounds, &ecb->key);
} }
int ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ECB *ecb)
{
int err;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(ecb != NULL);
if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) {
return err;
}
cipher_descriptor[ecb->cipher].ecb_encrypt(pt, ct, &ecb->key);
return CRYPT_OK;
}
int ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ECB *ecb)
{
int err;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(ecb != NULL);
if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) {
return err;
}
cipher_descriptor[ecb->cipher].ecb_decrypt(ct, pt, &ecb->key);
return CRYPT_OK;
}
#endif #endif

13
ecc.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
@ -216,9 +216,12 @@ void ecc_find_base(void)
mp_clear_multi(&tx, &ty, &x, &y, &p, &pp, &r, &B, &tmp1, &tmp2, NULL); mp_clear_multi(&tx, &ty, &x, &y, &p, &pp, &r, &B, &tmp1, &tmp2, NULL);
} }
#endif #endif
static int is_valid_idx(int n) static int is_valid_idx(int n)
{ {
int x; int x;
@ -575,7 +578,7 @@ done:
void ecc_sizes(int *low, int *high) void ecc_sizes(int *low, int *high)
{ {
int i; int i;
_ARGCHK(low != NULL); _ARGCHK(low != NULL);
_ARGCHK(high != NULL); _ARGCHK(high != NULL);
*low = INT_MAX; *low = INT_MAX;
@ -837,7 +840,7 @@ int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key)
} }
/* load x coordinate */ /* load x coordinate */
INPUT_BIGNUM(&key->pubkey.x, in, x, y); INPUT_BIGNUM(&key->pubkey.x, in, x, y, inlen);
/* load y */ /* load y */
x = (unsigned long)in[y++]; x = (unsigned long)in[y++];
@ -847,7 +850,7 @@ int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key)
if (key->type == PK_PRIVATE) { if (key->type == PK_PRIVATE) {
/* load private key */ /* load private key */
INPUT_BIGNUM(&key->k, in, x, y); INPUT_BIGNUM(&key->k, in, x, y, inlen);
} }
/* eliminate private key if public */ /* eliminate private key if public */

2
ecc_sys.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */

2
gf.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */

102
hash.c
View File

@ -1,102 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* gurantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int hash_memory(int hash, const unsigned char *data, unsigned long len, unsigned char *dst, unsigned long *outlen)
{
hash_state md;
int err;
_ARGCHK(data != NULL);
_ARGCHK(dst != NULL);
_ARGCHK(outlen != NULL);
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
if (*outlen < hash_descriptor[hash].hashsize) {
return CRYPT_BUFFER_OVERFLOW;
}
*outlen = hash_descriptor[hash].hashsize;
hash_descriptor[hash].init(&md);
hash_descriptor[hash].process(&md, data, len);
hash_descriptor[hash].done(&md, dst);
return CRYPT_OK;
}
int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outlen)
{
#ifdef NO_FILE
return CRYPT_NOP;
#else
hash_state md;
unsigned char buf[512];
size_t x;
int err;
_ARGCHK(dst != NULL);
_ARGCHK(outlen != NULL);
_ARGCHK(in != NULL);
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
if (*outlen < hash_descriptor[hash].hashsize) {
return CRYPT_BUFFER_OVERFLOW;
}
*outlen = hash_descriptor[hash].hashsize;
hash_descriptor[hash].init(&md);
do {
x = fread(buf, 1, sizeof(buf), in);
hash_descriptor[hash].process(&md, buf, x);
} while (x == sizeof(buf));
hash_descriptor[hash].done(&md, dst);
#ifdef CLEAN_STACK
zeromem(buf, sizeof(buf));
#endif
return CRYPT_OK;
#endif
}
int hash_file(int hash, const char *fname, unsigned char *dst, unsigned long *outlen)
{
#ifdef NO_FILE
return CRYPT_NOP;
#else
FILE *in;
int err;
_ARGCHK(fname != NULL);
_ARGCHK(dst != NULL);
_ARGCHK(outlen != NULL);
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
in = fopen(fname, "rb");
if (in == NULL) {
return CRYPT_FILE_NOTFOUND;
}
err = hash_filehandle(hash, in, dst, outlen);
if (fclose(in) != 0) {
return CRYPT_ERROR;
}
return err;
#endif
}

41
hash_file.c Normal file
View File

@ -0,0 +1,41 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int hash_file(int hash, const char *fname, unsigned char *dst, unsigned long *outlen)
{
#ifdef NO_FILE
return CRYPT_NOP;
#else
FILE *in;
int err;
_ARGCHK(fname != NULL);
_ARGCHK(dst != NULL);
_ARGCHK(outlen != NULL);
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
in = fopen(fname, "rb");
if (in == NULL) {
return CRYPT_FILE_NOTFOUND;
}
err = hash_filehandle(hash, in, dst, outlen);
if (fclose(in) != 0) {
return CRYPT_ERROR;
}
return err;
#endif
}

49
hash_filehandle.c Normal file
View File

@ -0,0 +1,49 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outlen)
{
#ifdef NO_FILE
return CRYPT_NOP;
#else
hash_state md;
unsigned char buf[512];
size_t x;
int err;
_ARGCHK(dst != NULL);
_ARGCHK(outlen != NULL);
_ARGCHK(in != NULL);
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
if (*outlen < hash_descriptor[hash].hashsize) {
return CRYPT_BUFFER_OVERFLOW;
}
*outlen = hash_descriptor[hash].hashsize;
hash_descriptor[hash].init(&md);
do {
x = fread(buf, 1, sizeof(buf), in);
hash_descriptor[hash].process(&md, buf, x);
} while (x == sizeof(buf));
hash_descriptor[hash].done(&md, dst);
#ifdef CLEAN_STACK
zeromem(buf, sizeof(buf));
#endif
return CRYPT_OK;
#endif
}

35
hash_memory.c Normal file
View File

@ -0,0 +1,35 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int hash_memory(int hash, const unsigned char *data, unsigned long len, unsigned char *dst, unsigned long *outlen)
{
hash_state md;
int err;
_ARGCHK(data != NULL);
_ARGCHK(dst != NULL);
_ARGCHK(outlen != NULL);
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
if (*outlen < hash_descriptor[hash].hashsize) {
return CRYPT_BUFFER_OVERFLOW;
}
*outlen = hash_descriptor[hash].hashsize;
hash_descriptor[hash].init(&md);
hash_descriptor[hash].process(&md, data, len);
hash_descriptor[hash].done(&md, dst);
return CRYPT_OK;
}

84
hmac_done.c Normal file
View File

@ -0,0 +1,84 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* Submited by Dobes Vandermeer (dobes@smartt.com) */
#include "mycrypt.h"
/*
(1) append zeros to the end of K to create a B byte string
(e.g., if K is of length 20 bytes and B=64, then K will be
appended with 44 zero bytes 0x00)
(2) XOR (bitwise exclusive-OR) the B byte string computed in step
(1) with ipad (ipad = the byte 0x36 repeated B times)
(3) append the stream of data 'text' to the B byte string resulting
from step (2)
(4) apply H to the stream generated in step (3)
(5) XOR (bitwise exclusive-OR) the B byte string computed in
step (1) with opad (opad = the byte 0x5C repeated B times.)
(6) append the H result from step (4) to the B byte string
resulting from step (5)
(7) apply H to the stream generated in step (6) and output
the result
*/
#ifdef HMAC
#define HMAC_BLOCKSIZE hash_descriptor[hash].blocksize
int hmac_done(hmac_state *hmac, unsigned char *hashOut, unsigned long *outlen)
{
unsigned char buf[MAXBLOCKSIZE];
unsigned char isha[MAXBLOCKSIZE];
unsigned long hashsize, i;
int hash, err;
_ARGCHK(hmac != NULL);
_ARGCHK(hashOut != NULL);
hash = hmac->hash;
if((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
/* get the hash message digest size */
hashsize = hash_descriptor[hash].hashsize;
// Get the hash of the first HMAC vector plus the data
if ((err = hash_descriptor[hash].done(&hmac->md, isha)) != CRYPT_OK) {
return err;
}
// Create the second HMAC vector vector for step (3)
for(i=0; i < HMAC_BLOCKSIZE; i++) {
buf[i] = hmac->key[i] ^ 0x5C;
}
// Now calculate the "outer" hash for step (5), (6), and (7)
hash_descriptor[hash].init(&hmac->md);
hash_descriptor[hash].process(&hmac->md, buf, HMAC_BLOCKSIZE);
hash_descriptor[hash].process(&hmac->md, isha, hashsize);
hash_descriptor[hash].done(&hmac->md, buf);
// copy to output
for (i = 0; i < hashsize && i < *outlen; i++) {
hashOut[i] = buf[i];
}
*outlen = i;
#ifdef CLEAN_STACK
zeromem(isha, sizeof(buf));
zeromem(buf, sizeof(isha));
zeromem(hmac, sizeof(*hmac));
#endif
return CRYPT_OK;
}
#endif

96
hmac_file.c Normal file
View File

@ -0,0 +1,96 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* Submited by Dobes Vandermeer (dobes@smartt.com) */
#include "mycrypt.h"
/*
(1) append zeros to the end of K to create a B byte string
(e.g., if K is of length 20 bytes and B=64, then K will be
appended with 44 zero bytes 0x00)
(2) XOR (bitwise exclusive-OR) the B byte string computed in step
(1) with ipad (ipad = the byte 0x36 repeated B times)
(3) append the stream of data 'text' to the B byte string resulting
from step (2)
(4) apply H to the stream generated in step (3)
(5) XOR (bitwise exclusive-OR) the B byte string computed in
step (1) with opad (opad = the byte 0x5C repeated B times.)
(6) append the H result from step (4) to the B byte string
resulting from step (5)
(7) apply H to the stream generated in step (6) and output
the result
*/
#ifdef HMAC
#define HMAC_BLOCKSIZE hash_descriptor[hash].blocksize
/* hmac_file added by Tom St Denis */
int hmac_file(int hash, const char *fname,
const unsigned char *key, unsigned long keylen,
unsigned char *dst, unsigned long *dstlen)
{
#ifdef NO_FILE
return CRYPT_NOP;
#else
hmac_state hmac;
FILE *in;
unsigned char buf[512];
size_t x;
int err;
_ARGCHK(fname != NULL);
_ARGCHK(key != NULL);
_ARGCHK(dst != NULL);
_ARGCHK(dstlen != NULL);
if((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
if ((err = hmac_init(&hmac, hash, key, keylen)) != CRYPT_OK) {
return err;
}
in = fopen(fname, "rb");
if (in == NULL) {
return CRYPT_FILE_NOTFOUND;
}
/* process the file contents */
do {
x = fread(buf, 1, sizeof(buf), in);
if ((err = hmac_process(&hmac, buf, (unsigned long)x)) != CRYPT_OK) {
/* we don't trap this error since we're already returning an error! */
fclose(in);
return err;
}
} while (x == sizeof(buf));
if (fclose(in) != 0) {
return CRYPT_ERROR;
}
/* get final hmac */
if ((err = hmac_done(&hmac, dst, dstlen)) != CRYPT_OK) {
return err;
}
#ifdef CLEAN_STACK
/* clear memory */
zeromem(buf, sizeof(buf));
#endif
return CRYPT_OK;
#endif
}
#endif

87
hmac_init.c Normal file
View File

@ -0,0 +1,87 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* Submited by Dobes Vandermeer (dobes@smartt.com) */
#include "mycrypt.h"
/*
(1) append zeros to the end of K to create a B byte string
(e.g., if K is of length 20 bytes and B=64, then K will be
appended with 44 zero bytes 0x00)
(2) XOR (bitwise exclusive-OR) the B byte string computed in step
(1) with ipad (ipad = the byte 0x36 repeated B times)
(3) append the stream of data 'text' to the B byte string resulting
from step (2)
(4) apply H to the stream generated in step (3)
(5) XOR (bitwise exclusive-OR) the B byte string computed in
step (1) with opad (opad = the byte 0x5C repeated B times.)
(6) append the H result from step (4) to the B byte string
resulting from step (5)
(7) apply H to the stream generated in step (6) and output
the result
*/
#ifdef HMAC
#define HMAC_BLOCKSIZE hash_descriptor[hash].blocksize
int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned long keylen)
{
unsigned char buf[MAXBLOCKSIZE];
unsigned long hashsize;
unsigned long i, z;
int err;
_ARGCHK(hmac != NULL);
_ARGCHK(key != NULL);
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
/* valid key length? */
if (keylen == 0) {
return CRYPT_INVALID_KEYSIZE;
}
hmac->hash = hash;
// (1) make sure we have a large enough key
hashsize = hash_descriptor[hash].hashsize;
if(keylen > HMAC_BLOCKSIZE) {
z = (unsigned long)sizeof(hmac->key);
if ((err = hash_memory(hash, key, keylen, hmac->key, &z)) != CRYPT_OK) {
return err;
}
if(hashsize < HMAC_BLOCKSIZE) {
zeromem((hmac->key) + hashsize, (size_t)(HMAC_BLOCKSIZE - hashsize));
}
keylen = hashsize;
} else {
memcpy(hmac->key, key, (size_t)keylen);
if(keylen < HMAC_BLOCKSIZE) {
zeromem((hmac->key) + keylen, (size_t)(HMAC_BLOCKSIZE - keylen));
}
}
// Create the initial vector for step (3)
for(i=0; i < HMAC_BLOCKSIZE; i++) {
buf[i] = hmac->key[i] ^ 0x36;
}
// Pre-pend that to the hash data
hash_descriptor[hash].init(&hmac->md);
hash_descriptor[hash].process(&hmac->md, buf, HMAC_BLOCKSIZE);
return CRYPT_OK;
}
#endif

67
hmac_memory.c Normal file
View File

@ -0,0 +1,67 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* Submited by Dobes Vandermeer (dobes@smartt.com) */
#include "mycrypt.h"
/*
(1) append zeros to the end of K to create a B byte string
(e.g., if K is of length 20 bytes and B=64, then K will be
appended with 44 zero bytes 0x00)
(2) XOR (bitwise exclusive-OR) the B byte string computed in step
(1) with ipad (ipad = the byte 0x36 repeated B times)
(3) append the stream of data 'text' to the B byte string resulting
from step (2)
(4) apply H to the stream generated in step (3)
(5) XOR (bitwise exclusive-OR) the B byte string computed in
step (1) with opad (opad = the byte 0x5C repeated B times.)
(6) append the H result from step (4) to the B byte string
resulting from step (5)
(7) apply H to the stream generated in step (6) and output
the result
*/
#ifdef HMAC
#define HMAC_BLOCKSIZE hash_descriptor[hash].blocksize
int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
const unsigned char *data, unsigned long len,
unsigned char *dst, unsigned long *dstlen)
{
hmac_state hmac;
int err;
_ARGCHK(key != NULL);
_ARGCHK(data != NULL);
_ARGCHK(dst != NULL);
_ARGCHK(dstlen != NULL);
if((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
if ((err = hmac_init(&hmac, hash, key, keylen)) != CRYPT_OK) {
return err;
}
if ((err = hmac_process(&hmac, data, len)) != CRYPT_OK) {
return err;
}
if ((err = hmac_done(&hmac, dst, dstlen)) != CRYPT_OK) {
return err;
}
return CRYPT_OK;
}
#endif

48
hmac_process.c Normal file
View File

@ -0,0 +1,48 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* Submited by Dobes Vandermeer (dobes@smartt.com) */
#include "mycrypt.h"
/*
(1) append zeros to the end of K to create a B byte string
(e.g., if K is of length 20 bytes and B=64, then K will be
appended with 44 zero bytes 0x00)
(2) XOR (bitwise exclusive-OR) the B byte string computed in step
(1) with ipad (ipad = the byte 0x36 repeated B times)
(3) append the stream of data 'text' to the B byte string resulting
from step (2)
(4) apply H to the stream generated in step (3)
(5) XOR (bitwise exclusive-OR) the B byte string computed in
step (1) with opad (opad = the byte 0x5C repeated B times.)
(6) append the H result from step (4) to the B byte string
resulting from step (5)
(7) apply H to the stream generated in step (6) and output
the result
*/
#ifdef HMAC
#define HMAC_BLOCKSIZE hash_descriptor[hash].blocksize
int hmac_process(hmac_state *hmac, const unsigned char *buf, unsigned long len)
{
int err;
_ARGCHK(hmac != NULL);
_ARGCHK(buf != NULL);
if ((err = hash_is_valid(hmac->hash)) != CRYPT_OK) {
return err;
}
return hash_descriptor[hmac->hash].process(&hmac->md, buf, len);
}
#endif

201
hmac.c → hmac_test.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
@ -33,205 +33,6 @@
#define HMAC_BLOCKSIZE hash_descriptor[hash].blocksize #define HMAC_BLOCKSIZE hash_descriptor[hash].blocksize
int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned long keylen)
{
unsigned char buf[MAXBLOCKSIZE];
unsigned long hashsize;
unsigned long i, z;
int err;
_ARGCHK(hmac != NULL);
_ARGCHK(key != NULL);
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
/* valid key length? */
if (keylen == 0) {
return CRYPT_INVALID_KEYSIZE;
}
hmac->hash = hash;
// (1) make sure we have a large enough key
hashsize = hash_descriptor[hash].hashsize;
if(keylen > HMAC_BLOCKSIZE) {
z = (unsigned long)sizeof(hmac->key);
if ((err = hash_memory(hash, key, keylen, hmac->key, &z)) != CRYPT_OK) {
return err;
}
if(hashsize < HMAC_BLOCKSIZE) {
zeromem((hmac->key) + hashsize, (size_t)(HMAC_BLOCKSIZE - hashsize));
}
keylen = hashsize;
} else {
memcpy(hmac->key, key, (size_t)keylen);
if(keylen < HMAC_BLOCKSIZE) {
zeromem((hmac->key) + keylen, (size_t)(HMAC_BLOCKSIZE - keylen));
}
}
// Create the initial vector for step (3)
for(i=0; i < HMAC_BLOCKSIZE; i++) {
buf[i] = hmac->key[i] ^ 0x36;
}
// Pre-pend that to the hash data
hash_descriptor[hash].init(&hmac->md);
hash_descriptor[hash].process(&hmac->md, buf, HMAC_BLOCKSIZE);
return CRYPT_OK;
}
int hmac_process(hmac_state *hmac, const unsigned char *buf, unsigned long len)
{
int err;
_ARGCHK(hmac != NULL);
_ARGCHK(buf != NULL);
if ((err = hash_is_valid(hmac->hash)) != CRYPT_OK) {
return err;
}
return hash_descriptor[hmac->hash].process(&hmac->md, buf, len);
}
int hmac_done(hmac_state *hmac, unsigned char *hashOut, unsigned long *outlen)
{
unsigned char buf[MAXBLOCKSIZE];
unsigned char isha[MAXBLOCKSIZE];
unsigned long hashsize, i;
int hash, err;
_ARGCHK(hmac != NULL);
_ARGCHK(hashOut != NULL);
hash = hmac->hash;
if((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
/* get the hash message digest size */
hashsize = hash_descriptor[hash].hashsize;
// Get the hash of the first HMAC vector plus the data
if ((err = hash_descriptor[hash].done(&hmac->md, isha)) != CRYPT_OK) {
return err;
}
// Create the second HMAC vector vector for step (3)
for(i=0; i < HMAC_BLOCKSIZE; i++) {
buf[i] = hmac->key[i] ^ 0x5C;
}
// Now calculate the "outer" hash for step (5), (6), and (7)
hash_descriptor[hash].init(&hmac->md);
hash_descriptor[hash].process(&hmac->md, buf, HMAC_BLOCKSIZE);
hash_descriptor[hash].process(&hmac->md, isha, hashsize);
hash_descriptor[hash].done(&hmac->md, buf);
// copy to output
for (i = 0; i < hashsize && i < *outlen; i++) {
hashOut[i] = buf[i];
}
*outlen = i;
#ifdef CLEAN_STACK
zeromem(isha, sizeof(buf));
zeromem(buf, sizeof(isha));
zeromem(hmac, sizeof(*hmac));
#endif
return CRYPT_OK;
}
int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
const unsigned char *data, unsigned long len,
unsigned char *dst, unsigned long *dstlen)
{
hmac_state hmac;
int err;
_ARGCHK(key != NULL);
_ARGCHK(data != NULL);
_ARGCHK(dst != NULL);
_ARGCHK(dstlen != NULL);
if((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
if ((err = hmac_init(&hmac, hash, key, keylen)) != CRYPT_OK) {
return err;
}
if ((err = hmac_process(&hmac, data, len)) != CRYPT_OK) {
return err;
}
if ((err = hmac_done(&hmac, dst, dstlen)) != CRYPT_OK) {
return err;
}
return CRYPT_OK;
}
/* hmac_file added by Tom St Denis */
int hmac_file(int hash, const char *fname,
const unsigned char *key, unsigned long keylen,
unsigned char *dst, unsigned long *dstlen)
{
#ifdef NO_FILE
return CRYPT_NOP;
#else
hmac_state hmac;
FILE *in;
unsigned char buf[512];
size_t x;
int err;
_ARGCHK(fname != NULL);
_ARGCHK(key != NULL);
_ARGCHK(dst != NULL);
_ARGCHK(dstlen != NULL);
if((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
if ((err = hmac_init(&hmac, hash, key, keylen)) != CRYPT_OK) {
return err;
}
in = fopen(fname, "rb");
if (in == NULL) {
return CRYPT_FILE_NOTFOUND;
}
/* process the file contents */
do {
x = fread(buf, 1, sizeof(buf), in);
if ((err = hmac_process(&hmac, buf, (unsigned long)x)) != CRYPT_OK) {
/* we don't trap this error since we're already returning an error! */
fclose(in);
return err;
}
} while (x == sizeof(buf));
if (fclose(in) != 0) {
return CRYPT_ERROR;
}
/* get final hmac */
if ((err = hmac_done(&hmac, dst, dstlen)) != CRYPT_OK) {
return err;
}
#ifdef CLEAN_STACK
/* clear memory */
zeromem(buf, sizeof(buf));
#endif
return CRYPT_OK;
#endif
}
/* /*
TEST CASES SOURCE: TEST CASES SOURCE:

27
is_prime.c Normal file
View File

@ -0,0 +1,27 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MPI
/* figures out if a number is prime (MR test) */
int is_prime(mp_int *N, int *result)
{
int err;
_ARGCHK(N != NULL);
_ARGCHK(result != NULL);
if ((err = mp_prime_is_prime(N, mp_prime_rabin_miller_trials(mp_count_bits(N)), result)) != MP_OKAY) {
return mpi_to_ltc_error(err);
}
return CRYPT_OK;
}
#endif

2
keyring.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */

102
makefile
View File

@ -9,7 +9,7 @@
# a build. This is easy to remedy though, for those that have problems. # a build. This is easy to remedy though, for those that have problems.
# The version # The version
VERSION=0.94 VERSION=0.95
#ch1-01-1 #ch1-01-1
# Compiler and Linker Names # Compiler and Linker Names
@ -23,7 +23,8 @@ VERSION=0.94
#ch1-01-3 #ch1-01-3
# Compilation flags. Note the += does not write over the user's CFLAGS! # Compilation flags. Note the += does not write over the user's CFLAGS!
CFLAGS += -c -I./ -Wall -Wsign-compare -W -Wno-unused -Wshadow -Werror CFLAGS += -c -I./ -Wall -Wsign-compare -W -Wshadow
# -Werror
# optimize for SPEED # optimize for SPEED
#CFLAGS += -O3 -funroll-loops #CFLAGS += -O3 -funroll-loops
@ -62,12 +63,63 @@ DATAPATH=/usr/share/doc/libtomcrypt/pdf
#Leave MPI built-in or force developer to link against libtommath? #Leave MPI built-in or force developer to link against libtommath?
MPIOBJECT=mpi.o MPIOBJECT=mpi.o
OBJECTS=keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o \ OBJECTS=keyring.o gf.o strings.o base64.o \
bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o \ \
md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o des.o \ crypt.o crypt_find_cipher.o crypt_find_hash_any.o \
safer_tab.o safer.o saferp.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o \ crypt_hash_is_valid.o crypt_register_hash.o crypt_unregister_prng.o \
prime.o twofish.o packet.o hmac.o strings.o rmd128.o rmd160.o skipjack.o omac.o dsa.o \ crypt_argchk.o crypt_find_cipher_any.o crypt_find_hash_id.o \
eax.o ocb.o pmac.o whirl.o $(MPIOBJECT) crypt_prng_descriptor.o crypt_register_prng.o crypt_cipher_descriptor.o \
crypt_find_cipher_id.o crypt_find_prng.o crypt_prng_is_valid.o \
crypt_unregister_cipher.o crypt_cipher_is_valid.o crypt_find_hash.o \
crypt_hash_descriptor.o crypt_register_cipher.o crypt_unregister_hash.o \
\
sprng.o yarrow.o rc4.o rng_get_bytes.o rng_make_prng.o \
\
rand_prime.o is_prime.o \
\
ecc.o dh.o \
\
rsa.o rsa_exptmod.o rsa_free.o rsa_make_key.o \
\
dsa_export.o dsa_free.o dsa_import.o dsa_make_key.o dsa_sign_hash.o dsa_verify_hash.o dsa_verify_key.o \
\
xtea.o aes.o des.o safer_tab.o safer.o saferp.o rc2.o \
rc6.o rc5.o cast5.o noekeon.o blowfish.o twofish.o skipjack.o \
\
md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \
rmd128.o rmd160.o \
\
packet_store_header.o packet_valid_header.o \
\
eax_addheader.o eax_decrypt.o eax_decrypt_verify_memory.o eax_done.o eax_encrypt.o \
eax_encrypt_authenticate_memory.o eax_init.o eax_test.o \
\
ocb_decrypt.o ocb_decrypt_verify_memory.o ocb_done_decrypt.o ocb_done_encrypt.o \
ocb_encrypt.o ocb_encrypt_authenticate_memory.o ocb_init.o ocb_ntz.o \
ocb_shift_xor.o ocb_test.o s_ocb_done.o \
\
omac_done.o omac_file.o omac_init.o omac_memory.o omac_process.o omac_test.o \
\
pmac_done.o pmac_file.o pmac_init.o pmac_memory.o pmac_ntz.o pmac_process.o \
pmac_shift_xor.o pmac_test.o \
\
cbc_start.o cbc_encrypt.o cbc_decrypt.o \
cfb_start.o cfb_encrypt.o cfb_decrypt.o \
ofb_start.o ofb_encrypt.o ofb_decrypt.o \
ctr_start.o ctr_encrypt.o ctr_decrypt.o \
ecb_start.o ecb_encrypt.o ecb_decrypt.o \
\
hash_file.o hash_filehandle.o hash_memory.o \
\
hmac_done.o hmac_file.o hmac_init.o hmac_memory.o hmac_process.o hmac_test.o \
\
pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o \
pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \
\
pkcs_5_1.o pkcs_5_2.o \
\
burn_stack.o zeromem.o \
$(MPIOBJECT)
TESTOBJECTS=demos/test.o TESTOBJECTS=demos/test.o
HASHOBJECTS=demos/hashsum.o HASHOBJECTS=demos/hashsum.o
@ -85,7 +137,8 @@ COMPRESSED=crypt.tar.bz2 crypt.zip crypt.tar.gz
#Header files used by libtomcrypt. #Header files used by libtomcrypt.
HEADERS=tommath.h mycrypt_cfg.h mycrypt_gf.h mycrypt_kr.h \ HEADERS=tommath.h mycrypt_cfg.h mycrypt_gf.h mycrypt_kr.h \
mycrypt_misc.h mycrypt_prng.h mycrypt_cipher.h mycrypt_hash.h \ mycrypt_misc.h mycrypt_prng.h mycrypt_cipher.h mycrypt_hash.h \
mycrypt_macros.h mycrypt_pk.h mycrypt.h mycrypt_argchk.h mycrypt_custom.h mycrypt_macros.h mycrypt_pk.h mycrypt.h mycrypt_argchk.h \
mycrypt_custom.h mycrypt_pkcs.h
#The default rule for make builds the libtomcrypt library. #The default rule for make builds the libtomcrypt library.
default:library mycrypt.h mycrypt_cfg.h default:library mycrypt.h mycrypt_cfg.h
@ -127,6 +180,34 @@ x86_prof: library $(PROFS)
tv_gen: library $(TVS) tv_gen: library $(TVS)
$(CC) $(TVS) $(LIBNAME) -o $(TV) $(CC) $(TVS) $(LIBNAME) -o $(TV)
#make a profiled library (takes a while!!!)
#
# This will build the library with profile generation
# then run the test demo and rebuild the library.
#
# So far I've seen improvements in the MP math
#
# This works with GCC v3.3.x [tested with 3.3.3]
profiled: $(TESTOBJECTS)
make CFLAGS="$(CFLAGS) -fprofile-arcs"
$(CC) $(TESTOBJECTS) $(LIBNAME) -o $(TEST)
./test
rm -f *.a *.o test demos/test.o
make CFLAGS="$(CFLAGS) -fbranch-probabilities"
#Profiling in GCC 3.4.x is a little diff.
#
#Tested with GCC v3.4.0
profiled34: $(TESTOBJECTS)
make CFLAGS="$(CFLAGS) -fprofile-generate"
$(CC) $(TESTOBJECTS) $(LIBNAME) -lgcov -o $(TEST)
./test
rm -f *.a *.o test demos/test.o
make CFLAGS="$(CFLAGS) -fprofile-use"
#This rule installs the library and the header files. This must be run #This rule installs the library and the header files. This must be run
#as root in order to have a high enough permission to write to the correct #as root in order to have a high enough permission to write to the correct
#directories and to set the owner and group to root. #directories and to set the owner and group to root.
@ -143,7 +224,8 @@ install: library docs
clean: clean:
rm -f $(OBJECTS) $(TESTOBJECTS) $(HASHOBJECTS) $(CRYPTOBJECTS) $(SMALLOBJECTS) $(LEFTOVERS) $(LIBNAME) rm -f $(OBJECTS) $(TESTOBJECTS) $(HASHOBJECTS) $(CRYPTOBJECTS) $(SMALLOBJECTS) $(LEFTOVERS) $(LIBNAME)
rm -f $(TEST) $(HASH) $(COMPRESSED) $(PROFS) $(PROF) $(TVS) $(TV) rm -f $(TEST) $(HASH) $(COMPRESSED) $(PROFS) $(PROF) $(TVS) $(TV)
rm -f *.a *.dll *stackdump *.lib *.exe *.obj demos/*.obj demos/*.o *.bat *.txt rm -f *.a *.dll *stackdump *.lib *.exe *.obj demos/*.obj demos/*.o *.bat *.txt *.il *.da demos/*.il demos/*.da *.dyn *.dpi \
*.gcda *.gcno demos/*.gcno demos/*.gcda *~
#This builds the crypt.pdf file. Note that the rm -f *.pdf has been removed #This builds the crypt.pdf file. Note that the rm -f *.pdf has been removed
#from the clean command! This is because most people would like to keep the #from the clean command! This is because most people would like to keep the

65
makefile.cygwin_dll
View File

@ -4,7 +4,7 @@ default: ltc_dll
# Compilation flags. Note the += does not write over the user's CFLAGS! # Compilation flags. Note the += does not write over the user's CFLAGS!
CFLAGS += -I./ -Wall -Wsign-compare -W -Wno-unused -Wshadow -Werror -mno-cygwin -DWIN32 CFLAGS += -I./ -Wall -Wsign-compare -W -Wno-unused -Wshadow -mno-cygwin -DWIN32
# optimize for SPEED # optimize for SPEED
#CFLAGS += -O3 -funroll-loops #CFLAGS += -O3 -funroll-loops
@ -18,12 +18,63 @@ CFLAGS += -Os
#Leave MPI built-in or force developer to link against libtommath? #Leave MPI built-in or force developer to link against libtommath?
MPIOBJECT=mpi.o MPIOBJECT=mpi.o
OBJECTS=keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o \ OBJECTS=keyring.o gf.o strings.o base64.o \
bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o \ \
md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o des.o \ crypt.o crypt_find_cipher.o crypt_find_hash_any.o \
safer_tab.o safer.o saferp.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o \ crypt_hash_is_valid.o crypt_register_hash.o crypt_unregister_prng.o \
prime.o twofish.o packet.o hmac.o strings.o rmd128.o rmd160.o skipjack.o omac.o dsa.o eax.o \ crypt_argchk.o crypt_find_cipher_any.o crypt_find_hash_id.o \
ocb.o pmac.o whirl.o $(MPIOBJECT) crypt_prng_descriptor.o crypt_register_prng.o crypt_cipher_descriptor.o \
crypt_find_cipher_id.o crypt_find_prng.o crypt_prng_is_valid.o \
crypt_unregister_cipher.o crypt_cipher_is_valid.o crypt_find_hash.o \
crypt_hash_descriptor.o crypt_register_cipher.o crypt_unregister_hash.o \
\
sprng.o yarrow.o rc4.o rng_get_bytes.o rng_make_prng.o \
\
rand_prime.o is_prime.o \
\
ecc.o dh.o \
\
rsa.o rsa_exptmod.o rsa_free.o rsa_make_key.o \
\
dsa_export.o dsa_free.o dsa_import.o dsa_make_key.o dsa_sign_hash.o dsa_verify_hash.o dsa_verify_key.o \
\
xtea.o aes.o des.o safer_tab.o safer.o saferp.o rc2.o \
rc6.o rc5.o cast5.o noekeon.o blowfish.o twofish.o skipjack.o \
\
md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \
rmd128.o rmd160.o \
\
packet_store_header.o packet_valid_header.o \
\
eax_addheader.o eax_decrypt.o eax_decrypt_verify_memory.o eax_done.o eax_encrypt.o \
eax_encrypt_authenticate_memory.o eax_init.o eax_test.o \
\
ocb_decrypt.o ocb_decrypt_verify_memory.o ocb_done_decrypt.o ocb_done_encrypt.o \
ocb_encrypt.o ocb_encrypt_authenticate_memory.o ocb_init.o ocb_ntz.o \
ocb_shift_xor.o ocb_test.o s_ocb_done.o \
\
omac_done.o omac_file.o omac_init.o omac_memory.o omac_process.o omac_test.o \
\
pmac_done.o pmac_file.o pmac_init.o pmac_memory.o pmac_ntz.o pmac_process.o \
pmac_shift_xor.o pmac_test.o \
\
cbc_start.o cbc_encrypt.o cbc_decrypt.o \
cfb_start.o cfb_encrypt.o cfb_decrypt.o \
ofb_start.o ofb_encrypt.o ofb_decrypt.o \
ctr_start.o ctr_encrypt.o ctr_decrypt.o \
ecb_start.o ecb_encrypt.o ecb_decrypt.o \
\
hash_file.o hash_filehandle.o hash_memory.o \
\
hmac_done.o hmac_file.o hmac_init.o hmac_memory.o hmac_process.o hmac_test.o \
\
pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o \
pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \
\
pkcs_5_1.o pkcs_5_2.o \
\
burn_stack.o zeromem.o \
$(MPIOBJECT)
ltc_dll: $(OBJECTS) $(MPIOBJECT) ltc_dll: $(OBJECTS) $(MPIOBJECT)
gcc -mno-cygwin -mdll -o libtomcrypt.dll -Wl,--out-implib=libtomcrypt.dll.a -Wl,--export-all-symbols *.o -ladvapi32 gcc -mno-cygwin -mdll -o libtomcrypt.dll -Wl,--out-implib=libtomcrypt.dll.a -Wl,--export-all-symbols *.o -ladvapi32

213
makefile.icc Normal file
View File

@ -0,0 +1,213 @@
# MAKEFILE for linux ICC (Intel C compiler)
#
# Tested with ICC v8....
#
# Be aware that ICC isn't quite as stable as GCC and several optimization switches
# seem to break the code (that GCC and MSVC compile just fine). In particular
# "-ip" and "-x*" seem to break the code (ROL/ROR macro problems). As the makefile
# is shipped the code will build and execute properly.
#
# Also note that ICC often makes code that is slower than GCC. This is probably due to
# a mix of not being able to use "-ip" and just having fewer optimization algos than GCC.
#
# Tom St Denis
#ch1-01-1
# Compiler and Linker Names
CC=icc
#LD=ld
# Archiver [makes .a files]
#AR=ar
#ARFLAGS=r
# Compilation flags. Note the += does not write over the user's CFLAGS!
CFLAGS += -c -I./ -DINTEL_CC
# optimize for SPEED
#
# -mcpu= can be pentium, pentiumpro (covers PII through PIII) or pentium4
# -ax? specifies make code specifically for ? but compatible with IA-32
# -x? specifies compile solely for ? [not specifically IA-32 compatible]
#
# where ? is
# K - PIII
# W - first P4 [Williamette]
# N - P4 Northwood
# P - P4 Prescott
# B - Blend of P4 and PM [mobile]
#
# Default to just generic max opts
CFLAGS += -O3 -xN -ip
# want to see stuff?
#CFLAGS += -opt_report
#These flags control how the library gets built.
#Output filenames for various targets.
LIBNAME=libtomcrypt.a
TEST=test
HASH=hashsum
CRYPT=encrypt
SMALL=small
PROF=x86_prof
TV=tv_gen
#LIBPATH-The directory for libtomcrypt to be installed to.
#INCPATH-The directory to install the header files for libtomcrypt.
#DATAPATH-The directory to install the pdf docs.
DESTDIR=
LIBPATH=/usr/lib
INCPATH=/usr/include
DATAPATH=/usr/share/doc/libtomcrypt/pdf
#List of objects to compile.
#Leave MPI built-in or force developer to link against libtommath?
MPIOBJECT=mpi.o
OBJECTS=keyring.o gf.o strings.o base64.o \
\
crypt.o crypt_find_cipher.o crypt_find_hash_any.o \
crypt_hash_is_valid.o crypt_register_hash.o crypt_unregister_prng.o \
crypt_argchk.o crypt_find_cipher_any.o crypt_find_hash_id.o \
crypt_prng_descriptor.o crypt_register_prng.o crypt_cipher_descriptor.o \
crypt_find_cipher_id.o crypt_find_prng.o crypt_prng_is_valid.o \
crypt_unregister_cipher.o crypt_cipher_is_valid.o crypt_find_hash.o \
crypt_hash_descriptor.o crypt_register_cipher.o crypt_unregister_hash.o \
\
sprng.o yarrow.o rc4.o rng_get_bytes.o rng_make_prng.o \
\
rand_prime.o is_prime.o \
\
ecc.o dh.o \
\
rsa.o rsa_exptmod.o rsa_free.o rsa_make_key.o \
\
dsa_export.o dsa_free.o dsa_import.o dsa_make_key.o dsa_sign_hash.o dsa_verify_hash.o dsa_verify_key.o \
\
xtea.o aes.o des.o safer_tab.o safer.o saferp.o rc2.o \
rc6.o rc5.o cast5.o noekeon.o blowfish.o twofish.o skipjack.o \
\
md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \
rmd128.o rmd160.o \
\
packet_store_header.o packet_valid_header.o \
\
eax_addheader.o eax_decrypt.o eax_decrypt_verify_memory.o eax_done.o eax_encrypt.o \
eax_encrypt_authenticate_memory.o eax_init.o eax_test.o \
\
ocb_decrypt.o ocb_decrypt_verify_memory.o ocb_done_decrypt.o ocb_done_encrypt.o \
ocb_encrypt.o ocb_encrypt_authenticate_memory.o ocb_init.o ocb_ntz.o \
ocb_shift_xor.o ocb_test.o s_ocb_done.o \
\
omac_done.o omac_file.o omac_init.o omac_memory.o omac_process.o omac_test.o \
\
pmac_done.o pmac_file.o pmac_init.o pmac_memory.o pmac_ntz.o pmac_process.o \
pmac_shift_xor.o pmac_test.o \
\
cbc_start.o cbc_encrypt.o cbc_decrypt.o \
cfb_start.o cfb_encrypt.o cfb_decrypt.o \
ofb_start.o ofb_encrypt.o ofb_decrypt.o \
ctr_start.o ctr_encrypt.o ctr_decrypt.o \
ecb_start.o ecb_encrypt.o ecb_decrypt.o \
\
hash_file.o hash_filehandle.o hash_memory.o \
\
hmac_done.o hmac_file.o hmac_init.o hmac_memory.o hmac_process.o hmac_test.o \
\
pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o \
pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \
\
pkcs_5_1.o pkcs_5_2.o \
\
burn_stack.o zeromem.o \
$(MPIOBJECT)
TESTOBJECTS=demos/test.o
HASHOBJECTS=demos/hashsum.o
CRYPTOBJECTS=demos/encrypt.o
SMALLOBJECTS=demos/small.o
PROFS=demos/x86_prof.o
TVS=demos/tv_gen.o
#Files left over from making the crypt.pdf.
LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind
#Compressed filenames
COMPRESSED=crypt.tar.bz2 crypt.zip crypt.tar.gz
#Header files used by libtomcrypt.
HEADERS=tommath.h mycrypt_cfg.h mycrypt_gf.h mycrypt_kr.h \
mycrypt_misc.h mycrypt_prng.h mycrypt_cipher.h mycrypt_hash.h \
mycrypt_macros.h mycrypt_pk.h mycrypt.h mycrypt_argchk.h mycrypt_custom.h
#The default rule for make builds the libtomcrypt library.
default:library mycrypt.h mycrypt_cfg.h
#These are the rules to make certain object files.
rsa.o: rsa.c rsa_sys.c
ecc.o: ecc.c ecc_sys.c
dh.o: dh.c dh_sys.c
aes.o: aes.c aes_tab.c
twofish.o: twofish.c twofish_tab.c
sha512.o: sha512.c sha384.c
sha256.o: sha256.c sha224.c
#This rule makes the libtomcrypt library.
library: $(LIBNAME)
$(LIBNAME): $(OBJECTS)
$(AR) $(ARFLAGS) $@ $(OBJECTS)
#This rule makes the test program included with libtomcrypt
test: library $(TESTOBJECTS)
$(CC) $(TESTOBJECTS) $(LIBNAME) -o $(TEST) $(WARN)
#This rule makes the hash program included with libtomcrypt
hashsum: library $(HASHOBJECTS)
$(CC) $(HASHOBJECTS) $(LIBNAME) -o $(HASH) $(WARN)
#makes the crypt program
crypt: library $(CRYPTOBJECTS)
$(CC) $(CRYPTOBJECTS) $(LIBNAME) -o $(CRYPT) $(WARN)
#makes the small program
small: library $(SMALLOBJECTS)
$(CC) $(SMALLOBJECTS) $(LIBNAME) -o $(SMALL) $(WARN)
x86_prof: library $(PROFS)
$(CC) $(PROFS) $(LIBNAME) -o $(PROF)
tv_gen: library $(TVS)
$(CC) $(TVS) $(LIBNAME) -o $(TV)
#make a profiled library (takes a while!!!)
#
# This will build the library with profile generation
# then run the test demo and rebuild the library.
#
# So far I've seen improvements in the MP math
profiled:
make -f makefile.icc CFLAGS="$(CFLAGS) -prof_gen" test
./test
rm -f *.a *.o test demos/test.o
make -f makefile.icc CFLAGS="$(CFLAGS) -prof_use"
#This rule installs the library and the header files. This must be run
#as root in order to have a high enough permission to write to the correct
#directories and to set the owner and group to root.
install: library
install -d -g root -o root $(DESTDIR)$(LIBPATH)
install -d -g root -o root $(DESTDIR)$(INCPATH)
install -g root -o root $(LIBNAME) $(DESTDIR)$(LIBPATH)
install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH)
#This rule cleans the source tree of all compiled code, not including the pdf
#documentation.
clean:
rm -f $(OBJECTS) $(TESTOBJECTS) $(HASHOBJECTS) $(CRYPTOBJECTS) $(SMALLOBJECTS) $(LEFTOVERS) $(LIBNAME)
rm -f $(TEST) $(HASH) $(COMPRESSED) $(PROFS) $(PROF) $(TVS) $(TV)
rm -f *.a *.dll *stackdump *.lib *.exe *.obj demos/*.obj demos/*.o *.bat *.txt *.il *.da demos/*.il demos/*.da *.dyn

66
makefile.msvc
View File

@ -5,13 +5,67 @@ CFLAGS = /I. /Ox /DWIN32 /W3
default: library default: library
# leave this blank and link against libtommath if you want better link resolution
MPIOBJECT=mpi.obj
#List of objects to compile. #List of objects to compile.
OBJECTS=keyring.obj gf.obj mem.obj sprng.obj ecc.obj base64.obj dh.obj rsa.obj \ OBJECTS=keyring.obj gf.obj strings.obj base64.obj \
bits.obj yarrow.obj cfb.obj ofb.obj ecb.obj ctr.obj cbc.obj hash.obj tiger.obj sha1.obj \ \
md5.obj md4.obj md2.obj sha256.obj sha512.obj xtea.obj aes.obj des.obj \ crypt.obj crypt_find_cipher.obj crypt_find_hash_any.obj \
safer_tab.obj safer.obj saferp.obj rc4.obj rc2.obj rc6.obj rc5.obj cast5.obj noekeon.obj \ crypt_hash_is_valid.obj crypt_register_hash.obj crypt_unregister_prng.obj \
blowfish.obj crypt.obj mpi.obj prime.obj twofish.obj packet.obj hmac.obj strings.obj rmd128.obj rmd160.obj \ crypt_argchk.obj crypt_find_cipher_any.obj crypt_find_hash_id.obj \
skipjack.obj omac.obj dsa.obj eax.obj ocb.obj pmac.obj whirl.obj crypt_prng_descriptor.obj crypt_register_prng.obj crypt_cipher_descriptor.obj \
crypt_find_cipher_id.obj crypt_find_prng.obj crypt_prng_is_valid.obj \
crypt_unregister_cipher.obj crypt_cipher_is_valid.obj crypt_find_hash.obj \
crypt_hash_descriptor.obj crypt_register_cipher.obj crypt_unregister_hash.obj \
\
sprng.obj yarrow.obj rc4.obj rng_get_bytes.obj rng_make_prng.obj \
\
rand_prime.obj is_prime.obj \
\
ecc.obj dh.obj \
\
rsa.obj rsa_exptmod.obj rsa_free.obj rsa_make_key.obj \
\
dsa_export.obj dsa_free.obj dsa_import.obj dsa_make_key.obj dsa_sign_hash.obj dsa_verify_hash.obj dsa_verify_key.obj \
\
xtea.obj aes.obj des.obj safer_tab.obj safer.obj saferp.obj rc2.obj \
rc6.obj rc5.obj cast5.obj noekeon.obj blowfish.obj twofish.obj skipjack.obj \
\
md2.obj md4.obj md5.obj sha1.obj sha256.obj sha512.obj tiger.obj whirl.obj \
rmd128.obj rmd160.obj \
\
packet_store_header.obj packet_valid_header.obj \
\
eax_addheader.obj eax_decrypt.obj eax_decrypt_verify_memory.obj eax_done.obj eax_encrypt.obj \
eax_encrypt_authenticate_memory.obj eax_init.obj eax_test.obj \
\
ocb_decrypt.obj ocb_decrypt_verify_memory.obj ocb_done_decrypt.obj ocb_done_encrypt.obj \
ocb_encrypt.obj ocb_encrypt_authenticate_memory.obj ocb_init.obj ocb_ntz.obj \
ocb_shift_xor.obj ocb_test.obj s_ocb_done.obj \
\
omac_done.obj omac_file.obj omac_init.obj omac_memory.obj omac_process.obj omac_test.obj \
\
pmac_done.obj pmac_file.obj pmac_init.obj pmac_memory.obj pmac_ntz.obj pmac_process.obj \
pmac_shift_xor.obj pmac_test.obj \
\
cbc_start.obj cbc_encrypt.obj cbc_decrypt.obj \
cfb_start.obj cfb_encrypt.obj cfb_decrypt.obj \
ofb_start.obj ofb_encrypt.obj ofb_decrypt.obj \
ctr_start.obj ctr_encrypt.obj ctr_decrypt.obj \
ecb_start.obj ecb_encrypt.obj ecb_decrypt.obj \
\
hash_file.obj hash_filehandle.obj hash_memory.obj \
\
hmac_done.obj hmac_file.obj hmac_init.obj hmac_memory.obj hmac_process.obj hmac_test.obj \
\
pkcs_1_mgf1.obj pkcs_1_oaep_encode.obj pkcs_1_oaep_decode.obj \
pkcs_1_pss_encode.obj pkcs_1_pss_decode.obj pkcs_1_i2osp.obj pkcs_1_os2ip.obj \
\
pkcs_5_1.obj pkcs_5_2.obj \
\
burn_stack.obj zeromem.obj \
$(MPIOBJECT)
library: $(OBJECTS) library: $(OBJECTS)
lib /out:tomcrypt.lib $(OBJECTS) lib /out:tomcrypt.lib $(OBJECTS)

28
makefile.out
View File

@ -1,28 +0,0 @@
#makefile generated with config.pl
#
#Tom St Denis (tomstdenis@yahoo.com, http://tom.iahu.ca)
CC = gcc
AR = ar
LD = ld
CFLAGS += -Os -Wall -Wsign-compare -W -Wno-unused -Werror -I./
default: library
OBJECTS = keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o des.o safer_tab.o safer.o saferp.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o mpi.o prime.o twofish.o packet.o hmac.o strings.o rmd128.o rmd160.o skipjack.o omac.o dsa.o eax.o ocb.o pmac.o whirl.o
rsa.o: rsa_sys.c
dh.o: dh_sys.c
ecc.o: ecc_sys.c
aes.o: aes.c aes_tab.c
twofish.o: twofish.c twofish_tab.c
sha512.o: sha384.c sha512.c
sha256.o: sha256.c sha224.c
library: $(OBJECTS)
$(AR) r libtomcrypt.a $(OBJECTS)
ranlib libtomcrypt.a
clean:
rm -f $(OBJECTS) libtomcrypt.a

4
md2.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
@ -65,7 +65,7 @@ static void md2_compress(hash_state *md)
{ {
int j, k; int j, k;
unsigned char t; unsigned char t;
/* copy block */ /* copy block */
for (j = 0; j < 16; j++) { for (j = 0; j < 16; j++) {
md->md2.X[16+j] = md->md2.buf[j]; md->md2.X[16+j] = md->md2.buf[j];

4
md4.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
@ -71,8 +71,6 @@ static void md4_compress(hash_state *md, unsigned char *buf)
ulong32 x[16], a, b, c, d; ulong32 x[16], a, b, c, d;
int i; int i;
_ARGCHK(md != NULL);
/* copy state */ /* copy state */
a = md->md4.state[0]; a = md->md4.state[0];
b = md->md4.state[1]; b = md->md4.state[1];

4
md5.c
View File

@ -4,7 +4,7 @@
* algorithms in a highly modular and flexible manner. * algorithms in a highly modular and flexible manner.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* gurantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/ */
@ -52,8 +52,6 @@ static void md5_compress(hash_state *md, unsigned char *buf)
{ {
ulong32 i, W[16], a, b, c, d; ulong32 i, W[16], a, b, c, d;
_ARGCHK(md != NULL);
/* copy the state into 512-bits into W[0..15] */ /* copy the state into 512-bits into W[0..15] */
for (i = 0; i < 16; i++) { for (i = 0; i < 16; i++) {
LOAD32L(W[i], buf + (4*i)); LOAD32L(W[i], buf + (4*i));

668
mpi.c
View File

@ -631,8 +631,7 @@ fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
* Based on Algorithm 14.16 on pp.597 of HAC. * Based on Algorithm 14.16 on pp.597 of HAC.
* *
*/ */
int int fast_s_mp_sqr (mp_int * a, mp_int * b)
fast_s_mp_sqr (mp_int * a, mp_int * b)
{ {
int olduse, newused, res, ix, pa; int olduse, newused, res, ix, pa;
mp_word W2[MP_WARRAY], W[MP_WARRAY]; mp_word W2[MP_WARRAY], W[MP_WARRAY];
@ -1345,11 +1344,15 @@ int mp_cmp_mag (mp_int * a, mp_int * b)
*/ */
#include <tommath.h> #include <tommath.h>
static const int lnz[16] = {
4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
};
/* Counts the number of lsbs which are zero before the first zero bit */ /* Counts the number of lsbs which are zero before the first zero bit */
int mp_cnt_lsb(mp_int *a) int mp_cnt_lsb(mp_int *a)
{ {
int x; int x;
mp_digit q; mp_digit q, qq;
/* easy out */ /* easy out */
if (mp_iszero(a) == 1) { if (mp_iszero(a) == 1) {
@ -1362,11 +1365,13 @@ int mp_cnt_lsb(mp_int *a)
x *= DIGIT_BIT; x *= DIGIT_BIT;
/* now scan this digit until a 1 is found */ /* now scan this digit until a 1 is found */
while ((q & 1) == 0) { if ((q & 1) == 0) {
q >>= 1; do {
x += 1; qq = q & 15;
x += lnz[qq];
q >>= 4;
} while (qq == 0);
} }
return x; return x;
} }
@ -2665,75 +2670,75 @@ __M:
/* End: bn_mp_exptmod_fast.c */ /* End: bn_mp_exptmod_fast.c */
/* Start: bn_mp_exteuclid.c */ /* Start: bn_mp_exteuclid.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis /* LibTomMath, multiple-precision integer library -- Tom St Denis
* *
* LibTomMath is a library that provides multiple-precision * LibTomMath is a library that provides multiple-precision
* integer arithmetic as well as number theoretic functionality. * integer arithmetic as well as number theoretic functionality.
* *
* The library was designed directly after the MPI library by * The library was designed directly after the MPI library by
* Michael Fromberger but has been written from scratch with * Michael Fromberger but has been written from scratch with
* additional optimizations in place. * additional optimizations in place.
* *
* The library is free for all purposes without any express * The library is free for all purposes without any express
* guarantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org
*/ */
#include <tommath.h> #include <tommath.h>
/* Extended euclidean algorithm of (a, b) produces /* Extended euclidean algorithm of (a, b) produces
a*u1 + b*u2 = u3 a*u1 + b*u2 = u3
*/ */
int mp_exteuclid(mp_int *a, mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3) int mp_exteuclid(mp_int *a, mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3)
{ {
mp_int u1,u2,u3,v1,v2,v3,t1,t2,t3,q,tmp; mp_int u1,u2,u3,v1,v2,v3,t1,t2,t3,q,tmp;
int err; int err;
if ((err = mp_init_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL)) != MP_OKAY) { if ((err = mp_init_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL)) != MP_OKAY) {
return err; return err;
} }
/* initialize, (u1,u2,u3) = (1,0,a) */ /* initialize, (u1,u2,u3) = (1,0,a) */
mp_set(&u1, 1); mp_set(&u1, 1);
if ((err = mp_copy(a, &u3)) != MP_OKAY) { goto _ERR; } if ((err = mp_copy(a, &u3)) != MP_OKAY) { goto _ERR; }
/* initialize, (v1,v2,v3) = (0,1,b) */ /* initialize, (v1,v2,v3) = (0,1,b) */
mp_set(&v2, 1); mp_set(&v2, 1);
if ((err = mp_copy(b, &v3)) != MP_OKAY) { goto _ERR; } if ((err = mp_copy(b, &v3)) != MP_OKAY) { goto _ERR; }
/* loop while v3 != 0 */ /* loop while v3 != 0 */
while (mp_iszero(&v3) == MP_NO) { while (mp_iszero(&v3) == MP_NO) {
/* q = u3/v3 */ /* q = u3/v3 */
if ((err = mp_div(&u3, &v3, &q, NULL)) != MP_OKAY) { goto _ERR; } if ((err = mp_div(&u3, &v3, &q, NULL)) != MP_OKAY) { goto _ERR; }
/* (t1,t2,t3) = (u1,u2,u3) - (v1,v2,v3)q */ /* (t1,t2,t3) = (u1,u2,u3) - (v1,v2,v3)q */
if ((err = mp_mul(&v1, &q, &tmp)) != MP_OKAY) { goto _ERR; } if ((err = mp_mul(&v1, &q, &tmp)) != MP_OKAY) { goto _ERR; }
if ((err = mp_sub(&u1, &tmp, &t1)) != MP_OKAY) { goto _ERR; } if ((err = mp_sub(&u1, &tmp, &t1)) != MP_OKAY) { goto _ERR; }
if ((err = mp_mul(&v2, &q, &tmp)) != MP_OKAY) { goto _ERR; } if ((err = mp_mul(&v2, &q, &tmp)) != MP_OKAY) { goto _ERR; }
if ((err = mp_sub(&u2, &tmp, &t2)) != MP_OKAY) { goto _ERR; } if ((err = mp_sub(&u2, &tmp, &t2)) != MP_OKAY) { goto _ERR; }
if ((err = mp_mul(&v3, &q, &tmp)) != MP_OKAY) { goto _ERR; } if ((err = mp_mul(&v3, &q, &tmp)) != MP_OKAY) { goto _ERR; }
if ((err = mp_sub(&u3, &tmp, &t3)) != MP_OKAY) { goto _ERR; } if ((err = mp_sub(&u3, &tmp, &t3)) != MP_OKAY) { goto _ERR; }
/* (u1,u2,u3) = (v1,v2,v3) */ /* (u1,u2,u3) = (v1,v2,v3) */
if ((err = mp_copy(&v1, &u1)) != MP_OKAY) { goto _ERR; } if ((err = mp_copy(&v1, &u1)) != MP_OKAY) { goto _ERR; }
if ((err = mp_copy(&v2, &u2)) != MP_OKAY) { goto _ERR; } if ((err = mp_copy(&v2, &u2)) != MP_OKAY) { goto _ERR; }
if ((err = mp_copy(&v3, &u3)) != MP_OKAY) { goto _ERR; } if ((err = mp_copy(&v3, &u3)) != MP_OKAY) { goto _ERR; }
/* (v1,v2,v3) = (t1,t2,t3) */ /* (v1,v2,v3) = (t1,t2,t3) */
if ((err = mp_copy(&t1, &v1)) != MP_OKAY) { goto _ERR; } if ((err = mp_copy(&t1, &v1)) != MP_OKAY) { goto _ERR; }
if ((err = mp_copy(&t2, &v2)) != MP_OKAY) { goto _ERR; } if ((err = mp_copy(&t2, &v2)) != MP_OKAY) { goto _ERR; }
if ((err = mp_copy(&t3, &v3)) != MP_OKAY) { goto _ERR; } if ((err = mp_copy(&t3, &v3)) != MP_OKAY) { goto _ERR; }
} }
/* copy result out */ /* copy result out */
if (U1 != NULL) { mp_exch(U1, &u1); } if (U1 != NULL) { mp_exch(U1, &u1); }
if (U2 != NULL) { mp_exch(U2, &u2); } if (U2 != NULL) { mp_exch(U2, &u2); }
if (U3 != NULL) { mp_exch(U3, &u3); } if (U3 != NULL) { mp_exch(U3, &u3); }
err = MP_OKAY; err = MP_OKAY;
_ERR: mp_clear_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL); _ERR: mp_clear_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL);
return err; return err;
} }
/* End: bn_mp_exteuclid.c */ /* End: bn_mp_exteuclid.c */
@ -2828,7 +2833,7 @@ int mp_fwrite(mp_int *a, int radix, FILE *stream)
return err; return err;
} }
buf = XMALLOC (len); buf = OPT_CAST(char) XMALLOC (len);
if (buf == NULL) { if (buf == NULL) {
return MP_MEM; return MP_MEM;
} }
@ -2963,6 +2968,49 @@ __U:mp_clear (&v);
/* End: bn_mp_gcd.c */ /* End: bn_mp_gcd.c */
/* Start: bn_mp_get_int.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis
*
* LibTomMath is a library that provides multiple-precision
* integer arithmetic as well as number theoretic functionality.
*
* The library was designed directly after the MPI library by
* Michael Fromberger but has been written from scratch with
* additional optimizations in place.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org
*/
#include <tommath.h>
/* get the lower 32-bits of an mp_int */
unsigned long mp_get_int(mp_int * a)
{
int i;
unsigned long res;
if (a->used == 0) {
return 0;
}
/* get number of digits of the lsb we have to read */
i = MIN(a->used,(int)((sizeof(unsigned long)*CHAR_BIT+DIGIT_BIT-1)/DIGIT_BIT))-1;
/* get most significant digit of result */
res = DIGIT(a,i);
while (--i >= 0) {
res = (res << DIGIT_BIT) | DIGIT(a,i);
}
/* force result to 32-bits always so it is consistent on non 32-bit platforms */
return res & 0xFFFFFFFFUL;
}
/* End: bn_mp_get_int.c */
/* Start: bn_mp_grow.c */ /* Start: bn_mp_grow.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis /* LibTomMath, multiple-precision integer library -- Tom St Denis
* *
@ -2997,7 +3045,7 @@ int mp_grow (mp_int * a, int size)
* in case the operation failed we don't want * in case the operation failed we don't want
* to overwrite the dp member of a. * to overwrite the dp member of a.
*/ */
tmp = OPT_CAST XREALLOC (a->dp, sizeof (mp_digit) * size); tmp = OPT_CAST(mp_digit) XREALLOC (a->dp, sizeof (mp_digit) * size);
if (tmp == NULL) { if (tmp == NULL) {
/* reallocation failed but "a" is still valid [can be freed] */ /* reallocation failed but "a" is still valid [can be freed] */
return MP_MEM; return MP_MEM;
@ -3039,7 +3087,7 @@ int mp_grow (mp_int * a, int size)
int mp_init (mp_int * a) int mp_init (mp_int * a)
{ {
/* allocate memory required and clear it */ /* allocate memory required and clear it */
a->dp = OPT_CAST XCALLOC (sizeof (mp_digit), MP_PREC); a->dp = OPT_CAST(mp_digit) XCALLOC (sizeof (mp_digit), MP_PREC);
if (a->dp == NULL) { if (a->dp == NULL) {
return MP_MEM; return MP_MEM;
} }
@ -3142,6 +3190,65 @@ int mp_init_multi(mp_int *mp, ...)
/* End: bn_mp_init_multi.c */ /* End: bn_mp_init_multi.c */
/* Start: bn_mp_init_set.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis
*
* LibTomMath is a library that provides multiple-precision
* integer arithmetic as well as number theoretic functionality.
*
* The library was designed directly after the MPI library by
* Michael Fromberger but has been written from scratch with
* additional optimizations in place.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org
*/
#include <tommath.h>
/* initialize and set a digit */
int mp_init_set (mp_int * a, mp_digit b)
{
int err;
if ((err = mp_init(a)) != MP_OKAY) {
return err;
}
mp_set(a, b);
return err;
}
/* End: bn_mp_init_set.c */
/* Start: bn_mp_init_set_int.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis
*
* LibTomMath is a library that provides multiple-precision
* integer arithmetic as well as number theoretic functionality.
*
* The library was designed directly after the MPI library by
* Michael Fromberger but has been written from scratch with
* additional optimizations in place.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org
*/
#include <tommath.h>
/* initialize and set a digit */
int mp_init_set_int (mp_int * a, unsigned long b)
{
int err;
if ((err = mp_init(a)) != MP_OKAY) {
return err;
}
return mp_set_int(a, b);
}
/* End: bn_mp_init_set_int.c */
/* Start: bn_mp_init_size.c */ /* Start: bn_mp_init_size.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis /* LibTomMath, multiple-precision integer library -- Tom St Denis
* *
@ -3166,7 +3273,7 @@ int mp_init_size (mp_int * a, int size)
size += (MP_PREC * 2) - (size % MP_PREC); size += (MP_PREC * 2) - (size % MP_PREC);
/* alloc mem */ /* alloc mem */
a->dp = OPT_CAST XCALLOC (sizeof (mp_digit), size); a->dp = OPT_CAST(mp_digit) XCALLOC (sizeof (mp_digit), size);
if (a->dp == NULL) { if (a->dp == NULL) {
return MP_MEM; return MP_MEM;
} }
@ -3357,6 +3464,113 @@ __ERR:mp_clear_multi (&x, &y, &u, &v, &A, &B, &C, &D, NULL);
/* End: bn_mp_invmod.c */ /* End: bn_mp_invmod.c */
/* Start: bn_mp_is_square.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis
*
* LibTomMath is a library that provides multiple-precision
* integer arithmetic as well as number theoretic functionality.
*
* The library was designed directly after the MPI library by
* Michael Fromberger but has been written from scratch with
* additional optimizations in place.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org
*/
#include <tommath.h>
/* Check if remainders are possible squares - fast exclude non-squares */
static const char rem_128[128] = {
0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1,
0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1,
1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1,
1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1,
0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1,
1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1,
1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1,
1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1
};
static const char rem_105[105] = {
0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1,
0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1,
0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1,
1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1,
0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1,
1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1,
1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1
};
/* Store non-zero to ret if arg is square, and zero if not */
int mp_is_square(mp_int *arg,int *ret)
{
int res;
mp_digit c;
mp_int t;
unsigned long r;
/* Default to Non-square :) */
*ret = MP_NO;
if (arg->sign == MP_NEG) {
return MP_VAL;
}
/* digits used? (TSD) */
if (arg->used == 0) {
return MP_OKAY;
}
/* First check mod 128 (suppose that DIGIT_BIT is at least 7) */
if (rem_128[127 & DIGIT(arg,0)] == 1) {
return MP_OKAY;
}
/* Next check mod 105 (3*5*7) */
if ((res = mp_mod_d(arg,105,&c)) != MP_OKAY) {
return res;
}
if (rem_105[c] == 1) {
return MP_OKAY;
}
/* product of primes less than 2^31 */
if ((res = mp_init_set_int(&t,11L*13L*17L*19L*23L*29L*31L)) != MP_OKAY) {
return res;
}
if ((res = mp_mod(arg,&t,&t)) != MP_OKAY) {
goto ERR;
}
r = mp_get_int(&t);
/* Check for other prime modules, note it's not an ERROR but we must
* free "t" so the easiest way is to goto ERR. We know that res
* is already equal to MP_OKAY from the mp_mod call
*/
if ( (1L<<(r%11)) & 0x5C4L ) goto ERR;
if ( (1L<<(r%13)) & 0x9E4L ) goto ERR;
if ( (1L<<(r%17)) & 0x5CE8L ) goto ERR;
if ( (1L<<(r%19)) & 0x4F50CL ) goto ERR;
if ( (1L<<(r%23)) & 0x7ACCA0L ) goto ERR;
if ( (1L<<(r%29)) & 0xC2EDD0CL ) goto ERR;
if ( (1L<<(r%31)) & 0x6DE2B848L ) goto ERR;
/* Final check - is sqr(sqrt(arg)) == arg ? */
if ((res = mp_sqrt(arg,&t)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_sqr(&t,&t)) != MP_OKAY) {
goto ERR;
}
*ret = (mp_cmp_mag(&t,arg) == MP_EQ) ? MP_YES : MP_NO;
ERR:mp_clear(&t);
return res;
}
/* End: bn_mp_is_square.c */
/* Start: bn_mp_jacobi.c */ /* Start: bn_mp_jacobi.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis /* LibTomMath, multiple-precision integer library -- Tom St Denis
* *
@ -3506,8 +3720,7 @@ __A1:mp_clear (&a1);
* Generally though the overhead of this method doesn't pay off * Generally though the overhead of this method doesn't pay off
* until a certain size (N ~ 80) is reached. * until a certain size (N ~ 80) is reached.
*/ */
int int mp_karatsuba_mul (mp_int * a, mp_int * b, mp_int * c)
mp_karatsuba_mul (mp_int * a, mp_int * b, mp_int * c)
{ {
mp_int x0, x1, y0, y1, t1, x0y0, x1y1; mp_int x0, x1, y0, y1, t1, x0y0, x1y1;
int B, err; int B, err;
@ -3519,7 +3732,7 @@ mp_karatsuba_mul (mp_int * a, mp_int * b, mp_int * c)
B = MIN (a->used, b->used); B = MIN (a->used, b->used);
/* now divide in two */ /* now divide in two */
B = B / 2; B = B >> 1;
/* init copy all the temps */ /* init copy all the temps */
if (mp_init_size (&x0, B) != MP_OKAY) if (mp_init_size (&x0, B) != MP_OKAY)
@ -3653,8 +3866,7 @@ ERR:
* is essentially the same algorithm but merely * is essentially the same algorithm but merely
* tuned to perform recursive squarings. * tuned to perform recursive squarings.
*/ */
int int mp_karatsuba_sqr (mp_int * a, mp_int * b)
mp_karatsuba_sqr (mp_int * a, mp_int * b)
{ {
mp_int x0, x1, t1, t2, x0x0, x1x1; mp_int x0, x1, t1, t2, x0x0, x1x1;
int B, err; int B, err;
@ -3665,7 +3877,7 @@ mp_karatsuba_sqr (mp_int * a, mp_int * b)
B = a->used; B = a->used;
/* now divide in two */ /* now divide in two */
B = B / 2; B = B >> 1;
/* init copy all the temps */ /* init copy all the temps */
if (mp_init_size (&x0, B) != MP_OKAY) if (mp_init_size (&x0, B) != MP_OKAY)
@ -3896,7 +4108,6 @@ mp_mod (mp_int * a, mp_int * b, mp_int * c)
mp_int t; mp_int t;
int res; int res;
if ((res = mp_init (&t)) != MP_OKAY) { if ((res = mp_init (&t)) != MP_OKAY) {
return res; return res;
} }
@ -3906,7 +4117,7 @@ mp_mod (mp_int * a, mp_int * b, mp_int * c)
return res; return res;
} }
if (t.sign == MP_NEG) { if (t.sign != b->sign) {
res = mp_add (b, &t, c); res = mp_add (b, &t, c);
} else { } else {
res = MP_OKAY; res = MP_OKAY;
@ -4661,7 +4872,7 @@ int mp_n_root (mp_int * a, mp_digit b, mp_int * c)
if (mp_cmp (&t2, a) == MP_GT) { if (mp_cmp (&t2, a) == MP_GT) {
if ((res = mp_sub_d (&t1, 1, &t1)) != MP_OKAY) { if ((res = mp_sub_d (&t1, 1, &t1)) != MP_OKAY) {
goto __T3; goto __T3;
} }
} else { } else {
break; break;
@ -4711,7 +4922,7 @@ int mp_neg (mp_int * a, mp_int * b)
if ((res = mp_copy (a, b)) != MP_OKAY) { if ((res = mp_copy (a, b)) != MP_OKAY) {
return res; return res;
} }
if (mp_iszero(b) != 1) { if (mp_iszero(b) != MP_YES) {
b->sign = (a->sign == MP_ZPOS) ? MP_NEG : MP_ZPOS; b->sign = (a->sign == MP_ZPOS) ? MP_NEG : MP_ZPOS;
} }
return MP_OKAY; return MP_OKAY;
@ -5225,7 +5436,7 @@ __ERR:
/* End: bn_mp_prime_next_prime.c */ /* End: bn_mp_prime_next_prime.c */
/* Start: bn_mp_prime_random.c */ /* Start: bn_mp_prime_random_ex.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis /* LibTomMath, multiple-precision integer library -- Tom St Denis
* *
* LibTomMath is a library that provides multiple-precision * LibTomMath is a library that provides multiple-precision
@ -5242,57 +5453,101 @@ __ERR:
*/ */
#include <tommath.h> #include <tommath.h>
/* makes a truly random prime of a given size (bytes), /* makes a truly random prime of a given size (bits),
* call with bbs = 1 if you want it to be congruent to 3 mod 4 *
* Flags are as follows:
*
* LTM_PRIME_BBS - make prime congruent to 3 mod 4
* LTM_PRIME_SAFE - make sure (p-1)/2 is prime as well (implies LTM_PRIME_BBS)
* LTM_PRIME_2MSB_OFF - make the 2nd highest bit zero
* LTM_PRIME_2MSB_ON - make the 2nd highest bit one
* *
* You have to supply a callback which fills in a buffer with random bytes. "dat" is a parameter you can * You have to supply a callback which fills in a buffer with random bytes. "dat" is a parameter you can
* have passed to the callback (e.g. a state or something). This function doesn't use "dat" itself * have passed to the callback (e.g. a state or something). This function doesn't use "dat" itself
* so it can be NULL * so it can be NULL
* *
* The prime generated will be larger than 2^(8*size).
*/ */
/* this sole function may hold the key to enslaving all mankind! */ /* This is possibly the mother of all prime generation functions, muahahahahaha! */
int mp_prime_random(mp_int *a, int t, int size, int bbs, ltm_prime_callback cb, void *dat) int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback cb, void *dat)
{ {
unsigned char *tmp; unsigned char *tmp, maskAND, maskOR_msb, maskOR_lsb;
int res, err; int res, err, bsize, maskOR_msb_offset;
/* sanity check the input */ /* sanity check the input */
if (size <= 0) { if (size <= 1 || t <= 0) {
return MP_VAL; return MP_VAL;
} }
/* we need a buffer of size+1 bytes */ /* LTM_PRIME_SAFE implies LTM_PRIME_BBS */
tmp = XMALLOC(size+1); if (flags & LTM_PRIME_SAFE) {
flags |= LTM_PRIME_BBS;
}
/* calc the byte size */
bsize = (size>>3)+(size&7?1:0);
/* we need a buffer of bsize bytes */
tmp = OPT_CAST(unsigned char) XMALLOC(bsize);
if (tmp == NULL) { if (tmp == NULL) {
return MP_MEM; return MP_MEM;
} }
/* fix MSB */ /* calc the maskAND value for the MSbyte*/
tmp[0] = 1; maskAND = 0xFF >> (8 - (size & 7));
/* calc the maskOR_msb */
maskOR_msb = 0;
maskOR_msb_offset = (size - 2) >> 3;
if (flags & LTM_PRIME_2MSB_ON) {
maskOR_msb |= 1 << ((size - 2) & 7);
} else if (flags & LTM_PRIME_2MSB_OFF) {
maskAND &= ~(1 << ((size - 2) & 7));
}
/* get the maskOR_lsb */
maskOR_lsb = 0;
if (flags & LTM_PRIME_BBS) {
maskOR_lsb |= 3;
}
do { do {
/* read the bytes */ /* read the bytes */
if (cb(tmp+1, size, dat) != size) { if (cb(tmp, bsize, dat) != bsize) {
err = MP_VAL; err = MP_VAL;
goto error; goto error;
} }
/* fix the LSB */ /* work over the MSbyte */
tmp[size] |= (bbs ? 3 : 1); tmp[0] &= maskAND;
tmp[0] |= 1 << ((size - 1) & 7);
/* mix in the maskORs */
tmp[maskOR_msb_offset] |= maskOR_msb;
tmp[bsize-1] |= maskOR_lsb;
/* read it in */ /* read it in */
if ((err = mp_read_unsigned_bin(a, tmp, size+1)) != MP_OKAY) { if ((err = mp_read_unsigned_bin(a, tmp, bsize)) != MP_OKAY) { goto error; }
goto error;
}
/* is it prime? */ /* is it prime? */
if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY) { if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY) { goto error; }
goto error;
if (flags & LTM_PRIME_SAFE) {
/* see if (a-1)/2 is prime */
if ((err = mp_sub_d(a, 1, a)) != MP_OKAY) { goto error; }
if ((err = mp_div_2(a, a)) != MP_OKAY) { goto error; }
/* is it prime? */
if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY) { goto error; }
} }
} while (res == MP_NO); } while (res == MP_NO);
if (flags & LTM_PRIME_SAFE) {
/* restore a to the original value */
if ((err = mp_mul_2(a, a)) != MP_OKAY) { goto error; }
if ((err = mp_add_d(a, 1, a)) != MP_OKAY) { goto error; }
}
err = MP_OKAY; err = MP_OKAY;
error: error:
XFREE(tmp); XFREE(tmp);
@ -5301,7 +5556,7 @@ error:
/* End: bn_mp_prime_random.c */ /* End: bn_mp_prime_random_ex.c */
/* Start: bn_mp_radix_size.c */ /* Start: bn_mp_radix_size.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis /* LibTomMath, multiple-precision integer library -- Tom St Denis
@ -5726,9 +5981,9 @@ CLEANUP:
*/ */
#include <tommath.h> #include <tommath.h>
/* reduces a modulo n where n is of the form 2**p - k */ /* reduces a modulo n where n is of the form 2**p - d */
int int
mp_reduce_2k(mp_int *a, mp_int *n, mp_digit k) mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d)
{ {
mp_int q; mp_int q;
int p, res; int p, res;
@ -5744,9 +5999,9 @@ top:
goto ERR; goto ERR;
} }
if (k != 1) { if (d != 1) {
/* q = q * k */ /* q = q * d */
if ((res = mp_mul_d(&q, k, &q)) != MP_OKAY) { if ((res = mp_mul_d(&q, d, &q)) != MP_OKAY) {
goto ERR; goto ERR;
} }
} }
@ -6062,7 +6317,7 @@ int mp_shrink (mp_int * a)
{ {
mp_digit *tmp; mp_digit *tmp;
if (a->alloc != a->used && a->used > 0) { if (a->alloc != a->used && a->used > 0) {
if ((tmp = OPT_CAST XREALLOC (a->dp, sizeof (mp_digit) * a->used)) == NULL) { if ((tmp = OPT_CAST(mp_digit) XREALLOC (a->dp, sizeof (mp_digit) * a->used)) == NULL) {
return MP_MEM; return MP_MEM;
} }
a->dp = tmp; a->dp = tmp;
@ -6182,6 +6437,85 @@ mp_sqrmod (mp_int * a, mp_int * b, mp_int * c)
/* End: bn_mp_sqrmod.c */ /* End: bn_mp_sqrmod.c */
/* Start: bn_mp_sqrt.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis
*
* LibTomMath is a library that provides multiple-precision
* integer arithmetic as well as number theoretic functionality.
*
* The library was designed directly after the MPI library by
* Michael Fromberger but has been written from scratch with
* additional optimizations in place.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org
*/
#include <tommath.h>
/* this function is less generic than mp_n_root, simpler and faster */
int mp_sqrt(mp_int *arg, mp_int *ret)
{
int res;
mp_int t1,t2;
/* must be positive */
if (arg->sign == MP_NEG) {
return MP_VAL;
}
/* easy out */
if (mp_iszero(arg) == MP_YES) {
mp_zero(ret);
return MP_OKAY;
}
if ((res = mp_init_copy(&t1, arg)) != MP_OKAY) {
return res;
}
if ((res = mp_init(&t2)) != MP_OKAY) {
goto E2;
}
/* First approx. (not very bad for large arg) */
mp_rshd (&t1,t1.used/2);
/* t1 > 0 */
if ((res = mp_div(arg,&t1,&t2,NULL)) != MP_OKAY) {
goto E1;
}
if ((res = mp_add(&t1,&t2,&t1)) != MP_OKAY) {
goto E1;
}
if ((res = mp_div_2(&t1,&t1)) != MP_OKAY) {
goto E1;
}
/* And now t1 > sqrt(arg) */
do {
if ((res = mp_div(arg,&t1,&t2,NULL)) != MP_OKAY) {
goto E1;
}
if ((res = mp_add(&t1,&t2,&t1)) != MP_OKAY) {
goto E1;
}
if ((res = mp_div_2(&t1,&t1)) != MP_OKAY) {
goto E1;
}
/* t1 >= sqrt(arg) >= t2 at this point */
} while (mp_cmp_mag(&t1,&t2) == MP_GT);
mp_exch(&t1,ret);
E1: mp_clear(&t2);
E2: mp_clear(&t1);
return res;
}
/* End: bn_mp_sqrt.c */
/* Start: bn_mp_sub.c */ /* Start: bn_mp_sub.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis /* LibTomMath, multiple-precision integer library -- Tom St Denis
* *
@ -6463,8 +6797,7 @@ mp_to_unsigned_bin (mp_int * a, unsigned char *b)
#include <tommath.h> #include <tommath.h>
/* multiplication using the Toom-Cook 3-way algorithm */ /* multiplication using the Toom-Cook 3-way algorithm */
int int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
mp_toom_mul(mp_int *a, mp_int *b, mp_int *c)
{ {
mp_int w0, w1, w2, w3, w4, tmp1, tmp2, a0, a1, a2, b0, b1, b2; mp_int w0, w1, w2, w3, w4, tmp1, tmp2, a0, a1, a2, b0, b1, b2;
int res, B; int res, B;
@ -7019,6 +7352,93 @@ int mp_toradix (mp_int * a, char *str, int radix)
/* End: bn_mp_toradix.c */ /* End: bn_mp_toradix.c */
/* Start: bn_mp_toradix_n.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis
*
* LibTomMath is a library that provides multiple-precision
* integer arithmetic as well as number theoretic functionality.
*
* The library was designed directly after the MPI library by
* Michael Fromberger but has been written from scratch with
* additional optimizations in place.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org
*/
#include <tommath.h>
/* stores a bignum as a ASCII string in a given radix (2..64)
*
* Stores upto maxlen-1 chars and always a NULL byte
*/
int mp_toradix_n(mp_int * a, char *str, int radix, int maxlen)
{
int res, digs;
mp_int t;
mp_digit d;
char *_s = str;
/* check range of the maxlen, radix */
if (maxlen < 3 || radix < 2 || radix > 64) {
return MP_VAL;
}
/* quick out if its zero */
if (mp_iszero(a) == 1) {
*str++ = '0';
*str = '\0';
return MP_OKAY;
}
if ((res = mp_init_copy (&t, a)) != MP_OKAY) {
return res;
}
/* if it is negative output a - */
if (t.sign == MP_NEG) {
/* we have to reverse our digits later... but not the - sign!! */
++_s;
/* store the flag and mark the number as positive */
*str++ = '-';
t.sign = MP_ZPOS;
/* subtract a char */
--maxlen;
}
digs = 0;
while (mp_iszero (&t) == 0) {
if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) {
mp_clear (&t);
return res;
}
*str++ = mp_s_rmap[d];
++digs;
if (--maxlen == 1) {
/* no more room */
break;
}
}
/* reverse the digits of the string. In this case _s points
* to the first digit [exluding the sign] of the number]
*/
bn_reverse ((unsigned char *)_s, digs);
/* append a NULL so the string is properly terminated */
*str = '\0';
mp_clear (&t);
return MP_OKAY;
}
/* End: bn_mp_toradix_n.c */
/* Start: bn_mp_unsigned_bin_size.c */ /* Start: bn_mp_unsigned_bin_size.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis /* LibTomMath, multiple-precision integer library -- Tom St Denis
* *
@ -7814,8 +8234,8 @@ s_mp_sqr (mp_int * a, mp_int * b)
pa = a->used; pa = a->used;
if ((res = mp_init_size (&t, 2*pa + 1)) != MP_OKAY) { if ((res = mp_init_size (&t, 2*pa + 1)) != MP_OKAY) {
return res; return res;
} }
/* default used is maximum possible size */ /* default used is maximum possible size */
t.used = 2*pa + 1; t.used = 2*pa + 1;
@ -7982,8 +8402,8 @@ s_mp_sub (mp_int * a, mp_int * b, mp_int * c)
*/ */
/* configured for a AMD XP Thoroughbred core with etc/tune.c */ /* configured for a AMD XP Thoroughbred core with etc/tune.c */
int KARATSUBA_MUL_CUTOFF = 109, /* Min. number of digits before Karatsuba multiplication is used. */ int KARATSUBA_MUL_CUTOFF = 70, /* Min. number of digits before Karatsuba multiplication is used. */
KARATSUBA_SQR_CUTOFF = 127, /* Min. number of digits before Karatsuba squaring is used. */ KARATSUBA_SQR_CUTOFF = 108, /* Min. number of digits before Karatsuba squaring is used. */
TOOM_MUL_CUTOFF = 350, /* no optimal values of these are known yet so set em high */ TOOM_MUL_CUTOFF = 350, /* no optimal values of these are known yet so set em high */
TOOM_SQR_CUTOFF = 400; TOOM_SQR_CUTOFF = 400;

10
mycrypt.h
View File

@ -16,13 +16,15 @@ extern "C" {
#endif #endif
/* version */ /* version */
#define CRYPT 0x0094 #define CRYPT 0x0095
#define SCRYPT "0.94" #define SCRYPT "0.95"
/* max size of either a cipher/hash block or symmetric key [largest of the two] */ /* max size of either a cipher/hash block or symmetric key [largest of the two] */
#define MAXBLOCKSIZE 128 #define MAXBLOCKSIZE 128
/* ch1-01-1 */ /* descriptor table size */
#define TAB_SIZE 32
/* error codes [will be expanded in future releases] */ /* error codes [will be expanded in future releases] */
enum { enum {
CRYPT_OK=0, /* Result OK */ CRYPT_OK=0, /* Result OK */
@ -59,7 +61,6 @@ enum {
CRYPT_INVALID_PRIME_SIZE/* Invalid size of prime requested */ CRYPT_INVALID_PRIME_SIZE/* Invalid size of prime requested */
}; };
/* ch1-01-1 */
#include <mycrypt_cfg.h> #include <mycrypt_cfg.h>
#include <mycrypt_macros.h> #include <mycrypt_macros.h>
@ -71,6 +72,7 @@ enum {
#include <mycrypt_misc.h> #include <mycrypt_misc.h>
#include <mycrypt_kr.h> #include <mycrypt_kr.h>
#include <mycrypt_argchk.h> #include <mycrypt_argchk.h>
#include <mycrypt_pkcs.h>
#ifdef __cplusplus #ifdef __cplusplus
} }

2
mycrypt_cfg.h
View File

@ -23,7 +23,7 @@ extern clock_t XCLOCK(void);
/* Controls endianess and size of registers. Leave uncommented to get platform neutral [slower] code */ /* Controls endianess and size of registers. Leave uncommented to get platform neutral [slower] code */
/* detect x86-32 machines somewhat */ /* detect x86-32 machines somewhat */
#if (defined(_MSC_VER) && defined(WIN32)) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__))) #if defined(INTEL_CC) || (defined(_MSC_VER) && defined(WIN32)) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__)))
#define ENDIAN_LITTLE #define ENDIAN_LITTLE
#define ENDIAN_32BITWORD #define ENDIAN_32BITWORD
#endif #endif

4
mycrypt_custom.h
View File

@ -57,6 +57,7 @@
#define SPRNG #define SPRNG
#define RC4 #define RC4
#define DEVRANDOM #define DEVRANDOM
#define TRY_URANDOM_FIRST
#define MRSA #define MRSA
#define MDSA #define MDSA
#define MDH #define MDH
@ -78,6 +79,9 @@
#define ECC521 #define ECC521
#define MPI #define MPI
#define PKCS_1
#define PKCS_5
#include <mycrypt.h> #include <mycrypt.h>

10
mycrypt_hash.h
View File

@ -341,6 +341,10 @@ extern int pmac_file(int cipher, const unsigned char *key, unsigned long keylen,
extern int pmac_test(void); extern int pmac_test(void);
/* internal functions */
extern int pmac_ntz(unsigned long x);
extern void pmac_shift_xor(pmac_state *pmac);
#endif /* PMAC */ #endif /* PMAC */
#ifdef EAX_MODE #ifdef EAX_MODE
@ -432,6 +436,12 @@ extern int ocb_decrypt_verify_memory(int cipher,
extern int ocb_test(void); extern int ocb_test(void);
/* internal functions */
extern void ocb_shift_xor(ocb_state *ocb, unsigned char *Z);
extern int ocb_ntz(unsigned long x);
extern int __ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode);
#endif /* OCB_MODE */ #endif /* OCB_MODE */

4
mycrypt_macros.h
View File

@ -125,7 +125,7 @@ typedef unsigned long ulong32;
#ifdef ENDIAN_BIG #ifdef ENDIAN_BIG
#define STORE32L(x, y) \ #define STORE32L(x, y) \
{ (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ { (y)[z0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \
(y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); }
#define LOAD32L(x, y) \ #define LOAD32L(x, y) \
@ -194,7 +194,7 @@ typedef unsigned long ulong32;
#define ROR(x,n) _lrotr(x,n) #define ROR(x,n) _lrotr(x,n)
#define ROL(x,n) _lrotl(x,n) #define ROL(x,n) _lrotl(x,n)
#elif defined(__GNUC__) && defined(__i386__) #elif defined(__GNUC__) && defined(__i386__) && !defined(INTEL_CC)
static inline unsigned long ROL(unsigned long word, int i) static inline unsigned long ROL(unsigned long word, int i)
{ {

13
mycrypt_pk.h
View File

@ -16,7 +16,7 @@
} }
#define INPUT_BIGNUM(num, in, x, y) \ #define INPUT_BIGNUM(num, in, x, y, inlen) \
{ \ { \
/* load value */ \ /* load value */ \
if ((y + 4) > inlen) { \ if ((y + 4) > inlen) { \
@ -44,11 +44,8 @@
} \ } \
} }
extern int is_prime(mp_int *, int *); extern int is_prime(mp_int *, int *);
extern int rand_prime(mp_int *N, long len, prng_state *prng, int wprng); extern int rand_prime(mp_int *N, long len, prng_state *prng, int wprng);
extern mp_err mp_init_multi(mp_int* mp, ...);
extern void mp_clear_multi(mp_int* mp, ...);
#else #else
#ifdef MRSA #ifdef MRSA
@ -83,6 +80,14 @@ extern int packet_valid_header(unsigned char *src, int section, int subsection);
/* ---- RSA ---- */ /* ---- RSA ---- */
#ifdef MRSA #ifdef MRSA
/* Min and Max RSA key sizes (in bits) */
#define MIN_RSA_SIZE 1024
#define MAX_RSA_SIZE 4096
/* Stack required for temps (plus padding) */
#define RSA_STACK (8 + (MAX_RSA_SIZE/8))
typedef struct Rsa_key { typedef struct Rsa_key {
int type; int type;
mp_int e, d, N, qP, pQ, dP, dQ, p, q; mp_int e, d, N, qP, pQ, dP, dQ, p, q;

53
mycrypt_pkcs.h Normal file
View File

@ -0,0 +1,53 @@
/* PKCS Header Info */
/* ===> PKCS #1 -- RSA Cryptography <=== */
#ifdef PKCS_1
int pkcs_1_mgf1(const unsigned char *seed, unsigned long seedlen,
int hash_idx,
unsigned char *mask, unsigned long masklen);
int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen,
const unsigned char *lparam, unsigned long lparamlen,
unsigned long modulus_bitlen, int hash_idx,
int prng_idx, prng_state *prng,
unsigned char *out, unsigned long *outlen);
int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen,
const unsigned char *lparam, unsigned long lparamlen,
unsigned long modulus_bitlen, int hash_idx,
unsigned char *out, unsigned long *outlen);
int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen,
unsigned long saltlen, int hash_idx,
int prng_idx, prng_state *prng,
unsigned long modulus_bitlen,
unsigned char *out, unsigned long *outlen);
int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
const unsigned char *sig, unsigned long siglen,
unsigned long saltlen, int hash_idx,
unsigned long modulus_bitlen, int *res);
int pkcs_1_i2osp(mp_int *n, unsigned long modulus_len, unsigned char *out);
int pkcs_1_os2ip(mp_int *n, unsigned char *in, unsigned long inlen);
#endif /* PKCS_1 */
/* ===> PKCS #5 -- Password Based Cryptography <=== */
#ifdef PKCS_5
/* Algorithm #1 (old) */
int pkcs_5_alg1(const unsigned char *password, unsigned long password_len,
const unsigned char *salt,
int iteration_count, int hash_idx,
unsigned char *out, unsigned long *outlen);
/* Algorithm #2 (new) */
int pkcs_5_alg2(const unsigned char *password, unsigned long password_len,
const unsigned char *salt, unsigned long salt_len,
int iteration_count, int hash_idx,
unsigned char *out, unsigned long *outlen);
#endif /* PKCS_5 */

Some files were not shown because too many files have changed in this diff Show More