diff --git a/Doxyfile b/Doxyfile index 7c7e195..9a556c3 100644 --- a/Doxyfile +++ b/Doxyfile @@ -23,7 +23,7 @@ PROJECT_NAME = LibTomCrypt # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.13 +PROJECT_NUMBER = 1.14 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/TODO b/TODO index ce7fce1..429aa2e 100644 --- a/TODO +++ b/TODO @@ -1,2 +1,4 @@ - long term, start moving macros like CTR over to LTC_CTR to make LTC a bit more "drop-in-able". +- F8 mode could use some LTC_FAST love + diff --git a/changes b/changes index 2bfe328..51ff77c 100644 --- a/changes +++ b/changes @@ -1,3 +1,23 @@ +August 0x1E, 0x07D6 +v1.14 -- Renamed the chaining mode macros from XXX to LTC_XXX_MODE. Should help avoid polluting the macro name space. + -- clean up of SHA-256 + -- Chris Colman pointed out that der_decode_sequence_* allows LTC_ASN1_SETOF to accept SEQUENCEs and vice versa. + Decoder [non-flexi decoder that is] is more strict now and requires a match. + -- Steffen Jaeckel pointed out a typo in the user manual (re: rsa_exptmod). Fixed. This disproves the notion that + nobody reads it. :-) + -- Made GCM a bit more portable w.r.t. handling the CTR IV (e.g. & with 255) + -- Add LTC_VERBOSE if you really want to see what test is doing :-) + -- Added SSE2 support to GCM [use GCM_TABLES_SSE2 to enable], shaves 2 cycles per byte on Opteron processors + Shaved 4 cycles on a Prescott (Intel P4) + Requires you align your gcm_state on a 16 byte boundary, see gcm_memory() for more info + -- Added missing prototype for f8_test_mode() + -- two fixes to CCM for corner cases [L+noncelen > 15] and fixing the CTR pad to encrypt the CBC-MAC tag + -- Franz Glasner pointed out the ARGTYPE=4 is not actually valid. Fixed. + -- Fixed bug in f8_start() if your key < saltkey unspecified behaviour occurs. :-( + -- Documented F8 mode. Yeah, because you read the manual. + -- Minor updates to the technotes. + + June 17th, 2005 v1.13 -- Fixed to fortuna_start() to clean up state if an error occurs. Not really useful at this stage (sha256 can't fail) but useful if I ever make fortuna pluggable @@ -1464,6 +1484,6 @@ v0.02 -- Changed RC5 to only allow 12 to 24 rounds v0.01 -- We will call this the first version. /* $Source: /cvs/libtom/libtomcrypt/changes,v $ */ -/* $Revision: 1.213 $ */ -/* $Date: 2006/06/18 01:42:59 $ */ +/* $Revision: 1.224 $ */ +/* $Date: 2006/08/30 23:23:20 $ */ diff --git a/crypt.tex b/crypt.tex index 81ddaae..f6f3f91 100644 --- a/crypt.tex +++ b/crypt.tex @@ -47,7 +47,7 @@ \def\gap{\vspace{0.5ex}} \makeindex \begin{document} -\title{LibTomCrypt \\ Version 1.13} +\title{LibTomCrypt \\ Version 1.14} \author{Tom St Denis \\ \\ tomstdenis@gmail.com \\ @@ -1007,6 +1007,55 @@ To terminate the LRW state use the following: int lrw_done(symmetric_LRW *lrw); \end{verbatim} +\subsection{F8 Mode} +\index{F8 Mode} +The F8 Chaining mode (see RFC 3711 for instance) is yet another chaining mode for block ciphers. It behaves much like CTR mode in that it XORs a keystream +against the plaintext to encrypt. F8 mode comes with the additional twist that the counter value is secret, encrypted by a \textit{salt key}. We +initialize F8 mode with the fuollowing function call: + +\index{f8\_start()} +\begin{verbatim} +int f8_start( int cipher, const unsigned char *IV, + const unsigned char *key, int keylen, + const unsigned char *salt_key, int skeylen, + int num_rounds, symmetric_F8 *f8); +\end{verbatim} +This will start the F8 mode state using ``key'' as the secret key, ``IV'' as the counter. It uses the ``salt\_key`` as IV encryption key (``m'' in the RFC 3711). +The salt\_key can be shorter than the secret key but it should not be longer. + +To encrypt or decrypt data we use the following two functions: + +\index{f8\_encrypt()} \index{f8\_decrypt()} +\begin{verbatim} +int f8_encrypt(const unsigned char *pt, unsigned char *ct, + unsigned long len, symmetric_F8 *f8); + +int f8_decrypt(const unsigned char *ct, unsigned char *pt, + unsigned long len, symmetric_F8 *f8); +\end{verbatim} +These will encrypt or decrypt a variable length array of bytes using the F8 mode state specified. The length is specified in bytes and does not have to be a multiple +of the ciphers block size. + +To change or retrieve the current counter IV value use the following functions: + +\index{f8\_getiv()} +\index{f8\_setiv()} +\begin{verbatim} +int f8_getiv(unsigned char *IV, unsigned long *len, symmetric_F8 *f8); +int f8_setiv(const unsigned char *IV, unsigned long len, symmetric_F8 *f8); +\end{verbatim} +These work with the current IV value only and not the encrypted IV value specifed during the call to f8\_start(). The purpose of these two functions is to be +able to seek within a current session only. If you want to change the session IV you will have to call f8\_done() and then start a new state with +f8\_start(). + +To terminate an F8 state call the following function: + +\index{f8\_done()} +\begin{verbatim} +int f8_done(symmetric_F8 *f8); +\end{verbatim} + +\vbox{} \section{Encrypt and Authenticate Modes} \subsection{EAX Mode} @@ -2719,8 +2768,7 @@ To do raw work with the RSA function call: \begin{verbatim} int rsa_exptmod(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, - int which, prng_state *prng, int prng_idx, - rsa_key *key); + int which, rsa_key *key); \end{verbatim} This loads the bignum from ``in'' as a big endian word in the format PKCS specifies, raises it to either ``e'' or ``d'' and stores the result in ``out'' and the size of the result in ``outlen''. ``which'' is set to {\bf PK\_PUBLIC} to use ``e'' @@ -5241,5 +5289,5 @@ Since the function is given the entire RSA key (for private keys only) CRT is po \end{document} % $Source: /cvs/libtom/libtomcrypt/crypt.tex,v $ -% $Revision: 1.74 $ -% $Date: 2006/06/18 01:35:41 $ +% $Revision: 1.77 $ +% $Date: 2006/08/30 23:23:20 $ diff --git a/demos/timing.c b/demos/timing.c index fc76842..8313332 100644 --- a/demos/timing.c +++ b/demos/timing.c @@ -16,13 +16,6 @@ reg_algs(); extern ltc_math_descriptor EXT_MATH_LIB; ltc_mp = EXT_MATH_LIB; #endif -time_cipher(); -time_hash(); -time_encmacs(); -time_rsa(); -time_ecc(); -time_ecc(); -return 0; time_keysched(); time_cipher(); time_cipher2(); diff --git a/doc/crypt.pdf b/doc/crypt.pdf index feae4a7..d1679d8 100644 Binary files a/doc/crypt.pdf and b/doc/crypt.pdf differ diff --git a/makefile b/makefile index e55c666..d5d5ff8 100644 --- a/makefile +++ b/makefile @@ -4,7 +4,7 @@ # Modified by Clay Culver # The version -VERSION=1.13 +VERSION=1.14 # Compiler and Linker Names #CC=gcc @@ -367,5 +367,5 @@ zipup: no_oops docs # $Source: /cvs/libtom/libtomcrypt/makefile,v $ -# $Revision: 1.126 $ -# $Date: 2006/06/16 23:52:08 $ +# $Revision: 1.127 $ +# $Date: 2006/06/29 01:59:34 $ diff --git a/makefile.shared b/makefile.shared index 4bef699..934fd53 100644 --- a/makefile.shared +++ b/makefile.shared @@ -6,7 +6,7 @@ # Tom St Denis # The version -VERSION=0:113 +VERSION=0:114 # Compiler and Linker Names CC=libtool --mode=compile --tag=CC gcc @@ -265,5 +265,5 @@ timing: library testprof/$(LIBTEST) $(TIMINGS) gcc -o $(TIMING) $(TIMINGS) -ltomcrypt_prof -ltomcrypt $(EXTRALIBS) # $Source: /cvs/libtom/libtomcrypt/makefile.shared,v $ -# $Revision: 1.58 $ -# $Date: 2006/06/16 23:52:08 $ +# $Revision: 1.59 $ +# $Date: 2006/06/29 01:59:34 $ diff --git a/notes/tech0005.txt b/notes/tech0005.txt index c03afff..e29b7bd 100644 --- a/notes/tech0005.txt +++ b/notes/tech0005.txt @@ -12,7 +12,7 @@ You can disable whole classes of algorithms on the command line with the LTC_NO_ The following build with GCC 3.4.4 on an AMD64 box gets you AES, CTR mode, SHA-256, HMAC, Yarrow, full RSA PKCS #1, PKCS #5 and ASN.1 DER in roughly 40KB of code (49KB on the ARMv4) (both excluding the math library). -CFLAGS="-DLTC_NO_CIPHERS -DLTC_NO_HASHES -DLTC_NO_PRNGS -DLTC_NO_MACS -DLTC_NO_MODES -DLTC_NO_PK -DRIJNDAEL -DCTR -DSHA256 \ +CFLAGS="-DLTC_NO_CIPHERS -DLTC_NO_HASHES -DLTC_NO_PRNGS -DLTC_NO_MACS -DLTC_NO_MODES -DLTC_NO_PK -DRIJNDAEL -DLTC_CTR_MODE -DSHA256 \ -DHMAC -DYARROW -DMRSA -DMPI -DTFM_DESC -DARGTYPE=3 -Os -DLTC_SMALL_CODE -fomit-frame-pointer" make IGNORE_SPEED=1 Obviously this won't get you performance but if you need to pack a crypto lib in a device with limited means it's more than enough... diff --git a/notes/tech0007.txt b/notes/tech0007.txt index 33f87d6..149bd49 100644 --- a/notes/tech0007.txt +++ b/notes/tech0007.txt @@ -1,5 +1,5 @@ Tech Note #7 Quick building for testing with LTM -EXTRALIBS=-ltommath CFLAGS="-g3 -DLTC_NO_ASM" make -j3 IGNORE_SPEED=1 test +EXTRALIBS=-ltommath CFLAGS="-g3 -DLTC_NO_ASM -DUSE_LTM -DLTM_DESC" make -j3 IGNORE_SPEED=1 test diff --git a/src/ciphers/aes/aes.c b/src/ciphers/aes/aes.c index 32bcd69..90e19e9 100644 --- a/src/ciphers/aes/aes.c +++ b/src/ciphers/aes/aes.c @@ -308,7 +308,6 @@ int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) LOAD32H(s2, pt + 8); s2 ^= rk[2]; LOAD32H(s3, pt + 12); s3 ^= rk[3]; - #ifdef LTC_SMALL_CODE for (r = 0; ; r++) { diff --git a/src/encauth/ccm/ccm_memory.c b/src/encauth/ccm/ccm_memory.c index 57dafb7..b96e68d 100644 --- a/src/encauth/ccm/ccm_memory.c +++ b/src/encauth/ccm/ccm_memory.c @@ -117,6 +117,11 @@ int ccm_memory(int cipher, L = 15 - noncelen; } + /* decrease noncelen to match L */ + if ((noncelen + L) > 15) { + noncelen = 15 - L; + } + /* allocate mem for the symmetric key */ if (uskey == NULL) { skey = XMALLOC(sizeof(*skey)); @@ -308,8 +313,10 @@ int ccm_memory(int cipher, } } - /* setup CTR for the TAG */ - ctr[14] = ctr[15] = 0x00; + /* setup CTR for the TAG (zero the count) */ + for (y = 15; y > 15 - L; y--) { + ctr[y] = 0x00; + } if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) { goto error; } diff --git a/src/encauth/gcm/gcm_memory.c b/src/encauth/gcm/gcm_memory.c index 8e02fa8..7f231c7 100644 --- a/src/encauth/gcm/gcm_memory.c +++ b/src/encauth/gcm/gcm_memory.c @@ -43,6 +43,7 @@ int gcm_memory( int cipher, unsigned char *tag, unsigned long *taglen, int direction) { + void *orig; gcm_state *gcm; int err; @@ -63,11 +64,26 @@ int gcm_memory( int cipher, } - gcm = XMALLOC(sizeof(*gcm)); + +#ifndef GCM_TABLES_SSE2 + orig = gcm = XMALLOC(sizeof(*gcm)); +#else + orig = gcm = XMALLOC(sizeof(*gcm) + 16); +#endif if (gcm == NULL) { return CRYPT_MEM; } + /* Force GCM to be on a multiple of 16 so we can use 128-bit aligned operations + * note that we only modify gcm and keep orig intact. This code is not portable + * but again it's only for SSE2 anyways, so who cares? + */ +#ifdef GCM_TABLES_SSE2 + if ((unsigned long)gcm & 15) { + gcm = (gcm_state *)((unsigned long)gcm + (16 - ((unsigned long)gcm & 15))); + } +#endif + if ((err = gcm_init(gcm, cipher, key, keylen)) != CRYPT_OK) { goto LTC_ERR; } @@ -82,7 +98,7 @@ int gcm_memory( int cipher, } err = gcm_done(gcm, tag, taglen); LTC_ERR: - XFREE(gcm); + XFREE(orig); return err; } #endif diff --git a/src/encauth/gcm/gcm_mult_h.c b/src/encauth/gcm/gcm_mult_h.c index 2bee3d9..627eb9b 100644 --- a/src/encauth/gcm/gcm_mult_h.c +++ b/src/encauth/gcm/gcm_mult_h.c @@ -26,6 +26,13 @@ void gcm_mult_h(gcm_state *gcm, unsigned char *I) unsigned char T[16]; #ifdef GCM_TABLES int x, y; +#ifdef GCM_TABLES_SSE2 + asm("movdqa (%0),%%xmm0"::"r"(&gcm->PC[0][I[0]][0])); + for (x = 1; x < 16; x++) { + asm("pxor (%0),%%xmm0"::"r"(&gcm->PC[x][I[x]][0])); + } + asm("movdqa %%xmm0,(%0)"::"r"(&T)); +#else XMEMCPY(T, &gcm->PC[0][I[0]][0], 16); for (x = 1; x < 16; x++) { #ifdef LTC_FAST @@ -36,8 +43,9 @@ void gcm_mult_h(gcm_state *gcm, unsigned char *I) for (y = 0; y < 16; y++) { T[y] ^= gcm->PC[x][I[x]][y]; } -#endif +#endif /* LTC_FAST */ } +#endif /* GCM_TABLES_SSE2 */ #else gcm_gf_mult(gcm->H, I, T); #endif diff --git a/src/encauth/gcm/gcm_process.c b/src/encauth/gcm/gcm_process.c index 417a941..7fa34ca 100644 --- a/src/encauth/gcm/gcm_process.c +++ b/src/encauth/gcm/gcm_process.c @@ -59,7 +59,7 @@ int gcm_process(gcm_state *gcm, /* increment counter */ for (y = 15; y >= 12; y--) { - if (++gcm->Y[y]) { break; } + if (++gcm->Y[y] & 255) { break; } } /* encrypt the counter */ if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { @@ -89,7 +89,7 @@ int gcm_process(gcm_state *gcm, gcm_mult_h(gcm, gcm->X); /* increment counter */ for (y = 15; y >= 12; y--) { - if (++gcm->Y[y]) { break; } + if (++gcm->Y[y] & 255) { break; } } if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { return err; @@ -107,7 +107,7 @@ int gcm_process(gcm_state *gcm, gcm_mult_h(gcm, gcm->X); /* increment counter */ for (y = 15; y >= 12; y--) { - if (++gcm->Y[y]) { break; } + if (++gcm->Y[y] & 255) { break; } } if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { return err; @@ -125,7 +125,7 @@ int gcm_process(gcm_state *gcm, /* increment counter */ for (y = 15; y >= 12; y--) { - if (++gcm->Y[y]) { break; } + if (++gcm->Y[y] & 255) { break; } } if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { return err; diff --git a/src/hashes/sha2/sha256.c b/src/hashes/sha2/sha256.c index e3d07dc..a9bc448 100644 --- a/src/hashes/sha2/sha256.c +++ b/src/hashes/sha2/sha256.c @@ -37,7 +37,7 @@ const struct ltc_hash_descriptor sha256_desc = #ifdef LTC_SMALL_CODE /* the K array */ -static const unsigned long K[64] = { +static const ulong32 K[64] = { 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, diff --git a/src/headers/tomcrypt.h b/src/headers/tomcrypt.h index a732033..a11e494 100644 --- a/src/headers/tomcrypt.h +++ b/src/headers/tomcrypt.h @@ -16,8 +16,8 @@ extern "C" { #endif /* version */ -#define CRYPT 0x0113 -#define SCRYPT "1.13" +#define CRYPT 0x0114 +#define SCRYPT "1.14" /* max size of either a cipher/hash block or symmetric key [largest of the two] */ #define MAXBLOCKSIZE 128 diff --git a/src/headers/tomcrypt_argchk.h b/src/headers/tomcrypt_argchk.h index 68edb91..c4014b8 100644 --- a/src/headers/tomcrypt_argchk.h +++ b/src/headers/tomcrypt_argchk.h @@ -27,8 +27,8 @@ void crypt_argchk(char *v, char *s, int d); #elif ARGTYPE == 4 -#define LTC_ARGCHK(x) return CRYPT_INVALID_ARG; -#define LTC_ARGCHKVD(x) return; +#define LTC_ARGCHK(x) if (!(x)) return CRYPT_INVALID_ARG; +#define LTC_ARGCHKVD(x) if (!(x)) return; #endif diff --git a/src/headers/tomcrypt_cipher.h b/src/headers/tomcrypt_cipher.h index 6203308..507c30e 100644 --- a/src/headers/tomcrypt_cipher.h +++ b/src/headers/tomcrypt_cipher.h @@ -167,7 +167,7 @@ typedef union Symmetric_key { void *data; } symmetric_key; -#ifdef ECB +#ifdef LTC_ECB_MODE /** A block cipher ECB structure */ typedef struct { /** The index of the cipher chosen */ @@ -179,7 +179,7 @@ typedef struct { } symmetric_ECB; #endif -#ifdef CFB +#ifdef LTC_CFB_MODE /** A block cipher CFB structure */ typedef struct { /** The index of the cipher chosen */ @@ -197,7 +197,7 @@ typedef struct { } symmetric_CFB; #endif -#ifdef OFB +#ifdef LTC_OFB_MODE /** A block cipher OFB structure */ typedef struct { /** The index of the cipher chosen */ @@ -213,7 +213,7 @@ typedef struct { } symmetric_OFB; #endif -#ifdef CBC +#ifdef LTC_CBC_MODE /** A block cipher CBC structure */ typedef struct { /** The index of the cipher chosen */ @@ -228,7 +228,7 @@ typedef struct { #endif -#ifdef CTR +#ifdef LTC_CTR_MODE /** A block cipher CTR structure */ typedef struct { /** The index of the cipher chosen */ @@ -249,7 +249,7 @@ typedef struct { #endif -#ifdef LRW_MODE +#ifdef LTC_LRW_MODE /** A LRW structure */ typedef struct { /** The index of the cipher chosen (must be a 128-bit block cipher) */ @@ -649,7 +649,7 @@ int anubis_keysize(int *keysize); extern const struct ltc_cipher_descriptor anubis_desc; #endif -#ifdef ECB +#ifdef LTC_ECB_MODE int ecb_start(int cipher, const unsigned char *key, int keylen, int num_rounds, symmetric_ECB *ecb); int ecb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_ECB *ecb); @@ -657,7 +657,7 @@ int ecb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s int ecb_done(symmetric_ECB *ecb); #endif -#ifdef CFB +#ifdef LTC_CFB_MODE int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, int keylen, int num_rounds, symmetric_CFB *cfb); int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb); @@ -667,7 +667,7 @@ int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb); int cfb_done(symmetric_CFB *cfb); #endif -#ifdef OFB +#ifdef LTC_OFB_MODE int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key, int keylen, int num_rounds, symmetric_OFB *ofb); int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_OFB *ofb); @@ -677,7 +677,7 @@ int ofb_setiv(const unsigned char *IV, unsigned long len, symmetric_OFB *ofb); int ofb_done(symmetric_OFB *ofb); #endif -#ifdef CBC +#ifdef LTC_CBC_MODE int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key, int keylen, int num_rounds, symmetric_CBC *cbc); int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CBC *cbc); @@ -687,7 +687,7 @@ int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc); int cbc_done(symmetric_CBC *cbc); #endif -#ifdef CTR +#ifdef LTC_CTR_MODE #define CTR_COUNTER_LITTLE_ENDIAN 0 #define CTR_COUNTER_BIG_ENDIAN 1 @@ -704,7 +704,7 @@ int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr); int ctr_done(symmetric_CTR *ctr); #endif -#ifdef LRW_MODE +#ifdef LTC_LRW_MODE #define LRW_ENCRYPT 0 #define LRW_DECRYPT 1 @@ -736,6 +736,7 @@ int f8_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, sy int f8_getiv(unsigned char *IV, unsigned long *len, symmetric_F8 *f8); int f8_setiv(const unsigned char *IV, unsigned long len, symmetric_F8 *f8); int f8_done(symmetric_F8 *f8); +int f8_test_mode(void); #endif diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index cf201eb..675bb2d 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -45,9 +45,9 @@ #define CAST5 #define LTC_NO_MODES - #define ECB - #define CBC - #define CTR + #define LTC_ECB_MODE + #define LTC_CBC_MODE + #define LTC_CTR_MODE #define LTC_NO_HASHES #define SHA1 @@ -55,7 +55,6 @@ #define SHA384 #define SHA256 #define SHA224 - #define WHIRLPOOL #define LTC_NO_MACS #define HMAC @@ -72,8 +71,6 @@ #define MRSA #define MECC #endif - - /* Use small code where possible */ /* #define LTC_SMALL_CODE */ @@ -134,17 +131,17 @@ /* ---> Block Cipher Modes of Operation <--- */ #ifndef LTC_NO_MODES -#define CFB -#define OFB -#define ECB -#define CBC -#define CTR +#define LTC_CFB_MODE +#define LTC_OFB_MODE +#define LTC_ECB_MODE +#define LTC_CBC_MODE +#define LTC_CTR_MODE /* F8 chaining mode */ #define LTC_F8_MODE /* LRW mode */ -#define LRW_MODE +#define LTC_LRW_MODE #ifndef LTC_NO_TABLES /* like GCM mode this will enable 16 8x128 tables [64KB] that make * seeking very fast. @@ -188,7 +185,7 @@ /* ---> Encrypt + Authenticate Modes <--- */ #define EAX_MODE -#if defined(EAX_MODE) && !(defined(CTR) && defined(OMAC)) +#if defined(EAX_MODE) && !(defined(LTC_CTR_MODE) && defined(OMAC)) #error EAX_MODE requires CTR and OMAC mode #endif @@ -201,6 +198,11 @@ #define GCM_TABLES #endif +/* USE SSE2? requires GCC works on x86_32 and x86_64*/ +#ifdef GCM_TABLES +/* #define GCM_TABLES_SSE2 */ +#endif + #endif /* LTC_NO_MACS */ /* Various tidbits of modern neatoness */ @@ -215,8 +217,8 @@ /* 0 = rijndael_enc 1 = aes_enc, 2 = rijndael [full], 3 = aes [full] */ #define YARROW_AES 0 -#if defined(YARROW) && !defined(CTR) - #error YARROW requires CTR chaining mode to be defined! +#if defined(YARROW) && !defined(LTC_CTR_MODE) + #error YARROW requires LTC_CTR_MODE chaining mode to be defined! #endif /* a PRNG that simply reads from an available system source */ diff --git a/src/headers/tomcrypt_mac.h b/src/headers/tomcrypt_mac.h index 98b72b4..f726ce1 100644 --- a/src/headers/tomcrypt_mac.h +++ b/src/headers/tomcrypt_mac.h @@ -98,7 +98,7 @@ void pmac_shift_xor(pmac_state *pmac); #ifdef EAX_MODE -#if !(defined(OMAC) && defined(CTR)) +#if !(defined(OMAC) && defined(LTC_CTR_MODE)) #error EAX_MODE requires OMAC and CTR #endif @@ -248,9 +248,12 @@ typedef struct { pttotlen; /* 64-bit counter for the PT */ #ifdef GCM_TABLES - unsigned char PC[16][256][16]; /* 16 tables of 8x128 */ + unsigned char PC[16][256][16] /* 16 tables of 8x128 */ +#ifdef GCM_TABLES_SSE2 +__attribute__ ((aligned (16))) +#endif +; #endif - } gcm_state; void gcm_mult_h(gcm_state *gcm, unsigned char *I); diff --git a/src/mac/hmac/hmac_test.c b/src/mac/hmac/hmac_test.c index 36cda28..b22e746 100644 --- a/src/mac/hmac/hmac_test.c +++ b/src/mac/hmac/hmac_test.c @@ -55,7 +55,7 @@ int hmac_test(void) 3. Test Cases for HMAC-SHA-1 test_case = 1 - key = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b + key = 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c key_len = 20 data = "Hi Ther 20 digest = 0x4c1a03424b55e07fe7f27be1d58bb9324a9a5a04 diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c index 7b4e7df..b67a6eb 100644 --- a/src/misc/crypt/crypt.c +++ b/src/misc/crypt/crypt.c @@ -153,19 +153,19 @@ const char *crypt_build_settings = #endif "\nBlock Chaining Modes:\n" -#if defined(CFB) +#if defined(LTC_CFB_MODE) " CFB\n" #endif -#if defined(OFB) +#if defined(LTC_OFB_MODE) " OFB\n" #endif -#if defined(ECB) +#if defined(LTC_ECB_MODE) " ECB\n" #endif -#if defined(CBC) +#if defined(LTC_CBC_MODE) " CBC\n" #endif -#if defined(CTR) +#if defined(LTC_CTR_MODE) " CTR\n" #endif #if defined(LRW_MODE) diff --git a/src/modes/cbc/cbc_decrypt.c b/src/modes/cbc/cbc_decrypt.c index cef9cc3..ed4e9ba 100644 --- a/src/modes/cbc/cbc_decrypt.c +++ b/src/modes/cbc/cbc_decrypt.c @@ -16,7 +16,7 @@ */ -#ifdef CBC +#ifdef LTC_CBC_MODE /** CBC decrypt diff --git a/src/modes/cbc/cbc_done.c b/src/modes/cbc/cbc_done.c index ed2b2ab..af815f4 100644 --- a/src/modes/cbc/cbc_done.c +++ b/src/modes/cbc/cbc_done.c @@ -15,7 +15,7 @@ CBC implementation, finish chain, Tom St Denis */ -#ifdef CBC +#ifdef LTC_CBC_MODE /** Terminate the chain @param cbc The CBC chain to terminate diff --git a/src/modes/cbc/cbc_encrypt.c b/src/modes/cbc/cbc_encrypt.c index 6129f2b..678c433 100644 --- a/src/modes/cbc/cbc_encrypt.c +++ b/src/modes/cbc/cbc_encrypt.c @@ -16,7 +16,7 @@ */ -#ifdef CBC +#ifdef LTC_CBC_MODE /** CBC encrypt diff --git a/src/modes/cbc/cbc_getiv.c b/src/modes/cbc/cbc_getiv.c index 055fcc5..28b74c7 100644 --- a/src/modes/cbc/cbc_getiv.c +++ b/src/modes/cbc/cbc_getiv.c @@ -15,7 +15,7 @@ CBC implementation, get IV, Tom St Denis */ -#ifdef CBC +#ifdef LTC_CBC_MODE /** Get the current initial vector diff --git a/src/modes/cbc/cbc_setiv.c b/src/modes/cbc/cbc_setiv.c index 18ec82d..74d62b6 100644 --- a/src/modes/cbc/cbc_setiv.c +++ b/src/modes/cbc/cbc_setiv.c @@ -16,7 +16,7 @@ */ -#ifdef CBC +#ifdef LTC_CBC_MODE /** Set an initial vector diff --git a/src/modes/cbc/cbc_start.c b/src/modes/cbc/cbc_start.c index 0d9bab0..4799922 100644 --- a/src/modes/cbc/cbc_start.c +++ b/src/modes/cbc/cbc_start.c @@ -15,7 +15,7 @@ CBC implementation, start chain, Tom St Denis */ -#ifdef CBC +#ifdef LTC_CBC_MODE /** Initialize a CBC context diff --git a/src/modes/cfb/cfb_decrypt.c b/src/modes/cfb/cfb_decrypt.c index bf80e8a..98793d8 100644 --- a/src/modes/cfb/cfb_decrypt.c +++ b/src/modes/cfb/cfb_decrypt.c @@ -15,7 +15,7 @@ CFB implementation, decrypt data, Tom St Denis */ -#ifdef CFB +#ifdef LTC_CFB_MODE /** CFB decrypt diff --git a/src/modes/cfb/cfb_done.c b/src/modes/cfb/cfb_done.c index f2bbdc3..63181a2 100644 --- a/src/modes/cfb/cfb_done.c +++ b/src/modes/cfb/cfb_done.c @@ -15,7 +15,7 @@ CFB implementation, finish chain, Tom St Denis */ -#ifdef CFB +#ifdef LTC_CFB_MODE /** Terminate the chain @param cfb The CFB chain to terminate diff --git a/src/modes/cfb/cfb_encrypt.c b/src/modes/cfb/cfb_encrypt.c index 1506878..03260e2 100644 --- a/src/modes/cfb/cfb_encrypt.c +++ b/src/modes/cfb/cfb_encrypt.c @@ -15,7 +15,7 @@ CFB implementation, encrypt data, Tom St Denis */ -#ifdef CFB +#ifdef LTC_CFB_MODE /** CFB encrypt diff --git a/src/modes/cfb/cfb_getiv.c b/src/modes/cfb/cfb_getiv.c index f764970..b8e8b98 100644 --- a/src/modes/cfb/cfb_getiv.c +++ b/src/modes/cfb/cfb_getiv.c @@ -15,7 +15,7 @@ CFB implementation, get IV, Tom St Denis */ -#ifdef CFB +#ifdef LTC_CFB_MODE /** Get the current initial vector diff --git a/src/modes/cfb/cfb_setiv.c b/src/modes/cfb/cfb_setiv.c index ac6961a..31ecd11 100644 --- a/src/modes/cfb/cfb_setiv.c +++ b/src/modes/cfb/cfb_setiv.c @@ -14,7 +14,8 @@ @file cfb_setiv.c CFB implementation, set IV, Tom St Denis */ -#ifdef CFB + +#ifdef LTC_CFB_MODE /** Set an initial vector diff --git a/src/modes/cfb/cfb_start.c b/src/modes/cfb/cfb_start.c index aa9e65f..dc2def4 100644 --- a/src/modes/cfb/cfb_start.c +++ b/src/modes/cfb/cfb_start.c @@ -16,7 +16,7 @@ */ -#ifdef CFB +#ifdef LTC_CFB_MODE /** Initialize a CFB context diff --git a/src/modes/ctr/ctr_decrypt.c b/src/modes/ctr/ctr_decrypt.c index f6a64f0..a3052a3 100644 --- a/src/modes/ctr/ctr_decrypt.c +++ b/src/modes/ctr/ctr_decrypt.c @@ -15,7 +15,7 @@ CTR implementation, decrypt data, Tom St Denis */ -#ifdef CTR +#ifdef LTC_CTR_MODE /** CTR decrypt diff --git a/src/modes/ctr/ctr_done.c b/src/modes/ctr/ctr_done.c index f5efec9..091837d 100644 --- a/src/modes/ctr/ctr_done.c +++ b/src/modes/ctr/ctr_done.c @@ -15,7 +15,7 @@ CTR implementation, finish chain, Tom St Denis */ -#ifdef CTR +#ifdef LTC_CTR_MODE /** Terminate the chain @param ctr The CTR chain to terminate diff --git a/src/modes/ctr/ctr_encrypt.c b/src/modes/ctr/ctr_encrypt.c index 48e4d39..bab386a 100644 --- a/src/modes/ctr/ctr_encrypt.c +++ b/src/modes/ctr/ctr_encrypt.c @@ -16,7 +16,7 @@ */ -#ifdef CTR +#ifdef LTC_CTR_MODE /** CTR encrypt diff --git a/src/modes/ctr/ctr_getiv.c b/src/modes/ctr/ctr_getiv.c index ff44482..a11e4ff 100644 --- a/src/modes/ctr/ctr_getiv.c +++ b/src/modes/ctr/ctr_getiv.c @@ -15,7 +15,7 @@ CTR implementation, get IV, Tom St Denis */ -#ifdef CTR +#ifdef LTC_CTR_MODE /** Get the current initial vector diff --git a/src/modes/ctr/ctr_setiv.c b/src/modes/ctr/ctr_setiv.c index 9a8103a..d9c0254 100644 --- a/src/modes/ctr/ctr_setiv.c +++ b/src/modes/ctr/ctr_setiv.c @@ -15,7 +15,7 @@ CTR implementation, set IV, Tom St Denis */ -#ifdef CTR +#ifdef LTC_CTR_MODE /** Set an initial vector diff --git a/src/modes/ctr/ctr_start.c b/src/modes/ctr/ctr_start.c index 318e43c..f6c45cb 100644 --- a/src/modes/ctr/ctr_start.c +++ b/src/modes/ctr/ctr_start.c @@ -16,7 +16,7 @@ */ -#ifdef CTR +#ifdef LTC_CTR_MODE /** Initialize a CTR context diff --git a/src/modes/ecb/ecb_decrypt.c b/src/modes/ecb/ecb_decrypt.c index 52a7f5c..bae4dbe 100644 --- a/src/modes/ecb/ecb_decrypt.c +++ b/src/modes/ecb/ecb_decrypt.c @@ -15,7 +15,7 @@ ECB implementation, decrypt a block, Tom St Denis */ -#ifdef ECB +#ifdef LTC_ECB_MODE /** ECB decrypt diff --git a/src/modes/ecb/ecb_done.c b/src/modes/ecb/ecb_done.c index 7adfcf8..c837625 100644 --- a/src/modes/ecb/ecb_done.c +++ b/src/modes/ecb/ecb_done.c @@ -15,7 +15,7 @@ ECB implementation, finish chain, Tom St Denis */ -#ifdef ECB +#ifdef LTC_ECB_MODE /** Terminate the chain @param ecb The ECB chain to terminate diff --git a/src/modes/ecb/ecb_encrypt.c b/src/modes/ecb/ecb_encrypt.c index 1835ed9..07a3c63 100644 --- a/src/modes/ecb/ecb_encrypt.c +++ b/src/modes/ecb/ecb_encrypt.c @@ -15,7 +15,7 @@ ECB implementation, encrypt a block, Tom St Denis */ -#ifdef ECB +#ifdef LTC_ECB_MODE /** ECB encrypt diff --git a/src/modes/ecb/ecb_start.c b/src/modes/ecb/ecb_start.c index df97570..d5bb89f 100644 --- a/src/modes/ecb/ecb_start.c +++ b/src/modes/ecb/ecb_start.c @@ -16,7 +16,7 @@ */ -#ifdef ECB +#ifdef LTC_ECB_MODE /** Initialize a ECB context diff --git a/src/modes/f8/f8_start.c b/src/modes/f8/f8_start.c index 398f395..1a96a76 100644 --- a/src/modes/f8/f8_start.c +++ b/src/modes/f8/f8_start.c @@ -54,6 +54,7 @@ int f8_start( int cipher, const unsigned char *IV, f8->padlen = f8->blocklen; /* now get key ^ salt_key [extend salt_ket with 0x55 as required to match length] */ + zeromem(tkey, sizeof(tkey)); for (x = 0; x < keylen && x < (int)sizeof(tkey); x++) { tkey[x] = key[x]; } diff --git a/src/modes/lrw/lrw_decrypt.c b/src/modes/lrw/lrw_decrypt.c index 73eebeb..1eb32ba 100644 --- a/src/modes/lrw/lrw_decrypt.c +++ b/src/modes/lrw/lrw_decrypt.c @@ -15,7 +15,7 @@ LRW_MODE implementation, Decrypt blocks, Tom St Denis */ -#ifdef LRW_MODE +#ifdef LTC_LRW_MODE /** LRW decrypt blocks diff --git a/src/modes/lrw/lrw_done.c b/src/modes/lrw/lrw_done.c index 39798c4..dd52714 100644 --- a/src/modes/lrw/lrw_done.c +++ b/src/modes/lrw/lrw_done.c @@ -15,7 +15,7 @@ LRW_MODE implementation, Free resources, Tom St Denis */ -#ifdef LRW_MODE +#ifdef LTC_LRW_MODE /** Terminate a LRW state diff --git a/src/modes/lrw/lrw_encrypt.c b/src/modes/lrw/lrw_encrypt.c index 12fb8af..3177009 100644 --- a/src/modes/lrw/lrw_encrypt.c +++ b/src/modes/lrw/lrw_encrypt.c @@ -15,7 +15,7 @@ LRW_MODE implementation, Encrypt blocks, Tom St Denis */ -#ifdef LRW_MODE +#ifdef LTC_LRW_MODE /** LRW encrypt blocks diff --git a/src/modes/lrw/lrw_getiv.c b/src/modes/lrw/lrw_getiv.c index 0b8adb7..b14bee4 100644 --- a/src/modes/lrw/lrw_getiv.c +++ b/src/modes/lrw/lrw_getiv.c @@ -15,7 +15,7 @@ LRW_MODE implementation, Retrieve the current IV, Tom St Denis */ -#ifdef LRW_MODE +#ifdef LTC_LRW_MODE /** Get the IV for LRW diff --git a/src/modes/lrw/lrw_process.c b/src/modes/lrw/lrw_process.c index 2a084bf..9afaeec 100644 --- a/src/modes/lrw/lrw_process.c +++ b/src/modes/lrw/lrw_process.c @@ -15,7 +15,7 @@ LRW_MODE implementation, Encrypt/decrypt blocks, Tom St Denis */ -#ifdef LRW_MODE +#ifdef LTC_LRW_MODE /** Process blocks with LRW, since decrypt/encrypt are largely the same they share this code. diff --git a/src/modes/lrw/lrw_setiv.c b/src/modes/lrw/lrw_setiv.c index 7b524f4..5216da1 100644 --- a/src/modes/lrw/lrw_setiv.c +++ b/src/modes/lrw/lrw_setiv.c @@ -15,7 +15,7 @@ LRW_MODE implementation, Set the current IV, Tom St Denis */ -#ifdef LRW_MODE +#ifdef LTC_LRW_MODE /** Set the IV for LRW diff --git a/src/modes/lrw/lrw_start.c b/src/modes/lrw/lrw_start.c index 0f2c00f..a09cfec 100644 --- a/src/modes/lrw/lrw_start.c +++ b/src/modes/lrw/lrw_start.c @@ -15,7 +15,7 @@ LRW_MODE implementation, start mode, Tom St Denis */ -#ifdef LRW_MODE +#ifdef LTC_LRW_MODE /** Initialize the LRW context diff --git a/src/modes/lrw/lrw_test.c b/src/modes/lrw/lrw_test.c index 99e787c..35fcf1a 100644 --- a/src/modes/lrw/lrw_test.c +++ b/src/modes/lrw/lrw_test.c @@ -15,7 +15,7 @@ LRW_MODE implementation, test LRW, Tom St Denis */ -#ifdef LRW_MODE +#ifdef LTC_LRW_MODE /** Test LRW against specs diff --git a/src/modes/ofb/ofb_decrypt.c b/src/modes/ofb/ofb_decrypt.c index e742953..dd9a384 100644 --- a/src/modes/ofb/ofb_decrypt.c +++ b/src/modes/ofb/ofb_decrypt.c @@ -15,7 +15,7 @@ OFB implementation, decrypt data, Tom St Denis */ -#ifdef OFB +#ifdef LTC_OFB_MODE /** OFB decrypt diff --git a/src/modes/ofb/ofb_done.c b/src/modes/ofb/ofb_done.c index e770b21..07162a0 100644 --- a/src/modes/ofb/ofb_done.c +++ b/src/modes/ofb/ofb_done.c @@ -15,7 +15,7 @@ OFB implementation, finish chain, Tom St Denis */ -#ifdef OFB +#ifdef LTC_OFB_MODE /** Terminate the chain @param ofb The OFB chain to terminate diff --git a/src/modes/ofb/ofb_encrypt.c b/src/modes/ofb/ofb_encrypt.c index c46966d..036f977 100644 --- a/src/modes/ofb/ofb_encrypt.c +++ b/src/modes/ofb/ofb_encrypt.c @@ -15,7 +15,7 @@ OFB implementation, encrypt data, Tom St Denis */ -#ifdef OFB +#ifdef LTC_OFB_MODE /** OFB encrypt diff --git a/src/modes/ofb/ofb_getiv.c b/src/modes/ofb/ofb_getiv.c index 99c97ac..3c91e56 100644 --- a/src/modes/ofb/ofb_getiv.c +++ b/src/modes/ofb/ofb_getiv.c @@ -15,7 +15,7 @@ OFB implementation, get IV, Tom St Denis */ -#ifdef OFB +#ifdef LTC_OFB_MODE /** Get the current initial vector diff --git a/src/modes/ofb/ofb_setiv.c b/src/modes/ofb/ofb_setiv.c index df2223d..fdff5e3 100644 --- a/src/modes/ofb/ofb_setiv.c +++ b/src/modes/ofb/ofb_setiv.c @@ -15,7 +15,7 @@ OFB implementation, set IV, Tom St Denis */ -#ifdef OFB +#ifdef LTC_OFB_MODE /** Set an initial vector diff --git a/src/modes/ofb/ofb_start.c b/src/modes/ofb/ofb_start.c index 80e3346..4590493 100644 --- a/src/modes/ofb/ofb_start.c +++ b/src/modes/ofb/ofb_start.c @@ -16,7 +16,7 @@ */ -#ifdef OFB +#ifdef LTC_OFB_MODE /** Initialize a OFB context diff --git a/src/pk/asn1/der/sequence/der_decode_sequence_ex.c b/src/pk/asn1/der/sequence/der_decode_sequence_ex.c index a3ff2ba..34e68d3 100644 --- a/src/pk/asn1/der/sequence/der_decode_sequence_ex.c +++ b/src/pk/asn1/der/sequence/der_decode_sequence_ex.c @@ -218,6 +218,12 @@ int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen, case LTC_ASN1_SETOF: case LTC_ASN1_SEQUENCE: + /* detect if we have the right type */ + if ((type == LTC_ASN1_SETOF && (in[x] & 0x3F) != 0x31) || (type == LTC_ASN1_SEQUENCE && (in[x] & 0x3F) != 0x30)) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + z = inlen; if ((err = der_decode_sequence(in + x, z, data, size)) != CRYPT_OK) { if (!ordered) { continue; } diff --git a/testprof/modes_test.c b/testprof/modes_test.c index 0e7c672..ae97b2c 100644 --- a/testprof/modes_test.c +++ b/testprof/modes_test.c @@ -5,16 +5,16 @@ int modes_test(void) { unsigned char pt[64], ct[64], tmp[64], key[16], iv[16], iv2[16]; int cipher_idx; -#ifdef CBC +#ifdef LTC_CBC_MODE symmetric_CBC cbc; #endif -#ifdef CFB +#ifdef LTC_CFB_MODE symmetric_CFB cfb; #endif -#ifdef OFB +#ifdef LTC_OFB_MODE symmetric_OFB ofb; #endif -#ifdef CTR +#ifdef LTC_CTR_MODE symmetric_CTR ctr; #endif unsigned long l; @@ -35,11 +35,11 @@ int modes_test(void) DO(f8_test_mode()); #endif -#ifdef LRW_MODE +#ifdef LTC_LRW_MODE DO(lrw_test()); #endif -#ifdef CBC +#ifdef LTC_CBC_MODE /* test CBC mode */ /* encode the block */ DO(cbc_start(cipher_idx, iv, key, 16, 0, &cbc)); @@ -61,7 +61,7 @@ int modes_test(void) } #endif -#ifdef CFB +#ifdef LTC_CFB_MODE /* test CFB mode */ /* encode the block */ DO(cfb_start(cipher_idx, iv, key, 16, 0, &cfb)); @@ -84,7 +84,7 @@ int modes_test(void) } #endif -#ifdef OFB +#ifdef LTC_OFB_MODE /* test OFB mode */ /* encode the block */ DO(ofb_start(cipher_idx, iv, key, 16, 0, &ofb)); @@ -106,7 +106,7 @@ int modes_test(void) } #endif -#ifdef CTR +#ifdef LTC_CTR_MODE /* test CTR mode */ /* encode the block */ DO(ctr_start(cipher_idx, iv, key, 16, 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr)); diff --git a/testprof/tomcrypt_test.h b/testprof/tomcrypt_test.h index ebcacbb..4779383 100644 --- a/testprof/tomcrypt_test.h +++ b/testprof/tomcrypt_test.h @@ -18,7 +18,12 @@ typedef struct { extern prng_state yarrow_prng; void run_cmd(int res, int line, char *file, char *cmd); -#define DO(x) { run_cmd((x), __LINE__, __FILE__, #x); } + +#ifdef LTC_VERBOSE +#define DO(x) do { fprintf(stderr, "%s:\n", #x); run_cmd((x), __LINE__, __FILE__, #x); } while (0); +#else +#define DO(x) do { run_cmd((x), __LINE__, __FILE__, #x); } while (0); +#endif /* TESTS */ int cipher_hash_test(void); diff --git a/testprof/x86_prof.c b/testprof/x86_prof.c index 03c58d6..18816c6 100644 --- a/testprof/x86_prof.c +++ b/testprof/x86_prof.c @@ -347,7 +347,7 @@ int time_cipher(void) return 0; } -#ifdef CBC +#ifdef LTC_CBC_MODE int time_cipher2(void) { unsigned long x, y1; @@ -422,7 +422,7 @@ int time_cipher2(void) int time_cipher2(void) { fprintf(stderr, "NO CBC\n"); return 0; } #endif -#ifdef CTR +#ifdef LTC_CTR_MODE int time_cipher3(void) { unsigned long x, y1; @@ -497,7 +497,7 @@ int time_cipher3(void) int time_cipher3(void) { fprintf(stderr, "NO CTR\n"); return 0; } #endif -#ifdef LRW_MODE +#ifdef LTC_LRW_MODE int time_cipher4(void) { unsigned long x, y1; @@ -1157,7 +1157,11 @@ void time_encmacs_(unsigned long MAC_SIZE) fprintf(stderr, "GCM (no-precomp)\t%9llu\n", t2/(ulong64)(MAC_SIZE*1024)); { - gcm_state gcm; + gcm_state gcm +#ifdef GCM_TABLES_SSE2 +__attribute__ ((aligned (16))) +#endif +; if ((err = gcm_init(&gcm, cipher_idx, key, 16)) != CRYPT_OK) { fprintf(stderr, "gcm_init: %s\n", error_to_string(err)); exit(EXIT_FAILURE); } t2 = -1;